From 5a4a63f8a93019119f81cbed3b466b16de338802 Mon Sep 17 00:00:00 2001 From: Nicky Mouha Date: Mon, 30 Jan 2023 18:52:35 -0500 Subject: [PATCH 001/870] Create IfStatementAdditionOverflow.ql --- .../CWE-190/IfStatementAdditionOverflow.ql | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql b/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql new file mode 100644 index 00000000000..4763504ca0d --- /dev/null +++ b/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql @@ -0,0 +1,28 @@ +/** + * @name Integer addition may overflow inside if statement + * @description Detects "if (a+b>c) a=c-b", which is incorrect if a+b overflows. + * Should be replaced by "if (a>c-b) a=c-b", which correctly + * implements a = min(a,c-b)". This integer overflow is the root + * cause of the buffer overflow in the SHA-3 reference implementation + * (CVE-2022-37454). + * @kind problem + * @problem.severity warning + * @id cpp/if-statement-addition-overflow + * @tags: experimental + * correctness + * security + * external/cwe/cwe-190 + */ + +import cpp + +from IfStmt ifstmt, GTExpr gtexpr, ExprStmt exprstmt, AssignExpr assignexpr, AddExpr addexpr, SubExpr subexpr +where ifstmt.getCondition() = gtexpr and + gtexpr.getLeftOperand() = addexpr and + ifstmt.getThen() = exprstmt and + exprstmt.getExpr() = assignexpr and + assignexpr.getRValue() = subexpr and + addexpr.getLeftOperand().toString() = assignexpr.getLValue().toString() and + addexpr.getRightOperand().toString() = subexpr.getRightOperand().toString() and + gtexpr.getRightOperand().toString() = subexpr.getLeftOperand().toString() +select ifstmt, "Integer addition may overflow inside if statement." From f577a04eabd6f8a3f899647298534f445a4f2061 Mon Sep 17 00:00:00 2001 From: Nicky Mouha Date: Sat, 18 Feb 2023 21:34:03 -0500 Subject: [PATCH 002/870] Update IfStatementAdditionOverflow.ql --- .../CWE-190/IfStatementAdditionOverflow.ql | 40 +++++++++++-------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql b/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql index 4763504ca0d..cbfc2fc7f90 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql @@ -1,10 +1,13 @@ /** - * @name Integer addition may overflow inside if statement - * @description Detects "if (a+b>c) a=c-b", which is incorrect if a+b overflows. - * Should be replaced by "if (a>c-b) a=c-b", which correctly - * implements a = min(a,c-b)". This integer overflow is the root - * cause of the buffer overflow in the SHA-3 reference implementation - * (CVE-2022-37454). + * @name Integer addition may overflow inside condition + * @description Detects "c-b" when the condition "a+b>c" has been imposed, + * which is not the same as the condition "a>b-c" if "a+b" + * overflows. Rewriting improves readability and optimizability + * (CSE elimination). Also detects "b+a>c" (swapped terms in + * addition), "c=", "<", + * "<=" instead of ">" (all operators). This integer overflow + * is the root cause of the buffer overflow in the SHA-3 + * reference implementation (CVE-2022-37454). * @kind problem * @problem.severity warning * @id cpp/if-statement-addition-overflow @@ -15,14 +18,19 @@ */ import cpp +import semmle.code.cpp.controlflow.Guards +import semmle.code.cpp.valuenumbering.GlobalValueNumbering +import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis +import semmle.code.cpp.commons.Exclusions -from IfStmt ifstmt, GTExpr gtexpr, ExprStmt exprstmt, AssignExpr assignexpr, AddExpr addexpr, SubExpr subexpr -where ifstmt.getCondition() = gtexpr and - gtexpr.getLeftOperand() = addexpr and - ifstmt.getThen() = exprstmt and - exprstmt.getExpr() = assignexpr and - assignexpr.getRValue() = subexpr and - addexpr.getLeftOperand().toString() = assignexpr.getLValue().toString() and - addexpr.getRightOperand().toString() = subexpr.getRightOperand().toString() and - gtexpr.getRightOperand().toString() = subexpr.getLeftOperand().toString() -select ifstmt, "Integer addition may overflow inside if statement." +from GuardCondition guard, BasicBlock block, RelationalOperation relop, AddExpr addexpr, SubExpr subexpr +where guard.controls(block, _) and + guard.getAChild*() = relop and + pragma[only_bind_into](block) = subexpr.getBasicBlock() and + relop.getAnOperand() = addexpr and + addexpr.getUnspecifiedType() instanceof IntegralType and + not isFromMacroDefinition(relop) and + exprMightOverflowPositively(addexpr) and + globalValueNumber(addexpr.getAnOperand()) = globalValueNumber(subexpr.getRightOperand()) and + globalValueNumber(relop.getAnOperand()) = globalValueNumber(subexpr.getLeftOperand()) +select guard, "Integer addition may overflow inside condition." From ed75172bdd555587fd9b74ebc812c1c347c51ec1 Mon Sep 17 00:00:00 2001 From: Nicky Mouha Date: Tue, 21 Feb 2023 18:11:22 -0500 Subject: [PATCH 003/870] Update IfStatementAdditionOverflow.ql --- .../CWE-190/IfStatementAdditionOverflow.ql | 42 +++++++++++-------- 1 file changed, 25 insertions(+), 17 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql b/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql index cbfc2fc7f90..5bfa265fca5 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql @@ -1,13 +1,13 @@ /** - * @name Integer addition may overflow inside condition - * @description Detects "c-b" when the condition "a+b>c" has been imposed, - * which is not the same as the condition "a>b-c" if "a+b" - * overflows. Rewriting improves readability and optimizability - * (CSE elimination). Also detects "b+a>c" (swapped terms in - * addition), "c=", "<", - * "<=" instead of ">" (all operators). This integer overflow - * is the root cause of the buffer overflow in the SHA-3 - * reference implementation (CVE-2022-37454). + * @name Integer addition may overflow inside if statement + * @description Detects "if (a+b>c) a=c-b", which incorrectly implements + * a = min(a,c-b) if a+b overflows. Should be replaced by + * "if (a>c-b) a=c-b". Also detects "if (b+a>c) a=c-b" + * (swapped terms in addition), if (a+b>c) { a=c-b }" + * (assignment inside block), "c=", "<", "<=" instead of ">" (all operators). This + * integer overflow is the root cause of the buffer overflow + * in the SHA-3 reference implementation (CVE-2022-37454). * @kind problem * @problem.severity warning * @id cpp/if-statement-addition-overflow @@ -18,19 +18,27 @@ */ import cpp -import semmle.code.cpp.controlflow.Guards import semmle.code.cpp.valuenumbering.GlobalValueNumbering +import semmle.code.cpp.valuenumbering.HashCons import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis import semmle.code.cpp.commons.Exclusions -from GuardCondition guard, BasicBlock block, RelationalOperation relop, AddExpr addexpr, SubExpr subexpr -where guard.controls(block, _) and - guard.getAChild*() = relop and - pragma[only_bind_into](block) = subexpr.getBasicBlock() and +from IfStmt ifstmt, RelationalOperation relop, ExprStmt exprstmt, BlockStmt blockstmt, AssignExpr assignexpr, AddExpr addexpr, SubExpr subexpr +where ifstmt.getCondition() = relop and relop.getAnOperand() = addexpr and addexpr.getUnspecifiedType() instanceof IntegralType and + subexpr.getUnspecifiedType() instanceof IntegralType and not isFromMacroDefinition(relop) and exprMightOverflowPositively(addexpr) and - globalValueNumber(addexpr.getAnOperand()) = globalValueNumber(subexpr.getRightOperand()) and - globalValueNumber(relop.getAnOperand()) = globalValueNumber(subexpr.getLeftOperand()) -select guard, "Integer addition may overflow inside condition." + (ifstmt.getThen() = exprstmt or + (ifstmt.getThen() = blockstmt and + blockstmt.getAStmt() = exprstmt)) and + exprstmt.getExpr() = assignexpr and + assignexpr.getRValue() = subexpr and + ((hashCons(addexpr.getLeftOperand()) = hashCons(assignexpr.getLValue()) and + globalValueNumber(addexpr.getRightOperand()) = globalValueNumber(subexpr.getRightOperand())) or + (hashCons(addexpr.getRightOperand()) = hashCons(assignexpr.getLValue()) and + globalValueNumber(addexpr.getLeftOperand()) = globalValueNumber(subexpr.getRightOperand()))) and + globalValueNumber(relop.getAnOperand()) = globalValueNumber(subexpr.getLeftOperand()) and + not globalValueNumber(addexpr.getAnOperand()) = globalValueNumber(relop.getAnOperand()) +select ifstmt, "Integer addition may overflow inside if statement." From 08f04d53864d461155e536c5e86326864607eb43 Mon Sep 17 00:00:00 2001 From: Nicky Mouha Date: Thu, 23 Feb 2023 17:50:02 -0500 Subject: [PATCH 004/870] Update IfStatementAdditionOverflow.ql --- .../CWE/CWE-190/IfStatementAdditionOverflow.ql | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql b/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql index 5bfa265fca5..20e77bb5ec0 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql @@ -1,13 +1,8 @@ /** * @name Integer addition may overflow inside if statement - * @description Detects "if (a+b>c) a=c-b", which incorrectly implements - * a = min(a,c-b) if a+b overflows. Should be replaced by - * "if (a>c-b) a=c-b". Also detects "if (b+a>c) a=c-b" - * (swapped terms in addition), if (a+b>c) { a=c-b }" - * (assignment inside block), "c=", "<", "<=" instead of ">" (all operators). This - * integer overflow is the root cause of the buffer overflow - * in the SHA-3 reference implementation (CVE-2022-37454). + * @description "if (a+b>c) a=c-b" was detected where "a+b" may potentially + * produce an integer overflow (or wraparound). The code can be + * rewritten to "if (a>c-b) a=c-b" which avoids the overflow. * @kind problem * @problem.severity warning * @id cpp/if-statement-addition-overflow @@ -27,7 +22,6 @@ from IfStmt ifstmt, RelationalOperation relop, ExprStmt exprstmt, BlockStmt bloc where ifstmt.getCondition() = relop and relop.getAnOperand() = addexpr and addexpr.getUnspecifiedType() instanceof IntegralType and - subexpr.getUnspecifiedType() instanceof IntegralType and not isFromMacroDefinition(relop) and exprMightOverflowPositively(addexpr) and (ifstmt.getThen() = exprstmt or @@ -39,6 +33,5 @@ where ifstmt.getCondition() = relop and globalValueNumber(addexpr.getRightOperand()) = globalValueNumber(subexpr.getRightOperand())) or (hashCons(addexpr.getRightOperand()) = hashCons(assignexpr.getLValue()) and globalValueNumber(addexpr.getLeftOperand()) = globalValueNumber(subexpr.getRightOperand()))) and - globalValueNumber(relop.getAnOperand()) = globalValueNumber(subexpr.getLeftOperand()) and - not globalValueNumber(addexpr.getAnOperand()) = globalValueNumber(relop.getAnOperand()) + globalValueNumber(relop.getAnOperand()) = globalValueNumber(subexpr.getLeftOperand()) select ifstmt, "Integer addition may overflow inside if statement." From dc09c9218ebb4bcb3f84797239a4028023804b1e Mon Sep 17 00:00:00 2001 From: Nicky Mouha Date: Sun, 12 Mar 2023 01:05:18 -0500 Subject: [PATCH 005/870] Update IfStatementAdditionOverflow.ql --- .../CWE/CWE-190/IfStatementAdditionOverflow.ql | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql b/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql index 20e77bb5ec0..a45ba737bab 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql @@ -1,8 +1,13 @@ /** * @name Integer addition may overflow inside if statement - * @description "if (a+b>c) a=c-b" was detected where "a+b" may potentially - * produce an integer overflow (or wraparound). The code can be - * rewritten to "if (a>c-b) a=c-b" which avoids the overflow. + * @description Detects "if (a+b>c) a=c-b", which incorrectly implements + * a = min(a,c-b) if a+b overflows. Should be replaced by + * "if (a>c-b) a=c-b". Also detects "if (b+a>c) a=c-b" + * (swapped terms in addition), if (a+b>c) { a=c-b }" + * (assignment inside block), "c=", "<", "<=" instead of ">" (all operators). This + * integer overflow is the root cause of the buffer overflow + * in the SHA-3 reference implementation (CVE-2022-37454). * @kind problem * @problem.severity warning * @id cpp/if-statement-addition-overflow @@ -34,4 +39,4 @@ where ifstmt.getCondition() = relop and (hashCons(addexpr.getRightOperand()) = hashCons(assignexpr.getLValue()) and globalValueNumber(addexpr.getLeftOperand()) = globalValueNumber(subexpr.getRightOperand()))) and globalValueNumber(relop.getAnOperand()) = globalValueNumber(subexpr.getLeftOperand()) -select ifstmt, "Integer addition may overflow inside if statement." +select ifstmt, "\"if (a+b>c) a=c-b\" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as \"if (a>c-b) a=c-b\" which avoids the overflow.", addexpr, "addition" From 91a9a7eb32d3e4a0ea73eeb0d092861a4161f0c7 Mon Sep 17 00:00:00 2001 From: Nicky Mouha Date: Sun, 12 Mar 2023 01:13:32 -0500 Subject: [PATCH 006/870] Create test.cpp --- .../IfStatementAdditionOverflow/test.cpp | 59 +++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp new file mode 100644 index 00000000000..ca67c5578c7 --- /dev/null +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp @@ -0,0 +1,59 @@ + +int getAnInt(); +double getADouble(); +unsigned short getAnUnsignedShort(); + +void test() +{ + int a = getAnInt(); + int b = getAnInt(); + int c = getAnInt(); + int x = getAnInt(); + int y = getAnInt(); + int d = getADouble(); + int a1 = getAnUnsignedShort(); + int b1 = getAnUnsignedShort(); + int c1 = getAnUnsignedShort(); + + if (a+b>c) a = c-b; // BAD + if (a+b>c) { a = c-b; } // BAD + if (b+a>c) a = c-b; // BAD + if (b+a>c) { a = c-b; } // BAD + if (c>a+b) a = c-b; // BAD + if (c>a+b) { a = c-b; } // BAD + if (c>b+a) a = c-b; // BAD + if (c>b+a) { a = c-b; } // BAD + + if (a+b>=c) a = c-b; // BAD + if (a+b>=c) { a = c-b; } // BAD + if (b+a>=c) a = c-b; // BAD + if (b+a>=c) { a = c-b; } // BAD + if (c>=a+b) a = c-b; // BAD + if (c>=a+b) { a = c-b; } // BAD + if (c>=b+a) a = c-b; // BAD + if (c>=b+a) { a = c-b; } // BAD + + if (a+bd) a = d-b; // GOOD + if (a+(-x)>c) a = c-(-y); // GOOD + if (a+b>c) { b++; a = c-b; } // GOOD + if (a+d>c) a = c-d; // GOOD + if (a1+b1>c1) a1 = c1-b1; // GOOD +} From 2477c3a1c26d86c3b6c30c45fe8735f264bb5426 Mon Sep 17 00:00:00 2001 From: Nicky Mouha Date: Sun, 12 Mar 2023 03:25:52 -0400 Subject: [PATCH 007/870] Update test.cpp --- .../CWE/CWE-190/IfStatementAdditionOverflow/test.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp index ca67c5578c7..47c077a3c9b 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp @@ -8,12 +8,12 @@ void test() int a = getAnInt(); int b = getAnInt(); int c = getAnInt(); - int x = getAnInt(); + int x = getAnInt(); int y = getAnInt(); - int d = getADouble(); - int a1 = getAnUnsignedShort(); - int b1 = getAnUnsignedShort(); - int c1 = getAnUnsignedShort(); + double d = getADouble(); + unsigned short a1 = getAnUnsignedShort(); + unsigned short b1 = getAnUnsignedShort(); + unsigned short c1 = getAnUnsignedShort(); if (a+b>c) a = c-b; // BAD if (a+b>c) { a = c-b; } // BAD @@ -51,7 +51,7 @@ void test() if (c<=b+a) a = c-b; // BAD if (c<=b+a) { a = c-b; } // BAD - if (a+b>d) a = d-b; // GOOD + if (a+b>d) a = d-b; // BAD if (a+(-x)>c) a = c-(-y); // GOOD if (a+b>c) { b++; a = c-b; } // GOOD if (a+d>c) a = c-d; // GOOD From 59c1ae7734bb18431006c40841904cf132c95815 Mon Sep 17 00:00:00 2001 From: Nicky Mouha Date: Sun, 12 Mar 2023 03:27:10 -0400 Subject: [PATCH 008/870] Update test.cpp --- .../Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp index 47c077a3c9b..5879a7ca2a3 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp @@ -8,7 +8,7 @@ void test() int a = getAnInt(); int b = getAnInt(); int c = getAnInt(); - int x = getAnInt(); + int x = getAnInt(); int y = getAnInt(); double d = getADouble(); unsigned short a1 = getAnUnsignedShort(); From 66710ad5a03fa6b1d60f08f6a90c297aa7835299 Mon Sep 17 00:00:00 2001 From: Nicky Mouha Date: Sun, 12 Mar 2023 03:30:26 -0400 Subject: [PATCH 009/870] Create IfStatementAdditionOverflow.qlref --- .../IfStatementAdditionOverflow.qlref | 1 + 1 file changed, 1 insertion(+) create mode 100644 cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/IfStatementAdditionOverflow.qlref diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/IfStatementAdditionOverflow.qlref b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/IfStatementAdditionOverflow.qlref new file mode 100644 index 00000000000..0873051581d --- /dev/null +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/IfStatementAdditionOverflow.qlref @@ -0,0 +1 @@ +experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql From a2b5fbf24c72f9b810f2ede79ba997c4b047aa17 Mon Sep 17 00:00:00 2001 From: Nicky Mouha Date: Sun, 12 Mar 2023 03:31:48 -0400 Subject: [PATCH 010/870] Create IfStatementAdditionOverflow.expected --- .../IfStatementAdditionOverflow.expected | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/IfStatementAdditionOverflow.expected diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/IfStatementAdditionOverflow.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/IfStatementAdditionOverflow.expected new file mode 100644 index 00000000000..12dbde04790 --- /dev/null +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/IfStatementAdditionOverflow.expected @@ -0,0 +1,33 @@ +| test.cpp:18:2:18:20 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:18:6:18:8 | ... + ... | addition | +| test.cpp:19:2:19:24 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:19:6:19:8 | ... + ... | addition | +| test.cpp:20:2:20:20 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:20:6:20:8 | ... + ... | addition | +| test.cpp:21:2:21:24 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:21:6:21:8 | ... + ... | addition | +| test.cpp:22:2:22:20 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:22:8:22:10 | ... + ... | addition | +| test.cpp:23:2:23:24 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:23:8:23:10 | ... + ... | addition | +| test.cpp:24:2:24:20 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:24:8:24:10 | ... + ... | addition | +| test.cpp:25:2:25:24 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:25:8:25:10 | ... + ... | addition | +| test.cpp:27:2:27:21 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:27:6:27:8 | ... + ... | addition | +| test.cpp:28:2:28:25 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:28:6:28:8 | ... + ... | addition | +| test.cpp:29:2:29:21 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:29:6:29:8 | ... + ... | addition | +| test.cpp:30:2:30:25 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:30:6:30:8 | ... + ... | addition | +| test.cpp:31:2:31:21 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:31:9:31:11 | ... + ... | addition | +| test.cpp:32:2:32:25 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:32:9:32:11 | ... + ... | addition | +| test.cpp:33:2:33:21 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:33:9:33:11 | ... + ... | addition | +| test.cpp:34:2:34:25 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:34:9:34:11 | ... + ... | addition | +| test.cpp:36:2:36:20 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:36:6:36:8 | ... + ... | addition | +| test.cpp:37:2:37:24 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:37:6:37:8 | ... + ... | addition | +| test.cpp:38:2:38:20 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:38:6:38:8 | ... + ... | addition | +| test.cpp:39:2:39:24 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:39:6:39:8 | ... + ... | addition | +| test.cpp:40:2:40:20 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:40:8:40:10 | ... + ... | addition | +| test.cpp:41:2:41:24 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:41:8:41:10 | ... + ... | addition | +| test.cpp:42:2:42:20 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:42:8:42:10 | ... + ... | addition | +| test.cpp:43:2:43:24 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:43:8:43:10 | ... + ... | addition | +| test.cpp:45:2:45:21 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:45:6:45:8 | ... + ... | addition | +| test.cpp:46:2:46:25 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:46:6:46:8 | ... + ... | addition | +| test.cpp:47:2:47:21 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:47:6:47:8 | ... + ... | addition | +| test.cpp:48:2:48:25 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:48:6:48:8 | ... + ... | addition | +| test.cpp:49:2:49:21 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:49:9:49:11 | ... + ... | addition | +| test.cpp:50:2:50:25 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:50:9:50:11 | ... + ... | addition | +| test.cpp:51:2:51:21 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:51:9:51:11 | ... + ... | addition | +| test.cpp:52:2:52:25 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:52:9:52:11 | ... + ... | addition | +| test.cpp:54:2:54:20 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:54:6:54:8 | ... + ... | addition | From 2de0e2209edde14d3fb930e44eb1d879e499fc80 Mon Sep 17 00:00:00 2001 From: Nicky Mouha Date: Thu, 16 Mar 2023 02:34:40 -0400 Subject: [PATCH 011/870] Update test.cpp --- .../Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp index 5879a7ca2a3..f1aac83122b 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp @@ -52,6 +52,7 @@ void test() if (c<=b+a) { a = c-b; } // BAD if (a+b>d) a = d-b; // BAD + if (a+(double)b>c) a = c-b; // GOOD if (a+(-x)>c) a = c-(-y); // GOOD if (a+b>c) { b++; a = c-b; } // GOOD if (a+d>c) a = c-d; // GOOD From 99d634c8a4cd62d6265bd106d8bd93e40c4247af Mon Sep 17 00:00:00 2001 From: jarlob Date: Mon, 3 Apr 2023 15:02:02 +0200 Subject: [PATCH 012/870] Add more sources, more unit tests, fixes to the GitHub Actions injection query --- .../ql/lib/semmle/javascript/Actions.qll | 4 +- .../Security/CWE-094/ExpressionInjection.ql | 61 ++++++++++++++----- .../.github/workflows/comment_issue.yml | 5 +- .../.github/workflows/discussion.yml | 8 +++ .../.github/workflows/discussion_comment.yml | 9 +++ .../.github/workflows/gollum.yml | 11 ++++ .../.github/workflows/issues.yml | 8 +++ .../.github/workflows/pull_request_review.yml | 14 +++++ .../workflows/pull_request_review_comment.yml | 14 +++++ .../.github/workflows/pull_request_target.yml | 16 +++++ .../.github/workflows/push.yml | 16 +++++ .../.github/workflows/workflow_run.yml | 16 +++++ .../ExpressionInjection.expected | 57 ++++++++++++++++- 13 files changed, 220 insertions(+), 19 deletions(-) create mode 100644 javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/discussion.yml create mode 100644 javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/discussion_comment.yml create mode 100644 javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/gollum.yml create mode 100644 javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/issues.yml create mode 100644 javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/pull_request_review.yml create mode 100644 javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/pull_request_review_comment.yml create mode 100644 javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/pull_request_target.yml create mode 100644 javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/push.yml create mode 100644 javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/workflow_run.yml diff --git a/javascript/ql/lib/semmle/javascript/Actions.qll b/javascript/ql/lib/semmle/javascript/Actions.qll index 7fd3952ac85..b1ab674924d 100644 --- a/javascript/ql/lib/semmle/javascript/Actions.qll +++ b/javascript/ql/lib/semmle/javascript/Actions.qll @@ -267,8 +267,8 @@ module Actions { // not just the last (greedy match) or first (reluctant match). result = this.getValue() - .regexpFind("\\$\\{\\{\\s*[A-Za-z0-9_\\.\\-]+\\s*\\}\\}", _, _) - .regexpCapture("\\$\\{\\{\\s*([A-Za-z0-9_\\.\\-]+)\\s*\\}\\}", 1) + .regexpFind("\\$\\{\\{\\s*[A-Za-z0-9_\\[\\]\\*\\(\\)\\.\\-]+\\s*\\}\\}", _, _) + .regexpCapture("\\$\\{\\{\\s*([A-Za-z0-9_\\[\\]\\*\\((\\)\\.\\-]+)\\s*\\}\\}", 1) } } } diff --git a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql index 03c129711ad..c8c42b4122e 100644 --- a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql +++ b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql @@ -30,7 +30,10 @@ private predicate isExternalUserControlledPullRequest(string context) { "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*pull_request\\s*\\.\\s*body\\b", "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*pull_request\\s*\\.\\s*head\\s*\\.\\s*label\\b", "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*pull_request\\s*\\.\\s*head\\s*\\.\\s*repo\\s*\\.\\s*default_branch\\b", + "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*pull_request\\s*\\.\\s*head\\s*\\.\\s*repo\\s*\\.\\s*description\\b", + "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*pull_request\\s*\\.\\s*head\\s*\\.\\s*repo\\s*\\.\\s*homepage\\b", "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*pull_request\\s*\\.\\s*head\\s*\\.\\s*ref\\b", + "\\bgithub\\s*\\.\\s*head_ref\\b" ] | context.regexpMatch(reg) @@ -39,8 +42,7 @@ private predicate isExternalUserControlledPullRequest(string context) { bindingset[context] private predicate isExternalUserControlledReview(string context) { - context.regexpMatch("\\bgithub\\s*\\.\\s*event\\s*\\.\\s*review\\s*\\.\\s*body\\b") or - context.regexpMatch("\\bgithub\\s*\\.\\s*event\\s*\\.\\s*review_comment\\s*\\.\\s*body\\b") + context.regexpMatch("\\bgithub\\s*\\.\\s*event\\s*\\.\\s*review\\s*\\.\\s*body\\b") } bindingset[context] @@ -50,8 +52,8 @@ private predicate isExternalUserControlledComment(string context) { bindingset[context] private predicate isExternalUserControlledGollum(string context) { - context - .regexpMatch("\\bgithub\\s*\\.\\s*event\\s*\\.\\s*pages(?:\\[[0-9]\\]|\\s*\\.\\s*\\*)+\\s*\\.\\s*page_name\\b") + context.regexpMatch("\\bgithub\\s*\\.\\s*event\\s*\\.\\s*pages\\[[0-9]+\\]\\s*\\.\\s*page_name\\b") or + context.regexpMatch("\\bgithub\\s*\\.\\s*event\\s*\\.\\s*pages\\[[0-9]+\\]\\s*\\.\\s*title\\b") } bindingset[context] @@ -59,13 +61,16 @@ private predicate isExternalUserControlledCommit(string context) { exists(string reg | reg = [ - "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*commits(?:\\[[0-9]\\]|\\s*\\.\\s*\\*)+\\s*\\.\\s*message\\b", + "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*commits\\[[0-9]+\\]\\s*\\.\\s*message\\b", "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*head_commit\\s*\\.\\s*message\\b", "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*head_commit\\s*\\.\\s*author\\s*\\.\\s*email\\b", "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*head_commit\\s*\\.\\s*author\\s*\\.\\s*name\\b", - "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*commits(?:\\[[0-9]\\]|\\s*\\.\\s*\\*)+\\s*\\.\\s*author\\s*\\.\\s*email\\b", - "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*commits(?:\\[[0-9]\\]|\\s*\\.\\s*\\*)+\\s*\\.\\s*author\\s*\\.\\s*name\\b", - "\\bgithub\\s*\\.\\s*head_ref\\b" + "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*head_commit\\s*\\.\\s*committer\\s*\\.\\s*email\\b", + "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*head_commit\\s*\\.\\s*committer\\s*\\.\\s*name\\b", + "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*commits\\[[0-9]+\\]\\s*\\.\\s*author\\s*\\.\\s*email\\b", + "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*commits\\[[0-9]+\\]\\s*\\.\\s*author\\s*\\.\\s*name\\b", + "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*commits\\[[0-9]+\\]\\s*\\.\\s*committer\\s*\\.\\s*email\\b", + "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*commits\\[[0-9]+\\]\\s*\\.\\s*committer\\s*\\.\\s*name\\b", ] | context.regexpMatch(reg) @@ -78,6 +83,25 @@ private predicate isExternalUserControlledDiscussion(string context) { context.regexpMatch("\\bgithub\\s*\\.\\s*event\\s*\\.\\s*discussion\\s*\\.\\s*body\\b") } +bindingset[context] +private predicate isExternalUserControlledWorkflowRun(string context) { + exists(string reg | + reg = + [ + "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*workflow_run\\s*\\.\\s*head_branch\\b", + "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*workflow_run\\s*\\.\\s*display_title\\b", + "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*workflow_run\\s*\\.\\s*head_repository\\b\\s*\\.\\s*description\\b", + "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*workflow_run\\s*\\.\\s*head_commit\\b\\s*\\.\\s*message\\b", + "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*workflow_run\\s*\\.\\s*head_commit\\b\\s*\\.\\s*author\\b\\s*\\.\\s*email\\b", + "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*workflow_run\\s*\\.\\s*head_commit\\b\\s*\\.\\s*author\\b\\s*\\.\\s*name\\b", + "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*workflow_run\\s*\\.\\s*head_commit\\b\\s*\\.\\s*committer\\b\\s*\\.\\s*email\\b", + "\\bgithub\\s*\\.\\s*event\\s*\\.\\s*workflow_run\\s*\\.\\s*head_commit\\b\\s*\\.\\s*committer\\b\\s*\\.\\s*name\\b", + ] + | + context.regexpMatch(reg) + ) +} + from Actions::Run run, string context, Actions::On on where run.getASimpleReferenceExpression() = context and @@ -89,20 +113,29 @@ where exists(on.getNode("pull_request_target")) and isExternalUserControlledPullRequest(context) or - (exists(on.getNode("pull_request_review_comment")) or exists(on.getNode("pull_request_review"))) and - isExternalUserControlledReview(context) + exists(on.getNode("pull_request_review")) and + (isExternalUserControlledReview(context) or isExternalUserControlledPullRequest(context)) or - (exists(on.getNode("issue_comment")) or exists(on.getNode("pull_request_target"))) and - isExternalUserControlledComment(context) + exists(on.getNode("pull_request_review_comment")) and + (isExternalUserControlledComment(context) or isExternalUserControlledPullRequest(context)) + or + exists(on.getNode("issue_comment")) and + (isExternalUserControlledComment(context) or isExternalUserControlledIssue(context)) or exists(on.getNode("gollum")) and isExternalUserControlledGollum(context) or - exists(on.getNode("pull_request_target")) and + exists(on.getNode("push")) and isExternalUserControlledCommit(context) or - (exists(on.getNode("discussion")) or exists(on.getNode("discussion_comment"))) and + exists(on.getNode("discussion")) and isExternalUserControlledDiscussion(context) + or + exists(on.getNode("discussion_comment")) and + (isExternalUserControlledDiscussion(context) or isExternalUserControlledComment(context)) + or + exists(on.getNode("workflow_run")) and + isExternalUserControlledWorkflowRun(context) ) select run, "Potential injection from the " + context + diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/comment_issue.yml b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/comment_issue.yml index c19524f1191..fec20d7272f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/comment_issue.yml +++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/comment_issue.yml @@ -10,5 +10,6 @@ jobs: echo-chamber2: runs-on: ubuntu-latest steps: - - run: | - echo '${{ github.event.comment.body }}' \ No newline at end of file + - run: echo '${{ github.event.comment.body }}' + - run: echo '${{ github.event.issue.body }}' + - run: echo '${{ github.event.issue.title }}' \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/discussion.yml b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/discussion.yml new file mode 100644 index 00000000000..fdb140ec380 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/discussion.yml @@ -0,0 +1,8 @@ +on: discussion + +jobs: + echo-chamber: + runs-on: ubuntu-latest + steps: + - run: echo '${{ github.event.discussion.title }}' + - run: echo '${{ github.event.discussion.body }}' \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/discussion_comment.yml b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/discussion_comment.yml new file mode 100644 index 00000000000..649d3a6e131 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/discussion_comment.yml @@ -0,0 +1,9 @@ +on: discussion_comment + +jobs: + echo-chamber: + runs-on: ubuntu-latest + steps: + - run: echo '${{ github.event.discussion.title }}' + - run: echo '${{ github.event.discussion.body }}' + - run: echo '${{ github.event.comment.body }}' \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/gollum.yml b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/gollum.yml new file mode 100644 index 00000000000..a952c8c1ab8 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/gollum.yml @@ -0,0 +1,11 @@ +on: gollum + +jobs: + echo-chamber: + runs-on: ubuntu-latest + steps: + - run: echo '${{ github.event.pages[1].title }}' + - run: echo '${{ github.event.pages[11].title }}' + - run: echo '${{ github.event.pages[0].page_name }}' + - run: echo '${{ github.event.pages[2222].page_name }}' + - run: echo '${{ toJSON(github.event.pages.*.title) }}' # safe \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/issues.yml b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/issues.yml new file mode 100644 index 00000000000..2eae85278dd --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/issues.yml @@ -0,0 +1,8 @@ +on: issues + +jobs: + echo-chamber: + runs-on: ubuntu-latest + steps: + - run: echo '${{ github.event.issue.title }}' + - run: echo '${{ github.event.issue.body }}' diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/pull_request_review.yml b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/pull_request_review.yml new file mode 100644 index 00000000000..d4ce7885669 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/pull_request_review.yml @@ -0,0 +1,14 @@ +on: pull_request_review + +jobs: + echo-chamber: + runs-on: ubuntu-latest + steps: + - run: echo '${{ github.event.pull_request.title }}' + - run: echo '${{ github.event.pull_request.body }}' + - run: echo '${{ github.event.pull_request.head.label }}' + - run: echo '${{ github.event.pull_request.head.repo.default_branch }}' + - run: echo '${{ github.event.pull_request.head.repo.description }}' + - run: echo '${{ github.event.pull_request.head.repo.homepage }}' + - run: echo '${{ github.event.pull_request.head.ref }}' + - run: echo '${{ github.event.review.body }}' diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/pull_request_review_comment.yml b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/pull_request_review_comment.yml new file mode 100644 index 00000000000..5d288caad85 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/pull_request_review_comment.yml @@ -0,0 +1,14 @@ +on: pull_request_review_comment + +jobs: + echo-chamber: + runs-on: ubuntu-latest + steps: + - run: echo '${{ github.event.pull_request.title }}' + - run: echo '${{ github.event.pull_request.body }}' + - run: echo '${{ github.event.pull_request.head.label }}' + - run: echo '${{ github.event.pull_request.head.repo.default_branch }}' + - run: echo '${{ github.event.pull_request.head.repo.description }}' + - run: echo '${{ github.event.pull_request.head.repo.homepage }}' + - run: echo '${{ github.event.pull_request.head.ref }}' + - run: echo '${{ github.event.comment.body }}' diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/pull_request_target.yml b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/pull_request_target.yml new file mode 100644 index 00000000000..215b3252885 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/pull_request_target.yml @@ -0,0 +1,16 @@ +on: pull_request_target + +jobs: + echo-chamber: + runs-on: ubuntu-latest + steps: + - run: echo '${{ github.event.issue.title }}' # not defined + - run: echo '${{ github.event.issue.body }}' # not defined + - run: echo '${{ github.event.pull_request.title }}' + - run: echo '${{ github.event.pull_request.body }}' + - run: echo '${{ github.event.pull_request.head.label }}' + - run: echo '${{ github.event.pull_request.head.repo.default_branch }}' + - run: echo '${{ github.event.pull_request.head.repo.description }}' + - run: echo '${{ github.event.pull_request.head.repo.homepage }}' + - run: echo '${{ github.event.pull_request.head.ref }}' + - run: echo '${{ github.head_ref }}' diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/push.yml b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/push.yml new file mode 100644 index 00000000000..2006a7999da --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/push.yml @@ -0,0 +1,16 @@ +on: push + +jobs: + echo-chamber: + runs-on: ubuntu-latest + steps: + - run: echo '${{ github.event.commits[11].message }}' + - run: echo '${{ github.event.commits[11].author.email }}' + - run: echo '${{ github.event.commits[11].author.name }}' + - run: echo '${{ github.event.head_commit.message }}' + - run: echo '${{ github.event.head_commit.author.email }}' + - run: echo '${{ github.event.head_commit.author.name }}' + - run: echo '${{ github.event.head_commit.committer.email }}' + - run: echo '${{ github.event.head_commit.committer.name }}' + - run: echo '${{ github.event.commits[11].committer.email }}' + - run: echo '${{ github.event.commits[11].committer.name }}' \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/workflow_run.yml b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/workflow_run.yml new file mode 100644 index 00000000000..60e7645f60f --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/workflow_run.yml @@ -0,0 +1,16 @@ +on: + workflow_run: + workflows: [test] + +jobs: + echo-chamber: + runs-on: ubuntu-latest + steps: + - run: echo '${{ github.event.workflow_run.display_title }}' + - run: echo '${{ github.event.workflow_run.head_commit.message }}' + - run: echo '${{ github.event.workflow_run.head_commit.author.email }}' + - run: echo '${{ github.event.workflow_run.head_commit.author.name }}' + - run: echo '${{ github.event.workflow_run.head_commit.committer.email }}' + - run: echo '${{ github.event.workflow_run.head_commit.committer.name }}' + - run: echo '${{ github.event.workflow_run.head_branch }}' + - run: echo '${{ github.event.workflow_run.head_repository.description }}' diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected index 64451c37691..b89948010b8 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected @@ -1,3 +1,58 @@ | .github/workflows/comment_issue.yml:7:12:8:48 | \| | Potential injection from the github.event.comment.body context, which may be controlled by an external user. | -| .github/workflows/comment_issue.yml:13:12:14:47 | \| | Potential injection from the github.event.comment.body context, which may be controlled by an external user. | +| .github/workflows/comment_issue.yml:13:12:13:50 | echo '$ ... ody }}' | Potential injection from the github.event.comment.body context, which may be controlled by an external user. | +| .github/workflows/comment_issue.yml:14:12:14:48 | echo '$ ... ody }}' | Potential injection from the github.event.issue.body context, which may be controlled by an external user. | +| .github/workflows/comment_issue.yml:15:12:15:49 | echo '$ ... tle }}' | Potential injection from the github.event.issue.title context, which may be controlled by an external user. | | .github/workflows/comment_issue_newline.yml:9:14:10:50 | \| | Potential injection from the github.event.comment.body context, which may be controlled by an external user. | +| .github/workflows/discussion.yml:7:12:7:54 | echo '$ ... tle }}' | Potential injection from the github.event.discussion.title context, which may be controlled by an external user. | +| .github/workflows/discussion.yml:8:12:8:53 | echo '$ ... ody }}' | Potential injection from the github.event.discussion.body context, which may be controlled by an external user. | +| .github/workflows/discussion_comment.yml:7:12:7:54 | echo '$ ... tle }}' | Potential injection from the github.event.discussion.title context, which may be controlled by an external user. | +| .github/workflows/discussion_comment.yml:8:12:8:53 | echo '$ ... ody }}' | Potential injection from the github.event.discussion.body context, which may be controlled by an external user. | +| .github/workflows/discussion_comment.yml:9:12:9:50 | echo '$ ... ody }}' | Potential injection from the github.event.comment.body context, which may be controlled by an external user. | +| .github/workflows/gollum.yml:7:12:7:52 | echo '$ ... tle }}' | Potential injection from the github.event.pages[1].title context, which may be controlled by an external user. | +| .github/workflows/gollum.yml:8:12:8:53 | echo '$ ... tle }}' | Potential injection from the github.event.pages[11].title context, which may be controlled by an external user. | +| .github/workflows/gollum.yml:9:12:9:56 | echo '$ ... ame }}' | Potential injection from the github.event.pages[0].page_name context, which may be controlled by an external user. | +| .github/workflows/gollum.yml:10:12:10:59 | echo '$ ... ame }}' | Potential injection from the github.event.pages[2222].page_name context, which may be controlled by an external user. | +| .github/workflows/issues.yml:7:12:7:49 | echo '$ ... tle }}' | Potential injection from the github.event.issue.title context, which may be controlled by an external user. | +| .github/workflows/issues.yml:8:12:8:48 | echo '$ ... ody }}' | Potential injection from the github.event.issue.body context, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:7:12:7:56 | echo '$ ... tle }}' | Potential injection from the github.event.pull_request.title context, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:8:12:8:55 | echo '$ ... ody }}' | Potential injection from the github.event.pull_request.body context, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:9:12:9:61 | echo '$ ... bel }}' | Potential injection from the github.event.pull_request.head.label context, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:10:12:10:75 | echo '$ ... nch }}' | Potential injection from the github.event.pull_request.head.repo.default_branch context, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:11:12:11:72 | echo '$ ... ion }}' | Potential injection from the github.event.pull_request.head.repo.description context, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:12:12:12:69 | echo '$ ... age }}' | Potential injection from the github.event.pull_request.head.repo.homepage context, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:13:12:13:59 | echo '$ ... ref }}' | Potential injection from the github.event.pull_request.head.ref context, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:14:12:14:49 | echo '$ ... ody }}' | Potential injection from the github.event.review.body context, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:7:12:7:56 | echo '$ ... tle }}' | Potential injection from the github.event.pull_request.title context, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:8:12:8:55 | echo '$ ... ody }}' | Potential injection from the github.event.pull_request.body context, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:9:12:9:61 | echo '$ ... bel }}' | Potential injection from the github.event.pull_request.head.label context, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:10:12:10:75 | echo '$ ... nch }}' | Potential injection from the github.event.pull_request.head.repo.default_branch context, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:11:12:11:72 | echo '$ ... ion }}' | Potential injection from the github.event.pull_request.head.repo.description context, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:12:12:12:69 | echo '$ ... age }}' | Potential injection from the github.event.pull_request.head.repo.homepage context, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:13:12:13:59 | echo '$ ... ref }}' | Potential injection from the github.event.pull_request.head.ref context, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:14:12:14:50 | echo '$ ... ody }}' | Potential injection from the github.event.comment.body context, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:9:12:9:56 | echo '$ ... tle }}' | Potential injection from the github.event.pull_request.title context, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:10:12:10:55 | echo '$ ... ody }}' | Potential injection from the github.event.pull_request.body context, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:11:12:11:61 | echo '$ ... bel }}' | Potential injection from the github.event.pull_request.head.label context, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:12:12:12:75 | echo '$ ... nch }}' | Potential injection from the github.event.pull_request.head.repo.default_branch context, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:13:12:13:72 | echo '$ ... ion }}' | Potential injection from the github.event.pull_request.head.repo.description context, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:14:12:14:69 | echo '$ ... age }}' | Potential injection from the github.event.pull_request.head.repo.homepage context, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:15:12:15:59 | echo '$ ... ref }}' | Potential injection from the github.event.pull_request.head.ref context, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:16:12:16:40 | echo '$ ... ref }}' | Potential injection from the github.head_ref context, which may be controlled by an external user. | +| .github/workflows/push.yml:7:12:7:57 | echo '$ ... age }}' | Potential injection from the github.event.commits[11].message context, which may be controlled by an external user. | +| .github/workflows/push.yml:8:12:8:62 | echo '$ ... ail }}' | Potential injection from the github.event.commits[11].author.email context, which may be controlled by an external user. | +| .github/workflows/push.yml:9:12:9:61 | echo '$ ... ame }}' | Potential injection from the github.event.commits[11].author.name context, which may be controlled by an external user. | +| .github/workflows/push.yml:10:12:10:57 | echo '$ ... age }}' | Potential injection from the github.event.head_commit.message context, which may be controlled by an external user. | +| .github/workflows/push.yml:11:12:11:62 | echo '$ ... ail }}' | Potential injection from the github.event.head_commit.author.email context, which may be controlled by an external user. | +| .github/workflows/push.yml:12:12:12:61 | echo '$ ... ame }}' | Potential injection from the github.event.head_commit.author.name context, which may be controlled by an external user. | +| .github/workflows/push.yml:13:12:13:65 | echo '$ ... ail }}' | Potential injection from the github.event.head_commit.committer.email context, which may be controlled by an external user. | +| .github/workflows/push.yml:14:12:14:64 | echo '$ ... ame }}' | Potential injection from the github.event.head_commit.committer.name context, which may be controlled by an external user. | +| .github/workflows/push.yml:15:12:15:65 | echo '$ ... ail }}' | Potential injection from the github.event.commits[11].committer.email context, which may be controlled by an external user. | +| .github/workflows/push.yml:16:12:16:64 | echo '$ ... ame }}' | Potential injection from the github.event.commits[11].committer.name context, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:9:12:9:64 | echo '$ ... tle }}' | Potential injection from the github.event.workflow_run.display_title context, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:10:12:10:70 | echo '$ ... age }}' | Potential injection from the github.event.workflow_run.head_commit.message context, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:11:12:11:75 | echo '$ ... ail }}' | Potential injection from the github.event.workflow_run.head_commit.author.email context, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:12:12:12:74 | echo '$ ... ame }}' | Potential injection from the github.event.workflow_run.head_commit.author.name context, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:13:12:13:78 | echo '$ ... ail }}' | Potential injection from the github.event.workflow_run.head_commit.committer.email context, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:14:12:14:77 | echo '$ ... ame }}' | Potential injection from the github.event.workflow_run.head_commit.committer.name context, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:15:12:15:62 | echo '$ ... nch }}' | Potential injection from the github.event.workflow_run.head_branch context, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:16:12:16:78 | echo '$ ... ion }}' | Potential injection from the github.event.workflow_run.head_repository.description context, which may be controlled by an external user. | From c6eaf194a515de729ee03f74b5a4ba0f02ad11f8 Mon Sep 17 00:00:00 2001 From: jarlob Date: Mon, 3 Apr 2023 15:09:40 +0200 Subject: [PATCH 013/870] Remove empty.js as it is not needed anymore --- javascript/ql/test/experimental/Security/CWE-094/empty.js | 1 - .../query-tests/Security/CWE-094/ExpressionInjection/empty.js | 1 - 2 files changed, 2 deletions(-) delete mode 100644 javascript/ql/test/experimental/Security/CWE-094/empty.js delete mode 100644 javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/empty.js diff --git a/javascript/ql/test/experimental/Security/CWE-094/empty.js b/javascript/ql/test/experimental/Security/CWE-094/empty.js deleted file mode 100644 index a243684db7f..00000000000 --- a/javascript/ql/test/experimental/Security/CWE-094/empty.js +++ /dev/null @@ -1 +0,0 @@ -console.log('test') \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/empty.js b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/empty.js deleted file mode 100644 index a243684db7f..00000000000 --- a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/empty.js +++ /dev/null @@ -1 +0,0 @@ -console.log('test') \ No newline at end of file From ba5747dff382fb2c5f86e190746be92ec9f7c97d Mon Sep 17 00:00:00 2001 From: jarlob Date: Mon, 3 Apr 2023 15:10:27 +0200 Subject: [PATCH 014/870] fix formatting --- javascript/ql/src/Security/CWE-094/ExpressionInjection.ql | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql index c8c42b4122e..ce815c8e11d 100644 --- a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql +++ b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql @@ -52,7 +52,8 @@ private predicate isExternalUserControlledComment(string context) { bindingset[context] private predicate isExternalUserControlledGollum(string context) { - context.regexpMatch("\\bgithub\\s*\\.\\s*event\\s*\\.\\s*pages\\[[0-9]+\\]\\s*\\.\\s*page_name\\b") or + context + .regexpMatch("\\bgithub\\s*\\.\\s*event\\s*\\.\\s*pages\\[[0-9]+\\]\\s*\\.\\s*page_name\\b") or context.regexpMatch("\\bgithub\\s*\\.\\s*event\\s*\\.\\s*pages\\[[0-9]+\\]\\s*\\.\\s*title\\b") } From e941218e307417476a22e2ef1396e0f333bd1ae9 Mon Sep 17 00:00:00 2001 From: jarlob Date: Mon, 3 Apr 2023 15:15:00 +0200 Subject: [PATCH 015/870] change notes added --- javascript/ql/lib/change-notes/2023-04-03-gh-injection.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 javascript/ql/lib/change-notes/2023-04-03-gh-injection.md diff --git a/javascript/ql/lib/change-notes/2023-04-03-gh-injection.md b/javascript/ql/lib/change-notes/2023-04-03-gh-injection.md new file mode 100644 index 00000000000..04a5a2f4b6f --- /dev/null +++ b/javascript/ql/lib/change-notes/2023-04-03-gh-injection.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Fixes and improvements in GitHub Actions Injection query. \ No newline at end of file From 8ea418216c4cc997d6f73289fb37c41203310cf0 Mon Sep 17 00:00:00 2001 From: jarlob Date: Mon, 3 Apr 2023 23:13:28 +0200 Subject: [PATCH 016/870] Look for script injections in actions/github-script --- .../ql/lib/semmle/javascript/Actions.qll | 49 +++++++++++++------ .../Security/CWE-094/ExpressionInjection.ql | 22 +++++++-- .../.github/workflows/comment_issue.yml | 15 +++++- .../ExpressionInjection.expected | 3 ++ 4 files changed, 69 insertions(+), 20 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/Actions.qll b/javascript/ql/lib/semmle/javascript/Actions.qll index b1ab674924d..3d1d4c589d1 100644 --- a/javascript/ql/lib/semmle/javascript/Actions.qll +++ b/javascript/ql/lib/semmle/javascript/Actions.qll @@ -244,6 +244,40 @@ module Actions { With getWith() { result = with } } + /** + * Holds if `${{ e }}` is a GitHub Actions expression evaluated within this YAML string. + * See https://docs.github.com/en/free-pro-team@latest/actions/reference/context-and-expression-syntax-for-github-actions. + * Only finds simple expressions like `${{ github.event.comment.body }}`, where the expression contains only alphanumeric characters, underscores, dots, or dashes. + * Does not identify more complicated expressions like `${{ fromJSON(env.time) }}`, or ${{ format('{{Hello {0}!}}', github.event.head_commit.author.name) }} + */ + string getASimpleReferenceExpression(YamlString node) { + // We use `regexpFind` to obtain *all* matches of `${{...}}`, + // not just the last (greedy match) or first (reluctant match). + result = + node.getValue() + .regexpFind("\\$\\{\\{\\s*[A-Za-z0-9_\\[\\]\\*\\(\\)\\.\\-]+\\s*\\}\\}", _, _) + .regexpCapture("\\$\\{\\{\\s*([A-Za-z0-9_\\[\\]\\*\\((\\)\\.\\-]+)\\s*\\}\\}", 1) + } + + /** + * A `script:` field within an Actions `with:` specific to `actions/github-script` action. + * + * For example: + * ``` + * uses: actions/github-script@v3 + * with: + * script: console.log('${{ github.event.pull_request.head.sha }}') + * ``` + */ + class Script extends YamlNode, YamlString { + With with; + + Script() { with.lookup("script") = this } + + /** Gets the `with` field this field belongs to. */ + With getWith() { result = with } + } + /** * A `run` field within an Actions job step, which runs command-line programs using an operating system shell. * See https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsrun. @@ -255,20 +289,5 @@ module Actions { /** Gets the step that executes this `run` command. */ Step getStep() { result = step } - - /** - * Holds if `${{ e }}` is a GitHub Actions expression evaluated within this `run` command. - * See https://docs.github.com/en/free-pro-team@latest/actions/reference/context-and-expression-syntax-for-github-actions. - * Only finds simple expressions like `${{ github.event.comment.body }}`, where the expression contains only alphanumeric characters, underscores, dots, or dashes. - * Does not identify more complicated expressions like `${{ fromJSON(env.time) }}`, or ${{ format('{{Hello {0}!}}', github.event.head_commit.author.name) }} - */ - string getASimpleReferenceExpression() { - // We use `regexpFind` to obtain *all* matches of `${{...}}`, - // not just the last (greedy match) or first (reluctant match). - result = - this.getValue() - .regexpFind("\\$\\{\\{\\s*[A-Za-z0-9_\\[\\]\\*\\(\\)\\.\\-]+\\s*\\}\\}", _, _) - .regexpCapture("\\$\\{\\{\\s*([A-Za-z0-9_\\[\\]\\*\\((\\)\\.\\-]+)\\s*\\}\\}", 1) - } } } diff --git a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql index ce815c8e11d..84e7215837e 100644 --- a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql +++ b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql @@ -103,10 +103,24 @@ private predicate isExternalUserControlledWorkflowRun(string context) { ) } -from Actions::Run run, string context, Actions::On on +from YamlNode node, string context, Actions::On on where - run.getASimpleReferenceExpression() = context and - run.getStep().getJob().getWorkflow().getOn() = on and + ( + exists(Actions::Run run | + node = run and + Actions::getASimpleReferenceExpression(run) = context and + run.getStep().getJob().getWorkflow().getOn() = on + ) + or + exists(Actions::Script script, Actions::Step step, Actions::Uses uses | + node = script and + script.getWith().getStep() = step and + uses.getStep() = step and + uses.getGitHubRepository() = "actions/github-script" and + Actions::getASimpleReferenceExpression(script) = context and + script.getWith().getStep().getJob().getWorkflow().getOn() = on + ) + ) and ( exists(on.getNode("issues")) and isExternalUserControlledIssue(context) @@ -138,6 +152,6 @@ where exists(on.getNode("workflow_run")) and isExternalUserControlledWorkflowRun(context) ) -select run, +select node, "Potential injection from the " + context + " context, which may be controlled by an external user." diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/comment_issue.yml b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/comment_issue.yml index fec20d7272f..17ead9fdd20 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/comment_issue.yml +++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/comment_issue.yml @@ -12,4 +12,17 @@ jobs: steps: - run: echo '${{ github.event.comment.body }}' - run: echo '${{ github.event.issue.body }}' - - run: echo '${{ github.event.issue.title }}' \ No newline at end of file + - run: echo '${{ github.event.issue.title }}' + + echo-chamber3: + runs-on: ubuntu-latest + steps: + - uses: actions/github-script@v3 + with: + script: console.log('${{ github.event.comment.body }}') + - uses: actions/github-script@v3 + with: + script: console.log('${{ github.event.issue.body }}') + - uses: actions/github-script@v3 + with: + script: console.log('${{ github.event.issue.title }}') \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected index b89948010b8..775ec3ba640 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected @@ -2,6 +2,9 @@ | .github/workflows/comment_issue.yml:13:12:13:50 | echo '$ ... ody }}' | Potential injection from the github.event.comment.body context, which may be controlled by an external user. | | .github/workflows/comment_issue.yml:14:12:14:48 | echo '$ ... ody }}' | Potential injection from the github.event.issue.body context, which may be controlled by an external user. | | .github/workflows/comment_issue.yml:15:12:15:49 | echo '$ ... tle }}' | Potential injection from the github.event.issue.title context, which may be controlled by an external user. | +| .github/workflows/comment_issue.yml:22:17:22:63 | console ... dy }}') | Potential injection from the github.event.comment.body context, which may be controlled by an external user. | +| .github/workflows/comment_issue.yml:25:17:25:61 | console ... dy }}') | Potential injection from the github.event.issue.body context, which may be controlled by an external user. | +| .github/workflows/comment_issue.yml:28:17:28:62 | console ... le }}') | Potential injection from the github.event.issue.title context, which may be controlled by an external user. | | .github/workflows/comment_issue_newline.yml:9:14:10:50 | \| | Potential injection from the github.event.comment.body context, which may be controlled by an external user. | | .github/workflows/discussion.yml:7:12:7:54 | echo '$ ... tle }}' | Potential injection from the github.event.discussion.title context, which may be controlled by an external user. | | .github/workflows/discussion.yml:8:12:8:53 | echo '$ ... ody }}' | Potential injection from the github.event.discussion.body context, which may be controlled by an external user. | From 39ff3c72a29696058a994709b2f60d488ad96626 Mon Sep 17 00:00:00 2001 From: jarlob Date: Mon, 3 Apr 2023 23:28:31 +0200 Subject: [PATCH 017/870] Remove label sanitizer because it is prone to race conditions --- .../Security/CWE-094/UntrustedCheckout.ql | 46 ++----------------- .../CWE-094/UntrustedCheckout.expected | 6 +++ 2 files changed, 10 insertions(+), 42 deletions(-) diff --git a/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql b/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql index 8f9622fe6e7..a81c8c65d25 100644 --- a/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql +++ b/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql @@ -17,7 +17,7 @@ import javascript import semmle.javascript.Actions /** - * An action step that doesn't contain `actor` or `label` check in `if:` or + * An action step that doesn't contain `actor` check in `if:` or * the check requires manual analysis. */ class ProbableStep extends Actions::Step { @@ -29,25 +29,13 @@ class ProbableStep extends Actions::Step { // needs manual analysis if there is OR this.getIf().getValue().matches("%||%") or - // labels can be assigned by owners only - not exists( - this.getIf() - .getValue() - .regexpFind("\\bcontains\\s*\\(\\s*github\\s*\\.\\s*event\\s*\\.\\s*(?:issue|pull_request)\\s*\\.\\s*labels\\b", - _, _) - ) and - not exists( - this.getIf() - .getValue() - .regexpFind("\\bgithub\\s*\\.\\s*event\\s*\\.\\s*label\\s*\\.\\s*name\\s*==", _, _) - ) and // actor check means only the user is able to run it not exists(this.getIf().getValue().regexpFind("\\bgithub\\s*\\.\\s*actor\\s*==", _, _)) } } /** - * An action job that doesn't contain `actor` or `label` check in `if:` or + * An action job that doesn't contain `actor` check in `if:` or * the check requires manual analysis. */ class ProbableJob extends Actions::Job { @@ -59,45 +47,19 @@ class ProbableJob extends Actions::Job { // needs manual analysis if there is OR this.getIf().getValue().matches("%||%") or - // labels can be assigned by owners only - not exists( - this.getIf() - .getValue() - .regexpFind("\\bcontains\\s*\\(\\s*github\\s*\\.\\s*event\\s*\\.\\s*(?:issue|pull_request)\\s*\\.\\s*labels\\b", - _, _) - ) and - not exists( - this.getIf() - .getValue() - .regexpFind("\\bgithub\\s*\\.\\s*event\\s*\\.\\s*label\\s*\\.\\s*name\\s*==", _, _) - ) and // actor check means only the user is able to run it not exists(this.getIf().getValue().regexpFind("\\bgithub\\s*\\.\\s*actor\\s*==", _, _)) } } /** - * An action step that doesn't contain `actor` or `label` check in `if:` or + * on: pull_request_target */ class ProbablePullRequestTarget extends Actions::On, YamlMappingLikeNode { ProbablePullRequestTarget() { exists(YamlNode prtNode | // The `on:` is triggered on `pull_request_target` - this.getNode("pull_request_target") = prtNode and - ( - // and either doesn't contain `types` filter - not exists(prtNode.getAChild()) - or - // or has the filter, that is something else than just [labeled] - exists(YamlMappingLikeNode prt, YamlMappingLikeNode types | - types = prt.getNode("types") and - prtNode = prt and - ( - not types.getElementCount() = 1 or - not exists(types.getNode("labeled")) - ) - ) - ) + this.getNode("pull_request_target") = prtNode ) } } diff --git a/javascript/ql/test/experimental/Security/CWE-094/UntrustedCheckout.expected b/javascript/ql/test/experimental/Security/CWE-094/UntrustedCheckout.expected index fc1f704c025..127ced2bb97 100644 --- a/javascript/ql/test/experimental/Security/CWE-094/UntrustedCheckout.expected +++ b/javascript/ql/test/experimental/Security/CWE-094/UntrustedCheckout.expected @@ -1,7 +1,13 @@ +| .github/workflows/pull_request_target_if_job.yml:9:7:12:2 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on 'pull_request_target'. | +| .github/workflows/pull_request_target_if_job.yml:16:7:19:2 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on 'pull_request_target'. | | .github/workflows/pull_request_target_if_job.yml:30:7:33:2 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on 'pull_request_target'. | | .github/workflows/pull_request_target_if_job.yml:36:7:38:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on 'pull_request_target'. | +| .github/workflows/pull_request_target_if_step.yml:9:7:14:4 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on 'pull_request_target'. | +| .github/workflows/pull_request_target_if_step.yml:14:7:19:4 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on 'pull_request_target'. | | .github/workflows/pull_request_target_if_step.yml:24:7:29:4 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on 'pull_request_target'. | | .github/workflows/pull_request_target_if_step.yml:29:7:31:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on 'pull_request_target'. | +| .github/workflows/pull_request_target_label_only.yml:10:7:12:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on 'pull_request_target'. | +| .github/workflows/pull_request_target_label_only_mapping.yml:11:7:13:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on 'pull_request_target'. | | .github/workflows/pull_request_target_labels_mapping.yml:13:7:15:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on 'pull_request_target'. | | .github/workflows/pull_request_target_labels_sequence.yml:10:7:12:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on 'pull_request_target'. | | .github/workflows/pull_request_target_mapping.yml:8:7:10:54 | uses: a ... kout@v2 | Potential unsafe checkout of untrusted pull request on 'pull_request_target'. | From 5c5b9f99a83dfd328780e77d15892652556a5484 Mon Sep 17 00:00:00 2001 From: jarlob Date: Wed, 5 Apr 2023 10:03:46 +0200 Subject: [PATCH 018/870] Add simple taint tracking for env variables --- .../ql/lib/semmle/javascript/Actions.qll | 61 +++++++++++++++++++ .../CWE-094/ExpressionInjection.qhelp | 10 +-- .../Security/CWE-094/ExpressionInjection.ql | 28 +++++++-- .../.github/workflows/issues.yml | 12 ++++ .../ExpressionInjection.expected | 7 ++- 5 files changed, 106 insertions(+), 12 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/Actions.qll b/javascript/ql/lib/semmle/javascript/Actions.qll index 3d1d4c589d1..3567414650b 100644 --- a/javascript/ql/lib/semmle/javascript/Actions.qll +++ b/javascript/ql/lib/semmle/javascript/Actions.qll @@ -28,6 +28,9 @@ module Actions { /** Gets the `jobs` mapping from job IDs to job definitions in this workflow. */ YamlMapping getJobs() { result = this.lookup("jobs") } + /** Gets the 'global' `env` mapping in this workflow. */ + YamlMapping getEnv() { result = this.lookup("env") } + /** Gets the name of the workflow. */ string getName() { result = this.lookup("name").(YamlString).getValue() } @@ -54,6 +57,54 @@ module Actions { Workflow getWorkflow() { result = workflow } } + /** An environment variable in 'env:' */ + abstract class Env extends YamlNode, YamlString { + /** Gets the name of this environment variable. */ + abstract string getName(); + } + + /** Workflow level 'global' environment variable. */ + class GlobalEnv extends Env { + string envName; + Workflow workflow; + + GlobalEnv() { this = workflow.getEnv().lookup(envName) } + + /** Gets the workflow this field belongs to. */ + Workflow getWorkflow() { result = workflow } + + /** Gets the name of this environment variable. */ + override string getName() { result = envName } + } + + /** Job level environment variable. */ + class JobEnv extends Env { + string envName; + Job job; + + JobEnv() { this = job.getEnv().lookup(envName) } + + /** Gets the job this field belongs to. */ + Job getJob() { result = job } + + /** Gets the name of this environment variable. */ + override string getName() { result = envName } + } + + /** Step level environment variable. */ + class StepEnv extends Env { + string envName; + Step step; + + StepEnv() { this = step.getEnv().lookup(envName) } + + /** Gets the step this field belongs to. */ + Step getStep() { result = step } + + /** Gets the name of this environment variable. */ + override string getName() { result = envName } + } + /** * An Actions job within a workflow. * See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobs. @@ -88,6 +139,9 @@ module Actions { /** Gets the sequence of `steps` within this job. */ YamlSequence getSteps() { result = this.lookup("steps") } + /** Gets the `env` mapping in this job. */ + YamlMapping getEnv() { result = this.lookup("env") } + /** Gets the workflow this job belongs to. */ Workflow getWorkflow() { result = workflow } @@ -149,6 +203,9 @@ module Actions { /** Gets the value of the `if` field in this step, if any. */ StepIf getIf() { result.getStep() = this } + /** Gets the value of the `env` field in this step, if any. */ + YamlMapping getEnv() { result = this.lookup("env") } + /** Gets the ID of this step, if any. */ string getId() { result = this.lookup("id").(YamlString).getValue() } } @@ -259,6 +316,10 @@ module Actions { .regexpCapture("\\$\\{\\{\\s*([A-Za-z0-9_\\[\\]\\*\\((\\)\\.\\-]+)\\s*\\}\\}", 1) } + /** Extracts the 'name' part from env.name */ + bindingset[name] + string getEnvName(string name) { result = name.regexpCapture("env\\.([A-Za-z0-9_]+)", 1) } + /** * A `script:` field within an Actions `with:` specific to `actions/github-script` action. * diff --git a/javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp b/javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp index 4424fe363a2..6e248eb380e 100644 --- a/javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp +++ b/javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp @@ -8,10 +8,11 @@ code injection in contexts like run: or script:.

- Code injection in GitHub Actions may allow an attacker to - exfiltrate the temporary GitHub repository authorization token. + Code injection in GitHub Actions may allow an attacker to + exfiltrate any secrets used in the workflow and + the temporary GitHub repository authorization token. The token might have write access to the repository, allowing an attacker - to use the token to make changes to the repository. + to use the token to make changes to the repository.

@@ -19,7 +20,8 @@

The best practice to avoid code injection vulnerabilities in GitHub workflows is to set the untrusted input value of the expression - to an intermediate environment variable. + to an intermediate environment variable and then use the environment variable + using the native syntax of the shell/script interpreter (i.e. NOT the ${{ env.VAR }}).

It is also recommended to limit the permissions of any tokens used diff --git a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql index 84e7215837e..cbeecf1405a 100644 --- a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql +++ b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql @@ -103,22 +103,38 @@ private predicate isExternalUserControlledWorkflowRun(string context) { ) } -from YamlNode node, string context, Actions::On on +from YamlNode node, string injection, string context, Actions::On on where ( exists(Actions::Run run | node = run and - Actions::getASimpleReferenceExpression(run) = context and - run.getStep().getJob().getWorkflow().getOn() = on + Actions::getASimpleReferenceExpression(run) = injection and + run.getStep().getJob().getWorkflow().getOn() = on and + ( + injection = context + or + exists(Actions::Env env | + Actions::getEnvName(injection) = env.getName() and + Actions::getASimpleReferenceExpression(env) = context + ) + ) ) or exists(Actions::Script script, Actions::Step step, Actions::Uses uses | node = script and + script.getWith().getStep().getJob().getWorkflow().getOn() = on and script.getWith().getStep() = step and uses.getStep() = step and uses.getGitHubRepository() = "actions/github-script" and - Actions::getASimpleReferenceExpression(script) = context and - script.getWith().getStep().getJob().getWorkflow().getOn() = on + Actions::getASimpleReferenceExpression(script) = injection and + ( + injection = context + or + exists(Actions::Env env | + Actions::getEnvName(injection) = env.getName() and + Actions::getASimpleReferenceExpression(env) = context + ) + ) ) ) and ( @@ -153,5 +169,5 @@ where isExternalUserControlledWorkflowRun(context) ) select node, - "Potential injection from the " + context + + "Potential injection from the " + injection + " context, which may be controlled by an external user." diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/issues.yml b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/issues.yml index 2eae85278dd..5e767ce0239 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/issues.yml +++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/issues.yml @@ -1,8 +1,20 @@ on: issues +env: + global_env: ${{ github.event.issue.title }} + test: test + jobs: echo-chamber: + env: + job_env: ${{ github.event.issue.title }} runs-on: ubuntu-latest steps: - run: echo '${{ github.event.issue.title }}' - run: echo '${{ github.event.issue.body }}' + - run: echo '${{ env.global_env }}' + - run: echo '${{ env.test }}' + - run: echo '${{ env.job_env }}' + - run: echo '${{ env.step_env }}' + env: + step_env: ${{ github.event.issue.title }} diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected index 775ec3ba640..0665fe46a6b 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected @@ -15,8 +15,11 @@ | .github/workflows/gollum.yml:8:12:8:53 | echo '$ ... tle }}' | Potential injection from the github.event.pages[11].title context, which may be controlled by an external user. | | .github/workflows/gollum.yml:9:12:9:56 | echo '$ ... ame }}' | Potential injection from the github.event.pages[0].page_name context, which may be controlled by an external user. | | .github/workflows/gollum.yml:10:12:10:59 | echo '$ ... ame }}' | Potential injection from the github.event.pages[2222].page_name context, which may be controlled by an external user. | -| .github/workflows/issues.yml:7:12:7:49 | echo '$ ... tle }}' | Potential injection from the github.event.issue.title context, which may be controlled by an external user. | -| .github/workflows/issues.yml:8:12:8:48 | echo '$ ... ody }}' | Potential injection from the github.event.issue.body context, which may be controlled by an external user. | +| .github/workflows/issues.yml:13:12:13:49 | echo '$ ... tle }}' | Potential injection from the github.event.issue.title context, which may be controlled by an external user. | +| .github/workflows/issues.yml:14:12:14:48 | echo '$ ... ody }}' | Potential injection from the github.event.issue.body context, which may be controlled by an external user. | +| .github/workflows/issues.yml:15:12:15:39 | echo '$ ... env }}' | Potential injection from the env.global_env context, which may be controlled by an external user. | +| .github/workflows/issues.yml:17:12:17:36 | echo '$ ... env }}' | Potential injection from the env.job_env context, which may be controlled by an external user. | +| .github/workflows/issues.yml:18:12:18:37 | echo '$ ... env }}' | Potential injection from the env.step_env context, which may be controlled by an external user. | | .github/workflows/pull_request_review.yml:7:12:7:56 | echo '$ ... tle }}' | Potential injection from the github.event.pull_request.title context, which may be controlled by an external user. | | .github/workflows/pull_request_review.yml:8:12:8:55 | echo '$ ... ody }}' | Potential injection from the github.event.pull_request.body context, which may be controlled by an external user. | | .github/workflows/pull_request_review.yml:9:12:9:61 | echo '$ ... bel }}' | Potential injection from the github.event.pull_request.head.label context, which may be controlled by an external user. | From eef1973b93f8f727e9c791cca565547b892465f8 Mon Sep 17 00:00:00 2001 From: jarlob Date: Wed, 5 Apr 2023 10:05:24 +0200 Subject: [PATCH 019/870] Change UI message --- .../Security/CWE-094/ExpressionInjection.ql | 4 +- .../ExpressionInjection.expected | 128 +++++++++--------- 2 files changed, 66 insertions(+), 66 deletions(-) diff --git a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql index cbeecf1405a..056d7204551 100644 --- a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql +++ b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql @@ -169,5 +169,5 @@ where isExternalUserControlledWorkflowRun(context) ) select node, - "Potential injection from the " + injection + - " context, which may be controlled by an external user." + "Potential injection from the ${ " + injection + + " }, which may be controlled by an external user." diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected index 0665fe46a6b..457cb815e6a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected @@ -1,64 +1,64 @@ -| .github/workflows/comment_issue.yml:7:12:8:48 | \| | Potential injection from the github.event.comment.body context, which may be controlled by an external user. | -| .github/workflows/comment_issue.yml:13:12:13:50 | echo '$ ... ody }}' | Potential injection from the github.event.comment.body context, which may be controlled by an external user. | -| .github/workflows/comment_issue.yml:14:12:14:48 | echo '$ ... ody }}' | Potential injection from the github.event.issue.body context, which may be controlled by an external user. | -| .github/workflows/comment_issue.yml:15:12:15:49 | echo '$ ... tle }}' | Potential injection from the github.event.issue.title context, which may be controlled by an external user. | -| .github/workflows/comment_issue.yml:22:17:22:63 | console ... dy }}') | Potential injection from the github.event.comment.body context, which may be controlled by an external user. | -| .github/workflows/comment_issue.yml:25:17:25:61 | console ... dy }}') | Potential injection from the github.event.issue.body context, which may be controlled by an external user. | -| .github/workflows/comment_issue.yml:28:17:28:62 | console ... le }}') | Potential injection from the github.event.issue.title context, which may be controlled by an external user. | -| .github/workflows/comment_issue_newline.yml:9:14:10:50 | \| | Potential injection from the github.event.comment.body context, which may be controlled by an external user. | -| .github/workflows/discussion.yml:7:12:7:54 | echo '$ ... tle }}' | Potential injection from the github.event.discussion.title context, which may be controlled by an external user. | -| .github/workflows/discussion.yml:8:12:8:53 | echo '$ ... ody }}' | Potential injection from the github.event.discussion.body context, which may be controlled by an external user. | -| .github/workflows/discussion_comment.yml:7:12:7:54 | echo '$ ... tle }}' | Potential injection from the github.event.discussion.title context, which may be controlled by an external user. | -| .github/workflows/discussion_comment.yml:8:12:8:53 | echo '$ ... ody }}' | Potential injection from the github.event.discussion.body context, which may be controlled by an external user. | -| .github/workflows/discussion_comment.yml:9:12:9:50 | echo '$ ... ody }}' | Potential injection from the github.event.comment.body context, which may be controlled by an external user. | -| .github/workflows/gollum.yml:7:12:7:52 | echo '$ ... tle }}' | Potential injection from the github.event.pages[1].title context, which may be controlled by an external user. | -| .github/workflows/gollum.yml:8:12:8:53 | echo '$ ... tle }}' | Potential injection from the github.event.pages[11].title context, which may be controlled by an external user. | -| .github/workflows/gollum.yml:9:12:9:56 | echo '$ ... ame }}' | Potential injection from the github.event.pages[0].page_name context, which may be controlled by an external user. | -| .github/workflows/gollum.yml:10:12:10:59 | echo '$ ... ame }}' | Potential injection from the github.event.pages[2222].page_name context, which may be controlled by an external user. | -| .github/workflows/issues.yml:13:12:13:49 | echo '$ ... tle }}' | Potential injection from the github.event.issue.title context, which may be controlled by an external user. | -| .github/workflows/issues.yml:14:12:14:48 | echo '$ ... ody }}' | Potential injection from the github.event.issue.body context, which may be controlled by an external user. | -| .github/workflows/issues.yml:15:12:15:39 | echo '$ ... env }}' | Potential injection from the env.global_env context, which may be controlled by an external user. | -| .github/workflows/issues.yml:17:12:17:36 | echo '$ ... env }}' | Potential injection from the env.job_env context, which may be controlled by an external user. | -| .github/workflows/issues.yml:18:12:18:37 | echo '$ ... env }}' | Potential injection from the env.step_env context, which may be controlled by an external user. | -| .github/workflows/pull_request_review.yml:7:12:7:56 | echo '$ ... tle }}' | Potential injection from the github.event.pull_request.title context, which may be controlled by an external user. | -| .github/workflows/pull_request_review.yml:8:12:8:55 | echo '$ ... ody }}' | Potential injection from the github.event.pull_request.body context, which may be controlled by an external user. | -| .github/workflows/pull_request_review.yml:9:12:9:61 | echo '$ ... bel }}' | Potential injection from the github.event.pull_request.head.label context, which may be controlled by an external user. | -| .github/workflows/pull_request_review.yml:10:12:10:75 | echo '$ ... nch }}' | Potential injection from the github.event.pull_request.head.repo.default_branch context, which may be controlled by an external user. | -| .github/workflows/pull_request_review.yml:11:12:11:72 | echo '$ ... ion }}' | Potential injection from the github.event.pull_request.head.repo.description context, which may be controlled by an external user. | -| .github/workflows/pull_request_review.yml:12:12:12:69 | echo '$ ... age }}' | Potential injection from the github.event.pull_request.head.repo.homepage context, which may be controlled by an external user. | -| .github/workflows/pull_request_review.yml:13:12:13:59 | echo '$ ... ref }}' | Potential injection from the github.event.pull_request.head.ref context, which may be controlled by an external user. | -| .github/workflows/pull_request_review.yml:14:12:14:49 | echo '$ ... ody }}' | Potential injection from the github.event.review.body context, which may be controlled by an external user. | -| .github/workflows/pull_request_review_comment.yml:7:12:7:56 | echo '$ ... tle }}' | Potential injection from the github.event.pull_request.title context, which may be controlled by an external user. | -| .github/workflows/pull_request_review_comment.yml:8:12:8:55 | echo '$ ... ody }}' | Potential injection from the github.event.pull_request.body context, which may be controlled by an external user. | -| .github/workflows/pull_request_review_comment.yml:9:12:9:61 | echo '$ ... bel }}' | Potential injection from the github.event.pull_request.head.label context, which may be controlled by an external user. | -| .github/workflows/pull_request_review_comment.yml:10:12:10:75 | echo '$ ... nch }}' | Potential injection from the github.event.pull_request.head.repo.default_branch context, which may be controlled by an external user. | -| .github/workflows/pull_request_review_comment.yml:11:12:11:72 | echo '$ ... ion }}' | Potential injection from the github.event.pull_request.head.repo.description context, which may be controlled by an external user. | -| .github/workflows/pull_request_review_comment.yml:12:12:12:69 | echo '$ ... age }}' | Potential injection from the github.event.pull_request.head.repo.homepage context, which may be controlled by an external user. | -| .github/workflows/pull_request_review_comment.yml:13:12:13:59 | echo '$ ... ref }}' | Potential injection from the github.event.pull_request.head.ref context, which may be controlled by an external user. | -| .github/workflows/pull_request_review_comment.yml:14:12:14:50 | echo '$ ... ody }}' | Potential injection from the github.event.comment.body context, which may be controlled by an external user. | -| .github/workflows/pull_request_target.yml:9:12:9:56 | echo '$ ... tle }}' | Potential injection from the github.event.pull_request.title context, which may be controlled by an external user. | -| .github/workflows/pull_request_target.yml:10:12:10:55 | echo '$ ... ody }}' | Potential injection from the github.event.pull_request.body context, which may be controlled by an external user. | -| .github/workflows/pull_request_target.yml:11:12:11:61 | echo '$ ... bel }}' | Potential injection from the github.event.pull_request.head.label context, which may be controlled by an external user. | -| .github/workflows/pull_request_target.yml:12:12:12:75 | echo '$ ... nch }}' | Potential injection from the github.event.pull_request.head.repo.default_branch context, which may be controlled by an external user. | -| .github/workflows/pull_request_target.yml:13:12:13:72 | echo '$ ... ion }}' | Potential injection from the github.event.pull_request.head.repo.description context, which may be controlled by an external user. | -| .github/workflows/pull_request_target.yml:14:12:14:69 | echo '$ ... age }}' | Potential injection from the github.event.pull_request.head.repo.homepage context, which may be controlled by an external user. | -| .github/workflows/pull_request_target.yml:15:12:15:59 | echo '$ ... ref }}' | Potential injection from the github.event.pull_request.head.ref context, which may be controlled by an external user. | -| .github/workflows/pull_request_target.yml:16:12:16:40 | echo '$ ... ref }}' | Potential injection from the github.head_ref context, which may be controlled by an external user. | -| .github/workflows/push.yml:7:12:7:57 | echo '$ ... age }}' | Potential injection from the github.event.commits[11].message context, which may be controlled by an external user. | -| .github/workflows/push.yml:8:12:8:62 | echo '$ ... ail }}' | Potential injection from the github.event.commits[11].author.email context, which may be controlled by an external user. | -| .github/workflows/push.yml:9:12:9:61 | echo '$ ... ame }}' | Potential injection from the github.event.commits[11].author.name context, which may be controlled by an external user. | -| .github/workflows/push.yml:10:12:10:57 | echo '$ ... age }}' | Potential injection from the github.event.head_commit.message context, which may be controlled by an external user. | -| .github/workflows/push.yml:11:12:11:62 | echo '$ ... ail }}' | Potential injection from the github.event.head_commit.author.email context, which may be controlled by an external user. | -| .github/workflows/push.yml:12:12:12:61 | echo '$ ... ame }}' | Potential injection from the github.event.head_commit.author.name context, which may be controlled by an external user. | -| .github/workflows/push.yml:13:12:13:65 | echo '$ ... ail }}' | Potential injection from the github.event.head_commit.committer.email context, which may be controlled by an external user. | -| .github/workflows/push.yml:14:12:14:64 | echo '$ ... ame }}' | Potential injection from the github.event.head_commit.committer.name context, which may be controlled by an external user. | -| .github/workflows/push.yml:15:12:15:65 | echo '$ ... ail }}' | Potential injection from the github.event.commits[11].committer.email context, which may be controlled by an external user. | -| .github/workflows/push.yml:16:12:16:64 | echo '$ ... ame }}' | Potential injection from the github.event.commits[11].committer.name context, which may be controlled by an external user. | -| .github/workflows/workflow_run.yml:9:12:9:64 | echo '$ ... tle }}' | Potential injection from the github.event.workflow_run.display_title context, which may be controlled by an external user. | -| .github/workflows/workflow_run.yml:10:12:10:70 | echo '$ ... age }}' | Potential injection from the github.event.workflow_run.head_commit.message context, which may be controlled by an external user. | -| .github/workflows/workflow_run.yml:11:12:11:75 | echo '$ ... ail }}' | Potential injection from the github.event.workflow_run.head_commit.author.email context, which may be controlled by an external user. | -| .github/workflows/workflow_run.yml:12:12:12:74 | echo '$ ... ame }}' | Potential injection from the github.event.workflow_run.head_commit.author.name context, which may be controlled by an external user. | -| .github/workflows/workflow_run.yml:13:12:13:78 | echo '$ ... ail }}' | Potential injection from the github.event.workflow_run.head_commit.committer.email context, which may be controlled by an external user. | -| .github/workflows/workflow_run.yml:14:12:14:77 | echo '$ ... ame }}' | Potential injection from the github.event.workflow_run.head_commit.committer.name context, which may be controlled by an external user. | -| .github/workflows/workflow_run.yml:15:12:15:62 | echo '$ ... nch }}' | Potential injection from the github.event.workflow_run.head_branch context, which may be controlled by an external user. | -| .github/workflows/workflow_run.yml:16:12:16:78 | echo '$ ... ion }}' | Potential injection from the github.event.workflow_run.head_repository.description context, which may be controlled by an external user. | +| .github/workflows/comment_issue.yml:7:12:8:48 | \| | Potential injection from the ${ github.event.comment.body }, which may be controlled by an external user. | +| .github/workflows/comment_issue.yml:13:12:13:50 | echo '$ ... ody }}' | Potential injection from the ${ github.event.comment.body }, which may be controlled by an external user. | +| .github/workflows/comment_issue.yml:14:12:14:48 | echo '$ ... ody }}' | Potential injection from the ${ github.event.issue.body }, which may be controlled by an external user. | +| .github/workflows/comment_issue.yml:15:12:15:49 | echo '$ ... tle }}' | Potential injection from the ${ github.event.issue.title }, which may be controlled by an external user. | +| .github/workflows/comment_issue.yml:22:17:22:63 | console ... dy }}') | Potential injection from the ${ github.event.comment.body }, which may be controlled by an external user. | +| .github/workflows/comment_issue.yml:25:17:25:61 | console ... dy }}') | Potential injection from the ${ github.event.issue.body }, which may be controlled by an external user. | +| .github/workflows/comment_issue.yml:28:17:28:62 | console ... le }}') | Potential injection from the ${ github.event.issue.title }, which may be controlled by an external user. | +| .github/workflows/comment_issue_newline.yml:9:14:10:50 | \| | Potential injection from the ${ github.event.comment.body }, which may be controlled by an external user. | +| .github/workflows/discussion.yml:7:12:7:54 | echo '$ ... tle }}' | Potential injection from the ${ github.event.discussion.title }, which may be controlled by an external user. | +| .github/workflows/discussion.yml:8:12:8:53 | echo '$ ... ody }}' | Potential injection from the ${ github.event.discussion.body }, which may be controlled by an external user. | +| .github/workflows/discussion_comment.yml:7:12:7:54 | echo '$ ... tle }}' | Potential injection from the ${ github.event.discussion.title }, which may be controlled by an external user. | +| .github/workflows/discussion_comment.yml:8:12:8:53 | echo '$ ... ody }}' | Potential injection from the ${ github.event.discussion.body }, which may be controlled by an external user. | +| .github/workflows/discussion_comment.yml:9:12:9:50 | echo '$ ... ody }}' | Potential injection from the ${ github.event.comment.body }, which may be controlled by an external user. | +| .github/workflows/gollum.yml:7:12:7:52 | echo '$ ... tle }}' | Potential injection from the ${ github.event.pages[1].title }, which may be controlled by an external user. | +| .github/workflows/gollum.yml:8:12:8:53 | echo '$ ... tle }}' | Potential injection from the ${ github.event.pages[11].title }, which may be controlled by an external user. | +| .github/workflows/gollum.yml:9:12:9:56 | echo '$ ... ame }}' | Potential injection from the ${ github.event.pages[0].page_name }, which may be controlled by an external user. | +| .github/workflows/gollum.yml:10:12:10:59 | echo '$ ... ame }}' | Potential injection from the ${ github.event.pages[2222].page_name }, which may be controlled by an external user. | +| .github/workflows/issues.yml:13:12:13:49 | echo '$ ... tle }}' | Potential injection from the ${ github.event.issue.title }, which may be controlled by an external user. | +| .github/workflows/issues.yml:14:12:14:48 | echo '$ ... ody }}' | Potential injection from the ${ github.event.issue.body }, which may be controlled by an external user. | +| .github/workflows/issues.yml:15:12:15:39 | echo '$ ... env }}' | Potential injection from the ${ env.global_env }, which may be controlled by an external user. | +| .github/workflows/issues.yml:17:12:17:36 | echo '$ ... env }}' | Potential injection from the ${ env.job_env }, which may be controlled by an external user. | +| .github/workflows/issues.yml:18:12:18:37 | echo '$ ... env }}' | Potential injection from the ${ env.step_env }, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:7:12:7:56 | echo '$ ... tle }}' | Potential injection from the ${ github.event.pull_request.title }, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:8:12:8:55 | echo '$ ... ody }}' | Potential injection from the ${ github.event.pull_request.body }, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:9:12:9:61 | echo '$ ... bel }}' | Potential injection from the ${ github.event.pull_request.head.label }, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:10:12:10:75 | echo '$ ... nch }}' | Potential injection from the ${ github.event.pull_request.head.repo.default_branch }, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:11:12:11:72 | echo '$ ... ion }}' | Potential injection from the ${ github.event.pull_request.head.repo.description }, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:12:12:12:69 | echo '$ ... age }}' | Potential injection from the ${ github.event.pull_request.head.repo.homepage }, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:13:12:13:59 | echo '$ ... ref }}' | Potential injection from the ${ github.event.pull_request.head.ref }, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:14:12:14:49 | echo '$ ... ody }}' | Potential injection from the ${ github.event.review.body }, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:7:12:7:56 | echo '$ ... tle }}' | Potential injection from the ${ github.event.pull_request.title }, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:8:12:8:55 | echo '$ ... ody }}' | Potential injection from the ${ github.event.pull_request.body }, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:9:12:9:61 | echo '$ ... bel }}' | Potential injection from the ${ github.event.pull_request.head.label }, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:10:12:10:75 | echo '$ ... nch }}' | Potential injection from the ${ github.event.pull_request.head.repo.default_branch }, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:11:12:11:72 | echo '$ ... ion }}' | Potential injection from the ${ github.event.pull_request.head.repo.description }, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:12:12:12:69 | echo '$ ... age }}' | Potential injection from the ${ github.event.pull_request.head.repo.homepage }, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:13:12:13:59 | echo '$ ... ref }}' | Potential injection from the ${ github.event.pull_request.head.ref }, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:14:12:14:50 | echo '$ ... ody }}' | Potential injection from the ${ github.event.comment.body }, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:9:12:9:56 | echo '$ ... tle }}' | Potential injection from the ${ github.event.pull_request.title }, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:10:12:10:55 | echo '$ ... ody }}' | Potential injection from the ${ github.event.pull_request.body }, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:11:12:11:61 | echo '$ ... bel }}' | Potential injection from the ${ github.event.pull_request.head.label }, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:12:12:12:75 | echo '$ ... nch }}' | Potential injection from the ${ github.event.pull_request.head.repo.default_branch }, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:13:12:13:72 | echo '$ ... ion }}' | Potential injection from the ${ github.event.pull_request.head.repo.description }, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:14:12:14:69 | echo '$ ... age }}' | Potential injection from the ${ github.event.pull_request.head.repo.homepage }, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:15:12:15:59 | echo '$ ... ref }}' | Potential injection from the ${ github.event.pull_request.head.ref }, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:16:12:16:40 | echo '$ ... ref }}' | Potential injection from the ${ github.head_ref }, which may be controlled by an external user. | +| .github/workflows/push.yml:7:12:7:57 | echo '$ ... age }}' | Potential injection from the ${ github.event.commits[11].message }, which may be controlled by an external user. | +| .github/workflows/push.yml:8:12:8:62 | echo '$ ... ail }}' | Potential injection from the ${ github.event.commits[11].author.email }, which may be controlled by an external user. | +| .github/workflows/push.yml:9:12:9:61 | echo '$ ... ame }}' | Potential injection from the ${ github.event.commits[11].author.name }, which may be controlled by an external user. | +| .github/workflows/push.yml:10:12:10:57 | echo '$ ... age }}' | Potential injection from the ${ github.event.head_commit.message }, which may be controlled by an external user. | +| .github/workflows/push.yml:11:12:11:62 | echo '$ ... ail }}' | Potential injection from the ${ github.event.head_commit.author.email }, which may be controlled by an external user. | +| .github/workflows/push.yml:12:12:12:61 | echo '$ ... ame }}' | Potential injection from the ${ github.event.head_commit.author.name }, which may be controlled by an external user. | +| .github/workflows/push.yml:13:12:13:65 | echo '$ ... ail }}' | Potential injection from the ${ github.event.head_commit.committer.email }, which may be controlled by an external user. | +| .github/workflows/push.yml:14:12:14:64 | echo '$ ... ame }}' | Potential injection from the ${ github.event.head_commit.committer.name }, which may be controlled by an external user. | +| .github/workflows/push.yml:15:12:15:65 | echo '$ ... ail }}' | Potential injection from the ${ github.event.commits[11].committer.email }, which may be controlled by an external user. | +| .github/workflows/push.yml:16:12:16:64 | echo '$ ... ame }}' | Potential injection from the ${ github.event.commits[11].committer.name }, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:9:12:9:64 | echo '$ ... tle }}' | Potential injection from the ${ github.event.workflow_run.display_title }, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:10:12:10:70 | echo '$ ... age }}' | Potential injection from the ${ github.event.workflow_run.head_commit.message }, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:11:12:11:75 | echo '$ ... ail }}' | Potential injection from the ${ github.event.workflow_run.head_commit.author.email }, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:12:12:12:74 | echo '$ ... ame }}' | Potential injection from the ${ github.event.workflow_run.head_commit.author.name }, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:13:12:13:78 | echo '$ ... ail }}' | Potential injection from the ${ github.event.workflow_run.head_commit.committer.email }, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:14:12:14:77 | echo '$ ... ame }}' | Potential injection from the ${ github.event.workflow_run.head_commit.committer.name }, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:15:12:15:62 | echo '$ ... nch }}' | Potential injection from the ${ github.event.workflow_run.head_branch }, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:16:12:16:78 | echo '$ ... ion }}' | Potential injection from the ${ github.event.workflow_run.head_repository.description }, which may be controlled by an external user. | From 40b7910473176ec6aa97d0eda4c50faca6b819fd Mon Sep 17 00:00:00 2001 From: jarlob Date: Wed, 5 Apr 2023 10:14:54 +0200 Subject: [PATCH 020/870] Fix QLDoc warnings --- javascript/ql/lib/semmle/javascript/Actions.qll | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/Actions.qll b/javascript/ql/lib/semmle/javascript/Actions.qll index 3567414650b..85b313af8a3 100644 --- a/javascript/ql/lib/semmle/javascript/Actions.qll +++ b/javascript/ql/lib/semmle/javascript/Actions.qll @@ -63,7 +63,7 @@ module Actions { abstract string getName(); } - /** Workflow level 'global' environment variable. */ + /** A workflow level 'global' environment variable. */ class GlobalEnv extends Env { string envName; Workflow workflow; @@ -77,7 +77,7 @@ module Actions { override string getName() { result = envName } } - /** Job level environment variable. */ + /** A job level environment variable. */ class JobEnv extends Env { string envName; Job job; @@ -91,7 +91,7 @@ module Actions { override string getName() { result = envName } } - /** Step level environment variable. */ + /** A step level environment variable. */ class StepEnv extends Env { string envName; Step step; From 9fba7d31f1cb8183e6617f24052efa7b6d1bef4c Mon Sep 17 00:00:00 2001 From: jarlob Date: Wed, 5 Apr 2023 10:24:07 +0200 Subject: [PATCH 021/870] Improve documentation --- .../src/Security/CWE-094/ExpressionInjection.qhelp | 14 +++++++++++++- .../CWE-094/examples/comment_issue_bad_env.yml | 10 ++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 javascript/ql/src/Security/CWE-094/examples/comment_issue_bad_env.yml diff --git a/javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp b/javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp index 6e248eb380e..dbc1196ae66 100644 --- a/javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp +++ b/javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp @@ -21,7 +21,7 @@ The best practice to avoid code injection vulnerabilities in GitHub workflows is to set the untrusted input value of the expression to an intermediate environment variable and then use the environment variable - using the native syntax of the shell/script interpreter (i.e. NOT the ${{ env.VAR }}). + using the native syntax of the shell/script interpreter (i.e. NOT the ${{ env.VAR }}).

It is also recommended to limit the permissions of any tokens used @@ -40,6 +40,18 @@ the environment variable and will prevent the attack:

+ +

+ The following example uses an environment variable, but + still allows injection because of the use of expression syntax: +

+ + +

+ The following example uses shell syntax to read + the environment variable and will prevent the attack: +

+ diff --git a/javascript/ql/src/Security/CWE-094/examples/comment_issue_bad_env.yml b/javascript/ql/src/Security/CWE-094/examples/comment_issue_bad_env.yml new file mode 100644 index 00000000000..b7698938de7 --- /dev/null +++ b/javascript/ql/src/Security/CWE-094/examples/comment_issue_bad_env.yml @@ -0,0 +1,10 @@ +on: issue_comment + +jobs: + echo-body: + runs-on: ubuntu-latest + steps: + - env: + BODY: ${{ github.event.issue.body }} + run: | + echo '${{ env.BODY }}' \ No newline at end of file From 40635e60d1df85f4deeabe4fc82f4509c6e414a0 Mon Sep 17 00:00:00 2001 From: jarlob Date: Wed, 5 Apr 2023 10:26:02 +0200 Subject: [PATCH 022/870] Improve documentation --- .../ql/src/Security/CWE-094/ExpressionInjection.qhelp | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp b/javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp index dbc1196ae66..d010a75a46b 100644 --- a/javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp +++ b/javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp @@ -35,15 +35,9 @@

-

- The following example uses shell syntax to read - the environment variable and will prevent the attack: -

- -

The following example uses an environment variable, but - still allows injection because of the use of expression syntax: + still allows the injection because of the use of expression syntax:

From 0a878d4db945f59f9ca8e9840e67b87a9712d21b Mon Sep 17 00:00:00 2001 From: jarlob Date: Thu, 6 Apr 2023 19:07:38 +0200 Subject: [PATCH 023/870] Support yAml extensions --- javascript/ql/lib/semmle/javascript/Actions.qll | 2 +- .../.github/workflows/{issues.yml => issues.yaml} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/{issues.yml => issues.yaml} (100%) diff --git a/javascript/ql/lib/semmle/javascript/Actions.qll b/javascript/ql/lib/semmle/javascript/Actions.qll index 85b313af8a3..d8378ea347b 100644 --- a/javascript/ql/lib/semmle/javascript/Actions.qll +++ b/javascript/ql/lib/semmle/javascript/Actions.qll @@ -16,7 +16,7 @@ module Actions { this.getLocation() .getFile() .getRelativePath() - .regexpMatch("(^|.*/)\\.github/workflows/.*\\.yml$") + .regexpMatch("(^|.*/)\\.github/workflows/.*\\.y(?:a?)ml$") } } diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/issues.yml b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/issues.yaml similarity index 100% rename from javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/issues.yml rename to javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/.github/workflows/issues.yaml From baefeab2d13f204368f0ec4c706acc5e6a4f940b Mon Sep 17 00:00:00 2001 From: jarlob Date: Thu, 6 Apr 2023 19:11:04 +0200 Subject: [PATCH 024/870] fix tests --- .../ExpressionInjection/ExpressionInjection.expected | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected index 457cb815e6a..21248e7f5b2 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected @@ -15,11 +15,11 @@ | .github/workflows/gollum.yml:8:12:8:53 | echo '$ ... tle }}' | Potential injection from the ${ github.event.pages[11].title }, which may be controlled by an external user. | | .github/workflows/gollum.yml:9:12:9:56 | echo '$ ... ame }}' | Potential injection from the ${ github.event.pages[0].page_name }, which may be controlled by an external user. | | .github/workflows/gollum.yml:10:12:10:59 | echo '$ ... ame }}' | Potential injection from the ${ github.event.pages[2222].page_name }, which may be controlled by an external user. | -| .github/workflows/issues.yml:13:12:13:49 | echo '$ ... tle }}' | Potential injection from the ${ github.event.issue.title }, which may be controlled by an external user. | -| .github/workflows/issues.yml:14:12:14:48 | echo '$ ... ody }}' | Potential injection from the ${ github.event.issue.body }, which may be controlled by an external user. | -| .github/workflows/issues.yml:15:12:15:39 | echo '$ ... env }}' | Potential injection from the ${ env.global_env }, which may be controlled by an external user. | -| .github/workflows/issues.yml:17:12:17:36 | echo '$ ... env }}' | Potential injection from the ${ env.job_env }, which may be controlled by an external user. | -| .github/workflows/issues.yml:18:12:18:37 | echo '$ ... env }}' | Potential injection from the ${ env.step_env }, which may be controlled by an external user. | +| .github/workflows/issues.yaml:13:12:13:49 | echo '$ ... tle }}' | Potential injection from the ${ github.event.issue.title }, which may be controlled by an external user. | +| .github/workflows/issues.yaml:14:12:14:48 | echo '$ ... ody }}' | Potential injection from the ${ github.event.issue.body }, which may be controlled by an external user. | +| .github/workflows/issues.yaml:15:12:15:39 | echo '$ ... env }}' | Potential injection from the ${ env.global_env }, which may be controlled by an external user. | +| .github/workflows/issues.yaml:17:12:17:36 | echo '$ ... env }}' | Potential injection from the ${ env.job_env }, which may be controlled by an external user. | +| .github/workflows/issues.yaml:18:12:18:37 | echo '$ ... env }}' | Potential injection from the ${ env.step_env }, which may be controlled by an external user. | | .github/workflows/pull_request_review.yml:7:12:7:56 | echo '$ ... tle }}' | Potential injection from the ${ github.event.pull_request.title }, which may be controlled by an external user. | | .github/workflows/pull_request_review.yml:8:12:8:55 | echo '$ ... ody }}' | Potential injection from the ${ github.event.pull_request.body }, which may be controlled by an external user. | | .github/workflows/pull_request_review.yml:9:12:9:61 | echo '$ ... bel }}' | Potential injection from the ${ github.event.pull_request.head.label }, which may be controlled by an external user. | From 9c7eecf547e805f400d3d0334e1ca154ad0c4f49 Mon Sep 17 00:00:00 2001 From: jarlob Date: Thu, 6 Apr 2023 22:53:59 +0200 Subject: [PATCH 025/870] Add support for composite actions --- .../ql/lib/semmle/javascript/Actions.qll | 69 +++++-- .../Security/CWE-094/ExpressionInjection.ql | 172 ++++++++++++------ .../ExpressionInjection.expected | 1 + .../CWE-094/ExpressionInjection/action.yml | 14 ++ 4 files changed, 184 insertions(+), 72 deletions(-) create mode 100644 javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/action.yml diff --git a/javascript/ql/lib/semmle/javascript/Actions.qll b/javascript/ql/lib/semmle/javascript/Actions.qll index d8378ea347b..6faeeb15987 100644 --- a/javascript/ql/lib/semmle/javascript/Actions.qll +++ b/javascript/ql/lib/semmle/javascript/Actions.qll @@ -10,16 +10,62 @@ import javascript * See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions. */ module Actions { - /** A YAML node in a GitHub Actions workflow file. */ + /** A YAML node in a GitHub Actions workflow or custom action file. */ private class Node extends YamlNode { Node() { - this.getLocation() - .getFile() - .getRelativePath() - .regexpMatch("(^|.*/)\\.github/workflows/.*\\.y(?:a?)ml$") + exists(File f | + f = this.getLocation().getFile() and + ( + f.getRelativePath().regexpMatch("(^|.*/)\\.github/workflows/.*\\.y(?:a?)ml$") + or + f.getBaseName() = "action.yml" + ) + ) } } + /** + * A custom action. This is a mapping at the top level of an Actions YAML action file. + * See https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions. + */ + class Action extends Node, YamlDocument, YamlMapping { + /** Gets the `runs` mapping. */ + Runs getRuns() { result = this.lookup("runs") } + } + + /** + * An `runs` mapping in a custom action YAML. + * See https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runs + */ + class Runs extends StepsContainer { + Action action; + + Runs() { action.lookup("runs") = this } + + /** Gets the action that this `runs` mapping is in. */ + Action getAction() { result = action } + } + + /** + * The parent class of the class that can contain `steps` mappings. (`Job` or `Runs` currently.) + */ + abstract class StepsContainer extends YamlNode, YamlMapping { + /** Gets the sequence of `steps` within this YAML node. */ + YamlSequence getSteps() { result = this.lookup("steps") } + } + + /** + * A `using` mapping in a custom action YAML. + */ + class Using extends YamlNode, YamlScalar { + Runs runs; + + Using() { runs.lookup("using") = this } + + /** Gets the `runs` mapping that this `using` mapping is in. */ + Runs getRuns() { result = runs } + } + /** * An Actions workflow. This is a mapping at the top level of an Actions YAML workflow file. * See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions. @@ -109,7 +155,7 @@ module Actions { * An Actions job within a workflow. * See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobs. */ - class Job extends YamlNode, YamlMapping { + class Job extends StepsContainer { string jobId; Workflow workflow; @@ -136,9 +182,6 @@ module Actions { /** Gets the step at the given index within this job. */ Step getStep(int index) { result.getJob() = this and result.getIndex() = index } - /** Gets the sequence of `steps` within this job. */ - YamlSequence getSteps() { result = this.lookup("steps") } - /** Gets the `env` mapping in this job. */ YamlMapping getEnv() { result = this.lookup("env") } @@ -184,15 +227,17 @@ module Actions { */ class Step extends YamlNode, YamlMapping { int index; - Job job; + StepsContainer parent; - Step() { this = job.getSteps().getElement(index) } + Step() { this = parent.getSteps().getElement(index) } /** Gets the 0-based position of this step within the sequence of `steps`. */ int getIndex() { result = index } /** Gets the job this step belongs to. */ - Job getJob() { result = job } + Job getJob() { result = parent.(Job) } + + Runs getRuns() { result = parent.(Runs) } /** Gets the value of the `uses` field in this step, if any. */ Uses getUses() { result.getStep() = this } diff --git a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql index 056d7204551..696fe0a0186 100644 --- a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql +++ b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql @@ -103,70 +103,122 @@ private predicate isExternalUserControlledWorkflowRun(string context) { ) } -from YamlNode node, string injection, string context, Actions::On on +/** + * The env variable name in `${{ env.name }}` + * is where the external user controlled value was assigned to. + */ +bindingset[injection] +predicate isEnvTainted(Actions::Env env, string injection, string context) { + Actions::getEnvName(injection) = env.getName() and + Actions::getASimpleReferenceExpression(env) = context +} + +/** + * Holds if the `run` contains any expression interpolation `${{ e }}`. + * Sets `context` to the initial untrusted value assignment in case of `${{ env... }}` interpolation + */ +predicate isRunInjectable(Actions::Run run, string injection, string context) { + Actions::getASimpleReferenceExpression(run) = injection and + ( + injection = context + or + exists(Actions::Env env | isEnvTainted(env, injection, context)) + ) +} + +/** + * Holds if the `actions/github-script` contains any expression interpolation `${{ e }}`. + * Sets `context` to the initial untrusted value assignment in case of `${{ env... }}` interpolation + */ +predicate isScriptInjectable(Actions::Script script, string injection, string context) { + exists(Actions::Step step, Actions::Uses uses | + script.getWith().getStep() = step and + uses.getStep() = step and + uses.getGitHubRepository() = "actions/github-script" and + Actions::getASimpleReferenceExpression(script) = injection and + ( + injection = context + or + exists(Actions::Env env | isEnvTainted(env, injection, context)) + ) + ) +} + +from YamlNode node, string injection, string context where - ( - exists(Actions::Run run | - node = run and - Actions::getASimpleReferenceExpression(run) = injection and - run.getStep().getJob().getWorkflow().getOn() = on and - ( - injection = context - or - exists(Actions::Env env | - Actions::getEnvName(injection) = env.getName() and - Actions::getASimpleReferenceExpression(env) = context - ) + exists(Actions::Using u, Actions::Runs runs | + u.getValue() = "composite" and + u.getRuns() = runs and + ( + exists(Actions::Run run | + isRunInjectable(run, injection, context) and + node = run and + run.getStep().getRuns() = runs ) - ) - or - exists(Actions::Script script, Actions::Step step, Actions::Uses uses | - node = script and - script.getWith().getStep().getJob().getWorkflow().getOn() = on and - script.getWith().getStep() = step and - uses.getStep() = step and - uses.getGitHubRepository() = "actions/github-script" and - Actions::getASimpleReferenceExpression(script) = injection and - ( - injection = context - or - exists(Actions::Env env | - Actions::getEnvName(injection) = env.getName() and - Actions::getASimpleReferenceExpression(env) = context - ) + or + exists(Actions::Script script | + node = script and + script.getWith().getStep().getRuns() = runs and + isScriptInjectable(script, injection, context) ) + ) and + ( + isExternalUserControlledIssue(context) or + isExternalUserControlledPullRequest(context) or + isExternalUserControlledReview(context) or + isExternalUserControlledComment(context) or + isExternalUserControlledGollum(context) or + isExternalUserControlledCommit(context) or + isExternalUserControlledDiscussion(context) or + isExternalUserControlledWorkflowRun(context) + ) + ) + or + exists(Actions::On on | + ( + exists(Actions::Run run | + isRunInjectable(run, injection, context) and + node = run and + run.getStep().getJob().getWorkflow().getOn() = on + ) + or + exists(Actions::Script script | + node = script and + script.getWith().getStep().getJob().getWorkflow().getOn() = on and + isScriptInjectable(script, injection, context) + ) + ) and + ( + exists(on.getNode("issues")) and + isExternalUserControlledIssue(context) + or + exists(on.getNode("pull_request_target")) and + isExternalUserControlledPullRequest(context) + or + exists(on.getNode("pull_request_review")) and + (isExternalUserControlledReview(context) or isExternalUserControlledPullRequest(context)) + or + exists(on.getNode("pull_request_review_comment")) and + (isExternalUserControlledComment(context) or isExternalUserControlledPullRequest(context)) + or + exists(on.getNode("issue_comment")) and + (isExternalUserControlledComment(context) or isExternalUserControlledIssue(context)) + or + exists(on.getNode("gollum")) and + isExternalUserControlledGollum(context) + or + exists(on.getNode("push")) and + isExternalUserControlledCommit(context) + or + exists(on.getNode("discussion")) and + isExternalUserControlledDiscussion(context) + or + exists(on.getNode("discussion_comment")) and + (isExternalUserControlledDiscussion(context) or isExternalUserControlledComment(context)) + or + exists(on.getNode("workflow_run")) and + isExternalUserControlledWorkflowRun(context) ) - ) and - ( - exists(on.getNode("issues")) and - isExternalUserControlledIssue(context) - or - exists(on.getNode("pull_request_target")) and - isExternalUserControlledPullRequest(context) - or - exists(on.getNode("pull_request_review")) and - (isExternalUserControlledReview(context) or isExternalUserControlledPullRequest(context)) - or - exists(on.getNode("pull_request_review_comment")) and - (isExternalUserControlledComment(context) or isExternalUserControlledPullRequest(context)) - or - exists(on.getNode("issue_comment")) and - (isExternalUserControlledComment(context) or isExternalUserControlledIssue(context)) - or - exists(on.getNode("gollum")) and - isExternalUserControlledGollum(context) - or - exists(on.getNode("push")) and - isExternalUserControlledCommit(context) - or - exists(on.getNode("discussion")) and - isExternalUserControlledDiscussion(context) - or - exists(on.getNode("discussion_comment")) and - (isExternalUserControlledDiscussion(context) or isExternalUserControlledComment(context)) - or - exists(on.getNode("workflow_run")) and - isExternalUserControlledWorkflowRun(context) ) select node, "Potential injection from the ${ " + injection + diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected index 21248e7f5b2..76ad174e16a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected @@ -62,3 +62,4 @@ | .github/workflows/workflow_run.yml:14:12:14:77 | echo '$ ... ame }}' | Potential injection from the ${ github.event.workflow_run.head_commit.committer.name }, which may be controlled by an external user. | | .github/workflows/workflow_run.yml:15:12:15:62 | echo '$ ... nch }}' | Potential injection from the ${ github.event.workflow_run.head_branch }, which may be controlled by an external user. | | .github/workflows/workflow_run.yml:16:12:16:78 | echo '$ ... ion }}' | Potential injection from the ${ github.event.workflow_run.head_repository.description }, which may be controlled by an external user. | +| action.yml:14:12:14:50 | echo '$ ... ody }}' | Potential injection from the ${ github.event.comment.body }, which may be controlled by an external user. | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/action.yml b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/action.yml new file mode 100644 index 00000000000..e9a178cf3db --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/action.yml @@ -0,0 +1,14 @@ +name: 'test' +description: 'test' +branding: + icon: 'test' + color: 'test' +inputs: + test: + description: test + required: false + default: 'test' +runs: + using: "composite" + steps: + - run: echo '${{ github.event.comment.body }}' \ No newline at end of file From af83d8af415fb6bae60cad0d728201af20cd347a Mon Sep 17 00:00:00 2001 From: jarlob Date: Thu, 6 Apr 2023 22:59:09 +0200 Subject: [PATCH 026/870] Add comment --- javascript/ql/lib/semmle/javascript/Actions.qll | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/Actions.qll b/javascript/ql/lib/semmle/javascript/Actions.qll index 6faeeb15987..f0585b915b4 100644 --- a/javascript/ql/lib/semmle/javascript/Actions.qll +++ b/javascript/ql/lib/semmle/javascript/Actions.qll @@ -234,9 +234,10 @@ module Actions { /** Gets the 0-based position of this step within the sequence of `steps`. */ int getIndex() { result = index } - /** Gets the job this step belongs to. */ + /** Gets the `job` this step belongs to. The step may belong to a `job` in a workflow or `runs` in a custom action. */ Job getJob() { result = parent.(Job) } + /** Gets the `runs` this step belongs to. The step may belong to a `job` in a workflow or `runs` in a custom action. */ Runs getRuns() { result = parent.(Runs) } /** Gets the value of the `uses` field in this step, if any. */ From 3745ccceddaa0dd5dc2d34fa54f30bf08f9a89c1 Mon Sep 17 00:00:00 2001 From: jarlob Date: Thu, 6 Apr 2023 23:02:08 +0200 Subject: [PATCH 027/870] Fix warnings --- javascript/ql/lib/semmle/javascript/Actions.qll | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/Actions.qll b/javascript/ql/lib/semmle/javascript/Actions.qll index f0585b915b4..50b11b18df6 100644 --- a/javascript/ql/lib/semmle/javascript/Actions.qll +++ b/javascript/ql/lib/semmle/javascript/Actions.qll @@ -10,7 +10,7 @@ import javascript * See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions. */ module Actions { - /** A YAML node in a GitHub Actions workflow or custom action file. */ + /** A YAML node in a GitHub Actions workflow or a custom action file. */ private class Node extends YamlNode { Node() { exists(File f | @@ -235,10 +235,10 @@ module Actions { int getIndex() { result = index } /** Gets the `job` this step belongs to. The step may belong to a `job` in a workflow or `runs` in a custom action. */ - Job getJob() { result = parent.(Job) } + Job getJob() { result = parent } /** Gets the `runs` this step belongs to. The step may belong to a `job` in a workflow or `runs` in a custom action. */ - Runs getRuns() { result = parent.(Runs) } + Runs getRuns() { result = parent } /** Gets the value of the `uses` field in this step, if any. */ Uses getUses() { result.getStep() = this } From 7573c615f6dff90cb154285f1b8be0027ee87f48 Mon Sep 17 00:00:00 2001 From: jarlob Date: Thu, 6 Apr 2023 23:07:22 +0200 Subject: [PATCH 028/870] Fix warnings --- javascript/ql/src/Security/CWE-094/ExpressionInjection.ql | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql index 696fe0a0186..9e703d2d47c 100644 --- a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql +++ b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql @@ -104,7 +104,7 @@ private predicate isExternalUserControlledWorkflowRun(string context) { } /** - * The env variable name in `${{ env.name }}` + * Holds if the env variable name in `${{ env.name }}` * is where the external user controlled value was assigned to. */ bindingset[injection] @@ -122,7 +122,7 @@ predicate isRunInjectable(Actions::Run run, string injection, string context) { ( injection = context or - exists(Actions::Env env | isEnvTainted(env, injection, context)) + isEnvTainted(_, injection, context) ) } @@ -139,7 +139,7 @@ predicate isScriptInjectable(Actions::Script script, string injection, string co ( injection = context or - exists(Actions::Env env | isEnvTainted(env, injection, context)) + isEnvTainted(_, injection, context) ) ) } From 72b66ffe97f153902d2b6483fec3e0bb9196c3bb Mon Sep 17 00:00:00 2001 From: jarlob Date: Fri, 7 Apr 2023 10:01:14 +0200 Subject: [PATCH 029/870] Fix comment. --- .../ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql b/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql index a81c8c65d25..71171af6ead 100644 --- a/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql +++ b/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql @@ -53,7 +53,7 @@ class ProbableJob extends Actions::Job { } /** - * on: pull_request_target + * The `on: pull_request_target`. */ class ProbablePullRequestTarget extends Actions::On, YamlMappingLikeNode { ProbablePullRequestTarget() { From 8f1bccbb4d67c2d415c825d6b787f40e4b6c1269 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= Date: Thu, 13 Apr 2023 22:55:53 +0200 Subject: [PATCH 030/870] Apply suggestions from code review (comments) Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com> --- javascript/ql/lib/change-notes/2023-04-03-gh-injection.md | 2 +- javascript/ql/lib/semmle/javascript/Actions.qll | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/javascript/ql/lib/change-notes/2023-04-03-gh-injection.md b/javascript/ql/lib/change-notes/2023-04-03-gh-injection.md index 04a5a2f4b6f..cabcb0b828d 100644 --- a/javascript/ql/lib/change-notes/2023-04-03-gh-injection.md +++ b/javascript/ql/lib/change-notes/2023-04-03-gh-injection.md @@ -1,4 +1,4 @@ --- category: minorAnalysis --- -* Fixes and improvements in GitHub Actions Injection query. \ No newline at end of file +* Improved the queries for injection vulnerabilities in GitHub Actions workflows (`js/actions/command-injection` and `js/actions/pull-request-target`) and the associated library `semmle.javascript.Actions`. These now support steps defined in composite actions, in addition to steps defined in Actions workflow files. \ No newline at end of file diff --git a/javascript/ql/lib/semmle/javascript/Actions.qll b/javascript/ql/lib/semmle/javascript/Actions.qll index 50b11b18df6..e770920d78c 100644 --- a/javascript/ql/lib/semmle/javascript/Actions.qll +++ b/javascript/ql/lib/semmle/javascript/Actions.qll @@ -234,10 +234,10 @@ module Actions { /** Gets the 0-based position of this step within the sequence of `steps`. */ int getIndex() { result = index } - /** Gets the `job` this step belongs to. The step may belong to a `job` in a workflow or `runs` in a custom action. */ + /** Gets the `job` this step belongs to, if the step belongs to a `job` in a workflow. Has no result if the step belongs to `runs` in a custom action. */ Job getJob() { result = parent } - /** Gets the `runs` this step belongs to. The step may belong to a `job` in a workflow or `runs` in a custom action. */ + /** Gets the `runs` this step belongs to, if the step belongs to a `runs` in a custom action. Has no result if the step belongs to a `job` in a workflow. */ Runs getRuns() { result = parent } /** Gets the value of the `uses` field in this step, if any. */ From 6790318769e5170054a67c6f77382672a9d1bad2 Mon Sep 17 00:00:00 2001 From: jarlob Date: Thu, 13 Apr 2023 22:58:32 +0200 Subject: [PATCH 031/870] Added the composite word --- javascript/ql/lib/semmle/javascript/Actions.qll | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/Actions.qll b/javascript/ql/lib/semmle/javascript/Actions.qll index e770920d78c..009a195521a 100644 --- a/javascript/ql/lib/semmle/javascript/Actions.qll +++ b/javascript/ql/lib/semmle/javascript/Actions.qll @@ -10,7 +10,7 @@ import javascript * See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions. */ module Actions { - /** A YAML node in a GitHub Actions workflow or a custom action file. */ + /** A YAML node in a GitHub Actions workflow or a custom composite action file. */ private class Node extends YamlNode { Node() { exists(File f | @@ -25,7 +25,7 @@ module Actions { } /** - * A custom action. This is a mapping at the top level of an Actions YAML action file. + * A custom composite action. This is a mapping at the top level of an Actions YAML action file. * See https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions. */ class Action extends Node, YamlDocument, YamlMapping { @@ -34,7 +34,7 @@ module Actions { } /** - * An `runs` mapping in a custom action YAML. + * An `runs` mapping in a custom composite action YAML. * See https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runs */ class Runs extends StepsContainer { @@ -55,7 +55,7 @@ module Actions { } /** - * A `using` mapping in a custom action YAML. + * A `using` mapping in a custom composite action YAML. */ class Using extends YamlNode, YamlScalar { Runs runs; @@ -234,10 +234,10 @@ module Actions { /** Gets the 0-based position of this step within the sequence of `steps`. */ int getIndex() { result = index } - /** Gets the `job` this step belongs to, if the step belongs to a `job` in a workflow. Has no result if the step belongs to `runs` in a custom action. */ + /** Gets the `job` this step belongs to, if the step belongs to a `job` in a workflow. Has no result if the step belongs to `runs` in a custom composite action. */ Job getJob() { result = parent } - /** Gets the `runs` this step belongs to, if the step belongs to a `runs` in a custom action. Has no result if the step belongs to a `job` in a workflow. */ + /** Gets the `runs` this step belongs to, if the step belongs to a `runs` in a custom composite action. Has no result if the step belongs to a `job` in a workflow. */ Runs getRuns() { result = parent } /** Gets the value of the `uses` field in this step, if any. */ From 8234ea33f0ec39f4dc3978b4ca6f39a3a0eae83d Mon Sep 17 00:00:00 2001 From: jarlob Date: Thu, 13 Apr 2023 23:05:32 +0200 Subject: [PATCH 032/870] More details in the changes file. --- javascript/ql/lib/change-notes/2023-04-03-gh-injection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/lib/change-notes/2023-04-03-gh-injection.md b/javascript/ql/lib/change-notes/2023-04-03-gh-injection.md index cabcb0b828d..8cc9626e478 100644 --- a/javascript/ql/lib/change-notes/2023-04-03-gh-injection.md +++ b/javascript/ql/lib/change-notes/2023-04-03-gh-injection.md @@ -1,4 +1,4 @@ --- category: minorAnalysis --- -* Improved the queries for injection vulnerabilities in GitHub Actions workflows (`js/actions/command-injection` and `js/actions/pull-request-target`) and the associated library `semmle.javascript.Actions`. These now support steps defined in composite actions, in addition to steps defined in Actions workflow files. \ No newline at end of file +* Improved the queries for injection vulnerabilities in GitHub Actions workflows (`js/actions/command-injection` and `js/actions/pull-request-target`) and the associated library `semmle.javascript.Actions`. These now support steps defined in composite actions, in addition to steps defined in Actions workflow files. It supports more potentially untrusted input values. Additioanlly to the shell injections it now also detects injections in `actions/github-script`. It also detects simple injections from user controlled `${{ env.name }}`. Additionally to the `yml` extension now it also supports workflows with the `yaml` extension. \ No newline at end of file From a8a6913512e84bc0c047faf06d46292e6c841d24 Mon Sep 17 00:00:00 2001 From: jarlob Date: Thu, 13 Apr 2023 23:10:16 +0200 Subject: [PATCH 033/870] Simplify `exists` according to the warning --- .../src/experimental/Security/CWE-094/UntrustedCheckout.ql | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql b/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql index 71171af6ead..3f08f297c6a 100644 --- a/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql +++ b/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql @@ -57,10 +57,8 @@ class ProbableJob extends Actions::Job { */ class ProbablePullRequestTarget extends Actions::On, YamlMappingLikeNode { ProbablePullRequestTarget() { - exists(YamlNode prtNode | - // The `on:` is triggered on `pull_request_target` - this.getNode("pull_request_target") = prtNode - ) + // The `on:` is triggered on `pull_request_target` + exists(this.getNode("pull_request_target")) } } From 76834cbe53760aabe65a55905756cbf873a60888 Mon Sep 17 00:00:00 2001 From: jarlob Date: Thu, 13 Apr 2023 23:13:56 +0200 Subject: [PATCH 034/870] Rename GlobalEnv --- javascript/ql/lib/semmle/javascript/Actions.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/Actions.qll b/javascript/ql/lib/semmle/javascript/Actions.qll index 009a195521a..bb27c9af068 100644 --- a/javascript/ql/lib/semmle/javascript/Actions.qll +++ b/javascript/ql/lib/semmle/javascript/Actions.qll @@ -110,11 +110,11 @@ module Actions { } /** A workflow level 'global' environment variable. */ - class GlobalEnv extends Env { + class WorkflowEnvVariable extends Env { string envName; Workflow workflow; - GlobalEnv() { this = workflow.getEnv().lookup(envName) } + WorkflowEnvVariable() { this = workflow.getEnv().lookup(envName) } /** Gets the workflow this field belongs to. */ Workflow getWorkflow() { result = workflow } From dd52ef85cdcdf72857c3efc6386b7560ad0369e0 Mon Sep 17 00:00:00 2001 From: jarlob Date: Thu, 13 Apr 2023 23:41:31 +0200 Subject: [PATCH 035/870] Rename Env --- javascript/ql/lib/semmle/javascript/Actions.qll | 12 ++++++------ .../ql/src/Security/CWE-094/ExpressionInjection.ql | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/Actions.qll b/javascript/ql/lib/semmle/javascript/Actions.qll index bb27c9af068..da8e9cfcee3 100644 --- a/javascript/ql/lib/semmle/javascript/Actions.qll +++ b/javascript/ql/lib/semmle/javascript/Actions.qll @@ -104,13 +104,13 @@ module Actions { } /** An environment variable in 'env:' */ - abstract class Env extends YamlNode, YamlString { + abstract class EnvVariable extends YamlNode, YamlString { /** Gets the name of this environment variable. */ abstract string getName(); } /** A workflow level 'global' environment variable. */ - class WorkflowEnvVariable extends Env { + class WorkflowEnvVariable extends EnvVariable { string envName; Workflow workflow; @@ -124,11 +124,11 @@ module Actions { } /** A job level environment variable. */ - class JobEnv extends Env { + class JobEnvVariable extends EnvVariable { string envName; Job job; - JobEnv() { this = job.getEnv().lookup(envName) } + JobEnvVariable() { this = job.getEnv().lookup(envName) } /** Gets the job this field belongs to. */ Job getJob() { result = job } @@ -138,11 +138,11 @@ module Actions { } /** A step level environment variable. */ - class StepEnv extends Env { + class StepEnvVariable extends EnvVariable { string envName; Step step; - StepEnv() { this = step.getEnv().lookup(envName) } + StepEnvVariable() { this = step.getEnv().lookup(envName) } /** Gets the step this field belongs to. */ Step getStep() { result = step } diff --git a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql index 9e703d2d47c..9108b051966 100644 --- a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql +++ b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql @@ -108,7 +108,7 @@ private predicate isExternalUserControlledWorkflowRun(string context) { * is where the external user controlled value was assigned to. */ bindingset[injection] -predicate isEnvTainted(Actions::Env env, string injection, string context) { +predicate isEnvTainted(Actions::EnvVariable env, string injection, string context) { Actions::getEnvName(injection) = env.getName() and Actions::getASimpleReferenceExpression(env) = context } From 79218a3946723945f9a99b43626f9d0816ae9e18 Mon Sep 17 00:00:00 2001 From: jarlob Date: Fri, 14 Apr 2023 00:56:51 +0200 Subject: [PATCH 036/870] Use `YamlMapping` for modeling `Env` --- .../ql/lib/semmle/javascript/Actions.qll | 42 ++++++------------- .../Security/CWE-094/ExpressionInjection.ql | 13 +++--- 2 files changed, 21 insertions(+), 34 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/Actions.qll b/javascript/ql/lib/semmle/javascript/Actions.qll index da8e9cfcee3..efbcd8fd8f9 100644 --- a/javascript/ql/lib/semmle/javascript/Actions.qll +++ b/javascript/ql/lib/semmle/javascript/Actions.qll @@ -75,7 +75,7 @@ module Actions { YamlMapping getJobs() { result = this.lookup("jobs") } /** Gets the 'global' `env` mapping in this workflow. */ - YamlMapping getEnv() { result = this.lookup("env") } + WorkflowEnv getEnv() { result = this.lookup("env") } /** Gets the name of the workflow. */ string getName() { result = this.lookup("name").(YamlString).getValue() } @@ -103,52 +103,36 @@ module Actions { Workflow getWorkflow() { result = workflow } } - /** An environment variable in 'env:' */ - abstract class EnvVariable extends YamlNode, YamlString { - /** Gets the name of this environment variable. */ - abstract string getName(); - } + abstract class Env extends YamlNode, YamlMapping { } - /** A workflow level 'global' environment variable. */ - class WorkflowEnvVariable extends EnvVariable { - string envName; + /** A workflow level `env` mapping. */ + class WorkflowEnv extends Env { Workflow workflow; - WorkflowEnvVariable() { this = workflow.getEnv().lookup(envName) } + WorkflowEnv() { workflow.lookup("env") = this } /** Gets the workflow this field belongs to. */ Workflow getWorkflow() { result = workflow } - - /** Gets the name of this environment variable. */ - override string getName() { result = envName } } - /** A job level environment variable. */ - class JobEnvVariable extends EnvVariable { - string envName; + /** A job level `env` mapping. */ + class JobEnv extends Env { Job job; - JobEnvVariable() { this = job.getEnv().lookup(envName) } + JobEnv() { job.lookup("env") = this } /** Gets the job this field belongs to. */ Job getJob() { result = job } - - /** Gets the name of this environment variable. */ - override string getName() { result = envName } } - /** A step level environment variable. */ - class StepEnvVariable extends EnvVariable { - string envName; + /** A step level `env` mapping. */ + class StepEnv extends Env { Step step; - StepEnvVariable() { this = step.getEnv().lookup(envName) } + StepEnv() { step.lookup("env") = this } /** Gets the step this field belongs to. */ Step getStep() { result = step } - - /** Gets the name of this environment variable. */ - override string getName() { result = envName } } /** @@ -183,7 +167,7 @@ module Actions { Step getStep(int index) { result.getJob() = this and result.getIndex() = index } /** Gets the `env` mapping in this job. */ - YamlMapping getEnv() { result = this.lookup("env") } + JobEnv getEnv() { result = this.lookup("env") } /** Gets the workflow this job belongs to. */ Workflow getWorkflow() { result = workflow } @@ -250,7 +234,7 @@ module Actions { StepIf getIf() { result.getStep() = this } /** Gets the value of the `env` field in this step, if any. */ - YamlMapping getEnv() { result = this.lookup("env") } + StepEnv getEnv() { result = this.lookup("env") } /** Gets the ID of this step, if any. */ string getId() { result = this.lookup("id").(YamlString).getValue() } diff --git a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql index 9108b051966..91405d673f5 100644 --- a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql +++ b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql @@ -108,9 +108,12 @@ private predicate isExternalUserControlledWorkflowRun(string context) { * is where the external user controlled value was assigned to. */ bindingset[injection] -predicate isEnvTainted(Actions::EnvVariable env, string injection, string context) { - Actions::getEnvName(injection) = env.getName() and - Actions::getASimpleReferenceExpression(env) = context +predicate isEnvTainted(string injection, string context) { + exists(Actions::Env env, string envName, YamlString envValue | + envValue = env.lookup(envName) and + Actions::getEnvName(injection) = envName and + Actions::getASimpleReferenceExpression(envValue) = context + ) } /** @@ -122,7 +125,7 @@ predicate isRunInjectable(Actions::Run run, string injection, string context) { ( injection = context or - isEnvTainted(_, injection, context) + isEnvTainted(injection, context) ) } @@ -139,7 +142,7 @@ predicate isScriptInjectable(Actions::Script script, string injection, string co ( injection = context or - isEnvTainted(_, injection, context) + isEnvTainted(injection, context) ) ) } From 94065764d50952f191a83c6b3243d36de342b0ae Mon Sep 17 00:00:00 2001 From: jarlob Date: Fri, 14 Apr 2023 01:05:21 +0200 Subject: [PATCH 037/870] Make predicate name clearer --- .../ql/src/Security/CWE-094/ExpressionInjection.ql | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql index 91405d673f5..e04b8f7cb84 100644 --- a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql +++ b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql @@ -104,11 +104,11 @@ private predicate isExternalUserControlledWorkflowRun(string context) { } /** - * Holds if the env variable name in `${{ env.name }}` - * is where the external user controlled value was assigned to. + * Holds if environment name in the `injection` (in a form of `env.name`) + * is tainted by the `context` (in a form of `github.event.xxx.xxx`). */ bindingset[injection] -predicate isEnvTainted(string injection, string context) { +predicate isEnvInterpolationTainted(string injection, string context) { exists(Actions::Env env, string envName, YamlString envValue | envValue = env.lookup(envName) and Actions::getEnvName(injection) = envName and @@ -125,7 +125,7 @@ predicate isRunInjectable(Actions::Run run, string injection, string context) { ( injection = context or - isEnvTainted(injection, context) + isEnvInterpolationTainted(injection, context) ) } @@ -142,7 +142,7 @@ predicate isScriptInjectable(Actions::Script script, string injection, string co ( injection = context or - isEnvTainted(injection, context) + isEnvInterpolationTainted(injection, context) ) ) } From d80c541da640cac3f3d092f8bd14d6cf120c57fe Mon Sep 17 00:00:00 2001 From: jarlob Date: Fri, 14 Apr 2023 10:06:35 +0200 Subject: [PATCH 038/870] Encapsulate composite actions --- javascript/ql/lib/semmle/javascript/Actions.qll | 14 +++++++++++--- .../src/Security/CWE-094/ExpressionInjection.ql | 5 ++--- .../ExpressionInjection.expected | 2 +- .../{ => action1}/action.yml | 0 .../ExpressionInjection/action2/action.yml | 17 +++++++++++++++++ 5 files changed, 31 insertions(+), 7 deletions(-) rename javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/{ => action1}/action.yml (100%) create mode 100644 javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/action2/action.yml diff --git a/javascript/ql/lib/semmle/javascript/Actions.qll b/javascript/ql/lib/semmle/javascript/Actions.qll index efbcd8fd8f9..d57341da14e 100644 --- a/javascript/ql/lib/semmle/javascript/Actions.qll +++ b/javascript/ql/lib/semmle/javascript/Actions.qll @@ -28,7 +28,12 @@ module Actions { * A custom composite action. This is a mapping at the top level of an Actions YAML action file. * See https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions. */ - class Action extends Node, YamlDocument, YamlMapping { + class CompositeAction extends Node, YamlDocument, YamlMapping { + CompositeAction() { + this.getFile().getBaseName() = "action.yml" and + this.lookup("runs").(YamlMapping).lookup("using").(YamlScalar).getValue() = "composite" + } + /** Gets the `runs` mapping. */ Runs getRuns() { result = this.lookup("runs") } } @@ -38,12 +43,15 @@ module Actions { * See https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runs */ class Runs extends StepsContainer { - Action action; + CompositeAction action; Runs() { action.lookup("runs") = this } /** Gets the action that this `runs` mapping is in. */ - Action getAction() { result = action } + CompositeAction getAction() { result = action } + + /** Gets the `using` mapping. */ + Using getUsing() { result = this.lookup("using") } } /** diff --git a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql index e04b8f7cb84..bd16f60d070 100644 --- a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql +++ b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql @@ -149,9 +149,8 @@ predicate isScriptInjectable(Actions::Script script, string injection, string co from YamlNode node, string injection, string context where - exists(Actions::Using u, Actions::Runs runs | - u.getValue() = "composite" and - u.getRuns() = runs and + exists(Actions::CompositeAction action, Actions::Runs runs | + action.getRuns() = runs and ( exists(Actions::Run run | isRunInjectable(run, injection, context) and diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected index 76ad174e16a..a67188a976b 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected @@ -62,4 +62,4 @@ | .github/workflows/workflow_run.yml:14:12:14:77 | echo '$ ... ame }}' | Potential injection from the ${ github.event.workflow_run.head_commit.committer.name }, which may be controlled by an external user. | | .github/workflows/workflow_run.yml:15:12:15:62 | echo '$ ... nch }}' | Potential injection from the ${ github.event.workflow_run.head_branch }, which may be controlled by an external user. | | .github/workflows/workflow_run.yml:16:12:16:78 | echo '$ ... ion }}' | Potential injection from the ${ github.event.workflow_run.head_repository.description }, which may be controlled by an external user. | -| action.yml:14:12:14:50 | echo '$ ... ody }}' | Potential injection from the ${ github.event.comment.body }, which may be controlled by an external user. | +| action1/action.yml:14:12:14:50 | echo '$ ... ody }}' | Potential injection from the ${ github.event.comment.body }, which may be controlled by an external user. | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/action.yml b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/action1/action.yml similarity index 100% rename from javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/action.yml rename to javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/action1/action.yml diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/action2/action.yml b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/action2/action.yml new file mode 100644 index 00000000000..40fe0b31e6a --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/action2/action.yml @@ -0,0 +1,17 @@ +name: 'Hello World' +description: 'Greet someone and record the time' +inputs: + who-to-greet: # id of input + description: 'Who to greet' + required: true + default: 'World' +outputs: + time: # id of output + description: 'The time we greeted you' +runs: + using: 'docker' + steps: # this is actually invalid, used to test we correctly identify composite actions + - run: echo '${{ github.event.comment.body }}' + image: 'Dockerfile' + args: + - ${{ inputs.who-to-greet }} \ No newline at end of file From ac1c20673d68c56add036583c62d8014a540bfbe Mon Sep 17 00:00:00 2001 From: jarlob Date: Fri, 14 Apr 2023 10:23:49 +0200 Subject: [PATCH 039/870] Encapsulate github-script --- .../ql/lib/semmle/javascript/Actions.qll | 27 ++++++++++++++++--- .../Security/CWE-094/ExpressionInjection.ql | 21 ++++++--------- 2 files changed, 31 insertions(+), 17 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/Actions.qll b/javascript/ql/lib/semmle/javascript/Actions.qll index d57341da14e..4bb52cb87cb 100644 --- a/javascript/ql/lib/semmle/javascript/Actions.qll +++ b/javascript/ql/lib/semmle/javascript/Actions.qll @@ -368,13 +368,32 @@ module Actions { * script: console.log('${{ github.event.pull_request.head.sha }}') * ``` */ - class Script extends YamlNode, YamlString { - With with; + class GitHubScript extends YamlNode, YamlString { + GitHubScriptWith with; - Script() { with.lookup("script") = this } + GitHubScript() { with.lookup("script") = this } /** Gets the `with` field this field belongs to. */ - With getWith() { result = with } + GitHubScriptWith getWith() { result = with } + } + + /** + * A step that uses `actions/github-script` action. + */ + class GitHubScriptStep extends Step { + GitHubScriptStep() { this.getUses().getGitHubRepository() = "actions/github-script" } + } + + /** + * A `with:` field sibling to `uses: actions/github-script`. + */ + class GitHubScriptWith extends YamlNode, YamlMapping { + GitHubScriptStep step; + + GitHubScriptWith() { step.lookup("with") = this } + + /** Gets the step this field belongs to. */ + GitHubScriptStep getStep() { result = step } } /** diff --git a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql index bd16f60d070..5b11e1e5adf 100644 --- a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql +++ b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql @@ -133,17 +133,12 @@ predicate isRunInjectable(Actions::Run run, string injection, string context) { * Holds if the `actions/github-script` contains any expression interpolation `${{ e }}`. * Sets `context` to the initial untrusted value assignment in case of `${{ env... }}` interpolation */ -predicate isScriptInjectable(Actions::Script script, string injection, string context) { - exists(Actions::Step step, Actions::Uses uses | - script.getWith().getStep() = step and - uses.getStep() = step and - uses.getGitHubRepository() = "actions/github-script" and - Actions::getASimpleReferenceExpression(script) = injection and - ( - injection = context - or - isEnvInterpolationTainted(injection, context) - ) +predicate isScriptInjectable(Actions::GitHubScript script, string injection, string context) { + Actions::getASimpleReferenceExpression(script) = injection and + ( + injection = context + or + isEnvInterpolationTainted(injection, context) ) } @@ -158,7 +153,7 @@ where run.getStep().getRuns() = runs ) or - exists(Actions::Script script | + exists(Actions::GitHubScript script | node = script and script.getWith().getStep().getRuns() = runs and isScriptInjectable(script, injection, context) @@ -184,7 +179,7 @@ where run.getStep().getJob().getWorkflow().getOn() = on ) or - exists(Actions::Script script | + exists(Actions::GitHubScript script | node = script and script.getWith().getStep().getJob().getWorkflow().getOn() = on and isScriptInjectable(script, injection, context) From 3724ea1a7b57e4bac09595c893bb9f75ef223922 Mon Sep 17 00:00:00 2001 From: jarlob Date: Fri, 14 Apr 2023 10:49:56 +0200 Subject: [PATCH 040/870] Extract `where` parts into predicates --- .../Security/CWE-094/ExpressionInjection.ql | 62 +++++++++++-------- 1 file changed, 36 insertions(+), 26 deletions(-) diff --git a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql index 5b11e1e5adf..5b0ab7fa823 100644 --- a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql +++ b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql @@ -142,23 +142,45 @@ predicate isScriptInjectable(Actions::GitHubScript script, string injection, str ) } +/** + * Holds if the composite action contains untrusted expression interpolation `${{ e }}`. + */ +YamlNode getInjectableCompositeActionNode(Actions::Runs runs, string injection, string context) { + exists(Actions::Run run | + isRunInjectable(run, injection, context) and + result = run and + run.getStep().getRuns() = runs + ) + or + exists(Actions::GitHubScript script | + isScriptInjectable(script, injection, context) and + result = script and + script.getWith().getStep().getRuns() = runs + ) +} + +/** + * Holds if the workflow contains untrusted expression interpolation `${{ e }}`. + */ +YamlNode getInjectableWorkflowNode(Actions::On on, string injection, string context) { + exists(Actions::Run run | + isRunInjectable(run, injection, context) and + result = run and + run.getStep().getJob().getWorkflow().getOn() = on + ) + or + exists(Actions::GitHubScript script | + isScriptInjectable(script, injection, context) and + result = script and + script.getWith().getStep().getJob().getWorkflow().getOn() = on + ) +} + from YamlNode node, string injection, string context where exists(Actions::CompositeAction action, Actions::Runs runs | action.getRuns() = runs and - ( - exists(Actions::Run run | - isRunInjectable(run, injection, context) and - node = run and - run.getStep().getRuns() = runs - ) - or - exists(Actions::GitHubScript script | - node = script and - script.getWith().getStep().getRuns() = runs and - isScriptInjectable(script, injection, context) - ) - ) and + node = getInjectableCompositeActionNode(runs, injection, context) and ( isExternalUserControlledIssue(context) or isExternalUserControlledPullRequest(context) or @@ -172,19 +194,7 @@ where ) or exists(Actions::On on | - ( - exists(Actions::Run run | - isRunInjectable(run, injection, context) and - node = run and - run.getStep().getJob().getWorkflow().getOn() = on - ) - or - exists(Actions::GitHubScript script | - node = script and - script.getWith().getStep().getJob().getWorkflow().getOn() = on and - isScriptInjectable(script, injection, context) - ) - ) and + node = getInjectableWorkflowNode(on, injection, context) and ( exists(on.getNode("issues")) and isExternalUserControlledIssue(context) From 599ec5a3b441402d59d62ecdd14ebbc81f59f084 Mon Sep 17 00:00:00 2001 From: jarlob Date: Fri, 14 Apr 2023 10:52:11 +0200 Subject: [PATCH 041/870] Add comment --- javascript/ql/lib/semmle/javascript/Actions.qll | 1 + 1 file changed, 1 insertion(+) diff --git a/javascript/ql/lib/semmle/javascript/Actions.qll b/javascript/ql/lib/semmle/javascript/Actions.qll index 4bb52cb87cb..436369fc122 100644 --- a/javascript/ql/lib/semmle/javascript/Actions.qll +++ b/javascript/ql/lib/semmle/javascript/Actions.qll @@ -111,6 +111,7 @@ module Actions { Workflow getWorkflow() { result = workflow } } + /** A common class for `env` in workflow, job or step. */ abstract class Env extends YamlNode, YamlMapping { } /** A workflow level `env` mapping. */ From e9dee3a185f47c10472a04d8c7bcd0ac7eba39c1 Mon Sep 17 00:00:00 2001 From: jarlob Date: Fri, 14 Apr 2023 14:26:23 +0200 Subject: [PATCH 042/870] Move `actions/github-script` out of Actions.qll --- .../ql/lib/semmle/javascript/Actions.qll | 38 ---------------- .../Security/CWE-094/ExpressionInjection.ql | 44 +++++++++++++++++-- 2 files changed, 41 insertions(+), 41 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/Actions.qll b/javascript/ql/lib/semmle/javascript/Actions.qll index 436369fc122..4bbc9816007 100644 --- a/javascript/ql/lib/semmle/javascript/Actions.qll +++ b/javascript/ql/lib/semmle/javascript/Actions.qll @@ -359,44 +359,6 @@ module Actions { bindingset[name] string getEnvName(string name) { result = name.regexpCapture("env\\.([A-Za-z0-9_]+)", 1) } - /** - * A `script:` field within an Actions `with:` specific to `actions/github-script` action. - * - * For example: - * ``` - * uses: actions/github-script@v3 - * with: - * script: console.log('${{ github.event.pull_request.head.sha }}') - * ``` - */ - class GitHubScript extends YamlNode, YamlString { - GitHubScriptWith with; - - GitHubScript() { with.lookup("script") = this } - - /** Gets the `with` field this field belongs to. */ - GitHubScriptWith getWith() { result = with } - } - - /** - * A step that uses `actions/github-script` action. - */ - class GitHubScriptStep extends Step { - GitHubScriptStep() { this.getUses().getGitHubRepository() = "actions/github-script" } - } - - /** - * A `with:` field sibling to `uses: actions/github-script`. - */ - class GitHubScriptWith extends YamlNode, YamlMapping { - GitHubScriptStep step; - - GitHubScriptWith() { step.lookup("with") = this } - - /** Gets the step this field belongs to. */ - GitHubScriptStep getStep() { result = step } - } - /** * A `run` field within an Actions job step, which runs command-line programs using an operating system shell. * See https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsrun. diff --git a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql index 5b0ab7fa823..7e00c6f2ac7 100644 --- a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql +++ b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql @@ -15,6 +15,44 @@ import javascript import semmle.javascript.Actions +/** + * A `script:` field within an Actions `with:` specific to `actions/github-script` action. + * + * For example: + * ``` + * uses: actions/github-script@v3 + * with: + * script: console.log('${{ github.event.pull_request.head.sha }}') + * ``` + */ +class GitHubScript extends YamlNode, YamlString { + GitHubScriptWith with; + + GitHubScript() { with.lookup("script") = this } + + /** Gets the `with` field this field belongs to. */ + GitHubScriptWith getWith() { result = with } +} + +/** + * A step that uses `actions/github-script` action. + */ +class GitHubScriptStep extends Actions::Step { + GitHubScriptStep() { this.getUses().getGitHubRepository() = "actions/github-script" } +} + +/** + * A `with:` field sibling to `uses: actions/github-script`. + */ +class GitHubScriptWith extends YamlNode, YamlMapping { + GitHubScriptStep step; + + GitHubScriptWith() { step.lookup("with") = this } + + /** Gets the step this field belongs to. */ + GitHubScriptStep getStep() { result = step } +} + bindingset[context] private predicate isExternalUserControlledIssue(string context) { context.regexpMatch("\\bgithub\\s*\\.\\s*event\\s*\\.\\s*issue\\s*\\.\\s*title\\b") or @@ -133,7 +171,7 @@ predicate isRunInjectable(Actions::Run run, string injection, string context) { * Holds if the `actions/github-script` contains any expression interpolation `${{ e }}`. * Sets `context` to the initial untrusted value assignment in case of `${{ env... }}` interpolation */ -predicate isScriptInjectable(Actions::GitHubScript script, string injection, string context) { +predicate isScriptInjectable(GitHubScript script, string injection, string context) { Actions::getASimpleReferenceExpression(script) = injection and ( injection = context @@ -152,7 +190,7 @@ YamlNode getInjectableCompositeActionNode(Actions::Runs runs, string injection, run.getStep().getRuns() = runs ) or - exists(Actions::GitHubScript script | + exists(GitHubScript script | isScriptInjectable(script, injection, context) and result = script and script.getWith().getStep().getRuns() = runs @@ -169,7 +207,7 @@ YamlNode getInjectableWorkflowNode(Actions::On on, string injection, string cont run.getStep().getJob().getWorkflow().getOn() = on ) or - exists(Actions::GitHubScript script | + exists(GitHubScript script | isScriptInjectable(script, injection, context) and result = script and script.getWith().getStep().getJob().getWorkflow().getOn() = on From 6e9f54ef557d6d138e3ec744dd8b72ae39fcb0bf Mon Sep 17 00:00:00 2001 From: jarlob Date: Fri, 21 Apr 2023 19:03:38 +0200 Subject: [PATCH 043/870] Use double curly braces --- .../Security/CWE-094/ExpressionInjection.ql | 4 +- .../ExpressionInjection.expected | 130 +++++++++--------- 2 files changed, 67 insertions(+), 67 deletions(-) diff --git a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql index 7e00c6f2ac7..6c01edb330f 100644 --- a/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql +++ b/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql @@ -266,5 +266,5 @@ where ) ) select node, - "Potential injection from the ${ " + injection + - " }, which may be controlled by an external user." + "Potential injection from the ${{ " + injection + + " }}, which may be controlled by an external user." diff --git a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected index a67188a976b..414b9b9ae40 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/ExpressionInjection/ExpressionInjection.expected @@ -1,65 +1,65 @@ -| .github/workflows/comment_issue.yml:7:12:8:48 | \| | Potential injection from the ${ github.event.comment.body }, which may be controlled by an external user. | -| .github/workflows/comment_issue.yml:13:12:13:50 | echo '$ ... ody }}' | Potential injection from the ${ github.event.comment.body }, which may be controlled by an external user. | -| .github/workflows/comment_issue.yml:14:12:14:48 | echo '$ ... ody }}' | Potential injection from the ${ github.event.issue.body }, which may be controlled by an external user. | -| .github/workflows/comment_issue.yml:15:12:15:49 | echo '$ ... tle }}' | Potential injection from the ${ github.event.issue.title }, which may be controlled by an external user. | -| .github/workflows/comment_issue.yml:22:17:22:63 | console ... dy }}') | Potential injection from the ${ github.event.comment.body }, which may be controlled by an external user. | -| .github/workflows/comment_issue.yml:25:17:25:61 | console ... dy }}') | Potential injection from the ${ github.event.issue.body }, which may be controlled by an external user. | -| .github/workflows/comment_issue.yml:28:17:28:62 | console ... le }}') | Potential injection from the ${ github.event.issue.title }, which may be controlled by an external user. | -| .github/workflows/comment_issue_newline.yml:9:14:10:50 | \| | Potential injection from the ${ github.event.comment.body }, which may be controlled by an external user. | -| .github/workflows/discussion.yml:7:12:7:54 | echo '$ ... tle }}' | Potential injection from the ${ github.event.discussion.title }, which may be controlled by an external user. | -| .github/workflows/discussion.yml:8:12:8:53 | echo '$ ... ody }}' | Potential injection from the ${ github.event.discussion.body }, which may be controlled by an external user. | -| .github/workflows/discussion_comment.yml:7:12:7:54 | echo '$ ... tle }}' | Potential injection from the ${ github.event.discussion.title }, which may be controlled by an external user. | -| .github/workflows/discussion_comment.yml:8:12:8:53 | echo '$ ... ody }}' | Potential injection from the ${ github.event.discussion.body }, which may be controlled by an external user. | -| .github/workflows/discussion_comment.yml:9:12:9:50 | echo '$ ... ody }}' | Potential injection from the ${ github.event.comment.body }, which may be controlled by an external user. | -| .github/workflows/gollum.yml:7:12:7:52 | echo '$ ... tle }}' | Potential injection from the ${ github.event.pages[1].title }, which may be controlled by an external user. | -| .github/workflows/gollum.yml:8:12:8:53 | echo '$ ... tle }}' | Potential injection from the ${ github.event.pages[11].title }, which may be controlled by an external user. | -| .github/workflows/gollum.yml:9:12:9:56 | echo '$ ... ame }}' | Potential injection from the ${ github.event.pages[0].page_name }, which may be controlled by an external user. | -| .github/workflows/gollum.yml:10:12:10:59 | echo '$ ... ame }}' | Potential injection from the ${ github.event.pages[2222].page_name }, which may be controlled by an external user. | -| .github/workflows/issues.yaml:13:12:13:49 | echo '$ ... tle }}' | Potential injection from the ${ github.event.issue.title }, which may be controlled by an external user. | -| .github/workflows/issues.yaml:14:12:14:48 | echo '$ ... ody }}' | Potential injection from the ${ github.event.issue.body }, which may be controlled by an external user. | -| .github/workflows/issues.yaml:15:12:15:39 | echo '$ ... env }}' | Potential injection from the ${ env.global_env }, which may be controlled by an external user. | -| .github/workflows/issues.yaml:17:12:17:36 | echo '$ ... env }}' | Potential injection from the ${ env.job_env }, which may be controlled by an external user. | -| .github/workflows/issues.yaml:18:12:18:37 | echo '$ ... env }}' | Potential injection from the ${ env.step_env }, which may be controlled by an external user. | -| .github/workflows/pull_request_review.yml:7:12:7:56 | echo '$ ... tle }}' | Potential injection from the ${ github.event.pull_request.title }, which may be controlled by an external user. | -| .github/workflows/pull_request_review.yml:8:12:8:55 | echo '$ ... ody }}' | Potential injection from the ${ github.event.pull_request.body }, which may be controlled by an external user. | -| .github/workflows/pull_request_review.yml:9:12:9:61 | echo '$ ... bel }}' | Potential injection from the ${ github.event.pull_request.head.label }, which may be controlled by an external user. | -| .github/workflows/pull_request_review.yml:10:12:10:75 | echo '$ ... nch }}' | Potential injection from the ${ github.event.pull_request.head.repo.default_branch }, which may be controlled by an external user. | -| .github/workflows/pull_request_review.yml:11:12:11:72 | echo '$ ... ion }}' | Potential injection from the ${ github.event.pull_request.head.repo.description }, which may be controlled by an external user. | -| .github/workflows/pull_request_review.yml:12:12:12:69 | echo '$ ... age }}' | Potential injection from the ${ github.event.pull_request.head.repo.homepage }, which may be controlled by an external user. | -| .github/workflows/pull_request_review.yml:13:12:13:59 | echo '$ ... ref }}' | Potential injection from the ${ github.event.pull_request.head.ref }, which may be controlled by an external user. | -| .github/workflows/pull_request_review.yml:14:12:14:49 | echo '$ ... ody }}' | Potential injection from the ${ github.event.review.body }, which may be controlled by an external user. | -| .github/workflows/pull_request_review_comment.yml:7:12:7:56 | echo '$ ... tle }}' | Potential injection from the ${ github.event.pull_request.title }, which may be controlled by an external user. | -| .github/workflows/pull_request_review_comment.yml:8:12:8:55 | echo '$ ... ody }}' | Potential injection from the ${ github.event.pull_request.body }, which may be controlled by an external user. | -| .github/workflows/pull_request_review_comment.yml:9:12:9:61 | echo '$ ... bel }}' | Potential injection from the ${ github.event.pull_request.head.label }, which may be controlled by an external user. | -| .github/workflows/pull_request_review_comment.yml:10:12:10:75 | echo '$ ... nch }}' | Potential injection from the ${ github.event.pull_request.head.repo.default_branch }, which may be controlled by an external user. | -| .github/workflows/pull_request_review_comment.yml:11:12:11:72 | echo '$ ... ion }}' | Potential injection from the ${ github.event.pull_request.head.repo.description }, which may be controlled by an external user. | -| .github/workflows/pull_request_review_comment.yml:12:12:12:69 | echo '$ ... age }}' | Potential injection from the ${ github.event.pull_request.head.repo.homepage }, which may be controlled by an external user. | -| .github/workflows/pull_request_review_comment.yml:13:12:13:59 | echo '$ ... ref }}' | Potential injection from the ${ github.event.pull_request.head.ref }, which may be controlled by an external user. | -| .github/workflows/pull_request_review_comment.yml:14:12:14:50 | echo '$ ... ody }}' | Potential injection from the ${ github.event.comment.body }, which may be controlled by an external user. | -| .github/workflows/pull_request_target.yml:9:12:9:56 | echo '$ ... tle }}' | Potential injection from the ${ github.event.pull_request.title }, which may be controlled by an external user. | -| .github/workflows/pull_request_target.yml:10:12:10:55 | echo '$ ... ody }}' | Potential injection from the ${ github.event.pull_request.body }, which may be controlled by an external user. | -| .github/workflows/pull_request_target.yml:11:12:11:61 | echo '$ ... bel }}' | Potential injection from the ${ github.event.pull_request.head.label }, which may be controlled by an external user. | -| .github/workflows/pull_request_target.yml:12:12:12:75 | echo '$ ... nch }}' | Potential injection from the ${ github.event.pull_request.head.repo.default_branch }, which may be controlled by an external user. | -| .github/workflows/pull_request_target.yml:13:12:13:72 | echo '$ ... ion }}' | Potential injection from the ${ github.event.pull_request.head.repo.description }, which may be controlled by an external user. | -| .github/workflows/pull_request_target.yml:14:12:14:69 | echo '$ ... age }}' | Potential injection from the ${ github.event.pull_request.head.repo.homepage }, which may be controlled by an external user. | -| .github/workflows/pull_request_target.yml:15:12:15:59 | echo '$ ... ref }}' | Potential injection from the ${ github.event.pull_request.head.ref }, which may be controlled by an external user. | -| .github/workflows/pull_request_target.yml:16:12:16:40 | echo '$ ... ref }}' | Potential injection from the ${ github.head_ref }, which may be controlled by an external user. | -| .github/workflows/push.yml:7:12:7:57 | echo '$ ... age }}' | Potential injection from the ${ github.event.commits[11].message }, which may be controlled by an external user. | -| .github/workflows/push.yml:8:12:8:62 | echo '$ ... ail }}' | Potential injection from the ${ github.event.commits[11].author.email }, which may be controlled by an external user. | -| .github/workflows/push.yml:9:12:9:61 | echo '$ ... ame }}' | Potential injection from the ${ github.event.commits[11].author.name }, which may be controlled by an external user. | -| .github/workflows/push.yml:10:12:10:57 | echo '$ ... age }}' | Potential injection from the ${ github.event.head_commit.message }, which may be controlled by an external user. | -| .github/workflows/push.yml:11:12:11:62 | echo '$ ... ail }}' | Potential injection from the ${ github.event.head_commit.author.email }, which may be controlled by an external user. | -| .github/workflows/push.yml:12:12:12:61 | echo '$ ... ame }}' | Potential injection from the ${ github.event.head_commit.author.name }, which may be controlled by an external user. | -| .github/workflows/push.yml:13:12:13:65 | echo '$ ... ail }}' | Potential injection from the ${ github.event.head_commit.committer.email }, which may be controlled by an external user. | -| .github/workflows/push.yml:14:12:14:64 | echo '$ ... ame }}' | Potential injection from the ${ github.event.head_commit.committer.name }, which may be controlled by an external user. | -| .github/workflows/push.yml:15:12:15:65 | echo '$ ... ail }}' | Potential injection from the ${ github.event.commits[11].committer.email }, which may be controlled by an external user. | -| .github/workflows/push.yml:16:12:16:64 | echo '$ ... ame }}' | Potential injection from the ${ github.event.commits[11].committer.name }, which may be controlled by an external user. | -| .github/workflows/workflow_run.yml:9:12:9:64 | echo '$ ... tle }}' | Potential injection from the ${ github.event.workflow_run.display_title }, which may be controlled by an external user. | -| .github/workflows/workflow_run.yml:10:12:10:70 | echo '$ ... age }}' | Potential injection from the ${ github.event.workflow_run.head_commit.message }, which may be controlled by an external user. | -| .github/workflows/workflow_run.yml:11:12:11:75 | echo '$ ... ail }}' | Potential injection from the ${ github.event.workflow_run.head_commit.author.email }, which may be controlled by an external user. | -| .github/workflows/workflow_run.yml:12:12:12:74 | echo '$ ... ame }}' | Potential injection from the ${ github.event.workflow_run.head_commit.author.name }, which may be controlled by an external user. | -| .github/workflows/workflow_run.yml:13:12:13:78 | echo '$ ... ail }}' | Potential injection from the ${ github.event.workflow_run.head_commit.committer.email }, which may be controlled by an external user. | -| .github/workflows/workflow_run.yml:14:12:14:77 | echo '$ ... ame }}' | Potential injection from the ${ github.event.workflow_run.head_commit.committer.name }, which may be controlled by an external user. | -| .github/workflows/workflow_run.yml:15:12:15:62 | echo '$ ... nch }}' | Potential injection from the ${ github.event.workflow_run.head_branch }, which may be controlled by an external user. | -| .github/workflows/workflow_run.yml:16:12:16:78 | echo '$ ... ion }}' | Potential injection from the ${ github.event.workflow_run.head_repository.description }, which may be controlled by an external user. | -| action1/action.yml:14:12:14:50 | echo '$ ... ody }}' | Potential injection from the ${ github.event.comment.body }, which may be controlled by an external user. | +| .github/workflows/comment_issue.yml:7:12:8:48 | \| | Potential injection from the ${{ github.event.comment.body }}, which may be controlled by an external user. | +| .github/workflows/comment_issue.yml:13:12:13:50 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.comment.body }}, which may be controlled by an external user. | +| .github/workflows/comment_issue.yml:14:12:14:48 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.issue.body }}, which may be controlled by an external user. | +| .github/workflows/comment_issue.yml:15:12:15:49 | echo '$ ... tle }}' | Potential injection from the ${{ github.event.issue.title }}, which may be controlled by an external user. | +| .github/workflows/comment_issue.yml:22:17:22:63 | console ... dy }}') | Potential injection from the ${{ github.event.comment.body }}, which may be controlled by an external user. | +| .github/workflows/comment_issue.yml:25:17:25:61 | console ... dy }}') | Potential injection from the ${{ github.event.issue.body }}, which may be controlled by an external user. | +| .github/workflows/comment_issue.yml:28:17:28:62 | console ... le }}') | Potential injection from the ${{ github.event.issue.title }}, which may be controlled by an external user. | +| .github/workflows/comment_issue_newline.yml:9:14:10:50 | \| | Potential injection from the ${{ github.event.comment.body }}, which may be controlled by an external user. | +| .github/workflows/discussion.yml:7:12:7:54 | echo '$ ... tle }}' | Potential injection from the ${{ github.event.discussion.title }}, which may be controlled by an external user. | +| .github/workflows/discussion.yml:8:12:8:53 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.discussion.body }}, which may be controlled by an external user. | +| .github/workflows/discussion_comment.yml:7:12:7:54 | echo '$ ... tle }}' | Potential injection from the ${{ github.event.discussion.title }}, which may be controlled by an external user. | +| .github/workflows/discussion_comment.yml:8:12:8:53 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.discussion.body }}, which may be controlled by an external user. | +| .github/workflows/discussion_comment.yml:9:12:9:50 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.comment.body }}, which may be controlled by an external user. | +| .github/workflows/gollum.yml:7:12:7:52 | echo '$ ... tle }}' | Potential injection from the ${{ github.event.pages[1].title }}, which may be controlled by an external user. | +| .github/workflows/gollum.yml:8:12:8:53 | echo '$ ... tle }}' | Potential injection from the ${{ github.event.pages[11].title }}, which may be controlled by an external user. | +| .github/workflows/gollum.yml:9:12:9:56 | echo '$ ... ame }}' | Potential injection from the ${{ github.event.pages[0].page_name }}, which may be controlled by an external user. | +| .github/workflows/gollum.yml:10:12:10:59 | echo '$ ... ame }}' | Potential injection from the ${{ github.event.pages[2222].page_name }}, which may be controlled by an external user. | +| .github/workflows/issues.yaml:13:12:13:49 | echo '$ ... tle }}' | Potential injection from the ${{ github.event.issue.title }}, which may be controlled by an external user. | +| .github/workflows/issues.yaml:14:12:14:48 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.issue.body }}, which may be controlled by an external user. | +| .github/workflows/issues.yaml:15:12:15:39 | echo '$ ... env }}' | Potential injection from the ${{ env.global_env }}, which may be controlled by an external user. | +| .github/workflows/issues.yaml:17:12:17:36 | echo '$ ... env }}' | Potential injection from the ${{ env.job_env }}, which may be controlled by an external user. | +| .github/workflows/issues.yaml:18:12:18:37 | echo '$ ... env }}' | Potential injection from the ${{ env.step_env }}, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:7:12:7:56 | echo '$ ... tle }}' | Potential injection from the ${{ github.event.pull_request.title }}, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:8:12:8:55 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.pull_request.body }}, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:9:12:9:61 | echo '$ ... bel }}' | Potential injection from the ${{ github.event.pull_request.head.label }}, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:10:12:10:75 | echo '$ ... nch }}' | Potential injection from the ${{ github.event.pull_request.head.repo.default_branch }}, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:11:12:11:72 | echo '$ ... ion }}' | Potential injection from the ${{ github.event.pull_request.head.repo.description }}, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:12:12:12:69 | echo '$ ... age }}' | Potential injection from the ${{ github.event.pull_request.head.repo.homepage }}, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:13:12:13:59 | echo '$ ... ref }}' | Potential injection from the ${{ github.event.pull_request.head.ref }}, which may be controlled by an external user. | +| .github/workflows/pull_request_review.yml:14:12:14:49 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.review.body }}, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:7:12:7:56 | echo '$ ... tle }}' | Potential injection from the ${{ github.event.pull_request.title }}, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:8:12:8:55 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.pull_request.body }}, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:9:12:9:61 | echo '$ ... bel }}' | Potential injection from the ${{ github.event.pull_request.head.label }}, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:10:12:10:75 | echo '$ ... nch }}' | Potential injection from the ${{ github.event.pull_request.head.repo.default_branch }}, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:11:12:11:72 | echo '$ ... ion }}' | Potential injection from the ${{ github.event.pull_request.head.repo.description }}, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:12:12:12:69 | echo '$ ... age }}' | Potential injection from the ${{ github.event.pull_request.head.repo.homepage }}, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:13:12:13:59 | echo '$ ... ref }}' | Potential injection from the ${{ github.event.pull_request.head.ref }}, which may be controlled by an external user. | +| .github/workflows/pull_request_review_comment.yml:14:12:14:50 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.comment.body }}, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:9:12:9:56 | echo '$ ... tle }}' | Potential injection from the ${{ github.event.pull_request.title }}, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:10:12:10:55 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.pull_request.body }}, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:11:12:11:61 | echo '$ ... bel }}' | Potential injection from the ${{ github.event.pull_request.head.label }}, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:12:12:12:75 | echo '$ ... nch }}' | Potential injection from the ${{ github.event.pull_request.head.repo.default_branch }}, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:13:12:13:72 | echo '$ ... ion }}' | Potential injection from the ${{ github.event.pull_request.head.repo.description }}, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:14:12:14:69 | echo '$ ... age }}' | Potential injection from the ${{ github.event.pull_request.head.repo.homepage }}, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:15:12:15:59 | echo '$ ... ref }}' | Potential injection from the ${{ github.event.pull_request.head.ref }}, which may be controlled by an external user. | +| .github/workflows/pull_request_target.yml:16:12:16:40 | echo '$ ... ref }}' | Potential injection from the ${{ github.head_ref }}, which may be controlled by an external user. | +| .github/workflows/push.yml:7:12:7:57 | echo '$ ... age }}' | Potential injection from the ${{ github.event.commits[11].message }}, which may be controlled by an external user. | +| .github/workflows/push.yml:8:12:8:62 | echo '$ ... ail }}' | Potential injection from the ${{ github.event.commits[11].author.email }}, which may be controlled by an external user. | +| .github/workflows/push.yml:9:12:9:61 | echo '$ ... ame }}' | Potential injection from the ${{ github.event.commits[11].author.name }}, which may be controlled by an external user. | +| .github/workflows/push.yml:10:12:10:57 | echo '$ ... age }}' | Potential injection from the ${{ github.event.head_commit.message }}, which may be controlled by an external user. | +| .github/workflows/push.yml:11:12:11:62 | echo '$ ... ail }}' | Potential injection from the ${{ github.event.head_commit.author.email }}, which may be controlled by an external user. | +| .github/workflows/push.yml:12:12:12:61 | echo '$ ... ame }}' | Potential injection from the ${{ github.event.head_commit.author.name }}, which may be controlled by an external user. | +| .github/workflows/push.yml:13:12:13:65 | echo '$ ... ail }}' | Potential injection from the ${{ github.event.head_commit.committer.email }}, which may be controlled by an external user. | +| .github/workflows/push.yml:14:12:14:64 | echo '$ ... ame }}' | Potential injection from the ${{ github.event.head_commit.committer.name }}, which may be controlled by an external user. | +| .github/workflows/push.yml:15:12:15:65 | echo '$ ... ail }}' | Potential injection from the ${{ github.event.commits[11].committer.email }}, which may be controlled by an external user. | +| .github/workflows/push.yml:16:12:16:64 | echo '$ ... ame }}' | Potential injection from the ${{ github.event.commits[11].committer.name }}, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:9:12:9:64 | echo '$ ... tle }}' | Potential injection from the ${{ github.event.workflow_run.display_title }}, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:10:12:10:70 | echo '$ ... age }}' | Potential injection from the ${{ github.event.workflow_run.head_commit.message }}, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:11:12:11:75 | echo '$ ... ail }}' | Potential injection from the ${{ github.event.workflow_run.head_commit.author.email }}, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:12:12:12:74 | echo '$ ... ame }}' | Potential injection from the ${{ github.event.workflow_run.head_commit.author.name }}, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:13:12:13:78 | echo '$ ... ail }}' | Potential injection from the ${{ github.event.workflow_run.head_commit.committer.email }}, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:14:12:14:77 | echo '$ ... ame }}' | Potential injection from the ${{ github.event.workflow_run.head_commit.committer.name }}, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:15:12:15:62 | echo '$ ... nch }}' | Potential injection from the ${{ github.event.workflow_run.head_branch }}, which may be controlled by an external user. | +| .github/workflows/workflow_run.yml:16:12:16:78 | echo '$ ... ion }}' | Potential injection from the ${{ github.event.workflow_run.head_repository.description }}, which may be controlled by an external user. | +| action1/action.yml:14:12:14:50 | echo '$ ... ody }}' | Potential injection from the ${{ github.event.comment.body }}, which may be controlled by an external user. | From 5f0d334b8dfb3dac217ca99d9a77912f6f211c81 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 17 Apr 2023 10:59:28 +0100 Subject: [PATCH 044/870] Swift: Add basic-query-for-swift-code.rst. --- .../basic-query-for-swift-code.rst | 130 ++++++++++++++++++ .../codeql-for-swift.rst | 13 ++ docs/codeql/codeql-language-guides/index.rst | 1 + 3 files changed, 144 insertions(+) create mode 100644 docs/codeql/codeql-language-guides/basic-query-for-swift-code.rst create mode 100644 docs/codeql/codeql-language-guides/codeql-for-swift.rst diff --git a/docs/codeql/codeql-language-guides/basic-query-for-swift-code.rst b/docs/codeql/codeql-language-guides/basic-query-for-swift-code.rst new file mode 100644 index 00000000000..41208d7e6a5 --- /dev/null +++ b/docs/codeql/codeql-language-guides/basic-query-for-swift-code.rst @@ -0,0 +1,130 @@ +.. _basic-query-for-swift-code: + +Basic query for Swift code +========================= + +Learn to write and run a simple CodeQL query using Visual Studio Code with the CodeQL extension. + +.. include:: ../reusables/vs-code-basic-instructions/setup-to-run-queries.rst + +About the query +--------------- + +The query we're going to run performs a basic search of the code for ``if`` expressions that are redundant, in the sense that they have an empty ``then`` branch. For example, code such as: + +.. code-block:: swift + + if error { + // we should handle the error + } + +.. include:: ../reusables/vs-code-basic-instructions/find-database.rst + +Running a quick query +--------------------- + +.. include:: ../reusables/vs-code-basic-instructions/run-quick-query-1.rst + +#. In the quick query tab, delete the content and paste in the following query. + + .. code-block:: ql + + import swift + + from IfStmt ifStmt + where ifStmt.getThen().(BraceStmt).getNumberOfElements() = 0 + select ifStmt, "This 'if' statement is redundant." + +.. include:: ../reusables/vs-code-basic-instructions/run-quick-query-2.rst + +.. image:: ../images/codeql-for-visual-studio-code/basic-swift-query-results-1.png + :align: center + +If any matching code is found, click a link in the ``ifStmt`` column to open the file and highlight the matching ``if`` statement. + +.. image:: ../images/codeql-for-visual-studio-code/basic-swift-query-results-2.png + :align: center + +.. include:: ../reusables/vs-code-basic-instructions/note-store-quick-query.rst + +About the query structure +~~~~~~~~~~~~~~~~~~~~~~~~~ + +After the initial ``import`` statement, this simple query comprises three parts that serve similar purposes to the FROM, WHERE, and SELECT parts of an SQL query. + ++------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ +| Query part | Purpose | Details | ++==================================================================+===================================================================================================================+=================================================================================================+ +| ``import swift`` | Imports the standard CodeQL AST libraries for Swift. | Every query begins with one or more ``import`` statements. | ++------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ +| ``from IfStmt ifStmt`` | Defines the variables for the query. | We use: an ``IfStmt`` variable for ``if`` statements. | +| | Declarations are of the form: | | +| | `` `` | | ++------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ +| ``where ifStmt.getThen().(BraceStmt).getNumberOfElements() = 0`` | Defines a condition on the variables. | ``ifStmt.getThen()``: gets the ``then`` branch of the ``if`` expression. | +| | | ``.(BraceStmt)``: requires that the ``then`` branch is a brace statement (``{ }``). | +| | | ``.getNumberOfElements() = 0``: requires that the brace statement contains no child statements. | ++------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ +| ``select ifStmt, "This 'if' statement is redundant."`` | Defines what to report for each match. | Reports the resulting ``if`` statement with a string that explains the problem. | +| | | | +| | ``select`` statements for queries that are used to find instances of poor coding practice are always in the form: | | +| | ``select , ""`` | | ++------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ + +Extend the query +---------------- + +Query writing is an inherently iterative process. You write a simple query and then, when you run it, you discover examples that you had not previously considered, or opportunities for improvement. + +Remove false positive results +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Browsing the results of our basic query shows that it could be improved. Among the results you are likely to find examples of ``if`` statements with an ``else`` branch, where an empty ``then`` branch does serve a purpose. For example: + +.. code-block:: swift + + if (option == "-verbose") { + // nothing to do - handled earlier + } else { + handleError("unrecognized option") + } + +In this case, identifying the ``if`` statement with the empty ``then`` branch as redundant is a false positive. One solution to this is to modify the query to select ``if`` statements where both the ``then`` and ``else`` branches are missing. + +To exclude ``if`` statements that have an ``else`` branch: + +#. Add the following to the where clause: + + .. code-block:: ql + + and not exists(ifStmt.getElse()) + + The ``where`` clause is now: + + .. code-block:: ql + + where + ifStmt.getThen().(BraceStmt).getNumberOfElements() = 0 and + not exists(ifStmt.getElse()) + +#. Re-run the query. + + There are now fewer results because ``if`` expressions with an ``else`` branch are no longer included. + +Further reading +--------------- + +.. include:: ../reusables/swift-further-reading.rst +.. include:: ../reusables/codeql-ref-tools-further-reading.rst + +.. Article-specific substitutions for the reusables used in docs/codeql/reusables/vs-code-basic-instructions + +.. |language-text| replace:: Swift + +.. |language-code| replace:: ``swift`` + +.. |example-url| replace:: https://github.com/alamofire/alamofire + +.. |image-quick-query| image:: ../images/codeql-for-visual-studio-code/quick-query-tab-swift.png + +.. |result-col-1| replace:: The first column corresponds to the expression ``ifStmt`` and is linked to the location in the source code of the project where ``ifStmt`` occurs. diff --git a/docs/codeql/codeql-language-guides/codeql-for-swift.rst b/docs/codeql/codeql-language-guides/codeql-for-swift.rst new file mode 100644 index 00000000000..ccb3499b727 --- /dev/null +++ b/docs/codeql/codeql-language-guides/codeql-for-swift.rst @@ -0,0 +1,13 @@ +.. _codeql-for-swift: + +CodeQL for Swift +=============== + +Experiment and learn how to write effective and efficient queries for CodeQL databases generated from Swift codebases. + +.. toctree:: + :hidden: + + basic-query-for-swift-code + +- :doc:`Basic query for Swift code `: Learn to write and run a simple CodeQL query. diff --git a/docs/codeql/codeql-language-guides/index.rst b/docs/codeql/codeql-language-guides/index.rst index 79f3f79ac54..2b4fabc01a7 100644 --- a/docs/codeql/codeql-language-guides/index.rst +++ b/docs/codeql/codeql-language-guides/index.rst @@ -14,3 +14,4 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat codeql-for-javascript codeql-for-python codeql-for-ruby + codeql-for-swift From 73b712a8c9ff96fefa07c840f684e31eb84940a9 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 25 Apr 2023 07:03:19 +0100 Subject: [PATCH 045/870] Allow data flow through varargs parameters --- go/ql/lib/semmle/go/Expr.qll | 12 +++++++ .../go/dataflow/internal/ContainerFlow.qll | 8 +++-- .../go/dataflow/internal/DataFlowNodes.qll | 36 +++++++++++++++++++ 3 files changed, 54 insertions(+), 2 deletions(-) diff --git a/go/ql/lib/semmle/go/Expr.qll b/go/ql/lib/semmle/go/Expr.qll index 439c19036e3..ad84b50ff0e 100644 --- a/go/ql/lib/semmle/go/Expr.qll +++ b/go/ql/lib/semmle/go/Expr.qll @@ -857,6 +857,18 @@ class CallExpr extends CallOrConversionExpr { /** Gets the number of argument expressions of this call. */ int getNumArgument() { result = count(this.getAnArgument()) } + /** + * Gets an argument with an ellipsis after it which is passed to a varargs + * parameter, as in `f(x...)`. + * + * Note that if the varargs parameter is `...T` then the type of the argument + * must be assignable to the slice type `[]T`. + */ + Expr getExplicitVarargsArgument() { + this.hasEllipsis() and + result = this.getArgument(this.getNumArgument() - 1) + } + /** * Gets the name of the invoked function, method or variable if it can be * determined syntactically. diff --git a/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll b/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll index b6c1005daac..9065cfdae11 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll @@ -10,7 +10,7 @@ private import semmle.go.dataflow.ExternalFlow * Holds if the step from `node1` to `node2` stores a value in an array, a * slice, a collection or a map. Thus, `node2` references an object with a * content `c` that contains the value of `node1`. This covers array - * assignments and initializers as well as implicit array creations for + * assignments and initializers as well as implicit slice creations for * varargs. */ predicate containerStoreStep(Node node1, Node node2, Content c) { @@ -20,7 +20,11 @@ predicate containerStoreStep(Node node1, Node node2, Content c) { node2.getType() instanceof ArrayType or node2.getType() instanceof SliceType ) and - exists(Write w | w.writesElement(node2, _, node1)) + ( + exists(Write w | w.writesElement(node2, _, node1)) + or + node1 = node2.(ImplicitVarargsSlice).getCallNode().getImplicitVarargsArgument(_) + ) ) or c instanceof CollectionContent and diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll index 86c3651b0d3..5273d617741 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll @@ -10,6 +10,7 @@ private newtype TNode = MkInstructionNode(IR::Instruction insn) or MkSsaNode(SsaDefinition ssa) or MkGlobalFunctionNode(Function f) or + MkImplicitVarargsSlice(CallExpr c) { c.getTarget().isVariadic() and not c.hasEllipsis() } or MkSummarizedParameterNode(SummarizedCallable c, int i) { FlowSummaryImpl::Private::summaryParameterNodeRange(c, i) } or @@ -426,6 +427,41 @@ module Public { override ResultNode getAResult() { result.getRoot() = this.getExpr() } } + /** + * An implicit varargs slice creation expression. + * + * A variadic function like `f(t1 T1, ..., Tm tm, A... x)` actually sees the + * varargs parameter as a slice `[]A`. A call `f(t1, ..., tm, x1, ..., xn)` + * desugars to `f(t1, ..., tm, []A{x1, ..., xn})`, and this node corresponds + * to this implicit slice creation. + */ + class ImplicitVarargsSlice extends Node, MkImplicitVarargsSlice { + CallNode call; + + ImplicitVarargsSlice() { this = MkImplicitVarargsSlice(call.getCall()) } + + override ControlFlow::Root getRoot() { result = call.getRoot() } + + /** Gets the call containing this varargs slice creation argument. */ + CallNode getCallNode() { result = call } + + override Type getType() { + exists(Function f | f = call.getTarget() | + result = f.getParameterType(f.getNumParameter() - 1) + ) + } + + override string getNodeKind() { result = "implicit varargs slice" } + + override string toString() { result = "[]type{args}" } + + override predicate hasLocationInfo( + string filepath, int startline, int startcolumn, int endline, int endcolumn + ) { + call.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) + } + } + /** * Gets a possible target of call `cn`.class * From 3e73e02175ad52088be555296916340bf562c088 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 4 Jan 2023 12:28:41 +0000 Subject: [PATCH 046/870] Update PostUpdateNodes for implicit varargs slices We don't want a post update node for the implicit varargs slice, and we do want one for each argument which is stored in the implicit varargs slice. --- go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll index 5273d617741..70e9e00116a 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll @@ -732,7 +732,11 @@ module Public { or preupd = getAWrittenNode() or - preupd instanceof ArgumentNode and + ( + preupd instanceof ArgumentNode and not preupd instanceof ImplicitVarargsSlice + or + preupd = any(CallNode c).getImplicitVarargsArgument(_) + ) and mutableType(preupd.getType()) ) and ( From 22507c156628ec3b547c796327281fb790909340 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 25 Apr 2023 22:47:48 +0100 Subject: [PATCH 047/870] Swift: Add a test for UITextField. --- .../dataflow/flowsources/uikit.swift | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 swift/ql/test/library-tests/dataflow/flowsources/uikit.swift diff --git a/swift/ql/test/library-tests/dataflow/flowsources/uikit.swift b/swift/ql/test/library-tests/dataflow/flowsources/uikit.swift new file mode 100644 index 00000000000..3031bafef5c --- /dev/null +++ b/swift/ql/test/library-tests/dataflow/flowsources/uikit.swift @@ -0,0 +1,30 @@ +// --- stubs --- + +class NSObject { } +class NSAttributedString: NSObject {} +class UIResponder: NSObject {} +class UIView: UIResponder {} +class UIControl: UIView {} +class UITextField: UIControl { + var text: String? { + get { nil } + set { } + } + var attributedText: NSAttributedString? { + get { nil } + set { } + } + var placeholder: String? { + get { nil } + set { } + } +} + +// --- tests --- + +func testUITextField(textField: UITextField) { + _ = textField.text // $ MISSING: source=local + _ = textField.attributedText // $ MISSING: source=local + _ = textField.placeholder // GOOD (not input) + _ = textField.text?.uppercased() // $ MISSING: source=local +} From e16277ef43f13b31bde4511c6682b33cb52dd678 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 25 Apr 2023 23:11:26 +0100 Subject: [PATCH 048/870] Swift: Add source model for UITextField. --- .../ql/lib/codeql/swift/dataflow/ExternalFlow.qll | 3 ++- .../codeql/swift/frameworks/UIKit/UITextField.qll | 15 +++++++++++++++ .../dataflow/flowsources/uikit.swift | 6 +++--- 3 files changed, 20 insertions(+), 4 deletions(-) create mode 100644 swift/ql/lib/codeql/swift/frameworks/UIKit/UITextField.qll diff --git a/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll b/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll index 672405107d7..9fbfa322a9e 100644 --- a/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll +++ b/swift/ql/lib/codeql/swift/dataflow/ExternalFlow.qll @@ -79,6 +79,7 @@ private import internal.FlowSummaryImplSpecific * ensuring that they are visible to the taint tracking / data flow library. */ private module Frameworks { + private import codeql.swift.frameworks.Alamofire.Alamofire private import codeql.swift.frameworks.StandardLibrary.Collection private import codeql.swift.frameworks.StandardLibrary.CustomUrlSchemes private import codeql.swift.frameworks.StandardLibrary.Data @@ -94,7 +95,7 @@ private module Frameworks { private import codeql.swift.frameworks.StandardLibrary.Url private import codeql.swift.frameworks.StandardLibrary.UrlSession private import codeql.swift.frameworks.StandardLibrary.WebView - private import codeql.swift.frameworks.Alamofire.Alamofire + private import codeql.swift.frameworks.UIKit.UITextField private import codeql.swift.security.CleartextLoggingExtensions private import codeql.swift.security.CleartextStorageDatabaseExtensions private import codeql.swift.security.ECBEncryptionExtensions diff --git a/swift/ql/lib/codeql/swift/frameworks/UIKit/UITextField.qll b/swift/ql/lib/codeql/swift/frameworks/UIKit/UITextField.qll new file mode 100644 index 00000000000..3fbbdb0fee1 --- /dev/null +++ b/swift/ql/lib/codeql/swift/frameworks/UIKit/UITextField.qll @@ -0,0 +1,15 @@ +/** + * Provides models for the `UITextField` Swift class. + */ + +import swift +private import codeql.swift.dataflow.ExternalFlow + +/** + * A model for `UITextField` members that are flow sources. + */ +private class UITextFieldSource extends SourceModelCsv { + override predicate row(string row) { + row = [";UITextField;true;text;;;;local", ";UITextField;true;attributedText;;;;local"] + } +} diff --git a/swift/ql/test/library-tests/dataflow/flowsources/uikit.swift b/swift/ql/test/library-tests/dataflow/flowsources/uikit.swift index 3031bafef5c..2da74a21254 100644 --- a/swift/ql/test/library-tests/dataflow/flowsources/uikit.swift +++ b/swift/ql/test/library-tests/dataflow/flowsources/uikit.swift @@ -23,8 +23,8 @@ class UITextField: UIControl { // --- tests --- func testUITextField(textField: UITextField) { - _ = textField.text // $ MISSING: source=local - _ = textField.attributedText // $ MISSING: source=local + _ = textField.text // $ source=local + _ = textField.attributedText // $ source=local _ = textField.placeholder // GOOD (not input) - _ = textField.text?.uppercased() // $ MISSING: source=local + _ = textField.text?.uppercased() // $ source=local } From 33a6e722f62edce72e94afe571813aa4255ef236 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 25 Apr 2023 23:29:43 +0100 Subject: [PATCH 049/870] Swift: Add a test for UISearchTextField. --- swift/ql/test/library-tests/dataflow/flowsources/uikit.swift | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/swift/ql/test/library-tests/dataflow/flowsources/uikit.swift b/swift/ql/test/library-tests/dataflow/flowsources/uikit.swift index 2da74a21254..5d6ce674278 100644 --- a/swift/ql/test/library-tests/dataflow/flowsources/uikit.swift +++ b/swift/ql/test/library-tests/dataflow/flowsources/uikit.swift @@ -19,12 +19,15 @@ class UITextField: UIControl { set { } } } +class UISearchTextField : UITextField { +} // --- tests --- -func testUITextField(textField: UITextField) { +func testUITextField(textField: UITextField, searchTextField: UISearchTextField) { _ = textField.text // $ source=local _ = textField.attributedText // $ source=local _ = textField.placeholder // GOOD (not input) _ = textField.text?.uppercased() // $ source=local + _ = searchTextField.text // $ source=local } From 8b6593715937de30d66b9d144286661fceea5fa0 Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Wed, 26 Apr 2023 12:11:08 +0200 Subject: [PATCH 050/870] Move ConstantStringExpr to RangeUtils.qll --- .../semmle/code/java/dataflow/RangeUtils.qll | 19 +++++++++++++++ .../semmle/code/java/security/XmlParsers.qll | 24 +------------------ 2 files changed, 20 insertions(+), 23 deletions(-) diff --git a/java/ql/lib/semmle/code/java/dataflow/RangeUtils.qll b/java/ql/lib/semmle/code/java/dataflow/RangeUtils.qll index d073868b0f5..be7f1292091 100644 --- a/java/ql/lib/semmle/code/java/dataflow/RangeUtils.qll +++ b/java/ql/lib/semmle/code/java/dataflow/RangeUtils.qll @@ -104,6 +104,17 @@ private predicate constantBooleanExpr(Expr e, boolean val) { CalcConstants::calculateBooleanValue(e) = val } +pragma[nomagic] +private predicate constantStringExpr(Expr e, string val) { + e.(CompileTimeConstantExpr).getStringValue() = val + or + exists(SsaExplicitUpdate v, Expr src | + e = v.getAUse() and + src = v.getDefiningExpr().(VariableAssign).getSource() and + constantStringExpr(src, val) + ) +} + private boolean getBoolValue(Expr e) { constantBooleanExpr(e, result) } private int getIntValue(Expr e) { constantIntegerExpr(e, result) } @@ -126,6 +137,14 @@ class ConstantBooleanExpr extends Expr { boolean getBooleanValue() { constantBooleanExpr(this, result) } } +/** An expression that always has the same string value. */ +class ConstantStringExpr extends Expr { + ConstantStringExpr() { constantStringExpr(this, _) } + + /** Get the string value of this expression. */ + string getStringValue() { constantStringExpr(this, result) } +} + /** * Gets an expression that equals `v - d`. */ diff --git a/java/ql/lib/semmle/code/java/security/XmlParsers.qll b/java/ql/lib/semmle/code/java/security/XmlParsers.qll index dd28d8b0117..b5a9750ed2e 100644 --- a/java/ql/lib/semmle/code/java/security/XmlParsers.qll +++ b/java/ql/lib/semmle/code/java/security/XmlParsers.qll @@ -4,9 +4,7 @@ import java import semmle.code.java.dataflow.DataFlow import semmle.code.java.dataflow.DataFlow2 import semmle.code.java.dataflow.DataFlow3 -import semmle.code.java.dataflow.DataFlow4 -import semmle.code.java.dataflow.DataFlow5 -private import semmle.code.java.dataflow.SSA +private import semmle.code.java.dataflow.RangeUtils /* * Various XML parsers in Java. @@ -130,26 +128,6 @@ class DocumentBuilderFactoryConfig extends ParserConfig { } } -private predicate constantStringExpr(Expr e, string val) { - e.(CompileTimeConstantExpr).getStringValue() = val - or - exists(SsaExplicitUpdate v, Expr src | - e = v.getAUse() and - src = v.getDefiningExpr().(VariableAssign).getSource() and - constantStringExpr(src, val) - ) -} - -/** An expression that always has the same string value. */ -private class ConstantStringExpr extends Expr { - string value; - - ConstantStringExpr() { constantStringExpr(this, value) } - - /** Get the string value of this expression. */ - string getStringValue() { result = value } -} - /** * A general configuration that is safe when enabled. */ From 1e66a544fd7afce688de975f03a1700d849322e0 Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Wed, 26 Apr 2023 12:11:48 +0200 Subject: [PATCH 051/870] Promote exxperimental XXE sinks --- .../java/frameworks/apache/CommonsXml.qll | 90 +++++++++++++++++++ .../code/java/frameworks/javaee/Xml.qll | 64 +++++++++++++ .../code/java/frameworks/javase/Beans.qll | 24 +++++ .../java/frameworks/rundeck/RundeckXml.qll | 19 ++++ .../semmle/code/java/security/XmlParsers.qll | 12 +-- 5 files changed, 204 insertions(+), 5 deletions(-) create mode 100644 java/ql/lib/semmle/code/java/frameworks/apache/CommonsXml.qll create mode 100644 java/ql/lib/semmle/code/java/frameworks/javaee/Xml.qll create mode 100644 java/ql/lib/semmle/code/java/frameworks/javase/Beans.qll create mode 100644 java/ql/lib/semmle/code/java/frameworks/rundeck/RundeckXml.qll diff --git a/java/ql/lib/semmle/code/java/frameworks/apache/CommonsXml.qll b/java/ql/lib/semmle/code/java/frameworks/apache/CommonsXml.qll new file mode 100644 index 00000000000..42ecc946e50 --- /dev/null +++ b/java/ql/lib/semmle/code/java/frameworks/apache/CommonsXml.qll @@ -0,0 +1,90 @@ +/** Provides XML definitions related to the `org.apache.commons` package. */ + +import java +private import semmle.code.java.dataflow.RangeUtils +private import semmle.code.java.security.XmlParsers + +/** + * The classes `org.apache.commons.digester3.Digester`, `org.apache.commons.digester.Digester` or `org.apache.tomcat.util.digester.Digester`. + */ +private class Digester extends RefType { + Digester() { + this.hasQualifiedName([ + "org.apache.commons.digester3", "org.apache.commons.digester", + "org.apache.tomcat.util.digester" + ], "Digester") + } +} + +/** A call to `Digester.parse`. */ +private class DigesterParse extends XmlParserCall { + DigesterParse() { + exists(Method m | + this.getMethod() = m and + m.getDeclaringType() instanceof Digester and + m.hasName("parse") + ) + } + + override Expr getSink() { result = this.getArgument(0) } + + override predicate isSafe() { SafeDigesterFlow::flowToExpr(this.getQualifier()) } +} + +/** A `ParserConfig` that is specific to `Digester`. */ +private class DigesterConfig extends ParserConfig { + DigesterConfig() { + exists(Method m | + m = this.getMethod() and + m.getDeclaringType() instanceof Digester and + m.hasName("setFeature") + ) + } +} + +/** + * A safely configured `Digester`. + */ +private class SafeDigester extends VarAccess { + SafeDigester() { + exists(Variable v | v = this.getVariable() | + exists(DigesterConfig config | config.getQualifier() = v.getAnAccess() | + config.enables(singleSafeConfig()) + ) + or + exists(DigesterConfig config | config.getQualifier() = v.getAnAccess() | + config + .disables(any(ConstantStringExpr s | + s.getStringValue() = "http://xml.org/sax/features/external-general-entities" + )) + ) and + exists(DigesterConfig config | config.getQualifier() = v.getAnAccess() | + config + .disables(any(ConstantStringExpr s | + s.getStringValue() = "http://xml.org/sax/features/external-parameter-entities" + )) + ) and + exists(DigesterConfig config | config.getQualifier() = v.getAnAccess() | + config + .disables(any(ConstantStringExpr s | + s.getStringValue() = + "http://apache.org/xml/features/nonvalidating/load-external-dtd" + )) + ) + ) + } +} + +private module SafeDigesterFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeDigester } + + predicate isSink(DataFlow::Node sink) { + exists(MethodAccess ma | + sink.asExpr() = ma.getQualifier() and ma.getMethod().getDeclaringType() instanceof Digester + ) + } + + int fieldFlowBranchLimit() { result = 0 } +} + +private module SafeDigesterFlow = DataFlow::Global; diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/Xml.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/Xml.qll new file mode 100644 index 00000000000..590b172bffa --- /dev/null +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/Xml.qll @@ -0,0 +1,64 @@ +/** Provides definitions related to the `javax.xml` package. */ + +import java +private import semmle.code.java.security.XmlParsers + +/** A call to `Validator.validate`. */ +private class ValidatorValidate extends XmlParserCall { + ValidatorValidate() { + exists(Method m | + this.getMethod() = m and + m.getDeclaringType() instanceof Validator and + m.hasName("validate") + ) + } + + override Expr getSink() { result = this.getArgument(0) } + + override predicate isSafe() { SafeValidatorFlow::flowToExpr(this.getQualifier()) } +} + +/** A `TransformerConfig` specific to `Validator`. */ +private class ValidatorConfig extends TransformerConfig { + ValidatorConfig() { + exists(Method m | + this.getMethod() = m and + m.getDeclaringType() instanceof Validator and + m.hasName("setProperty") + ) + } +} + +/** The class `javax.xml.validation.Validator`. */ +private class Validator extends RefType { + Validator() { this.hasQualifiedName("javax.xml.validation", "Validator") } +} + +/** A safely configured `Validator`. */ +private class SafeValidator extends VarAccess { + SafeValidator() { + exists(Variable v | v = this.getVariable() | + exists(ValidatorConfig config | config.getQualifier() = v.getAnAccess() | + config.disables(configAccessExternalDtd()) + ) and + exists(ValidatorConfig config | config.getQualifier() = v.getAnAccess() | + config.disables(configAccessExternalSchema()) + ) + ) + } +} + +private module SafeValidatorFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeValidator } + + predicate isSink(DataFlow::Node sink) { + exists(MethodAccess ma | + sink.asExpr() = ma.getQualifier() and + ma.getMethod().getDeclaringType() instanceof Validator + ) + } + + int fieldFlowBranchLimit() { result = 0 } +} + +private module SafeValidatorFlow = DataFlow::Global; diff --git a/java/ql/lib/semmle/code/java/frameworks/javase/Beans.qll b/java/ql/lib/semmle/code/java/frameworks/javase/Beans.qll new file mode 100644 index 00000000000..dbdaf6960f3 --- /dev/null +++ b/java/ql/lib/semmle/code/java/frameworks/javase/Beans.qll @@ -0,0 +1,24 @@ +/** Provides definitions related to the `java.beans` package. */ + +import java +private import semmle.code.java.security.XmlParsers + +/** The class `java.beans.XMLDecoder`. */ +private class XmlDecoder extends RefType { + XmlDecoder() { this.hasQualifiedName("java.beans", "XMLDecoder") } +} + +/** A call to `XMLDecoder.readObject`. */ +private class XmlDecoderReadObject extends XmlParserCall { + XmlDecoderReadObject() { + exists(Method m | + this.getMethod() = m and + m.getDeclaringType() instanceof XmlDecoder and + m.hasName("readObject") + ) + } + + override Expr getSink() { result = this.getQualifier() } + + override predicate isSafe() { none() } +} diff --git a/java/ql/lib/semmle/code/java/frameworks/rundeck/RundeckXml.qll b/java/ql/lib/semmle/code/java/frameworks/rundeck/RundeckXml.qll new file mode 100644 index 00000000000..0f271e073e6 --- /dev/null +++ b/java/ql/lib/semmle/code/java/frameworks/rundeck/RundeckXml.qll @@ -0,0 +1,19 @@ +/** Provides definitions related to XML parsing in Rundeck. */ + +import java +private import semmle.code.java.security.XmlParsers + +/** A call to `ParserHelper.loadDocument`. */ +private class ParserHelperLoadDocument extends XmlParserCall { + ParserHelperLoadDocument() { + exists(Method m | + this.getMethod() = m and + m.getDeclaringType().hasQualifiedName("org.rundeck.api.parser", "ParserHelper") and + m.hasName("loadDocument") + ) + } + + override Expr getSink() { result = this.getArgument(0) } + + override predicate isSafe() { none() } +} diff --git a/java/ql/lib/semmle/code/java/security/XmlParsers.qll b/java/ql/lib/semmle/code/java/security/XmlParsers.qll index b5a9750ed2e..86c2458cd3e 100644 --- a/java/ql/lib/semmle/code/java/security/XmlParsers.qll +++ b/java/ql/lib/semmle/code/java/security/XmlParsers.qll @@ -2,13 +2,15 @@ import java import semmle.code.java.dataflow.DataFlow -import semmle.code.java.dataflow.DataFlow2 import semmle.code.java.dataflow.DataFlow3 private import semmle.code.java.dataflow.RangeUtils -/* - * Various XML parsers in Java. - */ +private module Frameworks { + private import semmle.code.java.frameworks.apache.CommonsXml + private import semmle.code.java.frameworks.javaee.Xml + private import semmle.code.java.frameworks.javase.Beans + private import semmle.code.java.frameworks.rundeck.RundeckXml +} /** * An abstract type representing a call to parse XML files. @@ -946,7 +948,7 @@ class TransformerFactorySource extends XmlParserCall { exists(Method m | this.getMethod() = m and m.getDeclaringType() instanceof TransformerFactory and - m.hasName("newTransformer") + m.hasName(["newTransformer", "newTransformerHandler"]) ) } From db73e16b70b6ce50cf6d68764782393c7711c07e Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Wed, 26 Apr 2023 12:12:10 +0200 Subject: [PATCH 052/870] Add tests --- .../security/CWE-611/DigesterTests.java | 33 +++++++++++++++ .../security/CWE-611/ParserHelperTests.java | 14 +++++++ .../security/CWE-611/ValidatorTests.java | 41 +++++++++++++++++++ .../security/CWE-611/XMLDecoderTests.java | 32 +++++++++++++++ .../query-tests/security/CWE-611/XXE.expected | 22 ++++++++++ .../test/query-tests/security/CWE-611/options | 2 +- 6 files changed, 143 insertions(+), 1 deletion(-) create mode 100644 java/ql/test/query-tests/security/CWE-611/DigesterTests.java create mode 100644 java/ql/test/query-tests/security/CWE-611/ParserHelperTests.java create mode 100644 java/ql/test/query-tests/security/CWE-611/ValidatorTests.java create mode 100644 java/ql/test/query-tests/security/CWE-611/XMLDecoderTests.java diff --git a/java/ql/test/query-tests/security/CWE-611/DigesterTests.java b/java/ql/test/query-tests/security/CWE-611/DigesterTests.java new file mode 100644 index 00000000000..5ba8b74b709 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-611/DigesterTests.java @@ -0,0 +1,33 @@ +import java.io.BufferedReader; +import javax.servlet.ServletInputStream; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.apache.commons.digester3.Digester; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.PostMapping; + +@Controller +public class DigesterTests { + + @PostMapping(value = "bad") + public void bad1(HttpServletRequest request, HttpServletResponse response) throws Exception { + ServletInputStream servletInputStream = request.getInputStream(); + Digester digester = new Digester(); + digester.parse(servletInputStream); // bad + } + + @PostMapping(value = "good") + public void good1(HttpServletRequest request, HttpServletResponse response) throws Exception { + BufferedReader br = request.getReader(); + String str = ""; + StringBuilder listString = new StringBuilder(); + while ((str = br.readLine()) != null) { + listString.append(str); + } + Digester digester = new Digester(); + digester.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + digester.setFeature("http://xml.org/sax/features/external-general-entities", false); + digester.setFeature("http://xml.org/sax/features/external-parameter-entities", false); + digester.parse(listString.toString()); + } +} diff --git a/java/ql/test/query-tests/security/CWE-611/ParserHelperTests.java b/java/ql/test/query-tests/security/CWE-611/ParserHelperTests.java new file mode 100644 index 00000000000..cdb65b780e3 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-611/ParserHelperTests.java @@ -0,0 +1,14 @@ +import javax.servlet.http.HttpServletRequest; +import org.dom4j.Document; +import org.rundeck.api.parser.ParserHelper; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.PostMapping; + +@Controller +public class ParserHelperTests { + + @PostMapping(value = "bad4") + public void bad4(HttpServletRequest request) throws Exception { + Document document = ParserHelper.loadDocument(request.getInputStream()); // bad + } +} diff --git a/java/ql/test/query-tests/security/CWE-611/ValidatorTests.java b/java/ql/test/query-tests/security/CWE-611/ValidatorTests.java new file mode 100644 index 00000000000..06d32ab95ae --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-611/ValidatorTests.java @@ -0,0 +1,41 @@ +import java.io.BufferedReader; +import javax.servlet.ServletInputStream; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.transform.stream.StreamSource; +import javax.xml.validation.Schema; +import javax.xml.validation.SchemaFactory; +import javax.xml.validation.Validator; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.PostMapping; + +@Controller +public class ValidatorTests { + + @PostMapping(value = "bad") + public void bad2(HttpServletRequest request) throws Exception { + ServletInputStream servletInputStream = request.getInputStream(); + SchemaFactory factory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema"); + Schema schema = factory.newSchema(); + Validator validator = schema.newValidator(); + StreamSource source = new StreamSource(servletInputStream); + validator.validate(source); // bad + } + + @PostMapping(value = "good") + public void good2(HttpServletRequest request, HttpServletResponse response) throws Exception { + BufferedReader br = request.getReader(); + String str = ""; + StringBuilder listString = new StringBuilder(); + while ((str = br.readLine()) != null) { + listString.append(str).append("\n"); + } + SchemaFactory factory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema"); + Schema schema = factory.newSchema(); + Validator validator = schema.newValidator(); + validator.setProperty("http://javax.xml.XMLConstants/property/accessExternalDTD", ""); + validator.setProperty("http://javax.xml.XMLConstants/property/accessExternalSchema", ""); + StreamSource source = new StreamSource(listString.toString()); + validator.validate(source); + } +} diff --git a/java/ql/test/query-tests/security/CWE-611/XMLDecoderTests.java b/java/ql/test/query-tests/security/CWE-611/XMLDecoderTests.java new file mode 100644 index 00000000000..434bfe9daed --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-611/XMLDecoderTests.java @@ -0,0 +1,32 @@ +import java.beans.XMLDecoder; +import java.io.BufferedReader; +import javax.servlet.ServletInputStream; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.dom4j.Document; +import org.dom4j.DocumentHelper; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.PostMapping; + +@Controller +public class XMLDecoderTests { + + @PostMapping(value = "bad") + public void bad3(HttpServletRequest request) throws Exception { + ServletInputStream servletInputStream = request.getInputStream(); + XMLDecoder xmlDecoder = new XMLDecoder(servletInputStream); + xmlDecoder.readObject(); // bad + } + + @PostMapping(value = "good") + public void good3(HttpServletRequest request) throws Exception { + BufferedReader br = request.getReader(); + String str = ""; + StringBuilder listString = new StringBuilder(); + while ((str = br.readLine()) != null) { + listString.append(str).append("\n"); + } + // parseText falls back to a default SAXReader, which is safe + Document document = DocumentHelper.parseText(listString.toString()); // Safe + } +} diff --git a/java/ql/test/query-tests/security/CWE-611/XXE.expected b/java/ql/test/query-tests/security/CWE-611/XXE.expected index 6304e3582a2..dec71c301d5 100644 --- a/java/ql/test/query-tests/security/CWE-611/XXE.expected +++ b/java/ql/test/query-tests/security/CWE-611/XXE.expected @@ -1,4 +1,5 @@ edges +| DigesterTests.java:14:49:14:72 | getInputStream(...) : ServletInputStream | DigesterTests.java:16:24:16:41 | servletInputStream | | DocumentBuilderTests.java:93:21:93:73 | new SAXSource(...) : SAXSource | DocumentBuilderTests.java:94:16:94:21 | source : SAXSource | | DocumentBuilderTests.java:93:35:93:72 | new InputSource(...) : InputSource | DocumentBuilderTests.java:93:21:93:73 | new SAXSource(...) : SAXSource | | DocumentBuilderTests.java:93:51:93:71 | getInputStream(...) : InputStream | DocumentBuilderTests.java:93:35:93:72 | new InputSource(...) : InputSource | @@ -66,6 +67,12 @@ edges | TransformerTests.java:136:38:136:58 | getInputStream(...) : InputStream | TransformerTests.java:136:21:136:59 | new StreamSource(...) | | TransformerTests.java:141:32:141:69 | new InputSource(...) : InputSource | TransformerTests.java:141:18:141:70 | new SAXSource(...) | | TransformerTests.java:141:48:141:68 | getInputStream(...) : InputStream | TransformerTests.java:141:32:141:69 | new InputSource(...) : InputSource | +| ValidatorTests.java:17:49:17:72 | getInputStream(...) : ServletInputStream | ValidatorTests.java:21:48:21:65 | servletInputStream : ServletInputStream | +| ValidatorTests.java:21:31:21:66 | new StreamSource(...) : StreamSource | ValidatorTests.java:22:28:22:33 | source | +| ValidatorTests.java:21:48:21:65 | servletInputStream : ServletInputStream | ValidatorTests.java:21:31:21:66 | new StreamSource(...) : StreamSource | +| XMLDecoderTests.java:16:49:16:72 | getInputStream(...) : ServletInputStream | XMLDecoderTests.java:17:48:17:65 | servletInputStream : ServletInputStream | +| XMLDecoderTests.java:17:33:17:66 | new XMLDecoder(...) : XMLDecoder | XMLDecoderTests.java:18:9:18:18 | xmlDecoder | +| XMLDecoderTests.java:17:48:17:65 | servletInputStream : ServletInputStream | XMLDecoderTests.java:17:33:17:66 | new XMLDecoder(...) : XMLDecoder | | XMLReaderTests.java:16:34:16:54 | getInputStream(...) : InputStream | XMLReaderTests.java:16:18:16:55 | new InputSource(...) | | XMLReaderTests.java:56:34:56:54 | getInputStream(...) : InputStream | XMLReaderTests.java:56:18:56:55 | new InputSource(...) | | XMLReaderTests.java:63:34:63:54 | getInputStream(...) : InputStream | XMLReaderTests.java:63:18:63:55 | new InputSource(...) | @@ -76,6 +83,8 @@ edges | XMLReaderTests.java:100:34:100:54 | getInputStream(...) : InputStream | XMLReaderTests.java:100:18:100:55 | new InputSource(...) | | XPathExpressionTests.java:27:37:27:57 | getInputStream(...) : InputStream | XPathExpressionTests.java:27:21:27:58 | new InputSource(...) | nodes +| DigesterTests.java:14:49:14:72 | getInputStream(...) : ServletInputStream | semmle.label | getInputStream(...) : ServletInputStream | +| DigesterTests.java:16:24:16:41 | servletInputStream | semmle.label | servletInputStream | | DocumentBuilderTests.java:14:19:14:39 | getInputStream(...) | semmle.label | getInputStream(...) | | DocumentBuilderTests.java:28:19:28:39 | getInputStream(...) | semmle.label | getInputStream(...) | | DocumentBuilderTests.java:35:19:35:39 | getInputStream(...) | semmle.label | getInputStream(...) | @@ -96,6 +105,7 @@ nodes | DocumentBuilderTests.java:101:46:101:51 | source : StreamSource | semmle.label | source : StreamSource | | DocumentBuilderTests.java:102:16:102:21 | source : StreamSource | semmle.label | source : StreamSource | | DocumentBuilderTests.java:102:16:102:38 | getInputStream(...) | semmle.label | getInputStream(...) | +| ParserHelperTests.java:12:55:12:78 | getInputStream(...) | semmle.label | getInputStream(...) | | SAXBuilderTests.java:8:19:8:39 | getInputStream(...) | semmle.label | getInputStream(...) | | SAXBuilderTests.java:20:19:20:39 | getInputStream(...) | semmle.label | getInputStream(...) | | SAXParserTests.java:13:18:13:38 | getInputStream(...) | semmle.label | getInputStream(...) | @@ -219,6 +229,14 @@ nodes | TransformerTests.java:141:32:141:69 | new InputSource(...) : InputSource | semmle.label | new InputSource(...) : InputSource | | TransformerTests.java:141:48:141:68 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | | UnmarshallerTests.java:28:18:28:38 | getInputStream(...) | semmle.label | getInputStream(...) | +| ValidatorTests.java:17:49:17:72 | getInputStream(...) : ServletInputStream | semmle.label | getInputStream(...) : ServletInputStream | +| ValidatorTests.java:21:31:21:66 | new StreamSource(...) : StreamSource | semmle.label | new StreamSource(...) : StreamSource | +| ValidatorTests.java:21:48:21:65 | servletInputStream : ServletInputStream | semmle.label | servletInputStream : ServletInputStream | +| ValidatorTests.java:22:28:22:33 | source | semmle.label | source | +| XMLDecoderTests.java:16:49:16:72 | getInputStream(...) : ServletInputStream | semmle.label | getInputStream(...) : ServletInputStream | +| XMLDecoderTests.java:17:33:17:66 | new XMLDecoder(...) : XMLDecoder | semmle.label | new XMLDecoder(...) : XMLDecoder | +| XMLDecoderTests.java:17:48:17:65 | servletInputStream : ServletInputStream | semmle.label | servletInputStream : ServletInputStream | +| XMLDecoderTests.java:18:9:18:18 | xmlDecoder | semmle.label | xmlDecoder | | XMLReaderTests.java:16:18:16:55 | new InputSource(...) | semmle.label | new InputSource(...) | | XMLReaderTests.java:16:34:16:54 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | | XMLReaderTests.java:56:18:56:55 | new InputSource(...) | semmle.label | new InputSource(...) | @@ -251,6 +269,7 @@ nodes | XmlInputFactoryTests.java:56:34:56:54 | getInputStream(...) | semmle.label | getInputStream(...) | subpaths #select +| DigesterTests.java:16:24:16:41 | servletInputStream | DigesterTests.java:14:49:14:72 | getInputStream(...) : ServletInputStream | DigesterTests.java:16:24:16:41 | servletInputStream | XML parsing depends on a $@ without guarding against external entity expansion. | DigesterTests.java:14:49:14:72 | getInputStream(...) | user-provided value | | DocumentBuilderTests.java:14:19:14:39 | getInputStream(...) | DocumentBuilderTests.java:14:19:14:39 | getInputStream(...) | DocumentBuilderTests.java:14:19:14:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:14:19:14:39 | getInputStream(...) | user-provided value | | DocumentBuilderTests.java:28:19:28:39 | getInputStream(...) | DocumentBuilderTests.java:28:19:28:39 | getInputStream(...) | DocumentBuilderTests.java:28:19:28:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:28:19:28:39 | getInputStream(...) | user-provided value | | DocumentBuilderTests.java:35:19:35:39 | getInputStream(...) | DocumentBuilderTests.java:35:19:35:39 | getInputStream(...) | DocumentBuilderTests.java:35:19:35:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:35:19:35:39 | getInputStream(...) | user-provided value | @@ -263,6 +282,7 @@ subpaths | DocumentBuilderTests.java:94:16:94:38 | getInputSource(...) | DocumentBuilderTests.java:93:51:93:71 | getInputStream(...) : InputStream | DocumentBuilderTests.java:94:16:94:38 | getInputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:93:51:93:71 | getInputStream(...) | user-provided value | | DocumentBuilderTests.java:101:16:101:52 | sourceToInputSource(...) | DocumentBuilderTests.java:100:41:100:61 | getInputStream(...) : InputStream | DocumentBuilderTests.java:101:16:101:52 | sourceToInputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:100:41:100:61 | getInputStream(...) | user-provided value | | DocumentBuilderTests.java:102:16:102:38 | getInputStream(...) | DocumentBuilderTests.java:100:41:100:61 | getInputStream(...) : InputStream | DocumentBuilderTests.java:102:16:102:38 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:100:41:100:61 | getInputStream(...) | user-provided value | +| ParserHelperTests.java:12:55:12:78 | getInputStream(...) | ParserHelperTests.java:12:55:12:78 | getInputStream(...) | ParserHelperTests.java:12:55:12:78 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | ParserHelperTests.java:12:55:12:78 | getInputStream(...) | user-provided value | | SAXBuilderTests.java:8:19:8:39 | getInputStream(...) | SAXBuilderTests.java:8:19:8:39 | getInputStream(...) | SAXBuilderTests.java:8:19:8:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXBuilderTests.java:8:19:8:39 | getInputStream(...) | user-provided value | | SAXBuilderTests.java:20:19:20:39 | getInputStream(...) | SAXBuilderTests.java:20:19:20:39 | getInputStream(...) | SAXBuilderTests.java:20:19:20:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXBuilderTests.java:20:19:20:39 | getInputStream(...) | user-provided value | | SAXParserTests.java:13:18:13:38 | getInputStream(...) | SAXParserTests.java:13:18:13:38 | getInputStream(...) | SAXParserTests.java:13:18:13:38 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXParserTests.java:13:18:13:38 | getInputStream(...) | user-provided value | @@ -328,6 +348,8 @@ subpaths | TransformerTests.java:136:21:136:59 | new StreamSource(...) | TransformerTests.java:136:38:136:58 | getInputStream(...) : InputStream | TransformerTests.java:136:21:136:59 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:136:38:136:58 | getInputStream(...) | user-provided value | | TransformerTests.java:141:18:141:70 | new SAXSource(...) | TransformerTests.java:141:48:141:68 | getInputStream(...) : InputStream | TransformerTests.java:141:18:141:70 | new SAXSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:141:48:141:68 | getInputStream(...) | user-provided value | | UnmarshallerTests.java:28:18:28:38 | getInputStream(...) | UnmarshallerTests.java:28:18:28:38 | getInputStream(...) | UnmarshallerTests.java:28:18:28:38 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | UnmarshallerTests.java:28:18:28:38 | getInputStream(...) | user-provided value | +| ValidatorTests.java:22:28:22:33 | source | ValidatorTests.java:17:49:17:72 | getInputStream(...) : ServletInputStream | ValidatorTests.java:22:28:22:33 | source | XML parsing depends on a $@ without guarding against external entity expansion. | ValidatorTests.java:17:49:17:72 | getInputStream(...) | user-provided value | +| XMLDecoderTests.java:18:9:18:18 | xmlDecoder | XMLDecoderTests.java:16:49:16:72 | getInputStream(...) : ServletInputStream | XMLDecoderTests.java:18:9:18:18 | xmlDecoder | XML parsing depends on a $@ without guarding against external entity expansion. | XMLDecoderTests.java:16:49:16:72 | getInputStream(...) | user-provided value | | XMLReaderTests.java:16:18:16:55 | new InputSource(...) | XMLReaderTests.java:16:34:16:54 | getInputStream(...) : InputStream | XMLReaderTests.java:16:18:16:55 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XMLReaderTests.java:16:34:16:54 | getInputStream(...) | user-provided value | | XMLReaderTests.java:56:18:56:55 | new InputSource(...) | XMLReaderTests.java:56:34:56:54 | getInputStream(...) : InputStream | XMLReaderTests.java:56:18:56:55 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XMLReaderTests.java:56:34:56:54 | getInputStream(...) | user-provided value | | XMLReaderTests.java:63:18:63:55 | new InputSource(...) | XMLReaderTests.java:63:34:63:54 | getInputStream(...) : InputStream | XMLReaderTests.java:63:18:63:55 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XMLReaderTests.java:63:34:63:54 | getInputStream(...) | user-provided value | diff --git a/java/ql/test/query-tests/security/CWE-611/options b/java/ql/test/query-tests/security/CWE-611/options index c3935792c6b..bec95f19163 100644 --- a/java/ql/test/query-tests/security/CWE-611/options +++ b/java/ql/test/query-tests/security/CWE-611/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/jdom-1.1.3:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/simple-xml-2.7.1:${testdir}/../../../stubs/jaxb-api-2.3.1:${testdir}/../../../stubs/jaxen-1.2.0 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/jdom-1.1.3:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/simple-xml-2.7.1:${testdir}/../../../stubs/jaxb-api-2.3.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/apache-commons-digester3-3.2:${testdir}/../../../stubs/servlet-api-2.4/:${testdir}/../../../stubs/rundeck-api-java-client-13.2:${testdir}/../../../stubs/springframework-5.3.8/ From e54eaed26f3babe80f67fd86fe96d8a170c00e86 Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Wed, 26 Apr 2023 12:19:59 +0200 Subject: [PATCH 053/870] Refactor tests to use InlineFlowTest --- .../security/CWE-611/DigesterTests.java | 2 +- .../CWE-611/DocumentBuilderTests.java | 67 ++-- .../security/CWE-611/ParserHelperTests.java | 2 +- .../security/CWE-611/SAXBuilderTests.java | 12 +- .../security/CWE-611/SAXParserTests.java | 36 +- .../security/CWE-611/SAXReaderTests.java | 42 +- .../security/CWE-611/SAXSourceTests.java | 4 +- .../security/CWE-611/SchemaTests.java | 12 +- .../security/CWE-611/SimpleXMLTests.java | 96 ++--- .../security/CWE-611/TransformerTests.java | 78 ++-- .../security/CWE-611/UnmarshallerTests.java | 7 +- .../security/CWE-611/ValidatorTests.java | 2 +- .../security/CWE-611/XMLDecoderTests.java | 2 +- .../security/CWE-611/XMLReaderTests.java | 42 +- .../CWE-611/XPathExpressionTests.java | 20 +- .../query-tests/security/CWE-611/XXE.expected | 373 ------------------ .../test/query-tests/security/CWE-611/XXE.ql | 11 + .../query-tests/security/CWE-611/XXE.qlref | 1 - .../CWE-611/XmlInputFactoryTests.java | 42 +- 19 files changed, 246 insertions(+), 605 deletions(-) create mode 100644 java/ql/test/query-tests/security/CWE-611/XXE.ql delete mode 100644 java/ql/test/query-tests/security/CWE-611/XXE.qlref diff --git a/java/ql/test/query-tests/security/CWE-611/DigesterTests.java b/java/ql/test/query-tests/security/CWE-611/DigesterTests.java index 5ba8b74b709..bace07a9b30 100644 --- a/java/ql/test/query-tests/security/CWE-611/DigesterTests.java +++ b/java/ql/test/query-tests/security/CWE-611/DigesterTests.java @@ -13,7 +13,7 @@ public class DigesterTests { public void bad1(HttpServletRequest request, HttpServletResponse response) throws Exception { ServletInputStream servletInputStream = request.getInputStream(); Digester digester = new Digester(); - digester.parse(servletInputStream); // bad + digester.parse(servletInputStream); // $ hasTaintFlow } @PostMapping(value = "good") diff --git a/java/ql/test/query-tests/security/CWE-611/DocumentBuilderTests.java b/java/ql/test/query-tests/security/CWE-611/DocumentBuilderTests.java index 0018e41346a..98d95686301 100644 --- a/java/ql/test/query-tests/security/CWE-611/DocumentBuilderTests.java +++ b/java/ql/test/query-tests/security/CWE-611/DocumentBuilderTests.java @@ -11,42 +11,44 @@ class DocumentBuilderTests { public void unconfiguredParse(Socket sock) throws Exception { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); DocumentBuilder builder = factory.newDocumentBuilder(); - builder.parse(sock.getInputStream()); //unsafe + builder.parse(sock.getInputStream()); // $ hasTaintFlow } public void disableDTD(Socket sock) throws Exception { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); DocumentBuilder builder = factory.newDocumentBuilder(); - builder.parse(sock.getInputStream()); //safe + builder.parse(sock.getInputStream()); // safe } public void enableSecurityFeature(Socket sock) throws Exception { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); DocumentBuilder builder = factory.newDocumentBuilder(); - builder.parse(sock.getInputStream()); //unsafe -- secure-processing by itself is insufficient + builder.parse(sock.getInputStream()); // $ hasTaintFlow -- secure-processing by itself is + // insufficient } public void enableSecurityFeature2(Socket sock) throws Exception { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", true); DocumentBuilder builder = factory.newDocumentBuilder(); - builder.parse(sock.getInputStream()); //unsafe -- secure-processing by itself is insufficient + builder.parse(sock.getInputStream()); // $ hasTaintFlow -- secure-processing by itself is + // insufficient } public void enableDTD(Socket sock) throws Exception { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", false); DocumentBuilder builder = factory.newDocumentBuilder(); - builder.parse(sock.getInputStream()); //unsafe + builder.parse(sock.getInputStream()); // $ hasTaintFlow } public void disableSecurityFeature(Socket sock) throws Exception { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", false); DocumentBuilder builder = factory.newDocumentBuilder(); - builder.parse(sock.getInputStream()); //unsafe + builder.parse(sock.getInputStream()); // $ hasTaintFlow } public void disableExternalEntities(Socket sock) throws Exception { @@ -54,21 +56,21 @@ class DocumentBuilderTests { factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false); factory.setFeature("http://xml.org/sax/features/external-general-entities", false); DocumentBuilder builder = factory.newDocumentBuilder(); - builder.parse(sock.getInputStream()); //safe + builder.parse(sock.getInputStream()); // safe } public void partialDisableExternalEntities(Socket sock) throws Exception { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false); DocumentBuilder builder = factory.newDocumentBuilder(); - builder.parse(sock.getInputStream()); //unsafe + builder.parse(sock.getInputStream()); // $ hasTaintFlow } public void partialDisableExternalEntities2(Socket sock) throws Exception { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setFeature("http://xml.org/sax/features/external-general-entities", false); DocumentBuilder builder = factory.newDocumentBuilder(); - builder.parse(sock.getInputStream()); //unsafe + builder.parse(sock.getInputStream()); // $ hasTaintFlow } public void misConfigureExternalEntities1(Socket sock) throws Exception { @@ -76,7 +78,7 @@ class DocumentBuilderTests { factory.setFeature("http://xml.org/sax/features/external-parameter-entities", true); factory.setFeature("http://xml.org/sax/features/external-general-entities", false); DocumentBuilder builder = factory.newDocumentBuilder(); - builder.parse(sock.getInputStream()); //unsafe + builder.parse(sock.getInputStream()); // $ hasTaintFlow } public void misConfigureExternalEntities2(Socket sock) throws Exception { @@ -84,22 +86,22 @@ class DocumentBuilderTests { factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false); factory.setFeature("http://xml.org/sax/features/external-general-entities", true); DocumentBuilder builder = factory.newDocumentBuilder(); - builder.parse(sock.getInputStream()); //unsafe + builder.parse(sock.getInputStream()); // $ hasTaintFlow } public void taintedSAXInputSource1(Socket sock) throws Exception { - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - DocumentBuilder builder = factory.newDocumentBuilder(); - SAXSource source = new SAXSource(new InputSource(sock.getInputStream())); - builder.parse(source.getInputSource()); //unsafe + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + DocumentBuilder builder = factory.newDocumentBuilder(); + SAXSource source = new SAXSource(new InputSource(sock.getInputStream())); + builder.parse(source.getInputSource()); // $ hasTaintFlow } public void taintedSAXInputSource2(Socket sock) throws Exception { - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - DocumentBuilder builder = factory.newDocumentBuilder(); - StreamSource source = new StreamSource(sock.getInputStream()); - builder.parse(SAXSource.sourceToInputSource(source)); //unsafe - builder.parse(source.getInputStream()); //unsafe + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + DocumentBuilder builder = factory.newDocumentBuilder(); + StreamSource source = new StreamSource(sock.getInputStream()); + builder.parse(SAXSource.sourceToInputSource(source)); // $ hasTaintFlow + builder.parse(source.getInputStream()); // $ hasTaintFlow } private static DocumentBuilderFactory getDocumentBuilderFactory() throws Exception { @@ -112,21 +114,22 @@ class DocumentBuilderTests { return factory; } - private static final ThreadLocal XML_DOCUMENT_BUILDER = new ThreadLocal() { - @Override - protected DocumentBuilder initialValue() { - try { - DocumentBuilderFactory factory = getDocumentBuilderFactory(); - return factory.newDocumentBuilder(); - } catch (Exception ex) { - throw new RuntimeException(ex); - } - } - }; + private static final ThreadLocal XML_DOCUMENT_BUILDER = + new ThreadLocal() { + @Override + protected DocumentBuilder initialValue() { + try { + DocumentBuilderFactory factory = getDocumentBuilderFactory(); + return factory.newDocumentBuilder(); + } catch (Exception ex) { + throw new RuntimeException(ex); + } + } + }; public void disableExternalEntities2(Socket sock) throws Exception { DocumentBuilder builder = XML_DOCUMENT_BUILDER.get(); - builder.parse(sock.getInputStream()); //safe + builder.parse(sock.getInputStream()); // safe } } diff --git a/java/ql/test/query-tests/security/CWE-611/ParserHelperTests.java b/java/ql/test/query-tests/security/CWE-611/ParserHelperTests.java index cdb65b780e3..6b43c224d94 100644 --- a/java/ql/test/query-tests/security/CWE-611/ParserHelperTests.java +++ b/java/ql/test/query-tests/security/CWE-611/ParserHelperTests.java @@ -9,6 +9,6 @@ public class ParserHelperTests { @PostMapping(value = "bad4") public void bad4(HttpServletRequest request) throws Exception { - Document document = ParserHelper.loadDocument(request.getInputStream()); // bad + Document document = ParserHelper.loadDocument(request.getInputStream()); // $ hasTaintFlow } } diff --git a/java/ql/test/query-tests/security/CWE-611/SAXBuilderTests.java b/java/ql/test/query-tests/security/CWE-611/SAXBuilderTests.java index c0a58bfc18d..2b25540b85b 100644 --- a/java/ql/test/query-tests/security/CWE-611/SAXBuilderTests.java +++ b/java/ql/test/query-tests/security/CWE-611/SAXBuilderTests.java @@ -5,18 +5,18 @@ public class SAXBuilderTests { public void unconfiguredSAXBuilder(Socket sock) throws Exception { SAXBuilder builder = new SAXBuilder(); - builder.build(sock.getInputStream()); //unsafe + builder.build(sock.getInputStream()); // $ hasTaintFlow } - + public void safeBuilder(Socket sock) throws Exception { SAXBuilder builder = new SAXBuilder(); - builder.setFeature("http://apache.org/xml/features/disallow-doctype-decl",true); - builder.build(sock.getInputStream()); //safe + builder.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + builder.build(sock.getInputStream()); // safe } public void misConfiguredBuilder(Socket sock) throws Exception { SAXBuilder builder = new SAXBuilder(); - builder.setFeature("http://apache.org/xml/features/disallow-doctype-decl",false); - builder.build(sock.getInputStream()); //unsafe + builder.setFeature("http://apache.org/xml/features/disallow-doctype-decl", false); + builder.build(sock.getInputStream()); // $ hasTaintFlow } } diff --git a/java/ql/test/query-tests/security/CWE-611/SAXParserTests.java b/java/ql/test/query-tests/security/CWE-611/SAXParserTests.java index f8079dd1bc8..a6de7709aed 100644 --- a/java/ql/test/query-tests/security/CWE-611/SAXParserTests.java +++ b/java/ql/test/query-tests/security/CWE-611/SAXParserTests.java @@ -6,78 +6,78 @@ import javax.xml.XMLConstants; import org.xml.sax.helpers.DefaultHandler; public class SAXParserTests { - + public void unconfiguredParser(Socket sock) throws Exception { SAXParserFactory factory = SAXParserFactory.newInstance(); SAXParser parser = factory.newSAXParser(); - parser.parse(sock.getInputStream(), new DefaultHandler()); //unsafe + parser.parse(sock.getInputStream(), new DefaultHandler()); // $ hasTaintFlow } - + public void safeParser(Socket sock) throws Exception { SAXParserFactory factory = SAXParserFactory.newInstance(); factory.setFeature("http://xml.org/sax/features/external-general-entities", false); factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false); factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); SAXParser parser = factory.newSAXParser(); - parser.parse(sock.getInputStream(), new DefaultHandler()); //safe + parser.parse(sock.getInputStream(), new DefaultHandler()); // safe } - + public void partialConfiguredParser1(Socket sock) throws Exception { SAXParserFactory factory = SAXParserFactory.newInstance(); factory.setFeature("http://xml.org/sax/features/external-general-entities", false); factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false); SAXParser parser = factory.newSAXParser(); - parser.parse(sock.getInputStream(), new DefaultHandler()); //unsafe + parser.parse(sock.getInputStream(), new DefaultHandler()); // $ hasTaintFlow } - + public void partialConfiguredParser2(Socket sock) throws Exception { SAXParserFactory factory = SAXParserFactory.newInstance(); factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false); factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); SAXParser parser = factory.newSAXParser(); - parser.parse(sock.getInputStream(), new DefaultHandler()); //unsafe + parser.parse(sock.getInputStream(), new DefaultHandler()); // $ hasTaintFlow } - + public void partialConfiguredParser3(Socket sock) throws Exception { SAXParserFactory factory = SAXParserFactory.newInstance(); factory.setFeature("http://xml.org/sax/features/external-general-entities", false); factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); SAXParser parser = factory.newSAXParser(); - parser.parse(sock.getInputStream(), new DefaultHandler()); //unsafe + parser.parse(sock.getInputStream(), new DefaultHandler()); // $ hasTaintFlow } - + public void misConfiguredParser1(Socket sock) throws Exception { SAXParserFactory factory = SAXParserFactory.newInstance(); factory.setFeature("http://xml.org/sax/features/external-general-entities", true); factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false); factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); SAXParser parser = factory.newSAXParser(); - parser.parse(sock.getInputStream(), new DefaultHandler()); //unsafe + parser.parse(sock.getInputStream(), new DefaultHandler()); // $ hasTaintFlow } - + public void misConfiguredParser2(Socket sock) throws Exception { SAXParserFactory factory = SAXParserFactory.newInstance(); factory.setFeature("http://xml.org/sax/features/external-general-entities", false); factory.setFeature("http://xml.org/sax/features/external-parameter-entities", true); factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); SAXParser parser = factory.newSAXParser(); - parser.parse(sock.getInputStream(), new DefaultHandler()); //unsafe + parser.parse(sock.getInputStream(), new DefaultHandler()); // $ hasTaintFlow } - + public void misConfiguredParser3(Socket sock) throws Exception { SAXParserFactory factory = SAXParserFactory.newInstance(); factory.setFeature("http://xml.org/sax/features/external-general-entities", false); factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false); factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", true); SAXParser parser = factory.newSAXParser(); - parser.parse(sock.getInputStream(), new DefaultHandler()); //unsafe + parser.parse(sock.getInputStream(), new DefaultHandler()); // $ hasTaintFlow } public void safeParser2(Socket sock) throws Exception { SAXParserFactory factory = SAXParserFactory.newInstance(); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); - factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); SAXParser parser = factory.newSAXParser(); - parser.parse(sock.getInputStream(), new DefaultHandler()); //safe + parser.parse(sock.getInputStream(), new DefaultHandler()); // safe } } diff --git a/java/ql/test/query-tests/security/CWE-611/SAXReaderTests.java b/java/ql/test/query-tests/security/CWE-611/SAXReaderTests.java index ba0bfac5a29..f436074f65f 100644 --- a/java/ql/test/query-tests/security/CWE-611/SAXReaderTests.java +++ b/java/ql/test/query-tests/security/CWE-611/SAXReaderTests.java @@ -5,59 +5,59 @@ public class SAXReaderTests { public void unconfiguredReader(Socket sock) throws Exception { SAXReader reader = new SAXReader(); - reader.read(sock.getInputStream()); //unsafe + reader.read(sock.getInputStream()); // $ hasTaintFlow } - + public void safeReader(Socket sock) throws Exception { SAXReader reader = new SAXReader(); reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); reader.setFeature("http://xml.org/sax/features/external-general-entities", false); - reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); - reader.read(sock.getInputStream()); //safe + reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); + reader.read(sock.getInputStream()); // safe } - + public void partialConfiguredReader1(Socket sock) throws Exception { SAXReader reader = new SAXReader(); reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); reader.setFeature("http://xml.org/sax/features/external-general-entities", false); - reader.read(sock.getInputStream()); //unsafe + reader.read(sock.getInputStream()); // $ hasTaintFlow } - + public void partialConfiguredReader2(Socket sock) throws Exception { SAXReader reader = new SAXReader(); reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); - reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); - reader.read(sock.getInputStream()); //unsafe + reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); + reader.read(sock.getInputStream()); // $ hasTaintFlow } - + public void partialConfiguredReader3(Socket sock) throws Exception { SAXReader reader = new SAXReader(); reader.setFeature("http://xml.org/sax/features/external-general-entities", false); - reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); - reader.read(sock.getInputStream()); //unsafe + reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); + reader.read(sock.getInputStream()); // $ hasTaintFlow } - + public void misConfiguredReader1(Socket sock) throws Exception { SAXReader reader = new SAXReader(); reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); reader.setFeature("http://xml.org/sax/features/external-general-entities", true); - reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); - reader.read(sock.getInputStream()); //unsafe + reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); + reader.read(sock.getInputStream()); // $ hasTaintFlow } - + public void misConfiguredReader2(Socket sock) throws Exception { SAXReader reader = new SAXReader(); reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", false); reader.setFeature("http://xml.org/sax/features/external-general-entities", false); - reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); - reader.read(sock.getInputStream()); //unsafe + reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); + reader.read(sock.getInputStream()); // $ hasTaintFlow } - + public void misConfiguredReader3(Socket sock) throws Exception { SAXReader reader = new SAXReader(); reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); reader.setFeature("http://xml.org/sax/features/external-general-entities", false); - reader.setFeature("http://xml.org/sax/features/external-parameter-entities", true); - reader.read(sock.getInputStream()); //unsafe + reader.setFeature("http://xml.org/sax/features/external-parameter-entities", true); + reader.read(sock.getInputStream()); // $ hasTaintFlow } } diff --git a/java/ql/test/query-tests/security/CWE-611/SAXSourceTests.java b/java/ql/test/query-tests/security/CWE-611/SAXSourceTests.java index 06a4b5a43f3..721f596457d 100644 --- a/java/ql/test/query-tests/security/CWE-611/SAXSourceTests.java +++ b/java/ql/test/query-tests/security/CWE-611/SAXSourceTests.java @@ -17,14 +17,14 @@ public class SAXSourceTests { SAXSource source = new SAXSource(reader, new InputSource(sock.getInputStream())); JAXBContext jc = JAXBContext.newInstance(Object.class); Unmarshaller um = jc.createUnmarshaller(); - um.unmarshal(source); // BAD + um.unmarshal(source); // $ hasTaintFlow } public void explicitlySafeSource1(Socket sock) throws Exception { XMLReader reader = XMLReaderFactory.createXMLReader(); reader.setFeature("http://xml.org/sax/features/external-general-entities", false); reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); - reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd",false); + reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); SAXSource source = new SAXSource(reader, new InputSource(sock.getInputStream())); // GOOD } diff --git a/java/ql/test/query-tests/security/CWE-611/SchemaTests.java b/java/ql/test/query-tests/security/CWE-611/SchemaTests.java index f41e0017af1..d98aeb4a3ba 100644 --- a/java/ql/test/query-tests/security/CWE-611/SchemaTests.java +++ b/java/ql/test/query-tests/security/CWE-611/SchemaTests.java @@ -9,39 +9,39 @@ public class SchemaTests { public void unconfiguredSchemaFactory(Socket sock) throws Exception { SchemaFactory factory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema"); - Schema schema = factory.newSchema(new StreamSource(sock.getInputStream())); //unsafe + Schema schema = factory.newSchema(new StreamSource(sock.getInputStream())); // $ hasTaintFlow } public void safeSchemaFactory(Socket sock) throws Exception { SchemaFactory factory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema"); factory.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, ""); factory.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); - Schema schema = factory.newSchema(new StreamSource(sock.getInputStream())); //safe + Schema schema = factory.newSchema(new StreamSource(sock.getInputStream())); // safe } public void partialConfiguredSchemaFactory1(Socket sock) throws Exception { SchemaFactory factory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema"); factory.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, ""); - Schema schema = factory.newSchema(new StreamSource(sock.getInputStream())); //unsafe + Schema schema = factory.newSchema(new StreamSource(sock.getInputStream())); // $ hasTaintFlow } public void partialConfiguredSchemaFactory2(Socket sock) throws Exception { SchemaFactory factory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema"); factory.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); - Schema schema = factory.newSchema(new StreamSource(sock.getInputStream())); //unsafe + Schema schema = factory.newSchema(new StreamSource(sock.getInputStream())); // $ hasTaintFlow } public void misConfiguredSchemaFactory1(Socket sock) throws Exception { SchemaFactory factory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema"); factory.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, ""); factory.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "ab"); - Schema schema = factory.newSchema(new StreamSource(sock.getInputStream())); //unsafe + Schema schema = factory.newSchema(new StreamSource(sock.getInputStream())); // $ hasTaintFlow } public void misConfiguredSchemaFactory2(Socket sock) throws Exception { SchemaFactory factory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema"); factory.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "cd"); factory.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); - Schema schema = factory.newSchema(new StreamSource(sock.getInputStream())); //unsafe + Schema schema = factory.newSchema(new StreamSource(sock.getInputStream())); // $ hasTaintFlow } } diff --git a/java/ql/test/query-tests/security/CWE-611/SimpleXMLTests.java b/java/ql/test/query-tests/security/CWE-611/SimpleXMLTests.java index baefeadfbe6..65c759acbf4 100644 --- a/java/ql/test/query-tests/security/CWE-611/SimpleXMLTests.java +++ b/java/ql/test/query-tests/security/CWE-611/SimpleXMLTests.java @@ -11,145 +11,145 @@ public class SimpleXMLTests { public void persisterValidate1(Socket sock) throws Exception { Persister persister = new Persister(); - persister.validate(this.getClass(), sock.getInputStream()); + persister.validate(this.getClass(), sock.getInputStream()); // $ hasTaintFlow } - + public void persisterValidate2(Socket sock) throws Exception { Persister persister = new Persister(); - persister.validate(this.getClass(), sock.getInputStream(), true); + persister.validate(this.getClass(), sock.getInputStream(), true); // $ hasTaintFlow } public void persisterValidate3(Socket sock) throws Exception { Persister persister = new Persister(); - persister.validate(this.getClass(), new InputStreamReader(sock.getInputStream())); + persister.validate(this.getClass(), new InputStreamReader(sock.getInputStream())); // $ hasTaintFlow } public void persisterValidate4(Socket sock) throws Exception { Persister persister = new Persister(); - byte[] b = new byte[]{}; + byte[] b = new byte[] {}; sock.getInputStream().read(b); - persister.validate(this.getClass(), new String(b)); + persister.validate(this.getClass(), new String(b)); // $ hasTaintFlow } public void persisterValidate5(Socket sock) throws Exception { Persister persister = new Persister(); - byte[] b = new byte[]{}; + byte[] b = new byte[] {}; sock.getInputStream().read(b); - persister.validate(this.getClass(), new String(b), true); + persister.validate(this.getClass(), new String(b), true); // $ hasTaintFlow } public void persisterValidate6(Socket sock) throws Exception { Persister persister = new Persister(); - persister.validate(this.getClass(), new InputStreamReader(sock.getInputStream()), true); + persister.validate(this.getClass(), new InputStreamReader(sock.getInputStream()), true); // $ hasTaintFlow } public void persisterRead1(Socket sock) throws Exception { Persister persister = new Persister(); - persister.read(this.getClass(), sock.getInputStream()); + persister.read(this.getClass(), sock.getInputStream()); // $ hasTaintFlow } - + public void persisterRead2(Socket sock) throws Exception { Persister persister = new Persister(); - persister.read(this.getClass(), sock.getInputStream(), true); + persister.read(this.getClass(), sock.getInputStream(), true); // $ hasTaintFlow } - + public void persisterRead3(Socket sock) throws Exception { Persister persister = new Persister(); - persister.read(this, sock.getInputStream()); + persister.read(this, sock.getInputStream()); // $ hasTaintFlow } - + public void persisterRead4(Socket sock) throws Exception { Persister persister = new Persister(); - persister.read(this, sock.getInputStream(), true); + persister.read(this, sock.getInputStream(), true); // $ hasTaintFlow } - + public void persisterRead5(Socket sock) throws Exception { Persister persister = new Persister(); - persister.read(this.getClass(), new InputStreamReader(sock.getInputStream())); + persister.read(this.getClass(), new InputStreamReader(sock.getInputStream())); // $ hasTaintFlow } public void persisterRead6(Socket sock) throws Exception { Persister persister = new Persister(); - persister.read(this.getClass(), new InputStreamReader(sock.getInputStream()), true); + persister.read(this.getClass(), new InputStreamReader(sock.getInputStream()), true); // $ hasTaintFlow } public void persisterRead7(Socket sock) throws Exception { Persister persister = new Persister(); - persister.read(this, new InputStreamReader(sock.getInputStream())); + persister.read(this, new InputStreamReader(sock.getInputStream())); // $ hasTaintFlow } public void persisterRead8(Socket sock) throws Exception { Persister persister = new Persister(); - persister.read(this, new InputStreamReader(sock.getInputStream()), true); + persister.read(this, new InputStreamReader(sock.getInputStream()), true); // $ hasTaintFlow } - + public void persisterRead9(Socket sock) throws Exception { Persister persister = new Persister(); - byte[] b = new byte[]{}; + byte[] b = new byte[] {}; sock.getInputStream().read(b); - persister.read(this.getClass(), new String(b)); + persister.read(this.getClass(), new String(b)); // $ hasTaintFlow } - + public void persisterRead10(Socket sock) throws Exception { Persister persister = new Persister(); - byte[] b = new byte[]{}; + byte[] b = new byte[] {}; sock.getInputStream().read(b); - persister.read(this.getClass(), new String(b), true); + persister.read(this.getClass(), new String(b), true); // $ hasTaintFlow } - + public void persisterRead11(Socket sock) throws Exception { Persister persister = new Persister(); - byte[] b = new byte[]{}; + byte[] b = new byte[] {}; sock.getInputStream().read(b); - persister.read(this, new String(b)); + persister.read(this, new String(b)); // $ hasTaintFlow } - + public void persisterRead12(Socket sock) throws Exception { Persister persister = new Persister(); - byte[] b = new byte[]{}; + byte[] b = new byte[] {}; sock.getInputStream().read(b); - persister.read(this, new String(b), true); + persister.read(this, new String(b), true); // $ hasTaintFlow } - + public void nodeBuilderRead1(Socket sock) throws Exception { - NodeBuilder.read(sock.getInputStream()); + NodeBuilder.read(sock.getInputStream()); // $ hasTaintFlow } - + public void nodeBuilderRead2(Socket sock) throws Exception { - NodeBuilder.read(new InputStreamReader(sock.getInputStream())); + NodeBuilder.read(new InputStreamReader(sock.getInputStream())); // $ hasTaintFlow } - + public void documentProviderProvide1(Socket sock) throws Exception { DocumentProvider provider = new DocumentProvider(); - provider.provide(sock.getInputStream()); + provider.provide(sock.getInputStream()); // $ hasTaintFlow } - + public void documentProviderProvide2(Socket sock) throws Exception { DocumentProvider provider = new DocumentProvider(); - provider.provide(new InputStreamReader(sock.getInputStream())); + provider.provide(new InputStreamReader(sock.getInputStream())); // $ hasTaintFlow } public void streamProviderProvide1(Socket sock) throws Exception { StreamProvider provider = new StreamProvider(); - provider.provide(sock.getInputStream()); + provider.provide(sock.getInputStream()); // $ hasTaintFlow } public void streamProviderProvide2(Socket sock) throws Exception { StreamProvider provider = new StreamProvider(); - provider.provide(new InputStreamReader(sock.getInputStream())); + provider.provide(new InputStreamReader(sock.getInputStream())); // $ hasTaintFlow } public void formatterFormat1(Socket sock) throws Exception { Formatter formatter = new Formatter(); - byte[] b = new byte[]{}; + byte[] b = new byte[] {}; sock.getInputStream().read(b); - formatter.format(new String(b), null); + formatter.format(new String(b), null); // $ hasTaintFlow } - + public void formatterFormat2(Socket sock) throws Exception { Formatter formatter = new Formatter(); - byte[] b = new byte[]{}; + byte[] b = new byte[] {}; sock.getInputStream().read(b); - formatter.format(new String(b)); + formatter.format(new String(b)); // $ hasTaintFlow } } diff --git a/java/ql/test/query-tests/security/CWE-611/TransformerTests.java b/java/ql/test/query-tests/security/CWE-611/TransformerTests.java index 696d00c3fcf..afba1790f0c 100644 --- a/java/ql/test/query-tests/security/CWE-611/TransformerTests.java +++ b/java/ql/test/query-tests/security/CWE-611/TransformerTests.java @@ -17,8 +17,8 @@ public class TransformerTests { public void unconfiguredTransformerFactory(Socket sock) throws Exception { TransformerFactory tf = TransformerFactory.newInstance(); Transformer transformer = tf.newTransformer(); - transformer.transform(new StreamSource(sock.getInputStream()), null); //unsafe - tf.newTransformer(new StreamSource(sock.getInputStream())); //unsafe + transformer.transform(new StreamSource(sock.getInputStream()), null); // $ hasTaintFlow + tf.newTransformer(new StreamSource(sock.getInputStream())); // $ hasTaintFlow } public void safeTransformerFactory1(Socket sock) throws Exception { @@ -26,8 +26,8 @@ public class TransformerTests { tf.setAttribute("http://javax.xml.XMLConstants/property/accessExternalDTD", ""); tf.setAttribute("http://javax.xml.XMLConstants/property/accessExternalStylesheet", ""); Transformer transformer = tf.newTransformer(); - transformer.transform(new StreamSource(sock.getInputStream()), null); //safe - tf.newTransformer(new StreamSource(sock.getInputStream())); //safe + transformer.transform(new StreamSource(sock.getInputStream()), null); // safe + tf.newTransformer(new StreamSource(sock.getInputStream())); // safe } public void safeTransformerFactory2(Socket sock) throws Exception { @@ -35,49 +35,49 @@ public class TransformerTests { tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); Transformer transformer = tf.newTransformer(); - transformer.transform(new StreamSource(sock.getInputStream()), null); //safe - tf.newTransformer(new StreamSource(sock.getInputStream())); //safe + transformer.transform(new StreamSource(sock.getInputStream()), null); // safe + tf.newTransformer(new StreamSource(sock.getInputStream())); // safe } public void safeTransformerFactory3(Socket sock) throws Exception { - TransformerFactory tf = TransformerFactory.newInstance(); - Transformer transformer = tf.newTransformer(); + TransformerFactory tf = TransformerFactory.newInstance(); + Transformer transformer = tf.newTransformer(); XMLReader reader = XMLReaderFactory.createXMLReader(); reader.setFeature("http://xml.org/sax/features/external-general-entities", false); reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); - reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd",false); - SAXSource source = new SAXSource(reader, new InputSource(sock.getInputStream())); //safe - transformer.transform(source, null); //safe - tf.newTransformer(source); //safe + reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); + SAXSource source = new SAXSource(reader, new InputSource(sock.getInputStream())); // safe + transformer.transform(source, null); // safe + tf.newTransformer(source); // safe } public void safeTransformerFactory4(Socket sock) throws Exception { - TransformerFactory tf = TransformerFactory.newInstance(); - Transformer transformer = tf.newTransformer(); + TransformerFactory tf = TransformerFactory.newInstance(); + Transformer transformer = tf.newTransformer(); XMLReader reader = XMLReaderFactory.createXMLReader(); reader.setFeature("http://xml.org/sax/features/external-general-entities", false); reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); - reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd",false); + reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); SAXSource source = new SAXSource(new InputSource(sock.getInputStream())); source.setXMLReader(reader); - transformer.transform(source, null); //safe - tf.newTransformer(source); //safe + transformer.transform(source, null); // safe + tf.newTransformer(source); // safe } public void partialConfiguredTransformerFactory1(Socket sock) throws Exception { TransformerFactory tf = TransformerFactory.newInstance(); tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); Transformer transformer = tf.newTransformer(); - transformer.transform(new StreamSource(sock.getInputStream()), null); //unsafe - tf.newTransformer(new StreamSource(sock.getInputStream())); //unsafe + transformer.transform(new StreamSource(sock.getInputStream()), null); // $ hasTaintFlow + tf.newTransformer(new StreamSource(sock.getInputStream())); // $ hasTaintFlow } public void partialConfiguredTransformerFactory2(Socket sock) throws Exception { TransformerFactory tf = TransformerFactory.newInstance(); tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); Transformer transformer = tf.newTransformer(); - transformer.transform(new StreamSource(sock.getInputStream()), null); //unsafe - tf.newTransformer(new StreamSource(sock.getInputStream())); //unsafe + transformer.transform(new StreamSource(sock.getInputStream()), null); // $ hasTaintFlow + tf.newTransformer(new StreamSource(sock.getInputStream())); // $ hasTaintFlow } public void misConfiguredTransformerFactory1(Socket sock) throws Exception { @@ -85,8 +85,8 @@ public class TransformerTests { Transformer transformer = tf.newTransformer(); tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "ab"); tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); - transformer.transform(new StreamSource(sock.getInputStream()), null); //unsafe - tf.newTransformer(new StreamSource(sock.getInputStream())); //unsafe + transformer.transform(new StreamSource(sock.getInputStream()), null); // $ hasTaintFlow + tf.newTransformer(new StreamSource(sock.getInputStream())); // $ hasTaintFlow } public void misConfiguredTransformerFactory2(Socket sock) throws Exception { @@ -94,50 +94,50 @@ public class TransformerTests { Transformer transformer = tf.newTransformer(); tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "cd"); - transformer.transform(new StreamSource(sock.getInputStream()), null); //unsafe - tf.newTransformer(new StreamSource(sock.getInputStream())); //unsafe + transformer.transform(new StreamSource(sock.getInputStream()), null); // $ hasTaintFlow + tf.newTransformer(new StreamSource(sock.getInputStream())); // $ hasTaintFlow } public void unconfiguredSAXTransformerFactory(Socket sock) throws Exception { - SAXTransformerFactory sf = (SAXTransformerFactory)SAXTransformerFactory.newInstance(); - sf.newXMLFilter(new StreamSource(sock.getInputStream())); //unsafe + SAXTransformerFactory sf = (SAXTransformerFactory) SAXTransformerFactory.newInstance(); + sf.newXMLFilter(new StreamSource(sock.getInputStream())); // $ hasTaintFlow } public void safeSAXTransformerFactory(Socket sock) throws Exception { - SAXTransformerFactory sf = (SAXTransformerFactory)SAXTransformerFactory.newInstance(); + SAXTransformerFactory sf = (SAXTransformerFactory) SAXTransformerFactory.newInstance(); sf.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); sf.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); - sf.newXMLFilter(new StreamSource(sock.getInputStream())); //safe + sf.newXMLFilter(new StreamSource(sock.getInputStream())); // safe } public void partialConfiguredSAXTransformerFactory1(Socket sock) throws Exception { - SAXTransformerFactory sf = (SAXTransformerFactory)SAXTransformerFactory.newInstance(); + SAXTransformerFactory sf = (SAXTransformerFactory) SAXTransformerFactory.newInstance(); sf.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); - sf.newXMLFilter(new StreamSource(sock.getInputStream())); //unsafe + sf.newXMLFilter(new StreamSource(sock.getInputStream())); // $ hasTaintFlow } public void partialConfiguredSAXTransformerFactory2(Socket sock) throws Exception { - SAXTransformerFactory sf = (SAXTransformerFactory)SAXTransformerFactory.newInstance(); + SAXTransformerFactory sf = (SAXTransformerFactory) SAXTransformerFactory.newInstance(); sf.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); - sf.newXMLFilter(new StreamSource(sock.getInputStream())); //unsafe + sf.newXMLFilter(new StreamSource(sock.getInputStream())); // $ hasTaintFlow } public void misConfiguredSAXTransformerFactory1(Socket sock) throws Exception { - SAXTransformerFactory sf = (SAXTransformerFactory)SAXTransformerFactory.newInstance(); + SAXTransformerFactory sf = (SAXTransformerFactory) SAXTransformerFactory.newInstance(); sf.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "ab"); sf.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); - sf.newXMLFilter(new StreamSource(sock.getInputStream())); //unsafe + sf.newXMLFilter(new StreamSource(sock.getInputStream())); // $ hasTaintFlow } public void misConfiguredSAXTransformerFactory2(Socket sock) throws Exception { - SAXTransformerFactory sf = (SAXTransformerFactory)SAXTransformerFactory.newInstance(); + SAXTransformerFactory sf = (SAXTransformerFactory) SAXTransformerFactory.newInstance(); sf.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); sf.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "cd"); - sf.newXMLFilter(new StreamSource(sock.getInputStream())); //unsafe + sf.newXMLFilter(new StreamSource(sock.getInputStream())); // $ hasTaintFlow } public void taintedSAXSource(Socket sock) throws Exception { - SAXTransformerFactory sf = (SAXTransformerFactory)SAXTransformerFactory.newInstance(); - sf.newXMLFilter(new SAXSource(new InputSource(sock.getInputStream()))); //unsafe + SAXTransformerFactory sf = (SAXTransformerFactory) SAXTransformerFactory.newInstance(); + sf.newXMLFilter(new SAXSource(new InputSource(sock.getInputStream()))); // $ hasTaintFlow } } diff --git a/java/ql/test/query-tests/security/CWE-611/UnmarshallerTests.java b/java/ql/test/query-tests/security/CWE-611/UnmarshallerTests.java index f29018d599a..54efa567aa3 100644 --- a/java/ql/test/query-tests/security/CWE-611/UnmarshallerTests.java +++ b/java/ql/test/query-tests/security/CWE-611/UnmarshallerTests.java @@ -16,15 +16,16 @@ public class UnmarshallerTests { spf.setFeature("http://xml.org/sax/features/external-parameter-entities", false); spf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); JAXBContext jc = JAXBContext.newInstance(Object.class); - Source xmlSource = new SAXSource(spf.newSAXParser().getXMLReader(), new InputSource(sock.getInputStream())); + Source xmlSource = + new SAXSource(spf.newSAXParser().getXMLReader(), new InputSource(sock.getInputStream())); Unmarshaller um = jc.createUnmarshaller(); - um.unmarshal(xmlSource); //safe + um.unmarshal(xmlSource); // safe } public void unsafeUnmarshal(Socket sock) throws Exception { SAXParserFactory spf = SAXParserFactory.newInstance(); JAXBContext jc = JAXBContext.newInstance(Object.class); Unmarshaller um = jc.createUnmarshaller(); - um.unmarshal(sock.getInputStream()); //unsafe + um.unmarshal(sock.getInputStream()); // $ hasTaintFlow } } diff --git a/java/ql/test/query-tests/security/CWE-611/ValidatorTests.java b/java/ql/test/query-tests/security/CWE-611/ValidatorTests.java index 06d32ab95ae..091be21676a 100644 --- a/java/ql/test/query-tests/security/CWE-611/ValidatorTests.java +++ b/java/ql/test/query-tests/security/CWE-611/ValidatorTests.java @@ -19,7 +19,7 @@ public class ValidatorTests { Schema schema = factory.newSchema(); Validator validator = schema.newValidator(); StreamSource source = new StreamSource(servletInputStream); - validator.validate(source); // bad + validator.validate(source); // $ hasTaintFlow } @PostMapping(value = "good") diff --git a/java/ql/test/query-tests/security/CWE-611/XMLDecoderTests.java b/java/ql/test/query-tests/security/CWE-611/XMLDecoderTests.java index 434bfe9daed..8e75ebc1401 100644 --- a/java/ql/test/query-tests/security/CWE-611/XMLDecoderTests.java +++ b/java/ql/test/query-tests/security/CWE-611/XMLDecoderTests.java @@ -15,7 +15,7 @@ public class XMLDecoderTests { public void bad3(HttpServletRequest request) throws Exception { ServletInputStream servletInputStream = request.getInputStream(); XMLDecoder xmlDecoder = new XMLDecoder(servletInputStream); - xmlDecoder.readObject(); // bad + xmlDecoder.readObject(); // $ hasTaintFlow } @PostMapping(value = "good") diff --git a/java/ql/test/query-tests/security/CWE-611/XMLReaderTests.java b/java/ql/test/query-tests/security/CWE-611/XMLReaderTests.java index 9f63e64d0c9..15536b766b7 100644 --- a/java/ql/test/query-tests/security/CWE-611/XMLReaderTests.java +++ b/java/ql/test/query-tests/security/CWE-611/XMLReaderTests.java @@ -13,23 +13,23 @@ public class XMLReaderTests { public void unconfiguredReader(Socket sock) throws Exception { XMLReader reader = XMLReaderFactory.createXMLReader(); - reader.parse(new InputSource(sock.getInputStream())); //unsafe + reader.parse(new InputSource(sock.getInputStream())); // $ hasTaintFlow } public void safeReaderFromConfig1(Socket sock) throws Exception { XMLReader reader = XMLReaderFactory.createXMLReader(); reader.setFeature("http://xml.org/sax/features/external-general-entities", false); reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); - reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd",false); - reader.parse(new InputSource(sock.getInputStream())); //safe + reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); + reader.parse(new InputSource(sock.getInputStream())); // safe } public void safeReaderFromConfig2(Socket sock) throws Exception { XMLReader reader = XMLReaderFactory.createXMLReader(); reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); - reader.parse(new InputSource(sock.getInputStream())); //safe + reader.parse(new InputSource(sock.getInputStream())); // safe } - + public void safeReaderFromSAXParser(Socket sock) throws Exception { SAXParserFactory factory = SAXParserFactory.newInstance(); factory.setFeature("http://xml.org/sax/features/external-general-entities", false); @@ -37,66 +37,66 @@ public class XMLReaderTests { factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); SAXParser parser = factory.newSAXParser(); XMLReader reader = parser.getXMLReader(); - reader.parse(new InputSource(sock.getInputStream())); //safe + reader.parse(new InputSource(sock.getInputStream())); // safe } public void safeReaderFromSAXReader(Socket sock) throws Exception { SAXReader reader = new SAXReader(); reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); reader.setFeature("http://xml.org/sax/features/external-general-entities", false); - reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); + reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); XMLReader xmlReader = reader.getXMLReader(); - xmlReader.parse(new InputSource(sock.getInputStream())); //safe + xmlReader.parse(new InputSource(sock.getInputStream())); // safe } public void partialConfiguredXMLReader1(Socket sock) throws Exception { XMLReader reader = XMLReaderFactory.createXMLReader(); reader.setFeature("http://xml.org/sax/features/external-general-entities", false); reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); - reader.parse(new InputSource(sock.getInputStream())); //unsafe + reader.parse(new InputSource(sock.getInputStream())); // $ hasTaintFlow } public void partialConfiguredXMLReader2(Socket sock) throws Exception { XMLReader reader = XMLReaderFactory.createXMLReader(); reader.setFeature("http://xml.org/sax/features/external-general-entities", false); - reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd",false); - reader.parse(new InputSource(sock.getInputStream())); //unsafe + reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); + reader.parse(new InputSource(sock.getInputStream())); // $ hasTaintFlow } public void partilaConfiguredXMLReader3(Socket sock) throws Exception { XMLReader reader = XMLReaderFactory.createXMLReader(); reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); - reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd",false); - reader.parse(new InputSource(sock.getInputStream())); //unsafe + reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); + reader.parse(new InputSource(sock.getInputStream())); // $ hasTaintFlow } public void misConfiguredXMLReader1(Socket sock) throws Exception { XMLReader reader = XMLReaderFactory.createXMLReader(); reader.setFeature("http://xml.org/sax/features/external-general-entities", true); reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); - reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd",false); - reader.parse(new InputSource(sock.getInputStream())); //unsafe + reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); + reader.parse(new InputSource(sock.getInputStream())); // $ hasTaintFlow } public void misConfiguredXMLReader2(Socket sock) throws Exception { XMLReader reader = XMLReaderFactory.createXMLReader(); reader.setFeature("http://xml.org/sax/features/external-general-entities", false); reader.setFeature("http://xml.org/sax/features/external-parameter-entities", true); - reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd",false); - reader.parse(new InputSource(sock.getInputStream())); //unsafe + reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); + reader.parse(new InputSource(sock.getInputStream())); // $ hasTaintFlow } public void misConfiguredXMLReader3(Socket sock) throws Exception { XMLReader reader = XMLReaderFactory.createXMLReader(); reader.setFeature("http://xml.org/sax/features/external-general-entities", false); reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); - reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", true); - reader.parse(new InputSource(sock.getInputStream())); //unsafe + reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", true); + reader.parse(new InputSource(sock.getInputStream())); // $ hasTaintFlow } - + public void misConfiguredXMLReader4(Socket sock) throws Exception { XMLReader reader = XMLReaderFactory.createXMLReader(); reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", false); - reader.parse(new InputSource(sock.getInputStream())); //unsafe + reader.parse(new InputSource(sock.getInputStream())); // $ hasTaintFlow } } diff --git a/java/ql/test/query-tests/security/CWE-611/XPathExpressionTests.java b/java/ql/test/query-tests/security/CWE-611/XPathExpressionTests.java index 1d67b9a055f..2fd56736e67 100644 --- a/java/ql/test/query-tests/security/CWE-611/XPathExpressionTests.java +++ b/java/ql/test/query-tests/security/CWE-611/XPathExpressionTests.java @@ -12,18 +12,18 @@ public class XPathExpressionTests { public void safeXPathExpression(Socket sock) throws Exception { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); - DocumentBuilder builder = factory.newDocumentBuilder(); - XPathFactory xFactory = XPathFactory.newInstance(); - XPath path = xFactory.newXPath(); - XPathExpression expr = path.compile(""); - expr.evaluate(builder.parse(sock.getInputStream())); //safe + factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + XPathFactory xFactory = XPathFactory.newInstance(); + XPath path = xFactory.newXPath(); + XPathExpression expr = path.compile(""); + expr.evaluate(builder.parse(sock.getInputStream())); // safe } public void unsafeExpressionTests(Socket sock) throws Exception { - XPathFactory xFactory = XPathFactory.newInstance(); - XPath path = xFactory.newXPath(); - XPathExpression expr = path.compile(""); - expr.evaluate(new InputSource(sock.getInputStream())); //unsafe + XPathFactory xFactory = XPathFactory.newInstance(); + XPath path = xFactory.newXPath(); + XPathExpression expr = path.compile(""); + expr.evaluate(new InputSource(sock.getInputStream())); // $ hasTaintFlow } } diff --git a/java/ql/test/query-tests/security/CWE-611/XXE.expected b/java/ql/test/query-tests/security/CWE-611/XXE.expected index dec71c301d5..e69de29bb2d 100644 --- a/java/ql/test/query-tests/security/CWE-611/XXE.expected +++ b/java/ql/test/query-tests/security/CWE-611/XXE.expected @@ -1,373 +0,0 @@ -edges -| DigesterTests.java:14:49:14:72 | getInputStream(...) : ServletInputStream | DigesterTests.java:16:24:16:41 | servletInputStream | -| DocumentBuilderTests.java:93:21:93:73 | new SAXSource(...) : SAXSource | DocumentBuilderTests.java:94:16:94:21 | source : SAXSource | -| DocumentBuilderTests.java:93:35:93:72 | new InputSource(...) : InputSource | DocumentBuilderTests.java:93:21:93:73 | new SAXSource(...) : SAXSource | -| DocumentBuilderTests.java:93:51:93:71 | getInputStream(...) : InputStream | DocumentBuilderTests.java:93:35:93:72 | new InputSource(...) : InputSource | -| DocumentBuilderTests.java:94:16:94:21 | source : SAXSource | DocumentBuilderTests.java:94:16:94:38 | getInputSource(...) | -| DocumentBuilderTests.java:100:24:100:62 | new StreamSource(...) : StreamSource | DocumentBuilderTests.java:101:46:101:51 | source : StreamSource | -| DocumentBuilderTests.java:100:24:100:62 | new StreamSource(...) : StreamSource | DocumentBuilderTests.java:102:16:102:21 | source : StreamSource | -| DocumentBuilderTests.java:100:41:100:61 | getInputStream(...) : InputStream | DocumentBuilderTests.java:100:24:100:62 | new StreamSource(...) : StreamSource | -| DocumentBuilderTests.java:101:46:101:51 | source : StreamSource | DocumentBuilderTests.java:101:16:101:52 | sourceToInputSource(...) | -| DocumentBuilderTests.java:102:16:102:21 | source : StreamSource | DocumentBuilderTests.java:102:16:102:38 | getInputStream(...) | -| SAXSourceTests.java:17:24:17:84 | new SAXSource(...) : SAXSource | SAXSourceTests.java:20:18:20:23 | source | -| SAXSourceTests.java:17:46:17:83 | new InputSource(...) : InputSource | SAXSourceTests.java:17:24:17:84 | new SAXSource(...) : SAXSource | -| SAXSourceTests.java:17:62:17:82 | getInputStream(...) : InputStream | SAXSourceTests.java:17:46:17:83 | new InputSource(...) : InputSource | -| SchemaTests.java:12:56:12:76 | getInputStream(...) : InputStream | SchemaTests.java:12:39:12:77 | new StreamSource(...) | -| SchemaTests.java:25:56:25:76 | getInputStream(...) : InputStream | SchemaTests.java:25:39:25:77 | new StreamSource(...) | -| SchemaTests.java:31:56:31:76 | getInputStream(...) : InputStream | SchemaTests.java:31:39:31:77 | new StreamSource(...) | -| SchemaTests.java:38:56:38:76 | getInputStream(...) : InputStream | SchemaTests.java:38:39:38:77 | new StreamSource(...) | -| SchemaTests.java:45:56:45:76 | getInputStream(...) : InputStream | SchemaTests.java:45:39:45:77 | new StreamSource(...) | -| SimpleXMLTests.java:24:63:24:83 | getInputStream(...) : InputStream | SimpleXMLTests.java:24:41:24:84 | new InputStreamReader(...) | -| SimpleXMLTests.java:30:5:30:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:30:32:30:32 | b [post update] : byte[] | -| SimpleXMLTests.java:30:32:30:32 | b [post update] : byte[] | SimpleXMLTests.java:31:52:31:52 | b : byte[] | -| SimpleXMLTests.java:31:52:31:52 | b : byte[] | SimpleXMLTests.java:31:41:31:53 | new String(...) | -| SimpleXMLTests.java:37:5:37:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:37:32:37:32 | b [post update] : byte[] | -| SimpleXMLTests.java:37:32:37:32 | b [post update] : byte[] | SimpleXMLTests.java:38:52:38:52 | b : byte[] | -| SimpleXMLTests.java:38:52:38:52 | b : byte[] | SimpleXMLTests.java:38:41:38:53 | new String(...) | -| SimpleXMLTests.java:43:63:43:83 | getInputStream(...) : InputStream | SimpleXMLTests.java:43:41:43:84 | new InputStreamReader(...) | -| SimpleXMLTests.java:68:59:68:79 | getInputStream(...) : InputStream | SimpleXMLTests.java:68:37:68:80 | new InputStreamReader(...) | -| SimpleXMLTests.java:73:59:73:79 | getInputStream(...) : InputStream | SimpleXMLTests.java:73:37:73:80 | new InputStreamReader(...) | -| SimpleXMLTests.java:78:48:78:68 | getInputStream(...) : InputStream | SimpleXMLTests.java:78:26:78:69 | new InputStreamReader(...) | -| SimpleXMLTests.java:83:48:83:68 | getInputStream(...) : InputStream | SimpleXMLTests.java:83:26:83:69 | new InputStreamReader(...) | -| SimpleXMLTests.java:89:5:89:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:89:32:89:32 | b [post update] : byte[] | -| SimpleXMLTests.java:89:32:89:32 | b [post update] : byte[] | SimpleXMLTests.java:90:48:90:48 | b : byte[] | -| SimpleXMLTests.java:90:48:90:48 | b : byte[] | SimpleXMLTests.java:90:37:90:49 | new String(...) | -| SimpleXMLTests.java:96:5:96:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:96:32:96:32 | b [post update] : byte[] | -| SimpleXMLTests.java:96:32:96:32 | b [post update] : byte[] | SimpleXMLTests.java:97:48:97:48 | b : byte[] | -| SimpleXMLTests.java:97:48:97:48 | b : byte[] | SimpleXMLTests.java:97:37:97:49 | new String(...) | -| SimpleXMLTests.java:103:5:103:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:103:32:103:32 | b [post update] : byte[] | -| SimpleXMLTests.java:103:32:103:32 | b [post update] : byte[] | SimpleXMLTests.java:104:37:104:37 | b : byte[] | -| SimpleXMLTests.java:104:37:104:37 | b : byte[] | SimpleXMLTests.java:104:26:104:38 | new String(...) | -| SimpleXMLTests.java:110:5:110:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:110:32:110:32 | b [post update] : byte[] | -| SimpleXMLTests.java:110:32:110:32 | b [post update] : byte[] | SimpleXMLTests.java:111:37:111:37 | b : byte[] | -| SimpleXMLTests.java:111:37:111:37 | b : byte[] | SimpleXMLTests.java:111:26:111:38 | new String(...) | -| SimpleXMLTests.java:119:44:119:64 | getInputStream(...) : InputStream | SimpleXMLTests.java:119:22:119:65 | new InputStreamReader(...) | -| SimpleXMLTests.java:129:44:129:64 | getInputStream(...) : InputStream | SimpleXMLTests.java:129:22:129:65 | new InputStreamReader(...) | -| SimpleXMLTests.java:139:44:139:64 | getInputStream(...) : InputStream | SimpleXMLTests.java:139:22:139:65 | new InputStreamReader(...) | -| SimpleXMLTests.java:145:5:145:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:145:32:145:32 | b [post update] : byte[] | -| SimpleXMLTests.java:145:32:145:32 | b [post update] : byte[] | SimpleXMLTests.java:146:33:146:33 | b : byte[] | -| SimpleXMLTests.java:146:33:146:33 | b : byte[] | SimpleXMLTests.java:146:22:146:34 | new String(...) | -| SimpleXMLTests.java:152:5:152:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:152:32:152:32 | b [post update] : byte[] | -| SimpleXMLTests.java:152:32:152:32 | b [post update] : byte[] | SimpleXMLTests.java:153:33:153:33 | b : byte[] | -| SimpleXMLTests.java:153:33:153:33 | b : byte[] | SimpleXMLTests.java:153:22:153:34 | new String(...) | -| TransformerTests.java:20:44:20:64 | getInputStream(...) : InputStream | TransformerTests.java:20:27:20:65 | new StreamSource(...) | -| TransformerTests.java:21:40:21:60 | getInputStream(...) : InputStream | TransformerTests.java:21:23:21:61 | new StreamSource(...) | -| TransformerTests.java:71:44:71:64 | getInputStream(...) : InputStream | TransformerTests.java:71:27:71:65 | new StreamSource(...) | -| TransformerTests.java:72:40:72:60 | getInputStream(...) : InputStream | TransformerTests.java:72:23:72:61 | new StreamSource(...) | -| TransformerTests.java:79:44:79:64 | getInputStream(...) : InputStream | TransformerTests.java:79:27:79:65 | new StreamSource(...) | -| TransformerTests.java:80:40:80:60 | getInputStream(...) : InputStream | TransformerTests.java:80:23:80:61 | new StreamSource(...) | -| TransformerTests.java:88:44:88:64 | getInputStream(...) : InputStream | TransformerTests.java:88:27:88:65 | new StreamSource(...) | -| TransformerTests.java:89:40:89:60 | getInputStream(...) : InputStream | TransformerTests.java:89:23:89:61 | new StreamSource(...) | -| TransformerTests.java:97:44:97:64 | getInputStream(...) : InputStream | TransformerTests.java:97:27:97:65 | new StreamSource(...) | -| TransformerTests.java:98:40:98:60 | getInputStream(...) : InputStream | TransformerTests.java:98:23:98:61 | new StreamSource(...) | -| TransformerTests.java:103:38:103:58 | getInputStream(...) : InputStream | TransformerTests.java:103:21:103:59 | new StreamSource(...) | -| TransformerTests.java:116:38:116:58 | getInputStream(...) : InputStream | TransformerTests.java:116:21:116:59 | new StreamSource(...) | -| TransformerTests.java:122:38:122:58 | getInputStream(...) : InputStream | TransformerTests.java:122:21:122:59 | new StreamSource(...) | -| TransformerTests.java:129:38:129:58 | getInputStream(...) : InputStream | TransformerTests.java:129:21:129:59 | new StreamSource(...) | -| TransformerTests.java:136:38:136:58 | getInputStream(...) : InputStream | TransformerTests.java:136:21:136:59 | new StreamSource(...) | -| TransformerTests.java:141:32:141:69 | new InputSource(...) : InputSource | TransformerTests.java:141:18:141:70 | new SAXSource(...) | -| TransformerTests.java:141:48:141:68 | getInputStream(...) : InputStream | TransformerTests.java:141:32:141:69 | new InputSource(...) : InputSource | -| ValidatorTests.java:17:49:17:72 | getInputStream(...) : ServletInputStream | ValidatorTests.java:21:48:21:65 | servletInputStream : ServletInputStream | -| ValidatorTests.java:21:31:21:66 | new StreamSource(...) : StreamSource | ValidatorTests.java:22:28:22:33 | source | -| ValidatorTests.java:21:48:21:65 | servletInputStream : ServletInputStream | ValidatorTests.java:21:31:21:66 | new StreamSource(...) : StreamSource | -| XMLDecoderTests.java:16:49:16:72 | getInputStream(...) : ServletInputStream | XMLDecoderTests.java:17:48:17:65 | servletInputStream : ServletInputStream | -| XMLDecoderTests.java:17:33:17:66 | new XMLDecoder(...) : XMLDecoder | XMLDecoderTests.java:18:9:18:18 | xmlDecoder | -| XMLDecoderTests.java:17:48:17:65 | servletInputStream : ServletInputStream | XMLDecoderTests.java:17:33:17:66 | new XMLDecoder(...) : XMLDecoder | -| XMLReaderTests.java:16:34:16:54 | getInputStream(...) : InputStream | XMLReaderTests.java:16:18:16:55 | new InputSource(...) | -| XMLReaderTests.java:56:34:56:54 | getInputStream(...) : InputStream | XMLReaderTests.java:56:18:56:55 | new InputSource(...) | -| XMLReaderTests.java:63:34:63:54 | getInputStream(...) : InputStream | XMLReaderTests.java:63:18:63:55 | new InputSource(...) | -| XMLReaderTests.java:70:34:70:54 | getInputStream(...) : InputStream | XMLReaderTests.java:70:18:70:55 | new InputSource(...) | -| XMLReaderTests.java:78:34:78:54 | getInputStream(...) : InputStream | XMLReaderTests.java:78:18:78:55 | new InputSource(...) | -| XMLReaderTests.java:86:34:86:54 | getInputStream(...) : InputStream | XMLReaderTests.java:86:18:86:55 | new InputSource(...) | -| XMLReaderTests.java:94:34:94:54 | getInputStream(...) : InputStream | XMLReaderTests.java:94:18:94:55 | new InputSource(...) | -| XMLReaderTests.java:100:34:100:54 | getInputStream(...) : InputStream | XMLReaderTests.java:100:18:100:55 | new InputSource(...) | -| XPathExpressionTests.java:27:37:27:57 | getInputStream(...) : InputStream | XPathExpressionTests.java:27:21:27:58 | new InputSource(...) | -nodes -| DigesterTests.java:14:49:14:72 | getInputStream(...) : ServletInputStream | semmle.label | getInputStream(...) : ServletInputStream | -| DigesterTests.java:16:24:16:41 | servletInputStream | semmle.label | servletInputStream | -| DocumentBuilderTests.java:14:19:14:39 | getInputStream(...) | semmle.label | getInputStream(...) | -| DocumentBuilderTests.java:28:19:28:39 | getInputStream(...) | semmle.label | getInputStream(...) | -| DocumentBuilderTests.java:35:19:35:39 | getInputStream(...) | semmle.label | getInputStream(...) | -| DocumentBuilderTests.java:42:19:42:39 | getInputStream(...) | semmle.label | getInputStream(...) | -| DocumentBuilderTests.java:49:19:49:39 | getInputStream(...) | semmle.label | getInputStream(...) | -| DocumentBuilderTests.java:64:19:64:39 | getInputStream(...) | semmle.label | getInputStream(...) | -| DocumentBuilderTests.java:71:19:71:39 | getInputStream(...) | semmle.label | getInputStream(...) | -| DocumentBuilderTests.java:79:19:79:39 | getInputStream(...) | semmle.label | getInputStream(...) | -| DocumentBuilderTests.java:87:19:87:39 | getInputStream(...) | semmle.label | getInputStream(...) | -| DocumentBuilderTests.java:93:21:93:73 | new SAXSource(...) : SAXSource | semmle.label | new SAXSource(...) : SAXSource | -| DocumentBuilderTests.java:93:35:93:72 | new InputSource(...) : InputSource | semmle.label | new InputSource(...) : InputSource | -| DocumentBuilderTests.java:93:51:93:71 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| DocumentBuilderTests.java:94:16:94:21 | source : SAXSource | semmle.label | source : SAXSource | -| DocumentBuilderTests.java:94:16:94:38 | getInputSource(...) | semmle.label | getInputSource(...) | -| DocumentBuilderTests.java:100:24:100:62 | new StreamSource(...) : StreamSource | semmle.label | new StreamSource(...) : StreamSource | -| DocumentBuilderTests.java:100:41:100:61 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| DocumentBuilderTests.java:101:16:101:52 | sourceToInputSource(...) | semmle.label | sourceToInputSource(...) | -| DocumentBuilderTests.java:101:46:101:51 | source : StreamSource | semmle.label | source : StreamSource | -| DocumentBuilderTests.java:102:16:102:21 | source : StreamSource | semmle.label | source : StreamSource | -| DocumentBuilderTests.java:102:16:102:38 | getInputStream(...) | semmle.label | getInputStream(...) | -| ParserHelperTests.java:12:55:12:78 | getInputStream(...) | semmle.label | getInputStream(...) | -| SAXBuilderTests.java:8:19:8:39 | getInputStream(...) | semmle.label | getInputStream(...) | -| SAXBuilderTests.java:20:19:20:39 | getInputStream(...) | semmle.label | getInputStream(...) | -| SAXParserTests.java:13:18:13:38 | getInputStream(...) | semmle.label | getInputStream(...) | -| SAXParserTests.java:30:18:30:38 | getInputStream(...) | semmle.label | getInputStream(...) | -| SAXParserTests.java:38:18:38:38 | getInputStream(...) | semmle.label | getInputStream(...) | -| SAXParserTests.java:46:18:46:38 | getInputStream(...) | semmle.label | getInputStream(...) | -| SAXParserTests.java:55:18:55:38 | getInputStream(...) | semmle.label | getInputStream(...) | -| SAXParserTests.java:64:18:64:38 | getInputStream(...) | semmle.label | getInputStream(...) | -| SAXParserTests.java:73:18:73:38 | getInputStream(...) | semmle.label | getInputStream(...) | -| SAXReaderTests.java:8:17:8:37 | getInputStream(...) | semmle.label | getInputStream(...) | -| SAXReaderTests.java:23:17:23:37 | getInputStream(...) | semmle.label | getInputStream(...) | -| SAXReaderTests.java:30:17:30:37 | getInputStream(...) | semmle.label | getInputStream(...) | -| SAXReaderTests.java:37:17:37:37 | getInputStream(...) | semmle.label | getInputStream(...) | -| SAXReaderTests.java:45:17:45:37 | getInputStream(...) | semmle.label | getInputStream(...) | -| SAXReaderTests.java:53:17:53:37 | getInputStream(...) | semmle.label | getInputStream(...) | -| SAXReaderTests.java:61:17:61:37 | getInputStream(...) | semmle.label | getInputStream(...) | -| SAXSourceTests.java:17:24:17:84 | new SAXSource(...) : SAXSource | semmle.label | new SAXSource(...) : SAXSource | -| SAXSourceTests.java:17:46:17:83 | new InputSource(...) : InputSource | semmle.label | new InputSource(...) : InputSource | -| SAXSourceTests.java:17:62:17:82 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| SAXSourceTests.java:20:18:20:23 | source | semmle.label | source | -| SchemaTests.java:12:39:12:77 | new StreamSource(...) | semmle.label | new StreamSource(...) | -| SchemaTests.java:12:56:12:76 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| SchemaTests.java:25:39:25:77 | new StreamSource(...) | semmle.label | new StreamSource(...) | -| SchemaTests.java:25:56:25:76 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| SchemaTests.java:31:39:31:77 | new StreamSource(...) | semmle.label | new StreamSource(...) | -| SchemaTests.java:31:56:31:76 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| SchemaTests.java:38:39:38:77 | new StreamSource(...) | semmle.label | new StreamSource(...) | -| SchemaTests.java:38:56:38:76 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| SchemaTests.java:45:39:45:77 | new StreamSource(...) | semmle.label | new StreamSource(...) | -| SchemaTests.java:45:56:45:76 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| SimpleXMLTests.java:14:41:14:61 | getInputStream(...) | semmle.label | getInputStream(...) | -| SimpleXMLTests.java:19:41:19:61 | getInputStream(...) | semmle.label | getInputStream(...) | -| SimpleXMLTests.java:24:41:24:84 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) | -| SimpleXMLTests.java:24:63:24:83 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| SimpleXMLTests.java:30:5:30:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| SimpleXMLTests.java:30:32:30:32 | b [post update] : byte[] | semmle.label | b [post update] : byte[] | -| SimpleXMLTests.java:31:41:31:53 | new String(...) | semmle.label | new String(...) | -| SimpleXMLTests.java:31:52:31:52 | b : byte[] | semmle.label | b : byte[] | -| SimpleXMLTests.java:37:5:37:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| SimpleXMLTests.java:37:32:37:32 | b [post update] : byte[] | semmle.label | b [post update] : byte[] | -| SimpleXMLTests.java:38:41:38:53 | new String(...) | semmle.label | new String(...) | -| SimpleXMLTests.java:38:52:38:52 | b : byte[] | semmle.label | b : byte[] | -| SimpleXMLTests.java:43:41:43:84 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) | -| SimpleXMLTests.java:43:63:43:83 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| SimpleXMLTests.java:48:37:48:57 | getInputStream(...) | semmle.label | getInputStream(...) | -| SimpleXMLTests.java:53:37:53:57 | getInputStream(...) | semmle.label | getInputStream(...) | -| SimpleXMLTests.java:58:26:58:46 | getInputStream(...) | semmle.label | getInputStream(...) | -| SimpleXMLTests.java:63:26:63:46 | getInputStream(...) | semmle.label | getInputStream(...) | -| SimpleXMLTests.java:68:37:68:80 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) | -| SimpleXMLTests.java:68:59:68:79 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| SimpleXMLTests.java:73:37:73:80 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) | -| SimpleXMLTests.java:73:59:73:79 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| SimpleXMLTests.java:78:26:78:69 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) | -| SimpleXMLTests.java:78:48:78:68 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| SimpleXMLTests.java:83:26:83:69 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) | -| SimpleXMLTests.java:83:48:83:68 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| SimpleXMLTests.java:89:5:89:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| SimpleXMLTests.java:89:32:89:32 | b [post update] : byte[] | semmle.label | b [post update] : byte[] | -| SimpleXMLTests.java:90:37:90:49 | new String(...) | semmle.label | new String(...) | -| SimpleXMLTests.java:90:48:90:48 | b : byte[] | semmle.label | b : byte[] | -| SimpleXMLTests.java:96:5:96:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| SimpleXMLTests.java:96:32:96:32 | b [post update] : byte[] | semmle.label | b [post update] : byte[] | -| SimpleXMLTests.java:97:37:97:49 | new String(...) | semmle.label | new String(...) | -| SimpleXMLTests.java:97:48:97:48 | b : byte[] | semmle.label | b : byte[] | -| SimpleXMLTests.java:103:5:103:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| SimpleXMLTests.java:103:32:103:32 | b [post update] : byte[] | semmle.label | b [post update] : byte[] | -| SimpleXMLTests.java:104:26:104:38 | new String(...) | semmle.label | new String(...) | -| SimpleXMLTests.java:104:37:104:37 | b : byte[] | semmle.label | b : byte[] | -| SimpleXMLTests.java:110:5:110:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| SimpleXMLTests.java:110:32:110:32 | b [post update] : byte[] | semmle.label | b [post update] : byte[] | -| SimpleXMLTests.java:111:26:111:38 | new String(...) | semmle.label | new String(...) | -| SimpleXMLTests.java:111:37:111:37 | b : byte[] | semmle.label | b : byte[] | -| SimpleXMLTests.java:115:22:115:42 | getInputStream(...) | semmle.label | getInputStream(...) | -| SimpleXMLTests.java:119:22:119:65 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) | -| SimpleXMLTests.java:119:44:119:64 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| SimpleXMLTests.java:124:22:124:42 | getInputStream(...) | semmle.label | getInputStream(...) | -| SimpleXMLTests.java:129:22:129:65 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) | -| SimpleXMLTests.java:129:44:129:64 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| SimpleXMLTests.java:134:22:134:42 | getInputStream(...) | semmle.label | getInputStream(...) | -| SimpleXMLTests.java:139:22:139:65 | new InputStreamReader(...) | semmle.label | new InputStreamReader(...) | -| SimpleXMLTests.java:139:44:139:64 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| SimpleXMLTests.java:145:5:145:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| SimpleXMLTests.java:145:32:145:32 | b [post update] : byte[] | semmle.label | b [post update] : byte[] | -| SimpleXMLTests.java:146:22:146:34 | new String(...) | semmle.label | new String(...) | -| SimpleXMLTests.java:146:33:146:33 | b : byte[] | semmle.label | b : byte[] | -| SimpleXMLTests.java:152:5:152:25 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| SimpleXMLTests.java:152:32:152:32 | b [post update] : byte[] | semmle.label | b [post update] : byte[] | -| SimpleXMLTests.java:153:22:153:34 | new String(...) | semmle.label | new String(...) | -| SimpleXMLTests.java:153:33:153:33 | b : byte[] | semmle.label | b : byte[] | -| TransformerTests.java:20:27:20:65 | new StreamSource(...) | semmle.label | new StreamSource(...) | -| TransformerTests.java:20:44:20:64 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| TransformerTests.java:21:23:21:61 | new StreamSource(...) | semmle.label | new StreamSource(...) | -| TransformerTests.java:21:40:21:60 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| TransformerTests.java:71:27:71:65 | new StreamSource(...) | semmle.label | new StreamSource(...) | -| TransformerTests.java:71:44:71:64 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| TransformerTests.java:72:23:72:61 | new StreamSource(...) | semmle.label | new StreamSource(...) | -| TransformerTests.java:72:40:72:60 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| TransformerTests.java:79:27:79:65 | new StreamSource(...) | semmle.label | new StreamSource(...) | -| TransformerTests.java:79:44:79:64 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| TransformerTests.java:80:23:80:61 | new StreamSource(...) | semmle.label | new StreamSource(...) | -| TransformerTests.java:80:40:80:60 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| TransformerTests.java:88:27:88:65 | new StreamSource(...) | semmle.label | new StreamSource(...) | -| TransformerTests.java:88:44:88:64 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| TransformerTests.java:89:23:89:61 | new StreamSource(...) | semmle.label | new StreamSource(...) | -| TransformerTests.java:89:40:89:60 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| TransformerTests.java:97:27:97:65 | new StreamSource(...) | semmle.label | new StreamSource(...) | -| TransformerTests.java:97:44:97:64 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| TransformerTests.java:98:23:98:61 | new StreamSource(...) | semmle.label | new StreamSource(...) | -| TransformerTests.java:98:40:98:60 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| TransformerTests.java:103:21:103:59 | new StreamSource(...) | semmle.label | new StreamSource(...) | -| TransformerTests.java:103:38:103:58 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| TransformerTests.java:116:21:116:59 | new StreamSource(...) | semmle.label | new StreamSource(...) | -| TransformerTests.java:116:38:116:58 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| TransformerTests.java:122:21:122:59 | new StreamSource(...) | semmle.label | new StreamSource(...) | -| TransformerTests.java:122:38:122:58 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| TransformerTests.java:129:21:129:59 | new StreamSource(...) | semmle.label | new StreamSource(...) | -| TransformerTests.java:129:38:129:58 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| TransformerTests.java:136:21:136:59 | new StreamSource(...) | semmle.label | new StreamSource(...) | -| TransformerTests.java:136:38:136:58 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| TransformerTests.java:141:18:141:70 | new SAXSource(...) | semmle.label | new SAXSource(...) | -| TransformerTests.java:141:32:141:69 | new InputSource(...) : InputSource | semmle.label | new InputSource(...) : InputSource | -| TransformerTests.java:141:48:141:68 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| UnmarshallerTests.java:28:18:28:38 | getInputStream(...) | semmle.label | getInputStream(...) | -| ValidatorTests.java:17:49:17:72 | getInputStream(...) : ServletInputStream | semmle.label | getInputStream(...) : ServletInputStream | -| ValidatorTests.java:21:31:21:66 | new StreamSource(...) : StreamSource | semmle.label | new StreamSource(...) : StreamSource | -| ValidatorTests.java:21:48:21:65 | servletInputStream : ServletInputStream | semmle.label | servletInputStream : ServletInputStream | -| ValidatorTests.java:22:28:22:33 | source | semmle.label | source | -| XMLDecoderTests.java:16:49:16:72 | getInputStream(...) : ServletInputStream | semmle.label | getInputStream(...) : ServletInputStream | -| XMLDecoderTests.java:17:33:17:66 | new XMLDecoder(...) : XMLDecoder | semmle.label | new XMLDecoder(...) : XMLDecoder | -| XMLDecoderTests.java:17:48:17:65 | servletInputStream : ServletInputStream | semmle.label | servletInputStream : ServletInputStream | -| XMLDecoderTests.java:18:9:18:18 | xmlDecoder | semmle.label | xmlDecoder | -| XMLReaderTests.java:16:18:16:55 | new InputSource(...) | semmle.label | new InputSource(...) | -| XMLReaderTests.java:16:34:16:54 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| XMLReaderTests.java:56:18:56:55 | new InputSource(...) | semmle.label | new InputSource(...) | -| XMLReaderTests.java:56:34:56:54 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| XMLReaderTests.java:63:18:63:55 | new InputSource(...) | semmle.label | new InputSource(...) | -| XMLReaderTests.java:63:34:63:54 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| XMLReaderTests.java:70:18:70:55 | new InputSource(...) | semmle.label | new InputSource(...) | -| XMLReaderTests.java:70:34:70:54 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| XMLReaderTests.java:78:18:78:55 | new InputSource(...) | semmle.label | new InputSource(...) | -| XMLReaderTests.java:78:34:78:54 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| XMLReaderTests.java:86:18:86:55 | new InputSource(...) | semmle.label | new InputSource(...) | -| XMLReaderTests.java:86:34:86:54 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| XMLReaderTests.java:94:18:94:55 | new InputSource(...) | semmle.label | new InputSource(...) | -| XMLReaderTests.java:94:34:94:54 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| XMLReaderTests.java:100:18:100:55 | new InputSource(...) | semmle.label | new InputSource(...) | -| XMLReaderTests.java:100:34:100:54 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| XPathExpressionTests.java:27:21:27:58 | new InputSource(...) | semmle.label | new InputSource(...) | -| XPathExpressionTests.java:27:37:27:57 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| XmlInputFactoryTests.java:9:35:9:55 | getInputStream(...) | semmle.label | getInputStream(...) | -| XmlInputFactoryTests.java:10:34:10:54 | getInputStream(...) | semmle.label | getInputStream(...) | -| XmlInputFactoryTests.java:24:35:24:55 | getInputStream(...) | semmle.label | getInputStream(...) | -| XmlInputFactoryTests.java:25:34:25:54 | getInputStream(...) | semmle.label | getInputStream(...) | -| XmlInputFactoryTests.java:31:35:31:55 | getInputStream(...) | semmle.label | getInputStream(...) | -| XmlInputFactoryTests.java:32:34:32:54 | getInputStream(...) | semmle.label | getInputStream(...) | -| XmlInputFactoryTests.java:39:35:39:55 | getInputStream(...) | semmle.label | getInputStream(...) | -| XmlInputFactoryTests.java:40:34:40:54 | getInputStream(...) | semmle.label | getInputStream(...) | -| XmlInputFactoryTests.java:47:35:47:55 | getInputStream(...) | semmle.label | getInputStream(...) | -| XmlInputFactoryTests.java:48:34:48:54 | getInputStream(...) | semmle.label | getInputStream(...) | -| XmlInputFactoryTests.java:55:35:55:55 | getInputStream(...) | semmle.label | getInputStream(...) | -| XmlInputFactoryTests.java:56:34:56:54 | getInputStream(...) | semmle.label | getInputStream(...) | -subpaths -#select -| DigesterTests.java:16:24:16:41 | servletInputStream | DigesterTests.java:14:49:14:72 | getInputStream(...) : ServletInputStream | DigesterTests.java:16:24:16:41 | servletInputStream | XML parsing depends on a $@ without guarding against external entity expansion. | DigesterTests.java:14:49:14:72 | getInputStream(...) | user-provided value | -| DocumentBuilderTests.java:14:19:14:39 | getInputStream(...) | DocumentBuilderTests.java:14:19:14:39 | getInputStream(...) | DocumentBuilderTests.java:14:19:14:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:14:19:14:39 | getInputStream(...) | user-provided value | -| DocumentBuilderTests.java:28:19:28:39 | getInputStream(...) | DocumentBuilderTests.java:28:19:28:39 | getInputStream(...) | DocumentBuilderTests.java:28:19:28:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:28:19:28:39 | getInputStream(...) | user-provided value | -| DocumentBuilderTests.java:35:19:35:39 | getInputStream(...) | DocumentBuilderTests.java:35:19:35:39 | getInputStream(...) | DocumentBuilderTests.java:35:19:35:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:35:19:35:39 | getInputStream(...) | user-provided value | -| DocumentBuilderTests.java:42:19:42:39 | getInputStream(...) | DocumentBuilderTests.java:42:19:42:39 | getInputStream(...) | DocumentBuilderTests.java:42:19:42:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:42:19:42:39 | getInputStream(...) | user-provided value | -| DocumentBuilderTests.java:49:19:49:39 | getInputStream(...) | DocumentBuilderTests.java:49:19:49:39 | getInputStream(...) | DocumentBuilderTests.java:49:19:49:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:49:19:49:39 | getInputStream(...) | user-provided value | -| DocumentBuilderTests.java:64:19:64:39 | getInputStream(...) | DocumentBuilderTests.java:64:19:64:39 | getInputStream(...) | DocumentBuilderTests.java:64:19:64:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:64:19:64:39 | getInputStream(...) | user-provided value | -| DocumentBuilderTests.java:71:19:71:39 | getInputStream(...) | DocumentBuilderTests.java:71:19:71:39 | getInputStream(...) | DocumentBuilderTests.java:71:19:71:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:71:19:71:39 | getInputStream(...) | user-provided value | -| DocumentBuilderTests.java:79:19:79:39 | getInputStream(...) | DocumentBuilderTests.java:79:19:79:39 | getInputStream(...) | DocumentBuilderTests.java:79:19:79:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:79:19:79:39 | getInputStream(...) | user-provided value | -| DocumentBuilderTests.java:87:19:87:39 | getInputStream(...) | DocumentBuilderTests.java:87:19:87:39 | getInputStream(...) | DocumentBuilderTests.java:87:19:87:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:87:19:87:39 | getInputStream(...) | user-provided value | -| DocumentBuilderTests.java:94:16:94:38 | getInputSource(...) | DocumentBuilderTests.java:93:51:93:71 | getInputStream(...) : InputStream | DocumentBuilderTests.java:94:16:94:38 | getInputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:93:51:93:71 | getInputStream(...) | user-provided value | -| DocumentBuilderTests.java:101:16:101:52 | sourceToInputSource(...) | DocumentBuilderTests.java:100:41:100:61 | getInputStream(...) : InputStream | DocumentBuilderTests.java:101:16:101:52 | sourceToInputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:100:41:100:61 | getInputStream(...) | user-provided value | -| DocumentBuilderTests.java:102:16:102:38 | getInputStream(...) | DocumentBuilderTests.java:100:41:100:61 | getInputStream(...) : InputStream | DocumentBuilderTests.java:102:16:102:38 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | DocumentBuilderTests.java:100:41:100:61 | getInputStream(...) | user-provided value | -| ParserHelperTests.java:12:55:12:78 | getInputStream(...) | ParserHelperTests.java:12:55:12:78 | getInputStream(...) | ParserHelperTests.java:12:55:12:78 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | ParserHelperTests.java:12:55:12:78 | getInputStream(...) | user-provided value | -| SAXBuilderTests.java:8:19:8:39 | getInputStream(...) | SAXBuilderTests.java:8:19:8:39 | getInputStream(...) | SAXBuilderTests.java:8:19:8:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXBuilderTests.java:8:19:8:39 | getInputStream(...) | user-provided value | -| SAXBuilderTests.java:20:19:20:39 | getInputStream(...) | SAXBuilderTests.java:20:19:20:39 | getInputStream(...) | SAXBuilderTests.java:20:19:20:39 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXBuilderTests.java:20:19:20:39 | getInputStream(...) | user-provided value | -| SAXParserTests.java:13:18:13:38 | getInputStream(...) | SAXParserTests.java:13:18:13:38 | getInputStream(...) | SAXParserTests.java:13:18:13:38 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXParserTests.java:13:18:13:38 | getInputStream(...) | user-provided value | -| SAXParserTests.java:30:18:30:38 | getInputStream(...) | SAXParserTests.java:30:18:30:38 | getInputStream(...) | SAXParserTests.java:30:18:30:38 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXParserTests.java:30:18:30:38 | getInputStream(...) | user-provided value | -| SAXParserTests.java:38:18:38:38 | getInputStream(...) | SAXParserTests.java:38:18:38:38 | getInputStream(...) | SAXParserTests.java:38:18:38:38 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXParserTests.java:38:18:38:38 | getInputStream(...) | user-provided value | -| SAXParserTests.java:46:18:46:38 | getInputStream(...) | SAXParserTests.java:46:18:46:38 | getInputStream(...) | SAXParserTests.java:46:18:46:38 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXParserTests.java:46:18:46:38 | getInputStream(...) | user-provided value | -| SAXParserTests.java:55:18:55:38 | getInputStream(...) | SAXParserTests.java:55:18:55:38 | getInputStream(...) | SAXParserTests.java:55:18:55:38 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXParserTests.java:55:18:55:38 | getInputStream(...) | user-provided value | -| SAXParserTests.java:64:18:64:38 | getInputStream(...) | SAXParserTests.java:64:18:64:38 | getInputStream(...) | SAXParserTests.java:64:18:64:38 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXParserTests.java:64:18:64:38 | getInputStream(...) | user-provided value | -| SAXParserTests.java:73:18:73:38 | getInputStream(...) | SAXParserTests.java:73:18:73:38 | getInputStream(...) | SAXParserTests.java:73:18:73:38 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXParserTests.java:73:18:73:38 | getInputStream(...) | user-provided value | -| SAXReaderTests.java:8:17:8:37 | getInputStream(...) | SAXReaderTests.java:8:17:8:37 | getInputStream(...) | SAXReaderTests.java:8:17:8:37 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXReaderTests.java:8:17:8:37 | getInputStream(...) | user-provided value | -| SAXReaderTests.java:23:17:23:37 | getInputStream(...) | SAXReaderTests.java:23:17:23:37 | getInputStream(...) | SAXReaderTests.java:23:17:23:37 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXReaderTests.java:23:17:23:37 | getInputStream(...) | user-provided value | -| SAXReaderTests.java:30:17:30:37 | getInputStream(...) | SAXReaderTests.java:30:17:30:37 | getInputStream(...) | SAXReaderTests.java:30:17:30:37 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXReaderTests.java:30:17:30:37 | getInputStream(...) | user-provided value | -| SAXReaderTests.java:37:17:37:37 | getInputStream(...) | SAXReaderTests.java:37:17:37:37 | getInputStream(...) | SAXReaderTests.java:37:17:37:37 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXReaderTests.java:37:17:37:37 | getInputStream(...) | user-provided value | -| SAXReaderTests.java:45:17:45:37 | getInputStream(...) | SAXReaderTests.java:45:17:45:37 | getInputStream(...) | SAXReaderTests.java:45:17:45:37 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXReaderTests.java:45:17:45:37 | getInputStream(...) | user-provided value | -| SAXReaderTests.java:53:17:53:37 | getInputStream(...) | SAXReaderTests.java:53:17:53:37 | getInputStream(...) | SAXReaderTests.java:53:17:53:37 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXReaderTests.java:53:17:53:37 | getInputStream(...) | user-provided value | -| SAXReaderTests.java:61:17:61:37 | getInputStream(...) | SAXReaderTests.java:61:17:61:37 | getInputStream(...) | SAXReaderTests.java:61:17:61:37 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SAXReaderTests.java:61:17:61:37 | getInputStream(...) | user-provided value | -| SAXSourceTests.java:20:18:20:23 | source | SAXSourceTests.java:17:62:17:82 | getInputStream(...) : InputStream | SAXSourceTests.java:20:18:20:23 | source | XML parsing depends on a $@ without guarding against external entity expansion. | SAXSourceTests.java:17:62:17:82 | getInputStream(...) | user-provided value | -| SchemaTests.java:12:39:12:77 | new StreamSource(...) | SchemaTests.java:12:56:12:76 | getInputStream(...) : InputStream | SchemaTests.java:12:39:12:77 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SchemaTests.java:12:56:12:76 | getInputStream(...) | user-provided value | -| SchemaTests.java:25:39:25:77 | new StreamSource(...) | SchemaTests.java:25:56:25:76 | getInputStream(...) : InputStream | SchemaTests.java:25:39:25:77 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SchemaTests.java:25:56:25:76 | getInputStream(...) | user-provided value | -| SchemaTests.java:31:39:31:77 | new StreamSource(...) | SchemaTests.java:31:56:31:76 | getInputStream(...) : InputStream | SchemaTests.java:31:39:31:77 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SchemaTests.java:31:56:31:76 | getInputStream(...) | user-provided value | -| SchemaTests.java:38:39:38:77 | new StreamSource(...) | SchemaTests.java:38:56:38:76 | getInputStream(...) : InputStream | SchemaTests.java:38:39:38:77 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SchemaTests.java:38:56:38:76 | getInputStream(...) | user-provided value | -| SchemaTests.java:45:39:45:77 | new StreamSource(...) | SchemaTests.java:45:56:45:76 | getInputStream(...) : InputStream | SchemaTests.java:45:39:45:77 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SchemaTests.java:45:56:45:76 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:14:41:14:61 | getInputStream(...) | SimpleXMLTests.java:14:41:14:61 | getInputStream(...) | SimpleXMLTests.java:14:41:14:61 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:14:41:14:61 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:19:41:19:61 | getInputStream(...) | SimpleXMLTests.java:19:41:19:61 | getInputStream(...) | SimpleXMLTests.java:19:41:19:61 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:19:41:19:61 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:24:41:24:84 | new InputStreamReader(...) | SimpleXMLTests.java:24:63:24:83 | getInputStream(...) : InputStream | SimpleXMLTests.java:24:41:24:84 | new InputStreamReader(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:24:63:24:83 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:31:41:31:53 | new String(...) | SimpleXMLTests.java:30:5:30:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:31:41:31:53 | new String(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:30:5:30:25 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:38:41:38:53 | new String(...) | SimpleXMLTests.java:37:5:37:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:38:41:38:53 | new String(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:37:5:37:25 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:43:41:43:84 | new InputStreamReader(...) | SimpleXMLTests.java:43:63:43:83 | getInputStream(...) : InputStream | SimpleXMLTests.java:43:41:43:84 | new InputStreamReader(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:43:63:43:83 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:48:37:48:57 | getInputStream(...) | SimpleXMLTests.java:48:37:48:57 | getInputStream(...) | SimpleXMLTests.java:48:37:48:57 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:48:37:48:57 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:53:37:53:57 | getInputStream(...) | SimpleXMLTests.java:53:37:53:57 | getInputStream(...) | SimpleXMLTests.java:53:37:53:57 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:53:37:53:57 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:58:26:58:46 | getInputStream(...) | SimpleXMLTests.java:58:26:58:46 | getInputStream(...) | SimpleXMLTests.java:58:26:58:46 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:58:26:58:46 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:63:26:63:46 | getInputStream(...) | SimpleXMLTests.java:63:26:63:46 | getInputStream(...) | SimpleXMLTests.java:63:26:63:46 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:63:26:63:46 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:68:37:68:80 | new InputStreamReader(...) | SimpleXMLTests.java:68:59:68:79 | getInputStream(...) : InputStream | SimpleXMLTests.java:68:37:68:80 | new InputStreamReader(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:68:59:68:79 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:73:37:73:80 | new InputStreamReader(...) | SimpleXMLTests.java:73:59:73:79 | getInputStream(...) : InputStream | SimpleXMLTests.java:73:37:73:80 | new InputStreamReader(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:73:59:73:79 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:78:26:78:69 | new InputStreamReader(...) | SimpleXMLTests.java:78:48:78:68 | getInputStream(...) : InputStream | SimpleXMLTests.java:78:26:78:69 | new InputStreamReader(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:78:48:78:68 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:83:26:83:69 | new InputStreamReader(...) | SimpleXMLTests.java:83:48:83:68 | getInputStream(...) : InputStream | SimpleXMLTests.java:83:26:83:69 | new InputStreamReader(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:83:48:83:68 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:90:37:90:49 | new String(...) | SimpleXMLTests.java:89:5:89:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:90:37:90:49 | new String(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:89:5:89:25 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:97:37:97:49 | new String(...) | SimpleXMLTests.java:96:5:96:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:97:37:97:49 | new String(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:96:5:96:25 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:104:26:104:38 | new String(...) | SimpleXMLTests.java:103:5:103:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:104:26:104:38 | new String(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:103:5:103:25 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:111:26:111:38 | new String(...) | SimpleXMLTests.java:110:5:110:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:111:26:111:38 | new String(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:110:5:110:25 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:115:22:115:42 | getInputStream(...) | SimpleXMLTests.java:115:22:115:42 | getInputStream(...) | SimpleXMLTests.java:115:22:115:42 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:115:22:115:42 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:119:22:119:65 | new InputStreamReader(...) | SimpleXMLTests.java:119:44:119:64 | getInputStream(...) : InputStream | SimpleXMLTests.java:119:22:119:65 | new InputStreamReader(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:119:44:119:64 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:124:22:124:42 | getInputStream(...) | SimpleXMLTests.java:124:22:124:42 | getInputStream(...) | SimpleXMLTests.java:124:22:124:42 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:124:22:124:42 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:129:22:129:65 | new InputStreamReader(...) | SimpleXMLTests.java:129:44:129:64 | getInputStream(...) : InputStream | SimpleXMLTests.java:129:22:129:65 | new InputStreamReader(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:129:44:129:64 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:134:22:134:42 | getInputStream(...) | SimpleXMLTests.java:134:22:134:42 | getInputStream(...) | SimpleXMLTests.java:134:22:134:42 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:134:22:134:42 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:139:22:139:65 | new InputStreamReader(...) | SimpleXMLTests.java:139:44:139:64 | getInputStream(...) : InputStream | SimpleXMLTests.java:139:22:139:65 | new InputStreamReader(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:139:44:139:64 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:146:22:146:34 | new String(...) | SimpleXMLTests.java:145:5:145:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:146:22:146:34 | new String(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:145:5:145:25 | getInputStream(...) | user-provided value | -| SimpleXMLTests.java:153:22:153:34 | new String(...) | SimpleXMLTests.java:152:5:152:25 | getInputStream(...) : InputStream | SimpleXMLTests.java:153:22:153:34 | new String(...) | XML parsing depends on a $@ without guarding against external entity expansion. | SimpleXMLTests.java:152:5:152:25 | getInputStream(...) | user-provided value | -| TransformerTests.java:20:27:20:65 | new StreamSource(...) | TransformerTests.java:20:44:20:64 | getInputStream(...) : InputStream | TransformerTests.java:20:27:20:65 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:20:44:20:64 | getInputStream(...) | user-provided value | -| TransformerTests.java:21:23:21:61 | new StreamSource(...) | TransformerTests.java:21:40:21:60 | getInputStream(...) : InputStream | TransformerTests.java:21:23:21:61 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:21:40:21:60 | getInputStream(...) | user-provided value | -| TransformerTests.java:71:27:71:65 | new StreamSource(...) | TransformerTests.java:71:44:71:64 | getInputStream(...) : InputStream | TransformerTests.java:71:27:71:65 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:71:44:71:64 | getInputStream(...) | user-provided value | -| TransformerTests.java:72:23:72:61 | new StreamSource(...) | TransformerTests.java:72:40:72:60 | getInputStream(...) : InputStream | TransformerTests.java:72:23:72:61 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:72:40:72:60 | getInputStream(...) | user-provided value | -| TransformerTests.java:79:27:79:65 | new StreamSource(...) | TransformerTests.java:79:44:79:64 | getInputStream(...) : InputStream | TransformerTests.java:79:27:79:65 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:79:44:79:64 | getInputStream(...) | user-provided value | -| TransformerTests.java:80:23:80:61 | new StreamSource(...) | TransformerTests.java:80:40:80:60 | getInputStream(...) : InputStream | TransformerTests.java:80:23:80:61 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:80:40:80:60 | getInputStream(...) | user-provided value | -| TransformerTests.java:88:27:88:65 | new StreamSource(...) | TransformerTests.java:88:44:88:64 | getInputStream(...) : InputStream | TransformerTests.java:88:27:88:65 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:88:44:88:64 | getInputStream(...) | user-provided value | -| TransformerTests.java:89:23:89:61 | new StreamSource(...) | TransformerTests.java:89:40:89:60 | getInputStream(...) : InputStream | TransformerTests.java:89:23:89:61 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:89:40:89:60 | getInputStream(...) | user-provided value | -| TransformerTests.java:97:27:97:65 | new StreamSource(...) | TransformerTests.java:97:44:97:64 | getInputStream(...) : InputStream | TransformerTests.java:97:27:97:65 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:97:44:97:64 | getInputStream(...) | user-provided value | -| TransformerTests.java:98:23:98:61 | new StreamSource(...) | TransformerTests.java:98:40:98:60 | getInputStream(...) : InputStream | TransformerTests.java:98:23:98:61 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:98:40:98:60 | getInputStream(...) | user-provided value | -| TransformerTests.java:103:21:103:59 | new StreamSource(...) | TransformerTests.java:103:38:103:58 | getInputStream(...) : InputStream | TransformerTests.java:103:21:103:59 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:103:38:103:58 | getInputStream(...) | user-provided value | -| TransformerTests.java:116:21:116:59 | new StreamSource(...) | TransformerTests.java:116:38:116:58 | getInputStream(...) : InputStream | TransformerTests.java:116:21:116:59 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:116:38:116:58 | getInputStream(...) | user-provided value | -| TransformerTests.java:122:21:122:59 | new StreamSource(...) | TransformerTests.java:122:38:122:58 | getInputStream(...) : InputStream | TransformerTests.java:122:21:122:59 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:122:38:122:58 | getInputStream(...) | user-provided value | -| TransformerTests.java:129:21:129:59 | new StreamSource(...) | TransformerTests.java:129:38:129:58 | getInputStream(...) : InputStream | TransformerTests.java:129:21:129:59 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:129:38:129:58 | getInputStream(...) | user-provided value | -| TransformerTests.java:136:21:136:59 | new StreamSource(...) | TransformerTests.java:136:38:136:58 | getInputStream(...) : InputStream | TransformerTests.java:136:21:136:59 | new StreamSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:136:38:136:58 | getInputStream(...) | user-provided value | -| TransformerTests.java:141:18:141:70 | new SAXSource(...) | TransformerTests.java:141:48:141:68 | getInputStream(...) : InputStream | TransformerTests.java:141:18:141:70 | new SAXSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | TransformerTests.java:141:48:141:68 | getInputStream(...) | user-provided value | -| UnmarshallerTests.java:28:18:28:38 | getInputStream(...) | UnmarshallerTests.java:28:18:28:38 | getInputStream(...) | UnmarshallerTests.java:28:18:28:38 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | UnmarshallerTests.java:28:18:28:38 | getInputStream(...) | user-provided value | -| ValidatorTests.java:22:28:22:33 | source | ValidatorTests.java:17:49:17:72 | getInputStream(...) : ServletInputStream | ValidatorTests.java:22:28:22:33 | source | XML parsing depends on a $@ without guarding against external entity expansion. | ValidatorTests.java:17:49:17:72 | getInputStream(...) | user-provided value | -| XMLDecoderTests.java:18:9:18:18 | xmlDecoder | XMLDecoderTests.java:16:49:16:72 | getInputStream(...) : ServletInputStream | XMLDecoderTests.java:18:9:18:18 | xmlDecoder | XML parsing depends on a $@ without guarding against external entity expansion. | XMLDecoderTests.java:16:49:16:72 | getInputStream(...) | user-provided value | -| XMLReaderTests.java:16:18:16:55 | new InputSource(...) | XMLReaderTests.java:16:34:16:54 | getInputStream(...) : InputStream | XMLReaderTests.java:16:18:16:55 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XMLReaderTests.java:16:34:16:54 | getInputStream(...) | user-provided value | -| XMLReaderTests.java:56:18:56:55 | new InputSource(...) | XMLReaderTests.java:56:34:56:54 | getInputStream(...) : InputStream | XMLReaderTests.java:56:18:56:55 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XMLReaderTests.java:56:34:56:54 | getInputStream(...) | user-provided value | -| XMLReaderTests.java:63:18:63:55 | new InputSource(...) | XMLReaderTests.java:63:34:63:54 | getInputStream(...) : InputStream | XMLReaderTests.java:63:18:63:55 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XMLReaderTests.java:63:34:63:54 | getInputStream(...) | user-provided value | -| XMLReaderTests.java:70:18:70:55 | new InputSource(...) | XMLReaderTests.java:70:34:70:54 | getInputStream(...) : InputStream | XMLReaderTests.java:70:18:70:55 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XMLReaderTests.java:70:34:70:54 | getInputStream(...) | user-provided value | -| XMLReaderTests.java:78:18:78:55 | new InputSource(...) | XMLReaderTests.java:78:34:78:54 | getInputStream(...) : InputStream | XMLReaderTests.java:78:18:78:55 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XMLReaderTests.java:78:34:78:54 | getInputStream(...) | user-provided value | -| XMLReaderTests.java:86:18:86:55 | new InputSource(...) | XMLReaderTests.java:86:34:86:54 | getInputStream(...) : InputStream | XMLReaderTests.java:86:18:86:55 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XMLReaderTests.java:86:34:86:54 | getInputStream(...) | user-provided value | -| XMLReaderTests.java:94:18:94:55 | new InputSource(...) | XMLReaderTests.java:94:34:94:54 | getInputStream(...) : InputStream | XMLReaderTests.java:94:18:94:55 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XMLReaderTests.java:94:34:94:54 | getInputStream(...) | user-provided value | -| XMLReaderTests.java:100:18:100:55 | new InputSource(...) | XMLReaderTests.java:100:34:100:54 | getInputStream(...) : InputStream | XMLReaderTests.java:100:18:100:55 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XMLReaderTests.java:100:34:100:54 | getInputStream(...) | user-provided value | -| XPathExpressionTests.java:27:21:27:58 | new InputSource(...) | XPathExpressionTests.java:27:37:27:57 | getInputStream(...) : InputStream | XPathExpressionTests.java:27:21:27:58 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XPathExpressionTests.java:27:37:27:57 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:9:35:9:55 | getInputStream(...) | XmlInputFactoryTests.java:9:35:9:55 | getInputStream(...) | XmlInputFactoryTests.java:9:35:9:55 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:9:35:9:55 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:10:34:10:54 | getInputStream(...) | XmlInputFactoryTests.java:10:34:10:54 | getInputStream(...) | XmlInputFactoryTests.java:10:34:10:54 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:10:34:10:54 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:24:35:24:55 | getInputStream(...) | XmlInputFactoryTests.java:24:35:24:55 | getInputStream(...) | XmlInputFactoryTests.java:24:35:24:55 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:24:35:24:55 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:25:34:25:54 | getInputStream(...) | XmlInputFactoryTests.java:25:34:25:54 | getInputStream(...) | XmlInputFactoryTests.java:25:34:25:54 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:25:34:25:54 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:31:35:31:55 | getInputStream(...) | XmlInputFactoryTests.java:31:35:31:55 | getInputStream(...) | XmlInputFactoryTests.java:31:35:31:55 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:31:35:31:55 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:32:34:32:54 | getInputStream(...) | XmlInputFactoryTests.java:32:34:32:54 | getInputStream(...) | XmlInputFactoryTests.java:32:34:32:54 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:32:34:32:54 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:39:35:39:55 | getInputStream(...) | XmlInputFactoryTests.java:39:35:39:55 | getInputStream(...) | XmlInputFactoryTests.java:39:35:39:55 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:39:35:39:55 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:40:34:40:54 | getInputStream(...) | XmlInputFactoryTests.java:40:34:40:54 | getInputStream(...) | XmlInputFactoryTests.java:40:34:40:54 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:40:34:40:54 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:47:35:47:55 | getInputStream(...) | XmlInputFactoryTests.java:47:35:47:55 | getInputStream(...) | XmlInputFactoryTests.java:47:35:47:55 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:47:35:47:55 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:48:34:48:54 | getInputStream(...) | XmlInputFactoryTests.java:48:34:48:54 | getInputStream(...) | XmlInputFactoryTests.java:48:34:48:54 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:48:34:48:54 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:55:35:55:55 | getInputStream(...) | XmlInputFactoryTests.java:55:35:55:55 | getInputStream(...) | XmlInputFactoryTests.java:55:35:55:55 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:55:35:55:55 | getInputStream(...) | user-provided value | -| XmlInputFactoryTests.java:56:34:56:54 | getInputStream(...) | XmlInputFactoryTests.java:56:34:56:54 | getInputStream(...) | XmlInputFactoryTests.java:56:34:56:54 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:56:34:56:54 | getInputStream(...) | user-provided value | diff --git a/java/ql/test/query-tests/security/CWE-611/XXE.ql b/java/ql/test/query-tests/security/CWE-611/XXE.ql new file mode 100644 index 00000000000..f1463f561f3 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-611/XXE.ql @@ -0,0 +1,11 @@ +import java +import TestUtilities.InlineFlowTest +import semmle.code.java.security.XxeRemoteQuery + +class HasFlowTest extends InlineFlowTest { + override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { + XxeFlow::flow(src, sink) + } + + override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() } +} diff --git a/java/ql/test/query-tests/security/CWE-611/XXE.qlref b/java/ql/test/query-tests/security/CWE-611/XXE.qlref deleted file mode 100644 index dc71ddf9ddb..00000000000 --- a/java/ql/test/query-tests/security/CWE-611/XXE.qlref +++ /dev/null @@ -1 +0,0 @@ -Security/CWE/CWE-611/XXE.ql \ No newline at end of file diff --git a/java/ql/test/query-tests/security/CWE-611/XmlInputFactoryTests.java b/java/ql/test/query-tests/security/CWE-611/XmlInputFactoryTests.java index ce0f9c43e19..a75bcde8c1f 100644 --- a/java/ql/test/query-tests/security/CWE-611/XmlInputFactoryTests.java +++ b/java/ql/test/query-tests/security/CWE-611/XmlInputFactoryTests.java @@ -6,53 +6,53 @@ public class XmlInputFactoryTests { public void unconfigureFactory(Socket sock) throws Exception { XMLInputFactory factory = XMLInputFactory.newFactory(); - factory.createXMLStreamReader(sock.getInputStream()); //unsafe - factory.createXMLEventReader(sock.getInputStream()); //unsafe + factory.createXMLStreamReader(sock.getInputStream()); // $ hasTaintFlow + factory.createXMLEventReader(sock.getInputStream()); // $ hasTaintFlow } - + public void safeFactory(Socket sock) throws Exception { XMLInputFactory factory = XMLInputFactory.newFactory(); factory.setProperty(XMLInputFactory.SUPPORT_DTD, false); factory.setProperty("javax.xml.stream.isSupportingExternalEntities", false); - factory.createXMLStreamReader(sock.getInputStream()); //safe - factory.createXMLEventReader(sock.getInputStream()); //safe + factory.createXMLStreamReader(sock.getInputStream()); // safe + factory.createXMLEventReader(sock.getInputStream()); // safe } - + public void misConfiguredFactory(Socket sock) throws Exception { XMLInputFactory factory = XMLInputFactory.newFactory(); factory.setProperty("javax.xml.stream.isSupportingExternalEntities", false); - factory.createXMLStreamReader(sock.getInputStream()); //unsafe - factory.createXMLEventReader(sock.getInputStream()); //unsafe + factory.createXMLStreamReader(sock.getInputStream()); // $ hasTaintFlow + factory.createXMLEventReader(sock.getInputStream()); // $ hasTaintFlow } - + public void misConfiguredFactory2(Socket sock) throws Exception { XMLInputFactory factory = XMLInputFactory.newFactory(); factory.setProperty(XMLInputFactory.SUPPORT_DTD, false); - factory.createXMLStreamReader(sock.getInputStream()); //unsafe - factory.createXMLEventReader(sock.getInputStream()); //unsafe + factory.createXMLStreamReader(sock.getInputStream()); // $ hasTaintFlow + factory.createXMLEventReader(sock.getInputStream()); // $ hasTaintFlow } - + public void misConfiguredFactory3(Socket sock) throws Exception { XMLInputFactory factory = XMLInputFactory.newFactory(); factory.setProperty("javax.xml.stream.isSupportingExternalEntities", true); factory.setProperty(XMLInputFactory.SUPPORT_DTD, true); - factory.createXMLStreamReader(sock.getInputStream()); //unsafe - factory.createXMLEventReader(sock.getInputStream()); //unsafe + factory.createXMLStreamReader(sock.getInputStream()); // $ hasTaintFlow + factory.createXMLEventReader(sock.getInputStream()); // $ hasTaintFlow } - + public void misConfiguredFactory4(Socket sock) throws Exception { XMLInputFactory factory = XMLInputFactory.newFactory(); factory.setProperty("javax.xml.stream.isSupportingExternalEntities", false); factory.setProperty(XMLInputFactory.SUPPORT_DTD, true); - factory.createXMLStreamReader(sock.getInputStream()); //unsafe - factory.createXMLEventReader(sock.getInputStream()); //unsafe + factory.createXMLStreamReader(sock.getInputStream()); // $ hasTaintFlow + factory.createXMLEventReader(sock.getInputStream()); // $ hasTaintFlow } - + public void misConfiguredFactory5(Socket sock) throws Exception { XMLInputFactory factory = XMLInputFactory.newFactory(); factory.setProperty("javax.xml.stream.isSupportingExternalEntities", true); factory.setProperty(XMLInputFactory.SUPPORT_DTD, false); - factory.createXMLStreamReader(sock.getInputStream()); //unsafe - factory.createXMLEventReader(sock.getInputStream()); //unsafe - } + factory.createXMLStreamReader(sock.getInputStream()); // $ hasTaintFlow + factory.createXMLEventReader(sock.getInputStream()); // $ hasTaintFlow + } } From fba61d51ed02ae1d7ed042fa071b55253338662b Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Wed, 26 Apr 2023 12:20:12 +0200 Subject: [PATCH 054/870] Remove experimental files --- .../Security/CWE/CWE-611/XXE.java | 85 ------ .../Security/CWE/CWE-611/XXE.qhelp | 67 ----- .../experimental/Security/CWE/CWE-611/XXE.ql | 32 --- .../Security/CWE/CWE-611/XXELib.qll | 246 ------------------ .../Security/CWE/CWE-611/XXELocal.qhelp | 5 - .../Security/CWE/CWE-611/XXELocal.ql | 34 --- .../query-tests/security/CWE-611/XXE.expected | 26 -- .../query-tests/security/CWE-611/XXE.java | 92 ------- .../query-tests/security/CWE-611/XXE.qlref | 1 - .../query-tests/security/CWE-611/options | 1 - 10 files changed, 589 deletions(-) delete mode 100644 java/ql/src/experimental/Security/CWE/CWE-611/XXE.java delete mode 100644 java/ql/src/experimental/Security/CWE/CWE-611/XXE.qhelp delete mode 100644 java/ql/src/experimental/Security/CWE/CWE-611/XXE.ql delete mode 100644 java/ql/src/experimental/Security/CWE/CWE-611/XXELib.qll delete mode 100644 java/ql/src/experimental/Security/CWE/CWE-611/XXELocal.qhelp delete mode 100644 java/ql/src/experimental/Security/CWE/CWE-611/XXELocal.ql delete mode 100644 java/ql/test/experimental/query-tests/security/CWE-611/XXE.expected delete mode 100644 java/ql/test/experimental/query-tests/security/CWE-611/XXE.java delete mode 100644 java/ql/test/experimental/query-tests/security/CWE-611/XXE.qlref delete mode 100644 java/ql/test/experimental/query-tests/security/CWE-611/options diff --git a/java/ql/src/experimental/Security/CWE/CWE-611/XXE.java b/java/ql/src/experimental/Security/CWE/CWE-611/XXE.java deleted file mode 100644 index b56914235a7..00000000000 --- a/java/ql/src/experimental/Security/CWE/CWE-611/XXE.java +++ /dev/null @@ -1,85 +0,0 @@ -import java.beans.XMLDecoder; -import java.io.BufferedReader; -import javax.servlet.ServletInputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.xml.transform.stream.StreamSource; -import javax.xml.validation.Schema; -import javax.xml.validation.SchemaFactory; -import javax.xml.validation.Validator; -import org.apache.commons.digester3.Digester; -import org.dom4j.Document; -import org.dom4j.DocumentHelper; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.PostMapping; - -@Controller -public class XxeController { - - @PostMapping(value = "xxe1") - public void bad1(HttpServletRequest request, HttpServletResponse response) throws Exception { - ServletInputStream servletInputStream = request.getInputStream(); - Digester digester = new Digester(); - digester.parse(servletInputStream); - } - - @PostMapping(value = "xxe2") - public void bad2(HttpServletRequest request) throws Exception { - BufferedReader br = request.getReader(); - String str = ""; - StringBuilder listString = new StringBuilder(); - while ((str = br.readLine()) != null) { - listString.append(str).append("\n"); - } - Document document = DocumentHelper.parseText(listString.toString()); - } - - @PostMapping(value = "xxe3") - public void bad3(HttpServletRequest request) throws Exception { - ServletInputStream servletInputStream = request.getInputStream(); - SchemaFactory factory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema"); - Schema schema = factory.newSchema(); - Validator validator = schema.newValidator(); - StreamSource source = new StreamSource(servletInputStream); - validator.validate(source); - } - - @PostMapping(value = "xxe4") - public void bad4(HttpServletRequest request) throws Exception { - ServletInputStream servletInputStream = request.getInputStream(); - XMLDecoder xmlDecoder = new XMLDecoder(servletInputStream); - xmlDecoder.readObject(); - } - - @PostMapping(value = "good1") - public void good1(HttpServletRequest request, HttpServletResponse response) throws Exception { - BufferedReader br = request.getReader(); - String str = ""; - StringBuilder listString = new StringBuilder(); - while ((str = br.readLine()) != null) { - listString.append(str); - } - Digester digester = new Digester(); - digester.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); - digester.setFeature("http://xml.org/sax/features/external-general-entities", false); - digester.setFeature("http://xml.org/sax/features/external-parameter-entities", false); - digester.parse(listString.toString()); - } - - @PostMapping(value = "good2") - public void good2(HttpServletRequest request, HttpServletResponse response) throws Exception { - BufferedReader br = request.getReader(); - String str = ""; - StringBuilder listString = new StringBuilder(); - while ((str = br.readLine()) != null) { - listString.append(str).append("\n"); - } - SchemaFactory factory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema"); - Schema schema = factory.newSchema(); - Validator validator = schema.newValidator(); - validator.setProperty("http://javax.xml.XMLConstants/property/accessExternalDTD", ""); - validator.setProperty("http://javax.xml.XMLConstants/property/accessExternalSchema", ""); - StreamSource source = new StreamSource(listString.toString()); - validator.validate(source); - } -} diff --git a/java/ql/src/experimental/Security/CWE/CWE-611/XXE.qhelp b/java/ql/src/experimental/Security/CWE/CWE-611/XXE.qhelp deleted file mode 100644 index c3cc04fdacb..00000000000 --- a/java/ql/src/experimental/Security/CWE/CWE-611/XXE.qhelp +++ /dev/null @@ -1,67 +0,0 @@ - - - - -

-Parsing untrusted XML files with a weakly configured XML parser may lead to an XML External Entity (XXE) attack. This type of attack -uses external entity references to access arbitrary files on a system, carry out denial of service, or server side -request forgery. Even when the result of parsing is not returned to the user, out-of-band -data retrieval techniques may allow attackers to steal sensitive data. Denial of services can also be -carried out in this situation. -

-

-There are many XML parsers for Java, and most of them are vulnerable to XXE because their default settings enable parsing of -external entities. This query currently identifies vulnerable XML parsing from the following parsers: javax.xml.validation.Validator, -org.dom4j.DocumentHelper, org.rundeck.api.parser.ParserHelper, org.apache.commons.digester3.Digester, -org.apache.commons.digester.Digester, org.apache.tomcat.util.digester.Digester, java.beans.XMLDecoder. -

- - - -

-The best way to prevent XXE attacks is to disable the parsing of any Document Type Declarations (DTDs) in untrusted data. -If this is not possible you should disable the parsing of external general entities and external parameter entities. -This improves security but the code will still be at risk of denial of service and server side request forgery attacks. -Protection against denial of service attacks may also be implemented by setting entity expansion limits, which is done -by default in recent JDK and JRE implementations. -

- - - -

-The following bad examples parses the xml data entered by the user under an unsafe configuration, which is inherently insecure and may cause xml entity injection. -In good examples, the security configuration is carried out, for example: Disable DTD to protect the program from XXE attacks. -

- - - - - -
  • -OWASP vulnerability description: -XML External Entity (XXE) Processing. -
    • -
  • -OWASP guidance on parsing xml files: -XXE Prevention Cheat Sheet. -
    • -
  • -Paper by Timothy Morgen: -XML Schema, DTD, and Entity Attacks -
    • -
  • -Out-of-band data retrieval: Timur Yunusov & Alexey Osipov, Black hat EU 2013: -XML Out-Of-Band Data Retrieval. -
    • -
  • -Denial of service attack (Billion laughs): -Billion Laughs. -
    • -
  • -The Java Tutorials: -Processing Limit Definitions. -
    • - -     - -     diff --git a/java/ql/src/experimental/Security/CWE/CWE-611/XXE.ql b/java/ql/src/experimental/Security/CWE/CWE-611/XXE.ql deleted file mode 100644 index 118fbd5dcaa..00000000000 --- a/java/ql/src/experimental/Security/CWE/CWE-611/XXE.ql +++ /dev/null @@ -1,32 +0,0 @@ -/** - * @name Resolving XML external entity in user-controlled data (experimental sinks) - * @description Parsing user-controlled XML documents and allowing expansion of external entity - * references may lead to disclosure of confidential data or denial of service. - * (note this version differs from query `java/xxe` by including support for additional possibly-vulnerable XML parsers) - * @kind path-problem - * @problem.severity error - * @precision high - * @id java/xxe-with-experimental-sinks - * @tags security - * experimental - * external/cwe/cwe-611 - */ - -import java -import XXELib -import semmle.code.java.dataflow.TaintTracking -import semmle.code.java.dataflow.FlowSources -import XxeFlow::PathGraph - -module XxeConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } - - predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeXxeSink } -} - -module XxeFlow = TaintTracking::Global; - -from XxeFlow::PathNode source, XxeFlow::PathNode sink -where XxeFlow::flowPath(source, sink) -select sink.getNode(), source, sink, "Unsafe parsing of XML file from $@.", source.getNode(), - "user input" diff --git a/java/ql/src/experimental/Security/CWE/CWE-611/XXELib.qll b/java/ql/src/experimental/Security/CWE/CWE-611/XXELib.qll deleted file mode 100644 index eb3cb3d269b..00000000000 --- a/java/ql/src/experimental/Security/CWE/CWE-611/XXELib.qll +++ /dev/null @@ -1,246 +0,0 @@ -import java -import semmle.code.java.dataflow.DataFlow3 -import semmle.code.java.dataflow.DataFlow4 -import semmle.code.java.dataflow.DataFlow5 -import semmle.code.java.security.XmlParsers -private import semmle.code.java.dataflow.SSA - -/** A data flow sink for untrusted user input used to insecure xml parse. */ -class UnsafeXxeSink extends DataFlow::ExprNode { - UnsafeXxeSink() { - exists(XmlParserCall parse | - parse.getSink() = this.getExpr() and - not parse.isSafe() - ) - } -} - -/** The class `org.rundeck.api.parser.ParserHelper`. */ -class ParserHelper extends RefType { - ParserHelper() { this.hasQualifiedName("org.rundeck.api.parser", "ParserHelper") } -} - -/** A call to `ParserHelper.loadDocument`. */ -class ParserHelperLoadDocument extends XmlParserCall { - ParserHelperLoadDocument() { - exists(Method m | - this.getMethod() = m and - m.getDeclaringType() instanceof ParserHelper and - m.hasName("loadDocument") - ) - } - - override Expr getSink() { result = this.getArgument(0) } - - override predicate isSafe() { none() } -} - -/** The class `javax.xml.validation.Validator`. */ -class Validator extends RefType { - Validator() { this.hasQualifiedName("javax.xml.validation", "Validator") } -} - -/** A call to `Validator.validate`. */ -class ValidatorValidate extends XmlParserCall { - ValidatorValidate() { - exists(Method m | - this.getMethod() = m and - m.getDeclaringType() instanceof Validator and - m.hasName("validate") - ) - } - - override Expr getSink() { result = this.getArgument(0) } - - override predicate isSafe() { SafeValidatorFlow::flowToExpr(this.getQualifier()) } -} - -/** A `ParserConfig` specific to `Validator`. */ -class ValidatorConfig extends TransformerConfig { - ValidatorConfig() { - exists(Method m | - this.getMethod() = m and - m.getDeclaringType() instanceof Validator and - m.hasName("setProperty") - ) - } -} - -/** A safely configured `Validator`. */ -class SafeValidator extends VarAccess { - SafeValidator() { - exists(Variable v | v = this.getVariable() | - exists(ValidatorConfig config | config.getQualifier() = v.getAnAccess() | - config.disables(configAccessExternalDtd()) - ) and - exists(ValidatorConfig config | config.getQualifier() = v.getAnAccess() | - config.disables(configAccessExternalSchema()) - ) - ) - } -} - -private module SafeValidatorFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeValidator } - - predicate isSink(DataFlow::Node sink) { - exists(MethodAccess ma | - sink.asExpr() = ma.getQualifier() and - ma.getMethod().getDeclaringType() instanceof Validator - ) - } - - int fieldFlowBranchLimit() { result = 0 } -} - -private module SafeValidatorFlow = DataFlow::Global; - -/** - * The classes `org.apache.commons.digester3.Digester`, `org.apache.commons.digester.Digester` or `org.apache.tomcat.util.digester.Digester`. - */ -class Digester extends RefType { - Digester() { - this.hasQualifiedName([ - "org.apache.commons.digester3", "org.apache.commons.digester", - "org.apache.tomcat.util.digester" - ], "Digester") - } -} - -/** A call to `Digester.parse`. */ -class DigesterParse extends XmlParserCall { - DigesterParse() { - exists(Method m | - this.getMethod() = m and - m.getDeclaringType() instanceof Digester and - m.hasName("parse") - ) - } - - override Expr getSink() { result = this.getArgument(0) } - - override predicate isSafe() { SafeDigesterFlow::flowToExpr(this.getQualifier()) } -} - -/** A `ParserConfig` that is specific to `Digester`. */ -class DigesterConfig extends ParserConfig { - DigesterConfig() { - exists(Method m | - m = this.getMethod() and - m.getDeclaringType() instanceof Digester and - m.hasName("setFeature") - ) - } -} - -/** - * A safely configured `Digester`. - */ -class SafeDigester extends VarAccess { - SafeDigester() { - exists(Variable v | v = this.getVariable() | - exists(DigesterConfig config | config.getQualifier() = v.getAnAccess() | - config.enables(singleSafeConfig()) - ) - or - exists(DigesterConfig config | config.getQualifier() = v.getAnAccess() | - config - .disables(any(ConstantStringExpr s | - s.getStringValue() = "http://xml.org/sax/features/external-general-entities" - )) - ) and - exists(DigesterConfig config | config.getQualifier() = v.getAnAccess() | - config - .disables(any(ConstantStringExpr s | - s.getStringValue() = "http://xml.org/sax/features/external-parameter-entities" - )) - ) and - exists(DigesterConfig config | config.getQualifier() = v.getAnAccess() | - config - .disables(any(ConstantStringExpr s | - s.getStringValue() = - "http://apache.org/xml/features/nonvalidating/load-external-dtd" - )) - ) - ) - } -} - -private module SafeDigesterFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeDigester } - - predicate isSink(DataFlow::Node sink) { - exists(MethodAccess ma | - sink.asExpr() = ma.getQualifier() and ma.getMethod().getDeclaringType() instanceof Digester - ) - } - - int fieldFlowBranchLimit() { result = 0 } -} - -private module SafeDigesterFlow = DataFlow::Global; - -/** The class `java.beans.XMLDecoder`. */ -class XmlDecoder extends RefType { - XmlDecoder() { this.hasQualifiedName("java.beans", "XMLDecoder") } -} - -/** DEPRECATED: Alias for XmlDecoder */ -deprecated class XMLDecoder = XmlDecoder; - -/** A call to `XMLDecoder.readObject`. */ -class XmlDecoderReadObject extends XmlParserCall { - XmlDecoderReadObject() { - exists(Method m | - this.getMethod() = m and - m.getDeclaringType() instanceof XmlDecoder and - m.hasName("readObject") - ) - } - - override Expr getSink() { result = this.getQualifier() } - - override predicate isSafe() { none() } -} - -/** DEPRECATED: Alias for XmlDecoderReadObject */ -deprecated class XMLDecoderReadObject = XmlDecoderReadObject; - -private predicate constantStringExpr(Expr e, string val) { - e.(CompileTimeConstantExpr).getStringValue() = val - or - exists(SsaExplicitUpdate v, Expr src | - e = v.getAUse() and - src = v.getDefiningExpr().(VariableAssign).getSource() and - constantStringExpr(src, val) - ) -} - -/** A call to `SAXTransformerFactory.newTransformerHandler`. */ -class SaxTransformerFactoryNewTransformerHandler extends XmlParserCall { - SaxTransformerFactoryNewTransformerHandler() { - exists(Method m | - this.getMethod() = m and - m.getDeclaringType().hasQualifiedName("javax.xml.transform.sax", "SAXTransformerFactory") and - m.hasName("newTransformerHandler") - ) - } - - override Expr getSink() { result = this.getArgument(0) } - - override predicate isSafe() { SafeTransformerFactoryFlow::flowToExpr(this.getQualifier()) } -} - -/** DEPRECATED: Alias for SaxTransformerFactoryNewTransformerHandler */ -deprecated class SAXTransformerFactoryNewTransformerHandler = - SaxTransformerFactoryNewTransformerHandler; - -/** An expression that always has the same string value. */ -private class ConstantStringExpr extends Expr { - string value; - - ConstantStringExpr() { constantStringExpr(this, value) } - - /** Get the string value of this expression. */ - string getStringValue() { result = value } -} diff --git a/java/ql/src/experimental/Security/CWE/CWE-611/XXELocal.qhelp b/java/ql/src/experimental/Security/CWE/CWE-611/XXELocal.qhelp deleted file mode 100644 index 4dc505dec6a..00000000000 --- a/java/ql/src/experimental/Security/CWE/CWE-611/XXELocal.qhelp +++ /dev/null @@ -1,5 +0,0 @@ - - - \ No newline at end of file diff --git a/java/ql/src/experimental/Security/CWE/CWE-611/XXELocal.ql b/java/ql/src/experimental/Security/CWE/CWE-611/XXELocal.ql deleted file mode 100644 index 99e65fa99e8..00000000000 --- a/java/ql/src/experimental/Security/CWE/CWE-611/XXELocal.ql +++ /dev/null @@ -1,34 +0,0 @@ -/** - * @name Resolving XML external entity from a local source (experimental sinks) - * @description Parsing user-controlled XML documents and allowing expansion of external entity - * references may lead to disclosure of confidential data or denial of service. - * (note this version differs from query `java/xxe` by including support for additional possibly-vulnerable XML parsers, - * and by considering local information sources dangerous (e.g. environment variables) in addition to the remote sources - * considered by the normal `java/xxe` query) - * @kind path-problem - * @problem.severity recommendation - * @precision medium - * @id java/xxe-local-experimental-sinks - * @tags security - * experimental - * external/cwe/cwe-611 - */ - -import java -import XXELib -import semmle.code.java.dataflow.TaintTracking -import semmle.code.java.dataflow.FlowSources -import XxeLocalFlow::PathGraph - -module XxeLocalConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src instanceof LocalUserInput } - - predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeXxeSink } -} - -module XxeLocalFlow = TaintTracking::Global; - -from XxeLocalFlow::PathNode source, XxeLocalFlow::PathNode sink -where XxeLocalFlow::flowPath(source, sink) -select sink.getNode(), source, sink, "Unsafe parsing of XML file from $@.", source.getNode(), - "user input" diff --git a/java/ql/test/experimental/query-tests/security/CWE-611/XXE.expected b/java/ql/test/experimental/query-tests/security/CWE-611/XXE.expected deleted file mode 100644 index b99edb2122d..00000000000 --- a/java/ql/test/experimental/query-tests/security/CWE-611/XXE.expected +++ /dev/null @@ -1,26 +0,0 @@ -edges -| XXE.java:22:43:22:66 | getInputStream(...) : ServletInputStream | XXE.java:24:18:24:35 | servletInputStream | -| XXE.java:29:43:29:66 | getInputStream(...) : ServletInputStream | XXE.java:33:42:33:59 | servletInputStream : ServletInputStream | -| XXE.java:33:25:33:60 | new StreamSource(...) : StreamSource | XXE.java:34:22:34:27 | source | -| XXE.java:33:42:33:59 | servletInputStream : ServletInputStream | XXE.java:33:25:33:60 | new StreamSource(...) : StreamSource | -| XXE.java:39:43:39:66 | getInputStream(...) : ServletInputStream | XXE.java:40:42:40:59 | servletInputStream : ServletInputStream | -| XXE.java:40:27:40:60 | new XMLDecoder(...) : XMLDecoder | XXE.java:41:3:41:12 | xmlDecoder | -| XXE.java:40:42:40:59 | servletInputStream : ServletInputStream | XXE.java:40:27:40:60 | new XMLDecoder(...) : XMLDecoder | -nodes -| XXE.java:22:43:22:66 | getInputStream(...) : ServletInputStream | semmle.label | getInputStream(...) : ServletInputStream | -| XXE.java:24:18:24:35 | servletInputStream | semmle.label | servletInputStream | -| XXE.java:29:43:29:66 | getInputStream(...) : ServletInputStream | semmle.label | getInputStream(...) : ServletInputStream | -| XXE.java:33:25:33:60 | new StreamSource(...) : StreamSource | semmle.label | new StreamSource(...) : StreamSource | -| XXE.java:33:42:33:59 | servletInputStream : ServletInputStream | semmle.label | servletInputStream : ServletInputStream | -| XXE.java:34:22:34:27 | source | semmle.label | source | -| XXE.java:39:43:39:66 | getInputStream(...) : ServletInputStream | semmle.label | getInputStream(...) : ServletInputStream | -| XXE.java:40:27:40:60 | new XMLDecoder(...) : XMLDecoder | semmle.label | new XMLDecoder(...) : XMLDecoder | -| XXE.java:40:42:40:59 | servletInputStream : ServletInputStream | semmle.label | servletInputStream : ServletInputStream | -| XXE.java:41:3:41:12 | xmlDecoder | semmle.label | xmlDecoder | -| XXE.java:46:49:46:72 | getInputStream(...) | semmle.label | getInputStream(...) | -subpaths -#select -| XXE.java:24:18:24:35 | servletInputStream | XXE.java:22:43:22:66 | getInputStream(...) : ServletInputStream | XXE.java:24:18:24:35 | servletInputStream | Unsafe parsing of XML file from $@. | XXE.java:22:43:22:66 | getInputStream(...) | user input | -| XXE.java:34:22:34:27 | source | XXE.java:29:43:29:66 | getInputStream(...) : ServletInputStream | XXE.java:34:22:34:27 | source | Unsafe parsing of XML file from $@. | XXE.java:29:43:29:66 | getInputStream(...) | user input | -| XXE.java:41:3:41:12 | xmlDecoder | XXE.java:39:43:39:66 | getInputStream(...) : ServletInputStream | XXE.java:41:3:41:12 | xmlDecoder | Unsafe parsing of XML file from $@. | XXE.java:39:43:39:66 | getInputStream(...) | user input | -| XXE.java:46:49:46:72 | getInputStream(...) | XXE.java:46:49:46:72 | getInputStream(...) | XXE.java:46:49:46:72 | getInputStream(...) | Unsafe parsing of XML file from $@. | XXE.java:46:49:46:72 | getInputStream(...) | user input | diff --git a/java/ql/test/experimental/query-tests/security/CWE-611/XXE.java b/java/ql/test/experimental/query-tests/security/CWE-611/XXE.java deleted file mode 100644 index 92a669acdc0..00000000000 --- a/java/ql/test/experimental/query-tests/security/CWE-611/XXE.java +++ /dev/null @@ -1,92 +0,0 @@ -import java.beans.XMLDecoder; -import java.io.BufferedReader; -import javax.servlet.ServletInputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.xml.transform.stream.StreamSource; -import javax.xml.validation.Schema; -import javax.xml.validation.SchemaFactory; -import javax.xml.validation.Validator; -import org.rundeck.api.parser.ParserHelper; -import org.apache.commons.digester3.Digester; -import org.dom4j.Document; -import org.dom4j.DocumentHelper; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.PostMapping; - -@Controller -public class XXE { - - @PostMapping(value = "bad1") - public void bad1(HttpServletRequest request, HttpServletResponse response) throws Exception { - ServletInputStream servletInputStream = request.getInputStream(); - Digester digester = new Digester(); - digester.parse(servletInputStream); // bad - } - - @PostMapping(value = "bad2") - public void bad2(HttpServletRequest request) throws Exception { - ServletInputStream servletInputStream = request.getInputStream(); - SchemaFactory factory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema"); - Schema schema = factory.newSchema(); - Validator validator = schema.newValidator(); - StreamSource source = new StreamSource(servletInputStream); - validator.validate(source); // bad - } - - @PostMapping(value = "bad3") - public void bad3(HttpServletRequest request) throws Exception { - ServletInputStream servletInputStream = request.getInputStream(); - XMLDecoder xmlDecoder = new XMLDecoder(servletInputStream); - xmlDecoder.readObject(); // bad - } - - @PostMapping(value = "bad4") - public void bad4(HttpServletRequest request) throws Exception { - Document document = ParserHelper.loadDocument(request.getInputStream()); // bad - } - - @PostMapping(value = "good1") - public void good1(HttpServletRequest request, HttpServletResponse response) throws Exception { - BufferedReader br = request.getReader(); - String str = ""; - StringBuilder listString = new StringBuilder(); - while ((str = br.readLine()) != null) { - listString.append(str); - } - Digester digester = new Digester(); - digester.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); - digester.setFeature("http://xml.org/sax/features/external-general-entities", false); - digester.setFeature("http://xml.org/sax/features/external-parameter-entities", false); - digester.parse(listString.toString()); - } - - @PostMapping(value = "good2") - public void good2(HttpServletRequest request, HttpServletResponse response) throws Exception { - BufferedReader br = request.getReader(); - String str = ""; - StringBuilder listString = new StringBuilder(); - while ((str = br.readLine()) != null) { - listString.append(str).append("\n"); - } - SchemaFactory factory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema"); - Schema schema = factory.newSchema(); - Validator validator = schema.newValidator(); - validator.setProperty("http://javax.xml.XMLConstants/property/accessExternalDTD", ""); - validator.setProperty("http://javax.xml.XMLConstants/property/accessExternalSchema", ""); - StreamSource source = new StreamSource(listString.toString()); - validator.validate(source); - } - - @PostMapping(value = "good3") - public void good3(HttpServletRequest request) throws Exception { - BufferedReader br = request.getReader(); - String str = ""; - StringBuilder listString = new StringBuilder(); - while ((str = br.readLine()) != null) { - listString.append(str).append("\n"); - } - // parseText falls back to a default SAXReader, which is safe - Document document = DocumentHelper.parseText(listString.toString()); // Safe - } -} diff --git a/java/ql/test/experimental/query-tests/security/CWE-611/XXE.qlref b/java/ql/test/experimental/query-tests/security/CWE-611/XXE.qlref deleted file mode 100644 index 0675e245daa..00000000000 --- a/java/ql/test/experimental/query-tests/security/CWE-611/XXE.qlref +++ /dev/null @@ -1 +0,0 @@ -experimental/Security/CWE/CWE-611/XXE.ql diff --git a/java/ql/test/experimental/query-tests/security/CWE-611/options b/java/ql/test/experimental/query-tests/security/CWE-611/options deleted file mode 100644 index 9aea8cdbe50..00000000000 --- a/java/ql/test/experimental/query-tests/security/CWE-611/options +++ /dev/null @@ -1 +0,0 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4/:${testdir}/../../../../stubs/springframework-5.3.8/:${testdir}/../../../../stubs/dom4j-2.1.1:${testdir}/../../../../stubs/apache-commons-digester3-3.2:${testdir}/../../../../stubs/jaxen-1.2.0/:${testdir}/../../../../stubs/rundeck-api-java-client-13.2 \ No newline at end of file From 4606df5cb69d0f2731fd047b3a9f7c618b58023a Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Wed, 26 Apr 2023 12:24:43 +0200 Subject: [PATCH 055/870] Add change note --- java/ql/src/change-notes/2023-04-26-xxe-sinks-promotion.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 java/ql/src/change-notes/2023-04-26-xxe-sinks-promotion.md diff --git a/java/ql/src/change-notes/2023-04-26-xxe-sinks-promotion.md b/java/ql/src/change-notes/2023-04-26-xxe-sinks-promotion.md new file mode 100644 index 00000000000..01bbfe267bd --- /dev/null +++ b/java/ql/src/change-notes/2023-04-26-xxe-sinks-promotion.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Experimental sinks for the query "Resolving XML external entity in user-controlled data" (`java/xxe`) have been promoted to the main query pack. These sinks were originally [submitted as part of an experimental query by @haby0](https://github.com/github/codeql/pull/6564). From 1e3d81842eeea92f8306a8cdf46021dfee8dec2b Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 10 Jan 2023 15:38:17 +0000 Subject: [PATCH 056/870] Update CallNode.getArgument for implicit varargs It now has one only result corresponding to a variadic parameter. If the argument is followed by an ellipsis then it is just the argument itself. Otherwise it is a ImplicitVarargsSlice node. --- .../go/dataflow/internal/DataFlowNodes.qll | 63 ++++++++++++++++--- 1 file changed, 54 insertions(+), 9 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll index 70e9e00116a..5ab830d7272 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll @@ -534,16 +534,11 @@ module Public { CallExpr getCall() { result = this.getExpr() } /** - * Gets the data flow node corresponding to the `i`th argument of this call. - * - * Note that the first argument in calls to the built-in function `make` is a type, which is - * not a data-flow node. It is skipped for the purposes of this predicate, so the (syntactically) - * second argument becomes the first argument in terms of data flow. - * - * For calls of the form `f(g())` where `g` has multiple results, the arguments of the call to - * `i` are the (implicit) element extraction nodes for the call to `g`. + * Gets the `i`th argument of this call, where tuple extraction has been + * done but arguments corresponding to a variadic parameter are still + * considered separate. */ - Node getArgument(int i) { + Node getSyntacticArgument(int i) { if expr.getArgument(0).getType() instanceof TupleType then result = DataFlow::extractTupleElement(DataFlow::exprNode(expr.getArgument(0)), i) else @@ -555,12 +550,62 @@ module Public { ) } + /** + * Gets the data flow node corresponding to an argument of this call, where + * tuple extraction has been done but arguments corresponding to a variadic + * parameter are still considered separate. + */ + Node getASyntacticArgument() { result = this.getSyntacticArgument(_) } + + /** + * Gets the data flow node corresponding to the `i`th argument of this call. + * + * Note that the first argument in calls to the built-in function `make` is a type, which is + * not a data-flow node. It is skipped for the purposes of this predicate, so the (syntactically) + * second argument becomes the first argument in terms of data flow. + * + * For calls of the form `f(g())` where `g` has multiple results, the arguments of the call to + * `i` are the (implicit) element extraction nodes for the call to `g`. + * + * For calls to variadic functions without an ellipsis (`...`), there is a single argument of type + * `ImplicitVarargsSlice` corresponding to the variadic parameter. This is in contrast to the member + * predicate `getArgument` on `CallExpr`, which gets the syntactic arguments. + */ + Node getArgument(int i) { + exists(SignatureType t, int lastParamIndex | + t = this.getACalleeIncludingExternals().getType() and + lastParamIndex = t.getNumParameter() - 1 + | + if + not this.hasEllipsis() and + t.isVariadic() and + i >= lastParamIndex + then + result.(ImplicitVarargsSlice).getCallNode() = this and + i = lastParamIndex + else result = this.getSyntacticArgument(i) + ) + } + /** Gets the data flow node corresponding to an argument of this call. */ Node getAnArgument() { result = this.getArgument(_) } /** Gets the number of arguments of this call, if it can be determined. */ int getNumArgument() { result = count(this.getAnArgument()) } + /** + * Gets the 'i'th argument without an ellipsis after it which is passed to + * the varargs parameter of the target of this call (if there is one). + */ + Node getImplicitVarargsArgument(int i) { + not this.hasEllipsis() and + i >= 0 and + exists(Function f | f = this.getTarget() | + f.isVariadic() and + result = this.getSyntacticArgument(f.getNumParameter() - 1 + i) + ) + } + /** Gets a function passed as the `i`th argument of this call. */ FunctionNode getCallback(int i) { result.getASuccessor*() = this.getArgument(i) } From 39da26e9b5c063b6079da29f2d69de8c2a0cee6b Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 25 Apr 2023 07:20:16 +0100 Subject: [PATCH 057/870] Update ParameterInput.getEntryNode for implicit varargs slices --- go/ql/lib/semmle/go/dataflow/FunctionInputsAndOutputs.qll | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/go/ql/lib/semmle/go/dataflow/FunctionInputsAndOutputs.qll b/go/ql/lib/semmle/go/dataflow/FunctionInputsAndOutputs.qll index c1653f5b3ad..2939f955a6f 100644 --- a/go/ql/lib/semmle/go/dataflow/FunctionInputsAndOutputs.qll +++ b/go/ql/lib/semmle/go/dataflow/FunctionInputsAndOutputs.qll @@ -74,7 +74,9 @@ private class ParameterInput extends FunctionInput, TInParameter { override predicate isParameter(int i) { i = index } - override DataFlow::Node getEntryNode(DataFlow::CallNode c) { result = c.getArgument(index) } + override DataFlow::Node getEntryNode(DataFlow::CallNode c) { + result = c.getSyntacticArgument(index) + } override DataFlow::Node getExitNode(FuncDef f) { result = DataFlow::parameterNode(f.getParameter(index)) From f2cb2b324ee85a2d23fe7316e4d8208c21509080 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 18 Apr 2023 13:24:14 +0100 Subject: [PATCH 058/870] Swift: Add analyzing-data-flow-in-swift.rst --- .../analyzing-data-flow-in-swift.rst | 290 ++++++++++++++++++ .../codeql-for-swift.rst | 3 + 2 files changed, 293 insertions(+) create mode 100644 docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst new file mode 100644 index 00000000000..69b42f327d8 --- /dev/null +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst @@ -0,0 +1,290 @@ +.. _analyzing-data-flow-in-swift: + +Analyzing data flow in Swift +============================ + +You can use CodeQL to track the flow of data through a Swift program to places where the data is used. + +About this article +------------------ + +This article describes how data flow analysis is implemented in the CodeQL libraries for Swift and includes examples to help you write your own data flow queries. +The following sections describe how to use the libraries for local data flow, global data flow, and taint tracking. +For a more general introduction to modeling data flow, see ":ref:`About data flow analysis `." + +Local data flow +--------------- + +Local data flow tracks the flow of data within a single method or callable. Local data flow is easier, faster, and more precise than global data flow. Before looking at more complex tracking, you should always consider local tracking because it is sufficient for many queries. + +Using local data flow +~~~~~~~~~~~~~~~~~~~~~ + +You can use the local data flow library by importing the ``DataFlow`` module. The library uses the class ``Node`` to represent any element through which data can flow. +The ``Node`` class has a number of useful subclasses, such as ``ExprNode`` for expressions and ``ParameterNode`` for parameters. You can map between data flow nodes and expressions/control-flow nodes using the member predicates ``asExpr`` and ``getCfgNode``: + +.. code-block:: ql + + class Node { + /** + * Gets this node's underlying expression, if any. + */ + Expr asExpr() { none() } + + /** + * Gets this data flow node's corresponding control flow node. + */ + ControlFlowNode getCfgNode() { none() } + + ... + } + +You can use the predicates ``exprNode`` and ``parameterNode`` to map from expressions and parameters to their data-flow node: + +.. code-block:: ql + + /** Gets a node corresponding to expression `e`. */ + ExprNode exprNode(DataFlowExpr e) { result.asExpr() = e } + + /** + * Gets the node corresponding to the value of parameter `p` at function entry. + */ + ParameterNode parameterNode(DataFlowParameter p) { result.getParameter() = p } + +There can be multiple data-flow nodes associated with a single expression node in the AST. + +The predicate ``localFlowStep(Node nodeFrom, Node nodeTo)`` holds if there is an immediate data flow edge from the node ``nodeFrom`` to the node ``nodeTo``. +You can apply the predicate recursively, by using the ``+`` and ``*`` operators, or you can use the predefined recursive predicate ``localFlow``. + +For example, you can find flow from an expression ``source`` to an expression ``sink`` in zero or more local steps: + +.. code-block:: ql + + DataFlow::localFlow(DataFlow::exprNode(source), DataFlow::exprNode(sink)) + +Using local taint tracking +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Local taint tracking extends local data flow to include flow steps where values are not preserved, for example, string manipulation. +For example: + +.. code-block:: swift + + temp = x + y = temp + ", " + temp + +If ``x`` is a tainted string then ``y`` is also tainted. + +The local taint tracking library is in the module ``TaintTracking``. +Like local data flow, a predicate ``localTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo)`` holds if there is an immediate taint propagation edge from the node ``nodeFrom`` to the node ``nodeTo``. +You can apply the predicate recursively, by using the ``+`` and ``*`` operators, or you can use the predefined recursive predicate ``localTaint``. + +For example, you can find taint propagation from an expression ``source`` to an expression ``sink`` in zero or more local steps: + +.. code-block:: ql + + TaintTracking::localTaint(DataFlow::exprNode(source), DataFlow::exprNode(sink)) + +Examples of local data flow +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This query finds the ``format`` argument passed into each call to ``String.init(format:_:)``: + +.. code-block:: ql + + import swift + + from CallExpr call, MethodDecl method + where + call.getStaticTarget() = method and + method.hasQualifiedName("String", "init(format:_:)") + select call.getArgument(0).getExpr() + +Unfortunately this will only give the expression in the argument, not the values which could be passed to it. +So we use local data flow to find all expressions that flow into the argument: + +.. code-block:: ql + + import swift + import codeql.swift.dataflow.DataFlow + + from CallExpr call, MethodDecl method, Expr sourceExpr, Expr sinkExpr + where + call.getStaticTarget() = method and + method.hasQualifiedName("String", "init(format:_:)") and + sinkExpr = call.getArgument(0).getExpr() and + DataFlow::localFlow(DataFlow::exprNode(sourceExpr), DataFlow::exprNode(sinkExpr)) + select sourceExpr, sinkExpr + +We can vary the source, for example, making the source the parameter of a function rather than an expression. The following query finds where a parameter is used for the format: + +.. code-block:: ql + + import swift + import codeql.swift.dataflow.DataFlow + + from CallExpr call, MethodDecl method, ParamDecl sourceParam, Expr sinkExpr + where + call.getStaticTarget() = method and + method.hasQualifiedName("String", "init(format:_:)") and + sinkExpr = call.getArgument(0).getExpr() and + DataFlow::localFlow(DataFlow::parameterNode(sourceParam), DataFlow::exprNode(sinkExpr)) + select sourceParam, sinkExpr + +The following example finds calls to ``String.init(format:_:)`` where the format string is not a hard-coded string literal: + +.. code-block:: ql + + import swift + import codeql.swift.dataflow.DataFlow + + from CallExpr call, MethodDecl method, Expr sinkExpr + where + call.getStaticTarget() = method and + method.hasQualifiedName("String", "init(format:_:)") and + sinkExpr = call.getArgument(0).getExpr() and + not exists(StringLiteralExpr sourceLiteral | + DataFlow::localFlow(DataFlow::exprNode(sourceLiteral), DataFlow::exprNode(sinkExpr)) + ) + select call, "Format argument to " + method.getName() + " isn't hard-coded." + +Global data flow +---------------- + +Global data flow tracks data flow throughout the entire program, and is therefore more powerful than local data flow. +However, global data flow is less precise than local data flow, and the analysis typically requires significantly more time and memory to perform. + +.. pull-quote:: Note + + .. include:: ../reusables/path-problem.rst + +Using global data flow +~~~~~~~~~~~~~~~~~~~~~~ + +You can use the global data flow library by implementing the module ``DataFlow::ConfigSig``: + +.. code-block:: ql + + import codeql.swift.dataflow.DataFlow + + module MyDataFlowConfiguration implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + ... + } + + predicate isSink(DataFlow::Node sink) { + ... + } + } + + module MyDataFlow = DataFlow::Global; + +These predicates are defined in the configuration: + +- ``isSource`` - defines where data may flow from. +- ``isSink`` - defines where data may flow to. +- ``isBarrier`` - optionally, restricts the data flow. +- ``isAdditionalFlowStep`` - optionally, adds additional flow steps. + +The last line (``module MyDataFlow = ...``) performs data flow analysis using the configuration, and its results can be accessed with ``MyDataFlow::flow(DataFlow::Node source, DataFlow::Node sink)``: + +.. code-block:: ql + + from DataFlow::Node source, DataFlow::Node sink + where MyDataFlow::flow(source, sink) + select source, "Dataflow to $@.", sink, sink.toString() + +Using global taint tracking +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Global taint tracking is to global data flow what local taint tracking is to local data flow. +That is, global taint tracking extends global data flow with additional non-value-preserving steps. +The global taint tracking library uses the same configuration module as the global data flow library but taint flow analysis is performed with ``TaintTracking::Global``: + +.. code-block:: ql + + module MyTaintFlow = TaintTracking::Global; + + from DataFlow::Node source, DataFlow::Node sink + where MyTaintFlow::flow(source, sink) + select source, "Taint flow to $@.", sink, sink.toString() + +Predefined sources and sinks +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The data flow library module ``codeql.swift.dataflow.FlowSources`` contains a number of predefined sources and sinks, providing a good starting point for defining data flow and taint flow based security queries. + +- The class ``RemoteFlowSource`` represents data flow from remote network inputs and from other applications. +- The class ``LocalFlowSource`` represents data flow from local user input. +- The class ``FlowSource`` includes both of the above. + +Examples of global data flow +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following global taint-tracking query finds places where a string literal is used in a function call argument called "password". + - Since this is a taint-tracking query, the ``TaintTracking::Global`` module is used. + - The ``isSource`` predicate defines sources as any ``StringLiteralExpr``. + - The ``isSink`` predicate defines sinks as arguments to a ``CallExpr`` called "password". + - The sources and sinks may need tuning to a particular use case, for example if passwords are represented by a type other than ``String`` or passed in arguments of a different name than "password". + +.. code-block:: ql + + import swift + import codeql.swift.dataflow.DataFlow + import codeql.swift.dataflow.TaintTracking + + module ConstantPasswordConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node.asExpr() instanceof StringLiteralExpr } + + predicate isSink(DataFlow::Node node) { + // any argument called `password` + exists(CallExpr call | call.getArgumentWithLabel("password").getExpr() = node.asExpr()) + } + + module ConstantPasswordFlow = TaintTracking::Global; + + from DataFlow::Node sourceNode, DataFlow::Node sinkNode + where ConstantPasswordFlow::flow(sourceNode, sinkNode) + select sinkNode, sourceNode, sinkNode, + "The value '" + sourceNode.toString() + "' is used as a constant password." + + +The following global taint-tracking query finds places where a value from a remote or local user input is used as an argument to the SQLite ``Connection.execute(_:)`` function. + - Since this is a taint-tracking query, the ``TaintTracking::Global`` module is used. + - The ``isSource`` predicate defines sources as a ``FlowSource`` (remote or local user input). + - The ``isSink`` predicate defines sinks as the first argument in any call to ``Connection.execute(_:)``. + +.. code-block:: ql + + + import swift + import codeql.swift.dataflow.DataFlow + import codeql.swift.dataflow.TaintTracking + import codeql.swift.dataflow.FlowSources + + module SqlInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof FlowSource } + + predicate isSink(DataFlow::Node node) { + exists(CallExpr call | + call.getStaticTarget().(MethodDecl).hasQualifiedName("Connection", ["execute(_:)"]) and + call.getArgument(0).getExpr() = node.asExpr() + ) + } + } + + module SqlInjectionFlow = TaintTracking::Global; + + from DataFlow::Node sourceNode, DataFlow::Node sinkNode + where SqlInjectionFlow::flow(sourceNode, sinkNode) + select sinkNode, sourceNode, sinkNode, "This query depends on a $@.", sourceNode, + "user-provided value" + +Further reading +--------------- + +- ":ref:`Exploring data flow with path queries `" + + +.. include:: ../reusables/swift-further-reading.rst +.. include:: ../reusables/codeql-ref-tools-further-reading.rst diff --git a/docs/codeql/codeql-language-guides/codeql-for-swift.rst b/docs/codeql/codeql-language-guides/codeql-for-swift.rst index ccb3499b727..d43688921cf 100644 --- a/docs/codeql/codeql-language-guides/codeql-for-swift.rst +++ b/docs/codeql/codeql-language-guides/codeql-for-swift.rst @@ -9,5 +9,8 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat :hidden: basic-query-for-swift-code + analyzing-data-flow-in-swift - :doc:`Basic query for Swift code `: Learn to write and run a simple CodeQL query. + +- :doc:`Analyzing data flow in Swift `: You can use CodeQL to track the flow of data through a Swift program to places where the data is used. From 5e7159f80045b44351562230db923043f2e8be02 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 26 Apr 2023 18:49:24 +0100 Subject: [PATCH 059/870] Swift: Minor edits. --- .../analyzing-data-flow-in-swift.rst | 21 ++++++++----------- 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst index 69b42f327d8..90576aac9f1 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst @@ -15,7 +15,7 @@ For a more general introduction to modeling data flow, see ":ref:`About data flo Local data flow --------------- -Local data flow tracks the flow of data within a single method or callable. Local data flow is easier, faster, and more precise than global data flow. Before looking at more complex tracking, you should always consider local tracking because it is sufficient for many queries. +Local data flow tracks the flow of data within a single function. Local data flow is easier, faster, and more precise than global data flow. Before looking at more complex tracking, you should always consider local tracking because it is sufficient for many queries. Using local data flow ~~~~~~~~~~~~~~~~~~~~~ @@ -36,7 +36,7 @@ The ``Node`` class has a number of useful subclasses, such as ``ExprNode`` for e */ ControlFlowNode getCfgNode() { none() } - ... + ... } You can use the predicates ``exprNode`` and ``parameterNode`` to map from expressions and parameters to their data-flow node: @@ -65,7 +65,7 @@ For example, you can find flow from an expression ``source`` to an expression `` Using local taint tracking ~~~~~~~~~~~~~~~~~~~~~~~~~~ -Local taint tracking extends local data flow to include flow steps where values are not preserved, for example, string manipulation. +Local taint tracking extends local data flow to include flow steps where values are not preserved, such as string manipulation. For example: .. code-block:: swift @@ -209,10 +209,10 @@ The global taint tracking library uses the same configuration module as the glob where MyTaintFlow::flow(source, sink) select source, "Taint flow to $@.", sink, sink.toString() -Predefined sources and sinks +Predefined sources ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The data flow library module ``codeql.swift.dataflow.FlowSources`` contains a number of predefined sources and sinks, providing a good starting point for defining data flow and taint flow based security queries. +The data flow library module ``codeql.swift.dataflow.FlowSources`` contains a number of predefined sources, providing a good starting point for defining data flow and taint flow based security queries. - The class ``RemoteFlowSource`` represents data flow from remote network inputs and from other applications. - The class ``LocalFlowSource`` represents data flow from local user input. @@ -221,11 +221,11 @@ The data flow library module ``codeql.swift.dataflow.FlowSources`` contains a nu Examples of global data flow ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The following global taint-tracking query finds places where a string literal is used in a function call argument called "password". +The following global taint-tracking query finds places where a string literal is used in a function call argument named "password". - Since this is a taint-tracking query, the ``TaintTracking::Global`` module is used. - The ``isSource`` predicate defines sources as any ``StringLiteralExpr``. - The ``isSink`` predicate defines sinks as arguments to a ``CallExpr`` called "password". - - The sources and sinks may need tuning to a particular use case, for example if passwords are represented by a type other than ``String`` or passed in arguments of a different name than "password". + - The sources and sinks may need tuning to a particular use, for example if passwords are represented by a type other than ``String`` or passed in arguments of a different name than "password". .. code-block:: ql @@ -245,8 +245,7 @@ The following global taint-tracking query finds places where a string literal is from DataFlow::Node sourceNode, DataFlow::Node sinkNode where ConstantPasswordFlow::flow(sourceNode, sinkNode) - select sinkNode, sourceNode, sinkNode, - "The value '" + sourceNode.toString() + "' is used as a constant password." + select sinkNode, "The value '" + sourceNode.toString() + "' is used as a constant password." The following global taint-tracking query finds places where a value from a remote or local user input is used as an argument to the SQLite ``Connection.execute(_:)`` function. @@ -256,7 +255,6 @@ The following global taint-tracking query finds places where a value from a remo .. code-block:: ql - import swift import codeql.swift.dataflow.DataFlow import codeql.swift.dataflow.TaintTracking @@ -277,8 +275,7 @@ The following global taint-tracking query finds places where a value from a remo from DataFlow::Node sourceNode, DataFlow::Node sinkNode where SqlInjectionFlow::flow(sourceNode, sinkNode) - select sinkNode, sourceNode, sinkNode, "This query depends on a $@.", sourceNode, - "user-provided value" + select sinkNode, "This query depends on a $@.", sourceNode, "user-provided value" Further reading --------------- From 6eefb268ddbc10c5178900a59077c5ba56f3c0c0 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Fri, 14 Apr 2023 12:35:59 +0200 Subject: [PATCH 060/870] Automodel extraction queries in java telemetry query directory --- .../AutomodelEndpointCharacteristics.qll | 320 ++++++++++++++++++ .../src/Telemetry/AutomodelEndpointTypes.qll | 60 ++++ .../Telemetry/AutomodelExtractCandidates.ql | 39 +++ .../AutomodelExtractNegativeExamples.ql | 36 ++ .../AutomodelExtractPositiveExamples.ql | 43 +++ .../AutomodelSharedCharacteristics.qll | 259 ++++++++++++++ 6 files changed, 757 insertions(+) create mode 100644 java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll create mode 100644 java/ql/src/Telemetry/AutomodelEndpointTypes.qll create mode 100644 java/ql/src/Telemetry/AutomodelExtractCandidates.ql create mode 100644 java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql create mode 100644 java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql create mode 100644 java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll diff --git a/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll b/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll new file mode 100644 index 00000000000..01c18ad2706 --- /dev/null +++ b/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll @@ -0,0 +1,320 @@ +/** + * For internal use only. + */ + +private import java +private import semmle.code.java.dataflow.DataFlow +private import semmle.code.java.dataflow.TaintTracking +private import semmle.code.java.security.PathCreation +private import semmle.code.java.dataflow.ExternalFlow as ExternalFlow +private import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl +private import semmle.code.java.security.ExternalAPIs as ExternalAPIs +private import semmle.code.java.Expr as Expr +private import semmle.code.java.security.QueryInjection +private import semmle.code.java.security.RequestForgery +import AutomodelSharedCharacteristics as SharedCharacteristics +import AutomodelEndpointTypes as AutomodelEndpointTypes + +module CandidatesImpl implements SharedCharacteristics::CandidateSig { + class Endpoint = DataFlow::ParameterNode; + + class EndpointType = AutomodelEndpointTypes::EndpointType; + + predicate isNegative(AutomodelEndpointTypes::EndpointType t) { + t instanceof AutomodelEndpointTypes::NegativeSinkType + } + + string getLocationString(Endpoint e) { result = e.getLocation().toString() } + + predicate isKnownLabel(string label, string humanReadableLabel, EndpointType type) { + label = "read-file" and + humanReadableLabel = "read file" and + type instanceof AutomodelEndpointTypes::TaintedPathSinkType + or + label = "create-file" and + humanReadableLabel = "create file" and + type instanceof AutomodelEndpointTypes::TaintedPathSinkType + or + label = "sql" and + humanReadableLabel = "mad modeled sql" and + type instanceof AutomodelEndpointTypes::SqlSinkType + or + label = "open-url" and + humanReadableLabel = "open url" and + type instanceof AutomodelEndpointTypes::RequestForgerySinkType + or + label = "jdbc-url" and + humanReadableLabel = "jdbc url" and + type instanceof AutomodelEndpointTypes::RequestForgerySinkType + or + label = "command-injection" and + humanReadableLabel = "command injection" and + type instanceof AutomodelEndpointTypes::CommandInjectionSinkType + } + + predicate isSink(Endpoint e, string label) { + exists( + string package, string type, boolean subtypes, string name, string signature, string ext, + string input + | + sinkSpec(e, package, type, subtypes, name, signature, ext, input) and + ExternalFlow::sinkModel(package, type, subtypes, name, [signature, ""], ext, input, label, _) + ) + } + + predicate isNeutral(Endpoint e) { + exists(string package, string type, string name, string signature | + sinkSpec(e, package, type, _, name, signature, _, _) and + ExternalFlow::neutralModel(package, type, name, [signature, ""], _) + ) + } + + additional predicate sinkSpec( + Endpoint e, string package, string type, boolean subtypes, string name, string signature, + string ext, string input + ) { + package = e.getEnclosingCallable().getDeclaringType().getPackage().toString() and + type = e.getEnclosingCallable().getDeclaringType().getName() and + subtypes = false and + name = e.getEnclosingCallable().getName() and + signature = ExternalFlow::paramsString(e.getEnclosingCallable()) and + ext = "" and + exists(int paramIdx | e.isParameterOf(_, paramIdx) | input = "Argument[" + paramIdx + "]") + } + + predicate hasMetadata(Endpoint n, string metadata) { + exists( + string package, string type, boolean subtypes, string name, string signature, string ext, + int input, string provenance, boolean isPublic, boolean isFinal, string calleeJavaDoc + | + hasMetadata(n, package, type, name, signature, input, isFinal, isPublic, calleeJavaDoc) and + (if isFinal = true then subtypes = false else subtypes = true) and + ext = "" and // see https://github.slack.com/archives/CP9127VUK/p1673979477496069 + provenance = "ai-generated" and + metadata = + "{" // + + "'Package': '" + package // + + "', 'Type': '" + type // + + "', 'Subtypes': " + subtypes // + + ", 'Name': '" + name // + + "', 'Signature': '" + signature // + + "', 'Ext': '" + ext // + + "', 'Argument index': " + input // + + ", 'Provenance': '" + provenance // + + "', 'Is public': " + isPublic // + + "', 'Callee JavaDoc': '" + calleeJavaDoc.replaceAll("'", "\"") // + + "'}" // TODO: Why are the curly braces added twice? + ) + } +} + +module CharacteristicsImpl = SharedCharacteristics::SharedCharacteristics; + +class EndpointCharacteristic = CharacteristicsImpl::EndpointCharacteristic; + +class Endpoint = CandidatesImpl::Endpoint; + +/* + * Predicates that are used to surface prompt examples and candidates for classification with an ML model. + */ + +/** + * Holds if `n` has the given metadata. + * + * This is a helper function to extract and export needed information about each endpoint. + */ +predicate hasMetadata( + Endpoint n, string package, string type, string name, string signature, int input, + boolean isFinal, boolean isPublic, string calleeJavaDoc +) { + exists(Callable callee | + n.asParameter() = callee.getParameter(input) and + package = callee.getDeclaringType().getPackage().getName() and + type = callee.getDeclaringType().getErasure().(RefType).nestedName() and + ( + if callee.isFinal() or callee.getDeclaringType().isFinal() + then isFinal = true + else isFinal = false + ) and + name = callee.getSourceDeclaration().getName() and + signature = ExternalFlow::paramsString(callee) and // TODO: Why are brackets being escaped (`\[\]` vs `[]`)? + (if callee.isPublic() then isPublic = true else isPublic = false) and + if exists(callee.(Documentable).getJavadoc()) + then calleeJavaDoc = callee.(Documentable).getJavadoc().toString() + else calleeJavaDoc = "" + ) +} + +/* + * EndpointCharacteristic classes that are specific to Automodel for Java. + */ + +/** + * A negative characteristic that indicates that an is-style boolean method is unexploitable even if it is a sink. + * + * A sink is highly unlikely to be exploitable if its callee's name starts with `is` and the callee has a boolean return + * type (e.g. `isDirectory`). These kinds of calls normally do only checks, and appear before the proper call that does + * the dangerous/interesting thing, so we want the latter to be modeled as the sink. + * + * TODO: this might filter too much, it's possible that methods with more than one parameter contain interesting sinks + */ +private class UnexploitableIsCharacteristic extends CharacteristicsImpl::NotASinkCharacteristic { + UnexploitableIsCharacteristic() { this = "unexploitable (is-style boolean method)" } + + override predicate appliesToEndpoint(Endpoint e) { + not CandidatesImpl::isSink(e, _) and + e.getEnclosingCallable().getName().matches("is%") and + e.getEnclosingCallable().getReturnType() instanceof BooleanType + } +} + +/** + * A negative characteristic that indicates that an existence-checking boolean method is unexploitable even if it is a + * sink. + * + * A sink is highly unlikely to be exploitable if its callee's name is `exists` or `notExists` and the callee has a + * boolean return type. These kinds of calls normally do only checks, and appear before the proper call that does the + * dangerous/interesting thing, so we want the latter to be modeled as the sink. + */ +private class UnexploitableExistsCharacteristic extends CharacteristicsImpl::NotASinkCharacteristic { + UnexploitableExistsCharacteristic() { this = "unexploitable (existence-checking boolean method)" } + + override predicate appliesToEndpoint(Endpoint e) { + not CandidatesImpl::isSink(e, _) and + exists(Callable callee | + callee = e.getEnclosingCallable() and + ( + callee.getName().toLowerCase() = "exists" or + callee.getName().toLowerCase() = "notexists" + ) and + callee.getReturnType() instanceof BooleanType + ) + } +} + +/** + * A negative characteristic that indicates that an endpoint is an argument to an exception, which is not a sink. + */ +private class ExceptionCharacteristic extends CharacteristicsImpl::NotASinkCharacteristic { + ExceptionCharacteristic() { this = "exception" } + + override predicate appliesToEndpoint(Endpoint e) { + e.getEnclosingCallable().getDeclaringType().getASupertype*() instanceof TypeThrowable + } +} + +/** + * A negative characteristic that indicates that an endpoint sits in a test file. + * + * WARNING: These endpoints should not be used as negative samples for training, because there can in fact be sinks in + * test files -- we just don't care to model them because they aren't exploitable. + */ +private class TestFileCharacteristic extends CharacteristicsImpl::LikelyNotASinkCharacteristic { + TestFileCharacteristic() { this = "test file" } + + override predicate appliesToEndpoint(Endpoint e) { + exists(File f | f = e.getLocation().getFile() and isInTestFile(f)) + } + + private predicate isInTestFile(File file) { + file.getAbsolutePath().matches("%src/test/%") or + file.getAbsolutePath().matches("%/guava-tests/%") or + file.getAbsolutePath().matches("%/guava-testlib/%") + } +} + +/** + * A negative characteristic that filters out calls to undocumented methods. The assumption is that methods that are + * intended / likely to be called from outside the package are documented. + * + * Note that in practice we have seen some interesting sinks in methods that are external-facing but undocumented (and + * appear in empty Javadoc pages), so this filter can be expected to lead to the loss of some interesting sinks. + */ +private class UndocumentedMethodCharacteristic extends CharacteristicsImpl::UninterestingToModelCharacteristic +{ + UndocumentedMethodCharacteristic() { this = "undocumented method" } + + override predicate appliesToEndpoint(Endpoint e) { + not exists(e.getEnclosingCallable().(Documentable).getJavadoc()) + } +} + +/** + * A negative characteristic that filters out non-public methods. Non-public methods are not interesting to include in + * the standard Java modeling, because they cannot be called from outside the package. + */ +private class NonPublicMethodCharacteristic extends CharacteristicsImpl::UninterestingToModelCharacteristic +{ + NonPublicMethodCharacteristic() { this = "non-public method" } + + override predicate appliesToEndpoint(Endpoint e) { not e.getEnclosingCallable().isPublic() } +} + +/** + * Holds if the given endpoint has a self-contradictory combination of characteristics. Detects errors in our endpoint + * characteristics. Lists the problematic characteristics and their implications for all such endpoints, together with + * an error message indicating why this combination is problematic. + * + * Copied from + * javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/ContradictoryEndpointCharacteristics.ql + */ +predicate erroneousEndpoints( + Endpoint endpoint, EndpointCharacteristic characteristic, + AutomodelEndpointTypes::EndpointType endpointType, float confidence, string errorMessage, + boolean ignoreKnownModelingErrors +) { + // An endpoint's characteristics should not include positive indicators with medium/high confidence for more than one + // sink/source type (including the negative type). + exists( + EndpointCharacteristic characteristic2, AutomodelEndpointTypes::EndpointType endpointClass2, + float confidence2 + | + endpointType != endpointClass2 and + ( + endpointType instanceof AutomodelEndpointTypes::SinkType and + endpointClass2 instanceof AutomodelEndpointTypes::SinkType + or + endpointType instanceof AutomodelEndpointTypes::SourceType and + endpointClass2 instanceof AutomodelEndpointTypes::SourceType + ) and + characteristic.appliesToEndpoint(endpoint) and + characteristic2.appliesToEndpoint(endpoint) and + characteristic.hasImplications(endpointType, true, confidence) and + characteristic2.hasImplications(endpointClass2, true, confidence2) and + confidence > SharedCharacteristics::mediumConfidence() and + confidence2 > SharedCharacteristics::mediumConfidence() and + ( + ignoreKnownModelingErrors = true and + not knownOverlappingCharacteristics(characteristic, characteristic2) + or + ignoreKnownModelingErrors = false + ) + ) and + errorMessage = "Endpoint has high-confidence positive indicators for multiple classes" + or + // An endpoint's characteristics should not include positive indicators with medium/high confidence for some class and + // also include negative indicators with medium/high confidence for this same class. + exists(EndpointCharacteristic characteristic2, float confidence2 | + characteristic.appliesToEndpoint(endpoint) and + characteristic2.appliesToEndpoint(endpoint) and + characteristic.hasImplications(endpointType, true, confidence) and + characteristic2.hasImplications(endpointType, false, confidence2) and + confidence > SharedCharacteristics::mediumConfidence() and + confidence2 > SharedCharacteristics::mediumConfidence() + ) and + ignoreKnownModelingErrors = false and + errorMessage = "Endpoint has high-confidence positive and negative indicators for the same class" +} + +/** + * Holds if `characteristic1` and `characteristic2` are among the pairs of currently known positive characteristics that + * have some overlap in their results. This indicates a problem with the underlying Java modeling. Specifically, + * `PathCreation` is prone to FPs. + */ +private predicate knownOverlappingCharacteristics( + EndpointCharacteristic characteristic1, EndpointCharacteristic characteristic2 +) { + characteristic1 != characteristic2 and + characteristic1 = ["mad taint step", "create path", "read file", "known non-sink"] and + characteristic2 = ["mad taint step", "create path", "read file", "known non-sink"] +} diff --git a/java/ql/src/Telemetry/AutomodelEndpointTypes.qll b/java/ql/src/Telemetry/AutomodelEndpointTypes.qll new file mode 100644 index 00000000000..7414837b605 --- /dev/null +++ b/java/ql/src/Telemetry/AutomodelEndpointTypes.qll @@ -0,0 +1,60 @@ +/** + * For internal use only. + * + * Defines the set of classes that endpoint scoring models can predict. Endpoint scoring models must + * only predict classes defined within this file. This file is the source of truth for the integer + * representation of each of these classes. + */ + +/** A class that can be predicted by a classifier. */ +abstract class EndpointType extends string { + /** + * Holds when the string matches the name of the sink / source type. + */ + bindingset[this] + EndpointType() { any() } + + /** + * Gets the name of the sink/source kind for this endpoint type as used in models-as-data. + * + * See https://github.com/github/codeql/blob/44213f0144fdd54bb679ca48d68b28dcf820f7a8/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll#LL353C11-L357C31 + */ + final string getKind() { result = this } +} + +/** A class for sink types that can be predicted by a classifier. */ +abstract class SinkType extends EndpointType { + bindingset[this] + SinkType() { any() } +} + +/** A class for source types that can be predicted by a classifier. */ +abstract class SourceType extends EndpointType { + bindingset[this] + SourceType() { any() } +} + +/** The `Negative` class for non-sinks. */ +class NegativeSinkType extends SinkType { + NegativeSinkType() { this = "non-sink" } +} + +/** A sink relevant to the SQL injection query */ +class SqlSinkType extends SinkType { + SqlSinkType() { this = "sql" } +} + +/** A sink relevant to the tainted path injection query. */ +class TaintedPathSinkType extends SinkType { + TaintedPathSinkType() { this = "tainted-path" } +} + +/** A sink relevant to the SSRF query. */ +class RequestForgerySinkType extends SinkType { + RequestForgerySinkType() { this = "ssrf" } +} + +/** A sink relevant to the command injection query. */ +class CommandInjectionSinkType extends SinkType { + CommandInjectionSinkType() { this = "command-injection" } +} diff --git a/java/ql/src/Telemetry/AutomodelExtractCandidates.ql b/java/ql/src/Telemetry/AutomodelExtractCandidates.ql new file mode 100644 index 00000000000..13a2988d505 --- /dev/null +++ b/java/ql/src/Telemetry/AutomodelExtractCandidates.ql @@ -0,0 +1,39 @@ +/** + * Surfaces the endpoints that pass the endpoint filters and are not already known to be sinks, and are therefore used + * as candidates for classification with an ML model. + * + * Note: This query does not actually classify the endpoints using the model. + * + * @name Automodel candidates + * @description A query to extract automodel candidates. + * @kind problem + * @severity info + * @id java/ml-powered/extract-automodel-candidates + * @tags automodel extract candidates + */ + +import AutomodelEndpointCharacteristics + +from Endpoint sinkCandidate, string message +where + not exists(CharacteristicsImpl::UninterestingToModelCharacteristic u | + u.appliesToEndpoint(sinkCandidate) + ) and + // If a node is already a known sink for any of our existing ATM queries and is already modeled as a MaD sink, we + // don't include it as a candidate. Otherwise, we might include it as a candidate for query A, but the model will + // label it as a sink for one of the sink types of query B, for which it's already a known sink. This would result in + // overlap between our detected sinks and the pre-existing modeling. We assume that, if a sink has already been + // modeled in a MaD model, then it doesn't belong to any additional sink types, and we don't need to reexamine it. + not CharacteristicsImpl::isSink(sinkCandidate, _) and + // The message is the concatenation of all sink types for which this endpoint is known neither to be a sink nor to be + // a non-sink, and we surface only endpoints that have at least one such sink type. + message = + strictconcat(AutomodelEndpointTypes::SinkType sinkType | + not CharacteristicsImpl::isKnownSink(sinkCandidate, sinkType) and + CharacteristicsImpl::isSinkCandidate(sinkCandidate, sinkType) + | + sinkType + ", " + ) + "\n" + + // Extract the needed metadata for this endpoint. + any(string metadata | CharacteristicsImpl::hasMetadata(sinkCandidate, metadata)) +select sinkCandidate, message diff --git a/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql b/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql new file mode 100644 index 00000000000..6612f422824 --- /dev/null +++ b/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql @@ -0,0 +1,36 @@ +/** + * Surfaces endpoints are non-sinks with high confidence, for use as negative examples in the prompt. + * + * @name Negative examples (experimental) + * @kind problem + * @severity info + * @id java/ml-powered/non-sink + * @tags automodel extract negative-examples + */ + +import AutomodelEndpointCharacteristics +import AutomodelEndpointTypes + +from Endpoint endpoint, EndpointCharacteristic characteristic, float confidence, string message +where + characteristic.appliesToEndpoint(endpoint) and + confidence >= SharedCharacteristics::highConfidence() and + characteristic.hasImplications(any(NegativeSinkType negative), true, confidence) and + // Exclude endpoints that have contradictory endpoint characteristics, because we only want examples we're highly + // certain about in the prompt. + not erroneousEndpoints(endpoint, _, _, _, _, false) and + // It's valid for a node to satisfy the logic for both `isSink` and `isSanitizer`, but in that case it will be + // treated by the actual query as a sanitizer, since the final logic is something like + // `isSink(n) and not isSanitizer(n)`. We don't want to include such nodes as negative examples in the prompt, because + // they're ambiguous and might confuse the model, so we explicitly exclude all known sinks from the negative examples. + not exists(EndpointCharacteristic characteristic2, float confidence2, SinkType positiveType | + not positiveType instanceof NegativeSinkType and + characteristic2.appliesToEndpoint(endpoint) and + confidence2 >= SharedCharacteristics::maximalConfidence() and + characteristic2.hasImplications(positiveType, true, confidence2) + ) and + message = + characteristic + "\n" + + // Extract the needed metadata for this endpoint. + any(string metadata | CharacteristicsImpl::hasMetadata(endpoint, metadata)) +select endpoint, message diff --git a/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql b/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql new file mode 100644 index 00000000000..3db636439fa --- /dev/null +++ b/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql @@ -0,0 +1,43 @@ +/** + * Surfaces endpoints are sinks with high confidence, for use as positive examples in the prompt. + * + * @name Positive examples (experimental) + * @kind problem + * @severity info + * @id java/ml-powered/known-sink + * @tags automodel extract positive-examples + */ + +private import java +private import semmle.code.java.security.ExternalAPIs as ExternalAPIs +private import AutomodelEndpointCharacteristics +private import AutomodelEndpointTypes + +// private import experimental.adaptivethreatmodeling.ATMConfigs // To import the configurations of all supported Java queries +/* + * ****** WARNING: ****** + * Before calling this query, make sure there's no codex-generated data extension file in `java/ql/lib/ext`. Otherwise, + * the ML-generated, noisy sinks will end up polluting the positive examples used in the prompt! + */ + +from Endpoint sink, SinkType sinkType, string message +where + // Exclude endpoints that have contradictory endpoint characteristics, because we only want examples we're highly + // certain about in the prompt. + not erroneousEndpoints(sink, _, _, _, _, false) and + // Extract positive examples of sinks belonging to the existing ATM query configurations. + ( + CharacteristicsImpl::isKnownSink(sink, sinkType) and + // If there are _any_ erroneous endpoints, return an error message for all rows. This will prevent us from + // accidentally running this query when there's a codex-generated data extension file in `java/ql/lib/ext`. + if not erroneousEndpoints(_, _, _, _, _, true) + then + message = + sinkType + "\n" + + // Extract the needed metadata for this endpoint. + any(string metadata | CharacteristicsImpl::hasMetadata(sink, metadata)) + else + message = + "Error: There are erroneous endpoints! Please check whether there's a codex-generated data extension file in `java/ql/lib/ext`." + ) +select sink, message diff --git a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll new file mode 100644 index 00000000000..0d8bb679c86 --- /dev/null +++ b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll @@ -0,0 +1,259 @@ +float maximalConfidence() { result = 1.0 } + +float highConfidence() { result = 0.9 } + +float mediumConfidence() { result = 0.6 } + +signature module CandidateSig { + class Endpoint; + + class EndpointType; + + string getLocationString(Endpoint e); + + /** + * Defines what labels are known, and what endpoint type they correspond to. + */ + predicate isKnownLabel(string label, string humanReadableLabel, EndpointType type); + + /** + * EndpointType must have a 'negative' type that denotes the absence of any sink. + * This predicate should hold for that type, and that type only. + */ + predicate isNegative(EndpointType t); + + /** + * Should hold for any endpoint that is a sink of the given (known or unknown) label. + */ + predicate isSink(Endpoint e, string label); + + /** + * Should hold for any endpoint that is known to not be any sink. + */ + predicate isNeutral(Endpoint e); + + /** + * Holds if `e` has the given metadata. + * + * This is a helper function to extract and export needed information about each endpoint in the sink candidate query + * as well as the queries that extract positive and negative examples for the prompt / training set. The metadata is + * extracted as a string in the format of a Python dictionary. + */ + predicate hasMetadata(Endpoint e, string metadata); +} + +module SharedCharacteristics { + predicate isNegative(Candidate::EndpointType e) { Candidate::isNegative(e) } + + predicate isSink(Candidate::Endpoint e, string label) { Candidate::isSink(e, label) } + + predicate isNeutral(Candidate::Endpoint e) { Candidate::isNeutral(e) } + + /** + * Holds if `sink` is a known sink of type `endpointType`. + */ + predicate isKnownSink(Candidate::Endpoint sink, Candidate::EndpointType endpointType) { + // If the list of characteristics includes positive indicators with maximal confidence for this class, then it's a + // known sink for the class. + not isNegative(endpointType) and + exists(EndpointCharacteristic characteristic | + characteristic.appliesToEndpoint(sink) and + characteristic.hasImplications(endpointType, true, maximalConfidence()) + ) + } + + /** + * Holds if the candidate sink `candidateSink` should be considered as a possible sink of type `sinkType`, and + * classified by the ML model. A candidate sink is a node that cannot be excluded from `sinkType` based on its + * characteristics. + */ + predicate isSinkCandidate(Candidate::Endpoint candidateSink, Candidate::EndpointType sinkType) { + not isNegative(sinkType) and + not exists(getAReasonSinkExcluded(candidateSink, sinkType)) + } + + predicate hasMetadata(Candidate::Endpoint n, string metadata) { + Candidate::hasMetadata(n, metadata) + } + + /** + * Gets the list of characteristics that cause `candidateSink` to be excluded as an effective sink for a given sink + * type. + */ + EndpointCharacteristic getAReasonSinkExcluded( + Candidate::Endpoint candidateSink, Candidate::EndpointType sinkType + ) { + // An endpoint is a sink candidate if none of its characteristics give much indication whether or not it is a sink. + not isNegative(sinkType) and + result.appliesToEndpoint(candidateSink) and + // Exclude endpoints that have a characteristic that implies they're not sinks for _any_ sink type. + ( + exists(float confidence | + confidence >= mediumConfidence() and + result.hasImplications(any(Candidate::EndpointType t | isNegative(t)), true, confidence) + ) + or + // Exclude endpoints that have a characteristic that implies they're not sinks for _this particular_ sink type. + exists(float confidence | + confidence >= mediumConfidence() and + result.hasImplications(sinkType, false, confidence) + ) + ) + } + + /** + * A set of characteristics that a particular endpoint might have. This set of characteristics is used to make decisions + * about whether to include the endpoint in the training set and with what label, as well as whether to score the + * endpoint at inference time. + */ + abstract class EndpointCharacteristic extends string { + /** + * Holds when the string matches the name of the characteristic, which should describe some characteristic of the + * endpoint that is meaningful for determining whether it's a sink and if so of which type + */ + bindingset[this] + EndpointCharacteristic() { any() } + + /** + * Holds for parameters that have this characteristic. This predicate contains the logic that applies characteristics + * to the appropriate set of dataflow parameters. + */ + abstract predicate appliesToEndpoint(Candidate::Endpoint n); + + /** + * This predicate describes what the characteristic tells us about an endpoint. + * + * Params: + * endpointType: The sink/source type. + * isPositiveIndicator: If true, this characteristic indicates that this endpoint _is_ a member of the class; if + * false, it indicates that it _isn't_ a member of the class. + * confidence: A float in [0, 1], which tells us how strong an indicator this characteristic is for the endpoint + * belonging / not belonging to the given class. A confidence near zero means this characteristic is a very weak + * indicator of whether or not the endpoint belongs to the class. A confidence of 1 means that all endpoints with + * this characteristic definitively do/don't belong to the class. + */ + abstract predicate hasImplications( + Candidate::EndpointType endpointType, boolean isPositiveIndicator, float confidence + ); + + /** Indicators with confidence at or above this threshold are considered to be high-confidence indicators. */ + final float getHighConfidenceThreshold() { result = 0.8 } + } + + /** + * A high-confidence characteristic that indicates that an endpoint is a sink of a specified type. These endpoints can + * be used as positive samples for training or for a few-shot prompt. + */ + abstract class SinkCharacteristic extends EndpointCharacteristic { + bindingset[this] + SinkCharacteristic() { any() } + + abstract Candidate::EndpointType getSinkType(); + + final override predicate hasImplications( + Candidate::EndpointType endpointType, boolean isPositiveIndicator, float confidence + ) { + endpointType = this.getSinkType() and + isPositiveIndicator = true and + confidence = maximalConfidence() + } + } + + /** + * Endpoints identified as sinks by the MaD modeling are sinks with maximal confidence. + */ + private class KnownSinkCharacteristic extends SinkCharacteristic { + string madLabel; + Candidate::EndpointType endpointType; + + KnownSinkCharacteristic() { Candidate::isKnownLabel(madLabel, this, endpointType) } + + override predicate appliesToEndpoint(Candidate::Endpoint e) { Candidate::isSink(e, madLabel) } + + override Candidate::EndpointType getSinkType() { result = endpointType } + } + + /** + * A high-confidence characteristic that indicates that an endpoint is not a sink of any type. These endpoints can be + * used as negative samples for training or for a few-shot prompt. + */ + abstract class NotASinkCharacteristic extends EndpointCharacteristic { + bindingset[this] + NotASinkCharacteristic() { any() } + + override predicate hasImplications( + Candidate::EndpointType endpointType, boolean isPositiveIndicator, float confidence + ) { + Candidate::isNegative(endpointType) and + isPositiveIndicator = true and + confidence = highConfidence() + } + } + + /** + * A negative characteristic that indicates that an endpoint is not part of the source code for the project being + * analyzed. + * + * WARNING: These endpoints should not be used as negative samples for training, because they are not necessarily + * non-sinks. They are merely not interesting sinks to run through the ML model. + */ + private class IsExternalCharacteristic extends LikelyNotASinkCharacteristic { + IsExternalCharacteristic() { this = "external" } + + override predicate appliesToEndpoint(Candidate::Endpoint e) { + not exists(Candidate::getLocationString(e)) + } + } + + /** + * A negative characteristic that indicates that an endpoint was manually modeled as a neutral model. + * + * TODO: It may be necessary to turn this into a LikelyNotASinkCharacteristic, pending answers to the definition of a + * neutral model (https://github.com/github/codeql-java-team/issues/254#issuecomment-1435309148). + */ + private class NeutralModelCharacteristic extends NotASinkCharacteristic { + NeutralModelCharacteristic() { this = "known non-sink" } + + override predicate appliesToEndpoint(Candidate::Endpoint e) { Candidate::isNeutral(e) } + } + + /** + * A medium-confidence characteristic that indicates that an endpoint is unlikely to be a sink of any type. These + * endpoints can be excluded from scoring at inference time, both to save time and to avoid false positives. They should + * not, however, be used as negative samples for training or for a few-shot prompt, because they may include a small + * number of sinks. + */ + abstract class LikelyNotASinkCharacteristic extends EndpointCharacteristic { + bindingset[this] + LikelyNotASinkCharacteristic() { any() } + + override predicate hasImplications( + Candidate::EndpointType endpointType, boolean isPositiveIndicator, float confidence + ) { + Candidate::isNegative(endpointType) and + isPositiveIndicator = true and + confidence = mediumConfidence() + } + } + + /** + * A characteristic that indicates not necessarily that an endpoint is not a sink, but rather that it is not a sink + * that's interesting to model in the standard Java libraries. These filters should be removed when extracting sink + * candidates within a user's codebase for customized modeling. + * + * These endpoints should not be used as negative samples for training or for a few-shot prompt, because they are not + * necessarily non-sinks. + */ + abstract class UninterestingToModelCharacteristic extends EndpointCharacteristic { + bindingset[this] + UninterestingToModelCharacteristic() { any() } + + override predicate hasImplications( + Candidate::EndpointType endpointType, boolean isPositiveIndicator, float confidence + ) { + Candidate::isNegative(endpointType) and + isPositiveIndicator = true and + confidence = mediumConfidence() + } + } +} From 3868defb87db7980056c7b221c9b119736c6f02d Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 26 Apr 2023 16:02:13 +0200 Subject: [PATCH 061/870] use ModelApi to define parameters worth modeling --- .../Telemetry/AutomodelEndpointCharacteristics.qll | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll b/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll index 01c18ad2706..185fb4f32e0 100644 --- a/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll @@ -12,6 +12,7 @@ private import semmle.code.java.security.ExternalAPIs as ExternalAPIs private import semmle.code.java.Expr as Expr private import semmle.code.java.security.QueryInjection private import semmle.code.java.security.RequestForgery +private import semmle.code.java.dataflow.internal.ModelExclusions as ModelExclusions import AutomodelSharedCharacteristics as SharedCharacteristics import AutomodelEndpointTypes as AutomodelEndpointTypes @@ -239,6 +240,18 @@ private class UndocumentedMethodCharacteristic extends CharacteristicsImpl::Unin } } +/** + * A characteristic that limits candidates to parameters of methods that are recognized as `ModelApi`, iow., APIs that + * are considered worth modelling. + */ +private class NotAModelApiParameter extends CharacteristicsImpl::UninterestingToModelCharacteristic { + NotAModelApiParameter() { this = "not a model API parameter" } + + override predicate appliesToEndpoint(Endpoint e) { + not exists(ModelExclusions::ModelApi api | api.getParameter(_) = e.asParameter()) + } +} + /** * A negative characteristic that filters out non-public methods. Non-public methods are not interesting to include in * the standard Java modeling, because they cannot be called from outside the package. From a91b71c53bdcd25a9a7c7dff24bda13296464701 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Thu, 27 Apr 2023 09:53:37 +0200 Subject: [PATCH 062/870] add parameter names to metadata, set subtypes = false for static method candidates; remove UndocumentedMethodCharacteristics, now that we use ModelApi --- .../AutomodelEndpointCharacteristics.qll | 34 +++++++------------ 1 file changed, 13 insertions(+), 21 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll b/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll index 185fb4f32e0..b1fc38e31cf 100644 --- a/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll @@ -83,13 +83,15 @@ module CandidatesImpl implements SharedCharacteristics::CandidateSig { exists(int paramIdx | e.isParameterOf(_, paramIdx) | input = "Argument[" + paramIdx + "]") } - predicate hasMetadata(Endpoint n, string metadata) { + predicate hasMetadata(Endpoint e, string metadata) { exists( string package, string type, boolean subtypes, string name, string signature, string ext, - int input, string provenance, boolean isPublic, boolean isFinal, string calleeJavaDoc + int input, string provenance, boolean isPublic, boolean isFinal, boolean isStatic, + string calleeJavaDoc | - hasMetadata(n, package, type, name, signature, input, isFinal, isPublic, calleeJavaDoc) and - (if isFinal = true then subtypes = false else subtypes = true) and + hasMetadata(e, package, type, name, signature, input, isFinal, isStatic, isPublic, + calleeJavaDoc) and + (if isFinal = true or isStatic = true then subtypes = false else subtypes = true) and ext = "" and // see https://github.slack.com/archives/CP9127VUK/p1673979477496069 provenance = "ai-generated" and metadata = @@ -98,6 +100,7 @@ module CandidatesImpl implements SharedCharacteristics::CandidateSig { + "', 'Type': '" + type // + "', 'Subtypes': " + subtypes // + ", 'Name': '" + name // + + ", 'ParamName': '" + e.toString() // + "', 'Signature': '" + signature // + "', 'Ext': '" + ext // + "', 'Argument index': " + input // @@ -126,12 +129,17 @@ class Endpoint = CandidatesImpl::Endpoint; */ predicate hasMetadata( Endpoint n, string package, string type, string name, string signature, int input, - boolean isFinal, boolean isPublic, string calleeJavaDoc + boolean isFinal, boolean isStatic, boolean isPublic, string calleeJavaDoc ) { exists(Callable callee | n.asParameter() = callee.getParameter(input) and package = callee.getDeclaringType().getPackage().getName() and type = callee.getDeclaringType().getErasure().(RefType).nestedName() and + ( + if callee.isStatic() or callee.getDeclaringType().isStatic() + then isStatic = true + else isStatic = false + ) and ( if callee.isFinal() or callee.getDeclaringType().isFinal() then isFinal = true @@ -224,22 +232,6 @@ private class TestFileCharacteristic extends CharacteristicsImpl::LikelyNotASink } } -/** - * A negative characteristic that filters out calls to undocumented methods. The assumption is that methods that are - * intended / likely to be called from outside the package are documented. - * - * Note that in practice we have seen some interesting sinks in methods that are external-facing but undocumented (and - * appear in empty Javadoc pages), so this filter can be expected to lead to the loss of some interesting sinks. - */ -private class UndocumentedMethodCharacteristic extends CharacteristicsImpl::UninterestingToModelCharacteristic -{ - UndocumentedMethodCharacteristic() { this = "undocumented method" } - - override predicate appliesToEndpoint(Endpoint e) { - not exists(e.getEnclosingCallable().(Documentable).getJavadoc()) - } -} - /** * A characteristic that limits candidates to parameters of methods that are recognized as `ModelApi`, iow., APIs that * are considered worth modelling. From ffe7c62766dd45a4e5d83de481cb5a659494cca1 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Thu, 27 Apr 2023 10:44:26 +0200 Subject: [PATCH 063/870] use US spelling --- java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll b/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll index b1fc38e31cf..eb4683b3cf4 100644 --- a/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll @@ -234,7 +234,7 @@ private class TestFileCharacteristic extends CharacteristicsImpl::LikelyNotASink /** * A characteristic that limits candidates to parameters of methods that are recognized as `ModelApi`, iow., APIs that - * are considered worth modelling. + * are considered worth modeling. */ private class NotAModelApiParameter extends CharacteristicsImpl::UninterestingToModelCharacteristic { NotAModelApiParameter() { this = "not a model API parameter" } From 52a8230ce357c88c91d68a5cb9f0ca2c82db6a44 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Thu, 27 Apr 2023 14:23:55 +0200 Subject: [PATCH 064/870] restructure shared characteristics module; add framework support for sanitizers --- .../AutomodelEndpointCharacteristics.qll | 3 + .../AutomodelExtractNegativeExamples.ql | 2 +- .../AutomodelExtractPositiveExamples.ql | 2 +- .../AutomodelSharedCharacteristics.qll | 106 +++++++++++------- 4 files changed, 69 insertions(+), 44 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll b/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll index eb4683b3cf4..4d134945071 100644 --- a/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll @@ -25,6 +25,9 @@ module CandidatesImpl implements SharedCharacteristics::CandidateSig { t instanceof AutomodelEndpointTypes::NegativeSinkType } + // Sanitizers are currently not modeled in MaD. TODO: check if this has large negative impact. + predicate isSanitizer(Endpoint e, EndpointType t) { none() } + string getLocationString(Endpoint e) { result = e.getLocation().toString() } predicate isKnownLabel(string label, string humanReadableLabel, EndpointType type) { diff --git a/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql b/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql index 6612f422824..de07f29f1e8 100644 --- a/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql +++ b/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql @@ -5,7 +5,7 @@ * @kind problem * @severity info * @id java/ml-powered/non-sink - * @tags automodel extract negative-examples + * @tags automodel extract examples negative */ import AutomodelEndpointCharacteristics diff --git a/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql b/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql index 3db636439fa..7c36a7a72b5 100644 --- a/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql +++ b/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql @@ -5,7 +5,7 @@ * @kind problem * @severity info * @id java/ml-powered/known-sink - * @tags automodel extract positive-examples + * @tags automodel extract examples positive */ private import java diff --git a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll index 0d8bb679c86..82c0ca5de54 100644 --- a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll @@ -4,11 +4,19 @@ float highConfidence() { result = 0.9 } float mediumConfidence() { result = 0.6 } +/** + * A specification of how to instantiate the shared characteristics for a given candidate class. + * + * The `CandidateSig` implementation specifies a type to use for Endpoints (eg., `ParameterNode`), as well as a type + * to label endpoint classes (the `EndpointType`). One of the endpoint classes needs to be a 'negative' class, meaning + * "not any of the other known endpoint types". + */ signature module CandidateSig { class Endpoint; class EndpointType; + /** The string representing the file+range of the endpoint. */ string getLocationString(Endpoint e); /** @@ -22,6 +30,11 @@ signature module CandidateSig { */ predicate isNegative(EndpointType t); + /** + * Should hold for any endpoint that is a flow sanitizer. + */ + predicate isSanitizer(Endpoint e, EndpointType t); + /** * Should hold for any endpoint that is a sink of the given (known or unknown) label. */ @@ -37,11 +50,23 @@ signature module CandidateSig { * * This is a helper function to extract and export needed information about each endpoint in the sink candidate query * as well as the queries that extract positive and negative examples for the prompt / training set. The metadata is - * extracted as a string in the format of a Python dictionary. + * extracted as a string in the format of a Python dictionary, eg.: + * + * `{'Package': 'com.foo.util', 'Type': 'HelperClass', ... }`. + * + * The meta data will be passed on to the machine learning code by the extraction queries. */ predicate hasMetadata(Endpoint e, string metadata); } +/** + * A set of shared characteristics for a given candidate class. + * + * This module is language-agnostic, although the `CandidateSig` module will be language-specific. + * + * The language specific implementation can also further extend the behaviour of this module by adding additional + * implementations of endpoint characteristics exported by this module. + */ module SharedCharacteristics { predicate isNegative(Candidate::EndpointType e) { Candidate::isNegative(e) } @@ -159,20 +184,6 @@ module SharedCharacteristics { } } - /** - * Endpoints identified as sinks by the MaD modeling are sinks with maximal confidence. - */ - private class KnownSinkCharacteristic extends SinkCharacteristic { - string madLabel; - Candidate::EndpointType endpointType; - - KnownSinkCharacteristic() { Candidate::isKnownLabel(madLabel, this, endpointType) } - - override predicate appliesToEndpoint(Candidate::Endpoint e) { Candidate::isSink(e, madLabel) } - - override Candidate::EndpointType getSinkType() { result = endpointType } - } - /** * A high-confidence characteristic that indicates that an endpoint is not a sink of any type. These endpoints can be * used as negative samples for training or for a few-shot prompt. @@ -190,33 +201,6 @@ module SharedCharacteristics { } } - /** - * A negative characteristic that indicates that an endpoint is not part of the source code for the project being - * analyzed. - * - * WARNING: These endpoints should not be used as negative samples for training, because they are not necessarily - * non-sinks. They are merely not interesting sinks to run through the ML model. - */ - private class IsExternalCharacteristic extends LikelyNotASinkCharacteristic { - IsExternalCharacteristic() { this = "external" } - - override predicate appliesToEndpoint(Candidate::Endpoint e) { - not exists(Candidate::getLocationString(e)) - } - } - - /** - * A negative characteristic that indicates that an endpoint was manually modeled as a neutral model. - * - * TODO: It may be necessary to turn this into a LikelyNotASinkCharacteristic, pending answers to the definition of a - * neutral model (https://github.com/github/codeql-java-team/issues/254#issuecomment-1435309148). - */ - private class NeutralModelCharacteristic extends NotASinkCharacteristic { - NeutralModelCharacteristic() { this = "known non-sink" } - - override predicate appliesToEndpoint(Candidate::Endpoint e) { Candidate::isNeutral(e) } - } - /** * A medium-confidence characteristic that indicates that an endpoint is unlikely to be a sink of any type. These * endpoints can be excluded from scoring at inference time, both to save time and to avoid false positives. They should @@ -256,4 +240,42 @@ module SharedCharacteristics { confidence = mediumConfidence() } } + + /** + * Contains default implementations that are derived solely from the `CandidateSig` implementation. + */ + private module DefaultCharacteristicImplementations { + /** + * Endpoints identified as sinks by the `CandidateSig` implementation are sinks with maximal confidence. + */ + private class KnownSinkCharacteristic extends SinkCharacteristic { + string madLabel; + Candidate::EndpointType endpointType; + + KnownSinkCharacteristic() { Candidate::isKnownLabel(madLabel, this, endpointType) } + + override predicate appliesToEndpoint(Candidate::Endpoint e) { Candidate::isSink(e, madLabel) } + + override Candidate::EndpointType getSinkType() { result = endpointType } + } + + /** + * A negative characteristic that indicates that an endpoint was manually modeled as a neutral model. + */ + private class NeutralModelCharacteristic extends NotASinkCharacteristic { + NeutralModelCharacteristic() { this = "known non-sink" } + + override predicate appliesToEndpoint(Candidate::Endpoint e) { Candidate::isNeutral(e) } + } + + /** + * A negative characteristic that indicates that an endpoint is not part of the source code for the project being + * analyzed. + */ + private class IsSanitizerCharacteristic extends NotASinkCharacteristic { + IsSanitizerCharacteristic() { this = "external" } + + override predicate appliesToEndpoint(Candidate::Endpoint e) { Candidate::isSanitizer(e, _) } + } + } } From adcf4a3dc2c0e08f6e93e137a87ab605db13b66f Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Thu, 27 Apr 2023 14:41:43 +0200 Subject: [PATCH 065/870] documentation clean-up --- java/ql/src/Telemetry/AutomodelExtractCandidates.ql | 4 ++-- .../ql/src/Telemetry/AutomodelExtractNegativeExamples.ql | 2 +- .../ql/src/Telemetry/AutomodelExtractPositiveExamples.ql | 9 +-------- java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll | 4 ++-- 4 files changed, 6 insertions(+), 13 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelExtractCandidates.ql b/java/ql/src/Telemetry/AutomodelExtractCandidates.ql index 13a2988d505..0bf1c7e4c6c 100644 --- a/java/ql/src/Telemetry/AutomodelExtractCandidates.ql +++ b/java/ql/src/Telemetry/AutomodelExtractCandidates.ql @@ -1,6 +1,6 @@ /** - * Surfaces the endpoints that pass the endpoint filters and are not already known to be sinks, and are therefore used - * as candidates for classification with an ML model. + * Surfaces the endpoints that are not already known to be sinks, and are therefore used as candidates for + * classification with an ML model. * * Note: This query does not actually classify the endpoints using the model. * diff --git a/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql b/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql index de07f29f1e8..08328e9e767 100644 --- a/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql +++ b/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql @@ -1,5 +1,5 @@ /** - * Surfaces endpoints are non-sinks with high confidence, for use as negative examples in the prompt. + * Surfaces endpoints that are non-sinks with high confidence, for use as negative examples in the prompt. * * @name Negative examples (experimental) * @kind problem diff --git a/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql b/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql index 7c36a7a72b5..95e9f682508 100644 --- a/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql +++ b/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql @@ -1,5 +1,5 @@ /** - * Surfaces endpoints are sinks with high confidence, for use as positive examples in the prompt. + * Surfaces endpoints that are sinks with high confidence, for use as positive examples in the prompt. * * @name Positive examples (experimental) * @kind problem @@ -13,13 +13,6 @@ private import semmle.code.java.security.ExternalAPIs as ExternalAPIs private import AutomodelEndpointCharacteristics private import AutomodelEndpointTypes -// private import experimental.adaptivethreatmodeling.ATMConfigs // To import the configurations of all supported Java queries -/* - * ****** WARNING: ****** - * Before calling this query, make sure there's no codex-generated data extension file in `java/ql/lib/ext`. Otherwise, - * the ML-generated, noisy sinks will end up polluting the positive examples used in the prompt! - */ - from Endpoint sink, SinkType sinkType, string message where // Exclude endpoints that have contradictory endpoint characteristics, because we only want examples we're highly diff --git a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll index 82c0ca5de54..58c46ceabd8 100644 --- a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll @@ -16,7 +16,7 @@ signature module CandidateSig { class EndpointType; - /** The string representing the file+range of the endpoint. */ + /** Gets the string representing the file+range of the endpoint. */ string getLocationString(Endpoint e); /** @@ -64,7 +64,7 @@ signature module CandidateSig { * * This module is language-agnostic, although the `CandidateSig` module will be language-specific. * - * The language specific implementation can also further extend the behaviour of this module by adding additional + * The language specific implementation can also further extend the behavior of this module by adding additional * implementations of endpoint characteristics exported by this module. */ module SharedCharacteristics { From 08854136fe300df35c6dc69f3f22eb6927c1621b Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 27 Apr 2023 13:55:09 +0100 Subject: [PATCH 066/870] Swift: QLDoc consistency. --- .../codeql-language-guides/analyzing-data-flow-in-swift.rst | 4 +++- .../ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst index 90576aac9f1..6ba39061232 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst @@ -43,7 +43,9 @@ You can use the predicates ``exprNode`` and ``parameterNode`` to map from expres .. code-block:: ql - /** Gets a node corresponding to expression `e`. */ + /** + * Gets a node corresponding to expression `e`. + */ ExprNode exprNode(DataFlowExpr e) { result.asExpr() = e } /** diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll index 6d3db9c04fa..74779ea3b37 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll @@ -129,7 +129,9 @@ class PostUpdateNode extends Node instanceof PostUpdateNodeImpl { Node getPreUpdateNode() { result = super.getPreUpdateNode() } } -/** Gets a node corresponding to expression `e`. */ +/** + * Gets a node corresponding to expression `e`. + */ ExprNode exprNode(DataFlowExpr e) { result.asExpr() = e } /** From e2e8e5ddd35c274ac3fa5ae7db9ea01e71a63b09 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 27 Apr 2023 13:58:41 +0100 Subject: [PATCH 067/870] Swift: Add swift-further-reading.rst --- docs/codeql/reusables/swift-further-reading.rst | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 docs/codeql/reusables/swift-further-reading.rst diff --git a/docs/codeql/reusables/swift-further-reading.rst b/docs/codeql/reusables/swift-further-reading.rst new file mode 100644 index 00000000000..306bc0fa0c0 --- /dev/null +++ b/docs/codeql/reusables/swift-further-reading.rst @@ -0,0 +1,4 @@ +- `CodeQL queries for Swift `__ +- `Example queries for Swift `__ +- `CodeQL library reference for Swift `__ + From 74274e834ec584260737d3f5bc9d100931e9b9d9 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 27 Apr 2023 16:47:26 +0100 Subject: [PATCH 068/870] Swift: Add the four complete examples from the doc pages to the examples directory. --- swift/ql/examples/snippets/empty_if.ql | 15 ++++++++++ .../snippets/simple_constant_password.ql | 26 ++++++++++++++++ .../examples/snippets/simple_sql_injection.ql | 30 +++++++++++++++++++ .../simple_uncontrolled_string_format.ql | 20 +++++++++++++ 4 files changed, 91 insertions(+) create mode 100644 swift/ql/examples/snippets/empty_if.ql create mode 100644 swift/ql/examples/snippets/simple_constant_password.ql create mode 100644 swift/ql/examples/snippets/simple_sql_injection.ql create mode 100644 swift/ql/examples/snippets/simple_uncontrolled_string_format.ql diff --git a/swift/ql/examples/snippets/empty_if.ql b/swift/ql/examples/snippets/empty_if.ql new file mode 100644 index 00000000000..6dd1c2ee1f0 --- /dev/null +++ b/swift/ql/examples/snippets/empty_if.ql @@ -0,0 +1,15 @@ +/** + * @name Empty 'if' statement + * @description Finds 'if' statements where the "then" branch is empty and no + * "else" branch exists. + * @id swift/examples/empty-if + * @tags example + */ + +import swift + +from IfStmt ifStmt +where + ifStmt.getThen().(BraceStmt).getNumberOfElements() = 0 and + not exists(ifStmt.getElse()) +select ifStmt, "This 'if' statement is redundant." diff --git a/swift/ql/examples/snippets/simple_constant_password.ql b/swift/ql/examples/snippets/simple_constant_password.ql new file mode 100644 index 00000000000..b101d700ec3 --- /dev/null +++ b/swift/ql/examples/snippets/simple_constant_password.ql @@ -0,0 +1,26 @@ +/** + * @name Constant password + * @description Finds places where a string literal is used in a function call + * argument named "password". + * @id swift/examples/simple-constant-password + * @tags example + */ + +import swift +import codeql.swift.dataflow.DataFlow +import codeql.swift.dataflow.TaintTracking + +module ConstantPasswordConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node.asExpr() instanceof StringLiteralExpr } + + predicate isSink(DataFlow::Node node) { + // any argument called `password` + exists(CallExpr call | call.getArgumentWithLabel("password").getExpr() = node.asExpr()) + } +} + +module ConstantPasswordFlow = TaintTracking::Global; + +from DataFlow::Node sourceNode, DataFlow::Node sinkNode +where ConstantPasswordFlow::flow(sourceNode, sinkNode) +select sinkNode, "The value '" + sourceNode.toString() + "' is used as a constant password." diff --git a/swift/ql/examples/snippets/simple_sql_injection.ql b/swift/ql/examples/snippets/simple_sql_injection.ql new file mode 100644 index 00000000000..6aaa3a50701 --- /dev/null +++ b/swift/ql/examples/snippets/simple_sql_injection.ql @@ -0,0 +1,30 @@ +/** + * @name Database query built from user-controlled sources + * @description Finds places where a value from a remote or local user input + * is used as an argument to the SQLite ``Connection.execute(_:)`` + * function. + * @id swift/examples/simple-sql-injection + * @tags example + */ + +import swift +import codeql.swift.dataflow.DataFlow +import codeql.swift.dataflow.TaintTracking +import codeql.swift.dataflow.FlowSources + +module SqlInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof FlowSource } + + predicate isSink(DataFlow::Node node) { + exists(CallExpr call | + call.getStaticTarget().(MethodDecl).hasQualifiedName("Connection", ["execute(_:)"]) and + call.getArgument(0).getExpr() = node.asExpr() + ) + } +} + +module SqlInjectionFlow = TaintTracking::Global; + +from DataFlow::Node sourceNode, DataFlow::Node sinkNode +where SqlInjectionFlow::flow(sourceNode, sinkNode) +select sinkNode, "This query depends on a $@.", sourceNode, "user-provided value" diff --git a/swift/ql/examples/snippets/simple_uncontrolled_string_format.ql b/swift/ql/examples/snippets/simple_uncontrolled_string_format.ql new file mode 100644 index 00000000000..ea4f34a1a9f --- /dev/null +++ b/swift/ql/examples/snippets/simple_uncontrolled_string_format.ql @@ -0,0 +1,20 @@ +/** + * @name Uncontrolled format string + * @description Finds calls to ``String.init(format:_:)`` where the format + * string is not a hard-coded string literal. + * @id swift/examples/simple-uncontrolled-format-string + * @tags example + */ + +import swift +import codeql.swift.dataflow.DataFlow + +from CallExpr call, MethodDecl method, Expr sinkExpr +where + call.getStaticTarget() = method and + method.hasQualifiedName("String", "init(format:_:)") and + sinkExpr = call.getArgument(0).getExpr() and + not exists(StringLiteralExpr sourceLiteral | + DataFlow::localFlow(DataFlow::exprNode(sourceLiteral), DataFlow::exprNode(sinkExpr)) + ) +select call, "Format argument to " + method.getName() + " isn't hard-coded." From 17077f3ec5989c6e7beba3a08612dc9ecc61b6d9 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 3 Jan 2023 15:47:34 +0000 Subject: [PATCH 069/870] Update OutParameter.getExitNode for implicit varargs slices --- .../lib/semmle/go/dataflow/FunctionInputsAndOutputs.qll | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/FunctionInputsAndOutputs.qll b/go/ql/lib/semmle/go/dataflow/FunctionInputsAndOutputs.qll index 2939f955a6f..fddf2c2ed23 100644 --- a/go/ql/lib/semmle/go/dataflow/FunctionInputsAndOutputs.qll +++ b/go/ql/lib/semmle/go/dataflow/FunctionInputsAndOutputs.qll @@ -282,7 +282,7 @@ private class OutReceiver extends FunctionOutput, TOutReceiver { /** * A parameter of a function, viewed as an output. * - * Note that slices passed to varargs parameters using `...` are not included, since in this + * Note that slices passed to variadic parameters using `...` are not included, since in this * case it is ambiguous whether the output should be the slice itself or one of its elements. */ private class OutParameter extends FunctionOutput, TOutParameter { @@ -300,9 +300,12 @@ private class OutParameter extends FunctionOutput, TOutParameter { override DataFlow::Node getExitNode(DataFlow::CallNode c) { exists(DataFlow::Node arg | - arg = getArgument(c, index) and - // exclude slices passed to varargs parameters using `...` calls + arg = c.getSyntacticArgument(index) and + // exclude slices followed by `...` passed to variadic parameters not (c.hasEllipsis() and index = c.getNumArgument() - 1) + or + arg = c.(DataFlow::MethodCallNode).getReceiver() and + index = -1 | result.(DataFlow::PostUpdateNode).getPreUpdateNode() = arg ) From 2d3fed9c072d59b6a9a0a221c997a11069616ab8 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 21 Dec 2022 04:01:42 +0000 Subject: [PATCH 070/870] Accept intended test result changes --- .../semmle/go/dataflow/ExternalFlowVarArgs/main.go | 4 ++-- .../go/dataflow/Nodes/CallNode_getArgument.expected | 8 +++----- .../test/library-tests/semmle/go/dataflow/VarArgs/main.go | 4 ++-- 3 files changed, 7 insertions(+), 9 deletions(-) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowVarArgs/main.go b/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowVarArgs/main.go index 40c2d31149b..79043e3f7bb 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowVarArgs/main.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowVarArgs/main.go @@ -24,7 +24,7 @@ func main() { sink(test.FunctionWithParameter(sSlice[1])) // $ taintflow dataflow sink(test.FunctionWithSliceParameter(sSlice)) // $ taintflow dataflow sink(test.FunctionWithVarArgsParameter(sSlice...)) // $ taintflow dataflow - sink(test.FunctionWithVarArgsParameter(s0, s1)) // $ MISSING: taintflow dataflow + sink(test.FunctionWithVarArgsParameter(s0, s1)) // $ taintflow dataflow sliceOfStructs := []test.A{{Field: source()}} sink(sliceOfStructs[0].Field) // $ taintflow dataflow @@ -34,5 +34,5 @@ func main() { aSlice := []test.A{a0, a1} sink(test.FunctionWithSliceOfStructsParameter(aSlice)) // $ taintflow dataflow sink(test.FunctionWithVarArgsOfStructsParameter(aSlice...)) // $ taintflow dataflow - sink(test.FunctionWithVarArgsOfStructsParameter(a0, a1)) // $ MISSING: taintflow dataflow + sink(test.FunctionWithVarArgsOfStructsParameter(a0, a1)) // $ taintflow dataflow } diff --git a/go/ql/test/library-tests/semmle/go/dataflow/Nodes/CallNode_getArgument.expected b/go/ql/test/library-tests/semmle/go/dataflow/Nodes/CallNode_getArgument.expected index fc391bafcff..2cc2fe8d3ee 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/Nodes/CallNode_getArgument.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/Nodes/CallNode_getArgument.expected @@ -1,6 +1,4 @@ -| main.go:7:2:7:25 | call to Println | 0 | main.go:7:14:7:24 | ...+... | -| main.go:10:2:10:19 | call to Println | 0 | main.go:10:14:10:18 | ...+... | +| main.go:7:2:7:25 | call to Println | 0 | main.go:7:2:7:25 | []type{args} | +| main.go:10:2:10:19 | call to Println | 0 | main.go:10:2:10:19 | []type{args} | | main.go:14:8:14:24 | call to make | 0 | main.go:14:23:14:23 | 1 | -| main.go:16:2:16:26 | call to Println | 0 | main.go:16:14:16:15 | ss | -| main.go:16:2:16:26 | call to Println | 1 | main.go:16:18:16:18 | 0 | -| main.go:16:2:16:26 | call to Println | 2 | main.go:16:21:16:25 | index expression | +| main.go:16:2:16:26 | call to Println | 0 | main.go:16:2:16:26 | []type{args} | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgs/main.go b/go/ql/test/library-tests/semmle/go/dataflow/VarArgs/main.go index a2b60745eb5..3c3d80f7342 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgs/main.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgs/main.go @@ -36,7 +36,7 @@ func main() { sSlice := []string{s0, s1} sink(functionWithSliceParameter(sSlice)) // $ taintflow dataflow sink(functionWithVarArgsParameter(sSlice...)) // $ taintflow dataflow - sink(functionWithVarArgsParameter(s0, s1)) // $ MISSING: taintflow dataflow + sink(functionWithVarArgsParameter(s0, s1)) // $ taintflow dataflow sliceOfStructs := []A{{f: source()}} sink(sliceOfStructs[0].f) // $ taintflow dataflow @@ -46,5 +46,5 @@ func main() { aSlice := []A{a0, a1} sink(functionWithSliceOfStructsParameter(aSlice)) // $ taintflow dataflow sink(functionWithVarArgsOfStructsParameter(aSlice...)) // $ taintflow dataflow - sink(functionWithVarArgsOfStructsParameter(a0, a1)) // $ MISSING: taintflow dataflow + sink(functionWithVarArgsOfStructsParameter(a0, a1)) // $ taintflow dataflow } From bc0f9030e3124cb12e2dddeb8c6ea614150ee8cc Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 13 Apr 2023 07:22:17 +0100 Subject: [PATCH 071/870] use CallNode.getSyntacticArgument --- go/ql/lib/semmle/go/StringOps.qll | 2 +- go/ql/lib/semmle/go/frameworks/Beego.qll | 6 +++--- go/ql/lib/semmle/go/frameworks/BeegoOrm.qll | 2 +- go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll | 4 ++-- go/ql/lib/semmle/go/frameworks/Email.qll | 4 ++-- go/ql/lib/semmle/go/frameworks/Glog.qll | 2 +- go/ql/lib/semmle/go/frameworks/Logrus.qll | 2 +- go/ql/lib/semmle/go/frameworks/Revel.qll | 4 ++-- go/ql/lib/semmle/go/frameworks/SQL.qll | 4 ++-- go/ql/lib/semmle/go/frameworks/Spew.qll | 2 +- .../semmle/go/frameworks/SystemCommandExecutors.qll | 13 +++++++------ go/ql/lib/semmle/go/frameworks/Zap.qll | 2 +- go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll | 2 +- go/ql/lib/semmle/go/frameworks/stdlib/Log.qll | 2 +- go/ql/lib/semmle/go/security/CommandInjection.qll | 6 +++--- go/ql/lib/semmle/go/security/Xss.qll | 4 ++-- go/ql/src/Security/CWE-352/ConstantOauth2State.ql | 2 +- go/ql/src/Security/CWE-601/BadRedirectCheck.ql | 2 +- go/ql/src/experimental/frameworks/CleverGo.qll | 2 +- go/ql/src/experimental/frameworks/Fiber.qll | 6 +++--- .../semmle/go/frameworks/SQL/Gorm/gorm.ql | 2 +- 21 files changed, 38 insertions(+), 37 deletions(-) diff --git a/go/ql/lib/semmle/go/StringOps.qll b/go/ql/lib/semmle/go/StringOps.qll index db86f3864f7..4a01d49c1c3 100644 --- a/go/ql/lib/semmle/go/StringOps.qll +++ b/go/ql/lib/semmle/go/StringOps.qll @@ -219,7 +219,7 @@ module StringOps { * replaced. */ DataFlow::Node getAReplacedArgument() { - exists(int n | n % 2 = 0 and result = this.getArgument(n)) + exists(int n | n % 2 = 0 and result = this.getSyntacticArgument(n)) } } diff --git a/go/ql/lib/semmle/go/frameworks/Beego.qll b/go/ql/lib/semmle/go/frameworks/Beego.qll index edd622ab75a..0446cb2bbbf 100644 --- a/go/ql/lib/semmle/go/frameworks/Beego.qll +++ b/go/ql/lib/semmle/go/frameworks/Beego.qll @@ -253,7 +253,7 @@ module Beego { this.getTarget().hasQualifiedName([packagePath(), logsPackagePath()], getALogFunctionName()) } - override DataFlow::Node getAMessageComponent() { result = this.getAnArgument() } + override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() } } private class BeegoLoggerMethods extends LoggerCall::Range, DataFlow::MethodCallNode { @@ -261,13 +261,13 @@ module Beego { this.getTarget().hasQualifiedName(logsPackagePath(), "BeeLogger", getALogFunctionName()) } - override DataFlow::Node getAMessageComponent() { result = this.getAnArgument() } + override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() } } private class UtilLoggers extends LoggerCall::Range, DataFlow::CallNode { UtilLoggers() { this.getTarget().hasQualifiedName(utilsPackagePath(), "Display") } - override DataFlow::Node getAMessageComponent() { result = this.getAnArgument() } + override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() } } private class HtmlQuoteSanitizer extends SharedXss::Sanitizer { diff --git a/go/ql/lib/semmle/go/frameworks/BeegoOrm.qll b/go/ql/lib/semmle/go/frameworks/BeegoOrm.qll index f83556c307f..ca5f7718082 100644 --- a/go/ql/lib/semmle/go/frameworks/BeegoOrm.qll +++ b/go/ql/lib/semmle/go/frameworks/BeegoOrm.qll @@ -33,7 +33,7 @@ module BeegoOrm { // Note this class doesn't do any escaping, unlike the true ORM part of the package QueryBuilderSink() { exists(Method impl | impl.implements(packagePath(), "QueryBuilder", _) | - this = impl.getACall().getAnArgument() + this = impl.getACall().getASyntacticArgument() ) and this.getType().getUnderlyingType() instanceof StringType } diff --git a/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll b/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll index fbbbccb4e05..30e421eb60a 100644 --- a/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll +++ b/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll @@ -90,7 +90,7 @@ module ElazarlGoproxy { onreqcall.getTarget().hasQualifiedName(packagePath(), "ProxyHttpServer", "OnRequest") | handlerReg.getReceiver() = onreqcall.getASuccessor*() and - check = onreqcall.getArgument(0) + check = onreqcall.getSyntacticArgument(0) ) } } @@ -119,6 +119,6 @@ module ElazarlGoproxy { private class ProxyLog extends LoggerCall::Range, DataFlow::MethodCallNode { ProxyLog() { this.getTarget() instanceof ProxyLogFunction } - override DataFlow::Node getAMessageComponent() { result = this.getAnArgument() } + override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() } } } diff --git a/go/ql/lib/semmle/go/frameworks/Email.qll b/go/ql/lib/semmle/go/frameworks/Email.qll index 3580aa8d7ae..a1d43d3c397 100644 --- a/go/ql/lib/semmle/go/frameworks/Email.qll +++ b/go/ql/lib/semmle/go/frameworks/Email.qll @@ -56,13 +56,13 @@ module EmailData { // func NewV3MailInit(from *Email, subject string, to *Email, content ...*Content) *SGMailV3 exists(Function newv3MailInit | newv3MailInit.hasQualifiedName(sendgridMail(), "NewV3MailInit") and - this = newv3MailInit.getACall().getArgument(any(int i | i = 1 or i >= 3)) + this = newv3MailInit.getACall().getSyntacticArgument(any(int i | i = 1 or i >= 3)) ) or // func (s *SGMailV3) AddContent(c ...*Content) *SGMailV3 exists(Method addContent | addContent.hasQualifiedName(sendgridMail(), "SGMailV3", "AddContent") and - this = addContent.getACall().getAnArgument() + this = addContent.getACall().getASyntacticArgument() ) } } diff --git a/go/ql/lib/semmle/go/frameworks/Glog.qll b/go/ql/lib/semmle/go/frameworks/Glog.qll index 48558a73f7e..bd874973c52 100644 --- a/go/ql/lib/semmle/go/frameworks/Glog.qll +++ b/go/ql/lib/semmle/go/frameworks/Glog.qll @@ -49,7 +49,7 @@ module Glog { GlogCall() { this = callee.getACall() } override DataFlow::Node getAMessageComponent() { - result = this.getArgument(any(int i | i >= callee.getFirstPrintedArg())) + result = this.getSyntacticArgument(any(int i | i >= callee.getFirstPrintedArg())) } } } diff --git a/go/ql/lib/semmle/go/frameworks/Logrus.qll b/go/ql/lib/semmle/go/frameworks/Logrus.qll index 40cdfe393ef..9d48f1fa7ff 100644 --- a/go/ql/lib/semmle/go/frameworks/Logrus.qll +++ b/go/ql/lib/semmle/go/frameworks/Logrus.qll @@ -31,7 +31,7 @@ module Logrus { private class LogCall extends LoggerCall::Range, DataFlow::CallNode { LogCall() { this = any(LogFunction f).getACall() } - override DataFlow::Node getAMessageComponent() { result = this.getAnArgument() } + override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() } } private class StringFormatters extends StringOps::Formatting::Range instanceof LogFunction { diff --git a/go/ql/lib/semmle/go/frameworks/Revel.qll b/go/ql/lib/semmle/go/frameworks/Revel.qll index ea873a3972a..622edf108f0 100644 --- a/go/ql/lib/semmle/go/frameworks/Revel.qll +++ b/go/ql/lib/semmle/go/frameworks/Revel.qll @@ -124,7 +124,7 @@ module Revel { or methodName = "RenderText" and contentType = "text/plain" and - this = methodCall.getAnArgument() + this = methodCall.getSyntacticArgument(_) ) } @@ -201,7 +201,7 @@ module Revel { ) or // a revel controller.Render(arg) will set controller.ViewArgs["arg"] = arg - exists(Variable arg | arg.getARead() = render.(ControllerRender).getAnArgument() | + exists(Variable arg | arg.getARead() = render.(ControllerRender).getASyntacticArgument() | var.getBaseVariable() = arg and var.getQualifiedName() = read.getFieldName() ) diff --git a/go/ql/lib/semmle/go/frameworks/SQL.qll b/go/ql/lib/semmle/go/frameworks/SQL.qll index 9e9e48550fc..185f0b3f2bf 100644 --- a/go/ql/lib/semmle/go/frameworks/SQL.qll +++ b/go/ql/lib/semmle/go/frameworks/SQL.qll @@ -225,7 +225,7 @@ module SQL { GormSink() { exists(Method meth, string package, string name | meth.hasQualifiedName(package, "DB", name) and - this = meth.getACall().getArgument(0) and + this = meth.getACall().getSyntacticArgument(0) and package = Gorm::packagePath() and name in [ "Where", "Raw", "Order", "Not", "Or", "Select", "Table", "Group", "Having", "Joins", @@ -272,7 +272,7 @@ module Xorm { XormSink() { exists(Method meth, string type, string name, int n | meth.hasQualifiedName(Xorm::packagePath(), type, name) and - this = meth.getACall().getArgument(n) and + this = meth.getACall().getSyntacticArgument(n) and type = ["Engine", "Session"] | name = diff --git a/go/ql/lib/semmle/go/frameworks/Spew.qll b/go/ql/lib/semmle/go/frameworks/Spew.qll index 7c4133dfd04..68ff4501ed9 100644 --- a/go/ql/lib/semmle/go/frameworks/Spew.qll +++ b/go/ql/lib/semmle/go/frameworks/Spew.qll @@ -41,7 +41,7 @@ module Spew { SpewCall() { this = target.getACall() } override DataFlow::Node getAMessageComponent() { - result = this.getArgument(any(int i | i >= target.getFirstPrintedArg())) + result = this.getSyntacticArgument(any(int i | i >= target.getFirstPrintedArg())) } } diff --git a/go/ql/lib/semmle/go/frameworks/SystemCommandExecutors.qll b/go/ql/lib/semmle/go/frameworks/SystemCommandExecutors.qll index 1e4b7637581..3728a6bee3c 100644 --- a/go/ql/lib/semmle/go/frameworks/SystemCommandExecutors.qll +++ b/go/ql/lib/semmle/go/frameworks/SystemCommandExecutors.qll @@ -14,11 +14,12 @@ private class ShellOrSudoExecution extends SystemCommandExecution::Range, DataFl ShellOrSudoExecution() { this instanceof SystemCommandExecution and - shellCommand = this.getAnArgument().getAPredecessor*() and - not hasSafeSubcommand(shellCommand.getStringValue(), this.getAnArgument().getStringValue()) + shellCommand = this.getASyntacticArgument().getAPredecessor*() and + not hasSafeSubcommand(shellCommand.getStringValue(), + this.getASyntacticArgument().getStringValue()) } - override DataFlow::Node getCommandName() { result = this.getAnArgument() } + override DataFlow::Node getCommandName() { result = this.getASyntacticArgument() } override predicate doubleDashIsSanitizing() { shellCommand.getStringValue().matches("%" + ["git", "rsync"]) @@ -49,7 +50,7 @@ private class SystemCommandExecutors extends SystemCommandExecution::Range, Data ) } - override DataFlow::Node getCommandName() { result = this.getArgument(cmdArg) } + override DataFlow::Node getCommandName() { result = this.getSyntacticArgument(cmdArg) } } /** @@ -76,7 +77,7 @@ private class GoShCommandExecution extends SystemCommandExecution::Range, DataFl ) } - override DataFlow::Node getCommandName() { result = this.getArgument(0) } + override DataFlow::Node getCommandName() { result = this.getSyntacticArgument(0) } } /** @@ -102,7 +103,7 @@ module CryptoSsh { ) } - override DataFlow::Node getCommandName() { result = this.getArgument(0) } + override DataFlow::Node getCommandName() { result = this.getSyntacticArgument(0) } } } diff --git a/go/ql/lib/semmle/go/frameworks/Zap.qll b/go/ql/lib/semmle/go/frameworks/Zap.qll index 7041c45a3c6..84feb3fb006 100644 --- a/go/ql/lib/semmle/go/frameworks/Zap.qll +++ b/go/ql/lib/semmle/go/frameworks/Zap.qll @@ -45,7 +45,7 @@ module Zap { private class ZapCall extends LoggerCall::Range, DataFlow::MethodCallNode { ZapCall() { this = any(ZapFunction f).getACall() } - override DataFlow::Node getAMessageComponent() { result = this.getAnArgument() } + override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() } } // These are expressed using TaintTracking::FunctionModel because varargs functions don't work with Models-as-Data sumamries yet. diff --git a/go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll b/go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll index dd65aee23a4..735c5657f78 100644 --- a/go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll +++ b/go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll @@ -30,7 +30,7 @@ module Fmt { private class PrintCall extends LoggerCall::Range, DataFlow::CallNode { PrintCall() { this.getTarget() instanceof Printer } - override DataFlow::Node getAMessageComponent() { result = this.getAnArgument() } + override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() } } /** The `Fprint` function or one of its variants. */ diff --git a/go/ql/lib/semmle/go/frameworks/stdlib/Log.qll b/go/ql/lib/semmle/go/frameworks/stdlib/Log.qll index f465009a255..b821058bda0 100644 --- a/go/ql/lib/semmle/go/frameworks/stdlib/Log.qll +++ b/go/ql/lib/semmle/go/frameworks/stdlib/Log.qll @@ -27,7 +27,7 @@ module Log { private class LogCall extends LoggerCall::Range, DataFlow::CallNode { LogCall() { this = any(LogFunction f).getACall() } - override DataFlow::Node getAMessageComponent() { result = this.getAnArgument() } + override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() } } /** A fatal log function, which calls `os.Exit`. */ diff --git a/go/ql/lib/semmle/go/security/CommandInjection.qll b/go/ql/lib/semmle/go/security/CommandInjection.qll index a3bc2747e7a..2b68b5563c6 100644 --- a/go/ql/lib/semmle/go/security/CommandInjection.qll +++ b/go/ql/lib/semmle/go/security/CommandInjection.qll @@ -47,7 +47,7 @@ module CommandInjection { exists(DataFlow::CallNode c | this = c and (c = Builtin::append().getACall() or c = any(SystemCommandExecution sce)) and - c.getArgument(doubleDashIndex).getStringValue() = "--" + c.getSyntacticArgument(doubleDashIndex).getStringValue() = "--" ) or // array/slice literal containing a "--" @@ -63,7 +63,7 @@ module CommandInjection { alreadyHasDoubleDash.getType() instanceof SliceType ) and this = userCall and - DataFlow::localFlow(alreadyHasDoubleDash, userCall.getArgument(doubleDashIndex)) + DataFlow::localFlow(alreadyHasDoubleDash, userCall.getSyntacticArgument(doubleDashIndex)) ) } @@ -71,7 +71,7 @@ module CommandInjection { exists(int sanitizedIndex | sanitizedIndex > doubleDashIndex and ( - result = this.(DataFlow::CallNode).getArgument(sanitizedIndex) or + result = this.(DataFlow::CallNode).getSyntacticArgument(sanitizedIndex) or result = DataFlow::exprNode(this.asExpr().(ArrayOrSliceLit).getElement(sanitizedIndex)) ) ) diff --git a/go/ql/lib/semmle/go/security/Xss.qll b/go/ql/lib/semmle/go/security/Xss.qll index 98b6da02fe8..245c320fff8 100644 --- a/go/ql/lib/semmle/go/security/Xss.qll +++ b/go/ql/lib/semmle/go/security/Xss.qll @@ -73,12 +73,12 @@ module SharedXss { exists(body.getAContentTypeNode()) or exists(DataFlow::CallNode call | call.getTarget().hasQualifiedName("fmt", "Fprintf") | - body = call.getAnArgument() and + body = call.getASyntacticArgument() and // checks that the format value does not start with (ignoring whitespace as defined by // https://mimesniff.spec.whatwg.org/#whitespace-byte): // - '<', which could lead to an HTML content type being detected, or // - '%', which could be a format string. - call.getArgument(1).getStringValue().regexpMatch("(?s)[\\t\\n\\x0c\\r ]*+[^<%].*") + call.getSyntacticArgument(1).getStringValue().regexpMatch("(?s)[\\t\\n\\x0c\\r ]*+[^<%].*") ) or exists(DataFlow::Node pred | body = pred.getASuccessor*() | diff --git a/go/ql/src/Security/CWE-352/ConstantOauth2State.ql b/go/ql/src/Security/CWE-352/ConstantOauth2State.ql index 9a5cb10b84f..abe982f7fe5 100644 --- a/go/ql/src/Security/CWE-352/ConstantOauth2State.ql +++ b/go/ql/src/Security/CWE-352/ConstantOauth2State.ql @@ -109,7 +109,7 @@ class PrivateUrlFlowsToAuthCodeUrlCall extends DataFlow::Configuration { exists(DataFlow::CallNode cn | cn.getACalleeIncludingExternals().asFunction() instanceof Fmt::AppenderOrSprinter | - pred = cn.getAnArgument() and succ = cn.getResult() + pred = cn.getASyntacticArgument() and succ = cn.getResult() ) } diff --git a/go/ql/src/Security/CWE-601/BadRedirectCheck.ql b/go/ql/src/Security/CWE-601/BadRedirectCheck.ql index 9beb2fe160b..a04f197abab 100644 --- a/go/ql/src/Security/CWE-601/BadRedirectCheck.ql +++ b/go/ql/src/Security/CWE-601/BadRedirectCheck.ql @@ -121,7 +121,7 @@ class Configuration extends TaintTracking::Configuration { ) or exists(DataFlow::CallNode call, int i | call.getTarget().hasQualifiedName("path", "Join") | - i > 0 and node = call.getArgument(i) + i > 0 and node = call.getSyntacticArgument(i) ) } diff --git a/go/ql/src/experimental/frameworks/CleverGo.qll b/go/ql/src/experimental/frameworks/CleverGo.qll index 4b39ea005fd..2433ba4997a 100644 --- a/go/ql/src/experimental/frameworks/CleverGo.qll +++ b/go/ql/src/experimental/frameworks/CleverGo.qll @@ -278,7 +278,7 @@ private module CleverGo { or // signature: func (*Context) Stringf(code int, format string, a ...interface{}) error methodName = "Stringf" and - bodyNode = bodySetterCall.getArgument([1, any(int i | i >= 2)]) and + bodyNode = bodySetterCall.getSyntacticArgument([1, any(int i | i >= 2)]) and contentTypeString = "text/plain" or // signature: func (*Context) XML(code int, data interface{}) error diff --git a/go/ql/src/experimental/frameworks/Fiber.qll b/go/ql/src/experimental/frameworks/Fiber.qll index cfc65afdc1c..ed2182a5ce8 100644 --- a/go/ql/src/experimental/frameworks/Fiber.qll +++ b/go/ql/src/experimental/frameworks/Fiber.qll @@ -183,7 +183,7 @@ private module Fiber { // signature: func (*Ctx) Append(field string, values ...string) methodName = "Append" and headerNameNode = headerSetterCall.getArgument(0) and - headerValueNode = headerSetterCall.getArgument(any(int i | i >= 1)) + headerValueNode = headerSetterCall.getSyntacticArgument(any(int i | i >= 1)) or // signature: func (*Ctx) Set(key string, val string) methodName = "Set" and @@ -270,7 +270,7 @@ private module Fiber { or // signature: func (*Ctx) Send(bodies ...interface{}) methodName = "Send" and - bodyNode = bodySetterCall.getArgument(_) + bodyNode = bodySetterCall.getSyntacticArgument(_) or // signature: func (*Ctx) SendBytes(body []byte) methodName = "SendBytes" and @@ -286,7 +286,7 @@ private module Fiber { or // signature: func (*Ctx) Write(bodies ...interface{}) methodName = "Write" and - bodyNode = bodySetterCall.getArgument(_) + bodyNode = bodySetterCall.getSyntacticArgument(_) ) ) ) diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SQL/Gorm/gorm.ql b/go/ql/test/library-tests/semmle/go/frameworks/SQL/Gorm/gorm.ql index 47a9e0bbc8d..e08b506deaf 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/SQL/Gorm/gorm.ql +++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/Gorm/gorm.ql @@ -1,5 +1,5 @@ import go from SQL::QueryString qs, Method meth, string a, string b, string c -where meth.hasQualifiedName(a, b, c) and qs = meth.getACall().getArgument(0) +where meth.hasQualifiedName(a, b, c) and qs = meth.getACall().getSyntacticArgument(0) select qs, a, b, c From f2368a944182ed386ad077109b58413ad6004c9a Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 13 Apr 2023 07:22:47 +0100 Subject: [PATCH 072/870] Do not use variadic sink fn in tests --- .../frameworks/CleverGo/UntrustedSources.go | 12 ++++-------- go/ql/test/experimental/frameworks/CleverGo/stubs.go | 2 +- .../frameworks/Fiber/UntrustedFlowSources.go | 12 +++++------- go/ql/test/experimental/frameworks/Fiber/stubs.go | 2 +- 4 files changed, 11 insertions(+), 17 deletions(-) diff --git a/go/ql/test/experimental/frameworks/CleverGo/UntrustedSources.go b/go/ql/test/experimental/frameworks/CleverGo/UntrustedSources.go index 4df9ddabd89..53451c2a315 100644 --- a/go/ql/test/experimental/frameworks/CleverGo/UntrustedSources.go +++ b/go/ql/test/experimental/frameworks/CleverGo/UntrustedSources.go @@ -14,10 +14,8 @@ func UntrustedSources_ClevergoTechClevergoV052() { { var receiverContext656 clevergo.Context resultUsername414, resultPassword518, _ := receiverContext656.BasicAuth() - sink( - resultUsername414, // $ untrustedFlowSource - resultPassword518, // $ untrustedFlowSource - ) + sink(resultUsername414) // $ untrustedFlowSource + sink(resultPassword518) // $ untrustedFlowSource } // func (*Context).Decode(v interface{}) (err error) { @@ -102,10 +100,8 @@ func UntrustedSources_ClevergoTechClevergoV052() { // Untrusted flow sources from clevergo.tech/clevergo.Param struct fields. { structParam246 := new(clevergo.Param) - sink( - structParam246.Key, // $ untrustedFlowSource - structParam246.Value, // $ untrustedFlowSource - ) + sink(structParam246.Key) // $ untrustedFlowSource + sink(structParam246.Value) // $ untrustedFlowSource } } // Untrusted flow sources from types. diff --git a/go/ql/test/experimental/frameworks/CleverGo/stubs.go b/go/ql/test/experimental/frameworks/CleverGo/stubs.go index d435852dedb..27806846860 100644 --- a/go/ql/test/experimental/frameworks/CleverGo/stubs.go +++ b/go/ql/test/experimental/frameworks/CleverGo/stubs.go @@ -7,6 +7,6 @@ func source() interface{} { return nil } -func sink(v ...interface{}) {} +func sink(v interface{}) {} func link(from interface{}, into interface{}) {} diff --git a/go/ql/test/experimental/frameworks/Fiber/UntrustedFlowSources.go b/go/ql/test/experimental/frameworks/Fiber/UntrustedFlowSources.go index 3e09a633694..f3178dbaca4 100644 --- a/go/ql/test/experimental/frameworks/Fiber/UntrustedFlowSources.go +++ b/go/ql/test/experimental/frameworks/Fiber/UntrustedFlowSources.go @@ -121,13 +121,11 @@ func UntrustedFlowSources_GithubComGofiberFiberV1146() { // Untrusted flow sources from github.com/gofiber/fiber.Cookie struct fields. { structCookie322 := new(fiber.Cookie) - sink( - structCookie322.Domain, // $ untrustedFlowSource - structCookie322.Name, // $ untrustedFlowSource - structCookie322.Path, // $ untrustedFlowSource - structCookie322.SameSite, // $ untrustedFlowSource - structCookie322.Value, // $ untrustedFlowSource - ) + sink(structCookie322.Domain) // $ untrustedFlowSource + sink(structCookie322.Name) // $ untrustedFlowSource + sink(structCookie322.Path) // $ untrustedFlowSource + sink(structCookie322.SameSite) // $ untrustedFlowSource + sink(structCookie322.Value) // $ untrustedFlowSource } // Untrusted flow sources from github.com/gofiber/fiber.Error struct fields. { diff --git a/go/ql/test/experimental/frameworks/Fiber/stubs.go b/go/ql/test/experimental/frameworks/Fiber/stubs.go index d435852dedb..27806846860 100644 --- a/go/ql/test/experimental/frameworks/Fiber/stubs.go +++ b/go/ql/test/experimental/frameworks/Fiber/stubs.go @@ -7,6 +7,6 @@ func source() interface{} { return nil } -func sink(v ...interface{}) {} +func sink(v interface{}) {} func link(from interface{}, into interface{}) {} From 3f095db853d75a3d74eb826660b3771500c18cf1 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 13 Apr 2023 07:41:32 +0100 Subject: [PATCH 073/870] Formatted parameters always a variadic parameter --- go/ql/lib/semmle/go/StringOps.qll | 7 +------ go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll | 2 -- go/ql/lib/semmle/go/frameworks/Glog.qll | 2 -- go/ql/lib/semmle/go/frameworks/Logrus.qll | 2 -- go/ql/lib/semmle/go/frameworks/Spew.qll | 2 -- go/ql/lib/semmle/go/frameworks/Zap.qll | 2 -- go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll | 2 -- go/ql/lib/semmle/go/frameworks/stdlib/Log.qll | 2 -- 8 files changed, 1 insertion(+), 20 deletions(-) diff --git a/go/ql/lib/semmle/go/StringOps.qll b/go/ql/lib/semmle/go/StringOps.qll index 4a01d49c1c3..20e4d387af8 100644 --- a/go/ql/lib/semmle/go/StringOps.qll +++ b/go/ql/lib/semmle/go/StringOps.qll @@ -304,11 +304,6 @@ module StringOps { * Gets the parameter index of the format string. */ abstract int getFormatStringIndex(); - - /** - * Gets the parameter index of the first parameter to be formatted. - */ - abstract int getFirstFormattedParameterIndex(); } /** @@ -336,7 +331,7 @@ module StringOps { formatDirective = this.getComponent(n) and formatDirective.charAt(0) = "%" and formatDirective.charAt(1) != "%" and - result = this.getArgument((n / 2) + f.getFirstFormattedParameterIndex()) + result = this.getImplicitVarargsArgument((n / 2)) } } } diff --git a/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll b/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll index 30e421eb60a..0cc5fe9505a 100644 --- a/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll +++ b/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll @@ -112,8 +112,6 @@ module ElazarlGoproxy { ProxyLogFunction() { this.hasQualifiedName(packagePath(), "ProxyCtx", ["Logf", "Warnf"]) } override int getFormatStringIndex() { result = 0 } - - override int getFirstFormattedParameterIndex() { result = 1 } } private class ProxyLog extends LoggerCall::Range, DataFlow::MethodCallNode { diff --git a/go/ql/lib/semmle/go/frameworks/Glog.qll b/go/ql/lib/semmle/go/frameworks/Glog.qll index bd874973c52..f9f5c9e3f11 100644 --- a/go/ql/lib/semmle/go/frameworks/Glog.qll +++ b/go/ql/lib/semmle/go/frameworks/Glog.qll @@ -39,8 +39,6 @@ module Glog { StringFormatter() { this.getName().matches("%f") } override int getFormatStringIndex() { result = super.getFirstPrintedArg() } - - override int getFirstFormattedParameterIndex() { result = super.getFirstPrintedArg() + 1 } } private class GlogCall extends LoggerCall::Range, DataFlow::CallNode { diff --git a/go/ql/lib/semmle/go/frameworks/Logrus.qll b/go/ql/lib/semmle/go/frameworks/Logrus.qll index 9d48f1fa7ff..9b93049acfb 100644 --- a/go/ql/lib/semmle/go/frameworks/Logrus.qll +++ b/go/ql/lib/semmle/go/frameworks/Logrus.qll @@ -43,7 +43,5 @@ module Logrus { } override int getFormatStringIndex() { result = argOffset } - - override int getFirstFormattedParameterIndex() { result = argOffset + 1 } } } diff --git a/go/ql/lib/semmle/go/frameworks/Spew.qll b/go/ql/lib/semmle/go/frameworks/Spew.qll index 68ff4501ed9..b12bd0fed81 100644 --- a/go/ql/lib/semmle/go/frameworks/Spew.qll +++ b/go/ql/lib/semmle/go/frameworks/Spew.qll @@ -31,8 +31,6 @@ module Spew { StringFormatter() { this.getName().matches("%f") } override int getFormatStringIndex() { result = super.getFirstPrintedArg() } - - override int getFirstFormattedParameterIndex() { result = super.getFirstPrintedArg() + 1 } } private class SpewCall extends LoggerCall::Range, DataFlow::CallNode { diff --git a/go/ql/lib/semmle/go/frameworks/Zap.qll b/go/ql/lib/semmle/go/frameworks/Zap.qll index 84feb3fb006..359f9aba410 100644 --- a/go/ql/lib/semmle/go/frameworks/Zap.qll +++ b/go/ql/lib/semmle/go/frameworks/Zap.qll @@ -32,8 +32,6 @@ module Zap { ZapFormatter() { this.getName().matches("%f") } override int getFormatStringIndex() { result = 0 } - - override int getFirstFormattedParameterIndex() { result = 1 } } /** diff --git a/go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll b/go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll index 735c5657f78..725692754a9 100644 --- a/go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll +++ b/go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll @@ -66,8 +66,6 @@ module Fmt { } override int getFormatStringIndex() { result = argOffset } - - override int getFirstFormattedParameterIndex() { result = argOffset + 1 } } /** The `Sscan` function or one of its variants. */ diff --git a/go/ql/lib/semmle/go/frameworks/stdlib/Log.qll b/go/ql/lib/semmle/go/frameworks/stdlib/Log.qll index b821058bda0..90db1067ece 100644 --- a/go/ql/lib/semmle/go/frameworks/stdlib/Log.qll +++ b/go/ql/lib/semmle/go/frameworks/stdlib/Log.qll @@ -20,8 +20,6 @@ module Log { LogFormatter() { this.getName().matches("%f") } override int getFormatStringIndex() { result = 0 } - - override int getFirstFormattedParameterIndex() { result = 1 } } private class LogCall extends LoggerCall::Range, DataFlow::CallNode { From bd3aaf0306d4e0382ae1cda051a63926f0a6dee3 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Fri, 28 Apr 2023 10:16:18 +0200 Subject: [PATCH 074/870] remove comment that no longer applies --- java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll | 3 --- 1 file changed, 3 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll b/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll index 4d134945071..77425071792 100644 --- a/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll @@ -217,9 +217,6 @@ private class ExceptionCharacteristic extends CharacteristicsImpl::NotASinkChara /** * A negative characteristic that indicates that an endpoint sits in a test file. - * - * WARNING: These endpoints should not be used as negative samples for training, because there can in fact be sinks in - * test files -- we just don't care to model them because they aren't exploitable. */ private class TestFileCharacteristic extends CharacteristicsImpl::LikelyNotASinkCharacteristic { TestFileCharacteristic() { this = "test file" } From f3c1c53b54e97300efd2ae17495a16e46ae1da90 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 26 Apr 2023 16:29:31 +0100 Subject: [PATCH 075/870] Add CallExpr.getCalleeType() This avoids using `getTarget()`, so it works even when that doesn't exist (for example when calling a variable with function type). --- go/ql/lib/semmle/go/Expr.qll | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/go/ql/lib/semmle/go/Expr.qll b/go/ql/lib/semmle/go/Expr.qll index ad84b50ff0e..127ba95a9dd 100644 --- a/go/ql/lib/semmle/go/Expr.qll +++ b/go/ql/lib/semmle/go/Expr.qll @@ -885,6 +885,15 @@ class CallExpr extends CallOrConversionExpr { ) } + /** + * Gets the signature type of the invoked function. + * + * Note that it avoids calling `getTarget()` so that it works even when that + * predicate isn't defined, for example when calling a variable with function + * type. + */ + SignatureType getCalleeType() { result = this.getCalleeExpr().getType() } + /** Gets the declared target of this call. */ Function getTarget() { this.getCalleeExpr() = result.getAReference() } From b928f13d9460673e6598027a062e8184882fc124 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 26 Apr 2023 16:30:51 +0100 Subject: [PATCH 076/870] Add `CallExpr.hasImplicitArgs()` --- go/ql/lib/semmle/go/Expr.qll | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/go/ql/lib/semmle/go/Expr.qll b/go/ql/lib/semmle/go/Expr.qll index 127ba95a9dd..90f838c2174 100644 --- a/go/ql/lib/semmle/go/Expr.qll +++ b/go/ql/lib/semmle/go/Expr.qll @@ -857,6 +857,12 @@ class CallExpr extends CallOrConversionExpr { /** Gets the number of argument expressions of this call. */ int getNumArgument() { result = count(this.getAnArgument()) } + /** Holds if this call has implicit variadic arguments. */ + predicate hasImplicitVarargs() { + this.getCalleeType().isVariadic() and + not this.hasEllipsis() + } + /** * Gets an argument with an ellipsis after it which is passed to a varargs * parameter, as in `f(x...)`. From 52cc61198d88824f8087312c81d26e6cc8a43934 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 26 Apr 2023 16:33:34 +0100 Subject: [PATCH 077/870] Use `CallExpr.hasImplicitArgs()` --- .../go/dataflow/internal/DataFlowNodes.qll | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll index 5ab830d7272..b3dce743f5c 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll @@ -10,7 +10,7 @@ private newtype TNode = MkInstructionNode(IR::Instruction insn) or MkSsaNode(SsaDefinition ssa) or MkGlobalFunctionNode(Function f) or - MkImplicitVarargsSlice(CallExpr c) { c.getTarget().isVariadic() and not c.hasEllipsis() } or + MkImplicitVarargsSlice(CallExpr c) { c.hasImplicitVarargs() } or MkSummarizedParameterNode(SummarizedCallable c, int i) { FlowSummaryImpl::Private::summaryParameterNodeRange(c, i) } or @@ -572,13 +572,9 @@ module Public { * predicate `getArgument` on `CallExpr`, which gets the syntactic arguments. */ Node getArgument(int i) { - exists(SignatureType t, int lastParamIndex | - t = this.getACalleeIncludingExternals().getType() and - lastParamIndex = t.getNumParameter() - 1 - | + exists(int lastParamIndex | lastParamIndex = expr.getCalleeType().getNumParameter() - 1 | if - not this.hasEllipsis() and - t.isVariadic() and + expr.hasImplicitVarargs() and i >= lastParamIndex then result.(ImplicitVarargsSlice).getCallNode() = this and @@ -598,11 +594,10 @@ module Public { * the varargs parameter of the target of this call (if there is one). */ Node getImplicitVarargsArgument(int i) { - not this.hasEllipsis() and i >= 0 and - exists(Function f | f = this.getTarget() | - f.isVariadic() and - result = this.getSyntacticArgument(f.getNumParameter() - 1 + i) + expr.hasImplicitVarargs() and + exists(int lastParamIndex | lastParamIndex = expr.getCalleeType().getNumParameter() - 1 | + result = this.getSyntacticArgument(lastParamIndex + i) ) } From c7c0a73b90dc947a4329b5c829e9344662c89122 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 27 Apr 2023 10:31:55 +0100 Subject: [PATCH 078/870] Accept review suggestions --- .../go/dataflow/internal/DataFlowNodes.qll | 23 ++++++++----------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll index b3dce743f5c..6bee34aa585 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll @@ -551,7 +551,7 @@ module Public { } /** - * Gets the data flow node corresponding to an argument of this call, where + * Gets a data flow node corresponding to an argument of this call, where * tuple extraction has been done but arguments corresponding to a variadic * parameter are still considered separate. */ @@ -567,20 +567,17 @@ module Public { * For calls of the form `f(g())` where `g` has multiple results, the arguments of the call to * `i` are the (implicit) element extraction nodes for the call to `g`. * - * For calls to variadic functions without an ellipsis (`...`), there is a single argument of type - * `ImplicitVarargsSlice` corresponding to the variadic parameter. This is in contrast to the member - * predicate `getArgument` on `CallExpr`, which gets the syntactic arguments. + * Returns a single `Node` corresponding to a variadic parameter. If there is no corresponding + * argument with an ellipsis (`...`), then it is a `ImplicitVarargsSlice`. This is in contrast + * to `getArgument` on `CallExpr`, which gets the syntactic arguments. Use + * `getSyntacticArgument` to get that behavior. */ Node getArgument(int i) { - exists(int lastParamIndex | lastParamIndex = expr.getCalleeType().getNumParameter() - 1 | - if - expr.hasImplicitVarargs() and - i >= lastParamIndex - then - result.(ImplicitVarargsSlice).getCallNode() = this and - i = lastParamIndex - else result = this.getSyntacticArgument(i) - ) + result = this.getSyntacticArgument(i) and + not (expr.hasImplicitVarargs() and i >= expr.getCalleeType().getNumParameter() - 1) + or + i = expr.getCalleeType().getNumParameter() - 1 and + result.(ImplicitVarargsSlice).getCallNode() = this } /** Gets the data flow node corresponding to an argument of this call. */ From 8415c4a4eb8f291c1e3e29f8fb1d365424f0e57a Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 28 Apr 2023 05:57:09 +0100 Subject: [PATCH 079/870] Remove ArgumentNode assumption --- .../semmle/go/frameworks/stdlib/NetHttp.qll | 66 ++++++++++--------- 1 file changed, 35 insertions(+), 31 deletions(-) diff --git a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll index 51db02a5cbe..5a4d76f763d 100644 --- a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll +++ b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll @@ -134,40 +134,44 @@ module NetHttp { result = call.getReceiver() } - private class ResponseBody extends Http::ResponseBody::Range, DataFlow::ArgumentNode { + private class ResponseBody extends Http::ResponseBody::Range, DataFlow::Node { DataFlow::Node responseWriter; ResponseBody() { - exists(DataFlow::CallNode call | - // A direct call to ResponseWriter.Write, conveying taint from the argument to the receiver - call.getTarget().(Method).implements("net/http", "ResponseWriter", "Write") and - this = call.getArgument(0) and - responseWriter = call.(DataFlow::MethodCallNode).getReceiver() - ) - or - exists(TaintTracking::FunctionModel model | - // A modeled function conveying taint from some input to the response writer, - // e.g. `io.Copy(responseWriter, someTaintedReader)` - model.taintStep(this, responseWriter) and - responseWriter.getType().implements("net/http", "ResponseWriter") - ) - or - exists( - SummarizedCallable callable, DataFlow::CallNode call, SummaryComponentStack input, - SummaryComponentStack output - | - callable = call.getACalleeIncludingExternals() and callable.propagatesFlow(input, output, _) - | - // A modeled function conveying taint from some input to the response writer, - // e.g. `io.Copy(responseWriter, someTaintedReader)` - // NB. SummarizedCallables do not implement a direct call-site-crossing flow step; instead - // they are implemented by a function body with internal dataflow nodes, so we mimic the - // one-step style for the particular case of taint propagation direct from an argument or receiver - // to another argument, receiver or return value, matching the behavior for a `TaintTracking::FunctionModel`. - this = getSummaryInputOrOutputNode(call, input) and - responseWriter.(DataFlow::PostUpdateNode).getPreUpdateNode() = - getSummaryInputOrOutputNode(call, output) and - responseWriter.getType().implements("net/http", "ResponseWriter") + this = any(DataFlow::CallNode call).getASyntacticArgument() and + ( + exists(DataFlow::CallNode call | + // A direct call to ResponseWriter.Write, conveying taint from the argument to the receiver + call.getTarget().(Method).implements("net/http", "ResponseWriter", "Write") and + this = call.getArgument(0) and + responseWriter = call.(DataFlow::MethodCallNode).getReceiver() + ) + or + exists(TaintTracking::FunctionModel model | + // A modeled function conveying taint from some input to the response writer, + // e.g. `io.Copy(responseWriter, someTaintedReader)` + model.taintStep(this, responseWriter) and + responseWriter.getType().implements("net/http", "ResponseWriter") + ) + or + exists( + SummarizedCallable callable, DataFlow::CallNode call, SummaryComponentStack input, + SummaryComponentStack output + | + callable = call.getACalleeIncludingExternals() and + callable.propagatesFlow(input, output, _) + | + // A modeled function conveying taint from some input to the response writer, + // e.g. `io.Copy(responseWriter, someTaintedReader)` + // NB. SummarizedCallables do not implement a direct call-site-crossing flow step; instead + // they are implemented by a function body with internal dataflow nodes, so we mimic the + // one-step style for the particular case of taint propagation direct from an argument or receiver + // to another argument, receiver or return value, matching the behavior for a `TaintTracking::FunctionModel`. + this = getSummaryInputOrOutputNode(call, input) and + responseWriter.(DataFlow::PostUpdateNode).getPreUpdateNode() = + getSummaryInputOrOutputNode(call, output) and + responseWriter.getType().implements("net/http", "ResponseWriter") + ) ) } From faf846bd586c1a8deabab62758e4154625bd459e Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 27 Apr 2023 21:40:01 +0100 Subject: [PATCH 080/870] C++: Disable flow through nodes that are sources of phi edges' back edges. --- .../CWE/CWE-193/InvalidPointerDeref.ql | 2 + .../InvalidPointerDeref.expected | 161 ------------------ .../CWE/CWE-193/pointer-deref/test.cpp | 14 +- 3 files changed, 9 insertions(+), 168 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql index 2f77fff2ebf..46506cdff5d 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql @@ -229,6 +229,8 @@ module InvalidPointerToDerefConfig implements DataFlow::ConfigSig { pragma[inline] predicate isSink(DataFlow::Node sink) { isInvalidPointerDerefSink(sink, _, _) } + + predicate isBarrier(DataFlow::Node node) { node = any(DataFlow::SsaPhiNode phi).getAnInput(true) } } module InvalidPointerToDerefFlow = DataFlow::Global; diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected index 338def9dfe0..8f863b7c50c 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected @@ -359,99 +359,50 @@ edges | test.cpp:48:16:48:16 | q | test.cpp:42:14:42:15 | Load: * ... | | test.cpp:48:16:48:16 | q | test.cpp:44:14:44:21 | Load: * ... | | test.cpp:51:7:51:14 | mk_array indirection | test.cpp:60:19:60:26 | call to mk_array | -| test.cpp:51:33:51:35 | end | test.cpp:60:34:60:37 | mk_array output argument | | test.cpp:52:19:52:24 | call to malloc | test.cpp:51:7:51:14 | mk_array indirection | | test.cpp:52:19:52:24 | call to malloc | test.cpp:53:12:53:16 | begin | -| test.cpp:53:5:53:23 | ... = ... | test.cpp:51:33:51:35 | end | -| test.cpp:53:12:53:16 | begin | test.cpp:53:5:53:23 | ... = ... | -| test.cpp:53:12:53:16 | begin | test.cpp:53:12:53:23 | ... + ... | -| test.cpp:53:12:53:23 | ... + ... | test.cpp:51:33:51:35 | end | | test.cpp:60:19:60:26 | call to mk_array | test.cpp:62:39:62:39 | p | | test.cpp:60:19:60:26 | call to mk_array | test.cpp:66:39:66:39 | p | | test.cpp:60:19:60:26 | call to mk_array | test.cpp:70:38:70:38 | p | -| test.cpp:60:34:60:37 | mk_array output argument | test.cpp:62:32:62:34 | end | -| test.cpp:60:34:60:37 | mk_array output argument | test.cpp:66:32:66:34 | end | -| test.cpp:60:34:60:37 | mk_array output argument | test.cpp:70:31:70:33 | end | -| test.cpp:62:32:62:34 | end | test.cpp:67:9:67:14 | Store: ... = ... | -| test.cpp:66:32:66:34 | end | test.cpp:67:9:67:14 | Store: ... = ... | -| test.cpp:70:31:70:33 | end | test.cpp:67:9:67:14 | Store: ... = ... | | test.cpp:80:9:80:16 | mk_array indirection [begin] | test.cpp:89:19:89:26 | call to mk_array [begin] | | test.cpp:80:9:80:16 | mk_array indirection [begin] | test.cpp:119:18:119:25 | call to mk_array [begin] | -| test.cpp:80:9:80:16 | mk_array indirection [end] | test.cpp:89:19:89:26 | call to mk_array [end] | -| test.cpp:80:9:80:16 | mk_array indirection [end] | test.cpp:119:18:119:25 | call to mk_array [end] | | test.cpp:82:5:82:28 | ... = ... | test.cpp:82:9:82:13 | arr indirection [post update] [begin] | | test.cpp:82:9:82:13 | arr indirection [post update] [begin] | test.cpp:80:9:80:16 | mk_array indirection [begin] | | test.cpp:82:9:82:13 | arr indirection [post update] [begin] | test.cpp:83:15:83:17 | arr indirection [begin] | | test.cpp:82:17:82:22 | call to malloc | test.cpp:82:5:82:28 | ... = ... | -| test.cpp:83:5:83:30 | ... = ... | test.cpp:83:9:83:11 | arr indirection [post update] [end] | -| test.cpp:83:9:83:11 | arr indirection [post update] [end] | test.cpp:80:9:80:16 | mk_array indirection [end] | | test.cpp:83:15:83:17 | arr indirection [begin] | test.cpp:83:19:83:23 | begin indirection | -| test.cpp:83:15:83:30 | ... + ... | test.cpp:83:5:83:30 | ... = ... | -| test.cpp:83:19:83:23 | begin | test.cpp:83:5:83:30 | ... = ... | -| test.cpp:83:19:83:23 | begin | test.cpp:83:15:83:30 | ... + ... | | test.cpp:83:19:83:23 | begin indirection | test.cpp:83:19:83:23 | begin | | test.cpp:89:19:89:26 | call to mk_array [begin] | test.cpp:91:20:91:22 | arr indirection [begin] | | test.cpp:89:19:89:26 | call to mk_array [begin] | test.cpp:95:20:95:22 | arr indirection [begin] | | test.cpp:89:19:89:26 | call to mk_array [begin] | test.cpp:99:20:99:22 | arr indirection [begin] | -| test.cpp:89:19:89:26 | call to mk_array [end] | test.cpp:91:36:91:38 | arr indirection [end] | -| test.cpp:89:19:89:26 | call to mk_array [end] | test.cpp:95:36:95:38 | arr indirection [end] | -| test.cpp:89:19:89:26 | call to mk_array [end] | test.cpp:99:35:99:37 | arr indirection [end] | | test.cpp:91:20:91:22 | arr indirection [begin] | test.cpp:91:24:91:28 | begin | | test.cpp:91:20:91:22 | arr indirection [begin] | test.cpp:91:24:91:28 | begin indirection | | test.cpp:91:24:91:28 | begin | test.cpp:91:47:91:47 | p | | test.cpp:91:24:91:28 | begin indirection | test.cpp:91:47:91:47 | p | -| test.cpp:91:36:91:38 | arr indirection [end] | test.cpp:91:40:91:42 | end | -| test.cpp:91:36:91:38 | arr indirection [end] | test.cpp:91:40:91:42 | end indirection | -| test.cpp:91:40:91:42 | end | test.cpp:96:9:96:14 | Store: ... = ... | -| test.cpp:91:40:91:42 | end indirection | test.cpp:91:40:91:42 | end | | test.cpp:95:20:95:22 | arr indirection [begin] | test.cpp:95:24:95:28 | begin | | test.cpp:95:20:95:22 | arr indirection [begin] | test.cpp:95:24:95:28 | begin indirection | | test.cpp:95:24:95:28 | begin | test.cpp:95:47:95:47 | p | | test.cpp:95:24:95:28 | begin indirection | test.cpp:95:47:95:47 | p | -| test.cpp:95:36:95:38 | arr indirection [end] | test.cpp:95:40:95:42 | end | -| test.cpp:95:36:95:38 | arr indirection [end] | test.cpp:95:40:95:42 | end indirection | -| test.cpp:95:40:95:42 | end | test.cpp:96:9:96:14 | Store: ... = ... | -| test.cpp:95:40:95:42 | end indirection | test.cpp:95:40:95:42 | end | | test.cpp:99:20:99:22 | arr indirection [begin] | test.cpp:99:24:99:28 | begin | | test.cpp:99:20:99:22 | arr indirection [begin] | test.cpp:99:24:99:28 | begin indirection | | test.cpp:99:24:99:28 | begin | test.cpp:99:46:99:46 | p | | test.cpp:99:24:99:28 | begin indirection | test.cpp:99:46:99:46 | p | -| test.cpp:99:35:99:37 | arr indirection [end] | test.cpp:99:39:99:41 | end | -| test.cpp:99:35:99:37 | arr indirection [end] | test.cpp:99:39:99:41 | end indirection | -| test.cpp:99:39:99:41 | end | test.cpp:96:9:96:14 | Store: ... = ... | -| test.cpp:99:39:99:41 | end indirection | test.cpp:99:39:99:41 | end | | test.cpp:104:27:104:29 | arr [begin] | test.cpp:105:20:105:22 | arr indirection [begin] | | test.cpp:104:27:104:29 | arr [begin] | test.cpp:109:20:109:22 | arr indirection [begin] | | test.cpp:104:27:104:29 | arr [begin] | test.cpp:113:20:113:22 | arr indirection [begin] | -| test.cpp:104:27:104:29 | arr [end] | test.cpp:105:36:105:38 | arr indirection [end] | -| test.cpp:104:27:104:29 | arr [end] | test.cpp:109:36:109:38 | arr indirection [end] | -| test.cpp:104:27:104:29 | arr [end] | test.cpp:113:35:113:37 | arr indirection [end] | | test.cpp:105:20:105:22 | arr indirection [begin] | test.cpp:105:24:105:28 | begin | | test.cpp:105:20:105:22 | arr indirection [begin] | test.cpp:105:24:105:28 | begin indirection | | test.cpp:105:24:105:28 | begin | test.cpp:105:47:105:47 | p | | test.cpp:105:24:105:28 | begin indirection | test.cpp:105:47:105:47 | p | -| test.cpp:105:36:105:38 | arr indirection [end] | test.cpp:105:40:105:42 | end | -| test.cpp:105:36:105:38 | arr indirection [end] | test.cpp:105:40:105:42 | end indirection | -| test.cpp:105:40:105:42 | end | test.cpp:110:9:110:14 | Store: ... = ... | -| test.cpp:105:40:105:42 | end indirection | test.cpp:105:40:105:42 | end | | test.cpp:109:20:109:22 | arr indirection [begin] | test.cpp:109:24:109:28 | begin | | test.cpp:109:20:109:22 | arr indirection [begin] | test.cpp:109:24:109:28 | begin indirection | | test.cpp:109:24:109:28 | begin | test.cpp:109:47:109:47 | p | | test.cpp:109:24:109:28 | begin indirection | test.cpp:109:47:109:47 | p | -| test.cpp:109:36:109:38 | arr indirection [end] | test.cpp:109:40:109:42 | end | -| test.cpp:109:36:109:38 | arr indirection [end] | test.cpp:109:40:109:42 | end indirection | -| test.cpp:109:40:109:42 | end | test.cpp:110:9:110:14 | Store: ... = ... | -| test.cpp:109:40:109:42 | end indirection | test.cpp:109:40:109:42 | end | | test.cpp:113:20:113:22 | arr indirection [begin] | test.cpp:113:24:113:28 | begin | | test.cpp:113:20:113:22 | arr indirection [begin] | test.cpp:113:24:113:28 | begin indirection | | test.cpp:113:24:113:28 | begin | test.cpp:113:46:113:46 | p | | test.cpp:113:24:113:28 | begin indirection | test.cpp:113:46:113:46 | p | -| test.cpp:113:35:113:37 | arr indirection [end] | test.cpp:113:39:113:41 | end | -| test.cpp:113:35:113:37 | arr indirection [end] | test.cpp:113:39:113:41 | end indirection | -| test.cpp:113:39:113:41 | end | test.cpp:110:9:110:14 | Store: ... = ... | -| test.cpp:113:39:113:41 | end indirection | test.cpp:113:39:113:41 | end | | test.cpp:119:18:119:25 | call to mk_array [begin] | test.cpp:104:27:104:29 | arr [begin] | -| test.cpp:119:18:119:25 | call to mk_array [end] | test.cpp:104:27:104:29 | arr [end] | | test.cpp:124:15:124:20 | call to malloc | test.cpp:125:5:125:17 | ... = ... | | test.cpp:124:15:124:20 | call to malloc | test.cpp:126:15:126:15 | p | | test.cpp:125:5:125:17 | ... = ... | test.cpp:125:9:125:13 | arr indirection [post update] [begin] | @@ -466,23 +417,15 @@ edges | test.cpp:137:15:137:19 | begin indirection | test.cpp:137:15:137:19 | begin | | test.cpp:141:10:141:19 | mk_array_p indirection [begin] | test.cpp:150:20:150:29 | call to mk_array_p indirection [begin] | | test.cpp:141:10:141:19 | mk_array_p indirection [begin] | test.cpp:180:19:180:28 | call to mk_array_p indirection [begin] | -| test.cpp:141:10:141:19 | mk_array_p indirection [end] | test.cpp:150:20:150:29 | call to mk_array_p indirection [end] | -| test.cpp:141:10:141:19 | mk_array_p indirection [end] | test.cpp:180:19:180:28 | call to mk_array_p indirection [end] | | test.cpp:143:5:143:29 | ... = ... | test.cpp:143:10:143:14 | arr indirection [post update] [begin] | | test.cpp:143:10:143:14 | arr indirection [post update] [begin] | test.cpp:141:10:141:19 | mk_array_p indirection [begin] | | test.cpp:143:10:143:14 | arr indirection [post update] [begin] | test.cpp:144:16:144:18 | arr indirection [begin] | | test.cpp:143:18:143:23 | call to malloc | test.cpp:143:5:143:29 | ... = ... | -| test.cpp:144:5:144:32 | ... = ... | test.cpp:144:10:144:12 | arr indirection [post update] [end] | -| test.cpp:144:10:144:12 | arr indirection [post update] [end] | test.cpp:141:10:141:19 | mk_array_p indirection [end] | | test.cpp:144:16:144:18 | arr indirection [begin] | test.cpp:144:21:144:25 | begin indirection | -| test.cpp:144:16:144:32 | ... + ... | test.cpp:144:5:144:32 | ... = ... | -| test.cpp:144:21:144:25 | begin | test.cpp:144:5:144:32 | ... = ... | -| test.cpp:144:21:144:25 | begin | test.cpp:144:16:144:32 | ... + ... | | test.cpp:144:21:144:25 | begin indirection | test.cpp:144:21:144:25 | begin | | test.cpp:150:20:150:29 | call to mk_array_p indirection [begin] | test.cpp:152:20:152:22 | arr indirection [begin] | | test.cpp:150:20:150:29 | call to mk_array_p indirection [begin] | test.cpp:156:20:156:22 | arr indirection [begin] | | test.cpp:150:20:150:29 | call to mk_array_p indirection [begin] | test.cpp:160:20:160:22 | arr indirection [begin] | -| test.cpp:150:20:150:29 | call to mk_array_p indirection [end] | test.cpp:156:37:156:39 | arr indirection [end] | | test.cpp:152:20:152:22 | arr indirection [begin] | test.cpp:152:25:152:29 | begin | | test.cpp:152:20:152:22 | arr indirection [begin] | test.cpp:152:25:152:29 | begin indirection | | test.cpp:152:25:152:29 | begin | test.cpp:152:49:152:49 | p | @@ -491,10 +434,6 @@ edges | test.cpp:156:20:156:22 | arr indirection [begin] | test.cpp:156:25:156:29 | begin indirection | | test.cpp:156:25:156:29 | begin | test.cpp:156:49:156:49 | p | | test.cpp:156:25:156:29 | begin indirection | test.cpp:156:49:156:49 | p | -| test.cpp:156:37:156:39 | arr indirection [end] | test.cpp:156:42:156:44 | end | -| test.cpp:156:37:156:39 | arr indirection [end] | test.cpp:156:42:156:44 | end indirection | -| test.cpp:156:42:156:44 | end | test.cpp:157:9:157:14 | Store: ... = ... | -| test.cpp:156:42:156:44 | end indirection | test.cpp:156:42:156:44 | end | | test.cpp:160:20:160:22 | arr indirection [begin] | test.cpp:160:25:160:29 | begin | | test.cpp:160:20:160:22 | arr indirection [begin] | test.cpp:160:25:160:29 | begin indirection | | test.cpp:160:25:160:29 | begin | test.cpp:160:48:160:48 | p | @@ -502,35 +441,19 @@ edges | test.cpp:165:29:165:31 | arr indirection [begin] | test.cpp:166:20:166:22 | arr indirection [begin] | | test.cpp:165:29:165:31 | arr indirection [begin] | test.cpp:170:20:170:22 | arr indirection [begin] | | test.cpp:165:29:165:31 | arr indirection [begin] | test.cpp:174:20:174:22 | arr indirection [begin] | -| test.cpp:165:29:165:31 | arr indirection [end] | test.cpp:166:37:166:39 | arr indirection [end] | -| test.cpp:165:29:165:31 | arr indirection [end] | test.cpp:170:37:170:39 | arr indirection [end] | -| test.cpp:165:29:165:31 | arr indirection [end] | test.cpp:174:36:174:38 | arr indirection [end] | | test.cpp:166:20:166:22 | arr indirection [begin] | test.cpp:166:25:166:29 | begin | | test.cpp:166:20:166:22 | arr indirection [begin] | test.cpp:166:25:166:29 | begin indirection | | test.cpp:166:25:166:29 | begin | test.cpp:166:49:166:49 | p | | test.cpp:166:25:166:29 | begin indirection | test.cpp:166:49:166:49 | p | -| test.cpp:166:37:166:39 | arr indirection [end] | test.cpp:166:42:166:44 | end | -| test.cpp:166:37:166:39 | arr indirection [end] | test.cpp:166:42:166:44 | end indirection | -| test.cpp:166:42:166:44 | end | test.cpp:171:9:171:14 | Store: ... = ... | -| test.cpp:166:42:166:44 | end indirection | test.cpp:166:42:166:44 | end | | test.cpp:170:20:170:22 | arr indirection [begin] | test.cpp:170:25:170:29 | begin | | test.cpp:170:20:170:22 | arr indirection [begin] | test.cpp:170:25:170:29 | begin indirection | | test.cpp:170:25:170:29 | begin | test.cpp:170:49:170:49 | p | | test.cpp:170:25:170:29 | begin indirection | test.cpp:170:49:170:49 | p | -| test.cpp:170:37:170:39 | arr indirection [end] | test.cpp:170:42:170:44 | end | -| test.cpp:170:37:170:39 | arr indirection [end] | test.cpp:170:42:170:44 | end indirection | -| test.cpp:170:42:170:44 | end | test.cpp:171:9:171:14 | Store: ... = ... | -| test.cpp:170:42:170:44 | end indirection | test.cpp:170:42:170:44 | end | | test.cpp:174:20:174:22 | arr indirection [begin] | test.cpp:174:25:174:29 | begin | | test.cpp:174:20:174:22 | arr indirection [begin] | test.cpp:174:25:174:29 | begin indirection | | test.cpp:174:25:174:29 | begin | test.cpp:174:48:174:48 | p | | test.cpp:174:25:174:29 | begin indirection | test.cpp:174:48:174:48 | p | -| test.cpp:174:36:174:38 | arr indirection [end] | test.cpp:174:41:174:43 | end | -| test.cpp:174:36:174:38 | arr indirection [end] | test.cpp:174:41:174:43 | end indirection | -| test.cpp:174:41:174:43 | end | test.cpp:171:9:171:14 | Store: ... = ... | -| test.cpp:174:41:174:43 | end indirection | test.cpp:174:41:174:43 | end | | test.cpp:180:19:180:28 | call to mk_array_p indirection [begin] | test.cpp:165:29:165:31 | arr indirection [begin] | -| test.cpp:180:19:180:28 | call to mk_array_p indirection [end] | test.cpp:165:29:165:31 | arr indirection [end] | | test.cpp:188:15:188:20 | call to malloc | test.cpp:189:15:189:15 | p | | test.cpp:194:23:194:28 | call to malloc | test.cpp:195:17:195:17 | p | | test.cpp:194:23:194:28 | call to malloc | test.cpp:197:8:197:8 | p | @@ -590,38 +513,14 @@ edges | test.cpp:261:14:261:15 | xs | test.cpp:261:14:261:21 | ... + ... | | test.cpp:261:14:261:15 | xs | test.cpp:261:14:261:21 | ... + ... | | test.cpp:261:14:261:15 | xs | test.cpp:261:14:261:21 | ... + ... | -| test.cpp:261:14:261:15 | xs | test.cpp:261:14:261:21 | ... + ... | -| test.cpp:261:14:261:15 | xs | test.cpp:262:26:262:28 | end | -| test.cpp:261:14:261:15 | xs | test.cpp:262:26:262:28 | end | | test.cpp:261:14:261:15 | xs | test.cpp:262:31:262:31 | x | -| test.cpp:261:14:261:15 | xs | test.cpp:262:31:262:33 | ... ++ | -| test.cpp:261:14:261:15 | xs | test.cpp:262:31:262:33 | ... ++ | | test.cpp:261:14:261:15 | xs | test.cpp:264:14:264:14 | x | | test.cpp:261:14:261:15 | xs | test.cpp:264:14:264:14 | x | | test.cpp:261:14:261:21 | ... + ... | test.cpp:261:14:261:21 | ... + ... | -| test.cpp:261:14:261:21 | ... + ... | test.cpp:261:14:261:21 | ... + ... | -| test.cpp:261:14:261:21 | ... + ... | test.cpp:262:26:262:28 | end | -| test.cpp:261:14:261:21 | ... + ... | test.cpp:262:26:262:28 | end | -| test.cpp:261:14:261:21 | ... + ... | test.cpp:262:26:262:28 | end | -| test.cpp:261:14:261:21 | ... + ... | test.cpp:262:26:262:28 | end | | test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | Load: * ... | | test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | Load: * ... | | test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | Load: * ... | -| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | Load: * ... | -| test.cpp:262:21:262:21 | x | test.cpp:264:13:264:14 | Load: * ... | -| test.cpp:262:26:262:28 | end | test.cpp:262:26:262:28 | end | -| test.cpp:262:26:262:28 | end | test.cpp:262:26:262:28 | end | -| test.cpp:262:26:262:28 | end | test.cpp:264:13:264:14 | Load: * ... | -| test.cpp:262:26:262:28 | end | test.cpp:264:13:264:14 | Load: * ... | | test.cpp:262:31:262:31 | x | test.cpp:264:13:264:14 | Load: * ... | -| test.cpp:262:31:262:33 | ... ++ | test.cpp:262:21:262:21 | x | -| test.cpp:262:31:262:33 | ... ++ | test.cpp:262:21:262:21 | x | -| test.cpp:262:31:262:33 | ... ++ | test.cpp:262:31:262:31 | x | -| test.cpp:262:31:262:33 | ... ++ | test.cpp:262:31:262:31 | x | -| test.cpp:262:31:262:33 | ... ++ | test.cpp:264:14:264:14 | x | -| test.cpp:262:31:262:33 | ... ++ | test.cpp:264:14:264:14 | x | -| test.cpp:262:31:262:33 | ... ++ | test.cpp:264:14:264:14 | x | -| test.cpp:262:31:262:33 | ... ++ | test.cpp:264:14:264:14 | x | | test.cpp:264:14:264:14 | x | test.cpp:262:31:262:31 | x | | test.cpp:264:14:264:14 | x | test.cpp:264:13:264:14 | Load: * ... | | test.cpp:264:14:264:14 | x | test.cpp:264:13:264:14 | Load: * ... | @@ -630,74 +529,23 @@ edges | test.cpp:271:14:271:15 | xs | test.cpp:271:14:271:21 | ... + ... | | test.cpp:271:14:271:15 | xs | test.cpp:271:14:271:21 | ... + ... | | test.cpp:271:14:271:15 | xs | test.cpp:271:14:271:21 | ... + ... | -| test.cpp:271:14:271:15 | xs | test.cpp:271:14:271:21 | ... + ... | -| test.cpp:271:14:271:15 | xs | test.cpp:272:26:272:28 | end | -| test.cpp:271:14:271:15 | xs | test.cpp:272:26:272:28 | end | | test.cpp:271:14:271:15 | xs | test.cpp:272:31:272:31 | x | -| test.cpp:271:14:271:15 | xs | test.cpp:272:31:272:33 | ... ++ | -| test.cpp:271:14:271:15 | xs | test.cpp:272:31:272:33 | ... ++ | | test.cpp:271:14:271:15 | xs | test.cpp:274:5:274:6 | * ... | | test.cpp:271:14:271:15 | xs | test.cpp:274:6:274:6 | x | | test.cpp:271:14:271:15 | xs | test.cpp:274:6:274:6 | x | | test.cpp:271:14:271:21 | ... + ... | test.cpp:271:14:271:21 | ... + ... | -| test.cpp:271:14:271:21 | ... + ... | test.cpp:271:14:271:21 | ... + ... | -| test.cpp:271:14:271:21 | ... + ... | test.cpp:272:26:272:28 | end | -| test.cpp:271:14:271:21 | ... + ... | test.cpp:272:26:272:28 | end | -| test.cpp:271:14:271:21 | ... + ... | test.cpp:272:26:272:28 | end | -| test.cpp:271:14:271:21 | ... + ... | test.cpp:272:26:272:28 | end | | test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | Store: ... = ... | | test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | Store: ... = ... | | test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | Store: ... = ... | -| test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | Store: ... = ... | -| test.cpp:272:21:272:21 | x | test.cpp:274:5:274:10 | Store: ... = ... | -| test.cpp:272:26:272:28 | end | test.cpp:272:26:272:28 | end | -| test.cpp:272:26:272:28 | end | test.cpp:272:26:272:28 | end | -| test.cpp:272:26:272:28 | end | test.cpp:274:5:274:10 | Store: ... = ... | -| test.cpp:272:26:272:28 | end | test.cpp:274:5:274:10 | Store: ... = ... | | test.cpp:272:31:272:31 | x | test.cpp:274:5:274:10 | Store: ... = ... | -| test.cpp:272:31:272:33 | ... ++ | test.cpp:272:21:272:21 | x | -| test.cpp:272:31:272:33 | ... ++ | test.cpp:272:21:272:21 | x | -| test.cpp:272:31:272:33 | ... ++ | test.cpp:272:31:272:31 | x | -| test.cpp:272:31:272:33 | ... ++ | test.cpp:272:31:272:31 | x | -| test.cpp:272:31:272:33 | ... ++ | test.cpp:274:5:274:6 | * ... | -| test.cpp:272:31:272:33 | ... ++ | test.cpp:274:5:274:6 | * ... | -| test.cpp:272:31:272:33 | ... ++ | test.cpp:274:6:274:6 | x | -| test.cpp:272:31:272:33 | ... ++ | test.cpp:274:6:274:6 | x | -| test.cpp:272:31:272:33 | ... ++ | test.cpp:274:6:274:6 | x | -| test.cpp:272:31:272:33 | ... ++ | test.cpp:274:6:274:6 | x | | test.cpp:274:5:274:6 | * ... | test.cpp:274:5:274:10 | Store: ... = ... | | test.cpp:274:6:274:6 | x | test.cpp:272:31:272:31 | x | | test.cpp:274:6:274:6 | x | test.cpp:274:5:274:6 | * ... | | test.cpp:274:6:274:6 | x | test.cpp:274:5:274:10 | Store: ... = ... | | test.cpp:274:6:274:6 | x | test.cpp:274:5:274:10 | Store: ... = ... | | test.cpp:280:13:280:24 | new[] | test.cpp:281:14:281:15 | xs | -| test.cpp:281:14:281:15 | xs | test.cpp:282:30:282:32 | ... ++ | -| test.cpp:281:14:281:15 | xs | test.cpp:282:30:282:32 | ... ++ | -| test.cpp:282:21:282:21 | x | test.cpp:284:13:284:14 | Load: * ... | -| test.cpp:282:30:282:30 | x | test.cpp:284:13:284:14 | Load: * ... | -| test.cpp:282:30:282:32 | ... ++ | test.cpp:282:21:282:21 | x | -| test.cpp:282:30:282:32 | ... ++ | test.cpp:282:21:282:21 | x | -| test.cpp:282:30:282:32 | ... ++ | test.cpp:282:30:282:30 | x | -| test.cpp:282:30:282:32 | ... ++ | test.cpp:282:30:282:30 | x | -| test.cpp:282:30:282:32 | ... ++ | test.cpp:284:14:284:14 | x | -| test.cpp:282:30:282:32 | ... ++ | test.cpp:284:14:284:14 | x | -| test.cpp:284:14:284:14 | x | test.cpp:284:13:284:14 | Load: * ... | | test.cpp:290:13:290:24 | new[] | test.cpp:291:14:291:15 | xs | | test.cpp:290:13:290:24 | new[] | test.cpp:292:30:292:30 | x | -| test.cpp:291:14:291:15 | xs | test.cpp:292:30:292:32 | ... ++ | -| test.cpp:291:14:291:15 | xs | test.cpp:292:30:292:32 | ... ++ | -| test.cpp:292:21:292:21 | x | test.cpp:294:5:294:10 | Store: ... = ... | -| test.cpp:292:30:292:30 | x | test.cpp:294:5:294:10 | Store: ... = ... | -| test.cpp:292:30:292:32 | ... ++ | test.cpp:292:21:292:21 | x | -| test.cpp:292:30:292:32 | ... ++ | test.cpp:292:21:292:21 | x | -| test.cpp:292:30:292:32 | ... ++ | test.cpp:292:30:292:30 | x | -| test.cpp:292:30:292:32 | ... ++ | test.cpp:292:30:292:30 | x | -| test.cpp:292:30:292:32 | ... ++ | test.cpp:294:5:294:6 | * ... | -| test.cpp:292:30:292:32 | ... ++ | test.cpp:294:5:294:6 | * ... | -| test.cpp:292:30:292:32 | ... ++ | test.cpp:294:6:294:6 | x | -| test.cpp:292:30:292:32 | ... ++ | test.cpp:294:6:294:6 | x | -| test.cpp:294:5:294:6 | * ... | test.cpp:294:5:294:10 | Store: ... = ... | -| test.cpp:294:6:294:6 | x | test.cpp:294:5:294:10 | Store: ... = ... | #select | test.cpp:6:14:6:15 | Load: * ... | test.cpp:4:15:4:20 | call to malloc | test.cpp:6:14:6:15 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:4:15:4:20 | call to malloc | call to malloc | test.cpp:5:19:5:22 | size | size | | test.cpp:8:14:8:21 | Load: * ... | test.cpp:4:15:4:20 | call to malloc | test.cpp:8:14:8:21 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:4:15:4:20 | call to malloc | call to malloc | test.cpp:5:19:5:22 | size | size | @@ -709,19 +557,10 @@ edges | test.cpp:42:14:42:15 | Load: * ... | test.cpp:40:15:40:20 | call to malloc | test.cpp:42:14:42:15 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:40:15:40:20 | call to malloc | call to malloc | test.cpp:41:20:41:27 | ... - ... | ... - ... | | test.cpp:44:14:44:21 | Load: * ... | test.cpp:40:15:40:20 | call to malloc | test.cpp:44:14:44:21 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:40:15:40:20 | call to malloc | call to malloc | test.cpp:41:20:41:27 | ... - ... | ... - ... | | test.cpp:44:14:44:21 | Load: * ... | test.cpp:40:15:40:20 | call to malloc | test.cpp:44:14:44:21 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:40:15:40:20 | call to malloc | call to malloc | test.cpp:41:20:41:27 | ... - ... | ... - ... | -| test.cpp:67:9:67:14 | Store: ... = ... | test.cpp:52:19:52:24 | call to malloc | test.cpp:67:9:67:14 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:52:19:52:24 | call to malloc | call to malloc | test.cpp:53:20:53:23 | size | size | -| test.cpp:96:9:96:14 | Store: ... = ... | test.cpp:82:17:82:22 | call to malloc | test.cpp:96:9:96:14 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:82:17:82:22 | call to malloc | call to malloc | test.cpp:83:27:83:30 | size | size | -| test.cpp:110:9:110:14 | Store: ... = ... | test.cpp:82:17:82:22 | call to malloc | test.cpp:110:9:110:14 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:82:17:82:22 | call to malloc | call to malloc | test.cpp:83:27:83:30 | size | size | -| test.cpp:157:9:157:14 | Store: ... = ... | test.cpp:143:18:143:23 | call to malloc | test.cpp:157:9:157:14 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:143:18:143:23 | call to malloc | call to malloc | test.cpp:144:29:144:32 | size | size | -| test.cpp:171:9:171:14 | Store: ... = ... | test.cpp:143:18:143:23 | call to malloc | test.cpp:171:9:171:14 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:143:18:143:23 | call to malloc | call to malloc | test.cpp:144:29:144:32 | size | size | | test.cpp:201:5:201:19 | Store: ... = ... | test.cpp:194:23:194:28 | call to malloc | test.cpp:201:5:201:19 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:194:23:194:28 | call to malloc | call to malloc | test.cpp:195:21:195:23 | len | len | | test.cpp:213:5:213:13 | Store: ... = ... | test.cpp:205:23:205:28 | call to malloc | test.cpp:213:5:213:13 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:205:23:205:28 | call to malloc | call to malloc | test.cpp:206:21:206:23 | len | len | | test.cpp:232:3:232:20 | Store: ... = ... | test.cpp:231:18:231:30 | new[] | test.cpp:232:3:232:20 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:231:18:231:30 | new[] | new[] | test.cpp:232:11:232:15 | index | index | | test.cpp:239:5:239:22 | Store: ... = ... | test.cpp:238:20:238:32 | new[] | test.cpp:239:5:239:22 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:238:20:238:32 | new[] | new[] | test.cpp:239:13:239:17 | index | index | | test.cpp:254:9:254:16 | Store: ... = ... | test.cpp:248:24:248:30 | call to realloc | test.cpp:254:9:254:16 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:248:24:248:30 | call to realloc | call to realloc | test.cpp:254:11:254:11 | i | i | -| test.cpp:264:13:264:14 | Load: * ... | test.cpp:260:13:260:24 | new[] | test.cpp:264:13:264:14 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:260:13:260:24 | new[] | new[] | test.cpp:261:19:261:21 | len | len | | test.cpp:264:13:264:14 | Load: * ... | test.cpp:260:13:260:24 | new[] | test.cpp:264:13:264:14 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:260:13:260:24 | new[] | new[] | test.cpp:261:19:261:21 | len | len | -| test.cpp:274:5:274:10 | Store: ... = ... | test.cpp:270:13:270:24 | new[] | test.cpp:274:5:274:10 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:270:13:270:24 | new[] | new[] | test.cpp:271:19:271:21 | len | len | | test.cpp:274:5:274:10 | Store: ... = ... | test.cpp:270:13:270:24 | new[] | test.cpp:274:5:274:10 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:270:13:270:24 | new[] | new[] | test.cpp:271:19:271:21 | len | len | -| test.cpp:284:13:284:14 | Load: * ... | test.cpp:280:13:280:24 | new[] | test.cpp:284:13:284:14 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:280:13:280:24 | new[] | new[] | test.cpp:281:19:281:21 | len | len | -| test.cpp:294:5:294:10 | Store: ... = ... | test.cpp:290:13:290:24 | new[] | test.cpp:294:5:294:10 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:290:13:290:24 | new[] | new[] | test.cpp:291:19:291:21 | len | len | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp index 3cd2cd9ad3d..109faa678be 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp @@ -64,7 +64,7 @@ void test5(int size) { } for (char* p = begin; p <= end; ++p) { - *p = 0; // BAD + *p = 0; // BAD [NOT DETECTED] } for (char* p = begin; p < end; ++p) { @@ -93,7 +93,7 @@ void test6(int size) { } for (char* p = arr.begin; p <= arr.end; ++p) { - *p = 0; // BAD + *p = 0; // BAD [NOT DETECTED] } for (char* p = arr.begin; p < arr.end; ++p) { @@ -107,7 +107,7 @@ void test7_callee(array_t arr) { } for (char* p = arr.begin; p <= arr.end; ++p) { - *p = 0; // BAD + *p = 0; // BAD [NOT DETECTED] } for (char* p = arr.begin; p < arr.end; ++p) { @@ -154,7 +154,7 @@ void test9(int size) { } for (char* p = arr->begin; p <= arr->end; ++p) { - *p = 0; // BAD + *p = 0; // BAD [NOT DETECTED] } for (char* p = arr->begin; p < arr->end; ++p) { @@ -168,7 +168,7 @@ void test10_callee(array_t *arr) { } for (char* p = arr->begin; p <= arr->end; ++p) { - *p = 0; // BAD + *p = 0; // BAD [NOT DETECTED] } for (char* p = arr->begin; p < arr->end; ++p) { @@ -281,7 +281,7 @@ void test19(unsigned len) int *end = xs + len; for (int *x = xs; x < end; x++) { - int i = *x; // GOOD [FALSE POSITIVE] + int i = *x; // GOOD } } @@ -291,6 +291,6 @@ void test20(unsigned len) int *end = xs + len; for (int *x = xs; x < end; x++) { - *x = 0; // GOOD [FALSE POSITIVE] + *x = 0; // GOOD } } \ No newline at end of file From 43527573d02be20a24588a2437cef2e24639dee0 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 27 Apr 2023 21:42:09 +0100 Subject: [PATCH 081/870] C++: Fix back edge detection for phi nodes. --- .../cpp/ir/dataflow/internal/DataFlowUtil.qll | 2 +- .../InvalidPointerDeref.expected | 108 ++++++++++++++++++ .../CWE/CWE-193/pointer-deref/test.cpp | 10 +- 3 files changed, 114 insertions(+), 6 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 8a3568497cc..ae4fbd2febe 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -552,7 +552,7 @@ class SsaPhiNode extends Node, TSsaPhiNode { */ final Node getAnInput(boolean fromBackEdge) { localFlowStep(result, this) and - if phi.getBasicBlock().dominates(result.getBasicBlock()) + if phi.getBasicBlock().strictlyDominates(result.getBasicBlock()) then fromBackEdge = true else fromBackEdge = false } diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected index 8f863b7c50c..76adf3dba50 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected @@ -359,50 +359,99 @@ edges | test.cpp:48:16:48:16 | q | test.cpp:42:14:42:15 | Load: * ... | | test.cpp:48:16:48:16 | q | test.cpp:44:14:44:21 | Load: * ... | | test.cpp:51:7:51:14 | mk_array indirection | test.cpp:60:19:60:26 | call to mk_array | +| test.cpp:51:33:51:35 | end | test.cpp:60:34:60:37 | mk_array output argument | | test.cpp:52:19:52:24 | call to malloc | test.cpp:51:7:51:14 | mk_array indirection | | test.cpp:52:19:52:24 | call to malloc | test.cpp:53:12:53:16 | begin | +| test.cpp:53:5:53:23 | ... = ... | test.cpp:51:33:51:35 | end | +| test.cpp:53:12:53:16 | begin | test.cpp:53:5:53:23 | ... = ... | +| test.cpp:53:12:53:16 | begin | test.cpp:53:12:53:23 | ... + ... | +| test.cpp:53:12:53:23 | ... + ... | test.cpp:51:33:51:35 | end | | test.cpp:60:19:60:26 | call to mk_array | test.cpp:62:39:62:39 | p | | test.cpp:60:19:60:26 | call to mk_array | test.cpp:66:39:66:39 | p | | test.cpp:60:19:60:26 | call to mk_array | test.cpp:70:38:70:38 | p | +| test.cpp:60:34:60:37 | mk_array output argument | test.cpp:62:32:62:34 | end | +| test.cpp:60:34:60:37 | mk_array output argument | test.cpp:66:32:66:34 | end | +| test.cpp:60:34:60:37 | mk_array output argument | test.cpp:70:31:70:33 | end | +| test.cpp:62:32:62:34 | end | test.cpp:67:9:67:14 | Store: ... = ... | +| test.cpp:66:32:66:34 | end | test.cpp:67:9:67:14 | Store: ... = ... | +| test.cpp:70:31:70:33 | end | test.cpp:67:9:67:14 | Store: ... = ... | | test.cpp:80:9:80:16 | mk_array indirection [begin] | test.cpp:89:19:89:26 | call to mk_array [begin] | | test.cpp:80:9:80:16 | mk_array indirection [begin] | test.cpp:119:18:119:25 | call to mk_array [begin] | +| test.cpp:80:9:80:16 | mk_array indirection [end] | test.cpp:89:19:89:26 | call to mk_array [end] | +| test.cpp:80:9:80:16 | mk_array indirection [end] | test.cpp:119:18:119:25 | call to mk_array [end] | | test.cpp:82:5:82:28 | ... = ... | test.cpp:82:9:82:13 | arr indirection [post update] [begin] | | test.cpp:82:9:82:13 | arr indirection [post update] [begin] | test.cpp:80:9:80:16 | mk_array indirection [begin] | | test.cpp:82:9:82:13 | arr indirection [post update] [begin] | test.cpp:83:15:83:17 | arr indirection [begin] | | test.cpp:82:17:82:22 | call to malloc | test.cpp:82:5:82:28 | ... = ... | +| test.cpp:83:5:83:30 | ... = ... | test.cpp:83:9:83:11 | arr indirection [post update] [end] | +| test.cpp:83:9:83:11 | arr indirection [post update] [end] | test.cpp:80:9:80:16 | mk_array indirection [end] | | test.cpp:83:15:83:17 | arr indirection [begin] | test.cpp:83:19:83:23 | begin indirection | +| test.cpp:83:15:83:30 | ... + ... | test.cpp:83:5:83:30 | ... = ... | +| test.cpp:83:19:83:23 | begin | test.cpp:83:5:83:30 | ... = ... | +| test.cpp:83:19:83:23 | begin | test.cpp:83:15:83:30 | ... + ... | | test.cpp:83:19:83:23 | begin indirection | test.cpp:83:19:83:23 | begin | | test.cpp:89:19:89:26 | call to mk_array [begin] | test.cpp:91:20:91:22 | arr indirection [begin] | | test.cpp:89:19:89:26 | call to mk_array [begin] | test.cpp:95:20:95:22 | arr indirection [begin] | | test.cpp:89:19:89:26 | call to mk_array [begin] | test.cpp:99:20:99:22 | arr indirection [begin] | +| test.cpp:89:19:89:26 | call to mk_array [end] | test.cpp:91:36:91:38 | arr indirection [end] | +| test.cpp:89:19:89:26 | call to mk_array [end] | test.cpp:95:36:95:38 | arr indirection [end] | +| test.cpp:89:19:89:26 | call to mk_array [end] | test.cpp:99:35:99:37 | arr indirection [end] | | test.cpp:91:20:91:22 | arr indirection [begin] | test.cpp:91:24:91:28 | begin | | test.cpp:91:20:91:22 | arr indirection [begin] | test.cpp:91:24:91:28 | begin indirection | | test.cpp:91:24:91:28 | begin | test.cpp:91:47:91:47 | p | | test.cpp:91:24:91:28 | begin indirection | test.cpp:91:47:91:47 | p | +| test.cpp:91:36:91:38 | arr indirection [end] | test.cpp:91:40:91:42 | end | +| test.cpp:91:36:91:38 | arr indirection [end] | test.cpp:91:40:91:42 | end indirection | +| test.cpp:91:40:91:42 | end | test.cpp:96:9:96:14 | Store: ... = ... | +| test.cpp:91:40:91:42 | end indirection | test.cpp:91:40:91:42 | end | | test.cpp:95:20:95:22 | arr indirection [begin] | test.cpp:95:24:95:28 | begin | | test.cpp:95:20:95:22 | arr indirection [begin] | test.cpp:95:24:95:28 | begin indirection | | test.cpp:95:24:95:28 | begin | test.cpp:95:47:95:47 | p | | test.cpp:95:24:95:28 | begin indirection | test.cpp:95:47:95:47 | p | +| test.cpp:95:36:95:38 | arr indirection [end] | test.cpp:95:40:95:42 | end | +| test.cpp:95:36:95:38 | arr indirection [end] | test.cpp:95:40:95:42 | end indirection | +| test.cpp:95:40:95:42 | end | test.cpp:96:9:96:14 | Store: ... = ... | +| test.cpp:95:40:95:42 | end indirection | test.cpp:95:40:95:42 | end | | test.cpp:99:20:99:22 | arr indirection [begin] | test.cpp:99:24:99:28 | begin | | test.cpp:99:20:99:22 | arr indirection [begin] | test.cpp:99:24:99:28 | begin indirection | | test.cpp:99:24:99:28 | begin | test.cpp:99:46:99:46 | p | | test.cpp:99:24:99:28 | begin indirection | test.cpp:99:46:99:46 | p | +| test.cpp:99:35:99:37 | arr indirection [end] | test.cpp:99:39:99:41 | end | +| test.cpp:99:35:99:37 | arr indirection [end] | test.cpp:99:39:99:41 | end indirection | +| test.cpp:99:39:99:41 | end | test.cpp:96:9:96:14 | Store: ... = ... | +| test.cpp:99:39:99:41 | end indirection | test.cpp:99:39:99:41 | end | | test.cpp:104:27:104:29 | arr [begin] | test.cpp:105:20:105:22 | arr indirection [begin] | | test.cpp:104:27:104:29 | arr [begin] | test.cpp:109:20:109:22 | arr indirection [begin] | | test.cpp:104:27:104:29 | arr [begin] | test.cpp:113:20:113:22 | arr indirection [begin] | +| test.cpp:104:27:104:29 | arr [end] | test.cpp:105:36:105:38 | arr indirection [end] | +| test.cpp:104:27:104:29 | arr [end] | test.cpp:109:36:109:38 | arr indirection [end] | +| test.cpp:104:27:104:29 | arr [end] | test.cpp:113:35:113:37 | arr indirection [end] | | test.cpp:105:20:105:22 | arr indirection [begin] | test.cpp:105:24:105:28 | begin | | test.cpp:105:20:105:22 | arr indirection [begin] | test.cpp:105:24:105:28 | begin indirection | | test.cpp:105:24:105:28 | begin | test.cpp:105:47:105:47 | p | | test.cpp:105:24:105:28 | begin indirection | test.cpp:105:47:105:47 | p | +| test.cpp:105:36:105:38 | arr indirection [end] | test.cpp:105:40:105:42 | end | +| test.cpp:105:36:105:38 | arr indirection [end] | test.cpp:105:40:105:42 | end indirection | +| test.cpp:105:40:105:42 | end | test.cpp:110:9:110:14 | Store: ... = ... | +| test.cpp:105:40:105:42 | end indirection | test.cpp:105:40:105:42 | end | | test.cpp:109:20:109:22 | arr indirection [begin] | test.cpp:109:24:109:28 | begin | | test.cpp:109:20:109:22 | arr indirection [begin] | test.cpp:109:24:109:28 | begin indirection | | test.cpp:109:24:109:28 | begin | test.cpp:109:47:109:47 | p | | test.cpp:109:24:109:28 | begin indirection | test.cpp:109:47:109:47 | p | +| test.cpp:109:36:109:38 | arr indirection [end] | test.cpp:109:40:109:42 | end | +| test.cpp:109:36:109:38 | arr indirection [end] | test.cpp:109:40:109:42 | end indirection | +| test.cpp:109:40:109:42 | end | test.cpp:110:9:110:14 | Store: ... = ... | +| test.cpp:109:40:109:42 | end indirection | test.cpp:109:40:109:42 | end | | test.cpp:113:20:113:22 | arr indirection [begin] | test.cpp:113:24:113:28 | begin | | test.cpp:113:20:113:22 | arr indirection [begin] | test.cpp:113:24:113:28 | begin indirection | | test.cpp:113:24:113:28 | begin | test.cpp:113:46:113:46 | p | | test.cpp:113:24:113:28 | begin indirection | test.cpp:113:46:113:46 | p | +| test.cpp:113:35:113:37 | arr indirection [end] | test.cpp:113:39:113:41 | end | +| test.cpp:113:35:113:37 | arr indirection [end] | test.cpp:113:39:113:41 | end indirection | +| test.cpp:113:39:113:41 | end | test.cpp:110:9:110:14 | Store: ... = ... | +| test.cpp:113:39:113:41 | end indirection | test.cpp:113:39:113:41 | end | | test.cpp:119:18:119:25 | call to mk_array [begin] | test.cpp:104:27:104:29 | arr [begin] | +| test.cpp:119:18:119:25 | call to mk_array [end] | test.cpp:104:27:104:29 | arr [end] | | test.cpp:124:15:124:20 | call to malloc | test.cpp:125:5:125:17 | ... = ... | | test.cpp:124:15:124:20 | call to malloc | test.cpp:126:15:126:15 | p | | test.cpp:125:5:125:17 | ... = ... | test.cpp:125:9:125:13 | arr indirection [post update] [begin] | @@ -417,15 +466,23 @@ edges | test.cpp:137:15:137:19 | begin indirection | test.cpp:137:15:137:19 | begin | | test.cpp:141:10:141:19 | mk_array_p indirection [begin] | test.cpp:150:20:150:29 | call to mk_array_p indirection [begin] | | test.cpp:141:10:141:19 | mk_array_p indirection [begin] | test.cpp:180:19:180:28 | call to mk_array_p indirection [begin] | +| test.cpp:141:10:141:19 | mk_array_p indirection [end] | test.cpp:150:20:150:29 | call to mk_array_p indirection [end] | +| test.cpp:141:10:141:19 | mk_array_p indirection [end] | test.cpp:180:19:180:28 | call to mk_array_p indirection [end] | | test.cpp:143:5:143:29 | ... = ... | test.cpp:143:10:143:14 | arr indirection [post update] [begin] | | test.cpp:143:10:143:14 | arr indirection [post update] [begin] | test.cpp:141:10:141:19 | mk_array_p indirection [begin] | | test.cpp:143:10:143:14 | arr indirection [post update] [begin] | test.cpp:144:16:144:18 | arr indirection [begin] | | test.cpp:143:18:143:23 | call to malloc | test.cpp:143:5:143:29 | ... = ... | +| test.cpp:144:5:144:32 | ... = ... | test.cpp:144:10:144:12 | arr indirection [post update] [end] | +| test.cpp:144:10:144:12 | arr indirection [post update] [end] | test.cpp:141:10:141:19 | mk_array_p indirection [end] | | test.cpp:144:16:144:18 | arr indirection [begin] | test.cpp:144:21:144:25 | begin indirection | +| test.cpp:144:16:144:32 | ... + ... | test.cpp:144:5:144:32 | ... = ... | +| test.cpp:144:21:144:25 | begin | test.cpp:144:5:144:32 | ... = ... | +| test.cpp:144:21:144:25 | begin | test.cpp:144:16:144:32 | ... + ... | | test.cpp:144:21:144:25 | begin indirection | test.cpp:144:21:144:25 | begin | | test.cpp:150:20:150:29 | call to mk_array_p indirection [begin] | test.cpp:152:20:152:22 | arr indirection [begin] | | test.cpp:150:20:150:29 | call to mk_array_p indirection [begin] | test.cpp:156:20:156:22 | arr indirection [begin] | | test.cpp:150:20:150:29 | call to mk_array_p indirection [begin] | test.cpp:160:20:160:22 | arr indirection [begin] | +| test.cpp:150:20:150:29 | call to mk_array_p indirection [end] | test.cpp:156:37:156:39 | arr indirection [end] | | test.cpp:152:20:152:22 | arr indirection [begin] | test.cpp:152:25:152:29 | begin | | test.cpp:152:20:152:22 | arr indirection [begin] | test.cpp:152:25:152:29 | begin indirection | | test.cpp:152:25:152:29 | begin | test.cpp:152:49:152:49 | p | @@ -434,6 +491,10 @@ edges | test.cpp:156:20:156:22 | arr indirection [begin] | test.cpp:156:25:156:29 | begin indirection | | test.cpp:156:25:156:29 | begin | test.cpp:156:49:156:49 | p | | test.cpp:156:25:156:29 | begin indirection | test.cpp:156:49:156:49 | p | +| test.cpp:156:37:156:39 | arr indirection [end] | test.cpp:156:42:156:44 | end | +| test.cpp:156:37:156:39 | arr indirection [end] | test.cpp:156:42:156:44 | end indirection | +| test.cpp:156:42:156:44 | end | test.cpp:157:9:157:14 | Store: ... = ... | +| test.cpp:156:42:156:44 | end indirection | test.cpp:156:42:156:44 | end | | test.cpp:160:20:160:22 | arr indirection [begin] | test.cpp:160:25:160:29 | begin | | test.cpp:160:20:160:22 | arr indirection [begin] | test.cpp:160:25:160:29 | begin indirection | | test.cpp:160:25:160:29 | begin | test.cpp:160:48:160:48 | p | @@ -441,19 +502,35 @@ edges | test.cpp:165:29:165:31 | arr indirection [begin] | test.cpp:166:20:166:22 | arr indirection [begin] | | test.cpp:165:29:165:31 | arr indirection [begin] | test.cpp:170:20:170:22 | arr indirection [begin] | | test.cpp:165:29:165:31 | arr indirection [begin] | test.cpp:174:20:174:22 | arr indirection [begin] | +| test.cpp:165:29:165:31 | arr indirection [end] | test.cpp:166:37:166:39 | arr indirection [end] | +| test.cpp:165:29:165:31 | arr indirection [end] | test.cpp:170:37:170:39 | arr indirection [end] | +| test.cpp:165:29:165:31 | arr indirection [end] | test.cpp:174:36:174:38 | arr indirection [end] | | test.cpp:166:20:166:22 | arr indirection [begin] | test.cpp:166:25:166:29 | begin | | test.cpp:166:20:166:22 | arr indirection [begin] | test.cpp:166:25:166:29 | begin indirection | | test.cpp:166:25:166:29 | begin | test.cpp:166:49:166:49 | p | | test.cpp:166:25:166:29 | begin indirection | test.cpp:166:49:166:49 | p | +| test.cpp:166:37:166:39 | arr indirection [end] | test.cpp:166:42:166:44 | end | +| test.cpp:166:37:166:39 | arr indirection [end] | test.cpp:166:42:166:44 | end indirection | +| test.cpp:166:42:166:44 | end | test.cpp:171:9:171:14 | Store: ... = ... | +| test.cpp:166:42:166:44 | end indirection | test.cpp:166:42:166:44 | end | | test.cpp:170:20:170:22 | arr indirection [begin] | test.cpp:170:25:170:29 | begin | | test.cpp:170:20:170:22 | arr indirection [begin] | test.cpp:170:25:170:29 | begin indirection | | test.cpp:170:25:170:29 | begin | test.cpp:170:49:170:49 | p | | test.cpp:170:25:170:29 | begin indirection | test.cpp:170:49:170:49 | p | +| test.cpp:170:37:170:39 | arr indirection [end] | test.cpp:170:42:170:44 | end | +| test.cpp:170:37:170:39 | arr indirection [end] | test.cpp:170:42:170:44 | end indirection | +| test.cpp:170:42:170:44 | end | test.cpp:171:9:171:14 | Store: ... = ... | +| test.cpp:170:42:170:44 | end indirection | test.cpp:170:42:170:44 | end | | test.cpp:174:20:174:22 | arr indirection [begin] | test.cpp:174:25:174:29 | begin | | test.cpp:174:20:174:22 | arr indirection [begin] | test.cpp:174:25:174:29 | begin indirection | | test.cpp:174:25:174:29 | begin | test.cpp:174:48:174:48 | p | | test.cpp:174:25:174:29 | begin indirection | test.cpp:174:48:174:48 | p | +| test.cpp:174:36:174:38 | arr indirection [end] | test.cpp:174:41:174:43 | end | +| test.cpp:174:36:174:38 | arr indirection [end] | test.cpp:174:41:174:43 | end indirection | +| test.cpp:174:41:174:43 | end | test.cpp:171:9:171:14 | Store: ... = ... | +| test.cpp:174:41:174:43 | end indirection | test.cpp:174:41:174:43 | end | | test.cpp:180:19:180:28 | call to mk_array_p indirection [begin] | test.cpp:165:29:165:31 | arr indirection [begin] | +| test.cpp:180:19:180:28 | call to mk_array_p indirection [end] | test.cpp:165:29:165:31 | arr indirection [end] | | test.cpp:188:15:188:20 | call to malloc | test.cpp:189:15:189:15 | p | | test.cpp:194:23:194:28 | call to malloc | test.cpp:195:17:195:17 | p | | test.cpp:194:23:194:28 | call to malloc | test.cpp:197:8:197:8 | p | @@ -513,13 +590,26 @@ edges | test.cpp:261:14:261:15 | xs | test.cpp:261:14:261:21 | ... + ... | | test.cpp:261:14:261:15 | xs | test.cpp:261:14:261:21 | ... + ... | | test.cpp:261:14:261:15 | xs | test.cpp:261:14:261:21 | ... + ... | +| test.cpp:261:14:261:15 | xs | test.cpp:261:14:261:21 | ... + ... | +| test.cpp:261:14:261:15 | xs | test.cpp:262:26:262:28 | end | +| test.cpp:261:14:261:15 | xs | test.cpp:262:26:262:28 | end | | test.cpp:261:14:261:15 | xs | test.cpp:262:31:262:31 | x | | test.cpp:261:14:261:15 | xs | test.cpp:264:14:264:14 | x | | test.cpp:261:14:261:15 | xs | test.cpp:264:14:264:14 | x | | test.cpp:261:14:261:21 | ... + ... | test.cpp:261:14:261:21 | ... + ... | +| test.cpp:261:14:261:21 | ... + ... | test.cpp:261:14:261:21 | ... + ... | +| test.cpp:261:14:261:21 | ... + ... | test.cpp:262:26:262:28 | end | +| test.cpp:261:14:261:21 | ... + ... | test.cpp:262:26:262:28 | end | +| test.cpp:261:14:261:21 | ... + ... | test.cpp:262:26:262:28 | end | +| test.cpp:261:14:261:21 | ... + ... | test.cpp:262:26:262:28 | end | | test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | Load: * ... | | test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | Load: * ... | | test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | Load: * ... | +| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | Load: * ... | +| test.cpp:262:26:262:28 | end | test.cpp:262:26:262:28 | end | +| test.cpp:262:26:262:28 | end | test.cpp:262:26:262:28 | end | +| test.cpp:262:26:262:28 | end | test.cpp:264:13:264:14 | Load: * ... | +| test.cpp:262:26:262:28 | end | test.cpp:264:13:264:14 | Load: * ... | | test.cpp:262:31:262:31 | x | test.cpp:264:13:264:14 | Load: * ... | | test.cpp:264:14:264:14 | x | test.cpp:262:31:262:31 | x | | test.cpp:264:14:264:14 | x | test.cpp:264:13:264:14 | Load: * ... | @@ -529,14 +619,27 @@ edges | test.cpp:271:14:271:15 | xs | test.cpp:271:14:271:21 | ... + ... | | test.cpp:271:14:271:15 | xs | test.cpp:271:14:271:21 | ... + ... | | test.cpp:271:14:271:15 | xs | test.cpp:271:14:271:21 | ... + ... | +| test.cpp:271:14:271:15 | xs | test.cpp:271:14:271:21 | ... + ... | +| test.cpp:271:14:271:15 | xs | test.cpp:272:26:272:28 | end | +| test.cpp:271:14:271:15 | xs | test.cpp:272:26:272:28 | end | | test.cpp:271:14:271:15 | xs | test.cpp:272:31:272:31 | x | | test.cpp:271:14:271:15 | xs | test.cpp:274:5:274:6 | * ... | | test.cpp:271:14:271:15 | xs | test.cpp:274:6:274:6 | x | | test.cpp:271:14:271:15 | xs | test.cpp:274:6:274:6 | x | | test.cpp:271:14:271:21 | ... + ... | test.cpp:271:14:271:21 | ... + ... | +| test.cpp:271:14:271:21 | ... + ... | test.cpp:271:14:271:21 | ... + ... | +| test.cpp:271:14:271:21 | ... + ... | test.cpp:272:26:272:28 | end | +| test.cpp:271:14:271:21 | ... + ... | test.cpp:272:26:272:28 | end | +| test.cpp:271:14:271:21 | ... + ... | test.cpp:272:26:272:28 | end | +| test.cpp:271:14:271:21 | ... + ... | test.cpp:272:26:272:28 | end | | test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | Store: ... = ... | | test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | Store: ... = ... | | test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | Store: ... = ... | +| test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | Store: ... = ... | +| test.cpp:272:26:272:28 | end | test.cpp:272:26:272:28 | end | +| test.cpp:272:26:272:28 | end | test.cpp:272:26:272:28 | end | +| test.cpp:272:26:272:28 | end | test.cpp:274:5:274:10 | Store: ... = ... | +| test.cpp:272:26:272:28 | end | test.cpp:274:5:274:10 | Store: ... = ... | | test.cpp:272:31:272:31 | x | test.cpp:274:5:274:10 | Store: ... = ... | | test.cpp:274:5:274:6 | * ... | test.cpp:274:5:274:10 | Store: ... = ... | | test.cpp:274:6:274:6 | x | test.cpp:272:31:272:31 | x | @@ -557,6 +660,11 @@ edges | test.cpp:42:14:42:15 | Load: * ... | test.cpp:40:15:40:20 | call to malloc | test.cpp:42:14:42:15 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:40:15:40:20 | call to malloc | call to malloc | test.cpp:41:20:41:27 | ... - ... | ... - ... | | test.cpp:44:14:44:21 | Load: * ... | test.cpp:40:15:40:20 | call to malloc | test.cpp:44:14:44:21 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:40:15:40:20 | call to malloc | call to malloc | test.cpp:41:20:41:27 | ... - ... | ... - ... | | test.cpp:44:14:44:21 | Load: * ... | test.cpp:40:15:40:20 | call to malloc | test.cpp:44:14:44:21 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:40:15:40:20 | call to malloc | call to malloc | test.cpp:41:20:41:27 | ... - ... | ... - ... | +| test.cpp:67:9:67:14 | Store: ... = ... | test.cpp:52:19:52:24 | call to malloc | test.cpp:67:9:67:14 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:52:19:52:24 | call to malloc | call to malloc | test.cpp:53:20:53:23 | size | size | +| test.cpp:96:9:96:14 | Store: ... = ... | test.cpp:82:17:82:22 | call to malloc | test.cpp:96:9:96:14 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:82:17:82:22 | call to malloc | call to malloc | test.cpp:83:27:83:30 | size | size | +| test.cpp:110:9:110:14 | Store: ... = ... | test.cpp:82:17:82:22 | call to malloc | test.cpp:110:9:110:14 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:82:17:82:22 | call to malloc | call to malloc | test.cpp:83:27:83:30 | size | size | +| test.cpp:157:9:157:14 | Store: ... = ... | test.cpp:143:18:143:23 | call to malloc | test.cpp:157:9:157:14 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:143:18:143:23 | call to malloc | call to malloc | test.cpp:144:29:144:32 | size | size | +| test.cpp:171:9:171:14 | Store: ... = ... | test.cpp:143:18:143:23 | call to malloc | test.cpp:171:9:171:14 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:143:18:143:23 | call to malloc | call to malloc | test.cpp:144:29:144:32 | size | size | | test.cpp:201:5:201:19 | Store: ... = ... | test.cpp:194:23:194:28 | call to malloc | test.cpp:201:5:201:19 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:194:23:194:28 | call to malloc | call to malloc | test.cpp:195:21:195:23 | len | len | | test.cpp:213:5:213:13 | Store: ... = ... | test.cpp:205:23:205:28 | call to malloc | test.cpp:213:5:213:13 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:205:23:205:28 | call to malloc | call to malloc | test.cpp:206:21:206:23 | len | len | | test.cpp:232:3:232:20 | Store: ... = ... | test.cpp:231:18:231:30 | new[] | test.cpp:232:3:232:20 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:231:18:231:30 | new[] | new[] | test.cpp:232:11:232:15 | index | index | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp index 109faa678be..fd971c786cb 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp @@ -64,7 +64,7 @@ void test5(int size) { } for (char* p = begin; p <= end; ++p) { - *p = 0; // BAD [NOT DETECTED] + *p = 0; // BAD } for (char* p = begin; p < end; ++p) { @@ -93,7 +93,7 @@ void test6(int size) { } for (char* p = arr.begin; p <= arr.end; ++p) { - *p = 0; // BAD [NOT DETECTED] + *p = 0; // BAD } for (char* p = arr.begin; p < arr.end; ++p) { @@ -107,7 +107,7 @@ void test7_callee(array_t arr) { } for (char* p = arr.begin; p <= arr.end; ++p) { - *p = 0; // BAD [NOT DETECTED] + *p = 0; // BAD } for (char* p = arr.begin; p < arr.end; ++p) { @@ -154,7 +154,7 @@ void test9(int size) { } for (char* p = arr->begin; p <= arr->end; ++p) { - *p = 0; // BAD [NOT DETECTED] + *p = 0; // BAD } for (char* p = arr->begin; p < arr->end; ++p) { @@ -168,7 +168,7 @@ void test10_callee(array_t *arr) { } for (char* p = arr->begin; p <= arr->end; ++p) { - *p = 0; // BAD [NOT DETECTED] + *p = 0; // BAD } for (char* p = arr->begin; p < arr->end; ++p) { From 837f16c212bc405641d9007fc3e641003132b4ed Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 28 Apr 2023 12:15:51 +0100 Subject: [PATCH 082/870] Swift: Address singleton set literal warning --- .../codeql-language-guides/analyzing-data-flow-in-swift.rst | 2 +- swift/ql/examples/snippets/simple_sql_injection.ql | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst index 6ba39061232..f117f233109 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst @@ -267,7 +267,7 @@ The following global taint-tracking query finds places where a value from a remo predicate isSink(DataFlow::Node node) { exists(CallExpr call | - call.getStaticTarget().(MethodDecl).hasQualifiedName("Connection", ["execute(_:)"]) and + call.getStaticTarget().(MethodDecl).hasQualifiedName("Connection", "execute(_:)") and call.getArgument(0).getExpr() = node.asExpr() ) } diff --git a/swift/ql/examples/snippets/simple_sql_injection.ql b/swift/ql/examples/snippets/simple_sql_injection.ql index 6aaa3a50701..7695e62e599 100644 --- a/swift/ql/examples/snippets/simple_sql_injection.ql +++ b/swift/ql/examples/snippets/simple_sql_injection.ql @@ -17,7 +17,7 @@ module SqlInjectionConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node node) { exists(CallExpr call | - call.getStaticTarget().(MethodDecl).hasQualifiedName("Connection", ["execute(_:)"]) and + call.getStaticTarget().(MethodDecl).hasQualifiedName("Connection", "execute(_:)") and call.getArgument(0).getExpr() = node.asExpr() ) } From e0074d52ebe59c4a380d585d0a72f7ccaabd1090 Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Fri, 28 Apr 2023 10:56:35 +0200 Subject: [PATCH 083/870] Add autogenerated models for org.apache.commons.net --- .../org.apache.commons.net.model.yml | 1416 +++++++++++++++++ 1 file changed, 1416 insertions(+) create mode 100644 java/ql/lib/ext/generated/org.apache.commons.net.model.yml diff --git a/java/ql/lib/ext/generated/org.apache.commons.net.model.yml b/java/ql/lib/ext/generated/org.apache.commons.net.model.yml new file mode 100644 index 00000000000..49c61eb4328 --- /dev/null +++ b/java/ql/lib/ext/generated/org.apache.commons.net.model.yml @@ -0,0 +1,1416 @@ +# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT. +# Definitions of models for the org.apache.commons.net framework. +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.apache.commons.net.ftp", "FTPClient", true, "appendFile", "(String,InputStream)", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "appendFileStream", "(String)", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateListParsing", "()", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateListParsing", "(String)", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateListParsing", "(String,String)", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateMListParsing", "()", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateMListParsing", "(String)", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listDirectories", "()", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listDirectories", "(String)", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listFiles", "()", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listFiles", "(String)", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listFiles", "(String,FTPFileFilter)", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listNames", "()", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listNames", "(String)", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistDir", "()", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistDir", "(String)", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistDir", "(String,FTPFileFilter)", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "retrieveFile", "(String,OutputStream)", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "retrieveFileStream", "(String)", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "storeFile", "(String,InputStream)", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "storeFileStream", "(String)", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "storeUniqueFile", "(InputStream)", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "storeUniqueFile", "(String,InputStream)", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "storeUniqueFileStream", "()", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "storeUniqueFileStream", "(String)", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(File,String)", "", "Argument[0]", "read-file", "df-generated"] + - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(File,String,String)", "", "Argument[0]", "read-file", "df-generated"] + - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(String,File,String,String,String)", "", "Argument[1]", "read-file", "df-generated"] + - ["org.apache.commons.net", "SocketClient", true, "connect", "(String,int)", "", "Argument[this]", "open-url", "df-generated"] + - addsTo: + pack: codeql/java-all + extensible: sourceModel + data: + - ["org.apache.commons.net.ftp", "FTPClient", true, "listNames", "()", "", "ReturnValue", "remote", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listNames", "(String)", "", "ReturnValue", "remote", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "retrieveFile", "(String,OutputStream)", "", "Argument[1]", "remote", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "retrieveFileStream", "(String)", "", "ReturnValue", "remote", "df-generated"] + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + - ["org.apache.commons.net.bsd", "RCommandClient", true, "rcommand", "(String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.bsd", "RCommandClient", true, "rcommand", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.bsd", "RCommandClient", true, "rcommand", "(String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.bsd", "RCommandClient", true, "rcommand", "(String,String,String,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.bsd", "RCommandClient", true, "rcommand", "(String,String,String,boolean)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.bsd", "RCommandClient", true, "rcommand", "(String,String,String,boolean)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.bsd", "RExecClient", true, "getErrorStream", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.bsd", "RExecClient", true, "getInputStream", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.bsd", "RExecClient", true, "getOutputStream", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.bsd", "RExecClient", true, "rexec", "(String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.bsd", "RExecClient", true, "rexec", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.bsd", "RExecClient", true, "rexec", "(String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.bsd", "RExecClient", true, "rexec", "(String,String,String,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.bsd", "RExecClient", true, "rexec", "(String,String,String,boolean)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.bsd", "RExecClient", true, "rexec", "(String,String,String,boolean)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.bsd", "RLoginClient", true, "rlogin", "(String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.bsd", "RLoginClient", true, "rlogin", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.bsd", "RLoginClient", true, "rlogin", "(String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.bsd", "RLoginClient", true, "rlogin", "(String,String,String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.bsd", "RLoginClient", true, "rlogin", "(String,String,String,int)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.bsd", "RLoginClient", true, "rlogin", "(String,String,String,int)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.chargen", "CharGenTCPClient", false, "getInputStream", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.chargen", "CharGenUDPClient", false, "receive", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.daytime", "DaytimeTCPClient", false, "getTime", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.discard", "DiscardTCPClient", true, "getOutputStream", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.echo", "EchoTCPClient", false, "getInputStream", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.finger", "FingerClient", true, "getInputStream", "(boolean)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.finger", "FingerClient", true, "getInputStream", "(boolean,String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.finger", "FingerClient", true, "getInputStream", "(boolean,String,String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.finger", "FingerClient", true, "query", "(boolean)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.finger", "FingerClient", true, "query", "(boolean,String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "CompositeFileEntryParser", true, "CompositeFileEntryParser", "(FTPFileEntryParser[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "FTPTimestampParserImpl", true, "getDefaultDateFormat", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "FTPTimestampParserImpl", true, "getRecentDateFormat", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "FTPTimestampParserImpl", true, "getServerTimeZone", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "FTPTimestampParserImpl", true, "getShortMonths", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "FTPTimestampParserImpl", true, "parseTimestamp", "(String,Calendar)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "MLSxEntryParser", true, "parseEntry", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "ParserInitializationException", true, "ParserInitializationException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "ParserInitializationException", true, "ParserInitializationException", "(String,Throwable)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "ParserInitializationException", true, "ParserInitializationException", "(String,Throwable)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "ParserInitializationException", true, "getRootCause", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "RegexFTPFileEntryParserImpl", true, "matches", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "VMSFTPEntryParser", true, "parseFileList", "(InputStream)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "VMSFTPEntryParser", true, "parseFileList", "(InputStream)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "Configurable", true, "configure", "(FTPClientConfig)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "acct", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "appe", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "cwd", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "dele", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "eprt", "(InetAddress,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "getControlEncoding", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "getReplyString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "getReplyStrings", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "help", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "list", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "mdtm", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "mfmt", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "mfmt", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "mkd", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "mlsd", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "mlst", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "nlst", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "pass", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "port", "(InetAddress,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "rest", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "retr", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "rmd", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "rnfr", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "rnto", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "sendCommand", "(FTPCmd,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "sendCommand", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "sendCommand", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "sendCommand", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "sendCommand", "(int,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "setControlEncoding", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "site", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "size", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "smnt", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "stat", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "stor", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "stou", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", true, "user", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient$HostnameResolver", true, "resolve", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient$HostnameResolver", true, "resolve", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient$NatServerResolverImpl", true, "NatServerResolverImpl", "(FTPClient)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "appendFile", "(String,InputStream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "appendFileStream", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "changeWorkingDirectory", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "deleteFile", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "doCommand", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "doCommand", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "doCommandAsStrings", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "doCommandAsStrings", "(String,String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "doCommandAsStrings", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "doCommandAsStrings", "(String,String)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "doCommandAsStrings", "(String,String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "enterRemoteActiveMode", "(InetAddress,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "featureValue", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "featureValues", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "getControlKeepAliveReplyTimeoutDuration", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "getControlKeepAliveTimeoutDuration", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "getCopyStreamListener", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "getDataTimeout", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "getModificationTime", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "getModificationTime", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "getModificationTime", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "getPassiveHost", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "getPassiveLocalIPAddress", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "getSize", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "getSize", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "getSize", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "getStatus", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "getStatus", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "getStatus", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "getStatus", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "getSystemName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "getSystemType", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateListParsing", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateListParsing", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateListParsing", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateListParsing", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateListParsing", "(String,String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateListParsing", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateListParsing", "(String,String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateMListParsing", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listDirectories", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listFiles", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listFiles", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listFiles", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listFiles", "(String,FTPFileFilter)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listHelp", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listHelp", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listHelp", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listHelp", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listNames", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "login", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "login", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "login", "(String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "login", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "login", "(String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "makeDirectory", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "mdtmCalendar", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "mdtmFile", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "mdtmFile", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "mdtmFile", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "mdtmInstant", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistDir", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistDir", "(String,FTPFileFilter)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistFile", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistFile", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistFile", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "printWorkingDirectory", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "remoteAppend", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "remoteRetrieve", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "remoteStore", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "remoteStoreUnique", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "removeDirectory", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "rename", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "rename", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "retrieveFile", "(String,OutputStream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "retrieveFileStream", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "sendSiteCommand", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "setActiveExternalIPAddress", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "setControlKeepAliveReplyTimeout", "(Duration)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "setControlKeepAliveTimeout", "(Duration)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "setCopyStreamListener", "(CopyStreamListener)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "setDataTimeout", "(Duration)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "setModificationTime", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "setModificationTime", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "setParserFactory", "(FTPFileEntryParserFactory)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "setPassiveLocalIPAddress", "(InetAddress)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "setPassiveLocalIPAddress", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "setPassiveNatWorkaroundStrategy", "(HostnameResolver)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "setReportActiveExternalIPAddress", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "storeFile", "(String,InputStream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "storeFileStream", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "storeUniqueFile", "(String,InputStream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "storeUniqueFileStream", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "structureMount", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(FTPClientConfig)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String)", "", "Argument[4]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String)", "", "Argument[5]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String,boolean,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String,boolean,boolean)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String,boolean,boolean)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String,boolean,boolean)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String,boolean,boolean)", "", "Argument[4]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String,boolean,boolean)", "", "Argument[5]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "getDefaultDateFormatStr", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "getRecentDateFormatStr", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "getServerLanguageCode", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "getServerSystemKey", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "getServerTimeZoneId", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "getShortMonthNames", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "setDefaultDateFormatStr", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "setRecentDateFormatStr", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "setServerLanguageCode", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "setServerTimeZoneId", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "setShortMonthNames", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPConnectionClosedException", true, "FTPConnectionClosedException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", true, "getGroup", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", true, "getLink", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", true, "getName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", true, "getRawListing", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", true, "getTimestamp", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", true, "getUser", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", true, "setGroup", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", true, "setLink", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", true, "setName", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", true, "setRawListing", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", true, "setTimestamp", "(Calendar)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", true, "setUser", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", true, "toFormattedString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", true, "toFormattedString", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", true, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFileEntryParser", true, "parseFTPEntry", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFileEntryParser", true, "parseFTPEntry", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFileEntryParser", true, "preParse", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFileEntryParser", true, "readNextEntry", "(BufferedReader)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPHTTPClient", true, "FTPHTTPClient", "(String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPHTTPClient", true, "FTPHTTPClient", "(String,int,Charset)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPHTTPClient", true, "FTPHTTPClient", "(String,int,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPHTTPClient", true, "FTPHTTPClient", "(String,int,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPHTTPClient", true, "FTPHTTPClient", "(String,int,String,String)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPHTTPClient", true, "FTPHTTPClient", "(String,int,String,String,Charset)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPHTTPClient", true, "FTPHTTPClient", "(String,int,String,String,Charset)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPHTTPClient", true, "FTPHTTPClient", "(String,int,String,String,Charset)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPListParseEngine", true, "FTPListParseEngine", "(FTPFileEntryParser)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPListParseEngine", true, "getFileList", "(FTPFileFilter)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPListParseEngine", true, "getFiles", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPListParseEngine", true, "getFiles", "(FTPFileFilter)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPListParseEngine", true, "getNext", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPListParseEngine", true, "getPrevious", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPListParseEngine", true, "readServerList", "(InputStream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPListParseEngine", true, "readServerList", "(InputStream,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", true, "FTPSClient", "(SSLContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", true, "FTPSClient", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", true, "FTPSClient", "(String,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", true, "FTPSClient", "(boolean,SSLContext)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", true, "execADAT", "(byte[])", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", true, "execAUTH", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", true, "execCONF", "(byte[])", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", true, "execENC", "(byte[])", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", true, "execMIC", "(byte[])", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", true, "execPROT", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", true, "getAuthValue", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", true, "getEnabledCipherSuites", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", true, "getEnabledProtocols", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", true, "getHostnameVerifier", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", true, "getTrustManager", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", true, "parseADATReply", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", true, "setAuthValue", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", true, "setEnabledCipherSuites", "(String[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", true, "setEnabledProtocols", "(String[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", true, "setHostnameVerifier", "(HostnameVerifier)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", true, "setKeyManager", "(KeyManager)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", true, "setTrustManager", "(TrustManager)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSServerSocketFactory", true, "FTPSServerSocketFactory", "(SSLContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSServerSocketFactory", true, "init", "(ServerSocket)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSSocketFactory", true, "FTPSSocketFactory", "(SSLContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSSocketFactory", true, "init", "(ServerSocket)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient", true, "AuthenticatingIMAPClient", "(SSLContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient", true, "AuthenticatingIMAPClient", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient", true, "AuthenticatingIMAPClient", "(String,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient", true, "AuthenticatingIMAPClient", "(String,boolean,SSLContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient", true, "AuthenticatingIMAPClient", "(String,boolean,SSLContext)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient", true, "AuthenticatingIMAPClient", "(boolean,SSLContext)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient", true, "auth", "(AUTH_METHOD,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient", true, "auth", "(AUTH_METHOD,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient", true, "authenticate", "(AUTH_METHOD,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient", true, "authenticate", "(AUTH_METHOD,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAP$IMAPChunkListener", true, "chunkReceived", "(IMAP)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAP", true, "doCommand", "(IMAPCommand,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAP", true, "getReplyString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAP", true, "getReplyStrings", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAP", true, "sendCommand", "(IMAPCommand,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAP", true, "sendCommand", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAP", true, "sendCommand", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAP", true, "sendCommand", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAP", true, "sendData", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAP", true, "setChunkListener", "(IMAPChunkListener)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "append", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "append", "(String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "append", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "append", "(String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "append", "(String,String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "append", "(String,String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "append", "(String,String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "append", "(String,String,String,String)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "copy", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "copy", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "create", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "delete", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "examine", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "fetch", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "fetch", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "list", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "list", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "login", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "login", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "lsub", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "lsub", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "rename", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "rename", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "search", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "search", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "search", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "select", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "status", "(String,String[])", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "status", "(String,String[])", "", "Argument[1].ArrayElement", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "store", "(String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "store", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "store", "(String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "subscribe", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "uid", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "uid", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", true, "unsubscribe", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPSClient", true, "IMAPSClient", "(SSLContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPSClient", true, "IMAPSClient", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPSClient", true, "IMAPSClient", "(String,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPSClient", true, "IMAPSClient", "(String,boolean,SSLContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPSClient", true, "IMAPSClient", "(String,boolean,SSLContext)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPSClient", true, "IMAPSClient", "(boolean,SSLContext)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPSClient", true, "getEnabledCipherSuites", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPSClient", true, "getEnabledProtocols", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPSClient", true, "getHostnameVerifier", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPSClient", true, "getTrustManager", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPSClient", true, "setEnabledCipherSuites", "(String[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPSClient", true, "setEnabledProtocols", "(String[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPSClient", true, "setHostnameVerifier", "(HostnameVerifier)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPSClient", true, "setKeyManager", "(KeyManager)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPSClient", true, "setTrustManager", "(TrustManager)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.io", "CRLFLineReader", false, "CRLFLineReader", "(Reader)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.io", "CopyStreamEvent", true, "CopyStreamEvent", "(Object,long,int,long)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.io", "CopyStreamEvent", true, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.io", "CopyStreamException", true, "CopyStreamException", "(String,long,IOException)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.io", "CopyStreamException", true, "getIOException", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.io", "DotTerminatedMessageReader", false, "DotTerminatedMessageReader", "(Reader)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.io", "DotTerminatedMessageWriter", false, "DotTerminatedMessageWriter", "(Writer)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.io", "FromNetASCIIOutputStream", false, "FromNetASCIIOutputStream", "(OutputStream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.io", "SocketInputStream", true, "SocketInputStream", "(Socket,InputStream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.io", "SocketOutputStream", true, "SocketOutputStream", "(Socket,OutputStream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.io", "SocketOutputStream", true, "SocketOutputStream", "(Socket,OutputStream)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.io", "ToNetASCIIOutputStream", false, "ToNetASCIIOutputStream", "(OutputStream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.io", "Util", false, "copyReader", "(Reader,Writer)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.io", "Util", false, "copyReader", "(Reader,Writer,int)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.io", "Util", false, "copyReader", "(Reader,Writer,int,long,CopyStreamListener)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.io", "Util", false, "copyStream", "(InputStream,OutputStream)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.io", "Util", false, "copyStream", "(InputStream,OutputStream,int)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.io", "Util", false, "copyStream", "(InputStream,OutputStream,int,long,CopyStreamListener)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.io", "Util", false, "copyStream", "(InputStream,OutputStream,int,long,CopyStreamListener,boolean)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "Article", true, "addReference", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "Article", true, "getArticleId", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "Article", true, "getDate", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "Article", true, "getFrom", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "Article", true, "getReferences", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "Article", true, "getSubject", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "Article", true, "setArticleId", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "Article", true, "setDate", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "Article", true, "setFrom", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "Article", true, "setSubject", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "Article", true, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "article", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "authinfoPass", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "authinfoUser", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "body", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "getReplyString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "group", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "head", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "ihave", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "listActive", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "newgroups", "(String,String,boolean,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "newgroups", "(String,String,boolean,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "newgroups", "(String,String,boolean,String)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "newnews", "(String,String,String,boolean,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "newnews", "(String,String,String,boolean,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "newnews", "(String,String,String,boolean,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "newnews", "(String,String,String,boolean,String)", "", "Argument[4]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "sendCommand", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "sendCommand", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "sendCommand", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "sendCommand", "(int,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "stat", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "xhdr", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "xhdr", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", true, "xover", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "authenticate", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "authenticate", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "forwardArticle", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "forwardArticle", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "forwardArticle", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewNews", "(NewGroupsOrNewsQuery)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewNews", "(NewGroupsOrNewsQuery)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewNews", "(NewGroupsOrNewsQuery)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewNewsgroupListing", "(NewGroupsOrNewsQuery)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewNewsgroupListing", "(NewGroupsOrNewsQuery)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewNewsgroupListing", "(NewGroupsOrNewsQuery)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewNewsgroups", "(NewGroupsOrNewsQuery)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewsgroupListing", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewsgroupListing", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewsgroupListing", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewsgroupListing", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewsgroups", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "listHelp", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "listNewNews", "(NewGroupsOrNewsQuery)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "listNewNews", "(NewGroupsOrNewsQuery)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "listNewNews", "(NewGroupsOrNewsQuery)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "listNewNewsgroups", "(NewGroupsOrNewsQuery)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "listNewNewsgroups", "(NewGroupsOrNewsQuery)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "listNewsgroups", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "listNewsgroups", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "listNewsgroups", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "listOverviewFmt", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "postArticle", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String,ArticleInfo)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String,ArticleInfo)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String,ArticleInfo)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String,ArticleInfo)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String,ArticleInfo)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String,ArticlePointer)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String,ArticlePointer)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String,ArticlePointer)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String,ArticlePointer)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String,ArticlePointer)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(int,ArticlePointer)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(int,ArticlePointer)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(long,ArticleInfo)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(long,ArticleInfo)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String,ArticleInfo)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String,ArticleInfo)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String,ArticleInfo)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String,ArticleInfo)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String,ArticleInfo)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String,ArticlePointer)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String,ArticlePointer)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String,ArticlePointer)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String,ArticlePointer)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String,ArticlePointer)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(int,ArticlePointer)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(int,ArticlePointer)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(long,ArticleInfo)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(long,ArticleInfo)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String,ArticleInfo)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String,ArticleInfo)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String,ArticleInfo)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String,ArticleInfo)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String,ArticleInfo)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String,ArticlePointer)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String,ArticlePointer)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String,ArticlePointer)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String,ArticlePointer)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String,ArticlePointer)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(int,ArticlePointer)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(int,ArticlePointer)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(long,ArticleInfo)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(long,ArticleInfo)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleInfo", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleInfo", "(int,int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleInfo", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleInfo", "(long,long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,int)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,int,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,int,int)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,int,int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,long)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,long)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,long,long)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,long,long)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,long,long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectArticle", "(ArticleInfo)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectArticle", "(ArticlePointer)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectArticle", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectArticle", "(String,ArticleInfo)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectArticle", "(String,ArticleInfo)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectArticle", "(String,ArticleInfo)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectArticle", "(String,ArticlePointer)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectArticle", "(String,ArticlePointer)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectArticle", "(String,ArticlePointer)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectArticle", "(int,ArticlePointer)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectArticle", "(long,ArticleInfo)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectNewsgroup", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectNewsgroup", "(String,NewsgroupInfo)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectNewsgroup", "(String,NewsgroupInfo)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectNewsgroup", "(String,NewsgroupInfo)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectNextArticle", "(ArticleInfo)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectNextArticle", "(ArticlePointer)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectPreviousArticle", "(ArticleInfo)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectPreviousArticle", "(ArticlePointer)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPConnectionClosedException", false, "NNTPConnectionClosedException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NewGroupsOrNewsQuery", false, "addDistribution", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NewGroupsOrNewsQuery", false, "addNewsgroup", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NewGroupsOrNewsQuery", false, "getDate", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NewGroupsOrNewsQuery", false, "getDistributions", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NewGroupsOrNewsQuery", false, "getNewsgroups", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NewGroupsOrNewsQuery", false, "getTime", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NewGroupsOrNewsQuery", false, "omitNewsgroup", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "NewsgroupInfo", false, "getNewsgroup", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "SimpleNNTPHeader", true, "SimpleNNTPHeader", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "SimpleNNTPHeader", true, "SimpleNNTPHeader", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "SimpleNNTPHeader", true, "addHeaderField", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "SimpleNNTPHeader", true, "addHeaderField", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "SimpleNNTPHeader", true, "addNewsgroup", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "SimpleNNTPHeader", true, "getFromAddress", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "SimpleNNTPHeader", true, "getNewsgroups", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "SimpleNNTPHeader", true, "getSubject", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "SimpleNNTPHeader", true, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "Threadable", true, "messageThreadId", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "Threadable", true, "messageThreadReferences", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "Threadable", true, "setChild", "(Threadable)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "Threadable", true, "setNext", "(Threadable)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "Threadable", true, "simplifiedSubject", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "Threader", true, "thread", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "Threader", true, "thread", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.nntp", "Threader", true, "thread", "(Threadable[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", true, "getDatagramPacket", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", true, "setDatagramPacket", "(DatagramPacket)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeInfo", true, "TimeInfo", "(NtpV3Packet,long)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeInfo", true, "TimeInfo", "(NtpV3Packet,long,List)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeInfo", true, "TimeInfo", "(NtpV3Packet,long,List)", "", "Argument[2].Element", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeInfo", true, "TimeInfo", "(NtpV3Packet,long,List,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeInfo", true, "TimeInfo", "(NtpV3Packet,long,List,boolean)", "", "Argument[2].Element", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeInfo", true, "TimeInfo", "(NtpV3Packet,long,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeInfo", true, "addComment", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeInfo", true, "getAddress", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeInfo", true, "getComments", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeInfo", true, "getMessage", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "ExtendedPOP3Client", true, "auth", "(AUTH_METHOD,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "ExtendedPOP3Client", true, "auth", "(AUTH_METHOD,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3", true, "getReplyString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3", true, "getReplyStrings", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3", true, "sendCommand", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3", true, "sendCommand", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3", true, "sendCommand", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3", true, "sendCommand", "(int,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3Client", true, "listUniqueIdentifier", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3Client", true, "login", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3Client", true, "login", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3Client", true, "login", "(String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3Client", true, "retrieveMessage", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3Client", true, "retrieveMessageTop", "(int,int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3MessageInfo", false, "POP3MessageInfo", "(int,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3MessageInfo", false, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3SClient", true, "POP3SClient", "(SSLContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3SClient", true, "POP3SClient", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3SClient", true, "POP3SClient", "(String,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3SClient", true, "POP3SClient", "(String,boolean,SSLContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3SClient", true, "POP3SClient", "(String,boolean,SSLContext)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3SClient", true, "POP3SClient", "(boolean,SSLContext)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3SClient", true, "getEnabledCipherSuites", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3SClient", true, "getEnabledProtocols", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3SClient", true, "getHostnameVerifier", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3SClient", true, "getTrustManager", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3SClient", true, "setEnabledCipherSuites", "(String[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3SClient", true, "setEnabledProtocols", "(String[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3SClient", true, "setHostnameVerifier", "(HostnameVerifier)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3SClient", true, "setKeyManager", "(KeyManager)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3SClient", true, "setTrustManager", "(TrustManager)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", true, "AuthenticatingSMTPClient", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", true, "AuthenticatingSMTPClient", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", true, "AuthenticatingSMTPClient", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", true, "AuthenticatingSMTPClient", "(String,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", true, "AuthenticatingSMTPClient", "(String,boolean,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", true, "AuthenticatingSMTPClient", "(String,boolean,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", true, "AuthenticatingSMTPClient", "(boolean,SSLContext)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", true, "auth", "(AUTH_METHOD,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", true, "auth", "(AUTH_METHOD,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", true, "ehlo", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", true, "elogin", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "RelayPath", false, "RelayPath", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "RelayPath", false, "addRelay", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "RelayPath", false, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", true, "SMTP", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", true, "expn", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", true, "getReplyString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", true, "getReplyStrings", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", true, "helo", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", true, "help", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", true, "mail", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", true, "rcpt", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", true, "saml", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", true, "send", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", true, "sendCommand", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", true, "sendCommand", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", true, "sendCommand", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", true, "sendCommand", "(int,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", true, "soml", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", true, "vrfy", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPClient", true, "SMTPClient", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPClient", true, "addRecipient", "(RelayPath)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPClient", true, "addRecipient", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPClient", true, "listHelp", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPClient", true, "listHelp", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPClient", true, "listHelp", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPClient", true, "listHelp", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPClient", true, "login", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPClient", true, "sendMessageData", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPClient", true, "sendSimpleMessage", "(String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPClient", true, "sendSimpleMessage", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPClient", true, "sendSimpleMessage", "(String,String[],String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPClient", true, "sendSimpleMessage", "(String,String[],String)", "", "Argument[1].ArrayElement", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPClient", true, "setSender", "(RelayPath)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPClient", true, "setSender", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPClient", true, "verify", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPConnectionClosedException", false, "SMTPConnectionClosedException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPSClient", true, "SMTPSClient", "(SSLContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPSClient", true, "SMTPSClient", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPSClient", true, "SMTPSClient", "(String,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPSClient", true, "SMTPSClient", "(String,boolean,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPSClient", true, "SMTPSClient", "(String,boolean,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPSClient", true, "SMTPSClient", "(boolean,SSLContext)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPSClient", true, "getEnabledCipherSuites", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPSClient", true, "getEnabledProtocols", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPSClient", true, "getHostnameVerifier", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPSClient", true, "getKeyManager", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPSClient", true, "getTrustManager", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPSClient", true, "setEnabledCipherSuites", "(String[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPSClient", true, "setEnabledProtocols", "(String[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPSClient", true, "setHostnameVerifier", "(HostnameVerifier)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPSClient", true, "setKeyManager", "(KeyManager)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPSClient", true, "setTrustManager", "(TrustManager)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SimpleSMTPHeader", true, "SimpleSMTPHeader", "(String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SimpleSMTPHeader", true, "SimpleSMTPHeader", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SimpleSMTPHeader", true, "SimpleSMTPHeader", "(String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SimpleSMTPHeader", true, "addCC", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SimpleSMTPHeader", true, "addHeaderField", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SimpleSMTPHeader", true, "addHeaderField", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.smtp", "SimpleSMTPHeader", true, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.telnet", "InvalidTelnetOptionException", true, "InvalidTelnetOptionException", "(String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.telnet", "Telnet", true, "addOptionHandler", "(TelnetOptionHandler)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.telnet", "Telnet", true, "registerNotifHandler", "(TelnetNotificationHandler)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetClient", true, "TelnetClient", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetClient", true, "TelnetClient", "(String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetClient", true, "getInputStream", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetClient", true, "getOutputStream", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetClient", true, "registerInputListener", "(TelnetInputListener)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetClient", true, "registerSpyStream", "(OutputStream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.telnet", "TerminalTypeOptionHandler", true, "TerminalTypeOptionHandler", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.telnet", "TerminalTypeOptionHandler", true, "TerminalTypeOptionHandler", "(String,boolean,boolean,boolean,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTP", true, "bufferedReceive", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTP", true, "bufferedSend", "(TFTPPacket)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPAckPacket", false, "TFTPAckPacket", "(InetAddress,int,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPAckPacket", false, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,InetAddress)", "", "Argument[0]", "Argument[2]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,InetAddress)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,InetAddress)", "", "Argument[3]", "Argument[2]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,InetAddress)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,InetAddress)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,InetAddress,int)", "", "Argument[0]", "Argument[2]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,InetAddress,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,InetAddress,int)", "", "Argument[3]", "Argument[2]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,InetAddress,int)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,InetAddress,int)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,String)", "", "Argument[0]", "Argument[2]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,String)", "", "Argument[3]", "Argument[2]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,String)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,String)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,String,int)", "", "Argument[0]", "Argument[2]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,String,int)", "", "Argument[3]", "Argument[2]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,String,int)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,String,int)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,InetAddress)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,InetAddress)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,InetAddress)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,InetAddress,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,InetAddress,int)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,InetAddress,int)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,String)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,String,int)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,String,int)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPDataPacket", false, "TFTPDataPacket", "(InetAddress,int,int,byte[])", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPDataPacket", false, "TFTPDataPacket", "(InetAddress,int,int,byte[])", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPDataPacket", false, "TFTPDataPacket", "(InetAddress,int,int,byte[],int,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPDataPacket", false, "TFTPDataPacket", "(InetAddress,int,int,byte[],int,int)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPDataPacket", false, "getData", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPDataPacket", false, "setData", "(byte[],int,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPDataPacket", false, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPErrorPacket", false, "TFTPErrorPacket", "(InetAddress,int,int,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPErrorPacket", false, "TFTPErrorPacket", "(InetAddress,int,int,String)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPErrorPacket", false, "getMessage", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPErrorPacket", false, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPPacket", true, "getAddress", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPPacket", true, "newTFTPPacket", "(DatagramPacket)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPPacket", true, "setAddress", "(InetAddress)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPPacket", true, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPPacketException", true, "TFTPPacketException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPReadRequestPacket", false, "TFTPReadRequestPacket", "(InetAddress,int,String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPReadRequestPacket", false, "TFTPReadRequestPacket", "(InetAddress,int,String,int)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPReadRequestPacket", false, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPRequestPacket", true, "getFilename", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPWriteRequestPacket", false, "TFTPWriteRequestPacket", "(InetAddress,int,String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPWriteRequestPacket", false, "TFTPWriteRequestPacket", "(InetAddress,int,String,int)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPWriteRequestPacket", false, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "Base64", true, "Base64", "(int,byte[])", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.util", "Base64", true, "Base64", "(int,byte[],boolean)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.util", "Base64", true, "decode", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "Base64", true, "decode", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "Base64", true, "decode", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "Base64", true, "decode", "(byte[])", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "Base64", true, "decodeBase64", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "Base64", true, "decodeBase64", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "Base64", true, "encode", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "Base64", true, "encode", "(byte[])", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "Base64", true, "encodeBase64", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "Base64", true, "encodeBase64", "(byte[],boolean)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "Base64", true, "encodeBase64", "(byte[],boolean,boolean)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "Base64", true, "encodeBase64", "(byte[],boolean,boolean,int)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "Base64", true, "encodeBase64Chunked", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "Base64", true, "encodeBase64String", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "Base64", true, "encodeBase64String", "(byte[],boolean)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "Base64", true, "encodeBase64StringUnChunked", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "Base64", true, "encodeBase64URLSafe", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "Base64", true, "encodeBase64URLSafeString", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "Base64", true, "encodeToString", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "Base64", true, "encodeToString", "(byte[])", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(File,String,String)", "", "Argument[2]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(KeyStore,String,String)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(String,File,String,String,String)", "", "Argument[3]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.util", "ListenerList", true, "addListener", "(EventListener)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net.whois", "WhoisClient", false, "getInputStream", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net.whois", "WhoisClient", false, "query", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net", "DatagramSocketClient", true, "getLocalAddress", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net", "DatagramSocketClient", true, "setDatagramSocketFactory", "(DatagramSocketFactory)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net", "DefaultSocketFactory", true, "DefaultSocketFactory", "(Proxy)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net", "MalformedServerReplyException", true, "MalformedServerReplyException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net", "PrintCommandListener", true, "PrintCommandListener", "(PrintWriter)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net", "PrintCommandListener", true, "PrintCommandListener", "(PrintWriter,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net", "PrintCommandListener", true, "PrintCommandListener", "(PrintWriter,boolean,char)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net", "PrintCommandListener", true, "PrintCommandListener", "(PrintWriter,boolean,char,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net", "ProtocolCommandEvent", true, "ProtocolCommandEvent", "(Object,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net", "ProtocolCommandEvent", true, "ProtocolCommandEvent", "(Object,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net", "ProtocolCommandEvent", true, "ProtocolCommandEvent", "(Object,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net", "ProtocolCommandEvent", true, "ProtocolCommandEvent", "(Object,int,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net", "ProtocolCommandEvent", true, "ProtocolCommandEvent", "(Object,int,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net", "ProtocolCommandEvent", true, "getCommand", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net", "ProtocolCommandEvent", true, "getMessage", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net", "ProtocolCommandSupport", true, "ProtocolCommandSupport", "(Object)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net", "SocketClient", true, "connect", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net", "SocketClient", true, "connect", "(String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net", "SocketClient", true, "connect", "(String,int,InetAddress,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net", "SocketClient", true, "getLocalAddress", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net", "SocketClient", true, "getProxy", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net", "SocketClient", true, "getRemoteAddress", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net", "SocketClient", true, "getServerSocketFactory", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["org.apache.commons.net", "SocketClient", true, "setProxy", "(Proxy)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net", "SocketClient", true, "setServerSocketFactory", "(ServerSocketFactory)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - ["org.apache.commons.net", "SocketClient", true, "setSocketFactory", "(SocketFactory)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] + - addsTo: + pack: codeql/java-all + extensible: neutralModel + data: + - ["org.apache.commons.net.bsd", "RCommandClient", "connect", "(InetAddress,int,InetAddress)", "df-generated"] + - ["org.apache.commons.net.bsd", "RCommandClient", "connect", "(String,int,InetAddress)", "df-generated"] + - ["org.apache.commons.net.bsd", "RExecClient", "isRemoteVerificationEnabled", "()", "df-generated"] + - ["org.apache.commons.net.bsd", "RExecClient", "setRemoteVerificationEnabled", "(boolean)", "df-generated"] + - ["org.apache.commons.net.chargen", "CharGenUDPClient", "send", "(InetAddress)", "df-generated"] + - ["org.apache.commons.net.chargen", "CharGenUDPClient", "send", "(InetAddress,int)", "df-generated"] + - ["org.apache.commons.net.daytime", "DaytimeUDPClient", "getTime", "(InetAddress)", "df-generated"] + - ["org.apache.commons.net.daytime", "DaytimeUDPClient", "getTime", "(InetAddress,int)", "df-generated"] + - ["org.apache.commons.net.discard", "DiscardUDPClient", "send", "(byte[],InetAddress)", "df-generated"] + - ["org.apache.commons.net.discard", "DiscardUDPClient", "send", "(byte[],int,InetAddress)", "df-generated"] + - ["org.apache.commons.net.discard", "DiscardUDPClient", "send", "(byte[],int,InetAddress,int)", "df-generated"] + - ["org.apache.commons.net.echo", "EchoUDPClient", "receive", "(byte[])", "df-generated"] + - ["org.apache.commons.net.echo", "EchoUDPClient", "receive", "(byte[],int)", "df-generated"] + - ["org.apache.commons.net.examples.mail", "POP3Mail", "printMessageInfo", "(BufferedReader,int)", "df-generated"] + - ["org.apache.commons.net.examples.nntp", "NNTPUtils", "getArticleInfo", "(NNTPClient,long,long)", "df-generated"] + - ["org.apache.commons.net.examples.ntp", "NTPClient", "processResponse", "(TimeInfo)", "df-generated"] + - ["org.apache.commons.net.examples.ntp", "SimpleNTPServer", "SimpleNTPServer", "(int)", "df-generated"] + - ["org.apache.commons.net.examples.ntp", "SimpleNTPServer", "connect", "()", "df-generated"] + - ["org.apache.commons.net.examples.ntp", "SimpleNTPServer", "getPort", "()", "df-generated"] + - ["org.apache.commons.net.examples.ntp", "SimpleNTPServer", "isRunning", "()", "df-generated"] + - ["org.apache.commons.net.examples.ntp", "SimpleNTPServer", "isStarted", "()", "df-generated"] + - ["org.apache.commons.net.examples.ntp", "SimpleNTPServer", "start", "()", "df-generated"] + - ["org.apache.commons.net.examples.ntp", "SimpleNTPServer", "stop", "()", "df-generated"] + - ["org.apache.commons.net.examples.ntp", "TimeClient", "timeTCP", "(String)", "df-generated"] + - ["org.apache.commons.net.examples.ntp", "TimeClient", "timeUDP", "(String)", "df-generated"] + - ["org.apache.commons.net.examples.unix", "chargen", "chargenTCP", "(String)", "df-generated"] + - ["org.apache.commons.net.examples.unix", "chargen", "chargenUDP", "(String)", "df-generated"] + - ["org.apache.commons.net.examples.unix", "daytime", "daytimeTCP", "(String)", "df-generated"] + - ["org.apache.commons.net.examples.unix", "daytime", "daytimeUDP", "(String)", "df-generated"] + - ["org.apache.commons.net.examples.unix", "echo", "echoTCP", "(String)", "df-generated"] + - ["org.apache.commons.net.examples.unix", "echo", "echoUDP", "(String)", "df-generated"] + - ["org.apache.commons.net.examples.unix", "rdate", "timeTCP", "(String)", "df-generated"] + - ["org.apache.commons.net.examples.unix", "rdate", "timeUDP", "(String)", "df-generated"] + - ["org.apache.commons.net.examples.util", "IOUtil", "readWrite", "(InputStream,OutputStream,InputStream,OutputStream)", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "ConfigurableFTPFileEntryParserImpl", "ConfigurableFTPFileEntryParserImpl", "(String)", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "ConfigurableFTPFileEntryParserImpl", "ConfigurableFTPFileEntryParserImpl", "(String,int)", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "ConfigurableFTPFileEntryParserImpl", "getDefaultConfiguration", "()", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "ConfigurableFTPFileEntryParserImpl", "parseTimestamp", "(String)", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "DefaultFTPFileEntryParserFactory", "createMVSEntryParser", "()", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "DefaultFTPFileEntryParserFactory", "createNTFTPEntryParser", "()", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "DefaultFTPFileEntryParserFactory", "createNetwareFTPEntryParser", "()", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "DefaultFTPFileEntryParserFactory", "createOS2FTPEntryParser", "()", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "DefaultFTPFileEntryParserFactory", "createOS400FTPEntryParser", "()", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "DefaultFTPFileEntryParserFactory", "createUnixFTPEntryParser", "()", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "DefaultFTPFileEntryParserFactory", "createVMSVersioningFTPEntryParser", "()", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "FTPFileEntryParserFactory", "createFileEntryParser", "(FTPClientConfig)", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "FTPFileEntryParserFactory", "createFileEntryParser", "(String)", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "FTPTimestampParser", "parseTimestamp", "(String)", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "FTPTimestampParserImpl", "getDefaultDateFormatString", "()", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "FTPTimestampParserImpl", "getRecentDateFormatString", "()", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "MLSxEntryParser", "getInstance", "()", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "MLSxEntryParser", "parseGMTdateTime", "(String)", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "MLSxEntryParser", "parseGmtInstant", "(String)", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "MacOsPeterFTPEntryParser", "MacOsPeterFTPEntryParser", "(FTPClientConfig)", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "NTFTPEntryParser", "NTFTPEntryParser", "(FTPClientConfig)", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "NetwareFTPEntryParser", "NetwareFTPEntryParser", "(FTPClientConfig)", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "OS2FTPEntryParser", "OS2FTPEntryParser", "(FTPClientConfig)", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "OS400FTPEntryParser", "OS400FTPEntryParser", "(FTPClientConfig)", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "RegexFTPFileEntryParserImpl", "RegexFTPFileEntryParserImpl", "(String)", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "RegexFTPFileEntryParserImpl", "RegexFTPFileEntryParserImpl", "(String,int)", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "RegexFTPFileEntryParserImpl", "getGroupCnt", "()", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "RegexFTPFileEntryParserImpl", "getGroupsAsString", "()", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "RegexFTPFileEntryParserImpl", "group", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "RegexFTPFileEntryParserImpl", "setRegex", "(String)", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "RegexFTPFileEntryParserImpl", "setRegex", "(String,int)", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "UnixFTPEntryParser", "UnixFTPEntryParser", "(FTPClientConfig)", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "UnixFTPEntryParser", "UnixFTPEntryParser", "(FTPClientConfig,boolean)", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "VMSFTPEntryParser", "VMSFTPEntryParser", "(FTPClientConfig)", "df-generated"] + - ["org.apache.commons.net.ftp.parser", "VMSVersioningFTPEntryParser", "VMSVersioningFTPEntryParser", "(FTPClientConfig)", "df-generated"] + - ["org.apache.commons.net.ftp", "Configurable", "configure", "(FTPClientConfig)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "abor", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "allo", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "allo", "(int,int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "allo", "(long)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "allo", "(long,int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "cdup", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "epsv", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "feat", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "getReply", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "getReplyCode", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "help", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "isStrictMultilineParsing", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "isStrictReplyParsing", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "list", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "mlsd", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "mlst", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "mode", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "nlst", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "noop", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "pasv", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "pwd", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "quit", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "rein", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "sendCommand", "(FTPCmd)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "sendCommand", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "setStrictMultilineParsing", "(boolean)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "setStrictReplyParsing", "(boolean)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "stat", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "stou", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "stru", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "syst", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "type", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTP", "type", "(int,int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "abort", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "allocate", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "allocate", "(int,int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "allocate", "(long)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "allocate", "(long,int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "changeToParentDirectory", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "completePendingCommand", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "enterLocalActiveMode", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "enterLocalPassiveMode", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "enterRemotePassiveMode", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "features", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "getAutodetectUTF8", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "getBufferSize", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "getControlKeepAliveReplyTimeout", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "getControlKeepAliveTimeout", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "getCslDebug", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "getDataConnectionMode", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "getListHiddenFiles", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "getPassivePort", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "getReceiveDataSocketBufferSize", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "getRestartOffset", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "getSendDataSocketBufferSize", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "hasFeature", "(FTPCmd)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "hasFeature", "(String)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "hasFeature", "(String,String)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "initiateMListParsing", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "isIpAddressFromPasvResponse", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "isRemoteVerificationEnabled", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "isUseEPSVwithIPv4", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "listDirectories", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "listNames", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "logout", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "mlistDir", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "reinitialize", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "remoteStoreUnique", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "sendNoOp", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "setActivePortRange", "(int,int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "setAutodetectUTF8", "(boolean)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "setBufferSize", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "setControlKeepAliveReplyTimeout", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "setControlKeepAliveTimeout", "(long)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "setDataTimeout", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "setFileStructure", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "setFileTransferMode", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "setFileType", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "setFileType", "(int,int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "setIpAddressFromPasvResponse", "(boolean)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "setListHiddenFiles", "(boolean)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "setPassiveNatWorkaround", "(boolean)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "setReceieveDataSocketBufferSize", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "setRemoteVerificationEnabled", "(boolean)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "setRestartOffset", "(long)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "setSendDataSocketBufferSize", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "setUseEPSVwithIPv4", "(boolean)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "storeUniqueFile", "(InputStream)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", "storeUniqueFileStream", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", "getDateFormatSymbols", "(String)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", "getSupportedLanguageCodes", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", "getUnparseableEntries", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", "isLenientFutureDates", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", "lookupDateFormatSymbols", "(String)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", "setLenientFutureDates", "(boolean)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClientConfig", "setUnparseableEntries", "(boolean)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPCmd", "getCommand", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPCommand", "getCommand", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", "getHardLinkCount", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", "getSize", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", "getTimestampInstant", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", "getType", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", "hasPermission", "(int,int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", "isDirectory", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", "isFile", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", "isSymbolicLink", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", "isUnknown", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", "isValid", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", "setHardLinkCount", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", "setPermission", "(int,int,boolean)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", "setSize", "(long)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPFile", "setType", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPListParseEngine", "hasNext", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPListParseEngine", "hasPrevious", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPListParseEngine", "resetIterator", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPReply", "isNegativePermanent", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPReply", "isNegativeTransient", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPReply", "isPositiveCompletion", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPReply", "isPositiveIntermediate", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPReply", "isPositivePreliminary", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPReply", "isProtectedReplyCode", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", "FTPSClient", "(boolean)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", "execCCC", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", "execPBSZ", "(long)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", "getEnableSessionCreation", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", "getNeedClientAuth", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", "getUseClientMode", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", "getWantClientAuth", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", "isEndpointCheckingEnabled", "()", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", "parsePBSZ", "(long)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", "setEnabledSessionCreation", "(boolean)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", "setEndpointCheckingEnabled", "(boolean)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", "setNeedClientAuth", "(boolean)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", "setUseClientMode", "(boolean)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSClient", "setWantClientAuth", "(boolean)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSCommand", "getCommand", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSSocketFactory", "createServerSocket", "(int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSSocketFactory", "createServerSocket", "(int,int)", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPSSocketFactory", "createServerSocket", "(int,int,InetAddress)", "df-generated"] + - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient$AUTH_METHOD", "getAuthName", "()", "df-generated"] + - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient", "AuthenticatingIMAPClient", "(boolean)", "df-generated"] + - ["org.apache.commons.net.imap", "IMAP", "doCommand", "(IMAPCommand)", "df-generated"] + - ["org.apache.commons.net.imap", "IMAP", "getState", "()", "df-generated"] + - ["org.apache.commons.net.imap", "IMAP", "sendCommand", "(IMAPCommand)", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", "capability", "()", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", "check", "()", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", "close", "()", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", "expunge", "()", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", "logout", "()", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPClient", "noop", "()", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPCommand", "getCommand", "(IMAPCommand)", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPCommand", "getIMAPCommand", "()", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPReply", "getReplyCode", "(String)", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPReply", "getUntaggedReplyCode", "(String)", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPReply", "isContinuation", "(String)", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPReply", "isContinuation", "(int)", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPReply", "isSuccess", "(int)", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPReply", "isUntagged", "(String)", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPReply", "literalCount", "(String)", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPSClient", "IMAPSClient", "(boolean)", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPSClient", "execTLS", "()", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPSClient", "isEndpointCheckingEnabled", "()", "df-generated"] + - ["org.apache.commons.net.imap", "IMAPSClient", "setEndpointCheckingEnabled", "(boolean)", "df-generated"] + - ["org.apache.commons.net.io", "CopyStreamAdapter", "addCopyStreamListener", "(CopyStreamListener)", "df-generated"] + - ["org.apache.commons.net.io", "CopyStreamAdapter", "removeCopyStreamListener", "(CopyStreamListener)", "df-generated"] + - ["org.apache.commons.net.io", "CopyStreamEvent", "getBytesTransferred", "()", "df-generated"] + - ["org.apache.commons.net.io", "CopyStreamEvent", "getStreamSize", "()", "df-generated"] + - ["org.apache.commons.net.io", "CopyStreamEvent", "getTotalBytesTransferred", "()", "df-generated"] + - ["org.apache.commons.net.io", "CopyStreamException", "getTotalBytesTransferred", "()", "df-generated"] + - ["org.apache.commons.net.io", "CopyStreamListener", "bytesTransferred", "(CopyStreamEvent)", "df-generated"] + - ["org.apache.commons.net.io", "CopyStreamListener", "bytesTransferred", "(long,int,long)", "df-generated"] + - ["org.apache.commons.net.io", "FromNetASCIIInputStream", "FromNetASCIIInputStream", "(InputStream)", "df-generated"] + - ["org.apache.commons.net.io", "FromNetASCIIInputStream", "isConversionRequired", "()", "df-generated"] + - ["org.apache.commons.net.io", "ToNetASCIIInputStream", "ToNetASCIIInputStream", "(InputStream)", "df-generated"] + - ["org.apache.commons.net.io", "Util", "closeQuietly", "(Closeable)", "df-generated"] + - ["org.apache.commons.net.io", "Util", "closeQuietly", "(Socket)", "df-generated"] + - ["org.apache.commons.net.nntp", "Article", "addHeaderField", "(String,String)", "df-generated"] + - ["org.apache.commons.net.nntp", "Article", "getArticleNumber", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "Article", "getArticleNumberLong", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "Article", "printThread", "(Article)", "df-generated"] + - ["org.apache.commons.net.nntp", "Article", "printThread", "(Article,PrintStream)", "df-generated"] + - ["org.apache.commons.net.nntp", "Article", "printThread", "(Article,int)", "df-generated"] + - ["org.apache.commons.net.nntp", "Article", "printThread", "(Article,int,PrintStream)", "df-generated"] + - ["org.apache.commons.net.nntp", "Article", "setArticleNumber", "(int)", "df-generated"] + - ["org.apache.commons.net.nntp", "Article", "setArticleNumber", "(long)", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", "article", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", "article", "(int)", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", "article", "(long)", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", "body", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", "body", "(int)", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", "body", "(long)", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", "getReply", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", "getReplyCode", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", "head", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", "head", "(int)", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", "head", "(long)", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", "help", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", "isAllowedToPost", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", "last", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", "list", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", "next", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", "post", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", "quit", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", "sendCommand", "(int)", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", "stat", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", "stat", "(int)", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTP", "stat", "(long)", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", "completePendingCommand", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", "iterateArticleInfo", "(long,long)", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", "iterateNewsgroups", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", "logout", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", "selectArticle", "(int)", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", "selectArticle", "(long)", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", "selectNextArticle", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPClient", "selectPreviousArticle", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPCommand", "getCommand", "(int)", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPReply", "isInformational", "(int)", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPReply", "isNegativePermanent", "(int)", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPReply", "isNegativeTransient", "(int)", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPReply", "isPositiveCompletion", "(int)", "df-generated"] + - ["org.apache.commons.net.nntp", "NNTPReply", "isPositiveIntermediate", "(int)", "df-generated"] + - ["org.apache.commons.net.nntp", "NewGroupsOrNewsQuery", "NewGroupsOrNewsQuery", "(Calendar,boolean)", "df-generated"] + - ["org.apache.commons.net.nntp", "NewGroupsOrNewsQuery", "isGMT", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NewsgroupInfo", "getArticleCount", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NewsgroupInfo", "getArticleCountLong", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NewsgroupInfo", "getFirstArticle", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NewsgroupInfo", "getFirstArticleLong", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NewsgroupInfo", "getLastArticle", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NewsgroupInfo", "getLastArticleLong", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "NewsgroupInfo", "getPostingPermission", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "Threadable", "isDummy", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "Threadable", "makeDummy", "()", "df-generated"] + - ["org.apache.commons.net.nntp", "Threadable", "subjectIsReply", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "NTPUDPClient", "getTime", "(InetAddress)", "df-generated"] + - ["org.apache.commons.net.ntp", "NTPUDPClient", "getTime", "(InetAddress,int)", "df-generated"] + - ["org.apache.commons.net.ntp", "NTPUDPClient", "getVersion", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "NTPUDPClient", "setVersion", "(int)", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpUtils", "getHostAddress", "(int)", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpUtils", "getModeName", "(int)", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpUtils", "getRefAddress", "(NtpV3Packet)", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpUtils", "getReferenceClock", "(NtpV3Packet)", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Impl", "toString", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "getLeapIndicator", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "getMode", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "getModeName", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "getOriginateTimeStamp", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "getPoll", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "getPrecision", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "getReceiveTimeStamp", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "getReferenceId", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "getReferenceIdString", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "getReferenceTimeStamp", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "getRootDelay", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "getRootDelayInMillisDouble", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "getRootDispersion", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "getRootDispersionInMillis", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "getRootDispersionInMillisDouble", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "getStratum", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "getTransmitTimeStamp", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "getType", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "getVersion", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "setLeapIndicator", "(int)", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "setMode", "(int)", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "setOriginateTimeStamp", "(TimeStamp)", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "setPoll", "(int)", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "setPrecision", "(int)", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "setReceiveTimeStamp", "(TimeStamp)", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "setReferenceId", "(int)", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "setReferenceTime", "(TimeStamp)", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "setRootDelay", "(int)", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "setRootDispersion", "(int)", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "setStratum", "(int)", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "setTransmitTime", "(TimeStamp)", "df-generated"] + - ["org.apache.commons.net.ntp", "NtpV3Packet", "setVersion", "(int)", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeInfo", "computeDetails", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeInfo", "getDelay", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeInfo", "getOffset", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeInfo", "getReturnTime", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeStamp", "TimeStamp", "(Date)", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeStamp", "TimeStamp", "(String)", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeStamp", "TimeStamp", "(long)", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeStamp", "getCurrentTime", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeStamp", "getDate", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeStamp", "getFraction", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeStamp", "getNtpTime", "(long)", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeStamp", "getSeconds", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeStamp", "getTime", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeStamp", "getTime", "(long)", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeStamp", "ntpValue", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeStamp", "parseNtpString", "(String)", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeStamp", "toDateString", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeStamp", "toString", "()", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeStamp", "toString", "(long)", "df-generated"] + - ["org.apache.commons.net.ntp", "TimeStamp", "toUTCString", "()", "df-generated"] + - ["org.apache.commons.net.pop3", "ExtendedPOP3Client$AUTH_METHOD", "getAuthName", "()", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3", "getAdditionalReply", "()", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3", "getState", "()", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3", "removeProtocolCommandistener", "(ProtocolCommandListener)", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3", "sendCommand", "(int)", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3", "setState", "(int)", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3Client", "capa", "()", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3Client", "deleteMessage", "(int)", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3Client", "listMessage", "(int)", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3Client", "listMessages", "()", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3Client", "listUniqueIdentifiers", "()", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3Client", "logout", "()", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3Client", "noop", "()", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3Client", "reset", "()", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3Client", "status", "()", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3Command", "getCommand", "(int)", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3MessageInfo", "POP3MessageInfo", "(int,int)", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3SClient", "POP3SClient", "(boolean)", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3SClient", "execTLS", "()", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3SClient", "isEndpointCheckingEnabled", "()", "df-generated"] + - ["org.apache.commons.net.pop3", "POP3SClient", "setEndpointCheckingEnabled", "(boolean)", "df-generated"] + - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient$AUTH_METHOD", "getAuthName", "(AUTH_METHOD)", "df-generated"] + - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", "elogin", "()", "df-generated"] + - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", "getEnhancedReplyCode", "()", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", "data", "()", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", "getReply", "()", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", "getReplyCode", "()", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", "help", "()", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", "noop", "()", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", "quit", "()", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", "removeProtocolCommandistener", "(ProtocolCommandListener)", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", "rset", "()", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", "sendCommand", "(int)", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTP", "turn", "()", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPClient", "completePendingCommand", "()", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPClient", "login", "()", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPClient", "logout", "()", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPClient", "reset", "()", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPClient", "sendNoOp", "()", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPClient", "sendShortMessageData", "(String)", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPCommand", "getCommand", "(int)", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPReply", "isNegativePermanent", "(int)", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPReply", "isNegativeTransient", "(int)", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPReply", "isPositiveCompletion", "(int)", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPReply", "isPositiveIntermediate", "(int)", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPReply", "isPositivePreliminary", "(int)", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPSClient", "SMTPSClient", "(boolean)", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPSClient", "execTLS", "()", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPSClient", "isEndpointCheckingEnabled", "()", "df-generated"] + - ["org.apache.commons.net.smtp", "SMTPSClient", "setEndpointCheckingEnabled", "(boolean)", "df-generated"] + - ["org.apache.commons.net.telnet", "EchoOptionHandler", "EchoOptionHandler", "(boolean,boolean,boolean,boolean)", "df-generated"] + - ["org.apache.commons.net.telnet", "SimpleOptionHandler", "SimpleOptionHandler", "(int)", "df-generated"] + - ["org.apache.commons.net.telnet", "SimpleOptionHandler", "SimpleOptionHandler", "(int,boolean,boolean,boolean,boolean)", "df-generated"] + - ["org.apache.commons.net.telnet", "SuppressGAOptionHandler", "SuppressGAOptionHandler", "(boolean,boolean,boolean,boolean)", "df-generated"] + - ["org.apache.commons.net.telnet", "Telnet", "deleteOptionHandler", "(int)", "df-generated"] + - ["org.apache.commons.net.telnet", "Telnet", "unregisterNotifHandler", "()", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetClient", "TelnetClient", "(int)", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetClient", "getLocalOptionState", "(int)", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetClient", "getReaderThread", "()", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetClient", "getRemoteOptionState", "(int)", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetClient", "sendAYT", "(long)", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetClient", "sendCommand", "(byte)", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetClient", "sendSubnegotiation", "(int[])", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetClient", "setReaderThread", "(boolean)", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetClient", "stopSpyStream", "()", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetClient", "unregisterInputListener", "()", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetCommand", "getCommand", "(int)", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetCommand", "isValidCommand", "(int)", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetNotificationHandler", "receivedNegotiation", "(int,int)", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetOption", "getOption", "(int)", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetOption", "isValidOption", "(int)", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "TelnetOptionHandler", "(int,boolean,boolean,boolean,boolean)", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "answerSubnegotiation", "(int[],int)", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "getAcceptLocal", "()", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "getAcceptRemote", "()", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "getInitLocal", "()", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "getInitRemote", "()", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "getOptionCode", "()", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "setAcceptLocal", "(boolean)", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "setAcceptRemote", "(boolean)", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "setInitLocal", "(boolean)", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "setInitRemote", "(boolean)", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "startSubnegotiationLocal", "()", "df-generated"] + - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "startSubnegotiationRemote", "()", "df-generated"] + - ["org.apache.commons.net.telnet", "WindowSizeOptionHandler", "WindowSizeOptionHandler", "(int,int)", "df-generated"] + - ["org.apache.commons.net.telnet", "WindowSizeOptionHandler", "WindowSizeOptionHandler", "(int,int,boolean,boolean,boolean,boolean)", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTP", "beginBufferedOps", "()", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTP", "discardPackets", "()", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTP", "endBufferedOps", "()", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTP", "getModeName", "(int)", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTP", "receive", "()", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTP", "send", "(TFTPPacket)", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPAckPacket", "getBlockNumber", "()", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPAckPacket", "setBlockNumber", "(int)", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", "getMaxTimeouts", "()", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", "getTotalBytesReceived", "()", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", "getTotalBytesSent", "()", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPClient", "setMaxTimeouts", "(int)", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPDataPacket", "getBlockNumber", "()", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPDataPacket", "getDataLength", "()", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPDataPacket", "getDataOffset", "()", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPDataPacket", "setBlockNumber", "(int)", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPErrorPacket", "getError", "()", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPPacket", "getPort", "()", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPPacket", "getType", "()", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPPacket", "newDatagram", "()", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPPacket", "setPort", "(int)", "df-generated"] + - ["org.apache.commons.net.tftp", "TFTPRequestPacket", "getMode", "()", "df-generated"] + - ["org.apache.commons.net.time", "TimeTCPClient", "getDate", "()", "df-generated"] + - ["org.apache.commons.net.time", "TimeTCPClient", "getTime", "()", "df-generated"] + - ["org.apache.commons.net.time", "TimeUDPClient", "getDate", "(InetAddress)", "df-generated"] + - ["org.apache.commons.net.time", "TimeUDPClient", "getDate", "(InetAddress,int)", "df-generated"] + - ["org.apache.commons.net.time", "TimeUDPClient", "getTime", "(InetAddress)", "df-generated"] + - ["org.apache.commons.net.time", "TimeUDPClient", "getTime", "(InetAddress,int)", "df-generated"] + - ["org.apache.commons.net.util", "Base64", "Base64", "(boolean)", "df-generated"] + - ["org.apache.commons.net.util", "Base64", "Base64", "(int)", "df-generated"] + - ["org.apache.commons.net.util", "Base64", "decodeInteger", "(byte[])", "df-generated"] + - ["org.apache.commons.net.util", "Base64", "encodeInteger", "(BigInteger)", "df-generated"] + - ["org.apache.commons.net.util", "Base64", "isArrayByteBase64", "(byte[])", "df-generated"] + - ["org.apache.commons.net.util", "Base64", "isBase64", "(byte)", "df-generated"] + - ["org.apache.commons.net.util", "Base64", "isUrlSafe", "()", "df-generated"] + - ["org.apache.commons.net.util", "Charsets", "toCharset", "(String)", "df-generated"] + - ["org.apache.commons.net.util", "Charsets", "toCharset", "(String,String)", "df-generated"] + - ["org.apache.commons.net.util", "KeyManagerUtils", "createClientKeyManager", "(File,String)", "df-generated"] + - ["org.apache.commons.net.util", "ListenerList", "getListenerCount", "()", "df-generated"] + - ["org.apache.commons.net.util", "ListenerList", "removeListener", "(EventListener)", "df-generated"] + - ["org.apache.commons.net.util", "SSLContextUtils", "createSSLContext", "(String,KeyManager,TrustManager)", "df-generated"] + - ["org.apache.commons.net.util", "SSLContextUtils", "createSSLContext", "(String,KeyManager[],TrustManager[])", "df-generated"] + - ["org.apache.commons.net.util", "SSLSocketUtils", "enableEndpointNameVerification", "(SSLSocket)", "df-generated"] + - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "asInteger", "(String)", "df-generated"] + - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getAddress", "()", "df-generated"] + - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getAddressCount", "()", "df-generated"] + - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getAddressCountLong", "()", "df-generated"] + - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getAllAddresses", "()", "df-generated"] + - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getBroadcastAddress", "()", "df-generated"] + - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getCidrSignature", "()", "df-generated"] + - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getHighAddress", "()", "df-generated"] + - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getLowAddress", "()", "df-generated"] + - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getNetmask", "()", "df-generated"] + - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getNetworkAddress", "()", "df-generated"] + - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getNextAddress", "()", "df-generated"] + - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getPreviousAddress", "()", "df-generated"] + - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "isInRange", "(String)", "df-generated"] + - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "isInRange", "(int)", "df-generated"] + - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "toString", "()", "df-generated"] + - ["org.apache.commons.net.util", "SubnetUtils", "SubnetUtils", "(String)", "df-generated"] + - ["org.apache.commons.net.util", "SubnetUtils", "SubnetUtils", "(String,String)", "df-generated"] + - ["org.apache.commons.net.util", "SubnetUtils", "getInfo", "()", "df-generated"] + - ["org.apache.commons.net.util", "SubnetUtils", "getNext", "()", "df-generated"] + - ["org.apache.commons.net.util", "SubnetUtils", "getPrevious", "()", "df-generated"] + - ["org.apache.commons.net.util", "SubnetUtils", "isInclusiveHostCount", "()", "df-generated"] + - ["org.apache.commons.net.util", "SubnetUtils", "setInclusiveHostCount", "(boolean)", "df-generated"] + - ["org.apache.commons.net.util", "TrustManagerUtils", "getAcceptAllTrustManager", "()", "df-generated"] + - ["org.apache.commons.net.util", "TrustManagerUtils", "getDefaultTrustManager", "(KeyStore)", "df-generated"] + - ["org.apache.commons.net.util", "TrustManagerUtils", "getValidateServerCertificateTrustManager", "()", "df-generated"] + - ["org.apache.commons.net", "DatagramSocketClient", "close", "()", "df-generated"] + - ["org.apache.commons.net", "DatagramSocketClient", "getCharset", "()", "df-generated"] + - ["org.apache.commons.net", "DatagramSocketClient", "getCharsetName", "()", "df-generated"] + - ["org.apache.commons.net", "DatagramSocketClient", "getDefaultTimeout", "()", "df-generated"] + - ["org.apache.commons.net", "DatagramSocketClient", "getLocalPort", "()", "df-generated"] + - ["org.apache.commons.net", "DatagramSocketClient", "getSoTimeout", "()", "df-generated"] + - ["org.apache.commons.net", "DatagramSocketClient", "isOpen", "()", "df-generated"] + - ["org.apache.commons.net", "DatagramSocketClient", "open", "()", "df-generated"] + - ["org.apache.commons.net", "DatagramSocketClient", "open", "(int)", "df-generated"] + - ["org.apache.commons.net", "DatagramSocketClient", "open", "(int,InetAddress)", "df-generated"] + - ["org.apache.commons.net", "DatagramSocketClient", "setCharset", "(Charset)", "df-generated"] + - ["org.apache.commons.net", "DatagramSocketClient", "setDefaultTimeout", "(int)", "df-generated"] + - ["org.apache.commons.net", "DatagramSocketClient", "setSoTimeout", "(int)", "df-generated"] + - ["org.apache.commons.net", "DatagramSocketFactory", "createDatagramSocket", "()", "df-generated"] + - ["org.apache.commons.net", "DatagramSocketFactory", "createDatagramSocket", "(int)", "df-generated"] + - ["org.apache.commons.net", "DatagramSocketFactory", "createDatagramSocket", "(int,InetAddress)", "df-generated"] + - ["org.apache.commons.net", "DefaultSocketFactory", "createServerSocket", "(int)", "df-generated"] + - ["org.apache.commons.net", "DefaultSocketFactory", "createServerSocket", "(int,int)", "df-generated"] + - ["org.apache.commons.net", "DefaultSocketFactory", "createServerSocket", "(int,int,InetAddress)", "df-generated"] + - ["org.apache.commons.net", "PrintCommandListener", "PrintCommandListener", "(PrintStream)", "df-generated"] + - ["org.apache.commons.net", "PrintCommandListener", "PrintCommandListener", "(PrintStream,boolean)", "df-generated"] + - ["org.apache.commons.net", "PrintCommandListener", "PrintCommandListener", "(PrintStream,boolean,char)", "df-generated"] + - ["org.apache.commons.net", "PrintCommandListener", "PrintCommandListener", "(PrintStream,boolean,char,boolean)", "df-generated"] + - ["org.apache.commons.net", "ProtocolCommandEvent", "getReplyCode", "()", "df-generated"] + - ["org.apache.commons.net", "ProtocolCommandEvent", "isCommand", "()", "df-generated"] + - ["org.apache.commons.net", "ProtocolCommandEvent", "isReply", "()", "df-generated"] + - ["org.apache.commons.net", "ProtocolCommandListener", "protocolCommandSent", "(ProtocolCommandEvent)", "df-generated"] + - ["org.apache.commons.net", "ProtocolCommandListener", "protocolReplyReceived", "(ProtocolCommandEvent)", "df-generated"] + - ["org.apache.commons.net", "ProtocolCommandSupport", "addProtocolCommandListener", "(ProtocolCommandListener)", "df-generated"] + - ["org.apache.commons.net", "ProtocolCommandSupport", "fireCommandSent", "(String,String)", "df-generated"] + - ["org.apache.commons.net", "ProtocolCommandSupport", "fireReplyReceived", "(int,String)", "df-generated"] + - ["org.apache.commons.net", "ProtocolCommandSupport", "getListenerCount", "()", "df-generated"] + - ["org.apache.commons.net", "ProtocolCommandSupport", "removeProtocolCommandListener", "(ProtocolCommandListener)", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "addProtocolCommandListener", "(ProtocolCommandListener)", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "connect", "(InetAddress)", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "connect", "(InetAddress,int)", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "connect", "(InetAddress,int,InetAddress,int)", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "connect", "(String,int)", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "disconnect", "()", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "getCharset", "()", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "getCharsetName", "()", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "getConnectTimeout", "()", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "getDefaultPort", "()", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "getDefaultTimeout", "()", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "getKeepAlive", "()", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "getLocalPort", "()", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "getRemotePort", "()", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "getSoLinger", "()", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "getSoTimeout", "()", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "getTcpNoDelay", "()", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "isAvailable", "()", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "isConnected", "()", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "removeProtocolCommandListener", "(ProtocolCommandListener)", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "setCharset", "(Charset)", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "setConnectTimeout", "(int)", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "setDefaultPort", "(int)", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "setDefaultTimeout", "(int)", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "setKeepAlive", "(boolean)", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "setReceiveBufferSize", "(int)", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "setSendBufferSize", "(int)", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "setSoLinger", "(boolean,int)", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "setSoTimeout", "(int)", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "setTcpNoDelay", "(boolean)", "df-generated"] + - ["org.apache.commons.net", "SocketClient", "verifyRemote", "(Socket)", "df-generated"] From c0cf0b430eaff8e6ee0d5b89a280980424e6b1ae Mon Sep 17 00:00:00 2001 From: tyage Date: Sun, 30 Apr 2023 18:07:52 +0900 Subject: [PATCH 084/870] JS: support submodules --- javascript/ql/lib/semmle/javascript/NPM.qll | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/NPM.qll b/javascript/ql/lib/semmle/javascript/NPM.qll index d05045784a6..4e64ef6ac09 100644 --- a/javascript/ql/lib/semmle/javascript/NPM.qll +++ b/javascript/ql/lib/semmle/javascript/NPM.qll @@ -12,8 +12,25 @@ class PackageJson extends JsonObject { this.isTopLevel() } - /** Gets the name of this package. */ - string getPackageName() { result = this.getPropStringValue("name") } + /** + * Gets the name of this package. + * If the package is located under the package `foo` and its relative path is `bar`, it can be `foo/bar` + */ + string getPackageName() { + result = this.getPropStringValue("name") + or + exists( + PackageJson parentPackage, string currentDir, string parentDir, string parentPackageName + | + currentDir = this.getJsonFile().getParentContainer().getAbsolutePath() and + parentDir = parentPackage.getJsonFile().getParentContainer().getAbsolutePath() and + parentPackageName = parentPackage.getPropStringValue("name") and + parentDir.indexOf("node_modules") != -1 and + currentDir != parentDir and + currentDir.indexOf(parentDir) = 0 and + result = parentPackageName + currentDir.suffix(parentDir.length()) + ) + } /** Gets the version of this package. */ string getVersion() { result = this.getPropStringValue("version") } From 71952fe5518ce823b7968059daf03e7b7e9a8335 Mon Sep 17 00:00:00 2001 From: tyage Date: Sun, 30 Apr 2023 18:18:35 +0900 Subject: [PATCH 085/870] JS: Add test for sub module --- .../NPM/src/node_modules/parent-modue/main.js | 1 + .../NPM/src/node_modules/parent-modue/package.json | 4 ++++ .../src/node_modules/parent-modue/sub-module/main.js | 1 + .../node_modules/parent-modue/sub-module/package.json | 3 +++ .../ql/test/library-tests/NPM/src/test-submodule.js | 2 ++ javascript/ql/test/library-tests/NPM/tests.expected | 11 +++++++++++ 6 files changed, 22 insertions(+) create mode 100644 javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/main.js create mode 100644 javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/package.json create mode 100644 javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/sub-module/main.js create mode 100644 javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/sub-module/package.json create mode 100644 javascript/ql/test/library-tests/NPM/src/test-submodule.js diff --git a/javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/main.js b/javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/main.js new file mode 100644 index 00000000000..8ba4196fbca --- /dev/null +++ b/javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/main.js @@ -0,0 +1 @@ +export default "parent"; diff --git a/javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/package.json b/javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/package.json new file mode 100644 index 00000000000..44481e79cba --- /dev/null +++ b/javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/package.json @@ -0,0 +1,4 @@ +{ + "name": "parent-module", + "main": "main.js" +} \ No newline at end of file diff --git a/javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/sub-module/main.js b/javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/sub-module/main.js new file mode 100644 index 00000000000..cfc0568dea7 --- /dev/null +++ b/javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/sub-module/main.js @@ -0,0 +1 @@ +export default "sub"; diff --git a/javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/sub-module/package.json b/javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/sub-module/package.json new file mode 100644 index 00000000000..a60376465b8 --- /dev/null +++ b/javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/sub-module/package.json @@ -0,0 +1,3 @@ +{ + "main": "main.js" +} \ No newline at end of file diff --git a/javascript/ql/test/library-tests/NPM/src/test-submodule.js b/javascript/ql/test/library-tests/NPM/src/test-submodule.js new file mode 100644 index 00000000000..f40d70a3aa1 --- /dev/null +++ b/javascript/ql/test/library-tests/NPM/src/test-submodule.js @@ -0,0 +1,2 @@ +require("parent-module"); +require("parent-module/sub-module"); diff --git a/javascript/ql/test/library-tests/NPM/tests.expected b/javascript/ql/test/library-tests/NPM/tests.expected index 48691fe0117..1262db527c9 100644 --- a/javascript/ql/test/library-tests/NPM/tests.expected +++ b/javascript/ql/test/library-tests/NPM/tests.expected @@ -16,18 +16,24 @@ importedModule | src/node_modules/nested/tst3.js:1:1:1:29 | require ... odule') | src/node_modules/third-party-module/fancy.js:1:1:4:0 | | | src/node_modules/nested/tst3.js:2:1:2:12 | require('a') | src/node_modules/nested/node_modules/a/index.js:1:1:1:25 | | | src/node_modules/tst2.js:1:1:1:38 | require ... cy.js') | src/node_modules/third-party-module/fancy.js:1:1:4:0 | | +| src/test-submodule.js:1:1:1:24 | require ... odule") | src/node_modules/parent-modue/main.js:1:1:2:0 | | +| src/test-submodule.js:2:1:2:35 | require ... odule") | src/node_modules/parent-modue/sub-module/main.js:1:1:2:0 | | | src/tst2.js:1:1:1:12 | require(".") | src/index.js:1:1:4:0 | | | src/tst.js:1:1:1:38 | require ... cy.js') | src/node_modules/third-party-module/fancy.js:1:1:4:0 | | modules | src | test-package | src/index.js:1:1:4:0 | | | src | test-package | src/lib/tst2.js:1:1:1:14 | | | src | test-package | src/lib/tst.js:1:1:4:0 | | +| src | test-package | src/test-submodule.js:1:1:3:0 | | | src | test-package | src/tst2.js:1:1:1:13 | | | src | test-package | src/tst.js:1:1:2:38 | | | src/node_modules/b | b | src/node_modules/b/lib/index.js:1:1:2:0 | | | src/node_modules/b | b | src/node_modules/b/lib/util.ts:1:1:2:0 | | | src/node_modules/c | c | src/node_modules/c/src/index.js:1:1:2:0 | | | src/node_modules/d | d | src/node_modules/d/main.js:1:1:2:0 | | +| src/node_modules/parent-modue | parent-module | src/node_modules/parent-modue/main.js:1:1:2:0 | | +| src/node_modules/parent-modue | parent-module | src/node_modules/parent-modue/sub-module/main.js:1:1:2:0 | | +| src/node_modules/parent-modue/sub-module | parent-module/sub-module | src/node_modules/parent-modue/sub-module/main.js:1:1:2:0 | | | src/node_modules/third-party-module | third-party-module | src/node_modules/third-party-module/fancy.js:1:1:4:0 | | npm | src/node_modules/third-party-module/package.json:1:1:5:1 | {\\n "na ... y.js"\\n} | third-party-module | 23.4.0 | @@ -36,12 +42,16 @@ getMainModule | src/node_modules/b/package.json:1:1:4:1 | {\\n "na ... "lib"\\n} | b | src/node_modules/b/lib/index.js:1:1:2:0 | | | src/node_modules/c/package.json:1:1:4:1 | {\\n "na ... src/"\\n} | c | src/node_modules/c/src/index.js:1:1:2:0 | | | src/node_modules/d/package.json:1:1:4:1 | {\\n "na ... main"\\n} | d | src/node_modules/d/main.js:1:1:2:0 | | +| src/node_modules/parent-modue/package.json:1:1:4:1 | {\\n "na ... n.js"\\n} | parent-module | src/node_modules/parent-modue/main.js:1:1:2:0 | | +| src/node_modules/parent-modue/sub-module/package.json:1:1:3:1 | {\\n "ma ... n.js"\\n} | parent-module/sub-module | src/node_modules/parent-modue/sub-module/main.js:1:1:2:0 | | | src/node_modules/third-party-module/package.json:1:1:5:1 | {\\n "na ... y.js"\\n} | third-party-module | src/node_modules/third-party-module/fancy.js:1:1:4:0 | | | src/package.json:1:1:20:1 | {\\n "na ... "\\n }\\n} | test-package | src/index.js:1:1:4:0 | | packageJson | src/node_modules/b/package.json:1:1:4:1 | {\\n "na ... "lib"\\n} | | src/node_modules/c/package.json:1:1:4:1 | {\\n "na ... src/"\\n} | | src/node_modules/d/package.json:1:1:4:1 | {\\n "na ... main"\\n} | +| src/node_modules/parent-modue/package.json:1:1:4:1 | {\\n "na ... n.js"\\n} | +| src/node_modules/parent-modue/sub-module/package.json:1:1:3:1 | {\\n "ma ... n.js"\\n} | | src/node_modules/third-party-module/package.json:1:1:5:1 | {\\n "na ... y.js"\\n} | | src/package.json:1:1:20:1 | {\\n "na ... "\\n }\\n} | dependencyInfo @@ -53,5 +63,6 @@ dependencyInfo | src/package.json:11:20:11:37 | "1.2.3-alpha.beta" | something | unknown | | src/package.json:12:14:12:57 | "! garb ... arse %" | foo | unknown | | src/package.json:15:16:15:20 | "1.0" | mocha | 1.0 | +| src/test-submodule.js:1:1:3:0 | | test-package | 0.1.0 | | src/tst2.js:1:1:1:13 | | test-package | 0.1.0 | | src/tst.js:1:1:2:38 | | test-package | 0.1.0 | From 80d401fba8439c462bf1995d20a89291cff9f5df Mon Sep 17 00:00:00 2001 From: tyage Date: Sun, 30 Apr 2023 18:26:46 +0900 Subject: [PATCH 086/870] JS: change note --- javascript/ql/lib/change-notes/2023-04-30-npm-submodule.md | 5 +++++ javascript/ql/lib/semmle/javascript/NPM.qll | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 javascript/ql/lib/change-notes/2023-04-30-npm-submodule.md diff --git a/javascript/ql/lib/change-notes/2023-04-30-npm-submodule.md b/javascript/ql/lib/change-notes/2023-04-30-npm-submodule.md new file mode 100644 index 00000000000..5ef95cf7d58 --- /dev/null +++ b/javascript/ql/lib/change-notes/2023-04-30-npm-submodule.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +--- + +- Added a support of sub modules in `node_modules`. diff --git a/javascript/ql/lib/semmle/javascript/NPM.qll b/javascript/ql/lib/semmle/javascript/NPM.qll index 4e64ef6ac09..394471b0b12 100644 --- a/javascript/ql/lib/semmle/javascript/NPM.qll +++ b/javascript/ql/lib/semmle/javascript/NPM.qll @@ -14,7 +14,7 @@ class PackageJson extends JsonObject { /** * Gets the name of this package. - * If the package is located under the package `foo` and its relative path is `bar`, it can be `foo/bar` + * If the package is located under the package `pkg1` and its relative path is `foo/bar`, it can be `pkg1/foo/bar` */ string getPackageName() { result = this.getPropStringValue("name") From f52c845663858af566dc994c341eb3a77efce329 Mon Sep 17 00:00:00 2001 From: tyage Date: Sun, 30 Apr 2023 19:52:11 +0900 Subject: [PATCH 087/870] Fix comment. --- javascript/ql/lib/semmle/javascript/NPM.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/NPM.qll b/javascript/ql/lib/semmle/javascript/NPM.qll index 394471b0b12..53220a566b8 100644 --- a/javascript/ql/lib/semmle/javascript/NPM.qll +++ b/javascript/ql/lib/semmle/javascript/NPM.qll @@ -14,7 +14,7 @@ class PackageJson extends JsonObject { /** * Gets the name of this package. - * If the package is located under the package `pkg1` and its relative path is `foo/bar`, it can be `pkg1/foo/bar` + * If the package is located under the package `pkg1` and its relative path is `foo/bar`, it can be `pkg1/foo/bar`. */ string getPackageName() { result = this.getPropStringValue("name") From f2def8433717d57c65bd731df2bd42ea3bcd2f74 Mon Sep 17 00:00:00 2001 From: Rasmus Wriedt Larsen Date: Sun, 30 Apr 2023 14:59:50 +0200 Subject: [PATCH 088/870] Misc: Add script to accept `.expected` changes from CI This script can be used to go over `codeql test run` expected/actual log output from actions CI checks for a PR, and apply patches locally to make the tests pass. Designed for use by GitHub employees, since it needs access to internal CI runs. Just run this tool while the branch for the PR is checked out! You need the `gh` cli tool installed and authenticated. Example can be seen in https://github.com/github/codeql/pull/12950 --- .vscode/tasks.json | 18 +- CODEOWNERS | 3 + .../accept-expected-changes-from-ci.py | 445 ++++++++++++++++++ 3 files changed, 465 insertions(+), 1 deletion(-) create mode 100755 misc/scripts/accept-expected-changes-from-ci.py diff --git a/.vscode/tasks.json b/.vscode/tasks.json index 169b6bdd64d..68df2f6f498 100644 --- a/.vscode/tasks.json +++ b/.vscode/tasks.json @@ -22,6 +22,22 @@ "command": "${config:python.pythonPath}", }, "problemMatcher": [] + }, + { + "label": "Accept .expected changes from CI", + "type": "process", + // Non-Windows OS will usually have Python 3 already installed at /usr/bin/python3. + "command": "python3", + "args": [ + "misc/scripts/accept-expected-changes-from-ci.py" + ], + "group": "build", + "windows": { + // On Windows, use whatever Python interpreter is configured for this workspace. The default is + // just `python`, so if Python is already on the path, this will find it. + "command": "${config:python.pythonPath}", + }, + "problemMatcher": [] } ] -} \ No newline at end of file +} diff --git a/CODEOWNERS b/CODEOWNERS index 856d325b487..6e2dd9dc66b 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -40,3 +40,6 @@ WORKSPACE.bazel @github/codeql-ci-reviewers /.github/workflows/ql-for-ql-* @github/codeql-ql-for-ql-reviewers /.github/workflows/ruby-* @github/codeql-ruby /.github/workflows/swift.yml @github/codeql-swift + +# Misc +/misc/scripts/accept-expected-changes-from-ci.py @RasmusWL diff --git a/misc/scripts/accept-expected-changes-from-ci.py b/misc/scripts/accept-expected-changes-from-ci.py new file mode 100755 index 00000000000..7d85c1f7a1f --- /dev/null +++ b/misc/scripts/accept-expected-changes-from-ci.py @@ -0,0 +1,445 @@ +#!/usr/bin/env python3 +""" +This script can be used to go over `codeql test run` expected/actual log output from +github actions, and apply patches locally to make the tests pass. + +It works by forming individual patches for each test-failure, and then applying them one +by one. Since Python runs some tests twice (for both Python2 and Python3), we try to do +some simple duplicate patch detection, to avoid failing to apply the same patch twice. + +Use it by checking out an up to date version of your branch, and just run the script (it +will use `gh` cli to figure out what the PR number is). You must have the `gh` cli tool +installed. + +The parsing of logs is somewhat tolerant of output being interleaved with other parallel +execution, but it might fail in some cases ¯\_(ツ)_/¯ + +Code written to hack things together until they work, so don't expect much :D +""" + + +import sys +import re +import tempfile +from typing import List, Dict, Set, Optional, Any +from pathlib import Path +import subprocess +import logging +import json +from dataclasses import dataclass, field +from datetime import datetime +import os.path +import itertools + +LOGGER = logging.getLogger(Path(__file__).name) + +DEBUG_SAVE_PATCHES = False +DEBUG_LOG_FILE = None + + +def _get_codeql_repo_dir() -> Path: + return Path(__file__).parent.parent.parent + + +CODEQL_REPO_DIR = _get_codeql_repo_dir() + + +def _get_semmle_code_dir() -> Optional[Path]: + guess = CODEQL_REPO_DIR.parent + try: + out = subprocess.check_output( + ["git", "remote", "-v"], + cwd=guess, + ).decode("utf-8") + if "github/semmle-code" in out: + return guess + else: + return None + except subprocess.CalledProcessError: + return None + + +SEMMLE_CODE_DIR = _get_semmle_code_dir() +if SEMMLE_CODE_DIR is None: + LOGGER.warning("Could not find semmle-code repo, will not be able to apply patches for it") + + +@dataclass(frozen=True, eq=True, order=True) +class Patch: + filename: str + dir: Optional[str] + patch_first_line: str + patch: List[str] = field(hash=False) + + def format_as_patch(self) -> str: + return (f"--- a/{self.filename}\n" + + f"+++ b/{self.filename}\n" + + "\n".join(self.patch) + + "\n" + ) + + +def parse_log_line(log_line: str) -> str: + if '\t' in log_line: + m = re.fullmatch(r"^(?:[^\t]+\t){2}\S+ ?(.*)$", log_line.strip()) + else: + m = re.fullmatch(r"^(?:[^ ]+ )(.*)$", log_line.strip()) + + if not m: + return "" + + return m.group(1) + + +def make_patches_from_log_file(log_file_lines) -> List[Patch]: + # TODO: If the expected output contains `Password=123` this will be masked as `***` + # in the actions logs. We _could_ try to detect this and replace the line with the + # actual content from file (but it would require parsing the @@ lines, to understand + # what the old linenumber to read is) + patches = [] + + lines = iter(log_file_lines) + + for raw_line in lines: + line = parse_log_line(raw_line) + + if line == "--- expected": + while True: + next_line = parse_log_line(next(lines)) + if next_line == "+++ actual": + break + + lines_changed = [] + + while True: + next_line = parse_log_line(next(lines)) + # it can be the case that + if next_line[0] in (" ", "-", "+", "@"): + lines_changed.append(next_line) + if "FAILED" in next_line: + break + + # error line _should_ be next, but sometimes the output gets interleaved... + # so we just skip until we find the error line + error_line = next_line + while True: + # internal + filename_match = re.fullmatch(r"^##\[error\].*FAILED\(RESULT\) (.*)$", error_line) + if not filename_match: + # codeql action + filename_match = re.fullmatch(r"^.*FAILED\(RESULT\) (.*)$", error_line) + if filename_match: + break + error_line = parse_log_line(next(lines)) + + full_path = filename_match.group(1) + + known_start_paths = { + # internal CI runs + "/home/runner/work/semmle-code/semmle-code/ql/": CODEQL_REPO_DIR, + "/home/runner/work/semmle-code/semmle-code/target/codeql-java-integration-tests/ql/": CODEQL_REPO_DIR, + "/home/runner/work/semmle-code/semmle-code/" : SEMMLE_CODE_DIR, + # github actions on codeql repo + "/home/runner/work/codeql/codeql/": CODEQL_REPO_DIR, + "/Users/runner/work/codeql/codeql/" : CODEQL_REPO_DIR, # MacOS + } + for known_start_path, dir in known_start_paths.items(): + if full_path.startswith(known_start_path): + filename = Path(full_path[len(known_start_path):]) + break + else: + raise Exception(f"Unknown path {full_path}, skipping") + + expected_filename = filename.with_suffix(".expected") + + # if the .expected file used to be empty, `codeql test run` outputs a diff + # that uses `@@ -1,1 ` but git wants it to be `@@ -0,0 ` (and not include + # the removal of the empty line) + if lines_changed[0].startswith("@@ -1,1 ") and lines_changed[1] == "-": + lines_changed[0] = lines_changed[0].replace("@@ -1,1 ", "@@ -0,0 ") + del lines_changed[1] + + patch = Patch( + filename=expected_filename, + dir=dir, + patch_first_line=lines_changed[0], + patch=lines_changed, + ) + patches.append(patch) + + return patches + +def make_github_api_list_request(path: str) -> Any: + """Handles the way paginate currently works, which is to return multiple lists of + results, instead of merging them :( + """ + + s = subprocess.check_output( + ["gh", "api", "--paginate", path], + ).decode("utf-8") + + try: + return json.loads(s) + except json.JSONDecodeError: + assert "][" in s + parts = s.split("][") + parts[0] = parts[0] + "]" + parts[-1] = "[" + parts[-1] + for i in range(1, len(parts) - 1): + parts[i] = "[" + parts[i] + "]" + return itertools.chain(*[json.loads(x) for x in parts]) + + +@dataclass +class GithubStatus(): + state: str + context: str + target_url: str + created_at: datetime + nwo: str + job_id: int = None + + +def get_log_content(status: GithubStatus) -> str: + LOGGER.debug(f"'{status.context}': Getting logs") + if status.job_id: + content = subprocess.check_output( + ["gh", "api", f"/repos/{status.nwo}/actions/jobs/{status.job_id}/logs"], + ).decode("utf-8") + else: + m = re.fullmatch(r"^https://github\.com/([^/]+/[^/]+)/actions/runs/(\d+)(?:/jobs/(\d+))?$", status.target_url) + nwo = m.group(1) + run_id = m.group(2) + content = subprocess.check_output( + ["gh", "run", "view", "--repo", nwo, run_id, "--log-failed"], + ).decode("utf-8") + + if DEBUG_SAVE_PATCHES: + tmp = tempfile.NamedTemporaryFile(delete=False) + tmp.write(content.encode(encoding="utf-8")) + print(tmp.name) + return content + + +def main(pr_number: int): + LOGGER.info(f"Getting status URL for codeql PR #{pr_number}") + github_sha = subprocess.check_output( + ["gh", "api", f"repos/github/codeql/pulls/{pr_number}", "--jq", ".head.sha"] + ).decode("utf-8").strip() + local_sha = subprocess.check_output( + ["git", "rev-parse", "HEAD"] + ).decode("utf-8").strip() + + if local_sha != github_sha: + LOGGER.error(f"GitHub SHA ({github_sha}) different from your local SHA ({local_sha}), sync your changes first!") + sys.exit(1) + sha = github_sha + + status_url = f"https://api.github.com/repos/github/codeql/commits/{sha}/statuses" + LOGGER.info(f"Getting status details ({status_url})") + statuses = make_github_api_list_request(status_url) + newest_status: Dict[str, GithubStatus] = dict() + + for status in statuses: + created_at = datetime.fromisoformat(status["created_at"][:-1]) + key = status["context"] + if key not in newest_status or created_at > newest_status[key].created_at: + m = re.fullmatch(r"^https://github\.com/([^/]+/[^/]+)/actions/runs/(\d+)(?:/jobs/(\d+))?$", status["target_url"]) + + newest_status[key] = GithubStatus( + state=status["state"], + context=status["context"], + target_url=status["target_url"], + created_at=created_at, + nwo=m.group(1), + ) + + supported_internal_status_language_test_names = [ + "Java Integration Tests Linux", + # "codeql-coding-standards Unit Tests Linux", + # TODO: Currently disabled, would just require support for figuring out where + # https://github.com/github/codeql-coding-standards/ is checked out locally + ] + + lang_test_failures: List[GithubStatus] = list() + for status in newest_status.values(): + if " Language Tests" in status.context or status.context in supported_internal_status_language_test_names: + if status.state == "failure": + lang_test_failures.append(status) + elif status.state == "pending": + LOGGER.error(f"Language tests ({status.context}) are still running, please wait for them to finish before running this script again") + sys.exit(1) + + job_failure_urls = set() + for lang_test_failure in lang_test_failures: + job_failure_urls.add(lang_test_failure.target_url) + + assert len(job_failure_urls) == 1, f"Multiple job failure URLs: {job_failure_urls}" + job_failure_url = job_failure_urls.pop() + + # fixup URL. On the status, the target URL is the run, and it's really hard to + # change this to link to the full `/runs//jobs/` URL, since + # the `` is not available in a context: https://github.com/community/community/discussions/40291 + m = re.fullmatch(r"^https://github\.com/([^/]+/[^/]+)/actions/runs/(\d+)$", job_failure_url) + nwo = m.group(1) + run_id = m.group(2) + jobs_url = f"https://api.github.com/repos/{nwo}/actions/runs/{run_id}/jobs" + LOGGER.info(f"Fixing up target url from looking at {jobs_url}") + jobs = json.loads(subprocess.check_output(["gh", "api", "--paginate", jobs_url]).decode("utf-8")) + for lang_test_failure in lang_test_failures: + workflow_translation = { + "codeql-coding-standards Unit Tests Linux": "Start codeql-coding-standards" + } + expected_workflow_name = workflow_translation.get(lang_test_failure.context, lang_test_failure.context) + + for job in jobs["jobs"]: + api_name: str = job["name"] + if " / " not in api_name: + continue + + workflow_name, job_name = api_name.split(" / ") + # The job names we're looking for looks like "Python2 Language Tests / Python2 Language Tests" or "Java Language Tests / Java Language Tests Linux" + # for "Java Integration Tests Linux / Java Integration tests Linux" we need to ignore case :| + if workflow_name == expected_workflow_name and job_name.lower().startswith(lang_test_failure.context.lower()): + lang_test_failure.job_id = job["id"] + break + else: + LOGGER.error(f"Could not find job for {lang_test_failure.context!r}") + sys.exit(1) + + # Ruby/Swift/C#/Go use github actions, and not internal CI. These are not reported + # from the /statuses API, but from the /check-suites API + check_suites_url = f"https://api.github.com/repos/github/codeql/commits/{sha}/check-suites" + LOGGER.info(f"Getting check suites ({check_suites_url})") + check_suites = json.loads(subprocess.check_output(["gh", "api", "--paginate", check_suites_url]).decode("utf-8")) + + check_failure_urls = [] + for check in check_suites["check_suites"]: + if check["status"] != "completed": + print(check) + LOGGER.error("At least one check not completed yet!") + sys.exit(1) + + if check["conclusion"] == "failure": + check_failure_urls.append(check["check_runs_url"]) + + for check_failure_url in check_failure_urls: + # run information: https://docs.github.com/en/rest/actions/workflow-jobs?apiVersion=2022-11-28#get-a-job-for-a-workflow-run + check_runs = json.loads(subprocess.check_output(["gh", "api", "--paginate", check_failure_url]).decode("utf-8")) + for check_run in check_runs["check_runs"]: + if check_run["conclusion"] == "failure": + m = re.fullmatch(r"^https://github\.com/([^/]+/[^/]+)/actions/runs/(\d+)(?:/jobs/(\d+))?$", check_run["details_url"]) + nwo = m.group(1) + run_id = m.group(2) + jobs_url = f"https://api.github.com/repos/{nwo}/actions/runs/{run_id}/jobs" + LOGGER.debug(f"Looking into failure at {jobs_url}") + jobs = json.loads(subprocess.check_output(["gh", "api", "--paginate", jobs_url]).decode("utf-8")) + + for job in jobs["jobs"]: + OK_WORKFLOW_NAMES = ["C#: Run QL Tests", "Go: Run Tests", "Ruby: Run QL Tests", "Swift"] + def ok_job_name(job_name: str) -> bool: + if job_name.startswith("qltest"): + return True + if job_name.startswith("Test Linux"): + return True + return False + + if job["name"] == check_run['name'] and job["workflow_name"] in OK_WORKFLOW_NAMES and ok_job_name(job["name"]): + # print(check_run['name'], 'matched to', f"{job['workflow_name']} / {job['name']}") + lang_test_failures.append(GithubStatus( + state="failure", + context=f"{job['workflow_name']} / {job['name']}", + target_url=job["html_url"], + created_at=check_run["completed_at"], + nwo=nwo, + job_id=job["id"], + )) + break + else: + LOGGER.debug(f"Ignoring actions failure for '{check_run['name']}' ({check_run['details_url']})") + + if not lang_test_failures: + LOGGER.info("No language test failures found") + return + + patches_to_apply: Set[Patch] = set() + + for failure in lang_test_failures: + log_content = get_log_content(failure) + LOGGER.info(f"'{failure.context}': Making patches") + patches = make_patches_from_log_file(log_content.splitlines()) + + if not patches: + LOGGER.warning(f"No patches generated for job {failure}") + continue + + for patch in patches: + if patch in patches_to_apply: + LOGGER.debug(f"Skipping duplicate patch for {patch.filename}") + continue + patches_to_apply.add(patch) + + if DEBUG_SAVE_PATCHES: + sys.exit("debug save patches") + + if not patches_to_apply: + print("No patches to apply") + return + + semmle_code_changed = False + + for patch in patches_to_apply: + with tempfile.NamedTemporaryFile(prefix=f"patches-", suffix=".patch") as temp: + temp.write(patch.format_as_patch().encode(encoding="utf-8")) + temp.flush() + LOGGER.info(f"Applying patch for '{patch.filename}'") + try: + if patch.dir is None: + LOGGER.warning(f"Did not find local semmle-code directory, so skipping patch for '{patch.filename}'") + continue + + subprocess.check_call(["git", "apply", temp.name], cwd=patch.dir) + if patch.dir == SEMMLE_CODE_DIR: + semmle_code_changed = True + except subprocess.CalledProcessError: + LOGGER.error(f"Could not apply patches for '{patch.filename}' '{patch.patch[0]}', skipping") + tmp_keep = tempfile.NamedTemporaryFile(delete=False) + tmp_keep.write(patch.format_as_patch().encode(encoding="utf-8")) + LOGGER.error(f"Patch saved to {tmp_keep.name}") + + if semmle_code_changed: + print("Expected output in semmle-code changed!") + +def get_pr_number() -> int: + if len(sys.argv) < 2: + pr_number_response = subprocess.check_output([ + "gh", "pr", "view", "--json", "number" + ]).decode("utf-8") + + return json.loads(pr_number_response)["number"] + else: + return int(sys.argv[1]) + + +if __name__ == "__main__": + + level = logging.INFO + + try: + import coloredlogs + coloredlogs.install(level, fmt="%(levelname)s: %(message)s") + except ImportError: + logging.basicConfig(level=logging.INFO, format="%(levelname)s: %(message)s") + + + if DEBUG_LOG_FILE: + patches = make_patches_from_log_file(open(DEBUG_LOG_FILE, "r").readlines()) + for patch in patches: + if True: + tmp_keep = tempfile.NamedTemporaryFile(delete=False) + tmp_keep.write(patch.format_as_patch().encode(encoding="utf-8")) + LOGGER.info(f"Patch for {patch.filename} saved to {tmp_keep.name}") + sys.exit(1) + + os.chdir(CODEQL_REPO_DIR) + main(get_pr_number()) From e677b62241895f39403542855b7e8b2e5a2376a3 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Fri, 17 Mar 2023 10:13:11 +0100 Subject: [PATCH 089/870] use type-tracking instead of global dataflow for tracking regular expressions --- config/identical-files.json | 1 - .../lib/semmle/python/dataflow/new/Regexp.qll | 9 +- .../new/internal/DataFlowImplForRegExp.qll | 398 ------------------ python/ql/lib/semmle/python/regex.qll | 43 +- .../python/regexp/internal/RegExpTracking.qll | 79 ++++ 5 files changed, 106 insertions(+), 424 deletions(-) delete mode 100644 python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplForRegExp.qll create mode 100644 python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll diff --git a/config/identical-files.json b/config/identical-files.json index d694c69f9bc..4edce66949c 100644 --- a/config/identical-files.json +++ b/config/identical-files.json @@ -48,7 +48,6 @@ "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll", "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll", "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll", - "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplForRegExp.qll", "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl1.qll", "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll", "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForHttpClientLibraries.qll", diff --git a/python/ql/lib/semmle/python/dataflow/new/Regexp.qll b/python/ql/lib/semmle/python/dataflow/new/Regexp.qll index a518fc41f46..19beceec88b 100644 --- a/python/ql/lib/semmle/python/dataflow/new/Regexp.qll +++ b/python/ql/lib/semmle/python/dataflow/new/Regexp.qll @@ -5,6 +5,7 @@ private import semmle.python.RegexTreeView private import semmle.python.regex private import semmle.python.dataflow.new.DataFlow +private import semmle.python.regexp.internal.RegExpTracking /** * Provides utility predicates related to regular expressions. @@ -25,18 +26,18 @@ deprecated module RegExpPatterns { * as a part of a regular expression. */ class RegExpPatternSource extends DataFlow::CfgNode { - private Regex astNode; + private DataFlow::Node sink; - RegExpPatternSource() { astNode = this.asExpr() } + RegExpPatternSource() { this = regExpSource(sink) } /** * Gets a node where the pattern of this node is parsed as a part of * a regular expression. */ - DataFlow::Node getAParse() { result = this } + DataFlow::Node getAParse() { result = sink } /** * Gets the root term of the regular expression parsed from this pattern. */ - RegExpTerm getRegExpTerm() { result.getRegex() = astNode } + RegExpTerm getRegExpTerm() { result.getRegex() = this.asExpr() } } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplForRegExp.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplForRegExp.qll deleted file mode 100644 index be70086a93a..00000000000 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplForRegExp.qll +++ /dev/null @@ -1,398 +0,0 @@ -/** - * DEPRECATED: Use `Global` and `GlobalWithState` instead. - * - * Provides a `Configuration` class backwards-compatible interface to the data - * flow library. - */ - -private import DataFlowImplCommon -private import DataFlowImplSpecific::Private -import DataFlowImplSpecific::Public -private import DataFlowImpl -import DataFlowImplCommonPublic -import FlowStateString -private import codeql.util.Unit - -/** - * A configuration of interprocedural data flow analysis. This defines - * sources, sinks, and any other configurable aspect of the analysis. Each - * use of the global data flow library must define its own unique extension - * of this abstract class. To create a configuration, extend this class with - * a subclass whose characteristic predicate is a unique singleton string. - * For example, write - * - * ```ql - * class MyAnalysisConfiguration extends DataFlow::Configuration { - * MyAnalysisConfiguration() { this = "MyAnalysisConfiguration" } - * // Override `isSource` and `isSink`. - * // Optionally override `isBarrier`. - * // Optionally override `isAdditionalFlowStep`. - * } - * ``` - * Conceptually, this defines a graph where the nodes are `DataFlow::Node`s and - * the edges are those data-flow steps that preserve the value of the node - * along with any additional edges defined by `isAdditionalFlowStep`. - * Specifying nodes in `isBarrier` will remove those nodes from the graph, and - * specifying nodes in `isBarrierIn` and/or `isBarrierOut` will remove in-going - * and/or out-going edges from those nodes, respectively. - * - * Then, to query whether there is flow between some `source` and `sink`, - * write - * - * ```ql - * exists(MyAnalysisConfiguration cfg | cfg.hasFlow(source, sink)) - * ``` - * - * Multiple configurations can coexist, but two classes extending - * `DataFlow::Configuration` should never depend on each other. One of them - * should instead depend on a `DataFlow2::Configuration`, a - * `DataFlow3::Configuration`, or a `DataFlow4::Configuration`. - */ -abstract class Configuration extends string { - bindingset[this] - Configuration() { any() } - - /** - * Holds if `source` is a relevant data flow source. - */ - predicate isSource(Node source) { none() } - - /** - * Holds if `source` is a relevant data flow source with the given initial - * `state`. - */ - predicate isSource(Node source, FlowState state) { none() } - - /** - * Holds if `sink` is a relevant data flow sink. - */ - predicate isSink(Node sink) { none() } - - /** - * Holds if `sink` is a relevant data flow sink accepting `state`. - */ - predicate isSink(Node sink, FlowState state) { none() } - - /** - * Holds if data flow through `node` is prohibited. This completely removes - * `node` from the data flow graph. - */ - predicate isBarrier(Node node) { none() } - - /** - * Holds if data flow through `node` is prohibited when the flow state is - * `state`. - */ - predicate isBarrier(Node node, FlowState state) { none() } - - /** Holds if data flow into `node` is prohibited. */ - predicate isBarrierIn(Node node) { none() } - - /** Holds if data flow out of `node` is prohibited. */ - predicate isBarrierOut(Node node) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited. - */ - deprecated predicate isBarrierGuard(BarrierGuard guard) { none() } - - /** - * DEPRECATED: Use `isBarrier` and `BarrierGuard` module instead. - * - * Holds if data flow through nodes guarded by `guard` is prohibited when - * the flow state is `state` - */ - deprecated predicate isBarrierGuard(BarrierGuard guard, FlowState state) { none() } - - /** - * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. - */ - predicate isAdditionalFlowStep(Node node1, Node node2) { none() } - - /** - * Holds if data may flow from `node1` to `node2` in addition to the normal data-flow steps. - * This step is only applicable in `state1` and updates the flow state to `state2`. - */ - predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { - none() - } - - /** - * Holds if an arbitrary number of implicit read steps of content `c` may be - * taken at `node`. - */ - predicate allowImplicitRead(Node node, ContentSet c) { none() } - - /** - * Gets the virtual dispatch branching limit when calculating field flow. - * This can be overridden to a smaller value to improve performance (a - * value of 0 disables field flow), or a larger value to get more results. - */ - int fieldFlowBranchLimit() { result = 2 } - - /** - * Gets a data flow configuration feature to add restrictions to the set of - * valid flow paths. - * - * - `FeatureHasSourceCallContext`: - * Assume that sources have some existing call context to disallow - * conflicting return-flow directly following the source. - * - `FeatureHasSinkCallContext`: - * Assume that sinks have some existing call context to disallow - * conflicting argument-to-parameter flow directly preceding the sink. - * - `FeatureEqualSourceSinkCallContext`: - * Implies both of the above and additionally ensures that the entire flow - * path preserves the call context. - * - * These features are generally not relevant for typical end-to-end data flow - * queries, but should only be used for constructing paths that need to - * somehow be pluggable in another path context. - */ - FlowFeature getAFeature() { none() } - - /** Holds if sources should be grouped in the result of `hasFlowPath`. */ - predicate sourceGrouping(Node source, string sourceGroup) { none() } - - /** Holds if sinks should be grouped in the result of `hasFlowPath`. */ - predicate sinkGrouping(Node sink, string sinkGroup) { none() } - - /** - * Holds if data may flow from `source` to `sink` for this configuration. - */ - predicate hasFlow(Node source, Node sink) { hasFlow(source, sink, this) } - - /** - * Holds if data may flow from `source` to `sink` for this configuration. - * - * The corresponding paths are generated from the end-points and the graph - * included in the module `PathGraph`. - */ - predicate hasFlowPath(PathNode source, PathNode sink) { hasFlowPath(source, sink, this) } - - /** - * Holds if data may flow from some source to `sink` for this configuration. - */ - predicate hasFlowTo(Node sink) { hasFlowTo(sink, this) } - - /** - * Holds if data may flow from some source to `sink` for this configuration. - */ - predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) } - - /** - * DEPRECATED: Use `FlowExploration` instead. - * - * Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev` - * measured in approximate number of interprocedural steps. - */ - deprecated int explorationLimit() { none() } - - /** - * Holds if hidden nodes should be included in the data flow graph. - * - * This feature should only be used for debugging or when the data flow graph - * is not visualized (for example in a `path-problem` query). - */ - predicate includeHiddenNodes() { none() } -} - -/** - * This class exists to prevent mutual recursion between the user-overridden - * member predicates of `Configuration` and the rest of the data-flow library. - * Good performance cannot be guaranteed in the presence of such recursion, so - * it should be replaced by using more than one copy of the data flow library. - */ -abstract private class ConfigurationRecursionPrevention extends Configuration { - bindingset[this] - ConfigurationRecursionPrevention() { any() } - - override predicate hasFlow(Node source, Node sink) { - strictcount(Node n | this.isSource(n)) < 0 - or - strictcount(Node n | this.isSource(n, _)) < 0 - or - strictcount(Node n | this.isSink(n)) < 0 - or - strictcount(Node n | this.isSink(n, _)) < 0 - or - strictcount(Node n1, Node n2 | this.isAdditionalFlowStep(n1, n2)) < 0 - or - strictcount(Node n1, Node n2 | this.isAdditionalFlowStep(n1, _, n2, _)) < 0 - or - super.hasFlow(source, sink) - } -} - -/** A bridge class to access the deprecated `isBarrierGuard`. */ -private class BarrierGuardGuardedNodeBridge extends Unit { - abstract predicate guardedNode(Node n, Configuration config); - - abstract predicate guardedNode(Node n, FlowState state, Configuration config); -} - -private class BarrierGuardGuardedNode extends BarrierGuardGuardedNodeBridge { - deprecated override predicate guardedNode(Node n, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g) and - n = g.getAGuardedNode() - ) - } - - deprecated override predicate guardedNode(Node n, FlowState state, Configuration config) { - exists(BarrierGuard g | - config.isBarrierGuard(g, state) and - n = g.getAGuardedNode() - ) - } -} - -private FlowState relevantState(Configuration config) { - config.isSource(_, result) or - config.isSink(_, result) or - config.isBarrier(_, result) or - config.isAdditionalFlowStep(_, result, _, _) or - config.isAdditionalFlowStep(_, _, _, result) -} - -private newtype TConfigState = - TMkConfigState(Configuration config, FlowState state) { - state = relevantState(config) or state instanceof FlowStateEmpty - } - -private Configuration getConfig(TConfigState state) { state = TMkConfigState(result, _) } - -private FlowState getState(TConfigState state) { state = TMkConfigState(_, result) } - -private predicate singleConfiguration() { 1 = strictcount(Configuration c) } - -private module Config implements FullStateConfigSig { - class FlowState = TConfigState; - - predicate isSource(Node source, FlowState state) { - getConfig(state).isSource(source, getState(state)) - or - getConfig(state).isSource(source) and getState(state) instanceof FlowStateEmpty - } - - predicate isSink(Node sink, FlowState state) { - getConfig(state).isSink(sink, getState(state)) - or - getConfig(state).isSink(sink) and getState(state) instanceof FlowStateEmpty - } - - predicate isBarrier(Node node) { none() } - - predicate isBarrier(Node node, FlowState state) { - getConfig(state).isBarrier(node, getState(state)) or - getConfig(state).isBarrier(node) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getState(state), getConfig(state)) or - any(BarrierGuardGuardedNodeBridge b).guardedNode(node, getConfig(state)) - } - - predicate isBarrierIn(Node node) { any(Configuration config).isBarrierIn(node) } - - predicate isBarrierOut(Node node) { any(Configuration config).isBarrierOut(node) } - - predicate isAdditionalFlowStep(Node node1, Node node2) { - singleConfiguration() and - any(Configuration config).isAdditionalFlowStep(node1, node2) - } - - predicate isAdditionalFlowStep(Node node1, FlowState state1, Node node2, FlowState state2) { - getConfig(state1).isAdditionalFlowStep(node1, getState(state1), node2, getState(state2)) and - getConfig(state2) = getConfig(state1) - or - not singleConfiguration() and - getConfig(state1).isAdditionalFlowStep(node1, node2) and - state2 = state1 - } - - predicate allowImplicitRead(Node node, ContentSet c) { - any(Configuration config).allowImplicitRead(node, c) - } - - int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) } - - FlowFeature getAFeature() { result = any(Configuration config).getAFeature() } - - predicate sourceGrouping(Node source, string sourceGroup) { - any(Configuration config).sourceGrouping(source, sourceGroup) - } - - predicate sinkGrouping(Node sink, string sinkGroup) { - any(Configuration config).sinkGrouping(sink, sinkGroup) - } - - predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() } -} - -private import Impl as I - -/** - * A `Node` augmented with a call context (except for sinks), an access path, and a configuration. - * Only those `PathNode`s that are reachable from a source, and which can reach a sink, are generated. - */ -class PathNode instanceof I::PathNode { - /** Gets a textual representation of this element. */ - final string toString() { result = super.toString() } - - /** - * Gets a textual representation of this element, including a textual - * representation of the call context. - */ - final string toStringWithContext() { result = super.toStringWithContext() } - - /** - * Holds if this element is at the specified location. - * The location spans column `startcolumn` of line `startline` to - * column `endcolumn` of line `endline` in file `filepath`. - * For more information, see - * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). - */ - final predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } - - /** Gets the underlying `Node`. */ - final Node getNode() { result = super.getNode() } - - /** Gets the `FlowState` of this node. */ - final FlowState getState() { result = getState(super.getState()) } - - /** Gets the associated configuration. */ - final Configuration getConfiguration() { result = getConfig(super.getState()) } - - /** Gets a successor of this node, if any. */ - final PathNode getASuccessor() { result = super.getASuccessor() } - - /** Holds if this node is a source. */ - final predicate isSource() { super.isSource() } - - /** Holds if this node is a grouping of source nodes. */ - final predicate isSourceGroup(string group) { super.isSourceGroup(group) } - - /** Holds if this node is a grouping of sink nodes. */ - final predicate isSinkGroup(string group) { super.isSinkGroup(group) } -} - -module PathGraph = I::PathGraph; - -private predicate hasFlow(Node source, Node sink, Configuration config) { - exists(PathNode source0, PathNode sink0 | - hasFlowPath(source0, sink0, config) and - source0.getNode() = source and - sink0.getNode() = sink - ) -} - -private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) { - I::flowPath(source, sink) and source.getConfiguration() = config -} - -private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) } - -predicate flowsTo = hasFlow/3; diff --git a/python/ql/lib/semmle/python/regex.qll b/python/ql/lib/semmle/python/regex.qll index d4d00da7aae..cc21ac104bf 100644 --- a/python/ql/lib/semmle/python/regex.qll +++ b/python/ql/lib/semmle/python/regex.qll @@ -2,6 +2,7 @@ import python private import semmle.python.ApiGraphs // Need to import since frameworks can extend the abstract `RegexString` private import semmle.python.Frameworks +private import semmle.python.Concepts as Concepts /** * Gets the positional argument index containing the regular expression flags for the member of the @@ -38,38 +39,38 @@ private API::Node relevant_re_member(string name) { name != "escape" } -private import semmle.python.dataflow.new.internal.DataFlowImplForRegExp as RegData - -/** A data-flow configuration for tracking string-constants that are used as regular expressions. */ -private class RegexTracking extends RegData::Configuration { - RegexTracking() { this = "RegexTracking" } - - override predicate isSource(RegData::Node node) { - node.asExpr() instanceof Bytes or - node.asExpr() instanceof Unicode - } - - override predicate isSink(RegData::Node node) { used_as_regex_internal(node.asExpr(), _) } -} - /** * Holds if the expression `e` is used as a regex with the `re` module, with the regex-mode `mode` (if known). * If regex mode is not known, `mode` will be `"None"`. * * This predicate has not done any data-flow tracking. */ -private predicate used_as_regex_internal(Expr e, string mode) { +// TODO: This thing should be refactored, along with removing RegexString. +predicate used_as_regex_internal(Expr e, string mode) { /* Call to re.xxx(regex, ... [mode]) */ - exists(DataFlow::CallCfgNode call, string name | + exists(DataFlow::CallCfgNode call | + call instanceof Concepts::RegexExecution and + e = call.(Concepts::RegexExecution).getRegex().asExpr() + or call.getArg(0).asExpr() = e and - call = relevant_re_member(name).getACall() + call = relevant_re_member(_).getACall() | mode = "None" or - mode = mode_from_node([call.getArg(re_member_flags_arg(name)), call.getArgByName("flags")]) + exists(DataFlow::CallCfgNode callNode | + call = callNode and + mode = + mode_from_node([ + callNode + .getArg(re_member_flags_arg(callNode.(DataFlow::MethodCallNode).getMethodName())), + callNode.getArgByName("flags") + ]) + ) ) } +private import regexp.internal.RegExpTracking as RegExpTracking + /** * Holds if the string-constant `s` ends up being used as a regex with the `re` module, with the regex-mode `mode` (if known). * If regex mode is not known, `mode` will be `"None"`. @@ -78,8 +79,8 @@ private predicate used_as_regex_internal(Expr e, string mode) { */ predicate used_as_regex(Expr s, string mode) { (s instanceof Bytes or s instanceof Unicode) and - exists(RegexTracking t, RegData::Node source, RegData::Node sink | - t.hasFlow(source, sink) and + exists(DataFlow::Node source, DataFlow::Node sink | + source = RegExpTracking::regExpSource(sink) and used_as_regex_internal(sink.asExpr(), mode) and s = source.asExpr() ) @@ -90,7 +91,7 @@ private import semmle.python.RegexTreeView /** Gets a parsed regular expression term that is executed at `exec`. */ RegExpTerm getTermForExecution(RegexExecution exec) { - exists(RegexTracking t, DataFlow::Node source | t.hasFlow(source, exec.getRegex()) | + exists(DataFlow::Node source | source = RegExpTracking::regExpSource(exec.getRegex()) | result.getRegex() = source.asExpr() and result.isRootTerm() ) diff --git a/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll b/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll new file mode 100644 index 00000000000..4751f97b0a7 --- /dev/null +++ b/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll @@ -0,0 +1,79 @@ +/** + * Provides predicates that track strings to where they are used as regular expressions. + * This is implemented using TypeTracking in two phases: + * + * 1: An exploratory backwards analysis that imprecisely tracks all nodes that may be used as regular expressions. + * The exploratory phase ends with a forwards analysis from string constants that were reached by the backwards analysis. + * This is similar to the exploratory phase of the JavaScript global DataFlow library. + * + * 2: A precise type tracking analysis that tracks constant strings to where they are used as regular expressions. + * This phase keeps track of which strings and regular expressions end up in which places. + */ + +import python +private import semmle.python.dataflow.new.DataFlow +private import semmle.python.Concepts as Concepts + +/** Gets a constant string value that may be used as a regular expression. */ +DataFlow::LocalSourceNode strStart() { + result.asExpr() instanceof Bytes or + result.asExpr() instanceof Unicode +} + +private import semmle.python.regex as Regex + +/** Gets a node where regular expressions that flow to the node are used. */ +DataFlow::Node regSink() { + result = any(Concepts::RegexExecution exec).getRegex() + or + // TODO: Refactor into something nicer, and remove the above import of `semmle.python.regex` + Regex::used_as_regex_internal(result.asExpr(), _) +} + +/** + * Gets a dataflow node that may end up being in any regular expression execution. + * This is the backwards exploratory phase of the analysis. + */ +private DataFlow::TypeTrackingNode backwards(DataFlow::TypeBackTracker t) { + t.start() and + result = regSink().getALocalSource() + or + exists(DataFlow::TypeBackTracker t2 | result = backwards(t2).backtrack(t2, t)) +} + +/** + * Gets a reference to a string that reaches any regular expression execution. + * This is the forwards exploratory phase of the analysis. + */ +private DataFlow::TypeTrackingNode forwards(DataFlow::TypeTracker t) { + t.start() and + result = backwards(DataFlow::TypeBackTracker::end()) and + result.flowsTo(strStart()) + or + exists(DataFlow::TypeTracker t2 | result = forwards(t2).track(t2, t)) and + result = backwards(_) +} + +/** + * Gets a node that has been tracked from the string constant `start` to some node. + * This is used to figure out where `start` is evaluated as a regular expression. + * + * The result of the exploratory phase is used to limit the size of the search space in this precise analysis. + */ +private DataFlow::TypeTrackingNode regexTracking(DataFlow::Node start, DataFlow::TypeTracker t) { + result = forwards(_) and + ( + t.start() and + start = strStart() and + result = start.getALocalSource() + or + exists(DataFlow::TypeTracker t2 | result = regexTracking(start, t2).track(t2, t)) + ) +} + +/** Gets a node holding a value for the regular expression that is evaluated at `re`. */ +cached +DataFlow::Node regExpSource(DataFlow::Node re) { + re = regSink() and + regexTracking(result, DataFlow::TypeTracker::end()).flowsTo(re) +} From f0254fc0895c4951479022201425b05870b6bf51 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Fri, 17 Mar 2023 17:38:13 +0100 Subject: [PATCH 090/870] introduce RegExpInterpretation instead of RegexString, and move RegexTreeView.qll into a regexp folder --- python/ql/lib/semmle/python/PrintAst.qll | 2 +- python/ql/lib/semmle/python/RegexTreeView.qll | 1094 +---------------- .../lib/semmle/python/dataflow/new/Regexp.qll | 2 +- .../lib/semmle/python/frameworks/Django.qll | 13 +- .../lib/semmle/python/frameworks/Tornado.qll | 11 +- python/ql/lib/semmle/python/regex.qll | 102 +- .../semmle/python/regexp/RegexTreeView.qll | 1090 ++++++++++++++++ .../python/regexp/internal/RegExpTracking.qll | 3 +- .../PolynomialReDoSCustomizations.qll | 2 +- .../python/security/regexp/HostnameRegex.qll | 2 +- .../src/Security/CWE-020/OverlyLargeRange.ql | 2 +- .../ql/src/Security/CWE-116/BadTagFilter.ql | 2 +- python/ql/src/Security/CWE-730/ReDoS.ql | 2 +- .../library-tests/regexparser/Consistency.ql | 2 +- .../PolynomialBackTracking.ql | 2 +- 15 files changed, 1174 insertions(+), 1157 deletions(-) create mode 100644 python/ql/lib/semmle/python/regexp/RegexTreeView.qll diff --git a/python/ql/lib/semmle/python/PrintAst.qll b/python/ql/lib/semmle/python/PrintAst.qll index 96e76de0b77..6189a47d4bb 100644 --- a/python/ql/lib/semmle/python/PrintAst.qll +++ b/python/ql/lib/semmle/python/PrintAst.qll @@ -7,7 +7,7 @@ */ import python -import semmle.python.RegexTreeView +import semmle.python.regexp.RegexTreeView import semmle.python.Yaml private newtype TPrintAstConfiguration = MkPrintAstConfiguration() diff --git a/python/ql/lib/semmle/python/RegexTreeView.qll b/python/ql/lib/semmle/python/RegexTreeView.qll index a69e076d21a..84cfaa3a4c7 100644 --- a/python/ql/lib/semmle/python/RegexTreeView.qll +++ b/python/ql/lib/semmle/python/RegexTreeView.qll @@ -1,1094 +1,6 @@ -/** Provides a class hierarchy corresponding to a parse tree of regular expressions. */ - -import python -private import semmle.python.regex -private import codeql.regex.nfa.NfaUtils as NfaUtils -private import codeql.regex.RegexTreeView -// exporting as RegexTreeView, and in the top-level scope. -import Impl as RegexTreeView -import Impl - -/** Gets the parse tree resulting from parsing `re`, if such has been constructed. */ -RegExpTerm getParsedRegExp(StrConst re) { result.getRegex() = re and result.isRootTerm() } - /** - * An element containing a regular expression term, that is, either - * a string literal (parsed as a regular expression) - * or another regular expression term. - * - * For sequences and alternations, we require at least one child. - * Otherwise, we wish to represent the term differently. - * This avoids multiple representations of the same term. + * Deprecated. Use `semmle.python.regexp.RegexTreeView` instead. */ -private newtype TRegExpParent = - /** A string literal used as a regular expression */ - TRegExpLiteral(Regex re) or - /** A quantified term */ - TRegExpQuantifier(Regex re, int start, int end) { re.qualifiedItem(start, end, _, _) } or - /** A sequence term */ - TRegExpSequence(Regex re, int start, int end) { - re.sequence(start, end) and - exists(seqChild(re, start, end, 1)) // if a sequence does not have more than one element, it should be treated as that element instead. - } or - /** An alternation term */ - TRegExpAlt(Regex re, int start, int end) { - re.alternation(start, end) and - exists(int part_end | - re.alternationOption(start, end, start, part_end) and - part_end < end - ) // if an alternation does not have more than one element, it should be treated as that element instead. - } or - /** A character class term */ - TRegExpCharacterClass(Regex re, int start, int end) { re.charSet(start, end) } or - /** A character range term */ - TRegExpCharacterRange(Regex re, int start, int end) { re.charRange(_, start, _, _, end) } or - /** A group term */ - TRegExpGroup(Regex re, int start, int end) { re.group(start, end) } or - /** A special character */ - TRegExpSpecialChar(Regex re, int start, int end) { re.specialCharacter(start, end, _) } or - /** A normal character */ - TRegExpNormalChar(Regex re, int start, int end) { - re.normalCharacterSequence(start, end) - or - re.escapedCharacter(start, end) and - not re.specialCharacter(start, end, _) - } or - /** A back reference */ - TRegExpBackRef(Regex re, int start, int end) { re.backreference(start, end) } -pragma[nomagic] -private int seqChildEnd(Regex re, int start, int end, int i) { - result = seqChild(re, start, end, i).getEnd() -} - -// moved out so we can use it in the charpred -private RegExpTerm seqChild(Regex re, int start, int end, int i) { - re.sequence(start, end) and - ( - i = 0 and - result.getRegex() = re and - result.getStart() = start and - exists(int itemEnd | - re.item(start, itemEnd) and - result.getEnd() = itemEnd - ) - or - i > 0 and - result.getRegex() = re and - exists(int itemStart | itemStart = seqChildEnd(re, start, end, i - 1) | - result.getStart() = itemStart and - re.item(itemStart, result.getEnd()) - ) - ) -} - -/** An implementation that satisfies the RegexTreeView signature. */ -module Impl implements RegexTreeViewSig { - /** - * An element containing a regular expression term, that is, either - * a string literal (parsed as a regular expression) - * or another regular expression term. - */ - class RegExpParent extends TRegExpParent { - /** Gets a textual representation of this element. */ - string toString() { result = "RegExpParent" } - - /** Gets the `i`th child term. */ - abstract RegExpTerm getChild(int i); - - /** Gets a child term . */ - RegExpTerm getAChild() { result = this.getChild(_) } - - /** Gets the number of child terms. */ - int getNumChild() { result = count(this.getAChild()) } - - /** Gets the last child term of this element. */ - RegExpTerm getLastChild() { result = this.getChild(this.getNumChild() - 1) } - - /** Gets the associated regex. */ - abstract Regex getRegex(); - } - - /** A string literal used as a regular expression */ - class RegExpLiteral extends TRegExpLiteral, RegExpParent { - Regex re; - - RegExpLiteral() { this = TRegExpLiteral(re) } - - override RegExpTerm getChild(int i) { i = 0 and result.getRegex() = re and result.isRootTerm() } - - /** Holds if dot, `.`, matches all characters, including newlines. */ - predicate isDotAll() { re.getAMode() = "DOTALL" } - - /** Holds if this regex matching is case-insensitive for this regex. */ - predicate isIgnoreCase() { re.getAMode() = "IGNORECASE" } - - /** Get a string representing all modes for this regex. */ - string getFlags() { result = concat(string mode | mode = re.getAMode() | mode, " | ") } - - override Regex getRegex() { result = re } - - /** Gets the primary QL class for this regex. */ - string getPrimaryQLClass() { result = "RegExpLiteral" } - } - - /** - * A regular expression term, that is, a syntactic part of a regular expression. - */ - class RegExpTerm extends RegExpParent { - Regex re; - int start; - int end; - - RegExpTerm() { - this = TRegExpAlt(re, start, end) - or - this = TRegExpBackRef(re, start, end) - or - this = TRegExpCharacterClass(re, start, end) - or - this = TRegExpCharacterRange(re, start, end) - or - this = TRegExpNormalChar(re, start, end) - or - this = TRegExpGroup(re, start, end) - or - this = TRegExpQuantifier(re, start, end) - or - this = TRegExpSequence(re, start, end) - or - this = TRegExpSpecialChar(re, start, end) - } - - /** - * Gets the outermost term of this regular expression. - */ - RegExpTerm getRootTerm() { - this.isRootTerm() and result = this - or - result = this.getParent().(RegExpTerm).getRootTerm() - } - - /** - * Holds if this term is part of a string literal - * that is interpreted as a regular expression. - */ - predicate isUsedAsRegExp() { any() } - - /** - * Holds if this is the root term of a regular expression. - */ - predicate isRootTerm() { start = 0 and end = re.getText().length() } - - override RegExpTerm getChild(int i) { - result = this.(RegExpAlt).getChild(i) - or - result = this.(RegExpBackRef).getChild(i) - or - result = this.(RegExpCharacterClass).getChild(i) - or - result = this.(RegExpCharacterRange).getChild(i) - or - result = this.(RegExpNormalChar).getChild(i) - or - result = this.(RegExpGroup).getChild(i) - or - result = this.(RegExpQuantifier).getChild(i) - or - result = this.(RegExpSequence).getChild(i) - or - result = this.(RegExpSpecialChar).getChild(i) - } - - /** - * Gets the parent term of this regular expression term, or the - * regular expression literal if this is the root term. - */ - RegExpParent getParent() { result.getAChild() = this } - - override Regex getRegex() { result = re } - - /** Gets the offset at which this term starts. */ - int getStart() { result = start } - - /** Gets the offset at which this term ends. */ - int getEnd() { result = end } - - override string toString() { result = re.getText().substring(start, end) } - - /** - * Gets the location of the surrounding regex, as locations inside the regex do not exist. - * To get location information corresponding to the term inside the regex, - * use `hasLocationInfo`. - */ - Location getLocation() { result = re.getLocation() } - - /** Holds if this term is found at the specified location offsets. */ - predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - exists(int re_start | - re.getLocation().hasLocationInfo(filepath, startline, re_start, endline, _) and - startcolumn = re_start + start + 4 and - endcolumn = re_start + end + 3 - ) - } - - /** Gets the file in which this term is found. */ - File getFile() { result = this.getLocation().getFile() } - - /** Gets the raw source text of this term. */ - string getRawValue() { result = this.toString() } - - /** Gets the string literal in which this term is found. */ - RegExpLiteral getLiteral() { result = TRegExpLiteral(re) } - - /** Gets the regular expression term that is matched (textually) before this one, if any. */ - RegExpTerm getPredecessor() { - exists(RegExpTerm parent | parent = this.getParent() | - result = parent.(RegExpSequence).previousElement(this) - or - not exists(parent.(RegExpSequence).previousElement(this)) and - not parent instanceof RegExpSubPattern and - result = parent.getPredecessor() - ) - } - - /** Gets the regular expression term that is matched (textually) after this one, if any. */ - RegExpTerm getSuccessor() { - exists(RegExpTerm parent | parent = this.getParent() | - result = parent.(RegExpSequence).nextElement(this) - or - not exists(parent.(RegExpSequence).nextElement(this)) and - not parent instanceof RegExpSubPattern and - result = parent.getSuccessor() - ) - } - - /** Gets the primary QL class for this term. */ - string getPrimaryQLClass() { result = "RegExpTerm" } - } - - /** - * A quantified regular expression term. - * - * Example: - * - * ``` - * ((ECMA|Java)[sS]cript)* - * ``` - */ - class RegExpQuantifier extends RegExpTerm, TRegExpQuantifier { - int part_end; - boolean may_repeat_forever; - - RegExpQuantifier() { - this = TRegExpQuantifier(re, start, end) and - re.qualifiedPart(start, part_end, end, _, may_repeat_forever) - } - - override RegExpTerm getChild(int i) { - i = 0 and - result.getRegex() = re and - result.getStart() = start and - result.getEnd() = part_end - } - - /** Hols if this term may match an unlimited number of times. */ - predicate mayRepeatForever() { may_repeat_forever = true } - - /** Gets the qualifier for this term. That is e.g "?" for "a?". */ - string getQualifier() { result = re.getText().substring(part_end, end) } - - override string getPrimaryQLClass() { result = "RegExpQuantifier" } - } - - /** - * A regular expression term that permits unlimited repetitions. - */ - class InfiniteRepetitionQuantifier extends RegExpQuantifier { - InfiniteRepetitionQuantifier() { this.mayRepeatForever() } - } - - /** - * A star-quantified term. - * - * Example: - * - * ``` - * \w* - * ``` - */ - class RegExpStar extends InfiniteRepetitionQuantifier { - RegExpStar() { this.getQualifier().charAt(0) = "*" } - - override string getPrimaryQLClass() { result = "RegExpStar" } - } - - /** - * A plus-quantified term. - * - * Example: - * - * ``` - * \w+ - * ``` - */ - class RegExpPlus extends InfiniteRepetitionQuantifier { - RegExpPlus() { this.getQualifier().charAt(0) = "+" } - - override string getPrimaryQLClass() { result = "RegExpPlus" } - } - - /** - * An optional term. - * - * Example: - * - * ``` - * ;? - * ``` - */ - class RegExpOpt extends RegExpQuantifier { - RegExpOpt() { this.getQualifier().charAt(0) = "?" } - - override string getPrimaryQLClass() { result = "RegExpOpt" } - } - - /** - * A range-quantified term - * - * Examples: - * - * ``` - * \w{2,4} - * \w{2,} - * \w{2} - * ``` - */ - class RegExpRange extends RegExpQuantifier { - string upper; - string lower; - - RegExpRange() { re.multiples(part_end, end, lower, upper) } - - /** Gets the string defining the upper bound of this range, if any. */ - string getUpper() { result = upper } - - /** Gets the string defining the lower bound of this range, if any. */ - string getLower() { result = lower } - - /** - * Gets the upper bound of the range, if any. - * - * If there is no upper bound, any number of repetitions is allowed. - * For a term of the form `r{lo}`, both the lower and the upper bound - * are `lo`. - */ - int getUpperBound() { result = this.getUpper().toInt() } - - /** Gets the lower bound of the range. */ - int getLowerBound() { result = this.getLower().toInt() } - - override string getPrimaryQLClass() { result = "RegExpRange" } - } - - /** - * A sequence term. - * - * Example: - * - * ``` - * (ECMA|Java)Script - * ``` - * - * This is a sequence with the elements `(ECMA|Java)` and `Script`. - */ - class RegExpSequence extends RegExpTerm, TRegExpSequence { - RegExpSequence() { this = TRegExpSequence(re, start, end) } - - override RegExpTerm getChild(int i) { result = seqChild(re, start, end, i) } - - /** Gets the element preceding `element` in this sequence. */ - RegExpTerm previousElement(RegExpTerm element) { element = this.nextElement(result) } - - /** Gets the element following `element` in this sequence. */ - RegExpTerm nextElement(RegExpTerm element) { - exists(int i | - element = this.getChild(i) and - result = this.getChild(i + 1) - ) - } - - override string getPrimaryQLClass() { result = "RegExpSequence" } - } - - /** - * An alternative term, that is, a term of the form `a|b`. - * - * Example: - * - * ``` - * ECMA|Java - * ``` - */ - class RegExpAlt extends RegExpTerm, TRegExpAlt { - RegExpAlt() { this = TRegExpAlt(re, start, end) } - - override RegExpTerm getChild(int i) { - i = 0 and - result.getRegex() = re and - result.getStart() = start and - exists(int part_end | - re.alternationOption(start, end, start, part_end) and - result.getEnd() = part_end - ) - or - i > 0 and - result.getRegex() = re and - exists(int part_start | - part_start = this.getChild(i - 1).getEnd() + 1 // allow for the | - | - result.getStart() = part_start and - re.alternationOption(start, end, part_start, result.getEnd()) - ) - } - - override string getPrimaryQLClass() { result = "RegExpAlt" } - } - - /** - * A character escape in a regular expression. - * - * Example: - * - * ``` - * \. - * ``` - */ - class RegExpCharEscape = RegExpEscape; - - private import codeql.util.Numbers as Numbers - - /** - * An escaped regular expression term, that is, a regular expression - * term starting with a backslash, which is not a backreference. - * - * Example: - * - * ``` - * \. - * \w - * ``` - */ - class RegExpEscape extends RegExpNormalChar { - RegExpEscape() { re.escapedCharacter(start, end) } - - /** - * Gets the name of the escaped; for example, `w` for `\w`. - * TODO: Handle named escapes. - */ - override string getValue() { - not this.isUnicode() and - this.isIdentityEscape() and - result = this.getUnescaped() - or - this.getUnescaped() = "n" and result = "\n" - or - this.getUnescaped() = "r" and result = "\r" - or - this.getUnescaped() = "t" and result = "\t" - or - this.getUnescaped() = "f" and result = 12.toUnicode() - or - this.getUnescaped() = "v" and result = 11.toUnicode() - or - this.isUnicode() and - result = this.getUnicode() - } - - /** Holds if this terms name is given by the part following the escape character. */ - predicate isIdentityEscape() { not this.getUnescaped() in ["n", "r", "t", "f"] } - - override string getPrimaryQLClass() { result = "RegExpEscape" } - - /** Gets the part of the term following the escape character. That is e.g. "w" if the term is "\w". */ - string getUnescaped() { result = this.getText().suffix(1) } - - /** - * Gets the text for this escape. That is e.g. "\w". - */ - private string getText() { result = re.getText().substring(start, end) } - - /** - * Holds if this is a unicode escape. - */ - private predicate isUnicode() { this.getText().prefix(2) = ["\\u", "\\U"] } - - /** - * Gets the unicode char for this escape. - * E.g. for `\u0061` this returns "a". - */ - private string getUnicode() { - result = Numbers::parseHexInt(this.getText().suffix(2)).toUnicode() - } - } - - /** - * A word boundary, that is, a regular expression term of the form `\b`. - */ - class RegExpWordBoundary extends RegExpSpecialChar { - RegExpWordBoundary() { this.getChar() = "\\b" } - } - - /** - * A non-word boundary, that is, a regular expression term of the form `\B`. - */ - class RegExpNonWordBoundary extends RegExpSpecialChar { - RegExpNonWordBoundary() { this.getChar() = "\\B" } - } - - /** - * A character class escape in a regular expression. - * That is, an escaped character that denotes multiple characters. - * - * Examples: - * - * ``` - * \w - * \S - * ``` - */ - class RegExpCharacterClassEscape extends RegExpEscape { - RegExpCharacterClassEscape() { this.getValue() in ["d", "D", "s", "S", "w", "W"] } - - override RegExpTerm getChild(int i) { none() } - - override string getPrimaryQLClass() { result = "RegExpCharacterClassEscape" } - } - - /** - * A character class in a regular expression. - * - * Examples: - * - * ``` - * [a-z_] - * [^<>&] - * ``` - */ - class RegExpCharacterClass extends RegExpTerm, TRegExpCharacterClass { - RegExpCharacterClass() { this = TRegExpCharacterClass(re, start, end) } - - /** Holds if this character class is inverted, matching the opposite of its content. */ - predicate isInverted() { re.getChar(start + 1) = "^" } - - /** Gets the `i`th char inside this charater class. */ - string getCharThing(int i) { result = re.getChar(i + start) } - - /** Holds if this character class can match anything. */ - predicate isUniversalClass() { - // [^] - this.isInverted() and not exists(this.getAChild()) - or - // [\w\W] and similar - not this.isInverted() and - exists(string cce1, string cce2 | - cce1 = this.getAChild().(RegExpCharacterClassEscape).getValue() and - cce2 = this.getAChild().(RegExpCharacterClassEscape).getValue() - | - cce1 != cce2 and cce1.toLowerCase() = cce2.toLowerCase() - ) - } - - override RegExpTerm getChild(int i) { - i = 0 and - result.getRegex() = re and - exists(int itemStart, int itemEnd | - result.getStart() = itemStart and - re.char_set_start(start, itemStart) and - re.char_set_child(start, itemStart, itemEnd) and - result.getEnd() = itemEnd - ) - or - i > 0 and - result.getRegex() = re and - exists(int itemStart | itemStart = this.getChild(i - 1).getEnd() | - result.getStart() = itemStart and - re.char_set_child(start, itemStart, result.getEnd()) - ) - } - - override string getPrimaryQLClass() { result = "RegExpCharacterClass" } - } - - /** - * A character range in a character class in a regular expression. - * - * Example: - * - * ``` - * a-z - * ``` - */ - class RegExpCharacterRange extends RegExpTerm, TRegExpCharacterRange { - int lower_end; - int upper_start; - - RegExpCharacterRange() { - this = TRegExpCharacterRange(re, start, end) and - re.charRange(_, start, lower_end, upper_start, end) - } - - /** Holds if this range goes from `lo` to `hi`, in effect is `lo-hi`. */ - predicate isRange(string lo, string hi) { - lo = re.getText().substring(start, lower_end) and - hi = re.getText().substring(upper_start, end) - } - - override RegExpTerm getChild(int i) { - i = 0 and - result.getRegex() = re and - result.getStart() = start and - result.getEnd() = lower_end - or - i = 1 and - result.getRegex() = re and - result.getStart() = upper_start and - result.getEnd() = end - } - - override string getPrimaryQLClass() { result = "RegExpCharacterRange" } - } - - /** - * A normal character in a regular expression, that is, a character - * without special meaning. This includes escaped characters. - * - * Examples: - * ``` - * t - * \t - * ``` - */ - additional class RegExpNormalChar extends RegExpTerm, TRegExpNormalChar { - RegExpNormalChar() { this = TRegExpNormalChar(re, start, end) } - - /** - * Holds if this constant represents a valid Unicode character (as opposed - * to a surrogate code point that does not correspond to a character by itself.) - */ - predicate isCharacter() { any() } - - /** Gets the string representation of the char matched by this term. */ - string getValue() { result = re.getText().substring(start, end) } - - override RegExpTerm getChild(int i) { none() } - - override string getPrimaryQLClass() { result = "RegExpNormalChar" } - } - - /** - * A constant regular expression term, that is, a regular expression - * term matching a single string. Currently, this will always be a single character. - * - * Example: - * - * ``` - * a - * ``` - */ - class RegExpConstant extends RegExpTerm { - string value; - - RegExpConstant() { - this = TRegExpNormalChar(re, start, end) and - not this instanceof RegExpCharacterClassEscape and - // exclude chars in qualifiers - // TODO: push this into regex library - not exists(int qstart, int qend | re.qualifiedPart(_, qstart, qend, _, _) | - qstart <= start and end <= qend - ) and - value = this.(RegExpNormalChar).getValue() - } - - /** - * Holds if this constant represents a valid Unicode character (as opposed - * to a surrogate code point that does not correspond to a character by itself.) - */ - predicate isCharacter() { any() } - - /** Gets the string matched by this constant term. */ - string getValue() { result = value } - - override RegExpTerm getChild(int i) { none() } - - override string getPrimaryQLClass() { result = "RegExpConstant" } - } - - /** - * A grouped regular expression. - * - * Examples: - * - * ``` - * (ECMA|Java) - * (?:ECMA|Java) - * (?['"]) - * ``` - */ - class RegExpGroup extends RegExpTerm, TRegExpGroup { - RegExpGroup() { this = TRegExpGroup(re, start, end) } - - /** - * Gets the index of this capture group within the enclosing regular - * expression literal. - * - * For example, in the regular expression `/((a?).)(?:b)/`, the - * group `((a?).)` has index 1, the group `(a?)` nested inside it - * has index 2, and the group `(?:b)` has no index, since it is - * not a capture group. - */ - int getNumber() { result = re.getGroupNumber(start, end) } - - /** Holds if this is a capture group. */ - predicate isCapture() { exists(this.getNumber()) } - - /** Holds if this is a named capture group. */ - predicate isNamed() { exists(this.getName()) } - - /** Gets the name of this capture group, if any. */ - string getName() { result = re.getGroupName(start, end) } - - override RegExpTerm getChild(int i) { - result.getRegex() = re and - i = 0 and - re.groupContents(start, end, result.getStart(), result.getEnd()) - } - - override string getPrimaryQLClass() { result = "RegExpGroup" } - } - - /** - * A special character in a regular expression. - * - * Examples: - * ``` - * ^ - * $ - * . - * ``` - */ - additional class RegExpSpecialChar extends RegExpTerm, TRegExpSpecialChar { - string char; - - RegExpSpecialChar() { - this = TRegExpSpecialChar(re, start, end) and - re.specialCharacter(start, end, char) - } - - /** - * Holds if this constant represents a valid Unicode character (as opposed - * to a surrogate code point that does not correspond to a character by itself.) - */ - predicate isCharacter() { any() } - - /** Gets the char for this term. */ - string getChar() { result = char } - - override RegExpTerm getChild(int i) { none() } - - override string getPrimaryQLClass() { result = "RegExpSpecialChar" } - } - - /** - * A dot regular expression. - * - * Example: - * - * ``` - * . - * ``` - */ - class RegExpDot extends RegExpSpecialChar { - RegExpDot() { this.getChar() = "." } - - override string getPrimaryQLClass() { result = "RegExpDot" } - } - - /** - * A term that matches a specific position between characters in the string. - * - * Example: - * - * ``` - * \A - * ``` - */ - class RegExpAnchor extends RegExpSpecialChar { - RegExpAnchor() { this.getChar() = ["\\A", "^", "$", "\\Z"] } - } - - /** - * A dollar assertion `$` or `\Z` matching the end of a line. - * - * Example: - * - * ``` - * $ - * ``` - */ - class RegExpDollar extends RegExpAnchor { - RegExpDollar() { this.getChar() = ["$", "\\Z"] } - - override string getPrimaryQLClass() { result = "RegExpDollar" } - } - - /** - * A caret assertion `^` or `\A` matching the beginning of a line. - * - * Example: - * - * ``` - * ^ - * ``` - */ - class RegExpCaret extends RegExpAnchor { - RegExpCaret() { this.getChar() = ["^", "\\A"] } - - override string getPrimaryQLClass() { result = "RegExpCaret" } - } - - /** - * A zero-width match, that is, either an empty group or an assertion. - * - * Examples: - * ``` - * () - * (?=\w) - * ``` - */ - additional class RegExpZeroWidthMatch extends RegExpGroup { - RegExpZeroWidthMatch() { re.zeroWidthMatch(start, end) } - - override RegExpTerm getChild(int i) { none() } - - override string getPrimaryQLClass() { result = "RegExpZeroWidthMatch" } - } - - /** - * A zero-width lookahead or lookbehind assertion. - * - * Examples: - * - * ``` - * (?=\w) - * (?!\n) - * (?<=\.) - * (?` - * in a regular expression. - * - * Examples: - * - * ``` - * \1 - * (?P=quote) - * ``` - */ - class RegExpBackRef extends RegExpTerm, TRegExpBackRef { - RegExpBackRef() { this = TRegExpBackRef(re, start, end) } - - /** - * Gets the number of the capture group this back reference refers to, if any. - */ - int getNumber() { result = re.getBackrefNumber(start, end) } - - /** - * Gets the name of the capture group this back reference refers to, if any. - */ - string getName() { result = re.getBackrefName(start, end) } - - /** Gets the capture group this back reference refers to. */ - RegExpGroup getGroup() { - this.hasLiteralAndNumber(result.getLiteral(), result.getNumber()) or - this.hasLiteralAndName(result.getLiteral(), result.getName()) - } - - /** Join-order helper for `getGroup`. */ - pragma[nomagic] - private predicate hasLiteralAndNumber(RegExpLiteral literal, int number) { - literal = this.getLiteral() and - number = this.getNumber() - } - - /** Join-order helper for `getGroup`. */ - pragma[nomagic] - private predicate hasLiteralAndName(RegExpLiteral literal, string name) { - literal = this.getLiteral() and - name = this.getName() - } - - override RegExpTerm getChild(int i) { none() } - - override string getPrimaryQLClass() { result = "RegExpBackRef" } - } - - class Top = RegExpParent; - - /** - * Holds if `term` is an escape class representing e.g. `\d`. - * `clazz` is which character class it represents, e.g. "d" for `\d`. - */ - predicate isEscapeClass(RegExpTerm term, string clazz) { - exists(RegExpCharacterClassEscape escape | term = escape | escape.getValue() = clazz) - } - - /** - * Holds if `term` is a possessive quantifier. - * As python's regexes do not support possessive quantifiers, this never holds, but is used by the shared library. - */ - predicate isPossessive(RegExpQuantifier term) { none() } - - /** - * Holds if the regex that `term` is part of is used in a way that ignores any leading prefix of the input it's matched against. - * Not yet implemented for Python. - */ - predicate matchesAnyPrefix(RegExpTerm term) { any() } - - /** - * Holds if the regex that `term` is part of is used in a way that ignores any trailing suffix of the input it's matched against. - * Not yet implemented for Python. - */ - predicate matchesAnySuffix(RegExpTerm term) { any() } - - /** - * Holds if the regular expression should not be considered. - * - * We make the pragmatic performance optimization to ignore regular expressions in files - * that does not belong to the project code (such as installed dependencies). - */ - predicate isExcluded(RegExpParent parent) { - not exists(parent.getRegex().getLocation().getFile().getRelativePath()) - or - // Regexes with many occurrences of ".*" may cause the polynomial ReDoS computation to explode, so - // we explicitly exclude these. - count(int i | exists(parent.getRegex().getText().regexpFind("\\.\\*", i, _)) | i) > 10 - } - - /** - * Holds if `root` has the `i` flag for case-insensitive matching. - */ - predicate isIgnoreCase(RegExpTerm root) { - root.isRootTerm() and - root.getLiteral().isIgnoreCase() - } - - /** - * Holds if `root` has the `s` flag for multi-line matching. - */ - predicate isDotAll(RegExpTerm root) { - root.isRootTerm() and - root.getLiteral().isDotAll() - } -} +deprecated import regexp.RegexTreeView as Dep +import Dep diff --git a/python/ql/lib/semmle/python/dataflow/new/Regexp.qll b/python/ql/lib/semmle/python/dataflow/new/Regexp.qll index 19beceec88b..8fa3427256c 100644 --- a/python/ql/lib/semmle/python/dataflow/new/Regexp.qll +++ b/python/ql/lib/semmle/python/dataflow/new/Regexp.qll @@ -2,7 +2,7 @@ * Provides classes for working with regular expressions. */ -private import semmle.python.RegexTreeView +private import semmle.python.regexp.RegexTreeView private import semmle.python.regex private import semmle.python.dataflow.new.DataFlow private import semmle.python.regexp.internal.RegExpTracking diff --git a/python/ql/lib/semmle/python/frameworks/Django.qll b/python/ql/lib/semmle/python/frameworks/Django.qll index c656ee85fda..886357594a1 100644 --- a/python/ql/lib/semmle/python/frameworks/Django.qll +++ b/python/ql/lib/semmle/python/frameworks/Django.qll @@ -2512,9 +2512,10 @@ module PrivateDjango { any(int i | i < routeHandler.getFirstPossibleRoutedParamIndex() | routeHandler.getArg(i)) ) or - exists(DjangoRouteHandler routeHandler, DjangoRouteRegex regex | + exists(DjangoRouteHandler routeHandler, DjangoRouteRegex regexUse, Regex regex | + regex.getAUse() = regexUse and routeHandler = this.getARequestHandler() and - regex.getRouteSetup() = this + regexUse.getRouteSetup() = this | // either using named capture groups (passed as keyword arguments) or using // unnamed capture groups (passed as positional arguments) @@ -2533,14 +2534,12 @@ module PrivateDjango { /** * A regex that is used to set up a route. * - * Needs this subclass to be considered a RegexString. + * Needs this subclass to be considered a RegExpInterpretation. */ - private class DjangoRouteRegex extends RegexString instanceof StrConst { + private class DjangoRouteRegex extends RegExpInterpretation::Range { DjangoRegexRouteSetup rePathCall; - DjangoRouteRegex() { - rePathCall.getUrlPatternArg().getALocalSource() = DataFlow::exprNode(this) - } + DjangoRouteRegex() { this = rePathCall.getUrlPatternArg() } DjangoRegexRouteSetup getRouteSetup() { result = rePathCall } } diff --git a/python/ql/lib/semmle/python/frameworks/Tornado.qll b/python/ql/lib/semmle/python/frameworks/Tornado.qll index 29bd4fa2279..f54ba64e780 100644 --- a/python/ql/lib/semmle/python/frameworks/Tornado.qll +++ b/python/ql/lib/semmle/python/frameworks/Tornado.qll @@ -384,12 +384,12 @@ module Tornado { /** * A regex that is used to set up a route. * - * Needs this subclass to be considered a RegexString. + * Needs this subclass to be considered a RegExpInterpretation. */ - private class TornadoRouteRegex extends RegexString instanceof StrConst { + private class TornadoRouteRegex extends RegExpInterpretation::Range { TornadoRouteSetup setup; - TornadoRouteRegex() { setup.getUrlPatternArg().getALocalSource() = DataFlow::exprNode(this) } + TornadoRouteRegex() { this = setup.getUrlPatternArg() } TornadoRouteSetup getRouteSetup() { result = setup } } @@ -423,9 +423,10 @@ module Tornado { not result = requestHandler.getArg(0) ) or - exists(Function requestHandler, TornadoRouteRegex regex | + exists(Function requestHandler, TornadoRouteRegex regexUse, Regex regex | + regex.getAUse() = regexUse and requestHandler = this.getARequestHandler() and - regex.getRouteSetup() = this + regexUse.getRouteSetup() = this | // first group will have group number 1 result = requestHandler.getArg(regex.getGroupNumber(_, _)) diff --git a/python/ql/lib/semmle/python/regex.qll b/python/ql/lib/semmle/python/regex.qll index cc21ac104bf..8bb8c8b3ba4 100644 --- a/python/ql/lib/semmle/python/regex.qll +++ b/python/ql/lib/semmle/python/regex.qll @@ -1,6 +1,6 @@ import python private import semmle.python.ApiGraphs -// Need to import since frameworks can extend the abstract `RegexString` +// Need to import since frameworks can extend the abstract `RegExpInterpretation::Range` private import semmle.python.Frameworks private import semmle.python.Concepts as Concepts @@ -45,7 +45,7 @@ private API::Node relevant_re_member(string name) { * * This predicate has not done any data-flow tracking. */ -// TODO: This thing should be refactored, along with removing RegexString. +// TODO: This should only be used to get the `mode`, and nowhere else. predicate used_as_regex_internal(Expr e, string mode) { /* Call to re.xxx(regex, ... [mode]) */ exists(DataFlow::CallCfgNode call | @@ -70,24 +70,8 @@ predicate used_as_regex_internal(Expr e, string mode) { } private import regexp.internal.RegExpTracking as RegExpTracking - -/** - * Holds if the string-constant `s` ends up being used as a regex with the `re` module, with the regex-mode `mode` (if known). - * If regex mode is not known, `mode` will be `"None"`. - * - * This predicate has done data-flow tracking to find the string-constant that is used as a regex. - */ -predicate used_as_regex(Expr s, string mode) { - (s instanceof Bytes or s instanceof Unicode) and - exists(DataFlow::Node source, DataFlow::Node sink | - source = RegExpTracking::regExpSource(sink) and - used_as_regex_internal(sink.asExpr(), mode) and - s = source.asExpr() - ) -} - private import semmle.python.Concepts -private import semmle.python.RegexTreeView +private import semmle.python.regexp.RegexTreeView /** Gets a parsed regular expression term that is executed at `exec`. */ RegExpTerm getTermForExecution(RegexExecution exec) { @@ -137,16 +121,70 @@ private DataFlow::Node re_flag_tracker(string flag_name) { } /** Gets a regular expression mode flag associated with the given data flow node. */ +// TODO: Move this into a RegexFlag module, along with related code? string mode_from_node(DataFlow::Node node) { node = re_flag_tracker(result) } +/** Provides a class for modeling regular expression interpretations. */ +module RegExpInterpretation { + /** + * A node that is not a regular expression literal, but is used in places that + * may interpret it as one. Instances of this class are typically strings that + * flow to method calls like `re.compile`. + */ + abstract class Range extends DataFlow::Node { } +} + +/** + * A node interpreted as a regular expression. + * Speficically nodes where string values are interpreted as regular expressions. + */ +class StdLibRegExpInterpretation extends RegExpInterpretation::Range { + StdLibRegExpInterpretation() { + this = + API::moduleImport("re").getMember(any(string name | name != "escape")).getACall().getArg(0) + } +} + /** A StrConst used as a regular expression */ -abstract class RegexString extends Expr { - RegexString() { +deprecated class RegexString extends Regex { + RegexString() { this = RegExpTracking::regExpSource(_).asExpr() } +} + +/** A StrConst used as a regular expression */ +class Regex extends Expr { + DataFlow::Node sink; + + Regex() { (this instanceof Bytes or this instanceof Unicode) and + this = RegExpTracking::regExpSource(sink).asExpr() and // is part of the user code exists(this.getLocation().getFile().getRelativePath()) } + /** Gets a data-flow node where this string value is used as a regular expression. */ + DataFlow::Node getAUse() { result = sink } + + /** + * Gets a mode (if any) of this regular expression. Can be any of: + * DEBUG + * IGNORECASE + * LOCALE + * MULTILINE + * DOTALL + * UNICODE + * VERBOSE + */ + string getAMode() { + exists(string mode | + used_as_regex_internal(sink.asExpr(), mode) and + result != "None" and + result = mode + ) + or + result = this.getModeFromPrefix() + } + + // TODO: Refactor all of the below into a regex parsing file, similar to Ruby. /** * Helper predicate for `char_set_start(int start, int end)`. * @@ -1082,25 +1120,3 @@ abstract class RegexString extends Expr { this.lastPart(start, end) } } - -/** A StrConst used as a regular expression */ -class Regex extends RegexString { - Regex() { used_as_regex(this, _) } - - /** - * Gets a mode (if any) of this regular expression. Can be any of: - * DEBUG - * IGNORECASE - * LOCALE - * MULTILINE - * DOTALL - * UNICODE - * VERBOSE - */ - string getAMode() { - result != "None" and - used_as_regex(this, result) - or - result = this.getModeFromPrefix() - } -} diff --git a/python/ql/lib/semmle/python/regexp/RegexTreeView.qll b/python/ql/lib/semmle/python/regexp/RegexTreeView.qll new file mode 100644 index 00000000000..568ed73c12f --- /dev/null +++ b/python/ql/lib/semmle/python/regexp/RegexTreeView.qll @@ -0,0 +1,1090 @@ +/** Provides a class hierarchy corresponding to a parse tree of regular expressions. */ + +import python +private import semmle.python.regex +private import codeql.regex.nfa.NfaUtils as NfaUtils +private import codeql.regex.RegexTreeView +// exporting as RegexTreeView, and in the top-level scope. +import Impl as RegexTreeView +import Impl + +/** Gets the parse tree resulting from parsing `re`, if such has been constructed. */ +RegExpTerm getParsedRegExp(StrConst re) { result.getRegex() = re and result.isRootTerm() } + +/** + * An element containing a regular expression term, that is, either + * a string literal (parsed as a regular expression) + * or another regular expression term. + * + * For sequences and alternations, we require at least one child. + * Otherwise, we wish to represent the term differently. + * This avoids multiple representations of the same term. + */ +private newtype TRegExpParent = + /** A string literal used as a regular expression */ + TRegExpLiteral(Regex re) or + /** A quantified term */ + TRegExpQuantifier(Regex re, int start, int end) { re.qualifiedItem(start, end, _, _) } or + /** A sequence term */ + TRegExpSequence(Regex re, int start, int end) { + re.sequence(start, end) and + exists(seqChild(re, start, end, 1)) // if a sequence does not have more than one element, it should be treated as that element instead. + } or + /** An alternation term */ + TRegExpAlt(Regex re, int start, int end) { + re.alternation(start, end) and + exists(int part_end | + re.alternationOption(start, end, start, part_end) and + part_end < end + ) // if an alternation does not have more than one element, it should be treated as that element instead. + } or + /** A character class term */ + TRegExpCharacterClass(Regex re, int start, int end) { re.charSet(start, end) } or + /** A character range term */ + TRegExpCharacterRange(Regex re, int start, int end) { re.charRange(_, start, _, _, end) } or + /** A group term */ + TRegExpGroup(Regex re, int start, int end) { re.group(start, end) } or + /** A special character */ + TRegExpSpecialChar(Regex re, int start, int end) { re.specialCharacter(start, end, _) } or + /** A normal character */ + TRegExpNormalChar(Regex re, int start, int end) { + re.normalCharacterSequence(start, end) + or + re.escapedCharacter(start, end) and + not re.specialCharacter(start, end, _) + } or + /** A back reference */ + TRegExpBackRef(Regex re, int start, int end) { re.backreference(start, end) } + +pragma[nomagic] +private int seqChildEnd(Regex re, int start, int end, int i) { + result = seqChild(re, start, end, i).getEnd() +} + +// moved out so we can use it in the charpred +private RegExpTerm seqChild(Regex re, int start, int end, int i) { + re.sequence(start, end) and + ( + i = 0 and + result.getRegex() = re and + result.getStart() = start and + exists(int itemEnd | + re.item(start, itemEnd) and + result.getEnd() = itemEnd + ) + or + i > 0 and + result.getRegex() = re and + exists(int itemStart | itemStart = seqChildEnd(re, start, end, i - 1) | + result.getStart() = itemStart and + re.item(itemStart, result.getEnd()) + ) + ) +} + +/** An implementation that satisfies the RegexTreeView signature. */ +module Impl implements RegexTreeViewSig { + /** + * An element containing a regular expression term, that is, either + * a string literal (parsed as a regular expression) + * or another regular expression term. + */ + class RegExpParent extends TRegExpParent { + /** Gets a textual representation of this element. */ + string toString() { result = "RegExpParent" } + + /** Gets the `i`th child term. */ + abstract RegExpTerm getChild(int i); + + /** Gets a child term . */ + RegExpTerm getAChild() { result = this.getChild(_) } + + /** Gets the number of child terms. */ + int getNumChild() { result = count(this.getAChild()) } + + /** Gets the last child term of this element. */ + RegExpTerm getLastChild() { result = this.getChild(this.getNumChild() - 1) } + + /** Gets the associated regex. */ + abstract Regex getRegex(); + } + + /** A string literal used as a regular expression */ + class RegExpLiteral extends TRegExpLiteral, RegExpParent { + Regex re; + + RegExpLiteral() { this = TRegExpLiteral(re) } + + override RegExpTerm getChild(int i) { i = 0 and result.getRegex() = re and result.isRootTerm() } + + /** Holds if dot, `.`, matches all characters, including newlines. */ + predicate isDotAll() { re.getAMode() = "DOTALL" } + + /** Holds if this regex matching is case-insensitive for this regex. */ + predicate isIgnoreCase() { re.getAMode() = "IGNORECASE" } + + /** Get a string representing all modes for this regex. */ + string getFlags() { result = concat(string mode | mode = re.getAMode() | mode, " | ") } + + override Regex getRegex() { result = re } + + /** Gets the primary QL class for this regex. */ + string getPrimaryQLClass() { result = "RegExpLiteral" } + } + + /** + * A regular expression term, that is, a syntactic part of a regular expression. + */ + class RegExpTerm extends RegExpParent { + Regex re; + int start; + int end; + + RegExpTerm() { + this = TRegExpAlt(re, start, end) + or + this = TRegExpBackRef(re, start, end) + or + this = TRegExpCharacterClass(re, start, end) + or + this = TRegExpCharacterRange(re, start, end) + or + this = TRegExpNormalChar(re, start, end) + or + this = TRegExpGroup(re, start, end) + or + this = TRegExpQuantifier(re, start, end) + or + this = TRegExpSequence(re, start, end) + or + this = TRegExpSpecialChar(re, start, end) + } + + /** + * Gets the outermost term of this regular expression. + */ + RegExpTerm getRootTerm() { + this.isRootTerm() and result = this + or + result = this.getParent().(RegExpTerm).getRootTerm() + } + + /** + * Holds if this term is part of a string literal + * that is interpreted as a regular expression. + */ + predicate isUsedAsRegExp() { any() } + + /** + * Holds if this is the root term of a regular expression. + */ + predicate isRootTerm() { start = 0 and end = re.getText().length() } + + override RegExpTerm getChild(int i) { + result = this.(RegExpAlt).getChild(i) + or + result = this.(RegExpBackRef).getChild(i) + or + result = this.(RegExpCharacterClass).getChild(i) + or + result = this.(RegExpCharacterRange).getChild(i) + or + result = this.(RegExpNormalChar).getChild(i) + or + result = this.(RegExpGroup).getChild(i) + or + result = this.(RegExpQuantifier).getChild(i) + or + result = this.(RegExpSequence).getChild(i) + or + result = this.(RegExpSpecialChar).getChild(i) + } + + /** + * Gets the parent term of this regular expression term, or the + * regular expression literal if this is the root term. + */ + RegExpParent getParent() { result.getAChild() = this } + + override Regex getRegex() { result = re } + + /** Gets the offset at which this term starts. */ + int getStart() { result = start } + + /** Gets the offset at which this term ends. */ + int getEnd() { result = end } + + override string toString() { result = re.getText().substring(start, end) } + + /** + * Gets the location of the surrounding regex, as locations inside the regex do not exist. + * To get location information corresponding to the term inside the regex, + * use `hasLocationInfo`. + */ + Location getLocation() { result = re.getLocation() } + + /** Holds if this term is found at the specified location offsets. */ + predicate hasLocationInfo( + string filepath, int startline, int startcolumn, int endline, int endcolumn + ) { + exists(int re_start | + re.getLocation().hasLocationInfo(filepath, startline, re_start, endline, _) and + startcolumn = re_start + start + 4 and + endcolumn = re_start + end + 3 + ) + } + + /** Gets the file in which this term is found. */ + File getFile() { result = this.getLocation().getFile() } + + /** Gets the raw source text of this term. */ + string getRawValue() { result = this.toString() } + + /** Gets the string literal in which this term is found. */ + RegExpLiteral getLiteral() { result = TRegExpLiteral(re) } + + /** Gets the regular expression term that is matched (textually) before this one, if any. */ + RegExpTerm getPredecessor() { + exists(RegExpTerm parent | parent = this.getParent() | + result = parent.(RegExpSequence).previousElement(this) + or + not exists(parent.(RegExpSequence).previousElement(this)) and + not parent instanceof RegExpSubPattern and + result = parent.getPredecessor() + ) + } + + /** Gets the regular expression term that is matched (textually) after this one, if any. */ + RegExpTerm getSuccessor() { + exists(RegExpTerm parent | parent = this.getParent() | + result = parent.(RegExpSequence).nextElement(this) + or + not exists(parent.(RegExpSequence).nextElement(this)) and + not parent instanceof RegExpSubPattern and + result = parent.getSuccessor() + ) + } + + /** Gets the primary QL class for this term. */ + string getPrimaryQLClass() { result = "RegExpTerm" } + } + + /** + * A quantified regular expression term. + * + * Example: + * + * ``` + * ((ECMA|Java)[sS]cript)* + * ``` + */ + class RegExpQuantifier extends RegExpTerm, TRegExpQuantifier { + int part_end; + boolean may_repeat_forever; + + RegExpQuantifier() { + this = TRegExpQuantifier(re, start, end) and + re.qualifiedPart(start, part_end, end, _, may_repeat_forever) + } + + override RegExpTerm getChild(int i) { + i = 0 and + result.getRegex() = re and + result.getStart() = start and + result.getEnd() = part_end + } + + /** Hols if this term may match an unlimited number of times. */ + predicate mayRepeatForever() { may_repeat_forever = true } + + /** Gets the qualifier for this term. That is e.g "?" for "a?". */ + string getQualifier() { result = re.getText().substring(part_end, end) } + + override string getPrimaryQLClass() { result = "RegExpQuantifier" } + } + + /** + * A regular expression term that permits unlimited repetitions. + */ + class InfiniteRepetitionQuantifier extends RegExpQuantifier { + InfiniteRepetitionQuantifier() { this.mayRepeatForever() } + } + + /** + * A star-quantified term. + * + * Example: + * + * ``` + * \w* + * ``` + */ + class RegExpStar extends InfiniteRepetitionQuantifier { + RegExpStar() { this.getQualifier().charAt(0) = "*" } + + override string getPrimaryQLClass() { result = "RegExpStar" } + } + + /** + * A plus-quantified term. + * + * Example: + * + * ``` + * \w+ + * ``` + */ + class RegExpPlus extends InfiniteRepetitionQuantifier { + RegExpPlus() { this.getQualifier().charAt(0) = "+" } + + override string getPrimaryQLClass() { result = "RegExpPlus" } + } + + /** + * An optional term. + * + * Example: + * + * ``` + * ;? + * ``` + */ + class RegExpOpt extends RegExpQuantifier { + RegExpOpt() { this.getQualifier().charAt(0) = "?" } + + override string getPrimaryQLClass() { result = "RegExpOpt" } + } + + /** + * A range-quantified term + * + * Examples: + * + * ``` + * \w{2,4} + * \w{2,} + * \w{2} + * ``` + */ + class RegExpRange extends RegExpQuantifier { + string upper; + string lower; + + RegExpRange() { re.multiples(part_end, end, lower, upper) } + + /** Gets the string defining the upper bound of this range, if any. */ + string getUpper() { result = upper } + + /** Gets the string defining the lower bound of this range, if any. */ + string getLower() { result = lower } + + /** + * Gets the upper bound of the range, if any. + * + * If there is no upper bound, any number of repetitions is allowed. + * For a term of the form `r{lo}`, both the lower and the upper bound + * are `lo`. + */ + int getUpperBound() { result = this.getUpper().toInt() } + + /** Gets the lower bound of the range. */ + int getLowerBound() { result = this.getLower().toInt() } + + override string getPrimaryQLClass() { result = "RegExpRange" } + } + + /** + * A sequence term. + * + * Example: + * + * ``` + * (ECMA|Java)Script + * ``` + * + * This is a sequence with the elements `(ECMA|Java)` and `Script`. + */ + class RegExpSequence extends RegExpTerm, TRegExpSequence { + RegExpSequence() { this = TRegExpSequence(re, start, end) } + + override RegExpTerm getChild(int i) { result = seqChild(re, start, end, i) } + + /** Gets the element preceding `element` in this sequence. */ + RegExpTerm previousElement(RegExpTerm element) { element = this.nextElement(result) } + + /** Gets the element following `element` in this sequence. */ + RegExpTerm nextElement(RegExpTerm element) { + exists(int i | + element = this.getChild(i) and + result = this.getChild(i + 1) + ) + } + + override string getPrimaryQLClass() { result = "RegExpSequence" } + } + + /** + * An alternative term, that is, a term of the form `a|b`. + * + * Example: + * + * ``` + * ECMA|Java + * ``` + */ + class RegExpAlt extends RegExpTerm, TRegExpAlt { + RegExpAlt() { this = TRegExpAlt(re, start, end) } + + override RegExpTerm getChild(int i) { + i = 0 and + result.getRegex() = re and + result.getStart() = start and + exists(int part_end | + re.alternationOption(start, end, start, part_end) and + result.getEnd() = part_end + ) + or + i > 0 and + result.getRegex() = re and + exists(int part_start | + part_start = this.getChild(i - 1).getEnd() + 1 // allow for the | + | + result.getStart() = part_start and + re.alternationOption(start, end, part_start, result.getEnd()) + ) + } + + override string getPrimaryQLClass() { result = "RegExpAlt" } + } + + /** + * A character escape in a regular expression. + * + * Example: + * + * ``` + * \. + * ``` + */ + class RegExpCharEscape = RegExpEscape; + + private import codeql.util.Numbers as Numbers + + /** + * An escaped regular expression term, that is, a regular expression + * term starting with a backslash, which is not a backreference. + * + * Example: + * + * ``` + * \. + * \w + * ``` + */ + class RegExpEscape extends RegExpNormalChar { + RegExpEscape() { re.escapedCharacter(start, end) } + + /** + * Gets the name of the escaped; for example, `w` for `\w`. + * TODO: Handle named escapes. + */ + override string getValue() { + not this.isUnicode() and + this.isIdentityEscape() and + result = this.getUnescaped() + or + this.getUnescaped() = "n" and result = "\n" + or + this.getUnescaped() = "r" and result = "\r" + or + this.getUnescaped() = "t" and result = "\t" + or + this.getUnescaped() = "f" and result = 12.toUnicode() + or + this.getUnescaped() = "v" and result = 11.toUnicode() + or + this.isUnicode() and + result = this.getUnicode() + } + + /** Holds if this terms name is given by the part following the escape character. */ + predicate isIdentityEscape() { not this.getUnescaped() in ["n", "r", "t", "f"] } + + override string getPrimaryQLClass() { result = "RegExpEscape" } + + /** Gets the part of the term following the escape character. That is e.g. "w" if the term is "\w". */ + string getUnescaped() { result = this.getText().suffix(1) } + + /** + * Gets the text for this escape. That is e.g. "\w". + */ + private string getText() { result = re.getText().substring(start, end) } + + /** + * Holds if this is a unicode escape. + */ + private predicate isUnicode() { this.getText().prefix(2) = ["\\u", "\\U"] } + + private string getUnicode() { + result = Numbers::parseHexInt(this.getText().suffix(2)).toUnicode() + } + } + + /** + * A word boundary, that is, a regular expression term of the form `\b`. + */ + class RegExpWordBoundary extends RegExpSpecialChar { + RegExpWordBoundary() { this.getChar() = "\\b" } + } + + /** + * A non-word boundary, that is, a regular expression term of the form `\B`. + */ + class RegExpNonWordBoundary extends RegExpSpecialChar { + RegExpNonWordBoundary() { this.getChar() = "\\B" } + } + + /** + * A character class escape in a regular expression. + * That is, an escaped character that denotes multiple characters. + * + * Examples: + * + * ``` + * \w + * \S + * ``` + */ + class RegExpCharacterClassEscape extends RegExpEscape { + RegExpCharacterClassEscape() { this.getValue() in ["d", "D", "s", "S", "w", "W"] } + + override RegExpTerm getChild(int i) { none() } + + override string getPrimaryQLClass() { result = "RegExpCharacterClassEscape" } + } + + /** + * A character class in a regular expression. + * + * Examples: + * + * ``` + * [a-z_] + * [^<>&] + * ``` + */ + class RegExpCharacterClass extends RegExpTerm, TRegExpCharacterClass { + RegExpCharacterClass() { this = TRegExpCharacterClass(re, start, end) } + + /** Holds if this character class is inverted, matching the opposite of its content. */ + predicate isInverted() { re.getChar(start + 1) = "^" } + + /** Gets the `i`th char inside this charater class. */ + string getCharThing(int i) { result = re.getChar(i + start) } + + /** Holds if this character class can match anything. */ + predicate isUniversalClass() { + // [^] + this.isInverted() and not exists(this.getAChild()) + or + // [\w\W] and similar + not this.isInverted() and + exists(string cce1, string cce2 | + cce1 = this.getAChild().(RegExpCharacterClassEscape).getValue() and + cce2 = this.getAChild().(RegExpCharacterClassEscape).getValue() + | + cce1 != cce2 and cce1.toLowerCase() = cce2.toLowerCase() + ) + } + + override RegExpTerm getChild(int i) { + i = 0 and + result.getRegex() = re and + exists(int itemStart, int itemEnd | + result.getStart() = itemStart and + re.char_set_start(start, itemStart) and + re.char_set_child(start, itemStart, itemEnd) and + result.getEnd() = itemEnd + ) + or + i > 0 and + result.getRegex() = re and + exists(int itemStart | itemStart = this.getChild(i - 1).getEnd() | + result.getStart() = itemStart and + re.char_set_child(start, itemStart, result.getEnd()) + ) + } + + override string getPrimaryQLClass() { result = "RegExpCharacterClass" } + } + + /** + * A character range in a character class in a regular expression. + * + * Example: + * + * ``` + * a-z + * ``` + */ + class RegExpCharacterRange extends RegExpTerm, TRegExpCharacterRange { + int lower_end; + int upper_start; + + RegExpCharacterRange() { + this = TRegExpCharacterRange(re, start, end) and + re.charRange(_, start, lower_end, upper_start, end) + } + + /** Holds if this range goes from `lo` to `hi`, in effect is `lo-hi`. */ + predicate isRange(string lo, string hi) { + lo = re.getText().substring(start, lower_end) and + hi = re.getText().substring(upper_start, end) + } + + override RegExpTerm getChild(int i) { + i = 0 and + result.getRegex() = re and + result.getStart() = start and + result.getEnd() = lower_end + or + i = 1 and + result.getRegex() = re and + result.getStart() = upper_start and + result.getEnd() = end + } + + override string getPrimaryQLClass() { result = "RegExpCharacterRange" } + } + + /** + * A normal character in a regular expression, that is, a character + * without special meaning. This includes escaped characters. + * + * Examples: + * ``` + * t + * \t + * ``` + */ + additional class RegExpNormalChar extends RegExpTerm, TRegExpNormalChar { + RegExpNormalChar() { this = TRegExpNormalChar(re, start, end) } + + /** + * Holds if this constant represents a valid Unicode character (as opposed + * to a surrogate code point that does not correspond to a character by itself.) + */ + predicate isCharacter() { any() } + + /** Gets the string representation of the char matched by this term. */ + string getValue() { result = re.getText().substring(start, end) } + + override RegExpTerm getChild(int i) { none() } + + override string getPrimaryQLClass() { result = "RegExpNormalChar" } + } + + /** + * A constant regular expression term, that is, a regular expression + * term matching a single string. Currently, this will always be a single character. + * + * Example: + * + * ``` + * a + * ``` + */ + class RegExpConstant extends RegExpTerm { + string value; + + RegExpConstant() { + this = TRegExpNormalChar(re, start, end) and + not this instanceof RegExpCharacterClassEscape and + // exclude chars in qualifiers + // TODO: push this into regex library + not exists(int qstart, int qend | re.qualifiedPart(_, qstart, qend, _, _) | + qstart <= start and end <= qend + ) and + value = this.(RegExpNormalChar).getValue() + } + + /** + * Holds if this constant represents a valid Unicode character (as opposed + * to a surrogate code point that does not correspond to a character by itself.) + */ + predicate isCharacter() { any() } + + /** Gets the string matched by this constant term. */ + string getValue() { result = value } + + override RegExpTerm getChild(int i) { none() } + + override string getPrimaryQLClass() { result = "RegExpConstant" } + } + + /** + * A grouped regular expression. + * + * Examples: + * + * ``` + * (ECMA|Java) + * (?:ECMA|Java) + * (?['"]) + * ``` + */ + class RegExpGroup extends RegExpTerm, TRegExpGroup { + RegExpGroup() { this = TRegExpGroup(re, start, end) } + + /** + * Gets the index of this capture group within the enclosing regular + * expression literal. + * + * For example, in the regular expression `/((a?).)(?:b)/`, the + * group `((a?).)` has index 1, the group `(a?)` nested inside it + * has index 2, and the group `(?:b)` has no index, since it is + * not a capture group. + */ + int getNumber() { result = re.getGroupNumber(start, end) } + + /** Holds if this is a capture group. */ + predicate isCapture() { exists(this.getNumber()) } + + /** Holds if this is a named capture group. */ + predicate isNamed() { exists(this.getName()) } + + /** Gets the name of this capture group, if any. */ + string getName() { result = re.getGroupName(start, end) } + + override RegExpTerm getChild(int i) { + result.getRegex() = re and + i = 0 and + re.groupContents(start, end, result.getStart(), result.getEnd()) + } + + override string getPrimaryQLClass() { result = "RegExpGroup" } + } + + /** + * A special character in a regular expression. + * + * Examples: + * ``` + * ^ + * $ + * . + * ``` + */ + additional class RegExpSpecialChar extends RegExpTerm, TRegExpSpecialChar { + string char; + + RegExpSpecialChar() { + this = TRegExpSpecialChar(re, start, end) and + re.specialCharacter(start, end, char) + } + + /** + * Holds if this constant represents a valid Unicode character (as opposed + * to a surrogate code point that does not correspond to a character by itself.) + */ + predicate isCharacter() { any() } + + /** Gets the char for this term. */ + string getChar() { result = char } + + override RegExpTerm getChild(int i) { none() } + + override string getPrimaryQLClass() { result = "RegExpSpecialChar" } + } + + /** + * A dot regular expression. + * + * Example: + * + * ``` + * . + * ``` + */ + class RegExpDot extends RegExpSpecialChar { + RegExpDot() { this.getChar() = "." } + + override string getPrimaryQLClass() { result = "RegExpDot" } + } + + /** + * A term that matches a specific position between characters in the string. + * + * Example: + * + * ``` + * \A + * ``` + */ + class RegExpAnchor extends RegExpSpecialChar { + RegExpAnchor() { this.getChar() = ["\\A", "^", "$", "\\Z"] } + } + + /** + * A dollar assertion `$` or `\Z` matching the end of a line. + * + * Example: + * + * ``` + * $ + * ``` + */ + class RegExpDollar extends RegExpAnchor { + RegExpDollar() { this.getChar() = ["$", "\\Z"] } + + override string getPrimaryQLClass() { result = "RegExpDollar" } + } + + /** + * A caret assertion `^` or `\A` matching the beginning of a line. + * + * Example: + * + * ``` + * ^ + * ``` + */ + class RegExpCaret extends RegExpAnchor { + RegExpCaret() { this.getChar() = ["^", "\\A"] } + + override string getPrimaryQLClass() { result = "RegExpCaret" } + } + + /** + * A zero-width match, that is, either an empty group or an assertion. + * + * Examples: + * ``` + * () + * (?=\w) + * ``` + */ + additional class RegExpZeroWidthMatch extends RegExpGroup { + RegExpZeroWidthMatch() { re.zeroWidthMatch(start, end) } + + override RegExpTerm getChild(int i) { none() } + + override string getPrimaryQLClass() { result = "RegExpZeroWidthMatch" } + } + + /** + * A zero-width lookahead or lookbehind assertion. + * + * Examples: + * + * ``` + * (?=\w) + * (?!\n) + * (?<=\.) + * (?` + * in a regular expression. + * + * Examples: + * + * ``` + * \1 + * (?P=quote) + * ``` + */ + class RegExpBackRef extends RegExpTerm, TRegExpBackRef { + RegExpBackRef() { this = TRegExpBackRef(re, start, end) } + + /** + * Gets the number of the capture group this back reference refers to, if any. + */ + int getNumber() { result = re.getBackrefNumber(start, end) } + + /** + * Gets the name of the capture group this back reference refers to, if any. + */ + string getName() { result = re.getBackrefName(start, end) } + + /** Gets the capture group this back reference refers to. */ + RegExpGroup getGroup() { + this.hasLiteralAndNumber(result.getLiteral(), result.getNumber()) or + this.hasLiteralAndName(result.getLiteral(), result.getName()) + } + + /** Join-order helper for `getGroup`. */ + pragma[nomagic] + private predicate hasLiteralAndNumber(RegExpLiteral literal, int number) { + literal = this.getLiteral() and + number = this.getNumber() + } + + /** Join-order helper for `getGroup`. */ + pragma[nomagic] + private predicate hasLiteralAndName(RegExpLiteral literal, string name) { + literal = this.getLiteral() and + name = this.getName() + } + + override RegExpTerm getChild(int i) { none() } + + override string getPrimaryQLClass() { result = "RegExpBackRef" } + } + + class Top = RegExpParent; + + /** + * Holds if `term` is an escape class representing e.g. `\d`. + * `clazz` is which character class it represents, e.g. "d" for `\d`. + */ + predicate isEscapeClass(RegExpTerm term, string clazz) { + exists(RegExpCharacterClassEscape escape | term = escape | escape.getValue() = clazz) + } + + /** + * Holds if `term` is a possessive quantifier. + * As python's regexes do not support possessive quantifiers, this never holds, but is used by the shared library. + */ + predicate isPossessive(RegExpQuantifier term) { none() } + + /** + * Holds if the regex that `term` is part of is used in a way that ignores any leading prefix of the input it's matched against. + * Not yet implemented for Python. + */ + predicate matchesAnyPrefix(RegExpTerm term) { any() } + + /** + * Holds if the regex that `term` is part of is used in a way that ignores any trailing suffix of the input it's matched against. + * Not yet implemented for Python. + */ + predicate matchesAnySuffix(RegExpTerm term) { any() } + + /** + * Holds if the regular expression should not be considered. + * + * We make the pragmatic performance optimization to ignore regular expressions in files + * that does not belong to the project code (such as installed dependencies). + */ + predicate isExcluded(RegExpParent parent) { + not exists(parent.getRegex().getLocation().getFile().getRelativePath()) + or + // Regexes with many occurrences of ".*" may cause the polynomial ReDoS computation to explode, so + // we explicitly exclude these. + count(int i | exists(parent.getRegex().getText().regexpFind("\\.\\*", i, _)) | i) > 10 + } + + /** + * Holds if `root` has the `i` flag for case-insensitive matching. + */ + predicate isIgnoreCase(RegExpTerm root) { + root.isRootTerm() and + root.getLiteral().isIgnoreCase() + } + + /** + * Holds if `root` has the `s` flag for multi-line matching. + */ + predicate isDotAll(RegExpTerm root) { + root.isRootTerm() and + root.getLiteral().isDotAll() + } +} diff --git a/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll b/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll index 4751f97b0a7..fb67f0e8c2c 100644 --- a/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll +++ b/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll @@ -26,8 +26,7 @@ private import semmle.python.regex as Regex DataFlow::Node regSink() { result = any(Concepts::RegexExecution exec).getRegex() or - // TODO: Refactor into something nicer, and remove the above import of `semmle.python.regex` - Regex::used_as_regex_internal(result.asExpr(), _) + result instanceof Regex::RegExpInterpretation::Range } /** diff --git a/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSCustomizations.qll index 27bec743a5e..09d787de57f 100644 --- a/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSCustomizations.qll +++ b/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSCustomizations.qll @@ -11,7 +11,7 @@ private import semmle.python.dataflow.new.TaintTracking private import semmle.python.Concepts private import semmle.python.dataflow.new.RemoteFlowSources private import semmle.python.dataflow.new.BarrierGuards -private import semmle.python.RegexTreeView::RegexTreeView as TreeView +private import semmle.python.regexp.RegexTreeView::RegexTreeView as TreeView private import semmle.python.ApiGraphs private import semmle.python.regex diff --git a/python/ql/lib/semmle/python/security/regexp/HostnameRegex.qll b/python/ql/lib/semmle/python/security/regexp/HostnameRegex.qll index 1feffcc1087..e7ec80ac804 100644 --- a/python/ql/lib/semmle/python/security/regexp/HostnameRegex.qll +++ b/python/ql/lib/semmle/python/security/regexp/HostnameRegex.qll @@ -5,7 +5,7 @@ private import python private import semmle.python.dataflow.new.DataFlow -private import semmle.python.RegexTreeView::RegexTreeView as TreeImpl +private import semmle.python.regexp.RegexTreeView::RegexTreeView as TreeImpl private import semmle.python.dataflow.new.Regexp as Regexp private import codeql.regex.HostnameRegexp as Shared diff --git a/python/ql/src/Security/CWE-020/OverlyLargeRange.ql b/python/ql/src/Security/CWE-020/OverlyLargeRange.ql index 6bf7f41d8ed..25acc667430 100644 --- a/python/ql/src/Security/CWE-020/OverlyLargeRange.ql +++ b/python/ql/src/Security/CWE-020/OverlyLargeRange.ql @@ -12,7 +12,7 @@ * external/cwe/cwe-020 */ -private import semmle.python.RegexTreeView::RegexTreeView as TreeView +private import semmle.python.regexp.RegexTreeView::RegexTreeView as TreeView import codeql.regex.OverlyLargeRangeQuery::Make from TreeView::RegExpCharacterRange range, string reason diff --git a/python/ql/src/Security/CWE-116/BadTagFilter.ql b/python/ql/src/Security/CWE-116/BadTagFilter.ql index afcf73f357a..87620cd7ff2 100644 --- a/python/ql/src/Security/CWE-116/BadTagFilter.ql +++ b/python/ql/src/Security/CWE-116/BadTagFilter.ql @@ -14,7 +14,7 @@ * external/cwe/cwe-186 */ -private import semmle.python.RegexTreeView::RegexTreeView as TreeView +private import semmle.python.regexp.RegexTreeView::RegexTreeView as TreeView import codeql.regex.nfa.BadTagFilterQuery::Make from HtmlMatchingRegExp regexp, string msg diff --git a/python/ql/src/Security/CWE-730/ReDoS.ql b/python/ql/src/Security/CWE-730/ReDoS.ql index 4ba35c598da..e694aee6f3e 100644 --- a/python/ql/src/Security/CWE-730/ReDoS.ql +++ b/python/ql/src/Security/CWE-730/ReDoS.ql @@ -14,7 +14,7 @@ * external/cwe/cwe-400 */ -private import semmle.python.RegexTreeView::RegexTreeView as TreeView +private import semmle.python.regexp.RegexTreeView::RegexTreeView as TreeView import codeql.regex.nfa.ExponentialBackTracking::Make from TreeView::RegExpTerm t, string pump, State s, string prefixMsg diff --git a/python/ql/test/library-tests/regexparser/Consistency.ql b/python/ql/test/library-tests/regexparser/Consistency.ql index 54b2ca424fd..f5f0f860b58 100644 --- a/python/ql/test/library-tests/regexparser/Consistency.ql +++ b/python/ql/test/library-tests/regexparser/Consistency.ql @@ -3,7 +3,7 @@ */ import python -import semmle.python.RegexTreeView +import semmle.python.regexp.RegexTreeView from string str, int counter, Location loc where diff --git a/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialBackTracking.ql b/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialBackTracking.ql index 19c905be1fe..6153b6e72ec 100644 --- a/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialBackTracking.ql +++ b/python/ql/test/query-tests/Security/CWE-730-PolynomialReDoS/PolynomialBackTracking.ql @@ -1,5 +1,5 @@ import python -private import semmle.python.RegexTreeView::RegexTreeView as TreeView +private import semmle.python.regexp.RegexTreeView::RegexTreeView as TreeView import codeql.regex.nfa.SuperlinearBackTracking::Make from PolynomialBackTrackingTerm t From 556bb41999f40765277fd2dc7b344b0b329c7a3b Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Fri, 17 Mar 2023 17:58:24 +0100 Subject: [PATCH 091/870] move all code to find Regex flag into a module --- python/ql/lib/semmle/python/regex.qll | 211 ++++++++++++-------------- 1 file changed, 97 insertions(+), 114 deletions(-) diff --git a/python/ql/lib/semmle/python/regex.qll b/python/ql/lib/semmle/python/regex.qll index 8bb8c8b3ba4..6ef63a753dd 100644 --- a/python/ql/lib/semmle/python/regex.qll +++ b/python/ql/lib/semmle/python/regex.qll @@ -3,72 +3,6 @@ private import semmle.python.ApiGraphs // Need to import since frameworks can extend the abstract `RegExpInterpretation::Range` private import semmle.python.Frameworks private import semmle.python.Concepts as Concepts - -/** - * Gets the positional argument index containing the regular expression flags for the member of the - * `re` module with the name `name`. - */ -private int re_member_flags_arg(string name) { - name = "compile" and result = 1 - or - name = "search" and result = 2 - or - name = "match" and result = 2 - or - name = "split" and result = 3 - or - name = "findall" and result = 2 - or - name = "finditer" and result = 2 - or - name = "sub" and result = 4 - or - name = "subn" and result = 4 -} - -/** - * Gets the names and corresponding API nodes of members of the `re` module that are likely to be - * methods taking regular expressions as arguments. - * - * This is a helper predicate that fixes a bad join order, and should not be inlined without checking - * that this is safe. - */ -pragma[nomagic] -private API::Node relevant_re_member(string name) { - result = API::moduleImport("re").getMember(name) and - name != "escape" -} - -/** - * Holds if the expression `e` is used as a regex with the `re` module, with the regex-mode `mode` (if known). - * If regex mode is not known, `mode` will be `"None"`. - * - * This predicate has not done any data-flow tracking. - */ -// TODO: This should only be used to get the `mode`, and nowhere else. -predicate used_as_regex_internal(Expr e, string mode) { - /* Call to re.xxx(regex, ... [mode]) */ - exists(DataFlow::CallCfgNode call | - call instanceof Concepts::RegexExecution and - e = call.(Concepts::RegexExecution).getRegex().asExpr() - or - call.getArg(0).asExpr() = e and - call = relevant_re_member(_).getACall() - | - mode = "None" - or - exists(DataFlow::CallCfgNode callNode | - call = callNode and - mode = - mode_from_node([ - callNode - .getArg(re_member_flags_arg(callNode.(DataFlow::MethodCallNode).getMethodName())), - callNode.getArgByName("flags") - ]) - ) - ) -} - private import regexp.internal.RegExpTracking as RegExpTracking private import semmle.python.Concepts private import semmle.python.regexp.RegexTreeView @@ -81,49 +15,6 @@ RegExpTerm getTermForExecution(RegexExecution exec) { ) } -/** - * Gets the canonical name for the API graph node corresponding to the `re` flag `flag`. For flags - * that have multiple names, we pick the long-form name as a canonical representative. - */ -private string canonical_name(API::Node flag) { - result in ["ASCII", "IGNORECASE", "LOCALE", "UNICODE", "MULTILINE", "TEMPLATE"] and - flag = API::moduleImport("re").getMember([result, result.prefix(1)]) - or - flag = API::moduleImport("re").getMember(["DOTALL", "S"]) and result = "DOTALL" - or - flag = API::moduleImport("re").getMember(["VERBOSE", "X"]) and result = "VERBOSE" -} - -/** - * A type tracker for regular expression flag names. Holds if the result is a node that may refer - * to the `re` flag with the canonical name `flag_name` - */ -private DataFlow::TypeTrackingNode re_flag_tracker(string flag_name, DataFlow::TypeTracker t) { - t.start() and - exists(API::Node flag | flag_name = canonical_name(flag) and result = flag.asSource()) - or - exists(BinaryExprNode binop, DataFlow::Node operand | - operand.getALocalSource() = re_flag_tracker(flag_name, t.continue()) and - operand.asCfgNode() = binop.getAnOperand() and - (binop.getOp() instanceof BitOr or binop.getOp() instanceof Add) and - result.asCfgNode() = binop - ) - or - exists(DataFlow::TypeTracker t2 | result = re_flag_tracker(flag_name, t2).track(t2, t)) -} - -/** - * A type tracker for regular expression flag names. Holds if the result is a node that may refer - * to the `re` flag with the canonical name `flag_name` - */ -private DataFlow::Node re_flag_tracker(string flag_name) { - re_flag_tracker(flag_name, DataFlow::TypeTracker::end()).flowsTo(result) -} - -/** Gets a regular expression mode flag associated with the given data flow node. */ -// TODO: Move this into a RegexFlag module, along with related code? -string mode_from_node(DataFlow::Node node) { node = re_flag_tracker(result) } - /** Provides a class for modeling regular expression interpretations. */ module RegExpInterpretation { /** @@ -150,6 +41,102 @@ deprecated class RegexString extends Regex { RegexString() { this = RegExpTracking::regExpSource(_).asExpr() } } +/** Utility predicates for finding the mode of a regex based on where it's used. */ +private module FindRegexMode { + // TODO: Movev this (and Regex) into a ParseRegExp file. + /** + * Gets the mode of the regex `regex` based on the context where it's used. + * Does not find the mode if it's in a prefix inside the regex itself (see `Regex::getAMode`). + */ + string getAMode(Regex regex) { + exists(DataFlow::Node sink | + sink = regex.getAUse() and + /* Call to re.xxx(regex, ... [mode]) */ + exists(DataFlow::CallCfgNode call | + call instanceof Concepts::RegexExecution and + sink = call.(Concepts::RegexExecution).getRegex() + or + call.getArg(_) = sink and + sink instanceof RegExpInterpretation::Range + | + exists(DataFlow::CallCfgNode callNode | + call = callNode and + result = + mode_from_node([ + callNode + .getArg(re_member_flags_arg(callNode.(DataFlow::MethodCallNode).getMethodName())), + callNode.getArgByName("flags") + ]) + ) + ) + ) + } + + /** + * Gets the positional argument index containing the regular expression flags for the member of the + * `re` module with the name `name`. + */ + private int re_member_flags_arg(string name) { + name = "compile" and result = 1 + or + name = "search" and result = 2 + or + name = "match" and result = 2 + or + name = "split" and result = 3 + or + name = "findall" and result = 2 + or + name = "finditer" and result = 2 + or + name = "sub" and result = 4 + or + name = "subn" and result = 4 + } + + /** + * Gets the canonical name for the API graph node corresponding to the `re` flag `flag`. For flags + * that have multiple names, we pick the long-form name as a canonical representative. + */ + private string canonical_name(API::Node flag) { + result in ["ASCII", "IGNORECASE", "LOCALE", "UNICODE", "MULTILINE", "TEMPLATE"] and + flag = API::moduleImport("re").getMember([result, result.prefix(1)]) + or + flag = API::moduleImport("re").getMember(["DOTALL", "S"]) and result = "DOTALL" + or + flag = API::moduleImport("re").getMember(["VERBOSE", "X"]) and result = "VERBOSE" + } + + /** + * A type tracker for regular expression flag names. Holds if the result is a node that may refer + * to the `re` flag with the canonical name `flag_name` + */ + private DataFlow::TypeTrackingNode re_flag_tracker(string flag_name, DataFlow::TypeTracker t) { + t.start() and + exists(API::Node flag | flag_name = canonical_name(flag) and result = flag.asSource()) + or + exists(BinaryExprNode binop, DataFlow::Node operand | + operand.getALocalSource() = re_flag_tracker(flag_name, t.continue()) and + operand.asCfgNode() = binop.getAnOperand() and + (binop.getOp() instanceof BitOr or binop.getOp() instanceof Add) and + result.asCfgNode() = binop + ) + or + exists(DataFlow::TypeTracker t2 | result = re_flag_tracker(flag_name, t2).track(t2, t)) + } + + /** + * A type tracker for regular expression flag names. Holds if the result is a node that may refer + * to the `re` flag with the canonical name `flag_name` + */ + private DataFlow::Node re_flag_tracker(string flag_name) { + re_flag_tracker(flag_name, DataFlow::TypeTracker::end()).flowsTo(result) + } + + /** Gets a regular expression mode flag associated with the given data flow node. */ + private string mode_from_node(DataFlow::Node node) { node = re_flag_tracker(result) } +} + /** A StrConst used as a regular expression */ class Regex extends Expr { DataFlow::Node sink; @@ -175,11 +162,7 @@ class Regex extends Expr { * VERBOSE */ string getAMode() { - exists(string mode | - used_as_regex_internal(sink.asExpr(), mode) and - result != "None" and - result = mode - ) + result = FindRegexMode::getAMode(this) or result = this.getModeFromPrefix() } From 59cc90e547c545162daa1f9c8db6ab9f40664d2a Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Fri, 17 Mar 2023 18:20:12 +0100 Subject: [PATCH 092/870] move Regex into a ParseRegExp file, and rename the class to RegExp --- .../lib/semmle/python/frameworks/Django.qll | 2 +- .../lib/semmle/python/frameworks/Tornado.qll | 2 +- python/ql/lib/semmle/python/regex.qll | 1072 +---------------- .../semmle/python/regexp/RegexTreeView.qll | 34 +- .../python/regexp/internal/ParseRegExp.qll | 1070 ++++++++++++++++ .../src/Expressions/Regex/BackspaceEscape.ql | 2 +- .../Regex/DuplicateCharacterInSet.ql | 4 +- .../Regex/MissingPartSpecialGroup.ql | 2 +- .../src/Expressions/Regex/UnmatchableCaret.ql | 4 +- .../Expressions/Regex/UnmatchableDollar.ql | 4 +- 10 files changed, 1102 insertions(+), 1094 deletions(-) create mode 100644 python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll diff --git a/python/ql/lib/semmle/python/frameworks/Django.qll b/python/ql/lib/semmle/python/frameworks/Django.qll index 886357594a1..2240894a3f4 100644 --- a/python/ql/lib/semmle/python/frameworks/Django.qll +++ b/python/ql/lib/semmle/python/frameworks/Django.qll @@ -2512,7 +2512,7 @@ module PrivateDjango { any(int i | i < routeHandler.getFirstPossibleRoutedParamIndex() | routeHandler.getArg(i)) ) or - exists(DjangoRouteHandler routeHandler, DjangoRouteRegex regexUse, Regex regex | + exists(DjangoRouteHandler routeHandler, DjangoRouteRegex regexUse, RegExp regex | regex.getAUse() = regexUse and routeHandler = this.getARequestHandler() and regexUse.getRouteSetup() = this diff --git a/python/ql/lib/semmle/python/frameworks/Tornado.qll b/python/ql/lib/semmle/python/frameworks/Tornado.qll index f54ba64e780..12a69908f80 100644 --- a/python/ql/lib/semmle/python/frameworks/Tornado.qll +++ b/python/ql/lib/semmle/python/frameworks/Tornado.qll @@ -423,7 +423,7 @@ module Tornado { not result = requestHandler.getArg(0) ) or - exists(Function requestHandler, TornadoRouteRegex regexUse, Regex regex | + exists(Function requestHandler, TornadoRouteRegex regexUse, RegExp regex | regex.getAUse() = regexUse and requestHandler = this.getARequestHandler() and regexUse.getRouteSetup() = this diff --git a/python/ql/lib/semmle/python/regex.qll b/python/ql/lib/semmle/python/regex.qll index 6ef63a753dd..0dfc74b5e6f 100644 --- a/python/ql/lib/semmle/python/regex.qll +++ b/python/ql/lib/semmle/python/regex.qll @@ -1,14 +1,13 @@ import python -private import semmle.python.ApiGraphs // Need to import since frameworks can extend the abstract `RegExpInterpretation::Range` private import semmle.python.Frameworks -private import semmle.python.Concepts as Concepts private import regexp.internal.RegExpTracking as RegExpTracking -private import semmle.python.Concepts +private import semmle.python.Concepts as Concepts private import semmle.python.regexp.RegexTreeView +import regexp.internal.ParseRegExp /** Gets a parsed regular expression term that is executed at `exec`. */ -RegExpTerm getTermForExecution(RegexExecution exec) { +RegExpTerm getTermForExecution(Concepts::RegexExecution exec) { exists(DataFlow::Node source | source = RegExpTracking::regExpSource(exec.getRegex()) | result.getRegex() = source.asExpr() and result.isRootTerm() @@ -25,6 +24,8 @@ module RegExpInterpretation { abstract class Range extends DataFlow::Node { } } +private import semmle.python.ApiGraphs + /** * A node interpreted as a regular expression. * Speficically nodes where string values are interpreted as regular expressions. @@ -40,1066 +41,3 @@ class StdLibRegExpInterpretation extends RegExpInterpretation::Range { deprecated class RegexString extends Regex { RegexString() { this = RegExpTracking::regExpSource(_).asExpr() } } - -/** Utility predicates for finding the mode of a regex based on where it's used. */ -private module FindRegexMode { - // TODO: Movev this (and Regex) into a ParseRegExp file. - /** - * Gets the mode of the regex `regex` based on the context where it's used. - * Does not find the mode if it's in a prefix inside the regex itself (see `Regex::getAMode`). - */ - string getAMode(Regex regex) { - exists(DataFlow::Node sink | - sink = regex.getAUse() and - /* Call to re.xxx(regex, ... [mode]) */ - exists(DataFlow::CallCfgNode call | - call instanceof Concepts::RegexExecution and - sink = call.(Concepts::RegexExecution).getRegex() - or - call.getArg(_) = sink and - sink instanceof RegExpInterpretation::Range - | - exists(DataFlow::CallCfgNode callNode | - call = callNode and - result = - mode_from_node([ - callNode - .getArg(re_member_flags_arg(callNode.(DataFlow::MethodCallNode).getMethodName())), - callNode.getArgByName("flags") - ]) - ) - ) - ) - } - - /** - * Gets the positional argument index containing the regular expression flags for the member of the - * `re` module with the name `name`. - */ - private int re_member_flags_arg(string name) { - name = "compile" and result = 1 - or - name = "search" and result = 2 - or - name = "match" and result = 2 - or - name = "split" and result = 3 - or - name = "findall" and result = 2 - or - name = "finditer" and result = 2 - or - name = "sub" and result = 4 - or - name = "subn" and result = 4 - } - - /** - * Gets the canonical name for the API graph node corresponding to the `re` flag `flag`. For flags - * that have multiple names, we pick the long-form name as a canonical representative. - */ - private string canonical_name(API::Node flag) { - result in ["ASCII", "IGNORECASE", "LOCALE", "UNICODE", "MULTILINE", "TEMPLATE"] and - flag = API::moduleImport("re").getMember([result, result.prefix(1)]) - or - flag = API::moduleImport("re").getMember(["DOTALL", "S"]) and result = "DOTALL" - or - flag = API::moduleImport("re").getMember(["VERBOSE", "X"]) and result = "VERBOSE" - } - - /** - * A type tracker for regular expression flag names. Holds if the result is a node that may refer - * to the `re` flag with the canonical name `flag_name` - */ - private DataFlow::TypeTrackingNode re_flag_tracker(string flag_name, DataFlow::TypeTracker t) { - t.start() and - exists(API::Node flag | flag_name = canonical_name(flag) and result = flag.asSource()) - or - exists(BinaryExprNode binop, DataFlow::Node operand | - operand.getALocalSource() = re_flag_tracker(flag_name, t.continue()) and - operand.asCfgNode() = binop.getAnOperand() and - (binop.getOp() instanceof BitOr or binop.getOp() instanceof Add) and - result.asCfgNode() = binop - ) - or - exists(DataFlow::TypeTracker t2 | result = re_flag_tracker(flag_name, t2).track(t2, t)) - } - - /** - * A type tracker for regular expression flag names. Holds if the result is a node that may refer - * to the `re` flag with the canonical name `flag_name` - */ - private DataFlow::Node re_flag_tracker(string flag_name) { - re_flag_tracker(flag_name, DataFlow::TypeTracker::end()).flowsTo(result) - } - - /** Gets a regular expression mode flag associated with the given data flow node. */ - private string mode_from_node(DataFlow::Node node) { node = re_flag_tracker(result) } -} - -/** A StrConst used as a regular expression */ -class Regex extends Expr { - DataFlow::Node sink; - - Regex() { - (this instanceof Bytes or this instanceof Unicode) and - this = RegExpTracking::regExpSource(sink).asExpr() and - // is part of the user code - exists(this.getLocation().getFile().getRelativePath()) - } - - /** Gets a data-flow node where this string value is used as a regular expression. */ - DataFlow::Node getAUse() { result = sink } - - /** - * Gets a mode (if any) of this regular expression. Can be any of: - * DEBUG - * IGNORECASE - * LOCALE - * MULTILINE - * DOTALL - * UNICODE - * VERBOSE - */ - string getAMode() { - result = FindRegexMode::getAMode(this) - or - result = this.getModeFromPrefix() - } - - // TODO: Refactor all of the below into a regex parsing file, similar to Ruby. - /** - * Helper predicate for `char_set_start(int start, int end)`. - * - * In order to identify left brackets ('[') which actually start a character class, - * we perform a left to right scan of the string. - * - * To avoid negative recursion we return a boolean. See `escaping`, - * the helper for `escapingChar`, for a clean use of this pattern. - * - * result is true for those start chars that actually mark a start of a char set. - */ - boolean char_set_start(int pos) { - exists(int index | - // is opening bracket - this.char_set_delimiter(index, pos) = true and - ( - // if this is the first bracket, `pos` starts a char set - index = 1 and result = true - or - // if the previous char set delimiter was not a closing bracket, `pos` does - // not start a char set. This is needed to handle cases such as `[[]` (a - // char set that matches the `[` char) - index > 1 and - not this.char_set_delimiter(index - 1, _) = false and - result = false - or - // special handling of cases such as `[][]` (the character-set of the characters `]` and `[`). - exists(int prev_closing_bracket_pos | - // previous bracket is a closing bracket - this.char_set_delimiter(index - 1, prev_closing_bracket_pos) = false and - if - // check if the character that comes before the previous closing bracket - // is an opening bracket (taking `^` into account) - exists(int pos_before_prev_closing_bracket | - if this.getChar(prev_closing_bracket_pos - 1) = "^" - then pos_before_prev_closing_bracket = prev_closing_bracket_pos - 2 - else pos_before_prev_closing_bracket = prev_closing_bracket_pos - 1 - | - this.char_set_delimiter(index - 2, pos_before_prev_closing_bracket) = true - ) - then - // brackets without anything in between is not valid character ranges, so - // the first closing bracket in `[]]` and `[^]]` does not count, - // - // and we should _not_ mark the second opening bracket in `[][]` and `[^][]` - // as starting a new char set. ^ ^ - exists(int pos_before_prev_closing_bracket | - this.char_set_delimiter(index - 2, pos_before_prev_closing_bracket) = true - | - result = this.char_set_start(pos_before_prev_closing_bracket).booleanNot() - ) - else - // if not, `pos` does in fact mark a real start of a character range - result = true - ) - ) - ) - } - - /** - * Helper predicate for chars that could be character-set delimiters. - * Holds if the (non-escaped) char at `pos` in the string, is the (one-based) `index` occurrence of a bracket (`[` or `]`) in the string. - * Result if `true` is the char is `[`, and `false` if the char is `]`. - */ - boolean char_set_delimiter(int index, int pos) { - pos = rank[index](int p | this.nonEscapedCharAt(p) = "[" or this.nonEscapedCharAt(p) = "]") and - ( - this.nonEscapedCharAt(pos) = "[" and result = true - or - this.nonEscapedCharAt(pos) = "]" and result = false - ) - } - - /** Holds if a character set starts between `start` and `end`. */ - predicate char_set_start(int start, int end) { - this.char_set_start(start) = true and - ( - this.getChar(start + 1) = "^" and end = start + 2 - or - not this.getChar(start + 1) = "^" and end = start + 1 - ) - } - - /** Whether there is a character class, between start (inclusive) and end (exclusive) */ - predicate charSet(int start, int end) { - exists(int inner_start | - this.char_set_start(start, inner_start) and - not this.char_set_start(_, start) - | - end - 1 = min(int i | this.nonEscapedCharAt(i) = "]" and inner_start < i) - ) - } - - /** An indexed version of `char_set_token/3` */ - private predicate char_set_token(int charset_start, int index, int token_start, int token_end) { - token_start = - rank[index](int start, int end | this.char_set_token(charset_start, start, end) | start) and - this.char_set_token(charset_start, token_start, token_end) - } - - /** Either a char or a - */ - private predicate char_set_token(int charset_start, int start, int end) { - this.char_set_start(charset_start, start) and - ( - this.escapedCharacter(start, end) - or - exists(this.nonEscapedCharAt(start)) and end = start + 1 - ) - or - this.char_set_token(charset_start, _, start) and - ( - this.escapedCharacter(start, end) - or - exists(this.nonEscapedCharAt(start)) and - end = start + 1 and - not this.getChar(start) = "]" - ) - } - - /** - * Holds if the character set starting at `charset_start` contains either - * a character or a range found between `start` and `end`. - */ - predicate char_set_child(int charset_start, int start, int end) { - this.char_set_token(charset_start, start, end) and - not exists(int range_start, int range_end | - this.charRange(charset_start, range_start, _, _, range_end) and - range_start <= start and - range_end >= end - ) - or - this.charRange(charset_start, start, _, _, end) - } - - /** - * Holds if the character set starting at `charset_start` contains a character range - * with lower bound found between `start` and `lower_end` - * and upper bound found between `upper_start` and `end`. - */ - predicate charRange(int charset_start, int start, int lower_end, int upper_start, int end) { - exists(int index | - this.charRangeEnd(charset_start, index) = true and - this.char_set_token(charset_start, index - 2, start, lower_end) and - this.char_set_token(charset_start, index, upper_start, end) - ) - } - - /** - * Helper predicate for `charRange`. - * We can determine where character ranges end by a left to right sweep. - * - * To avoid negative recursion we return a boolean. See `escaping`, - * the helper for `escapingChar`, for a clean use of this pattern. - */ - private boolean charRangeEnd(int charset_start, int index) { - this.char_set_token(charset_start, index, _, _) and - ( - index in [1, 2] and result = false - or - index > 2 and - exists(int connector_start | - this.char_set_token(charset_start, index - 1, connector_start, _) and - this.nonEscapedCharAt(connector_start) = "-" and - result = - this.charRangeEnd(charset_start, index - 2) - .booleanNot() - .booleanAnd(this.charRangeEnd(charset_start, index - 1).booleanNot()) - ) - or - not exists(int connector_start | - this.char_set_token(charset_start, index - 1, connector_start, _) and - this.nonEscapedCharAt(connector_start) = "-" - ) and - result = false - ) - } - - /** Holds if the character at `pos` is a "\" that is actually escaping what comes after. */ - predicate escapingChar(int pos) { this.escaping(pos) = true } - - /** - * Helper predicate for `escapingChar`. - * In order to avoid negative recursion, we return a boolean. - * This way, we can refer to `escaping(pos - 1).booleanNot()` - * rather than to a negated version of `escaping(pos)`. - */ - private boolean escaping(int pos) { - pos = -1 and result = false - or - this.getChar(pos) = "\\" and result = this.escaping(pos - 1).booleanNot() - or - this.getChar(pos) != "\\" and result = false - } - - /** Gets the text of this regex */ - string getText() { - result = this.(Unicode).getS() - or - result = this.(Bytes).getS() - } - - /** Gets the `i`th character of this regex */ - string getChar(int i) { result = this.getText().charAt(i) } - - /** Gets the `i`th character of this regex, unless it is part of a character escape sequence. */ - string nonEscapedCharAt(int i) { - result = this.getText().charAt(i) and - not exists(int x, int y | this.escapedCharacter(x, y) and i in [x .. y - 1]) - } - - private predicate isOptionDivider(int i) { this.nonEscapedCharAt(i) = "|" } - - private predicate isGroupEnd(int i) { this.nonEscapedCharAt(i) = ")" and not this.inCharSet(i) } - - private predicate isGroupStart(int i) { this.nonEscapedCharAt(i) = "(" and not this.inCharSet(i) } - - /** - * Holds if the `i`th character could not be parsed. - */ - predicate failedToParse(int i) { - exists(this.getChar(i)) and - not exists(int start, int end | - this.top_level(start, end) and - start <= i and - end > i - ) - } - - /** Named unicode characters, eg \N{degree sign} */ - private predicate escapedName(int start, int end) { - this.escapingChar(start) and - this.getChar(start + 1) = "N" and - this.getChar(start + 2) = "{" and - end - 1 = min(int i | start + 2 < i and this.getChar(i) = "}") - } - - /** - * Holds if an escaped character is found between `start` and `end`. - * Escaped characters include hex values, octal values and named escapes, - * but excludes backreferences. - */ - predicate escapedCharacter(int start, int end) { - this.escapingChar(start) and - not this.numbered_backreference(start, _, _) and - ( - // hex value \xhh - this.getChar(start + 1) = "x" and end = start + 4 - or - // octal value \o, \oo, or \ooo - end in [start + 2 .. start + 4] and - forall(int i | i in [start + 1 .. end - 1] | this.isOctal(i)) and - not ( - end < start + 4 and - this.isOctal(end) - ) - or - // 16-bit hex value \uhhhh - this.getChar(start + 1) = "u" and end = start + 6 - or - // 32-bit hex value \Uhhhhhhhh - this.getChar(start + 1) = "U" and end = start + 10 - or - this.escapedName(start, end) - or - // escape not handled above, update when adding a new case - not this.getChar(start + 1) in ["x", "u", "U", "N"] and - not exists(this.getChar(start + 1).toInt()) and - end = start + 2 - ) - } - - pragma[inline] - private predicate isOctal(int index) { this.getChar(index) = [0 .. 7].toString() } - - /** Holds if `index` is inside a character set. */ - predicate inCharSet(int index) { - exists(int x, int y | this.charSet(x, y) and index in [x + 1 .. y - 2]) - } - - /** - * 'simple' characters are any that don't alter the parsing of the regex. - */ - private predicate simpleCharacter(int start, int end) { - end = start + 1 and - not this.charSet(start, _) and - not this.charSet(_, start + 1) and - exists(string c | c = this.getChar(start) | - exists(int x, int y, int z | - this.charSet(x, z) and - this.char_set_start(x, y) - | - start = y - or - start = z - 2 - or - start > y and start < z - 2 and not this.charRange(_, _, start, end, _) - ) - or - not this.inCharSet(start) and - not c = "(" and - not c = "[" and - not c = ")" and - not c = "|" and - not this.qualifier(start, _, _, _) - ) - } - - /** - * Holds if a simple or escaped character is found between `start` and `end`. - */ - predicate character(int start, int end) { - ( - this.simpleCharacter(start, end) and - not exists(int x, int y | this.escapedCharacter(x, y) and x <= start and y >= end) - or - this.escapedCharacter(start, end) - ) and - not exists(int x, int y | this.group_start(x, y) and x <= start and y >= end) and - not exists(int x, int y | this.backreference(x, y) and x <= start and y >= end) - } - - /** - * Holds if a normal character is found between `start` and `end`. - */ - predicate normalCharacter(int start, int end) { - end = start + 1 and - this.character(start, end) and - not this.specialCharacter(start, end, _) - } - - /** - * Holds if a special character is found between `start` and `end`. - */ - predicate specialCharacter(int start, int end, string char) { - not this.inCharSet(start) and - this.character(start, end) and - ( - end = start + 1 and - char = this.getChar(start) and - (char = "$" or char = "^" or char = ".") - or - end = start + 2 and - this.escapingChar(start) and - char = this.getText().substring(start, end) and - char = ["\\A", "\\Z", "\\b", "\\B"] - ) - } - - /** - * Holds if the range [start:end) consists of only 'normal' characters. - */ - predicate normalCharacterSequence(int start, int end) { - // a normal character inside a character set is interpreted on its own - this.normalCharacter(start, end) and - this.inCharSet(start) - or - // a maximal run of normal characters is considered as one constant - exists(int s, int e | - e = max(int i | this.normalCharacterRun(s, i)) and - not this.inCharSet(s) - | - // 'abc' can be considered one constant, but - // 'abc+' has to be broken up into 'ab' and 'c+', - // as the qualifier only applies to 'c'. - if this.qualifier(e, _, _, _) - then - end = e and start = e - 1 - or - end = e - 1 and start = s and start < end - else ( - end = e and - start = s - ) - ) - } - - private predicate normalCharacterRun(int start, int end) { - ( - this.normalCharacterRun(start, end - 1) - or - start = end - 1 and not this.normalCharacter(start - 1, start) - ) and - this.normalCharacter(end - 1, end) - } - - private predicate characterItem(int start, int end) { - this.normalCharacterSequence(start, end) or - this.escapedCharacter(start, end) or - this.specialCharacter(start, end, _) - } - - /** Whether the text in the range `start,end` is a group */ - predicate group(int start, int end) { - this.groupContents(start, end, _, _) - or - this.emptyGroup(start, end) - } - - /** Gets the number of the group in start,end */ - int getGroupNumber(int start, int end) { - this.group(start, end) and - not this.non_capturing_group_start(start, _) and - result = - count(int i | this.group(i, _) and i < start and not this.non_capturing_group_start(i, _)) + 1 - } - - /** Gets the name, if it has one, of the group in start,end */ - string getGroupName(int start, int end) { - this.group(start, end) and - exists(int name_end | - this.named_group_start(start, name_end) and - result = this.getText().substring(start + 4, name_end - 1) - ) - } - - /** Whether the text in the range start, end is a group and can match the empty string. */ - predicate zeroWidthMatch(int start, int end) { - this.emptyGroup(start, end) - or - this.negativeAssertionGroup(start, end) - or - this.positiveLookaheadAssertionGroup(start, end) - or - this.positiveLookbehindAssertionGroup(start, end) - } - - /** Holds if an empty group is found between `start` and `end`. */ - predicate emptyGroup(int start, int end) { - exists(int endm1 | end = endm1 + 1 | - this.group_start(start, endm1) and - this.isGroupEnd(endm1) - ) - } - - private predicate emptyMatchAtStartGroup(int start, int end) { - this.emptyGroup(start, end) - or - this.negativeAssertionGroup(start, end) - or - this.positiveLookaheadAssertionGroup(start, end) - } - - private predicate emptyMatchAtEndGroup(int start, int end) { - this.emptyGroup(start, end) - or - this.negativeAssertionGroup(start, end) - or - this.positiveLookbehindAssertionGroup(start, end) - } - - private predicate negativeAssertionGroup(int start, int end) { - exists(int in_start | - this.negative_lookahead_assertion_start(start, in_start) - or - this.negative_lookbehind_assertion_start(start, in_start) - | - this.groupContents(start, end, in_start, _) - ) - } - - /** Holds if a negative lookahead is found between `start` and `end` */ - predicate negativeLookaheadAssertionGroup(int start, int end) { - exists(int in_start | this.negative_lookahead_assertion_start(start, in_start) | - this.groupContents(start, end, in_start, _) - ) - } - - /** Holds if a negative lookbehind is found between `start` and `end` */ - predicate negativeLookbehindAssertionGroup(int start, int end) { - exists(int in_start | this.negative_lookbehind_assertion_start(start, in_start) | - this.groupContents(start, end, in_start, _) - ) - } - - /** Holds if a positive lookahead is found between `start` and `end` */ - predicate positiveLookaheadAssertionGroup(int start, int end) { - exists(int in_start | this.lookahead_assertion_start(start, in_start) | - this.groupContents(start, end, in_start, _) - ) - } - - /** Holds if a positive lookbehind is found between `start` and `end` */ - predicate positiveLookbehindAssertionGroup(int start, int end) { - exists(int in_start | this.lookbehind_assertion_start(start, in_start) | - this.groupContents(start, end, in_start, _) - ) - } - - private predicate group_start(int start, int end) { - this.non_capturing_group_start(start, end) - or - this.flag_group_start(start, end, _) - or - this.named_group_start(start, end) - or - this.named_backreference_start(start, end) - or - this.lookahead_assertion_start(start, end) - or - this.negative_lookahead_assertion_start(start, end) - or - this.lookbehind_assertion_start(start, end) - or - this.negative_lookbehind_assertion_start(start, end) - or - this.comment_group_start(start, end) - or - this.simple_group_start(start, end) - } - - /** Matches the start of a non-capturing group, e.g. `(?:` */ - private predicate non_capturing_group_start(int start, int end) { - this.isGroupStart(start) and - this.getChar(start + 1) = "?" and - this.getChar(start + 2) = ":" and - end = start + 3 - } - - /** Matches the start of a simple group, e.g. `(a+)`. */ - private predicate simple_group_start(int start, int end) { - this.isGroupStart(start) and - this.getChar(start + 1) != "?" and - end = start + 1 - } - - /** - * Matches the start of a named group, such as: - * - `(?\w+)` - * - `(?'name'\w+)` - */ - private predicate named_group_start(int start, int end) { - this.isGroupStart(start) and - this.getChar(start + 1) = "?" and - this.getChar(start + 2) = "P" and - this.getChar(start + 3) = "<" and - not this.getChar(start + 4) = "=" and - not this.getChar(start + 4) = "!" and - exists(int name_end | - name_end = min(int i | i > start + 4 and this.getChar(i) = ">") and - end = name_end + 1 - ) - } - - private predicate named_backreference_start(int start, int end) { - this.isGroupStart(start) and - this.getChar(start + 1) = "?" and - this.getChar(start + 2) = "P" and - this.getChar(start + 3) = "=" and - // Should this be looking for unescaped ")"? - // TODO: test this - end = min(int i | i > start + 4 and this.getChar(i) = "?") - } - - private predicate flag_group_start(int start, int end, string c) { - this.isGroupStart(start) and - this.getChar(start + 1) = "?" and - end = start + 3 and - c = this.getChar(start + 2) and - c in ["i", "L", "m", "s", "u", "x"] - } - - /** - * Gets the mode of this regular expression string if - * it is defined by a prefix. - */ - string getModeFromPrefix() { - exists(string c | this.flag_group_start(_, _, c) | - c = "i" and result = "IGNORECASE" - or - c = "L" and result = "LOCALE" - or - c = "m" and result = "MULTILINE" - or - c = "s" and result = "DOTALL" - or - c = "u" and result = "UNICODE" - or - c = "x" and result = "VERBOSE" - ) - } - - /** Matches the start of a positive lookahead assertion, i.e. `(?=`. */ - private predicate lookahead_assertion_start(int start, int end) { - this.isGroupStart(start) and - this.getChar(start + 1) = "?" and - this.getChar(start + 2) = "=" and - end = start + 3 - } - - /** Matches the start of a negative lookahead assertion, i.e. `(?!`. */ - private predicate negative_lookahead_assertion_start(int start, int end) { - this.isGroupStart(start) and - this.getChar(start + 1) = "?" and - this.getChar(start + 2) = "!" and - end = start + 3 - } - - /** Matches the start of a positive lookbehind assertion, i.e. `(?<=`. */ - private predicate lookbehind_assertion_start(int start, int end) { - this.isGroupStart(start) and - this.getChar(start + 1) = "?" and - this.getChar(start + 2) = "<" and - this.getChar(start + 3) = "=" and - end = start + 4 - } - - /** Matches the start of a negative lookbehind assertion, i.e. `(?`. */ - private predicate named_backreference(int start, int end, string name) { - this.named_backreference_start(start, start + 4) and - end = min(int i | i > start + 4 and this.getChar(i) = ")") + 1 and - name = this.getText().substring(start + 4, end - 2) - } - - /** Matches a numbered backreference, e.g. `\1`. */ - private predicate numbered_backreference(int start, int end, int value) { - this.escapingChar(start) and - // starting with 0 makes it an octal escape - not this.getChar(start + 1) = "0" and - exists(string text, string svalue, int len | - end = start + len and - text = this.getText() and - len in [2 .. 3] - | - svalue = text.substring(start + 1, start + len) and - value = svalue.toInt() and - // value is composed of digits - forall(int i | i in [start + 1 .. start + len - 1] | this.getChar(i) = [0 .. 9].toString()) and - // a longer reference is not possible - not ( - len = 2 and - exists(text.substring(start + 1, start + len + 1).toInt()) - ) and - // 3 octal digits makes it an octal escape - not forall(int i | i in [start + 1 .. start + 4] | this.isOctal(i)) - // TODO: Inside a character set, all numeric escapes are treated as characters. - ) - } - - /** Whether the text in the range `start,end` is a back reference */ - predicate backreference(int start, int end) { - this.numbered_backreference(start, end, _) - or - this.named_backreference(start, end, _) - } - - /** Gets the number of the back reference in start,end */ - int getBackrefNumber(int start, int end) { this.numbered_backreference(start, end, result) } - - /** Gets the name, if it has one, of the back reference in start,end */ - string getBackrefName(int start, int end) { this.named_backreference(start, end, result) } - - private predicate baseItem(int start, int end) { - this.characterItem(start, end) and - not exists(int x, int y | this.charSet(x, y) and x <= start and y >= end) - or - this.group(start, end) - or - this.charSet(start, end) - or - this.backreference(start, end) - } - - private predicate qualifier(int start, int end, boolean maybe_empty, boolean may_repeat_forever) { - this.short_qualifier(start, end, maybe_empty, may_repeat_forever) and - not this.getChar(end) = "?" - or - exists(int short_end | this.short_qualifier(start, short_end, maybe_empty, may_repeat_forever) | - if this.getChar(short_end) = "?" then end = short_end + 1 else end = short_end - ) - } - - private predicate short_qualifier( - int start, int end, boolean maybe_empty, boolean may_repeat_forever - ) { - ( - this.getChar(start) = "+" and maybe_empty = false and may_repeat_forever = true - or - this.getChar(start) = "*" and maybe_empty = true and may_repeat_forever = true - or - this.getChar(start) = "?" and maybe_empty = true and may_repeat_forever = false - ) and - end = start + 1 - or - exists(string lower, string upper | - this.multiples(start, end, lower, upper) and - (if lower = "" or lower.toInt() = 0 then maybe_empty = true else maybe_empty = false) and - if upper = "" then may_repeat_forever = true else may_repeat_forever = false - ) - } - - /** - * Holds if a repetition quantifier is found between `start` and `end`, - * with the given lower and upper bounds. If a bound is omitted, the corresponding - * string is empty. - */ - predicate multiples(int start, int end, string lower, string upper) { - exists(string text, string match, string inner | - text = this.getText() and - end = start + match.length() and - inner = match.substring(1, match.length() - 1) - | - match = text.regexpFind("\\{[0-9]+\\}", _, start) and - lower = inner and - upper = lower - or - match = text.regexpFind("\\{[0-9]*,[0-9]*\\}", _, start) and - exists(int commaIndex | - commaIndex = inner.indexOf(",") and - lower = inner.prefix(commaIndex) and - upper = inner.suffix(commaIndex + 1) - ) - ) - } - - /** - * Whether the text in the range start,end is a qualified item, where item is a character, - * a character set or a group. - */ - predicate qualifiedItem(int start, int end, boolean maybe_empty, boolean may_repeat_forever) { - this.qualifiedPart(start, _, end, maybe_empty, may_repeat_forever) - } - - /** - * Holds if a qualified part is found between `start` and `part_end` and the qualifier is - * found between `part_end` and `end`. - * - * `maybe_empty` is true if the part is optional. - * `may_repeat_forever` is true if the part may be repeated unboundedly. - */ - predicate qualifiedPart( - int start, int part_end, int end, boolean maybe_empty, boolean may_repeat_forever - ) { - this.baseItem(start, part_end) and - this.qualifier(part_end, end, maybe_empty, may_repeat_forever) - } - - /** Holds if the range `start`, `end` contains a character, a quantifier, a character set or a group. */ - predicate item(int start, int end) { - this.qualifiedItem(start, end, _, _) - or - this.baseItem(start, end) and not this.qualifier(end, _, _, _) - } - - private predicate subsequence(int start, int end) { - ( - start = 0 or - this.group_start(_, start) or - this.isOptionDivider(start - 1) - ) and - this.item(start, end) - or - exists(int mid | - this.subsequence(start, mid) and - this.item(mid, end) - ) - } - - /** - * Whether the text in the range start,end is a sequence of 1 or more items, where an item is a character, - * a character set or a group. - */ - predicate sequence(int start, int end) { - this.sequenceOrQualified(start, end) and - not this.qualifiedItem(start, end, _, _) - } - - private predicate sequenceOrQualified(int start, int end) { - this.subsequence(start, end) and - not this.item_start(end) - } - - private predicate item_start(int start) { - this.characterItem(start, _) or - this.isGroupStart(start) or - this.charSet(start, _) or - this.backreference(start, _) - } - - private predicate item_end(int end) { - this.characterItem(_, end) - or - exists(int endm1 | this.isGroupEnd(endm1) and end = endm1 + 1) - or - this.charSet(_, end) - or - this.qualifier(_, end, _, _) - } - - private predicate top_level(int start, int end) { - this.subalternation(start, end, _) and - not this.isOptionDivider(end) - } - - private predicate subalternation(int start, int end, int item_start) { - this.sequenceOrQualified(start, end) and - not this.isOptionDivider(start - 1) and - item_start = start - or - start = end and - not this.item_end(start) and - this.isOptionDivider(end) and - item_start = start - or - exists(int mid | - this.subalternation(start, mid, _) and - this.isOptionDivider(mid) and - item_start = mid + 1 - | - this.sequenceOrQualified(item_start, end) - or - not this.item_start(end) and end = item_start - ) - } - - /** - * Whether the text in the range start,end is an alternation - */ - predicate alternation(int start, int end) { - this.top_level(start, end) and - exists(int less | this.subalternation(start, less, _) and less < end) - } - - /** - * Whether the text in the range start,end is an alternation and the text in part_start, part_end is one of the - * options in that alternation. - */ - predicate alternationOption(int start, int end, int part_start, int part_end) { - this.alternation(start, end) and - this.subalternation(start, part_end, part_start) - } - - /** A part of the regex that may match the start of the string. */ - private predicate firstPart(int start, int end) { - start = 0 and end = this.getText().length() - or - exists(int x | this.firstPart(x, end) | - this.emptyMatchAtStartGroup(x, start) or - this.qualifiedItem(x, start, true, _) or - // ^ and \A match the start of the string - this.specialCharacter(x, start, ["^", "\\A"]) - ) - or - exists(int y | this.firstPart(start, y) | - this.item(start, end) - or - this.qualifiedPart(start, end, y, _, _) - ) - or - exists(int x, int y | this.firstPart(x, y) | - this.groupContents(x, y, start, end) - or - this.alternationOption(x, y, start, end) - ) - } - - /** A part of the regex that may match the end of the string. */ - private predicate lastPart(int start, int end) { - start = 0 and end = this.getText().length() - or - exists(int y | this.lastPart(start, y) | - this.emptyMatchAtEndGroup(end, y) - or - this.qualifiedItem(end, y, true, _) - or - // $ and \Z match the end of the string. - this.specialCharacter(end, y, ["$", "\\Z"]) - ) - or - this.lastPart(_, end) and - this.item(start, end) - or - exists(int y | this.lastPart(start, y) | this.qualifiedPart(start, end, y, _, _)) - or - exists(int x, int y | this.lastPart(x, y) | - this.groupContents(x, y, start, end) - or - this.alternationOption(x, y, start, end) - ) - } - - /** - * Whether the item at [start, end) is one of the first items - * to be matched. - */ - predicate firstItem(int start, int end) { - ( - this.characterItem(start, end) - or - this.qualifiedItem(start, end, _, _) - or - this.charSet(start, end) - ) and - this.firstPart(start, end) - } - - /** - * Whether the item at [start, end) is one of the last items - * to be matched. - */ - predicate lastItem(int start, int end) { - ( - this.characterItem(start, end) - or - this.qualifiedItem(start, end, _, _) - or - this.charSet(start, end) - ) and - this.lastPart(start, end) - } -} diff --git a/python/ql/lib/semmle/python/regexp/RegexTreeView.qll b/python/ql/lib/semmle/python/regexp/RegexTreeView.qll index 568ed73c12f..192476274a3 100644 --- a/python/ql/lib/semmle/python/regexp/RegexTreeView.qll +++ b/python/ql/lib/semmle/python/regexp/RegexTreeView.qll @@ -22,16 +22,16 @@ RegExpTerm getParsedRegExp(StrConst re) { result.getRegex() = re and result.isRo */ private newtype TRegExpParent = /** A string literal used as a regular expression */ - TRegExpLiteral(Regex re) or + TRegExpLiteral(RegExp re) or /** A quantified term */ - TRegExpQuantifier(Regex re, int start, int end) { re.qualifiedItem(start, end, _, _) } or + TRegExpQuantifier(RegExp re, int start, int end) { re.qualifiedItem(start, end, _, _) } or /** A sequence term */ - TRegExpSequence(Regex re, int start, int end) { + TRegExpSequence(RegExp re, int start, int end) { re.sequence(start, end) and exists(seqChild(re, start, end, 1)) // if a sequence does not have more than one element, it should be treated as that element instead. } or /** An alternation term */ - TRegExpAlt(Regex re, int start, int end) { + TRegExpAlt(RegExp re, int start, int end) { re.alternation(start, end) and exists(int part_end | re.alternationOption(start, end, start, part_end) and @@ -39,30 +39,30 @@ private newtype TRegExpParent = ) // if an alternation does not have more than one element, it should be treated as that element instead. } or /** A character class term */ - TRegExpCharacterClass(Regex re, int start, int end) { re.charSet(start, end) } or + TRegExpCharacterClass(RegExp re, int start, int end) { re.charSet(start, end) } or /** A character range term */ - TRegExpCharacterRange(Regex re, int start, int end) { re.charRange(_, start, _, _, end) } or + TRegExpCharacterRange(RegExp re, int start, int end) { re.charRange(_, start, _, _, end) } or /** A group term */ - TRegExpGroup(Regex re, int start, int end) { re.group(start, end) } or + TRegExpGroup(RegExp re, int start, int end) { re.group(start, end) } or /** A special character */ - TRegExpSpecialChar(Regex re, int start, int end) { re.specialCharacter(start, end, _) } or + TRegExpSpecialChar(RegExp re, int start, int end) { re.specialCharacter(start, end, _) } or /** A normal character */ - TRegExpNormalChar(Regex re, int start, int end) { + TRegExpNormalChar(RegExp re, int start, int end) { re.normalCharacterSequence(start, end) or re.escapedCharacter(start, end) and not re.specialCharacter(start, end, _) } or /** A back reference */ - TRegExpBackRef(Regex re, int start, int end) { re.backreference(start, end) } + TRegExpBackRef(RegExp re, int start, int end) { re.backreference(start, end) } pragma[nomagic] -private int seqChildEnd(Regex re, int start, int end, int i) { +private int seqChildEnd(RegExp re, int start, int end, int i) { result = seqChild(re, start, end, i).getEnd() } // moved out so we can use it in the charpred -private RegExpTerm seqChild(Regex re, int start, int end, int i) { +private RegExpTerm seqChild(RegExp re, int start, int end, int i) { re.sequence(start, end) and ( i = 0 and @@ -106,12 +106,12 @@ module Impl implements RegexTreeViewSig { RegExpTerm getLastChild() { result = this.getChild(this.getNumChild() - 1) } /** Gets the associated regex. */ - abstract Regex getRegex(); + abstract RegExp getRegex(); } /** A string literal used as a regular expression */ class RegExpLiteral extends TRegExpLiteral, RegExpParent { - Regex re; + RegExp re; RegExpLiteral() { this = TRegExpLiteral(re) } @@ -126,7 +126,7 @@ module Impl implements RegexTreeViewSig { /** Get a string representing all modes for this regex. */ string getFlags() { result = concat(string mode | mode = re.getAMode() | mode, " | ") } - override Regex getRegex() { result = re } + override RegExp getRegex() { result = re } /** Gets the primary QL class for this regex. */ string getPrimaryQLClass() { result = "RegExpLiteral" } @@ -136,7 +136,7 @@ module Impl implements RegexTreeViewSig { * A regular expression term, that is, a syntactic part of a regular expression. */ class RegExpTerm extends RegExpParent { - Regex re; + RegExp re; int start; int end; @@ -206,7 +206,7 @@ module Impl implements RegexTreeViewSig { */ RegExpParent getParent() { result.getAChild() = this } - override Regex getRegex() { result = re } + override RegExp getRegex() { result = re } /** Gets the offset at which this term starts. */ int getStart() { result = start } diff --git a/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll b/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll new file mode 100644 index 00000000000..7606743ea07 --- /dev/null +++ b/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll @@ -0,0 +1,1070 @@ +import python +private import semmle.python.dataflow.new.DataFlow +private import semmle.python.Concepts as Concepts +private import semmle.python.regex +private import semmle.python.ApiGraphs +private import semmle.python.regexp.internal.RegExpTracking as RegExpTracking + +/** Utility predicates for finding the mode of a regex based on where it's used. */ +private module FindRegexMode { + /** + * Gets the mode of the regex `regex` based on the context where it's used. + * Does not find the mode if it's in a prefix inside the regex itself (see `Regex::getAMode`). + */ + string getAMode(RegExp regex) { + exists(DataFlow::Node sink | + sink = regex.getAUse() and + /* Call to re.xxx(regex, ... [mode]) */ + exists(DataFlow::CallCfgNode call | + call instanceof Concepts::RegexExecution and + sink = call.(Concepts::RegexExecution).getRegex() + or + call.getArg(_) = sink and + sink instanceof RegExpInterpretation::Range + | + exists(DataFlow::CallCfgNode callNode | + call = callNode and + result = + mode_from_node([ + callNode + .getArg(re_member_flags_arg(callNode.(DataFlow::MethodCallNode).getMethodName())), + callNode.getArgByName("flags") + ]) + ) + ) + ) + } + + /** + * Gets the positional argument index containing the regular expression flags for the member of the + * `re` module with the name `name`. + */ + private int re_member_flags_arg(string name) { + name = "compile" and result = 1 + or + name = "search" and result = 2 + or + name = "match" and result = 2 + or + name = "split" and result = 3 + or + name = "findall" and result = 2 + or + name = "finditer" and result = 2 + or + name = "sub" and result = 4 + or + name = "subn" and result = 4 + } + + /** + * Gets the canonical name for the API graph node corresponding to the `re` flag `flag`. For flags + * that have multiple names, we pick the long-form name as a canonical representative. + */ + private string canonical_name(API::Node flag) { + result in ["ASCII", "IGNORECASE", "LOCALE", "UNICODE", "MULTILINE", "TEMPLATE"] and + flag = API::moduleImport("re").getMember([result, result.prefix(1)]) + or + flag = API::moduleImport("re").getMember(["DOTALL", "S"]) and result = "DOTALL" + or + flag = API::moduleImport("re").getMember(["VERBOSE", "X"]) and result = "VERBOSE" + } + + /** + * A type tracker for regular expression flag names. Holds if the result is a node that may refer + * to the `re` flag with the canonical name `flag_name` + */ + private DataFlow::TypeTrackingNode re_flag_tracker(string flag_name, DataFlow::TypeTracker t) { + t.start() and + exists(API::Node flag | flag_name = canonical_name(flag) and result = flag.asSource()) + or + exists(BinaryExprNode binop, DataFlow::Node operand | + operand.getALocalSource() = re_flag_tracker(flag_name, t.continue()) and + operand.asCfgNode() = binop.getAnOperand() and + (binop.getOp() instanceof BitOr or binop.getOp() instanceof Add) and + result.asCfgNode() = binop + ) + or + exists(DataFlow::TypeTracker t2 | result = re_flag_tracker(flag_name, t2).track(t2, t)) + } + + /** + * A type tracker for regular expression flag names. Holds if the result is a node that may refer + * to the `re` flag with the canonical name `flag_name` + */ + private DataFlow::Node re_flag_tracker(string flag_name) { + re_flag_tracker(flag_name, DataFlow::TypeTracker::end()).flowsTo(result) + } + + /** Gets a regular expression mode flag associated with the given data flow node. */ + private string mode_from_node(DataFlow::Node node) { node = re_flag_tracker(result) } +} + +/** + * DEPRECATED: Use `Regex` instead. + */ +deprecated class Regex = RegExp; + +/** A StrConst used as a regular expression */ +class RegExp extends Expr { + DataFlow::Node use; + + RegExp() { + (this instanceof Bytes or this instanceof Unicode) and + this = RegExpTracking::regExpSource(use).asExpr() + } + + /** Gets a data-flow node where this string value is used as a regular expression. */ + DataFlow::Node getAUse() { result = use } + + /** + * Gets a mode (if any) of this regular expression. Can be any of: + * DEBUG + * IGNORECASE + * LOCALE + * MULTILINE + * DOTALL + * UNICODE + * VERBOSE + */ + string getAMode() { + result = FindRegexMode::getAMode(this) + or + result = this.getModeFromPrefix() + } + + /** + * Helper predicate for `char_set_start(int start, int end)`. + * + * In order to identify left brackets ('[') which actually start a character class, + * we perform a left to right scan of the string. + * + * To avoid negative recursion we return a boolean. See `escaping`, + * the helper for `escapingChar`, for a clean use of this pattern. + * + * result is true for those start chars that actually mark a start of a char set. + */ + boolean char_set_start(int pos) { + exists(int index | + // is opening bracket + this.char_set_delimiter(index, pos) = true and + ( + // if this is the first bracket, `pos` starts a char set + index = 1 and result = true + or + // if the previous char set delimiter was not a closing bracket, `pos` does + // not start a char set. This is needed to handle cases such as `[[]` (a + // char set that matches the `[` char) + index > 1 and + not this.char_set_delimiter(index - 1, _) = false and + result = false + or + // special handling of cases such as `[][]` (the character-set of the characters `]` and `[`). + exists(int prev_closing_bracket_pos | + // previous bracket is a closing bracket + this.char_set_delimiter(index - 1, prev_closing_bracket_pos) = false and + if + // check if the character that comes before the previous closing bracket + // is an opening bracket (taking `^` into account) + exists(int pos_before_prev_closing_bracket | + if this.getChar(prev_closing_bracket_pos - 1) = "^" + then pos_before_prev_closing_bracket = prev_closing_bracket_pos - 2 + else pos_before_prev_closing_bracket = prev_closing_bracket_pos - 1 + | + this.char_set_delimiter(index - 2, pos_before_prev_closing_bracket) = true + ) + then + // brackets without anything in between is not valid character ranges, so + // the first closing bracket in `[]]` and `[^]]` does not count, + // + // and we should _not_ mark the second opening bracket in `[][]` and `[^][]` + // as starting a new char set. ^ ^ + exists(int pos_before_prev_closing_bracket | + this.char_set_delimiter(index - 2, pos_before_prev_closing_bracket) = true + | + result = this.char_set_start(pos_before_prev_closing_bracket).booleanNot() + ) + else + // if not, `pos` does in fact mark a real start of a character range + result = true + ) + ) + ) + } + + /** + * Helper predicate for chars that could be character-set delimiters. + * Holds if the (non-escaped) char at `pos` in the string, is the (one-based) `index` occurrence of a bracket (`[` or `]`) in the string. + * Result if `true` is the char is `[`, and `false` if the char is `]`. + */ + boolean char_set_delimiter(int index, int pos) { + pos = rank[index](int p | this.nonEscapedCharAt(p) = "[" or this.nonEscapedCharAt(p) = "]") and + ( + this.nonEscapedCharAt(pos) = "[" and result = true + or + this.nonEscapedCharAt(pos) = "]" and result = false + ) + } + + /** Holds if a character set starts between `start` and `end`. */ + predicate char_set_start(int start, int end) { + this.char_set_start(start) = true and + ( + this.getChar(start + 1) = "^" and end = start + 2 + or + not this.getChar(start + 1) = "^" and end = start + 1 + ) + } + + /** Whether there is a character class, between start (inclusive) and end (exclusive) */ + predicate charSet(int start, int end) { + exists(int inner_start | + this.char_set_start(start, inner_start) and + not this.char_set_start(_, start) + | + end - 1 = min(int i | this.nonEscapedCharAt(i) = "]" and inner_start < i) + ) + } + + /** An indexed version of `char_set_token/3` */ + private predicate char_set_token(int charset_start, int index, int token_start, int token_end) { + token_start = + rank[index](int start, int end | this.char_set_token(charset_start, start, end) | start) and + this.char_set_token(charset_start, token_start, token_end) + } + + /** Either a char or a - */ + private predicate char_set_token(int charset_start, int start, int end) { + this.char_set_start(charset_start, start) and + ( + this.escapedCharacter(start, end) + or + exists(this.nonEscapedCharAt(start)) and end = start + 1 + ) + or + this.char_set_token(charset_start, _, start) and + ( + this.escapedCharacter(start, end) + or + exists(this.nonEscapedCharAt(start)) and + end = start + 1 and + not this.getChar(start) = "]" + ) + } + + /** + * Holds if the character set starting at `charset_start` contains either + * a character or a range found between `start` and `end`. + */ + predicate char_set_child(int charset_start, int start, int end) { + this.char_set_token(charset_start, start, end) and + not exists(int range_start, int range_end | + this.charRange(charset_start, range_start, _, _, range_end) and + range_start <= start and + range_end >= end + ) + or + this.charRange(charset_start, start, _, _, end) + } + + /** + * Holds if the character set starting at `charset_start` contains a character range + * with lower bound found between `start` and `lower_end` + * and upper bound found between `upper_start` and `end`. + */ + predicate charRange(int charset_start, int start, int lower_end, int upper_start, int end) { + exists(int index | + this.charRangeEnd(charset_start, index) = true and + this.char_set_token(charset_start, index - 2, start, lower_end) and + this.char_set_token(charset_start, index, upper_start, end) + ) + } + + /** + * Helper predicate for `charRange`. + * We can determine where character ranges end by a left to right sweep. + * + * To avoid negative recursion we return a boolean. See `escaping`, + * the helper for `escapingChar`, for a clean use of this pattern. + */ + private boolean charRangeEnd(int charset_start, int index) { + this.char_set_token(charset_start, index, _, _) and + ( + index in [1, 2] and result = false + or + index > 2 and + exists(int connector_start | + this.char_set_token(charset_start, index - 1, connector_start, _) and + this.nonEscapedCharAt(connector_start) = "-" and + result = + this.charRangeEnd(charset_start, index - 2) + .booleanNot() + .booleanAnd(this.charRangeEnd(charset_start, index - 1).booleanNot()) + ) + or + not exists(int connector_start | + this.char_set_token(charset_start, index - 1, connector_start, _) and + this.nonEscapedCharAt(connector_start) = "-" + ) and + result = false + ) + } + + /** Holds if the character at `pos` is a "\" that is actually escaping what comes after. */ + predicate escapingChar(int pos) { this.escaping(pos) = true } + + /** + * Helper predicate for `escapingChar`. + * In order to avoid negative recursion, we return a boolean. + * This way, we can refer to `escaping(pos - 1).booleanNot()` + * rather than to a negated version of `escaping(pos)`. + */ + private boolean escaping(int pos) { + pos = -1 and result = false + or + this.getChar(pos) = "\\" and result = this.escaping(pos - 1).booleanNot() + or + this.getChar(pos) != "\\" and result = false + } + + /** Gets the text of this regex */ + string getText() { + result = this.(Unicode).getS() + or + result = this.(Bytes).getS() + } + + /** Gets the `i`th character of this regex */ + string getChar(int i) { result = this.getText().charAt(i) } + + /** Gets the `i`th character of this regex, unless it is part of a character escape sequence. */ + string nonEscapedCharAt(int i) { + result = this.getText().charAt(i) and + not exists(int x, int y | this.escapedCharacter(x, y) and i in [x .. y - 1]) + } + + private predicate isOptionDivider(int i) { this.nonEscapedCharAt(i) = "|" } + + private predicate isGroupEnd(int i) { this.nonEscapedCharAt(i) = ")" and not this.inCharSet(i) } + + private predicate isGroupStart(int i) { this.nonEscapedCharAt(i) = "(" and not this.inCharSet(i) } + + /** + * Holds if the `i`th character could not be parsed. + */ + predicate failedToParse(int i) { + exists(this.getChar(i)) and + not exists(int start, int end | + this.top_level(start, end) and + start <= i and + end > i + ) + } + + /** Named unicode characters, eg \N{degree sign} */ + private predicate escapedName(int start, int end) { + this.escapingChar(start) and + this.getChar(start + 1) = "N" and + this.getChar(start + 2) = "{" and + end - 1 = min(int i | start + 2 < i and this.getChar(i) = "}") + } + + /** + * Holds if an escaped character is found between `start` and `end`. + * Escaped characters include hex values, octal values and named escapes, + * but excludes backreferences. + */ + predicate escapedCharacter(int start, int end) { + this.escapingChar(start) and + not this.numbered_backreference(start, _, _) and + ( + // hex value \xhh + this.getChar(start + 1) = "x" and end = start + 4 + or + // octal value \o, \oo, or \ooo + end in [start + 2 .. start + 4] and + forall(int i | i in [start + 1 .. end - 1] | this.isOctal(i)) and + not ( + end < start + 4 and + this.isOctal(end) + ) + or + // 16-bit hex value \uhhhh + this.getChar(start + 1) = "u" and end = start + 6 + or + // 32-bit hex value \Uhhhhhhhh + this.getChar(start + 1) = "U" and end = start + 10 + or + this.escapedName(start, end) + or + // escape not handled above, update when adding a new case + not this.getChar(start + 1) in ["x", "u", "U", "N"] and + not exists(this.getChar(start + 1).toInt()) and + end = start + 2 + ) + } + + pragma[inline] + private predicate isOctal(int index) { this.getChar(index) = [0 .. 7].toString() } + + /** Holds if `index` is inside a character set. */ + predicate inCharSet(int index) { + exists(int x, int y | this.charSet(x, y) and index in [x + 1 .. y - 2]) + } + + /** + * 'simple' characters are any that don't alter the parsing of the regex. + */ + private predicate simpleCharacter(int start, int end) { + end = start + 1 and + not this.charSet(start, _) and + not this.charSet(_, start + 1) and + exists(string c | c = this.getChar(start) | + exists(int x, int y, int z | + this.charSet(x, z) and + this.char_set_start(x, y) + | + start = y + or + start = z - 2 + or + start > y and start < z - 2 and not this.charRange(_, _, start, end, _) + ) + or + not this.inCharSet(start) and + not c = "(" and + not c = "[" and + not c = ")" and + not c = "|" and + not this.qualifier(start, _, _, _) + ) + } + + /** + * Holds if a simple or escaped character is found between `start` and `end`. + */ + predicate character(int start, int end) { + ( + this.simpleCharacter(start, end) and + not exists(int x, int y | this.escapedCharacter(x, y) and x <= start and y >= end) + or + this.escapedCharacter(start, end) + ) and + not exists(int x, int y | this.group_start(x, y) and x <= start and y >= end) and + not exists(int x, int y | this.backreference(x, y) and x <= start and y >= end) + } + + /** + * Holds if a normal character is found between `start` and `end`. + */ + predicate normalCharacter(int start, int end) { + end = start + 1 and + this.character(start, end) and + not this.specialCharacter(start, end, _) + } + + /** + * Holds if a special character is found between `start` and `end`. + */ + predicate specialCharacter(int start, int end, string char) { + not this.inCharSet(start) and + this.character(start, end) and + ( + end = start + 1 and + char = this.getChar(start) and + (char = "$" or char = "^" or char = ".") + or + end = start + 2 and + this.escapingChar(start) and + char = this.getText().substring(start, end) and + char = ["\\A", "\\Z", "\\b", "\\B"] + ) + } + + /** + * Holds if the range [start:end) consists of only 'normal' characters. + */ + predicate normalCharacterSequence(int start, int end) { + // a normal character inside a character set is interpreted on its own + this.normalCharacter(start, end) and + this.inCharSet(start) + or + // a maximal run of normal characters is considered as one constant + exists(int s, int e | + e = max(int i | this.normalCharacterRun(s, i)) and + not this.inCharSet(s) + | + // 'abc' can be considered one constant, but + // 'abc+' has to be broken up into 'ab' and 'c+', + // as the qualifier only applies to 'c'. + if this.qualifier(e, _, _, _) + then + end = e and start = e - 1 + or + end = e - 1 and start = s and start < end + else ( + end = e and + start = s + ) + ) + } + + private predicate normalCharacterRun(int start, int end) { + ( + this.normalCharacterRun(start, end - 1) + or + start = end - 1 and not this.normalCharacter(start - 1, start) + ) and + this.normalCharacter(end - 1, end) + } + + private predicate characterItem(int start, int end) { + this.normalCharacterSequence(start, end) or + this.escapedCharacter(start, end) or + this.specialCharacter(start, end, _) + } + + /** Whether the text in the range `start,end` is a group */ + predicate group(int start, int end) { + this.groupContents(start, end, _, _) + or + this.emptyGroup(start, end) + } + + /** Gets the number of the group in start,end */ + int getGroupNumber(int start, int end) { + this.group(start, end) and + not this.non_capturing_group_start(start, _) and + result = + count(int i | this.group(i, _) and i < start and not this.non_capturing_group_start(i, _)) + 1 + } + + /** Gets the name, if it has one, of the group in start,end */ + string getGroupName(int start, int end) { + this.group(start, end) and + exists(int name_end | + this.named_group_start(start, name_end) and + result = this.getText().substring(start + 4, name_end - 1) + ) + } + + /** Whether the text in the range start, end is a group and can match the empty string. */ + predicate zeroWidthMatch(int start, int end) { + this.emptyGroup(start, end) + or + this.negativeAssertionGroup(start, end) + or + this.positiveLookaheadAssertionGroup(start, end) + or + this.positiveLookbehindAssertionGroup(start, end) + } + + /** Holds if an empty group is found between `start` and `end`. */ + predicate emptyGroup(int start, int end) { + exists(int endm1 | end = endm1 + 1 | + this.group_start(start, endm1) and + this.isGroupEnd(endm1) + ) + } + + private predicate emptyMatchAtStartGroup(int start, int end) { + this.emptyGroup(start, end) + or + this.negativeAssertionGroup(start, end) + or + this.positiveLookaheadAssertionGroup(start, end) + } + + private predicate emptyMatchAtEndGroup(int start, int end) { + this.emptyGroup(start, end) + or + this.negativeAssertionGroup(start, end) + or + this.positiveLookbehindAssertionGroup(start, end) + } + + private predicate negativeAssertionGroup(int start, int end) { + exists(int in_start | + this.negative_lookahead_assertion_start(start, in_start) + or + this.negative_lookbehind_assertion_start(start, in_start) + | + this.groupContents(start, end, in_start, _) + ) + } + + /** Holds if a negative lookahead is found between `start` and `end` */ + predicate negativeLookaheadAssertionGroup(int start, int end) { + exists(int in_start | this.negative_lookahead_assertion_start(start, in_start) | + this.groupContents(start, end, in_start, _) + ) + } + + /** Holds if a negative lookbehind is found between `start` and `end` */ + predicate negativeLookbehindAssertionGroup(int start, int end) { + exists(int in_start | this.negative_lookbehind_assertion_start(start, in_start) | + this.groupContents(start, end, in_start, _) + ) + } + + /** Holds if a positive lookahead is found between `start` and `end` */ + predicate positiveLookaheadAssertionGroup(int start, int end) { + exists(int in_start | this.lookahead_assertion_start(start, in_start) | + this.groupContents(start, end, in_start, _) + ) + } + + /** Holds if a positive lookbehind is found between `start` and `end` */ + predicate positiveLookbehindAssertionGroup(int start, int end) { + exists(int in_start | this.lookbehind_assertion_start(start, in_start) | + this.groupContents(start, end, in_start, _) + ) + } + + private predicate group_start(int start, int end) { + this.non_capturing_group_start(start, end) + or + this.flag_group_start(start, end, _) + or + this.named_group_start(start, end) + or + this.named_backreference_start(start, end) + or + this.lookahead_assertion_start(start, end) + or + this.negative_lookahead_assertion_start(start, end) + or + this.lookbehind_assertion_start(start, end) + or + this.negative_lookbehind_assertion_start(start, end) + or + this.comment_group_start(start, end) + or + this.simple_group_start(start, end) + } + + /** Matches the start of a non-capturing group, e.g. `(?:` */ + private predicate non_capturing_group_start(int start, int end) { + this.isGroupStart(start) and + this.getChar(start + 1) = "?" and + this.getChar(start + 2) = ":" and + end = start + 3 + } + + /** Matches the start of a simple group, e.g. `(a+)`. */ + private predicate simple_group_start(int start, int end) { + this.isGroupStart(start) and + this.getChar(start + 1) != "?" and + end = start + 1 + } + + /** + * Matches the start of a named group, such as: + * - `(?\w+)` + * - `(?'name'\w+)` + */ + private predicate named_group_start(int start, int end) { + this.isGroupStart(start) and + this.getChar(start + 1) = "?" and + this.getChar(start + 2) = "P" and + this.getChar(start + 3) = "<" and + not this.getChar(start + 4) = "=" and + not this.getChar(start + 4) = "!" and + exists(int name_end | + name_end = min(int i | i > start + 4 and this.getChar(i) = ">") and + end = name_end + 1 + ) + } + + private predicate named_backreference_start(int start, int end) { + this.isGroupStart(start) and + this.getChar(start + 1) = "?" and + this.getChar(start + 2) = "P" and + this.getChar(start + 3) = "=" and + // Should this be looking for unescaped ")"? + // TODO: test this + end = min(int i | i > start + 4 and this.getChar(i) = "?") + } + + private predicate flag_group_start(int start, int end, string c) { + this.isGroupStart(start) and + this.getChar(start + 1) = "?" and + end = start + 3 and + c = this.getChar(start + 2) and + c in ["i", "L", "m", "s", "u", "x"] + } + + /** + * Gets the mode of this regular expression string if + * it is defined by a prefix. + */ + string getModeFromPrefix() { + exists(string c | this.flag_group_start(_, _, c) | + c = "i" and result = "IGNORECASE" + or + c = "L" and result = "LOCALE" + or + c = "m" and result = "MULTILINE" + or + c = "s" and result = "DOTALL" + or + c = "u" and result = "UNICODE" + or + c = "x" and result = "VERBOSE" + ) + } + + /** Matches the start of a positive lookahead assertion, i.e. `(?=`. */ + private predicate lookahead_assertion_start(int start, int end) { + this.isGroupStart(start) and + this.getChar(start + 1) = "?" and + this.getChar(start + 2) = "=" and + end = start + 3 + } + + /** Matches the start of a negative lookahead assertion, i.e. `(?!`. */ + private predicate negative_lookahead_assertion_start(int start, int end) { + this.isGroupStart(start) and + this.getChar(start + 1) = "?" and + this.getChar(start + 2) = "!" and + end = start + 3 + } + + /** Matches the start of a positive lookbehind assertion, i.e. `(?<=`. */ + private predicate lookbehind_assertion_start(int start, int end) { + this.isGroupStart(start) and + this.getChar(start + 1) = "?" and + this.getChar(start + 2) = "<" and + this.getChar(start + 3) = "=" and + end = start + 4 + } + + /** Matches the start of a negative lookbehind assertion, i.e. `(?`. */ + private predicate named_backreference(int start, int end, string name) { + this.named_backreference_start(start, start + 4) and + end = min(int i | i > start + 4 and this.getChar(i) = ")") + 1 and + name = this.getText().substring(start + 4, end - 2) + } + + /** Matches a numbered backreference, e.g. `\1`. */ + private predicate numbered_backreference(int start, int end, int value) { + this.escapingChar(start) and + // starting with 0 makes it an octal escape + not this.getChar(start + 1) = "0" and + exists(string text, string svalue, int len | + end = start + len and + text = this.getText() and + len in [2 .. 3] + | + svalue = text.substring(start + 1, start + len) and + value = svalue.toInt() and + // value is composed of digits + forall(int i | i in [start + 1 .. start + len - 1] | this.getChar(i) = [0 .. 9].toString()) and + // a longer reference is not possible + not ( + len = 2 and + exists(text.substring(start + 1, start + len + 1).toInt()) + ) and + // 3 octal digits makes it an octal escape + not forall(int i | i in [start + 1 .. start + 4] | this.isOctal(i)) + // TODO: Inside a character set, all numeric escapes are treated as characters. + ) + } + + /** Whether the text in the range `start,end` is a back reference */ + predicate backreference(int start, int end) { + this.numbered_backreference(start, end, _) + or + this.named_backreference(start, end, _) + } + + /** Gets the number of the back reference in start,end */ + int getBackrefNumber(int start, int end) { this.numbered_backreference(start, end, result) } + + /** Gets the name, if it has one, of the back reference in start,end */ + string getBackrefName(int start, int end) { this.named_backreference(start, end, result) } + + private predicate baseItem(int start, int end) { + this.characterItem(start, end) and + not exists(int x, int y | this.charSet(x, y) and x <= start and y >= end) + or + this.group(start, end) + or + this.charSet(start, end) + or + this.backreference(start, end) + } + + private predicate qualifier(int start, int end, boolean maybe_empty, boolean may_repeat_forever) { + this.short_qualifier(start, end, maybe_empty, may_repeat_forever) and + not this.getChar(end) = "?" + or + exists(int short_end | this.short_qualifier(start, short_end, maybe_empty, may_repeat_forever) | + if this.getChar(short_end) = "?" then end = short_end + 1 else end = short_end + ) + } + + private predicate short_qualifier( + int start, int end, boolean maybe_empty, boolean may_repeat_forever + ) { + ( + this.getChar(start) = "+" and maybe_empty = false and may_repeat_forever = true + or + this.getChar(start) = "*" and maybe_empty = true and may_repeat_forever = true + or + this.getChar(start) = "?" and maybe_empty = true and may_repeat_forever = false + ) and + end = start + 1 + or + exists(string lower, string upper | + this.multiples(start, end, lower, upper) and + (if lower = "" or lower.toInt() = 0 then maybe_empty = true else maybe_empty = false) and + if upper = "" then may_repeat_forever = true else may_repeat_forever = false + ) + } + + /** + * Holds if a repetition quantifier is found between `start` and `end`, + * with the given lower and upper bounds. If a bound is omitted, the corresponding + * string is empty. + */ + predicate multiples(int start, int end, string lower, string upper) { + exists(string text, string match, string inner | + text = this.getText() and + end = start + match.length() and + inner = match.substring(1, match.length() - 1) + | + match = text.regexpFind("\\{[0-9]+\\}", _, start) and + lower = inner and + upper = lower + or + match = text.regexpFind("\\{[0-9]*,[0-9]*\\}", _, start) and + exists(int commaIndex | + commaIndex = inner.indexOf(",") and + lower = inner.prefix(commaIndex) and + upper = inner.suffix(commaIndex + 1) + ) + ) + } + + /** + * Whether the text in the range start,end is a qualified item, where item is a character, + * a character set or a group. + */ + predicate qualifiedItem(int start, int end, boolean maybe_empty, boolean may_repeat_forever) { + this.qualifiedPart(start, _, end, maybe_empty, may_repeat_forever) + } + + /** + * Holds if a qualified part is found between `start` and `part_end` and the qualifier is + * found between `part_end` and `end`. + * + * `maybe_empty` is true if the part is optional. + * `may_repeat_forever` is true if the part may be repeated unboundedly. + */ + predicate qualifiedPart( + int start, int part_end, int end, boolean maybe_empty, boolean may_repeat_forever + ) { + this.baseItem(start, part_end) and + this.qualifier(part_end, end, maybe_empty, may_repeat_forever) + } + + /** Holds if the range `start`, `end` contains a character, a quantifier, a character set or a group. */ + predicate item(int start, int end) { + this.qualifiedItem(start, end, _, _) + or + this.baseItem(start, end) and not this.qualifier(end, _, _, _) + } + + private predicate subsequence(int start, int end) { + ( + start = 0 or + this.group_start(_, start) or + this.isOptionDivider(start - 1) + ) and + this.item(start, end) + or + exists(int mid | + this.subsequence(start, mid) and + this.item(mid, end) + ) + } + + /** + * Whether the text in the range start,end is a sequence of 1 or more items, where an item is a character, + * a character set or a group. + */ + predicate sequence(int start, int end) { + this.sequenceOrQualified(start, end) and + not this.qualifiedItem(start, end, _, _) + } + + private predicate sequenceOrQualified(int start, int end) { + this.subsequence(start, end) and + not this.item_start(end) + } + + private predicate item_start(int start) { + this.characterItem(start, _) or + this.isGroupStart(start) or + this.charSet(start, _) or + this.backreference(start, _) + } + + private predicate item_end(int end) { + this.characterItem(_, end) + or + exists(int endm1 | this.isGroupEnd(endm1) and end = endm1 + 1) + or + this.charSet(_, end) + or + this.qualifier(_, end, _, _) + } + + private predicate top_level(int start, int end) { + this.subalternation(start, end, _) and + not this.isOptionDivider(end) + } + + private predicate subalternation(int start, int end, int item_start) { + this.sequenceOrQualified(start, end) and + not this.isOptionDivider(start - 1) and + item_start = start + or + start = end and + not this.item_end(start) and + this.isOptionDivider(end) and + item_start = start + or + exists(int mid | + this.subalternation(start, mid, _) and + this.isOptionDivider(mid) and + item_start = mid + 1 + | + this.sequenceOrQualified(item_start, end) + or + not this.item_start(end) and end = item_start + ) + } + + /** + * Whether the text in the range start,end is an alternation + */ + predicate alternation(int start, int end) { + this.top_level(start, end) and + exists(int less | this.subalternation(start, less, _) and less < end) + } + + /** + * Whether the text in the range start,end is an alternation and the text in part_start, part_end is one of the + * options in that alternation. + */ + predicate alternationOption(int start, int end, int part_start, int part_end) { + this.alternation(start, end) and + this.subalternation(start, part_end, part_start) + } + + /** A part of the regex that may match the start of the string. */ + private predicate firstPart(int start, int end) { + start = 0 and end = this.getText().length() + or + exists(int x | this.firstPart(x, end) | + this.emptyMatchAtStartGroup(x, start) or + this.qualifiedItem(x, start, true, _) or + // ^ and \A match the start of the string + this.specialCharacter(x, start, ["^", "\\A"]) + ) + or + exists(int y | this.firstPart(start, y) | + this.item(start, end) + or + this.qualifiedPart(start, end, y, _, _) + ) + or + exists(int x, int y | this.firstPart(x, y) | + this.groupContents(x, y, start, end) + or + this.alternationOption(x, y, start, end) + ) + } + + /** A part of the regex that may match the end of the string. */ + private predicate lastPart(int start, int end) { + start = 0 and end = this.getText().length() + or + exists(int y | this.lastPart(start, y) | + this.emptyMatchAtEndGroup(end, y) + or + this.qualifiedItem(end, y, true, _) + or + // $ and \Z match the end of the string. + this.specialCharacter(end, y, ["$", "\\Z"]) + ) + or + this.lastPart(_, end) and + this.item(start, end) + or + exists(int y | this.lastPart(start, y) | this.qualifiedPart(start, end, y, _, _)) + or + exists(int x, int y | this.lastPart(x, y) | + this.groupContents(x, y, start, end) + or + this.alternationOption(x, y, start, end) + ) + } + + /** + * Whether the item at [start, end) is one of the first items + * to be matched. + */ + predicate firstItem(int start, int end) { + ( + this.characterItem(start, end) + or + this.qualifiedItem(start, end, _, _) + or + this.charSet(start, end) + ) and + this.firstPart(start, end) + } + + /** + * Whether the item at [start, end) is one of the last items + * to be matched. + */ + predicate lastItem(int start, int end) { + ( + this.characterItem(start, end) + or + this.qualifiedItem(start, end, _, _) + or + this.charSet(start, end) + ) and + this.lastPart(start, end) + } +} diff --git a/python/ql/src/Expressions/Regex/BackspaceEscape.ql b/python/ql/src/Expressions/Regex/BackspaceEscape.ql index ce69dabec44..e67ced94312 100644 --- a/python/ql/src/Expressions/Regex/BackspaceEscape.ql +++ b/python/ql/src/Expressions/Regex/BackspaceEscape.ql @@ -13,7 +13,7 @@ import python import semmle.python.regex -from Regex r, int offset +from RegExp r, int offset where r.escapingChar(offset) and r.getChar(offset + 1) = "b" and diff --git a/python/ql/src/Expressions/Regex/DuplicateCharacterInSet.ql b/python/ql/src/Expressions/Regex/DuplicateCharacterInSet.ql index dc760df424f..1c7cfc39de9 100644 --- a/python/ql/src/Expressions/Regex/DuplicateCharacterInSet.ql +++ b/python/ql/src/Expressions/Regex/DuplicateCharacterInSet.ql @@ -13,7 +13,7 @@ import python import semmle.python.regex -predicate duplicate_char_in_class(Regex r, string char) { +predicate duplicate_char_in_class(RegExp r, string char) { exists(int i, int j, int x, int y, int start, int end | i != x and j != y and @@ -36,7 +36,7 @@ predicate duplicate_char_in_class(Regex r, string char) { ) } -from Regex r, string char +from RegExp r, string char where duplicate_char_in_class(r, char) select r, "This regular expression includes duplicate character '" + char + "' in a set of characters." diff --git a/python/ql/src/Expressions/Regex/MissingPartSpecialGroup.ql b/python/ql/src/Expressions/Regex/MissingPartSpecialGroup.ql index ea5deffa7de..e03fc65518a 100644 --- a/python/ql/src/Expressions/Regex/MissingPartSpecialGroup.ql +++ b/python/ql/src/Expressions/Regex/MissingPartSpecialGroup.ql @@ -13,6 +13,6 @@ import python import semmle.python.regex -from Regex r, string missing, string part +from RegExp r, string missing, string part where r.getText().regexpMatch(".*\\(P<\\w+>.*") and missing = "?" and part = "named group" select r, "Regular expression is missing '" + missing + "' in " + part + "." diff --git a/python/ql/src/Expressions/Regex/UnmatchableCaret.ql b/python/ql/src/Expressions/Regex/UnmatchableCaret.ql index f954169ae02..0dcf88a5d08 100644 --- a/python/ql/src/Expressions/Regex/UnmatchableCaret.ql +++ b/python/ql/src/Expressions/Regex/UnmatchableCaret.ql @@ -13,14 +13,14 @@ import python import semmle.python.regex -predicate unmatchable_caret(Regex r, int start) { +predicate unmatchable_caret(RegExp r, int start) { not r.getAMode() = "MULTILINE" and not r.getAMode() = "VERBOSE" and r.specialCharacter(start, start + 1, "^") and not r.firstItem(start, start + 1) } -from Regex r, int offset +from RegExp r, int offset where unmatchable_caret(r, offset) select r, "This regular expression includes an unmatchable caret at offset " + offset.toString() + "." diff --git a/python/ql/src/Expressions/Regex/UnmatchableDollar.ql b/python/ql/src/Expressions/Regex/UnmatchableDollar.ql index 3f9457f5bd2..00b14998a04 100644 --- a/python/ql/src/Expressions/Regex/UnmatchableDollar.ql +++ b/python/ql/src/Expressions/Regex/UnmatchableDollar.ql @@ -13,14 +13,14 @@ import python import semmle.python.regex -predicate unmatchable_dollar(Regex r, int start) { +predicate unmatchable_dollar(RegExp r, int start) { not r.getAMode() = "MULTILINE" and not r.getAMode() = "VERBOSE" and r.specialCharacter(start, start + 1, "$") and not r.lastItem(start, start + 1) } -from Regex r, int offset +from RegExp r, int offset where unmatchable_dollar(r, offset) select r, "This regular expression includes an unmatchable dollar at offset " + offset.toString() + "." From f2adc4f958b38ab4bc54eb486ef7b4849d98aec1 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Mon, 20 Mar 2023 16:13:55 +0100 Subject: [PATCH 093/870] add missing qldoc --- python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll b/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll index 7606743ea07..65e7ea93bae 100644 --- a/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll +++ b/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll @@ -1,3 +1,7 @@ +/** + * Library for parsing for Python regular expressions. + */ + import python private import semmle.python.dataflow.new.DataFlow private import semmle.python.Concepts as Concepts From ffa34251957ff9bc6476d4be0a064c1e1f083192 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Tue, 21 Mar 2023 11:53:58 +0100 Subject: [PATCH 094/870] rename away from deprecated alias in test-files --- python/ql/test/library-tests/regex/Alternation.ql | 2 +- python/ql/test/library-tests/regex/Characters.ql | 2 +- python/ql/test/library-tests/regex/Consistency.ql | 2 +- python/ql/test/library-tests/regex/FirstLast.ql | 4 ++-- python/ql/test/library-tests/regex/GroupContents.ql | 2 +- python/ql/test/library-tests/regex/Mode.ql | 2 +- python/ql/test/library-tests/regex/Qualified.ql | 2 +- python/ql/test/library-tests/regex/Regex.ql | 4 ++-- python/ql/test/library-tests/regex/SubstructureTests.ql | 8 ++++---- 9 files changed, 14 insertions(+), 14 deletions(-) diff --git a/python/ql/test/library-tests/regex/Alternation.ql b/python/ql/test/library-tests/regex/Alternation.ql index d172e778943..a47f016a399 100644 --- a/python/ql/test/library-tests/regex/Alternation.ql +++ b/python/ql/test/library-tests/regex/Alternation.ql @@ -1,7 +1,7 @@ import python import semmle.python.regex -from Regex r, int start, int end, int part_start, int part_end +from RegExp r, int start, int end, int part_start, int part_end where r.getLocation().getFile().getBaseName() = "test.py" and r.alternationOption(start, end, part_start, part_end) diff --git a/python/ql/test/library-tests/regex/Characters.ql b/python/ql/test/library-tests/regex/Characters.ql index 1444c37cd57..4a570acfbd9 100644 --- a/python/ql/test/library-tests/regex/Characters.ql +++ b/python/ql/test/library-tests/regex/Characters.ql @@ -6,6 +6,6 @@ import python import semmle.python.regex -from Regex r, int start, int end +from RegExp r, int start, int end where r.character(start, end) and r.getLocation().getFile().getBaseName() = "test.py" select r.getText(), start, end diff --git a/python/ql/test/library-tests/regex/Consistency.ql b/python/ql/test/library-tests/regex/Consistency.ql index 26e0a1cbfb5..2432a36d870 100644 --- a/python/ql/test/library-tests/regex/Consistency.ql +++ b/python/ql/test/library-tests/regex/Consistency.ql @@ -7,6 +7,6 @@ import semmle.python.regex from string str, Location loc, int counter where - counter = strictcount(Regex term | term.getLocation() = loc and term.getText() = str) and + counter = strictcount(RegExp term | term.getLocation() = loc and term.getText() = str) and counter > 1 select str, counter, loc diff --git a/python/ql/test/library-tests/regex/FirstLast.ql b/python/ql/test/library-tests/regex/FirstLast.ql index 5bca6fdf542..b0882faf61a 100644 --- a/python/ql/test/library-tests/regex/FirstLast.ql +++ b/python/ql/test/library-tests/regex/FirstLast.ql @@ -1,12 +1,12 @@ import python import semmle.python.regex -predicate part(Regex r, int start, int end, string kind) { +predicate part(RegExp r, int start, int end, string kind) { r.lastItem(start, end) and kind = "last" or r.firstItem(start, end) and kind = "first" } -from Regex r, int start, int end, string kind +from RegExp r, int start, int end, string kind where part(r, start, end, kind) and r.getLocation().getFile().getBaseName() = "test.py" select r.getText(), kind, start, end diff --git a/python/ql/test/library-tests/regex/GroupContents.ql b/python/ql/test/library-tests/regex/GroupContents.ql index 221edbe44ba..ddefebb9c55 100644 --- a/python/ql/test/library-tests/regex/GroupContents.ql +++ b/python/ql/test/library-tests/regex/GroupContents.ql @@ -1,7 +1,7 @@ import python import semmle.python.regex -from Regex r, int start, int end, int part_start, int part_end +from RegExp r, int start, int end, int part_start, int part_end where r.getLocation().getFile().getBaseName() = "test.py" and r.groupContents(start, end, part_start, part_end) diff --git a/python/ql/test/library-tests/regex/Mode.ql b/python/ql/test/library-tests/regex/Mode.ql index 62449fbb330..b369018fff0 100644 --- a/python/ql/test/library-tests/regex/Mode.ql +++ b/python/ql/test/library-tests/regex/Mode.ql @@ -1,6 +1,6 @@ import python import semmle.python.regex -from Regex r +from RegExp r where r.getLocation().getFile().getBaseName() = "test.py" select r.getLocation().getStartLine(), r.getAMode() diff --git a/python/ql/test/library-tests/regex/Qualified.ql b/python/ql/test/library-tests/regex/Qualified.ql index 26400b3440f..c40eaca0d68 100644 --- a/python/ql/test/library-tests/regex/Qualified.ql +++ b/python/ql/test/library-tests/regex/Qualified.ql @@ -1,7 +1,7 @@ import python import semmle.python.regex -from Regex r, int start, int end, boolean maybe_empty, boolean may_repeat_forever +from RegExp r, int start, int end, boolean maybe_empty, boolean may_repeat_forever where r.getLocation().getFile().getBaseName() = "test.py" and r.qualifiedItem(start, end, maybe_empty, may_repeat_forever) diff --git a/python/ql/test/library-tests/regex/Regex.ql b/python/ql/test/library-tests/regex/Regex.ql index 4c799ac2574..9c390474778 100644 --- a/python/ql/test/library-tests/regex/Regex.ql +++ b/python/ql/test/library-tests/regex/Regex.ql @@ -1,7 +1,7 @@ import python import semmle.python.regex -predicate part(Regex r, int start, int end, string kind) { +predicate part(RegExp r, int start, int end, string kind) { r.alternation(start, end) and kind = "choice" or r.normalCharacter(start, end) and kind = "char" @@ -23,6 +23,6 @@ predicate part(Regex r, int start, int end, string kind) { r.qualifiedItem(start, end, _, _) and kind = "qualified" } -from Regex r, int start, int end, string kind +from RegExp r, int start, int end, string kind where part(r, start, end, kind) and r.getLocation().getFile().getBaseName() = "test.py" select r.getText(), kind, start, end diff --git a/python/ql/test/library-tests/regex/SubstructureTests.ql b/python/ql/test/library-tests/regex/SubstructureTests.ql index cba3e56d08c..e189c13b15e 100644 --- a/python/ql/test/library-tests/regex/SubstructureTests.ql +++ b/python/ql/test/library-tests/regex/SubstructureTests.ql @@ -10,7 +10,7 @@ class CharacterSetTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and location.getFile().getBaseName() = "charSetTest.py" and - exists(Regex re, int start, int end | + exists(RegExp re, int start, int end | re.charSet(start, end) and location = re.getLocation() and element = re.getText().substring(start, end) and @@ -28,7 +28,7 @@ class CharacterRangeTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and location.getFile().getBaseName() = "charRangeTest.py" and - exists(Regex re, int start, int lower_end, int upper_start, int end | + exists(RegExp re, int start, int lower_end, int upper_start, int end | re.charRange(_, start, lower_end, upper_start, end) and location = re.getLocation() and element = re.getText().substring(start, end) and @@ -46,7 +46,7 @@ class EscapeTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and location.getFile().getBaseName() = "escapedCharacterTest.py" and - exists(Regex re, int start, int end | + exists(RegExp re, int start, int end | re.escapedCharacter(start, end) and location = re.getLocation() and element = re.getText().substring(start, end) and @@ -64,7 +64,7 @@ class GroupTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and location.getFile().getBaseName() = "groupTest.py" and - exists(Regex re, int start, int end | + exists(RegExp re, int start, int end | re.group(start, end) and location = re.getLocation() and element = re.getText().substring(start, end) and From 3cde11efc8f17baa8f7d7087fa136397ca0d21bd Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Fri, 24 Mar 2023 11:24:34 +0100 Subject: [PATCH 095/870] use StrConst instead of Bytes and Unicode --- .../semmle/python/regexp/internal/ParseRegExp.qll | 13 +++---------- .../python/regexp/internal/RegExpTracking.qll | 5 +---- 2 files changed, 4 insertions(+), 14 deletions(-) diff --git a/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll b/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll index 65e7ea93bae..f635332944b 100644 --- a/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll +++ b/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll @@ -110,13 +110,10 @@ private module FindRegexMode { deprecated class Regex = RegExp; /** A StrConst used as a regular expression */ -class RegExp extends Expr { +class RegExp extends Expr instanceof StrConst { DataFlow::Node use; - RegExp() { - (this instanceof Bytes or this instanceof Unicode) and - this = RegExpTracking::regExpSource(use).asExpr() - } + RegExp() { this = RegExpTracking::regExpSource(use).asExpr() } /** Gets a data-flow node where this string value is used as a regular expression. */ DataFlow::Node getAUse() { result = use } @@ -332,11 +329,7 @@ class RegExp extends Expr { } /** Gets the text of this regex */ - string getText() { - result = this.(Unicode).getS() - or - result = this.(Bytes).getS() - } + string getText() { result = super.getText() } /** Gets the `i`th character of this regex */ string getChar(int i) { result = this.getText().charAt(i) } diff --git a/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll b/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll index fb67f0e8c2c..b62e975cf82 100644 --- a/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll +++ b/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll @@ -15,10 +15,7 @@ private import semmle.python.dataflow.new.DataFlow private import semmle.python.Concepts as Concepts /** Gets a constant string value that may be used as a regular expression. */ -DataFlow::LocalSourceNode strStart() { - result.asExpr() instanceof Bytes or - result.asExpr() instanceof Unicode -} +DataFlow::Node strStart() { result.asExpr() instanceof StrConst } private import semmle.python.regex as Regex From 2d2602b66883bf448a67e6e79141222a5852d8a1 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Fri, 24 Mar 2023 11:50:41 +0100 Subject: [PATCH 096/870] use that strings are local-source-nodes in regex-tracking --- .../lib/semmle/python/regexp/internal/RegExpTracking.qll | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll b/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll index b62e975cf82..d883dfe68aa 100644 --- a/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll +++ b/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll @@ -15,7 +15,7 @@ private import semmle.python.dataflow.new.DataFlow private import semmle.python.Concepts as Concepts /** Gets a constant string value that may be used as a regular expression. */ -DataFlow::Node strStart() { result.asExpr() instanceof StrConst } +DataFlow::LocalSourceNode strStart() { result.asExpr() instanceof StrConst } private import semmle.python.regex as Regex @@ -44,7 +44,7 @@ private DataFlow::TypeTrackingNode backwards(DataFlow::TypeBackTracker t) { private DataFlow::TypeTrackingNode forwards(DataFlow::TypeTracker t) { t.start() and result = backwards(DataFlow::TypeBackTracker::end()) and - result.flowsTo(strStart()) + result = strStart() or exists(DataFlow::TypeTracker t2 | result = forwards(t2).track(t2, t)) and result = backwards(_) @@ -57,11 +57,11 @@ private DataFlow::TypeTrackingNode forwards(DataFlow::TypeTracker t) { * The result of the exploratory phase is used to limit the size of the search space in this precise analysis. */ private DataFlow::TypeTrackingNode regexTracking(DataFlow::Node start, DataFlow::TypeTracker t) { - result = forwards(_) and + result = forwards(t) and ( t.start() and start = strStart() and - result = start.getALocalSource() + result = start or exists(DataFlow::TypeTracker t2 | result = regexTracking(start, t2).track(t2, t)) ) From 113ce61d405b002bfba5eadf925f6a7d39026c83 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Fri, 24 Mar 2023 11:59:36 +0100 Subject: [PATCH 097/870] fix nit in qldoc --- python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll b/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll index f635332944b..465f9be6a4f 100644 --- a/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll +++ b/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll @@ -1,5 +1,5 @@ /** - * Library for parsing for Python regular expressions. + * Library for parsing Python regular expressions. */ import python From a64848c022a1b17865c343902fcf0b0df21d09f5 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Fri, 24 Mar 2023 12:09:34 +0100 Subject: [PATCH 098/870] simplify StdLibRegExpInterpretation to only consider re.compile, because the rest is handled by RegexExecution --- python/ql/lib/semmle/python/regex.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/ql/lib/semmle/python/regex.qll b/python/ql/lib/semmle/python/regex.qll index 0dfc74b5e6f..23debaea8cf 100644 --- a/python/ql/lib/semmle/python/regex.qll +++ b/python/ql/lib/semmle/python/regex.qll @@ -33,7 +33,7 @@ private import semmle.python.ApiGraphs class StdLibRegExpInterpretation extends RegExpInterpretation::Range { StdLibRegExpInterpretation() { this = - API::moduleImport("re").getMember(any(string name | name != "escape")).getACall().getArg(0) + API::moduleImport("re").getMember("compile").getACall().getParameter(0, "pattern").asSink() } } From 2fad406b5c4494931985c24f22487c8f80604db6 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Fri, 24 Mar 2023 12:14:29 +0100 Subject: [PATCH 099/870] move StdLibRegExpInterpretation to Stdlib.qll --- python/ql/lib/semmle/python/frameworks/Stdlib.qll | 13 +++++++++++++ python/ql/lib/semmle/python/regex.qll | 14 +------------- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/python/ql/lib/semmle/python/frameworks/Stdlib.qll b/python/ql/lib/semmle/python/frameworks/Stdlib.qll index 961b4c808d7..e8ad01cc1f0 100644 --- a/python/ql/lib/semmle/python/frameworks/Stdlib.qll +++ b/python/ql/lib/semmle/python/frameworks/Stdlib.qll @@ -3015,6 +3015,19 @@ private module StdlibPrivate { override string getKind() { result = Escaping::getRegexKind() } } + private import semmle.python.regex as Regex + + /** + * A node interpreted as a regular expression. + * Speficically nodes where string values are interpreted as regular expressions. + */ + class StdLibRegExpInterpretation extends Regex::RegExpInterpretation::Range { + StdLibRegExpInterpretation() { + this = + API::moduleImport("re").getMember("compile").getACall().getParameter(0, "pattern").asSink() + } + } + // --------------------------------------------------------------------------- // urllib // --------------------------------------------------------------------------- diff --git a/python/ql/lib/semmle/python/regex.qll b/python/ql/lib/semmle/python/regex.qll index 23debaea8cf..b041e1cfca9 100644 --- a/python/ql/lib/semmle/python/regex.qll +++ b/python/ql/lib/semmle/python/regex.qll @@ -4,6 +4,7 @@ private import semmle.python.Frameworks private import regexp.internal.RegExpTracking as RegExpTracking private import semmle.python.Concepts as Concepts private import semmle.python.regexp.RegexTreeView +private import semmle.python.dataflow.new.DataFlow import regexp.internal.ParseRegExp /** Gets a parsed regular expression term that is executed at `exec`. */ @@ -24,19 +25,6 @@ module RegExpInterpretation { abstract class Range extends DataFlow::Node { } } -private import semmle.python.ApiGraphs - -/** - * A node interpreted as a regular expression. - * Speficically nodes where string values are interpreted as regular expressions. - */ -class StdLibRegExpInterpretation extends RegExpInterpretation::Range { - StdLibRegExpInterpretation() { - this = - API::moduleImport("re").getMember("compile").getACall().getParameter(0, "pattern").asSink() - } -} - /** A StrConst used as a regular expression */ deprecated class RegexString extends Regex { RegexString() { this = RegExpTracking::regExpSource(_).asExpr() } From a7f733ab8c0bb1a9a67cec7bdc033e44401c38dd Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Fri, 24 Mar 2023 12:22:19 +0100 Subject: [PATCH 100/870] move RegExpInterpretation into Concepts.qll --- python/ql/lib/semmle/python/Concepts.qll | 20 +++++++++++++++++++ .../lib/semmle/python/frameworks/Stdlib.qll | 4 +--- python/ql/lib/semmle/python/regex.qll | 10 ---------- .../python/regexp/internal/ParseRegExp.qll | 2 +- .../python/regexp/internal/RegExpTracking.qll | 2 +- 5 files changed, 23 insertions(+), 15 deletions(-) diff --git a/python/ql/lib/semmle/python/Concepts.qll b/python/ql/lib/semmle/python/Concepts.qll index 0264da4c360..c80805e5b8f 100644 --- a/python/ql/lib/semmle/python/Concepts.qll +++ b/python/ql/lib/semmle/python/Concepts.qll @@ -421,6 +421,26 @@ module RegexExecution { } } +/** + * A node that is not a regular expression literal, but is used in places that + * may interpret it as one. Instances of this class are typically strings that + * flow to method calls like `re.compile`. + * + * Extend this class to refine existing API models. If you want to model new APIs, + * extend `RegExpInterpretation::Range` instead. + */ +class RegExpInterpretation extends DataFlow::Node instanceof RegExpInterpretation::Range { } + +/** Provides a class for modeling regular expression interpretations. */ +module RegExpInterpretation { + /** + * A node that is not a regular expression literal, but is used in places that + * may interpret it as one. Instances of this class are typically strings that + * flow to method calls like `re.compile`. + */ + abstract class Range extends DataFlow::Node { } +} + /** Provides classes for modeling XML-related APIs. */ module XML { /** diff --git a/python/ql/lib/semmle/python/frameworks/Stdlib.qll b/python/ql/lib/semmle/python/frameworks/Stdlib.qll index e8ad01cc1f0..7e62a5b033e 100644 --- a/python/ql/lib/semmle/python/frameworks/Stdlib.qll +++ b/python/ql/lib/semmle/python/frameworks/Stdlib.qll @@ -3015,13 +3015,11 @@ private module StdlibPrivate { override string getKind() { result = Escaping::getRegexKind() } } - private import semmle.python.regex as Regex - /** * A node interpreted as a regular expression. * Speficically nodes where string values are interpreted as regular expressions. */ - class StdLibRegExpInterpretation extends Regex::RegExpInterpretation::Range { + private class StdLibRegExpInterpretation extends RegExpInterpretation::Range { StdLibRegExpInterpretation() { this = API::moduleImport("re").getMember("compile").getACall().getParameter(0, "pattern").asSink() diff --git a/python/ql/lib/semmle/python/regex.qll b/python/ql/lib/semmle/python/regex.qll index b041e1cfca9..827f6b89e34 100644 --- a/python/ql/lib/semmle/python/regex.qll +++ b/python/ql/lib/semmle/python/regex.qll @@ -15,16 +15,6 @@ RegExpTerm getTermForExecution(Concepts::RegexExecution exec) { ) } -/** Provides a class for modeling regular expression interpretations. */ -module RegExpInterpretation { - /** - * A node that is not a regular expression literal, but is used in places that - * may interpret it as one. Instances of this class are typically strings that - * flow to method calls like `re.compile`. - */ - abstract class Range extends DataFlow::Node { } -} - /** A StrConst used as a regular expression */ deprecated class RegexString extends Regex { RegexString() { this = RegExpTracking::regExpSource(_).asExpr() } diff --git a/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll b/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll index 465f9be6a4f..5484ee12613 100644 --- a/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll +++ b/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll @@ -24,7 +24,7 @@ private module FindRegexMode { sink = call.(Concepts::RegexExecution).getRegex() or call.getArg(_) = sink and - sink instanceof RegExpInterpretation::Range + sink instanceof Concepts::RegExpInterpretation::Range | exists(DataFlow::CallCfgNode callNode | call = callNode and diff --git a/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll b/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll index d883dfe68aa..41f839bdc04 100644 --- a/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll +++ b/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll @@ -23,7 +23,7 @@ private import semmle.python.regex as Regex DataFlow::Node regSink() { result = any(Concepts::RegexExecution exec).getRegex() or - result instanceof Regex::RegExpInterpretation::Range + result instanceof Concepts::RegExpInterpretation } /** From d5029c94b6be20ebf08fe948ddb6f8427072f276 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Mon, 1 May 2023 10:41:30 +0200 Subject: [PATCH 101/870] changes based on review --- python/ql/lib/semmle/python/Concepts.qll | 10 ++++------ .../lib/semmle/python/dataflow/new/Regexp.qll | 4 ++-- .../lib/semmle/python/regexp/RegexTreeView.qll | 4 ++++ .../python/regexp/internal/ParseRegExp.qll | 14 +++++--------- .../python/regexp/internal/RegExpTracking.qll | 17 +++++++++-------- 5 files changed, 24 insertions(+), 25 deletions(-) diff --git a/python/ql/lib/semmle/python/Concepts.qll b/python/ql/lib/semmle/python/Concepts.qll index c80805e5b8f..21ef902f2e5 100644 --- a/python/ql/lib/semmle/python/Concepts.qll +++ b/python/ql/lib/semmle/python/Concepts.qll @@ -422,9 +422,8 @@ module RegexExecution { } /** - * A node that is not a regular expression literal, but is used in places that - * may interpret it as one. Instances of this class are typically strings that - * flow to method calls like `re.compile`. + * A node where a string is interpreted as a regular expression, + * for instance an argument to `re.compile`. * * Extend this class to refine existing API models. If you want to model new APIs, * extend `RegExpInterpretation::Range` instead. @@ -434,9 +433,8 @@ class RegExpInterpretation extends DataFlow::Node instanceof RegExpInterpretatio /** Provides a class for modeling regular expression interpretations. */ module RegExpInterpretation { /** - * A node that is not a regular expression literal, but is used in places that - * may interpret it as one. Instances of this class are typically strings that - * flow to method calls like `re.compile`. + * A node where a string is interpreted as a regular expression, + * for instance an argument to `re.compile`. */ abstract class Range extends DataFlow::Node { } } diff --git a/python/ql/lib/semmle/python/dataflow/new/Regexp.qll b/python/ql/lib/semmle/python/dataflow/new/Regexp.qll index 8fa3427256c..e1f824b2935 100644 --- a/python/ql/lib/semmle/python/dataflow/new/Regexp.qll +++ b/python/ql/lib/semmle/python/dataflow/new/Regexp.qll @@ -26,7 +26,7 @@ deprecated module RegExpPatterns { * as a part of a regular expression. */ class RegExpPatternSource extends DataFlow::CfgNode { - private DataFlow::Node sink; + private RegExpSink sink; RegExpPatternSource() { this = regExpSource(sink) } @@ -34,7 +34,7 @@ class RegExpPatternSource extends DataFlow::CfgNode { * Gets a node where the pattern of this node is parsed as a part of * a regular expression. */ - DataFlow::Node getAParse() { result = sink } + RegExpSink getAParse() { result = sink } /** * Gets the root term of the regular expression parsed from this pattern. diff --git a/python/ql/lib/semmle/python/regexp/RegexTreeView.qll b/python/ql/lib/semmle/python/regexp/RegexTreeView.qll index 192476274a3..49db4470343 100644 --- a/python/ql/lib/semmle/python/regexp/RegexTreeView.qll +++ b/python/ql/lib/semmle/python/regexp/RegexTreeView.qll @@ -525,6 +525,10 @@ module Impl implements RegexTreeViewSig { */ private predicate isUnicode() { this.getText().prefix(2) = ["\\u", "\\U"] } + /** + * Gets the unicode char for this escape. + * E.g. for `\u0061` this returns "a". + */ private string getUnicode() { result = Numbers::parseHexInt(this.getText().suffix(2)).toUnicode() } diff --git a/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll b/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll index 5484ee12613..c6f8e7f76aa 100644 --- a/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll +++ b/python/ql/lib/semmle/python/regexp/internal/ParseRegExp.qll @@ -26,15 +26,11 @@ private module FindRegexMode { call.getArg(_) = sink and sink instanceof Concepts::RegExpInterpretation::Range | - exists(DataFlow::CallCfgNode callNode | - call = callNode and - result = - mode_from_node([ - callNode - .getArg(re_member_flags_arg(callNode.(DataFlow::MethodCallNode).getMethodName())), - callNode.getArgByName("flags") - ]) - ) + result = + mode_from_node([ + call.getArg(re_member_flags_arg(call.(DataFlow::MethodCallNode).getMethodName())), + call.getArgByName("flags") + ]) ) ) } diff --git a/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll b/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll index 41f839bdc04..39d3e918de9 100644 --- a/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll +++ b/python/ql/lib/semmle/python/regexp/internal/RegExpTracking.qll @@ -19,11 +19,13 @@ DataFlow::LocalSourceNode strStart() { result.asExpr() instanceof StrConst } private import semmle.python.regex as Regex -/** Gets a node where regular expressions that flow to the node are used. */ -DataFlow::Node regSink() { - result = any(Concepts::RegexExecution exec).getRegex() - or - result instanceof Concepts::RegExpInterpretation +/** A node where regular expressions that flow to the node are used. */ +class RegExpSink extends DataFlow::Node { + RegExpSink() { + this = any(Concepts::RegexExecution exec).getRegex() + or + this instanceof Concepts::RegExpInterpretation + } } /** @@ -32,7 +34,7 @@ DataFlow::Node regSink() { */ private DataFlow::TypeTrackingNode backwards(DataFlow::TypeBackTracker t) { t.start() and - result = regSink().getALocalSource() + result = any(RegExpSink sink).getALocalSource() or exists(DataFlow::TypeBackTracker t2 | result = backwards(t2).backtrack(t2, t)) } @@ -69,7 +71,6 @@ private DataFlow::TypeTrackingNode regexTracking(DataFlow::Node start, DataFlow: /** Gets a node holding a value for the regular expression that is evaluated at `re`. */ cached -DataFlow::Node regExpSource(DataFlow::Node re) { - re = regSink() and +DataFlow::Node regExpSource(RegExpSink re) { regexTracking(result, DataFlow::TypeTracker::end()).flowsTo(re) } From 3d208c0a6271967178f69c6b96c66c714684368d Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 17 Apr 2023 11:27:33 +0200 Subject: [PATCH 102/870] JS: Port Actions sources based on PR from R3x --- javascript/ql/lib/javascript.qll | 1 + .../javascript/frameworks/ActionsLib.qll | 40 +++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll diff --git a/javascript/ql/lib/javascript.qll b/javascript/ql/lib/javascript.qll index 53bb91797aa..ed38db6550e 100644 --- a/javascript/ql/lib/javascript.qll +++ b/javascript/ql/lib/javascript.qll @@ -67,6 +67,7 @@ import semmle.javascript.YAML import semmle.javascript.dataflow.DataFlow import semmle.javascript.dataflow.TaintTracking import semmle.javascript.dataflow.TypeInference +import semmle.javascript.frameworks.ActionsLib import semmle.javascript.frameworks.Angular2 import semmle.javascript.frameworks.AngularJS import semmle.javascript.frameworks.Anser diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll b/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll new file mode 100644 index 00000000000..970c7d20ac5 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll @@ -0,0 +1,40 @@ +private import javascript + +private API::Node payload() { + result = API::moduleImport("@actions/github").getMember("context").getMember("payload") +} + +private API::Node workflowRun() { result = payload().getMember("workflow_run") } + +private API::Node commitObj() { + result = workflowRun().getMember("head_commit") + or + result = payload().getMember("commits").getAMember() +} + +private API::Node pullRequest() { + result = payload().getMember("pull_request") + or + result = commitObj().getMember("pull_requests").getAMember() +} + +private API::Node taintSource() { + result = pullRequest().getMember("head").getMember(["ref", "label"]) + or + result = + [pullRequest(), payload().getMember(["discussion", "issue"])].getMember(["title", "body"]) + or + result = payload().getMember(["review", "review_comment", "comment"]).getMember("body") + or + result = workflowRun().getMember("head_branch") + or + result = commitObj().getMember("message") + or + result = commitObj().getMember("author").getMember(["name", "email"]) +} + +private class GitHubActionsSource extends RemoteFlowSource { + GitHubActionsSource() { this = taintSource().asSource() } + + override string getSourceType() { result = "GitHub Actions input" } +} From 18f8c69261060762e15681c9f34a44372e8804b6 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Mon, 1 May 2023 10:49:51 +0200 Subject: [PATCH 103/870] satisfy the signature of `HostnameRegexpSig`, which doesn't understand RegExpSink --- .../semmle/python/security/regexp/HostnameRegex.qll | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/python/ql/lib/semmle/python/security/regexp/HostnameRegex.qll b/python/ql/lib/semmle/python/security/regexp/HostnameRegex.qll index e7ec80ac804..c6636092b52 100644 --- a/python/ql/lib/semmle/python/security/regexp/HostnameRegex.qll +++ b/python/ql/lib/semmle/python/security/regexp/HostnameRegex.qll @@ -12,7 +12,18 @@ private import codeql.regex.HostnameRegexp as Shared private module Impl implements Shared::HostnameRegexpSig { class DataFlowNode = DataFlow::Node; - class RegExpPatternSource = Regexp::RegExpPatternSource; + class RegExpPatternSource extends DataFlow::Node instanceof Regexp::RegExpPatternSource { + /** + * Gets a node where the pattern of this node is parsed as a part of + * a regular expression. + */ + DataFlow::Node getAParse() { result = super.getAParse() } + + /** + * Gets the root term of the regular expression parsed from this pattern. + */ + TreeImpl::RegExpTerm getRegExpTerm() { result = super.getRegExpTerm() } + } } import Shared::Make From cb9b01cbb7f12476df1be1a2cf2cb7397168b4e6 Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 1 May 2023 10:38:09 +0200 Subject: [PATCH 104/870] JS: Port new sources based on comment from JarLob --- .../ql/lib/semmle/javascript/frameworks/ActionsLib.qll | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll b/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll index 970c7d20ac5..c97cff73dfc 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll @@ -26,11 +26,13 @@ private API::Node taintSource() { or result = payload().getMember(["review", "review_comment", "comment"]).getMember("body") or - result = workflowRun().getMember("head_branch") + result = workflowRun().getMember(["head_branch", "display_title"]) + or + result = workflowRun().getMember("head_repository").getMember("description") or result = commitObj().getMember("message") or - result = commitObj().getMember("author").getMember(["name", "email"]) + result = commitObj().getMember(["author", "committer"]).getMember(["name", "email"]) } private class GitHubActionsSource extends RemoteFlowSource { From 0497e60ce2c8efe07f8961146897a259a742903e Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 1 May 2023 11:05:59 +0200 Subject: [PATCH 105/870] JS: Model actions/exec --- .../semmle/javascript/frameworks/ActionsLib.qll | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll b/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll index c97cff73dfc..74b65ee5adc 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll @@ -40,3 +40,17 @@ private class GitHubActionsSource extends RemoteFlowSource { override string getSourceType() { result = "GitHub Actions input" } } + +private class ExecActionsCall extends SystemCommandExecution, DataFlow::CallNode { + ExecActionsCall() { + this = API::moduleImport("@actions/exec").getMember(["exec", "getExecOutput"]).getACall() + } + + override DataFlow::Node getACommandArgument() { result = this.getArgument(0) } + + override DataFlow::Node getArgumentList() { result = this.getArgument(1) } + + override DataFlow::Node getOptionsArg() { result = this.getArgument(2) } + + override predicate isSync() { none() } +} From cb95dbfa14124e27ebb6dce58cb6dc30c61784fa Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 1 May 2023 11:06:13 +0200 Subject: [PATCH 106/870] JS: Add tests --- .../CommandInjection.expected | 24 +++++++++++++++++++ .../CWE-078/CommandInjection/actions.js | 22 +++++++++++++++++ .../CodeInjection/CodeInjection.expected | 5 ++++ .../HeuristicSourceCodeInjection.expected | 4 ++++ .../Security/CWE-094/CodeInjection/actions.js | 8 +++++++ 5 files changed, 63 insertions(+) create mode 100644 javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/actions.js create mode 100644 javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/actions.js diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected index 3d18fcf4b2e..fb8bc60e673 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected @@ -1,4 +1,16 @@ nodes +| actions.js:8:9:8:57 | title | +| actions.js:8:17:8:57 | github. ... t.title | +| actions.js:8:17:8:57 | github. ... t.title | +| actions.js:9:8:9:22 | `echo ${title}` | +| actions.js:9:8:9:22 | `echo ${title}` | +| actions.js:9:16:9:20 | title | +| actions.js:18:9:18:63 | head_ref | +| actions.js:18:20:18:63 | github. ... ead.ref | +| actions.js:18:20:18:63 | github. ... ead.ref | +| actions.js:19:14:19:31 | `echo ${head_ref}` | +| actions.js:19:14:19:31 | `echo ${head_ref}` | +| actions.js:19:22:19:29 | head_ref | | child_process-test.js:6:9:6:49 | cmd | | child_process-test.js:6:15:6:38 | url.par ... , true) | | child_process-test.js:6:15:6:44 | url.par ... ).query | @@ -179,6 +191,16 @@ nodes | third-party-command-injection.js:6:21:6:27 | command | | third-party-command-injection.js:6:21:6:27 | command | edges +| actions.js:8:9:8:57 | title | actions.js:9:16:9:20 | title | +| actions.js:8:17:8:57 | github. ... t.title | actions.js:8:9:8:57 | title | +| actions.js:8:17:8:57 | github. ... t.title | actions.js:8:9:8:57 | title | +| actions.js:9:16:9:20 | title | actions.js:9:8:9:22 | `echo ${title}` | +| actions.js:9:16:9:20 | title | actions.js:9:8:9:22 | `echo ${title}` | +| actions.js:18:9:18:63 | head_ref | actions.js:19:22:19:29 | head_ref | +| actions.js:18:20:18:63 | github. ... ead.ref | actions.js:18:9:18:63 | head_ref | +| actions.js:18:20:18:63 | github. ... ead.ref | actions.js:18:9:18:63 | head_ref | +| actions.js:19:22:19:29 | head_ref | actions.js:19:14:19:31 | `echo ${head_ref}` | +| actions.js:19:22:19:29 | head_ref | actions.js:19:14:19:31 | `echo ${head_ref}` | | child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd | | child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd | | child_process-test.js:6:9:6:49 | cmd | child_process-test.js:18:17:18:19 | cmd | @@ -344,6 +366,8 @@ edges | third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command | | third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command | #select +| actions.js:9:8:9:22 | `echo ${title}` | actions.js:8:17:8:57 | github. ... t.title | actions.js:9:8:9:22 | `echo ${title}` | This command line depends on a $@. | actions.js:8:17:8:57 | github. ... t.title | user-provided value | +| actions.js:19:14:19:31 | `echo ${head_ref}` | actions.js:18:20:18:63 | github. ... ead.ref | actions.js:19:14:19:31 | `echo ${head_ref}` | This command line depends on a $@. | actions.js:18:20:18:63 | github. ... ead.ref | user-provided value | | child_process-test.js:17:13:17:15 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:17:13:17:15 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | | child_process-test.js:18:17:18:19 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:18:17:18:19 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | | child_process-test.js:19:17:19:19 | cmd | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:19:17:19:19 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/actions.js b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/actions.js new file mode 100644 index 00000000000..1cfea0118bc --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/actions.js @@ -0,0 +1,22 @@ +const github = require('@actions/github'); +const aexec = require('@actions/exec'); +const { exec } = require('child_process'); + +// function to echo title +function echo_title() { + // get the title from the event pull request + const title = github.context.payload.pull_request.title; + exec(`echo ${title}`, (err, stdout, stderr) => { // NOT OK + if (err) { + return; + } + }); +} + +// function which passes the issue title into an exec +function exec_head_ref() { + const head_ref = github.context.payload.pull_request.head.ref; + aexec.exec(`echo ${head_ref}`).then((res) => { // NOT OK + console.log(res); + }); +} diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected index 545b9d71d7c..ddfe2c78f07 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected @@ -13,6 +13,9 @@ nodes | NoSQLCodeInjection.js:22:36:22:43 | req.body | | NoSQLCodeInjection.js:22:36:22:43 | req.body | | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | +| actions.js:5:10:5:50 | github. ... message | +| actions.js:5:10:5:50 | github. ... message | +| actions.js:5:10:5:50 | github. ... message | | angularjs.js:10:22:10:36 | location.search | | angularjs.js:10:22:10:36 | location.search | | angularjs.js:10:22:10:36 | location.search | @@ -191,6 +194,7 @@ edges | NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | +| actions.js:5:10:5:50 | github. ... message | actions.js:5:10:5:50 | github. ... message | | angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | | angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | | angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | @@ -306,6 +310,7 @@ edges | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | This code execution depends on a $@. | NoSQLCodeInjection.js:18:24:18:31 | req.body | user-provided value | | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | This code execution depends on a $@. | NoSQLCodeInjection.js:19:36:19:43 | req.body | user-provided value | | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | This code execution depends on a $@. | NoSQLCodeInjection.js:22:36:22:43 | req.body | user-provided value | +| actions.js:5:10:5:50 | github. ... message | actions.js:5:10:5:50 | github. ... message | actions.js:5:10:5:50 | github. ... message | This code execution depends on a $@. | actions.js:5:10:5:50 | github. ... message | user-provided value | | angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | This code execution depends on a $@. | angularjs.js:10:22:10:36 | location.search | user-provided value | | angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | This code execution depends on a $@. | angularjs.js:13:23:13:37 | location.search | user-provided value | | angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | This code execution depends on a $@. | angularjs.js:16:28:16:42 | location.search | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected index 0c4f02406d6..64620c6d3bf 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected @@ -13,6 +13,9 @@ nodes | NoSQLCodeInjection.js:22:36:22:43 | req.body | | NoSQLCodeInjection.js:22:36:22:43 | req.body | | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | +| actions.js:5:10:5:50 | github. ... message | +| actions.js:5:10:5:50 | github. ... message | +| actions.js:5:10:5:50 | github. ... message | | angularjs.js:10:22:10:36 | location.search | | angularjs.js:10:22:10:36 | location.search | | angularjs.js:10:22:10:36 | location.search | @@ -195,6 +198,7 @@ edges | NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | +| actions.js:5:10:5:50 | github. ... message | actions.js:5:10:5:50 | github. ... message | | angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | | angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | | angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/actions.js b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/actions.js new file mode 100644 index 00000000000..ee49ec3888e --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/actions.js @@ -0,0 +1,8 @@ +const core = require('@actions/core'); +const github = require('@actions/github'); + +function test() { + eval(github.context.payload.commits[1].message); // NOT OK + eval(core.getInput('numbers')); // NOT OK + eval(core.getMultilineInput('numbers').join('\n')); // NOT OK +} From 08785a4063f2638100675aae4fe1c6b151088f3e Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 1 May 2023 11:03:24 +0200 Subject: [PATCH 107/870] JS: Add sources from actions/core --- .../semmle/javascript/frameworks/ActionsLib.qll | 3 +++ .../CWE-094/CodeInjection/CodeInjection.expected | 14 ++++++++++++++ .../HeuristicSourceCodeInjection.expected | 12 ++++++++++++ 3 files changed, 29 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll b/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll index 74b65ee5adc..8f10144269c 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll @@ -33,6 +33,9 @@ private API::Node taintSource() { result = commitObj().getMember("message") or result = commitObj().getMember(["author", "committer"]).getMember(["name", "email"]) + or + result = + API::moduleImport("@actions/core").getMember(["getInput", "getMultilineInput"]).getReturn() } private class GitHubActionsSource extends RemoteFlowSource { diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected index ddfe2c78f07..181b4d91d34 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected @@ -16,6 +16,13 @@ nodes | actions.js:5:10:5:50 | github. ... message | | actions.js:5:10:5:50 | github. ... message | | actions.js:5:10:5:50 | github. ... message | +| actions.js:6:10:6:33 | core.ge ... mbers') | +| actions.js:6:10:6:33 | core.ge ... mbers') | +| actions.js:6:10:6:33 | core.ge ... mbers') | +| actions.js:7:10:7:42 | core.ge ... mbers') | +| actions.js:7:10:7:42 | core.ge ... mbers') | +| actions.js:7:10:7:53 | core.ge ... n('\\n') | +| actions.js:7:10:7:53 | core.ge ... n('\\n') | | angularjs.js:10:22:10:36 | location.search | | angularjs.js:10:22:10:36 | location.search | | angularjs.js:10:22:10:36 | location.search | @@ -195,6 +202,11 @@ edges | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | | actions.js:5:10:5:50 | github. ... message | actions.js:5:10:5:50 | github. ... message | +| actions.js:6:10:6:33 | core.ge ... mbers') | actions.js:6:10:6:33 | core.ge ... mbers') | +| actions.js:7:10:7:42 | core.ge ... mbers') | actions.js:7:10:7:53 | core.ge ... n('\\n') | +| actions.js:7:10:7:42 | core.ge ... mbers') | actions.js:7:10:7:53 | core.ge ... n('\\n') | +| actions.js:7:10:7:42 | core.ge ... mbers') | actions.js:7:10:7:53 | core.ge ... n('\\n') | +| actions.js:7:10:7:42 | core.ge ... mbers') | actions.js:7:10:7:53 | core.ge ... n('\\n') | | angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | | angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | | angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | @@ -311,6 +323,8 @@ edges | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | This code execution depends on a $@. | NoSQLCodeInjection.js:19:36:19:43 | req.body | user-provided value | | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | This code execution depends on a $@. | NoSQLCodeInjection.js:22:36:22:43 | req.body | user-provided value | | actions.js:5:10:5:50 | github. ... message | actions.js:5:10:5:50 | github. ... message | actions.js:5:10:5:50 | github. ... message | This code execution depends on a $@. | actions.js:5:10:5:50 | github. ... message | user-provided value | +| actions.js:6:10:6:33 | core.ge ... mbers') | actions.js:6:10:6:33 | core.ge ... mbers') | actions.js:6:10:6:33 | core.ge ... mbers') | This code execution depends on a $@. | actions.js:6:10:6:33 | core.ge ... mbers') | user-provided value | +| actions.js:7:10:7:53 | core.ge ... n('\\n') | actions.js:7:10:7:42 | core.ge ... mbers') | actions.js:7:10:7:53 | core.ge ... n('\\n') | This code execution depends on a $@. | actions.js:7:10:7:42 | core.ge ... mbers') | user-provided value | | angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | This code execution depends on a $@. | angularjs.js:10:22:10:36 | location.search | user-provided value | | angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | This code execution depends on a $@. | angularjs.js:13:23:13:37 | location.search | user-provided value | | angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | This code execution depends on a $@. | angularjs.js:16:28:16:42 | location.search | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected index 64620c6d3bf..841b942f82a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected @@ -16,6 +16,13 @@ nodes | actions.js:5:10:5:50 | github. ... message | | actions.js:5:10:5:50 | github. ... message | | actions.js:5:10:5:50 | github. ... message | +| actions.js:6:10:6:33 | core.ge ... mbers') | +| actions.js:6:10:6:33 | core.ge ... mbers') | +| actions.js:6:10:6:33 | core.ge ... mbers') | +| actions.js:7:10:7:42 | core.ge ... mbers') | +| actions.js:7:10:7:42 | core.ge ... mbers') | +| actions.js:7:10:7:53 | core.ge ... n('\\n') | +| actions.js:7:10:7:53 | core.ge ... n('\\n') | | angularjs.js:10:22:10:36 | location.search | | angularjs.js:10:22:10:36 | location.search | | angularjs.js:10:22:10:36 | location.search | @@ -199,6 +206,11 @@ edges | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | | actions.js:5:10:5:50 | github. ... message | actions.js:5:10:5:50 | github. ... message | +| actions.js:6:10:6:33 | core.ge ... mbers') | actions.js:6:10:6:33 | core.ge ... mbers') | +| actions.js:7:10:7:42 | core.ge ... mbers') | actions.js:7:10:7:53 | core.ge ... n('\\n') | +| actions.js:7:10:7:42 | core.ge ... mbers') | actions.js:7:10:7:53 | core.ge ... n('\\n') | +| actions.js:7:10:7:42 | core.ge ... mbers') | actions.js:7:10:7:53 | core.ge ... n('\\n') | +| actions.js:7:10:7:42 | core.ge ... mbers') | actions.js:7:10:7:53 | core.ge ... n('\\n') | | angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | | angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | | angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | From 5eaaa7e07410d2d61e2ed0c9990fd9b3f1c87895 Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 1 May 2023 11:42:55 +0200 Subject: [PATCH 108/870] JS: Add qldoc --- javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll b/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll index 8f10144269c..2b0948cb721 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll @@ -1,3 +1,7 @@ +/** + * Contains models for `@actions/core` related libraries. + */ + private import javascript private API::Node payload() { From e65ff6854786bac963024bb95180efdb91a2867d Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Mon, 1 May 2023 14:51:15 +0200 Subject: [PATCH 109/870] python: update debug queries --- .../test/experimental/dataflow/testConfig.qll | 2 -- .../experimental/dataflow/testTaintConfig.qll | 2 -- .../meta/debug/InlineTaintTestPaths.ql | 28 +++++++++++++------ .../meta/debug/dataflowTestPaths.ql | 27 ++++++++++++------ 4 files changed, 38 insertions(+), 21 deletions(-) diff --git a/python/ql/test/experimental/dataflow/testConfig.qll b/python/ql/test/experimental/dataflow/testConfig.qll index addbeefeebf..ab5f125d898 100644 --- a/python/ql/test/experimental/dataflow/testConfig.qll +++ b/python/ql/test/experimental/dataflow/testConfig.qll @@ -46,6 +46,4 @@ class TestConfiguration extends DataFlow::Configuration { } override predicate isBarrierIn(DataFlow::Node node) { this.isSource(node) } - - override int explorationLimit() { result = 5 } } diff --git a/python/ql/test/experimental/dataflow/testTaintConfig.qll b/python/ql/test/experimental/dataflow/testTaintConfig.qll index 13d0620be92..09496895c9a 100644 --- a/python/ql/test/experimental/dataflow/testTaintConfig.qll +++ b/python/ql/test/experimental/dataflow/testTaintConfig.qll @@ -46,6 +46,4 @@ class TestConfiguration extends TaintTracking::Configuration { } override predicate isSanitizerIn(DataFlow::Node node) { this.isSource(node) } - - override int explorationLimit() { result = 5 } } diff --git a/python/ql/test/experimental/meta/debug/InlineTaintTestPaths.ql b/python/ql/test/experimental/meta/debug/InlineTaintTestPaths.ql index 54323acf64b..8e7595fbbb3 100644 --- a/python/ql/test/experimental/meta/debug/InlineTaintTestPaths.ql +++ b/python/ql/test/experimental/meta/debug/InlineTaintTestPaths.ql @@ -9,17 +9,29 @@ // 3. if necessary, look at partial paths by (un)commenting appropriate lines import python import semmle.python.dataflow.new.DataFlow +import semmle.python.dataflow.new.TaintTracking import experimental.meta.InlineTaintTest::Conf -// import DataFlow::PartialPathGraph -import DataFlow::PathGraph -class Conf extends TestTaintTrackingConfiguration { - // override int explorationLimit() { result = 5 } +module Conf implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + any (TestTaintTrackingConfiguration c).isSource(source) + } + predicate isSink(DataFlow::Node source) { + any (TestTaintTrackingConfiguration c).isSink(source) + } } +int explorationLimit() { result = 5 } -// from Conf config, DataFlow::PartialPathNode source, DataFlow::PartialPathNode sink -// where config.hasPartialFlow(source, sink, _) -from Conf config, DataFlow::PathNode source, DataFlow::PathNode sink -where config.hasFlowPath(source, sink) +module Flows = TaintTracking::Global; + +module FlowsPartial = Flows::FlowExploration; + +// import FlowsPartial::PartialPathGraph +import Flows::PathGraph + +// from FlowsPartial::PartialPathNode source, FlowsPartial::PartialPathNode sink +// where FlowsPartial::partialFlow(source, sink, _) +from Flows::PathNode source, Flows::PathNode sink +where Flows::flowPath(source, sink) select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), "this source" diff --git a/python/ql/test/experimental/meta/debug/dataflowTestPaths.ql b/python/ql/test/experimental/meta/debug/dataflowTestPaths.ql index 545bfbab1a2..c1cb0ff13c8 100644 --- a/python/ql/test/experimental/meta/debug/dataflowTestPaths.ql +++ b/python/ql/test/experimental/meta/debug/dataflowTestPaths.ql @@ -10,16 +10,25 @@ import python import semmle.python.dataflow.new.DataFlow import experimental.dataflow.testConfig -// import DataFlow::PartialPathGraph -import DataFlow::PathGraph -class Conf extends TestConfiguration { - override int explorationLimit() { result = 5 } +module Conf implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { any(TestConfiguration c).isSource(source) } + + predicate isSink(DataFlow::Node source) { any(TestConfiguration c).isSink(source) } } -// from Conf config, DataFlow::PartialPathNode source, DataFlow::PartialPathNode sink -// where config.hasPartialFlow(source, sink, _) -from Conf config, DataFlow::PathNode source, DataFlow::PathNode sink -where config.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), +int explorationLimit() { result = 5 } + +module Flows = DataFlow::Global; + +module FlowsPartial = Flows::FlowExploration; + +// import FlowsPartial::PartialPathGraph +import Flows::PathGraph + +// from FlowsPartial::PartialPathNode source, FlowsPartial::PartialPathNode sink +// where FlowsPartial::partialFlow(source, sink, _) +from Flows::PathNode source, Flows::PathNode sink +where Flows::flowPath(source, sink) +select sink.getNode(), source, sink, "This node receives flow from $@.", source.getNode(), "this source" From 0d991574ec7d87f671b39182679d19575ee20d03 Mon Sep 17 00:00:00 2001 From: tyage Date: Tue, 2 May 2023 12:00:42 +0900 Subject: [PATCH 110/870] Fix typo in test --- .../NPM/src/node_modules/parent-modue/main.js | 1 - .../parent-modue/sub-module/main.js | 1 - .../src/node_modules/parent-module/main.js | 1 + .../package.json | 0 .../parent-module/sub-module/main.js | 1 + .../sub-module/package.json | 0 .../ql/test/library-tests/NPM/tests.expected | 20 ++++++++++--------- 7 files changed, 13 insertions(+), 11 deletions(-) delete mode 100644 javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/main.js delete mode 100644 javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/sub-module/main.js create mode 100644 javascript/ql/test/library-tests/NPM/src/node_modules/parent-module/main.js rename javascript/ql/test/library-tests/NPM/src/node_modules/{parent-modue => parent-module}/package.json (100%) create mode 100644 javascript/ql/test/library-tests/NPM/src/node_modules/parent-module/sub-module/main.js rename javascript/ql/test/library-tests/NPM/src/node_modules/{parent-modue => parent-module}/sub-module/package.json (100%) diff --git a/javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/main.js b/javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/main.js deleted file mode 100644 index 8ba4196fbca..00000000000 --- a/javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/main.js +++ /dev/null @@ -1 +0,0 @@ -export default "parent"; diff --git a/javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/sub-module/main.js b/javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/sub-module/main.js deleted file mode 100644 index cfc0568dea7..00000000000 --- a/javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/sub-module/main.js +++ /dev/null @@ -1 +0,0 @@ -export default "sub"; diff --git a/javascript/ql/test/library-tests/NPM/src/node_modules/parent-module/main.js b/javascript/ql/test/library-tests/NPM/src/node_modules/parent-module/main.js new file mode 100644 index 00000000000..8871fb179ac --- /dev/null +++ b/javascript/ql/test/library-tests/NPM/src/node_modules/parent-module/main.js @@ -0,0 +1 @@ +module.exports = "parent"; diff --git a/javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/package.json b/javascript/ql/test/library-tests/NPM/src/node_modules/parent-module/package.json similarity index 100% rename from javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/package.json rename to javascript/ql/test/library-tests/NPM/src/node_modules/parent-module/package.json diff --git a/javascript/ql/test/library-tests/NPM/src/node_modules/parent-module/sub-module/main.js b/javascript/ql/test/library-tests/NPM/src/node_modules/parent-module/sub-module/main.js new file mode 100644 index 00000000000..0bf6641bb0a --- /dev/null +++ b/javascript/ql/test/library-tests/NPM/src/node_modules/parent-module/sub-module/main.js @@ -0,0 +1 @@ +module.exports = "sub"; diff --git a/javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/sub-module/package.json b/javascript/ql/test/library-tests/NPM/src/node_modules/parent-module/sub-module/package.json similarity index 100% rename from javascript/ql/test/library-tests/NPM/src/node_modules/parent-modue/sub-module/package.json rename to javascript/ql/test/library-tests/NPM/src/node_modules/parent-module/sub-module/package.json diff --git a/javascript/ql/test/library-tests/NPM/tests.expected b/javascript/ql/test/library-tests/NPM/tests.expected index 1262db527c9..a75c705be26 100644 --- a/javascript/ql/test/library-tests/NPM/tests.expected +++ b/javascript/ql/test/library-tests/NPM/tests.expected @@ -8,6 +8,8 @@ importedFile | src/node_modules/nested/tst3.js:1:1:1:29 | require ... odule') | src/node_modules/third-party-module/fancy.js:0:0:0:0 | src/node_modules/third-party-module/fancy.js | | src/node_modules/nested/tst3.js:2:1:2:12 | require('a') | src/node_modules/nested/node_modules/a/index.js:0:0:0:0 | src/node_modules/nested/node_modules/a/index.js | | src/node_modules/tst2.js:1:1:1:38 | require ... cy.js') | src/node_modules/third-party-module/fancy.js:0:0:0:0 | src/node_modules/third-party-module/fancy.js | +| src/test-submodule.js:1:1:1:24 | require ... odule") | src/node_modules/parent-module/main.js:0:0:0:0 | src/node_modules/parent-module/main.js | +| src/test-submodule.js:2:1:2:35 | require ... odule") | src/node_modules/parent-module/sub-module/main.js:0:0:0:0 | src/node_modules/parent-module/sub-module/main.js | | src/tst2.js:1:1:1:12 | require(".") | src/index.js:0:0:0:0 | src/index.js | | src/tst.js:1:1:1:38 | require ... cy.js') | src/node_modules/third-party-module/fancy.js:0:0:0:0 | src/node_modules/third-party-module/fancy.js | | src/tst.js:2:1:2:37 | require ... ckage') | src/node_modules/third-party-module/package.json:0:0:0:0 | src/node_modules/third-party-module/package.json | @@ -16,8 +18,8 @@ importedModule | src/node_modules/nested/tst3.js:1:1:1:29 | require ... odule') | src/node_modules/third-party-module/fancy.js:1:1:4:0 | | | src/node_modules/nested/tst3.js:2:1:2:12 | require('a') | src/node_modules/nested/node_modules/a/index.js:1:1:1:25 | | | src/node_modules/tst2.js:1:1:1:38 | require ... cy.js') | src/node_modules/third-party-module/fancy.js:1:1:4:0 | | -| src/test-submodule.js:1:1:1:24 | require ... odule") | src/node_modules/parent-modue/main.js:1:1:2:0 | | -| src/test-submodule.js:2:1:2:35 | require ... odule") | src/node_modules/parent-modue/sub-module/main.js:1:1:2:0 | | +| src/test-submodule.js:1:1:1:24 | require ... odule") | src/node_modules/parent-module/main.js:1:1:2:0 | | +| src/test-submodule.js:2:1:2:35 | require ... odule") | src/node_modules/parent-module/sub-module/main.js:1:1:2:0 | | | src/tst2.js:1:1:1:12 | require(".") | src/index.js:1:1:4:0 | | | src/tst.js:1:1:1:38 | require ... cy.js') | src/node_modules/third-party-module/fancy.js:1:1:4:0 | | modules @@ -31,9 +33,9 @@ modules | src/node_modules/b | b | src/node_modules/b/lib/util.ts:1:1:2:0 | | | src/node_modules/c | c | src/node_modules/c/src/index.js:1:1:2:0 | | | src/node_modules/d | d | src/node_modules/d/main.js:1:1:2:0 | | -| src/node_modules/parent-modue | parent-module | src/node_modules/parent-modue/main.js:1:1:2:0 | | -| src/node_modules/parent-modue | parent-module | src/node_modules/parent-modue/sub-module/main.js:1:1:2:0 | | -| src/node_modules/parent-modue/sub-module | parent-module/sub-module | src/node_modules/parent-modue/sub-module/main.js:1:1:2:0 | | +| src/node_modules/parent-module | parent-module | src/node_modules/parent-module/main.js:1:1:2:0 | | +| src/node_modules/parent-module | parent-module | src/node_modules/parent-module/sub-module/main.js:1:1:2:0 | | +| src/node_modules/parent-module/sub-module | parent-module/sub-module | src/node_modules/parent-module/sub-module/main.js:1:1:2:0 | | | src/node_modules/third-party-module | third-party-module | src/node_modules/third-party-module/fancy.js:1:1:4:0 | | npm | src/node_modules/third-party-module/package.json:1:1:5:1 | {\\n "na ... y.js"\\n} | third-party-module | 23.4.0 | @@ -42,16 +44,16 @@ getMainModule | src/node_modules/b/package.json:1:1:4:1 | {\\n "na ... "lib"\\n} | b | src/node_modules/b/lib/index.js:1:1:2:0 | | | src/node_modules/c/package.json:1:1:4:1 | {\\n "na ... src/"\\n} | c | src/node_modules/c/src/index.js:1:1:2:0 | | | src/node_modules/d/package.json:1:1:4:1 | {\\n "na ... main"\\n} | d | src/node_modules/d/main.js:1:1:2:0 | | -| src/node_modules/parent-modue/package.json:1:1:4:1 | {\\n "na ... n.js"\\n} | parent-module | src/node_modules/parent-modue/main.js:1:1:2:0 | | -| src/node_modules/parent-modue/sub-module/package.json:1:1:3:1 | {\\n "ma ... n.js"\\n} | parent-module/sub-module | src/node_modules/parent-modue/sub-module/main.js:1:1:2:0 | | +| src/node_modules/parent-module/package.json:1:1:4:1 | {\\n "na ... n.js"\\n} | parent-module | src/node_modules/parent-module/main.js:1:1:2:0 | | +| src/node_modules/parent-module/sub-module/package.json:1:1:3:1 | {\\n "ma ... n.js"\\n} | parent-module/sub-module | src/node_modules/parent-module/sub-module/main.js:1:1:2:0 | | | src/node_modules/third-party-module/package.json:1:1:5:1 | {\\n "na ... y.js"\\n} | third-party-module | src/node_modules/third-party-module/fancy.js:1:1:4:0 | | | src/package.json:1:1:20:1 | {\\n "na ... "\\n }\\n} | test-package | src/index.js:1:1:4:0 | | packageJson | src/node_modules/b/package.json:1:1:4:1 | {\\n "na ... "lib"\\n} | | src/node_modules/c/package.json:1:1:4:1 | {\\n "na ... src/"\\n} | | src/node_modules/d/package.json:1:1:4:1 | {\\n "na ... main"\\n} | -| src/node_modules/parent-modue/package.json:1:1:4:1 | {\\n "na ... n.js"\\n} | -| src/node_modules/parent-modue/sub-module/package.json:1:1:3:1 | {\\n "ma ... n.js"\\n} | +| src/node_modules/parent-module/package.json:1:1:4:1 | {\\n "na ... n.js"\\n} | +| src/node_modules/parent-module/sub-module/package.json:1:1:3:1 | {\\n "ma ... n.js"\\n} | | src/node_modules/third-party-module/package.json:1:1:5:1 | {\\n "na ... y.js"\\n} | | src/package.json:1:1:20:1 | {\\n "na ... "\\n }\\n} | dependencyInfo From be9c8d28b5bbbe16eadaef4ba7e89bf2d1c2a92e Mon Sep 17 00:00:00 2001 From: tyage Date: Tue, 2 May 2023 12:41:03 +0900 Subject: [PATCH 111/870] JS: drop string comparison --- javascript/ql/lib/semmle/javascript/NPM.qll | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/NPM.qll b/javascript/ql/lib/semmle/javascript/NPM.qll index 53220a566b8..36297be4d23 100644 --- a/javascript/ql/lib/semmle/javascript/NPM.qll +++ b/javascript/ql/lib/semmle/javascript/NPM.qll @@ -19,16 +19,14 @@ class PackageJson extends JsonObject { string getPackageName() { result = this.getPropStringValue("name") or - exists( - PackageJson parentPackage, string currentDir, string parentDir, string parentPackageName - | - currentDir = this.getJsonFile().getParentContainer().getAbsolutePath() and - parentDir = parentPackage.getJsonFile().getParentContainer().getAbsolutePath() and - parentPackageName = parentPackage.getPropStringValue("name") and - parentDir.indexOf("node_modules") != -1 and - currentDir != parentDir and - currentDir.indexOf(parentDir) = 0 and - result = parentPackageName + currentDir.suffix(parentDir.length()) + exists(PackageJson parentPkg, Container currentDir, Container parentDir | + currentDir = this.getJsonFile().getParentContainer() and + parentDir = parentPkg.getJsonFile().getParentContainer() and + parentDir.getParentContainer+().getBaseName() = "node_modules" and + parentDir.getAChildContainer+() = currentDir and + result = + parentPkg.getPropStringValue("name") + + currentDir.getAbsolutePath().suffix(parentDir.getAbsolutePath().length()) ) } From 04e393fcf8b83fe4c1dd1af4d2bce14f61fa2dc6 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 2 May 2023 11:02:58 +0200 Subject: [PATCH 112/870] JS: Change note --- .../ql/src/change-notes/2023-05-02-github-actions-sources.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ruby/ql/src/change-notes/2023-05-02-github-actions-sources.md diff --git a/ruby/ql/src/change-notes/2023-05-02-github-actions-sources.md b/ruby/ql/src/change-notes/2023-05-02-github-actions-sources.md new file mode 100644 index 00000000000..a9cf1339421 --- /dev/null +++ b/ruby/ql/src/change-notes/2023-05-02-github-actions-sources.md @@ -0,0 +1,5 @@ +--- +category: majorAnalysis +--- +* Added taint sources from the `@actions/core` and `@actions/github` packages. +* Added command-injection sinks from the `@actions/exec` package. From 564bb1ccb02935f451598532608c2725a6f6c07d Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Tue, 2 May 2023 11:22:47 +0200 Subject: [PATCH 113/870] Manual fixes --- .../org.apache.commons.net.model.yml | 48 +++++++------------ 1 file changed, 18 insertions(+), 30 deletions(-) diff --git a/java/ql/lib/ext/generated/org.apache.commons.net.model.yml b/java/ql/lib/ext/generated/org.apache.commons.net.model.yml index 49c61eb4328..458dc493960 100644 --- a/java/ql/lib/ext/generated/org.apache.commons.net.model.yml +++ b/java/ql/lib/ext/generated/org.apache.commons.net.model.yml @@ -5,43 +5,31 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.commons.net.ftp", "FTPClient", true, "appendFile", "(String,InputStream)", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "appendFileStream", "(String)", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateListParsing", "()", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateListParsing", "(String)", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateListParsing", "(String,String)", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateMListParsing", "()", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateMListParsing", "(String)", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listDirectories", "()", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listDirectories", "(String)", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listFiles", "()", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listFiles", "(String)", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listFiles", "(String,FTPFileFilter)", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listNames", "()", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listNames", "(String)", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistDir", "()", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistDir", "(String)", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistDir", "(String,FTPFileFilter)", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "retrieveFile", "(String,OutputStream)", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "retrieveFileStream", "(String)", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "storeFile", "(String,InputStream)", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "storeFileStream", "(String)", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "storeUniqueFile", "(InputStream)", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "storeUniqueFile", "(String,InputStream)", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "storeUniqueFileStream", "()", "", "Argument[this]", "open-url", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "storeUniqueFileStream", "(String)", "", "Argument[this]", "open-url", "df-generated"] + - ["org.apache.commons.net", "SocketClient", true, "connect", "(InetAddress)", "", "Argument[0]", "open-url", "manual"] + - ["org.apache.commons.net", "SocketClient", true, "connect", "(InetAddress,int)", "", "Argument[0]", "open-url", "manual"] + - ["org.apache.commons.net", "SocketClient", true, "connect", "(InetAddress,int,InetAddress,int)", "", "Argument[0]", "open-url", "manual"] + - ["org.apache.commons.net", "SocketClient", true, "connect", "(String)", "", "Argument[0]", "open-url", "manual"] + - ["org.apache.commons.net", "SocketClient", true, "connect", "(String,int)", "", "Argument[0]", "open-url", "manual"] + - ["org.apache.commons.net", "SocketClient", true, "connect", "(String,int,InetAddress,int)", "", "Argument[0]", "open-url", "manual"] - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(File,String)", "", "Argument[0]", "read-file", "df-generated"] - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(File,String,String)", "", "Argument[0]", "read-file", "df-generated"] - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(String,File,String,String,String)", "", "Argument[1]", "read-file", "df-generated"] - - ["org.apache.commons.net", "SocketClient", true, "connect", "(String,int)", "", "Argument[this]", "open-url", "df-generated"] - addsTo: pack: codeql/java-all extensible: sourceModel data: - - ["org.apache.commons.net.ftp", "FTPClient", true, "listNames", "()", "", "ReturnValue", "remote", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listNames", "(String)", "", "ReturnValue", "remote", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "retrieveFile", "(String,OutputStream)", "", "Argument[1]", "remote", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "retrieveFileStream", "(String)", "", "ReturnValue", "remote", "df-generated"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listDirectories", "()", "", "ReturnValue", "remote", "df-manual"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listDirectories", "(String)", "", "ReturnValue", "remote", "df-manual"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listFiles", "()", "", "ReturnValue", "remote", "df-manual"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listFiles", "(String)", "", "ReturnValue", "remote", "df-manual"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listFiles", "(String,FTPFileFilter)", "", "ReturnValue", "remote", "df-manual"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listNames", "()", "", "ReturnValue", "remote", "df-manual"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listNames", "(String)", "", "ReturnValue", "remote", "df-manual"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistDir", "()", "", "ReturnValue", "remote", "df-manual"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistDir", "(String)", "", "ReturnValue", "remote", "df-manual"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistDir", "(String,FTPFileFilter)", "", "ReturnValue", "remote", "df-manual"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "retrieveFile", "(String,OutputStream)", "", "Argument[1]", "remote", "df-manual"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "retrieveFileStream", "(String)", "", "ReturnValue", "remote", "df-manual"] - addsTo: pack: codeql/java-all extensible: summaryModel From f7f6f104d0797f25f1e753218f658d6404df643b Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Tue, 2 May 2023 13:15:30 +0200 Subject: [PATCH 114/870] use NegativeEndpointType class; replace link to slack discussion --- .../AutomodelEndpointCharacteristics.qll | 12 ++++++--- .../AutomodelSharedCharacteristics.qll | 27 +++++++++---------- 2 files changed, 20 insertions(+), 19 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll b/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll index 77425071792..f9639743fa3 100644 --- a/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll @@ -21,9 +21,7 @@ module CandidatesImpl implements SharedCharacteristics::CandidateSig { class EndpointType = AutomodelEndpointTypes::EndpointType; - predicate isNegative(AutomodelEndpointTypes::EndpointType t) { - t instanceof AutomodelEndpointTypes::NegativeSinkType - } + class NegativeEndpointType = AutomodelEndpointTypes::NegativeSinkType; // Sanitizers are currently not modeled in MaD. TODO: check if this has large negative impact. predicate isSanitizer(Endpoint e, EndpointType t) { none() } @@ -95,7 +93,13 @@ module CandidatesImpl implements SharedCharacteristics::CandidateSig { hasMetadata(e, package, type, name, signature, input, isFinal, isStatic, isPublic, calleeJavaDoc) and (if isFinal = true or isStatic = true then subtypes = false else subtypes = true) and - ext = "" and // see https://github.slack.com/archives/CP9127VUK/p1673979477496069 + ext = "" and + /* + * "ext" will always be empty for automodeling; it's a mechanism for + * specifying that the model should apply for parameters that have + * a certain annotation. + */ + provenance = "ai-generated" and metadata = "{" // diff --git a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll index 58c46ceabd8..d0d05563105 100644 --- a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll @@ -16,6 +16,11 @@ signature module CandidateSig { class EndpointType; + /** + * An EndpointType that denotes the absence of any sink. + */ + class NegativeEndpointType extends EndpointType; + /** Gets the string representing the file+range of the endpoint. */ string getLocationString(Endpoint e); @@ -24,12 +29,6 @@ signature module CandidateSig { */ predicate isKnownLabel(string label, string humanReadableLabel, EndpointType type); - /** - * EndpointType must have a 'negative' type that denotes the absence of any sink. - * This predicate should hold for that type, and that type only. - */ - predicate isNegative(EndpointType t); - /** * Should hold for any endpoint that is a flow sanitizer. */ @@ -68,8 +67,6 @@ signature module CandidateSig { * implementations of endpoint characteristics exported by this module. */ module SharedCharacteristics { - predicate isNegative(Candidate::EndpointType e) { Candidate::isNegative(e) } - predicate isSink(Candidate::Endpoint e, string label) { Candidate::isSink(e, label) } predicate isNeutral(Candidate::Endpoint e) { Candidate::isNeutral(e) } @@ -80,7 +77,7 @@ module SharedCharacteristics { predicate isKnownSink(Candidate::Endpoint sink, Candidate::EndpointType endpointType) { // If the list of characteristics includes positive indicators with maximal confidence for this class, then it's a // known sink for the class. - not isNegative(endpointType) and + not endpointType instanceof Candidate::NegativeEndpointType and exists(EndpointCharacteristic characteristic | characteristic.appliesToEndpoint(sink) and characteristic.hasImplications(endpointType, true, maximalConfidence()) @@ -93,7 +90,7 @@ module SharedCharacteristics { * characteristics. */ predicate isSinkCandidate(Candidate::Endpoint candidateSink, Candidate::EndpointType sinkType) { - not isNegative(sinkType) and + not sinkType instanceof Candidate::NegativeEndpointType and not exists(getAReasonSinkExcluded(candidateSink, sinkType)) } @@ -109,13 +106,13 @@ module SharedCharacteristics { Candidate::Endpoint candidateSink, Candidate::EndpointType sinkType ) { // An endpoint is a sink candidate if none of its characteristics give much indication whether or not it is a sink. - not isNegative(sinkType) and + not sinkType instanceof Candidate::NegativeEndpointType and result.appliesToEndpoint(candidateSink) and // Exclude endpoints that have a characteristic that implies they're not sinks for _any_ sink type. ( exists(float confidence | confidence >= mediumConfidence() and - result.hasImplications(any(Candidate::EndpointType t | isNegative(t)), true, confidence) + result.hasImplications(any(Candidate::NegativeEndpointType t), true, confidence) ) or // Exclude endpoints that have a characteristic that implies they're not sinks for _this particular_ sink type. @@ -195,7 +192,7 @@ module SharedCharacteristics { override predicate hasImplications( Candidate::EndpointType endpointType, boolean isPositiveIndicator, float confidence ) { - Candidate::isNegative(endpointType) and + endpointType instanceof Candidate::NegativeEndpointType and isPositiveIndicator = true and confidence = highConfidence() } @@ -214,7 +211,7 @@ module SharedCharacteristics { override predicate hasImplications( Candidate::EndpointType endpointType, boolean isPositiveIndicator, float confidence ) { - Candidate::isNegative(endpointType) and + endpointType instanceof Candidate::NegativeEndpointType and isPositiveIndicator = true and confidence = mediumConfidence() } @@ -235,7 +232,7 @@ module SharedCharacteristics { override predicate hasImplications( Candidate::EndpointType endpointType, boolean isPositiveIndicator, float confidence ) { - Candidate::isNegative(endpointType) and + endpointType instanceof Candidate::NegativeEndpointType and isPositiveIndicator = true and confidence = mediumConfidence() } From bb7e473cbf1a807f59980d09136e9ca29860d7b1 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Tue, 2 May 2023 13:22:31 +0200 Subject: [PATCH 115/870] use the name callable, instead of callee for methods, functions --- .../AutomodelEndpointCharacteristics.qll | 46 +++++++++---------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll b/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll index f9639743fa3..69ebca646df 100644 --- a/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll @@ -88,10 +88,10 @@ module CandidatesImpl implements SharedCharacteristics::CandidateSig { exists( string package, string type, boolean subtypes, string name, string signature, string ext, int input, string provenance, boolean isPublic, boolean isFinal, boolean isStatic, - string calleeJavaDoc + string callableJavaDoc | hasMetadata(e, package, type, name, signature, input, isFinal, isStatic, isPublic, - calleeJavaDoc) and + callableJavaDoc) and (if isFinal = true or isStatic = true then subtypes = false else subtypes = true) and ext = "" and /* @@ -113,7 +113,7 @@ module CandidatesImpl implements SharedCharacteristics::CandidateSig { + "', 'Argument index': " + input // + ", 'Provenance': '" + provenance // + "', 'Is public': " + isPublic // - + "', 'Callee JavaDoc': '" + calleeJavaDoc.replaceAll("'", "\"") // + + "', 'Callable JavaDoc': '" + callableJavaDoc.replaceAll("'", "\"") // + "'}" // TODO: Why are the curly braces added twice? ) } @@ -136,28 +136,28 @@ class Endpoint = CandidatesImpl::Endpoint; */ predicate hasMetadata( Endpoint n, string package, string type, string name, string signature, int input, - boolean isFinal, boolean isStatic, boolean isPublic, string calleeJavaDoc + boolean isFinal, boolean isStatic, boolean isPublic, string callableJavaDoc ) { - exists(Callable callee | - n.asParameter() = callee.getParameter(input) and - package = callee.getDeclaringType().getPackage().getName() and - type = callee.getDeclaringType().getErasure().(RefType).nestedName() and + exists(Callable callable | + n.asParameter() = callable.getParameter(input) and + package = callable.getDeclaringType().getPackage().getName() and + type = callable.getDeclaringType().getErasure().(RefType).nestedName() and ( - if callee.isStatic() or callee.getDeclaringType().isStatic() + if callable.isStatic() or callable.getDeclaringType().isStatic() then isStatic = true else isStatic = false ) and ( - if callee.isFinal() or callee.getDeclaringType().isFinal() + if callable.isFinal() or callable.getDeclaringType().isFinal() then isFinal = true else isFinal = false ) and - name = callee.getSourceDeclaration().getName() and - signature = ExternalFlow::paramsString(callee) and // TODO: Why are brackets being escaped (`\[\]` vs `[]`)? - (if callee.isPublic() then isPublic = true else isPublic = false) and - if exists(callee.(Documentable).getJavadoc()) - then calleeJavaDoc = callee.(Documentable).getJavadoc().toString() - else calleeJavaDoc = "" + name = callable.getSourceDeclaration().getName() and + signature = ExternalFlow::paramsString(callable) and // TODO: Why are brackets being escaped (`\[\]` vs `[]`)? + (if callable.isPublic() then isPublic = true else isPublic = false) and + if exists(callable.(Documentable).getJavadoc()) + then callableJavaDoc = callable.(Documentable).getJavadoc().toString() + else callableJavaDoc = "" ) } @@ -168,7 +168,7 @@ predicate hasMetadata( /** * A negative characteristic that indicates that an is-style boolean method is unexploitable even if it is a sink. * - * A sink is highly unlikely to be exploitable if its callee's name starts with `is` and the callee has a boolean return + * A sink is highly unlikely to be exploitable if its callable's name starts with `is` and the callable has a boolean return * type (e.g. `isDirectory`). These kinds of calls normally do only checks, and appear before the proper call that does * the dangerous/interesting thing, so we want the latter to be modeled as the sink. * @@ -188,7 +188,7 @@ private class UnexploitableIsCharacteristic extends CharacteristicsImpl::NotASin * A negative characteristic that indicates that an existence-checking boolean method is unexploitable even if it is a * sink. * - * A sink is highly unlikely to be exploitable if its callee's name is `exists` or `notExists` and the callee has a + * A sink is highly unlikely to be exploitable if its callable's name is `exists` or `notExists` and the callable has a * boolean return type. These kinds of calls normally do only checks, and appear before the proper call that does the * dangerous/interesting thing, so we want the latter to be modeled as the sink. */ @@ -197,13 +197,13 @@ private class UnexploitableExistsCharacteristic extends CharacteristicsImpl::Not override predicate appliesToEndpoint(Endpoint e) { not CandidatesImpl::isSink(e, _) and - exists(Callable callee | - callee = e.getEnclosingCallable() and + exists(Callable callable | + callable = e.getEnclosingCallable() and ( - callee.getName().toLowerCase() = "exists" or - callee.getName().toLowerCase() = "notexists" + callable.getName().toLowerCase() = "exists" or + callable.getName().toLowerCase() = "notexists" ) and - callee.getReturnType() instanceof BooleanType + callable.getReturnType() instanceof BooleanType ) } } From f1644adca951dc8c60070ab4615a7eae3a509a0e Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Tue, 2 May 2023 13:30:22 +0200 Subject: [PATCH 116/870] add internal tag to extraction queries; use 'ml' in query ids, instead of 'ml-powered' --- java/ql/src/Telemetry/AutomodelExtractCandidates.ql | 4 ++-- java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql | 4 ++-- java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelExtractCandidates.ql b/java/ql/src/Telemetry/AutomodelExtractCandidates.ql index 0bf1c7e4c6c..ad900c0823b 100644 --- a/java/ql/src/Telemetry/AutomodelExtractCandidates.ql +++ b/java/ql/src/Telemetry/AutomodelExtractCandidates.ql @@ -8,8 +8,8 @@ * @description A query to extract automodel candidates. * @kind problem * @severity info - * @id java/ml-powered/extract-automodel-candidates - * @tags automodel extract candidates + * @id java/ml/extract-automodel-candidates + * @tags internal automodel extract candidates */ import AutomodelEndpointCharacteristics diff --git a/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql b/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql index 08328e9e767..3dad8a28b0a 100644 --- a/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql +++ b/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql @@ -4,8 +4,8 @@ * @name Negative examples (experimental) * @kind problem * @severity info - * @id java/ml-powered/non-sink - * @tags automodel extract examples negative + * @id java/ml/non-sink + * @tags internal automodel extract examples negative */ import AutomodelEndpointCharacteristics diff --git a/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql b/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql index 95e9f682508..dfc06b80a25 100644 --- a/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql +++ b/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql @@ -4,8 +4,8 @@ * @name Positive examples (experimental) * @kind problem * @severity info - * @id java/ml-powered/known-sink - * @tags automodel extract examples positive + * @id java/ml/known-sink + * @tags internal automodel extract examples positive */ private import java From 34f978ed2661915cef8dd6be6439b04cd349e376 Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Tue, 2 May 2023 15:29:28 +0200 Subject: [PATCH 117/870] Move manual models out of the generated directory --- .../org.apache.commons.net.model.yml | 29 ------------------ .../lib/ext/org.apache.commons.net.model.yml | 30 +++++++++++++++++++ 2 files changed, 30 insertions(+), 29 deletions(-) create mode 100644 java/ql/lib/ext/org.apache.commons.net.model.yml diff --git a/java/ql/lib/ext/generated/org.apache.commons.net.model.yml b/java/ql/lib/ext/generated/org.apache.commons.net.model.yml index 458dc493960..f4807f0967b 100644 --- a/java/ql/lib/ext/generated/org.apache.commons.net.model.yml +++ b/java/ql/lib/ext/generated/org.apache.commons.net.model.yml @@ -1,35 +1,6 @@ # THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT. # Definitions of models for the org.apache.commons.net framework. extensions: - - addsTo: - pack: codeql/java-all - extensible: sinkModel - data: - - ["org.apache.commons.net", "SocketClient", true, "connect", "(InetAddress)", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.commons.net", "SocketClient", true, "connect", "(InetAddress,int)", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.commons.net", "SocketClient", true, "connect", "(InetAddress,int,InetAddress,int)", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.commons.net", "SocketClient", true, "connect", "(String)", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.commons.net", "SocketClient", true, "connect", "(String,int)", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.commons.net", "SocketClient", true, "connect", "(String,int,InetAddress,int)", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(File,String)", "", "Argument[0]", "read-file", "df-generated"] - - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(File,String,String)", "", "Argument[0]", "read-file", "df-generated"] - - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(String,File,String,String,String)", "", "Argument[1]", "read-file", "df-generated"] - - addsTo: - pack: codeql/java-all - extensible: sourceModel - data: - - ["org.apache.commons.net.ftp", "FTPClient", true, "listDirectories", "()", "", "ReturnValue", "remote", "df-manual"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listDirectories", "(String)", "", "ReturnValue", "remote", "df-manual"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listFiles", "()", "", "ReturnValue", "remote", "df-manual"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listFiles", "(String)", "", "ReturnValue", "remote", "df-manual"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listFiles", "(String,FTPFileFilter)", "", "ReturnValue", "remote", "df-manual"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listNames", "()", "", "ReturnValue", "remote", "df-manual"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listNames", "(String)", "", "ReturnValue", "remote", "df-manual"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistDir", "()", "", "ReturnValue", "remote", "df-manual"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistDir", "(String)", "", "ReturnValue", "remote", "df-manual"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistDir", "(String,FTPFileFilter)", "", "ReturnValue", "remote", "df-manual"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "retrieveFile", "(String,OutputStream)", "", "Argument[1]", "remote", "df-manual"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "retrieveFileStream", "(String)", "", "ReturnValue", "remote", "df-manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/org.apache.commons.net.model.yml b/java/ql/lib/ext/org.apache.commons.net.model.yml new file mode 100644 index 00000000000..1ea8876a4e1 --- /dev/null +++ b/java/ql/lib/ext/org.apache.commons.net.model.yml @@ -0,0 +1,30 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.apache.commons.net", "SocketClient", true, "connect", "(InetAddress)", "", "Argument[0]", "open-url", "manual"] + - ["org.apache.commons.net", "SocketClient", true, "connect", "(InetAddress,int)", "", "Argument[0]", "open-url", "manual"] + - ["org.apache.commons.net", "SocketClient", true, "connect", "(InetAddress,int,InetAddress,int)", "", "Argument[0]", "open-url", "manual"] + - ["org.apache.commons.net", "SocketClient", true, "connect", "(String)", "", "Argument[0]", "open-url", "manual"] + - ["org.apache.commons.net", "SocketClient", true, "connect", "(String,int)", "", "Argument[0]", "open-url", "df-manual"] + - ["org.apache.commons.net", "SocketClient", true, "connect", "(String,int,InetAddress,int)", "", "Argument[0]", "open-url", "manual"] + - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(File,String)", "", "Argument[0]", "read-file", "df-manual"] + - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(File,String,String)", "", "Argument[0]", "read-file", "df-manual"] + - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(String,File,String,String,String)", "", "Argument[1]", "read-file", "df-manual"] + - addsTo: + pack: codeql/java-all + extensible: sourceModel + data: + - ["org.apache.commons.net.ftp", "FTPClient", true, "listDirectories", "()", "", "ReturnValue", "remote", "df-manual"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listDirectories", "(String)", "", "ReturnValue", "remote", "df-manual"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listFiles", "()", "", "ReturnValue", "remote", "df-manual"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listFiles", "(String)", "", "ReturnValue", "remote", "df-manual"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listFiles", "(String,FTPFileFilter)", "", "ReturnValue", "remote", "df-manual"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listNames", "()", "", "ReturnValue", "remote", "df-manual"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "listNames", "(String)", "", "ReturnValue", "remote", "df-manual"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistDir", "()", "", "ReturnValue", "remote", "df-manual"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistDir", "(String)", "", "ReturnValue", "remote", "df-manual"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistDir", "(String,FTPFileFilter)", "", "ReturnValue", "remote", "df-manual"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "retrieveFile", "(String,OutputStream)", "", "Argument[1]", "remote", "df-manual"] + - ["org.apache.commons.net.ftp", "FTPClient", true, "retrieveFileStream", "(String)", "", "ReturnValue", "remote", "df-manual"] From ec44aa2597973c3e09f8737dcf7b402d84791c45 Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Tue, 2 May 2023 15:31:20 +0200 Subject: [PATCH 118/870] Add change note --- .../lib/change-notes/2023-05-02-apache-commons-net-models.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 java/ql/lib/change-notes/2023-05-02-apache-commons-net-models.md diff --git a/java/ql/lib/change-notes/2023-05-02-apache-commons-net-models.md b/java/ql/lib/change-notes/2023-05-02-apache-commons-net-models.md new file mode 100644 index 00000000000..fb918f48932 --- /dev/null +++ b/java/ql/lib/change-notes/2023-05-02-apache-commons-net-models.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added models for the Apache Commons Net library, From 1fa1a4e268becb3250953892a1754879fe00c3a5 Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Tue, 2 May 2023 15:09:16 +0100 Subject: [PATCH 119/870] Add Unicode Bypass Validation query tests and help --- .../UnicodeBypassValidationCustomizations.qll | 30 +++++++++ .../dataflow/UnicodeBypassValidationQuery.qll | 62 ++++++++++++++++++ .../CWE-176/UnicodeBypassValidation.qhelp | 36 ++++++++++ .../CWE-176/UnicodeBypassValidation.ql | 24 +++++++ .../Security/CWE-176/escape-bypass.py | 11 ++++ .../Security/CWE-176/vulnerability-flow.png | Bin 0 -> 37706 bytes .../CWE-176/UnicodeBypassValidation.expected | 31 +++++++++ .../CWE-176/UnicodeBypassValidation.qlref | 1 + .../query-tests/Security/CWE-176/samples.py | 30 +++++++++ 9 files changed, 225 insertions(+) create mode 100644 python/ql/lib/semmle/python/security/dataflow/UnicodeBypassValidationCustomizations.qll create mode 100644 python/ql/lib/semmle/python/security/dataflow/UnicodeBypassValidationQuery.qll create mode 100644 python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp create mode 100644 python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.ql create mode 100644 python/ql/src/experimental/Security/CWE-176/escape-bypass.py create mode 100644 python/ql/src/experimental/Security/CWE-176/vulnerability-flow.png create mode 100644 python/ql/test/experimental/query-tests/Security/CWE-176/UnicodeBypassValidation.expected create mode 100644 python/ql/test/experimental/query-tests/Security/CWE-176/UnicodeBypassValidation.qlref create mode 100644 python/ql/test/experimental/query-tests/Security/CWE-176/samples.py diff --git a/python/ql/lib/semmle/python/security/dataflow/UnicodeBypassValidationCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/UnicodeBypassValidationCustomizations.qll new file mode 100644 index 00000000000..dd8e148dcd2 --- /dev/null +++ b/python/ql/lib/semmle/python/security/dataflow/UnicodeBypassValidationCustomizations.qll @@ -0,0 +1,30 @@ +/** + * Provides default sources, sinks and sanitizers for detecting + * "Unicode transformation" + * vulnerabilities, as well as extension points for adding your own. + */ + +private import python +private import semmle.python.dataflow.new.DataFlow + +/** + * Provides default sources, sinks and sanitizers for detecting + * "Unicode transformation" + * vulnerabilities, as well as extension points for adding your own. + */ +module UnicodeBypassValidation { + /** + * A data flow source for "Unicode transformation" vulnerabilities. + */ + abstract class Source extends DataFlow::Node { } + + /** + * A data flow sink for "Unicode transformation" vulnerabilities. + */ + abstract class Sink extends DataFlow::Node { } + + /** + * A sanitizer for "Unicode transformation" vulnerabilities. + */ + abstract class Sanitizer extends DataFlow::Node { } +} diff --git a/python/ql/lib/semmle/python/security/dataflow/UnicodeBypassValidationQuery.qll b/python/ql/lib/semmle/python/security/dataflow/UnicodeBypassValidationQuery.qll new file mode 100644 index 00000000000..504fd49e6f1 --- /dev/null +++ b/python/ql/lib/semmle/python/security/dataflow/UnicodeBypassValidationQuery.qll @@ -0,0 +1,62 @@ +/** + * Provides a taint-tracking configuration for detecting "Unicode transformation mishandling" vulnerabilities. + */ + +private import python +import semmle.python.ApiGraphs +import semmle.python.Concepts +import semmle.python.dataflow.new.DataFlow +import semmle.python.dataflow.new.internal.DataFlowPublic +import semmle.python.dataflow.new.TaintTracking +import semmle.python.dataflow.new.internal.TaintTrackingPrivate +import semmle.python.dataflow.new.RemoteFlowSources +import UnicodeBypassValidationCustomizations::UnicodeBypassValidation + +/** A state signifying that a logical validation has not been performed. */ +class PreValidation extends DataFlow::FlowState { + PreValidation() { this = "PreValidation" } +} + +/** A state signifying that a logical validation has been performed. */ +class PostValidation extends DataFlow::FlowState { + PostValidation() { this = "PostValidation" } +} + +/** + * A taint-tracking configuration for detecting "Unicode transformation mishandling" vulnerabilities. + * + * This configuration uses two flow states, `PreValidation` and `PostValidation`, + * to track the requirement that a logical validation has been performed before the Unicode Transformation. + */ +class Configuration extends TaintTracking::Configuration { + Configuration() { this = "UnicodeBypassValidation" } + + override predicate isSource(DataFlow::Node source, DataFlow::FlowState state) { + source instanceof RemoteFlowSource and state instanceof PreValidation + } + + override predicate isAdditionalTaintStep( + DataFlow::Node nodeFrom, DataFlow::FlowState stateFrom, DataFlow::Node nodeTo, + DataFlow::FlowState stateTo + ) { + ( + exists(Escaping escaping | nodeFrom = escaping.getAnInput() and nodeTo = escaping.getOutput()) + or + exists(RegexExecution re | nodeFrom = re.getString() and nodeTo = re) + or + stringManipulation(nodeFrom, nodeTo) + ) and + stateFrom instanceof PreValidation and + stateTo instanceof PostValidation + } + + /* A Unicode Tranformation (Unicode tranformation) is considered a sink when the algorithm used is either NFC or NFKC. */ + override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) { + exists(API::CallNode cn | + cn = API::moduleImport("unicodedata").getMember("normalize").getACall() and + cn.getArg(0).asExpr().(Str).getS() = ["NFC", "NFKC"] and + sink = cn.getArg(1) and + state instanceof PostValidation + ) + } +} diff --git a/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp new file mode 100644 index 00000000000..89b843e237c --- /dev/null +++ b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp @@ -0,0 +1,36 @@ + + + +

    Security checks bypass due to a Unicode transformation

    +

    + If ever a unicode tranformation is performed after some security checks or logical + validation, the + latter could be bypassed due to a potential Unicode characters collision. + The validation of concern are any character escaping, any regex validation or any string + verification. +

    + Security checks bypassed +     + +

    Perform a Unicode normalization before the logical validation.

    +     + + +

    The following example showcases the bypass of all checks performed by + flask.escape() due to a post-unicode normalization.

    +

    For instance: the character U+FE64 (﹤) is not filtered-out by the flask + escape function. But due to the Unicode normalization, the character is transformed and + would become U+003C ( < ).

    + + + +     + +
  • Research study: + Unicode vulnerabilities that could bYte you + and Unicode pentest + cheatsheet.
    • +     +     \ No newline at end of file diff --git a/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.ql b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.ql new file mode 100644 index 00000000000..f0232b59034 --- /dev/null +++ b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.ql @@ -0,0 +1,24 @@ +/** + * @name Bypass Logical Validation Using Unicode Characters + * @description A Unicode transformation is using a remote user-controlled data. The transformation is a Unicode normalization using the algorithms "NFC" or "NFKC". In all cases, the security measures implemented or the logical validation performed to escape any injection characters, to validate using regex patterns or to perform string-based checks, before the Unicode transformation are **bypassable** by special Unicode characters. + * @kind path-problem + * @id py/unicode-bypass-validation + * @precision high + * @problem.severity error + * @tags security + * experimental + * external/cwe/cwe-176 + * external/cwe/cwe-179 + * external/cwe/cwe-180 + */ + +import python +import semmle.python.security.dataflow.UnicodeBypassValidationQuery +import DataFlow::PathGraph + +from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink +where config.hasFlowPath(source, sink) +select sink.getNode(), source, sink, + "This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters.", + sink.getNode(), "Unicode transformation (Unicode normalization)", source.getNode(), + "remote user-controlled data" diff --git a/python/ql/src/experimental/Security/CWE-176/escape-bypass.py b/python/ql/src/experimental/Security/CWE-176/escape-bypass.py new file mode 100644 index 00000000000..15390c6b8f4 --- /dev/null +++ b/python/ql/src/experimental/Security/CWE-176/escape-bypass.py @@ -0,0 +1,11 @@ +import unicodedata +from flask import Flask, request, escape, render_template + +app = Flask(__name__) + + +@app.route("/unsafe1") +def unsafe1(): + user_input = escape(request.args.get("ui")) + normalized_user_input = unicodedata.normalize("NFKC", user_input) + return render_template("result.html", normalized_user_input=normalized_user_input) diff --git a/python/ql/src/experimental/Security/CWE-176/vulnerability-flow.png b/python/ql/src/experimental/Security/CWE-176/vulnerability-flow.png new file mode 100644 index 0000000000000000000000000000000000000000..e1a354717ef1273043075e966df13a19e4402e1c GIT binary patch literal 37706 zcmeFZcTkkivo9>LE0K*+Ulf4j6_$iTp`s! zspwz1fX`OS;8Tb(@xfNQS&`PIcOGiHsE+*$PeY2M)T?eI3 zWOL4ZypKEvUH7XFeE+P~%lnpp^n9m05gG$S1^t&-9z~Dpc8i1(HW%_AubHqbogr6m z`GxB>5h{_`_<_ToTp&k$0xabQuw|M7b5 zHN*JN&)|7WB?!|>%_Fb!50W7A0HH{1EY1ptGqR&i_+~gs+E1zbR6Uf~-Y!dty8?85 z2~9uw3FDD=RIj~ITJ=tMxZ*8gc>NdmJf2Dl!MGZRo6_wa2Gxs zzO|xYJP;2eO4#x0N~dzei%JD50v@c$2#blVD)5f~4vUI_9()dB$QmL|A|TU(!fYM5tqL^B}h=p5?8_!JcabVc63=mfnK*VEZ5#wi@_sfw$zQ z0goWim7S+B^3cTQ*9Kp9l6K4{AR7pEWjkK+op1(Q0EP*Qrljn_JCJ5@5Lgs~v{pzs z?ASEqQm~Y%L}Vm2kcu;ovlkb|Gw|g$&zEx)JPmO0+}3j-1H9Mbq2Lza9oxo9I~C@F z1{{$ETi5)b&1OaWOlQ>9)FQ16)JMA?1#T-ti3))MM@!Rz3pM?(7ODp2laAgu^7tNX ze6$o}wl;xOL$k_7pNrxp;O~x#A5e!V@U;4?%B;?1=UYp#euahN5hhAx{^akP^L|l@HtTymfP02Y;gA3_w(gidman!Sj%0n@ADZR46{MuA!LN73;I( zze$Wg%KEk_Ijw$HTBjfPWXaS_j(x}CYB&UHtlDh2`fFRUZ6g|4*Ox)l)}C z3NQ{1rwb7m1r8X8{`K}XE{hxBX{6@&u#Oye81dBjGUr{^b|J1fOGU-|@s&cSo^W0AUf zD%DmAD%ldbN_dxBt<_+n(yQ*YEB`JYBFW_QB6%Up9bCqn+1C|R9zYmq@aoP@l z{^+;cFIjo#y}uhUI(5~l2dRS@aT9nNj{oK8Gm@B+Eqrml7@KroRb;uwnbv{f{NQ} zvevoMSXHs+WYg15g6GW@<1(e?S#{Q4@x5yjkDL$gd-g^@&grM%0;~QqKUVtI{^s=H z9^d;Y9>PIASuQMTa}8{MB(N2@(Jk!pNDg2txDq|qH{ZOIAg`J9tD+7@%D64ZpYHUD zRNC}29vQ8{l{l#ka=g`cN{0Q5i#SO>2c~c2lz8=&4g$R=m}!5zT=_EquZ<1 z49(b|PE;op-!+3z%sRfjX6VtiJ>@ywyO3%w{Pb^q(%(AkzSPG)WU8~4cPIS{+c1hO zY_H_Nj#>Xet9}cZQ(*LTGS;JDf^g)vMR0+c=^-OMRn8}*zP zieZvWQO6@q{84784zthhi#$ycGA;0rAoF10oyjlsA~?jJ*~8HUvZ*Lq>Ik_74jae5 z9KW63AtiefyRmmdWg`#S3Swn8f|1AHQU&HZs}H_%>OdB5cj^AhFT>GtQ{I@r^ZBDbJCrcgvdmWvoyC&T zw;ds+-d@_AMDLr9?TS8(${m>T=VENW=cx|7xW%^|0Jf3!PBOpxS3+CEdXGQ1p0+!= zsRMI1lL!Bg(`oGrWGA1_8NM~rn`zmctQ*$QAWB^f@uhcS!;xS6-B^Ev9gT&4uAw8( z53G_$7nkz{RVbdeost$-WZGc4fx6G$GP~>2z{|%uzQS`qcNY3&x*ItvXH{j>hEtr( zakTG>sh2A`&1CUaZcG+N%{++INa7*XPm(T;SIi2xP196o8Kd@*9;TARql+mPD%@w3 z$j|qxXxC=u{>K51at6Dc-x1F8`{USywGoLKD^41kaWyw+ajaK z`H-lzUyj_g=BXd+_9C>N8ny6AFzRY@uUgAGI z0~%i7a$xYJWgCV^K6FtQ-`(pmFxyGt)nVvAr4>X{zN*JFoIlE$9LNdD&gXgBJX zdEV%IAbp?=FMN`f-7)WocA9)wqiXo=368Kw`=9TFwlsPBQcH-MJDw{OcLUCkmP#;K z{v19|g^@Iq*8%O5CtDaz5vffN$;s_sl(HWeB=xDhzk zo?P*(U`G8ZC1y6laYbNk{#O~7QhjaN9Xs?oz<*_=uFBQGb7iQ|8WT!bxtAYjHBzGI z?EgpZV3N~tnRIrF%?o+cagyF(dV86(=&J82RcDC0u3t24C>k)D!H_)69{dD$ijLq= zjqIr|HE8$n-kMQ7I@xSqh+qp$_WT|2%elqDj`rHUKv;0dL*cMqm10 zoL{?USRQ#|7Q(~2b@Hp$*)mVjib~lkH=<2 z3wpNQ`p?8iG4C%l3g)|e4&OT3>)cmSajbIl+V|Ihq1ox^8C0er4|uX|Ood_t3%_Ei zIS>kyr9`XBI-Jhpul#QG9Y1G><0%}MF#E25h~+#V)=}_gRIg-fON)~~UPhwv2^y6n z$O!XPODA_q39^nRU3W%JpIP&>KFZPo^Oe{978o=4Wa(5E5b=qPfeC`6%OdwX!iuVg zEZ8dwKYC$6W-}T1pFJHKN%L8rzkBH)%(jIsgfltDPb_6}Lf&bh1PkO4?o2$#t^D#b z1@bah#&bhR7^Lq+(q7}~&$#(AvG5il2kWKz@MD=$ZOrv{m0BrCvg#hl+L^^?>me3t zO6z4G$Wdq(|FQYNZ8l85=r+Srm3iRV-QWJ3a+gjLGF8O63Sq7(vp0(?7t`MQ zPlMHwcR~l%Pp^SJs9w~a?X#n?)V!T;yTtd3$M8NkZOLNY{a0_|HOkqGN8e2bwuNf-L#zV z-<@RN!0)P8d+!=P;J5BeabFMfJCl0ffQjy%5^k8m=HHPkBMj`(h^XgOi2i=&vvWLbvMvsjy z9%nm;&ktn%nw2;?T3S%LAM(JS^>i=T(;_DSLQG)t1KFpizj!oLg}hp=#AwpH$)d%-u}odiiQYMeg=Ti?5z#9w!D~9H|T3eZxiZfCAO% zbKsHbUrqSMqd9=>?CHWQCb>Htm|9W__T+UR-Pv5F!NSDY!BC0dWx{> ziI0|s5wyK}_F1Fp;@r18{Dho2{>|eoZVFZfJ5rL+Nasi0u?(C?Bdt@pj~1gO?B{m} z6;iR)S-5MKeFaM5eXYL1jT?PF&Jm2=3nst{cCSF?lbe2WNYHw9(^`s6!E&2}_4F;) z+rsak7d2A^SE2#WO-W+iEKBI{oWS#=i&5j`=eEuMlf|mje?KlWMQ<&|GggNai4oj; zn=5MBEzQ%lN$lV@0nWqa@A=k)zZ+vMB3|!Ls8#sd@mzJ9^&Rw(Bt8mFCA8Y=%m6HFi*K;tim+o&|Ky9!J_7u zI65K1eT)ga?N1N8oK2bZ=tc&{FvhZZl{&!%ZSkuY7daJIgL1_+RQZkwK=Z~D$Cw*-xyb<06ZMhdgSY)o^ z6|9nunGW}YhqQ37o-++9R>;2oB+7v`2(0&0mwt({o@(1+W-RngwQiS0qCDd&8!1YX z;p^%uoOET4Jj|c2Mvk+MEf2qX)|Afwlz+(YG`2I!YpV*6LbPocefl+9PR7!a!W|VA z@;ZhG+F*P*L-=~S@_rrY+cvm0M6?1u_XXxJj@Lw%s^kUu*ej6_1d%VSS;%2s3WDN&Bi z^7FJWso!O};|K3wQ9TQx)0TyHN>4yX2*a)gt@*fW>|f8%RgN6+VF@9d z^V6gB>>KJi0i`!dS^B0JC7jje;pn2}dZ#x-`KwRzRjJ4m7Uw(#A9RG|NPIIKyGcf} z{5Fr4lFBpWM%5TQ!^du9ihP) zxhK3k3D=S|DO^#@C6(E#cU$^3;%*^`(s+JfME-qxL>R3oM(59nsL z)eh*uIYyix&SmWh7l^QXvOX;RlP8P` z_34`3lM2eQvWFR-aO>VI8@glR-OLw^VF6@{uaBf%x>-D}r0AM4?2}+SaRX-S@px7; zLi*dv>pU_NJy!}-)xg}x$ZDH{qHF9E;yU^A=!x8SxcFEzo|K+eKuf?DTFudmjCi}e zb%P3J4!Jb;rUTKiHY#+g7ji><$U2fvXtjXs>F)-qIe$dC&1WL40@~bgc9WgB zPLC&E_2A?&qdi`SMdCMG#)=oe?P$N@s=Q2|(edZ`2>gk+BM1Gkh0)SmN!N7WrX;o&V0^&@Q7ll3jY$xROe2n*xaM zUkhujN~%i`=bn|-qx^)e==GU#`B-b`vyD-WwHV>1Lre*#^%)xt`S*Zdhf;*FIIyT& z4g(DMnaG9?oa@jf(i^FhWW2kOD&{oPa@&em;j9`?3e&b)=2vhUn#64bGj)9@s&S2F zu~>)IM|rf5${y0Y7Fb)Y(ocMRwn=04D*U<2h%J1GN<%j7vDPu!>h0_iOG6P5D5^7b zolquz(Z4&h-UJh*+qSS{%^ntQVx-b|o~1dX!Y9)KFz>{}00zepxLCkTxRuVg` z6^(}fz}pQPj?VKMc8bHvd~E+yY7N%2iZmCwVyZK|!8a;dlonQ_x-0ntr-^7umn!UAgG zLPyN)nVsmFe2t#toHb+Y9?eV*Y$N1FsD4Ll(~NQ$Pcj7=B+po2(zL6+(D-{HNm+I) zE0VSNSjAUc72g+olFu}peVY@HkUOt+t>*3^-H2@w%?s#aw$;ik4SS1Vq?7sX#P{73 zTr3vMrW(~Bx+%)N`4qD;nV-%GTOXNwhm+YEHyLnUAkXuWg?z0WNq?qbs1Jb(+{6CE zVW|L`f)MFLzj5yn+_TYlWoLYO3UNR3QE<>d^Oq|nI*^@F;ftmu?f!rJ(Dl_vw(TG^jedQ6cU)!w0o{nd6?gb)^uG?;>kpDX<3CtS#$V-G zwLhlVXlc>7jWChW&muB9Ucvb&V^o78Rvvkr^MD{?E;_30wXb2A%qaE7QcD(3?Qknv z>XZbZ5#CSomnz^G92>=fXHr+G(B$CSdFW&%!ev1UT~BVG^2nXx^0xS$Zg-0*>BxzZ z#!`ByItSBwd^&jJdKyA^iXpq=`M@7+$jtj@aQs$XM#cCyZ!MOc`R?-MC_qv zTRPoq&9Up3yV7^X7T=P@%J9yNaKzxpN_4b}3vsDg!LH7K9Ad;1FL?Dj1#3__l;!U0 zpt#~kqaHz&65^Q-#JZ|wK5nyEL$^HBC(I&3KR_D(M&Q;MP-K2DmU{8=|{f?H@= zW|AP^>+lC(N@JWZh&IB5=>LM_XDt(Vc=WVtFgOuu24O3-yfU1@BfK-}vIXZ32qh|b zuoZMZ(|I?g!V;nQVcqGG2Nep!azZ(mh&A9sPza;YSc;zt4Wf$d0vz&4>=jk;)VSXJ zGagw91&yO*r!}#Axj|UQ?A%X=kPC`Dv?c6@amA-V?$XfPOd3KJ&`d!~$p#PJgCL^^ z`|}PcxG`u>RL$Px4xWcV4B^10EEp9O)|l-%Qldg>f|J75_MUbmEDtoJBhlpXNFRt? z5nq>^T=9aSxtC+`AQ9;Tg@RKRrnRvNq2Q3yydOJZ0XN{GTKpQXDz+YIR#EN1N5LBb zxdo|mQcP4RI?!yDu;i-&uY;)Q%X!8d90~c_1>q}|J-dxu@n#Se3xhRD$To-yW+`(Nwk-sE3H5)`NI>2J&3csESX3wx z@U&vBGY}3-gyd&DfAoL~B@C#T-&y*l0iOkfQ^jVAa0OR`>v(*M%|ZbRE&!TK(1%wD z3$B8vy-ME4%GkY-`~-LWLr3;Er$)lFn+wDMwoOzAn&7>DWCP*HC=G0;n-1}E zzWb=w=eUJRVMP2=YGjd@fHhnSQquOUXWRg14o-&lT4m8}3xr(5SD+?GY_dxjTp!X* zyPqNX>`=!$kgnVsoiV!Xhzn_d5G4Y3Ih!6(8Gbu@vM6YR|5Qnc5P#5A`iwIcV8}r* zDrn#5)frH(H%Z4?*%B5Q==$ z@stkw01E~TQ@s5ul?X-;A_wEiTWsq=H2fz_4T<6j7~%5%3{4Ad+SZS9kF_B<{vqJP z=^+>jyi|a|T0SaXqV(}EAov{iuOxs@oUwo90tE4b-)3LmX1|<*3rmd^+tx!n1Cjs- zFds9kU}o^Ln1}Fgh^-cC;2P+p9a3CUn|OtjJXlbboR~zZwT&-&UJ7=k-fjRsl)4q=@+PLWHhCvEj#JWNFY4RFGgFmK4bk@Lov&9IiBFLqq7t04m-Xht6H<-w22u$4h^j zL0xv_hV(C#0YLx_540WVpDo?L6#Tz#1b5I>>c}1&cS#f!vui5T^QX< zqA0=4REp`F5XV?DU>V14C1Wp_!UYNn$L3mhLmXSkffZQO>bYD=q#x+lk;?1K331{E z30He`-t3Y*c;nxduWKNL9-%zK``eK~XdD2(14Wxwm<0(FWP0!=^Lx{6r<0X0GvSg?lfJaa*p z3_OI^Fg!!#GKWS6j5q#}H#QMk_(Xs#urrJtX+u9kJp_aEJ1~=7=KCZu9?}u4C@{Q{l_1&6OKpURqD(%z6nO;*w1#AP%#~b{@eUSn_Sf)d zlfQ3={Iz>;`EZG7&}%Y387@~j$R7;3Ud5n(8(L;(UT`_YGHwoNT%T^fKsW6!^zptF zxSI&_H9F54*DviZszn%Z;_)*o|I+3&b5>aQ(f$1N)U@cFo&HveAiwpO~3zrY%3l_{{B&-PzAOntuV zvNRwRLB^6eRH%7lHJ)O}kMRGkH(DN`(l_&)WsYcA{dQvje4?|nG$?ZS%^i*9`hT4t@Zb^1c1-NgE~DVTV584|ak}0+<-jLr{pw-9 z4yT93zYG2Qe1to@f`;T(w`Gcv$k>>aoWuWigw zwFY(Rz4DA?;rk|#QeK>%yg&WqT{Sl|Q1jIzYomVf!|6D0c8?L(B_JqW{Icv`r~h5# zm78~*JvZu>Zq>Og6zJwERoagU|J*;>tn@o_@jjUH%(}Q4gPFZ}1+2nGUjj=a@)o3^ z8dXlZToek}A0qJ)w_XLF^fRC~%B~yOBZyr`o47-uTb})9=kU(ej8|0AMFm>&SlpFcor465wdhBbfx9yCiO@9z`|7U9mzGm3YLKY3_x>eN~TkstU^8cRs zbvsGM)3NTorFyC1`|Ph7a;A%4)02jZlsl}ZoBY+IDeavWLC)sNgKZje^mUS933CAK zc|UE%PM5I1S9B0!K3t@=@QF@n{(bX#qIQ-{-*n)G*7it&TG*|pBr1mq;3u7i|Y zh9h_c_=wv<3~k<@!J=B99&Yb!_-<aWkGkx9|Fr|pO<|$UT4lSD5_a5Jd6R&ng{$3qo-(@$E+aal z&ePu->M}ukkbbSx!^a0Fn$hM}i>+Pr`Ei-$G)SV8zWC#K^}btznft;^{Z9_YM~1@@04?Wpec;{s z@aaS}!wsuc>7OijDr$c@ceC)$b;tBoKloh287sdz>XQI6%w+8CiljG*M_zc2$)n$;wmI~O&w zQG4dmn&IcTc$@dwf`dF~*(dwv(~N4nAGZcZJ}l>@uq6{`6W=cmSdSL31^`^Iu}+u- z_D=n~<~W6Oqs4(&sR`2bwsP!$-<+Hs^kqocGk=If<&J%vt~20Oe{%ej3xojnnZ68a zz~z8;6hyE{5mTX2@ZXr+_eIx!jL^^{dKH*G_HuN;>*lEt+D;YqQ?6X+(GMOZvX$-+ zC8V}$EE;a93pCEMLzFsoIX3^f*H+3|50&M zz}c~OC~n}4Qu~WCgZh2SM}!!xmHRRh{kTWl<^e~A$-3R-o9c{|h&1Lir-9$L#aTQ! zY<}M;Nut~gSxB^HXJK_pOBo=gU}d=GS(h0ngYR-YyUS{6@vRFiocXo)&HJaOSoqZL zFbY*C@!dBB(&|e_21`U(Sh-Io{*K+}t$Bk`JRaWBk*7o~kuu$MTa;Frezv%*F6;IU z<2=I9P#k;W{CT(emOTSJ1I{;v!NPv$ktH2VA12pA=#DT_aPs(&ZDW6@bLx#fS5dQ? z)#6}|$nf27Dt1XD0oAjUIM7f4xIq+E=B55@0f!IONy1EZpuDHu}Np(T)K!)9)ugK6ERnhD{e zK!B4e_=XfOvp8fnGhr}w0#Y)LoyN75jjh7e2dgww+Bx!aI14`*8Cqi3x#Sp@0E#nk z=*{oG$NR>p<=qK7finyH!Kox;=0ik8QLA?-wUp zc@FW6Nn9&GPWpWjgPtggg#mG)CTmecU;kkvT)ybda10GOjb(&A>RB5bqHLVsgDvjG z)b8$pjEG%E*w|8ABO3=%d3jMYas<8;jKa?V$eI4*_@WTAV^fI*V!e3X$K+vOQA;M3 zRxfV5z7V?+j&*iI%-r_t&TG|c`rXnEheoPqPgJlUEhxoIAo-q- ziHmr)ztBSbS;qY+=@5(7VTysvmD?gwk6k3uT!{2(|AVYuO9f0TqF1NXLRGwVssW8J z8|TJe@K#RjN&MSUzAKCze1lK){)!0L`5bJpcxcT=@QJHa-h@rG$H`J{*EzA#Z&%#S zfAr^0ZS5~rMs{Qe@gw@Y@%LGx9&Zosc}~47HE*ESBl~I(@}<*9sfVyA7nEp7+FDh% zzbSf*HeKbTA%DQP%|KO=11=h8H|I%Ea80l~A`B&p*^2+B-BZ~u*O6c0;$;lV`ucFy zfqiVM`b1)C861F~9*!SEqQbH7ps}l%96H(`Uo(^@(|+=*@MzZ8t$5hqu#J1QU{1%l z93S~6v7Y^|RlIc6lad$63_K6bS-!yBz^xkRjsAlM`G_Ua-%JvA!OOTFQwj3(jucWn zIV_mmw4&6|GRf;KJ>Abe{4K>aCF}wuR*-v@U;hqI1J<{!oejK369qb-T}0tF()@O|qGe zBYGB1W45gb=2qQpr{p3Z_)Gq3xvdr){i~g2$C5C^60hqQG0Caq@`vy|e@clU0|w0y z<)2FSv@Koz{VKP0>6!TDaO;2dWNns6z)A1O`jnP}oUmF>DVx{_ojBQS1$rTojLyM_ zDsSj^_VvW0mDb;Ga4Vkmlf)c4eE%CJ&Z{6)mT#im8Nw!$KY+#m$iCVG51-2F$L(gL z9HaM7fQL~nI3k_*dt%Tt>}@)7`WEHSGEq~9-)LA0 zmf&|`GV^?I8y8YcGlxCmi$YTH3- znKNKLlu~(()q;B522-G+9fPH9ti-5uub4MoDth!u*v}7=_*kK@*!0J)V)4(uNA0#Ov7Q_D1LVhlodoD-hJQ9`CyE*GsIBeFBY~A zE>{*cX9ypFkidC6aI}$1M6gK9sR6=Rr%t_h{0+3uX}EZ z4B$e4lxHngCQqg$3mL0GR57LAqlS4jDm=#O(d46N1t;hZ%3~l$kkF7|AVJwQ!U*+%bYLyvE}Lk%FEla za>M9VGXH^w)bdqNtk>7C%CtLnj}%znzF}$z}eEyTj@ij%_PmAUaFKIzP&(gweil_a2+b zT@Y3CoaL*nW=VaJllXV|I4lpgqJ{WDKx)}Vc9vz*v#!msnme#w=hJ5J7L(iXd*!;B z4ug++zPJVJ#KtHFqvk_JISTKh^%+#*3ZP(}iEs}aZiS0a6+f8WwSQNq<~YPiuQK%Y z^bC#P@GCA$FO#g5&ZO$$hKb@ToBoyda^7g#ZnkD{erj`dt!)yF$}{SiVlGNSG~wT4 z+qT-^!WVRZx&K|%j|$=#@rbHDY!O5n=MU#r(S+Q7=FJzGu4v+ecg2+CXkm*3CR=HQ zC|;^x>ug9B-qJAQ>7pC`$hDd3A~BOa;>Sdi#M6b^{LF{^$IXUoj@uxEe3RM!MV4je zr;xU_M8?Jz7MQBr602(Qc*0G7vG3XKgtAV1GtqO2pZpm`kz~HkQ-A#piP7K57s;1M zEZbLfC}h1@Iq>SIoCKY(iMp&h^C;|$alXKJJy+mhdcWrUp3kE*3x6>iA6?+|yrrM5 zeyPO1<(<^;i+nY){SubzfoOU(waRt)J|Q;Gz=?626=73iYr@ERe7ao1r=i z?$#Aur#H@Z%p2awsZgmEg0MxWYG?0>HJ=2g$bOM~+s~tRDGFOWW4`SseG1jws^E+} z4H(HoR@AN;$NPlRaEUid+HxL;{f)}Z2$eA+WwR(;bR}kJsOtS`!C{x zhdF~CKt6U4o@~HNm;)SgsIr*!^=3+1TRXx`6PS%%+q7!M**RHt=}97XZcZ_jmyiif zn8?ks;SMhr@SKvwatOo9in`-i%Q3hE*FE+Vp2eMd_~EHv?VO??dubvVL&HpC&sI2S z*|1h^KG|hIRJPTSy0jI5s6!dFZYXq6FwdrERECVI@Am5ah?<%aoMXjXA3rZ_!-|y} zICx*A&BVN*<@16ikN;v==IZUf)o@#to4PvB>y*)OA>0GAw7#vpaw$Y{?Ty?>)-0mO z^x87Q1R?aTMwG#XTERq(4;jC6sW3X(GHnrWQXNfaCp{Lmot?fCnGJcVukI3HJr z(f9|>89)8mnsu-pvC&j;qP@BYPKULT1fM!6E&7!)M!Q;E@wb7$(OWR+3BrQ}T>7#W z>a^Z-s8X*xBH_eOK?v@;SBv?>*d+I>Rrt&rZACiU@z+QEC<(cs5FHz!&#-1(ib}xEPUV4Lsm~~u_Mc{ALQew<4rU4p-$wTJ3O)wc;&~Fo z{ae_j5RUUhunhzkGYPqrWC8w1*dMm<=3Jpaq zqh}5!s4AfHTA>sSLZihIFz)dyE}s|cJqUR>Bw}2-Eck&3p-I~PFe%6yd?$E=K0*^) z6vFf=nVZ$HKS2cuo%+nYgyW#nr`7Sqd5>!b2;yJot006cmd+v^s44)c6Jm`w=cEBw z1Cxk8pBqE9(1E8%;cFd?WAnofc_LJKmD zKv0*06A=&tbASpmq6!h(R285^H)LvmZds!R;8XbT3l5nHjUW>A+nvX`EEvFdeI#A8 ziO6U$$s<_z`-C7N@Z|7;rdtEs1BC1=eg!bg5qbd$&%C6`0hJtSkLv}T z{HYO~c5B7GimG{c-+Hy$w$h^YIU?rPd?{~^+wte(r@w0d_QvJ`-9QhZb>flIU~i)E zuep$M#p43)UGAHMidws37&QQ1RR99(i69hwS!Gk46PN-5M9i~WSNZi-7$qGAp}IEz zlYLcx#lNd+@7HAhJs03dAt+*t4QT*{1SNyNc94i|ClI*S1nF$nP>Cq02x7iU-k%|n z1cF6hinLyd{r<7ibdq@?xBr6IK{1_fuD}aLe8Yw69|g~l6CVHZj8Xi_j0!FsTmEd% z;K+T~MyevPxkXg|VA6FV4U{=}ikn>5%f~CqGA)kXTmG)R;qc=YNP4tB!0zo@ZhwKV zFl8;dqg$fOo-XSDnS@E+EJeh8W9f(AO?=3-Ub*7|3Q!^Afg97to`94En?x z6=C<|O>fZo89%GORj{6H0h%2_Le&G|oKhrdQ%T55X#7ttAUr8DC;kz)R3(mtk!HUY zWT_Kmo7Q`jL+SovmR%(LcPcE39&bMRsSnC_WNke+8^sPkbk9cvkgiX-*{liFz%WR= zm4udgBe^UOHl}vsBa>2&&oU(JdcLc({UJ!J+g(|hZ4hmFHU267k zr9)C)Tdz-#*WN=2L2p|aah7*}x>REkzYP?jo^(F>^St_Ib&SF(9KcI&{VvW9de1*< z_Z}F?78DpG_^8k_K)-7_ts}VNO@NW)_?7=UGRW4T_=|al&q%qcWVc4lsBW{jcTFQFOfkb||na)gM}pyvFPtLeM{GLX7dK&ZoVd zAJ~AuYkc0z``j&G^COzsUzw(kxQNM)(HMZd^WYBamgzZ?oqWwu`#Qet^q=z+7EuFG zvc2?pdFiF0xqF_{+Sq%~RY4`%RHG9RJ1WSwGqvC9d8}S)Nwl zPCbwbPbs>cEoeW&Q|R`4cX2S4?T$FJ=cKa>sOOgYd;O2QpQ5&5RP_MJzByZK{cq8G zu$R_4LB%a`-3CB+>ZP-ye!MU%Boog3_I4=dcyB`p`~kw3Y+5mf(gza_ zDy(11<`m5AshZA@?Y*65kdM3BNC!@y$mJ5^t~zc9@!htL@gn(-jxqf@yVNi4GV|^k z@`IaZmgkdxWkBBP^}%lwFJ%Q9;9ubI&k9>X4wJQ_%CZ*GAj$eA02-~Y*RFIiEvTK{ zuvs7Hu|GG8sE44KGS9DZPs`iWWlzLLP;$m8sU{tUH|`@=bH5?ifoDv~^t@4-gNV|H;W!UaBS)yMm+{Wla#w;eXz{MBo8iOI zWPTMbILTDMiu41oZB=i*3;Ofs)14@{)k&%0s;;iVH*!uxbfz}I;+awYH-P+iOq|)p zjX{L6b~oEpOqYgcPgvmEpPH<;Re(JWt_WV+-U4<0ed|j(gL^|LOm1}cvfHjujg`-6 zCVVe!@lauJtDRv$aFrKN_Hc$WDgB)%*StQyOj!?3lNGbM=jsqJo+1bKpGV!wv(hdm z>>2zm8x9Tj=aaJTaC<6S*?gNlrVvSp@D;zmN~9&?Qv5LeoaAba7t+7uBO~FPGT!^S zH?brbHuf_|;YK6RaSM;bZ4^sE8CVNN3Np=uobercc61*zY@}-*_B* z5Jnr%%g>7a=!y1?EnsA@n_&d-DPZS2Y#y$A<&^TPluL*Ou>{l%XS@XEFwqgxy&IYs z3Q@k&`XeF7dLhm2E5V|QB9BgP6Bppy3n@KedVj!AqnALfCEG$6sD?}7G2&}GK|6ty z@y5V(IKe4Bqb_NdPUwr{?}j=9`m^vNzT75EOEAv!q+(sk8AI9EWUx}*Gkg*!{nSa) z@1eq<>o@7hQJmNZ+?uIh^v|kXm$Z3*lztw)Hj`Xt1k(72HEsP-yG)LV=WMI|YEMjl z5Xlu??fjz#f{=oXnl$9b7s7h79sAEnn^mztK@NBSBW4l8L*Tm3P#g8kb$NH&D*IRO zUlB^c%#K^ez3k1{saot4v3@;D5_+?MWuf<#670@Rt0J#VP@`+%U?!PiCtr%_M4U_>O^`4NrB(RbakphuROr+XEw zo2!mRH(Q>~V|6a`-O723`|H_iLJ6p?2%{uNe0bwptgTLyP#>lvh{=6Lm%{n z=jzg{XFl-wXsqAE20ilgAY0(+?CIALnhu$#g#HS7AITp-VZqbBUlNvkk9?Q@$S#~kC!1}-Is>Wf>3 z;Qev;v&0}R=yFm?*L@3H6u6ye5>j>dwo(=06Yy^lbIe+wLH-kOcXL`1@sDpZEEP=6 z;Gb(4O6m@4U9a>rGeyb}J0&lHKTu%7r;(YIVrTs-T8ffrTd<}OM5nz@tE-Krwv4&A zYrzKr(!#@29$&Yq8+D&H6mitOl1eA=6bw>lXq>*{DLdmeTEACc;*Z=uw2RRWnpP?A zMtcn6z_3EGgeTg$9c!ntWzL!Q<~hv>@b&PV!#_v!l3f*=+X(Mp{W_QTdAGX4_wD(q zA}w333{L8gV7ZOSmhBI<4S#T0L{un;>H$)+7?E6M;xj4K73mY6zo#AJW8#XXw_i!8 zFgVKbL>ycZ&l7UJ&@7D28rXEuHS*gNW--D;aOmP|RM9qCmhuU=#e%ba2Qdef5 z`CVVzS|M+MEDz+Dz5py1$y+UEY*0X{nPb-h2MS1@9ho?Va#rmL>E8cZL}T zS~jkKPaQod>07%Gt9{B?Y7q6?M-#YLi<5HB>8$RNBU!9+J_ywThkwR(FkowP#Y#-8 zU~536(5yQL^4nd3{-me15mw?nUg%C<>wX+|^?{Q%;UmsqD=0j4bmmu2uPi=_TK-!_w&5x{qlZ!&vmZHPt(Qv%{Av-W6e3n z9QS=s6Zi)30uzN*$Q2PRw3)uo2D@()5|5oTuL;03RzE*?H0$D@QlOUA}W6Y)X; zjW+of2@VuYhGRdm{eOP!t^04@8aTWtc`~GaSv7$JRB1Xd_I3!4v%NKP%cbPf)kJ9A zg9V0H0ZZa&>&(FKY|{|LV3~l=s2EorIm6s>?%PtNBo?x^)38M@U_Iyh8?luiu)lPI z=e^j`o+oi;VC1=X`*1cwqSxcn-0|-FyM^4y+<{Gap=}xP1ypx(wdEM-Z?u&M&2$J( z#uV0^>V0`K$xScn90Lws8$jzFoJ{_u>JYP)WH;O1BZZaW2+B+sX%t;^i+1Z~aG-Y}< zjeez)GrY6MhdbYEJdYZF_2=K?w|v%0Ppr?Y?nIj}=*Z}~+XLHyXs`i@*5-kYpMeH% zj*=H6ND@OBVUbvG{U;tp!oA*wBzHd5C8b}Sz;IQsBqx+cSo@c?+wGs+hI7DP|9WtWO=Z9|Ug7+Df5O|i z#d1xu?B-&W!W@DJbzb}N9fWrH#a{gt5U=*_Kj?fHGIYpL$kigY<=>txVO%qGeG&q( za7QnN?{CQURCx7&CK*r8+vYrzRK8Ufhg&4+DH}#3kWnNb=r#F8P5ku0G&V0+4W!OG z7PE9eK5!WSJfsXe1N2@NfLDmFO10F=Nte88TvK(9@g`SarQqqNpVP*~Nw9rfkov%G z7QkhU-Y;I8$mtsXZ2i_Fx74*3c#+^Z)|%}G#N^@Zt*CqlsSDU9QIauaZCw^R?e8x| zvd%oU$Hk_lDFQEpQtl<}5FtFA6uqP!V&u!sZ)q@wcQ5LgabW41Tl@8J8TXkN?B5RXDdxo17(W0A@f#)yiiyz3 z+c0bSV$W26I6c2S5KNfHok9Wrh+p}J*=+PZ@4KzlPYV6#`*T5D=-1-(FBh3!e?+Fvo&e+HS_5UOlWe|Jdbt}pw#!3Csot^bupszl$IXzuZxY-IgxM( z6cmK>>&|<;1#L4r5m(KLo*6s5x~n(jR#@nH7DPZ?uI`xD^s@36sZg|I13Chy*KBkg ztw-kG&#o4^q6>)Vh+zNygza|z&IaDjJ+5)#WPWq?tmbW>bpsil-PHjVMD*cnG<$?< z^S;CUt0RDY+UxX8RT1B+_euPHKG};CbW@&sO(;8V7HS7M)%lTp8(OA}5B#ZMm62Mf zrJ(e~eWODWb9pQ`dRB6OdHlx<^%C20JxztpNRd8Lfhd|Z+FSkiPo)yALkGqyEZ8vB zxtnmY!jlghzADs`@~}EptveOjsXr?#$(#i>F1#(f2$8wFIWpq1!k+J|R2w~*n*uE< z(K|(02#QAHcxobrX-2LS?IeOAUNNYmsa{d$Pj>HoQB`Km&=BSrO28)@R$(EF+dQ5n z#r5m1+;^vLRr_E zZV0V_(o2U!7?;<+VQk73`K(hkX^iI$Ttg zy3u#Le@8lgR?ny`M)a2gT^CcM=rdkv!E^}Tokr~&k6^5PAZeIX;|l}VBo17{gE-uT zSAFt3OZF6ewzAHGvV^1pK7RCT+d}=sDS=ami03tLFBna1+WRK*t%T?34fFj`4Rw?{ zTE%UbzG;qhBQy*&>A>FtAZrdY{)aBS z#Pk;!lIJ`D@*OMg<RoNi?B=dmD~6IBs!qO_X&s%l*O{6Eaw~Zy{DSL+Bzh>~?PkbXE(^WLDa~q^efhGC z3aj_=l%2-yp5j}qMDJ*=_%+k-$0Z*w_`B8#FlHNw&>3%ABivWfx}54O(s@ znY^VTHlLxp*0amiuQB$4jLN0MANm^OT6e8q zNY3h&$gb!D0j&2_crMFa=YJWe#@|}qAf5aLQ)Wgx={TRZsmBuo@{0y5v@q)imY0-6zBO-HMig7>Lvu&QoI&Z zgXk2fb4A$lzqo0M(j@J{ZDOeT<%EbiN%*Dw2tzHczq8A?$0Q!1TU z@l!(rGoES%^>A8ub>xJ5kLFtGon$GeDcA;ZUY54YzdAfsW+404js)9E-{hy=%(UvY zhCt1+54nbA`6N^|uLp8S!UvkG>BVlV#!=pUiTg6hqSg_SmWqY%PDKB$BkLav@X0G7 zx~&)V))}c&6PP94v~Q!7{S+~6pUT@-9R*sV+@q5UZW+_x6{=mJ%%1=L_IqE&N)pPk#Mp5iO#xov=&d9P7tPRdZmK{Q+cE`9uw zO?Y&(i&o^hdh*e#PQmOZ%oaZk$KXqNCDPw4;*$bD+l=r%d%8Xrnr0EYQ?XKTRI8sT zkZGAWAzgit=#mhfUU!ZKPeNgf9}AP)+d3PAjB4v~pSgX6jL??P{;YPzf}Zhnog4YM z8Ly{ru2Ow|(`4$CL|y$-V@%JB*iO+5Y9KOFFZanS%<7%9%D(>$5Lg< z#;`LC>lFFe3vm97LWQ50WL!(kav`3=dEipNGwwD$@;dI>)ffkl6AO%Vys}@^J zKPdr6ffz`tC3qY{vS$2BOv^Zl`!3t%o8*7QI!m_qJ0q}8BhdQZl#wekb-<4^%6)~! z$Q8-Jc&|LbBlg2`KxjEEAZlNVl6;B8pJXz2 z7ug~kp-~POc`Mof6=UN49e5&x0kl0NB)7CRQIEjVM);{OFFtPsUKNt9YxEfr!)HT8 zri-tUPVQ?Y2x-CY4Lg9#okhZ(^o!q?IlGAP;s zyT)v9d7wrFq~Y>1A*$m83egB?`4w(tEjKP*W&q;BWl)NV0e3W$b34=?5_45Age1v> zA!Q#_W@5(97FmG>m_oa+BX5npV&}0Yy?)Xo0=u`Uq-nyqbWj;R{WE;8oybXmUh;~% zFZ(-0fk@D4KOG&N2x&w%!(VC`xiT=KPi^X>A|=B~+X`HDH-E42Jzegnqox(z(?H_B zM=vNzo^8)XfkXNgNEauxy^Vsf+jbfA_kKjBYa6KM0l%)R5${+`dTT0zD)}B2 zmET@rJzE{Wnryk;3N#ah)AOz01vHwma+&A9zornnT}J);RyFnSd11#n*hlJo0m`g<^fUd-7qus*n2U^yKJan7n9t{!kPkfpy=vu>kU~>Yj3Jm#4~A zo~1o%7zck_h`KOW6Q~HOq12*-hj_mp_vb|Q*B(3wQUZNt{_%zrXrH`c529~~D8wPW zoq!O^sL9to5UW8tyCb^V%Jc>+!}?H6C1@@h(yWN8yymSLrgUHk)k;o5^Mj<&X1p`?Y!n$!0d0EzU-Khfz*QPR!q^ zK?D+a+W9l>rW+8N+2M9xVZz}FM61-3E4}5P44iu897+evdv=q=rEg@jLfPU&nIABmY~5+KKgl zuwocJOLjHc2{)vyhk?u&0;?-Q;vzkrnNWl+E?t*9 z8Hv$IAO(qF&O1Lp;yW8l2m5&kerr=cAdM9f{>i2(lyS=>;rGMky25*(16_U4#Mb(6(WB#h zwEMUnAn9?tdDxNPyrs$OIYINu=uncFyBX|;Z0~4D2uoA#v3S`mHjBTbZ2}^T!3>^a ze$U>@kmv?RsV|B6B3_^zXWQAqEQ#=zKgAruNurP93PSza!17|OI}kge7gd*|wTdn> zsy$j4?W)Z)I(w1%7rN;m?2r~dV9a6=t<1bz#|ZDOa(x{~;e7Z(2EaPJP>*&k*!gT|Ik)gBHK zZQ0Am*OQ~t<-aO$s;biNH&Jv}>5nHW@Um1(zsp5JzeB8 z8bGb@+f5ymi9v9Nq>xy5xzc@fwa$TR{LPLRB`JqwBwbc97!8F#PWH{?SkuH2 z$U^Ag9vU-sF7?)R*;pn%GaB{8=em9u{W$o$9wUOOA7;RPXQ9b`2Vt~&Nu#XtaWSLl zqfiO~UtZ_z?ZdU!JkPqUO!-gJ)(nAplC7gFqo4CW4XXJG(Y*ISGWXAPumx#Y>`9qP z88LP2Bu!Ee4-LaCVj@ZY18@5qJO*+vBj-tajEbb`g@w2*6f-Y==-eLtY(39Bj_;iP zqwGjnsTrM)V^umxq#cCp1f9#rJ8KWU!1uxOo?2Ab{>do1=f~*YemESAyNYA_c6gi= zf3YAuZ{*p{E9%h#4nl6aizd~(3f?vHDq|fP7Waonc|k@m z^xbn;-Uru5M;*LRLkVPut6#qqaq%Nk7uk|Ml*1;`ei`a2X+_4uzW&QUOY=3?z21*X z8E?)XU9Y&jSp2B4M6my)i7E+etmU`Pc0-@hSrKry_=)yap~lG zzG&m@6}58dn1&mLwRv7PvRhL@7m_cbyCbWYwP<((DBZ$>80)gxWI)$E_ zXQ@0qEtgn-ciH9vd;c0oys1f4`1QWm(&U!XW#7@fBTd60Z>yi#8cj@dqwO#XSVAl~ z*;WLEy+)BqH1h9?_*E@!V1cFjbNG=FHhkYq&^1Jih3AknzRLoGQL=l zBz<5wg;mJoWXN>Ft|!xP5_e%Oy)!eSxa~c)IXLf%#*Tuk!=^;zIhOab4(~r{!mN4X zym|6#wpAST&xcrJeoVL*?uc5rp7U5_W;X;5%yEJIr?4Z(m$(uo2VD5Wpr250^uvCR zZR&-jbF<$hWPn7+ByWX9ni|OwrfOXbq1U8zV|k5F{KD`Q-}h!t+8QFanHUK#h@C z%8jsvY}C#s$M#G#U>ZgSGbu<&+6mKAStyW_=sDUINeE*4Rr@iU7cg;&+a0RSo{nng zxNd%Dm`RDI^O+rL=I2MKg=IY`H`>`ALyk&Qlw~q8T5AYw#Hc-omcQoJ;^n3 z6^vgC;HSzBu8$ z#&@2Fb>HK8Ru&AwbgwO^HS?}X2c|+rtHo0cP@W&ROTh6@o72@pH8uXhrL>~y_|zrF z?)bUx$GFJ2OR_*rmKSV?kZ>I-h_v2B@XJ4%OCcZ@~$`aM{v zsJP5@nW=ZZFYe+leL-v+=F2jzqQu)ftPID+5p1A63LU-ANYX;o7eN(#asP<^HnHjx!REwMO-MH(bdUVNx6U~Kw{fEi3-_G<8+fIV>z!#^h}vB zKk65yUcZg{9RhZSh5bs_p5t03O=vxB6BvRwjdhLEz4EcI2oCG&n1|J1{uNJw zYK~W~b`sWfW*M)TGr6>7Ixq>MwXV*nQ;Q%6c3_C&C zKjc$b?dTobug8X?|Kem|IVt#E{w!gpzE9%of7|RqJQ*uI+upGgI8MWi?!2YEIS_4# z8;JRvFxN2`3o3IKa&E6GlJrJL*cn)@fZ(afixD@o70}#YSXGV3$)*oTRg`m}+Kh`K z_8`e-ET?CrBh*iKd-}79I%96CtqTB&!j%(=C1`^uHi%5U67%nmuH|!Lp}JO;0HgNt&CjAxVXe!(P>mw0Ak}6Fs!e zJ$76?3DctbpTFshO~`0iiIl1*p4;-tAtCr?tUZ0fZ79e-QcEZTw(654nhWe&RJR9%!Zhq^a-dNj)P(Z7L#|(DW9Ff7K0Wp1$~`kmOR?Ybj~0j zr_hw_3}nmuEdw0GREF+YJ7JXX+Wo$3{gFpK(>I+URa=4n9^D#E9RCw_s?qlf!7Lab z^&_fLx4XJ)Gw#bM6fw!+P}R(5xN>B-S~pNP2_+J??@9}WmX?WZZ*blc@)mkdNi4ds zA%}8(NV}edOV|3+^q!XK^CL>qdpTJK_Ga9&R0K~t!oG2A2kIWnrpp$tsLgTg*60S@ zMOV8k(^I8H*4Smg%H`h@#Mxr!(9bNEb>S>b+EwVAP{0)$kkso5!tkVH*GJz+S@ff4 zKM-?rHGs*?_!qFpCcUagTj>-+;}S@mPR>%iO^M>&8Aub|3?t-P$m+`)>&HM%vPhL) zgN?z<>u&lfpf@1m{R4sh4~U)gHB8nr{ZxyXsjZ)9ZZ7hd2z_}c;$|mqZ$;)T^U-uw z{0k)+&T5eiZwefp!2B|8JX?^t8Nae{;D(i*lP|`0dX}}Mfl2H6T*ZTP>Xf#Va`aeD zn9kWBt-U@cMSE8f(7^Eow8>g`N!_e(Xy@8hI$~F+V@Tsxu9qpG?JJu--9RgAV%_%f znzER6xVcJa>S5Q?aYZM1Sh8D^bXw7X2aY*#yHC3mXqka-n7PLkygGNM)jMx=gY~?Z z(88eSF}Ia=oUwPcqpyMeHMWUd7Bso4GA@!mvh{S=`wEmkLk%6XZfTUGjBYDC*&=r- z=iQYe>bI&$xjx^x_CE4gsoJf=O=1Ha3;!U-t*N)3Y+F;MjD^3X*oX!1$>_)!)aK0e z${O1Bb9%Wj$<|$%p1FhI*bx~vyB7W$>j6YSe z|5oGrXH7Lh6uRQ`n?JsiT!rWSiADKG?tc(=YlCuAP`X>g>=Z37rR?SEUKk*e2JZ>X5M3)My_$ zqz!x*f|M~v5M>!6*JDonVK}&_9_Olk=)X3_eW;+CKl#nD3+30`GTW_G$AYwhIz;Bu zf8jyFIQYF5lK&SGx(=aG@WdRP!`DUB%^u9!FS41CA#Dh4PJJbL6FOyv$xy3|aTCU- zs9u?l6@M5uR_eWI9dOwGISq~rVQ+ri5^^Fh`deCzi55Cgj2>Zp37r-(E0as%QUCLr z|NnZ;zGp)d)phy;3*K~RPt`NO?f;LFM%^^eIhi0wsN0Ko`hC-#(m&E;i8llplc!ecAAvUNq=U&W9Ng53Qpc|V9 zoEY4Aqznd&HHPEaR20jd|S7b~mw)7@*QafF!)NY4^9z6)!Kr9fVO{OU0vl)rQ zU@TXM4Q(JaOq0hNqk_Ip%EoHQYqQGj+vow z6xf?)^z?^HrZ^VqzZ&5yVEp9m&r=t_)$z)q0EgTj3|}CWC`n2A>f~rjZEtUL^a94$$mxzAbm5jGhc5EAI04Bl43acy+xyvp?{de0*G>9~*k#e31J?;X0rE*Kp*1 z2^ci5-6$<4xPJs*l$p$HPZlWuJvvan2k+F3`rSAylndau1}hi$kb8Qdoc3u!5viX7 z>SrI7je@eII@BqA|7Qwvy&A5&yURR8t`|Vt%Gc3a70}SJxG0!Vx`U+Oq>wT>l>5&q zBV`+C!*DmY6*LWN6}mq>LiJu6$_|$$UE8R|aOI(#4=+=9l7&DP%4z4BP_io>JxE{P z!gINwhUk$&AMv0}#^i_x15~F4R*)W+ZUbc|eR%ygUyF^A>wlX)v`rq`Mm=w4j5DL2pZA}&M#|^lS=TN2WRUh~gI#8%HJc-C zaE0-i8F(Tef`)+?b4AjXBRZG_8Rw7C=B6)u=jhO}NICBLY}Up4!W~SSacI-Nj+k&! zG9?&_6c|Vm{wxf?!DEVyfluYiWpRJ_Pm{KfD9J|~Q9oojlwmmRoRNz0?0)(>!WHP} z74!xfZB-9E_)l;qnhV2&5oesR|8mDuxMTT|2lBj4J*dv8^ld$2HI~ro-kI6&$Vhm@ zNSwKS3r0pl6|VDL`s#&@vBg)3$V2ZTR)hZ95U~hu_@)fj89pPHG6KCc8+u!f zlsnzu<4#*T^VxL!ITCKi?tOo8fv$yo@DsJsd__*cL4a zu^Jn&n&CmRWyDfeVWfxq2sx2*KD0r%2j?YXHThsQx+51}{$VxjU^R(i3dk_oz%UI@ zFfYqMnFTCb_FU&Q(wD!d4d^2Wv_Xr*@f`BD)!=Q%d!}0ecu)iVhLLv`D9+Zj2zAb06oIz*tBq`k7O0R!>x6Rbi@V;uy5K7BRQxE zjSQgOX~VvK2J)V7(8Zdt%5B8CK;lfBj zK#-xHC^GhR>iCb}a)8y^@%`};QxYtW2LV>;1rF}GUWo;B#e(l&6@UfUG5mQCnQpnm z!y-GqY)(iTlhglEKUUe!A9KYB)o{_%Y*h6D;fOiI-q(e2AMrQ=51l;mg4Z4NzNo&! z^);Hd`vN2m*%q8~Xz1DSyD6PYjtl6eScA5s%zYO=ye)mC_UgIk(HLiv6`7rC%JXM2 z>-azSqLS!o6w^g+)8!>OkV)2^hcDr3VwyS@9VK34V~MZ%*9oyodOGw=tW)8VUd_r5 zOJY3a3}cqmuUV!tV2%CyMe7EJEqoedixjtiGfTQ|rbmQgp#Olu{o)e*`|qWETo@{L zyq0c)l>nn6G;;H$d>s*7qV-Hu{(HSLse~GT5o&p1$keeHK_52sH`WR5Es-~2E&m6HI~28;>A!WfVs_vR*rQF9Hja%aji^7xLM+N z8wY8Tq0gp?dr%I^-+ovkOkhGod<61!O7QsT$LSVWWAKo&9`^UU;I&LCFj8Y!%4;?>j?Bb^@cMyX|j@Z~f#bu=Q zDulD&dJByu;M~&y;VD8exXj75ufS5|}*mVe%}N*EefT6m@wcewniU-F2Cyc!9hozc1Ha z7@cVPa33xAf>IyHr4P@#EmadiQIUIX91;XB*gW^=%un2S>Q21%QTr*J4RKoTB;YGmdGO>Ni3#|<)66buvY8)DSY zj@AMuKbQ@wt0v#PrmN92G?vJ51=U|@Y%Cu^a|sgD(bIsH2ULdV^gh4|xGG2zxnHXm zy^!yyO^4NMI^ZZE2vA&Y7LKi~h0*~`LN2ZIYYG;ha~h2S6M+?c zFz{qy&Ip!{HDw~b1ut`*wy-|6@ddlG#wR?z4aIYe;wU^ETmllmCso&71!eiB?^l*r zl1(hR9!v+#1317zV)5M_sK9cT`X&Y$e3C3UKke|ElwcyzDBb(2-++9=l*OF&XV zES-I0$^EibJUc%Twa5)!m--9U&`&qV@L)+gm=o<+MNH+HSfCNVQm?*yiUT{kuNs#J zqTzrwoCx`AmMh3fg%^1xjXZ#rIM<`V@BDK*^=tIQ^|A6^IACnbkQ`BJ9OHG}^xBAP ztHDx$)q@yTA4+g$IAVlxFs{RTBHMS6Diau7(|SL=JUE%};Wsah8}E&(E5@vh7+jjj z6xtG9#xGUW3Ey&IXxL0)T^sxmZ{X1*S6}f`i9}pi$TjH;WydqW36tQF^awdpV$E>FgN~@{4#?WlV4yuo zrfUd3iL(V$-JD~s{!uhkwfGngg6-lwck!FuM}2Xf{0 zD9@$5Fj{;PvP2yJpx_kYa~Rjb)S8a5Ob+nOZo!i62b;dbFBYv5UR9YMUE`s zR^p4|$}u^^SPp+quw)p)MMEQ>R+5#{L1!gRgw}~zhx;S`JU9kvFvH8HwqGX=&V@f@ zg_#cv!>2OmpXkRzDhflks@Lg57Od{GNt!62ApMuauLbL5n&!eqye1v^LthL3Y64tw zXy}w83r6a9zGhyBCksnnaAzDVnCuiCOn-m-uMar?v_a>;W3eWr{>nG}CRk}OQ^=Zk zL_w?mpZ3sHvUN_B9eR~eY{5m4sRukZ~Gih{_IL-JnXg+ zN_Oh@4{FozLMMaJWSaTSWAko2S=LA^S0O<8%oQhz&A$Mp*TMXInHPi~wO_QH$dBEv zS>_ypGi$&39j-m`z6uWAE99(7Ky2JP^}1XGUUKb&txdbtkF770M0u(;u6(yT}Hxo4cgV^F)6~L)ygLU*U7vXwhr;ox>r7w&21?E*(hEYc!y+D%m0b1>0Ku+s=g5QSzXU_zXkW_>tb zF+O{x!d;^qck?k#u-ESq^KC$Qdv6f`_~a5JOHcYRpKM7Z@}{8>=NHk z@Yt-!m8~o0CD*-2D94dyi_fotD}5NJP2HgeHsb`&AX2_*TIQq zqG4KP0+zk96|uQCddXfcLj{K0J@0RCm)4%B-HAQxzm}l=wyclpbc-ZbEV1DRhBm&)d0wD8fw}oQMuQijc?2$ z8p|5uhq4oVRMo!|0r-0xIsFwhLarsup0-MyYE>B9Ns-E5co*_}98ONjGd`BS;fmLa?T4~<#KU!B2L0P2qVQ)2;f{TM| z{qRvd;r7yH&E+g~yY|H%siJtGw~*=*-~6dL#BKPT@St9B;$r^?--UxOkNrq9_Bz0G zL*zdW0rsnmO4j~Z-NltuXx7kshobXMd`<2CguC{9ieE<1(!J=Guz6=k;!B_2_-)or zwm^^<0B?=pVYsiPDs~z%$v2eEf!*O^dIUi;kIV>3pu9o+LEJE5_HtcuU)s+>|T@K ziT$$h+_9-G3iQ;s8{(XNKTOac)*A!|Y3TQME&WXPSk9eFld!M6-<`swW5KIb<)?jI zvTV}OxOW+~$n%@#4LG%02T@TAch}M*#4GHgp1n8iAv7Rj&rJoI(5$#hVw#3^dI_To*YtD_5?^>9s+b&3wy0){Eg1$%JqoQLeKsbxPf0y! zxIpYXL0wjLx3EF<{KN5Q97|`m3bA$0KR%S=>{&A5VJ6|c>0Gc>a|^PxY+$h<5|#DS^M+A6&s><`ZV@r5564MF|Yf-GhJAB@wI=mk_>61-47{%T^i)$6O{~Yd!j{F_T4g__~9V zrJ6&1%*pMIx}|cJ?%-yoOYrWHb2UWZ6L=Wv5I7o4mtgJ(lL{t0;^1v%@a$ z_15f-7v0`Y^g-&kmB&iDMxTtoA|jdpIAEzY?!L?6unJ4tcc)L{@*8?f<9Yut_LD)w z(0P-p^lf~|*i4_`%MFkG!%Jncv6T!)9)VOvFKWqyCY3IucKLVKL}Qn(iacDJJUeyC z9X}`G5>oz2(}V1@mlDrzd)J^8Q+J3|b@xzned)OK53i&CT+y?=zT^vmxYbMr)(fL6 zg=3jw^@>znD|+F*UwBb5PUab|u8I%2+)zX$xM$|?wPvjHhRcf&&q!Zh^_^;2)9I`x#Qk8nP5?fy*lo39*JV#nGmT6)pkkIotyPf4+& zsX8b#!ybtRO1zbaaWo!V75VK`+Lmyz-rt zkbuI9-^+X(s6`f2LpIupXWbz`ljE}~U+*`&=&5o}Gr#_5CW`V88KB616Hq2%xH43G z`n0^kZ{lltAD8o_m0Q}a_b(;zRj4wor}~VHWzEqjRd?A}r%}cahsdlU`HZeTcSr#3(h0`oFlyT=q1<&Spi#uzu+*th zrfeZKLr_1tyCAV&_+V;E36&k2&9gM>TPuFzw0W_sX^nTs;&yd>ipDo2I<2pI=E?43 z6lwG*=^&;oVDB>byP8g}o8n(lStS`J+L_9)>!gP?=qyw&p%#A!nYF%J+w5*NC|jur zoCz5p&`jpdbg|d2-bv9gr~rhg>`|J_OLD57puma(sqBaVF_jXr0o1QAh4-9{{(KdF zYTof$gcx}K@G?5Fk*yBN_tR2@J?t|exWMW9AgU&r+1{%x4= zIpB^^y<0AMYZ@VTQ+M@!h*6^&WBmKtFYJLqvmLBTLGK{SlApP}Q{6PR%kF6JiO^_M zXl?P5PK-z2D7z{?a1wu`XV)zy z24%NXg!k{#?5w}E>#Lb`*y*TGOliX24C^qx)f(ISy^~)IgYQ@vplS zqVj0}BnnA|iX@*k_!*Tg&0g8-dHq`)-Sb!$7 z0g{SjyXE$u3n$nB#6M?rn#E(?w~tyB@!u3a`Ym+FlPj+?YRKiHMYm8(6`nfdVXoue z6aLRZRHu4{fy|y<76(Q?Zx#}9-S%aF?pRxtH~EL#5e{K^KzzOZ{#mK->2^WHxsw6= z)~|VmHJtmgqO`c9+W7ELot9S}n<+fqeU(@u^C}yQt9(WkcQU`=TNl2Qn{f-0og_?6 zRb|Z9yW`qjmsPJexpKYH-*3jHXg8{eu%q&Z6Jf{R{PT(pnT|@SUG;v-9dc1a@AP^( zV~f)EF|A%B39Hk}g4XWO)HIxX?w6_s*(kpF{wXcQx;LEz;z&1TQ&7`VK?PLn z=COieD>13Rftmeqry>9G!dB+hjw9M#OW|g!tJ&^9ndb(nLY8Qg_BsP6Zg=mCqfEIU z?Jdc^h&ReuiO<=4Yw0=iLw={YNbX4$^QV{9`1fklT_`&RdEQu?B+Y&5L&e=rPT(Iv zWj*yNkM3!&>M2ubpm2U!dtYy(VzF?BupRq-jebhLplUV^LrD#M6)-SQEeiLVtwcH$ z8)s%NsSse!@b0*dWIgh&!V&W1ce*#t?4e_2c_!GaFulxTHNJbj;P*_asp?dYRaVdk zfoXd<8>N1f%FsI1JBxW;ox;}X`bqiEBwDVS!N)IhwI*vdM`^SAK3_t)Zc{NgO4jki zrjR+&Lm|9jHqD7mlfH{N*ywk$Ty^sP*e@P~^h?>e#CwH0E4Xi9Emf!sc3hJLVy2l) zAVjY3ZPC1dAr9fL2TWjg5H?LIXXj9$m%>2X?nf+>73o1F_0*lC^Y6##LcCj4ay=#h z&d&44WvpnsXaFI0S?`r)*}BK@j2|cIZdm#7Slw}kmpiIZ<2@N_VvIMicgywo+(YIm zKX_~qHy_SjXh?z6OA#_VeYnZ_EQbL-4<37`G-w6|akJ~7W}u%>COkuhR^}ew0W8~_ zsUe~De{Y5VPuKo0erx{I)0JV#A(WH{ylgEl^Vpv63hItT9Z;twT_mvDjEK)l# z&MBuO4hHl}?3(e93U9o(636AV>0zlXvDKA1%~O`^l5e(yOyUJF%xj6DUiD}C2+0F+ p!9JAk1k*PpN%_~+|ATHj@b-(xig(X!mO_JnN^ Date: Tue, 2 May 2023 15:17:03 +0100 Subject: [PATCH 120/870] add a change note markdown --- .../2013-05-02-post-unicode-normalization-query.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 python/ql/src/change-notes/2013-05-02-post-unicode-normalization-query.md diff --git a/python/ql/src/change-notes/2013-05-02-post-unicode-normalization-query.md b/python/ql/src/change-notes/2013-05-02-post-unicode-normalization-query.md new file mode 100644 index 00000000000..59af358047e --- /dev/null +++ b/python/ql/src/change-notes/2013-05-02-post-unicode-normalization-query.md @@ -0,0 +1,4 @@ +--- +category: newQuery +--- +* Added a new query, `py/post-unicode-normalization`, to detect a post-use of unicode normalization that leads to security problems. From 019b85beb6a70cec0027e9205caace25ed655431 Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Tue, 2 May 2023 15:36:39 +0100 Subject: [PATCH 121/870] Add Unicode Bypass Validation query, test and help file --- .../UnicodeBypassValidationCustomizations.qll | 29 +++++++++ .../UnicodeBypassValidationQuery.qll | 61 ++++++++++++++++++ ...-05-02-post-unicode-normalization-query.md | 4 ++ .../cwe-176/UnicodeBypassValidation.qhelp | 36 +++++++++++ .../cwe-176/UnicodeBypassValidation.ql | 22 +++++++ .../cwe-176/examples/unicode_normalization.rb | 8 +++ .../cwe-176/vulnerability-flow.png | Bin 0 -> 37706 bytes .../cwe-176/UnicodeBypassValidation.expected | 56 ++++++++++++++++ .../cwe-176/UnicodeBypassValidation.qlref | 1 + .../cwe-176/unicode_normalization.rb | 25 +++++++ 10 files changed, 242 insertions(+) create mode 100644 ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationCustomizations.qll create mode 100644 ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll create mode 100644 ruby/ql/src/change-notes/2013-05-02-post-unicode-normalization-query.md create mode 100644 ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp create mode 100644 ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.ql create mode 100644 ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb create mode 100644 ruby/ql/src/experimental/cwe-176/vulnerability-flow.png create mode 100644 ruby/ql/test/query-tests/experimental/cwe-176/UnicodeBypassValidation.expected create mode 100644 ruby/ql/test/query-tests/experimental/cwe-176/UnicodeBypassValidation.qlref create mode 100644 ruby/ql/test/query-tests/experimental/cwe-176/unicode_normalization.rb diff --git a/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationCustomizations.qll b/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationCustomizations.qll new file mode 100644 index 00000000000..30310fdac58 --- /dev/null +++ b/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationCustomizations.qll @@ -0,0 +1,29 @@ +/** + * Provides default sources, sinks and sanitizers for detecting + * "Unicode transformation" + * vulnerabilities, as well as extension points for adding your own. + */ + +private import ruby + +/** + * Provides default sources, sinks and sanitizers for detecting + * "Unicode transformation" + * vulnerabilities, as well as extension points for adding your own. + */ +module UnicodeBypassValidation { + /** + * A data flow source for "Unicode transformation" vulnerabilities. + */ + abstract class Source extends DataFlow::Node { } + + /** + * A data flow sink for "Unicode transformation" vulnerabilities. + */ + abstract class Sink extends DataFlow::Node { } + + /** + * A sanitizer for "Unicode transformation" vulnerabilities. + */ + abstract class Sanitizer extends DataFlow::Node { } +} diff --git a/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll b/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll new file mode 100644 index 00000000000..96dd0492e74 --- /dev/null +++ b/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll @@ -0,0 +1,61 @@ +/** + * Provides a taint-tracking configuration for detecting "Unicode transformation mishandling" vulnerabilities. + */ + +private import ruby +private import codeql.ruby.ApiGraphs +private import codeql.ruby.AST +private import codeql.ruby.Concepts +private import codeql.ruby.DataFlow +private import codeql.ruby.dataflow.RemoteFlowSources +private import codeql.ruby.TaintTracking +import UnicodeBypassValidationCustomizations::UnicodeBypassValidation + +/** A state signifying that a logical validation has not been performed. */ +class PreValidation extends DataFlow::FlowState { + PreValidation() { this = "PreValidation" } +} + +/** A state signifying that a logical validation has been performed. */ +class PostValidation extends DataFlow::FlowState { + PostValidation() { this = "PostValidation" } +} + +/** + * A taint-tracking configuration for detecting "Unicode transformation mishandling" vulnerabilities. + * + * This configuration uses two flow states, `PreValidation` and `PostValidation`, + * to track the requirement that a logical validation has been performed before the Unicode Transformation. + */ +class Configuration extends TaintTracking::Configuration { + Configuration() { this = "UnicodeBypassValidation" } + + override predicate isSource(DataFlow::Node source, DataFlow::FlowState state) { + source instanceof RemoteFlowSource and state instanceof PreValidation + } + + override predicate isAdditionalTaintStep( + DataFlow::Node nodeFrom, DataFlow::FlowState stateFrom, DataFlow::Node nodeTo, + DataFlow::FlowState stateTo + ) { + ( + exists(Escaping escaping | nodeFrom = escaping.getAnInput() and nodeTo = escaping.getOutput()) + or + exists(RegexExecution re | nodeFrom = re.getString() and nodeTo = re) + // or + // stringManipulation(nodeFrom, nodeTo) + ) and + stateFrom instanceof PreValidation and + stateTo instanceof PostValidation + } + + /* A Unicode Tranformation (Unicode tranformation) is considered a sink when the algorithm used is either NFC or NFKC. */ + override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) { + exists(DataFlow::CallNode cn | + cn.getMethodName() = "unicode_normalize" and + cn.getArgument(0).toString() = [":nfkc", ":nfc"] and + sink = cn.getReceiver() + ) and + state instanceof PostValidation + } +} diff --git a/ruby/ql/src/change-notes/2013-05-02-post-unicode-normalization-query.md b/ruby/ql/src/change-notes/2013-05-02-post-unicode-normalization-query.md new file mode 100644 index 00000000000..b24e408ff4b --- /dev/null +++ b/ruby/ql/src/change-notes/2013-05-02-post-unicode-normalization-query.md @@ -0,0 +1,4 @@ +--- +category: newQuery +--- +* Added a new query, `ruby/post-unicode-normalization`, to detect a misuse of a post-unicode normalization. diff --git a/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp b/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp new file mode 100644 index 00000000000..ddcdc3b31b2 --- /dev/null +++ b/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp @@ -0,0 +1,36 @@ + + + +

    Security checks bypass due to a Unicode transformation

    +

    + If ever a unicode tranformation is performed after some security checks or logical + validation, the + latter could be bypassed due to a potential Unicode characters collision. + The validation of concern are any character escaping, any regex validation or any string + verification. +

    + Security checks bypassed +     + +

    Perform a Unicode normalization before the logical validation.

    +     + + +

    The following example showcases the bypass of all checks performed by + flask.escape() due to a post-unicode normalization.

    +

    For instance: the character U+FE64 (﹤) is not filtered-out by the flask + escape function. But due to the Unicode normalization, the character is transformed and + would become U+003C ( < ).

    + + + +     + +
  • Research study: + Unicode vulnerabilities that could bYte you + and Unicode pentest + cheatsheet.
    • +     +     \ No newline at end of file diff --git a/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.ql b/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.ql new file mode 100644 index 00000000000..64ea34779a2 --- /dev/null +++ b/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.ql @@ -0,0 +1,22 @@ +/** + * @name Bypass Logical Validation Using Unicode Characters + * @description A Unicode transformation is using a remote user-controlled data. The transformation is a Unicode normalization using the algorithms "NFC" or "NFKC". In all cases, the security measures implemented or the logical validation performed to escape any injection characters, to validate using regex patterns or to perform string-based checks, before the Unicode transformation are **bypassable** by special Unicode characters. + * @kind path-problem + * @id rb/unicode-bypass-validation + * @precision high + * @problem.severity error + * @tags security + * experimental + * external/cwe/cwe-176 + */ + +import ruby +import codeql.ruby.experimental.UnicodeBypassValidationQuery +import DataFlow::PathGraph + +from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink +where config.hasFlowPath(source, sink) +select sink.getNode(), source, sink, + "This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters.", + sink.getNode(), "Unicode transformation (Unicode normalization)", source.getNode(), + "remote user-controlled data" diff --git a/ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb b/ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb new file mode 100644 index 00000000000..f22cd101486 --- /dev/null +++ b/ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb @@ -0,0 +1,8 @@ +class UnicodeNormalizationHtMLSafeController < ActionController::Base + def unicodeNormalize + unicode_input = params[:unicode_input] + unicode_html_safe = unicode_input.html_safe + normalized_nfkc = unicode_html_safe.unicode_normalize(:nfkc) # $result=BAD + normalized_nfc = unicode_html_safe.unicode_normalize(:nfc) # $result=BAD + end +end diff --git a/ruby/ql/src/experimental/cwe-176/vulnerability-flow.png b/ruby/ql/src/experimental/cwe-176/vulnerability-flow.png new file mode 100644 index 0000000000000000000000000000000000000000..e1a354717ef1273043075e966df13a19e4402e1c GIT binary patch literal 37706 zcmeFZcTkkivo9>LE0K*+Ulf4j6_$iTp`s! zspwz1fX`OS;8Tb(@xfNQS&`PIcOGiHsE+*$PeY2M)T?eI3 zWOL4ZypKEvUH7XFeE+P~%lnpp^n9m05gG$S1^t&-9z~Dpc8i1(HW%_AubHqbogr6m z`GxB>5h{_`_<_ToTp&k$0xabQuw|M7b5 zHN*JN&)|7WB?!|>%_Fb!50W7A0HH{1EY1ptGqR&i_+~gs+E1zbR6Uf~-Y!dty8?85 z2~9uw3FDD=RIj~ITJ=tMxZ*8gc>NdmJf2Dl!MGZRo6_wa2Gxs zzO|xYJP;2eO4#x0N~dzei%JD50v@c$2#blVD)5f~4vUI_9()dB$QmL|A|TU(!fYM5tqL^B}h=p5?8_!JcabVc63=mfnK*VEZ5#wi@_sfw$zQ z0goWim7S+B^3cTQ*9Kp9l6K4{AR7pEWjkK+op1(Q0EP*Qrljn_JCJ5@5Lgs~v{pzs z?ASEqQm~Y%L}Vm2kcu;ovlkb|Gw|g$&zEx)JPmO0+}3j-1H9Mbq2Lza9oxo9I~C@F z1{{$ETi5)b&1OaWOlQ>9)FQ16)JMA?1#T-ti3))MM@!Rz3pM?(7ODp2laAgu^7tNX ze6$o}wl;xOL$k_7pNrxp;O~x#A5e!V@U;4?%B;?1=UYp#euahN5hhAx{^akP^L|l@HtTymfP02Y;gA3_w(gidman!Sj%0n@ADZR46{MuA!LN73;I( zze$Wg%KEk_Ijw$HTBjfPWXaS_j(x}CYB&UHtlDh2`fFRUZ6g|4*Ox)l)}C z3NQ{1rwb7m1r8X8{`K}XE{hxBX{6@&u#Oye81dBjGUr{^b|J1fOGU-|@s&cSo^W0AUf zD%DmAD%ldbN_dxBt<_+n(yQ*YEB`JYBFW_QB6%Up9bCqn+1C|R9zYmq@aoP@l z{^+;cFIjo#y}uhUI(5~l2dRS@aT9nNj{oK8Gm@B+Eqrml7@KroRb;uwnbv{f{NQ} zvevoMSXHs+WYg15g6GW@<1(e?S#{Q4@x5yjkDL$gd-g^@&grM%0;~QqKUVtI{^s=H z9^d;Y9>PIASuQMTa}8{MB(N2@(Jk!pNDg2txDq|qH{ZOIAg`J9tD+7@%D64ZpYHUD zRNC}29vQ8{l{l#ka=g`cN{0Q5i#SO>2c~c2lz8=&4g$R=m}!5zT=_EquZ<1 z49(b|PE;op-!+3z%sRfjX6VtiJ>@ywyO3%w{Pb^q(%(AkzSPG)WU8~4cPIS{+c1hO zY_H_Nj#>Xet9}cZQ(*LTGS;JDf^g)vMR0+c=^-OMRn8}*zP zieZvWQO6@q{84784zthhi#$ycGA;0rAoF10oyjlsA~?jJ*~8HUvZ*Lq>Ik_74jae5 z9KW63AtiefyRmmdWg`#S3Swn8f|1AHQU&HZs}H_%>OdB5cj^AhFT>GtQ{I@r^ZBDbJCrcgvdmWvoyC&T zw;ds+-d@_AMDLr9?TS8(${m>T=VENW=cx|7xW%^|0Jf3!PBOpxS3+CEdXGQ1p0+!= zsRMI1lL!Bg(`oGrWGA1_8NM~rn`zmctQ*$QAWB^f@uhcS!;xS6-B^Ev9gT&4uAw8( z53G_$7nkz{RVbdeost$-WZGc4fx6G$GP~>2z{|%uzQS`qcNY3&x*ItvXH{j>hEtr( zakTG>sh2A`&1CUaZcG+N%{++INa7*XPm(T;SIi2xP196o8Kd@*9;TARql+mPD%@w3 z$j|qxXxC=u{>K51at6Dc-x1F8`{USywGoLKD^41kaWyw+ajaK z`H-lzUyj_g=BXd+_9C>N8ny6AFzRY@uUgAGI z0~%i7a$xYJWgCV^K6FtQ-`(pmFxyGt)nVvAr4>X{zN*JFoIlE$9LNdD&gXgBJX zdEV%IAbp?=FMN`f-7)WocA9)wqiXo=368Kw`=9TFwlsPBQcH-MJDw{OcLUCkmP#;K z{v19|g^@Iq*8%O5CtDaz5vffN$;s_sl(HWeB=xDhzk zo?P*(U`G8ZC1y6laYbNk{#O~7QhjaN9Xs?oz<*_=uFBQGb7iQ|8WT!bxtAYjHBzGI z?EgpZV3N~tnRIrF%?o+cagyF(dV86(=&J82RcDC0u3t24C>k)D!H_)69{dD$ijLq= zjqIr|HE8$n-kMQ7I@xSqh+qp$_WT|2%elqDj`rHUKv;0dL*cMqm10 zoL{?USRQ#|7Q(~2b@Hp$*)mVjib~lkH=<2 z3wpNQ`p?8iG4C%l3g)|e4&OT3>)cmSajbIl+V|Ihq1ox^8C0er4|uX|Ood_t3%_Ei zIS>kyr9`XBI-Jhpul#QG9Y1G><0%}MF#E25h~+#V)=}_gRIg-fON)~~UPhwv2^y6n z$O!XPODA_q39^nRU3W%JpIP&>KFZPo^Oe{978o=4Wa(5E5b=qPfeC`6%OdwX!iuVg zEZ8dwKYC$6W-}T1pFJHKN%L8rzkBH)%(jIsgfltDPb_6}Lf&bh1PkO4?o2$#t^D#b z1@bah#&bhR7^Lq+(q7}~&$#(AvG5il2kWKz@MD=$ZOrv{m0BrCvg#hl+L^^?>me3t zO6z4G$Wdq(|FQYNZ8l85=r+Srm3iRV-QWJ3a+gjLGF8O63Sq7(vp0(?7t`MQ zPlMHwcR~l%Pp^SJs9w~a?X#n?)V!T;yTtd3$M8NkZOLNY{a0_|HOkqGN8e2bwuNf-L#zV z-<@RN!0)P8d+!=P;J5BeabFMfJCl0ffQjy%5^k8m=HHPkBMj`(h^XgOi2i=&vvWLbvMvsjy z9%nm;&ktn%nw2;?T3S%LAM(JS^>i=T(;_DSLQG)t1KFpizj!oLg}hp=#AwpH$)d%-u}odiiQYMeg=Ti?5z#9w!D~9H|T3eZxiZfCAO% zbKsHbUrqSMqd9=>?CHWQCb>Htm|9W__T+UR-Pv5F!NSDY!BC0dWx{> ziI0|s5wyK}_F1Fp;@r18{Dho2{>|eoZVFZfJ5rL+Nasi0u?(C?Bdt@pj~1gO?B{m} z6;iR)S-5MKeFaM5eXYL1jT?PF&Jm2=3nst{cCSF?lbe2WNYHw9(^`s6!E&2}_4F;) z+rsak7d2A^SE2#WO-W+iEKBI{oWS#=i&5j`=eEuMlf|mje?KlWMQ<&|GggNai4oj; zn=5MBEzQ%lN$lV@0nWqa@A=k)zZ+vMB3|!Ls8#sd@mzJ9^&Rw(Bt8mFCA8Y=%m6HFi*K;tim+o&|Ky9!J_7u zI65K1eT)ga?N1N8oK2bZ=tc&{FvhZZl{&!%ZSkuY7daJIgL1_+RQZkwK=Z~D$Cw*-xyb<06ZMhdgSY)o^ z6|9nunGW}YhqQ37o-++9R>;2oB+7v`2(0&0mwt({o@(1+W-RngwQiS0qCDd&8!1YX z;p^%uoOET4Jj|c2Mvk+MEf2qX)|Afwlz+(YG`2I!YpV*6LbPocefl+9PR7!a!W|VA z@;ZhG+F*P*L-=~S@_rrY+cvm0M6?1u_XXxJj@Lw%s^kUu*ej6_1d%VSS;%2s3WDN&Bi z^7FJWso!O};|K3wQ9TQx)0TyHN>4yX2*a)gt@*fW>|f8%RgN6+VF@9d z^V6gB>>KJi0i`!dS^B0JC7jje;pn2}dZ#x-`KwRzRjJ4m7Uw(#A9RG|NPIIKyGcf} z{5Fr4lFBpWM%5TQ!^du9ihP) zxhK3k3D=S|DO^#@C6(E#cU$^3;%*^`(s+JfME-qxL>R3oM(59nsL z)eh*uIYyix&SmWh7l^QXvOX;RlP8P` z_34`3lM2eQvWFR-aO>VI8@glR-OLw^VF6@{uaBf%x>-D}r0AM4?2}+SaRX-S@px7; zLi*dv>pU_NJy!}-)xg}x$ZDH{qHF9E;yU^A=!x8SxcFEzo|K+eKuf?DTFudmjCi}e zb%P3J4!Jb;rUTKiHY#+g7ji><$U2fvXtjXs>F)-qIe$dC&1WL40@~bgc9WgB zPLC&E_2A?&qdi`SMdCMG#)=oe?P$N@s=Q2|(edZ`2>gk+BM1Gkh0)SmN!N7WrX;o&V0^&@Q7ll3jY$xROe2n*xaM zUkhujN~%i`=bn|-qx^)e==GU#`B-b`vyD-WwHV>1Lre*#^%)xt`S*Zdhf;*FIIyT& z4g(DMnaG9?oa@jf(i^FhWW2kOD&{oPa@&em;j9`?3e&b)=2vhUn#64bGj)9@s&S2F zu~>)IM|rf5${y0Y7Fb)Y(ocMRwn=04D*U<2h%J1GN<%j7vDPu!>h0_iOG6P5D5^7b zolquz(Z4&h-UJh*+qSS{%^ntQVx-b|o~1dX!Y9)KFz>{}00zepxLCkTxRuVg` z6^(}fz}pQPj?VKMc8bHvd~E+yY7N%2iZmCwVyZK|!8a;dlonQ_x-0ntr-^7umn!UAgG zLPyN)nVsmFe2t#toHb+Y9?eV*Y$N1FsD4Ll(~NQ$Pcj7=B+po2(zL6+(D-{HNm+I) zE0VSNSjAUc72g+olFu}peVY@HkUOt+t>*3^-H2@w%?s#aw$;ik4SS1Vq?7sX#P{73 zTr3vMrW(~Bx+%)N`4qD;nV-%GTOXNwhm+YEHyLnUAkXuWg?z0WNq?qbs1Jb(+{6CE zVW|L`f)MFLzj5yn+_TYlWoLYO3UNR3QE<>d^Oq|nI*^@F;ftmu?f!rJ(Dl_vw(TG^jedQ6cU)!w0o{nd6?gb)^uG?;>kpDX<3CtS#$V-G zwLhlVXlc>7jWChW&muB9Ucvb&V^o78Rvvkr^MD{?E;_30wXb2A%qaE7QcD(3?Qknv z>XZbZ5#CSomnz^G92>=fXHr+G(B$CSdFW&%!ev1UT~BVG^2nXx^0xS$Zg-0*>BxzZ z#!`ByItSBwd^&jJdKyA^iXpq=`M@7+$jtj@aQs$XM#cCyZ!MOc`R?-MC_qv zTRPoq&9Up3yV7^X7T=P@%J9yNaKzxpN_4b}3vsDg!LH7K9Ad;1FL?Dj1#3__l;!U0 zpt#~kqaHz&65^Q-#JZ|wK5nyEL$^HBC(I&3KR_D(M&Q;MP-K2DmU{8=|{f?H@= zW|AP^>+lC(N@JWZh&IB5=>LM_XDt(Vc=WVtFgOuu24O3-yfU1@BfK-}vIXZ32qh|b zuoZMZ(|I?g!V;nQVcqGG2Nep!azZ(mh&A9sPza;YSc;zt4Wf$d0vz&4>=jk;)VSXJ zGagw91&yO*r!}#Axj|UQ?A%X=kPC`Dv?c6@amA-V?$XfPOd3KJ&`d!~$p#PJgCL^^ z`|}PcxG`u>RL$Px4xWcV4B^10EEp9O)|l-%Qldg>f|J75_MUbmEDtoJBhlpXNFRt? z5nq>^T=9aSxtC+`AQ9;Tg@RKRrnRvNq2Q3yydOJZ0XN{GTKpQXDz+YIR#EN1N5LBb zxdo|mQcP4RI?!yDu;i-&uY;)Q%X!8d90~c_1>q}|J-dxu@n#Se3xhRD$To-yW+`(Nwk-sE3H5)`NI>2J&3csESX3wx z@U&vBGY}3-gyd&DfAoL~B@C#T-&y*l0iOkfQ^jVAa0OR`>v(*M%|ZbRE&!TK(1%wD z3$B8vy-ME4%GkY-`~-LWLr3;Er$)lFn+wDMwoOzAn&7>DWCP*HC=G0;n-1}E zzWb=w=eUJRVMP2=YGjd@fHhnSQquOUXWRg14o-&lT4m8}3xr(5SD+?GY_dxjTp!X* zyPqNX>`=!$kgnVsoiV!Xhzn_d5G4Y3Ih!6(8Gbu@vM6YR|5Qnc5P#5A`iwIcV8}r* zDrn#5)frH(H%Z4?*%B5Q==$ z@stkw01E~TQ@s5ul?X-;A_wEiTWsq=H2fz_4T<6j7~%5%3{4Ad+SZS9kF_B<{vqJP z=^+>jyi|a|T0SaXqV(}EAov{iuOxs@oUwo90tE4b-)3LmX1|<*3rmd^+tx!n1Cjs- zFds9kU}o^Ln1}Fgh^-cC;2P+p9a3CUn|OtjJXlbboR~zZwT&-&UJ7=k-fjRsl)4q=@+PLWHhCvEj#JWNFY4RFGgFmK4bk@Lov&9IiBFLqq7t04m-Xht6H<-w22u$4h^j zL0xv_hV(C#0YLx_540WVpDo?L6#Tz#1b5I>>c}1&cS#f!vui5T^QX< zqA0=4REp`F5XV?DU>V14C1Wp_!UYNn$L3mhLmXSkffZQO>bYD=q#x+lk;?1K331{E z30He`-t3Y*c;nxduWKNL9-%zK``eK~XdD2(14Wxwm<0(FWP0!=^Lx{6r<0X0GvSg?lfJaa*p z3_OI^Fg!!#GKWS6j5q#}H#QMk_(Xs#urrJtX+u9kJp_aEJ1~=7=KCZu9?}u4C@{Q{l_1&6OKpURqD(%z6nO;*w1#AP%#~b{@eUSn_Sf)d zlfQ3={Iz>;`EZG7&}%Y387@~j$R7;3Ud5n(8(L;(UT`_YGHwoNT%T^fKsW6!^zptF zxSI&_H9F54*DviZszn%Z;_)*o|I+3&b5>aQ(f$1N)U@cFo&HveAiwpO~3zrY%3l_{{B&-PzAOntuV zvNRwRLB^6eRH%7lHJ)O}kMRGkH(DN`(l_&)WsYcA{dQvje4?|nG$?ZS%^i*9`hT4t@Zb^1c1-NgE~DVTV584|ak}0+<-jLr{pw-9 z4yT93zYG2Qe1to@f`;T(w`Gcv$k>>aoWuWigw zwFY(Rz4DA?;rk|#QeK>%yg&WqT{Sl|Q1jIzYomVf!|6D0c8?L(B_JqW{Icv`r~h5# zm78~*JvZu>Zq>Og6zJwERoagU|J*;>tn@o_@jjUH%(}Q4gPFZ}1+2nGUjj=a@)o3^ z8dXlZToek}A0qJ)w_XLF^fRC~%B~yOBZyr`o47-uTb})9=kU(ej8|0AMFm>&SlpFcor465wdhBbfx9yCiO@9z`|7U9mzGm3YLKY3_x>eN~TkstU^8cRs zbvsGM)3NTorFyC1`|Ph7a;A%4)02jZlsl}ZoBY+IDeavWLC)sNgKZje^mUS933CAK zc|UE%PM5I1S9B0!K3t@=@QF@n{(bX#qIQ-{-*n)G*7it&TG*|pBr1mq;3u7i|Y zh9h_c_=wv<3~k<@!J=B99&Yb!_-<aWkGkx9|Fr|pO<|$UT4lSD5_a5Jd6R&ng{$3qo-(@$E+aal z&ePu->M}ukkbbSx!^a0Fn$hM}i>+Pr`Ei-$G)SV8zWC#K^}btznft;^{Z9_YM~1@@04?Wpec;{s z@aaS}!wsuc>7OijDr$c@ceC)$b;tBoKloh287sdz>XQI6%w+8CiljG*M_zc2$)n$;wmI~O&w zQG4dmn&IcTc$@dwf`dF~*(dwv(~N4nAGZcZJ}l>@uq6{`6W=cmSdSL31^`^Iu}+u- z_D=n~<~W6Oqs4(&sR`2bwsP!$-<+Hs^kqocGk=If<&J%vt~20Oe{%ej3xojnnZ68a zz~z8;6hyE{5mTX2@ZXr+_eIx!jL^^{dKH*G_HuN;>*lEt+D;YqQ?6X+(GMOZvX$-+ zC8V}$EE;a93pCEMLzFsoIX3^f*H+3|50&M zz}c~OC~n}4Qu~WCgZh2SM}!!xmHRRh{kTWl<^e~A$-3R-o9c{|h&1Lir-9$L#aTQ! zY<}M;Nut~gSxB^HXJK_pOBo=gU}d=GS(h0ngYR-YyUS{6@vRFiocXo)&HJaOSoqZL zFbY*C@!dBB(&|e_21`U(Sh-Io{*K+}t$Bk`JRaWBk*7o~kuu$MTa;Frezv%*F6;IU z<2=I9P#k;W{CT(emOTSJ1I{;v!NPv$ktH2VA12pA=#DT_aPs(&ZDW6@bLx#fS5dQ? z)#6}|$nf27Dt1XD0oAjUIM7f4xIq+E=B55@0f!IONy1EZpuDHu}Np(T)K!)9)ugK6ERnhD{e zK!B4e_=XfOvp8fnGhr}w0#Y)LoyN75jjh7e2dgww+Bx!aI14`*8Cqi3x#Sp@0E#nk z=*{oG$NR>p<=qK7finyH!Kox;=0ik8QLA?-wUp zc@FW6Nn9&GPWpWjgPtggg#mG)CTmecU;kkvT)ybda10GOjb(&A>RB5bqHLVsgDvjG z)b8$pjEG%E*w|8ABO3=%d3jMYas<8;jKa?V$eI4*_@WTAV^fI*V!e3X$K+vOQA;M3 zRxfV5z7V?+j&*iI%-r_t&TG|c`rXnEheoPqPgJlUEhxoIAo-q- ziHmr)ztBSbS;qY+=@5(7VTysvmD?gwk6k3uT!{2(|AVYuO9f0TqF1NXLRGwVssW8J z8|TJe@K#RjN&MSUzAKCze1lK){)!0L`5bJpcxcT=@QJHa-h@rG$H`J{*EzA#Z&%#S zfAr^0ZS5~rMs{Qe@gw@Y@%LGx9&Zosc}~47HE*ESBl~I(@}<*9sfVyA7nEp7+FDh% zzbSf*HeKbTA%DQP%|KO=11=h8H|I%Ea80l~A`B&p*^2+B-BZ~u*O6c0;$;lV`ucFy zfqiVM`b1)C861F~9*!SEqQbH7ps}l%96H(`Uo(^@(|+=*@MzZ8t$5hqu#J1QU{1%l z93S~6v7Y^|RlIc6lad$63_K6bS-!yBz^xkRjsAlM`G_Ua-%JvA!OOTFQwj3(jucWn zIV_mmw4&6|GRf;KJ>Abe{4K>aCF}wuR*-v@U;hqI1J<{!oejK369qb-T}0tF()@O|qGe zBYGB1W45gb=2qQpr{p3Z_)Gq3xvdr){i~g2$C5C^60hqQG0Caq@`vy|e@clU0|w0y z<)2FSv@Koz{VKP0>6!TDaO;2dWNns6z)A1O`jnP}oUmF>DVx{_ojBQS1$rTojLyM_ zDsSj^_VvW0mDb;Ga4Vkmlf)c4eE%CJ&Z{6)mT#im8Nw!$KY+#m$iCVG51-2F$L(gL z9HaM7fQL~nI3k_*dt%Tt>}@)7`WEHSGEq~9-)LA0 zmf&|`GV^?I8y8YcGlxCmi$YTH3- znKNKLlu~(()q;B522-G+9fPH9ti-5uub4MoDth!u*v}7=_*kK@*!0J)V)4(uNA0#Ov7Q_D1LVhlodoD-hJQ9`CyE*GsIBeFBY~A zE>{*cX9ypFkidC6aI}$1M6gK9sR6=Rr%t_h{0+3uX}EZ z4B$e4lxHngCQqg$3mL0GR57LAqlS4jDm=#O(d46N1t;hZ%3~l$kkF7|AVJwQ!U*+%bYLyvE}Lk%FEla za>M9VGXH^w)bdqNtk>7C%CtLnj}%znzF}$z}eEyTj@ij%_PmAUaFKIzP&(gweil_a2+b zT@Y3CoaL*nW=VaJllXV|I4lpgqJ{WDKx)}Vc9vz*v#!msnme#w=hJ5J7L(iXd*!;B z4ug++zPJVJ#KtHFqvk_JISTKh^%+#*3ZP(}iEs}aZiS0a6+f8WwSQNq<~YPiuQK%Y z^bC#P@GCA$FO#g5&ZO$$hKb@ToBoyda^7g#ZnkD{erj`dt!)yF$}{SiVlGNSG~wT4 z+qT-^!WVRZx&K|%j|$=#@rbHDY!O5n=MU#r(S+Q7=FJzGu4v+ecg2+CXkm*3CR=HQ zC|;^x>ug9B-qJAQ>7pC`$hDd3A~BOa;>Sdi#M6b^{LF{^$IXUoj@uxEe3RM!MV4je zr;xU_M8?Jz7MQBr602(Qc*0G7vG3XKgtAV1GtqO2pZpm`kz~HkQ-A#piP7K57s;1M zEZbLfC}h1@Iq>SIoCKY(iMp&h^C;|$alXKJJy+mhdcWrUp3kE*3x6>iA6?+|yrrM5 zeyPO1<(<^;i+nY){SubzfoOU(waRt)J|Q;Gz=?626=73iYr@ERe7ao1r=i z?$#Aur#H@Z%p2awsZgmEg0MxWYG?0>HJ=2g$bOM~+s~tRDGFOWW4`SseG1jws^E+} z4H(HoR@AN;$NPlRaEUid+HxL;{f)}Z2$eA+WwR(;bR}kJsOtS`!C{x zhdF~CKt6U4o@~HNm;)SgsIr*!^=3+1TRXx`6PS%%+q7!M**RHt=}97XZcZ_jmyiif zn8?ks;SMhr@SKvwatOo9in`-i%Q3hE*FE+Vp2eMd_~EHv?VO??dubvVL&HpC&sI2S z*|1h^KG|hIRJPTSy0jI5s6!dFZYXq6FwdrERECVI@Am5ah?<%aoMXjXA3rZ_!-|y} zICx*A&BVN*<@16ikN;v==IZUf)o@#to4PvB>y*)OA>0GAw7#vpaw$Y{?Ty?>)-0mO z^x87Q1R?aTMwG#XTERq(4;jC6sW3X(GHnrWQXNfaCp{Lmot?fCnGJcVukI3HJr z(f9|>89)8mnsu-pvC&j;qP@BYPKULT1fM!6E&7!)M!Q;E@wb7$(OWR+3BrQ}T>7#W z>a^Z-s8X*xBH_eOK?v@;SBv?>*d+I>Rrt&rZACiU@z+QEC<(cs5FHz!&#-1(ib}xEPUV4Lsm~~u_Mc{ALQew<4rU4p-$wTJ3O)wc;&~Fo z{ae_j5RUUhunhzkGYPqrWC8w1*dMm<=3Jpaq zqh}5!s4AfHTA>sSLZihIFz)dyE}s|cJqUR>Bw}2-Eck&3p-I~PFe%6yd?$E=K0*^) z6vFf=nVZ$HKS2cuo%+nYgyW#nr`7Sqd5>!b2;yJot006cmd+v^s44)c6Jm`w=cEBw z1Cxk8pBqE9(1E8%;cFd?WAnofc_LJKmD zKv0*06A=&tbASpmq6!h(R285^H)LvmZds!R;8XbT3l5nHjUW>A+nvX`EEvFdeI#A8 ziO6U$$s<_z`-C7N@Z|7;rdtEs1BC1=eg!bg5qbd$&%C6`0hJtSkLv}T z{HYO~c5B7GimG{c-+Hy$w$h^YIU?rPd?{~^+wte(r@w0d_QvJ`-9QhZb>flIU~i)E zuep$M#p43)UGAHMidws37&QQ1RR99(i69hwS!Gk46PN-5M9i~WSNZi-7$qGAp}IEz zlYLcx#lNd+@7HAhJs03dAt+*t4QT*{1SNyNc94i|ClI*S1nF$nP>Cq02x7iU-k%|n z1cF6hinLyd{r<7ibdq@?xBr6IK{1_fuD}aLe8Yw69|g~l6CVHZj8Xi_j0!FsTmEd% z;K+T~MyevPxkXg|VA6FV4U{=}ikn>5%f~CqGA)kXTmG)R;qc=YNP4tB!0zo@ZhwKV zFl8;dqg$fOo-XSDnS@E+EJeh8W9f(AO?=3-Ub*7|3Q!^Afg97to`94En?x z6=C<|O>fZo89%GORj{6H0h%2_Le&G|oKhrdQ%T55X#7ttAUr8DC;kz)R3(mtk!HUY zWT_Kmo7Q`jL+SovmR%(LcPcE39&bMRsSnC_WNke+8^sPkbk9cvkgiX-*{liFz%WR= zm4udgBe^UOHl}vsBa>2&&oU(JdcLc({UJ!J+g(|hZ4hmFHU267k zr9)C)Tdz-#*WN=2L2p|aah7*}x>REkzYP?jo^(F>^St_Ib&SF(9KcI&{VvW9de1*< z_Z}F?78DpG_^8k_K)-7_ts}VNO@NW)_?7=UGRW4T_=|al&q%qcWVc4lsBW{jcTFQFOfkb||na)gM}pyvFPtLeM{GLX7dK&ZoVd zAJ~AuYkc0z``j&G^COzsUzw(kxQNM)(HMZd^WYBamgzZ?oqWwu`#Qet^q=z+7EuFG zvc2?pdFiF0xqF_{+Sq%~RY4`%RHG9RJ1WSwGqvC9d8}S)Nwl zPCbwbPbs>cEoeW&Q|R`4cX2S4?T$FJ=cKa>sOOgYd;O2QpQ5&5RP_MJzByZK{cq8G zu$R_4LB%a`-3CB+>ZP-ye!MU%Boog3_I4=dcyB`p`~kw3Y+5mf(gza_ zDy(11<`m5AshZA@?Y*65kdM3BNC!@y$mJ5^t~zc9@!htL@gn(-jxqf@yVNi4GV|^k z@`IaZmgkdxWkBBP^}%lwFJ%Q9;9ubI&k9>X4wJQ_%CZ*GAj$eA02-~Y*RFIiEvTK{ zuvs7Hu|GG8sE44KGS9DZPs`iWWlzLLP;$m8sU{tUH|`@=bH5?ifoDv~^t@4-gNV|H;W!UaBS)yMm+{Wla#w;eXz{MBo8iOI zWPTMbILTDMiu41oZB=i*3;Ofs)14@{)k&%0s;;iVH*!uxbfz}I;+awYH-P+iOq|)p zjX{L6b~oEpOqYgcPgvmEpPH<;Re(JWt_WV+-U4<0ed|j(gL^|LOm1}cvfHjujg`-6 zCVVe!@lauJtDRv$aFrKN_Hc$WDgB)%*StQyOj!?3lNGbM=jsqJo+1bKpGV!wv(hdm z>>2zm8x9Tj=aaJTaC<6S*?gNlrVvSp@D;zmN~9&?Qv5LeoaAba7t+7uBO~FPGT!^S zH?brbHuf_|;YK6RaSM;bZ4^sE8CVNN3Np=uobercc61*zY@}-*_B* z5Jnr%%g>7a=!y1?EnsA@n_&d-DPZS2Y#y$A<&^TPluL*Ou>{l%XS@XEFwqgxy&IYs z3Q@k&`XeF7dLhm2E5V|QB9BgP6Bppy3n@KedVj!AqnALfCEG$6sD?}7G2&}GK|6ty z@y5V(IKe4Bqb_NdPUwr{?}j=9`m^vNzT75EOEAv!q+(sk8AI9EWUx}*Gkg*!{nSa) z@1eq<>o@7hQJmNZ+?uIh^v|kXm$Z3*lztw)Hj`Xt1k(72HEsP-yG)LV=WMI|YEMjl z5Xlu??fjz#f{=oXnl$9b7s7h79sAEnn^mztK@NBSBW4l8L*Tm3P#g8kb$NH&D*IRO zUlB^c%#K^ez3k1{saot4v3@;D5_+?MWuf<#670@Rt0J#VP@`+%U?!PiCtr%_M4U_>O^`4NrB(RbakphuROr+XEw zo2!mRH(Q>~V|6a`-O723`|H_iLJ6p?2%{uNe0bwptgTLyP#>lvh{=6Lm%{n z=jzg{XFl-wXsqAE20ilgAY0(+?CIALnhu$#g#HS7AITp-VZqbBUlNvkk9?Q@$S#~kC!1}-Is>Wf>3 z;Qev;v&0}R=yFm?*L@3H6u6ye5>j>dwo(=06Yy^lbIe+wLH-kOcXL`1@sDpZEEP=6 z;Gb(4O6m@4U9a>rGeyb}J0&lHKTu%7r;(YIVrTs-T8ffrTd<}OM5nz@tE-Krwv4&A zYrzKr(!#@29$&Yq8+D&H6mitOl1eA=6bw>lXq>*{DLdmeTEACc;*Z=uw2RRWnpP?A zMtcn6z_3EGgeTg$9c!ntWzL!Q<~hv>@b&PV!#_v!l3f*=+X(Mp{W_QTdAGX4_wD(q zA}w333{L8gV7ZOSmhBI<4S#T0L{un;>H$)+7?E6M;xj4K73mY6zo#AJW8#XXw_i!8 zFgVKbL>ycZ&l7UJ&@7D28rXEuHS*gNW--D;aOmP|RM9qCmhuU=#e%ba2Qdef5 z`CVVzS|M+MEDz+Dz5py1$y+UEY*0X{nPb-h2MS1@9ho?Va#rmL>E8cZL}T zS~jkKPaQod>07%Gt9{B?Y7q6?M-#YLi<5HB>8$RNBU!9+J_ywThkwR(FkowP#Y#-8 zU~536(5yQL^4nd3{-me15mw?nUg%C<>wX+|^?{Q%;UmsqD=0j4bmmu2uPi=_TK-!_w&5x{qlZ!&vmZHPt(Qv%{Av-W6e3n z9QS=s6Zi)30uzN*$Q2PRw3)uo2D@()5|5oTuL;03RzE*?H0$D@QlOUA}W6Y)X; zjW+of2@VuYhGRdm{eOP!t^04@8aTWtc`~GaSv7$JRB1Xd_I3!4v%NKP%cbPf)kJ9A zg9V0H0ZZa&>&(FKY|{|LV3~l=s2EorIm6s>?%PtNBo?x^)38M@U_Iyh8?luiu)lPI z=e^j`o+oi;VC1=X`*1cwqSxcn-0|-FyM^4y+<{Gap=}xP1ypx(wdEM-Z?u&M&2$J( z#uV0^>V0`K$xScn90Lws8$jzFoJ{_u>JYP)WH;O1BZZaW2+B+sX%t;^i+1Z~aG-Y}< zjeez)GrY6MhdbYEJdYZF_2=K?w|v%0Ppr?Y?nIj}=*Z}~+XLHyXs`i@*5-kYpMeH% zj*=H6ND@OBVUbvG{U;tp!oA*wBzHd5C8b}Sz;IQsBqx+cSo@c?+wGs+hI7DP|9WtWO=Z9|Ug7+Df5O|i z#d1xu?B-&W!W@DJbzb}N9fWrH#a{gt5U=*_Kj?fHGIYpL$kigY<=>txVO%qGeG&q( za7QnN?{CQURCx7&CK*r8+vYrzRK8Ufhg&4+DH}#3kWnNb=r#F8P5ku0G&V0+4W!OG z7PE9eK5!WSJfsXe1N2@NfLDmFO10F=Nte88TvK(9@g`SarQqqNpVP*~Nw9rfkov%G z7QkhU-Y;I8$mtsXZ2i_Fx74*3c#+^Z)|%}G#N^@Zt*CqlsSDU9QIauaZCw^R?e8x| zvd%oU$Hk_lDFQEpQtl<}5FtFA6uqP!V&u!sZ)q@wcQ5LgabW41Tl@8J8TXkN?B5RXDdxo17(W0A@f#)yiiyz3 z+c0bSV$W26I6c2S5KNfHok9Wrh+p}J*=+PZ@4KzlPYV6#`*T5D=-1-(FBh3!e?+Fvo&e+HS_5UOlWe|Jdbt}pw#!3Csot^bupszl$IXzuZxY-IgxM( z6cmK>>&|<;1#L4r5m(KLo*6s5x~n(jR#@nH7DPZ?uI`xD^s@36sZg|I13Chy*KBkg ztw-kG&#o4^q6>)Vh+zNygza|z&IaDjJ+5)#WPWq?tmbW>bpsil-PHjVMD*cnG<$?< z^S;CUt0RDY+UxX8RT1B+_euPHKG};CbW@&sO(;8V7HS7M)%lTp8(OA}5B#ZMm62Mf zrJ(e~eWODWb9pQ`dRB6OdHlx<^%C20JxztpNRd8Lfhd|Z+FSkiPo)yALkGqyEZ8vB zxtnmY!jlghzADs`@~}EptveOjsXr?#$(#i>F1#(f2$8wFIWpq1!k+J|R2w~*n*uE< z(K|(02#QAHcxobrX-2LS?IeOAUNNYmsa{d$Pj>HoQB`Km&=BSrO28)@R$(EF+dQ5n z#r5m1+;^vLRr_E zZV0V_(o2U!7?;<+VQk73`K(hkX^iI$Ttg zy3u#Le@8lgR?ny`M)a2gT^CcM=rdkv!E^}Tokr~&k6^5PAZeIX;|l}VBo17{gE-uT zSAFt3OZF6ewzAHGvV^1pK7RCT+d}=sDS=ami03tLFBna1+WRK*t%T?34fFj`4Rw?{ zTE%UbzG;qhBQy*&>A>FtAZrdY{)aBS z#Pk;!lIJ`D@*OMg<RoNi?B=dmD~6IBs!qO_X&s%l*O{6Eaw~Zy{DSL+Bzh>~?PkbXE(^WLDa~q^efhGC z3aj_=l%2-yp5j}qMDJ*=_%+k-$0Z*w_`B8#FlHNw&>3%ABivWfx}54O(s@ znY^VTHlLxp*0amiuQB$4jLN0MANm^OT6e8q zNY3h&$gb!D0j&2_crMFa=YJWe#@|}qAf5aLQ)Wgx={TRZsmBuo@{0y5v@q)imY0-6zBO-HMig7>Lvu&QoI&Z zgXk2fb4A$lzqo0M(j@J{ZDOeT<%EbiN%*Dw2tzHczq8A?$0Q!1TU z@l!(rGoES%^>A8ub>xJ5kLFtGon$GeDcA;ZUY54YzdAfsW+404js)9E-{hy=%(UvY zhCt1+54nbA`6N^|uLp8S!UvkG>BVlV#!=pUiTg6hqSg_SmWqY%PDKB$BkLav@X0G7 zx~&)V))}c&6PP94v~Q!7{S+~6pUT@-9R*sV+@q5UZW+_x6{=mJ%%1=L_IqE&N)pPk#Mp5iO#xov=&d9P7tPRdZmK{Q+cE`9uw zO?Y&(i&o^hdh*e#PQmOZ%oaZk$KXqNCDPw4;*$bD+l=r%d%8Xrnr0EYQ?XKTRI8sT zkZGAWAzgit=#mhfUU!ZKPeNgf9}AP)+d3PAjB4v~pSgX6jL??P{;YPzf}Zhnog4YM z8Ly{ru2Ow|(`4$CL|y$-V@%JB*iO+5Y9KOFFZanS%<7%9%D(>$5Lg< z#;`LC>lFFe3vm97LWQ50WL!(kav`3=dEipNGwwD$@;dI>)ffkl6AO%Vys}@^J zKPdr6ffz`tC3qY{vS$2BOv^Zl`!3t%o8*7QI!m_qJ0q}8BhdQZl#wekb-<4^%6)~! z$Q8-Jc&|LbBlg2`KxjEEAZlNVl6;B8pJXz2 z7ug~kp-~POc`Mof6=UN49e5&x0kl0NB)7CRQIEjVM);{OFFtPsUKNt9YxEfr!)HT8 zri-tUPVQ?Y2x-CY4Lg9#okhZ(^o!q?IlGAP;s zyT)v9d7wrFq~Y>1A*$m83egB?`4w(tEjKP*W&q;BWl)NV0e3W$b34=?5_45Age1v> zA!Q#_W@5(97FmG>m_oa+BX5npV&}0Yy?)Xo0=u`Uq-nyqbWj;R{WE;8oybXmUh;~% zFZ(-0fk@D4KOG&N2x&w%!(VC`xiT=KPi^X>A|=B~+X`HDH-E42Jzegnqox(z(?H_B zM=vNzo^8)XfkXNgNEauxy^Vsf+jbfA_kKjBYa6KM0l%)R5${+`dTT0zD)}B2 zmET@rJzE{Wnryk;3N#ah)AOz01vHwma+&A9zornnT}J);RyFnSd11#n*hlJo0m`g<^fUd-7qus*n2U^yKJan7n9t{!kPkfpy=vu>kU~>Yj3Jm#4~A zo~1o%7zck_h`KOW6Q~HOq12*-hj_mp_vb|Q*B(3wQUZNt{_%zrXrH`c529~~D8wPW zoq!O^sL9to5UW8tyCb^V%Jc>+!}?H6C1@@h(yWN8yymSLrgUHk)k;o5^Mj<&X1p`?Y!n$!0d0EzU-Khfz*QPR!q^ zK?D+a+W9l>rW+8N+2M9xVZz}FM61-3E4}5P44iu897+evdv=q=rEg@jLfPU&nIABmY~5+KKgl zuwocJOLjHc2{)vyhk?u&0;?-Q;vzkrnNWl+E?t*9 z8Hv$IAO(qF&O1Lp;yW8l2m5&kerr=cAdM9f{>i2(lyS=>;rGMky25*(16_U4#Mb(6(WB#h zwEMUnAn9?tdDxNPyrs$OIYINu=uncFyBX|;Z0~4D2uoA#v3S`mHjBTbZ2}^T!3>^a ze$U>@kmv?RsV|B6B3_^zXWQAqEQ#=zKgAruNurP93PSza!17|OI}kge7gd*|wTdn> zsy$j4?W)Z)I(w1%7rN;m?2r~dV9a6=t<1bz#|ZDOa(x{~;e7Z(2EaPJP>*&k*!gT|Ik)gBHK zZQ0Am*OQ~t<-aO$s;biNH&Jv}>5nHW@Um1(zsp5JzeB8 z8bGb@+f5ymi9v9Nq>xy5xzc@fwa$TR{LPLRB`JqwBwbc97!8F#PWH{?SkuH2 z$U^Ag9vU-sF7?)R*;pn%GaB{8=em9u{W$o$9wUOOA7;RPXQ9b`2Vt~&Nu#XtaWSLl zqfiO~UtZ_z?ZdU!JkPqUO!-gJ)(nAplC7gFqo4CW4XXJG(Y*ISGWXAPumx#Y>`9qP z88LP2Bu!Ee4-LaCVj@ZY18@5qJO*+vBj-tajEbb`g@w2*6f-Y==-eLtY(39Bj_;iP zqwGjnsTrM)V^umxq#cCp1f9#rJ8KWU!1uxOo?2Ab{>do1=f~*YemESAyNYA_c6gi= zf3YAuZ{*p{E9%h#4nl6aizd~(3f?vHDq|fP7Waonc|k@m z^xbn;-Uru5M;*LRLkVPut6#qqaq%Nk7uk|Ml*1;`ei`a2X+_4uzW&QUOY=3?z21*X z8E?)XU9Y&jSp2B4M6my)i7E+etmU`Pc0-@hSrKry_=)yap~lG zzG&m@6}58dn1&mLwRv7PvRhL@7m_cbyCbWYwP<((DBZ$>80)gxWI)$E_ zXQ@0qEtgn-ciH9vd;c0oys1f4`1QWm(&U!XW#7@fBTd60Z>yi#8cj@dqwO#XSVAl~ z*;WLEy+)BqH1h9?_*E@!V1cFjbNG=FHhkYq&^1Jih3AknzRLoGQL=l zBz<5wg;mJoWXN>Ft|!xP5_e%Oy)!eSxa~c)IXLf%#*Tuk!=^;zIhOab4(~r{!mN4X zym|6#wpAST&xcrJeoVL*?uc5rp7U5_W;X;5%yEJIr?4Z(m$(uo2VD5Wpr250^uvCR zZR&-jbF<$hWPn7+ByWX9ni|OwrfOXbq1U8zV|k5F{KD`Q-}h!t+8QFanHUK#h@C z%8jsvY}C#s$M#G#U>ZgSGbu<&+6mKAStyW_=sDUINeE*4Rr@iU7cg;&+a0RSo{nng zxNd%Dm`RDI^O+rL=I2MKg=IY`H`>`ALyk&Qlw~q8T5AYw#Hc-omcQoJ;^n3 z6^vgC;HSzBu8$ z#&@2Fb>HK8Ru&AwbgwO^HS?}X2c|+rtHo0cP@W&ROTh6@o72@pH8uXhrL>~y_|zrF z?)bUx$GFJ2OR_*rmKSV?kZ>I-h_v2B@XJ4%OCcZ@~$`aM{v zsJP5@nW=ZZFYe+leL-v+=F2jzqQu)ftPID+5p1A63LU-ANYX;o7eN(#asP<^HnHjx!REwMO-MH(bdUVNx6U~Kw{fEi3-_G<8+fIV>z!#^h}vB zKk65yUcZg{9RhZSh5bs_p5t03O=vxB6BvRwjdhLEz4EcI2oCG&n1|J1{uNJw zYK~W~b`sWfW*M)TGr6>7Ixq>MwXV*nQ;Q%6c3_C&C zKjc$b?dTobug8X?|Kem|IVt#E{w!gpzE9%of7|RqJQ*uI+upGgI8MWi?!2YEIS_4# z8;JRvFxN2`3o3IKa&E6GlJrJL*cn)@fZ(afixD@o70}#YSXGV3$)*oTRg`m}+Kh`K z_8`e-ET?CrBh*iKd-}79I%96CtqTB&!j%(=C1`^uHi%5U67%nmuH|!Lp}JO;0HgNt&CjAxVXe!(P>mw0Ak}6Fs!e zJ$76?3DctbpTFshO~`0iiIl1*p4;-tAtCr?tUZ0fZ79e-QcEZTw(654nhWe&RJR9%!Zhq^a-dNj)P(Z7L#|(DW9Ff7K0Wp1$~`kmOR?Ybj~0j zr_hw_3}nmuEdw0GREF+YJ7JXX+Wo$3{gFpK(>I+URa=4n9^D#E9RCw_s?qlf!7Lab z^&_fLx4XJ)Gw#bM6fw!+P}R(5xN>B-S~pNP2_+J??@9}WmX?WZZ*blc@)mkdNi4ds zA%}8(NV}edOV|3+^q!XK^CL>qdpTJK_Ga9&R0K~t!oG2A2kIWnrpp$tsLgTg*60S@ zMOV8k(^I8H*4Smg%H`h@#Mxr!(9bNEb>S>b+EwVAP{0)$kkso5!tkVH*GJz+S@ff4 zKM-?rHGs*?_!qFpCcUagTj>-+;}S@mPR>%iO^M>&8Aub|3?t-P$m+`)>&HM%vPhL) zgN?z<>u&lfpf@1m{R4sh4~U)gHB8nr{ZxyXsjZ)9ZZ7hd2z_}c;$|mqZ$;)T^U-uw z{0k)+&T5eiZwefp!2B|8JX?^t8Nae{;D(i*lP|`0dX}}Mfl2H6T*ZTP>Xf#Va`aeD zn9kWBt-U@cMSE8f(7^Eow8>g`N!_e(Xy@8hI$~F+V@Tsxu9qpG?JJu--9RgAV%_%f znzER6xVcJa>S5Q?aYZM1Sh8D^bXw7X2aY*#yHC3mXqka-n7PLkygGNM)jMx=gY~?Z z(88eSF}Ia=oUwPcqpyMeHMWUd7Bso4GA@!mvh{S=`wEmkLk%6XZfTUGjBYDC*&=r- z=iQYe>bI&$xjx^x_CE4gsoJf=O=1Ha3;!U-t*N)3Y+F;MjD^3X*oX!1$>_)!)aK0e z${O1Bb9%Wj$<|$%p1FhI*bx~vyB7W$>j6YSe z|5oGrXH7Lh6uRQ`n?JsiT!rWSiADKG?tc(=YlCuAP`X>g>=Z37rR?SEUKk*e2JZ>X5M3)My_$ zqz!x*f|M~v5M>!6*JDonVK}&_9_Olk=)X3_eW;+CKl#nD3+30`GTW_G$AYwhIz;Bu zf8jyFIQYF5lK&SGx(=aG@WdRP!`DUB%^u9!FS41CA#Dh4PJJbL6FOyv$xy3|aTCU- zs9u?l6@M5uR_eWI9dOwGISq~rVQ+ri5^^Fh`deCzi55Cgj2>Zp37r-(E0as%QUCLr z|NnZ;zGp)d)phy;3*K~RPt`NO?f;LFM%^^eIhi0wsN0Ko`hC-#(m&E;i8llplc!ecAAvUNq=U&W9Ng53Qpc|V9 zoEY4Aqznd&HHPEaR20jd|S7b~mw)7@*QafF!)NY4^9z6)!Kr9fVO{OU0vl)rQ zU@TXM4Q(JaOq0hNqk_Ip%EoHQYqQGj+vow z6xf?)^z?^HrZ^VqzZ&5yVEp9m&r=t_)$z)q0EgTj3|}CWC`n2A>f~rjZEtUL^a94$$mxzAbm5jGhc5EAI04Bl43acy+xyvp?{de0*G>9~*k#e31J?;X0rE*Kp*1 z2^ci5-6$<4xPJs*l$p$HPZlWuJvvan2k+F3`rSAylndau1}hi$kb8Qdoc3u!5viX7 z>SrI7je@eII@BqA|7Qwvy&A5&yURR8t`|Vt%Gc3a70}SJxG0!Vx`U+Oq>wT>l>5&q zBV`+C!*DmY6*LWN6}mq>LiJu6$_|$$UE8R|aOI(#4=+=9l7&DP%4z4BP_io>JxE{P z!gINwhUk$&AMv0}#^i_x15~F4R*)W+ZUbc|eR%ygUyF^A>wlX)v`rq`Mm=w4j5DL2pZA}&M#|^lS=TN2WRUh~gI#8%HJc-C zaE0-i8F(Tef`)+?b4AjXBRZG_8Rw7C=B6)u=jhO}NICBLY}Up4!W~SSacI-Nj+k&! zG9?&_6c|Vm{wxf?!DEVyfluYiWpRJ_Pm{KfD9J|~Q9oojlwmmRoRNz0?0)(>!WHP} z74!xfZB-9E_)l;qnhV2&5oesR|8mDuxMTT|2lBj4J*dv8^ld$2HI~ro-kI6&$Vhm@ zNSwKS3r0pl6|VDL`s#&@vBg)3$V2ZTR)hZ95U~hu_@)fj89pPHG6KCc8+u!f zlsnzu<4#*T^VxL!ITCKi?tOo8fv$yo@DsJsd__*cL4a zu^Jn&n&CmRWyDfeVWfxq2sx2*KD0r%2j?YXHThsQx+51}{$VxjU^R(i3dk_oz%UI@ zFfYqMnFTCb_FU&Q(wD!d4d^2Wv_Xr*@f`BD)!=Q%d!}0ecu)iVhLLv`D9+Zj2zAb06oIz*tBq`k7O0R!>x6Rbi@V;uy5K7BRQxE zjSQgOX~VvK2J)V7(8Zdt%5B8CK;lfBj zK#-xHC^GhR>iCb}a)8y^@%`};QxYtW2LV>;1rF}GUWo;B#e(l&6@UfUG5mQCnQpnm z!y-GqY)(iTlhglEKUUe!A9KYB)o{_%Y*h6D;fOiI-q(e2AMrQ=51l;mg4Z4NzNo&! z^);Hd`vN2m*%q8~Xz1DSyD6PYjtl6eScA5s%zYO=ye)mC_UgIk(HLiv6`7rC%JXM2 z>-azSqLS!o6w^g+)8!>OkV)2^hcDr3VwyS@9VK34V~MZ%*9oyodOGw=tW)8VUd_r5 zOJY3a3}cqmuUV!tV2%CyMe7EJEqoedixjtiGfTQ|rbmQgp#Olu{o)e*`|qWETo@{L zyq0c)l>nn6G;;H$d>s*7qV-Hu{(HSLse~GT5o&p1$keeHK_52sH`WR5Es-~2E&m6HI~28;>A!WfVs_vR*rQF9Hja%aji^7xLM+N z8wY8Tq0gp?dr%I^-+ovkOkhGod<61!O7QsT$LSVWWAKo&9`^UU;I&LCFj8Y!%4;?>j?Bb^@cMyX|j@Z~f#bu=Q zDulD&dJByu;M~&y;VD8exXj75ufS5|}*mVe%}N*EefT6m@wcewniU-F2Cyc!9hozc1Ha z7@cVPa33xAf>IyHr4P@#EmadiQIUIX91;XB*gW^=%un2S>Q21%QTr*J4RKoTB;YGmdGO>Ni3#|<)66buvY8)DSY zj@AMuKbQ@wt0v#PrmN92G?vJ51=U|@Y%Cu^a|sgD(bIsH2ULdV^gh4|xGG2zxnHXm zy^!yyO^4NMI^ZZE2vA&Y7LKi~h0*~`LN2ZIYYG;ha~h2S6M+?c zFz{qy&Ip!{HDw~b1ut`*wy-|6@ddlG#wR?z4aIYe;wU^ETmllmCso&71!eiB?^l*r zl1(hR9!v+#1317zV)5M_sK9cT`X&Y$e3C3UKke|ElwcyzDBb(2-++9=l*OF&XV zES-I0$^EibJUc%Twa5)!m--9U&`&qV@L)+gm=o<+MNH+HSfCNVQm?*yiUT{kuNs#J zqTzrwoCx`AmMh3fg%^1xjXZ#rIM<`V@BDK*^=tIQ^|A6^IACnbkQ`BJ9OHG}^xBAP ztHDx$)q@yTA4+g$IAVlxFs{RTBHMS6Diau7(|SL=JUE%};Wsah8}E&(E5@vh7+jjj z6xtG9#xGUW3Ey&IXxL0)T^sxmZ{X1*S6}f`i9}pi$TjH;WydqW36tQF^awdpV$E>FgN~@{4#?WlV4yuo zrfUd3iL(V$-JD~s{!uhkwfGngg6-lwck!FuM}2Xf{0 zD9@$5Fj{;PvP2yJpx_kYa~Rjb)S8a5Ob+nOZo!i62b;dbFBYv5UR9YMUE`s zR^p4|$}u^^SPp+quw)p)MMEQ>R+5#{L1!gRgw}~zhx;S`JU9kvFvH8HwqGX=&V@f@ zg_#cv!>2OmpXkRzDhflks@Lg57Od{GNt!62ApMuauLbL5n&!eqye1v^LthL3Y64tw zXy}w83r6a9zGhyBCksnnaAzDVnCuiCOn-m-uMar?v_a>;W3eWr{>nG}CRk}OQ^=Zk zL_w?mpZ3sHvUN_B9eR~eY{5m4sRukZ~Gih{_IL-JnXg+ zN_Oh@4{FozLMMaJWSaTSWAko2S=LA^S0O<8%oQhz&A$Mp*TMXInHPi~wO_QH$dBEv zS>_ypGi$&39j-m`z6uWAE99(7Ky2JP^}1XGUUKb&txdbtkF770M0u(;u6(yT}Hxo4cgV^F)6~L)ygLU*U7vXwhr;ox>r7w&21?E*(hEYc!y+D%m0b1>0Ku+s=g5QSzXU_zXkW_>tb zF+O{x!d;^qck?k#u-ESq^KC$Qdv6f`_~a5JOHcYRpKM7Z@}{8>=NHk z@Yt-!m8~o0CD*-2D94dyi_fotD}5NJP2HgeHsb`&AX2_*TIQq zqG4KP0+zk96|uQCddXfcLj{K0J@0RCm)4%B-HAQxzm}l=wyclpbc-ZbEV1DRhBm&)d0wD8fw}oQMuQijc?2$ z8p|5uhq4oVRMo!|0r-0xIsFwhLarsup0-MyYE>B9Ns-E5co*_}98ONjGd`BS;fmLa?T4~<#KU!B2L0P2qVQ)2;f{TM| z{qRvd;r7yH&E+g~yY|H%siJtGw~*=*-~6dL#BKPT@St9B;$r^?--UxOkNrq9_Bz0G zL*zdW0rsnmO4j~Z-NltuXx7kshobXMd`<2CguC{9ieE<1(!J=Guz6=k;!B_2_-)or zwm^^<0B?=pVYsiPDs~z%$v2eEf!*O^dIUi;kIV>3pu9o+LEJE5_HtcuU)s+>|T@K ziT$$h+_9-G3iQ;s8{(XNKTOac)*A!|Y3TQME&WXPSk9eFld!M6-<`swW5KIb<)?jI zvTV}OxOW+~$n%@#4LG%02T@TAch}M*#4GHgp1n8iAv7Rj&rJoI(5$#hVw#3^dI_To*YtD_5?^>9s+b&3wy0){Eg1$%JqoQLeKsbxPf0y! zxIpYXL0wjLx3EF<{KN5Q97|`m3bA$0KR%S=>{&A5VJ6|c>0Gc>a|^PxY+$h<5|#DS^M+A6&s><`ZV@r5564MF|Yf-GhJAB@wI=mk_>61-47{%T^i)$6O{~Yd!j{F_T4g__~9V zrJ6&1%*pMIx}|cJ?%-yoOYrWHb2UWZ6L=Wv5I7o4mtgJ(lL{t0;^1v%@a$ z_15f-7v0`Y^g-&kmB&iDMxTtoA|jdpIAEzY?!L?6unJ4tcc)L{@*8?f<9Yut_LD)w z(0P-p^lf~|*i4_`%MFkG!%Jncv6T!)9)VOvFKWqyCY3IucKLVKL}Qn(iacDJJUeyC z9X}`G5>oz2(}V1@mlDrzd)J^8Q+J3|b@xzned)OK53i&CT+y?=zT^vmxYbMr)(fL6 zg=3jw^@>znD|+F*UwBb5PUab|u8I%2+)zX$xM$|?wPvjHhRcf&&q!Zh^_^;2)9I`x#Qk8nP5?fy*lo39*JV#nGmT6)pkkIotyPf4+& zsX8b#!ybtRO1zbaaWo!V75VK`+Lmyz-rt zkbuI9-^+X(s6`f2LpIupXWbz`ljE}~U+*`&=&5o}Gr#_5CW`V88KB616Hq2%xH43G z`n0^kZ{lltAD8o_m0Q}a_b(;zRj4wor}~VHWzEqjRd?A}r%}cahsdlU`HZeTcSr#3(h0`oFlyT=q1<&Spi#uzu+*th zrfeZKLr_1tyCAV&_+V;E36&k2&9gM>TPuFzw0W_sX^nTs;&yd>ipDo2I<2pI=E?43 z6lwG*=^&;oVDB>byP8g}o8n(lStS`J+L_9)>!gP?=qyw&p%#A!nYF%J+w5*NC|jur zoCz5p&`jpdbg|d2-bv9gr~rhg>`|J_OLD57puma(sqBaVF_jXr0o1QAh4-9{{(KdF zYTof$gcx}K@G?5Fk*yBN_tR2@J?t|exWMW9AgU&r+1{%x4= zIpB^^y<0AMYZ@VTQ+M@!h*6^&WBmKtFYJLqvmLBTLGK{SlApP}Q{6PR%kF6JiO^_M zXl?P5PK-z2D7z{?a1wu`XV)zy z24%NXg!k{#?5w}E>#Lb`*y*TGOliX24C^qx)f(ISy^~)IgYQ@vplS zqVj0}BnnA|iX@*k_!*Tg&0g8-dHq`)-Sb!$7 z0g{SjyXE$u3n$nB#6M?rn#E(?w~tyB@!u3a`Ym+FlPj+?YRKiHMYm8(6`nfdVXoue z6aLRZRHu4{fy|y<76(Q?Zx#}9-S%aF?pRxtH~EL#5e{K^KzzOZ{#mK->2^WHxsw6= z)~|VmHJtmgqO`c9+W7ELot9S}n<+fqeU(@u^C}yQt9(WkcQU`=TNl2Qn{f-0og_?6 zRb|Z9yW`qjmsPJexpKYH-*3jHXg8{eu%q&Z6Jf{R{PT(pnT|@SUG;v-9dc1a@AP^( zV~f)EF|A%B39Hk}g4XWO)HIxX?w6_s*(kpF{wXcQx;LEz;z&1TQ&7`VK?PLn z=COieD>13Rftmeqry>9G!dB+hjw9M#OW|g!tJ&^9ndb(nLY8Qg_BsP6Zg=mCqfEIU z?Jdc^h&ReuiO<=4Yw0=iLw={YNbX4$^QV{9`1fklT_`&RdEQu?B+Y&5L&e=rPT(Iv zWj*yNkM3!&>M2ubpm2U!dtYy(VzF?BupRq-jebhLplUV^LrD#M6)-SQEeiLVtwcH$ z8)s%NsSse!@b0*dWIgh&!V&W1ce*#t?4e_2c_!GaFulxTHNJbj;P*_asp?dYRaVdk zfoXd<8>N1f%FsI1JBxW;ox;}X`bqiEBwDVS!N)IhwI*vdM`^SAK3_t)Zc{NgO4jki zrjR+&Lm|9jHqD7mlfH{N*ywk$Ty^sP*e@P~^h?>e#CwH0E4Xi9Emf!sc3hJLVy2l) zAVjY3ZPC1dAr9fL2TWjg5H?LIXXj9$m%>2X?nf+>73o1F_0*lC^Y6##LcCj4ay=#h z&d&44WvpnsXaFI0S?`r)*}BK@j2|cIZdm#7Slw}kmpiIZ<2@N_VvIMicgywo+(YIm zKX_~qHy_SjXh?z6OA#_VeYnZ_EQbL-4<37`G-w6|akJ~7W}u%>COkuhR^}ew0W8~_ zsUe~De{Y5VPuKo0erx{I)0JV#A(WH{ylgEl^Vpv63hItT9Z;twT_mvDjEK)l# z&MBuO4hHl}?3(e93U9o(636AV>0zlXvDKA1%~O`^l5e(yOyUJF%xj6DUiD}C2+0F+ p!9JAk1k*PpN%_~+|ATHj@b-(xig(X!mO_JnN^ Date: Tue, 2 May 2023 21:18:37 +0100 Subject: [PATCH 122/870] all forms considered+ more unicode normalize sink --- .../dataflow/UnicodeBypassValidationQuery.qll | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/python/ql/lib/semmle/python/security/dataflow/UnicodeBypassValidationQuery.qll b/python/ql/lib/semmle/python/security/dataflow/UnicodeBypassValidationQuery.qll index 504fd49e6f1..b15e8829345 100644 --- a/python/ql/lib/semmle/python/security/dataflow/UnicodeBypassValidationQuery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/UnicodeBypassValidationQuery.qll @@ -54,9 +54,20 @@ class Configuration extends TaintTracking::Configuration { override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) { exists(API::CallNode cn | cn = API::moduleImport("unicodedata").getMember("normalize").getACall() and - cn.getArg(0).asExpr().(Str).getS() = ["NFC", "NFKC"] and - sink = cn.getArg(1) and - state instanceof PostValidation - ) + sink = cn.getArg(1) + or + cn = API::moduleImport("unidecode").getMember("unidecode").getACall() and + sink = cn.getArg(0) + or + cn = API::moduleImport("pyunormalize").getMember(["NFC", "NFD", "NFKC", "NFKD"]).getACall() and + sink = cn.getArg(0) + or + cn = API::moduleImport("pyunormalize").getMember(["normalize"]).getACall() and + sink = cn.getArg(1) + or + cn = API::moduleImport("textnorm").getMember(["normalize_unicode"]).getACall() and + sink = cn.getArg(0) + ) and + state instanceof PostValidation } } From 22f5b7a18b42e7559f1576974bbca14efbaea697 Mon Sep 17 00:00:00 2001 From: tyage Date: Wed, 3 May 2023 13:19:59 +0900 Subject: [PATCH 123/870] JS: check scoped package and normal package --- javascript/ql/lib/semmle/javascript/NPM.qll | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/NPM.qll b/javascript/ql/lib/semmle/javascript/NPM.qll index 36297be4d23..f15330fc5ee 100644 --- a/javascript/ql/lib/semmle/javascript/NPM.qll +++ b/javascript/ql/lib/semmle/javascript/NPM.qll @@ -19,14 +19,20 @@ class PackageJson extends JsonObject { string getPackageName() { result = this.getPropStringValue("name") or - exists(PackageJson parentPkg, Container currentDir, Container parentDir | + exists(PackageJson parentPkg, Container currentDir, Container parentDir, string parentPkgName | currentDir = this.getJsonFile().getParentContainer() and parentDir = parentPkg.getJsonFile().getParentContainer() and - parentDir.getParentContainer+().getBaseName() = "node_modules" and + parentPkgName = parentPkg.getPropStringValue("name") and + ( + parentDir.getParentContainer().getBaseName() = "node_modules" + or + // Scoped package is located in node_modules/@scope/pkgname + parentDir.getParentContainer().getParentContainer().getBaseName() = "node_modules" and + exists(parentPkgName.indexOf("/")) + ) and parentDir.getAChildContainer+() = currentDir and result = - parentPkg.getPropStringValue("name") + - currentDir.getAbsolutePath().suffix(parentDir.getAbsolutePath().length()) + parentPkgName + currentDir.getAbsolutePath().suffix(parentDir.getAbsolutePath().length()) ) } From bdcda7ffe658291ad97e74560e4475071db74ea8 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 3 May 2023 10:22:40 +0200 Subject: [PATCH 124/870] JS: Move change note to right location --- .../ql/src/change-notes/2023-05-02-github-actions-sources.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {ruby => javascript}/ql/src/change-notes/2023-05-02-github-actions-sources.md (100%) diff --git a/ruby/ql/src/change-notes/2023-05-02-github-actions-sources.md b/javascript/ql/src/change-notes/2023-05-02-github-actions-sources.md similarity index 100% rename from ruby/ql/src/change-notes/2023-05-02-github-actions-sources.md rename to javascript/ql/src/change-notes/2023-05-02-github-actions-sources.md From 09f32961345ee95acd2268020aa407863e20f943 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 3 May 2023 10:27:46 +0200 Subject: [PATCH 125/870] export related locations using notation --- .../AutomodelEndpointCharacteristics.qll | 31 +++++++++-------- .../Telemetry/AutomodelExtractCandidates.ql | 17 ++++++---- .../AutomodelExtractNegativeExamples.ql | 5 ++- .../AutomodelExtractPositiveExamples.ql | 5 ++- .../AutomodelSharedCharacteristics.qll | 34 +++++++++++++++---- 5 files changed, 62 insertions(+), 30 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll b/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll index 69ebca646df..c091a763dee 100644 --- a/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll @@ -3,6 +3,7 @@ */ private import java +private import semmle.code.Location as Location private import semmle.code.java.dataflow.DataFlow private import semmle.code.java.dataflow.TaintTracking private import semmle.code.java.security.PathCreation @@ -23,10 +24,12 @@ module CandidatesImpl implements SharedCharacteristics::CandidateSig { class NegativeEndpointType = AutomodelEndpointTypes::NegativeSinkType; + class RelatedLocation = Location::Top; + // Sanitizers are currently not modeled in MaD. TODO: check if this has large negative impact. predicate isSanitizer(Endpoint e, EndpointType t) { none() } - string getLocationString(Endpoint e) { result = e.getLocation().toString() } + RelatedLocation toRelatedLocation(Endpoint e) { result = e.asParameter() } predicate isKnownLabel(string label, string humanReadableLabel, EndpointType type) { label = "read-file" and @@ -87,11 +90,9 @@ module CandidatesImpl implements SharedCharacteristics::CandidateSig { predicate hasMetadata(Endpoint e, string metadata) { exists( string package, string type, boolean subtypes, string name, string signature, string ext, - int input, string provenance, boolean isPublic, boolean isFinal, boolean isStatic, - string callableJavaDoc + int input, boolean isPublic, boolean isFinal, boolean isStatic | - hasMetadata(e, package, type, name, signature, input, isFinal, isStatic, isPublic, - callableJavaDoc) and + hasMetadata(e, package, type, name, signature, input, isFinal, isStatic, isPublic) and (if isFinal = true or isStatic = true then subtypes = false else subtypes = true) and ext = "" and /* @@ -100,7 +101,6 @@ module CandidatesImpl implements SharedCharacteristics::CandidateSig { * a certain annotation. */ - provenance = "ai-generated" and metadata = "{" // + "'Package': '" + package // @@ -109,14 +109,18 @@ module CandidatesImpl implements SharedCharacteristics::CandidateSig { + ", 'Name': '" + name // + ", 'ParamName': '" + e.toString() // + "', 'Signature': '" + signature // - + "', 'Ext': '" + ext // + "', 'Argument index': " + input // - + ", 'Provenance': '" + provenance // - + "', 'Is public': " + isPublic // - + "', 'Callable JavaDoc': '" + callableJavaDoc.replaceAll("'", "\"") // + "'}" // TODO: Why are the curly braces added twice? ) } + + RelatedLocation getRelatedLocation(Endpoint e, string name) { + name = "Callable-JavaDoc" and + result = e.getEnclosingCallable().(Documentable).getJavadoc() + or + name = "Class-JavaDoc" and +result = e.getEnclosingCallable().getDeclaringType().(Documentable).getJavadoc() + } } module CharacteristicsImpl = SharedCharacteristics::SharedCharacteristics; @@ -136,7 +140,7 @@ class Endpoint = CandidatesImpl::Endpoint; */ predicate hasMetadata( Endpoint n, string package, string type, string name, string signature, int input, - boolean isFinal, boolean isStatic, boolean isPublic, string callableJavaDoc + boolean isFinal, boolean isStatic, boolean isPublic ) { exists(Callable callable | n.asParameter() = callable.getParameter(input) and @@ -154,10 +158,7 @@ predicate hasMetadata( ) and name = callable.getSourceDeclaration().getName() and signature = ExternalFlow::paramsString(callable) and // TODO: Why are brackets being escaped (`\[\]` vs `[]`)? - (if callable.isPublic() then isPublic = true else isPublic = false) and - if exists(callable.(Documentable).getJavadoc()) - then callableJavaDoc = callable.(Documentable).getJavadoc().toString() - else callableJavaDoc = "" + (if callable.isPublic() then isPublic = true else isPublic = false) ) } diff --git a/java/ql/src/Telemetry/AutomodelExtractCandidates.ql b/java/ql/src/Telemetry/AutomodelExtractCandidates.ql index ad900c0823b..35f3ac78d90 100644 --- a/java/ql/src/Telemetry/AutomodelExtractCandidates.ql +++ b/java/ql/src/Telemetry/AutomodelExtractCandidates.ql @@ -14,26 +14,29 @@ import AutomodelEndpointCharacteristics -from Endpoint sinkCandidate, string message +from Endpoint endpoint, string message where not exists(CharacteristicsImpl::UninterestingToModelCharacteristic u | - u.appliesToEndpoint(sinkCandidate) + u.appliesToEndpoint(endpoint) ) and // If a node is already a known sink for any of our existing ATM queries and is already modeled as a MaD sink, we // don't include it as a candidate. Otherwise, we might include it as a candidate for query A, but the model will // label it as a sink for one of the sink types of query B, for which it's already a known sink. This would result in // overlap between our detected sinks and the pre-existing modeling. We assume that, if a sink has already been // modeled in a MaD model, then it doesn't belong to any additional sink types, and we don't need to reexamine it. - not CharacteristicsImpl::isSink(sinkCandidate, _) and + not CharacteristicsImpl::isSink(endpoint, _) and // The message is the concatenation of all sink types for which this endpoint is known neither to be a sink nor to be // a non-sink, and we surface only endpoints that have at least one such sink type. message = strictconcat(AutomodelEndpointTypes::SinkType sinkType | - not CharacteristicsImpl::isKnownSink(sinkCandidate, sinkType) and - CharacteristicsImpl::isSinkCandidate(sinkCandidate, sinkType) + not CharacteristicsImpl::isKnownSink(endpoint, sinkType) and + CharacteristicsImpl::isSinkCandidate(endpoint, sinkType) | sinkType + ", " ) + "\n" + // Extract the needed metadata for this endpoint. - any(string metadata | CharacteristicsImpl::hasMetadata(sinkCandidate, metadata)) -select sinkCandidate, message + any(string metadata | CharacteristicsImpl::hasMetadata(endpoint, metadata)) +select endpoint, message + "\nrelated locations: $@, $@", // + CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, "Callable-JavaDoc"), + "Callable-JavaDoc", // + CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, "Class-JavaDoc"), "Class-JavaDoc" // diff --git a/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql b/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql index 3dad8a28b0a..1d6e615ed55 100644 --- a/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql +++ b/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql @@ -33,4 +33,7 @@ where characteristic + "\n" + // Extract the needed metadata for this endpoint. any(string metadata | CharacteristicsImpl::hasMetadata(endpoint, metadata)) -select endpoint, message +select endpoint, message + "\nrelated locations: $@, $@", + CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, "Callable-JavaDoc"), + "Callable-JavaDoc", // + CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, "Class-JavaDoc"), "Class-JavaDoc" // diff --git a/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql b/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql index dfc06b80a25..2175b3133cb 100644 --- a/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql +++ b/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql @@ -33,4 +33,7 @@ where message = "Error: There are erroneous endpoints! Please check whether there's a codex-generated data extension file in `java/ql/lib/ext`." ) -select sink, message +select sink, message + "\nrelated locations: $@, $@", + CharacteristicsImpl::getRelatedLocationOrCandidate(sink, "Callable-JavaDoc"), + "Callable-JavaDoc", // + CharacteristicsImpl::getRelatedLocationOrCandidate(sink, "Class-JavaDoc"), "Class-JavaDoc" // diff --git a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll index d0d05563105..12d8ab21470 100644 --- a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll @@ -12,8 +12,20 @@ float mediumConfidence() { result = 0.6 } * "not any of the other known endpoint types". */ signature module CandidateSig { + /** + * An endpoint is a potential candidate for modelling. This will typically be bound to the language's + * DataFlow node class, or a subtype thereof. + */ class Endpoint; + /** + * A related location for an endpoint. This will typically be bound to the supertype of all AST nodes. + */ + class RelatedLocation; + + /** + * A class label for an endpoint. + */ class EndpointType; /** @@ -21,8 +33,7 @@ signature module CandidateSig { */ class NegativeEndpointType extends EndpointType; - /** Gets the string representing the file+range of the endpoint. */ - string getLocationString(Endpoint e); + RelatedLocation toRelatedLocation(Endpoint e); /** * Defines what labels are known, and what endpoint type they correspond to. @@ -56,6 +67,8 @@ signature module CandidateSig { * The meta data will be passed on to the machine learning code by the extraction queries. */ predicate hasMetadata(Endpoint e, string metadata); + + RelatedLocation getRelatedLocation(Endpoint e, string name); } /** @@ -67,9 +80,9 @@ signature module CandidateSig { * implementations of endpoint characteristics exported by this module. */ module SharedCharacteristics { - predicate isSink(Candidate::Endpoint e, string label) { Candidate::isSink(e, label) } + predicate isSink = Candidate::isSink/2; - predicate isNeutral(Candidate::Endpoint e) { Candidate::isNeutral(e) } + predicate isNeutral = Candidate::isNeutral/1; /** * Holds if `sink` is a known sink of type `endpointType`. @@ -94,8 +107,17 @@ module SharedCharacteristics { not exists(getAReasonSinkExcluded(candidateSink, sinkType)) } - predicate hasMetadata(Candidate::Endpoint n, string metadata) { - Candidate::hasMetadata(n, metadata) + predicate hasMetadata = Candidate::hasMetadata/2; + + /** + * If it exists, gets a related location for a given endpoint or candidate. + * If it doesn't exist, returns the candidate itself as a 'null' value. + */ + bindingset[name] + Candidate::RelatedLocation getRelatedLocationOrCandidate(Candidate::Endpoint e, string name) { + if exists(Candidate::getRelatedLocation(e, name)) + then result = Candidate::getRelatedLocation(e, name) + else result = Candidate::toRelatedLocation(e) } /** From 4c6711d0071f1990b4a5d3abde3aa8ad80467915 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 3 May 2023 10:30:04 +0200 Subject: [PATCH 126/870] JS: Clarify the difference between context and input sources --- .../javascript/frameworks/ActionsLib.qll | 31 +++++++++++++++---- 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll b/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll index 2b0948cb721..512abfc0379 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll @@ -37,15 +37,34 @@ private API::Node taintSource() { result = commitObj().getMember("message") or result = commitObj().getMember(["author", "committer"]).getMember(["name", "email"]) - or - result = - API::moduleImport("@actions/core").getMember(["getInput", "getMultilineInput"]).getReturn() } -private class GitHubActionsSource extends RemoteFlowSource { - GitHubActionsSource() { this = taintSource().asSource() } +/** + * A source of taint originating from the context. + */ +private class GitHubActionsContextSource extends RemoteFlowSource { + GitHubActionsContextSource() { this = taintSource().asSource() } - override string getSourceType() { result = "GitHub Actions input" } + override string getSourceType() { result = "GitHub Actions context" } +} + +/** + * A source of taint originating from user input. + * + * At the momemnt this is treated as a remote flow source, although it is not + * always possible for an attacker to control this. In the future we might classify + * this differently. + */ +private class GitHubActionsInputSource extends RemoteFlowSource { + GitHubActionsInputSource() { + this = + API::moduleImport("@actions/core") + .getMember(["getInput", "getMultilineInput"]) + .getReturn() + .asSource() + } + + override string getSourceType() { result = "GitHub Actions user input" } } private class ExecActionsCall extends SystemCommandExecution, DataFlow::CallNode { From b9ad4177f90fd881bfd647f75ee8b1ab18587c88 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 3 May 2023 10:48:14 +0200 Subject: [PATCH 127/870] JS: List safe environment variables in IndirectCommandInjection --- ...IndirectCommandInjectionCustomizations.qll | 32 +++++++++++++++++++ .../IndirectCommandInjection.expected | 21 ++++++++++++ .../IndirectCommandInjection/actions.js | 11 +++++++ 3 files changed, 64 insertions(+) create mode 100644 javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/actions.js diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll index 132f8c7979c..5d84291f1de 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll @@ -49,6 +49,38 @@ module IndirectCommandInjection { override string describe() { result = "environment variable" } } + /** Gets a data flow node referring to `process.env`. */ + private DataFlow::SourceNode envObject(DataFlow::TypeTracker t) { + t.start() and + result = NodeJSLib::process().getAPropertyRead("env") + or + exists(DataFlow::TypeTracker t2 | result = envObject(t2).track(t2, t)) + } + + /** Gets a data flow node referring to `process.env`. */ + DataFlow::SourceNode envObject() { result = envObject(DataFlow::TypeTracker::end()) } + + /** + * Gets the name of an environment variable that is assumed to be safe. + */ + private string getASafeEnvironmentVariable() { + result = + [ + "GITHUB_ACTION", "GITHUB_ACTION_PATH", "GITHUB_ACTION_REPOSITORY", "GITHUB_ACTIONS", + "GITHUB_ACTOR", "GITHUB_API_URL", "GITHUB_BASE_REF", "GITHUB_ENV", "GITHUB_EVENT_NAME", + "GITHUB_EVENT_PATH", "GITHUB_GRAPHQL_URL", "GITHUB_JOB", "GITHUB_PATH", "GITHUB_REF", + "GITHUB_REPOSITORY", "GITHUB_REPOSITORY_OWNER", "GITHUB_RUN_ID", "GITHUB_RUN_NUMBER", + "GITHUB_SERVER_URL", "GITHUB_SHA", "GITHUB_WORKFLOW", "GITHUB_WORKSPACE" + ] + } + + /** Sanitizer that blocks flow through safe environment variables. */ + private class SafeEnvVariableSanitizer extends Sanitizer { + SafeEnvVariableSanitizer() { + this = envObject().getAPropertyRead(getASafeEnvironmentVariable()) + } + } + /** * An object containing parsed command-line arguments, considered as a flow source for command injection. */ diff --git a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected index 4173f8d67ad..9b504a68acd 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected @@ -1,4 +1,14 @@ nodes +| actions.js:3:6:3:16 | process.env | +| actions.js:3:6:3:16 | process.env | +| actions.js:3:6:3:29 | process ... _DATA'] | +| actions.js:3:6:3:29 | process ... _DATA'] | +| actions.js:6:15:6:15 | e | +| actions.js:7:10:7:10 | e | +| actions.js:7:10:7:23 | e['TEST_DATA'] | +| actions.js:7:10:7:23 | e['TEST_DATA'] | +| actions.js:11:6:11:16 | process.env | +| actions.js:11:6:11:16 | process.env | | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | @@ -212,6 +222,15 @@ nodes | command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | | command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | edges +| actions.js:3:6:3:16 | process.env | actions.js:3:6:3:29 | process ... _DATA'] | +| actions.js:3:6:3:16 | process.env | actions.js:3:6:3:29 | process ... _DATA'] | +| actions.js:3:6:3:16 | process.env | actions.js:3:6:3:29 | process ... _DATA'] | +| actions.js:3:6:3:16 | process.env | actions.js:3:6:3:29 | process ... _DATA'] | +| actions.js:6:15:6:15 | e | actions.js:7:10:7:10 | e | +| actions.js:7:10:7:10 | e | actions.js:7:10:7:23 | e['TEST_DATA'] | +| actions.js:7:10:7:10 | e | actions.js:7:10:7:23 | e['TEST_DATA'] | +| actions.js:11:6:11:16 | process.env | actions.js:6:15:6:15 | e | +| actions.js:11:6:11:16 | process.env | actions.js:6:15:6:15 | e | | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | | command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | | command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | @@ -400,6 +419,8 @@ edges | command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | | command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | #select +| actions.js:3:6:3:29 | process ... _DATA'] | actions.js:3:6:3:16 | process.env | actions.js:3:6:3:29 | process ... _DATA'] | This command depends on an unsanitized $@. | actions.js:3:6:3:16 | process.env | environment variable | +| actions.js:7:10:7:23 | e['TEST_DATA'] | actions.js:11:6:11:16 | process.env | actions.js:7:10:7:23 | e['TEST_DATA'] | This command depends on an unsanitized $@. | actions.js:11:6:11:16 | process.env | environment variable | | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line argument | | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line argument | | command-line-parameter-command-injection.js:11:14:11:20 | args[0] | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:11:14:11:20 | args[0] | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line argument | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/actions.js b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/actions.js new file mode 100644 index 00000000000..dc2238f777d --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/actions.js @@ -0,0 +1,11 @@ +import { exec } from "@actions/exec"; + +exec(process.env['TEST_DATA']); // NOT OK +exec(process.env['GITHUB_ACTION']); // OK + +function test(e) { + exec(e['TEST_DATA']); // NOT OK + exec(e['GITHUB_ACTION']); // OK +} + +test(process.env); From 05bf13b020e780aea02e6b2e758ff66bf4cf16cd Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 3 May 2023 11:27:14 +0200 Subject: [PATCH 128/870] use getCallable predicate --- .../AutomodelEndpointCharacteristics.qll | 24 ++++++++++--------- .../AutomodelExtractPositiveExamples.ql | 15 ++++-------- .../AutomodelSharedCharacteristics.qll | 2 +- 3 files changed, 18 insertions(+), 23 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll b/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll index c091a763dee..90420dafec0 100644 --- a/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll @@ -78,11 +78,11 @@ module CandidatesImpl implements SharedCharacteristics::CandidateSig { Endpoint e, string package, string type, boolean subtypes, string name, string signature, string ext, string input ) { - package = e.getEnclosingCallable().getDeclaringType().getPackage().toString() and - type = e.getEnclosingCallable().getDeclaringType().getName() and + package = getCallable(e).getDeclaringType().getPackage().toString() and + type = getCallable(e).getDeclaringType().getName() and subtypes = false and - name = e.getEnclosingCallable().getName() and - signature = ExternalFlow::paramsString(e.getEnclosingCallable()) and + name = getCallable(e).getName() and + signature = ExternalFlow::paramsString(getCallable(e)) and ext = "" and exists(int paramIdx | e.isParameterOf(_, paramIdx) | input = "Argument[" + paramIdx + "]") } @@ -116,13 +116,15 @@ module CandidatesImpl implements SharedCharacteristics::CandidateSig { RelatedLocation getRelatedLocation(Endpoint e, string name) { name = "Callable-JavaDoc" and - result = e.getEnclosingCallable().(Documentable).getJavadoc() + result = getCallable(e).(Documentable).getJavadoc() or name = "Class-JavaDoc" and -result = e.getEnclosingCallable().getDeclaringType().(Documentable).getJavadoc() + result = getCallable(e).getDeclaringType().(Documentable).getJavadoc() } } +Callable getCallable(Endpoint e) { result = e.getEnclosingCallable() } + module CharacteristicsImpl = SharedCharacteristics::SharedCharacteristics; class EndpointCharacteristic = CharacteristicsImpl::EndpointCharacteristic; @@ -180,8 +182,8 @@ private class UnexploitableIsCharacteristic extends CharacteristicsImpl::NotASin override predicate appliesToEndpoint(Endpoint e) { not CandidatesImpl::isSink(e, _) and - e.getEnclosingCallable().getName().matches("is%") and - e.getEnclosingCallable().getReturnType() instanceof BooleanType + getCallable(e).getName().matches("is%") and + getCallable(e).getReturnType() instanceof BooleanType } } @@ -199,7 +201,7 @@ private class UnexploitableExistsCharacteristic extends CharacteristicsImpl::Not override predicate appliesToEndpoint(Endpoint e) { not CandidatesImpl::isSink(e, _) and exists(Callable callable | - callable = e.getEnclosingCallable() and + callable = getCallable(e) and ( callable.getName().toLowerCase() = "exists" or callable.getName().toLowerCase() = "notexists" @@ -216,7 +218,7 @@ private class ExceptionCharacteristic extends CharacteristicsImpl::NotASinkChara ExceptionCharacteristic() { this = "exception" } override predicate appliesToEndpoint(Endpoint e) { - e.getEnclosingCallable().getDeclaringType().getASupertype*() instanceof TypeThrowable + getCallable(e).getDeclaringType().getASupertype*() instanceof TypeThrowable } } @@ -257,7 +259,7 @@ private class NonPublicMethodCharacteristic extends CharacteristicsImpl::Uninter { NonPublicMethodCharacteristic() { this = "non-public method" } - override predicate appliesToEndpoint(Endpoint e) { not e.getEnclosingCallable().isPublic() } + override predicate appliesToEndpoint(Endpoint e) { not getCallable(e).isPublic() } } /** diff --git a/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql b/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql index 2175b3133cb..15dcb930573 100644 --- a/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql +++ b/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql @@ -21,17 +21,10 @@ where // Extract positive examples of sinks belonging to the existing ATM query configurations. ( CharacteristicsImpl::isKnownSink(sink, sinkType) and - // If there are _any_ erroneous endpoints, return an error message for all rows. This will prevent us from - // accidentally running this query when there's a codex-generated data extension file in `java/ql/lib/ext`. - if not erroneousEndpoints(_, _, _, _, _, true) - then - message = - sinkType + "\n" + - // Extract the needed metadata for this endpoint. - any(string metadata | CharacteristicsImpl::hasMetadata(sink, metadata)) - else - message = - "Error: There are erroneous endpoints! Please check whether there's a codex-generated data extension file in `java/ql/lib/ext`." + message = + sinkType + "\n" + + // Extract the needed metadata for this endpoint. + any(string metadata | CharacteristicsImpl::hasMetadata(sink, metadata)) ) select sink, message + "\nrelated locations: $@, $@", CharacteristicsImpl::getRelatedLocationOrCandidate(sink, "Callable-JavaDoc"), diff --git a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll index 12d8ab21470..9b44ccc2809 100644 --- a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll @@ -19,7 +19,7 @@ signature module CandidateSig { class Endpoint; /** - * A related location for an endpoint. This will typically be bound to the supertype of all AST nodes. + * A related location for an endpoint. This will typically be bound to the supertype of all AST nodes (eg., `Top`). */ class RelatedLocation; From dfb9d88198316d4e09d114b0185102237a601184 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 3 May 2023 14:17:06 +0200 Subject: [PATCH 129/870] fix ql-for-ql errors --- java/ql/src/Telemetry/AutomodelExtractCandidates.ql | 2 +- java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql | 2 +- java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelExtractCandidates.ql b/java/ql/src/Telemetry/AutomodelExtractCandidates.ql index 35f3ac78d90..a0b575f2ccf 100644 --- a/java/ql/src/Telemetry/AutomodelExtractCandidates.ql +++ b/java/ql/src/Telemetry/AutomodelExtractCandidates.ql @@ -36,7 +36,7 @@ where ) + "\n" + // Extract the needed metadata for this endpoint. any(string metadata | CharacteristicsImpl::hasMetadata(endpoint, metadata)) -select endpoint, message + "\nrelated locations: $@, $@", // +select endpoint, message + "\nrelated locations: $@, $@.", // CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, "Callable-JavaDoc"), "Callable-JavaDoc", // CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, "Class-JavaDoc"), "Class-JavaDoc" // diff --git a/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql b/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql index 1d6e615ed55..694637862e5 100644 --- a/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql +++ b/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql @@ -33,7 +33,7 @@ where characteristic + "\n" + // Extract the needed metadata for this endpoint. any(string metadata | CharacteristicsImpl::hasMetadata(endpoint, metadata)) -select endpoint, message + "\nrelated locations: $@, $@", +select endpoint, message + "\nrelated locations: $@, $@.", CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, "Callable-JavaDoc"), "Callable-JavaDoc", // CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, "Class-JavaDoc"), "Class-JavaDoc" // diff --git a/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql b/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql index 15dcb930573..62470d19c89 100644 --- a/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql +++ b/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql @@ -26,7 +26,7 @@ where // Extract the needed metadata for this endpoint. any(string metadata | CharacteristicsImpl::hasMetadata(sink, metadata)) ) -select sink, message + "\nrelated locations: $@, $@", +select sink, message + "\nrelated locations: $@, $@.", CharacteristicsImpl::getRelatedLocationOrCandidate(sink, "Callable-JavaDoc"), "Callable-JavaDoc", // CharacteristicsImpl::getRelatedLocationOrCandidate(sink, "Class-JavaDoc"), "Class-JavaDoc" // From 2fd8b87bcd2d1b1898847519fe221694b046510d Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 3 May 2023 13:31:27 +0100 Subject: [PATCH 130/870] Apply suggestions from code review Co-authored-by: Mathias Vorreiter Pedersen --- .../analyzing-data-flow-in-swift.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst index f117f233109..679950943ea 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst @@ -29,12 +29,12 @@ The ``Node`` class has a number of useful subclasses, such as ``ExprNode`` for e /** * Gets this node's underlying expression, if any. */ - Expr asExpr() { none() } + Expr asExpr() { ... } /** * Gets this data flow node's corresponding control flow node. */ - ControlFlowNode getCfgNode() { none() } + ControlFlowNode getCfgNode() { ... } ... } @@ -96,7 +96,7 @@ This query finds the ``format`` argument passed into each call to ``String.init( import swift - from CallExpr call, MethodDecl method + from CallExpr call, Method method where call.getStaticTarget() = method and method.hasQualifiedName("String", "init(format:_:)") @@ -110,7 +110,7 @@ So we use local data flow to find all expressions that flow into the argument: import swift import codeql.swift.dataflow.DataFlow - from CallExpr call, MethodDecl method, Expr sourceExpr, Expr sinkExpr + from CallExpr call, Method method, Expr sourceExpr, Expr sinkExpr where call.getStaticTarget() = method and method.hasQualifiedName("String", "init(format:_:)") and @@ -247,7 +247,7 @@ The following global taint-tracking query finds places where a string literal is from DataFlow::Node sourceNode, DataFlow::Node sinkNode where ConstantPasswordFlow::flow(sourceNode, sinkNode) - select sinkNode, "The value '" + sourceNode.toString() + "' is used as a constant password." + select sinkNode, "The value $@ is used as a constant password.", sourceNode, sourceNode.toString() The following global taint-tracking query finds places where a value from a remote or local user input is used as an argument to the SQLite ``Connection.execute(_:)`` function. @@ -267,7 +267,7 @@ The following global taint-tracking query finds places where a value from a remo predicate isSink(DataFlow::Node node) { exists(CallExpr call | - call.getStaticTarget().(MethodDecl).hasQualifiedName("Connection", "execute(_:)") and + call.getStaticTarget().(Method).hasQualifiedName("Connection", "execute(_:)") and call.getArgument(0).getExpr() = node.asExpr() ) } From 1084d7ff0e804eb38a2596d581657b0123264c6a Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 3 May 2023 13:35:07 +0100 Subject: [PATCH 131/870] Swift: Correct a couple more cases. --- .../codeql-language-guides/analyzing-data-flow-in-swift.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst index 679950943ea..3d440b4863e 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst @@ -125,7 +125,7 @@ We can vary the source, for example, making the source the parameter of a functi import swift import codeql.swift.dataflow.DataFlow - from CallExpr call, MethodDecl method, ParamDecl sourceParam, Expr sinkExpr + from CallExpr call, Method method, ParamDecl sourceParam, Expr sinkExpr where call.getStaticTarget() = method and method.hasQualifiedName("String", "init(format:_:)") and @@ -140,7 +140,7 @@ The following example finds calls to ``String.init(format:_:)`` where the format import swift import codeql.swift.dataflow.DataFlow - from CallExpr call, MethodDecl method, Expr sinkExpr + from CallExpr call, Method method, Expr sinkExpr where call.getStaticTarget() = method and method.hasQualifiedName("String", "init(format:_:)") and From 6d29273c43098dfa8b2ee7fb070211950a9a1b9d Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 3 May 2023 14:36:42 +0200 Subject: [PATCH 132/870] make framework mode explicit in file/module names --- ...AutomodelFrameworkModeCharacteristics.qll} | 23 +++++++------------ .../AutomodelSharedCharacteristics.qll | 14 +++++------ 2 files changed, 15 insertions(+), 22 deletions(-) rename java/ql/src/Telemetry/{AutomodelEndpointCharacteristics.qll => AutomodelFrameworkModeCharacteristics.qll} (95%) diff --git a/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll similarity index 95% rename from java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll rename to java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll index 90420dafec0..d4228536822 100644 --- a/java/ql/src/Telemetry/AutomodelEndpointCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll @@ -17,7 +17,7 @@ private import semmle.code.java.dataflow.internal.ModelExclusions as ModelExclus import AutomodelSharedCharacteristics as SharedCharacteristics import AutomodelEndpointTypes as AutomodelEndpointTypes -module CandidatesImpl implements SharedCharacteristics::CandidateSig { +module FrameworkCandidatesImpl implements SharedCharacteristics::CandidateSig { class Endpoint = DataFlow::ParameterNode; class EndpointType = AutomodelEndpointTypes::EndpointType; @@ -29,7 +29,7 @@ module CandidatesImpl implements SharedCharacteristics::CandidateSig { // Sanitizers are currently not modeled in MaD. TODO: check if this has large negative impact. predicate isSanitizer(Endpoint e, EndpointType t) { none() } - RelatedLocation toRelatedLocation(Endpoint e) { result = e.asParameter() } + RelatedLocation asLocation(Endpoint e) { result = e.asParameter() } predicate isKnownLabel(string label, string humanReadableLabel, EndpointType type) { label = "read-file" and @@ -89,18 +89,11 @@ module CandidatesImpl implements SharedCharacteristics::CandidateSig { predicate hasMetadata(Endpoint e, string metadata) { exists( - string package, string type, boolean subtypes, string name, string signature, string ext, - int input, boolean isPublic, boolean isFinal, boolean isStatic + string package, string type, boolean subtypes, string name, string signature, int input, + boolean isPublic, boolean isFinal, boolean isStatic | hasMetadata(e, package, type, name, signature, input, isFinal, isStatic, isPublic) and (if isFinal = true or isStatic = true then subtypes = false else subtypes = true) and - ext = "" and - /* - * "ext" will always be empty for automodeling; it's a mechanism for - * specifying that the model should apply for parameters that have - * a certain annotation. - */ - metadata = "{" // + "'Package': '" + package // @@ -125,11 +118,11 @@ module CandidatesImpl implements SharedCharacteristics::CandidateSig { Callable getCallable(Endpoint e) { result = e.getEnclosingCallable() } -module CharacteristicsImpl = SharedCharacteristics::SharedCharacteristics; +module CharacteristicsImpl = SharedCharacteristics::SharedCharacteristics; class EndpointCharacteristic = CharacteristicsImpl::EndpointCharacteristic; -class Endpoint = CandidatesImpl::Endpoint; +class Endpoint = FrameworkCandidatesImpl::Endpoint; /* * Predicates that are used to surface prompt examples and candidates for classification with an ML model. @@ -181,7 +174,7 @@ private class UnexploitableIsCharacteristic extends CharacteristicsImpl::NotASin UnexploitableIsCharacteristic() { this = "unexploitable (is-style boolean method)" } override predicate appliesToEndpoint(Endpoint e) { - not CandidatesImpl::isSink(e, _) and + not FrameworkCandidatesImpl::isSink(e, _) and getCallable(e).getName().matches("is%") and getCallable(e).getReturnType() instanceof BooleanType } @@ -199,7 +192,7 @@ private class UnexploitableExistsCharacteristic extends CharacteristicsImpl::Not UnexploitableExistsCharacteristic() { this = "unexploitable (existence-checking boolean method)" } override predicate appliesToEndpoint(Endpoint e) { - not CandidatesImpl::isSink(e, _) and + not FrameworkCandidatesImpl::isSink(e, _) and exists(Callable callable | callable = getCallable(e) and ( diff --git a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll index 9b44ccc2809..abb549317f8 100644 --- a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll @@ -13,7 +13,7 @@ float mediumConfidence() { result = 0.6 } */ signature module CandidateSig { /** - * An endpoint is a potential candidate for modelling. This will typically be bound to the language's + * An endpoint is a potential candidate for modeling. This will typically be bound to the language's * DataFlow node class, or a subtype thereof. */ class Endpoint; @@ -26,17 +26,17 @@ signature module CandidateSig { /** * A class label for an endpoint. */ - class EndpointType; + class EndpointType extends string; /** * An EndpointType that denotes the absence of any sink. */ class NegativeEndpointType extends EndpointType; - RelatedLocation toRelatedLocation(Endpoint e); + RelatedLocation asLocation(Endpoint e); /** - * Defines what labels are known, and what endpoint type they correspond to. + * Defines what MaD labels are known, and what endpoint type they correspond to. */ predicate isKnownLabel(string label, string humanReadableLabel, EndpointType type); @@ -117,7 +117,7 @@ module SharedCharacteristics { Candidate::RelatedLocation getRelatedLocationOrCandidate(Candidate::Endpoint e, string name) { if exists(Candidate::getRelatedLocation(e, name)) then result = Candidate::getRelatedLocation(e, name) - else result = Candidate::toRelatedLocation(e) + else result = Candidate::asLocation(e) } /** @@ -152,8 +152,8 @@ module SharedCharacteristics { */ abstract class EndpointCharacteristic extends string { /** - * Holds when the string matches the name of the characteristic, which should describe some characteristic of the - * endpoint that is meaningful for determining whether it's a sink and if so of which type + * The name of the characteristic. This should describe some property of an + * endpoint that is meaningful for determining whether it's a sink, and if so, of which sink type. */ bindingset[this] EndpointCharacteristic() { any() } From 2999b5fea1b88c47e6d09e2dba6343660e882f96 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 3 May 2023 14:29:39 +0100 Subject: [PATCH 133/870] Swift: Mathias's fix for the non-constant format example. --- .../codeql-language-guides/analyzing-data-flow-in-swift.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst index 3d440b4863e..3f0c38f8593 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst @@ -140,13 +140,13 @@ The following example finds calls to ``String.init(format:_:)`` where the format import swift import codeql.swift.dataflow.DataFlow - from CallExpr call, Method method, Expr sinkExpr + from CallExpr call, Method method, DataFlow::Node sinkNode where call.getStaticTarget() = method and method.hasQualifiedName("String", "init(format:_:)") and - sinkExpr = call.getArgument(0).getExpr() and + sinkNode.asExpr() = call.getArgument(0).getExpr() and not exists(StringLiteralExpr sourceLiteral | - DataFlow::localFlow(DataFlow::exprNode(sourceLiteral), DataFlow::exprNode(sinkExpr)) + DataFlow::localFlow(DataFlow::exprNode(sourceLiteral), sinkNode) ) select call, "Format argument to " + method.getName() + " isn't hard-coded." From 02dc9be2397d0a7597eb09f28bfc54ab1acdda52 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 3 May 2023 14:31:48 +0100 Subject: [PATCH 134/870] Swift: Fix the versions in 'examples' as well. --- swift/ql/examples/snippets/simple_constant_password.ql | 2 +- swift/ql/examples/snippets/simple_sql_injection.ql | 2 +- .../examples/snippets/simple_uncontrolled_string_format.ql | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/swift/ql/examples/snippets/simple_constant_password.ql b/swift/ql/examples/snippets/simple_constant_password.ql index b101d700ec3..1307ea2d968 100644 --- a/swift/ql/examples/snippets/simple_constant_password.ql +++ b/swift/ql/examples/snippets/simple_constant_password.ql @@ -23,4 +23,4 @@ module ConstantPasswordFlow = TaintTracking::Global; from DataFlow::Node sourceNode, DataFlow::Node sinkNode where ConstantPasswordFlow::flow(sourceNode, sinkNode) -select sinkNode, "The value '" + sourceNode.toString() + "' is used as a constant password." +select sinkNode, "The value $@ is used as a constant password.", sourceNode, sourceNode.toString() diff --git a/swift/ql/examples/snippets/simple_sql_injection.ql b/swift/ql/examples/snippets/simple_sql_injection.ql index 7695e62e599..46e7fb6ae31 100644 --- a/swift/ql/examples/snippets/simple_sql_injection.ql +++ b/swift/ql/examples/snippets/simple_sql_injection.ql @@ -17,7 +17,7 @@ module SqlInjectionConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node node) { exists(CallExpr call | - call.getStaticTarget().(MethodDecl).hasQualifiedName("Connection", "execute(_:)") and + call.getStaticTarget().(Method).hasQualifiedName("Connection", "execute(_:)") and call.getArgument(0).getExpr() = node.asExpr() ) } diff --git a/swift/ql/examples/snippets/simple_uncontrolled_string_format.ql b/swift/ql/examples/snippets/simple_uncontrolled_string_format.ql index ea4f34a1a9f..1e4ab990277 100644 --- a/swift/ql/examples/snippets/simple_uncontrolled_string_format.ql +++ b/swift/ql/examples/snippets/simple_uncontrolled_string_format.ql @@ -9,12 +9,12 @@ import swift import codeql.swift.dataflow.DataFlow -from CallExpr call, MethodDecl method, Expr sinkExpr +from CallExpr call, Method method, DataFlow::Node sinkNode where call.getStaticTarget() = method and method.hasQualifiedName("String", "init(format:_:)") and - sinkExpr = call.getArgument(0).getExpr() and + sinkNode.asExpr() = call.getArgument(0).getExpr() and not exists(StringLiteralExpr sourceLiteral | - DataFlow::localFlow(DataFlow::exprNode(sourceLiteral), DataFlow::exprNode(sinkExpr)) + DataFlow::localFlow(DataFlow::exprNode(sourceLiteral), sinkNode) ) select call, "Format argument to " + method.getName() + " isn't hard-coded." From 02ae44a91164d88226570bde0bbc06bc4fa3d4ef Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 3 May 2023 14:48:27 +0100 Subject: [PATCH 135/870] Update docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst Co-authored-by: Mathias Vorreiter Pedersen --- .../codeql-language-guides/analyzing-data-flow-in-swift.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst index 3f0c38f8593..31786637bde 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst @@ -188,7 +188,7 @@ These predicates are defined in the configuration: - ``isBarrier`` - optionally, restricts the data flow. - ``isAdditionalFlowStep`` - optionally, adds additional flow steps. -The last line (``module MyDataFlow = ...``) performs data flow analysis using the configuration, and its results can be accessed with ``MyDataFlow::flow(DataFlow::Node source, DataFlow::Node sink)``: +The last line (``module MyDataFlow = ...``) instantiates the parameterized module for data flow analysis by passing the configuration to the parameterized module. Data flow analysis can then be performed using ``MyDataFlow::flow(DataFlow::Node source, DataFlow::Node sink)``: .. code-block:: ql From 32f2614fe0e324dc1c4fc87d81a2f0abc35eda1b Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 3 May 2023 16:00:50 +0200 Subject: [PATCH 136/870] add typecheckable mechanism to enforce minimal set of metadata --- .../Telemetry/AutomodelExtractCandidates.ql | 28 +++--- .../AutomodelExtractNegativeExamples.ql | 24 ++--- .../AutomodelExtractPositiveExamples.ql | 30 +++---- .../AutomodelFrameworkModeCharacteristics.qll | 88 +++++++++---------- .../AutomodelSharedCharacteristics.qll | 15 ---- 5 files changed, 85 insertions(+), 100 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelExtractCandidates.ql b/java/ql/src/Telemetry/AutomodelExtractCandidates.ql index a0b575f2ccf..eb94f1698fc 100644 --- a/java/ql/src/Telemetry/AutomodelExtractCandidates.ql +++ b/java/ql/src/Telemetry/AutomodelExtractCandidates.ql @@ -12,9 +12,11 @@ * @tags internal automodel extract candidates */ -import AutomodelEndpointCharacteristics +private import AutomodelFrameworkModeCharacteristics -from Endpoint endpoint, string message +from + Endpoint endpoint, string message, MetadataExtractor meta, string package, string type, + boolean subtypes, string name, string signature, int input where not exists(CharacteristicsImpl::UninterestingToModelCharacteristic u | u.appliesToEndpoint(endpoint) @@ -25,18 +27,20 @@ where // overlap between our detected sinks and the pre-existing modeling. We assume that, if a sink has already been // modeled in a MaD model, then it doesn't belong to any additional sink types, and we don't need to reexamine it. not CharacteristicsImpl::isSink(endpoint, _) and + meta.hasMetadata(endpoint, package, type, subtypes, name, signature, input) and // The message is the concatenation of all sink types for which this endpoint is known neither to be a sink nor to be // a non-sink, and we surface only endpoints that have at least one such sink type. message = strictconcat(AutomodelEndpointTypes::SinkType sinkType | - not CharacteristicsImpl::isKnownSink(endpoint, sinkType) and - CharacteristicsImpl::isSinkCandidate(endpoint, sinkType) - | - sinkType + ", " - ) + "\n" + - // Extract the needed metadata for this endpoint. - any(string metadata | CharacteristicsImpl::hasMetadata(endpoint, metadata)) -select endpoint, message + "\nrelated locations: $@, $@.", // + not CharacteristicsImpl::isKnownSink(endpoint, sinkType) and + CharacteristicsImpl::isSinkCandidate(endpoint, sinkType) + | + sinkType + ", " + ) +select endpoint, + message + "\nrelated locations: $@, $@." + "\nmetadata: $@, $@, $@, $@, $@, $@.", // CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, "Callable-JavaDoc"), - "Callable-JavaDoc", // - CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, "Class-JavaDoc"), "Class-JavaDoc" // + "Callable-JavaDoc", CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, "Class-JavaDoc"), + "Class-JavaDoc", // + package, "package", type, "type", subtypes.toString(), "subtypes", name, "name", signature, + "signature", input.toString(), "input" // diff --git a/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql b/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql index 694637862e5..86dac852487 100644 --- a/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql +++ b/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql @@ -8,10 +8,13 @@ * @tags internal automodel extract examples negative */ -import AutomodelEndpointCharacteristics -import AutomodelEndpointTypes +private import AutomodelFrameworkModeCharacteristics +private import AutomodelEndpointTypes -from Endpoint endpoint, EndpointCharacteristic characteristic, float confidence, string message +from + Endpoint endpoint, EndpointCharacteristic characteristic, float confidence, string message, + MetadataExtractor meta, string package, string type, boolean subtypes, string name, + string signature, int input where characteristic.appliesToEndpoint(endpoint) and confidence >= SharedCharacteristics::highConfidence() and @@ -19,6 +22,7 @@ where // Exclude endpoints that have contradictory endpoint characteristics, because we only want examples we're highly // certain about in the prompt. not erroneousEndpoints(endpoint, _, _, _, _, false) and + meta.hasMetadata(endpoint, package, type, subtypes, name, signature, input) and // It's valid for a node to satisfy the logic for both `isSink` and `isSanitizer`, but in that case it will be // treated by the actual query as a sanitizer, since the final logic is something like // `isSink(n) and not isSanitizer(n)`. We don't want to include such nodes as negative examples in the prompt, because @@ -29,11 +33,11 @@ where confidence2 >= SharedCharacteristics::maximalConfidence() and characteristic2.hasImplications(positiveType, true, confidence2) ) and - message = - characteristic + "\n" + - // Extract the needed metadata for this endpoint. - any(string metadata | CharacteristicsImpl::hasMetadata(endpoint, metadata)) -select endpoint, message + "\nrelated locations: $@, $@.", + message = characteristic +select endpoint, + message + "\nrelated locations: $@, $@." + "\nmetadata: $@, $@, $@, $@, $@, $@.", // CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, "Callable-JavaDoc"), - "Callable-JavaDoc", // - CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, "Class-JavaDoc"), "Class-JavaDoc" // + "Callable-JavaDoc", CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, "Class-JavaDoc"), + "Class-JavaDoc", // + package, "package", type, "type", subtypes.toString(), "subtypes", name, "name", signature, + "signature", input.toString(), "input" // diff --git a/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql b/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql index 62470d19c89..af84d3a2db4 100644 --- a/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql +++ b/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql @@ -8,25 +8,23 @@ * @tags internal automodel extract examples positive */ -private import java -private import semmle.code.java.security.ExternalAPIs as ExternalAPIs -private import AutomodelEndpointCharacteristics +private import AutomodelFrameworkModeCharacteristics private import AutomodelEndpointTypes -from Endpoint sink, SinkType sinkType, string message +from + Endpoint endpoint, SinkType sinkType, MetadataExtractor meta, string package, string type, + boolean subtypes, string name, string signature, int input where // Exclude endpoints that have contradictory endpoint characteristics, because we only want examples we're highly // certain about in the prompt. - not erroneousEndpoints(sink, _, _, _, _, false) and + not erroneousEndpoints(endpoint, _, _, _, _, false) and + meta.hasMetadata(endpoint, package, type, subtypes, name, signature, input) and // Extract positive examples of sinks belonging to the existing ATM query configurations. - ( - CharacteristicsImpl::isKnownSink(sink, sinkType) and - message = - sinkType + "\n" + - // Extract the needed metadata for this endpoint. - any(string metadata | CharacteristicsImpl::hasMetadata(sink, metadata)) - ) -select sink, message + "\nrelated locations: $@, $@.", - CharacteristicsImpl::getRelatedLocationOrCandidate(sink, "Callable-JavaDoc"), - "Callable-JavaDoc", // - CharacteristicsImpl::getRelatedLocationOrCandidate(sink, "Class-JavaDoc"), "Class-JavaDoc" // + CharacteristicsImpl::isKnownSink(endpoint, sinkType) +select endpoint, + sinkType + "\nrelated locations: $@, $@." + "\nmetadata: $@, $@, $@, $@, $@, $@.", // + CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, "Callable-JavaDoc"), + "Callable-JavaDoc", CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, "Class-JavaDoc"), + "Class-JavaDoc", // + package, "package", type, "type", subtypes.toString(), "subtypes", name, "name", signature, + "signature", input.toString(), "input" // diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll index d4228536822..2290e86cec4 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll @@ -17,6 +17,22 @@ private import semmle.code.java.dataflow.internal.ModelExclusions as ModelExclus import AutomodelSharedCharacteristics as SharedCharacteristics import AutomodelEndpointTypes as AutomodelEndpointTypes +Callable getCallable(DataFlow::ParameterNode e) { result = e.getEnclosingCallable() } + +/** + * A meta data extractor. Any Java extraction mode needs to implement exactly + * one instance of this class. + */ +abstract class MetadataExtractor extends string { + bindingset[this] + MetadataExtractor() { any() } + + abstract predicate hasMetadata( + DataFlow::ParameterNode e, string package, string type, boolean subtypes, string name, + string signature, int input + ); +} + module FrameworkCandidatesImpl implements SharedCharacteristics::CandidateSig { class Endpoint = DataFlow::ParameterNode; @@ -87,26 +103,6 @@ module FrameworkCandidatesImpl implements SharedCharacteristics::CandidateSig { exists(int paramIdx | e.isParameterOf(_, paramIdx) | input = "Argument[" + paramIdx + "]") } - predicate hasMetadata(Endpoint e, string metadata) { - exists( - string package, string type, boolean subtypes, string name, string signature, int input, - boolean isPublic, boolean isFinal, boolean isStatic - | - hasMetadata(e, package, type, name, signature, input, isFinal, isStatic, isPublic) and - (if isFinal = true or isStatic = true then subtypes = false else subtypes = true) and - metadata = - "{" // - + "'Package': '" + package // - + "', 'Type': '" + type // - + "', 'Subtypes': " + subtypes // - + ", 'Name': '" + name // - + ", 'ParamName': '" + e.toString() // - + "', 'Signature': '" + signature // - + "', 'Argument index': " + input // - + "'}" // TODO: Why are the curly braces added twice? - ) - } - RelatedLocation getRelatedLocation(Endpoint e, string name) { name = "Callable-JavaDoc" and result = getCallable(e).(Documentable).getJavadoc() @@ -116,8 +112,6 @@ module FrameworkCandidatesImpl implements SharedCharacteristics::CandidateSig { } } -Callable getCallable(Endpoint e) { result = e.getEnclosingCallable() } - module CharacteristicsImpl = SharedCharacteristics::SharedCharacteristics; class EndpointCharacteristic = CharacteristicsImpl::EndpointCharacteristic; @@ -129,32 +123,32 @@ class Endpoint = FrameworkCandidatesImpl::Endpoint; */ /** - * Holds if `n` has the given metadata. - * - * This is a helper function to extract and export needed information about each endpoint. + * A MetadataExtractor that extracts metadata for framework mode. */ -predicate hasMetadata( - Endpoint n, string package, string type, string name, string signature, int input, - boolean isFinal, boolean isStatic, boolean isPublic -) { - exists(Callable callable | - n.asParameter() = callable.getParameter(input) and - package = callable.getDeclaringType().getPackage().getName() and - type = callable.getDeclaringType().getErasure().(RefType).nestedName() and - ( - if callable.isStatic() or callable.getDeclaringType().isStatic() - then isStatic = true - else isStatic = false - ) and - ( - if callable.isFinal() or callable.getDeclaringType().isFinal() - then isFinal = true - else isFinal = false - ) and - name = callable.getSourceDeclaration().getName() and - signature = ExternalFlow::paramsString(callable) and // TODO: Why are brackets being escaped (`\[\]` vs `[]`)? - (if callable.isPublic() then isPublic = true else isPublic = false) - ) +class FrameworkModeMetadataExtractor extends MetadataExtractor { + FrameworkModeMetadataExtractor() { this = "FrameworkModeMetadataExtractor" } + + override predicate hasMetadata( + Endpoint e, string package, string type, boolean subtypes, string name, string signature, + int input + ) { + exists(Callable callable | + e.asParameter() = callable.getParameter(input) and + package = callable.getDeclaringType().getPackage().getName() and + type = callable.getDeclaringType().getErasure().(RefType).nestedName() and + ( + if + callable.isStatic() or + callable.getDeclaringType().isStatic() or + callable.isFinal() or + callable.getDeclaringType().isFinal() + then subtypes = true + else subtypes = false + ) and + name = e.toString() and + signature = ExternalFlow::paramsString(callable) + ) + } } /* diff --git a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll index abb549317f8..2cbb346005c 100644 --- a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll @@ -55,19 +55,6 @@ signature module CandidateSig { */ predicate isNeutral(Endpoint e); - /** - * Holds if `e` has the given metadata. - * - * This is a helper function to extract and export needed information about each endpoint in the sink candidate query - * as well as the queries that extract positive and negative examples for the prompt / training set. The metadata is - * extracted as a string in the format of a Python dictionary, eg.: - * - * `{'Package': 'com.foo.util', 'Type': 'HelperClass', ... }`. - * - * The meta data will be passed on to the machine learning code by the extraction queries. - */ - predicate hasMetadata(Endpoint e, string metadata); - RelatedLocation getRelatedLocation(Endpoint e, string name); } @@ -107,8 +94,6 @@ module SharedCharacteristics { not exists(getAReasonSinkExcluded(candidateSink, sinkType)) } - predicate hasMetadata = Candidate::hasMetadata/2; - /** * If it exists, gets a related location for a given endpoint or candidate. * If it doesn't exist, returns the candidate itself as a 'null' value. From 1a9956354e64240846ce2ea8ed419617e8788fe7 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 3 May 2023 16:10:03 +0200 Subject: [PATCH 137/870] JS: Restrict getInput to indirect command injection query --- .../javascript/frameworks/ActionsLib.qll | 10 ++-- .../IndirectCommandInjection.expected | 47 ++++++++++--------- .../IndirectCommandInjection/actions.js | 3 ++ .../CodeInjection/CodeInjection.expected | 24 ++-------- .../HeuristicSourceCodeInjection.expected | 20 ++------ .../Security/CWE-094/CodeInjection/actions.js | 3 -- 6 files changed, 43 insertions(+), 64 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll b/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll index 512abfc0379..09733d783f1 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll @@ -3,6 +3,7 @@ */ private import javascript +private import semmle.javascript.security.dataflow.IndirectCommandInjectionCustomizations private API::Node payload() { result = API::moduleImport("@actions/github").getMember("context").getMember("payload") @@ -51,11 +52,10 @@ private class GitHubActionsContextSource extends RemoteFlowSource { /** * A source of taint originating from user input. * - * At the momemnt this is treated as a remote flow source, although it is not - * always possible for an attacker to control this. In the future we might classify - * this differently. + * At the momemnt this is only treated as a taint source for the indirect-command injection + * query. */ -private class GitHubActionsInputSource extends RemoteFlowSource { +private class GitHubActionsInputSource extends IndirectCommandInjection::Source { GitHubActionsInputSource() { this = API::moduleImport("@actions/core") @@ -64,7 +64,7 @@ private class GitHubActionsInputSource extends RemoteFlowSource { .asSource() } - override string getSourceType() { result = "GitHub Actions user input" } + override string describe() { result = "GitHub Actions user input" } } private class ExecActionsCall extends SystemCommandExecution, DataFlow::CallNode { diff --git a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected index 9b504a68acd..47d8d4adcb1 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected @@ -1,14 +1,17 @@ nodes -| actions.js:3:6:3:16 | process.env | -| actions.js:3:6:3:16 | process.env | -| actions.js:3:6:3:29 | process ... _DATA'] | -| actions.js:3:6:3:29 | process ... _DATA'] | -| actions.js:6:15:6:15 | e | -| actions.js:7:10:7:10 | e | -| actions.js:7:10:7:23 | e['TEST_DATA'] | -| actions.js:7:10:7:23 | e['TEST_DATA'] | -| actions.js:11:6:11:16 | process.env | -| actions.js:11:6:11:16 | process.env | +| actions.js:4:6:4:16 | process.env | +| actions.js:4:6:4:16 | process.env | +| actions.js:4:6:4:29 | process ... _DATA'] | +| actions.js:4:6:4:29 | process ... _DATA'] | +| actions.js:7:15:7:15 | e | +| actions.js:8:10:8:10 | e | +| actions.js:8:10:8:23 | e['TEST_DATA'] | +| actions.js:8:10:8:23 | e['TEST_DATA'] | +| actions.js:12:6:12:16 | process.env | +| actions.js:12:6:12:16 | process.env | +| actions.js:14:6:14:21 | getInput('data') | +| actions.js:14:6:14:21 | getInput('data') | +| actions.js:14:6:14:21 | getInput('data') | | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | @@ -222,15 +225,16 @@ nodes | command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | | command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | edges -| actions.js:3:6:3:16 | process.env | actions.js:3:6:3:29 | process ... _DATA'] | -| actions.js:3:6:3:16 | process.env | actions.js:3:6:3:29 | process ... _DATA'] | -| actions.js:3:6:3:16 | process.env | actions.js:3:6:3:29 | process ... _DATA'] | -| actions.js:3:6:3:16 | process.env | actions.js:3:6:3:29 | process ... _DATA'] | -| actions.js:6:15:6:15 | e | actions.js:7:10:7:10 | e | -| actions.js:7:10:7:10 | e | actions.js:7:10:7:23 | e['TEST_DATA'] | -| actions.js:7:10:7:10 | e | actions.js:7:10:7:23 | e['TEST_DATA'] | -| actions.js:11:6:11:16 | process.env | actions.js:6:15:6:15 | e | -| actions.js:11:6:11:16 | process.env | actions.js:6:15:6:15 | e | +| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | +| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | +| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | +| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | +| actions.js:7:15:7:15 | e | actions.js:8:10:8:10 | e | +| actions.js:8:10:8:10 | e | actions.js:8:10:8:23 | e['TEST_DATA'] | +| actions.js:8:10:8:10 | e | actions.js:8:10:8:23 | e['TEST_DATA'] | +| actions.js:12:6:12:16 | process.env | actions.js:7:15:7:15 | e | +| actions.js:12:6:12:16 | process.env | actions.js:7:15:7:15 | e | +| actions.js:14:6:14:21 | getInput('data') | actions.js:14:6:14:21 | getInput('data') | | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | | command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | | command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | @@ -419,8 +423,9 @@ edges | command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | | command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | #select -| actions.js:3:6:3:29 | process ... _DATA'] | actions.js:3:6:3:16 | process.env | actions.js:3:6:3:29 | process ... _DATA'] | This command depends on an unsanitized $@. | actions.js:3:6:3:16 | process.env | environment variable | -| actions.js:7:10:7:23 | e['TEST_DATA'] | actions.js:11:6:11:16 | process.env | actions.js:7:10:7:23 | e['TEST_DATA'] | This command depends on an unsanitized $@. | actions.js:11:6:11:16 | process.env | environment variable | +| actions.js:4:6:4:29 | process ... _DATA'] | actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | This command depends on an unsanitized $@. | actions.js:4:6:4:16 | process.env | environment variable | +| actions.js:8:10:8:23 | e['TEST_DATA'] | actions.js:12:6:12:16 | process.env | actions.js:8:10:8:23 | e['TEST_DATA'] | This command depends on an unsanitized $@. | actions.js:12:6:12:16 | process.env | environment variable | +| actions.js:14:6:14:21 | getInput('data') | actions.js:14:6:14:21 | getInput('data') | actions.js:14:6:14:21 | getInput('data') | This command depends on an unsanitized $@. | actions.js:14:6:14:21 | getInput('data') | GitHub Actions user input | | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line argument | | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line argument | | command-line-parameter-command-injection.js:11:14:11:20 | args[0] | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:11:14:11:20 | args[0] | This command depends on an unsanitized $@. | command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line argument | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/actions.js b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/actions.js index dc2238f777d..7a8f6982f17 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/actions.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/actions.js @@ -1,4 +1,5 @@ import { exec } from "@actions/exec"; +import { getInput } from "@actions/core"; exec(process.env['TEST_DATA']); // NOT OK exec(process.env['GITHUB_ACTION']); // OK @@ -9,3 +10,5 @@ function test(e) { } test(process.env); + +exec(getInput('data')); // NOT OK diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected index 181b4d91d34..d866329402a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected @@ -13,16 +13,9 @@ nodes | NoSQLCodeInjection.js:22:36:22:43 | req.body | | NoSQLCodeInjection.js:22:36:22:43 | req.body | | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | -| actions.js:5:10:5:50 | github. ... message | -| actions.js:5:10:5:50 | github. ... message | -| actions.js:5:10:5:50 | github. ... message | -| actions.js:6:10:6:33 | core.ge ... mbers') | -| actions.js:6:10:6:33 | core.ge ... mbers') | -| actions.js:6:10:6:33 | core.ge ... mbers') | -| actions.js:7:10:7:42 | core.ge ... mbers') | -| actions.js:7:10:7:42 | core.ge ... mbers') | -| actions.js:7:10:7:53 | core.ge ... n('\\n') | -| actions.js:7:10:7:53 | core.ge ... n('\\n') | +| actions.js:4:10:4:50 | github. ... message | +| actions.js:4:10:4:50 | github. ... message | +| actions.js:4:10:4:50 | github. ... message | | angularjs.js:10:22:10:36 | location.search | | angularjs.js:10:22:10:36 | location.search | | angularjs.js:10:22:10:36 | location.search | @@ -201,12 +194,7 @@ edges | NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| actions.js:5:10:5:50 | github. ... message | actions.js:5:10:5:50 | github. ... message | -| actions.js:6:10:6:33 | core.ge ... mbers') | actions.js:6:10:6:33 | core.ge ... mbers') | -| actions.js:7:10:7:42 | core.ge ... mbers') | actions.js:7:10:7:53 | core.ge ... n('\\n') | -| actions.js:7:10:7:42 | core.ge ... mbers') | actions.js:7:10:7:53 | core.ge ... n('\\n') | -| actions.js:7:10:7:42 | core.ge ... mbers') | actions.js:7:10:7:53 | core.ge ... n('\\n') | -| actions.js:7:10:7:42 | core.ge ... mbers') | actions.js:7:10:7:53 | core.ge ... n('\\n') | +| actions.js:4:10:4:50 | github. ... message | actions.js:4:10:4:50 | github. ... message | | angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | | angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | | angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | @@ -322,9 +310,7 @@ edges | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | This code execution depends on a $@. | NoSQLCodeInjection.js:18:24:18:31 | req.body | user-provided value | | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | This code execution depends on a $@. | NoSQLCodeInjection.js:19:36:19:43 | req.body | user-provided value | | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | This code execution depends on a $@. | NoSQLCodeInjection.js:22:36:22:43 | req.body | user-provided value | -| actions.js:5:10:5:50 | github. ... message | actions.js:5:10:5:50 | github. ... message | actions.js:5:10:5:50 | github. ... message | This code execution depends on a $@. | actions.js:5:10:5:50 | github. ... message | user-provided value | -| actions.js:6:10:6:33 | core.ge ... mbers') | actions.js:6:10:6:33 | core.ge ... mbers') | actions.js:6:10:6:33 | core.ge ... mbers') | This code execution depends on a $@. | actions.js:6:10:6:33 | core.ge ... mbers') | user-provided value | -| actions.js:7:10:7:53 | core.ge ... n('\\n') | actions.js:7:10:7:42 | core.ge ... mbers') | actions.js:7:10:7:53 | core.ge ... n('\\n') | This code execution depends on a $@. | actions.js:7:10:7:42 | core.ge ... mbers') | user-provided value | +| actions.js:4:10:4:50 | github. ... message | actions.js:4:10:4:50 | github. ... message | actions.js:4:10:4:50 | github. ... message | This code execution depends on a $@. | actions.js:4:10:4:50 | github. ... message | user-provided value | | angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | This code execution depends on a $@. | angularjs.js:10:22:10:36 | location.search | user-provided value | | angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | This code execution depends on a $@. | angularjs.js:13:23:13:37 | location.search | user-provided value | | angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | This code execution depends on a $@. | angularjs.js:16:28:16:42 | location.search | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected index 841b942f82a..be221820c07 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected @@ -13,16 +13,9 @@ nodes | NoSQLCodeInjection.js:22:36:22:43 | req.body | | NoSQLCodeInjection.js:22:36:22:43 | req.body | | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | -| actions.js:5:10:5:50 | github. ... message | -| actions.js:5:10:5:50 | github. ... message | -| actions.js:5:10:5:50 | github. ... message | -| actions.js:6:10:6:33 | core.ge ... mbers') | -| actions.js:6:10:6:33 | core.ge ... mbers') | -| actions.js:6:10:6:33 | core.ge ... mbers') | -| actions.js:7:10:7:42 | core.ge ... mbers') | -| actions.js:7:10:7:42 | core.ge ... mbers') | -| actions.js:7:10:7:53 | core.ge ... n('\\n') | -| actions.js:7:10:7:53 | core.ge ... n('\\n') | +| actions.js:4:10:4:50 | github. ... message | +| actions.js:4:10:4:50 | github. ... message | +| actions.js:4:10:4:50 | github. ... message | | angularjs.js:10:22:10:36 | location.search | | angularjs.js:10:22:10:36 | location.search | | angularjs.js:10:22:10:36 | location.search | @@ -205,12 +198,7 @@ edges | NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| actions.js:5:10:5:50 | github. ... message | actions.js:5:10:5:50 | github. ... message | -| actions.js:6:10:6:33 | core.ge ... mbers') | actions.js:6:10:6:33 | core.ge ... mbers') | -| actions.js:7:10:7:42 | core.ge ... mbers') | actions.js:7:10:7:53 | core.ge ... n('\\n') | -| actions.js:7:10:7:42 | core.ge ... mbers') | actions.js:7:10:7:53 | core.ge ... n('\\n') | -| actions.js:7:10:7:42 | core.ge ... mbers') | actions.js:7:10:7:53 | core.ge ... n('\\n') | -| actions.js:7:10:7:42 | core.ge ... mbers') | actions.js:7:10:7:53 | core.ge ... n('\\n') | +| actions.js:4:10:4:50 | github. ... message | actions.js:4:10:4:50 | github. ... message | | angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | | angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | | angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/actions.js b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/actions.js index ee49ec3888e..df5cd88971a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/actions.js +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/actions.js @@ -1,8 +1,5 @@ -const core = require('@actions/core'); const github = require('@actions/github'); function test() { eval(github.context.payload.commits[1].message); // NOT OK - eval(core.getInput('numbers')); // NOT OK - eval(core.getMultilineInput('numbers').join('\n')); // NOT OK } From e3fc6d67cc49ee182023e01b5d1c79f88a7f14d7 Mon Sep 17 00:00:00 2001 From: Rasmus Wriedt Larsen Date: Wed, 3 May 2023 17:31:52 +0200 Subject: [PATCH 138/870] Misc: Allow no internal CI --- .../accept-expected-changes-from-ci.py | 59 ++++++++++--------- 1 file changed, 30 insertions(+), 29 deletions(-) diff --git a/misc/scripts/accept-expected-changes-from-ci.py b/misc/scripts/accept-expected-changes-from-ci.py index 7d85c1f7a1f..3ce35d5ef56 100755 --- a/misc/scripts/accept-expected-changes-from-ci.py +++ b/misc/scripts/accept-expected-changes-from-ci.py @@ -274,38 +274,39 @@ def main(pr_number: int): for lang_test_failure in lang_test_failures: job_failure_urls.add(lang_test_failure.target_url) - assert len(job_failure_urls) == 1, f"Multiple job failure URLs: {job_failure_urls}" - job_failure_url = job_failure_urls.pop() + if job_failure_urls: + assert len(job_failure_urls) == 1, f"Multiple job failure URLs: {job_failure_urls}" + job_failure_url = job_failure_urls.pop() - # fixup URL. On the status, the target URL is the run, and it's really hard to - # change this to link to the full `/runs//jobs/` URL, since - # the `` is not available in a context: https://github.com/community/community/discussions/40291 - m = re.fullmatch(r"^https://github\.com/([^/]+/[^/]+)/actions/runs/(\d+)$", job_failure_url) - nwo = m.group(1) - run_id = m.group(2) - jobs_url = f"https://api.github.com/repos/{nwo}/actions/runs/{run_id}/jobs" - LOGGER.info(f"Fixing up target url from looking at {jobs_url}") - jobs = json.loads(subprocess.check_output(["gh", "api", "--paginate", jobs_url]).decode("utf-8")) - for lang_test_failure in lang_test_failures: - workflow_translation = { - "codeql-coding-standards Unit Tests Linux": "Start codeql-coding-standards" - } - expected_workflow_name = workflow_translation.get(lang_test_failure.context, lang_test_failure.context) + # fixup URL. On the status, the target URL is the run, and it's really hard to + # change this to link to the full `/runs//jobs/` URL, since + # the `` is not available in a context: https://github.com/community/community/discussions/40291 + m = re.fullmatch(r"^https://github\.com/([^/]+/[^/]+)/actions/runs/(\d+)$", job_failure_url) + nwo = m.group(1) + run_id = m.group(2) + jobs_url = f"https://api.github.com/repos/{nwo}/actions/runs/{run_id}/jobs" + LOGGER.info(f"Fixing up target url from looking at {jobs_url}") + jobs = json.loads(subprocess.check_output(["gh", "api", "--paginate", jobs_url]).decode("utf-8")) + for lang_test_failure in lang_test_failures: + workflow_translation = { + "codeql-coding-standards Unit Tests Linux": "Start codeql-coding-standards" + } + expected_workflow_name = workflow_translation.get(lang_test_failure.context, lang_test_failure.context) - for job in jobs["jobs"]: - api_name: str = job["name"] - if " / " not in api_name: - continue + for job in jobs["jobs"]: + api_name: str = job["name"] + if " / " not in api_name: + continue - workflow_name, job_name = api_name.split(" / ") - # The job names we're looking for looks like "Python2 Language Tests / Python2 Language Tests" or "Java Language Tests / Java Language Tests Linux" - # for "Java Integration Tests Linux / Java Integration tests Linux" we need to ignore case :| - if workflow_name == expected_workflow_name and job_name.lower().startswith(lang_test_failure.context.lower()): - lang_test_failure.job_id = job["id"] - break - else: - LOGGER.error(f"Could not find job for {lang_test_failure.context!r}") - sys.exit(1) + workflow_name, job_name = api_name.split(" / ") + # The job names we're looking for looks like "Python2 Language Tests / Python2 Language Tests" or "Java Language Tests / Java Language Tests Linux" + # for "Java Integration Tests Linux / Java Integration tests Linux" we need to ignore case :| + if workflow_name == expected_workflow_name and job_name.lower().startswith(lang_test_failure.context.lower()): + lang_test_failure.job_id = job["id"] + break + else: + LOGGER.error(f"Could not find job for {lang_test_failure.context!r}") + sys.exit(1) # Ruby/Swift/C#/Go use github actions, and not internal CI. These are not reported # from the /statuses API, but from the /check-suites API From b048f9d8c49f5883b00c3ebbb0001d78f7308c6d Mon Sep 17 00:00:00 2001 From: Rasmus Wriedt Larsen Date: Wed, 3 May 2023 17:37:39 +0200 Subject: [PATCH 139/870] Misc: Allow specifying SHA directly to script --- .../accept-expected-changes-from-ci.py | 32 +++++++++++++------ 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/misc/scripts/accept-expected-changes-from-ci.py b/misc/scripts/accept-expected-changes-from-ci.py index 3ce35d5ef56..2441f8279d2 100755 --- a/misc/scripts/accept-expected-changes-from-ci.py +++ b/misc/scripts/accept-expected-changes-from-ci.py @@ -221,11 +221,18 @@ def get_log_content(status: GithubStatus) -> str: return content -def main(pr_number: int): - LOGGER.info(f"Getting status URL for codeql PR #{pr_number}") - github_sha = subprocess.check_output( - ["gh", "api", f"repos/github/codeql/pulls/{pr_number}", "--jq", ".head.sha"] - ).decode("utf-8").strip() +def main(pr_number: Optional[int], sha_override: Optional[str] = None): + if not pr_number and not sha_override: + raise Exception("Must specify either a PR number or a SHA") + + if sha_override: + github_sha = sha_override + else: + LOGGER.info(f"Getting status URL for codeql PR #{pr_number}") + github_sha = subprocess.check_output( + ["gh", "api", f"repos/github/codeql/pulls/{pr_number}", "--jq", ".head.sha"] + ).decode("utf-8").strip() + local_sha = subprocess.check_output( ["git", "rev-parse", "HEAD"] ).decode("utf-8").strip() @@ -411,15 +418,22 @@ def main(pr_number: int): if semmle_code_changed: print("Expected output in semmle-code changed!") -def get_pr_number() -> int: + +def call_main(): + pr_number = None + override_sha = None if len(sys.argv) < 2: pr_number_response = subprocess.check_output([ "gh", "pr", "view", "--json", "number" ]).decode("utf-8") - return json.loads(pr_number_response)["number"] + pr_number = json.loads(pr_number_response)["number"] else: - return int(sys.argv[1]) + if len(sys.argv[1]) > 10: + override_sha = sys.argv[1] + else: + pr_number = int(sys.argv[1]) + main(pr_number, override_sha) if __name__ == "__main__": @@ -443,4 +457,4 @@ if __name__ == "__main__": sys.exit(1) os.chdir(CODEQL_REPO_DIR) - main(get_pr_number()) + call_main() From c9680b92022ebadd35317b90145608d31a9a0440 Mon Sep 17 00:00:00 2001 From: Rasmus Wriedt Larsen Date: Wed, 3 May 2023 17:40:21 +0200 Subject: [PATCH 140/870] Misc: Look for .expected changes from `integration-tests...` --- misc/scripts/accept-expected-changes-from-ci.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/misc/scripts/accept-expected-changes-from-ci.py b/misc/scripts/accept-expected-changes-from-ci.py index 2441f8279d2..d4d57f26726 100755 --- a/misc/scripts/accept-expected-changes-from-ci.py +++ b/misc/scripts/accept-expected-changes-from-ci.py @@ -350,6 +350,8 @@ def main(pr_number: Optional[int], sha_override: Optional[str] = None): return True if job_name.startswith("Test Linux"): return True + if job_name.startswith("integration-tests"): + return True return False if job["name"] == check_run['name'] and job["workflow_name"] in OK_WORKFLOW_NAMES and ok_job_name(job["name"]): From 14ca20e7825d2738eeae3fcd223471f179529257 Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Wed, 3 May 2023 17:43:54 +0100 Subject: [PATCH 141/870] removed redundant imports --- .../ruby/experimental/UnicodeBypassValidationQuery.qll | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll b/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll index 96dd0492e74..3b353d5b339 100644 --- a/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll +++ b/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll @@ -3,11 +3,8 @@ */ private import ruby -private import codeql.ruby.ApiGraphs -private import codeql.ruby.AST -private import codeql.ruby.Concepts -private import codeql.ruby.DataFlow private import codeql.ruby.dataflow.RemoteFlowSources +private import codeql.ruby.Concepts private import codeql.ruby.TaintTracking import UnicodeBypassValidationCustomizations::UnicodeBypassValidation From 1247403d43a91d949b2ddb83cd525983e796cd60 Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Thu, 4 May 2023 08:56:45 +0100 Subject: [PATCH 142/870] Updated expected results file --- .../cwe-176/UnicodeBypassValidation.expected | 92 +++++++++---------- 1 file changed, 46 insertions(+), 46 deletions(-) diff --git a/ruby/ql/test/query-tests/experimental/cwe-176/UnicodeBypassValidation.expected b/ruby/ql/test/query-tests/experimental/cwe-176/UnicodeBypassValidation.expected index 37f65079501..0392033c948 100644 --- a/ruby/ql/test/query-tests/experimental/cwe-176/UnicodeBypassValidation.expected +++ b/ruby/ql/test/query-tests/experimental/cwe-176/UnicodeBypassValidation.expected @@ -1,56 +1,56 @@ edges -| unicode_normalization.rb:3:5:3:17 | unicode_input : | unicode_normalization.rb:4:23:4:35 | unicode_input | -| unicode_normalization.rb:3:5:3:17 | unicode_input : | unicode_normalization.rb:5:22:5:34 | unicode_input | -| unicode_normalization.rb:3:21:3:26 | call to params : | unicode_normalization.rb:3:21:3:42 | ...[...] : | -| unicode_normalization.rb:3:21:3:42 | ...[...] : | unicode_normalization.rb:3:5:3:17 | unicode_input : | -| unicode_normalization.rb:11:5:11:17 | unicode_input : | unicode_normalization.rb:12:27:12:39 | unicode_input : | -| unicode_normalization.rb:11:5:11:17 | unicode_input : | unicode_normalization.rb:12:27:12:39 | unicode_input : | -| unicode_normalization.rb:11:21:11:26 | call to params : | unicode_normalization.rb:11:21:11:42 | ...[...] : | -| unicode_normalization.rb:11:21:11:26 | call to params : | unicode_normalization.rb:11:21:11:42 | ...[...] : | -| unicode_normalization.rb:11:21:11:42 | ...[...] : | unicode_normalization.rb:11:5:11:17 | unicode_input : | -| unicode_normalization.rb:11:21:11:42 | ...[...] : | unicode_normalization.rb:11:5:11:17 | unicode_input : | -| unicode_normalization.rb:12:5:12:23 | unicode_input_manip : | unicode_normalization.rb:13:23:13:41 | unicode_input_manip | -| unicode_normalization.rb:12:5:12:23 | unicode_input_manip : | unicode_normalization.rb:14:22:14:40 | unicode_input_manip | -| unicode_normalization.rb:12:27:12:39 | unicode_input : | unicode_normalization.rb:12:27:12:59 | call to sub : | -| unicode_normalization.rb:12:27:12:39 | unicode_input : | unicode_normalization.rb:12:27:12:59 | call to sub : | -| unicode_normalization.rb:12:27:12:59 | call to sub : | unicode_normalization.rb:12:5:12:23 | unicode_input_manip : | -| unicode_normalization.rb:20:5:20:17 | unicode_input : | unicode_normalization.rb:21:25:21:37 | unicode_input : | -| unicode_normalization.rb:20:21:20:26 | call to params : | unicode_normalization.rb:20:21:20:42 | ...[...] : | -| unicode_normalization.rb:20:21:20:42 | ...[...] : | unicode_normalization.rb:20:5:20:17 | unicode_input : | -| unicode_normalization.rb:21:5:21:21 | unicode_html_safe : | unicode_normalization.rb:22:23:22:39 | unicode_html_safe | -| unicode_normalization.rb:21:5:21:21 | unicode_html_safe : | unicode_normalization.rb:23:22:23:38 | unicode_html_safe | -| unicode_normalization.rb:21:25:21:37 | unicode_input : | unicode_normalization.rb:21:25:21:47 | call to html_safe : | -| unicode_normalization.rb:21:25:21:47 | call to html_safe : | unicode_normalization.rb:21:5:21:21 | unicode_html_safe : | +| unicode_normalization.rb:3:5:3:17 | unicode_input | unicode_normalization.rb:4:23:4:35 | unicode_input | +| unicode_normalization.rb:3:5:3:17 | unicode_input | unicode_normalization.rb:5:22:5:34 | unicode_input | +| unicode_normalization.rb:3:21:3:26 | call to params | unicode_normalization.rb:3:21:3:42 | ...[...] | +| unicode_normalization.rb:3:21:3:42 | ...[...] | unicode_normalization.rb:3:5:3:17 | unicode_input | +| unicode_normalization.rb:11:5:11:17 | unicode_input | unicode_normalization.rb:12:27:12:39 | unicode_input | +| unicode_normalization.rb:11:5:11:17 | unicode_input | unicode_normalization.rb:12:27:12:39 | unicode_input | +| unicode_normalization.rb:11:21:11:26 | call to params | unicode_normalization.rb:11:21:11:42 | ...[...] | +| unicode_normalization.rb:11:21:11:26 | call to params | unicode_normalization.rb:11:21:11:42 | ...[...] | +| unicode_normalization.rb:11:21:11:42 | ...[...] | unicode_normalization.rb:11:5:11:17 | unicode_input | +| unicode_normalization.rb:11:21:11:42 | ...[...] | unicode_normalization.rb:11:5:11:17 | unicode_input | +| unicode_normalization.rb:12:5:12:23 | unicode_input_manip | unicode_normalization.rb:13:23:13:41 | unicode_input_manip | +| unicode_normalization.rb:12:5:12:23 | unicode_input_manip | unicode_normalization.rb:14:22:14:40 | unicode_input_manip | +| unicode_normalization.rb:12:27:12:39 | unicode_input | unicode_normalization.rb:12:27:12:59 | call to sub | +| unicode_normalization.rb:12:27:12:39 | unicode_input | unicode_normalization.rb:12:27:12:59 | call to sub | +| unicode_normalization.rb:12:27:12:59 | call to sub | unicode_normalization.rb:12:5:12:23 | unicode_input_manip | +| unicode_normalization.rb:20:5:20:17 | unicode_input | unicode_normalization.rb:21:25:21:37 | unicode_input | +| unicode_normalization.rb:20:21:20:26 | call to params | unicode_normalization.rb:20:21:20:42 | ...[...] | +| unicode_normalization.rb:20:21:20:42 | ...[...] | unicode_normalization.rb:20:5:20:17 | unicode_input | +| unicode_normalization.rb:21:5:21:21 | unicode_html_safe | unicode_normalization.rb:22:23:22:39 | unicode_html_safe | +| unicode_normalization.rb:21:5:21:21 | unicode_html_safe | unicode_normalization.rb:23:22:23:38 | unicode_html_safe | +| unicode_normalization.rb:21:25:21:37 | unicode_input | unicode_normalization.rb:21:25:21:47 | call to html_safe | +| unicode_normalization.rb:21:25:21:47 | call to html_safe | unicode_normalization.rb:21:5:21:21 | unicode_html_safe | nodes -| unicode_normalization.rb:3:5:3:17 | unicode_input : | semmle.label | unicode_input : | -| unicode_normalization.rb:3:21:3:26 | call to params : | semmle.label | call to params : | -| unicode_normalization.rb:3:21:3:42 | ...[...] : | semmle.label | ...[...] : | +| unicode_normalization.rb:3:5:3:17 | unicode_input | semmle.label | unicode_input | +| unicode_normalization.rb:3:21:3:26 | call to params | semmle.label | call to params | +| unicode_normalization.rb:3:21:3:42 | ...[...] | semmle.label | ...[...] | | unicode_normalization.rb:4:23:4:35 | unicode_input | semmle.label | unicode_input | | unicode_normalization.rb:5:22:5:34 | unicode_input | semmle.label | unicode_input | -| unicode_normalization.rb:11:5:11:17 | unicode_input : | semmle.label | unicode_input : | -| unicode_normalization.rb:11:5:11:17 | unicode_input : | semmle.label | unicode_input : | -| unicode_normalization.rb:11:21:11:26 | call to params : | semmle.label | call to params : | -| unicode_normalization.rb:11:21:11:42 | ...[...] : | semmle.label | ...[...] : | -| unicode_normalization.rb:11:21:11:42 | ...[...] : | semmle.label | ...[...] : | -| unicode_normalization.rb:12:5:12:23 | unicode_input_manip : | semmle.label | unicode_input_manip : | -| unicode_normalization.rb:12:27:12:39 | unicode_input : | semmle.label | unicode_input : | -| unicode_normalization.rb:12:27:12:39 | unicode_input : | semmle.label | unicode_input : | -| unicode_normalization.rb:12:27:12:59 | call to sub : | semmle.label | call to sub : | +| unicode_normalization.rb:11:5:11:17 | unicode_input | semmle.label | unicode_input | +| unicode_normalization.rb:11:5:11:17 | unicode_input | semmle.label | unicode_input | +| unicode_normalization.rb:11:21:11:26 | call to params | semmle.label | call to params | +| unicode_normalization.rb:11:21:11:42 | ...[...] | semmle.label | ...[...] | +| unicode_normalization.rb:11:21:11:42 | ...[...] | semmle.label | ...[...] | +| unicode_normalization.rb:12:5:12:23 | unicode_input_manip | semmle.label | unicode_input_manip | +| unicode_normalization.rb:12:27:12:39 | unicode_input | semmle.label | unicode_input | +| unicode_normalization.rb:12:27:12:39 | unicode_input | semmle.label | unicode_input | +| unicode_normalization.rb:12:27:12:59 | call to sub | semmle.label | call to sub | | unicode_normalization.rb:13:23:13:41 | unicode_input_manip | semmle.label | unicode_input_manip | | unicode_normalization.rb:14:22:14:40 | unicode_input_manip | semmle.label | unicode_input_manip | -| unicode_normalization.rb:20:5:20:17 | unicode_input : | semmle.label | unicode_input : | -| unicode_normalization.rb:20:21:20:26 | call to params : | semmle.label | call to params : | -| unicode_normalization.rb:20:21:20:42 | ...[...] : | semmle.label | ...[...] : | -| unicode_normalization.rb:21:5:21:21 | unicode_html_safe : | semmle.label | unicode_html_safe : | -| unicode_normalization.rb:21:25:21:37 | unicode_input : | semmle.label | unicode_input : | -| unicode_normalization.rb:21:25:21:47 | call to html_safe : | semmle.label | call to html_safe : | +| unicode_normalization.rb:20:5:20:17 | unicode_input | semmle.label | unicode_input | +| unicode_normalization.rb:20:21:20:26 | call to params | semmle.label | call to params | +| unicode_normalization.rb:20:21:20:42 | ...[...] | semmle.label | ...[...] | +| unicode_normalization.rb:21:5:21:21 | unicode_html_safe | semmle.label | unicode_html_safe | +| unicode_normalization.rb:21:25:21:37 | unicode_input | semmle.label | unicode_input | +| unicode_normalization.rb:21:25:21:47 | call to html_safe | semmle.label | call to html_safe | | unicode_normalization.rb:22:23:22:39 | unicode_html_safe | semmle.label | unicode_html_safe | | unicode_normalization.rb:23:22:23:38 | unicode_html_safe | semmle.label | unicode_html_safe | subpaths #select -| unicode_normalization.rb:4:23:4:35 | unicode_input | unicode_normalization.rb:3:21:3:26 | call to params : | unicode_normalization.rb:4:23:4:35 | unicode_input | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:4:23:4:35 | unicode_input | Unicode transformation (Unicode normalization) | unicode_normalization.rb:3:21:3:26 | call to params | remote user-controlled data | -| unicode_normalization.rb:5:22:5:34 | unicode_input | unicode_normalization.rb:3:21:3:26 | call to params : | unicode_normalization.rb:5:22:5:34 | unicode_input | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:5:22:5:34 | unicode_input | Unicode transformation (Unicode normalization) | unicode_normalization.rb:3:21:3:26 | call to params | remote user-controlled data | -| unicode_normalization.rb:13:23:13:41 | unicode_input_manip | unicode_normalization.rb:11:21:11:26 | call to params : | unicode_normalization.rb:13:23:13:41 | unicode_input_manip | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:13:23:13:41 | unicode_input_manip | Unicode transformation (Unicode normalization) | unicode_normalization.rb:11:21:11:26 | call to params | remote user-controlled data | -| unicode_normalization.rb:14:22:14:40 | unicode_input_manip | unicode_normalization.rb:11:21:11:26 | call to params : | unicode_normalization.rb:14:22:14:40 | unicode_input_manip | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:14:22:14:40 | unicode_input_manip | Unicode transformation (Unicode normalization) | unicode_normalization.rb:11:21:11:26 | call to params | remote user-controlled data | -| unicode_normalization.rb:22:23:22:39 | unicode_html_safe | unicode_normalization.rb:20:21:20:26 | call to params : | unicode_normalization.rb:22:23:22:39 | unicode_html_safe | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:22:23:22:39 | unicode_html_safe | Unicode transformation (Unicode normalization) | unicode_normalization.rb:20:21:20:26 | call to params | remote user-controlled data | -| unicode_normalization.rb:23:22:23:38 | unicode_html_safe | unicode_normalization.rb:20:21:20:26 | call to params : | unicode_normalization.rb:23:22:23:38 | unicode_html_safe | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:23:22:23:38 | unicode_html_safe | Unicode transformation (Unicode normalization) | unicode_normalization.rb:20:21:20:26 | call to params | remote user-controlled data | +| unicode_normalization.rb:4:23:4:35 | unicode_input | unicode_normalization.rb:3:21:3:26 | call to params | unicode_normalization.rb:4:23:4:35 | unicode_input | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:4:23:4:35 | unicode_input | Unicode transformation (Unicode normalization) | unicode_normalization.rb:3:21:3:26 | call to params | remote user-controlled data | +| unicode_normalization.rb:5:22:5:34 | unicode_input | unicode_normalization.rb:3:21:3:26 | call to params | unicode_normalization.rb:5:22:5:34 | unicode_input | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:5:22:5:34 | unicode_input | Unicode transformation (Unicode normalization) | unicode_normalization.rb:3:21:3:26 | call to params | remote user-controlled data | +| unicode_normalization.rb:13:23:13:41 | unicode_input_manip | unicode_normalization.rb:11:21:11:26 | call to params | unicode_normalization.rb:13:23:13:41 | unicode_input_manip | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:13:23:13:41 | unicode_input_manip | Unicode transformation (Unicode normalization) | unicode_normalization.rb:11:21:11:26 | call to params | remote user-controlled data | +| unicode_normalization.rb:14:22:14:40 | unicode_input_manip | unicode_normalization.rb:11:21:11:26 | call to params | unicode_normalization.rb:14:22:14:40 | unicode_input_manip | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:14:22:14:40 | unicode_input_manip | Unicode transformation (Unicode normalization) | unicode_normalization.rb:11:21:11:26 | call to params | remote user-controlled data | +| unicode_normalization.rb:22:23:22:39 | unicode_html_safe | unicode_normalization.rb:20:21:20:26 | call to params | unicode_normalization.rb:22:23:22:39 | unicode_html_safe | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:22:23:22:39 | unicode_html_safe | Unicode transformation (Unicode normalization) | unicode_normalization.rb:20:21:20:26 | call to params | remote user-controlled data | +| unicode_normalization.rb:23:22:23:38 | unicode_html_safe | unicode_normalization.rb:20:21:20:26 | call to params | unicode_normalization.rb:23:22:23:38 | unicode_html_safe | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:23:22:23:38 | unicode_html_safe | Unicode transformation (Unicode normalization) | unicode_normalization.rb:20:21:20:26 | call to params | remote user-controlled data | From b8c96ed5a59dca0febdaefc38e548c1219a86778 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 3 May 2023 13:24:36 +0100 Subject: [PATCH 143/870] Swift: Delete some TODO comments (that have been turned into issues). --- .../lib/codeql/swift/elements/decl/PrecedenceGroupDecl.qll | 2 +- .../ql/lib/codeql/swift/elements/expr/TupleElementExpr.qll | 2 +- .../codeql/swift/frameworks/StandardLibrary/FilePath.qll | 1 - .../lib/codeql/swift/frameworks/StandardLibrary/NsUrl.qll | 1 - .../lib/codeql/swift/frameworks/StandardLibrary/WebView.qll | 1 - .../security/CleartextStoragePreferencesExtensions.qll | 6 ++++-- .../lib/codeql/swift/security/PathInjectionExtensions.qll | 1 - 7 files changed, 6 insertions(+), 8 deletions(-) diff --git a/swift/ql/lib/codeql/swift/elements/decl/PrecedenceGroupDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/PrecedenceGroupDecl.qll index a3dfce6c510..c1589aeaf4e 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/PrecedenceGroupDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/PrecedenceGroupDecl.qll @@ -2,6 +2,6 @@ private import codeql.swift.generated.decl.PrecedenceGroupDecl class PrecedenceGroupDecl extends Generated::PrecedenceGroupDecl { override string toString() { - result = "precedencegroup ..." // TODO: Once we extract the name we can improve this. + result = "precedencegroup ..." } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/TupleElementExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/TupleElementExpr.qll index cb6dbc5d7c4..ae9a19f231a 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/TupleElementExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/TupleElementExpr.qll @@ -2,6 +2,6 @@ private import codeql.swift.generated.expr.TupleElementExpr class TupleElementExpr extends Generated::TupleElementExpr { override string toString() { - result = "." + this.getIndex() // TODO: Can be improved once we extract the name + result = "." + this.getIndex() } } diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll index 1b3f934395b..f0b14a4832a 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll @@ -15,7 +15,6 @@ class FilePath extends StructDecl { */ private class FilePathSummaries extends SummaryModelCsv { override predicate row(string row) { - // TODO: Properly model this class row = ";FilePath;true;init(stringLiteral:);(String);;Argument[0];ReturnValue;taint" } } diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsUrl.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsUrl.qll index e6d9194edea..019bc30cdf3 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsUrl.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsUrl.qll @@ -10,7 +10,6 @@ private import codeql.swift.dataflow.ExternalFlow */ private class NsUrlSummaries extends SummaryModelCsv { override predicate row(string row) { - // TODO: Properly model this class row = ";NSURL;true;init(string:);(String);;Argument[0];ReturnValue;taint" } } diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/WebView.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/WebView.qll index 0d017309cf9..829d70873d2 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/WebView.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/WebView.qll @@ -138,7 +138,6 @@ private class JsValueSummaries extends SummaryModelCsv { ";JSValue;true;toRange();;;Argument[-1];ReturnValue;taint", ";JSValue;true;toRect();;;Argument[-1];ReturnValue;taint", ";JSValue;true;toSize();;;Argument[-1];ReturnValue;taint", - // TODO: These models could use content flow to be more precise ";JSValue;true;atIndex(_:);;;Argument[-1];ReturnValue;taint", ";JSValue;true;defineProperty(_:descriptor:);;;Argument[1];Argument[-1];taint", ";JSValue;true;forProperty(_:);;;Argument[-1];ReturnValue;taint", diff --git a/swift/ql/lib/codeql/swift/security/CleartextStoragePreferencesExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextStoragePreferencesExtensions.qll index 16ed0266c6a..06687c37f02 100644 --- a/swift/ql/lib/codeql/swift/security/CleartextStoragePreferencesExtensions.qll +++ b/swift/ql/lib/codeql/swift/security/CleartextStoragePreferencesExtensions.qll @@ -63,10 +63,12 @@ private class NSUbiquitousKeyValueStore extends CleartextStoragePreferencesSink * A more complicated case, this is a macOS-only way of writing to * NSUserDefaults by modifying the `NSUserDefaultsController.values: Any` * object via reflection (`perform(Selector)`) or the `NSKeyValueCoding`, - * `NSKeyValueBindingCreation` APIs. (TODO) + * `NSKeyValueBindingCreation` APIs. */ private class NSUserDefaultsControllerStore extends CleartextStoragePreferencesSink { - NSUserDefaultsControllerStore() { none() } + NSUserDefaultsControllerStore() { + none() // not yet implemented + } override string getStoreName() { result = "the user defaults database" } } diff --git a/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll b/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll index 0b7962c05c1..41a9dd4b723 100644 --- a/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll +++ b/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll @@ -39,7 +39,6 @@ private class DefaultPathInjectionSink extends PathInjectionSink { private class DefaultPathInjectionSanitizer extends PathInjectionSanitizer { DefaultPathInjectionSanitizer() { // This is a simplified implementation. - // TODO: Implement a complete path sanitizer when Guards are available. exists(CallExpr starts, CallExpr normalize, DataFlow::Node validated | starts.getStaticTarget().getName() = "starts(with:)" and starts.getStaticTarget().getEnclosingDecl() instanceof FilePath and From 9317174742cecc7cafd9dca357dd3a540862097c Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 4 May 2023 12:09:29 +0100 Subject: [PATCH 144/870] Swift: Improve the LibXML2 tests for XXE and remove the TODO comment. --- .../Security/CWE-611/testLibxmlXXE.swift | 150 +++++++++++++----- 1 file changed, 112 insertions(+), 38 deletions(-) diff --git a/swift/ql/test/query-tests/Security/CWE-611/testLibxmlXXE.swift b/swift/ql/test/query-tests/Security/CWE-611/testLibxmlXXE.swift index 034929ae73d..9fe0001ca94 100644 --- a/swift/ql/test/query-tests/Security/CWE-611/testLibxmlXXE.swift +++ b/swift/ql/test/query-tests/Security/CWE-611/testLibxmlXXE.swift @@ -1,18 +1,52 @@ // --- stubs --- +class NSObject { +} + class Data { init(_ elements: S) {} - func copyBytes(to: UnsafeMutablePointer, count: Int) {} } struct URL { init?(string: String) {} + + func appendingPathComponent(_ pathComponent: String) -> URL { return self } } -extension String { - init(contentsOf: URL) { - let data = "" - self.init(data) +class FileManager : NSObject { + class var `default`: FileManager { get { return FileManager() } } + + var homeDirectoryForCurrentUser: URL { get { return URL(string: "")! } } +} + +class Bundle : NSObject { + class var main: Bundle { get { return Bundle() } } + + func path(forResource name: String?, ofType ext: String?) -> String? { return "" } +} + +struct FilePath { + init?(_ url: URL) { } + init(_ string: String) { } +} + +struct FileDescriptor { + let rawValue: CInt + + struct AccessMode : RawRepresentable { + var rawValue: CInt + + static let readOnly = AccessMode(rawValue: 0) + } + + static func open( + _ path: FilePath, + _ mode: FileDescriptor.AccessMode, + options: Int? = nil, + permissions: Int? = nil, + retryOnInterrupt: Bool = true + ) throws -> FileDescriptor { + return FileDescriptor(rawValue: 0) } } @@ -46,53 +80,93 @@ func xmlParseInNodeContext(_ node: xmlNodePtr!, _ data: UnsafePointer!, _ func xmlCtxtReadMemory(_ ctxt: xmlParserCtxtPtr!, _ buffer: UnsafePointer!, _ size: Int32, _ URL: UnsafePointer!, _ encoding: UnsafePointer!, _ options: Int32) -> xmlDocPtr! { return xmlDocPtr.allocate(capacity: 0) } func xmlCtxtReadFd(_ ctxt: xmlParserCtxtPtr!, _ fd: Int32, _ URL: UnsafePointer!, _ encoding: UnsafePointer!, _ options: Int32) -> xmlDocPtr! { return xmlDocPtr.allocate(capacity: 0) } func xmlCtxtReadIO(_ ctxt: xmlParserCtxtPtr!, _ ioread: xmlInputReadCallback!, _ ioclose: xmlInputCloseCallback!, _ ioctx: UnsafeMutableRawPointer!, _ URL: UnsafePointer!, _ encoding: UnsafePointer!, _ options: Int32) -> xmlDocPtr! { return xmlDocPtr.allocate(capacity: 0) } +func xmlParseChunk(_ ctxt: xmlParserCtxtPtr!, _ chunk: UnsafePointer?, _ size: Int32, _ terminate: Int32) -> Int32 { return 0 } // --- tests --- func sourcePtr() -> UnsafeMutablePointer { return UnsafeMutablePointer.allocate(capacity: 0) } func sourceCharPtr() -> UnsafeMutablePointer { return UnsafeMutablePointer.allocate(capacity: 0) } +func getACtxt() -> xmlParserCtxtPtr { + return 0 as! xmlParserCtxtPtr +} + func test() { let remotePtr = sourcePtr() let remoteCharPtr = sourceCharPtr() + let safeCharPtr = UnsafeMutablePointer.allocate(capacity: 1024) + safeCharPtr.initialize(repeating: 0, count: 1024) + let _ = xmlReadFile(remoteCharPtr, nil, 0) // NO XXE: external entities not enabled - let _ = xmlReadFile(remoteCharPtr, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ hasXXE=57 - let _ = xmlReadFile(remoteCharPtr, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ hasXXE=57 - let _ = xmlReadFile(remoteCharPtr, nil, Int32(XML_PARSE_NOENT.rawValue | XML_PARSE_DTDLOAD.rawValue)) // $ hasXXE=57 - let _ = xmlReadFile(remoteCharPtr, nil, Int32(XML_PARSE_NOENT.rawValue | 0)) // $ hasXXE=57 + let _ = xmlReadFile(remoteCharPtr, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ hasXXE=96 + let _ = xmlReadFile(remoteCharPtr, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ hasXXE=96 + let _ = xmlReadFile(remoteCharPtr, nil, Int32(XML_PARSE_NOENT.rawValue | XML_PARSE_DTDLOAD.rawValue)) // $ hasXXE=96 + let _ = xmlReadFile(remoteCharPtr, nil, Int32(XML_PARSE_NOENT.rawValue | 0)) // $ hasXXE=96 let _ = xmlReadDoc(remotePtr, nil, nil, 0) // NO XXE: external entities not enabled - let _ = xmlReadDoc(remotePtr, nil, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ hasXXE=56 - let _ = xmlReadDoc(remotePtr, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ hasXXE=56 + let _ = xmlReadDoc(remotePtr, nil, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ hasXXE=95 + let _ = xmlReadDoc(remotePtr, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ hasXXE=95 let _ = xmlCtxtReadFile(nil, remoteCharPtr, nil, 0) // NO XXE: external entities not enabled - let _ = xmlCtxtReadFile(nil, remoteCharPtr, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ hasXXE=57 - let _ = xmlCtxtReadFile(nil, remoteCharPtr, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ hasXXE=57 + let _ = xmlCtxtReadFile(nil, remoteCharPtr, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ hasXXE=96 + let _ = xmlCtxtReadFile(nil, remoteCharPtr, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ hasXXE=96 let _ = xmlParseInNodeContext(nil, remoteCharPtr, -1, 0, nil) // NO XXE: external entities not enabled - let _ = xmlParseInNodeContext(nil, remoteCharPtr, -1, Int32(XML_PARSE_DTDLOAD.rawValue), nil) // $ hasXXE=57 - let _ = xmlParseInNodeContext(nil, remoteCharPtr, -1, Int32(XML_PARSE_NOENT.rawValue), nil) // $ hasXXE=57 + let _ = xmlParseInNodeContext(nil, remoteCharPtr, -1, Int32(XML_PARSE_DTDLOAD.rawValue), nil) // $ hasXXE=96 + let _ = xmlParseInNodeContext(nil, remoteCharPtr, -1, Int32(XML_PARSE_NOENT.rawValue), nil) // $ hasXXE=96 let _ = xmlCtxtReadDoc(nil, remotePtr, nil, nil, 0) // NO XXE: external entities not enabled - let _ = xmlCtxtReadDoc(nil, remotePtr, nil, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ hasXXE=56 - let _ = xmlCtxtReadDoc(nil, remotePtr, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ hasXXE=56 + let _ = xmlCtxtReadDoc(nil, remotePtr, nil, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ hasXXE=95 + let _ = xmlCtxtReadDoc(nil, remotePtr, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ hasXXE=95 let _ = xmlReadMemory(remoteCharPtr, -1, nil, nil, 0) // NO XXE: external entities not enabled - let _ = xmlReadMemory(remoteCharPtr, -1, nil, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ hasXXE=57 - let _ = xmlReadMemory(remoteCharPtr, -1, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ hasXXE=57 + let _ = xmlReadMemory(remoteCharPtr, -1, nil, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ hasXXE=96 + let _ = xmlReadMemory(remoteCharPtr, -1, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ hasXXE=96 let _ = xmlCtxtReadMemory(nil, remoteCharPtr, -1, nil, nil, 0) // NO XXE: external entities not enabled - let _ = xmlCtxtReadMemory(nil, remoteCharPtr, -1, nil, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ hasXXE=57 - let _ = xmlCtxtReadMemory(nil, remoteCharPtr, -1, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ hasXXE=57 - // TODO: We would need to model taint around `xmlParserCtxtPtr`, file descriptors, and `xmlInputReadCallback` - // to be able to alert on these methods. Not doing it for now because of the effort required vs the expected gain. - let _ = xmlCtxtUseOptions(nil, 0) - let _ = xmlCtxtUseOptions(nil, Int32(XML_PARSE_NOENT.rawValue)) - let _ = xmlCtxtUseOptions(nil, Int32(XML_PARSE_DTDLOAD.rawValue)) - let _ = xmlReadFd(0, nil, nil, 0) - let _ = xmlReadFd(0, nil, nil, Int32(XML_PARSE_NOENT.rawValue)) - let _ = xmlReadFd(0, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) - let _ = xmlCtxtReadFd(nil, 0, nil, nil, 0) - let _ = xmlCtxtReadFd(nil, 0, nil, nil, Int32(XML_PARSE_NOENT.rawValue)) - let _ = xmlCtxtReadFd(nil, 0, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) - let _ = xmlReadIO(nil, nil, nil, nil, nil, 0) - let _ = xmlReadIO(nil, nil, nil, nil, nil, Int32(XML_PARSE_NOENT.rawValue)) - let _ = xmlReadIO(nil, nil, nil, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) - let _ = xmlCtxtReadIO(nil, nil, nil, nil, nil, nil, 0) - let _ = xmlCtxtReadIO(nil, nil, nil, nil, nil, nil, Int32(XML_PARSE_NOENT.rawValue)) - let _ = xmlCtxtReadIO(nil, nil, nil, nil, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) + let _ = xmlCtxtReadMemory(nil, remoteCharPtr, -1, nil, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ hasXXE=96 + let _ = xmlCtxtReadMemory(nil, remoteCharPtr, -1, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ hasXXE=96 + + let ctxt1 = getACtxt() + if (xmlCtxtUseOptions(ctxt1, 0) == 0) { // NO XXE: external entities not enabled + let _ = xmlParseChunk(ctxt1, remoteCharPtr, 1024, 0) + } + + let ctxt2 = getACtxt() + if (xmlCtxtUseOptions(ctxt2, Int32(XML_PARSE_NOENT.rawValue)) == 0) { // $ MISSING: hasXXE=96 + let _ = xmlParseChunk(ctxt2, remoteCharPtr, 1024, 0) + } + + let ctxt3 = getACtxt() + if (xmlCtxtUseOptions(ctxt3, Int32(XML_PARSE_DTDLOAD.rawValue)) == 0) { // $ MISSING: hasXXE=96 + let _ = xmlParseChunk(ctxt3, remoteCharPtr, 1024, 0) + } + + let ctxt4 = getACtxt() + if (xmlCtxtUseOptions(ctxt4, Int32(XML_PARSE_DTDLOAD.rawValue)) == 0) { // $ NO XXE: the input chunk isn't tainted + let _ = xmlParseChunk(ctxt4, safeCharPtr, 1024, 0) + } + + let remotePath = FileManager.default.homeDirectoryForCurrentUser.appendingPathComponent("shared.xml") + let safePath = Bundle.main.path(forResource: "my", ofType: "xml") + let remoteFd = try! FileDescriptor.open(FilePath(remotePath)!, FileDescriptor.AccessMode.readOnly) + let safeFd = try! FileDescriptor.open(FilePath(safePath!), FileDescriptor.AccessMode.readOnly) + + let _ = xmlReadFd(remoteFd.rawValue, nil, nil, 0) // NO XXE: external entities not enabled + let _ = xmlReadFd(remoteFd.rawValue, nil, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ MISSING: hasXXE=146 + let _ = xmlReadFd(remoteFd.rawValue, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ MISSING: hasXXE=146 + let _ = xmlReadFd(safeFd.rawValue, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // NO XXE: the input file is trusted + + let ctxt5 = getACtxt() + let _ = xmlCtxtReadFd(ctxt5, remoteFd.rawValue, nil, nil, 0) // NO XXE: external entities not enabled + let _ = xmlCtxtReadFd(ctxt5, remoteFd.rawValue, nil, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ MISSING: hasXXE=146 + let _ = xmlCtxtReadFd(ctxt5, remoteFd.rawValue, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ MISSING: hasXXE=146 + let _ = xmlCtxtReadFd(ctxt5, safeFd.rawValue, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // NO XXE: the input file is trusted + + let ctxt6 = getACtxt() + if (xmlCtxtUseOptions(ctxt6, Int32(XML_PARSE_NOENT.rawValue)) == 0) { // $ MISSING: hasXXE=146 + let _ = xmlCtxtReadFd(ctxt6, remoteFd.rawValue, nil, nil, 0) + } + + let _ = xmlReadIO(nil, nil, nil, nil, nil, 0) // NO XXE: external entities not enabled + let _ = xmlReadIO(nil, nil, nil, nil, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ MISSING: hasXXE=? + let _ = xmlReadIO(nil, nil, nil, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ MISSING: hasXXE=? + + let _ = xmlCtxtReadIO(nil, nil, nil, nil, nil, nil, 0) // NO XXE: external entities not enabled + let _ = xmlCtxtReadIO(nil, nil, nil, nil, nil, nil, Int32(XML_PARSE_NOENT.rawValue)) // $ MISSING: hasXXE=? + let _ = xmlCtxtReadIO(nil, nil, nil, nil, nil, nil, Int32(XML_PARSE_DTDLOAD.rawValue)) // $ MISSING: hasXXE=? } From 597b92cd16f719791fed348c4f9d2a82ae2c8cf8 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 4 May 2023 12:41:49 +0100 Subject: [PATCH 145/870] Swift: Autoformat. --- .../ql/lib/codeql/swift/elements/decl/PrecedenceGroupDecl.qll | 4 +--- swift/ql/lib/codeql/swift/elements/expr/TupleElementExpr.qll | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/swift/ql/lib/codeql/swift/elements/decl/PrecedenceGroupDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/PrecedenceGroupDecl.qll index c1589aeaf4e..3125054ea8b 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/PrecedenceGroupDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/PrecedenceGroupDecl.qll @@ -1,7 +1,5 @@ private import codeql.swift.generated.decl.PrecedenceGroupDecl class PrecedenceGroupDecl extends Generated::PrecedenceGroupDecl { - override string toString() { - result = "precedencegroup ..." - } + override string toString() { result = "precedencegroup ..." } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/TupleElementExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/TupleElementExpr.qll index ae9a19f231a..d2dd365234a 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/TupleElementExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/TupleElementExpr.qll @@ -1,7 +1,5 @@ private import codeql.swift.generated.expr.TupleElementExpr class TupleElementExpr extends Generated::TupleElementExpr { - override string toString() { - result = "." + this.getIndex() - } + override string toString() { result = "." + this.getIndex() } } From 36aabc077e5a0ab7e72b9f82f414ed30c2f00c73 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Thu, 4 May 2023 16:50:37 +0200 Subject: [PATCH 146/870] Update java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com> --- .../ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll index 2290e86cec4..a96b60d5cc1 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll @@ -190,8 +190,7 @@ private class UnexploitableExistsCharacteristic extends CharacteristicsImpl::Not exists(Callable callable | callable = getCallable(e) and ( - callable.getName().toLowerCase() = "exists" or - callable.getName().toLowerCase() = "notexists" + callable.getName().toLowerCase() = ["exists", "notexists"] ) and callable.getReturnType() instanceof BooleanType ) From a616a786f0406888c18bd00de486f8b91e0d0f68 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Thu, 4 May 2023 17:27:27 +0200 Subject: [PATCH 147/870] formatting --- .../src/Telemetry/AutomodelFrameworkModeCharacteristics.qll | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll index a96b60d5cc1..1c58fca1dd9 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll @@ -189,9 +189,7 @@ private class UnexploitableExistsCharacteristic extends CharacteristicsImpl::Not not FrameworkCandidatesImpl::isSink(e, _) and exists(Callable callable | callable = getCallable(e) and - ( - callable.getName().toLowerCase() = ["exists", "notexists"] - ) and + callable.getName().toLowerCase() = ["exists", "notexists"] and callable.getReturnType() instanceof BooleanType ) } From 0e5591ff862392717988e14f32884e5df377fb7b Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Thu, 4 May 2023 17:35:46 +0200 Subject: [PATCH 148/870] move getCallable to signature module implementation, and document it --- .../AutomodelFrameworkModeCharacteristics.qll | 32 ++++++++++++------- 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll index 1c58fca1dd9..da360091124 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll @@ -17,8 +17,6 @@ private import semmle.code.java.dataflow.internal.ModelExclusions as ModelExclus import AutomodelSharedCharacteristics as SharedCharacteristics import AutomodelEndpointTypes as AutomodelEndpointTypes -Callable getCallable(DataFlow::ParameterNode e) { result = e.getEnclosingCallable() } - /** * A meta data extractor. Any Java extraction mode needs to implement exactly * one instance of this class. @@ -94,10 +92,10 @@ module FrameworkCandidatesImpl implements SharedCharacteristics::CandidateSig { Endpoint e, string package, string type, boolean subtypes, string name, string signature, string ext, string input ) { - package = getCallable(e).getDeclaringType().getPackage().toString() and - type = getCallable(e).getDeclaringType().getName() and + package = FrameworkCandidatesImpl::getCallable(e).getDeclaringType().getPackage().toString() and + type = FrameworkCandidatesImpl::getCallable(e).getDeclaringType().getName() and subtypes = false and - name = getCallable(e).getName() and + name = FrameworkCandidatesImpl::getCallable(e).getName() and signature = ExternalFlow::paramsString(getCallable(e)) and ext = "" and exists(int paramIdx | e.isParameterOf(_, paramIdx) | input = "Argument[" + paramIdx + "]") @@ -105,11 +103,18 @@ module FrameworkCandidatesImpl implements SharedCharacteristics::CandidateSig { RelatedLocation getRelatedLocation(Endpoint e, string name) { name = "Callable-JavaDoc" and - result = getCallable(e).(Documentable).getJavadoc() + result = FrameworkCandidatesImpl::getCallable(e).(Documentable).getJavadoc() or name = "Class-JavaDoc" and - result = getCallable(e).getDeclaringType().(Documentable).getJavadoc() + result = FrameworkCandidatesImpl::getCallable(e).getDeclaringType().(Documentable).getJavadoc() } + + /** + * Returns the callable that contains the given endpoint. + * + * Each Java mode should implement this predicate. + */ + additional Callable getCallable(Endpoint e) { result = e.getEnclosingCallable() } } module CharacteristicsImpl = SharedCharacteristics::SharedCharacteristics; @@ -169,8 +174,8 @@ private class UnexploitableIsCharacteristic extends CharacteristicsImpl::NotASin override predicate appliesToEndpoint(Endpoint e) { not FrameworkCandidatesImpl::isSink(e, _) and - getCallable(e).getName().matches("is%") and - getCallable(e).getReturnType() instanceof BooleanType + FrameworkCandidatesImpl::getCallable(e).getName().matches("is%") and + FrameworkCandidatesImpl::getCallable(e).getReturnType() instanceof BooleanType } } @@ -188,7 +193,7 @@ private class UnexploitableExistsCharacteristic extends CharacteristicsImpl::Not override predicate appliesToEndpoint(Endpoint e) { not FrameworkCandidatesImpl::isSink(e, _) and exists(Callable callable | - callable = getCallable(e) and + callable = FrameworkCandidatesImpl::getCallable(e) and callable.getName().toLowerCase() = ["exists", "notexists"] and callable.getReturnType() instanceof BooleanType ) @@ -202,7 +207,8 @@ private class ExceptionCharacteristic extends CharacteristicsImpl::NotASinkChara ExceptionCharacteristic() { this = "exception" } override predicate appliesToEndpoint(Endpoint e) { - getCallable(e).getDeclaringType().getASupertype*() instanceof TypeThrowable + FrameworkCandidatesImpl::getCallable(e).getDeclaringType().getASupertype*() instanceof + TypeThrowable } } @@ -243,7 +249,9 @@ private class NonPublicMethodCharacteristic extends CharacteristicsImpl::Uninter { NonPublicMethodCharacteristic() { this = "non-public method" } - override predicate appliesToEndpoint(Endpoint e) { not getCallable(e).isPublic() } + override predicate appliesToEndpoint(Endpoint e) { + not FrameworkCandidatesImpl::getCallable(e).isPublic() + } } /** From 27703c777a0b79b7868e25a15928abe31e056d52 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Thu, 4 May 2023 17:45:17 +0200 Subject: [PATCH 149/870] pull subtypes-logic out into helper predicate, and document it --- .../AutomodelFrameworkModeCharacteristics.qll | 27 ++++++++++++------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll index da360091124..e7a38aa59eb 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll @@ -133,6 +133,23 @@ class Endpoint = FrameworkCandidatesImpl::Endpoint; class FrameworkModeMetadataExtractor extends MetadataExtractor { FrameworkModeMetadataExtractor() { this = "FrameworkModeMetadataExtractor" } + /** + * By convention, the subtypes property of the MaD declaration should only be + * true when there _can_ exist any subtypes with a different implementation. + * + * It would technically be ok to always use the value 'true', but this would + * break convention. + */ + boolean considerSubtypes(Callable callable) { + if + callable.isStatic() or + callable.getDeclaringType().isStatic() or + callable.isFinal() or + callable.getDeclaringType().isFinal() + then result = false + else result = true + } + override predicate hasMetadata( Endpoint e, string package, string type, boolean subtypes, string name, string signature, int input @@ -141,15 +158,7 @@ class FrameworkModeMetadataExtractor extends MetadataExtractor { e.asParameter() = callable.getParameter(input) and package = callable.getDeclaringType().getPackage().getName() and type = callable.getDeclaringType().getErasure().(RefType).nestedName() and - ( - if - callable.isStatic() or - callable.getDeclaringType().isStatic() or - callable.isFinal() or - callable.getDeclaringType().isFinal() - then subtypes = true - else subtypes = false - ) and + subtypes = considerSubtypes(callable) and name = e.toString() and signature = ExternalFlow::paramsString(callable) ) From 62ab91c14a3b6a2172367ea0c721480ead867672 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Thu, 4 May 2023 17:48:50 +0200 Subject: [PATCH 150/870] fix ql-for-ql warning --- java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll index 2cbb346005c..84d8f7c9638 100644 --- a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll @@ -137,8 +137,8 @@ module SharedCharacteristics { */ abstract class EndpointCharacteristic extends string { /** - * The name of the characteristic. This should describe some property of an - * endpoint that is meaningful for determining whether it's a sink, and if so, of which sink type. + * Holds for the string that is the name of the characteristic. This should describe some property of an endpoint + * that is meaningful for determining whether it's a sink, and if so, of which sink type. */ bindingset[this] EndpointCharacteristic() { any() } From 0984fc7ccebea532f64afb06ecb6d306e0e4e6af Mon Sep 17 00:00:00 2001 From: Chuan-kai Lin Date: Thu, 4 May 2023 13:17:51 -0700 Subject: [PATCH 151/870] JS: Add pragma[only_bind_out] to Locatable::toString() calls --- javascript/ql/lib/semmle/javascript/CFG.qll | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/CFG.qll b/javascript/ql/lib/semmle/javascript/CFG.qll index d0897f18948..81bbef4c6d2 100644 --- a/javascript/ql/lib/semmle/javascript/CFG.qll +++ b/javascript/ql/lib/semmle/javascript/CFG.qll @@ -364,7 +364,9 @@ class SyntheticControlFlowNode extends @synthetic_cfg_node, ControlFlowNode { class ControlFlowEntryNode extends SyntheticControlFlowNode, @entry_node { override predicate isUnreachable() { none() } - override string toString() { result = "entry node of " + this.getContainer().toString() } + override string toString() { + result = "entry node of " + pragma[only_bind_out](this.getContainer()).toString() + } } /** A synthetic CFG node marking the exit of a function or toplevel script. */ @@ -373,7 +375,9 @@ class ControlFlowExitNode extends SyntheticControlFlowNode, @exit_node { exit_cfg_node(this, container) } - override string toString() { result = "exit node of " + this.getContainer().toString() } + override string toString() { + result = "exit node of " + pragma[only_bind_out](this.getContainer()).toString() + } } /** From 3abf5d1bd25c44593b2fd1119faf6c2918d81a55 Mon Sep 17 00:00:00 2001 From: Robert Marsh Date: Thu, 4 May 2023 16:28:05 -0400 Subject: [PATCH 152/870] C++: stitch paths in array off-by-one query --- .../CWE/CWE-193/ConstantSizeArrayOffByOne.ql | 41 ++++++--- .../ConstantSizeArrayOffByOne.expected | 87 ++++++++++++++++--- 2 files changed, 104 insertions(+), 24 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql index bc68a7f14d5..af41bb7222a 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql @@ -14,7 +14,7 @@ import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.RangeAnalysi import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticExprSpecific import semmle.code.cpp.ir.IR import semmle.code.cpp.ir.dataflow.DataFlow -import PointerArithmeticToDerefFlow::PathGraph +import StitchedPathGraph pragma[nomagic] Instruction getABoundIn(SemBound b, IRFunction func) { @@ -93,11 +93,11 @@ predicate isInvalidPointerDerefSink2(DataFlow::Node sink, Instruction i, string ) } -predicate isConstantSizeOverflowSource(Field f, PointerAddInstruction pai, int delta) { - exists(int size, int bound, DataFlow::Node source, DataFlow::InstructionNode sink | - FieldAddressToPointerArithmeticFlow::flow(source, sink) and - isFieldAddressSource(f, source) and - pai.getLeft() = sink.asInstruction() and +predicate isConstantSizeOverflowSource(Field f, FieldAddressToPointerArithmeticFlow::PathNode fieldSource, PointerAddInstruction pai, int delta) { + exists(int size, int bound, FieldAddressToPointerArithmeticFlow::PathNode sink | + FieldAddressToPointerArithmeticFlow::flowPath(fieldSource, sink) and + isFieldAddressSource(f, fieldSource.getNode()) and + pai.getLeft() = sink.getNode().(DataFlow::InstructionNode).asInstruction() and f.getUnspecifiedType().(ArrayType).getArraySize() = size and semBounded(getSemanticExpr(pai.getRight()), any(SemZeroBound b), bound, true, _) and delta = bound - size and @@ -109,22 +109,39 @@ predicate isConstantSizeOverflowSource(Field f, PointerAddInstruction pai, int d module PointerArithmeticToDerefConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - isConstantSizeOverflowSource(_, source.asInstruction(), _) + isConstantSizeOverflowSource(_, _, source.asInstruction(), _) } pragma[inline] predicate isSink(DataFlow::Node sink) { isInvalidPointerDerefSink1(sink, _, _) } } +module MergedPathGraph = DataFlow::MergePathGraph; +class PathNode = MergedPathGraph::PathNode; +module StitchedPathGraph implements DataFlow::PathGraphSig{ + query predicate edges(PathNode a, PathNode b) { + MergedPathGraph::PathGraph::edges(a, b) + or + a.asPathNode2().getNode().(DataFlow::InstructionNode).asInstruction() = b.asPathNode1().getNode().(DataFlow::InstructionNode).asInstruction().(PointerAddInstruction).getLeft() + } + + query predicate nodes(PathNode n, string key, string val) { + MergedPathGraph::PathGraph::nodes(n, key, val) + } + + query predicate subpaths(PathNode arg, PathNode par, PathNode ret, PathNode out) { + MergedPathGraph::PathGraph::subpaths(arg, par, ret, out) + } +} module PointerArithmeticToDerefFlow = DataFlow::Global; from - Field f, PointerArithmeticToDerefFlow::PathNode source, - PointerArithmeticToDerefFlow::PathNode sink, Instruction deref, string operation, int delta + Field f, PathNode fieldSource, PathNode paiNode, + PathNode sink, Instruction deref, string operation, int delta where - PointerArithmeticToDerefFlow::flowPath(source, sink) and + PointerArithmeticToDerefFlow::flowPath(paiNode.asPathNode1(), sink.asPathNode1()) and isInvalidPointerDerefSink2(sink.getNode(), deref, operation) and - isConstantSizeOverflowSource(f, source.getNode().asInstruction(), delta) -select source, source, sink, + isConstantSizeOverflowSource(f, fieldSource.asPathNode2(), paiNode.getNode().asInstruction(), delta) +select paiNode, fieldSource, sink, "This pointer arithmetic may have an off-by-" + (delta + 1) + " error allowing it to overrun $@ at this $@.", f, f.getName(), deref, operation diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected index e201ef15af9..777fa1d5564 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected @@ -1,37 +1,100 @@ edges +| test.cpp:26:10:26:12 | buf | test.cpp:26:5:26:12 | buf | +| test.cpp:30:10:30:12 | buf | test.cpp:30:5:30:12 | buf | +| test.cpp:34:10:34:12 | buf | test.cpp:34:5:34:12 | buf | +| test.cpp:35:5:35:12 | buf | test.cpp:35:5:35:22 | access to array | +| test.cpp:35:10:35:12 | buf | test.cpp:35:5:35:12 | buf | +| test.cpp:36:5:36:12 | buf | test.cpp:36:5:36:24 | access to array | +| test.cpp:36:10:36:12 | buf | test.cpp:36:5:36:12 | buf | +| test.cpp:39:14:39:16 | buf | test.cpp:39:9:39:16 | buf | +| test.cpp:43:9:43:16 | buf | test.cpp:43:9:43:19 | access to array | +| test.cpp:43:14:43:16 | buf | test.cpp:43:9:43:16 | buf | +| test.cpp:48:10:48:12 | buf | test.cpp:48:5:48:12 | buf | +| test.cpp:49:5:49:12 | buf | test.cpp:49:5:49:22 | access to array | +| test.cpp:49:10:49:12 | buf | test.cpp:49:5:49:12 | buf | +| test.cpp:50:5:50:12 | buf | test.cpp:50:5:50:24 | access to array | +| test.cpp:50:10:50:12 | buf | test.cpp:50:5:50:12 | buf | +| test.cpp:53:14:53:16 | buf | test.cpp:53:9:53:16 | buf | +| test.cpp:57:9:57:16 | buf | test.cpp:57:9:57:19 | access to array | +| test.cpp:57:14:57:16 | buf | test.cpp:57:9:57:16 | buf | +| test.cpp:61:9:61:16 | buf | test.cpp:61:9:61:19 | access to array | +| test.cpp:61:14:61:16 | buf | test.cpp:61:9:61:16 | buf | | test.cpp:66:32:66:32 | p | test.cpp:66:32:66:32 | p | | test.cpp:66:32:66:32 | p | test.cpp:67:5:67:6 | * ... | | test.cpp:66:32:66:32 | p | test.cpp:67:6:67:6 | p | +| test.cpp:70:33:70:33 | p | test.cpp:71:5:71:5 | p | +| test.cpp:70:33:70:33 | p | test.cpp:72:5:72:5 | p | +| test.cpp:72:5:72:5 | p | test.cpp:72:5:72:15 | access to array | +| test.cpp:76:32:76:34 | buf | test.cpp:76:27:76:34 | buf | | test.cpp:77:26:77:44 | & ... | test.cpp:66:32:66:32 | p | | test.cpp:77:26:77:44 | & ... | test.cpp:66:32:66:32 | p | +| test.cpp:77:27:77:34 | buf | test.cpp:77:27:77:44 | access to array | | test.cpp:77:27:77:44 | access to array | test.cpp:77:26:77:44 | & ... | +| test.cpp:77:32:77:34 | buf | test.cpp:77:27:77:34 | buf | +| test.cpp:79:27:79:34 | buf | test.cpp:70:33:70:33 | p | +| test.cpp:79:32:79:34 | buf | test.cpp:79:27:79:34 | buf | nodes +| test.cpp:26:5:26:12 | buf | semmle.label | buf | +| test.cpp:26:10:26:12 | buf | semmle.label | buf | +| test.cpp:30:5:30:12 | buf | semmle.label | buf | +| test.cpp:30:10:30:12 | buf | semmle.label | buf | +| test.cpp:34:5:34:12 | buf | semmle.label | buf | +| test.cpp:34:10:34:12 | buf | semmle.label | buf | +| test.cpp:35:5:35:12 | buf | semmle.label | buf | | test.cpp:35:5:35:22 | access to array | semmle.label | access to array | +| test.cpp:35:10:35:12 | buf | semmle.label | buf | +| test.cpp:36:5:36:12 | buf | semmle.label | buf | | test.cpp:36:5:36:24 | access to array | semmle.label | access to array | +| test.cpp:36:10:36:12 | buf | semmle.label | buf | +| test.cpp:39:9:39:16 | buf | semmle.label | buf | +| test.cpp:39:14:39:16 | buf | semmle.label | buf | +| test.cpp:43:9:43:16 | buf | semmle.label | buf | | test.cpp:43:9:43:19 | access to array | semmle.label | access to array | +| test.cpp:43:14:43:16 | buf | semmle.label | buf | +| test.cpp:48:5:48:12 | buf | semmle.label | buf | +| test.cpp:48:10:48:12 | buf | semmle.label | buf | +| test.cpp:49:5:49:12 | buf | semmle.label | buf | | test.cpp:49:5:49:22 | access to array | semmle.label | access to array | +| test.cpp:49:10:49:12 | buf | semmle.label | buf | +| test.cpp:50:5:50:12 | buf | semmle.label | buf | | test.cpp:50:5:50:24 | access to array | semmle.label | access to array | +| test.cpp:50:10:50:12 | buf | semmle.label | buf | +| test.cpp:53:9:53:16 | buf | semmle.label | buf | +| test.cpp:53:14:53:16 | buf | semmle.label | buf | +| test.cpp:57:9:57:16 | buf | semmle.label | buf | | test.cpp:57:9:57:19 | access to array | semmle.label | access to array | +| test.cpp:57:14:57:16 | buf | semmle.label | buf | +| test.cpp:61:9:61:16 | buf | semmle.label | buf | | test.cpp:61:9:61:19 | access to array | semmle.label | access to array | +| test.cpp:61:14:61:16 | buf | semmle.label | buf | | test.cpp:66:32:66:32 | p | semmle.label | p | | test.cpp:66:32:66:32 | p | semmle.label | p | | test.cpp:66:32:66:32 | p | semmle.label | p | | test.cpp:67:5:67:6 | * ... | semmle.label | * ... | | test.cpp:67:6:67:6 | p | semmle.label | p | +| test.cpp:70:33:70:33 | p | semmle.label | p | +| test.cpp:71:5:71:5 | p | semmle.label | p | +| test.cpp:72:5:72:5 | p | semmle.label | p | | test.cpp:72:5:72:15 | access to array | semmle.label | access to array | +| test.cpp:76:27:76:34 | buf | semmle.label | buf | +| test.cpp:76:32:76:34 | buf | semmle.label | buf | | test.cpp:77:26:77:44 | & ... | semmle.label | & ... | +| test.cpp:77:27:77:34 | buf | semmle.label | buf | | test.cpp:77:27:77:44 | access to array | semmle.label | access to array | +| test.cpp:77:32:77:34 | buf | semmle.label | buf | +| test.cpp:79:27:79:34 | buf | semmle.label | buf | +| test.cpp:79:32:79:34 | buf | semmle.label | buf | subpaths #select -| test.cpp:35:5:35:22 | access to array | test.cpp:35:5:35:22 | access to array | test.cpp:35:5:35:22 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:35:5:35:26 | Store: ... = ... | write | -| test.cpp:36:5:36:24 | access to array | test.cpp:36:5:36:24 | access to array | test.cpp:36:5:36:24 | access to array | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:36:5:36:28 | Store: ... = ... | write | -| test.cpp:43:9:43:19 | access to array | test.cpp:43:9:43:19 | access to array | test.cpp:43:9:43:19 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:43:9:43:23 | Store: ... = ... | write | -| test.cpp:49:5:49:22 | access to array | test.cpp:49:5:49:22 | access to array | test.cpp:49:5:49:22 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:49:5:49:26 | Store: ... = ... | write | -| test.cpp:50:5:50:24 | access to array | test.cpp:50:5:50:24 | access to array | test.cpp:50:5:50:24 | access to array | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:50:5:50:28 | Store: ... = ... | write | -| test.cpp:57:9:57:19 | access to array | test.cpp:57:9:57:19 | access to array | test.cpp:57:9:57:19 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:57:9:57:23 | Store: ... = ... | write | -| test.cpp:61:9:61:19 | access to array | test.cpp:61:9:61:19 | access to array | test.cpp:61:9:61:19 | access to array | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:61:9:61:23 | Store: ... = ... | write | -| test.cpp:72:5:72:15 | access to array | test.cpp:72:5:72:15 | access to array | test.cpp:72:5:72:15 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:72:5:72:19 | Store: ... = ... | write | -| test.cpp:77:27:77:44 | access to array | test.cpp:77:27:77:44 | access to array | test.cpp:66:32:66:32 | p | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | -| test.cpp:77:27:77:44 | access to array | test.cpp:77:27:77:44 | access to array | test.cpp:66:32:66:32 | p | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | -| test.cpp:77:27:77:44 | access to array | test.cpp:77:27:77:44 | access to array | test.cpp:67:5:67:6 | * ... | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | -| test.cpp:77:27:77:44 | access to array | test.cpp:77:27:77:44 | access to array | test.cpp:67:6:67:6 | p | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | +| test.cpp:35:5:35:22 | access to array | test.cpp:35:10:35:12 | buf | test.cpp:35:5:35:22 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:35:5:35:26 | Store: ... = ... | write | +| test.cpp:36:5:36:24 | access to array | test.cpp:36:10:36:12 | buf | test.cpp:36:5:36:24 | access to array | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:36:5:36:28 | Store: ... = ... | write | +| test.cpp:43:9:43:19 | access to array | test.cpp:43:14:43:16 | buf | test.cpp:43:9:43:19 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:43:9:43:23 | Store: ... = ... | write | +| test.cpp:49:5:49:22 | access to array | test.cpp:49:10:49:12 | buf | test.cpp:49:5:49:22 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:49:5:49:26 | Store: ... = ... | write | +| test.cpp:50:5:50:24 | access to array | test.cpp:50:10:50:12 | buf | test.cpp:50:5:50:24 | access to array | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:50:5:50:28 | Store: ... = ... | write | +| test.cpp:57:9:57:19 | access to array | test.cpp:57:14:57:16 | buf | test.cpp:57:9:57:19 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:57:9:57:23 | Store: ... = ... | write | +| test.cpp:61:9:61:19 | access to array | test.cpp:61:14:61:16 | buf | test.cpp:61:9:61:19 | access to array | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:61:9:61:23 | Store: ... = ... | write | +| test.cpp:72:5:72:15 | access to array | test.cpp:79:32:79:34 | buf | test.cpp:72:5:72:15 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:72:5:72:19 | Store: ... = ... | write | +| test.cpp:77:27:77:44 | access to array | test.cpp:77:32:77:34 | buf | test.cpp:66:32:66:32 | p | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | +| test.cpp:77:27:77:44 | access to array | test.cpp:77:32:77:34 | buf | test.cpp:66:32:66:32 | p | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | +| test.cpp:77:27:77:44 | access to array | test.cpp:77:32:77:34 | buf | test.cpp:67:5:67:6 | * ... | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | +| test.cpp:77:27:77:44 | access to array | test.cpp:77:32:77:34 | buf | test.cpp:67:6:67:6 | p | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | From d9665e16784b8d147b60646b2bec1bc4de5a6b72 Mon Sep 17 00:00:00 2001 From: Robert Marsh Date: Thu, 4 May 2023 16:34:29 -0400 Subject: [PATCH 153/870] C++: add case test for constant off-by-one query --- .../constant-size/ConstantSizeArrayOffByOne.expected | 11 +++++++++++ .../Security/CWE/CWE-193/constant-size/test.cpp | 9 +++++++++ 2 files changed, 20 insertions(+) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected index 777fa1d5564..294ddb0e46d 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected @@ -33,6 +33,10 @@ edges | test.cpp:77:32:77:34 | buf | test.cpp:77:27:77:34 | buf | | test.cpp:79:27:79:34 | buf | test.cpp:70:33:70:33 | p | | test.cpp:79:32:79:34 | buf | test.cpp:79:27:79:34 | buf | +| test.cpp:85:34:85:36 | buf | test.cpp:87:5:87:11 | charBuf | +| test.cpp:85:34:85:36 | buf | test.cpp:88:5:88:11 | charBuf | +| test.cpp:87:5:87:11 | charBuf | test.cpp:87:5:87:31 | access to array | +| test.cpp:88:5:88:11 | charBuf | test.cpp:88:5:88:27 | access to array | nodes | test.cpp:26:5:26:12 | buf | semmle.label | buf | | test.cpp:26:10:26:12 | buf | semmle.label | buf | @@ -84,6 +88,11 @@ nodes | test.cpp:77:32:77:34 | buf | semmle.label | buf | | test.cpp:79:27:79:34 | buf | semmle.label | buf | | test.cpp:79:32:79:34 | buf | semmle.label | buf | +| test.cpp:85:34:85:36 | buf | semmle.label | buf | +| test.cpp:87:5:87:11 | charBuf | semmle.label | charBuf | +| test.cpp:87:5:87:31 | access to array | semmle.label | access to array | +| test.cpp:88:5:88:11 | charBuf | semmle.label | charBuf | +| test.cpp:88:5:88:27 | access to array | semmle.label | access to array | subpaths #select | test.cpp:35:5:35:22 | access to array | test.cpp:35:10:35:12 | buf | test.cpp:35:5:35:22 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:35:5:35:26 | Store: ... = ... | write | @@ -98,3 +107,5 @@ subpaths | test.cpp:77:27:77:44 | access to array | test.cpp:77:32:77:34 | buf | test.cpp:66:32:66:32 | p | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | | test.cpp:77:27:77:44 | access to array | test.cpp:77:32:77:34 | buf | test.cpp:67:5:67:6 | * ... | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | | test.cpp:77:27:77:44 | access to array | test.cpp:77:32:77:34 | buf | test.cpp:67:6:67:6 | p | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | +| test.cpp:87:5:87:31 | access to array | test.cpp:85:34:85:36 | buf | test.cpp:87:5:87:31 | access to array | This pointer arithmetic may have an off-by-3072 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:87:5:87:35 | Store: ... = ... | write | +| test.cpp:88:5:88:27 | access to array | test.cpp:85:34:85:36 | buf | test.cpp:88:5:88:27 | access to array | This pointer arithmetic may have an off-by-3073 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:88:5:88:31 | Store: ... = ... | write | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/test.cpp index df4cd7b4491..c2ca2401127 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/test.cpp @@ -78,3 +78,12 @@ void testInterproc(BigArray *arr) { addToPointerAndAssign(arr->buf); } + +#define MAX_SIZE_BYTES 4096 + +void testCharIndex(BigArray *arr) { + char *charBuf = (char*) arr->buf; + + charBuf[MAX_SIZE_BYTES - 1] = 0; // GOOD [FALSE POSITIVE] + charBuf[MAX_SIZE_BYTES] = 0; // BAD +} \ No newline at end of file From b7653ec92ddd617bf8745643cb7e6d32cd27a1aa Mon Sep 17 00:00:00 2001 From: Robert Marsh Date: Thu, 4 May 2023 16:39:02 -0400 Subject: [PATCH 154/870] C++: ignore cast arrays in constant off-by-one query --- .../Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql | 1 + .../constant-size/ConstantSizeArrayOffByOne.expected | 6 ------ .../query-tests/Security/CWE/CWE-193/constant-size/test.cpp | 4 ++-- 3 files changed, 3 insertions(+), 8 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql index af41bb7222a..ce604510d70 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql @@ -98,6 +98,7 @@ predicate isConstantSizeOverflowSource(Field f, FieldAddressToPointerArithmeticF FieldAddressToPointerArithmeticFlow::flowPath(fieldSource, sink) and isFieldAddressSource(f, fieldSource.getNode()) and pai.getLeft() = sink.getNode().(DataFlow::InstructionNode).asInstruction() and + pai.getElementSize() = f.getUnspecifiedType().(ArrayType).getBaseType().getSize() and f.getUnspecifiedType().(ArrayType).getArraySize() = size and semBounded(getSemanticExpr(pai.getRight()), any(SemZeroBound b), bound, true, _) and delta = bound - size and diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected index 294ddb0e46d..0b688810262 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected @@ -35,8 +35,6 @@ edges | test.cpp:79:32:79:34 | buf | test.cpp:79:27:79:34 | buf | | test.cpp:85:34:85:36 | buf | test.cpp:87:5:87:11 | charBuf | | test.cpp:85:34:85:36 | buf | test.cpp:88:5:88:11 | charBuf | -| test.cpp:87:5:87:11 | charBuf | test.cpp:87:5:87:31 | access to array | -| test.cpp:88:5:88:11 | charBuf | test.cpp:88:5:88:27 | access to array | nodes | test.cpp:26:5:26:12 | buf | semmle.label | buf | | test.cpp:26:10:26:12 | buf | semmle.label | buf | @@ -90,9 +88,7 @@ nodes | test.cpp:79:32:79:34 | buf | semmle.label | buf | | test.cpp:85:34:85:36 | buf | semmle.label | buf | | test.cpp:87:5:87:11 | charBuf | semmle.label | charBuf | -| test.cpp:87:5:87:31 | access to array | semmle.label | access to array | | test.cpp:88:5:88:11 | charBuf | semmle.label | charBuf | -| test.cpp:88:5:88:27 | access to array | semmle.label | access to array | subpaths #select | test.cpp:35:5:35:22 | access to array | test.cpp:35:10:35:12 | buf | test.cpp:35:5:35:22 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:35:5:35:26 | Store: ... = ... | write | @@ -107,5 +103,3 @@ subpaths | test.cpp:77:27:77:44 | access to array | test.cpp:77:32:77:34 | buf | test.cpp:66:32:66:32 | p | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | | test.cpp:77:27:77:44 | access to array | test.cpp:77:32:77:34 | buf | test.cpp:67:5:67:6 | * ... | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | | test.cpp:77:27:77:44 | access to array | test.cpp:77:32:77:34 | buf | test.cpp:67:6:67:6 | p | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | -| test.cpp:87:5:87:31 | access to array | test.cpp:85:34:85:36 | buf | test.cpp:87:5:87:31 | access to array | This pointer arithmetic may have an off-by-3072 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:87:5:87:35 | Store: ... = ... | write | -| test.cpp:88:5:88:27 | access to array | test.cpp:85:34:85:36 | buf | test.cpp:88:5:88:27 | access to array | This pointer arithmetic may have an off-by-3073 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:88:5:88:31 | Store: ... = ... | write | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/test.cpp index c2ca2401127..5749331b7d5 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/test.cpp @@ -84,6 +84,6 @@ void testInterproc(BigArray *arr) { void testCharIndex(BigArray *arr) { char *charBuf = (char*) arr->buf; - charBuf[MAX_SIZE_BYTES - 1] = 0; // GOOD [FALSE POSITIVE] - charBuf[MAX_SIZE_BYTES] = 0; // BAD + charBuf[MAX_SIZE_BYTES - 1] = 0; // GOOD + charBuf[MAX_SIZE_BYTES] = 0; // BAD [FALSE NEGATIVE] } \ No newline at end of file From 9203efbdc4215f3a675a5b83501490e709ce416d Mon Sep 17 00:00:00 2001 From: Harry Maclean Date: Thu, 4 May 2023 06:56:52 +0000 Subject: [PATCH 155/870] Shared: Share autobuilder code between Ruby and QL --- ql/extractor/src/autobuilder.rs | 47 +++------- ruby/extractor/src/autobuilder.rs | 45 +++------- .../tree-sitter-extractor/src/autobuilder.rs | 90 +++++++++++++++++++ shared/tree-sitter-extractor/src/lib.rs | 1 + 4 files changed, 112 insertions(+), 71 deletions(-) create mode 100644 shared/tree-sitter-extractor/src/autobuilder.rs diff --git a/ql/extractor/src/autobuilder.rs b/ql/extractor/src/autobuilder.rs index a17a4916239..ce58a217d8c 100644 --- a/ql/extractor/src/autobuilder.rs +++ b/ql/extractor/src/autobuilder.rs @@ -1,48 +1,21 @@ -use clap::Args; use std::env; use std::path::PathBuf; -use std::process::Command; + +use clap::Args; + +use codeql_extractor::autobuilder; #[derive(Args)] // The autobuilder takes no command-line options, but this may change in the future. pub struct Options {} pub fn run(_: Options) -> std::io::Result<()> { - let dist = env::var("CODEQL_DIST").expect("CODEQL_DIST not set"); - let db = env::var("CODEQL_EXTRACTOR_QL_WIP_DATABASE") + let database = env::var("CODEQL_EXTRACTOR_QL_WIP_DATABASE") .expect("CODEQL_EXTRACTOR_QL_WIP_DATABASE not set"); - let codeql = if env::consts::OS == "windows" { - "codeql.exe" - } else { - "codeql" - }; - let codeql: PathBuf = [&dist, codeql].iter().collect(); - let mut cmd = Command::new(codeql); - cmd.arg("database") - .arg("index-files") - .arg("--include-extension=.ql") - .arg("--include-extension=.qll") - .arg("--include-extension=.dbscheme") - .arg("--include-extension=.json") - .arg("--include-extension=.jsonc") - .arg("--include-extension=.jsonl") - .arg("--include=**/qlpack.yml") - .arg("--include=deprecated.blame") - .arg("--size-limit=10m") - .arg("--language=ql") - .arg("--working-dir=.") - .arg(db); - for line in env::var("LGTM_INDEX_FILTERS") - .unwrap_or_default() - .split('\n') - { - if let Some(stripped) = line.strip_prefix("include:") { - cmd.arg("--also-match=".to_owned() + stripped); - } else if let Some(stripped) = line.strip_prefix("exclude:") { - cmd.arg("--exclude=".to_owned() + stripped); - } - } - let exit = &cmd.spawn()?.wait()?; - std::process::exit(exit.code().unwrap_or(1)) + autobuilder::Autobuilder::new("ql", PathBuf::from(database)) + .include_extensions(&[".ql", ".qll", ".dbscheme", ".json", ".jsonc", ".jsonl"]) + .include_globs(&["**/qlpack.yml", "deprecated.blame"]) + .size_limit("10m") + .run() } diff --git a/ruby/extractor/src/autobuilder.rs b/ruby/extractor/src/autobuilder.rs index 48db694df99..7b6e148eb79 100644 --- a/ruby/extractor/src/autobuilder.rs +++ b/ruby/extractor/src/autobuilder.rs @@ -1,45 +1,22 @@ -use clap::Args; use std::env; use std::path::PathBuf; -use std::process::Command; + +use clap::Args; + +use codeql_extractor::autobuilder; #[derive(Args)] // The autobuilder takes no command-line options, but this may change in the future. pub struct Options {} pub fn run(_: Options) -> std::io::Result<()> { - let dist = env::var("CODEQL_DIST").expect("CODEQL_DIST not set"); - let db = env::var("CODEQL_EXTRACTOR_RUBY_WIP_DATABASE") + let database = env::var("CODEQL_EXTRACTOR_RUBY_WIP_DATABASE") .expect("CODEQL_EXTRACTOR_RUBY_WIP_DATABASE not set"); - let codeql = if env::consts::OS == "windows" { - "codeql.exe" - } else { - "codeql" - }; - let codeql: PathBuf = [&dist, codeql].iter().collect(); - let mut cmd = Command::new(codeql); - cmd.arg("database") - .arg("index-files") - .arg("--include-extension=.rb") - .arg("--include-extension=.erb") - .arg("--include-extension=.gemspec") - .arg("--include=**/Gemfile") - .arg("--exclude=**/.git") - .arg("--size-limit=5m") - .arg("--language=ruby") - .arg("--working-dir=.") - .arg(db); - for line in env::var("LGTM_INDEX_FILTERS") - .unwrap_or_default() - .split('\n') - { - if let Some(stripped) = line.strip_prefix("include:") { - cmd.arg("--also-match=".to_owned() + stripped); - } else if let Some(stripped) = line.strip_prefix("exclude:") { - cmd.arg("--exclude=".to_owned() + stripped); - } - } - let exit = &cmd.spawn()?.wait()?; - std::process::exit(exit.code().unwrap_or(1)) + autobuilder::Autobuilder::new("ruby", PathBuf::from(database)) + .include_extensions(&[".rb", ".erb", ".gemspec"]) + .include_globs(&["**/Gemfile"]) + .exclude_globs(&["**/.git"]) + .size_limit("5m") + .run() } diff --git a/shared/tree-sitter-extractor/src/autobuilder.rs b/shared/tree-sitter-extractor/src/autobuilder.rs new file mode 100644 index 00000000000..a6d4a6852e2 --- /dev/null +++ b/shared/tree-sitter-extractor/src/autobuilder.rs @@ -0,0 +1,90 @@ +use std::env; +use std::path::PathBuf; +use std::process::Command; + +pub struct Autobuilder { + include_extensions: Vec, + include_globs: Vec, + exclude_globs: Vec, + language: String, + database: PathBuf, + size_limit: Option, +} + +impl Autobuilder { + pub fn new(language: &str, database: PathBuf) -> Self { + Self { + language: language.to_string(), + database: database, + include_extensions: vec![], + include_globs: vec![], + exclude_globs: vec![], + size_limit: None, + } + } + + pub fn include_extensions(&mut self, exts: &[&str]) -> &mut Self { + self.include_extensions = exts.into_iter().map(|s| String::from(*s)).collect(); + self + } + + pub fn include_globs(&mut self, globs: &[&str]) -> &mut Self { + self.include_globs = globs.into_iter().map(|s| String::from(*s)).collect(); + self + } + + pub fn exclude_globs(&mut self, globs: &[&str]) -> &mut Self { + self.exclude_globs = globs.into_iter().map(|s| String::from(*s)).collect(); + self + } + + pub fn size_limit(&mut self, limit: &str) -> &mut Self { + self.size_limit = Some(limit.to_string()); + self + } + + pub fn run(&self) -> std::io::Result<()> { + let dist = env::var("CODEQL_DIST").expect("CODEQL_DIST not set"); + let codeql = if env::consts::OS == "windows" { + "codeql.exe" + } else { + "codeql" + }; + let codeql: PathBuf = [&dist, codeql].iter().collect(); + let mut cmd = Command::new(codeql); + cmd.arg("database").arg("index-files"); + + for ext in &self.include_extensions { + cmd.arg(format!("--include-extension={}", ext)); + } + + for glob in &self.include_globs { + cmd.arg(format!("--include={}", glob)); + } + + for glob in &self.exclude_globs { + cmd.arg(format!("--exclude={}", glob)); + } + + if let Some(limit) = &self.size_limit { + cmd.arg(format!("--size-limit={}", limit)); + } + + cmd.arg(format!("--language={}", &self.language)); + cmd.arg("--working-dir=."); + cmd.arg(&self.database); + + for line in env::var("LGTM_INDEX_FILTERS") + .unwrap_or_default() + .split('\n') + { + if let Some(stripped) = line.strip_prefix("include:") { + cmd.arg("--also-match=".to_owned() + stripped); + } else if let Some(stripped) = line.strip_prefix("exclude:") { + cmd.arg("--exclude=".to_owned() + stripped); + } + } + let exit = &cmd.spawn()?.wait()?; + std::process::exit(exit.code().unwrap_or(1)) + } +} diff --git a/shared/tree-sitter-extractor/src/lib.rs b/shared/tree-sitter-extractor/src/lib.rs index eb175417993..b83c4951b73 100644 --- a/shared/tree-sitter-extractor/src/lib.rs +++ b/shared/tree-sitter-extractor/src/lib.rs @@ -1,3 +1,4 @@ +pub mod autobuilder; pub mod diagnostics; pub mod extractor; pub mod file_paths; From c0b3a1896b9cbd52fe87a791afaaf4b9e3010baf Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 5 May 2023 12:16:52 +0100 Subject: [PATCH 156/870] C++: No phi self-edges. --- .../cpp/ir/dataflow/internal/SsaInternals.qll | 1 + .../dataflow-ir-consistency.expected | 19 ------------------- .../fields/dataflow-ir-consistency.expected | 16 ---------------- 3 files changed, 1 insertion(+), 35 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll index a1cfa44bb8e..71bf6aab3bc 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll @@ -742,6 +742,7 @@ predicate fromPhiNode(SsaPhiNode nodeFrom, Node nodeTo) { fromPhiNodeToUse(phi, sv, bb1, i1, use) or exists(PhiNode phiTo | + phi != phiTo and lastRefRedefExt(phi, _, _, phiTo) and nodeTo.(SsaPhiNode).getPhiNode() = phiTo ) diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected index 5a2e6ee9050..526361e6b0d 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected @@ -181,10 +181,6 @@ identityLocalStep | test.cpp:13:10:13:11 | t2 | Node steps to itself | | test.cpp:15:8:15:9 | t2 | Node steps to itself | | test.cpp:21:8:21:9 | t1 | Node steps to itself | -| test.cpp:23:19:23:19 | Phi | Node steps to itself | -| test.cpp:23:19:23:19 | Phi | Node steps to itself | -| test.cpp:23:19:23:19 | Phi | Node steps to itself | -| test.cpp:23:19:23:19 | Phi | Node steps to itself | | test.cpp:23:19:23:19 | i | Node steps to itself | | test.cpp:23:23:23:24 | t1 | Node steps to itself | | test.cpp:23:27:23:27 | i | Node steps to itself | @@ -351,9 +347,6 @@ identityLocalStep | test.cpp:489:20:489:20 | s | Node steps to itself | | test.cpp:489:20:489:20 | s indirection | Node steps to itself | | test.cpp:490:9:490:17 | p_content | Node steps to itself | -| test.cpp:497:10:497:16 | Phi | Node steps to itself | -| test.cpp:497:10:497:16 | Phi | Node steps to itself | -| test.cpp:497:10:497:16 | Phi | Node steps to itself | | test.cpp:498:9:498:14 | clean1 | Node steps to itself | | test.cpp:500:10:500:10 | x | Node steps to itself | | test.cpp:513:8:513:8 | x | Node steps to itself | @@ -384,46 +377,34 @@ identityLocalStep | test.cpp:673:9:673:16 | ptr_to_s | Node steps to itself | | test.cpp:679:9:679:16 | ptr_to_s | Node steps to itself | | test.cpp:687:9:687:16 | ptr_to_s | Node steps to itself | -| true_upon_entry.cpp:10:19:10:19 | Phi | Node steps to itself | | true_upon_entry.cpp:10:19:10:19 | i | Node steps to itself | | true_upon_entry.cpp:10:27:10:27 | i | Node steps to itself | | true_upon_entry.cpp:13:8:13:8 | x | Node steps to itself | -| true_upon_entry.cpp:18:19:18:19 | Phi | Node steps to itself | -| true_upon_entry.cpp:18:19:18:19 | Phi | Node steps to itself | -| true_upon_entry.cpp:18:19:18:19 | Phi | Node steps to itself | | true_upon_entry.cpp:18:19:18:19 | i | Node steps to itself | | true_upon_entry.cpp:18:23:18:32 | iterations | Node steps to itself | | true_upon_entry.cpp:18:35:18:35 | i | Node steps to itself | | true_upon_entry.cpp:21:8:21:8 | x | Node steps to itself | -| true_upon_entry.cpp:26:19:26:19 | Phi | Node steps to itself | | true_upon_entry.cpp:26:19:26:19 | i | Node steps to itself | | true_upon_entry.cpp:26:27:26:27 | i | Node steps to itself | | true_upon_entry.cpp:29:8:29:8 | x | Node steps to itself | -| true_upon_entry.cpp:34:19:34:19 | Phi | Node steps to itself | | true_upon_entry.cpp:34:19:34:19 | i | Node steps to itself | | true_upon_entry.cpp:34:27:34:27 | i | Node steps to itself | | true_upon_entry.cpp:39:8:39:8 | x | Node steps to itself | -| true_upon_entry.cpp:44:19:44:19 | Phi | Node steps to itself | | true_upon_entry.cpp:44:19:44:19 | i | Node steps to itself | | true_upon_entry.cpp:44:27:44:27 | i | Node steps to itself | | true_upon_entry.cpp:49:8:49:8 | x | Node steps to itself | -| true_upon_entry.cpp:55:19:55:19 | Phi | Node steps to itself | | true_upon_entry.cpp:55:19:55:19 | i | Node steps to itself | | true_upon_entry.cpp:55:38:55:38 | i | Node steps to itself | | true_upon_entry.cpp:57:8:57:8 | x | Node steps to itself | -| true_upon_entry.cpp:63:19:63:19 | Phi | Node steps to itself | | true_upon_entry.cpp:63:19:63:19 | i | Node steps to itself | | true_upon_entry.cpp:63:38:63:38 | i | Node steps to itself | | true_upon_entry.cpp:66:8:66:8 | x | Node steps to itself | -| true_upon_entry.cpp:76:19:76:19 | Phi | Node steps to itself | | true_upon_entry.cpp:76:19:76:19 | i | Node steps to itself | | true_upon_entry.cpp:76:38:76:38 | i | Node steps to itself | | true_upon_entry.cpp:78:8:78:8 | x | Node steps to itself | -| true_upon_entry.cpp:84:24:84:24 | Phi | Node steps to itself | | true_upon_entry.cpp:84:30:84:30 | i | Node steps to itself | | true_upon_entry.cpp:84:38:84:38 | i | Node steps to itself | | true_upon_entry.cpp:86:8:86:8 | x | Node steps to itself | -| true_upon_entry.cpp:91:24:91:24 | Phi | Node steps to itself | | true_upon_entry.cpp:91:30:91:30 | i | Node steps to itself | | true_upon_entry.cpp:91:38:91:38 | i | Node steps to itself | | true_upon_entry.cpp:93:8:93:8 | x | Node steps to itself | diff --git a/cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected b/cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected index 29bb90d455c..06ad45a17b7 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected +++ b/cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected @@ -137,7 +137,6 @@ identityLocalStep | A.cpp:165:10:165:11 | l3 | Node steps to itself | | A.cpp:166:10:166:11 | l3 | Node steps to itself | | A.cpp:167:22:167:23 | l3 | Node steps to itself | -| A.cpp:167:26:167:26 | Phi | Node steps to itself | | A.cpp:167:26:167:26 | l | Node steps to itself | | A.cpp:167:44:167:44 | l | Node steps to itself | | A.cpp:167:44:167:44 | l indirection | Node steps to itself | @@ -361,30 +360,15 @@ identityLocalStep | realistic.cpp:27:12:27:12 | m | Node steps to itself | | realistic.cpp:32:13:32:13 | d | Node steps to itself | | realistic.cpp:32:17:32:19 | num | Node steps to itself | -| realistic.cpp:33:11:33:11 | Phi | Node steps to itself | -| realistic.cpp:33:11:33:11 | Phi | Node steps to itself | -| realistic.cpp:33:11:33:11 | Phi | Node steps to itself | -| realistic.cpp:33:11:33:11 | Phi | Node steps to itself | -| realistic.cpp:33:11:33:11 | Phi | Node steps to itself | | realistic.cpp:33:11:33:11 | d | Node steps to itself | | realistic.cpp:33:16:33:16 | e | Node steps to itself | | realistic.cpp:36:12:36:22 | destination | Node steps to itself | | realistic.cpp:42:20:42:20 | o | Node steps to itself | | realistic.cpp:42:20:42:20 | o indirection | Node steps to itself | | realistic.cpp:42:20:42:20 | o indirection | Node steps to itself | -| realistic.cpp:48:21:48:21 | Phi | Node steps to itself | -| realistic.cpp:48:21:48:21 | Phi | Node steps to itself | -| realistic.cpp:48:21:48:21 | Phi | Node steps to itself | -| realistic.cpp:48:21:48:21 | Phi | Node steps to itself | | realistic.cpp:48:21:48:21 | i | Node steps to itself | | realistic.cpp:48:34:48:34 | i | Node steps to itself | | realistic.cpp:49:17:49:17 | i | Node steps to itself | -| realistic.cpp:52:11:52:11 | Phi | Node steps to itself | -| realistic.cpp:52:11:52:11 | Phi | Node steps to itself | -| realistic.cpp:52:11:52:11 | Phi | Node steps to itself | -| realistic.cpp:52:11:52:11 | Phi | Node steps to itself | -| realistic.cpp:52:11:52:11 | Phi | Node steps to itself | -| realistic.cpp:52:11:52:11 | Phi | Node steps to itself | | realistic.cpp:52:11:52:11 | i | Node steps to itself | | realistic.cpp:53:17:53:17 | i | Node steps to itself | | realistic.cpp:54:24:54:24 | i | Node steps to itself | From 3f7a230a111098c17381f4a868ca324f2ae56395 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 4 May 2023 14:43:24 +0100 Subject: [PATCH 157/870] Sometimes install Go version even when one exists --- .../cli/go-autobuilder/go-autobuilder.go | 38 +++++++++++------- .../cli/go-autobuilder/go-autobuilder_test.go | 12 +++--- go/extractor/diagnostics/diagnostics.go | 39 ++++++++++++------- 3 files changed, 56 insertions(+), 33 deletions(-) diff --git a/go/extractor/cli/go-autobuilder/go-autobuilder.go b/go/extractor/cli/go-autobuilder/go-autobuilder.go index bddae0afdf7..59c324110b9 100644 --- a/go/extractor/cli/go-autobuilder/go-autobuilder.go +++ b/go/extractor/cli/go-autobuilder/go-autobuilder.go @@ -737,12 +737,6 @@ func checkForUnsupportedVersions(v versionInfo) (msg, version string) { "). Writing an environment file not specifying any version of Go." version = "" diagnostics.EmitUnsupportedVersionGoMod(msg) - } else if v.goEnvVersionFound && outsideSupportedRange(v.goEnvVersion) { - msg = "The version of Go installed in the environment (" + v.goEnvVersion + - ") is outside of the supported range (" + minGoVersion + "-" + maxGoVersion + - "). Writing an environment file not specifying any version of Go." - version = "" - diagnostics.EmitUnsupportedVersionEnvironment(msg) } return msg, version @@ -768,10 +762,20 @@ func checkForVersionsNotFound(v versionInfo) (msg, version string) { } if v.goEnvVersionFound && !v.goModVersionFound { - msg = "No `go.mod` file found. Version " + v.goEnvVersion + " installed in the " + - "environment. Writing an environment file not specifying any version of Go." - version = "" - diagnostics.EmitNoGoMod(msg) + if outsideSupportedRange(v.goEnvVersion) { + msg = "No `go.mod` file found. The version of Go installed in the environment (" + + v.goEnvVersion + ") is outside of the supported range (" + minGoVersion + "-" + + maxGoVersion + "). Writing an environment file specifying the maximum supported " + + "version of Go (" + maxGoVersion + ")." + version = maxGoVersion + diagnostics.EmitNoGoModAndGoEnvUnsupported(msg) + } else { + msg = "No `go.mod` file found. Version " + v.goEnvVersion + " installed in the " + + "environment is supported. Writing an environment file not specifying any " + + "version of Go." + version = "" + diagnostics.EmitNoGoModAndGoEnvSupported(msg) + } } return msg, version @@ -789,10 +793,18 @@ func compareVersions(v versionInfo) (msg, version string) { "file (" + v.goModVersion + ")." version = v.goModVersion diagnostics.EmitVersionGoModHigherVersionEnvironment(msg) - } else { + } else if outsideSupportedRange(v.goEnvVersion) { msg = "The version of Go installed in the environment (" + v.goEnvVersion + - ") is high enough for the version found in the `go.mod` file (" + v.goModVersion + - "). Writing an environment file not specifying any version of Go." + ") is outside of the supported range (" + minGoVersion + "-" + maxGoVersion + "). " + + "Writing an environment file specifying the version of Go from the `go.mod` file (" + + v.goModVersion + ")." + version = v.goModVersion + diagnostics.EmitVersionGoModSupportedAndGoEnvUnsupported(msg) + } else { + + msg = "The version of Go installed in the environment (" + v.goEnvVersion + + ") is supported and is high enough for the version found in the `go.mod` file (" + + v.goModVersion + "). Writing an environment file not specifying any version of Go." version = "" diagnostics.EmitVersionGoModNotHigherVersionEnvironment(msg) } diff --git a/go/extractor/cli/go-autobuilder/go-autobuilder_test.go b/go/extractor/cli/go-autobuilder/go-autobuilder_test.go index 3cf5e645371..caaa06e234d 100644 --- a/go/extractor/cli/go-autobuilder/go-autobuilder_test.go +++ b/go/extractor/cli/go-autobuilder/go-autobuilder_test.go @@ -49,13 +49,13 @@ func TestGetVersionToInstall(t *testing.T) { {"9999.0", true, "1.1", true}: "", {"9999.0", true, "", false}: "", // Go installation found with version below minGoVersion - {"1.20", true, "1.2.2", true}: "", - {"1.11", true, "1.2.2", true}: "", - {"", false, "1.2.2", true}: "", + {"1.20", true, "1.2.2", true}: "1.20", + {"1.11", true, "1.2.2", true}: "1.11", + {"", false, "1.2.2", true}: maxGoVersion, // Go installation found with version above maxGoVersion - {"1.20", true, "9999.0.1", true}: "", - {"1.11", true, "9999.0.1", true}: "", - {"", false, "9999.0.1", true}: "", + {"1.20", true, "9999.0.1", true}: "1.20", + {"1.11", true, "9999.0.1", true}: "1.11", + {"", false, "9999.0.1", true}: maxGoVersion, // checkForVersionsNotFound() diff --git a/go/extractor/diagnostics/diagnostics.go b/go/extractor/diagnostics/diagnostics.go index 9fd4fc6ff59..28a7f20a831 100644 --- a/go/extractor/diagnostics/diagnostics.go +++ b/go/extractor/diagnostics/diagnostics.go @@ -205,17 +205,6 @@ func EmitUnsupportedVersionGoMod(msg string) { ) } -func EmitUnsupportedVersionEnvironment(msg string) { - emitDiagnostic( - "go/autobuilder/env-unsupported-version-in-environment", - "Unsupported Go version in environment", - msg, - severityNote, - telemetryOnly, - noLocation, - ) -} - func EmitNoGoModAndNoGoEnv(msg string) { emitDiagnostic( "go/autobuilder/env-no-go-mod-and-no-go-env", @@ -238,10 +227,21 @@ func EmitNoGoEnv(msg string) { ) } -func EmitNoGoMod(msg string) { +func EmitNoGoModAndGoEnvUnsupported(msg string) { emitDiagnostic( - "go/autobuilder/env-no-go-mod", - "No `go.mod` file found", + "go/autobuilder/env-no-go-mod-go-env-unsupported", + "No `go.mod` file found and Go version in environment is unsupported", + msg, + severityNote, + telemetryOnly, + noLocation, + ) +} + +func EmitNoGoModAndGoEnvSupported(msg string) { + emitDiagnostic( + "go/autobuilder/env-no-go-mod-go-env-supported", + "No `go.mod` file found and Go version in environment is supported", msg, severityNote, telemetryOnly, @@ -260,6 +260,17 @@ func EmitVersionGoModHigherVersionEnvironment(msg string) { ) } +func EmitVersionGoModSupportedAndGoEnvUnsupported(msg string) { + emitDiagnostic( + "go/autobuilder/env-version-go-mod-higher-than-go-env", + "The Go version in `go.mod` file is higher than the Go version in environment", + msg, + severityNote, + telemetryOnly, + noLocation, + ) +} + func EmitVersionGoModNotHigherVersionEnvironment(msg string) { emitDiagnostic( "go/autobuilder/env-version-go-mod-lower-than-or-equal-to-go-env", From d329da673a245c1cd1aa54216b11437707b0cd6e Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 4 May 2023 15:27:30 +0100 Subject: [PATCH 158/870] Refactor logic for which version to install This does not change the version returned. In the case the the go mod version is supported and the go env version is below goMinVersion, the message now talks about go env version being unsupported instead of it being less than go mod version. This seems more sensible to me. --- .../cli/go-autobuilder/go-autobuilder.go | 109 +++++++----------- 1 file changed, 41 insertions(+), 68 deletions(-) diff --git a/go/extractor/cli/go-autobuilder/go-autobuilder.go b/go/extractor/cli/go-autobuilder/go-autobuilder.go index 59c324110b9..e4fbcc47eab 100644 --- a/go/extractor/cli/go-autobuilder/go-autobuilder.go +++ b/go/extractor/cli/go-autobuilder/go-autobuilder.go @@ -727,72 +727,46 @@ func outsideSupportedRange(version string) bool { return semver.Compare(short, "v"+minGoVersion) < 0 || semver.Compare(short, "v"+maxGoVersion) > 0 } -// Check if `v.goModVersion` or `v.goEnvVersion` are outside of the supported range. If so, emit -// a diagnostic and return an empty version to indicate that we should not attempt to install a -// different version of Go. -func checkForUnsupportedVersions(v versionInfo) (msg, version string) { - if v.goModVersionFound && outsideSupportedRange(v.goModVersion) { +// Assuming `v.goModVersionFound` is false, emit a diagnostic and return the version to install, +// or the empty string if we should not attempt to install a version of Go. +func checkForGoModVersionNotFound(v versionInfo) (msg, version string) { + if !v.goEnvVersionFound { + msg = "No version of Go installed and no `go.mod` file found. Writing an environment " + + "file specifying the maximum supported version of Go (" + maxGoVersion + ")." + version = maxGoVersion + diagnostics.EmitNoGoModAndNoGoEnv(msg) + } else if outsideSupportedRange(v.goEnvVersion) { + msg = "No `go.mod` file found. The version of Go installed in the environment (" + + v.goEnvVersion + ") is outside of the supported range (" + minGoVersion + "-" + + maxGoVersion + "). Writing an environment file specifying the maximum supported " + + "version of Go (" + maxGoVersion + ")." + version = maxGoVersion + diagnostics.EmitNoGoModAndGoEnvUnsupported(msg) + } else { + msg = "No `go.mod` file found. Version " + v.goEnvVersion + " installed in the " + + "environment is supported. Writing an environment file not specifying any " + + "version of Go." + version = "" + diagnostics.EmitNoGoModAndGoEnvSupported(msg) + } + + return msg, version +} + +// Assuming `v.goModVersionFound` is true, emit a diagnostic and return the version to install, +// or the empty string if we should not attempt to install a version of Go. +func checkForGoModVersionFound(v versionInfo) (msg, version string) { + if outsideSupportedRange(v.goModVersion) { msg = "The version of Go found in the `go.mod` file (" + v.goModVersion + ") is outside of the supported range (" + minGoVersion + "-" + maxGoVersion + "). Writing an environment file not specifying any version of Go." version = "" diagnostics.EmitUnsupportedVersionGoMod(msg) - } - - return msg, version -} - -// Check if either `v.goEnvVersionFound` or `v.goModVersionFound` are false. If so, emit -// a diagnostic and return the version to install, or the empty string if we should not attempt to -// install a version of Go. We assume that `checkForUnsupportedVersions` has already been -// called, so any versions that are found are within the supported range. -func checkForVersionsNotFound(v versionInfo) (msg, version string) { - if !v.goEnvVersionFound && !v.goModVersionFound { - msg = "No version of Go installed and no `go.mod` file found. Writing an environment " + - "file specifying the maximum supported version of Go (" + maxGoVersion + ")." - version = maxGoVersion - diagnostics.EmitNoGoModAndNoGoEnv(msg) - } - - if !v.goEnvVersionFound && v.goModVersionFound { + } else if !v.goEnvVersionFound { msg = "No version of Go installed. Writing an environment file specifying the version " + "of Go found in the `go.mod` file (" + v.goModVersion + ")." version = v.goModVersion diagnostics.EmitNoGoEnv(msg) - } - - if v.goEnvVersionFound && !v.goModVersionFound { - if outsideSupportedRange(v.goEnvVersion) { - msg = "No `go.mod` file found. The version of Go installed in the environment (" + - v.goEnvVersion + ") is outside of the supported range (" + minGoVersion + "-" + - maxGoVersion + "). Writing an environment file specifying the maximum supported " + - "version of Go (" + maxGoVersion + ")." - version = maxGoVersion - diagnostics.EmitNoGoModAndGoEnvUnsupported(msg) - } else { - msg = "No `go.mod` file found. Version " + v.goEnvVersion + " installed in the " + - "environment is supported. Writing an environment file not specifying any " + - "version of Go." - version = "" - diagnostics.EmitNoGoModAndGoEnvSupported(msg) - } - } - - return msg, version -} - -// Compare `v.goModVersion` and `v.goEnvVersion`. emit a diagnostic and return the version to -// install, or the empty string if we should not attempt to install a version of Go. We assume that -// `checkForUnsupportedVersions` and `checkForVersionsNotFound` have already been called, so both -// versions are found and are within the supported range. -func compareVersions(v versionInfo) (msg, version string) { - if semver.Compare("v"+v.goModVersion, "v"+v.goEnvVersion) > 0 { - msg = "The version of Go installed in the environment (" + v.goEnvVersion + - ") is lower than the version found in the `go.mod` file (" + v.goModVersion + - "). Writing an environment file specifying the version of Go from the `go.mod` " + - "file (" + v.goModVersion + ")." - version = v.goModVersion - diagnostics.EmitVersionGoModHigherVersionEnvironment(msg) } else if outsideSupportedRange(v.goEnvVersion) { msg = "The version of Go installed in the environment (" + v.goEnvVersion + ") is outside of the supported range (" + minGoVersion + "-" + maxGoVersion + "). " + @@ -800,8 +774,14 @@ func compareVersions(v versionInfo) (msg, version string) { v.goModVersion + ")." version = v.goModVersion diagnostics.EmitVersionGoModSupportedAndGoEnvUnsupported(msg) + } else if semver.Compare("v"+v.goModVersion, "v"+v.goEnvVersion) > 0 { + msg = "The version of Go installed in the environment (" + v.goEnvVersion + + ") is lower than the version found in the `go.mod` file (" + v.goModVersion + + "). Writing an environment file specifying the version of Go from the `go.mod` " + + "file (" + v.goModVersion + ")." + version = v.goModVersion + diagnostics.EmitVersionGoModHigherVersionEnvironment(msg) } else { - msg = "The version of Go installed in the environment (" + v.goEnvVersion + ") is supported and is high enough for the version found in the `go.mod` file (" + v.goModVersion + "). Writing an environment file not specifying any version of Go." @@ -815,18 +795,11 @@ func compareVersions(v versionInfo) (msg, version string) { // Check the versions of Go found in the environment and in the `go.mod` file, and return a // version to install. If the version is the empty string then no installation is required. func getVersionToInstall(v versionInfo) (msg, version string) { - msg, version = checkForUnsupportedVersions(v) - if msg != "" { - return msg, version + if !v.goModVersionFound { + return checkForGoModVersionNotFound(v) } - msg, version = checkForVersionsNotFound(v) - if msg != "" { - return msg, version - } - - msg, version = compareVersions(v) - return msg, version + return checkForGoModVersionFound(v) } // Write an environment file to the current directory. If `version` is the empty string then From 4048915c8c59b7e263b290cb5dd4fd7dcb64c3d6 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 5 May 2023 15:45:44 +0100 Subject: [PATCH 159/870] C++: Remove self edges from non-post-update SSA. --- .../cpp/ir/dataflow/internal/SsaInternals.qll | 3 +- .../dataflow-ir-consistency.expected | 326 ------------------ .../fields/dataflow-ir-consistency.expected | 239 ------------- 3 files changed, 2 insertions(+), 566 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll index 71bf6aab3bc..b6c944206b2 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll @@ -677,7 +677,8 @@ private predicate ssaFlowImpl(SsaDefOrUse defOrUse, Node nodeFrom, Node nodeTo, not nodeFrom = any(PostUpdateNode pun).getPreUpdateNode() and nodeToDefOrUse(nodeFrom, defOrUse, uncertain) and adjacentDefRead(defOrUse, use) and - useToNode(use, nodeTo) + useToNode(use, nodeTo) and + nodeFrom != nodeTo or // Initial global variable value to a first use nodeFrom.(InitialGlobalValue).getGlobalDef() = defOrUse and diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected index 526361e6b0d..c675242e7a2 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected @@ -32,384 +32,58 @@ uniqueParameterNodeAtPosition uniqueParameterNodePosition uniqueContentApprox identityLocalStep -| BarrierGuard.cpp:6:15:6:20 | source | Node steps to itself | -| BarrierGuard.cpp:7:10:7:15 | source | Node steps to itself | -| BarrierGuard.cpp:9:10:9:15 | source | Node steps to itself | -| BarrierGuard.cpp:14:16:14:21 | source | Node steps to itself | -| BarrierGuard.cpp:15:10:15:15 | source | Node steps to itself | -| BarrierGuard.cpp:17:10:17:15 | source | Node steps to itself | -| BarrierGuard.cpp:22:15:22:20 | source | Node steps to itself | -| BarrierGuard.cpp:22:26:22:34 | arbitrary | Node steps to itself | -| BarrierGuard.cpp:23:10:23:15 | source | Node steps to itself | -| BarrierGuard.cpp:25:10:25:15 | source | Node steps to itself | -| BarrierGuard.cpp:30:15:30:20 | source | Node steps to itself | -| BarrierGuard.cpp:30:26:30:34 | arbitrary | Node steps to itself | -| BarrierGuard.cpp:31:10:31:15 | source | Node steps to itself | -| BarrierGuard.cpp:33:10:33:15 | source | Node steps to itself | -| BarrierGuard.cpp:38:16:38:21 | source | Node steps to itself | -| BarrierGuard.cpp:41:8:41:13 | source | Node steps to itself | -| BarrierGuard.cpp:60:3:60:4 | p1 | Node steps to itself | -| BarrierGuard.cpp:61:15:61:16 | p1 | Node steps to itself | -| BarrierGuard.cpp:62:10:62:11 | p1 | Node steps to itself | | BarrierGuard.cpp:62:10:62:11 | p1 indirection | Node steps to itself | -| BarrierGuard.cpp:63:22:63:23 | p1 | Node steps to itself | -| BarrierGuard.cpp:64:10:64:11 | p1 | Node steps to itself | | BarrierGuard.cpp:64:10:64:11 | p1 indirection | Node steps to itself | -| BarrierGuard.cpp:65:22:65:23 | p2 | Node steps to itself | | BarrierGuard.cpp:65:22:65:23 | p2 indirection | Node steps to itself | -| BarrierGuard.cpp:66:10:66:11 | p1 | Node steps to itself | | BarrierGuard.cpp:66:10:66:11 | p1 indirection | Node steps to itself | -| BarrierGuard.cpp:76:10:76:12 | buf | Node steps to itself | | BarrierGuard.cpp:76:10:76:12 | buf indirection | Node steps to itself | -| clang.cpp:8:27:8:28 | this | Node steps to itself | | clang.cpp:8:27:8:28 | this indirection | Node steps to itself | -| clang.cpp:20:8:20:19 | sourceArray1 | Node steps to itself | -| clang.cpp:21:9:21:20 | sourceArray1 | Node steps to itself | -| clang.cpp:25:8:25:24 | sourceStruct1_ptr | Node steps to itself | -| clang.cpp:26:8:26:24 | sourceStruct1_ptr | Node steps to itself | -| clang.cpp:28:3:28:19 | sourceStruct1_ptr | Node steps to itself | -| clang.cpp:29:8:29:24 | sourceStruct1_ptr | Node steps to itself | -| clang.cpp:30:8:30:24 | sourceStruct1_ptr | Node steps to itself | -| clang.cpp:31:8:31:24 | sourceStruct1_ptr | Node steps to itself | | clang.cpp:31:8:31:24 | sourceStruct1_ptr indirection | Node steps to itself | -| clang.cpp:47:8:47:28 | sourceFunctionPointer | Node steps to itself | -| dispatch.cpp:11:38:11:38 | x | Node steps to itself | -| dispatch.cpp:23:38:23:38 | x | Node steps to itself | -| dispatch.cpp:31:8:31:13 | topPtr | Node steps to itself | -| dispatch.cpp:32:8:32:13 | topPtr | Node steps to itself | -| dispatch.cpp:33:3:33:8 | topPtr | Node steps to itself | -| dispatch.cpp:35:8:35:13 | topPtr | Node steps to itself | -| dispatch.cpp:36:8:36:13 | topPtr | Node steps to itself | -| dispatch.cpp:37:3:37:8 | topPtr | Node steps to itself | | dispatch.cpp:37:3:37:8 | topPtr indirection | Node steps to itself | | dispatch.cpp:45:3:45:8 | topRef indirection | Node steps to itself | -| dispatch.cpp:51:10:51:21 | globalBottom | Node steps to itself | -| dispatch.cpp:55:8:55:19 | globalBottom | Node steps to itself | | dispatch.cpp:55:8:55:19 | globalBottom indirection | Node steps to itself | -| dispatch.cpp:56:8:56:19 | globalMiddle | Node steps to itself | | dispatch.cpp:56:8:56:19 | globalMiddle indirection | Node steps to itself | -| dispatch.cpp:69:3:69:5 | top | Node steps to itself | | dispatch.cpp:69:3:69:5 | top indirection | Node steps to itself | | dispatch.cpp:73:3:73:5 | top indirection | Node steps to itself | -| dispatch.cpp:81:3:81:3 | x | Node steps to itself | | dispatch.cpp:81:3:81:3 | x indirection | Node steps to itself | -| dispatch.cpp:85:10:85:12 | top | Node steps to itself | | dispatch.cpp:89:12:89:17 | bottom indirection | Node steps to itself | -| dispatch.cpp:90:12:90:14 | top | Node steps to itself | | dispatch.cpp:90:12:90:14 | top indirection | Node steps to itself | -| dispatch.cpp:96:8:96:8 | x | Node steps to itself | -| dispatch.cpp:104:7:104:7 | b | Node steps to itself | -| dispatch.cpp:107:3:107:15 | maybeCallSink | Node steps to itself | -| dispatch.cpp:108:3:108:14 | dontCallSink | Node steps to itself | -| dispatch.cpp:129:10:129:15 | topPtr | Node steps to itself | | dispatch.cpp:129:10:129:15 | topPtr indirection | Node steps to itself | | dispatch.cpp:130:10:130:15 | topRef indirection | Node steps to itself | -| dispatch.cpp:140:3:140:6 | func | Node steps to itself | -| dispatch.cpp:144:3:144:6 | func | Node steps to itself | -| dispatch.cpp:160:3:160:6 | func | Node steps to itself | -| dispatch.cpp:164:3:164:6 | func | Node steps to itself | -| example.c:19:6:19:6 | b | Node steps to itself | | example.c:19:6:19:6 | b indirection | Node steps to itself | -| example.c:24:24:24:26 | pos | Node steps to itself | -| file://:0:0:0:0 | this | Node steps to itself | | file://:0:0:0:0 | this indirection | Node steps to itself | -| globals.cpp:6:10:6:14 | local | Node steps to itself | -| globals.cpp:12:10:12:24 | flowTestGlobal1 | Node steps to itself | -| globals.cpp:19:10:19:24 | flowTestGlobal2 | Node steps to itself | -| lambdas.cpp:13:10:17:2 | [...](...){...} | Node steps to itself | | lambdas.cpp:13:11:13:11 | (unnamed parameter 0) indirection | Node steps to itself | -| lambdas.cpp:13:12:13:12 | t | Node steps to itself | -| lambdas.cpp:13:15:13:15 | u | Node steps to itself | -| lambdas.cpp:14:3:14:6 | this | Node steps to itself | -| lambdas.cpp:15:3:15:6 | this | Node steps to itself | -| lambdas.cpp:20:10:24:2 | [...](...){...} | Node steps to itself | | lambdas.cpp:20:11:20:11 | (unnamed parameter 0) indirection | Node steps to itself | -| lambdas.cpp:21:3:21:6 | this | Node steps to itself | -| lambdas.cpp:22:3:22:6 | this | Node steps to itself | -| lambdas.cpp:23:3:23:14 | this | Node steps to itself | | lambdas.cpp:23:3:23:14 | this indirection | Node steps to itself | -| lambdas.cpp:26:7:26:7 | v | Node steps to itself | -| lambdas.cpp:28:10:31:2 | [...](...){...} | Node steps to itself | -| lambdas.cpp:28:10:31:2 | t | Node steps to itself | -| lambdas.cpp:28:10:31:2 | u | Node steps to itself | | lambdas.cpp:28:11:28:11 | (unnamed parameter 0) indirection | Node steps to itself | -| lambdas.cpp:29:3:29:6 | this | Node steps to itself | -| lambdas.cpp:30:3:30:6 | this | Node steps to itself | | lambdas.cpp:30:3:30:6 | this indirection | Node steps to itself | -| lambdas.cpp:34:11:37:2 | [...](...){...} | Node steps to itself | -| lambdas.cpp:35:8:35:8 | a | Node steps to itself | -| lambdas.cpp:36:8:36:8 | b | Node steps to itself | -| lambdas.cpp:38:4:38:4 | t | Node steps to itself | -| lambdas.cpp:38:7:38:7 | u | Node steps to itself | -| lambdas.cpp:40:11:44:2 | [...](...){...} | Node steps to itself | -| lambdas.cpp:41:8:41:8 | a | Node steps to itself | -| lambdas.cpp:42:8:42:8 | b | Node steps to itself | -| lambdas.cpp:46:7:46:7 | w | Node steps to itself | -| ref.cpp:11:11:11:13 | rhs | Node steps to itself | | ref.cpp:16:12:16:14 | lhs indirection | Node steps to itself | -| ref.cpp:16:17:16:19 | rhs | Node steps to itself | -| ref.cpp:20:11:20:13 | rhs | Node steps to itself | -| ref.cpp:21:9:21:17 | arbitrary | Node steps to itself | -| ref.cpp:30:9:30:17 | arbitrary | Node steps to itself | -| ref.cpp:36:9:36:17 | arbitrary | Node steps to itself | -| ref.cpp:45:9:45:17 | arbitrary | Node steps to itself | -| ref.cpp:56:10:56:11 | x1 | Node steps to itself | -| ref.cpp:59:10:59:11 | x2 | Node steps to itself | -| ref.cpp:62:10:62:11 | x3 | Node steps to itself | -| ref.cpp:65:10:65:11 | x4 | Node steps to itself | | ref.cpp:75:5:75:7 | lhs indirection | Node steps to itself | -| ref.cpp:75:15:75:17 | rhs | Node steps to itself | | ref.cpp:79:12:79:14 | lhs indirection | Node steps to itself | -| ref.cpp:79:17:79:19 | rhs | Node steps to itself | -| ref.cpp:83:15:83:17 | rhs | Node steps to itself | -| ref.cpp:86:9:86:17 | arbitrary | Node steps to itself | | ref.cpp:87:7:87:9 | lhs indirection | Node steps to itself | | ref.cpp:89:7:89:9 | lhs indirection | Node steps to itself | -| ref.cpp:95:9:95:17 | arbitrary | Node steps to itself | | ref.cpp:96:7:96:9 | out indirection | Node steps to itself | -| ref.cpp:101:9:101:17 | arbitrary | Node steps to itself | | ref.cpp:102:21:102:23 | out indirection | Node steps to itself | | ref.cpp:104:7:104:9 | out indirection | Node steps to itself | -| ref.cpp:112:9:112:17 | arbitrary | Node steps to itself | | ref.cpp:113:7:113:9 | out indirection | Node steps to itself | | ref.cpp:115:7:115:9 | out indirection | Node steps to itself | -| test.cpp:7:8:7:9 | t1 | Node steps to itself | -| test.cpp:8:8:8:9 | t1 | Node steps to itself | -| test.cpp:9:8:9:9 | t1 | Node steps to itself | -| test.cpp:10:8:10:9 | t2 | Node steps to itself | -| test.cpp:11:7:11:8 | t1 | Node steps to itself | -| test.cpp:13:10:13:11 | t2 | Node steps to itself | -| test.cpp:15:8:15:9 | t2 | Node steps to itself | -| test.cpp:21:8:21:9 | t1 | Node steps to itself | -| test.cpp:23:19:23:19 | i | Node steps to itself | -| test.cpp:23:23:23:24 | t1 | Node steps to itself | -| test.cpp:23:27:23:27 | i | Node steps to itself | -| test.cpp:24:10:24:11 | t2 | Node steps to itself | -| test.cpp:26:8:26:9 | t1 | Node steps to itself | -| test.cpp:30:8:30:8 | t | Node steps to itself | -| test.cpp:31:8:31:8 | c | Node steps to itself | -| test.cpp:43:10:43:10 | t | Node steps to itself | -| test.cpp:43:10:43:20 | ... ? ... : ... | Node steps to itself | -| test.cpp:43:14:43:15 | t1 | Node steps to itself | -| test.cpp:43:19:43:20 | t2 | Node steps to itself | -| test.cpp:45:9:45:9 | b | Node steps to itself | -| test.cpp:45:9:45:19 | ... ? ... : ... | Node steps to itself | -| test.cpp:45:13:45:14 | t1 | Node steps to itself | -| test.cpp:45:18:45:19 | t2 | Node steps to itself | -| test.cpp:46:10:46:10 | t | Node steps to itself | -| test.cpp:51:9:51:9 | b | Node steps to itself | -| test.cpp:52:11:52:12 | t1 | Node steps to itself | -| test.cpp:58:10:58:10 | t | Node steps to itself | -| test.cpp:69:14:69:15 | x2 | Node steps to itself | -| test.cpp:71:8:71:9 | x4 | Node steps to itself | -| test.cpp:76:8:76:9 | u1 | Node steps to itself | -| test.cpp:78:8:78:9 | u1 | Node steps to itself | -| test.cpp:81:8:81:9 | i1 | Node steps to itself | -| test.cpp:84:8:84:9 | i1 | Node steps to itself | -| test.cpp:84:8:84:18 | ... ? ... : ... | Node steps to itself | -| test.cpp:84:13:84:14 | u2 | Node steps to itself | -| test.cpp:85:8:85:9 | u2 | Node steps to itself | -| test.cpp:86:8:86:9 | i1 | Node steps to itself | -| test.cpp:90:8:90:14 | source1 | Node steps to itself | -| test.cpp:91:13:91:18 | clean1 | Node steps to itself | -| test.cpp:92:8:92:14 | source1 | Node steps to itself | -| test.cpp:102:9:102:14 | clean1 | Node steps to itself | -| test.cpp:103:10:103:12 | ref | Node steps to itself | -| test.cpp:107:13:107:18 | clean1 | Node steps to itself | -| test.cpp:110:10:110:12 | ref | Node steps to itself | -| test.cpp:125:10:125:11 | in | Node steps to itself | -| test.cpp:134:10:134:10 | p | Node steps to itself | -| test.cpp:139:11:139:11 | x | Node steps to itself | -| test.cpp:140:8:140:8 | y | Node steps to itself | -| test.cpp:144:8:144:8 | s | Node steps to itself | -| test.cpp:145:10:145:10 | s | Node steps to itself | -| test.cpp:150:8:150:8 | x | Node steps to itself | -| test.cpp:152:8:152:8 | y | Node steps to itself | -| test.cpp:156:11:156:11 | s | Node steps to itself | -| test.cpp:157:8:157:8 | x | Node steps to itself | -| test.cpp:158:10:158:10 | x | Node steps to itself | -| test.cpp:163:8:163:8 | x | Node steps to itself | -| test.cpp:165:8:165:8 | y | Node steps to itself | -| test.cpp:172:10:172:10 | x | Node steps to itself | -| test.cpp:177:11:177:11 | x | Node steps to itself | -| test.cpp:178:8:178:8 | y | Node steps to itself | -| test.cpp:190:12:190:12 | p | Node steps to itself | -| test.cpp:194:13:194:27 | this | Node steps to itself | | test.cpp:194:13:194:27 | this indirection | Node steps to itself | -| test.cpp:195:19:195:19 | x | Node steps to itself | -| test.cpp:196:13:196:19 | barrier | Node steps to itself | -| test.cpp:197:10:197:10 | y | Node steps to itself | -| test.cpp:201:19:201:24 | source | Node steps to itself | -| test.cpp:202:10:202:16 | barrier | Node steps to itself | -| test.cpp:203:12:203:18 | barrier | Node steps to itself | -| test.cpp:207:13:207:33 | this | Node steps to itself | -| test.cpp:208:10:208:10 | x | Node steps to itself | -| test.cpp:209:13:209:33 | this | Node steps to itself | | test.cpp:209:13:209:33 | this indirection | Node steps to itself | -| test.cpp:210:10:210:10 | y | Node steps to itself | -| test.cpp:214:19:214:24 | source | Node steps to itself | -| test.cpp:215:13:215:19 | barrier | Node steps to itself | -| test.cpp:216:10:216:10 | x | Node steps to itself | -| test.cpp:217:12:217:12 | x | Node steps to itself | -| test.cpp:221:13:221:34 | this | Node steps to itself | -| test.cpp:222:10:222:10 | x | Node steps to itself | -| test.cpp:223:13:223:34 | this | Node steps to itself | | test.cpp:223:13:223:34 | this indirection | Node steps to itself | -| test.cpp:224:10:224:10 | y | Node steps to itself | -| test.cpp:231:19:231:19 | x | Node steps to itself | -| test.cpp:232:12:232:18 | barrier | Node steps to itself | -| test.cpp:236:13:236:24 | this | Node steps to itself | | test.cpp:236:13:236:24 | this indirection | Node steps to itself | -| test.cpp:237:13:237:13 | x | Node steps to itself | -| test.cpp:238:10:238:10 | y | Node steps to itself | -| test.cpp:245:7:245:12 | this | Node steps to itself | -| test.cpp:246:7:246:16 | this | Node steps to itself | | test.cpp:246:7:246:16 | this indirection | Node steps to itself | -| test.cpp:250:15:250:15 | x | Node steps to itself | -| test.cpp:251:7:251:12 | this | Node steps to itself | | test.cpp:251:7:251:12 | this indirection | Node steps to itself | -| test.cpp:251:14:251:14 | y | Node steps to itself | -| test.cpp:255:21:255:21 | x | Node steps to itself | -| test.cpp:256:7:256:12 | this | Node steps to itself | | test.cpp:256:7:256:12 | this indirection | Node steps to itself | -| test.cpp:256:14:256:20 | barrier | Node steps to itself | -| test.cpp:260:12:260:12 | x | Node steps to itself | -| test.cpp:265:15:265:20 | this | Node steps to itself | -| test.cpp:266:12:266:12 | x | Node steps to itself | -| test.cpp:267:11:267:20 | this | Node steps to itself | | test.cpp:267:11:267:20 | this indirection | Node steps to itself | -| test.cpp:268:12:268:12 | x | Node steps to itself | -| test.cpp:272:15:272:15 | x | Node steps to itself | -| test.cpp:273:14:273:19 | this | Node steps to itself | | test.cpp:273:14:273:19 | this indirection | Node steps to itself | -| test.cpp:273:21:273:21 | y | Node steps to itself | -| test.cpp:277:21:277:21 | x | Node steps to itself | -| test.cpp:278:14:278:19 | this | Node steps to itself | | test.cpp:278:14:278:19 | this indirection | Node steps to itself | -| test.cpp:278:21:278:27 | barrier | Node steps to itself | -| test.cpp:282:15:282:15 | x | Node steps to itself | -| test.cpp:283:14:283:14 | y | Node steps to itself | -| test.cpp:288:17:288:22 | this | Node steps to itself | -| test.cpp:289:14:289:14 | x | Node steps to itself | -| test.cpp:290:13:290:22 | this | Node steps to itself | | test.cpp:290:13:290:22 | this indirection | Node steps to itself | -| test.cpp:291:14:291:14 | x | Node steps to itself | -| test.cpp:295:17:295:22 | this | Node steps to itself | | test.cpp:295:17:295:22 | this indirection | Node steps to itself | -| test.cpp:296:16:296:16 | y | Node steps to itself | -| test.cpp:300:23:300:28 | this | Node steps to itself | | test.cpp:300:23:300:28 | this indirection | Node steps to itself | -| test.cpp:301:16:301:22 | barrier | Node steps to itself | -| test.cpp:306:16:306:16 | y | Node steps to itself | -| test.cpp:314:2:314:2 | this | Node steps to itself | | test.cpp:314:2:314:2 | this indirection | Node steps to itself | -| test.cpp:317:10:317:10 | this | Node steps to itself | -| test.cpp:317:12:317:12 | p | Node steps to itself | -| test.cpp:318:7:318:7 | x | Node steps to itself | -| test.cpp:319:10:319:10 | this | Node steps to itself | -| test.cpp:320:7:320:7 | y | Node steps to itself | -| test.cpp:321:2:321:2 | this | Node steps to itself | | test.cpp:321:2:321:2 | this indirection | Node steps to itself | -| test.cpp:324:9:324:9 | p | Node steps to itself | -| test.cpp:337:10:337:18 | globalVar | Node steps to itself | -| test.cpp:339:10:339:18 | globalVar | Node steps to itself | -| test.cpp:343:10:343:18 | globalVar | Node steps to itself | -| test.cpp:349:10:349:18 | globalVar | Node steps to itself | -| test.cpp:359:5:359:9 | this | Node steps to itself | | test.cpp:359:5:359:9 | this indirection | Node steps to itself | -| test.cpp:363:10:363:14 | this | Node steps to itself | -| test.cpp:364:5:364:14 | this | Node steps to itself | -| test.cpp:365:10:365:14 | this | Node steps to itself | | test.cpp:365:10:365:14 | this indirection | Node steps to itself | -| test.cpp:369:10:369:14 | this | Node steps to itself | | test.cpp:369:10:369:14 | this indirection | Node steps to itself | -| test.cpp:373:5:373:9 | this | Node steps to itself | -| test.cpp:374:5:374:20 | this | Node steps to itself | -| test.cpp:375:10:375:14 | this | Node steps to itself | | test.cpp:375:10:375:14 | this indirection | Node steps to itself | -| test.cpp:385:8:385:10 | tmp | Node steps to itself | -| test.cpp:392:8:392:10 | tmp | Node steps to itself | -| test.cpp:393:7:393:7 | b | Node steps to itself | -| test.cpp:394:10:394:12 | tmp | Node steps to itself | -| test.cpp:401:8:401:10 | tmp | Node steps to itself | -| test.cpp:408:8:408:10 | tmp | Node steps to itself | -| test.cpp:418:8:418:12 | local | Node steps to itself | -| test.cpp:424:8:424:12 | local | Node steps to itself | -| test.cpp:436:8:436:13 | * ... | Node steps to itself | -| test.cpp:442:8:442:12 | local | Node steps to itself | -| test.cpp:451:8:451:13 | * ... | Node steps to itself | -| test.cpp:462:9:462:14 | clean1 | Node steps to itself | -| test.cpp:463:13:463:19 | source1 | Node steps to itself | -| test.cpp:465:13:465:18 | clean1 | Node steps to itself | -| test.cpp:468:8:468:12 | local | Node steps to itself | -| test.cpp:478:8:478:8 | x | Node steps to itself | -| test.cpp:488:21:488:21 | s | Node steps to itself | -| test.cpp:489:20:489:20 | s | Node steps to itself | | test.cpp:489:20:489:20 | s indirection | Node steps to itself | -| test.cpp:490:9:490:17 | p_content | Node steps to itself | -| test.cpp:498:9:498:14 | clean1 | Node steps to itself | -| test.cpp:500:10:500:10 | x | Node steps to itself | -| test.cpp:513:8:513:8 | x | Node steps to itself | -| test.cpp:520:19:520:23 | clean | Node steps to itself | -| test.cpp:532:9:532:9 | e | Node steps to itself | -| test.cpp:536:11:536:11 | p | Node steps to itself | -| test.cpp:541:10:541:10 | y | Node steps to itself | -| test.cpp:552:28:552:28 | y | Node steps to itself | -| test.cpp:566:11:566:19 | globalInt | Node steps to itself | -| test.cpp:568:11:568:19 | globalInt | Node steps to itself | -| test.cpp:572:11:572:19 | globalInt | Node steps to itself | -| test.cpp:578:11:578:19 | globalInt | Node steps to itself | -| test.cpp:590:8:590:8 | x | Node steps to itself | -| test.cpp:596:11:596:11 | p | Node steps to itself | -| test.cpp:601:20:601:20 | p | Node steps to itself | -| test.cpp:602:3:602:3 | p | Node steps to itself | -| test.cpp:603:9:603:9 | p | Node steps to itself | -| test.cpp:607:20:607:20 | p | Node steps to itself | -| test.cpp:609:9:609:9 | p | Node steps to itself | -| test.cpp:614:20:614:20 | p | Node steps to itself | -| test.cpp:624:7:624:7 | b | Node steps to itself | -| test.cpp:634:8:634:8 | x | Node steps to itself | -| test.cpp:640:8:640:8 | x | Node steps to itself | -| test.cpp:645:8:645:8 | x | Node steps to itself | -| test.cpp:651:8:651:8 | x | Node steps to itself | -| test.cpp:658:8:658:8 | x | Node steps to itself | -| test.cpp:666:9:666:16 | ptr_to_s | Node steps to itself | -| test.cpp:673:9:673:16 | ptr_to_s | Node steps to itself | -| test.cpp:679:9:679:16 | ptr_to_s | Node steps to itself | -| test.cpp:687:9:687:16 | ptr_to_s | Node steps to itself | -| true_upon_entry.cpp:10:19:10:19 | i | Node steps to itself | -| true_upon_entry.cpp:10:27:10:27 | i | Node steps to itself | -| true_upon_entry.cpp:13:8:13:8 | x | Node steps to itself | -| true_upon_entry.cpp:18:19:18:19 | i | Node steps to itself | -| true_upon_entry.cpp:18:23:18:32 | iterations | Node steps to itself | -| true_upon_entry.cpp:18:35:18:35 | i | Node steps to itself | -| true_upon_entry.cpp:21:8:21:8 | x | Node steps to itself | -| true_upon_entry.cpp:26:19:26:19 | i | Node steps to itself | -| true_upon_entry.cpp:26:27:26:27 | i | Node steps to itself | -| true_upon_entry.cpp:29:8:29:8 | x | Node steps to itself | -| true_upon_entry.cpp:34:19:34:19 | i | Node steps to itself | -| true_upon_entry.cpp:34:27:34:27 | i | Node steps to itself | -| true_upon_entry.cpp:39:8:39:8 | x | Node steps to itself | -| true_upon_entry.cpp:44:19:44:19 | i | Node steps to itself | -| true_upon_entry.cpp:44:27:44:27 | i | Node steps to itself | -| true_upon_entry.cpp:49:8:49:8 | x | Node steps to itself | -| true_upon_entry.cpp:55:19:55:19 | i | Node steps to itself | -| true_upon_entry.cpp:55:38:55:38 | i | Node steps to itself | -| true_upon_entry.cpp:57:8:57:8 | x | Node steps to itself | -| true_upon_entry.cpp:63:19:63:19 | i | Node steps to itself | -| true_upon_entry.cpp:63:38:63:38 | i | Node steps to itself | -| true_upon_entry.cpp:66:8:66:8 | x | Node steps to itself | -| true_upon_entry.cpp:76:19:76:19 | i | Node steps to itself | -| true_upon_entry.cpp:76:38:76:38 | i | Node steps to itself | -| true_upon_entry.cpp:78:8:78:8 | x | Node steps to itself | -| true_upon_entry.cpp:84:30:84:30 | i | Node steps to itself | -| true_upon_entry.cpp:84:38:84:38 | i | Node steps to itself | -| true_upon_entry.cpp:86:8:86:8 | x | Node steps to itself | -| true_upon_entry.cpp:91:30:91:30 | i | Node steps to itself | -| true_upon_entry.cpp:91:38:91:38 | i | Node steps to itself | -| true_upon_entry.cpp:93:8:93:8 | x | Node steps to itself | -| true_upon_entry.cpp:99:7:99:7 | b | Node steps to itself | -| true_upon_entry.cpp:101:10:101:10 | i | Node steps to itself | -| true_upon_entry.cpp:101:18:101:18 | i | Node steps to itself | -| true_upon_entry.cpp:101:23:101:23 | d | Node steps to itself | -| true_upon_entry.cpp:105:8:105:8 | x | Node steps to itself | diff --git a/cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected b/cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected index 06ad45a17b7..82aea270495 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected +++ b/cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected @@ -42,363 +42,124 @@ uniqueParameterNodeAtPosition uniqueParameterNodePosition uniqueContentApprox identityLocalStep -| A.cpp:25:7:25:10 | this | Node steps to itself | | A.cpp:25:7:25:10 | this indirection | Node steps to itself | -| A.cpp:25:17:25:17 | c | Node steps to itself | -| A.cpp:27:22:27:25 | this | Node steps to itself | | A.cpp:27:22:27:25 | this indirection | Node steps to itself | -| A.cpp:27:32:27:32 | c | Node steps to itself | -| A.cpp:28:23:28:26 | this | Node steps to itself | | A.cpp:28:23:28:26 | this indirection | Node steps to itself | -| A.cpp:31:20:31:20 | c | Node steps to itself | | A.cpp:31:20:31:20 | c indirection | Node steps to itself | | A.cpp:41:15:41:21 | new indirection | Node steps to itself | -| A.cpp:48:20:48:20 | c | Node steps to itself | | A.cpp:48:20:48:20 | c indirection | Node steps to itself | -| A.cpp:49:10:49:10 | b | Node steps to itself | | A.cpp:49:10:49:10 | b indirection | Node steps to itself | -| A.cpp:55:5:55:5 | b | Node steps to itself | | A.cpp:55:12:55:19 | new indirection | Node steps to itself | -| A.cpp:56:10:56:10 | b | Node steps to itself | | A.cpp:56:10:56:10 | b indirection | Node steps to itself | -| A.cpp:64:10:64:15 | this | Node steps to itself | | A.cpp:64:10:64:15 | this indirection | Node steps to itself | -| A.cpp:64:17:64:18 | b1 | Node steps to itself | | A.cpp:64:21:64:28 | new indirection | Node steps to itself | -| A.cpp:65:10:65:11 | b1 | Node steps to itself | | A.cpp:65:10:65:11 | b1 indirection | Node steps to itself | -| A.cpp:66:10:66:11 | b2 | Node steps to itself | | A.cpp:66:10:66:11 | b2 indirection | Node steps to itself | -| A.cpp:73:10:73:19 | this | Node steps to itself | | A.cpp:73:10:73:19 | this indirection | Node steps to itself | -| A.cpp:73:21:73:22 | b1 | Node steps to itself | | A.cpp:73:25:73:32 | new indirection | Node steps to itself | -| A.cpp:74:10:74:11 | b1 | Node steps to itself | | A.cpp:74:10:74:11 | b1 indirection | Node steps to itself | -| A.cpp:75:10:75:11 | b2 | Node steps to itself | | A.cpp:75:10:75:11 | b2 indirection | Node steps to itself | -| A.cpp:81:10:81:15 | this | Node steps to itself | -| A.cpp:81:17:81:18 | b1 | Node steps to itself | -| A.cpp:81:21:81:21 | c | Node steps to itself | | A.cpp:81:21:81:21 | c indirection | Node steps to itself | -| A.cpp:82:12:82:12 | this | Node steps to itself | | A.cpp:82:12:82:12 | this indirection | Node steps to itself | -| A.cpp:82:12:82:24 | ... ? ... : ... | Node steps to itself | -| A.cpp:82:18:82:19 | b1 | Node steps to itself | -| A.cpp:82:23:82:24 | b2 | Node steps to itself | -| A.cpp:87:9:87:9 | this | Node steps to itself | | A.cpp:87:9:87:9 | this indirection | Node steps to itself | -| A.cpp:90:7:90:8 | b2 | Node steps to itself | -| A.cpp:90:15:90:15 | c | Node steps to itself | | A.cpp:90:15:90:15 | c indirection | Node steps to itself | -| A.cpp:91:14:91:15 | b2 | Node steps to itself | -| A.cpp:93:12:93:13 | b1 | Node steps to itself | -| A.cpp:100:5:100:6 | c1 | Node steps to itself | -| A.cpp:100:13:100:13 | a | Node steps to itself | -| A.cpp:101:5:101:6 | this | Node steps to itself | | A.cpp:101:5:101:6 | this indirection | Node steps to itself | | A.cpp:101:8:101:9 | c1 indirection | Node steps to itself | -| A.cpp:105:13:105:14 | c1 | Node steps to itself | -| A.cpp:107:12:107:13 | c1 | Node steps to itself | | A.cpp:107:12:107:13 | c1 indirection | Node steps to itself | -| A.cpp:110:13:110:14 | c2 | Node steps to itself | -| A.cpp:118:13:118:14 | c1 | Node steps to itself | -| A.cpp:120:12:120:13 | c1 | Node steps to itself | | A.cpp:120:12:120:13 | c1 indirection | Node steps to itself | -| A.cpp:126:5:126:5 | b | Node steps to itself | | A.cpp:126:5:126:5 | b indirection | Node steps to itself | -| A.cpp:131:5:131:6 | this | Node steps to itself | | A.cpp:131:5:131:6 | this indirection | Node steps to itself | -| A.cpp:131:8:131:8 | b | Node steps to itself | -| A.cpp:132:10:132:10 | b | Node steps to itself | | A.cpp:132:10:132:10 | b indirection | Node steps to itself | -| A.cpp:142:7:142:7 | b | Node steps to itself | -| A.cpp:143:7:143:10 | this | Node steps to itself | | A.cpp:143:7:143:10 | this indirection | Node steps to itself | -| A.cpp:143:17:143:17 | x | Node steps to itself | -| A.cpp:143:17:143:31 | ... ? ... : ... | Node steps to itself | -| A.cpp:143:21:143:21 | b | Node steps to itself | -| A.cpp:151:18:151:18 | b | Node steps to itself | -| A.cpp:151:21:151:21 | this | Node steps to itself | | A.cpp:151:21:151:21 | this indirection | Node steps to itself | -| A.cpp:152:10:152:10 | d | Node steps to itself | -| A.cpp:153:10:153:10 | d | Node steps to itself | | A.cpp:153:10:153:10 | d indirection | Node steps to itself | -| A.cpp:154:10:154:10 | b | Node steps to itself | | A.cpp:154:10:154:10 | b indirection | Node steps to itself | -| A.cpp:160:29:160:29 | b | Node steps to itself | | A.cpp:160:29:160:29 | b indirection | Node steps to itself | -| A.cpp:161:38:161:39 | l1 | Node steps to itself | | A.cpp:161:38:161:39 | l1 indirection | Node steps to itself | -| A.cpp:162:38:162:39 | l2 | Node steps to itself | | A.cpp:162:38:162:39 | l2 indirection | Node steps to itself | -| A.cpp:163:10:163:11 | l3 | Node steps to itself | -| A.cpp:164:10:164:11 | l3 | Node steps to itself | -| A.cpp:165:10:165:11 | l3 | Node steps to itself | -| A.cpp:166:10:166:11 | l3 | Node steps to itself | -| A.cpp:167:22:167:23 | l3 | Node steps to itself | -| A.cpp:167:26:167:26 | l | Node steps to itself | -| A.cpp:167:44:167:44 | l | Node steps to itself | | A.cpp:167:44:167:44 | l indirection | Node steps to itself | -| A.cpp:169:12:169:12 | l | Node steps to itself | -| A.cpp:183:7:183:10 | this | Node steps to itself | -| A.cpp:183:14:183:20 | newHead | Node steps to itself | -| A.cpp:184:7:184:10 | this | Node steps to itself | | A.cpp:184:7:184:10 | this indirection | Node steps to itself | -| A.cpp:184:20:184:23 | next | Node steps to itself | -| B.cpp:7:25:7:25 | e | Node steps to itself | | B.cpp:7:25:7:25 | e indirection | Node steps to itself | -| B.cpp:8:25:8:26 | b1 | Node steps to itself | | B.cpp:8:25:8:26 | b1 indirection | Node steps to itself | -| B.cpp:9:10:9:11 | b2 | Node steps to itself | -| B.cpp:10:10:10:11 | b2 | Node steps to itself | | B.cpp:10:10:10:11 | b2 indirection | Node steps to itself | -| B.cpp:16:37:16:37 | e | Node steps to itself | | B.cpp:16:37:16:37 | e indirection | Node steps to itself | -| B.cpp:17:25:17:26 | b1 | Node steps to itself | | B.cpp:17:25:17:26 | b1 indirection | Node steps to itself | -| B.cpp:18:10:18:11 | b2 | Node steps to itself | -| B.cpp:19:10:19:11 | b2 | Node steps to itself | | B.cpp:19:10:19:11 | b2 indirection | Node steps to itself | -| B.cpp:35:7:35:10 | this | Node steps to itself | -| B.cpp:35:21:35:22 | e1 | Node steps to itself | -| B.cpp:36:7:36:10 | this | Node steps to itself | | B.cpp:36:7:36:10 | this indirection | Node steps to itself | -| B.cpp:36:21:36:22 | e2 | Node steps to itself | -| B.cpp:46:7:46:10 | this | Node steps to itself | | B.cpp:46:7:46:10 | this indirection | Node steps to itself | -| B.cpp:46:20:46:21 | b1 | Node steps to itself | -| C.cpp:19:5:19:5 | c | Node steps to itself | | C.cpp:19:5:19:5 | c indirection | Node steps to itself | -| C.cpp:24:5:24:8 | this | Node steps to itself | | C.cpp:24:5:24:8 | this indirection | Node steps to itself | -| C.cpp:29:10:29:11 | this | Node steps to itself | -| C.cpp:30:10:30:11 | this | Node steps to itself | -| C.cpp:31:10:31:11 | this | Node steps to itself | | C.cpp:31:10:31:11 | this indirection | Node steps to itself | -| D.cpp:9:21:9:24 | this | Node steps to itself | | D.cpp:9:21:9:24 | this indirection | Node steps to itself | -| D.cpp:9:28:9:28 | e | Node steps to itself | -| D.cpp:10:30:10:33 | this | Node steps to itself | | D.cpp:10:30:10:33 | this indirection | Node steps to itself | -| D.cpp:11:29:11:32 | this | Node steps to itself | | D.cpp:11:29:11:32 | this indirection | Node steps to itself | -| D.cpp:11:36:11:36 | e | Node steps to itself | -| D.cpp:16:21:16:23 | this | Node steps to itself | | D.cpp:16:21:16:23 | this indirection | Node steps to itself | -| D.cpp:16:27:16:27 | b | Node steps to itself | -| D.cpp:17:30:17:32 | this | Node steps to itself | | D.cpp:17:30:17:32 | this indirection | Node steps to itself | -| D.cpp:18:29:18:31 | this | Node steps to itself | | D.cpp:18:29:18:31 | this indirection | Node steps to itself | -| D.cpp:18:35:18:35 | b | Node steps to itself | -| D.cpp:22:10:22:11 | b2 | Node steps to itself | | D.cpp:22:10:22:11 | b2 indirection | Node steps to itself | -| D.cpp:30:5:30:5 | b | Node steps to itself | -| D.cpp:30:20:30:20 | e | Node steps to itself | -| D.cpp:31:14:31:14 | b | Node steps to itself | | D.cpp:31:14:31:14 | b indirection | Node steps to itself | -| D.cpp:37:5:37:5 | b | Node steps to itself | -| D.cpp:37:21:37:21 | e | Node steps to itself | | D.cpp:37:21:37:21 | e indirection | Node steps to itself | -| D.cpp:38:14:38:14 | b | Node steps to itself | | D.cpp:38:14:38:14 | b indirection | Node steps to itself | -| D.cpp:44:5:44:5 | b | Node steps to itself | -| D.cpp:44:26:44:26 | e | Node steps to itself | -| D.cpp:45:14:45:14 | b | Node steps to itself | | D.cpp:45:14:45:14 | b indirection | Node steps to itself | -| D.cpp:51:5:51:5 | b | Node steps to itself | -| D.cpp:51:27:51:27 | e | Node steps to itself | | D.cpp:51:27:51:27 | e indirection | Node steps to itself | -| D.cpp:52:14:52:14 | b | Node steps to itself | | D.cpp:52:14:52:14 | b indirection | Node steps to itself | -| D.cpp:57:5:57:12 | this | Node steps to itself | -| D.cpp:58:5:58:12 | this | Node steps to itself | -| D.cpp:58:27:58:27 | e | Node steps to itself | -| D.cpp:59:5:59:7 | this | Node steps to itself | | D.cpp:59:5:59:7 | this indirection | Node steps to itself | -| D.cpp:64:10:64:17 | this | Node steps to itself | | D.cpp:64:10:64:17 | this indirection | Node steps to itself | -| E.cpp:21:10:21:10 | p | Node steps to itself | | E.cpp:21:10:21:10 | p indirection | Node steps to itself | -| E.cpp:29:21:29:21 | b | Node steps to itself | -| E.cpp:31:10:31:12 | raw | Node steps to itself | | E.cpp:31:10:31:12 | raw indirection | Node steps to itself | -| E.cpp:32:10:32:10 | b | Node steps to itself | | E.cpp:32:10:32:10 | b indirection | Node steps to itself | -| aliasing.cpp:9:3:9:3 | s | Node steps to itself | | aliasing.cpp:9:3:9:3 | s indirection | Node steps to itself | | aliasing.cpp:13:3:13:3 | s indirection | Node steps to itself | -| aliasing.cpp:27:14:27:15 | s3 | Node steps to itself | | aliasing.cpp:37:3:37:6 | ref1 indirection | Node steps to itself | | aliasing.cpp:43:8:43:11 | ref2 indirection | Node steps to itself | -| aliasing.cpp:48:13:48:14 | s1 | Node steps to itself | -| aliasing.cpp:53:13:53:14 | s2 | Node steps to itself | -| aliasing.cpp:61:13:61:14 | s2 | Node steps to itself | -| aliasing.cpp:79:3:79:3 | s | Node steps to itself | | aliasing.cpp:79:3:79:3 | s indirection | Node steps to itself | | aliasing.cpp:86:3:86:3 | s indirection | Node steps to itself | -| aliasing.cpp:100:14:100:14 | s | Node steps to itself | -| aliasing.cpp:102:9:102:10 | px | Node steps to itself | -| aliasing.cpp:121:15:121:16 | xs | Node steps to itself | -| aliasing.cpp:122:8:122:9 | xs | Node steps to itself | -| aliasing.cpp:126:15:126:16 | xs | Node steps to itself | -| aliasing.cpp:127:10:127:11 | xs | Node steps to itself | -| aliasing.cpp:131:15:131:16 | xs | Node steps to itself | -| aliasing.cpp:147:16:147:16 | s | Node steps to itself | -| aliasing.cpp:148:8:148:8 | s | Node steps to itself | -| aliasing.cpp:188:13:188:14 | s2 | Node steps to itself | -| aliasing.cpp:195:13:195:14 | s2 | Node steps to itself | -| aliasing.cpp:200:16:200:18 | ps2 | Node steps to itself | -| aliasing.cpp:201:8:201:10 | ps2 | Node steps to itself | | aliasing.cpp:201:8:201:10 | ps2 indirection | Node steps to itself | -| aliasing.cpp:205:16:205:18 | ps2 | Node steps to itself | -| aliasing.cpp:206:8:206:10 | ps2 | Node steps to itself | | aliasing.cpp:206:8:206:10 | ps2 indirection | Node steps to itself | -| arrays.cpp:9:8:9:11 | * ... | Node steps to itself | -| by_reference.cpp:12:5:12:5 | s | Node steps to itself | | by_reference.cpp:12:5:12:5 | s indirection | Node steps to itself | -| by_reference.cpp:12:12:12:16 | value | Node steps to itself | -| by_reference.cpp:16:5:16:8 | this | Node steps to itself | | by_reference.cpp:16:5:16:8 | this indirection | Node steps to itself | -| by_reference.cpp:16:15:16:19 | value | Node steps to itself | -| by_reference.cpp:20:5:20:8 | this | Node steps to itself | | by_reference.cpp:20:5:20:8 | this indirection | Node steps to itself | -| by_reference.cpp:20:23:20:27 | value | Node steps to itself | | by_reference.cpp:20:23:20:27 | value indirection | Node steps to itself | | by_reference.cpp:20:23:20:27 | value indirection | Node steps to itself | -| by_reference.cpp:24:19:24:22 | this | Node steps to itself | | by_reference.cpp:24:19:24:22 | this indirection | Node steps to itself | -| by_reference.cpp:24:25:24:29 | value | Node steps to itself | | by_reference.cpp:24:25:24:29 | value indirection | Node steps to itself | | by_reference.cpp:24:25:24:29 | value indirection | Node steps to itself | -| by_reference.cpp:32:12:32:12 | s | Node steps to itself | | by_reference.cpp:32:12:32:12 | s indirection | Node steps to itself | -| by_reference.cpp:36:12:36:15 | this | Node steps to itself | | by_reference.cpp:36:12:36:15 | this indirection | Node steps to itself | -| by_reference.cpp:40:12:40:15 | this | Node steps to itself | | by_reference.cpp:40:12:40:15 | this indirection | Node steps to itself | -| by_reference.cpp:44:26:44:29 | this | Node steps to itself | | by_reference.cpp:44:26:44:29 | this indirection | Node steps to itself | -| by_reference.cpp:84:3:84:7 | inner | Node steps to itself | | by_reference.cpp:84:3:84:7 | inner indirection | Node steps to itself | | by_reference.cpp:88:3:88:7 | inner indirection | Node steps to itself | -| by_reference.cpp:106:22:106:27 | pouter | Node steps to itself | -| by_reference.cpp:107:21:107:26 | pouter | Node steps to itself | -| by_reference.cpp:108:16:108:21 | pouter | Node steps to itself | -| by_reference.cpp:114:8:114:13 | pouter | Node steps to itself | -| by_reference.cpp:115:8:115:13 | pouter | Node steps to itself | -| by_reference.cpp:116:8:116:13 | pouter | Node steps to itself | | by_reference.cpp:116:8:116:13 | pouter indirection | Node steps to itself | -| by_reference.cpp:126:21:126:26 | pouter | Node steps to itself | -| by_reference.cpp:127:22:127:27 | pouter | Node steps to itself | -| by_reference.cpp:128:15:128:20 | pouter | Node steps to itself | -| by_reference.cpp:134:8:134:13 | pouter | Node steps to itself | -| by_reference.cpp:135:8:135:13 | pouter | Node steps to itself | -| by_reference.cpp:136:8:136:13 | pouter | Node steps to itself | | by_reference.cpp:136:8:136:13 | pouter indirection | Node steps to itself | -| complex.cpp:9:20:9:21 | this | Node steps to itself | | complex.cpp:9:20:9:21 | this indirection | Node steps to itself | -| complex.cpp:10:20:10:21 | this | Node steps to itself | | complex.cpp:10:20:10:21 | this indirection | Node steps to itself | -| complex.cpp:11:22:11:23 | this | Node steps to itself | | complex.cpp:11:22:11:23 | this indirection | Node steps to itself | -| complex.cpp:11:27:11:27 | a | Node steps to itself | -| complex.cpp:12:22:12:23 | this | Node steps to itself | | complex.cpp:12:22:12:23 | this indirection | Node steps to itself | -| complex.cpp:12:27:12:27 | b | Node steps to itself | -| complex.cpp:14:26:14:26 | a | Node steps to itself | -| complex.cpp:14:33:14:33 | b | Node steps to itself | | complex.cpp:43:8:43:8 | b indirection | Node steps to itself | | conflated.cpp:11:9:11:10 | ra indirection | Node steps to itself | | conflated.cpp:20:8:20:10 | raw indirection | Node steps to itself | -| conflated.cpp:29:3:29:4 | pa | Node steps to itself | -| conflated.cpp:30:8:30:9 | pa | Node steps to itself | | conflated.cpp:30:8:30:9 | pa indirection | Node steps to itself | -| conflated.cpp:35:8:35:14 | unknown | Node steps to itself | -| conflated.cpp:35:8:35:28 | ... ? ... : ... | Node steps to itself | -| conflated.cpp:35:18:35:20 | arg | Node steps to itself | -| conflated.cpp:36:3:36:4 | pa | Node steps to itself | -| conflated.cpp:37:8:37:9 | pa | Node steps to itself | | conflated.cpp:37:8:37:9 | pa indirection | Node steps to itself | -| conflated.cpp:45:39:45:42 | next | Node steps to itself | -| conflated.cpp:53:3:53:4 | ll | Node steps to itself | -| conflated.cpp:54:3:54:4 | ll | Node steps to itself | -| conflated.cpp:55:8:55:9 | ll | Node steps to itself | | conflated.cpp:55:8:55:9 | ll indirection | Node steps to itself | -| conflated.cpp:59:35:59:38 | next | Node steps to itself | | conflated.cpp:59:35:59:38 | next indirection | Node steps to itself | -| conflated.cpp:60:3:60:4 | ll | Node steps to itself | -| conflated.cpp:61:8:61:9 | ll | Node steps to itself | | conflated.cpp:61:8:61:9 | ll indirection | Node steps to itself | -| constructors.cpp:18:22:18:23 | this | Node steps to itself | | constructors.cpp:18:22:18:23 | this indirection | Node steps to itself | -| constructors.cpp:19:22:19:23 | this | Node steps to itself | | constructors.cpp:19:22:19:23 | this indirection | Node steps to itself | -| constructors.cpp:20:24:20:25 | this | Node steps to itself | | constructors.cpp:20:24:20:25 | this indirection | Node steps to itself | -| constructors.cpp:20:29:20:29 | a | Node steps to itself | -| constructors.cpp:21:24:21:25 | this | Node steps to itself | | constructors.cpp:21:24:21:25 | this indirection | Node steps to itself | -| constructors.cpp:21:29:21:29 | b | Node steps to itself | -| constructors.cpp:23:28:23:28 | a | Node steps to itself | -| constructors.cpp:23:35:23:35 | b | Node steps to itself | | constructors.cpp:29:10:29:10 | f indirection | Node steps to itself | -| qualifiers.cpp:9:30:9:33 | this | Node steps to itself | | qualifiers.cpp:9:30:9:33 | this indirection | Node steps to itself | -| qualifiers.cpp:9:40:9:44 | value | Node steps to itself | -| qualifiers.cpp:12:49:12:53 | inner | Node steps to itself | | qualifiers.cpp:12:49:12:53 | inner indirection | Node steps to itself | -| qualifiers.cpp:12:60:12:64 | value | Node steps to itself | | qualifiers.cpp:13:51:13:55 | inner indirection | Node steps to itself | -| qualifiers.cpp:13:61:13:65 | value | Node steps to itself | -| qualifiers.cpp:18:32:18:36 | this | Node steps to itself | | qualifiers.cpp:18:32:18:36 | this indirection | Node steps to itself | -| realistic.cpp:24:9:24:12 | size | Node steps to itself | -| realistic.cpp:25:30:25:35 | offset | Node steps to itself | -| realistic.cpp:26:15:26:18 | size | Node steps to itself | -| realistic.cpp:27:12:27:12 | m | Node steps to itself | -| realistic.cpp:32:13:32:13 | d | Node steps to itself | -| realistic.cpp:32:17:32:19 | num | Node steps to itself | -| realistic.cpp:33:11:33:11 | d | Node steps to itself | -| realistic.cpp:33:16:33:16 | e | Node steps to itself | -| realistic.cpp:36:12:36:22 | destination | Node steps to itself | -| realistic.cpp:42:20:42:20 | o | Node steps to itself | | realistic.cpp:42:20:42:20 | o indirection | Node steps to itself | | realistic.cpp:42:20:42:20 | o indirection | Node steps to itself | -| realistic.cpp:48:21:48:21 | i | Node steps to itself | -| realistic.cpp:48:34:48:34 | i | Node steps to itself | -| realistic.cpp:49:17:49:17 | i | Node steps to itself | -| realistic.cpp:52:11:52:11 | i | Node steps to itself | -| realistic.cpp:53:17:53:17 | i | Node steps to itself | -| realistic.cpp:54:24:54:24 | i | Node steps to itself | -| realistic.cpp:55:20:55:20 | i | Node steps to itself | -| realistic.cpp:57:96:57:96 | i | Node steps to itself | -| realistic.cpp:60:29:60:29 | i | Node steps to itself | -| realistic.cpp:60:63:60:63 | i | Node steps to itself | -| realistic.cpp:61:29:61:29 | i | Node steps to itself | -| realistic.cpp:65:29:65:29 | i | Node steps to itself | -| realistic.cpp:67:9:67:9 | i | Node steps to itself | -| simple.cpp:18:22:18:23 | this | Node steps to itself | | simple.cpp:18:22:18:23 | this indirection | Node steps to itself | -| simple.cpp:19:22:19:23 | this | Node steps to itself | | simple.cpp:19:22:19:23 | this indirection | Node steps to itself | -| simple.cpp:20:24:20:25 | this | Node steps to itself | | simple.cpp:20:24:20:25 | this indirection | Node steps to itself | -| simple.cpp:20:29:20:29 | a | Node steps to itself | -| simple.cpp:21:24:21:25 | this | Node steps to itself | | simple.cpp:21:24:21:25 | this indirection | Node steps to itself | -| simple.cpp:21:29:21:29 | b | Node steps to itself | -| simple.cpp:23:28:23:28 | a | Node steps to itself | -| simple.cpp:23:35:23:35 | b | Node steps to itself | | simple.cpp:29:10:29:10 | f indirection | Node steps to itself | -| simple.cpp:66:12:66:12 | a | Node steps to itself | -| simple.cpp:79:16:79:17 | this | Node steps to itself | | simple.cpp:79:16:79:17 | this indirection | Node steps to itself | -| simple.cpp:83:9:83:10 | this | Node steps to itself | -| simple.cpp:84:14:84:20 | this | Node steps to itself | | simple.cpp:84:14:84:20 | this indirection | Node steps to itself | -| simple.cpp:93:20:93:20 | a | Node steps to itself | -| struct_init.c:15:8:15:9 | ab | Node steps to itself | -| struct_init.c:16:8:16:9 | ab | Node steps to itself | | struct_init.c:16:8:16:9 | ab indirection | Node steps to itself | From b43702451f062566f85663b67295614f1c5c088b Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 5 May 2023 15:47:00 +0100 Subject: [PATCH 160/870] C++: Remove self edges from post-update SSA. --- .../cpp/ir/dataflow/internal/DataFlowUtil.qll | 2 +- .../cpp/ir/dataflow/internal/SsaInternals.qll | 14 +- .../dataflow-ir-consistency.expected | 55 -------- .../fields/dataflow-ir-consistency.expected | 121 ------------------ 4 files changed, 14 insertions(+), 178 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index bdde7830c1e..ed3053258d8 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -1540,7 +1540,7 @@ private module Cached { cached predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) { // Post update node -> Node flow - Ssa::ssaFlow(nodeFrom.(PostUpdateNode).getPreUpdateNode(), nodeTo) + Ssa::postUpdateFlow(nodeFrom, nodeTo) or // Def-use/Use-use flow Ssa::ssaFlow(nodeFrom, nodeTo) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll index b6c944206b2..d14b924b4a9 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll @@ -713,11 +713,23 @@ private Node getAPriorDefinition(SsaDefOrUse defOrUse) { /** Holds if there is def-use or use-use flow from `nodeFrom` to `nodeTo`. */ predicate ssaFlow(Node nodeFrom, Node nodeTo) { exists(Node nFrom, boolean uncertain, SsaDefOrUse defOrUse | - ssaFlowImpl(defOrUse, nFrom, nodeTo, uncertain) and + ssaFlowImpl(defOrUse, nFrom, nodeTo, uncertain) and nodeFrom != nodeTo + | if uncertain = true then nodeFrom = [nFrom, getAPriorDefinition(defOrUse)] else nodeFrom = nFrom ) } +predicate postUpdateFlow(PostUpdateNode pun, Node nodeTo) { + exists(Node preUpdate, Node nFrom, boolean uncertain, SsaDefOrUse defOrUse | + preUpdate = pun.getPreUpdateNode() and + ssaFlowImpl(defOrUse, nFrom, nodeTo, uncertain) + | + if uncertain = true + then preUpdate = [nFrom, getAPriorDefinition(defOrUse)] + else preUpdate = nFrom + ) +} + /** * Holds if `use` is a use of `sv` and is a next adjacent use of `phi` in * index `i1` in basic block `bb1`. diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected index c675242e7a2..58049de095d 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected @@ -32,58 +32,3 @@ uniqueParameterNodeAtPosition uniqueParameterNodePosition uniqueContentApprox identityLocalStep -| BarrierGuard.cpp:62:10:62:11 | p1 indirection | Node steps to itself | -| BarrierGuard.cpp:64:10:64:11 | p1 indirection | Node steps to itself | -| BarrierGuard.cpp:65:22:65:23 | p2 indirection | Node steps to itself | -| BarrierGuard.cpp:66:10:66:11 | p1 indirection | Node steps to itself | -| BarrierGuard.cpp:76:10:76:12 | buf indirection | Node steps to itself | -| clang.cpp:8:27:8:28 | this indirection | Node steps to itself | -| clang.cpp:31:8:31:24 | sourceStruct1_ptr indirection | Node steps to itself | -| dispatch.cpp:37:3:37:8 | topPtr indirection | Node steps to itself | -| dispatch.cpp:45:3:45:8 | topRef indirection | Node steps to itself | -| dispatch.cpp:55:8:55:19 | globalBottom indirection | Node steps to itself | -| dispatch.cpp:56:8:56:19 | globalMiddle indirection | Node steps to itself | -| dispatch.cpp:69:3:69:5 | top indirection | Node steps to itself | -| dispatch.cpp:73:3:73:5 | top indirection | Node steps to itself | -| dispatch.cpp:81:3:81:3 | x indirection | Node steps to itself | -| dispatch.cpp:89:12:89:17 | bottom indirection | Node steps to itself | -| dispatch.cpp:90:12:90:14 | top indirection | Node steps to itself | -| dispatch.cpp:129:10:129:15 | topPtr indirection | Node steps to itself | -| dispatch.cpp:130:10:130:15 | topRef indirection | Node steps to itself | -| example.c:19:6:19:6 | b indirection | Node steps to itself | -| file://:0:0:0:0 | this indirection | Node steps to itself | -| lambdas.cpp:13:11:13:11 | (unnamed parameter 0) indirection | Node steps to itself | -| lambdas.cpp:20:11:20:11 | (unnamed parameter 0) indirection | Node steps to itself | -| lambdas.cpp:23:3:23:14 | this indirection | Node steps to itself | -| lambdas.cpp:28:11:28:11 | (unnamed parameter 0) indirection | Node steps to itself | -| lambdas.cpp:30:3:30:6 | this indirection | Node steps to itself | -| ref.cpp:16:12:16:14 | lhs indirection | Node steps to itself | -| ref.cpp:75:5:75:7 | lhs indirection | Node steps to itself | -| ref.cpp:79:12:79:14 | lhs indirection | Node steps to itself | -| ref.cpp:87:7:87:9 | lhs indirection | Node steps to itself | -| ref.cpp:89:7:89:9 | lhs indirection | Node steps to itself | -| ref.cpp:96:7:96:9 | out indirection | Node steps to itself | -| ref.cpp:102:21:102:23 | out indirection | Node steps to itself | -| ref.cpp:104:7:104:9 | out indirection | Node steps to itself | -| ref.cpp:113:7:113:9 | out indirection | Node steps to itself | -| ref.cpp:115:7:115:9 | out indirection | Node steps to itself | -| test.cpp:194:13:194:27 | this indirection | Node steps to itself | -| test.cpp:209:13:209:33 | this indirection | Node steps to itself | -| test.cpp:223:13:223:34 | this indirection | Node steps to itself | -| test.cpp:236:13:236:24 | this indirection | Node steps to itself | -| test.cpp:246:7:246:16 | this indirection | Node steps to itself | -| test.cpp:251:7:251:12 | this indirection | Node steps to itself | -| test.cpp:256:7:256:12 | this indirection | Node steps to itself | -| test.cpp:267:11:267:20 | this indirection | Node steps to itself | -| test.cpp:273:14:273:19 | this indirection | Node steps to itself | -| test.cpp:278:14:278:19 | this indirection | Node steps to itself | -| test.cpp:290:13:290:22 | this indirection | Node steps to itself | -| test.cpp:295:17:295:22 | this indirection | Node steps to itself | -| test.cpp:300:23:300:28 | this indirection | Node steps to itself | -| test.cpp:314:2:314:2 | this indirection | Node steps to itself | -| test.cpp:321:2:321:2 | this indirection | Node steps to itself | -| test.cpp:359:5:359:9 | this indirection | Node steps to itself | -| test.cpp:365:10:365:14 | this indirection | Node steps to itself | -| test.cpp:369:10:369:14 | this indirection | Node steps to itself | -| test.cpp:375:10:375:14 | this indirection | Node steps to itself | -| test.cpp:489:20:489:20 | s indirection | Node steps to itself | diff --git a/cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected b/cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected index 82aea270495..ba007019708 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected +++ b/cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected @@ -42,124 +42,3 @@ uniqueParameterNodeAtPosition uniqueParameterNodePosition uniqueContentApprox identityLocalStep -| A.cpp:25:7:25:10 | this indirection | Node steps to itself | -| A.cpp:27:22:27:25 | this indirection | Node steps to itself | -| A.cpp:28:23:28:26 | this indirection | Node steps to itself | -| A.cpp:31:20:31:20 | c indirection | Node steps to itself | -| A.cpp:41:15:41:21 | new indirection | Node steps to itself | -| A.cpp:48:20:48:20 | c indirection | Node steps to itself | -| A.cpp:49:10:49:10 | b indirection | Node steps to itself | -| A.cpp:55:12:55:19 | new indirection | Node steps to itself | -| A.cpp:56:10:56:10 | b indirection | Node steps to itself | -| A.cpp:64:10:64:15 | this indirection | Node steps to itself | -| A.cpp:64:21:64:28 | new indirection | Node steps to itself | -| A.cpp:65:10:65:11 | b1 indirection | Node steps to itself | -| A.cpp:66:10:66:11 | b2 indirection | Node steps to itself | -| A.cpp:73:10:73:19 | this indirection | Node steps to itself | -| A.cpp:73:25:73:32 | new indirection | Node steps to itself | -| A.cpp:74:10:74:11 | b1 indirection | Node steps to itself | -| A.cpp:75:10:75:11 | b2 indirection | Node steps to itself | -| A.cpp:81:21:81:21 | c indirection | Node steps to itself | -| A.cpp:82:12:82:12 | this indirection | Node steps to itself | -| A.cpp:87:9:87:9 | this indirection | Node steps to itself | -| A.cpp:90:15:90:15 | c indirection | Node steps to itself | -| A.cpp:101:5:101:6 | this indirection | Node steps to itself | -| A.cpp:101:8:101:9 | c1 indirection | Node steps to itself | -| A.cpp:107:12:107:13 | c1 indirection | Node steps to itself | -| A.cpp:120:12:120:13 | c1 indirection | Node steps to itself | -| A.cpp:126:5:126:5 | b indirection | Node steps to itself | -| A.cpp:131:5:131:6 | this indirection | Node steps to itself | -| A.cpp:132:10:132:10 | b indirection | Node steps to itself | -| A.cpp:143:7:143:10 | this indirection | Node steps to itself | -| A.cpp:151:21:151:21 | this indirection | Node steps to itself | -| A.cpp:153:10:153:10 | d indirection | Node steps to itself | -| A.cpp:154:10:154:10 | b indirection | Node steps to itself | -| A.cpp:160:29:160:29 | b indirection | Node steps to itself | -| A.cpp:161:38:161:39 | l1 indirection | Node steps to itself | -| A.cpp:162:38:162:39 | l2 indirection | Node steps to itself | -| A.cpp:167:44:167:44 | l indirection | Node steps to itself | -| A.cpp:184:7:184:10 | this indirection | Node steps to itself | -| B.cpp:7:25:7:25 | e indirection | Node steps to itself | -| B.cpp:8:25:8:26 | b1 indirection | Node steps to itself | -| B.cpp:10:10:10:11 | b2 indirection | Node steps to itself | -| B.cpp:16:37:16:37 | e indirection | Node steps to itself | -| B.cpp:17:25:17:26 | b1 indirection | Node steps to itself | -| B.cpp:19:10:19:11 | b2 indirection | Node steps to itself | -| B.cpp:36:7:36:10 | this indirection | Node steps to itself | -| B.cpp:46:7:46:10 | this indirection | Node steps to itself | -| C.cpp:19:5:19:5 | c indirection | Node steps to itself | -| C.cpp:24:5:24:8 | this indirection | Node steps to itself | -| C.cpp:31:10:31:11 | this indirection | Node steps to itself | -| D.cpp:9:21:9:24 | this indirection | Node steps to itself | -| D.cpp:10:30:10:33 | this indirection | Node steps to itself | -| D.cpp:11:29:11:32 | this indirection | Node steps to itself | -| D.cpp:16:21:16:23 | this indirection | Node steps to itself | -| D.cpp:17:30:17:32 | this indirection | Node steps to itself | -| D.cpp:18:29:18:31 | this indirection | Node steps to itself | -| D.cpp:22:10:22:11 | b2 indirection | Node steps to itself | -| D.cpp:31:14:31:14 | b indirection | Node steps to itself | -| D.cpp:37:21:37:21 | e indirection | Node steps to itself | -| D.cpp:38:14:38:14 | b indirection | Node steps to itself | -| D.cpp:45:14:45:14 | b indirection | Node steps to itself | -| D.cpp:51:27:51:27 | e indirection | Node steps to itself | -| D.cpp:52:14:52:14 | b indirection | Node steps to itself | -| D.cpp:59:5:59:7 | this indirection | Node steps to itself | -| D.cpp:64:10:64:17 | this indirection | Node steps to itself | -| E.cpp:21:10:21:10 | p indirection | Node steps to itself | -| E.cpp:31:10:31:12 | raw indirection | Node steps to itself | -| E.cpp:32:10:32:10 | b indirection | Node steps to itself | -| aliasing.cpp:9:3:9:3 | s indirection | Node steps to itself | -| aliasing.cpp:13:3:13:3 | s indirection | Node steps to itself | -| aliasing.cpp:37:3:37:6 | ref1 indirection | Node steps to itself | -| aliasing.cpp:43:8:43:11 | ref2 indirection | Node steps to itself | -| aliasing.cpp:79:3:79:3 | s indirection | Node steps to itself | -| aliasing.cpp:86:3:86:3 | s indirection | Node steps to itself | -| aliasing.cpp:201:8:201:10 | ps2 indirection | Node steps to itself | -| aliasing.cpp:206:8:206:10 | ps2 indirection | Node steps to itself | -| by_reference.cpp:12:5:12:5 | s indirection | Node steps to itself | -| by_reference.cpp:16:5:16:8 | this indirection | Node steps to itself | -| by_reference.cpp:20:5:20:8 | this indirection | Node steps to itself | -| by_reference.cpp:20:23:20:27 | value indirection | Node steps to itself | -| by_reference.cpp:20:23:20:27 | value indirection | Node steps to itself | -| by_reference.cpp:24:19:24:22 | this indirection | Node steps to itself | -| by_reference.cpp:24:25:24:29 | value indirection | Node steps to itself | -| by_reference.cpp:24:25:24:29 | value indirection | Node steps to itself | -| by_reference.cpp:32:12:32:12 | s indirection | Node steps to itself | -| by_reference.cpp:36:12:36:15 | this indirection | Node steps to itself | -| by_reference.cpp:40:12:40:15 | this indirection | Node steps to itself | -| by_reference.cpp:44:26:44:29 | this indirection | Node steps to itself | -| by_reference.cpp:84:3:84:7 | inner indirection | Node steps to itself | -| by_reference.cpp:88:3:88:7 | inner indirection | Node steps to itself | -| by_reference.cpp:116:8:116:13 | pouter indirection | Node steps to itself | -| by_reference.cpp:136:8:136:13 | pouter indirection | Node steps to itself | -| complex.cpp:9:20:9:21 | this indirection | Node steps to itself | -| complex.cpp:10:20:10:21 | this indirection | Node steps to itself | -| complex.cpp:11:22:11:23 | this indirection | Node steps to itself | -| complex.cpp:12:22:12:23 | this indirection | Node steps to itself | -| complex.cpp:43:8:43:8 | b indirection | Node steps to itself | -| conflated.cpp:11:9:11:10 | ra indirection | Node steps to itself | -| conflated.cpp:20:8:20:10 | raw indirection | Node steps to itself | -| conflated.cpp:30:8:30:9 | pa indirection | Node steps to itself | -| conflated.cpp:37:8:37:9 | pa indirection | Node steps to itself | -| conflated.cpp:55:8:55:9 | ll indirection | Node steps to itself | -| conflated.cpp:59:35:59:38 | next indirection | Node steps to itself | -| conflated.cpp:61:8:61:9 | ll indirection | Node steps to itself | -| constructors.cpp:18:22:18:23 | this indirection | Node steps to itself | -| constructors.cpp:19:22:19:23 | this indirection | Node steps to itself | -| constructors.cpp:20:24:20:25 | this indirection | Node steps to itself | -| constructors.cpp:21:24:21:25 | this indirection | Node steps to itself | -| constructors.cpp:29:10:29:10 | f indirection | Node steps to itself | -| qualifiers.cpp:9:30:9:33 | this indirection | Node steps to itself | -| qualifiers.cpp:12:49:12:53 | inner indirection | Node steps to itself | -| qualifiers.cpp:13:51:13:55 | inner indirection | Node steps to itself | -| qualifiers.cpp:18:32:18:36 | this indirection | Node steps to itself | -| realistic.cpp:42:20:42:20 | o indirection | Node steps to itself | -| realistic.cpp:42:20:42:20 | o indirection | Node steps to itself | -| simple.cpp:18:22:18:23 | this indirection | Node steps to itself | -| simple.cpp:19:22:19:23 | this indirection | Node steps to itself | -| simple.cpp:20:24:20:25 | this indirection | Node steps to itself | -| simple.cpp:21:24:21:25 | this indirection | Node steps to itself | -| simple.cpp:29:10:29:10 | f indirection | Node steps to itself | -| simple.cpp:79:16:79:17 | this indirection | Node steps to itself | -| simple.cpp:84:14:84:20 | this indirection | Node steps to itself | -| struct_init.c:16:8:16:9 | ab indirection | Node steps to itself | From 89bf3359009ac59e36238045680230e2d60e3787 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 5 May 2023 16:44:41 +0100 Subject: [PATCH 161/870] C++: Accept test changes. --- .../dataflow-ir-consistency.expected | 1164 ----------------- 1 file changed, 1164 deletions(-) diff --git a/cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected b/cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected index 60aeccba797..eb1472ebfaa 100644 --- a/cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected +++ b/cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected @@ -54,1167 +54,3 @@ uniqueParameterNodeAtPosition uniqueParameterNodePosition uniqueContentApprox identityLocalStep -| VacuousDestructorCall.cpp:10:18:10:18 | i | Node steps to itself | -| abortingfunctions.cpp:20:9:20:9 | i | Node steps to itself | -| abortingfunctions.cpp:32:9:32:9 | i | Node steps to itself | -| aggregateinitializer.c:3:14:3:14 | a | Node steps to itself | -| aggregateinitializer.c:3:18:3:18 | b | Node steps to itself | -| aggregateinitializer.c:3:21:3:21 | c | Node steps to itself | -| aggregateinitializer.c:3:25:3:25 | d | Node steps to itself | -| allocators.cpp:3:34:3:34 | x | Node steps to itself | -| allocators.cpp:3:42:3:42 | y | Node steps to itself | -| allocators.cpp:4:18:4:20 | this | Node steps to itself | -| allocators.cpp:4:18:4:20 | this indirection | Node steps to itself | -| allocators.cpp:4:24:4:26 | this | Node steps to itself | -| assignexpr.cpp:11:8:11:8 | a | Node steps to itself | -| assignexpr.cpp:11:12:11:12 | b | Node steps to itself | -| bad_asts.cpp:10:22:10:22 | y | Node steps to itself | -| bad_asts.cpp:19:10:19:10 | (unnamed parameter 0) indirection | Node steps to itself | -| break_labels.c:4:9:4:9 | i | Node steps to itself | -| break_labels.c:5:9:5:14 | result | Node steps to itself | -| break_labels.c:6:16:6:16 | Phi | Node steps to itself | -| break_labels.c:6:16:6:16 | i | Node steps to itself | -| break_labels.c:13:12:13:17 | result | Node steps to itself | -| break_labels.c:20:16:20:16 | i | Node steps to itself | -| break_labels.c:20:24:20:24 | i | Node steps to itself | -| break_labels.c:21:13:21:13 | i | Node steps to itself | -| break_labels.c:24:13:24:13 | i | Node steps to itself | -| break_labels.c:27:9:27:9 | x | Node steps to itself | -| builtin.c:8:3:8:5 | acc | Node steps to itself | -| builtin.c:8:35:8:35 | x | Node steps to itself | -| builtin.c:8:40:8:40 | y | Node steps to itself | -| builtin.c:10:20:10:20 | x | Node steps to itself | -| builtin.c:12:3:12:5 | acc | Node steps to itself | -| builtin.c:15:54:15:56 | vec | Node steps to itself | -| builtin.c:18:33:18:35 | vec | Node steps to itself | -| builtin.c:20:3:20:5 | acc | Node steps to itself | -| builtin.c:20:33:20:33 | x | Node steps to itself | -| builtin.c:21:3:21:5 | acc | Node steps to itself | -| builtin.c:21:33:21:33 | x | Node steps to itself | -| builtin.c:21:38:21:38 | y | Node steps to itself | -| builtin.c:22:3:22:5 | acc | Node steps to itself | -| builtin.c:22:34:22:34 | x | Node steps to itself | -| builtin.c:22:39:22:39 | y | Node steps to itself | -| builtin.c:24:7:24:7 | y | Node steps to itself | -| builtin.c:28:31:28:33 | acc | Node steps to itself | -| builtin.c:29:12:29:14 | acc | Node steps to itself | -| builtin.c:34:3:34:5 | acc | Node steps to itself | -| builtin.c:34:34:34:34 | x | Node steps to itself | -| builtin.c:39:25:39:25 | x | Node steps to itself | -| builtin.c:43:26:43:26 | x | Node steps to itself | -| builtin.c:45:3:45:5 | acc | Node steps to itself | -| builtin.c:48:2:48:4 | acc | Node steps to itself | -| builtin.c:51:3:51:5 | acc | Node steps to itself | -| builtin.c:51:41:51:41 | x | Node steps to itself | -| builtin.c:51:43:51:43 | y | Node steps to itself | -| builtin.c:54:3:54:5 | acc | Node steps to itself | -| builtin.c:56:10:56:12 | acc | Node steps to itself | -| builtin.cpp:14:40:14:40 | x | Node steps to itself | -| builtin.cpp:14:44:14:44 | y | Node steps to itself | -| builtin.cpp:15:31:15:35 | * ... | Node steps to itself | -| builtin.cpp:15:31:15:35 | * ... indirection | Node steps to itself | -| builtin.cpp:15:31:15:35 | * ... indirection | Node steps to itself | -| condition_decl_int.cpp:3:9:3:21 | Phi | Node steps to itself | -| condition_decl_int.cpp:3:9:3:21 | Phi | Node steps to itself | -| condition_decl_int.cpp:3:9:3:21 | Phi | Node steps to itself | -| condition_decl_int.cpp:3:13:3:13 | k | Node steps to itself | -| condition_decl_int.cpp:3:17:3:17 | j | Node steps to itself | -| condition_decls.cpp:3:5:3:9 | this | Node steps to itself | -| condition_decls.cpp:3:5:3:9 | this indirection | Node steps to itself | -| condition_decls.cpp:3:21:3:21 | x | Node steps to itself | -| condition_decls.cpp:6:12:6:16 | this | Node steps to itself | -| condition_decls.cpp:6:12:6:16 | this indirection | Node steps to itself | -| condition_decls.cpp:9:13:9:17 | this | Node steps to itself | -| condition_decls.cpp:9:13:9:17 | this indirection | Node steps to itself | -| condition_decls.cpp:16:20:16:20 | x | Node steps to itself | -| condition_decls.cpp:26:24:26:24 | x | Node steps to itself | -| condition_decls.cpp:41:23:41:23 | x | Node steps to itself | -| condition_decls.cpp:48:24:48:24 | x | Node steps to itself | -| condition_decls.cpp:48:36:48:36 | x | Node steps to itself | -| condition_decls.cpp:48:53:48:53 | x | Node steps to itself | -| conditional_destructors.cpp:6:13:6:15 | this | Node steps to itself | -| conditional_destructors.cpp:6:13:6:15 | this indirection | Node steps to itself | -| conditional_destructors.cpp:6:19:6:19 | x | Node steps to itself | -| conditional_destructors.cpp:10:16:10:18 | this | Node steps to itself | -| conditional_destructors.cpp:10:16:10:18 | this indirection | Node steps to itself | -| conditional_destructors.cpp:10:23:10:27 | other indirection | Node steps to itself | -| conditional_destructors.cpp:18:13:18:15 | this | Node steps to itself | -| conditional_destructors.cpp:18:13:18:15 | this indirection | Node steps to itself | -| conditional_destructors.cpp:18:19:18:19 | x | Node steps to itself | -| conditional_destructors.cpp:25:16:25:18 | this | Node steps to itself | -| conditional_destructors.cpp:25:16:25:18 | this indirection | Node steps to itself | -| conditional_destructors.cpp:25:23:25:27 | other indirection | Node steps to itself | -| conditional_destructors.cpp:30:18:30:22 | call to C1 indirection | Node steps to itself | -| conditional_destructors.cpp:33:18:33:22 | call to C1 indirection | Node steps to itself | -| conditional_destructors.cpp:39:18:39:22 | call to C2 indirection | Node steps to itself | -| conditional_destructors.cpp:42:18:42:22 | call to C2 indirection | Node steps to itself | -| constmemberaccess.cpp:11:6:11:6 | c | Node steps to itself | -| constmemberaccess.cpp:11:6:11:6 | c indirection | Node steps to itself | -| constructorinitializer.cpp:10:6:10:6 | i | Node steps to itself | -| constructorinitializer.cpp:10:10:10:10 | j | Node steps to itself | -| constructorinitializer.cpp:10:13:10:13 | k | Node steps to itself | -| constructorinitializer.cpp:10:17:10:17 | l | Node steps to itself | -| cpp11.cpp:28:21:28:21 | (__range) indirection | Node steps to itself | -| cpp11.cpp:29:14:29:15 | el | Node steps to itself | -| cpp11.cpp:56:19:56:28 | global_int | Node steps to itself | -| cpp11.cpp:65:19:65:45 | [...](...){...} | Node steps to itself | -| cpp11.cpp:65:19:65:45 | x | Node steps to itself | -| cpp11.cpp:65:20:65:20 | (unnamed parameter 0) indirection | Node steps to itself | -| cpp11.cpp:77:19:77:21 | call to Val | Node steps to itself | -| cpp11.cpp:82:11:82:14 | call to Val | Node steps to itself | -| cpp11.cpp:82:17:82:17 | (unnamed parameter 0) indirection | Node steps to itself | -| cpp11.cpp:82:17:82:55 | [...](...){...} | Node steps to itself | -| cpp11.cpp:82:17:82:55 | binaryFunction | Node steps to itself | -| cpp11.cpp:82:30:82:52 | this | Node steps to itself | -| cpp11.cpp:82:45:82:48 | call to Val | Node steps to itself | -| cpp11.cpp:82:45:82:48 | this | Node steps to itself | -| cpp11.cpp:82:45:82:48 | this indirection | Node steps to itself | -| cpp11.cpp:82:51:82:51 | call to Val | Node steps to itself | -| cpp11.cpp:88:25:88:30 | call to Val | Node steps to itself | -| cpp11.cpp:88:33:88:38 | call to Val | Node steps to itself | -| cpp11.cpp:118:12:118:12 | Phi | Node steps to itself | -| cpp11.cpp:118:12:118:12 | Phi | Node steps to itself | -| cpp11.cpp:118:12:118:12 | x | Node steps to itself | -| cpp11.cpp:120:11:120:11 | x | Node steps to itself | -| cpp11.cpp:122:18:122:18 | x | Node steps to itself | -| cpp11.cpp:124:18:124:18 | x | Node steps to itself | -| cpp11.cpp:126:18:126:18 | x | Node steps to itself | -| cpp11.cpp:128:18:128:18 | x | Node steps to itself | -| cpp11.cpp:144:11:144:11 | x | Node steps to itself | -| cpp11.cpp:145:13:145:13 | x | Node steps to itself | -| cpp11.cpp:147:15:147:15 | x | Node steps to itself | -| cpp11.cpp:154:15:154:15 | x | Node steps to itself | -| cpp11.cpp:168:9:168:9 | x | Node steps to itself | -| cpp17.cpp:15:5:15:45 | new indirection | Node steps to itself | -| cpp17.cpp:15:11:15:21 | ptr indirection | Node steps to itself | -| cpp17.cpp:15:38:15:41 | (unnamed parameter 2) | Node steps to itself | -| cpp17.cpp:15:38:15:41 | args | Node steps to itself | -| cpp17.cpp:19:10:19:10 | p | Node steps to itself | -| cpp17.cpp:19:10:19:10 | p indirection | Node steps to itself | -| cpp17.cpp:19:13:19:13 | 1 indirection | Node steps to itself | -| cpp17.cpp:19:16:19:16 | 2 indirection | Node steps to itself | -| destructors.cpp:51:22:51:22 | x | Node steps to itself | -| dostmt.c:35:7:35:7 | Phi | Node steps to itself | -| dostmt.c:35:7:35:7 | i | Node steps to itself | -| dostmt.c:36:11:36:11 | i | Node steps to itself | -| duff2.c:3:14:3:14 | i | Node steps to itself | -| duff2.c:4:13:4:13 | i | Node steps to itself | -| duff2.c:13:16:13:16 | n | Node steps to itself | -| duff2.c:17:14:17:14 | i | Node steps to itself | -| duff2.c:18:13:18:13 | i | Node steps to itself | -| duff2.c:21:16:21:16 | n | Node steps to itself | -| duff.c:3:14:3:14 | i | Node steps to itself | -| duff.c:4:13:4:13 | i | Node steps to itself | -| duff.c:13:24:13:24 | n | Node steps to itself | -| ellipsisexceptionhandler.cpp:16:7:16:15 | condition | Node steps to itself | -| fieldaccess.cpp:11:6:11:6 | c | Node steps to itself | -| fieldaccess.cpp:11:6:11:6 | c indirection | Node steps to itself | -| file://:0:0:0:0 | (__begin) | Node steps to itself | -| file://:0:0:0:0 | (__begin) | Node steps to itself | -| file://:0:0:0:0 | (__begin) | Node steps to itself | -| file://:0:0:0:0 | (__begin) | Node steps to itself | -| file://:0:0:0:0 | (__end) | Node steps to itself | -| file://:0:0:0:0 | (__end) | Node steps to itself | -| file://:0:0:0:0 | (unnamed parameter 0) indirection | Node steps to itself | -| file://:0:0:0:0 | (unnamed parameter 0) indirection | Node steps to itself | -| file://:0:0:0:0 | (unnamed parameter 0) indirection | Node steps to itself | -| file://:0:0:0:0 | Phi | Node steps to itself | -| file://:0:0:0:0 | Phi | Node steps to itself | -| file://:0:0:0:0 | Phi | Node steps to itself | -| file://:0:0:0:0 | Phi | Node steps to itself | -| file://:0:0:0:0 | Phi | Node steps to itself | -| file://:0:0:0:0 | Phi | Node steps to itself | -| file://:0:0:0:0 | Phi | Node steps to itself | -| file://:0:0:0:0 | Phi | Node steps to itself | -| file://:0:0:0:0 | Phi | Node steps to itself | -| file://:0:0:0:0 | call to C | Node steps to itself | -| file://:0:0:0:0 | this | Node steps to itself | -| file://:0:0:0:0 | this indirection | Node steps to itself | -| forstmt.cpp:2:21:2:21 | Phi | Node steps to itself | -| forstmt.cpp:2:21:2:21 | i | Node steps to itself | -| forstmt.cpp:2:29:2:29 | i | Node steps to itself | -| forstmt.cpp:14:21:14:24 | Phi | Node steps to itself | -| forstmt.cpp:14:27:14:27 | i | Node steps to itself | -| forstmt.cpp:19:21:19:21 | Phi | Node steps to itself | -| forstmt.cpp:19:21:19:21 | i | Node steps to itself | -| forstmt.cpp:19:28:19:28 | i | Node steps to itself | -| ifelsestmt.c:38:6:38:6 | x | Node steps to itself | -| ifelsestmt.c:38:11:38:11 | y | Node steps to itself | -| ifstmt.c:28:6:28:6 | x | Node steps to itself | -| ifstmt.c:28:11:28:11 | y | Node steps to itself | -| initializer.c:3:10:3:10 | a | Node steps to itself | -| initializer.c:3:14:3:14 | b | Node steps to itself | -| ir.cpp:46:9:46:9 | x | Node steps to itself | -| ir.cpp:47:9:47:9 | x | Node steps to itself | -| ir.cpp:53:9:53:9 | x | Node steps to itself | -| ir.cpp:53:13:53:13 | y | Node steps to itself | -| ir.cpp:54:9:54:9 | x | Node steps to itself | -| ir.cpp:54:13:54:13 | y | Node steps to itself | -| ir.cpp:55:9:55:9 | x | Node steps to itself | -| ir.cpp:55:13:55:13 | y | Node steps to itself | -| ir.cpp:56:9:56:9 | x | Node steps to itself | -| ir.cpp:56:13:56:13 | y | Node steps to itself | -| ir.cpp:57:9:57:9 | x | Node steps to itself | -| ir.cpp:57:13:57:13 | y | Node steps to itself | -| ir.cpp:59:9:59:9 | x | Node steps to itself | -| ir.cpp:59:13:59:13 | y | Node steps to itself | -| ir.cpp:60:9:60:9 | x | Node steps to itself | -| ir.cpp:60:13:60:13 | y | Node steps to itself | -| ir.cpp:61:9:61:9 | x | Node steps to itself | -| ir.cpp:61:13:61:13 | y | Node steps to itself | -| ir.cpp:63:9:63:9 | x | Node steps to itself | -| ir.cpp:63:14:63:14 | y | Node steps to itself | -| ir.cpp:64:9:64:9 | x | Node steps to itself | -| ir.cpp:64:14:64:14 | y | Node steps to itself | -| ir.cpp:66:9:66:9 | x | Node steps to itself | -| ir.cpp:68:5:68:5 | z | Node steps to itself | -| ir.cpp:68:10:68:10 | x | Node steps to itself | -| ir.cpp:69:5:69:5 | z | Node steps to itself | -| ir.cpp:69:10:69:10 | x | Node steps to itself | -| ir.cpp:70:5:70:5 | z | Node steps to itself | -| ir.cpp:70:10:70:10 | x | Node steps to itself | -| ir.cpp:71:5:71:5 | z | Node steps to itself | -| ir.cpp:71:10:71:10 | x | Node steps to itself | -| ir.cpp:72:5:72:5 | z | Node steps to itself | -| ir.cpp:72:10:72:10 | x | Node steps to itself | -| ir.cpp:74:5:74:5 | z | Node steps to itself | -| ir.cpp:74:10:74:10 | x | Node steps to itself | -| ir.cpp:75:5:75:5 | z | Node steps to itself | -| ir.cpp:75:10:75:10 | x | Node steps to itself | -| ir.cpp:76:5:76:5 | z | Node steps to itself | -| ir.cpp:76:10:76:10 | x | Node steps to itself | -| ir.cpp:78:5:78:5 | z | Node steps to itself | -| ir.cpp:78:11:78:11 | x | Node steps to itself | -| ir.cpp:79:5:79:5 | z | Node steps to itself | -| ir.cpp:79:11:79:11 | x | Node steps to itself | -| ir.cpp:82:10:82:10 | x | Node steps to itself | -| ir.cpp:83:10:83:10 | x | Node steps to itself | -| ir.cpp:84:10:84:10 | x | Node steps to itself | -| ir.cpp:90:9:90:9 | x | Node steps to itself | -| ir.cpp:90:14:90:14 | y | Node steps to itself | -| ir.cpp:91:9:91:9 | x | Node steps to itself | -| ir.cpp:91:14:91:14 | y | Node steps to itself | -| ir.cpp:92:9:92:9 | x | Node steps to itself | -| ir.cpp:92:13:92:13 | y | Node steps to itself | -| ir.cpp:93:9:93:9 | x | Node steps to itself | -| ir.cpp:93:13:93:13 | y | Node steps to itself | -| ir.cpp:94:9:94:9 | x | Node steps to itself | -| ir.cpp:94:14:94:14 | y | Node steps to itself | -| ir.cpp:95:9:95:9 | x | Node steps to itself | -| ir.cpp:95:14:95:14 | y | Node steps to itself | -| ir.cpp:101:11:101:11 | x | Node steps to itself | -| ir.cpp:102:11:102:11 | x | Node steps to itself | -| ir.cpp:110:13:110:13 | x | Node steps to itself | -| ir.cpp:111:13:111:13 | x | Node steps to itself | -| ir.cpp:117:9:117:9 | x | Node steps to itself | -| ir.cpp:117:13:117:13 | y | Node steps to itself | -| ir.cpp:118:9:118:9 | x | Node steps to itself | -| ir.cpp:118:13:118:13 | y | Node steps to itself | -| ir.cpp:119:9:119:9 | x | Node steps to itself | -| ir.cpp:119:13:119:13 | y | Node steps to itself | -| ir.cpp:120:9:120:9 | x | Node steps to itself | -| ir.cpp:120:13:120:13 | y | Node steps to itself | -| ir.cpp:122:9:122:9 | x | Node steps to itself | -| ir.cpp:124:5:124:5 | z | Node steps to itself | -| ir.cpp:124:10:124:10 | x | Node steps to itself | -| ir.cpp:125:5:125:5 | z | Node steps to itself | -| ir.cpp:125:10:125:10 | x | Node steps to itself | -| ir.cpp:126:5:126:5 | z | Node steps to itself | -| ir.cpp:126:10:126:10 | x | Node steps to itself | -| ir.cpp:127:5:127:5 | z | Node steps to itself | -| ir.cpp:127:10:127:10 | x | Node steps to itself | -| ir.cpp:130:10:130:10 | x | Node steps to itself | -| ir.cpp:136:9:136:9 | x | Node steps to itself | -| ir.cpp:136:14:136:14 | y | Node steps to itself | -| ir.cpp:137:9:137:9 | x | Node steps to itself | -| ir.cpp:137:14:137:14 | y | Node steps to itself | -| ir.cpp:138:9:138:9 | x | Node steps to itself | -| ir.cpp:138:13:138:13 | y | Node steps to itself | -| ir.cpp:139:9:139:9 | x | Node steps to itself | -| ir.cpp:139:13:139:13 | y | Node steps to itself | -| ir.cpp:140:9:140:9 | x | Node steps to itself | -| ir.cpp:140:14:140:14 | y | Node steps to itself | -| ir.cpp:141:9:141:9 | x | Node steps to itself | -| ir.cpp:141:14:141:14 | y | Node steps to itself | -| ir.cpp:147:11:147:11 | x | Node steps to itself | -| ir.cpp:148:11:148:11 | x | Node steps to itself | -| ir.cpp:157:9:157:9 | p | Node steps to itself | -| ir.cpp:157:13:157:13 | i | Node steps to itself | -| ir.cpp:158:9:158:9 | i | Node steps to itself | -| ir.cpp:158:13:158:13 | p | Node steps to itself | -| ir.cpp:159:9:159:9 | p | Node steps to itself | -| ir.cpp:159:13:159:13 | i | Node steps to itself | -| ir.cpp:160:9:160:9 | p | Node steps to itself | -| ir.cpp:160:13:160:13 | q | Node steps to itself | -| ir.cpp:162:9:162:9 | p | Node steps to itself | -| ir.cpp:164:5:164:5 | q | Node steps to itself | -| ir.cpp:164:10:164:10 | i | Node steps to itself | -| ir.cpp:165:5:165:5 | q | Node steps to itself | -| ir.cpp:165:10:165:10 | i | Node steps to itself | -| ir.cpp:167:9:167:9 | p | Node steps to itself | -| ir.cpp:168:10:168:10 | p | Node steps to itself | -| ir.cpp:174:9:174:9 | p | Node steps to itself | -| ir.cpp:174:11:174:11 | i | Node steps to itself | -| ir.cpp:175:9:175:9 | i | Node steps to itself | -| ir.cpp:175:11:175:11 | p | Node steps to itself | -| ir.cpp:177:5:177:5 | p | Node steps to itself | -| ir.cpp:177:7:177:7 | i | Node steps to itself | -| ir.cpp:177:12:177:12 | x | Node steps to itself | -| ir.cpp:178:5:178:5 | i | Node steps to itself | -| ir.cpp:178:7:178:7 | p | Node steps to itself | -| ir.cpp:178:12:178:12 | x | Node steps to itself | -| ir.cpp:181:11:181:11 | i | Node steps to itself | -| ir.cpp:182:9:182:9 | i | Node steps to itself | -| ir.cpp:183:7:183:7 | i | Node steps to itself | -| ir.cpp:183:12:183:12 | x | Node steps to itself | -| ir.cpp:184:5:184:5 | i | Node steps to itself | -| ir.cpp:184:12:184:12 | x | Node steps to itself | -| ir.cpp:188:20:188:20 | i | Node steps to itself | -| ir.cpp:190:18:190:20 | pwc | Node steps to itself | -| ir.cpp:190:22:190:22 | i | Node steps to itself | -| ir.cpp:196:9:196:9 | p | Node steps to itself | -| ir.cpp:196:14:196:14 | q | Node steps to itself | -| ir.cpp:197:9:197:9 | p | Node steps to itself | -| ir.cpp:197:14:197:14 | q | Node steps to itself | -| ir.cpp:198:9:198:9 | p | Node steps to itself | -| ir.cpp:198:13:198:13 | q | Node steps to itself | -| ir.cpp:199:9:199:9 | p | Node steps to itself | -| ir.cpp:199:13:199:13 | q | Node steps to itself | -| ir.cpp:200:9:200:9 | p | Node steps to itself | -| ir.cpp:200:14:200:14 | q | Node steps to itself | -| ir.cpp:201:9:201:9 | p | Node steps to itself | -| ir.cpp:201:14:201:14 | q | Node steps to itself | -| ir.cpp:207:11:207:11 | p | Node steps to itself | -| ir.cpp:208:11:208:11 | p | Node steps to itself | -| ir.cpp:216:5:216:5 | x | Node steps to itself | -| ir.cpp:220:10:220:10 | x | Node steps to itself | -| ir.cpp:223:5:223:5 | y | Node steps to itself | -| ir.cpp:232:13:232:13 | x | Node steps to itself | -| ir.cpp:236:12:236:12 | x | Node steps to itself | -| ir.cpp:236:16:236:16 | y | Node steps to itself | -| ir.cpp:240:9:240:9 | b | Node steps to itself | -| ir.cpp:243:9:243:9 | b | Node steps to itself | -| ir.cpp:244:13:244:13 | y | Node steps to itself | -| ir.cpp:247:9:247:9 | x | Node steps to itself | -| ir.cpp:254:12:254:12 | Phi | Node steps to itself | -| ir.cpp:254:12:254:12 | n | Node steps to itself | -| ir.cpp:255:9:255:9 | n | Node steps to itself | -| ir.cpp:261:9:261:9 | n | Node steps to itself | -| ir.cpp:261:14:261:14 | Phi | Node steps to itself | -| ir.cpp:262:14:262:14 | n | Node steps to itself | -| ir.cpp:280:12:280:12 | Phi | Node steps to itself | -| ir.cpp:280:12:280:12 | Phi | Node steps to itself | -| ir.cpp:280:12:280:12 | i | Node steps to itself | -| ir.cpp:287:13:287:13 | i | Node steps to itself | -| ir.cpp:288:9:288:9 | Phi | Node steps to itself | -| ir.cpp:293:21:293:21 | Phi | Node steps to itself | -| ir.cpp:293:21:293:21 | Phi | Node steps to itself | -| ir.cpp:293:21:293:21 | i | Node steps to itself | -| ir.cpp:299:22:299:22 | i | Node steps to itself | -| ir.cpp:300:9:300:9 | Phi | Node steps to itself | -| ir.cpp:306:12:306:12 | Phi | Node steps to itself | -| ir.cpp:306:12:306:12 | i | Node steps to itself | -| ir.cpp:306:20:306:20 | i | Node steps to itself | -| ir.cpp:312:21:312:21 | Phi | Node steps to itself | -| ir.cpp:312:21:312:21 | i | Node steps to itself | -| ir.cpp:312:29:312:29 | i | Node steps to itself | -| ir.cpp:318:21:318:21 | Phi | Node steps to itself | -| ir.cpp:318:21:318:21 | i | Node steps to itself | -| ir.cpp:318:29:318:29 | i | Node steps to itself | -| ir.cpp:319:13:319:13 | i | Node steps to itself | -| ir.cpp:326:21:326:21 | Phi | Node steps to itself | -| ir.cpp:326:21:326:21 | i | Node steps to itself | -| ir.cpp:326:29:326:29 | i | Node steps to itself | -| ir.cpp:327:13:327:13 | i | Node steps to itself | -| ir.cpp:334:21:334:21 | Phi | Node steps to itself | -| ir.cpp:334:21:334:21 | Phi | Node steps to itself | -| ir.cpp:334:21:334:21 | i | Node steps to itself | -| ir.cpp:335:13:335:13 | i | Node steps to itself | -| ir.cpp:343:13:343:13 | p | Node steps to itself | -| ir.cpp:353:12:353:12 | Phi | Node steps to itself | -| ir.cpp:353:12:353:12 | n | Node steps to itself | -| ir.cpp:354:13:354:13 | n | Node steps to itself | -| ir.cpp:356:9:356:9 | n | Node steps to itself | -| ir.cpp:362:13:362:13 | n | Node steps to itself | -| ir.cpp:365:9:365:9 | n | Node steps to itself | -| ir.cpp:366:14:366:14 | n | Node steps to itself | -| ir.cpp:377:16:377:16 | x | Node steps to itself | -| ir.cpp:377:19:377:19 | y | Node steps to itself | -| ir.cpp:381:32:381:32 | x | Node steps to itself | -| ir.cpp:381:35:381:35 | y | Node steps to itself | -| ir.cpp:386:13:386:13 | x | Node steps to itself | -| ir.cpp:423:12:423:13 | pt | Node steps to itself | -| ir.cpp:435:9:435:9 | a | Node steps to itself | -| ir.cpp:435:14:435:14 | b | Node steps to itself | -| ir.cpp:439:9:439:9 | a | Node steps to itself | -| ir.cpp:439:14:439:14 | b | Node steps to itself | -| ir.cpp:449:9:449:9 | a | Node steps to itself | -| ir.cpp:449:14:449:14 | b | Node steps to itself | -| ir.cpp:453:9:453:9 | a | Node steps to itself | -| ir.cpp:453:14:453:14 | b | Node steps to itself | -| ir.cpp:463:10:463:10 | a | Node steps to itself | -| ir.cpp:467:11:467:11 | a | Node steps to itself | -| ir.cpp:467:16:467:16 | b | Node steps to itself | -| ir.cpp:477:9:477:9 | a | Node steps to itself | -| ir.cpp:477:9:477:14 | ... && ... | Node steps to itself | -| ir.cpp:477:14:477:14 | b | Node steps to itself | -| ir.cpp:478:9:478:9 | a | Node steps to itself | -| ir.cpp:478:9:478:14 | ... \|\| ... | Node steps to itself | -| ir.cpp:478:14:478:14 | b | Node steps to itself | -| ir.cpp:479:11:479:11 | a | Node steps to itself | -| ir.cpp:479:11:479:16 | ... \|\| ... | Node steps to itself | -| ir.cpp:479:16:479:16 | b | Node steps to itself | -| ir.cpp:483:13:483:13 | a | Node steps to itself | -| ir.cpp:483:13:483:21 | ... ? ... : ... | Node steps to itself | -| ir.cpp:483:17:483:17 | x | Node steps to itself | -| ir.cpp:483:21:483:21 | y | Node steps to itself | -| ir.cpp:489:6:489:6 | a | Node steps to itself | -| ir.cpp:493:5:493:5 | a | Node steps to itself | -| ir.cpp:504:19:504:19 | x | Node steps to itself | -| ir.cpp:505:19:505:19 | x | Node steps to itself | -| ir.cpp:514:19:514:19 | x | Node steps to itself | -| ir.cpp:515:19:515:19 | x | Node steps to itself | -| ir.cpp:515:29:515:29 | x | Node steps to itself | -| ir.cpp:516:19:516:19 | x | Node steps to itself | -| ir.cpp:516:26:516:26 | x | Node steps to itself | -| ir.cpp:521:19:521:19 | x | Node steps to itself | -| ir.cpp:522:19:522:19 | x | Node steps to itself | -| ir.cpp:536:9:536:9 | x | Node steps to itself | -| ir.cpp:536:13:536:13 | y | Node steps to itself | -| ir.cpp:540:9:540:9 | x | Node steps to itself | -| ir.cpp:544:9:544:9 | x | Node steps to itself | -| ir.cpp:544:13:544:13 | y | Node steps to itself | -| ir.cpp:545:16:545:16 | x | Node steps to itself | -| ir.cpp:548:12:548:12 | x | Node steps to itself | -| ir.cpp:548:16:548:16 | y | Node steps to itself | -| ir.cpp:552:12:552:14 | pfn | Node steps to itself | -| ir.cpp:623:5:623:5 | r indirection | Node steps to itself | -| ir.cpp:624:5:624:5 | p indirection | Node steps to itself | -| ir.cpp:632:16:632:16 | x | Node steps to itself | -| ir.cpp:636:16:636:16 | x | Node steps to itself | -| ir.cpp:640:16:640:16 | x | Node steps to itself | -| ir.cpp:644:9:644:12 | this | Node steps to itself | -| ir.cpp:646:9:646:11 | this | Node steps to itself | -| ir.cpp:648:13:648:16 | this | Node steps to itself | -| ir.cpp:650:13:650:15 | this | Node steps to itself | -| ir.cpp:650:13:650:15 | this indirection | Node steps to itself | -| ir.cpp:654:9:654:12 | this | Node steps to itself | -| ir.cpp:656:9:656:30 | this | Node steps to itself | -| ir.cpp:656:9:656:30 | this indirection | Node steps to itself | -| ir.cpp:678:12:678:12 | r | Node steps to itself | -| ir.cpp:707:10:707:24 | ... ? ... : ... | Node steps to itself | -| ir.cpp:707:11:707:11 | x | Node steps to itself | -| ir.cpp:707:15:707:15 | y | Node steps to itself | -| ir.cpp:707:20:707:20 | x | Node steps to itself | -| ir.cpp:707:24:707:24 | y | Node steps to itself | -| ir.cpp:711:14:711:14 | x | Node steps to itself | -| ir.cpp:711:17:711:17 | y | Node steps to itself | -| ir.cpp:718:12:718:14 | 0 | Node steps to itself | -| ir.cpp:729:9:729:9 | b | Node steps to itself | -| ir.cpp:732:14:732:14 | x | Node steps to itself | -| ir.cpp:738:18:738:18 | s | Node steps to itself | -| ir.cpp:747:8:747:8 | this | Node steps to itself | -| ir.cpp:756:8:756:8 | this | Node steps to itself | -| ir.cpp:762:3:762:3 | call to ~Base indirection | Node steps to itself | -| ir.cpp:765:8:765:8 | this | Node steps to itself | -| ir.cpp:771:3:771:3 | call to ~Middle indirection | Node steps to itself | -| ir.cpp:780:3:780:3 | call to ~Base indirection | Node steps to itself | -| ir.cpp:789:3:789:3 | call to ~Base indirection | Node steps to itself | -| ir.cpp:798:3:798:3 | call to ~Base indirection | Node steps to itself | -| ir.cpp:811:7:811:13 | call to Base indirection | Node steps to itself | -| ir.cpp:812:7:812:26 | call to Base indirection | Node steps to itself | -| ir.cpp:825:7:825:13 | call to Base indirection | Node steps to itself | -| ir.cpp:826:7:826:26 | call to Base indirection | Node steps to itself | -| ir.cpp:865:34:865:35 | pb | Node steps to itself | -| ir.cpp:866:47:866:48 | pd | Node steps to itself | -| ir.cpp:908:11:908:24 | ... ? ... : ... | Node steps to itself | -| ir.cpp:908:20:908:20 | x | Node steps to itself | -| ir.cpp:946:3:946:14 | new indirection | Node steps to itself | -| ir.cpp:947:3:947:27 | new indirection | Node steps to itself | -| landexpr.c:3:6:3:6 | a | Node steps to itself | -| landexpr.c:3:11:3:11 | b | Node steps to itself | -| lorexpr.c:3:6:3:6 | a | Node steps to itself | -| lorexpr.c:3:11:3:11 | b | Node steps to itself | -| ltrbinopexpr.c:5:5:5:5 | i | Node steps to itself | -| ltrbinopexpr.c:5:9:5:9 | j | Node steps to itself | -| ltrbinopexpr.c:6:5:6:5 | i | Node steps to itself | -| ltrbinopexpr.c:6:9:6:9 | j | Node steps to itself | -| ltrbinopexpr.c:7:5:7:5 | i | Node steps to itself | -| ltrbinopexpr.c:7:9:7:9 | j | Node steps to itself | -| ltrbinopexpr.c:8:5:8:5 | i | Node steps to itself | -| ltrbinopexpr.c:8:9:8:9 | j | Node steps to itself | -| ltrbinopexpr.c:9:5:9:5 | i | Node steps to itself | -| ltrbinopexpr.c:9:9:9:9 | j | Node steps to itself | -| ltrbinopexpr.c:11:5:11:5 | p | Node steps to itself | -| ltrbinopexpr.c:11:9:11:9 | i | Node steps to itself | -| ltrbinopexpr.c:12:5:12:5 | p | Node steps to itself | -| ltrbinopexpr.c:12:9:12:9 | i | Node steps to itself | -| ltrbinopexpr.c:15:5:15:5 | i | Node steps to itself | -| ltrbinopexpr.c:15:10:15:10 | j | Node steps to itself | -| ltrbinopexpr.c:16:5:16:5 | i | Node steps to itself | -| ltrbinopexpr.c:16:10:16:10 | j | Node steps to itself | -| ltrbinopexpr.c:18:5:18:5 | i | Node steps to itself | -| ltrbinopexpr.c:18:9:18:9 | j | Node steps to itself | -| ltrbinopexpr.c:19:5:19:5 | i | Node steps to itself | -| ltrbinopexpr.c:19:9:19:9 | j | Node steps to itself | -| ltrbinopexpr.c:20:5:20:5 | i | Node steps to itself | -| ltrbinopexpr.c:20:9:20:9 | j | Node steps to itself | -| ltrbinopexpr.c:21:5:21:5 | i | Node steps to itself | -| ltrbinopexpr.c:21:10:21:10 | j | Node steps to itself | -| ltrbinopexpr.c:22:5:22:5 | i | Node steps to itself | -| ltrbinopexpr.c:22:10:22:10 | j | Node steps to itself | -| ltrbinopexpr.c:23:5:23:5 | i | Node steps to itself | -| ltrbinopexpr.c:23:9:23:9 | j | Node steps to itself | -| ltrbinopexpr.c:24:5:24:5 | i | Node steps to itself | -| ltrbinopexpr.c:24:9:24:9 | j | Node steps to itself | -| ltrbinopexpr.c:25:5:25:5 | i | Node steps to itself | -| ltrbinopexpr.c:25:10:25:10 | j | Node steps to itself | -| ltrbinopexpr.c:26:5:26:5 | i | Node steps to itself | -| ltrbinopexpr.c:26:10:26:10 | j | Node steps to itself | -| ltrbinopexpr.c:28:5:28:5 | i | Node steps to itself | -| ltrbinopexpr.c:28:10:28:10 | j | Node steps to itself | -| ltrbinopexpr.c:29:5:29:5 | i | Node steps to itself | -| ltrbinopexpr.c:29:10:29:10 | j | Node steps to itself | -| ltrbinopexpr.c:30:5:30:5 | i | Node steps to itself | -| ltrbinopexpr.c:30:10:30:10 | j | Node steps to itself | -| ltrbinopexpr.c:31:5:31:5 | i | Node steps to itself | -| ltrbinopexpr.c:31:10:31:10 | j | Node steps to itself | -| ltrbinopexpr.c:32:5:32:5 | i | Node steps to itself | -| ltrbinopexpr.c:32:10:32:10 | j | Node steps to itself | -| ltrbinopexpr.c:33:5:33:5 | i | Node steps to itself | -| ltrbinopexpr.c:33:11:33:11 | j | Node steps to itself | -| ltrbinopexpr.c:34:5:34:5 | i | Node steps to itself | -| ltrbinopexpr.c:34:11:34:11 | j | Node steps to itself | -| ltrbinopexpr.c:35:5:35:5 | i | Node steps to itself | -| ltrbinopexpr.c:35:10:35:10 | j | Node steps to itself | -| ltrbinopexpr.c:36:5:36:5 | i | Node steps to itself | -| ltrbinopexpr.c:36:10:36:10 | j | Node steps to itself | -| ltrbinopexpr.c:37:5:37:5 | i | Node steps to itself | -| ltrbinopexpr.c:37:10:37:10 | j | Node steps to itself | -| ltrbinopexpr.c:39:5:39:5 | p | Node steps to itself | -| ltrbinopexpr.c:39:10:39:10 | i | Node steps to itself | -| ltrbinopexpr.c:40:5:40:5 | p | Node steps to itself | -| ltrbinopexpr.c:40:10:40:10 | i | Node steps to itself | -| membercallexpr.cpp:10:2:10:2 | c | Node steps to itself | -| membercallexpr.cpp:10:2:10:2 | c indirection | Node steps to itself | -| membercallexpr_args.cpp:12:2:12:2 | c | Node steps to itself | -| membercallexpr_args.cpp:12:2:12:2 | c indirection | Node steps to itself | -| membercallexpr_args.cpp:12:10:12:10 | i | Node steps to itself | -| membercallexpr_args.cpp:12:14:12:14 | j | Node steps to itself | -| membercallexpr_args.cpp:12:17:12:17 | k | Node steps to itself | -| membercallexpr_args.cpp:12:21:12:21 | l | Node steps to itself | -| misc.c:20:7:20:7 | i | Node steps to itself | -| misc.c:21:5:21:5 | i | Node steps to itself | -| misc.c:22:9:22:12 | argi | Node steps to itself | -| misc.c:22:17:22:20 | argj | Node steps to itself | -| misc.c:27:9:27:12 | argi | Node steps to itself | -| misc.c:27:17:27:20 | argj | Node steps to itself | -| misc.c:32:9:32:9 | i | Node steps to itself | -| misc.c:32:14:32:14 | j | Node steps to itself | -| misc.c:37:9:37:9 | i | Node steps to itself | -| misc.c:37:14:37:14 | j | Node steps to itself | -| misc.c:44:11:44:11 | Phi | Node steps to itself | -| misc.c:44:11:44:11 | Phi | Node steps to itself | -| misc.c:44:11:44:11 | Phi | Node steps to itself | -| misc.c:44:11:44:11 | i | Node steps to itself | -| misc.c:45:9:45:9 | j | Node steps to itself | -| misc.c:47:11:47:11 | Phi | Node steps to itself | -| misc.c:47:11:47:11 | Phi | Node steps to itself | -| misc.c:47:11:47:11 | Phi | Node steps to itself | -| misc.c:47:11:47:11 | i | Node steps to itself | -| misc.c:47:16:47:16 | j | Node steps to itself | -| misc.c:48:9:48:9 | j | Node steps to itself | -| misc.c:50:11:50:11 | Phi | Node steps to itself | -| misc.c:50:11:50:11 | Phi | Node steps to itself | -| misc.c:50:11:50:11 | i | Node steps to itself | -| misc.c:50:16:50:16 | j | Node steps to itself | -| misc.c:51:9:51:9 | j | Node steps to itself | -| misc.c:53:11:53:14 | Phi | Node steps to itself | -| misc.c:53:11:53:14 | Phi | Node steps to itself | -| misc.c:53:11:53:14 | Phi | Node steps to itself | -| misc.c:53:11:53:14 | argi | Node steps to itself | -| misc.c:54:9:54:9 | j | Node steps to itself | -| misc.c:57:9:57:9 | Phi | Node steps to itself | -| misc.c:57:9:57:9 | Phi | Node steps to itself | -| misc.c:57:9:57:9 | Phi | Node steps to itself | -| misc.c:57:9:57:9 | j | Node steps to itself | -| misc.c:58:13:58:13 | i | Node steps to itself | -| misc.c:60:9:60:9 | Phi | Node steps to itself | -| misc.c:60:9:60:9 | Phi | Node steps to itself | -| misc.c:60:9:60:9 | Phi | Node steps to itself | -| misc.c:60:9:60:9 | j | Node steps to itself | -| misc.c:61:13:61:16 | argi | Node steps to itself | -| misc.c:62:16:62:16 | Phi | Node steps to itself | -| misc.c:62:16:62:16 | i | Node steps to itself | -| misc.c:62:24:62:24 | i | Node steps to itself | -| misc.c:64:11:64:11 | Phi | Node steps to itself | -| misc.c:64:11:64:11 | i | Node steps to itself | -| misc.c:64:19:64:19 | i | Node steps to itself | -| misc.c:66:18:66:18 | i | Node steps to itself | -| misc.c:66:23:67:5 | Phi | Node steps to itself | -| misc.c:93:9:93:15 | ... ? ... : ... | Node steps to itself | -| misc.c:94:9:94:10 | sp | Node steps to itself | -| misc.c:94:9:94:10 | sp indirection | Node steps to itself | -| misc.c:94:9:94:19 | ... ? ... : ... | Node steps to itself | -| misc.c:94:19:94:19 | i | Node steps to itself | -| misc.c:100:13:100:13 | i | Node steps to itself | -| misc.c:105:13:105:13 | i | Node steps to itself | -| misc.c:110:13:110:13 | i | Node steps to itself | -| misc.c:115:13:115:13 | i | Node steps to itself | -| misc.c:119:13:119:13 | i | Node steps to itself | -| misc.c:123:13:123:13 | i | Node steps to itself | -| misc.c:123:17:123:17 | j | Node steps to itself | -| misc.c:124:14:124:14 | i | Node steps to itself | -| misc.c:124:18:124:18 | j | Node steps to itself | -| misc.c:124:30:124:30 | i | Node steps to itself | -| misc.c:130:11:130:11 | j | Node steps to itself | -| misc.c:131:5:131:6 | sp | Node steps to itself | -| misc.c:131:13:131:13 | j | Node steps to itself | -| misc.c:133:9:133:10 | sp | Node steps to itself | -| misc.c:135:9:135:9 | i | Node steps to itself | -| misc.c:135:13:135:13 | j | Node steps to itself | -| misc.c:136:9:136:9 | i | Node steps to itself | -| misc.c:136:13:136:13 | j | Node steps to itself | -| misc.c:137:9:137:9 | i | Node steps to itself | -| misc.c:137:13:137:13 | j | Node steps to itself | -| misc.c:139:10:139:11 | sp | Node steps to itself | -| misc.c:139:18:139:18 | j | Node steps to itself | -| misc.c:139:25:139:26 | sp | Node steps to itself | -| misc.c:139:25:139:26 | sp indirection | Node steps to itself | -| misc.c:139:33:139:33 | j | Node steps to itself | -| misc.c:140:9:140:9 | i | Node steps to itself | -| misc.c:140:14:140:14 | i | Node steps to itself | -| misc.c:140:19:140:19 | i | Node steps to itself | -| misc.c:141:9:141:9 | i | Node steps to itself | -| misc.c:141:14:141:14 | i | Node steps to itself | -| misc.c:141:19:141:19 | i | Node steps to itself | -| misc.c:147:9:147:14 | intFun | Node steps to itself | -| misc.c:147:16:147:16 | i | Node steps to itself | -| misc.c:147:19:147:19 | j | Node steps to itself | -| misc.c:149:5:149:10 | pfunvv | Node steps to itself | -| misc.c:157:18:157:18 | x | Node steps to itself | -| misc.c:158:18:158:18 | x | Node steps to itself | -| misc.c:171:15:171:15 | i | Node steps to itself | -| misc.c:188:12:188:12 | i | Node steps to itself | -| misc.c:216:10:216:25 | global_with_init | Node steps to itself | -| misc.c:220:9:223:3 | {...} | Node steps to itself | -| modeled-functions.cpp:6:10:6:16 | socket2 | Node steps to itself | -| ms_assume.cpp:16:6:16:9 | argc | Node steps to itself | -| ms_assume.cpp:19:13:19:16 | argc | Node steps to itself | -| ms_assume.cpp:28:31:28:31 | s | Node steps to itself | -| ms_assume.cpp:28:31:28:31 | s indirection | Node steps to itself | -| ms_try_mix.cpp:17:13:17:14 | b1 | Node steps to itself | -| ms_try_mix.cpp:34:13:34:14 | b2 | Node steps to itself | -| newexpr.cpp:10:2:10:20 | new indirection | Node steps to itself | -| newexpr.cpp:10:8:10:8 | a | Node steps to itself | -| newexpr.cpp:10:12:10:12 | b | Node steps to itself | -| newexpr.cpp:10:15:10:15 | c | Node steps to itself | -| newexpr.cpp:10:19:10:19 | d | Node steps to itself | -| nodefaultswitchstmt.c:2:14:2:14 | x | Node steps to itself | -| nonmemberfpcallexpr.c:3:2:3:2 | g | Node steps to itself | -| ops.cpp:21:33:21:33 | i | Node steps to itself | -| parameterinitializer.cpp:8:24:8:24 | i | Node steps to itself | -| pmcallexpr.cpp:10:3:10:3 | c | Node steps to itself | -| pmcallexpr.cpp:10:8:10:8 | d | Node steps to itself | -| pmcallexpr.cpp:10:8:10:8 | d indirection | Node steps to itself | -| pointer_to_member.cpp:26:19:26:20 | pm | Node steps to itself | -| pointer_to_member.cpp:29:12:29:14 | acc | Node steps to itself | -| pruning.c:70:9:70:9 | i | Node steps to itself | -| pruning.c:79:9:79:9 | i | Node steps to itself | -| pruning.c:88:9:88:9 | i | Node steps to itself | -| pruning.c:97:9:97:9 | i | Node steps to itself | -| pruning.c:106:9:106:9 | i | Node steps to itself | -| pruning.c:115:9:115:9 | i | Node steps to itself | -| pruning.c:124:9:124:9 | i | Node steps to itself | -| pruning.c:166:12:166:12 | i | Node steps to itself | -| pruning.c:173:12:173:12 | i | Node steps to itself | -| pruning.c:180:12:180:12 | i | Node steps to itself | -| pruning.c:187:12:187:12 | i | Node steps to itself | -| pruning.c:194:45:194:51 | faulted | Node steps to itself | -| pruning.c:195:13:195:19 | faulted | Node steps to itself | -| questionexpr.c:3:6:3:6 | a | Node steps to itself | -| questionexpr.c:3:6:3:27 | ... ? ... : ... | Node steps to itself | -| questionexpr.c:3:11:3:11 | b | Node steps to itself | -| questionexpr.c:3:15:3:15 | c | Node steps to itself | -| questionexpr.c:3:19:3:19 | b | Node steps to itself | -| questionexpr.c:3:23:3:23 | d | Node steps to itself | -| questionexpr.c:3:27:3:27 | b | Node steps to itself | -| range_analysis.c:7:10:7:10 | Phi | Node steps to itself | -| range_analysis.c:7:10:7:10 | Phi | Node steps to itself | -| range_analysis.c:7:10:7:10 | p | Node steps to itself | -| range_analysis.c:7:17:7:17 | p | Node steps to itself | -| range_analysis.c:7:17:7:17 | p indirection | Node steps to itself | -| range_analysis.c:8:13:8:17 | count | Node steps to itself | -| range_analysis.c:10:10:10:14 | count | Node steps to itself | -| range_analysis.c:15:10:15:10 | Phi | Node steps to itself | -| range_analysis.c:15:10:15:10 | Phi | Node steps to itself | -| range_analysis.c:15:10:15:10 | p | Node steps to itself | -| range_analysis.c:15:17:15:17 | p | Node steps to itself | -| range_analysis.c:15:17:15:17 | p indirection | Node steps to itself | -| range_analysis.c:16:14:16:18 | count | Node steps to itself | -| range_analysis.c:18:10:18:14 | count | Node steps to itself | -| range_analysis.c:23:10:23:10 | Phi | Node steps to itself | -| range_analysis.c:23:10:23:10 | Phi | Node steps to itself | -| range_analysis.c:23:10:23:10 | p | Node steps to itself | -| range_analysis.c:23:17:23:17 | p | Node steps to itself | -| range_analysis.c:23:17:23:17 | p indirection | Node steps to itself | -| range_analysis.c:24:5:24:9 | count | Node steps to itself | -| range_analysis.c:25:13:25:17 | count | Node steps to itself | -| range_analysis.c:27:10:27:14 | count | Node steps to itself | -| range_analysis.c:33:15:33:15 | Phi | Node steps to itself | -| range_analysis.c:33:15:33:15 | Phi | Node steps to itself | -| range_analysis.c:33:15:33:15 | i | Node steps to itself | -| range_analysis.c:33:26:33:26 | i | Node steps to itself | -| range_analysis.c:34:5:34:9 | total | Node steps to itself | -| range_analysis.c:34:14:34:14 | i | Node steps to itself | -| range_analysis.c:36:10:36:14 | total | Node steps to itself | -| range_analysis.c:36:18:36:18 | i | Node steps to itself | -| range_analysis.c:42:15:42:15 | Phi | Node steps to itself | -| range_analysis.c:42:15:42:15 | Phi | Node steps to itself | -| range_analysis.c:42:15:42:15 | i | Node steps to itself | -| range_analysis.c:42:22:42:22 | i | Node steps to itself | -| range_analysis.c:43:5:43:9 | total | Node steps to itself | -| range_analysis.c:43:14:43:14 | i | Node steps to itself | -| range_analysis.c:45:10:45:14 | total | Node steps to itself | -| range_analysis.c:45:18:45:18 | i | Node steps to itself | -| range_analysis.c:51:15:51:15 | Phi | Node steps to itself | -| range_analysis.c:51:15:51:15 | Phi | Node steps to itself | -| range_analysis.c:51:15:51:15 | i | Node steps to itself | -| range_analysis.c:51:28:51:28 | i | Node steps to itself | -| range_analysis.c:52:5:52:9 | total | Node steps to itself | -| range_analysis.c:52:14:52:14 | i | Node steps to itself | -| range_analysis.c:54:10:54:14 | total | Node steps to itself | -| range_analysis.c:54:18:54:18 | i | Node steps to itself | -| range_analysis.c:58:7:58:7 | i | Node steps to itself | -| range_analysis.c:59:9:59:9 | i | Node steps to itself | -| range_analysis.c:60:14:60:14 | i | Node steps to itself | -| range_analysis.c:67:15:67:15 | y | Node steps to itself | -| range_analysis.c:67:20:67:20 | y | Node steps to itself | -| range_analysis.c:68:9:68:9 | x | Node steps to itself | -| range_analysis.c:68:13:68:13 | y | Node steps to itself | -| range_analysis.c:69:14:69:14 | x | Node steps to itself | -| range_analysis.c:72:10:72:10 | y | Node steps to itself | -| range_analysis.c:76:7:76:7 | y | Node steps to itself | -| range_analysis.c:77:9:77:9 | x | Node steps to itself | -| range_analysis.c:81:9:81:9 | x | Node steps to itself | -| range_analysis.c:85:10:85:10 | x | Node steps to itself | -| range_analysis.c:89:7:89:7 | y | Node steps to itself | -| range_analysis.c:90:9:90:9 | x | Node steps to itself | -| range_analysis.c:90:13:90:13 | y | Node steps to itself | -| range_analysis.c:93:12:93:12 | x | Node steps to itself | -| range_analysis.c:100:8:100:8 | p | Node steps to itself | -| range_analysis.c:105:10:105:10 | p | Node steps to itself | -| range_analysis.c:124:11:124:15 | Phi | Node steps to itself | -| range_analysis.c:124:11:124:15 | Phi | Node steps to itself | -| range_analysis.c:124:11:124:15 | Start | Node steps to itself | -| range_analysis.c:127:6:127:10 | Start | Node steps to itself | -| range_analysis.c:127:15:127:20 | Length | Node steps to itself | -| range_analysis.c:137:20:137:20 | x | Node steps to itself | -| range_analysis.c:138:11:138:11 | i | Node steps to itself | -| range_analysis.c:139:23:139:23 | i | Node steps to itself | -| range_analysis.c:139:32:139:32 | x | Node steps to itself | -| range_analysis.c:139:36:139:36 | y | Node steps to itself | -| range_analysis.c:150:10:150:11 | x0 | Node steps to itself | -| range_analysis.c:150:15:150:16 | x1 | Node steps to itself | -| range_analysis.c:150:20:150:21 | x2 | Node steps to itself | -| range_analysis.c:150:25:150:26 | x3 | Node steps to itself | -| range_analysis.c:154:10:154:40 | ... ? ... : ... | Node steps to itself | -| range_analysis.c:154:11:154:11 | x | Node steps to itself | -| range_analysis.c:154:35:154:35 | x | Node steps to itself | -| range_analysis.c:161:12:161:12 | a | Node steps to itself | -| range_analysis.c:161:17:161:17 | a | Node steps to itself | -| range_analysis.c:163:14:163:14 | a | Node steps to itself | -| range_analysis.c:164:5:164:9 | total | Node steps to itself | -| range_analysis.c:164:14:164:14 | b | Node steps to itself | -| range_analysis.c:164:16:164:16 | c | Node steps to itself | -| range_analysis.c:166:12:166:12 | a | Node steps to itself | -| range_analysis.c:166:17:166:17 | a | Node steps to itself | -| range_analysis.c:168:14:168:14 | a | Node steps to itself | -| range_analysis.c:169:5:169:9 | total | Node steps to itself | -| range_analysis.c:169:14:169:14 | b | Node steps to itself | -| range_analysis.c:169:16:169:16 | c | Node steps to itself | -| range_analysis.c:171:13:171:13 | a | Node steps to itself | -| range_analysis.c:171:18:171:18 | a | Node steps to itself | -| range_analysis.c:173:14:173:14 | a | Node steps to itself | -| range_analysis.c:174:5:174:9 | total | Node steps to itself | -| range_analysis.c:174:14:174:14 | b | Node steps to itself | -| range_analysis.c:174:16:174:16 | c | Node steps to itself | -| range_analysis.c:176:13:176:13 | a | Node steps to itself | -| range_analysis.c:176:18:176:18 | a | Node steps to itself | -| range_analysis.c:178:14:178:14 | a | Node steps to itself | -| range_analysis.c:179:5:179:9 | total | Node steps to itself | -| range_analysis.c:179:14:179:14 | b | Node steps to itself | -| range_analysis.c:179:16:179:16 | c | Node steps to itself | -| range_analysis.c:181:13:181:13 | a | Node steps to itself | -| range_analysis.c:181:18:181:18 | a | Node steps to itself | -| range_analysis.c:183:14:183:14 | a | Node steps to itself | -| range_analysis.c:184:5:184:9 | total | Node steps to itself | -| range_analysis.c:184:14:184:14 | b | Node steps to itself | -| range_analysis.c:184:16:184:16 | c | Node steps to itself | -| range_analysis.c:186:13:186:13 | a | Node steps to itself | -| range_analysis.c:186:18:186:18 | a | Node steps to itself | -| range_analysis.c:188:14:188:14 | a | Node steps to itself | -| range_analysis.c:189:5:189:9 | total | Node steps to itself | -| range_analysis.c:189:14:189:14 | b | Node steps to itself | -| range_analysis.c:189:16:189:16 | c | Node steps to itself | -| range_analysis.c:192:10:192:14 | total | Node steps to itself | -| range_analysis.c:200:12:200:12 | a | Node steps to itself | -| range_analysis.c:200:17:200:17 | a | Node steps to itself | -| range_analysis.c:200:33:200:33 | b | Node steps to itself | -| range_analysis.c:200:38:200:38 | b | Node steps to itself | -| range_analysis.c:201:13:201:13 | a | Node steps to itself | -| range_analysis.c:201:15:201:15 | b | Node steps to itself | -| range_analysis.c:202:5:202:9 | total | Node steps to itself | -| range_analysis.c:202:14:202:14 | r | Node steps to itself | -| range_analysis.c:204:12:204:12 | a | Node steps to itself | -| range_analysis.c:204:17:204:17 | a | Node steps to itself | -| range_analysis.c:204:33:204:33 | b | Node steps to itself | -| range_analysis.c:204:38:204:38 | b | Node steps to itself | -| range_analysis.c:205:13:205:13 | a | Node steps to itself | -| range_analysis.c:205:15:205:15 | b | Node steps to itself | -| range_analysis.c:206:5:206:9 | total | Node steps to itself | -| range_analysis.c:206:14:206:14 | r | Node steps to itself | -| range_analysis.c:208:12:208:12 | a | Node steps to itself | -| range_analysis.c:208:17:208:17 | a | Node steps to itself | -| range_analysis.c:208:35:208:35 | b | Node steps to itself | -| range_analysis.c:208:40:208:40 | b | Node steps to itself | -| range_analysis.c:209:13:209:13 | a | Node steps to itself | -| range_analysis.c:209:15:209:15 | b | Node steps to itself | -| range_analysis.c:210:5:210:9 | total | Node steps to itself | -| range_analysis.c:210:14:210:14 | r | Node steps to itself | -| range_analysis.c:212:12:212:12 | a | Node steps to itself | -| range_analysis.c:212:17:212:17 | a | Node steps to itself | -| range_analysis.c:212:35:212:35 | b | Node steps to itself | -| range_analysis.c:212:40:212:40 | b | Node steps to itself | -| range_analysis.c:213:13:213:13 | a | Node steps to itself | -| range_analysis.c:213:15:213:15 | b | Node steps to itself | -| range_analysis.c:214:5:214:9 | total | Node steps to itself | -| range_analysis.c:214:14:214:14 | r | Node steps to itself | -| range_analysis.c:216:12:216:12 | a | Node steps to itself | -| range_analysis.c:216:17:216:17 | a | Node steps to itself | -| range_analysis.c:216:35:216:35 | b | Node steps to itself | -| range_analysis.c:216:40:216:40 | b | Node steps to itself | -| range_analysis.c:217:13:217:13 | a | Node steps to itself | -| range_analysis.c:217:15:217:15 | b | Node steps to itself | -| range_analysis.c:218:5:218:9 | total | Node steps to itself | -| range_analysis.c:218:14:218:14 | r | Node steps to itself | -| range_analysis.c:221:10:221:14 | total | Node steps to itself | -| range_analysis.c:228:12:228:12 | a | Node steps to itself | -| range_analysis.c:228:17:228:17 | a | Node steps to itself | -| range_analysis.c:228:33:228:33 | b | Node steps to itself | -| range_analysis.c:228:38:228:38 | b | Node steps to itself | -| range_analysis.c:229:13:229:13 | a | Node steps to itself | -| range_analysis.c:229:15:229:15 | b | Node steps to itself | -| range_analysis.c:230:5:230:9 | total | Node steps to itself | -| range_analysis.c:230:14:230:14 | r | Node steps to itself | -| range_analysis.c:232:12:232:12 | a | Node steps to itself | -| range_analysis.c:232:17:232:17 | a | Node steps to itself | -| range_analysis.c:232:33:232:33 | b | Node steps to itself | -| range_analysis.c:232:38:232:38 | b | Node steps to itself | -| range_analysis.c:233:13:233:13 | a | Node steps to itself | -| range_analysis.c:233:15:233:15 | b | Node steps to itself | -| range_analysis.c:234:5:234:9 | total | Node steps to itself | -| range_analysis.c:234:14:234:14 | r | Node steps to itself | -| range_analysis.c:236:12:236:12 | a | Node steps to itself | -| range_analysis.c:236:17:236:17 | a | Node steps to itself | -| range_analysis.c:236:35:236:35 | b | Node steps to itself | -| range_analysis.c:236:40:236:40 | b | Node steps to itself | -| range_analysis.c:237:13:237:13 | a | Node steps to itself | -| range_analysis.c:237:15:237:15 | b | Node steps to itself | -| range_analysis.c:238:5:238:9 | total | Node steps to itself | -| range_analysis.c:238:14:238:14 | r | Node steps to itself | -| range_analysis.c:240:12:240:12 | a | Node steps to itself | -| range_analysis.c:240:17:240:17 | a | Node steps to itself | -| range_analysis.c:240:35:240:35 | b | Node steps to itself | -| range_analysis.c:240:40:240:40 | b | Node steps to itself | -| range_analysis.c:241:13:241:13 | a | Node steps to itself | -| range_analysis.c:241:15:241:15 | b | Node steps to itself | -| range_analysis.c:242:5:242:9 | total | Node steps to itself | -| range_analysis.c:242:14:242:14 | r | Node steps to itself | -| range_analysis.c:244:12:244:12 | a | Node steps to itself | -| range_analysis.c:244:17:244:17 | a | Node steps to itself | -| range_analysis.c:244:35:244:35 | b | Node steps to itself | -| range_analysis.c:244:40:244:40 | b | Node steps to itself | -| range_analysis.c:245:13:245:13 | a | Node steps to itself | -| range_analysis.c:245:15:245:15 | b | Node steps to itself | -| range_analysis.c:246:5:246:9 | total | Node steps to itself | -| range_analysis.c:246:14:246:14 | r | Node steps to itself | -| range_analysis.c:249:10:249:14 | total | Node steps to itself | -| range_analysis.c:256:14:256:14 | a | Node steps to itself | -| range_analysis.c:256:19:256:19 | a | Node steps to itself | -| range_analysis.c:256:35:256:35 | b | Node steps to itself | -| range_analysis.c:256:40:256:40 | b | Node steps to itself | -| range_analysis.c:257:13:257:13 | a | Node steps to itself | -| range_analysis.c:257:15:257:15 | b | Node steps to itself | -| range_analysis.c:258:5:258:9 | total | Node steps to itself | -| range_analysis.c:258:14:258:14 | r | Node steps to itself | -| range_analysis.c:260:14:260:14 | a | Node steps to itself | -| range_analysis.c:260:19:260:19 | a | Node steps to itself | -| range_analysis.c:260:35:260:35 | b | Node steps to itself | -| range_analysis.c:260:40:260:40 | b | Node steps to itself | -| range_analysis.c:261:13:261:13 | a | Node steps to itself | -| range_analysis.c:261:15:261:15 | b | Node steps to itself | -| range_analysis.c:262:5:262:9 | total | Node steps to itself | -| range_analysis.c:262:14:262:14 | r | Node steps to itself | -| range_analysis.c:264:14:264:14 | a | Node steps to itself | -| range_analysis.c:264:19:264:19 | a | Node steps to itself | -| range_analysis.c:264:37:264:37 | b | Node steps to itself | -| range_analysis.c:264:42:264:42 | b | Node steps to itself | -| range_analysis.c:265:13:265:13 | a | Node steps to itself | -| range_analysis.c:265:15:265:15 | b | Node steps to itself | -| range_analysis.c:266:5:266:9 | total | Node steps to itself | -| range_analysis.c:266:14:266:14 | r | Node steps to itself | -| range_analysis.c:268:14:268:14 | a | Node steps to itself | -| range_analysis.c:268:19:268:19 | a | Node steps to itself | -| range_analysis.c:268:37:268:37 | b | Node steps to itself | -| range_analysis.c:268:42:268:42 | b | Node steps to itself | -| range_analysis.c:269:13:269:13 | a | Node steps to itself | -| range_analysis.c:269:15:269:15 | b | Node steps to itself | -| range_analysis.c:270:5:270:9 | total | Node steps to itself | -| range_analysis.c:270:14:270:14 | r | Node steps to itself | -| range_analysis.c:272:14:272:14 | a | Node steps to itself | -| range_analysis.c:272:19:272:19 | a | Node steps to itself | -| range_analysis.c:272:37:272:37 | b | Node steps to itself | -| range_analysis.c:272:42:272:42 | b | Node steps to itself | -| range_analysis.c:273:13:273:13 | a | Node steps to itself | -| range_analysis.c:273:15:273:15 | b | Node steps to itself | -| range_analysis.c:274:5:274:9 | total | Node steps to itself | -| range_analysis.c:274:14:274:14 | r | Node steps to itself | -| range_analysis.c:277:10:277:14 | total | Node steps to itself | -| range_analysis.c:284:14:284:14 | a | Node steps to itself | -| range_analysis.c:284:19:284:19 | a | Node steps to itself | -| range_analysis.c:284:34:284:34 | b | Node steps to itself | -| range_analysis.c:284:39:284:39 | b | Node steps to itself | -| range_analysis.c:285:13:285:13 | a | Node steps to itself | -| range_analysis.c:285:15:285:15 | b | Node steps to itself | -| range_analysis.c:286:5:286:9 | total | Node steps to itself | -| range_analysis.c:286:14:286:14 | r | Node steps to itself | -| range_analysis.c:288:14:288:14 | a | Node steps to itself | -| range_analysis.c:288:19:288:19 | a | Node steps to itself | -| range_analysis.c:288:34:288:34 | b | Node steps to itself | -| range_analysis.c:288:39:288:39 | b | Node steps to itself | -| range_analysis.c:289:13:289:13 | a | Node steps to itself | -| range_analysis.c:289:15:289:15 | b | Node steps to itself | -| range_analysis.c:290:5:290:9 | total | Node steps to itself | -| range_analysis.c:290:14:290:14 | r | Node steps to itself | -| range_analysis.c:292:14:292:14 | a | Node steps to itself | -| range_analysis.c:292:19:292:19 | a | Node steps to itself | -| range_analysis.c:292:36:292:36 | b | Node steps to itself | -| range_analysis.c:292:41:292:41 | b | Node steps to itself | -| range_analysis.c:293:13:293:13 | a | Node steps to itself | -| range_analysis.c:293:15:293:15 | b | Node steps to itself | -| range_analysis.c:294:5:294:9 | total | Node steps to itself | -| range_analysis.c:294:14:294:14 | r | Node steps to itself | -| range_analysis.c:296:14:296:14 | a | Node steps to itself | -| range_analysis.c:296:19:296:19 | a | Node steps to itself | -| range_analysis.c:296:36:296:36 | b | Node steps to itself | -| range_analysis.c:296:41:296:41 | b | Node steps to itself | -| range_analysis.c:297:13:297:13 | a | Node steps to itself | -| range_analysis.c:297:15:297:15 | b | Node steps to itself | -| range_analysis.c:298:5:298:9 | total | Node steps to itself | -| range_analysis.c:298:14:298:14 | r | Node steps to itself | -| range_analysis.c:300:14:300:14 | a | Node steps to itself | -| range_analysis.c:300:19:300:19 | a | Node steps to itself | -| range_analysis.c:300:36:300:36 | b | Node steps to itself | -| range_analysis.c:300:41:300:41 | b | Node steps to itself | -| range_analysis.c:301:13:301:13 | a | Node steps to itself | -| range_analysis.c:301:15:301:15 | b | Node steps to itself | -| range_analysis.c:302:5:302:9 | total | Node steps to itself | -| range_analysis.c:302:14:302:14 | r | Node steps to itself | -| range_analysis.c:305:10:305:14 | total | Node steps to itself | -| range_analysis.c:312:14:312:14 | a | Node steps to itself | -| range_analysis.c:312:19:312:19 | a | Node steps to itself | -| range_analysis.c:312:35:312:35 | b | Node steps to itself | -| range_analysis.c:312:40:312:40 | b | Node steps to itself | -| range_analysis.c:313:13:313:13 | a | Node steps to itself | -| range_analysis.c:313:15:313:15 | b | Node steps to itself | -| range_analysis.c:314:5:314:9 | total | Node steps to itself | -| range_analysis.c:314:14:314:14 | r | Node steps to itself | -| range_analysis.c:316:14:316:14 | a | Node steps to itself | -| range_analysis.c:316:19:316:19 | a | Node steps to itself | -| range_analysis.c:316:35:316:35 | b | Node steps to itself | -| range_analysis.c:316:40:316:40 | b | Node steps to itself | -| range_analysis.c:317:13:317:13 | a | Node steps to itself | -| range_analysis.c:317:15:317:15 | b | Node steps to itself | -| range_analysis.c:318:5:318:9 | total | Node steps to itself | -| range_analysis.c:318:14:318:14 | r | Node steps to itself | -| range_analysis.c:320:14:320:14 | a | Node steps to itself | -| range_analysis.c:320:19:320:19 | a | Node steps to itself | -| range_analysis.c:320:37:320:37 | b | Node steps to itself | -| range_analysis.c:320:42:320:42 | b | Node steps to itself | -| range_analysis.c:321:13:321:13 | a | Node steps to itself | -| range_analysis.c:321:15:321:15 | b | Node steps to itself | -| range_analysis.c:322:5:322:9 | total | Node steps to itself | -| range_analysis.c:322:14:322:14 | r | Node steps to itself | -| range_analysis.c:324:14:324:14 | a | Node steps to itself | -| range_analysis.c:324:19:324:19 | a | Node steps to itself | -| range_analysis.c:324:37:324:37 | b | Node steps to itself | -| range_analysis.c:324:42:324:42 | b | Node steps to itself | -| range_analysis.c:325:13:325:13 | a | Node steps to itself | -| range_analysis.c:325:15:325:15 | b | Node steps to itself | -| range_analysis.c:326:5:326:9 | total | Node steps to itself | -| range_analysis.c:326:14:326:14 | r | Node steps to itself | -| range_analysis.c:328:14:328:14 | a | Node steps to itself | -| range_analysis.c:328:19:328:19 | a | Node steps to itself | -| range_analysis.c:328:37:328:37 | b | Node steps to itself | -| range_analysis.c:328:42:328:42 | b | Node steps to itself | -| range_analysis.c:329:13:329:13 | a | Node steps to itself | -| range_analysis.c:329:15:329:15 | b | Node steps to itself | -| range_analysis.c:330:5:330:9 | total | Node steps to itself | -| range_analysis.c:330:14:330:14 | r | Node steps to itself | -| range_analysis.c:333:10:333:14 | total | Node steps to itself | -| range_analysis.c:338:7:338:7 | x | Node steps to itself | -| range_analysis.c:342:10:342:10 | Phi | Node steps to itself | -| range_analysis.c:342:10:342:10 | i | Node steps to itself | -| range_analysis.c:343:5:343:5 | i | Node steps to itself | -| range_analysis.c:345:7:345:7 | i | Node steps to itself | -| range_analysis.c:346:7:346:7 | x | Node steps to itself | -| range_analysis.c:347:9:347:9 | d | Node steps to itself | -| range_analysis.c:347:14:347:14 | x | Node steps to itself | -| range_analysis.c:357:8:357:8 | x | Node steps to itself | -| range_analysis.c:357:8:357:23 | ... ? ... : ... | Node steps to itself | -| range_analysis.c:357:18:357:18 | x | Node steps to itself | -| range_analysis.c:358:8:358:8 | x | Node steps to itself | -| range_analysis.c:358:8:358:24 | ... ? ... : ... | Node steps to itself | -| range_analysis.c:358:24:358:24 | x | Node steps to itself | -| range_analysis.c:365:7:365:7 | x | Node steps to itself | -| range_analysis.c:366:10:366:15 | ... ? ... : ... | Node steps to itself | -| range_analysis.c:367:10:367:17 | ... ? ... : ... | Node steps to itself | -| range_analysis.c:368:10:368:21 | ... ? ... : ... | Node steps to itself | -| range_analysis.c:368:11:368:11 | x | Node steps to itself | -| range_analysis.c:369:27:369:27 | x | Node steps to itself | -| range_analysis.c:370:27:370:27 | x | Node steps to itself | -| range_analysis.c:371:28:371:28 | x | Node steps to itself | -| range_analysis.c:373:10:373:11 | y1 | Node steps to itself | -| range_analysis.c:373:15:373:16 | y2 | Node steps to itself | -| range_analysis.c:373:20:373:21 | y3 | Node steps to itself | -| range_analysis.c:373:25:373:26 | y4 | Node steps to itself | -| range_analysis.c:373:30:373:31 | y5 | Node steps to itself | -| range_analysis.c:373:35:373:36 | y6 | Node steps to itself | -| range_analysis.c:373:40:373:41 | y7 | Node steps to itself | -| range_analysis.c:373:45:373:46 | y8 | Node steps to itself | -| range_analysis.c:379:8:379:8 | x | Node steps to itself | -| range_analysis.c:379:8:379:24 | ... ? ... : ... | Node steps to itself | -| range_analysis.c:379:18:379:18 | x | Node steps to itself | -| range_analysis.c:380:8:380:8 | x | Node steps to itself | -| range_analysis.c:380:8:380:25 | ... ? ... : ... | Node steps to itself | -| range_analysis.c:380:25:380:25 | x | Node steps to itself | -| range_analysis.c:384:7:384:7 | x | Node steps to itself | -| range_analysis.c:385:10:385:21 | ... ? ... : ... | Node steps to itself | -| range_analysis.c:385:11:385:11 | x | Node steps to itself | -| range_analysis.c:386:10:386:21 | ... ? ... : ... | Node steps to itself | -| range_analysis.c:386:11:386:11 | x | Node steps to itself | -| range_analysis.c:387:27:387:27 | x | Node steps to itself | -| range_analysis.c:389:10:389:11 | y1 | Node steps to itself | -| range_analysis.c:389:15:389:16 | y2 | Node steps to itself | -| range_analysis.c:389:20:389:21 | y3 | Node steps to itself | -| range_analysis.c:389:25:389:26 | y4 | Node steps to itself | -| range_analysis.c:389:30:389:31 | y5 | Node steps to itself | -| range_analysis.c:394:20:394:20 | x | Node steps to itself | -| range_analysis.c:394:20:394:36 | ... ? ... : ... | Node steps to itself | -| range_analysis.c:394:30:394:30 | x | Node steps to itself | -| range_analysis.c:397:11:397:11 | y | Node steps to itself | -| range_analysis.c:398:9:398:9 | y | Node steps to itself | -| range_analysis.c:398:14:398:14 | y | Node steps to itself | -| range_analysis.c:399:10:399:11 | y1 | Node steps to itself | -| range_analysis.c:399:15:399:16 | y2 | Node steps to itself | -| revsubscriptexpr.c:4:7:4:7 | a | Node steps to itself | -| revsubscriptexpr.c:4:11:4:11 | b | Node steps to itself | -| shortforstmt.cpp:34:8:34:8 | Phi | Node steps to itself | -| shortforstmt.cpp:34:8:34:8 | Phi | Node steps to itself | -| shortforstmt.cpp:34:8:34:8 | Phi | Node steps to itself | -| shortforstmt.cpp:34:8:34:8 | x | Node steps to itself | -| shortforstmt.cpp:34:12:34:12 | y | Node steps to itself | -| shortforstmt.cpp:35:9:35:9 | y | Node steps to itself | -| statements.cpp:14:6:14:6 | x | Node steps to itself | -| statements.cpp:23:6:23:6 | x | Node steps to itself | -| statements.cpp:32:29:32:29 | Phi | Node steps to itself | -| statements.cpp:32:29:32:29 | x | Node steps to itself | -| statements.cpp:32:39:32:39 | x | Node steps to itself | -| statements.cpp:45:6:45:6 | x | Node steps to itself | -| statements.cpp:48:22:48:22 | x | Node steps to itself | -| statements.cpp:51:8:51:8 | y | Node steps to itself | -| statements.cpp:56:5:56:5 | x | Node steps to itself | -| static_init_templates.cpp:21:2:21:4 | this | Node steps to itself | -| static_init_templates.cpp:21:2:21:4 | this indirection | Node steps to itself | -| static_init_templates.cpp:21:8:21:8 | b | Node steps to itself | -| static_init_templates.cpp:21:12:21:12 | f | Node steps to itself | -| static_init_templates.cpp:22:8:22:8 | c | Node steps to itself | -| static_init_templates.cpp:81:12:81:17 | my_ptr | Node steps to itself | -| static_init_templates.cpp:81:12:81:17 | my_ptr | Node steps to itself | -| static_init_templates.cpp:90:12:90:17 | my_ptr | Node steps to itself | -| static_init_templates.cpp:90:12:90:17 | my_ptr | Node steps to itself | -| static_init_templates.cpp:98:12:98:17 | my_ptr | Node steps to itself | -| static_init_templates.cpp:98:12:98:17 | my_ptr | Node steps to itself | -| static_init_templates.cpp:106:12:106:17 | my_ptr | Node steps to itself | -| static_init_templates.cpp:106:12:106:17 | my_ptr | Node steps to itself | -| static_init_templates.cpp:126:12:126:17 | my_ptr | Node steps to itself | -| static_init_templates.cpp:134:12:134:17 | my_ptr | Node steps to itself | -| staticlocals.cpp:18:10:18:10 | x | Node steps to itself | -| staticmembercallexpr_args.cpp:12:9:12:9 | i | Node steps to itself | -| staticmembercallexpr_args.cpp:12:13:12:13 | j | Node steps to itself | -| staticmembercallexpr_args.cpp:12:16:12:16 | k | Node steps to itself | -| staticmembercallexpr_args.cpp:12:20:12:20 | l | Node steps to itself | -| stream_it.cpp:11:16:11:16 | (__range) indirection | Node steps to itself | -| subscriptexpr.c:4:8:4:8 | a | Node steps to itself | -| subscriptexpr.c:4:12:4:12 | b | Node steps to itself | -| switchbody.c:5:11:5:11 | i | Node steps to itself | -| switchbody.c:5:11:5:24 | ... ? ... : ... | Node steps to itself | -| switchbody.c:5:20:5:20 | i | Node steps to itself | -| switchbody.c:5:24:5:24 | i | Node steps to itself | -| switchbody.c:9:12:9:12 | i | Node steps to itself | -| switchbody.c:16:11:16:11 | i | Node steps to itself | -| switchbody.c:16:11:16:24 | ... ? ... : ... | Node steps to itself | -| switchbody.c:16:20:16:20 | i | Node steps to itself | -| switchbody.c:16:24:16:24 | i | Node steps to itself | -| switchbody.c:19:12:19:12 | i | Node steps to itself | -| switchbody.c:28:11:28:11 | i | Node steps to itself | -| switchbody.c:28:11:28:24 | ... ? ... : ... | Node steps to itself | -| switchbody.c:28:20:28:20 | i | Node steps to itself | -| switchbody.c:28:24:28:24 | i | Node steps to itself | -| switchbody.c:33:16:33:16 | i | Node steps to itself | -| switchstmt.c:2:14:2:14 | x | Node steps to itself | -| test.c:3:9:3:9 | i | Node steps to itself | -| test.c:28:16:28:16 | Phi | Node steps to itself | -| test.c:28:16:28:16 | i | Node steps to itself | -| test.c:28:24:28:24 | i | Node steps to itself | -| test.c:36:16:36:16 | Phi | Node steps to itself | -| test.c:36:19:36:19 | i | Node steps to itself | -| test.c:51:11:51:11 | Phi | Node steps to itself | -| test.c:51:11:51:11 | i | Node steps to itself | -| test.c:52:9:52:9 | i | Node steps to itself | -| test.c:73:9:73:9 | Phi | Node steps to itself | -| test.c:73:9:73:9 | i | Node steps to itself | -| test.c:74:14:74:14 | i | Node steps to itself | -| test.c:93:13:93:13 | i | Node steps to itself | -| test.c:93:13:93:21 | ... ? ... : ... | Node steps to itself | -| test.c:108:12:108:12 | i | Node steps to itself | -| test.c:125:12:125:12 | i | Node steps to itself | -| test.c:204:12:204:12 | i | Node steps to itself | -| test.c:204:12:204:20 | ... ? ... : ... | Node steps to itself | -| test.c:219:7:219:7 | x | Node steps to itself | -| test.c:219:13:219:13 | y | Node steps to itself | -| test.c:220:12:220:12 | x | Node steps to itself | -| test.c:222:10:222:10 | y | Node steps to itself | -| test.c:226:9:226:9 | x | Node steps to itself | -| test.c:226:14:226:14 | y | Node steps to itself | -| test.c:227:12:227:12 | x | Node steps to itself | -| test.c:229:10:229:10 | y | Node steps to itself | -| test.c:233:7:233:7 | b | Node steps to itself | -| test.c:233:7:233:15 | ... ? ... : ... | Node steps to itself | -| test.c:233:11:233:11 | x | Node steps to itself | -| test.c:233:15:233:15 | y | Node steps to itself | -| try_catch.cpp:20:7:20:12 | select | Node steps to itself | -| unaryopexpr.c:5:6:5:6 | i | Node steps to itself | -| unaryopexpr.c:7:6:7:6 | i | Node steps to itself | -| unaryopexpr.c:8:6:8:6 | i | Node steps to itself | -| unaryopexpr.c:10:5:10:5 | i | Node steps to itself | -| unaryopexpr.c:11:5:11:5 | i | Node steps to itself | -| unaryopexpr.c:12:7:12:7 | i | Node steps to itself | -| unaryopexpr.c:13:7:13:7 | i | Node steps to itself | -| vla.c:5:27:5:30 | argv | Node steps to itself | -| whilestmt.c:10:10:10:13 | Phi | Node steps to itself | -| whilestmt.c:10:10:10:13 | done | Node steps to itself | -| whilestmt.c:41:9:41:9 | Phi | Node steps to itself | -| whilestmt.c:41:9:41:9 | i | Node steps to itself | -| whilestmt.c:42:7:42:7 | i | Node steps to itself | From 850686a8d98425b36edce83a4add6149c9c3381a Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 5 May 2023 17:34:08 +0100 Subject: [PATCH 162/870] Swift: Add images. --- .../basic-swift-query-results-1.png | Bin 0 -> 124871 bytes .../basic-swift-query-results-2.png | Bin 0 -> 158046 bytes .../quick-query-tab-swift.png | Bin 0 -> 41277 bytes 3 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 docs/codeql/images/codeql-for-visual-studio-code/basic-swift-query-results-1.png create mode 100644 docs/codeql/images/codeql-for-visual-studio-code/basic-swift-query-results-2.png create mode 100644 docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-swift.png diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-swift-query-results-1.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-swift-query-results-1.png new file mode 100644 index 0000000000000000000000000000000000000000..d8b55b0fc83e784d29faa849512858e960f1b9bd GIT binary patch literal 124871 zcmb4r1z45o);5R&l2S?|rP3iK-Khvji!?}=bfW@-bQ*x9bR*IsjS7ggbV#Rk{%bRH zCeC-h?>{rw%rzIV_kQ2^dDgSmx?}AiB}Ex*3{ngvBqVG(SxFTnBur5xB;=py7vMLx z#IJ(kf0ylKwVog$U8O_(hy0ePl@NYO;wYu*_`ufG(Z#^Q1j)|8+{TgB#>DYD7b`m} zC&%V>^H?OLvqU*bF;!RHm6N~+Y7dk4!p~0e3D2oy*J$*sLXxMef&#xs9&wDPL8Zmy!tHz1D} zx?gh|c$}X&pzBe(r?p->aArH(9*GjuW`sr>O~lh>bLWNAJ5 z?L)3dlKRbXW0Q}wGlrdistwbQ8X7g-2C)X!`DIn-@v+IDMWueqSC6lkCi5R(E~$E> ze=tG3h3vn-O9qDQc~%|w(=8%wa^3%aP2}a|gnXuYUn15%;J;pbWqJ9f#nSmZ7Xn>E zg3s42=ZCykzZm*u!Pb76-xjt~5(T!yjN^~sFvf_z1}oU|PgjuKuSwv)Ux#}SvJ&pd zp!|~?Q+e>9JF$L$?ib?r{`(EiGRKJhr)vNQY_(V)~*py97NH zQ384Y*~NrCP8AeWriuQSYxUb`ms<_z@|0TiTNr&9yZ0YXOy6SZ{d!Nh^8fajsz+wS zB__5LbzWHo+;BQo9ZM0|FZV)3}>P{Urm(xkPCP26#` z{`ZCG>$`!{7M)4Kd!a2|E}G|Ka7XmbT(z?QEqCO2NumVS|9jZKd9QTm$=c_~Z2YYa z%DTD*E5!M!LPF$!jc9bi%a<=pcu@-r>#_`|q`!Y(=dri8vpo0=6Yk4raxE1 zWqmxqxB0$fZ!q`oiF8DU%Whv`)pXMA%q1{M$Rp=I@(n@3nh`N=?Kc<)&x(rJ^R(zk z5?{P{5fO1E_BzGa7={Nu4JDqL+>=v z>#H8S9z1~OudlpkGm~?l;~8f$&khUEf=$k5L{23#g5GUtv`9-!uZ`FK__?=3L_`#Q z8y20;B^g}pgq4<%n4c~;#nZ<~G@s`EO6N84Q+ds$D$Ym*@0V&m>!#fXRG zzPA=?jclduudU$fy8rw#0gvr?2%5ImO<}9CDyOa4j}!%m%PwAh=$IF^D%!Oz9d zuT3xb)bLgwe*ULF$_OH5+HY-_&Yv&X!-p^1<_-@J>GbS|c(i+jDRI)K`6VR+aRgj9 zCZliOuXEhkm}+{Esdz6*$As`Zym`3XS|C`?&A0pEM;kIhzTwK*oj9FZ_nqb-g10=@ zU0sw0gjW-VJk*JtrnlxkOB!mqsy8AstGZk%-oHH%U+{_80Fdr(JqRhWSLmZ9cAe z6!w*&VwB1s<<<`t2ROZtU56tSicVpha#9l$rl$>^RBbeCT#Fe=x!S`>P{TSqj}XE5q5l2d*Eu1$im<&bjEp0<^mKH#wih3$rPAL|5+o6DPWZ6VlhUM`#Kfvo zu^?y~up3#?tj!5=8$@tZHGrTkj6wq0@&I;(I_x8@Wdx#Ucq#*($u#O~@wwc>I(d0{ zIBdy&w4(dDhD?l%r`wq#25PRP+w2RD=H`o3XZtdQ9;e4{4+92y{`~-=b4f`_^>$$I zt_+u24VNr_&t!X4<+wbM&sgQM9!$ifYF*VMXG^3t=sTmd3OCdYU&!n zrN4&QP;vTV^QczFYsq%hA3YL!+?4>wKR1h3*ltqvgXm*vGCn1zw{IZvz3dk%b>CS^ zCUunD?PRyJ8m}Q~d{ph6?O1({5pnzJ?Ogi-nGTW z#lJ}SP_ap$w-Lso*910YRXD4ApPCg52zu@pm6x*$ct~1V**GQ}BCZ?BK4-{P zf{q2%^K@Gqb%V@CDahwGUUPtrjg2qjxDfF{5Stu2Db)xC z=p!zmV3Q+%3MUeP@ZxwZ=)T>a5tvp{u`hD=OGFvzev&TQ(niSd1*~5<)vrl!i4>8@ ziB}!6^7FY@D(UIz`CYabzA-L|jMz*r^ydy1JgPRPhZ7eX8mdNulbV{!V>5cIlJ5%b z$5qs@vNA5MJDOFF*_+1+uU=&(V#7gH`PLP}V;4elTiX9kM|bxi+S};pv{W(Q6%}@3 zJ|xogSGPyq_{uy`d}?v}rbzx8#S@;t?#)T&-F(?n2aBBGreYat zVg|3v!Ip{9t1EOn>5Mb2M9X}CE*GBb^z;n=*cB3zY>W@D$7?hf*y1*nC_JrJe^4L{2@>3xqdPBUd|M|SiQg?x6q zeS4}rvzMsjTOmw1au;iHz8Mhwbqm+WYnSs-aehnZBMETnpbRof(3q+GIs$okz$LW~yAdU})uH6}HUwKjat*3VkP zrtnmwxVgDi93VO2XXoZdzc8KpE31=;m6FJ$V}~t>L{1 zpTf`KB)5O^)*pm=I^P+?T0+x8+-yN_K~_%A;n=$OO(x_aE!XtSaAm~A{4Q?p4?6Fm{ym6r&ZIqv`7Ru;CCl8CRa8``zR6=fLT7@C zMVu^-W4F(*fT-i!i{I6p7338Zc9ckvek2OIIe2>3&?RD%ySfdpESL;JE~Xa{cxb|# zHu(DW>uhnw$sS{JyyFie%p+!#qSk!nqmF%)@2iMKylV)XKF46(8CRlP5Tu=qzK&1Uea=J_ zkLMsb`wPA4->E5wd!3cw=YBN${{CKA#u*f>JB+iFwr9Jx^ftaMii!McL=GQV1lNOZ zA|>!U$xE$n_G{>MJVk}ZJr>vf=KR;UHzPyIc;zKa9T!zPv`bAxG4AXyX1=4d@ugLx zCnpzlRhk|tpoaAO6H>+2@Igh9QPd6`A|eMG0f8UTtQd~ZLQ?^5%B^UdfsF|%HsjxaH5SYMxNJd?~7t(*uG)ab7)6ewMJ zdiA>UVdQsI{70-NvkD60oT|v}J_QS36}m({j!ri{swU!d>e*33%BOU9ci{D9f*V=l zI1mc{*UMkzRJ&zD& z*@Jvn>8Y!Ma*Cs6fUD!ooYDZ9G^fI-v0(q`BxNY zIauJ-$)GBj9DE3nY~%qaQtRrEkD(O;at8t~YsB`sYh%@coJV_95$TUn&>YWBy=E!- zk~<{~CtvYcYkPW9NsRDCz2R>z9$>q9zn~YBG^Zem)dZg)nob-A4Qe&7s+bt{>G!c3 zx6-1bp7y7$VHANnzPQp?pGy@@CJN}q#Ke$lAx9w^)aUR|Wy)&(%E4Oo`e|DuA{XdX z*rk+}IYL6JKUuYg51?^v(_k@sA774%yVY%pU?& znwCOB!=;Q#zGo*{GKu(WATE`EpmImE}WEkds)%*@Td=BDU#z{J@S2! z{p@-VDvpwp()IVDnfKpyPR%e7-cvRCNb);nl;cJC1vTtjS{pR+`6(#|UtV3H#bjh= zu3AE(3SmZnsox0M`Qgo9*ja#V@G4vax3(M>6Lg_R#u!Gqzg0!+*%3vbCLIcCEH^v* zTN4>Pc1~*8H{=XGs>w|<|I(6@pIwQ$&l)TyUxbGbE^8I(`!(@Ltvcio3RU>8CApxD zqo>aTwo}deii%S#?^|rtmJ>n7!|TDY&3;pugwHN+d3l+>!e)%W=0;k1=DoM?@B8h1 z5ML)6s&Zlq4z+`3F?v5wt2DhxI!FA7cocG2%8BTZT+n{m{2@8Z!}2^hQFwTGZft2<@s#`O(fYePdebw=3*SezxjTZA0O%woU zAzCI;;5Zyj0n)v#+N1Ekuw3|ETtdR6oKQ^aht(u8kJT&5qB}-?hC(B4h)QlaHsFhl zV(g2iPf^y(sR%g(a1g^Ww}l3(>lW9zCTmj&B9o}O*7of)1?J(8CX7T$1%{PZnN#&W*%>s#J@ zf$z?LWFuvEGCoM2v~TNNH=`miJ*stAbJ%Qbe_Hfnb~>e{9U}q}G<+5o7U_?xQa^o+ z6x`Otx&63Hl^TupCR28Pe(Wcx&v7r3tAF_QH&93WBIROUy!)C{Y8uf+y%_h2|7EWU z=qN9yIoA*4!*D~fK@+N0CP!(=ZP&$!C_dw$edEb1F9q49vA=Y7M(q#eKU8ZsoNQRT z6P|Fhi`eKYQB8h3O_xL_G4wW*PI5~GA!NLYPlZ=2nQdywc2|E~V@r8hZj}ugP?ijv z{F7;5M(c2q;S;K3e@a)0Q8L*aET7-Gh8)XWf?AoL27_yeTm*f;9#3do@x+Vj=$MI* zw(syhE&+bK^sq3StkEMzF`tnPCgM$hMUIADnG@qyCH2j(M1L;3Hq2hRjbcsmxq2>CNyvHX0Xfqb| zf{46gR{ODXqpsY>{^kthZ1cqN*9qCzV$V>sm2N|xjb%O$%Ui(~iNA9gh?DM*d5z!w z;~u|9q!8`NXaKHgmQ9l8Mch^V$U6)=S6fj^3Cl_Oj2)kUEijdeT%8Vj6y<&f$DM8( zXH{9V*w7!bVbmzM0aeOmjNNwIGHz?#i;IhsZ@!5Vxa-45#u>-*FrcEJH4U4bgoFgY zI929VQCDi}{QXAEG>l3yGCn&DrRY!4H`tfZ;V7}VKlU7Xa);uDruBAL*)zYUW#N6y z-)_58Z%GF=4DyuE{s#4R)G)c|8{7vBg44NvO%$%5)Gb#WP;p33KA8l@Dag4cXwcg9 zLm^R?4)2}nZ!m}nY;NGNpO&PsSC^K4ZZBl%)6H;3YoOff%smps{m)y20mfI@ z%wO;IAqvy3=4y#n#8KpNes1j0(3lao^=iix@FawyM5GZYzD*9uAJ zl_9@2Wt7+M5*|0UPiMX=)2#KB25LSUvF5UyoRb|`wED#UO2DNcrkPq6v3W_KBp4fm zDaRyn>u#aq=WaS!yrKw`lkCeJZJ_{z@Wiz~pX+gH3r|Er|fArYKHaO2LR1ly3(+r<#5{K+BT1 z*AVSodJ&J^-B;{lG^isuPtml4+R1O#ANCj0E#5UV%VORFkOKrB&HD&ZGQQy8;O4a_ zkjhtjUvU^Uf3e?Ndo(}M{Q>81WwtAWRe!RFR)RSCtt+Ywi^4rfb^grTOZ^HCEyXF- zKOSABjU*k0EqDnDTA&tD;u=k%nUE(eq>?%(Z-zMx-~K zx`8_6eJH(k1sH8k^Ip2#eClLWoVQ0k&UWM9ZtOIWx!=OMSbOMa^%nx>Jx-In3s z$5xZK7#PeQREB&}aS9ok$k?u;#m7;Z?JRL0?XAD#$=8lDY72|rT5GM%%1dCrBppsk zi`R`B2KhwZMp3ZqDB*0b&Dn*8Z3N{48$BVMpxvlB zI)+rxQwn=7)Z9EcNQ=C*{fb3d`P;1^^tj$%QDzyLj|IIB2`hms85F~XJKL>rT8`tk z`QG3+cv;I6_#OPlHK_GOkq`}(0CpSzL1kR~%L(MaZTmJ;$^K4eP&I?<=`WG92N^7~ zwzaT(lm;|HLXT)Dd&Xa6KggU;krFmy0)8`pf18^u9D_bGIV+!0)N&U>GQ=vpd*^ng5 zR&7Ah;HI^NbiZ77x~I(l)8W!L=o??)(HbX0rO}{9o12>}+4=J2E?xASdyGHcqSYde zG)x`$7Q>0^;C!#ts3+&%n(If)$k?t%n<-AYr?Kgp+tMS+?Fa{QHa1N*k1_lOKhLQR+-)7`-3rDy1_kJkVj7Ct7cw>EW~<}Xa~6UG}{qPPa}-7N&h?`;B@z6eXI$h z;OSxv(LuOeJ>K6;!_aELQ79PiC@J9#nzUD-Ar*QR$YZxMTKRzH*UzufFVI$q`MTbT zu$gS!W%`v_<8`DyS2<;S`qS1p^3O&m4~c}YHJmD(;Q0q3AZF*{_gh+84A)%`x6LIb zp9hy?{E@E_YS`?Ct)mSJT2^6Ue3v;1d(&%BrR+r}{Y0RaJvHYLe{~8^OMZzgb zTz$*BZ2_Y(3^HU$|lIPUw{Mu|{T0Zalv_;A3ALQk^$ z!ZWW0sOnaiUKof2Zhdp{dvC957RgGwu{lZ`C@7JVCmzmzm;f!1ocuZYXoG@+?mZl- z{s`*FoLh6EUmB3x!0zdhmjoYH%(Di)eEG!6jx9%-CObPDUrYg*Frf9LOyKB#&+MhN z9}iR~AR?k)!*;ofZN1*0Ct#H7+VEF#2)mt-5rnx%uKNVlD6XJHLFqNVj%{~#dV)tQ zO*&_3xlE@~@nk;ia26?iao`ige3VQ$B@rQ^_Gf_Jc9)&MXmhf#P)XtYi-=j7qw+N013uVpPL6>1q?$O_y}>jD98viI((DF+&ezZbw$ zEt3fcXe{5nAM^wC1o|}qcC~~)C(C+)(94L4-5)G*UeyjF7JddK?Af5tNqkJBQSL=+ z8bx&dmEEyw7kZp+#Q^U6@>|stCyF%UK(6VA^Vm&xXwjSWx;&+X~1=P@L(($n#)lO6Kwc0fUc^yhQ<{aq2G zAh!GdWm9wW>{o(GB0l4#nPbRRiT`qn{2_3nk5;2JP|MD9A(*;go@bAhSBs0B{VWxl zzr4P!)-LAYP_ovJd--x?^3WyU{zfDR2M0PF;BN(AD-@NKsQ8mlX4lo#d4mY>me*E2 zg;J=uw>O==sGymj=q0LH>}ql-Dh|6zC!yBuq5|^%)YPwt==!1OJ1%6@j!{D>OTKW; z4`d{H$@)^WpWW}mF_1a=Fp7*OiN6avg@q*ed40e6`SuzXxoG$CQwk+&y-8o@l&Pq1JE$w`63e0}S-`XNHw5h3B^Q18x*z;EN6g8g z6KL2*sycyY19`(x8XribqCu<*0eJ{rS7=nKTr}g(!Zp%_bzl_IK#hs(EZWchh(KQ-M@(-1jMj4xtC2;I$d;N)+(<^>#v5NlA+3dnAGg9Imi8GBy1P!uU29 zO#>83Gt71n$=Vd+SwkrVuHyQ+Q{_dM@*QD8mtc~BtM8fllSHVe9YNPX1=3JcgL{;` zaqF9=i^>gpIh03VYeHC1(6?tV(Yp%C0B{RyR5aRU3BbdZ zn0&sfC9>=GEmcazBJ{h(9mjwx$`+H(`>ya|QFt&!9_miyh39Kj4ad8LRbU}hv zOF1nqErs}I63Z=a2m^k|8NK0cOy@=b8VXvN_IeGadh=EXYW!j9+H7#;c#%m-{o!xOkso2DoLL22$^OB#G zYP-wdIL3eg)EY2OOkD!mTfWv^YAWBhH@&kXIu}q<{_XIJ2in^1TEqKGON;xKn)D-D zo10!+zhpGj?)ib-#I4`Zz*e_Etq_>`yc`SAOb&sZS3jOBK0bbcdlSD<>HY1M;a_LR z@6Kix=4=}g^e)hJXQiI%QWW(@(ORllr(5y$?RQBaxr^REFz}7ltPgftybZ)wF5xMl zi{MOkq7Q!kCWcbg^mzh7-S}KRX;GTkxk#96jQ{2T*4R|CZl^%OGZ=YGHs;aiv{LF9tPtk*PzrJ^QJq!d{ z6Jz77-mmGInGeTM)kBo&MM3B2wCw23P?&qRlaFj{Vp93=j;>rt@wB+O_*GV&tdcR` zOdY}pm|V1|IJkV_WK(xlRbwc-8Yx(BKJI(+m3ZNUISSf~(9jR0gn5&|N0MiC4&S!( zZFza^^K^q7=`|PNXOM*0uyDluJ%@j7&a~xX-Q4JUv6JOs6QF^NXcll`k$`55s_?za zYJYUp!*7>8LavI^qNGW$?f*ySX~yGQF;pd=yEcWr`{vo^%vUin1k7YK1E1W&F?dr> zmo(}fw)dG3(vyaUhR@-)TvSfNv#hKvJ=hHO>V|diy=v$%j$7t^jz0Q4m}8c{ID&se+3!xIx#kEB$`k9lHGc=?rr}$3zQLLpY*d^WV zFp-(s2uh~LdkC*yC7sLHe!_-7 z*^Ud!X=9V?H~1pE-$F-5^B;V@zwfH{$uEQj_?48*q{h1J2y8@0t1ve|pBv#1O_Ud( z85yI6M>q1WeE1NxzJJ!0$G^S;aL#LLf*-z&j_SyTk#ft&TJqR2>(*#yycK)a_v4eg zYG1q;y2Ia2FeuMJ98mn#v*k#1xV!prQ54r@rMDr41bjHqToSyQN85~reHp6ouJ<}}7BVro-hh{pkzw$}HRIEFf$@;(nVEQIEt-dW z?0UvJIthJA@*WopMO?*1Dctj|yBDZ$jgr_Lhn)z?tR;&*v+MQP+1d&Sb22qGy+Kb; zVtVZetSwX6-`r5;j*hPU#X`#Ik3e1KlN(R}YO$!>wY8;MmIfdwvUa5O zad`EVn(X7YKO53}_iBN3`0>&9e_o!;uI%QeOP3(jPj(7@SdM-n+B}mo?B6e*`cw>V z>nc#^Mih?iW*8s=lsE}UAfdjAq?G}^Wx3My=hwHHoU-vve_l>b4*DEMnaPc?zdtJC zTJfxpqJ)q^-_`>FQOG%hdd}d2*w}cTlutG@4S1+LGX2kSEacv4m_~myuGD!R!1?=k z)8wOg0J`3LV=n6x^%{!>vRYasVR(}yn*RLgeY;eklp|y&&tE_9foCkZ{56PPlM7%E zO72a(`uo8TKKJ`N@?T}v^o@@Jj0VB}+}}U@)?)CVTma_}nzu|xWAZzH;Ke5w(NJ*Ij0pj16@&EKO%f44S*q8!C z&OdP#-&x7)GkQv3R-fzsVPBV)Ux=U2pE$ROO# z=RfRAii>~BP>6@FXx;|}Z6hr(&1j6QVWIL|7XU-PkTl+ZeiKCTiHN`aVAKEqwUGQJ zMBghd8WIcfo)0>}U`E@m-#!+76C}9b?&ZomSy|Z%hdB&H;{WzU0x<#rN5egY=J&sc z_khV9@c`(XLBQU;yvF8m5oi7X_o2W!I&-+&{A=ICm4E-VX%K;b`!s6d$cP9#u*M;v z^7bggxk3mt9h7Om|GAkKVKP7e!IOrXdI}nF5VJE76B*su|B4Wf;NM>&2)>5%o1|{O z3F8Wd^`~zTlJ&nmdLn|v+6jX9Tqge8rvs|+dywVY_HWC&_#9&4F@Q60%OObcl(@dW zzR@ZtOK?Qq$`*%blC=cp_qThPCV)zQjZHTlG4=5GTa%$Om32PgT-AcX7~+1s=K@NXeR>M@>Os%98YyD{Z=JsEg{)WvPZI<9)?BpvUp@@J!pPs6+)<(Qt5Vf?GgE z#h?ET&$!P}(PirNwB)}%FmwiBE;~;`?lxJI%7wbhw9+9f-!lvGY|}23X(ON^rmT?k zhihP71dt}^w4^E_(WHj9Z};=d>w{nOGZV3lecA{&)^c7UaLam{)z10MloS;C;`tds zngEy=_BlO{WzsNCjAzpmcHdqA&-h4Vwth62`ajpDoT_DwiCKfvigr|FH}y$$@NRFi z7{Z%ZT6llLQ$@k~7KlmF-=CKg5)h=NmXip%moW>2?n6X#+AtW5E%|_o(^%HXXa)?% zG&D4-?Lr0y20#>x9c*tq5-ll>xSkm_-FO}m_7tkac{skfZ-+rt4Y9SF9TnAEnBWR5 zBfy!xmEmZx+}yHNv#`jCv9+@DgzHw=w+xJ?$%M-nJPyF^E@ySxn54c~EN-{hYhoFv z?&Vd>I-@B=z@}SM;e7&~`ww71L$=hRVZ!w{83yK$tWvwUxb}VmpI;Q1Q$q>8fr}ig z-UA>`Mo&TJ@_8WtN1p#`Vcc)&HC%aB+}U{-vP8z<*Vh0KLMVl_iL8l0T8vh+25+{% zXQLi!7`U82yX!dYu4oB{WT#Tdo0w#*sDLUY3g$^%az5WNO)#opTncDzZf;$#`%qX| z=baI^q6GKHlo^B?mYhmNw7mB|>>)Pg`bVqb)ZTH;k2VyYU^{-0ArSMQ;slggR_X40 z9y#ydw;IsdeFpU-Ej2YXLlXKrRey3Ykc_`U_&;K&B0qhisYT~WPsA2CG>q!%=Xcvm z?{scy3#VdYyg~Z%MG=cyJHnL{dLgx}tgP_OJxbJ}S~yq_F>|qa5k{2wZSxQRN?{m+ z{{H^%d>EcXP$R(WX^iegfd&Mo1@c5BgDNyR4|)BA^{~jHZ;g&c5`1OzqZ~WZX?cL+ zj)SBWMVdVpGz=^~_Q1-s>eYEd8lVu?kcBmZ0~G$|wTMq01|BBJ%Aa;rU^=9?uEBc^ z>04Fsj_rds`3-$rAGNwT+*{T)XGI1C;<7Sg|4V{eWdLFk^s`4s43P#h`}>r|#GfaQ$xO9OL>Mik+6#tq@}opjVbuVK=r70TmfuzANy%)-Ys^F2T6YItURNNpK&?)B@&QQUAOLCilXP|tcPxpl zt(xCBx#imOas=9@ShEoawW$N3kQK*}i8X5{-#T!1(rMLn8wP zYsq?lV`_MKIKV&_T}i~n)6>(&#ztB?;Is3%^o5a}Rp0kfZ{7sAt{b3@s1%=CEE%@H z;N%G8_c3tCtlL9y~sVl%)Hav2xq`iiOBkm<Z+Hn8=?ZE{$P)2!z@gENc{K|7Y4MF5mYydhY@l|gJUM#4W1S2xFW#Sy!j zq^4R$LY`)9u4IZBPpEzkoe&Ks+CwEJJD4qD2x?9^Ckd+ik07M%yqy5kfHxt*!BMl2 ztW+y0h0?igM#|(sKAyrRD@+LKvrh}1zA@W7w5w0%r z93kcqm$v_S@Z??qMe<9Hq9-yfXS5yKWoF-iK6i2>SN=i9L;ZXo(eN#nPX?`lWz}PM zMcJIHkpPF%7aHbl7>X-06pD_Cd47ltE+}XN>@MpIfv%3z+)bR&m^70=3m=7oilvld zy0KQI-*}R()Myen&_DVz0@iaT-=EFsX*O+o!c z0Oo~C4leiYSI|6+?Ad`8Vi}4xG;}2Vj;|u;m~m0V78Zz?UtI-hd|;HL+4ST{8qI*=aA%ulpUNsmaIv+)9%elt7u{7Fbm8AJ3F(cUhw%vZ!c~gYw@-N|!9X$8ZWtSgH2I2FQSFx(Y@4K>w<>%M=BHbzGm``;3&P2Q>^dsym)2LdURl zma5-=hUp4^&ndgqF;ZclCcn2pO?in6Kh~MuYKT4F8p&#+?$JlJ_><8mKfgp?A6WSw zA_V}NmDe4@a9D16RFtAOhaNM&Jf@81=$VvYh>wz<-n!=N4xppvp4ELU`__OwGSoLS zJq^|hUm33>J;_wMP65+gRToMD2uAR;1n~`az+elV!UW0an2!<}zDujN@~QQZU$v{> zR{;wcjA@1vz)1D{APn!p2%=?eMnD+Zk8^Kr>kc}^?%fN;IQRrDL@~2^>TeNv8!T`# zr6=Z~+dvGijaEL}@jN}&%0T%7lM2S&-H8I3;y6$#cAIcTWUp4Z{d(VtF0V7-!_GC5 zo=!K+k)RajJ|uVfGWPnrkNUG!txs#~+4#3_qEkr^c!}73+3K;Qs@uN4`pk2&5f8x5 zYPo&(@$olk`if?zfcOn)s@>#cvdoH{Q=!Bn?|FUOA{|4Yg4b|+frD{mNK=`EL#TG~ zvy1`USk)^v#viqQGmxrOCO@;)OKu(REJry~9?zt=G!z4{hj_4_s5?15dCzv&{}~!C z$;<5}q6`XZNPCjAAW21mOFQp_F_dQd0=KQ%%j$gA+D@vfWgpUIi5!MF2l&2yv=w3a zxoiPbqFD(1K_t8ViU2V(NX-i-KDiErktux@73a~)bjwRuBe0(46cn`jJie@39_!m2 z_gEd_7Mz-qbgkt!SHhnwCRD_J6A|p*oXKxq?T1o{-~7{#@z>Utoo(aW_`0y|EFy2K zA>>-u)d}SfeiB0^CYYzOghWKtVWZ_-Rsg}-0Jip8e?!GNDVQSICb@{Np7;3JY;qsG z`9(=U2WLC_HcHg3RPMBpc2I39wN#5$QyL z1GzA+#0bb@l~nwawv|(jO>4ef{Rt|=XwW?I$w7nB0naxi%-<5JeYSF%w2;qQOB08e zJFq6UltS(?uZIoGuyD7mCN)9b>9n-cftir7_NJAU~g?m2`D z{b!`JCQ{M@;s;e(g1j&`wiNZ37S~TQ{JZ|$waL2>ZZSGAEGY?dLJdr>B}qw1H_++C z#9UHh!G3#jy%rx2CD1YNLVVhQK$;Ja5EOqz?mQ(2r?sT#($e?`%Xp*3T*M>^H5%qM z))>AdWYzZG{#8N#jL$f#3_id(LAy-kkj%nXRdwTj5;NY+Q8gSpgLi(aM$6z=iYI@+ z8AegIa9HfTePPTC6Sk+vhT1Cw9SRKoAS!9vyN9^8J;4NJP|vik-v6ooT@+^G*?2wJ zVESQ0BUe#TF^+krr2qR}S2N`if;6_fV)th+Zr8R9i}vtqf9tcSjmzc($oAG`UxI@12_Cy%$Lo~W&ko6v)a7chNXr&b-kfx@umucyi zA>J7&E;?5Dr9t28+_1lOQ9mBew8-Nw^4J@RfkS=8{%EHXHKh9ych(1zds*Z%-g5rb z`EGwp`19xWWmyk#l)y(JNn|daU%$dgZlwUO49qDa;z-!@Rb-^Ov0KDrl(tkUk^7b< zF!ew&*rYL9VJ|_07|lbs*#-&PQI4hKQsyHPzJWaRHyqj#mDs>%qI6mjxrOBrD` zTA}Rz3Z`|`+OZ`9up*-Xp2i@|@gv5*xcJ|i+u8;NdLEgmqXe!g4xISw-tpLF?$oPv zkjfZKs~!dG*A2XPRaF@R6LX$i*I0E#<312Pa-rhK<(wMzBPAf9#hcgChr6Xya51*{ z_!VAHH!TAr!TvnHvCC_^^^?RlO=x|FJQ42BZm7y4VeVU*eiDjY(_Ih(uQ@M;s{8O7 ztj@PSsqk#gQEF0Y5FY8B6}-~|u6Fv|epDQv4;I&%>PH<)E;Fx@m-PZ>Aw*)mAFMMb zI`I$-MJ(4`>VYjUN?@T=uQW}&411~q z?x9nA2O=o(<>c<`qR^?$u%RHvE=+_dmJ_pj&DQ z8JUT{Xa*S>93)E?&tAhx*?SZhOiWC`WUSU*bpaAd;b#P#)V*?@NyKi_R~|SnE}d`w z`J_VbUmBkULiia!B8M?*rFi9(R_TQJM8)lO5z+X*lF~n$wWtqYThVJOVFG^R1~Wa} zD03uulFMAufu+LV^d0X8(X#{1>e1Y=XjQJ?;Dpa|5A)Q7(y{Uv_4ndfAHh#bN2PaMMP1B| z61}xjBDls z1z55B6=L^?uT$(os~nR~q?1(Q5TlWTW6`eSvxCH&DZqUHcqQtCCms6JchFFLid-m}pBDYVxM&%M)dDA9et;f|1jO^3}jW zG2OJBZVqzwckzDid|8nx=hIKYkS_2!7~0S4U8uNNt)Z!@sj50#z(S(`LG#WVenmeF ztqqIG1~CJBK_idT8}mR3Xm-GaY~n{I+IT`uq<&CQadLLp)o zA3ZgadD}KM!)bqDI)Z_Mrg#g7fb9W-GN9gb9qU&o31E6e(q;R!di0p1Wok=h9 z=HrmzlftQQtfX>q2##0lBRS2v=T-ZNZjs#PtJkOxiBNhXNQM#tld4WiAxn>m26hhRhPuzg~ z5aFJ<=jpP*x(bzZc>Q&`#3UAZ6`LDOE;Aa7bjS1W@;Na>-POiwl20DPKB>C||&)(HX#rZsT zWyRSt($Y}3u7z*2x(w0Z3fgiF`gIr@HEEeRIdC%)CdIZX_|ARVMZ-miUcV$UqETVn z{eu1Gp`#2W)?=!e7h=n#2rx?lVD_>%_~IsN+-SYxCV?$?J#PIz2!}Zmy6+6e!L&9Y ztgnFX`b_>|1ULAL6*DMsr%HHYZA>>N8^H@G5%;rty{_7IGj$5fZrDTsteBF<4Dl4b zYs7qZlhC4@h)u!HLj7rccv<+N3%)J3N<*awC2mBN$z3VGKqjNP37@mtQj=Z4Oznr8 zZB&~*`#Xbr3LRA5`^Z{D$eyR$9W7+^x^Wrl^J0DK1v){Y@^ZfY(B!tZw#uu#_4T`t ziZd_KQ~=*8G3F}P^W7iuwIJOchvdlQg(vHBMM+>%leI?YyFy-}JT>8c#8Lu{Yv`EA z;db^Wr{NecmlKz=+yyIiCSEIY04!N5WojKn&bn6Vit_oe!yLW}+IF4@Qv{9}j@y2d$ccO;k=&<1{Vgvv^#+r2`3b>Fn?II`W z+@ZJ-hW_!wF!D2?hs-@l6GkDoX0Mofa@y%j40v2?IA|eNbylcZTY^OZ;JW=eaTMR4 zEGE76XUbF@eI>Z1;Cl{;J7w`Fd$!*e5_Mw-3`yeF<0Z~Izna%Q;WTEAed^`2fR|c# z3q5>|4f6(Jevsl960N;jI%+~n&ei7%WHMhSkMS%;7NdIFM{JFvzp{DDSf8L7V?Wwv zFX_IL<|#kd7{UHfy|N$__N@iMd5%3c0_%Cm@z!TH`yX$(vP()FIBoo4%c(f&zTPsG zfwkJ%*MnKUMoW8Vo2pB*ML^CogX8s+JS!MEWO=5r@sojm2eGE{}Dk zP0z^H#|quHKFZPrzEdFQIU5{PkQ9yvYmq@zRG!)mdik-x1N*`V8dkddH(9zn7JauE zWSFF%Q0vuM9HJX3OvK!R{c*yI(;+ff@;OLfLw`k3@S9eRNI{o zWJpH#%+r=%HJ_(Abe=}tDlBv<+}FMdM)5q|T5TFYT~JuR283R_+aLDusVTD%hP#ko z1)@)ZK|^2lb4VlrkO+SkzUIcOd^_G!x6YGcYy&Zr#<*0xu6NjyKaNwQ&YQoG`A&62 z3<%l}E)y67zL^YaUH#=S2vHc{Z)7)ujO#F9?{B;BovM|Mk!Tszb zen-jSWkK>t4z}@YdY*pCj${hRzFwjOpwiIaffCJ-*EsXexNIOHr+H{pLwvM8^nUapqN(sY-GU?oR(p6=}xC5uIp=p>i z^G`DOR-s#A9SrZ(kfNx#ZPzz2AU}%4y}05c^DtINFhb!XTRYUl=w##(Up}7B&!6cH zz1|{K`7M69oOShL{n46$oMB+bE3Vk4KwO1hBqowO4(ak`;E60u_RpnHWGD4eR*tNW z&aJPwvO>nU_3PK80s^s<&g|mSTm;HbiCehfKvQ%(ig1PMjg7bilU-}o4`))WVhL68 z@(LR10!vkDUaW_Q88It~{E9Sq94Pcr9JyjE6ak#`I?+*YvQ8x)#YwVTG_ZqCvp`WV zTKAYZovcsIcuOlBp8ItP1X3e zd@U*P@4UZjeu$&m6BZ5Ma5Oc*CYC3eKiCKp%Jeuk<24L(xD@>9;w%&_t|OqS)iwiA zE||eb24B}-4;39a6`|wpUG2*q?0(q1Oro3Ri}i{M50Cn!M6{mW5+$(oCS<17sJX`T z`P?8ZVs=p&@JY0Wy2%1uY4^~R<2_Y+!BhdZQ13Y)hT9E(&dy#Bx^|nvd2O_NW?xQY z4=5GYk*C|g77J`tlZ_UyQXErmbTn|lH|PXa9OwH!w(ESam>4`ypoM~%mgp=ETC zkPeklN=a#?S#$}~C9wdJMo>U3c<1uB_u2b7?{oh3qX?|~zOFgP9OFCXr2`o%6*L_! zJ)17Wl?jNI(&C|^9yEPro))f4L)F6873b{DKomsP+47!C`d8cdUw7NYQ+loWl8=P= zwA2#!X!Uq2-l-2c7W04FhA?VLtF5*bs5{Gy>+ll@{anXnQA!9UczSIK(Tp)an@$O7 zhSH_>5PsR63m1CpVXpHN-z)~MD%H`eH;%B8G;Us^x9K?J4Z^~>w(~;~#2e#Jh~TDq z%&`GUHhBNePuCJi%SuX;lacezvGTX8RB`*qYlKDHYx=cAAko0Jr=Xz`zkjQ@%UoSu zT}1^izH`2K0Ux1cV^bjf0<Pw(=g2KwrPpns<*~H*YZrI0$)Oc&r&Ja=l>jVw5s$Fjj1=V_05N3;e%k37#p^pfQ z$6X1qeqyb>2ico4cFjzsS+8=V*LfaPGj_FGvumyLEVGuA1TQX|+k2%TFYyoFV+Vo@ zWf+4j7HXlmsPF(C`>>)CJ@}nakB(L0F^IZdPbp8HI5=*AW!|mzz9^)WaR_2eQ+brPeD~?zvhozstMw;qt6*g| z(@;`IsgCLso5tzzHf^ao*XCfqBpTkv=qzzVbgx3dt7+Y&@1%0#UNrsBjrSyK3iC%3 zAXI;fY1O%rt2L}sLP(eQUTkJHN+VviUxRC|Na>Gr+0Q>P5{~S?j$2?}-zgxL5z!#N_J6F9IeXVN7btr~D88ct=Zs zYut+?uTDu_lQ=ZI$9fjtem2KFlGL9ax17^larnJ2vZ(obBaFiLN502FrMAer>0M1r zyy$=eO1+%sg_SzIH&Hk$0paOMl~AUUMP5`;QbxZ)ES30GS8GRYW9Bi4qB^4j4dUQQrf}h z`Sf^zLNj2T{T$|4(!=>0#_u9fK5f_7tU}W)yEi8d$P6aXM3AUR`DU&{z*W* z5J4c-(z{_gTOmh*=!07PsiVXr-3IM<0cT{y{L(OWNxz|=fis$e7{y0KNgMH7wAI!V zX7TWF8(EQE&`)_xgdgBWk}=`r00f#*uF)6*`S!OeE_Wf!7%ByGMcpw5DYwC+XLR%8 z){F1JiLb1ML^SSq&LCnM1TXi$=e!0U@B%p^kRVth?B74jl_NU1%(w0>(RZe%;>@bR zw~eb*9@UmezAY>CsBVVw)fv0FsVNVM%cuweT_<{o5nW#bt>#}NJ_q zy=Okgj~|!tKfh^bmfnvX<24_@f^VP(ukS`hLtQAVyJ>9t^sNV>-MDFuR6R8&%#h4_ z44!kSbtlel5YPc@^n^!DOc7s6sShR0+n33nto)yfz z%5z2D;xHS3^B)N{Uj{*#)C75}4A>Km`qT8>8z`d+SSi%itDoCcWe}n0yVPF%pIYq`SFY)J^H+Ur7p8e6%~`?%AWWpq zjO!Pi(h0=}yh|Q@IFP_$drKSF7UuQgJEV`;!aVox_Z&QOU4p4^W$^mUy9X9~-EcgL z7w9<`?9fYG)u@o?-FN^&{LaX$cb?soy6l3y;bW+|hjHY+XIkZR@Zc_SZ7AYYmqV20 ziJ>NijLXh3I&~segFF@YLxaQm9Mhs1Y5!#pkia2AHKI)`5;9;~>39!qSwX_6Kh_|; z<7(-Qgmg`6<9_T|fa=?z+nhT*sy`??0fE8ja)Mj3Go$3Qf$EX9M7X~+s~_S20QI}i zp^oIDN9FXsi3{o)5X7R%TRnDoxcsbA@1f0VV$4gJ864QeiPfUh`EvDybl|i}vDH@N zn!ICanQODf%uuJ&IdA+JCOxX@#{x?n-6^3sugBBR{MMdRqmE^(p@HNkX?+02d${*J zB}PJDa_O=~79o~HD5-$C$s<>}-l3}{l(Nn)C~Z^Kk>@v+B22+9%HQMlt~KskXiv}O zS9>&mtUhGF=f=l?bn_6UZ~gQ$7#bSV-FcEz=TDEeQrOB-f&&2uH`qxsafpmIK(W@H z$6T^ZD&$^%V}=c=o*;2S7gVKrLMJ>3?A&5vMl8a#1c$2IpSo6~qN!8g$hk)E-c(S1 z{XuK3A2e1_Nej$qUdR@ju!(TVE=GS9{v(ylx8X!xw?5N9X#VHh!#f0YAf@LkDaTd> z$jNot)=_JGtMLLfXl3k}=R{6P{hhm3>mV0^0|sX9?l8mSyYC$c@D=60x`Xc5Ac?wL z)Y}yoP3W>(JUmY8c9%#OxK6M|ef!`VC&`W}ul~VBK-+ae;_3S~IXnB>TBcp{6@ZOi zl|=`@^y;l|Q_;VaZoU1$AY4k)ef6<!M)l5})K_+p$3+d4QLBZnVQZ`h(lJ# z?IDuHfVcX5G&pbOhWH~Ve z8!NCv0SY$Kj8)Y*KR*vVxiUINua7cA8Oi@=w&+45Dk%c4sIiZTNvcj^4D&|5C<)2Ij&P|iYi~i4hO!c5n8F?vccfzPyUFH=nL#? z5%#0ka=bJfB5-BXU8z=@W zMsiB+2TY^X6uxA7o0F@&a*Ug(E=-OKL`j z+S_0bkGCQB1m^*c#TgzgPDo*+ab;0*_e;sWW#r0EF68<~UMmO&pf0zJt9ILkyQ@HN zGll1g>0(H}Elj|-%p4poEgzCII>_F7w@+n&`EI<50 zN%H%Tze`WcR3hPZ{_=p>E?X4V zJ#aui3QbE(fmAv;X*0ok+V4{LFUPGjIBu~ST8dYtl)S|oF*H3!T3w+d)tlo@dMS(e zfJ5}^P4IQ(XEZDrzww6K1?P4Tm?6Y8aa_InS>f9P-+obP>D|K24(*|!D>$=Vmxyqm z)Rof0r(-NZS$=P4`ep7ZfGMWk6$r`#mq74@%d(h&Bda~m6VJE@K0obX@UaLJGL{3@ zI;cnlIPH3l%d+1Rtwr2^{6Zs#ooXV;7yZf}A^~KQ2t)X{glJTfg%aPd#xXfBrRKB2 zULruvdNgX+>WI;mhUUu~*O4zuR~hGfZ|!^jk>~5!=C8^lR#-MM)i1-v9Gje&n4qPl z{j$(#Z68sDj;3O+?}ccx%~o7_Roa7s8QIqk7!HDcTX})H^kZ*3x=Q7*^jE5LL|tG& zYrC}ww2oAZ3cVYE`%=<LWnX7o7Aw@p?yVk&0CzQ-3F`wOMIfx$Q9CF3u2%D*OcRnER`>>xZ#nC3sJk`p5 zrqO&azYEQ55gjdd22t;qiaJcnyM-WoO|S9vupIM*&SL`V;E=R9HA@c7&xon8I>4g5TVbq1XTZUpqMDkmMk|`k{a%9h z;tn-yqoa_zg$wB~J)+=Q#<+iB!NeF6KR#BPta*S_WI7Nh5- z0G&sm59(erzseq8h*t6P_B%eq#B94dN>eoCtffxGSjGlQzv*nW-&|jx;%xOBln=U% zXtdnZ7YcRvntNZ^iV!u@*fBhI>a3fr#33^TrL``f#xRl?}7c3zLWe^X|d#QXJMcwOrO8Z7tFoBx&7k_5(;VQQD+HjBd z?>B&&Y1!?!mukCokP+H7V(SeTrO~vXtPjo?3!QOWgd2lgZ#=MwFyd22F|pR~47`hg zN7^AGwCi*34>T``ChjJTU>iK9#GLWWTlI2XwU>kA>XsNMJWRmjktfW3J3-4{xO3N!RpkR*-lf2C?Pp$a;I%cZfb ztjzIxxBoZLWbf+eTooeDafgRVD!5n{9z?MC9Hf_yOOsMiMDDH9YidfhNu(y_S;uDXe_v0un@4v^VC)$sKv9^m><;bup7h2cG zyf(M}>rI7s*!J+i05wD=N(s5anu&Ze^!|P7P7(dZqaNq;_-*PB=*J23X;(Yi@Gh&m z12mxUJeY;ORVT(FV!BF9Er;Z8+Gr~%_yo!1uhb@BcGO|tWnNslKx}|kGRe3`ZuK_! z?7gtr`i@D*pFEv^^2h)YC48lSHdLoD2bafvpRIoU>~0Zwu>>moCu3j`PxWwiB<;RE zKKaJOu8&U@%24cz9>+y~BRFB`j>QJu;2g&7R!W3CNlZ$r0vdqnrD{88DG0%}3iNS`T!z$8fPF=5>_IuCQX6exnRTP9hX+;GY zXb2APC>wt0M4U69JsG|D?p#`~lcif5BSNv{L0*e`uFkba#Mca_CuwRoyuVs3k`v4F^OAPJ=5;^K5FGPEWj9et=xsND77%Zui_NoOl?`6xX`I zdu3ykF_H_$YLxM`^#?)ms}UVZs^fz&DYliGpSahD#IVVpS6jh&=|k@D_n3pK0=fp-e*zN!$#{`tL2$W8;^3G=G&>e*O|d%?7I;Z~7vNKW50d-#_V!U6 zIhqwj?egmGGje08X~msaq50W(3g}>x{y$ARR9%Jq2f*!NPVaz>$Ccw(f551eqm~Co ztq3|uacHi>V^peNp4<;wbuBI?WbZ?M?Y)bJaFr3zP`u_=pBkS31bk{MX{|h{<~+x1 z3Ac=KXSxqpi`Xv}6&0S(K6B3pq}!^@m*3!qh2KB7*u$Sk--*1wG}9ycvcx=XA^^GB zX|Y=)&;qutHONI-dn2Pa5Qb(nG6}pG#+Inj?BRc_a9h1N^ViT|ctguaW3^r>o{lJV zr|oU3BKcHJ9ur6eX|I+og>m$qmyZz3L+n-MiT_1#fWkh2Sw=~3HE?{~ zrl`9DuS#Lgxi8E3McgniVfx$b^Oq_Uhr%?qq$I?VZmeM3ce7`tm49IQ) zR%E7?T$6FNK|tAjBmZpxxpFrg$dojqrdbrDuf{0|Z!2Fj&cD=s^*qQ2beCj*9YO6s zQG-Z^#1kKzk!JQJsHIdDWI|WC&7UqEeoWd4Zp(rbK^4Yh!1n<&k}}lz1zmrikZXU_ zpqOw4?Zw4uGQkoJJ;jf=eXnz$;=>=^VftIUVxn(vyRz&o(Gf%P!oJe)wa|Ti-k1Q)SM}%=$D2{eE}xCL-ei_87dzLN-z(f zi!}f_fFC9vZLO>L#}b83qmgyRTbh8ATu)Cg;4u|y9Ess33N-^*;yNFl8 zykJ@koQN&SyNk^R&8bIj^vJ@{3*}~Eq7v}^@bmHYQb1;83S3G58u%5&y_fz8-b(!q-iBg4_zXe< zn78d!RG#2_E27;a*0n@>^V;B#-G%ZOPGZ=w@dCD0l$G(&(F4dn5#KwoNj@8Es)siE zKX(owl?WDN9Sf_fw8eePapEDP`n>OsAcoKOTTB{8DF z?G@w$%bGTIx}(q|;c2P{x~wkSo+h*{&%-#oL$yr)as46^&P2%7R(}2SeOW?;7pT_$ z-+H${jRwIHINgDF)CSW;O=+ry_7DqlZ`8QVg(Eki5kq^mq;xx>{fofb(07g}uf1a3 zX(|;;be-Wdqof~``-XaLClX!d4Uor)8MUC9Y;^@!dVjORi^limCdy_g*Y!T+DuI&L z?7jNdmi`6y?6Tgy1wJ^^+4k?FE}Re#b0DHL!JWdy21SCqcEjEIqnlE4#&LcHgmlk6 zA8cFc+m19B#t2`zc}+9nz2&vQEvYy z)74v`d<1ZpL(M=<{lwHcY8^^*I8trz;W)pk7G{As5wtPW6O0!@K<$FWLmZJom3|P= zfeJIh;abLHyEpb-74pD20WwJDHDrZ(E0>Di+vgA|F&f60?ScUo+CY}9kH7_2xgWUA zZSaa-0$r+<5xd`yv|q$(x3~PK&Q4ib&_N@1p8iO!*=K47ALMPGAujkBR=Zu~vT@Yt4dRy5)g_yc zl)h#GI6^{AO%p_ASHpE~Zf?E$2>2nkS4^;KXF-oG-L*5FZg0MAqNiuO&|ImJ<*=58 zf8tC2l!8$HWicGJPh$HnO0cRt9hUDRQr<7p&WE}}>bV-a+W9dH(^iH)Y&Ui zHz-eoq)%5@Caysi~=0Q*~qa#Es8aXcQX39g%qNa;2z-O=U4KV3Q^()9$u1} z$NmKh0P#${Nxzp5fv#DMESl%{u=}`6VOC)*>*Xb=kzUpaiX0aWl^fYC#YoZ$NmU*p zU9y6ST(hFH;A=9HEG1mo6mCvV*xMswCsw5b8IQMQyUZgEPzmbkv44Ca6nSSixU4~pNynFvQDFDqL_)B;w__jKS91}XYk8%is2CrZq-Q0~7Su%o@ z6h_#ET%oo{D50%c4flt_e?7iDZsaEHmUyD@TFd|UsQ{Yg@&BSGY_*Ic$8vP_^!DI# z`+)1dJ;|9ihU0*`u;+*ZgP4%8jb{LjoN}T(LaC4CZV|Ys(MSCMjX?MdazN7`yv!X? z4w~>9aRp*R&AXAoOo#qjK#L_NKL7pWrZCKpZOK_4d)YalHVt9B*FU+?|5UAt{{l5I z{Pp$@0dWsfyN#fBrR~S?7*%8SQ4vV(!-xF`rVJoxYwtk=&NVL_aI)*a)(gxmbP&rM zFP`yMeE8oeSs)u9A5nxXIxmDB2^6h4EhD4n_#|@TH*-nGwr=vtfnv&~Fi)b9YxO?} z3IF|l{F}sZ1G5iC2T)RVzLJ&y3!%tkI;Q&9-`tV|4p?w%JAB{&{`=77fQ578BCvw~ z|G)l3zHaaWME#_NBI_TvG%4>1@yf_+T&%3ox_IC~$YQ4}T~Q8i zx%Mu>%`Q{=43^}mzPnU}aes1$h=ZNotSyL|94LPm$ngor#>Td<9HMR5z&Hr^jLLk1 z|04}RVr4-fJcGpscy~W1^)7Z}U)zDCv##SuR6BxV5?nv3wzZ)!wzkr9k(61$u*m>; zr*6L-L`pQzCxcp-n$1gh;vOq~r@e9P=QNcBWe%(zd>E+?>f+3Uf{%e}B1-UD{5<0P z-(QPFJ}g4I4ow9GcqKVfeY<2Sue-tiA6(q8Kfc+gohYlQ48VB|7j{{9I1}_0;>1m;Giypdk;(s*W+M=noPuRT;uAjOZLlXWTfk2)70#2 zv}r0ZEa%{kYKkNo*3J%YyYN!dKg>IzwJj?td+b%GUgX+RL+ammG#_~w=E1qJUeqyT5mJ6b`D1i!>|O7l6Pn;){sW&4sC`kVXh+nn zI6?`27M`=lA!^aLP+&A~yft~pi!Sfs~Q*vF;c^pk>(ege`k;Z^6Y=ZET^mo>bWO<8x*pkw%VW@r?xwewvJ~PY!E6fRkhY zx;4S^qyftphtm$VE1f0eOp#ojO1@xxs8E1!gx)5{HI@wJeZ!IA>Et$eL!cuoQmw^0 zceA#())O1Y8Grp!A66{@EBGbE9f2bauu{k9llc|UA5xmq{6R>G2mB;T1bq1bGJgH z`iM}LkV7b4hk~v|+&uW_7F5xb8u25psL?e+^w=cAG$||VH@N3GIYC`>RZxl@Eb07M>K54+00K_hE`ZYwMz2vJ6N5zQT>B+@ZROXOc96v1;Lpj_?|4kI3tU45_^;vro^f-$i_XvT6pl*;^f&&3*y3a| zZ-;BC2XB%@qz@xJ@U$uzv7i{OK<~sT9h7+S%$-)h9=1~sU|Iwn_J9zdKqr>>hY|8s zTI(+k>!vI}uwSxu>o1b|J+-baRzl~9xDlZW=4`N`|02U6q{{)}RuqCoP~(R6Ad_Cc zM6Z6c9j!zsnLIr_Cck3*515iSGdK&uNRcja-F!%bK1txAlg96hwyC_jxg(moFCWi_ z$_Mn;+T9)?V!qM#JYMC=-otxtW*U)kW206@O_zm*(YFR}4I&x?vN&Pwy*s zAkQHe-}wb6-f`mffU4vNQY)s|25?(3VpPNG*V6HmMD9QEjBqWsJb_9!tv=L;5&Vq? zEbz3!CuO0ArJ$g&c?yGn-N_C(Alcr|To}zedU%0XRq^2iZ=kV|b`uUe(RF<50%4HV zh~cUa^ByQ0e?KGe>+g5TTB2aj>2j@O%2(U_OK~4Sd4{nT9DXpw(T5l>02|HC8O}n$ zYjfoR5ztFvM?_sZ^4@>n#Z6e?edXciu94P<;Yo4Jh)RZ_+Z~A`5+y;`wDZ0ZzJ}3X7_Kf-v5_DR3#7kj;CA89SvQ&5F zVO!hZy__9j6Y@rd*zj|bVApcd!Mw%z3YTk-Mny_tdS z!5SLA9ByQWd(bJgXjqT6hn&MT3Y5@AkuTt;H8rL4>3YMp2#FfHWB95t$buq3C0+BD zXwpMv^!T$wqt$CC^eE7;R{oP+;*c?NK z_C9&o>v|7bBL;`1aob=(Fp_&b>dF}Yiw}A+=2HZ4)uKeHPtBZk&8i{*RF4qvpm1+3 zN(_{=xGT-91iEh2#zSP|DX2bGXgoRqP;Ht4xUs5u;CO>os(Av&zieTxY5gE4uv)&7rJ3EY*i^bObocd|salVN3VcW>|Zl>jiS;n~^P zC}W)-(H@ROpP4m;9x3&9cPoE|f?9_mx@QFlEdYm^H)Mrld}Nae?ta!)=+1Q;l8nHv3$lgmT^ew$g>W!FlgfqP8N`m9uY; zLM}mJ>FMv;rROLm$kPmjAhYw{Y=2mx=@2|UWmU2JK_S0S${3BL5}R%Dze&T}KX_yL z`|)E1n3w^UVAEO?{6UuBrz@@wJOYS*Ysh(9H#QxB`lTv8)mOxmc{aLce%+@Rkz=t! z$q1>AU!YCvM1J-r{PfCAr!4%1-);TPaU`=zxA&WIVMB<>muV$<=C_i;3qo4eg)W{h z5-G$B+`83XtPU2l8ed#&n?KV=YNN^Qo4*rqzOy*iPG`QUC?_ff{LLq{du1MTUt6cm zgj%#S|0n3ZdS08F#zwIW3f)%;o(IsqyhQvv3Y`>tRqdj~B)Cu;#BQ*g4vVj@Kk2sD zQ)RPrYg51?Q_g9qfY2-(B~8sQizvPT2T?ItpwSuFv*B`<#xwQ6W`lvf>1lLmez+0} zd5da6gx(BC9d#}XTgwK&-S+VK3P!}K)o-fUej`m|qVz+-;`Tj$vOZ0(u5*=FJ7tB|h z7lo;}g6ndd%Q@~kMxHa3D2Q|XN-J}h@0yr6?**Q9XyOn7jZIGM4H}RX2DV0>TnS%s z>z%p;2IR5~P5>-xNGYhhtMzkaxi!#!Phkd@4k)B~GD+h&zg!1MdtC6trz_tQQK0IS zwSIX4T}`RSFtBf0((f_GRk4)aBr}A8{Zm8g78+3??Xtx>+|>r|ngVoLY>Wh^KKV4! zZ?KN@$9a<;o`~xyI5=#=wl%tsf*ldoalMx9#s z>~9al&D+W@&~sU4gDEYioY})z`&-lOWbs{FsqtN)V+q482=(`XcT^UW1mXmh!@AQR za9n~fmUE2_GJ`VY)l4Gx3wC<*tS2VfOfJL?wNBnD;2FF<9n776u@w9lGw-o|*K4@u z^ZQVE&1|GJW2C>d6W?k!P? z1{BBmpxs9rS)yYde;16YY+x)AasiY>ldFs2T7o^c)OXcKuV;{-VAQc7O2Wd0O z2mMrKxH0=8*Vx#|GO2{@?R%zw^*Hn0v%f4$J!dj@WW79V znm2~z64zv_%eo5*oQy|vBPt&72Yl}-!`<-4!rv(l?n>27JZo(rY(NjBXYL3?8!1jVk51g@}fXQgf`p#`GdJ?#qX&G zy1#$xaMEX?CyX>GkXd24q^+$Dy~7OR{(ArcraA9dlLO3K&~>2!>?y0^_A_8i+MHlD!9eFw7`4()dL}{HlPRp{{0)+Ed9#YO~ipMzUV z`FhB&2fAV$a3I*wNvl#`}amf<-w+MdzRs zi0i{lrq2xTTsAhgkJcz#8NBPA+K+POm1vCG@Xv{=a-i~{J-mR1%T#Z`F<;XQ$#7P8 zs1lZ5(BAhjIwx)PSbqWU|8#k2$|BPGaT5C8V$(^`HjCGAK~V{~$PYhZEFZjf(_)B3 zU{HpAhtDVlQS$<4h`d`^pzX}=IO#!|ZQ^dq{WA&}JXcLAwbxOEzotK%8$lT*psRJ z?Bh#UvM*(d7-dQyf|J|rLU{^>f;3VTd+*JbapgbD-Ne|&&Ay_!d!w3wo&5Li0tdQ@ za0HU=qs`4tbbw^z5B#{e;=wc$0G?UQ4}pmYKmj=yLcItPO7ijuqLmtc>n+4B7#cxN zGt0>B>n9aFK3J$5vA=NW=yo=OF16^@x84AF3U+ACAuYYyR;7$rr+?^Y5z;+{mI34! zh@7)=aID=2fy)(YD=r(zp_&#YhC|t_40D|=*i035^gW+>;1mA~kU5ksr4G6v!oc=* zdy0GK6OpLTqQnv~LWuC;Ax>+^dCK^+%ajr?UABiB0Xww>w2dAz^f)H#pQ?{{Nc~T9Vunog{ zPpRi?Fkv|U&h-h3G(B4D?%nWw89hU(%lnrn;{KRCJt;=7pN?3_Pe6B^w>esKOxHk5 zg3aEr%YO9>uQY5e)P?hb25$)_cZHc%A!Z0cS|j2TwTKpG^g1u-Hj^VLt}zm1eYinW zVq^40w;@wybUk3Sz?}!UngJA~A7+GP%2ibaCCNPwKoP=PeA*Dcm{R!lo5`K`D{(XW zQGu6SJ7=4wGQ(&iG|zn`gpwYPcav&Ye*eBQHoY<-S8dRi&ZFD|8}6c`)e|oYQ}!qkq_Qe&HGT`%N3ZWZe>>#cAijVMP3M`i5_}}&>|_g(fziQ%fm=bRn@g?j z*CR^@`l;e?M~iyEK4HsYSP=5+->;N1oj{x4u~<>re#t4VB$a4MLeO2~Kt*X0_Jm-Q z>XW=6KI6A-)mT=j%jyef*B+dV9MZm3BQ>%lxuuCiJ;foLq44~-f8e0Vl0JLF`RL8w zEGGk6(UOyv)Eg=Fw|e>X_Ws}x?3Q?6n-CFtuwvof$xKZR0a!DDU?Ic=AM(f+x1e~Yu)=<{?eJJ(a)==ivIHS z)!1f1Hv+08y_490q*LY3(#?6SS_-=SoX^F|Iffq zAwDYYKu2%ke$4l+&)oK|6g@h~nD;4RH5KFO;T~-jgQtWJ54aY0MP;w(I9{^C zM$98~zkh;~xmS|sBx(QmU&oUYFtluAXEh~ECj0h-0^w|pu~EEz_PacmX`?d$W4`4z zELN-xF}tKwH60jXPnYQphvw2n^wL~lFf4T2LB1`j0vQPgT0KWx^p0Yl9YfgwEqpid zQJBUx4bWF(R^Axkwg@(AOY6}(JE6^SocJIOno{aTS1#LVm5!OJE@6oehQyl zDMho$W@j5*&9alGwmt#J2=Lf8Qc$T1Rbv*Elx%-|_k}7r$^RS0fGYsc=4js8xqPhe z>fe^}ZU|jF+N!B;%*!KnUJ!^FOoD?jx6Wj3(Fn#o(5(vF923~u5w!<3%C3$Aj@g?+ zQ9Bfd@!K9=;0C{X<8^``E4)iqxPt0I5jnMqQx1#JFN2{+ZBqDOJ7%00PVSW=bp%s0lB9U_x^Xo@*O{kILw6@G+ z$0+H%PYrtZdQC14p1rd!yuEGv)U?^+<}TtaB^jv$MhjN8n(E39MSlGFB76qSmy!-! zZQV0K()wm@Dqn@C)cQV}4g{~V>!o(d|4f}uVakOTkh>Vr;H_ZtR;wO-@+Qv>z&7Yq zcY(f7v`2hBSn~^cJFO^qP75?Dt!K&ENFbKqf-goBKJ$ZLoF5|Of59ib{TC@Tb0oDL z4IsvP6Mc+>7(M***7D*V3Z3_jUrZ$wVW$UE5)3cYK7q3PEi17M&PUZ1NN%!heKq(3 zf<;Crtb)w)q|s#(5izK)fAIZiJnE8BOk=I|1-dY@N+P<|xFwMTP{ASU!YpqZ6t#A@ z@ZsqJhKjE|w&8PtEAli4HO9_-LIXBkA#J8m`=n#8mEpmFREu~m0Zln^x_By*-S>6dN%Q;fFQCxoJxOn zY}o00-bC?<;S7x-IEgGSHuWb@KYs zO`Aahf!mM2-v}|oIeJCOwP=S>f_NDzUcy&t%@iup+h0yyMt-&@6|Ua6TGV0({a=ki z+lcw`w2|XP_3I;!AxG{+3z79|G)A^0@g=%wQ^;4Mgf%eU zz(Ws3M8%bjT!Xna)bLNzP)}?QP=c(bQgtEcvSL}l#iurc1>UI=2;B8Dn0Lgg<+lVS z6HQM|sU1K{%z1he&QR^uw6wbb?UOMwV)e3&$@`5a+OKa)!~R!0gK}pL;fEH9LYAD; zni5Ca9-+c+3JS;ixv!1#cn>+ zy*XSEOVM`|ZUXbRw_84~DFgtyhANn3`YVQ_st*8|`GKM#+ z*5vWhG&b^m{+R`R(I=Cy@YXb+3?M}x;mYu&qCx{h^Rk1z|V6u{fRVX z;r0@C16yxJOG^vvfGjj&u|J0aI@g{Ik7;iMCAu?87`mOAp8k3E^n(c9t1nOc63%~H zbA&^TyUO7a+9Fwmy#-xvhCH$QpclHmXo) zk}UQ;Qj|ltX&8s-(5B&IRw!A$D)C4z9$|vupu;+-TU?WhNpP_DB4Mo6;y7{DwAGK% z;nx8z<{9By{p=^yYzs9pF4s13Tu$c6%xEqvjOQNPr$$C{_X^^d!<69X>EV?(8s#c# zv`#jSla-cYkl@I zp;o%0`oD(2%#s_H(ZRLHhVkG&HW1tRs){_6xrK#i}m*5hk6bB`1rlR^GaZ7_ue^~D*Zh0 zLcltnN}{@EZ<<(9yA9l)-eOHpLal!a2wf}}6@JZlE}Oj7<5}J)LqM0}^UPv`tfKLr z+4URsjLBL{Jl`%A3&awsrhB)MzapfwHptOuPJsGlEW|JJ8T04XhID~KNtXFz(Udjf z`%YZne!pPjc)854b`1USr)ca6c4~^PRV7JCKEbS`;HDg+4>;7izOB}y5#SBSGC-ry zeD|}YU3L!Z=r`f;UmV_@_^=wfOh^Z2%=y>h#L)O(gezAW>s9^Q>Wd}JCN{96Tmbqq zXjZZU`58aqRE1;QAR?cR5`FnS~fAs~hhZTyZ|yvjo5d1x4Ko&C;eOE!J|K_6Tz4gnbSD&FmnN}7qA$KreMM_gVdJ_Pi@9Vf&u` z^u-o0RC~S+#x4>B|GI=vL;Nq9Phss(YqWAa$t9ZjE1U^j$)5_<2$iiW*q(%ND2v~; z9XtYcrBp#p*kzt&Xr7D)Iajk$<{ic=XYJ;g0Q}nKXU2kl`6g9Xb=vPa(A;>>17+sM zP6LZpuyW;S6I9ofLYH~hpO;#y>0;ya=UwbTEXQk&?*E*-*x-K2NHl?(y6ekw$h}2s zNyYUIN}Ban;b*8xDBK?`Ha$E*S+Z&%a24yqC#`ie@-xvrOA)8_gxY6j*gIT|J&~C_ zTu%Ut$;Z7vUwr%H+X)L%#P|CF&$nLY@DIE{j4gb0oA@h9#-x>~66_quApaU20?wrQ zI_uS_%fmmabN%egMQ;i|pO}=PClSz=f`yN5ZM*}PH81S)%S7uDFYTp%|4^dR|7Ww0 zvi)OV3~Y`vZ`I&BPYVt=P?C~*taM^S`DEXT<>|FUlzWLv)W$p#I_08Tmja351e|zy z3QB4MH%36MC&42mtRw1M-KShK3-=Lrb8xdIr=VC}9hXXSnBw|C39O7ebw0P6*YelC ze}DS6x9VVsj0>tGu)1ID(W14YudxadyciD4OriAONxEA`{SY zrVuH!vHaYa%UjGPqyznWfIRS%=hEwTV!Us|v-5ge{hYeczc6dW0zjPnD=v)SQ>Ipz zEAf9I@;6>*d!vxd3pEF(d{PT8lkxP;mBJZW(hqM_(%!Vo!h*-lWe;;^q48S;AA!qK zi~8!Skh>jVwx_?s-eB0fk<<`cB{tUN?VW65CMC}TNsil$?Vq7=)A zXz0r8xQrBV94E^lywEW?$T^*ym~94+eQr!W)&^1IETf7QabZjUS+2^J&i$1%6?{WL z4_XKOylytD5q_xhZG*oPJ8)}!9rU%mj<6o!>6TV37qDL5z6_cQvB@76 zD9|oHwwWaSoyKO&n%ppb@T2!>W`i({6R#SHs$2KQ^+Z8092<(*qf;T9E-kz^Xz^Dz zaJ5HWbG1Y%!#)VkEgO^@0~_muX`k-g%{KM72L(x2*u)APUXzX5r12+}VLabfzYRe7 z$xa%0)8Gza&drs#*U0(aG9Z~-cd(Z|wnI@&3N|_7P42_g@vu;_t^>=nQrc4!e;-DV zji9+l9|{9Slr0he81crbb3+k8L0)jk5k=#q;TTlB4qoSkQS_E}SoGBM5H~D4btyx` z2{pP{h0abfe}u~sedO9xY?A1sx3|irQ|mQx(c7X%*{)s{c6nV`A;;oFKsUdDvJ^)U zY7~+AFp%Ht2*XaE(#DC0eo=K`v3W`|hvtvN*k<66zS@ zys1jg%#1xjfUh~)258p>Y(9qghO#xX=~LAZ9LMO63`1x;UTO*kH?3d*+2xGeml1P$ z%_om`6!~x~;iV$4dm3e(@lm4Mc(HLmNF6qZs@b4pIb#4L*R2LaISjc9V4=Cc8A7V| zN!#OAmi4jsu${t@t*8i$lQ0f?^TD_ajMJWFTW|XNDXhB(TZalwFwZS*lVHkHq?N#M z?MbxScS~q8KeuL8GqqK98>r3|a=aZXNtg{{MOrh379(^5 zw~wgpf@LWws5y)h@pHE*%F~o5WxgHi;e2}pEv{F=vhoB2B@IcMZVPj&fX5w*t9H-Vo*?yW#e=XfIzFCLO%2g2jB0Mk0Nq_}BRy4)?p!9-8RV&j?NXUNH>i z*CM|juJx&;ydU|he~s0;VLuMM-)`Q=aW7sNL7zC)v9K_vqeCnDSi-jr*yHMYddDkW zO2?Zt;QE_%p2i`1RF{1##1agro*R4(ZYy~Jh_fvcXk|_GHYBm z2Nz{Xzp57&5=!~(K7PhgHXd$MW^_09({SdyBbLh^h0mr40V#or7c*1P6!4nORvae9 zv}}%3)wbMKIII_QE6rhF&RH^A(EtN-s@Dy-xQh1T@nJF^={Qj!*2deI>ZG$pX}bQ5 z$V@JB`d+rujg;K%~{t8x|26wT? z#H^nU_=6tO#zb$kM@(=upK&t$vz=}$ZWPH3^m~;LQnT+W23kOLGJFN~=;q=oIv_a?{4EIXU*P4+lO$lj7Yvg1(6$SAV%)u8)z z>U-bU^}8PT<*yzs&gb)fzvgpbFz2Vh{L+PMJ=sl4MpmGJZhrE!(PMky^=rGXaUjDz z$@y43UE9_12b&iWh!I7UU0n)_!cddW)t!I@gzG*kJ_Nj^`upX-9Ac!2>cHnl{}=q* zxm*>RwlfVs1xf?}Ad6UtWS>!<;};Nkw6x%5@rP@+2VAq>-mLd?LcV)=9X3Bx8Xaai z^p7F^&dtjIrPtMwby&7~Eu0#QP!JZ$?JJNDo+cJwL2<%IL3tyF@(DY2J&i|MGB|9`1lVVF;s4 zW@qNh0M)GweS$?P03AR4E(~2wtFrjsRx7rhOC8o*RV7+C zWDVl=nS$h)sxkikEMZl^_EGGEnaa>B{2LKAJfvw_s4a8JcCk=!MJw{Z>*LcBB{rUH zq-zFBa~#{O4QBypFj8PKF6~#^1q8z>_cj> zTvKFeDd;=BEyk{Q?br;a<#Y@QpuZXs;k<8b_h~6B@#=GZMp8cHn)44orLb=?Lm$ql z*^>|tJ1({f05seCf|TX%IjjK~!uHt%W~V^xL7aV(BxmO|)-w8XpHv7tK=2 z-b9Vvq$YF4BTS12MP_h}`8iN0o|`dsu4RXQ;q8kL6F2gQho6UAO$cPcZ-D%KD{uXi zpK6h--|yq(5MG1d!p!0QKsX zg+7J26D`k0Kw}13ZSAw|@hC7se46OXQ_X5rrb)>Qf!9~Yga>vXhB)~hegTa8;6tGN zy43h7_*HZEz#x(~6rdn~6o-Ir6X|(;7u*HOT;xJ(3n6Mo+pb*eLhwRm{`7Jh>`)At zUfKw$iU>Gp2eGKAux%D2U6nvY-B_&I<%7R04B%Lldb>4rbYe5xJ$J;IHpY#+ZE=5Q zrwWtPTj|@4Wg4(JI{4FF2ral7poD2ofi|ElMu{k)@vfK}yEp$!ZrV4_pL3`twVf=ZCu)uQX#C($I^*YZSzo*PZ!c{AKW{mpu3 za;)sD6cLBk@rU)J-?<5DJYCljutee6AitM`daqh(8}K@Ulbdqk{%$NZh(xWF%gK{h${FSX&7B-9Z^#bLe8Eu zMG|^Y6o2|s7jC!!r<9{<1Kr9B{5fLe0hfc4=~vu1Y7yWB0`gAaX=2>0V61cCWeUy# zRu2+8ESzI?ra@!iN^vkUF=!&;{PIEpz{6dvt<+Pa`u67ukDF(Mke!ah`@Ny*_&jib0RZ(}2+nnZ_ z!DS+K(`Sf1Fj8kXGB)Pw!HjWXei(e7TG&ZlwMW|6IA`|4Q}Jiy{ZASS3d$7%x&zNo z9R!&_2Gs7B`R#6~Ji(g<_(HDtCzwyqEe#j(5>c{|dgs!Y9wzdAu4`rjRjku)z7fA~ zBb(v{HuFwZ-bm6lx&TuQ99TW=%9#>;^8zBjkJy4Ib!GYT^KPs?Nhq zCXB0l0=9VS1R_spd%BRaYB^%>>ib#S!q62E-kIzhJnF#(f*x__It-2CUJbQE8Ka$+ zd!c_l;mx5bWK}AO(W2%7dUD4gWJ{MRj2z895x5* z!jQOmCtlA`tag|@We99|z(BViK7mD(*BA9q1g^%Frd=9|(7#wT239I~tq<$S3O`(8 zg6P1QIHs@ALkceS3i!6R8-`L43fhZ+Iiiq_On_xW#1l;&~)*k8$vSODPA1(uRUc#cRPTeeUc-oK2*tY3FoEhaQ1yo%h|g33IJ1A;j2FPN zlETDgW`S3<0cbKT3R`bG0yp8D??AbjbQ2c&XF^=S-6q;c?+FMhNvs5)M@K%cQOhp~ zXLrNC*2%F(`tH(0f>3osLrz!XyjE>{5oo9bQ}f=DVI!Ua!Wfm!^OiibV%RRya|7fP zHrW*~O7w)EJ~;=JdTAP*hXF`t%$y1fEQ?wk_vS+%T~7y)w$c(JOB!rM*Th0pro^UF zJelPb6e{AOCs0S?;H1OgjzbEzDtkyUn&fbFABSzQx%qhw&suCK@@Cpdnh z2JAYbIbWgRf+TcoS3TC1qh*P!n6|DY>$ z#v9YTc~~Jh5xxCb(I3m11=;#wy<+>b$kzF*+$Qa}TF~A5o0FCu5pzo|msz|3`$aa1 z9S0@zXA1*pD+I#c^|*dx&bb$P1;_Z1(y?t4eh^C63h2~!5aJv&z5f|6Xme^Je;@zn(p8Q6Ur{|LRAMegknr087GRWt& zRBuwJ@#B)ZDzbd~{foNo4rMu6X#YdwSVgOBH=DZvTS@$L+s<3vNdv?g+qGvz&m8zH zIWe%Z2-CcvUS-&yZTEM%+fK0v#Tq|))PVo!SuN!SSrAh`y1J0j*G-DwcZ`xQ6Q<1T+Zsr!>&JEB=bG?#JKK_6KtT%xc9V zr{->09PhX`pkL;_1Rv}HNIXBEOWrxT5=N<~e*{~bJHP}$T+3|D+tLI5KZiCL*JWx}Ry2wi6#jqk$(BJ9M*d6>wM`{Oky z;u+$yZqo2G$+L)v$!Fa2FX|yHfugJ_fZnfo0rSgf92NQ$Fu>GjSe0`=>i9->gKqW~ z&0b&W>T2-7)B&pcsi}*%+5iMg1(1?Xul%l@S8x+K(=5(X%J8_GI;{U&gky#aNI2aoi+tE|;NvX({g$u` zh#2WI24M7BD~xL`p8id`v1I>XJ@g#UIW0IkGBeKdH)p+ z0BGJjVO?*vcJ;Fw8j^0k|EavI+Fd}bn>IQX&xcf!c|FZ-+xW6@sL15KJwy38J|hv% zQuG_pr%2`}A*3O{>V%oEU1*;i3Q1C_JXFUPkm(;M4+s$-T4M%VlL!E^6-gR~e>lgO z|52yw#9+ffMGcbccX(r+REQNE;q66skEYC(hADX_K7}{zY)i=Y; zvGwr^XLwlzzCKS>NEvqtBQeoX+WGMkqn4kr3 zUN(aW#j&>eEo~XY^oclu*=`C10D5UjlI+_)nrhZckq0GUx}toMfNG{H;F!t|d?R4w zsBdKC^dZeG30!?D8_UWDjYX{6PT(C$35%vlpo2#xvfZ(Y$Ffzq5^bJ9SpoOBmygb15AwJQjU9J8c92^Wd z?WPskuE*cWyf|#>mD+*?_`#-v=2m9VMo2?|s(B8A-Oh4u>-OUdY#vaTjz{~w3wK@Z z9~$cdQLLvy1mG9Gc+1quB-B2Q0`BG6RYKk z{hL{Pkbc=j5FCPm@mdXv_g*Ylzi}eo!S1mey6i{-y+fd-+V-kmV-{o*6EnXE0l7u^ z9VH@kudI_V29WfQ2th*u6))MHBc~hv zts-6$mi6fBLWQgnh8E8qUzjW>2zevXuzZRC39Ezz=EK+}VFzdq>F)@RU1fTFI3@xU z#GgMtzi9Azl@cTqOJSCxfHfd(d{5>6vz4B1Mxt{t(J-`Cq7h<#%J@Y%*gIx|loSOV za2?2KuO>z3O1lHf;Sz3HfJT}8-j8q8C%3Zhc<=Gvc{}UeZ97ADhaQ2%eO^oVnc*f- zSiq?MlK7UUR_UA~H05`cvIR_QF!8EvMz158R5NZ+$#L)wJ!TSoXbuj^e%hm*MF-3-ynQ%;PttzJ_|R z$7g@F4#ZdeFq1G(SW#L8Vp2tXqUg{+v+Klnk4QB-wDWCBjK$H(KYs|Dw6kcccNtMc zs@U(RRF77#NTt{s$Gqgijyvcz)Ino0GWOc&jKN6EPnqHGKzl_27D+q3F!L-X9{rm0 zPbkTXg3X&;E|CiE+x${~Za~P_{sbedC#~N{*g;`nFGkn|gVcU%AP21ZN;rC=95XjC zS^z}D>l4bxbO1D%ss-2wt>qux<<1}=ZNvKGrOjC4EW|OBr@w+gOV|_OO94NQM!+8E z+h?5@FXzCAku(4t$(58^5@tQOH0XimV4ef+(($(<7qg|U$FsjDwpk8vM|x*Tuh*~n zroY0!8(`zL|8u1;RjJPj)}0-IQ^0)^^#cr?&HFC+`-Plb!$V#btqVI@LJFMN*@ zm-SxR<6kFucb2+--{rXk7)NsjUxSQazoeN*CZ>uxi;6~kW}g&X!=bYESWjsr!)da7z#81D`~}$PXu3zeso@&oCyY8*9@`IjKQL!-%oB8 zK3rz%+vtl<+mf?e&MPxZ0;v>ZT33}AeGlB{z08)_>)I>?Ja}KXR!RvnC-!nr!`6x^ z=8jY;DXHd$>D}vz;l*OF5vXQqC*EnP4Dc*@`RI>wKv5fL+}YC?z1W;)TffB?8lSfg z<;S~5m&GnjQ}XFx&;EokP_7%8ka38bxJYYQ%(8(H%EtbFB*=LU`L?G2R4=(vCpxBe zEd)ExjP{V7%)17Qg$joeoV586VK0$j1GadKWkn39mH(PAt&(_vg z#cn>Cjd+vJXNYrJ2D{XuAF&zwfF0l6tnoBohPJQpQ5@MM=|DEK*>Lg}CRz6GGW<9g zu^p^CE(hgKtIf;2w&RbDM{|yd4BPtOvGcgZkoSN5oJVJ3F)4KblSyo< zYUFRe5o45Z8SHtz)u&0l>bfeJKnk2QD=#D-R_||R92@wTIK}Y}V#1O)Tk=J} zUp(rHYPvf6OFy8&OXJ9$yp4GE!sJO6^U%32ETE zr&MA9j`}7kfFmBU(7Sv&x=P>lv8!Gks4KIR&ODPPz!@!3HDm$y-kUoFAaU+`I}rBz zpBX|ARSg_E|)_zZPT`P5}KlH}}*t zZZMX*soJO|iWoCXef+jsLJ@SY=mH2UqF~_-ZdNO=IhdpWjuR8Afv*($fn!)OB{QQclu!#YDeV0EK9yh2Op~_4+lf4xXP6tmiQ$_=7zV zljL}3P=j5Gu!@Ye@Yj~< zz3OxU*6!Yb#fF7Xh3@I^1wY~@RI1?4Pf5loh6{-r`~`uE$t=MaBNJbTG9>ndUgwP; zr5hCuv>0dF=F6Tb{kgNdwY%l*`(spGV*1^ozrd-)m(rWp99@L{m=#+C-agr?F3r{9 zSCZ+5r3VM*>D z)Fk3;0}H*)OJrItC3WilQZ)Zf0rqhz1JWITd3j;lfL!*lkm2*Z1cJ!deK)3pX+VKw zd}XD9JpZbM?@>euo7!W>B*G8cn#RTm))W>+kbph%m+kkk;ruZmfBjS8A7_Dkk?qe zBxo)Wf9d|B}rxMl)_BWnseq8SZhh0srlV7Vvfdg(;-l!k|8Ha}r$`3Ocfrww4 z89lJ4T8vffkUCI30aRnkPDgpwe2bY&g{CPfLSM2O;PRTZ3c_&zI=!S_W;%>@TO9t` zwV^DEe!gMI2nT)yF?17CK1#ZS)5kQ{COd0a^gKUzO@YqaYnpa1i$lCl5mu?dW8 zm604}-7_|(rRLGp)Rdj^23_x#gdabA9kgT>h;`nKZ943r$#!{ncRS0!sM0g{_1)kI zUt$mwzyISq*YcaXHa#i?cr`pvO8RFn|GI0CsNZomYQuyIp{b<@i_ipY+!YAg!*LF} zettM_fBfW8@9*fqf`4A#dJKmH44m2B@h|JS8_l}EDY%zn4srKA;Ai&F5i85d^|`%* z53Qr)wiE$77M-ab_oNHY8dj0y7ldiB4PZMwOIm}a%2}>z0rFZT+NT1lq z&7~7lK;4^y=M4Na?gK&0rKztsN+~%!ahDYez=uX2yKS%bQ z8UFdd=lI+?v!#!uh}PED{;_T;*k-7Fl>^pm?J83J3Z{d|8+2G^fV6%U!1oT1P#Cf;kka3NS*N3&kjK$w~Nr+~Kw0r`$19B8%haK-{l zGU~SEI3*8{Y?QL0xw%IDSC3Blb}{G4OEvHr?dM(DW6;`?U6<+;!tQelP_)TY^<55o z$ldBIxv^8J1<~i$gBrUsYMS7@`w8B$7yf?kdyL>1@%Jl6yt=x2XJ=bFE~b_u0t-34fioR=qfoUsPxw_w^-UjQqaiWQQJQY1%| zEGC8j{)bw)*Af5za&`RVem*~pPe6_FW7lImg~F|U+6&{+e_}+{1$#P1_p*(w{A&DbhNe_tl5LQIC*RwA-wvnJUmBm zW3LO;(>5@uMg=qA27`t3KGmhaA2?mQyZd~%APX<=UYH43KFDn&o7>u&8X6?PGag1! z;1{A}YWe}fY(Zh6TmwaFYAU#=0TigfY6a+P0AJcaI3SzFPD)SrhL~pX6$E9=8UQ`4 z_0rSRv%nx4{9cXQy%XN5Wck9KgKL?YkrC<8F)<12NZ@%(-pB*NaIo9h8vw?Rf!6`rLd~M?z#;>Tm-GE_RT%dX2J9u@)ue zLUxz8YZ1!9BPFLJQIGuk^@9KH2^GPqdVm#{2cow{+cy{(mPdHH$VYBMO)X<$lB=j` zW@&i{(xVAQfd`Y>MZPbj*eF-Lt0>3=$xoXMI}aM5yUtT z;wFl-%WG>a9GyQMHAu+NhyKmhag+&THtHGbs8voE>1 zxvsp(qM{<)%knb4aMR_qu};fOUfRT#Q3pc+_Wg!OKtMhc!-vYH#>KqulB)l4B&Xv+ zk-pqp=(j9ESt=(d2f!xDQnLse02Y4YFkrU^ofbNA&zL*z zd%#p=a>@w%{GN@!0`tC7akrLfb4nrvi(gkY6JVv`L^f$ zkMqrEf(+QvmixkzURK}OIAsqF509J=0tyM0??5kUg!{;NCF#>Ao3Vv6RB^Ffs30hK z1+La7<6`d7+6m0~Q|O`r^5*&r7Q{?NjKadl0CR`=4^;lw7-OG>I$x>Z2L?40DiZV( za~3s-=q*4O_wdQ%$Fkb1cM|A`Y;A2xX)o9>559SGjgfH1+tQL*k8~=q0MORHtjYPS z8}j(t!%4z~VyTc1sYvQ3gA-a=ZMWw0!Pd z2?;MU=Gu~}xDKf}9xI2_AcmT7^D`XL!26sUy1J|dtgP_LiZH7RIsNllWI(lM9;SkV zw%C5P0;T|@Q_Ekz+)^b_whR}vy1AH;)KzA~#drY=t7RKd7EDFR*fL#ZK_Ma6lqrUS zqm>?qQ$0Ypj%QMv+ka*qZcT?z45AYN@m)QnL~QC^`(Zx1OZda* z>&K6b9IV3s`!Oat);u~oil{S5E|is(lZz~iRDw_i9}^UTn1}H}!{ycYg36E3~1e&t>zaJf>V(C(nvct+~s$y`@DmOM4-#= zHSMb{pWjf-xl=rR+@C?J8c>89d?z`zA@}HmTL~E_j?4Jb_$CRXF#>yIN?9~Xc1-Lk zMTWkC`y{jf%fT!sY@#3e_gvVYg9P=?P6u!$JY6PmIHIEPp8YTP0^)usA;p)DnwKwC zK%H%HFdfv--a1^Nql2E{BghJA(8V=nE-3x@@k3T$U{SG4M#?dlJWM#y5u{G#24BA( z9!3GWzolhiO!dRH=o@e;SLA^(CacKfb`%ZTKoJupn<7XOCu9P1rXtn=P}fg-0i4;Q z47Gva+o{N9V$5ytE;Dnmp)>lP8GBh-PVjUxU{>esmZs{xPuz<=qyi()rbGF1N3vR! z?U#99*5f&!un*|C;Tzvb6g*jfUTik=z6)EgJy8@!U~jb(D!**F)>%DV@vN@PxyCMS zF#nUyJx)1yA2ofE^v|f#Vb%e?de9~|3u*WsBhx4f3 zYkae|rpEi*_EjE!uU#XE1E<(TE&H%gXv{{DWZ z$KNZpH?~FpBbXe$r}efhRv_mBO^6e4EMN)eUgGOv(f%|}L@jccYapFellsq1!D zl3S~mbVoMo#SGH$B5R~kA2c$nYy~4xP93SpC1!I@HkEl=vd&YHg37*8(M}D&-^0;A zt!Nt$m1zyQx}_Xp$Zqiu_G!IIy%^4Ha(u5-r3n}I8|V@^I61$&D=Xu_<%fcz zeWCsuXr-;tU>?r$bgkQ-`H1xIr5nO=Oz3A@ucii!WiBgJXq9YXmd zJ2{!94u=|12BRiCZVm;U{GFmfz&LFRV5%zKDDTpyTI(K*k`7$<2ipH|y^X3%z>Zr+ z@rYW`*BBLluV`x?M%&+Edl^*tVanWMnDmD3ac=gDY`GitXW~&42D18>(TXO+A{&=U zHO(X?Qykg8k#k5$NLbn}gDxNH#fy#cKtTGE<~ZGKbN+jM#xaM7UKj~LYcA8yY?Di; zr>E0XQztpGxKOzH{5?JQu%O*BYc;pANiFM{o6`*?2c4nVv5PRkBV)wM6ZZ4<_3nYs z9$gj;psQ+UCns{oOTxm!Mt&ecPRdUPw-Y8?Zp^+$48YEEYR?OR^DO6qNX8~|HtF)O zqSBSMUdF}6U0wm*WCSA@S1dE2*0e+aq_Tvk)X(J{Kiwx??>V`aZ7UOUliGHfHx~U< zFK#nI%PxUc|2l%n>-V6X^E?sLz*PKUX>;g{jR@h!LnhGyA%{X-_L}-ft7s*O3j^1w z5M>L%!QREb$-zv9GqztGT()e(_42yLcnRQmU*0poU6!3WR}{1gYH3wi0Q6N~>g$tZVOOU_M1Ul&);^r5 zl9E%?S0Fjgdez?Y#xJN4mu z!S@(OiR4~Ngi(v9=Ckg}*;yf0Y$DJJg9dUJ>j7A^hKGljrHB5<1<^`_2F2G$OLhA4 zpSRvUgPF0EP(z^Wp_;#!S5Q}%ICc?M22h_~$)#S09}h}HrXq|Var+=J5Gt!?J50$8 zvfTio&ohi)B*VnUrVx7X9$=Ia^HWny(yXlh{{E1oWm?1_@eV|nEwMpK(+y2pvuByT zQJC~Y6EN$;-I7~`c)y0*u)MoF{(P(1mFw^2c$_WWhn5N@-^`Hidt8!(OSqi$D70dY zoP%-pYq{cYHx0>ND#WPm=*qDVMT+{^FZM${FV`xyl3(N;w6wIA7R!4_N6;QHw~2tO zLPvYMY~Pyf@xon92o)T=VNzJa?X+B0T}@&A_t2M|$K;TAd8Ymg+<6`q@<1tZDWclY!Iv)?|DBEHaYe}^~`Kb#Z9t2>=Npp6S z09bj*gc4O?_(aa1FEsNGE%1u!$_rwz-G#s(z0T zzfXE=4FO|@Pzu82K2t$uH)qvT>WmrexZT}d4PoSj-?`Hh+kdb-hA&6Z)R+5im=@jN4|3=s*^=oXp$u^CPqwP( z+m}PRKMWeH>6wPudQXOWAp3l}HCXi6@J(4@!3YgOx&J^$DEKa4(RvB*;*+(~drDfS z>Y&E()w7D~sQ5^{9W^M2hkq^HaTR{pL#NWjA>w^Ng&?B4jrf5b7Z?}_aRFRV!Pk;B zbL~H$Dme0yc)HmAuDbX)RhJWDQnk#|(vnHLcTdTAXU`qaM_1PY|Smu3Sb)+QZY6!&a}nvXcC&%=Fv0Y<1yg+5|MRdV1Fewk9Iu|8IvVB#g5>cYQ3Ss}0S)wKkaG*2mKlJwzWJ6;BmLKZ23lyqH=vEd z9>aB*o10_8jNG8{I68+3w`@m0zXBdqTP*@+HPbEwOqK`&KBS#E8QGO9rk#)3Q9={K z*X<}1y#2so>u3;9D;)Fp)YLwCySu-{ zwSUlzWE^N1xDfOwv4%a3E%cDA3Fb6?bAbD8NNiLtK_pP&7v`=c41J94a>u>*Jgq)D zS{Vz6&$3aWdz+d+gS_FN7w;)?xSXdzmh3h6%(M{0xzS<1EDyl*z&JqZIvI0WqfnSL7pdEp69Pew)t z#)?ZV^rw@59?iLXS1|R5n5B&k1ud2=vykhC_(B9#W4Eap@c>0bMwb}Zzvjtl6-Sr(Fkzx?< zWdeY?xR{uH0Dek&_&{yhe~nKerSgH{1V#ET?=PT2; zU>TufbzvBd?gx0%RT^dh0w2!qe&o~BxnXT75M6}7{k8}({+wGT?)~6VB-gcTFG{ST z0nl+(Y?oKP3W28fPhSqTOw`T4Kj1XMpX5_e3#1SVLXhYR`CEcTS}xaoGgzU}x(c0f zldVaj>&wV3EBxyS-ltJgaJWlQzyLXg0ZnJ;9ZD$iig9awzfnG`V!SkxIBB)0tB>kozlrfF*~*amuFbKuJ!n0>LFL ztfo^u18^>cDqZoxfhtXHV`G9nhx5DEZ~Lok9#t@Gt3dT@SLj}S4zxBv`g<7I?-(1u z12pl(%N*qe^mvI3a7dnPPUHjoDJ>=C1}k@#=(Isf$rLbQzuRqw#-(sPm*p%-dPS{t zbbPGI>`OG0EgA=`-~4QlM^Hb2NDix#It#fl4%IFIb^1K=IA4JR@%3_7hm0$BTpk2a zOK96`3Jbs7^m+*_w@K2H#|AZ}rQt+r9L_Q1G&D>^yCkm%*vcrrdu)mNJ}ks(k8FtFZe5|ByMxKU>1 zDE<@5O{Sl-72rfGt-m-s%f%7)381CJaz}%`memhza4{qR?Rw=FMFRsdy~#(#F%>fl z3q$t$`U^Cok5IqGSnP1DGd0OKs-IYZeXOxwvnUH|){%ajIhd8nO__n}K4=D%4AVaXNtnoQgi=aF*t1N}xvwKwb6z{ntPPBg zg7?^?FYf_uN22lf9GBeqGs}@(-TT;kjXWFSDy}c%!EAc{^weIS zzcHQOA^iYDAMS$ZVbGAfjN_rD#GfmDS8&nOdm9%=1a7eku)EO_S|_Aw=fOl~q=&R5E*w6WtLn77IFM#pq_PcAO{xd12UCyvuH!X23R>zbfMp2uLU zA)}gY?(E#lHPPjEE6SXZ288I=FRsA3MWOjL;X=Pi5dH=QHGEW1Nd832f|-mC+g`eO zajD%W$vpx#M$g5)9{#f{anv>dkkz7>L3cLW6#-W$`Vo+YE2D%qFfK>Q75xlqbOumo zN{Y_Zu#98=js`07)RAYcU z{s}jqYAkrX*$pFG`C+0aBUj~szmQ&U_*bpEv9ZJp6&edJO|5C|=*O*~Q{(Yx0`cqD zV^0^1Xzi~c{qquhvULB(lyjJv^5<)n=zhK%2zSFHmBKvIOJGYlyjQ3P$L-ktLz~w# z$V`@xthZAfBVoIsKl}ducn=h+ zl-e9@Y-v|O*Yj2gGy$z`IE38%+fUx3>lzzBCSeqZ;j~%bW?;DMi`XO?La2zI$T~V^ z9q+1#Rue9~0;^bUyaO^#N}e#-AM2(nAfh-ULS-`<= zoJQfttROeH$@rNW01|sGAA<0j;$T63zxMT@$4^cHE<<;{`R>Bg+sRJOwrs52g2%uxF02x|zKC6>F%17J_7eF_R-9UaS6qH1(=tr2BYlh^X< zz28$;D=IaICMUOmkgyanoWn3c#kc1PD#rDNXf-jr$CbFnwW|O;B%id`ZFXD7-}rnK zH&L!%e>0ie-`;Ri7@wRXszuSR0#Psn@2N#sG+`Jv?}+OZ6s#e)czAfKsfO>}#kqa^ zcCc_{E*pxY5Q3SDC*NZv6?-o|Z5WM2@n&u@btqNS%a?jOCTyPbP_dR|Cm zg#VvK;4iYR6>p^x;ySyfRM9{h+C@&5gL*nH`nf&FuHl(1o(u#{ZJ^7{G{ zjH`>Js(KcNulMAAy<>p|FYGFlV&frfekB^^dIeT+&*K956(9!%w{6@2(x1+wN5t04 zc~905wD;c+g4e~Q@W>-Vh)hmSYZTttglA6R%2`m5cnFjo6l#juKI{5$x0LwQ^mMQ2 z*qER7FGv97`7bS9zA}W|GF)7EJcltBiGj;F_~cnsl*I=up#lM|E?9xJ5%*?R(!2a z3VZho2cn+cUlv!CW`jwJd`2&S{ zp(zQD$BsKWxoAyalnChk{qF1e`O$KAydZbGEUyT9#A1v2X5fl+&vM9EeILdL>wDN@ zgfwmk5Z|858Ew z9b+Xxhd~@gBB8?LpNAOg$g;UsQu-qA7>`cZyeIgnQA$!$g;6Mzhw-E>nyi%^%r|dK zbXWyz&dmug1v})D>sqYvSL?hp6_b05=O+bSSw2ea@do_ z3i%b-3+ZUX=p_;#>)K7DQT}^WvvrKmR4J$tn-=Qd6|eio#5lDl#mCD*DG9r@v9U3r zOD`;lqEid;xc_6_`tM%yx|jFGIDjqun|aD_R9%OGKL92jWo50Pw1Ew(sN&HUv<6`2 z0>TfT7AtiykXiWM1g%DfOGNT6j>8%_ztpGJ*Lzsw6uHHp6Grk9)7`dnT9O)KsqT36 znL;l|?2#BJr}*vL1>i2}xe4l1>TwMXs_EE7o?c$=8lItkK0YIz=IGp+89{UrW+GbD z)RabsNMcbi$~%E7pO3E=Rugcc*Fh}3Do&t*kY;wa;N@=!#nsghX=YL(hW~WJMeD~Q zCrPjr;PSCem+R?lr7>d1L8Z5@!x&QcJXhEdTOXRo4USn40$&1}`Vk{oncv~iyzoM! z%~fUw+J!3EQnRl@cAxOlhIH4$~Ex_kvAI3gmiCVCb86k>cmu0J~3M8$he!@`tZ?S5Zl zqcCN*$QySnt|S5de_ZHOgyh%8a9d%DU;pqINg(?Z2%~H~D`< z-mPwLqu;-eBmG*Nm^ixS|BJ4xp&|B5*=Ook-T5>sfyqfpBd$ANH$SIMb!%wW zN$KloY4z?yi9Vbsi1hICs_?Dc*`WpAk{2Klm=&;F@S$n)8)*xBPBTcK_szo~$2 z%w=Rf<0N!;cK*~q_V~D@q@=moTday&B-OpB-Dp5t{EF_1(BGlTIo_v#MqZeh&bw=d ze^o}~+tNJ~=cNbZ#t-}YDs*(}!aMJ$1*MDLzyj=xld3HNsuPFtM{t=41GJA_-rqfg1aLPqCT;F(p|<%dNvgQa z8l|I#WNz?3^)=CTgEh@8?Z*20m<|jc)%%q^98Or7l9?q2cfRiKrlv_4w+@>>!rdYm ze8WSMulGW?dUTZm25m}PW%0~~ioM~-3?#SDE^^&ac+Ds4G2|L@afj5nwX@S7Dkw1K zy)voyVpDeTF%(?P2w$<{>q_e+3i1`!iN}^&R3Kq;CzmKSEp0w=d^`!}9WWW^lDG{8 zf!(4NFYGK}>Ivagp0)FT0EhnMX+RyaYXeBjeEB*yG{I}L5T2SxR5y^9mi$VmyIsGe zpA5HYPDLf8q>Lqi%=prr-2MB{zI;qo+4|z@;_SSR290aC(4W5c70I;zXei&5@7;p| z8W;P5x+xDUK0ssh`NKmvu)=e4BnF<}-un7NCz2NHARQb@-Q8?Alyq1lE7ovv4mOQj z+@4B;x8>coQhh^siEAfU>M4g2INxBx-?8)ss6sKc{vlR*K_SOE(-$sWu$n-l<^7&* zqVjNQAMC_Zg17|E6Acql4;|zxC;%i%X-dD+>^ug06q%CQxjDBiNDegn-@dIz2(D}< zXP*z9<9?x&DtLZSxUIFdtV}E)00G&ogfwuf%N3jQN6kkromRA(Z@eK+rXx~NV1q|| z*-sbPtE1Xcal*3>rg{J(+XJXe60mcae}2JRZx%nm*CWjCO|(_DC(mQhgjGvWRnXAjQl!Gr>w254I6Q(Q)whuwG8NvYuS0QeKOel-m>Lr=@>l& z;A+`!rV`u#lE3j&{wsg`^mVv)babE)pSNevxbH8lDkf5dqBv+n)<%>FVbs(|Dq0pO z?Dpln{jz%O@f*yMdJDdNam-++CG{#KlTp~OJVnWmQQ}f zte_sRaNiARMl$_a%hjej3VshBK*1{EhBp8&b8U|R)U;3>GVm&8jvFf4uR)={(fsTg z@zwR47ufD^pX{EgW5zgzgk5m*uN)5#cThPcL8hv}o)_G7kEl1JSiZ7?r#M+qmpX!^z7XGG&0 zld_O-W0p53RTb__?i3CHbOzTz_*d!e-Drs?RTOYY3s+n$bB&^wGanb9G9mma^ z@zac|-2eYn3m|vENp*Mg5kPG{RPm93Mo*{16`Km-`Stx6KrV=k-}b=(d~NW`6!7&s zgPE19^k0TK67nJE7sUs8)~_T3vhfg}`G`v_wZ*bJ`W6hV3dk;PAt!NmpGv@cwRKa! z5hV$ZM{`w%Xf742rV2XOv?{n?UVxtELLg+><6x40<6cOk!s{M$q9)P0k0Od;*AZ(h z{OD`x?b?}{nPtrocDc8+DHKYBdM79C=imE^@?u5K-Q>Q*W%cY%^ngM_Bek$$8BwRE zhQ_3uindI?;{Ign;ou(K&E1enaqilZ>uEv2kx@*a)mxJN@}cMTsOU)%nQ z(f^V}FB1JtqOp_Y95RnAKPMY0Zy?S?gKN}=G$&Cwx{ip7dcAZWlOrFQVA9YEJljvB zu4^YiWlDC<8GggFY$f_7h;FFx?cyRev^Y6GWWgekL+i%4wh!(m?%qmo!KvIYsMwG? z#_t9eWMUFw%_Q2=3!SpIP7&MvA8qwMKk#zD2Um+&2Pdmxh0`E|^ZIm<*>PECKAs-R zYO$b#%(-#DysS*SxOTHHdBe3VLs@Z2%H+XKGOK~EY$wIIUs9u48%m@w1c?I$Y-C*Q zSmne-A4^W5)CmYEtqdpVc`w35lbu;}=GMl>r{gSQMUVCHaE17=gQLCUiI3|A7AT_H zr^-#^BE_P$*jz>rZDvV6xsW+)8OXT?CFRisNUtSFuZ9HYcQPuD8CA=C7rK{i3 z+PLObQ^s3j`ZRBaV0_L+{cS$Enn*&cY>@LcQr~d#mT{({$Tu*fTj-T?LJJP+3-!Qu z`ro$nzoWzBDk>Zm6b7Jo`G4sTPQns(lY>qzO8Iz#vx;mgIPYb&nrHn;ITJyGAhOIR z*$if-(WvCbyn$|4@bFMoc>z0=6xW4X)O2@#hlywPCZ&gzGF>rrKh{R2Ymh^-Eii8F>l{blMb{b7z?A&|;FX1Zc;zlAcGsy1$G78cOD7h3D})kKF# z1q5Q^C;?D>D+D|_osArm(;|f2ON8h#X-5dA{5WDpw-v&`&inn6rD~;do32iUwyo{& z6!t2-dWILl26sHaoWOJVo@m*5vH}vB!I;s8?GHTz913oNm5ZVs(V7P)@4?BCV7Rd8 zNzf3U?Ai=3)C)A_)pLBEaoL~bO~UWo0WPk;QFu=DKsG~>2E)ypC!yH(h8o*P_O7Wu z2*Npt670{9_58>wMOPx+UK4d{Z26R$5KvOOr3C3x z>5>p>q(iz(x*PAB?YZad^Sk@<$q%A4@B74B>tE-^B%h!Fj3IY=S%rmook;s88fusA zRPkX-X`obr6^@R^eF+UPdPv6l2|0bq7le%LQFh$D0k9DcqOk4RZwy`{EGsJpVT#ys z`}&LvwyB#TEej0t>cO~2xhSz-n1cVJR=^B+gNRgdM;!03eP$?A8aZj{A$n^R#Y&*7!+wL4jIxaD)e%Uk!;rP(O0aHQ;3>*1Jix+7YPs0h8eKLM!O(4BsikgoE2l zJ|nmNCONl#R7{3L%Wl@P<+s7XU<|yws6gUUhR?XKSn$oRgl98p?pN6J=BK!g$W(_dUhpCXAU3C07lS#-?4GHW?L1NWVCZ5Yh z(pi6)(k;x-6A%!9nxEbW3SZ0VI1mm>Ea$KP=uO|b+w0)F!L;y)9gHwaR~^URmi}|8 zYUku+Wnlr)3`AIn#`iET9N=+S#5%0v_c%*WO})#+R0Bl%YAweQ{FfpmNPieRn;054 zx6rPQm8YDt2Y?{3&0QoNTv@20)`Jk~k~Ekh1TN>PgM&ouF|>Ywf;n8Eyg;S7Ubwh? zg!Z}az5)!=yD@wfkigq8H-EP_f_?pZOtk}qN#*BT1`1?Hd&o#JG8T{WQzH`sr;X zMD9IRQ~PdiX~}0lpN$yxdSALs8X|VUf6MhieyslPY3lx4w}u2E-aLmbtn=%*q0H3 z`0r4gM|zi#vd0hpsPIvjjzuYMw4Y9x;#ILPe7c@HW4P?!wi;Gw$U{&P0|X5hm%OT~ z74c~#v)CgVe(YsYz>Zal5m{HG(J{@gq#nWiac*{Y#TeYRuV9dx5!~sW_%1Xm)Sli5 z;Ygymh|2Ii%!syoE|vIz$-EO33@Z~vBIkiKif{*>OP{(>i$-!R06D$IrZ5SuDrMCr z8WZ#$;ZIk29h0FI_ZVbB3QOwNarOzQ3&3e_J_q_}^dvkOy10&iZtz#SjePr8kLzf5 z(=o{GSL^#cbxv`A4*)rX3$MHG`upEh=S|vsTJ5Y9=8O$K8w6OuuF;MUYgePPn zS{8Nz()}9+|6i9yGdVz52M5lwsqB1zO)_D&ThyT z=+d{5^N8yV;A|0vT1yU#NQMct2pDPZ9uBL){hNKs0X(BM?$_yj{0^9?Dt{DUq=ZhI zJ>>WM9f4R!Px06*%)lx8TT<)?{pm1=Ad-D%7b`d>DWHp=STtpa~`aDGfdk?-}9?#aDuRd~w8JqH2yuQ6Ng@G6c**V&Y-9cR9}-g@amU z=~u*hd=D6@sFb4>)M<1nMtfeC=rstdU3@|f>R;LF6Z7P`DR6tm#`s{syA$A`l zl>Al*5f9T2PPAWk@or?M9jVtpp9as+FvNdDw}!yejXm?_cK}B2^z=<biC4S;l% z^KR|WtYyiagPuCaS=CbIq$Ju(yD|$v@f?(#YE^f3cb7P-;?&f9vp;_hCmwd@4vT7R z#=1(5F{s?kUaBtZaIlTi$^{Ko&_-soGNI-*c=lO~Oz{d2frjvJD9EQ!NXn zw%_YzR`8S5ss9EG1N=@GE?vvbc>}-{;PYSA@N0{s%%pou)7=Ny95oxiepQQSs+vOi zMDK9)EG8lCzIJqIMVq}}HUtTnQf25BEBuN5T-lhJP@E4TI*N*)a!24M>I-g6i8gQx zgAKXWvIrbUdg0heIO(3+ztjHXeoIqRhis!*`A?{HIFqr392|CMoAlGMiBc4K7Uku; z5CQ)F^VRPQ3gj}k&lCwB%^yFk0&Mj6c6>#DButXa*sz5>nuB+$MXT zuk*#10tfYry&?Yo>9p6#XYfcmO2o1Ptk(hChj#Dw4hI{QR|CDp#l>0Qfvn6vA8w)A z(Ja6vHQ=GD%CSz(FRZ5495@7E&*mnpHHMX$ZiyqI*{_ncR@$n5ahiXww0@v?;s2_# z&|U_XU?X}=Vv_0g9Q7qPIXR;6@ndqE%N1b+AX|!gMd<%)dA9x{QUAtb(N72f!rd4x zvm#5mjCQxGy=rGWhBRp2Kv{R*^Y zs{D_7vM|v@?1sO-5dug9J;}3@i<~n3FQ4hta{n>J4rm2?1 zI&t}`!UQ$*lOkDF(`TEr)(;w`|B~{umHur`x`l~&`t<3)zi(3uZQ>9hlLf!khyhU5 zavpJ+^J!R0^7G>2qZK20IuCdHIZLh9ciJ)*ZZ|Cl1Wh za&kt$BpZbpUr@T#o5~C|<5i0Tt8}i3V3w6TE)q+DKikB$RiYjBOc~S63tGwE_Foo+ zFW~CZv=WoyMkd)M^ha9NFFK7yZGNgTB{OT;xK@?0@m@)_H_y8Rcjz97e`kk*hqrzN z1|R7!Q@69A=8iAv(-ol}#4?Pl)Gs}!5mrr$%g7s*rQfwz=V$HEB92;IPZdfyH45kj37<-8($Q#l{AMs)!GE;0W(u)8_L*fv)-yQF?Sx zkD;-S_O}RTG7Uae@$ESo_E{pLdpqd2YIEY)r5w(_0A49`$Ym=$Gg17Rmw`WxxH||N zm$|LGdPJ&$-e6ji+3bh?g_KJRp%R66(a`Q%U>s%q9bq4{n(>Znv~?Guz7KKriypTu z6zUF-yTI$A!~9Ds&KCW*mG-ZR{BI7n6?C~Yf-nuAjl7JDi_2vTk>5c*^9_s)5WMER zL5YzVcbi~Bu>52sx+WnhjgKSX^pT1&eDX9tl7|is2j25Kg5oJ+j+Z`uyI(w>C??ck z2!0KixC3^Jr*%O)dQ40vTP5@oy1&8&f|f6JJXWhX{ka_a7Z>tU9PsM?4HcsLGYURT zw3e;^=55BpSp|^&iFy<*pTL7-FM6Z&qxOEwY0S2fPP~YYGZNrWCRGcn$G?kD(9-;l z{gmQMEx%dE{&Iv**F`v$*(Kh?SMLc2?Ff?soMOKQIlGA&$H&D5@?aNweIAG!^G4Ra z)^AVETzr9^pw)@lmHl+c_RVPeV8DRFpLJf1vzD$*tBn|Mhfq^>e>0Raejuh_JiItaY3g$1S*GiXM-XXgWTi4{U+8%| zmXY2+lC0W+fp$9vwBhYUqL}ZRu%?&$TP+L@&7D=OgcbxoSd9s$_g4j{M2g- z&0euCMfk*9{hLuf3 z`D9pA=g@G>Lz95D@H7ak=ok#JA{8<7ux2o+l6Y-vxKfKAg4OiNYEk>xlzjTTin-Bn zfH!ZJ(Su!gUX$B{Ynao2JWQ8=d76?Y?3K{%ZWK~xZ}E;B66Rk~2dnGYi{h5BjCjij z@ZE~!FBizph2!Ti#H22!sekJH`_N=~apBZx1(G_TJ-(931tA^8z6YC3R1XllU>O2Y;Ukyg?cum zs7F~X7&a!LPVIWy%YPjp@JGFIXrsF3CE0=5h#CnE#Hk1C<4n3%4( z2O_Ep6z+4^N7zykcSXn+DsC%TXmxfni@piS(bev)FUnkTOHmene5&OZdi>5mASXw| zJvuIK(>)?T}iKf)pxql#D-l4;~f3MB7Vg#J&@u)Msh=|l= z?1z$2`xj>pxDnh${d3~uvxi`D?JQ;>Cgf5~cz)Q;tgp+_(YBAjM50PfJx^FI6Yh||+;7d|9(t_vT|~7EDTpnh|lkO>96a zhUOO>L|xjLc|Auhl%<*Lv8Lu~Z4EYut*C0@j6SR+)wkAk3;Ml{yQ)$B6_PY>yc)lo zTm(G#e75v@U}f`S$o8Z*ILSxy_FFIX5T9<(#-$-uPZ4kDn5Dg1nOgT^%jZ{a7xz%Q}dr~KA+KX zHt$!$x9X0FPMpKP$t;YPzV7vbx)koLO<(aZmR z|G;--+km@5UPm(tgfP)D+k~7yKb}SB^v)Q0lcWr_97IWa$PUw(VI7 zGg3r;Z$oeg`mY-kSn$7@$bWk=KZ^ifKCp#=Q~#cO4NuTou*lrtle?=uTzc|dSs@Zn zcSNumJs{|7y%M+H^i2`##3lW`6K4i_5EXoDc9Dm>z2uIR8xWSeh3)E@U(xk~u#uO%ZO_}^?wfKvWXt>gsmuX<>H z!0p16!v`O!Cr?1n$b4C)9oaHzPzzG~nu3H`QVbn?J9C)F88K^_3Pm`48e(azPZjGg zRkzH-l#+z!|9g$n(Es;;_;32=e{3K)oiu9Qxyg`c=jURk5p03zA(cTY+%0gLzeaCG zZbi(}2bWhOjj#|6c@FSjN$lz4-M*7!#oJ^?CaMt>PKrdG86*~H5^(uiX8E^i!g`(` z!pwS;5ITCj5kg5GXcwcl%aQ2sj|6{w%gguX`tLcz-(Jj)0XXgofH1Nozp&64ttBc& zSS%FiWxYNQs*^X$ui7C(HHX{7+l)Ze{YWb;*4p?POZ)Xcg^jGMQV+@3L``4a*W$8| zuFS~5#5OjB8$98h0OTjnte=Ie*G=jBhVW+W_jZrS&n$1y3!{Bo%wNd8AOG{IvAFRx zNtp)fBf3-l?P>jH+WoBpzt{5hYg%gRGjLD?QfWzf`6EuwB*;unNtuGjI`TzHQF}0yZKLE26RwmuC1?&{hWUWTetY> z%i_^VTVuGN%qH%qj(R(sF}F574TBmLceHOZC}Xg}Zw$n5{z_#+7r!4k(157;^@Tn7{!el9 z={tLmP>sebg}?Pk|HY2_`=^bIk0&G`7#JG5-r?&Fh&4pr2G&Tuv9bJvj49ueTuhR9 zH&Pn;{i}H#w|+kPxU%#3qTyrsCUr+@X__LI$JYW|)co7z^xHYmL*6-PzlDmY$p~A$ z!ju5&l9^}=(Mi3C(J~dQ2J&ZgO3%!ViIgghjfSrospOZi9&jJ!nxKXMK=L+QGOC|2 zLvMfM`eWPATh?`6)Gy?4h<9z0()E8d3$+CIPUU}2JX`$8;NT-YDKtanbcsvB(c|d3 z62;s2co&zJ1p^xoMXs+rw!gAGf(%5HiJ)^FY_ay(o|%gF#Z`JVeS5@V6^;1$#8E`x z>E`+CpfMJK5Bg(sy0%II7ytL&f+i;QzZ-|EV4kC((Ea}Xdx!_@;|&GzefA}^Cz{>P z@sx9<;m=lQt@PR7^}D~Ne(YQZ&7(laoV&_w648-HR}m56pTq}U)(v(!^sDA7LxWeF z?v0JEI{YO!)PpMtq#>xE|0crxXRH4c4+`cP|L*UNf3^)db4d}t7El6$39mB;C)Wlj zmz30`M#gxTbKZbToaX&M4={mwLle!s z2-+x`j&Q#_n738_nMtr)DKY(|#8k=I`2a903v+W2=YUy?RNd`>s(@gi&0nXZp?Q45 zRkE_WDkCMO#>{T#_;bMQbE?SP+}sDvpS!D|04llf=tJ)V($tzaJT807;U7PyuzL!d z6(NqhSwTuRI?BUS2~7VeJ2y8!FenNf9vTuC6JyMS*-Xtp&vbrI_U7P=7+6nl?d)h) z+8g<>4CQNx)OGvU1O&ndD`Mn-`37<7B>*$qoJyC?jS07|6hYQGQK09TH(aAKqkge9 z-SFiu08(nq`|i?>rqzcyd?!1*b?{^wMZLuJE8!)0KSsMAtH~jHIlIY7Z{6y^ zJE_M@D=th#3dw<5fFUa zZVGCA$JrS_M;Cb)^Bv07;`h@2KXcQ9f^`6G4J@X^3~V4Y89=h0Dn5SxmGW4?&p_T^ zIQr?CPjz+m6TR8gzfd+Pfe#x%)Zyyll4C9fGfcii47;BL^lAmlKvDzr3>QnA4LFOr z()Z0DvakST{97ZT0%Px6_%Y}he#@4}DwbEq?ZJVELBJ%0x=F%r`Nm``eErHBFe{k; zzOk}`Ql`Z#JNhHNPzw9p$MlHfYjixOlaoG~p{cYwZf>W5Wk(AsTUsK>cr%ww@89IO z`p>p+C}1D{`VaY3e0VNI*dQ7Z7R3OA1PB(J8HFT0yrdU!!qAk?Z;@TQCZndN3}aZn z*z4zv1?a%Bs?h^dGpM9Sa6pG7W1`4XsH&{I1GH4JWM5GEWTmI)_JIkhv>F7kYL(Eb zMtd&zJmckcGb&Qz@`lJYMH;JAaN$u`FHfZQEfeJBO~Ci|5m}~~z9SS5?jDcJKDi&; z7cwxZcGDN@i=nFnHkzCJA~f5G1s$Dbx)UHHpro~NM1#zpJD5ui-EKaZXXlm#tbsII zODCsb1{^euD{{{NysI10Lq3yxQA1p!LANRRt`ns;d~0g569yeLrW_wkN+Z?ni9+F+ z$;nlPn{u%e;BO?ba2mn^%GkvKN`ADx-D6eNsI@Y6;fCyNQzM$tW4m7$FS(EWA^@bL zj|?utgWT$5cC%o|)Lmt1dj|(M3>p?Cd(aP$2&3pz0El$l0nv6s9yF6tcDSLH2wJA103K}beMn->uoJ3Kf@NLUbo z*Eieri~y=Er4VU$SU6X&Q8@WrEKrdpqfUerEltf8$4$U@^N3h=))p4zC;^H3S#DEO z4n({7z$m7KH+M{x|9@}~92mg$Bp(=3=cLb`J)`0v0jiKZER$4h{N8IIuQlG0#@Xr_ z8Oh02&iV2s=^-dU+VRY&?|}Xo)KXCq5$|GRz+mYa-phT42X^t64FHma5DK+{@;plL z#bsif_G%`rZ2WL-k4?;uKPa&2}x&W z@cN8}TAL;GsNZ)a&+WWQ1pOp+DCN4w_$GT^*(w*wn~e+xtkT@O$M{JFm}L19i$=En2$IyJvE;0WTx?eY&Af=e@y! z0oya+ZnL*OG`$I62fO5Gl@ntNF8K*k*S7=@EXUgJ-CdMU_f$%2rdw=@o@k%BE|lhzx5l;07n>be=|XAQKYs# zIy$ly2F)fWcFPiFwg?FGT%6`x@iq?RWo1>>a^QxgGlApc9d)0$Ekszy(}>05sqOFY zx3vNSNSEeN7=z-K3<4%>_}c1&qE#q_0Y5EZ;QKX~}fXtwOJ`cczkm=UY7%u~eecNlbu(XT{ z2h7XDV)b1@LdHYir^HvUzR}*>-d-=)G*!fj2Evg*Ak2#$l#HhJwtu3OC9h#8wzTcB zsi=X!2mL=Ev^b&l56V#S)2at1`P!AruTj>Kt=CZTpLd`3ltEOYiad-WU%uo&mq}T9 z#0ah*;SXX^NAE`*1hRf&GVgIf$Wm$voPs74U@i!c=o2sp<7oy*N83yJ9KC=wOq>GI z6HlI`E8Ezxs?qafSfVa>ueXwRJAiu`ijHCeJT7Es1@RJ8kt5>o*AssfiD60L5fJ3R z?H6mZ8`TXVv7okfcAl9A-$EmlNgTq_-abYs2~>x3vOJ22hH%QKXf1HJkdr5Y4JsUf zQNyN8%eaRv;odknID7G7b2-q42=z< zF#X%f6|8-2^5E-R_5vV>-}?u+@VQ(N=mYtSD)-IDk2X?L*RpcnBhPv6?KESd*w<>H zNO|s7UQ$9gH#++HL%_p@dwB3fKsqfO`EL$xU_d}eMK-0Npr=lv)fJFxYpY6!2Gf(Q@L5f=vr2%Ks&x=ViJ&dMYSA9AW3vZsmMr@3AvtJkEbaG6QM#QG9hVc2I2sa zcV&wYu-&)10!odA_x8IulmeYXNgqt<_JLK`1wxicYUIubqv<;E!;fy)BC=JGX5r7M^n!H;oqZjQRB6cQ^qv!L7q`{f>1!GSxl*cX0KfY{D}Cl*z& z?zB%%rhfdm8J$U-LhI8*54FO^FfG_|aMM{`;bF!^kv}`W>Lxtv4<)0D$;9~U~TjE z5fM@5ruCJc;P_a5R$(6vd~=b~sflD88w(a;loP_=AKw;trs6aB#!xM+uC9*Qq#8n$ zvyP4ql|oQYkD~ksBN1U?QO8%%-$~5V-GI%{N+&?!F72h<-L|nW;jX_ zLVgznGYs@VO)rm`Dwx0r+Znk zLTUM8JNR1CcM870qZai@{g*jByIT`LyrnKSE_oM zoQ`Zuv(XyuEL*faJgRtCYhULVbY2|Dc?x%LKj4@N=E?kU$OqnGf8X8U(F}O}83G-r z8T@!b_lJ^SS4t`CRxh*th4l<>%7YA9t{_?Ii7r4C@j5%{~m%@ zY^;HC^_WRJ`&8k8QJtpdd?)>`v|MnyJ0;~|%K09CP8yY;7K!d-nlXo^sjlnbFx#}L zdqt^Bck)U?uvg3UBL!mRxnGA*{plDnTXkxSR$nV?5aZI6TH$IWSXgt4+>_H}$}i9_ zizXiD{&F%x_!x#-9k`sw8MJ|K8=j1OFWcSwWJkKtk~H(3$OO4HSd{Ti>@^MB$>w;Y zU!Lv(1vS5$>uYu~$5)Gs*xF?Hvy8$9;P=^d_GjEf6TTMC&*dpj`#%eDHx+i9YdoKy zoK=dGk-cPpob+?rT77i_Wq6=0=Kk+kgMv|+p%e`{Dv z*}+i|7aIc|hpoy#@;Bi8>On zc3gwwnTi7)ReDr|g;HzM)Hl$nfm0tp-(po|CG>RdwVtSsyE3Xzyk~fLcycm1DoQqp zPD`uyY>tmWNT?yIc^lkS42_IbAXS2}n@t$X`X@A@o#KkX+EG(0Q0aTNwZe57#m7ZT z<^fR$3lkGW#7{zEgy1rhkid|Dre}UOAL=kLis&va;fD(>I3U2u(Q#*gpOHm}InN(T z8V2HT;k3T|JB?sW;$N0@cqBvC;~0gne|RILxOD#TVy1or`U7ELzr8O0Hk7bD$LDX)R4ZKka}^U}NKp zcB#9|Ys_HmTMhLyKY5nUt5s@9rN6kGzez5Lz}Q;-*yT83TI=dGoGPN0*7famNTsDj zmbLa2wK6BQ3x~Dtch}PesoW%e^pJ#!Q`4;4W7nun?OEw+VnIQJM&p1m7Wc)j=@Me% zGf`9F*=6>n(MVQTog|eUQ<1V(5;3AHr?=WFICpA_RYz(rIof$Jq7x#QfHJL5O#mD%Ol!JB}4?e;S|x#&wm zJy&93F0Kh9B6W53-5Z2|ptYpaurb(m9Mj&@I(_E6+j;m4dD{QW8rTP-E^LhLWkpuA zorj)NgZo^i>36A&j2dFN%3cD;hv1~zi<;_k9a8DzfI?lJWZT|H1`5Qup!@l2cH7s? zC5t*=7}s^cRe8~v#`FB9aD1IhmEvph0Njb)99YD~rUy(8c*=LM5dj!wuhsKIvbApw zt42HQV`2nR>K55iL~1;3zOCX=9Q`O{SEpyAr?8SqbGn$1CD#M3ng=G?G~QkxUKaD} zK4grfJ-H$aDI&F}2Q}vCk!D8IFAnxFZP3UgXJ;26^`-WOM-(;gMtQ(J<|84AApadb zFh4o3?$4#YYq9@xfy#-k+zqEkna!5OJ3a?5bm61TPq#k#n_W}i%!afIM)tlD7v=s4f%y_* zu(8 zkw9AXKSoEnVCu(CK}y9QwbjWPF!qq7jlN22b;ai;36OfWZ zDAxGPQaT{%ds_ka2f@gW>}lfV?>fQ#3%2*|t#xv|^s zVlbVX8!LG2QbFh*(ZYi{;<}?I$SOUmo;sJ0%A)#LTP4c|3FA)CFM_4POYp3QYoiXv zCqSMBi#E}HL*D~`pMUx;GVJZYZYF8=K z&dx5wSbkv0MD6HzbnNf3=e3!D#9-8Zjs+@@7*sKqkjq z-6~}Q1AitI850x410D(Qc%QR)#zBZ*eH42{L2+%vC7_tlw~Poz2r#0^Y8N;98DfTX z{68Wq@05-Y$U2JVd@4znV-_vs4l7wWiRf$GjeMjiI)L5GY)W6y%9!gpZEZgFsEn<4 z$5H=0<5Sv1F=ELsREFntJ?&xO z&>D|?E}whSQ#?28m(!T^4*fXckJtoSF5Cq17E*hsXxiFD5~(+*Z5fQ!*E0(;62Fw! zY1Eea&X!D`Kd-acIA-{4OKpPh`-t~4knF7|wFf4?9JbAgVBkI$7iZZz%v!B`WoQH? z8MdCed6o6k(SW)AP)hO|H;Cpa<>MI89l%ypi>`J%bnTm{W*)!gvaCobAt@(kA(l)8 z=NunjB9{%zT4iYp*W8cZ(NrudhsDmqybh?4w@3P^p{ySnDH&>OlOMpoiC7cSDz#YR z869Z~LOWPze0lVK&bix*-%Z*uE1!#xyqVI~FaDih0B%atxu@=0--F?{)*n?3Z^pD! zKDgZphCqPiYf1>+s&b*%=yAkk6h+n; z954np>bwsxdv`hQ^EJ$|3h7cJLgU570ZT^_vr*#H$B6+*cLLp5BLtlI4e6e z%Z(DPf-G{cx5{#npGn*r6`u6K&{e>@ec2(8G^$f`#L1h8-osr=Tyj$CGu7ZXLyrUd zKqT{4P(HJUUDX?|!O`A^p@}yK{BxG85d{k|TwmP{RErsE>&PUt)@-Jj@D~&eYBsdZ zrjItpcK28(%Gw1j&B%~MEPK}DwXUZJ`h!o%KYwl@$l_Iv;_PSW4W#qfllnD%+ z_(3bd`R70zb9XX@z)0oDlm?6K?sd&+fpCVy_~- zHRWQDR*B-FKo$x^I1cv(ic>(3iO~Pvc%oWbWYq{&u)FGR7H^rtrzNgoWk72Iv`!(J zuM&Jxl#;h(z3Ej=8vv5Ygry<&M31(b-QDwoGlykuH0yjJ|vN-pr%4=#| z7%-;7Ltpw~09w(k0<29%lx>$hT+THwpQOZt$T7MT|l*jGPuE3%t1T{&Un zoksSrp-udoNh5t(?dkrJDIuFrSPQr%N>{!sB%V`8AE)P+J%X6~vvhp5%k&xBWu;$& zpuAgG@MvSfpvUzj|Iz`xv7Ejrp5yPj+}{TV-cswjA3YCQ7V=C;Uw%u~)tM*wK9_2} za$iUz%D|0eGXL|77f3tYc;#3Yu5Ap;6d_&Y!S3#h!ROkUQdVP+nb2jcZN(>~Xn#yAn%!Af+dt1(1(G zQh4pVlkp-?CW)=)w1ib|gw#kZF4&oRt1o5SOLD7+(3!XejFfItHb<(o_bD zBsm|@S9!{-RTr&_HYD{I#ktfbJq$K~-1J4BQov$+hNr4NSRb(oyXePANsM66mqxYM zWnLna`X%2H&tRi0RnV=DUK(xrSjR&h1nZA5=X%PwV}~)L%XzEf#c$r6D06Ii)vt|K zhTOW0#$Os67_yP_T%;=ow6gUw4;)LlFQ#iNjQzD9ok~QINbfD*asgHb;O14%RuH;C zP$0Qd@ZcxYO>{09+m1)ohx@fR{p54=nMCfO<#QlCS=uD+8nDN4C&rA%cGNj_;Hnv&QW%JA-&%s3TyGaWogI>v>)Z zm$0D6*%LxiYFO?cz@K|a40<}r*8(^G_W~wC4Ht?0K-C8}^?-_j@_Y?MEr=S=U$w0X zC0ik&4pc}H$hfnfNvH4vSSi=6rtg4g9GTME*_kc}Jt@}p>+P+rVH?3nofD~B&7Do5L%2YW)3y7c3sCb93CUE?0Vi=r#ylyLX~_u}*6O*5B45U| z{5QamE|d7QAPjkmK+uheq6pC*ix@e1M|~kPyrulM&ks+%mo#GHX7x4+aq;Msc>*&q z4}s5vUHIdWDfNWOimbqYM=T;hO49j@Y5Ka{-pK)ME;>JIvucXCIFh|DPm=N{T`Yk& z*as{^10cwtNr=15l?8Q6_EFevHQ6AA88$1Jc4TFF1kZSB=Z83gAQQwUlEbEU`2nQm zfw*9Ja%^hLqz~wcWlM{07vnD$?$eUNzNv9Jzxv$q<#Fcjx9yW;ty806VyO}AwQ0T6 z$W0d8n!~2gA0*7XQ!JwJj08uZse=s`u5&;!HwwKV;%<^)`O|r`XW;$ev}wHxv$Lr> z-tSFg{1~Fiz5@f2@lw2E3HMH;Jx|WX6uLv_q*^D93ajj1cE8!BJhWIHQlnB35(_8s z_+?(5ik5P=YN?nx0rN3 zcEkKpue7&ymMcNLA_6-lr{ypoIUyWGAb9?QSMl;-VT~Q%c74oN;Gj&IWz@ynbgun2 zr>*^Y1{8bf!5Ej4K&h0Nx$Zr)ur7SfiM}uU;hd|;;1ZbDwAI&Kx*(OJdNFq-i!sqi z%l024@j?07UeVhy?_qbu!JnX6yJO29R3@~M6#ep7oQODQURr5GQnzMHj6zb-v%fYe z=JlPK72&AEwQLe3#kkGs;%f0({N7$$D(+@e(#B7QaXyefr|};C9DKU>=d=mtO3Y)<;)8$y}-jg-c~^I>rQ^=K{Q9-@ZsEA$=)Ot zKLR)*R6N`>U*azR71|VFjS?wufHW590+v5Mc@;AMXaDxFf_xv8JC5!l5bsoF>vFc~R@{*TVcTzTl&nM$mLV&w=%ps<1azKyvR^@DAeDY0J7V$--^373TBo)UcGUSsIDm=~ypFb5{lck^Q z9y(yDDJCaww!+OdLlMCa2_FIh2O4knmQF;&f! z$CC1>cGd}KwL-T}+ZYl?IptAvUriFtuk3N6wVh@*#i!SLXc&yPM(_L&6jC@I8m_n8 zC8A;&Mt1!=$_n<7m3!D#w&Ts9D>>BUgU}6&Wf8s&#QXajQ%u)sXt=r@0#kG{OF;D^ zt<^kRM5W{Y%tC?>5L4S@N#^BEC2r1x1g!DNm^RJqEBqGCMr1kh65UGH5%SpH1zA7 z#9cwF5Bd2uUlS-6t7hyG30SQTidqKXK*y43? z!f1lF(-)fzA0J=T)KpkR@1bf0}QB2o;@P6Z{ditLn zSCl=jeJog~%zM%XxNT)F#5KOgGJyDm0ZYU5I2RRtD=RrxGjPdDPHyZ(mr=yw)VC4b znG(2HLk$1!+gUDm9=69&A0;#;e%N>=S5W7?37_x|ne5Vo~1tv{w1+i7SVL}DEl&*tGgd?=+=sG|Ka zyZOBkgqKje4~EUDeVTi1xWtu>(bTCg{&O7rTR&=aSnIi+Y9L%} z>w>8x!2YVRFF8Q(Em#>OQxM(7F3MB$2(GPo!7ZVxJ3y1n&o8{4;^C=O#Xm1zR)Td> zns^Z9T_Tm1Kdqcc`+V^}>u18$ndR!W?jYo7kU*EhYpv5`pS#r!;8n9@le8!6kMD9F zzDwC>;n!HrZX@_QL(FFe7?loN?l?scgmLZU)Ih+(yKF0Uw3&;$06a4yxwEE;YCg z1@s%g#oF*x9`u9fC-QogLe7iX7v#j1Wo0y>L4Eah&@@TJeNVW-&GInV^$uG*9#T~D zhWv|P8&PzOVRPdCMc&)&wx4=~LsHE(=~nc)9kTJ_WZUXRt_#UrtYM3|x=y;sL~ET#EJS4vUP}AmM53{$XZ0}h z>Ft)ny>317STGV>e*LMbx8cmiO@@<}tb^l$Eo6+n{5W%1_ltk*w#RXYuKj$d=NYwx z$99me?Q8j)tkKEI7rQCH64%K)DKEDCpwM(Eh`=V}f`mq?M$}!VnUhVSM~Bt|I$0os zblhO~Jn2t?5|t?zLq%CxSnK`{$Js%79r%X(XCE90c$`&algL_F}xml{nTC`R!Uf^Gj7MM*N9va3>?Dkp1@a zoIq9Hk;-oa#z&-;W%mP13!|g@UL@qLjbp^KrF)5Rm-q(G7d%2P86=>6H(uM!c=33w zWr|X~6Q~h!-@XPHgnD$v|Fz|WYnK<)^xu2U!AN`wL@3#uEHDCkJR~hXT;EWPR^$1o zH9#Rzp!AK~fZ?O9BBLN~;UI0~)Qgo_oZu6Q;#h}AYoj?AlUpRD$f$non|bO%lOsQ# zJV1!Kxm}g8K13*5t>@LwY2U9aVtvHU?Gi@3bXK`eFfek}&0u=$M{kg&s3|fzd4Eo9 zu`)-3mxOeD^m#d&n8ppW=_g?+8zjrCB|TFQ?*@AJolHk(Z=geL%ehMAo`E^fBN`?{ zIqS|cIhjMwu)f+Kc@t~iHI6t{Z&s@R2ffXo@EcqGH_NVqs7qiH`YY45n6_&jp>3UhL|S~U*NJEd0J%mA+s zSy>Wu&)6_2`cV*$*@U7!DB-PR+B!P=YpDB0K9+1fCxzkPUJN?aUW zy+HeT+lCkczm)M%WapsZi29S)*w!(y%W1$?8v<>ZSf4yCALO+zm648=xgd?*FMrye zd=Mm{816k&$wHx{AFl-A%751-bjCgS0O`a!dG_`K9&T=Zkf=p?nr!sECP;HkIE6S< z?Gr!MT)hl~=2*3TuYpn#&EW^H#?fazDA_;c=&0tiHF20)N!ks0iI4;}7-5+-5?i-a6HaS-{_Q;4GA{Ga0 zW4Hff4WC_advFwQhv^}U3}BNTNiKw9=79+Hs$7~9@#jLX#6hzAcuF4pumzYgoJywKSW>8XPhDqEDfYPD!98(h5e z()*G;N?3w7#5rL`;>aWFa;Zy|dzVB6B&Ipx8V`(>JiTzW6!F z$i>o`lxLtRe&2Fh57;BMknu}^tqN>;XJ9WErV$r|m65AW`jwS5NtsjR^L1cValZiP zRs{tG;6(y)%{54@9$3yDFYTCHp4i&jEdt z?5A^!s*df*(SXt1!R2VSWS)7LIF{k3iwthIj zR{%Y4%)~Z}(-Qwl=bYA7Hdz_Vq)xboWx%II?x4sFFA+{j-!d-)jYh%{Cdo05C{>o5 zT(;?(FB#gaTFpIWxET-lRXF#Rau#yqHN@+mkRb2HJRb6M_3XHjnXiKDVOrw#!8pu| zy1=kF6Iq6iv+>IP=ug>1*6^g*BC;1#waOvdl{F5Vlh`~Nw;Q~Brm*vaVG+a3`k@hc z^d|EW>9#($N>#QW#@c)uV>vPXHOVFGfQ0AruTUEw`d`1t?7n1Yr#;v>z_e2i*;r(d zSrrPku{o0Tq!{1P&o6AqWbhf;1vXNp~ZnG)RY(2uOG50qO4U z?(RI_Iy3XU;&jgxRFWR0>Xv?>!d zFBu%v?trK98Ls>9z;%-3x;{n$-Og@Pz!j3kc{U5n{OO?=ZC794ou-tNh^?0BzL=Sp zhr@Y>fzWVhun$R0(_(pxyC3A<1j%8(ib#K!o|-y64nl9j^=IY}DI2RE*Qkw9 zd`6J{apn+(13V@By^~5X+{9ok4#CQ2zH_25^Zv|c1h9w$?Z?Q)&#tar zO_tCedDlahC#{YsVo4!Mb0q&~U}!CL#vk+l#IiXe93UbEO51WSTl774P(A^@g2xLo z=i9&7*srli9iM(FUjh*2>j>s6o@xmsC#$=523;-kdl5{a z@71Yyug>v>p$D7MFb_jxv0QP+;|CPiX$8soh<+f_9~c3|VfK4k-HopyoYq{t49sgk zp(pO~tK?gQteN+X`;W0H`*3YGD+B2B-KcGgC9SWZPLE^cIhEsv32u$2}?!d3Shi(4L@^O{-PU zN5DFD>Z|?KyYbAN@EZL_^&ePOZJ(rD2-UU5-_9R*esxZ#Xwmyl({X`e5pzpb^-H_{ z{#1yN&)c|3K$UGqe$eOGycY;w;2e&;R4(RA-LJ@TntJL~Go_u)ju#!E6O}Yr9_1|Y zN?o{K>}QZuRb8E{Yx^BW#wj->+yUw)>ZrN&`YQ--)6#yLLLT;HXsZgpCP5yJtle1& zK_187VH|gtc7UsnXEqDeYzb0FZ?>jDNd)ka6%Zl}k`&EEvG~J)qvicYfVQ`Q?Vs?# z!mAlT0oz8T^P@Ma8~)hMp%p-$+zjU~n~+mnibB402f6X;#Ia&%$+yVJ$}S2dMgesjm#aC{$6<4}f8z1M!@3X-h%TEvIKrK0IY@YMCk*DtwGUr6~n zb~Wa#QrWpe-S=svwW>AsAU(jz7_(>5lA&`Biq6+}tPbN)o(s@h`w`Uh-S85hU3+Dj zYBmMpL3cDAGxLwVZhVcpG(AxP$eHNT4PA1SawIq^JvKs(8Ah>OeP4DSt9iN=sVKU$ zqoP!3^f)3dqa2tgL2kH}ek<39H6{JQ8T83lCpu%4X1dAx79kA|=+ByDP{l_qH!Vi# z6!FA6IrE#c-LM71gHveP%*L(AtvFJ##f^t2-t+g3ZszGHB>yTZ*`qFvni3W=5j=$ih zA!fxL2L;o3%6rf*BYlSkUy#gA&(VAMViqCkdAY!(`+$u$SIU<#>M6FIki_EjW_xP|p@m?r>I zOH&=5fWP7E>$txj?P1dV2{Nw`em~O~bgXcCdSdJ7=voRsgw1|p6HzD zhg4W)9TEVQ?>C_j5fEuVSYZ?pQ2l%x1DexE$^>8zKg+y|DmSk^RXJ?lbU!F$1@OW0 zFb2Z^1=NU{KQ$NE+(0rqH2U?gmQE}JaxaSE#dt8uPTwGiHoe_{%3ilMb8aTbssQWGKdantjy!>sQ3l=)9^-^gVT* zq$#_Z*;-RxdHF2bxR4IOmASUf)t}hvQ%c7S4+4R|yr@UuOzl{?yoTDnV_|`zrs`@k zk%dEtop{x+H3QJn2X#ZwdHl~<@}}W{Zg@ym2go6^94){g`lY;P4~IP@2LJ;TkLyuy zSUwo&JS8xA1%pT9sH#dR_w%%*W0(n|pFM-wsnKnF{Futnuqz3D%hsz=8-B;~?(sX% zMlmC+te6I}{e}{rUyJ$c2i~=s3?Jj~n>+GzPQAZp)&RjHIoF?{3h!-)fhN@rP&54eNCeYMiWSCx%9OgK4 zRz~Y}Q*>m!7XJ(zkv~1X5 zCo+C~A^aUn3;`PzHYM=!ILP}09~t=p0Icl(OBEHC;EmnZ`ucq+?+ax&Te!ybK&@2c z&TXEKHt0lgtG*xirTa9W5F6|4zkr2B0!V-c&!xFnU>KVDt4gi#?^0b*(9i{v@psj# z1yvg&;*JSu>X-3&Y@X57)Exfi046|)Xa`lR&1rWx-1Y5+F380*4?NX%$Jzd)WPEBTy9QF9O*bpo=jm4-C;-!JzTSt;xFK_aSQn3q1 z9PSDvEkfJqYm>4Rz;G)dm480fyamY=FhY&|-7Vps0PKN{QRL`ztHjCud3ZMW{$USE zOw6R`#cc{5UES%GD2%a%Lzi46N=aq9i7T?BCXUL2)gRL4<+1IQ-@L9rqv=6 zM9*!?ipJEGe#z#652#29I_^Y2~3{>60z}j#fJ=Juy zOR?3a)EU1hAHH;*VDfrVJr@T}={pYIYhnzdmY&^bVI9^(iEiqSbrz!%KIX*=!9Wwn zKsc1bWh6E@R06D7{=+jre&(v^3xy zgFeU(Ah(4nNH+FOaHFCD^_g)eU;6k!r~$fC>B_yu`oSpy?n#Hw{>&KS9_*C+-v$&< zHl$O%X)t|Y%3@BAxH!<)3ck(s^t?WHTRZZ)VYKP#rZ6QA2#a`vt_^ezGuV14k2yZP zLUd4yov+2mz@quetsfLQ!lZl9-=W}BYMo}wf1?Tq-3e#7E8ZE*mw9*o^X8|u zu}GBymX@I*Z{ef*Jg7pZ6nN?{TxddwwLj%EwP942>~vE5YvjTS@zwsKB2Ss?+d}(> zyzIv5NYd6EISDIq-!AYhdU}dV0~?3w!qg2<_Y4mWYs;Ie9FtaOr47qXoiT2&+8XwG zb}diHDVO_?zMZovQg$$kpyRI5p>44G30PB*a3!a&T0cH$b0lukzIf>pID*x~p&}vu zumUustq6&9l5aR9T)5!4KY?|~7U)#f*Y_qzTj1L*%*tJYLp1HD0XUBl)`#0VDoO%D z(VF8o;#{5C+RGmQg_&pDxQK@r;^5i*Y$N2XP`mp0c&}TC0yu65Pl;1wGW$nIJ1+Gy z2W>fbPWMMZ^xeQ7aB0Jnis=L+bO1^I1j8U^=9aOs==>)dcNzp@^WS;N!5m)NV(3p9 zvPe*(`$-$nU6I9>_9>FMVW^mU@_MNk9W-hw)x7Q-HD_i?89MwjCgc$Duc@{%$18wp z=vM<5Q_70B9=*C_MmFLdhUipKh!&RJHJ+e1j*sGSp${*_BFO{tgh4f*n2V7;Wj1s7 z-jg$eoY)6Zz47+3ROtU<(TEFMdY2Zp`hf_5%mVaY~8h_ROy~BIyv}n}3Pmi>b zR=X;`5-~H#Gd|UP2^u5dqaXv*{cPwfe3*WA>uTUq&`Zhl>=3et<$gi*a!r zZ?J(b;>%ZbK_yHgm7$~~QkbyOh1@NK<8&)cm+tiR?rzX0MTolyEAF@SX$4UT+{eID zdz*87`gz9sJl4J` z%l>R3D!y5jpB$^rY2xP3nsqCRyHsVRZO{4wc`)z8DFSJJKL>M{7GLS6u=NeWuyQ6W7K;-=;9|95T30@m>&rY>9qOY~s?yB$DMW}1Y=37c-7m;=Ab;qwZR1j3yJik9cttXB)6P(V0rIYJ z1KJ}rS?ZpV*tTBP9JmcGEG&?5VTi*06a->H@zY$sZ1D4j&Z41_@IQ|a0vo9ruH4en zuR`TgcC%Jr5{L0LXNmb@#RYr5OB#>$3%2Hd-^Zjd5xGi91M#Hk zG-a3&igcd2)T5Pj7p|((*U1?bMQ0Lem=q-JW^|5<=#Gz0)6)yknkphgJ@)1-Q4UH$ zMLMoPp^7cdI$1#06UX@=PYU7>-qSw40-nu5dA4864j$|5`$}F({xJz1(*Vx_nUX}S z!xE(Nz4yvg*C0i1bD=K_r`J3?PJ1N%zmXrnfigU^+vCdaiucBF=(f!hDoQ z21j%t=e^vWW5~)0H-`ZlN6K<1k+}jowI)+FR!pp{)Os2Y20~}z{{44|a=n3f1f6en zbT(?-ZDwrbq5Gb$*e6hl{|d?)&>G{Wjhood;|YmeD&f|iKc`^ZPYx(dPt{%9HW7YYXVMt;US&1v06wR5TSE*Oa`E@Ycjo43KNALbNqb|*bj7z%*{ftrvi=Im_WOIiz;NJ*c5%XPJX(eLg}YeTqty# z@u)R2a%G`BK&D$$qUp(sqE~^@)+{Z{CWe|;mjX*RhBNW>WN%tZqSz1mk0yN%fPLV( z9}!z!fpxCy!CUd~Q#S;K@Ttmtef;&jw@*iOg7QS%6A~B`I>>-v((WwA8UL!gT&(9^ zEjFmT=dT;9=jCGaAdQV_%sSsQd-`0DM8HAV3Me@?mj@D=B-4W&JN*I?W25Qn%aos@ zjuRveq@&(}6DRp=8%w#|hj)p-dh}f;ELPc5s`dt`gkfjMhR+lko-$=Jc` zz2s!G55h!A|A_CmSH+4>VrrV)JIks$%(SFV^2EbyjUR#sIp(9=6i)i%#G(G8E7W24xN zL01wKD<&s<`wUTN^zh1suDt zKUeQgb!zVs=>ySX&J&3QIpLj7%Yo?CM$|F>{q3&$>9NsmfoaDLBSAc5OtpTxgoU)O zRWq%rb9A!}P%C_(`_B2Go!CTJQhai4t&QL*Sg))(?3Ik2?iPe|83HOnM@OgBjnZTa z4Y1^PI7Wzue*E|mJv2a1xzVjr4_{~(LEGMX0|1%s?PtJf`Dcy$`=(&yxQvXi0Wug4 z)6>&NO5FaUIywwkIFwoHx&Ijw{2Cu0f3zm8_u>vC#pV?S8z_3foMR>!=4vd07?j*5 zpRw4dEaOBxiFc$@H#cXTFc$AQFUa^RSe+holPnbI7;J&bG^Lszc%Ho=1CQkE4{fTA zXDGf+z|I3T&G?XY_z@1En^982dqSHFto4ZzZSBP5WDhsD_J^jI{W{}zRj_+I9~z=g zkf&n;*ZB4i+YG{^QaZbTXnKP~_TK}zb7!70k0O^)K08CKJI~|Kx^12l-IYQNE?H1T z>PCs?p-Xw)T6%jN1w2PPGT{^}qsBLZmDN?l&7ZZ@wDn0J1O=tU5 z9m~LVqPx2r+8uDVoBHaCBp0BCz0uXG4~Pgsc??XpXc+#W!4Fv0??_zo!<=)iL8m~a zz(5(+ERjOuKe>Sv7zvc)sl3ty}Ra zDW1*%?;0vFg^bMXI2fhp<;CskJT$lB`=?!UkaHtJl=s|I_?;2E11O?Rn55kkY_&x{iT0F+IIK+d^R=UIR9qXj#Q5_lBR( z!-c;PgSD-xg$1$oZ6LoifQK?3HUBgotQQ*G+}fVPT8A^{(&h#IQ*astx^``E#bYGe zX5=FBiI5Noeo*S7fywNXIANhR`=vG98cGl`w<)Ss!8*TT}LU@r?q|& zJ{dt_Ji^`-?#Xk1i#=XA6PmjoaU~TEOmbMYH+}|E6SuDynw~wQ-m-nqC^LMb+MVdf z@=8mU4kf>xTwq>*fnju`!p6}UD(ce@g~uWyHE76;UmSET91xbP5uIg^kB{dB5|Ysw z2Sz+7rzjGQ)6EbhpY`TVPEJ{kJ8}gER1}YII__6dgVUTy-Y3w*0>gT-Dp65U*F@64 zcV)XRc?r?>`sR#;-^25K-)dgK^`)&%3in;5-TwLn*w(GCE)wv>#>URLQ8mMkT=4FG z_JOby9Nq`n{Ni-hE1WRM$jFqM8yX0#!NVYczGuqJU@&(91l5#|04v~;cyDN(8+M|; zp&|7UuqmkELZ{aa8O!_Y*S+=i?}*5R^>rhi!)X#Z@7w`-x!TrN$L`oVdg{#CORY}Bw)NLeZ68`f1eK|9rZ-VzxTb%*9Nh&4^lysGcz*s@(q{F zl!OE81!66fv3pUvKc6og2?*SECP&o@I3Bm560jHXISg+8>zDfrA;Yb$5MMs;Z<=AB z`S|qgs?wQ?{<9cZq{@F~oHG@qz@-B*R@l(eN=nVAUe_39-P+&&h>hh&%W2XIry|qP zUm1;>LP8)qo~|HKbp<~|=q`wsgR(GcPXNW(W#&oFMfkhM?tfHM&~~c7>niAt7lLdY zDLDchp8BH+{@{s%HNbUxNT6=`(z~x$ib+#fSy9y%-l(Gjlw}qO(jyNFP#ssN)_y$5=enz9TADT=ohk?nSgP{*$}^bcc9C@)v;R3>)Tkcsqc?I}ddC zi_j4U;0rzWeIsljzc!>D%eQ=qet5FVDuAkT964DR>h|G69#1)*Y(<}N;>!F~2o=2W zhw#3i_&?lt{=vQ$9iLxZBp1REm6atvV!wRl3h3&CGED?X7T*vQJ|)XrdY7roa;)dr zh7626boXK!-92>V$Vuco+#S<+QIKd%2L>U3tE2z1K4;FLZQy>FC#j$_@=8NXLq(jB zRcF6Pv(RC;f(DtfzJ^Ae8zIAU-M*T)WvCF;kYVrsoWMX8LH@~3#%Z^J<7GeF^$+iV z;!00F0inOYTkQX1C-kb}KSIBuahXoBB_+1l&_sLu_^jdsH{iqc_sc0Lo0*wOO8U5Q zJ^;;auw(VS;I^)W{$-Pv$e9gJH^*ZniXi&*pzW2EV@hK;jqb1*D7pO!l2iQOg}k;v zaD@g`{Xok5^D7~e*Gp)n8ZtcAkn9BAshYR(d3O6tV<-W&;r8|I5@e!@ncE*H*Z;Mf z{#-XN-amyvC{5w$fH0JkyK_wLEDve(gr9CR5Sz>MGNaznQra6w731B6%5c@BWV5FI zgI5>-uUPo=W7$^!N5a9Y$jRB=%c~hgJb(d{lr)g3CIp7>!or^uyP&RLDI>imom2Y{ zHSYge=-(7^InjR7j<>;Mu8<|=%@8a9^AjAO|NSZCvNb?|Zf5@Se@rbtO2gAwm;tn( z;q?>AQ?j5->eD}dJ^>-0-wvmrJf@|e)Ej;7&Rh#(Ui^uFfWtgP6+(1{%OhI_%_v=2 zNENWoIDL&w)f)2jfH^`KZ?WySZ{OTEw<}sTXN%*+I zfvy#R`>M-Pef9HYy2{xf3eG!vN5uh_MUQ*YitGw1()ltP*tMfIBfNKpTeJds`|1)0 z)a2(E4$a1HcYZ0Bf%V$dFyzJ(8K}N#;k4(i{{crjbWN$zGOu8U_1GHX}TVSP0w zOUo>SY^81|?3?HyuUplYM0K6fK| z!9)RHTqYux+3!K<$jDmaA{YnIG{#nwa_}-i2QWL<84S<;AJAD>RK!ebyuYqBYH(La zzTlmqu|kgr0)D(Pm(j5PU8<|tzsjz!H#1o`di==q z1^8l!t0>=k`TSXSiiPyeJGYBA*LU*kkcs>jT@6)DRRW2t(<8g|$kdfm_9h2hw0{Wc z1{pS`Pd?{CmM4$+eO|`R#caaFJN{Sq3wdU1SY9?(bx3yWsA=kcyLPQxDZ-}sZgh7s zi@Lo@+))J0miI4w3|A*b3bOGc3;FX&oa|9Ue1$Zgba64M%<5|6ZtKwnu{RE?e+JFz zUe=+|&6$)DakCz!61+8v9DNNcD3K4#6ZbCr%jC(% z#U5YfPdX`DFhs`Fk@N8~nk%XWHF-yW{j1OIJ=v{^s6y1v}3;TzHZ;Ey@AY`K? zym?#mJ9Ngy@KiJJs%7nZY)%nN509NpNl}(pSbZiue3lTD?_@C1op})P{hiAf?nqhj z?@d2-MU+0eZow@Ejst~}C{W=$`@%%s;bp7;TV9Htly2cdO$Z+BzwKwBi(UkU>-0S% zw(BY^6GbP)-pA}LONM(x9Aeu}9#`Y;ij&IxUZMbw|Mh*N^J$5#t5ykVZas@x)XmJA zOan$@K~Fqb7DyXc9%FwP&kURL>$FlFxWRbCIIaH0TV2g81X4Pv!Q={IK;M4NHPEcR z+(Mz*N%Zi1U3~VKpl(|l-Ve#j#=)}W2SEUvLF8=K}aCFx75Vs)g4 zU5ECeNgf2D^6{)ka#U>&Eok4BCrp&;7m#p?zp#wMDz3so?WQ5)~g579{O3?$d>cIx1OS#hXcmQK7<(#s~nV-dm; zj(ar83PFoGM8e7M5IFitKF+XPJg`Zpe}t;3v3y0owDs&_Y8GhyWM-&^%1h{mGt7`H zsD85On;?*yD>QMC+TJ`$wX}v$lbk8Cg-1YHv54;N^LL1XsR``_o~v;nH8^-dUt^x5QN80{#E zV6S7msjCbn;R&-$TL0d&Ct|A@vR?_tXW1QruZ+$@XyY7FBc(;4E6YXn9!!kA|E!@- zUwa8ni;S+$>T@(Pd*eu@+5p}9}NiQvlIQw&kRi{8n=JvLKs-7SqTl!Hb1CKFgSVL@`UUse6D%W$O7?tg zW7oI~)YokHe5U4>tsHEL^Md_f>n8fYPQEKsrn+$nt7ubEUS6KTZ)8klRyA0y}Dd(YlqJZY&SSgv01qb4=HgtF6U(sT@%zgo+3|JT@%5!9{WWbSR~&M=_hi z#^R~j)Ch;s`Gc8Vr>=^P1NXE|)dTRWW)xL)T%^A`yO7z~DM)qOFEa3z!md2Y`!-Yd zm*%1MVq^=)vesH{$?A+t0y=}Kp8gJ;M%vSizFX@pEBP3NZOm%hIbzdk@3A7NRlG}_ z)K4OGUiwi5f3-7dIj)V*Tjjdj+>mSBVcd$q>J4_qwnnwvq;1=+5m$%G>5kXeH{Sk? zFL;sW^ESJMHI<6B9n$*>|C_@mfxElVt>0NC13)%(#+)$S~fQMwKU20b6dn;0$^ zjGw(a7brXUNws6UhR0;LJVl6T`8tLWkxL8jE^nIUUVA_k1wzxnURjkt-618&1^cOZ zi_+;Kb$sD*9`*3vZao#(D=b$2y}Y9^hWna>gIxy!vxC{5yB6K6)_uW3;)dEC?=f75 zc2K)1*u0iYZTZ8}3YxnuV0pBX=v!*NW~kU&uE>*DD{DCw->a&zzJokAR9qFNK&YH7 zW^B$ae|k5vPhp9YCl2UhH#dHqpcQ+5c)8-KqTx!iGc+1boS*{&qFk9Z*2aRbW ziChE|P2~Z}x=>#CQ_V#&s`mF1)o#@j#k)B~imB6FOltF!jT@V)imR>@RfO9gZ(`$= z=0)xGP7G)Na4oSxOxv4d4Rg89=X~`s2;4i_?Xiza5O^JQ?V6W(!55$H@Rf;EYMll; zpHen1-m)qp+Ri6Fg-4qz)@n-&E3zh+W-l^@@<`Sx4Q2^SUSn>wv^l9zNaNjOZ@+YE zxyxt!>7}efc6wR9V;WPVaaYa3tCbArajv0)0M7A=MZB^!F-sgu`+XDV=?6w)t%iC= zk|NyaKIkUQS3RC?8%(;v%a$~MFePxec6#Z`$jX)HDT{f9`6u)uDx<@r*E&#`KJd`u zx+t7{BZVU38KxeOL^6RVo|}Y>IApW}`3ixB6o|VLSGanf?+tfoE%u+I8c^<%ifavP zMW)YKx}M@LY>p75fW^w6d#O-8q;DeLa$H+SC&r2HOj|P!dOuBaT99$<>tNJDCmqZe zih%I|8h|idcx{USYI$(fXoh@>k;!%U`}d~~R_04`r;n*M`ZxPfp=_m9%1^Q-el8II zOx4SNDf;k%5jNPDWTXik#{><^FbVufF=^D4)2a8pKyRRvRif$F`UB}C)U1#-Fj5s$ zbht0TiR@oVWBsHz-rslZ&a$Zd2v@l%)|2b>&{4y9XX1@n2SFvKPx+;65Kj|YN}Ha0 zhFyX(FIQ}1CTP_=Inxrd*ZT-?&cPOE?5r(9n6YBoa+13^G0P&4a zSdi6}Sjo!3pwpc=*A_$qhZyFNSKTy<&o|;(bGrVU%Gn^7))J0}=Ud|2&P*c0T15sk}iG zd`uAx*ZSrbf%RSHxry77ETgCpwW^Z+m+0j`-OSsq(W0U#8OwY^HWHsU=NRkhBd0%Z z)RymY@M_uOB9Z4Z1NQZ^inM0=DyJpt6V0o|kAB@gq(B&4S4uFncTle?{4}@My71UH zr-?4Wg*BZLSrRk5eE229K%Un4y7Yuj5I($;6V0{q(!Jwak?aC;`{K{#ySh{4R7pg~ zCgW_Mw(Y#n;dP4#vv zc)p4Q&sSgPQn*TYQ^jKry*Cwbsp@pvF2M+ znH!Azs1J&48CE1q+NW=OwvcXxp@Ull~SQ+h@OiWdH7J=kRM4GiGa^VotJ8 zWJE1NU8wb`e7A#-ihjN!{mMtl+P&e54p&w#F-eTN&%e?s(yHUBdigqpG^Olz9Z9dv zYApWf(wHioSbOZJuHEEN2B7g$B|DpA`I1^!QO-dV+mN;+SFV1O5@pY1^PE-a;k#Fj z4VNn|MNX}rbN^+EY3zxKi$2!y1>Jbj2ixJrAkY9ON1R)49!4+xO#}51>8uZ3KcCwW z`Ako1Fp8AM&~^g%$f8S@Qyk>CODE83CJy9pI&j7ATN2g;WfwQVYviy zQl0)M#RK1{LiiL-{a-00Ig7@o^zK=-=$7T@UtsOZV#*>~-Oq&||!luenBZ zyGi;Y++mzQVn60IDK0Xa(~XrEXIRg92sO>=g$oFo=%W6E1cUAcLb*|Jn@2ZIL z)pb#=c!bJnjD32&o#$h@o9bUoDWtf&q>mvw=UQ)OFy2m)r6iEq8$6^R!K=)*gx=Y= z6^^SUY++{?8b3{ony}HeH?{$vzsCP{@q>ej|7-C90zL>#+3*kXkKfI=f0nMf*40;* z_?5vg)oLpt=F%?qrwO{3xd_uC3WZB5csP_IK@#RUn^=rHV$@UjEm7u*xWC5r$MO46 zo5-0jYp6ZcP_VN0_zNB^GGK@X1qGMp>i*ceddYq3nRh1HRUArP;YlOzeM3FfpX>wv zACAfb2JVh8XXEZe?moDjI&G;ra&E+g8W79@gyxUt67aL6{45Jza@~KqTsK{R#WbyZH8z$ao~5om_@tOGuJz480VeK4eAR z=Uhtv7tt?SIS8?bUf2eTSSa4sC6QLoN z*(EkuanE*4MiDp3$za@SCB@O7#A2YrxO~PhwRocs)fCLTpok$_(ZU0Y6IYfoxQ;HPQA8}*1o}TH!c5VA@&bUTv3J1i}r^NBO!YVNpvTgtSd@tO;qt-Vx4U! z+h2GX^K6kPviOl&C+GsU=i4Bz)HkDm6Th=-)Cz`8BUj3ugw7)ePM_6US{5EM)WgSB zKpv=kV5Fx*&7M@R6~C&Z)i7i$J7~gta(9MwFnf$7!BT9atd=8x`3*nMo3V6597>yL ze}U56y5OOPtezGg97>$7x(^}_S=u5v)WP4QX+{sqkvTuxanB9>3I0e1 z7me#!GO9dzjm|f*n+n07d<(smpWrws?`nZ1#D~3FFiuE&fRHgjB-mdgJD5s+pdmIA zgO?jB-(Q3B=6?_~#sY1-CYkSjk zUhMd1xhoB~)h)x?I6-05iyww6(l9wKS(wn0%KKJjT~clw*teVbwDExj=Q z7@(?uoORVyC8fBm(QSRh!*(EV|F1pnJO-p&pfso|D8TICt|uU5ax`0bES5t#jh;mt zyt3)YuxJY^7NVZ^&gfb7h!G+(5oc5_+@EU&z3qW7gM3-XI|9V7n+uZdc1!(}pJ&ud z6zeVHzj_nhPSQ(#AjTOLu@F#Cu`uZWt*1DDqGpVj>)1E1XiBqn#L>Qn!m-msT)d^* zJ|M7dZ1nVVNR0IihlHyAjqpuY3$}!fhgzkj!^t#+ApP}45w~%W(ebq4y{+WzSE`H} z26KtggD%t?TLzzzeFaa04`0iEet4g=d3Vl==dibez$nMZ%3%CXW5e<0a(bDkRs&m_ zM*OYlvHtI@+_`o>#8v3(MnTF@pg^rdPBov!=NWl<_D?~}*{Ujv-1&~>=&K=m$>C9c zoi$@rhdmOrlH@5;7NIX+et&-L8;jP7c}3Zq-Igdh|A;_snUGJ?WQQhX42t=SzBDyO z@(Fz`z9c+Uq-DC}7ael!d37+Zr=QLjImO~ZKKrCIj-R2goLr?cmj6J1`XaNB7-e~( z$?=+xzR8%NdPlAa)xl}Z&R`Wy-59qPUl}=Tx@zK1ZT#lmR1WgW3`K`W9E9S44#S~| zb;hpi>H;M04tz=}gtm<#2RlfIi6J*bVvJ!97+bn`tIVrA}?hf^gV#!2~U zMGSK$BzOCD@@?vUi;gmQcSu-H<*98ZnFhaG+{#Iv5Q=Tn>M$Fqps}67HoC9h!k{=J zQ6!?Chm0vvLN%fCV^|;qA*=!9GPYW?7j-=6Hhq<1kyfNkz?IkVWF3{&W3T^5Q2O7J zNVT6@=mK3WMUG{`{)#NS*{y*A7E>M9habM*Gz@%IdbBwTody$P)Osh7(Ru6E_6jGJ7$@gH>(ogfWfj+uwz(33Ad{%tJ;o3{6BR~* zF0rchm+$MY50%@O?0hJsd}x!Ko!$8an{bL`S;=A|CIP7i(e*7evFdfOdUvSDE!L4O zFIDIRq!g6-g+>@S^N@u_y|P@lx1^{`y!T2kQnewqCo-IG+WT%Wbrt~&Bw=!u<1(%F zntr`)gEWbBXCs3H6 z&c}UvI?`Nfp!I0xi)e=9%xb|r2zaG0;3$`#hM<@|!`sSZJ>O8HT$xsFRxp&!maKDp z-l*F5401*BKQx{7lBtpmr!W36Uf&|NV$x}>X`R)Z5XdJ`nlfle(XKo?kRvXt8Gj4u zXyx3RP`srw^=)#PiHg1b)0m>Dr6?V?%2084*sNuzjm=T&C3QXFH@B}Hu&mikj54-; z&C#;3UYnF(HGKSJRY|TazWgOgNoi&63zR;#LG=RJ^Q#XD)pqXFw$~*WfJPoAn6$c@{^jg@aeohr2VFv2z)n z`f`H5HhQ*rP+|^N8dJY?W;p9vjrTJPEHcc#T3dI$D|2;)FJg+k*HQNT;6<#cum2iW-K*@J!`YV+{tXfOS^FqhYTqSofNc$3YZVW zViS38+Grp7%4A2I(tG3dlha}(H+m31XS9q8xk^|?Ncc1G>Vs$0)axz}2NoEh<5^Gd zFCcfx?cD>TKch}?7=4%T1W|(uf>5nl7xZ6^DN4M~v4!5cc@xlF(C>odG8I5KlcbPa z&j)au&KiJV((W>M6c73ph%MJZ#nUvm#lgkZ^bqV@sq2mmMf)^L003(TK z_EJ@KjjUH_cWum&)ijLPGF^+5#`qfg(AOU?v_Im6qRi^=Uc{X<&hoEbbrB)K)l>cw zd@&a}f=8>$1&7DFtG)eu5Qt;wydTJ(X=Ni6;I`RL%rlJOHU;~+z2t)}l70^ha7;78 z^JP-ZPtD4bUgQ}E4qbL76|co>nU;00o1gJJhvqY6zjA!&wQ*_rCc}vI*eeKsXq%tY zsM6H|EUw72pR3i-ckgY2yZZY24~))_|JL?I&$g@a;eqC+8v=N&bLe4e(?;{yuTBEzJW*tNtd7VMF;vN~kV;$zgZ*yVEc2JVL|gI3S!vOLAFde`iN z0VJ}xcrYgzUl3Dbc~3`_iUJ`%{iYyIdv3Kp_oe6qBVWWX_`#YK{m{ z7t6pE=Esj;^0vqO#)^Gqpj^jG5m>L-@4>D$-L@(d<83<@5#E9?SpVJggmz1D%%B## zq^4tgA?W$@=lO#*BNbU7zF^H4mew5g za45Jff`OUY^a!`h0_tV)zFrG71fAu+*z>I?$DR znFl=0R;og&m3!KJT$9$1mHv%mE;e|A*1w+MyAvJTZ+*r8e0>Z9$iA-+!47R5jsPm6s>R&6(%F2!PKwj}qwq2k>=RyCpKHqlt_ zf0?$_r2j=#e?^Z0>;M{@01v9ygI=)W7Knw#D@%)ud9)0y)U4MI2u5>t0wM|k5EvZI zOLaR8EHP`n!*`blpmrr6a7!{#-fdly2Vr_rMy3c<%D$v{U-9;SAZx~p({a(-UA>1Ca(q~caDc^$+g+m3p*d`Dg z_CX~=@4$vZ!HhO2c7>drSYifR_ngH6U=OpDGEC$PVlJyCC!U}~Ad!`tn!0sRYC6X< z@~K)}IVnBe!i4}fg4@aI=2of+IbyocN=GN`=*=C-E8CRlFuoo`$n?K0`o?k9a1`W- z$}JPZA-E#A9^s-f*U@}Mf=eUu1vr$jn|A3#fEZzYy<@UJS0~4yI=Dm-E(RLyH4csk z*0L+3Wr_}rt&ojKbjEMo-2dy;09BfQxZOLlFpLLB^SxsXSV7iKYm@o9Ug< zhn~0>-w$ zKiZadYky-(_Mz#|n3&2WBEkCcKSO5oGxQTa{gFyIjlesl^Z)l?1F(4|hn9y5q!=R= zdBiAxLOJgb2gu-}0i}S0-DLIC)sXXJ6$beWMwawIZ4CqHuuef&}XdBwCm*nAH+iml&zeQxJ=QF%w`gXYY9fP9XoH(uW3 zzKV|ieyd+?xAl($HjYm82Bhjz<+6UkF5X&@!f=KEn=bg?($fdc8PlV~sx@<*0>2n=gB+eOzd#6JI1K@Pxl7p#TIh|>|9IWW2_CLCO@(0s;D?`OR)&~_Kr z;jd6%pnDDR49M5t?-X}k^o9#J0;Kqh98sr2NcbkZ^-8Ronwoqb5BW8h=pcBakNnVn zcV~|Q1uT}d2b`R`BB$fnbjG3Z9AbK3#(>A7YNa;Qozw*}r>mizC$k;UlLqe7YA(4RKd2_N>YrQ7m;FV-Js^ldu(m3DR^=xj-X(U1yMf`s?k|6>i zEBzkt9+!k%aqUlb`tl5`)Iscr^UlAYFyoIB;*T6K9DSp;s{qrdCA^@&_|a{sp-OcR zHfLnb<-rR&9S4xrFd$1?oV@-BzMppYsOewdf9+qjpvNT;ch1iLzz1fbz&ixWp-PEG z+EoyeDFFQ~imNrLmQ`)yuvm|x+biIJq&8&dT#+id!_1sB!>$F^pd-#tOXDH*3ENg4 z@bFr1#?6(JK(VpP@Pq>&2Q7^zYmVOI_vhask;i-~eDFVf$I<6-4c+TcGrv_$m`ETc z!F%EZY5=G$LB5jRkq{Hh6cFM1eG6&NHivzHXXp~>>1j(Sm~liP=$=y6K8!Db6qBIx zX0Oy~3X+@TNF-Pfx8jiLf;mrXj`VOCkNF^Ik!e*{`y7$mDiO?V>oDe1 z<%-8^?tV0))f~E@!lBhlIe?`&$EA)bB@G)cyMK)pz2SH`jhMDlgCI!Vh|rm$3_}zQ zaQ<1BCRVP2#jMQ{&VlMXS#rJK7w@qc=}TG8^!$7a0EH~|8ET^$JfV|h?a#%Fm)9>^ zLsiz)*vKa$c#-UCmdh1^w&YQ0dI(1ReFrke`bTlsJ#Gn^4vex#ODqlN+hhLyedq>d zCB=urb;Z8)Y4`Zvc%?J? zp#jhj{nECmxJeUeP=gZ>1<5})8@lKE$Mes-!7?0@p_knLGpy3Tm;AB8biH41>O|k* z;2^k9O;)>ujEn*!?Bu){>E{1_RvkS(zJ7G2$ya4l509|&o&|iEqtrfE%lw}uJ!TQ; z-syMaBTrTgBei~dQF3=KOh6Fyyz9;$#SvgcmlgKtZ2Nb!GUMWyQ*36YQG@?2kVl7l zGCSx;&~L{)`EjmUCS|Ye#0j9xjLxfR;@%JeD{elR?Uc<7TUSJc_byXNc zA*et8!u$WV_nu)VAI5$w+Sf z@N-u|C0jREn4kYe;MQqI`M71!(N*}zCs6=u*B>aO2X7jEf|w4Ro()Z7*!|#nbi5h= zJ`BSzfevcj*a~>-F~jJQno}6&$8Sr;8f*T(C1BC^3aMERGz;kdE6|;D<;r9D<=`n~ zUw|M(URl{dfadde?g*hBgqj6#vVh^B;(q>CtMLNkY{xr+0yZQ+K>Frml6n!D9qM1O zD>g0$onya&#U9$<8rz=xnJ`#SZ+I%0s@=Dpko-FR5x(pUqkKSARE921)puX@(Fxpd z-GZ0T`!$acQ^D}h7JQ-W|5?g+a4yncfru4JrtM=mU8Tk#xuga8S*#RHovOR~4rXDw zPDh4)xB1*p!QAg$7?o?Tzt&S^jfU6?$C>}1{pS{sPgEd?%=B#_{`26%;c!<#Y)ZA# zyC>H;HvJUD^VZ-}L8pnndB^vdK!;yg7=61u4A{ED#Dr^l@}#}-&qo37C0y}01LTTU z1m0Spcnaet35duWu0Mlq3-M2u`M~#Q!m$I>oLzq%Kgdf~`gz}*X>4jb9#2TlkHWw> zZI@(tM!^9A9g{}$KX^?R6f=K$O~^O*YwWWnu9Nsgx72F_pt*AV2{ki}j!&O1!cac{ z(LYL$-TuozLO$J%mc2~^mP+t_o&_BFDXst5 z2ILZKV8t@-d_8!IcwL1TT!D63H_#bmy?OKG$&($EzYl$P9{%Fqk+-VY#`4-Nql29j z&^kDl{R~zYNPP0=g1&v~ zSgZ(75=;E$kl%OPWbY2(V{iJj`jLQRNy}1Vv*d|Urw^r-b3TRgI)@!ooeUF})yIx#-AXYM zyEC#em>+AxjXBAr9g=6_>aH_L-Nri9_cz7yF+y?$oSx;@+B-?fgQ>y}OVj)j z<|`1hL}fE2b1tqP3gi3C6rw#@65QfOU>t6R{QQlH<&Rpqmzjm%<{lq$TlkIEEoj#tK`{RjF zG5TUye>>cAT=|xf4YV&jd~^ECmqldF zdqsCKN(CzkDt30ofg8g`tG)hS(>(?4L8=cjc!!Wjbu5aIJW(nt$S_F5_sUbmI=;G} zx9?~O%E@)QpQ1+$d|t*?dU|Md#~8;ZPc%deKxzSJ9{v4cySImYa`pSq-qL9ypt5<> ze4I$(48=ksCi3n2LzRyv3M;h~d@6}Cl|@FKVkCppcLx~e81$CdjK-BnuS#t(ve*{} zUZAE))LNM38-FTJb*l?1rckv$kz*gd>BCjrE9UDH8hHyhK-=SgrBLOBKUU<@;qr(Jlr1|i1`fgWly2SOX^-tAx&yLT`x3HtIO^NQ=h_HoS>#uiK_ zdoZyzN!5Lk2)$V?W*bA6XS<1Gtc+2%t#DxXC_B$f#y*U8E^G($tVc?szW-!=qh?)i z87=j_zOLGquB7WlW{15Zq(E`u`*Q=H#Oz81%HXI>7V&op0TdVP&_13|8MD|3zm82N$+RULUL_VFua+zT`=GN`8Rn~%<6@rK%p zHET(3El%@A&WOhuDxFx|XefoUOjAR{HJz3#N=KD7G)A}97a^$g4GPkTKW_t8ZDAH0 zh3hVYAV*l(qBEXkOSpS@t`d4!3!<6^Ppbh?cIX78R+@T*oebi}M)584$ny^zIeqff zfn`}Y&tRT8?&n~Xu`CG6D{R=uL_?!GQ05HTleyV2!ci9dWJ68gO7KgE*QydACB({Z zKKY1aV8qdE_V)#Fhk~MBKx?rk8-H&pHCYr=<+#k{Ka~@IFSy3u{5s$=ih|Xe!OcxU zcoUXvTK%q95m)J{m6Q9{TolNA%lkWfoKz1aoQwz62v8H~dI=rr6kM11?k${nmMZYy zXQ1(y(s{6wkUX7uW(F(-*G8X?@@7W0HP!gwa1Yv?x7Q!66z6%p!@8?hD|c9|Do_;t zH;v*nUj_A~7k^D9LJUx);hMgf&Y8u>v8g$-5j*x%*FHO87)dQv^|MukCEulA4Yj@k z7QVBXV%S#f5N+G?&1DtfTJU_W_;*2Jk6b<>(i518X( z_xM?X%OO_%m1$*%6=wV%vMQj=&su)f>`cQDy|`tRX44)-qf_CrJJkvG`Ya%IWDX(u7eD2M$ZW(PRxR&&%&Txv^BpPhn|l76an9C7^yh#J5$^vb)h z&h|75tsf~XX(giMvrE$z3MQM7R95cQjIzDN+&<%~0&giOHku_&F56K?RQDxv-i9$G z(EOc;o(5-Ou4K2kne-YcJ1aCcCPvw%;02K1dR5= zeR`0sC90~b$~75r-y{oWo&_;?>Gt0Zz*lcbKTru$8;1`c=43OfTBi$Ss^{dwz5;ct%d zna8S=8q#dN=p$TJ;NrLTCtC{IFCoRo$E(96E$|gE)iGo@N?+oO*gb>L#0+Yl*0v9u zA)FeqKhinrFz~4pi8_#~$^*pwKNGcKHG%>pwJ_ym2ipM7s@^X3G}!XC+45>?LbI zW#6HrBh90gk9wQ^k#tCMzT1&COT@9rL3JzP)e>!_c*oK^udh>Bhw?l}kISuR?3QI1 zvhUc*2{nh;k)h+*Q?x<}4?E#|v!ArVs|5SDOl$yF(zt$ht}FZA)a;;cMp1$gIHDjo zuYZ3PC^w#r1kT6V+1Sq^%>#6joMAg(2Lx7+7Wv6Y-gByi z$2YTVXZyT>NppT=ZT#&MUR6!l2;LAzIF{^e=x#eg^@MkK%aq={#ggx`L}<$h8+~G1 zJ>M>ay%C#{R`AR4RNV9h7fDo}HJ2IH@X&J$>1tz`$%c!z1L@mra|+w7`N|CfG~f-& zkp;Gu61X%*-m7ap;|uInzbSdRzWs~uK0Hr>EORh}T#S9tXG$&$@h=R+IgVTMbj$vH zRWWVqe=N>I>3t?IO0_0{&U$6K@r*l-i1#NbwD7*fP+sGFia>D3o_)9c&yTv}doP6# zrj@xHGb^@PE_Kf@W7noD4k`6CJi8sQK3cPR8kU}iv|v1Z_OASB=3POU#T>e@Of@W_ z7!abuo3GRSX>m7Q2z~DkILYz>*@&a{r%V^`&uxsbk=DY8kn*2wZZSNu`*9 z49Pn8(hY;*Y>_d^MUEm_xf{J4X3#y*{?{ zLM`}WAcLdVlP|N$?_@1Ce3sK?!;zTRr~ZP<6nJPu1}U)J!MDCraM4B9&WV_UGwv1n zag(5~+}`Pm0J?{2Y)iMRH#bT;bV$>5Nl1``GTPorOkW>kp_c|p0UQ%wdY3l!Wh?M~ z2^ai@=qBY!FFB6TE@)a>2J?`ER1;_EJMHF6>$VWKceqOW?-TU(-~4^3nx6&kwHC2>XzgZ`?hVibK{xk1b8^~yxbExEz&xj36`0#58(iwso2bX;3)kW!ZPs`SHV zy|3mGJfBMD&)u+Chn!$ z`uZGc!{_JN10+RP7paM?ZgZ3QmRy0s>CD!fHS`&e>1anH(7l!`?<095Zfg4lZecSs zA=7o<5%i@DXiHwc#HW~xWIlt4q2d^GHkX>E%mWwKu9?G}5R6KJ#b>c}Z+ECiJ+8Lz zJD?fbS2Q+QFjwp!lV%<&xv^rAQM>_954KCfvd0;&t-8i%WAz>JK2buT1wD;ZoOuk& z{&Gso5XPN4dGhfs+W4fTDs4HVS&sQZ4`v-9N&K-~H`v;VrZIrQtJp3FS`XE!YK0Tv z9~z^)_WAQ?)B?;!@@jJ~a1ba~v=r&Yh95_X-SwqX=+WmG!?e`)9FuGhV5EuJt2ge5 zBtfn7B@F1aTfh{R^*xFHOukUAqNu1xqZkKekvpX4%hlfQ3e^{WEjz**qhxNLy=9lx zDj~5j2ELranbURQ`z=b`7Np-$0&1=PamOd;*umL-oE*{Xq`IKIDcc23EGO2i`T&N# z3AUms3f|t^k zd$H22lQYUI$yhgIYKPtBARaX|tkv^weiEC3q+e_*l5`EMdpIXK0;iz-Avc8Zh7dQA zF*XxAC#~KPYp%~0%z+QZ)|8ibhc9;X5-Cy7-7#M#ey*!(Ir@1Ko|d@fM5&&hLxbS0 z$WyTygrhdT!en~lz>tu2y;!Lz1Q0?kG(U?XW8bhm%|S>G)+s-*i$g)VsLR^ra-y!_ z+@%ZQl)=|k3+-i*%Dn7y2|%DNL`A=Q7To0zyO-a+01;(>pSTOY_pHrA^<~bEbxP}O zvKRQ?NzWiK8(HMzN6Om)ukOoX)!dflvc5n<3p4d0PspXbx#)qse7^CJu)nTt${c6SjAS7q0-zg7LN&u%M&2M+|S?>q@o~qnivbGOV&tpf*vF&tyK<6fJo%os@L*xCHgd*EJ`0r!CL8;rbtyY(=r=(~r>iC4&#H zKRjH*N&Ma|Egaifr(B(AG&}vG;V``Aph$<($x*L8twd|zAU2k~3i)-6D;0>G1Vc91IpuQeYWW^iV|n;$zZ0<&) zCrs^`tn3p-#xDw#1h}qpqeYHcrM?6o`D4%*j(Vz)YfoP=tjx@CM_dsjsNDq2K2ri_ zTg66c`ZmLehbG@)YKDO#VRR2^Tw;Pii&BDn|-AN-SrjG zDlw*85d<|`v*?m$_b{7dN?*Y7D#R5R+kuP}sI3|3=rl3kQ&UqL|Dzu*0IbBfDvgPi z6Bgh@#oYU0i~(EXb#pJ%uy^bt=8B?o#_z*%0~Nm%%t2<&x_$7C62P~;XjZHL*iECQ zJEizUo%RYAAy!{CJxLj3=cG6FTQtHIdZjK zfsRux_|t3f8#YLqM9kr=Ht=8NZMe>(2L7m-(HK6_K(|x*-R0U{4ucu%*a~iYKOu_= zhWgh`G%7AdZ~PA_D42)@W?`h(s>G`fmJ}JY z)@GeBa|T|{VsIvv%%FdWBqis>f-?4M7IX~pAq#XJZQ$Z!=>}DSi4@B59>HO*R-t+k zQ!N%jJ~DRh8IqLj?AD^1bzg3D-7I>9RkZ?WVi<5u>msNx@^m{05T|`GeRETuS!pAbXciW}>M1!m zk>rn+rar7wMw}7r{?ab`pd^j*9D9Y~&WFx22yZdxw2@eViS+JHOCauF)Tf}Jdi`mc z)99#%Eptvn!X>iCdwA`o)Sy{7d;&r}9?OLfC1Jwe(#FQ`2q%jjXt=n(^!)1rndQ>B zZ($o9esk#nxdk;R;I@=mi;;VQBVRyBeeuPq1y+e=Ov{iIE<4wPk0OhfR7f>9AnH46%G*%xDtz zEXD{za|1D2ZLdNg(;Po*-d;K&T3f@M)HUAi%kLMdw3Zg>i}6sWXPT(u6{V87W>;=# z&Q;GVd-CjRnR-uDBMWO{oN%MU%+ng8YVN?|%;so+W&0%tS{i0@n*Xw`$?%Btt+ul&ERl=(Tu1=j?oW6m`&D}m4?I6%l+DHIX+#9Eb>9e89h{m=>t4H+OYWcyt(2W|_@y2oS5))Q> zI8O5m$yt`&+`xR<`+0W=#=J9fq*wpNYQ$b6TO3Ohk?8&?axIL(s;;P4OrpN!a}eW{ z(a<)W;OiM!mPS(%pU0<0@rf#dn>8OUw%tr?Asf){Hv;E=1C1+JD}**0IXP|Gl2^PN zqEp~31F6L_*9+Egt4O1EW+`>vreby}(?P&#ct#L5TLhnKFu&d2b7O9ifpXhh=~dqC zrH2&L#UvhGP*hAeVKcG;!C>i$?xVgSS;~fV;JEnsD_&LF=_uaa*~E&m6OtowUCmTR zN%|>JHVK3^G2?xIY|ovBCkX{E6`T2wFzxT;sZ(;v)=;Y(Pj{dZWB{$g=a`O5^+0&o9C_WLwps~-5JftNPG<%O)U|dxKqPb9| z8|7klA;s956ZWZ)OgEkdVrqD0Mi}NgbOy{8-ePh>{+~?()srUR9h2L_8Z{*3>%VS zlAt&_UIiH#`D8ZyB!^g-b%|qOQZCerx9AG~3IX016EQJU)5T0;n8yJ}EM|DGvTX~j z2Wp|fW*ysBpw~ZcL+l8>j7sK{Ep+tj>S}6RP@?de2j=Ci^p$h${0kN_;NsLpy}Jh) z0cg!lN=j;wS#Z2&wWO80f#kX@9<%pQL%OK-J*2Zt`zm9yvX+cDdE~pn^svoxoM2MS zeY4C9Ira9dOiGhRL-9xjTnQFg(!Zu)&SI@+ma-e@Mkpq1vVCn?Y;`Rxg@gfw@0c@AnyjT9G(lSe(nJ{qc!MbUb1NJwYvdjEWBS^yJ_Tl7UsSeF49xX6-!kl z4Nl01!?Bp0Tz{G0eac(Mb`W=(-kcf2X#!brW@wK{Y6jPd)qZM~fo3Aah0S4E+$wn$ zVvpo>QBQ>i(s;0j^7Ua^k40XlfQN+kBqG8(#7>p_g)(uaEvGfsN1+>1Rj-8etjhd* zEpb4nyC%ncYe{wY(c=QP%qPz*sy&-%&tyHe9ca%=v!Un&IytacEEojY{V@ zY1jyv%}Q7BF3YXYlnj0{*OWc{u&06-E;0Fu!Qrs66r%Z2y|;6mNhV^w;3)Fl1p@7< zrnv-d5({PO5LTTX$M=SSUR$X58T9>HT3W8JuOpS~Lx$^yR#qyJuND&>Ku_r2J?o`$ zIo%hzKq)|=@CfQA5$g*`SIEnRID}jDFgY3)8ag>OWggR&N9x!DRTaQ~P#F1EsTlEsw8U_#&1w%idkwO`F&8$cxS$>+#XS!dv>8CV5)wu~o>6I`x-eqU z-;r;gdV1vbG&tT&IZ(3*PYiN}EmXBR$;15tOcii6MNi(tJR*%TvXjtpJ>D3beSw+7 zdPPr2$a%UV%&<6Fs1;nFu@6DSOqw2>A$Lq%&04|zOmq5uuiOrYWFZWwSIOO@vz>e% zyZ^Y0jJnQW(zDvpvmWz4Qjhar-MYJbA}3qx-Q=e}OiOICi=8o!hAyo$dKroyu7i05 z5nj)w^M_v$x+~&|1iR2?K8ZO^TSsuFi037AdW+tbh{(mrs5Eg{o~qS*45=O{KQzDE z_Gjrhv6^_SGd>fH%_M1TNYk2tj(mdG)Psz3?D_`J2yv${J^q$CIh$UhmUcrBN zw8s;cJgU%WcL~}t4V--bLzuvv<8|}584(!QbAL7ZAG81-?rU=|{`Wz)+&5YjSE}G+??-qcvPC`bS z&CD%`@F#xru?-UHv{y0#-7CS~&})pZ17DI0u0^bx(zLoT z=;)HQC*tp^n95(cxUeh%&hzS>Yjz8ASpyYrg+}7r@6H#nIYHGRPp6h=a<*Z4l6=;| zPUjpuey9ciQbXxGXh_+;INc0SQ!cqDMJClOaPhYzn$mL0@uz$vBkh0?(qxsbGMs}- zIwA*gjC}X8agscX-m_4o^~QDr|$fEo&W6AGt_%$MEd{4qkRh@IpIm zcz8He<lg373`S0BI)77HDVMns};fL zj4SJoazx~JKNk>i96JWXU|C>Hne`0>K_VNwTq%+MxLYB}7BW8;V=Q+J)f?5vK0p#& zJ|P z@P2xP@v^)ag14eqj0<{FeVs-ih7zj0LMZ$71tx#m!-zDCZWA8jv-l-q8 zgW9I@+b4H`ULKQly>gL@1A?E&c@LLIb|2&ZbcxNnsS{M-enc z2dYW}f<*j?C0ztLY)6jsChyuC8u}-?V4P9)NbTpkS)=Rc`Obxe6cq~I;X_zZz?}hf zYwxoUQ_7<8JT!}Qec*X zbKdD(#_H4tF>;!8Woe_lc>k;X9qoW;thJTUH(_Q65y@peeNvg5tth8^@~E9P!V+^z z$EJ}Xjc2!?ekR)f!;j93FPCccIIHTJk~CrkUv6Dmw~xXwg_XbVKd9FRzBi07&{lZ) z`0W!187^pyDJIm>kq1Nuvbz}98$bO8S7;JNqh_P&lDePJmm%lG;w%yn6{x+$xN^V| z!~O$|QUsKX^DQo<8_r5?9}_!h3u6kb1)wd}44{xm&{T;*s;_&=Ma{ZS_6~Mr# zx=MkKT5m=LGg+E*?i-^GtD;5-p|t(1w#Vo98=tnzpiA$|Xw1w1s`h_} zdW|fuLzdULl%qm#5YN&@1uUAv4J#fe6M-*N=3?}@aei1N#0G~zc^}F8vA72QB zCD91Yqi5eUx8D*#$ZGAeZ2LF(x9)}gs1QLQk-u|13B4#mzxYkZjI9Wuk>rPF5#&Qi zzZLS|3w1y3orHfmCb0jUj~Roy3;@CnKQ;w?|4aA&#$G>=D zw?9l!u*=KKYxN&2{fY5F?!%QmsvbSjMEkeyf&VXGLGuV^(ZC$NUw_5V=ng8ew(S^o>+uue3w8hjoZGWYchf z=9xU|OuEYq8fMIu&0+&L80ch(9?UK=(iOW?3%JPNiaY)gJHmMJE@>?0B(+;|p2@k* zl-2lC?T_g^htH3F?)K+RV12rFke)hbVR5m3JuvXVP7f_o0I^%1Y=vYTJ)tKQu^{o0 zrc%-yqy(i@s4iOq&jUf&%n3{n*@!-1EgcI9`WJR(q|1=C*-T1iI9Uw^zQP`)t|x`1(*HlF!5}KI`t% zLXLRqZQP^O4RvpowA7oO{<58b=V|w?VpSi$+VN);iF)crHZkJSbZFK>T}DCro>~7c+o4N_HFBNsNF->FCo=EH7E#W=T&40*L@M*tfZuCBCFB13I$rT^^LCVzB*0c`o(khO6)7yc zEIB4&n1iv{WvXgo-`R3c)7?>R7k<8;0(8BdA^zYefz=dHcw6mje@`8570lyH$ZNON z5maEt1a=-Up(TVO!jYhd;{ z&n^+y7WNVY{g0sUjRAP)raG`emLF1K+IVK)~T|)MFF1>+IH{43Rsu*z6 z7cVBLNp;KzQdSJm2-p-0LBH1;BV#_X_QzI~yOYxZ&Ec_i6$-qOhpW0rN9la$P)kI?BIw3G^s9V8;*{&|8RDJK|%7#Qf4#& ztmXZRvzxCRTZC2w1!Q2+kJ^9xg|!d*c$MIbV@!|J%ktXW2tRuk^RN%c_%HO4gIDa^ z>>^xleA{>J?04p0*=LPN!VO+O1}q2d+|C%^?q7f%DXZS=z^(%&zWq>#D15%= zdDG}TF9;NXgJ%bwGC%7B_ko2z3m@a<9sx`Mr6UU(`cWy*Efk38h5TP|h?r4wUZ?#c zMsgewm4@g;be8`9H-x925x-1SOFWJ8{=_78mbXld=Uh<0)u9m?9C`SM7R8>$G`CvJ zNe&vUn3*Pbj{G4}Zyjmjr#g+Eah@^Jhk85J8%^PAP6O~phN8>U8co9{K?Px1_#T^%CbEZywA660LBWk;$U|qp$|*? z7=jyEqC2G&W+PV?&G+FscMp%Lsi}g3qK7_&S66yO>pv4Nm~fa~;NnW^ zi@Kq_Qn=U;7PFHSX*P}pAM*8UcJLw&ow#JS`Wb%_@*p{xRRZbc->|vI%F0Za3l-0p z12$JxUF{q70-C2e3rH65y|tSYfIDx_^p6M(2w-^p_V!My$HGvuNI?Oxk16h?d8G=t>D&utxi6qXZ zmv@^a=%;Zn?>0RRH4fvI5?}1pDH)*a%&(CxV%9CYvB$`TvzQlo9T~R76B#y;7!Vbs z!f>6i!E+%mjS9{VcX(4r~sF6a5{*XMywFt#6B_^4E5B{RucioxMf1*ge@ zSpj+X>F!eMvBXFD+*3<$sx9;^tB!SEPp;yHDMe7|&qt5Kd2^M4A&{Ml zB)jnih@H>Cc>;TWu6Q#&ygDCM^}G}7nL}dte(q&>J+6#4i!JZ{n>U2y-5?(j@piAD z=Uwfe+sS|`x+ww*A`z_50RRMlg0q%aJ4&KeyxUd<;J3Tg#5#31oNQVPkR23(yGx*j zSGjaz_r^$r>gsQw*Dx3X7mGEQI*w*ms|u}zTidUm-c4p5mm3m_Y^&7Y=mz+$_Y==P z{1&U%L$GmNs;13Wi)Jfduit34fAB7ZSuC}qU(S~dhtErnd2vaL*F`*W{1+4mi6DtP z569*dRX2DigONRbg_fCZJs)M2ErmQN7rG!t{N>H8Ql5zrzCCOT+;rlJb;&+u$Sg{? zWXIHcnI*@?edviB99{B&O28S^WL4e~exPiuN59NK@(-Su?{zQ{IBAh6+m#Rl!AB^R z#cE?p3Mco+yO$S$8R?IVmW3{vF6bI!G#j>LkfiFZ>$%qGK zqt%!y?;A|8-f^x+^wBLNPdSU~pzGJ5;Cu|qn6uB+fv=4)YzU@eAXsHE?sj=NbGo;v0E=A!otW8PS16JtK|36X%mfAo z!p>9v55YG2Ic!00ShvV*!ml8?tf!RPzAa|jk6d}3#6VB4MTF=O$31;TLkm?%)q||} z?P1$(mFbfRz{Z#5FtjrB1#uz%&ecLJX#h>jjid)w86L$U(3UBI^M`(o1_H^A*YZ97 z-C~A`9#A~Q4(ijdL;Rvuq}8}+dEVBfCUcY1%;xkb@a#C*W3!a$LF=?7hE)EM`joxy za+w%ZXfV0*1lF@0BqXrc%`|OVtuZY;W4+YPQd{@<2N$jVkCOS$a{r+*{`TS?lopz+ zh(KwN>}I0f@$7@xSGh!(Q+j(4}Q#mDxrYOrSbllkM)U%Xhey9!)0-v z4kX~-fUA00YWC~Hj8_iF>S$OvrHTyuik0Z0m@NN*xoF96tM@cadqYhUf_y^Lp$R+Q z4|gsP@sQCmF%?6n;`9vUMlma_=5yI5<2!jcNvIg;_{VO>Lf^T{nsT z2(WB7a4IuyARU5Q;IiGwYJTP)Jh$kBUO%0E2MeqTR)$9qlH#*6<93Y_8vG7n@nSM1BJOg+ZJDS&BD-$4)6b9$1=wPiSEHpOU?C**% z$|aM@od}wUObq^nljcg~pvi8a6mQ6LP;C*kwgkd#JWuxB?)t@WfmPh1Z2xsLE&j$A zrW+O!tE?9)((_X`hsZA+bpo9W-u2-V^x0g-gHGuw896u%0A|oT)mURaSCkm&b2b+= zPS3xh;#4j9~%%pG*v& z?c}WFF{nwkT0MOl{f#sW2w2)9&5*XW?@6=SNc@q)cC30Y7dM9zjTIXSHQ&GFt3NOA zC{5@k0yy$9MY=)UurvBbCF6pitVG9( zGm*tPcK35kS|6{QJPJv#30vQy@<6kW^hcS$jx+mAm?|v4leS%_43)^JSq0ta?8Mhe zZ&}8FkC3T8Hwi)zvf*}0(YlChYUB5nrp|`?B&mYuKwMuSnsq>P^xp2%*n%4xo$-*` zofJ-pT01jF&F&j0|9E0L(B|-19n(P!ER;7DpFz9@R2N%iz^a-7!CYJ0?7jx>V0{#y z3dAZQ%X4@$tY=;Ey`d*@1HB@LE~})nFNC2c;A|_jKe$Fn4wX>oGltWmE6+5M{5F80 zxHIxgH`zSTUgw`$IDnZGGz{-IXm9X7T;D_D)SGf=CqHY%VnK-e%SLk|bZTKca&i{U zVy;jyAhnKq)}B}R-gc1)3)-wbY!pdCqvB)RWsxWu(Im51``%CtjI!Ifd!`36@@7UL z8XCUY$-Z>Y%)4aqHfcRZG2k0ShGL?DbEX&yK7g%{2h$!ual-ue*8(WT{n6_HeGbk) zY7=~G{&cCTuSd`7&*pVn|C?}S9}`Pv|C;7p2HdX_T9K_u05T3r2ne{IO^`JxT63iZ z!Njx{?|>U7B4PDjtdW|-aKSTkx8c<_J++*i*{IyjV($rR^(o$l_Yq|5U=)Ziv#4ym z@(Y|x$c zWEGMl77Jej>g4p$jN5K&4SN34l9S(&6tNi*l0(B|UF=hGpbFSQ`3zy=K=S_L#f!*k zHP9c`?~Cz7&uLW-Q$fr~Vj(2s-3m5Ah)Ylj9Ci|LN&oQ83~L5#x zpMqQuU@y+R@wL>3q5l4=j`@cDqLPvpIe%0M1J0^xiIE)h0K7N6oM||lQhEzUkq#3_ zgG_4c7dNC{Y|D$_8%D(^x8o?~5wBWZ?If#FIH$Q7y@3*|ks>(T9+N3kt|WB<eP>dRr^U~n;0uNY<3unSPzg;c>_C1I4x znz>e)QL1oD3yr<+c8D<$8P0(bR9b^5$dGQoK2%<`8Z(zx01VPwk_ku@a-idUj!IF| zE<1ftQ(}uuzbGGQ@Sz3sju!LuoBcV=eqNnc}&Bj zq70|31TMD|BsrA(`uN;eQnFp1l!*vCGwXsfYcGBGv>YE(TN!>s-CbrIl4I7%1c1+R zUlQo;5#yQE+}mzP74ckRbN0x&1xxe5v6ZVzO(IEKK#$?3o62b(<&$Udp+V2ss5p&@ zDjEwaTuPva4b9CuLb$h}lE;yn%@qDh3XfpJQzYr%wLJQJl*)7OZ+yXgcPad`uK+#p zgy}rrSOP#9nztR}9cTke0rF zHrPgG>D7ONy$A^j;b%cAFvhWm?b(AcR{bU!@a;hSJK4|t`!yC1ABkpHvcpo5v1g&u^dXdp#_U7k|sloIGz4lYc<}vNQ zP>-STTf8&|hmZK@Z1r1aS`e$`HRt@>)X@d#Q8EtmdiijspCl1 z(R*TK;ozYAHmP3{G$;6@_NO~!-i(oW3ZnY{h!@~J#JZ{^3nCwlzUfp+J9?Dm4 zfm={BPg-UoV@K?Qf1ghRgA#i=BlfK7y)t2A5`80R>Z5w1Mbz7Aw1)#S}&GX1tsq)s>@n_7pz>Iyy zbn#wDy~tr`()eOgJ`JgLkW6r5P4Qej+uaLUGxc`femJ>agQah)V!I-=KG*PXt^xlW z?pasp8vXDXn?W}q(ngoc zMhrE9?}G5fBr6^ZTfj2!G(;*fG#~4?4f+pOe{qA2mB0CI%edrP%!H-~dexF42X1jq zPOsHH52!g+*WpTvA4*FveK>)%u_Apnk`Y!5!*{o-rNJy90x}Q0-E6LKv_JyRL@)cw z1|-PlQdhqoGcnK7>%;<2z}EY`d>!8z#ySKB#-FmRhIA{)L8!4IJz|V0z=N@0#@T#@ zJYsGX=|vY&SqeV8ZZTJ(y$ZD$NUzOm??bhw-=JEg10MPjBJjuMG&B;5&L0Qldm!sh z0A{m6ES-x<)UPR$Z=%FzQByvRa~n;+tX1<~v*)a&Nuqv}6>K3vNO#oK&IQ8%mx7v}2 zdZ%6sNobrM=)`g6K{j^h{dVcevGi+{NG_Id3Ctc)q&tMKMP5;My05U@S=usJeY?1B z1C35l)xEZwwa?dZeB*0A!08GEyCmKc0}V~N^07ml?Y!Fci(#KUUUWHfYV&aCl^1mu z#13gf#tHlb)VUjK9j;3gmv@9F!Ia|sROF4ldeQG?i`vC_#Kf4-7A&~4eBK2=q#jQ$ zV7px?r`pRtK;|J4ZY4`e<0!acb_&9;gbn$#M*fM)KMB_DE7^S>Nu3_8E{@5$oZ>q(k@BP+vzgVC?kk z%ZoEky=8*E?LpgCJ9~}c;nwluQM^53$Uu7~5PS-$MKw3_uZ%tm5V^QVsM1%kX!v1B65Kf$6bi-VV(P{DqLQDI*N^s(}emu)ZGIL zs}H$Vqt5*XM}_Xz%)#Qx9@OEug7T(a)z|Vj1<;plKQYiB(9|k>3ze*vvKrsm3XApa z6}`vOq2!Zb00dqVWlOWY^b(b-3uEv#>=e5b*0#hq92;m@tX}J2W*u&AN`w}9WeQmd zoacLHn1cvGOD+{k`cf^=IQ8xIEM{hTW5ji-9jKmGIoBXQ6u0ljz2ArG_S-$#2sYzd^4)1$YHd{pH8?*J?kh4Bq`u=ve ztA~sF@(>V9Xt92>9MTKsm1?m^fBWs-`+s6sZj+0NSGOfvYY9szYr~ZVQEq@)0XD#4 zhy~1QB#h6LccMc^7IRLRrEWW{*cw7)(?osjRe(x({}Fw;ZF4U48iQ^bw(P)|7^*ld zoNTt)yratVU22~{x;_%i1Z+lXMG_=5W5+1zEe9eV_$$AaK6{GMD*pLA890ZR64nv@ zt{6XF{*gaZt3OdaLLR{{}n$S zLG{B|NJ0gwsfqtb8PsnLE_m>#fcfm9ga3s2>?yY8vVtzqwxVeMj`D$DF2-Mj zB1nn|$ssatGw}5D^Lx<`Jt!0Rob=;=rr1RQ-}8qnoQlwT?mj7!1e`Q9DuHo%^X9h7 zg|rsKU&2o?RIoo6$?xsyJ-z%-r`lhago76H^1s|1;jBj8#kOHTPbTeOq#1gQv$LIx z9b(_GP2W=bb1=q(Q~&8nM4l5ulX*9=89`5D!?`OjK=swcS{+eFMr1ZpzUeG{L(3%R zN*h5158%9B3&SLku=z5@6|+Ba=ulFwNfi}d&P|B0$Ha?3xw zA%)N1VK83*_#E;7LEs#@-k-o7vA0MP$hVw2kQf&ysB%G%{-=Ux$On*(4E;GKu!~#T z+7J4j!9vT)#01C|?{)>P5Q!|kyaZi_v=x3zZ_kZ$}NeS=`2tc>@O>mWg zAE!G0_)98(aWWwv77YKVr0HKT3%q~le7KCrIZTF)8m4dUPXoj zdfq=CBVaIrn)zQS=P$6vzjh+J{}*Ez{#9tE&iv?1@G=YB27e6N9q05 z%<$k(h8+C0(#ReMcpoy>WzFRzxLLwqAA)-+;g`7%G%LUSnfrD_VC!Ju>*0SoOl{V0 z{Gxh=>@kx6_0s=hsL1!5{2z};aKC`^{>P>KzaHBETMvyL5bU4L(fGE-V0gkJ%yIcA zC+|Pr*gyI#;7fs+{TAR||Knl^7!K1teinTo`|Fr-SLu6-|1(B@Pt*ACbKa1P|79Q% z_qVN0_#fS03U;`YUt7MP3A+DyJSP4RqqXNe{Y~-w$1`E*Z<8HAIhwE-Xa*ew}l7i{{PhR{#rinvS literal 0 HcmV?d00001 diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-swift-query-results-2.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-swift-query-results-2.png new file mode 100644 index 0000000000000000000000000000000000000000..83d0414905df935ff81e046704972e7557ab67f2 GIT binary patch literal 158046 zcmb@u1ys~)+c!!xguuWcol*k|qJX625F!mqgM_qnOQUp2DInb-sI-8DG}5JjFq9xj zO4pow+)wzt?>Xn$-&)@+_u6}pGyl4;`-)#ogu1H26+&7<3=E7bN{Vut7#I*<3=FIo z2o`w9mXz;4_!ohbqMj=T##J`-KbYy1T`=$_jT=JOP0R7Io981JOAMz+Hc#AmpIEvv z3-I3Ly~V%FY?F+EfqJbZC#~&e{PQBrlTs;VJ8m#wXU@Q}`RukQ9svOhfg@Wyf*b}3 z<%+<{Zzl*MVA>w;)Vz;8`i$kl;f`VD-E6!W!*GC#?z?cSE=yO(%!W-qu%#h&W=<2v~OGjH0Ft`jEEy;%qZDl<&9BJ#TP8;{`m$ScA zga$K*-jMfW=lK1)%8~Noh0pQYZlzo#I7#Re$qCJ?IMQTkxU(O~DeMS1G((vokD@e8 zBK~?kizv~6lA=G0_cuN}5gjS)^0UnM_ZOar{P%+w6c#ev^*JB>cE*Z;$b6En%d&+N z1v5hiu$~x2MAYC=fSU?^+gV)M@z<-pLsL^zQp|0+?GxwU{)W~V38U!Vgx{-dB{EvF zzxRaJdfv@=Zb!gaAXo6e`Ii=4hXgYV5Y@Z0b4-%o&xc5pwO`HqNKWzlMMRNjS+@O@ z9XvV#X1BAFl=tXWyN;YpeyOW`Gl3N>nZf^9vevdwx46N2!T$Tz$WsV>gQC}#{J(z| ztnKO7oNIsg&<}1)k6DHNUfgGYYpobXpYHe1c>WHZzp=U#_lMc~9}vl4%l@r(Jz^5} zI@@~qch}YW>$*YRcI4k&B4rhonE)j6jo9yp^Y^0QgCokS?nxB-43PgG1mFx}PCGlP zx176%r>}g;|{bxi;DhKEAYR=8r)2}$=ua{?cs)mwFwdV3r-Mrq3FHv ztZLx3*wILyLLGxN&K+m{dRmtMwNpoMRO+_p(8vBO4>TlDr_h>6sR;DIz9Tdj{;?16f1E+10Fo%jMogd{V}z3z#TV z3RRpEMHQys=Zk2ZVR>tIYyp|W2R3`$qt!p2)E%l1+gzZXS@{YESPRS;R%*N!Kp)5(%<;7Wh zyUa={yO5B_;m@!6Wb~qLiryRe^h_=99}lF3hcnsI*$cI*-C+Y6lgNq!&Z<3WswpQU zBjXq#C9Awi!{sntt$~`jt)Zc@B#~cK#Pg6#Y9Q`fSqvVhsHlGB`m-)vMHX?UB1-*Gm1YesOkgCQOp*WuoJAV%x+;6!-`rYEvx))ze{y=-if3(7= z(Xr*?u-pCQtOa!jmL@~kS!TP7vbEXwC|;6^&sclL!+xgrigSEfLc)TezU9f@3d+EI zsVj!NRd8Zr!p-)LLEQshqK1YBLCdvn$xKoAQWrryB_$=dG_c$aE;Y6X8zv~)%YgL&(6Mg?^A6u@=&lLsz=S)Sk?Z>Pr+dr2nG(L^wRjnj_kCeOer=4Y~TMm;yzuFGTKPw2wCA!L$Dj5#bPz#4W>c{^!U2$6M zYd6$5KR6;mwd#JYB^kT37sM;3{e###m<@=htT6I}<`qsQK?inVc_9zA@m&m}n2ej$@Mi=(G?#O_KIn%=51IUcT?qmaPG{ zDh>;HPq07b#wUWypH`9^U&q3bk&y7`J#EF%KUb!MQzwhs5r0tVE9&Dx5H`LG(}!dX zMsHq%WLQFG<{)7xWk%Yj!Y-YVz0}$V_lzgk~R}>ug!((D}c=?#Ia#>t%+J^qonIyoRt5`U# zZF7flRKUi#fA5|qZvYuQHV1zYrgJRE+zP^JZa-EpWxV^e*zoe2rd(cN zu-n#b!yU&t7!1ahia%TG7F!>cTy~Z4bS&#Kzc%FiXn}GZql6~iRkBcs?X_{F=8M*y zZ=Um@@8Yh+#bE)Lf6GI|7_~5&tSg+Z2+etqm&m%F-WGzd<$2=^2xU+pl$DiNKfkK- z*wkP7*5rM8e!}gcNDu)_c>Q`nl<=~oxcH@j4LM2p)Kw#s-u`|qv2k*8IF>h}8(&99 zr>Aarsax%}s5{t5eH*(or6VdNDXj7CWwv@%k7FvZZ-5M1ju)(6N(?tUSf6lO6ujqf z2jcAP%yu*TbG5_9fdoW4Tq+lFvrLKRAo=C*m+nj5d-v8~-L^7r@?z1HyI|FnlK^Gs zPA=;;RTaf%vD?=;`Grbk_s6{TQi}?TJOmWhNYxw_G;!?pK2Eh!%$dU5r)4F~I>NKg zmpNgCB=o}BSo$|r9!3f~FX9x~o*(b_tw^#WLMa1I`c0ffTaG*V#%tw!3c|%ax5T}6 zq#Sgm$XJVGe6p>EGTCmQ?-xm`C@QKOUlE3eLc+hh?u6d{cQlIUhaVq%ZBta1%MFS{L!AFasZQTa(j)ldCsIl63Vjz>*At7gqwUJ3M;PpI`g}+rmeQ?|JA%RP zkn;l(uXdV0viLRl;>oYoE1Zb@{QUhxP!@tCVFKS8J(+HrV$eSO_Q74N;xu2YNEKum zkYDDmeyxaO`~~*&(T_1skbl6f_ECyD$%7mff=}Az-bMh`$*7(a#eW9EE% zYLiDq2u%9v*=8MVp)%ltC$emBvcPVt!n`XQ&dXc7$v)o3!yAcXJmuF#90(Fb-snqF z_x08w>P6fY+A z2M=vfgP@G)XjrNnujPAA!XRqa0SPltrOMvkA`CgDrGz)`uS~Q;oor!Nb4}iT8!TS%VEou}!-mnr*#wtJjGZLyIp*-# zSXEWku3ytD`D)f9IV;Gj-eq!pI2KYOTxR5@2Je*?%~)YB4e7&9illsu{BW{D>9Ee{ zU@Ovj(hDu@i`cib|4}OBH9MBN<35>vT^}VV;MOF|PN=h;C}p6vn=Jn^Q8u;M8D*o@ zx$y0+PDP*^KCoTe~bsFFVJ(H(nDA$I>~GxnSND|>+trq54)!Nb4QI?zq8Jm+{c zV;-B|F6$e^Aojr9Xt+d+b4j7j{%dfk9>uGyEVWGNHTn23np+kST*|9gxl_Yttvc$XWaHyU>$fSiIQ@rr9S}_CCOR*_2;Dny=k49@(!`0LYV?RugJU@c zww$lwAUn^{9RNJ(c+)Y!uF=@p!eTkq#9!%kQAfaecYvvRkv)BVX1y`3m>0AY3s0MO^i@@t^v(J9n8ZBpH;5x~Gta#~JgNfSUbWIj zLEd_y3idLoOhTEh!4he}vFw0zNcKnpBtAY~>cuC?^G}jaoXnSP92pS8h}PaWJnx)@ z5?Ey{uW%rQuNz3Xj4M*Y)sK}u1p1TvvF5IG#pYNp?u&#=HNukL5>_ZnOJmCDh{w60 z+nj0wn=x)gHbUj1lX%X$T>0(}KSQWf25rn{tBKJ~h-ReJ6EFXU@8t{}qYKGw`^jFz z`qzqT-UvEO3lQE4^=^vL*49=h3z}yTv`r$cz;zJEVeu7nTWfuYpAN~r-|9=)IW8TN zVm6p5VbJi?2~?UoSR_%AA){d-eYL}k$3puvLk`T#ECHJr{uAo!T#!oNJ{@Hb45*EK_pAv8@eEiR|T=gg0KbMo^;XF`wh(`(5Qrqusge@e89K&Lnfrfz|Q;lBNS zqp3$ApIgI5QQW2Gd_oL34tzD=-Yu<-U>qQ2qFsNJ1e^KUMjCqY5V%#-iq>RcM)u)!PQC@VX7`zq8NMJWDLfb9D4tw zErv}QaqqoQGup)KM)giX=K`N`;rZx()65lY)@mCmeEtXCELe<;BP{^|;_6aITi+Q%TDYHB0@DkywsOsJ&*Wc0_2Lxbw87&eMdwBMpIKm9An8QF7fl%eMX zAAjvjgFa?`Lweh3d!mfW-NE3MkV9IeHc)3>MqdvsTYT{&;R=={Q!M#$Dzz#(OY+>DPVTOxUUSgTkI(Qb z)2z_PBc_&;KD97gegv19qNZ+A(XBjy=%=$PqtM-yj`t)Wc6 zL7b`K*U^;c_FSj(^@>}UEJL7)w({eW*izU-t?&gj_#ANeF+ORoY`IL!kZaZK0Qp~f z5Oo}flG1DU3)+iD_0mjFxP>IKVz}&qjq6s)GSnMkFP)Ryb50<>=hPOA3)&1XJ_+}A zmG}3R+ z&)bTbFfRFnO~2rZWs0~y?upNlSC>F{L*P~H=s>Wiyt(ixOzRF0ZEN33Y-lLX)+pka z7qT_z$B!Rij*@Cj$~gVfmY>hI71gapoUm)r9fd6x#EU?_8tjJi@g0RT`#Er$En?ye zU-xbb>gMT`8`EzHPGKz`V?rwB7#f@E1cqg1*GMsfFsRr=C(8&(^Y@#Nc-Vih^#KVH7 zP~YF$3+g}4%v@)fsdJoKRahS{p&00t<8mC(hM^kW4jNlCEj)ZnCt`H(4MHOHgJ2_^Enn>)glRTN(q zkVL>55qssx{EVh*X*JozTNN1b?r%n2^T*fCRLG{mw;Pv){g zY@}d3E{OHo>fva5L%A^JZUJ9>*m63-*DUoK8CU>WMmhTbqGOwQxqz=j)(L{Sz{N%r zXE5qE8FJ;-`7r^&z#^}bVmz!c)Zis8R_-MQxljBW*K}OKx%tXotIb#qlYyZz-=JEG z$LanLSw=H31TR~yY=aJWnLi)$Ja=MDA6op5>7-JY>W%;vEi znXh|AGdf$PBc;X?_9%#HZiQxmDD{|+2oGj==93A<#^Flr1#S8NF(przkqn}?Bg9BY~Zy=&+ zZa)_n7%NlN)Fhv7GyU@R(elE)jCm?P4YDRk=38P~+PyPg<0jn(fp}BGEB7Ojt^#r- zt(@tgi)Tz>ef;^QG$TWX@UwMS0T!L*j*S!-y;eKy&bG!3mx)_XkDUl*z(}PCy}Vhh zKtC|PY&s+V++Q09dDl8gbZ?k*v*l#K(ON6)@s-nwN`FMUO$`rwb|!1w;I{vf82W6j z>6G5(S+Xun?+(Tq0tqxDk>ZcMYB08Xx*FNNGb+QeCvh+wHABxfAobMsZ3Fs50@tO6 z)KXZ92k_1Tq9}G=k7L`Y!=st*W)md+=ofug7;G1$)yT(2Cr4o_7I&9zS(;>|^ z0vH6*oqzVje?4RZ0kaV=JipU@4PH<6xHp@n*w!p#{CeVrG>-PyhANB%3{qLwqTI!q z0n&KEtH#;+LqRJ@d=5Excrxvx=T;52$f<57(|r=8MEkF$^ah5tR9M@+=Q{eWpGf?T zjvv8UuU!if7d@Y7xvM}iG`Q?K!kohDL=c~dLu)=>rN(R^%nyQv7hinP{D4*}atA~P zKuG>VPm0TJl%Q6F8Q!P+HoE1MkL-SZAA0C}nw#rUfMdregbae%idn<4HdXh&TxMWi zOx8NgINhIC&bk^QRR$fgUm&>vliToC?I*aG%@#-#07;C;$L}WnfqWJeJRDrqa~-im z{#6w8O1aX+icK!=KkF@e$)|DO1gyN55>;_`ubG}~-N4+eV4^^Mx~7RUQq`OmG)4Ey z$jqA3&hbIQ>U>m~GJLUd`(vKFt&s-}%oNXZ535u?I zKU0Aba2Jb5uI&F9`*L0;WSOW46$LyD^>vWWUS;=Q4Xa_be^cIcfAa^?R!HsPx+oa~ zgNiS}9Ml>FhR1W%tDE0NOurObwWG!OWHfUfA%{RDSbcha#oC;1xZ|#uT24=fe^&C1 zA(i|9UuZt;U8#qLbynipuY2RdxO>O!i1_cAToi6z9Rzi1ijl*O$L>2MGP?()DvD<# z_*`Bgm8o}jHcrVOfKYKKVq+}8of`Mx-|%md^t6O9d0GAqZn#fxG(C6%M z)3%XU+%kTeL_gB$QUp7){1Z0EOHe^dZxUI*(WDn3>m92!k=$F`@fiVYLsw%{-t^9_ zlQ8nLCXRmdGQX5T2I~&J3Y%*7rgHiN&`!%WW-nA2y1(nABcbBY$eB^ANs?8VsxK~W z?}#2$jX8d@tC3n*NJoe>Gi!*tOXdMb?6_c!H^v0tOCKEO^am9pM}={-BBV?W9Sbe{ z?>VXl0VD=@*};J$knf}!@jRJufABo~rB3=CL{C2;ZHm?8&<|1ILF?5l%}|pm=v&yr zPG)baS}JQi<-#Vnxn^iZz)i_ZP!T#baR{TWwo!h|J1i%LN1`2h9`kSC(ye@9J9vF&7G_A1lK#H+jb{9 zmRS*Qw!7Hrc0VJ}#XE><;Clk$RzY}pIHV~xp*sjPSYun)5yOR)FYvwM3FD~v3qQSo zRsd-dSP;fBmhb7Mu!3F|(!aUp=Z5{#LLeFMC%(ShpgFK<|< zXk>us5l-l#;92grqeL8nC6I_=9gdGZKYu#CoK*#&+8qmz2=8~iqUBJ@#!m7X{)IUBX0S!2PS?8$$LJ>00s{|9>-TXPC{>Q z=9_4o?-Jb}_Yz#5PPKpq4miKq4j7u^RfMTtVEP14*l1iS(iyH9o@Fe%+3foPWfw8zjU?)0H zT{iM<%;yW_b%fK?w{ut-07pL#%MYKOHH?g~!r9!qVmxaGiZptxY#WmW7^7-KQ{Z>e zPW$Q z{&GIXIU7pxj=_p&rJfb+!8bC^#tmxp*u0m1+yF?3cRw+O)t=si`Wq>by@b89|9Wc= zd0jmxA@TUNRY81fK4g_3P00R>RL&rUfF1=I+gt^e6qKEGRGuR00zm%-*$Q!tBOKhW zYDuU!o(bVFOaRp@Eu)7tvsu3{Y!O({{gO}EAqEf47VH73&_{bevRG1ANXmCqG+i_N+X+D-Q(%XqzySaIlwgxWr!pmVDL&_M=#z*;rL0`?Z@b|b88oP z>T6hA<~#H57hy_@id=kr-8^znp744XcW3x~5p!P;EtK4Bw4LCNM82r57MOPKeZk&W z5QL+}#rZw}b-4`Z;kiZ{!U4y92h%V#yr20S7$eCpP)q>(v+1#V1{fJ>ht)MSa@w1i z`yYgb8oxHLP~En)Cg$DzdR{(RG3C1tN4$;4C{)X;XsVfaMuGkQU}g?L+EkmDpaWbP z&HiZGswwyA5sP;@!;yGva6x!XjWX7nO_`+i6Q4j@sfP7-rX^H&zCnpyMKbx>JRy4v%UMls2~7t17URa7 zU68)UJ=U-@*tD5xS$Q0#{!KUBj%RHJ!>)L9`JtT%nj6uQyab@U*WAx$M)tnL`u&3EtK<;!|e(CHSp zn%r5^roXw)127fvdUumwpC?zE)4Fs{|6*}M*^16`gnV|m&e23o&3&Ng$hrVtS+v2l zjRC_+dbknAbju>##Tx__r(~L8pCu>aEjNbG!8$@Um@|a-?o(m!XvSXv#I*nRA$bwG z+Vg`vgJIK}%@++w;b$mjh@g` zImQix+UUz4^DQlezv9!=4IVsro=R5pri7}8-|t-R-aWzy8d!c4E5fTtWh4B`CvxIf zZ3R~p-DdVZK{p_?$Arl|b0T~lVPR#JxQd2uVjK%n`AlLhFq-+iKELEIQhl9Ud5&cYXxM$% zfQt>2H+=D4?nQ&nfj)ZP7fGxjH6LCa&7)>oF6iEn4L&{mY6Wv0$whqWP#XD;W;LLY z^>GexbN)u%Ai2%;*PnuxhdltC{@`wiaw;!86<>k^^rvhuau<+&I{lk7btUI(RPFly zVBlT^4A0K+xLP3oeRMBcAtl`<9EXt)85Ivq;64hCgC!&-?N?=85U=h5l39eGG$F{}$s%fRGWZVE57R<5lRp|GPH_)Ag;hR=7Qy(Wh2JYq z>N!TH_fQOM_t9pDq4moJzR@nKei}zj9He(aJjTi%=L(m|h6FV`Vf@@DS)O=p(L!Tl zDFF4uIlyjsJNM}XZ?=f#raA`4{g+7BVeB$!czG&K0RO+^`dw1e_-(5}fnwOgPCA0461*n^PK>JrJ985s9n_U5?_w04+4Sg=;Y(ccRH6~FgUWvK3De?Z`E=FNrp?G z%k-&yt6n6)!B&*&oGho_7=-ZzYh~9Yv;mbaXGuQC)PilhIFy+l;s?-kEsoU$9 zVxGKnkm*{7sG{4pM%4(N*6#zSoJ7`iPIY{YOkN?aO9T$))ylmkWsq_;3^^dY36Ph^ zOZ)m0=R;)t%a=XUUds!;SfsX!X`A@e{nyMB&rLx^wicn!TVUECjF_z<+49Nta%4x|{GTke39$cTQoNHrvjyJH)2D4CW7Sp1P+pAQVy!h-N%Ct=;HjqG|5ln1Fy4GW}##;v&CG`jV zp=phtjBK5G@JR`(*X)~j@I880>7(xlw;#bCRE#78WPv=hF@GO8U!qENfBe1 zrbe?OG>{W^t5tgVtyV(Q{>xvsSD34|$R`Kad?HBFs`leD70=aFu^HjH%FrH)CXM)c zLef19UNCBPsSB9iCx0eXL0BwS9*S>8jm#ZZC%53}#HppByZlR;sP;6yC+@{k>awSp zUYbvU2glF3^3NgWiA7eP>mzsd5v7)`MFR1`1TFqMV`wp?}m_Ce4+)px0` z<>JlVY9;^&RNGCdQUwt^RjCWKwg+OazMz9+)wjfgxfvw+I*B~=xGNx`4N5__zby}# zM)LwdAqX@G?0!#;tUCollSOa1UP*A;GY8(TIxao)_Lz?iL{(tNAxshezS(<(SoGf>*XuW&C6HB*G?#W9gzza zW_H;Z*})rTud@k|&Ly5T8_4kwp4%0R4T-F+K*we6+1eMR1{5-_RjLcHr2ed=rI`D; zx~)8nv3ZN$G<#SNDh!oSU`7NvQPCfZJ>z_9jEuTo$B4vDNc5s zDn`vd2P9VnmOP%L_N34Nokpf z-`^>;-A9RIXnNOeot6*_qo)zzz|UX18? zr6MIXo2)beB_Yqu3)x14<`gaQ_rh|60NTHDFkEG&_Ts4%K~mXOLq0>n=_o1sCeC5K za2WLNPWJ>7J-ix;z6?%Iy24#U4qisi?!c7M(M%)>zO^y!XHHY-$9pL@=5|6R=KG z$j3!0Mv)lGDc7a3xFDw805buEdb*JFS+N%*0EIwbl^;MviWV)z(F)${+(GLEWO>jG z>Iz{J-JK`YlKAmGU@|i>`2{9Iu69s~!L>C-X%1Uu`4t*ws_g&*vD0r7L*a73(ce6S zL@IM_B;I_iNUg>D7l*^T1VcU7a`on@yEj9YWPobUhn`2Rw?@GpP453ii&|nr>9(8# z%8bF5QGZm5$y+Mx*UUX=wK_g|VXd9?X4{em#-W7U8ksHUbO*L(r`^Q5$>oX(@}$|) zfgry_y()ejj4V6X7eedymM(oTC*Oh6oo&dt)4_sjx!h>set4s)_&Gl*WwMmH5GP*p z?Mm9c?hjFF^+6z&rSF8h^`_h~u&x}w2fad2SJBb_RW1^eEcg;Oax=TcaWhT9752u= zt}3)u>*e=Zs~x;Y<3pdjnF698ltr$JxHvoWGdfl4>Fbv+P6US$kqR?A?VxozqBx0J zS&ki3Z9@lZBeIA$okg&mA;Dz~S{uce{vLS8EHf79rf8lBwM2=h0-YWQyF-XGAX5#Q zKU^)_sNcCGHGg(Z(ZLt9lG2SVU!}qDX1<5f8o&%zMy-t+%OO%<)s3g%_==Qqxy(*d z7U4Sb?Ts()THxc$Jtm>P87PELLSMW%aS!TspfyvIEw$&k@GxmAOCVI_pBxv*UnUJ8 zf_co2AOk)O>rhNa(?>jrn*isQPQQg5p#~*%u&=MLzrVkyN4?^-2(**d-*egf-iO_R z2d~XFpJhvj?2LwwbEkTe6#<%7_}V#+zoPdAzTQ108CjEt_247cgREyDs11`cGU%(3 zz2?cRX6M;;6v z(lPu%0M_(bY(IG;alNantJXCp0ndK1x#Giz)1HKDVD?Xw47f}9oRA1w?;IHwrGcR4 z`-NA0(G|z!xSx(6c(y@JEgS_@pt&hk3>Fl`!Y)7|!YeVi@cLIDCag9%7>gd~^drh_YPt?R1S;WPRm_aV5&R3Xgy_9K$t!SQ%7;{AInb2J+1hgJ(-y~s5z_?Q>UlFnL`BJJ(chpLe>M262GYqt(%MBaX4%baYuaRp zA;6Z@52dGhbHPgLm5qD`;lmxzY4X1~4J=A^!ye?4kYJDuOKC0E$g}>kZ{L_KL@esI zCe=_>%g~06#Rut;&1%>rPJ5bk({WUz$2rR-G#CCXYU^z_R*?DQ$B!2+xsfT@Y45FD zAGMHI2X@l7+)qsD+iG2QioI zjcQGP{=ATZ7eL}b>-K{Rs0M31!Ub5+HQ>9D>-Wzy(qrxJ5Z$UI)-?7eYM>^3HAcY!2PlQ>ioPkg;a`A1D`)_gHAl-DY{3A8s>NsBy0qWNCB-#0r+phqPro7lg0$ zr#iY^d7@U64vayte;I?UT>yulBnNp5U{)IPk?233BYF@3LOaPP{&ommI5)R`t^HRZ zuAA_1%?I79utGdq01<=ZLZ@GpwO@zyozG_20cR`atj;Om_EorvnTZGF5>9^fJ5A27Ea< z{}E5`#>WAt09;SBf6F`M1BCTqq)dO;QjNm+^8apo64a3g_ZRZ_ zyg)!a05n`Qm?vHSt{<+Qh~L<64kKhA1^-l%_lwvCURoII9Mf;$h` z1pj)|De8~Qdlvogk4paeH9&R!^K9oJQU2?{Sy@;XzPvLBRs`~Y-@`*tI{tZb6OcUq z5ljC#>Qax=tLfr;|~oER+PAX z|J+ufT_HuVkW;Q(W)?8R2o(9@(PeqHbn#u>lz-lLwfzCWRA^NrkAGGTsZOxZih3Mv z&V*?*+SVZyVuEcxZ-(f-d~iFsBK{sK4B0r2Iw{Q&a7+FGR*c0v|0 z0>rhz@T!@)IehRXzj;zw?=2wIUH-zE^>nn>!C-|Pi=C4b|CKiodvzt}hH$c}M8(g> z<=8HNF_Sn3m2UwPI6Z(RibXsr$U*0);|$u><%U!9OKH{^u6H>~| zEZ0R)T4tgea_LX3bI<-AW0R61v{uJiD}hzYJed$}z5Q!X?L^7H%#O$p2R@9l&7Eu7 zjz6-V?kQonBrQ64qkT?cqz`8pxp{aJh)s_%@zH}pLp#RrJ9!s?@;{#h)ndZqhJf@K zAOgTXZ=-2hC!3k6%?yu@-k(*vRQi1vz#{jB|80YUei{rjegZg>I)0R!wA}r?+F?hI z#FKuU>mpxnoQOqSLYfJ129d-li9$5k12LtXkMu=+ED z%LSXR)7fKlx}cUW0yN>*XuR&!4!!{?>&6_|{7y>Ehx@p)08a>yiz||*1a>$r-l=LS z!2Q)xUDpk~tzY-#buqL}OIJ4>pXNygN2z>htv=+tfB6()pU+MqD?-;sUlYgrSo625 z^sn9SFa4KWK{*nbAhrN^2*6E4RiCK3N}$jHXhOXnCSCV^6&1ueaIf$@G|HIo1|#c^ z>=$4s+yYaxXPI8(d3@mhzFP*fs#e2#BIuS_XzD-P8eG%X#8Jhu3Kie|Dn>>_6EWX6 zFo0n6Nw4cjL)~q}{@}40X)^Tr^S%gGWO_b80_#Ntv0+mHy9CO8;nZKuM8y6DCN2KL z!9$HDAX8xD5x0`MuMJB#$l$+7NK6FNEmMsV(JCEpu8Vi~#j``aQgQmA)p@5bgEYSs z);!`R`h>Cr(J={sRuK^zPr}H=Pr()8-y0IK5?C?z9DaQt_~HlfVxXanSA-V3d@~eF z)yo-c^mL^E>h&}NgpXC}2-<7XJPjyd z4!dI+WO1+@-NNHi`6++q0D})q6ifp@f7**O2OR^O3BRa{b#6ZBSX<+cbUSi-&>I*e zwgsM#iF`i;T#+$l|nhWncWw!Sq!RBHuTxk5CxbPgCCV8D*Su}20N zCYU!6ssMLqWetppQ;{))L?H45@ zQm_6ZM@MXK2?y77k2SO&=f8bR_OBs)+Hh7| zb5;Q+LE)&hkV#4}un(F6@qF=(bIU=LBG~JXt;2_uNh(}DUi(>)#6p#z5O1Fnwbj$N)fD%&Q1-G36^MKkMW$mgicP18>4b<&+Hv2j zL?>fn;|)9JkO5t)F@oR<0k8!f;+;4HXiBFHU=d678jv@45?pcHC$JpI8N@u6XSv{T z4dW>s4@sAM({+w5z-2fT$3r#_ct6U@tK4|?$v`5vSx}i}A)x|T>m%H$0+4UjjZJoP z)Fl?%f2>gG@J}0Y8{hCRm@SSBs;kAXs2mAz{}$x)DIK=(-qwXza?7UYcLJ%_-NEzQ zT|_JuOi0{*{8>uH(&&{MguGYR%4dHq=p1wM$St7lM&J@KUN0QnYgnhqr&kFEbc-%s ztJlyCK0W}LOR^#hjJ-dR&zzGc%7}r$1%3n7th+`IL@KYsdnTa?La$k5j^mMfJm{YE z5ep)lWUuMqCGwdiP>jQ>c+Iejy@$4f(6SkJXg>|5>?mcDYURk)@sm<8oDpGD3 z%%a&86Fkc0A0 z$eyi}0)`1BFLmIeM8itde`HOE(@8^Hob(A{H1__DT1t9QOVts3H^Jmd`8X##TMDsf z>T5?P49EH5m-lpjgo`5hHicK?JhTW*uiP*2kEo_oz?OCtiHKBWGF`}ce1w~MYaL)8 z<8_vA{mwitXb`jnWr~c&qq6P$$Cv=nuNVOxo4uuSNO3XODIz1y#Tz;JAWu-n)fV$|_@m?e z$J$j0D6?>qwgxMMAl=He3R#?+c_h%*3q^R_O!*}{e#mO}t_Idgg1N0hNbtVzq)*xd zIF={Q6zaJ9LQI^=7LacHahTjnloQw@Muq4|beO?rkKDS2y-fE_kPCy`_J&(fIkirr z>&b2u9uK;SlZjdZj?8Td>U%B9jN)E_e$HeyH$ovG9051E0YZP zZel3$N`pxwjh-y`B!EWfHGsfKA$4QATj`hGZ+nkqfUBcpA+Y(Z-jNtway4z!lb?@ zrKCKzv|Pw(=X(eAQQWp=54>hLIW>g==>&x9%aTXPrNz-76qDz5nkSsN>8^0R;*)876%d)LaD6==LtDa45Y5yD785pvBbb0atHtQ=|VA4q2bw1o8v z&jHQADt+_lHFmMS#<~-kBlZL03<{c^*Y#l0fu=A|l@3r64;6gAA5%7fs(t<$Q4l1C z>ps1=(%&1xY{WfmCpp_vFCXsML%G#4IxbMR#;F;iy!skOZ&%RjGZ+#rxFp`bdEU%)KuBnl%}HfzTEVU1?=}#f zk@JGpiO)$s2fFxi0`piMgNh{GT68hj$pETqyG*uB{07!`g>$AHTQMYZz0Gf8+0g&I z;L-1Hb=d3?JXkW~7ts&?N=`QO*91AR-Sr6``c-KZtI`@FFZMESS{-NBmM>zEmWjfagY#rw<=}Dm6*OdQ{VNqs1y#*3mCvdka$f2^W${_Tnpz{$H8E@x274&U(o`vZZCp-<}E{Hofr;i zh!PT!yyh1(@*7bC#$8;~=-kVcP-3xwMS8B)6|uUy zYEF@S4e^N&&~rz~wL}8-!L|1K0|f0j@H)(DJ99qB13`frEO#1J;T2qHE zp4Eb%6nO6P`DI>+qj58dvtpG=LHI4ga)Y{9ahzMP&QD|Pn;jaA7yEH`@{S3F^^kIt z8r69Uab0#*A~_cwsT0S~B|!h(8ZqX^`haEf9&l#?B@VLfN3jE`uro~Aa7@JY``fTX z_e9F4aA;_*qAF|8+2AW6fEEAlF7bwAExbUA1!liJrM=L5k)}$?x4%k!fVGjDnE}Xk zS>d9@(7$k2pVDB45!joSr6+&fqJAG+q%D)6ZY){GvARcraYdaQ4c%QO;!ffFc#Ng< zVfv8bpJAE|YhxOrt0X?aR~ZhS%)87{b8{15U+PWdoJ_&S1r`=1hcHYKoG>aXEiAx7 z6<sD*<^B`ZrIeucnb~YD)IapGuUF9CNy!o@C;b`o>`%TZA&T$d0Ssbk;Z4v$D zwSvJ3tjE{n@`xDsx90<%g#o>uy-VFOU|`@_A?Nv|s-9c3C59d+j+-Q{JQCh1yhisJ zpI4;`VjL;4g9-dHlh$2=x&Swu+Lz>)EPnABmN_s*LpPs@DF}UPF`Hqxcx~72V*`Fr zLEWzb7X0f9itFJG&{F2}?2RZeJsPVd+T`2UtFE{vn*X&@^Z%jhyyLOp-?wkikX(qY zsH`%w_a0@Fm6c>f_9mN%vZatMTeA1w6|%FkXZGIDdG&pMzvuh-_kP`V<@${CbDYQV zKHI4I-t?p8JXyJ@9+@Cp-uzwLJ6Zr{wY!Y#vHEn(U!C}a5A1nSFeA?41YKEwX41f} zhxUP<$x#*O^Ey*wiNEK`fqPL1-IkEKPAG?9xwXCg9h|?)+%-0+BH;(w0Y*`)YpE?y zCMYv+uS$NY9A|$9<*^;#DqlFCoylA_Dtm`-2MTYLw})tvVSU261+N?ZrK;*G)%$PT z7!h3aK|$0k*PFBnhAG*uw@X_|U}6Uw9WiLDj&#A7o<=w1)FWN*T5UVf2*@1Dl1AftenNa9mtm?CeCE!)-&dUM?!i=nan?*1!7)u3n}Q?J%`P&eu2oXQ+fa;C!Ogr%MZ1|QJ zhui*&+IXgbNTjb}y@&guR)$nnCq`%5$EH(y0m2*(h{?){Y-}!B9&2}Vj1Gf7;Dt*y7 zhVpImnbRlEba1vE*`--bAMcj4wF>a5} zt5*fP9-RVFsFQD-Sh5E9@Z%!J4;dfQt18}+S}e!Xw5YN~P^fNXhuJmzuKTAny>!@E zxOO3k_rO}c7LAnOAeNzgkaM;n^~In}XZ;(cXSGES*$9Gmk2DBLaZ>Z&#H!v!nRL2d z+x+J&N*(Q082utCUi3I2*mdXYKit<%Z{eQg7Cu(hI-#{&UG)6G3u~+ZR;_Rak=KCa z{_`#E|L?ASvNB!{;Z6&z;I#l0b5&b&b8{kE(Yk>6T;;WlJx<_i{0snZRMkt16a4T` zF);yL4!^f82EPy_@1A;kY(tZ4cE|k3&a>;{9Rux@JeG)QvcjKYdUm=|q^PgI%V&Q1 z^4xWTF_-iXyO@~I_Du71Pc$lFSU^V3{0*k~H{c{^44V4YG1&Pl+ZfK zhljyhuKBjA`!q`ZANsZ(->)RleU@;SIioUqVB2{3YsTCwyhrQ2JJstx%Ju_{W3LT6 z=*(WL+f1-gh{o5+{-|pETh(@1Xre!?Kpa&#?{O_;^`pN}TzB zYxD1)v~M@j_WbG`<;Ev5Y}^ssP}bP&Kl&*DaXPiEK|TOnn92MtcqQb-RZ@dmetcu= zt5Kt#wNCOCsFSSL3u47C*xO^|*ekIYk6C67L${BHR!j|P8Jqjthe=jTn%n|3zNeO@ zmaX?Kg@)qc^*{rkjey&Q*=e%Me&L%TWrswl>I9_|mF>xw`AbP5--o_JAsym6_AzEY z3Q*q>rL@B*T?bX55u_s4c~O zjH&5m^hld1Jo;l|yIe^u9fZ#;)pdn@-@fs;KfA-n7cXgl(v?91p|P|AJN^Zl;twy@ z<9AW7BVTggMCWlVxmL{8Vn$TuiLddzy!M(`7=^Z{;w&KcPLl%FFEgAhoaJEAZfB2? z6HOk0c-lsb;(y9PpqPb+$m`=sk3UWD6zhK?Znf~c)O-xGV@08(dBdPA&On+jcYGw3 zLD>6T$J&!--HE&0KtWv{@JsR6+aM5**JqRwF;TJi4MeBye!~ib{OKmCbEu=s80;@j zoh^UO`iMli^=n{Qd0rc)!=(6=3hSN{+vno6T=W5|{pO?qM!nY=FDK^?2#$z7sG@Ns z(YCKfjeL|iowp5TIqNkW+d$dg&OngN6uX7ljuuf{uNj%1+?CN$A$TO>xb*Iqd#E{E zkj+>z>I3=)S(Ig~GsQ~G&T9L4tVJw8lIFL!C@ulHfN}fY+^z0f_q{JW19{m5GSo7$ zyr|wd*nAkc0GQEz{9TL#Y)*Uk&gOi5S|EyAld8T|~Ejm>}%%{(yA_r^00hXr{S z&ueT&qUQHz;}L$e1M6(Q>tPHzGd0JGYvA$K)G=`L#>~5+Mlf)1es@UKRBZ(~Kszjc z{AIXymK76 zBze>I@~)>f=G)`UN$;@6rH{pbd*Vlen6Qd22qo&x4d1WEnzgAgkCXixk6W3jyA4l$ z{domq;jC+ZFQ^3^Frs#rq>??N>5udEz$ffFjml3Dsl2kk0&(R&%@3#3A+L9G_b;tia|+ zwfw5Ia9POFU0Jb78O(GVv6y(@jl&@UuO2f8;f!)~YurO=bFkqc{IWveo{W+U&caC^ zZi7;&QBXYBwS%{-3Djj-Ma6f?e#dJ1m}MtptM`6hexPrB7^;j>3k9_WkYVLLsDQl# zOGJBzd1xUBbN80fYYcW7JEGA#_q|Dkq`x`OH)o4 zOGVQOoxu&aC~eNfdAcs&C)lvU;|d?w5qSqq4o3b{opBro1_%GV6lwecmwK+$3G9)7 z6qbYSH5N>kzy$PqpRW}nGuBVHvPYVU_wy!B^+5Jt^m3n*=9{5Na~0>Zovy2P*`U1m zn(i?z(KT3PAhei=`G5&;z_Ww8x9g+uA-I5jV+5ghAx?SS2~@=Kzf-k*GG^OkQWDdG zI?Y458qDFSl%D%Uc^0I@w9IG^=+{&#{ngVH|KkP z+x9bCa&22J)FX8a%Grv}z?jvnY#?Hr5KQM=-IGu4q$&YyQ zdSZY4=}~EXohlpq{-?dW?XOY<1BHL>Om)X_o&+{zV(2Xm4I*ORZj4Xx-b?y6wN_V3 zG``)pZLZyr>2qyeWG^pt)c?_T0jVFO8SI>MiAmTKZXBY=$MX^0TU!`P9Z9%!Gq?%c znZa^fllG~_#l=gVRHL|UgBKYQqI0Ake$!HNUXL<2=4riGvw9J)=B93Jh@IOOcuUw; z$d=#qMa*K=gjWRfH06t4gcf!v)DQF`9}+X_vu6JI|MP%IkTR!Azug7FuVu7(67Dpx zS;{TT^nbj?mR}*a$16diVwNst+GmQ**kM*WZYIoQ&*=-RYaT=k;Hy2mWd^ zmwYhp$U>m5kmr{5|5fbx3Vu{P<$kSOv@?p4$fE9nPO)!|y@8}A1;@zF2rywN+ds{l zYMKvu(!SnC?M<*0YZ_cSjw1!w*S)SY!eYXm)$Ekr_$eDZ1{n+=MkL@V{~PXpuRb=F zrPvY17bz5FYf#CC#q@s<#0rhUGOJ|lVHV|2pkJ7c{xZ)YL1InWuZa#Qp5`W!ZsLD0 zp1D%1eWW6|k%ap{mt8!!-M^k|%crU;{>{ZYXivZ~y|W-0*QI=2k~tk*Sxy*sfYAvJ z4FxHGNFK~Ex3e$RDt7eXjWYXWmiUo!e7_xrFT>1VyKsJuBz6H@(qSmi%9)(813*2R ztrrp#Ys|}AgK}m;I>Y}tTKyGq_B#t1n(J+jEjoG{= zX|54ibTX+M&C%T;FGiX`Uk#q~m|=oQI)qyJrnm1OnS1j+{vall3?`&tCB=a4j9Se5 zwX!l{NeKHX9A{7Jo-+H3(*sTHO_#^G&2(LE`iRmkKm$KKv-mGP&P;m0xHxsaVvqZZ%7 zSnh&I{p|=){Hgs*{Ky3z=BzOjQM~^uTxs;fzZZmhE<#&HV2`-SJ?xik`ZPC%@iy%V zDh+#dTwJ>=#?#dhvxUZ@`!%ujkq_#G5-zGDiW#PDx&r9x_j*j#0deK4`0N)NAA>1A zxdF@jQ_b!5AtxUEU`fo7DKMV&-Zi4No&C~;W3w{u!{WS|9e>I3Hs?V%1E0o^z}MxL z3<|_AK53}9{uQ~$n`Rqf%<7&gGdDvk>m}3fZ0hs)*N6-A$wu_vnljNrYxHgnT9kSj z0jG)JJ=ZHc8di#(N3?l458?tjbXn2jzAR^T$fh?11p61LV?-DEREW=Pgh{&7Q+f*# zxc#;i1_Qt1dY|qr#<~%STfo_)18vh&E$XeZ{edt>`jcwCKrv3r=jJx{Ymn;vbt2Z_K>0{-JLVk0-pM-TY=5bX#{kaHF za4$cgTfRNu*qrsF9LfllduZLFLhKZ&jIlaJKOsU=peOX$&ZysOp#(kFF}hO^89TFh zG8@`|?UuKJg`OK0Z*ob%OwptNyx_ib%o~P6lD-dT&rQ%@r2NA4zx;(+@qB`e#IdEs!XF>NaO}6474Q1bB zLAg52Tx)_*qGL*d1)5Y#zk6>bf2YcEi37K;5qjd8u_*a%R<+`sq%7;@^KzvM%>E7T z(wdJFyYPU${1WWcOn@($Z19?>d5mgW6;&xL6mz-4S>=5p z*#1k173C-y`95jT0UdPs`x`c+ofzejJ#WUmbt3OSun+u#DyEoM_)O@UDwlz6=y_`3=j6Qvmi4qeJ@S^GaabCV)MpL@p zXQliz{yVg>D>eZVQ5)0Q zy-`%tGU5XE7Ukm4GH(o-VD4w*6hB6acIudrKX3VpW`emzGe*5^l_Uw2vyI;1tUIU~ z8G%Cjk+*uXoY5%=c#_FlO|dN?%FiS!`5v+Rp!=xy4Br}mHKa+ND<$kZ_nBsBf$2wk zb{Ql**;`zSUR+&08gCDocGzX0eb=5O2acO0RF4hR{QW*$K_R7Qk6d zI&XsuL*$p$sY~2Mc$sI<|xy?ql)f86H$Hl#V9VAC`S-&);fj4jCjyL9KQ zH&(nl2K63vsX*K_Bc1&HQIVR-MZrEoiBz^$zoG!xdPrd>PDK zU?k0KzF4;cL)#;A)MInt7xT;MKlC;o7NhN$5EY1ODJdy|9k3wgx}zd6wD61 zKIedJc1mmHecBlt8>?E~Vzj9!XUTjo3COLIymQ*yugtPVKl(1~$yr9-g4dYbLpLlEt9ZE^}j|EU^KNsp}E9?8y!E|GJP-CXKPLImhT2 z2pBNIkjm&2= zTY#1gZG?8xU$<_Z58x!RiddC5d0>feGJj?FZ=|grL8~%a>E?0ytFxIZce%2)_u4Uy z49t^soA{FmDvD!PnHhu~PxtC*2%jjT$yuV@H#(wVUd^gY1tCc~(HED-ORqZ7@$!CnPAR31V@MN_sArQI^6}%%Q1pnJYn0q3H^_d07f-XZuSE^_wSp#A+PXy5iF&#CzhmGsRX67q!QGKvW^k5Q9flipCf3+Wp|2b}GZ_X4)>) z7`og%(Jr}3A!hm0XJQjY{IgfZN~^xF(WCZq4P%-}$z8`3{sAeZW34)#-WN7y{iyiC)0ZO@XcY$hLUuB;IZ7+%--+(^mSB0{&7&)H17~?vX_zC>iSvD+9piJ z(@zKnHc>0>3|C|znk9*gFD%fMbPS3(W&~rJNi*p{WAH|^B_A_|fKb6ROsoVW*&vf9 zBWx~ z!MfbCY3+E7ktz@VyHTP^{RM2d9o6Zlr-vKs8&o?>sr2r4MdGjWF_RaGJgaqE1n(ek zTHVK`#FTWEzk1ZwM1YR}yW*mC9tFw+@z5_OY3UkB>lhLPdv)`s5__Y%O<}0@1PwBS zWF1PlYYkt?aVHbXX8yetA|>1ZYeQ}!8@e{s=RE&Li4i}QIY9ERj2-Q_$`r2DKLg)- z$9oJmv{c#Es4{62!Ag{+gr009V|@nCdi31HF$x>pVuVDZ788+x=dYS=s-~CkZ8j^1 z#oV4FlaWJ4%>F7rC)(+8gEjANZgx6`3M+ys5A!6JURBa%Yx*bGeF~i{oC)?h)C2O; zkd~K&w12KexXrM6!`68^1bCQ7>0Qq}3PmOG{W#owqf^`u)=1e1)N`J@rAC}S(nA90 zFFVVT%@)I#FUgNj(5#2aN(kc+vr82%ar8v4pFPo)_(NanN$c*uc<}Q*qS?eKDeawe z%9ECQ#Ozk?H|Pl6xmm``EU%IYy)(?8FUtckmv1%d4tVubspCY;zE0OSl&30*eSUcJ zOW>mq^wDw&Jhv>S?j=hOG7i;gbsqglQ!;PmeCZlZfBNGjn%7yh;FJg2j!lW}Uw-N- zrwB|OgYBz6qmg^=r#YZ9!Swk>$-DIh^Yh*$0q8PwPvh>;amz06Oc*FCUR%TQKErg| zEAtMO-^$VY-3Sl;jn{Z1OLqP$7YE7&uYLV1^zqNsu=CqmKI4&?~5 z<1yUBJ0Xije7*>X*#D^*eFjqP$g8pq8cCPiw+><;)^{zd7ym^po05dBSxB-E95jghq7?JB?=rGX(gqMKxy5&A0MHhn}xQa{6OrbYJNv9XEh*-~=@ zl52%_o2udmzrdwlCYh5)LO7ENc)mauP3tq<5^C#C$m6D@pv;R1fH}Q7c<^YXoD!uf z7A)mp731*`ET~dp5r0Fc_X1f2G)6zhg#{^;P4 zW1op=py=iE8op->E;uc_)2jV3z8Qz!W6e-XtQQPxiZ4t&JZhu_a1}#w1agFb_1xe4 zHzKEgLr`7-iqSvIKNlaezP|B>wEO{5XTiV~e<;p@ruZ?S20@BLNmQY7^#%Vie~&=X z=e`75K61*Ze#1=%s6}WtE>GIsUh^A8oyrTW(NkU5ksBDhk(ZZiY^VFrlVf+U7&qY+ z<3^gYAoRK-_0!n9*HMlnh``?bwGU`!?WXU0R6E&6b3ZKxjjq@Km9fHzh^aWBdFZp z7C={MFk5HS15RyV{@oo*RF|9)`IeU#I&y;IAqr-T>{RJynG5e+a z-V(vdTbO=fGxI2apNHLg$CZqMPaT8&jKP^)pt9Xd{Vf)Jym~}4KjLQdr;rhA3$In8 zd~a%sje{NHUxEpvQ8v^W(+OTm{jn-(Qx4`PB-q(Mhd7-_IF8=P6N>_@3&Ik7d7B*3 z^sk@C(I;_chMb}kkUt*F)69=mK!!P?8-+}wSzsYeCbRDvzia)eb0?v(BDVv-(t*x;{K`-NzS;kn{h&LACKCGAx6xeDrK;q;G|Nb14x0Zi-M&*6!KhaEP**P!ZATY0wi zU2A@m4geRPK&xYPYczdt#mY2x|ILob*cYW+HHqM?l9i~FM+txX6P~VvpWUF}vr7Vy zLFjyHOcbrE*3!Hw#Hx6G;xPGLm}Vu&yoWi7*?JA5?iCMpj3z4f`C}GFg; z@&WbWCbNI>0}g)`kG=*8dOxXUQKGl~+8@lATfUbJ=QDG&NxZ-Ir9Agcv+72+Oz1Ym zZgNs7pN8_g{Joh#_zXmiOK)nj3Uv$>)>lHM?;%^8;Y&`FXNx+l_MbGE1Txtd$c0RB z85TkTwJOyK7&`aI*9}5bSD%a9+kZX~gV`IB-sa5DVFtp2`}y&=OBY&layeEE=wgR= z(%<|XfwbeZ`@<|DMP)v4Y^59m?z2#|iE=rt^b1{T-BXnu&J?1b<0^J@;5bvJ$rpEk zT-PW~747f$2u?7G3(kOiyF>mmyg+DbCGxfu)Yh3+0-1&=2DT{Y^5#3dwKzCFDScD@&W*%Dl4#?}(0tAa7FGS!0{Dk!C3Cy3b1Ym0M=; z!u#1yg7aHp%!rxs^XIjPUz*7{w3r`er~H%sJkp3~15S>xtdE!f-W8kdrI$Ir0|z(6 zZ-8iIZNV(r`R9bHMGJmMqQcCO!NW-V1_Zo}ytl|Hi!iJ4#y_#=S8W`U>jK?MIOAb( z(1*|B@$_zF@Yb3JI2eO~fIApu&R0c%HVSdZsw3K~`}$SIP?iFcf2a><-(9)ja|9gW zL$%oNybaBB^k`=+_=S=fdJ)SC%91j}4VK8MO+YV|zjHX3f;A~{lY~S{W5pMs9$>p? zWM$3I$ytGJ`~pl$!)?camsVF-7x=#h8k%%`Siiaip@8$+)*+iw{Pn^QSOYF#@nhr% zi%s@nvC9q?%PqJt;AS^v>{XK?2tueC8Y=&aOeCgmcc1024We7faE z&wK|-28M=N>((5t@@ducIG&u)f9MF*xU9D_5YP z8m=%||40Z87acL*taut#A-Dc49G#BX7-}xLc9-=S{ujTIZanjdwC|d)o+MJo>{XnH zpXZvml&R2SsdP@8oU)(2Nn)0nc=9BQULWWyzGsL^ao`-eg=Sou0o-M1zO5m!zj~0RPePYv+QBN`|6EMBQ_f$J*gawfR#R*cY?uM z5>v4?2x1C~M_jEp>%7iB++(r-KrbFlNS!0p*8{_i_SNt!M3#_Kj=JQz)QjpGAdR=A zY)MTOm_-aBh`xg7;*ZcyU3-vi_DlT$Sf4BTp8?(31drX9t^i7EUw?{TKl<@5J^BPH zNd<+K0-$JCN}e`L?01Lz$I~N^fhCI1P@3t5kv$@YyK{&KcL|sar`YpJ6|jVUiDAJp zq@^YT9RYM2$rmyyVQ(KNut^X@EmqT&8Q}2HX+@Q^4_&1X6IiCPqpfkQ+FiC6Zvj;V zdW{;B@ei0+2>kDSkq0+RZ_U;ZR3xLGtr3bj067jUfwrB}g{J$oH7YC|d0}AUiT(ph z*wO!dq59XO1kJElQK#?M@0V&3JIkhhLqrK|P{|EGa6EM*NVVjbvpl_@^NmAzEe#lY{3%m`08=wb;&p!0q+_sFS!lH9 zn?l0EgO3lHhq#uIOS__u0UH(BkHIAFN`au=N)KMD?KyE~MST-1r_QiHOke89ke1yN z$jQkOr++EuYxEnUh0yJNsS!_KXIk(8#%!HC^ZGHQ0ORE&)f=%pKtRiI7>-U(R+bnc zGzzGys)7x;BC`%!c$Xds@d}RMS-8_zRRA{M?w%g?9pROS-QWbWry9Qlk2@2Du%UHT zL4jhmr7mQ7ZhO<+IxxkuW7?&K>~b}?oj~N%3k=wf_z@eKSNl>SuL^9NOOq(3CVjP; zJDHi{wUXZbP6`e1t@~w^g4*b63;uLB+{d zVLur;`7LMi@VEHZ`Wh`>>S`8h9LJA$%-b?Q+~zFnt`g?C<12~8;OLicKT$i~WkeqG z1k|1p-9@jv$5HgIOl^gHo^cI?XN9yyu*}Ce5Wjcz%TnRbQNUNM9g28obW*%F%I{As z;Cj(V{GyhQm!P`q{?VEDE3^I_oLKk&7yGqC25S4C$SW$s5KjvjRiSd<1c}i(JER7x zrL&Sr{EW7Pg99EuKDwwR3QP(yF2+v&-I0ippi_yIj4vH&>+B?gtN}n@L%y;X&9K*v z`IfWBZ1XzucymJ^6}KrXZ8g!Z!HLNr6vr1-BK`Y<4#-SsrFWC=Or_oXYvoel85)H<`k9}*L-exxl#L%wB_Sw79V#oBPk4H-H$#f}biFlEwwuK-J; z79PwNuQne&ek_@sdcId@Jl(`2IYNp+V7Mo)%=pi(q4Rm|Z^lqkQ@=;wl{^*AjnH6d zDQ@C^IqoFC7Ri}@mRemL{wd?R;FlZ}{2GKr@(3sO9JnPn#)Z<$BNB@5nLX#dpI7K( zMSydyko3Q@zc$FbFoCUCU3w4DdKPZ<^z=*#8ru7V6+*ShtQiVcJ9XG)PbR`)RiH-sZJ@Q^&V-p0`%*BQpyw`*q{h96 zf<>ck8O1Kl0dWcz;{Qc|`2Tne{<1RqfG@MXq;)>=!FweCa15&_Q%A%-@{x>(^rk=k3Yia2hkt2^QwTS=gSBZo#01P{qf^_HVM$4NOUe4mH z%Ss>er&c$DAAIIWE>w741Al@7m(AUOpjXa{s$;iSl7fq)#{aw`{$=4CkB$AmTvcA@ zZR==nU3=|8h6n%qX8}hny@)a*n6j;(V9)xW+27xs|BiKUV^|f^%fJ^6MP?buK#)Pt zwf?`UdJ8gONkFB3mUtC$owsbOpLj%&MX+q-4x!#RH)1_Yt?>W<<3P8CBKcXNbD2Ex zK^xRIe>~-pGdutLPvfzYIj_7r{BuckTXI9qX4dne95u^Y330+1 zIj?(F5Wt6+wVbT;`iN5XS}^SOgOnM0*z53n3A76Ck*=2P3B)C_+kO;tFV`9$+BR#A zOOjrbzD_?tA}ZgY6s9g_D7BlFB)yIS7M=Dqe_@Fsl-Nv&$1e`Rm43LMwzPFIeg4=$ z;|@!a!g!TPZo5#%xC@N?T^TZeH5Zv>P*Okg-~kovFj%%edp>x^Qk9^2R(#tj9#ONF zG{m2rv||% zo3#Ww4~uxzOx;co3PffA{;=Ga;%+z#`M`F(ogY(gWccH?=UsHHi2vPR2Y)}kazm?J`N$Lj zL$M{{T9BIUMn@&YnKH-Qg%dnk7^O0fXiqKztP2j`K*;_BHEIJg>Mo)47% zGbub)WCG|h^spIT9=ZNh4&{frS$F&NuuVCr#JrOTZJNBk_{YJ(01z!h81%OM;R^u3 z7c`r)DXy8PIda-Gfhi^9HE4>*%X_m=zE-N!0zQ}DLE8#yYZ;&mi% za$8(?Z@4_Q+8y&x@JpxAao&f}lu69tfW+`P6f&fbOrYjqku`u`qj5gjvE~{;OMo1a z_k0MGNMF~2; zQn@u=>owYdJGgXH;zcb41zqM46Tjve_wc-yQFM)eEhI&RUdz^LeY&#eb5YVPR-c%4 zE2*RK&OPK$$A{=>OE>?D3gE|wLTx%6w0(I2!h~*&#hN;Xk5D6U4;D+{@pl3z3nJz^ z%>G6O#6AG0@kzBX9EPxlN5zg0!jLm_8(zDE&TctD%k*d#ZaNGl*b!^v<@pXlApjlg ze+%xPO=$a&l9G0z?)o-;sjoz5<_qIE?kw)qT6`3q#YI zg0E(=K8M(&NAH2*-EzVwXX_HCW+5kzvyu02jfV$j6uC^Y6KynUv{tlUz&BhLKW;M| zS_F;fuS3bs5+#~-HLCBM1y8{xTKwo)Jkm1gD zZa2TfLP)4~SYs9;b2eRDGcyDFPW(KB;}hZAI2Qh2V$-b)Cr%5i(4**+kaAX|&lQya zm$C=`qq~&{eel_P1xui*NIEPDN@J+g;VTID#Ek~*dcd$-6&V8U=x7b&4IwB0^7rrY z<9-Kc8As)N!#{6&MR4)_70XD*Hak+oAhqsNx$XhHxWZi?OkR zTt{OmS!E7?|4L$$?Ae#7qQ6U8ap-Fum)T^Vy&+fOoLf2k6*ACANL%ZD(cwjU(LD9F zLGbl{+sC(D??28ylaf;w?+8zMIJ(W}tXJ&OZN6NYQuA%=NBmiY;k1EQj%8QQj%V@Me@{-6fbga~z$lx(0 z1`6z&Zby(9U};5`{?^dclyTPs{ItF?3?LTH3h_vX_nv+)d|i2Ua4J+6lFzH3pu+bl*3>LW%$1Y04l+RO+R}pBL+dXYDZ!ji;vpM|@Z-%Kuw=D5&&t2si5u#?eDik9`Ok zJ9j|t*lITY)GV)C@8F<-x0NSM5h?rqDicRA3Y>WY``>o6Kf5u=aId-G!gpR}&tUL4 z({GvN3gA**?(o_m8`#h@Fi`q^%lGsK6!#B*Lt6x8mjzTO_>a^=qVcR zcx}!^kedr9l+Y&E133MJgl#%pFX&)$HzC4y?OeolGYL+r)xo|8NWzn)vGLdRbjj*TKMh&j&g%S)r?8Hr7>{Kp z*&(dH?AgPqd+l~Mg#W2BL_Gik3^@#;2_x4J3j|2K}dfKg|3fEoX!LVj2!c!Ya$m)+J%~i-MLu)dlv(^BWItkP7KPdZZNW z{C5bG?A9pT6WL&%q-H$}BG2)32Yv!JEeGP!#aIq<__$PAVH|JmEr}`r;jpkqt)F`}@pL?^Co_d!6-W zPaO5;>y)n!8fX_y`z~*P(~v#4D}FF>r0yTa*!$2wA?K&zQ~RA}wXq;ixseT>MvJME z4DG|{<>TRc*@dRRm0wRUCi1=e*t~Ou-s?S5ME<-h)c&g2N>aw7$(#;#EtpF)* ze*w`a#phB$VBJL4q0xd@9pfkW;^fI0ND5Fly`$s_<(2x!xDIDu0aioTCjhb0%#6C$ zDiL35jrw|wfTZ-&5&HWGT2*tA={68ZzTY6WU+KS{kxy<*wf(2oRmIvbmp^L(#Szgo|zOF8$xojY%mTlrVZjAF-@%@W*L>glc4BSlh*;TY-zw_{MH5H7V0Ms1M1{xe* zuFz$em^ME8^d@f!u2CSW{0&+AwIXvDnT-C_E$nqVB-o7j{ICQDMiMqEh*Y^jfz=3f?{f_0$#DXL$w`f>2&OKN(M987#If zD{;o4uyi7B`!|FZtTO%Va}633Y)JGxbz~>aH0_PB%0ooIkIT=jeVbS#I&xK5t#l*%+ zi_mpPez5-9xG~VN(R_8H*QmYow0upsDx6+g_S2l{ZWjw)Xo!VUGDO=K-m3K6CGx}R z&Zt3k8$2s>bC!QcXvH5;*-vvg zv>Nm3q?HllS*x5%ZOszptAlqxWmTKB1g%9W`JR2RsFzih8V?u2W~PuKF@vIyQ5iB% zM*1~^Zf(*c7B=m9S@~kWM2w#g3ms`BbSfuXWALa6dAM&ac6J(6cO$C zW8q;qMe)U^(xFdXxA$p#aLr&<96X5OXYAp_l4~ldhXItoq_aXa^R*0eg5<Ot3fy)9^f7JV8o(51f7Ed%R$-}}Xvyu8Ql z`Ite{LBp6YIU4?qE{pww%iy+i&si)zppPHb77N1|vB$~qxCF(vg4!P|Gn~!`Xhlpv zMH$oIzI#{ay#8UCPswinCc~Xcb4p%kFB$Bh=8sFJP^+-~Xn`goIFO89?_ehJ^Gt9v zG{X}XQc`4o*K#y&uJCljr?h709xJzs4_)X&zVI5(EM0)vSoR%K8{qeRy;;NZ2CUJ+ z*Nk9td;4wuX$>%+El6i&13DptNuJhGiYA&KV8Aa2eHAj!&M3DT&-E8i1LvTDxH*?S zx%n#tJ6u;sXXU;_zo|^GV;PLG{$-ytcChj54n@Vb}#2X(W@o zRs;`-mGoOB-TNbEiKi zh-gJ5ERU##dClftG4yWRo1PI-2P=K9mp+=G>=tv`)pt=3x1MtLy%cku-OcD!u|NMg zap*u*vQbNeqr)AsnUT$z*s2U*2Jgj zFxVFRd}jjnYZ1Z7=l}QIiW~0S#;{dV3k7gcwv9y-?RS+#UL~lVwq2LrpQgIY6PKF( zOfLlr^Ak4mK-Ey_Y0u2E7jTpVxaZwq~&C&D1o zMT%KYkat8QP*fD2)WwOZ%V*gkxXo=NBG?% zcaiu3)tq{D%dNFZa%O))9hI-gNtu`x_VeB=XJ$fW`Q)0gT^5MCS z+XxlbIp-z#`??&rrbQC8f|{!LJmny@DfBjseE5v8Z|McTO0emDg{FS(foVZD3L4r} zBc(|rc`OGV+9$K3gKpbx$Xt{jY5CnaY^p%d!|FiQuY#p+JI{C5UD;ea|I|1uh&}AX z$vh$l^5^HIj*nPcMkorzbsiWt#=F;%2}WHy*8S<%wvp%a4SB}xrf?>}lSA|f3XfY; zKZTw9K$ifX8`xA%oMn0zMM&Qvnj;5mv;tv0r;Y)g#h_;qKh!pk-p$l3R{XTH$s-1n^Aism zzh7yioeRIR;My4{&^dV^vog6A{CnW(Lx9c#gP>J1w8?~&hfCM>{;p3(I7MuteNq%3p)mH#-vAs^g3zu`Ap!Z5SGE zP1Ni)4X+!u=)}0~?py6fuFl`w7HfAuU--S4&liy*=yS40;Jvgl<``)bU3l_hJ-%|Q zrJ*KUR0f7Z^Sd9S1r<$K4dav~uq92_UTyD%Y10TlF^Z>aKNW`oH8^tz>wH~)?6$dE zqT;_NX|Y0*1U>zBw^vIO^clGk1@NYtheVbQ&3?% z%6LcM{_o;Y;aX*z&ZYOu*t6LC%KMW|E;htC6kD47HeWmRso^a7?hX z%kpV~;LKEVnN_G6N=M{UdC{-a>Bv#)NV2~%5$}I&vJhUb(EHSL?)bauWfhHfj4f1QO@l1Q<=N+zpcZd)?$o zDfZRT$p^)CFyQx8CUfv7`);*fetZn0ih88;XX_fWQ-YP<)s8jiAg<(; z@+kVMcv}5NZ;CUyq+ zfol13(zT3C7SnVWilTEHNSI@gPhiZ&j%i>Rm{$>**S9NkY~QX9*V)KO4j9t zvR4O;aw#+sgoR!GfB1UqsH)npT^JRlq!gs2kxr!>B&DQ78VTtZkWfHk3kXO^Bi#)G zA}OUvN~?5Bhcw^ZKJPEid(QaA@Sn#A*=w(LuY1n>npeQW7V_sx6FCYIQChF1P)F3} z6589Q=Wcq()9QZ+qbi@1t2WR3<*>|QdpM9E>J&{2U8seGHk`_USI7E2#wX-TgUC(6CRtwO7A=EbgqnV2p?9>k^JvO-*)@@H%rK|PI=D{H5$MA;BFAs(Vb!ni>ji4Rgc-6{~0#;8IE?!uH z{S)p<96+M+w9uX+<0+Id=4fL9YWzBoy!z6`jkUFx?9=WbEH}_Bzs-Z$(E>9&``vzM z((@i?WB`P${zPA4>QM2CQ9V5g^IX*814ko*F|T@zAKirCYHv}^5Hbaby=%wH!}-zR zUQ}5*{r?=zK`)##1{ zu|^oJGw0ABnZvX^BR{`;*??aN4BD$t0SS-&D*S^n67?<1{4JqpKQKnI5vQ*sb4x?6 zztNlZvrqV=3HivITebmf+rU@Mw>KVWEm22(Ggc94I6tcab2lvxyxN;r@eDI9Tu2B> z$Rbd0*uUxI5fBdsD~eU6E2XKsqf$d;ky*9tmC!y-4$iKlC*9|`zIa)vYZ3d2;`cy(FK=Z+(*J$%H}0Cd%L?fpM$#IsHMkrs@(!WN z;n;K>ED9?TJE7E^F?|0Wr{nZU>JzBgQ7=C@_%99zzhNc6?_4`u&8xrP#wqM+iuV-n zt!01v(yQlP+n2{5d36qd{G=n~aoZ=1+#0&gap%v>9t~$1?#01tgCUxW=KkwA6o!nE z|DHUB5xyjLANk`md$mlyOXL1aFn4}iHTd+p`se*gN>y`O;`AT`1d6AX=Gal&E66>L zxs_OKK+M4g4h$*ZAcry(%ymFR-GF2W`1qVXu#Yynx-|m>bLl9=!png0v_}DuXF5O} z1xCOIRB9i)OVZ>i)HT4TF1+4aLK`W(FsM&zz|ceC$|&uJysUitt(A1oTQDdB_sWD{ zRC8j(b#lKR=dPBIbD6Z@tykW&u&^NfB8B#>YdE(LN;y8Hg;!2i6)ET4pK*_KXU>E% z#t(vC>gOe?ZMDFIj_|1XqIexlg|lr#n&DN(^%Q;%Ug0l3zGB|rCkj+`77aRx{HkuF1r5@y-lw`qXr(N)1-y;{Sn;`-`Zox_hRt2Zus zKq{fHxB_ln`d++``l-8Xx39%0q4cTMuiexwxW+WzSQ^}PTk(GGR%TbA=uf=<6h8z5~ z?SY_}Z%_)6SmDf*;}uKqQp;Zn{gHu~c|B8bk0;SnZ?c&BmBrX+)Zj7?2fFg*8e1G+ z5swCfL^d!(>vs#{A(0G@Nass8(+^=bXvnl&yQB6T8Mu5H^~pyML>@;gVY4Bx9w9K$ zgWCW>@)mePIqoBl(poY`pNYjUkDL&BzLAoQwTA}{m+?}zYJcbyW0C-MHtMb z-}_lPfqrVYo&3cTu4}dv|hBa1W!N5Y`#q?UZdiWo$9KajspI1rH5U zekvpr1f{V`HC2dcF#KY)tofn=Pz;tBaqvBmqohY^wnh=Zh-sLq()r|^gK?7_*crLC z>rxYo%K2O*kU$L^RYaucotFvW9_dei+}~Wv(?hI4maNOua!_9yp{NJh^X*m}0_zJF z*9WMfww!_vHtRYi*Yhu#cY((h`!!NB@Vc|Y=osft*az2Tb*vSal>y!k@rKNqC1hQ_ zTGv>HDTJNQPxc_B@*zPVlDq1$kofu$Wp~xHEu-DKm+Ggww^VYK5~aF!a(2BWaCcNv&@O36aOgapRIl5dUV-_^sj&Zm*#0=^6c zVr1Q6u+y-XxI3&XtdGtpwM*nAI3D0E@T`zLqW}2kjFV~wp{eK&9Jn+dajB!u`xxIM z%;wD8yg|{$B9rmuOJCn%tpu9t$InvtRH8&WT}JC71ynLEmMM_)|JWJJ;2i$wg0AyKcpz0 zMUBo(Yq77rE8UgIdQ;Do8O*m{EJP=-T&8G=M_O-8Gm?Fab4tv>3cKCgDUEZE(x2z}5pd%RS=nV^_Y8+T9Dd@mMFPbHm~1Qx%Eot&EefoFc7FG+LR) zr+1h$pR6^K?j;C6K5isSwOmg!CSoR1X1%ap46}qV8YYlBx3}{XNbg%RCGZ(*xaL%3V=zG4^^(;Z3+jS1 zos1LzCy=|{;9!!e^(*+cKEW4HSm8J=hS1Z}$^jxG`galbH^$(4J`ja1vF?5v_q36T z2Zv+`skZ%s2bp@pd|odNrieHn+2LnDYxI!N(MtOU^#zADpi;rO?e>9PK?0mrZr?iCe9N~gG!l^#;!-g-8XC3Bro7np! zCQF--w^``B^CKzjM^Q4q<}Gi70lA3Wy)lOO4PR@g(}|r2b!szsN9^7AySwFCmRk-v zOrWD=PI7M~7?aVi>9i=A-=RV>bxRwfzF&DH$fUE^F>O(F3!Rfe)$Uo<@xyCuCb;UT z&l{d3OF2Gqvjfia^Ba#z6W%EUE(?ZieN{w*R=+4F`HOysB>L&!1GbsxJ-#LoCQ{yJ z*UvT}qn8md7ydv^d5v(*CG0)d%YPLiQx2KN9j0+>O;W=(V$LE*p0&q_nE^V+J~GMR zZ${NIW|Tsfe((L)ifum6$M)Q>@FDODcb%?w$2)G9Ltunh6eTzsDXOFDO|;1@PziZs z;lv!xH3{DAFcxk!M^zwr)^}s%{J$3mH~4I=1ztx^3az}n>Rn!SRbGJ@&39a;S98*J zj$BnS{^qSyo^L|{vBn=aA0H7`RRF(spIziL$hkjIAOIJV7wEsoD*{ErYgqADjsPBa^*M?2={<&e6=v)Y`-waLi4R9cY#h*SF{bsbFi zG8YA32)3RBUe=ALi^wl7mKO6lKN#yQe*@zwjb4C4SQDN(HHC(St51=EU3=Tk>Z5L| z#RK#ZR~R1&QcMU@&qI0bHkBxf{@9#HYrE`wPiSDO#+oyxvcWGTTKdUdNISf1hxA2}s ztfmyg1;0>nK})oFV8Gl^(gNoIpl%rFMCN*4Me?gk^*z0gQDlGd$V_@{%AB8iCHs>T z<>B25%jk*ij>Y4baiR2zksB@O2S|OU8&_T0&47Ow#zuy2AB7&+-^)wQ%7{#)>v^Cq z4LZAF%YPYu-V9*_=#GJg<_bGL;gW1T?EsrZ#}1^yO^rA=+*6bt$m-&4=aSr3|9topo!PQu7e^M~ zZu0j-EZ>7kgYe1n=(`Uin*H`_2|ibe;1r$5H(R%{?UFQf%+6bNQxy|d==ip^%*nOf z##R6PS#M7_WZd6@_|%HiP^ynE;jrR97rEBG=ku!SXi(U z-1{jHoW}tI*Anr+hl4KZ-5ur+hOVJSNb(V@qROYSxDW~;3gYUJhRAU2oZ~W<>0CJj zVb^y_Ti=}9=Vp#DJwW>Cd4LfFR{hksGP5AqrfDD;#T?rP1!33g5~#jEK3sqU zC_{ZOZu%atV9Ik)8&gp|>q15bfZrM7Xm0Il;OTROCF8X^BPJat6PT<1SjX{sNFXvy zyi2wEo_0-#tOfd?9&w-+F7Bdre0WH}l<0HN41qmYybwHg0Z+8Y=t9;2aG^U z1_(t6KyfflA%2Lh6163l;t9#5O!qiTObxSN$}PVDfVwC%qXIlH40|7Zdl0Qw7I{Z+ znExjj)v+A6L^++YyNgs`wF8_9XdEEkl1^>ODnlu}hX~i`ltJyQa^y7x&!N1Fb124} z7qgAEhWCX2BoA2iB`nZusHtUVnNK7h4aV?M#Fz=?n3h4)XWkr0cqJy-k$SnMX8P`p zQtPRD9Z;JH;9MI!)9k2{C&;i*=shc$*62N4ZIAtsBc=Yirqhr$Gb1BImfQ1;gxzt` zc~5NV}o8)=P>K>bD`9W@Mofu41NMCLck zVJNcM^j$K{B`qohcu-g4!hi7=?`_XM;J@YuxZDxlvug&_=Gxvc^>524;uQjv<^Dt5 zKfI3|EC>&ORRTk3giW! zh&<1N#CRaTD(I|pgdSU?e4vp1; zRfJdWF{D#Bn<97P^w=WW35XWkL!Z}r^7ZB@JC1(siOsyqfZN%Tv*r^Cs-}fo>FTI9 zMnPiU``!5u{{y!1W)fb>LZ_j8ZYwrn^AUyDeKXKqYYH2Y+on-rmUVG-!w6wgFq7=q zBq=ypNsd2&$cr}{nkVx?vseyU%)mz?YH->pvu^(_dF!F{BmVSemS)&rl&!$?OZ;NR!vaT*r?NTPG(vskc=T&kN<< z0blc64Hs-jzVg;O5TN$q#f;Sp zQlozJJU%L1_c!{C{OE3m`>T&uT>a)B;!ui^I8O6+m7obz0tp#t<&Xz0S^Ks`BdTT_ zY26)r^ExIZ^aW#$W;ot~f%?&VTneFqv(=OA?b_{-%O9M`Bk-=S&TR!%)w~SgoHHfR z0SW6&P|y{uhtqU>80#YIusmtBgr7I?&T@MPVg5;skBxOZuGDvnYI!9Lq9pDOu?h&W z%3`Dlslg>|i3p~i+B|~64Go6)`&!$A{QQgxy?VAqO%9u%Vvw~HC( zZ1U!~-O3=?40l-tk~g+>j!|jhSkQ*=_u}hwEG59J6JniOV3Qj^9DLhVcg5V?{Mp82 z2b!#LPm3?v3S#_A;;)QrlVHO{YH`Nn3F1W7SEz5Um#3PdA>HwF(2iXJvY=~!s$f$T z+2@^ozcbIldkr@FC_w=NqIOqxpfz*Cc$ZrQ(xB9saQdv{ zr90ev*qY@H&z?-gan3(q0>W^HGErGPq%44_(<)NLdY)7GfHYae<-UC-;b6rdlHHZ7 z*Cc`#)E@7@Bs^;FZxkNfaZjtF54xdyTryeuYOHCq`8WBZO*GGiJ^@s?yn^^Mdp99P z0*J7A|7c2E<=unSQ(BoDq`Y32Fg)8KdgMJC%q;h^FS&$W8t5QXPlcAL9Y z*K<+LFAuU(#QlV4{C(o`{=?c*&c+CY9gU7Mp3}J0Ann4|<$AeFfyA~;>L%k#KHj#U zVuH&!7cV-bci-@m=ucxm(fEAA07(ME!q1^o*nB>27?Y9`-VSW}@y8)_Z^5hm9f%YM zUvl6Y_`|>hWMuWgRDHlMJv@UdVPgZNzV|iDlZaEL*AWrldU{$-BLrXDfheiX)Y+eu zMJEalO|X=ZjRY&}*9fD~Qz1@H$AJvVD+Vh7P-o^=ve4pOFYSi5!?}{_dLQHZMOquT zv)ZH1{holctHjmFc(|Xwxu)GwG@8d{x)oAD3jFB#mNpc|>>_%j#d;d*>Sn@QR0hO7Ec7q8GHoW!*{GbAg(h# z<7sOES~jV!&e^l;tGN_#8L^7<&;=9Px72gVnu>-^Sr*1=qqrPbUEvN*>0m*z#;Q{JWJbmyYuIB zJb_A6;Xf3kT0wGe(n$y`IdmlrFNOMz8+98RBKhw77)(TPZspJDml}N36X?8?z-6}| z%V|SA%@EZ%LjFB;3qeFKxRmh0HpvZ?0j78pRb{qKgPv!fjSv!jDIcAVN7l!@H%Xn7 z;&E7$T;@)!8ZewURtpl}ze@`HJ#B<{Hvi$;#h$Oq;8ECbp8vvef`VUKmEw8vSA!NF zBk`UEmX`LnBio(eg*q$VSI^vuE&pH|UbO-)WjsD4FBKYGQPb1}kOE>-TzIjqe-cm4 zI((zFVwSQtfJAKbhXesce+TWSy2()y9I5qg?jw1^hy4cSZ5TEttV~Hl%`Wx_k>{+V z_KCVp-53_9p1=2HzK+thhW-{290CT+nB!!{(%TZC!9-AVKV~Jl@4mVFWiff|wrZ*c zD%#UG95;@$tRi#8eS~NDIbAQ8=OzEc)J~QskZPCsL}~1QUNdza3$V2x{$yD@Ay^;PkOc+>3U?XvVc<|}a{e-vOy!WLM7*^IL z7}2zC*#C^Do)du#3C;mKjDL3JBd7!a!ySXhhwKI9p{+&OAZ{&S1q=+WOnoTJ+dK9} zj=V6hI4|{*KA8uB?+>M-oCnAKK)jbitFr{2e6?fL%{Gu{J4adOX6+?0fwl0Lkr+@N zq#%`Y#?2h+(j=0|oomIn4D_tQM5^z~>&$+SMr1v6Bn?ykucL^RHHwhOZ_mC58Y$E| z5Q)=r9!>`^m^EM6f{>Ea5Q91;EfV858CW+vzEA&(v}8{u%|gEaie01tAIp66Qa0Ht;|26siv ze?#l=xa5IrS}O2YXFWm;;d9^`@(2C^R`3UuY#=&G7j(4*u>i}sl$)EImevUPHsF(j z+Hwh$9H5cXYAq!d^Erat*6oilC+QdjC3JYZ2Plcq9)lgPxc`O7IY*2)Z2I6mEh8&i zXd)Ly4o9b!NaU;Xg&GgejqDs8wOA|wXaIioAPCxx`sl|_w4vdKyL)>*fp2%8yt#_W z(2V?wM_*?)F0teJ{F*0m&8-6%^jK*dxx7g_{?b;GqDXD0;BoUd^i+-n3|vhV^KDpL zIBY|jM{CM~fg)10a5(4*YB7+gXwpZ3+!=_;`SN6;;($aD^`OB#Q~UYoA{^R)$D$R@ zgCyCSeP4t_vOM(h6br$Vt=RDWL9p(&F{y>t=x?m2SI}rA5uo+`&z4p1JIOvE5gYEl zxE}xrC}nDT2pbHnH_^Y0*V0a?ypY!gWZWe4CaG{``<~{Hg-v?{H zXoNm8;QFL2zPg&{!t)Y@S^zo&T-5Bf$KcfhtTWB;`U3m#3!y&g0~^wVz8?yqlLV1! zyO5J9@NgTy!U(I@aoP_+C>VDnrFM>o0;2K=-;a=+m6a8bLMZ66$Lr6gAyL0@1EF*C z?K4_GMX&XTxDA9m5HP=Z&<6AYElt23ajC>^H2;kamTG}Cc^anw=k-UR9f0@?;1wS=?o!rAMLOfo)31=nc|&(Cv<|Jjh(>yHr(G;jbdw zY^1?@Hg*h~O$OOs){D%{fXPKRb&EQJLk1;ewJ<8ZA?+XSF}@2tiV7I0=+z1}a-F#S zT``|w$(+Z*{ubc?Lg3rq_r?v>7@31u>Dm8AfCz)Hw@d;NxNki2dR&8y;1dB>mD&{9 z_fHp)L|3yh3ug3b=8b@xfrIhNXbF%8)^DOIVxKsB+Ay1|&<}tS6IO%gPNvJ#laQUP z3@`->a4TrP4S^G_F*g`{qG(~nuIk4MInf%?B1j*e0DOJgEOYaZ2Vsi6k)TY2+~LTH zT18|+jawt0LUL$mIASX?a6fBGQX#rF9E0leHnplI#M1B z3+&dttY&p3rQ$(o>?EyUMzJ{UEhz(;^yqzHU1kOr}N^;9M0#+}uwsJG2XeG6^ z<6TBTimkK*OhzE5gMUeJv#mTqx2Sm^(-KV5fDQk5*OQXbw9D&VT`nL_W3yd~Tk*hr zI)6BG37|xgXNmp+n}HkwZI)SVQT#%*79kIC3j%Ccc~_YN zcKI&(SZZCTW!^9^fsdB#BZ#@0y}ZKOobyiTuSKkWkI`afmf|7(8B<5lY`LN97r3`i ztE^hdh{`ZaiC$_WU{?IcvT`42Hb<5TbDQVWHrYDL*z-9v{RXnUz8mp+?=Zl8;DCr27L<0Gk)fes>bsTw z3PvQ=ObA&P@;1qbtbDRxJURV+R-K&l@*f83lHLvke__q5R8A z7|9AHiJ2g$OQ zS`TM2BnEaK2Mz+_@BH7Se6liF8-K23_XqE$xPA<<;uawALb{_kj<)-R^Z9G*4fX5o z_}@7W=yw0W5{o7s5=5T)YV6eGlwn z{EbTg=B-jv@W&4k>rE-hT^h&<{qp7ENppUFs8kpn`yW+0-$ojq3;Y%FqpB+9xvlw> zC6Y3izTO?hAAHt&4J&{-JzZTo;WzU_56edhO4=qX+~ZTu=S2odgo9R_8=>7yizOBV zoyN3C&*YI>^t4oFuLaPcM)B@pbqpR{Z`lndkWOQ$wsW7CCjc5+q0^J@C@M{cKq!Zt z$edC=t0+`YUa24uEtDLVgJ2k56Ag-KFM z7rz=0XP41j8-L^%E}%R{wrIq4!U`3i>?hLhCSDfY%G`Yd;YCzU7XxRz`izVh#C9l1 zhlPrBScJGD-&=GUydk%Kfr{5A)@5YzV0{c@WZ7*O^YZo%6qUllLOy#RPNfEz-cK&V zu%e>Evg<7oWVq<-Lzeh5(+X&s4IA=tISmmK-tsOm=pcJ_v(efE1Z;n+BTcsAWx@C3 zUj_Z(FO}o2gbuep0dD=|(fOBQp(GKdlc2!uv0^EL_f6hb%(NU8;$Chsa`x{Z`9|hu zzZrX5rHo!icjz*9d57QzPM|#dFNKf%PrK85IwK5RtHcfi8 zf@TU9sT;H)(7Ft-5zatMB_K)E9tnbOjb30*Sz21Ml+m%tp!AcC^F9i|JOhTdJkiHe z!k6EGSTm3-W)^sRCwK8KJYqOZ(L6POrm_4SEHl33aGNZCAS|pskEN|lXkt+9Djp0z zNb`ydK$>-RH)=~4X%j3AhONGn+BpzRa?w5~p*%xO*1nJ)GWx^-e6NVePhF3!-=_Vw zI*6c_@j03ek?~-Ic;DDSXgiAX-AO@)E<=5TITJX_3v$UOU`k+(HB-<()B%G8%|@=j ziyMX9FxR`Kt9Q4ABi4~pW4K0#LVhfbLq^HaJkk%JSt=W&LbiHNaK7LORl%kwZOom*pR zJ>{hV(Q)z8XBW}CHfwt(+{88rR|4NiON2lt63J z`Q#C;3^YHZp>SBq|L-Du|GmD+(!^AamL(8{IZy1&Ce8@m0Hd{-Y8@fAx^_`m{e>Rmk zkI&rao!2%hRHTo&Jk(8l=n~j*6>aZP$q=KvjglBVBoNy|YiQmko_OUd7dd6AfEbEUq%T>2+3D^3{(MObt0recb)Xs=Be3+e{FWpW zAPF*Cm#0rGEorSs3bm~Dz24F?C?`q#Wo@)&G2Ic{$GG*+;(EGn^ZnJtlpG%Wy}%pf z+)rr_G~?OWxC0Ex6bPznZ^vB@O|Mhh$x(LY6TlPBMJ%C3*Xs zBqh&CKQ?1+MkL5{_sX;1xcfFhSJ&);!szhvgE@8~EIe^CVa^twv4xUFm+#pgfDE-q zfD5)!OWZx$na-}9Wo3i?OY!Ia7gQb5i_hmTF-=3ZS|{vZPG-8hsN zLDyKX1~4RfKYuQ`Q?h(6bFWEqiBrGc<*uCk&!0c<5N=FVg}jC%^KEaHJjdqqc-vCF zD%n?OCl{w%_41dgeGky(p-^hSS9l9}TwnAHu`h6hI%e+-SHLFbSg@#2z`?;`v3Z>J zf!5k_BCHnqZq>Dpq zj#+ecCq-jdv8`p~X+L_m82(V3nRwS9_SDSKA_yzYHM-YBT>A}X$jbx)?v6xeit^R~6g-5SPPU1;u=)aXLzb^1|eopg@ zt8J>Q+D;(OWx!K96*qBxcy&1Nus^_8Kw0&4=I2P{)iok-&MyNe;kpE<2c(nyzUXek z(xcWrwp{1edzL~dGw^Sau1OE%T045B(FWks=x&h>BFeqkyZbcc=A1PP`#3&)AM2VP zZ$>VTStD$-$|2l=PMO zy2u>vFx|w?sy|GXBFo5b*bp1Yc7oHl1Dyeh_@|P|N(*eA3$R<&>Soj%JOO7kmW8*v z3`kZ#mU2=xBqHGs$rVKzS3BO@oUP~zP7BIu_CK0Mk8}jTGMV>{ZQVm4|iAV?K+mu2&rDRkS8h z*?2-18JhOx=iY9uKTWRa398(0U4p8Fl6f2scHza6#&vN9W$nw06CSU_`wk}q%o-t- zUlI-~+?!wSuW0n#;YSDrz;RO>DBI-Mkq8Kl@^4YMXV3PCb774!3kxT|Ua`I6`_|gt zJ}%*kT(Xd|tP1*PLKQNy#OW7LZWq`YI?K`53+A>u$_z~B{IoF%5(#vyp`|x0T~4YJ z&8coDEdE7c+G%hzNo#8N37fn_#0lHaIK9Uils#n=i=$mwggiyrC24vbtLk#u=mn;N zlExpbthI|$u;Q3=MWd6va30_V%bCcmj3-j1i&6?T6vw>hX%L`|o)GcLt|mBn{391@ z`efm$-;_iz$|}kU3bB`v(UxUQCI8ZF^zE#}*o^Zk{M!>2cdI4M7x2-JtM;vyI}rKP z%Q2GT-^qSNhcEAVl@*4d51(I?th-D10{w@ls>A9)&$nI1AFG8487kJSZ5K5y&xo3O zF)gnD)*0j7O0L$`O?Y?Cs#EUD9!hNHb{d{JgdZp`WwO9}1qBmb8x<8S@*CX3T&Dp^ zh0)i~Ks+%>$TK_P{if$K1Z}&fR{DySyN1SFk&gbtva;nb*&qQQnkvcsRyYYqymT=` zwg^!2?nTQ{CW?5uKttt|?;a})$WGThfkqII<1dj?rIVRJyp@p4`8VPhbFVpv`n@Ll zfat7gKkX9Z7JdhS%G}A4Su*FQ+ zx=*TF>~qicbyK_f7(&2%KVPF5;{-76SkZVDHRTWrs zBo>ZO+;b74_IN^gog@kWhF77!Dsk{@2bu0X#i0osneJ>3SqDuIhDtOP`uB;vJ~kA7 zZmE16(J?A^c;RBYeE`Q6le+e>pCBVV}D;%j;`UlJm2nKYgkDnBaln{w$vF zSA`17R}=yjMl0#fuQhsOsF&2aDe13#<3w{n6(YVFJ<4~8_!yGi7*^gVr8)Dt!R?w< zacDriX`=JwU98a!QV(^+)QHjQJj>^s1MIg?7qpKVpOIbs7JqMPF3e>&6OBKKDEDV~ z`V-$%=NTI4$z}JfN6XT`DhSpP$&NmCaqSAze-*2YG|#y(*kGJarV7CXsKA@%t_J0+ zC~k6fa9AR_9&F@)?ymKezTTkJgq$W-#7jN>qe6TW#(OHiBgqlmOnBbe@W5SDl2l&# z1Q1=3#3wXVPTPG!a$U&w@M5frymWWEuuxSs+e3jOb$QZZo61Zkiqg~iwrcbfi-So2 zba?oMY0B_Sv+tsXSYUV3tHGn3J^DIzA@j;7>C=z9j)Ry2CINKj9SEcbduGODt^^rQ zaCqZ~!w0Nmnd$qUIUy$}-b7dqGD?Z}avqWfNqr5~jbx z*zbUDUgFO|;p--ax}uHB&BM^nKmT?FF%#-;_DrExmTx+eo+m;eFOHQDFGs8cn|YN5 zKmTWFgXk~cEV{X*dtHhLxF6Is!qF4|q+3~4TF%~OC%0vlis$ZT=70P12gbfJodY@_ z`2ttm{n`F**VoRg`j_u8*Wdmg!Z^W4T`j6Cmhw)UygHI#W19L3BV%u_l#}DfqwXpC zBa(xqo2+fyB1d&M$W6MVY^iKQY^J4%8#->@-VGP0s2s#_V|G@Pz=KE^(@XuC+@(P- z)aQ6{kH0H!rl{Ne^K{G2Wx6qLOp-Rx(vtIMng3^lP!c`cZcq0+DTp3M&J@mhw0ULW zJ!(sO-2dfEOdO4FH6GtLyup~eir3N6Erb|GL8H^q(4dLaoM|S*!^7jG{H7~QisoS4 z{EhSZ=B%P^@#7DX^MDWvc-tE${vqEl@;a@%qCD_A=| zSeR7ibUY<4INNPWr+ggU%w$E}{2i*%exfQznJ{Bq81M5-TZP%dg8P&@ygvH+hkQg4 z)-oa@msFl~oQIcHSjPuYK14=MTa&bjc5OHJh^pV7$p(0ss2xTY;E8u~UehH&3mLIR ze_ethS4^a)q0t`Piafe^mjPnwG6=5pT1<6BAR%kr0Vq!Iz4z)+j<2sT;qTSe!7e`` z4P=?Y=vjzIODvJGTIpGwU1th**?8@xpxhlF zp;l%SucYLeC)U>LzF~?A5+M?u{!SPAF;xNC(&qLu^0kv|Qaks5dtZ!+`54^Girf^% z7r9F)eCri7~Y*gpQpclj4rVv znfc{IQh)&==|$qeQD!KL*y(#rfh#)y6bkL2UJeUSSgJY-Le1yjZXT8yv_=w1cCo(p z;u@Ly`Ms6)kUre!E(-N5Jf4g&wv+SZloW6U=nM`HhH+kj_3yZ}v|kew3eByMlDbc| zJ8J_r^I)_AxaID;UkWCa7s&x@9*fCvQtUK3%6At`ashe-#RYi%UJE_Md7=#xpKuG9 zhbjG5b{5~9nZ-FehrYk!HET0EOxmc3Jsc8|W3KFHGP!^r%>Fz3=`K9)AzYE8@ta1b z0g(y(7Ho9f+MmB_Gx`POhERHUTT$(QsIJbB%Ki1rh{eXy@iHejHL2&~^lTEvZDLpT;|8jqFqU8{i)~N-EDc!7d?BBfda-1f`Dui8rQ3YBQE&ahj~ML8 z8X~nH?;G#h4khk&2N8S-^kp?O%&EM+zxbN;DXO{V%h~Deo=p3PXaUfa*e$~Tt}?CEVTk2VzR>=>J>dtpsgfFN>Y6(HoLGzHP18GdDlHKqwY0yDv46b!EV=ND z=^0)-qP$tJ?IMnKyn+@(NKf;v+V|7`?u+gF;V0N%4uN&dWTh)01&Z3Eo)X< zf}}IEY4O2};)zpZJSBhW4%!j;p*t1YV6QK9iVC)T+BC`{88p?v&&gk^emZ<)p{$J4 zth4{x_$=TxcuQz?7a%L#?d*Ed6gO;voG?k#qAw9-dsT8TMi5auIB4Hwf{7&aQ}@MH z*}Lx_?1ua3j;mUa{@#`S-K$M+yF5fC8%@+_{FpHYWKoag_;` zvq1QI$2#rygY&F%T8u;#WwCBvELIEawZft8#s_+m^ukfA)|dJiUy%!k){K?*a}EBD z!v&1>2C~(Qi4Br6ALGf^{%U*f#Fua17Ei9A8woswol!cq+92*;=`S&t2EC!A zD~t(v2`}I&UZaL^Ndind{x6AgZQX~HpZ%mXaMLfMGWrJWb}zJZE^*O#_cMAUbMk6G zJ<#&;vNwy>4zd%UNyD$yuiV-9Re2>utR2#V`{ODs8|EC2_gmS$*DVc)lk*QmC5?G! zEZ?w5pyMvHja#MqC%R>kchAJA=@ZOlaPjT!w&M58R$g9jC6l~Pj>h8xFO{htfvJHR zfgS;!5q2v{Qd^&y%s}EI?R9Nbls;sa47USVsylc*pN^N33sJz=nJjhb?17s4>SIN$ zH~C{>!y5I^)3=&VmCj!=jvcC|-LupC9m?zV<$LxJ|0;@==te4)b#K@h@}5EbK_5da zaEP_KgW)|N85z0bXlIwg{a`|wv+0NyT>)$w7c$H(7ThGhN7JCykI;#GeG4;89?lDw zmtYOZ|5aLyCOa3CSu!=R&T6@gD=M`)K_W0LL~BaVrsTx}*#Kj>?|&C<&F`n0C&o7ZuSAAk877$$OW?G@kqAv@t@0u%@8V zRa=2M-Jz`^rH0~YgRcZ55jWpO(WqhS)cJd%mfzbRL*fkAFD4iaCcBdtdgX7F2Bbr% zAK-j;+3u9HlEFW@Dg>aKbP|hl-|3GF&6CoJJvtX7PURJ{k^1HE zcO_!1-+bMIfYZq%f{iq>&j@eq>0;|LdZrcxib?O^<@c8$lM(cq(fR}&32$1;AT5>i z^w%~wwP~JXS;~k&cOt?SPy=#n--0l(FxKjCMQ&1SPIGTAY(JND2eFSDJbr>&MY~Yo zD$5y@%|a9AvNe5b5S{Zito&wDOze}j!@B(h@3hz%dbS560>qr02T3vS820DQ0v46* zW0urQUqo^*t6QoS+>vj8X?ptT2Z1R|3cuMfLjJ4PIx5!*E-HB$T|CNLN^6B{ZOA*) zq&%smGNJe};um5dB7#6ChKj(3lv1*7KxOS4x!Eg{wSM)8!LD!PjknvXXxr*P)0Wfz zHo&fi2@?78+pi?V0)Pa);6_KnGDs2&M!-!Dm_NXgAG3;9yF|Z(K@u#3uqHIXMZS4Z z=!+@P5`lje$_zqW>#kC08a;UNqe%H^{t5PX*Oi=b!CL_zNqL;48_ygS@aty&pY9o{GrcMcr7eo+*7U82f(H#cB5maxXF1jF`^ z<&&Lo>j;TVJ~jtV9*#Q!4bN71KRvy4e=Yy#28Qt1Rr2c(w1c(?$+d%=Pwb4$W{v85 zL&vVVs~z^Z<@=QjX07zD@tVq@%=iFK@;?->Sf?FS<*++M1j2A&JqP`vLA{HGy7~~Z zv2$bVM&2s*PwmN7MbqmsVUGf6=!h0*{(O$nGgvER?qlX8P2y%~%3k!&<8m3fT~@^Q zJ{42+;B3-IRYe9fb2e!}wo){wp0|T$?K7E;>Q?C}VG(orT;vB+(O<#eSSa3W zwRbG(mE+k5_4%>&5!=UeelS_x3hiOqU(hBV7Sq_1U7y5U*DqHM=d-=#=*ax%F#bp3 zpkG6D87d0>oxgSJ?^n5N5SE^SS@{L7n2GlFP4pD^&o8KWN~eiEkBw0z2n+U02#1`g z`PEd&LuvmF7X9ZY*HBAnv?{z??CV6K1TrvJJ^*eA&D+zBF@rG{f0{1%fNrvE8w z|9liCv8;@M8k8pZ-y{$I9~WXPV=`g$&lf~NF~|6?ZtCx+JgmFTrt1WwN{}_R{&P3s zH^J|6C8<9}y^5@v|Jt<15P+u87Gt3I98qBZ{h`h~vYTQr|DJdL{utBjTn#ORgj78_ zi$weT6Xv*d&(bCSd-YZjy;LLUi`fyr{r3mL1;c;%Uj09A-B)dRtnuN~6@P!gq}Oy| z^A^T`Zy&X^<#sjyf1d$wNMK+fbc6Ks&wfiUiTio4`d_YfT)O}15cm7DTkt?{wchgY z1-=NX^6zSxHa0xJ{JG=jNF!kVzdwwUh&!z$6nb*`b6yX6aog6*hSRyrEh=ODCQr_v z`S`Xh4=0V+MRJDK?wfpfX1FWE{xJ!UAhDDstNWq1gUsWR(Ntx0V|(8S5^E6?O%&Yh zj7Dbm4?i%3qLiopG`XH+nKP=8I^*N(DEK-!rxM)g*4L3SmC-oSUAZQKuCrOU(7k!* zd>yOR`G4QYoxg7YV+&&2Q^cMoE-9(7P@f0bWTT_nrF@W?LNrqCeXtf88QIj-ba8R< z>({T&&Q9)qa|OSNfZsl;+1)8~KU9H#5{ z2J@ChYwTsejZ3C$eQFYJwhQvR>%(`1wt=);3>O$+F8C!Oy8KJj-E8%;bo!_?qp>Hy z^SAH85h#$Im4|>NZ}fbRB1;7|dog}E@opuyZFpuyUuY^HUD+=B*AW(dW1Jb5_IgMvYJd3v0}=aJt>6X=5m7 z$6BUwc<;)XNb_;kn2;)ky}#|VJ<}}Q^8Rnh;?9NK8A7KXBnKPwkWo;(^Gwy>PBW6? z!`6@Ys&^Xqa|rOR-%O&5(a?20t^J^dqgA%WXLGac({UsVh`Gmf!fgm7D8fI~UJk6w z4(eKcR!KJ0ZSSH~l07eXYWvq0y>y>GZTY-aR?0W`zu!7D*15J<*qG(CK)l+(%HG^` z@W6#!?6N}Kv9FxXy+pdfL_24D08Q0a0p1Ndd-2oXRd9y9;{yVAEm8EZ@Ir@HIhIG=sA9WJUf zvDoF@*U`-qnYeFY%UkC+|MA6}URVB%%T4h!p^@V0f#)afs^S;>0cz}587he?Mzx%m zvZ{QdjXrq>Im-sLXS2!#;tdu6R59qX`j11Y0CUTq4a;>n}-Xi%2#+HV!Re- za%xJ;x(@7Y2dAdK68S6zJcY;xHzyx}J6RTz2f_j&zno>kgtXZlxZ^c9YH15?O=YCt zx_i}#(3{!Li)CSi#~^}n`_5BE#jOctT2}9;Z;x^qG(J({X?}03xHYP?FRz3-hCrcn z*>Nqib%$iM-ZKJikLaM?f@l3CGFeu%j|qfA-ZXb?l$-a{WHDX6u&MuvX5Nh=7ND4xg^>sADa2FAt`5|Ncc-UdraNeMedbR`87wYCD-cQ9Gj&>)2P zb8sNK-Exg(K@)lP1lX*Zox?R%t22*(ZhacwYyE{INB-q`IM#KKV!#1*HB6ANt zsZ1-0I1LqLmm5cTX001W;v4c#MVy$z~PE)5@ux4;}-chZwqGURB%yGr{yyRI} zO)27cThhy)WkX^HpFHNPS~-i!X|Pz6a4DYe4Z9MT8GTgwxby!JcGdw=u3OtTKtM@h z06_!>5Mc<5l#m!gq`O5*y1S%dXb@0Ry1P4-lI})2MY`d;N8RV$XP@`H-~M+G<1^1) z>%P{te(O8!%1DLT)Ah&kE-xhN?3TL<3e-*xC(y{_vEqeF4d7!2`BU?p8gQh`!CJ~u z`tj|~*x-2kSnQL@oKb^VVNG5GZqy<6DJl7&crX=*0NwU7277DYH*r9$PETBxZIs$x z()D;JUC<9pU3LGob;h&Jz_YohE=liV;p65$WsNbuZ`Y_FhWnLkZ*1l%w;*3_JUY`K|x)(4&@6I04cCUS2{B~DJ z|FdZcm`8^01@-m(j4$gpj!CzraQZh^rAP;ajt5c<&EgyrRf1>4GQKK(o|K(DT+TXL zBT0RBI1#%|pjcLVfQhofHI%5yeR_+9%m$SBYNnq$BxrGSc}R4Pl|t{@FLfsAE-UtL z1>1Vs&h19eN)@!5<7|BWo}ku@p_m`l5m{(8!&oyq_}y*U^@ja)};lDU!3>!ACDo*)V0wMg;8L zl0bi0uw$TTMZ7cWWL~3cwa40V=Y|sa_0A#znT67r{zhAV%hVwP0uhc?!A8H;0-?LT+D5@`m-5( zC#6{NF2<|nPWfO`k}(&lf_sEuLG_Sg#2@O~%lpUjPQR)cqYtxK+f_VYYZ@xit&of2 z(H>6HHhaZF_5)Zh&(4Qx^efX>J1a(0RfM-~7hcu6tYFK}@urfLSPU|4q>1CXFh-$s zGHSOWL^dN~zU5b;>m143ZpYH(s`w)vx_6zHCa&z}`Zwg-|4%phV zl5x#ggwIBw)}k>%u%k6gTif(r zK~TT@kZQ{ecV5)F@9c@NpL#c*gjo0|O`49@oKaKfpWidK6HgYwt|7I$ELjoQ89v_N zveGlYN7S1@uG8hN^V+$02R+x1+;x9B^~Y4**_QmaIa)$$T9tOm(1$oGe|oT~VQk%M z2(XpR2Ax&i+J;@LZ31k!zqPHb`myh>RW`vEy`Iazzr@ZzS^f&I&UohM{NzKL-Q z&P@L0ahj|{R4i=PCLCAeE126mfR0YXZ#-iv@e|(E+i)B{ zH{?+0wJe;NIYlFXyg#MC&%{kmX2EaO>#lu2)kOXL{0?V6xod3)9%qANcOk3OZafaV z2pWt1T35uj>r2{bRpaLoCpwGrmb4l5hL{9}mYc1U_3D*Z%aa*F$?aoj>lQrz;pO$N z3r@k0BeCLTK3y(zTEqK_5*?2))oU#~vF~F)KEYWT(Vf=g#M5*==nmSh&uCa{UgSK{ z4YC|*sNZE&zf+2{UiJmCx;~q9+qw6+0i5_9{)0lVvf0ebz*Kt%*6mN2qMhH1TO?nh58k1$Y>!quNE&*+WW z;$aCuDFPE~+C#T1Dl7Ei;e+a$nvB<^zx<2)D&hh_wAlIJ4=f=z%w=ToPYF*oVN~y-iZ3VkiFoQ$VwBSMWvL zkCWAiJ;y2ai9(an>)cS$3b0zk*M!0O1F*s3d{o#yOLA>#zi8qaAm?YG4P7x{cUg{@&(>lST`!tvTeT39S+w)f zd}r;x`Qn)5>cYLDETmy4Sgx;R;BIO}SN<(B*8tWU38N#0{9M&{{7Uh*f-vZJ#e8cO z!^vXKvT}}if*%547t}DkZ7Y$_cU~}6c&QG=UcdfG*!lVZ$t7ZUV#YY7y?vS%_wSNI zj|wcgrlzK$p&=tfxNf8r*z;NMf^y!Tus1-bRlR7Z3dsyDH)a7GM{#&O@{D=&L+$l) z;_20FeDvxzj6B_R+wPvt=Fg6FtLSoQ3S|&+2B@B6((QJN$%S^5>#|3essc9(}Rx*3J^7Gkg8&HA_Jq$A_>$ z5axYvixmnBeobVxe}E@(FJsw&4P=7QJ6!9H#?jsi!kS&JIzD1*v!1^sIlPRPcl~UaXzn-!nMfOLXbkX}=q@Rd@6L6P5a039@Yv zX2F^YbI~RIRZ0?5l8W*)?^fn2hF}JDchYCh^p(N&AQAeL%DmInk?QQFjj!dkY2}$7 znT3le35Mno@^G)H|M1Xh#VCT_keKcLX)IQ~^pZf~`3~v9apMm~j?7u;N3eTJ#gPme zCc%LUd>jdjKU}OK7YY3wEY6p5@6)OZ-jiy}mQy>B#efnj{_w#<-RE9hK3R0TvVgd8 zoGjQetCB}P{>Q40_I&sb^f`T-)3{{|tUI70!qm(x1M2c*{f$B^D7S0h$eY=zACw6=8tF$lIWg4}@aAC<+ zRwZoei(TGzmUBveS$a&auAhuZ7U1Ao%AVirNKgbRI-0Xc5m^c7(v*#NI@%7YjAO_^ z2Ses`cs^Hk2eDVbChkl#L#G>9flH-=cNiO>UqZR`&SB*}fjp~K_nmaS{j86uUj~*a}|3n*LxON=q#kG-_;qDA0VH> z=|UVIuG?VCpuIER7z}`Vo<5+B$#S75<lbf0QFEVb42hS5M7xc0wdT z>v7frE+Zn;44e8nS>!)v>=yGXBnNF?twhfmbc^_?3l~BxHbzXSm~<*(Cw2P0u~zXr zdIwXdlb6N^OUw;n8)3{}x9hLm19Cm#&FiJ$M`1KrrVZNen?@U=kn&HdVkR5GTUR@= zHfFsGbNxU#*b4NPT@x_)>tC$QP!qTZ{<&zm=$r8r1VMIA6%|-dq$wLl^3}WGz$~ng zG^c=)Ra6ufVBO&{_VKeppyk$r+)4M9q~_)BSK6$a@uxZ zhJ>k*F+^XqcVV+~5AHn~AsKs09R}XUz;|$5*4T{z=DK{0EJv3LX&s82H}+5FKe5g7 zbi>0lBLxQcd<17l6xmIwIX{7Q$)z36Vl^=~vVCzZ&8un>kCyl>9F$x}h$ty|)xWy# zUoOBs{xO1W(nC_vMMSn`uenrtE;Q#Rcc~U4Bw+Axeq>M|Gt4r&q}rP9$anA1f0;& z2xYl+icPTZxmF*gfE9OhK%=bNo(Mz&d_$2YTnpsm6mgrbnuKW-Gg}-j77JE3ySIJ1 z^~tXL7efcEx-_{hJ;?V7r)%7?T{sST!1La9S8TyFLysCOb^c!4R#IDr)`FI)jV{6;MfU(msCRCR<@IKBQmwj|?Aw?SG$#WM5rpB6TEI_Yx1CkT+Gmpf3wkB5lwB#yO7 zl%F1xuFogqT+Hu|ZoB;4*)XdUYp zVug^fgoGZRCg9GO7m?M}B#-uyYBY!jNX=bfW!s&lqoY$BpEz=h|H<=#4{;jLCnigFfg@o)+9?k3F9!Y}m6V#&GaN!djk zWo)xysG*|bWQO%l^FXAbd)uvpr*;xvZg1B3{H>`4*(jzK-0LH|_gtx5Bdxj3q9;H5 z?dwI_aP*{Dv4KG|!vF)c)TFX#qXhPo1nK=BYax{)cgrv;pgKMII$k`6O=w8<$8j*rYQ%xv_xue!~U+H^gTv zlU7tkQSOE#5X}cd6XrxJpsR-SoljN6$dXOr=onR&_@;ktbiEBfC+rnq^UIPm%00OX zDEN7>(Yc_Ta5`J<@^RPBVs>!@~sT8&FdO{GTQ!ChCO#yhR}S=U8Pp zOfUb!&z@r=At3>j4dwi~IDHy@dTi&aD4ZZozyuC9px6c+Ir?zd82a8(Wf~xz-Nsr7 zve6~w=y%ILbHOmppY3WwhO9#IUaEM_K(8|Yy24`eMOt}rr?!z^L1Tze;~45=kESX)ZIcx|j4lN34OT^6&(5b;)?I1?BNT1CS=9%W)}LTP z#l9&;(EYeK@A#>oOV;nXZ(IGSFuBi4u-4jf#14kaZtF!eU(1`&l^vSm3rN|>7Z_Tw zXlT;(=VQCsD+;``SS*o*jPD6%<x6Qx* z_CYEhU7o>#$-*UH-ndO`)QddzguvHI1i%9Qvu99fpTb7YwE&nCcgn3z!sh(Eh7DSZ zptwL{mG0tI-+ z)^z^grU1V(Xs$|`Aw<#kGG-X$6_DaYW&45KWr6MugkcVeFCkn?dDH1=AJr?1j(yT;FC*#0I~@g-UbkfZJpp`Z5*^OLV87^N z?uxiXqlar4;`a!Du7}~@{l;vxxBwL`tgVly5;ClDn|u(wVPFA<=N6lY4)|1K(n^6p z7!h`f(^FCwULJjkESjJL;$vmYk#|vx;8rphvTS?7z)BXh`S?=madwScG=&VClb-% zkDs$@YvWuzkiG6hvAheRplDIU^<)WbASEZ&_Qcz$93h}bTJ%33IZM4aH zZ~}t-mBllC)myRjr!*RBL+6GYMxLt7sHKnm6k~AqNM~p4t0x8{qi0{Ho{-Bj(i_(o zF3kt0D~>K@y;d{TnEr0dLWExz?fGpdIO2W=Z}GHYOc$afzsDcbj)phUb^G$deHxA9k=XG}wT&uC6!PMJf5l-e z>)mYAC_6u53_+nY3shw4wP_$c!DclE6U7N--47kQf|IJsvq$aRoDZ8p(U)~Va-H3q z$^4sM)Xy909OJ3H>cv1j87ev^nlZ!OGG39~x$G%CTWNLlqb7ql3UuU(n>SP}n4Syi z+I#*}kd1oU#_t=z02aT>8$er%_Fh+i?dSE7QgU!mIX$YtWac>1%@G=&(3hGrHwV%% zof~yj2ykCrtQ3)n2;~TtNIdaMq%kwzSXo;Z)wK~AwO5J-HA5LCE6f8`bI}~$EJ$%` zIA5Kd?I*08p9Ht`I6ndGD2FG_rQ=lI_neSln zyZUv2-mKAFVxP`;D9;Di+5rd_48RZbA>~lhrvI6Ex0xP5EH2Mayp-_(A9p1y3J47H z?Fsx!cp!74mKwlALq{h%Y+eo$mG3LhT}f2&e$2}NO)Gy@U(Hxga@Id zR+v`oM1h;s{PoZuq30Y5;ZI0;ke3bl<*wkcp@6faiiYHHsleBk{K>D>wlh@McP9Il z@PN#GDlx#+WePmKN#rEMm7v36-w$kZMvJ{=NqQ2IQ^6}O7NR1c8ea$;G#q&8`P9fH zh(GN28P+`7cDrf`ab#kC3gdS}(Xc-KM(aqHAPe(a)cRQ+_28mWxz>?URPx>3S}8`c zr^lA>9lIx%gDmOSuJ%KYR|oeT#erij?L)Z(xIJ9P4$qK&f7>5hu`L_>)1R~4m9g+x z%be5B@kTUu=NQ^R2=5Fg>+3e`r>_J?zlztSdJr2^Pe>Zzjz_fTqR&T^bXp93iLTOu zFGjPhlLb!j@ir*l5WnDkn-O`Pyos8{-%GO!?0;ZuM~Vg)ZbX@Ut;AFo;-}+?r7Z2z;$mhfH{fCKk%H`L7QgH8=%`g# zW?7jH=;V_*Cd{n{(46#79K*Uei@m6P#8&X*Vg|=X%+tYXVQoHHYaIHJyW;JvkM_uEh7+%0-feAc>-fT)HMTN77SM7Q=z z$K&=OdauKbv0W^$Vz8|ek@ZC^l#{mzTOZm`vs z*c7c|A+sHxIJ`>@2Qgk5<=yXK*;cD#u|h0hlJJtA^IOJ1*C7`-TM}Y$qJ2g*Hu49s zrMk?^qctqaRX4KP4}RQp%-R6^#K0%cll++a*-K0=g#pVhoChwRr-iPTLB=dDq4hWA z_PS-aeJfWhzihsiwcTu`>-Zw;**AW*n`5@Romg7sPrTlt&%>i%degs0yHGij-%h1k zNA7v(Dz{7oQn$FnNAv+lRhDwBtZ|H^N}>{}KNi-zL})}DCYf!(xVXL$Z{Pwka^eS-)wkBxbH`_-W@M$;qkNRAMA zG&iSXMaHV;l*@f69lRt?(+-=OuPzUowEe+dYcv}cmCs0ZdOeLL4{T`D)q5{3C79OWf}TG*eJmhejz@Rf{5a8la96V4tH52$C=$8!`X zV;>CUUy==#>3ofS6t1pBg->pw!ZG&}%|qf*+0~&U_Kz_uKhCOnBU;2D{DH8m^9;HO=x*Tgsw2O#d^6TLW3~g>D4#V7O-a zoZGbgLzJDiZH)&P{CL-{tymqN!zJELeCmG?sEDACts-@{Jbadd&K}|Kyp#`P0MzJ) z4`vJ~Z9)I^r{F)QvCKnnrw48UTT|Pu*&TsP7Mpn)G~#^kay3=#~noUA**neBtEjLx}^Q|Q_631g#hprP3^IdMX> z#M$ck?)Sgk8Je2-l<=^_&(l$_z26D?w#q+{QP^O0lwU;6Og!ti^K!tc*@+yJaT7D{ zX1-eNKMg#0QlN2FJ+U|*LRby zUAx*B737o4)tf$F8ySg53p8w`oa-#}|BnaD^RuWlKKK~*%hU6f+abXR91K4OZc$-B zB)I1gnJ`hF{Z--xjPxe$dl=jEe`*fMRCkef8{lf7!J7Gymr$hd=lv7k|K;BS0F`E> zN$J0PgEU|_@Sk&tece|24ujda@zY_(Tu3o)VeTi^?bqlrI>Uwaw&%aHv)?k_BC>|am%8Vh{pG1HT$ zvDe-c|CZ^FnKcVz(VPm-3A6J@=A^6yP z3;(cjlxwZ%N_bM%X@C1iU-vBv-upyy?IE@@P1+YSRKb`@ZGs?!0X1D`HRZH4A?cx{ z-d*EwqjbiM&(~WcY$9pANpJ6w1O(bwN)2Y!e}5X#=qI?rAV~JVKgJzG22hCh?rko5 zNZTNx48XKzucwNFVhei1eq=QRy@BIulJ6?x*4Ea=#YJ6RU0GQfC{k0@4UPscVW&x6 zRjp)DT!%0ujv;?4T$n|S^G@Kg--n|WMUyV7S2Z_lM+X-e^Ty)zTWPU>RL_4^wDK=Q zO#y1s9@i&$TFR6NfpYBj_XW#QB2u`tFppT~^w!h$R{Zt#Qk(-P;W0E$O+oZn_n2TD zU+lg|H>lq3F|?BZ_h0h67VE~}Jw~+RNRyFt0BEEnPt$-r7lMPa<#X4*5NXN*pAnVp z&3S<>)9CKhyc~rz!8M$ecY-8`I5d8FIPIf#^V4X}eva4oy9QK42|`@btw?_^ zW0w)bTSMFGHGz0g^|_|7B}-K5@&+DwO9}7VYh)?yzfFiSgvd7)JWvN=iz;Jh$MymZ z+>;dLFBAkNB}1}P4f>Pe+2NYq-QBg`ot>QkX+cd(3tS`?I-u+Yd56+5e0je;PeEDY z#i#ig^_hLs=>(B*$7+alQOErYP%x_?Xic|qP%iK`4_#5*LR69OyN^_aU=zZR#kPl^ z|M8#s4o#Q1$#BYz}q8zdiYrSA6*<`YO3z&fc{&4+ZjDT5n>vI|O zp=81o=okP>6lZ4g`FV;Ud{^=Xo<<-Z;~7k9C@PZnekks^^M!~*Nkt`_A3F+63X9K< zHKXc3d7j1@5#GzqVfgO+PNyV)LjgtW^)1w2Pix@;(Lz(g!zcVblK6cHfH0^8GK?he zMXCm~a(H~aco<;dWsg1?G;=$f1RaP^B;8IU9JwF-wKPIo z=e(D=HyX0}c2N>%I%3V!UUHFYVERF@4uRtlW6f)Io`eKvZQ0VqY$vl_rfULq0oat> zy_;jjeCvB)7aAgv`!oZO%xg=Vs7n9n_(J|O&Vj}Y(%R8r>4+jLLUfKVrOMd?i9PCU zUHJATr8z^FOBW|Y+H2)6g=4npu!=5lfA8EML75Ur*nr_)X}CNnSU(7-0f3*>c93Hr zI^fhpWI&2Q($>s5S#z46faqT{m>M8{{Pqrf0P>Lw*e&G^z9B-s6e64MS+5Ue0fb`K zXs{xb_TBAFVADFpeBk_(53<`)4`~vU+CMn(U!oC!Dve;o$2|nQ!CUbq!h)KHs|;6zJd3t>b$s~MD}dv?r~-L z(%QYB=AvEl+E1-tRS&JP_QYH)XCLJ0zD+Bwp%8@f&?^X*nc-w92UbcPV4IOuf1qyG zi^VmMyz#@AvOSAfOv{5v+U+Mr?I-rC@s4-@R=3D7o( z#dBlmtCugF1C)O0xj$HUdSVuMUUGy}k*$sgFKrYeN+8Utd=0WqM`{%n|%<^?lU_7`jznUSUu00+$ zY6}pCvwuO@FNO*K0Y5a1Ay&7xObiUxfS(d{nE|)`SFdEg#ITx9iLj`us-7$f;BX6W zCyO{a)z}SQT!5S;0}+P;hzeQ>I&Kn{1#L2!SLc0yXy~END9+M#=A)ZNRR~=jG&mwQ6*YY1k9)G=yL3dO z{B1bXgdPPs za=GY6oHG=R6@f>B6|3)f4cgFoh^|M>S>Mhip(G2RaHk419rB0pNhzj2$YE1N!B6kd zF&aT#L}f)-lM3ac|6m+qkbAZDtv)6&H~HfG!0x59;Y-7N7s*|HOi!v%pOj`LAM#gm zTHE=~sp1M`46nZN>EM%E^V4^qoB7g5IS2?TY%}2rD`6oi0x1%p&Vm^OoNnw<81LYP zPCn{{w?x_UqtNe#qj^)iDC{ zFQ7Uw_&&!x0Sx*-wh_&zE#XOknQkzcp7n}n=k{>1l%TTmy}HzbH4twc)ur%qaC{25 z4?`}|+bf2o*o!K(5>MJ0WbU=h2VYybWein7xlmtsLsv;?ssO{vbYy)06`Q`(D-Ken zI;!Tts)UosB8n=O^%84EJrnm%u8~d44QU_u{SV>kcDht%i<2I#CGDcwmw~Co%a*e+e@vHw;KLo8K4;{pWQ>0q>4-_ zKbn$y*Zr|e_N2+tOfJ`Nir%K!qx(KhiuVnP`PPf6_IIT1eo?rCH2x6jhF%&%)B{n| zN&2qPXuKr+R?_EO^kg%Yu5dq42;;j>gi2Ol`qEYzBVIxKGX(V{=yZ%~8qudOft&XB~5=g!oU-~3?`Rpez>qJrUV?De3B6;J;ft@AB#h=M*rHPzL} zOM{ZU-FTwj$*Q$5@$=-K}c4q!b{N`Mnj+O1GoDnQF)1U8`CiSF37hlVe23x%T48ah*nWkw$Bg8HAWJfH^MUELG(hxET` zX((;>q}|sd+@pC48~&0Zz&$U)8^AP=YcejgS#+kV=md1(onYshn{?N9n1 zz8c~@!509 zkLmRCYZ~>7Gh8=Nkpj*kv06yjhYzg^*KP1114x`mO4_Q}W1ROC-HE)3fL3x$A-u{U zbCI9VbXo%#c8E-DBGjq+6de$YZ_e%CPwKsik1HCvo`Mg3SpoG+dUCHGB^ilqIPf=f zkm8<``9=j*@WNZ+GWfEb#Fb@FNu!Q>ql{F#LO6}NDxE7vy{^S%h+u(FZ(!v_-_Z6` z8%>XJZXUX_Sz}D=iqPZTX4bGJv_*d#p`K_Rn-)W+rW(VYQ)ohzZzxJ>*hfN8#*544 zA;`(As!*)_;MHAY1=xfneNZw)i~aeO{wj39ll8kxge!Eb!#0Ij>^lDbz6QoE&)@*t z8gl{4L}m}!6UXhlFn)5Urk^zFnjvrDB3@x%F<8e5$PEfh8lB)oH4jo#mQ6ZyWuM{` z9mr>W{RxEm8`s*N^5yygo~^hS#Ilj+$>dL)4%Y!0Xg|e&Jr2-1ynVW=S=0d;GnM?C9AhadB@c=`wvzZ? zx8t^e`fUqneSW@#x5p}=yQCWe+r~oDEruc_Z|tB2hc|Q8+{VVnf{f5bxf)7#u1%)4%dNq10iI1@_rXyjRV93~c4!6~ex z54ZgoC-U?@4-OAy?`Ycu;?X|ydo7zJ`zYrkrDhM=tC7;mIOZZ~vmq1UQDK~2zuqzY z@UY)M3ex0nTpqlrgw7*ACAu%_Yt2vF^a(i1Qp^ZC)(2Jk9zMNJ;^gk^aMwAek_eSF zmjdJTeQK4DPqR|LI6FuQJ5&?rXtybNl|9j&4tT>2NDN6hzHjYgi&6Yu%jjdirnGN+ z1Iike9)eS+;Ti9KM|8vyLNk2G$ZhdpRCA@`=MCTzq?N4S9}qJd$pu?9&g8ZIS%6x# zCWR$M92P|RljEq1RpO!SSXm&tVb~g&oRS*QFkOgiRM)|LKuWsGC1u}&*PTO@? z$01j9pLt9OF1*5y0n%f&?aoDhlBQAdO|Bo`!K?vYRyiE^AEAN9HDb)7AjIS{qx~pk zO(nEXDYCBfyY!Mn6^H9*Bf$Q&(;aJ`&lAy;2pYo+0iCSgYDFSiQtr8K=LhD7^YDPx z0A(8+78kSB+w*9POG`UKBE|0y&$b(`hGZp?ClJs%O8KxIxgO-RzJk3SFV@}vvJL)s z2F2E`3vndXJbGfv_qdA=|2g;n7;&(=K^v}FdE|XJ;^D#mzLZyV_CxNyZ_n;$kc-_< zV*YX8A{S^$et5groYGk#PA>;8?p#w^8NeWFK~S)J3-3ISHh{N3Yfp<>DR_3y!FTw$ z8Lo^M^|}tsqMHTNTlDXkZu{9&?z3&*-2$B;g%k8wy4ORTp6%Xu%+2$Ado@2W!ePtq zB1vrV0;S~1qB95q^P2EpbVn+4l}@0zpxCGz+VTfOM-;p;p-CE@OrVR|nzMfzk@0(p z{XD<#&r*ZFB0_uB6_uM86Yp2_Yei7CGCsS=(CdVye1`7Lgf^Y_v1RVL z=+R4K4*kX(Tg{IAR-KU$%7}N!Bgc7Ygi^Csya>wA{@J;<5PHp=0pBDKot0Q3ktYw_ z;dhy@c9{trw(E|Dj1t2mBIrbrEA{q?U;~xwQO#_>5GN-m`z~0^=G|;F_MTL^6|=6f z3&`G%NiP*pBm)GityY3>pA3zSweRqrf5)L;baD*>rG%dJi?R+59Bl`kVT`I|%|V3= z0--}4zjM@<x7@(>vkDrzL z)~y1}rsP@7`_yX|Cw>`;t|~}M1BgudVkTSi-?NaKrWMLBaRx;~ppAxb5!-^#RgW4o z(Pu=v3`>iL+*8Y2n!)WeVr}wMo`^ynb`;_0cduNVdAfVKxJEE&gDA&!1*&XA)j71@ ztws#ZWdI&l(0 zuu^$1)+FV&>>AGE9rOG%)K9z3TvIgAilM7V2}jzlm*dqBSuYIJ*tZ@_)(FmH4Y;kn zWQR@wV>LMRZ33WAVIBm1L4|978^b~XNOB%`G84M|?n|!FKL^gKL>J$Ko)_EZ{or8E z`%?XKlo>g2N?g^C4XL{eH`b8taj?a;g7EkwU_}s5P?Z4T$xNX3+gtiLn7Q!^^ z6hYs0#3WesqM(G=n!2+@#*NO+x|#5)pN&;OkG1s8)}Kj{NbA3wC+S*bR9FlRstgnX z!i&~)Jw=x4M#+{lVJ@pbS?j9~VxF+*KRbLvChdEx1T*Avaw_;|uHW2~r(8JwZ-9jXb3yo!bqv!I#GL3eZW}{}wa!Su18+>xA^so1trPKxk@0|L z#SK~3&n}}5sxfl#8z0cpI~7`D?hqE3m$pHl2Z9H=~jU2kp@plaYst?hfNSS&;lq+D;DPJ|reuLu5gI zo!i2%`%2&SLs>EC>FMR(RpxTPA08TNHA^+yqEBUX%fs>i$YJ%cz+!rAEc3SvDNW0$ zm^QQD7UUV$pg|Mn$!&U{@H&7_sKG;_5?T1;EoeH0`Y(wcWMaWUF8*A@!C05l&ThEK zdv!&2+i;cd6PZ}=u%mDGaRwy`U|CG!RML8JEt^rxThR|yJ>F|R45d2@qVaQ}zW(Hc zAx=isSlH8QEcrP`+@^u~w?TofFGHTDIn(;BFwFOK;29CB0uYvzkrY{TwRH(D6^!4J zy(#DEPqZBi_*a0kppbrz0)x`h>ZeG?Y0&P7-MzRRq5_w=b#Ae!zFsb6Prm)x%Sks7 z(8p#ciKh^#fR3(evxQKd4?^$AI4r&B0fW(9GlA0vG5bIT_{T(GENsp7ID9gHMd)G4 zWoyngCPH@*pPU&v*gL zBS`uAmqI~gIL@V1YhQF5OA!732c*;K?6h`y|tHUGs1-arJfY-p|$}$5(QM*VDK962!P_a#M5JG-`X=}ixA8Z!KXf%yVGv(rxt(>> z1j}iOQ8E|4#(H#k3y*=3iHT?nGMto7F`%Z$@b&g!T^0=EBS15!JyBj%&DB7PU-AaqU?hUUckKP8tZn>LnXffN>q$nkRh06FN`a+hj@ z_i}-E$jR9esHd7vTV=?*UiMf45Xi$aMD9Ah-=__DbUfN{8F`7WhpYfQnOTqACTnRG zLcais0qpE4u%1}fgda9=mkJrcLtBF=#{V93NrH%~m>um`YDj=G7k!3g%_#toLAx!c zr9W4ICg^Il_WeH}XHI~Ky~hS@#-W>=0_T9f08+Gm;1u4o_Xg@6r1%j4Y6hX?tkwZ~ ztlYtQve|j9xB%!a1ADI@EnGQ zE2NlvaQ39BFELBsI!B-nts4v_MJlP3;)rravUI0FnTQXy?vj7ids|LjlHoqm-)+C&qnp)l-3Og96c5m3&Ekj zzD77${(_W;l$Sts0lYnYJvgvfB3wM;;_gF=SF2VMBHXd74ULSDz8re2QII+TwLS9O ziQ3X?YPp^FnUTXLmVYJv1Gm@WPFz<>`X-f6M8bi4f_PNM8Y#oGvy}qoa4#y^GR9t! zb{|w;T{H1JyPk&t>(!@!k3-7iHyEaPvm_^9sW25T~OKBpM8F%V>H$|#5?uNb>BavF@a}Rj(5~UOx==B1Jvq*#GFl%a_ z`}Xu1-EM)L*|a3WTpIArrnkb17y>IuKSclJQslxXpi)4w;Y#oqDz{5dPCIr~#a~`;$uE9sx5Vkyqy{ytF4o z#f1ILF@WV%dvQ3qUZw}{GZTX#L|`s5%*G;r-Jod=KVMqc|@N9~;e8 zE=h1)r#tNy(EO0Kl`avVecNLL2*56f z6ag3?bWvaq+9oS72d&q@eIG>agE)#0qF-j`=P$=NI5-sV??-F8Rso|t0uvMS=Qpub zpw?T7hYur^ir#)9zx;`of0Cnlu^y?YVNo*;Vv~KU2v51}Y$oOKPoL;u25v{wb|4l9 zEh4~8ai-zwtidWYBj{~Ek5#Dcc1j43p|P2 z-XUqlo2nKnb%!|bLbIYUcZNi-!y7Q=X%bh_GAi+WT=!yU0ce7M_>K-d)D_G(MD&|g z5SGI(g5?jKL7S=`{^lJe5WhN|ZB+o6e5T=XWLz9W$|EJfvrjimm1TgTgSe$H zIO|nC7HD<+xv(%)Gb$=7+tC#^55m*+GEHE687d4c zpT2Y=loVM?h3p>N4{xlKfq3_}>TM%C997&Jz39oF9<;aq&EUKEWFC zGXY-q;SFN3KU@4~|BQRj^lE`B2V(mDv`5w|iLVl!epC$&4FQfrmK1J3E3j>3?cT)U z`pmCoc(^$ZmIC0e10HR|=C*({xS;`B)gR-OIe|gd45a*-P~AYy|L#K4C?`?yDgo;E z|7BGw{|$rszdw}l*}&W!7fIv#zd!c?avj$E=RG%8{(g(VR`sa*udNi_qZ#j)IKu@N z-S{yq}bj*Fr)W#mWR`+v1BhW@LzA>}u@2au{# ziz27URbziasXo5@yW6Z8MO(8Od5Cu?d-P2Of8 z6>x7MWskVI)#Z1MKz#>L(!kc8E#&5=s2EL8dgtF>?ydh}=-dVN{V-zK+k^Gt{Fi_w zsCV@SnEA7_XA!GwYtoU=8C6O}0b=djv0K$_g-%CK2(ob+mPf78-1cBxM`ZZj9gZhas%LK5uAnj>P zotm1O87g_0ht5fzeF%D1?1?Gi-S{&i*Z&QLhW{K;vwG+h1YKO}di_`3em0?jjt6H7 zUX=g+FF17NS^{r;M3oa-Al&P$&$VvzY4#sA2^fP2y3U;ghu>XX(iSb+VO6F|}J z1IJZLRtTtgm23A|?uqZ(re|c7rwsT%-hxMZYr(I=%k*YsYP;R1wJ|e4U*Z4rH%(1V zD5`kz@$n$>{8wEdsS1!Wz~F0En8x2${y%=9pEO&)&q~v6NknB<_Q~~>PtC=%U z+vM8+k6-yadW(*ZE=ef_S!}?W+T7gi>FEKH7cftV$8#P4qnbS+g^`kyo~X;|*h7G( zt+70cWV=WJGofRh@x91wM~UHoYz%*1zcq3;AxH6dB%{`xi@cZvtKq@Xk)54gPAGhQ ze4J;H^8H_za~1GI>9JFDa~b4&v;Mife}C!w;8RC3O>is%3GeksND-)(v_-eHw3KU4 zUP*8YMq?ue?2mX3tMu$tf7UcZl)Jfpt55&F>HU3_k-s1R`S{SkE*vG6OP#a{_HTiW zEBnoqficZd+sL0;Me^^n>WhLPR2cqJ;h($NHCqu$&B?K`k5N&kt-t2uS90Vm{PLS^ z_|Gl&Jsuqc!~LHyX6D{UE+8KTI@JP$k;A8!ATkDvR4qQFS_*aJMYkbskuQwAIy zzd~iW0A7|^VW3iDnW{?N{S$1?YcRXIsf<-*fpplKha8XfFK@38$avO+vDOe!Ib-5I+NXi0!h}WH2 z6)ceJCLNZMky%ri`mU&=5<`%6gsBL6Zp&SJb0fK4qfHU)cXM+T;Dr3=yUR5mFZLe9 z_4bC}52LmOd0V-g_`ZN&_TyUW#Dq$nh+_b#vJDT9DzB)>@px%jH6`-Z7C0Sj~qv+?4ztgN+9`aXI} z15S4Ud%&VQW)buhezk^dAfjv@8Re+siQ?i#PfYx|;UIZ6c{>*K+6|;#y*lhfZf$gZ z*l=uIj5!au3>3e_Si_Q&lRajKCnqxyTJZN6A-|^WztE-s93=`EOpJ!|)-Cq%sHk)e z9878&#>kj!sTl?G+}dy6fOuKR05m0`-!s@-?gr}z++P33 zr-^~kiWia)B?9xWUk)~We>4_C8&Ur3%^;Z3|L3551ox|g{Vd?Uu)H~#MTx~Ifu zLm^m7cVX*|^WJV(jye-ti?;4+!+r(N0-6nRerR}j=l1#rsbh6{M#jooMg)5gi0ygO z(j7AxB*n$kD$J%TrQt3cGCx^0?Z2bCY6}TH6!u%{N=y;~gbx6EIG7xe!BMwU3lfo( zEXdCX{a*z@SWxr`ZflEO7k^rE`qACp$LH1+Yk$S{YucDLRC^td3=IsVQR{0;PrLpf zVc#7{b^G_PQX!RNWu&q@AcCCu9@Zd+)unS28j}h>($FhwytJ-S>Ar z-{<-H^S^g$w$C4>-fvAqoGr7@fiXTzKdU!0GBOXD@!|GMJ-aMWnEC%a2aE)mh_#}lRXe9z ze$fE0?lwUwK+V1-DO*XQQ|d5MeEI$jl6)?jXSkyyITx!(*Y1P3J7}-w9K|X~D9XxS znI78|n|D0lqExI~JViE&H6%;W!?Ju%GSj~D*x^XP( z%^Qn}^F#w0g@IdJ4y)vcHJ5S4rPxpOj}LeA-W9_MKR<7nG~XlRSng_Ktvbp&V``8p z^G1{L(~ZVh?%~;4TkC*p?MH0dRSi2zU%W1$p>?I%7z+`L172SsmMnet5N7x|B)hwO zP5+)@cCrfo`DUOw?iX612{cjDP$s<-Y)L7Na*tNSN{TqZY7vYc2A7!jlc*9(K@^`8 zWIirmwoO+VNDm(#9;UB>BfSk@v$+Z62`qXds6#?Rz~U(>qOEKcxG&FPvl-(P!!+WZ z(Al~ACv^?h^Z4_@V%P;3iBMR}->;~wv~RbRe}*Y#tcD(*)TBmmc?fp$$=vOv(OJV; zWKN+f9t#3C6T_-Do9Mi>w5;j~t=9=PgxG)im_9WlUmBo>WTNDD(a`Rb-nX=ZyG2{k{V2lzmaVjc;3Pn+J220MH2?=%o4r16YkZqsd2 zl!1#&RW*?_sL3riM;xFc4S5S6;X9(bboaQq_xJYpj>LQhs~b^lb&}B7P1)=1m(`!x z_sesKYwB3yYv%sVSgFCIv!*W~vE#n^(*qk^y0#LK!C0boQxBX;^!l0CUFM&+hcvvT z5ZWElkw844jfcKLBuU6&u%dFnJ?&E7V(;QtT5;g0#jw^hu$MCvt*b_%oj>z~1@Qfr zj2TylrNfzduvXQ}+RhE_zhw>6$9Ii8e)6O#U@~&@IX~5L?8#UHH*Ecfrx?G;RBWz=Y*kn=Jw8<_>MNB~$(b|n&{4E=%n`Z4t zv>mm+_p@Ky9cQ;p%Y-jzz%OvUQd{(cum zR3b`ka&rAQEo^PSVT=_deF1PfPTsq0V1f|bh;8`U`U-YoWMpKfRVnoT7j@4zC*Cm& z%7Gh34Yiy|H8DNCWaMGY2LNQUHaBR=oI}$uNcqnQ`UAOpMlduv*{ddUcX4ScFE5g2 zNd3Xzjo~y1;$3W|t4c+ms_}J#=vN?m z;}x#&+_KKW0_>Hw8A(^Mxaqz=kB_1pDcO>s$p?d`0+xP{zn$ zIB4erbT3$`s2AzfLT1;{ATYbvkXHOGF9|dlhA-IP-y(4#l+T%1?2i~(C!VMX&qZ~HuqO&_)q{MO-dztiBh2M2%5bA0fo*MbE~`fHK7SyAVomCxtd)U<>p5q% zYihRK%E{5%s>fhh^E)dIC<3ecKuo*ZWY3@@S*O#nByc#m)%5g-dhi8>0IC+*IxO>m zLYT!dIN~;VC-=cZ-AW?D^n)ly=G1PHyvj+Xqxb=t1C0bK)~VkGNT?G|7d!NNsmpni z)0SnD6ktdid^_p+<}Xh?E4;#&$*B93-N;EEwx?jstL0AFQwo52Pdj&5|IjK7EOj`2 z$YUsO_e!&eiP&8rC%V*J94@@zUcq1AhNWe+@*tUmM#gG%ix?%KPwu|t(Wo@(BQ#=a zg@E2QCT1j56LWAVLt6gJ^&fujAGdzc+Z6f~AVoc#%|ARkngSW)ZrXc9%gw9KcEDao z^_Ext^#Iwp!;3iHkyG@)$poim;DyntYGn>-&) zi^VqiV*C3!Wly|wu8lGl_Q-M<^=ATE8VHHEq;I?FNMz<0qVjKvCiccL8$W51OcIDz ziJuAAsqBbIEx%SJ#T0>F&Ed>{+kZ5pRH;p{>YRQ|b`GFKdM;2tFYV>!zfwuHm&RBfs(Sk;R^4!eal{Hm< zWBhpD0+5BU4~SQgQ21eYom^DdnB;D>gp?&~dxaJzIia+jCB@8A;EIt3;=NlXMeot5 z{m}F$)aIO{`~F!N_#5Nf z#3Z_JQLA>#JzW$h27QMiO&-vZ!LHZqJtfR%V16*5SEhh zhE4$x4bZirG79J%fumR-q&Fjmr<0)Fe3BA_)>m|$_5enZ4##FrD7hK@`^`eN+S)J4L zNf|pTT)@r-4llG$&R)Ksxvj-86q?8(^eroM@K(3o81y*#N9FUDOXTDK(G**W0bF(l zQWE8&;of(K@!?a0Pp|vj5p80wwF3RAkxZ1+wL~Z4&gvou zzZSN$TeuyWLin+mq$S4|4?-M%02NyE$LVf#GE3CEl)yk$T)YE3v{W*`pk{D~V13eFIU}xGvF3cFjVc#8Z6^@|;q# z6G@TjlP+14>b|2Fd{=c^;zddJqg?W{x7_asH*h*=fE!dUiQO7rM7MGy!+S7pdItXS~84ZQ|0x2tt1VNWzD7j1+gm;ZWh=tbH3Y`m#g&>ZO9f z8iVbV9yPK1%gh#9CKIiJvUIOedjP>mK_uao0JQ=9+<*FLtOZ(~X!=oSiM7JuLR2Lx zo{x@>JUu){tmNPa`pIBiWK+#AEbIfdku`G|>XyvBgTl1bnm&0_i1jB$;5WX1KQ|=X zUhu@=a;Qg&#-r<3j+U6E2b4K%ZdAD`d%nfQ3Qzr-t$Cq{hp#DhX$z!bUW5lcoj&Qv zeDg@Hy-L8V-_kwLwO#tIXvQ!&S4ucorSV2~(glg5?x^bHkRBHY2AMI{Yc1(u_;UB_ zFfv8<*}hCO;qp>}>x+k{s+SmBd10wvmQdsfmxr`;N4Zi85ucr#|JVr7x6vhpzAf>n z=-|*$>P!|rCFRGQOYi(d&ziHoSIWUoZcx6B$;Dez`y(e9MUy*b_3wO3X zFD0>IuUnopf%z4Qr%xjn^$ybCnSH{E*tjPV7Dy1Ts z9PxVIkSg^(k(!@@9^2E~F9;B~zt0Mfx|cpgqvPgdvvF?{Gi>)U>-v1mF&9Yi+$8_3 zB?))HUtQE7y{g01fLn&jshOGL{?_I&6!~2=Jgh`8yz{f|x+{<#{GmsbzpN34s%8S8 zy@`63Q9tUNLms0o#k1(e5Y$%A+@qBe(RTG-lF^f5DSKD2OTOHy=Iq{z93+la^Ls1e zb9_h~$#x2V^K6PA)Q!g$yIUbkn@QO|;!hJ7kELQ!r0 z$Q~x0$sYcr``(51GI#OGAbtPb-ey!*KN2Z?T1Mx^h6Mh-@53>7)E2I>Heoey>RNmoSjp-(InC9@Qux zMZXa;1~5yEvg>VuDW)3HAvMt$mM>K&0=2{AMHm8{Pq9tKGZynAwM(T5hWf)OFZM6# z4&B*;qYiVTx|vzCElDPd<`{OB`Ef&B|4Zk! zvD`2PFgFK=>s;Exf-wOZKPr+n9t{>K-J%rodb6ZN-1y9b{o5Vo3y4F!Tz_VU%r&es zkLL|+*@k{uB|-UW)Io8ByvmQ~eTT}`)u^7x`8^)<6;iasJ;%YyE-3gUCSEGwGT(CT z2OKr@4WAeHIv!2mau!QX?ztKxlkV7MfA~o7!zbIKoMeC0^^Xt`%xb|QV5F$?>cngx zK?W*1PE0V7V*4@GQ`qU$nE*d8_=gnRr1klM^G0Un2GhbXG!a`O4#ju@lsmU@!>5Ju z^a+5XJs?ub!y>?Cghm%oj{l<fw$PFuY zFfyX-;$UZ2ae9bq@ubOX6~(J}$w#pGH1^gmA9!7!C;K+n_sh-k{uZ`Tkq_U=ajnyc zlBQ%C5qp?nRLxpz_h1iRfmn(0WlCuc3MX8%LZ4oG8vUirUhZsO13^oRFs9S@x-A8P z-`S)0@+Npk!rLcP$zoFOls~`tFw=xET4s;7uX!XO^mqw*s2Qk;s}u9;?vgYR?-0{M zU(o^G*q&4S-C8Z?RY|At#P(VQfFz#X_q1vDRSJYy9b-? ziBGtwD4ScshGeiZ&g6|f6-4V9I<#IHKr(-5f2*_lf7t+wEnt;0R$9i4Kca4LBVR}rX_ zq}1p%Zi&RS(3KmbQFa~>*A3#eN=3*jO&N+WM8&%0(%Fv^#5xh$eMB6{O-9ywr@uI_O2n<8E&7T?XI1Koi@cg*C92Z6akSBU*+$u9RcStc$5cFtWHU^S9jeL? zuZp(>i@sjqTd`Jx)yGROe+Tc$+9n2B6RN|7PDXP%Q@a(3V`xtpm@_MU&@l4dVf#4p zhaWVmG(QIpK6wF@bzVGwW`6;hmo7mwqO^^J&6gC6_XqqU-$gk?FiqQ}z({Lle*bZ2u491Fp%BsJjHspx{fUF)=08&YnP;4jY zOsjhMf?|N<<5awJ!Bh!16XHiSwZ9BGUOrE@GI=NRVvm^W#E|x-wgY0miMCck4tF`J zG40>9pv7${7ivZryV^w^deH#1DDkUrTq12XY_3i7CfwP(9w>A{Lqq!K`O~(c;2E7= zPhD&IcSwChSHeIduGs#5Q+y9&YGcujOMXnZ&=^GnJ2da4d7pC1XNsI08UTtF?A{Kw zcbW^;{GxIGJh-e`NMWG9Mtx?Yd;%S#VN0tX&&^doG_)^v!K5%Keuf$N&v}zN*!W#L zv+>j1fvt3rljv{I<^lB93Xv}`)Y{P{P0!np2OK^bu(J&I4kNYi0w|O6y0(;N&ScCD z3dznZq$-znmbsL4LX$-s-wQt#%fev`liYIuR;VV{=Di^VFlDpYi%C_C)9dsbecTRq zBa`fjQZ}O{1&=@_VR1}=uXAu4d3K&$Y&^aosve`FCT%x$3{n+AP1hfSLP`8Uz#T{& zsPW7T1LKnX;l&*H4{Pr2ENt7X*$%~)Vw#BmngN~9^SB-TFFj8yv=F;TI!?DNV%f1S zaBG>`)9-43)!k7@C|JjzfSZ)+=fW@{FqWN~xn>NrKhpFf;Tt=I3Sqn$~|Rp`Zyx zeF5Zx3Z1J+))9tC^hWOcL$4yv><@c)Wf<;xChJxTnO?goRy3|rCLK?W8_elSl)&YR z8B7`MNET7TFlEv(qkB$2_}cA=Pmc{tDCX(YQvuiUJcpDJbc{HkXa1ST&Hp~wJ~L(0 zJ|9S7wJq4-V7fea9wm2SIe+d+7<7w94R5*JHLb#YF0|blIH;=soq*`JG2vBagaCyA zhtf!?eE!9EH7$yir5@{edqlO;ACc8g!^$PsS_;*TxL&(2)h43byllfl|rl+!h&YwGm z`r_@%|Mh9!X`w9knE#}C&jMlb75-abn&h*g%=-Snf3QT&56|TP`&(fA_dkCtdL=J#(2OGcim1Y|VJPy#4GVAKJ>LFk)Ad4&7X?%gW=;>rWKY>BbgD zJrZ(Gc1MPrMw}N-EmXSoHjXhs6GIc<3@g52x@J?w^59-M-L*%Q+({3aXOmWo*k9ep z8M(@M59W)LUq6CE0JxmzZ1Hb2IKmVk)rx;)J@WbUZ-5Siykq`&d|7!p;PFm=)Nds5 z*c(E^%YYR^)=_vvTwPaJ*Xa#dz2}T$qS^rmzWv?ZkI2nirT**})CBb`N>Gb{8UR7N zWd)=tq?+A@PJS5?Am0SP#1cO_TsS`M>T7ED{5a;JIQm$1q3t>G=>qfV!gTez&)xZJ zt-6uJuF6(zFHHS4lt);SlLUTFjkFTEk(+3b4ykT%znYioeffG(O1Z9yUFPfkEk@yd zGPgzBTmt?OB^-#ivQ$u*8S4KS3Lv{STYwKVY$!WAa!86U!z@DQps;#IDOJ%5kk=K$ zfSy+@_R6(9iSpe4!K_pBNZc!JV38tbp{$Vf`OSQdoiv_hz_eBjfV@hyN8%l*1O2o& zM%DFH|MAp?7gwtb!2JuCOEZvg5ML!g{+5Uq<|+tm&?2C9 zIi}A1R<}{=u^wWdZudZ@>rS}Vq!m8zEKRM__nem(mH5>*cm+_VLq&=a0CVNb5lLrOq>yswd~AiFgB$ z@^lUWimZ~V_-fDZo|LQiE?>==>%IN3>#Ub6yq&JwK5t(YkPp5=5KyC^c|r zOxt!yLQ7kFbZs-IB$SP?k?vZ29MtGfrk3Bg?%4(Y)eJ$|^g;z9_0Rom+Ny;B2`CiD z^w;Gospt+kRw2l}i$6Z%ed?RFwf z(MxVv3AOC}eW~0jisv0NER{CbBq%Ok+D<*QBBzDeNPp(;E6e{V{jIDtVI31lP&+Ez)3J##Y_*y{E_gri#DA zO_`<)2}5u%Yan{2d^V;7PNpOT&Mm0rjG3PdGMy)cT}rXJz5|SB^Ps4}oL5@A!%i2ZHUW9?&ou$wtn{78~|vn652?b9^G($Cm%`u(CR-KtUk63XgU zCB6uPxx5|ub=A*oTWJ#`-71mY`P{E0DBQ>O%r7hPv6623h5hcGZQzgmIVWax&bbXK z1w&8pN3gHefw-BA-Q)7y1Ax_c7_FehBp8ez09lI7i*G&KgG@)y`+#~Bdzt&wY+wZ!&6oho_gZ-%VMBV4z{1(`D0osKGc7 zdRqW|Sd9HpK@m}Xs$k3DzFj=hC+EsrZmqAIN4_+Ye0T4;bfI7`!OMcc-x3=(Rvf$8 zPI{Pcxr_N@8rBB#;$KJ2Y$#tz2pFY*BTe3_{my`E73Zl!r> zgo7Q*E5&yPD~Xf4Vr z`iinj+PUn>MY{D8wBiIu9pC(g*eEH#0w_->QfwphdK#8f)-RoMb2Fg4|7xsjJ+3+H zj{9saNSEeX-%3x-*-rzIOi^-7%pS06dfw=w#O>n%8y?L+25#NxGNJ{*O`G{F?JYR(--xa8#Mq0&=h14|_ zysIR4i(uq9p|$Jc>aORls7?Ol?w5nK6qRdI2C}ItALwqTmN{3K3uKx!9#qx`xKtV{ zCw*ri_e{`!(xlGvwqQ7%_2ylfWidyq%MUh$pC({Q*ax_e7WeNzD$bheuD*E4dR(|4 zQ}MZMm275TNiX_Nq@qf1LZ*!^{`1ZLz#A3Cilj!? z?G<0^YNyn>YV0e#d-xFSTk{xrc{LmDiU{WVZrC2s?mBE2tMIw;-%(> zrt$}mI<%ud2vcAGtycUlV`rK(xxJX*bVTv{uW^G{*f%&G1v2-KQu#=7LudmS0`!Bm z5%i?Zi`7IK)(w0GruP|Jh4VU%XJ?feU9YQB%G3o2P?6a>k-q|z z5>$I=KU~qPcaa<5D$kLMIC=@NOj8TFc;zB$zo zBG_EXPR<*&)7;;NTk@)#X|5G0QNB7EEX3F&%_+_skIz}jk#ePXyS;1|oM^1bKaj|; zuDYAs)bu#|>i8QDvtQSzk#T@Mwh>!NV=mY1C~GD?H}#ysjy?(pbzhC5+%Inny^T{u z0LaOj0A1O}rYMik0(W{tWrU)x1ysjsr)^aA6#+h(w_pvG%l)Tc1elJ;1GVi(2^}5U z#VW*UC7aBtiyzbC9>nN?B$PQG$eZui}zS0)w*uBi^PNh)_!u2D{~k@u^rjV0KQ z7*lD-Y8QHhiyS{5uVdhNAZgZ>WBO$xjy0M?RwhL0h3}F<0n_G6y`7x?Z;=6Lpzz9~=|T`OR@ zNHiPlc8bs6BIDjX5sp!pKKA|QUUA%`PkA2df5l_#U>uy9SK^gk@heZVI!Jt~zh-Bj z9sBGBwxP`9!hOfJ(0oCQlSk`8+Pl(A~xxw}^`E0ALxZA|O>&B_>_J`r1Mq!eGAZuo7ngqg7FFdkFwtHhavLIY%_R;r309~o;PK=W)E@+spYqQis?T8#@f zR4MXrdFG}nk8VHx*#c)j2QVQ4ut#k6PIChW-;*a$U381&y-TKRqiH%^Wn|%VT*8i~ zp`~r!>Sc_$Vq;~M&ZqKbwxb20t=qEhGF~ggnNCbPhmb!4LR2vyB{Fg|buR-;Cz6Uw z`e=V6TOng$v6M3HYu9TtW8)efmYxRXSGoJI=fBD)2}pD0R>Gm(-qQ`&za`}@qx<5G zHvsRL#(Y!IBkG=#re;q%H{4a-;v+iH@d9|BieCH=P}6Tf48t|R(#F250ap%S_&^pl z)9gUfLcD}Uw@yV}y&7QEFj;otkvdFzL@J})yg%dV#N?y}v~jNKTd?B}6JAuvjx;!7 z0xW#n&y;F4Gw(4^J<7TIqmA8zp>K!s-%0Y`XFd`=%Rc}VVFBchk=??yll~7a&|6Sd zZAS4L(-|zZD$K+479ywCv+B{NAE2OFEZSAyL47wvyE!=Q?#o9!%8<0+T&5~EFq=dF zusi+-owB7;FK_;uyj+SJhq{AfNNRvIW|7tA`rtJ~aeN!PonbAFN!|No&t8m9O`9GU z<_RT+|0@*b@_7veLBjU(gTA9J=j%N@WQO98$nvcHt7xJ@4vdT=kL}Pdph3cfYOsl* z@&saW*I)8pyF=cMbCv%A-|y&1*At6RZs83cqrnwqu|97=$xiV&4@nfM z$<-L!us%N16Z?DW;mV1`Xn`=BN{G2YkA1OlYS#tjB8F-oQ+gS+&tgp?yrzh|kGKm0 zjc1WHP?7@IydX`;J}a6EZ%ZSx8>N~f1%kzr8b^EU^-CY|6a-R5=ekQMG{`}{gVhGd z2t{Ik514Fo+x_no>7p&;$T*-#LOz|lm8+bs(oGxN*Ri|%o;B#jm@~ec*OiEe^4*iQ zjdAg&VvpKt{pOP%2fRII02uI{+Ras&5KAEr$WqM*Z!$R7Pm|%5|K86X7NJ8rVP5Te_X+tY^VAXM{Lo8kMjST-V=GYrmoQG}Tsz zrZ!@wTZ*0KTX#4m$OnO}WS4XuXye8Tg;zb)74x>1q5vFTMJ&%h5s7ug}P`<>`N9cwD2FVQdXlPPZ3G zH>ayjRxa|uaAq*7!r{B|gD?8@YTRenQ9{|5^0%$Y)zA~wFfYL%{+WeHVug+~#)xBZ zkJ7Nt41$CG8*Twcz#TQeM9iI9R?R|oMuG&D>jSpz1FX{z7c$!Z#Om+sk!)VdrlqTQ zJB0;De0Xdc$4%U27HROt{zPX91x3qCf;qAt1N_Z*7^mlna@{L+I855ImAdp)iti2o zPDKV1lrG*5$YYDHS6xJ?2d5}}eyXQh#oN44=g-POnCq(_IeO=j1-^4sDRv$%Ic zs`V=*dI`lfJL7g~q{{5n;ef>3N1j%K7ikvhNrmQKZ(n=GCX07pW?bFUCnM;rc|-xY zS)qdkJc2DNef?*z0NBQBC`Tc?06EH%lnTBT<2*>^r`|}Xnb4`yx}k9FbbRQ%J4rhe z$R#(>m2+JOXH&k{PmyZxk~tLA%{ig2Yx^5(?k>X+lsqiur;mpm?1wE@=)4^;7 zD3=Tic$dMzPGaH}xCq&Od4_dBt-a?az_1Ye>$X7a3o4rs=jjdLzp;=s5|B$W&x`PS z)FnTOc&5E%qA1m=g*ey2_#kXS;AJH#l?Ea-;w*d z!!OkgN~Mw95yS4hm6os1-Jsq-&0y%$LX1gny{fOF+xg_X@Z|JGzB~7@R|lOO(b{ZG zqs+|lxIr7)OG;&`%(0szq`j|v8qPnF8wD}egOHn>qS^Y#{7tI2Ulvb^)G(+flAT(5 zVi`+ZOK41xn3T;Vsrg1r;e0U3u!iMin`pAcLHeKW-(qvoHMX3n-s`q$>;rCiKTbzbbv~Dv(@&S;3fH zTCIUkkx;et{W3v@X`0AvenOxn25*-L;RyZ!VQC9?%c5Y>=pWU5N-bcB8z>#acVi&M zqYFcGT0fU_gXJK?zQPDMIGmv6#q&T!@*UXzIEDt|f$2-PEIjx$5cj*5jyX~YM7%7z zoqt}|bzT)RdOvAQ{qKRZCro7D%8$Sy2qGY7yzQqyuBT$sOfc7<>L^CHRa}EJiTuKO z2t8QkgP374rO5>7%Z!jOj3;Dz`!eemMV4)9s|tT98$Gcnc<}vLq4;{nK>2LUwEAd^G_-m2;3}!Em_kSm_T@^qN{_8?DFlW zVd3GamVU($6hP7Wid|L&k^xVE^Mq8PP6nxf*FuLt)|Gt0?DM1x+1=m2=w@CTe&5jc z3&22sD;a-8299-wFPG=g)v2Lda5hR61VT3^FHCRt>Gstd{y49Hra1PphCINt*Yb%{ z^9x@#)2*=+VU3V=Kq+YqQOo*6>1Ab=&*W|xZ6N+>;wmAaSfx>Y>$hAC^Wl=WHYae7 z0oTH?04^9#{N`uc)>)o1fCf@hihzd2q_u?wz3l`T@aDWgHT>DA`;x0GBSpT_-Usbt z61)u_99ZRyu->Ed1$X$GG}SY$i5{<1{2m7k8}?37pJUnhq(+|ZUR6qM z_b+n`Xdl|&F9>{}ru0?Jjo4dn{w>q4Li%;LA)70U$1dwvODUG+dA>Vt3pnl7!g#U0 zW$9R16LG<&$w$eyXD_Pvtv+?)gQ5p>mz+5?)p=X{ss0%{qMQYRQ8BOGC}+e3$coQ( zxc<(!U9_B?lC%~76>CVdoE|dlr|9XlY~jV{_a&V|r43i&0b7$>@5}N$Z_qTOGnapI zGB{PzKrj5@+t8^5Yo{a*{!U`SBQ>#s-Bf1lI;$v};0T*dPmKCCKLsgNzq6wSd8bgL zbRJTH-&1SDo1h~(J5q% zqVb7hm#qSQp)5!h21O>ZwXafaWfW3~{WPGozr`0)dT>+Neja_)DTM%~sT8{Gaj+O$ zt5Qt?>3oj}VWQ9^qYDD|cxS*_S9=_pV!IStLQz&$_S9SC6xFXmk%SBKa&mxg5ueAY z16m|1lYkz}+uN_MsCbwxq)WhmmSiZqu{|uVzpF$dujY1Z^SK|xGr2)#6kzkU0sg%N(d`%Y5P#itOu$-^YqSoN8 z>%F=1Z<7hM_P1@TT>Q@B|VAqmf!JpGi9$sc;)!hSovutLtDh`sJMsgGf_^{!QyfSiDJmv69sS@(PJtRT?k%s;Op%|EX7SER>mcLg`c_+9Do{ zIhr9W(Kv>0=$rLy_n__-$WTR^6!?4qO8lZyDFq>mPB&uGx9e-_<9_>yn?ePFo8*5J zuwd<%S6%!FTKaf*{$^b-KYpaEyY5oIy}b>R5(7WZ2mRp6i^ziGJm0VxK*HyX%-8Ru zx(?sN&YjD=x74_~lY<_RxZvH2*@yh{7nE^MJc0TK>-B@)`C&j}8fqssnN|vn<`>^W zgyG~?%)3;Ee>E zlrhSC#j|0PJ4u?xnM)~oI#vBlW$bALb6xcn7shu6G#B&|Jltll+)yX59pjgaRE)xi za6Rd%7ydw;Ij4WN3n!2`joTmib;=71<@{R}VLcUL8Ewr1GND4#sI-j6I@oEseA`Zd zpI_VmX#}!U`;zyMm}5hnS& zEo=pyof0g=g@I5DD7MFsC39I3UatvykG!Kun=SROZx3>ZOo|9t@sld&QJXhq7I2JL zz7W9-Kg-?z@R=J3L|iTRu+M);6|4U8U!a+zDsX|Ts&?GEq;B=(3F>-REj>G}OCKb) zjNG=q-VN~nD|^;ANy~}+O~gmOZwV1TF-uF@6pQg$eC( zO8cm^!mjNkwUW@dDh*MtPp)K9hS=l)gVRq@vFr4eY1!ND$e%k4`D9~ZMJ&pZE88c< z+pITRrDDSxnSapT71Ck>emNZ17<|f|L3h}>)PwaI(_CVwmM{37jPR;+6kwd-KewfH zc&_q<<0zHs1~#Liul^|tz1uH8dL2}lbeucbMIxJGq(`5Tq@>Rdp8tE3f1NHq{3f@2gY)VYrNq3(+}+|S&t>l`8$E;b=-#a*6m+eTH0wu4C5u>rtygFK zeib!mIAP~WRTKn@`YeV!?0EZf${LirD#&=gyx3;>fTAEV_1>mxR*ZCiKB<~YW$a{c zebGy%=lZ1-FvoG{AFVo_n|3T}<7`N^JnYKq#+IG=kUsvtP-^Ds?2(A}sk?>%##0An zJ|XUT5sYD{x!t*xoWzv|0toS&OwQ}Q;aRCapA%Ro$|UmEr`9~fX&z#GyoHHqL!+o}HS?7Zm~u`^&G;--IL#(gxmJgUAvgb?=kk z?ktma&iPmeoN&GrHyt8Z^%^}?{nHG@#r`8a4MELKN9=}gsgV1F2N%}wNC`o1v+2Wg} z1on%)1hbcZkY>N+1d#BmEKsvNv_;tdbnmqgJN*KiXGZR%mtfSTm>Mp|ebHOi(lQV0 z;xJ4TwzsxwvYZL9F82b;!cfd3NoGSUR=*N7@3#si$_7gPOvLT-%-a{AbP;d;EJ%te zoLrI%b5ADT7rgWVUAt;hHGSA%Wb$T@)gvn&Z9L;k5T+5IV?{6x#Xk`@QL2e8?=lQe zTP8R;;YJak66b>)sy350nL;~~XtUJbSMVjG*vf@s*B%$$2dS@t(5NE$)a%*yU2 z8b+E(R4t%K!8YHF0v4XT!05{vS{S%+qMg?yd0(nj#B)|>zf08bhOjCwEZ zQUOq#_Omoht85e%!!w*v11lTqVYqGj`ugaH2M6!l#@-pH+O&Dyi45%R3O}!fXbELY zNt;1kf*B|+W?74`J0hU@$e!3cuIH2Z0(6wLE6fq&Pk(QA)qV{}X)A-?%EH0|46V1t z+u@{zj^Z_?1fcGt#IQjehMg9d-Vh`?)d|_%!HP-XmV&(ehj2>C1?-4+Bud4CSJZX_ zu1bK2Se*4SML;;#&&it4Zk72k*my)thx6{;6wyb)XP_l(aVl?>b})KrR}+zyeT6kK z2wqhOx=smdaN_eO;*O5(o#n|C`ZUycpaVy%92_8+80-Zi?Vs752hdZ;VxLpzUHa_% z-r{RwRHq(C95`0vQ*)iv7E(p)jqr(z-V#8&IJqGoQ7N@_?IJ~he78b#WvQ`??4s@xlV-TKNbvMFxwZq@Jfev^BxWfZ<# zx*A?Q&|~?Y4v+!*F|~Ho7?AW^iYj!_beMHIK(q46=bE8vt8>sP*+qeHJWyRXviI}Y zM*uB7e`^a?v9|ImW>;pr_fmQnJm~$RzWmG|_&|rRjIv86R z6VCS%y5OWIl!mAgS#R|@>Q$n=ce8j>sS4cq;%9v~fN{DpQV0qrdig>p5qzeDo-69= z7K*k+hljUB$1-WAiONT#ri{Lv)d7(-E?XNBulu%wL&y<+UW^pkpOXb|(>sz~swI&K zkB%F|R?>{Y#C(~wbKOAvXGHTz?5|8~mv(Ogis(*RR~+0RsC#?bUtT!pFgR37A;EX$ zZ{#;Yu0^(kFKX=-!nL=X70W5Ua~F(Y=a(U>DY)A5tlJC!V8`0=TfTl#7jM(o;p# z%R04Brb>Ptx~d#Ts}tQq6gBS)2QZVpRUg=1%HGkrjfJ~7^-I%D8`CQdfIQ=|5hY^< zfu~C$)~Cmh)PjA}}Rm~FF+nP?qR^9TQvC+7AVowA_nU@`yr|-co_3ib}FarB` zFqR23Rg8J&T13Tlvt734iN;8lOJ@;*V$5pZPH4!_*IJKuX76Pqx2%^aHVPzh;ijFi zQ;Rryyu9<|*sPCJS*Z7NlrvSs7I*P=W6xS!6LBYRgZ2w}1uLzqZ7p-@FTvjpRhz&4 z2rnIk_Ya1H_DM-dRJx0S%D@t_VoxO~voVih0sd{Y@^8Z$sDggXfP8TO`}Znbtv6`1 zigjw!9v?X!Y?)wzLY;DBs0th>kTvhG=MF=luHd*0z9{Ejgdr&yt?7H0yOsS-? zY)im$E(GoFY9>j6o1CD-0tW5Aw8TtRM#cj0Ms(WKVm_Cfy|%#) z>H1`4Uv=pbB#Nr!$r1;C#w_UZwc7Lt2$FSoKXFhuOi8*50T*AD>=-b#L1Fl3!&GRpf_ zYMczJa{xAizspAdLy{=%%FAhg6ocTA9nh*B7S9x-lu;*PsXm<#-|)v+3zq1ia#N+Z zsH1QRA33JHUZfRGWhnaXp_OZX1p>i0z=EkPsez` z@8mRc@@I@Dez1N&`{BK)(kqJ>Ocl*@CSFZ8OdQOIrUpfSk5vEmWHoIs+>E<7e?Kuw zXhZWJ5@17J%^u~ajlv|GDd<*pC5Lu6HHpgio*JGdkq!+>Aan})gK!CJIv!rbUtfU1 zw?zOr)L;@|rFGr*c?!}PC`seu<1}V4aD;K5#;fzldu48$^UoZwg2ox$6s?zr#CQDq z*H`QT2UP!9%ySoXCt>K!x4|xRCl0j0%(-D$CsELoMwYb~RhyJXZRrQYm0_V~013H} z_%(g6)nRG#K_YV^KlZ@*vk0(ex+E~>RAWu~^an(I#wrujLO5BJNN<{x;nDfbG1?Vvsz0IkrVnwy0`7CNJA15Lroy1N&q8*3K-r5Pl zl(olD<95hvY*$?(Vm^1@XpETe`c#;*e)98D^GTR-Pv%tk|C3EI{EY|KD!@g<*Z2J; z!n@Hinkozv$pyoyjxr>OG!bVS2r?+%4SrS5jOsA&$el7Bbgp9bH=Nb9ZOt#mV7&b;>{H|# zOHt4v^(97%xZs!PgG8^=e>xm6IAT%E63AS$k`JHK^LEEhjdB09zu$gacO5bMp;EG+ zLSN+Hz~PDr&=*6oFR1=+_5}!_{AOXmE%ue6SJKlv1zaMaA3V1fdcd4sug=NB%8F6_ zniVrr3LP#4wBM|?PM!w1s<*}`c5yq>EasiBkK)~fH5BbDBkYZvkPNiN0ThP1a5IyE! zAV}|#aY9}m05Ss2KUddkEX}CI#C{21)twoz_d+RkQp5o_(rh59Fpux7G3LBn&39aJ zEfGVXY6Ac8M*V~C&Ei9xuxA#OJ(OmWw#3-q%$AL>U(r5KwMIS5a1yD3I9Hlw!tqLW z_bYCfZ;2K{4LNmX0v9KkvP@}Bk2?XQ4-BM69ew?ps>|jt!iX*9w&Hyqt_Pkr&~U^0 z{W^!kgF9z-&Cn4vu0HrxQnWVuta|mxoOo=e~3S&D0v&YT@@EPv4QVRyI2 zw?B(KwCoot7cCf4Yusab_h`~ejffSSS)%duG{ecuB&zfIg1WaFf62zi((vay82^E; zm&!QPTHC|?ht`@6AkK8;)IqQjh1sM|2GetZ2u#2f-qIXoM?Il4rYdOGhl)vAn-CcT zjc;Amt!szF*BvN-JcL{>TKj?qqM<}&_gSHFrW}gA&=Z}ivm01vyIT~kWEq63EkE_-&90^4iFFaV{p|e-FD_jhanglcFMja&OY)p< z%7qc#%M()#FTbd@|1?pT5V*ppC{W9X+W14S>FzlBME3R~OT3(m^O=T>MNANN@SCvBUH=E!B~8lv(~}!jL3wm`zIEa6s!BSV8#1~8$vSO zo-<3bkvH>$OudER@4zhhgSy9+wh_17J&C%SoaOXbo_WGNrZfKcVN_A^^2f&Qi?w+C z(kkESr{X7_CZ|4ZRzDq!&IGKY#p(O{BzJ>yMRecPe~nKl!9ipjomKmZWVvZSYTC2R zJpiQ)%Cii{jCsEI=X*h5=QHTl@cW$n9*j<;K^?Owg>1~w!^WbK@LO+nXjjzxBENjS z;9kOsd_eI`L_#q)zms25Ez2jyu?xHx=cK*el<@DeNjtjB$*oqr>8N3T<`=O>_T+0G z^M~Aba`ad=uhN@^?iK{&&ZbgwMj(!tDO=$ls$qA5P<4QeFk3Z?YCP4n0Z08NP zgcyzZxv#d;@Enx zNrFj1RtZNLXc$tfv5_zS3mF6n+90Jcod`$asqY$u+Y7jKSBd$C>zYc4-pMC?VK1Ro zy!J#OQ-wl%7n(p-}|~j-Lq<-d^`~K{_Z5{}OB{ zU_N*5uP43#bD{G1lS6f5-*r3+4G05msXtVrs9CENLpTqkW&v%*W(?+|CbbWeR zQroOd^WKF_7KamZ9-|TL4mD+{r)oL@d3r%VvijE*5h}gDXwg@`{YlLw#-0Cu?!G}c zL?1N*%CKzajGN%OQK=}v5K|mU1JOHLN)OTiy{GVdQW8>hAa)--j6X{kEmZ0|?iJ`- zf~te=nzknND!xN#edTb@UA-1%ZSC{@&V-iKPw8lr3HaLarI3r+ba2{)yjE3XWld&k z{XoE7pYoZ5cb#+f=fg-h_sE@jke)O*YR;|Yc9=A?cncY)prX*wSeIAQ8_D8&x&hMx&A^tRbD~>Czy_Ja!=8<)9K6~4HA0#s z+}3FO#bvjV!;pB{FKRJUv1$_m>XYjGe8SY>t9T1V|2_q8PH^%3rU@ z8P;r6WUZHZvYwtJvS*42@%uIN(n5dfGd*~m<=C&eE?<ZZ<}|H`4KxcD?TG6KZYnc3O-@4d$}R^g`Y(XhAN@%-hQFtcDzQWp{6)#LHrYQ16qG~q$rsBQMj)*PF&*|VnEq`mr>LN z5HWu&O#~`DOtAcc3`l0K+nps+w)$3k;q)XXsd<}!j{h9I+#%JFxcua6Qz5nEPP6E-D~0Yc#rGj<|7Hkk?hIA z>Y9M>mm0Z@Ho?i3bt3#HqPxPm;{(HYhm8aj;388t19o(I&$L|kO6U&O2c71VgxD{v zTGE3&fpNtG>h*w5G^o_6D?&)~A`8(WpYMc@5%xF^g{Pb!sX_eGGH$X$E3yI6eqVhI zslIwCf%detWCj*25Gt_LV{Z)m$CPxk3LIG*6)Z~qDWca8`jQ3J|0n;I%q}}0Fn?r% z5B4SuRNWeMTp2M$N)!QKwm_?43L*)N#arY<$EkT2;ISoBDoG84S)?Le5T*0N?a8Ou zFpMX|^-8EeVa!gA)-@0dS+hS!{+JU8lZ^oFuTS5AuvVuTcB+)JgA4WDr^ga^3$Qvr z|5>CH;vAt8;=NRzA5-SCoWJbIJp~IY$QulcF_)$h6BWB%lZQUL$>^>C^%}d=*W2P) zOnOUMnvKaT5Y4Cjr<6Nuvz|xC3iBS&7BlU=MM-7T=ObD)|N>*US9NW^L4;Xw1x`AIDL%Y z_e+MmFL#qDiPUpgcFe>i33m%!y*nJw0~jc82&?%dA8$t-CYr-q$%io@Jr?HqmV{up zZ6gWJ87ycLeeoA4p*`$qrNlX3F)f0z+e(l82kPPEq5I&$=4)YAQLoKog+^J;RPT4w zr}TYe_4&sm2EZ?JH&c~Y5QL<4{r-JR1JJqLICfT4>3kBTMT{x)fk|&TOUB;lri-HW zj!5o*A%s_E1A@7$vbuW0cmMzk zHEh=h#4qE>KZVN~N-8yaNd>orb9cVCbM-@ajg#Z~qHt(^!sd~G1EctHd zqRVBe92h;gcw%1PomHsqe989t6x#q;)W8UT1|@luREz2XV~%SOddc(obVqY(a^h^W z1ac2N`98Hu*@hF-zl(~pc|zcc`w`MkM!Do~05!m>I>A-Om2?99aA7N3@g+e#m;Mgo zSlfnO*5hRlsvjHH&hD`4LPhCe76KNDLYB~3(AIW6JsvrfBkLH1muOJDZuA3jo=rDS zG*4+2kgbTcTWk*m9SaRVaU@7{y*L7r&75(eUjvDPZex-UD1f-wX*B-Tzm~O|uysFb zLhEG^9IaH;ncm9Rabr_7(E~k(qSV1!kIPC|Tp5A?#(mf!ARzhUK_xE05-WCPV-?)w ze(z^_?gwe_Q593a)s*h-b~>dLYSbS-nX_*4INYe<*5)maS;P#p0=bMx>!QXQkHHrW zLS>B&#|`)=3aH&CVF&c$FO+{}=1S})M2&CSw9Gd@LoJM*|HL9I?ONCkj;8oovVEC$ zjU6!ejs2tX$FAEO9epyg=`WUiUJpB-+_hTU zt{Au4;c*ML>*PJ1<=k=8pJyNA-<_GCD~Oj@_|aunn!#A=+c>|ks+IR$UiCXEf$GSW zkr?^qghpP=Qc;@Db;Z)@jt5Bfpn{+LoU4xv2*S7Cvt0ckp{W~I64-qV+hctMA~-nJ z2?(F(ktGCISxk;f@86ZE`Ze#jQbFZe9`#ysfxHNKKgUz!Xt{RR&UY3gv^{yD?sjOK z(^%Q`TbiGy$RPat-LI#*kIASwoyv_!qTwDp3%gBlbX!Q+CN~F}^>fB?2lu0O(--oC z9T)lB?ic6d-0+L@j(+v>=`=(ZuI6+o`L+FOW4d^Ed{*ILBahwjC6(2Djr7W3BEOs= z8>aGW`KBMMOM{IWn!mD;b$D9U_Qxkl+KqKXRW1_WzL##P6KEzl4O^X32(`ddP$$&e zC-1M1H7|ung0Ls=#n?YqZfZgwZr5oipId46c4QktZ8~*xH03uhmb#S*pBD_nk)RT& zs{IX5eA(&mi3@X*jd|P`S%nz__V5pS68icF==Qb?IBEtE!o= z6)fb@IY&eCTJwDWFOuI0zFp_K-A#Lk(p7fp-ED;I4=+jtEa>4z{6{h+5i*r1R=JOyA`&$u@ zZ#zOp_dMU5tLGe7I$Ez9Ic{HsUE;&rWs;_!ix{_K+MqgQLf^ z%9mTUmnWrv4%_${vnvs zdRa!%K1@Bs4x>5x1yr53EH=-&7;(`k#M8LVxfR9uu^+mxopQ^KLiwERhm(0LbW1l*rb@z~6e0bnZbrJg#-{f2kY z7n_JyOL?`KXoi*Z)CV?@BZR^{#|;5=WXo1!p@W+IDa9^c8TIHEO!ngyC&iZ{@9!}! zA`6>--L8jSH@I#mc4UPt8e3WL+WxneI1(HlFs<=YKriv_EV{oLD}8WDmHwov?XcjYCVb>b2-&?K`#<2zx6wqSU?;#IOa_SMy2KOQfptR)2G?#W71$V%nMT_3?-C zzp@RqKf-dlUcYQ|In0p%vex8C%~bROK^hm4nl#e{SJOgIHznJVB=km6@}e2w+YxC3 zismU}JKG%s55p*h8;|XDTump1yDa>p=SC>s5 z`kc$(eos9XBKY0r9~O*!r&Ce4b-C&Fe6+T)!RGrlkNp-AgH&9o4@`b3T2Bo1RV!3o z9k1fM06Zx=dfjA;W4*J*zbIXjrT%om7D7<~#P}9#51bMAIb}38bjH#6*7G&J@Sq%B z1yU=2`H>2js>Z=(c@?e8%_6Ua$lJ40!Rr1=(`>ezWAwz=aZO31KJ81LULEHPEnoU+ zP6vwyDBtY#*)QdpYq8KRZR32nV{I?5_9{p%U26^<63S{+5?BuNm9=MD+&J~(q?c58 zq~zdI?S7rJ)ns&{K{#uQ+a|Y@;u^ldskVbY$QN5iB=LE~;wv33cN1;Ud^)f(G5AEA zg!=1E%vJpf?$ekGH+9!(51DE336^E@_Pnzvj13Ztazvm1BQQeFdtM?RWJdlqbhH(B zXtgU-?0OEw)CQXU5K6S7D zo+sxvjejsX#;<-&M$t^I{r&@@^mFI@x(+#&>`|XNP)R28+5y#HFl`uxOd^l%Xr2-n zKgmc-D?BIT0~u2ud=$Wgth)8V|CnrRSL~)d2B>`^)2<{LCU3{cq$CQ%8OmK+*BkqB zTquWmEb@{*CYz?}F=#|{QGDoINnJu!V-vkFFfwXHUu;I0jScWljSQ(pJimy$t4TE# z<4Qriy$8SonfI?j=9ud2t9O9IMSbiIF7?uQG=E_2Kn6SSajLoW3<(@O@>W)_QE}QG z<4u12Dqhw-+JfYZ>+@B)K@X?1?39u0VN8fJ z?lOlT`Xa#s`oy+nJHP&<4dCC%MC&54N`BZ4MJ<3p4||5Qh3k_+iRFi6TZL->I3Nw zx-iGXu|eae8kPsWD5*=@dt@wMob-b;@$uU#n!ra1mAi4R_v^nA{W*U4 zRKa9WhLWs_}s?D<|QT?em#XyJT*(`mPR- z{!Q)hk3EouTesm9kqn_T-)x`%tm;v!Q30tYMo1T>5tE9toP__UAr?3ZxwH^xC`)(5A64Ez7 zoverkE_L}LpBuw`e}dWQW7N2pByh`b$x^SMuclm|Ok1yS*HaOq$o@8a-Ho*W%la4w zbXnlCui3!2C+#byt*h<6?+3i{Ad|g9xA>uYQX#D-Qw4L*bd|M2W={Wea6_YS1lSO# zT|9wuvE7x5=z1-dan4PkcLFHTD=p1^&zT!U?g71AGI2uBU*4zhote~{JO$&j;nJX1 zftj6zaL+B=A$sxQ45+t{o@OI1L535pX3&q98IlvQPLhz5 zbgeMbcbMV?d|yF4O<_@yobb2J@uDV>vznLqf{!InLh0q%oJ;~&_j|^#5LVm8c97Sn zg65P>J1941EP9V&c>N|vFdsLbkbe*BDFGn1DTzaeG<^hpl(k%-exiCzt$C%TZ05?@ zMP8saFa;PX?_IH(?qC6d87D^aebl~0jKS(kQjsS-5sf|^EUGCsP`pOX-yeey*vHM) z9FjJfPbYh2FgC>vDHvh!lb8F?h{pJ2&Hk3K`B;UiRy*yC?>Z%2J-c_=kk!dOHp{xG zd(I$wXW$DGOB}8-yOJ;9pvIifL|O~BtcuPe$`4s~SJT4zObQ?K2I7zba1=>Q9RB3< zRi4qG*&mbxs~&*;Y``-g?UyZQp1xX1D@lH_w_G{vAN*lvRr@}r=X1+x!8hH3AXIZO zXhWRSBrCPtOTpntGa-h1ulhA6&3f?3N2Gx#{QS6T>kendcxZzJkMrLd7lz3)LwwA2 zX2KB`%~B*5Md9Sj!zJmgv%hlmD+iS)<#ux?VJ+QyFG_%wMw!X9{VLLdyufrL57nE80{J>xS!x@qZ)?Nc{Ub5zrEMzh-jg zY+v7_S_$0FXVnc9#Wbo`ey9?ti)!7WxG(1@@r3)q3nT4Egl_3XTLlo^YjNXdr-47} z1S7bnOtS)@D`x6-N+pmX)Fo0ooF{m7o^5ZeX98>Q*xtxz?p1ib)Yl4o?V&yN0{9jm zxxJSwhR7?uG11A4sB;ScRd3;-a>ITkYX)m9R}?Ss@TaxKM=5`}S?$kt9iP>|Q$3Az zAJ=y|NjsbSvpA*a~N0}UrZiKwoL&yNoYe#FX5bZZ9BF<9Eu=aSSUMO^;Y&b006650pSvc%}4;kOUINm+aiW!L+gsD=yg6-{V+qWS}ROMdP8cz?3H{p4=<1fL#s4+)}lR|+#f~fXbEyTdC z@w#N}=O-j6g8bT;ZqXj@hx&}YU#K;OIUErN@nuKt<){ z(nFq2L8l#!sitN31}zqN+QWou+jk*h*=*$w=LakNj$7d(*aFJDkiSm0dq8M^^(pyN z3ZOA0;aH>2mcnMOxHXk7d}!1ALBbO4VWDu0 z@NyWx%K>dnMt%d}b=tB4|8K5JpWVZJ-zw@7YRPhc8i~*$S$83-usLAXy=9%&J32Rq z1~(D~ml}Jp5iBQ#uf3`M6S1ZN1lGWRTLMC~1bc-)FnN#8&uhbAl?L6Bfa`F>KZqFO zjF$GeI5OoU$r}Ur^^KD+RyR%YjCX0h(wfzP!W=u52FvUDY4@b4{@?+{eeFjVGde$C zr?=Kao(h8VpDq@u1<<}^_bKJR!P9_9P<`iD0kEX+4`KcWMV?|bTJ@@fj6AxIvHro{bFgIdfQ znwq%>p}lW0E2+U~#?G^Q&S&|U2NwlqMXI7NI@Oi5#yh(7i{H`orhh;O#q}GvxjarP zhKaq~?7$c1b2v%B@lY<(TyGkf1{2$}Yn^E< z=vw6NID1~}N76!meEuLcup2A@I>uFto#~q8$11?mq@&9- z+&CxB20)Plf^rx}NzR_{gL}tU-lx1m^PJ(o7F@pH8JxmTHr=R*@6~X=SmY%Cg$&3& zynA;BD%~@fbJokG__8!vdykTYtK&9L+Wufe7iJVX*;Vm1!a$&NIsr{%+1l(JVH=gz zeFW3*%*C!o!rF1JmsbKlWd4k=%UkNN#PkgoIhXEU)%bkEe@w3XOXRb=*XoxC(6NaU zQw`@v<7apm6zSng_s>;rCHrZncUYqG)De^C#>K0*#Eoj+LSK#pub{{oCO zHT@PNbfLv*;PRuL2;*`r)oJm*iINU=1hY;?Vi#lp7~}5cdfd3@i4|e6$8qEAO|*Dw z#s3z{U=={UK|!-iR~avK_w zmR#o&{~Rs3+tmf)-vpH7#6X+?M z_mBa=+`G;nCskwv4(3mS)QtopzF&L$^-{IgH)H@$EV9zzq9B)J z;AlOc;7y9>56XNg1}1N^uMWv2#}v%O^hXizx);Q4p5tDSl!KJcmSSq5%f;X;pJ~Q@ z_T_CVPXj))hC zxi<9#;D(poT(vmj(%k! zwZqSCjd~RU;&R11;{tcp>Z&$vUuXdjV>dx1wHc1vQ8l<4gV^S@8>_(X`O!RtNzb@E z3TfPo`1WR0qc<8;yz9;r&|mx9eO}}9TP_2vhyARZ<2wLA{Sx{mV8*Yy|H!c35Gk&* zI}$W_EL&6884`bk1%yM<2mafpLe`c?qQ$a6lT!Keou4RSg6>AI*%VPeg!M3GWLjVL zQ@iDE|CpD3WI))M+P$x!N0^XO7bQI4S{}N_@-yXNzl+X0@;R_wJ9u7$5^+C^(>(gN zsSNe_$cW7{P~9v^ibe}Cd9!py(aWV381o1)L>bZ5K0mEFlO@F|6e)h=+T&Ad(Y%a76Ke*ttSWffPKuI0Keylc_Aor+qk4A1mXKXNm^!o zc~$eB4Y49e^fmlNK&}yx7p?vS5-3xDTZYCJb(lNLqNYSW1mPFZ%U4x}I`t9?koKv^Kb0 z3btXy1=Xg+B*tKJ{sJI31SJx+3wDv4oNPB zP>T;6A{G|F97kHWgu33)=p<@s9R8#@V6l?gBI7p?u5rIM)#cgYLM(A9b?HHm3DXaj z>j6bBj)Saka*g;zj>&5&HR2iv2d?4=?eu1mk88UW!?cr7p$WHleQ6IF0wE>4d#Slz zSX#DxM!(0DYqSLLH#uY+3j(O%p9UiYJr8{2*H*QYmeN-`uAY@bN>)>AJ_JE90q|k- zkz>DcQngj@yJG4!Nm|KZdnW2avLunT0<6X#5y90EEe*jfV#_N6CphUhZwt^3Mz{Gi z1`(M<6LZcYfq`f)wXWpf)ldMuI%R_5z!3gXUV;;ttYY}lg<9r|qcm$xSD&Y}VTZDh zAs!q{kht5{t_`yNgs)-k?x&ui0WStMS`*S(NJwYU^M z`h)k?0Fm)s+M}Z)jc8S-ocpy!1$Bpy`cpB44Aok7OK#g814T5@lrcuX?Z>1E>EZSzt;2c79U&N}N@H#_SkwTBH3k7v445Gsl3?Ec8C z^gprvn%%nC3Pj>e#hbb+1Z@^jJ!pXOi%8O(9Pg3IujL@@Ypxu4^I!Lsam_ZtQvj(0 zERvc%uzGGt9q*$z0jYzu&0NKvx}LKDBC?AD;Y;;e*1&M5tW2W(SPHgX0e|uew7$a- z)$Zq|Z7?w-qZf7e>W9i@0=+~|T|NotO2f3DY7h<;mOI zyB!93!>%Fc9q5+)TnwhLHpB7Ke-yrr(P`IUwn)P7E`Lms&HH)Q=Wimm^c`e?HeBg0 ze=tvrvF&DT&jz0rwA!Ph#kyG-^u4<$+P~|~A|~wicu3G!y&~DMnyIm?pwJ(&esWZu z-&cj+KKJ4jhy=!`Jmgr+tww=#%2G)RChycS(R&3^w(=6GJh}qT$u>DVXQe>1VsD{n z=d%IBpeJ8XnfiL$2CYX$QmIBjFZZ3vdLI8ZjtIoK9oa?9(NE#?So=9p07S~8&QCO# zMtJBww6^`~qwnC&zpp7jIZ zpOI{;HU{HHxj3lwJBzf;UCWqt?g!j3N5uXlA+JMlg23yeL?$6dl-<;qkfu(MC=R#2 z7B*^>&k)W1!C)6#IJ560zLO+{-&$2_eU3 zSY7ARj6ZofnDjg@|4MtH`U+80Pt}+FsCc+vu=Uu-95~fmLEYW7nCW#g?78jpT$tO` z2;A@c{o86q zCDV?F*lwkjeiUdX_BVHZ$MaIi9!-_clM(b}Qw-CCRwG8LH9dH3zp4>fm#Ptf@B(M5wjOslb=bWE$x`;Mc~ z%gUv?K2t5Nrab=l30maC%ul5mF1@VdrCMg~%jY)JC49MCv2;C%fZrs(?Q?4wvYisP zIE%HvNGGbO&$5h@L_!I|`qy}121sZ9D^=B`3kGM{X7(13ng`BKa9}C5{UHrs)l<(* zmNjXIEGm64kidYo2a~e%U_;rAq#R-CEeK~`H>O>KmCz;ym%9j-UDPSuOfhT)Zyphz z`3?KR1md7p78}z&d?6MsPvEYLy(G#?p3>yVO@e0*4PRqxEH`4;RGDLx6zn0x_PBm{ zucj2dxu6c|q13WI6M-g;fo29#lYeoIEDv!}vNuHJKZ(L;W%eL^HjmJj(FKOVz|4#+ zDA)oPs4F=F0*^Hiv77S%s>vkE&2B=EPbHLb`dKgDpc4_^E1P!uH0>FxE))&gIuSWx zH1bkY(Kf);y$mD%i3orHhn=&1pNRfW{>x0jOaYs7=o;9-5(RQS6H6%tUBx7Rb~b|- z7+2K-dUSluYYOcHnmnYpq&ctHQ|Rc>P_s2htSB4sU3_^I2a(sxF5MQt<8c^D8LEA$ z`%%khFLrb<3vJHm1J51o<3pO8{*`gs%`=2NEIqg{sL)OPmlK@alfouSqs6pCh=mo7 z0QPwdqa?!DT0%Yhf|#Riv+v5NL&=rdWh1Et70s!>D`uxPYI@h5z`I0d5j=2t<};09 z4wHR#&sTB8V~96nbdAocbOT4xPN279J)r%-y>Eg1XsXrh+{tQUxk5;!zGUIV#+fj2 zremWGd*&)&EZIx#nKO*Mwf2Lnsbvt~5Y}*6yWfXV2UJIMyXyDCPo5g_;L`WX-|aBl zi+3&1f!Pe77VK9|xTOLspPVl#E6%o8wR8Eq&74R%w+iaL*t|L9H;4S^EH9lEs(xnb zRPOL~-4nX7f95Y6@RRKWljs-_8E!-MqadUa?@9}o1Togc+xyeg<`VDsYih(0^kj58 zsK@%z9Wm@yZclc#fR;DwrFZxQS<*A7`>GnV&%jN_3z&zjV2Y7e5}#!FMheeX=^#1g zT$Yj>msTmY&jU=KYXGL#-@*LcSVej7gB;UR9*G)YR z_EWfF}BXl8(rxT$p$4PUG)EQ*y^5JVo> znFB9)J{r<0wS{7n-Kh*MHdLs*MkIt(mo6kR|=fgfq}y(Rb6@$HPBPG1_e(? zFe&*DL1JR!H3n5)4;6x;@EAfOj$d())bHJR3xBlqbaw-PS#MX@4aNCvf2lKs>=c*? zN5{tx>r51Ai@ZU8AQsrZ+mrZH~DopdYUFpey!0sZTn}sogL_>Mi`LHS zGX`*#y4b>T=&5^$=g-QF54__k0+Y3ysWHs__&rPApr_M%(9ukPPwq#WP_g|9STdB1 zEw1sfc4SJ-u+70pGUy>UdU{U@kfc6V86FXf7)}1ogz8C5=PDvGA_PMgwyZy`nM`27 zJsOfEe1E*u2y_tk$_6v~`SA)IF*TZj3hqq1?G;!%wJw{hTi)*Z`S!?!+=SMv!9mT|_>e1l#e>bWA`wbFH zG&A`6On>Rbqg2aDh0qEr`8&m`cvf9;E^$Y=Q)o`A%EZGE>#}Mk>5|KK4@k&YvG?Qo z)y}_)Kb%JdOp^H0f(Edjy>fzVqJLNoOwdp!wJ|2ctWsrznR_UiTZkVL~Fbvd(YEQwTWGOHYsX=4~ ziz6Vc#)du*`~a-*iLlH4-Q|_UZSuf0UvR%sP1T!9`vCbYTk6?1qeQ_-tjZpDQN4GF zGY7Pi2vcal_~iW*|ARPWvRiWnTO58{Ji&qkZg4V6v_*p zqdt5A=EMuPxxs!eDIj4uVP&pasWvuWSxEU@feUvSQOxzmmb8%E#Qo$EHRP%gs>p(bRdCSE+*(1fZ_#=BXTsGk}E%#1};W!Q@_?G7135)C*OAZ#iWWJHw$?-bN=#v2EmNW#_(t7}OcEU$q`4aaK_|7t4=>0wz)z6A#`4f&P!$v77}D@o8z*eUIlS2TdUS`4jwDb>^C>M= zH>i$O`&E=xs5UL$1omC<0jb{e&9z7NO)KkRPi7ItaPLfa5nuC3=bku0GG#1;G?WZ~hMvtBvA?Xs~h2v zEgeA1aQ~^9+#MNo{%I&+C2TnG8|W2Zd`LoSm34$B?Z+FROmjL?)}~w>@VnEN@_2zZ zsK}yJ)ZFwnJ|8XQff<aQzTgA@`mA zrRkG#PTHRiZ-}zRK6PZh z%H`=KFcTox4Ur+cmJ8utSD3TFJya=F(x?fl?;P1&L)fe@nzu###C%60((pAh-9Vin zTP`IlX}-qJ7;w(Wb-SMqcs6PKEy_n01OSOv(8&ir=OJ?a_NFNi`;rg3J$7s1uCZwq zO3XroY1S`8S65cR!jT9i|KkiI9)O?%beR&*>5lQV2u)jkvAL~gQV#$N8}3 z@$`L=PugQtALXVP*W@;+$^+<{$hmi3jXs-s6RZvj4tfey9J=m`SPJ>b>f4QA*OB zImfO)zATB-HwAXqNG96J@6$ba_A;Ke4he^m_V)^}Z4~M;^h?nS+Q~8I(6p+d%vdNz z0jxb@DP^vy=&_KYd{k5ef&IQ*%K3>_*ZC0CU$Jg3FJ?me9#^?6cRi2Rq%SVfsM}1f+M0v+@H}{OBu=dqV7|6> zL|aGqs7bl`va0jWr*YyO=$lpMZ*-zVQJ1<(HLtJqpnfYM!gKYRR2>&5x6|W)h?_JB zehPbIr9G02TXp;^y_2lAFHO<4xfxf|MiGIaVCnk~{UI9?i(6O^sBilbtPS>l_`EJ>bWigKb%QQ0h7ZFC^F@B>hm;s7#Kt5$4@>5>b9h2BA5Q;tdE zcsMPr{YY6)ps-i%8{D_IY4o@XY-n<>y1$}%rB_#X78l$uuUV}kFR($gE=K@R?%89P zgA?}1l_m?grE~5xNM6U#Wzox~42tMAt}c{AzY~AokN01#q<-v-XVbmrYP<mMfHuavj*wKlZ~gHoBA?QN zE=wy8i;eFbz;MO_zVMJPIZtYqs39&G&U}@j*8((+K}qqr0B%51lJ`qBmbZZN0MC)k zuMnS$=cvCfhyC1u{mSoo#m;}84t$##cPQaXyOld0{#7t;E<=?UEl=3W^AQfXptUk* zXCrMVk>5-5?SSq9vXLV3;AJ09pW9*dzVi6)OqJ>7Tu9@4P68Rms3qhggFTk4?Cb?^ z-waF%mty*qd}p>&j%@(ej#w~#yAfaKw0j*smlNm0XW-JqZEraZ`fv`Jx9_UP#@a7N ziAduJaOSv-a~5T54L4-=Qsi6Ghh0UwqTjKF;UfR0V&tJt<|y3oD2qr1G8;p|CuHwv zt8@tZG=}?Rx`sG*i_c^FZabhOa+7EW%yuNnYP4F8cB% za68^mw7~ zofRAFMKJdj#M!aCoirCG1D)%J9B(*J8|8X5m5_T^)H6~r%E{O}KfF7q1%t)z6QqHe zkm>IXuiH}K+9TO^&GQL>IC^;1ZcgP{gru}IQGPe$66qRvHP_ZX2{frH)$N(QPx|aQ zNYeyW)J5wlzr2#tTRSp6ev~Xk5fwbbYJZsZG)ve3w63aos_)Wy{KB%r&R8484YA)Z z9mOkx+$O!TZKv90qB}sj=il4L;(}YyC5p4k((y!w5W5ZWgutCZZ8)ZJ;FvR3g1xlQ z`AF#zHE61*f4?cFK81sGAq06VnDYIB`q}xHwE8!jq6FeQb0Xr|kP@AiI}Z7Xy!GMi zd~TlS15cYuJar!6{H|BpPV}S@HXQ21k7!@HQMO+EZdrOEv*dCZri2Y6e3+3sr)M*8ug=QWH61^XSvexXp#T(33itn9bXc)+-t|GcOk; z+D$+2WuEOE#}a4QgL`xQR_LkO$Qk;ai#dx1V_9~{NVy+Xu>Tg4+%hS=#9~)q&0#S0Zdy+9XEwJonA4+=w zciN~ia+$cUSxv5U-cJLxD?Jcp_UB*Pl|t4BUiY&%|In_+miG7R#O&#uK3&w4+xQR z_uU?jB)0AdFfsL3i-FpZ7j@_}>qq7Jq`V$iliLjYB6+<5M4>GRt}z45mGAMb*BV$K zLf@|zYWa(;()l<`9?kV9a08TFf;PCLs>k4LEVTGs=zhfiTsK=f7x<8gv{kpfyu2%( zNbx5lpHUy!IvGUkes2=Eo-ALf5riw<&;q`A6lz}YFRtX{BFWAf)=O()l!PLTML6ue zH5B4$5ZhCdik#z!C9|Fad8l1yED)S+5Bbx(JZm*`n)Ij2l`lt)TdmP;-(?czp-?Nk zxWMNQk-2q?g2rk0Svn9f$fuR>M|EWRk+LOo=|1y%{WO6~cdI&Z!%y(n01z(d4nGYn z#8xoAImLnYD@*2EnyA!Jb)dpL{)@5UdGk*{R1o&6U*WjG64H&yZutk3(LfH&31kw5 z;2XV6F9xrqCoVz?ZHZE{r3FC)tK-f?SV#hgC9sQNjFtj>2pFtoE4Wo$q`6W^6BOAA zSn@=k@eK~n=4!p8(PpXNYXuU7n?u%IR`?ziv&Me?6W_wO7pFkp#SM^ro5ccCK%w6| z55M+EpgA$22P7yw{_&v#)v`57$&2FPWd;{2k`;1GM)0SGZd8nGse@6&Xk9R2KnB>3 ze(M5Z6t$7mV~RI1aW%<=bhTLEh5DiI338pbHNt^}$NB-{{`7V>>e+$w4LO36tu_j%iF!9-mxKk#u zME~khulFzPN71vcRw6)b=O6GvtjGWMqbO~_Y<}7DuaL%s7?IKlFFV$%Za+`^|;va~`#Ofi- zpdePrqQNYD&!%_4N4%u^?5vE%MY;40L(-OUW7>ND+_2dj3-55N$x)vtpL3*e_pheq zEN8)Aj9X6xZ%RwRoCpzRW)N-*TnBR5C7`N}GHyuY5@5dh@NCyjzZ)=Y8Ndd=7_k&B z64AzT&5vdyT+QNB%6zgvQ|HvCNcCdgFgB8L_tgjhtXlf!O@3Q%uo82b&#gF86*9nj z`)$|ZxDvOcxGDumaE|oRGlXn#heuP;-m;*Y76_OUDI^UHlNQ?zvcOB*Cl z1ZO}iLQ~RU;C6X7JP%4&eN(G{*dL$X1Lgo=h3P;u!h`2a{$Y9OwCnyeKLDmWPAVpTF_nkL(c!@9Pgk(TM-$e^Wwi0sjxsENO4vv0Go{LnCfu-1<@t{M$Fb2KWkJ zdM_s@?0WQ49GVdu{1C+d{*T|(iXoHxlIAYpo9IOA8{E2m>)Gr7=9?^6J9}p}HVWPR zod4~6UKHH?F>D|Z_?9@Y`29z>ZY_c+<9~h)@SB7JqQ}PWu0JF~^#A=mIO)`%e|(99fb4tTw@<05(NUT@t zNotY4#Aj4;vDd?)6A+t-3>{`$51k zll>sGl9vA7=K~ZS1nTcth)RLuIujmz*;7bwFuSZkjyr@_c^XAa$xMk#Xniamm@xRb zX1O)(t|S|t8YfPwlVUy&uXoz@qy?AUkOSKY&5tf8(?LyF7t>U5MnTuBGf*$0M#+LB zyM2W6KWj>ON(DR8X{e|H=|}40S1PGoDqx7My3&g;?9z_~gd{U=`Ys2k#34fU;GIIs?Q<=7{DpgO@rWD5cN{z&`SZCXPm` zYct^(AbGtJSAyGJblI6PMCQIlN#c%xd3(#yjdj9qUXz;Vo?I>b`nCj+SsJC+%Ygnk z$ZPsTG1q8!x>q8{Wp6bLKTF>fp2?78R0oq{xbyz!>p0^^&c$c1u9=+E-F{y;5^%G9 zxpnIiNip?*wgjxt8lYfeXQVFZ2&DkJ`ca^+|NT2nRHOuQlZQhiT@Y|XbQ_Y4itxJA zUK3V2fygQN3W<;$`>S*q9>9Ej86u8x z*R~V~cZb@|t;XZdjrac_V_zLr)wcGHf|4RB4N8ZkN+aD}o9^!J5~M-81Vp;K8>B-z zMMAnky5*aA?tS&1d%WZGFUMHh?b>V3^~@)J(GYt7AprXzDVYdQgz3?K^!(xwc3!)C zRCEH1(72c*(s!WXpt#RjzPK_qw~%biRh8$cRh-jDiB50-WNxCtzI=972q(Qd(@gxv zQ`c%Nz+BLM^aq)6;A#G@&_%8Fl_~el(&w`&%h|fCZRr}zGmR$4ZyVhyOY9lgV+{`b z@9oyDzyRf7;>$ie^WIAY6i}jZgXKBZv@^{BE!+%e!0RQ^Y-qj$tbI~QL%(gK;#Wta zbUlEOj|V8eB93Q`29Jcpyj&MYC%!uEjp_hJfzkT7cS1PXMMm8KxYS?+NNpeYlW$IS z?V($Z+E+$T@V4$TQn}?Qpr{kYD<7 z-`y$A3RH!Ye$4@;UkBec074_$^yZwF$@=)4q8x60ApHdu1r$5}t%8LQJXHpP-Z-SH zs>+;HBJriDpAXO}=|iQ_<+p1tGlA2u>zA%fS;A->EQ=dr(m*|GWGo77^l{a@G5WLx zJ04?yi0nWqw`#>A*43$`v4DMr)Bx$|JslHb{IK|3t;yudQ$gMWkXcXwwgB%lZ z@aQ!6h7OVH)x+P0FKXTVfaMagz8H&p@Adlf_@xzfiJ2RI;<$+ZG?Lq6!u8quv=r4h#$w@s7*`FLzMn+CDF z!8)y(ai`LYjGOInt!d}?B*M(eFA)$Ki{QTO)-+)mb93M!e>CRm+*e&L9u|jOanzC? zh+f4v;Dx)-o<3-~_S}9Y?RkC=#&KG`CfrfbeatS!341cwxM1doPCtdOGn!FD%Q9S9 z!9k$xJh|B+4QUa0tLXtr_xnlR5sT$~`Y=dI-?c@3@j5;~=^D*QIv6Ma89dk`fb4D z&F_OAPCLSqa615xTeSCNH;G>BB4v@p^Za|HK%nH;0r+Oh^P3YqK7GOX&}<`+3>(eweXHdAP(;$CrS1E&t9d z_N(f;bD^{4FGzaP|8StlqUPxe>KhqVgnaL#DFI|xb3tWA2!vUu4MvfYvWyrBXkn>1 zB_)ES=8dr_^*5xs+l#NkNbz;A=q8oS*H*52tLgQT1hNZ`?Wa`2t`L$kO98K+xL;$? z>bBZxczLmMJubNDSc|J?u=`A{B=$m;R9SYm&+WYOMjRgbeRckBV@)ZsZ3qr$PG3n|5s5HvrZS8WXHNK%ndz& ztGHl+=4*Cwof=pt&J;i;h)Y$E-mkR5tj8>~X<%a8fZ6veKb_nR4RoFYuC?%Hcd$EM zbCGvrof!0h=LbV@`ZnO6+nZC8BPUs+Mw_E2@tHLAe#_;=K(hc(&}X+oGu+91Rz;O# zI6mOBR!LJgOMUq1Dt1yR(o-m?4xl6YD_H%+5!#9=qY@Ah?BL{1CF0`Z);BcJ(9m!Z zN_%?#0HRIP+D~1YG{Krw6DKAmdA$DEze-I@o5f<=3w#OhCMC91&%sHb(5G>{Em4~G{lQH!| z2N}ymqI9j-96^HS=2g*D=sAjYM{tCTFET!kh)=-k@zjE~=(5Tocvx%a!XH!OzA*?1 z&ayCXy8l>ZqjTI@##Zdgb72pCb@5iH=B1PQBA2@f+e2b-u-w}ACWLZ&?V!F$?q=yy zMB!v#1V#jCs5DEb9~#g|SMFa@PXREvH>4wg=mUc1;L|DJTK84Au*UZau9YEG+%FD%n?lq(lM@2L)ww@Bh^H zo_2SFyt^$JNc!G!bi#!}qLjkLK}##y1ZN6nYg}Ah*KuriYq=W^0; z1=m}bzq2z^7%y>+dDTo3^@MQtj)KJEn)hS17gcvF?9&QrOe{aqd)u3e5Mc}&#;O$4V~)LX7`ov}a0Y`-fjbN!&kID#}nBQ#^dojHo9u!%gf7TfQrn| zpQdF9^`%q=S}rXHpvg{+!3&=6N*U_07N(dE4i07O?1g2l{`Qa6u7;LmttzvMeoA!o z-bUfYhWU`LhJ*x&uQSr;*nyjmm0p|lrp&<~kZ2K6{TvM12W$b25T$1Sx~)!i5=3Ee zTpq=}!tOk0yzQPrzr4SGbF%USH2FPL;Ak4jJMJ`6YQ4)+`IK?`A2T=tzJyC%@d8{e zd1jvjK^HkR4$60+Xb>v-(bLACWujQAg0nYo6UQsvsGl&b#?fkOS>k>XTnb~5>1^PX z)y5h4a0nA2620EKgIZFg$1o4haDOhK{WSCWByvto*xU)O5QsIrFNU zsQ<|0wO)aTmH8ToMKBkVu zhE*#p&ZOY5iMgU4*52&RN%T+)a{nFxZtfEUZYMK+d}b#H^WOL}M4$6hGyhs(gdS1B zmxviRMU9Z3TSzX{*%V;AtJCnHB_!pQzAXos3c5R$g_AtU%FeR`!Vu2U0ss;n_~?V0 zLG$wwVD(C~_4QrUL3!8mt=CQVnlXE&T~XP@KbM~zj-OpUP3982{C8HyVdC-W_I z*-+HBVdHwU!q>Fp+=g{AgF2~b_;PctZa2op%AuI@(i}3(Z#E|_f|c!tVX&G{+r!b| zldgbJlyxt_@WxPu2U3!}uwQwb&WfN@rY8tDLLXn4_dTyV!BH7htaU2@PK1-x%y~p> zb*N!|E{e7SOtvxH~06Qrh|>m%(frV(Qtud z9BeC4Rh2iCI_|1s1{VTAJ)LER!+zw&}M=VI^d>d5%P|{qD4A60BirsBNG=VN<$_tVTNl$qAdWgb?ZG zRmFmO#J9JwkEsqpeu?&MvdVlViocqe^f6uDg$O4+@;Jk!W0AY=KCjp zJ4VyDv%|W0N|z;gN&0aVy;qOBgNK{aHw4OvLAHx`oy^T*kBl2^e>kp$KUEY6@MSBh zIt<^35uyaD_hrpAcG#TNeUQRSf&Rb(nXXrjPVdna5LsvqAD)6HVlr#$bkA@bK5H)P z{qOBmhPn7%74>L+$S69suu#J9Ax)Ia)4ev(-B6_DTYP}{#JYEK67pBD;t9l*Rnagu z4~~~7(6T#h>cAquS2UEVf0x#}PJ!G8=YUebfhLc$N!;o6wcz#z6d-=&qOW4_M6*Kx zGT9?}lG>ld(3 z2yYK^KGv<&$9YF0@WoMFZ^QwxpbkA2;5K?^5N+G&TIe_k-n6E}nPUP+9-_N+S0vu& z<3h`=cI#*CM9hP)02#@AZ0>0fkWr6{`lQnDR3M%h&N2tZ84>6;X^w1)Q6CF^g7=jJptHJgDM0?@`D?Y|@610RBo z&CSKOpBy7`18^enxH~cFKm@#<2q+dnwqixO9qTNsvz)dTep#cAXeNu|h8uo}*RsJW zziBnpUqZsf_c#H|74M2!Yi`8a*dj&DtKrZztU9+YVWSCOUkX%stT&O%c}v=H4UJj4 z+jS{Nm0nbA`uJtUVJYW3QwyHl)+@^Z2pFdD%3j7-zP?=GUgRp(`uf=I`M-d5Alp_y z1j;#n#D6GO3bxs&J@xLu9_NqW!I^D!&Q*=OtzhAkX(u@J>Lm|D5E6^tnp0 zu6P-gx>4mhIt^^&XAsn!kw(m4mPs5UpS2EoIytMLM68WI>ZJ`sKmd2yS4 zN-T~)u+{q$!Mxl43BLRBhK-4Zwty_J$=hTsQ8Bc}r_7t5>y9`PGCld}>G}Dn^Kdqn zZFWyVTM9@HWz~O+uba<@25FtH)7}s2PJd`MRN&hJ1%-z2+nUE8nF&fHvqpOOgoPnv zmQzwt1iXVO*k}Uos`9Hoa(HdMgHdRCPw)CoM9qWRG;Q(<=H|HfnFP@eZYIqg49YrCJ&F(xk5AOxE_ z*vAuZkJ`(KK@>iDo5>&7&OpvOD*aB3)AiW-n>B2BT&>rwcd);_+EA-Q*tRVy$0^|m zx5BMj4KV;!Gv&V#;DC7DT&!EQER1obfY*-cRa`OXHEkO>OBGQ@>EHvQw9B9hXGOax zOF@(=&-2J-(v(*rq!hXFg_b)p`I)z4+)JQ0c@pJ&GuH>1SqCY|xfMkGjJatg;sT^k zQY`geR|gs-|Im(1{+Mb4Fi|_`D{E`{5rRM!Yj_+`$9&a4@7c)@JHNl2& zzdyS=BRZ#^I$GdV;9KvYa4dprlUL6%N>>4@DdWQ243dCI!wgMuo7L>;!A#+?X;N_P z>(CeEoe@G#I8fIsPSSg3BcqC02FFQ8`UC_#cF=Lq@~&Y;t)*km3M0d^X9N8Xd!0KJ&8e9-DH0T3gL-jAnJ144v^6?Q;!N8wEd7Xs@$#sVyeDohpIqc zXxuvR%of$Y5`aEV2|4GhTv#-?^a@JJThi;*2KQ3y@!52BOfMI*F6H)$GlI*47P+s~OJynih@DnugnxnwlRa zS2RD)IQIW(*Z_uSBmjcI6_tE9>4<^ny*|@g!1=+43iW1u9gKtl6Z<}4MnKj4((UeA zgY5zd>p#3sV7dc5p<07Qo{35!?98sbF4eOzQqz<*i7bPM`i?X_Tecdn<;8KlC|W~b zn$q`kZ2Uo&DE)TkQPWB;@zA>2mxvatr0t$P^)T%JE_Z<1K1dh9j87!$-F>JxMtJW- zf->n}ADs6_w;eKs6o#t)L%lCO>O}f*PX6JlO@2o=Kbc`eGflT`x=KzVV{* zF#LChmyk+@d6(HjeS1$aq@^@By-8L4V(AUze}9sbdI^k$@9s+IAuxq#rR@Ii-N~_G->Xmzs!pJ z!_{iylml5*uyTYfmdUP+X!^j?A>;kd(o*{5ed2Zt%lkT1=BJk&M-Dsc^+-xVPEGO3 z%QVc)-bQ%#WjS42?kzdhxz=yv>1zw}dnmu}L~b4&^}cpvd157>N~nSPngm%cuKZCJ z|G8}_@~_i)2@Pamp_q$jS1bacwk}W@VblYH*^1-ocm7{|Z%=^cHgIQjbZ|I%H~~^G zSy@JlnU_^;eg@#~q+y*LWGAE^mt|8r4(7Vs5yl=@VPYR7I8V7<$fwKKwMQ=^#GH*k znIN)7EjYTl^yDGUcWSr@hJWu;Mo$pC*yiHk*G0~dt|G52A<$c!7Q#iK9xLbo3+qa@ zxZlUp7s?93I?r2O9orMP&zHza7(T6|--RPJH2erKTxPXT)rTA1Dmwqolz44MSJyT7?6hM}qa0F?CCk{0? zV0uOqUTWKrQ=9PyyY1%1MD7f0E{v(z$BX@p?7uciusA2Lyq8xC zG^7JKyv!|*kBoe({&c7AG7^C~0yLr!OcJ@hnyE2H0RqwGG0=yni{Az`&>Sr>jGdhw z^+xA1>X6oC@WJR_0@E2p(YAs6@F(`E4l6W9y*p$v$;x zFgBsfiJ$xCj=mbxELrpEed4d-@QEqF?j#eA&GUrS(X;)9!O5rKyQ$$|HLMC?nA3M} z{A%D+(t(4?s4%b;m&5V7bl&*yqc$_}PJnwlFZm=E~g3i=8caeLVXPBuDeWpbxy#q)D@Kt8^GIyBx8o ztJh?EXKpMt`*jjJ3ch?m_7r@wQoX;Rm`m5lT8kNa*&!0QRm={q991~%3Oc6}{hRjO^Z&ARSBN7NTIeV5CD!kX7dKp2E_*+b2B^7*WbN74dmmWxynk5iRVM-7c@#yvK&G$m4x(u=$` zE6BnN-WH2yHU!+zJvl#i@U!R6B#;a5`F>v4wYifi@$HJnS+nbgLWbm%^E8cwM@}i( zu);=T?trpd$h=p^0(&hLn&X}bf2(0q&{S}s3ZlK{f4r2`#C|_zqM6aiB@;9GcmW+7 zzz&4TI5;>awoxeovrUBg_(hUu^b~-#AIt^Nj zqUaW>ENpw~Y8T?HfSpqI1+A(V45k7B$O*T@XU~UTQkGpSm-7kALvGFYdr5tan+1|{HVW8+{=&In!KDAfB( zFrRK#QE(Q^{;&$i!B*UZX}Lwa2oP=r2U5Pnn(rFGx2Th8FhcZuC!)R~J2J8(dAebU zn^^c!XK1aA&bPwL-HhV76!4re(vh4!p_vpKq&g{o=aQ`TWP|J#X-26>XcLYyuvj%q zT0K!)5NCNrCnVWJWH~~hb(Pxu^hW?sj!LsZs-L`GSPVkA&&vc63`^{D#|YI_Axq7# zHT}cx6A@oii)uaejN}2K$Mr4mlqZm*3-)vT1Ra7&abA1 z7yF!^{v)Ga7a(Zn>YJIF2?};L>^B#HQR9jcp)-Prl=={nV7j^9a3$*oF5i8c=TXE| zVFrRQug`e2$x*c2yffdv`yA-hB!&$b$Z0IB<8MfGUc6?`LmJc+947Lk^Z$DEl|~E~pJ-9IWx5Wwmw_*l*f( z19Zhyba?bu46!|_y@GetCno!_M!Wh1dm)7f$6C~_yzFLQ@SfTD6k~c&dcp7}>AF@% zruKJYCBsIejzie^zULwn^m-l^y^)HL3J&vK=S7qEo$v3Yl%l}QEs>#)!wuh&+*7Dz zVT1B3zVvCqwsLuoT~?Wr=c^;$x3oJiTR=1Q`} zYT_#O1cxKV&(@n!jJ4AO3v9I?1G7k*xyU8rV&*$ZFBQb&px=W;-YZ^tM@Prupbd}J zSS6r0Urk&HW;;m?Iz9mYL65;}qiM&dBriV}LnW_JhY@%E8Cv?Dl+pt^ib(Xy&xw4o z!y^?M?E-S7$7T!D9U|o!jxB2Cm>@5*Z^bAaPO;9>uqic-7nUZ)e3_s5Hd3J~h}2BX z?P0m$iBe)M5}a>HuDfIjO*FaRwy-P`XY za-N(}B>sYPvuP;0w1Fc^Tu?fFnUL>cTr;^oW`Oe6CM?SNl~ll~wuOnmRT@jmtQ^rN zuQ9y3(3H-&*|K>m()MB_Xy{t8`wqaKi8qQ43!Umg-m*ECUJKaHOS;g>Op}k_MkLdx zDG3`|GgF*6rL+t)Ax31Xyell$4?bDrZCFZu&17iYBgh=q&EtjgmBl#_de?h_#zCy= z>4hb`iWL90lWlX&)Smo2-s7>f7pw8^s{x#c{$(wI3`mhK0~x{ruWJr+2U8-wM*cea@2qTCcCRwjR3*1v&Vm02aj31GI|u zYc7psGnS6BaN`Y4ZYQ4!utz;ZS4t`aqpgw$zjE@PZ;DwD3uIZAzeT`K$ zg{)E=N_bsDI6)@|PqvpppsP!So=v{atDf(LP45BX4yzpO%O&Qrg-&8cd3%~R%I8#W zLACrxSe>6+x+glv2~57T1hOsw&TQ_2O~)3pD}S`QsLoXl@~1(9-q#1!I7txS8`WQs zOqs?zNT%(I2uPNXARSAcAzx^}J9AQJnt--2(3jg1lmQ%$EztI@0Vb6JZ==a2m*7M{ zu9|?1bV&$!|L_aSD;~B#CdKO=!FF+^iQ+Ad)~E{Ki3{tvd-vL%-D9I4xTbr5Od)sw zgd>hEWoFx4NO#O?t*-FUNUUs)I7F3ylQsmC7nR-I%GmOWPqe)2AZ1^pvU{aL($e4- z?w!a(veK^SE4)xoiwh0cc`-tQEZkmNf<3v3hu~ z6xEruGErp$TdcwpG8Y<;mq=QSmsZ+>levb9a`f@X^c)ah5{=IquP85Qa7;ai)r53$ zhAPCHx+Uo3vxbF-1+&K%`Bw=gH{w+duxW>EDsJ<&eA7^=x-A&2FC(`@_FC1u0{fNm z+2zB4OmMaAoanS0iufC8$!g?B#ZKVM_aJDx#C`2Mx@E&Ucts&wek?e7I!V*}x{>)* z!I(N>?xW3$WPIyAsP*dOrJaTqx-B7(W+N*Xv5>Bez}o3E6@Zj(8LA^To|g|qOP>!M zQ65VcFPMwquBxE^Z&aS@+zAm7E4-7!>x6u|GZCeXg8)}t?Wj>YYydOv zvkVGq#WaQ3>!&cHg5^WUb~DrZf`>(Bl@A{Khm(?T2sf7n;q*LuG`Oy6$Dd3R7{qD&p9gIvqF36Z6Kg56*qE&1mqI(VV^}^pwa{7lgzO6)SM<`rDVjhnza%de8VUY zi#q9#@N+y~eCq1N928Pu1cRdbq)kj}Lq*TbLo{7}$fXy(0|^*_8kn_7*2iY{cTS65 zvwiI(&FFhYDeoBz^Kmj>@5Pg8Z5rZiejdekLVo3A4_n6V52cj$sG-n-@gi)NK>Pmq ziy;!Lv>0t)Ai6!TarC*5J-c^&S{bkZ8BdM6t4UKu=K~ga4hW3KJuXX0pZ?qiO6;&0 z$sMOMkqJPT9oA6p`dWyvO%O~pinRd|s-ZH|D_!X9cu_hZxzX@;>5_|W)T31u(e^?5 zQ~t<@bV`M40Vtay{z8owT>u-=^5hp78KcDci|IOraU!P+(-jQRK&RH{2cm~dPMBC& z1v18fwpQXwFxu#HRQnxdK?;G2!X# zX8H)Z$0@ce)enSqi&erOl|_NdqSiKPp+Z?13+BshhFBE~Sa8h%IL9Rt_$bdU8fG^+ zsh)>+4Es4BYVg-hUHcWF!Z)?{b#S;4?h-Cc=4hB(se4Opx=uaxPwzx5wV5EW(I}TL z1yb&q<m&qDMK=*&cM9tM-u{E@FwV= zT5DbRE9qll$xGS{hUL!fhn?lQ_>X1#Hj~3VyI`FIBF!A;+2P;_AYYhLL9c6GSw2pV z=h>aq&>*F%D0M?YbEtzciH0vDjvDV|)zd5+;Exse8WwL>9~X9xMB5(VRY8>%Mz)Dd zrpva`gnn!I9O64+lgT{f7r-V$HY&)BT}n*+xJ{eJ4|zHe{aTYyhA;FvjqW$O$C{_y zWde6$M>I_G@u5_q)71uv2`J3-;_7r>T*6^rX-MGf&LoxPv2VD41@0MP-8Oj-f&}Vt z5Wvj%ACHSz_{5o+8DQb;=ITl=k&w#ATxq??=ZG~~tWm(H*QKDOWM{oIT}F)&Qz-bC z3RZsKc^PaJFYm^pFiDM>pXZ8QiY1)cXqNyQIv~!ma^Um~KcY7=ZdH+;DT)kzzc!r2`JWj5#uw{+V zF`seaX;SMc3>yJ_nQf660AV>dnyli|&&Myo)FCi!o#T!uCBzSp7s2|{3bbbIR&g5o z4ij^(#|z;YxeEovxYU4zqZ8MwkDP6ej4E{<*i@8|bV5MjGYtR2tiTfV$}It@cBBag zJZ9C}=a1TYrrrV75uJ9}Sg(g7v^@jE%0cYU+slcG7b17it&&h_h%e(a{_}iZl0`*U z`+ex$uUx7+ey5`}9`BV(B#7@0yc_}0?Bh`P0iXco$^3lWXj1;-S+YBvuJkRZ0nE}) z_IJ=Bo2~Z*AJVv{l8F)nMTbVlK3PYg(D0=Uvmo=FqD%(o;+fm_m=PtO7C)7+?zYiTFFusObE~c~$K3E;h(Uzd-Y(Ig^ zdr+^}W7)20&1HN$$@u2oUx%u$punwdr556EHHZ?R3AaN8OiZYfVE#X3e4_UhhZoA# zJG6crVj(x*oPJfWZEE6*DvM-~T5x+Rx-yZcHB;PYT&LuZj_ycKgMA;qk{D7q-htr& z`*!e$Gd-P0hNOaJb)Hiokr z_Xs0{rfVu9OxVZflZryy*OgWI)Zk$yT?Ta+m!*Who|lrxLhPz$KW4JQHg}D&8eG;( z4I%GNHBzlW2r)aYMck0#uZATk`b@TDK^Su_*0nk+OS{F>Du%?N7Ybgb2s-i$`F!%Q z;RA6-?_z9=V1W2CCqVUng2y?I-?F6@I*+viweh@Gcnp%K-sI>nlo?{K-5uNmM;4Oz zWaZ&rG2|*|IX+7IQ}DO&r@2ldW>b+3x=SDvp-;pjz zg?5>wFro@%t--@+5)uQNH9zE}mpc47jq*v}6G*8uMJ14!p4G8^;k{j55eJeikr-%< z*UwNxSMp)Fjy8}LElH1sjmbpChH)l#WR1EvATT*WI2qFs1w1L92BiI;Y2P!b`y$o2 zY9{5)?Z@?-S)2j^0i^gu{^XJE{+`QTWS}`$4+l+8D~?6FY`eJ<@NjiwzKjcyR_{AqY$MKM2li6`OoZ~}l>hSJ{m009)RdEuJYM&^JV4Vj9bN14qADP|3MwlZl!~fr6q2sEqKz7^FdRo+mZ4sX>xuY!9=(+6 zV|Q-z#L8$$o`v7c%+z_&B`K=<^chD?&2|;fhL*m9a`1sT74u6P;xz&)x+T*WU_059 zWnpKWJxHqJ!9w^&<+2I-$!?3%1N3@KnrYIWfdR#5A#rpXGhe>+cG@c{DM=?WOJd^Q zNxb7&ZEkENfX4q!@=TQ0+ow3S`s5yX(XWoeuW|eBr-O7IjI%QmAOdUOge@=1&e;3) zmMi&HI(budLB``+J|fU#dWliTy>cTbt!U?-c#qx_F+I9rD9`i*XESlL61Bvg%! z^}ON<4~b9UMR*YH@14NZr&x?c%j+;s7WB|T`r)>R;V)+pk7s(du$(Q&RYRBL4B-lk zzHhRT`)nyZ4=$zisp&1qA%LHG`|5%c9Y(N*I1tI{8$4+H@aI@bK=ZweD6TjdfvJ+X zeBMMFnc1I(ZVb)A^i0V}lXt(w6Qx;zmU#HUWH9dZ~wZ3Act&bJTs02iO+m z-%rxmGLUu$rXVQQ>AOyh?5a2#pN1zgk{;gxKDzI;8`9i7$;AD|Vk#zFY~C8wIr8u` z&^~DS*?R$Mpt>4)|19@_wtTy4_lgMPy zXI9d5x>ZmjWcyrB{!ku;6gq{l-tnVaHbJ28bI*wBm2>&0?U+3$4Fw@!S~7`&NkRG^ zyA_iG@7yZZVuTPC6S97_X{VtmC_5Tv@9b`ILA5sVz|%=lwz`GYFpCvg!#f#`NaO1) z)5p&q`hJ64H7{j8D@K-5!zq~Aq^jCo+w4RjM}>Lklayjuq$9Tzu_Cc27zd!5`;G_Q zhgDw+8O09NS1-;)tA*>`&ftMF_L+?$ zGg7pT>R7>Xi@bQhfvIkBb&cl*rOI;=v`KAf#xGVGXCzXoE<-j$@4Hpo$bsI?x9zus z1?7QfIK9D7H;84-(g^w#WJloDE1A@sN)?_OCNTnq(T>93gBlqqV0;SiW=Sx_(!8o4 zAJw#lt4;1bZgF3w4EUH`h`WV`>yLR4${J-Z7)o0J9dtBSfzEy){O{AvpOAP!%K{8j zFe5_oWQr+0lF<)qNe~nAN_2i1u^^*76HVkC_0qT(40o7F0vPYrdjObP1bb^R)DRL# zUw=n{-;IHfH)KQa=Flz2P}WaULV`weYO0G_O~D)*DigVsxb+1z$P0dr&w6Zr&c5%4 z&PFzh2_a#Vdv;jH1y0D`uLS#omDL!JSK04D!KXQTY5Qp^qkhAIf(VfQs^osBl`h8< zLQ%DCx!)$Xp_XPc0G8?qya&HQE%fcHC8%GU@s2|Z^iJ}~?mqwX5C6mey!vm3spsas zpVt`x@rmbO(Cd|225Mr=yXo%FOWHlZ{}h0vP_AYN{OEtY`is7Li*>wz7UKSRZ*2nH2nbG6<4MACbCNH?vrmu9{yTFe5?{oZ}>zx zaT1z3?s7-OyALqT{Av_MEbG$TzXKoq@%oZM0hr0h2|;YV^mm`!{d?`o-xswL0uxsx zMf%O7;A?f^0|} zty(t1gNfPMLS}*C>x(1B5rv5!vAyuZIe?Y`glOj9*Tz}F_XSW&w6n8Ps8gp?wEvs{ zfVh}dlrLV$W8%IrysK|;RlF|xwG=l0{w)E#Ft4GYO!!0vcolwI?djl+?QOf(VC6d7 zERJM$cJ}EP2``MosBz1Qfo+q*Gs!MWSTI0mMtZVe(a>;5cfgcX{NuCg?}blnGX=K+ zM6R2fnrLZhL2FzMAoWk!rJBx{LU<|CYf@8r{N$AXxLkLAKgS(q1Qk?Z1kdjF5E#;U zBRqHobaPWv-#Br&otlHx<&QT&!^L&e6G;LHXMm72J~>%##9%Udr^?29r#htS7;z^Y>6f6kKBz$AVKU(u@hf_(oJsB9>ujZgl0)xK;gyicX#;7IyU zceiq2teMM)O1l4n)g~Qqg8#ThV^z%r?d|Q4Pfr05Bkv!1JsN-UdXf!4Cw%JMXrhie z{NoQ)LXaG;1bn+wB!GhefCDZ!M^)8CKvn_f^RBM0=d^ZfpJio3W-VFbRm$~)5V9Ko zcw>K2Vsi8Ib%(S;_ktQj98jRwY6=0F+wY;-U;98IwW31aPsr!bUt%W6Y9%P~PXq?z zQcYm`NB0egF&dK^>yw=cPg?$rSweWf$|76!za$IrtBC>8`pb*Et&H#`0vkJW(mS`P zX!Sl2!0kBS2smTS5hjLCwHjg8cz zgRn}G2Y>#3!h-6}?q7gN9`I`iJSFgE0)`m1zO0m#)UZ7qiR(US1uC#fhG5aJ-3M4~ z>X)`J%cHJH%xdl;5LCvaUjq}iVlXfP?ndlv)OU(|J2-zpmp+21sNlq_lxlk;yu<(F zjnR;i8<+nx;PLxslmD^Y04}xwS4u1t{^w1F{*tW@0;B&wVyRE|j~|`@f07v)J4>YU zuT#q6*YO07ZUq5q(?8w@zjvQe`i#!sz611x?*5Z5E2+P(!?iyy{Vg5C$NDWDOG5waGi~3Y&F}x; z=-?;I4nULs$9?={hW#Z^k_<%})b?l|U>8zmh)Iya7rq(q_}llL>_`v4bU9q9tbBQ* z>)Ufa0M8ReY5cs9dnKP^qwn((UJ{Qz6W0%Vw zD(S@9c-%n}Iw!&GgrFh^S4U#Hu3mI3zyK(WPC>Lg}j{^XzDfui`XcIoGu9T)`(m} z?qljq0yenD=<#LQgTllqxQeeLQ}4^Mwmf5?Bt>|87*yK#HKUQsm3qY8O8)y{2gENbeuEDV z{u6v~91Kh^c7MVL&46;8RntivD-Jj^^3@Ug!5ffrKk7|sg*D$qF%Nsj9ddAqO1}0} zzmaSm$@j|IhWcD~=Um@N8}vzxe1#7yxqZZUV-otX!qHU5z=eO(3QY@T3A>l}GCAU($TZHH1i(lUGmT zE%2Qgh#(#EZ@#*$BF7TjE4_E1h4@CYf7W8re!Xc^jSuHBjKu#)l-x>(hHsy0e57NM z(i39HChjpET>8RCvM?|`4qJ2uDc)2GU}-;7RP_>Ax9Eq0esvCys8Z{*R9qdiXXfj= zV12ezK|3~B;T_(B@zR)@Q!GH-Tq3B|*`uQbkn|y0Nu&QQfX7Fh3HnX|H0Gc`Kw`S5 z{zS@cZEZO}9?OwdN=r30HD!IR*M)>BrijzR##* zoV&JS<~QWcFw`59w<57LFPyRhmyQ2+XxZBOWS8a_6&bW^k7kO3`H;t5bUz}z^PuJ9 zt*WfFb_bvW>X>{cPdgv|_V)W*$iDA4JGGy7*1Z<0-`bQP&yV_cC}IUMJ|rU_Wef>O zlQw7K1Gg2qC|41;Z8!Y$_Z%?OIMKcs8j3EE8G6+RRR231hI69mktNSC?C8#c&j4xa zuJe2CbJF(UZ{9Wn65Q~24VkPMc8SW--}jZ!AzjP?y#lchzKauKha7+3Lq&l5tMkicz7PK7eI)ZFqFLW zqTJ7HY*b&<1q2g9*xdx2u)7cu75upg{YXdIhe9upV?*qdqN$4zB45ho%02vY8KcZ@ zwu;6rSsT5{#7N+p1^~wIT|8-Afq&M9MgijW!zJ-vTU^JK08AR+)9{SB! zyH(`JH?$KLp%7FWA9e?Sng}8F5Bpkbd(m0)>WSOhEth`^DPFHZHgyu6H9dkrxEJl9;o`_U$AAYE^O4KVmB}|-;bkQUI zQap{={9bUqkAv|9h9}mZP9RPhTE3?*X^v=u;Uk*vK;@w0lb~6`+2AF)Urn4#eEfrK z15&1pYA+sBOxt6jmAyF@&!dHhi`*%)DpsAS8hJ2s=y#t+x5qh2Av_yl2~I;IZ1|mO zFsiwrOv%d3XR3obvtWH6@|&w--K4E^#`w2jM%J^V=J`c#bf41RmY1Da6N9s~_r3aSM(H&-GC_i;)(ysmI%)RFk2 z!DC-j>x#)rJ{;>VQ$gj52~e$_D?GG-_Gqg_iof(9H4FHb>L5kS=&OHzU%FkSluF@?ANRV_%aj%l74 z)6n?k-xBSE+`#^LdJgmd#-^|_fea@MthJ56@nJvx5jp4s{_BT5#38Io^!aezP{a1p zpyL~kryPP-gP0FG$XTPxBPHrz`_+eWDh-O?qj(taU)C$OBu3sI96^!YPG{1e)e_!i=wK%w`(~F9VSZXWV ze|3ZQ+CVpmjd)GK!Qqv#0HFM@OX|eeNm1Pe1}5wtoK9B>ruL#qRk)-eDS~6tuoSiU zyqXizu&_o(S?R<20!8M4NEjRC{I}xj3?oF;@fVDNA}T#V&m3kw6<%*n!Dkt;jic=A z@E2$;M#Y6nP&s1z=SmI3lM*Y#3MuGAT!5Ux%6Vrn3dys}Aat-5aNhHNG&2{IqYbqM zaaLp~>r~qu=vnKu*zO)bAYar76&`$d{3! ziw{BUe)YW#b(5Qwm#N1(4}NL4Ff5{F(6Vht<^D3KPu_c;d5&Mrp?|>x|GMgxU!5&-GA9Qw6G-3Ubk3rNQUA1+u zVLHG4- zQ}$sx4?^bm`G2(iWmHyc+Xf07poB<^NZ-;aARtJ0cc-K@NP~oQcS(0QN_VGpceh9* zy)SS*?^=&*t>^ppkIfIqZ~*h3b8^Lb9p@2GoUFUQvly=yl2NWnkmPG;Vdp^qeP0xIff6h(LuA|!o2Dvlz+UY%X`&cw6duiiKZ z#A$`dqN(W!Dc11dkqA7c;1)FY5~ntv&=fUBkrdHu5X*;gQDBcGQAMx6wDzQPOws$% z_(YFaUH>|&`k`wRPrPsDi;pSS6MhQD!qT_!1GfKUV9 zvF-KA70f<2SS!q`=lL)MC73Mi+|@h$@nmpRB0Xzh&}pV5DB_vujdRhwbitDMKxbJH z%8)>!R!edd638?QlPFOJA2vHeu^EzIq2V?4 z&}kC$N9wfONVF_9kGCw)+}S+W75gY)*z_AJxO$lla}mq#bnXTXzroZWXI9T_yE_A7 z(DD$FUw>F?jaGN?g`-igwY!xyvY@2jzD)0R*_=@fS)WE_A!emSXR!|eHY{6pg{4TP zxxttCL~JhDs*m5ZZL5I38g&jKDr@Q_YFW;TwN}7bjYxJDpaDmu#ORY-&g{frDK*vatz@ayFkQklTq_G~erY^1@iBzK& z3-j`u8^FEQv3nryE4DOY;x;z(=-p?+9Gd4z5AK;iQNU(n!rj@mY462&BGL$2(|`J> z{ueGCc9w=g7&Ln3Dv${KHf9^!g*H-E#sm3bNzN>ub~joI%h(DzOS`e4RJPy-w#>aJ zF@(p^)fkv~Q1{HCls4E)c$EW*DZPl^J^m|LtWL26G97RG!0o~6_oQ#T7 z5AF#vo^8M5BmEO`L5sF4fB`Pfz~uSpLCCqzV}Xzff~?j6UV;u3U#Le#pU?<|oCqFT zzP=ywqI0i%BI3-VhpGu?qJf~-#X3a|8!6;fVu0>b2$8JZsR}s4L_?jX2|ye zLhpYCpnvs)!H)hf7r2w~a@=tW{`DGZkpB&0|HYJ=iR2d$?(zGYC%^~n1_06E-|pis z$nuvS{oj7%PU;VitaqRA>2DkS9h&__p4YGoocMp;#qW^*|H&}^e>|`})SWsX+^isq zCswU4)*)*dA3yf(MRRmbc=qzYH*fXATxVpMndp^D8cIRwySc(lYu) zI{A7^)^jLj}~&E1S;{JZJpm*W;q=fYNU%a+-}F zyEQN`-9lvng1Q^~O4}hD{!revJKAa;!*p*eQa5DvSjI$Jvru*G#SxR7zLyI6p6zPS z)1HbIDb1nJx2QsbH$?|r4f{ZS58q8P+i2+8lqwu4z}6BKWt^9$Bme?T04%H za$ip;I{NBhbX=p{A6)Dc97q_RXdS4)!a&+k39gUGaSI50aI9Mmdn*vcz?1qiE_M+; z?Iugjb-Fc_*eK?n%dj)PF?HbDteNsadO|H@ivPB=z=*oK-TwP>xdJ8j?c29Hsa1=r zTZ;f-EGavZ+S@A%0=l=h49iT4=RkIV9HcDc<{7jELLb|pOJF6stu=DiBM|Qrz6@od zStCmwS+dq@?e`XL2kl{=>cjEwOe6IiV;NjCx+Q#diylWuBHx2=nnOp- z*IH!nGLpNDB1rU;tRMG=1?Vv5aZ`J`Hc-sR<{a6sVYNLu!c{1jDhn(ga1{~?k!3C0 znlt5#b8wV4`E~3rJqmF@Ep?>|~1+LQtl~i(bjT3GXt#GR>2U=2PzpY&Fm6 zSxba;Gi1-MtE*^^;(D-fNSX)^Y zTfPDz3UaS?_`pdphdXwyKdA@~x(wubI=}tCKB}OR0Mw>fX0=>qD+|END!n_S_>psv zTb3sw{tjh)W7TzRU5S`~Rsd^P9_p;NqD*#Jd6@rwO|tJ&F}k^@Ztcyt=z2`*Gn%ZH z^yjxAXJ~r36ug@vGP=qk*kpO7j9e3U$CKoV{|>Hi{tm7)vcxJP0}}v468WQ+C~f-g zS4SVDQ3w%pKNLdeE;T=+VF;U{(*WCWH7j&Zs5z}7vc&x@cSj=3v=%zY9|g1PYwYTk zP22x~tZz^+=8%zZK0T5F!I%|BTMky!;{{I3D$@Bd)W*7jW(z8uK>m~^6)?J0zh44ZyicE8n&!;%F4?hiFwc6dXo-(rlo)1xAN}8hZ4Aq;+1t$ zJ40Dh#B?k`OKo9y%K1{Rs!LU1PudYWB6?lTEi~Say(?MI9P$VuzD5`IU8xg!nOfa+ z@0<7bSGrh_aeKXQy9VXL(Ipn%!pPNmq8ET^`_fwQ%56D=%^f#Zug7&DNlOp(?C9*_ zRgfJdx_aS9*c+l9;#+|rVnD=%zz3I#w0KIQEur|qX zCi+tA2YjcNHAW!bJ*|;3A6@GHo>*JWZ6o9O9hfKyh3Xgun?FbxQje66B1wA*%oir} zVOKY282BzfTMAV$V*-*d1Rxic?1(DjzFXJT8EDTy-(*kb&?7O^1D&=MDK6KXCxDg| z*rTXVNvtG_2cH=Bdu2&aRlcv{BU^Pu)mW2(82Jt$5OIHB8WNMq&XVGb+~ z_jnG@t;;lhy@%ToW?a?G_lxl)t6F$mM92s192N6nwni`uIcu!bgYZZI9bgybj~hwojp;rBqt$dq#q$3JA2zbj2l<=T#&xht5aiI>^!tm4o99 z3lSLnKJ$=B1qTpLTU={&bhCqt-399;;9eQ?dE6eic`PqJFptQ5gvZzwH;!w(%9 z)}Dp{TnR3AB-;O55!UZGz#X^Y5BFujumRZTR#~Q(m)Gv@Zg;nEa7TDjQiJI%%L%%m zdXWOiSBNS|WUl+*_SXSF~^~rF^ODGsF=_ zakVGfvbe793jFcy7d~CZzpyih3@{kXB!lt z6aZXZbKQayrn=gLxCuSc6j4~wC=GFRn0+FNl;{EJIjBKVfH*BW;gg+IPqqGVnTWIG z48B_-HPHwIk355cmDG+V4PyTFE)1)<9<{>M)RFk6u`Viv-V zyRnc>VXKD7F!X8Jj^HY6*;~YNJ}i=;)o+jSV_+1g&c);74`;Y3UltyYAqThq!>sTm z)(3q#t-Qa{=G=0Niq^iynBYDv?yPc5D(KMkGfNhJVax73hf2u$?*Kie?W3Qx6IFo zTBuNY{m~OlKcvLn`I*N4a=JBiOh{d|Q^-k_su* z%&V1rYw1)(ofY&4trgETj?mXcS?sW6sJ?>oP_vwNh(k|c!0?B+Z=Lf&MOS%P_V9O{ zyoC658>$nmMf$5FHM4v(Ga}(tVUozA5rD}u{=H0L$F_0MKjkjHvp+Rgk?Ia zo`H5q_F61EVdb?3m0;!K^w56ZiX_}FH{qia8b%90O(WDwP8Q54z#VoCW^9Z#Nds5L z3*Cyzk|-S?9X>ll9z;5Cy$TZ0K|s(di@Be!@J@@C_U6pWH zA1I{%1G`JUDH2y}6x=ZC698&aWD87oqDO>sA!zU-5#6ikkubiX8(n;6t^Hfa9Pk{^ zFD`J(A$Cwa|HYNOL&t&Zv>o$yVPRp3c1P~5>Te%5tckOabWA%8a~Fk?syXwK^s@_j z4;>ejW5S{uWg`908#xnOv*Zmt8;FrAfIuTX{T zRIM8HgK@E}@fH%Fo?aOZJzmkZIR=eR>;^?-Eka(751?B>@REMRk_ZOWGZO~%0SWvR zY|&HhC1eD^VSrlirWR$c?K9!`F>xwEfmi31tO&{dna@GXbvYU~p|qA9O`_tqYl);9DoWS&kG+!jK#(MMl>3HARA`VN~WN_`)p(@jR~kl5L0s(Wqf63xtm z(Xra;{f>`t(}KBvx^>JgV3w>jU^cWjEx;T!>Gqn(TR%OVLxpYFg_6OT+$ys6W@qXEXCz%cP@{8PKL=M#20C`F48=O!y?0Mp@___WyJM= zn0FtH_$35%!YPuvQ48TTz`+2sUh>O$0hXD4%9+a6Qz*Spi=wYb@r#~Od8nT7Whf#$?>3;q$oG5MeQ8_`eYTag6cp~R;|^+V^{+Gh{RsgUpQD|~VUF?0z~ zV-KvQ=X9)*V7GBTHB{x=*jEM*+r|S&zOU~W?2d|R8ThsmIql+VSr;HC0`aj(6R#n#OiwdO9K=AyQ zg+;bA^}mwk;dAoxL`=qbi7;r?^M%vP!C6TV=*3tbZkyQ}>I zocT2e-`9Dg(?X$qhI$Wd<{Th#197ea4zB1a;f=~6YMyH01}6G`gw-7ut(CA?D@F81 z9ddH%4SYA#pfQ^g_oPO~?E}C3kzY`cpU*!mIAxGR^}4Okps7g$@+<$z&ei}hcz|_< zp{Z#iNM4wVKcI7taBGEp!Bbp^s%YN)6w5Y9N14N8MUm<#@*L=(&G5ON*>DFCEQ|M% zLw}VM=I^&3BoP*ZIFNt4Hl?2-x-N87FX43YPqe`utH z(`VcBq3d_f(L`D3oWdRbLX$~=xHd;&h(O7#p%<`8&r9j&_$r`tXmV7&p8D1^8F*`U zpuKpn(>Bg7IjF^_Xp&pZd-IQTS7Ja%22i&&ir?M;Yx1yN89{ueXiO<6=70}m-Q__~ zXjH7A(k6!hSMwsX9H=rCJVo%g@*^X{S2xGsKeT`F+LZ^w|4>Q2p(dBKVg!RM2Z5g& z6PIH&zowcr3+ni-Ls#$NA@DIl|p*q*eWJG-Fp>GmS~F@rv^P+rJWd|DZ#!1*?a=kzap|YfrqRQ)qeFCTk&v z%>Se{)24y>ix^=pmE{6&)8|A896D@*HrywI@br4lQ^>OWy?a6U@UtXQf_Z};ZN*SK ze|nz)0<*kFc#k}fJSIS(1#h)vjf6dZ#Y}Ci_wXlIirmpt{uD1ss{Yza?>s~C>h7hp zPc|VF+H{i9zLe@L;f1(1QQ-3lN^5jBVvF5Ne?(VH$EaIBVyD{qF1kd;ay^$NY^d4zPTX$Y^;dV7kZoJ6t<7JRFSk_R(F?=Kq4G@94k3 z++6<+od()3qyI@3S1*5YXSw>XtacE`_&;v-6_*To_rGG}|9Rbj?jFXw_{eOsofR}W zk#C)6ISsXbFPh3A{E6tHQBjP#-Dt;4G2x&A@yV{sJW^-vEHF6|z5#a&fnQ>uLv+cJ^?19z^zrU3n>PdBQhnd4F{GD`PPKCLd!^f*0r(EcWZXn zjo8fVV{!o4YN_7=-nTEzs>*|L#wKs5L?Trpz*bX>G#~fC9OhB`TmdIrpZ>PN+}+li ztMyVlYFwfq2oBLIDIxLFi`$@LMjz8KL-up|+Rv7G>RK^%GVEttPSTaxM9P}ylw`0T zpjmaEJF~kO_xvjQI&-=bt&?njA37Z?4GObr`aMQR{q#eDg+4*FGOruzEq;{$<<@QY-;HZcM@(b{qTX?y%p60e0mPMzQVjA_XFDp#K#%GRm9EH#j?3 z&E+)|xuJqfd@)+{kmKj(A53+bhYnLcA8Nm;vy)SxPqVhuM{<7Im{)$N2+1*{UGco!8@kbqq ze_H}|VHS`amXt`L!}&r~OKWQ{f%C1)&DAL=bKcOI&9MUhCBvR28Y>myea-ia9=U3+ zR{Y=QCNkTGJqmoPA5v?4Jl5gP( zcy@X-GBPVa;L>%iZ9(VoIURqPIG#xhaD^&i0RFEcXl2hpF8Y;$E~LV$aXLAnCf5&~ z`9~ZkW$E)_43oa{kjvNWzMDa`e%;cGO5t{{Ed|s$&Jz~K{FwX}+n>6qaf@R&=9UVd zj*gEt>Qc_!qtI&QaSEaExn-x%qa6`7JH>A$yl}S?(x&9g?4X(VT8(>1LAY-#BV?PL zq+H-rDrP@&42p)c?L^voqBg&UX8Ez7k7l4tAo@xCwEPXOz!gsPrWat>Or$KY$Xl{R zp?`fG`B!zuzrbD(?0IaThfa*J0Tl#FsmnG*PVS4#yYOvAoE37f8~68{xX}4jgkUKP&@~ zF5~6^O5(mfadk3nc}*kY+}N(IKd*=cDCBusu#{1W{*l&x2eC`1 zMb?(@>H=vS3SU8Py_R_9V+t(~2;$?)T)%@Y2+JzqX`Q3snd5MC*>=+Ve0@-kl=Dre za>R6#hX~krxUu{AkM6)8u9E&>Wi@<@Q(L+qUX4-{UkwsVKc=75eouVy|WW}OKXU8#*!Sr!7x_JaR~z?)gu zyO>lJvAq6XBVviuT`^I19{_KqR<75rUloy!;QRxh;lA5L;LY~|f)EM^A^bUVHGb`I z*YrqmLU^op$=V<~{*VF!ydTWrD&khpeKRnpzh zMyA;T0Z)QzRH?6d00sIBpcu(fld7jEKl39cBTI=kF)=BsKR4XNsr%7z!)_*gH$J4L z5asa#5+=g1xq3+`WV~w~BCmZC#~0|vVyKt66Xk>G3OpK>W=X*ikq2aVD%V=VVP5C@c5jiyE6!^$_WF!k=Qqffo7}jn4 z!yAxQqDW0kO9O-ea7wOwngfL8YEaS=62TqI_CM-Q0Y)K9`bODJBnXcq@g<<@9a$_k zdtO?A=>alomK)TlF)+mMUc*7i{riLT#{nFbA;g;bgfXQ$=+7)mGl8u~e~)6$B&y(* z?2i}nCk9#8I&i9TG(d+DoiGEktflzfIk?&JM29jUByvF5y5ZPJ1%_)$d zIt4)j3SjJ**9Is8-90^k9X~Zay=ms~)+Cnx{Zq5jU5-)01`eR?@g{mnwMm&zEt%=r zV5#`!IU55VtFzE)2X>|;y5r7>I3pw6IUzktgurJ^+d$!^y^>KJ^VOgJ2ydF8C>|*O z2evm4)cYhwv4n5Ex3i=LspySX&>&^IW4X`r`S6MYeG`|~t!et^x46OJsF3;=0izIF zZuw3Zmh8xTkH#Npu({4^2~o&cV~uOgirM3Ic{p-wR^{!dM ztX6?}nxV*zJOSaM3fRZm)Q{2I{6d84bRKb+KtS1*=88Od4Z0)wFf8!w?{M}7(-qZc z8}E1e@OUW~{noXl@cc!AmwTsnt@(YbtTqQQ?>xDeT+zT}**gAAt6B<@;F*}BuR)-8 z>?_R&ZMq)3dV0jsqDoyqB*1E86CJiYvFpbA*`QnDHLbxx{rRQ%2ZXcp}*L+XWSG!b-#Dlkjt% zuu9+m*t|AOik>~C9)Dge4GMV;e!+o-#;v$e4DtuTD5Y~1H>2)OEofUv}f z`%hYY2R8omjBkP@=os{vpi!!i;HZ6t<;C=;vAF&UIk1xe7CzC`Y8DfIoxQy}N$)@% zOP;O)0&A<64+GFlF6-(Fc=5 zDSmPLfcYO7?R8B}2&^$-DU)A7_HRgBTpl+80|SGUs>Wt@ZEZX}IB#;C&RCMO=!rTx zv2`53GyJ0+Ku&(!4lreSYd{$5l^A#sW;C+7Bb+%*YW(KJD41be<<<;&*{STTFL z=;S;TDlg+SmY=K`~cu}v8By?pSh;baqYxz%C zAXNj>UJp_L`4qn~2FYCf-YdRMM$GmZ8j@y21YR21+|P7%bj)K84h{g*R%WGYJ#m=; znNa)8yRT0?s7SE{LPcdV_0<3zrLmQOUEN%J1ER0<|21`>GhRg;4Qo&-$X2Fh~;ie}+3lvvO)Dv1_}l>{94nfUBg9VnbP zB@m$5mQ6I5`*|>q-o57;TW30J*8~4;UfLG_)kBc1uH@NPtDK)NoyWe)x$u00Wniou z$I#m&^jS20Dx=vEFMoqoF=WYY3Pq!k>v;88!B{RjbPAX69p6U!bzl$+nOP}|kH_)T z#(6Y=o6K~KM_m9mWT`kx%Jd^6zY#XqkRQY>G7j)g2wfz?aVf!R;<59Rf{{dKub=sc z(UTh@pp~Z@S;A)6boxbeJV{RuaR7YM~>tzfxC0{?g zG6R05o~Cp=R&ec@N`n+EcjWt`r%$gm1L!lxjDEw=K&(%fZk|HEViUWoH4Y39Fap=r z)m2rLm6Uu1s84d-!@x7;wjGkPK#s=8$7iV0-Sbll4#mIM`JE^P?V0%FksaSCO(A5R z_DeyJGKk^HBNQD?lGf*Rt{veOF+$V8lL0N7ZV+gTVp=Q&+r;~=6VqphoYM)B*;0gR z&TlGg*Cal~+g{&D7&F_%=UsmDOsJIpU>|NFD>O;ohDk_BJA=O~GsE=YgAbNRB@sa@ z5tPpb689%0CZCrF$7=6wmuHPlYRl%--ufO4JL|E3<2meob+o|6hTEWVoD0Q%wVCSs?*~X+2b7Vzu^WfB&0Tk0Yc&%IokL4C zAW~lO(rVYR`1$0~vXP<3Zf{3F$48JX-BQqzJN}`qpLoziLB7Yy*5XcCq#&7@q`7|X zSF_Uwfi%yOHZKui&APN1-%w{;FBE;AddafmYKC#;C7p166}^@JxnAfJ&EQjFK*34s zyf6#Vv5V1&15{$x&4kd$K@RvOZG3im$^>b<6hxeXt=N+xiqZ)7z*Hq(uF1qYl{psjEb)HAJlYf~SvJqTXFqumJGy{y<&RSa1j z8t7XyxOsPOH|(u?)gSubH~BNir$`!Y-Ig%>J^dNo(St3wFQ+6?YufwYeF{4 z`PWpUoqUh;Q8f1$3wHDP+$#)#7{#L{pYs!pXTdm*9l>-W*-V0Cm z>-#gy8Iy`hX!7*HCg6{>y*yV-cJWWggCZE=D;cQMo;725kth87r8&_SRRzIyH!dN5 zpF-GjNx7%d4w0JE#+Y!WJRqqctuS5X8?Mk}idE`)IhKLmT8C)MS4?8>lFF zczAA~{$Fo`l?ye|&z$;SFX1RhqR(QpGf`20Otp#?%>(ZC>G<2M*&=<(4V5?gdwwAf z_%rFCJ>MK1|JkIJUP(mq#2?ua(V(Z)psH6~X!U7t|ub_XH7f z8;K9<@#Czi72Af3grVw|9-0R1=g$S>4s4Q(B;wzs7|-><1NW`z`D?}|Q9(f;=__*l zz%Wj4EIVuFY)zhm8ngTnOZ`pBEH`NhXhK2j4Z5Hp2~%LfWo#^HUG_*@U&ry8{TPSv z6jVciQnWC}v*_~j@(mQEBbOcuii(ftElWcg;zO8)+~!u~37^aaYh`T_io~5pjtA%8 z&fVn6Du^f$yej#0v=gxGoto6vyEGiiCyr z5$KVb0HH3ycFs2_NL*A@Hn#V2;W3A#H`0?-7=5|^2nSx|0rj3-tViA*Z)+~ntCe|? zpH`%1`pyplVXJQ!Sv6dYJrTmVDO-G87FY|^L~9(@yIaG<>WOj+PmrWM{^^B*g*!A9 z`Mnaw5+HH(cXf63^oWRv$O!APva-IBee>}oUwX>bMyj6f@O-<-^1ZNdH;wbY|Iv}v z`3otiujHvPcD!KZS02KP966hUCPHhvaNN=`wXPa@q#t1_%=z7pE$$0{$ zJeo+R=r?mEoQquA9?my&X)A{}+4iTeKPrOJcA&>H*PXNKJ-3!3=x>kAxjtg;Z}2vR*mUGf=*wV5^0qP_(Pbsa ziwD%s4)?n+Sk+ZF`&stYsPfGZRrxxN4mBAViPa6aJttH0oUMCkB__~8QZ%A*x)(@V zn4MwkUKms@b|IJSv>9nwRawgdrG}qlnsbuZICUID`>1`7i(7kmCNRZn?T9%`qw8Zh zVy;n2`$IF-}Pya#&BLu{Q;gr7JDj_o0KpVrSo_l;Slu&S&=RyjWvu$cae& zxSPdsMTRkNzmAiUjtQoQmvX8Pedw91wb2Z5x}N}V;s!H%2tI@0xdINWvmwt-u}91# zGp?-Mm$I@|^p)auW^7$8{_Cl!Y70N|XU|SWD@w~vGrXVUCcOEMQ@Fd*r0VdPk&&s& zJH-rj=v3#?61APkR;+36ThB-aF-J$=UG=l4ra4_(%E+g?9FmMbc*I@lbR56b#Zh3u zQ?%~p)4uXz8Wf2FGUVlBMt0h!ofZMd@teA?$En{6^OEnmytWHd%@ECE1-rmbR2SjUQ>3557^~BCKI|$lWce&gQw=!5d+VYDZ@fsnKVq zjGJfA*wxu&3td8B_dYqTC*9VNvkjBeo=z3}eVVR2kT1QRKYJ?hR7y%pxT_Z&^Qx}9 zDT*$)6dK@QVY@mz1qB87PET*HPaBF}e}4!jYs189GWI*W zc>N}il1S$-*%^y%JS+U*3`C7kI=+q%voEqviR2e?;Nm7!&JJ@hu=QwHI;X%&-?$DT z>*=i|DGX5D=9)rNj;16eDgcr(&Xjl%4h=XQEhE03nT5Mb4~OV?jOsTyV?OvED2%52*;UOrZ- z&B+#Zj^GtI^v^rX-BITi`z;)4<(T_M@#5jY*muJ`jmtL2IxeuEa zOnpUjJh<+-)zs^EHXZjp6YC7j#n%3%hx=xQA#bU8hr2LHP>k!(cPt=2;7O1vI@|s2KZzs-=m5g%!* z+}qpmAT6KST3SLlblRZ&J~}&$_dJx4JpJ^nQp|Fvq`I1T^sMtM1H*c$gN&}2OrE{y zWbP5SK24sKhvbZrnRcYx<271amWSF4iD&guQDRD+?Q5B<9`r2Lm0x?`QxIbuJn>oE zx8=s+o3KXzsxebuh)azUjAwR)81zhGMA$4LJu2_r_+*&$MCKgrg>=kn7{6){=mS=#SNRSIxJ-%kbgWD7)fnXxJ zkdYV3tA(z7ZE0VIUm+OtEB>H(o}oW&51X>t-D>+tTX8v!<3K`)vVka;4{fmYWYeHQ zpE^@@b4g3-hFl?iP!2{-niu(xI(PPirKORfA!wFa_>n>=C@5%XXh=u|&YT}}aBx`e zzJo9^jZaTs0HoK|)m6Cb@~g*?;r-hkc3P@+azc8}@J!SlY_Nx!Y!zo;o(4ng(rvW0 zd1A{q22K#3%*Q#to8HB>FU6qB)IpDxu=!}{AU~Bp*t1&Z2z4A%_`E=V9d)-|Qn%Rd z`@)FMJNsXYm?}m_W71~*GIsgS< zZsPV)jMR96;W4>>LuFQNGp=aA#g|Vu^&AXe=BuA77dAU9v#Ee*JxVKM4Y%Tz;! zl;e+G<5)bO#9x&vSeoN2Ojn%@wCv2!mZ9=iL03P7ST>=T4eWcC9jd>`|qc zhVj$!%>pDoWIkSu`x*>X^^ z*?QY`6u-H6aJRHY7bBQR^~%n;>Q(<3lGa#I==xs^qsm&&kTkyhx#OFzhyb~e1J9itXi#2(ow+#IL9n*tk$pB?6E zbuhex-@R39K`}7VOxzPmcyc%?fE zx3X)|2=F0m!Bm#6?d6HF(qBCCIx}|SiBS1sB1j|Fdu;~lvV@J5!L17!`qbu=V+xKw zdd?UJPh*oG&zPoEQg>HM^bDZksaRh5A$>91ce;9{O^Op$Uxpn!zA=*q&7N$s69|bl zC54ywpN#RiG!>EZI04hW4L$MXX@4ix<|fukh5y9Fj4TahlVL5~RDTpWebB&vNESfm zvvR}_9t0D6?{kgaBR2(y;vGVJ6W>fv7j*Rg1zu-K&WY+XCFhF~vLwMl?a}vmd_Gxh zl+m%3(n^mXs3gD(a#n}v!WGt>ZP9s zKpwmds|-|s;}oZ&*fc+6tx#bQ?TlR)Q(iaBMEc!2nQ7Ye(6=o^HG)xzAK69?`a8yW zE^a+Cynpur;a2~XyjAiE>vC{}C;yt^4&Loojx*KVj%Tl>6MCym&+$WR!@lT}OzyiH z>~CQiCFT0hg>D|xyKG!aD&3FE=u3xF8IESVAWgNf@(0rYu{7y}>M}*E4HoaipBVRGUyE@ylOqVVe#u_Uj*mL82y>W>~gY)0k7n&ikP#NN_e1r{a%|YY=AmG`bWVrD}g*-W_=UOzi+mE;7sy?`lI}t&-r!OqHdufp>a3VXjJ{6%{AieUptCE6`E%_#>zWz`+H(^Ey(?;jTA zicgKZTKGU+-(zH;n44G>z^*+cFArSgpNPqi`&X}5;znfmCd;v1e=M}~{BdS?q0zbO zFxePeZEE0euam@@L@B{TGJ?j(`+oleI9-XvoeZ~YhUY~L5Y-hbOz~dHnkn5#NO7Uv zPeJ+}LS;+46$Q^?zh3e5^duvKed*OeJjc~4oHHEzOJ)s6`Y(y=+An=bHn zkTK|tu|UoAJ)1hi{RBynId|9yAgk;yg_59x`Pb41|_V1I>wN zsp`$CzAMH1tF%fwwnNFUq5B5WmEzgnk!=ar^4hq^lfs6+5HQyEn-Jp>eCO`(=VG#G z<_Oqs4jIQv9PGEZ8zjvlmit)pqG|q+8?gJ(m7DiXejFb;TtLeG>td>(}+7B{Q*L?P7)%~#t9ygZvad1ti!0n-O>)dk*OSLG*Q3DN`kCT-5PY}YHoO_)V z^7?fIs%O&G&U@jm2kuRcY+(DD|Jlxzeem7PB@WLQ-}!1=!xHNdoO)`jcx-GK8CF(S zNaq{Qh)v|q>c1&p7xyrsK?Z3duuUe?$aJG?IwpNgP)>?ORvPM0qRsG zHeIB7S8=omRpwP)I6rAi>b#@}pA?nMf(v01h*z)g8hr*lYIv)ZcF0PGHXMe z=P$&%Dc>x=e_@_wTUJ&V_ZBv9bI?_xX|6w@PO5dqX*gYlcQ}x7x~FOyozKeY=%`tD z_=^CjXh-`FU{`r+8nnQH^)lj~HL-%VIc;5G@Z0Gm$3k)1?Mx2S*c-ya>==Km-t5|` z1nZZHQ=MpHGguYn!@U2O6|&B}ZqO7>o6!jN$TCUba;@>&knY*706kuy+zs#aD}U-!reNkp`Z(@OpDuvj9%LeEycN! zdti2$rYzKkADQ?q$4`}Ufo|?$9K1_8 z_!_;D1VRp1&6ZDgXC;Z3CuBL^0aW_3r}`YmlF}(#Wvu7~P)f|D@A+x|_R0t7{p>(w zATvR+>SOMui4tv1P0bm~y~D$gKsOu_gtH;pt!ISq_bDtU<6~AgRoEt?VI(Cs+34qc76o!H#Z;Q(^PYSBa zII+ZU51|U*!~%D7HZ!l$47x78N&p_x6FOEg;Cwqdz`}Nf8u^V}UST}lKSRDpu6UdN zWmKl53$ICBgc2vfvmeN(!5}*$m8bcrsNB3n*sUzA2zpQ*g5Pp7sEA?{aw;e$^ACE^Bg7G-6 zr;LjBMa2repHsVvujVwad@0d=zue8n{RLr8YG~|znwj7wz*YTXGe>qH)0Wq7+(7{u z-BT1LJEkW1Z8gV?5S%SYGS?MU4Me|H8Do;e*gvrahroKqN9|})V=K?(C+yBf!ebP; ze@KfC?aES>XAJv`)dO0Vq@)EAtGILhV)ikd->Q_MLED3@QScY(6J<|XL!Ga$VtNl@ zP>23Vv&(#w4WDB_BCj+Y5vqcMlt{{e-N)moXC(zrg=PQGc9*;O)YTS+E)U-^RlsR& zeo0tSs(X^_?D8dh?)5~y?=Z1SsEXA$WnV6G`QuWy^v`#Gw(MB+3^)YJB+UJTxzYl? zZ*sA|NiCt%#Ea?S^_Z_2TfMc!Vt0hZsOA)qLW*2{qjD|fE#o*gDLYghK9 zr$@!tzp1-XeM!*uhU%h@#R2F8a^~jSfotl4Gp#Oyek~BEh0CrDThHXXzF>c<${hEn zF=x|Hf8?ATAER5EB@S#IDs@?Kp*!uN#-r6+!j4>L1WraBTEBDlv*`D~+1;1^3cuTW zRJAHL`u6SqXX3?NYxEo6h4|Udcz9ev!s_$S)}#76cQmbzyQ91*^WWrk{r~Rm`Z_bD zJ>Cstl;~!b&xI#oZ#%uPsbX_+k2%599E z#!A2mCg7ynhmI-eeWCeX;Mq`M=mMwpY?Ls3xm8KP)j}Mn;lP=Xix)5cXAWAkXv5*z RPIo|KD4wo&^Em(j literal 0 HcmV?d00001 diff --git a/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-swift.png b/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-swift.png new file mode 100644 index 0000000000000000000000000000000000000000..e380f0e6eb3912a531143c8b77be62bcc1b45cf0 GIT binary patch literal 41277 zcmeFZbx;)S{x=LFHX{2TwT@p)|NlBN2fV8kIEU|Qnf=EcW zfJn21bi?!A`{eKW@0oe$op;`O&dfb$;2dijj$X!kxf$umJpR-4Ly+~h}I zojcEd^Za>n|6SWfCVNqTh4!DDUSgYGUBB{OzC5veW$etwoT%mDQd#UWe<_s5bk8Gg zdUEzM_Azf(6uYL6?D9$Z?Fn6N_)pKa_ik&+L5*o^92X}ir_oI@GGD>hOI?2c{>zui z=}F)6Ee{bTI~w|bzxV%-Gr;_Dn(a*2$CwWl<2)u%+(JUjt?}Z5`qlFzRTT(Lzjb1t ze(5vAZy_wUmn;L^-3`2wWEBI)a5@}9sah&CO35>_K_H`1AUr>#9ER(87X^=Ut9wh_GHcg23 zUVW0%(%L2ApYRLF9c&pZc`Ny9mVCldcr1;`4E#vF6I#7J#e~X!m2dp*V9}*!cYn!8 z&gkn2RJLrj8XG5PL!`c3E$`KL6EBj^iP?=rgtgc8$s(-QULL2`3u-I#IrKK2x@tG> zy}wg|8M}d*bDDW~t+}J_x6MGdCh?0Obp;(qRCM$`3cKB<8ad8&o1tR2AUNWSqtK0y zUyR6a%?}jX4wsi{VAyL<`439s;pA#|hnJo{atIzyyGM(n;*gTsEvebZiFoX7*++dL z)cxLF&fn+IDXc$C!25~ltn6IJweLFZHW5fUpI-=tkV6J zZmW&q?{T^%mqdB3R;T!5EV+3ywLDJa8$wtRtzY5FmWC@fdvUrthhu(hlFsu_7nG>* z$Xvbjg{qK?;bS)1NMr_+gvZ8wj&@;%%Tfp2&_H2OTY^;Py4UW8+Yqe*2Pfyj84Qcn ziDO4{d_UDwNSU@=q{>_zsbUiQ($v(nQ{uBLZo%HSs(H3M@a;cl&;;r%J{Mh)p{-_V z8E4lM!>^0c^gGLfbDizv<~KD7E>4My6uym0kn z8$#KZ_}^Hnxopg9kNzd3T@-)nPHGlxmzHco-BG7K)~nd+io4-4hlTp45KY zQ{}OlBF#?o$7|;tjZorV963@)CoV&}(5!6(cYdhYCR4k!GhKyX^d*m;U*~CSrGRd+ z9@Ay+^&aI{WGd3ne);Au^dLF{)sJc235m*7Po^mC{*fR>ynr?_@yogE`x;tRxEorP zr|$A%*|;M*_2NuN>Nowvb^XIkKmCK1*!|s2pVg`0z5PtN{qF>;_Fq2xd57H5J_pl2 z&dsa`ZHL=(1#@hN%WT6AFOOOE=3E=?h5xNP>k&HZ#gzwf((Y?Bp+0-5xpW7A{Nx&i zcOr7|5-OXE!=kh_&Wk^1v(?)_sdJU-ME0eG(j83dA1FCnFANgOZ)#EW2zXNMIa^_D+n0+j7vtfXZads-!|neW`*OHp zcZfVZ>rs);%%;5_Kf2ez@5d!4ci2~RK(JK|V+lh;okv&R*WT;N^PU`}3_D|LVlo@= zFy27bjKBT%VzN@%rx2N{^Pc}0cr~WJ1k+ZXGR1T9Jmng+v>uu1>DuK*mOYj>qbW*T zNi5dG<-uZF#nxp=&f{7vl1|-(nDBs(qgwpB#obc$@bRW~O>75??lImK_P`v~g6@@5 zK!1~TJwk<#6SLU~J=_XCyi~^qM^v*NU(->8?(!e-v;7)xW7CgM{@rm1)pH+}{VVTa zF0W`&A<@1w?Ov{W>GWJLF5Z;0E}ZL*o~UG^j7J9b+Val2)&3V}hmH9G9qk(LD&*VO zry1t5=@7_L4N9NwSf4Bm+ln$e=#;XG3c=PsnpCUMf3u^>c`DBLQNv}9-=gI&-gx#= zTvph79jiY}v+L)xb-Yi+mrUiNgu{fL_bSuCJi)4uQPlEs-pt{C%^^<^Ox&F4HRb;l zY0O#Qh(q7)x#+BgJpGzQtVhpx9DE{dP&ftO^2WkYf%DRnz9-#eSUetYGvqAGe?#T| zJUYL}kH(uf|C4z^@$4WW9(e+Pj)umno`&oC#Lie#G~&{wqz7tQrluhggcnPh=*MpU z(tmc=nNshV?IJ1Dh+4Y?Rcpho1W`T4>A>!x3I{fPgQ&p zF8c?{cpQdeU|?VjpSF=)#Ha2XwdMBXZ|D!9Y)uXi_8rJfHl2P(vZL_12|Tsu|1S7M zK6LrxjmsPy$rxg&;y|#0MM=h}^ z@R*k2K)$hG@g*_qQsjABk0A=LD?FLz@kJuyRScxLW`uLyS(^=|)2nptC{eC-UWm($ zmh;3ay7}i;xvj?7Y2GXk!FXNa;!2es`PBI6JS{Dn@cWHamF`3Po_7>E2m8BLN{Ipz z652t5!5cc|PFcvxww|mB}3%%}Jn4;O0o#nHrypocC8q(0R>drKg6{rTY^ z>O*$B4_Gntb}UNJV@#jD_B`CO>G$Di1gcVsR_b3nR=BoPpEy)#7Ml0u{h&8YnCkLA zsBD$^N13WbqiFINJCUq=vp9n{S`ixo>EwkN2p;De`NkD>x4Y6lBUf{+u`xQoN(7!Np27{~N{ zS|8~=azj|8bodHvhb7TWGBCS)zg2tf_C`xLo+S>#IczX`b-XhWbcP?%$tNSu^<_%){gXKZBQvKOI`gdxIDRivTfE;}mZu{e2xK_nTt{U5K(m7M*D|d9MKB zSjP8YQN%A_&JK45%#m(XElIW~&{{9CvH5!>52mNgak?mb|RY$?~gB8I;4JKV*QQMz4a9j8rEsLDp9%P48b_cf^6fC+wh09LF z*6gJtyh7d>-8!yy|96PLfBu#zMb3v0LX68#pT1qgX~YWZ=bN=9*41&MTUwaY7Z6OF zBKAg!Vi!q$30nfDQ4hhw;wA3l17Ge$IiDwSXlO|9r_Z+j(C{E&0zV9*=g)gm#Y;E4Fkq9aAAVy?YN`_X1&_EsHvOoI%}B{q!E^2~q(?N=vh5AJYBdB@Gj zw39VEYlPgps^haZ6E2o}y_QkP=#^M|#feO{q}-rng|@d1!Aw^1c^3^#VE+YG!8D^P zi|9*Hk~knl7;ejY0nAkMZY9Gi1;xbC!*bwpx}F7yu|WBvD6b0QMFY?Ow^p6MpZAOkM zcfQZXjmTdd^j@86EpIxK1IKNdu8BqJ1l)vH|D$%erq+3LiPLj;1Gl&DC%4D366~tK zNnbZVZ!N+0^rb`c;!s;l%Y7Nd;&26n$D7H20%B1LKKrJqYm94prO!CHjMIWmdHMLd z*=Gl*yYf`u{iQynU*qldv-Bqtr=ybpAify*M2*{OMsCyhOU4Td6o6ISA0$X(+7hdD z7>=E}Xs}R!m4a_Tlf{_3kxorRL;u>wOvfWcQ+*Iayto?P@9$wl0=>kYw-0_-8-6*4 z+EMJk_w#W2a4)IgqU5V=0MC_8@+9V zWk~MecN=H?`}eatsN-&r-73|ET6lznIy4bSxR&Nsa|b_uhOJz5-DOb^AQFIKols^2 z?U=Q1atHZ96m=fYJJ;LQ>?0A?AJSp}z~VW~wGnty`KkVD$K|_!7B+zM5(N5H2OqfA z9IWRNQeZOm78{czEiJQ=2MePII9MP$k9&df?w+!~jDqu;d_#i2xjqvU6QvlsiOET* zYYqvC0e+9`c{PW-HL>D9G?_%gh?+xV>_>8b{`@(*zvxnMt*jyBuUcLyDP4u!Z=r1B zHjE3cxa6&WHrYOz3h;;qpagnhkD!yN&obX=&qaIat6=J01&Hl@4^v42g1Msu+q|@g z6=)HHLF6<&-+X&=YF^bfz?ha^9ZZpVYazxk+t@RjLJAmR9- znOBYEF$OgKc0Rj9utT4kngU+x-T3U`Xk`8)B04&Kyz&(Q&2q~N{WlBc4wgfq41Tn= z>EjKak9;(9bAgaGO>`u%l<>2%Rm zsh{a83^tcwF7AaMF3T0Y{}uFp;<--jxZNg^VA-P_XMrBM;kG;RAgZJ@Q2rcwFD%-p zQXoQPJD5l7eLwss2Nyj4Ejs(3V%5`x6Zo%Ft+ddSe;L+&t*qRu_KK`>8PPO_B9xFY z4h+1~TvPpN<}^^M3K($P+mye7uSsF%Jb@FGah5sFp3lEPB87S+QV7z=8a8n5#~Bk5 zo58iigV96Xa0kzZq=U6g(*5@VfDi1r=gyEEDz`UA?VhOxGs&Q&ayu;eeu89=X!d2Z zeC<#2JWio+#Z6X?EW%xQChhol@ah&LWLThsHG7kS1lB;RtF$R+@Rf47nTp_LxLMnJ zpMy-76YO9|1Gx;$aD(xigmD1OYWB(Xu+NdKrHymqy z$r%tAg&X9qo&jCM2MO?Q9~x-c?qJG}_dGT9$+#Rn9o_!ccxd^|pk`QD*dNej`bJ78 z0ES^yRYUd=K8Ia$`;k`DCygrequSH%McxTzbt_@_IUF9{M=L7_TB$#8Fss>awfnik zV|~TdP7BEm11aM8Aeq1z>5q2?N@qWQ8@-lpjX>qDg&0H}AE|V6{QQElywqt{qc8Ub z5bP@N{XqtfedxG_t>tl`DAw#+&d$Y%*9sw_Hrb%?C2FPvfIN$xs6-|J9#{X3F(?S}PR8B%R6Ar(drR zL^AtO4U)J~S?9FVe1FG2ojmO6mDN>fYCEnKd5RqO!2ew$#q6Dzs12lsy|4co8h|LU zo$(>>(%-mlle<=4QBm;>s0|_dC-Bvmxo*F`;k{S-Aain;>MNrHiKAomkMP0&=PMa( zimlgVL=}grmP^C5W7IxdU)~8B{|xMBhd<emS5Edp(~EgSi#I&_cpH~U}wm}^W$ z_Idmt74?6=XC(dqg);!}KB#t=0Dh4Y7(%1gv z|Ei%rJ<`|bDE`$Zxn-oU*^m9rw`nN4(T?Qs_02PXFAmOQpDLzEK8Ei_QjL)c)uok^ z^aKC%1I!5rGl@IiU(*j&Wv5SpT8%>Z9PGY=Qr#1}bnlY!dz z&(bD+tcRmBJ=nfT9yM7c-eFQ1wg2J0u$d)=#kB=A9odop{DysfAMa7xCX3CqCw~Dw zNX)vwz1T(V)&o_+__>yd_r-mF!7jnCol-@k!F zmQU7(MdI`^&>PO7dxQ5s+^}y;lo@Xbc5LpsC40dg>9RC39Q{%3)92^7^+#wi%*w>~ zP&T=y8dzVBJ$xcQ6h#zZiR>VDZn1_2G1&9H83hKH0_KX4Ersg|0lru}%soj;^SalZRlj|~3ShdEfF2QYI1 zE!O-kWq$x#07w@-$ivND)`{Y7SYlJP{uJ-oN@le-GjGO0QuW|oR~91Q^$+!pSQ#0m z6vr<40|*acjGjazVg<{^u2UR4vnHEen7-O$x(;EXWIBUH*| zy>_++J*q$_5b6Dvt6kVo(hG*dIt=RcNf7RfmWN90>_#f16J=Za3Vwe_n1J*=($HZ? z50!4E?$Wxh1Wf7IK%p6-k0x-fEnN+?9e+^WW-SM+ZPVRSPG^>I5aCFEy`*k=?_Pk_X46H&%F|jd%CEcpewzzliV0USF?pdYJp{%$|bS(S;@NX}wZa5w3 z-3t!eVZ-rqKGh}py6Pu+R6pQjdItHRs(Mov;}EXbuV1&m5wVvK{bkY|Gs}M&$>8AV zI82cpIwD^Rwm{slycUAIH$^GPiK`CkuGo5jlWta=^~SSWO~h?ukiovl{33RIQcnd^ z0=r@#JBr|8*_H9wXbit5AmGgXhaK&-UHO(ps+S*id}o_ny^un;BD36Dv0SCYF1vhz z;$PL#Jxiui3S?+WJzFru?eM^Bb?Rhs@iFpVI3~SyS|)MZB0`3EEtFn~-t+l@C5|}| zF3~}1XIQ1b_TBc}+sfBP=kNFB={Fx6cA&g>&kL82(0n0Yo84;)x1CRq>C+>R3=1hwFEVr#dVb`G@1!QOUUy;?r4hp*_fUpI$e;7yw8N6+Y2xvv+z1UhYqdVOkw zxxdPzg!#R8p=lXZ{n{!;O2hGDdbM?T7K8c|JYwAsvQOZlqL(V91Q{J28j7q3nowtY zm<()2Dzy_oeKgRpn3c5~rXOnwU=1{L|2j+>4 zBC_muQrIw_^t*N{%gYA=*o4L?pZgYCU}9xg?Xmd-ckuP|OOt9bbh#6TDC=G6v1$7) zB%!F7rFoB+5W5E>Hf0n%kBBm02MFgH1jK)HSLiL zKmnUVpkXMSCWx}#Fi6(c*5HUhUi`{xzydR-RC%oO>u&0}>B_tVQVI{#EJQ zM`W<6w^XCQepQs%=9<6Bcf7b*6+@L~+LpKwgO%4&-UV5ygE?}L)OHRb>x;uf{64BT zd7MA8jm*@j(`{47RJI5@*Cr!Ban|lY*8t&^FsxJ5mw5q<#B+a#pm%Y5F4>(T2fPL+o4#tIV8kI{fy%$29IS?JJx}=;9Tr z)nE{OGM~*R2a}?$Lb;{2m2^MSfW{6uq?W9TU6;?Jx$h@R*HK~imJV7hdHf3K1guMSfZ#tn>I>#eSWXab`>Z;nfIsRQcaZ3;-56qM1JS! zQIcpJ?0+YT$({@dl)h}8DZsK<1o?c0@Lf) zuSdqOWWHzq{_53HG)Zi;>ihUSF_=lr`dKq;QN9bSxP(v|Cr^Ox!K)7xFsXYtnqbIz zzQ1d-zxVsM5w3a2Ea{{9-3Je%tvtMP*aa13^&A9dRb!%~%bfMcbBZ~_3^QLB#4>ZN zgthI04q7!zS8!N>N*?7GI(C)dkll=mar$`b)Ty5ins-$!1VbH~J81TW?y0HuDbEO+ zhJbL33TBnjLC{qDq%q~%<#Vd>o4u9^(jf9U-(-8j9cTA=dnr6O4zwn4j&N0#DgA2J zTSkv*45*mI_GY^>JIu6JD8Vct!ra^>_KlYCcAp?eg5*|Z9H*h7QE3I^BYhq80@46D zJoq#AQo3oVrTf?m&s)35EZD^^{IcHj-C2dhPfCoxoz+*_wkGm^){Q+ZE`vsg>A8}7 zesVk+3(B7C)5eGUx);~CwQ!&Ymi!+727l-GMAyDIb8$#I15KAgfZ19>Zai;kHzgJg*~^Hk5l&TUK!CqV~xCd%GPL_l?jW?xykuw!gPknM45C+`LJxjwmzAM-;X zbDlkr!#Jg9{)&;A$p*owV)7W3NNRZGSAG-;TH&XC@fadf3iV}U)$GTIETsVl!eajd z@Tq#tQ4(oZty=E|0dBvv80DJBDd6j&9HRZfpT3M2!9v_G%x5SAy$GKs!2x`3Tu!EzijOW%vdO>t~T2S)K znu)a@%@=wajjyBjj?Zr_tmKKM1L|4gXpQI5;sn2zHyYHCxs*NB=b-|0#fFaf;%JQ^ z6CWSnDXI5WR*z{^zMGBQ+1+3%(#D9BoP7cy?o;QP9E)I&L975snpHDwZcFYBvgWu1 zFq?rpcit1=<&Cgn+^`raC!RP+2g|Omb3O)A1q}orPv216=kxi4;D-=Xbj_68Rp#A-en&6l&&M4PqF{!_F=Fkc}#&t*OhIx?~UPH=>k^968U2) z=X)+Mt_a9_>nXhvbz6xdQJ5+Zaf$814h@>O%m)1E@^0L&CnFydaqXb%>w*}P2za8m z1)ED(cZ}o-J7ML#qtx;q2O<`ok;kZ%*TpuDX(dNRS#OFVCmTz9*yPSKiRtkI!0WCD z;^C$nxROMRo*ah+$n=kd&Ed|OUQKzOK?5so+`l)?i?0o{k0r)}_VGKwcZ$v%`*K&Y z;Ooji5U?1ZYdpJ}O+%5+*2W_}1kK{Z57^i`OT5nl9bfAzkdYKG}IM%fTBdZ`#Z!4CQcsP>(q|c>Ga5(|gKY+mloeEpJn)VzxPZsynIW_Sy?fR8YZZ zE%L^Tk1idrxt@)=Z$yosParH^`dh#*>H0{oHh)vDvco6Uoq}()gWl-x+tT#qKFcaS zu{{1Q+C)o9NeLvHa>r>^aLB4PN%z$nzu9Hu(ldE%bgiPhF_kZSlIM%JI4s>)pLQ@{7Bf$jd0n+FUp6_Y6T#*r} zws+)TVCX8zV=$Sxn#bIoOtBlC>h{gi#^{i`I(ghCf) zUOTg=J7S~TE7*sMEK;#KTxJ&IZ=N}R{_4LrH_03ptm{&O{B+S)lj`S}l$)WB{Voqf z)avcCTgg;L&9nSMs;^zW8W!36g5OR~-(7sC#9BE7FXqo0m8hMd|Z#QC~9D_wx@@W?+ zs#@>XuoGO3j&F|Pdd0ITwMGIaD!b>uz7f1%L>}`lMr;cvMe?OykQBi>;b!YjORFAn zkG_2t@3fU}WCcjPwDVi2TB7uJ?h8P^Wg7K1Ud5DMIPB%x0*hai!ykXeC}ilwQsZ=& zmyL~#?1Z?v(?1$S3}dbWneQAdvFsTv`0JK<^=8-QH4^*5<@XtWc@rD6Sm8LGyE#?| zT6s<|VC}0*L7sxUczvcd#@2tcja!`ik%7%Cr@`cLNmstOZILnx8iyr!16gxHA)sLk z?jyxXVpbK>6}k+RgJ_2Ay~9IiVgCmhW-ruXyj^vctGS!8TPZb*z!+6WksZC{Vad6{ z=PgZ5oqdI6jrZ8-~ z&NZY1kw`Dp!3Ts{w=IZa+Xo0#Zk#q;33pH{c$jc#t5N!|iUVC!&H@5{Syt=fwQ&iFK4(5Egqz zfISM&%4SVf6HR|cfC%4P;I9`k&`bNq4WlqdJ6;J00^5&O=Fl=jy7=Yp=K1hi|BA! z_d9b*W4WCdKa%CVURC32{>qs>mR~m``b6U~LcYQApErCCDxG>f#hV|WCUy$y6n&!a zLU5FlHSctaxx_P6gc3kdXjGg2!pKyR(EeP7{`RXB$MWwU$w2_$ch0f7GmMQfQfd)g zk*CGx>urk*nA#ygK{y{+DK&Uy{=dsIdH&4) zOG5NZ+zp{601I%B;M!e@ysC5p-|IGIT_E&uWT2hv+z!ISR;iTCYP{irEqclMX z$`mVSNpCPf(;mDPR=!89s8UM2Tkc%m+YGb?9W-Zv-T}JSXY0;=cN%%tb*;#PNs~wa zL=iRL%vf}!A_GMGvTd@ZyI!?>SK~P*a@#=KY5pe6$5`0Z(e>>ZC^f&eaWkKo-J%4V zo_sf&V50|v9EtldxAHvtiAMjJx?y-s=ZNf*=E`ddzIYS@LM#Xx|CO&XwiQyLa(7gX zS#nK=PX7L)i?i$IrQl0G#v|rwn9X7k0OQ;pWVhy1AgDx>BrkSlFnhrSR{QX7y2|Zg zf7Py(jhux>GD7pdsOH32JBN5-1)h`-vn!_?JCXxvvlPQ7S8n4~rzw|YSye!W{rGWj zNICy2&TIFqb7rFTSDTU}OVZ1zT)mEs6?K>NHrgssfBIYWL2xWCM}qx^{4a1A0d`43 z-j)PU*?f#`JY-|S5)-S_k5m~dmeURj(pmfZQfei4EkZ0!69rW;k7|*`%%w%2&@xll zp@uj|Z;eUYWZYK*I13}5`*T2;=bG=Us6^HSIk$0!K#>i*IqHz)1`NF1aLmC99>@Rg zNTOt>`GoW}5x%6&BkVrGAGw&Xw?0e%3LO6mOot(Q2T<3WgrQGAjO+sEYY=Y!&lozv zs3uuLVM?#anr%ymNai)C!Tu`1lY4eQrzS$C1o+t;&Nor0p;qbZ1U-=m`Z#J9$!^=i zKxumlcl$=hbGUra^r;K9O<_TBrLhEcpBN*Vg%@V?O{%rWKZ8dU- z=^iM8pp$kL3->ug&-cUsKH&%-kw(+4(ClcAF4JH@Ff5+QBLwesR3PhgP0cuRa%0%&PC+?2l0R{d(Ljmqu4aiBCNyCGgsJ&aE}oj) zKnRVH6?yGC<6Peh8Nc!58S2QbrqG7<*!)>umv=O0$aNUyzEHW`?L3~v^;8{`KOxPwxFxN z(#-vi{K@IGt{@fm;&z}z zspqN|l*R&dWPxbBzWz>8=cJVL{JW)EjOy~Tj>DmB3p~;&RLiW*S!>Cb~YBU7%9Vf+NUz4n5nta z2(kSt?-6HrfWrMAeY)VE@&^D@fy)&WaSvnZO7j?<-W24ye7TVp(9n-vc|PBb1^n>f zmHuhTwc6VX3yE`(iIOLT1XOb3Tu1qCg%sQH$oq27NFhifay0Kd5Sw}@ZF-dX6Z-*3 zq#oW5zEXRhGpYYi&o<7e$1VM;~yyhaL&Z`RJJ-Tu`JH3$NlW8u%q4Y{@6I`OP zZ+=>C&JPIVe6~c6HDwMPnynUiENQN-!0Lmmw;rudbz41ZGf-?JRg%jY(3R2$hX3$f zpcE%g)@|j2#}kE(hqCg;_B}Z4D^PhnnC{eQgSnNXG%Skx(?9H42fjeM9lO_CF`L1= zOWm4?Kl^#!6*UT4c!OJzG=Qa^PH|wMQ;#{>NWVRV5Nfgjyn`YpXd|N^W|>K zrBHZfe!x)f^akU=c5CCIJ0qAPVLx>H)M&FVy1BV63eolBBs=-TQ612$vkT^Tl$M>> zJ=W(;1ohpOQ*Q@H1Xf;UI>!+kmus<3!6)^mb4;(`={-oMFz1tuG4cD2KYsMaY#bf} zOyEe+aC=|y8F<35_;%k&Y@=4}6KAf{HD!O(^P5C*yVBmCG&t9d3{v)SB zDogDc3oJz~2C$n&Nx!bN-2O{PJ&dZnSARA~EFv;;{dwRL&qFY}^DuUC!eFZNHzhX4 zbMyF^noa?8Bz)?3QR$~(daonblldV2icH4LHx*?S3$|7&_uEi721|XgI41bR@?<4e zR)(=k91gxFk4(OIfrH4)&;LM7z^A{A!>qbE2L?ntwcXn2CkVKQgS;~b7S(C4{;WsS z0ko^IpCR0v!`OD6-ty+(0H(>QPw#UV2&`o}E)2ub?6F(PRcFiMpsem3ikF^~s69X5 z%fq(f)VcpG7(nWa5`F$*3l#1HJSj}oq4=Q+d_g8 zGHZn06H?Wwzys*T-0~xN9DKQfK0kIodslo!_KxB1w!<5(b_0r=DaoK28YVsdq2VPl zLPo@X=y@`~7uCA+Lm-G6m;<^$Wc9z;!#nTgROm(`y6<=_)bukP2a^>dny}Utnq;h2(P4;rqP) z2STkf!mXz}$2-fVv!TawbtK?qDNYW3Q3q{$b|Dy{F#x8F3r{Gs1auDPVbf@Gjc{~$ z_?T3LgVuzbmu~Oy36J=I%KKg)E1#iuzQX$V+7(1+w15JccZ&{h`=fA`o~~2fM?nUq!&?>)rE;zIc!ybRiJK(Ehb&f zoKHY%YB$%sA3p{fPn8s()WgS*MeKhoqKohu1r$urp{`Br0J$B&_6KiuXK`Yk!-|^u z20Oo3vZ08g&;1J$36(EbCZ4ZQMZSNZ6(siSYTah2XGrDC;-{wzh9Cj*42$@*PAm11 zI`4d|c=p~mC6wkiF@*-G*4%$=`JI9_7=b)IcXDSbXN}k9dQ=1^*8}wgh@jN{9`sU$ z*`5B4wJeFAd{(?^Rk zGsS-Rz%0op&i>+nq}VaOZv?E4{!fCTha4tI2E!!0NU={ZRgioxCdPq4G;4C?2K+o8 z!bA$@hmjBgRWarMnPh4DTQ3NXJ+|$1$@k+D@B0i^SzXnhd&i+@1P z2iEXbFD>mU6n5@~P}19iC*xpn46pR1=H$%7(;awPCBVn$l>YACy?fy(9w$gF~Dx-MY zYq>}DKQxSb3S0N=jbW!si19PZG_ztxe}2^q-?7;j!#+*#znuJD7xFLmRR2Eu+#4wn zxPXkJp5A8?Q6+eH=9pAm^E(Xc7dOjA^!S_~#8~u{xpc+Y3_B!bY7h0Uj{H1#yoC>( z9P{o{`;JM4!G7zGte3hrBG&yGD3^Tu!i-$V)U31pXTsXwf^3MRgF`Qj>}6W0K4;<_ zkNqVBxJFuyuUrV?v^hl*}2&6GBT`Mk~cv9g^twFJczpcYq5bBzn%nH6iai0 z=k^LbUBu~?T|avyr!;K@Ok81N$F`fD?L?9QraAiNKmHUP8TL-7?5K~=8pvrL8&NyR z9H&o}1T z>g~Puh4m0!Q61Uz_EI5kWpZIa*y8ZuB|Nf9`YXA%y)!vYZ4y7{@A=PSo0aDHnsLal%Wun zxR4lw<)<6)FIsvRmDrx!>|04^+>4G8)36vRPqkW>Xw@lJ`Hqe%n`kTz7QZbZ8Fk(H zv-nBeaCw_WXHL5H9qW!{k1ub6C$7Eu!S{XGQ_8CT+Q6l(yG+Bn7>5DD4CVvDZK)(3 zrMLF}1LFL&Z}<|Tb&ClzE6ICZ>Bbwj^WrA*T}XZ>o6T^API^_fYm9k8h8D5iDuZeK z?|MJk8)MJBQ~yQK+!QEpQi*>u+{~sm_A|C`s;W$A-!BqL!z8|cTi2OMNDIN$%il|8 zRTs|Ed;k7SyQ=OHvYTFMwv<}&VmAAb`GKiZP|&aiw?WM&%b6!X(0jHhUY$u%#3Yqt08m-%R#$%7*aImL@^>hQ-0#~uTx9vE}3lD^i z0Ym>(&!fn>_1Y@)@qI6oH$R?p)9EwW!#R)C|G375CW2)s##p$h-0_@xM694cclu`E z3~j=$2|df6u$^%Jv%^r9oiq0Q(nYgzIaKacf-S>N&4XBq71Z7M>eL`FOp=0W)J(7C z&9;s&)790v;bDE3HdU=&wzM`AI`Q^yar7}c5t^Mhi;Z0l)AQb?hF<^j<9Uyddv)G> zwfL`Idt(dLnz9wa7jyW@$v(aKvHTH{M#5T{_T3l~Bhiw8=zctd|UkJaG&`y9V|mm`o7QFeJrMiNv; zYYuH4oO+WsPY1`>(6Iw9>hB6Unf|k3!nbYW@;fLGx-_j#^&H zKO7!CZu=FU%fFI>4>pPpWE_?^bJsJ;R9I@(7sD=b8}~lxRMPI*iiZq#ecn+W6^lq& zkLmvPKD}lIADSKFb9#fxCC_Y|E7ny!6;Us5Pxc4n3#O9f;-i?x0eFgYj>q!pm2KD_Jf3D zukL0pJPC@o>p`tyk845RxG$4Q!l9_-iT&xZ=MW-p8d$^~et;(_n-CaOv@?zSApL88 zz)^<*EPqSvIT~Urq@x!7LnZK>d#92qwQ!Q$O-56lspb8}9&*~uvUW*(2{pS)N<$8O zwM|-1jnRxE7sG1ggD6&-zTLa_UM0j_=$cgwZMs0%8c$sW-WSE6Wi@s?h_Am33r*t6L;cYO$}bLIS|2ZnfHGRH&wetWT=Sn zoAG)5Y$GzL)B5LUoNd|pcNC||*afm^$$RmJTuE|194rU;Lcty>D@1L%=XRj=1XQEG zi!wy9l-DOAbTV8LNQTIXrqsGP7s1^un!ci%Q|!Jj${%bEY25I(Z|7?OB_LLY zM;gbpjUf-5S1}bRI zAdSXI;B|{psVo(blD(6s@e|Jrz5r?`Fd1+&Ox~tF)>`Uvd+`2^0tE(-rx~HcB^DD6 z>E->&`fS5@VN4Nzzb1nuYRVY#I6Ty+0=F%9Z6jTuaW`k$vMupm=WK$Ag>sVYz9+VB zu*PSwJ4?7BIKIEaCD2Y&%a4i)9{c9Bw9Ml>G=O|=@FT2RV7|k>Gi|TK>!I6XE5ANd z=%b@p!dPO4H+o(^J3OG+ad>m)(wMHME_n=dB!tPDIY2u+ypY^v3&&OU(O~7{Ed@_( zH{($)hs%@J*Z4kY42ZRwI};knkQdC$bwROi`21u_aRVdQq!*VAm<9(&S~`hrZ~tun)`|x4tbUA z1?13WR#IE{X20YMRLIzU^lofb856zft?>CsPD}b7^fgX6OAK>6>dVIgHGvKOi@Ohk zj+Xp(Y?vQ@I5M@Ygl>^4yTjH~iDuGf7BMRj5VP%l%;d^ZdxXr_e5;8Z2Co-*wSwq< zpfejp)ag{-Q>QbfeGc@-DJJ0=i*8Ab>(Ch%NqN-5NY%GK(l{%StG;0{Ea`$6-CEuT zRN=9iyNA3p2}#ePlBG2*4Y@HcT|T)I+3mqeBtoeeNy8d%lfxn)<2I?Xjg69ukV>u2U@%+VG6A9)7sd=qe>; zq>8e0>FYMw-jT9m%9BSS)&2^QJR%~J!&(|bfk>+Lw~)62pYUg2jt+S*R0IT(vaO=Q z8}{4JuQPXE2X)SNc=`;Jm`3jv9_se`f`Ts_=R})gowrvswYis!N2@7pM-M(%2!qz3 zrq=d{khk(GD?U*YvoqIYm7c!qg#m<>lL^_H(s8r%26QZ2AA|0tnl-0zBLldu#0q)` zrXQuk7oZX`%}IBYs#NBTA~PmC)V`%Tq3^Q_>oZ*xYs5Y%X)}!|AXCY#$c`8Urcf7T z5_ddHm@ToHS3CWCRJh*EF-xzm>&dsiyb-fO9?otTh?Q8!@5$`{xMnl|@*gdMIIaZ* zK2nvi)GVyUz-*`BL?WhrvdHr+~(kppXl@MB#y_QuY8Zz}N zE2h4Fb%MfUs%4-nvu%Fh5tt2Xa>aj{{n(>8-qed5GN4lrNxq<>vgxr}0QIDC0n;75 zhYfNNYfAC#omgs)&1*DUt$Q6*t~`=4_Cj8EBkh>z0<-HUdtXOXKQ zLl6teuzi2(R_epZ5Kdv;VY9mF0>$Q|X!?rukgoa>uKg~h^tb4bSV`{CXX&T-YL#2w z{Z^*QS|`IArrzGqm~8ddV`Y8ssISjf?2u^H@$puW>H=W|;h{KPbg*(~d9`_E>Faof z$wG_Y^u*FU+KP}*eS{CP^KbGl834q+z0=uw7<)F`PLpbW$i??HO{bXvZ=9q_(;A$# zuKk~1hJ&3)_$J{|x=L(rW1HY$&Ed!3+!fWQw&XGFx>9Z{-7wS4TH_q&x-Cda&&1|I zKdOgKO=m5ZC!1pdk+I0h>Wd+KtkfkZdNra)D!M0Ui;M-~s^yvVD_t%6@!|LG?N7Jr zesc6Xd742WTx^Bc3CbpT=c@g};JVI*%8meLPX1gS0z7vkL&(S&&-b5%6jsmgmiP4q zSFc>T(yS6GH}QHVTfwioPqQcPL*tVU67O6Z;mZ76j$z`XSP9{Z6u%qfaC3sYu>%l( zZY2$}i0$@;)HC=uXITvGARh1}p%TZVT58i|G0UPuH<^3((slW>FI1mgX-TNKNgZ_M zh9O0cWtE8CG55{Is`{W<6H`+`?E*dLn?WPA*WzfeD8rONA)U3paOH{JwS?7G;5yl) z>EVCXitt{X3YLEey{Hv}H!dT{T?*&2=!A#3MLfb|Rw zJ*<RnsATc0NY7DJZ(F`_FocGOnFY32mFmRJAG zN&KmeYUk#pizUmqx1D7lw2qWoIBH+GBXIBp(J&Kj=A;Sy2|N+V1#2VfM)Obzb4Biq zA4zk{RE+nfi&c1EGc;!mOA7d0b}|=V-m=~1@~UUHnXe$Wf7&O*MxMs69lH&^OKmA! zt9<|dNVS)l_5g>z%;Q-*t7of}-c`1ZVPkaY-4%5)(qnx1RgzcL1|D9URk4CB3!C@W z=eYOoNyC0>tG5G^$phC)2-hKJY?U$hmx$rcnl^HNRPI5L-&rra`o6qoE`GO^#z!xS zBKPfNA6Ri$`{>L5m}v}8oz&$E#r}LUdjU0am#A_~Yol(GdNjMcJ9)(v+%X;M*x@6W zoWBN-+-KO{3es6Vro~7Dr`E!oaa%5iS*ZqVxdz6sKAb>uq0?-8HUz`8xtnOOFk&=7 zQdQMT2Tr}a$rd#{Qr!CbQJf@ByYLBv@bv-_>+@B4i+kIrHMDC+TBD~<;~#rTE?vDF zErCCmp9mS{-$2$$Q&h#e&+#J(ARY6oVZ1=M)8&Pc72{4 zTi@uC@qCd)t(A8E<2OUqXXDNRuNsGoNc$0=tz_R&C9E+kj!D^**<8nL_f5G_r}t9i zya{HSJ+@$Wj+~7B>?e3T0`n1SJwo<>wfB|*QLkOsI2=V$4;Todl!An$N=aLQfJhH8 zG=jts(j5Ydk|IM3NXIbr0MaUrbl0Frry!m09?x^1bDsDA_5Xgm&&MNEzw5g8wfEX< zt^I3p=$AXDGCeI#!gK#&ES;Du=ZEH0aNda#_voLfZzWtA$IRh~VNhJPW43;0*uU%SRLMS$kEQ5olxXvGhKH*WaaKaWhmX*+2wQs_L{q~vA+6^ZREy}FP5 zdwU>4c;t)?YsSFk*dJ-T4(=Fnn;aadAVl)1eBi@pM1V?R4}V_iESg!mYbE=Nhqu}o z93{kT2Wnoyr6ob@_Zsmll|TQUoR*m6xizM1#>8+^M;m93<%ABE0uyUhDW8ywH}~*e zF33>!g=S$%d;qd!@iGME5Fm?$Hka0uCy}^Zor7zyiBQUOG*u__Wr`vxO2!5Z2Z&Q} zF&`vM*(HxrcWSBR8Ah=e7mSpU_CD5yLJ`y@@Re+K|6|6V(mXn{xVN)6sPr zZ1G&54twl52YH56$t0cehg<!>6`i@V@)3<-%Zh1uuCpntsFaF|f6Fs|4^n2nT4C4qGO_;R zE(J*Kx&ufw419&+EXQ8W_?=*jXnVCRxv5PPxQX({6B~B#Y#rz({DjQ_LV;FxRAg*y zE@s_Iy2^L0IehKYL)Xc)BOb323r+mTZYYX`-Ade#z7!hPvs*G%To1(8rrkbEx2ww_ zVm113oW1L_ctr(oED@>&J%@Y~^q#%@&aRGH%Gvzvy>7nRLZdcJNae3(BQ)z{zFasY z;Yms4DqKNt;kTeHYC9RdpX78J{4L}TL68wpa{g5Qxz(8uaOs=@ zyQrE1TX4Ku81A!lHF?tGo^g9)y5h=74fF4Z3`^E4KRJ>NQdoAztMYO9NEZ?MR@Z@L ziaxUZ;Z16N8b1HWdBW?b^WZ<@u7kkK{pT-qEJr+A`=^U#?221gFIPuuRw@+(YKS9Sn8J{9eK<1us z65yQPUi zt1Z|X6&J8oa7nIIBC~0`;l_rtT3uJC9^f+FDp`3t^EP`c=XktaB9e6kXnNRvE@_#= z{&6q#lJm(=eF$%y!55aH=KNvwWKyXvB0WtMLeo#|1+FR0ivF=mDtT}IrwtZZQvBBa zhzURerp}V(Cy%S)PQbOwgGCZYQcscW1A2y=i99&&kc z>K$VDZNA-&DIUTti0o)pGcGCt77sRakQtHySD8EKw6w>m{C9=Vc0SW34q-aviU25r zO7}owK4mv3_C}yUgj$|KxX~@X+A9U$yycD4LXeKy8P;3fWimZbn^m>d1(BS*uXP$* zaox-}VNUH&#oGXxv{*Uw;$VTtUS(*K8n=6Rc&vx?5fIm4aV6(f{hi^cfh&CWw?;qSi4u`YA3yUK6SXWZY;*wifBwsPcI$ zgYb-g+3{+%PRpe+>3bJQ)bN%&R+puvbB3 zJX-ca@c4+iO!CSFXRoH`h$wl`)=b;lCo+?7~)GTx`FiC9Tu! zuX+f=hcGcefT6v}%Te5~o%pz}5HJ@AR;|lsA9YRyS#|T>8+etb6rN7!dRFFZba%D7 zc}jypGN$~C;Hfr|w2cK`1AArNCyg(fle#EDkJ{Pm>CHSnJuM@lx!Wxy^byfpUEXU+ zl{&1(ijQ2{TYg+@_6o$;`Qc>@+v}K@P=DeKi6eQIm4L}`9a9-|-_$$#L84y_Zy;9F zc$nP3eVaa8UWtciJV2oGkyrB*f9)*Tec`fZbDm_kq3v&ose^?ll*!oa?x|Mw`KJT9 z2aD=Vgp#<>A8y^=??__#iCoqoy!PdxStm6d5eMr`M&cv|tbDBe#4fUXqk4X|YD$synKm_k3awNN*-CN_a~up;9ET}E9j6HB zr`0Q7(Zuj{6L8O3RY)O`g1X1R)wQ9}cwF3VQ#u3V zb^uX8oCo5mX{gsVR^qIkfoUo|WR8*LiC4p9j!-RjDWk;)xZ3 z{s0wd#7Xmm^*LS;7rzY<4SRBz<-M@O@D=GAO!C3G)ZS8yAr|Z6_LG+c;8Fj6;LE2d z?hT>wyw0l=%r1?%JI}s4bM2Pc&2<~MMOSt`_w)>-s>f=L#eXyhrkIOw@#-gE{}W`{ zcv{`puk}EEOR@_6NjRAwj#KKt`QmRPds4T&CAJB`hfgEYScfX#j7kkO#TEUbpO+Z` zmMv@p6GoX(oui)x4yZS!9)m=L^i^X2x%5KP;5GuFLBHez`8WCz)xAadq zp*UG@;z-jTArORg#IYQogg9RHAQ$3x`|!i*{xKX8Y6b71lF{ybI2v50M7Xo%xB+!; zjVm_z^6ZSaAN-12_RqE+_>Yc`G&d*858*4ET4H!-+`Ae8r}_0OFekW;eM*j7)okue z5X1nl{q0k9-+u5jG0D+@6nn6=rGf0_VP>+t-wN0K3gu~h)@mETp?YwO=%THavFuB5 zi!Rmx_BIY)o^Q9B29!q&jYmM2sZ((pE_9sz+-bd{{6;;FBo+DQdq3lO*A83cHsg;O z;v5}dyW{UYheiClTIi2&Fhuh#nM=NA=~%!7#x}IHy9IV7-c)1HdnA5^ivA6plt*&E z5-$KCWN)d|#bc&bf9KEh z1>{hcz{3P10w1#cI*{*!QH=if&&PUVcK|S8J=i=&aoTn3$tqU4iZ~J!G*^^W`PAqq zXmV14%84~HGJ*pA>H2H|Kj|M}CB$(S?H_uXSKR*e4xEfRI~UgS%^M2rpJ!Xk^1IWBOyor4|_Pm)G`}zN4y>Ry%F@lbduQtHK)SL1> z$QQy`U3b>fem74yRR8f$n9`$}zw{e{-5}>*4hDOLAe#TY2N7|kmu03NG@ryhBE^+v zC#4CUR|VL9gokwQm_#EHMz5w9z_ZuDg@O>Chq*hF4 zAAy+O9voKWz)ul4W(}t&LxKLy%ED6q`_Et8``h3Gb6DiOYS@Oo-`v`27ySFZUi_=W zEqyEp=oSjmH?Q&Y^MkrfLP8JN+hG2bO9y{@m*^kHO!m>_^fZCX!sX7$&#!hY2Y{7| z3;)+21?bt!<^UI{+!+4Bo9G|g3(6W(f)VJI--rGj(LZF62{e>$h|zmxHb8>PJq|DX z-~S4VShD>48I1%VjZ7e9gX!IGpN)DZGc&VT-L`m<0dV?;C-kphHQEJW4FEY7qh)~b zZJauFDwkj|PN0kY=28%f_&|_V<^ib(bd&IhK>zT^5I*AgiGOhy7_VJ3*qHC5+#nmtj7y%ez0J!v#`iYE{=P7Q{Ivla=e5C9DWVZ$)eEcCadk?!1{W-VogN9={S2H zux*CFhI9u|j+--s{R025k6?)a+WY2@!==`R)@mQxV|cf~5*jELk)>)02kr3{5CcQ= z6Lqz4=3M@U8}t0qA+$hB+bT3}g)(oT(#0n)rUQtz3tgmvv>bYFN(qnf7sq72Ls%{h zBRvTM9&$({A_WMrMg#Cd!T5MERpw>&voOE{v&7@y*H)`tzRYC&qtMv$Y6oNEO)xGS z_-fIWJOwKUi0(CMjp5c~45H3g{aXh(uY!UGdV_w8i?rhp3C67xV!{S+9E&4s__XzGH>u(s?ew{8p;>o-i;z z8t59RHNhaTAZeaLdhLV#r`gIdbdbs^BLIovU3tI=<_KrEqGjK5TiLAAt~^-#b;ds8 zy*j?U1FkUBBDhUWr$#@n{Zf2;$+WFfRwsolskpeeRNxMQ;i)kH1Fj^3-3k9@xnce3 zz;Jgkvp59Ba73C=q2@sDh5Mmc(T8|M>98+t!RY8}b%PPIj%yT*09Ok* z(XA$2_Gmps|18*#H4np)*+m${ck9^od4U;1@$>KZ<@0Q9ZMC6*Ao><~*PD`+II=nt zGRxh0VohvH6uMV^FF-1SxE~A|a?MDpiJ-3b4dsw#Q1&HSfK^ryzcz-XL8Jf*TDO-8 zS)+_nduEFjt=uEiB(1kzmYmA)S|5@##V^2$7BxQXEowiTFP^eE59D!hzjgs=$>YUm zcq5OcKCnlHCXgA;cfk6={$#jnuL7K3B?)|VF1@*#`FK}*iLEofX;n)@c74=q0sQ%!G)cpJ=fem0N!7HEv zxCbsO$n)+gF_Uy#%S-T?f>xu~$K@PjAx#+=5hoqU8~@NTMQ%gt;<8iiU&l?1Smf5L zo=_x#?#p^VB&ApfgPHbhf82yR=zjXVo`ITst`FoAdoOE^G~jujV>_+^3X5C2DeBsy zjk`N=&vn&+KJxPA%fom>9zAc$PXtSn2PIZx(^_gVRQhxho};Dgyu48A#+4($hQ=5B zjy{D78Y0G$dEm0wa{`VZ4!m0X$0`!ZxG@{zUYX!Axi0Urw`mD`2FrbLt~LMu4D}kh zxUh3R=lawm$#$}l&+v90WQ!NqNE9Ms;zV>uKuA^%5ClTPZ8N9egQ*0^HXW^xZqUsoV-_YaQ+WYvtK~UF=Mhuz|-TPzhdbf@wW3mG%<7&(hB|9!15r{ zb!nL2@@j>VSs>ZfcewuU1;~VpKfS&7081@YTPPMbfVoBxpSxR{kByFMdvrrywvC8D zTMVc{=JB(iU_sufc^JXlU(sR$r4E?fq|vOV@e1^FwuHhFwGyd5K>MaQ%Kki|1tu71 z*}?p2xU7c7EgV^_+o0DzIaxZ$&BqoaHZm5->Xt^CM-V{c@HD3&IwsYxuiJBEzj^bf zJR4-?O#z34yBw@hr{cD z=hC;_gWAi2PcKvt-`iUZXTq6d?L{|H>((Dr9I6Yzz{d-F>JZjSy84BVvf8QRzxOrm zDwY1me1xfuuPr?EkLzG43EI3ikst5)M8Jdt7on#GS7n(F1~&*j-7Ogdjm;9aoUPi1)LK(rOmc28no>@``OMe zt@Fl5Q%2#N)#nw~=;x#=>q+MyYpq$EQfY&~0p_@MYzf3h-;=GMLqfqc5nZws-$yBS z^kui<2CODND?ygc!#8x_w3j;V z${*0G8Bq__U)Q7SVi4mO5or`miK+YueejJEB}~N>dyRnFnS5|#HqY>5Hp!jUd;uC6Z@X?(P34)IFrs5l*Rd=XIe?1u+jX%rt{G@O&lRC zx9cAYd){S)U|*7ynW}vi!yA8*>!HY^PkB@x*_G9m_$ZFOI3r4VgbtDyYf?kygCa@)PiizVCVz#ZQe{- zsnMqa$w_tbv&r6Dpo`bTz1|+st<`UGak7nzE&BS%C3}rFZ{lMPeZ5&dm1n~O-m9;b zF1~pm!29g$Y#+yd&oHB`4boOWh+aH;-Gpq`JBjKN-Qf{pAD;KR=LBN9> zkl+Unw^)u|jX?`KYgdg07$^FW>q3=)3t(&13-DQ)gW7;y(nV+uwwFh7u=_cqTY`e> zhxm$8Rq=3q(Bce>+1C3$t0 zp#ZcCE22H!1qBUMpV*))3l@+8>$6Z2=pQ7KoT1X#GhI)YC_Fzm)lxJ$bIDmmAAgVW zivEr6Hvsf-2TSU3jB)8WERXI$QUtV=%GA_4;bP#%MhbK%%H-V*gs<5rdFBr=Ue_Ae z*ktA5(Q}*w1;RjpeRt}Ml8csg!M$Jxa?4y5VPjJu{|ED4$`~s^(#WEQmvkM85}`lc z%wZ$MO(Au25caoXiCS4QBTMn6?1i9Z>^@dp^f@3>rO8T52{+f^QOX3R#3b_q`@!lx zvkx8A<*TN}nm>yQrQ8-g_E=D278fS_eCU%D5)+qoKsJ*oErS?xj{M?3M*H(sb*s-5 z$!@#r$rI+gAYbtX@J`e1UWq$sKgU;PEXFF-lDXYMlW#i)}9VGaV8%`N!Y-` zFZdV8B=ap1P((ZpNo_Qi#HwD_Z|>@8FR_r|qY1D8lVMZeJ&WftrqT^@L(S(qCkRdj znNppHE2^GATw4iQuU-*gD@;ye*m>yeHb$tPs_o})bGY^`jaDD{=5e=tWM>fm zG(l}f8#|y%^(P(JVl4QOFzZw}_OyV{y}LDd@SSo*kP1}Gv>RZ*zMreXbXo0OB-l+! zRxk_+HphA#Yf^CoOF8MR!lz(&W}@fYw>zKN-xY2rB`)t%DTTVxvXx(=U2GagiNQ^o zdsq&8U7Ea685Xn8`k+6_!diI5-bO7Y$0#-(0&-M6%#B%6 zN+4FLzye~akpHu)^li$+GVf|cE-#7PhunD$;vwpF;Y<>EJvr6H* ztb=xtb*Y00sN6&L-ad)X|i^i^>63?3Y@3 zd6BcW`*_P_9J$;09Z%t=rgRqxC31`$5YOi%^driC(ODDWhDJZ^(s z#v&_lyZw*6&U<%-4mn7`7Oh zrm6?^ePo6_<)FzD7-L4%!!sC?q6P&fOFHvk{(5&VWJa>9{+zqRxr~44Ew`TV<&F_n+gXj=UD>KEbJRVe(2hao}LA_4D@VyW2$ z{2Jr#pd&u+36r=i0v@s$fpnv}m7$dK?SML4;4=pk(*qjmUrX0#u;Q}x%W~D}3Qj9! z@n&$&-v$VT9L~nrQbX*y2^Tq3fR^}0LsJ?F%GOBC{%~>lwe_fz55**=#5VevGKnL< z?e#j-30l49%Xg^;$vi8;NdwOPTM5WbF&mH`G);g{hC>(;2RW!Wp^O6TbCp8h%=)1# zqPpC?X6_kfpnhc$OPr%h2bhu<8~V!LFDPK8(tjDB(7>{(TlPE&!C6}n6(v* zzyF4%wy+t?)B{x&AHFEVolV}z;&?Ef*aO#ZT|pt4ExEHJFLw9zU<<|+E(NrA zU;zx0c}iE&he@rYV;j#~af!ca;3F=3xG^TfK73OwZbVKc4yYa)G+mzL-F9aTc2wL} zvc5J^6N=alu|xrvO0wYQ_VzB>K~s$c$${Nv4A}ydK>Ts%!1xtcX05kVr|a`Rpuc+* znnbx9B+R}i(p-5tB|}CC5ZLJD-L4X$)JlTfU20^`!@W(+E?4qy^>h28E_adUMiufh zYJt44JaWstl;-S>J|*82RtDjn%`;-IK-=ISv|ZPW+fDp)M_a2N$We#m2btZyy{cOu zvDBha1agjd*arY_qvynp8wW-N;AU+Luz|FK{eoxmJE1p`aWJ;Q<03JF7N{+RRl9lu zi0Fu&Ix#%{5t_JvdCW@p9cZdX$r}O4v6u`aApnxa6Ap*&f~$6L|E(KXD89OCnL5BV zrb@$qPTqSeI0oiDO{st!e)8tg|1%d24^wVM8lo6wdQw5MdfVH z60fqKWv%&-anrSxsu(S$D;=aYnR_^>Zq1TizTG>afA5KqkoMZkbV1ECU_FvqqK(ay z=ju1~W)5MH`2OuvqSdL3lgwXZH->Ud21UY&(BA<#Px{fu{cwYbN7yjr#g!d<^75+rrk}C&OL&h!F%Y zJ1Z3{>CWldQ}O3nR7G67L*->;x)dM0^(@OvQ?Q(CRh%T9{ern}f3*QN!i34VYEKsp zVPynil)|S{+1~LxJtKMR?L0!`m1JM@;SAonF!^1)n7dJaH*NDR8&2zs6bx$HJLyqV zZPH?9w(`{2Y5vWXb6*en&frKG9E-5Q`xop_WY*Q;kp<)4;hx)oXw>JYyx8^J&3d@f zBr;YC&t0<~-Dd8#7e*}f3j_$f!=~?jk{wuci38bq7dX>8G%&29Z{o?0_Z~tm z-Tlnm1B*w$ed>V@vRuLUI+#3r$wtm}B=ST+a~>cvsY5mnJG*B~<6d{E_SR*P z)$SknlTr#)!NMO%E`Q%`#^GfhF}wq%Ef-E(s~VkuJjfkDLgt832j_(jA9RKGycpRVXU(-fZpL9WI7kFQeK#yv)Dq{2fr~Ko$48Q9_f47Oh1t7}3(JkUea2WbWiwP4BF1!-0RugS*Ymk#i4NXUuY$7^X}_J` zQ%G|Fo#~`f&Y?E#YGT=Lj%vU!i?^0T@dHeIKjQW?^=b~gXV49f$D-)O_L9WnLZt*Q zIG%fdMWFTyjNvhvIi*%gKuC4g9i|}-rIW(zDPVG;j1;--2i=LC{_IUHv)%dQG}1qK z`D))i#Zbmw9iM>%fqSu~zLUH)Sny*_!)0at@KZhws3tMwj1*vaFs-$qVs}nRhLg0Y zwE2$h%f5BJ+~qcQtF-CvK4{y`5)?}VwzLje>h2nw)Zy_wy-E(S_;=vE*uM(j~AJ8 z!t5Zhnm?*<-5)Q6VAM*({xG_gQO1l;eYPgEG`-V~oQM}*19&t~#09JR0e?Y)I5P9sA}L^4!(}#4!8a5d zlnbgX0roLD1z_~>1o9T^WdbGu3AN?jfZjD6ad@tFn_&Ocen%(Y6 z+<^0Tgeh@9JVOAeQXQg028tFv>DUAdffwjIMopanJuL%d4p*4QN81SdB*KIg zAld@gvq>P0t->H!Elx@I$*DOrr@3x5dPb9UGR!I&E1K!qOw#*iTeeBffWW||^-VI) z!sZR|wEFoF1HGho(#_oQ=XGD0T?WSrZi6XLcjv zDnmi%kx|nS&D5WU^Kd4na@aUHXv9b3m)6ozSEu&II-o%-t5o2vR$Vt)fE>jw6dh$K zV`1{9bH2Msp=?G#WBG^HCm+ba<$6H`|3H619SVt~oYoo1a`f)gqi&KyfT6Zu1yBQY zUecfh#-n2oCZ8@1C#LhC2Zm<1#8x_M1N0~z_I-G2!4WWEJ-{-8ERR&O{CPEfto-K1 zfc4ion!sEVNc&>$mmh8!I9!z%LDag8#q_hiQRJ!(@Ln%o8W{ZyXzA^N-d`inlb|NO za-x}Ll8ncFm@5FO}9=VP3= zcDd9SP%6hbv-~|6rbyKVLJDs~P&Pc(3q88DwB_l0p9C2>0a*j@W=|>!!YHdTLFepp z;{JZ@lu|5Xh3e4JlUkmv|NFT|M@O47aS~c^Y3b=^vdmR1D6=gw%1a$F0+z9k))&oK z1`d*R4%mUl$IEL6b-X3#tE*me8J`Dq{ZBY=wV)td%G0TsUYe6RndfyxJUq4*Tmx>Q zW1yAJsaOEcijR*Bo|xQcu>&m8zJ%})8eDlJoF4c0s(Aa{)+;vv6CN=bx3NuKa1UH<`dQ!UkjV>Y8$(ULq3Paq4d^0$VDiq?F`w2F)_V}^`k$i_v2#fKAM z+VsLL)hD8Q_phB4<#V|OTr7(RjhfA)$Xs)Qp=XgO^%skHh_V16>>;JHDmCHt8`VIa%bSi2~RLwH-?SO9dln^c0MjXo~c92 zcci~M+4gpT*6Q#p4$c8e31fMt3IW{|r5;b?*IrMxLjRgY&XTUKyQP3K^@3;G3u}ix_<8e)%QM&BJC)dn1fo5qpup$B3 z!t3dgtGjt2=5$rS;ApV|cGSaP5n5O-^(~YNddb8n2t6=+U{Du(qXS=R4L-|zcig$A zzM`YXbLqxy9qvcP-=(Y7IYNAsg?ms@;dKYm0_yS={qL6qK6AY_c$2;r5)l*5+aOro z+&EYuaq#X6OvXY0ugQTZN=NN~UUaoKTmDpjbvf`;`bw|L8Zua}@3!Ie?yl!)ag1 zeP6%62Y>dP|56GA47hq3v>nx6fQ9`Mg^Dzn$TI(}rvX~(iI>A;i*Gvl4d$x(Aa)&A zQX`1PL{O3iyR`{A#og(WcGw^}xqe{P+zq}4U$&^ou3cU6$BjtB7@c+i8#WSia&n*> z4g&zT!Rg$Z{jCIuAN4deW|6%v|MP)WyczOB`+Aij+WS>nTgEb`18HhAczLZ7ht>ic zgSMQ3wDEvB8L{F*MhO)T3~O+IK%rvBDt%zpe{xdnA(30 z4^ls1z4l4|#iTJ1Os?qbRJry=%-`g$$gYh5c9I;7+Jp@e_z$BhKo7W@htq8|I|Ez; z2JleswT4s?EH89j9QPwdz}Dc;MD<}V2kn#wdF`H#xj`rA`AG*L=!cFym#6Pb^NNJ2 zCS4>NWNzdf)WUWZ7Aht0k!86KQP)dZXf4Z`w-U=Z?V7_@wLGa0mdwn?D;=Z>nmt6k zTPu=aq%k@4%Sjv;FerYjjUUVM``bzXi?Nl#XWsh==0E~=&(Q~8uP?d2Gm9p}UHp5w zusdFSV4Wg3j;~GIwr=1t?Z@rs#%589#@>C&9$Rmi&sNc>sx)vv=Mv?!=rx-CdO=SP z2WAb!=_|8_*@D^2En7VSTKK0k?>Jgt#4M`ksKhjM-3uIw+(|74LNgJsv%vwuc?s=gNVb{VP5dTiv^hag9Lgm(eu(eSQ$OF^D`{Vuop( z=HG>N`U+N_!`Hm(^vjYS?eI*YD zniE;xEB|s7pOY}ivR2;obJVG{{LFsV9xDNEixGUTB~E7y|CjmEk3}4PYJ9a9hMnZUB5lm!Sn<&-2a>zbiaS@LhCke^NH~TQ zhYfpdt%eMh_x)w=#>_*~{1el8y=@`d_D!YyJ?RtX;CdiX@`&RKDM(zda$oy_0Ru2J@Bnbh93qSPhJ<*CqRU_2-AhSyjpuQ6c|4F#F67Yqas0 zr?ahvA@}0>s^D90Q<|l;B!t6#F6!T*2YgcbYuP#fl%UO8{(WQ2QBaiNd$gNH)LoV8 z<6nJ@v-&ud8B@HXvvW*v9Ol&2kv-4X6uC^8DK01<_qSoFnCOCpqM zqanAV`{Ov9d=$99_TIXoGxKFl@(K7Hb^go*Bb_nj#*gN{C$Pd>^a3WKF#RQ;`OkzB zO@=$q#wdrJ?~iaNi-zSciP^^H#+Mx=k!`=j!TB`G6V)iN33V4fwn}tV4eFYCp?`mMpgc7!4CIBs^DO_B+n!9^U$&vnH-4UV z$t@%NaTaVL2YHDuFjdjw;PP04Zb>X3D(Op3rQ6S#$gK`u&ZcYQaRw*#X z^{_Ntc6@g&KKU5Ku7buq!56QtcYln>ed)~BQFOt#T5xUBNjVo=x*T1!>m%4;4(?d} zYMml>NYf@}1vIj(9rv>{9ko`sbk-xd(XtY}qpSxe?2Hnn^F*IMD1AsU2*_Od*S5R_ z?x5i01yXF#y#+zF%zE7~#y1NdMPzrSL*tWXrVG63>(sZCDUdhhV{x<5XuR8G zG50|c(sA~C_N|^AHUHdWQmt0@iz3>Gj(xJG`|?HP9AC&$llsa~k-C}L z9I(NRBItL3{{ZbS>&?Z9={5@Y;05%?R1*`UVO5Wg-95TmV|B_h0^7QmV&WzNyK1$? zD2lsp--N-~E7u$vL7G!RhXq&0-EI1fDPS>T7n=d&sjR2uK+Mv=ngZ|zT47a7zu(o% zrNUtWa8p+oJD?=bVM{GXtS0K-DC?D4=>S&00!~!xz>)r6sU+~aC@(%PERa}h1b#Q< z`4w(kPCyVYDOc3iUUbu^>oP=x`G{DSA5eqgJG_*CyoeR~2&Tjw%fLzq{0#RY5Oj*5 z!3jAQ81D_Jam<6IYq5XtjfMKKBlf=ul*NWnEy4$+I2e5Ld07IkWFEjs$vjrJnEi)3 zK!)C~_q9m~V?o?OwO@aZK&{RN;zKLMdHW?e;_j%0*HkIJQ!c={(8(4N0@@Z~;5;dq zIjk2ttLE=4SkehkF#vAh>?YA@|aDJze|n85WF zi4QF?aYk_|(k3P*GvIIBR?40OMQeLA-0D>UA6hxDK1rcG9Lk~m zDA4xujxB*7j9+}24tbcsIdEB=)LMvO(mNU9+h4I|QmSADDF+N!1+SJ$$y*$#;uBgD z9bM+HUmG|Ko$4hX-QXc?mj@H&IgM=7;JSYCet{wW%j&TlNG zf#r1o)WW6jx^{MrAS@rmVZOnnrz8psm@JD#Ku;V5=+~+@fn#b3kXES;&JYbA8js|L zzJR0TI4tIJ82TU)_&|Ixw+aBa1S%3Ug3t5{6$|hvFwZ(R$5n*DlM9IM}i zGz)S`0gfJEjUzRIk%k};DZI7`=$e>zTT@g1;OD@L9u&xh=saL64S(a|A()8^*%IOg>O z|8zN-EadVAjV4!-BjUEKdyxK!r($m2d z_^*X*!Im%vMM6u*@ec}iseB7>=w_I>W87s|kXlwlg_0apDWrr_8mMS> zZ(LvwGZ<4i^o26Omp0LQTU{PZ`K|$eUiaZI8frJKr`E3Uhe~E3P?(3c=Xx0fcq@PI zy`W?ep@|C$3PKSMK@ChK00@5)t9r*`@Ofa&@eyY-Lp0DMQDfvy5Xp*_jghOc5|%Mg zesj?744=+NmRd3K$bVtt0f&;|VzWZe6{rMYuz{paUv?jI9IWdpxujfxt5x+Jjox4X z;zgCxbf}?JJTe8LX@O3Y$t}&HqQ3CNtroy!Qnx?Z9ZO$~C?SYC_|HHm#-!L7Vg%yO z8cYw7dD<2P@2^G$hphK{_;{d^SED1qTVKUFlpvS#z+dmDO}o_L2v| zr0k3F41ozvDU`of8XY|d;a6a-v2;AQw*i3KaLKr7hV!d4;Lh@QM`Qs+0K-cRB91vA zG6wCSX)D~(sCq**EC!NS#jD~c;6MnMowW$n&v;DcFK!nvl)}@C))OfuFnMDBGjP_i zrnh8`wSne-MJwpG`!*>@0MG-FTQ3QmlIc-4dKFtF;83W|j{l(&11 z;REh}X#$Wt9bBrASyn;a0Df^Tk8JgHbbzqqQ6M;T7aD4`wzL$d(XwHmPoe~C*}29B zk{(Epv)chBxceCh2FmZ)O+VJuu5t~o$nG=#NV*~X{VQR#UgWqK<|z~gYXYY6$hX#n93BmoQgkd~Gfn9j@A zND#4B3&e5{@qwh;I!f{e*y4B=eXn~%kroZOnis>J=ZYh*e}B#FsK00)XMpAbQsV~| z2c_0W-?XNBSVl^;Fq~31*rJWv9>?*@Jw=1dx4jY!%8XFB0ZlXA!`H3UQ_#*rt}iFZ zm(e?3j8KpBsxs-&{p%Ysb88l=HY#6+tGOgc5gnDjF*%8bD@pe0y~F6+#@QDgkOh!x zG>yZIK)!lv5K$Qh{mmnVUG@9ISLKij=^NORi@#V2XyEU=}IQ zZ1khtd2#TTbx}*srCR|`l6IL) zDTa5ElnfUHMI7KqVLYdTx@M5!P8UR`oR~q-JXN2&moQw>ve=oFLeG~}yq>XBbZ4!LcIOJ4 zwXD_hHqg9J5(pI|^F=0?MLskyF{(NIKfa#yP0l}gfc%xH4iYjX!vGsF8MQ`*P zw37g9R!s)T!E|?Z)tk`uCFE{Iq_2QfT(?qlq$_gt86---ew_h}<1QF<4f~OE?;JQ+ z|L{NyO6|bdNc$SdMp_?KYQ^3Bp0Sq?gWn>aAtnCR-QwV?Qc5Af z5z**gV1~Jr$ikq47h5lAU6NXu^wJ0-nuJe~P{X)imB7NYNbRC$!MKYAM{-F^i+UJ| zg;M%C)~5j`y@bYw26>8L))ce~T@|oh?aP{7Tx)hvu;S8rmpjI#CS){o1?M ztswcD%LZ-X+|t{#A$V)HKj~tv916fhq9q2yl>Rf<-J9{JbbpS4 z#rF0uP-@j*qF{Oa_GlifQIITJ%?R)=k@vSZ9pE2(=XocbQ2|u~FR!R#eWa@x)ZyN6_owzp-Lg5jEoIcU@xXiEo3_h=^(f?jpu0c5(;#pZNqc= z5pqEnh9KU1W=0Dh)V&F>R=d>_CjGFkY=Gb*0~O6MBsuUpIC9*;?toYQtOutuK@pJ| zcM?61=?~>*kkhYk!yJ?LQg$h!wb!qyw+Nz4eQ;@jC!r0T9qtSIfQZyy0^`TO0d*6Y zr+GykcCP$y`26>~g4X-tpNe2q-C;IdJO|K@07Msuc~$kl7L14V9|^DP69gjinHmV2 znZ%PQ%FlovHL4zhb$LI0Ln7S2jLKcxfnmgl38)2ES8WvhqxbNuf4+y93B(u70}VL) zlIn$~;S~U*5dGWJe&YP}Uyt@*`eA24BH_=fssDj^CO}vQ|BLWMuMxD|K&KCo27oG+ zxF5FH@2<^N>VMFgzo<+9{Ow=q;XfEXv@eK=Zr%M`>`nMMB17-Lzc+XY13E_Z_w)FF zE?fWa7x?cJ`0o?=?-Tg%6Zr2F`0o?=|K$mMXy7ybd34M)B(J-S`I Date: Fri, 5 May 2023 17:55:05 +0100 Subject: [PATCH 163/870] Swift: Add necessary .yml files. --- swift/ql/examples/qlpack.lock.yml | 4 ++++ swift/ql/examples/qlpack.yml | 6 ++++++ 2 files changed, 10 insertions(+) create mode 100644 swift/ql/examples/qlpack.lock.yml create mode 100644 swift/ql/examples/qlpack.yml diff --git a/swift/ql/examples/qlpack.lock.yml b/swift/ql/examples/qlpack.lock.yml new file mode 100644 index 00000000000..06dd07fc7dc --- /dev/null +++ b/swift/ql/examples/qlpack.lock.yml @@ -0,0 +1,4 @@ +--- +dependencies: {} +compiled: false +lockVersion: 1.0.0 diff --git a/swift/ql/examples/qlpack.yml b/swift/ql/examples/qlpack.yml new file mode 100644 index 00000000000..ed3c6f12bac --- /dev/null +++ b/swift/ql/examples/qlpack.yml @@ -0,0 +1,6 @@ +name: codeql/swift-examples +groups: + - swift + - examples +dependencies: + codeql/swift-all: ${workspace} From aa8aa0ba00e6244bc1081ec571f1e7a36c9fe51b Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 5 May 2023 17:58:17 +0100 Subject: [PATCH 164/870] Swift: Fix Sphinx / Docs error. --- .../codeql-language-guides/basic-query-for-swift-code.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/codeql-language-guides/basic-query-for-swift-code.rst b/docs/codeql/codeql-language-guides/basic-query-for-swift-code.rst index 41208d7e6a5..9e146513a20 100644 --- a/docs/codeql/codeql-language-guides/basic-query-for-swift-code.rst +++ b/docs/codeql/codeql-language-guides/basic-query-for-swift-code.rst @@ -1,7 +1,7 @@ .. _basic-query-for-swift-code: Basic query for Swift code -========================= +========================== Learn to write and run a simple CodeQL query using Visual Studio Code with the CodeQL extension. From 0ab894765ef599565c5b540df78ca9c48338cdab Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 5 May 2023 18:12:55 +0100 Subject: [PATCH 165/870] Swift: Fix more underline length issues. --- .../codeql-language-guides/analyzing-data-flow-in-swift.rst | 2 +- docs/codeql/codeql-language-guides/codeql-for-swift.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst index 31786637bde..feefa669732 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst @@ -212,7 +212,7 @@ The global taint tracking library uses the same configuration module as the glob select source, "Taint flow to $@.", sink, sink.toString() Predefined sources -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~ The data flow library module ``codeql.swift.dataflow.FlowSources`` contains a number of predefined sources, providing a good starting point for defining data flow and taint flow based security queries. diff --git a/docs/codeql/codeql-language-guides/codeql-for-swift.rst b/docs/codeql/codeql-language-guides/codeql-for-swift.rst index d43688921cf..5d05739829f 100644 --- a/docs/codeql/codeql-language-guides/codeql-for-swift.rst +++ b/docs/codeql/codeql-language-guides/codeql-for-swift.rst @@ -1,7 +1,7 @@ .. _codeql-for-swift: CodeQL for Swift -=============== +================ Experiment and learn how to write effective and efficient queries for CodeQL databases generated from Swift codebases. From 6a3d995b357ff0a39c65fd5c3b534dc0da268f89 Mon Sep 17 00:00:00 2001 From: Maiky <76447395+maikypedia@users.noreply.github.com> Date: Sat, 6 May 2023 12:25:25 +0200 Subject: [PATCH 166/870] Add Mysql2 as SQL Injection Sink --- ruby/ql/lib/change-notes/2023-05-06-mysql2.md | 4 ++ ruby/ql/lib/codeql/ruby/frameworks/Mysql2.qll | 49 +++++++++++++++++++ .../security/SqlInjectionCustomizations.qll | 22 ++++++++- .../frameworks/mysql2/Mysql2.expected | 5 ++ .../library-tests/frameworks/mysql2/Mysql2.ql | 5 ++ .../library-tests/frameworks/mysql2/Mysql2.rb | 30 ++++++++++++ 6 files changed, 113 insertions(+), 2 deletions(-) create mode 100644 ruby/ql/lib/change-notes/2023-05-06-mysql2.md create mode 100644 ruby/ql/lib/codeql/ruby/frameworks/Mysql2.qll create mode 100644 ruby/ql/test/library-tests/frameworks/mysql2/Mysql2.expected create mode 100644 ruby/ql/test/library-tests/frameworks/mysql2/Mysql2.ql create mode 100644 ruby/ql/test/library-tests/frameworks/mysql2/Mysql2.rb diff --git a/ruby/ql/lib/change-notes/2023-05-06-mysql2.md b/ruby/ql/lib/change-notes/2023-05-06-mysql2.md new file mode 100644 index 00000000000..d8fa92dd394 --- /dev/null +++ b/ruby/ql/lib/change-notes/2023-05-06-mysql2.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Support for the `mysql2` gem has been added. Method calls that execute queries against an MySQL database that may be vulnerable to injection attacks will now be recognized. \ No newline at end of file diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Mysql2.qll b/ruby/ql/lib/codeql/ruby/frameworks/Mysql2.qll new file mode 100644 index 00000000000..efea7383a4c --- /dev/null +++ b/ruby/ql/lib/codeql/ruby/frameworks/Mysql2.qll @@ -0,0 +1,49 @@ +/** + * Provides modeling for mysql2, a Ruby library (gem) for interacting with MySql databases. + */ + +private import codeql.ruby.ApiGraphs +private import codeql.ruby.dataflow.FlowSummary +private import codeql.ruby.Concepts + +/** + * Provides modeling for mysql2, a Ruby library (gem) for interacting with MySql databases. + */ +module Mysql2 { + /** + * Flow summary for `Mysql2::Client.new()`. + */ + private class SqlSummary extends SummarizedCallable { + SqlSummary() { this = "Mysql2::Client.new()" } + + override MethodCall getACall() { result = any(Mysql2Connection c).asExpr().getExpr() } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "Argument[0]" and output = "ReturnValue" and preservesValue = false + } + } + + /** A call to Mysql2::Client.new() is used to establish a connection to a MySql database. */ + private class Mysql2Connection extends DataFlow::CallNode { + Mysql2Connection() { + this = API::getTopLevelMember("Mysql2").getMember("Client").getAnInstantiation() + } + } + + /** A call that executes SQL statements against a MySQL database. */ + private class Mysql2Execution extends SqlExecution::Range, DataFlow::CallNode { + private DataFlow::Node query; + + Mysql2Execution() { + exists(Mysql2Connection mysql2Connection, DataFlow::CallNode prepareCall | + this = mysql2Connection.getAMethodCall("query") and query = this.getArgument(0) + or + prepareCall = mysql2Connection.getAMethodCall("prepare") and + query = prepareCall.getArgument(0) and + this = prepareCall.getAMethodCall("execute") + ) + } + + override DataFlow::Node getSql() { result = query } + } +} diff --git a/ruby/ql/lib/codeql/ruby/security/SqlInjectionCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/SqlInjectionCustomizations.qll index c82b44d4349..546e84e023b 100644 --- a/ruby/ql/lib/codeql/ruby/security/SqlInjectionCustomizations.qll +++ b/ruby/ql/lib/codeql/ruby/security/SqlInjectionCustomizations.qll @@ -7,6 +7,7 @@ private import codeql.ruby.Concepts private import codeql.ruby.DataFlow private import codeql.ruby.dataflow.BarrierGuards private import codeql.ruby.dataflow.RemoteFlowSources +private import codeql.ruby.ApiGraphs /** * Provides default sources, sinks and sanitizers for detecting SQL injection @@ -51,6 +52,23 @@ module SqlInjection { * sanitizer-guard. */ class StringConstArrayInclusionCallAsSanitizer extends Sanitizer, - StringConstArrayInclusionCallBarrier - { } + StringConstArrayInclusionCallBarrier { } + + /** + * A call to `Mysql2::Client.escape`, considered as a sanitizer. + */ + class Mysql2EscapeSanitization extends Sanitizer { + Mysql2EscapeSanitization() { + this = API::getTopLevelMember("Mysql2").getMember("Client").getAMethodCall("escape") + } + } + + /** + * A call to `SQLite3::Database.quote`, considered as a sanitizer. + */ + class SQLite3EscapeSanitization extends Sanitizer { + SQLite3EscapeSanitization() { + this = API::getTopLevelMember("SQLite3").getMember("Database").getAMethodCall("quote") + } + } } diff --git a/ruby/ql/test/library-tests/frameworks/mysql2/Mysql2.expected b/ruby/ql/test/library-tests/frameworks/mysql2/Mysql2.expected new file mode 100644 index 00000000000..cc87a7d3403 --- /dev/null +++ b/ruby/ql/test/library-tests/frameworks/mysql2/Mysql2.expected @@ -0,0 +1,5 @@ +| Mysql2.rb:10:16:10:48 | call to query | Mysql2.rb:10:27:10:47 | "SELECT * FROM users" | +| Mysql2.rb:13:16:13:73 | call to query | Mysql2.rb:13:27:13:72 | "SELECT * FROM users WHERE use..." | +| Mysql2.rb:17:16:17:76 | call to query | Mysql2.rb:17:27:17:75 | "SELECT * FROM users WHERE use..." | +| Mysql2.rb:21:16:21:57 | call to execute | Mysql2.rb:20:31:20:82 | "SELECT * FROM users WHERE id ..." | +| Mysql2.rb:25:16:25:60 | call to execute | Mysql2.rb:24:31:24:93 | "SELECT * FROM users WHERE use..." | diff --git a/ruby/ql/test/library-tests/frameworks/mysql2/Mysql2.ql b/ruby/ql/test/library-tests/frameworks/mysql2/Mysql2.ql new file mode 100644 index 00000000000..c019bf0751b --- /dev/null +++ b/ruby/ql/test/library-tests/frameworks/mysql2/Mysql2.ql @@ -0,0 +1,5 @@ +private import codeql.ruby.DataFlow +private import codeql.ruby.Concepts +private import codeql.ruby.frameworks.Mysql2 + +query predicate mysql2SqlExecution(SqlExecution e, DataFlow::Node sql) { sql = e.getSql() } diff --git a/ruby/ql/test/library-tests/frameworks/mysql2/Mysql2.rb b/ruby/ql/test/library-tests/frameworks/mysql2/Mysql2.rb new file mode 100644 index 00000000000..b9b3b5a7b57 --- /dev/null +++ b/ruby/ql/test/library-tests/frameworks/mysql2/Mysql2.rb @@ -0,0 +1,30 @@ +class UsersController < ActionController::Base + def mysql2_handler(event:, context:) + name = params[:user_name] + + conn = Mysql2::Client.new( + host: "127.0.0.1", + username: "root" + ) + # GOOD: SQL statement is not constructed from user input + results1 = conn.query("SELECT * FROM users") + + # BAD: SQL statement constructed from user input + results2 = conn.query("SELECT * FROM users WHERE username='#{name}'") + + # GOOD: user input is escaped + escaped = Mysql2::Client.escape(name) + results3 = conn.query("SELECT * FROM users WHERE username='#{escaped}'") + + # GOOD: user input is escaped + statement1 = conn.prepare("SELECT * FROM users WHERE id >= ? AND username = ?") + results4 = statement1.execute(1, name, :as => :array) + + # BAD: SQL statement constructed from user input + statement2 = conn.prepare("SELECT * FROM users WHERE username='#{name}' AND password = ?") + results4 = statement2.execute("password", :as => :array) + + # NOT EXECUTED + statement3 = conn.prepare("SELECT * FROM users WHERE username = ?") + end +end \ No newline at end of file From 3960853af0962bf8512d0465bcdae0bdfa3ee4f4 Mon Sep 17 00:00:00 2001 From: Maiky <76447395+maikypedia@users.noreply.github.com> Date: Sun, 7 May 2023 23:56:56 +0200 Subject: [PATCH 167/870] CWE-089 Add Sequel SQL Injection Sink --- ruby/ql/lib/change-notes/2023-05-07-sequel.md | 4 ++ ruby/ql/lib/codeql/ruby/Frameworks.qll | 1 + ruby/ql/lib/codeql/ruby/frameworks/Sequel.qll | 71 +++++++++++++++++++ .../frameworks/sequel/Sequel.expected | 23 ++++++ .../library-tests/frameworks/sequel/Sequel.ql | 7 ++ .../library-tests/frameworks/sequel/sequel.rb | 67 +++++++++++++++++ 6 files changed, 173 insertions(+) create mode 100644 ruby/ql/lib/change-notes/2023-05-07-sequel.md create mode 100644 ruby/ql/lib/codeql/ruby/frameworks/Sequel.qll create mode 100644 ruby/ql/test/library-tests/frameworks/sequel/Sequel.expected create mode 100644 ruby/ql/test/library-tests/frameworks/sequel/Sequel.ql create mode 100644 ruby/ql/test/library-tests/frameworks/sequel/sequel.rb diff --git a/ruby/ql/lib/change-notes/2023-05-07-sequel.md b/ruby/ql/lib/change-notes/2023-05-07-sequel.md new file mode 100644 index 00000000000..3688f28db56 --- /dev/null +++ b/ruby/ql/lib/change-notes/2023-05-07-sequel.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Support for the `sequel` gem has been added. Method calls that execute queries against a database that may be vulnerable to injection attacks will now be recognized. diff --git a/ruby/ql/lib/codeql/ruby/Frameworks.qll b/ruby/ql/lib/codeql/ruby/Frameworks.qll index e61ac723e7e..d7b76c090b2 100644 --- a/ruby/ql/lib/codeql/ruby/Frameworks.qll +++ b/ruby/ql/lib/codeql/ruby/Frameworks.qll @@ -32,3 +32,4 @@ private import codeql.ruby.frameworks.Slim private import codeql.ruby.frameworks.Sinatra private import codeql.ruby.frameworks.Twirp private import codeql.ruby.frameworks.Sqlite3 +private import codeql.ruby.frameworks.Sequel diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Sequel.qll b/ruby/ql/lib/codeql/ruby/frameworks/Sequel.qll new file mode 100644 index 00000000000..b9488a92016 --- /dev/null +++ b/ruby/ql/lib/codeql/ruby/frameworks/Sequel.qll @@ -0,0 +1,71 @@ +/** + * Provides modeling for `Sequel`, the database toolkit for Ruby. + * https://github.com/jeremyevans/sequel + */ + +private import ruby +private import codeql.ruby.ApiGraphs +private import codeql.ruby.dataflow.FlowSummary +private import codeql.ruby.Concepts + +/** + * Provides modeling for `Sequel`, the database toolkit for Ruby. + * https://github.com/jeremyevans/sequel + */ +module Sequel { + /** Flow Summary for `Sequel`. */ + private class SqlSummary extends SummarizedCallable { + SqlSummary() { this = "Sequel.connect" } + + override MethodCall getACall() { result = any(SequelConnection c).asExpr().getExpr() } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "Argument[0]" and output = "ReturnValue" and preservesValue = false + } + } + + /** A call to establish a connection to a database */ + private class SequelConnection extends DataFlow::CallNode { + SequelConnection() { + this = + API::getTopLevelMember("Sequel").getAMethodCall(["connect", "sqlite", "mysql2", "jdbc"]) + } + } + + /** A call that constructs SQL statements */ + private class SequelConstruction extends SqlConstruction::Range, DataFlow::CallNode { + DataFlow::Node query; + + SequelConstruction() { + this = API::getTopLevelMember("Sequel").getAMethodCall("cast") and query = this.getArgument(1) + or + this = API::getTopLevelMember("Sequel").getAMethodCall("function") and + query = this.getArgument(0) + } + + override DataFlow::Node getSql() { result = query } + } + + /** A call that executes SQL statements against a database */ + private class SequelExecution extends SqlExecution::Range, DataFlow::CallNode { + SequelExecution() { + exists(SequelConnection sequelConnection | + this = + sequelConnection + .getAMethodCall([ + "execute", "execute_ddl", "execute_dui", "execute_insert", "run", "<<", "fetch", + "fetch_rows", "[]", "log_connection_yield" + ]) or + this = + sequelConnection + .getAMethodCall("dataset") + .getAMethodCall([ + "with_sql", "with_sql_all", "with_sql_delete", "with_sql_each", "with_sql_first", + "with_sql_insert", "with_sql_single_value", "with_sql_update" + ]) + ) + } + + override DataFlow::Node getSql() { result = this.getArgument(0) } + } +} diff --git a/ruby/ql/test/library-tests/frameworks/sequel/Sequel.expected b/ruby/ql/test/library-tests/frameworks/sequel/Sequel.expected new file mode 100644 index 00000000000..b44d06e6c19 --- /dev/null +++ b/ruby/ql/test/library-tests/frameworks/sequel/Sequel.expected @@ -0,0 +1,23 @@ +sequelSqlConstruction +| sequel.rb:63:29:63:49 | call to cast | sequel.rb:63:45:63:48 | name | +| sequel.rb:66:29:66:49 | call to function | sequel.rb:66:45:66:48 | name | +sequelSqlExecution +| sequel.rb:10:9:10:60 | ...[...] | sequel.rb:10:14:10:59 | "SELECT * FROM users WHERE use..." | +| sequel.rb:13:9:13:64 | call to run | sequel.rb:13:18:13:63 | "SELECT * FROM users WHERE use..." | +| sequel.rb:16:9:18:11 | call to fetch | sequel.rb:16:20:16:65 | "SELECT * FROM users WHERE use..." | +| sequel.rb:21:9:21:65 | ...[...] | sequel.rb:21:14:21:64 | "SELECT * FROM users WHERE use..." | +| sequel.rb:24:9:24:65 | call to execute | sequel.rb:24:22:24:65 | "SELECT * FROM users WHERE use..." | +| sequel.rb:27:9:27:71 | call to execute_ddl | sequel.rb:27:26:27:71 | "SELECT * FROM users WHERE use..." | +| sequel.rb:30:9:30:71 | call to execute_dui | sequel.rb:30:26:30:71 | "SELECT * FROM users WHERE use..." | +| sequel.rb:33:9:33:74 | call to execute_insert | sequel.rb:33:29:33:74 | "SELECT * FROM users WHERE use..." | +| sequel.rb:36:9:36:62 | ... << ... | sequel.rb:36:17:36:62 | "SELECT * FROM users WHERE use..." | +| sequel.rb:39:9:39:79 | call to fetch_rows | sequel.rb:39:25:39:70 | "SELECT * FROM users WHERE use..." | +| sequel.rb:42:9:42:81 | call to with_sql_all | sequel.rb:42:35:42:80 | "SELECT * FROM users WHERE use..." | +| sequel.rb:45:9:45:84 | call to with_sql_delete | sequel.rb:45:38:45:83 | "SELECT * FROM users WHERE use..." | +| sequel.rb:48:9:48:90 | call to with_sql_each | sequel.rb:48:36:48:81 | "SELECT * FROM users WHERE use..." | +| sequel.rb:51:9:51:83 | call to with_sql_first | sequel.rb:51:37:51:82 | "SELECT * FROM users WHERE use..." | +| sequel.rb:54:9:54:84 | call to with_sql_insert | sequel.rb:54:38:54:83 | "SELECT * FROM users WHERE use..." | +| sequel.rb:57:9:57:90 | call to with_sql_single_value | sequel.rb:57:44:57:89 | "SELECT * FROM users WHERE use..." | +| sequel.rb:60:9:60:84 | call to with_sql_update | sequel.rb:60:38:60:83 | "SELECT * FROM users WHERE use..." | +| sequel.rb:63:9:63:20 | ...[...] | sequel.rb:63:14:63:19 | :table | +| sequel.rb:66:9:66:20 | ...[...] | sequel.rb:66:14:66:19 | :table | diff --git a/ruby/ql/test/library-tests/frameworks/sequel/Sequel.ql b/ruby/ql/test/library-tests/frameworks/sequel/Sequel.ql new file mode 100644 index 00000000000..9645c5d4f17 --- /dev/null +++ b/ruby/ql/test/library-tests/frameworks/sequel/Sequel.ql @@ -0,0 +1,7 @@ +private import codeql.ruby.DataFlow +private import codeql.ruby.Concepts +private import codeql.ruby.frameworks.Sequel + +query predicate sequelSqlConstruction(SqlConstruction c, DataFlow::Node sql) { sql = c.getSql() } + +query predicate sequelSqlExecution(SqlExecution e, DataFlow::Node sql) { sql = e.getSql() } diff --git a/ruby/ql/test/library-tests/frameworks/sequel/sequel.rb b/ruby/ql/test/library-tests/frameworks/sequel/sequel.rb new file mode 100644 index 00000000000..d760f6c3d07 --- /dev/null +++ b/ruby/ql/test/library-tests/frameworks/sequel/sequel.rb @@ -0,0 +1,67 @@ +require 'sequel' + +class UsersController < ActionController::Base + def sequel_handler(event:, context:) + name = params[:name] + conn = Sequel.sqlite("sqlite://example.db") + + # BAD: SQL statement constructed from user input + conn["SELECT * FROM users WHERE username='#{name}'"] + + # BAD: SQL statement constructed from user input + conn.run("SELECT * FROM users WHERE username='#{name}'") + + # BAD: SQL statement constructed from user input + conn.fetch("SELECT * FROM users WHERE username='#{name}'") do |row| + puts row[:name] + end + + # GOOD: SQL statement is not constructed from user input + conn["SELECT * FROM users WHERE username='im_not_input'"] + + # BAD: SQL statement constructed from user input + conn.execute "SELECT * FROM users WHERE username=#{name}" + + # BAD: SQL statement constructed from user input + conn.execute_ddl "SELECT * FROM users WHERE username='#{name}'" + + # BAD: SQL statement constructed from user input + conn.execute_dui "SELECT * FROM users WHERE username='#{name}'" + + # BAD: SQL statement constructed from user input + conn.execute_insert "SELECT * FROM users WHERE username='#{name}'" + + # BAD: SQL statement constructed from user input + conn << "SELECT * FROM users WHERE username='#{name}'" + + # BAD: SQL statement constructed from user input + conn.fetch_rows("SELECT * FROM users WHERE username='#{name}'"){|row| } + + # BAD: SQL statement constructed from user input + conn.dataset.with_sql_all("SELECT * FROM users WHERE username='#{name}'") + + # BAD: SQL statement constructed from user input + conn.dataset.with_sql_delete("SELECT * FROM users WHERE username='#{name}'") + + # BAD: SQL statement constructed from user input + conn.dataset.with_sql_each("SELECT * FROM users WHERE username='#{name}'"){|row| } + + # BAD: SQL statement constructed from user input + conn.dataset.with_sql_first("SELECT * FROM users WHERE username='#{name}'") + + # BAD: SQL statement constructed from user input + conn.dataset.with_sql_insert("SELECT * FROM users WHERE username='#{name}'") + + # BAD: SQL statement constructed from user input + conn.dataset.with_sql_single_value("SELECT * FROM users WHERE username='#{name}'") + + # BAD: SQL statement constructed from user input + conn.dataset.with_sql_update("SELECT * FROM users WHERE username='#{name}'") + + # BAD: SQL statement constructed from user input + conn[:table].select(Sequel.cast(:a, name)) + + # BAD: SQL statement constructed from user input + conn[:table].select(Sequel.function(name)) + end +end \ No newline at end of file From 8079af7ed688fcbddbce19aaaf443b14e0ba1167 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Mon, 8 May 2023 10:28:10 +0200 Subject: [PATCH 168/870] Swift: add autobuild failure diagnostics --- .../create_database_utils.py | 31 +- .../diagnostics_test_utils.py | 64 +++ .../osx-only/autobuilder/failure/.gitignore | 1 + .../autobuilder/failure/diagnostics.expected | 17 + .../hello-failure.xcodeproj/project.pbxproj | 364 ++++++++++++++++++ .../contents.xcworkspacedata | 7 + .../xcshareddata/IDEWorkspaceChecks.plist | 8 + .../osx-only/autobuilder/failure/test.py | 5 + swift/integration-tests/runner.py | 2 + swift/logging/SwiftLogging.h | 8 +- swift/xcode-autobuilder/BUILD.bazel | 4 + swift/xcode-autobuilder/XcodeBuildLogging.h | 17 + swift/xcode-autobuilder/XcodeBuildRunner.cpp | 17 +- 13 files changed, 528 insertions(+), 17 deletions(-) create mode 100644 swift/integration-tests/diagnostics_test_utils.py create mode 100644 swift/integration-tests/osx-only/autobuilder/failure/.gitignore create mode 100644 swift/integration-tests/osx-only/autobuilder/failure/diagnostics.expected create mode 100644 swift/integration-tests/osx-only/autobuilder/failure/hello-failure.xcodeproj/project.pbxproj create mode 100644 swift/integration-tests/osx-only/autobuilder/failure/hello-failure.xcodeproj/project.xcworkspace/contents.xcworkspacedata create mode 100644 swift/integration-tests/osx-only/autobuilder/failure/hello-failure.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist create mode 100644 swift/integration-tests/osx-only/autobuilder/failure/test.py create mode 100644 swift/xcode-autobuilder/XcodeBuildLogging.h diff --git a/swift/integration-tests/create_database_utils.py b/swift/integration-tests/create_database_utils.py index 38822fd70b4..8627f97a686 100644 --- a/swift/integration-tests/create_database_utils.py +++ b/swift/integration-tests/create_database_utils.py @@ -1,15 +1,34 @@ """ -recreation of internal `create_database_utils.py` to run the tests locally, with minimal -and swift-specialized functionality +Simplified version of internal `create_database_utils.py` used to run the tests locally, with +minimal and swift-specialized functionality +TODO unify integration testing code across the public and private repositories """ import subprocess import pathlib import sys +import shutil -def run_codeql_database_create(cmds, lang, keep_trap=True): +def runSuccessfully(cmd): + res = subprocess.run(cmd) + if res.returncode: + print("FAILED", file=sys.stderr) + print(" ", *cmd, f"(exit code {res.returncode})", file=sys.stderr) + sys.exit(res.returncode) + +def runUnsuccessfully(cmd): + res = subprocess.run(cmd) + if res.returncode == 0: + print("FAILED", file=sys.stderr) + print(" ", *cmd, f"(exit code 0, expected to fail)", file=sys.stderr) + sys.exit(1) + + +def run_codeql_database_create(cmds, lang, keep_trap=True, db=None, runFunction=runSuccessfully): + """ db parameter is here solely for compatibility with the internal test runner """ assert lang == 'swift' codeql_root = pathlib.Path(__file__).parents[2] + shutil.rmtree("db", ignore_errors=True) cmd = [ "codeql", "database", "create", "-s", ".", "-l", "swift", "--internal-use-lua-tracing", f"--search-path={codeql_root}", "--no-cleanup", @@ -19,8 +38,4 @@ def run_codeql_database_create(cmds, lang, keep_trap=True): for c in cmds: cmd += ["-c", c] cmd.append("db") - res = subprocess.run(cmd) - if res.returncode: - print("FAILED", file=sys.stderr) - print(" ", *cmd, file=sys.stderr) - sys.exit(res.returncode) + runFunction(cmd) diff --git a/swift/integration-tests/diagnostics_test_utils.py b/swift/integration-tests/diagnostics_test_utils.py new file mode 100644 index 00000000000..aa6f8df7488 --- /dev/null +++ b/swift/integration-tests/diagnostics_test_utils.py @@ -0,0 +1,64 @@ +""" +Simplified POSIX only version of internal `diagnostics_test_utils.py` used to run the tests locally +TODO unify integration testing code across the public and private repositories +""" + +import json +import pathlib +import subprocess +import os +import difflib +import sys + + +def _normalize_actual(test_dir, database_dir): + proc = subprocess.run(['codeql', 'database', 'export-diagnostics', '--format', 'raw', '--', database_dir], + stdout=subprocess.PIPE, universal_newlines=True, check=True, text=True) + data = proc.stdout.replace(str(test_dir.absolute()), "") + data = json.loads(data) + data[:] = [e for e in data if not e["source"]["id"].startswith("cli/")] + for e in data: + e.pop("timestamp") + return _normalize_json(data) + + +def _normalize_expected(test_dir): + with open(test_dir / "diagnostics.expected") as expected: + text = expected.read() + return _normalize_json(_load_concatenated_json(text)) + + +def _load_concatenated_json(text): + text = text.lstrip() + entries = [] + decoder = json.JSONDecoder() + while text: + obj, index = decoder.raw_decode(text) + entries.append(obj) + text = text[index:].lstrip() + return entries + + +def _normalize_json(data): + entries = [json.dumps(e, sort_keys=True, indent=2) for e in data] + entries.sort() + entries.append("") + return "\n".join(entries) + + +def check_diagnostics(test_dir=".", test_db="db"): + test_dir = pathlib.Path(test_dir) + test_db = pathlib.Path(test_db) + actual = _normalize_actual(test_dir, test_db) + if os.environ.get("CODEQL_INTEGRATION_TEST_LEARN") == "true": + with open(test_dir / "diagnostics.expected", "w") as expected: + expected.write(actual) + return + expected = _normalize_expected(test_dir) + if actual != expected: + with open(test_dir / "diagnostics.actual", "w") as actual_out: + actual_out.write(actual) + actual = actual.splitlines(keepends=True) + expected = expected.splitlines(keepends=True) + print("".join(difflib.unified_diff(actual, expected, fromfile="diagnostics.actual", tofile="diagnostics.expected")), file=sys.stderr) + sys.exit(1) diff --git a/swift/integration-tests/osx-only/autobuilder/failure/.gitignore b/swift/integration-tests/osx-only/autobuilder/failure/.gitignore new file mode 100644 index 00000000000..796b96d1c40 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/failure/.gitignore @@ -0,0 +1 @@ +/build diff --git a/swift/integration-tests/osx-only/autobuilder/failure/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/failure/diagnostics.expected new file mode 100644 index 00000000000..737e28baae1 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/failure/diagnostics.expected @@ -0,0 +1,17 @@ +{ + "helpLinks": [ + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning" + ], + "plaintextMessage": "The detected build command failed (tried /usr/bin/xcodebuild build -project /hello-failure.xcodeproj -target hello-failure CODE_SIGNING_REQUIRED=NO CODE_SIGNING_ALLOWED=NO).\n\nSet up a manual build command.", + "severity": "error", + "source": { + "extractorName": "swift", + "id": "swift/autobuilder/build-command-failed", + "name": "Detected build command failed" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": true, + "telemetry": true + } +} diff --git a/swift/integration-tests/osx-only/autobuilder/failure/hello-failure.xcodeproj/project.pbxproj b/swift/integration-tests/osx-only/autobuilder/failure/hello-failure.xcodeproj/project.pbxproj new file mode 100644 index 00000000000..a7b0ee2cf7c --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/failure/hello-failure.xcodeproj/project.pbxproj @@ -0,0 +1,364 @@ +// !$*UTF8*$! +{ + archiveVersion = 1; + classes = { + }; + objectVersion = 56; + objects = { + +/* Begin PBXBuildFile section */ + 5700ECA72A09043B006BF37C /* hello_failureApp.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5700ECA62A09043B006BF37C /* hello_failureApp.swift */; }; + 5700ECA92A09043B006BF37C /* ContentView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5700ECA82A09043B006BF37C /* ContentView.swift */; }; + 5700ECAB2A09043C006BF37C /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 5700ECAA2A09043C006BF37C /* Assets.xcassets */; }; + 5700ECAE2A09043C006BF37C /* Preview Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 5700ECAD2A09043C006BF37C /* Preview Assets.xcassets */; }; +/* End PBXBuildFile section */ + +/* Begin PBXFileReference section */ + 5700ECA32A09043B006BF37C /* hello-failure.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "hello-failure.app"; sourceTree = BUILT_PRODUCTS_DIR; }; + 5700ECA62A09043B006BF37C /* hello_failureApp.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = hello_failureApp.swift; sourceTree = ""; }; + 5700ECA82A09043B006BF37C /* ContentView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ContentView.swift; sourceTree = ""; }; + 5700ECAA2A09043C006BF37C /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; + 5700ECAD2A09043C006BF37C /* Preview Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = "Preview Assets.xcassets"; sourceTree = ""; }; +/* End PBXFileReference section */ + +/* Begin PBXFrameworksBuildPhase section */ + 5700ECA02A09043B006BF37C /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXFrameworksBuildPhase section */ + +/* Begin PBXGroup section */ + 5700EC9A2A09043B006BF37C = { + isa = PBXGroup; + children = ( + 5700ECA52A09043B006BF37C /* hello-failure */, + 5700ECA42A09043B006BF37C /* Products */, + ); + sourceTree = ""; + }; + 5700ECA42A09043B006BF37C /* Products */ = { + isa = PBXGroup; + children = ( + 5700ECA32A09043B006BF37C /* hello-failure.app */, + ); + name = Products; + sourceTree = ""; + }; + 5700ECA52A09043B006BF37C /* hello-failure */ = { + isa = PBXGroup; + children = ( + 5700ECA62A09043B006BF37C /* hello_failureApp.swift */, + 5700ECA82A09043B006BF37C /* ContentView.swift */, + 5700ECAA2A09043C006BF37C /* Assets.xcassets */, + 5700ECAC2A09043C006BF37C /* Preview Content */, + ); + path = "hello-failure"; + sourceTree = ""; + }; + 5700ECAC2A09043C006BF37C /* Preview Content */ = { + isa = PBXGroup; + children = ( + 5700ECAD2A09043C006BF37C /* Preview Assets.xcassets */, + ); + path = "Preview Content"; + sourceTree = ""; + }; +/* End PBXGroup section */ + +/* Begin PBXNativeTarget section */ + 5700ECA22A09043B006BF37C /* hello-failure */ = { + isa = PBXNativeTarget; + buildConfigurationList = 5700ECB12A09043C006BF37C /* Build configuration list for PBXNativeTarget "hello-failure" */; + buildPhases = ( + 5700ECB42A090460006BF37C /* ShellScript */, + 5700EC9F2A09043B006BF37C /* Sources */, + 5700ECA02A09043B006BF37C /* Frameworks */, + 5700ECA12A09043B006BF37C /* Resources */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = "hello-failure"; + productName = "hello-failure"; + productReference = 5700ECA32A09043B006BF37C /* hello-failure.app */; + productType = "com.apple.product-type.application"; + }; +/* End PBXNativeTarget section */ + +/* Begin PBXProject section */ + 5700EC9B2A09043B006BF37C /* Project object */ = { + isa = PBXProject; + attributes = { + BuildIndependentTargetsInParallel = 1; + LastSwiftUpdateCheck = 1430; + LastUpgradeCheck = 1430; + TargetAttributes = { + 5700ECA22A09043B006BF37C = { + CreatedOnToolsVersion = 14.3; + }; + }; + }; + buildConfigurationList = 5700EC9E2A09043B006BF37C /* Build configuration list for PBXProject "hello-failure" */; + compatibilityVersion = "Xcode 14.0"; + developmentRegion = en; + hasScannedForEncodings = 0; + knownRegions = ( + en, + Base, + ); + mainGroup = 5700EC9A2A09043B006BF37C; + productRefGroup = 5700ECA42A09043B006BF37C /* Products */; + projectDirPath = ""; + projectRoot = ""; + targets = ( + 5700ECA22A09043B006BF37C /* hello-failure */, + ); + }; +/* End PBXProject section */ + +/* Begin PBXResourcesBuildPhase section */ + 5700ECA12A09043B006BF37C /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 5700ECAE2A09043C006BF37C /* Preview Assets.xcassets in Resources */, + 5700ECAB2A09043C006BF37C /* Assets.xcassets in Resources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXResourcesBuildPhase section */ + +/* Begin PBXShellScriptBuildPhase section */ + 5700ECB42A090460006BF37C /* ShellScript */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputFileListPaths = ( + ); + inputPaths = ( + ); + outputFileListPaths = ( + ); + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "false\n"; + showEnvVarsInLog = 0; + }; +/* End PBXShellScriptBuildPhase section */ + +/* Begin PBXSourcesBuildPhase section */ + 5700EC9F2A09043B006BF37C /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 5700ECA92A09043B006BF37C /* ContentView.swift in Sources */, + 5700ECA72A09043B006BF37C /* hello_failureApp.swift in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXSourcesBuildPhase section */ + +/* Begin XCBuildConfiguration section */ + 5700ECAF2A09043C006BF37C /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_ENABLE_OBJC_WEAK = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + ENABLE_TESTABILITY = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + IPHONEOS_DEPLOYMENT_TARGET = 16.4; + MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; + MTL_FAST_MATH = YES; + ONLY_ACTIVE_ARCH = YES; + SDKROOT = iphoneos; + SWIFT_ACTIVE_COMPILATION_CONDITIONS = DEBUG; + SWIFT_OPTIMIZATION_LEVEL = "-Onone"; + }; + name = Debug; + }; + 5700ECB02A09043C006BF37C /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_ENABLE_OBJC_WEAK = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + IPHONEOS_DEPLOYMENT_TARGET = 16.4; + MTL_ENABLE_DEBUG_INFO = NO; + MTL_FAST_MATH = YES; + SDKROOT = iphoneos; + SWIFT_COMPILATION_MODE = wholemodule; + SWIFT_OPTIMIZATION_LEVEL = "-O"; + VALIDATE_PRODUCT = YES; + }; + name = Release; + }; + 5700ECB22A09043C006BF37C /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; + CODE_SIGN_STYLE = Automatic; + CURRENT_PROJECT_VERSION = 1; + DEVELOPMENT_ASSET_PATHS = "\"hello-failure/Preview Content\""; + ENABLE_PREVIEWS = YES; + GENERATE_INFOPLIST_FILE = YES; + INFOPLIST_KEY_UIApplicationSceneManifest_Generation = YES; + INFOPLIST_KEY_UIApplicationSupportsIndirectInputEvents = YES; + INFOPLIST_KEY_UILaunchScreen_Generation = YES; + INFOPLIST_KEY_UISupportedInterfaceOrientations_iPad = "UIInterfaceOrientationPortrait UIInterfaceOrientationPortraitUpsideDown UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; + INFOPLIST_KEY_UISupportedInterfaceOrientations_iPhone = "UIInterfaceOrientationPortrait UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; + LD_RUNPATH_SEARCH_PATHS = ( + "$(inherited)", + "@executable_path/Frameworks", + ); + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = "com.example.hello-failure"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_EMIT_LOC_STRINGS = YES; + SWIFT_VERSION = 5.0; + TARGETED_DEVICE_FAMILY = "1,2"; + }; + name = Debug; + }; + 5700ECB32A09043C006BF37C /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; + CODE_SIGN_STYLE = Automatic; + CURRENT_PROJECT_VERSION = 1; + DEVELOPMENT_ASSET_PATHS = "\"hello-failure/Preview Content\""; + ENABLE_PREVIEWS = YES; + GENERATE_INFOPLIST_FILE = YES; + INFOPLIST_KEY_UIApplicationSceneManifest_Generation = YES; + INFOPLIST_KEY_UIApplicationSupportsIndirectInputEvents = YES; + INFOPLIST_KEY_UILaunchScreen_Generation = YES; + INFOPLIST_KEY_UISupportedInterfaceOrientations_iPad = "UIInterfaceOrientationPortrait UIInterfaceOrientationPortraitUpsideDown UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; + INFOPLIST_KEY_UISupportedInterfaceOrientations_iPhone = "UIInterfaceOrientationPortrait UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; + LD_RUNPATH_SEARCH_PATHS = ( + "$(inherited)", + "@executable_path/Frameworks", + ); + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = "com.example.hello-failure"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_EMIT_LOC_STRINGS = YES; + SWIFT_VERSION = 5.0; + TARGETED_DEVICE_FAMILY = "1,2"; + }; + name = Release; + }; +/* End XCBuildConfiguration section */ + +/* Begin XCConfigurationList section */ + 5700EC9E2A09043B006BF37C /* Build configuration list for PBXProject "hello-failure" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 5700ECAF2A09043C006BF37C /* Debug */, + 5700ECB02A09043C006BF37C /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 5700ECB12A09043C006BF37C /* Build configuration list for PBXNativeTarget "hello-failure" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 5700ECB22A09043C006BF37C /* Debug */, + 5700ECB32A09043C006BF37C /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; +/* End XCConfigurationList section */ + }; + rootObject = 5700EC9B2A09043B006BF37C /* Project object */; +} diff --git a/swift/integration-tests/osx-only/autobuilder/failure/hello-failure.xcodeproj/project.xcworkspace/contents.xcworkspacedata b/swift/integration-tests/osx-only/autobuilder/failure/hello-failure.xcodeproj/project.xcworkspace/contents.xcworkspacedata new file mode 100644 index 00000000000..919434a6254 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/failure/hello-failure.xcodeproj/project.xcworkspace/contents.xcworkspacedata @@ -0,0 +1,7 @@ + + + + + diff --git a/swift/integration-tests/osx-only/autobuilder/failure/hello-failure.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist b/swift/integration-tests/osx-only/autobuilder/failure/hello-failure.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist new file mode 100644 index 00000000000..18d981003d6 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/failure/hello-failure.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist @@ -0,0 +1,8 @@ + + + + + IDEDidComputeMac32BitWarning + + + diff --git a/swift/integration-tests/osx-only/autobuilder/failure/test.py b/swift/integration-tests/osx-only/autobuilder/failure/test.py new file mode 100644 index 00000000000..37aaa3ce344 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/failure/test.py @@ -0,0 +1,5 @@ +from create_database_utils import * +from diagnostics_test_utils import * + +run_codeql_database_create([], lang='swift', keep_trap=True, db=None, runFunction=runUnsuccessfully) +check_diagnostics() diff --git a/swift/integration-tests/runner.py b/swift/integration-tests/runner.py index 6abeaa050a5..bf65781cdb2 100755 --- a/swift/integration-tests/runner.py +++ b/swift/integration-tests/runner.py @@ -43,6 +43,8 @@ def skipped(test): def main(opts): test_dirs = opts.test_dir or [this_dir] tests = [t for d in test_dirs for t in d.rglob("test.py") if not skipped(t)] + if opts.learn: + os.environ["CODEQL_INTEGRATION_TEST_LEARN"] = "true" if not tests: print("No tests found", file=sys.stderr) diff --git a/swift/logging/SwiftLogging.h b/swift/logging/SwiftLogging.h index cf756c9e5a0..4a24996ad6e 100644 --- a/swift/logging/SwiftLogging.h +++ b/swift/logging/SwiftLogging.h @@ -49,10 +49,10 @@ #define DIAGNOSE_CRITICAL(ID, ...) DIAGNOSE_WITH_LEVEL(critical, ID, __VA_ARGS__) #define DIAGNOSE_ERROR(ID, ...) DIAGNOSE_WITH_LEVEL(error, ID, __VA_ARGS__) -#define DIAGNOSE_WITH_LEVEL(LEVEL, ID, ...) \ - do { \ - codeql::SwiftDiagnosticsSource::inscribe<&codeql_diagnostics::ID>(); \ - LOG_WITH_LEVEL_AND_CATEGORY(LEVEL, ID, __VA_ARGS__); \ +#define DIAGNOSE_WITH_LEVEL(LEVEL, ID, ...) \ + do { \ + codeql::SwiftDiagnosticsSource::ensureRegistered<&codeql_diagnostics::ID>(); \ + LOG_WITH_LEVEL_AND_CATEGORY(LEVEL, ID, __VA_ARGS__); \ } while (false) // avoid calling into binlog's original macros diff --git a/swift/xcode-autobuilder/BUILD.bazel b/swift/xcode-autobuilder/BUILD.bazel index 116d11cbfab..d497666f3e2 100644 --- a/swift/xcode-autobuilder/BUILD.bazel +++ b/swift/xcode-autobuilder/BUILD.bazel @@ -13,6 +13,10 @@ swift_cc_binary( "-framework CoreFoundation", ], target_compatible_with = ["@platforms//os:macos"], + deps = [ + "@absl//absl/strings", + "//swift/logging", + ], ) generate_cmake( diff --git a/swift/xcode-autobuilder/XcodeBuildLogging.h b/swift/xcode-autobuilder/XcodeBuildLogging.h new file mode 100644 index 00000000000..8dfc3111c4d --- /dev/null +++ b/swift/xcode-autobuilder/XcodeBuildLogging.h @@ -0,0 +1,17 @@ +#pragma once + +#include "swift/logging/SwiftLogging.h" + +namespace codeql { +constexpr const std::string_view programName = "autobuilder"; +} + +namespace codeql_diagnostics { +constexpr codeql::SwiftDiagnosticsSource build_command_failed{ + "build_command_failed", + "Detected build command failed", + "Set up a manual build command", + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/" + "automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning", +}; +} // namespace codeql_diagnostics diff --git a/swift/xcode-autobuilder/XcodeBuildRunner.cpp b/swift/xcode-autobuilder/XcodeBuildRunner.cpp index cbc99592d24..4c20440c3b9 100644 --- a/swift/xcode-autobuilder/XcodeBuildRunner.cpp +++ b/swift/xcode-autobuilder/XcodeBuildRunner.cpp @@ -3,6 +3,14 @@ #include #include #include +#include "absl/strings/str_join.h" + +#include "swift/xcode-autobuilder/XcodeBuildLogging.h" + +static codeql::Logger& logger() { + static codeql::Logger ret{"build"}; + return ret; +} static int waitpid_status(pid_t child) { int status; @@ -52,13 +60,12 @@ void buildTarget(Target& target, bool dryRun) { argv.push_back("CODE_SIGNING_ALLOWED=NO"); if (dryRun) { - for (auto& arg : argv) { - std::cout << arg + " "; - } - std::cout << "\n"; + std::cout << absl::StrJoin(argv, " ") << "\n"; } else { if (!exec(argv)) { - std::cerr << "Build failed\n"; + DIAGNOSE_ERROR(build_command_failed, "The detected build command failed (tried {})", + absl::StrJoin(argv, " ")); + codeql::Log::flush(); exit(1); } } From 9618c616f42e5e84641e5d7d3322517b46da92be Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 8 May 2023 15:41:13 +0100 Subject: [PATCH 169/870] Swift: Optimize the graphics. --- .../basic-swift-query-results-1.png | Bin 124871 -> 107764 bytes .../basic-swift-query-results-2.png | Bin 158046 -> 135446 bytes .../quick-query-tab-swift.png | Bin 41277 -> 34071 bytes 3 files changed, 0 insertions(+), 0 deletions(-) diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-swift-query-results-1.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-swift-query-results-1.png index d8b55b0fc83e784d29faa849512858e960f1b9bd..3ab9607442d93d0171da2ce029dfa26f65ff64cb 100644 GIT binary patch literal 107764 zcmagGby!qw*Z(~<(nv{5Hz?Anba#Uw0@5(FfWWB0(CAP~N)O$gf`EW@_aI%;UGGM( z`?;?7dG6!-{o%pL?Af#TI@h`4yFQyx4K;aOED9_T2!yMsAfp8WVLt_dkXA8~f!{bk z_!I{GxCd4+bOV7%8SnlfC6ROz1HUA9mo;$Lc7EmVW$tPP0-M`9xpO;Nxj*FNe#FiD zc>keo90)1vt)k2`o!8UbDWMf4V|C2|0r%cReq{cDeuh9E#$dkV4S5*F%HIEl_1(Ld zsQg0@57)(z*h9kJeaTQ%QPJ)3EznY&W2@_K5_Dtl-aUSEP-imN;I+GJxG#PEM_ zC_vWv&E8iGdEVn^O=0oEz2ta*yF&uj-5P$(-2J~d_@;OgyJO%xw*^Rkt^YauEI!~U ze|cM3L-8*T$Wo*rB@c3!Rl@V?dd|KiLHz&i#-QI{^v98FKml=5R=w3Vcr9~6pf08a zlk$3Ge#Z7^#$WH;7X^jN@A8CNH>}=kcb>Qtf{IBi>3=m@W`Tl^!)kGO`K!Tsq1g{# z^6F8h?U?S9rqVZycN_ZdW>qV82b=vagS{V$ttGn^!zTvQr3-3jsvT$S1|pARXNsRU zj29V?DB98+mA-gOG5P7S#h;KdD+7w+GOnTZIV_R`3BCI9sjU7b|AY3SEGOe=8u81M zorIP*3Ea;y@Tf-X+}3h5yvG`|dhRx=HCOBYWKN{y`On;Qzw6-uPTZ+>+ zJx9F9mpJ&&Kq=rbsIJ*IVd}e6YTj<=W%skEtlDhbz0LQoV5hu*r2_gKE} zwX&wgV=C1}r$`EZpOG9@=f?d`<6{vpqII<|X{|5G?CckwX~W4g65p+eqsv5odo(vj zWr<724Ya=8H2;g6OZ{l_CjuU8#x+iU)ez6!`4rBU7hhL=Pk;Gw45o_vYH^hKhkLpL z4s~!21hzNvC{$atrnmbW>Iawkb`k7)#oD=QNZ`sBkR@Porw10>p~vGdJQdMqE=SUC zjuKj~WTl7y1hG4h=xf>qe?=n`^8OGjXOkqp1J8+(8V-NJkeFP~w>T>;Kgf^2?Hd-b9szQF6- z8j(fBz9Al%PumbH&THOVew_;>--{wdtRrm@?3tbWHR8(%nc16t+S@aEl95VPrp2oB zw!58#1mwfScR6Y)6yYE|}i z1@_i-MT~IR@CSZP4cvC#(O3QAH3-Cey*x-djc~ii;P0H2MAn-A0)sZ-%HxXgd%FMVXx>P@=Z=8ig{+i# z^5%obFD>sQ2E$?O%shs!W1W$dW`4)I#y1yRC8xjUSnh#m{Z6qsXnhWr*~}H`D5{BM zS8GqEx6pAOzzH5sJojp%2TvY!(FRccj!qy9WP}YjnO+G#MY78t;;T-u^!w_7vvyjY zr|PM)C?1b~CtwsH+Vi=v@l+PwooUp4UKI*Se|*aDFuLjhe0 zb;&`#vf33Q{ZW$2gn*tvT=H~lVxSxSEgsiBMD1Q1cBU>7i`r2PwV)FfNIrd#0^OSU zrBL$x;6TP(kv|1Z9~nX;=U^2Byq=9k-(4>fWgv8j*R2NARahx80pp&M+K@2|3lf&mn%+xq9 z7$py#?JphQB)?R$mdOeMVK%Ypb|k?uESlN{{Vv>fbIiX#K%0Cdvs5)<8jdI8IL${b zTM+BOw1#H>yC}L#(l$MQ&?Kk&?pL)FMaBstnPQ&X1{_~L&P%xs``qXkV=!T{QTU_- z0l(hn;xiFqupc^6pb`CQV>p{;B?AZ!dA@^rhM!k@6ZFXtdk>k~WV8mJ^Lw>PA4#u7 zKEpiz^6b4_G)>AAu5g-Z`6wzw_)#Vz*YYzVT4eVQJ!c|Scr6AY&+^&DZY zv;QHbS%y$+b&U-~xBVRypZ4Z*;r18wa%SNshd~Y{C@=Y~R0%oJ!;PZatF_4-RZ4OF zb(51P>SP< zswdX{S4Si2O^xV$0sG-*le>8vuiX7AH*artZ+X?gH&^E^H^(LISa2mDdyU*Y$$;Ym zv$3d%q3?xru?c4WQ{;HK->0R-Z*&fVbErYc7+iA1^G)-5@f1+ z3jcBPJZ_oS#*aO6-lY4mRzLduac|nbq)K;lH?Y_Dcr$zZ(a_lVnPX+$1;3|vgU8mY zmwbR--19&T+Bc8lC~9EHK0W9{?v9Q{PA261g72P%I=2OKUOd0&($|T-7+7XMpsP${U2&aZ*~< zAF_-p6xd|k8SlIMTo)cuuN%MFF@X0cFv+9fwAm48jCM#8-RIjoOuL=+A9!-=EP8JW zFA_Apilsytf7Pw-e=xwe5dxUsyR+=5aqTF0auB9=nBq0BC=O?)%uou8tzzkN=AUe5gFR**8dba=+U+h$*h&Z^r_<2VqR#&ghPTW% zn_gsx9ijhjernlJs4h=;o#WYbct_hnc-WA1^LSF2G@J+*6Y{da1MM%31$(W2rp5_s8~E@QpnU?13ND7eEx zqZOr$7z?tth`ZXKLMeyg{_a`y0()T=%{wtE83t4#;`sK{OdPh(sH_~NeFUlIyNIk& zhEfZ;G zc)5&E?iCVE)}xn>YKB<%*(mHupKH>!rdNPzI%3>r9#*{|HeMmGrAC|q?vtTRxO0^& zd2MS)N>b1`oJlMqD*jzKo3Qz{;Oo5?lKbc&Ax2z3kvjTBcC4izALxO2hSRD!SMNAg z-htQTwpP4sgj+XlbPXHdowTw)9vlXO-L&HOpgxs>&)Pptvu^v(rz1aAZSxusP%Ei#EMYsY2})rx0;7E63gNe zV=R4MpOZchDjD}XZCKz!<*-pH z+5{?NQAb7BS?wi=d^C-22GKy~cGvv}iv|$WZua9%TyoxT)nhSEu0`x7_gWX%KE1&m zQXe-nbb~Afk(nxt%dn*W$oP4#o$9lhC&hA>Nqhahhc)d*R!hd&%=ieZT+kv zczM94cuO9bPt289iSTsq7~?=efNvP?S+Z)#1oi?w&g%!{9~Ig-*;6HDsXGBPIDIX$ zW=v#JnaJq<8ON5l>M2^u_-#GL4g|@xq5jhVgQAo`c(Rvgd+qr4$Y2xCDJxm?a4n=L zsbL~dWi%nq3)#&;Jvr~Wi3r|A5O$_JF`7`u0Uj9h`G8Q*-XeoT&E{)j_DpdD@+#Ro zyGq!rV#VoLEtjbsA1jv()LDz$lO|p!h^@<3fuc_5eFx%M_Z)`mr^<*6+sLtTPh_q5 zoQ`+Vj($8DF!&6VE3X273He{WW&%OK5G|bdI4cwOI>ddN#zYME26QLdd_OJ;xVDd# zU0LpqG0NCx_xV^b7{vQZitZ__fS4zdnEg)7a>@f?u<20L?joL?cGvCUu$2TlR=qht zST-tqSgn`Y70*JisK)pfgdxN?;;hW)FCdoI9KY4{={O04wBa_d4Bl?t^WISe@D-AphqNs zl71d427)3(eqn7R^R zpCbUuGPJTDP*()`6TLMez{~^5!o37gon`svr6|$37gmdH99R4++qGnFYyB0-QjrHB zsxUqq`!1lNyx&TWmZ9d)(^VPA)BkX;+f2EPyRyc6g~D(S(j2{)CzvUnRIz+-?%jj z6^;4J$x`!kBs^S~&GZi8duUti8&th&=`hX`!A^R}642dLGY;&TXhNhfcANvY40VX9 z2KExSWf&uqq-4L8PQUkr%lE)j0S&7{&t-iuy@wpH8GJVdxKragolLiVQX#xk!q*L@A~!FmF&;0vXLmme1jR;3o&MNQg%q;Iy}R@jhLdhM0ByAEe9++7A+*3rzHIV4QDH zxz)RGn{Xbh~1<*2nhaoO2I%b`W3R z=e<9pVBv3+#*C8tLH>I#@>>I|I)a%#c*MXjkvxR&gV5*vK;VZN8faM#qmvFkL-9;+ z>w!N&qG~?0^vWTaNx`Ad@DVAa3u|k4mbok>Kn$X`w0^XFLpXq(DRQ(uH4^o+HBb?y zrCKB8X{E6)FS5`#+{xpCoK_%U!;0hP2+{Mju_9wZ z(G2cPuDpVR3MM;SO>-+`_IrrI9gY$_E9IkzA<7^E+%D0hC+aH1e`1+iM5|`Zo$jw& zLvxe-nm}xS)@{J>A#Ql~W6$k#&2vDL4gL_Q5VfZ+o&yb{MkvGuud=A8-rrdOMd{?d zH17sHC@;AA7SKBfIz zDt|TYg?X5+@X|Z8%7@gWlRg>Qi}7VQjLH1`*?aVJndY-#0fN5luMfUNqYAiJKo(S}k=rV` z9|f5&uV9+DzIRwuSdxGy-+d4KdXp+VIlcb8j~yR@`J@Go-25n@Z_JgmN@+BMG1F2k z0&4y0Ueeoi{QeQ3LQ011Z|P}K_ry>@=9f7sUbK_rk>JhX{8he!s3=}zAZ*Y<&^Kec z`Yjim1%&MT%Q5OF>qAef8h?UcA7Ll_s(E=N%OoH1;B$|oP2zG+lGCrT0x#D!qa-54 z2S66f^#4r6@{t&Wne$G+LAjf3q9Z=g%vA2Pm|gMBnER~4j;5^Byggw>#x?983L)>! zu6_dYQ>=mHaf6^z0tkszaFd^QU0 zUUC~5LS$cs^Q^33pwPQv@ z1~uB3u$)ZI!@%5yvK@*~_G1y7;Y7-u?oAwcXMd^7zB`spo0Aq=>Ao>sdUG*y>UKKk z6-_Ow7d@gB_w%c)R_-1(LL+63SVIP$i@x|8@fO43Hot;-ZfElzb_fVhd?1&(I2Mh$J1yo^Eam9h190cv3=GZltJ(w`j zJ?PA=PG8Mss%KWa4cr&_Hv3wQ=<%=mX*(LybtaZpml?;JDOdjc$2OeTHi{ms(mmXk z2697#6znhHP=WN{1K=7lh{Zsv_@*Ngm=6Uat(Q-Dd?EAdN0MN`*&dPIO(5RR4d zohWfZo_-&9``4VWO0tmc%@x`K8kxyp?tnK>%T@VfrWfSDhXY!fybSXh?9EAZGQA?;)qwRO7?x=y|+>+ zW1x7QYBZS%3j{hQr52!+2_XG|LEMcGUeB8pj2^Ca0NP6ZAe3+Q#PtumGq-XKCSgW^ z+sltDIQ4&_pctxdT>Vd335;rLc3-Hs2yB@tB#x1~epIo4FpQp_0lyDh{jRNSXC!_P zY(NT=64g&&3?s=k^mL)2P=E*5Y-N*)(Z@y0K=BE=Q!=Gkd=yY&8$`!eo`n z&Dr09f$$U=BX{XOcV^>27=BYspxuHSW+>yqtNBzs&3lx0l=vZ3Q7q{R+2}aOz z@~Grz{5pmAef}tZDyYElGI>69&I~A0xEJkyZ!((~Y~DRU5Ih9`ycKLYj||3CPZ1$O zq7qm=>mV}=tc7Srvi3p!H%}LCPHGeh=qO%{5#+ZC1o{r{wp^|7@b6KOK6xW!&Xq9@ z$Yy-xI}8I)D+G=}G{a`M7y8)QNlKsB9UC9L3lh+2CTVhf6|hNNh-o#LB^#*0`XKln zC>I@hXe*RlckFoo`36aujnF*u+jUY#sJq8R8x}l5Dr?d(5STGw&wT43!~5OkBef2> zGl~h`;|oC{_@=@70?+oOe}|X+NI;>8Dkx{Mkhr6@oPn?+=<`LepC2wQG7eN510|(mX)WJV1(a+ge$S z(ng8`6RVi}ic2cw4S&fB{=xT>awWcazf=c<$#Do$(oP=)!qc88eh&D*YZJ18&9a~f zL*(^F1RquM6K>gj_iJ3f^RW{DIHQLuO;n1l(BNvcs59d@V5;&t>^FE)t65lj_3p`h zUn~-pY%l8^(7R!8J;Owu7^zB?!mLoxBh@r1Ev+%7GQ;|q;^{{~nb z1;0eUAAvDlk-=lYqR>RSVoG@5d}J?i_cS)B>O;SR+pS1)y^fEM{(u7H-J>9>dnP7x z^&S-k2^E)_c<+kMhYC`-@Ska7*5=7}aas3OdA353>Nl_qp1Y?Z&+>Z_eC0l85>gcZ zW{KW?*kiJb^;~OBFC4NUEOnFhIg$R>c)cp$}nP@}KiEEMK z69Z)6zc?6>5QS0LVVTF)IAH5xq7fadnm^nEFrQ~_Ax=$KZlYjHe3v0QIdm8ZDy-sD z{o=rrYA^TsnGMaK1DzBA90nNThqV3=wE>Ef8w5u8H{Nmq!0;p1iX8I(56l8kDx(HQ zb*?MHPwsaWaP_-raTG4V=R~?IKVfTp;~7I4k7O z;H4211yExE4ASTVirVC*>P_IG6#^r?s|X#@?pTcfYBf@9@UrIZ&2`GKP{~J`--OA3 z$DBMtT>yTdmMruerU88Bzr$4kE+m8aH(cr?(w)Es05Jc}T7QvTawtLo`EdOegZAI) z9~%&q9-J)X^8et%P=$bA9{t~z9JuBGanb)EUI3}~7vg2jaTif_FoU}Cbqg-^ zrQf6D{zt3)|3P7YtsNQ)Raoo(&E+nj0elj4p5LUf8Oo6T--yz0*z7Op=h4I%t|n^K zX0Apa8Zcr#LjU`MFzEsbq?qpAT@Zm3CY=rp=q4NNCyId`tWS%8bGHxG{_EkW;O+UQ z2B7yfO8r!Lhrr#f@b8ndwtxV*@6Y)ae=o2d>>pd`_xGh&=mDPd=Ov60VzE2l^v@Ok z{SG`48Q|-F9}~xjL?!C=i}4?L*PkyKBmU2~!WjwQ{=NKv&b*2J_wD_@Udn%X$e%;( z0Kwz;E5HK4A=6b`00#s@{OxRiF2(L2m!h10Fz>tjPh2jrpR~$xCO#ZOAO#=)$B{@> zKn$V_!us3l@Rb5U-QJogk#t`l3?t#t!saw>JOdQ$*X!v}9awJ=a0V$PfCKz(KqVL` zDn-=mpAjR_s1_Zc<_Z8u0!&H(0#mf=2mgeL1)7f5N}UaGt?Y#V#UOp?2%%h4-C6Sz z(x|0=LI%;nQ75M;ZzuI|$ zn^#&A826=VmYcQsQwlm&!nl?$p}~;^Qjtt|1l-*UYAD`sEd#vHqU$&R$)}&@>(o_d zF|a$7X`7EQ8 zZ)-Ey(!p3?-+G1rfK|=<;wZeWDv{Wm1=@U=@_11%NkH65G}d!xI>pCC71^77AzF$+ z@^ZT(k(B~iEV-0B3}@ja)%O>hPN8x_vAX1SrIJ4|jnO*;25lvc2bV*&HL7{&E^2%8yU>^EY8KeV1D#iH?zw( zh`PtnR9H{P6!SUu*-g4RL!gGmKf;Vc`Y;YCsw12%AUUruDQ#o2Onb8$_(p7HrzA&!KnY?++olB%Y2@Sy zQql!Q89UW=49Mc=yi}@`Im}U)IM3oC>)-`+H@N_JJ*@Wt`ch)n(mdoAWb@LPP0HPh zI3$Q$RVy)Ld~F4$%*|$Dyjo|Ub-?Z5kyP)QfpK}&z+Ux6`{w`NG-pr`U}KEdp$H_r z4S+UOoD*mxlu=`Sq5vpX^OE7?#imUnl!&wSh>XN6J%dL|mACs#ER5mQ!mf<7w?KaX zLLF?3ODWI@jC-@@09Y6u0nZch++HseJZknpHDE1n)m9f@agg^ulU>ON5Q7lHT)sdj zRx_1aPk^%WCnTm1w?2jAhG-7P)tyY+*HP#aAI_@owCR=Q3ED&6-)+i1oxdZpC8!JN z-I0XYk%fGY*2%3{x|cpbvG({in+?S3zC?bJ!FOm09MOsjlnMYGXI;6tKD3~CfHggi z9YH0mXy8`;sll|23Jc6`Z*liQ|UKS}nH z8fQr}U*Ia|n=U60M1R$eB-notyayHo1{RCnpT#j$^BOvSk4&}MazioFG?F7MkyPzA zANTi&9SurX!QY#n{aR?b1-u@JX(>iu02s_6Z0DI+7+wPBBLI0~5nCNdGdow@sJBh? zIobhW)YJnk(3j8wBoy>zwnA(VfK^<-K64x38deL;hf{>zjMaN=DfL^m2jkZB>YMp_ za8W!3eCv`#V^^Z7;Pt~DjXo7g%GLJltsHOSuhN8%Ec1uNYFG;Zli|}!h*hNsuIQyy zT23000`O>Bc6?L0ke61(>g{ICi<`X z8{Be~>=uT%e%N|cv+G@+V0%H{V z``aGp8J3}|(M6vWi2GQ{*sE=Z=s9w-*qaBDKdcA1mp7(LS1Jv#54omf7P;m{yt>SI z31t0I_LOa4<_JJ>PE5xJ*}C;vC%N3Nm1Dp@+7OF$hKb|}yRE7$6e(6w2sjvc@5t!S zGgp_?Z|3IwS_4u9wJIeQx%o3-Mbg=PazzqXWa*a9T~44E%&?nC=0)KThwf5B$0a=vxg?7Gsk*C2JQUj$p=B0)ygwcWhv$!D1+Tjnf*v6mDni74IJ z(;t0}|B)&#I^8{*r|mcfOw1eq}>Nf?P8D zEvAhm0BwW0Of3|O>U@|)fsg?ZFqKMv(7Wc!q8K^s@xpd-0FiBFZ#IKp09!V5k$HX@q)sK5F^&U}O6=+0qYbyzT(Y5C1TYns`{8#EaD$meeCw|Y=KW6R z?h$db5*Jti!@)OWfOM`CvyJ_U2*K)6^II;nyMz5COSWMzDGIYhI;)p|HSAV1B`Snt z*-r~03-S3`DQA$IC9$e1`OOiqDk4)Q)*U$>D|_->#~VA9!4kKBNT{Y^-QnL{Ws3HF zLd@7(ip;{;#a&ro3I5~_Dtku6aJ14)?zn<}rD2 zzNKENBBhqHcsH#$2BovZ1)I2bGv(>Gw-2zkC6iS%`Q)hn>e8D7(3s|L5778wrIYJJ znc6duBcS#4F;-1kBlX=mt;~v$rFa7{VzsyhmY*o$nnqPc!}6lu8U@h;-5~*`c4PUY z%K3cZLte@&gb&#rHnD!}0f6n6rsVC@ETz|wwK|_wn_5f2J+}(t-y5Q@o zBG0zC!s6P}sd|9CDw+$6DF*BFG#$ZC4)5?MbGzn%TmOQ(`H_%dWC@_)7#L7^yqYw3 z?2Hwu_nuPk@tj5mjevIOHX%VM}t$!N?)E$^2?Eo=I8`Gv(1k zWch3mRLtdPR?ULHD1Li7Ql5{`(%|=xnFl}aTY;z!;<=2qm*hg&_E+3iO+*|f!MEB| znE+;e2ZM3!0mSsifOVQ*wZ>jFFj0^R%CY9-ya52jOQ~!~sDSY4Y?NBy`p#1>VV9qQ z@=GE2$7O8wh|Od~iQlHnaFMTN+xuHfiTj?gJO9UCBYV@?oQ)~YFi{NQejTN3j*7cBfRJ%2-Cl3V_iUb*P z04~j@@R{Iuly(~}lWu0>m`=)I33okS;ejFoY8rVu1|1cx`X!oQQf@!O48B+rT)>0r z3;^abe=J}8kvehdvypSPmn0(3Qa&;;TxhJrHYGNlf-5$3QH9uTH#bl1gi0hNmrf7X zxU>}GCiLq0?WDW~*ftV%@W3`jv}!f3ZGrbLoHPe|CFNzWjc{X_ zES`si5m2Tx(G)BJX6HmftdAAckPUwN5^sQK8v}D9Ll%M=0nbBh#_c0#s8?FfRPUVR z-gL+X@hha%TVLbPR9HL54zDb!L{bViH~v*~rHH9X$IjBR_30ZbYLZoF0eHo8-ZZfh z294S}^>o{JgYhyTsA?f;m{D46i$IYH`xKMkh1+zcZFN>w-Y?*>keSssgLYV=(&@Rg z*}C>z_j+s|5nRvoNkXCx4z}pQ&jkDVMsGrn7sD^UJ~<9+^N3|EL-tJ6q;2T#DNz?1 znqmLcT*TeFSotA9OXX(_J%l-N?PL$#YW87=jfWCLAiB@V_Qtj>P-0XWRk3D_Mi=FN z{%)h$|LqK8WH~fB9}gTmF?uX(r+ysPIs~+EFudFY(i#S9?l@SnBCvc5hPSDY+43Dn zaq=fi?JpMlZX+p>sfNaif5#G!Ke0sIxe=H;Y%(X*2>-Rz01tydso_bQ&Km`fs%~=* zQ1#$iq~3N^bw9|!iz?mslqMUQ3Mf(aV+*nYSbsW>%ll_2 z3jndAe+1?LI_k#Ri8CT`7`k6!(l6 z)#w{OrDzJ(jLRc)-tRK5$ht8NLFKLMk%2b!BeqF*-T0=XT*b5<%A&io?r62l%0k8S zwNX*{mbM3^-KjF3C6kBKp!8|vco%b~<2d6*<2Lg+x_#)xq^*FD#CA~Hf~+f=76SptYo)`+)X;%5 zw!56KB!tfo?xmG~j^$I1#RVH^EZFS)_+0TO{eHun8q=4|ZI#TxqV=%+L~HhyYnCC< zpo3%rU^nNg#n*Se;#*-^AWG9_pyTa-cXo4}Si++TiWm*gG@$Nrbw#v(1-mK6svI=B zn~gJ#Hh87|r}Oo6eIzAbvklw4XWR`u%`pSRLc+6_2b!CYEveBG7x3$h%r!~Xq~a40 z4f(-~GeFnCtLb|(R&>hcU`&#l@}Y^FR*F$T@O)HTo#`|=`DxR7M)(_K{yI0~r$OzVkye%uvt@PLgDcKEu&d2iAN=?iF|CuV;(Oum`SuOE0ugEAeR~m{}b+Z?L z6bbN^8A&>2cO}6Xu#Gj`KE5#NxENL@j#~@=!60s8E4O;r(Z)u6A=R$_X?2X5FWI--2)Whrudcl>LgoV^i7Ur^3%wzdTL8OEBGWbx!)WRis;rC)e{RJ zK4R9@*U#;XaYiQ2Pkpy&>&|NZ5_?BaR9}07OQDzx3%s6HS(jQ?A@6$BT%0|laMH5< zbDfG3@jhqVDc9|Cr-o%h4;!JuY3%1K^9&W6AE(Ou@>AA{N-s#rUD_jYQ{@=o+z#^N zalypmRimE8J;aVRxKl5Tve3<{ht6=aHH34ul^6)yAMbxPGx(eyUSqYb#3YKJ{MxBx zv1lea#!n+|dvy0o?YgsS=fjq7o<~x3%0=|d;|YT zYXLSYP?^Sw+&L?&eL~5Yi(|T+YelOp% zdT(xkpd9L9ND~&(;;)QJsLM4UKIRbi+@35=_0Fm153J;YzVRH-srUG{oEk#}r$A<{ zx84~%MUc&A8+xkhu5PT6!PIRzNR&x7BK4|Jh2C%*o=a$95a(lqEoqB2=1iv5U2!H@ zmSVKvaeBvYw@2b8Z+cCMzM00n7Ewe`#%o;6<1L3DFq6RaE+0m*!(QmrdlKT&Wd+c!ustC5=sFn zOx@=|Kg;iD`%_!`G%f98PBK?ta&XD<8lWvUEdwHE0aMRu%53P)Gv}U*`{Ff|^BFJ{ z47}06{k6AhX%bx9qVy1#>vF#lzhcv%w0PM z*%oBz5c|}IdEQ~-%pa!!5yG^?`oXW11jE&}z50cL`x zI{U@hB&){jBpsyVp=52%g{gS?=&jAHN!Oqe%miO=6sx03=K#C%g{WiiL;;7%M?iQQ z)debZt-J-A`Z`b1tB51r7bGE!mEWgLU%MR(=;#yz@&E=_OT#t?d@$*SY(YL*yB1Hl z*RO33O|$naDT&SH4n^yB+Z?i82`$&bk(fNZZr}@ z2vm2W968+CZ@F*c@W5Th=-m3?G8 z)Zc#1nlG;iWV64NAklN*u|-zt{L#Y*(=z}V9<(199!acJLJ?v-o^?&lk-uc6_&kzR z-(LIhJh#5xws+^AA*bK97ESA-eyb;Jw$5K}@!I3zvA?4uyr8%~AI9cLC^nWY$f)}3 zgjIH~ehs&BvK8o7FIB zrGN~qn^-SV>XWLD8~u?z?njJp_O`ti@W{Y-qH0Uv(W)`K$;}rz)pqpc;{-R;-Dsn5P@q8VNzcpwQ~gWfqTM ztf#MHGqT6=rbrsrqi#EYt$$4{mtZ+3!;0o~9yh2e@u_eq)-?*yE=i%uh zTGLcgJw_E0g8(X#%r{6k<)_`gtlpPbG1qxmP}P-CmQ)4tWY3K5!BO3zY*zNFy#Z`i zyQ{Eht@YL5Iy2)qWH6?+;#@ANPeMgjJ}`L}Xn@RN>gF_RA2M5-p(zH9^^d&Jpz+ui zU9}JU`763YIjZ@bi({(F>0;tmR3yz>IoPbKYcJ|ML-7W@A&IM3QD^11wEI^NWpu#k*SnI~r zczPh^Uet(ApdCso?wBUz(iTq(l&qteRR2-YcCrLJ_{S|q)Do+48m#TNtdI`*O5j7xK30de>Um}TW`D%jG=N#zqo1Zaxz-4keD;e`p z@~eDWu*=)##PP9aW#8tRvIbG5f@PAOZoHj3(udCSvKhKRXVYtW-;w;fNmLX>+dplY z%TeO_EV1J3_&v5v);kK5S9G;js&xAgta3FBOJ4wgs08R-0E4It(I>;dQh2ILHZu8T zt|AHb+)YDtJbDRQ*Kg3;=X#y*PpuqFw_va?j#DzH$x&SG;u#~7; zW8=Y_L-4p>ZsAL}tuglR(;v1gCJnI-S=~J;1ozG@#J6pEWiyFH!ogZ~I1uS}Uc5vb zdP98`VfjE&QLN0Tex{Rj_mU(gWK#`zJkb5j4}9bfIP#Vm63I0uWuMcxY|waAjgdpz zvy?WUQJZo?z!dqAppJ%lg}%|hDNgTL+zcCG&-WfxHLiB} zTy%ipdo0@6R?llEwb}nVrgY*#B~gR@BF0yS5Seudnch=k^JvT?EdbS>SBy26X)pC5KZLYfsUqclN#-;pK za5PKqcsyxA=~sll4Ln}`76rqq!!q2ixQmRVFqhU0{&>pfHa|D5R<`8Gvl0zu44w#!t2h1)De%XAZ(H8F1pb)Au>tX>jQ3e27|-C^()bek$)E>zz}1%sSS%9=Ruyds0tA z^3c0$r;TwNL1a?LVaPrQp_U3D$YC4_#8R(_PZ)h1!}IFZeK5oE)j2FH_Zj2zDQ z+v}Bxu!~G>V-s}_dBDTLJkDM>j)=<#2xW&&bnr3;uM(HpCjSsvmk#yodvBoTzL_<0-%*YUF6!JQufqJsbk<^GzQu|x=>cF5DYR! z)dIq(8n`Z;MD}TmnPL~Q5gJI|uk94C*`(%&g{zPV(YUIO!qL-T+GjKxj3f_Bf3UF^ zZk&Vh!>XNv_}yr^C!}lRPCbh+pc`seF3%_At#{IS9H2BhnY#1`&}e>Jk%f4nFSJNh z%s~P_6of4c_%L)jYoH53>$Bp7p)K#19iKjX)&`S$w|xO6V`pjIZ^P!vLSG^jBc^W3 z$`7Wcdi!jMjRh$Rrq<`2y-8Hg%Z@OEG(WO_|4eo)pp$)x?m~t0KCHTHy|-xji*k!v z01+}(d-2t{eoULKknK=?-^BYL?IqKW%Kb@4MQZgS1Q`6y=QqMA;G?9QqWE#&HZ5a` z7psXCSM%hp=}-btR3fmLE~sEeCS>=)FJJWx9zanre2|rYsoqAukzQb@{QtN*>!>Qb zuInGVyE~)>rCYj@?iNK-;DB^@D&5`PEqMeHK`H6<5YkFXNPe69dGGgq#^>LRGvu)M zb*(kmoWBL1sE+AX*$A4%4e$GF{Qf61LY(fdWaBn;l24zvGRAi_tF>33PrHpfMuJdz z*x~AIKOYmyR2rym-t_OZ@JzEF%^Dw`k#mem5<&3?aZ*(TQKH)q6}Co{K=~%dTtX93 z)ui-;&BJr3c26gv40VQ$$%U%Yrm)W4EpG2V*5Vj3V8`}SDk_=_ue`HoD+?C8H5l%? zhoE4|ee&F$l~vOuS2?WkYiVJr^I786#oU+J^Q{#-99;VmoyqHBtm@r0?E$aLlr~qk z>9|$RXOa@P%54|Vy860veRZNkihZ7k*rv*tPq@#PxEq>}JA)YTD6~AHMzbom;vYUye>={c_!@%J-Gh8w#OK1LR%EY(xgIjqV^G}pRgdC$5h6~j%C7lmY~75=PM z@h3#lJ=>=i0q7sm+Y1=ZX=aW;G{CRysUH&&dKROX!c_Xdnx;1-uIQl}qui>b1-FCc zagUeX+puBu6iU>3QP`SJ(lFUA3I9uz9&xceI@Nf4l?*4UJ%YOFx6`4Sj@j>I%PMF= z`yCL+pn#wEM%aHJ5?QvIeD)_d(n$BuCtIv=2{KXXS6JH4F|_nwQH9SBe>gAgamZH_ zzy74}9iKV)B&myNu#~^zNxei)|yF5Ozahu*eT@+Mrio(`qf(ZvLlp zaPSr+QugOK^PYB`tscnA#Tky+(Q}S>e!Ai|r3RW#T~9NjgmYXsV8PCj*Y7|)BL|+2 zGI|qASD} z-Ke1FmbF;Om}|K5XX;ROjNMVMxU5m=3Xl9K`DsAbuXJj4p=iUh))dI-Dhn55j)smmMgRxw*_ljI9Pi~>!&|x@0e2gCSWi(?6>jtL2S98Ac1f(cG=gjB0P>3py?WqLB7+ z6X?&XgxqoR_7)@pyQx!k|B7R%jC8TohBQ$7=%}U=l2O9kEE;{uAOT@F5 zx3}w#vRr+8|4t4>5aJFV%mz604?Ry4_PYsWZ`ahL@G2x~W0M`I@@ z@GX~A>|Q20%y_d?!5g{-_i#(%UXeeCyC_m8p+BO?AdZ3QvzI%LSy!qD)B2EbN>A#G zE6B{ZB&}hZ`c$=_fS8=IZaa5-*`yyB3$3W&8XeuD!^z#JsMznB(KMbBExlSW$e(Tdbuf-m9k}Yh`8tu+ z`SQKKTEHJq0+`F)NXj2WeJ{|dLxlOc8P&0ZigyvIg$FP<0AHyaB$>?Lj<&kH%Vu5v zN0droI@6sQUr1+vHq30Z!k?XLJZ~QQ1QXhVsV&KbSH9a0ocvh^vu>`FQ`14Q+aByp zKjF{gRJ_tMDstx#h|jr+qWsAV}DkB6!V6(3mV z)bxGeEeq0W*yW@RCA2e$!hY606KjkMjWW!qIidv#DYOAK@AjPk>S)KWQ{ek42LuhU z&Ncu1C`|)ra~tu%xjlI(fmrqOf6XF8U2F3;!8G$`8gqpc$s%XaMXCRlYuN1s7=#-~ zna>?lvn3`$6z%_@P)17>`^(X&YuwrgUE+=9vvTCzyMj;8dePH~$*$s>{Qq73SEBqea=akhN)p1~zJ} zzCL+#SCs`O9;JC%Ai$YCQ2NBODM^It`QE%)p@VkHvc0#qAkhW~>X>=HS<{a{sruSR z2EDXA!bni;tW%{XzoqkB$6phJ7C3tB{gK-y!wu(u&&cJU!FaB=+LL^HkJj#y;SJL9 zih|;u_Y2$qx~-R6Ah?GF-tS^c_?c1`-L>ZUbGVzyu4Y!=LvZuMuo~ah=k+hO=^1e4 zP|Y6hvHbnI%%Xuw&(C05H&)_YnqC{5SBzUu(J@USk-W8$Tqw~h$HOpfZT2M*3l}>qqQ|zW3T#DJ4kO$mT8?D1+x@=?EBl#o_AR{D z!m~a)QcNZIq_TEWX4M*mY)>QOV6ql7lpldM=lO=(a1fE81yvJ483qxH@aIiS>ms&K zSDYp5iauB)c)7Vf!b#k*6>F6%Re_c%%DTf5&NGGL2CA-aCL6f*IIrp^V3{vb!b$W| zh@~}U-3e+mclrgbbPOB^AKOZ44)_f>%uN0wJuFHh;7>kf6RD3@9%aWKDZ)9!Dej=r zfD`;Y(GzYmvj4C1DIXmJ<_8i#b12anDw$w~ zqa;{doW(6<&ZG&ih+4sELtGSywldJ@^V&-*0;+#kIH*9RoC2*kuN`|3#7Jj?cqyqR32POKg}vIEuHFlIBlZ@qb-*dO4ab9_ej zxSrg1??CR@%vcW({^hh$J4$6qaF4z`Zud2RkQI6+xLxVWw>y7xni?RZ}N3MBp4zpF+7=VpIbQh|;YSs@}Q|KSKuku`gA zS(^A~wb{C+d7GWD#9N2Pz+YTL!dS;HO0IZG^l8uU0>6Q*KHVzy_wW+y7>rW&O2o^@ zDmHa>s_jm%_EULKb=&?-R7BeMuo4q+DZBq#)MM5=orX8sq`ILHm&pLz&_Mr-iu`<0 zw1ZJ?*%#hVTt5%e>C{{0Z7nL(DXh4(LM3fEV3QrS#-}?TKlNrdjm?f^ECh_};G|b= zE}yIMYbJKSUlb}ha%#K;zn{vyC5mp-!QnWlPM_3&uHye>D%enzG2iJzIa*_9T^e!o z-~g&Ed6?PMKFn-%^noIyJ!L;XZS8?c5-QFaCZ+ZFTTckS?cNHjgTR!9cjX{WTj7qU`$o!uf9N2%tC>v#1&=Qp% z{p=JKk80z0{M?&|WfpFe@@_q2sISKn+R4HE7w2jGrvh8L)Wh0gM9{x%RPKrCgu2~b z=`yLR6eY-8x>lt5s~I0fws$_%_#^*3>5WwCwsi(4Ir3X@5pYL~OVo4r!=1Ay$5Dk- zs3y~P)S_+iVwNrpd#IZm*iAxJ<*?b%rTKaCb$qy0$I!C>jD+<~|Hg8(H`Q+GtLR2K zMMuC@TV6y_j`;SxiVenqG1m~i2L>EVjdFrkhqGI5I>Fd@C|V%k9Yx$$Tc_QkV!+Zb zz=0-w1J$xc$gk1>NoK=sTS-i~O*QcXPgOQFa??>8SI(qb6RnL21Ak}AQWg1PbC|D1Sl{NtR`k1<26HP&C!sy$Mxfip>N@ z-o567MjKA{cVqlU+UzQi${6rqYu9dRMaFuLBoJz!d=3t31n`P5W`-y#fMTEdX59g| zn455IP3ZHo%T0EmqYWfZdH=4~J^NBG8G)?6tu^;5u9cZg{HXMf+Sleu30_cf1t8dw z0Ymo|u8uua`CH@t+=~ z&K)>2)X4qSm#9r2@7+caCdMB3xCA1AVQ%q}YgRlN69FOjXFoZhVbHh9c|#&K1Rski z%?r9Uzo8UEMge~_>~Lj4E@#(DK)Y!k=t%ORY>!|v3;6p}Yo%YDo#iJTkFLzgahh%r zOahnVAScoekPfo?4gCL1JF3bJENx+y5Txl!;hMFB@vOWhjewBd&w-=l&Mk!;xkggr zjM*y78S`F0px^-8>`dP~XS{pys>z72xnjphqqi!7Xlw(gM6ew&2J0hj~h-qB%hO{Eh>7M8;^Ov3u=?s_^Z6l*Z?ww@*DO(9|8 zW!@>^w(OI%tf4LT_e^$JBP$z1uoS4P&l>Qa~cr)pWjCE=^!(UB0lW zc>AY66^U9k{mGec$t#Rjg5foSmzW@AnjHXemUfFK?x((m^itg{x*HH%*vevy2|<{$MCUOE zNOXQID5CURP*CJiSUIv!|EM!A(%z+AiarP3TYs$bYLahFp8>{z*XQGWL6Gioz}NZX zk1uiZ0O@((&Z={-U>9B%uwjWOs>~JgwUk^}cyIjvo5)2i?wL%63TNX$puWoauaHV1 z3&YvBR9YojK}vnwkLBJVX1z;2pjrB!xo5gmOYr>ymuW|X@%6OuSf>vt>VsJP&rOqA z&em$>AIcnFWbmpZngcP30d~vu)$8`*6?`~8|BDY)jCPn)+89_~0BX93n-v%~}XMJ&7M~L8tATSjt1D+_t z_*g`BzwL*gBO;WTgkAUlpzQzTq^f#>LC^l`ySOdCWhJ|#{9MDr2tM3ak1j*nVE{vQ zwD>VeIEpnoYbuRg6s{1k0c!-pPZL3SC!WO=r*@(wpye;H%_lQZ#HiRtmD3*aKM{2q zn&@IY(;uKK4(qD3%Bc+l2PbiiGW5kQrJpbdNb=qQ|67#bA-Q*vahhkB;YOj zO5U4XV7A~onEgDjz$wz6DzCtLr?o^QUt+l5gPtVLb=QZs2pu;;*V3d^M@g`p?MIBV zrOdS8O$lgRYu3CMDXSYKGBCFiIoWv!2HG!&RMwssy{w$;(=67@NZaXBy`Fv__uH;g zPp?>S;7E-5s6UPBRmn(-r+rmWZ4W#It4J^JoBVOWhyxg~5MyuLkmNH>#<*PEG;Din z7m13%CY={!#*kR6=G%kf2Tf$@2WCp0jNOP4C>CXPz1BnfE@QrT?7rWm8ntZ$+}_+D+FedJ&XwXQ0u106Y-esYY5mMr8pTdQBd4a0a4JV5 zZ=~+3@+Mh=y{hoHSBr{xFwH(-V~@>;R+V^=96x*icoc$(74@a$hA_3%q3HZD(;rj$ zLMdJSKsTH&S+lcnYCkpd4G>2P`4$W7o{!m2uTN*a3ALNG|Ka$eeXV&s+by;xg^i{Y z@5wwWV$eVu+rCQq-GO|l5fc2{F#KdEs-9UApDar)FT4Y!>9p-8mCg|hu`TbNLFj5;^RW7YbgN@?T%njZ88{yS4Z2? zWVoat)bAgw7Ro#T5*}jK4_gEN`Isv9hr+2I=yiVp4pS0jW4JD-oOFMRMWmgRv&x&2-8LbEknLKfSzxEp2;W0KgNoW>wgo z52OI8c5?}-khB04@Hkzr<;$;+bn6rb{u__~&u@XQXYs#ZbCMN-FfO$)1g0ei5b_UX zY@Rgl5V?PTuHvWNY>g3_uF3!XG_bK8r~Oy@{6D|Zm^px^I_kE9=I1|O6o+z&=KrOe z|M@VRE&wD=*gHbRV90Z^3PXluiQk;frdwm4FCV4oHmu<=M(ko&2PPXP;sfh z%={-}%B7qp^Ai?~^k4Y?e?ESPlLVspb`oR@FaA=rLV{lHO;-X&yw~Mgz^EhV zduovfiF#S99!%uzqMe3-b?Y3sFMwmRvD^QNN!#<&C-!x(-&_Oqd8MAI&u%G>H-Q_9 z+e8t`Lu~2yN|$>fATa7oUAgT|N2g^f{#t4`kYijC^Us`qc@Hk;>{vRdk#>dDP#lfP zJag?J+QhlY%TH0-LeqhfIKfVRx91~|o58SuL__ljM86bx)mY}*K(MbQ(7rTa)x^Bo zAx^Yhr=B5QQcvi9`0dy)^Uqt)6rSz~`M<6|O@}h;yk^&3^*dGjms{}ffpSa31cIR| zkxUHBt#<(_1lkSa0-}ikojl}?IiA7ufS&dR#JfS#3EHaC{rWzMH@YAmKG*;7Hog-F zC_##A;-4?F_s2XyzHfTeajD1mLU7al67Y81CV<>vO}5k**r(?VvQ@1WpJxm#Y8~qK ztql%Am?Br?ElVxGY*tT`SQGeKs}4=M7JkboQ5gb)7S_}5qvIjErCd?J%Ld`3G=!p= zb)?JBRL+}!{Ya|bsgjA`{PuaK1A?>azZ>f6#ynb`RzyvT(vlmKL5j6Z|M{2nU)v#A zPmaQiqC9>tSH?HA#yo%svH>}~equo_gIoG^O7dn6ul8m*nY9@sRoi4`ROm;|wXFp^ zt9p*t`GSq!LyGLQM~eiwOX|Xd99BvPqV6UWufn!$fzv}vx>*uexmq%-DOWMUJ^ZHDmcj-@WB%0)@Jx+B^OdgbXNa_1@roX6 z$Ft2dr#7-x&alfxTKDRF-KTQ`fcDG13R79KXQu)%7r?_i16iW!6L37UNMStSbOh^G z$L<0%@`IK34>zd#{*(V_Y85HJ?HIiHx^fl2Y0saw*ybQ)H`s(_z`4)U{Y2yMUGh-8 zMZoAEw8Ku@m6a0_8Zjsi0l4$iN8k}W(s{Wa>%S*ozb868xr~4tKULrv#TNrW3J>J% zwHp8?Y~>HU^Xn?{akw!t`+7yp;WH!V_o16<1%!F~r617yylsvnkVt^?xO~6b<7?24 zIKs0w{grQAyx7j#48i&ICv&j~m9AKj?4iL@o&XORN3S&g1kS<*U|Iq>xWe;-AC8t3 z(kxk7+LA$Sn&|QiT>|UU{Gm;&DL^QxP(@`kEQl@nWATVY$LsFz_M@Zz-?_H^)3+6i z6hFw-={P*%0*zaTfnV_&IEw?pgXS(?OlE<&NV=VX{Q_g*upYzJD}COWhH zbw9-&;cV*b{`%33)&~$Zg@4Fi%v-8`H;N$K#2oYr;GtqdrgR~=r71-HZJosIERiSQ z|7AWDi-Y94zBF$7+~d78Au;!zkg{XK5OCGjAFdx$N6@rNHD7Rm&b57NB;FYqC zHCJQw3QIs_B_Y+Q+pDopxO(m{NG^X!Lx9>^Evd^rYm#|Q%=BZsh5ym(J_B4R+mrSc z6)fO5zw>`>QuGBgt3*;&;u0j;8q7?jWz@>`)hOTw`*5Ni?yKohVvCn#oDzsvA)mUk zSN1$}{e>cW+|FO=#^-PJ6kd`|b0fmPqyeI9?&JkD86uoQ{u8hoJb7jNur&3c;#zgU zvqNkv{_+!gsoeMbLl9}N*v5ZJ4bnv@{{!q$R3<#D7vkt2;&@%-Fl#f-h!7VZpFd5Z z*5~ig`~m9&LL5fBxdU^0??wOXadBRUjXfi(L+82UCF-c4UBUd_8=wW}Ms1byT9@4lynMe=ouQ_$ z2flgM@D-JrLhzqzgMvt4o8~a$SkkboTI}Lau27@N<&woskZ=3ip`Udy@kZ(5_ijc2 ze_+i4WbeZTux0N!xsxu|Zt297HEP~q^E}23|NZt9gpK%LRoSPwDbx8KNsBpzb4Ba3 z2P)cAM**;6b#?W+{5}ZiZB6P5YZz1i(l;>tVdm|$JV&z$lz5FiQ-1MKmfG!anHy6} zK(nMQ->b2&I4Ko$&gL~(4uO79|AAYMk2T2>C(G`mqCC{p$e!!lVyc^27adnIt{R?S znWQTSOEg1U!9ppTP=9dZ+P?;*o>v4aD%P6|xgZ~|Wm2@bm;{2aKYzrVL$G!S-j0b3 z8LOV0R?BhGrVWtoWe+u1SCoeTeD+;|Jgj(He|z|~4Cbej#BtuB)U-lS6g@P|I(?@m z?T!iQ#m4P+KUxE~gURxy*q@n#2TmI@G^*9{hM1!&(g#uEZGpxZSQJqeum71P6b%pL z=g-0W?w84bFYpm5l@5!FazubAE_u+f{Pv z=kb!k7;I&Wf1cZb=njhb5ml$%6pM+l-zC(>O~psCTV&)1R=m||VuH2{<3ck-DDU%t~<%l)`^Kja==QXXFhnY$Cr?aCw6@GjMdWpaq?<*o!buUXjdOwqA zDP_7T2y6Gv7h4)yR?c^afryBV9fyn^kfIQD#273_C$<>27_28P@Q~}p-`8;-UH;3h zLS4U{d_6mT%ldeTene9ddA?+1`7QT+IlANR#_HkiZtu_Fp^f31nwp}560g1uWG#1q z1xRL1FWU3|dCe0UM&HQiMKPE40Y)i)LJ*{MgaM^bjjjn#sG8nszWfs0WIamh4>LPq zq2~+9A7HSfp+7zLNd&HZt$-?j0G)%rUwSKO;u zZBQ?`e>^ZrSKBW;H_MTgfZmdsKk)uIlog)};{$06!WXIn$QJd>q1=zY`E$f|#Zu8; zZr{qB!!V#PD9xOSS>oWQoe@^$oH|6n5<}f2Z|Zq>=&Ka;;_ot>DuVv!KuJ)i^X$r& z=qEJy5C1L*=5xRp+my0q>L43dc32gceYQXG3q13J!bKG0e0A}Vg$Z>~U)Ofx8Ox}8 ztW1>zJW7C|)W^o(x3@jd?lGYJqtcRC|K~)uiA_R6+8)(2V?g%j+Ey1 z>B@48>^)E6?@W2u4n*o`f7GqRD;pyRB`0@Nyfg^4mIoY$hW$I6QV_O{0LRYX53vo6 zHYMYxrZe8LUGBg*JIe-3Lx$KWvHtmo5O)-IU%V+<0hk`}q1S6KyTo7w$$K6ktW&QaXJkxzlH>_{<}uZ+yu?m32+J&l5hvhEQ-mN=E9Em)v+0Hzc74aI8-U^z z8xxixpKf&Oex~NvLk?M&qB9)|!WwejIFhvUa?oZkgYp_ilON@Lvp{Hhv%uT@6TlIf zk$;O?W0T(zS^LV{a4NH{bSA^S?dFhhK)L&Q9K{vXZ<@}{pd3!to2@h3U(vo;v5F>! zA7w!Ig&u>`adTZtDD=#MDTA%NFBTkZ*S*EQy!UtY`@#cHWSl=plc2*jxn-=WEcO3j zJR)-Dm&2`AP5^)z!>hz8S{NoFeUR2EZ7MarWW=+MZKZp#8mdx%T@tfW?m%E-l%jp% zOP>4Ihi&^Yg6f#V)P$wW&m}^{RbPy6mCPMBCg0+q}CQ41v9Vnq!QWyXkj% z{_6Upj@w&Sv6aPTwtTFx#0i_A?^FX=a~DTXSs=n=`I2<6gNloaWZsrR!Ur;B+z(;* zm|4E1$>ec(98Sni8~x#`kQP9Mob)fYNKMrniqDrD{_^GEg+aEUKtX<4*)KD`6ZzP* z^(XOMqGYLQV|Grf{u`gwQkt4#oP_Qb+hEd zDsH|f2-_}{Sosc2U7QxIoO5BDSp#B zTi`bFlBv>J<*qFCr_BY|2VdM9WY_fP6;(Sc^`qQ^wM>%E{_f{V-n7rKDf5E`z4y~D zRFo#Nq92oHmRc;Lr-!B{o_h?=A|B$rpqSC9x5H79Ic&4ZP#{rD%qpTe1O9eXajUlH z6ueP|EHMw4hmjc&7_8#vE_*2XYD_<9KbAfFe25J$Pq1zB0g8;%-CPVkEci0txRxz_ zsxL6meG8^-5E?v>uTFcU%&nDB9E9&|UTu~B41(LbETxN>{ugwv0@`sq5rQ5-yr+Z^ zc#3NVABnq?R(wPaDO>#h4q-#&4s<#6exYQ>cD&E7AfmKGk&3QNA@*=R6^U`sc{365M7-Torjc=Ru9uUICjxDO}4OPZRr zy@|0Qb~G>e3XYALP%&S9Pgp@h)7p1Ik{kabRf0C=_EPgRVi&eLV!EJUn2!8o7q-?$ zT6I`!XW9 zmAjEeC{&d&fI(d`r$b-y$$gpd#o-T6L{isU%i_A~3ObDmHyMUp_ai+SV^X_!d=1+- zfnos*IMR$Tg?DVL-)(FKbGTghEV66|yEH!IB2gc$CX7`2-o2JnmK~YEkaabH9m#TF zo!?fswLs#+HW9qIMkBW7PGX}W)Ibt_PYDb5i`iRwfA1`+9xMe^^*G0%S713@$Ky33 z;tr{c_W>Zcd)%(CmXWaZvF^wvDj-iXa8lq=;O$lGJHKCxIHZav*@b0gG%HSbrCZ4w zPKqusOxgv9xsRNYLqBnHav}?NYOhejGfY3wM1>mh+ALXo)q2$`jWBH4OOt0-^a~{$ z+^yB5slF`7BM;5aTh9I?jH&b-?^o{T-h1f`8>XCW!P!co@9a{4cF~zQsF_}#qaA|$tcUr-mQI&jB1VIbyXe|=)Vlw8KtGB36Wyn1BRAk`f*d{D0JoI-s z1^Y?hk9!rxPHTk`a54B9#qU?!oBy~`tKCckbgX6VG&x6H_yTz&b){mM;bZ32cp~Mb zzKWyyy4N>BhP{+X8N)OUhmS|IFukoxR=ZtEUIrmWE;Mf)a2FpuHSdO= zjcZyDA`3(JJ^GnlYK^oS$TBb`&+!mPFZ*WL%3Y7w2MgZ2|M)0tDD9(G7u-;4g!e)| zI9{{9G7dtm&&<1P`0TQ;?q`b@;>L$e2O64wNM4i8jp>>mWY|xnYggqoRIHa1R~5)*=(dK1LKMF)^{Kq}i4t zNMD()_|$$fXX^~k@c?_2%)2{ONY(Ns_P0h&*cyJ*!z}ZLdAVjWCMG77f(AIey-}dd z!ICkr4U#iO2v`~R8e5uNDOh8|!y$@jGvM`-n7p0h^dW|~Yj>&uf`*Pg@7#^VJJy}~ zcM``Nq=TiGuwV?YS9`Z1EL(5-9yvF%G3=W0DjB-jsL0nbb+1iu?_6z2qYl9L>JVPk6?my!IzKM_U{W?8<&mH94H~ zxtvzf17rUh#32qE9v7AVGFhl$wBvTu)-MQ1d)EC9RrRnhyYbKW{*&fwtqJgq<$2?J zeh}}eL=cA@t=odi%wDRo)ZR7XTB((Ul+9<-De9+5EU!f@AI^$Mjn65>?^)cw1akQSB4Z!Ho5Dx66rSCFgWE{1?x z`EjofuQfYqwI+c(tQ&PU^pM*Cow#qhd~@atf})N+eCUP1Y}6Y?2=2BW#x;Twa>&Qx z@uDKe?Kj!qz53dd(Z)>dP=&DKtr^s^WEk|Th|w23>e?_h*t7RR=xFML)^PGmUbar1 zvFoZ!p$vAWFyW8vn+Hak++e9)B80x-q~S6>>~t*!UVaRMQh!R$n&nqKw|}9`hjFT? ztGAI3H*!Cf%AeCMN2I>1cX<2qR!j;RQ8?v&5bOee?6v#}LR;yNB8dEDz!Zf+x7;8h zOIr#`^l>oiF=arHy*Sdh{?6af2-W*lDb}{SvZtgm3};)vCQ}eK#x_XyjLPRi?0AvK zlk!f-emKirHI?+Yxb9y;|&VT7~e{?+X?b;TWNuDV6zGEq|>zy=SgtBm za+*2@j_L;?mA<^U@ki~x{)J6SUxpP`ak4pXEAr|zHR^d{KgHBV@3#N@8}?UQEsm7v z;Vr`^UCXV>m*zcTJ#4E+hpxn^=U~6{^I9Kos?n`Hj3fdP_e=a;?yjm3i?xSmc+4IX z0US2fN!g6Xz@Q=TyxgJn_^CzjO)$0qDg^f@QqA^mD91VkjavT?{(wD-vzCa>81<H3y&@NW0ibuD?LIN3C@ME0r=8jtK2gj>zo`o|9%t_E#BbBlFC)9oDL*tBgK~ z^&%y^A|*VGSiyNdbO6magn(OK2?N-3tI1w}bBik|gKq&IzK1kr#%BiFS41XQa&PaWv!%FpwH_4v{ZI6FS!o*sTnV-hlXLj$KY^K~57M{g;CzpL|iD7IRzA zsEyS9Xk(=ykv;>${z=nSXm;)^?RzE+H~{^>CD#s3%7$@ti~M^ zF5S6v>n{kJ{->bO-?~-^aW%|8174taxD==j4$3-Otd)_awmE+p6it&=w<#@QcA?1McWVB*vd7 zv(zQ*mYSl7P{Rer)qu&dv2!Hor&h_t`uQ+s4DyZi%>uOP7NUvr(_m%GgvHPICG11^ zw%?z#7a_bE{6OsDk9DXS^>KlGLH2nNk`4`}P!? zrKD~~TI0u0i`jB0tct{p%!A^=P~uRfgMfQK*Q(??)#3W04igy)GeM+yZatp&>sT4# z=1UE6*w>SuFWzut8e35l>>outl__d*n4c z9F61l*>xe>QEl-gl!@QvJ{+gG5TIe)Z`|1yE&kn9L+J>>gl_zkY&Bx z9&m?{b4RS8prMx$G>QHFE1!!DeW4B$eW6mW&V{*1J^)b(Dd9?H-B!ee!=A6dsjR8N zoVHPt#i4?ucRGw|n@iB4a!HRb)rnimaCQ8SiLuTQuo=ri>N(ymKmTalR-*umQ%*ji zcx_|J0G22Epu-S2i+@Fy=)Xil5AP25j`+Y|M*|O%jhNA}8*qO+xEUa875jJQ98Y^{ zPyGuc-w%}>1SkyU)3~}kDV$uCN9P4Pj3_g9BuRV4pJkicIbdn4dg;XDW9zFX{d{Sp z)qt)Kok=mtJ3X=C)k?*kzjuZkd`QkT8SnyiqWPd%b z@^>6d-jF8rNfcq^NvWU(_e!BvOAG`vLkGi4M4uo!zl!8C@!)*5$FRio^lj5B0B_Q? zgizN_RYbdklNsWIE90!*1|e&0Ps9kj?&DX`r;N7_4-fZY8JPQY?@ng>0R{T|hbEEQsioyY&1<;0&sn?+VOXVCgmJ59_oc znw9WOe&%(;VXS zc+Jz@TBEna{jYH|9Pxe9HtJCpttr5hpOYS+dwKCl}I)dxgy zaz2**kyMBIun!*qK(}c1!y}zCVwG&2@-bWHcW6hYNcnMFkg>dH<KRZ_E0 zvj3+TQWwTwJn|=Pr9ac&sjRMVYzhela|3L5!hX@#)=FU>#GuYpU>n&tEcqiz{CtmZ zz7!XSUvX%-EGWUa5iZmF4^Fe4%@OJ`oGUN-! zHS)v-&_eHvFfn6l&!sgo@S08g0+3QZM-!E!LmL|K;ZZ5zG&gR#nT*UI^BH7*`kYZz z%92JfhYS6-XfM`5S|iGst#ojE{`K3$G0KUc!OP>|N)f(QpJ7_~P*Ii3x6 z+%~Xe6CRnMeL7hC9qGM{b@w%?!GiU4;0#yhD3&^_Ro z(C+Jqyqs>Yys`s$WlIEV2U-8b6&Gd8ps;@oYhmNyh1kk52dkdv z@POa1bANAktK`kfB9kgGJFo~04wmY_vk0d)_`bFL;gp4k9>oK9QQMb@4`aa}`?)<# zNQuw;8nl!joN#lgCH(kdx(8Uh36?+1u0P%{Z)x`6{qA%>TSK5GA&E8Bfao%sD3Z(i zU;W8+prY>5Z_YIJjwOg_cW}kD^tv3`e1qL$dvi(cc(5IYQ8_(3yB6YT_rZHZ0gG@S z_Fa~&*1YHZ&u+6+?zi&{S>2EUZf^o^<_bB2Ih>o+c44ZY#sdyac!X%UMqvZ|j*D*H z9X@9u&?`KCO!}U};o+gart=IJ&gKs?6B+uum{4IgUU&;bwi3-v8YW$;n89ismyuIo zBc};#Y{YAlo(r89VlbYvjuG%cr-nxz&N%d+pg`xidE$V;LF`mJC0IFts_Or_rfAJu z#7paX@5$X*pDVHIM?d&k&7-B2ctix;e-yvYLUgE7h9;2>?42dR>sEv@hl=vUKb(h! zg;m5icOg+z#`S=+SFx`^3YV&x+-(SnoX(}td#N{xD6AWmZR{m&$_9z-$D!TD))g-J zKEI3E0BpuPh}2|HOcTQ=>jZ z0P$SbcNycCu(1H>qT!d2z#t?-Y!tEeH#Mh3K&!6Aih7LxQn`(M#}9VKn2v;u$~Yam z-gxNh>nZQ;H{z{ELQJeQn)pbu<}>}g3{Vd1#%Oxxv zsnF>WQCf?l5pag93Ahm(!duxGyn~D_y2ad8C6cmI*3SFtUv918Ky618OsV2SONT1H z|0=fr{hTKAu>d0U`O4{2*Xps#K=ys>ISF`sQU_>j^50D&2*dkWOHerT80WceDoacZ zwSdYBwsQzZ2R@QoI$nh<7ku>k^o~HMzN$)r7ppd`JRAkeCfR7GGXPpOxO?Gm$|w!c zHAm-Kba~L=;ygB}i_i#~ePyx=L3o2#LU_Lz;u@5R);Z``dx;&k2X0fJ&snW*okbskV*}X<>0ghQ>R(Hqd%|jN5FMt}_wSd?5O9S>Q&RQl zUp!3}5NP#^Mf{3?KxzI$ad9Y6nv_BO@IGOeHkdDn3R4{kA2K49A;BmtC3-)P^6k7z z&jCu`LWrR$gCY#iDU75tvpj?v0=9geVT4`n+S`gR!6C|!K>9O>*_vcKf{>3SaCE!5 z=cqfNI0y5e#33{V8uFl1xs$j3mz+xS$aDC?tlx@QC~$Dzd-)!&`oHDkOtogg(a~u( z<_H%sYO?y!o$4k7$`V&6z+_h2`DhgX`CV%>c)=X8BU0BvhH_{wY64F(q4={}jExDkB7Sn-tV4h%tb049__Njw_YuyZaKv-+``<&k z^@jyzUN+A#&7aqqA=2Tdl%z;}_qsv6P&`J5{v(6T(8veLh8-YLc1!yFsX*0j(Z0Pe zuK0}$)z#A*zFb?S+v_Ai7RK+=F2~^(C7ebxE$YT?Vhzh$D_yGm3c*FbX2wCzAvc{9 zK&rSyz%`>uG&b$FRu#{R&llp^N=qZHM385w9*A0eXZrHTS>d@Y0=1W^`PIf6T_Cf1^R)JaE2=SR2qE1c)WU-dmO$SIY3 zynjX@L*dg&v$&5LzN%^Mq(H+j;+5Y%NHSFpPguloJaw-X$Wu z+>(~2p0wBC5P9q_*xey~Ik?b&Pa`H+;-JFUY&eg=cY-ppIFZ!BS1N_Xpp zQzZpKyJ59TyJP5cYnmkL7L}I5m?j`YpAZu@N?zcBLGgrwe zeS~_5G<)yw1US}$3kBB8UX&_Ik6ZYk5&GgdAXg^(QCPFBw8X*s8jOLK%Hgg=3Y%O# zXweN(Z`ksisS-76@jSfKj3>KcurkA*Ke3Q@#s3*g!-EhUq^VPLZfAval{ts`N}Bv9c;YvPt7pBrYBQgy!mh z4+|eoIW8|L3F~x1M!*%1t4E`>e6c;5FYfL7&EnDw6-v)tiJUhLJPhjdyd zB&7rdADt4yLfZpeZNh?6U=ZBf;>V4FS1U+0k}35BAMwR?=qnJwgCOQ?7K{Ww$QCo= z0~&Y4?}au{iu&PPP(#aRhSUZV+*jWxFg_O}$!?M>;xw{S8`;ztb3F-SfwL8xd`mJv ztOyJ27R1GX!xF#OP#+1xP-4d#F>3h{aNlXRqkAAH2YHDo6rnBl14Tc8OP>}qM?M5m zDyr4_tf1vz&w85CE>|;@`*y-CuW_~dy2U)=rx7GZr(njEOg@E;v=6@()-@;3{WbL z`LSLS0wq(Bb^>f<2aa-#e8Od->0Pw`+UJz7((i3kJp*!nSAW~f&dRmAY`Kz<?D%Qj7RI93m7aqrD$AhVb4%s3&%sZnZHS-V-q6&?}*;8y39E=)4Y` zN+X3KoKYm{`Q7xDzP@+i^SvY^LJ$tJlphT){_sJhX=Qy%34-gl9FPG)i;4vE{Q-MM zTh&k5D5mI-j_B-%$MegcV1ds-LM`Rb(Wi)FHi4iyHI3adkE7qoA3@OZozp0-vY@RD z!H@!5<|s_}wuuoizWEx#$qC~Ctq!U7|D)@#!=h^2?{Rp7?v@xjq@^7cq$C8SMN;V$ z7*arip*y7orA0xclvIWgkQR`V7(z;rMnvLwq4)DV_vbyn?;QT&aj3Xw?`xm2&b8Kg z(|MaRf$`?_SNHgLy1{PMNeLCe^`UF0%_Q~dby|GllQ7MU612OwS&|LM?A{g;ihyJ9 zV0;ewn`U3(6XCfMDM)tS<1|>banu*1a!GV(n19<5--Ln%b;gzZlF~vDd3vec7PWYt zOTcm1VEyA4{>3NSH^ofaSY^`KhyWGFb&=xmd-C>gnM^iq z$-fkw+Z%}1g%HZvs;~^KQ{clBbH%Wa2KtK59oj`!fv}BjG8?qp0 z5xr}Tcb-V5Uy&l8T4o!dqfCTFkKkDaddMG4y5C$#n>|`BO!RN7TJ53X&m3-n5xfYq z`AHFugX&-yW7INs^cNEs?@wwWvQK^3Lvm*Yim3mT3H8<&(b~4g3)QJ*GObqr8nXC)vExalD}|t z^=h-GE+HkEmNZK&aR7AcU>|5k(VADW1XUDK4Za9P(66MdP2BouKp<(;n%DZ$TH^|~ zSh2+4z9M?CM8NsdxK8Kso3QDUx!Yz+L^{#8p56z?OTt6tNsVaCHXZ1f>R2Vd)R{d( z6RXXA#+~XTM9GI<7S<(CoIM@!-#w3kATid;(&6eh%*f6})+;j{C)<`VM7M585RyV% z#cZz7_})FJ;-Z7k+OX|&ALjgYFg_2Bln)`ScQ4Iv14h(BX!tGO93YxgNN+Q5haoK> z*aty73%15F@pv!-2~k!35g)E*kyx@plDp0(q~cm{yl{VvqY~wxf}R}N6}rT?+5AzW zS-G0rFLsH?YJi;vW_Pby1>$oPfyIml(8~9wzir@|uK#RR{EpB7`!=s;#Vn?Xy}Gv6 zD*@E*31oWkp4Mv|ykffQT1Tu-r4ZFpkaO@m-6R7KHyV7yF3vhWGHFb8jnzI_8h;Aw zkyIzr+-iFCn81U*!MnPe$3%r02WbS(wb!%l8NM=e$kGlg&4+i6@y;y$ z&?R~36WywF@s|kc9cIF3vJc2SSgCBXt4WM`sPht zL@+Bxcg>SW(l|nySQ!VqJ@NA$D@siK3smtT-K++k@Zx!Ph?A3(CIvooh`A>>li3yd zOrsoWPZe!?T%;mnD1!1Xfnbshge;5Kc|;MP|30_g3gPsm+3(=O2=8|mffS|HJc#7m zcaL@Wgx!oUiIv|#33zfyMj4u(Mm`*aTDC4_K7=>pmE&!HeBiS>#BR*5!Y0bcrTxj| zwA+TygK2L6b}wt)ehM`fJ#4orJbmsqRlkjC3H_pWMa~L}s2odTr0$J+q_M(PGVJl#O=!Tf>ikyk*U@21A`J2n{-_K6AI3Q$Z4WLa!BMBX$O8Epn#7{WZ zd=@+7SsxJ5=Ch(|Jn?=Pv*{AB-KYfM{h($_-6gMI8TuLnX^p~P4e zuKqh$m+B3M97u4zmoG8r_zhDN*IUyw5(Em{OqrE$={zhkFlcPtEnbnD_iA_yCy!#r z#rC3tG%AQ3-`RYs2IUUQjG*?Z2xqbseF`oDhrg0N*?VOmcgyTmWvpG@4*a6MIA2ym z-ce-y`?m2wBG*1yO25er-S-1|W&4ZHbyB0z2NRXIw%IP5=Qlj6Fl&gYE5#WOzLdg8 zXheH&?)@X}aSlxD#q@43%+0F_*4wA_i`{u+|6AKt9R8HYTo2Gn>fc`8-+$}avUB+K z)|;CX59;5A`QfFT!pUf{^ho~#&lkI8Kf|w@tECiB;FU&A-F8J(~h{j2amdjegkbn13`24h&kn>qm@p?K9-dtsHrZK5J!+k@Ok zU}xvGMrEY5PNre_zLG<9Epb$Spu=7$nsT@aavNi=Ms+8Q{bnjtc=s^D8SW zg{A^!QDvCNd8TIf>6k_pg3A^ASmeebHG4|N^NkUrw=69!>G2umo;G=Kne!khmvCAK z79_T3jnBtvjyn`urR_@g2yP+s&~`ax_{?ys?CyTnM6F+QIae|4FqcqmItx9lu9>(e zp)b_hW6Q;|Mc#qE0UEKMgQ}0H7n5bC`Jrs#e7G?gYJcXgx?W^T1Yth$Hs|+|w78yw zxm_Nx&sAKKkQtXU)D%BO0?5LEp$XqrTffRN{qzn@tP;JsIum4oplvM3QndZnlSakF zD=eH~QCDB1R=0W{ii^|%d#x_-EBPP$I#Zglf&(y>owFc-!b_g{0d{UCQ7OZ}5O{AmZ*qtgsFOk`>JXDvz%$Otmy#+APhugZ*mx zE_H*S#rBN$(sLK!X{xokv)6y+g}>!N&G(+vf5v|N)f^ZF@A!e->nq2CV#>Os_}ub# zqFb6nX(7dtXc+s<$teUetGB%XmMAeZ$dL#Yv2N2Q6TLI~K^!m6A4Mx}pRWA4Y5f?2YSr`( zuJ=&mGXPQAmM@Ozq*$kcMj{+vN=Py*t2LKA=|NjN+f7}1BZoXw(mvvf{AGNx!HFC} z+?nB?lBHL3?VxR({|K00{jQw2s3X2?!;-wbiKcJI2TZcNaXGR~T12!t#hdoZ8aR=R z{20phig4g!CS!SWf678VX#$syF~+_8-utl}-chs-l^}d2zerPWoYbty_r1?19t?3o z0RvyoA==UV@}kL;7e(LF5;KwFRS#pj_}^1KB4>CiS5ohUQgM9~)fS3eJWC6 zwS0tI6RFkXQNZ-4Jk^!G4Sq~Ta!1Ve9?gr8f>Lrb-|e?uo$olyfUHPeI5BDC>cSM1 zjEhcshJS>*_l3m=fn4O?Q5aVyw1X>v*D?BWiC>H;CH5!@EPajM1a}(3KrsxvDp+rz zT%>(u)jF%%`0-&8Kn3LauG~i>MbC_%%Qj6DwHF3XR@3HI>24DZx1?p+&NLna*rS=Z z55cX+wL(zq@L7)-TZzKwyZ?Bnm{$KG496+}8casm$a&2|T!N*P?Mb*q=MU%NDGiCM zTe`iZd|;(wJiUh+ThPxR?A=(}x*M6*V-%&T~)M z9$F0jdI&@Kx2bt#sgVL-Dll&SPKpX^bhd;eW-n`&;v&^tHcf0aC|Su~N9q$e37ge( zX)ytyZ@;pZUFQ<_Tyg)yL+gvl^RJJP;Q77E;#^JmW(?)bU8j z{JkC>RFL4nx3ypK$qdb-myUtIg}(w3Rf=li_>KUmh%;fpt|e zm%_uj^~gWqy8%EnqJ{1i6$hqDk#X>8U6Sq}^u$2*=HKBIur!Z`;D5no1cSNvhW*cE zpVlbojz+#IDdCx}W@KWLre&tglhs@V_RosuluKQ*O1_#>qb!V!jFlW7qF$&=L-1n- zHxNI7<`^%OK_>L8xOQ(Vbw=EMAL|F-{O;wm=5dAhfE_%AAfSAun6(0#mVtqRxo!?) zAMHiIGqYAiK+#qeRl}k6_~htTM?lN(ACE)>SDQ0OUYkC5uu5%gJRoRvn?3n_b*@?O z5Ii7?qr4A+dndnQMP#^{`tq|O_*N^Rs|}}ymS zMBErk^C1?;bL6v*@JwxZXd&kHpxaW{&=7hFhh9eJ(c!eT1&wA%g3Ds35Kn%=LDUaZ zPkMfgsJByc0_y;`Mus7$M(nv#2{mp7?wVtzKE@dP9a|eE|K63L={`s_zcMsM^&A;3 zj&P7kU8zyVO93q~SNvd(^i{uI1H7q=PF%+_7J`4# zCF>d_QvEYy0YFuO@U46*N&EybrWhL^C-$iFKX8iU*{G;=H8;=o3fI)4WOZ7>4F(cU z;RC$JE=?4*~dQ4LH&@h>cH{FZ-)_~@+?M{)qp(w(y%UdPZuAW zAkPN2napjoLU`>QRIIoi(ch&xKU^{tW;s{-c++?$=3%%1hH|(fJXMjqh`O^04B?#M z$^RFq^AGt4B?oth)*E!VL}6}X*LS!A%fRMERv$THI>98Z?59sZ+h2ttb;e$o-HmCB zD|x8b3O_FShBrFwAujG&@KFG~^A9PwY~_UsJ!z5nM#+zGk#vGaae4JH3aTqt;a@fx zBnEni%gdwfWOo}dk?lmAK|qVUeR)W#%9Z_Eq;wY%&HW(2a z$BtgL`tnM0jH9Ry1w&+VzswOU9+EBsv^Rp4?^^8MTBTY-^exhteM#*vBRK7?>y1x< z@N)S_`v49ZUEuP4C$O{YHT8$iYxbzeRlQ@<6ze+k-B#Io7fkO`ZWZ4q9*SrI47&ss z9_uV2b*)7r%8^$l7f^#D_QNE(o#(0 z@GV@P8*P(jG47;9iEP!BX=+(6E!zZd2f`$-UOJ-!QS!rZ+P~K5E+a@Da+B z=h4ccT7}vFpYH}HHh*(Djk2;iniUjFmu};e@rsMN}kXM51-deyxUVGF0_!kw^G1vk~e-qrYfB#^EF6Dp1Di8{l3V_Ab!y_YCU8ZWk z2S`dvw#L9MA}{MEOM#J8LI-6jM?HDi=RTOk$$8 zme%3ihr4g?vA<1B)zj0vaq?*zj7TVz2;e(77mV??k*EbBPJ4+1jVtSTN-nqacTaxp z0g@Y#dzP1#QJ+|Wh7QznVE3X98~hytD8inJ+iU6SQhr#+Jb(|W`1trJD6|$R$G&s< zYA41D9%=410~mr8Sf_)eB?Z=J!b76~iTaguLsv^KyIL=HK4DZmY#mR;WS#R z>uYofb{m~&o-w&Fn>;T&{Q&UrMoSvtqf_>BMCq1Wk%g(^z1{6;q=HnSPm$z9O zF4ma%@jU1(diI%&Ux+I{2|Y!rtd%ejAY^P>mEH%gR=~LlntU`#X9usCFxttuA1G>1 zs89k#W!FSgM@J2Co)2Nc>eE0r+6@9m>$HUhtCy`>r?v#}-_*o}rH<&)-vquM)p!XLoVYP4cP;~p z93n-_E z8;Rlsw4TWjPD5wuO&ourFmsAmW7669!9L-balKy$9JgelErI{F=A=dR4kHc_Jw;pJpeF?{3lA?E6P{k8UcR{n$Dq+fYacrBz?l%|tA{agCFXo>;M6h2i_=SCYy;!CAWBBj*nDO;hIF0&{s}*5cKIq*!+mj? zrQLv2tlm?ZGn(A6L-?L^R{D5DoU3eWHKgc6`{TD;X%kn4SQn$Q^eM;jtJnQa^jeZx zT)^RT-&s(eaQ0@#1iukJ5~1@45(q~}$M&XB`f{s_==ksWSj7*{-WNExATCw*k>i8L zn>3d$IiJ31IV1949MP8Zt_a~0)Jk0e2cxug?&!$3Ojbsw=oHX(-%>T`O31|;atQT? z8y1(8nB+pvk`BS5<5Bf6>oW&h5t_17a1x78L6&-Nk72^1T*qO^9Ak3>xzl~>KVNS^ z$Eqi<{LasC^Q08>pEULD6CYQ$8;_2HoO^309~CRS>98q#@{j1WwOo7s`t*7;>b!+i zptQ!2wdDklj+Xh?U`J}}lXoXf+sC_y-Q0HNz$^O`^Zym~4axy+ zSNTAm(1LvfcLHWX4aU^qB_tjFP+7SR!esZ}kD8!QTCg@H=OmX7N$nT{cv5kEe7s3k zPEMRJ(TNb&_J@68RI}RU+qZ8APL=(})th)!w-2T)Q_QNPpKn4FOzT`f#e#=_eO%Fr z);I>PaFMe3L;g`);s~aC{J+$ez@Yd|(ddc!`Njsq*5S;_^Pn&LD=c=&^|T)Wr?Y)4 ztayth)78bxYckMy^vZkQAu_VQ?3HV1z~0)m+Rq8ty5ZVLi*f%k-5{)<533=4j3Is> zd``H{Z0Gxv^8fuRhZgt)uVWk|h!s~1SrnQLoP!skxt#qm9)u>+j>B9p!`?)A(y}pD z?*rAp~CUVJeWwb@Y7~ciKh@qTwUg*55CvDlk z7)(u9MDiTzacns8K+X1CRNU*J&qp23?e_J#!`PKV9NgIB_^esGG|@+I-sNYmO|Y17~Sz`E;O%uD}xVlF;!r(nfYehc>es% z?N6Tq{yFzXI#$cieJPlfm6ZXxwBrh&`sBh&rl@u2HWS%DUwY&s)A?s_bA?tjZkHLo zb-DxKS4}psl9E%v+V_*HPAS2nxU=13!v_nnvp@i74g4E-3j(gxU7tZ;1VBkM_veJ zfp|psPj0@AA;Y_ph`% z*>4d(Q|PzoJ*<6&*~&U%9w` z6J1zeU*FJR90J{*r=OMmXhHi|fv=$nLx6BaOG|rnm!f4{(5zmEAt5IR5jdFtx7hRt zGhrPAZR))EYC~|HgAMzj*n?5;Z+^X6bc510nHG>P79QxBnDA?WEQ~eF&d%o7*qUyj zp4DnKTmqS4I2s=p)~6`m44(bbIm7%L3@pZSGR6qluKT=emi1mwmB75A(1TZSCtUQ` z1~(-gd&yJeK6*Qj^)xX&5xM^dm0064a`< z>~lDZ7x>2ZzOZab7R6#d16-vsoHQd0nlwZDl@km<{(KbCi%JxMZ?YsDQ%<)$Tq{mi z-uY~r{NFE1W2-(A3x+OP2fu#(0OvOh42AV_ET{L{4Xhk)n9`5{A(F;BQ$&lfvad{4g)46-A%%dXax7WGdGxKaD# z+wg`$5u8?-KmA}X3}s_yw~(b34F$s=b|E1b-#Xg=#&S_S6b@COQLCJrVfMX0WKhsa zx`48#^jQhuMl8Kkw}5GY%mt$!{qn`Jcu55s1Sx21All93ol8ndp>k+S`G&(A>X}SM z1x#Q@dVnNCja!HC_04Tu-dk+17CWM;EB0@hm676kl=!}IC*)$j2kNlrhX8Fb9c6)J zbUXJw7397^8EF;XYviYhbvKN1hN~++hZ-)rYg{qqGuVB1Dm%OI=6N#snh>W8OU1cpO_q!J1;u{Vd=sz!Q5>$8D7hV6GQ&R}Y%Tf{x~ru}untl|DN*%J8Bc zDoG1324bTgenTy45$cxnvnD~X8rr;6d<7F!!U$Xy+Qqq5;6zVgD8RP>aXqKcd0S8`;HryvpOJKU~J zJqBJ6gqmU{QTTw!cUlR*qwRb{j;Dke9MG9a1x8S(~j^4c_TpQh6nv(H_3zuDv2Y`THFJ*tX z-A?Yp3&I+lU)s@Iw|zF@&Q0BQdiCdXI-q`i@Y`Y+iX!RDzRYZAIQO9UgleuAA+9M| z`T1V-Cll_zNM*<7ndCSsW)c0;=F4nlyCZTpGWT|OBOV6*?*LFk5~ik1eqC`LF1mH{ zOzAIfa)7uv;4GzAT2Ay_#4QYyb8<)o++|YuA3$p#{dBF7#gfRAtkbibH2J)~<_TEi zzE7VHy?%!;Sisf|0-NPH^ghuN-RJmg%nCg{J?U5OSMU-_fGwOetKiumGOO+dMZ2q>T30+C* zX?6+vz!X7_hS%fek; z478UNTX3|-%45-Pt@z(V)B*nBhv6#eiW~Po_zUgVzbz;DrXGAPX)#xT%zvjj*(|@naFqhxTubg@#c@U z9#sz4qrWEk(?7~QfY+=vkzu~%6h49?08VfUOdB{!Q1bHXJ8$iM%cK6&ucc4mA-9jT zJUwfWrNu=>|EpID{{(`P?bDwiN6`^N6Nw&QKb#C@MYrGL!Wb-GKo?&vNNyxkegX9e z<;>?WzU~;ygU&2A=)fzWJZ#gWs!Ow5-+UxrNqPz@PY(Ji-oBteDRO&Rm zr>4p5B-LB~;Tt{{Qu}%NQuX)eua&!FI6g3P#?%?bMl5}?NLq#rudt|VGSE<9jUNAK zmve%lWP;9Qb|I>9(f|G4^mxeQpIa@~U1TRWa3icik9p$ypVKe#C%g;VTn4@N|6cEVpjU-uk z3GvW5S5VB!r$BWzqxRSLnUx)FE8Iw>0WU0cZPg&hj z=B42^m)dQy7zNfdHhn!kfM88Xe$AGVzB_POTl+b9s;J~pIr_cdkL<}<^+D&cQOg-1 zx!g%fbU_yaQOpI_GsFb4{mG%?KY>IO+)6MC8>)4i`!MqQcs`Q#@73u5OzyK=-+r=q zcG84$XQ-DD^OiUe6qo3*V|FSY17AMS`Y?ISIQF0XA`W!EV?JY|vY{w6-#@!C>3KHB zUnD~^<=YuI-163Wq@;hj05q59LYZ1Q$Td%cP&`tfia&R+g9j?n?qk(u5-wS-UHZvWqsD#`-Z|xkO7eeD)Pm8{~9T z!Is9q_5!-HhJT9v8xp6Wybfacn_c(^3 z>UFUGmXt~AF`$83{Q_;}j@zce0x7K}N+j%s7N#?`W46R}_ zn^fN&z%t>AMcwn;pB^6O=m&!0lx)+w8_A3t7J1AWLpQt@I--TI2WjPA`_{MxtTG_j zg(@omMJ>>z%U?#P6WkQfGu?80I3Q%$YU%y1BQ7mt(9_kbEewIUK0W}5SCj5KkQc!$ zg3dB|mS$`5z$C3c;bO}*r%K$$MxmLh>37+cg99c)RAonB%bMCwQ{bt8{#7u_?cWmm z8T>HZWLUCZ;zL%*qV^PTrp9K-gH z-*oKsR#@ZX$9+$i^M_-RAb3E@UO&=@r1*M5Ut7r7Eyl%(Uc-9;`|Z6k;hw4Kz@3?vfQF@|Y1Ebh zfQs=ZLAmOOqXptzir#*h>NG;=@%5z7gg?1u`?uY{Oyc{m4A@N?<~iH9hJ=H7W3@cD zpPkK^e-*I(7fxO?JR}Kx^6ysWKiSXw77=aOB|;PhmJLG*I?!2K#uYqz_BZdL2>`j6oFUx;LKE#(qUaiGn5+(E^GR7+B!4gS} zHNoQNk^_K5dwFjleYcZF7oT7>m-P${c{qO#b|Dp@I@gKrK`x6iZB0}u4Icj7JKNAd z=DKWOFqVjrR`0iignO-5;n{NFHww4`dISOLrUpPI=f1tXfG_53|5pF6BBTD9U4pN# zn^C0Wcf8LBO?XCtB4Lrixqll7l8Yx<0WUjBk5ert<0^O33q^X|WopnCMvZ5)+axx# z+uC}HdaM-m^$Etg9BorFLy?u&mT@{EQ4ILZeV{_G`sg?kVFJf@0sWUQ;rn56I*a`g>&nX7UR;2_5oO9t5(?p zW0-FAE~~kczPsx&xeBHt<;wVEh*V|McM_mPz$Z)b>%5;+#ga?TAh!Rxu&cr=#6SM1 zd74EoaO0YmW_AG=&jeI8Nxl+Bq9`*#iOA;D-*w*=c(;IqYxvr!S2;vi`jNaCr?C@{ zUNCW#0UZquvf{01c6pcgoalUb_=pJCwDvWRazN#au+gIKeBC~{VLUDsj(to`hfkj-^|g6i8JgzE-iL}~8!vU|vCsR_n(>zFJY++|fAbz>YBO*F zXK>>>S{f{17RWb+cizC&e+)waM<(^(pp-q9b5ekkZFGZZE9{aKq4b@SAfpC%$J@Tr zIDyfEre+rG8x4rWk4BNNcF08+*mlP0t>I5<=4gD$w)z-Dn_{>K{8zIjCY>4_K3k1H z-~jQ1d(FJE(QCmbALKXoMbL9Eb|tnmc6?#QW#Bf4 zlI_Pm5L^Bhv3i!mt&x)lsV=TB5OUHkxRhY{sz3Vs?AkX%l~zTHawbN9RDsluSb34| zo76;ei$BNagAR)z_{jp@eGE9gVF^F~J`WIKNA(r;`>-5;63E{%ec!(i{U!a<{hMed zrH|OkyP!Xi*zPud{?Da5?oou%+Vw+W5 zaOAi-6XvY7PigDm z6*8cwKO(h4zg?JU5O}iFWv9px9*9CI1fERsSKY}(x~B*#nlK39lMV5)3Qnmn{$uqf1r25Ct5=FQsb`rO&z0zJ$e@+ph4Wr{7t*!U z4=Hk_VuM5yDBQFum$#-djzJX)Dvk!N4f9X@ZqHYMHy#`uP)!Isq#4`@Iy0MfVndJ@ zIzOOa1Y613Bf|C-8H;YhUo67b=SR@?L(b05^Bj5e+7E;&Fwnb@m%%GI&m71llmSqU zlA`b#(JsXuTc;X30l{U=i^4KCk!8DBDy&Qm_zX~!RG18+fPJfWpZ+V z^F@VdxD^+R3#sChQ?=20p#izie!@H_wX*J*0c-f3B(Rq_KBG5TGTxHwn9TVJ@ZNWR zwDt?Y=3^&pyg$6;MFSpA4Q^{FP{Ut-=^y*)NRBge&=bB$kO`sRn+EPi(^qhDQBxYE zcw5s%YBc5_^E^M)op|T)C7JAmi}#eTGDF5KTsED|66=*$&4fU$#xfRail8U+Y(ee0 z|4>t_OGvUKw-3K}8w`C_WPij!mTSdiWjULl1?RGzTv*)o55t1pP&}2D zR0LWK2pEyMv8al` zFZ>@VhbBG=;J`S+4_APqq+@OvMN*X~KBG-KHpL>+0qU6+tT!9wmzb7F$Y)@-1)1v|(YL;pA#fP_-YdoiB++oI^|UW79wSY;tb*znp|{}QhvkRsK0 zDtzhVEV}#xkcpDMHqh9?$LIm}vNZVdoddTtd9(Qyl+MkVDdL`Sw^n1)<48+ptTp>>ji%; z>bSQrGxBY<$E`;!>8F-vl!`e<0L3#6b9SP=J4+x$N%QcT6moU<@Mvez!;q6ZGL5(s z2N{MDsUv;_CwkLyJ?#yst{KKt;~;(tExa|-s&y@ z74Y@`yGtC^IV@f$7Pt3nyIwj^t!LU%VWn!T8~wu%;VGS5{G$xY!Q?Lp!;Z8qguFX; zvMhTfaxgDrY1rAAutx<4ND9m8Yi*gb<5tL*W^oS&E9!0o>2l@*iq(Ju} zC|k%;_*1m4LzwBfM|?e}bckU1^$=j@YhZ^Nl&pwG3QS+Yu794MEUS1U=@tz~8SY>F3w408v(?l#@ydS#FNpoy9!j&_3muZ z(X|HWaS8h%qrbcy`piy?i=a!w01dCM$acMZ#LD&0+5ZTt)_;0Oz%~Pqql1p{;&CVy zxJL;#3J2`3y0f7RUw-^Tybc;O5W)a6u2A{RN;FF12IOaEc}G24e1Gz zH=}di1o2XH(lOXhktGZR@(TiK(_9(fZ5@4?9Py$NQym>_-{l1Z4UO2WPs){ex4qo~ zKyf+LiuUG+1Q@<@w96F-xM*CTiZ#(R|aWlet`!pH-W#nIG=-wZ5Dye{a8;SN(5k`#~78ZFTb8 zMgN8v?As^U*_ykjkI<35(wk`@u?$xK?4|avx1r+y=l074YJ$c*5`suN6+kpOg(G}j@3Hn|NJU-a)GX7E{|!ZI_QBTh$~i{DFHwan zkLtgNnlUXJKfaj_284DKk_KQiG7;3fXjmk6G}MjPA?*pJ!uAKwL#7*G`5(ukOzXaZ zwAU)dY>3FVTI?bbiY<>t!sJaSN%hCe&?3qJzJ?9r88GnUe(CracTtcywbS_Z7@LO$p_cS?(X7v z_&XGH^i*BjkQib@(%Q`F^s4np14HB)$ci0hL91l@jjkbOpqlMI#D_w+9G1^1KI zHevJ<+keQ}x&~hVuApMc5SsZ^Sv35?Z4(tAuZQ=njl8g31G_mwfj2cRd;I+mj~#KZ zP=@Yb#*ULLzBIYA9qyJZdD_FAWXyP&`K||SL!n0~!6fDD52Yd> zE?>xr8{qOdD|&fC*@22;_cI$5fy18@l06G4xF+*xWztJT)|;L8u(l!o#GuLe48I3zxL+j7!TtKK6GE?cj)7D6DT(fDoguz3HC7+(LdW zG<8gT%;3M=?g;0m7~x!O-M^;iJ=(vr#pJBKj^> zR+m4sr@u`A&A)FVF{BGjnJG6oF`xAzWHJrHpX4u}cEiaL)rwQn5b^$7%d18+$^{dta^0JV?q5Gq*G=0lQyd z>yGAiQa+%kSAMkdW<*(qSyi)(O!|&U+5E2_WG^tr6zuybSV^8-oPD+H{59w3q<+qT z2ma^65MUQRuu%(uzl@(UGKt=k5N;jSVg@!+@#Q)+epj7PM1&0&| z=}&|SUU~hc3<5O~k9Zw??Jl~#?+FL4g7Hi8r3zM1p#VE13t_zs+^{O3kYQZA-&{Xj zK7R9Z1te13Hk7BPl7ydv7EdSSaM_pZ4YadR!HkcZXNhe&rZXF(Xs`Wj-0h%rqVUPG zQ^*1+KDqASyD|7y?YSBryW49EDHPNZjrE$aPq>Q7zYGU3sP#AtM0B;m{ueKpJ&M$A z{yvhBC-HqHfypPa-l8DRpjO&_QST#W)uARz8JslJPL6L8!sef8Q2*=I^^kl16Z$o* z^y%Gkt&APl5HaXX9wPq`_RkRlo0cg?1nIq1m_W;|a&w6CyykIX*MOCmL~JA>QE4y1 zSoH}Lnr!tGI*w&P;F6~svk^NgOx%6qiGpz?7xHt^8l}xt-99% zi1d+t{zj-kZw>{r#NvBJE$IcO_!n_kr2XIT3xpvEUlj8W+aH)vUcsL@x^e!~253=Q zUqd^84?dT>TG$O90+-&)ax*dKu?HehCxWWL(_=sh_X^2lw)#3T1ZbeO9|{WE$T3h> zO22E?4rf~4X^!u6vcY|KK;ZwU zg)s2_7gRC|1W^jqB|2+hQfFn&xGNEk27JCjpqWU&gI)(7T=``3U`ukog(G15*gXP6 z$sNZhEFz*XzrYz7a@0URth5qr(s)6^S<8_M>Jrk_4>)&IJr9A6pLz6aMF9%Ww>9A3 z3sDX0@3KH5BPkpK4e#?OaG@ZZz|SF(7>d~}F$rZ2YioV_>!p{eD4@5kta57O6&|wA zqdYGrKTTpp?6e|R)y*1iA5mXU4Mhgzi8I8dexbK7tfthm8v2eZpPe4;+hha1*p}Lo!8toGuxOFsu26n zT@6o?fB)URg9Lx~^Nw0($kUV~7oc@M?1+B1#Fum}Wa-;&QCFIHJ;KL2+VJ;^-Z4qF z|H7G=Y5x6wL6NJN&oz*QF&jGTeZohSyeu-y!l@C_>JGE`GWrSjKP8<*v+a>eGr$z+ zv8b!Vk=paxbQBiw%gYaU9qNIsV2q&K%0lHDCARNV7Vo^u_g{~=oY5Jf5syIc&hcXz z{zL2;sL>j4+@GDEeh?l{NgXa7IoX*bTf>r$cMS`|!?o)ff}EhL%31^(785+xt^}CC=Nf!9Sf6G5*))pVkqiat^lN}{IVzgb%LwO@~NS=Ow?+b zk@BureJy#22;ZV_i(aA5I!sSbm+zvv{ERlgEA09wxcE+ti9dKVl(8!F58^af^lk3B zv)#oS7vK>ZIA6 zicT(=eg4%$m#yxG!Z_4C^1ZC$CMZ&=6RvxB!ec}A2M{ET?dzOzYafgK zm%2ZDMt~e91$=~R;t@K1(o{QYq!Y{yM3^9>U->#)D`)?>U0#GixBtOZ{Od3b^gIwm zKr(Dn2!>wKKk5ddvecIK&Qhp5aQ^6UxUnB4vY9}5bnkeAagUAyl z2j*;gJXCF6gv_ON4no^%rrPpV$}D9fee$o+CFNhCDA;T}(Yt)+Qr zhiu>vyfZftJXm-sNZ=8OK-UKL1H`(E{xQBzctD3xZRkks>(Hg{o*puF3J{@>I5>_&h(x)3;mf9BUhhZe`isuI!P{S|$$#urVK-V)9o_ElO# zP;jPfTTbntgcBqC?|Yp>!>=|9APopUG=aq+=>-oLx^PkZ>(6aiV(`?|6o801-EgaQ z0ocjaqfkL)bG+?n1=w4P|C4qM{Gk+IT-t^7${h@E{)`0&`MX=IfXm>Vt-gU6%>`?Q z0=uey;Cko5hK5HA`=Z9(<-1z~W&tGJ?@_wsCs%@oj^aMO)hOAT)bqCx=t&}6glmnX z&)!o}Te;!c3C|6o&J;G!hyxkzwQ_ZvwoVe5?n})1M~k^1Ps<6N(nIRc82n;3v$nPd#2^rXr%#_geCq^eY1l*H@YT4Z zb=$mhf135q%K4~X<2R?PGa1bXU%m`h;PX?bUm>Wqa^LH0WM#?z=!#&KtFrqXb4keg zo?H^1^M~K2-!^OfoHH&L*XPWmW$(F{@(C`gy|BH(AUqOM#a_1QmNBco%Ei3oVx4a`Oipc1fHY&B}&a5wAO2|S= zRzDiOHKTV?))oIdVQ`ZnE~ZTvw;Fr^7G>QUg4+Zmuuy$CT^Lrh#BD!IP*;T=y32jA zqT87+xK)Dhu$<2m+b+^uTjE{eOq!cH*=f@pSb6kh#4}+_kwHrOYi4ngZK5##y3c+b z%>FsB>cAA-xj&PzLFS`Z$MGD}wZyPDl@)jHeb^Kvy^Xa`ozB|w%_v$*?QJ<@rJK($ z_R8wjHTtlaDaf2H#S`-X=ei+XfE9Z&_p|szk+)oPziQQES5Iyg9M8!8jgPx~R4Pd?#r0 zc>gJb#`mNg+tVsKdXK+)mQwovbILFH1^;juhn1iSzyZ$Q*2DyuOae928o0)idUZ$w zw6NNGqvdew%@*1lVoh0VJNaoQ#J^s6GcActuzUCN-JPjtnCi6vRWi?tFU(M~=TwDc zMK|4BR8sskrcwpm&fsre7kl1yW0sudX89*pHop9KuMfr6qvnCTs7vJt%pPtftx91lAR<(;pC_XkeXzP3}N6$;rW1+8a(s>BaoOGc3w%SIn zX@m8TipW*!r{9lm_`?x|pWg3{-PL#*`2Vr>m0?wGUDrxTNGc%RC7sgUh=incNyirH z-k@xhMnDni?gr_Nbcb|@ba%tIIOn|QdA{p?{o%zA*l^!#u32M@Ib97NU=>ObMMlxH z!c^iJPf0v%1I^>mrq(77U)u|(<{|KQ&b_WkC-=}(bhTH!xSJHhuFfg5bG&1Srb7)* zNs*R8`|L0OL?Qr5E#NaD4u>%TCnfr40n;&u_hVYqgH!g?)}E`Uy@?y~8$8@1Zjxs+ zSA7lh*aQv{*-j4;4!x33&PPDI#h^}k^m)jXW8uo$7CvEQeUadud(WTBQ8w~jR}5Pe zWL^@B!kH}UI;W2&$<5@3_z76@+kU5ksHAzwxWr`aBFk9>pSd}!O_JN{*!0WPu;x8? zxCQbo#)WKp1xQXCbxE1N1;)jsd6a88I5r+pYz+uY(>>#Ji;(GKnCkiY!;2L6t6fLQ z{pQ>aYCQhGHj1KBHDDousOSp%ld%XW$XJg8n~gaL@%SGJ@bjktMM^m6Ti+=G4>{Yqj7Y4KclEdoW3uv1+uGxH`eCACucYVZu^(xYhdqO30Q*HYP&Q_$nt;rz zV(`ez^?>vHGk#$h_EXjt4QYZk`2qL`9qahvitcL>UDEgMH4U{J)`(8B8z(O+-$0zQ z$y%nMw7shDj*t8ZPl<2|a(B!K+j>YcElnMAE5!3k+{b^iAGPEq=@r!v?gU5-UoN=W zl<$Nj*Lz>vk;UDw0XF!6fO5ZN5|t`r92dF_gc*4Jj1Ue&4DfJ->j<#y>@^^n&iDXU zJ1G0byV?!qDa5j(=HM$%MG_!w=B-~c1GV0ApKEj41={PkN^g9r{ibQ`F2g@ZJLFNm zT$eK%<7Ut{0fcKs#n)d!GokmZ`V|(#-1NVkCPoj*(7rrCy1s&Ypr7Y z?ykT_0wZLz7h!3YTUr?HPlNa`4DK_lcfH>}6V+}|IbrcATB4aRGuAjsJ1iI3lZ|1G zCHj_ZEXf7aB;WSMz!x{T@n&f=NGh;L1A-O$;*uI$ z1rfhLIjGCae!{OB|8~5kIQH|q{R^W=sFZ_Bv99gb|8?|ZV_I>lsqp(l$9QD6fKCc% zIZV%==N1+koZPQGtf{R%twVW|q)Y$n!wab(s;PS7FRQ#lf&xu5%Q#WGw}(2g`ogoe zxqYNFg6<-?nYFOhz5eb6rl;=-XqapH{u`_*crSTkYde11ndqAaLYT1f- z{tDw5rMf%EqSL`^s$)0V5YAYEK%BR`zi~Be`y{;cDk-kUNOH@#Q4^}G>$0%2C@XAn z{fN1i^z8|Mg1@ioZ<{4Yw|-2`rt>KC64~OqSaNa<+-3yhyoz@w5>&E6!SH)C z>Rx^M>5pYSyu@Q6UCiwFU~dUO%e{Tnq9S7fBLQE@7b8N=#)}O8%T7`dP;9aaJQG2Y zBP1kr*3n^_4~K>lXI)}EPGYmV?DNY{2ZI~Cq(L)X&>}t!p{O~I2xer1+?S|`$ zL+vb^pWUufBqf4e`)BU5=k2nq-;c`BT+(MxbA(3QU}IqjC=h4Y&rIx$qD@BG?_y?! zckv00JHS~TJXRFs6ABIc#QWa-X^Sa$l~Wd(dS$}y6Mp~le7(u3L`Ju?-~8d;r)Mcc zLqRu%c>Le@u3>hcOQ9MR;5Q&9Ogr8TkC~u>a~PIkgxp_Sa3Y>$U2q9#AOgx?{wNg6 z3}K9Pr{Uw%URhjsJF3=P*eAn(o2Ozoq`0xX!KYaL(#g&lPr+Ia3Co?NEdI5Rs;wO@ ztJUZwsq60s1lX^(77=sB*X>oK(cDs_BBd_i7@R$zcAKGL(YA7xqA(xz%KHPuOA?jh z?#|~tEM>o=WBVA*QK9o30-ql2mmnfJv81r}!PioB^?D)Y zpGy>oAjbgmhi9;smX>tCz8NiO%V^qh&z9t zIM$zKLnpm|da;lHaj;QOn83K_l>5W_+le5DyMm&f9-#whw6Df{>(mwqiN4bKNYdkP zxJt~5d%525PI}uSg@3EzmR>+r{QP^Td#03p=Ud>##v~I&hqQ|MxB|{;*K9pp}$f{$;VKo@QElfpB}P(5P3ZT*pK%M&I%{=Z_5 zF@`j>Wpa|}vn)_jX=ubmL_`Dz2IlA6N=vr_>P6d}PKA|Plb7l&BgDTV(|*|gSFZ~e zR=AafKy1J&!|*yMk9_S3crG$hJT5u~(|#{Y+BY9<4$v_;JYzhdEgmI$SNv|u;mKk> z49+ouW>?FHsQU?1Wy<=W4TGnK37ies@ZC_iU_>}Mxj>Ing-X`99Y&k~`mI$?`^ywE?>O+Am+9BBN@W)Y z+rb6Roc$ngax6YU7<5*2I>i7?=YK_i=)I~?+2Y^3X=aQ@8Xg`FxXmsuE_uir#(K;^Qe!_JC0^hh_YExM zD$>96&%y`qVt-Xe9LJ78r=!!u2=b?3RFtrg{lrhyXDV)@Ll*l76u4i$e=&IT)u4u2 zP@t!$BVr9W2UL$M;0*r9H)ee3&V2cm5%O`FQ%c>0E%`+s2TWFju$qz zUjZ@Z2=Hntoc&1v*U_-jCboEQuu=GEbMrfQ9N~-Jrtvk8rB<{bqW~*ipOOnhcd)VX z+-vZfptHOM&MFA*9L25wDtf%5*zs6N!2{3k#q@+CseuFns^od)h6fNK|E zLIVJqK8b}fLXNeZP*>~;5lShAgt7;eZ`X&auvu^k2*$RKyzg$#IG^ep7YpHxT4ed0 z?auD+qb6PWK7&G`E-uXbe>~mYH@OPTEiKasRIx?641n&Oc*Cp;}!!0WNpq&Psn&(Vy084r^k5^G@u*hYedB!@wCy2IRy;e z!~V6Y3EoOd1>K*VZZ1zm*&xR&-1E$8s;ZQ6vd+$-HY}{HvF(?amrF}a>+4q55g`c^ z6U~FEzQQgTkN!0fBme(IEZ`K(I>Lc)<+uQz>f{J^opOnZQJmqEl7==Jf|0apTH>w% zpTprrWrWm2Cn{~fb|3rqG6s{{;u+mg+zv{MPXjQK&a399*C-G^Q|^s6q@xpwX&&{=XamXurqh|4Jd zQosTckD!Ky#Tb|zD>?`PfaM+=0dUeu#odEbA zDQh6$QT`s2vGZI&%$P9e4~1^ZGw>uoggsvG;<7upM5#?k;Up6vVqkYkn>tut zvP$v!-CNy-ePWA8bWnKf*vg* zZ2NOa$YV6LwlGW*V(A5)22b7>L-9R}|7Ep%lK*)X;tN*x_B(H&h_+vrER}xn4_TpT z97JNtw?Wa=7S@MU(a5nVMC}?Gw7zEElPO$?p#|N0a}6XLq)zXTB6%e$EzOlQX^abX zS3Zkdvb3k)Z6WJRg6~qi_D>ob;&j(!eEhJBur>`B6--#ssh8V~QqNYl&V;(nd7vaI zdV2>9vs465r{XTWEf%6;Q2r4~5R!iavCUvOOxf>sD~5BL2lJ6nDI;n`V_4Bm*jZ1e zilBRCk|<$~^1oFK;!%u_&dBI0+gM!u)YslF+v3$s(}o(fv);P``LDBg`!C~`zHcV| zO2FX<>%i^vR16Hr1Q(1f7S=Z=Dy+Y-c!3spueVAj<@U^^O%85KB&>@24~exLCYAv* zW{GK=qP-;{mEtpw5!8~%;+;?=wBbgVEiI|A1;DHP8m4B{)T~Ma_pYGHccSX#P3tT0 zf3u<3JCTY@D(tSR?JqluF2Ra_WJ&H2cFe-axDdZ*2t`b6i_a-E2=L_jo%OaD^m25E zhlhtu{&cF92{`D-2-*PLYxt*eGs38jx_TgizG_+SQ~s0;<3j+vOFdR*aiCe~gHtw# zegCez5qil!A#F&?2Kz6^-thQeZ*?EeO7NyZC8413=>mfkv>}H9gkL~<)W@*tZaenl zUf#oHA{BIzwA`VhTJzMI_+c46;b}*Yd<^pF;hfi*(x^?1-<_zdL6fgRHm+3|3L33h zq|ir9;~d;?OCakBB7R7)T}i{o%S#lCsHmuzNyaW;$BW>xJ%!>9X8O%uaN_4{6~=Ks zW7Tcto^L?tXb(%+kJC0XD%LfQ92qSX$HI8q9_*r~t4p6?VzMZ!{uUsmAL0bwuM*<( zSGb|z%kp93*+=!eb1zHs|CjfA_FuUHEu!22I;ntwz>;O}4}srSDBqBVO~4e?)y%Mr z4BBIf&0qjdEg8+U8)*UZb_(3Yhw`gGix+S<9o{N2UXe+_PmNn60k6fkJrC46UUV)G zHx)Zq0eA}JnJ!Q!a=|rmo&cbAAPHwlocB310LKq>S9`=}Kn5!q1|R&PQ=Y|5hRhUX zHGPm4?J8_|#e?8?_rUrCdJ6HPlKgUs$?fXEHE54zFeu{WyPL2gAi+j1V27oLs7& zxxT)>RWFB$K}r$LDAY_`_zuUmnB$!Aq~4o1pZY>Wb18Hrq+6{DW&OVszpzH?d}4Ay zr8k0_mX=nhP2BcALkB$kK5-g6#$$=7XEU-)AV>U- z2=3iKe)d?98lqq8oNI}UwNA|FX4(!1q;vGgkGWmWfn+I@gv(=LZSQ;;1reB~R*eV& ztL{j8rN-QMUIq{pSaN!p8u0=-h#6a`wl0lZgT-ypJt#9_uA1b5J*xoIFO1h|8bpoU zZPPe?Tqp|x_pAb>sp`|*e0(aN#6F=+re+;Y&g^r)@lF=vt2cY~h#37}tEvJel}*N= zDzTi_7|$q3%pS555~=^fq+Jv@Gd51?t{s|~2%gTtmH`F$U$+Y}Y@)NdsaAksac$YI zqUAgC!wIh=h|WOYqVr3RUDNR?N>MT&0y&sOvQb#;@0dic50-(Eq5dASV6Y zr<_wJhe+7lH%q!15nq49g=N5b|Kps7x9UGVVM5sc3?xw3#f8AHvtTsF&#>*&S(kW_wt2cG7_AV~3U|nj|J77}9#0PVl%a2;nw7;+54Z^&d+Ce$Vau1(S z&CiB5Y;KkprJ$ht^z1@u;;`Reb{^(6_$I`PrJufjTEyRZ#+`YWWZS_Lr z`?iR$JRb*w! zoX+NEXJ36h(ql8U(kQhY;A(tPV15@Ab$Cm(?s!f2XLt4dx8)955jpCXTtrXm)g1P7 z2+lvnK*l)8YJmiZj|ze+Uk)vM4rH0nR;bz8vHiNfi6PNxXS{cCC>p{7<2{ETexwEd z`;NE=8LQS)F*Dse))8b#KE{6|Mw3Z#iwi7 zZIM7R78IfE{dmQkG0eC<)YMuc40~2Y5|zW#6mymsL&*CaHOV8PzrJn%44aXaRqDgX zkG9kI61XVc^f#3$jTpM%U+V-a7FN`$Oh}&K6Q_!`HSs4{JCvtrq&Oo#ar%MVTvuOM z)^b5Pho5SR!h=T+)5g|N`HHJOX8D?GZ_nB9NN{_!X^E)&&_R*b019N0%S<@>% zsZJ}hK_@QLqn0^mRe@Xmvm)*%flt3ukO{dr3Rud@KI;JO#ed4)NKkTu7$pR1?aLq} ztcNSg(lz1=2qB53`mBks`Z$Dz^#wtd7m5IjeP}O-_HeKM2rJJE2{}wU7f%P-W`_dQ zmO5TBS~T!H;ke|eh6gY!xr7%xnq;5X*9o7GQ?Ce9@}y*f>{)~GArK&Mq{;f%vv3fG z261837U5Fv&NVQH{oMNSp%p;py-6Z+Z+ix9kQfzdS#z|^zU?i7fV_zWHXvYgVd{U_ z-wy`qNS?t1Yir;&M2-j$1%pSFBu?+=uqx23Qii!B4&i6vb|55bnt}9|sU|Id)AS3R z({-DFBlLF;uM6niA&1W)&vWD{$sF z2)gR!yIH004)V4}^|ZrkuK(T9io6 z9vUgN%JtC~9qniDZQAoLZbd4biZPyChtEJ9z57V%_}1?meX`0)6Mn^8R5WtEjb2kD z>D-?306KAvo#mfv;4ZbEpb!gf{_@f9>MHhXZq{IPYNo1CvHEN{v#`u|s^SBAqPYU67!buF z{9BlMlHuMfut(gG!vXhC(enC1v&K6D&G@$O51&JV75rUpuzQ_=K$OLuWE2%}Izq_< zW|(S)Bz^JTK3NxsVmmq}v)Le7z#nIk@FGk+k=;W+{h~~RgS`w!1q=0fOYv7QcXi#M^ZEfh&jW>-O(o&TtGx3CQV(t>K@o0CFmOrd+Ih#kJKwkig~} zQ*Nv&dD=V7D2hf^N0Q z+V*a6-l#Q=;X}l3VoS)&D8kdVfp+WzXReuir0~!k+a=pIdX`*ydmX{$#D?z0{e6ll z3U(V5hK~4WSe@zcmS(BPgko%Vx|)k-bu9%8ZHcu2_d~~`51+{p1zs8v8k!E9>8MqSsb}m(V^v?{;u_E9 zMC|E93-zjjShv&S-8;_91&OXzkR~c6y0XkIFZL{tz60~rz?zyQ526106DW76BT9_$ z!;giHjiMYJ^5d*vzO3NFkFCvx;Qfd3QqxJ__!TZ~D;cgCQq{#ZlztFKP_sA%7ZE?c zPqK!XDZf0OOI8#9h|mFVW}s9p2>$#ECDe7|WZ$-w5258G9}6O_s@t{?!gC-CDVO0v+;%UuPUPm29+mLtS&4$jW0a2yuB$d3A3q0W@F2bJpx{%d&!C!RrI(PniK%(d ztW~HRW+W^nhl+-_7+-zWJ54MV$CK$#yJ zsabhGj^XWU^urI?aj6k^>#Y*Sk4fjC>FG|k*&~UH`666w*;CC!lk1CYyHXsIrfsLa zylV`A6cAsD!z$|)9-I^)gdRVV^pj*6mK~GHYTcvbVF8d2l_s^?{%=PU)*;dPrzT)& z^YkzJ0cXhi=Dhru$E&@%HLpkVeK*6JBihI@`2Jqrdw5PILmn;Ulp_K}) zVI+NJPd*_$91gIu`etcEKlYeZXIa0Yc6&3{{#*O4k4qL3Zo#(c^UFVs(a%+@7};%J-Iw#J zuW0JFqK)b}#M^&}wYXDbsw2ojE@`ck%Uoi2Bh{WCl*V$?9CASb8^F!{o$~42D-XFU zy5js(bmAf(Tw^8k`p&7!)P+C&1!I^`pAC%7hG5AtFkmE9*r@HMW^LF{|9-*R!4rB) z%EiP{mF8~KQ+vHElwuY7ywl13=H=5~)zv)`a=TkRfts4M^48uE6uP}&8;K7VSvmbt zGQS78?DVBgX9G6u`@ZGXB^PTOKOpzIJ&5bF%{LI9*&)>G_{!J5^gOVAh_x6xSL+lD zhaQuhKl@sE8p0|CrD0;ii$?K&Y)}*)6GK?BjIPPbnEydY@~W|+XK#MmXCIEPKjp3} z7g68=@f(P0$@lR#)T|psC#9n!>WC<8c^mHciY}+*5K{uK2d!u27ZO?&rm1VMDJOY{ zm+|?>59tj+z%Ki`Cts|YtNL`h)+N=ZcR(fXcQB0J>)Y=KG!49RbCc3Nd5}M&YZ<>Ru<^b2jgH_X3Ud9Bp+Lt3>M`>;RGUy5!=i z*}a$2#HME|4WnCth``s1%iz0#|8 zMX<@xqjZ>JN zosU1%JR4rwOKO&y>5%bZ!@9~JWoL)5`y18+b~_`v|NN1BA(!WHrp3;7A`bg%lks)@fdc#tnBMBIqb6yL2bl z^!jg=Et1LsE|wM9&lBV@gf-Mk4`+PO_-jc<^BvZDcW$U{_#3=Y*o-FPeWgqfW8AM~ z$pJ1@w*M>b989#)?D5)b$hP%(j1&&K`PUQ8pppO;HfY$HQwAa+r14X3OaW-H^!BIU z-ED;Er95%ecvF*@I51Yw#~2ERO&XDZG+$W%jev4LkI;!fGUtIhCIIro!}|vYv`-(s zmOEbmQKKUh2LJxk_eQWE`*v(4-tsR<^X4OHd3wj_mYRM9;6T$;ey106A1*muMg`Q# z5U9V%MBuDQf`UPlGF^75el;L2dzi~p@#CpZAuLMQi@(ZBvwP_#v19kTQ?&{Qis%W$ z;BVNFxGY=#MzV`~qgg$X7Hfl`aOCz&RD!~~Yu1@0gv&KKtcK*wvGyF-bYNNRJ1+lW z{?>S+ufM7%l47R(T3k>CJVrd{e4MXcfEf zl+%S-je*~8X<^G0Iw|s-^~?Q9lY;CeSkKfb`wmx0aq%-@G;63kxw?y0?!bSp<8*h~*_>P` za!;Rqe!?FRO`lQ~{3ZYKp+d?pR1FMkH?lN0ROtoAruR;#v%h~n^m%xq6&a2I>#e!l zbP|WTHZA^w{+*#K8MPJcbj(meZWvX<+eN2W6% zObqtaK1e^}79wFM75|RIosBBMJzPDakkYMi)p<6MMAj!}3{b$V_7;q9*r9iv)S_GYU7ujTV^O zl(6DLB=fV{2Xi=oM3CNr8sz>G(LolDKd(UrjJ3FYot&=x7!OwiTQHN!coePiM_;R} z(`Kv1le)8w)W{&eHTp15{m%W={!pa{YwDGhFB+5D(G-(00{S6t-xKl=$l2cK6!dZmV@nAq z{^7d5^o@!AO43d4(tx4m>UyflEdTOlxyzpr>}g|b@#S@4s8j>h`;?WL*+6OtUhJCc zLP=K|zt?Gj&BczRUq~G2H>m=u#yxo;vKr$WGa%r(Dv{{*e#`zoWJgYJ1wyIGjU3+i z7vJjC1&TOX5B3LX#ak@?`si-227Yp=4mwN@rffA|Og7y;_y@XQf9CGt@d+y-a31M!ETpbZ_389kai|I5V$M@>o_n4CA&=IQCQCw2jR0$%h_A_;ZS#R_*K0o~coL^^E)&$` znh}V&8A^B}iLSC2?fR2u$~9x9bD~Pup1R`^52|y5%SDM+PjEid*OqieA-|Npr42UU zPe@Gll(E4o>x@U)%=wk%iHmyQHUYu#w6QNxu)8Ctd3yfm%&a*#5BKDliA&6%^Uj`y zSp%w@v+hxJQu!a0)tZ_iMUP3{RRej*5qGf?K9w;b7h>k5s9xTrh`3OTLD&AnzM=7C7I>d7!i(1UDYzVOrd}P2M z2rXQ-Ej2P*S|ow#Q`FyvKa5JM+wiFDBM-IA=fw)nf?V!ge{>oZwj>{WF9(MwOihHR z$sA(_Y%Lv@vU(nEiSuMku-@*|(yKC=nhBMHl(Mqnu_&2wtGZ#Pgu)I!lcQNL*n11} zV0fwfsQ%Te@B`%Vrt1~}B=LqZb3H2`44 z0W63N0Y#bEcL-MO{rmTCR?*LBPw7+2URZqm+yc0wcJqy7^Kp8=pUw`({|&%gimGQR zMPV-jYE!KN7}yT3-Hr(qUB% z9}0WFF8Eq<<#46PM|a@?K-<27$y2^0Hdc;U24?r&jH;*08mv_!n>3(23x$TC~k@Lx8NyPo!rAVBiclL$H;;zZ!)3@Aa zEAgkBv?N7cSx@-Wj=naXj=zL?MK$e2*$@esd_NBD)y=8<4N57Q?ZLM_st9t|c3&=- zTKOg1Bi!wgkw^6+BN2DrY_YlAR5$|y-=FOn=jHbXqtT$*n}4v$kji;*8kUQMHTk3I zB*!kz^yQV);ibV87uy)N?bEUanCenMimyds9Q5Fe)k%WgEF~-JXzhtE^H(S)2tV!+ zzlfnstrPA`f%jRtPq1qx$YPs(xwRtEv<^kax+%#Iw{5c+1IdTlO_J`?70t z$SF8E;(fLLA=i|4^((f(cwGL-*VOzz(Th}y3-YCbWGrvT z@V&807}(cx)_G!oT*{(T@}PX!^|poLw#04Ea1>1IM-(GY&&+JAZ-9ydkhpvul7d*9 zTCN5Q%$L5WZvjq@-h70h|7qTxCoO~A2#P!6DvE&1CSEPo7nHGGK$gfyFRQ;Kr{q5e zoeo`V5;QT4*eD6ICRS-Ceg*Wj_Q@*ygcpy^EG)9X%ucM?#hRL$vizJJdEQMVtk^fw zk42j%d0>1IfXoJ2lr(zA{~iRRq|J${^px_dCcNM>f4*TO=u>YMBhgSb>{xE^3Tnb*QK`dEb9#Clv&_ET^UGZZY67fB>SZ=Ei<9g%RVtLR^H`7#`p0`8q7uqBKOS^{>mSp zD3q2NHpqsO`V2=M;L+Kydf-8T4sF$giD6S+EU0a%{#x+2+V;$wd|#d7gdG$WtWLI* zFFw3o1qI{!q_lT@l}KKTE5)T>+P!o<^7beqBBf-*ARBQn4P~#ErgYTFK*O|%cEHh& z|Fwholz94U3Q4Zx9yo|bM&C2YP+(DAPopjo=+v@!3MK!LPucLZlsP!-l08lDi_iu- zkz=Ll3Ss;AiPDzw(Fq-yMW3sh5~{ULXAv}Kq!aX8o4Y#4(X{~6@|knvVn``xsYSS5 zH>oMJ<&1;&B+pQznBAPP(TiBP zn*OzJ7aHxesMDLP&F#P9jGCUF`4T#W!_3_|1P(n4%^u(o775cn;9!RY!=NLS-?;}p zo)|KT3hlVxSK62->x+%!*NAR>8#VTNv5OUjxcsWqGAoJ-@`SbrhtGRXVtXKamz2!K zKWowb1TuWz!Ba$os`qe8c}{=WNI!`=Is?7$Q>mRc+q7lsx8qp`%sV9B{-~rm`bX)b z^2#A#__*yTChNKG8=-Ts-7fT0n&!5(gb|GM6f?A@6WqtI+J!E>^j0tT1eYfYpVUWn za<+TOS@%&K5sM&c_nf$8`s`0d>HDx5*TK@qjLJbY(z&@g zMlEBWGxD;=4bfszpUV-e0kAwO$04VeF|2bp>kgeq%*eIx$Hivd<3xBWFE<_&J}maV z`;k0atS?ZY$SWvBA$~2?A^9%IM_EUe@<#`LZTnF3Y#NcTL)lr5ByIxgq}C`&e%1U3wzQV`d7VaYGdCZRoYVs|i7 z7a$P9I^8dGQNrbi6xadnh)q~ny^L+eU!s6umh6oux(`@pH{zh9PYUAsJ+l^=pxT)0@vqVX=}cn};FLnw#KTu@9iz^qY;` zl_yMs9>3n7b7&Swy9J|?PT1ZS$z{^V7&>yt&e7QE=559Ujxh0TJxoXE^$rJZFHDWQ zrDdMoNw#WOuHs1$0gwf(A0q5{$CRo$?c|KDmH6tAO?DX`a{ctAEC69a5Q=!hWiA>) zu|qKe5{O=m9g+YiUbGl^D(f(nypV-y2T4E*QurV9FL!Rib^gcLSxJ=FwyQq9 zY4C%7p#(cm&2PB;6(`wBAGy>D{0QubwZcNPTh@;s5$=ZMjZMY% z!oM?OIGUx{T7>KuwUVaI^yIpz?xFGK2tQNn3WK>C*XbuSKaX?zTJmQP)h7Alijp1Y zI}xQ9;MGT#f~qfC;=iuz0%(T;M)@(Qq6H>yAEWSvp7+Iz&%#hY(DP@U-S6AM7Q3bt zah&-HHJYb7xF-^1BG(Nzhr%DOENM4g#yYouT?Iq_7(<-^Ay@2XLuELJbvt0*H18D5 zv|Cakj9G4Wo3TNNHbay}^^HO^kRm=X8%)D8H8W$)8spf5=v46i4R2&L`R{!YJ6}M= zeI^@DYTa0lN{UeMX2h^-_d#7`;qQPhD8NG?K5aSg_fvb>Qp6$%axF0saPO!8HiL~iZqNSD3(g`e={ z>ko7tZ!zNo#P<)A5$WZmh5w_$!%#D1$x~!#L?VjL#Ff!3`NVE{b&IG_G=;rE1@vhW z>_>X?W0=MMgORP0YSj9Vyc8|zAnVcQfM2ezo%kj0T@7!Rq$M;M9#wtP7(XewCr%;H zKo9H79n-WZ4NSt}$76HYt)sY+!0Ih3D0fk6fR|qLLTTKZH~AU7qtw6zhD!tNCFOy}E7mZQInxhlxbz z)jA2#yN(FcL5eXMH-kN{g@G&-9y&i&di~5x{$330yV*V8Y+_C# zYiUVb19Y60eh#sWcYsfxs%6%`SkgZCPbqziP+_1(uy4|33d}=%qD=*-~;w3V|Q@X_pX%iLuSUFfEn_H7cRFR6EaY#NOLNtgP_8DFa9Vz>oG~ zuiB9vVWN`u6NkFGAG{;cs!8&N$lrBr&aKqO4s~~vS~p{E4X8Mxk;<>Kvyzhs?j&Up zL1{Rvj!y+VkAV22zo+%-?6@KCtY-`rw;+Iw2MGWuBqz# z@NO|6)!SI9K zA{>vg)jwCj;>J}M#PKoQFZW*rv^HHUzsKUQ_P_WI3 z{fp7a=OmU0iZ~zLLly?s4Z86+Zhf_*cugpS8SHl;?wnZdFpI7(&FnhC0Qu&`U+}N< zH1enIJM1D&hC~MZGWDZ_&@ya^xkx2M8aOyyvTH;wNun3$u=`~UqnDX3AST7vZK*+9 zx&`VzC?VT3HRWHqAqyReowE&qLmNDuHHIDOZf4hqueTG{FK!Uamc6uKivO3!EVNo- z!Jo2j5XbhbU;!?_U{Are``C%#bBlFrC=JUCH7scv{2QZZRA%Pmy|sny+66mLfKDnO zzUI2~9p|={WBdKxoPz@Y-YU?~BklM2&T?^l#*=^f{(U8;-&v#nPu}ZK^=h>*7bYe+ z2G+ZaUfGUXAYoPB!Zbx}$+dgGHJ6>cy-lte4FOch+_lF|UL0bpb0-p9tD#Dc%X@ZN z$l;;(`ES2EN(WcX5<}C^XMNVyon5PQ>wcq?{$vd^`q`f0Hq43 zV7c51I@olGv%>!ppcRBiu!l!k_O;CZX=&9)nqqbX8xVbVx_R;V#cj8qSbxw;d&(af zD53l0Njou_TqQWXb*12+KRJiPw`pAKsZhsINpV;*R1_3~stiQtXkgk29u!-yP{gHx zdZy4#Bhv}OxLMBDEX(Fg6O>6hNHDf}1z{Lb5atm9ti{SV<}_ZPgjqW+7V-8*ra%U9 zfLeqBvMn&mnART4&~YPIf2lg|nyEQe8TNt`a2C9Yn3biRohvFRJ1U?1N%mqq4|D>{ zUBO&-VIBhtQaT?>%>q90?nF2owA3gqgF=nn&$E+#nd zpdj|$Rifv&D|1@9U{}u1(|Nr$M=#n-WNMa+QL|FRg?%hi8rF@T&^x5DX0!2TiPbW4<=*fpMP4~wyPN&xXkPSMYQ6vdVAcK+_8Bf$>w}y)-G4q^9}Zbh`rrJ zaREZMByhEBogVuNTo4OG;fW%a8G&4pv92~`)*u8J>`v8M+8(ckiRs&?S~708pyO7| z^s}w?5o=FOB7DLhaaMl>Tqs!Hb9`?{%rrFjRvKMD2b?|v*eKOU$J_lzfjv38H~9M~ z?nZS^Vd$hdWExY5iSVd+B6ik&Ne#akdbJxP*8FLpf_4pZ^#q`3)alF&tq^E%gI9Na zj5fU1y+UsyG8TrnQKeJ!<4CI8FhRqxIMO-_Z|Dh+znkOXU zLJ&nEo@U#t@ajjDSm^BS)t`gPqZwbk+%IgX$^-%yvXAT?sSelYg2_IoL?h@ek_@X7 z)Bpp5b)%Y+XGF_dUUyI>fbF3h)=;T6h>oM<-z;!>3Y26FDz@N8f0bWaS87>CwaEb_q*&_Ofkfo)^j$&vo5>b> zD5CdOj*kxiL)kMXFmOQ9SklgT>3si(^9T>F`opLO$MRhqTO_P50Vw<&LO)fEEM`Re zCsH;M{xDjLHTslj?bH+5wHB2vX}4=DuhQ*9D+#p%rC<98WI85nSi)H(5VtS*rIfzM zW#dMkU5JwY^VS{7xzXpML%QGHvUo;K(Wh{+qNA_-OM|-Jm9xAn{GHChTtkQNvDa0J} z3wkjz$)Kv5X4EutU4}pY3=ijSG75j{m>OGJ$-ux!NJ8F%k(qymm)dCNZp--M{t!el z`#RAv5RoLTM)7R?V(RqR*{G^uB4;L@aC7$OzSI6O|Z z*B`Bj1Zllc96;2HteWawOp92M1;jEznx5~+t=dP9;tPXVPd$N_+6fNYZ=Q+Gx zl^QijGN&&z_7dL#xSdnYhW$^BscG#JWjH%ovj}oGH67jg9K;+9&M+Msh?ShbaOy0J zf!Ve8?0ddlzWTG)nb(uH)o>GEosYZ-9h9%C{OrAt7je^(@k(a$FOAI4T3ZSh=7s;3Nkc;gwow0(jYK&gCppG0*WFjosuG* zLr6#pO4rcc-QP9F^X$Ff-}-PZ|ClxRJy)K69tS3JBVfxZzDkY@(ms-crJby$0_6Xu zNzdr}<$!}BDfP2X79PD*kxK3%UloAdpj6sqF)LFXn%=5|f#`iE%5>apM^LW~fun~XpS{dNBo4o>B@l68G1oSrxo6WQ;DSbUX?_wZ;;adLJ>+iV(nl!1Y zw*@`*^kS7-lKQqY-?dUzZ`uXS z29P%awJNnYVb@o#Kyfo zV@bipfSg2yeFb2JnB*?;nrhdYH-8TceSY(rf?&JqNSnTo)6cJ>Mpono4FzM|9^A^* z$HDjPg0a?F0fjj4pXnP(!h%*gvWFkLDw=N(d0j{lA%r)3ld>W; zW8*>s180C?dy;gPOd%d=12>|_Xq6D=4$6rCJiOnmk`VAttALjk7Q?vTABd0p{Wd1u zxlI;;h*R0I_(t^F#b=+ZsV^bV|LE9zNqBI8lIC{S6wddNJyGsMt>XqvPToBChdn

    It is also recommended to limit the permissions of any tokens used From 2904aa843987b48c4f274d065b7d9df4882cd7ec Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 9 May 2023 13:08:28 +0200 Subject: [PATCH 181/870] Revert "Swift: auto-flush logs at exit" This reverts commit 0d9dcb161f2d6039b1dea903b9dc6edce0453f50. This turns out to introduce a subtle bug related to destruction order between `Log::instance()` and the `Logger` instances. --- swift/extractor/main.cpp | 2 ++ swift/logging/SwiftLogging.h | 2 -- swift/xcode-autobuilder/XcodeBuildRunner.cpp | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/swift/extractor/main.cpp b/swift/extractor/main.cpp index 82bc9cf1d73..f195193e5d7 100644 --- a/swift/extractor/main.cpp +++ b/swift/extractor/main.cpp @@ -227,5 +227,7 @@ int main(int argc, char** argv, char** envp) { observer.markSuccessfullyExtractedFiles(); } + codeql::Log::flush(); + return frontend_rc; } diff --git a/swift/logging/SwiftLogging.h b/swift/logging/SwiftLogging.h index d904a66553d..4a24996ad6e 100644 --- a/swift/logging/SwiftLogging.h +++ b/swift/logging/SwiftLogging.h @@ -110,8 +110,6 @@ class Log { Level level; }; - ~Log() { flushImpl(); } - // Flush logs to the designated outputs static void flush() { instance().flushImpl(); } diff --git a/swift/xcode-autobuilder/XcodeBuildRunner.cpp b/swift/xcode-autobuilder/XcodeBuildRunner.cpp index 4bbb269f3ae..d6e14155052 100644 --- a/swift/xcode-autobuilder/XcodeBuildRunner.cpp +++ b/swift/xcode-autobuilder/XcodeBuildRunner.cpp @@ -72,6 +72,7 @@ void buildTarget(Target& target, bool dryRun) { if (!exec(argv)) { DIAGNOSE_ERROR(build_command_failed, "The detected build command failed (tried {})", absl::StrJoin(argv, " ")); + codeql::Log::flush(); exit(1); } } From ca94b20284d273e7ece804f6e120c0418c2ca15b Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 9 May 2023 13:58:32 +0200 Subject: [PATCH 182/870] Swift: auto-flush logs on errors --- swift/logging/SwiftLogging.cpp | 3 +++ swift/logging/SwiftLogging.h | 34 +++++++++++++++++++++------------- 2 files changed, 24 insertions(+), 13 deletions(-) diff --git a/swift/logging/SwiftLogging.cpp b/swift/logging/SwiftLogging.cpp index 4f3e3607f2b..37effd7ff9a 100644 --- a/swift/logging/SwiftLogging.cpp +++ b/swift/logging/SwiftLogging.cpp @@ -10,6 +10,8 @@ BINLOG_ADAPT_ENUM(codeql::Log::Level, trace, debug, info, warning, error, critic namespace codeql { +bool Log::initialized{false}; + namespace { using LevelRule = std::pair; using LevelRules = std::vector; @@ -149,6 +151,7 @@ void Log::configure() { } LOG_INFO("Logging configured (binary: {}, text: {}, console: {})", binary.level, text.level, console.level); + initialized = true; flushImpl(); } diff --git a/swift/logging/SwiftLogging.h b/swift/logging/SwiftLogging.h index 4a24996ad6e..8b41c05ca18 100644 --- a/swift/logging/SwiftLogging.h +++ b/swift/logging/SwiftLogging.h @@ -32,14 +32,17 @@ // only do the actual logging if the picked up `Logger` instance is configured to handle the // provided log level. `LEVEL` must be a compile-time constant. `logger()` is evaluated once -#define LOG_WITH_LEVEL_AND_CATEGORY(LEVEL, CATEGORY, ...) \ - do { \ - constexpr codeql::Log::Level _level = codeql::Log::Level::LEVEL; \ - codeql::Logger& _logger = logger(); \ - if (_level >= _logger.level()) { \ - BINLOG_CREATE_SOURCE_AND_EVENT(_logger.writer(), _level, CATEGORY, binlog::clockNow(), \ - __VA_ARGS__); \ - } \ +#define LOG_WITH_LEVEL_AND_CATEGORY(LEVEL, CATEGORY, ...) \ + do { \ + constexpr codeql::Log::Level _level = ::codeql::Log::Level::LEVEL; \ + ::codeql::Logger& _logger = logger(); \ + if (_level >= _logger.level()) { \ + BINLOG_CREATE_SOURCE_AND_EVENT(_logger.writer(), _level, CATEGORY, ::binlog::clockNow(), \ + __VA_ARGS__); \ + } \ + if (_level >= ::codeql::Log::Level::error) { \ + ::codeql::Log::flush(); \ + } \ } while (false) #define LOG_WITH_LEVEL(LEVEL, ...) LOG_WITH_LEVEL_AND_CATEGORY(LEVEL, , __VA_ARGS__) @@ -49,10 +52,10 @@ #define DIAGNOSE_CRITICAL(ID, ...) DIAGNOSE_WITH_LEVEL(critical, ID, __VA_ARGS__) #define DIAGNOSE_ERROR(ID, ...) DIAGNOSE_WITH_LEVEL(error, ID, __VA_ARGS__) -#define DIAGNOSE_WITH_LEVEL(LEVEL, ID, ...) \ - do { \ - codeql::SwiftDiagnosticsSource::ensureRegistered<&codeql_diagnostics::ID>(); \ - LOG_WITH_LEVEL_AND_CATEGORY(LEVEL, ID, __VA_ARGS__); \ +#define DIAGNOSE_WITH_LEVEL(LEVEL, ID, ...) \ + do { \ + ::codeql::SwiftDiagnosticsSource::ensureRegistered<&::codeql_diagnostics::ID>(); \ + LOG_WITH_LEVEL_AND_CATEGORY(LEVEL, ID, __VA_ARGS__); \ } while (false) // avoid calling into binlog's original macros @@ -111,7 +114,11 @@ class Log { }; // Flush logs to the designated outputs - static void flush() { instance().flushImpl(); } + static void flush() { + if (initialized) { + instance().flushImpl(); + } + } // create `Logger` configuration, used internally by `Logger`'s constructor static LoggerConfiguration getLoggerConfiguration(std::string_view name) { @@ -120,6 +127,7 @@ class Log { private: static constexpr const char* format = "%u %S [%n] %m (%G:%L)\n"; + static bool initialized; Log() { configure(); } From 84c017083f674efb0ac705cdd93316b065843a9b Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 9 May 2023 13:59:39 +0200 Subject: [PATCH 183/870] Swift: add configuration of diagnostics logs --- swift/README.md | 2 +- swift/logging/SwiftDiagnostics.h | 2 ++ swift/logging/SwiftLogging.cpp | 24 ++++++++++++++++-------- swift/logging/SwiftLogging.h | 2 +- 4 files changed, 20 insertions(+), 10 deletions(-) diff --git a/swift/README.md b/swift/README.md index bbf0ef30dc6..b16d5efe360 100644 --- a/swift/README.md +++ b/swift/README.md @@ -52,7 +52,7 @@ A log file is produced for each run under `CODEQL_EXTRACTOR_SWIFT_LOG_DIR` (the You can use the environment variable `CODEQL_EXTRACTOR_SWIFT_LOG_LEVELS` to configure levels for loggers and outputs. This must have the form of a comma separated `spec:min_level` list, where `spec` is either a glob pattern (made up of alphanumeric, `/`, `*` and `.` characters) for -matching logger names or one of `out:bin`, `out:text` or `out:console`, and `min_level` is one +matching logger names or one of `out:binary`, `out:text`, `out:console` or `out:diagnostics`, and `min_level` is one of `trace`, `debug`, `info`, `warning`, `error`, `critical` or `no_logs` to turn logs completely off. Current output default levels are no binary logs, `info` logs or higher in the text file and `warning` logs or higher on diff --git a/swift/logging/SwiftDiagnostics.h b/swift/logging/SwiftDiagnostics.h index 95c6cb85e5a..81d7f170ff3 100644 --- a/swift/logging/SwiftDiagnostics.h +++ b/swift/logging/SwiftDiagnostics.h @@ -67,6 +67,8 @@ class SwiftDiagnosticsDumper { return output.good(); } + void flush() { output.flush(); } + // write out binlog entries as corresponding JSON diagnostics entries. Expects all entries to have // a category equal to an id of a previously created SwiftDiagnosticSource. void write(const char* buffer, std::size_t bufferSize); diff --git a/swift/logging/SwiftLogging.cpp b/swift/logging/SwiftLogging.cpp index 37effd7ff9a..f742a63e25f 100644 --- a/swift/logging/SwiftLogging.cpp +++ b/swift/logging/SwiftLogging.cpp @@ -3,6 +3,7 @@ #include #include #include +#include #define LEVEL_REGEX_PATTERN "trace|debug|info|warning|error|critical|no_logs" @@ -57,8 +58,8 @@ std::vector Log::collectLevelRulesAndReturnProblems(const char* env if (auto levels = getEnvOr(envVar, nullptr)) { // expect comma-separated : std::regex comma{","}; - std::regex levelAssignment{R"((?:([*./\w]+)|(?:out:(bin|text|console))):()" LEVEL_REGEX_PATTERN - ")"}; + std::regex levelAssignment{ + R"((?:([*./\w]+)|(?:out:(binary|text|console|diagnostics))):()" LEVEL_REGEX_PATTERN ")"}; std::cregex_token_iterator begin{levels, levels + strlen(levels), comma, -1}; std::cregex_token_iterator end{}; for (auto it = begin; it != end; ++it) { @@ -76,12 +77,14 @@ std::vector Log::collectLevelRulesAndReturnProblems(const char* env sourceRules.emplace_back(pattern, level); } else { auto out = matchToView(match[2]); - if (out == "bin") { + if (out == "binary") { binary.level = level; } else if (out == "text") { text.level = level; } else if (out == "console") { console.level = level; + } else if (out == "diagnostics") { + diagnostics.level = level; } } } else { @@ -95,12 +98,14 @@ std::vector Log::collectLevelRulesAndReturnProblems(const char* env void Log::configure() { // as we are configuring logging right now, we collect problems and log them at the end auto problems = collectLevelRulesAndReturnProblems("CODEQL_EXTRACTOR_SWIFT_LOG_LEVELS"); - auto now = std::to_string(std::chrono::system_clock::now().time_since_epoch().count()); + auto logBaseName = std::to_string(std::chrono::system_clock::now().time_since_epoch().count()); + logBaseName += '-'; + logBaseName += std::to_string(getpid()); if (text || binary) { std::filesystem::path logFile = getEnvOr("CODEQL_EXTRACTOR_SWIFT_LOG_DIR", "extractor-out/log"); logFile /= "swift"; logFile /= programName; - logFile /= now; + logFile /= logBaseName; std::error_code ec; std::filesystem::create_directories(logFile.parent_path(), ec); if (!ec) { @@ -130,7 +135,7 @@ void Log::configure() { std::filesystem::path diagFile = getEnvOr("CODEQL_EXTRACTOR_SWIFT_DIAGNOSTIC_DIR", "extractor-out/diagnostics"); diagFile /= programName; - diagFile /= now; + diagFile /= logBaseName; diagFile.replace_extension(".jsonl"); std::error_code ec; std::filesystem::create_directories(diagFile.parent_path(), ec); @@ -149,8 +154,8 @@ void Log::configure() { for (const auto& problem : problems) { LOG_ERROR("{}", problem); } - LOG_INFO("Logging configured (binary: {}, text: {}, console: {})", binary.level, text.level, - console.level); + LOG_INFO("Logging configured (binary: {}, text: {}, console: {}, diagnostics: {})", binary.level, + text.level, console.level, diagnostics.level); initialized = true; flushImpl(); } @@ -163,6 +168,9 @@ void Log::flushImpl() { if (binary) { binary.output.flush(); } + if (diagnostics) { + diagnostics.output.flush(); + } } Log::LoggerConfiguration Log::getLoggerConfigurationImpl(std::string_view name) { diff --git a/swift/logging/SwiftLogging.h b/swift/logging/SwiftLogging.h index 8b41c05ca18..e07b46e245d 100644 --- a/swift/logging/SwiftLogging.h +++ b/swift/logging/SwiftLogging.h @@ -99,7 +99,7 @@ extern const std::string_view programName; // * using environment variable `CODEQL_EXTRACTOR_SWIFT_LOG_LEVELS` to configure levels for // loggers and outputs. This must have the form of a comma separated `spec:level` list, where // `spec` is either a glob pattern (made up of alphanumeric, `/`, `*` and `.` characters) for -// matching logger names or one of `out:bin`, `out:text` or `out:console`. +// matching logger names or one of `out:binary`, `out:text`, `out:console` or `out:diagnostics`. // Output default levels can be seen in the corresponding initializers below. By default, all // loggers are configured with the lowest output level class Log { From 30d3c3e8cde3a3a40c6d01116420b992313b4a85 Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Tue, 9 May 2023 15:01:31 +0200 Subject: [PATCH 184/870] python: fix warnings - rename `Conf` -> `Config` - comment out unused code - rearrange code so it is easy to see how to swap comments - autoformat --- .../meta/debug/InlineTaintTestPaths.ql | 22 +++++++++---------- .../meta/debug/dataflowTestPaths.ql | 16 ++++++-------- 2 files changed, 17 insertions(+), 21 deletions(-) diff --git a/python/ql/test/experimental/meta/debug/InlineTaintTestPaths.ql b/python/ql/test/experimental/meta/debug/InlineTaintTestPaths.ql index 8e7595fbbb3..98ad634484e 100644 --- a/python/ql/test/experimental/meta/debug/InlineTaintTestPaths.ql +++ b/python/ql/test/experimental/meta/debug/InlineTaintTestPaths.ql @@ -12,26 +12,24 @@ import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking import experimental.meta.InlineTaintTest::Conf -module Conf implements DataFlow::ConfigSig { +module Config implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - any (TestTaintTrackingConfiguration c).isSource(source) - } - predicate isSink(DataFlow::Node source) { - any (TestTaintTrackingConfiguration c).isSink(source) + any(TestTaintTrackingConfiguration c).isSource(source) } + + predicate isSink(DataFlow::Node source) { any(TestTaintTrackingConfiguration c).isSink(source) } } -int explorationLimit() { result = 5 } -module Flows = TaintTracking::Global; +module Flows = TaintTracking::Global; -module FlowsPartial = Flows::FlowExploration; - -// import FlowsPartial::PartialPathGraph import Flows::PathGraph -// from FlowsPartial::PartialPathNode source, FlowsPartial::PartialPathNode sink -// where FlowsPartial::partialFlow(source, sink, _) +// int explorationLimit() { result = 5 } +// module FlowsPartial = Flows::FlowExploration; +// import FlowsPartial::PartialPathGraph from Flows::PathNode source, Flows::PathNode sink where Flows::flowPath(source, sink) +// from FlowsPartial::PartialPathNode source, FlowsPartial::PartialPathNode sink +// where FlowsPartial::partialFlow(source, sink, _) select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(), "this source" diff --git a/python/ql/test/experimental/meta/debug/dataflowTestPaths.ql b/python/ql/test/experimental/meta/debug/dataflowTestPaths.ql index c1cb0ff13c8..087787f4fc1 100644 --- a/python/ql/test/experimental/meta/debug/dataflowTestPaths.ql +++ b/python/ql/test/experimental/meta/debug/dataflowTestPaths.ql @@ -11,24 +11,22 @@ import python import semmle.python.dataflow.new.DataFlow import experimental.dataflow.testConfig -module Conf implements DataFlow::ConfigSig { +module Config implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { any(TestConfiguration c).isSource(source) } predicate isSink(DataFlow::Node source) { any(TestConfiguration c).isSink(source) } } -int explorationLimit() { result = 5 } +module Flows = DataFlow::Global; -module Flows = DataFlow::Global; - -module FlowsPartial = Flows::FlowExploration; - -// import FlowsPartial::PartialPathGraph import Flows::PathGraph -// from FlowsPartial::PartialPathNode source, FlowsPartial::PartialPathNode sink -// where FlowsPartial::partialFlow(source, sink, _) +// int explorationLimit() { result = 5 } +// module FlowsPartial = Flows::FlowExploration; +// import FlowsPartial::PartialPathGraph from Flows::PathNode source, Flows::PathNode sink where Flows::flowPath(source, sink) +// from FlowsPartial::PartialPathNode source, FlowsPartial::PartialPathNode sink +// where FlowsPartial::partialFlow(source, sink, _) select sink.getNode(), source, sink, "This node receives flow from $@.", source.getNode(), "this source" From a129513b8029cc37f62fb259138fe185218cec88 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Tue, 9 May 2023 11:23:00 +0200 Subject: [PATCH 185/870] C#, C++: Make implicit this receivers explicit --- .../code/cpp/ir/implementation/IRType.qll | 4 +- .../code/cpp/ir/implementation/Opcode.qll | 6 +- .../implementation/aliased_ssa/IRFunction.qll | 4 +- .../implementation/aliased_ssa/IRVariable.qll | 25 +++--- .../ir/implementation/aliased_ssa/PrintIR.qll | 12 +-- .../aliased_ssa/gvn/ValueNumbering.qll | 10 ++- .../ir/implementation/internal/OperandTag.qll | 4 +- .../cpp/ir/implementation/raw/IRFunction.qll | 4 +- .../cpp/ir/implementation/raw/IRVariable.qll | 25 +++--- .../cpp/ir/implementation/raw/PrintIR.qll | 12 +-- .../implementation/raw/gvn/ValueNumbering.qll | 10 ++- .../unaliased_ssa/IRFunction.qll | 4 +- .../unaliased_ssa/IRVariable.qll | 25 +++--- .../implementation/unaliased_ssa/PrintIR.qll | 12 +-- .../unaliased_ssa/gvn/ValueNumbering.qll | 10 ++- .../internal/AliasConfiguration.qll | 2 +- .../unaliased_ssa/internal/SimpleSSA.qll | 2 +- .../experimental/ir/implementation/IRType.qll | 4 +- .../experimental/ir/implementation/Opcode.qll | 6 +- .../ir/implementation/internal/OperandTag.qll | 4 +- .../ir/implementation/raw/IRFunction.qll | 4 +- .../ir/implementation/raw/IRVariable.qll | 25 +++--- .../ir/implementation/raw/PrintIR.qll | 12 +-- .../implementation/raw/gvn/ValueNumbering.qll | 10 ++- .../internal/common/TranslatedCallBase.qll | 66 +++++++------- .../common/TranslatedConditionBase.qll | 16 ++-- .../common/TranslatedDeclarationBase.qll | 34 +++---- .../raw/internal/desugar/Common.qll | 88 +++++++++---------- .../raw/internal/desugar/Delegate.qll | 4 +- .../raw/internal/desugar/Foreach.qll | 50 +++++------ .../raw/internal/desugar/Lock.qll | 26 +++--- ...TranslatedCompilerGeneratedDeclaration.qll | 14 +-- .../TranslatedCompilerGeneratedElement.qll | 2 +- .../unaliased_ssa/IRFunction.qll | 4 +- .../unaliased_ssa/IRVariable.qll | 25 +++--- .../implementation/unaliased_ssa/PrintIR.qll | 12 +-- .../unaliased_ssa/gvn/ValueNumbering.qll | 10 ++- .../internal/AliasConfiguration.qll | 2 +- .../unaliased_ssa/internal/SimpleSSA.qll | 2 +- 39 files changed, 310 insertions(+), 281 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/IRType.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/IRType.qll index e0bccafae6b..9fbcf8c4a3b 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/IRType.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/IRType.qll @@ -39,7 +39,7 @@ class IRType extends TIRType { * Gets a string that uniquely identifies this `IRType`. This string is often the same as the * result of `IRType.toString()`, but for some types it may be more verbose to ensure uniqueness. */ - string getIdentityString() { result = toString() } + string getIdentityString() { result = this.toString() } /** * Gets the size of the type, in bytes, if known. @@ -206,7 +206,7 @@ class IRFloatingPointType extends IRNumericType, TIRFloatingPointType { IRFloatingPointType() { this = TIRFloatingPointType(_, base, domain) } final override string toString() { - result = getDomainPrefix() + getBaseString() + byteSize.toString() + result = this.getDomainPrefix() + this.getBaseString() + byteSize.toString() } final override Language::LanguageType getCanonicalLanguageType() { diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/Opcode.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/Opcode.qll index 7b064340ffe..a9ecdf46984 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/Opcode.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/Opcode.qll @@ -135,11 +135,11 @@ class Opcode extends TOpcode { * Holds if the instruction must have an operand with the specified `OperandTag`. */ final predicate hasOperand(OperandTag tag) { - hasOperandInternal(tag) + this.hasOperandInternal(tag) or - hasAddressOperand() and tag instanceof AddressOperandTag + this.hasAddressOperand() and tag instanceof AddressOperandTag or - hasBufferSizeOperand() and tag instanceof BufferSizeOperandTag + this.hasBufferSizeOperand() and tag instanceof BufferSizeOperandTag } /** diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRFunction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRFunction.qll index 5968e58f90b..354ba41e3d1 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRFunction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRFunction.qll @@ -45,7 +45,9 @@ class IRFunction extends IRFunctionBase { * Gets the block containing the entry point of this function. */ pragma[noinline] - final IRBlock getEntryBlock() { result.getFirstInstruction() = getEnterFunctionInstruction() } + final IRBlock getEntryBlock() { + result.getFirstInstruction() = this.getEnterFunctionInstruction() + } /** * Gets all instructions in this function. diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRVariable.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRVariable.qll index c92082d767d..b31c7898ba7 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRVariable.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRVariable.qll @@ -39,12 +39,12 @@ class IRVariable extends TIRVariable { /** * Gets the type of the variable. */ - final Language::Type getType() { getLanguageType().hasType(result, false) } + final Language::Type getType() { this.getLanguageType().hasType(result, false) } /** * Gets the language-neutral type of the variable. */ - final IRType getIRType() { result = getLanguageType().getIRType() } + final IRType getIRType() { result = this.getLanguageType().getIRType() } /** * Gets the type of the variable. @@ -58,7 +58,7 @@ class IRVariable extends TIRVariable { Language::AST getAst() { none() } /** DEPRECATED: Alias for getAst */ - deprecated Language::AST getAST() { result = getAst() } + deprecated Language::AST getAST() { result = this.getAst() } /** * Gets an identifier string for the variable. This identifier is unique @@ -69,7 +69,7 @@ class IRVariable extends TIRVariable { /** * Gets the source location of this variable. */ - final Language::Location getLocation() { result = getAst().getLocation() } + final Language::Location getLocation() { result = this.getAst().getLocation() } /** * Gets the IR for the function that references this variable. @@ -91,15 +91,15 @@ class IRUserVariable extends IRVariable, TIRUserVariable { IRUserVariable() { this = TIRUserVariable(var, type, func) } - final override string toString() { result = getVariable().toString() } + final override string toString() { result = this.getVariable().toString() } final override Language::AST getAst() { result = var } /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = getAst() } + deprecated override Language::AST getAST() { result = this.getAst() } final override string getUniqueId() { - result = getVariable().toString() + " " + getVariable().getLocation().toString() + result = this.getVariable().toString() + " " + this.getVariable().getLocation().toString() } final override Language::LanguageType getLanguageType() { result = type } @@ -166,9 +166,9 @@ class IRGeneratedVariable extends IRVariable { final override Language::AST getAst() { result = ast } /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = getAst() } + deprecated override Language::AST getAST() { result = this.getAst() } - override string toString() { result = getBaseString() + getLocationString() } + override string toString() { result = this.getBaseString() + this.getLocationString() } override string getUniqueId() { none() } @@ -272,7 +272,7 @@ class IRStringLiteral extends IRGeneratedVariable, TIRStringLiteral { final override predicate isReadOnly() { any() } final override string getUniqueId() { - result = "String: " + getLocationString() + "=" + Language::getStringLiteralText(literal) + result = "String: " + this.getLocationString() + "=" + Language::getStringLiteralText(literal) } final override string getBaseString() { result = "#string" } @@ -303,7 +303,8 @@ class IRDynamicInitializationFlag extends IRGeneratedVariable, TIRDynamicInitial final Language::Variable getVariable() { result = var } final override string getUniqueId() { - result = "Init: " + getVariable().toString() + " " + getVariable().getLocation().toString() + result = + "Init: " + this.getVariable().toString() + " " + this.getVariable().getLocation().toString() } final override string getBaseString() { result = "#init:" + var.toString() + ":" } @@ -332,5 +333,5 @@ class IRParameter extends IRAutomaticVariable { * An IR variable representing a positional parameter. */ class IRPositionalParameter extends IRParameter, IRAutomaticUserVariable { - final override int getIndex() { result = getVariable().(Language::Parameter).getIndex() } + final override int getIndex() { result = this.getVariable().(Language::Parameter).getIndex() } } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll index aae12b0047a..2ababa6199a 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll @@ -127,13 +127,13 @@ abstract private class PrintableIRNode extends TPrintableIRNode { * Gets the value of the node property with the specified key. */ string getProperty(string key) { - key = "semmle.label" and result = getLabel() + key = "semmle.label" and result = this.getLabel() or - key = "semmle.order" and result = getOrder().toString() + key = "semmle.order" and result = this.getOrder().toString() or - key = "semmle.graphKind" and result = getGraphKind() + key = "semmle.graphKind" and result = this.getGraphKind() or - key = "semmle.forceText" and forceText() and result = "true" + key = "semmle.forceText" and this.forceText() and result = "true" } } @@ -178,7 +178,7 @@ private class PrintableIRBlock extends PrintableIRNode, TPrintableIRBlock { PrintableIRBlock() { this = TPrintableIRBlock(block) } - override string toString() { result = getLabel() } + override string toString() { result = this.getLabel() } override Language::Location getLocation() { result = block.getLocation() } @@ -223,7 +223,7 @@ private class PrintableInstruction extends PrintableIRNode, TPrintableInstructio | resultString = instr.getResultString() and operationString = instr.getOperationString() and - operandsString = getOperandsString() and + operandsString = this.getOperandsString() and columnWidths(block, resultWidth, operationWidth) and result = resultString + getPaddingString(resultWidth - resultString.length()) + " = " + diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/ValueNumbering.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/ValueNumbering.qll index ca3c378cd7e..2a46e16c52f 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/ValueNumbering.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/ValueNumbering.qll @@ -7,17 +7,19 @@ private import internal.ValueNumberingImports class ValueNumber extends TValueNumber { final string toString() { result = "GVN" } - final string getDebugString() { result = strictconcat(getAnInstruction().getResultId(), ", ") } + final string getDebugString() { + result = strictconcat(this.getAnInstruction().getResultId(), ", ") + } final Language::Location getLocation() { if exists(Instruction i | - i = getAnInstruction() and not i.getLocation() instanceof Language::UnknownLocation + i = this.getAnInstruction() and not i.getLocation() instanceof Language::UnknownLocation ) then result = min(Language::Location l | - l = getAnInstruction().getLocation() and not l instanceof Language::UnknownLocation + l = this.getAnInstruction().getLocation() and not l instanceof Language::UnknownLocation | l order by @@ -40,7 +42,7 @@ class ValueNumber extends TValueNumber { final Instruction getExampleInstruction() { result = min(Instruction instr | - instr = getAnInstruction() + instr = this.getAnInstruction() | instr order by instr.getBlock().getDisplayIndex(), instr.getDisplayIndexInBlock() ) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/OperandTag.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/OperandTag.qll index 21dfedd95cd..f2e23b01a13 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/OperandTag.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/OperandTag.qll @@ -40,7 +40,9 @@ abstract class OperandTag extends TOperandTag { /** * Gets a label that will appear before the operand when the IR is printed. */ - final string getLabel() { if alwaysPrintLabel() then result = getId() + ":" else result = "" } + final string getLabel() { + if this.alwaysPrintLabel() then result = this.getId() + ":" else result = "" + } /** * Gets an identifier that uniquely identifies this operand within its instruction. diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRFunction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRFunction.qll index 5968e58f90b..354ba41e3d1 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRFunction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRFunction.qll @@ -45,7 +45,9 @@ class IRFunction extends IRFunctionBase { * Gets the block containing the entry point of this function. */ pragma[noinline] - final IRBlock getEntryBlock() { result.getFirstInstruction() = getEnterFunctionInstruction() } + final IRBlock getEntryBlock() { + result.getFirstInstruction() = this.getEnterFunctionInstruction() + } /** * Gets all instructions in this function. diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRVariable.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRVariable.qll index c92082d767d..b31c7898ba7 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRVariable.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRVariable.qll @@ -39,12 +39,12 @@ class IRVariable extends TIRVariable { /** * Gets the type of the variable. */ - final Language::Type getType() { getLanguageType().hasType(result, false) } + final Language::Type getType() { this.getLanguageType().hasType(result, false) } /** * Gets the language-neutral type of the variable. */ - final IRType getIRType() { result = getLanguageType().getIRType() } + final IRType getIRType() { result = this.getLanguageType().getIRType() } /** * Gets the type of the variable. @@ -58,7 +58,7 @@ class IRVariable extends TIRVariable { Language::AST getAst() { none() } /** DEPRECATED: Alias for getAst */ - deprecated Language::AST getAST() { result = getAst() } + deprecated Language::AST getAST() { result = this.getAst() } /** * Gets an identifier string for the variable. This identifier is unique @@ -69,7 +69,7 @@ class IRVariable extends TIRVariable { /** * Gets the source location of this variable. */ - final Language::Location getLocation() { result = getAst().getLocation() } + final Language::Location getLocation() { result = this.getAst().getLocation() } /** * Gets the IR for the function that references this variable. @@ -91,15 +91,15 @@ class IRUserVariable extends IRVariable, TIRUserVariable { IRUserVariable() { this = TIRUserVariable(var, type, func) } - final override string toString() { result = getVariable().toString() } + final override string toString() { result = this.getVariable().toString() } final override Language::AST getAst() { result = var } /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = getAst() } + deprecated override Language::AST getAST() { result = this.getAst() } final override string getUniqueId() { - result = getVariable().toString() + " " + getVariable().getLocation().toString() + result = this.getVariable().toString() + " " + this.getVariable().getLocation().toString() } final override Language::LanguageType getLanguageType() { result = type } @@ -166,9 +166,9 @@ class IRGeneratedVariable extends IRVariable { final override Language::AST getAst() { result = ast } /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = getAst() } + deprecated override Language::AST getAST() { result = this.getAst() } - override string toString() { result = getBaseString() + getLocationString() } + override string toString() { result = this.getBaseString() + this.getLocationString() } override string getUniqueId() { none() } @@ -272,7 +272,7 @@ class IRStringLiteral extends IRGeneratedVariable, TIRStringLiteral { final override predicate isReadOnly() { any() } final override string getUniqueId() { - result = "String: " + getLocationString() + "=" + Language::getStringLiteralText(literal) + result = "String: " + this.getLocationString() + "=" + Language::getStringLiteralText(literal) } final override string getBaseString() { result = "#string" } @@ -303,7 +303,8 @@ class IRDynamicInitializationFlag extends IRGeneratedVariable, TIRDynamicInitial final Language::Variable getVariable() { result = var } final override string getUniqueId() { - result = "Init: " + getVariable().toString() + " " + getVariable().getLocation().toString() + result = + "Init: " + this.getVariable().toString() + " " + this.getVariable().getLocation().toString() } final override string getBaseString() { result = "#init:" + var.toString() + ":" } @@ -332,5 +333,5 @@ class IRParameter extends IRAutomaticVariable { * An IR variable representing a positional parameter. */ class IRPositionalParameter extends IRParameter, IRAutomaticUserVariable { - final override int getIndex() { result = getVariable().(Language::Parameter).getIndex() } + final override int getIndex() { result = this.getVariable().(Language::Parameter).getIndex() } } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/PrintIR.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/PrintIR.qll index aae12b0047a..2ababa6199a 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/PrintIR.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/PrintIR.qll @@ -127,13 +127,13 @@ abstract private class PrintableIRNode extends TPrintableIRNode { * Gets the value of the node property with the specified key. */ string getProperty(string key) { - key = "semmle.label" and result = getLabel() + key = "semmle.label" and result = this.getLabel() or - key = "semmle.order" and result = getOrder().toString() + key = "semmle.order" and result = this.getOrder().toString() or - key = "semmle.graphKind" and result = getGraphKind() + key = "semmle.graphKind" and result = this.getGraphKind() or - key = "semmle.forceText" and forceText() and result = "true" + key = "semmle.forceText" and this.forceText() and result = "true" } } @@ -178,7 +178,7 @@ private class PrintableIRBlock extends PrintableIRNode, TPrintableIRBlock { PrintableIRBlock() { this = TPrintableIRBlock(block) } - override string toString() { result = getLabel() } + override string toString() { result = this.getLabel() } override Language::Location getLocation() { result = block.getLocation() } @@ -223,7 +223,7 @@ private class PrintableInstruction extends PrintableIRNode, TPrintableInstructio | resultString = instr.getResultString() and operationString = instr.getOperationString() and - operandsString = getOperandsString() and + operandsString = this.getOperandsString() and columnWidths(block, resultWidth, operationWidth) and result = resultString + getPaddingString(resultWidth - resultString.length()) + " = " + diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/ValueNumbering.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/ValueNumbering.qll index ca3c378cd7e..2a46e16c52f 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/ValueNumbering.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/ValueNumbering.qll @@ -7,17 +7,19 @@ private import internal.ValueNumberingImports class ValueNumber extends TValueNumber { final string toString() { result = "GVN" } - final string getDebugString() { result = strictconcat(getAnInstruction().getResultId(), ", ") } + final string getDebugString() { + result = strictconcat(this.getAnInstruction().getResultId(), ", ") + } final Language::Location getLocation() { if exists(Instruction i | - i = getAnInstruction() and not i.getLocation() instanceof Language::UnknownLocation + i = this.getAnInstruction() and not i.getLocation() instanceof Language::UnknownLocation ) then result = min(Language::Location l | - l = getAnInstruction().getLocation() and not l instanceof Language::UnknownLocation + l = this.getAnInstruction().getLocation() and not l instanceof Language::UnknownLocation | l order by @@ -40,7 +42,7 @@ class ValueNumber extends TValueNumber { final Instruction getExampleInstruction() { result = min(Instruction instr | - instr = getAnInstruction() + instr = this.getAnInstruction() | instr order by instr.getBlock().getDisplayIndex(), instr.getDisplayIndexInBlock() ) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRFunction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRFunction.qll index 5968e58f90b..354ba41e3d1 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRFunction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRFunction.qll @@ -45,7 +45,9 @@ class IRFunction extends IRFunctionBase { * Gets the block containing the entry point of this function. */ pragma[noinline] - final IRBlock getEntryBlock() { result.getFirstInstruction() = getEnterFunctionInstruction() } + final IRBlock getEntryBlock() { + result.getFirstInstruction() = this.getEnterFunctionInstruction() + } /** * Gets all instructions in this function. diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRVariable.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRVariable.qll index c92082d767d..b31c7898ba7 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRVariable.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRVariable.qll @@ -39,12 +39,12 @@ class IRVariable extends TIRVariable { /** * Gets the type of the variable. */ - final Language::Type getType() { getLanguageType().hasType(result, false) } + final Language::Type getType() { this.getLanguageType().hasType(result, false) } /** * Gets the language-neutral type of the variable. */ - final IRType getIRType() { result = getLanguageType().getIRType() } + final IRType getIRType() { result = this.getLanguageType().getIRType() } /** * Gets the type of the variable. @@ -58,7 +58,7 @@ class IRVariable extends TIRVariable { Language::AST getAst() { none() } /** DEPRECATED: Alias for getAst */ - deprecated Language::AST getAST() { result = getAst() } + deprecated Language::AST getAST() { result = this.getAst() } /** * Gets an identifier string for the variable. This identifier is unique @@ -69,7 +69,7 @@ class IRVariable extends TIRVariable { /** * Gets the source location of this variable. */ - final Language::Location getLocation() { result = getAst().getLocation() } + final Language::Location getLocation() { result = this.getAst().getLocation() } /** * Gets the IR for the function that references this variable. @@ -91,15 +91,15 @@ class IRUserVariable extends IRVariable, TIRUserVariable { IRUserVariable() { this = TIRUserVariable(var, type, func) } - final override string toString() { result = getVariable().toString() } + final override string toString() { result = this.getVariable().toString() } final override Language::AST getAst() { result = var } /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = getAst() } + deprecated override Language::AST getAST() { result = this.getAst() } final override string getUniqueId() { - result = getVariable().toString() + " " + getVariable().getLocation().toString() + result = this.getVariable().toString() + " " + this.getVariable().getLocation().toString() } final override Language::LanguageType getLanguageType() { result = type } @@ -166,9 +166,9 @@ class IRGeneratedVariable extends IRVariable { final override Language::AST getAst() { result = ast } /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = getAst() } + deprecated override Language::AST getAST() { result = this.getAst() } - override string toString() { result = getBaseString() + getLocationString() } + override string toString() { result = this.getBaseString() + this.getLocationString() } override string getUniqueId() { none() } @@ -272,7 +272,7 @@ class IRStringLiteral extends IRGeneratedVariable, TIRStringLiteral { final override predicate isReadOnly() { any() } final override string getUniqueId() { - result = "String: " + getLocationString() + "=" + Language::getStringLiteralText(literal) + result = "String: " + this.getLocationString() + "=" + Language::getStringLiteralText(literal) } final override string getBaseString() { result = "#string" } @@ -303,7 +303,8 @@ class IRDynamicInitializationFlag extends IRGeneratedVariable, TIRDynamicInitial final Language::Variable getVariable() { result = var } final override string getUniqueId() { - result = "Init: " + getVariable().toString() + " " + getVariable().getLocation().toString() + result = + "Init: " + this.getVariable().toString() + " " + this.getVariable().getLocation().toString() } final override string getBaseString() { result = "#init:" + var.toString() + ":" } @@ -332,5 +333,5 @@ class IRParameter extends IRAutomaticVariable { * An IR variable representing a positional parameter. */ class IRPositionalParameter extends IRParameter, IRAutomaticUserVariable { - final override int getIndex() { result = getVariable().(Language::Parameter).getIndex() } + final override int getIndex() { result = this.getVariable().(Language::Parameter).getIndex() } } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/PrintIR.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/PrintIR.qll index aae12b0047a..2ababa6199a 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/PrintIR.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/PrintIR.qll @@ -127,13 +127,13 @@ abstract private class PrintableIRNode extends TPrintableIRNode { * Gets the value of the node property with the specified key. */ string getProperty(string key) { - key = "semmle.label" and result = getLabel() + key = "semmle.label" and result = this.getLabel() or - key = "semmle.order" and result = getOrder().toString() + key = "semmle.order" and result = this.getOrder().toString() or - key = "semmle.graphKind" and result = getGraphKind() + key = "semmle.graphKind" and result = this.getGraphKind() or - key = "semmle.forceText" and forceText() and result = "true" + key = "semmle.forceText" and this.forceText() and result = "true" } } @@ -178,7 +178,7 @@ private class PrintableIRBlock extends PrintableIRNode, TPrintableIRBlock { PrintableIRBlock() { this = TPrintableIRBlock(block) } - override string toString() { result = getLabel() } + override string toString() { result = this.getLabel() } override Language::Location getLocation() { result = block.getLocation() } @@ -223,7 +223,7 @@ private class PrintableInstruction extends PrintableIRNode, TPrintableInstructio | resultString = instr.getResultString() and operationString = instr.getOperationString() and - operandsString = getOperandsString() and + operandsString = this.getOperandsString() and columnWidths(block, resultWidth, operationWidth) and result = resultString + getPaddingString(resultWidth - resultString.length()) + " = " + diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll index ca3c378cd7e..2a46e16c52f 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll @@ -7,17 +7,19 @@ private import internal.ValueNumberingImports class ValueNumber extends TValueNumber { final string toString() { result = "GVN" } - final string getDebugString() { result = strictconcat(getAnInstruction().getResultId(), ", ") } + final string getDebugString() { + result = strictconcat(this.getAnInstruction().getResultId(), ", ") + } final Language::Location getLocation() { if exists(Instruction i | - i = getAnInstruction() and not i.getLocation() instanceof Language::UnknownLocation + i = this.getAnInstruction() and not i.getLocation() instanceof Language::UnknownLocation ) then result = min(Language::Location l | - l = getAnInstruction().getLocation() and not l instanceof Language::UnknownLocation + l = this.getAnInstruction().getLocation() and not l instanceof Language::UnknownLocation | l order by @@ -40,7 +42,7 @@ class ValueNumber extends TValueNumber { final Instruction getExampleInstruction() { result = min(Instruction instr | - instr = getAnInstruction() + instr = this.getAnInstruction() | instr order by instr.getBlock().getDisplayIndex(), instr.getDisplayIndexInBlock() ) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasConfiguration.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasConfiguration.qll index dbdd3c14c85..110e673e1d2 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasConfiguration.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasConfiguration.qll @@ -7,7 +7,7 @@ private import AliasConfigurationImports class Allocation extends IRAutomaticVariable { VariableAddressInstruction getABaseInstruction() { result.getIRVariable() = this } - final string getAllocationString() { result = toString() } + final string getAllocationString() { result = this.toString() } predicate alwaysEscapes() { // An automatic variable only escapes if its address is taken and escapes. diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll index ec2e6f5ef34..f5b0b3af930 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll @@ -75,7 +75,7 @@ class MemoryLocation extends TMemoryLocation { final predicate canReuseSsa() { canReuseSsaForVariable(var) } /** DEPRECATED: Alias for canReuseSsa */ - deprecated predicate canReuseSSA() { canReuseSsa() } + deprecated predicate canReuseSSA() { this.canReuseSsa() } } predicate canReuseSsaForOldResult(Instruction instr) { none() } diff --git a/csharp/ql/src/experimental/ir/implementation/IRType.qll b/csharp/ql/src/experimental/ir/implementation/IRType.qll index e0bccafae6b..9fbcf8c4a3b 100644 --- a/csharp/ql/src/experimental/ir/implementation/IRType.qll +++ b/csharp/ql/src/experimental/ir/implementation/IRType.qll @@ -39,7 +39,7 @@ class IRType extends TIRType { * Gets a string that uniquely identifies this `IRType`. This string is often the same as the * result of `IRType.toString()`, but for some types it may be more verbose to ensure uniqueness. */ - string getIdentityString() { result = toString() } + string getIdentityString() { result = this.toString() } /** * Gets the size of the type, in bytes, if known. @@ -206,7 +206,7 @@ class IRFloatingPointType extends IRNumericType, TIRFloatingPointType { IRFloatingPointType() { this = TIRFloatingPointType(_, base, domain) } final override string toString() { - result = getDomainPrefix() + getBaseString() + byteSize.toString() + result = this.getDomainPrefix() + this.getBaseString() + byteSize.toString() } final override Language::LanguageType getCanonicalLanguageType() { diff --git a/csharp/ql/src/experimental/ir/implementation/Opcode.qll b/csharp/ql/src/experimental/ir/implementation/Opcode.qll index 7b064340ffe..a9ecdf46984 100644 --- a/csharp/ql/src/experimental/ir/implementation/Opcode.qll +++ b/csharp/ql/src/experimental/ir/implementation/Opcode.qll @@ -135,11 +135,11 @@ class Opcode extends TOpcode { * Holds if the instruction must have an operand with the specified `OperandTag`. */ final predicate hasOperand(OperandTag tag) { - hasOperandInternal(tag) + this.hasOperandInternal(tag) or - hasAddressOperand() and tag instanceof AddressOperandTag + this.hasAddressOperand() and tag instanceof AddressOperandTag or - hasBufferSizeOperand() and tag instanceof BufferSizeOperandTag + this.hasBufferSizeOperand() and tag instanceof BufferSizeOperandTag } /** diff --git a/csharp/ql/src/experimental/ir/implementation/internal/OperandTag.qll b/csharp/ql/src/experimental/ir/implementation/internal/OperandTag.qll index 21dfedd95cd..f2e23b01a13 100644 --- a/csharp/ql/src/experimental/ir/implementation/internal/OperandTag.qll +++ b/csharp/ql/src/experimental/ir/implementation/internal/OperandTag.qll @@ -40,7 +40,9 @@ abstract class OperandTag extends TOperandTag { /** * Gets a label that will appear before the operand when the IR is printed. */ - final string getLabel() { if alwaysPrintLabel() then result = getId() + ":" else result = "" } + final string getLabel() { + if this.alwaysPrintLabel() then result = this.getId() + ":" else result = "" + } /** * Gets an identifier that uniquely identifies this operand within its instruction. diff --git a/csharp/ql/src/experimental/ir/implementation/raw/IRFunction.qll b/csharp/ql/src/experimental/ir/implementation/raw/IRFunction.qll index 5968e58f90b..354ba41e3d1 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/IRFunction.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/IRFunction.qll @@ -45,7 +45,9 @@ class IRFunction extends IRFunctionBase { * Gets the block containing the entry point of this function. */ pragma[noinline] - final IRBlock getEntryBlock() { result.getFirstInstruction() = getEnterFunctionInstruction() } + final IRBlock getEntryBlock() { + result.getFirstInstruction() = this.getEnterFunctionInstruction() + } /** * Gets all instructions in this function. diff --git a/csharp/ql/src/experimental/ir/implementation/raw/IRVariable.qll b/csharp/ql/src/experimental/ir/implementation/raw/IRVariable.qll index c92082d767d..b31c7898ba7 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/IRVariable.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/IRVariable.qll @@ -39,12 +39,12 @@ class IRVariable extends TIRVariable { /** * Gets the type of the variable. */ - final Language::Type getType() { getLanguageType().hasType(result, false) } + final Language::Type getType() { this.getLanguageType().hasType(result, false) } /** * Gets the language-neutral type of the variable. */ - final IRType getIRType() { result = getLanguageType().getIRType() } + final IRType getIRType() { result = this.getLanguageType().getIRType() } /** * Gets the type of the variable. @@ -58,7 +58,7 @@ class IRVariable extends TIRVariable { Language::AST getAst() { none() } /** DEPRECATED: Alias for getAst */ - deprecated Language::AST getAST() { result = getAst() } + deprecated Language::AST getAST() { result = this.getAst() } /** * Gets an identifier string for the variable. This identifier is unique @@ -69,7 +69,7 @@ class IRVariable extends TIRVariable { /** * Gets the source location of this variable. */ - final Language::Location getLocation() { result = getAst().getLocation() } + final Language::Location getLocation() { result = this.getAst().getLocation() } /** * Gets the IR for the function that references this variable. @@ -91,15 +91,15 @@ class IRUserVariable extends IRVariable, TIRUserVariable { IRUserVariable() { this = TIRUserVariable(var, type, func) } - final override string toString() { result = getVariable().toString() } + final override string toString() { result = this.getVariable().toString() } final override Language::AST getAst() { result = var } /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = getAst() } + deprecated override Language::AST getAST() { result = this.getAst() } final override string getUniqueId() { - result = getVariable().toString() + " " + getVariable().getLocation().toString() + result = this.getVariable().toString() + " " + this.getVariable().getLocation().toString() } final override Language::LanguageType getLanguageType() { result = type } @@ -166,9 +166,9 @@ class IRGeneratedVariable extends IRVariable { final override Language::AST getAst() { result = ast } /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = getAst() } + deprecated override Language::AST getAST() { result = this.getAst() } - override string toString() { result = getBaseString() + getLocationString() } + override string toString() { result = this.getBaseString() + this.getLocationString() } override string getUniqueId() { none() } @@ -272,7 +272,7 @@ class IRStringLiteral extends IRGeneratedVariable, TIRStringLiteral { final override predicate isReadOnly() { any() } final override string getUniqueId() { - result = "String: " + getLocationString() + "=" + Language::getStringLiteralText(literal) + result = "String: " + this.getLocationString() + "=" + Language::getStringLiteralText(literal) } final override string getBaseString() { result = "#string" } @@ -303,7 +303,8 @@ class IRDynamicInitializationFlag extends IRGeneratedVariable, TIRDynamicInitial final Language::Variable getVariable() { result = var } final override string getUniqueId() { - result = "Init: " + getVariable().toString() + " " + getVariable().getLocation().toString() + result = + "Init: " + this.getVariable().toString() + " " + this.getVariable().getLocation().toString() } final override string getBaseString() { result = "#init:" + var.toString() + ":" } @@ -332,5 +333,5 @@ class IRParameter extends IRAutomaticVariable { * An IR variable representing a positional parameter. */ class IRPositionalParameter extends IRParameter, IRAutomaticUserVariable { - final override int getIndex() { result = getVariable().(Language::Parameter).getIndex() } + final override int getIndex() { result = this.getVariable().(Language::Parameter).getIndex() } } diff --git a/csharp/ql/src/experimental/ir/implementation/raw/PrintIR.qll b/csharp/ql/src/experimental/ir/implementation/raw/PrintIR.qll index aae12b0047a..2ababa6199a 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/PrintIR.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/PrintIR.qll @@ -127,13 +127,13 @@ abstract private class PrintableIRNode extends TPrintableIRNode { * Gets the value of the node property with the specified key. */ string getProperty(string key) { - key = "semmle.label" and result = getLabel() + key = "semmle.label" and result = this.getLabel() or - key = "semmle.order" and result = getOrder().toString() + key = "semmle.order" and result = this.getOrder().toString() or - key = "semmle.graphKind" and result = getGraphKind() + key = "semmle.graphKind" and result = this.getGraphKind() or - key = "semmle.forceText" and forceText() and result = "true" + key = "semmle.forceText" and this.forceText() and result = "true" } } @@ -178,7 +178,7 @@ private class PrintableIRBlock extends PrintableIRNode, TPrintableIRBlock { PrintableIRBlock() { this = TPrintableIRBlock(block) } - override string toString() { result = getLabel() } + override string toString() { result = this.getLabel() } override Language::Location getLocation() { result = block.getLocation() } @@ -223,7 +223,7 @@ private class PrintableInstruction extends PrintableIRNode, TPrintableInstructio | resultString = instr.getResultString() and operationString = instr.getOperationString() and - operandsString = getOperandsString() and + operandsString = this.getOperandsString() and columnWidths(block, resultWidth, operationWidth) and result = resultString + getPaddingString(resultWidth - resultString.length()) + " = " + diff --git a/csharp/ql/src/experimental/ir/implementation/raw/gvn/ValueNumbering.qll b/csharp/ql/src/experimental/ir/implementation/raw/gvn/ValueNumbering.qll index ca3c378cd7e..2a46e16c52f 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/gvn/ValueNumbering.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/gvn/ValueNumbering.qll @@ -7,17 +7,19 @@ private import internal.ValueNumberingImports class ValueNumber extends TValueNumber { final string toString() { result = "GVN" } - final string getDebugString() { result = strictconcat(getAnInstruction().getResultId(), ", ") } + final string getDebugString() { + result = strictconcat(this.getAnInstruction().getResultId(), ", ") + } final Language::Location getLocation() { if exists(Instruction i | - i = getAnInstruction() and not i.getLocation() instanceof Language::UnknownLocation + i = this.getAnInstruction() and not i.getLocation() instanceof Language::UnknownLocation ) then result = min(Language::Location l | - l = getAnInstruction().getLocation() and not l instanceof Language::UnknownLocation + l = this.getAnInstruction().getLocation() and not l instanceof Language::UnknownLocation | l order by @@ -40,7 +42,7 @@ class ValueNumber extends TValueNumber { final Instruction getExampleInstruction() { result = min(Instruction instr | - instr = getAnInstruction() + instr = this.getAnInstruction() | instr order by instr.getBlock().getDisplayIndex(), instr.getDisplayIndexInBlock() ) diff --git a/csharp/ql/src/experimental/ir/implementation/raw/internal/common/TranslatedCallBase.qll b/csharp/ql/src/experimental/ir/implementation/raw/internal/common/TranslatedCallBase.qll index f14a420cfeb..6243663f1cc 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/internal/common/TranslatedCallBase.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/common/TranslatedCallBase.qll @@ -21,26 +21,26 @@ abstract class TranslatedCallBase extends TranslatedElement { // though the `this` argument exists and is the result of the instruction // that allocated the new object. For those calls, `getQualifier()` should // be void. - id = -1 and result = getQualifier() + id = -1 and result = this.getQualifier() or - result = getArgument(id) + result = this.getArgument(id) } final override Instruction getFirstInstruction() { - if exists(getQualifier()) - then result = getQualifier().getFirstInstruction() - else result = getInstruction(CallTargetTag()) + if exists(this.getQualifier()) + then result = this.getQualifier().getFirstInstruction() + else result = this.getInstruction(CallTargetTag()) } override predicate hasInstruction(Opcode opcode, InstructionTag tag, CSharpType resultType) { tag = CallTag() and opcode instanceof Opcode::Call and - resultType = getTypeForPRValue(getCallResultType()) + resultType = getTypeForPRValue(this.getCallResultType()) or - hasSideEffect() and + this.hasSideEffect() and tag = CallSideEffectTag() and ( - if hasWriteSideEffect() + if this.hasWriteSideEffect() then ( opcode instanceof Opcode::CallSideEffect and resultType = getUnknownType() @@ -58,14 +58,14 @@ abstract class TranslatedCallBase extends TranslatedElement { } override Instruction getChildSuccessor(TranslatedElement child) { - child = getQualifier() and - result = getInstruction(CallTargetTag()) + child = this.getQualifier() and + result = this.getInstruction(CallTargetTag()) or exists(int argIndex | - child = getArgument(argIndex) and - if exists(getArgument(argIndex + 1)) - then result = getArgument(argIndex + 1).getFirstInstruction() - else result = getInstruction(CallTag()) + child = this.getArgument(argIndex) and + if exists(this.getArgument(argIndex + 1)) + then result = this.getArgument(argIndex + 1).getFirstInstruction() + else result = this.getInstruction(CallTag()) ) } @@ -74,18 +74,18 @@ abstract class TranslatedCallBase extends TranslatedElement { ( ( tag = CallTag() and - if hasSideEffect() - then result = getInstruction(CallSideEffectTag()) - else result = getParent().getChildSuccessor(this) + if this.hasSideEffect() + then result = this.getInstruction(CallSideEffectTag()) + else result = this.getParent().getChildSuccessor(this) ) or - hasSideEffect() and + this.hasSideEffect() and tag = CallSideEffectTag() and - result = getParent().getChildSuccessor(this) + result = this.getParent().getChildSuccessor(this) or tag = CallTargetTag() and kind instanceof GotoEdge and - result = getFirstArgumentOrCallInstruction() + result = this.getFirstArgumentOrCallInstruction() ) } @@ -93,26 +93,26 @@ abstract class TranslatedCallBase extends TranslatedElement { tag = CallTag() and ( operandTag instanceof CallTargetOperandTag and - result = getInstruction(CallTargetTag()) + result = this.getInstruction(CallTargetTag()) or operandTag instanceof ThisArgumentOperandTag and - result = getQualifierResult() + result = this.getQualifierResult() or exists(PositionalArgumentOperandTag argTag | argTag = operandTag and - result = getArgument(argTag.getArgIndex()).getResult() + result = this.getArgument(argTag.getArgIndex()).getResult() ) ) } final override CSharpType getInstructionOperandType(InstructionTag tag, TypedOperandTag operandTag) { tag = CallSideEffectTag() and - hasSideEffect() and + this.hasSideEffect() and operandTag instanceof SideEffectOperandTag and result = getUnknownType() } - Instruction getResult() { result = getInstruction(CallTag()) } + Instruction getResult() { result = this.getInstruction(CallTag()) } /** * Gets the result type of the call. @@ -122,7 +122,7 @@ abstract class TranslatedCallBase extends TranslatedElement { /** * Holds if the call has a `this` argument. */ - predicate hasQualifier() { exists(getQualifier()) } + predicate hasQualifier() { exists(this.getQualifier()) } /** * Gets the expr for the qualifier of the call. @@ -150,25 +150,25 @@ abstract class TranslatedCallBase extends TranslatedElement { * argument. Otherwise, returns the call instruction. */ final Instruction getFirstArgumentOrCallInstruction() { - if hasArguments() - then result = getArgument(0).getFirstInstruction() - else result = getInstruction(CallTag()) + if this.hasArguments() + then result = this.getArgument(0).getFirstInstruction() + else result = this.getInstruction(CallTag()) } /** * Holds if the call has any arguments, not counting the `this` argument. */ - final predicate hasArguments() { exists(getArgument(0)) } + final predicate hasArguments() { exists(this.getArgument(0)) } predicate hasReadSideEffect() { any() } predicate hasWriteSideEffect() { any() } - private predicate hasSideEffect() { hasReadSideEffect() or hasWriteSideEffect() } + private predicate hasSideEffect() { this.hasReadSideEffect() or this.hasWriteSideEffect() } override Instruction getPrimaryInstructionForSideEffect(InstructionTag tag) { - hasSideEffect() and + this.hasSideEffect() and tag = CallSideEffectTag() and - result = getResult() + result = this.getResult() } } diff --git a/csharp/ql/src/experimental/ir/implementation/raw/internal/common/TranslatedConditionBase.qll b/csharp/ql/src/experimental/ir/implementation/raw/internal/common/TranslatedConditionBase.qll index 6f8e2df02ee..ec12b31f986 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/internal/common/TranslatedConditionBase.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/common/TranslatedConditionBase.qll @@ -27,7 +27,7 @@ abstract class ConditionContext extends TranslatedElement { * and the compiler generated ones (captures the common patterns). */ abstract class ConditionBase extends TranslatedElement { - final ConditionContext getConditionContext() { result = getParent() } + final ConditionContext getConditionContext() { result = this.getParent() } } /** @@ -35,9 +35,9 @@ abstract class ConditionBase extends TranslatedElement { * and the compiler generated ones (captures the common patterns). */ abstract class ValueConditionBase extends ConditionBase { - override TranslatedElement getChild(int id) { id = 0 and result = getValueExpr() } + override TranslatedElement getChild(int id) { id = 0 and result = this.getValueExpr() } - override Instruction getFirstInstruction() { result = getValueExpr().getFirstInstruction() } + override Instruction getFirstInstruction() { result = this.getValueExpr().getFirstInstruction() } override predicate hasInstruction(Opcode opcode, InstructionTag tag, CSharpType resultType) { tag = ValueConditionConditionalBranchTag() and @@ -46,25 +46,25 @@ abstract class ValueConditionBase extends ConditionBase { } override Instruction getChildSuccessor(TranslatedElement child) { - child = getValueExpr() and - result = getInstruction(ValueConditionConditionalBranchTag()) + child = this.getValueExpr() and + result = this.getInstruction(ValueConditionConditionalBranchTag()) } override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) { tag = ValueConditionConditionalBranchTag() and ( kind instanceof TrueEdge and - result = getConditionContext().getChildTrueSuccessor(this) + result = this.getConditionContext().getChildTrueSuccessor(this) or kind instanceof FalseEdge and - result = getConditionContext().getChildFalseSuccessor(this) + result = this.getConditionContext().getChildFalseSuccessor(this) ) } override Instruction getInstructionOperand(InstructionTag tag, OperandTag operandTag) { tag = ValueConditionConditionalBranchTag() and operandTag instanceof ConditionOperandTag and - result = valueExprResult() + result = this.valueExprResult() } /** diff --git a/csharp/ql/src/experimental/ir/implementation/raw/internal/common/TranslatedDeclarationBase.qll b/csharp/ql/src/experimental/ir/implementation/raw/internal/common/TranslatedDeclarationBase.qll index 9fd47de9060..a4e6501d0e4 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/internal/common/TranslatedDeclarationBase.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/common/TranslatedDeclarationBase.qll @@ -15,49 +15,49 @@ private import experimental.ir.internal.CSharpType private import experimental.ir.internal.IRCSharpLanguage as Language abstract class LocalVariableDeclarationBase extends TranslatedElement { - override TranslatedElement getChild(int id) { id = 0 and result = getInitialization() } + override TranslatedElement getChild(int id) { id = 0 and result = this.getInitialization() } - override Instruction getFirstInstruction() { result = getVarAddress() } + override Instruction getFirstInstruction() { result = this.getVarAddress() } override predicate hasInstruction(Opcode opcode, InstructionTag tag, CSharpType resultType) { tag = InitializerVariableAddressTag() and opcode instanceof Opcode::VariableAddress and - resultType = getTypeForGLValue(getVarType()) + resultType = getTypeForGLValue(this.getVarType()) or - hasUninitializedInstruction() and + this.hasUninitializedInstruction() and tag = InitializerStoreTag() and opcode instanceof Opcode::Uninitialized and - resultType = getTypeForPRValue(getVarType()) + resultType = getTypeForPRValue(this.getVarType()) } override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) { ( tag = InitializerVariableAddressTag() and kind instanceof GotoEdge and - if hasUninitializedInstruction() - then result = getInstruction(InitializerStoreTag()) - else result = getInitialization().getFirstInstruction() + if this.hasUninitializedInstruction() + then result = this.getInstruction(InitializerStoreTag()) + else result = this.getInitialization().getFirstInstruction() ) or - hasUninitializedInstruction() and + this.hasUninitializedInstruction() and kind instanceof GotoEdge and tag = InitializerStoreTag() and ( - result = getInitialization().getFirstInstruction() + result = this.getInitialization().getFirstInstruction() or - not exists(getInitialization()) and result = getParent().getChildSuccessor(this) + not exists(this.getInitialization()) and result = this.getParent().getChildSuccessor(this) ) } override Instruction getChildSuccessor(TranslatedElement child) { - child = getInitialization() and result = getParent().getChildSuccessor(this) + child = this.getInitialization() and result = this.getParent().getChildSuccessor(this) } override Instruction getInstructionOperand(InstructionTag tag, OperandTag operandTag) { - hasUninitializedInstruction() and + this.hasUninitializedInstruction() and tag = InitializerStoreTag() and operandTag instanceof AddressOperandTag and - result = getVarAddress() + result = this.getVarAddress() } /** @@ -67,11 +67,11 @@ abstract class LocalVariableDeclarationBase extends TranslatedElement { * desugaring process. */ predicate hasUninitializedInstruction() { - not exists(getInitialization()) or - getInitialization() instanceof TranslatedListInitialization + not exists(this.getInitialization()) or + this.getInitialization() instanceof TranslatedListInitialization } - Instruction getVarAddress() { result = getInstruction(InitializerVariableAddressTag()) } + Instruction getVarAddress() { result = this.getInstruction(InitializerVariableAddressTag()) } /** * Gets the declared variable. For compiler generated elements, this diff --git a/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/Common.qll b/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/Common.qll index dbc76ec3954..d9c7910be4c 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/Common.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/Common.qll @@ -38,21 +38,21 @@ abstract class TranslatedCompilerGeneratedTry extends TranslatedCompilerGenerate override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) { none() } override TranslatedElement getChild(int id) { - id = 0 and result = getBody() + id = 0 and result = this.getBody() or - id = 1 and result = getFinally() + id = 1 and result = this.getFinally() } - override Instruction getFirstInstruction() { result = getBody().getFirstInstruction() } + override Instruction getFirstInstruction() { result = this.getBody().getFirstInstruction() } override Instruction getChildSuccessor(TranslatedElement child) { - child = getBody() and result = getFinally().getFirstInstruction() + child = this.getBody() and result = this.getFinally().getFirstInstruction() or - child = getFinally() and result = getParent().getChildSuccessor(this) + child = this.getFinally() and result = this.getParent().getChildSuccessor(this) } override Instruction getExceptionSuccessorInstruction() { - result = getParent().getExceptionSuccessorInstruction() + result = this.getParent().getExceptionSuccessorInstruction() } /** @@ -74,16 +74,16 @@ abstract class TranslatedCompilerGeneratedConstant extends TranslatedCompilerGen override predicate hasInstruction(Opcode opcode, InstructionTag tag, CSharpType resultType) { opcode instanceof Opcode::Constant and tag = OnlyInstructionTag() and - resultType = getTypeForPRValue(getResultType()) + resultType = getTypeForPRValue(this.getResultType()) } override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) { tag = OnlyInstructionTag() and kind instanceof GotoEdge and - result = getParent().getChildSuccessor(this) + result = this.getParent().getChildSuccessor(this) } - override Instruction getFirstInstruction() { result = getInstruction(OnlyInstructionTag()) } + override Instruction getFirstInstruction() { result = this.getInstruction(OnlyInstructionTag()) } override TranslatedElement getChild(int id) { none() } @@ -96,20 +96,20 @@ abstract class TranslatedCompilerGeneratedConstant extends TranslatedCompilerGen * compose the block. */ abstract class TranslatedCompilerGeneratedBlock extends TranslatedCompilerGeneratedStmt { - override TranslatedElement getChild(int id) { result = getStmt(id) } + override TranslatedElement getChild(int id) { result = this.getStmt(id) } - override Instruction getFirstInstruction() { result = getStmt(0).getFirstInstruction() } + override Instruction getFirstInstruction() { result = this.getStmt(0).getFirstInstruction() } abstract TranslatedElement getStmt(int index); - private int getStmtCount() { result = count(getStmt(_)) } + private int getStmtCount() { result = count(this.getStmt(_)) } override Instruction getChildSuccessor(TranslatedElement child) { exists(int index | - child = getStmt(index) and - if index = (getStmtCount() - 1) - then result = getParent().getChildSuccessor(this) - else result = getStmt(index + 1).getFirstInstruction() + child = this.getStmt(index) and + if index = (this.getStmtCount() - 1) + then result = this.getParent().getChildSuccessor(this) + else result = this.getStmt(index + 1).getFirstInstruction() ) } @@ -128,14 +128,14 @@ abstract class TranslatedCompilerGeneratedBlock extends TranslatedCompilerGenera abstract class TranslatedCompilerGeneratedIfStmt extends TranslatedCompilerGeneratedStmt, ConditionContext { - override Instruction getFirstInstruction() { result = getCondition().getFirstInstruction() } + override Instruction getFirstInstruction() { result = this.getCondition().getFirstInstruction() } override TranslatedElement getChild(int id) { - id = 0 and result = getCondition() + id = 0 and result = this.getCondition() or - id = 1 and result = getThen() + id = 1 and result = this.getThen() or - id = 2 and result = getElse() + id = 2 and result = this.getElse() } abstract TranslatedCompilerGeneratedValueCondition getCondition(); @@ -144,25 +144,25 @@ abstract class TranslatedCompilerGeneratedIfStmt extends TranslatedCompilerGener abstract TranslatedCompilerGeneratedElement getElse(); - private predicate hasElse() { exists(getElse()) } + private predicate hasElse() { exists(this.getElse()) } override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) { none() } override Instruction getChildTrueSuccessor(ConditionBase child) { - child = getCondition() and - result = getThen().getFirstInstruction() + child = this.getCondition() and + result = this.getThen().getFirstInstruction() } override Instruction getChildFalseSuccessor(ConditionBase child) { - child = getCondition() and - if hasElse() - then result = getElse().getFirstInstruction() - else result = getParent().getChildSuccessor(this) + child = this.getCondition() and + if this.hasElse() + then result = this.getElse().getFirstInstruction() + else result = this.getParent().getChildSuccessor(this) } override Instruction getChildSuccessor(TranslatedElement child) { - (child = getThen() or child = getElse()) and - result = getParent().getChildSuccessor(this) + (child = this.getThen() or child = this.getElse()) and + result = this.getParent().getChildSuccessor(this) } override predicate hasInstruction(Opcode opcode, InstructionTag tag, CSharpType resultType) { @@ -177,7 +177,7 @@ abstract class TranslatedCompilerGeneratedIfStmt extends TranslatedCompilerGener * access needs a `Load` instruction or not (eg. `ref` params do not) */ abstract class TranslatedCompilerGeneratedVariableAccess extends TranslatedCompilerGeneratedExpr { - override Instruction getFirstInstruction() { result = getInstruction(AddressTag()) } + override Instruction getFirstInstruction() { result = this.getInstruction(AddressTag()) } override TranslatedElement getChild(int id) { none() } @@ -187,45 +187,45 @@ abstract class TranslatedCompilerGeneratedVariableAccess extends TranslatedCompi * Returns the type of the accessed variable. Can be overridden when the return * type is different than the type of the underlying variable. */ - Type getVariableType() { result = getResultType() } + Type getVariableType() { result = this.getResultType() } override predicate hasInstruction(Opcode opcode, InstructionTag tag, CSharpType resultType) { tag = AddressTag() and opcode instanceof Opcode::VariableAddress and - resultType = getTypeForGLValue(getVariableType()) + resultType = getTypeForGLValue(this.getVariableType()) or - needsLoad() and + this.needsLoad() and tag = LoadTag() and opcode instanceof Opcode::Load and - resultType = getTypeForPRValue(getVariableType()) + resultType = getTypeForPRValue(this.getVariableType()) } override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) { - needsLoad() and + this.needsLoad() and tag = LoadTag() and - result = getParent().getChildSuccessor(this) and + result = this.getParent().getChildSuccessor(this) and kind instanceof GotoEdge or ( tag = AddressTag() and kind instanceof GotoEdge and - if needsLoad() - then result = getInstruction(LoadTag()) - else result = getParent().getChildSuccessor(this) + if this.needsLoad() + then result = this.getInstruction(LoadTag()) + else result = this.getParent().getChildSuccessor(this) ) } override Instruction getResult() { - if needsLoad() - then result = getInstruction(LoadTag()) - else result = getInstruction(AddressTag()) + if this.needsLoad() + then result = this.getInstruction(LoadTag()) + else result = this.getInstruction(AddressTag()) } override Instruction getInstructionOperand(InstructionTag tag, OperandTag operandTag) { - needsLoad() and + this.needsLoad() and tag = LoadTag() and operandTag instanceof AddressOperandTag and - result = getInstruction(AddressTag()) + result = this.getInstruction(AddressTag()) } /** diff --git a/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/Delegate.qll b/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/Delegate.qll index 4ce965aa1f0..3f1a1dec646 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/Delegate.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/Delegate.qll @@ -61,7 +61,7 @@ private class TranslatedDelegateConstructorCall extends TranslatedCompilerGenera override Instruction getQualifierResult() { exists(ConstructorCallContext context | - context = getParent() and + context = this.getParent() and result = context.getReceiver() ) } @@ -101,7 +101,7 @@ private class TranslatedDelegateInvokeCall extends TranslatedCompilerGeneratedCa override TranslatedExprBase getQualifier() { result = getTranslatedExpr(generatedBy.getExpr()) } - override Instruction getQualifierResult() { result = getQualifier().getResult() } + override Instruction getQualifierResult() { result = this.getQualifier().getResult() } override TranslatedExpr getArgument(int index) { result = getTranslatedExpr(generatedBy.getArgument(index)) diff --git a/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/Foreach.qll b/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/Foreach.qll index 9be3c45d418..e49f579ecdf 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/Foreach.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/Foreach.qll @@ -122,28 +122,28 @@ class TranslatedForeachWhile extends TranslatedCompilerGeneratedStmt, ConditionC override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) { none() } - override Instruction getFirstInstruction() { result = getCondition().getFirstInstruction() } + override Instruction getFirstInstruction() { result = this.getCondition().getFirstInstruction() } override Instruction getChildSuccessor(TranslatedElement child) { - child = getInit() and result = getBody().getFirstInstruction() + child = this.getInit() and result = this.getBody().getFirstInstruction() or - child = getBody() and result = getCondition().getFirstInstruction() + child = this.getBody() and result = this.getCondition().getFirstInstruction() } override TranslatedElement getChild(int id) { - id = 0 and result = getCondition() + id = 0 and result = this.getCondition() or - id = 1 and result = getInit() + id = 1 and result = this.getInit() or - id = 2 and result = getBody() + id = 2 and result = this.getBody() } final override Instruction getChildTrueSuccessor(ConditionBase child) { - child = getCondition() and result = getInit().getFirstInstruction() + child = this.getCondition() and result = this.getInit().getFirstInstruction() } final override Instruction getChildFalseSuccessor(ConditionBase child) { - child = getCondition() and result = getParent().getChildSuccessor(this) + child = this.getCondition() and result = this.getParent().getChildSuccessor(this) } TranslatedStmt getBody() { result = getTranslatedStmt(generatedBy.getBody()) } @@ -189,7 +189,7 @@ private class TranslatedForeachMoveNext extends TranslatedCompilerGeneratedCall, ) } - override Instruction getQualifierResult() { result = getQualifier().getResult() } + override Instruction getQualifierResult() { result = this.getQualifier().getResult() } } /** @@ -203,7 +203,7 @@ private class TranslatedForeachGetEnumerator extends TranslatedCompilerGenerated TranslatedForeachGetEnumerator() { this = TTranslatedCompilerGeneratedElement(generatedBy, 4) } final override Type getCallResultType() { - result = getInstructionFunction(CallTargetTag()).getReturnType() + result = this.getInstructionFunction(CallTargetTag()).getReturnType() } override Callable getInstructionFunction(InstructionTag tag) { @@ -217,7 +217,7 @@ private class TranslatedForeachGetEnumerator extends TranslatedCompilerGenerated result = getTranslatedExpr(generatedBy.getIterableExpr()) } - override Instruction getQualifierResult() { result = getQualifier().getResult() } + override Instruction getQualifierResult() { result = this.getQualifier().getResult() } } /** @@ -241,7 +241,7 @@ private class TranslatedForeachCurrent extends TranslatedCompilerGeneratedCall, ) } - override Instruction getQualifierResult() { result = getQualifier().getResult() } + override Instruction getQualifierResult() { result = this.getQualifier().getResult() } override Callable getInstructionFunction(InstructionTag tag) { tag = CallTargetTag() and @@ -275,7 +275,7 @@ private class TranslatedForeachDispose extends TranslatedCompilerGeneratedCall, ) } - override Instruction getQualifierResult() { result = getQualifier().getResult() } + override Instruction getQualifierResult() { result = this.getQualifier().getResult() } } /** @@ -295,7 +295,7 @@ private class TranslatedForeachWhileCondition extends TranslatedCompilerGenerate ) } - override Instruction valueExprResult() { result = getValueExpr().getResult() } + override Instruction valueExprResult() { result = this.getValueExpr().getResult() } } /** @@ -311,7 +311,7 @@ private class TranslatedForeachEnumerator extends TranslatedCompilerGeneratedDec override predicate hasTempVariable(TempVariableTag tag, CSharpType type) { tag = ForeachEnumTempVar() and - type = getTypeForPRValue(getInitialization().getCallResultType()) + type = getTypeForPRValue(this.getInitialization().getCallResultType()) } override IRTempVariable getIRVariable() { @@ -325,7 +325,7 @@ private class TranslatedForeachEnumerator extends TranslatedCompilerGeneratedDec ) } - override Instruction getInitializationResult() { result = getInitialization().getResult() } + override Instruction getInitializationResult() { result = this.getInitialization().getResult() } } /** @@ -340,11 +340,11 @@ private class TranslatedForeachIterVar extends TranslatedCompilerGeneratedDeclar override IRVariable getInstructionVariable(InstructionTag tag) { tag = InitializerVariableAddressTag() and - result = getIRVariable() + result = this.getIRVariable() } override IRVariable getIRVariable() { - result = getIRUserVariable(getFunction(), generatedBy.getAVariable()) + result = getIRUserVariable(this.getFunction(), generatedBy.getAVariable()) } override TranslatedCompilerGeneratedCall getInitialization() { @@ -354,7 +354,7 @@ private class TranslatedForeachIterVar extends TranslatedCompilerGeneratedDeclar ) } - override Instruction getInitializationResult() { result = getInitialization().getResult() } + override Instruction getInitializationResult() { result = this.getInitialization().getResult() } } /** @@ -379,12 +379,12 @@ private class TranslatedMoveNextEnumAcc extends TTranslatedCompilerGeneratedElem override predicate hasTempVariable(TempVariableTag tag, CSharpType type) { tag = ForeachEnumTempVar() and - type = getTypeForPRValue(getVariableType()) + type = getTypeForPRValue(this.getVariableType()) } override IRVariable getInstructionVariable(InstructionTag tag) { tag = AddressTag() and - result = getTempVariable(ForeachEnumTempVar()) + result = this.getTempVariable(ForeachEnumTempVar()) } override predicate needsLoad() { any() } @@ -412,12 +412,12 @@ private class TranslatedForeachCurrentEnumAcc extends TTranslatedCompilerGenerat override predicate hasTempVariable(TempVariableTag tag, CSharpType type) { tag = ForeachEnumTempVar() and - type = getTypeForPRValue(getVariableType()) + type = getTypeForPRValue(this.getVariableType()) } override IRVariable getInstructionVariable(InstructionTag tag) { tag = AddressTag() and - result = getTempVariable(ForeachEnumTempVar()) + result = this.getTempVariable(ForeachEnumTempVar()) } override predicate needsLoad() { any() } @@ -445,12 +445,12 @@ private class TranslatedForeachDisposeEnumAcc extends TTranslatedCompilerGenerat override predicate hasTempVariable(TempVariableTag tag, CSharpType type) { tag = ForeachEnumTempVar() and - type = getTypeForPRValue(getVariableType()) + type = getTypeForPRValue(this.getVariableType()) } override IRVariable getInstructionVariable(InstructionTag tag) { tag = AddressTag() and - result = getTempVariable(ForeachEnumTempVar()) + result = this.getTempVariable(ForeachEnumTempVar()) } override predicate needsLoad() { any() } diff --git a/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/Lock.qll b/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/Lock.qll index 484d11205cd..d0d522718a6 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/Lock.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/Lock.qll @@ -208,7 +208,7 @@ private class TranslatedIfCondition extends TranslatedCompilerGeneratedValueCond ) } - override Instruction valueExprResult() { result = getValueExpr().getResult() } + override Instruction valueExprResult() { result = this.getValueExpr().getResult() } } /** @@ -254,7 +254,7 @@ private class TranslatedWasTakenConst extends TranslatedCompilerGeneratedConstan result = "false" } - override Instruction getResult() { result = getInstruction(OnlyInstructionTag()) } + override Instruction getResult() { result = this.getInstruction(OnlyInstructionTag()) } override Type getResultType() { result instanceof BoolType } } @@ -285,9 +285,9 @@ private class TranslatedLockWasTakenDecl extends TranslatedCompilerGeneratedDecl ) } - override Type getVarType() { result = getInitialization().getResultType() } + override Type getVarType() { result = this.getInitialization().getResultType() } - override Instruction getInitializationResult() { result = getInitialization().getResult() } + override Instruction getInitializationResult() { result = this.getInitialization().getResult() } } /** @@ -316,7 +316,7 @@ private class TranslatedLockedVarDecl extends TranslatedCompilerGeneratedDeclara override Type getVarType() { result = generatedBy.getExpr().getType() } - override Instruction getInitializationResult() { result = getInitialization().getResult() } + override Instruction getInitializationResult() { result = this.getInitialization().getResult() } } /** @@ -335,12 +335,12 @@ private class TranslatedMonitorEnterVarAcc extends TTranslatedCompilerGeneratedE override predicate hasTempVariable(TempVariableTag tag, CSharpType type) { tag = LockedVarTemp() and - type = getTypeForPRValue(getResultType()) + type = getTypeForPRValue(this.getResultType()) } override IRVariable getInstructionVariable(InstructionTag tag) { tag = AddressTag() and - result = getTempVariable(LockedVarTemp()) + result = this.getTempVariable(LockedVarTemp()) } override predicate needsLoad() { any() } @@ -362,12 +362,12 @@ private class TranslatedMonitorExitVarAcc extends TTranslatedCompilerGeneratedEl override IRVariable getInstructionVariable(InstructionTag tag) { tag = AddressTag() and - result = getTempVariable(LockedVarTemp()) + result = this.getTempVariable(LockedVarTemp()) } override predicate hasTempVariable(TempVariableTag tag, CSharpType type) { tag = LockedVarTemp() and - type = getTypeForPRValue(getResultType()) + type = getTypeForPRValue(this.getResultType()) } override predicate needsLoad() { any() } @@ -388,12 +388,12 @@ private class TranslatedLockWasTakenCondVarAcc extends TTranslatedCompilerGenera override predicate hasTempVariable(TempVariableTag tag, CSharpType type) { tag = LockWasTakenTemp() and - type = getTypeForPRValue(getResultType()) + type = getTypeForPRValue(this.getResultType()) } override IRVariable getInstructionVariable(InstructionTag tag) { tag = AddressTag() and - result = getTempVariable(LockWasTakenTemp()) + result = this.getTempVariable(LockWasTakenTemp()) } override predicate needsLoad() { any() } @@ -414,12 +414,12 @@ private class TranslatedLockWasTakenRefArg extends TTranslatedCompilerGeneratedE override predicate hasTempVariable(TempVariableTag tag, CSharpType type) { tag = LockWasTakenTemp() and - type = getTypeForPRValue(getResultType()) + type = getTypeForPRValue(this.getResultType()) } override IRVariable getInstructionVariable(InstructionTag tag) { tag = AddressTag() and - result = getTempVariable(LockWasTakenTemp()) + result = this.getTempVariable(LockWasTakenTemp()) } override predicate needsLoad() { none() } diff --git a/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/internal/TranslatedCompilerGeneratedDeclaration.qll b/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/internal/TranslatedCompilerGeneratedDeclaration.qll index ead9a38fc5e..2a3ace143c8 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/internal/TranslatedCompilerGeneratedDeclaration.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/internal/TranslatedCompilerGeneratedDeclaration.qll @@ -23,7 +23,7 @@ abstract class TranslatedCompilerGeneratedDeclaration extends LocalVariableDecla } override Instruction getChildSuccessor(TranslatedElement child) { - child = getInitialization() and result = getInstruction(InitializerStoreTag()) + child = this.getInitialization() and result = this.getInstruction(InitializerStoreTag()) } override predicate hasInstruction(Opcode opcode, InstructionTag tag, CSharpType resultType) { @@ -34,14 +34,14 @@ abstract class TranslatedCompilerGeneratedDeclaration extends LocalVariableDecla // do not have the `Uninitialized` instruction tag = InitializerStoreTag() and opcode instanceof Opcode::Store and - resultType = getTypeForPRValue(getVarType()) + resultType = getTypeForPRValue(this.getVarType()) } override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) { result = LocalVariableDeclarationBase.super.getInstructionSuccessor(tag, kind) or tag = InitializerStoreTag() and - result = getParent().getChildSuccessor(this) and + result = this.getParent().getChildSuccessor(this) and kind instanceof GotoEdge } @@ -51,23 +51,23 @@ abstract class TranslatedCompilerGeneratedDeclaration extends LocalVariableDecla tag = InitializerStoreTag() and ( operandTag instanceof AddressOperandTag and - result = getInstruction(InitializerVariableAddressTag()) + result = this.getInstruction(InitializerVariableAddressTag()) or operandTag instanceof StoreValueOperandTag and - result = getInitializationResult() + result = this.getInitializationResult() ) } override IRVariable getInstructionVariable(InstructionTag tag) { tag = InitializerVariableAddressTag() and - result = getIRVariable() + result = this.getIRVariable() } // A compiler generated declaration does not have an associated `LocalVariable` // element override LocalVariable getDeclVar() { none() } - override Type getVarType() { result = getIRVariable().getType() } + override Type getVarType() { result = this.getIRVariable().getType() } /** * Gets the IR variable that corresponds to the declaration. diff --git a/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/internal/TranslatedCompilerGeneratedElement.qll b/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/internal/TranslatedCompilerGeneratedElement.qll index 7008187520c..30440235443 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/internal/TranslatedCompilerGeneratedElement.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/internal/TranslatedCompilerGeneratedElement.qll @@ -22,5 +22,5 @@ abstract class TranslatedCompilerGeneratedElement extends TranslatedElement, final override Language::AST getAst() { result = generatedBy } /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = getAst() } + deprecated override Language::AST getAST() { result = this.getAst() } } diff --git a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRFunction.qll b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRFunction.qll index 5968e58f90b..354ba41e3d1 100644 --- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRFunction.qll +++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRFunction.qll @@ -45,7 +45,9 @@ class IRFunction extends IRFunctionBase { * Gets the block containing the entry point of this function. */ pragma[noinline] - final IRBlock getEntryBlock() { result.getFirstInstruction() = getEnterFunctionInstruction() } + final IRBlock getEntryBlock() { + result.getFirstInstruction() = this.getEnterFunctionInstruction() + } /** * Gets all instructions in this function. diff --git a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRVariable.qll b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRVariable.qll index c92082d767d..b31c7898ba7 100644 --- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRVariable.qll +++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRVariable.qll @@ -39,12 +39,12 @@ class IRVariable extends TIRVariable { /** * Gets the type of the variable. */ - final Language::Type getType() { getLanguageType().hasType(result, false) } + final Language::Type getType() { this.getLanguageType().hasType(result, false) } /** * Gets the language-neutral type of the variable. */ - final IRType getIRType() { result = getLanguageType().getIRType() } + final IRType getIRType() { result = this.getLanguageType().getIRType() } /** * Gets the type of the variable. @@ -58,7 +58,7 @@ class IRVariable extends TIRVariable { Language::AST getAst() { none() } /** DEPRECATED: Alias for getAst */ - deprecated Language::AST getAST() { result = getAst() } + deprecated Language::AST getAST() { result = this.getAst() } /** * Gets an identifier string for the variable. This identifier is unique @@ -69,7 +69,7 @@ class IRVariable extends TIRVariable { /** * Gets the source location of this variable. */ - final Language::Location getLocation() { result = getAst().getLocation() } + final Language::Location getLocation() { result = this.getAst().getLocation() } /** * Gets the IR for the function that references this variable. @@ -91,15 +91,15 @@ class IRUserVariable extends IRVariable, TIRUserVariable { IRUserVariable() { this = TIRUserVariable(var, type, func) } - final override string toString() { result = getVariable().toString() } + final override string toString() { result = this.getVariable().toString() } final override Language::AST getAst() { result = var } /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = getAst() } + deprecated override Language::AST getAST() { result = this.getAst() } final override string getUniqueId() { - result = getVariable().toString() + " " + getVariable().getLocation().toString() + result = this.getVariable().toString() + " " + this.getVariable().getLocation().toString() } final override Language::LanguageType getLanguageType() { result = type } @@ -166,9 +166,9 @@ class IRGeneratedVariable extends IRVariable { final override Language::AST getAst() { result = ast } /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = getAst() } + deprecated override Language::AST getAST() { result = this.getAst() } - override string toString() { result = getBaseString() + getLocationString() } + override string toString() { result = this.getBaseString() + this.getLocationString() } override string getUniqueId() { none() } @@ -272,7 +272,7 @@ class IRStringLiteral extends IRGeneratedVariable, TIRStringLiteral { final override predicate isReadOnly() { any() } final override string getUniqueId() { - result = "String: " + getLocationString() + "=" + Language::getStringLiteralText(literal) + result = "String: " + this.getLocationString() + "=" + Language::getStringLiteralText(literal) } final override string getBaseString() { result = "#string" } @@ -303,7 +303,8 @@ class IRDynamicInitializationFlag extends IRGeneratedVariable, TIRDynamicInitial final Language::Variable getVariable() { result = var } final override string getUniqueId() { - result = "Init: " + getVariable().toString() + " " + getVariable().getLocation().toString() + result = + "Init: " + this.getVariable().toString() + " " + this.getVariable().getLocation().toString() } final override string getBaseString() { result = "#init:" + var.toString() + ":" } @@ -332,5 +333,5 @@ class IRParameter extends IRAutomaticVariable { * An IR variable representing a positional parameter. */ class IRPositionalParameter extends IRParameter, IRAutomaticUserVariable { - final override int getIndex() { result = getVariable().(Language::Parameter).getIndex() } + final override int getIndex() { result = this.getVariable().(Language::Parameter).getIndex() } } diff --git a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/PrintIR.qll b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/PrintIR.qll index aae12b0047a..2ababa6199a 100644 --- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/PrintIR.qll +++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/PrintIR.qll @@ -127,13 +127,13 @@ abstract private class PrintableIRNode extends TPrintableIRNode { * Gets the value of the node property with the specified key. */ string getProperty(string key) { - key = "semmle.label" and result = getLabel() + key = "semmle.label" and result = this.getLabel() or - key = "semmle.order" and result = getOrder().toString() + key = "semmle.order" and result = this.getOrder().toString() or - key = "semmle.graphKind" and result = getGraphKind() + key = "semmle.graphKind" and result = this.getGraphKind() or - key = "semmle.forceText" and forceText() and result = "true" + key = "semmle.forceText" and this.forceText() and result = "true" } } @@ -178,7 +178,7 @@ private class PrintableIRBlock extends PrintableIRNode, TPrintableIRBlock { PrintableIRBlock() { this = TPrintableIRBlock(block) } - override string toString() { result = getLabel() } + override string toString() { result = this.getLabel() } override Language::Location getLocation() { result = block.getLocation() } @@ -223,7 +223,7 @@ private class PrintableInstruction extends PrintableIRNode, TPrintableInstructio | resultString = instr.getResultString() and operationString = instr.getOperationString() and - operandsString = getOperandsString() and + operandsString = this.getOperandsString() and columnWidths(block, resultWidth, operationWidth) and result = resultString + getPaddingString(resultWidth - resultString.length()) + " = " + diff --git a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll index ca3c378cd7e..2a46e16c52f 100644 --- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll +++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll @@ -7,17 +7,19 @@ private import internal.ValueNumberingImports class ValueNumber extends TValueNumber { final string toString() { result = "GVN" } - final string getDebugString() { result = strictconcat(getAnInstruction().getResultId(), ", ") } + final string getDebugString() { + result = strictconcat(this.getAnInstruction().getResultId(), ", ") + } final Language::Location getLocation() { if exists(Instruction i | - i = getAnInstruction() and not i.getLocation() instanceof Language::UnknownLocation + i = this.getAnInstruction() and not i.getLocation() instanceof Language::UnknownLocation ) then result = min(Language::Location l | - l = getAnInstruction().getLocation() and not l instanceof Language::UnknownLocation + l = this.getAnInstruction().getLocation() and not l instanceof Language::UnknownLocation | l order by @@ -40,7 +42,7 @@ class ValueNumber extends TValueNumber { final Instruction getExampleInstruction() { result = min(Instruction instr | - instr = getAnInstruction() + instr = this.getAnInstruction() | instr order by instr.getBlock().getDisplayIndex(), instr.getDisplayIndexInBlock() ) diff --git a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/AliasConfiguration.qll b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/AliasConfiguration.qll index dbdd3c14c85..110e673e1d2 100644 --- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/AliasConfiguration.qll +++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/AliasConfiguration.qll @@ -7,7 +7,7 @@ private import AliasConfigurationImports class Allocation extends IRAutomaticVariable { VariableAddressInstruction getABaseInstruction() { result.getIRVariable() = this } - final string getAllocationString() { result = toString() } + final string getAllocationString() { result = this.toString() } predicate alwaysEscapes() { // An automatic variable only escapes if its address is taken and escapes. diff --git a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll index ec2e6f5ef34..f5b0b3af930 100644 --- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll +++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll @@ -75,7 +75,7 @@ class MemoryLocation extends TMemoryLocation { final predicate canReuseSsa() { canReuseSsaForVariable(var) } /** DEPRECATED: Alias for canReuseSsa */ - deprecated predicate canReuseSSA() { canReuseSsa() } + deprecated predicate canReuseSSA() { this.canReuseSsa() } } predicate canReuseSsaForOldResult(Instruction instr) { none() } From 3041fdebbaab6ae7abd6669fa94002ddc268f89c Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Tue, 9 May 2023 11:25:54 +0200 Subject: [PATCH 186/870] C#: Make implicit this receivers explicit --- csharp/ql/lib/Linq/Helpers.qll | 10 ++-- csharp/ql/lib/semmle/code/cil/Handler.qll | 10 ++-- csharp/ql/lib/semmle/code/csharp/Comments.qll | 58 +++++++++---------- .../code/csharp/commons/Compilation.qll | 24 ++++---- .../csharp/commons/StructuralComparison.qll | 4 +- .../code/csharp/dispatch/RuntimeCallable.qll | 6 +- .../code/csharp/exprs/ComparisonOperation.qll | 16 ++--- .../EncryptionKeyDataFlowQuery.qll | 8 +-- .../Comments/CommentedOutCode.ql | 4 +- csharp/ql/src/Dead Code/DeadRefTypes.ql | 2 +- .../Language Abuse/MissedUsingOpportunity.ql | 4 +- .../Collections/ContainerSizeCmpZero.ql | 2 +- .../DangerousNonShortCircuitLogic.ql | 6 +- .../src/Likely Bugs/Dynamic/BadDynamicCall.ql | 24 ++++---- csharp/ql/src/Likely Bugs/ObjectComparison.ql | 18 +++--- .../Likely Bugs/PossibleLossOfPrecision.ql | 2 +- .../src/Likely Bugs/Statements/UseBraces.ql | 16 ++--- .../MissingAntiForgeryTokenValidation.ql | 2 +- .../dataflow/flowsources/AuthCookie.qll | 2 +- .../experimental/ir/internal/CSharpType.qll | 6 +- .../experimental/ir/rangeanalysis/Bound.qll | 2 +- .../ir/rangeanalysis/RangeAnalysis.qll | 14 ++--- .../library-tests/assemblies/assemblies.ql | 4 +- 23 files changed, 125 insertions(+), 119 deletions(-) diff --git a/csharp/ql/lib/Linq/Helpers.qll b/csharp/ql/lib/Linq/Helpers.qll index f2368b69242..a628c717277 100644 --- a/csharp/ql/lib/Linq/Helpers.qll +++ b/csharp/ql/lib/Linq/Helpers.qll @@ -128,7 +128,7 @@ predicate missedWhereOpportunity(ForeachStmt fes, IfStmt is) { class AnyCall extends MethodCall { AnyCall() { exists(Method m | - m = getTarget().getUnboundDeclaration() and + m = this.getTarget().getUnboundDeclaration() and isEnumerableType(m.getDeclaringType()) and m.hasName("Any<>") ) @@ -139,7 +139,7 @@ class AnyCall extends MethodCall { class CountCall extends MethodCall { CountCall() { exists(Method m | - m = getTarget().getUnboundDeclaration() and + m = this.getTarget().getUnboundDeclaration() and isEnumerableType(m.getDeclaringType()) and m.hasName("Count<>") ) @@ -148,19 +148,19 @@ class CountCall extends MethodCall { /** A variable of type IEnumerable<T>, for some T. */ class IEnumerableSequence extends Variable { - IEnumerableSequence() { isIEnumerableType(getType()) } + IEnumerableSequence() { isIEnumerableType(this.getType()) } } /** A LINQ Select(...) call. */ class SelectCall extends ExtensionMethodCall { SelectCall() { exists(Method m | - m = getTarget().getUnboundDeclaration() and + m = this.getTarget().getUnboundDeclaration() and isEnumerableType(m.getDeclaringType()) and m.hasName("Select<,>") ) } /** Gets the anonymous function expression supplied as the argument to the Select (if possible). */ - AnonymousFunctionExpr getFunctionExpr() { result = getArgument(1) } + AnonymousFunctionExpr getFunctionExpr() { result = this.getArgument(1) } } diff --git a/csharp/ql/lib/semmle/code/cil/Handler.qll b/csharp/ql/lib/semmle/code/cil/Handler.qll index da90fe872db..f0661ccf35e 100644 --- a/csharp/ql/lib/semmle/code/cil/Handler.qll +++ b/csharp/ql/lib/semmle/code/cil/Handler.qll @@ -38,21 +38,21 @@ class Handler extends Element, EntryPoint, @cil_handler { * Holds if the instruction `i` is in the scope of this handler. */ predicate isInScope(Instruction i) { - i.getImplementation() = getImplementation() and - i.getIndex() in [getTryStart().getIndex() .. getTryEnd().getIndex()] + i.getImplementation() = this.getImplementation() and + i.getIndex() in [this.getTryStart().getIndex() .. this.getTryEnd().getIndex()] } override string toString() { none() } override Instruction getASuccessorType(FlowType t) { - result = getHandlerStart() and + result = this.getHandlerStart() and t instanceof NormalFlow } /** Gets the type of the caught exception, if any. */ Type getCaughtType() { cil_handler_type(this, result) } - override Location getLocation() { result = getTryStart().getLocation() } + override Location getLocation() { result = this.getTryStart().getLocation() } } /** A handler corresponding to a `finally` block. */ @@ -72,7 +72,7 @@ class FilterHandler extends Handler, @cil_filter_handler { /** A handler corresponding to a `catch` clause. */ class CatchHandler extends Handler, @cil_catch_handler { - override string toString() { result = "catch(" + getCaughtType().getName() + ") {...}" } + override string toString() { result = "catch(" + this.getCaughtType().getName() + ") {...}" } override int getPushCount() { result = 1 } } diff --git a/csharp/ql/lib/semmle/code/csharp/Comments.qll b/csharp/ql/lib/semmle/code/csharp/Comments.qll index e4070ec48ca..101e002fe50 100644 --- a/csharp/ql/lib/semmle/code/csharp/Comments.qll +++ b/csharp/ql/lib/semmle/code/csharp/Comments.qll @@ -70,28 +70,28 @@ class XmlCommentLine extends CommentLine, @xmldoccomment { override string toString() { result = "/// ..." } private string xmlAttributeRegex() { - result = "(" + xmlIdentifierRegex() + ")(?:\\s*=\\s*[\"']([^\"']*)[\"'])" + result = "(" + this.xmlIdentifierRegex() + ")(?:\\s*=\\s*[\"']([^\"']*)[\"'])" } private string xmlIdentifierRegex() { result = "\\w+" } - private string xmlTagOpenRegex() { result = "<\\s*" + xmlIdentifierRegex() } + private string xmlTagOpenRegex() { result = "<\\s*" + this.xmlIdentifierRegex() } private string xmlTagIntroRegex() { - result = xmlTagOpenRegex() + "(?:\\s*" + xmlAttributeRegex() + ")*" + result = this.xmlTagOpenRegex() + "(?:\\s*" + this.xmlAttributeRegex() + ")*" } - private string xmlTagCloseRegex() { result = "" } + private string xmlTagCloseRegex() { result = "" } /** Gets the text inside the XML element at character offset `offset`. */ private string getElement(int offset) { - result = getText().regexpFind(xmlTagIntroRegex(), _, offset) + result = this.getText().regexpFind(this.xmlTagIntroRegex(), _, offset) } /** Gets the name of the opening tag at offset `offset`. */ string getOpenTag(int offset) { exists(int offset1, int offset2 | - result = getElement(offset1).regexpFind(xmlIdentifierRegex(), 0, offset2) and + result = this.getElement(offset1).regexpFind(this.xmlIdentifierRegex(), 0, offset2) and offset = offset1 + offset2 ) } @@ -100,9 +100,9 @@ class XmlCommentLine extends CommentLine, @xmldoccomment { string getCloseTag(int offset) { exists(int offset1, int offset2 | result = - getText() - .regexpFind(xmlTagCloseRegex(), _, offset1) - .regexpFind(xmlIdentifierRegex(), 0, offset2) and + this.getText() + .regexpFind(this.xmlTagCloseRegex(), _, offset1) + .regexpFind(this.xmlIdentifierRegex(), 0, offset2) and offset = offset1 + offset2 ) } @@ -112,14 +112,14 @@ class XmlCommentLine extends CommentLine, @xmldoccomment { exists(int offset1, int offset2 | ( result = - getText() - .regexpFind(xmlTagIntroRegex() + "\\s*/>", _, offset1) - .regexpFind(xmlIdentifierRegex(), 0, offset2) or + this.getText() + .regexpFind(this.xmlTagIntroRegex() + "\\s*/>", _, offset1) + .regexpFind(this.xmlIdentifierRegex(), 0, offset2) or result = - getText() - .regexpFind(xmlTagIntroRegex() + "\\s*>\\s*", _, - offset1) - .regexpFind(xmlIdentifierRegex(), 0, offset2) + this.getText() + .regexpFind(this.xmlTagIntroRegex() + "\\s*>\\s*", _, offset1) + .regexpFind(this.xmlIdentifierRegex(), 0, offset2) ) and offset = offset1 + offset2 ) @@ -130,18 +130,18 @@ class XmlCommentLine extends CommentLine, @xmldoccomment { * for a given XML attribute name `key` and element offset `offset`. */ string getAttribute(string element, string key, int offset) { - exists(int offset1, int offset2, string elt, string pair | elt = getElement(offset1) | - element = elt.regexpFind(xmlIdentifierRegex(), 0, offset2) and + exists(int offset1, int offset2, string elt, string pair | elt = this.getElement(offset1) | + element = elt.regexpFind(this.xmlIdentifierRegex(), 0, offset2) and offset = offset1 + offset2 and - pair = elt.regexpFind(xmlAttributeRegex(), _, _) and - key = pair.regexpCapture(xmlAttributeRegex(), 1) and - result = pair.regexpCapture(xmlAttributeRegex(), 2) + pair = elt.regexpFind(this.xmlAttributeRegex(), _, _) and + key = pair.regexpCapture(this.xmlAttributeRegex(), 1) and + result = pair.regexpCapture(this.xmlAttributeRegex(), 2) ) } /** Holds if the XML element at the given offset is not empty. */ predicate hasBody(string element, int offset) { - element = getOpenTag(offset) and not element = getEmptyTag(offset) + element = this.getOpenTag(offset) and not element = this.getEmptyTag(offset) } } @@ -156,13 +156,13 @@ class XmlCommentLine extends CommentLine, @xmldoccomment { */ class CommentBlock extends @commentblock { /** Gets a textual representation of this comment block. */ - string toString() { result = getChild(0).toString() } + string toString() { result = this.getChild(0).toString() } /** Gets the location of this comment block */ Location getLocation() { commentblock_location(this, result) } /** Gets the number of lines in this comment block. */ - int getNumLines() { result = count(getAChild()) } + int getNumLines() { result = count(this.getAChild()) } /** Gets the `c`th child of this comment block (numbered from 0). */ CommentLine getChild(int c) { commentblock_child(this, result, c) } @@ -189,23 +189,23 @@ class CommentBlock extends @commentblock { Element getAnElement() { commentblock_binding(this, result, _) } /** Gets a line of text in this comment block. */ - string getALine() { result = getAChild().getText() } + string getALine() { result = this.getAChild().getText() } /** Holds if the comment has no associated `Element`. */ - predicate isOrphan() { not exists(getElement()) } + predicate isOrphan() { not exists(this.getElement()) } /** Holds if this block consists entirely of XML comments. */ predicate isXmlCommentBlock() { - forall(CommentLine l | l = getAChild() | l instanceof XmlCommentLine) + forall(CommentLine l | l = this.getAChild() | l instanceof XmlCommentLine) } /** Gets a `CommentLine` containing text. */ - CommentLine getANonEmptyLine() { result = getAChild() and result.getText().length() != 0 } + CommentLine getANonEmptyLine() { result = this.getAChild() and result.getText().length() != 0 } /** Gets a `CommentLine` that might contain code. */ CommentLine getAProbableCodeLine() { // Logic taken verbatim from Java query CommentedCode.qll - result = getAChild() and + result = this.getAChild() and exists(string trimmed | trimmed = result.getText().regexpReplaceAll("\\s*//.*$", "") | trimmed.matches("%;") or trimmed.matches("%{") or trimmed.matches("%}") ) diff --git a/csharp/ql/lib/semmle/code/csharp/commons/Compilation.qll b/csharp/ql/lib/semmle/code/csharp/commons/Compilation.qll index 6af0af0e8a9..a8eaad13b80 100644 --- a/csharp/ql/lib/semmle/code/csharp/commons/Compilation.qll +++ b/csharp/ql/lib/semmle/code/csharp/commons/Compilation.qll @@ -13,25 +13,27 @@ class Compilation extends @compilation { Assembly getOutputAssembly() { compilation_assembly(this, result) } /** Gets the folder in which this compilation was run. */ - Folder getFolder() { result.getAbsolutePath() = getDirectoryString() } + Folder getFolder() { result.getAbsolutePath() = this.getDirectoryString() } /** Gets the `i`th command line argument. */ string getArgument(int i) { compilation_args(this, i, result) } /** Gets the arguments as a concatenated string. */ - string getArguments() { result = concat(int i | exists(getArgument(i)) | getArgument(i), " ") } + string getArguments() { + result = concat(int i | exists(this.getArgument(i)) | this.getArgument(i), " ") + } /** Gets the 'i'th source file in this compilation. */ File getFileCompiled(int i) { compilation_compiling_files(this, i, result) } /** Gets a source file compiled in this compilation. */ - File getAFileCompiled() { result = getFileCompiled(_) } + File getAFileCompiled() { result = this.getFileCompiled(_) } /** Gets the `i`th reference in this compilation. */ File getReference(int i) { compilation_referencing_files(this, i, result) } /** Gets a reference in this compilation. */ - File getAReference() { result = getReference(_) } + File getAReference() { result = this.getReference(_) } /** Gets a diagnostic associated with this compilation. */ Diagnostic getADiagnostic() { result.getCompilation() = this } @@ -40,25 +42,25 @@ class Compilation extends @compilation { float getMetric(int metric) { compilation_time(this, -1, metric, result) } /** Gets the CPU time of the compilation. */ - float getFrontendCpuSeconds() { result = getMetric(0) } + float getFrontendCpuSeconds() { result = this.getMetric(0) } /** Gets the elapsed time of the compilation. */ - float getFrontendElapsedSeconds() { result = getMetric(1) } + float getFrontendElapsedSeconds() { result = this.getMetric(1) } /** Gets the CPU time of the extraction. */ - float getExtractorCpuSeconds() { result = getMetric(2) } + float getExtractorCpuSeconds() { result = this.getMetric(2) } /** Gets the elapsed time of the extraction. */ - float getExtractorElapsedSeconds() { result = getMetric(3) } + float getExtractorElapsedSeconds() { result = this.getMetric(3) } /** Gets the user CPU time of the compilation. */ - float getFrontendUserCpuSeconds() { result = getMetric(4) } + float getFrontendUserCpuSeconds() { result = this.getMetric(4) } /** Gets the user CPU time of the extraction. */ - float getExtractorUserCpuSeconds() { result = getMetric(5) } + float getExtractorUserCpuSeconds() { result = this.getMetric(5) } /** Gets the peak working set of the extractor process in MB. */ - float getPeakWorkingSetMB() { result = getMetric(6) } + float getPeakWorkingSetMB() { result = this.getMetric(6) } /** Gets the CPU seconds for the entire extractor process. */ float getCpuSeconds() { compilation_finished(this, result, _) } diff --git a/csharp/ql/lib/semmle/code/csharp/commons/StructuralComparison.qll b/csharp/ql/lib/semmle/code/csharp/commons/StructuralComparison.qll index 60d7bacf4d4..21102edb755 100644 --- a/csharp/ql/lib/semmle/code/csharp/commons/StructuralComparison.qll +++ b/csharp/ql/lib/semmle/code/csharp/commons/StructuralComparison.qll @@ -238,5 +238,7 @@ abstract deprecated class StructuralComparisonConfiguration extends string { * flagged as candidates for structural equality, that is, * `candidate(x, y)` must hold. */ - predicate same(ControlFlowElement x, ControlFlowElement y) { candidate(x, y) and sameGvn(x, y) } + predicate same(ControlFlowElement x, ControlFlowElement y) { + this.candidate(x, y) and sameGvn(x, y) + } } diff --git a/csharp/ql/lib/semmle/code/csharp/dispatch/RuntimeCallable.qll b/csharp/ql/lib/semmle/code/csharp/dispatch/RuntimeCallable.qll index bb279fcb4fb..2e62d94a4ab 100644 --- a/csharp/ql/lib/semmle/code/csharp/dispatch/RuntimeCallable.qll +++ b/csharp/ql/lib/semmle/code/csharp/dispatch/RuntimeCallable.qll @@ -16,7 +16,7 @@ class RuntimeCallable extends DotNet::Callable { RuntimeCallable() { not this.(Modifiable).isAbstract() and ( - not getDeclaringType() instanceof Interface or + not this.getDeclaringType() instanceof Interface or this.(Virtualizable).isVirtual() ) } @@ -35,7 +35,7 @@ class RuntimeMethod extends RuntimeCallable { /** A run-time instance method. */ class RuntimeInstanceMethod extends RuntimeMethod { - RuntimeInstanceMethod() { not isStatic() } + RuntimeInstanceMethod() { not this.isStatic() } } /** A run-time operator. */ @@ -46,5 +46,5 @@ class RuntimeAccessor extends Accessor, RuntimeCallable { } /** A run-time instance accessor. */ class RuntimeInstanceAccessor extends RuntimeAccessor { - RuntimeInstanceAccessor() { not isStatic() } + RuntimeInstanceAccessor() { not this.isStatic() } } diff --git a/csharp/ql/lib/semmle/code/csharp/exprs/ComparisonOperation.qll b/csharp/ql/lib/semmle/code/csharp/exprs/ComparisonOperation.qll index 8b94ef5b4d7..937b4d6e9be 100644 --- a/csharp/ql/lib/semmle/code/csharp/exprs/ComparisonOperation.qll +++ b/csharp/ql/lib/semmle/code/csharp/exprs/ComparisonOperation.qll @@ -68,9 +68,9 @@ class RelationalOperation extends ComparisonOperation, @rel_op_expr { class GTExpr extends RelationalOperation, @gt_expr { override string getOperator() { result = ">" } - override Expr getGreaterOperand() { result = getLeftOperand() } + override Expr getGreaterOperand() { result = this.getLeftOperand() } - override Expr getLesserOperand() { result = getRightOperand() } + override Expr getLesserOperand() { result = this.getRightOperand() } override string getAPrimaryQlClass() { result = "GTExpr" } } @@ -81,9 +81,9 @@ class GTExpr extends RelationalOperation, @gt_expr { class LTExpr extends RelationalOperation, @lt_expr { override string getOperator() { result = "<" } - override Expr getGreaterOperand() { result = getRightOperand() } + override Expr getGreaterOperand() { result = this.getRightOperand() } - override Expr getLesserOperand() { result = getLeftOperand() } + override Expr getLesserOperand() { result = this.getLeftOperand() } override string getAPrimaryQlClass() { result = "LTExpr" } } @@ -94,9 +94,9 @@ class LTExpr extends RelationalOperation, @lt_expr { class GEExpr extends RelationalOperation, @ge_expr { override string getOperator() { result = ">=" } - override Expr getGreaterOperand() { result = getLeftOperand() } + override Expr getGreaterOperand() { result = this.getLeftOperand() } - override Expr getLesserOperand() { result = getRightOperand() } + override Expr getLesserOperand() { result = this.getRightOperand() } override string getAPrimaryQlClass() { result = "GEExpr" } } @@ -107,9 +107,9 @@ class GEExpr extends RelationalOperation, @ge_expr { class LEExpr extends RelationalOperation, @le_expr { override string getOperator() { result = "<=" } - override Expr getGreaterOperand() { result = getRightOperand() } + override Expr getGreaterOperand() { result = this.getRightOperand() } - override Expr getLesserOperand() { result = getLeftOperand() } + override Expr getLesserOperand() { result = this.getLeftOperand() } override string getAPrimaryQlClass() { result = "LEExpr" } } diff --git a/csharp/ql/lib/semmle/code/csharp/security/cryptography/EncryptionKeyDataFlowQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/cryptography/EncryptionKeyDataFlowQuery.qll index 0509066fbbc..06c46854f5b 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/cryptography/EncryptionKeyDataFlowQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/cryptography/EncryptionKeyDataFlowQuery.qll @@ -7,7 +7,7 @@ private import semmle.code.csharp.frameworks.system.security.cryptography.Symmet /** Array of type Byte */ deprecated class ByteArray extends ArrayType { - ByteArray() { getElementType() instanceof ByteType } + ByteArray() { this.getElementType() instanceof ByteType } } /** Abstract class for all sources of keys */ @@ -31,7 +31,7 @@ abstract class KeySanitizer extends DataFlow::ExprNode { } */ class SymmetricEncryptionKeyPropertySink extends SymmetricEncryptionKeySink { SymmetricEncryptionKeyPropertySink() { - exists(SymmetricAlgorithm ag | asExpr() = ag.getKeyProperty().getAnAssignedValue()) + exists(SymmetricAlgorithm ag | this.asExpr() = ag.getKeyProperty().getAnAssignedValue()) } override string getDescription() { result = "Key property assignment" } @@ -43,7 +43,7 @@ class SymmetricEncryptionKeyPropertySink extends SymmetricEncryptionKeySink { class SymmetricEncryptionCreateEncryptorSink extends SymmetricEncryptionKeySink { SymmetricEncryptionCreateEncryptorSink() { exists(SymmetricAlgorithm ag, MethodCall mc | mc = ag.getASymmetricEncryptor() | - asExpr() = mc.getArgumentForName("rgbKey") + this.asExpr() = mc.getArgumentForName("rgbKey") ) } @@ -56,7 +56,7 @@ class SymmetricEncryptionCreateEncryptorSink extends SymmetricEncryptionKeySink class SymmetricEncryptionCreateDecryptorSink extends SymmetricEncryptionKeySink { SymmetricEncryptionCreateDecryptorSink() { exists(SymmetricAlgorithm ag, MethodCall mc | mc = ag.getASymmetricDecryptor() | - asExpr() = mc.getArgumentForName("rgbKey") + this.asExpr() = mc.getArgumentForName("rgbKey") ) } diff --git a/csharp/ql/src/Bad Practices/Comments/CommentedOutCode.ql b/csharp/ql/src/Bad Practices/Comments/CommentedOutCode.ql index fd2954ae4d8..c079cc16a2a 100644 --- a/csharp/ql/src/Bad Practices/Comments/CommentedOutCode.ql +++ b/csharp/ql/src/Bad Practices/Comments/CommentedOutCode.ql @@ -14,8 +14,8 @@ import csharp class CommentedOutCode extends CommentBlock { CommentedOutCode() { - not isXmlCommentBlock() and - 2 * count(getAProbableCodeLine()) > count(getANonEmptyLine()) + not this.isXmlCommentBlock() and + 2 * count(this.getAProbableCodeLine()) > count(this.getANonEmptyLine()) } } diff --git a/csharp/ql/src/Dead Code/DeadRefTypes.ql b/csharp/ql/src/Dead Code/DeadRefTypes.ql index d881e715f48..b504db1abe3 100644 --- a/csharp/ql/src/Dead Code/DeadRefTypes.ql +++ b/csharp/ql/src/Dead Code/DeadRefTypes.ql @@ -22,7 +22,7 @@ predicate potentiallyUsedFromXaml(RefType t) { class ExportAttribute extends Attribute { ExportAttribute() { - getType().hasQualifiedName("System.ComponentModel.Composition", "ExportAttribute") + this.getType().hasQualifiedName("System.ComponentModel.Composition", "ExportAttribute") } } diff --git a/csharp/ql/src/Language Abuse/MissedUsingOpportunity.ql b/csharp/ql/src/Language Abuse/MissedUsingOpportunity.ql index 5fdcfb64eee..1e3534dee69 100644 --- a/csharp/ql/src/Language Abuse/MissedUsingOpportunity.ql +++ b/csharp/ql/src/Language Abuse/MissedUsingOpportunity.ql @@ -14,12 +14,12 @@ import semmle.code.csharp.frameworks.System /** A call to IDisposable.Dispose or a method that overrides it. */ class DisposeCall extends MethodCall { - DisposeCall() { getTarget() instanceof DisposeMethod } + DisposeCall() { this.getTarget() instanceof DisposeMethod } /** The object being disposed by the call (provided it can be easily determined). */ Variable getDisposee() { exists(VariableAccess va | - va = getQualifier().stripCasts() and + va = this.getQualifier().stripCasts() and result = va.getTarget() ) } diff --git a/csharp/ql/src/Likely Bugs/Collections/ContainerSizeCmpZero.ql b/csharp/ql/src/Likely Bugs/Collections/ContainerSizeCmpZero.ql index f281601a554..d2a27bee90c 100644 --- a/csharp/ql/src/Likely Bugs/Collections/ContainerSizeCmpZero.ql +++ b/csharp/ql/src/Likely Bugs/Collections/ContainerSizeCmpZero.ql @@ -38,7 +38,7 @@ private predicate containerSizeAccess(PropertyAccess pa, string containerKind) { } class ZeroLiteral extends Expr { - ZeroLiteral() { getValue() = "0" } + ZeroLiteral() { this.getValue() = "0" } } /** diff --git a/csharp/ql/src/Likely Bugs/DangerousNonShortCircuitLogic.ql b/csharp/ql/src/Likely Bugs/DangerousNonShortCircuitLogic.ql index a789aeab8d7..6091b0f79a3 100644 --- a/csharp/ql/src/Likely Bugs/DangerousNonShortCircuitLogic.ql +++ b/csharp/ql/src/Likely Bugs/DangerousNonShortCircuitLogic.ql @@ -41,9 +41,9 @@ class NonShortCircuit extends BinaryBitwiseOperation { this instanceof BitwiseOrExpr ) and not exists(AssignBitwiseOperation abo | abo.getExpandedAssignment().getRValue() = this) and - getLeftOperand().getType() instanceof BoolType and - getRightOperand().getType() instanceof BoolType and - getRightOperand() instanceof DangerousExpression + this.getLeftOperand().getType() instanceof BoolType and + this.getRightOperand().getType() instanceof BoolType and + this.getRightOperand() instanceof DangerousExpression } } diff --git a/csharp/ql/src/Likely Bugs/Dynamic/BadDynamicCall.ql b/csharp/ql/src/Likely Bugs/Dynamic/BadDynamicCall.ql index 00513778cc3..6044ebbbb5e 100644 --- a/csharp/ql/src/Likely Bugs/Dynamic/BadDynamicCall.ql +++ b/csharp/ql/src/Likely Bugs/Dynamic/BadDynamicCall.ql @@ -20,7 +20,7 @@ abstract class BadDynamicCall extends DynamicExpr { abstract AssignableRead getARelevantVariableAccess(int i); Type possibleBadTypeForRelevantSource(Variable v, int i, Expr source) { - exists(Type t | t = possibleTypeForRelevantSource(v, i, source) | + exists(Type t | t = this.possibleTypeForRelevantSource(v, i, source) | // If the source can have the type of an interface or an abstract class, // then all possible sub types are, in principle, possible t instanceof Interface and result.isImplicitlyConvertibleTo(t) @@ -37,7 +37,7 @@ abstract class BadDynamicCall extends DynamicExpr { private Type possibleTypeForRelevantSource(Variable v, int i, Expr source) { exists(AssignableRead read, Ssa::Definition ssaDef, Ssa::ExplicitDefinition ultimateSsaDef | - read = getARelevantVariableAccess(i) and + read = this.getARelevantVariableAccess(i) and v = read.getTarget() and result = source.getType() and read = ssaDef.getARead() and @@ -55,28 +55,30 @@ abstract class BadDynamicCall extends DynamicExpr { } class BadDynamicMethodCall extends BadDynamicCall, DynamicMethodCall { - override AssignableRead getARelevantVariableAccess(int i) { result = getQualifier() and i = -1 } + override AssignableRead getARelevantVariableAccess(int i) { + result = this.getQualifier() and i = -1 + } override predicate isBad(Variable v, ValueOrRefType pt, Expr pts, string message, string target) { - pt = possibleBadTypeForRelevantSource(v, -1, pts) and - not exists(Method m | m = getARuntimeTarget() | + pt = this.possibleBadTypeForRelevantSource(v, -1, pts) and + not exists(Method m | m = this.getARuntimeTarget() | pt.isImplicitlyConvertibleTo(m.getDeclaringType()) ) and message = "The $@ of this dynamic method invocation can obtain (from $@) type $@, which does not have a method '" - + getLateBoundTargetName() + "' with the appropriate signature." and + + this.getLateBoundTargetName() + "' with the appropriate signature." and target = "target" } } class BadDynamicOperatorCall extends BadDynamicCall, DynamicOperatorCall { - override AssignableRead getARelevantVariableAccess(int i) { result = getRuntimeArgument(i) } + override AssignableRead getARelevantVariableAccess(int i) { result = this.getRuntimeArgument(i) } override predicate isBad(Variable v, ValueOrRefType pt, Expr pts, string message, string target) { exists(int i | - pt = possibleBadTypeForRelevantSource(v, i, pts) and + pt = this.possibleBadTypeForRelevantSource(v, i, pts) and not pt.containsTypeParameters() and - not exists(Type paramType | paramType = getADynamicParameterType(_, i) | + not exists(Type paramType | paramType = this.getADynamicParameterType(_, i) | pt.isImplicitlyConvertibleTo(paramType) or // If either the argument type or the parameter type contains type parameters, @@ -93,11 +95,11 @@ class BadDynamicOperatorCall extends BadDynamicCall, DynamicOperatorCall { ) and message = "The $@ of this dynamic operator can obtain (from $@) type $@, which does not match an operator '" - + getLateBoundTargetName() + "' with the appropriate signature." + + this.getLateBoundTargetName() + "' with the appropriate signature." } private Type getADynamicParameterType(Operator o, int i) { - o = getARuntimeTarget() and + o = this.getARuntimeTarget() and result = o.getParameter(i).getType() } } diff --git a/csharp/ql/src/Likely Bugs/ObjectComparison.ql b/csharp/ql/src/Likely Bugs/ObjectComparison.ql index e1c28c2949b..53b525b6072 100644 --- a/csharp/ql/src/Likely Bugs/ObjectComparison.ql +++ b/csharp/ql/src/Likely Bugs/ObjectComparison.ql @@ -27,26 +27,26 @@ class ReferenceEqualityTestOnObject extends EqualityOperation { // One or both of the operands has type object or interface. exists(getObjectOperand(this)) and // Neither operand is 'null'. - not getAnOperand() instanceof NullLiteral and - not exists(Type t | t = getAnOperand().stripImplicitCasts().getType() | + not this.getAnOperand() instanceof NullLiteral and + not exists(Type t | t = this.getAnOperand().stripImplicitCasts().getType() | t instanceof NullType or t instanceof ValueType ) and // Neither operand is a constant - a reference comparison may well be intended for those. - not getAnOperand().(FieldAccess).getTarget().isReadOnly() and - not getAnOperand().hasValue() and + not this.getAnOperand().(FieldAccess).getTarget().isReadOnly() and + not this.getAnOperand().hasValue() and // Not a short-cut test in a custom `Equals` method not exists(EqualsMethod m | - getEnclosingCallable() = m and - getAnOperand() instanceof ThisAccess and - getAnOperand() = m.getParameter(0).getAnAccess() + this.getEnclosingCallable() = m and + this.getAnOperand() instanceof ThisAccess and + this.getAnOperand() = m.getParameter(0).getAnAccess() ) and // Reference comparisons in Moq methods are used to define mocks not exists(MethodCall mc, Namespace n | mc.getTarget().getDeclaringType().getNamespace().getParentNamespace*() = n and n.hasName("Moq") and not exists(n.getParentNamespace()) and - mc.getAnArgument() = getEnclosingCallable() + mc.getAnArgument() = this.getEnclosingCallable() ) } @@ -54,7 +54,7 @@ class ReferenceEqualityTestOnObject extends EqualityOperation { result = getObjectOperand(this) and // Avoid duplicate results: only include left operand if both operands // have object type - (result = getRightOperand() implies not getLeftOperand() = getObjectOperand(this)) + (result = this.getRightOperand() implies not this.getLeftOperand() = getObjectOperand(this)) } } diff --git a/csharp/ql/src/Likely Bugs/PossibleLossOfPrecision.ql b/csharp/ql/src/Likely Bugs/PossibleLossOfPrecision.ql index ecd0103a5bd..1f97debc4ef 100644 --- a/csharp/ql/src/Likely Bugs/PossibleLossOfPrecision.ql +++ b/csharp/ql/src/Likely Bugs/PossibleLossOfPrecision.ql @@ -50,7 +50,7 @@ abstract class LossOfPrecision extends Expr { Type convertedType; LossOfPrecision() { - getType() instanceof IntegralType and + this.getType() instanceof IntegralType and convertedToFloatOrDecimal(this, convertedType) } diff --git a/csharp/ql/src/Likely Bugs/Statements/UseBraces.ql b/csharp/ql/src/Likely Bugs/Statements/UseBraces.ql index 4b3fa2096a7..a557200e8ea 100644 --- a/csharp/ql/src/Likely Bugs/Statements/UseBraces.ql +++ b/csharp/ql/src/Likely Bugs/Statements/UseBraces.ql @@ -26,11 +26,11 @@ Stmt getASuccessorStmt(Stmt s) { } class IfThenStmt extends IfStmt { - IfThenStmt() { not exists(getElse()) } + IfThenStmt() { not exists(this.getElse()) } } class IfThenElseStmt extends IfStmt { - IfThenElseStmt() { exists(getElse()) } + IfThenElseStmt() { exists(this.getElse()) } } Stmt getTrailingBody(Stmt s) { @@ -49,16 +49,16 @@ abstract class UnbracedControlStmt extends Stmt { abstract Stmt getSuccessorStmt(); private Stmt getACandidate() { - getSuccessorStmt() = result and + this.getSuccessorStmt() = result and getBlockStmt(this) = getBlockStmt(result) } - private Location getBodyLocation() { result = getBody().getLocation() } + private Location getBodyLocation() { result = this.getBody().getLocation() } pragma[noopt] Stmt getAConfusingTrailingStmt() { - result = getACandidate() and - exists(Location l1, Location l2 | l1 = getBodyLocation() and l2 = result.getLocation() | + result = this.getACandidate() and + exists(Location l1, Location l2 | l1 = this.getBodyLocation() and l2 = result.getLocation() | // This test is slightly unreliable // because tabs are counted as 1 column. // But it's accurate enough to be useful, and will @@ -79,7 +79,7 @@ class UnbracedIfStmt extends UnbracedControlStmt { override Stmt getBody() { result = getTrailingBody(this) } override Stmt getSuccessorStmt() { - result = getASuccessorStmt(getBody()) and + result = getASuccessorStmt(this.getBody()) and result != this } } @@ -95,7 +95,7 @@ class UnbracedLoopStmt extends UnbracedControlStmt { override Stmt getSuccessorStmt() { result = getASuccessorStmt(this) and - result != getBody() + result != this.getBody() } } diff --git a/csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql b/csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql index e50566d6ca9..3b56d3d7377 100644 --- a/csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql +++ b/csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql @@ -19,7 +19,7 @@ import semmle.code.csharp.frameworks.system.web.Mvc /** An `AuthorizationFilter` that calls the `AntiForgery.Validate` method. */ class AntiForgeryAuthorizationFilter extends AuthorizationFilter { AntiForgeryAuthorizationFilter() { - getOnAuthorizationMethod().calls*(any(AntiForgeryClass a).getValidateMethod()) + this.getOnAuthorizationMethod().calls*(any(AntiForgeryClass a).getValidateMethod()) } } diff --git a/csharp/ql/src/experimental/dataflow/flowsources/AuthCookie.qll b/csharp/ql/src/experimental/dataflow/flowsources/AuthCookie.qll index 60ea37b39db..73fbc2af3fe 100644 --- a/csharp/ql/src/experimental/dataflow/flowsources/AuthCookie.qll +++ b/csharp/ql/src/experimental/dataflow/flowsources/AuthCookie.qll @@ -191,7 +191,7 @@ abstract private class OnAppendCookieTrackingConfig extends DataFlow::Configurat override predicate isSink(DataFlow::Node sink) { exists(PropertyWrite pw, Assignment a | pw.getProperty().getDeclaringType() instanceof MicrosoftAspNetCoreHttpCookieOptions and - pw.getProperty().getName() = propertyName() and + pw.getProperty().getName() = this.propertyName() and a.getLValue() = pw and exists(Expr val | DataFlow::localExprFlow(val, a.getRValue()) and diff --git a/csharp/ql/src/experimental/ir/internal/CSharpType.qll b/csharp/ql/src/experimental/ir/internal/CSharpType.qll index d87596ae643..a8b9af957a9 100644 --- a/csharp/ql/src/experimental/ir/internal/CSharpType.qll +++ b/csharp/ql/src/experimental/ir/internal/CSharpType.qll @@ -150,10 +150,10 @@ class CSharpType extends TCSharpType { abstract string toString(); /** Gets a string used in IR dumps */ - string getDumpString() { result = toString() } + string getDumpString() { result = this.toString() } /** Gets the size of the type in bytes, if known. */ - final int getByteSize() { result = getIRType().getByteSize() } + final int getByteSize() { result = this.getIRType().getByteSize() } /** * Gets the `IRType` that represents this `CSharpType`. Many different `CSharpType`s can map to a @@ -168,7 +168,7 @@ class CSharpType extends TCSharpType { */ abstract predicate hasType(Type type, boolean isGLValue); - final predicate hasUnspecifiedType(Type type, boolean isGLValue) { hasType(type, isGLValue) } + final predicate hasUnspecifiedType(Type type, boolean isGLValue) { this.hasType(type, isGLValue) } } /** diff --git a/csharp/ql/src/experimental/ir/rangeanalysis/Bound.qll b/csharp/ql/src/experimental/ir/rangeanalysis/Bound.qll index c79c199832b..295c76a025d 100644 --- a/csharp/ql/src/experimental/ir/rangeanalysis/Bound.qll +++ b/csharp/ql/src/experimental/ir/rangeanalysis/Bound.qll @@ -41,7 +41,7 @@ abstract class Bound extends TBound { abstract Instruction getInstruction(int delta); /** Gets an expression that equals this bound. */ - Instruction getInstruction() { result = getInstruction(0) } + Instruction getInstruction() { result = this.getInstruction(0) } abstract Location getLocation(); } diff --git a/csharp/ql/src/experimental/ir/rangeanalysis/RangeAnalysis.qll b/csharp/ql/src/experimental/ir/rangeanalysis/RangeAnalysis.qll index a53b9a2426b..1febf611652 100644 --- a/csharp/ql/src/experimental/ir/rangeanalysis/RangeAnalysis.qll +++ b/csharp/ql/src/experimental/ir/rangeanalysis/RangeAnalysis.qll @@ -194,7 +194,7 @@ class NoReason extends Reason, TNoReason { class CondReason extends Reason, TCondReason { IRGuardCondition getCond() { this = TCondReason(result) } - override string toString() { result = getCond().toString() } + override string toString() { result = this.getCond().toString() } } /** @@ -222,10 +222,10 @@ private predicate safeCast(IntegralType fromtyp, IntegralType totyp) { private class SafeCastInstruction extends ConvertInstruction { SafeCastInstruction() { - safeCast(getResultType(), getUnary().getResultType()) + safeCast(this.getResultType(), this.getUnary().getResultType()) or - getResultType() instanceof PointerType and - getUnary().getResultType() instanceof PointerType + this.getResultType() instanceof PointerType and + this.getUnary().getResultType() instanceof PointerType } } @@ -260,14 +260,14 @@ private predicate typeBound(IntegralType typ, int lowerbound, int upperbound) { private class NarrowingCastInstruction extends ConvertInstruction { NarrowingCastInstruction() { not this instanceof SafeCastInstruction and - typeBound(getResultType(), _, _) + typeBound(this.getResultType(), _, _) } /** Gets the lower bound of the resulting type. */ - int getLowerBound() { typeBound(getResultType(), result, _) } + int getLowerBound() { typeBound(this.getResultType(), result, _) } /** Gets the upper bound of the resulting type. */ - int getUpperBound() { typeBound(getResultType(), _, result) } + int getUpperBound() { typeBound(this.getResultType(), _, result) } } /** diff --git a/csharp/ql/test/library-tests/assemblies/assemblies.ql b/csharp/ql/test/library-tests/assemblies/assemblies.ql index 70d9c419d5a..7af7e066160 100644 --- a/csharp/ql/test/library-tests/assemblies/assemblies.ql +++ b/csharp/ql/test/library-tests/assemblies/assemblies.ql @@ -5,7 +5,7 @@ private class KnownType extends Type { } class TypeRef extends @typeref { - string toString() { hasName(result) } + string toString() { this.hasName(result) } predicate hasName(string name) { typerefs(this, name) } @@ -13,7 +13,7 @@ class TypeRef extends @typeref { } class MissingType extends TypeRef { - MissingType() { not exists(getType()) } + MissingType() { not exists(this.getType()) } } from From c46898cb7585feb12150e87b830eff425468f44b Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Tue, 9 May 2023 13:15:54 +0200 Subject: [PATCH 187/870] C++: Make implicit this receivers explicit --- .../code/cpp/rangeanalysis/RangeAnalysis.qll | 8 +- .../code/cpp/rangeanalysis/RangeUtils.qll | 6 +- .../ConstantBitwiseAndExprRange.qll | 14 +- .../extensions/ConstantShiftExprRange.qll | 56 +++--- .../rangeanalysis/extensions/RangeNode.qll | 21 +- .../extensions/StrlenLiteralRangeExpr.qll | 6 +- .../rangeanalysis/extensions/SubtractSelf.qll | 4 +- cpp/ql/lib/semmle/code/cpp/Compilation.qll | 4 +- cpp/ql/lib/semmle/code/cpp/Field.qll | 7 +- cpp/ql/lib/semmle/code/cpp/Linkage.qll | 4 +- cpp/ql/lib/semmle/code/cpp/NameQualifiers.qll | 12 +- cpp/ql/lib/semmle/code/cpp/NestedFields.qll | 2 +- cpp/ql/lib/semmle/code/cpp/PrintAST.qll | 46 +++-- cpp/ql/lib/semmle/code/cpp/commons/Strcat.qll | 2 +- .../cpp/controlflow/DefinitionsAndUses.qll | 10 +- .../semmle/code/cpp/controlflow/SSAUtils.qll | 51 ++--- .../code/cpp/exprs/ComparisonOperation.qll | 16 +- .../internal/AliasConfiguration.qll | 2 +- .../aliased_ssa/internal/AliasedSSA.qll | 28 +-- .../raw/internal/TranslatedCall.qll | 138 +++++++------ .../raw/internal/TranslatedCondition.qll | 70 +++---- .../internal/TranslatedDeclarationEntry.qll | 42 ++-- .../raw/internal/TranslatedFunction.qll | 190 +++++++++--------- .../cpp/ir/internal/ASTValueNumbering.qll | 12 +- .../semmle/code/cpp/ir/internal/CppType.qll | 6 +- .../models/implementations/Deallocation.qll | 18 +- .../models/implementations/MemberFunction.qll | 4 +- .../cpp/models/implementations/Printf.qll | 60 +++--- .../cpp/models/implementations/Strdup.qll | 8 +- .../cpp/models/implementations/Strftime.qll | 2 +- .../cpp/models/implementations/Strset.qll | 2 +- .../cpp/models/implementations/System.qll | 14 +- .../code/cpp/models/interfaces/Allocation.qll | 8 +- .../cpp/models/interfaces/Deallocation.qll | 2 +- .../models/interfaces/FormattingFunction.qll | 44 ++-- .../new/internal/semantic/SemanticExpr.qll | 20 +- .../new/internal/semantic/SemanticSSA.qll | 2 +- .../new/internal/semantic/SemanticType.qll | 4 +- .../new/internal/semantic/analysis/Bound.qll | 2 +- .../semantic/analysis/RangeAnalysisImpl.qll | 2 +- .../semantic/analysis/RangeAnalysisStage.qll | 2 +- .../new/internal/semantic/analysis/Sign.qll | 32 +-- .../code/cpp/security/CommandExecution.qll | 30 +-- .../code/cpp/security/TaintTrackingImpl.qll | 16 +- .../GlobalValueNumberingImpl.qll | 4 +- .../code/cpp/valuenumbering/HashCons.qll | 4 +- cpp/ql/src/Critical/FileMayNotBeClosed.ql | 2 +- cpp/ql/src/Critical/MemoryMayNotBeFreed.ql | 2 +- .../JPL_C/LOC-4/Rule 23/MismatchedIfdefs.ql | 16 +- .../Likely Typos/UsingStrcpyAsBoolean.ql | 2 +- .../ImproperNullTermination.ql | 2 +- .../Memory Management/SuspiciousSizeof.ql | 4 +- .../Dependencies/ExternalDependencies.qll | 2 +- .../src/Security/CWE/CWE-020/ExternalAPIs.qll | 2 +- .../Security/CWE/CWE-020/ir/ExternalAPIs.qll | 2 +- cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql | 6 +- .../CWE/CWE-295/SSLResultConflation.ql | 2 +- .../CWE/CWE-295/SSLResultNotChecked.ql | 8 +- .../CWE/CWE-327/BrokenCryptoAlgorithm.ql | 2 +- .../Security/CWE/CWE-078/WordexpTainted.ql | 2 +- .../CWE/CWE-1041/FindWrapperFunctions.ql | 2 +- .../Security/CWE/CWE-675/DoubleRelease.ql | 2 +- cpp/ql/src/external/DefectFilter.qll | 4 +- cpp/ql/test/library-tests/blocks/cpp/exprs.ql | 2 +- .../library-tests/dataflow/fields/Nodes.qll | 4 +- .../identity_string/identity_string.ql | 40 ++-- .../locations/constants/locations.ql | 2 +- cpp/ql/test/library-tests/loops/loops.ql | 2 +- 68 files changed, 589 insertions(+), 560 deletions(-) diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll index ee0c70c3754..e5de44b396d 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll @@ -238,7 +238,7 @@ class NoReason extends Reason, TNoReason { class CondReason extends Reason, TCondReason { IRGuardCondition getCond() { this = TCondReason(result) } - override string toString() { result = getCond().toString() } + override string toString() { result = this.getCond().toString() } } /** @@ -260,14 +260,14 @@ private predicate typeBound(IRIntegerType typ, int lowerbound, int upperbound) { private class NarrowingCastInstruction extends ConvertInstruction { NarrowingCastInstruction() { not this instanceof SafeCastInstruction and - typeBound(getResultIRType(), _, _) + typeBound(this.getResultIRType(), _, _) } /** Gets the lower bound of the resulting type. */ - int getLowerBound() { typeBound(getResultIRType(), result, _) } + int getLowerBound() { typeBound(this.getResultIRType(), result, _) } /** Gets the upper bound of the resulting type. */ - int getUpperBound() { typeBound(getResultIRType(), _, result) } + int getUpperBound() { typeBound(this.getResultIRType(), _, result) } } /** diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeUtils.qll b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeUtils.qll index bffd08fbe52..6cc7a024f88 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeUtils.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeUtils.qll @@ -109,8 +109,8 @@ private predicate safeCast(IRIntegerType fromtyp, IRIntegerType totyp) { */ class PtrToPtrCastInstruction extends ConvertInstruction { PtrToPtrCastInstruction() { - getResultIRType() instanceof IRAddressType and - getUnary().getResultIRType() instanceof IRAddressType + this.getResultIRType() instanceof IRAddressType and + this.getUnary().getResultIRType() instanceof IRAddressType } } @@ -119,7 +119,7 @@ class PtrToPtrCastInstruction extends ConvertInstruction { * that cannot overflow or underflow. */ class SafeIntCastInstruction extends ConvertInstruction { - SafeIntCastInstruction() { safeCast(getUnary().getResultIRType(), getResultIRType()) } + SafeIntCastInstruction() { safeCast(this.getUnary().getResultIRType(), this.getResultIRType()) } } /** diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/ConstantBitwiseAndExprRange.qll b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/ConstantBitwiseAndExprRange.qll index 33776bd8105..20e3f6abb17 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/ConstantBitwiseAndExprRange.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/ConstantBitwiseAndExprRange.qll @@ -50,8 +50,8 @@ private class ConstantBitwiseAndExprRange extends SimpleRangeAnalysisExpr { // If an operand can have negative values, the lower bound is unconstrained. // Otherwise, the lower bound is zero. exists(float lLower, float rLower | - lLower = getFullyConvertedLowerBounds(getLeftOperand()) and - rLower = getFullyConvertedLowerBounds(getRightOperand()) and + lLower = getFullyConvertedLowerBounds(this.getLeftOperand()) and + rLower = getFullyConvertedLowerBounds(this.getRightOperand()) and ( (lLower < 0 or rLower < 0) and result = exprMinVal(this) @@ -68,10 +68,10 @@ private class ConstantBitwiseAndExprRange extends SimpleRangeAnalysisExpr { // If an operand can have negative values, the upper bound is unconstrained. // Otherwise, the upper bound is the minimum of the upper bounds of the operands exists(float lLower, float lUpper, float rLower, float rUpper | - lLower = getFullyConvertedLowerBounds(getLeftOperand()) and - lUpper = getFullyConvertedUpperBounds(getLeftOperand()) and - rLower = getFullyConvertedLowerBounds(getRightOperand()) and - rUpper = getFullyConvertedUpperBounds(getRightOperand()) and + lLower = getFullyConvertedLowerBounds(this.getLeftOperand()) and + lUpper = getFullyConvertedUpperBounds(this.getLeftOperand()) and + rLower = getFullyConvertedLowerBounds(this.getRightOperand()) and + rUpper = getFullyConvertedUpperBounds(this.getRightOperand()) and ( (lLower < 0 or rLower < 0) and result = exprMaxVal(this) @@ -85,6 +85,6 @@ private class ConstantBitwiseAndExprRange extends SimpleRangeAnalysisExpr { } override predicate dependsOnChild(Expr child) { - child = getLeftOperand() or child = getRightOperand() + child = this.getLeftOperand() or child = this.getRightOperand() } } diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/ConstantShiftExprRange.qll b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/ConstantShiftExprRange.qll index b4189b0f4cc..3f300d7aa8d 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/ConstantShiftExprRange.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/ConstantShiftExprRange.qll @@ -50,7 +50,7 @@ class ConstantRShiftExprRange extends SimpleRangeAnalysisExpr { * We don't handle the case where `a` and `b` are both non-constant values. */ ConstantRShiftExprRange() { - getUnspecifiedType() instanceof IntegralType and + this.getUnspecifiedType() instanceof IntegralType and exists(Expr l, Expr r | l = this.(RShiftExpr).getLeftOperand() and r = this.(RShiftExpr).getRightOperand() @@ -84,10 +84,10 @@ class ConstantRShiftExprRange extends SimpleRangeAnalysisExpr { override float getLowerBounds() { exists(int lLower, int lUpper, int rLower, int rUpper | - lLower = getFullyConvertedLowerBounds(getLeftOperand()) and - lUpper = getFullyConvertedUpperBounds(getLeftOperand()) and - rLower = getFullyConvertedLowerBounds(getRightOperand()) and - rUpper = getFullyConvertedUpperBounds(getRightOperand()) and + lLower = getFullyConvertedLowerBounds(this.getLeftOperand()) and + lUpper = getFullyConvertedUpperBounds(this.getLeftOperand()) and + rLower = getFullyConvertedLowerBounds(this.getRightOperand()) and + rUpper = getFullyConvertedUpperBounds(this.getRightOperand()) and lLower <= lUpper and rLower <= rUpper | @@ -95,8 +95,8 @@ class ConstantRShiftExprRange extends SimpleRangeAnalysisExpr { lLower < 0 or not ( - isValidShiftExprShift(rLower, getLeftOperand()) and - isValidShiftExprShift(rUpper, getLeftOperand()) + isValidShiftExprShift(rLower, this.getLeftOperand()) and + isValidShiftExprShift(rUpper, this.getLeftOperand()) ) then // We don't want to deal with shifting negative numbers at the moment, @@ -111,10 +111,10 @@ class ConstantRShiftExprRange extends SimpleRangeAnalysisExpr { override float getUpperBounds() { exists(int lLower, int lUpper, int rLower, int rUpper | - lLower = getFullyConvertedLowerBounds(getLeftOperand()) and - lUpper = getFullyConvertedUpperBounds(getLeftOperand()) and - rLower = getFullyConvertedLowerBounds(getRightOperand()) and - rUpper = getFullyConvertedUpperBounds(getRightOperand()) and + lLower = getFullyConvertedLowerBounds(this.getLeftOperand()) and + lUpper = getFullyConvertedUpperBounds(this.getLeftOperand()) and + rLower = getFullyConvertedLowerBounds(this.getRightOperand()) and + rUpper = getFullyConvertedUpperBounds(this.getRightOperand()) and lLower <= lUpper and rLower <= rUpper | @@ -122,8 +122,8 @@ class ConstantRShiftExprRange extends SimpleRangeAnalysisExpr { lLower < 0 or not ( - isValidShiftExprShift(rLower, getLeftOperand()) and - isValidShiftExprShift(rUpper, getLeftOperand()) + isValidShiftExprShift(rLower, this.getLeftOperand()) and + isValidShiftExprShift(rUpper, this.getLeftOperand()) ) then // We don't want to deal with shifting negative numbers at the moment, @@ -137,7 +137,7 @@ class ConstantRShiftExprRange extends SimpleRangeAnalysisExpr { } override predicate dependsOnChild(Expr child) { - child = getLeftOperand() or child = getRightOperand() + child = this.getLeftOperand() or child = this.getRightOperand() } } @@ -163,7 +163,7 @@ class ConstantLShiftExprRange extends SimpleRangeAnalysisExpr { * We don't handle the case where `a` and `b` are both non-constant values. */ ConstantLShiftExprRange() { - getUnspecifiedType() instanceof IntegralType and + this.getUnspecifiedType() instanceof IntegralType and exists(Expr l, Expr r | l = this.(LShiftExpr).getLeftOperand() and r = this.(LShiftExpr).getRightOperand() @@ -197,10 +197,10 @@ class ConstantLShiftExprRange extends SimpleRangeAnalysisExpr { override float getLowerBounds() { exists(int lLower, int lUpper, int rLower, int rUpper | - lLower = getFullyConvertedLowerBounds(getLeftOperand()) and - lUpper = getFullyConvertedUpperBounds(getLeftOperand()) and - rLower = getFullyConvertedLowerBounds(getRightOperand()) and - rUpper = getFullyConvertedUpperBounds(getRightOperand()) and + lLower = getFullyConvertedLowerBounds(this.getLeftOperand()) and + lUpper = getFullyConvertedUpperBounds(this.getLeftOperand()) and + rLower = getFullyConvertedLowerBounds(this.getRightOperand()) and + rUpper = getFullyConvertedUpperBounds(this.getRightOperand()) and lLower <= lUpper and rLower <= rUpper | @@ -208,8 +208,8 @@ class ConstantLShiftExprRange extends SimpleRangeAnalysisExpr { lLower < 0 or not ( - isValidShiftExprShift(rLower, getLeftOperand()) and - isValidShiftExprShift(rUpper, getLeftOperand()) + isValidShiftExprShift(rLower, this.getLeftOperand()) and + isValidShiftExprShift(rUpper, this.getLeftOperand()) ) then // We don't want to deal with shifting negative numbers at the moment, @@ -228,10 +228,10 @@ class ConstantLShiftExprRange extends SimpleRangeAnalysisExpr { override float getUpperBounds() { exists(int lLower, int lUpper, int rLower, int rUpper | - lLower = getFullyConvertedLowerBounds(getLeftOperand()) and - lUpper = getFullyConvertedUpperBounds(getLeftOperand()) and - rLower = getFullyConvertedLowerBounds(getRightOperand()) and - rUpper = getFullyConvertedUpperBounds(getRightOperand()) and + lLower = getFullyConvertedLowerBounds(this.getLeftOperand()) and + lUpper = getFullyConvertedUpperBounds(this.getLeftOperand()) and + rLower = getFullyConvertedLowerBounds(this.getRightOperand()) and + rUpper = getFullyConvertedUpperBounds(this.getRightOperand()) and lLower <= lUpper and rLower <= rUpper | @@ -239,8 +239,8 @@ class ConstantLShiftExprRange extends SimpleRangeAnalysisExpr { lLower < 0 or not ( - isValidShiftExprShift(rLower, getLeftOperand()) and - isValidShiftExprShift(rUpper, getLeftOperand()) + isValidShiftExprShift(rLower, this.getLeftOperand()) and + isValidShiftExprShift(rUpper, this.getLeftOperand()) ) then // We don't want to deal with shifting negative numbers at the moment, @@ -258,6 +258,6 @@ class ConstantLShiftExprRange extends SimpleRangeAnalysisExpr { } override predicate dependsOnChild(Expr child) { - child = getLeftOperand() or child = getRightOperand() + child = this.getLeftOperand() or child = this.getRightOperand() } } diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/RangeNode.qll b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/RangeNode.qll index d24d754a4ac..71a74c6c4fe 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/RangeNode.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/RangeNode.qll @@ -83,20 +83,23 @@ private class ExprRangeNode extends DataFlow::ExprNode { private string getCallBounds(Call e) { result = getExprBoundAsString(e) + "(" + - concat(Expr arg, int i | arg = e.getArgument(i) | getIntegralBounds(arg) order by i, ",") + - ")" + concat(Expr arg, int i | + arg = e.getArgument(i) + | + this.getIntegralBounds(arg) order by i, "," + ) + ")" } override string toString() { - exists(Expr e | e = getExpr() | + exists(Expr e | e = this.getExpr() | if hasIntegralOrReferenceIntegralType(e) then - result = super.toString() + ": " + getOperationBounds(e) + result = super.toString() + ": " + this.getOperationBounds(e) or - result = super.toString() + ": " + getCallBounds(e) + result = super.toString() + ": " + this.getCallBounds(e) or - not exists(getOperationBounds(e)) and - not exists(getCallBounds(e)) and + not exists(this.getOperationBounds(e)) and + not exists(this.getCallBounds(e)) and result = super.toString() + ": " + getExprBoundAsString(e) else result = super.toString() ) @@ -108,8 +111,8 @@ private class ExprRangeNode extends DataFlow::ExprNode { */ private class ReferenceArgumentRangeNode extends DataFlow::DefinitionByReferenceNode { override string toString() { - if hasIntegralOrReferenceIntegralType(asDefiningArgument()) - then result = super.toString() + ": " + getExprBoundAsString(getArgument()) + if hasIntegralOrReferenceIntegralType(this.asDefiningArgument()) + then result = super.toString() + ": " + getExprBoundAsString(this.getArgument()) else result = super.toString() } } diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/StrlenLiteralRangeExpr.qll b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/StrlenLiteralRangeExpr.qll index 39326e89a51..f301263d0e3 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/StrlenLiteralRangeExpr.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/StrlenLiteralRangeExpr.qll @@ -7,12 +7,12 @@ private import experimental.semmle.code.cpp.models.interfaces.SimpleRangeAnalysi */ class StrlenLiteralRangeExpr extends SimpleRangeAnalysisExpr, FunctionCall { StrlenLiteralRangeExpr() { - getTarget().hasGlobalOrStdName("strlen") and getArgument(0).isConstant() + this.getTarget().hasGlobalOrStdName("strlen") and this.getArgument(0).isConstant() } - override int getLowerBounds() { result = getArgument(0).getValue().length() } + override int getLowerBounds() { result = this.getArgument(0).getValue().length() } - override int getUpperBounds() { result = getArgument(0).getValue().length() } + override int getUpperBounds() { result = this.getArgument(0).getValue().length() } override predicate dependsOnChild(Expr e) { none() } } diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/SubtractSelf.qll b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/SubtractSelf.qll index ff716d02d6f..32b4d2a4fba 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/SubtractSelf.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/SubtractSelf.qll @@ -3,8 +3,8 @@ import experimental.semmle.code.cpp.models.interfaces.SimpleRangeAnalysisExpr private class SelfSub extends SimpleRangeAnalysisExpr, SubExpr { SelfSub() { // Match `x - x` but not `myInt - (unsigned char)myInt`. - getLeftOperand().getExplicitlyConverted().(VariableAccess).getTarget() = - getRightOperand().getExplicitlyConverted().(VariableAccess).getTarget() + this.getLeftOperand().getExplicitlyConverted().(VariableAccess).getTarget() = + this.getRightOperand().getExplicitlyConverted().(VariableAccess).getTarget() } override float getLowerBounds() { result = 0 } diff --git a/cpp/ql/lib/semmle/code/cpp/Compilation.qll b/cpp/ql/lib/semmle/code/cpp/Compilation.qll index 812c417dbdd..1a8d90f991c 100644 --- a/cpp/ql/lib/semmle/code/cpp/Compilation.qll +++ b/cpp/ql/lib/semmle/code/cpp/Compilation.qll @@ -42,7 +42,7 @@ class Compilation extends @compilation { } /** Gets a file compiled during this invocation. */ - File getAFileCompiled() { result = getFileCompiled(_) } + File getAFileCompiled() { result = this.getFileCompiled(_) } /** Gets the `i`th file compiled during this invocation */ File getFileCompiled(int i) { compilation_compiling_files(this, i, unresolveElement(result)) } @@ -74,7 +74,7 @@ class Compilation extends @compilation { /** * Gets an argument passed to the extractor on this invocation. */ - string getAnArgument() { result = getArgument(_) } + string getAnArgument() { result = this.getArgument(_) } /** * Gets the `i`th argument passed to the extractor on this invocation. diff --git a/cpp/ql/lib/semmle/code/cpp/Field.qll b/cpp/ql/lib/semmle/code/cpp/Field.qll index 95e55568c4b..2e1f20e8d30 100644 --- a/cpp/ql/lib/semmle/code/cpp/Field.qll +++ b/cpp/ql/lib/semmle/code/cpp/Field.qll @@ -39,7 +39,8 @@ class Field extends MemberVariable { * complete most-derived object. */ int getAByteOffsetIn(Class mostDerivedClass) { - result = mostDerivedClass.getABaseClassByteOffset(getDeclaringType()) + getByteOffset() + result = + mostDerivedClass.getABaseClassByteOffset(this.getDeclaringType()) + this.getByteOffset() } /** @@ -116,10 +117,10 @@ class BitField extends Field { int getBitOffset() { fieldoffsets(underlyingElement(this), _, result) } /** Holds if this bitfield is anonymous. */ - predicate isAnonymous() { hasName("(unnamed bitfield)") } + predicate isAnonymous() { this.hasName("(unnamed bitfield)") } override predicate isInitializable() { // Anonymous bitfields are not initializable. - not isAnonymous() + not this.isAnonymous() } } diff --git a/cpp/ql/lib/semmle/code/cpp/Linkage.qll b/cpp/ql/lib/semmle/code/cpp/Linkage.qll index e604ce06dee..da192e57dee 100644 --- a/cpp/ql/lib/semmle/code/cpp/Linkage.qll +++ b/cpp/ql/lib/semmle/code/cpp/Linkage.qll @@ -24,10 +24,10 @@ class LinkTarget extends @link_target { * captured as part of the snapshot, then everything is grouped together * into a single dummy link target. */ - predicate isDummy() { getBinary().getAbsolutePath() = "" } + predicate isDummy() { this.getBinary().getAbsolutePath() = "" } /** Gets a textual representation of this element. */ - string toString() { result = getBinary().getAbsolutePath() } + string toString() { result = this.getBinary().getAbsolutePath() } /** * Gets a function which was compiled into this link target, or had its diff --git a/cpp/ql/lib/semmle/code/cpp/NameQualifiers.qll b/cpp/ql/lib/semmle/code/cpp/NameQualifiers.qll index a5894e21071..df52735f653 100644 --- a/cpp/ql/lib/semmle/code/cpp/NameQualifiers.qll +++ b/cpp/ql/lib/semmle/code/cpp/NameQualifiers.qll @@ -24,7 +24,7 @@ class NameQualifier extends NameQualifiableElement, @namequalifier { * Gets the expression ultimately qualified by the chain of name * qualifiers. For example, `f()` in `N1::N2::f()`. */ - Expr getExpr() { result = getQualifiedElement+() } + Expr getExpr() { result = this.getQualifiedElement+() } /** Gets a location for this name qualifier. */ override Location getLocation() { namequalifiers(underlyingElement(this), _, _, result) } @@ -56,12 +56,12 @@ class NameQualifier extends NameQualifiableElement, @namequalifier { if nqe instanceof SpecialNameQualifyingElement then exists(Access a | - a = getQualifiedElement() and + a = this.getQualifiedElement() and result = a.getTarget().getDeclaringType() ) or exists(FunctionCall c | - c = getQualifiedElement() and + c = this.getQualifiedElement() and result = c.getTarget().getDeclaringType() ) else result = nqe @@ -109,7 +109,7 @@ class NameQualifiableElement extends Element, @namequalifiableelement { * namespace. */ predicate hasGlobalQualifiedName() { - getNameQualifier*().getQualifyingElement() instanceof GlobalNamespace + this.getNameQualifier*().getQualifyingElement() instanceof GlobalNamespace } /** @@ -119,7 +119,7 @@ class NameQualifiableElement extends Element, @namequalifiableelement { */ predicate hasSuperQualifiedName() { exists(NameQualifier nq, SpecialNameQualifyingElement snqe | - nq = getNameQualifier*() and + nq = this.getNameQualifier*() and namequalifiers(unresolveElement(nq), _, unresolveElement(snqe), _) and snqe.getName() = "__super" ) @@ -164,5 +164,5 @@ library class SpecialNameQualifyingElement extends NameQualifyingElement, /** Gets the name of this special qualifying element. */ override string getName() { specialnamequalifyingelements(underlyingElement(this), result) } - override string toString() { result = getName() } + override string toString() { result = this.getName() } } diff --git a/cpp/ql/lib/semmle/code/cpp/NestedFields.qll b/cpp/ql/lib/semmle/code/cpp/NestedFields.qll index ce67719a7e2..798c17e8cd0 100644 --- a/cpp/ql/lib/semmle/code/cpp/NestedFields.qll +++ b/cpp/ql/lib/semmle/code/cpp/NestedFields.qll @@ -37,7 +37,7 @@ class NestedFieldAccess extends FieldAccess { NestedFieldAccess() { ultimateQualifier = getUltimateQualifier(this) and - getTarget() = getANestedField(ultimateQualifier.getType().stripType()) + this.getTarget() = getANestedField(ultimateQualifier.getType().stripType()) } /** diff --git a/cpp/ql/lib/semmle/code/cpp/PrintAST.qll b/cpp/ql/lib/semmle/code/cpp/PrintAST.qll index 1b04f5e7a7b..b4d89eb8c1d 100644 --- a/cpp/ql/lib/semmle/code/cpp/PrintAST.qll +++ b/cpp/ql/lib/semmle/code/cpp/PrintAST.qll @@ -130,7 +130,7 @@ class PrintAstNode extends TPrintAstNode { // The exact value of `childIndex` doesn't matter, as long as we preserve the correct order. result = rank[childIndex](PrintAstNode child, int nonConvertedIndex, boolean isConverted | - childAndAccessorPredicate(child, _, nonConvertedIndex, isConverted) + this.childAndAccessorPredicate(child, _, nonConvertedIndex, isConverted) | // Unconverted children come first, then sort by original child index within each group. child order by isConverted, nonConvertedIndex @@ -143,7 +143,7 @@ class PrintAstNode extends TPrintAstNode { */ private PrintAstNode getConvertedChild(int childIndex) { exists(Expr expr | - expr = getChildInternal(childIndex).(AstNode).getAst() and + expr = this.getChildInternal(childIndex).(AstNode).getAst() and expr.getFullyConverted() instanceof Conversion and result.(AstNode).getAst() = expr.getFullyConverted() and not expr instanceof Conversion @@ -155,8 +155,8 @@ class PrintAstNode extends TPrintAstNode { * at index `childIndex`, if that node has any conversions. */ private string getConvertedChildAccessorPredicate(int childIndex) { - exists(getConvertedChild(childIndex)) and - result = getChildAccessorPredicateInternal(childIndex) + ".getFullyConverted()" + exists(this.getConvertedChild(childIndex)) and + result = this.getChildAccessorPredicateInternal(childIndex) + ".getFullyConverted()" } /** @@ -164,12 +164,12 @@ class PrintAstNode extends TPrintAstNode { * within a function are printed, but the query can override * `PrintASTConfiguration.shouldPrintFunction` to filter the output. */ - final predicate shouldPrint() { shouldPrintFunction(getEnclosingFunction()) } + final predicate shouldPrint() { shouldPrintFunction(this.getEnclosingFunction()) } /** * Gets the children of this node. */ - final PrintAstNode getAChild() { result = getChild(_) } + final PrintAstNode getAChild() { result = this.getChild(_) } /** * Gets the parent of this node, if any. @@ -187,7 +187,7 @@ class PrintAstNode extends TPrintAstNode { */ string getProperty(string key) { key = "semmle.label" and - result = toString() + result = this.toString() } /** @@ -201,12 +201,12 @@ class PrintAstNode extends TPrintAstNode { private predicate childAndAccessorPredicate( PrintAstNode child, string childPredicate, int nonConvertedIndex, boolean isConverted ) { - child = getChildInternal(nonConvertedIndex) and - childPredicate = getChildAccessorPredicateInternal(nonConvertedIndex) and + child = this.getChildInternal(nonConvertedIndex) and + childPredicate = this.getChildAccessorPredicateInternal(nonConvertedIndex) and isConverted = false or - child = getConvertedChild(nonConvertedIndex) and - childPredicate = getConvertedChildAccessorPredicate(nonConvertedIndex) and + child = this.getConvertedChild(nonConvertedIndex) and + childPredicate = this.getConvertedChildAccessorPredicate(nonConvertedIndex) and isConverted = true } @@ -218,7 +218,7 @@ class PrintAstNode extends TPrintAstNode { // The exact value of `childIndex` doesn't matter, as long as we preserve the correct order. result = rank[childIndex](string childPredicate, int nonConvertedIndex, boolean isConverted | - childAndAccessorPredicate(_, childPredicate, nonConvertedIndex, isConverted) + this.childAndAccessorPredicate(_, childPredicate, nonConvertedIndex, isConverted) | // Unconverted children come first, then sort by original child index within each group. childPredicate order by isConverted, nonConvertedIndex @@ -234,7 +234,9 @@ class PrintAstNode extends TPrintAstNode { /** * Gets the `Function` that contains this node. */ - private Function getEnclosingFunction() { result = getParent*().(FunctionNode).getFunction() } + private Function getEnclosingFunction() { + result = this.getParent*().(FunctionNode).getFunction() + } } /** DEPRECATED: Alias for PrintAstNode */ @@ -253,7 +255,7 @@ private class PrintableElement extends Element { } pragma[noinline] - string getAPrimaryQlClass0() { result = getAPrimaryQlClass() } + string getAPrimaryQlClass0() { result = this.getAPrimaryQlClass() } } /** @@ -281,7 +283,7 @@ abstract class BaseAstNode extends PrintAstNode { final Locatable getAst() { result = ast } /** DEPRECATED: Alias for getAst */ - deprecated Locatable getAST() { result = getAst() } + deprecated Locatable getAST() { result = this.getAst() } } /** DEPRECATED: Alias for BaseAstNode */ @@ -311,7 +313,7 @@ class ExprNode extends AstNode { result = super.getProperty(key) or key = "Value" and - result = qlClass(expr) + getValue() + result = qlClass(expr) + this.getValue() or key = "Type" and result = qlClass(expr.getType()) + expr.getType().toString() @@ -321,7 +323,7 @@ class ExprNode extends AstNode { } override string getChildAccessorPredicateInternal(int childIndex) { - result = getChildAccessorWithoutConversions(ast, getChildInternal(childIndex).getAst()) + result = getChildAccessorWithoutConversions(ast, this.getChildInternal(childIndex).getAst()) } /** @@ -441,7 +443,7 @@ class StmtNode extends AstNode { } override string getChildAccessorPredicateInternal(int childIndex) { - result = getChildAccessorWithoutConversions(ast, getChildInternal(childIndex).getAst()) + result = getChildAccessorWithoutConversions(ast, this.getChildInternal(childIndex).getAst()) } } @@ -517,7 +519,7 @@ class ParametersNode extends PrintAstNode, TParametersNode { } override string getChildAccessorPredicateInternal(int childIndex) { - exists(getChildInternal(childIndex)) and + exists(this.getChildInternal(childIndex)) and result = "getParameter(" + childIndex.toString() + ")" } @@ -544,7 +546,7 @@ class ConstructorInitializersNode extends PrintAstNode, TConstructorInitializers } final override string getChildAccessorPredicateInternal(int childIndex) { - exists(getChildInternal(childIndex)) and + exists(this.getChildInternal(childIndex)) and result = "getInitializer(" + childIndex.toString() + ")" } @@ -571,7 +573,7 @@ class DestructorDestructionsNode extends PrintAstNode, TDestructorDestructionsNo } final override string getChildAccessorPredicateInternal(int childIndex) { - exists(getChildInternal(childIndex)) and + exists(this.getChildInternal(childIndex)) and result = "getDestruction(" + childIndex.toString() + ")" } @@ -628,7 +630,7 @@ class FunctionNode extends AstNode { override string getProperty(string key) { result = super.getProperty(key) or - key = "semmle.order" and result = getOrder().toString() + key = "semmle.order" and result = this.getOrder().toString() } /** diff --git a/cpp/ql/lib/semmle/code/cpp/commons/Strcat.qll b/cpp/ql/lib/semmle/code/cpp/commons/Strcat.qll index c9cd0b2ebdd..472de0c34b1 100644 --- a/cpp/ql/lib/semmle/code/cpp/commons/Strcat.qll +++ b/cpp/ql/lib/semmle/code/cpp/commons/Strcat.qll @@ -8,7 +8,7 @@ import cpp */ deprecated class StrcatFunction extends Function { StrcatFunction() { - getName() = + this.getName() = [ "strcat", // strcat(dst, src) "strncat", // strncat(dst, src, max_amount) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/DefinitionsAndUses.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/DefinitionsAndUses.qll index dcabba51ce2..6a18f6cc149 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/DefinitionsAndUses.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/DefinitionsAndUses.qll @@ -98,7 +98,7 @@ library class DefOrUse extends ControlFlowNodeBase { pragma[noinline] private predicate reaches_helper(boolean isDef, SemanticStackVariable v, BasicBlock bb, int i) { - getVariable(isDef) = v and + this.getVariable(isDef) = v and bb.getNode(i) = this } @@ -118,21 +118,21 @@ library class DefOrUse extends ControlFlowNodeBase { * predicates are duplicated for now. */ - exists(BasicBlock bb, int i | reaches_helper(isDef, v, bb, i) | + exists(BasicBlock bb, int i | this.reaches_helper(isDef, v, bb, i) | exists(int j | j > i and (bbDefAt(bb, j, v, defOrUse) or bbUseAt(bb, j, v, defOrUse)) and - not exists(int k | firstBarrierAfterThis(isDef, k, v) and k < j) + not exists(int k | this.firstBarrierAfterThis(isDef, k, v) and k < j) ) or - not firstBarrierAfterThis(isDef, _, v) and + not this.firstBarrierAfterThis(isDef, _, v) and bbSuccessorEntryReachesDefOrUse(bb, v, defOrUse, _) ) } private predicate firstBarrierAfterThis(boolean isDef, int j, SemanticStackVariable v) { exists(BasicBlock bb, int i | - getVariable(isDef) = v and + this.getVariable(isDef) = v and bb.getNode(i) = this and j = min(int k | bbBarrierAt(bb, k, v, _) and k > i) ) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/SSAUtils.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/SSAUtils.qll index 2252864c249..45ef36f339d 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/SSAUtils.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/SSAUtils.qll @@ -130,7 +130,7 @@ library class SsaHelper extends int { * Remove any custom phi nodes that are invalid. */ private predicate sanitized_custom_phi_node(StackVariable v, BasicBlock b) { - custom_phi_node(v, b) and + this.custom_phi_node(v, b) and not addressTakenVariable(v) and not isReferenceVar(v) and b.isReachable() @@ -142,7 +142,7 @@ library class SsaHelper extends int { */ cached predicate phi_node(StackVariable v, BasicBlock b) { - frontier_phi_node(v, b) or sanitized_custom_phi_node(v, b) + this.frontier_phi_node(v, b) or this.sanitized_custom_phi_node(v, b) } /** @@ -154,14 +154,15 @@ library class SsaHelper extends int { */ private predicate frontier_phi_node(StackVariable v, BasicBlock b) { exists(BasicBlock x | - dominanceFrontier(x, b) and ssa_defn_rec(pragma[only_bind_into](v), pragma[only_bind_into](x)) + dominanceFrontier(x, b) and + this.ssa_defn_rec(pragma[only_bind_into](v), pragma[only_bind_into](x)) ) and /* We can also eliminate those nodes where the variable is not live on any incoming edge */ live_at_start_of_bb(pragma[only_bind_into](v), b) } private predicate ssa_defn_rec(StackVariable v, BasicBlock b) { - phi_node(v, b) + this.phi_node(v, b) or variableUpdate(v, _, b, _) } @@ -172,7 +173,7 @@ library class SsaHelper extends int { */ cached predicate ssa_defn(StackVariable v, ControlFlowNode node, BasicBlock b, int index) { - phi_node(v, b) and b.getStart() = node and index = -1 + this.phi_node(v, b) and b.getStart() = node and index = -1 or variableUpdate(v, node, b, index) } @@ -196,7 +197,7 @@ library class SsaHelper extends int { * basic blocks. */ private predicate defUseRank(StackVariable v, BasicBlock b, int rankix, int i) { - i = rank[rankix](int j | ssa_defn(v, _, b, j) or ssa_use(v, _, b, j)) + i = rank[rankix](int j | this.ssa_defn(v, _, b, j) or ssa_use(v, _, b, j)) } /** @@ -206,7 +207,7 @@ library class SsaHelper extends int { * the block. */ private int lastRank(StackVariable v, BasicBlock b) { - result = max(int rankix | defUseRank(v, b, rankix, _)) + 1 + result = max(int rankix | this.defUseRank(v, b, rankix, _)) + 1 } /** @@ -215,8 +216,8 @@ library class SsaHelper extends int { */ private predicate ssaDefRank(StackVariable v, ControlFlowNode def, BasicBlock b, int rankix) { exists(int i | - ssa_defn(v, def, b, i) and - defUseRank(v, b, rankix, i) + this.ssa_defn(v, def, b, i) and + this.defUseRank(v, b, rankix, i) ) } @@ -232,21 +233,21 @@ library class SsaHelper extends int { // use is understood to happen _before_ the definition. Phi nodes are // at rankidx -1 and will therefore always reach the first node in the // basic block. - ssaDefRank(v, def, b, rankix - 1) + this.ssaDefRank(v, def, b, rankix - 1) or - ssaDefReachesRank(v, def, b, rankix - 1) and - rankix <= lastRank(v, b) and // Without this, the predicate would be infinite. - not ssaDefRank(v, _, b, rankix - 1) // Range is inclusive of but not past next def. + this.ssaDefReachesRank(v, def, b, rankix - 1) and + rankix <= this.lastRank(v, b) and // Without this, the predicate would be infinite. + not this.ssaDefRank(v, _, b, rankix - 1) // Range is inclusive of but not past next def. } /** Holds if SSA variable `(v, def)` reaches the end of block `b`. */ cached predicate ssaDefinitionReachesEndOfBB(StackVariable v, ControlFlowNode def, BasicBlock b) { - live_at_exit_of_bb(v, b) and ssaDefReachesRank(v, def, b, lastRank(v, b)) + live_at_exit_of_bb(v, b) and this.ssaDefReachesRank(v, def, b, this.lastRank(v, b)) or exists(BasicBlock idom | - ssaDefinitionReachesEndOfBB(v, def, idom) and - noDefinitionsSinceIDominator(v, idom, b) + this.ssaDefinitionReachesEndOfBB(v, def, idom) and + this.noDefinitionsSinceIDominator(v, idom, b) ) } @@ -260,7 +261,7 @@ library class SsaHelper extends int { private predicate noDefinitionsSinceIDominator(StackVariable v, BasicBlock idom, BasicBlock b) { bbIDominates(idom, b) and // It is sufficient to traverse the dominator graph, cf. discussion above. live_at_exit_of_bb(v, b) and - not ssa_defn(v, _, b, _) + not this.ssa_defn(v, _, b, _) } /** @@ -269,8 +270,8 @@ library class SsaHelper extends int { */ private predicate ssaDefinitionReachesUseWithinBB(StackVariable v, ControlFlowNode def, Expr use) { exists(BasicBlock b, int rankix, int i | - ssaDefReachesRank(v, def, b, rankix) and - defUseRank(v, b, rankix, i) and + this.ssaDefReachesRank(v, def, b, rankix) and + this.defUseRank(v, b, rankix, i) and ssa_use(v, use, b, i) ) } @@ -279,12 +280,12 @@ library class SsaHelper extends int { * Holds if SSA variable `(v, def)` reaches the control-flow node `use`. */ private predicate ssaDefinitionReaches(StackVariable v, ControlFlowNode def, Expr use) { - ssaDefinitionReachesUseWithinBB(v, def, use) + this.ssaDefinitionReachesUseWithinBB(v, def, use) or exists(BasicBlock b | ssa_use(v, use, b, _) and - ssaDefinitionReachesEndOfBB(v, def, b.getAPredecessor()) and - not ssaDefinitionReachesUseWithinBB(v, _, use) + this.ssaDefinitionReachesEndOfBB(v, def, b.getAPredecessor()) and + not this.ssaDefinitionReachesUseWithinBB(v, _, use) ) } @@ -294,10 +295,10 @@ library class SsaHelper extends int { */ cached string toString(ControlFlowNode node, StackVariable v) { - if phi_node(v, node) + if this.phi_node(v, node) then result = "SSA phi(" + v.getName() + ")" else ( - ssa_defn(v, node, _, _) and result = "SSA def(" + v.getName() + ")" + this.ssa_defn(v, node, _, _) and result = "SSA def(" + v.getName() + ")" ) } @@ -307,7 +308,7 @@ library class SsaHelper extends int { */ cached VariableAccess getAUse(ControlFlowNode def, StackVariable v) { - ssaDefinitionReaches(v, def, result) and + this.ssaDefinitionReaches(v, def, result) and ssa_use(v, result, _, _) } } diff --git a/cpp/ql/lib/semmle/code/cpp/exprs/ComparisonOperation.qll b/cpp/ql/lib/semmle/code/cpp/exprs/ComparisonOperation.qll index 2c6387f1844..9135e15fb49 100644 --- a/cpp/ql/lib/semmle/code/cpp/exprs/ComparisonOperation.qll +++ b/cpp/ql/lib/semmle/code/cpp/exprs/ComparisonOperation.qll @@ -76,9 +76,9 @@ class GTExpr extends RelationalOperation, @gtexpr { override string getOperator() { result = ">" } - override Expr getGreaterOperand() { result = getLeftOperand() } + override Expr getGreaterOperand() { result = this.getLeftOperand() } - override Expr getLesserOperand() { result = getRightOperand() } + override Expr getLesserOperand() { result = this.getRightOperand() } } /** @@ -92,9 +92,9 @@ class LTExpr extends RelationalOperation, @ltexpr { override string getOperator() { result = "<" } - override Expr getGreaterOperand() { result = getRightOperand() } + override Expr getGreaterOperand() { result = this.getRightOperand() } - override Expr getLesserOperand() { result = getLeftOperand() } + override Expr getLesserOperand() { result = this.getLeftOperand() } } /** @@ -108,9 +108,9 @@ class GEExpr extends RelationalOperation, @geexpr { override string getOperator() { result = ">=" } - override Expr getGreaterOperand() { result = getLeftOperand() } + override Expr getGreaterOperand() { result = this.getLeftOperand() } - override Expr getLesserOperand() { result = getRightOperand() } + override Expr getLesserOperand() { result = this.getRightOperand() } } /** @@ -124,7 +124,7 @@ class LEExpr extends RelationalOperation, @leexpr { override string getOperator() { result = "<=" } - override Expr getGreaterOperand() { result = getRightOperand() } + override Expr getGreaterOperand() { result = this.getRightOperand() } - override Expr getLesserOperand() { result = getLeftOperand() } + override Expr getLesserOperand() { result = this.getLeftOperand() } } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasConfiguration.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasConfiguration.qll index 7e12ebc1c90..8cf69dec6ef 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasConfiguration.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasConfiguration.qll @@ -22,7 +22,7 @@ private newtype TAllocation = abstract class Allocation extends TAllocation { abstract string toString(); - final string getAllocationString() { result = toString() } + final string getAllocationString() { result = this.toString() } abstract Instruction getABaseInstruction(); diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll index 4e606c1f9c5..1dd116d6c0e 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll @@ -95,7 +95,9 @@ private newtype TMemoryLocation = */ abstract class MemoryLocation extends TMemoryLocation { final string toString() { - if isMayAccess() then result = "?" + toStringInternal() else result = toStringInternal() + if this.isMayAccess() + then result = "?" + this.toStringInternal() + else result = this.toStringInternal() } abstract string toStringInternal(); @@ -110,7 +112,7 @@ abstract class MemoryLocation extends TMemoryLocation { abstract Location getLocation(); - final IRType getIRType() { result = getType().getIRType() } + final IRType getIRType() { result = this.getType().getIRType() } abstract predicate isMayAccess(); @@ -136,7 +138,7 @@ abstract class MemoryLocation extends TMemoryLocation { final predicate canReuseSsa() { none() } /** DEPRECATED: Alias for canReuseSsa */ - deprecated predicate canReuseSSA() { canReuseSsa() } + deprecated predicate canReuseSSA() { this.canReuseSsa() } } /** @@ -191,19 +193,19 @@ class VariableMemoryLocation extends TVariableMemoryLocation, AllocationMemoryLo } private string getIntervalString() { - if coversEntireVariable() + if this.coversEntireVariable() then result = "" else result = Interval::getIntervalString(startBitOffset, endBitOffset) } private string getTypeString() { - if coversEntireVariable() and type = var.getIRType() + if this.coversEntireVariable() and type = var.getIRType() then result = "" else result = "<" + languageType.toString() + ">" } final override string toStringInternal() { - result = var.toString() + getIntervalString() + getTypeString() + result = var.toString() + this.getIntervalString() + this.getTypeString() } final override Language::LanguageType getType() { @@ -236,7 +238,7 @@ class VariableMemoryLocation extends TVariableMemoryLocation, AllocationMemoryLo /** * Holds if this memory location covers the entire variable. */ - final predicate coversEntireVariable() { varIRTypeHasBitRange(startBitOffset, endBitOffset) } + final predicate coversEntireVariable() { this.varIRTypeHasBitRange(startBitOffset, endBitOffset) } pragma[noinline] private predicate varIRTypeHasBitRange(int start, int end) { @@ -262,7 +264,7 @@ class EntireAllocationMemoryLocation extends TEntireAllocationMemoryLocation, class EntireAllocationVirtualVariable extends EntireAllocationMemoryLocation, VirtualVariable { EntireAllocationVirtualVariable() { not allocationEscapes(var) and - not isMayAccess() + not this.isMayAccess() } } @@ -275,8 +277,8 @@ class VariableVirtualVariable extends VariableMemoryLocation, VirtualVariable { VariableVirtualVariable() { not allocationEscapes(var) and type = var.getIRType() and - coversEntireVariable() and - not isMayAccess() + this.coversEntireVariable() and + not this.isMayAccess() } } @@ -337,7 +339,7 @@ class AllNonLocalMemory extends TAllNonLocalMemory, MemoryLocation { // instruction, which provides the initial definition for all memory outside of the current // function's stack frame. This memory includes string literals and other read-only globals, so // we allow such an access to be the definition for a use of a read-only location. - not isMayAccess() + not this.isMayAccess() } } @@ -360,7 +362,7 @@ class AllAliasedMemory extends TAllAliasedMemory, MemoryLocation { final override Location getLocation() { result = irFunc.getLocation() } - final override string getUniqueId() { result = " " + toString() } + final override string getUniqueId() { result = " " + this.toString() } final override VirtualVariable getVirtualVariable() { result = TAllAliasedMemory(irFunc, false) } @@ -369,7 +371,7 @@ class AllAliasedMemory extends TAllAliasedMemory, MemoryLocation { /** A virtual variable that groups all escaped memory within a function. */ class AliasedVirtualVariable extends AllAliasedMemory, VirtualVariable { - AliasedVirtualVariable() { not isMayAccess() } + AliasedVirtualVariable() { not this.isMayAccess() } } /** diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll index 8eea58e170a..68f7a5fbdb4 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll @@ -31,42 +31,42 @@ abstract class TranslatedCall extends TranslatedExpr { // The qualifier is evaluated before the call target, because the value of // the call target may depend on the value of the qualifier for virtual // calls. - id = -2 and result = getQualifier() + id = -2 and result = this.getQualifier() or - id = -1 and result = getCallTarget() + id = -1 and result = this.getCallTarget() or - result = getArgument(id) + result = this.getArgument(id) or - id = getNumberOfArguments() and result = getSideEffects() + id = this.getNumberOfArguments() and result = this.getSideEffects() } final override Instruction getFirstInstruction() { - if exists(getQualifier()) - then result = getQualifier().getFirstInstruction() - else result = getFirstCallTargetInstruction() + if exists(this.getQualifier()) + then result = this.getQualifier().getFirstInstruction() + else result = this.getFirstCallTargetInstruction() } override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) { tag = CallTag() and opcode instanceof Opcode::Call and - resultType = getTypeForPRValue(getCallResultType()) + resultType = getTypeForPRValue(this.getCallResultType()) } override Instruction getChildSuccessor(TranslatedElement child) { - child = getQualifier() and - result = getFirstCallTargetInstruction() + child = this.getQualifier() and + result = this.getFirstCallTargetInstruction() or - child = getCallTarget() and - result = getFirstArgumentOrCallInstruction() + child = this.getCallTarget() and + result = this.getFirstArgumentOrCallInstruction() or exists(int argIndex | - child = getArgument(argIndex) and - if exists(getArgument(argIndex + 1)) - then result = getArgument(argIndex + 1).getFirstInstruction() - else result = getInstruction(CallTag()) + child = this.getArgument(argIndex) and + if exists(this.getArgument(argIndex + 1)) + then result = this.getArgument(argIndex + 1).getFirstInstruction() + else result = this.getInstruction(CallTag()) ) or - child = getSideEffects() and + child = this.getSideEffects() and if this.isNoReturn() then result = @@ -79,26 +79,26 @@ abstract class TranslatedCall extends TranslatedExpr { override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) { kind instanceof GotoEdge and tag = CallTag() and - result = getSideEffects().getFirstInstruction() + result = this.getSideEffects().getFirstInstruction() } override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) { tag = CallTag() and ( operandTag instanceof CallTargetOperandTag and - result = getCallTargetResult() + result = this.getCallTargetResult() or operandTag instanceof ThisArgumentOperandTag and - result = getQualifierResult() + result = this.getQualifierResult() or exists(PositionalArgumentOperandTag argTag | argTag = operandTag and - result = getArgument(argTag.getArgIndex()).getResult() + result = this.getArgument(argTag.getArgIndex()).getResult() ) ) } - final override Instruction getResult() { result = getInstruction(CallTag()) } + final override Instruction getResult() { result = this.getInstruction(CallTag()) } /** * Gets the result type of the call. @@ -108,7 +108,7 @@ abstract class TranslatedCall extends TranslatedExpr { /** * Holds if the call has a `this` argument. */ - predicate hasQualifier() { exists(getQualifier()) } + predicate hasQualifier() { exists(this.getQualifier()) } /** * Gets the `TranslatedExpr` for the indirect target of the call, if any. @@ -121,7 +121,9 @@ abstract class TranslatedCall extends TranslatedExpr { * it can be overridden by a subclass for cases where there is a call target * that is not computed from an expression (e.g. a direct call). */ - Instruction getFirstCallTargetInstruction() { result = getCallTarget().getFirstInstruction() } + Instruction getFirstCallTargetInstruction() { + result = this.getCallTarget().getFirstInstruction() + } /** * Gets the instruction whose result value is the target of the call. By @@ -129,7 +131,7 @@ abstract class TranslatedCall extends TranslatedExpr { * overridden by a subclass for cases where there is a call target that is not * computed from an expression (e.g. a direct call). */ - Instruction getCallTargetResult() { result = getCallTarget().getResult() } + Instruction getCallTargetResult() { result = this.getCallTarget().getResult() } /** * Gets the `TranslatedExpr` for the qualifier of the call (i.e. the value @@ -143,7 +145,7 @@ abstract class TranslatedCall extends TranslatedExpr { * overridden by a subclass for cases where there is a `this` argument that is * not computed from a child expression (e.g. a constructor call). */ - Instruction getQualifierResult() { result = getQualifier().getResult() } + Instruction getQualifierResult() { result = this.getQualifier().getResult() } /** * Gets the argument with the specified `index`. Does not include the `this` @@ -158,9 +160,9 @@ abstract class TranslatedCall extends TranslatedExpr { * argument. Otherwise, returns the call instruction. */ final Instruction getFirstArgumentOrCallInstruction() { - if hasArguments() - then result = getArgument(0).getFirstInstruction() - else result = getInstruction(CallTag()) + if this.hasArguments() + then result = this.getArgument(0).getFirstInstruction() + else result = this.getInstruction(CallTag()) } /** @@ -184,17 +186,17 @@ abstract class TranslatedSideEffects extends TranslatedElement { /** Gets the expression whose side effects are being modeled. */ abstract Expr getExpr(); - final override Locatable getAst() { result = getExpr() } + final override Locatable getAst() { result = this.getExpr() } /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = getAst() } + deprecated override Locatable getAST() { result = this.getAst() } - final override Declaration getFunction() { result = getEnclosingDeclaration(getExpr()) } + final override Declaration getFunction() { result = getEnclosingDeclaration(this.getExpr()) } final override TranslatedElement getChild(int i) { result = rank[i + 1](TranslatedSideEffect tse, int group, int indexInGroup | - tse.getPrimaryExpr() = getExpr() and + tse.getPrimaryExpr() = this.getExpr() and tse.sortOrder(group, indexInGroup) | tse order by group, indexInGroup @@ -203,10 +205,10 @@ abstract class TranslatedSideEffects extends TranslatedElement { final override Instruction getChildSuccessor(TranslatedElement te) { exists(int i | - getChild(i) = te and - if exists(getChild(i + 1)) - then result = getChild(i + 1).getFirstInstruction() - else result = getParent().getChildSuccessor(this) + this.getChild(i) = te and + if exists(this.getChild(i + 1)) + then result = this.getChild(i + 1).getFirstInstruction() + else result = this.getParent().getChildSuccessor(this) ) } @@ -215,10 +217,10 @@ abstract class TranslatedSideEffects extends TranslatedElement { } final override Instruction getFirstInstruction() { - result = getChild(0).getFirstInstruction() + result = this.getChild(0).getFirstInstruction() or // Some functions, like `std::move()`, have no side effects whatsoever. - not exists(getChild(0)) and result = getParent().getChildSuccessor(this) + not exists(this.getChild(0)) and result = this.getParent().getChildSuccessor(this) } final override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) { none() } @@ -234,10 +236,10 @@ abstract class TranslatedSideEffects extends TranslatedElement { */ abstract class TranslatedDirectCall extends TranslatedCall { final override Instruction getFirstCallTargetInstruction() { - result = getInstruction(CallTargetTag()) + result = this.getInstruction(CallTargetTag()) } - final override Instruction getCallTargetResult() { result = getInstruction(CallTargetTag()) } + final override Instruction getCallTargetResult() { result = this.getInstruction(CallTargetTag()) } override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) { TranslatedCall.super.hasInstruction(opcode, tag, resultType) @@ -252,7 +254,7 @@ abstract class TranslatedDirectCall extends TranslatedCall { or tag = CallTargetTag() and kind instanceof GotoEdge and - result = getFirstArgumentOrCallInstruction() + result = this.getFirstArgumentOrCallInstruction() } } @@ -301,12 +303,12 @@ class TranslatedFunctionCall extends TranslatedCallExpr, TranslatedDirectCall { } override Instruction getQualifierResult() { - hasQualifier() and - result = getQualifier().getResult() + this.hasQualifier() and + result = this.getQualifier().getResult() } override predicate hasQualifier() { - exists(getQualifier()) and + exists(this.getQualifier()) and not exists(MemberFunction func | expr.getTarget() = func and func.isStatic()) } } @@ -322,7 +324,7 @@ class TranslatedStructorCall extends TranslatedFunctionCall { override Instruction getQualifierResult() { exists(StructorCallContext context | - context = getParent() and + context = this.getParent() and result = context.getReceiver() ) } @@ -373,24 +375,26 @@ abstract class TranslatedSideEffect extends TranslatedElement { final override Instruction getChildSuccessor(TranslatedElement child) { none() } - final override Instruction getFirstInstruction() { result = getInstruction(OnlyInstructionTag()) } + final override Instruction getFirstInstruction() { + result = this.getInstruction(OnlyInstructionTag()) + } final override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType type) { tag = OnlyInstructionTag() and - sideEffectInstruction(opcode, type) + this.sideEffectInstruction(opcode, type) } final override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) { - result = getParent().getChildSuccessor(this) and + result = this.getParent().getChildSuccessor(this) and tag = OnlyInstructionTag() and kind instanceof GotoEdge } - final override Declaration getFunction() { result = getParent().getFunction() } + final override Declaration getFunction() { result = this.getParent().getFunction() } final override Instruction getPrimaryInstructionForSideEffect(InstructionTag tag) { tag = OnlyInstructionTag() and - result = getParent().(TranslatedSideEffects).getPrimaryInstruction() + result = this.getParent().(TranslatedSideEffects).getPrimaryInstruction() } /** @@ -428,18 +432,18 @@ abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect { TranslatedArgumentSideEffect() { any() } override string toString() { - isWrite() and - result = "(write side effect for " + getArgString() + ")" + this.isWrite() and + result = "(write side effect for " + this.getArgString() + ")" or - not isWrite() and - result = "(read side effect for " + getArgString() + ")" + not this.isWrite() and + result = "(read side effect for " + this.getArgString() + ")" } override Call getPrimaryExpr() { result = call } override predicate sortOrder(int group, int indexInGroup) { indexInGroup = index and - if isWrite() then group = argumentWriteGroup() else group = argumentReadGroup() + if this.isWrite() then group = argumentWriteGroup() else group = argumentReadGroup() } final override int getInstructionIndex(InstructionTag tag) { @@ -450,20 +454,20 @@ abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect { final override predicate sideEffectInstruction(Opcode opcode, CppType type) { opcode = sideEffectOpcode and ( - isWrite() and + this.isWrite() and ( opcode instanceof BufferAccessOpcode and type = getUnknownType() or not opcode instanceof BufferAccessOpcode and - exists(Type indirectionType | indirectionType = getIndirectionType() | + exists(Type indirectionType | indirectionType = this.getIndirectionType() | if indirectionType instanceof VoidType then type = getUnknownType() else type = getTypeForPRValueOrUnknown(indirectionType) ) ) or - not isWrite() and + not this.isWrite() and type = getVoidType() ) } @@ -471,7 +475,7 @@ abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect { final override CppType getInstructionMemoryOperandType( InstructionTag tag, TypedOperandTag operandTag ) { - not isWrite() and + not this.isWrite() and if sideEffectOpcode instanceof BufferAccessOpcode then result = getUnknownType() and @@ -480,7 +484,7 @@ abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect { else exists(Type operandType | tag instanceof OnlyInstructionTag and - operandType = getIndirectionType() and + operandType = this.getIndirectionType() and operandTag instanceof SideEffectOperandTag | // If the type we select is an incomplete type (e.g. a forward-declared `struct`), there will @@ -492,7 +496,7 @@ abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect { final override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) { tag instanceof OnlyInstructionTag and operandTag instanceof AddressOperandTag and - result = getArgInstruction() + result = this.getArgInstruction() or tag instanceof OnlyInstructionTag and operandTag instanceof BufferSizeOperandTag and @@ -533,7 +537,7 @@ class TranslatedArgumentExprSideEffect extends TranslatedArgumentSideEffect, final override Locatable getAst() { result = arg } /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = getAst() } + deprecated override Locatable getAST() { result = this.getAst() } final override Type getIndirectionType() { result = arg.getUnspecifiedType().(DerivedType).getBaseType() @@ -568,7 +572,7 @@ class TranslatedStructorQualifierSideEffect extends TranslatedArgumentSideEffect final override Locatable getAst() { result = call } /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = getAst() } + deprecated override Locatable getAST() { result = this.getAst() } final override Type getIndirectionType() { result = call.getTarget().getDeclaringType() } @@ -592,7 +596,7 @@ class TranslatedCallSideEffect extends TranslatedSideEffect, TTranslatedCallSide override Locatable getAst() { result = expr } /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = getAst() } + deprecated override Locatable getAST() { result = this.getAst() } override Expr getPrimaryExpr() { result = expr } @@ -633,7 +637,7 @@ class TranslatedAllocationSideEffect extends TranslatedSideEffect, TTranslatedAl override Locatable getAst() { result = expr } /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = getAst() } + deprecated override Locatable getAST() { result = this.getAst() } override Expr getPrimaryExpr() { result = expr } @@ -646,7 +650,7 @@ class TranslatedAllocationSideEffect extends TranslatedSideEffect, TTranslatedAl override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) { tag = OnlyInstructionTag() and operandTag = addressOperand() and - result = getPrimaryInstructionForSideEffect(OnlyInstructionTag()) + result = this.getPrimaryInstructionForSideEffect(OnlyInstructionTag()) } override predicate sideEffectInstruction(Opcode opcode, CppType type) { diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCondition.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCondition.qll index 29b931e0ab6..30755f0f000 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCondition.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCondition.qll @@ -22,9 +22,9 @@ abstract class TranslatedCondition extends TranslatedElement { final override Locatable getAst() { result = expr } /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = getAst() } + deprecated override Locatable getAST() { result = this.getAst() } - final ConditionContext getConditionContext() { result = getParent() } + final ConditionContext getConditionContext() { result = this.getParent() } final Expr getExpr() { result = expr } @@ -42,9 +42,11 @@ abstract class TranslatedFlexibleCondition extends TranslatedCondition, Conditio { TranslatedFlexibleCondition() { this = TTranslatedFlexibleCondition(expr) } - final override TranslatedElement getChild(int id) { id = 0 and result = getOperand() } + final override TranslatedElement getChild(int id) { id = 0 and result = this.getOperand() } - final override Instruction getFirstInstruction() { result = getOperand().getFirstInstruction() } + final override Instruction getFirstInstruction() { + result = this.getOperand().getFirstInstruction() + } final override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) { none() @@ -61,13 +63,13 @@ class TranslatedParenthesisCondition extends TranslatedFlexibleCondition { override ParenthesisExpr expr; final override Instruction getChildTrueSuccessor(TranslatedCondition child) { - child = getOperand() and - result = getConditionContext().getChildTrueSuccessor(this) + child = this.getOperand() and + result = this.getConditionContext().getChildTrueSuccessor(this) } final override Instruction getChildFalseSuccessor(TranslatedCondition child) { - child = getOperand() and - result = getConditionContext().getChildFalseSuccessor(this) + child = this.getOperand() and + result = this.getConditionContext().getChildFalseSuccessor(this) } final override TranslatedCondition getOperand() { @@ -79,13 +81,13 @@ class TranslatedNotCondition extends TranslatedFlexibleCondition { override NotExpr expr; override Instruction getChildTrueSuccessor(TranslatedCondition child) { - child = getOperand() and - result = getConditionContext().getChildFalseSuccessor(this) + child = this.getOperand() and + result = this.getConditionContext().getChildFalseSuccessor(this) } override Instruction getChildFalseSuccessor(TranslatedCondition child) { - child = getOperand() and - result = getConditionContext().getChildTrueSuccessor(this) + child = this.getOperand() and + result = this.getConditionContext().getChildTrueSuccessor(this) } override TranslatedCondition getOperand() { @@ -103,13 +105,13 @@ abstract class TranslatedBinaryLogicalOperation extends TranslatedNativeConditio override BinaryLogicalOperation expr; final override TranslatedElement getChild(int id) { - id = 0 and result = getLeftOperand() + id = 0 and result = this.getLeftOperand() or - id = 1 and result = getRightOperand() + id = 1 and result = this.getRightOperand() } final override Instruction getFirstInstruction() { - result = getLeftOperand().getFirstInstruction() + result = this.getLeftOperand().getFirstInstruction() } final override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) { @@ -131,16 +133,16 @@ class TranslatedLogicalAndExpr extends TranslatedBinaryLogicalOperation { TranslatedLogicalAndExpr() { expr instanceof LogicalAndExpr } override Instruction getChildTrueSuccessor(TranslatedCondition child) { - child = getLeftOperand() and - result = getRightOperand().getFirstInstruction() + child = this.getLeftOperand() and + result = this.getRightOperand().getFirstInstruction() or - child = getRightOperand() and - result = getConditionContext().getChildTrueSuccessor(this) + child = this.getRightOperand() and + result = this.getConditionContext().getChildTrueSuccessor(this) } override Instruction getChildFalseSuccessor(TranslatedCondition child) { - (child = getLeftOperand() or child = getRightOperand()) and - result = getConditionContext().getChildFalseSuccessor(this) + (child = this.getLeftOperand() or child = this.getRightOperand()) and + result = this.getConditionContext().getChildFalseSuccessor(this) } } @@ -148,25 +150,25 @@ class TranslatedLogicalOrExpr extends TranslatedBinaryLogicalOperation { override LogicalOrExpr expr; override Instruction getChildTrueSuccessor(TranslatedCondition child) { - (child = getLeftOperand() or child = getRightOperand()) and - result = getConditionContext().getChildTrueSuccessor(this) + (child = this.getLeftOperand() or child = this.getRightOperand()) and + result = this.getConditionContext().getChildTrueSuccessor(this) } override Instruction getChildFalseSuccessor(TranslatedCondition child) { - child = getLeftOperand() and - result = getRightOperand().getFirstInstruction() + child = this.getLeftOperand() and + result = this.getRightOperand().getFirstInstruction() or - child = getRightOperand() and - result = getConditionContext().getChildFalseSuccessor(this) + child = this.getRightOperand() and + result = this.getConditionContext().getChildFalseSuccessor(this) } } class TranslatedValueCondition extends TranslatedCondition, TTranslatedValueCondition { TranslatedValueCondition() { this = TTranslatedValueCondition(expr) } - override TranslatedElement getChild(int id) { id = 0 and result = getValueExpr() } + override TranslatedElement getChild(int id) { id = 0 and result = this.getValueExpr() } - override Instruction getFirstInstruction() { result = getValueExpr().getFirstInstruction() } + override Instruction getFirstInstruction() { result = this.getValueExpr().getFirstInstruction() } override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) { tag = ValueConditionConditionalBranchTag() and @@ -175,25 +177,25 @@ class TranslatedValueCondition extends TranslatedCondition, TTranslatedValueCond } override Instruction getChildSuccessor(TranslatedElement child) { - child = getValueExpr() and - result = getInstruction(ValueConditionConditionalBranchTag()) + child = this.getValueExpr() and + result = this.getInstruction(ValueConditionConditionalBranchTag()) } override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) { tag = ValueConditionConditionalBranchTag() and ( kind instanceof TrueEdge and - result = getConditionContext().getChildTrueSuccessor(this) + result = this.getConditionContext().getChildTrueSuccessor(this) or kind instanceof FalseEdge and - result = getConditionContext().getChildFalseSuccessor(this) + result = this.getConditionContext().getChildFalseSuccessor(this) ) } override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) { tag = ValueConditionConditionalBranchTag() and operandTag instanceof ConditionOperandTag and - result = getValueExpr().getResult() + result = this.getValueExpr().getResult() } private TranslatedExpr getValueExpr() { result = getTranslatedExpr(expr) } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedDeclarationEntry.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedDeclarationEntry.qll index 2b959f21df4..df2e8879341 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedDeclarationEntry.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedDeclarationEntry.qll @@ -47,7 +47,7 @@ abstract class TranslatedDeclarationEntry extends TranslatedElement, TTranslated final override Locatable getAst() { result = entry.getAst() } /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = getAst() } + deprecated override Locatable getAST() { result = this.getAst() } } /** @@ -60,19 +60,19 @@ abstract class TranslatedLocalVariableDeclaration extends TranslatedVariableInit */ abstract LocalVariable getVariable(); - final override Type getTargetType() { result = getVariableType(getVariable()) } + final override Type getTargetType() { result = getVariableType(this.getVariable()) } final override TranslatedInitialization getInitialization() { result = - getTranslatedInitialization(getVariable().getInitializer().getExpr().getFullyConverted()) + getTranslatedInitialization(this.getVariable().getInitializer().getExpr().getFullyConverted()) } final override Instruction getInitializationSuccessor() { - result = getParent().getChildSuccessor(this) + result = this.getParent().getChildSuccessor(this) } final override IRVariable getIRVariable() { - result = getIRUserVariable(getFunction(), getVariable()) + result = getIRUserVariable(this.getFunction(), this.getVariable()) } } @@ -123,7 +123,7 @@ class TranslatedStaticLocalVariableDeclarationEntry extends TranslatedDeclaratio TranslatedStaticLocalVariableDeclarationEntry() { var = entry.getDeclaration() } - final override TranslatedElement getChild(int id) { id = 0 and result = getInitialization() } + final override TranslatedElement getChild(int id) { id = 0 and result = this.getInitialization() } final override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType type) { tag = DynamicInitializationFlagAddressTag() and @@ -148,39 +148,39 @@ class TranslatedStaticLocalVariableDeclarationEntry extends TranslatedDeclaratio } final override Instruction getFirstInstruction() { - result = getInstruction(DynamicInitializationFlagAddressTag()) + result = this.getInstruction(DynamicInitializationFlagAddressTag()) } final override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) { tag = DynamicInitializationFlagAddressTag() and kind instanceof GotoEdge and - result = getInstruction(DynamicInitializationFlagLoadTag()) + result = this.getInstruction(DynamicInitializationFlagLoadTag()) or tag = DynamicInitializationFlagLoadTag() and kind instanceof GotoEdge and - result = getInstruction(DynamicInitializationConditionalBranchTag()) + result = this.getInstruction(DynamicInitializationConditionalBranchTag()) or tag = DynamicInitializationConditionalBranchTag() and ( kind instanceof TrueEdge and - result = getParent().getChildSuccessor(this) + result = this.getParent().getChildSuccessor(this) or kind instanceof FalseEdge and - result = getInitialization().getFirstInstruction() + result = this.getInitialization().getFirstInstruction() ) or tag = DynamicInitializationFlagConstantTag() and kind instanceof GotoEdge and - result = getInstruction(DynamicInitializationFlagStoreTag()) + result = this.getInstruction(DynamicInitializationFlagStoreTag()) or tag = DynamicInitializationFlagStoreTag() and kind instanceof GotoEdge and - result = getParent().getChildSuccessor(this) + result = this.getParent().getChildSuccessor(this) } final override Instruction getChildSuccessor(TranslatedElement child) { - child = getInitialization() and - result = getInstruction(DynamicInitializationFlagConstantTag()) + child = this.getInitialization() and + result = this.getInstruction(DynamicInitializationFlagConstantTag()) } final override IRDynamicInitializationFlag getInstructionVariable(InstructionTag tag) { @@ -196,20 +196,20 @@ class TranslatedStaticLocalVariableDeclarationEntry extends TranslatedDeclaratio tag = DynamicInitializationFlagLoadTag() and ( operandTag instanceof AddressOperandTag and - result = getInstruction(DynamicInitializationFlagAddressTag()) + result = this.getInstruction(DynamicInitializationFlagAddressTag()) ) or tag = DynamicInitializationConditionalBranchTag() and operandTag instanceof ConditionOperandTag and - result = getInstruction(DynamicInitializationFlagLoadTag()) + result = this.getInstruction(DynamicInitializationFlagLoadTag()) or tag = DynamicInitializationFlagStoreTag() and ( operandTag instanceof AddressOperandTag and - result = getInstruction(DynamicInitializationFlagAddressTag()) + result = this.getInstruction(DynamicInitializationFlagAddressTag()) or operandTag instanceof StoreValueOperandTag and - result = getInstruction(DynamicInitializationFlagConstantTag()) + result = this.getInstruction(DynamicInitializationFlagConstantTag()) ) } @@ -238,7 +238,7 @@ class TranslatedStaticLocalVariableInitialization extends TranslatedElement, final override Locatable getAst() { result = entry.getAst() } /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = getAst() } + deprecated override Locatable getAST() { result = this.getAst() } final override LocalVariable getVariable() { result = var } @@ -267,7 +267,7 @@ class TranslatedConditionDecl extends TranslatedLocalVariableDeclaration, TTrans override Locatable getAst() { result = conditionDeclExpr } /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = getAst() } + deprecated override Locatable getAST() { result = this.getAst() } override Declaration getFunction() { result = getEnclosingFunction(conditionDeclExpr) } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedFunction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedFunction.qll index d02cb716fe5..5c5ee3c04c1 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedFunction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedFunction.qll @@ -68,7 +68,7 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction { final override Locatable getAst() { result = func } /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = getAst() } + deprecated override Locatable getAST() { result = this.getAst() } /** * Gets the function being translated. @@ -76,15 +76,15 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction { final override Function getFunction() { result = func } final override TranslatedElement getChild(int id) { - id = -5 and result = getReadEffects() + id = -5 and result = this.getReadEffects() or - id = -4 and result = getConstructorInitList() + id = -4 and result = this.getConstructorInitList() or - id = -3 and result = getBody() + id = -3 and result = this.getBody() or - id = -2 and result = getDestructorDestructionList() + id = -2 and result = this.getDestructorDestructionList() or - id >= -1 and result = getParameter(id) + id >= -1 and result = this.getParameter(id) } final private TranslatedConstructorInitList getConstructorInitList() { @@ -109,64 +109,66 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction { result = getTranslatedEllipsisParameter(func) } - final override Instruction getFirstInstruction() { result = getInstruction(EnterFunctionTag()) } + final override Instruction getFirstInstruction() { + result = this.getInstruction(EnterFunctionTag()) + } final override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) { kind instanceof GotoEdge and ( tag = EnterFunctionTag() and - result = getInstruction(AliasedDefinitionTag()) + result = this.getInstruction(AliasedDefinitionTag()) or tag = AliasedDefinitionTag() and - result = getInstruction(InitializeNonLocalTag()) + result = this.getInstruction(InitializeNonLocalTag()) or ( tag = InitializeNonLocalTag() and - if exists(getThisType()) - then result = getParameter(-1).getFirstInstruction() + if exists(this.getThisType()) + then result = this.getParameter(-1).getFirstInstruction() else - if exists(getParameter(0)) - then result = getParameter(0).getFirstInstruction() - else result = getBody().getFirstInstruction() + if exists(this.getParameter(0)) + then result = this.getParameter(0).getFirstInstruction() + else result = this.getBody().getFirstInstruction() ) or tag = ReturnValueAddressTag() and - result = getInstruction(ReturnTag()) + result = this.getInstruction(ReturnTag()) or tag = ReturnTag() and - result = getInstruction(AliasedUseTag()) + result = this.getInstruction(AliasedUseTag()) or tag = UnwindTag() and - result = getInstruction(AliasedUseTag()) + result = this.getInstruction(AliasedUseTag()) or tag = AliasedUseTag() and - result = getInstruction(ExitFunctionTag()) + result = this.getInstruction(ExitFunctionTag()) ) } final override Instruction getChildSuccessor(TranslatedElement child) { exists(int paramIndex | - child = getParameter(paramIndex) and + child = this.getParameter(paramIndex) and if exists(func.getParameter(paramIndex + 1)) or getEllipsisParameterIndexForFunction(func) = paramIndex + 1 - then result = getParameter(paramIndex + 1).getFirstInstruction() - else result = getConstructorInitList().getFirstInstruction() + then result = this.getParameter(paramIndex + 1).getFirstInstruction() + else result = this.getConstructorInitList().getFirstInstruction() ) or - child = getConstructorInitList() and - result = getBody().getFirstInstruction() + child = this.getConstructorInitList() and + result = this.getBody().getFirstInstruction() or - child = getBody() and - result = getReturnSuccessorInstruction() + child = this.getBody() and + result = this.getReturnSuccessorInstruction() or - child = getDestructorDestructionList() and - result = getReadEffects().getFirstInstruction() + child = this.getDestructorDestructionList() and + result = this.getReadEffects().getFirstInstruction() or - child = getReadEffects() and - if hasReturnValue() - then result = getInstruction(ReturnValueAddressTag()) - else result = getInstruction(ReturnTag()) + child = this.getReadEffects() and + if this.hasReturnValue() + then result = this.getInstruction(ReturnValueAddressTag()) + else result = this.getInstruction(ReturnTag()) } final override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) { @@ -185,13 +187,13 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction { or tag = ReturnValueAddressTag() and opcode instanceof Opcode::VariableAddress and - resultType = getTypeForGLValue(getReturnType()) and - hasReturnValue() + resultType = getTypeForGLValue(this.getReturnType()) and + this.hasReturnValue() or ( tag = ReturnTag() and resultType = getVoidType() and - if hasReturnValue() + if this.hasReturnValue() then opcode instanceof Opcode::ReturnValue else opcode instanceof Opcode::ReturnVoid ) @@ -217,23 +219,23 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction { } final override Instruction getExceptionSuccessorInstruction() { - result = getInstruction(UnwindTag()) + result = this.getInstruction(UnwindTag()) } final override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) { tag = ReturnTag() and - hasReturnValue() and + this.hasReturnValue() and operandTag instanceof AddressOperandTag and - result = getInstruction(ReturnValueAddressTag()) + result = this.getInstruction(ReturnValueAddressTag()) } final override CppType getInstructionMemoryOperandType( InstructionTag tag, TypedOperandTag operandTag ) { tag = ReturnTag() and - hasReturnValue() and + this.hasReturnValue() and operandTag instanceof LoadOperandTag and - result = getTypeForPRValue(getReturnType()) + result = getTypeForPRValue(this.getReturnType()) or tag = AliasedUseTag() and operandTag instanceof SideEffectOperandTag and @@ -242,7 +244,7 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction { final override IRVariable getInstructionVariable(InstructionTag tag) { tag = ReturnValueAddressTag() and - result = getReturnVariable() + result = this.getReturnVariable() } final override predicate needsUnknownOpaqueType(int byteSize) { @@ -251,15 +253,15 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction { final override predicate hasTempVariable(TempVariableTag tag, CppType type) { tag = ReturnValueTempVar() and - hasReturnValue() and - type = getTypeForPRValue(getReturnType()) + this.hasReturnValue() and + type = getTypeForPRValue(this.getReturnType()) or tag = EllipsisTempVar() and func.isVarargs() and type = getEllipsisVariablePRValueType() or tag = ThisTempVar() and - type = getTypeForGLValue(getThisType()) + type = getTypeForGLValue(this.getThisType()) } /** @@ -267,7 +269,7 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction { * statement. */ final Instruction getReturnSuccessorInstruction() { - result = getDestructorDestructionList().getFirstInstruction() + result = this.getDestructorDestructionList().getFirstInstruction() } /** @@ -368,25 +370,25 @@ abstract class TranslatedParameter extends TranslatedElement { final override TranslatedElement getChild(int id) { none() } final override Instruction getFirstInstruction() { - result = getInstruction(InitializerVariableAddressTag()) + result = this.getInstruction(InitializerVariableAddressTag()) } final override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) { kind instanceof GotoEdge and ( tag = InitializerVariableAddressTag() and - result = getInstruction(InitializerStoreTag()) + result = this.getInstruction(InitializerStoreTag()) or tag = InitializerStoreTag() and - if hasIndirection() - then result = getInstruction(InitializerIndirectAddressTag()) - else result = getParent().getChildSuccessor(this) + if this.hasIndirection() + then result = this.getInstruction(InitializerIndirectAddressTag()) + else result = this.getParent().getChildSuccessor(this) or tag = InitializerIndirectAddressTag() and - result = getInstruction(InitializerIndirectStoreTag()) + result = this.getInstruction(InitializerIndirectStoreTag()) or tag = InitializerIndirectStoreTag() and - result = getParent().getChildSuccessor(this) + result = this.getParent().getChildSuccessor(this) ) } @@ -395,21 +397,21 @@ abstract class TranslatedParameter extends TranslatedElement { final override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) { tag = InitializerVariableAddressTag() and opcode instanceof Opcode::VariableAddress and - resultType = getGLValueType() + resultType = this.getGLValueType() or tag = InitializerStoreTag() and opcode instanceof Opcode::InitializeParameter and - resultType = getPRValueType() + resultType = this.getPRValueType() or - hasIndirection() and + this.hasIndirection() and tag = InitializerIndirectAddressTag() and opcode instanceof Opcode::Load and - resultType = getPRValueType() + resultType = this.getPRValueType() or - hasIndirection() and + this.hasIndirection() and tag = InitializerIndirectStoreTag() and opcode instanceof Opcode::InitializeIndirection and - resultType = getInitializationResultType() + resultType = this.getInitializationResultType() } final override IRVariable getInstructionVariable(InstructionTag tag) { @@ -418,26 +420,26 @@ abstract class TranslatedParameter extends TranslatedElement { tag = InitializerVariableAddressTag() or tag = InitializerIndirectStoreTag() ) and - result = getIRVariable() + result = this.getIRVariable() } final override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) { tag = InitializerStoreTag() and ( operandTag instanceof AddressOperandTag and - result = getInstruction(InitializerVariableAddressTag()) + result = this.getInstruction(InitializerVariableAddressTag()) ) or // this feels a little strange, but I think it's the best we can do tag = InitializerIndirectAddressTag() and ( operandTag instanceof AddressOperandTag and - result = getInstruction(InitializerVariableAddressTag()) + result = this.getInstruction(InitializerVariableAddressTag()) ) or tag = InitializerIndirectStoreTag() and operandTag instanceof AddressOperandTag and - result = getInstruction(InitializerIndirectAddressTag()) + result = this.getInstruction(InitializerIndirectAddressTag()) } abstract predicate hasIndirection(); @@ -465,7 +467,7 @@ class TranslatedThisParameter extends TranslatedParameter, TTranslatedThisParame final override Locatable getAst() { result = func } /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = getAst() } + deprecated override Locatable getAST() { result = this.getAst() } final override Function getFunction() { result = func } @@ -500,7 +502,7 @@ class TranslatedPositionalParameter extends TranslatedParameter, TTranslatedPara final override Locatable getAst() { result = param } /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = getAst() } + deprecated override Locatable getAST() { result = this.getAst() } final override Function getFunction() { result = param.getFunction() or @@ -522,7 +524,7 @@ class TranslatedPositionalParameter extends TranslatedParameter, TTranslatedPara final override CppType getInitializationResultType() { result = getUnknownType() } final override IRAutomaticUserVariable getIRVariable() { - result = getIRUserVariable(getFunction(), param) + result = getIRUserVariable(this.getFunction(), param) } } @@ -540,7 +542,7 @@ class TranslatedEllipsisParameter extends TranslatedParameter, TTranslatedEllips final override Locatable getAst() { result = func } /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = getAst() } + deprecated override Locatable getAST() { result = this.getAst() } final override Function getFunction() { result = func } @@ -579,7 +581,7 @@ class TranslatedConstructorInitList extends TranslatedElement, InitializationCon override Locatable getAst() { result = func } /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = getAst() } + deprecated override Locatable getAST() { result = this.getAst() } override TranslatedElement getChild(int id) { exists(ConstructorFieldInit fieldInit | @@ -599,9 +601,9 @@ class TranslatedConstructorInitList extends TranslatedElement, InitializationCon } override Instruction getFirstInstruction() { - if exists(getChild(0)) - then result = getChild(0).getFirstInstruction() - else result = getParent().getChildSuccessor(this) + if exists(this.getChild(0)) + then result = this.getChild(0).getFirstInstruction() + else result = this.getParent().getChildSuccessor(this) } override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) { @@ -614,10 +616,10 @@ class TranslatedConstructorInitList extends TranslatedElement, InitializationCon override Instruction getChildSuccessor(TranslatedElement child) { exists(int id | - child = getChild(id) and - if exists(getChild(id + 1)) - then result = getChild(id + 1).getFirstInstruction() - else result = getParent().getChildSuccessor(this) + child = this.getChild(id) and + if exists(this.getChild(id + 1)) + then result = this.getChild(id + 1).getFirstInstruction() + else result = this.getParent().getChildSuccessor(this) ) } @@ -651,7 +653,7 @@ class TranslatedDestructorDestructionList extends TranslatedElement, override Locatable getAst() { result = func } /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = getAst() } + deprecated override Locatable getAST() { result = this.getAst() } override TranslatedElement getChild(int id) { exists(DestructorFieldDestruction fieldDestruction | @@ -666,9 +668,9 @@ class TranslatedDestructorDestructionList extends TranslatedElement, } override Instruction getFirstInstruction() { - if exists(getChild(0)) - then result = getChild(0).getFirstInstruction() - else result = getParent().getChildSuccessor(this) + if exists(this.getChild(0)) + then result = this.getChild(0).getFirstInstruction() + else result = this.getParent().getChildSuccessor(this) } override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) { @@ -681,10 +683,10 @@ class TranslatedDestructorDestructionList extends TranslatedElement, override Instruction getChildSuccessor(TranslatedElement child) { exists(int id | - child = getChild(id) and - if exists(getChild(id + 1)) - then result = getChild(id + 1).getFirstInstruction() - else result = getParent().getChildSuccessor(this) + child = this.getChild(id) and + if exists(this.getChild(id + 1)) + then result = this.getChild(id + 1).getFirstInstruction() + else result = this.getParent().getChildSuccessor(this) ) } } @@ -699,7 +701,7 @@ class TranslatedReadEffects extends TranslatedElement, TTranslatedReadEffects { override Locatable getAst() { result = func } /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = getAst() } + deprecated override Locatable getAST() { result = this.getAst() } override Function getFunction() { result = func } @@ -713,25 +715,25 @@ class TranslatedReadEffects extends TranslatedElement, TTranslatedReadEffects { } override Instruction getFirstInstruction() { - if exists(getAChild()) + if exists(this.getAChild()) then result = - min(TranslatedElement child, int id | child = getChild(id) | child order by id) + min(TranslatedElement child, int id | child = this.getChild(id) | child order by id) .getFirstInstruction() - else result = getParent().getChildSuccessor(this) + else result = this.getParent().getChildSuccessor(this) } override Instruction getChildSuccessor(TranslatedElement child) { - exists(int id | child = getChild(id) | - if exists(TranslatedReadEffect child2, int id2 | id2 > id and child2 = getChild(id2)) + exists(int id | child = this.getChild(id) | + if exists(TranslatedReadEffect child2, int id2 | id2 > id and child2 = this.getChild(id2)) then result = min(TranslatedReadEffect child2, int id2 | - child2 = getChild(id2) and id2 > id + child2 = this.getChild(id2) and id2 > id | child2 order by id2 ).getFirstInstruction() - else result = getParent().getChildSuccessor(this) + else result = this.getParent().getChildSuccessor(this) ) } @@ -758,10 +760,10 @@ abstract class TranslatedReadEffect extends TranslatedElement { override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) { tag = OnlyInstructionTag() and kind = EdgeKind::gotoEdge() and - result = getParent().getChildSuccessor(this) + result = this.getParent().getChildSuccessor(this) } - override Instruction getFirstInstruction() { result = getInstruction(OnlyInstructionTag()) } + override Instruction getFirstInstruction() { result = this.getInstruction(OnlyInstructionTag()) } override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) { opcode instanceof Opcode::ReturnIndirection and @@ -786,7 +788,7 @@ class TranslatedThisReadEffect extends TranslatedReadEffect, TTranslatedThisRead override Locatable getAst() { result = func } /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = getAst() } + deprecated override Locatable getAST() { result = this.getAst() } override Function getFunction() { result = func } @@ -812,7 +814,7 @@ class TranslatedParameterReadEffect extends TranslatedReadEffect, TTranslatedPar override Locatable getAst() { result = param } /** DEPRECATED: Alias for getAst */ - deprecated override Locatable getAST() { result = getAst() } + deprecated override Locatable getAST() { result = this.getAst() } override string toString() { result = "read effect: " + param.toString() } @@ -826,6 +828,6 @@ class TranslatedParameterReadEffect extends TranslatedReadEffect, TTranslatedPar final override IRVariable getInstructionVariable(InstructionTag tag) { tag = OnlyInstructionTag() and - result = getIRUserVariable(getFunction(), param) + result = getIRUserVariable(this.getFunction(), param) } } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/internal/ASTValueNumbering.qll b/cpp/ql/lib/semmle/code/cpp/ir/internal/ASTValueNumbering.qll index dcc013fd387..2dd51d39151 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/internal/ASTValueNumbering.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/internal/ASTValueNumbering.qll @@ -62,14 +62,14 @@ class GVN extends TValueNumber { final string toString() { result = "GVN" } - final string getDebugString() { result = strictconcat(getAnExpr().toString(), ", ") } + final string getDebugString() { result = strictconcat(this.getAnExpr().toString(), ", ") } final Location getLocation() { - if exists(Expr e | e = getAnExpr() and not e.getLocation() instanceof UnknownLocation) + if exists(Expr e | e = this.getAnExpr() and not e.getLocation() instanceof UnknownLocation) then result = min(Location l | - l = getAnExpr().getLocation() and not l instanceof UnknownLocation + l = this.getAnExpr().getLocation() and not l instanceof UnknownLocation | l order by @@ -102,13 +102,13 @@ class GVN extends TValueNumber { } /** Gets an expression that has this GVN. */ - Expr getAnExpr() { result = getAnUnconvertedExpr() } + Expr getAnExpr() { result = this.getAnUnconvertedExpr() } /** Gets an expression that has this GVN. */ - Expr getAnUnconvertedExpr() { result = getAnInstruction().getUnconvertedResultExpression() } + Expr getAnUnconvertedExpr() { result = this.getAnInstruction().getUnconvertedResultExpression() } /** Gets an expression that has this GVN. */ - Expr getAConvertedExpr() { result = getAnInstruction().getConvertedResultExpression() } + Expr getAConvertedExpr() { result = this.getAnInstruction().getConvertedResultExpression() } } /** Gets the global value number of expression `e`. */ diff --git a/cpp/ql/lib/semmle/code/cpp/ir/internal/CppType.qll b/cpp/ql/lib/semmle/code/cpp/ir/internal/CppType.qll index bace59a872b..315db83a5cc 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/internal/CppType.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/internal/CppType.qll @@ -208,10 +208,10 @@ class CppType extends TCppType { string toString() { none() } /** Gets a string used in IR dumps */ - string getDumpString() { result = toString() } + string getDumpString() { result = this.toString() } /** Gets the size of the type in bytes, if known. */ - final int getByteSize() { result = getIRType().getByteSize() } + final int getByteSize() { result = this.getIRType().getByteSize() } /** * Gets the `IRType` that represents this `CppType`. Many different `CppType`s can map to a single @@ -232,7 +232,7 @@ class CppType extends TCppType { */ final predicate hasUnspecifiedType(Type type, boolean isGLValue) { exists(Type specifiedType | - hasType(specifiedType, isGLValue) and + this.hasType(specifiedType, isGLValue) and type = specifiedType.getUnspecifiedType() ) } diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Deallocation.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Deallocation.qll index 6bd2916b733..de1c3389be0 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Deallocation.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Deallocation.qll @@ -13,19 +13,19 @@ private class StandardDeallocationFunction extends DeallocationFunction { int freedArg; StandardDeallocationFunction() { - hasGlobalOrStdOrBslName([ + this.hasGlobalOrStdOrBslName([ // --- C library allocation "free", "realloc" ]) and freedArg = 0 or - hasGlobalName([ + this.hasGlobalName([ // --- OpenSSL memory allocation "CRYPTO_free", "CRYPTO_secure_free" ]) and freedArg = 0 or - hasGlobalOrStdName([ + this.hasGlobalOrStdName([ // --- Windows Memory Management for Windows Drivers "ExFreePoolWithTag", "ExDeleteTimer", "IoFreeMdl", "IoFreeWorkItem", "IoFreeErrorLogEntry", "MmFreeContiguousMemory", "MmFreeContiguousMemorySpecifyCache", "MmFreeNonCachedMemory", @@ -44,7 +44,7 @@ private class StandardDeallocationFunction extends DeallocationFunction { ]) and freedArg = 0 or - hasGlobalOrStdName([ + this.hasGlobalOrStdName([ // --- Windows Memory Management for Windows Drivers "ExFreeToLookasideListEx", "ExFreeToPagedLookasideList", "ExFreeToNPagedLookasideList", // --- NetBSD pool manager @@ -52,7 +52,7 @@ private class StandardDeallocationFunction extends DeallocationFunction { ]) and freedArg = 1 or - hasGlobalOrStdName(["HeapFree", "HeapReAlloc"]) and + this.hasGlobalOrStdName(["HeapFree", "HeapReAlloc"]) and freedArg = 2 } @@ -65,9 +65,9 @@ private class StandardDeallocationFunction extends DeallocationFunction { private class CallDeallocationExpr extends DeallocationExpr, FunctionCall { DeallocationFunction target; - CallDeallocationExpr() { target = getTarget() } + CallDeallocationExpr() { target = this.getTarget() } - override Expr getFreedExpr() { result = getArgument(target.getFreedArg()) } + override Expr getFreedExpr() { result = this.getArgument(target.getFreedArg()) } } /** @@ -76,7 +76,7 @@ private class CallDeallocationExpr extends DeallocationExpr, FunctionCall { private class DeleteDeallocationExpr extends DeallocationExpr, DeleteExpr { DeleteDeallocationExpr() { this instanceof DeleteExpr } - override Expr getFreedExpr() { result = getExpr() } + override Expr getFreedExpr() { result = this.getExpr() } } /** @@ -85,5 +85,5 @@ private class DeleteDeallocationExpr extends DeallocationExpr, DeleteExpr { private class DeleteArrayDeallocationExpr extends DeallocationExpr, DeleteArrayExpr { DeleteArrayDeallocationExpr() { this instanceof DeleteArrayExpr } - override Expr getFreedExpr() { result = getExpr() } + override Expr getFreedExpr() { result = this.getExpr() } } diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/MemberFunction.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/MemberFunction.qll index 31752b304a4..70fd04859da 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/implementations/MemberFunction.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/MemberFunction.qll @@ -14,8 +14,8 @@ import semmle.code.cpp.models.interfaces.Taint */ private class ConversionConstructorModel extends Constructor, TaintFunction { ConversionConstructorModel() { - strictcount(Parameter p | p = getAParameter() and not p.hasInitializer()) = 1 and - not hasSpecifier("explicit") + strictcount(Parameter p | p = this.getAParameter() and not p.hasInitializer()) = 1 and + not this.hasSpecifier("explicit") } override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Printf.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Printf.qll index e360fa7b2bb..f0a25dfa30d 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Printf.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Printf.qll @@ -15,10 +15,10 @@ private class Printf extends FormattingFunction, AliasFunction { Printf() { this instanceof TopLevelFunction and ( - hasGlobalOrStdOrBslName(["printf", "wprintf"]) or - hasGlobalName(["printf_s", "wprintf_s", "g_printf"]) + this.hasGlobalOrStdOrBslName(["printf", "wprintf"]) or + this.hasGlobalName(["printf_s", "wprintf_s", "g_printf"]) ) and - not exists(getDefinition().getFile().getRelativePath()) + not exists(this.getDefinition().getFile().getRelativePath()) } override int getFormatParameterIndex() { result = 0 } @@ -39,10 +39,10 @@ private class Fprintf extends FormattingFunction { Fprintf() { this instanceof TopLevelFunction and ( - hasGlobalOrStdOrBslName(["fprintf", "fwprintf"]) or - hasGlobalName("g_fprintf") + this.hasGlobalOrStdOrBslName(["fprintf", "fwprintf"]) or + this.hasGlobalName("g_fprintf") ) and - not exists(getDefinition().getFile().getRelativePath()) + not exists(this.getDefinition().getFile().getRelativePath()) } override int getFormatParameterIndex() { result = 1 } @@ -57,12 +57,12 @@ private class Sprintf extends FormattingFunction { Sprintf() { this instanceof TopLevelFunction and ( - hasGlobalOrStdOrBslName([ + this.hasGlobalOrStdOrBslName([ "sprintf", // sprintf(dst, format, args...) "wsprintf" // wsprintf(dst, format, args...) ]) or - hasGlobalName([ + this.hasGlobalName([ "_sprintf_l", // _sprintf_l(dst, format, locale, args...) "__swprintf_l", // __swprintf_l(dst, format, locale, args...) "g_strdup_printf", // g_strdup_printf(format, ...) @@ -70,24 +70,26 @@ private class Sprintf extends FormattingFunction { "__builtin___sprintf_chk" // __builtin___sprintf_chk(dst, flag, os, format, ...) ]) ) and - not exists(getDefinition().getFile().getRelativePath()) + not exists(this.getDefinition().getFile().getRelativePath()) } override int getFormatParameterIndex() { - hasName("g_strdup_printf") and result = 0 + this.hasName("g_strdup_printf") and result = 0 or - hasName("__builtin___sprintf_chk") and result = 3 + this.hasName("__builtin___sprintf_chk") and result = 3 or - not getName() = ["g_strdup_printf", "__builtin___sprintf_chk"] and + not this.getName() = ["g_strdup_printf", "__builtin___sprintf_chk"] and result = 1 } override int getOutputParameterIndex(boolean isStream) { - not hasName("g_strdup_printf") and result = 0 and isStream = false + not this.hasName("g_strdup_printf") and result = 0 and isStream = false } override int getFirstFormatArgumentIndex() { - if hasName("__builtin___sprintf_chk") then result = 4 else result = getNumberOfParameters() + if this.hasName("__builtin___sprintf_chk") + then result = 4 + else result = this.getNumberOfParameters() } } @@ -98,46 +100,46 @@ private class SnprintfImpl extends Snprintf { SnprintfImpl() { this instanceof TopLevelFunction and ( - hasGlobalOrStdOrBslName([ + this.hasGlobalOrStdOrBslName([ "snprintf", // C99 defines snprintf "swprintf" // The s version of wide-char printf is also always the n version ]) or // Microsoft has _snprintf as well as several other variations - hasGlobalName([ + this.hasGlobalName([ "sprintf_s", "snprintf_s", "swprintf_s", "_snprintf", "_snprintf_s", "_snprintf_l", "_snprintf_s_l", "_snwprintf", "_snwprintf_s", "_snwprintf_l", "_snwprintf_s_l", "_sprintf_s_l", "_swprintf_l", "_swprintf_s_l", "g_snprintf", "wnsprintf", "__builtin___snprintf_chk" ]) ) and - not exists(getDefinition().getFile().getRelativePath()) + not exists(this.getDefinition().getFile().getRelativePath()) } override int getFormatParameterIndex() { - if getName().matches("%\\_l") - then result = getFirstFormatArgumentIndex() - 2 - else result = getFirstFormatArgumentIndex() - 1 + if this.getName().matches("%\\_l") + then result = this.getFirstFormatArgumentIndex() - 2 + else result = this.getFirstFormatArgumentIndex() - 1 } override int getOutputParameterIndex(boolean isStream) { result = 0 and isStream = false } override int getFirstFormatArgumentIndex() { exists(string name | - name = getQualifiedName() and + name = this.getQualifiedName() and ( name = "__builtin___snprintf_chk" and result = 5 or name != "__builtin___snprintf_chk" and - result = getNumberOfParameters() + result = this.getNumberOfParameters() ) ) } override predicate returnsFullFormatLength() { - hasName(["snprintf", "g_snprintf", "__builtin___snprintf_chk", "snprintf_s"]) and - not exists(getDefinition().getFile().getRelativePath()) + this.hasName(["snprintf", "g_snprintf", "__builtin___snprintf_chk", "snprintf_s"]) and + not exists(this.getDefinition().getFile().getRelativePath()) } override int getSizeParameterIndex() { result = 1 } @@ -149,15 +151,15 @@ private class SnprintfImpl extends Snprintf { private class StringCchPrintf extends FormattingFunction { StringCchPrintf() { this instanceof TopLevelFunction and - hasGlobalName([ + this.hasGlobalName([ "StringCchPrintf", "StringCchPrintfEx", "StringCchPrintf_l", "StringCchPrintf_lEx", "StringCbPrintf", "StringCbPrintfEx", "StringCbPrintf_l", "StringCbPrintf_lEx" ]) and - not exists(getDefinition().getFile().getRelativePath()) + not exists(this.getDefinition().getFile().getRelativePath()) } override int getFormatParameterIndex() { - if getName().matches("%Ex") then result = 5 else result = 2 + if this.getName().matches("%Ex") then result = 5 else result = 2 } override int getOutputParameterIndex(boolean isStream) { result = 0 and isStream = false } @@ -171,8 +173,8 @@ private class StringCchPrintf extends FormattingFunction { private class Syslog extends FormattingFunction { Syslog() { this instanceof TopLevelFunction and - hasGlobalName("syslog") and - not exists(getDefinition().getFile().getRelativePath()) + this.hasGlobalName("syslog") and + not exists(this.getDefinition().getFile().getRelativePath()) } override int getFormatParameterIndex() { result = 1 } diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Strdup.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Strdup.qll index 51d496fc69e..e83178134a8 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Strdup.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Strdup.qll @@ -13,7 +13,7 @@ import semmle.code.cpp.models.interfaces.Taint */ private class StrdupFunction extends AllocationFunction, ArrayFunction, DataFlowFunction { StrdupFunction() { - hasGlobalName([ + this.hasGlobalName([ // --- C library allocation "strdup", // strdup(str) "strdupa", // strdupa(str) - returns stack allocated buffer @@ -33,7 +33,7 @@ private class StrdupFunction extends AllocationFunction, ArrayFunction, DataFlow output.isReturnValueDeref() } - override predicate requiresDealloc() { not hasGlobalName("strdupa") } + override predicate requiresDealloc() { not this.hasGlobalName("strdupa") } } /** @@ -41,7 +41,7 @@ private class StrdupFunction extends AllocationFunction, ArrayFunction, DataFlow */ private class StrndupFunction extends AllocationFunction, ArrayFunction, DataFlowFunction { StrndupFunction() { - hasGlobalName([ + this.hasGlobalName([ // -- C library allocation "strndup", // strndup(str, maxlen) "strndupa" // strndupa(str, maxlen) -- returns stack allocated buffer @@ -60,5 +60,5 @@ private class StrndupFunction extends AllocationFunction, ArrayFunction, DataFlo output.isReturnValueDeref() } - override predicate requiresDealloc() { not hasGlobalName("strndupa") } + override predicate requiresDealloc() { not this.hasGlobalName("strndupa") } } diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Strftime.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Strftime.qll index 0dad89e950f..a0f00662d37 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Strftime.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Strftime.qll @@ -2,7 +2,7 @@ import semmle.code.cpp.models.interfaces.Taint import semmle.code.cpp.models.interfaces.ArrayFunction private class Strftime extends TaintFunction, ArrayFunction { - Strftime() { hasGlobalName("strftime") } + Strftime() { this.hasGlobalName("strftime") } override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { ( diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Strset.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Strset.qll index e5b493cc2ee..24ac6080aa6 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Strset.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Strset.qll @@ -16,7 +16,7 @@ private class StrsetFunction extends ArrayFunction, DataFlowFunction, AliasFunct SideEffectFunction { StrsetFunction() { - hasGlobalName([ + this.hasGlobalName([ "strset", "_strset", "_strset_l", "_wcsset", "_wcsset_l", "_mbsset", "_mbsset_l", "_mbsnbset", "_mbsnbset_l", "_strnset", "_strnset_l", "_wcsnset", "_wcsnset_l", "_mbsnset", "_mbsnset_l" diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/System.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/System.qll index de62517e5bb..8d473afb4ca 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/implementations/System.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/System.qll @@ -10,12 +10,12 @@ private class SystemFunction extends CommandExecutionFunction, ArrayFunction, Al SideEffectFunction { SystemFunction() { - hasGlobalOrStdName("system") or // system(command) - hasGlobalName("popen") or // popen(command, mode) + this.hasGlobalOrStdName("system") or // system(command) + this.hasGlobalName("popen") or // popen(command, mode) // Windows variants - hasGlobalName("_popen") or // _popen(command, mode) - hasGlobalName("_wpopen") or // _wpopen(command, mode) - hasGlobalName("_wsystem") // _wsystem(command) + this.hasGlobalName("_popen") or // _popen(command, mode) + this.hasGlobalName("_wpopen") or // _wpopen(command, mode) + this.hasGlobalName("_wsystem") // _wsystem(command) } override predicate hasCommandArgument(FunctionInput input) { input.isParameterDeref(0) } @@ -33,8 +33,8 @@ private class SystemFunction extends CommandExecutionFunction, ArrayFunction, Al override predicate hasOnlySpecificReadSideEffects() { any() } override predicate hasOnlySpecificWriteSideEffects() { - hasGlobalOrStdName("system") or - hasGlobalName("_wsystem") + this.hasGlobalOrStdName("system") or + this.hasGlobalName("_wsystem") } override predicate hasSpecificReadSideEffect(ParameterIndex i, boolean buffer) { diff --git a/cpp/ql/lib/semmle/code/cpp/models/interfaces/Allocation.qll b/cpp/ql/lib/semmle/code/cpp/models/interfaces/Allocation.qll index 086cb9a6f73..d170783e31e 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/interfaces/Allocation.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/interfaces/Allocation.qll @@ -96,7 +96,7 @@ abstract class AllocationFunction extends Function { */ class OperatorNewAllocationFunction extends AllocationFunction { OperatorNewAllocationFunction() { - hasGlobalName([ + this.hasGlobalName([ "operator new", // operator new(bytes, ...) "operator new[]" // operator new[](bytes, ...) ]) @@ -104,15 +104,15 @@ class OperatorNewAllocationFunction extends AllocationFunction { override int getSizeArg() { result = 0 } - override predicate requiresDealloc() { not exists(getPlacementArgument()) } + override predicate requiresDealloc() { not exists(this.getPlacementArgument()) } /** * Gets the position of the placement pointer if this is a placement * `operator new` function. */ int getPlacementArgument() { - getNumberOfParameters() = 2 and - getParameter(1).getType() instanceof VoidPointerType and + this.getNumberOfParameters() = 2 and + this.getParameter(1).getType() instanceof VoidPointerType and result = 1 } } diff --git a/cpp/ql/lib/semmle/code/cpp/models/interfaces/Deallocation.qll b/cpp/ql/lib/semmle/code/cpp/models/interfaces/Deallocation.qll index 569caebe36f..b7582e17f2c 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/interfaces/Deallocation.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/interfaces/Deallocation.qll @@ -41,7 +41,7 @@ abstract class DeallocationFunction extends Function { */ class OperatorDeleteDeallocationFunction extends DeallocationFunction { OperatorDeleteDeallocationFunction() { - hasGlobalName([ + this.hasGlobalName([ "operator delete", // operator delete(pointer, ...) "operator delete[]" // operator delete[](pointer, ...) ]) diff --git a/cpp/ql/lib/semmle/code/cpp/models/interfaces/FormattingFunction.qll b/cpp/ql/lib/semmle/code/cpp/models/interfaces/FormattingFunction.qll index 0b14bf9cb0e..66f0a1dae01 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/interfaces/FormattingFunction.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/interfaces/FormattingFunction.qll @@ -57,7 +57,7 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction { */ Type getFormatCharType() { result = - stripTopLevelSpecifiersOnly(stripTopLevelSpecifiersOnly(getParameter(getFormatParameterIndex()) + stripTopLevelSpecifiersOnly(stripTopLevelSpecifiersOnly(this.getParameter(this.getFormatParameterIndex()) .getType() .getUnderlyingType()).(PointerType).getBaseType()) } @@ -67,10 +67,10 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction { * `char` or `wchar_t`. */ Type getDefaultCharType() { - isMicrosoft() and - result = getFormatCharType() + this.isMicrosoft() and + result = this.getFormatCharType() or - not isMicrosoft() and + not this.isMicrosoft() and result instanceof PlainCharType } @@ -80,10 +80,10 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction { * which is correct for a particular function. */ Type getNonDefaultCharType() { - getDefaultCharType().getSize() = 1 and - result = getWideCharType() + this.getDefaultCharType().getSize() = 1 and + result = this.getWideCharType() or - not getDefaultCharType().getSize() = 1 and + not this.getDefaultCharType().getSize() = 1 and result instanceof PlainCharType } @@ -94,10 +94,10 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction { */ pragma[nomagic] Type getWideCharType() { - result = getFormatCharType() and + result = this.getFormatCharType() and result.getSize() > 1 or - not getFormatCharType().getSize() > 1 and + not this.getFormatCharType().getSize() > 1 and result = getAFormatterWideTypeOrDefault() // may have more than one result } @@ -120,14 +120,14 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction { * the first format specifier in the format string. */ int getFirstFormatArgumentIndex() { - result = getNumberOfParameters() and + result = this.getNumberOfParameters() and // the formatting function either has a definition in the snapshot, or all // `DeclarationEntry`s agree on the number of parameters (otherwise we don't // really know the correct number) ( - hasDefinition() + this.hasDefinition() or - forall(FunctionDeclarationEntry fde | fde = getADeclarationEntry() | + forall(FunctionDeclarationEntry fde | fde = this.getADeclarationEntry() | result = fde.getNumberOfParameters() ) ) @@ -139,30 +139,30 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction { int getSizeParameterIndex() { none() } override predicate hasArrayWithNullTerminator(int bufParam) { - bufParam = getFormatParameterIndex() + bufParam = this.getFormatParameterIndex() } override predicate hasArrayWithVariableSize(int bufParam, int countParam) { - bufParam = getOutputParameterIndex(false) and - countParam = getSizeParameterIndex() + bufParam = this.getOutputParameterIndex(false) and + countParam = this.getSizeParameterIndex() } override predicate hasArrayWithUnknownSize(int bufParam) { - bufParam = getOutputParameterIndex(false) and - not exists(getSizeParameterIndex()) + bufParam = this.getOutputParameterIndex(false) and + not exists(this.getSizeParameterIndex()) } - override predicate hasArrayInput(int bufParam) { bufParam = getFormatParameterIndex() } + override predicate hasArrayInput(int bufParam) { bufParam = this.getFormatParameterIndex() } - override predicate hasArrayOutput(int bufParam) { bufParam = getOutputParameterIndex(false) } + override predicate hasArrayOutput(int bufParam) { bufParam = this.getOutputParameterIndex(false) } override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { exists(int arg | - arg = getFormatParameterIndex() or - arg >= getFirstFormatArgumentIndex() + arg = this.getFormatParameterIndex() or + arg >= this.getFirstFormatArgumentIndex() | (input.isParameterDeref(arg) or input.isParameter(arg)) and - output.isParameterDeref(getOutputParameterIndex(_)) + output.isParameterDeref(this.getOutputParameterIndex(_)) ) } } diff --git a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticExpr.qll b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticExpr.qll index 2ea958931da..46a5c735ca0 100644 --- a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticExpr.qll +++ b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticExpr.qll @@ -87,7 +87,7 @@ class SemIntegerLiteralExpr extends SemNumericLiteralExpr { final int getIntValue() { Specific::integerLiteral(this, _, result) } final override float getApproximateFloatValue() { - result = getIntValue() + result = this.getIntValue() or Specific::largeIntegerLiteral(this, _, result) } @@ -124,13 +124,13 @@ class SemBinaryExpr extends SemKnownExpr { /** Holds if `a` and `b` are the two operands, in either order. */ final predicate hasOperands(SemExpr a, SemExpr b) { - a = getLeftOperand() and b = getRightOperand() + a = this.getLeftOperand() and b = this.getRightOperand() or - a = getRightOperand() and b = getLeftOperand() + a = this.getRightOperand() and b = this.getLeftOperand() } /** Gets the two operands. */ - final SemExpr getAnOperand() { result = getLeftOperand() or result = getRightOperand() } + final SemExpr getAnOperand() { result = this.getLeftOperand() or result = this.getRightOperand() } } /** An expression that performs and ordered comparison of two operands. */ @@ -154,8 +154,8 @@ class SemRelationalExpr extends SemBinaryExpr { */ final SemExpr getLesserOperand() { if opcode instanceof Opcode::CompareLT or opcode instanceof Opcode::CompareLE - then result = getLeftOperand() - else result = getRightOperand() + then result = this.getLeftOperand() + else result = this.getRightOperand() } /** @@ -167,8 +167,8 @@ class SemRelationalExpr extends SemBinaryExpr { */ final SemExpr getGreaterOperand() { if opcode instanceof Opcode::CompareGT or opcode instanceof Opcode::CompareGE - then result = getLeftOperand() - else result = getRightOperand() + then result = this.getLeftOperand() + else result = this.getRightOperand() } /** Holds if this comparison returns `false` if the two operands are equal. */ @@ -280,11 +280,11 @@ class SemLoadExpr extends SemNullaryExpr { } class SemSsaLoadExpr extends SemLoadExpr { - SemSsaLoadExpr() { exists(getDef()) } + SemSsaLoadExpr() { exists(this.getDef()) } } class SemNonSsaLoadExpr extends SemLoadExpr { - SemNonSsaLoadExpr() { not exists(getDef()) } + SemNonSsaLoadExpr() { not exists(this.getDef()) } } class SemStoreExpr extends SemUnaryExpr { diff --git a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticSSA.qll b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticSSA.qll index 307f6e386b5..29580c2c507 100644 --- a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticSSA.qll +++ b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticSSA.qll @@ -59,7 +59,7 @@ class SemSsaReadPositionBlock extends SemSsaReadPosition { SemBasicBlock getBlock() { result = block } - SemExpr getAnExpr() { result = getBlock().getAnExpr() } + SemExpr getAnExpr() { result = this.getBlock().getAnExpr() } } /** diff --git a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticType.qll b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticType.qll index b86db02702c..cf20bdfeff8 100644 --- a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticType.qll +++ b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticType.qll @@ -38,7 +38,7 @@ class SemType extends TSemType { * Gets a string that uniquely identifies this `SemType`. This string is often the same as the * result of `SemType.toString()`, but for some types it may be more verbose to ensure uniqueness. */ - string getIdentityString() { result = toString() } + string getIdentityString() { result = this.toString() } /** * Gets the size of the type, in bytes, if known. @@ -132,7 +132,7 @@ class SemIntegerType extends SemNumericType { final predicate isSigned() { signed = true } /** Holds if this integer type is unsigned. */ - final predicate isUnsigned() { not isSigned() } + final predicate isUnsigned() { not this.isSigned() } // Don't override `getByteSize()` here. The optimizer seems to generate better code when this is // overridden only in the leaf classes. } diff --git a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/Bound.qll b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/Bound.qll index abff447ca87..27883aedf3e 100644 --- a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/Bound.qll +++ b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/Bound.qll @@ -45,7 +45,7 @@ abstract class Bound extends TBound { abstract Instruction getInstruction(int delta); /** Gets an expression that equals this bound. */ - Instruction getInstruction() { result = getInstruction(0) } + Instruction getInstruction() { result = this.getInstruction(0) } abstract Location getLocation(); } diff --git a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisImpl.qll b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisImpl.qll index a5c129f638f..938857c0c2d 100644 --- a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisImpl.qll @@ -109,6 +109,6 @@ module Public { /** Gets the condition that is the reason for the bound. */ SemGuard getCond() { this = TSemCondReason(result) } - override string toString() { result = getCond().toString() } + override string toString() { result = this.getCond().toString() } } } diff --git a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisStage.qll b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisStage.qll index 019d69c36cf..cbccb4a6ca8 100644 --- a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisStage.qll +++ b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisStage.qll @@ -536,7 +536,7 @@ module RangeStage< /** Gets the condition that is the reason for the bound. */ SemGuard getCond() { this = TSemCondReason(result) } - override string toString() { result = getCond().toString() } + override string toString() { result = this.getCond().toString() } } /** diff --git a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/Sign.qll b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/Sign.qll index 814691d9bcd..8c1de7c7b54 100644 --- a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/Sign.qll +++ b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/Sign.qll @@ -73,7 +73,7 @@ class Sign extends TSign { * Gets a possible sign after subtracting an expression with sign `s` from an expression * that has this sign. */ - Sign sub(Sign s) { result = add(s.neg()) } + Sign sub(Sign s) { result = this.add(s.neg()) } /** * Gets a possible sign after multiplying an expression with sign `s` to an expression @@ -231,37 +231,37 @@ class Sign extends TSign { or op instanceof Opcode::Store and result = this or - op instanceof Opcode::AddOne and result = inc() + op instanceof Opcode::AddOne and result = this.inc() or - op instanceof Opcode::SubOne and result = dec() + op instanceof Opcode::SubOne and result = this.dec() or - op instanceof Opcode::Negate and result = neg() + op instanceof Opcode::Negate and result = this.neg() or - op instanceof Opcode::BitComplement and result = bitnot() + op instanceof Opcode::BitComplement and result = this.bitnot() } /** Perform `op` on this sign and sign `s`. */ Sign applyBinaryOp(Sign s, Opcode op) { - op instanceof Opcode::Add and result = add(s) + op instanceof Opcode::Add and result = this.add(s) or - op instanceof Opcode::Sub and result = sub(s) + op instanceof Opcode::Sub and result = this.sub(s) or - op instanceof Opcode::Mul and result = mul(s) + op instanceof Opcode::Mul and result = this.mul(s) or - op instanceof Opcode::Div and result = div(s) + op instanceof Opcode::Div and result = this.div(s) or - op instanceof Opcode::Rem and result = rem(s) + op instanceof Opcode::Rem and result = this.rem(s) or - op instanceof Opcode::BitAnd and result = bitand(s) + op instanceof Opcode::BitAnd and result = this.bitand(s) or - op instanceof Opcode::BitOr and result = bitor(s) + op instanceof Opcode::BitOr and result = this.bitor(s) or - op instanceof Opcode::BitXor and result = bitxor(s) + op instanceof Opcode::BitXor and result = this.bitxor(s) or - op instanceof Opcode::ShiftLeft and result = lshift(s) + op instanceof Opcode::ShiftLeft and result = this.lshift(s) or - op instanceof Opcode::ShiftRight and result = rshift(s) + op instanceof Opcode::ShiftRight and result = this.rshift(s) or - op instanceof Opcode::ShiftRightUnsigned and result = urshift(s) + op instanceof Opcode::ShiftRightUnsigned and result = this.urshift(s) } } diff --git a/cpp/ql/lib/semmle/code/cpp/security/CommandExecution.qll b/cpp/ql/lib/semmle/code/cpp/security/CommandExecution.qll index 063c7300031..116f8a77216 100644 --- a/cpp/ql/lib/semmle/code/cpp/security/CommandExecution.qll +++ b/cpp/ql/lib/semmle/code/cpp/security/CommandExecution.qll @@ -28,7 +28,7 @@ class SystemFunction extends FunctionWithWrappers instanceof CommandExecutionFun */ class VarargsExecFunctionCall extends FunctionCall { VarargsExecFunctionCall() { - getTarget() + this.getTarget() .hasGlobalName([ "execl", "execle", "execlp", // Windows @@ -40,7 +40,7 @@ class VarargsExecFunctionCall extends FunctionCall { /** Whether the last argument to the function is an environment pointer */ predicate hasEnvironmentArgument() { - getTarget().hasGlobalName(["execle", "_execle", "_execlpe", "_wexecle", "_wexeclpe"]) + this.getTarget().hasGlobalName(["execle", "_execle", "_execlpe", "_wexecle", "_wexeclpe"]) } /** @@ -49,25 +49,27 @@ class VarargsExecFunctionCall extends FunctionCall { */ Expr getCommandArgument(int idx) { exists(int underlyingIdx | - result = getArgument(underlyingIdx) and - underlyingIdx > getCommandIdx() and + result = this.getArgument(underlyingIdx) and + underlyingIdx > this.getCommandIdx() and ( - underlyingIdx < getNumberOfArguments() - 1 or - not hasEnvironmentArgument() + underlyingIdx < this.getNumberOfArguments() - 1 or + not this.hasEnvironmentArgument() ) and - idx = underlyingIdx - getCommandIdx() - 1 + idx = underlyingIdx - this.getCommandIdx() - 1 ) } /** The expression denoting the program to execute */ - Expr getCommand() { result = getArgument(getCommandIdx()) } + Expr getCommand() { result = this.getArgument(this.getCommandIdx()) } /** * The index of the command. The spawn variants start with a mode, whereas * all the other ones start with the command. */ private int getCommandIdx() { - if getTarget().getName().matches(["\\_spawn%", "\\_wspawn%"]) then result = 1 else result = 0 + if this.getTarget().getName().matches(["\\_spawn%", "\\_wspawn%"]) + then result = 1 + else result = 0 } } @@ -78,7 +80,7 @@ class VarargsExecFunctionCall extends FunctionCall { */ class ArrayExecFunctionCall extends FunctionCall { ArrayExecFunctionCall() { - getTarget() + this.getTarget() .hasGlobalName([ "execv", "execvp", "execvpe", "execve", "fexecve", // Windows variants @@ -89,17 +91,19 @@ class ArrayExecFunctionCall extends FunctionCall { } /** The argument with the array of command arguments */ - Expr getArrayArgument() { result = getArgument(getCommandIdx() + 1) } + Expr getArrayArgument() { result = this.getArgument(this.getCommandIdx() + 1) } /** The expression denoting the program to execute */ - Expr getCommand() { result = getArgument(getCommandIdx()) } + Expr getCommand() { result = this.getArgument(this.getCommandIdx()) } /** * The index of the command. The spawn variants start with a mode, whereas * all the other ones start with the command. */ private int getCommandIdx() { - if getTarget().getName().matches(["\\_spawn%", "\\_wspawn%"]) then result = 1 else result = 0 + if this.getTarget().getName().matches(["\\_spawn%", "\\_wspawn%"]) + then result = 1 + else result = 0 } } diff --git a/cpp/ql/lib/semmle/code/cpp/security/TaintTrackingImpl.qll b/cpp/ql/lib/semmle/code/cpp/security/TaintTrackingImpl.qll index 285aba40e86..bf6bcc3acb6 100644 --- a/cpp/ql/lib/semmle/code/cpp/security/TaintTrackingImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/security/TaintTrackingImpl.qll @@ -564,9 +564,9 @@ abstract deprecated library class DataSensitiveCallExpr extends Expr { * Searches backwards from `getSrc()` to `src`. */ predicate flowsFrom(Element src, boolean allowFromArg) { - src = getSrc() and allowFromArg = true + src = this.getSrc() and allowFromArg = true or - exists(Element other, boolean allowOtherFromArg | flowsFrom(other, allowOtherFromArg) | + exists(Element other, boolean allowOtherFromArg | this.flowsFrom(other, allowOtherFromArg) | exists(boolean otherFromArg | betweenFunctionsValueMoveToStatic(src, other, otherFromArg) | otherFromArg = true and allowOtherFromArg = true and allowFromArg = true or @@ -582,10 +582,10 @@ abstract deprecated library class DataSensitiveCallExpr extends Expr { /** Call through a function pointer. */ deprecated library class DataSensitiveExprCall extends DataSensitiveCallExpr, ExprCall { - override Expr getSrc() { result = getExpr() } + override Expr getSrc() { result = this.getExpr() } override Function resolve() { - exists(FunctionAccess fa | flowsFrom(fa, true) | result = fa.getTarget()) + exists(FunctionAccess fa | this.flowsFrom(fa, true) | result = fa.getTarget()) } } @@ -594,16 +594,16 @@ deprecated library class DataSensitiveOverriddenFunctionCall extends DataSensiti FunctionCall { DataSensitiveOverriddenFunctionCall() { - exists(getTarget().(VirtualFunction).getAnOverridingFunction()) + exists(this.getTarget().(VirtualFunction).getAnOverridingFunction()) } - override Expr getSrc() { result = getQualifier() } + override Expr getSrc() { result = this.getQualifier() } override MemberFunction resolve() { exists(NewExpr new | - flowsFrom(new, true) and + this.flowsFrom(new, true) and memberFunctionFromNewExpr(new, result) and - result.overrides*(getTarget().(VirtualFunction)) + result.overrides*(this.getTarget().(VirtualFunction)) ) } } diff --git a/cpp/ql/lib/semmle/code/cpp/valuenumbering/GlobalValueNumberingImpl.qll b/cpp/ql/lib/semmle/code/cpp/valuenumbering/GlobalValueNumberingImpl.qll index c1fe36e3430..8f43e19c7b5 100644 --- a/cpp/ql/lib/semmle/code/cpp/valuenumbering/GlobalValueNumberingImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/valuenumbering/GlobalValueNumberingImpl.qll @@ -284,10 +284,10 @@ deprecated class GVN extends GvnBase { } /** Gets a textual representation of this element. */ - string toString() { result = exampleExpr().toString() } + string toString() { result = this.exampleExpr().toString() } /** Gets the primary location of this element. */ - Location getLocation() { result = exampleExpr().getLocation() } + Location getLocation() { result = this.exampleExpr().getLocation() } } private predicate analyzableIntConst(Expr e) { diff --git a/cpp/ql/lib/semmle/code/cpp/valuenumbering/HashCons.qll b/cpp/ql/lib/semmle/code/cpp/valuenumbering/HashCons.qll index 6570eb64425..78ab6c739bd 100644 --- a/cpp/ql/lib/semmle/code/cpp/valuenumbering/HashCons.qll +++ b/cpp/ql/lib/semmle/code/cpp/valuenumbering/HashCons.qll @@ -282,10 +282,10 @@ class HashCons extends HCBase { } /** Gets a textual representation of this element. */ - string toString() { result = exampleExpr().toString() } + string toString() { result = this.exampleExpr().toString() } /** Gets the primary location of this element. */ - Location getLocation() { result = exampleExpr().getLocation() } + Location getLocation() { result = this.exampleExpr().getLocation() } } /** diff --git a/cpp/ql/src/Critical/FileMayNotBeClosed.ql b/cpp/ql/src/Critical/FileMayNotBeClosed.ql index 9a3aa6f8d4d..0c247441a3b 100644 --- a/cpp/ql/src/Critical/FileMayNotBeClosed.ql +++ b/cpp/ql/src/Critical/FileMayNotBeClosed.ql @@ -118,7 +118,7 @@ class FOpenReachability extends StackVariableReachabilityExt { override predicate isBarrier( ControlFlowNode source, ControlFlowNode node, ControlFlowNode next, StackVariable v ) { - isSource(source, v) and + this.isSource(source, v) and next = node.getASuccessor() and // the file (stored in any variable `v0`) opened at `source` is closed or // assigned to a global at node, or NULL checked on the edge node -> next. diff --git a/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql b/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql index d2afdad1306..d49a3bc4132 100644 --- a/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql +++ b/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql @@ -144,7 +144,7 @@ class AllocReachability extends StackVariableReachabilityExt { override predicate isBarrier( ControlFlowNode source, ControlFlowNode node, ControlFlowNode next, StackVariable v ) { - isSource(source, v) and + this.isSource(source, v) and next = node.getASuccessor() and // the memory (stored in any variable `v0`) allocated at `source` is freed or // assigned to a global at node, or NULL checked on the edge node -> next. diff --git a/cpp/ql/src/JPL_C/LOC-4/Rule 23/MismatchedIfdefs.ql b/cpp/ql/src/JPL_C/LOC-4/Rule 23/MismatchedIfdefs.ql index 1e5fed2bfb7..f0faafbf855 100644 --- a/cpp/ql/src/JPL_C/LOC-4/Rule 23/MismatchedIfdefs.ql +++ b/cpp/ql/src/JPL_C/LOC-4/Rule 23/MismatchedIfdefs.ql @@ -19,20 +19,22 @@ class FileWithDirectives extends File { } int getDirectiveIndex(Directive d) { - exists(int line | line = getDirectiveLine(d) | line = rank[result](getDirectiveLine(_))) + exists(int line | line = this.getDirectiveLine(d) | + line = rank[result](this.getDirectiveLine(_)) + ) } int depth(Directive d) { - exists(int index | index = getDirectiveIndex(d) | + exists(int index | index = this.getDirectiveIndex(d) | index = 1 and result = d.depthChange() or - exists(Directive prev | getDirectiveIndex(prev) = index - 1 | - result = d.depthChange() + depth(prev) + exists(Directive prev | this.getDirectiveIndex(prev) = index - 1 | + result = d.depthChange() + this.depth(prev) ) ) } - Directive lastDirective() { getDirectiveIndex(result) = max(getDirectiveIndex(_)) } + Directive lastDirective() { this.getDirectiveIndex(result) = max(this.getDirectiveIndex(_)) } } abstract class Directive extends PreprocessorDirective { @@ -63,13 +65,13 @@ class ElseDirective extends Directive { override int depthChange() { result = 0 } - override predicate mismatched() { depth() < 1 } + override predicate mismatched() { this.depth() < 1 } } class EndifDirective extends Directive instanceof PreprocessorEndif { override int depthChange() { result = -1 } - override predicate mismatched() { depth() < 0 } + override predicate mismatched() { this.depth() < 0 } } from FileWithDirectives f, Directive d, string msg diff --git a/cpp/ql/src/Likely Bugs/Likely Typos/UsingStrcpyAsBoolean.ql b/cpp/ql/src/Likely Bugs/Likely Typos/UsingStrcpyAsBoolean.ql index 3e7cdbe43b9..5b1d54b51f8 100644 --- a/cpp/ql/src/Likely Bugs/Likely Typos/UsingStrcpyAsBoolean.ql +++ b/cpp/ql/src/Likely Bugs/Likely Typos/UsingStrcpyAsBoolean.ql @@ -20,7 +20,7 @@ import semmle.code.cpp.ir.dataflow.DataFlow * code). */ class InterestingStrcpyFunction extends StrcpyFunction { - InterestingStrcpyFunction() { getType().getUnspecifiedType() instanceof PointerType } + InterestingStrcpyFunction() { this.getType().getUnspecifiedType() instanceof PointerType } } predicate isBoolean(Expr e1) { diff --git a/cpp/ql/src/Likely Bugs/Memory Management/ImproperNullTermination.ql b/cpp/ql/src/Likely Bugs/Memory Management/ImproperNullTermination.ql index 025e50b246f..412e1b44e5b 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/ImproperNullTermination.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/ImproperNullTermination.ql @@ -56,7 +56,7 @@ class ImproperNullTerminationReachability extends StackVariableReachabilityWithR override predicate isBarrier(ControlFlowNode node, StackVariable v) { exprDefinition(v, node, _) or - isSinkActual(node, v) // only report first use + this.isSinkActual(node, v) // only report first use } } diff --git a/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousSizeof.ql b/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousSizeof.ql index a80af562bda..f7fbec45994 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousSizeof.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousSizeof.ql @@ -19,10 +19,10 @@ import cpp class CandidateParameter extends Parameter { CandidateParameter() { // an array parameter - getUnspecifiedType() instanceof ArrayType + this.getUnspecifiedType() instanceof ArrayType or // a pointer parameter - getUnspecifiedType() instanceof PointerType and + this.getUnspecifiedType() instanceof PointerType and // whose address is never taken (rules out common // false positive patterns) not exists(AddressOfExpr aoe | aoe.getAddressable() = this) diff --git a/cpp/ql/src/Metrics/Dependencies/ExternalDependencies.qll b/cpp/ql/src/Metrics/Dependencies/ExternalDependencies.qll index b94212123ec..fed054262e6 100644 --- a/cpp/ql/src/Metrics/Dependencies/ExternalDependencies.qll +++ b/cpp/ql/src/Metrics/Dependencies/ExternalDependencies.qll @@ -56,7 +56,7 @@ class Library extends LibraryT { result = "unknown" } - string toString() { result = getName() + "-" + getVersion() } + string toString() { result = this.getName() + "-" + this.getVersion() } File getAFile() { exists(LibraryElement lib | diff --git a/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll b/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll index 70247bdf4a4..5135aab8d83 100644 --- a/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll +++ b/cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll @@ -38,7 +38,7 @@ class ExternalApiUsedWithUntrustedData extends TExternalApi { /** Gets the number of untrusted sources used with this external API. */ int getNumberOfUntrustedSources() { - result = strictcount(getUntrustedDataNode().getAnUntrustedSource()) + result = strictcount(this.getUntrustedDataNode().getAnUntrustedSource()) } /** Gets a textual representation of this element. */ diff --git a/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll b/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll index 70247bdf4a4..5135aab8d83 100644 --- a/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll +++ b/cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll @@ -38,7 +38,7 @@ class ExternalApiUsedWithUntrustedData extends TExternalApi { /** Gets the number of untrusted sources used with this external API. */ int getNumberOfUntrustedSources() { - result = strictcount(getUntrustedDataNode().getAnUntrustedSource()) + result = strictcount(this.getUntrustedDataNode().getAnUntrustedSource()) } /** Gets a textual representation of this element. */ diff --git a/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql b/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql index ffadb381a76..e16f0568056 100644 --- a/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql +++ b/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql @@ -19,14 +19,14 @@ import TaintedWithPath /** A call that prints its arguments to `stdout`. */ class PrintStdoutCall extends FunctionCall { PrintStdoutCall() { - getTarget().hasGlobalOrStdName("puts") or - getTarget().hasGlobalOrStdName("printf") + this.getTarget().hasGlobalOrStdName("puts") or + this.getTarget().hasGlobalOrStdName("printf") } } /** A read of the QUERY_STRING environment variable */ class QueryString extends EnvironmentRead { - QueryString() { getEnvironmentVariable() = "QUERY_STRING" } + QueryString() { this.getEnvironmentVariable() = "QUERY_STRING" } } class Configuration extends TaintTrackingConfiguration { diff --git a/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql b/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql index 5eab70c5cc9..8a3c2f3664d 100644 --- a/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql +++ b/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql @@ -18,7 +18,7 @@ import semmle.code.cpp.ir.dataflow.DataFlow * A call to `SSL_get_verify_result`. */ class SslGetVerifyResultCall extends FunctionCall { - SslGetVerifyResultCall() { getTarget().getName() = "SSL_get_verify_result" } + SslGetVerifyResultCall() { this.getTarget().getName() = "SSL_get_verify_result" } } /** diff --git a/cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.ql b/cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.ql index 0d972a734b3..de8520de1b3 100644 --- a/cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.ql +++ b/cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.ql @@ -19,10 +19,10 @@ import semmle.code.cpp.controlflow.IRGuards */ class SslGetPeerCertificateCall extends FunctionCall { SslGetPeerCertificateCall() { - getTarget().getName() = "SSL_get_peer_certificate" // SSL_get_peer_certificate(ssl) + this.getTarget().getName() = "SSL_get_peer_certificate" // SSL_get_peer_certificate(ssl) } - Expr getSslArgument() { result = getArgument(0) } + Expr getSslArgument() { result = this.getArgument(0) } } /** @@ -30,10 +30,10 @@ class SslGetPeerCertificateCall extends FunctionCall { */ class SslGetVerifyResultCall extends FunctionCall { SslGetVerifyResultCall() { - getTarget().getName() = "SSL_get_verify_result" // SSL_get_peer_certificate(ssl) + this.getTarget().getName() = "SSL_get_verify_result" // SSL_get_peer_certificate(ssl) } - Expr getSslArgument() { result = getArgument(0) } + Expr getSslArgument() { result = this.getArgument(0) } } /** diff --git a/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql b/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql index e6c7b186ce2..02ab64179c9 100644 --- a/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql +++ b/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql @@ -150,7 +150,7 @@ class BlamedElement extends Element { */ predicate hasFileRank(File f, int num) { exists(int loc | - getLocation().charLoc(f, loc, _) and + this.getLocation().charLoc(f, loc, _) and loc = rank[num](BlamedElement other, int loc2 | other.getLocation().charLoc(f, loc2, _) | loc2) ) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql b/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql index cf346cb812e..095b4abea02 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql @@ -21,7 +21,7 @@ import WordexpTaint::PathGraph * The `wordexp` function, which can perform command substitution. */ private class WordexpFunction extends Function { - WordexpFunction() { hasGlobalName("wordexp") } + WordexpFunction() { this.hasGlobalName("wordexp") } } /** diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql b/cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql index cc25326f0b4..649b4769c47 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql @@ -31,7 +31,7 @@ class CallUsedToHandleErrors extends FunctionCall { this.(ControlFlowNode).getASuccessor() instanceof FormattingFunction or // enabling recursive search - exists(CallUsedToHandleErrors fr | getTarget() = fr.getEnclosingFunction()) + exists(CallUsedToHandleErrors fr | this.getTarget() = fr.getEnclosingFunction()) } } diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.ql b/cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.ql index a933ed063b2..5543e9dad66 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.ql @@ -25,7 +25,7 @@ class CallMayNotReturn extends FunctionCall { not exists(this.(ControlFlowNode).getASuccessor()) or // call to another function that may not return - exists(CallMayNotReturn exit | getTarget() = exit.getEnclosingFunction()) + exists(CallMayNotReturn exit | this.getTarget() = exit.getEnclosingFunction()) or this.(ControlFlowNode).getASuccessor() instanceof ThrowExpr } diff --git a/cpp/ql/src/external/DefectFilter.qll b/cpp/ql/src/external/DefectFilter.qll index b932ffd0470..ad786e9cbc9 100644 --- a/cpp/ql/src/external/DefectFilter.qll +++ b/cpp/ql/src/external/DefectFilter.qll @@ -49,7 +49,7 @@ class DefectResult extends int { /** Gets the URL corresponding to the location of this query result. */ string getURL() { result = - "file://" + getFile().getAbsolutePath() + ":" + getStartLine() + ":" + getStartColumn() + ":" + - getEndLine() + ":" + getEndColumn() + "file://" + this.getFile().getAbsolutePath() + ":" + this.getStartLine() + ":" + + this.getStartColumn() + ":" + this.getEndLine() + ":" + this.getEndColumn() } } diff --git a/cpp/ql/test/library-tests/blocks/cpp/exprs.ql b/cpp/ql/test/library-tests/blocks/cpp/exprs.ql index bfc312e00ea..d930dea676f 100644 --- a/cpp/ql/test/library-tests/blocks/cpp/exprs.ql +++ b/cpp/ql/test/library-tests/blocks/cpp/exprs.ql @@ -6,7 +6,7 @@ import cpp */ class CStyleCastPlain extends CStyleCast { - override string toString() { result = "Conversion of " + getExpr().toString() } + override string toString() { result = "Conversion of " + this.getExpr().toString() } } from Expr e diff --git a/cpp/ql/test/library-tests/dataflow/fields/Nodes.qll b/cpp/ql/test/library-tests/dataflow/fields/Nodes.qll index 2c3186b3dfa..7313518af91 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/Nodes.qll +++ b/cpp/ql/test/library-tests/dataflow/fields/Nodes.qll @@ -14,7 +14,7 @@ class Node extends TNode { AST::DataFlow::Node asAst() { none() } /** DEPRECATED: Alias for asAst */ - deprecated AST::DataFlow::Node asAST() { result = asAst() } + deprecated AST::DataFlow::Node asAST() { result = this.asAst() } Location getLocation() { none() } } @@ -29,7 +29,7 @@ class AstNode extends Node, TAstNode { override AST::DataFlow::Node asAst() { result = n } /** DEPRECATED: Alias for asAst */ - deprecated override AST::DataFlow::Node asAST() { result = asAst() } + deprecated override AST::DataFlow::Node asAST() { result = this.asAst() } override Location getLocation() { result = n.getLocation() } } diff --git a/cpp/ql/test/library-tests/identity_string/identity_string.ql b/cpp/ql/test/library-tests/identity_string/identity_string.ql index c663bc6d89b..21f83f9ba3c 100644 --- a/cpp/ql/test/library-tests/identity_string/identity_string.ql +++ b/cpp/ql/test/library-tests/identity_string/identity_string.ql @@ -6,11 +6,11 @@ abstract class CheckCall extends FunctionCall { final string getExpectedString() { exists(int lastArgIndex | - lastArgIndex = getNumberOfArguments() - 1 and + lastArgIndex = this.getNumberOfArguments() - 1 and ( - result = getArgument(lastArgIndex).getValue() + result = this.getArgument(lastArgIndex).getValue() or - not exists(getArgument(lastArgIndex).getValue()) and result = "" + not exists(this.getArgument(lastArgIndex).getValue()) and result = "" ) ) } @@ -20,50 +20,54 @@ abstract class CheckCall extends FunctionCall { class CheckTypeCall extends CheckCall { CheckTypeCall() { - getTarget().(FunctionTemplateInstantiation).getTemplate().hasGlobalName("check_type") + this.getTarget().(FunctionTemplateInstantiation).getTemplate().hasGlobalName("check_type") } override string getActualString() { - result = getTypeIdentityString(getSpecifiedType()) + result = getTypeIdentityString(this.getSpecifiedType()) or - not exists(getTypeIdentityString(getSpecifiedType())) and result = "" + not exists(getTypeIdentityString(this.getSpecifiedType())) and result = "" } - override string explain() { result = getSpecifiedType().explain() } + override string explain() { result = this.getSpecifiedType().explain() } - final Type getSpecifiedType() { result = getTarget().getTemplateArgument(0) } + final Type getSpecifiedType() { result = this.getTarget().getTemplateArgument(0) } } class CheckFuncCall extends CheckCall { CheckFuncCall() { - getTarget().(FunctionTemplateInstantiation).getTemplate().hasGlobalName("check_func") + this.getTarget().(FunctionTemplateInstantiation).getTemplate().hasGlobalName("check_func") } override string getActualString() { - result = getIdentityString(getSpecifiedFunction()) + result = getIdentityString(this.getSpecifiedFunction()) or - not exists(getIdentityString(getSpecifiedFunction())) and result = "" + not exists(getIdentityString(this.getSpecifiedFunction())) and result = "" } - override string explain() { result = getSpecifiedFunction().toString() } + override string explain() { result = this.getSpecifiedFunction().toString() } - final Function getSpecifiedFunction() { result = getArgument(0).(FunctionAccess).getTarget() } + final Function getSpecifiedFunction() { + result = this.getArgument(0).(FunctionAccess).getTarget() + } } class CheckVarCall extends CheckCall { CheckVarCall() { - getTarget().(FunctionTemplateInstantiation).getTemplate().hasGlobalName("check_var") + this.getTarget().(FunctionTemplateInstantiation).getTemplate().hasGlobalName("check_var") } override string getActualString() { - result = getIdentityString(getSpecifiedVariable()) + result = getIdentityString(this.getSpecifiedVariable()) or - not exists(getIdentityString(getSpecifiedVariable())) and result = "" + not exists(getIdentityString(this.getSpecifiedVariable())) and result = "" } - override string explain() { result = getSpecifiedVariable().toString() } + override string explain() { result = this.getSpecifiedVariable().toString() } - final Variable getSpecifiedVariable() { result = getArgument(0).(VariableAccess).getTarget() } + final Variable getSpecifiedVariable() { + result = this.getArgument(0).(VariableAccess).getTarget() + } } bindingset[s] diff --git a/cpp/ql/test/library-tests/locations/constants/locations.ql b/cpp/ql/test/library-tests/locations/constants/locations.ql index 553a364d199..e6d512d2f94 100644 --- a/cpp/ql/test/library-tests/locations/constants/locations.ql +++ b/cpp/ql/test/library-tests/locations/constants/locations.ql @@ -6,7 +6,7 @@ import cpp */ class CStyleCastPlain extends CStyleCast { - override string toString() { result = "Conversion of " + getExpr().toString() } + override string toString() { result = "Conversion of " + this.getExpr().toString() } } from Expr e diff --git a/cpp/ql/test/library-tests/loops/loops.ql b/cpp/ql/test/library-tests/loops/loops.ql index b6d8f130586..bb68645d98c 100644 --- a/cpp/ql/test/library-tests/loops/loops.ql +++ b/cpp/ql/test/library-tests/loops/loops.ql @@ -1,7 +1,7 @@ import cpp class ExprStmt_ extends ExprStmt { - override string toString() { result = "ExprStmt: " + getExpr().toString() } + override string toString() { result = "ExprStmt: " + this.getExpr().toString() } } from Loop l, string s, Element e From 891a94c166926b23a5f932b0a15557eb25c2478f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= Date: Tue, 9 May 2023 16:27:32 +0200 Subject: [PATCH 188/870] Apply suggestions from code review Co-authored-by: Asger F --- javascript/ql/lib/semmle/javascript/Actions.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/Actions.qll b/javascript/ql/lib/semmle/javascript/Actions.qll index 36a4b6ebc21..8854eb11a55 100644 --- a/javascript/ql/lib/semmle/javascript/Actions.qll +++ b/javascript/ql/lib/semmle/javascript/Actions.qll @@ -18,7 +18,7 @@ module Actions { ( f.getRelativePath().regexpMatch("(^|.*/)\\.github/workflows/.*\\.ya?ml$") or - f.getBaseName() = "action.yml" + f.getBaseName() = ["action.yml", "action.yaml"] ) ) } @@ -30,7 +30,7 @@ module Actions { */ class CompositeAction extends Node, YamlDocument, YamlMapping { CompositeAction() { - this.getFile().getBaseName() = "action.yml" and + this.getFile().getBaseName() = ["action.yml", "action.yaml"] and this.lookup("runs").(YamlMapping).lookup("using").(YamlScalar).getValue() = "composite" } From c7d72e0d348bc7f38c0dbf5b68476d351b2690ef Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Tue, 9 May 2023 17:01:41 +0200 Subject: [PATCH 189/870] JS: Prevent join order regression --- .../dataflow/SecondOrderCommandInjectionCustomizations.qll | 1 + 1 file changed, 1 insertion(+) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionCustomizations.qll index c405dec31f7..04e2c358788 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionCustomizations.qll @@ -117,6 +117,7 @@ module SecondOrderCommandInjection { int cmdIndex; int argIndex; + pragma[assume_small_delta] IndirectCmdFunc() { exists(CommandExecutingCall call | this.getParameter(cmdIndex).flowsTo(call.getCommandArg()) and From 968a78e3e602bec574d0d885fdf118710b930711 Mon Sep 17 00:00:00 2001 From: Ian Lynagh Date: Tue, 9 May 2023 15:33:30 +0100 Subject: [PATCH 190/870] Kotlin: Small simplification Merge two `IrFunction` cases into one. --- .../src/main/kotlin/KotlinUsesExtractor.kt | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt b/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt index c72f094808b..5205deceede 100644 --- a/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt +++ b/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt @@ -1450,21 +1450,21 @@ open class KotlinUsesExtractor( fun getTypeParameterParentLabel(param: IrTypeParameter) = param.parent.let { - (it as? IrFunction)?.let { fn -> - if (this is KotlinFileExtractor) - this.declarationStack.findOverriddenAttributes(fn)?.takeUnless { - // When extracting the `static fun f$default(...)` that accompanies `fun f(val x: T? = defaultExpr, ...)`, - // `f$default` has no type parameters, and so there is no `f$default::T` to refer to. - // We have no good way to extract references to `T` in `defaultExpr`, so we just fall back on describing it - // in terms of `f::T`, even though that type variable ought to be out of scope here. - attribs -> attribs.typeParameters?.isEmpty() == true - }?.id - else - null - } ?: when (it) { is IrClass -> useClassSource(it) - is IrFunction -> useFunction(it, noReplace = true) + is IrFunction -> + (if (this is KotlinFileExtractor) + this.declarationStack.findOverriddenAttributes(it)?.takeUnless { + // When extracting the `static fun f$default(...)` that accompanies `fun f(val x: T? = defaultExpr, ...)`, + // `f$default` has no type parameters, and so there is no `f$default::T` to refer to. + // We have no good way to extract references to `T` in `defaultExpr`, so we just fall back on describing it + // in terms of `f::T`, even though that type variable ought to be out of scope here. + attribs -> attribs.typeParameters?.isEmpty() == true + }?.id + else + null + ) ?: + useFunction(it, noReplace = true) else -> { logger.error("Unexpected type parameter parent $it"); null } } } From 24d7391f5b3dd9fe4833e23ab957d360e8ecb3fc Mon Sep 17 00:00:00 2001 From: Ian Lynagh Date: Thu, 4 May 2023 18:03:38 +0100 Subject: [PATCH 191/870] Kotlin: Remove ODASA_JAVA_LAYOUT support This is no longer supported, and has never been used with Kotlin. --- .../semmle/extractor/java/OdasaOutput.java | 35 ++++++------------- 1 file changed, 10 insertions(+), 25 deletions(-) diff --git a/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java b/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java index bd667f79a99..fd4d71562f0 100644 --- a/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java +++ b/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java @@ -50,13 +50,9 @@ import com.semmle.util.trap.dependencies.TrapSet; import com.semmle.util.trap.pathtransformers.PathTransformer; public class OdasaOutput { - // either these are set ... private final File trapFolder; private final File sourceArchiveFolder; - // ... or this one is set - private final PopulationSpecFile specFile; - private File currentSourceFile; private TrapSet trapsCreated; private TrapDependencies trapDependenciesForSource; @@ -72,29 +68,21 @@ public class OdasaOutput { OdasaOutput(File outputRoot, Logger log) { this.trapFolder = new File(outputRoot, "trap"); this.sourceArchiveFolder = new File(outputRoot, "src_archive"); - this.specFile = null; this.trackClassOrigins = false; this.log = log; } public OdasaOutput(boolean trackClassOrigins, Logger log) { String trapFolderVar = Env.systemEnv().getFirstNonEmpty("CODEQL_EXTRACTOR_JAVA_TRAP_DIR", Var.TRAP_FOLDER.name()); - if (trapFolderVar != null) { - String sourceArchiveVar = Env.systemEnv().getFirstNonEmpty("CODEQL_EXTRACTOR_JAVA_SOURCE_ARCHIVE_DIR", Var.SOURCE_ARCHIVE.name()); - if (sourceArchiveVar == null) - throw new ResourceError(Var.TRAP_FOLDER + " was set to '" + trapFolderVar + "', but " - + Var.SOURCE_ARCHIVE + " was not set"); - this.trapFolder = new File(trapFolderVar); - this.sourceArchiveFolder = new File(sourceArchiveVar); - this.specFile = null; - } else { - this.trapFolder = null; - this.sourceArchiveFolder = null; - String specFileVar = Env.systemEnv().get(Var.ODASA_JAVA_LAYOUT); - if (specFileVar == null) - throw new ResourceError("Neither " + Var.TRAP_FOLDER + " nor " + Var.ODASA_JAVA_LAYOUT + " was set"); - this.specFile = new PopulationSpecFile(new File(specFileVar)); + if (trapFolderVar == null) { + throw new ResourceError(Var.ODASA_JAVA_LAYOUT + " was not set"); } + String sourceArchiveVar = Env.systemEnv().getFirstNonEmpty("CODEQL_EXTRACTOR_JAVA_SOURCE_ARCHIVE_DIR", Var.SOURCE_ARCHIVE.name()); + if (sourceArchiveVar == null) { + throw new ResourceError(Var.SOURCE_ARCHIVE + " was not set"); + } + this.trapFolder = new File(trapFolderVar); + this.sourceArchiveFolder = new File(sourceArchiveVar); this.trackClassOrigins = trackClassOrigins; this.log = log; } @@ -123,11 +111,8 @@ public class OdasaOutput { /** The output paths for that file, or null if it shouldn't be included */ private SpecFileEntry entryFor() { - if (specFile != null) - return specFile.getEntryFor(currentSourceFile); - else - return new SpecFileEntry(trapFolder, sourceArchiveFolder, - Arrays.asList(PathTransformer.std().fileAsDatabaseString(currentSourceFile))); + return new SpecFileEntry(trapFolder, sourceArchiveFolder, + Arrays.asList(PathTransformer.std().fileAsDatabaseString(currentSourceFile))); } /* From 9764a8c348e6d5542e28a9c9d10222266f54f010 Mon Sep 17 00:00:00 2001 From: Ian Lynagh Date: Tue, 9 May 2023 13:15:51 +0100 Subject: [PATCH 192/870] Kotlin: Remove some redundant return statments --- java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt b/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt index c72f094808b..5a54fd51c36 100644 --- a/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt +++ b/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt @@ -1365,7 +1365,7 @@ open class KotlinUsesExtractor( val boundResults = useType(arg.type, TypeContext.GENERIC_ARGUMENT) val boundLabel = boundResults.javaResult.id.cast() - return if(arg.variance == Variance.INVARIANT) + if(arg.variance == Variance.INVARIANT) boundResults.javaResult.cast().forgetSignature() else { val keyPrefix = if (arg.variance == Variance.IN_VARIANCE) "super" else "extends" @@ -1379,7 +1379,7 @@ open class KotlinUsesExtractor( } else -> { logger.error("Unexpected type argument.") - return extractJavaErrorType().forgetSignature() + extractJavaErrorType().forgetSignature() } } } From 2c41c5b0e23dc98b2f93ba874e2caea69164f251 Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Tue, 9 May 2023 17:27:16 +0200 Subject: [PATCH 193/870] Make inputStreamWrapper consider supertypes transitively --- .../semmle/code/java/dataflow/internal/TaintTrackingUtil.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll index 874c08bdaba..044b250e473 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll @@ -256,7 +256,7 @@ private class BulkData extends RefType { */ private predicate inputStreamWrapper(Constructor c, int argi) { c.getParameterType(argi) instanceof BulkData and - c.getDeclaringType().getASourceSupertype().hasQualifiedName("java.io", "InputStream") + c.getDeclaringType().getASourceSupertype*().hasQualifiedName("java.io", "InputStream") } /** An object construction that preserves the data flow status of any of its arguments. */ From c1110666b53cdb3698777980332b23970c958526 Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Fri, 14 Apr 2023 15:23:02 +0200 Subject: [PATCH 194/870] Python: remaining content-based summary components --- .../python/dataflow/new/FlowSummary.qll | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll b/python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll index 14b4b6d4796..5e82700bd0e 100644 --- a/python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll +++ b/python/ql/lib/semmle/python/dataflow/new/FlowSummary.qll @@ -28,6 +28,27 @@ module SummaryComponent { /** Gets a summary component that represents a list element. */ SummaryComponent listElement() { result = content(any(ListElementContent c)) } + /** Gets a summary component that represents a set element. */ + SummaryComponent setElement() { result = content(any(SetElementContent c)) } + + /** Gets a summary component that represents a tuple element. */ + SummaryComponent tupleElement(int index) { + exists(TupleElementContent c | c.getIndex() = index and result = content(c)) + } + + /** Gets a summary component that represents a dictionary element. */ + SummaryComponent dictionaryElement(string key) { + exists(DictionaryElementContent c | c.getKey() = key and result = content(c)) + } + + /** Gets a summary component that represents a dictionary element at any key. */ + SummaryComponent dictionaryElementAny() { result = content(any(DictionaryElementAnyContent c)) } + + /** Gets a summary component that represents an attribute element. */ + SummaryComponent attribute(string attr) { + exists(AttributeContent c | c.getAttribute() = attr and result = content(c)) + } + /** Gets a summary component that represents the return value of a call. */ SummaryComponent return() { result = SC::return(any(ReturnKind rk)) } } From 064877140e3bc5dc892c010dc1d7214f477a741c Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Fri, 14 Apr 2023 15:23:24 +0200 Subject: [PATCH 195/870] Python: interpret remaining content --- .../new/internal/FlowSummaryImplSpecific.qll | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImplSpecific.qll b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImplSpecific.qll index 9c62b37245f..67a047d8843 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImplSpecific.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImplSpecific.qll @@ -105,6 +105,27 @@ predicate neutralSummaryElement(FlowSummary::SummarizedCallable c, string proven SummaryComponent interpretComponentSpecific(AccessPathToken c) { c = "ListElement" and result = FlowSummary::SummaryComponent::listElement() + or + c = "SetElement" and + result = FlowSummary::SummaryComponent::setElement() + or + exists(int index | + c.getAnArgument("TupleElement") = index.toString() and + result = FlowSummary::SummaryComponent::tupleElement(index) + ) + or + exists(string key | + c.getAnArgument("DictionaryElement") = key and + result = FlowSummary::SummaryComponent::dictionaryElement(key) + ) + or + c = "DictionaryElementAny" and + result = FlowSummary::SummaryComponent::dictionaryElementAny() + or + exists(string attr | + c.getAnArgument("Attribute") = attr and + result = FlowSummary::SummaryComponent::attribute(attr) + ) } /** Gets the textual representation of a summary component in the format used for flow summaries. */ From ec3c63a2b3e46f8ba96f0189706c890d91673af4 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Wed, 10 May 2023 07:03:06 +0200 Subject: [PATCH 196/870] Swift: replace all usages of `std::to_string` with `absl::StrCat` or `absl::StrAppend` --- swift/extractor/infra/SwiftDispatcher.h | 3 ++- swift/extractor/infra/SwiftMangledName.cpp | 7 +++---- swift/extractor/main.cpp | 3 ++- swift/extractor/trap/TrapDomain.h | 3 ++- swift/logging/SwiftLogging.cpp | 6 +++--- 5 files changed, 12 insertions(+), 10 deletions(-) diff --git a/swift/extractor/infra/SwiftDispatcher.h b/swift/extractor/infra/SwiftDispatcher.h index 33b0614e435..7a1548c4f53 100644 --- a/swift/extractor/infra/SwiftDispatcher.h +++ b/swift/extractor/infra/SwiftDispatcher.h @@ -5,6 +5,7 @@ #include #include #include +#include "absl/strings/str_cat.h" #include "swift/extractor/trap/TrapDomain.h" #include "swift/extractor/infra/SwiftTagTraits.h" @@ -83,7 +84,7 @@ class SwiftDispatcher { valid = false; } LOG_ERROR("{} has undefined field {}{}, {}", entry.NAME, field, - index >= 0 ? ('[' + std::to_string(index) + ']') : "", action); + index >= 0 ? absl::StrCat("[", index, "]") : "", action); } }); if (valid) { diff --git a/swift/extractor/infra/SwiftMangledName.cpp b/swift/extractor/infra/SwiftMangledName.cpp index 83bf2ff5708..d4c88c3d314 100644 --- a/swift/extractor/infra/SwiftMangledName.cpp +++ b/swift/extractor/infra/SwiftMangledName.cpp @@ -1,4 +1,5 @@ #include "swift/extractor/infra/SwiftMangledName.h" +#include "absl/strings/str_cat.h" namespace codeql { @@ -8,13 +9,11 @@ void appendPart(std::string& out, const std::string& prefix) { } void appendPart(std::string& out, UntypedTrapLabel label) { - out += '{'; - out += label.str(); - out += '}'; + absl::StrAppend(&out, "{", label.str(), "}"); } void appendPart(std::string& out, unsigned index) { - out += std::to_string(index); + absl::StrAppend(&out, index); } } // namespace diff --git a/swift/extractor/main.cpp b/swift/extractor/main.cpp index f195193e5d7..de8a0d3f5e5 100644 --- a/swift/extractor/main.cpp +++ b/swift/extractor/main.cpp @@ -10,6 +10,7 @@ #include #include "absl/strings/str_join.h" +#include "absl/strings/str_cat.h" #include "swift/extractor/SwiftExtractor.h" #include "swift/extractor/infra/TargetDomains.h" @@ -166,7 +167,7 @@ static void checkWhetherToRunUnderTool(int argc, char* const* argv) { // compilations, diagnostics, etc. codeql::TrapDomain invocationTrapDomain(codeql::SwiftExtractorState& state) { auto timestamp = std::chrono::system_clock::now().time_since_epoch().count(); - auto filename = std::to_string(timestamp) + '-' + std::to_string(getpid()); + auto filename = absl::StrCat(timestamp, "-", getpid()); auto target = std::filesystem::path("invocations") / std::filesystem::path(filename); auto maybeDomain = codeql::createTargetTrapDomain(state, target, codeql::TrapType::invocation); CODEQL_ASSERT(maybeDomain, "Cannot create invocation trap file for {}", target); diff --git a/swift/extractor/trap/TrapDomain.h b/swift/extractor/trap/TrapDomain.h index 2ca5efa113d..5741597d756 100644 --- a/swift/extractor/trap/TrapDomain.h +++ b/swift/extractor/trap/TrapDomain.h @@ -2,6 +2,7 @@ #include #include +#include "absl/strings/str_cat.h" #include "swift/extractor/trap/TrapLabel.h" #include "swift/extractor/infra/file/TargetFile.h" @@ -27,7 +28,7 @@ class TrapDomain { e.forEachLabel([&e, this](const char* field, int index, auto& label) { if (!label.valid()) { LOG_ERROR("{} has undefined field {}{}", e.NAME, field, - index >= 0 ? ('[' + std::to_string(index) + ']') : ""); + index >= 0 ? absl::StrCat("[", index, "]") : ""); } }); } diff --git a/swift/logging/SwiftLogging.cpp b/swift/logging/SwiftLogging.cpp index f742a63e25f..e13ab461a1d 100644 --- a/swift/logging/SwiftLogging.cpp +++ b/swift/logging/SwiftLogging.cpp @@ -4,6 +4,7 @@ #include #include #include +#include "absl/strings/str_cat.h" #define LEVEL_REGEX_PATTERN "trace|debug|info|warning|error|critical|no_logs" @@ -98,9 +99,8 @@ std::vector Log::collectLevelRulesAndReturnProblems(const char* env void Log::configure() { // as we are configuring logging right now, we collect problems and log them at the end auto problems = collectLevelRulesAndReturnProblems("CODEQL_EXTRACTOR_SWIFT_LOG_LEVELS"); - auto logBaseName = std::to_string(std::chrono::system_clock::now().time_since_epoch().count()); - logBaseName += '-'; - logBaseName += std::to_string(getpid()); + auto timestamp = std::chrono::system_clock::now().time_since_epoch().count(); + auto logBaseName = absl::StrCat(timestamp, "-", getpid()); if (text || binary) { std::filesystem::path logFile = getEnvOr("CODEQL_EXTRACTOR_SWIFT_LOG_DIR", "extractor-out/log"); logFile /= "swift"; From c677c04c0c868578a4f3f557bb0e72f2364debd4 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Wed, 10 May 2023 07:03:53 +0200 Subject: [PATCH 197/870] Swift: fix wrong `if (diagnostics)` block placement --- swift/logging/SwiftLogging.cpp | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/swift/logging/SwiftLogging.cpp b/swift/logging/SwiftLogging.cpp index e13ab461a1d..2cea555e0c8 100644 --- a/swift/logging/SwiftLogging.cpp +++ b/swift/logging/SwiftLogging.cpp @@ -131,24 +131,24 @@ void Log::configure() { binary.level = Level::no_logs; text.level = Level::no_logs; } - if (diagnostics) { - std::filesystem::path diagFile = - getEnvOr("CODEQL_EXTRACTOR_SWIFT_DIAGNOSTIC_DIR", "extractor-out/diagnostics"); - diagFile /= programName; - diagFile /= logBaseName; - diagFile.replace_extension(".jsonl"); - std::error_code ec; - std::filesystem::create_directories(diagFile.parent_path(), ec); - if (!ec) { - if (!diagnostics.output.open(diagFile)) { - problems.emplace_back("Unable to open diagnostics json file " + diagFile.string()); - diagnostics.level = Level::no_logs; - } - } else { - problems.emplace_back("Unable to create diagnostics directory " + - diagFile.parent_path().string() + ": " + ec.message()); + } + if (diagnostics) { + std::filesystem::path diagFile = + getEnvOr("CODEQL_EXTRACTOR_SWIFT_DIAGNOSTIC_DIR", "extractor-out/diagnostics"); + diagFile /= programName; + diagFile /= logBaseName; + diagFile.replace_extension(".jsonl"); + std::error_code ec; + std::filesystem::create_directories(diagFile.parent_path(), ec); + if (!ec) { + if (!diagnostics.output.open(diagFile)) { + problems.emplace_back("Unable to open diagnostics json file " + diagFile.string()); diagnostics.level = Level::no_logs; } + } else { + problems.emplace_back("Unable to create diagnostics directory " + + diagFile.parent_path().string() + ": " + ec.message()); + diagnostics.level = Level::no_logs; } } for (const auto& problem : problems) { From 4d84f92e8cce358996d0218b695ac0749ae61921 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 10 May 2023 08:15:15 +0200 Subject: [PATCH 198/870] Python: Update expected test output --- .../dataflow/variable-capture/dataflow-consistency.expected | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/python/ql/test/experimental/dataflow/variable-capture/dataflow-consistency.expected b/python/ql/test/experimental/dataflow/variable-capture/dataflow-consistency.expected index fab39a276d3..2b3497b283c 100644 --- a/python/ql/test/experimental/dataflow/variable-capture/dataflow-consistency.expected +++ b/python/ql/test/experimental/dataflow/variable-capture/dataflow-consistency.expected @@ -29,6 +29,6 @@ uniqueParameterNodeAtPosition uniqueParameterNodePosition uniqueContentApprox identityLocalStep -| collections.py:36:10:36:15 | ControlFlowNode for SOURCE | Node steps to itself | -| collections.py:45:19:45:21 | ControlFlowNode for mod | Node steps to itself | -| collections.py:52:13:52:21 | ControlFlowNode for mod_local | Node steps to itself | +| test_collections.py:36:10:36:15 | ControlFlowNode for SOURCE | Node steps to itself | +| test_collections.py:45:19:45:21 | ControlFlowNode for mod | Node steps to itself | +| test_collections.py:52:13:52:21 | ControlFlowNode for mod_local | Node steps to itself | From b28254327a9c9f6edb1ffa8cc70cac6ed94933e5 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 10 May 2023 08:16:31 +0200 Subject: [PATCH 199/870] Update javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll Co-authored-by: Erik Krogh Kristensen --- .../dataflow/IndirectCommandInjectionCustomizations.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll index 5d84291f1de..511b8c2ae70 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll @@ -58,7 +58,7 @@ module IndirectCommandInjection { } /** Gets a data flow node referring to `process.env`. */ - DataFlow::SourceNode envObject() { result = envObject(DataFlow::TypeTracker::end()) } + private DataFlow::SourceNode envObject() { result = envObject(DataFlow::TypeTracker::end()) } /** * Gets the name of an environment variable that is assumed to be safe. From d7aca9e909047aa64717d3e5cd1a6cbe4762ef66 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 10 May 2023 08:57:27 +0200 Subject: [PATCH 200/870] use comma separator in concatenation --- java/ql/src/Telemetry/AutomodelExtractCandidates.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/src/Telemetry/AutomodelExtractCandidates.ql b/java/ql/src/Telemetry/AutomodelExtractCandidates.ql index eb94f1698fc..9884e356c6a 100644 --- a/java/ql/src/Telemetry/AutomodelExtractCandidates.ql +++ b/java/ql/src/Telemetry/AutomodelExtractCandidates.ql @@ -35,7 +35,7 @@ where not CharacteristicsImpl::isKnownSink(endpoint, sinkType) and CharacteristicsImpl::isSinkCandidate(endpoint, sinkType) | - sinkType + ", " + sinkType, ", " ) select endpoint, message + "\nrelated locations: $@, $@." + "\nmetadata: $@, $@, $@, $@, $@, $@.", // From 94cb82e553e0388244bf6ea6947695942f71bd31 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 10 May 2023 09:06:11 +0200 Subject: [PATCH 201/870] remove TestFileCharacteristic as it's redundant --- .../AutomodelFrameworkModeCharacteristics.qll | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll index e7a38aa59eb..1598f6cc9e3 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll @@ -221,23 +221,6 @@ private class ExceptionCharacteristic extends CharacteristicsImpl::NotASinkChara } } -/** - * A negative characteristic that indicates that an endpoint sits in a test file. - */ -private class TestFileCharacteristic extends CharacteristicsImpl::LikelyNotASinkCharacteristic { - TestFileCharacteristic() { this = "test file" } - - override predicate appliesToEndpoint(Endpoint e) { - exists(File f | f = e.getLocation().getFile() and isInTestFile(f)) - } - - private predicate isInTestFile(File file) { - file.getAbsolutePath().matches("%src/test/%") or - file.getAbsolutePath().matches("%/guava-tests/%") or - file.getAbsolutePath().matches("%/guava-testlib/%") - } -} - /** * A characteristic that limits candidates to parameters of methods that are recognized as `ModelApi`, iow., APIs that * are considered worth modeling. From 023b8e4f152f115af59c067f132903d0925aeaa9 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 10 May 2023 08:21:21 +0100 Subject: [PATCH 202/870] C++: Add a testcase that needs heuristic allocation. --- .../experimental/query-tests/Security/CWE/CWE-119/test.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp index fe54fc86b2d..26a2feeab97 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp @@ -243,3 +243,9 @@ void test_flow_through_setter(unsigned size) { memset(str.string, 0, size + 1); // BAD } +void* my_alloc(unsigned size); + +void foo(unsigned size) { + int* p = (int*)my_alloc(size); // BAD [NOT DETECTED] + memset(p, 0, size + 1); +} \ No newline at end of file From 9da7c9f69668631823d3fd0dc50c66aedca9b637 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 10 May 2023 08:22:56 +0100 Subject: [PATCH 203/870] C++: Use heuristic allocation in 'cpp/overrun-write'. --- .../src/experimental/Likely Bugs/OverrunWriteProductFlow.ql | 2 +- .../Security/CWE/CWE-119/OverrunWriteProductFlow.expected | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql b/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql index b49deb45ee3..79a5497f46d 100644 --- a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql +++ b/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql @@ -47,7 +47,7 @@ VariableAccess getAVariableAccess(Expr e) { e.getAChild*() = result } * Holds if `(n, state)` pair represents the source of flow for the size * expression associated with `alloc`. */ -predicate hasSize(AllocationExpr alloc, DataFlow::Node n, int state) { +predicate hasSize(HeuristicAllocationExpr alloc, DataFlow::Node n, int state) { exists(VariableAccess va, Expr size, int delta | size = alloc.getSizeExpr() and // Get the unique variable in a size expression like `x` in `malloc(x + 1)`. diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected index bca05e2a4ef..3b450ac9b8f 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected @@ -222,6 +222,7 @@ edges | test.cpp:243:12:243:14 | str indirection [string] | test.cpp:243:12:243:21 | string | | test.cpp:243:12:243:14 | str indirection [string] | test.cpp:243:16:243:21 | string indirection | | test.cpp:243:16:243:21 | string indirection | test.cpp:243:12:243:21 | string | +| test.cpp:249:20:249:27 | call to my_alloc | test.cpp:250:12:250:12 | p | nodes | test.cpp:16:11:16:21 | mk_string_t indirection [string] | semmle.label | mk_string_t indirection [string] | | test.cpp:18:5:18:30 | ... = ... | semmle.label | ... = ... | @@ -402,6 +403,8 @@ nodes | test.cpp:243:12:243:14 | str indirection [string] | semmle.label | str indirection [string] | | test.cpp:243:12:243:21 | string | semmle.label | string | | test.cpp:243:16:243:21 | string indirection | semmle.label | string indirection | +| test.cpp:249:20:249:27 | call to my_alloc | semmle.label | call to my_alloc | +| test.cpp:250:12:250:12 | p | semmle.label | p | subpaths | test.cpp:242:22:242:27 | buffer | test.cpp:235:40:235:45 | buffer | test.cpp:236:12:236:17 | p_str indirection [post update] [string] | test.cpp:242:16:242:19 | set_string output argument [string] | #select @@ -422,3 +425,4 @@ subpaths | test.cpp:207:9:207:15 | call to strncpy | test.cpp:147:19:147:24 | call to malloc | test.cpp:207:22:207:27 | string | This write may overflow $@ by 3 elements. | test.cpp:207:22:207:27 | string | string | | test.cpp:232:3:232:8 | call to memset | test.cpp:228:43:228:48 | call to malloc | test.cpp:232:10:232:15 | buffer | This write may overflow $@ by 32 elements. | test.cpp:232:10:232:15 | buffer | buffer | | test.cpp:243:5:243:10 | call to memset | test.cpp:241:27:241:32 | call to malloc | test.cpp:243:12:243:21 | string | This write may overflow $@ by 1 element. | test.cpp:243:16:243:21 | string | string | +| test.cpp:250:5:250:10 | call to memset | test.cpp:249:20:249:27 | call to my_alloc | test.cpp:250:12:250:12 | p | This write may overflow $@ by 1 element. | test.cpp:250:12:250:12 | p | p | From 363514e4ca5a7af2a5e813b8e94aa1464b0216cd Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 10 May 2023 08:23:07 +0100 Subject: [PATCH 204/870] C++: Expand heuristic to catch more sources. --- .../lib/semmle/code/cpp/models/implementations/Allocation.qll | 2 +- .../test/experimental/query-tests/Security/CWE/CWE-119/test.cpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Allocation.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Allocation.qll index a1fa08daa7d..026299c1638 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Allocation.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Allocation.qll @@ -437,7 +437,7 @@ private module HeuristicAllocation { int sizeArg; HeuristicAllocationFunctionByName() { - Function.super.getName().matches("%alloc%") and + Function.super.getName().matches(["%alloc%", "%Alloc%"]) and Function.super.getUnspecifiedType() instanceof PointerType and sizeArg = unique( | | getAnUnsignedParameter(this)) } diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp index 26a2feeab97..8a7afb1a4a3 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp @@ -246,6 +246,6 @@ void test_flow_through_setter(unsigned size) { void* my_alloc(unsigned size); void foo(unsigned size) { - int* p = (int*)my_alloc(size); // BAD [NOT DETECTED] + int* p = (int*)my_alloc(size); // BAD memset(p, 0, size + 1); } \ No newline at end of file From 85f519b7b49a45e0a3a7a391ed0ced3226c9b216 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 10 May 2023 09:33:37 +0200 Subject: [PATCH 205/870] documentation updates from review comments --- .../AutomodelFrameworkModeCharacteristics.qll | 6 ++++++ .../Telemetry/AutomodelSharedCharacteristics.qll | 15 ++++++++++----- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll index 1598f6cc9e3..7f2b3086e05 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll @@ -31,6 +31,7 @@ abstract class MetadataExtractor extends string { ); } +// for documentation of the implementations here, see the QLDoc in the CandidateSig signature module. module FrameworkCandidatesImpl implements SharedCharacteristics::CandidateSig { class Endpoint = DataFlow::ParameterNode; @@ -101,6 +102,11 @@ module FrameworkCandidatesImpl implements SharedCharacteristics::CandidateSig { exists(int paramIdx | e.isParameterOf(_, paramIdx) | input = "Argument[" + paramIdx + "]") } + /** + * Returns the related location for the given endpoint. + * + * Related locations can be JavaDoc comments of the class or the method. + */ RelatedLocation getRelatedLocation(Endpoint e, string name) { name = "Callable-JavaDoc" and result = FrameworkCandidatesImpl::getCallable(e).(Documentable).getJavadoc() diff --git a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll index 84d8f7c9638..c6dd6073097 100644 --- a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll @@ -55,6 +55,12 @@ signature module CandidateSig { */ predicate isNeutral(Endpoint e); + /** + * A related location is a source code location that may hold extra information about an endpoint that can be useful + * to the machine learning model. + * + * For example, a related location for a method call may be the documentation comment of a method. + */ RelatedLocation getRelatedLocation(Endpoint e, string name); } @@ -95,8 +101,8 @@ module SharedCharacteristics { } /** - * If it exists, gets a related location for a given endpoint or candidate. - * If it doesn't exist, returns the candidate itself as a 'null' value. + * Gets the related location of `e` with name `name`, if it exists. + * Otherwise, gets the candidate itself. */ bindingset[name] Candidate::RelatedLocation getRelatedLocationOrCandidate(Candidate::Endpoint e, string name) { @@ -115,8 +121,8 @@ module SharedCharacteristics { // An endpoint is a sink candidate if none of its characteristics give much indication whether or not it is a sink. not sinkType instanceof Candidate::NegativeEndpointType and result.appliesToEndpoint(candidateSink) and - // Exclude endpoints that have a characteristic that implies they're not sinks for _any_ sink type. ( + // Exclude endpoints that have a characteristic that implies they're not sinks for _any_ sink type. exists(float confidence | confidence >= mediumConfidence() and result.hasImplications(any(Candidate::NegativeEndpointType t), true, confidence) @@ -144,8 +150,7 @@ module SharedCharacteristics { EndpointCharacteristic() { any() } /** - * Holds for parameters that have this characteristic. This predicate contains the logic that applies characteristics - * to the appropriate set of dataflow parameters. + * Holds for endpoints that have this characteristic. */ abstract predicate appliesToEndpoint(Candidate::Endpoint n); From 46741c6e42bf35304120fe88d8548433dd558f68 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 10 May 2023 09:34:13 +0200 Subject: [PATCH 206/870] rename kind -> label --- .../AutomodelFrameworkModeCharacteristics.qll | 30 +++++++++---------- .../AutomodelSharedCharacteristics.qll | 12 ++++---- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll index 7f2b3086e05..d11d925c130 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll @@ -46,39 +46,39 @@ module FrameworkCandidatesImpl implements SharedCharacteristics::CandidateSig { RelatedLocation asLocation(Endpoint e) { result = e.asParameter() } - predicate isKnownLabel(string label, string humanReadableLabel, EndpointType type) { - label = "read-file" and - humanReadableLabel = "read file" and + predicate isKnownKind(string kind, string humanReadableKind, EndpointType type) { + kind = "read-file" and + humanReadableKind = "read file" and type instanceof AutomodelEndpointTypes::TaintedPathSinkType or - label = "create-file" and - humanReadableLabel = "create file" and + kind = "create-file" and + humanReadableKind = "create file" and type instanceof AutomodelEndpointTypes::TaintedPathSinkType or - label = "sql" and - humanReadableLabel = "mad modeled sql" and + kind = "sql" and + humanReadableKind = "mad modeled sql" and type instanceof AutomodelEndpointTypes::SqlSinkType or - label = "open-url" and - humanReadableLabel = "open url" and + kind = "open-url" and + humanReadableKind = "open url" and type instanceof AutomodelEndpointTypes::RequestForgerySinkType or - label = "jdbc-url" and - humanReadableLabel = "jdbc url" and + kind = "jdbc-url" and + humanReadableKind = "jdbc url" and type instanceof AutomodelEndpointTypes::RequestForgerySinkType or - label = "command-injection" and - humanReadableLabel = "command injection" and + kind = "command-injection" and + humanReadableKind = "command injection" and type instanceof AutomodelEndpointTypes::CommandInjectionSinkType } - predicate isSink(Endpoint e, string label) { + predicate isSink(Endpoint e, string kind) { exists( string package, string type, boolean subtypes, string name, string signature, string ext, string input | sinkSpec(e, package, type, subtypes, name, signature, ext, input) and - ExternalFlow::sinkModel(package, type, subtypes, name, [signature, ""], ext, input, label, _) + ExternalFlow::sinkModel(package, type, subtypes, name, [signature, ""], ext, input, kind, _) ) } diff --git a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll index c6dd6073097..96b3d811c84 100644 --- a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll @@ -24,7 +24,7 @@ signature module CandidateSig { class RelatedLocation; /** - * A class label for an endpoint. + * A class kind for an endpoint. */ class EndpointType extends string; @@ -36,9 +36,9 @@ signature module CandidateSig { RelatedLocation asLocation(Endpoint e); /** - * Defines what MaD labels are known, and what endpoint type they correspond to. + * Defines what MaD kinds are known, and what endpoint type they correspond to. */ - predicate isKnownLabel(string label, string humanReadableLabel, EndpointType type); + predicate isKnownLabel(string kind, string humanReadableLabel, EndpointType type); /** * Should hold for any endpoint that is a flow sanitizer. @@ -46,9 +46,9 @@ signature module CandidateSig { predicate isSanitizer(Endpoint e, EndpointType t); /** - * Should hold for any endpoint that is a sink of the given (known or unknown) label. + * Should hold for any endpoint that is a sink of the given (known or unknown) kind. */ - predicate isSink(Endpoint e, string label); + predicate isSink(Endpoint e, string kind); /** * Should hold for any endpoint that is known to not be any sink. @@ -138,7 +138,7 @@ module SharedCharacteristics { /** * A set of characteristics that a particular endpoint might have. This set of characteristics is used to make decisions - * about whether to include the endpoint in the training set and with what label, as well as whether to score the + * about whether to include the endpoint in the training set and with what kind, as well as whether to score the * endpoint at inference time. */ abstract class EndpointCharacteristic extends string { From 60b0f25a9a145556a896cc07c82926d18e787177 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 9 May 2023 11:03:52 +0200 Subject: [PATCH 207/870] Ruby: Improvements to `RegExpTracking` --- .../lib/codeql/ruby/controlflow/CfgNodes.qll | 6 +- .../internal/TaintTrackingPrivate.qll | 9 +- .../ruby/regexp/internal/RegExpTracking.qll | 221 ++++++++++++------ .../codeql/ruby/typetracking/TypeTracker.qll | 13 +- 4 files changed, 166 insertions(+), 83 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/controlflow/CfgNodes.qll b/ruby/ql/lib/codeql/ruby/controlflow/CfgNodes.qll index 6a5bc217303..96c015a6a4a 100644 --- a/ruby/ql/lib/codeql/ruby/controlflow/CfgNodes.qll +++ b/ruby/ql/lib/codeql/ruby/controlflow/CfgNodes.qll @@ -936,10 +936,10 @@ module ExprNodes { } /** A control-flow node that wraps a `StringLiteral` AST expression. */ - class StringLiteralCfgNode extends ExprCfgNode { - override string getAPrimaryQlClass() { result = "StringLiteralCfgNode" } + class StringLiteralCfgNode extends StringlikeLiteralCfgNode { + StringLiteralCfgNode() { e instanceof StringLiteral } - override StringLiteral e; + override string getAPrimaryQlClass() { result = "StringLiteralCfgNode" } final override StringLiteral getExpr() { result = super.getExpr() } } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll index c89a629e198..3381187985a 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll @@ -112,6 +112,13 @@ private module Cached { ) } + cached + predicate summaryThroughStepTaint( + DataFlow::Node arg, DataFlow::Node out, FlowSummaryImpl::Public::SummarizedCallable sc + ) { + FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(arg, out, sc) + } + /** * Holds if taint propagates from `nodeFrom` to `nodeTo` in exactly one local * (intra-procedural) step. @@ -122,7 +129,7 @@ private module Cached { defaultAdditionalTaintStep(nodeFrom, nodeTo) or // Simple flow through library code is included in the exposed local // step relation, even though flow is technically inter-procedural - FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(nodeFrom, nodeTo, _) + summaryThroughStepTaint(nodeFrom, nodeTo, _) } } diff --git a/ruby/ql/lib/codeql/ruby/regexp/internal/RegExpTracking.qll b/ruby/ql/lib/codeql/ruby/regexp/internal/RegExpTracking.qll index e787ae358e1..648bc533046 100644 --- a/ruby/ql/lib/codeql/ruby/regexp/internal/RegExpTracking.qll +++ b/ruby/ql/lib/codeql/ruby/regexp/internal/RegExpTracking.qll @@ -21,6 +21,7 @@ private import codeql.ruby.typetracking.TypeTracker private import codeql.ruby.ApiGraphs private import codeql.ruby.Concepts private import codeql.ruby.dataflow.internal.DataFlowPrivate as DataFlowPrivate +private import codeql.ruby.dataflow.internal.TaintTrackingPrivate as TaintTrackingPrivate private import codeql.ruby.TaintTracking private import codeql.ruby.frameworks.core.String @@ -37,43 +38,6 @@ DataFlow::LocalSourceNode strStart() { /** Gets a dataflow node for a regular expression literal. */ DataFlow::LocalSourceNode regStart() { result.asExpr().getExpr() instanceof Ast::RegExpLiteral } -/** - * Holds if the analysis should track flow from `nodeFrom` to `nodeTo` on top of the ordinary type-tracking steps. - * `nodeFrom` and `nodeTo` has type `fromType` and `toType` respectively. - * The types are either "string" or "regexp". - */ -predicate step( - DataFlow::Node nodeFrom, DataFlow::LocalSourceNode nodeTo, string fromType, string toType -) { - fromType = toType and - fromType = "string" and - ( - // include taint flow through `String` summaries - TaintTracking::localTaintStep(nodeFrom, nodeTo) and - nodeFrom.(DataFlowPrivate::SummaryNode).getSummarizedCallable() instanceof - String::SummarizedCallable - or - // string concatenations, and - exists(CfgNodes::ExprNodes::OperationCfgNode op | - op = nodeTo.asExpr() and - op.getAnOperand() = nodeFrom.asExpr() and - op.getExpr().(Ast::BinaryOperation).getOperator() = "+" - ) - or - // string interpolations - nodeFrom.asExpr() = - nodeTo.asExpr().(CfgNodes::ExprNodes::StringlikeLiteralCfgNode).getAComponent() - ) - or - fromType = "string" and - toType = "reg" and - exists(DataFlow::CallNode call | - call = API::getTopLevelMember("Regexp").getAMethodCall(["compile", "new"]) and - nodeFrom = call.getArgument(0) and - nodeTo = call - ) -} - /** Gets a node where string values that flow to the node are interpreted as regular expressions. */ DataFlow::Node stringSink() { result instanceof RE::RegExpInterpretation::Range and @@ -91,69 +55,172 @@ DataFlow::Node stringSink() { /** Gets a node where regular expressions that flow to the node are used. */ DataFlow::Node regSink() { result = any(RegexExecution exec).getRegex() } -/** Gets a node that is reachable by type-tracking from any string or regular expression. */ -DataFlow::LocalSourceNode forward(TypeTracker t) { - t.start() and - result = [strStart(), regStart()] - or - exists(TypeTracker t2 | result = forward(t2).track(t2, t)) - or - exists(TypeTracker t2 | t2 = t.continue() | step(forward(t2).getALocalUse(), result, _, _)) +private signature module ReachInputSig { + DataFlow::LocalSourceNode start(TypeTracker t); + + DataFlow::Node end(); + + predicate additionalStep(DataFlow::LocalSourceNode nodeFrom, DataFlow::LocalSourceNode nodeTo); } -/** - * Gets a node that is backwards reachable from any regular expression use, - * where that use is reachable by type-tracking from any string or regular expression. - */ -DataFlow::LocalSourceNode backwards(TypeBackTracker t) { - t.start() and - result.flowsTo([stringSink(), regSink()]) and - result = forward(TypeTracker::end()) - or - exists(TypeBackTracker t2 | result = backwards(t2).backtrack(t2, t)) - or - exists(TypeBackTracker t2 | t2 = t.continue() | step(result.getALocalUse(), backwards(t2), _, _)) +private module Reach { + /** Gets a node that is forwards reachable by type-tracking. */ + pragma[nomagic] + private DataFlow::LocalSourceNode forward(TypeTracker t) { + result = Input::start(t) + or + exists(TypeTracker t2 | result = forward(t2).track(t2, t)) + or + exists(TypeTracker t2 | t2 = t.continue() | Input::additionalStep(forward(t2), result)) + } + + bindingset[result, tbt] + pragma[inline_late] + pragma[noopt] + private DataFlow::LocalSourceNode forwardLateInline(TypeBackTracker tbt) { + exists(TypeTracker tt | + result = forward(tt) and + tt = tbt.getACompatibleTypeTracker() + ) + } + + /** Gets a node that is backwards reachable by type-tracking. */ + pragma[nomagic] + private DataFlow::LocalSourceNode backwards(TypeBackTracker t) { + result = forwardLateInline(t) and + ( + t.start() and + result.flowsTo(Input::end()) + or + exists(TypeBackTracker t2 | result = backwards(t2).backtrack(t2, t)) + or + exists(TypeBackTracker t2 | t2 = t.continue() | Input::additionalStep(result, backwards(t2))) + ) + } + + bindingset[result, tt] + pragma[inline_late] + pragma[noopt] + private DataFlow::LocalSourceNode backwardsInlineLate(TypeTracker tt) { + exists(TypeBackTracker tbt | + result = backwards(tbt) and + tt = tbt.getACompatibleTypeTracker() + ) + } + + pragma[nomagic] + predicate reached(DataFlow::LocalSourceNode n, TypeTracker t) { + n = forward(t) and + n = backwardsInlineLate(t) + } + + pragma[nomagic] + TypeTracker stepReached( + TypeTracker t, DataFlow::LocalSourceNode nodeFrom, DataFlow::LocalSourceNode nodeTo + ) { + exists(StepSummary summary | + StepSummary::step(nodeFrom, nodeTo, summary) and + reached(nodeFrom, t) and + reached(nodeTo, result) and + result = t.append(summary) + ) + or + Input::additionalStep(nodeFrom, nodeTo) and + reached(nodeFrom, pragma[only_bind_into](t)) and + reached(nodeTo, pragma[only_bind_into](t)) and + result = t.continue() + } } +pragma[nomagic] +private predicate regFromString(DataFlow::LocalSourceNode n, DataFlow::CallNode call) { + exists(DataFlow::Node mid | + n.flowsTo(mid) and + call = API::getTopLevelMember("Regexp").getAMethodCall(["compile", "new"]) and + mid = call.getArgument(0) + ) +} + +private module StringReachInput implements ReachInputSig { + DataFlow::LocalSourceNode start(TypeTracker t) { result = strStart() and t.start() } + + DataFlow::Node end() { + result = stringSink() or + regFromString(result, _) + } + + predicate additionalStep(DataFlow::LocalSourceNode nodeFrom, DataFlow::LocalSourceNode nodeTo) { + exists(DataFlow::Node mid | nodeFrom.flowsTo(mid) | + // include taint flow through `String` summaries + TaintTrackingPrivate::summaryThroughStepTaint(mid, nodeTo, any(String::SummarizedCallable c)) + or + // string concatenations, and + exists(CfgNodes::ExprNodes::OperationCfgNode op | + op = nodeTo.asExpr() and + op.getAnOperand() = mid.asExpr() and + op.getExpr().(Ast::BinaryOperation).getOperator() = "+" + ) + or + // string interpolations + mid.asExpr() = nodeTo.asExpr().(CfgNodes::ExprNodes::StringlikeLiteralCfgNode).getAComponent() + ) + } +} + +private module StringReach = Reach; + /** * Gets a node that has been tracked from the string constant `start` to some node. * This is used to figure out where `start` is evaluated as a regular expression against an input string, * or where `start` is compiled into a regular expression. */ private DataFlow::LocalSourceNode trackStrings(DataFlow::Node start, TypeTracker t) { - result = backwards(_) and - ( - t.start() and - start = result and - result = strStart() - or - exists(TypeTracker t2 | result = trackStrings(start, t2).track(t2, t)) - or - // an additional step from string to string - exists(TypeTracker t2 | t2 = t.continue() | - step(trackStrings(start, t2).getALocalUse(), result, "string", "string") - ) - ) + t.start() and + start = result and + result = strStart() and + StringReach::reached(result, t) + or + exists(TypeTracker t2 | t = StringReach::stepReached(t2, trackStrings(start, t2), result)) } +pragma[nomagic] +private predicate regFromStringStart(DataFlow::Node start, TypeTracker t, DataFlow::CallNode nodeTo) { + regFromString(trackStrings(start, t), nodeTo) and + exists(t.continue()) +} + +private module RegReachInput implements ReachInputSig { + DataFlow::LocalSourceNode start(TypeTracker t) { + result = regStart() and + t.start() + or + regFromStringStart(_, t, result) + } + + DataFlow::Node end() { result = regSink() } + + predicate additionalStep(DataFlow::LocalSourceNode nodeFrom, DataFlow::LocalSourceNode nodeTo) { + none() + } +} + +private module RegReach = Reach; + /** * Gets a node that has been tracked from the regular expression `start` to some node. * This is used to figure out where `start` is executed against an input string. */ private DataFlow::LocalSourceNode trackRegs(DataFlow::Node start, TypeTracker t) { - result = backwards(_) and + RegReach::reached(result, t) and ( t.start() and start = result and result = regStart() or - exists(TypeTracker t2 | result = trackRegs(start, t2).track(t2, t)) - or - // an additional step where a string is converted to a regular expression - exists(TypeTracker t2 | t2 = t.continue() | - step(trackStrings(start, t2).getALocalUse(), result, "string", "reg") - ) + regFromStringStart(start, t, result) ) + or + exists(TypeTracker t2 | t = RegReach::stepReached(t2, trackRegs(start, t2), result)) } /** Gets a node that references a regular expression. */ diff --git a/ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll b/ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll index 52807799c2c..d4d9e1f31f5 100644 --- a/ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll +++ b/ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll @@ -613,8 +613,17 @@ class TypeBackTracker extends TTypeBackTracker { * also flow to `sink`. */ TypeTracker getACompatibleTypeTracker() { - exists(boolean hasCall | result = MkTypeTracker(hasCall, content) | - hasCall = false or this.hasReturn() = false + exists(boolean hasCall, OptionalTypeTrackerContent c | + result = MkTypeTracker(hasCall, c) and + ( + compatibleContents(c, content) + or + content = noContent() and c = content + ) + | + hasCall = false + or + this.hasReturn() = false ) } } From 211a1e188cb15b0d009879fced378afe8fb73791 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 9 May 2023 15:15:53 +0200 Subject: [PATCH 208/870] Sync files --- .../python/dataflow/new/internal/TypeTracker.qll | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll index 52807799c2c..d4d9e1f31f5 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll @@ -613,8 +613,17 @@ class TypeBackTracker extends TTypeBackTracker { * also flow to `sink`. */ TypeTracker getACompatibleTypeTracker() { - exists(boolean hasCall | result = MkTypeTracker(hasCall, content) | - hasCall = false or this.hasReturn() = false + exists(boolean hasCall, OptionalTypeTrackerContent c | + result = MkTypeTracker(hasCall, c) and + ( + compatibleContents(c, content) + or + content = noContent() and c = content + ) + | + hasCall = false + or + this.hasReturn() = false ) } } From 91ae61b744e7f4595b6c4d5f491e413d6ecd2dcb Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 10 May 2023 09:42:22 +0200 Subject: [PATCH 209/870] more documentation --- java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll index 96b3d811c84..58fc2285027 100644 --- a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll @@ -33,12 +33,17 @@ signature module CandidateSig { */ class NegativeEndpointType extends EndpointType; + /** + * Gets the endpoint as a location. + * + * This is a utility function to convert an endpoint to its corresponding location. + */ RelatedLocation asLocation(Endpoint e); /** * Defines what MaD kinds are known, and what endpoint type they correspond to. */ - predicate isKnownLabel(string kind, string humanReadableLabel, EndpointType type); + predicate isKnownKind(string kind, string humanReadableLabel, EndpointType type); /** * Should hold for any endpoint that is a flow sanitizer. @@ -56,6 +61,8 @@ signature module CandidateSig { predicate isNeutral(Endpoint e); /** + * Gets a related location. + * * A related location is a source code location that may hold extra information about an endpoint that can be useful * to the machine learning model. * From 51087d090b493810e2b634f201237c0cd412c661 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 10 May 2023 09:42:41 +0200 Subject: [PATCH 210/870] Address review comments --- .../codeql/ruby/regexp/internal/RegExpTracking.qll | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/regexp/internal/RegExpTracking.qll b/ruby/ql/lib/codeql/ruby/regexp/internal/RegExpTracking.qll index 648bc533046..9df923e2d86 100644 --- a/ruby/ql/lib/codeql/ruby/regexp/internal/RegExpTracking.qll +++ b/ruby/ql/lib/codeql/ruby/regexp/internal/RegExpTracking.qll @@ -108,6 +108,7 @@ private module Reach { ) } + /** Holds if `n` is forwards and backwards reachable with type tracker `t`. */ pragma[nomagic] predicate reached(DataFlow::LocalSourceNode n, TypeTracker t) { n = forward(t) and @@ -132,10 +133,11 @@ private module Reach { } } +/** Holds if `inputStr` is compiled to a regular expression that is returned at `call`. */ pragma[nomagic] -private predicate regFromString(DataFlow::LocalSourceNode n, DataFlow::CallNode call) { +private predicate regFromString(DataFlow::LocalSourceNode inputStr, DataFlow::CallNode call) { exists(DataFlow::Node mid | - n.flowsTo(mid) and + inputStr.flowsTo(mid) and call = API::getTopLevelMember("Regexp").getAMethodCall(["compile", "new"]) and mid = call.getArgument(0) ) @@ -183,9 +185,10 @@ private DataFlow::LocalSourceNode trackStrings(DataFlow::Node start, TypeTracker exists(TypeTracker t2 | t = StringReach::stepReached(t2, trackStrings(start, t2), result)) } +/** Holds if `strConst` flows to a regex compilation (tracked by `t`), where the resulting regular expression is stored in `reg`. */ pragma[nomagic] -private predicate regFromStringStart(DataFlow::Node start, TypeTracker t, DataFlow::CallNode nodeTo) { - regFromString(trackStrings(start, t), nodeTo) and +private predicate regFromStringStart(DataFlow::Node strConst, TypeTracker t, DataFlow::CallNode reg) { + regFromString(trackStrings(strConst, t), reg) and exists(t.continue()) } From a5c7d0970264bbc6e89b4802f16cd081fd2cc18e Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Wed, 10 May 2023 09:50:10 +0200 Subject: [PATCH 211/870] C++: Fix the location of order-by in experimental `RangeNode` --- .../semmle/code/cpp/rangeanalysis/extensions/RangeNode.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/RangeNode.qll b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/RangeNode.qll index 71a74c6c4fe..d862b207da4 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/RangeNode.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/RangeNode.qll @@ -86,7 +86,7 @@ private class ExprRangeNode extends DataFlow::ExprNode { concat(Expr arg, int i | arg = e.getArgument(i) | - this.getIntegralBounds(arg) order by i, "," + this.getIntegralBounds(arg), "," order by i ) + ")" } From 4af97274dd2df6190dc7858c05fe58fad77fe70a Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 10 May 2023 08:55:43 +0100 Subject: [PATCH 212/870] Swift: Delete TODO (already fixed). --- swift/extractor/translators/PatternTranslator.cpp | 6 ------ 1 file changed, 6 deletions(-) diff --git a/swift/extractor/translators/PatternTranslator.cpp b/swift/extractor/translators/PatternTranslator.cpp index 85b5bc73ffe..ee119af1c30 100644 --- a/swift/extractor/translators/PatternTranslator.cpp +++ b/swift/extractor/translators/PatternTranslator.cpp @@ -4,12 +4,6 @@ namespace codeql { codeql::NamedPattern PatternTranslator::translateNamedPattern(const swift::NamedPattern& pattern) { auto entry = dispatcher.createEntry(pattern); - // TODO: in some (but not all) cases, this seems to introduce a duplicate entry - // for example the vars listed in a case stmt have a different pointer than then ones in - // patterns. - // assert(pattern.getDecl() && "expect NamedPattern to have Decl"); - // dispatcher.emit(NamedPatternsTrap{label, pattern.getNameStr().str(), - // dispatcher.fetchLabel(pattern.getDecl())}); entry.name = pattern.getNameStr().str(); return entry; } From 1f60fd6d58c0adf3651d7286aca822b4f2cb6e02 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 10 May 2023 10:01:04 +0200 Subject: [PATCH 213/870] use specialized getAParameter predicate, instead of getParameter(_) --- java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll index d11d925c130..ab8c8b27486 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll @@ -235,7 +235,7 @@ private class NotAModelApiParameter extends CharacteristicsImpl::UninterestingTo NotAModelApiParameter() { this = "not a model API parameter" } override predicate appliesToEndpoint(Endpoint e) { - not exists(ModelExclusions::ModelApi api | api.getParameter(_) = e.asParameter()) + not exists(ModelExclusions::ModelApi api | api.getAParameter() = e.asParameter()) } } From 5dab1b2a3bcdd65938e17450e20c20a29a9d6674 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 10 May 2023 10:01:39 +0200 Subject: [PATCH 214/870] leftover renaming label->kind --- java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll index 58fc2285027..b372699eb1a 100644 --- a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll @@ -268,7 +268,7 @@ module SharedCharacteristics { string madLabel; Candidate::EndpointType endpointType; - KnownSinkCharacteristic() { Candidate::isKnownLabel(madLabel, this, endpointType) } + KnownSinkCharacteristic() { Candidate::isKnownKind(madLabel, this, endpointType) } override predicate appliesToEndpoint(Candidate::Endpoint e) { Candidate::isSink(e, madLabel) } From 9839eb1fd22c25dc5ce14d724decbdcfcf61df6a Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Wed, 10 May 2023 10:15:55 +0200 Subject: [PATCH 215/870] Update java/ql/lib/change-notes/2023-05-02-apache-commons-net-models.md Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com> --- .../ql/lib/change-notes/2023-05-02-apache-commons-net-models.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/lib/change-notes/2023-05-02-apache-commons-net-models.md b/java/ql/lib/change-notes/2023-05-02-apache-commons-net-models.md index fb918f48932..a669c74d3e8 100644 --- a/java/ql/lib/change-notes/2023-05-02-apache-commons-net-models.md +++ b/java/ql/lib/change-notes/2023-05-02-apache-commons-net-models.md @@ -1,4 +1,4 @@ --- category: minorAnalysis --- -* Added models for the Apache Commons Net library, +* Added models for the Apache Commons Net library. From 6aa40050bdcd72e2eeefe539598ab7ce001d35c6 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 10 May 2023 09:24:38 +0100 Subject: [PATCH 216/870] C++: Use member predicates on parameterized module parameters now that it's available in the language. --- .../cpp/models/implementations/Allocation.qll | 192 +++++++----------- 1 file changed, 79 insertions(+), 113 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Allocation.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Allocation.qll index a1fa08daa7d..00b241bc4fa 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Allocation.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Allocation.qll @@ -206,7 +206,34 @@ private predicate deconstructSizeExpr(Expr sizeExpr, Expr lengthExpr, int sizeof } /** A `Function` that is a call target of an allocation. */ -private signature class CallAllocationExprTarget extends Function; +private signature class CallAllocationExprTarget extends Function { + /** + * Gets the index of the input pointer argument to be reallocated, if + * this is a `realloc` function. + */ + int getReallocPtrArg(); + + /** + * Gets the index of the argument for the allocation size, if any. The actual + * allocation size is the value of this argument multiplied by the result of + * `getSizeMult()`, in bytes. + */ + int getSizeArg(); + + /** + * Gets the index of an argument that multiplies the allocation size given + * by `getSizeArg`, if any. + */ + int getSizeMult(); + + /** + * Holds if this allocation requires a + * corresponding deallocation of some sort (most do, but `alloca` for example + * does not). If it is unclear, we default to no (for example a placement `new` + * allocation may or may not require a corresponding `delete`). + */ + predicate requiresDealloc(); +} /** * This module abstracts over the type of allocation call-targets and provides a @@ -220,118 +247,68 @@ private signature class CallAllocationExprTarget extends Function; * function using various heuristics. */ private module CallAllocationExprBase { - /** A module that contains the collection of member-predicates required on `Target`. */ - signature module Param { - /** - * Gets the index of the input pointer argument to be reallocated, if - * this is a `realloc` function. - */ - int getReallocPtrArg(Target target); - - /** - * Gets the index of the argument for the allocation size, if any. The actual - * allocation size is the value of this argument multiplied by the result of - * `getSizeMult()`, in bytes. - */ - int getSizeArg(Target target); - - /** - * Gets the index of an argument that multiplies the allocation size given - * by `getSizeArg`, if any. - */ - int getSizeMult(Target target); - - /** - * Holds if this allocation requires a - * corresponding deallocation of some sort (most do, but `alloca` for example - * does not). If it is unclear, we default to no (for example a placement `new` - * allocation may or may not require a corresponding `delete`). - */ - predicate requiresDealloc(Target target); - } - /** - * A module that abstracts over a collection of predicates in - * the `Param` module). This should really be member-predicates - * on `CallAllocationExprTarget`, but we cannot yet write this in QL. + * An allocation expression that is a function call, such as call to `malloc`. */ - module With { - private import P + class CallAllocationExprImpl instanceof FunctionCall { + Target target; - /** - * An allocation expression that is a function call, such as call to `malloc`. - */ - class CallAllocationExprImpl instanceof FunctionCall { - Target target; - - CallAllocationExprImpl() { - target = this.getTarget() and - // realloc(ptr, 0) only frees the pointer - not ( - exists(getReallocPtrArg(target)) and - this.getArgument(getSizeArg(target)).getValue().toInt() = 0 - ) and - // these are modeled directly (and more accurately), avoid duplication - not exists(NewOrNewArrayExpr new | new.getAllocatorCall() = this) - } - - string toString() { result = super.toString() } - - Expr getSizeExprImpl() { - exists(Expr sizeExpr | sizeExpr = super.getArgument(getSizeArg(target)) | - if exists(getSizeMult(target)) - then result = sizeExpr - else - exists(Expr lengthExpr | - deconstructSizeExpr(sizeExpr, lengthExpr, _) and - result = lengthExpr - ) - ) - } - - int getSizeMultImpl() { - // malloc with multiplier argument that is a constant - result = super.getArgument(getSizeMult(target)).getValue().toInt() - or - // malloc with no multiplier argument - not exists(getSizeMult(target)) and - deconstructSizeExpr(super.getArgument(getSizeArg(target)), _, result) - } - - int getSizeBytesImpl() { - result = this.getSizeExprImpl().getValue().toInt() * this.getSizeMultImpl() - } - - Expr getReallocPtrImpl() { result = super.getArgument(getReallocPtrArg(target)) } - - Type getAllocatedElementTypeImpl() { - result = - super.getFullyConverted().getType().stripTopLevelSpecifiers().(PointerType).getBaseType() and - not result instanceof VoidType - } - - predicate requiresDeallocImpl() { requiresDealloc(target) } + CallAllocationExprImpl() { + target = this.getTarget() and + // realloc(ptr, 0) only frees the pointer + not ( + exists(target.getReallocPtrArg()) and + this.getArgument(target.getSizeArg()).getValue().toInt() = 0 + ) and + // these are modeled directly (and more accurately), avoid duplication + not exists(NewOrNewArrayExpr new | new.getAllocatorCall() = this) } + + string toString() { result = super.toString() } + + Expr getSizeExprImpl() { + exists(Expr sizeExpr | sizeExpr = super.getArgument(target.getSizeArg()) | + if exists(target.getSizeMult()) + then result = sizeExpr + else + exists(Expr lengthExpr | + deconstructSizeExpr(sizeExpr, lengthExpr, _) and + result = lengthExpr + ) + ) + } + + int getSizeMultImpl() { + // malloc with multiplier argument that is a constant + result = super.getArgument(target.getSizeMult()).getValue().toInt() + or + // malloc with no multiplier argument + not exists(target.getSizeMult()) and + deconstructSizeExpr(super.getArgument(target.getSizeArg()), _, result) + } + + int getSizeBytesImpl() { + result = this.getSizeExprImpl().getValue().toInt() * this.getSizeMultImpl() + } + + Expr getReallocPtrImpl() { result = super.getArgument(target.getReallocPtrArg()) } + + Type getAllocatedElementTypeImpl() { + result = + super.getFullyConverted().getType().stripTopLevelSpecifiers().(PointerType).getBaseType() and + not result instanceof VoidType + } + + predicate requiresDeallocImpl() { target.requiresDealloc() } } } private module CallAllocationExpr { - private module Param implements CallAllocationExprBase::Param { - int getReallocPtrArg(AllocationFunction f) { result = f.getReallocPtrArg() } - - int getSizeArg(AllocationFunction f) { result = f.getSizeArg() } - - int getSizeMult(AllocationFunction f) { result = f.getSizeMult() } - - predicate requiresDealloc(AllocationFunction f) { f.requiresDealloc() } - } - /** * A class that provides the implementation of `AllocationExpr` for an allocation * that calls an `AllocationFunction`. */ - private class Base = - CallAllocationExprBase::With::CallAllocationExprImpl; + private class Base = CallAllocationExprBase::CallAllocationExprImpl; class CallAllocationExpr extends AllocationExpr, Base { override Expr getSizeExpr() { result = super.getSizeExprImpl() } @@ -452,22 +429,11 @@ private module HeuristicAllocation { override predicate requiresDealloc() { none() } } - private module Param implements CallAllocationExprBase::Param { - int getReallocPtrArg(HeuristicAllocationFunction f) { result = f.getReallocPtrArg() } - - int getSizeArg(HeuristicAllocationFunction f) { result = f.getSizeArg() } - - int getSizeMult(HeuristicAllocationFunction f) { result = f.getSizeMult() } - - predicate requiresDealloc(HeuristicAllocationFunction f) { f.requiresDealloc() } - } - /** * A class that provides the implementation of `AllocationExpr` for an allocation * that calls an `HeuristicAllocationFunction`. */ - private class Base = - CallAllocationExprBase::With::CallAllocationExprImpl; + private class Base = CallAllocationExprBase::CallAllocationExprImpl; private class CallAllocationExpr extends HeuristicAllocationExpr, Base { override Expr getSizeExpr() { result = super.getSizeExprImpl() } From 32b5df69c35eae1d892ec2be9a0f71cd57a65bf9 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Sat, 6 May 2023 08:11:35 +0100 Subject: [PATCH 217/870] Add comments explaining version choice logic --- .../cli/go-autobuilder/go-autobuilder.go | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/go/extractor/cli/go-autobuilder/go-autobuilder.go b/go/extractor/cli/go-autobuilder/go-autobuilder.go index e4fbcc47eab..a8afe3aef2c 100644 --- a/go/extractor/cli/go-autobuilder/go-autobuilder.go +++ b/go/extractor/cli/go-autobuilder/go-autobuilder.go @@ -731,11 +731,17 @@ func outsideSupportedRange(version string) bool { // or the empty string if we should not attempt to install a version of Go. func checkForGoModVersionNotFound(v versionInfo) (msg, version string) { if !v.goEnvVersionFound { + // We definitely need to install a version. We have no indication which version was + // intended to be used to build this project. Go versions are generally backwards + // compatible, so we install the maximum supported version. msg = "No version of Go installed and no `go.mod` file found. Writing an environment " + "file specifying the maximum supported version of Go (" + maxGoVersion + ")." version = maxGoVersion diagnostics.EmitNoGoModAndNoGoEnv(msg) } else if outsideSupportedRange(v.goEnvVersion) { + // We definitely need to install a version. We have no indication which version was + // intended to be used to build this project. Go versions are generally backwards + // compatible, so we install the maximum supported version. msg = "No `go.mod` file found. The version of Go installed in the environment (" + v.goEnvVersion + ") is outside of the supported range (" + minGoVersion + "-" + maxGoVersion + "). Writing an environment file specifying the maximum supported " + @@ -743,6 +749,9 @@ func checkForGoModVersionNotFound(v versionInfo) (msg, version string) { version = maxGoVersion diagnostics.EmitNoGoModAndGoEnvUnsupported(msg) } else { + // The version of Go that is installed is supported. We have no indication which version + // was intended to be used to build this project. We assume that the installed version is + // suitable and do not install a version of Go. msg = "No `go.mod` file found. Version " + v.goEnvVersion + " installed in the " + "environment is supported. Writing an environment file not specifying any " + "version of Go." @@ -757,17 +766,23 @@ func checkForGoModVersionNotFound(v versionInfo) (msg, version string) { // or the empty string if we should not attempt to install a version of Go. func checkForGoModVersionFound(v versionInfo) (msg, version string) { if outsideSupportedRange(v.goModVersion) { + // The project is intended to be built with a version of Go that is not supported. + // We do not install a version of Go. msg = "The version of Go found in the `go.mod` file (" + v.goModVersion + ") is outside of the supported range (" + minGoVersion + "-" + maxGoVersion + "). Writing an environment file not specifying any version of Go." version = "" diagnostics.EmitUnsupportedVersionGoMod(msg) } else if !v.goEnvVersionFound { + // There is no Go version installed. The version in the `go.mod` file is supported. + // We install the version from the `go.mod` file. msg = "No version of Go installed. Writing an environment file specifying the version " + "of Go found in the `go.mod` file (" + v.goModVersion + ")." version = v.goModVersion diagnostics.EmitNoGoEnv(msg) } else if outsideSupportedRange(v.goEnvVersion) { + // The version of Go that is installed is outside of the supported range. The version in + // the `go.mod` file is supported. We install the version from the `go.mod` file. msg = "The version of Go installed in the environment (" + v.goEnvVersion + ") is outside of the supported range (" + minGoVersion + "-" + maxGoVersion + "). " + "Writing an environment file specifying the version of Go from the `go.mod` file (" + @@ -775,6 +790,9 @@ func checkForGoModVersionFound(v versionInfo) (msg, version string) { version = v.goModVersion diagnostics.EmitVersionGoModSupportedAndGoEnvUnsupported(msg) } else if semver.Compare("v"+v.goModVersion, "v"+v.goEnvVersion) > 0 { + // The version of Go that is installed is supported. The version in the `go.mod` file is + // supported and is higher than the version that is installed. We install the version from + // the `go.mod` file. msg = "The version of Go installed in the environment (" + v.goEnvVersion + ") is lower than the version found in the `go.mod` file (" + v.goModVersion + "). Writing an environment file specifying the version of Go from the `go.mod` " + @@ -782,6 +800,9 @@ func checkForGoModVersionFound(v versionInfo) (msg, version string) { version = v.goModVersion diagnostics.EmitVersionGoModHigherVersionEnvironment(msg) } else { + // The version of Go that is installed is supported. The version in the `go.mod` file is + // supported and is lower than or equal to the version that is installed. We do not install + // a version of Go. msg = "The version of Go installed in the environment (" + v.goEnvVersion + ") is supported and is high enough for the version found in the `go.mod` file (" + v.goModVersion + "). Writing an environment file not specifying any version of Go." From 170e8955937c045bc035a7a2d7da3349ef633bb3 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 10 May 2023 10:26:02 +0200 Subject: [PATCH 218/870] use newtype for related location type --- .../Telemetry/AutomodelExtractCandidates.ql | 5 ++--- .../AutomodelExtractNegativeExamples.ql | 5 ++--- .../AutomodelExtractPositiveExamples.ql | 5 ++--- .../AutomodelFrameworkModeCharacteristics.qll | 12 +++++++++--- .../AutomodelSharedCharacteristics.qll | 18 +++++++++++++----- 5 files changed, 28 insertions(+), 17 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelExtractCandidates.ql b/java/ql/src/Telemetry/AutomodelExtractCandidates.ql index 9884e356c6a..09ff1297626 100644 --- a/java/ql/src/Telemetry/AutomodelExtractCandidates.ql +++ b/java/ql/src/Telemetry/AutomodelExtractCandidates.ql @@ -39,8 +39,7 @@ where ) select endpoint, message + "\nrelated locations: $@, $@." + "\nmetadata: $@, $@, $@, $@, $@, $@.", // - CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, "Callable-JavaDoc"), - "Callable-JavaDoc", CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, "Class-JavaDoc"), - "Class-JavaDoc", // + CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, MethodDoc()), "MethodDoc", // + CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, ClassDoc()), "ClassDoc", // package, "package", type, "type", subtypes.toString(), "subtypes", name, "name", signature, "signature", input.toString(), "input" // diff --git a/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql b/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql index 86dac852487..cff38a4fe40 100644 --- a/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql +++ b/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql @@ -36,8 +36,7 @@ where message = characteristic select endpoint, message + "\nrelated locations: $@, $@." + "\nmetadata: $@, $@, $@, $@, $@, $@.", // - CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, "Callable-JavaDoc"), - "Callable-JavaDoc", CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, "Class-JavaDoc"), - "Class-JavaDoc", // + CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, MethodDoc()), "MethodDoc", // + CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, ClassDoc()), "ClassDoc", // package, "package", type, "type", subtypes.toString(), "subtypes", name, "name", signature, "signature", input.toString(), "input" // diff --git a/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql b/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql index af84d3a2db4..e1a15a96e7d 100644 --- a/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql +++ b/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql @@ -23,8 +23,7 @@ where CharacteristicsImpl::isKnownSink(endpoint, sinkType) select endpoint, sinkType + "\nrelated locations: $@, $@." + "\nmetadata: $@, $@, $@, $@, $@, $@.", // - CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, "Callable-JavaDoc"), - "Callable-JavaDoc", CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, "Class-JavaDoc"), - "Class-JavaDoc", // + CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, MethodDoc()), "MethodDoc", // + CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, ClassDoc()), "ClassDoc", // package, "package", type, "type", subtypes.toString(), "subtypes", name, "name", signature, "signature", input.toString(), "input" // diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll index ab8c8b27486..1cafc3240c5 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll @@ -31,6 +31,10 @@ abstract class MetadataExtractor extends string { ); } +newtype JavaRelatedLocationType = + MethodDoc() or + ClassDoc() + // for documentation of the implementations here, see the QLDoc in the CandidateSig signature module. module FrameworkCandidatesImpl implements SharedCharacteristics::CandidateSig { class Endpoint = DataFlow::ParameterNode; @@ -41,6 +45,8 @@ module FrameworkCandidatesImpl implements SharedCharacteristics::CandidateSig { class RelatedLocation = Location::Top; + class RelatedLocationType = JavaRelatedLocationType; + // Sanitizers are currently not modeled in MaD. TODO: check if this has large negative impact. predicate isSanitizer(Endpoint e, EndpointType t) { none() } @@ -107,11 +113,11 @@ module FrameworkCandidatesImpl implements SharedCharacteristics::CandidateSig { * * Related locations can be JavaDoc comments of the class or the method. */ - RelatedLocation getRelatedLocation(Endpoint e, string name) { - name = "Callable-JavaDoc" and + RelatedLocation getRelatedLocation(Endpoint e, RelatedLocationType type) { + type = MethodDoc() and result = FrameworkCandidatesImpl::getCallable(e).(Documentable).getJavadoc() or - name = "Class-JavaDoc" and + type = ClassDoc() and result = FrameworkCandidatesImpl::getCallable(e).getDeclaringType().(Documentable).getJavadoc() } diff --git a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll index b372699eb1a..08486b214d5 100644 --- a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll @@ -23,6 +23,13 @@ signature module CandidateSig { */ class RelatedLocation; + /** + * A label for a related location. + * + * Eg., method-doc, class-doc, etc. + */ + class RelatedLocationType; + /** * A class kind for an endpoint. */ @@ -68,7 +75,7 @@ signature module CandidateSig { * * For example, a related location for a method call may be the documentation comment of a method. */ - RelatedLocation getRelatedLocation(Endpoint e, string name); + RelatedLocation getRelatedLocation(Endpoint e, RelatedLocationType name); } /** @@ -111,10 +118,11 @@ module SharedCharacteristics { * Gets the related location of `e` with name `name`, if it exists. * Otherwise, gets the candidate itself. */ - bindingset[name] - Candidate::RelatedLocation getRelatedLocationOrCandidate(Candidate::Endpoint e, string name) { - if exists(Candidate::getRelatedLocation(e, name)) - then result = Candidate::getRelatedLocation(e, name) + Candidate::RelatedLocation getRelatedLocationOrCandidate( + Candidate::Endpoint e, Candidate::RelatedLocationType type + ) { + if exists(Candidate::getRelatedLocation(e, type)) + then result = Candidate::getRelatedLocation(e, type) else result = Candidate::asLocation(e) } From f43edb80464decf4d01ddaca10f62bbf113372b1 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 10 May 2023 10:30:58 +0200 Subject: [PATCH 219/870] rename query files to make framework mode explicit --- ...ctCandidates.ql => AutomodelFrameworkModeExtractCandidates.ql} | 0 ...amples.ql => AutomodelFrameworkModeExtractNegativeExamples.ql} | 0 ...amples.ql => AutomodelFrameworkModeExtractPositiveExamples.ql} | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename java/ql/src/Telemetry/{AutomodelExtractCandidates.ql => AutomodelFrameworkModeExtractCandidates.ql} (100%) rename java/ql/src/Telemetry/{AutomodelExtractNegativeExamples.ql => AutomodelFrameworkModeExtractNegativeExamples.ql} (100%) rename java/ql/src/Telemetry/{AutomodelExtractPositiveExamples.ql => AutomodelFrameworkModeExtractPositiveExamples.ql} (100%) diff --git a/java/ql/src/Telemetry/AutomodelExtractCandidates.ql b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql similarity index 100% rename from java/ql/src/Telemetry/AutomodelExtractCandidates.ql rename to java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql diff --git a/java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractNegativeExamples.ql similarity index 100% rename from java/ql/src/Telemetry/AutomodelExtractNegativeExamples.ql rename to java/ql/src/Telemetry/AutomodelFrameworkModeExtractNegativeExamples.ql diff --git a/java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractPositiveExamples.ql similarity index 100% rename from java/ql/src/Telemetry/AutomodelExtractPositiveExamples.ql rename to java/ql/src/Telemetry/AutomodelFrameworkModeExtractPositiveExamples.ql From 3f8a56722fcb5f031c8541146b1fb8a5ab013734 Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Wed, 10 May 2023 10:35:34 +0200 Subject: [PATCH 220/870] Remove auto-generated models --- .../org.apache.commons.net.model.yml | 1375 ----------------- 1 file changed, 1375 deletions(-) delete mode 100644 java/ql/lib/ext/generated/org.apache.commons.net.model.yml diff --git a/java/ql/lib/ext/generated/org.apache.commons.net.model.yml b/java/ql/lib/ext/generated/org.apache.commons.net.model.yml deleted file mode 100644 index f4807f0967b..00000000000 --- a/java/ql/lib/ext/generated/org.apache.commons.net.model.yml +++ /dev/null @@ -1,1375 +0,0 @@ -# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT. -# Definitions of models for the org.apache.commons.net framework. -extensions: - - addsTo: - pack: codeql/java-all - extensible: summaryModel - data: - - ["org.apache.commons.net.bsd", "RCommandClient", true, "rcommand", "(String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.bsd", "RCommandClient", true, "rcommand", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.bsd", "RCommandClient", true, "rcommand", "(String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.bsd", "RCommandClient", true, "rcommand", "(String,String,String,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.bsd", "RCommandClient", true, "rcommand", "(String,String,String,boolean)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.bsd", "RCommandClient", true, "rcommand", "(String,String,String,boolean)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.bsd", "RExecClient", true, "getErrorStream", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.bsd", "RExecClient", true, "getInputStream", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.bsd", "RExecClient", true, "getOutputStream", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.bsd", "RExecClient", true, "rexec", "(String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.bsd", "RExecClient", true, "rexec", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.bsd", "RExecClient", true, "rexec", "(String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.bsd", "RExecClient", true, "rexec", "(String,String,String,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.bsd", "RExecClient", true, "rexec", "(String,String,String,boolean)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.bsd", "RExecClient", true, "rexec", "(String,String,String,boolean)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.bsd", "RLoginClient", true, "rlogin", "(String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.bsd", "RLoginClient", true, "rlogin", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.bsd", "RLoginClient", true, "rlogin", "(String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.bsd", "RLoginClient", true, "rlogin", "(String,String,String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.bsd", "RLoginClient", true, "rlogin", "(String,String,String,int)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.bsd", "RLoginClient", true, "rlogin", "(String,String,String,int)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.chargen", "CharGenTCPClient", false, "getInputStream", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.chargen", "CharGenUDPClient", false, "receive", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.daytime", "DaytimeTCPClient", false, "getTime", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.discard", "DiscardTCPClient", true, "getOutputStream", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.echo", "EchoTCPClient", false, "getInputStream", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.finger", "FingerClient", true, "getInputStream", "(boolean)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.finger", "FingerClient", true, "getInputStream", "(boolean,String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.finger", "FingerClient", true, "getInputStream", "(boolean,String,String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.finger", "FingerClient", true, "query", "(boolean)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.finger", "FingerClient", true, "query", "(boolean,String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "CompositeFileEntryParser", true, "CompositeFileEntryParser", "(FTPFileEntryParser[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "FTPTimestampParserImpl", true, "getDefaultDateFormat", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "FTPTimestampParserImpl", true, "getRecentDateFormat", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "FTPTimestampParserImpl", true, "getServerTimeZone", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "FTPTimestampParserImpl", true, "getShortMonths", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "FTPTimestampParserImpl", true, "parseTimestamp", "(String,Calendar)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "MLSxEntryParser", true, "parseEntry", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "ParserInitializationException", true, "ParserInitializationException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "ParserInitializationException", true, "ParserInitializationException", "(String,Throwable)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "ParserInitializationException", true, "ParserInitializationException", "(String,Throwable)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "ParserInitializationException", true, "getRootCause", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "RegexFTPFileEntryParserImpl", true, "matches", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "VMSFTPEntryParser", true, "parseFileList", "(InputStream)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "VMSFTPEntryParser", true, "parseFileList", "(InputStream)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "Configurable", true, "configure", "(FTPClientConfig)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "acct", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "appe", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "cwd", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "dele", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "eprt", "(InetAddress,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "getControlEncoding", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "getReplyString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "getReplyStrings", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "help", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "list", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "mdtm", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "mfmt", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "mfmt", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "mkd", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "mlsd", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "mlst", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "nlst", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "pass", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "port", "(InetAddress,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "rest", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "retr", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "rmd", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "rnfr", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "rnto", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "sendCommand", "(FTPCmd,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "sendCommand", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "sendCommand", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "sendCommand", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "sendCommand", "(int,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "setControlEncoding", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "site", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "size", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "smnt", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "stat", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "stor", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "stou", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", true, "user", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient$HostnameResolver", true, "resolve", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient$HostnameResolver", true, "resolve", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient$NatServerResolverImpl", true, "NatServerResolverImpl", "(FTPClient)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "appendFile", "(String,InputStream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "appendFileStream", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "changeWorkingDirectory", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "deleteFile", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "doCommand", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "doCommand", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "doCommandAsStrings", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "doCommandAsStrings", "(String,String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "doCommandAsStrings", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "doCommandAsStrings", "(String,String)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "doCommandAsStrings", "(String,String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "enterRemoteActiveMode", "(InetAddress,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "featureValue", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "featureValues", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "getControlKeepAliveReplyTimeoutDuration", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "getControlKeepAliveTimeoutDuration", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "getCopyStreamListener", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "getDataTimeout", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "getModificationTime", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "getModificationTime", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "getModificationTime", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "getPassiveHost", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "getPassiveLocalIPAddress", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "getSize", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "getSize", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "getSize", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "getStatus", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "getStatus", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "getStatus", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "getStatus", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "getSystemName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "getSystemType", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateListParsing", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateListParsing", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateListParsing", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateListParsing", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateListParsing", "(String,String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateListParsing", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateListParsing", "(String,String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "initiateMListParsing", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listDirectories", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listFiles", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listFiles", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listFiles", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listFiles", "(String,FTPFileFilter)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listHelp", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listHelp", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listHelp", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listHelp", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "listNames", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "login", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "login", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "login", "(String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "login", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "login", "(String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "makeDirectory", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "mdtmCalendar", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "mdtmFile", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "mdtmFile", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "mdtmFile", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "mdtmInstant", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistDir", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistDir", "(String,FTPFileFilter)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistFile", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistFile", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "mlistFile", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "printWorkingDirectory", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "remoteAppend", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "remoteRetrieve", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "remoteStore", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "remoteStoreUnique", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "removeDirectory", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "rename", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "rename", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "retrieveFile", "(String,OutputStream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "retrieveFileStream", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "sendSiteCommand", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "setActiveExternalIPAddress", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "setControlKeepAliveReplyTimeout", "(Duration)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "setControlKeepAliveTimeout", "(Duration)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "setCopyStreamListener", "(CopyStreamListener)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "setDataTimeout", "(Duration)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "setModificationTime", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "setModificationTime", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "setParserFactory", "(FTPFileEntryParserFactory)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "setPassiveLocalIPAddress", "(InetAddress)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "setPassiveLocalIPAddress", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "setPassiveNatWorkaroundStrategy", "(HostnameResolver)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "setReportActiveExternalIPAddress", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "storeFile", "(String,InputStream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "storeFileStream", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "storeUniqueFile", "(String,InputStream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "storeUniqueFileStream", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", true, "structureMount", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(FTPClientConfig)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String)", "", "Argument[4]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String)", "", "Argument[5]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String,boolean,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String,boolean,boolean)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String,boolean,boolean)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String,boolean,boolean)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String,boolean,boolean)", "", "Argument[4]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "FTPClientConfig", "(String,String,String,String,String,String,boolean,boolean)", "", "Argument[5]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "getDefaultDateFormatStr", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "getRecentDateFormatStr", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "getServerLanguageCode", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "getServerSystemKey", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "getServerTimeZoneId", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "getShortMonthNames", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "setDefaultDateFormatStr", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "setRecentDateFormatStr", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "setServerLanguageCode", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "setServerTimeZoneId", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", true, "setShortMonthNames", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPConnectionClosedException", true, "FTPConnectionClosedException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", true, "getGroup", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", true, "getLink", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", true, "getName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", true, "getRawListing", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", true, "getTimestamp", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", true, "getUser", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", true, "setGroup", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", true, "setLink", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", true, "setName", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", true, "setRawListing", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", true, "setTimestamp", "(Calendar)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", true, "setUser", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", true, "toFormattedString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", true, "toFormattedString", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", true, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFileEntryParser", true, "parseFTPEntry", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFileEntryParser", true, "parseFTPEntry", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFileEntryParser", true, "preParse", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFileEntryParser", true, "readNextEntry", "(BufferedReader)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPHTTPClient", true, "FTPHTTPClient", "(String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPHTTPClient", true, "FTPHTTPClient", "(String,int,Charset)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPHTTPClient", true, "FTPHTTPClient", "(String,int,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPHTTPClient", true, "FTPHTTPClient", "(String,int,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPHTTPClient", true, "FTPHTTPClient", "(String,int,String,String)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPHTTPClient", true, "FTPHTTPClient", "(String,int,String,String,Charset)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPHTTPClient", true, "FTPHTTPClient", "(String,int,String,String,Charset)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPHTTPClient", true, "FTPHTTPClient", "(String,int,String,String,Charset)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPListParseEngine", true, "FTPListParseEngine", "(FTPFileEntryParser)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPListParseEngine", true, "getFileList", "(FTPFileFilter)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPListParseEngine", true, "getFiles", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPListParseEngine", true, "getFiles", "(FTPFileFilter)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPListParseEngine", true, "getNext", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPListParseEngine", true, "getPrevious", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPListParseEngine", true, "readServerList", "(InputStream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPListParseEngine", true, "readServerList", "(InputStream,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", true, "FTPSClient", "(SSLContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", true, "FTPSClient", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", true, "FTPSClient", "(String,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", true, "FTPSClient", "(boolean,SSLContext)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", true, "execADAT", "(byte[])", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", true, "execAUTH", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", true, "execCONF", "(byte[])", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", true, "execENC", "(byte[])", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", true, "execMIC", "(byte[])", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", true, "execPROT", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", true, "getAuthValue", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", true, "getEnabledCipherSuites", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", true, "getEnabledProtocols", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", true, "getHostnameVerifier", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", true, "getTrustManager", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", true, "parseADATReply", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", true, "setAuthValue", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", true, "setEnabledCipherSuites", "(String[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", true, "setEnabledProtocols", "(String[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", true, "setHostnameVerifier", "(HostnameVerifier)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", true, "setKeyManager", "(KeyManager)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", true, "setTrustManager", "(TrustManager)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSServerSocketFactory", true, "FTPSServerSocketFactory", "(SSLContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSServerSocketFactory", true, "init", "(ServerSocket)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSSocketFactory", true, "FTPSSocketFactory", "(SSLContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSSocketFactory", true, "init", "(ServerSocket)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient", true, "AuthenticatingIMAPClient", "(SSLContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient", true, "AuthenticatingIMAPClient", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient", true, "AuthenticatingIMAPClient", "(String,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient", true, "AuthenticatingIMAPClient", "(String,boolean,SSLContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient", true, "AuthenticatingIMAPClient", "(String,boolean,SSLContext)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient", true, "AuthenticatingIMAPClient", "(boolean,SSLContext)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient", true, "auth", "(AUTH_METHOD,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient", true, "auth", "(AUTH_METHOD,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient", true, "authenticate", "(AUTH_METHOD,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient", true, "authenticate", "(AUTH_METHOD,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAP$IMAPChunkListener", true, "chunkReceived", "(IMAP)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAP", true, "doCommand", "(IMAPCommand,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAP", true, "getReplyString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAP", true, "getReplyStrings", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAP", true, "sendCommand", "(IMAPCommand,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAP", true, "sendCommand", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAP", true, "sendCommand", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAP", true, "sendCommand", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAP", true, "sendData", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAP", true, "setChunkListener", "(IMAPChunkListener)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "append", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "append", "(String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "append", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "append", "(String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "append", "(String,String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "append", "(String,String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "append", "(String,String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "append", "(String,String,String,String)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "copy", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "copy", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "create", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "delete", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "examine", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "fetch", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "fetch", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "list", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "list", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "login", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "login", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "lsub", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "lsub", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "rename", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "rename", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "search", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "search", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "search", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "select", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "status", "(String,String[])", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "status", "(String,String[])", "", "Argument[1].ArrayElement", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "store", "(String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "store", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "store", "(String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "subscribe", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "uid", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "uid", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", true, "unsubscribe", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPSClient", true, "IMAPSClient", "(SSLContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPSClient", true, "IMAPSClient", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPSClient", true, "IMAPSClient", "(String,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPSClient", true, "IMAPSClient", "(String,boolean,SSLContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPSClient", true, "IMAPSClient", "(String,boolean,SSLContext)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPSClient", true, "IMAPSClient", "(boolean,SSLContext)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPSClient", true, "getEnabledCipherSuites", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPSClient", true, "getEnabledProtocols", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPSClient", true, "getHostnameVerifier", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPSClient", true, "getTrustManager", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPSClient", true, "setEnabledCipherSuites", "(String[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPSClient", true, "setEnabledProtocols", "(String[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPSClient", true, "setHostnameVerifier", "(HostnameVerifier)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPSClient", true, "setKeyManager", "(KeyManager)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPSClient", true, "setTrustManager", "(TrustManager)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.io", "CRLFLineReader", false, "CRLFLineReader", "(Reader)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.io", "CopyStreamEvent", true, "CopyStreamEvent", "(Object,long,int,long)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.io", "CopyStreamEvent", true, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.io", "CopyStreamException", true, "CopyStreamException", "(String,long,IOException)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.io", "CopyStreamException", true, "getIOException", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.io", "DotTerminatedMessageReader", false, "DotTerminatedMessageReader", "(Reader)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.io", "DotTerminatedMessageWriter", false, "DotTerminatedMessageWriter", "(Writer)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.io", "FromNetASCIIOutputStream", false, "FromNetASCIIOutputStream", "(OutputStream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.io", "SocketInputStream", true, "SocketInputStream", "(Socket,InputStream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.io", "SocketOutputStream", true, "SocketOutputStream", "(Socket,OutputStream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.io", "SocketOutputStream", true, "SocketOutputStream", "(Socket,OutputStream)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.io", "ToNetASCIIOutputStream", false, "ToNetASCIIOutputStream", "(OutputStream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.io", "Util", false, "copyReader", "(Reader,Writer)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.io", "Util", false, "copyReader", "(Reader,Writer,int)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.io", "Util", false, "copyReader", "(Reader,Writer,int,long,CopyStreamListener)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.io", "Util", false, "copyStream", "(InputStream,OutputStream)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.io", "Util", false, "copyStream", "(InputStream,OutputStream,int)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.io", "Util", false, "copyStream", "(InputStream,OutputStream,int,long,CopyStreamListener)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.io", "Util", false, "copyStream", "(InputStream,OutputStream,int,long,CopyStreamListener,boolean)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "Article", true, "addReference", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "Article", true, "getArticleId", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "Article", true, "getDate", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "Article", true, "getFrom", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "Article", true, "getReferences", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "Article", true, "getSubject", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "Article", true, "setArticleId", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "Article", true, "setDate", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "Article", true, "setFrom", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "Article", true, "setSubject", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "Article", true, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "article", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "authinfoPass", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "authinfoUser", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "body", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "getReplyString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "group", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "head", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "ihave", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "listActive", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "newgroups", "(String,String,boolean,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "newgroups", "(String,String,boolean,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "newgroups", "(String,String,boolean,String)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "newnews", "(String,String,String,boolean,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "newnews", "(String,String,String,boolean,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "newnews", "(String,String,String,boolean,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "newnews", "(String,String,String,boolean,String)", "", "Argument[4]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "sendCommand", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "sendCommand", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "sendCommand", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "sendCommand", "(int,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "stat", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "xhdr", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "xhdr", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", true, "xover", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "authenticate", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "authenticate", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "forwardArticle", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "forwardArticle", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "forwardArticle", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewNews", "(NewGroupsOrNewsQuery)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewNews", "(NewGroupsOrNewsQuery)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewNews", "(NewGroupsOrNewsQuery)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewNewsgroupListing", "(NewGroupsOrNewsQuery)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewNewsgroupListing", "(NewGroupsOrNewsQuery)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewNewsgroupListing", "(NewGroupsOrNewsQuery)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewNewsgroups", "(NewGroupsOrNewsQuery)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewsgroupListing", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewsgroupListing", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewsgroupListing", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewsgroupListing", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "iterateNewsgroups", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "listHelp", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "listNewNews", "(NewGroupsOrNewsQuery)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "listNewNews", "(NewGroupsOrNewsQuery)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "listNewNews", "(NewGroupsOrNewsQuery)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "listNewNewsgroups", "(NewGroupsOrNewsQuery)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "listNewNewsgroups", "(NewGroupsOrNewsQuery)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "listNewsgroups", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "listNewsgroups", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "listNewsgroups", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "listOverviewFmt", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "postArticle", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String,ArticleInfo)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String,ArticleInfo)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String,ArticleInfo)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String,ArticleInfo)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String,ArticleInfo)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String,ArticlePointer)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String,ArticlePointer)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String,ArticlePointer)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String,ArticlePointer)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(String,ArticlePointer)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(int,ArticlePointer)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(int,ArticlePointer)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(long,ArticleInfo)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticle", "(long,ArticleInfo)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String,ArticleInfo)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String,ArticleInfo)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String,ArticleInfo)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String,ArticleInfo)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String,ArticleInfo)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String,ArticlePointer)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String,ArticlePointer)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String,ArticlePointer)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String,ArticlePointer)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(String,ArticlePointer)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(int,ArticlePointer)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(int,ArticlePointer)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(long,ArticleInfo)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleBody", "(long,ArticleInfo)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String,ArticleInfo)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String,ArticleInfo)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String,ArticleInfo)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String,ArticleInfo)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String,ArticleInfo)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String,ArticlePointer)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String,ArticlePointer)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String,ArticlePointer)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String,ArticlePointer)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(String,ArticlePointer)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(int,ArticlePointer)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(int,ArticlePointer)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(long,ArticleInfo)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleHeader", "(long,ArticleInfo)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleInfo", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleInfo", "(int,int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleInfo", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveArticleInfo", "(long,long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,int)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,int,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,int,int)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,int,int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,long)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,long)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,long,long)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,long,long)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "retrieveHeader", "(String,long,long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectArticle", "(ArticleInfo)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectArticle", "(ArticlePointer)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectArticle", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectArticle", "(String,ArticleInfo)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectArticle", "(String,ArticleInfo)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectArticle", "(String,ArticleInfo)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectArticle", "(String,ArticlePointer)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectArticle", "(String,ArticlePointer)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectArticle", "(String,ArticlePointer)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectArticle", "(int,ArticlePointer)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectArticle", "(long,ArticleInfo)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectNewsgroup", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectNewsgroup", "(String,NewsgroupInfo)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectNewsgroup", "(String,NewsgroupInfo)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectNewsgroup", "(String,NewsgroupInfo)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectNextArticle", "(ArticleInfo)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectNextArticle", "(ArticlePointer)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectPreviousArticle", "(ArticleInfo)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", true, "selectPreviousArticle", "(ArticlePointer)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPConnectionClosedException", false, "NNTPConnectionClosedException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NewGroupsOrNewsQuery", false, "addDistribution", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NewGroupsOrNewsQuery", false, "addNewsgroup", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NewGroupsOrNewsQuery", false, "getDate", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NewGroupsOrNewsQuery", false, "getDistributions", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NewGroupsOrNewsQuery", false, "getNewsgroups", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NewGroupsOrNewsQuery", false, "getTime", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NewGroupsOrNewsQuery", false, "omitNewsgroup", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "NewsgroupInfo", false, "getNewsgroup", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "SimpleNNTPHeader", true, "SimpleNNTPHeader", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "SimpleNNTPHeader", true, "SimpleNNTPHeader", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "SimpleNNTPHeader", true, "addHeaderField", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "SimpleNNTPHeader", true, "addHeaderField", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "SimpleNNTPHeader", true, "addNewsgroup", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "SimpleNNTPHeader", true, "getFromAddress", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "SimpleNNTPHeader", true, "getNewsgroups", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "SimpleNNTPHeader", true, "getSubject", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "SimpleNNTPHeader", true, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "Threadable", true, "messageThreadId", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "Threadable", true, "messageThreadReferences", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "Threadable", true, "setChild", "(Threadable)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "Threadable", true, "setNext", "(Threadable)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "Threadable", true, "simplifiedSubject", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "Threader", true, "thread", "(Iterable)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "Threader", true, "thread", "(List)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.nntp", "Threader", true, "thread", "(Threadable[])", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", true, "getDatagramPacket", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", true, "setDatagramPacket", "(DatagramPacket)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeInfo", true, "TimeInfo", "(NtpV3Packet,long)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeInfo", true, "TimeInfo", "(NtpV3Packet,long,List)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeInfo", true, "TimeInfo", "(NtpV3Packet,long,List)", "", "Argument[2].Element", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeInfo", true, "TimeInfo", "(NtpV3Packet,long,List,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeInfo", true, "TimeInfo", "(NtpV3Packet,long,List,boolean)", "", "Argument[2].Element", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeInfo", true, "TimeInfo", "(NtpV3Packet,long,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeInfo", true, "addComment", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeInfo", true, "getAddress", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeInfo", true, "getComments", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeInfo", true, "getMessage", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "ExtendedPOP3Client", true, "auth", "(AUTH_METHOD,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "ExtendedPOP3Client", true, "auth", "(AUTH_METHOD,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3", true, "getReplyString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3", true, "getReplyStrings", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3", true, "sendCommand", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3", true, "sendCommand", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3", true, "sendCommand", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3", true, "sendCommand", "(int,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3Client", true, "listUniqueIdentifier", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3Client", true, "login", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3Client", true, "login", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3Client", true, "login", "(String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3Client", true, "retrieveMessage", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3Client", true, "retrieveMessageTop", "(int,int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3MessageInfo", false, "POP3MessageInfo", "(int,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3MessageInfo", false, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3SClient", true, "POP3SClient", "(SSLContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3SClient", true, "POP3SClient", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3SClient", true, "POP3SClient", "(String,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3SClient", true, "POP3SClient", "(String,boolean,SSLContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3SClient", true, "POP3SClient", "(String,boolean,SSLContext)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3SClient", true, "POP3SClient", "(boolean,SSLContext)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3SClient", true, "getEnabledCipherSuites", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3SClient", true, "getEnabledProtocols", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3SClient", true, "getHostnameVerifier", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3SClient", true, "getTrustManager", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3SClient", true, "setEnabledCipherSuites", "(String[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3SClient", true, "setEnabledProtocols", "(String[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3SClient", true, "setHostnameVerifier", "(HostnameVerifier)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3SClient", true, "setKeyManager", "(KeyManager)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3SClient", true, "setTrustManager", "(TrustManager)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", true, "AuthenticatingSMTPClient", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", true, "AuthenticatingSMTPClient", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", true, "AuthenticatingSMTPClient", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", true, "AuthenticatingSMTPClient", "(String,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", true, "AuthenticatingSMTPClient", "(String,boolean,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", true, "AuthenticatingSMTPClient", "(String,boolean,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", true, "AuthenticatingSMTPClient", "(boolean,SSLContext)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", true, "auth", "(AUTH_METHOD,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", true, "auth", "(AUTH_METHOD,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", true, "ehlo", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", true, "elogin", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "RelayPath", false, "RelayPath", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "RelayPath", false, "addRelay", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "RelayPath", false, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", true, "SMTP", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", true, "expn", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", true, "getReplyString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", true, "getReplyStrings", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", true, "helo", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", true, "help", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", true, "mail", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", true, "rcpt", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", true, "saml", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", true, "send", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", true, "sendCommand", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", true, "sendCommand", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", true, "sendCommand", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", true, "sendCommand", "(int,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", true, "soml", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", true, "vrfy", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPClient", true, "SMTPClient", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPClient", true, "addRecipient", "(RelayPath)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPClient", true, "addRecipient", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPClient", true, "listHelp", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPClient", true, "listHelp", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPClient", true, "listHelp", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPClient", true, "listHelp", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPClient", true, "login", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPClient", true, "sendMessageData", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPClient", true, "sendSimpleMessage", "(String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPClient", true, "sendSimpleMessage", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPClient", true, "sendSimpleMessage", "(String,String[],String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPClient", true, "sendSimpleMessage", "(String,String[],String)", "", "Argument[1].ArrayElement", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPClient", true, "setSender", "(RelayPath)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPClient", true, "setSender", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPClient", true, "verify", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPConnectionClosedException", false, "SMTPConnectionClosedException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPSClient", true, "SMTPSClient", "(SSLContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPSClient", true, "SMTPSClient", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPSClient", true, "SMTPSClient", "(String,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPSClient", true, "SMTPSClient", "(String,boolean,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPSClient", true, "SMTPSClient", "(String,boolean,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPSClient", true, "SMTPSClient", "(boolean,SSLContext)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPSClient", true, "getEnabledCipherSuites", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPSClient", true, "getEnabledProtocols", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPSClient", true, "getHostnameVerifier", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPSClient", true, "getKeyManager", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPSClient", true, "getTrustManager", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPSClient", true, "setEnabledCipherSuites", "(String[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPSClient", true, "setEnabledProtocols", "(String[])", "", "Argument[0].ArrayElement", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPSClient", true, "setHostnameVerifier", "(HostnameVerifier)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPSClient", true, "setKeyManager", "(KeyManager)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPSClient", true, "setTrustManager", "(TrustManager)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SimpleSMTPHeader", true, "SimpleSMTPHeader", "(String,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SimpleSMTPHeader", true, "SimpleSMTPHeader", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SimpleSMTPHeader", true, "SimpleSMTPHeader", "(String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SimpleSMTPHeader", true, "addCC", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SimpleSMTPHeader", true, "addHeaderField", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SimpleSMTPHeader", true, "addHeaderField", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.smtp", "SimpleSMTPHeader", true, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.telnet", "InvalidTelnetOptionException", true, "InvalidTelnetOptionException", "(String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.telnet", "Telnet", true, "addOptionHandler", "(TelnetOptionHandler)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.telnet", "Telnet", true, "registerNotifHandler", "(TelnetNotificationHandler)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetClient", true, "TelnetClient", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetClient", true, "TelnetClient", "(String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetClient", true, "getInputStream", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetClient", true, "getOutputStream", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetClient", true, "registerInputListener", "(TelnetInputListener)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetClient", true, "registerSpyStream", "(OutputStream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.telnet", "TerminalTypeOptionHandler", true, "TerminalTypeOptionHandler", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.telnet", "TerminalTypeOptionHandler", true, "TerminalTypeOptionHandler", "(String,boolean,boolean,boolean,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTP", true, "bufferedReceive", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTP", true, "bufferedSend", "(TFTPPacket)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPAckPacket", false, "TFTPAckPacket", "(InetAddress,int,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPAckPacket", false, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,InetAddress)", "", "Argument[0]", "Argument[2]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,InetAddress)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,InetAddress)", "", "Argument[3]", "Argument[2]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,InetAddress)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,InetAddress)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,InetAddress,int)", "", "Argument[0]", "Argument[2]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,InetAddress,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,InetAddress,int)", "", "Argument[3]", "Argument[2]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,InetAddress,int)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,InetAddress,int)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,String)", "", "Argument[0]", "Argument[2]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,String)", "", "Argument[3]", "Argument[2]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,String)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,String)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,String,int)", "", "Argument[0]", "Argument[2]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,String,int)", "", "Argument[3]", "Argument[2]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,String,int)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "receiveFile", "(String,int,OutputStream,String,int)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,InetAddress)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,InetAddress)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,InetAddress)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,InetAddress,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,InetAddress,int)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,InetAddress,int)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,String)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,String,int)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", true, "sendFile", "(String,int,InputStream,String,int)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPDataPacket", false, "TFTPDataPacket", "(InetAddress,int,int,byte[])", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPDataPacket", false, "TFTPDataPacket", "(InetAddress,int,int,byte[])", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPDataPacket", false, "TFTPDataPacket", "(InetAddress,int,int,byte[],int,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPDataPacket", false, "TFTPDataPacket", "(InetAddress,int,int,byte[],int,int)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPDataPacket", false, "getData", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPDataPacket", false, "setData", "(byte[],int,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPDataPacket", false, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPErrorPacket", false, "TFTPErrorPacket", "(InetAddress,int,int,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPErrorPacket", false, "TFTPErrorPacket", "(InetAddress,int,int,String)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPErrorPacket", false, "getMessage", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPErrorPacket", false, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPPacket", true, "getAddress", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPPacket", true, "newTFTPPacket", "(DatagramPacket)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPPacket", true, "setAddress", "(InetAddress)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPPacket", true, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPPacketException", true, "TFTPPacketException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPReadRequestPacket", false, "TFTPReadRequestPacket", "(InetAddress,int,String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPReadRequestPacket", false, "TFTPReadRequestPacket", "(InetAddress,int,String,int)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPReadRequestPacket", false, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPRequestPacket", true, "getFilename", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPWriteRequestPacket", false, "TFTPWriteRequestPacket", "(InetAddress,int,String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPWriteRequestPacket", false, "TFTPWriteRequestPacket", "(InetAddress,int,String,int)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPWriteRequestPacket", false, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "Base64", true, "Base64", "(int,byte[])", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.util", "Base64", true, "Base64", "(int,byte[],boolean)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.util", "Base64", true, "decode", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "Base64", true, "decode", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "Base64", true, "decode", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "Base64", true, "decode", "(byte[])", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "Base64", true, "decodeBase64", "(String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "Base64", true, "decodeBase64", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "Base64", true, "encode", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "Base64", true, "encode", "(byte[])", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "Base64", true, "encodeBase64", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "Base64", true, "encodeBase64", "(byte[],boolean)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "Base64", true, "encodeBase64", "(byte[],boolean,boolean)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "Base64", true, "encodeBase64", "(byte[],boolean,boolean,int)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "Base64", true, "encodeBase64Chunked", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "Base64", true, "encodeBase64String", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "Base64", true, "encodeBase64String", "(byte[],boolean)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "Base64", true, "encodeBase64StringUnChunked", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "Base64", true, "encodeBase64URLSafe", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "Base64", true, "encodeBase64URLSafeString", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "Base64", true, "encodeToString", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "Base64", true, "encodeToString", "(byte[])", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(File,String,String)", "", "Argument[2]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(KeyStore,String,String)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(String,File,String,String,String)", "", "Argument[3]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.util", "ListenerList", true, "addListener", "(EventListener)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net.whois", "WhoisClient", false, "getInputStream", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net.whois", "WhoisClient", false, "query", "(String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net", "DatagramSocketClient", true, "getLocalAddress", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net", "DatagramSocketClient", true, "setDatagramSocketFactory", "(DatagramSocketFactory)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net", "DefaultSocketFactory", true, "DefaultSocketFactory", "(Proxy)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net", "MalformedServerReplyException", true, "MalformedServerReplyException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net", "PrintCommandListener", true, "PrintCommandListener", "(PrintWriter)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net", "PrintCommandListener", true, "PrintCommandListener", "(PrintWriter,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net", "PrintCommandListener", true, "PrintCommandListener", "(PrintWriter,boolean,char)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net", "PrintCommandListener", true, "PrintCommandListener", "(PrintWriter,boolean,char,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net", "ProtocolCommandEvent", true, "ProtocolCommandEvent", "(Object,String,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net", "ProtocolCommandEvent", true, "ProtocolCommandEvent", "(Object,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net", "ProtocolCommandEvent", true, "ProtocolCommandEvent", "(Object,String,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net", "ProtocolCommandEvent", true, "ProtocolCommandEvent", "(Object,int,String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net", "ProtocolCommandEvent", true, "ProtocolCommandEvent", "(Object,int,String)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net", "ProtocolCommandEvent", true, "getCommand", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net", "ProtocolCommandEvent", true, "getMessage", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net", "ProtocolCommandSupport", true, "ProtocolCommandSupport", "(Object)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net", "SocketClient", true, "connect", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net", "SocketClient", true, "connect", "(String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net", "SocketClient", true, "connect", "(String,int,InetAddress,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net", "SocketClient", true, "getLocalAddress", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net", "SocketClient", true, "getProxy", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net", "SocketClient", true, "getRemoteAddress", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net", "SocketClient", true, "getServerSocketFactory", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["org.apache.commons.net", "SocketClient", true, "setProxy", "(Proxy)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net", "SocketClient", true, "setServerSocketFactory", "(ServerSocketFactory)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["org.apache.commons.net", "SocketClient", true, "setSocketFactory", "(SocketFactory)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - addsTo: - pack: codeql/java-all - extensible: neutralModel - data: - - ["org.apache.commons.net.bsd", "RCommandClient", "connect", "(InetAddress,int,InetAddress)", "df-generated"] - - ["org.apache.commons.net.bsd", "RCommandClient", "connect", "(String,int,InetAddress)", "df-generated"] - - ["org.apache.commons.net.bsd", "RExecClient", "isRemoteVerificationEnabled", "()", "df-generated"] - - ["org.apache.commons.net.bsd", "RExecClient", "setRemoteVerificationEnabled", "(boolean)", "df-generated"] - - ["org.apache.commons.net.chargen", "CharGenUDPClient", "send", "(InetAddress)", "df-generated"] - - ["org.apache.commons.net.chargen", "CharGenUDPClient", "send", "(InetAddress,int)", "df-generated"] - - ["org.apache.commons.net.daytime", "DaytimeUDPClient", "getTime", "(InetAddress)", "df-generated"] - - ["org.apache.commons.net.daytime", "DaytimeUDPClient", "getTime", "(InetAddress,int)", "df-generated"] - - ["org.apache.commons.net.discard", "DiscardUDPClient", "send", "(byte[],InetAddress)", "df-generated"] - - ["org.apache.commons.net.discard", "DiscardUDPClient", "send", "(byte[],int,InetAddress)", "df-generated"] - - ["org.apache.commons.net.discard", "DiscardUDPClient", "send", "(byte[],int,InetAddress,int)", "df-generated"] - - ["org.apache.commons.net.echo", "EchoUDPClient", "receive", "(byte[])", "df-generated"] - - ["org.apache.commons.net.echo", "EchoUDPClient", "receive", "(byte[],int)", "df-generated"] - - ["org.apache.commons.net.examples.mail", "POP3Mail", "printMessageInfo", "(BufferedReader,int)", "df-generated"] - - ["org.apache.commons.net.examples.nntp", "NNTPUtils", "getArticleInfo", "(NNTPClient,long,long)", "df-generated"] - - ["org.apache.commons.net.examples.ntp", "NTPClient", "processResponse", "(TimeInfo)", "df-generated"] - - ["org.apache.commons.net.examples.ntp", "SimpleNTPServer", "SimpleNTPServer", "(int)", "df-generated"] - - ["org.apache.commons.net.examples.ntp", "SimpleNTPServer", "connect", "()", "df-generated"] - - ["org.apache.commons.net.examples.ntp", "SimpleNTPServer", "getPort", "()", "df-generated"] - - ["org.apache.commons.net.examples.ntp", "SimpleNTPServer", "isRunning", "()", "df-generated"] - - ["org.apache.commons.net.examples.ntp", "SimpleNTPServer", "isStarted", "()", "df-generated"] - - ["org.apache.commons.net.examples.ntp", "SimpleNTPServer", "start", "()", "df-generated"] - - ["org.apache.commons.net.examples.ntp", "SimpleNTPServer", "stop", "()", "df-generated"] - - ["org.apache.commons.net.examples.ntp", "TimeClient", "timeTCP", "(String)", "df-generated"] - - ["org.apache.commons.net.examples.ntp", "TimeClient", "timeUDP", "(String)", "df-generated"] - - ["org.apache.commons.net.examples.unix", "chargen", "chargenTCP", "(String)", "df-generated"] - - ["org.apache.commons.net.examples.unix", "chargen", "chargenUDP", "(String)", "df-generated"] - - ["org.apache.commons.net.examples.unix", "daytime", "daytimeTCP", "(String)", "df-generated"] - - ["org.apache.commons.net.examples.unix", "daytime", "daytimeUDP", "(String)", "df-generated"] - - ["org.apache.commons.net.examples.unix", "echo", "echoTCP", "(String)", "df-generated"] - - ["org.apache.commons.net.examples.unix", "echo", "echoUDP", "(String)", "df-generated"] - - ["org.apache.commons.net.examples.unix", "rdate", "timeTCP", "(String)", "df-generated"] - - ["org.apache.commons.net.examples.unix", "rdate", "timeUDP", "(String)", "df-generated"] - - ["org.apache.commons.net.examples.util", "IOUtil", "readWrite", "(InputStream,OutputStream,InputStream,OutputStream)", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "ConfigurableFTPFileEntryParserImpl", "ConfigurableFTPFileEntryParserImpl", "(String)", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "ConfigurableFTPFileEntryParserImpl", "ConfigurableFTPFileEntryParserImpl", "(String,int)", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "ConfigurableFTPFileEntryParserImpl", "getDefaultConfiguration", "()", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "ConfigurableFTPFileEntryParserImpl", "parseTimestamp", "(String)", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "DefaultFTPFileEntryParserFactory", "createMVSEntryParser", "()", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "DefaultFTPFileEntryParserFactory", "createNTFTPEntryParser", "()", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "DefaultFTPFileEntryParserFactory", "createNetwareFTPEntryParser", "()", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "DefaultFTPFileEntryParserFactory", "createOS2FTPEntryParser", "()", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "DefaultFTPFileEntryParserFactory", "createOS400FTPEntryParser", "()", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "DefaultFTPFileEntryParserFactory", "createUnixFTPEntryParser", "()", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "DefaultFTPFileEntryParserFactory", "createVMSVersioningFTPEntryParser", "()", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "FTPFileEntryParserFactory", "createFileEntryParser", "(FTPClientConfig)", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "FTPFileEntryParserFactory", "createFileEntryParser", "(String)", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "FTPTimestampParser", "parseTimestamp", "(String)", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "FTPTimestampParserImpl", "getDefaultDateFormatString", "()", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "FTPTimestampParserImpl", "getRecentDateFormatString", "()", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "MLSxEntryParser", "getInstance", "()", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "MLSxEntryParser", "parseGMTdateTime", "(String)", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "MLSxEntryParser", "parseGmtInstant", "(String)", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "MacOsPeterFTPEntryParser", "MacOsPeterFTPEntryParser", "(FTPClientConfig)", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "NTFTPEntryParser", "NTFTPEntryParser", "(FTPClientConfig)", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "NetwareFTPEntryParser", "NetwareFTPEntryParser", "(FTPClientConfig)", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "OS2FTPEntryParser", "OS2FTPEntryParser", "(FTPClientConfig)", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "OS400FTPEntryParser", "OS400FTPEntryParser", "(FTPClientConfig)", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "RegexFTPFileEntryParserImpl", "RegexFTPFileEntryParserImpl", "(String)", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "RegexFTPFileEntryParserImpl", "RegexFTPFileEntryParserImpl", "(String,int)", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "RegexFTPFileEntryParserImpl", "getGroupCnt", "()", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "RegexFTPFileEntryParserImpl", "getGroupsAsString", "()", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "RegexFTPFileEntryParserImpl", "group", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "RegexFTPFileEntryParserImpl", "setRegex", "(String)", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "RegexFTPFileEntryParserImpl", "setRegex", "(String,int)", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "UnixFTPEntryParser", "UnixFTPEntryParser", "(FTPClientConfig)", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "UnixFTPEntryParser", "UnixFTPEntryParser", "(FTPClientConfig,boolean)", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "VMSFTPEntryParser", "VMSFTPEntryParser", "(FTPClientConfig)", "df-generated"] - - ["org.apache.commons.net.ftp.parser", "VMSVersioningFTPEntryParser", "VMSVersioningFTPEntryParser", "(FTPClientConfig)", "df-generated"] - - ["org.apache.commons.net.ftp", "Configurable", "configure", "(FTPClientConfig)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "abor", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "allo", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "allo", "(int,int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "allo", "(long)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "allo", "(long,int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "cdup", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "epsv", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "feat", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "getReply", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "getReplyCode", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "help", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "isStrictMultilineParsing", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "isStrictReplyParsing", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "list", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "mlsd", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "mlst", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "mode", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "nlst", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "noop", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "pasv", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "pwd", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "quit", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "rein", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "sendCommand", "(FTPCmd)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "sendCommand", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "setStrictMultilineParsing", "(boolean)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "setStrictReplyParsing", "(boolean)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "stat", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "stou", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "stru", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "syst", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "type", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTP", "type", "(int,int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "abort", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "allocate", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "allocate", "(int,int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "allocate", "(long)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "allocate", "(long,int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "changeToParentDirectory", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "completePendingCommand", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "enterLocalActiveMode", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "enterLocalPassiveMode", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "enterRemotePassiveMode", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "features", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "getAutodetectUTF8", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "getBufferSize", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "getControlKeepAliveReplyTimeout", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "getControlKeepAliveTimeout", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "getCslDebug", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "getDataConnectionMode", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "getListHiddenFiles", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "getPassivePort", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "getReceiveDataSocketBufferSize", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "getRestartOffset", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "getSendDataSocketBufferSize", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "hasFeature", "(FTPCmd)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "hasFeature", "(String)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "hasFeature", "(String,String)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "initiateMListParsing", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "isIpAddressFromPasvResponse", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "isRemoteVerificationEnabled", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "isUseEPSVwithIPv4", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "listDirectories", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "listNames", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "logout", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "mlistDir", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "reinitialize", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "remoteStoreUnique", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "sendNoOp", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "setActivePortRange", "(int,int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "setAutodetectUTF8", "(boolean)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "setBufferSize", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "setControlKeepAliveReplyTimeout", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "setControlKeepAliveTimeout", "(long)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "setDataTimeout", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "setFileStructure", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "setFileTransferMode", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "setFileType", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "setFileType", "(int,int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "setIpAddressFromPasvResponse", "(boolean)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "setListHiddenFiles", "(boolean)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "setPassiveNatWorkaround", "(boolean)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "setReceieveDataSocketBufferSize", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "setRemoteVerificationEnabled", "(boolean)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "setRestartOffset", "(long)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "setSendDataSocketBufferSize", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "setUseEPSVwithIPv4", "(boolean)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "storeUniqueFile", "(InputStream)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClient", "storeUniqueFileStream", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", "getDateFormatSymbols", "(String)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", "getSupportedLanguageCodes", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", "getUnparseableEntries", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", "isLenientFutureDates", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", "lookupDateFormatSymbols", "(String)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", "setLenientFutureDates", "(boolean)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPClientConfig", "setUnparseableEntries", "(boolean)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPCmd", "getCommand", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPCommand", "getCommand", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", "getHardLinkCount", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", "getSize", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", "getTimestampInstant", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", "getType", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", "hasPermission", "(int,int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", "isDirectory", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", "isFile", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", "isSymbolicLink", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", "isUnknown", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", "isValid", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", "setHardLinkCount", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", "setPermission", "(int,int,boolean)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", "setSize", "(long)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPFile", "setType", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPListParseEngine", "hasNext", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPListParseEngine", "hasPrevious", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPListParseEngine", "resetIterator", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPReply", "isNegativePermanent", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPReply", "isNegativeTransient", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPReply", "isPositiveCompletion", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPReply", "isPositiveIntermediate", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPReply", "isPositivePreliminary", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPReply", "isProtectedReplyCode", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", "FTPSClient", "(boolean)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", "execCCC", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", "execPBSZ", "(long)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", "getEnableSessionCreation", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", "getNeedClientAuth", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", "getUseClientMode", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", "getWantClientAuth", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", "isEndpointCheckingEnabled", "()", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", "parsePBSZ", "(long)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", "setEnabledSessionCreation", "(boolean)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", "setEndpointCheckingEnabled", "(boolean)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", "setNeedClientAuth", "(boolean)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", "setUseClientMode", "(boolean)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSClient", "setWantClientAuth", "(boolean)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSCommand", "getCommand", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSSocketFactory", "createServerSocket", "(int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSSocketFactory", "createServerSocket", "(int,int)", "df-generated"] - - ["org.apache.commons.net.ftp", "FTPSSocketFactory", "createServerSocket", "(int,int,InetAddress)", "df-generated"] - - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient$AUTH_METHOD", "getAuthName", "()", "df-generated"] - - ["org.apache.commons.net.imap", "AuthenticatingIMAPClient", "AuthenticatingIMAPClient", "(boolean)", "df-generated"] - - ["org.apache.commons.net.imap", "IMAP", "doCommand", "(IMAPCommand)", "df-generated"] - - ["org.apache.commons.net.imap", "IMAP", "getState", "()", "df-generated"] - - ["org.apache.commons.net.imap", "IMAP", "sendCommand", "(IMAPCommand)", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", "capability", "()", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", "check", "()", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", "close", "()", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", "expunge", "()", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", "logout", "()", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPClient", "noop", "()", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPCommand", "getCommand", "(IMAPCommand)", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPCommand", "getIMAPCommand", "()", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPReply", "getReplyCode", "(String)", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPReply", "getUntaggedReplyCode", "(String)", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPReply", "isContinuation", "(String)", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPReply", "isContinuation", "(int)", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPReply", "isSuccess", "(int)", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPReply", "isUntagged", "(String)", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPReply", "literalCount", "(String)", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPSClient", "IMAPSClient", "(boolean)", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPSClient", "execTLS", "()", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPSClient", "isEndpointCheckingEnabled", "()", "df-generated"] - - ["org.apache.commons.net.imap", "IMAPSClient", "setEndpointCheckingEnabled", "(boolean)", "df-generated"] - - ["org.apache.commons.net.io", "CopyStreamAdapter", "addCopyStreamListener", "(CopyStreamListener)", "df-generated"] - - ["org.apache.commons.net.io", "CopyStreamAdapter", "removeCopyStreamListener", "(CopyStreamListener)", "df-generated"] - - ["org.apache.commons.net.io", "CopyStreamEvent", "getBytesTransferred", "()", "df-generated"] - - ["org.apache.commons.net.io", "CopyStreamEvent", "getStreamSize", "()", "df-generated"] - - ["org.apache.commons.net.io", "CopyStreamEvent", "getTotalBytesTransferred", "()", "df-generated"] - - ["org.apache.commons.net.io", "CopyStreamException", "getTotalBytesTransferred", "()", "df-generated"] - - ["org.apache.commons.net.io", "CopyStreamListener", "bytesTransferred", "(CopyStreamEvent)", "df-generated"] - - ["org.apache.commons.net.io", "CopyStreamListener", "bytesTransferred", "(long,int,long)", "df-generated"] - - ["org.apache.commons.net.io", "FromNetASCIIInputStream", "FromNetASCIIInputStream", "(InputStream)", "df-generated"] - - ["org.apache.commons.net.io", "FromNetASCIIInputStream", "isConversionRequired", "()", "df-generated"] - - ["org.apache.commons.net.io", "ToNetASCIIInputStream", "ToNetASCIIInputStream", "(InputStream)", "df-generated"] - - ["org.apache.commons.net.io", "Util", "closeQuietly", "(Closeable)", "df-generated"] - - ["org.apache.commons.net.io", "Util", "closeQuietly", "(Socket)", "df-generated"] - - ["org.apache.commons.net.nntp", "Article", "addHeaderField", "(String,String)", "df-generated"] - - ["org.apache.commons.net.nntp", "Article", "getArticleNumber", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "Article", "getArticleNumberLong", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "Article", "printThread", "(Article)", "df-generated"] - - ["org.apache.commons.net.nntp", "Article", "printThread", "(Article,PrintStream)", "df-generated"] - - ["org.apache.commons.net.nntp", "Article", "printThread", "(Article,int)", "df-generated"] - - ["org.apache.commons.net.nntp", "Article", "printThread", "(Article,int,PrintStream)", "df-generated"] - - ["org.apache.commons.net.nntp", "Article", "setArticleNumber", "(int)", "df-generated"] - - ["org.apache.commons.net.nntp", "Article", "setArticleNumber", "(long)", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", "article", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", "article", "(int)", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", "article", "(long)", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", "body", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", "body", "(int)", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", "body", "(long)", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", "getReply", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", "getReplyCode", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", "head", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", "head", "(int)", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", "head", "(long)", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", "help", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", "isAllowedToPost", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", "last", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", "list", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", "next", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", "post", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", "quit", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", "sendCommand", "(int)", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", "stat", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", "stat", "(int)", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTP", "stat", "(long)", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", "completePendingCommand", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", "iterateArticleInfo", "(long,long)", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", "iterateNewsgroups", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", "logout", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", "selectArticle", "(int)", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", "selectArticle", "(long)", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", "selectNextArticle", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPClient", "selectPreviousArticle", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPCommand", "getCommand", "(int)", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPReply", "isInformational", "(int)", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPReply", "isNegativePermanent", "(int)", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPReply", "isNegativeTransient", "(int)", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPReply", "isPositiveCompletion", "(int)", "df-generated"] - - ["org.apache.commons.net.nntp", "NNTPReply", "isPositiveIntermediate", "(int)", "df-generated"] - - ["org.apache.commons.net.nntp", "NewGroupsOrNewsQuery", "NewGroupsOrNewsQuery", "(Calendar,boolean)", "df-generated"] - - ["org.apache.commons.net.nntp", "NewGroupsOrNewsQuery", "isGMT", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NewsgroupInfo", "getArticleCount", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NewsgroupInfo", "getArticleCountLong", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NewsgroupInfo", "getFirstArticle", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NewsgroupInfo", "getFirstArticleLong", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NewsgroupInfo", "getLastArticle", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NewsgroupInfo", "getLastArticleLong", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "NewsgroupInfo", "getPostingPermission", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "Threadable", "isDummy", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "Threadable", "makeDummy", "()", "df-generated"] - - ["org.apache.commons.net.nntp", "Threadable", "subjectIsReply", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "NTPUDPClient", "getTime", "(InetAddress)", "df-generated"] - - ["org.apache.commons.net.ntp", "NTPUDPClient", "getTime", "(InetAddress,int)", "df-generated"] - - ["org.apache.commons.net.ntp", "NTPUDPClient", "getVersion", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "NTPUDPClient", "setVersion", "(int)", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpUtils", "getHostAddress", "(int)", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpUtils", "getModeName", "(int)", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpUtils", "getRefAddress", "(NtpV3Packet)", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpUtils", "getReferenceClock", "(NtpV3Packet)", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Impl", "toString", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "getLeapIndicator", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "getMode", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "getModeName", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "getOriginateTimeStamp", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "getPoll", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "getPrecision", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "getReceiveTimeStamp", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "getReferenceId", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "getReferenceIdString", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "getReferenceTimeStamp", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "getRootDelay", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "getRootDelayInMillisDouble", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "getRootDispersion", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "getRootDispersionInMillis", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "getRootDispersionInMillisDouble", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "getStratum", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "getTransmitTimeStamp", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "getType", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "getVersion", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "setLeapIndicator", "(int)", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "setMode", "(int)", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "setOriginateTimeStamp", "(TimeStamp)", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "setPoll", "(int)", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "setPrecision", "(int)", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "setReceiveTimeStamp", "(TimeStamp)", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "setReferenceId", "(int)", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "setReferenceTime", "(TimeStamp)", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "setRootDelay", "(int)", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "setRootDispersion", "(int)", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "setStratum", "(int)", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "setTransmitTime", "(TimeStamp)", "df-generated"] - - ["org.apache.commons.net.ntp", "NtpV3Packet", "setVersion", "(int)", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeInfo", "computeDetails", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeInfo", "getDelay", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeInfo", "getOffset", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeInfo", "getReturnTime", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeStamp", "TimeStamp", "(Date)", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeStamp", "TimeStamp", "(String)", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeStamp", "TimeStamp", "(long)", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeStamp", "getCurrentTime", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeStamp", "getDate", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeStamp", "getFraction", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeStamp", "getNtpTime", "(long)", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeStamp", "getSeconds", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeStamp", "getTime", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeStamp", "getTime", "(long)", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeStamp", "ntpValue", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeStamp", "parseNtpString", "(String)", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeStamp", "toDateString", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeStamp", "toString", "()", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeStamp", "toString", "(long)", "df-generated"] - - ["org.apache.commons.net.ntp", "TimeStamp", "toUTCString", "()", "df-generated"] - - ["org.apache.commons.net.pop3", "ExtendedPOP3Client$AUTH_METHOD", "getAuthName", "()", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3", "getAdditionalReply", "()", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3", "getState", "()", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3", "removeProtocolCommandistener", "(ProtocolCommandListener)", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3", "sendCommand", "(int)", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3", "setState", "(int)", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3Client", "capa", "()", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3Client", "deleteMessage", "(int)", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3Client", "listMessage", "(int)", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3Client", "listMessages", "()", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3Client", "listUniqueIdentifiers", "()", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3Client", "logout", "()", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3Client", "noop", "()", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3Client", "reset", "()", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3Client", "status", "()", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3Command", "getCommand", "(int)", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3MessageInfo", "POP3MessageInfo", "(int,int)", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3SClient", "POP3SClient", "(boolean)", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3SClient", "execTLS", "()", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3SClient", "isEndpointCheckingEnabled", "()", "df-generated"] - - ["org.apache.commons.net.pop3", "POP3SClient", "setEndpointCheckingEnabled", "(boolean)", "df-generated"] - - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient$AUTH_METHOD", "getAuthName", "(AUTH_METHOD)", "df-generated"] - - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", "elogin", "()", "df-generated"] - - ["org.apache.commons.net.smtp", "AuthenticatingSMTPClient", "getEnhancedReplyCode", "()", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", "data", "()", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", "getReply", "()", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", "getReplyCode", "()", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", "help", "()", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", "noop", "()", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", "quit", "()", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", "removeProtocolCommandistener", "(ProtocolCommandListener)", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", "rset", "()", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", "sendCommand", "(int)", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTP", "turn", "()", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPClient", "completePendingCommand", "()", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPClient", "login", "()", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPClient", "logout", "()", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPClient", "reset", "()", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPClient", "sendNoOp", "()", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPClient", "sendShortMessageData", "(String)", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPCommand", "getCommand", "(int)", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPReply", "isNegativePermanent", "(int)", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPReply", "isNegativeTransient", "(int)", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPReply", "isPositiveCompletion", "(int)", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPReply", "isPositiveIntermediate", "(int)", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPReply", "isPositivePreliminary", "(int)", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPSClient", "SMTPSClient", "(boolean)", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPSClient", "execTLS", "()", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPSClient", "isEndpointCheckingEnabled", "()", "df-generated"] - - ["org.apache.commons.net.smtp", "SMTPSClient", "setEndpointCheckingEnabled", "(boolean)", "df-generated"] - - ["org.apache.commons.net.telnet", "EchoOptionHandler", "EchoOptionHandler", "(boolean,boolean,boolean,boolean)", "df-generated"] - - ["org.apache.commons.net.telnet", "SimpleOptionHandler", "SimpleOptionHandler", "(int)", "df-generated"] - - ["org.apache.commons.net.telnet", "SimpleOptionHandler", "SimpleOptionHandler", "(int,boolean,boolean,boolean,boolean)", "df-generated"] - - ["org.apache.commons.net.telnet", "SuppressGAOptionHandler", "SuppressGAOptionHandler", "(boolean,boolean,boolean,boolean)", "df-generated"] - - ["org.apache.commons.net.telnet", "Telnet", "deleteOptionHandler", "(int)", "df-generated"] - - ["org.apache.commons.net.telnet", "Telnet", "unregisterNotifHandler", "()", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetClient", "TelnetClient", "(int)", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetClient", "getLocalOptionState", "(int)", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetClient", "getReaderThread", "()", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetClient", "getRemoteOptionState", "(int)", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetClient", "sendAYT", "(long)", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetClient", "sendCommand", "(byte)", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetClient", "sendSubnegotiation", "(int[])", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetClient", "setReaderThread", "(boolean)", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetClient", "stopSpyStream", "()", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetClient", "unregisterInputListener", "()", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetCommand", "getCommand", "(int)", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetCommand", "isValidCommand", "(int)", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetNotificationHandler", "receivedNegotiation", "(int,int)", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetOption", "getOption", "(int)", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetOption", "isValidOption", "(int)", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "TelnetOptionHandler", "(int,boolean,boolean,boolean,boolean)", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "answerSubnegotiation", "(int[],int)", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "getAcceptLocal", "()", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "getAcceptRemote", "()", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "getInitLocal", "()", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "getInitRemote", "()", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "getOptionCode", "()", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "setAcceptLocal", "(boolean)", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "setAcceptRemote", "(boolean)", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "setInitLocal", "(boolean)", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "setInitRemote", "(boolean)", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "startSubnegotiationLocal", "()", "df-generated"] - - ["org.apache.commons.net.telnet", "TelnetOptionHandler", "startSubnegotiationRemote", "()", "df-generated"] - - ["org.apache.commons.net.telnet", "WindowSizeOptionHandler", "WindowSizeOptionHandler", "(int,int)", "df-generated"] - - ["org.apache.commons.net.telnet", "WindowSizeOptionHandler", "WindowSizeOptionHandler", "(int,int,boolean,boolean,boolean,boolean)", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTP", "beginBufferedOps", "()", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTP", "discardPackets", "()", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTP", "endBufferedOps", "()", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTP", "getModeName", "(int)", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTP", "receive", "()", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTP", "send", "(TFTPPacket)", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPAckPacket", "getBlockNumber", "()", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPAckPacket", "setBlockNumber", "(int)", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", "getMaxTimeouts", "()", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", "getTotalBytesReceived", "()", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", "getTotalBytesSent", "()", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPClient", "setMaxTimeouts", "(int)", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPDataPacket", "getBlockNumber", "()", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPDataPacket", "getDataLength", "()", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPDataPacket", "getDataOffset", "()", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPDataPacket", "setBlockNumber", "(int)", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPErrorPacket", "getError", "()", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPPacket", "getPort", "()", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPPacket", "getType", "()", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPPacket", "newDatagram", "()", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPPacket", "setPort", "(int)", "df-generated"] - - ["org.apache.commons.net.tftp", "TFTPRequestPacket", "getMode", "()", "df-generated"] - - ["org.apache.commons.net.time", "TimeTCPClient", "getDate", "()", "df-generated"] - - ["org.apache.commons.net.time", "TimeTCPClient", "getTime", "()", "df-generated"] - - ["org.apache.commons.net.time", "TimeUDPClient", "getDate", "(InetAddress)", "df-generated"] - - ["org.apache.commons.net.time", "TimeUDPClient", "getDate", "(InetAddress,int)", "df-generated"] - - ["org.apache.commons.net.time", "TimeUDPClient", "getTime", "(InetAddress)", "df-generated"] - - ["org.apache.commons.net.time", "TimeUDPClient", "getTime", "(InetAddress,int)", "df-generated"] - - ["org.apache.commons.net.util", "Base64", "Base64", "(boolean)", "df-generated"] - - ["org.apache.commons.net.util", "Base64", "Base64", "(int)", "df-generated"] - - ["org.apache.commons.net.util", "Base64", "decodeInteger", "(byte[])", "df-generated"] - - ["org.apache.commons.net.util", "Base64", "encodeInteger", "(BigInteger)", "df-generated"] - - ["org.apache.commons.net.util", "Base64", "isArrayByteBase64", "(byte[])", "df-generated"] - - ["org.apache.commons.net.util", "Base64", "isBase64", "(byte)", "df-generated"] - - ["org.apache.commons.net.util", "Base64", "isUrlSafe", "()", "df-generated"] - - ["org.apache.commons.net.util", "Charsets", "toCharset", "(String)", "df-generated"] - - ["org.apache.commons.net.util", "Charsets", "toCharset", "(String,String)", "df-generated"] - - ["org.apache.commons.net.util", "KeyManagerUtils", "createClientKeyManager", "(File,String)", "df-generated"] - - ["org.apache.commons.net.util", "ListenerList", "getListenerCount", "()", "df-generated"] - - ["org.apache.commons.net.util", "ListenerList", "removeListener", "(EventListener)", "df-generated"] - - ["org.apache.commons.net.util", "SSLContextUtils", "createSSLContext", "(String,KeyManager,TrustManager)", "df-generated"] - - ["org.apache.commons.net.util", "SSLContextUtils", "createSSLContext", "(String,KeyManager[],TrustManager[])", "df-generated"] - - ["org.apache.commons.net.util", "SSLSocketUtils", "enableEndpointNameVerification", "(SSLSocket)", "df-generated"] - - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "asInteger", "(String)", "df-generated"] - - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getAddress", "()", "df-generated"] - - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getAddressCount", "()", "df-generated"] - - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getAddressCountLong", "()", "df-generated"] - - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getAllAddresses", "()", "df-generated"] - - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getBroadcastAddress", "()", "df-generated"] - - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getCidrSignature", "()", "df-generated"] - - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getHighAddress", "()", "df-generated"] - - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getLowAddress", "()", "df-generated"] - - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getNetmask", "()", "df-generated"] - - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getNetworkAddress", "()", "df-generated"] - - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getNextAddress", "()", "df-generated"] - - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "getPreviousAddress", "()", "df-generated"] - - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "isInRange", "(String)", "df-generated"] - - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "isInRange", "(int)", "df-generated"] - - ["org.apache.commons.net.util", "SubnetUtils$SubnetInfo", "toString", "()", "df-generated"] - - ["org.apache.commons.net.util", "SubnetUtils", "SubnetUtils", "(String)", "df-generated"] - - ["org.apache.commons.net.util", "SubnetUtils", "SubnetUtils", "(String,String)", "df-generated"] - - ["org.apache.commons.net.util", "SubnetUtils", "getInfo", "()", "df-generated"] - - ["org.apache.commons.net.util", "SubnetUtils", "getNext", "()", "df-generated"] - - ["org.apache.commons.net.util", "SubnetUtils", "getPrevious", "()", "df-generated"] - - ["org.apache.commons.net.util", "SubnetUtils", "isInclusiveHostCount", "()", "df-generated"] - - ["org.apache.commons.net.util", "SubnetUtils", "setInclusiveHostCount", "(boolean)", "df-generated"] - - ["org.apache.commons.net.util", "TrustManagerUtils", "getAcceptAllTrustManager", "()", "df-generated"] - - ["org.apache.commons.net.util", "TrustManagerUtils", "getDefaultTrustManager", "(KeyStore)", "df-generated"] - - ["org.apache.commons.net.util", "TrustManagerUtils", "getValidateServerCertificateTrustManager", "()", "df-generated"] - - ["org.apache.commons.net", "DatagramSocketClient", "close", "()", "df-generated"] - - ["org.apache.commons.net", "DatagramSocketClient", "getCharset", "()", "df-generated"] - - ["org.apache.commons.net", "DatagramSocketClient", "getCharsetName", "()", "df-generated"] - - ["org.apache.commons.net", "DatagramSocketClient", "getDefaultTimeout", "()", "df-generated"] - - ["org.apache.commons.net", "DatagramSocketClient", "getLocalPort", "()", "df-generated"] - - ["org.apache.commons.net", "DatagramSocketClient", "getSoTimeout", "()", "df-generated"] - - ["org.apache.commons.net", "DatagramSocketClient", "isOpen", "()", "df-generated"] - - ["org.apache.commons.net", "DatagramSocketClient", "open", "()", "df-generated"] - - ["org.apache.commons.net", "DatagramSocketClient", "open", "(int)", "df-generated"] - - ["org.apache.commons.net", "DatagramSocketClient", "open", "(int,InetAddress)", "df-generated"] - - ["org.apache.commons.net", "DatagramSocketClient", "setCharset", "(Charset)", "df-generated"] - - ["org.apache.commons.net", "DatagramSocketClient", "setDefaultTimeout", "(int)", "df-generated"] - - ["org.apache.commons.net", "DatagramSocketClient", "setSoTimeout", "(int)", "df-generated"] - - ["org.apache.commons.net", "DatagramSocketFactory", "createDatagramSocket", "()", "df-generated"] - - ["org.apache.commons.net", "DatagramSocketFactory", "createDatagramSocket", "(int)", "df-generated"] - - ["org.apache.commons.net", "DatagramSocketFactory", "createDatagramSocket", "(int,InetAddress)", "df-generated"] - - ["org.apache.commons.net", "DefaultSocketFactory", "createServerSocket", "(int)", "df-generated"] - - ["org.apache.commons.net", "DefaultSocketFactory", "createServerSocket", "(int,int)", "df-generated"] - - ["org.apache.commons.net", "DefaultSocketFactory", "createServerSocket", "(int,int,InetAddress)", "df-generated"] - - ["org.apache.commons.net", "PrintCommandListener", "PrintCommandListener", "(PrintStream)", "df-generated"] - - ["org.apache.commons.net", "PrintCommandListener", "PrintCommandListener", "(PrintStream,boolean)", "df-generated"] - - ["org.apache.commons.net", "PrintCommandListener", "PrintCommandListener", "(PrintStream,boolean,char)", "df-generated"] - - ["org.apache.commons.net", "PrintCommandListener", "PrintCommandListener", "(PrintStream,boolean,char,boolean)", "df-generated"] - - ["org.apache.commons.net", "ProtocolCommandEvent", "getReplyCode", "()", "df-generated"] - - ["org.apache.commons.net", "ProtocolCommandEvent", "isCommand", "()", "df-generated"] - - ["org.apache.commons.net", "ProtocolCommandEvent", "isReply", "()", "df-generated"] - - ["org.apache.commons.net", "ProtocolCommandListener", "protocolCommandSent", "(ProtocolCommandEvent)", "df-generated"] - - ["org.apache.commons.net", "ProtocolCommandListener", "protocolReplyReceived", "(ProtocolCommandEvent)", "df-generated"] - - ["org.apache.commons.net", "ProtocolCommandSupport", "addProtocolCommandListener", "(ProtocolCommandListener)", "df-generated"] - - ["org.apache.commons.net", "ProtocolCommandSupport", "fireCommandSent", "(String,String)", "df-generated"] - - ["org.apache.commons.net", "ProtocolCommandSupport", "fireReplyReceived", "(int,String)", "df-generated"] - - ["org.apache.commons.net", "ProtocolCommandSupport", "getListenerCount", "()", "df-generated"] - - ["org.apache.commons.net", "ProtocolCommandSupport", "removeProtocolCommandListener", "(ProtocolCommandListener)", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "addProtocolCommandListener", "(ProtocolCommandListener)", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "connect", "(InetAddress)", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "connect", "(InetAddress,int)", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "connect", "(InetAddress,int,InetAddress,int)", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "connect", "(String,int)", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "disconnect", "()", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "getCharset", "()", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "getCharsetName", "()", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "getConnectTimeout", "()", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "getDefaultPort", "()", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "getDefaultTimeout", "()", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "getKeepAlive", "()", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "getLocalPort", "()", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "getRemotePort", "()", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "getSoLinger", "()", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "getSoTimeout", "()", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "getTcpNoDelay", "()", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "isAvailable", "()", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "isConnected", "()", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "removeProtocolCommandListener", "(ProtocolCommandListener)", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "setCharset", "(Charset)", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "setConnectTimeout", "(int)", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "setDefaultPort", "(int)", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "setDefaultTimeout", "(int)", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "setKeepAlive", "(boolean)", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "setReceiveBufferSize", "(int)", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "setSendBufferSize", "(int)", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "setSoLinger", "(boolean,int)", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "setSoTimeout", "(int)", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "setTcpNoDelay", "(boolean)", "df-generated"] - - ["org.apache.commons.net", "SocketClient", "verifyRemote", "(Socket)", "df-generated"] From 12f996ff568fd64d30cf9ed5e6fa28bc552a1425 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Sun, 7 May 2023 09:41:08 +0100 Subject: [PATCH 221/870] Deal better with goModVersion < minGoVersion --- .../cli/go-autobuilder/go-autobuilder.go | 126 ++++++++++++------ 1 file changed, 86 insertions(+), 40 deletions(-) diff --git a/go/extractor/cli/go-autobuilder/go-autobuilder.go b/go/extractor/cli/go-autobuilder/go-autobuilder.go index a8afe3aef2c..7e60085f610 100644 --- a/go/extractor/cli/go-autobuilder/go-autobuilder.go +++ b/go/extractor/cli/go-autobuilder/go-autobuilder.go @@ -719,12 +719,23 @@ func installDependenciesAndBuild() { const minGoVersion = "1.11" const maxGoVersion = "1.20" +// Check if `version` is lower than `minGoVersion`. Note that for this comparison we ignore the +// patch part of the version, so 1.20.1 and 1.20 are considered equal. +func belowSupportedRange(version string) bool { + return semver.Compare(semver.MajorMinor("v"+version), "v"+minGoVersion) < 0 +} + +// Check if `version` is higher than `maxGoVersion`. Note that for this comparison we ignore the +// patch part of the version, so 1.20.1 and 1.20 are considered equal. +func aboveSupportedRange(version string) bool { + return semver.Compare(semver.MajorMinor("v"+version), "v"+maxGoVersion) > 0 +} + // Check if `version` is lower than `minGoVersion` or higher than `maxGoVersion`. Note that for // this comparison we ignore the patch part of the version, so 1.20.1 and 1.20 are considered // equal. func outsideSupportedRange(version string) bool { - short := semver.MajorMinor("v" + version) - return semver.Compare(short, "v"+minGoVersion) < 0 || semver.Compare(short, "v"+maxGoVersion) > 0 + return belowSupportedRange(version) || aboveSupportedRange(version) } // Assuming `v.goModVersionFound` is false, emit a diagnostic and return the version to install, @@ -765,49 +776,84 @@ func checkForGoModVersionNotFound(v versionInfo) (msg, version string) { // Assuming `v.goModVersionFound` is true, emit a diagnostic and return the version to install, // or the empty string if we should not attempt to install a version of Go. func checkForGoModVersionFound(v versionInfo) (msg, version string) { - if outsideSupportedRange(v.goModVersion) { - // The project is intended to be built with a version of Go that is not supported. - // We do not install a version of Go. + if aboveSupportedRange(v.goModVersion) { + // The project is intended to be built with a version of Go that is above the supported + // range. We do not install a version of Go. msg = "The version of Go found in the `go.mod` file (" + v.goModVersion + - ") is outside of the supported range (" + minGoVersion + "-" + maxGoVersion + + ") is above the supported range (" + minGoVersion + "-" + maxGoVersion + "). Writing an environment file not specifying any version of Go." version = "" diagnostics.EmitUnsupportedVersionGoMod(msg) - } else if !v.goEnvVersionFound { - // There is no Go version installed. The version in the `go.mod` file is supported. - // We install the version from the `go.mod` file. - msg = "No version of Go installed. Writing an environment file specifying the version " + - "of Go found in the `go.mod` file (" + v.goModVersion + ")." - version = v.goModVersion - diagnostics.EmitNoGoEnv(msg) - } else if outsideSupportedRange(v.goEnvVersion) { - // The version of Go that is installed is outside of the supported range. The version in - // the `go.mod` file is supported. We install the version from the `go.mod` file. - msg = "The version of Go installed in the environment (" + v.goEnvVersion + - ") is outside of the supported range (" + minGoVersion + "-" + maxGoVersion + "). " + - "Writing an environment file specifying the version of Go from the `go.mod` file (" + - v.goModVersion + ")." - version = v.goModVersion - diagnostics.EmitVersionGoModSupportedAndGoEnvUnsupported(msg) - } else if semver.Compare("v"+v.goModVersion, "v"+v.goEnvVersion) > 0 { - // The version of Go that is installed is supported. The version in the `go.mod` file is - // supported and is higher than the version that is installed. We install the version from - // the `go.mod` file. - msg = "The version of Go installed in the environment (" + v.goEnvVersion + - ") is lower than the version found in the `go.mod` file (" + v.goModVersion + - "). Writing an environment file specifying the version of Go from the `go.mod` " + - "file (" + v.goModVersion + ")." - version = v.goModVersion - diagnostics.EmitVersionGoModHigherVersionEnvironment(msg) + } else if belowSupportedRange(v.goModVersion) { + if !v.goEnvVersionFound { + // There is no Go version installed. The version in the `go.mod` file is below the + // supported range. Go versions are generally backwards compatible, so we install the + // minimum supported version. + msg = "The version of Go found in the `go.mod` file (" + v.goModVersion + + ") is below the supported range (" + minGoVersion + "-" + maxGoVersion + + "). No version of Go installed. Writing an environment file specifying the " + + "minimum supported version of Go (" + minGoVersion + ")." + version = minGoVersion + diagnostics.EmitNoGoEnv(msg) + } else if outsideSupportedRange(v.goEnvVersion) { + // The version of Go that is installed is outside of the supported range. The version + // in the `go.mod` file is below the supported range. Go versions are generally + // backwards compatible, so we install the minimum supported version. + msg = "The version of Go found in the `go.mod` file (" + v.goModVersion + + ") is below the supported range (" + minGoVersion + "-" + maxGoVersion + + "). The version of Go installed in the environment (" + v.goEnvVersion + + ") is outside of the supported range (" + minGoVersion + "-" + maxGoVersion + "). " + + "Writing an environment file specifying the minimum supported version of Go (" + + minGoVersion + ")." + version = minGoVersion + diagnostics.EmitVersionGoModSupportedAndGoEnvUnsupported(msg) + } else { + // The version of Go that is installed is supported. The version in the `go.mod` file is + // below the supported range. We do not install a version of Go. + msg = "The version of Go installed in the environment (" + v.goEnvVersion + + ") is supported and is high enough for the version found in the `go.mod` file (" + + v.goModVersion + "). Writing an environment file not specifying any version of Go." + version = "" + diagnostics.EmitVersionGoModNotHigherVersionEnvironment(msg) + } } else { - // The version of Go that is installed is supported. The version in the `go.mod` file is - // supported and is lower than or equal to the version that is installed. We do not install - // a version of Go. - msg = "The version of Go installed in the environment (" + v.goEnvVersion + - ") is supported and is high enough for the version found in the `go.mod` file (" + - v.goModVersion + "). Writing an environment file not specifying any version of Go." - version = "" - diagnostics.EmitVersionGoModNotHigherVersionEnvironment(msg) + // v.goModVersion is within the supported range. + if !v.goEnvVersionFound { + // There is no Go version installed. The version in the `go.mod` file is supported. + // We install the version from the `go.mod` file. + msg = "No version of Go installed. Writing an environment file specifying the version " + + "of Go found in the `go.mod` file (" + v.goModVersion + ")." + version = v.goModVersion + diagnostics.EmitNoGoEnv(msg) + } else if outsideSupportedRange(v.goEnvVersion) { + // The version of Go that is installed is outside of the supported range. The version in + // the `go.mod` file is supported. We install the version from the `go.mod` file. + msg = "The version of Go installed in the environment (" + v.goEnvVersion + + ") is outside of the supported range (" + minGoVersion + "-" + maxGoVersion + "). " + + "Writing an environment file specifying the version of Go from the `go.mod` file (" + + v.goModVersion + ")." + version = v.goModVersion + diagnostics.EmitVersionGoModSupportedAndGoEnvUnsupported(msg) + } else if semver.Compare("v"+v.goModVersion, "v"+v.goEnvVersion) > 0 { + // The version of Go that is installed is supported. The version in the `go.mod` file is + // supported and is higher than the version that is installed. We install the version from + // the `go.mod` file. + msg = "The version of Go installed in the environment (" + v.goEnvVersion + + ") is lower than the version found in the `go.mod` file (" + v.goModVersion + + "). Writing an environment file specifying the version of Go from the `go.mod` " + + "file (" + v.goModVersion + ")." + version = v.goModVersion + diagnostics.EmitVersionGoModHigherVersionEnvironment(msg) + } else { + // The version of Go that is installed is supported. The version in the `go.mod` file is + // supported and is lower than or equal to the version that is installed. We do not install + // a version of Go. + msg = "The version of Go installed in the environment (" + v.goEnvVersion + + ") is supported and is high enough for the version found in the `go.mod` file (" + + v.goModVersion + "). Writing an environment file not specifying any version of Go." + version = "" + diagnostics.EmitVersionGoModNotHigherVersionEnvironment(msg) + } } return msg, version From 1e5c9e8a584dc6e70b43b9cb06750f76ca9aa733 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 10 May 2023 10:49:27 +0200 Subject: [PATCH 222/870] simplify by using hasQualifiedName --- .../AutomodelFrameworkModeCharacteristics.qll | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll index 1cafc3240c5..707e9c4e094 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll @@ -79,30 +79,23 @@ module FrameworkCandidatesImpl implements SharedCharacteristics::CandidateSig { } predicate isSink(Endpoint e, string kind) { - exists( - string package, string type, boolean subtypes, string name, string signature, string ext, - string input - | - sinkSpec(e, package, type, subtypes, name, signature, ext, input) and - ExternalFlow::sinkModel(package, type, subtypes, name, [signature, ""], ext, input, kind, _) + exists(string package, string type, string name, string signature, string ext, string input | + sinkSpec(e, package, type, name, signature, ext, input) and + ExternalFlow::sinkModel(package, type, _, name, [signature, ""], ext, input, kind, _) ) } predicate isNeutral(Endpoint e) { exists(string package, string type, string name, string signature | - sinkSpec(e, package, type, _, name, signature, _, _) and + sinkSpec(e, package, type, name, signature, _, _) and ExternalFlow::neutralModel(package, type, name, [signature, ""], _) ) } additional predicate sinkSpec( - Endpoint e, string package, string type, boolean subtypes, string name, string signature, - string ext, string input + Endpoint e, string package, string type, string name, string signature, string ext, string input ) { - package = FrameworkCandidatesImpl::getCallable(e).getDeclaringType().getPackage().toString() and - type = FrameworkCandidatesImpl::getCallable(e).getDeclaringType().getName() and - subtypes = false and - name = FrameworkCandidatesImpl::getCallable(e).getName() and + FrameworkCandidatesImpl::getCallable(e).hasQualifiedName(package, type, name) and signature = ExternalFlow::paramsString(getCallable(e)) and ext = "" and exists(int paramIdx | e.isParameterOf(_, paramIdx) | input = "Argument[" + paramIdx + "]") From f9d2467eaa18d1ccf6502b6a2cb48faafdc76eae Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 4 May 2023 14:51:49 +0100 Subject: [PATCH 223/870] Downgrade package-not-found diagnostic to warning error is reserved for when the build fails. --- go/extractor/diagnostics/diagnostics.go | 2 +- .../package-not-found-with-go-mod/diagnostics.expected | 2 +- .../package-not-found-without-go-mod/diagnostics.expected | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go/extractor/diagnostics/diagnostics.go b/go/extractor/diagnostics/diagnostics.go index 9fd4fc6ff59..84b49809a19 100644 --- a/go/extractor/diagnostics/diagnostics.go +++ b/go/extractor/diagnostics/diagnostics.go @@ -155,7 +155,7 @@ func EmitCannotFindPackages(pkgPaths []string) { "go/autobuilder/package-not-found", "Some packages could not be found", fmt.Sprintf("%d package%s could not be found.\n\n%s.\n\nCheck that the paths are correct and make sure any private packages can be accessed. If any of the packages are present in the repository then you may need a [custom build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).", numPkgPaths, ending, secondLine), - severityError, + severityWarning, fullVisibility, noLocation, ) diff --git a/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-with-go-mod/diagnostics.expected b/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-with-go-mod/diagnostics.expected index a24d8121da7..f69ba7ae135 100644 --- a/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-with-go-mod/diagnostics.expected +++ b/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-with-go-mod/diagnostics.expected @@ -1,6 +1,6 @@ { "markdownMessage": "110 packages could not be found.\n\n`github.com/nosuchorg/nosuchrepo000`, `github.com/nosuchorg/nosuchrepo001`, `github.com/nosuchorg/nosuchrepo002`, `github.com/nosuchorg/nosuchrepo003`, `github.com/nosuchorg/nosuchrepo004` and 105 more.\n\nCheck that the paths are correct and make sure any private packages can be accessed. If any of the packages are present in the repository then you may need a [custom build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).", - "severity": "error", + "severity": "warning", "source": { "extractorName": "go", "id": "go/autobuilder/package-not-found", diff --git a/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-without-go-mod/diagnostics.expected b/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-without-go-mod/diagnostics.expected index d5c515a076b..356aa7f1e21 100644 --- a/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-without-go-mod/diagnostics.expected +++ b/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-without-go-mod/diagnostics.expected @@ -1,6 +1,6 @@ { "markdownMessage": "1 package could not be found.\n\n`github.com/linode/linode-docs-theme`.\n\nCheck that the paths are correct and make sure any private packages can be accessed. If any of the packages are present in the repository then you may need a [custom build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).", - "severity": "error", + "severity": "warning", "source": { "extractorName": "go", "id": "go/autobuilder/package-not-found", From 89e9103a5b225996e5f9fb32516c4943e837206b Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Wed, 10 May 2023 11:15:49 +0200 Subject: [PATCH 224/870] C#: Enable implicit this receiver warnings --- csharp/ql/lib/qlpack.yml | 1 + csharp/ql/src/qlpack.yml | 1 + csharp/ql/test/qlpack.yml | 1 + 3 files changed, 3 insertions(+) diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 452dd3e140f..fdb710e9371 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -12,3 +12,4 @@ dependencies: dataExtensions: - ext/*.model.yml - ext/generated/*.model.yml +warnOnImplicitThis: true diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index f8bb75d0f49..d68e0a497c1 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -10,3 +10,4 @@ dependencies: codeql/csharp-all: ${workspace} codeql/suite-helpers: ${workspace} codeql/util: ${workspace} +warnOnImplicitThis: true diff --git a/csharp/ql/test/qlpack.yml b/csharp/ql/test/qlpack.yml index b0ce8ef1920..c5b275b64e3 100644 --- a/csharp/ql/test/qlpack.yml +++ b/csharp/ql/test/qlpack.yml @@ -5,3 +5,4 @@ dependencies: codeql/csharp-queries: ${workspace} extractor: csharp tests: . +warnOnImplicitThis: true From 7ae6a992b6de739072de55ff8ec9d66becc720a3 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 10 May 2023 11:29:49 +0200 Subject: [PATCH 225/870] fix code compilation error after main branch breaking change --- java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll index 707e9c4e094..0beaadc5679 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll @@ -88,7 +88,7 @@ module FrameworkCandidatesImpl implements SharedCharacteristics::CandidateSig { predicate isNeutral(Endpoint e) { exists(string package, string type, string name, string signature | sinkSpec(e, package, type, name, signature, _, _) and - ExternalFlow::neutralModel(package, type, name, [signature, ""], _) + ExternalFlow::neutralModel(package, type, name, [signature, ""], _, _) ) } From d2d884b00704599c16f7dc5be77a97789b3565fc Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 10 May 2023 11:53:40 +0200 Subject: [PATCH 226/870] special case for Argument[this] --- .../src/Telemetry/AutomodelFrameworkModeCharacteristics.qll | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll index 0beaadc5679..9371f935e4e 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll @@ -98,7 +98,9 @@ module FrameworkCandidatesImpl implements SharedCharacteristics::CandidateSig { FrameworkCandidatesImpl::getCallable(e).hasQualifiedName(package, type, name) and signature = ExternalFlow::paramsString(getCallable(e)) and ext = "" and - exists(int paramIdx | e.isParameterOf(_, paramIdx) | input = "Argument[" + paramIdx + "]") + exists(int paramIdx | e.isParameterOf(_, paramIdx) | + if paramIdx = -1 then input = "Argument[this]" else input = "Argument[" + paramIdx + "]" + ) } /** From 68c16c4b34336312bd329d84ced044798c5d0ef2 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 10 May 2023 11:02:49 +0100 Subject: [PATCH 227/870] Swift: Update extractors.rst --- docs/codeql/reusables/extractors.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/codeql/reusables/extractors.rst b/docs/codeql/reusables/extractors.rst index 606c57d0208..bfcd7571cb7 100644 --- a/docs/codeql/reusables/extractors.rst +++ b/docs/codeql/reusables/extractors.rst @@ -17,4 +17,6 @@ * - Python - ``python`` * - Ruby - - ``ruby`` \ No newline at end of file + - ``ruby`` + * - Swift + - ``swift`` \ No newline at end of file From 6be11d93bd5e750baf32b2d8f1c328dfe23d339c Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 10 May 2023 12:03:32 +0200 Subject: [PATCH 228/870] document FrameworkCandidatesImpl --- .../AutomodelFrameworkModeCharacteristics.qll | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll index 9371f935e4e..990e30791f6 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll @@ -35,8 +35,16 @@ newtype JavaRelatedLocationType = MethodDoc() or ClassDoc() -// for documentation of the implementations here, see the QLDoc in the CandidateSig signature module. +/** + * A candidates implementation for framework mode. + * + * Some important notes: + * - This mode is using parameters as endpoints. + * - Sink- and neutral-information is being used from MaD models. + * - When available, we use method- and class-java-docs as related locations. + */ module FrameworkCandidatesImpl implements SharedCharacteristics::CandidateSig { + // for documentation of the implementations here, see the QLDoc in the CandidateSig signature module. class Endpoint = DataFlow::ParameterNode; class EndpointType = AutomodelEndpointTypes::EndpointType; From 9d7ba3a87681d0a7432ce1aec06351b7cf23f788 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 10 May 2023 11:04:08 +0100 Subject: [PATCH 229/870] Swift: Add footnote in supported-versions-compilers.rst --- docs/codeql/reusables/supported-versions-compilers.rst | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/codeql/reusables/supported-versions-compilers.rst b/docs/codeql/reusables/supported-versions-compilers.rst index 34d02f23fd7..815fb6642b6 100644 --- a/docs/codeql/reusables/supported-versions-compilers.rst +++ b/docs/codeql/reusables/supported-versions-compilers.rst @@ -24,8 +24,8 @@ JavaScript,ECMAScript 2022 or lower,Not applicable,"``.js``, ``.jsx``, ``.mjs``, ``.es``, ``.es6``, ``.htm``, ``.html``, ``.xhtm``, ``.xhtml``, ``.vue``, ``.hbs``, ``.ejs``, ``.njk``, ``.json``, ``.yaml``, ``.yml``, ``.raml``, ``.xml`` [7]_" Python [8]_,"2.7, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, 3.11",Not applicable,``.py`` Ruby [9]_,"up to 3.2",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``" - Swift,"Swift 5.4-5.7","Swift compiler","``.swift``" - TypeScript [10]_,"2.6-5.0",Standard TypeScript compiler,"``.ts``, ``.tsx``, ``.mts``, ``.cts``" + Swift [10]_,"Swift 5.4-5.7","Swift compiler","``.swift``" + TypeScript [11]_,"2.6-5.0",Standard TypeScript compiler,"``.ts``, ``.tsx``, ``.mts``, ``.cts``" .. container:: footnote-group @@ -38,4 +38,5 @@ .. [7] JSX and Flow code, YAML, JSON, HTML, and XML files may also be analyzed with JavaScript files. .. [8] The extractor requires Python 3 to run. To analyze Python 2.7 you should install both versions of Python. .. [9] Requires glibc 2.17. - .. [10] TypeScript analysis is performed by running the JavaScript extractor with TypeScript enabled. This is the default. + .. [10] Swift support is currently in beta. Windows is not supported. Linux support is partial (currently only works with Swift 5.7.3). + .. [11] TypeScript analysis is performed by running the JavaScript extractor with TypeScript enabled. This is the default. From edebebf603ba93acab404716e5c879bb0d01e0ad Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 10 May 2023 09:52:48 +0100 Subject: [PATCH 230/870] Refactor for clarity --- .../cli/go-autobuilder/go-autobuilder.go | 181 ++++++++++-------- 1 file changed, 99 insertions(+), 82 deletions(-) diff --git a/go/extractor/cli/go-autobuilder/go-autobuilder.go b/go/extractor/cli/go-autobuilder/go-autobuilder.go index 7e60085f610..6a095b2ae81 100644 --- a/go/extractor/cli/go-autobuilder/go-autobuilder.go +++ b/go/extractor/cli/go-autobuilder/go-autobuilder.go @@ -740,7 +740,7 @@ func outsideSupportedRange(version string) bool { // Assuming `v.goModVersionFound` is false, emit a diagnostic and return the version to install, // or the empty string if we should not attempt to install a version of Go. -func checkForGoModVersionNotFound(v versionInfo) (msg, version string) { +func getVersionWhenGoModVersionNotFound(v versionInfo) (msg, version string) { if !v.goEnvVersionFound { // We definitely need to install a version. We have no indication which version was // intended to be used to build this project. Go versions are generally backwards @@ -773,87 +773,96 @@ func checkForGoModVersionNotFound(v versionInfo) (msg, version string) { return msg, version } -// Assuming `v.goModVersionFound` is true, emit a diagnostic and return the version to install, -// or the empty string if we should not attempt to install a version of Go. -func checkForGoModVersionFound(v versionInfo) (msg, version string) { - if aboveSupportedRange(v.goModVersion) { - // The project is intended to be built with a version of Go that is above the supported - // range. We do not install a version of Go. +// Assuming `v.goModVersion` is above the supported range, emit a diagnostic and return the +// version to install, or the empty string if we should not attempt to install a version of Go. +func getVersionWhenGoModVersionTooHigh(v versionInfo) (msg, version string) { + // The project is intended to be built with a version of Go that is above the supported + // range. We do not install a version of Go. + msg = "The version of Go found in the `go.mod` file (" + v.goModVersion + + ") is above the supported range (" + minGoVersion + "-" + maxGoVersion + + "). Writing an environment file not specifying any version of Go." + version = "" + diagnostics.EmitUnsupportedVersionGoMod(msg) + + return msg, version +} + +// Assuming `v.goModVersion` is above the supported range, emit a diagnostic and return the +// version to install, or the empty string if we should not attempt to install a version of Go. +func getVersionWhenGoModVersionTooLow(v versionInfo) (msg, version string) { + if !v.goEnvVersionFound { + // There is no Go version installed. The version in the `go.mod` file is below the + // supported range. Go versions are generally backwards compatible, so we install the + // minimum supported version. msg = "The version of Go found in the `go.mod` file (" + v.goModVersion + - ") is above the supported range (" + minGoVersion + "-" + maxGoVersion + - "). Writing an environment file not specifying any version of Go." - version = "" - diagnostics.EmitUnsupportedVersionGoMod(msg) - } else if belowSupportedRange(v.goModVersion) { - if !v.goEnvVersionFound { - // There is no Go version installed. The version in the `go.mod` file is below the - // supported range. Go versions are generally backwards compatible, so we install the - // minimum supported version. - msg = "The version of Go found in the `go.mod` file (" + v.goModVersion + - ") is below the supported range (" + minGoVersion + "-" + maxGoVersion + - "). No version of Go installed. Writing an environment file specifying the " + - "minimum supported version of Go (" + minGoVersion + ")." - version = minGoVersion - diagnostics.EmitNoGoEnv(msg) - } else if outsideSupportedRange(v.goEnvVersion) { - // The version of Go that is installed is outside of the supported range. The version - // in the `go.mod` file is below the supported range. Go versions are generally - // backwards compatible, so we install the minimum supported version. - msg = "The version of Go found in the `go.mod` file (" + v.goModVersion + - ") is below the supported range (" + minGoVersion + "-" + maxGoVersion + - "). The version of Go installed in the environment (" + v.goEnvVersion + - ") is outside of the supported range (" + minGoVersion + "-" + maxGoVersion + "). " + - "Writing an environment file specifying the minimum supported version of Go (" + - minGoVersion + ")." - version = minGoVersion - diagnostics.EmitVersionGoModSupportedAndGoEnvUnsupported(msg) - } else { - // The version of Go that is installed is supported. The version in the `go.mod` file is - // below the supported range. We do not install a version of Go. - msg = "The version of Go installed in the environment (" + v.goEnvVersion + - ") is supported and is high enough for the version found in the `go.mod` file (" + - v.goModVersion + "). Writing an environment file not specifying any version of Go." - version = "" - diagnostics.EmitVersionGoModNotHigherVersionEnvironment(msg) - } + ") is below the supported range (" + minGoVersion + "-" + maxGoVersion + + "). No version of Go installed. Writing an environment file specifying the " + + "minimum supported version of Go (" + minGoVersion + ")." + version = minGoVersion + diagnostics.EmitNoGoEnv(msg) + } else if outsideSupportedRange(v.goEnvVersion) { + // The version of Go that is installed is outside of the supported range. The version + // in the `go.mod` file is below the supported range. Go versions are generally + // backwards compatible, so we install the minimum supported version. + msg = "The version of Go found in the `go.mod` file (" + v.goModVersion + + ") is below the supported range (" + minGoVersion + "-" + maxGoVersion + + "). The version of Go installed in the environment (" + v.goEnvVersion + + ") is outside of the supported range (" + minGoVersion + "-" + maxGoVersion + "). " + + "Writing an environment file specifying the minimum supported version of Go (" + + minGoVersion + ")." + version = minGoVersion + diagnostics.EmitVersionGoModSupportedAndGoEnvUnsupported(msg) } else { - // v.goModVersion is within the supported range. - if !v.goEnvVersionFound { - // There is no Go version installed. The version in the `go.mod` file is supported. - // We install the version from the `go.mod` file. - msg = "No version of Go installed. Writing an environment file specifying the version " + - "of Go found in the `go.mod` file (" + v.goModVersion + ")." - version = v.goModVersion - diagnostics.EmitNoGoEnv(msg) - } else if outsideSupportedRange(v.goEnvVersion) { - // The version of Go that is installed is outside of the supported range. The version in - // the `go.mod` file is supported. We install the version from the `go.mod` file. - msg = "The version of Go installed in the environment (" + v.goEnvVersion + - ") is outside of the supported range (" + minGoVersion + "-" + maxGoVersion + "). " + - "Writing an environment file specifying the version of Go from the `go.mod` file (" + - v.goModVersion + ")." - version = v.goModVersion - diagnostics.EmitVersionGoModSupportedAndGoEnvUnsupported(msg) - } else if semver.Compare("v"+v.goModVersion, "v"+v.goEnvVersion) > 0 { - // The version of Go that is installed is supported. The version in the `go.mod` file is - // supported and is higher than the version that is installed. We install the version from - // the `go.mod` file. - msg = "The version of Go installed in the environment (" + v.goEnvVersion + - ") is lower than the version found in the `go.mod` file (" + v.goModVersion + - "). Writing an environment file specifying the version of Go from the `go.mod` " + - "file (" + v.goModVersion + ")." - version = v.goModVersion - diagnostics.EmitVersionGoModHigherVersionEnvironment(msg) - } else { - // The version of Go that is installed is supported. The version in the `go.mod` file is - // supported and is lower than or equal to the version that is installed. We do not install - // a version of Go. - msg = "The version of Go installed in the environment (" + v.goEnvVersion + - ") is supported and is high enough for the version found in the `go.mod` file (" + - v.goModVersion + "). Writing an environment file not specifying any version of Go." - version = "" - diagnostics.EmitVersionGoModNotHigherVersionEnvironment(msg) - } + // The version of Go that is installed is supported. The version in the `go.mod` file is + // below the supported range. We do not install a version of Go. + msg = "The version of Go installed in the environment (" + v.goEnvVersion + + ") is supported and is high enough for the version found in the `go.mod` file (" + + v.goModVersion + "). Writing an environment file not specifying any version of Go." + version = "" + diagnostics.EmitVersionGoModNotHigherVersionEnvironment(msg) + } + + return msg, version +} + +// Assuming `v.goModVersion` is in the supported range, emit a diagnostic and return the version +// to install, or the empty string if we should not attempt to install a version of Go. +func getVersionWhenGoModVersionSupported(v versionInfo) (msg, version string) { + if !v.goEnvVersionFound { + // There is no Go version installed. The version in the `go.mod` file is supported. + // We install the version from the `go.mod` file. + msg = "No version of Go installed. Writing an environment file specifying the version " + + "of Go found in the `go.mod` file (" + v.goModVersion + ")." + version = v.goModVersion + diagnostics.EmitNoGoEnv(msg) + } else if outsideSupportedRange(v.goEnvVersion) { + // The version of Go that is installed is outside of the supported range. The version in + // the `go.mod` file is supported. We install the version from the `go.mod` file. + msg = "The version of Go installed in the environment (" + v.goEnvVersion + + ") is outside of the supported range (" + minGoVersion + "-" + maxGoVersion + "). " + + "Writing an environment file specifying the version of Go from the `go.mod` file (" + + v.goModVersion + ")." + version = v.goModVersion + diagnostics.EmitVersionGoModSupportedAndGoEnvUnsupported(msg) + } else if semver.Compare("v"+v.goModVersion, "v"+v.goEnvVersion) > 0 { + // The version of Go that is installed is supported. The version in the `go.mod` file is + // supported and is higher than the version that is installed. We install the version from + // the `go.mod` file. + msg = "The version of Go installed in the environment (" + v.goEnvVersion + + ") is lower than the version found in the `go.mod` file (" + v.goModVersion + + "). Writing an environment file specifying the version of Go from the `go.mod` " + + "file (" + v.goModVersion + ")." + version = v.goModVersion + diagnostics.EmitVersionGoModHigherVersionEnvironment(msg) + } else { + // The version of Go that is installed is supported. The version in the `go.mod` file is + // supported and is lower than or equal to the version that is installed. We do not install + // a version of Go. + msg = "The version of Go installed in the environment (" + v.goEnvVersion + + ") is supported and is high enough for the version found in the `go.mod` file (" + + v.goModVersion + "). Writing an environment file not specifying any version of Go." + version = "" + diagnostics.EmitVersionGoModNotHigherVersionEnvironment(msg) } return msg, version @@ -863,10 +872,18 @@ func checkForGoModVersionFound(v versionInfo) (msg, version string) { // version to install. If the version is the empty string then no installation is required. func getVersionToInstall(v versionInfo) (msg, version string) { if !v.goModVersionFound { - return checkForGoModVersionNotFound(v) + return getVersionWhenGoModVersionNotFound(v) } - return checkForGoModVersionFound(v) + if aboveSupportedRange(v.goModVersion) { + return getVersionWhenGoModVersionTooHigh(v) + } + + if belowSupportedRange(v.goModVersion) { + return getVersionWhenGoModVersionTooLow(v) + } + + return getVersionWhenGoModVersionSupported(v) } // Write an environment file to the current directory. If `version` is the empty string then From 375be68492ca32efca86538644d7da4c80434dc8 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 10 May 2023 11:12:22 +0100 Subject: [PATCH 231/870] Fix diagnostics --- .../cli/go-autobuilder/go-autobuilder.go | 16 +-- go/extractor/diagnostics/diagnostics.go | 97 +++++++++++++------ 2 files changed, 73 insertions(+), 40 deletions(-) diff --git a/go/extractor/cli/go-autobuilder/go-autobuilder.go b/go/extractor/cli/go-autobuilder/go-autobuilder.go index 6a095b2ae81..7be5bd2f153 100644 --- a/go/extractor/cli/go-autobuilder/go-autobuilder.go +++ b/go/extractor/cli/go-autobuilder/go-autobuilder.go @@ -782,7 +782,7 @@ func getVersionWhenGoModVersionTooHigh(v versionInfo) (msg, version string) { ") is above the supported range (" + minGoVersion + "-" + maxGoVersion + "). Writing an environment file not specifying any version of Go." version = "" - diagnostics.EmitUnsupportedVersionGoMod(msg) + diagnostics.EmitGoModVersionTooHigh(msg) return msg, version } @@ -799,7 +799,7 @@ func getVersionWhenGoModVersionTooLow(v versionInfo) (msg, version string) { "). No version of Go installed. Writing an environment file specifying the " + "minimum supported version of Go (" + minGoVersion + ")." version = minGoVersion - diagnostics.EmitNoGoEnv(msg) + diagnostics.EmitGoModVersionTooLowAndNoGoEnv(msg) } else if outsideSupportedRange(v.goEnvVersion) { // The version of Go that is installed is outside of the supported range. The version // in the `go.mod` file is below the supported range. Go versions are generally @@ -811,7 +811,7 @@ func getVersionWhenGoModVersionTooLow(v versionInfo) (msg, version string) { "Writing an environment file specifying the minimum supported version of Go (" + minGoVersion + ")." version = minGoVersion - diagnostics.EmitVersionGoModSupportedAndGoEnvUnsupported(msg) + diagnostics.EmitGoModVersionTooLowAndEnvVersionUnsupported(msg) } else { // The version of Go that is installed is supported. The version in the `go.mod` file is // below the supported range. We do not install a version of Go. @@ -819,7 +819,7 @@ func getVersionWhenGoModVersionTooLow(v versionInfo) (msg, version string) { ") is supported and is high enough for the version found in the `go.mod` file (" + v.goModVersion + "). Writing an environment file not specifying any version of Go." version = "" - diagnostics.EmitVersionGoModNotHigherVersionEnvironment(msg) + diagnostics.EmitGoModVersionTooLowAndEnvVersionSupported(msg) } return msg, version @@ -834,7 +834,7 @@ func getVersionWhenGoModVersionSupported(v versionInfo) (msg, version string) { msg = "No version of Go installed. Writing an environment file specifying the version " + "of Go found in the `go.mod` file (" + v.goModVersion + ")." version = v.goModVersion - diagnostics.EmitNoGoEnv(msg) + diagnostics.EmitGoModVersionSupportedAndNoGoEnv(msg) } else if outsideSupportedRange(v.goEnvVersion) { // The version of Go that is installed is outside of the supported range. The version in // the `go.mod` file is supported. We install the version from the `go.mod` file. @@ -843,7 +843,7 @@ func getVersionWhenGoModVersionSupported(v versionInfo) (msg, version string) { "Writing an environment file specifying the version of Go from the `go.mod` file (" + v.goModVersion + ")." version = v.goModVersion - diagnostics.EmitVersionGoModSupportedAndGoEnvUnsupported(msg) + diagnostics.EmitGoModVersionSupportedAndGoEnvUnsupported(msg) } else if semver.Compare("v"+v.goModVersion, "v"+v.goEnvVersion) > 0 { // The version of Go that is installed is supported. The version in the `go.mod` file is // supported and is higher than the version that is installed. We install the version from @@ -853,7 +853,7 @@ func getVersionWhenGoModVersionSupported(v versionInfo) (msg, version string) { "). Writing an environment file specifying the version of Go from the `go.mod` " + "file (" + v.goModVersion + ")." version = v.goModVersion - diagnostics.EmitVersionGoModHigherVersionEnvironment(msg) + diagnostics.EmitGoModVersionSupportedHigherGoEnv(msg) } else { // The version of Go that is installed is supported. The version in the `go.mod` file is // supported and is lower than or equal to the version that is installed. We do not install @@ -862,7 +862,7 @@ func getVersionWhenGoModVersionSupported(v versionInfo) (msg, version string) { ") is supported and is high enough for the version found in the `go.mod` file (" + v.goModVersion + "). Writing an environment file not specifying any version of Go." version = "" - diagnostics.EmitVersionGoModNotHigherVersionEnvironment(msg) + diagnostics.EmitGoModVersionSupportedLowerEqualGoEnv(msg) } return msg, version diff --git a/go/extractor/diagnostics/diagnostics.go b/go/extractor/diagnostics/diagnostics.go index 28a7f20a831..9cfd5fce771 100644 --- a/go/extractor/diagnostics/diagnostics.go +++ b/go/extractor/diagnostics/diagnostics.go @@ -194,20 +194,9 @@ func EmitRelativeImportPaths() { ) } -func EmitUnsupportedVersionGoMod(msg string) { - emitDiagnostic( - "go/autobuilder/env-unsupported-version-in-go-mod", - "Unsupported Go version in `go.mod` file", - msg, - severityNote, - telemetryOnly, - noLocation, - ) -} - func EmitNoGoModAndNoGoEnv(msg string) { emitDiagnostic( - "go/autobuilder/env-no-go-mod-and-no-go-env", + "go/autobuilder/env-no-go-mod-no-go-env", "No `go.mod` file found and no Go version in environment", msg, severityNote, @@ -216,17 +205,6 @@ func EmitNoGoModAndNoGoEnv(msg string) { ) } -func EmitNoGoEnv(msg string) { - emitDiagnostic( - "go/autobuilder/env-no-go-env", - "No Go version in environment", - msg, - severityNote, - telemetryOnly, - noLocation, - ) -} - func EmitNoGoModAndGoEnvUnsupported(msg string) { emitDiagnostic( "go/autobuilder/env-no-go-mod-go-env-unsupported", @@ -249,10 +227,10 @@ func EmitNoGoModAndGoEnvSupported(msg string) { ) } -func EmitVersionGoModHigherVersionEnvironment(msg string) { +func EmitGoModVersionTooHigh(msg string) { emitDiagnostic( - "go/autobuilder/env-version-go-mod-higher-than-go-env", - "The Go version in `go.mod` file is higher than the Go version in environment", + "go/autobuilder/env-go-mod-version-too-high", + "Go version in `go.mod` file above supported range", msg, severityNote, telemetryOnly, @@ -260,10 +238,10 @@ func EmitVersionGoModHigherVersionEnvironment(msg string) { ) } -func EmitVersionGoModSupportedAndGoEnvUnsupported(msg string) { +func EmitGoModVersionTooLowAndNoGoEnv(msg string) { emitDiagnostic( - "go/autobuilder/env-version-go-mod-higher-than-go-env", - "The Go version in `go.mod` file is higher than the Go version in environment", + "go/autobuilder/env-go-mod-version-too-low-no-go-env", + "Go version in `go.mod` file below supported range and no Go version in environment", msg, severityNote, telemetryOnly, @@ -271,10 +249,65 @@ func EmitVersionGoModSupportedAndGoEnvUnsupported(msg string) { ) } -func EmitVersionGoModNotHigherVersionEnvironment(msg string) { +func EmitGoModVersionTooLowAndEnvVersionUnsupported(msg string) { emitDiagnostic( - "go/autobuilder/env-version-go-mod-lower-than-or-equal-to-go-env", - "The Go version in `go.mod` file is lower than or equal to the Go version in environment", + "go/autobuilder/env-go-mod-version-too-low-go-env-unsupported", + "Go version in `go.mod` file below supported range and Go version in environment unsupported", + msg, + severityNote, + telemetryOnly, + noLocation, + ) +} + +func EmitGoModVersionTooLowAndEnvVersionSupported(msg string) { + emitDiagnostic( + "go/autobuilder/env-go-mod-version-too-low-go-env-supported", + "Go version in `go.mod` file below supported range and Go version in environment supported", + msg, + severityNote, + telemetryOnly, + noLocation, + ) +} + +func EmitGoModVersionSupportedAndNoGoEnv(msg string) { + emitDiagnostic( + "go/autobuilder/env-go-mod-version-supported-no-go-env", + "Go version in `go.mod` file in supported range and no Go version in environment", + msg, + severityNote, + telemetryOnly, + noLocation, + ) +} + +func EmitGoModVersionSupportedAndGoEnvUnsupported(msg string) { + emitDiagnostic( + "go/autobuilder/env-go-mod-version-supported-go-env-unsupported", + "Go version in `go.mod` file in supported range and Go version in environment unsupported", + msg, + severityNote, + telemetryOnly, + noLocation, + ) +} + +func EmitGoModVersionSupportedHigherGoEnv(msg string) { + emitDiagnostic( + "go/autobuilder/env-go-mod-version-supported-higher-than-go-env", + "The Go version in `go.mod` file is supported and higher than the Go version in environment", + msg, + severityNote, + telemetryOnly, + noLocation, + ) +} + +func EmitGoModVersionSupportedLowerEqualGoEnv(msg string) { + emitDiagnostic( + "go/autobuilder/env-go-mod-version-supported-lower-than-or-equal-to-go-env", + "The Go version in `go.mod` file is supported and lower than or equal to the Go version in environment", msg, severityNote, telemetryOnly, From e6baf66433dc4aace447785d15e35ed9e289377a Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 10 May 2023 10:28:51 +0100 Subject: [PATCH 232/870] Swift: Delete TODOs (moved to issues). --- .../swift/frameworks/StandardLibrary/CustomUrlSchemes.qll | 5 ----- 1 file changed, 5 deletions(-) diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/CustomUrlSchemes.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/CustomUrlSchemes.qll index 10460686b4a..dafcba01c37 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/CustomUrlSchemes.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/CustomUrlSchemes.qll @@ -19,10 +19,6 @@ private class CustomUrlRemoteFlowSource extends SourceModelCsv { ";UIApplicationDelegate;true;application(_:open:options:);;;Parameter[1];remote", ";UIApplicationDelegate;true;application(_:handleOpen:);;;Parameter[1];remote", ";UIApplicationDelegate;true;application(_:open:sourceApplication:annotation:);;;Parameter[1];remote", - // TODO 1: The actual source is the value of `UIApplication.LaunchOptionsKey.url` in the launchOptions dictionary. - // Use dictionary value contents when available. - // ";UIApplicationDelegate;true;application(_:didFinishLaunchingWithOptions:);;;Parameter[1].MapValue;remote", - // ";UIApplicationDelegate;true;application(_:willFinishLaunchingWithOptions:);;;Parameter[1].MapValue;remote" ";UISceneDelegate;true;scene(_:continue:);;;Parameter[1];remote", ";UISceneDelegate;true;scene(_:didUpdate:);;;Parameter[1];remote", ";UISceneDelegate;true;scene(_:openURLContexts:);;;Parameter[1];remote", @@ -36,7 +32,6 @@ private class CustomUrlRemoteFlowSource extends SourceModelCsv { * `UIApplicationDelegate.application(_:didFinishLaunchingWithOptions:)` or * `UIApplicationDelegate.application(_:willFinishLaunchingWithOptions:)`. */ -// This is a temporary workaround until the TODO 1 above is addressed. private class UrlLaunchOptionsRemoteFlowSource extends RemoteFlowSource { UrlLaunchOptionsRemoteFlowSource() { exists(ApplicationWithLaunchOptionsFunc f, SubscriptExpr e | From beb3759de42e514138a7e81b0fc96688237906f5 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 10 May 2023 11:28:36 +0100 Subject: [PATCH 233/870] Swift: Add beta note to these docs. --- .../codeql-language-guides/analyzing-data-flow-in-swift.rst | 2 ++ .../codeql-language-guides/basic-query-for-swift-code.rst | 1 + docs/codeql/codeql-language-guides/codeql-for-swift.rst | 2 ++ docs/codeql/query-help/index.rst | 1 + docs/codeql/reusables/swift-beta-note.rst | 4 ++++ 5 files changed, 10 insertions(+) create mode 100644 docs/codeql/reusables/swift-beta-note.rst diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst index feefa669732..19c98edda52 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst @@ -5,6 +5,8 @@ Analyzing data flow in Swift You can use CodeQL to track the flow of data through a Swift program to places where the data is used. +.. include:: ../reusables/swift-beta-note.rst + About this article ------------------ diff --git a/docs/codeql/codeql-language-guides/basic-query-for-swift-code.rst b/docs/codeql/codeql-language-guides/basic-query-for-swift-code.rst index 9e146513a20..fdaa1ec6290 100644 --- a/docs/codeql/codeql-language-guides/basic-query-for-swift-code.rst +++ b/docs/codeql/codeql-language-guides/basic-query-for-swift-code.rst @@ -5,6 +5,7 @@ Basic query for Swift code Learn to write and run a simple CodeQL query using Visual Studio Code with the CodeQL extension. +.. include:: ../reusables/swift-beta-note.rst .. include:: ../reusables/vs-code-basic-instructions/setup-to-run-queries.rst About the query diff --git a/docs/codeql/codeql-language-guides/codeql-for-swift.rst b/docs/codeql/codeql-language-guides/codeql-for-swift.rst index 5d05739829f..132ab004d6f 100644 --- a/docs/codeql/codeql-language-guides/codeql-for-swift.rst +++ b/docs/codeql/codeql-language-guides/codeql-for-swift.rst @@ -5,6 +5,8 @@ CodeQL for Swift Experiment and learn how to write effective and efficient queries for CodeQL databases generated from Swift codebases. +.. include:: ../reusables/swift-beta-note.rst + .. toctree:: :hidden: diff --git a/docs/codeql/query-help/index.rst b/docs/codeql/query-help/index.rst index 6dad02ce2b1..99381e389d1 100644 --- a/docs/codeql/query-help/index.rst +++ b/docs/codeql/query-help/index.rst @@ -12,6 +12,7 @@ View the query help for the queries included in the ``code-scanning``, ``securit - :doc:`CodeQL query help for Ruby ` .. include:: ../reusables/kotlin-beta-note.rst +.. include:: ../reusables/swift-beta-note.rst .. pull-quote:: Information diff --git a/docs/codeql/reusables/swift-beta-note.rst b/docs/codeql/reusables/swift-beta-note.rst new file mode 100644 index 00000000000..27336683340 --- /dev/null +++ b/docs/codeql/reusables/swift-beta-note.rst @@ -0,0 +1,4 @@ + .. pull-quote:: Note + + CodeQL analysis for Swift is currently in beta. During the beta, analysis of Swift code, + and the accompanying documentation, will not be as comprehensive as for other languages. \ No newline at end of file From 5b45962dff4ce72c04276172cf35a3a9fa1b5935 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Tue, 9 May 2023 13:16:32 +0200 Subject: [PATCH 234/870] C++: Make implicit this receiver explicit --- .../member_function_this_type.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/lib/upgrades/282c13bfdbcbd57a887972b47a471342a4ad5507/member_function_this_type.ql b/cpp/ql/lib/upgrades/282c13bfdbcbd57a887972b47a471342a4ad5507/member_function_this_type.ql index 2e99f1ed5f0..4b10d3627c1 100644 --- a/cpp/ql/lib/upgrades/282c13bfdbcbd57a887972b47a471342a4ad5507/member_function_this_type.ql +++ b/cpp/ql/lib/upgrades/282c13bfdbcbd57a887972b47a471342a4ad5507/member_function_this_type.ql @@ -24,7 +24,7 @@ class ClassPointerType extends @derivedtype { Class getBaseType() { derivedtypes(this, _, _, result) } - string toString() { result = getBaseType().toString() + "*" } + string toString() { result = this.getBaseType().toString() + "*" } } class DefinedMemberFunction extends @function { From f6a8cd27ca9581fe5242db459067524427d22c90 Mon Sep 17 00:00:00 2001 From: tyage Date: Wed, 10 May 2023 19:36:49 +0900 Subject: [PATCH 235/870] Update javascript/ql/lib/semmle/javascript/NPM.qll Co-authored-by: Erik Krogh Kristensen --- javascript/ql/lib/semmle/javascript/NPM.qll | 7 ------- 1 file changed, 7 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/NPM.qll b/javascript/ql/lib/semmle/javascript/NPM.qll index f15330fc5ee..319df501a88 100644 --- a/javascript/ql/lib/semmle/javascript/NPM.qll +++ b/javascript/ql/lib/semmle/javascript/NPM.qll @@ -23,13 +23,6 @@ class PackageJson extends JsonObject { currentDir = this.getJsonFile().getParentContainer() and parentDir = parentPkg.getJsonFile().getParentContainer() and parentPkgName = parentPkg.getPropStringValue("name") and - ( - parentDir.getParentContainer().getBaseName() = "node_modules" - or - // Scoped package is located in node_modules/@scope/pkgname - parentDir.getParentContainer().getParentContainer().getBaseName() = "node_modules" and - exists(parentPkgName.indexOf("/")) - ) and parentDir.getAChildContainer+() = currentDir and result = parentPkgName + currentDir.getAbsolutePath().suffix(parentDir.getAbsolutePath().length()) From 6b8a7c2f6ff11e76ba5fc6d70455a6106c539882 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Tue, 9 May 2023 13:28:34 +0200 Subject: [PATCH 236/870] Ruby: Make implicit this receivers explicit --- .../lib/codeql/ruby/frameworks/core/Gem.qll | 22 +++++++++++-------- .../queries/meta/internal/TaintMetrics.qll | 2 +- .../library-tests/dataflow/api-graphs/use.ql | 6 ++--- 3 files changed, 17 insertions(+), 13 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/Gem.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/Gem.qll index 06b88e10233..4095beb10af 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/core/Gem.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/core/Gem.qll @@ -57,36 +57,40 @@ module Gem { } /** Gets the name of the gem */ - string getName() { result = getSpecProperty("name").getConstantValue().getString() } + string getName() { result = this.getSpecProperty("name").getConstantValue().getString() } /** Gets a path that is loaded when the gem is required */ private string getARequirePath() { - result = getSpecProperty(["require_paths", "require_path"]).getConstantValue().getString() + result = + this.getSpecProperty(["require_paths", "require_path"]).getConstantValue().getString() or - not exists(getSpecProperty(["require_paths", "require_path"]).getConstantValue().getString()) and + not exists( + this.getSpecProperty(["require_paths", "require_path"]).getConstantValue().getString() + ) and result = "lib" // the default is "lib" } /** Gets a file that could be loaded when the gem is required. */ private File getAPossiblyRequiredFile() { - result = File.super.getParentContainer().getFolder(getARequirePath()).getAChildContainer*() + result = + File.super.getParentContainer().getFolder(this.getARequirePath()).getAChildContainer*() } /** Gets a class/module that is exported by this gem. */ private ModuleBase getAPublicModule() { - result.(Toplevel).getLocation().getFile() = getAPossiblyRequiredFile() + result.(Toplevel).getLocation().getFile() = this.getAPossiblyRequiredFile() or - result = getAPublicModule().getAModule() + result = this.getAPublicModule().getAModule() or - result = getAPublicModule().getAClass() + result = this.getAPublicModule().getAClass() or - result = getAPublicModule().getStmt(_).(SingletonClass) + result = this.getAPublicModule().getStmt(_).(SingletonClass) } /** Gets a parameter from an exported method, which is an input to this gem. */ DataFlow::ParameterNode getAnInputParameter() { exists(MethodBase method | - method = getAPublicModule().getAMethod() and + method = this.getAPublicModule().getAMethod() and result.getParameter() = method.getAParameter() | method.isPublic() diff --git a/ruby/ql/src/queries/meta/internal/TaintMetrics.qll b/ruby/ql/src/queries/meta/internal/TaintMetrics.qll index b3a716c6686..1f8b0eab974 100644 --- a/ruby/ql/src/queries/meta/internal/TaintMetrics.qll +++ b/ruby/ql/src/queries/meta/internal/TaintMetrics.qll @@ -11,7 +11,7 @@ private import codeql.ruby.security.UrlRedirectCustomizations private import codeql.ruby.security.SqlInjectionCustomizations class RelevantFile extends File { - RelevantFile() { not getRelativePath().regexpMatch(".*/test(case)?s?/.*") } + RelevantFile() { not this.getRelativePath().regexpMatch(".*/test(case)?s?/.*") } } RemoteFlowSource relevantTaintSource(string kind) { diff --git a/ruby/ql/test/library-tests/dataflow/api-graphs/use.ql b/ruby/ql/test/library-tests/dataflow/api-graphs/use.ql index 9eb450c01ea..cbb9d85314e 100644 --- a/ruby/ql/test/library-tests/dataflow/api-graphs/use.ql +++ b/ruby/ql/test/library-tests/dataflow/api-graphs/use.ql @@ -38,11 +38,11 @@ class ApiUseTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "use" and // def tags are always optional - exists(DataFlow::Node n | relevantNode(_, n, location, tag) | + exists(DataFlow::Node n | this.relevantNode(_, n, location, tag) | // Only report the longest path on this line: value = max(API::Node a2, Location l2, DataFlow::Node n2 | - relevantNode(a2, n2, l2, tag) and + this.relevantNode(a2, n2, l2, tag) and l2.getFile() = location.getFile() and l2.getEndLine() = location.getEndLine() | @@ -57,7 +57,7 @@ class ApiUseTest extends InlineExpectationsTest { // We also permit optional annotations for any other path on the line. // This is used to test subclass paths, which typically have a shorter canonical path. override predicate hasOptionalResult(Location location, string element, string tag, string value) { - exists(API::Node a, DataFlow::Node n | relevantNode(a, n, location, tag) | + exists(API::Node a, DataFlow::Node n | this.relevantNode(a, n, location, tag) | element = n.toString() and value = getAPath(a, _) ) From e6ca3fe272538fdb473bdf95ce8b4aa2e6fcf3d6 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Thu, 4 May 2023 11:34:05 +0200 Subject: [PATCH 237/870] Ruby: Enable implicit this warnings --- ruby/ql/lib/qlpack.yml | 1 + ruby/ql/src/qlpack.yml | 1 + ruby/ql/test/qlpack.yml | 1 + 3 files changed, 3 insertions(+) diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index edf1825da4e..f25ce14aa24 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -12,3 +12,4 @@ dependencies: codeql/util: ${workspace} dataExtensions: - codeql/ruby/frameworks/**/model.yml +warnOnImplicitThis: true diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 25058339fcd..b85dc0f5e4f 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -9,3 +9,4 @@ dependencies: codeql/ruby-all: ${workspace} codeql/suite-helpers: ${workspace} codeql/util: ${workspace} +warnOnImplicitThis: true diff --git a/ruby/ql/test/qlpack.yml b/ruby/ql/test/qlpack.yml index e9803a58d9b..ec4db541d46 100644 --- a/ruby/ql/test/qlpack.yml +++ b/ruby/ql/test/qlpack.yml @@ -6,3 +6,4 @@ dependencies: codeql/ruby-all: ${workspace} extractor: ruby tests: . +warnOnImplicitThis: true From fcf3cb7ea4128e71e3464f36ded5807fa65985be Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 10 May 2023 12:24:03 +0100 Subject: [PATCH 238/870] Update "go/autobuilder/package-not-found" message --- go/extractor/diagnostics/diagnostics.go | 2 +- .../package-not-found-with-go-mod/diagnostics.expected | 2 +- .../package-not-found-without-go-mod/diagnostics.expected | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go/extractor/diagnostics/diagnostics.go b/go/extractor/diagnostics/diagnostics.go index 84b49809a19..d51621a0673 100644 --- a/go/extractor/diagnostics/diagnostics.go +++ b/go/extractor/diagnostics/diagnostics.go @@ -154,7 +154,7 @@ func EmitCannotFindPackages(pkgPaths []string) { emitDiagnostic( "go/autobuilder/package-not-found", "Some packages could not be found", - fmt.Sprintf("%d package%s could not be found.\n\n%s.\n\nCheck that the paths are correct and make sure any private packages can be accessed. If any of the packages are present in the repository then you may need a [custom build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).", numPkgPaths, ending, secondLine), + fmt.Sprintf("%d package%s could not be found:\n\n%s.\n\nFunctions in those packages may not be recognized, and files that use them may only be partially analyzed.\n\nCheck that the paths are correct and make sure any private packages can be accessed. If any of the packages are present in the repository then you may need a [custom build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).", numPkgPaths, ending, secondLine), severityWarning, fullVisibility, noLocation, diff --git a/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-with-go-mod/diagnostics.expected b/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-with-go-mod/diagnostics.expected index f69ba7ae135..4c8fc6f2fb7 100644 --- a/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-with-go-mod/diagnostics.expected +++ b/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-with-go-mod/diagnostics.expected @@ -1,5 +1,5 @@ { - "markdownMessage": "110 packages could not be found.\n\n`github.com/nosuchorg/nosuchrepo000`, `github.com/nosuchorg/nosuchrepo001`, `github.com/nosuchorg/nosuchrepo002`, `github.com/nosuchorg/nosuchrepo003`, `github.com/nosuchorg/nosuchrepo004` and 105 more.\n\nCheck that the paths are correct and make sure any private packages can be accessed. If any of the packages are present in the repository then you may need a [custom build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).", + "markdownMessage": "110 packages could not be found:\n\n`github.com/nosuchorg/nosuchrepo000`, `github.com/nosuchorg/nosuchrepo001`, `github.com/nosuchorg/nosuchrepo002`, `github.com/nosuchorg/nosuchrepo003`, `github.com/nosuchorg/nosuchrepo004` and 105 more.\n\nFunctions in those packages may not be recognized, and files that use them may only be partially analyzed.\n\nCheck that the paths are correct and make sure any private packages can be accessed. If any of the packages are present in the repository then you may need a [custom build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).", "severity": "warning", "source": { "extractorName": "go", diff --git a/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-without-go-mod/diagnostics.expected b/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-without-go-mod/diagnostics.expected index 356aa7f1e21..19d75b846b9 100644 --- a/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-without-go-mod/diagnostics.expected +++ b/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-without-go-mod/diagnostics.expected @@ -1,5 +1,5 @@ { - "markdownMessage": "1 package could not be found.\n\n`github.com/linode/linode-docs-theme`.\n\nCheck that the paths are correct and make sure any private packages can be accessed. If any of the packages are present in the repository then you may need a [custom build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).", + "markdownMessage": "1 package could not be found:\n\n`github.com/linode/linode-docs-theme`.\n\nFunctions in those packages may not be recognized, and files that use them may only be partially analyzed.\n\nCheck that the paths are correct and make sure any private packages can be accessed. If any of the packages are present in the repository then you may need a [custom build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).", "severity": "warning", "source": { "extractorName": "go", From cd388264d349d29ba1bac1212dd313c5507d0dfb Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 10 May 2023 13:44:50 +0200 Subject: [PATCH 239/870] use new DollarAtString class to return metadata using notation --- ...AutomodelFrameworkModeExtractCandidates.ql | 9 ++++++-- ...delFrameworkModeExtractNegativeExamples.ql | 9 ++++++-- ...delFrameworkModeExtractPositiveExamples.ql | 9 ++++++-- java/ql/src/Telemetry/AutomodelSharedUtil.qll | 22 +++++++++++++++++++ 4 files changed, 43 insertions(+), 6 deletions(-) create mode 100644 java/ql/src/Telemetry/AutomodelSharedUtil.qll diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql index 09ff1297626..fb0a947379d 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql @@ -13,6 +13,7 @@ */ private import AutomodelFrameworkModeCharacteristics +private import AutomodelSharedUtil from Endpoint endpoint, string message, MetadataExtractor meta, string package, string type, @@ -41,5 +42,9 @@ select endpoint, message + "\nrelated locations: $@, $@." + "\nmetadata: $@, $@, $@, $@, $@, $@.", // CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, MethodDoc()), "MethodDoc", // CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, ClassDoc()), "ClassDoc", // - package, "package", type, "type", subtypes.toString(), "subtypes", name, "name", signature, - "signature", input.toString(), "input" // + package.(DollarAtString), "package", // + type.(DollarAtString), "type", // + subtypes.toString().(DollarAtString), "subtypes", // + name.(DollarAtString), "name", // + signature.(DollarAtString), "signature", // + input.toString().(DollarAtString), "input" // diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractNegativeExamples.ql b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractNegativeExamples.ql index cff38a4fe40..368a373ffe8 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractNegativeExamples.ql +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractNegativeExamples.ql @@ -10,6 +10,7 @@ private import AutomodelFrameworkModeCharacteristics private import AutomodelEndpointTypes +private import AutomodelSharedUtil from Endpoint endpoint, EndpointCharacteristic characteristic, float confidence, string message, @@ -38,5 +39,9 @@ select endpoint, message + "\nrelated locations: $@, $@." + "\nmetadata: $@, $@, $@, $@, $@, $@.", // CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, MethodDoc()), "MethodDoc", // CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, ClassDoc()), "ClassDoc", // - package, "package", type, "type", subtypes.toString(), "subtypes", name, "name", signature, - "signature", input.toString(), "input" // + package.(DollarAtString), "package", // + type.(DollarAtString), "type", // + subtypes.toString().(DollarAtString), "subtypes", // + name.(DollarAtString), "name", // + signature.(DollarAtString), "signature", // + input.toString().(DollarAtString), "input" // diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractPositiveExamples.ql b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractPositiveExamples.ql index e1a15a96e7d..df4d94ce235 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractPositiveExamples.ql +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractPositiveExamples.ql @@ -10,6 +10,7 @@ private import AutomodelFrameworkModeCharacteristics private import AutomodelEndpointTypes +private import AutomodelSharedUtil from Endpoint endpoint, SinkType sinkType, MetadataExtractor meta, string package, string type, @@ -25,5 +26,9 @@ select endpoint, sinkType + "\nrelated locations: $@, $@." + "\nmetadata: $@, $@, $@, $@, $@, $@.", // CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, MethodDoc()), "MethodDoc", // CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, ClassDoc()), "ClassDoc", // - package, "package", type, "type", subtypes.toString(), "subtypes", name, "name", signature, - "signature", input.toString(), "input" // + package.(DollarAtString), "package", // + type.(DollarAtString), "type", // + subtypes.toString().(DollarAtString), "subtypes", // + name.(DollarAtString), "name", // + signature.(DollarAtString), "signature", // + input.toString().(DollarAtString), "input" // diff --git a/java/ql/src/Telemetry/AutomodelSharedUtil.qll b/java/ql/src/Telemetry/AutomodelSharedUtil.qll new file mode 100644 index 00000000000..f1631dd27f8 --- /dev/null +++ b/java/ql/src/Telemetry/AutomodelSharedUtil.qll @@ -0,0 +1,22 @@ +/** + * Helper class to represent a string value that can be returned by a query using $@ notation. + * + * It extends `string`, but adds a mock `getURL` method that returns the string itself as a data URL. + * + * Use this, when you want to return a string value from a query using $@ notation — the string value + * will be included in the sarif file. + * + * Note that the string should be URL-encoded, or the resulting URL will be invalid (this may be OK in your use case). + * + * Background information: + * - data URLs: https://developer.mozilla.org/en-US/docs/web/http/basics_of_http/data_urls + * - `getURL`: + * https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/#providing-urls + */ +class DollarAtString extends string { + bindingset[this] + DollarAtString() { any() } + + bindingset[this] + string getURL() { result = "data:text/plain," + this } +} From 29f542b015bd3cb8c56d98a2c825283f902fd6dd Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 10 May 2023 12:55:18 +0100 Subject: [PATCH 240/870] Swift: Add a link to the swift-beta-note.rst from supported-frameworks.rst. --- docs/codeql/reusables/supported-frameworks.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/codeql/reusables/supported-frameworks.rst b/docs/codeql/reusables/supported-frameworks.rst index 6981bb35ed5..520969d51c8 100644 --- a/docs/codeql/reusables/supported-frameworks.rst +++ b/docs/codeql/reusables/supported-frameworks.rst @@ -282,6 +282,8 @@ and the CodeQL library pack ``codeql/ruby-all`` (`changelog `__, `source `__) and the CodeQL library pack ``codeql/swift-all`` (`changelog `__, `source `__). From 79f2beca2a96b5b797c085c8af18f29d0ec79663 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 10 May 2023 14:04:29 +0200 Subject: [PATCH 241/870] ql-for-ql --- java/ql/src/Telemetry/AutomodelSharedUtil.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/src/Telemetry/AutomodelSharedUtil.qll b/java/ql/src/Telemetry/AutomodelSharedUtil.qll index f1631dd27f8..022233c8b8a 100644 --- a/java/ql/src/Telemetry/AutomodelSharedUtil.qll +++ b/java/ql/src/Telemetry/AutomodelSharedUtil.qll @@ -1,5 +1,5 @@ /** - * Helper class to represent a string value that can be returned by a query using $@ notation. + * A helper class to represent a string value that can be returned by a query using $@ notation. * * It extends `string`, but adds a mock `getURL` method that returns the string itself as a data URL. * From 425ebba2783a80ec57f6a13da5517e4161406807 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 10 May 2023 14:04:41 +0200 Subject: [PATCH 242/870] Address review comments --- .../ruby/regexp/internal/RegExpTracking.qll | 128 +++++++++--------- 1 file changed, 63 insertions(+), 65 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/regexp/internal/RegExpTracking.qll b/ruby/ql/lib/codeql/ruby/regexp/internal/RegExpTracking.qll index 9df923e2d86..d4f8f17db34 100644 --- a/ruby/ql/lib/codeql/ruby/regexp/internal/RegExpTracking.qll +++ b/ruby/ql/lib/codeql/ruby/regexp/internal/RegExpTracking.qll @@ -55,23 +55,33 @@ DataFlow::Node stringSink() { /** Gets a node where regular expressions that flow to the node are used. */ DataFlow::Node regSink() { result = any(RegexExecution exec).getRegex() } -private signature module ReachInputSig { - DataFlow::LocalSourceNode start(TypeTracker t); +private signature module TypeTrackInputSig { + DataFlow::LocalSourceNode start(TypeTracker t, DataFlow::Node start); - DataFlow::Node end(); + predicate end(DataFlow::Node n); - predicate additionalStep(DataFlow::LocalSourceNode nodeFrom, DataFlow::LocalSourceNode nodeTo); + predicate additionalStep(DataFlow::Node nodeFrom, DataFlow::LocalSourceNode nodeTo); } -private module Reach { +/** + * Provides a version of type tracking where we first prune for reachable nodes, + * before doing the type tracking computation. + */ +private module TypeTrack { + private predicate additionalStep( + DataFlow::LocalSourceNode nodeFrom, DataFlow::LocalSourceNode nodeTo + ) { + Input::additionalStep(nodeFrom.getALocalUse(), nodeTo) + } + /** Gets a node that is forwards reachable by type-tracking. */ pragma[nomagic] private DataFlow::LocalSourceNode forward(TypeTracker t) { - result = Input::start(t) + result = Input::start(t, _) or exists(TypeTracker t2 | result = forward(t2).track(t2, t)) or - exists(TypeTracker t2 | t2 = t.continue() | Input::additionalStep(forward(t2), result)) + exists(TypeTracker t2 | t2 = t.continue() | additionalStep(forward(t2), result)) } bindingset[result, tbt] @@ -90,11 +100,11 @@ private module Reach { result = forwardLateInline(t) and ( t.start() and - result.flowsTo(Input::end()) + Input::end(result.getALocalUse()) or exists(TypeBackTracker t2 | result = backwards(t2).backtrack(t2, t)) or - exists(TypeBackTracker t2 | t2 = t.continue() | Input::additionalStep(result, backwards(t2))) + exists(TypeBackTracker t2 | t2 = t.continue() | additionalStep(result, backwards(t2))) ) } @@ -110,13 +120,13 @@ private module Reach { /** Holds if `n` is forwards and backwards reachable with type tracker `t`. */ pragma[nomagic] - predicate reached(DataFlow::LocalSourceNode n, TypeTracker t) { + private predicate reached(DataFlow::LocalSourceNode n, TypeTracker t) { n = forward(t) and n = backwardsInlineLate(t) } pragma[nomagic] - TypeTracker stepReached( + private TypeTracker stepReached( TypeTracker t, DataFlow::LocalSourceNode nodeFrom, DataFlow::LocalSourceNode nodeTo ) { exists(StepSummary summary | @@ -126,11 +136,20 @@ private module Reach { result = t.append(summary) ) or - Input::additionalStep(nodeFrom, nodeTo) and + additionalStep(nodeFrom, nodeTo) and reached(nodeFrom, pragma[only_bind_into](t)) and reached(nodeTo, pragma[only_bind_into](t)) and result = t.continue() } + + /** Gets a node that has been tracked from the start node `start`. */ + DataFlow::LocalSourceNode track(DataFlow::Node start, TypeTracker t) { + t.start() and + result = Input::start(t, start) and + reached(result, t) + or + exists(TypeTracker t2 | t = stepReached(t2, track(start, t2), result)) + } } /** Holds if `inputStr` is compiled to a regular expression that is returned at `call`. */ @@ -143,47 +162,40 @@ private predicate regFromString(DataFlow::LocalSourceNode inputStr, DataFlow::Ca ) } -private module StringReachInput implements ReachInputSig { - DataFlow::LocalSourceNode start(TypeTracker t) { result = strStart() and t.start() } - - DataFlow::Node end() { - result = stringSink() or - regFromString(result, _) +private module StringTypeTrackInput implements TypeTrackInputSig { + DataFlow::LocalSourceNode start(TypeTracker t, DataFlow::Node start) { + start = strStart() and t.start() and result = start } - predicate additionalStep(DataFlow::LocalSourceNode nodeFrom, DataFlow::LocalSourceNode nodeTo) { - exists(DataFlow::Node mid | nodeFrom.flowsTo(mid) | - // include taint flow through `String` summaries - TaintTrackingPrivate::summaryThroughStepTaint(mid, nodeTo, any(String::SummarizedCallable c)) - or - // string concatenations, and - exists(CfgNodes::ExprNodes::OperationCfgNode op | - op = nodeTo.asExpr() and - op.getAnOperand() = mid.asExpr() and - op.getExpr().(Ast::BinaryOperation).getOperator() = "+" - ) - or - // string interpolations - mid.asExpr() = nodeTo.asExpr().(CfgNodes::ExprNodes::StringlikeLiteralCfgNode).getAComponent() + predicate end(DataFlow::Node n) { + n = stringSink() or + regFromString(n, _) + } + + predicate additionalStep(DataFlow::Node nodeFrom, DataFlow::LocalSourceNode nodeTo) { + // include taint flow through `String` summaries + TaintTrackingPrivate::summaryThroughStepTaint(nodeFrom, nodeTo, + any(String::SummarizedCallable c)) + or + // string concatenations, and + exists(CfgNodes::ExprNodes::OperationCfgNode op | + op = nodeTo.asExpr() and + op.getAnOperand() = nodeFrom.asExpr() and + op.getExpr().(Ast::BinaryOperation).getOperator() = "+" ) + or + // string interpolations + nodeFrom.asExpr() = + nodeTo.asExpr().(CfgNodes::ExprNodes::StringlikeLiteralCfgNode).getAComponent() } } -private module StringReach = Reach; - /** * Gets a node that has been tracked from the string constant `start` to some node. * This is used to figure out where `start` is evaluated as a regular expression against an input string, * or where `start` is compiled into a regular expression. */ -private DataFlow::LocalSourceNode trackStrings(DataFlow::Node start, TypeTracker t) { - t.start() and - start = result and - result = strStart() and - StringReach::reached(result, t) - or - exists(TypeTracker t2 | t = StringReach::stepReached(t2, trackStrings(start, t2), result)) -} +private predicate trackStrings = TypeTrack::track/2; /** Holds if `strConst` flows to a regex compilation (tracked by `t`), where the resulting regular expression is stored in `reg`. */ pragma[nomagic] @@ -192,39 +204,25 @@ private predicate regFromStringStart(DataFlow::Node strConst, TypeTracker t, Dat exists(t.continue()) } -private module RegReachInput implements ReachInputSig { - DataFlow::LocalSourceNode start(TypeTracker t) { - result = regStart() and - t.start() +private module RegTypeTrackInput implements TypeTrackInputSig { + DataFlow::LocalSourceNode start(TypeTracker t, DataFlow::Node start) { + start = regStart() and + t.start() and + result = start or - regFromStringStart(_, t, result) + regFromStringStart(start, t, result) } - DataFlow::Node end() { result = regSink() } + predicate end(DataFlow::Node n) { n = regSink() } - predicate additionalStep(DataFlow::LocalSourceNode nodeFrom, DataFlow::LocalSourceNode nodeTo) { - none() - } + predicate additionalStep(DataFlow::Node nodeFrom, DataFlow::LocalSourceNode nodeTo) { none() } } -private module RegReach = Reach; - /** * Gets a node that has been tracked from the regular expression `start` to some node. * This is used to figure out where `start` is executed against an input string. */ -private DataFlow::LocalSourceNode trackRegs(DataFlow::Node start, TypeTracker t) { - RegReach::reached(result, t) and - ( - t.start() and - start = result and - result = regStart() - or - regFromStringStart(start, t, result) - ) - or - exists(TypeTracker t2 | t = RegReach::stepReached(t2, trackRegs(start, t2), result)) -} +private predicate trackRegs = TypeTrack::track/2; /** Gets a node that references a regular expression. */ private DataFlow::LocalSourceNode trackRegexpType(TypeTracker t) { From 40df3c02801691c698f765f18111603501e00f1e Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Wed, 10 May 2023 13:08:07 +0100 Subject: [PATCH 243/870] Minor docs updates for Swift public beta --- docs/codeql/query-help/codeql-cwe-coverage.rst | 2 ++ docs/codeql/query-help/index.rst | 5 ++++- docs/codeql/query-help/swift-cwe.md | 8 ++++++++ docs/codeql/query-help/swift.rst | 10 ++++++++++ .../writing-codeql-queries/creating-path-queries.rst | 2 +- 5 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 docs/codeql/query-help/swift-cwe.md create mode 100644 docs/codeql/query-help/swift.rst diff --git a/docs/codeql/query-help/codeql-cwe-coverage.rst b/docs/codeql/query-help/codeql-cwe-coverage.rst index 680f41b1056..54219ea8f3b 100644 --- a/docs/codeql/query-help/codeql-cwe-coverage.rst +++ b/docs/codeql/query-help/codeql-cwe-coverage.rst @@ -4,6 +4,7 @@ CodeQL CWE coverage You can view the full coverage of MITRE's Common Weakness Enumeration (CWE) or coverage by language for the latest release of CodeQL. .. include:: ../reusables/kotlin-beta-note.rst +.. include:: ../reusables/swift-beta-note.rst About CWEs ########## @@ -36,4 +37,5 @@ Note that the CWE coverage includes both "`supported queries ` - :doc:`CodeQL query help for Go ` - :doc:`CodeQL query help for Java and Kotlin ` -- :doc:`CodeQL query help for JavaScript ` +- :doc:`CodeQL query help for JavaScript and TypeScript ` - :doc:`CodeQL query help for Python ` - :doc:`CodeQL query help for Ruby ` +- :doc:`CodeQL query help for Swift ` .. include:: ../reusables/kotlin-beta-note.rst +.. include:: ../reusables/swift-beta-note.rst .. pull-quote:: Information @@ -36,4 +38,5 @@ For a full list of the CWEs covered by these queries, see ":doc:`CodeQL CWE cove javascript python ruby + swift codeql-cwe-coverage diff --git a/docs/codeql/query-help/swift-cwe.md b/docs/codeql/query-help/swift-cwe.md new file mode 100644 index 00000000000..2dde42f0583 --- /dev/null +++ b/docs/codeql/query-help/swift-cwe.md @@ -0,0 +1,8 @@ +# CWE coverage for Swift + +An overview of CWE coverage for Swift in the latest release of CodeQL. + +## Overview + + + diff --git a/docs/codeql/query-help/swift.rst b/docs/codeql/query-help/swift.rst new file mode 100644 index 00000000000..8f14dcde284 --- /dev/null +++ b/docs/codeql/query-help/swift.rst @@ -0,0 +1,10 @@ +CodeQL query help for Swift +=========================== + +.. include:: ../reusables/query-help-overview.rst + +These queries are published in the CodeQL query pack ``codeql/swift-queries`` (`changelog `__, `source `__). + +For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository `__. + +.. include:: toc-swift.rst diff --git a/docs/codeql/writing-codeql-queries/creating-path-queries.rst b/docs/codeql/writing-codeql-queries/creating-path-queries.rst index e2325ee696c..bf0521b8555 100644 --- a/docs/codeql/writing-codeql-queries/creating-path-queries.rst +++ b/docs/codeql/writing-codeql-queries/creating-path-queries.rst @@ -30,7 +30,7 @@ For more language-specific information on analyzing data flow, see: - ":ref:`Analyzing data flow in JavaScript/TypeScript `" - ":ref:`Analyzing data flow in Python `" - ":ref:`Analyzing data flow in Ruby `" - +- ":ref:`Analyzing data flow in Swift `" Path query examples ******************* From e0c331d064d9334e26de60f94d3f71fd24260373 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Wed, 10 May 2023 14:10:45 +0200 Subject: [PATCH 244/870] Swift: Make implicit this receivers explicit --- .../lib/codeql/swift/elements/AvailabilityInfo.qll | 4 ++-- .../lib/codeql/swift/elements/KeyPathComponent.qll | 14 +++++++------- swift/ql/lib/codeql/swift/elements/Locatable.qll | 2 +- .../elements/PlatformVersionAvailabilitySpec.qll | 2 +- .../codeql/swift/elements/decl/ExtensionDecl.qll | 4 ++-- .../codeql/swift/elements/expr/IdentityExpr.qll | 2 +- .../swift/elements/expr/UnresolvedDeclRefExpr.qll | 4 ++-- .../swift/elements/expr/UnresolvedDotExpr.qll | 2 +- .../swift/elements/pattern/BindingPattern.qll | 2 +- .../codeql/swift/elements/pattern/ParenPattern.qll | 2 +- .../ql/lib/codeql/swift/elements/type/TypeRepr.qll | 2 +- 11 files changed, 20 insertions(+), 20 deletions(-) diff --git a/swift/ql/lib/codeql/swift/elements/AvailabilityInfo.qll b/swift/ql/lib/codeql/swift/elements/AvailabilityInfo.qll index bfd76deabe0..43f99f9e24e 100644 --- a/swift/ql/lib/codeql/swift/elements/AvailabilityInfo.qll +++ b/swift/ql/lib/codeql/swift/elements/AvailabilityInfo.qll @@ -2,8 +2,8 @@ private import codeql.swift.generated.AvailabilityInfo class AvailabilityInfo extends Generated::AvailabilityInfo { override string toString() { - result = "#available" and not isUnavailable() + result = "#available" and not this.isUnavailable() or - result = "#unavailable" and isUnavailable() + result = "#unavailable" and this.isUnavailable() } } diff --git a/swift/ql/lib/codeql/swift/elements/KeyPathComponent.qll b/swift/ql/lib/codeql/swift/elements/KeyPathComponent.qll index f2580c08426..7d9bf782937 100644 --- a/swift/ql/lib/codeql/swift/elements/KeyPathComponent.qll +++ b/swift/ql/lib/codeql/swift/elements/KeyPathComponent.qll @@ -5,37 +5,37 @@ class KeyPathComponent extends Generated::KeyPathComponent { /** * Property access like `.bar` in `\Foo.bar`. */ - predicate isProperty() { getKind() = 3 } + predicate isProperty() { this.getKind() = 3 } /** * Array or dictionary subscript like `[1]` or `["a", "b"]`. */ - predicate isSubscript() { getKind() = 4 } + predicate isSubscript() { this.getKind() = 4 } /** * Optional forcing `!`. */ - predicate isOptionalForcing() { getKind() = 5 } + predicate isOptionalForcing() { this.getKind() = 5 } /** * Optional chaining `?`. */ - predicate isOptionalChaining() { getKind() = 6 } + predicate isOptionalChaining() { this.getKind() = 6 } /** * Implicit optional wrapping component inserted by the compiler when an optional chain ends in a non-optional value. */ - predicate isOptionalWrapping() { getKind() = 7 } + predicate isOptionalWrapping() { this.getKind() = 7 } /** * Reference to the entire object; the `self` in `\Foo.self`. */ - predicate isSelf() { getKind() = 8 } + predicate isSelf() { this.getKind() = 8 } /** * Tuple indexing like `.1`. */ - predicate isTupleIndexing() { getKind() = 9 } + predicate isTupleIndexing() { this.getKind() = 9 } /** Gets the underlying key-path expression which this is a component of. */ KeyPathExpr getKeyPathExpr() { result.getAComponent() = this } diff --git a/swift/ql/lib/codeql/swift/elements/Locatable.qll b/swift/ql/lib/codeql/swift/elements/Locatable.qll index 29648f70dfb..80afa75c1de 100644 --- a/swift/ql/lib/codeql/swift/elements/Locatable.qll +++ b/swift/ql/lib/codeql/swift/elements/Locatable.qll @@ -14,5 +14,5 @@ class Locatable extends Generated::Locatable { /** * Gets the primary file where this element occurs. */ - File getFile() { result = getLocation().getFile() } + File getFile() { result = this.getLocation().getFile() } } diff --git a/swift/ql/lib/codeql/swift/elements/PlatformVersionAvailabilitySpec.qll b/swift/ql/lib/codeql/swift/elements/PlatformVersionAvailabilitySpec.qll index 51bf875e74a..52041eec9f0 100644 --- a/swift/ql/lib/codeql/swift/elements/PlatformVersionAvailabilitySpec.qll +++ b/swift/ql/lib/codeql/swift/elements/PlatformVersionAvailabilitySpec.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.PlatformVersionAvailabilitySpec class PlatformVersionAvailabilitySpec extends Generated::PlatformVersionAvailabilitySpec { - override string toString() { result = getPlatform() + " " + getVersion() } + override string toString() { result = this.getPlatform() + " " + this.getVersion() } } diff --git a/swift/ql/lib/codeql/swift/elements/decl/ExtensionDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/ExtensionDecl.qll index 47dcfe04ac1..5e59669adcb 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/ExtensionDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/ExtensionDecl.qll @@ -2,9 +2,9 @@ private import codeql.swift.generated.decl.ExtensionDecl class ExtensionDecl extends Generated::ExtensionDecl { override string toString() { - result = "extension of " + getExtendedTypeDecl().toString() + result = "extension of " + this.getExtendedTypeDecl().toString() or - not exists(getExtendedTypeDecl()) and + not exists(this.getExtendedTypeDecl()) and result = "extension" } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/IdentityExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/IdentityExpr.qll index e8d431731ff..ecfe0dd3e1a 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/IdentityExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/IdentityExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.IdentityExpr class IdentityExpr extends Generated::IdentityExpr { - override predicate convertsFrom(Expr e) { e = getImmediateSubExpr() } + override predicate convertsFrom(Expr e) { e = this.getImmediateSubExpr() } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/UnresolvedDeclRefExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/UnresolvedDeclRefExpr.qll index c82a4f92248..879ca417e7b 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/UnresolvedDeclRefExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/UnresolvedDeclRefExpr.qll @@ -2,8 +2,8 @@ private import codeql.swift.generated.expr.UnresolvedDeclRefExpr class UnresolvedDeclRefExpr extends Generated::UnresolvedDeclRefExpr { override string toString() { - result = getName() + " (unresolved)" + result = this.getName() + " (unresolved)" or - not hasName() and result = "(unresolved)" + not this.hasName() and result = "(unresolved)" } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/UnresolvedDotExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/UnresolvedDotExpr.qll index 7c0fefc3ba9..82dcc0b4eec 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/UnresolvedDotExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/UnresolvedDotExpr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.expr.UnresolvedDotExpr class UnresolvedDotExpr extends Generated::UnresolvedDotExpr { - override string toString() { result = "... ." + getName() } + override string toString() { result = "... ." + this.getName() } } diff --git a/swift/ql/lib/codeql/swift/elements/pattern/BindingPattern.qll b/swift/ql/lib/codeql/swift/elements/pattern/BindingPattern.qll index e6c15b51cd8..9f0cd057c3d 100644 --- a/swift/ql/lib/codeql/swift/elements/pattern/BindingPattern.qll +++ b/swift/ql/lib/codeql/swift/elements/pattern/BindingPattern.qll @@ -1,7 +1,7 @@ private import codeql.swift.generated.pattern.BindingPattern class BindingPattern extends Generated::BindingPattern { - final override Pattern getResolveStep() { result = getImmediateSubPattern() } + final override Pattern getResolveStep() { result = this.getImmediateSubPattern() } override string toString() { result = "let ..." } } diff --git a/swift/ql/lib/codeql/swift/elements/pattern/ParenPattern.qll b/swift/ql/lib/codeql/swift/elements/pattern/ParenPattern.qll index f936edf0d3d..40ffc318df1 100644 --- a/swift/ql/lib/codeql/swift/elements/pattern/ParenPattern.qll +++ b/swift/ql/lib/codeql/swift/elements/pattern/ParenPattern.qll @@ -1,7 +1,7 @@ private import codeql.swift.generated.pattern.ParenPattern class ParenPattern extends Generated::ParenPattern { - final override Pattern getResolveStep() { result = getImmediateSubPattern() } + final override Pattern getResolveStep() { result = this.getImmediateSubPattern() } override string toString() { result = "(...)" } } diff --git a/swift/ql/lib/codeql/swift/elements/type/TypeRepr.qll b/swift/ql/lib/codeql/swift/elements/type/TypeRepr.qll index cbfc1395189..ad870d4a868 100644 --- a/swift/ql/lib/codeql/swift/elements/type/TypeRepr.qll +++ b/swift/ql/lib/codeql/swift/elements/type/TypeRepr.qll @@ -1,5 +1,5 @@ private import codeql.swift.generated.type.TypeRepr class TypeRepr extends Generated::TypeRepr { - override string toString() { result = getType().toString() } + override string toString() { result = this.getType().toString() } } From 50d3cffe612aca6f91b78c124d23743157545bd4 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 10 May 2023 13:28:11 +0100 Subject: [PATCH 245/870] Accept review comments --- go/extractor/diagnostics/diagnostics.go | 2 +- .../package-not-found-with-go-mod/diagnostics.expected | 2 +- .../package-not-found-without-go-mod/diagnostics.expected | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go/extractor/diagnostics/diagnostics.go b/go/extractor/diagnostics/diagnostics.go index d51621a0673..6f8280250e6 100644 --- a/go/extractor/diagnostics/diagnostics.go +++ b/go/extractor/diagnostics/diagnostics.go @@ -154,7 +154,7 @@ func EmitCannotFindPackages(pkgPaths []string) { emitDiagnostic( "go/autobuilder/package-not-found", "Some packages could not be found", - fmt.Sprintf("%d package%s could not be found:\n\n%s.\n\nFunctions in those packages may not be recognized, and files that use them may only be partially analyzed.\n\nCheck that the paths are correct and make sure any private packages can be accessed. If any of the packages are present in the repository then you may need a [custom build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).", numPkgPaths, ending, secondLine), + fmt.Sprintf("%d package%s could not be found:\n\n%s.\n\nDefinitions in those packages may not be recognized by CodeQL, and files that use them may only be partially analyzed.\n\nCheck that the paths are correct and make sure any private packages can be accessed. If any of the packages are present in the repository then you may need a [custom build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).", numPkgPaths, ending, secondLine), severityWarning, fullVisibility, noLocation, diff --git a/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-with-go-mod/diagnostics.expected b/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-with-go-mod/diagnostics.expected index 4c8fc6f2fb7..dff5dc5bb92 100644 --- a/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-with-go-mod/diagnostics.expected +++ b/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-with-go-mod/diagnostics.expected @@ -1,5 +1,5 @@ { - "markdownMessage": "110 packages could not be found:\n\n`github.com/nosuchorg/nosuchrepo000`, `github.com/nosuchorg/nosuchrepo001`, `github.com/nosuchorg/nosuchrepo002`, `github.com/nosuchorg/nosuchrepo003`, `github.com/nosuchorg/nosuchrepo004` and 105 more.\n\nFunctions in those packages may not be recognized, and files that use them may only be partially analyzed.\n\nCheck that the paths are correct and make sure any private packages can be accessed. If any of the packages are present in the repository then you may need a [custom build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).", + "markdownMessage": "110 packages could not be found:\n\n`github.com/nosuchorg/nosuchrepo000`, `github.com/nosuchorg/nosuchrepo001`, `github.com/nosuchorg/nosuchrepo002`, `github.com/nosuchorg/nosuchrepo003`, `github.com/nosuchorg/nosuchrepo004` and 105 more.\n\nDefinitions in those packages may not be recognized by CodeQL, and files that use them may only be partially analyzed.\n\nCheck that the paths are correct and make sure any private packages can be accessed. If any of the packages are present in the repository then you may need a [custom build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).", "severity": "warning", "source": { "extractorName": "go", diff --git a/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-without-go-mod/diagnostics.expected b/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-without-go-mod/diagnostics.expected index 19d75b846b9..4f3f4e64343 100644 --- a/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-without-go-mod/diagnostics.expected +++ b/go/ql/integration-tests/all-platforms/go/diagnostics/package-not-found-without-go-mod/diagnostics.expected @@ -1,5 +1,5 @@ { - "markdownMessage": "1 package could not be found:\n\n`github.com/linode/linode-docs-theme`.\n\nFunctions in those packages may not be recognized, and files that use them may only be partially analyzed.\n\nCheck that the paths are correct and make sure any private packages can be accessed. If any of the packages are present in the repository then you may need a [custom build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).", + "markdownMessage": "1 package could not be found:\n\n`github.com/linode/linode-docs-theme`.\n\nDefinitions in those packages may not be recognized by CodeQL, and files that use them may only be partially analyzed.\n\nCheck that the paths are correct and make sure any private packages can be accessed. If any of the packages are present in the repository then you may need a [custom build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).", "severity": "warning", "source": { "extractorName": "go", From c507754324388540b0c9efeaf49ead296c57cfaf Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 9 May 2023 16:14:51 +0200 Subject: [PATCH 246/870] Swift: surface error about no viable swift targets found --- .../autobuilder/no-swift/diagnostics.expected | 18 + .../hello-objective.xcodeproj/project.pbxproj | 278 +++++++++ .../contents.xcworkspacedata | 7 + .../xcshareddata/IDEWorkspaceChecks.plist | 8 + .../no-swift/hello-objective/main.m | 16 + .../osx-only/autobuilder/no-swift/test.py | 5 + .../only-tests/diagnostics.expected | 18 + .../hello-tests.xcodeproj/project.pbxproj | 430 +++++++++++++ .../contents.xcworkspacedata | 7 + .../osx-only/autobuilder/only-tests/test.py | 5 + swift/xcode-autobuilder/XcodeTarget.h | 3 + .../tests/autobuild_tester.py | 9 +- .../tests/hello-tests/commands.expected | 1 + .../hello-tests.xcodeproj/project.pbxproj | 573 ++++++++++++++++++ .../contents.xcworkspacedata | 7 + swift/xcode-autobuilder/xcode-autobuilder.cpp | 34 +- 16 files changed, 1405 insertions(+), 14 deletions(-) create mode 100644 swift/integration-tests/osx-only/autobuilder/no-swift/diagnostics.expected create mode 100644 swift/integration-tests/osx-only/autobuilder/no-swift/hello-objective.xcodeproj/project.pbxproj create mode 100644 swift/integration-tests/osx-only/autobuilder/no-swift/hello-objective.xcodeproj/project.xcworkspace/contents.xcworkspacedata create mode 100644 swift/integration-tests/osx-only/autobuilder/no-swift/hello-objective.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist create mode 100644 swift/integration-tests/osx-only/autobuilder/no-swift/hello-objective/main.m create mode 100644 swift/integration-tests/osx-only/autobuilder/no-swift/test.py create mode 100644 swift/integration-tests/osx-only/autobuilder/only-tests/diagnostics.expected create mode 100644 swift/integration-tests/osx-only/autobuilder/only-tests/hello-tests.xcodeproj/project.pbxproj create mode 100644 swift/integration-tests/osx-only/autobuilder/only-tests/hello-tests.xcodeproj/project.xcworkspace/contents.xcworkspacedata create mode 100644 swift/integration-tests/osx-only/autobuilder/only-tests/test.py create mode 100644 swift/xcode-autobuilder/tests/hello-tests/commands.expected create mode 100644 swift/xcode-autobuilder/tests/hello-tests/hello-tests.xcodeproj/project.pbxproj create mode 100644 swift/xcode-autobuilder/tests/hello-tests/hello-tests.xcodeproj/project.xcworkspace/contents.xcworkspacedata diff --git a/swift/integration-tests/osx-only/autobuilder/no-swift/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/no-swift/diagnostics.expected new file mode 100644 index 00000000000..ea112182376 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/no-swift/diagnostics.expected @@ -0,0 +1,18 @@ +{ + "helpLinks": [ + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning", + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language" + ], + "plaintextMessage": "All targets found within Xcode projects or workspaces either have no Swift sources or are tests.\n\nSet up a manual build command.", + "severity": "error", + "source": { + "extractorName": "swift", + "id": "swift/autobuilder/no-swift-target", + "name": "No Swift compilation target found" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": true, + "telemetry": true + } +} diff --git a/swift/integration-tests/osx-only/autobuilder/no-swift/hello-objective.xcodeproj/project.pbxproj b/swift/integration-tests/osx-only/autobuilder/no-swift/hello-objective.xcodeproj/project.pbxproj new file mode 100644 index 00000000000..a2415ce362a --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/no-swift/hello-objective.xcodeproj/project.pbxproj @@ -0,0 +1,278 @@ +// !$*UTF8*$! +{ + archiveVersion = 1; + classes = { + }; + objectVersion = 56; + objects = { + +/* Begin PBXBuildFile section */ + 57B14B1A2A0A512A002820C5 /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = 57B14B192A0A512A002820C5 /* main.m */; }; +/* End PBXBuildFile section */ + +/* Begin PBXCopyFilesBuildPhase section */ + 57B14B142A0A512A002820C5 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = /usr/share/man/man1/; + dstSubfolderSpec = 0; + files = ( + ); + runOnlyForDeploymentPostprocessing = 1; + }; +/* End PBXCopyFilesBuildPhase section */ + +/* Begin PBXFileReference section */ + 57B14B162A0A512A002820C5 /* hello-objective */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = "hello-objective"; sourceTree = BUILT_PRODUCTS_DIR; }; + 57B14B192A0A512A002820C5 /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = ""; }; +/* End PBXFileReference section */ + +/* Begin PBXFrameworksBuildPhase section */ + 57B14B132A0A512A002820C5 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXFrameworksBuildPhase section */ + +/* Begin PBXGroup section */ + 57B14B0D2A0A512A002820C5 = { + isa = PBXGroup; + children = ( + 57B14B182A0A512A002820C5 /* hello-objective */, + 57B14B172A0A512A002820C5 /* Products */, + ); + sourceTree = ""; + }; + 57B14B172A0A512A002820C5 /* Products */ = { + isa = PBXGroup; + children = ( + 57B14B162A0A512A002820C5 /* hello-objective */, + ); + name = Products; + sourceTree = ""; + }; + 57B14B182A0A512A002820C5 /* hello-objective */ = { + isa = PBXGroup; + children = ( + 57B14B192A0A512A002820C5 /* main.m */, + ); + path = "hello-objective"; + sourceTree = ""; + }; +/* End PBXGroup section */ + +/* Begin PBXNativeTarget section */ + 57B14B152A0A512A002820C5 /* hello-objective */ = { + isa = PBXNativeTarget; + buildConfigurationList = 57B14B1D2A0A512A002820C5 /* Build configuration list for PBXNativeTarget "hello-objective" */; + buildPhases = ( + 57B14B122A0A512A002820C5 /* Sources */, + 57B14B132A0A512A002820C5 /* Frameworks */, + 57B14B142A0A512A002820C5 /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = "hello-objective"; + productName = "hello-objective"; + productReference = 57B14B162A0A512A002820C5 /* hello-objective */; + productType = "com.apple.product-type.tool"; + }; +/* End PBXNativeTarget section */ + +/* Begin PBXProject section */ + 57B14B0E2A0A512A002820C5 /* Project object */ = { + isa = PBXProject; + attributes = { + BuildIndependentTargetsInParallel = 1; + LastUpgradeCheck = 1430; + TargetAttributes = { + 57B14B152A0A512A002820C5 = { + CreatedOnToolsVersion = 14.3; + }; + }; + }; + buildConfigurationList = 57B14B112A0A512A002820C5 /* Build configuration list for PBXProject "hello-objective" */; + compatibilityVersion = "Xcode 14.0"; + developmentRegion = en; + hasScannedForEncodings = 0; + knownRegions = ( + en, + Base, + ); + mainGroup = 57B14B0D2A0A512A002820C5; + productRefGroup = 57B14B172A0A512A002820C5 /* Products */; + projectDirPath = ""; + projectRoot = ""; + targets = ( + 57B14B152A0A512A002820C5 /* hello-objective */, + ); + }; +/* End PBXProject section */ + +/* Begin PBXSourcesBuildPhase section */ + 57B14B122A0A512A002820C5 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 57B14B1A2A0A512A002820C5 /* main.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXSourcesBuildPhase section */ + +/* Begin XCBuildConfiguration section */ + 57B14B1B2A0A512A002820C5 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_ENABLE_OBJC_WEAK = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + ENABLE_TESTABILITY = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + MACOSX_DEPLOYMENT_TARGET = 13.2; + MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; + MTL_FAST_MATH = YES; + ONLY_ACTIVE_ARCH = YES; + SDKROOT = macosx; + }; + name = Debug; + }; + 57B14B1C2A0A512A002820C5 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_ENABLE_OBJC_WEAK = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + MACOSX_DEPLOYMENT_TARGET = 13.2; + MTL_ENABLE_DEBUG_INFO = NO; + MTL_FAST_MATH = YES; + SDKROOT = macosx; + }; + name = Release; + }; + 57B14B1E2A0A512A002820C5 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CODE_SIGN_STYLE = Automatic; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; + }; + 57B14B1F2A0A512A002820C5 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CODE_SIGN_STYLE = Automatic; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; + }; +/* End XCBuildConfiguration section */ + +/* Begin XCConfigurationList section */ + 57B14B112A0A512A002820C5 /* Build configuration list for PBXProject "hello-objective" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 57B14B1B2A0A512A002820C5 /* Debug */, + 57B14B1C2A0A512A002820C5 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 57B14B1D2A0A512A002820C5 /* Build configuration list for PBXNativeTarget "hello-objective" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 57B14B1E2A0A512A002820C5 /* Debug */, + 57B14B1F2A0A512A002820C5 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; +/* End XCConfigurationList section */ + }; + rootObject = 57B14B0E2A0A512A002820C5 /* Project object */; +} diff --git a/swift/integration-tests/osx-only/autobuilder/no-swift/hello-objective.xcodeproj/project.xcworkspace/contents.xcworkspacedata b/swift/integration-tests/osx-only/autobuilder/no-swift/hello-objective.xcodeproj/project.xcworkspace/contents.xcworkspacedata new file mode 100644 index 00000000000..919434a6254 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/no-swift/hello-objective.xcodeproj/project.xcworkspace/contents.xcworkspacedata @@ -0,0 +1,7 @@ + + + + + diff --git a/swift/integration-tests/osx-only/autobuilder/no-swift/hello-objective.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist b/swift/integration-tests/osx-only/autobuilder/no-swift/hello-objective.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist new file mode 100644 index 00000000000..18d981003d6 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/no-swift/hello-objective.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist @@ -0,0 +1,8 @@ + + + + + IDEDidComputeMac32BitWarning + + + diff --git a/swift/integration-tests/osx-only/autobuilder/no-swift/hello-objective/main.m b/swift/integration-tests/osx-only/autobuilder/no-swift/hello-objective/main.m new file mode 100644 index 00000000000..d35d96bd052 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/no-swift/hello-objective/main.m @@ -0,0 +1,16 @@ +// +// main.m +// hello-objective +// +// Created by ec2-user on 5/9/23. +// + +#import + +int main(int argc, const char * argv[]) { + @autoreleasepool { + // insert code here... + NSLog(@"Hello, World!"); + } + return 0; +} diff --git a/swift/integration-tests/osx-only/autobuilder/no-swift/test.py b/swift/integration-tests/osx-only/autobuilder/no-swift/test.py new file mode 100644 index 00000000000..37aaa3ce344 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/no-swift/test.py @@ -0,0 +1,5 @@ +from create_database_utils import * +from diagnostics_test_utils import * + +run_codeql_database_create([], lang='swift', keep_trap=True, db=None, runFunction=runUnsuccessfully) +check_diagnostics() diff --git a/swift/integration-tests/osx-only/autobuilder/only-tests/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/only-tests/diagnostics.expected new file mode 100644 index 00000000000..ea112182376 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/only-tests/diagnostics.expected @@ -0,0 +1,18 @@ +{ + "helpLinks": [ + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning", + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language" + ], + "plaintextMessage": "All targets found within Xcode projects or workspaces either have no Swift sources or are tests.\n\nSet up a manual build command.", + "severity": "error", + "source": { + "extractorName": "swift", + "id": "swift/autobuilder/no-swift-target", + "name": "No Swift compilation target found" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": true, + "telemetry": true + } +} diff --git a/swift/integration-tests/osx-only/autobuilder/only-tests/hello-tests.xcodeproj/project.pbxproj b/swift/integration-tests/osx-only/autobuilder/only-tests/hello-tests.xcodeproj/project.pbxproj new file mode 100644 index 00000000000..a4ca3761791 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/only-tests/hello-tests.xcodeproj/project.pbxproj @@ -0,0 +1,430 @@ +// !$*UTF8*$! +{ + archiveVersion = 1; + classes = { + }; + objectVersion = 56; + objects = { + +/* Begin PBXBuildFile section */ + 57B14B762A0A881B002820C5 /* hello_testsTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 57B14B752A0A881B002820C5 /* hello_testsTests.swift */; }; + 57B14B802A0A881B002820C5 /* hello_testsUITests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 57B14B7F2A0A881B002820C5 /* hello_testsUITests.swift */; }; + 57B14B822A0A881B002820C5 /* hello_testsUITestsLaunchTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 57B14B812A0A881B002820C5 /* hello_testsUITestsLaunchTests.swift */; }; +/* End PBXBuildFile section */ + +/* Begin PBXFileReference section */ + 57B14B632A0A8819002820C5 /* hello_testsApp.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = hello_testsApp.swift; sourceTree = ""; }; + 57B14B652A0A8819002820C5 /* ContentView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ContentView.swift; sourceTree = ""; }; + 57B14B672A0A881B002820C5 /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; + 57B14B6A2A0A881B002820C5 /* Preview Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = "Preview Assets.xcassets"; sourceTree = ""; }; + 57B14B6C2A0A881B002820C5 /* hello_tests.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = hello_tests.entitlements; sourceTree = ""; }; + 57B14B712A0A881B002820C5 /* hello-testsTests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = "hello-testsTests.xctest"; sourceTree = BUILT_PRODUCTS_DIR; }; + 57B14B752A0A881B002820C5 /* hello_testsTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = hello_testsTests.swift; sourceTree = ""; }; + 57B14B7B2A0A881B002820C5 /* hello-testsUITests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = "hello-testsUITests.xctest"; sourceTree = BUILT_PRODUCTS_DIR; }; + 57B14B7F2A0A881B002820C5 /* hello_testsUITests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = hello_testsUITests.swift; sourceTree = ""; }; + 57B14B812A0A881B002820C5 /* hello_testsUITestsLaunchTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = hello_testsUITestsLaunchTests.swift; sourceTree = ""; }; +/* End PBXFileReference section */ + +/* Begin PBXFrameworksBuildPhase section */ + 57B14B6E2A0A881B002820C5 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 57B14B782A0A881B002820C5 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXFrameworksBuildPhase section */ + +/* Begin PBXGroup section */ + 57B14B572A0A8819002820C5 = { + isa = PBXGroup; + children = ( + 57B14B622A0A8819002820C5 /* hello-tests */, + 57B14B742A0A881B002820C5 /* hello-testsTests */, + 57B14B7E2A0A881B002820C5 /* hello-testsUITests */, + 57B14B612A0A8819002820C5 /* Products */, + ); + sourceTree = ""; + }; + 57B14B612A0A8819002820C5 /* Products */ = { + isa = PBXGroup; + children = ( + 57B14B712A0A881B002820C5 /* hello-testsTests.xctest */, + 57B14B7B2A0A881B002820C5 /* hello-testsUITests.xctest */, + ); + name = Products; + sourceTree = ""; + }; + 57B14B622A0A8819002820C5 /* hello-tests */ = { + isa = PBXGroup; + children = ( + 57B14B632A0A8819002820C5 /* hello_testsApp.swift */, + 57B14B652A0A8819002820C5 /* ContentView.swift */, + 57B14B672A0A881B002820C5 /* Assets.xcassets */, + 57B14B6C2A0A881B002820C5 /* hello_tests.entitlements */, + 57B14B692A0A881B002820C5 /* Preview Content */, + ); + path = "hello-tests"; + sourceTree = ""; + }; + 57B14B692A0A881B002820C5 /* Preview Content */ = { + isa = PBXGroup; + children = ( + 57B14B6A2A0A881B002820C5 /* Preview Assets.xcassets */, + ); + path = "Preview Content"; + sourceTree = ""; + }; + 57B14B742A0A881B002820C5 /* hello-testsTests */ = { + isa = PBXGroup; + children = ( + 57B14B752A0A881B002820C5 /* hello_testsTests.swift */, + ); + path = "hello-testsTests"; + sourceTree = ""; + }; + 57B14B7E2A0A881B002820C5 /* hello-testsUITests */ = { + isa = PBXGroup; + children = ( + 57B14B7F2A0A881B002820C5 /* hello_testsUITests.swift */, + 57B14B812A0A881B002820C5 /* hello_testsUITestsLaunchTests.swift */, + ); + path = "hello-testsUITests"; + sourceTree = ""; + }; +/* End PBXGroup section */ + +/* Begin PBXNativeTarget section */ + 57B14B702A0A881B002820C5 /* hello-testsTests */ = { + isa = PBXNativeTarget; + buildConfigurationList = 57B14B882A0A881B002820C5 /* Build configuration list for PBXNativeTarget "hello-testsTests" */; + buildPhases = ( + 57B14B6D2A0A881B002820C5 /* Sources */, + 57B14B6E2A0A881B002820C5 /* Frameworks */, + 57B14B6F2A0A881B002820C5 /* Resources */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = "hello-testsTests"; + productName = "hello-testsTests"; + productReference = 57B14B712A0A881B002820C5 /* hello-testsTests.xctest */; + productType = "com.apple.product-type.bundle.unit-test"; + }; + 57B14B7A2A0A881B002820C5 /* hello-testsUITests */ = { + isa = PBXNativeTarget; + buildConfigurationList = 57B14B8B2A0A881B002820C5 /* Build configuration list for PBXNativeTarget "hello-testsUITests" */; + buildPhases = ( + 57B14B772A0A881B002820C5 /* Sources */, + 57B14B782A0A881B002820C5 /* Frameworks */, + 57B14B792A0A881B002820C5 /* Resources */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = "hello-testsUITests"; + productName = "hello-testsUITests"; + productReference = 57B14B7B2A0A881B002820C5 /* hello-testsUITests.xctest */; + productType = "com.apple.product-type.bundle.ui-testing"; + }; +/* End PBXNativeTarget section */ + +/* Begin PBXProject section */ + 57B14B582A0A8819002820C5 /* Project object */ = { + isa = PBXProject; + attributes = { + BuildIndependentTargetsInParallel = 1; + LastSwiftUpdateCheck = 1430; + LastUpgradeCheck = 1430; + TargetAttributes = { + 57B14B702A0A881B002820C5 = { + CreatedOnToolsVersion = 14.3; + TestTargetID = 57B14B5F2A0A8819002820C5; + }; + 57B14B7A2A0A881B002820C5 = { + CreatedOnToolsVersion = 14.3; + TestTargetID = 57B14B5F2A0A8819002820C5; + }; + }; + }; + buildConfigurationList = 57B14B5B2A0A8819002820C5 /* Build configuration list for PBXProject "hello-tests" */; + compatibilityVersion = "Xcode 14.0"; + developmentRegion = en; + hasScannedForEncodings = 0; + knownRegions = ( + en, + Base, + ); + mainGroup = 57B14B572A0A8819002820C5; + productRefGroup = 57B14B612A0A8819002820C5 /* Products */; + projectDirPath = ""; + projectRoot = ""; + targets = ( + 57B14B702A0A881B002820C5 /* hello-testsTests */, + 57B14B7A2A0A881B002820C5 /* hello-testsUITests */, + ); + }; +/* End PBXProject section */ + +/* Begin PBXResourcesBuildPhase section */ + 57B14B6F2A0A881B002820C5 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 57B14B792A0A881B002820C5 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXResourcesBuildPhase section */ + +/* Begin PBXSourcesBuildPhase section */ + 57B14B6D2A0A881B002820C5 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 57B14B762A0A881B002820C5 /* hello_testsTests.swift in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 57B14B772A0A881B002820C5 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 57B14B802A0A881B002820C5 /* hello_testsUITests.swift in Sources */, + 57B14B822A0A881B002820C5 /* hello_testsUITestsLaunchTests.swift in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXSourcesBuildPhase section */ + +/* Begin XCBuildConfiguration section */ + 57B14B832A0A881B002820C5 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_ENABLE_OBJC_WEAK = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + ENABLE_TESTABILITY = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + MACOSX_DEPLOYMENT_TARGET = 13.2; + MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; + MTL_FAST_MATH = YES; + ONLY_ACTIVE_ARCH = YES; + SDKROOT = macosx; + SWIFT_ACTIVE_COMPILATION_CONDITIONS = DEBUG; + SWIFT_OPTIMIZATION_LEVEL = "-Onone"; + }; + name = Debug; + }; + 57B14B842A0A881B002820C5 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_ENABLE_OBJC_WEAK = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + MACOSX_DEPLOYMENT_TARGET = 13.2; + MTL_ENABLE_DEBUG_INFO = NO; + MTL_FAST_MATH = YES; + SDKROOT = macosx; + SWIFT_COMPILATION_MODE = wholemodule; + SWIFT_OPTIMIZATION_LEVEL = "-O"; + }; + name = Release; + }; + 57B14B892A0A881B002820C5 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; + BUNDLE_LOADER = "$(TEST_HOST)"; + CODE_SIGN_STYLE = Automatic; + CURRENT_PROJECT_VERSION = 1; + GENERATE_INFOPLIST_FILE = YES; + MACOSX_DEPLOYMENT_TARGET = 13.2; + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = "com.example.hello-testsTests"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_EMIT_LOC_STRINGS = NO; + SWIFT_VERSION = 5.0; + TEST_HOST = "$(BUILT_PRODUCTS_DIR)/hello-tests.app/$(BUNDLE_EXECUTABLE_FOLDER_PATH)/hello-tests"; + }; + name = Debug; + }; + 57B14B8A2A0A881B002820C5 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; + BUNDLE_LOADER = "$(TEST_HOST)"; + CODE_SIGN_STYLE = Automatic; + CURRENT_PROJECT_VERSION = 1; + GENERATE_INFOPLIST_FILE = YES; + MACOSX_DEPLOYMENT_TARGET = 13.2; + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = "com.example.hello-testsTests"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_EMIT_LOC_STRINGS = NO; + SWIFT_VERSION = 5.0; + TEST_HOST = "$(BUILT_PRODUCTS_DIR)/hello-tests.app/$(BUNDLE_EXECUTABLE_FOLDER_PATH)/hello-tests"; + }; + name = Release; + }; + 57B14B8C2A0A881B002820C5 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; + CODE_SIGN_STYLE = Automatic; + CURRENT_PROJECT_VERSION = 1; + GENERATE_INFOPLIST_FILE = YES; + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = "com.example.hello-testsUITests"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_EMIT_LOC_STRINGS = NO; + SWIFT_VERSION = 5.0; + TEST_TARGET_NAME = "hello-tests"; + }; + name = Debug; + }; + 57B14B8D2A0A881B002820C5 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; + CODE_SIGN_STYLE = Automatic; + CURRENT_PROJECT_VERSION = 1; + GENERATE_INFOPLIST_FILE = YES; + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = "com.example.hello-testsUITests"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_EMIT_LOC_STRINGS = NO; + SWIFT_VERSION = 5.0; + TEST_TARGET_NAME = "hello-tests"; + }; + name = Release; + }; +/* End XCBuildConfiguration section */ + +/* Begin XCConfigurationList section */ + 57B14B5B2A0A8819002820C5 /* Build configuration list for PBXProject "hello-tests" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 57B14B832A0A881B002820C5 /* Debug */, + 57B14B842A0A881B002820C5 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 57B14B882A0A881B002820C5 /* Build configuration list for PBXNativeTarget "hello-testsTests" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 57B14B892A0A881B002820C5 /* Debug */, + 57B14B8A2A0A881B002820C5 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 57B14B8B2A0A881B002820C5 /* Build configuration list for PBXNativeTarget "hello-testsUITests" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 57B14B8C2A0A881B002820C5 /* Debug */, + 57B14B8D2A0A881B002820C5 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; +/* End XCConfigurationList section */ + }; + rootObject = 57B14B582A0A8819002820C5 /* Project object */; +} diff --git a/swift/integration-tests/osx-only/autobuilder/only-tests/hello-tests.xcodeproj/project.xcworkspace/contents.xcworkspacedata b/swift/integration-tests/osx-only/autobuilder/only-tests/hello-tests.xcodeproj/project.xcworkspace/contents.xcworkspacedata new file mode 100644 index 00000000000..919434a6254 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/only-tests/hello-tests.xcodeproj/project.xcworkspace/contents.xcworkspacedata @@ -0,0 +1,7 @@ + + + + + diff --git a/swift/integration-tests/osx-only/autobuilder/only-tests/test.py b/swift/integration-tests/osx-only/autobuilder/only-tests/test.py new file mode 100644 index 00000000000..37aaa3ce344 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/only-tests/test.py @@ -0,0 +1,5 @@ +from create_database_utils import * +from diagnostics_test_utils import * + +run_codeql_database_create([], lang='swift', keep_trap=True, db=None, runFunction=runUnsuccessfully) +check_diagnostics() diff --git a/swift/xcode-autobuilder/XcodeTarget.h b/swift/xcode-autobuilder/XcodeTarget.h index a656b3b0076..be7c8343ba0 100644 --- a/swift/xcode-autobuilder/XcodeTarget.h +++ b/swift/xcode-autobuilder/XcodeTarget.h @@ -1,6 +1,7 @@ #pragma once #include +#include struct Target { std::string workspace; @@ -9,3 +10,5 @@ struct Target { std::string type; size_t fileCount; }; + +BINLOG_ADAPT_STRUCT(Target, workspace, project, name, type, fileCount); diff --git a/swift/xcode-autobuilder/tests/autobuild_tester.py b/swift/xcode-autobuilder/tests/autobuild_tester.py index 6a909c97d61..f136dd873b5 100755 --- a/swift/xcode-autobuilder/tests/autobuild_tester.py +++ b/swift/xcode-autobuilder/tests/autobuild_tester.py @@ -11,11 +11,14 @@ test_dir = pathlib.Path(sys.argv[2]) expected = test_dir / 'commands.expected' actual = pathlib.Path('commands.actual') -with open(actual, 'wb') as out: - ret = subprocess.run([str(autobuilder), '-dry-run', '.'], capture_output=True, check=True, cwd=test_dir) +os.environ["CODEQL_EXTRACTOR_SWIFT_LOG_LEVELS"] = "text:no_logs,diagnostics:no_logs,console:info" + +with open(actual, 'w') as out: + ret = subprocess.run([str(autobuilder), '-dry-run', '.'], stdout=subprocess.PIPE, + check=True, cwd=test_dir, text=True) for line in ret.stdout.splitlines(): out.write(line.rstrip()) - out.write(b'\n') + out.write('\n') subprocess.run(['diff', '-u', expected, actual], check=True) diff --git a/swift/xcode-autobuilder/tests/hello-tests/commands.expected b/swift/xcode-autobuilder/tests/hello-tests/commands.expected new file mode 100644 index 00000000000..a34306fe74c --- /dev/null +++ b/swift/xcode-autobuilder/tests/hello-tests/commands.expected @@ -0,0 +1 @@ +/usr/bin/xcodebuild build -project ./hello-tests.xcodeproj -target hello-tests CODE_SIGNING_REQUIRED=NO CODE_SIGNING_ALLOWED=NO diff --git a/swift/xcode-autobuilder/tests/hello-tests/hello-tests.xcodeproj/project.pbxproj b/swift/xcode-autobuilder/tests/hello-tests/hello-tests.xcodeproj/project.pbxproj new file mode 100644 index 00000000000..8af976b0e19 --- /dev/null +++ b/swift/xcode-autobuilder/tests/hello-tests/hello-tests.xcodeproj/project.pbxproj @@ -0,0 +1,573 @@ +// !$*UTF8*$! +{ + archiveVersion = 1; + classes = { + }; + objectVersion = 56; + objects = { + +/* Begin PBXBuildFile section */ + 57B14B642A0A8819002820C5 /* hello_testsApp.swift in Sources */ = {isa = PBXBuildFile; fileRef = 57B14B632A0A8819002820C5 /* hello_testsApp.swift */; }; + 57B14B662A0A8819002820C5 /* ContentView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 57B14B652A0A8819002820C5 /* ContentView.swift */; }; + 57B14B682A0A881B002820C5 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 57B14B672A0A881B002820C5 /* Assets.xcassets */; }; + 57B14B6B2A0A881B002820C5 /* Preview Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 57B14B6A2A0A881B002820C5 /* Preview Assets.xcassets */; }; + 57B14B762A0A881B002820C5 /* hello_testsTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 57B14B752A0A881B002820C5 /* hello_testsTests.swift */; }; + 57B14B802A0A881B002820C5 /* hello_testsUITests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 57B14B7F2A0A881B002820C5 /* hello_testsUITests.swift */; }; + 57B14B822A0A881B002820C5 /* hello_testsUITestsLaunchTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 57B14B812A0A881B002820C5 /* hello_testsUITestsLaunchTests.swift */; }; +/* End PBXBuildFile section */ + +/* Begin PBXContainerItemProxy section */ + 57B14B722A0A881B002820C5 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 57B14B582A0A8819002820C5 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 57B14B5F2A0A8819002820C5; + remoteInfo = "hello-tests"; + }; + 57B14B7C2A0A881B002820C5 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 57B14B582A0A8819002820C5 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 57B14B5F2A0A8819002820C5; + remoteInfo = "hello-tests"; + }; +/* End PBXContainerItemProxy section */ + +/* Begin PBXFileReference section */ + 57B14B602A0A8819002820C5 /* hello-tests.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "hello-tests.app"; sourceTree = BUILT_PRODUCTS_DIR; }; + 57B14B632A0A8819002820C5 /* hello_testsApp.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = hello_testsApp.swift; sourceTree = ""; }; + 57B14B652A0A8819002820C5 /* ContentView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ContentView.swift; sourceTree = ""; }; + 57B14B672A0A881B002820C5 /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; + 57B14B6A2A0A881B002820C5 /* Preview Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = "Preview Assets.xcassets"; sourceTree = ""; }; + 57B14B6C2A0A881B002820C5 /* hello_tests.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = hello_tests.entitlements; sourceTree = ""; }; + 57B14B712A0A881B002820C5 /* hello-testsTests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = "hello-testsTests.xctest"; sourceTree = BUILT_PRODUCTS_DIR; }; + 57B14B752A0A881B002820C5 /* hello_testsTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = hello_testsTests.swift; sourceTree = ""; }; + 57B14B7B2A0A881B002820C5 /* hello-testsUITests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = "hello-testsUITests.xctest"; sourceTree = BUILT_PRODUCTS_DIR; }; + 57B14B7F2A0A881B002820C5 /* hello_testsUITests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = hello_testsUITests.swift; sourceTree = ""; }; + 57B14B812A0A881B002820C5 /* hello_testsUITestsLaunchTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = hello_testsUITestsLaunchTests.swift; sourceTree = ""; }; +/* End PBXFileReference section */ + +/* Begin PBXFrameworksBuildPhase section */ + 57B14B5D2A0A8819002820C5 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 57B14B6E2A0A881B002820C5 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 57B14B782A0A881B002820C5 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXFrameworksBuildPhase section */ + +/* Begin PBXGroup section */ + 57B14B572A0A8819002820C5 = { + isa = PBXGroup; + children = ( + 57B14B622A0A8819002820C5 /* hello-tests */, + 57B14B742A0A881B002820C5 /* hello-testsTests */, + 57B14B7E2A0A881B002820C5 /* hello-testsUITests */, + 57B14B612A0A8819002820C5 /* Products */, + ); + sourceTree = ""; + }; + 57B14B612A0A8819002820C5 /* Products */ = { + isa = PBXGroup; + children = ( + 57B14B602A0A8819002820C5 /* hello-tests.app */, + 57B14B712A0A881B002820C5 /* hello-testsTests.xctest */, + 57B14B7B2A0A881B002820C5 /* hello-testsUITests.xctest */, + ); + name = Products; + sourceTree = ""; + }; + 57B14B622A0A8819002820C5 /* hello-tests */ = { + isa = PBXGroup; + children = ( + 57B14B632A0A8819002820C5 /* hello_testsApp.swift */, + 57B14B652A0A8819002820C5 /* ContentView.swift */, + 57B14B672A0A881B002820C5 /* Assets.xcassets */, + 57B14B6C2A0A881B002820C5 /* hello_tests.entitlements */, + 57B14B692A0A881B002820C5 /* Preview Content */, + ); + path = "hello-tests"; + sourceTree = ""; + }; + 57B14B692A0A881B002820C5 /* Preview Content */ = { + isa = PBXGroup; + children = ( + 57B14B6A2A0A881B002820C5 /* Preview Assets.xcassets */, + ); + path = "Preview Content"; + sourceTree = ""; + }; + 57B14B742A0A881B002820C5 /* hello-testsTests */ = { + isa = PBXGroup; + children = ( + 57B14B752A0A881B002820C5 /* hello_testsTests.swift */, + ); + path = "hello-testsTests"; + sourceTree = ""; + }; + 57B14B7E2A0A881B002820C5 /* hello-testsUITests */ = { + isa = PBXGroup; + children = ( + 57B14B7F2A0A881B002820C5 /* hello_testsUITests.swift */, + 57B14B812A0A881B002820C5 /* hello_testsUITestsLaunchTests.swift */, + ); + path = "hello-testsUITests"; + sourceTree = ""; + }; +/* End PBXGroup section */ + +/* Begin PBXNativeTarget section */ + 57B14B5F2A0A8819002820C5 /* hello-tests */ = { + isa = PBXNativeTarget; + buildConfigurationList = 57B14B852A0A881B002820C5 /* Build configuration list for PBXNativeTarget "hello-tests" */; + buildPhases = ( + 57B14B5C2A0A8819002820C5 /* Sources */, + 57B14B5D2A0A8819002820C5 /* Frameworks */, + 57B14B5E2A0A8819002820C5 /* Resources */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = "hello-tests"; + productName = "hello-tests"; + productReference = 57B14B602A0A8819002820C5 /* hello-tests.app */; + productType = "com.apple.product-type.application"; + }; + 57B14B702A0A881B002820C5 /* hello-testsTests */ = { + isa = PBXNativeTarget; + buildConfigurationList = 57B14B882A0A881B002820C5 /* Build configuration list for PBXNativeTarget "hello-testsTests" */; + buildPhases = ( + 57B14B6D2A0A881B002820C5 /* Sources */, + 57B14B6E2A0A881B002820C5 /* Frameworks */, + 57B14B6F2A0A881B002820C5 /* Resources */, + ); + buildRules = ( + ); + dependencies = ( + 57B14B732A0A881B002820C5 /* PBXTargetDependency */, + ); + name = "hello-testsTests"; + productName = "hello-testsTests"; + productReference = 57B14B712A0A881B002820C5 /* hello-testsTests.xctest */; + productType = "com.apple.product-type.bundle.unit-test"; + }; + 57B14B7A2A0A881B002820C5 /* hello-testsUITests */ = { + isa = PBXNativeTarget; + buildConfigurationList = 57B14B8B2A0A881B002820C5 /* Build configuration list for PBXNativeTarget "hello-testsUITests" */; + buildPhases = ( + 57B14B772A0A881B002820C5 /* Sources */, + 57B14B782A0A881B002820C5 /* Frameworks */, + 57B14B792A0A881B002820C5 /* Resources */, + ); + buildRules = ( + ); + dependencies = ( + 57B14B7D2A0A881B002820C5 /* PBXTargetDependency */, + ); + name = "hello-testsUITests"; + productName = "hello-testsUITests"; + productReference = 57B14B7B2A0A881B002820C5 /* hello-testsUITests.xctest */; + productType = "com.apple.product-type.bundle.ui-testing"; + }; +/* End PBXNativeTarget section */ + +/* Begin PBXProject section */ + 57B14B582A0A8819002820C5 /* Project object */ = { + isa = PBXProject; + attributes = { + BuildIndependentTargetsInParallel = 1; + LastSwiftUpdateCheck = 1430; + LastUpgradeCheck = 1430; + TargetAttributes = { + 57B14B5F2A0A8819002820C5 = { + CreatedOnToolsVersion = 14.3; + }; + 57B14B702A0A881B002820C5 = { + CreatedOnToolsVersion = 14.3; + TestTargetID = 57B14B5F2A0A8819002820C5; + }; + 57B14B7A2A0A881B002820C5 = { + CreatedOnToolsVersion = 14.3; + TestTargetID = 57B14B5F2A0A8819002820C5; + }; + }; + }; + buildConfigurationList = 57B14B5B2A0A8819002820C5 /* Build configuration list for PBXProject "hello-tests" */; + compatibilityVersion = "Xcode 14.0"; + developmentRegion = en; + hasScannedForEncodings = 0; + knownRegions = ( + en, + Base, + ); + mainGroup = 57B14B572A0A8819002820C5; + productRefGroup = 57B14B612A0A8819002820C5 /* Products */; + projectDirPath = ""; + projectRoot = ""; + targets = ( + 57B14B5F2A0A8819002820C5 /* hello-tests */, + 57B14B702A0A881B002820C5 /* hello-testsTests */, + 57B14B7A2A0A881B002820C5 /* hello-testsUITests */, + ); + }; +/* End PBXProject section */ + +/* Begin PBXResourcesBuildPhase section */ + 57B14B5E2A0A8819002820C5 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 57B14B6B2A0A881B002820C5 /* Preview Assets.xcassets in Resources */, + 57B14B682A0A881B002820C5 /* Assets.xcassets in Resources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 57B14B6F2A0A881B002820C5 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 57B14B792A0A881B002820C5 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXResourcesBuildPhase section */ + +/* Begin PBXSourcesBuildPhase section */ + 57B14B5C2A0A8819002820C5 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 57B14B662A0A8819002820C5 /* ContentView.swift in Sources */, + 57B14B642A0A8819002820C5 /* hello_testsApp.swift in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 57B14B6D2A0A881B002820C5 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 57B14B762A0A881B002820C5 /* hello_testsTests.swift in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 57B14B772A0A881B002820C5 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 57B14B802A0A881B002820C5 /* hello_testsUITests.swift in Sources */, + 57B14B822A0A881B002820C5 /* hello_testsUITestsLaunchTests.swift in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXSourcesBuildPhase section */ + +/* Begin PBXTargetDependency section */ + 57B14B732A0A881B002820C5 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 57B14B5F2A0A8819002820C5 /* hello-tests */; + targetProxy = 57B14B722A0A881B002820C5 /* PBXContainerItemProxy */; + }; + 57B14B7D2A0A881B002820C5 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 57B14B5F2A0A8819002820C5 /* hello-tests */; + targetProxy = 57B14B7C2A0A881B002820C5 /* PBXContainerItemProxy */; + }; +/* End PBXTargetDependency section */ + +/* Begin XCBuildConfiguration section */ + 57B14B832A0A881B002820C5 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_ENABLE_OBJC_WEAK = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + ENABLE_TESTABILITY = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + MACOSX_DEPLOYMENT_TARGET = 13.2; + MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; + MTL_FAST_MATH = YES; + ONLY_ACTIVE_ARCH = YES; + SDKROOT = macosx; + SWIFT_ACTIVE_COMPILATION_CONDITIONS = DEBUG; + SWIFT_OPTIMIZATION_LEVEL = "-Onone"; + }; + name = Debug; + }; + 57B14B842A0A881B002820C5 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_ENABLE_OBJC_WEAK = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + MACOSX_DEPLOYMENT_TARGET = 13.2; + MTL_ENABLE_DEBUG_INFO = NO; + MTL_FAST_MATH = YES; + SDKROOT = macosx; + SWIFT_COMPILATION_MODE = wholemodule; + SWIFT_OPTIMIZATION_LEVEL = "-O"; + }; + name = Release; + }; + 57B14B862A0A881B002820C5 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; + CODE_SIGN_ENTITLEMENTS = "hello-tests/hello_tests.entitlements"; + CODE_SIGN_STYLE = Automatic; + COMBINE_HIDPI_IMAGES = YES; + CURRENT_PROJECT_VERSION = 1; + DEVELOPMENT_ASSET_PATHS = "\"hello-tests/Preview Content\""; + ENABLE_PREVIEWS = YES; + GENERATE_INFOPLIST_FILE = YES; + INFOPLIST_KEY_NSHumanReadableCopyright = ""; + LD_RUNPATH_SEARCH_PATHS = ( + "$(inherited)", + "@executable_path/../Frameworks", + ); + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = "com.example.hello-tests"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_EMIT_LOC_STRINGS = YES; + SWIFT_VERSION = 5.0; + }; + name = Debug; + }; + 57B14B872A0A881B002820C5 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; + CODE_SIGN_ENTITLEMENTS = "hello-tests/hello_tests.entitlements"; + CODE_SIGN_STYLE = Automatic; + COMBINE_HIDPI_IMAGES = YES; + CURRENT_PROJECT_VERSION = 1; + DEVELOPMENT_ASSET_PATHS = "\"hello-tests/Preview Content\""; + ENABLE_PREVIEWS = YES; + GENERATE_INFOPLIST_FILE = YES; + INFOPLIST_KEY_NSHumanReadableCopyright = ""; + LD_RUNPATH_SEARCH_PATHS = ( + "$(inherited)", + "@executable_path/../Frameworks", + ); + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = "com.example.hello-tests"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_EMIT_LOC_STRINGS = YES; + SWIFT_VERSION = 5.0; + }; + name = Release; + }; + 57B14B892A0A881B002820C5 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; + BUNDLE_LOADER = "$(TEST_HOST)"; + CODE_SIGN_STYLE = Automatic; + CURRENT_PROJECT_VERSION = 1; + GENERATE_INFOPLIST_FILE = YES; + MACOSX_DEPLOYMENT_TARGET = 13.2; + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = "com.example.hello-testsTests"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_EMIT_LOC_STRINGS = NO; + SWIFT_VERSION = 5.0; + TEST_HOST = "$(BUILT_PRODUCTS_DIR)/hello-tests.app/$(BUNDLE_EXECUTABLE_FOLDER_PATH)/hello-tests"; + }; + name = Debug; + }; + 57B14B8A2A0A881B002820C5 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; + BUNDLE_LOADER = "$(TEST_HOST)"; + CODE_SIGN_STYLE = Automatic; + CURRENT_PROJECT_VERSION = 1; + GENERATE_INFOPLIST_FILE = YES; + MACOSX_DEPLOYMENT_TARGET = 13.2; + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = "com.example.hello-testsTests"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_EMIT_LOC_STRINGS = NO; + SWIFT_VERSION = 5.0; + TEST_HOST = "$(BUILT_PRODUCTS_DIR)/hello-tests.app/$(BUNDLE_EXECUTABLE_FOLDER_PATH)/hello-tests"; + }; + name = Release; + }; + 57B14B8C2A0A881B002820C5 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; + CODE_SIGN_STYLE = Automatic; + CURRENT_PROJECT_VERSION = 1; + GENERATE_INFOPLIST_FILE = YES; + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = "com.example.hello-testsUITests"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_EMIT_LOC_STRINGS = NO; + SWIFT_VERSION = 5.0; + TEST_TARGET_NAME = "hello-tests"; + }; + name = Debug; + }; + 57B14B8D2A0A881B002820C5 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; + CODE_SIGN_STYLE = Automatic; + CURRENT_PROJECT_VERSION = 1; + GENERATE_INFOPLIST_FILE = YES; + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = "com.example.hello-testsUITests"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_EMIT_LOC_STRINGS = NO; + SWIFT_VERSION = 5.0; + TEST_TARGET_NAME = "hello-tests"; + }; + name = Release; + }; +/* End XCBuildConfiguration section */ + +/* Begin XCConfigurationList section */ + 57B14B5B2A0A8819002820C5 /* Build configuration list for PBXProject "hello-tests" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 57B14B832A0A881B002820C5 /* Debug */, + 57B14B842A0A881B002820C5 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 57B14B852A0A881B002820C5 /* Build configuration list for PBXNativeTarget "hello-tests" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 57B14B862A0A881B002820C5 /* Debug */, + 57B14B872A0A881B002820C5 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 57B14B882A0A881B002820C5 /* Build configuration list for PBXNativeTarget "hello-testsTests" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 57B14B892A0A881B002820C5 /* Debug */, + 57B14B8A2A0A881B002820C5 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 57B14B8B2A0A881B002820C5 /* Build configuration list for PBXNativeTarget "hello-testsUITests" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 57B14B8C2A0A881B002820C5 /* Debug */, + 57B14B8D2A0A881B002820C5 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; +/* End XCConfigurationList section */ + }; + rootObject = 57B14B582A0A8819002820C5 /* Project object */; +} diff --git a/swift/xcode-autobuilder/tests/hello-tests/hello-tests.xcodeproj/project.xcworkspace/contents.xcworkspacedata b/swift/xcode-autobuilder/tests/hello-tests/hello-tests.xcodeproj/project.xcworkspace/contents.xcworkspacedata new file mode 100644 index 00000000000..919434a6254 --- /dev/null +++ b/swift/xcode-autobuilder/tests/hello-tests/hello-tests.xcodeproj/project.xcworkspace/contents.xcworkspacedata @@ -0,0 +1,7 @@ + + + + + diff --git a/swift/xcode-autobuilder/xcode-autobuilder.cpp b/swift/xcode-autobuilder/xcode-autobuilder.cpp index ca6dbe5dcac..d540217eeb2 100644 --- a/swift/xcode-autobuilder/xcode-autobuilder.cpp +++ b/swift/xcode-autobuilder/xcode-autobuilder.cpp @@ -5,12 +5,24 @@ #include "swift/xcode-autobuilder/XcodeBuildRunner.h" #include "swift/xcode-autobuilder/XcodeProjectParser.h" #include "swift/logging/SwiftLogging.h" +#include "swift/xcode-autobuilder/CustomizingBuildDiagnostics.h" -static const char* Application = "com.apple.product-type.application"; -static const char* Framework = "com.apple.product-type.framework"; +static const char* uiTest = "com.apple.product-type.bundle.ui-testing"; +static const char* unitTest = "com.apple.product-type.bundle.unit-test"; const std::string_view codeql::programName = "autobuilder"; +namespace codeql_diagnostics { +constexpr codeql::SwiftDiagnosticsSource no_swift_target{ + "no_swift_target", "No Swift compilation target found", customizingBuildAction, + customizingBuildHelpLinks}; +} // namespace codeql_diagnostics + +static codeql::Logger& logger() { + static codeql::Logger ret{"main"}; + return ret; +} + struct CLIArgs { std::string workingDir; bool dryRun; @@ -18,11 +30,13 @@ struct CLIArgs { static void autobuild(const CLIArgs& args) { auto targets = collectTargets(args.workingDir); - - // Filter out non-application/framework targets + for (const auto& t : targets) { + LOG_INFO("{}", t); + } + // Filter out targets that are tests or have no swift source files targets.erase(std::remove_if(std::begin(targets), std::end(targets), [&](Target& t) -> bool { - return t.type != Application && t.type != Framework; + return t.fileCount == 0 || t.type == uiTest || t.type == unitTest; }), std::end(targets)); @@ -30,15 +44,12 @@ static void autobuild(const CLIArgs& args) { std::sort(std::begin(targets), std::end(targets), [](Target& lhs, Target& rhs) { return lhs.fileCount > rhs.fileCount; }); - for (auto& t : targets) { - std::cerr << t.workspace << " " << t.project << " " << t.type << " " << t.name << " " - << t.fileCount << "\n"; - } if (targets.empty()) { - std::cerr << "[xcode autobuilder] Suitable targets not found\n"; + DIAGNOSE_ERROR(no_swift_target, "All targets found within Xcode projects or workspaces either " + "have no Swift sources or are tests"); exit(1); } - + LOG_INFO("Selected {}", targets.front()); buildTarget(targets.front(), args.dryRun); } @@ -61,5 +72,6 @@ static CLIArgs parseCLIArgs(int argc, char** argv) { int main(int argc, char** argv) { auto args = parseCLIArgs(argc, argv); autobuild(args); + codeql::Log::flush(); return 0; } From 8534ba0218e55f081d715c5d5689564a93afe13c Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Wed, 10 May 2023 06:37:09 +0200 Subject: [PATCH 247/870] Swift: surface error about unsupported SPM build --- .../no-swift-with-spm/diagnostics.expected | 18 + .../hello-objective.xcodeproj/project.pbxproj | 278 +++++++++++ .../contents.xcworkspacedata | 7 + .../xcshareddata/IDEWorkspaceChecks.plist | 8 + .../hello-objective/Package.swift | 1 + .../no-swift-with-spm/hello-objective/main.m | 16 + .../autobuilder/no-swift-with-spm/test.py | 5 + .../no-xcode-with-spm/Package.swift | 1 + .../no-xcode-with-spm/diagnostics.expected | 18 + .../autobuilder/no-xcode-with-spm/test.py | 5 + .../autobuilder/no-xcode-with-spm/x.swift | 0 .../only-tests-with-spm/Package.swift | 1 + .../only-tests-with-spm/diagnostics.expected | 18 + .../hello-tests.xcodeproj/project.pbxproj | 430 ++++++++++++++++++ .../contents.xcworkspacedata | 7 + .../autobuilder/only-tests-with-spm/test.py | 5 + .../xcode-autobuilder/XcodeProjectParser.cpp | 90 ++-- swift/xcode-autobuilder/XcodeProjectParser.h | 8 +- swift/xcode-autobuilder/xcode-autobuilder.cpp | 27 +- 19 files changed, 890 insertions(+), 53 deletions(-) create mode 100644 swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/diagnostics.expected create mode 100644 swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/hello-objective.xcodeproj/project.pbxproj create mode 100644 swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/hello-objective.xcodeproj/project.xcworkspace/contents.xcworkspacedata create mode 100644 swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/hello-objective.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist create mode 100644 swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/hello-objective/Package.swift create mode 100644 swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/hello-objective/main.m create mode 100644 swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/test.py create mode 100644 swift/integration-tests/osx-only/autobuilder/no-xcode-with-spm/Package.swift create mode 100644 swift/integration-tests/osx-only/autobuilder/no-xcode-with-spm/diagnostics.expected create mode 100644 swift/integration-tests/osx-only/autobuilder/no-xcode-with-spm/test.py create mode 100644 swift/integration-tests/osx-only/autobuilder/no-xcode-with-spm/x.swift create mode 100644 swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/Package.swift create mode 100644 swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/diagnostics.expected create mode 100644 swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/hello-tests.xcodeproj/project.pbxproj create mode 100644 swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/hello-tests.xcodeproj/project.xcworkspace/contents.xcworkspacedata create mode 100644 swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/test.py diff --git a/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/diagnostics.expected new file mode 100644 index 00000000000..54201f6d979 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/diagnostics.expected @@ -0,0 +1,18 @@ +{ + "helpLinks": [ + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning", + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language" + ], + "plaintextMessage": "No viable Swift Xcode target was found but a Swift package was detected. Swift Package Manager builds are not yet supported by the autobuilder.\n\nSet up a manual build command.", + "severity": "error", + "source": { + "extractorName": "swift", + "id": "swift/autobuilder/spm-not-supported", + "name": "Swift Package Manager build unsupported by autobuild" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": true, + "telemetry": true + } +} diff --git a/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/hello-objective.xcodeproj/project.pbxproj b/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/hello-objective.xcodeproj/project.pbxproj new file mode 100644 index 00000000000..a2415ce362a --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/hello-objective.xcodeproj/project.pbxproj @@ -0,0 +1,278 @@ +// !$*UTF8*$! +{ + archiveVersion = 1; + classes = { + }; + objectVersion = 56; + objects = { + +/* Begin PBXBuildFile section */ + 57B14B1A2A0A512A002820C5 /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = 57B14B192A0A512A002820C5 /* main.m */; }; +/* End PBXBuildFile section */ + +/* Begin PBXCopyFilesBuildPhase section */ + 57B14B142A0A512A002820C5 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = /usr/share/man/man1/; + dstSubfolderSpec = 0; + files = ( + ); + runOnlyForDeploymentPostprocessing = 1; + }; +/* End PBXCopyFilesBuildPhase section */ + +/* Begin PBXFileReference section */ + 57B14B162A0A512A002820C5 /* hello-objective */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = "hello-objective"; sourceTree = BUILT_PRODUCTS_DIR; }; + 57B14B192A0A512A002820C5 /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = ""; }; +/* End PBXFileReference section */ + +/* Begin PBXFrameworksBuildPhase section */ + 57B14B132A0A512A002820C5 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXFrameworksBuildPhase section */ + +/* Begin PBXGroup section */ + 57B14B0D2A0A512A002820C5 = { + isa = PBXGroup; + children = ( + 57B14B182A0A512A002820C5 /* hello-objective */, + 57B14B172A0A512A002820C5 /* Products */, + ); + sourceTree = ""; + }; + 57B14B172A0A512A002820C5 /* Products */ = { + isa = PBXGroup; + children = ( + 57B14B162A0A512A002820C5 /* hello-objective */, + ); + name = Products; + sourceTree = ""; + }; + 57B14B182A0A512A002820C5 /* hello-objective */ = { + isa = PBXGroup; + children = ( + 57B14B192A0A512A002820C5 /* main.m */, + ); + path = "hello-objective"; + sourceTree = ""; + }; +/* End PBXGroup section */ + +/* Begin PBXNativeTarget section */ + 57B14B152A0A512A002820C5 /* hello-objective */ = { + isa = PBXNativeTarget; + buildConfigurationList = 57B14B1D2A0A512A002820C5 /* Build configuration list for PBXNativeTarget "hello-objective" */; + buildPhases = ( + 57B14B122A0A512A002820C5 /* Sources */, + 57B14B132A0A512A002820C5 /* Frameworks */, + 57B14B142A0A512A002820C5 /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = "hello-objective"; + productName = "hello-objective"; + productReference = 57B14B162A0A512A002820C5 /* hello-objective */; + productType = "com.apple.product-type.tool"; + }; +/* End PBXNativeTarget section */ + +/* Begin PBXProject section */ + 57B14B0E2A0A512A002820C5 /* Project object */ = { + isa = PBXProject; + attributes = { + BuildIndependentTargetsInParallel = 1; + LastUpgradeCheck = 1430; + TargetAttributes = { + 57B14B152A0A512A002820C5 = { + CreatedOnToolsVersion = 14.3; + }; + }; + }; + buildConfigurationList = 57B14B112A0A512A002820C5 /* Build configuration list for PBXProject "hello-objective" */; + compatibilityVersion = "Xcode 14.0"; + developmentRegion = en; + hasScannedForEncodings = 0; + knownRegions = ( + en, + Base, + ); + mainGroup = 57B14B0D2A0A512A002820C5; + productRefGroup = 57B14B172A0A512A002820C5 /* Products */; + projectDirPath = ""; + projectRoot = ""; + targets = ( + 57B14B152A0A512A002820C5 /* hello-objective */, + ); + }; +/* End PBXProject section */ + +/* Begin PBXSourcesBuildPhase section */ + 57B14B122A0A512A002820C5 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 57B14B1A2A0A512A002820C5 /* main.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXSourcesBuildPhase section */ + +/* Begin XCBuildConfiguration section */ + 57B14B1B2A0A512A002820C5 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_ENABLE_OBJC_WEAK = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + ENABLE_TESTABILITY = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + MACOSX_DEPLOYMENT_TARGET = 13.2; + MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; + MTL_FAST_MATH = YES; + ONLY_ACTIVE_ARCH = YES; + SDKROOT = macosx; + }; + name = Debug; + }; + 57B14B1C2A0A512A002820C5 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_ENABLE_OBJC_WEAK = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + MACOSX_DEPLOYMENT_TARGET = 13.2; + MTL_ENABLE_DEBUG_INFO = NO; + MTL_FAST_MATH = YES; + SDKROOT = macosx; + }; + name = Release; + }; + 57B14B1E2A0A512A002820C5 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CODE_SIGN_STYLE = Automatic; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; + }; + 57B14B1F2A0A512A002820C5 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CODE_SIGN_STYLE = Automatic; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; + }; +/* End XCBuildConfiguration section */ + +/* Begin XCConfigurationList section */ + 57B14B112A0A512A002820C5 /* Build configuration list for PBXProject "hello-objective" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 57B14B1B2A0A512A002820C5 /* Debug */, + 57B14B1C2A0A512A002820C5 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 57B14B1D2A0A512A002820C5 /* Build configuration list for PBXNativeTarget "hello-objective" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 57B14B1E2A0A512A002820C5 /* Debug */, + 57B14B1F2A0A512A002820C5 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; +/* End XCConfigurationList section */ + }; + rootObject = 57B14B0E2A0A512A002820C5 /* Project object */; +} diff --git a/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/hello-objective.xcodeproj/project.xcworkspace/contents.xcworkspacedata b/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/hello-objective.xcodeproj/project.xcworkspace/contents.xcworkspacedata new file mode 100644 index 00000000000..919434a6254 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/hello-objective.xcodeproj/project.xcworkspace/contents.xcworkspacedata @@ -0,0 +1,7 @@ + + + + + diff --git a/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/hello-objective.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist b/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/hello-objective.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist new file mode 100644 index 00000000000..18d981003d6 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/hello-objective.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist @@ -0,0 +1,8 @@ + + + + + IDEDidComputeMac32BitWarning + + + diff --git a/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/hello-objective/Package.swift b/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/hello-objective/Package.swift new file mode 100644 index 00000000000..6e373b136bd --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/hello-objective/Package.swift @@ -0,0 +1 @@ +// swift-tools-version:5.0 diff --git a/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/hello-objective/main.m b/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/hello-objective/main.m new file mode 100644 index 00000000000..d35d96bd052 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/hello-objective/main.m @@ -0,0 +1,16 @@ +// +// main.m +// hello-objective +// +// Created by ec2-user on 5/9/23. +// + +#import + +int main(int argc, const char * argv[]) { + @autoreleasepool { + // insert code here... + NSLog(@"Hello, World!"); + } + return 0; +} diff --git a/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/test.py b/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/test.py new file mode 100644 index 00000000000..37aaa3ce344 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/test.py @@ -0,0 +1,5 @@ +from create_database_utils import * +from diagnostics_test_utils import * + +run_codeql_database_create([], lang='swift', keep_trap=True, db=None, runFunction=runUnsuccessfully) +check_diagnostics() diff --git a/swift/integration-tests/osx-only/autobuilder/no-xcode-with-spm/Package.swift b/swift/integration-tests/osx-only/autobuilder/no-xcode-with-spm/Package.swift new file mode 100644 index 00000000000..6e373b136bd --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/no-xcode-with-spm/Package.swift @@ -0,0 +1 @@ +// swift-tools-version:5.0 diff --git a/swift/integration-tests/osx-only/autobuilder/no-xcode-with-spm/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/no-xcode-with-spm/diagnostics.expected new file mode 100644 index 00000000000..54201f6d979 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/no-xcode-with-spm/diagnostics.expected @@ -0,0 +1,18 @@ +{ + "helpLinks": [ + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning", + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language" + ], + "plaintextMessage": "No viable Swift Xcode target was found but a Swift package was detected. Swift Package Manager builds are not yet supported by the autobuilder.\n\nSet up a manual build command.", + "severity": "error", + "source": { + "extractorName": "swift", + "id": "swift/autobuilder/spm-not-supported", + "name": "Swift Package Manager build unsupported by autobuild" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": true, + "telemetry": true + } +} diff --git a/swift/integration-tests/osx-only/autobuilder/no-xcode-with-spm/test.py b/swift/integration-tests/osx-only/autobuilder/no-xcode-with-spm/test.py new file mode 100644 index 00000000000..37aaa3ce344 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/no-xcode-with-spm/test.py @@ -0,0 +1,5 @@ +from create_database_utils import * +from diagnostics_test_utils import * + +run_codeql_database_create([], lang='swift', keep_trap=True, db=None, runFunction=runUnsuccessfully) +check_diagnostics() diff --git a/swift/integration-tests/osx-only/autobuilder/no-xcode-with-spm/x.swift b/swift/integration-tests/osx-only/autobuilder/no-xcode-with-spm/x.swift new file mode 100644 index 00000000000..e69de29bb2d diff --git a/swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/Package.swift b/swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/Package.swift new file mode 100644 index 00000000000..6e373b136bd --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/Package.swift @@ -0,0 +1 @@ +// swift-tools-version:5.0 diff --git a/swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/diagnostics.expected new file mode 100644 index 00000000000..54201f6d979 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/diagnostics.expected @@ -0,0 +1,18 @@ +{ + "helpLinks": [ + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning", + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language" + ], + "plaintextMessage": "No viable Swift Xcode target was found but a Swift package was detected. Swift Package Manager builds are not yet supported by the autobuilder.\n\nSet up a manual build command.", + "severity": "error", + "source": { + "extractorName": "swift", + "id": "swift/autobuilder/spm-not-supported", + "name": "Swift Package Manager build unsupported by autobuild" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": true, + "telemetry": true + } +} diff --git a/swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/hello-tests.xcodeproj/project.pbxproj b/swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/hello-tests.xcodeproj/project.pbxproj new file mode 100644 index 00000000000..a4ca3761791 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/hello-tests.xcodeproj/project.pbxproj @@ -0,0 +1,430 @@ +// !$*UTF8*$! +{ + archiveVersion = 1; + classes = { + }; + objectVersion = 56; + objects = { + +/* Begin PBXBuildFile section */ + 57B14B762A0A881B002820C5 /* hello_testsTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 57B14B752A0A881B002820C5 /* hello_testsTests.swift */; }; + 57B14B802A0A881B002820C5 /* hello_testsUITests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 57B14B7F2A0A881B002820C5 /* hello_testsUITests.swift */; }; + 57B14B822A0A881B002820C5 /* hello_testsUITestsLaunchTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 57B14B812A0A881B002820C5 /* hello_testsUITestsLaunchTests.swift */; }; +/* End PBXBuildFile section */ + +/* Begin PBXFileReference section */ + 57B14B632A0A8819002820C5 /* hello_testsApp.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = hello_testsApp.swift; sourceTree = ""; }; + 57B14B652A0A8819002820C5 /* ContentView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ContentView.swift; sourceTree = ""; }; + 57B14B672A0A881B002820C5 /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; + 57B14B6A2A0A881B002820C5 /* Preview Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = "Preview Assets.xcassets"; sourceTree = ""; }; + 57B14B6C2A0A881B002820C5 /* hello_tests.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = hello_tests.entitlements; sourceTree = ""; }; + 57B14B712A0A881B002820C5 /* hello-testsTests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = "hello-testsTests.xctest"; sourceTree = BUILT_PRODUCTS_DIR; }; + 57B14B752A0A881B002820C5 /* hello_testsTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = hello_testsTests.swift; sourceTree = ""; }; + 57B14B7B2A0A881B002820C5 /* hello-testsUITests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = "hello-testsUITests.xctest"; sourceTree = BUILT_PRODUCTS_DIR; }; + 57B14B7F2A0A881B002820C5 /* hello_testsUITests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = hello_testsUITests.swift; sourceTree = ""; }; + 57B14B812A0A881B002820C5 /* hello_testsUITestsLaunchTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = hello_testsUITestsLaunchTests.swift; sourceTree = ""; }; +/* End PBXFileReference section */ + +/* Begin PBXFrameworksBuildPhase section */ + 57B14B6E2A0A881B002820C5 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 57B14B782A0A881B002820C5 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXFrameworksBuildPhase section */ + +/* Begin PBXGroup section */ + 57B14B572A0A8819002820C5 = { + isa = PBXGroup; + children = ( + 57B14B622A0A8819002820C5 /* hello-tests */, + 57B14B742A0A881B002820C5 /* hello-testsTests */, + 57B14B7E2A0A881B002820C5 /* hello-testsUITests */, + 57B14B612A0A8819002820C5 /* Products */, + ); + sourceTree = ""; + }; + 57B14B612A0A8819002820C5 /* Products */ = { + isa = PBXGroup; + children = ( + 57B14B712A0A881B002820C5 /* hello-testsTests.xctest */, + 57B14B7B2A0A881B002820C5 /* hello-testsUITests.xctest */, + ); + name = Products; + sourceTree = ""; + }; + 57B14B622A0A8819002820C5 /* hello-tests */ = { + isa = PBXGroup; + children = ( + 57B14B632A0A8819002820C5 /* hello_testsApp.swift */, + 57B14B652A0A8819002820C5 /* ContentView.swift */, + 57B14B672A0A881B002820C5 /* Assets.xcassets */, + 57B14B6C2A0A881B002820C5 /* hello_tests.entitlements */, + 57B14B692A0A881B002820C5 /* Preview Content */, + ); + path = "hello-tests"; + sourceTree = ""; + }; + 57B14B692A0A881B002820C5 /* Preview Content */ = { + isa = PBXGroup; + children = ( + 57B14B6A2A0A881B002820C5 /* Preview Assets.xcassets */, + ); + path = "Preview Content"; + sourceTree = ""; + }; + 57B14B742A0A881B002820C5 /* hello-testsTests */ = { + isa = PBXGroup; + children = ( + 57B14B752A0A881B002820C5 /* hello_testsTests.swift */, + ); + path = "hello-testsTests"; + sourceTree = ""; + }; + 57B14B7E2A0A881B002820C5 /* hello-testsUITests */ = { + isa = PBXGroup; + children = ( + 57B14B7F2A0A881B002820C5 /* hello_testsUITests.swift */, + 57B14B812A0A881B002820C5 /* hello_testsUITestsLaunchTests.swift */, + ); + path = "hello-testsUITests"; + sourceTree = ""; + }; +/* End PBXGroup section */ + +/* Begin PBXNativeTarget section */ + 57B14B702A0A881B002820C5 /* hello-testsTests */ = { + isa = PBXNativeTarget; + buildConfigurationList = 57B14B882A0A881B002820C5 /* Build configuration list for PBXNativeTarget "hello-testsTests" */; + buildPhases = ( + 57B14B6D2A0A881B002820C5 /* Sources */, + 57B14B6E2A0A881B002820C5 /* Frameworks */, + 57B14B6F2A0A881B002820C5 /* Resources */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = "hello-testsTests"; + productName = "hello-testsTests"; + productReference = 57B14B712A0A881B002820C5 /* hello-testsTests.xctest */; + productType = "com.apple.product-type.bundle.unit-test"; + }; + 57B14B7A2A0A881B002820C5 /* hello-testsUITests */ = { + isa = PBXNativeTarget; + buildConfigurationList = 57B14B8B2A0A881B002820C5 /* Build configuration list for PBXNativeTarget "hello-testsUITests" */; + buildPhases = ( + 57B14B772A0A881B002820C5 /* Sources */, + 57B14B782A0A881B002820C5 /* Frameworks */, + 57B14B792A0A881B002820C5 /* Resources */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = "hello-testsUITests"; + productName = "hello-testsUITests"; + productReference = 57B14B7B2A0A881B002820C5 /* hello-testsUITests.xctest */; + productType = "com.apple.product-type.bundle.ui-testing"; + }; +/* End PBXNativeTarget section */ + +/* Begin PBXProject section */ + 57B14B582A0A8819002820C5 /* Project object */ = { + isa = PBXProject; + attributes = { + BuildIndependentTargetsInParallel = 1; + LastSwiftUpdateCheck = 1430; + LastUpgradeCheck = 1430; + TargetAttributes = { + 57B14B702A0A881B002820C5 = { + CreatedOnToolsVersion = 14.3; + TestTargetID = 57B14B5F2A0A8819002820C5; + }; + 57B14B7A2A0A881B002820C5 = { + CreatedOnToolsVersion = 14.3; + TestTargetID = 57B14B5F2A0A8819002820C5; + }; + }; + }; + buildConfigurationList = 57B14B5B2A0A8819002820C5 /* Build configuration list for PBXProject "hello-tests" */; + compatibilityVersion = "Xcode 14.0"; + developmentRegion = en; + hasScannedForEncodings = 0; + knownRegions = ( + en, + Base, + ); + mainGroup = 57B14B572A0A8819002820C5; + productRefGroup = 57B14B612A0A8819002820C5 /* Products */; + projectDirPath = ""; + projectRoot = ""; + targets = ( + 57B14B702A0A881B002820C5 /* hello-testsTests */, + 57B14B7A2A0A881B002820C5 /* hello-testsUITests */, + ); + }; +/* End PBXProject section */ + +/* Begin PBXResourcesBuildPhase section */ + 57B14B6F2A0A881B002820C5 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 57B14B792A0A881B002820C5 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXResourcesBuildPhase section */ + +/* Begin PBXSourcesBuildPhase section */ + 57B14B6D2A0A881B002820C5 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 57B14B762A0A881B002820C5 /* hello_testsTests.swift in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 57B14B772A0A881B002820C5 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 57B14B802A0A881B002820C5 /* hello_testsUITests.swift in Sources */, + 57B14B822A0A881B002820C5 /* hello_testsUITestsLaunchTests.swift in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXSourcesBuildPhase section */ + +/* Begin XCBuildConfiguration section */ + 57B14B832A0A881B002820C5 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_ENABLE_OBJC_WEAK = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + ENABLE_TESTABILITY = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + MACOSX_DEPLOYMENT_TARGET = 13.2; + MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; + MTL_FAST_MATH = YES; + ONLY_ACTIVE_ARCH = YES; + SDKROOT = macosx; + SWIFT_ACTIVE_COMPILATION_CONDITIONS = DEBUG; + SWIFT_OPTIMIZATION_LEVEL = "-Onone"; + }; + name = Debug; + }; + 57B14B842A0A881B002820C5 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_ENABLE_OBJC_WEAK = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + MACOSX_DEPLOYMENT_TARGET = 13.2; + MTL_ENABLE_DEBUG_INFO = NO; + MTL_FAST_MATH = YES; + SDKROOT = macosx; + SWIFT_COMPILATION_MODE = wholemodule; + SWIFT_OPTIMIZATION_LEVEL = "-O"; + }; + name = Release; + }; + 57B14B892A0A881B002820C5 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; + BUNDLE_LOADER = "$(TEST_HOST)"; + CODE_SIGN_STYLE = Automatic; + CURRENT_PROJECT_VERSION = 1; + GENERATE_INFOPLIST_FILE = YES; + MACOSX_DEPLOYMENT_TARGET = 13.2; + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = "com.example.hello-testsTests"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_EMIT_LOC_STRINGS = NO; + SWIFT_VERSION = 5.0; + TEST_HOST = "$(BUILT_PRODUCTS_DIR)/hello-tests.app/$(BUNDLE_EXECUTABLE_FOLDER_PATH)/hello-tests"; + }; + name = Debug; + }; + 57B14B8A2A0A881B002820C5 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; + BUNDLE_LOADER = "$(TEST_HOST)"; + CODE_SIGN_STYLE = Automatic; + CURRENT_PROJECT_VERSION = 1; + GENERATE_INFOPLIST_FILE = YES; + MACOSX_DEPLOYMENT_TARGET = 13.2; + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = "com.example.hello-testsTests"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_EMIT_LOC_STRINGS = NO; + SWIFT_VERSION = 5.0; + TEST_HOST = "$(BUILT_PRODUCTS_DIR)/hello-tests.app/$(BUNDLE_EXECUTABLE_FOLDER_PATH)/hello-tests"; + }; + name = Release; + }; + 57B14B8C2A0A881B002820C5 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; + CODE_SIGN_STYLE = Automatic; + CURRENT_PROJECT_VERSION = 1; + GENERATE_INFOPLIST_FILE = YES; + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = "com.example.hello-testsUITests"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_EMIT_LOC_STRINGS = NO; + SWIFT_VERSION = 5.0; + TEST_TARGET_NAME = "hello-tests"; + }; + name = Debug; + }; + 57B14B8D2A0A881B002820C5 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; + CODE_SIGN_STYLE = Automatic; + CURRENT_PROJECT_VERSION = 1; + GENERATE_INFOPLIST_FILE = YES; + MARKETING_VERSION = 1.0; + PRODUCT_BUNDLE_IDENTIFIER = "com.example.hello-testsUITests"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_EMIT_LOC_STRINGS = NO; + SWIFT_VERSION = 5.0; + TEST_TARGET_NAME = "hello-tests"; + }; + name = Release; + }; +/* End XCBuildConfiguration section */ + +/* Begin XCConfigurationList section */ + 57B14B5B2A0A8819002820C5 /* Build configuration list for PBXProject "hello-tests" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 57B14B832A0A881B002820C5 /* Debug */, + 57B14B842A0A881B002820C5 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 57B14B882A0A881B002820C5 /* Build configuration list for PBXNativeTarget "hello-testsTests" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 57B14B892A0A881B002820C5 /* Debug */, + 57B14B8A2A0A881B002820C5 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 57B14B8B2A0A881B002820C5 /* Build configuration list for PBXNativeTarget "hello-testsUITests" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 57B14B8C2A0A881B002820C5 /* Debug */, + 57B14B8D2A0A881B002820C5 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; +/* End XCConfigurationList section */ + }; + rootObject = 57B14B582A0A8819002820C5 /* Project object */; +} diff --git a/swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/hello-tests.xcodeproj/project.xcworkspace/contents.xcworkspacedata b/swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/hello-tests.xcodeproj/project.xcworkspace/contents.xcworkspacedata new file mode 100644 index 00000000000..919434a6254 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/hello-tests.xcodeproj/project.xcworkspace/contents.xcworkspacedata @@ -0,0 +1,7 @@ + + + + + diff --git a/swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/test.py b/swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/test.py new file mode 100644 index 00000000000..37aaa3ce344 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/test.py @@ -0,0 +1,5 @@ +from create_database_utils import * +from diagnostics_test_utils import * + +run_codeql_database_create([], lang='swift', keep_trap=True, db=None, runFunction=runUnsuccessfully) +check_diagnostics() diff --git a/swift/xcode-autobuilder/XcodeProjectParser.cpp b/swift/xcode-autobuilder/XcodeProjectParser.cpp index 9ace4b43696..65f3a7dc74e 100644 --- a/swift/xcode-autobuilder/XcodeProjectParser.cpp +++ b/swift/xcode-autobuilder/XcodeProjectParser.cpp @@ -9,36 +9,23 @@ #include "swift/xcode-autobuilder/XcodeWorkspaceParser.h" #include "swift/xcode-autobuilder/CFHelpers.h" -#include "swift/logging/SwiftLogging.h" -#include "swift/xcode-autobuilder/CustomizingBuildDiagnostics.h" - -namespace codeql_diagnostics { -constexpr codeql::SwiftDiagnosticsSource no_project_found{ - "no_project_found", "No Xcode project or workspace detected", customizingBuildAction, - customizingBuildHelpLinks}; -} // namespace codeql_diagnostics namespace fs = std::filesystem; -static codeql::Logger& logger() { - static codeql::Logger ret{"project"}; - return ret; -} - struct TargetData { std::string workspace; std::string project; std::string type; }; -typedef std::unordered_map Targets; -typedef std::unordered_map> Dependencies; -typedef std::unordered_map>> - BuildFiles; +using TargetMap = std::unordered_map; +using DependencyMap = std::unordered_map>; +using FileMap = + std::unordered_map>>; static size_t totalFilesCount(const std::string& target, - const Dependencies& dependencies, - const BuildFiles& buildFiles) { + const DependencyMap& dependencies, + const FileMap& buildFiles) { size_t sum = buildFiles.at(target).size(); for (auto& dep : dependencies.at(target)) { sum += totalFilesCount(dep, dependencies, buildFiles); @@ -61,9 +48,9 @@ static bool objectIsTarget(CFDictionaryRef object) { static void mapTargetsToSourceFiles(CFDictionaryRef objects, std::unordered_map& fileCounts) { - Targets targets; - Dependencies dependencies; - BuildFiles buildFiles; + TargetMap targets; + DependencyMap dependencies; + FileMap buildFiles; auto kv = CFKeyValues::fromDictionary(objects); for (size_t i = 0; i < kv.size; i++) { @@ -213,42 +200,54 @@ static std::unordered_map mapTargetsToWorkspace( static std::vector collectFiles(const std::string& workingDir) { fs::path workDir(workingDir); std::vector files; - auto iterator = fs::recursive_directory_iterator(workDir); auto end = fs::recursive_directory_iterator(); - for (; iterator != end; iterator++) { - auto filename = iterator->path().filename(); - if (filename == "DerivedData" || filename == ".git" || filename == "build") { + for (auto it = fs::recursive_directory_iterator(workDir); it != end; ++it) { + const auto& p = it->path(); + if (p.filename() == "Package.swift") { + files.push_back(p); + continue; + } + if (!it->is_directory()) { + continue; + } + if (p.filename() == "DerivedData" || p.filename() == ".git" || p.filename() == "build") { // Skip these folders - iterator.disable_recursion_pending(); + it.disable_recursion_pending(); continue; } - auto dirEntry = *iterator; - if (!dirEntry.is_directory()) { - continue; + if (p.extension() == ".xcodeproj" || p.extension() == ".xcworkspace") { + files.push_back(p); } - if (dirEntry.path().extension() != fs::path(".xcodeproj") && - dirEntry.path().extension() != fs::path(".xcworkspace")) { - continue; - } - files.push_back(dirEntry.path()); } return files; } static std::unordered_map> collectWorkspaces( - const std::string& workingDir) { + const std::string& workingDir, + bool& swiftPackageEncountered) { // Here we are collecting list of all workspaces and Xcode projects corresponding to them // Projects without workspaces go into the same "empty-workspace" bucket + swiftPackageEncountered = false; std::unordered_map> workspaces; std::unordered_set projectsBelongingToWorkspace; std::vector files = collectFiles(workingDir); for (auto& path : files) { + std::cerr << path.c_str() << '\n'; if (path.extension() == ".xcworkspace") { auto projects = readProjectsFromWorkspace(path.string()); for (auto& project : projects) { projectsBelongingToWorkspace.insert(project.string()); workspaces[path.string()].push_back(project.string()); } + } else if (!swiftPackageEncountered && path.filename() == "Package.swift") { + // a package manifest must begin with a specific header comment + // see https://docs.swift.org/package-manager/PackageDescription/PackageDescription.html + static constexpr std::string_view packageHeader = "// swift-tools-version:"; + char buffer[packageHeader.size()]; + if (std::ifstream{path}.read(buffer, packageHeader.size()) && buffer == packageHeader) { + swiftPackageEncountered = true; + } + std::cerr << " " << std::string_view{buffer} << '\n'; } } // Collect all projects not belonging to any workspace into a separate empty bucket @@ -263,12 +262,13 @@ static std::unordered_map> collectWorkspac return workspaces; } -std::vector collectTargets(const std::string& workingDir) { +Targets collectTargets(const std::string& workingDir) { + Targets ret; // Getting a list of workspaces and the project that belong to them - auto workspaces = collectWorkspaces(workingDir); - if (workspaces.empty()) { - DIAGNOSE_ERROR(no_project_found, "No Xcode project or workspace was found"); - exit(1); + auto workspaces = collectWorkspaces(workingDir, ret.swiftPackageEncountered); + ret.xcodeEncountered = !workspaces.empty(); + if (!ret.xcodeEncountered) { + return ret; } // Mapping each target to the workspace/project it belongs to @@ -277,11 +277,9 @@ std::vector collectTargets(const std::string& workingDir) { // Mapping each target to the number of source files it contains auto targetFilesMapping = mapTargetsToSourceFiles(workspaces); - std::vector targets; - for (auto& [targetName, data] : targetMapping) { - targets.push_back(Target{data.workspace, data.project, targetName, data.type, - targetFilesMapping[targetName]}); + ret.targets.push_back(Target{data.workspace, data.project, targetName, data.type, + targetFilesMapping[targetName]}); } - return targets; + return ret; } diff --git a/swift/xcode-autobuilder/XcodeProjectParser.h b/swift/xcode-autobuilder/XcodeProjectParser.h index d2cc9e6a10b..bf2091eef68 100644 --- a/swift/xcode-autobuilder/XcodeProjectParser.h +++ b/swift/xcode-autobuilder/XcodeProjectParser.h @@ -4,4 +4,10 @@ #include #include -std::vector collectTargets(const std::string& workingDir); +struct Targets { + std::vector targets; + bool xcodeEncountered; + bool swiftPackageEncountered; +}; + +Targets collectTargets(const std::string& workingDir); diff --git a/swift/xcode-autobuilder/xcode-autobuilder.cpp b/swift/xcode-autobuilder/xcode-autobuilder.cpp index d540217eeb2..bcdf826700b 100644 --- a/swift/xcode-autobuilder/xcode-autobuilder.cpp +++ b/swift/xcode-autobuilder/xcode-autobuilder.cpp @@ -13,9 +13,17 @@ static const char* unitTest = "com.apple.product-type.bundle.unit-test"; const std::string_view codeql::programName = "autobuilder"; namespace codeql_diagnostics { +constexpr codeql::SwiftDiagnosticsSource no_project_found{ + "no_project_found", "No Xcode project or workspace detected", customizingBuildAction, + customizingBuildHelpLinks}; + constexpr codeql::SwiftDiagnosticsSource no_swift_target{ "no_swift_target", "No Swift compilation target found", customizingBuildAction, customizingBuildHelpLinks}; + +constexpr codeql::SwiftDiagnosticsSource spm_not_supported{ + "spm_not_supported", "Swift Package Manager build unsupported by autobuild", + customizingBuildAction, customizingBuildHelpLinks}; } // namespace codeql_diagnostics static codeql::Logger& logger() { @@ -29,7 +37,8 @@ struct CLIArgs { }; static void autobuild(const CLIArgs& args) { - auto targets = collectTargets(args.workingDir); + auto collected = collectTargets(args.workingDir); + auto& targets = collected.targets; for (const auto& t : targets) { LOG_INFO("{}", t); } @@ -43,14 +52,20 @@ static void autobuild(const CLIArgs& args) { // Sort targets by the amount of files in each std::sort(std::begin(targets), std::end(targets), [](Target& lhs, Target& rhs) { return lhs.fileCount > rhs.fileCount; }); - - if (targets.empty()) { + if ((!collected.xcodeEncountered || targets.empty()) && collected.swiftPackageEncountered) { + DIAGNOSE_ERROR(spm_not_supported, + "No viable Swift Xcode target was found but a Swift package was detected. Swift " + "Package Manager builds are not yet supported by the autobuilder"); + } else if (!collected.xcodeEncountered) { + DIAGNOSE_ERROR(no_project_found, "No Xcode project or workspace was found"); + } else if (targets.empty()) { DIAGNOSE_ERROR(no_swift_target, "All targets found within Xcode projects or workspaces either " "have no Swift sources or are tests"); - exit(1); + } else { + LOG_INFO("Selected {}", targets.front()); + buildTarget(targets.front(), args.dryRun); + return; } - LOG_INFO("Selected {}", targets.front()); - buildTarget(targets.front(), args.dryRun); } static CLIArgs parseCLIArgs(int argc, char** argv) { From 8f41ff36fb17943f3156fd3cc2291aa4b4f2a4d4 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 10 May 2023 13:50:04 +0100 Subject: [PATCH 248/870] Add change note --- .../change-notes/2023-04-25-data-flow-varargs-parameters.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 go/ql/lib/change-notes/2023-04-25-data-flow-varargs-parameters.md diff --git a/go/ql/lib/change-notes/2023-04-25-data-flow-varargs-parameters.md b/go/ql/lib/change-notes/2023-04-25-data-flow-varargs-parameters.md new file mode 100644 index 00000000000..881d570361e --- /dev/null +++ b/go/ql/lib/change-notes/2023-04-25-data-flow-varargs-parameters.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Fixed data flow through variadic function parameters. The arguments corresponding to a variadic parameter are no longer returned by `CallNode.getArgument(int i)` and `CallNode.getAnArgument()`, and hence aren't `ArgumentNode`s. They now have one result, which is an `ImplicitVarargsSlice` node. For example, a call `f(a, b, c)` to a function `f(T...)` is treated like `f([]T{a, b, c})`. The old behaviour is preserved by `CallNode.getSyntacticArgument(int i)` and `CallNode.getASyntacticArgument()`. `CallExpr.getArgument(int i)` and `CallExpr.getAnArgument()` are unchanged, and will still have three results in the example given. \ No newline at end of file From f3d096cf37f8f7a62ae9ef5a383aa9cb0b024369 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 10 May 2023 15:02:22 +0200 Subject: [PATCH 249/870] update DollarAtString class to use hasLocationInfo instead of getURL --- java/ql/src/Telemetry/AutomodelSharedUtil.qll | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelSharedUtil.qll b/java/ql/src/Telemetry/AutomodelSharedUtil.qll index 022233c8b8a..6e323de9ebb 100644 --- a/java/ql/src/Telemetry/AutomodelSharedUtil.qll +++ b/java/ql/src/Telemetry/AutomodelSharedUtil.qll @@ -1,22 +1,21 @@ /** * A helper class to represent a string value that can be returned by a query using $@ notation. * - * It extends `string`, but adds a mock `getURL` method that returns the string itself as a data URL. + * It extends `string`, but adds a mock `hasLocationInfo` method that returns the string itself as the file name. * * Use this, when you want to return a string value from a query using $@ notation — the string value * will be included in the sarif file. * - * Note that the string should be URL-encoded, or the resulting URL will be invalid (this may be OK in your use case). * - * Background information: - * - data URLs: https://developer.mozilla.org/en-US/docs/web/http/basics_of_http/data_urls - * - `getURL`: - * https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/#providing-urls + * Background information on `hasLocationInfo`: + * https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/#providing-location-information */ class DollarAtString extends string { bindingset[this] DollarAtString() { any() } bindingset[this] - string getURL() { result = "data:text/plain," + this } + predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) { + path = this and sl = 1 and sc = 1 and el = 1 and ec = 1 + } } From 1c66564ccca37a29a7d6a813ab1160010beedae0 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 10 May 2023 14:05:09 +0100 Subject: [PATCH 250/870] address review comments --- go/ql/lib/semmle/go/StringOps.qll | 2 +- .../go/dataflow/internal/ContainerFlow.qll | 2 +- .../go/dataflow/internal/DataFlowNodes.qll | 8 ++- go/ql/lib/semmle/go/frameworks/Revel.qll | 2 +- .../semmle/go/frameworks/stdlib/NetHttp.qll | 69 +++++++++---------- go/ql/src/experimental/frameworks/Fiber.qll | 4 +- 6 files changed, 46 insertions(+), 41 deletions(-) diff --git a/go/ql/lib/semmle/go/StringOps.qll b/go/ql/lib/semmle/go/StringOps.qll index 20e4d387af8..66e65a646ac 100644 --- a/go/ql/lib/semmle/go/StringOps.qll +++ b/go/ql/lib/semmle/go/StringOps.qll @@ -331,7 +331,7 @@ module StringOps { formatDirective = this.getComponent(n) and formatDirective.charAt(0) = "%" and formatDirective.charAt(1) != "%" and - result = this.getImplicitVarargsArgument((n / 2)) + result = this.getImplicitVarargsArgument(n / 2) } } } diff --git a/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll b/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll index 9065cfdae11..ae352ec71bd 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll @@ -23,7 +23,7 @@ predicate containerStoreStep(Node node1, Node node2, Content c) { ( exists(Write w | w.writesElement(node2, _, node1)) or - node1 = node2.(ImplicitVarargsSlice).getCallNode().getImplicitVarargsArgument(_) + node1 = node2.(ImplicitVarargsSlice).getCallNode().getAnImplicitVarargsArgument() ) ) or diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll index 6bee34aa585..e78404ca626 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll @@ -598,6 +598,12 @@ module Public { ) } + /** + * Gets an argument without an ellipsis after it which is passed to + * the varargs parameter of the target of this call (if there is one). + */ + Node getAnImplicitVarargsArgument() { result = this.getImplicitVarargsArgument(_) } + /** Gets a function passed as the `i`th argument of this call. */ FunctionNode getCallback(int i) { result.getASuccessor*() = this.getArgument(i) } @@ -772,7 +778,7 @@ module Public { ( preupd instanceof ArgumentNode and not preupd instanceof ImplicitVarargsSlice or - preupd = any(CallNode c).getImplicitVarargsArgument(_) + preupd = any(CallNode c).getAnImplicitVarargsArgument() ) and mutableType(preupd.getType()) ) and diff --git a/go/ql/lib/semmle/go/frameworks/Revel.qll b/go/ql/lib/semmle/go/frameworks/Revel.qll index 622edf108f0..c67c4b340ee 100644 --- a/go/ql/lib/semmle/go/frameworks/Revel.qll +++ b/go/ql/lib/semmle/go/frameworks/Revel.qll @@ -124,7 +124,7 @@ module Revel { or methodName = "RenderText" and contentType = "text/plain" and - this = methodCall.getSyntacticArgument(_) + this = methodCall.getASyntacticArgument() ) } diff --git a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll index 5a4d76f763d..b3f1d075c86 100644 --- a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll +++ b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll @@ -134,44 +134,43 @@ module NetHttp { result = call.getReceiver() } - private class ResponseBody extends Http::ResponseBody::Range, DataFlow::Node { + private class ResponseBody extends Http::ResponseBody::Range { DataFlow::Node responseWriter; ResponseBody() { - this = any(DataFlow::CallNode call).getASyntacticArgument() and - ( - exists(DataFlow::CallNode call | - // A direct call to ResponseWriter.Write, conveying taint from the argument to the receiver - call.getTarget().(Method).implements("net/http", "ResponseWriter", "Write") and - this = call.getArgument(0) and - responseWriter = call.(DataFlow::MethodCallNode).getReceiver() - ) - or - exists(TaintTracking::FunctionModel model | - // A modeled function conveying taint from some input to the response writer, - // e.g. `io.Copy(responseWriter, someTaintedReader)` - model.taintStep(this, responseWriter) and - responseWriter.getType().implements("net/http", "ResponseWriter") - ) - or - exists( - SummarizedCallable callable, DataFlow::CallNode call, SummaryComponentStack input, - SummaryComponentStack output - | - callable = call.getACalleeIncludingExternals() and - callable.propagatesFlow(input, output, _) - | - // A modeled function conveying taint from some input to the response writer, - // e.g. `io.Copy(responseWriter, someTaintedReader)` - // NB. SummarizedCallables do not implement a direct call-site-crossing flow step; instead - // they are implemented by a function body with internal dataflow nodes, so we mimic the - // one-step style for the particular case of taint propagation direct from an argument or receiver - // to another argument, receiver or return value, matching the behavior for a `TaintTracking::FunctionModel`. - this = getSummaryInputOrOutputNode(call, input) and - responseWriter.(DataFlow::PostUpdateNode).getPreUpdateNode() = - getSummaryInputOrOutputNode(call, output) and - responseWriter.getType().implements("net/http", "ResponseWriter") - ) + exists(DataFlow::CallNode call | + // A direct call to ResponseWriter.Write, conveying taint from the argument to the receiver + call.getTarget().(Method).implements("net/http", "ResponseWriter", "Write") and + this = call.getArgument(0) and + responseWriter = call.(DataFlow::MethodCallNode).getReceiver() + ) + or + exists(TaintTracking::FunctionModel model | + // A modeled function conveying taint from some input to the response writer, + // e.g. `io.Copy(responseWriter, someTaintedReader)` + this = model.getACall().getASyntacticArgument() and + model.taintStep(this, responseWriter) and + responseWriter.getType().implements("net/http", "ResponseWriter") + ) + or + exists( + SummarizedCallable callable, DataFlow::CallNode call, SummaryComponentStack input, + SummaryComponentStack output + | + this = call.getASyntacticArgument() and + callable = call.getACalleeIncludingExternals() and + callable.propagatesFlow(input, output, _) + | + // A modeled function conveying taint from some input to the response writer, + // e.g. `io.Copy(responseWriter, someTaintedReader)` + // NB. SummarizedCallables do not implement a direct call-site-crossing flow step; instead + // they are implemented by a function body with internal dataflow nodes, so we mimic the + // one-step style for the particular case of taint propagation direct from an argument or receiver + // to another argument, receiver or return value, matching the behavior for a `TaintTracking::FunctionModel`. + this = getSummaryInputOrOutputNode(call, input) and + responseWriter.(DataFlow::PostUpdateNode).getPreUpdateNode() = + getSummaryInputOrOutputNode(call, output) and + responseWriter.getType().implements("net/http", "ResponseWriter") ) } diff --git a/go/ql/src/experimental/frameworks/Fiber.qll b/go/ql/src/experimental/frameworks/Fiber.qll index ed2182a5ce8..27bb9bbcd10 100644 --- a/go/ql/src/experimental/frameworks/Fiber.qll +++ b/go/ql/src/experimental/frameworks/Fiber.qll @@ -270,7 +270,7 @@ private module Fiber { or // signature: func (*Ctx) Send(bodies ...interface{}) methodName = "Send" and - bodyNode = bodySetterCall.getSyntacticArgument(_) + bodyNode = bodySetterCall.getASyntacticArgument() or // signature: func (*Ctx) SendBytes(body []byte) methodName = "SendBytes" and @@ -286,7 +286,7 @@ private module Fiber { or // signature: func (*Ctx) Write(bodies ...interface{}) methodName = "Write" and - bodyNode = bodySetterCall.getSyntacticArgument(_) + bodyNode = bodySetterCall.getASyntacticArgument() ) ) ) From f05cce8fc2e7ac730e0d280796faa0430c727d59 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 10 May 2023 14:10:13 +0100 Subject: [PATCH 251/870] C++: Add a member predicate to phi nodes for checking if a phi is a read-phi and use it to restrict flow in 'cpp/invalid-pointer-deref'. --- .../code/cpp/ir/dataflow/internal/DataFlowUtil.qll | 10 +++++++++- .../code/cpp/ir/dataflow/internal/SsaInternals.qll | 8 ++++++++ .../Security/CWE/CWE-193/InvalidPointerDeref.ql | 4 +++- 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index ac69314b113..7f32a27287b 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -552,7 +552,7 @@ class SsaPhiNode extends Node, TSsaPhiNode { */ final Node getAnInput(boolean fromBackEdge) { localFlowStep(result, this) and - if phi.getBasicBlock().strictlyDominates(result.getBasicBlock()) + if phi.getBasicBlock().dominates(result.getBasicBlock()) then fromBackEdge = true else fromBackEdge = false } @@ -562,6 +562,14 @@ class SsaPhiNode extends Node, TSsaPhiNode { /** Gets the source variable underlying this phi node. */ Ssa::SourceVariable getSourceVariable() { result = phi.getSourceVariable() } + + /** + * Holds if this phi node is a phi-read node. + * + * Phi-read nodes are like normal phi nodes, but they are inserted based + * on reads instead of writes. + */ + predicate isPhiRead() { phi.isPhiRead() } } /** diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll index d14b924b4a9..54b86153f10 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll @@ -1012,6 +1012,14 @@ class PhiNode extends SsaImpl::DefinitionExt { this instanceof SsaImpl::PhiNode or this instanceof SsaImpl::PhiReadNode } + + /** + * Holds if this phi node is a phi-read node. + * + * Phi-read nodes are like normal phi nodes, but they are inserted based + * on reads instead of writes. + */ + predicate isPhiRead() { this instanceof SsaImpl::PhiReadNode } } class DefinitionExt = SsaImpl::DefinitionExt; diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql index 46506cdff5d..1c81092ab3d 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql @@ -230,7 +230,9 @@ module InvalidPointerToDerefConfig implements DataFlow::ConfigSig { pragma[inline] predicate isSink(DataFlow::Node sink) { isInvalidPointerDerefSink(sink, _, _) } - predicate isBarrier(DataFlow::Node node) { node = any(DataFlow::SsaPhiNode phi).getAnInput(true) } + predicate isBarrier(DataFlow::Node node) { + node = any(DataFlow::SsaPhiNode phi | not phi.isPhiRead()).getAnInput(true) + } } module InvalidPointerToDerefFlow = DataFlow::Global; From f8b3968b38c344d6940f5b5ff79cf0a77ad1e39c Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Wed, 10 May 2023 14:16:50 +0200 Subject: [PATCH 252/870] C++: Make implicit this receivers explicit --- .../code/cpp/controlflow/StackVariableReachability.qll | 6 +++--- .../new/internal/semantic/analysis/RangeAnalysisStage.qll | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/StackVariableReachability.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/StackVariableReachability.qll index 3af5f2dbf0c..9fa5c57ef12 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/StackVariableReachability.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/StackVariableReachability.qll @@ -25,7 +25,7 @@ import cpp */ abstract class StackVariableReachability extends string { bindingset[this] - StackVariableReachability() { length() >= 0 } + StackVariableReachability() { this.length() >= 0 } /** Holds if `node` is a source for the reachability analysis using variable `v`. */ abstract predicate isSource(ControlFlowNode node, StackVariable v); @@ -227,7 +227,7 @@ predicate bbSuccessorEntryReachesLoopInvariant( */ abstract class StackVariableReachabilityWithReassignment extends StackVariableReachability { bindingset[this] - StackVariableReachabilityWithReassignment() { length() >= 0 } + StackVariableReachabilityWithReassignment() { this.length() >= 0 } /** Override this predicate rather than `isSource` (`isSource` is used internally). */ abstract predicate isSourceActual(ControlFlowNode node, StackVariable v); @@ -330,7 +330,7 @@ abstract class StackVariableReachabilityWithReassignment extends StackVariableRe */ abstract class StackVariableReachabilityExt extends string { bindingset[this] - StackVariableReachabilityExt() { length() >= 0 } + StackVariableReachabilityExt() { this.length() >= 0 } /** `node` is a source for the reachability analysis using variable `v`. */ abstract predicate isSource(ControlFlowNode node, StackVariable v); diff --git a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisStage.qll b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisStage.qll index cbccb4a6ca8..58c6e62fe2e 100644 --- a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisStage.qll +++ b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisStage.qll @@ -277,7 +277,7 @@ module RangeStage< */ private class SafeCastExpr extends ConvertOrBoxExpr { SafeCastExpr() { - conversionCannotOverflow(getTrackedType(pragma[only_bind_into](getOperand())), + conversionCannotOverflow(getTrackedType(pragma[only_bind_into](this.getOperand())), pragma[only_bind_out](getTrackedType(this))) } } From 8410eb3477a79a1dae54ae7fad13e1684a939cbd Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Wed, 10 May 2023 13:27:21 +0200 Subject: [PATCH 253/870] C++: Enable implicit this warnings --- cpp/ql/lib/qlpack.yml | 1 + cpp/ql/src/qlpack.yml | 1 + cpp/ql/test/qlpack.yml | 1 + 3 files changed, 3 insertions(+) diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 2c84e013333..3f6482c1ebe 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -9,3 +9,4 @@ dependencies: codeql/ssa: ${workspace} codeql/tutorial: ${workspace} codeql/util: ${workspace} +warnOnImplicitThis: true diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 3718b83cb14..4df58a2da69 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -10,3 +10,4 @@ dependencies: suites: codeql-suites extractor: cpp defaultSuiteFile: codeql-suites/cpp-code-scanning.qls +warnOnImplicitThis: true diff --git a/cpp/ql/test/qlpack.yml b/cpp/ql/test/qlpack.yml index 34c48f7029b..6ee37c09b64 100644 --- a/cpp/ql/test/qlpack.yml +++ b/cpp/ql/test/qlpack.yml @@ -5,3 +5,4 @@ dependencies: codeql/cpp-queries: ${workspace} extractor: cpp tests: . +warnOnImplicitThis: true From 4dcd3bec117bb81274f7e153e04c2120579cfd46 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 10 May 2023 14:47:44 +0100 Subject: [PATCH 254/870] Swift: Delete TODOs (move to issues). --- .../dataflow/internal/FlowSummaryImplSpecific.qll | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImplSpecific.qll b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImplSpecific.qll index 1c584b24071..e13636a911e 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImplSpecific.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImplSpecific.qll @@ -31,25 +31,19 @@ DataFlowType getContentType(ContentSet c) { any() } /** Gets the return type of kind `rk` for callable `c`. */ bindingset[c] -DataFlowType getReturnType(SummarizedCallable c, ReturnKind rk) { - any() // TODO once we have type pruning -} +DataFlowType getReturnType(SummarizedCallable c, ReturnKind rk) { any() } /** * Gets the type of the parameter matching arguments at position `pos` in a * synthesized call that targets a callback of type `t`. */ -DataFlowType getCallbackParameterType(DataFlowType t, ArgumentPosition pos) { - any() // TODO once we have type pruning -} +DataFlowType getCallbackParameterType(DataFlowType t, ArgumentPosition pos) { any() } /** * Gets the return type of kind `rk` in a synthesized call that targets a * callback of type `t`. */ -DataFlowType getCallbackReturnType(DataFlowType t, ReturnKind rk) { - any() // TODO once we have type pruning -} +DataFlowType getCallbackReturnType(DataFlowType t, ReturnKind rk) { any() } /** Gets the type of synthetic global `sg`. */ DataFlowType getSyntheticGlobalType(SummaryComponent::SyntheticGlobal sg) { any() } From bbe5f5e0f069f99cc67c7db41a6787e362409109 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 10 May 2023 14:49:22 +0100 Subject: [PATCH 255/870] Swift: HACK -> TODO. --- .../ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll index 3259bc3099e..37a260d21bb 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll @@ -683,14 +683,14 @@ predicate storeStep(Node node1, ContentSet c, Node node2) { // i.e. from `f(x)` where `x: T` into `f(.some(x))` where the context `f` expects a `T?`. exists(InjectIntoOptionalExpr e | e.convertsFrom(node1.asExpr()) and - node2 = node1 and // HACK: we should ideally have a separate Node case for the (hidden) InjectIntoOptionalExpr + node2 = node1 and // TODO: we should ideally have a separate Node case for the (hidden) InjectIntoOptionalExpr c instanceof OptionalSomeContentSet ) or // creation of an optional by returning from a failable initializer (`init?`) exists(Initializer init | node1.asExpr().(CallExpr).getStaticTarget() = init and - node2 = node1 and // HACK: again, we should ideally have a separate Node case here, and not reuse the CallExpr + node2 = node1 and // TODO: again, we should ideally have a separate Node case here, and not reuse the CallExpr c instanceof OptionalSomeContentSet and init.isFailable() ) From e120e849330184df0126f5dc22dd3aa399309890 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 10 May 2023 14:59:23 +0100 Subject: [PATCH 256/870] Swift: Delete TODOs (move to issues). --- .../ql/lib/codeql/swift/dataflow/internal/DataFlowDispatch.qll | 3 --- .../ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll | 3 --- 2 files changed, 6 deletions(-) diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowDispatch.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowDispatch.qll index 5263ec99be2..4fc1b70b9a0 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowDispatch.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowDispatch.qll @@ -215,9 +215,6 @@ class PropertyObserverCall extends DataFlowCall, TPropertyObserverCall { i = -1 and result = observer.getBase() or - // TODO: This is correct for `willSet` (which takes a `newValue` parameter), - // but for `didSet` (which takes an `oldValue` parameter) we need an rvalue - // for `getBase()`. i = 0 and result = observer.getSource() } diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll index 37a260d21bb..7b2bc359c9a 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll @@ -433,8 +433,6 @@ private module ArgumentNodes { ObserverArgumentNode() { observer.getBase() = this.getCfgNode() or - // TODO: This should be an rvalue representing the `getBase` when - // `observer` a `didSet` observer. observer.getSource() = this.getCfgNode() } @@ -444,7 +442,6 @@ private module ArgumentNodes { pos = TThisArgument() and observer.getBase() = this.getCfgNode() or - // TODO: See the comment above for `didSet` observers. pos.(PositionalArgumentPosition).getIndex() = 0 and observer.getSource() = this.getCfgNode() ) From 49da113b10e307b37f42f0df0dd6f0c99a432359 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 10 May 2023 15:06:39 +0100 Subject: [PATCH 257/870] Swift: Delete unwanted TODO comment. --- swift/ql/lib/codeql/swift/dataflow/Ssa.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/swift/ql/lib/codeql/swift/dataflow/Ssa.qll b/swift/ql/lib/codeql/swift/dataflow/Ssa.qll index 055deaa7009..ab4d4c21336 100644 --- a/swift/ql/lib/codeql/swift/dataflow/Ssa.qll +++ b/swift/ql/lib/codeql/swift/dataflow/Ssa.qll @@ -185,7 +185,7 @@ module Ssa { cached predicate assigns(CfgNode value) { exists( - AssignExpr a, SsaInput::BasicBlock bb, int i // TODO: use CFG node for assignment expr + AssignExpr a, SsaInput::BasicBlock bb, int i | this.definesAt(_, bb, i) and a = bb.getNode(i).getNode().asAstNode() and From d346d1733e50ed10e1ede4eca00a6b7388d096a8 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Wed, 10 May 2023 15:51:21 +0200 Subject: [PATCH 258/870] Swift: Make implicit this receivers explicit --- misc/codegen/templates/ql_class.mustache | 14 +- swift/ql/.generated.list | 266 +++++++++--------- .../swift/generated/AvailabilityInfo.qll | 6 +- .../lib/codeql/swift/generated/Callable.qll | 22 +- .../ql/lib/codeql/swift/generated/Element.qll | 4 +- .../swift/generated/KeyPathComponent.qll | 14 +- .../lib/codeql/swift/generated/Locatable.qll | 4 +- .../lib/codeql/swift/generated/Location.qll | 2 +- .../swift/generated/UnspecifiedElement.qll | 6 +- .../generated/decl/AbstractStorageDecl.qll | 6 +- .../swift/generated/decl/CapturedDecl.qll | 2 +- .../lib/codeql/swift/generated/decl/Decl.qll | 8 +- .../swift/generated/decl/EnumCaseDecl.qll | 8 +- .../swift/generated/decl/EnumElementDecl.qll | 6 +- .../swift/generated/decl/ExtensionDecl.qll | 10 +- .../swift/generated/decl/GenericContext.qll | 6 +- .../swift/generated/decl/IfConfigDecl.qll | 8 +- .../swift/generated/decl/ImportDecl.qll | 12 +- .../generated/decl/InfixOperatorDecl.qll | 4 +- .../swift/generated/decl/ModuleDecl.qll | 12 +- .../swift/generated/decl/NominalTypeDecl.qll | 2 +- .../swift/generated/decl/OpaqueTypeDecl.qll | 10 +- .../codeql/swift/generated/decl/ParamDecl.qll | 8 +- .../generated/decl/PatternBindingDecl.qll | 12 +- .../generated/decl/PoundDiagnosticDecl.qll | 2 +- .../swift/generated/decl/SubscriptDecl.qll | 8 +- .../swift/generated/decl/TopLevelCodeDecl.qll | 2 +- .../swift/generated/decl/TypeAliasDecl.qll | 2 +- .../codeql/swift/generated/decl/TypeDecl.qll | 6 +- .../codeql/swift/generated/decl/ValueDecl.qll | 2 +- .../codeql/swift/generated/decl/VarDecl.qll | 34 ++- .../swift/generated/expr/AnyTryExpr.qll | 2 +- .../expr/AppliedPropertyWrapperExpr.qll | 4 +- .../codeql/swift/generated/expr/ApplyExpr.qll | 8 +- .../codeql/swift/generated/expr/Argument.qll | 2 +- .../codeql/swift/generated/expr/ArrayExpr.qll | 6 +- .../swift/generated/expr/AssignExpr.qll | 4 +- .../swift/generated/expr/BindOptionalExpr.qll | 2 +- .../swift/generated/expr/CaptureListExpr.qll | 8 +- .../swift/generated/expr/DeclRefExpr.qll | 8 +- .../generated/expr/DefaultArgumentExpr.qll | 6 +- .../swift/generated/expr/DictionaryExpr.qll | 6 +- .../expr/DotSyntaxBaseIgnoredExpr.qll | 4 +- .../swift/generated/expr/DynamicTypeExpr.qll | 2 +- .../swift/generated/expr/EnumIsCaseExpr.qll | 4 +- .../swift/generated/expr/ExplicitCastExpr.qll | 2 +- .../lib/codeql/swift/generated/expr/Expr.qll | 4 +- .../swift/generated/expr/ForceValueExpr.qll | 2 +- .../swift/generated/expr/IdentityExpr.qll | 2 +- .../codeql/swift/generated/expr/IfExpr.qll | 6 +- .../generated/expr/ImplicitConversionExpr.qll | 2 +- .../codeql/swift/generated/expr/InOutExpr.qll | 2 +- .../expr/InterpolatedStringLiteralExpr.qll | 18 +- .../generated/expr/KeyPathApplicationExpr.qll | 4 +- .../swift/generated/expr/KeyPathExpr.qll | 10 +- .../generated/expr/LazyInitializationExpr.qll | 2 +- .../swift/generated/expr/LookupExpr.qll | 6 +- .../expr/MakeTemporarilyEscapableExpr.qll | 8 +- .../swift/generated/expr/MethodLookupExpr.qll | 2 +- .../swift/generated/expr/ObjCSelectorExpr.qll | 4 +- .../generated/expr/ObjectLiteralExpr.qll | 6 +- .../swift/generated/expr/OneWayExpr.qll | 2 +- .../generated/expr/OpenExistentialExpr.qll | 6 +- .../generated/expr/OptionalEvaluationExpr.qll | 2 +- .../expr/OtherInitializerRefExpr.qll | 2 +- .../generated/expr/OverloadedDeclRefExpr.qll | 6 +- .../PropertyWrapperValuePlaceholderExpr.qll | 6 +- .../expr/RebindSelfInInitializerExpr.qll | 4 +- .../swift/generated/expr/SelfApplyExpr.qll | 2 +- .../swift/generated/expr/SequenceExpr.qll | 6 +- .../swift/generated/expr/SubscriptExpr.qll | 6 +- .../swift/generated/expr/SuperRefExpr.qll | 2 +- .../codeql/swift/generated/expr/TapExpr.qll | 8 +- .../swift/generated/expr/TupleElementExpr.qll | 2 +- .../codeql/swift/generated/expr/TupleExpr.qll | 6 +- .../codeql/swift/generated/expr/TypeExpr.qll | 4 +- .../generated/expr/UnresolvedDeclRefExpr.qll | 2 +- .../generated/expr/UnresolvedDotExpr.qll | 2 +- .../generated/expr/UnresolvedPatternExpr.qll | 2 +- .../expr/UnresolvedSpecializeExpr.qll | 2 +- .../generated/expr/VarargExpansionExpr.qll | 2 +- .../generated/pattern/BindingPattern.qll | 2 +- .../generated/pattern/EnumElementPattern.qll | 6 +- .../swift/generated/pattern/ExprPattern.qll | 2 +- .../swift/generated/pattern/IsPattern.qll | 8 +- .../generated/pattern/OptionalSomePattern.qll | 2 +- .../swift/generated/pattern/ParenPattern.qll | 2 +- .../swift/generated/pattern/TuplePattern.qll | 6 +- .../swift/generated/pattern/TypedPattern.qll | 6 +- .../codeql/swift/generated/stmt/BraceStmt.qll | 6 +- .../codeql/swift/generated/stmt/BreakStmt.qll | 6 +- .../swift/generated/stmt/CaseLabelItem.qll | 6 +- .../codeql/swift/generated/stmt/CaseStmt.qll | 14 +- .../swift/generated/stmt/ConditionElement.qll | 16 +- .../swift/generated/stmt/ContinueStmt.qll | 6 +- .../codeql/swift/generated/stmt/DeferStmt.qll | 2 +- .../swift/generated/stmt/DoCatchStmt.qll | 8 +- .../codeql/swift/generated/stmt/DoStmt.qll | 2 +- .../swift/generated/stmt/FallthroughStmt.qll | 6 +- .../swift/generated/stmt/ForEachStmt.qll | 10 +- .../codeql/swift/generated/stmt/GuardStmt.qll | 2 +- .../codeql/swift/generated/stmt/IfStmt.qll | 6 +- .../generated/stmt/LabeledConditionalStmt.qll | 2 +- .../swift/generated/stmt/LabeledStmt.qll | 2 +- .../swift/generated/stmt/PoundAssertStmt.qll | 2 +- .../swift/generated/stmt/RepeatWhileStmt.qll | 4 +- .../swift/generated/stmt/ReturnStmt.qll | 4 +- .../swift/generated/stmt/StmtCondition.qll | 8 +- .../swift/generated/stmt/SwitchStmt.qll | 8 +- .../codeql/swift/generated/stmt/ThrowStmt.qll | 2 +- .../codeql/swift/generated/stmt/WhileStmt.qll | 2 +- .../codeql/swift/generated/stmt/YieldStmt.qll | 6 +- .../swift/generated/type/AnyFunctionType.qll | 8 +- .../swift/generated/type/AnyGenericType.qll | 6 +- .../swift/generated/type/ArchetypeType.qll | 14 +- .../swift/generated/type/BoundGenericType.qll | 6 +- .../generated/type/BuiltinIntegerType.qll | 2 +- .../generated/type/DependentMemberType.qll | 4 +- .../swift/generated/type/DictionaryType.qll | 4 +- .../swift/generated/type/DynamicSelfType.qll | 2 +- .../swift/generated/type/ExistentialType.qll | 2 +- .../generated/type/GenericFunctionType.qll | 6 +- .../codeql/swift/generated/type/InOutType.qll | 2 +- .../swift/generated/type/LValueType.qll | 2 +- .../swift/generated/type/ModuleType.qll | 2 +- .../type/OpaqueTypeArchetypeType.qll | 2 +- .../type/ParameterizedProtocolType.qll | 8 +- .../codeql/swift/generated/type/ParenType.qll | 2 +- .../type/ProtocolCompositionType.qll | 6 +- .../generated/type/ReferenceStorageType.qll | 2 +- .../codeql/swift/generated/type/TupleType.qll | 10 +- .../lib/codeql/swift/generated/type/Type.qll | 2 +- .../swift/generated/type/TypeAliasType.qll | 2 +- .../codeql/swift/generated/type/TypeRepr.qll | 2 +- .../generated/type/UnarySyntaxSugarType.qll | 2 +- 135 files changed, 509 insertions(+), 481 deletions(-) diff --git a/misc/codegen/templates/ql_class.mustache b/misc/codegen/templates/ql_class.mustache index 862b46067c4..d0045d0598d 100644 --- a/misc/codegen/templates/ql_class.mustache +++ b/misc/codegen/templates/ql_class.mustache @@ -50,9 +50,9 @@ module Generated { * transitively. */ final {{name}} resolve() { - not exists(getResolveStep()) and result = this + not exists(this.getResolveStep()) and result = this or - result = getResolveStep().resolve() + result = this.getResolveStep().resolve() } {{/root}} {{#final}} @@ -84,7 +84,7 @@ module Generated { {{/has_description}} */ final {{type}} {{getter}}({{#is_indexed}}int index{{/is_indexed}}) { - result = get{{#is_unordered}}An{{/is_unordered}}Immediate{{singular}}({{#is_indexed}}index{{/is_indexed}}).resolve() + result = this.get{{#is_unordered}}An{{/is_unordered}}Immediate{{singular}}({{#is_indexed}}index{{/is_indexed}}).resolve() } {{/type_is_class}} @@ -112,7 +112,7 @@ module Generated { * Holds if `{{getter}}({{#is_repeated}}index{{/is_repeated}})` exists. */ final predicate has{{singular}}({{#is_repeated}}int index{{/is_repeated}}) { - exists({{getter}}({{#is_repeated}}index{{/is_repeated}})) + exists(this.{{getter}}({{#is_repeated}}index{{/is_repeated}})) } {{/is_optional}} {{#is_indexed}} @@ -121,7 +121,7 @@ module Generated { * Gets any of the {{doc_plural}}. */ final {{type}} {{indefinite_getter}}() { - result = {{getter}}(_) + result = this.{{getter}}(_) } {{^is_optional}} @@ -129,7 +129,7 @@ module Generated { * Gets the number of {{doc_plural}}. */ final int getNumberOf{{plural}}() { - result = count(int i | exists({{getter}}(i))) + result = count(int i | exists(this.{{getter}}(i))) } {{/is_optional}} {{/is_indexed}} @@ -138,7 +138,7 @@ module Generated { * Gets the number of {{doc_plural}}. */ final int getNumberOf{{plural}}() { - result = count({{getter}}()) + result = count(this.{{getter}}()) } {{/is_unordered}} {{/properties}} diff --git a/swift/ql/.generated.list b/swift/ql/.generated.list index 3a47d04ce2e..2a56c1ba2ae 100644 --- a/swift/ql/.generated.list +++ b/swift/ql/.generated.list @@ -367,19 +367,19 @@ lib/codeql/swift/elements/type/WeakStorageType.qll 7c07739cfc1459f068f24fef74838 lib/codeql/swift/elements/type/WeakStorageTypeConstructor.qll d88b031ef44d6de14b3ddcff2eb47b53dbd11550c37250ff2edb42e5d21ec3e9 26d855c33492cf7a118e439f7baeed0e5425cfaf058b1dcc007eca7ed765c897 lib/codeql/swift/elements.qll 3df0060edd2b2030f4e4d7d5518afe0073d798474d9b1d6185d833bec63ca8bd 3df0060edd2b2030f4e4d7d5518afe0073d798474d9b1d6185d833bec63ca8bd lib/codeql/swift/generated/AstNode.qll 02ca56d82801f942ae6265c6079d92ccafdf6b532f6bcebd98a04029ddf696e4 6216fda240e45bd4302fa0cf0f08f5f945418b144659264cdda84622b0420aa2 -lib/codeql/swift/generated/AvailabilityInfo.qll 996a5cfadf7ca049122a1d1a1a9eb680d6a625ce28ede5504b172eabe7640fd2 4fe6e0325ff021a576fcd004730115ffaa60a2d9020420c7d4a1baa498067b60 +lib/codeql/swift/generated/AvailabilityInfo.qll a5c04628de722f92d1e4bb94c7d04281e070fc82a196f85775a149b27df0fb71 c5c992218ba4e44ee37397738ab53f206140fac75284e0544dd0d5dd5dcdf453 lib/codeql/swift/generated/AvailabilitySpec.qll fb1255f91bb5e41ad4e9c675a2efbc50d0fb366ea2de68ab7eebd177b0795309 144e0c2e7d6c62ecee43325f7f26dcf437881edf0b75cc1bc898c6c4b61fdeaf -lib/codeql/swift/generated/Callable.qll 042b4f975f1e416c48b5bf26bee257549eec13fb262f11025375560f75a73582 0434788243bc54e48fec49e4cce93509b9a2333f2079dacb6ffc12c972853540 +lib/codeql/swift/generated/Callable.qll 32d631f6c882cf8dc7f95b1e748c2b8ed80ad0ba04ea940c801aec14411dc754 b30e46ca1b5a9fd7b421d9c9dd567aa1788f3ac25af5ccc2d28b201881cf82e1 lib/codeql/swift/generated/Comment.qll f58b49f6e68c21f87c51e2ff84c8a64b09286d733e86f70d67d3a98fe6260bd6 975bbb599a2a7adc35179f6ae06d9cbc56ea8a03b972ef2ee87604834bc6deb1 lib/codeql/swift/generated/DbFile.qll a49b2a2cb2788cb49c861ebcd458b8daead7b15adb19c3a9f4db3bf39a0051fc a49b2a2cb2788cb49c861ebcd458b8daead7b15adb19c3a9f4db3bf39a0051fc lib/codeql/swift/generated/DbLocation.qll b9baea963d9fa82068986512c0649d1050897654eee3df51dba17cf6b1170873 b9baea963d9fa82068986512c0649d1050897654eee3df51dba17cf6b1170873 lib/codeql/swift/generated/Diagnostics.qll d2ee2db55e932dcaee95fcc1164a51ffbe1a78d86ee0f50aabb299b458462afe 566d554d579cadde26dc4d1d6b1750ca800511201b737b629f15b6f873af3733 -lib/codeql/swift/generated/Element.qll 9caf84a1da2509f5b01a22d6597126c573ae63ec3e8c6af6fd6fcc7ead0b4e82 70deb2238509d5ed660369bf763c796065d92efd732469088cdf67f68bacd796 +lib/codeql/swift/generated/Element.qll 81a01c1965cf8154596c753b20536ef8630b30567d8c077660ab2d11143f060b 74f5c76db5ec82a9c1675ec0282acd44f1a86ef447d1961c47aea3eed50f79cb lib/codeql/swift/generated/ErrorElement.qll 4b032abe8ffb71376a29c63e470a52943ace2527bf7b433c97a8bf716f9ad102 4f2b1be162a5c275e3264dbc51bf98bce8846d251be8490a0d4b16cbc85f630f lib/codeql/swift/generated/File.qll f88c485883dd9b2b4a366080e098372912e03fb3177e5cae58aa4449c2b03399 0333c49e3a11c48e6146a7f492ee31ac022d80150fc3f8bfafc3c8f94d66ff76 -lib/codeql/swift/generated/KeyPathComponent.qll f8d62b8021936dc152538b52278a320d7e151cd24fcb602dab4d0169b328e0d4 aa0580990a97cf733bb90a2d68368ea10802213b2471425a82d7ea945a6595f4 -lib/codeql/swift/generated/Locatable.qll bdc98b9fb7788f44a4bf7e487ee5bd329473409950a8e9f116d61995615ad849 0b36b4fe45e2aa195e4bb70c50ea95f32f141b8e01e5f23466c6427dd9ab88fb -lib/codeql/swift/generated/Location.qll 851766e474cdfdfa67da42e0031fc42dd60196ff5edd39d82f08d3e32deb84c1 b29b2c37672f5acff15f1d3c5727d902f193e51122327b31bd27ec5f877bca3b +lib/codeql/swift/generated/KeyPathComponent.qll ca26ccb81276f6191a94af38757b218a808bda74375e6971287269474b615882 3cad039517c28afb9e250ec91c8962e3bbcacf63ad081c6152a061409a52b626 +lib/codeql/swift/generated/Locatable.qll 6cb2f23f21283ae667321d88a955a4d18304bdbbd3f2f9e86aa3ed7a080d7114 731cd57bcb3308c66bbaf37d78c553712dd4b9ccc333a47661336f4a7b0fc845 +lib/codeql/swift/generated/Location.qll e0ea9fd485de1788e2a0d658654735dd8561e815ebfc18eda6eff10af0d59bac 8410bcb1867c531db336d3d1e2e3a2926545170070e56997d8f77ac2face69a0 lib/codeql/swift/generated/OtherAvailabilitySpec.qll 0e26a203b26ff0581b7396b0c6d1606feec5cc32477f676585cdec4911af91c5 0e26a203b26ff0581b7396b0c6d1606feec5cc32477f676585cdec4911af91c5 lib/codeql/swift/generated/ParentChild.qll 7db14da89a0dc22ab41e654750f59d03085de8726ac358c458fccb0e0b75e193 e16991b33eb0ddea18c0699d7ea31710460ff8ada1f51d8e94f1100f6e18d1c8 lib/codeql/swift/generated/PlatformVersionAvailabilitySpec.qll f82d9ca416fe8bd59b5531b65b1c74c9f317b3297a6101544a11339a1cffce38 7f5c6d3309e66c134107afe55bae76dfc9a72cb7cdd6d4c3706b6b34cee09fa0 @@ -389,69 +389,69 @@ lib/codeql/swift/generated/Synth.qll 551fdf7e4b53f9ee1314d1bb42c2638cf82f45bfa1f lib/codeql/swift/generated/SynthConstructors.qll 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 lib/codeql/swift/generated/UnknownFile.qll 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 lib/codeql/swift/generated/UnknownLocation.qll e50efefa02a0ec1ff635a00951b5924602fc8cab57e5756e4a039382c69d3882 e50efefa02a0ec1ff635a00951b5924602fc8cab57e5756e4a039382c69d3882 -lib/codeql/swift/generated/UnspecifiedElement.qll dbc6ca4018012977b26ca184a88044c55b0661e3998cd14d46295b62a8d69625 184c9a0ce18c2ac881943b0fb400613d1401ed1d5564f90716b6c310ba5afe71 -lib/codeql/swift/generated/decl/AbstractStorageDecl.qll faac7645fae432c8aa5d970a0e5bdc12946124d3a206deb133d623cbbf06e64e 221c8dbac988bfce1b4c3970dfb97b91b30dff8ac196e1fbde5eb5189cfcadf0 +lib/codeql/swift/generated/UnspecifiedElement.qll 13625c651b880dbbd75555d55bd8464222c947c7bb9abfa2d28d5de8cce95081 15c57a3acf95a098e0c7b27ab120b2d86704e7917af888f478ecb013d86bd5a6 +lib/codeql/swift/generated/decl/AbstractStorageDecl.qll f14798085cca6c681495b442c96fce9e540e8106b63a746016d5e9f0455fd08b 588c7463e808348efdc01f00cdc9121c1cd4e06206fe412abfa478a53283c51e lib/codeql/swift/generated/decl/AbstractTypeParamDecl.qll 1e268b00d0f2dbbd85aa70ac206c5e4a4612f06ba0091e5253483635f486ccf9 5479e13e99f68f1f347283535f8098964f7fd4a34326ff36ad5711b2de1ab0d0 lib/codeql/swift/generated/decl/Accessor.qll c93cdf7dbb87e6c9b09b5fcf469b952041f753914a892addeb24bb46eaa51d29 1e8104da2da146d3e4d8f5f96b87872e63162e53b46f9c7038c75db51a676599 lib/codeql/swift/generated/decl/AccessorOrNamedFunction.qll b78aaef06cdaa172dce3e1dcd6394566b10ce445906e3cf67f6bef951b1662a4 a30d9c2ff79a313c7d0209d72080fdc0fabf10379f8caed5ff2d72dc518f8ad3 lib/codeql/swift/generated/decl/AssociatedTypeDecl.qll 4169d083104f9c089223ed3c5968f757b8cd6c726887bbb6fbaf21f5ed7ee144 4169d083104f9c089223ed3c5968f757b8cd6c726887bbb6fbaf21f5ed7ee144 -lib/codeql/swift/generated/decl/CapturedDecl.qll 18ce5a5d548abb86787096e26ffd4d2432eda3076356d50707a3490e9d3d8459 42708248ba4bcd00a628e836ea192a4b438c0ffe91e31d4e98e497ef896fabac +lib/codeql/swift/generated/decl/CapturedDecl.qll cbc416f48471f978d21f5f9ec02eb912692f9678ed154cb0b6d30df9de48e628 d9534cdf290ad48e285d27a520c0b1692afed14bbdd907430bcd46e7de2fbb31 lib/codeql/swift/generated/decl/ClassDecl.qll a60e8af2fdbcd20cfa2049660c8bcbbc00508fbd3dde72b4778317dfc23c5ae4 a60e8af2fdbcd20cfa2049660c8bcbbc00508fbd3dde72b4778317dfc23c5ae4 lib/codeql/swift/generated/decl/ConcreteVarDecl.qll 4801ccc477480c4bc4fc117976fbab152e081064e064c97fbb0f37199cb1d0a8 4d7cfbf5b39b307dd673781adc220fdef04213f2e3d080004fa658ba6d3acb8d -lib/codeql/swift/generated/decl/Decl.qll 18f93933c2c00955f6d28b32c68e5b7ac13647ebff071911b26e68dbc57765a7 605e700ab8d83645f02b63234fee9d394b96caba9cad4dd80b3085c2ab63c33d +lib/codeql/swift/generated/decl/Decl.qll 2cc8ad7e3a3b658d7b1b06d20bdaf7604de387045c33b0d64191b5ef998708c2 7ed3194e89f7ae37cf9c691e4666449e4f406f6c3ee6d35bbbda4e66cdd3ca5a lib/codeql/swift/generated/decl/Deinitializer.qll 816ecd92552915d06952517606a6e4c67bc53d7e7d9f5c09b7276e70612627fe 816ecd92552915d06952517606a6e4c67bc53d7e7d9f5c09b7276e70612627fe -lib/codeql/swift/generated/decl/EnumCaseDecl.qll f71c9d96db8260462c34e5d2bd86dda9b977aeeda087c235b873128b63633b9c e12ff7c0173e3cf9e2b64de66d8a7f2246bc0b2cb721d25b813d7a922212b35a +lib/codeql/swift/generated/decl/EnumCaseDecl.qll 7942eb77f91680c3553becb313f21723e0b437eadebc117f0690e5364705bef1 40eec2e74c514cecdfcdf6d7d5c8a033c717f69a38cfca834934fe3859c4e1ef lib/codeql/swift/generated/decl/EnumDecl.qll fa4490d511ee537751a4fab2478e65250ff3deba43c74db5341184c9ba25b534 fa4490d511ee537751a4fab2478e65250ff3deba43c74db5341184c9ba25b534 -lib/codeql/swift/generated/decl/EnumElementDecl.qll 5ef4f6839f4f19f29fabd04b653e89484fa68a7e7ec94101a5201aa13d89e9eb 78006fa52b79248302db04348bc40f2f77edf101b6e429613f3089f70750fc11 -lib/codeql/swift/generated/decl/ExtensionDecl.qll 8129015990b6c80cedb796ae0768be2b9c040b5212b5543bc4d6fd994cc105f3 038b06a0c0eeb1ad7e31c995f20aaf4f8804001654ebb0e1e292d7e739a6c8ee +lib/codeql/swift/generated/decl/EnumElementDecl.qll 7dbcd0dd5a5b96195250ae1ac4afd0901f418fba7de2e5d41a4335d387e33a69 bdc371b60a61369fa286005f67aa846876956048b99e4c9763fc3ea3bbdcbb5e +lib/codeql/swift/generated/decl/ExtensionDecl.qll 503bdac9ca6fefcaae3c798dc364bd225c50d507a1639f1bd2f055f8dae57ac3 1e6142d2d3d894da5dac18d14310967353d76acc7c629c59f8f62ec27baf8566 lib/codeql/swift/generated/decl/Function.qll 92d1fbceb9e96afd00a1dfbfd15cec0063b3cba32be1c593702887acc00a388a 0cbae132d593b0313a2d75a4e428c7f1f07a88c1f0491a4b6fa237bb0da71df3 -lib/codeql/swift/generated/decl/GenericContext.qll 4c7bd7fd372c0c981b706de3a57988b92c65c8a0d83ea419066452244e6880de 332f8a65a6ae1cad4aa913f2d0a763d07393d68d81b61fb8ff9912b987c181bb +lib/codeql/swift/generated/decl/GenericContext.qll 133bffffd61ee2c5b053e260a01cb09edf5ec2b7eaf782a063b53ffb7f004cfa 8256046cb997168332a2f55b3637c76b0bd6070ccb3a1bd097a8bf70ccbb7a78 lib/codeql/swift/generated/decl/GenericTypeDecl.qll 71f5c9c6078567dda0a3ac17e2d2d590454776b2459267e31fed975724f84aec 669c5dbd8fad8daf007598e719ac0b2dbcb4f9fad698bffb6f1d0bcd2cee9102 lib/codeql/swift/generated/decl/GenericTypeParamDecl.qll bc41a9d854e65b1e0da86350870a8fe050eb1dc031cd17ded11c15b5ad8ad183 bc41a9d854e65b1e0da86350870a8fe050eb1dc031cd17ded11c15b5ad8ad183 -lib/codeql/swift/generated/decl/IfConfigDecl.qll 58c1a02a3867105c61d29e2d9bc68165ba88a5571aac0f91f918104938178c1e f74ef097848dd5a89a3427e3d008e2299bde11f1c0143837a8182572ac26f6c9 -lib/codeql/swift/generated/decl/ImportDecl.qll 8892cd34d182c6747e266e213f0239fd3402004370a9be6e52b9747d91a7b61b 2c07217ab1b7ebc39dc2cb20d45a2b1b899150cabd3b1a15cd8b1479bab64578 -lib/codeql/swift/generated/decl/InfixOperatorDecl.qll d98168fdf180f28582bae8ec0242c1220559235230a9c94e9f479708c561ea21 aad805aa74d63116b19f435983d6df6df31cef6a5bbd30d7c2944280b470dee6 +lib/codeql/swift/generated/decl/IfConfigDecl.qll 95ddabb5b3425197515f1f48740907aa06c82ece2acc84334969c6c4bf1c8819 036da5ac8c28b31f5a25e1beceea90548be3e02d03951dbfd94d8f8beca9ca43 +lib/codeql/swift/generated/decl/ImportDecl.qll 315e046861ed65dcc4fe821877488ff8bb2edfc1929f2b2865bbf61f611bd9cd e74e2bb4a051a8bc9a9fbe1787ce8df6c27347717201245381d5515c2793f77a +lib/codeql/swift/generated/decl/InfixOperatorDecl.qll d72240e27e1dc051be779015180ecaeaaf7a1067e21c2d277688881a24ce36aa ecce84b34c303a66135e815c4d656557952a85653701fca36213416560ef6bab lib/codeql/swift/generated/decl/Initializer.qll a72005f0abebd31b7b91f496ddae8dff49a027ba01b5a827e9b8870ecf34de17 a72005f0abebd31b7b91f496ddae8dff49a027ba01b5a827e9b8870ecf34de17 lib/codeql/swift/generated/decl/MissingMemberDecl.qll eaf8989eda461ec886a2e25c1e5e80fc4a409f079c8d28671e6e2127e3167479 d74b31b5dfa54ca5411cd5d41c58f1f76cfccc1e12b4f1fdeed398b4faae5355 -lib/codeql/swift/generated/decl/ModuleDecl.qll 0b809c371dae40cfdc7bf869c654158dc154e1551d8466c339742c7fdc26a5db 3d7efb0ccfd752d9f01624d21eba79067824b3910b11185c81f0b513b69e8c51 +lib/codeql/swift/generated/decl/ModuleDecl.qll de504a719d1085e65889eb17707c1380f446d21d4fc05a0a3bb669c689319dc6 2d69d1a7c30a81989dd6a942366777be28b1436f0d48da4be7fe264fadc4c2aa lib/codeql/swift/generated/decl/NamedFunction.qll e8c23d8344768fb7ffe31a6146952fb45f66e25c2dd32c91a6161aaa612e602f e8c23d8344768fb7ffe31a6146952fb45f66e25c2dd32c91a6161aaa612e602f -lib/codeql/swift/generated/decl/NominalTypeDecl.qll 7e8980cd646e9dee91e429f738d6682b18c8f8974c9561c7b936fca01b56fdb2 513e55dd6a68d83a8e884c9a373ecd70eca8e3957e0f5f6c2b06696e4f56df88 -lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll f2cdbc238b9ea67d5bc2defd8ec0455efafd7fdaeca5b2f72d0bbb16a8006d17 041724a6ec61b60291d2a68d228d5f106c02e1ba6bf3c1d3d0a6dda25777a0e5 +lib/codeql/swift/generated/decl/NominalTypeDecl.qll 39fb0ed0c68089fed89a003f631587b46212c8098c72881ccee0c558f60c52cb 376bf0bd0950e209ce9e66719fd513af08ae95a83a759844246bd052de4c29a8 +lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll eaef6c7da5c287ba9e281a11ef9e9a9ef3a89f44a0c4e332d53cdaff806c976a ad2d3470725c11e42b169b4ed40d5371d700e4077c517eb00f0b5c36e7a61d3b lib/codeql/swift/generated/decl/OperatorDecl.qll 3ffdc7ab780ee94a975f0ce3ae4252b52762ca8dbea6f0eb95f951e404c36a5b 25e39ccd868fa2d1fbce0eb7cbf8e9c2aca67d6fd42f76e247fb0fa74a51b230 -lib/codeql/swift/generated/decl/ParamDecl.qll f182ebac3c54a57a291d695b87ff3dbc1499ea699747b800dc4a8c1a5a4524b1 979e27a6ce2bc932a45b968ee2f556afe1071888f1de8dd8ead60fb11acf300c -lib/codeql/swift/generated/decl/PatternBindingDecl.qll 15a43e1b80fc6ef571e726ab13c7cd3f308d6be1d28bcb175e8b5971d646da7c 1b2e19d6fdd5a89ce9be9489fef5dc6ba4390249195fe41f53848be733c62a39 +lib/codeql/swift/generated/decl/ParamDecl.qll 27aa11a413317288699ecec317f8c34ba3adb5d8015b562be7a8b2880dc4f12f 8b5cad8c1c835074c3e6ba8ec645f81684983785d299ce5f4afbe5fe0486e7f5 +lib/codeql/swift/generated/decl/PatternBindingDecl.qll 84538ba051adbc66534fd7e0e144db7c640054a7387f9a79270150cd8a756f4f c961c115d8f846bc26134774ec655d95f29917822d441d8a8ee9cfec1b12aa9b lib/codeql/swift/generated/decl/PostfixOperatorDecl.qll 5aa85fa325020b39769fdb18ef97ef63bd28e0d46f26c1383138221a63065083 5aa85fa325020b39769fdb18ef97ef63bd28e0d46f26c1383138221a63065083 -lib/codeql/swift/generated/decl/PoundDiagnosticDecl.qll 1004b329281d0de9d1cc315c73d5886b0dc8afecb344c9d648d887d1da7cfd1d b90e249a42a8baded3632828d380f158e475f0765356a2b70e49082adedd3ba7 +lib/codeql/swift/generated/decl/PoundDiagnosticDecl.qll 6400ec7640a8157ecce9dc0b170aaa081492ab07d94a1f237dde89b255113932 8c87118ee3d4c26d3499ec10b2589a8a9d1b0827564a0722bd4c605e99412d3a lib/codeql/swift/generated/decl/PrecedenceGroupDecl.qll d0918f238484052a0af902624b671c04eb8d018ee71ef4931c2fdbb74fa5c5d4 d0918f238484052a0af902624b671c04eb8d018ee71ef4931c2fdbb74fa5c5d4 lib/codeql/swift/generated/decl/PrefixOperatorDecl.qll 18f2a1f83ea880775344fbc57ed332e17edba97a56594da64580baeb45e95a5d 18f2a1f83ea880775344fbc57ed332e17edba97a56594da64580baeb45e95a5d lib/codeql/swift/generated/decl/ProtocolDecl.qll 4b03e3c2a7af66e66e8abc40bd2ea35e71959f471669e551f4c42af7f0fd4566 4b03e3c2a7af66e66e8abc40bd2ea35e71959f471669e551f4c42af7f0fd4566 lib/codeql/swift/generated/decl/StructDecl.qll 9343b001dfeec83a6b41e88dc1ec75744d39c397e8e48441aa4d01493f10026a 9343b001dfeec83a6b41e88dc1ec75744d39c397e8e48441aa4d01493f10026a -lib/codeql/swift/generated/decl/SubscriptDecl.qll 31cb1f90d4c60060f64c432850821969953f1a46e36ce772456c67dfff375ff5 1d0098518c56aed96039b0b660b2cce5ea0db7ac4c9a550af07d758e282d4f61 -lib/codeql/swift/generated/decl/TopLevelCodeDecl.qll aececf62fda517bd90b1c56bb112bb3ee2eecac3bb2358a889dc8c4de898346e d8c69935ac88f0343a03f17ea155653b97e9b9feff40586cfa8452ac5232700d -lib/codeql/swift/generated/decl/TypeAliasDecl.qll 640912badc9d2278b6d14a746d85ed71b17c52cd1f2006aef46d5a4aeaa544f2 a6cbe000ea9d5d1ccd37eb50c23072e19ee0234d53dcb943fef20e3f553fcf4e -lib/codeql/swift/generated/decl/TypeDecl.qll 74bb5f0fe2648d95c84fdce804740f2bba5c7671e15cbea671d8509456bf5c2b 32bc7154c8585c25f27a3587bb4ba039c8d69f09d945725e45d730de44f7a5ae -lib/codeql/swift/generated/decl/ValueDecl.qll 7b4e4c9334be676f242857c77099306d8a0a4357b253f8bc68f71328cedf1f58 f18938c47f670f2e0c27ffd7e31e55f291f88fb50d8e576fcea116d5f9e5c66d -lib/codeql/swift/generated/decl/VarDecl.qll bdea76fe6c8f721bae52bbc26a2fc1cbd665a19a6920b36097822839158d9d3b 9c91d8159fd7a53cba479d8c8f31f49ad2b1e2617b8cd9e7d1a2cb4796dfa2da +lib/codeql/swift/generated/decl/SubscriptDecl.qll ac3365ab51037691ac9bf3d69e39e1e585afa0e95c0000f1a0bc4f2cfa749439 d55bb27c4cb62dd0cbb8f045fb39c3f6108733384050c246b340daa5f486e6f6 +lib/codeql/swift/generated/decl/TopLevelCodeDecl.qll e92f14044c0017737b16e6e9e6c9495052db98013526f6a15046bce02fe7f8b0 ddd13baa81e359973307b473ef99be23e587c2565d9d0893b968d9c5df1c5f55 +lib/codeql/swift/generated/decl/TypeAliasDecl.qll a0f5da4179a888940768633a5c73e27e375fb84242cb17079b334809cee2d02c c110aa4c2c68573c2bf590655c697d48b0e1670a06e92fc734afb63e7886356a +lib/codeql/swift/generated/decl/TypeDecl.qll 4caf24ac14543feb8ab37674a768c080395029e786f7bf918d74c80cca634ccc cc370f5f456a81d177deec60b5055d117585fc74eb469f3c613fa6e475491df3 +lib/codeql/swift/generated/decl/ValueDecl.qll a63d293de8a44010c4ca90b641b66d1db743ba30e09714013f632aba5b4c6d5b 5913e5ee1e9a177585a4dcce1d0652d938b4a8df1c91ec153b75f69f69e98c19 +lib/codeql/swift/generated/decl/VarDecl.qll 528676e29b39b7013b3cf8a7d92d108959ba69c926f945034171eb81717e2181 edd746103df2559014119467361f5ead3395f13f51ce308482d14f008597ae8e lib/codeql/swift/generated/expr/AbiSafeConversionExpr.qll f4c913df3f1c139a0533f9a3a2f2e07aee96ab723c957fc7153d68564e4fdd6d f4c913df3f1c139a0533f9a3a2f2e07aee96ab723c957fc7153d68564e4fdd6d lib/codeql/swift/generated/expr/AnyHashableErasureExpr.qll f450ac8e316def1cd64dcb61411bae191144079df7f313a5973e59dc89fe367f f450ac8e316def1cd64dcb61411bae191144079df7f313a5973e59dc89fe367f -lib/codeql/swift/generated/expr/AnyTryExpr.qll f2929f39407e1717b91fc41f593bd52f1ae14c619d61598bd0668a478a04a91e 62693c2c18678af1ff9ce5393f0dd87c5381e567b340f1a8a9ecf91a92e2e666 -lib/codeql/swift/generated/expr/AppliedPropertyWrapperExpr.qll 191612ec26b3f0d5a61301789a34d9e349b4c9754618760d1c0614f71712e828 cc212df0068ec318c997a83dc6e95bdda5135bccc12d1076b0aebf245da78a4b -lib/codeql/swift/generated/expr/ApplyExpr.qll d62b5e5d9f1ecf39d28f0a423d89b9d986274b72d0685dd34ec0b0b4c442b78f a94ccf54770939e591fe60d1c7e5e93aefd61a6ab5179fe6b6633a8e4181d0f8 +lib/codeql/swift/generated/expr/AnyTryExpr.qll e3541dbea5fe3be849ee5a3c6adec2d48654f80f866d2f893af437e5f5edcae1 4d7f62e3e154cef2c9b11ab3ef2e23708ae9f03b29c94cef8941516e41597fbd +lib/codeql/swift/generated/expr/AppliedPropertyWrapperExpr.qll 818b557130a3bda227fb34dbcef2895fe1b95390fb37bc583d8a8f63cac9dcc7 c023082f24b2ee61420434eb90d94f25a57c1b6cc7306b0e461232303f794f3b +lib/codeql/swift/generated/expr/ApplyExpr.qll bf4aacc7c967bafd633c52b0107b00c0253e8eff4b63123565d27bb6bc15e9a5 06d25eec923a812f156cc52f9e37d95fb8bf301c2b3cc7dcec59220747923651 lib/codeql/swift/generated/expr/ArchetypeToSuperExpr.qll e0b665b7389e5d0cb736426b9fd56abfec3b52f57178a12d55073f0776d8e5b7 e0b665b7389e5d0cb736426b9fd56abfec3b52f57178a12d55073f0776d8e5b7 -lib/codeql/swift/generated/expr/Argument.qll fe3cf5660e46df1447eac88c97da79b2d9e3530210978831f6e915d4930534ba 814e107498892203bac688198792eefa83afc3472f3c321ba2592579d3093310 -lib/codeql/swift/generated/expr/ArrayExpr.qll 48f9dce31e99466ae3944558584737ea1acd9ce8bf5dc7f366a37de464f5570f ea13647597d7dbc62f93ddbeb4df33ee7b0bd1d9629ced1fc41091bbbe74db9c +lib/codeql/swift/generated/expr/Argument.qll a61e1539419937f089c2dd427bb12c272d19bf17722f8bc65bcd33e032a07b7b 4ad5cb90c303cb64c3155c9933ad687db526da8312cb12fc8636f1d254ed5b76 +lib/codeql/swift/generated/expr/ArrayExpr.qll 151bbe8c9d40d38e2f33a2e08ce3f8929e9e9772a64ddf2d4d009491bcebb713 535e9338be482a589324b9adbdfdf56d532b097dfeae47a0b3e6ec5478ecb34f lib/codeql/swift/generated/expr/ArrayToPointerExpr.qll afa9d62eb0f2044d8b2f5768c728558fe7d8f7be26de48261086752f57c70539 afa9d62eb0f2044d8b2f5768c728558fe7d8f7be26de48261086752f57c70539 -lib/codeql/swift/generated/expr/AssignExpr.qll b9cbe998daccc6b8646b754e903667de171fefe6845d73a952ae9b4e84f0ae13 14f1972f704f0b31e88cca317157e6e185692f871ba3e4548c9384bcf1387163 +lib/codeql/swift/generated/expr/AssignExpr.qll e99bf7bc29303f91148661bf16126e84ca7edc2063604d2a4b4835957c81c95f 25253e9ae7b0292f569078b0558b787e755905d1d8e5ca564a2c2f0cfeb7525c lib/codeql/swift/generated/expr/AutoClosureExpr.qll 5263d04d6d85ab7a61982cde5da1a3a6b92c0fa1fb1ddf5c651b90ad2fad59b9 5263d04d6d85ab7a61982cde5da1a3a6b92c0fa1fb1ddf5c651b90ad2fad59b9 lib/codeql/swift/generated/expr/AwaitExpr.qll e17b87b23bd71308ba957b6fe320047b76c261e65d8f9377430e392f831ce2f1 e17b87b23bd71308ba957b6fe320047b76c261e65d8f9377430e392f831ce2f1 lib/codeql/swift/generated/expr/BinaryExpr.qll 5ace1961cd6d6cf67960e1db97db177240acb6c6c4eba0a99e4a4e0cc2dae2e3 5ace1961cd6d6cf67960e1db97db177240acb6c6c4eba0a99e4a4e0cc2dae2e3 -lib/codeql/swift/generated/expr/BindOptionalExpr.qll 79b8ade1f9c10f4d5095011a651e04ea33b9280cacac6e964b50581f32278825 38197be5874ac9d1221e2d2868696aceedf4d10247021ca043feb21d0a741839 +lib/codeql/swift/generated/expr/BindOptionalExpr.qll 9e63807d7b3210c158745eb580b675135b5db0568f0bca6bb46ad4849937e3b2 92a81743845539572f5fea8e21914ffb38c7e55992a89d8c646d079655c2c5d6 lib/codeql/swift/generated/expr/BooleanLiteralExpr.qll 8e13cdeb8bc2da9ef5d0c19e3904ac891dc126f4aa695bfe14a55f6e3b567ccb 4960b899c265547f7e9a935880cb3e12a25de2bc980aa128fbd90042dab63aff lib/codeql/swift/generated/expr/BridgeFromObjCExpr.qll b9a6520d01613dfb8c7606177e2d23759e2d8ce54bd255a4b76a817971061a6b b9a6520d01613dfb8c7606177e2d23759e2d8ce54bd255a4b76a817971061a6b lib/codeql/swift/generated/expr/BridgeToObjCExpr.qll 31ca13762aee9a6a17746f40ec4e1e929811c81fdadb27c48e0e7ce6a3a6222d 31ca13762aee9a6a17746f40ec4e1e929811c81fdadb27c48e0e7ce6a3a6222d lib/codeql/swift/generated/expr/BuiltinLiteralExpr.qll 052f8d0e9109a0d4496da1ae2b461417951614c88dbc9d80220908734b3f70c6 536fa290bb75deae0517d53528237eab74664958bf7fdbf8041283415dda2142 lib/codeql/swift/generated/expr/CallExpr.qll c7dc105fcb6c0956e20d40f736db35bd7f38f41c3d872858972c2ca120110d36 c7dc105fcb6c0956e20d40f736db35bd7f38f41c3d872858972c2ca120110d36 -lib/codeql/swift/generated/expr/CaptureListExpr.qll 1366d946d7faff63437c937e71392b505564c944947d25bb9628a86bec9919c2 e8c91265bdbe1b0902c3ffa84252b89ada376188c1bab2c9dde1900fd6bf992b +lib/codeql/swift/generated/expr/CaptureListExpr.qll 63607dd5dc68a3a5cc736dd2ff74b64cf914883c7813ea795e39996238e68928 81e795f62bd38517eef4a2b05ba75c0e3d247d03c8d48a6539d97b14e080e6bc lib/codeql/swift/generated/expr/CheckedCastExpr.qll 146c24e72cda519676321d3bdb89d1953dfe1810d2710f04cfdc4210ace24c40 91093e0ba88ec3621b538d98454573b5eea6d43075a2ab0a08f80f9b9be336d3 lib/codeql/swift/generated/expr/ClassMetatypeToObjectExpr.qll 076c0f7369af3fffc8860429bd8e290962bf7fc8cf53bbba061de534e99cc8bf 076c0f7369af3fffc8860429bd8e290962bf7fc8cf53bbba061de534e99cc8bf lib/codeql/swift/generated/expr/ClosureExpr.qll f194fc8c5f67fcf0219e8e2de93ee2b820c27a609b2986b68d57a54445f66b61 3cae87f6c6eefb32195f06bc4c95ff6634446ecf346d3a3c94dc05c1539f3de2 @@ -462,152 +462,152 @@ lib/codeql/swift/generated/expr/ConditionalBridgeFromObjCExpr.qll 4a21e63cc54702 lib/codeql/swift/generated/expr/ConditionalCheckedCastExpr.qll 92a999dd1dcc1f498ed2e28b4d65ac697788960a66452a66b5281c287596d42b 92a999dd1dcc1f498ed2e28b4d65ac697788960a66452a66b5281c287596d42b lib/codeql/swift/generated/expr/CovariantFunctionConversionExpr.qll b749118590163eafbd538e71e4c903668451f52ae0dabbb13e504e7b1fefa9e1 abaf3f10d35bab1cf6ab44cb2e2eb1768938985ce00af4877d6043560a6b48ec lib/codeql/swift/generated/expr/CovariantReturnConversionExpr.qll f1b409f0bf54b149deb1a40fbe337579a0f6eb2498ef176ef5f64bc53e94e2fe 532d6cb2ebbb1e6da4b26df439214a5a64ec1eb8a222917ba2913f4ee8d73bd8 -lib/codeql/swift/generated/expr/DeclRefExpr.qll eee2d4468f965e8e6a6727a3e04158de7f88731d2a2384a33e72e88b9e46a59a 54a91a444e5a0325cd69e70f5a58b8f7aa20aaa3d9b1451b97f491c109a1cd74 -lib/codeql/swift/generated/expr/DefaultArgumentExpr.qll b38015d25ef840298a284b3f4e20cd444987474545544dc451dd5e12c3783f20 afc581e2127983faae125fd58b24d346bfee34d9a474e6d499e4606b672fe5f0 +lib/codeql/swift/generated/expr/DeclRefExpr.qll 3da24deb23c577e166ba613c05cb1446a84cc8e1fc926979e1d5c2982aacc3fa 60c8462cbf34ea775bf3e298ad9610b3ff5f5711b150a645869ebee197a8c40e +lib/codeql/swift/generated/expr/DefaultArgumentExpr.qll 3ae13423447d2dc9bbafb2f3cb7f268ffe2ce4e66e12657328da48d6adb57b7d ec9782ca53bc44ccd0e5389b5a5722970fc4a1617076a1ca235fe26970a1bfac lib/codeql/swift/generated/expr/DerivedToBaseExpr.qll 5f371b5b82262efb416af1a54073079dcf857f7a744010294f79a631c76c0e68 5f371b5b82262efb416af1a54073079dcf857f7a744010294f79a631c76c0e68 lib/codeql/swift/generated/expr/DestructureTupleExpr.qll 1214d25d0fa6a7c2f183d9b12c97c679e9b92420ca1970d802ea1fe84b42ccc8 1214d25d0fa6a7c2f183d9b12c97c679e9b92420ca1970d802ea1fe84b42ccc8 -lib/codeql/swift/generated/expr/DictionaryExpr.qll b5051ac76b4780b5174b1a515d1e6e647239a46efe94305653e45be9c09840dc 65130effc0878883bfaa1aa6b01a44893889e8cfab4c349a079349ef4ef249bf +lib/codeql/swift/generated/expr/DictionaryExpr.qll bcafddc686c115a971a382d6e9eae448533a2b0414b1c39654b4fd0f687fe4ee 1baabf702d37403f18a4422e00237ac8cc4101bd6b2d7a9112c1d844eaf43602 lib/codeql/swift/generated/expr/DifferentiableFunctionExpr.qll 9143e12dfe0b3b4cc2d1fe27d893498f5bd6725c31bee217ab9fa1ca5efeca7b a28c05a5c249c1f0a59ab08bf50643ef4d13ba6f54437e8fa41700d44567ec71 lib/codeql/swift/generated/expr/DifferentiableFunctionExtractOriginalExpr.qll d90266387d6eecf2bacb2d0f5f05a2132a018f1ccf723664e314dcfd8972772d 44fe931ed622373f07fc89b1ea7c69af3f1cf3b9c5715d48d15dd2d0e49cc9dc lib/codeql/swift/generated/expr/DiscardAssignmentExpr.qll f2cb4a5295855bcfe47a223e0ab9b915c22081fe7dddda801b360aa365604efd f2cb4a5295855bcfe47a223e0ab9b915c22081fe7dddda801b360aa365604efd lib/codeql/swift/generated/expr/DotSelfExpr.qll af32541b2a03d91c4b4184b8ebca50e2fe61307c2b438f50f46cd90592147425 af32541b2a03d91c4b4184b8ebca50e2fe61307c2b438f50f46cd90592147425 -lib/codeql/swift/generated/expr/DotSyntaxBaseIgnoredExpr.qll 12c9cf8d2fd3c5245e12f43520de8b7558d65407fa935da7014ac12de8d6887e 49f5f12aeb7430fa15430efd1193f56c7e236e87786e57fd49629bd61daa7981 +lib/codeql/swift/generated/expr/DotSyntaxBaseIgnoredExpr.qll 82a84703f7aa0c1383aa92d0d755eca8cd4aa0edcaa21363899722c3925a3a0f 795e5f27c604c17b896b182646c33825965e4178bc07ee7d6620ed988375c50f lib/codeql/swift/generated/expr/DotSyntaxCallExpr.qll 1eedcaafbf5e83b5e535f608ba29e25f0e0de7dbc484e14001362bad132c45d0 1eedcaafbf5e83b5e535f608ba29e25f0e0de7dbc484e14001362bad132c45d0 lib/codeql/swift/generated/expr/DynamicLookupExpr.qll 0f0d745085364bca3b67f67e3445d530cbd3733d857c76acab2bccedabb5446e f252dd4b1ba1580fc9a32f42ab1b5be49b85120ec10c278083761494d1ee4c5d lib/codeql/swift/generated/expr/DynamicMemberRefExpr.qll 2eab0e58a191624a9bf81a25f5ddad841f04001b7e9412a91e49b9d015259bbe 2eab0e58a191624a9bf81a25f5ddad841f04001b7e9412a91e49b9d015259bbe lib/codeql/swift/generated/expr/DynamicSubscriptExpr.qll f9d7d2fc89f1b724cab837be23188604cefa2c368fa07e942c7a408c9e824f3d f9d7d2fc89f1b724cab837be23188604cefa2c368fa07e942c7a408c9e824f3d -lib/codeql/swift/generated/expr/DynamicTypeExpr.qll 8fc5dcb619161af4c54ff219d13312690dbe9b03657c62ec456656e3c0d5d21b e230d2b148bb95ebd4c504f3473539a45ef08092e0e5650dc35b6f25c1b9e7ed -lib/codeql/swift/generated/expr/EnumIsCaseExpr.qll f49fcf0f610095b49dcabe0189f6f3966407eddb6914c2f0aa629dc5ebe901d2 a9dbc91391643f35cd9285e4ecfeaae5921566dd058250f947153569fd3b36eb +lib/codeql/swift/generated/expr/DynamicTypeExpr.qll eb77056ec3682edf4a0adab47bf24b5afc19f66fe5bc56cf77b7a1a0c389ec29 e7cd0e71974ad84f67992468ecfc319fa9ee4f749718778d7718576ff06a8a05 +lib/codeql/swift/generated/expr/EnumIsCaseExpr.qll 2a4a42843d9bbd24584c5ff4f60458df72737c3603aa2a22d57d466e53e4cb44 d03b7608a65fc2ccb39cc71167fc4350a7e29c86c782e0e734a21c99bb4e3f5a lib/codeql/swift/generated/expr/ErasureExpr.qll c232bc7b612429b97dbd4bb2383c2601c7d12f63312f2c49e695c7a8a87fa72a c232bc7b612429b97dbd4bb2383c2601c7d12f63312f2c49e695c7a8a87fa72a lib/codeql/swift/generated/expr/ErrorExpr.qll 8e354eed5655e7261d939f3831eb6fa2961cdd2cebe41e3e3e7f54475e8a6083 8e354eed5655e7261d939f3831eb6fa2961cdd2cebe41e3e3e7f54475e8a6083 lib/codeql/swift/generated/expr/ExistentialMetatypeToObjectExpr.qll eb0d42aac3f6331011a0e26cf5581c5e0a1b5523d2da94672abdebe70000d65b efe2bc0424e551454acc919abe4dac7fd246b84f1ae0e5d2e31a49cbcf84ce40 -lib/codeql/swift/generated/expr/ExplicitCastExpr.qll d98c1ad02175cfaad739870cf041fcd58143dd4b2675b632b68cda63855a4ceb 2aded243b54c1428ba16c0f131ab5e4480c2004002b1089d9186a435eb3a6ab5 +lib/codeql/swift/generated/expr/ExplicitCastExpr.qll 7c2a0ae4287b69f1e6baa66de9dd2c84881b7a975be9936eeb0feaba4fef740d 239dbe3f52d1d4d040fc3a579591126fddd2562905e439b24cadad39f63c7f5f lib/codeql/swift/generated/expr/ExplicitClosureExpr.qll c5291fb91e04a99133d1b4caf25f8bd6e7f2e7b9d5d99558143899f4dc9a7861 c5291fb91e04a99133d1b4caf25f8bd6e7f2e7b9d5d99558143899f4dc9a7861 -lib/codeql/swift/generated/expr/Expr.qll 68beba5a460429be58ba2dcad990932b791209405345fae35b975fe64444f07e a0a25a6870f8c9f129289cec7929aa3d6ec67e434919f3fb39dc060656bd1529 +lib/codeql/swift/generated/expr/Expr.qll a8fd735004b6e60d09111292f4005399c63749d7b0a0c4c25f012e496237ebcd f51397fddb39469ca64701eb94a5fb520bf64a035b2274b96276efb3013c6456 lib/codeql/swift/generated/expr/FloatLiteralExpr.qll ae851773886b3d33ab5535572a4d6f771d4b11d6c93e802f01348edb2d80c454 35f103436fc2d1b2cec67b5fbae07b28c054c9687d57cbd3245c38c55d8bde0b lib/codeql/swift/generated/expr/ForceTryExpr.qll 062997b5e9a9e993de703856ae6af60fe1950951cf77cdab11b972fb0a5a4ed3 062997b5e9a9e993de703856ae6af60fe1950951cf77cdab11b972fb0a5a4ed3 -lib/codeql/swift/generated/expr/ForceValueExpr.qll 97a8860edae2ea0754b31f63fc53be1739cd32f8eb56c812709f38e6554edef7 359b9c4708f0c28465661690e8c3b1ed60247ca24460749993fe34cf4f2f22f9 +lib/codeql/swift/generated/expr/ForceValueExpr.qll 031918fbc027cbdaaa5fb24348c1b87e0de872ead052a0087afc7aa9a2a46146 b10988554b049b4c07ba394b028e2402b422581402cc82702d3a340f170aaee5 lib/codeql/swift/generated/expr/ForcedCheckedCastExpr.qll cf4792bd4a2c5ce264de141bdbc2ec10f59f1a79a5def8c052737f67807bb8c1 cf4792bd4a2c5ce264de141bdbc2ec10f59f1a79a5def8c052737f67807bb8c1 lib/codeql/swift/generated/expr/ForeignObjectConversionExpr.qll 243a4e14037546fcbb0afc1c3ba9e93d386780e83518b0f03383a721c68998d6 8ea334750c8797f7334f01c177382088f60ef831902abf4ff8a62c43b8be4ca5 lib/codeql/swift/generated/expr/FunctionConversionExpr.qll 8f6c927adaf036358b276ad1d9069620f932fa9e0e15f77e46e5ed19318349ab 8f6c927adaf036358b276ad1d9069620f932fa9e0e15f77e46e5ed19318349ab -lib/codeql/swift/generated/expr/IdentityExpr.qll 1b9f8d1db63b90150dae48b81b4b3e55c28f0b712e567109f451dcc7a42b9f21 6e64db232f3069cf03df98a83033cd139e7215d4585de7a55a0e20ee7a79b1c8 -lib/codeql/swift/generated/expr/IfExpr.qll d9ef7f9ee06f718fd7f244ca0d892e4b11ada18b6579029d229906460f9d4d7e e9ef16296b66f2a35af1dad4c3abcf33071766748bcab99a02a0e489a5614c88 -lib/codeql/swift/generated/expr/ImplicitConversionExpr.qll 52dc57e4413ab523d2c2254ce6527d2d9adaaa4e7faba49b02a88df292aa911d 39883081b5feacf1c55ed99499a135c1da53cd175ab6a05a6969625c6247efd7 -lib/codeql/swift/generated/expr/InOutExpr.qll 26d2019105c38695bace614aa9552b901fa5580f463822688ee556b0e0832859 665333c422f6f34f134254cf2a48d3f5f441786517d0916ade5bec717a28d59d +lib/codeql/swift/generated/expr/IdentityExpr.qll 2f65d65b46e0b0e9681e641bc543da38b5d1865bdd470c17ffe3286b2a9f72a6 b6b907f1bd7669fb494d3b0f1a6c4e65889becc2349d0d272a00ca09f258e5da +lib/codeql/swift/generated/expr/IfExpr.qll e1cc10ec12eea72143f922fd100a889e3391b0ea37f084be4466407d2a74717e c248b798feff101d04bdc0d24c383f4caf3f0fbcb26d1b747cf14bd42322081a +lib/codeql/swift/generated/expr/ImplicitConversionExpr.qll 534ad4adc1fab3c12587dc300434afbad4a9c05d8ae35bfb832badb2db818245 3a382d7e3c1e4f5248a66bcd18cc1f295df6a3a8a3dca21c893533d0ef052cc7 +lib/codeql/swift/generated/expr/InOutExpr.qll 19401ce62967483efe219cd23512efbe782a0f0cd8352e71c0623671104335bc 9dc0076a2975bfe42f301e6b4f1da47a3aceb98807ded70d8d2a77529cfb10c7 lib/codeql/swift/generated/expr/InOutToPointerExpr.qll 4b9ceffe43f192fac0c428d66e6d91c3a6e2136b6d4e3c98cdab83b2e6a77719 4b9ceffe43f192fac0c428d66e6d91c3a6e2136b6d4e3c98cdab83b2e6a77719 lib/codeql/swift/generated/expr/InitializerRefCallExpr.qll 4556d49d78566ad70a5e784a6db4897dc78ef1f30e67f0052dbb070eca8350f0 4556d49d78566ad70a5e784a6db4897dc78ef1f30e67f0052dbb070eca8350f0 lib/codeql/swift/generated/expr/InjectIntoOptionalExpr.qll b6fafb589901d73e94eb9bb0f5e87b54378d06ccc04c51a9f4c8003d1f23ead6 b6fafb589901d73e94eb9bb0f5e87b54378d06ccc04c51a9f4c8003d1f23ead6 lib/codeql/swift/generated/expr/IntegerLiteralExpr.qll aa54660c47169a35e396ea44430c3c4ec4353e33df1a00bd82aff7119f5af71b 7ba90cf17dd34080a9923253986b0f2680b44c4a4ba6e0fbad8b39d3b20c44b9 -lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll 35f79ec9d443165229a2aa4744551e9e288d5cd051ace48a24af96dc99e7184a 28e8a3dc8491bcb91827a6316f16540518b2f85a875c4a03501986730a468935 +lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll 76afd9b052d191efb55adc9d02da5cf538822df2b6d1e2f6138b0680b5580c5b cd8d11cd4d13d49971961a8ba872257e79eed813711dd442e7300b241ca9a7d8 lib/codeql/swift/generated/expr/IsExpr.qll b5ca50490cae8ac590b68a1a51b7039a54280d606b42c444808a04fa26c7e1b6 b5ca50490cae8ac590b68a1a51b7039a54280d606b42c444808a04fa26c7e1b6 -lib/codeql/swift/generated/expr/KeyPathApplicationExpr.qll 232e204a06b8fad3247040d47a1aa34c6736b764ab1ebca6c5dc74c3d4fc0c9b 6b823c483ee33cd6419f0a61a543cfce0cecfd0c90df72e60d01f5df8b3da3c0 +lib/codeql/swift/generated/expr/KeyPathApplicationExpr.qll 9256a74d0cbce2390ac5af8a96d16d50837cc8bac5cbe150f1a6f9bc2783369c e91bde8513bfeb287f13e6bf4fe9344822e3f28ef18554d1b68d4411b965d119 lib/codeql/swift/generated/expr/KeyPathDotExpr.qll ea73a462801fbe5e27b2f47bca4b39f6936d326d15d6de3f18b7afa6ace35878 ea73a462801fbe5e27b2f47bca4b39f6936d326d15d6de3f18b7afa6ace35878 -lib/codeql/swift/generated/expr/KeyPathExpr.qll d78eb3a2805f7a98b23b8cb16aa66308e7a131284b4cd148a96e0b8c600e1db3 9f05ace69b0de3cdd9e9a1a6aafeb4478cd15423d2fa9e818dd049ddb2adfeb9 -lib/codeql/swift/generated/expr/LazyInitializationExpr.qll b15d59017c4f763de1b944e0630f3f9aafced0114420c976afa98e8db613a695 71a10c48de9a74af880c95a71049b466851fe3cc18b4f7661952829eeb63d1ba +lib/codeql/swift/generated/expr/KeyPathExpr.qll 320299a42630a6190b98bf27a6e4acb280573dc5bff8fc7d5fc734107984629b 51823892909330c12fb53f27d35cc686b03793b66c62b6423b25f96e07a0946d +lib/codeql/swift/generated/expr/LazyInitializationExpr.qll a32e19a88296c499c8a934d0be5400ceb310e7f73996518c4ddc5dd06e922bd4 ecfcc601f01581993b2c5adbd0c00c741e4731422c85d75359c27f80d5d4be17 lib/codeql/swift/generated/expr/LinearFunctionExpr.qll cd4c31bed9d0beb09fdfc57069d28adb3a661c064d9c6f52bb250011d8e212a7 cd4c31bed9d0beb09fdfc57069d28adb3a661c064d9c6f52bb250011d8e212a7 lib/codeql/swift/generated/expr/LinearFunctionExtractOriginalExpr.qll ee7d3e025815b5af392ffc006ec91e3150130f2bd708ab92dbe80f2efa9e6792 bcf9ed64cca2dcf5bb544f6347de3d6faa059a1900042a36555e11dfbe0a6013 lib/codeql/swift/generated/expr/LinearToDifferentiableFunctionExpr.qll f7aa178bff083d8e2822fda63de201d9d7f56f7f59f797ec92826001fca98143 c3ef32483f6da294c066c66b1d40159bc51366d817cf64a364f375f5e5dfa8b0 lib/codeql/swift/generated/expr/LiteralExpr.qll b501f426fa4e638b24d772c2ce4a4e0d40fce25b083a3eee361a66983683ee9d 068208879c86fbd5bed8290ce5962868af6c294a53ad1548cf89cf5a7f8e1781 lib/codeql/swift/generated/expr/LoadExpr.qll 90b9ba4c96c26c476c3692b1200c31071aa10199d3e21ef386ff48b9f0b6d33a 90b9ba4c96c26c476c3692b1200c31071aa10199d3e21ef386ff48b9f0b6d33a -lib/codeql/swift/generated/expr/LookupExpr.qll 4b8c4f710e3cbdeb684a07c105f48915782e5de002da87f693ae1e07f3b67031 eceb13729282b77a44317c39f9206d9c1467bc93633b7bac5ada97ea13a773fe +lib/codeql/swift/generated/expr/LookupExpr.qll b779a332de7d4e2713e46f0755d199af67bc1982777307603b6da93f089ce736 984f030417fb890262404e8da98133f8352289058463c6f049d3083a7b25201a lib/codeql/swift/generated/expr/MagicIdentifierLiteralExpr.qll 16f0050128caf916506b1f7372dc225a12809a60b5b00f108705fcdfce3344a8 c064778526a5854bdf8cdbf4b64ad680b60df9fe71ec7a2d9aa6c36a7c4e5b31 -lib/codeql/swift/generated/expr/MakeTemporarilyEscapableExpr.qll d23bd9ea3b13869d7a7f7eef3c3d1c3c156d384b72c65867a0b955bc517da775 f2fd167ac40f01c092b2b443af1557c92dac32074506f2195d32f60b0e0547d8 +lib/codeql/swift/generated/expr/MakeTemporarilyEscapableExpr.qll bdb121f1e355ab5556288eaab7fd6e9bc811d6178d5bc923f70495674f124ac1 132002ab50d8ddb6192969c7ae723652c3a043170f122e7e1e6f69a3ded2dec9 lib/codeql/swift/generated/expr/MemberRefExpr.qll e7db805b904d9b5d1e2bc2c171656e9da58f02a585127c45f52f7f8e691dc2e5 b44b5208e0b72060527a6fdb24b17b208f2263d78690d13548fba937fe0db3cd lib/codeql/swift/generated/expr/MetatypeConversionExpr.qll 714ecbc8ac51fdaaa4075388f20fe5063ead9264ca20c4ab8864c48364ef4b42 714ecbc8ac51fdaaa4075388f20fe5063ead9264ca20c4ab8864c48364ef4b42 -lib/codeql/swift/generated/expr/MethodLookupExpr.qll 357bc9ab24830ab60c1456c836e8449ce30ee67fe04e2f2e9437b3211b3b9757 687a3b3e6aeab2d4185f59fc001b3a69e83d96023b0589330a13eeefe3502a80 +lib/codeql/swift/generated/expr/MethodLookupExpr.qll c046f7a05fa7a7a6cdbd77814d4695298132d5b8d7fc77b069760bd99ca2dcd5 b645d0b979916293b61a7dbb363d47478e3abf3e5f08fcdbfc466a46109b84f1 lib/codeql/swift/generated/expr/NilLiteralExpr.qll 6f44106bc5396c87681676fc3e1239fe052d1a481d0a854afa8b66369668b058 6f44106bc5396c87681676fc3e1239fe052d1a481d0a854afa8b66369668b058 lib/codeql/swift/generated/expr/NumberLiteralExpr.qll 8acc7df8fe83b7d36d66b2feed0b8859bfde873c6a88dd676c9ebed32f39bd04 4bbafc8996b2e95522d8167417668b536b2651817f732554de3083c4857af96a -lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll 6a4a36798deb602f4cf48c25da3d487e43efb93d7508e9fc2a4feceaa465df73 7f4b5b8a1adf68c23e169cd45a43436be1f30a15b93aabbf57b8fd64eadc2629 -lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll 541bd1d9efd110a9e3334cd6849ad04f0e8408f1a72456a79d110f2473a8f87c 3c51d651e8d511b177b21c9ecb0189e4e7311c50abe7f57569be6b2fef5bc0d7 -lib/codeql/swift/generated/expr/OneWayExpr.qll bf6dbe9429634a59e831624dde3fe6d32842a543d25a8a5e5026899b7a608a54 dd2d844f3e4b190dfba123cf470a2c2fcfdcc0e02944468742abe816db13f6ba +lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll 6d662aeaa104bb590fca8c0b18c47c6a7b841eb118b2e40783d4e1410dc6b188 64adf0a0b32de64189cea427741d9d8c559b5a606b6a9de77b76aa67c3926487 +lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll 16fde05a4a997f5fab3b7abc20215062dc7b110e5291bda061b59ba673b639af a8fdb788d1caeae3954f37ccc4c688248ee6bc7548086832f9646d99b12bcb6d +lib/codeql/swift/generated/expr/OneWayExpr.qll e4e4f44eaaf8bba954fbbd2f33ab3b6b000a8adca8889eb07fe1b230f2e9d86a 60c86fb20399c60cd8c95a91f2a76f82f5b370bd52d25694139b23215af64d5e lib/codeql/swift/generated/expr/OpaqueValueExpr.qll 354f23d00d5ea2e734fd192130620d26c76c14d5bb7b0a1aa69f17ffb5289793 354f23d00d5ea2e734fd192130620d26c76c14d5bb7b0a1aa69f17ffb5289793 -lib/codeql/swift/generated/expr/OpenExistentialExpr.qll 55cfe105f217a4bdb15d1392705030f1d7dec8c082cafa875301f81440ec0b7b 168389014cddb8fd738e2e84ddd22983e5c620c3c843de51976171038d95adc0 -lib/codeql/swift/generated/expr/OptionalEvaluationExpr.qll 000b00afe1dcdec43f756f699fd3e38212884eab14bf90e3c276d4ca9cb444a6 177bd4bfbb44e9f5aeaaf283b6537f3146900c1376854607827d224a81456f59 +lib/codeql/swift/generated/expr/OpenExistentialExpr.qll 3c703aeb60d582ef2b3ec279549e6d5e587053192ebb52791f8ed7309da5de88 ab22ef76436bfd3cac13d02b0da81063dcc38d5c3a08fc6501db940a7b8660c7 +lib/codeql/swift/generated/expr/OptionalEvaluationExpr.qll 30580135a909742ce63edcf412640aad1aae9f8a4dcbb9814e579fa9ae046c25 f6f7159379605cc985032ca9795cb5c711db9d318d45c90c91618f0dd144636b lib/codeql/swift/generated/expr/OptionalTryExpr.qll f0c8dff90faee4fbf07772efda53afe1acc1fd148c16ee4d85a1502a36178e71 f0c8dff90faee4fbf07772efda53afe1acc1fd148c16ee4d85a1502a36178e71 -lib/codeql/swift/generated/expr/OtherInitializerRefExpr.qll bfaa8c29fcc356c76839400dbf996e2f39af1c8fe77f2df422a4d71cbb3b8aa3 23f67902b58f79ba19b645411756567cc832b164c7f4efcc77319987c9266d5f -lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll 355f2c3c8f23345198ebfffba24e5b465ebdf6cd1ae44290bd211536377a6256 9436286072c690dff1229cddf6837d50704e8d4f1c710803495580cab37a0a1b +lib/codeql/swift/generated/expr/OtherInitializerRefExpr.qll 2a3aea57c598fac2c7b2972983cc735acb38eac65e65903f6e76e2166ca58a78 a99d418f26b3e867c42633d93769e49a06f3863fc2068f16cb6bc7f331ad3f56 +lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll 382fec573d036c6b75692d42d64b3e3ed3088c73b905318cb4cc5a743e009578 9feb7a67656d1e6380e2be1a4484980dc8b40844aebdd032a2862af834d2da2e lib/codeql/swift/generated/expr/ParenExpr.qll f3fb35017423ee7360cab737249c01623cafc5affe8845f3898697d3bd2ef9d7 f3fb35017423ee7360cab737249c01623cafc5affe8845f3898697d3bd2ef9d7 lib/codeql/swift/generated/expr/PointerToPointerExpr.qll 7d6fa806bba09804705f9cef5be66e09cbbbbda9a4c5eae75d4380f1527bb1bd 7d6fa806bba09804705f9cef5be66e09cbbbbda9a4c5eae75d4380f1527bb1bd lib/codeql/swift/generated/expr/PostfixUnaryExpr.qll d1094c42aa03158bf89bace09b0a92b3056d560ebf69ddbf286accce7940d3ab d1094c42aa03158bf89bace09b0a92b3056d560ebf69ddbf286accce7940d3ab lib/codeql/swift/generated/expr/PrefixUnaryExpr.qll f66dee3c70ed257914de4dd4e8501bb49c9fe6c156ddad86cdcc636cf49b5f62 f66dee3c70ed257914de4dd4e8501bb49c9fe6c156ddad86cdcc636cf49b5f62 -lib/codeql/swift/generated/expr/PropertyWrapperValuePlaceholderExpr.qll 011897278a75050f1c55bd3f2378b73b447d5882404fd410c9707cd06d226a0e e4878e3193b8abf7df6f06676d576e1886fd9cd19721583dd66ea67429bc72a1 +lib/codeql/swift/generated/expr/PropertyWrapperValuePlaceholderExpr.qll be709fb5ca2b4d85eb26fdaf50a60d87252c64a84400acec1d739197da2cfff8 9fa64c4904efc96bc3566c14f38592f1f41ace65d669fdda57cba858bbd52c6f lib/codeql/swift/generated/expr/ProtocolMetatypeToObjectExpr.qll b692be6e5b249c095b77f4adcad5760f48bc07f6f53767ee3d236025ee4a2a51 efa47435cde494f3477164c540ac1ce0b036cb9c60f5f8ec7bfca82a88e208fb -lib/codeql/swift/generated/expr/RebindSelfInInitializerExpr.qll 7e4420bfe346ccc94e7ec9e0c61e7885fa5ad66cca24dc772583350d1fd256e1 62888a035ef882e85173bb9d57bce5e95d6fd6763ceb4067abf1d60468983501 +lib/codeql/swift/generated/expr/RebindSelfInInitializerExpr.qll 0339797449a2dcb08d874f800035e444a86a112f3ba2327a49c82dae6ab4cec9 6fc8cdd932ced95ef0548d81731b71e55b0b1ccffbce579d80370bd9523f722d lib/codeql/swift/generated/expr/RegexLiteralExpr.qll a11eb6f6ce7cebb35ab9ff51eae85f272980140814d7e6bded454069457a1312 bdb4bb65c9f4e187cf743ed13c0213bb7e55db9cc3adeae2169df5e32b003940 -lib/codeql/swift/generated/expr/SelfApplyExpr.qll 8a2d8ee8d0006a519aadbdb9055cfb58a28fd2837f4e3641b357e3b6bda0febe fc64b664b041e57f9ca10d94c59e9723a18d4ff9d70f2389f4c11a2a9f903a6f -lib/codeql/swift/generated/expr/SequenceExpr.qll 45f976cbc3ce6b3278955a76a55cd0769e69f9bd16e84b40888cd8ebda6be917 ebb090897e4cc4371383aa6771163f73fa2c28f91e6b5f4eed42d7ad018267f3 +lib/codeql/swift/generated/expr/SelfApplyExpr.qll 7890ce785dffa87daa086498d300a1926b75d3ed32fee9bb227cd65e6833c7cc 0ef9389478c0de2d43b360525216f7dd097323b957f8fe36ec18013183e63689 +lib/codeql/swift/generated/expr/SequenceExpr.qll 7467f86f7ce67bf6b50585eed32c026700c800300156179b09858fee8fafa96c 861d827db780611557a87d5b36f173d470b4701729ac773dd0091b195619fa24 lib/codeql/swift/generated/expr/StringLiteralExpr.qll f420c5cd51a223b6f98177147967266e0094a5718ba2d57ae2d3acbb64bbb4b6 30d6dab2a93fd95e652a700902c4d106fecfce13880c2ece565de29f2504bedf lib/codeql/swift/generated/expr/StringToPointerExpr.qll ef69b570aa90697d438f5787a86797955b4b2f985960b5859a7bd13b9ecb9cd3 ef69b570aa90697d438f5787a86797955b4b2f985960b5859a7bd13b9ecb9cd3 -lib/codeql/swift/generated/expr/SubscriptExpr.qll 6d8717acbdbb0d53a6dedd98809e17baa42c88e62fab3b6d4da9d1ce477d15c3 6d568c6adb2b676b1945aa3c0964b26e825c9464156f296f3ec0d5b7ece90521 -lib/codeql/swift/generated/expr/SuperRefExpr.qll 60de86a46f238dc32ec1ed06a543917147b7a4b9184da99fce153e7fc6a43b7c 798ca560ed9511775b8fad0c772bbcd8a29bebc65996dec1252716087dc110a0 -lib/codeql/swift/generated/expr/TapExpr.qll 0a2cbaaec596fa5aabb7acc3cab23bbf1bb1173ea4f240634698d5a89686d014 2267243198f67bb879d639f566e9729cfa9e3a3e205ffe6ff3782b7017a8bf7f +lib/codeql/swift/generated/expr/SubscriptExpr.qll 814310819247d459fa650e02022083d49f2103d1dd79169ac9980fbfecd8ba45 c33270ae90e950af8affd8ef99208d092bcbe2994511c1c3f15aad72dcde5eb2 +lib/codeql/swift/generated/expr/SuperRefExpr.qll ae3563dd5dc3a820f627f8ca06e6b13876f7ff1125ba679773fdbb67fc47a693 de24bebae85e543e6d5b2bc2b3236aefe46d0511668838cacd60023d09318647 +lib/codeql/swift/generated/expr/TapExpr.qll ee07e14ed0bffeb28c7cd8068ed1010202319d456a7c378b70de6d733f18f12d d1fdec2425d6a3e774c279d2b9b2291d40816e8bf4da4a46704d31b7037161dd lib/codeql/swift/generated/expr/TryExpr.qll e6619905d9b2e06708c3bf41dace8c4e6332903f7111b3a59609d2bb7a6483ee e6619905d9b2e06708c3bf41dace8c4e6332903f7111b3a59609d2bb7a6483ee -lib/codeql/swift/generated/expr/TupleElementExpr.qll 764371c3b6189f21dcdc8d87f9e6f6ba24e3f2ef0b8c35b8ce8c3b7d4feb7370 25f4f2b747b3887edd82d5eb3fa9ba1b45e7921d2745bfee06300db22a35c291 -lib/codeql/swift/generated/expr/TupleExpr.qll f271bdfca86c65d93851f8467a3ebbbb09071c7550767b3db44ad565bb30ef02 1de9f0c1f13649ec622e8ae761db9f68be1cb147b63fd3a69d1b732cdb20703d -lib/codeql/swift/generated/expr/TypeExpr.qll 132096079d0da05ac0e06616e4165c32c5f7e3bc338e37930bb81f4d26d7caea edd58d31ce921a8f7d09c49de3683d5170dfed636184bafc862bbfd78c474ca6 +lib/codeql/swift/generated/expr/TupleElementExpr.qll f729d1120bdb850ec0add490f0997d1c6af9356f5634a2ac11bde14304f91cc3 9031560267c3327f1a63777dd4fe4158093313ea11998efa9bb7bd7df8dcdc79 +lib/codeql/swift/generated/expr/TupleExpr.qll c3a0123f15bd584c8c27703a92df20c003ccea55665dab9fd5119d9b5c0ae93b e65362b0cb86b07a50e384534612eea84b44635ae55a61927d0d558ea44c3aa3 +lib/codeql/swift/generated/expr/TypeExpr.qll e2103b8d717e0390baffce2f35d2b01d3084f873a47fe7e70ba452368c640bd3 e311df2c9b77503bc776a6c3266d3fcd17a368d0f5cf7a5dbb7df00123b284f1 lib/codeql/swift/generated/expr/UnderlyingToOpaqueExpr.qll 13d6c7a16ec0c4c92d12e052437dfa84274394ee8a4ca9b2c9e59514564dc683 13d6c7a16ec0c4c92d12e052437dfa84274394ee8a4ca9b2c9e59514564dc683 lib/codeql/swift/generated/expr/UnevaluatedInstanceExpr.qll 21dedc617838eed25a8d3a011296fda78f99aee0e8ae2c06789484da6886cfea 21dedc617838eed25a8d3a011296fda78f99aee0e8ae2c06789484da6886cfea -lib/codeql/swift/generated/expr/UnresolvedDeclRefExpr.qll ec9c06fd24029fb2a35faa579cb5d4504900a605a54fdfc60ee5a9799d80c7c9 f1d258cc03d19099089f63734c54ac5aa98c72cf7c04664b49a03f879555e893 -lib/codeql/swift/generated/expr/UnresolvedDotExpr.qll d6bf4bf1a3c4732f2ca3feef34e8482fc6707ac387a2d6f75cb5dde2e742cc38 d58048081b4c2ed582749b03ae8158d9aa0786f1f0bf2988f2339fee2d42e13b +lib/codeql/swift/generated/expr/UnresolvedDeclRefExpr.qll 17e83f6418f39cfd3b7768ba694dafce2807f97239d3ac0939fc0c3761ae3571 910e9440cae403b13b6dd501a3dbbda564a1d7d61a532e99a1825590c2d9a4ab +lib/codeql/swift/generated/expr/UnresolvedDotExpr.qll 49fbcf07c345b6db06cfcb09e6f03b45b34fa7e520a3c205d47558d779e4c962 1dd710c2ffd9a0fa8b3f4a117ccc1d85d9c940e5387403472360b6732c2cbffb lib/codeql/swift/generated/expr/UnresolvedMemberChainResultExpr.qll ce900badb9484eb2202c4df5ab11de7a3765e8e5eefaa9639779500942790ef1 c626ff29598af71151dd4395086134008951d9790aa44bcd3d4b2d91d6ca017a lib/codeql/swift/generated/expr/UnresolvedMemberExpr.qll 6604f7eea32c151322c446c58e91ff68f3cfbf0fc040ccee046669bcc59fb42d c7738e6b909cb621ac109235ba13ede67a10b32894fd1a5114b16d48d6e9b606 -lib/codeql/swift/generated/expr/UnresolvedPatternExpr.qll 6f4494d73d3f286daef9b0c6edef9e2b39454db3f1f54fcb5a74f3df955e659d 39fbd35d8755353b3aad89fbf49344b2280561f2c271d9cee6011c9ea9c7bf03 -lib/codeql/swift/generated/expr/UnresolvedSpecializeExpr.qll 17387e6e516254bfda7836974771ec1cf9afe6d255f6d28768f6033ac9feced8 e6ec877eb07aa4b83857214675f4d0bc0c89f8c2041daeccaa1285c4a77642f7 +lib/codeql/swift/generated/expr/UnresolvedPatternExpr.qll 0c41a4752c618e38c5dcb0892afe5bf112a2a7197270338673f7d676ed40bdc5 0187956c9c5cd49b6de82db12c157115015031a4fce7998cd5380d19cfd78ab9 +lib/codeql/swift/generated/expr/UnresolvedSpecializeExpr.qll 6235187fc15e1b041d1b9058fa239b1f23f638d8ebc09f1bc424ece99a26ebd5 96e3eafe9adfe7736f6090fa9f2c93573697a69d5ad529852abf3b5e4a4e72ca lib/codeql/swift/generated/expr/UnresolvedTypeConversionExpr.qll a38b74b695b9a21b2f1202d4d39017c3ac401e468079477b6d4901c118ae26b6 a79fb5b50b2a50cb2508360374640817848044a203e6b2ce93d6f441a208b84d -lib/codeql/swift/generated/expr/VarargExpansionExpr.qll de72227f75493de4bbb75b80fd072c994ef0e6c096bcaf81fd7dd0b274df5ea9 5400811b30f9673f387a26cfb1ab9fc7ef0055fafb1b96985211b4dde8b1b8f9 +lib/codeql/swift/generated/expr/VarargExpansionExpr.qll f376431600530b233e0c2cab8544e1ecaf6d8dd13e885a0f643f13b4d98b910a 924daf0733b31937a4dc15d665530204103c9a2b1c0f3abdbbd658f189b77d82 lib/codeql/swift/generated/pattern/AnyPattern.qll ce091e368da281381539d17e3bac59497ad51bb9c167d8991b661db11c482775 ce091e368da281381539d17e3bac59497ad51bb9c167d8991b661db11c482775 -lib/codeql/swift/generated/pattern/BindingPattern.qll 0687ec9761718aed5a13b23fe394f478844c25d6e1feec44d877d82deccd7a70 01bcb096073747e10fc3d2de0c3cc0971ab34626e2b4b2f2bfd670680aff3d5e +lib/codeql/swift/generated/pattern/BindingPattern.qll 0a6f32d66be8fc32daa2843660e4f460b85df79ff18f424aee1fc4c280885f1c eac5a045c08fe828871931f335105ee5e9eeb2fd313d14886631fd5701254721 lib/codeql/swift/generated/pattern/BoolPattern.qll 118300aa665defa688a7c28f82deb73fa76adce1429d19aa082c71cfcbeb0903 0cd6db87e925e89f8ad6d464762d01d63ddfd34b05a31d5e80eb41aec37480b4 -lib/codeql/swift/generated/pattern/EnumElementPattern.qll 397ae58175ff54d35388b86524172009904cb784040ef06b8421f1dcdf064e3e 1485105498b397d7ee5cb1b3dd99e76597018dc357983b3e463bf689ddda865d -lib/codeql/swift/generated/pattern/ExprPattern.qll 99072c50c5361966cdb312e9b1571c1c313cbcfffe5ea9e77247709f5ff9acf5 6ec3ad407528f0bd773103945e3184681ef2af990efdc8fcf1982799909c54bf -lib/codeql/swift/generated/pattern/IsPattern.qll 3716a0e7153393f253fe046f479c2bc3bf1a2c5d7afb1bfa577bb830fcb6b52b 730324d250c4a4e9073b1c5b777aa1ab57759caf447696feee90068baa337f20 +lib/codeql/swift/generated/pattern/EnumElementPattern.qll 7c5a75523f851aa3e67c8c4e8274516715ebf61876931956169a9af03e1e1544 6631cff61b4b27ff8ba9eceb1bff25905159086154093c6200d157273ac10c42 +lib/codeql/swift/generated/pattern/ExprPattern.qll 68e211bc265d80eb77c3227fe804d54fcd199693dba3a6a1bdc74ac190c2c53d df5df794ef24c91d0414995dbdf57ca2009ccc55f70fd3298d6c77572c1d5e7e +lib/codeql/swift/generated/pattern/IsPattern.qll 1428413d7edc1daae1b9369184d2bfe93e83ed91b782ef8217ecdf231f6d858b e1a21f58b2b511bfbd47df08af95750c9731f647a28583220bfcc89aecfeeb18 lib/codeql/swift/generated/pattern/NamedPattern.qll 5d25e51eb83e86363b95a6531ffb164e5a6070b4a577f3900140edbef0e83c71 9e88b2b2b90a547b402d4782e8d494bc555d4200763c094dd985fe3b7ebc1ec8 -lib/codeql/swift/generated/pattern/OptionalSomePattern.qll 4230ba4adaac68868c7c5bd2bf30d1f8284f1025acb3ae9c47b6a87f09ccdcd9 449568950700d21854ec65f9751506fc4dc4e490a4744fb67ca421fc2956fc6a -lib/codeql/swift/generated/pattern/ParenPattern.qll 4e5e2968ffdf07a68f5d5a49f4ecc1a2e7ff389c4fd498cc272e7afd7af7bea5 a143af906ab0cef8cbe3ed8ae06cb4dcb520ded3d70dbb800dab2227b9bf8d3c +lib/codeql/swift/generated/pattern/OptionalSomePattern.qll 93e3b0d2f6ebc042ebc9ff139f4df5d80e715e1a2cfa4c5ded7548a5f3897fc8 aa0bb0ae4c82472911fa9d434080f6c4fd1d8a316ed97d9aae8bde0a81a41da3 +lib/codeql/swift/generated/pattern/ParenPattern.qll 2b86219dec05da6e953f4c1cb038d98c3566ab278279d8af723817926ae88eec 23e586a6180635e81136d768b3b99755f08ef0e1c8bb46048f6dd31cf8a30879 lib/codeql/swift/generated/pattern/Pattern.qll 0e96528a8dd87185f4fb23ba33ea418932762127e99739d7e56e5c8988e024d1 ba1e010c9f7f891048fb8c4ff8ea5a6c664c09e43d74b860d559f6459f82554a -lib/codeql/swift/generated/pattern/TuplePattern.qll d658653bdbe5e1a730e462c4bad7e2c468413b1f333c0a816a0e165ad8601a45 d0c4b5a4c04ad8a1ebf181313937e4e1d57fb8a98806f1161c289f9f5818961a -lib/codeql/swift/generated/pattern/TypedPattern.qll e46078cd90a30379011f565fefb71d42b92b34b1d7fd4be915aad2bafbdbeaf3 aedf0e4a931f868cc2a171f791e96732c6e931a979b2f03e37907a9b2b776cad -lib/codeql/swift/generated/stmt/BraceStmt.qll 121c669fc98bf5ed1f17e98fdfc36ae5f42e31436c14c16b53c13fd64bdaada8 c8eb7eed650586c2b71683096ea42461a9e811e63fe90aaa7da307b6cd63bc03 -lib/codeql/swift/generated/stmt/BreakStmt.qll 31d6b2969a919062c46e7bf0203f91c3489ee3c364e73fc2788f0e06ac109b25 7fca57698a821e81903204f271d0a220adfdd50ff144eafd6868286aa6aefa33 -lib/codeql/swift/generated/stmt/CaseLabelItem.qll 0755fabf3ca7a5ee9a553dec0a6d8af3c8abdc99015c229ce1c4b154a3af80d9 b3c9b88610a3dc729a5eb4f9667710d84a5ac0f3acddcda3031e744309265c68 -lib/codeql/swift/generated/stmt/CaseStmt.qll 3cbb4e5e1e04931489adf252d809e0f153bfd32fb32cf05917ded5c418e78695 c80f22ce4915073e787634e015f7461b4b64cf100ad7705f4b1507cef1e88ea7 -lib/codeql/swift/generated/stmt/ConditionElement.qll 46fe0a39e64765f32f5dd58bcd6c54f161806754fdac5579e89a91bc7d498abf aaedd5410971aeb875a4fbcb1464c5e84341fafcbdaacbd4d9d3c69b4a25bcc2 -lib/codeql/swift/generated/stmt/ContinueStmt.qll 3213c4ede9c8240bcb1d1c02ee6171821cdfbf89056f1e5c607428dcfaf464f6 00756c533dfd9ee5402e739f360dfe5203ee2043e20fc1982d7782ca7a249f9a -lib/codeql/swift/generated/stmt/DeferStmt.qll 69a8e04618569b61ce680bae1d20cda299eea6064f50433fa8a5787114a6cf5e 12c4f66fc74803f276bbb65e8a696f9bd47cc2a8edfebb286f5c3b2a5b6efce7 -lib/codeql/swift/generated/stmt/DoCatchStmt.qll f8d2e7366524518933bd59eb66f0ac13266c4483ec4e71c6c4e4e890374787a1 31529884d5c49f119491f8add3bc06dd47ca0a094c4db6b3d84693db6a9cc489 -lib/codeql/swift/generated/stmt/DoStmt.qll dfa2879944e9b6879be7b47ba7e2be3cbb066322a891453891c4719bf0eb4a43 581c57de1a60084f8122fc698934894bbb8848825cb759fa62ff4e07002840cb +lib/codeql/swift/generated/pattern/TuplePattern.qll d82f3fc807251263209d0cf27f19a48707e0368f3e93192c82d9ade66baca52d 68f1375cb150bcc280ecc065cdac85e7b05ecfd630993ebe944e9f34482818a6 +lib/codeql/swift/generated/pattern/TypedPattern.qll 4d9dec2bad3deccd7881ea8a0d6ff5807fae998febf2b4e6f0dd98341a0bbbdc 57309d44718c48e93622911957fc0a81dabf28d0a1f488c834f052d79bc7e93e +lib/codeql/swift/generated/stmt/BraceStmt.qll 1bbe5c2c4d88885e5345423ca03af269f881fc32a02154072acafd111a6c18b7 6a815892a8372bdfd12c270790d2ef7242310b54703fed8292b8d4ab5ee9d7e1 +lib/codeql/swift/generated/stmt/BreakStmt.qll ec8d423c7139f6fc8470d039549d9a6cb53834645cf0e940bceaee1aed560788 45c2b269aabd209e811d99fd0ae457fff9ed5332df854a7bf86c1f436ea549cb +lib/codeql/swift/generated/stmt/CaseLabelItem.qll a2eb4027d8cdacd95134f1ac40b4dd96c1fbc85ddcc92f3aef876cd41764eb5a 6b583bfacaea6033fd803abc1e7e9b64d760aa66200bd2a1d18561bc0c999234 +lib/codeql/swift/generated/stmt/CaseStmt.qll 31b7912e3e85b25864249c3474791fbe821745fbd81f8065b8092383a6005d64 34b873825d1dbcc30dbb551afc0ca0d66c2f5ee8f67b6256b9b74aa03e5fc83d +lib/codeql/swift/generated/stmt/ConditionElement.qll dc1d2180b779d7e2700e46fcc30dfe20caa45371d254c561e57b762a0ee847b0 ab5aea9669bc3cf2e4e20cda87d8ee403896c3749441389dc86f3dd8b2335027 +lib/codeql/swift/generated/stmt/ContinueStmt.qll c29f2fb3913ac561eb9949c9a74aab4e57a00bb80ae2976944f7276c38a2993f 948b6a69841e45bb16066d022616b8854d9a3ece233d8931d5c5e077d59b8679 +lib/codeql/swift/generated/stmt/DeferStmt.qll fd218f179d7139ccfa466bc59ec815d611bc80503f55c224d302060db956fa9e 9b153ed53e84e468ea8887c4866458f32c1b006c1bd51a872997d55f46628bc6 +lib/codeql/swift/generated/stmt/DoCatchStmt.qll 2d9c6235000936da027a89d356d7004ddd8491e4b7533b0ff797e3374abb469b f63ca4196f432333b9ffd1edd781737affb973f76d49394aac23143b8b9b2e72 +lib/codeql/swift/generated/stmt/DoStmt.qll dbce454f0e9e7cbafd610eb00f68d6ce839e111bcfe3a7e9bac315f29e3f6a23 7275838e3fad229de57115afaadaa455efd5c6ed95e469505d0eeb9adb101a30 lib/codeql/swift/generated/stmt/FailStmt.qll d8f5816c51c5027fd6dacc8d9f5ddd21f691c138dfc80c6c79e250402a1fe165 d8f5816c51c5027fd6dacc8d9f5ddd21f691c138dfc80c6c79e250402a1fe165 -lib/codeql/swift/generated/stmt/FallthroughStmt.qll 7574c3b0d4e7901509b64c4a1d0355a06c02a09fc1282c0c5e86fa7566359c2e 54e85e2fd57313a20dfc196ded519422e4adee5ae4b17f4cc47d47b89650bf47 -lib/codeql/swift/generated/stmt/ForEachStmt.qll c58b8ba4bbcb7609ea52181bfd095ecd0f162cd48600b9ce909ae646127a286f af93281c6e6ad02b249d25b0ce35086da37395aaf77dc0801a7b7df406938b1d -lib/codeql/swift/generated/stmt/GuardStmt.qll 18875adfca4a804932fcc035a0f1931fc781b3b4031e1df435c3e6a505d9edba 10f7a0ed8d4975d854f8b558654bfc2ab604b203c2429240e3a4b615e50c7ad8 -lib/codeql/swift/generated/stmt/IfStmt.qll b55a7407988abba2ffc6f37803cff8d62abd5f27048d83a3fc64b8b6ce66590a 91def4db6dd271f5283e9a55a1e186e28e02962df334b5d753cea132731d7a85 -lib/codeql/swift/generated/stmt/LabeledConditionalStmt.qll 42e8f32da8451cab4abf3a262abdf95aec8359606971700eb8c34d6dc3a3472f fa3c186f2cd57e16c7d09b5bf1dc3076db9e97ade0d78f4b12dd563b57207f00 -lib/codeql/swift/generated/stmt/LabeledStmt.qll ffbfa0dc114399aabc217a9a245a8bcacbfbad6f20e6ff1078c62e29b051f093 33ddfd86495acc7a452fa34e02fe5cce755129aa7ee84f1c2ad67699574b55dc -lib/codeql/swift/generated/stmt/PoundAssertStmt.qll a03dc4a5ef847d74a3cbae6529f7534b35c1345caf15c04694eab71decefd9ab f968f8e8766e19c91852856ea3a84f8fa3fc1b4923c47f2ea42d82118b6f2e0d -lib/codeql/swift/generated/stmt/RepeatWhileStmt.qll adfebcb8a804842866c5f363c39856298de06fd538cca9ffe9c9cd4f59ddc6a7 19d74a05cb01fb586b08d3842a258de82721b1c709d556373e4a75c408e3c891 -lib/codeql/swift/generated/stmt/ReturnStmt.qll 464dc2a4060ffdee4db3d405c344543c4d4e20b969ab536b47f0057b13ff0ce9 8d02dc871965db4947ee895f120ae6fe4c999d8d47e658a970990ea1bf76dd4c +lib/codeql/swift/generated/stmt/FallthroughStmt.qll 1bcf5fe7a3709a9893896668da1ee4209e1ec3bf73f861241dc586cc6d43a334 ffd433d93fbfd3b82c3c46f22bed57da4493b72b4194db9b55c1142f51bdaab2 +lib/codeql/swift/generated/stmt/ForEachStmt.qll 1e08c898b8421577679fcaf6518947c6db270e90ee1cc8b80390b4c0f0d73f13 59e02adf04c9c92d07e220372ba60da4bc031dd39f98252d2693c406434a56c6 +lib/codeql/swift/generated/stmt/GuardStmt.qll 216d6f7ee2fbc32771c77251ea8c13f5bc80d372115285b35cac14a413fee543 ba0c7911a26f5c06f0a0f7004d40e1e7a218ac73a8861188502f048913fe3102 +lib/codeql/swift/generated/stmt/IfStmt.qll 0e4d8aaf6d2c05f34b1c2b048024d1708b64e8fa8e638b89e48a0bee7a143d92 bcc6a0dc5f49e631d7983bb438981a63f48231f8226fd66f2e4818c5462ec494 +lib/codeql/swift/generated/stmt/LabeledConditionalStmt.qll 1c492adc4a997c029b587c06fc312ddd799e2bc589fa617b985fd3a716d7d120 8792991987453ff8f96df92d4e137fdbb8f3ca446cacb63b6f0bb035094e20de +lib/codeql/swift/generated/stmt/LabeledStmt.qll 734f0bb5b40d72c3c949a08af15c01b3ae3a3e315f3196f75da27e03a2635d63 f1fbea28c7eef71135e60e144714b1027d71f07ccfabbb65d6a98aa89523720e +lib/codeql/swift/generated/stmt/PoundAssertStmt.qll 72b60c1425b8b0be7542a4384c57d01d5299df53374bd69687958a7e01f5d6ad ed12106bc03ea1bb87d7c85fd8af7fddbac132258ac1c309e66120948e50fa46 +lib/codeql/swift/generated/stmt/RepeatWhileStmt.qll 0812bbb3290d3ab86f9f4c628beee5e7a2487bf04f2b643191de40a3cf921a7e 8d36e0121fe856c48dd60c89c9cab695eee6deeca0ed1abd116d437363ca59b2 +lib/codeql/swift/generated/stmt/ReturnStmt.qll 998454a234ac299de03567e40c46db9606d141ca67a49ebdaf7a8fa2048c5963 a739f1281771ed038e4db6ea5864a722daee53cf6747bf820a11811dc3a775b2 lib/codeql/swift/generated/stmt/Stmt.qll b2a4f3712e3575321a4bc65d31b9eb8ddcd2d20af9863f3b9240e78e4b32ccff e0fc13b3af867aa53b21f58a5be1b7d1333b3e8543a4d214a346468f783dbf40 -lib/codeql/swift/generated/stmt/StmtCondition.qll 21ff34296584a5a0acf0f466c8aa83690f8f9761efa1208e65bb6ed120af5541 23b12b6db6f7ab7b2a951083a9a06ec702407c2a0c79cc9c479a24213d0753a9 -lib/codeql/swift/generated/stmt/SwitchStmt.qll 1fce725cb70bfc20d373c4798731da0394b726653887d9c1fe27852253b06393 805d8383b3168e218c1d45c93d3f0c40a1d779208dbbbe45423ea1af64a98e1d -lib/codeql/swift/generated/stmt/ThrowStmt.qll 480553a18c58c2fa594ee3c7bc6b69f8aafb1c209e27379b711681652cbe6dd3 23829747c8b8428d7a2eea6017bb01536df01d7346c136bd6b654ebdd04342de -lib/codeql/swift/generated/stmt/WhileStmt.qll 1ac3c3638899386a953905f98f432b7ba5c89e23e28ca55def478ce726127f50 4ac6f0f62082a2a5c1a0119addbb6e4cdebe468a7f972c682c114a70a58c1e80 -lib/codeql/swift/generated/stmt/YieldStmt.qll 8b1e8b7b19f94232eb877e1f8956033f6ca51db30d2542642bf3892a20eb1069 87355acc75a95a08e4f2894609c3093321904f62b9033620700ccd4427a9ca70 +lib/codeql/swift/generated/stmt/StmtCondition.qll bb09bfc45e09406f952e690822435a9fef34468b7c43d768e7da3332a0e68f0e 7db513d3f8122d853876fc9eb6ff29131cc4a8109a63c6e775f1eb393fdb79ec +lib/codeql/swift/generated/stmt/SwitchStmt.qll 0161e9939c72c0b5356b237b342742d3069d3bdeb94324ee428b86d6f2a86161 557c727ee44d5869b4575b6c6016a2992e8495de02e62aca0b4662ee64f89858 +lib/codeql/swift/generated/stmt/ThrowStmt.qll 595094c0acd0edea5296d792eeb4740ccd76e14a8b2b0863bb5156419a33884a be467040909e89efb663b2337a89c42d7cb23a37ae1f010eeef14b83fcb5bc49 +lib/codeql/swift/generated/stmt/WhileStmt.qll f52eabcf852685bee2d8eb8cf742418a2b8c2d77f2e1a15f00619667dd05f31a 74d8b48f0a41340cea5d0a183924df85743cce1ff9490705903800d66ab45ed2 +lib/codeql/swift/generated/stmt/YieldStmt.qll 5c413b0ca17b4ce725f25198f9185cd8f991c0b05dd09c0c4f6a2eb1e8da5b7d e1175d882552eadf368525480945e43ec09f85cb92505fa98bb62b62b275a277 lib/codeql/swift/generated/type/AnyBuiltinIntegerType.qll a263451163e027c4c4223ec288e090b7e0d399cc46eb962013342bfeac5f6b86 d850ec1ee1902945b172ddd0ecd8884e399e963f939c04bc8bfaadacebdf55a9 -lib/codeql/swift/generated/type/AnyFunctionType.qll 0ad10fc75520316769f658cd237f3dbe2bc42cfa5942a71e9341d83dc68d0887 f883269d31b295c853fa06897ef253183049e34274ca0a669dedcd8252a9386e -lib/codeql/swift/generated/type/AnyGenericType.qll ae127c259d9881f240a9b77fb139f16084af53c29aee9abf1af3bcc698bcd611 4cb9e1d9effc7d829e5bc85455c44e4143a4f288454dd58eb25111cd5c1dd95e +lib/codeql/swift/generated/type/AnyFunctionType.qll 2d600cb27bc3c5d0f5c912b526c5b0d25364c35e5bdcfdf7d6ef78b9920197f1 4635de4c1dd484355e78adf4c939730814357e4d42e2cb34ceab1f31ad9926f8 +lib/codeql/swift/generated/type/AnyGenericType.qll 1f1036efc8622f18498315269a9be10a4f317ea95b89f7d0c00f4ddfb6a24db0 6a89e625a12aefde2720adea7bd583e958cde94a8935310e9f4d3c86b1b32bab lib/codeql/swift/generated/type/AnyMetatypeType.qll 6805a6895e748e02502105d844b66fab5111dbb0d727534d305a0396dacc9465 58e0794b8d6dccd9809f5b83bf64b162e69f3f84b5f3161b88aed10f16a8ede8 -lib/codeql/swift/generated/type/ArchetypeType.qll 3c3d88c43a746b54cd09562756768538675ee1bae31c58fca4b8c6af7ccc8656 6dd41b2a89176342a27d3ffa7abc60dc9e53f2a6c132941fb7c79f9aa1b189db +lib/codeql/swift/generated/type/ArchetypeType.qll 7ffb3764ff5a36224eada35c0acb812b479d05ef607fe5aa70f909a0e803b162 b6e252370190590d62b622d36a02485c2113fb142573e4de6b28db73c535f4a0 lib/codeql/swift/generated/type/ArraySliceType.qll 72d0409e2704e89ebca364ae28d55c874152f55dd1deaac6c954617f6566f3c2 72d0409e2704e89ebca364ae28d55c874152f55dd1deaac6c954617f6566f3c2 lib/codeql/swift/generated/type/BoundGenericClassType.qll c82971dcd306a4cbc6bb885ae300556717eb2d068066b7752a36480e5eb14b5f c82971dcd306a4cbc6bb885ae300556717eb2d068066b7752a36480e5eb14b5f lib/codeql/swift/generated/type/BoundGenericEnumType.qll 89fcee52adbe6c9b130eae45cf43b2a2c302e8812f8519ea885e5d41dec3ec56 89fcee52adbe6c9b130eae45cf43b2a2c302e8812f8519ea885e5d41dec3ec56 lib/codeql/swift/generated/type/BoundGenericStructType.qll ff24933889dcc9579fe9a52bd5992b6ecd7b7a7b59c4b1005734e5cd367c8ed6 ff24933889dcc9579fe9a52bd5992b6ecd7b7a7b59c4b1005734e5cd367c8ed6 -lib/codeql/swift/generated/type/BoundGenericType.qll 6c252df4623344c89072fefa82879b05a195b53dd78ea7b95e9eb862b9c9c64c 91b172eea501ef3d0710bbbeee7b8270c20a6667d2cf169e058804b12ff2166d +lib/codeql/swift/generated/type/BoundGenericType.qll 5ae2dc86a61329b4145293d9c4f2f2aa4e8d85c5a07b16d1c6500a8154642666 e0eacd682988e8074e036cd50b2ad92fc974bb01aac9155d9d1da2f97966dee5 lib/codeql/swift/generated/type/BuiltinBridgeObjectType.qll 848291382ac6bd7cf5dd6707418d4881ec9750ca8e345f7eff9e358715c11264 848291382ac6bd7cf5dd6707418d4881ec9750ca8e345f7eff9e358715c11264 lib/codeql/swift/generated/type/BuiltinDefaultActorStorageType.qll 54e981860527a18660c9c76da60b14fa6dd3dae0441490ed7eb47d36f1190d8b 54e981860527a18660c9c76da60b14fa6dd3dae0441490ed7eb47d36f1190d8b lib/codeql/swift/generated/type/BuiltinExecutorType.qll 149642b70b123bcffb0a235ca0fca21a667939fe17cdae62fee09a54dca3e6be 149642b70b123bcffb0a235ca0fca21a667939fe17cdae62fee09a54dca3e6be lib/codeql/swift/generated/type/BuiltinFloatType.qll 7a1c769c34d67f278074f6179596ec8aee0f92fb30a7de64e8165df2f377cd3f 7a1c769c34d67f278074f6179596ec8aee0f92fb30a7de64e8165df2f377cd3f lib/codeql/swift/generated/type/BuiltinIntegerLiteralType.qll 94406446732709afdf28852160017c1ca286ad5b2b7812aa8a1a5c96952a7da1 94406446732709afdf28852160017c1ca286ad5b2b7812aa8a1a5c96952a7da1 -lib/codeql/swift/generated/type/BuiltinIntegerType.qll c466054ad1bd06e225937cf67d947a0ae81a078475f9ab6149d4ffb23531c933 8813c8b99df42a489c6b38f7764daac5ab5a55b1c76167da200409b09a4d6244 +lib/codeql/swift/generated/type/BuiltinIntegerType.qll 43be42f093054063804c275d1e7e469ed52bce5f92419acf0e092093e8e6d2bb 5a87d692e986c190df402da2679842b1a5a35593804a875de6b3b08cadab4cf1 lib/codeql/swift/generated/type/BuiltinJobType.qll 4ba48722281db420aeca34fc9bb638500832d273db80337aaff0a0fa709ec873 4ba48722281db420aeca34fc9bb638500832d273db80337aaff0a0fa709ec873 lib/codeql/swift/generated/type/BuiltinNativeObjectType.qll 7231290a65e31dbee4ec2a89b011ee1e5adb444848f6e8117e56bea0a1e11631 7231290a65e31dbee4ec2a89b011ee1e5adb444848f6e8117e56bea0a1e11631 lib/codeql/swift/generated/type/BuiltinRawPointerType.qll bc3f6c3388c08e05d6f7d086123dc2189480dae240fcb575aef2e0f24241d207 bc3f6c3388c08e05d6f7d086123dc2189480dae240fcb575aef2e0f24241d207 @@ -616,40 +616,40 @@ lib/codeql/swift/generated/type/BuiltinType.qll 0f90f2fd18b67edf20712ff51484afd5 lib/codeql/swift/generated/type/BuiltinUnsafeValueBufferType.qll d569e7c255de5e87bb0eb68ae5e7fea011121e01b2868007485af91da7417cd6 d569e7c255de5e87bb0eb68ae5e7fea011121e01b2868007485af91da7417cd6 lib/codeql/swift/generated/type/BuiltinVectorType.qll f51ce577abec2a1de3ae77a5cd9719aa4a1a6f3f5ec492c7444e410fb1de802a f51ce577abec2a1de3ae77a5cd9719aa4a1a6f3f5ec492c7444e410fb1de802a lib/codeql/swift/generated/type/ClassType.qll b52f0383d3dcbf7cf56d0b143cbb63783cb5fa319bcbfc4754e362d935e0fb53 b52f0383d3dcbf7cf56d0b143cbb63783cb5fa319bcbfc4754e362d935e0fb53 -lib/codeql/swift/generated/type/DependentMemberType.qll d9806aa84e0c9a7f0d96155ffeae586ced8ee1343e139f754ebd97d4476f0911 d0b3395e3263be150a6b6df550c02a2567cfa4a827dcb625d0bf1e7bf01956eb -lib/codeql/swift/generated/type/DictionaryType.qll 8b9aad8e8eca8881c1b1516e354c25bf60f12f63f294e906d236f70de025307c 53b0102e1b8f9f5b2c502faa82982c2105dd0e7194eb9ff76d514bddfa50f1dd -lib/codeql/swift/generated/type/DynamicSelfType.qll 9a2950762ad4d78bfacbf5b166ea9dc562b662cf3fcbfc50198aaacf1ea55047 8fb21715ed4ba88866b010cbba73fc004d6f8baef9ce63c747e4d680f382ca6e +lib/codeql/swift/generated/type/DependentMemberType.qll 8c431d869db76224a7ad9e23a4c1ce472929d12d1efb3bd2dacab5fc067540c1 7df0ee16d1f1ffe0a146b20d58ed62d4275a75e238b5c19f9d3d213552485a99 +lib/codeql/swift/generated/type/DictionaryType.qll 238c55ea5833fe5b13770cd8dc622f530b6c3e464168a3d8c456becb2f6db094 d16f05962d94085a8adbeb6a0b6287009c99bd9b4042b22e4d0488bb0b6c5d3d +lib/codeql/swift/generated/type/DynamicSelfType.qll ced4642aeb0f9f2a18284aa342a9d69b7b430db4ad307d55c6bbc864bbc3a029 db6569add6655e066ccef10a9df6394f91aec04924c907c156664aabe8188f8f lib/codeql/swift/generated/type/EnumType.qll dcf653c7ee2e76882d9f415fbbc208905b8d8ed68cc32e36c0439a9205e65b35 dcf653c7ee2e76882d9f415fbbc208905b8d8ed68cc32e36c0439a9205e65b35 lib/codeql/swift/generated/type/ErrorType.qll cbc17f4d9977268b2ff0f8a517ca898978af869d97310b6c88519ff8d07efff3 cbc17f4d9977268b2ff0f8a517ca898978af869d97310b6c88519ff8d07efff3 lib/codeql/swift/generated/type/ExistentialMetatypeType.qll 3a7fd0829381fe4d3768d4c6b0b1257f8386be6c59a73458f68387f66ea23e05 3a7fd0829381fe4d3768d4c6b0b1257f8386be6c59a73458f68387f66ea23e05 -lib/codeql/swift/generated/type/ExistentialType.qll 974537bfafdd509743ccd5173770c31d29aaa311acb07bb9808c62b7fa63f67a c6fbbfb8dacf78087828d68bc94db5d18db75f6c6183ab4425dfa13fccb6b220 +lib/codeql/swift/generated/type/ExistentialType.qll c8ef7c7a14629a437865d80a38c2286421d801c4b22cd7d5ca8459cf17611035 ac0cfd3de4da401f7077b6e6b5ab40dd8715cbe442078d7a1d071ae21ab992cf lib/codeql/swift/generated/type/FunctionType.qll 36e1de86e127d2fb1b0a3a7abce68422bdf55a3ab207e2df03ea0a861ab5ccb4 36e1de86e127d2fb1b0a3a7abce68422bdf55a3ab207e2df03ea0a861ab5ccb4 -lib/codeql/swift/generated/type/GenericFunctionType.qll 299c06f01579161b1a22104b91947b9e24c399e66fca91415c2125bf02876631 b4a6bd09a4f28edf58681f8e1f71c955089484535e22fa50d9bae71fd52192fb +lib/codeql/swift/generated/type/GenericFunctionType.qll ed1fe0390a798daf1032fc3b8777120b81f899aeac50d8b7cdbbb7a1b604e0a6 ec43604910433f24f6dbd2e00d183c24d75eab1d2e6b280991410a403eea05b7 lib/codeql/swift/generated/type/GenericTypeParamType.qll f515debe8b21f3ea6551e4f8513cda14c3a5ed0cebd4cbfd3b533ff6f0e8b0bf f515debe8b21f3ea6551e4f8513cda14c3a5ed0cebd4cbfd3b533ff6f0e8b0bf -lib/codeql/swift/generated/type/InOutType.qll c69d0f3c3f3d82c6300e052366709760c12f91a6580865ff8718f29057925235 2a9e1d66bec636a727f5ebc60827d90afcdbee69aabe8ae7501f0e089c6dbd5e -lib/codeql/swift/generated/type/LValueType.qll 5159f8cf7004e497db76130d2bfd10228f60864f0e6e9e809fc9a2765eafa978 fc238183b7bf54632fa003e9e91a1c49fb9167170fe60c22358dc3a651acbf98 +lib/codeql/swift/generated/type/InOutType.qll 8573d9daaaea7db4ef5faa82a92556226ef533a0c96dac6edf620ab2d6984007 81804eb58118c43251f0b3e19502e58a92f1ef46960178d47b764688659b36d1 +lib/codeql/swift/generated/type/LValueType.qll 05fa3d818ecaf3451751de5cf8af5b059b161d554bc2e2d05ca1922acfbb6290 e0836743c36c8db9eb3dd513ca41247284ce0bf1cbd9fb0d974e9ca32de8c0c3 lib/codeql/swift/generated/type/MetatypeType.qll cd752f81257820f74c1f5c016e19bdc9b0f8ff8ddcc231daa68061a85c4b38e2 cd752f81257820f74c1f5c016e19bdc9b0f8ff8ddcc231daa68061a85c4b38e2 -lib/codeql/swift/generated/type/ModuleType.qll 0198db803b999e2c42b65783f62a2556029c59d6c7cc52b788865fd7bb736e70 199f8fd9b4f9d48c44f6f8d11cb1be80eb35e9e5e71a0e92a549905092000e98 +lib/codeql/swift/generated/type/ModuleType.qll be1174e3338243da3dd88d6795a6c1ed26634e86a6b11c26d9ce2f1b18f010f5 691a1449e2b0c3a4130e867f003f996b8c089718c69d14cf08d843fb8a2b0dfd lib/codeql/swift/generated/type/NominalOrBoundGenericNominalType.qll 27d87dc4792b7f46fa1b708aadecef742ab2a78b23d4eb28ce392da49766122f 380b827d026202cbfcd825e975ebbdf8f53784a0426ce5454cb1b43cc42dfe16 lib/codeql/swift/generated/type/NominalType.qll f7e85d544eaaa259c727b8b4ba691578861d15612a134d19936a20943270b629 87472017a129921d2af9d380f69c293f4deba788e7660b0fe085a455e76562e8 -lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll 74c840ae210fff84636fbfb75d8fce2c2e0bc5bda1489c57f312d2195fdfeda3 0c9986107dcf497798dc69842a277045dcaacfe8eec0ed1f5fc7244dd213ff56 +lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll 333a669f84d5ac7ff276ecb931badae1291336aff6516cbd15adbe5843128696 4151581915e3b4baae926c1c9e70df28db2f8374383c5c9c550cd6b24ec1cf62 lib/codeql/swift/generated/type/OpenedArchetypeType.qll ed97d3fb8810424643953a0d5ebd93e58d1b2e397ea01ccde0dcd8e68c41adb2 ed97d3fb8810424643953a0d5ebd93e58d1b2e397ea01ccde0dcd8e68c41adb2 lib/codeql/swift/generated/type/OptionalType.qll d99dd5ec5636cc6c3e0e52bf27d0d8bf8dfcff25739cd7e1b845f5d96b1a5ac9 d99dd5ec5636cc6c3e0e52bf27d0d8bf8dfcff25739cd7e1b845f5d96b1a5ac9 -lib/codeql/swift/generated/type/ParameterizedProtocolType.qll cdbbb98eea4d8e9bf0437abcca34884f7ff56eedad74316838bdbfb9c3492b4b 2cf32174c8431c69690f5b34f0c4b4156c3496da49f85886ce91bf368e4fc346 -lib/codeql/swift/generated/type/ParenType.qll 4c8db82abce7b0a1e9a77d2cf799a3e897348fc48f098488bad4ca46890b2646 9ae88f83b4d09a8b59b27f6272533c1aebf04517264804e1cecd42d55e236aa3 +lib/codeql/swift/generated/type/ParameterizedProtocolType.qll a2f76537bc90031afa3a05dfc7604f0ed95df0f30528fbbff958f401329bed02 04db40554b3017dce767bb66baacff0b94207d042074e9a3169a459c54ee949d +lib/codeql/swift/generated/type/ParenType.qll feb5db83beefda6bcc73c9189f55da245fff9865dd57bf2024ed84c53ebdeaf2 0fe92c0e93dc154f8b29c065d72bd4f3b816ecf72b7f2b2967a30ea5b911955a lib/codeql/swift/generated/type/PrimaryArchetypeType.qll 87279ab9a04415fcbcf825af0145b4fc7f118fc8ce57727b840cb18f7d203b59 87279ab9a04415fcbcf825af0145b4fc7f118fc8ce57727b840cb18f7d203b59 -lib/codeql/swift/generated/type/ProtocolCompositionType.qll 36a4f7e74eb917a84d4be18084ba5727c3fbc78368f2022da136cd4cf5a76ecc 779e75d2e2bf8050dcd859f2da870fbc937dfcaa834fc75e1d6dba01d1502fbc +lib/codeql/swift/generated/type/ProtocolCompositionType.qll 3c998689c48168854c242bfa4970eda63077887bfbbdc34445d26a8d034673e6 a23cd63570903fbc08eff90773fd00d6d979dc001038f118bb288c8b08d42d74 lib/codeql/swift/generated/type/ProtocolType.qll 07eb08216ca978c9565a7907ab3a932aa915041b6e7520bc421450b32070dbcf 07eb08216ca978c9565a7907ab3a932aa915041b6e7520bc421450b32070dbcf -lib/codeql/swift/generated/type/ReferenceStorageType.qll f565055bb52939ebb38eae4ec2fb9a70ee3045c1c7c9d604037ecf0557cce481 4d5b884f3947a1c0cb9673dc61b8735c9aeec19c9f0a87aa9b7fbe01f49fc957 +lib/codeql/swift/generated/type/ReferenceStorageType.qll a2b02a158baaf30dce3e0884e18198f462bd3514d682405c436230c693b5b63c 9e76bc2338ce088237ab2dd784094133dc43a8e6c0f48eced9ae4b042e72666f lib/codeql/swift/generated/type/StructType.qll 5681060ec1cb83be082c4d5d521cdfc1c48a4095b56415efc03de7f960d1fa04 5681060ec1cb83be082c4d5d521cdfc1c48a4095b56415efc03de7f960d1fa04 lib/codeql/swift/generated/type/SubstitutableType.qll 9e74ec2d281cd3dedbc5791d66a820a56e0387260f7b2d30a5875dc3f5883389 619f0e4d509bdd9e8cfc061e5627762e9cbae8779bec998564556894a475f9d8 lib/codeql/swift/generated/type/SugarType.qll 4ea82201ae20e769c0c3e6e158bae86493e1b16bbd3ef6495e2a3760baa1fc6b 6c78df86db6f9c70398484819a9b9ecc8ee337b0a4ac2d84e17294951a6fd788 lib/codeql/swift/generated/type/SyntaxSugarType.qll 253e036452e0ba8ae3bb60d6ed22f4efb8436f4ef19f158f1114a6f9a14df42c 743fe4dede40ca173b19d5757d14e0f606fe36f51119445503e8eea7cf6df3b0 -lib/codeql/swift/generated/type/TupleType.qll e94b6173b195cab14c8b48081e0e5f47787a64fe251fd9af0465e726ffa55ffb cd6c354e872012888014d627be93f415c55ddde0691390fe5e46df96ddebf63f -lib/codeql/swift/generated/type/Type.qll 2bd40fd723b2feca4728efe1941ae4b7d830b1021b2de304e6d52c16d744f5a1 c9e44bc375a4dede3f5f1d5bcc8a2f667db0f1919f2549c8c2bb1af5eee899cf -lib/codeql/swift/generated/type/TypeAliasType.qll 081916a36657d4e7df02d6c034715e674cdc980e7067d5317785f7f5bd1b6acb 47b1b7502f8e0792bbe31f03b9df0302cc3d7332b84e104d83304e09f425a06b -lib/codeql/swift/generated/type/TypeRepr.qll 10febbf304b45c9c15f158ccc7f52aa4f4da0f7ca8856c082ef19823d9a1d114 89dcafe7b9939cf6915215ef2906becf5658a3fd2c7b20968b3fc72c3f5155ec -lib/codeql/swift/generated/type/UnarySyntaxSugarType.qll ffdaa0851a0db7c69cf6b8f4437fe848a73d8a1f20e1be52917c682bd6200634 ca5a9912c9f99a9aa9c7685242de1692aad21182f8105cbdce3ba3e7f1118b40 +lib/codeql/swift/generated/type/TupleType.qll 2fe4b458d59ff834342d07f05340ca549b5da1a167979efbc38a16027efec1de a138e943a431cebf259391dbe5ea196c1f9fcc9ace8f498ad84adfc442526890 +lib/codeql/swift/generated/type/Type.qll 5f87d805a35cffdd48e5b5357d52aeb664962f6e011ee1c22c598cfa8073a6b4 2f33629856f0a8771ed8400031041fbc12d47db26d43e9929720069671b0d024 +lib/codeql/swift/generated/type/TypeAliasType.qll 30053601cbbd7dff041770b947af9c45309d081ff9afc1dec8e0eeb099e190c0 a15258e88ec9ab06b58626f53cfa0ce2a75207b8c27c830f08a738c56e5b7d71 +lib/codeql/swift/generated/type/TypeRepr.qll 517eee0844c01aea497a0c9933cbd8930a915456cd7084b9e09aefd5a109942a 60b98da8fd689ce38aed88b88d98a536cc662b09420f130fa93d1b76cb4717ea +lib/codeql/swift/generated/type/UnarySyntaxSugarType.qll a31bf4cd364a3015ab21d47447a6f111633284e64eeaa6d6a51c38e15cc569ae 0bfcfb6397c608c908c6df34bfd32f678f95dbe16bc9dab266bbac924dbde9e1 lib/codeql/swift/generated/type/UnboundGenericType.qll 43549cbdaaa05c3c6e3d6757aca7c549b67f3c1f7d7f0a987121de0c80567a78 43549cbdaaa05c3c6e3d6757aca7c549b67f3c1f7d7f0a987121de0c80567a78 lib/codeql/swift/generated/type/UnmanagedStorageType.qll 198727a7c9557a0a92c6d833768086f0a0a18c546b4bfd486d7ff7ad5677a6aa 198727a7c9557a0a92c6d833768086f0a0a18c546b4bfd486d7ff7ad5677a6aa lib/codeql/swift/generated/type/UnownedStorageType.qll 062fd6e902ecbde78a7b8a6d80029731ffb7b4ca741fdc1573c19dd373b6df8e 062fd6e902ecbde78a7b8a6d80029731ffb7b4ca741fdc1573c19dd373b6df8e diff --git a/swift/ql/lib/codeql/swift/generated/AvailabilityInfo.qll b/swift/ql/lib/codeql/swift/generated/AvailabilityInfo.qll index 495d35542aa..81272633cf3 100644 --- a/swift/ql/lib/codeql/swift/generated/AvailabilityInfo.qll +++ b/swift/ql/lib/codeql/swift/generated/AvailabilityInfo.qll @@ -46,16 +46,16 @@ module Generated { /** * Gets the `index`th spec of this availability info (0-based). */ - final AvailabilitySpec getSpec(int index) { result = getImmediateSpec(index).resolve() } + final AvailabilitySpec getSpec(int index) { result = this.getImmediateSpec(index).resolve() } /** * Gets any of the specs of this availability info. */ - final AvailabilitySpec getASpec() { result = getSpec(_) } + final AvailabilitySpec getASpec() { result = this.getSpec(_) } /** * Gets the number of specs of this availability info. */ - final int getNumberOfSpecs() { result = count(int i | exists(getSpec(i))) } + final int getNumberOfSpecs() { result = count(int i | exists(this.getSpec(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/Callable.qll b/swift/ql/lib/codeql/swift/generated/Callable.qll index 27560d95cd8..a4630527102 100644 --- a/swift/ql/lib/codeql/swift/generated/Callable.qll +++ b/swift/ql/lib/codeql/swift/generated/Callable.qll @@ -16,7 +16,7 @@ module Generated { /** * Holds if `getName()` exists. */ - final predicate hasName() { exists(getName()) } + final predicate hasName() { exists(this.getName()) } /** * Gets the self parameter of this callable, if it exists. @@ -34,12 +34,12 @@ module Generated { /** * Gets the self parameter of this callable, if it exists. */ - final ParamDecl getSelfParam() { result = getImmediateSelfParam().resolve() } + final ParamDecl getSelfParam() { result = this.getImmediateSelfParam().resolve() } /** * Holds if `getSelfParam()` exists. */ - final predicate hasSelfParam() { exists(getSelfParam()) } + final predicate hasSelfParam() { exists(this.getSelfParam()) } /** * Gets the `index`th parameter of this callable (0-based). @@ -57,17 +57,17 @@ module Generated { /** * Gets the `index`th parameter of this callable (0-based). */ - final ParamDecl getParam(int index) { result = getImmediateParam(index).resolve() } + final ParamDecl getParam(int index) { result = this.getImmediateParam(index).resolve() } /** * Gets any of the parameters of this callable. */ - final ParamDecl getAParam() { result = getParam(_) } + final ParamDecl getAParam() { result = this.getParam(_) } /** * Gets the number of parameters of this callable. */ - final int getNumberOfParams() { result = count(int i | exists(getParam(i))) } + final int getNumberOfParams() { result = count(int i | exists(this.getParam(i))) } /** * Gets the body of this callable, if it exists. @@ -85,12 +85,12 @@ module Generated { * * The body is absent within protocol declarations. */ - final BraceStmt getBody() { result = getImmediateBody().resolve() } + final BraceStmt getBody() { result = this.getImmediateBody().resolve() } /** * Holds if `getBody()` exists. */ - final predicate hasBody() { exists(getBody()) } + final predicate hasBody() { exists(this.getBody()) } /** * Gets the `index`th capture of this callable (0-based). @@ -108,16 +108,16 @@ module Generated { /** * Gets the `index`th capture of this callable (0-based). */ - final CapturedDecl getCapture(int index) { result = getImmediateCapture(index).resolve() } + final CapturedDecl getCapture(int index) { result = this.getImmediateCapture(index).resolve() } /** * Gets any of the captures of this callable. */ - final CapturedDecl getACapture() { result = getCapture(_) } + final CapturedDecl getACapture() { result = this.getCapture(_) } /** * Gets the number of captures of this callable. */ - final int getNumberOfCaptures() { result = count(int i | exists(getCapture(i))) } + final int getNumberOfCaptures() { result = count(int i | exists(this.getCapture(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/Element.qll b/swift/ql/lib/codeql/swift/generated/Element.qll index 2afd3de966b..0fa588e0667 100644 --- a/swift/ql/lib/codeql/swift/generated/Element.qll +++ b/swift/ql/lib/codeql/swift/generated/Element.qll @@ -36,9 +36,9 @@ module Generated { * transitively. */ final Element resolve() { - not exists(getResolveStep()) and result = this + not exists(this.getResolveStep()) and result = this or - result = getResolveStep().resolve() + result = this.getResolveStep().resolve() } /** diff --git a/swift/ql/lib/codeql/swift/generated/KeyPathComponent.qll b/swift/ql/lib/codeql/swift/generated/KeyPathComponent.qll index 5488f0d799e..2f900dd5b0d 100644 --- a/swift/ql/lib/codeql/swift/generated/KeyPathComponent.qll +++ b/swift/ql/lib/codeql/swift/generated/KeyPathComponent.qll @@ -47,19 +47,19 @@ module Generated { * Gets the `index`th argument to an array or dictionary subscript expression (0-based). */ final Argument getSubscriptArgument(int index) { - result = getImmediateSubscriptArgument(index).resolve() + result = this.getImmediateSubscriptArgument(index).resolve() } /** * Gets any of the arguments to an array or dictionary subscript expression. */ - final Argument getASubscriptArgument() { result = getSubscriptArgument(_) } + final Argument getASubscriptArgument() { result = this.getSubscriptArgument(_) } /** * Gets the number of arguments to an array or dictionary subscript expression. */ final int getNumberOfSubscriptArguments() { - result = count(int i | exists(getSubscriptArgument(i))) + result = count(int i | exists(this.getSubscriptArgument(i))) } /** @@ -72,7 +72,7 @@ module Generated { /** * Holds if `getTupleIndex()` exists. */ - final predicate hasTupleIndex() { exists(getTupleIndex()) } + final predicate hasTupleIndex() { exists(this.getTupleIndex()) } /** * Gets the property or subscript operator, if it exists. @@ -90,12 +90,12 @@ module Generated { /** * Gets the property or subscript operator, if it exists. */ - final ValueDecl getDeclRef() { result = getImmediateDeclRef().resolve() } + final ValueDecl getDeclRef() { result = this.getImmediateDeclRef().resolve() } /** * Holds if `getDeclRef()` exists. */ - final predicate hasDeclRef() { exists(getDeclRef()) } + final predicate hasDeclRef() { exists(this.getDeclRef()) } /** * Gets the return type of this component application. @@ -117,6 +117,6 @@ module Generated { * path; an optional-wrapping component is inserted if required to produce an optional type * as the final output. */ - final Type getComponentType() { result = getImmediateComponentType().resolve() } + final Type getComponentType() { result = this.getImmediateComponentType().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/Locatable.qll b/swift/ql/lib/codeql/swift/generated/Locatable.qll index c72aaead04f..71844b62f32 100644 --- a/swift/ql/lib/codeql/swift/generated/Locatable.qll +++ b/swift/ql/lib/codeql/swift/generated/Locatable.qll @@ -22,11 +22,11 @@ module Generated { /** * Gets the location associated with this element in the code, if it exists. */ - final Location getLocation() { result = getImmediateLocation().resolve() } + final Location getLocation() { result = this.getImmediateLocation().resolve() } /** * Holds if `getLocation()` exists. */ - final predicate hasLocation() { exists(getLocation()) } + final predicate hasLocation() { exists(this.getLocation()) } } } diff --git a/swift/ql/lib/codeql/swift/generated/Location.qll b/swift/ql/lib/codeql/swift/generated/Location.qll index 46b066e991d..795342f0dbd 100644 --- a/swift/ql/lib/codeql/swift/generated/Location.qll +++ b/swift/ql/lib/codeql/swift/generated/Location.qll @@ -20,7 +20,7 @@ module Generated { /** * Gets the file of this location. */ - final File getFile() { result = getImmediateFile().resolve() } + final File getFile() { result = this.getImmediateFile().resolve() } /** * Gets the start line of this location. diff --git a/swift/ql/lib/codeql/swift/generated/UnspecifiedElement.qll b/swift/ql/lib/codeql/swift/generated/UnspecifiedElement.qll index c37d4d35515..5a073db5f6f 100644 --- a/swift/ql/lib/codeql/swift/generated/UnspecifiedElement.qll +++ b/swift/ql/lib/codeql/swift/generated/UnspecifiedElement.qll @@ -24,12 +24,12 @@ module Generated { /** * Gets the parent of this unspecified element, if it exists. */ - final Element getParent() { result = getImmediateParent().resolve() } + final Element getParent() { result = this.getImmediateParent().resolve() } /** * Holds if `getParent()` exists. */ - final predicate hasParent() { exists(getParent()) } + final predicate hasParent() { exists(this.getParent()) } /** * Gets the property of this unspecified element. @@ -48,7 +48,7 @@ module Generated { /** * Holds if `getIndex()` exists. */ - final predicate hasIndex() { exists(getIndex()) } + final predicate hasIndex() { exists(this.getIndex()) } /** * Gets the error of this unspecified element. diff --git a/swift/ql/lib/codeql/swift/generated/decl/AbstractStorageDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/AbstractStorageDecl.qll index d18b03c2365..6414b9c0e13 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/AbstractStorageDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/AbstractStorageDecl.qll @@ -22,16 +22,16 @@ module Generated { /** * Gets the `index`th accessor of this abstract storage declaration (0-based). */ - final Accessor getAccessor(int index) { result = getImmediateAccessor(index).resolve() } + final Accessor getAccessor(int index) { result = this.getImmediateAccessor(index).resolve() } /** * Gets any of the accessors of this abstract storage declaration. */ - final Accessor getAnAccessor() { result = getAccessor(_) } + final Accessor getAnAccessor() { result = this.getAccessor(_) } /** * Gets the number of accessors of this abstract storage declaration. */ - final int getNumberOfAccessors() { result = count(int i | exists(getAccessor(i))) } + final int getNumberOfAccessors() { result = count(int i | exists(this.getAccessor(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/CapturedDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/CapturedDecl.qll index 163dda4475e..30c61e82e95 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/CapturedDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/CapturedDecl.qll @@ -24,7 +24,7 @@ module Generated { /** * Gets the the declaration captured by the parent closure. */ - final ValueDecl getDecl() { result = getImmediateDecl().resolve() } + final ValueDecl getDecl() { result = this.getImmediateDecl().resolve() } /** * Holds if this captured declaration is direct. diff --git a/swift/ql/lib/codeql/swift/generated/decl/Decl.qll b/swift/ql/lib/codeql/swift/generated/decl/Decl.qll index fff2553be3c..673de2cffee 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/Decl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/Decl.qll @@ -20,7 +20,7 @@ module Generated { /** * Gets the module of this declaration. */ - final ModuleDecl getModule() { result = getImmediateModule().resolve() } + final ModuleDecl getModule() { result = this.getImmediateModule().resolve() } /** * Gets the `index`th member of this declaration (0-based). @@ -35,16 +35,16 @@ module Generated { /** * Gets the `index`th member of this declaration (0-based). */ - final Decl getMember(int index) { result = getImmediateMember(index).resolve() } + final Decl getMember(int index) { result = this.getImmediateMember(index).resolve() } /** * Gets any of the members of this declaration. */ - final Decl getAMember() { result = getMember(_) } + final Decl getAMember() { result = this.getMember(_) } /** * Gets the number of members of this declaration. */ - final int getNumberOfMembers() { result = count(int i | exists(getMember(i))) } + final int getNumberOfMembers() { result = count(int i | exists(this.getMember(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/EnumCaseDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/EnumCaseDecl.qll index c7e37aa2d46..8c9a925d66b 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/EnumCaseDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/EnumCaseDecl.qll @@ -24,16 +24,18 @@ module Generated { /** * Gets the `index`th element of this enum case declaration (0-based). */ - final EnumElementDecl getElement(int index) { result = getImmediateElement(index).resolve() } + final EnumElementDecl getElement(int index) { + result = this.getImmediateElement(index).resolve() + } /** * Gets any of the elements of this enum case declaration. */ - final EnumElementDecl getAnElement() { result = getElement(_) } + final EnumElementDecl getAnElement() { result = this.getElement(_) } /** * Gets the number of elements of this enum case declaration. */ - final int getNumberOfElements() { result = count(int i | exists(getElement(i))) } + final int getNumberOfElements() { result = count(int i | exists(this.getElement(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/EnumElementDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/EnumElementDecl.qll index 9de09b1d663..0ce7784ab4f 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/EnumElementDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/EnumElementDecl.qll @@ -31,16 +31,16 @@ module Generated { /** * Gets the `index`th parameter of this enum element declaration (0-based). */ - final ParamDecl getParam(int index) { result = getImmediateParam(index).resolve() } + final ParamDecl getParam(int index) { result = this.getImmediateParam(index).resolve() } /** * Gets any of the parameters of this enum element declaration. */ - final ParamDecl getAParam() { result = getParam(_) } + final ParamDecl getAParam() { result = this.getParam(_) } /** * Gets the number of parameters of this enum element declaration. */ - final int getNumberOfParams() { result = count(int i | exists(getParam(i))) } + final int getNumberOfParams() { result = count(int i | exists(this.getParam(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/ExtensionDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ExtensionDecl.qll index 17195350e00..3a22aa27440 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ExtensionDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ExtensionDecl.qll @@ -27,7 +27,7 @@ module Generated { * Gets the extended type declaration of this extension declaration. */ final NominalTypeDecl getExtendedTypeDecl() { - result = getImmediateExtendedTypeDecl().resolve() + result = this.getImmediateExtendedTypeDecl().resolve() } /** @@ -46,16 +46,18 @@ module Generated { /** * Gets the `index`th protocol of this extension declaration (0-based). */ - final ProtocolDecl getProtocol(int index) { result = getImmediateProtocol(index).resolve() } + final ProtocolDecl getProtocol(int index) { + result = this.getImmediateProtocol(index).resolve() + } /** * Gets any of the protocols of this extension declaration. */ - final ProtocolDecl getAProtocol() { result = getProtocol(_) } + final ProtocolDecl getAProtocol() { result = this.getProtocol(_) } /** * Gets the number of protocols of this extension declaration. */ - final int getNumberOfProtocols() { result = count(int i | exists(getProtocol(i))) } + final int getNumberOfProtocols() { result = count(int i | exists(this.getProtocol(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/GenericContext.qll b/swift/ql/lib/codeql/swift/generated/decl/GenericContext.qll index 095870c1657..bf5b32e554e 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/GenericContext.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/GenericContext.qll @@ -23,19 +23,19 @@ module Generated { * Gets the `index`th generic type parameter of this generic context (0-based). */ final GenericTypeParamDecl getGenericTypeParam(int index) { - result = getImmediateGenericTypeParam(index).resolve() + result = this.getImmediateGenericTypeParam(index).resolve() } /** * Gets any of the generic type parameters of this generic context. */ - final GenericTypeParamDecl getAGenericTypeParam() { result = getGenericTypeParam(_) } + final GenericTypeParamDecl getAGenericTypeParam() { result = this.getGenericTypeParam(_) } /** * Gets the number of generic type parameters of this generic context. */ final int getNumberOfGenericTypeParams() { - result = count(int i | exists(getGenericTypeParam(i))) + result = count(int i | exists(this.getGenericTypeParam(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll index ab48661cb37..a81b9a82b21 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll @@ -25,17 +25,19 @@ module Generated { * Gets the `index`th active element of this if config declaration (0-based). */ final AstNode getActiveElement(int index) { - result = getImmediateActiveElement(index).resolve() + result = this.getImmediateActiveElement(index).resolve() } /** * Gets any of the active elements of this if config declaration. */ - final AstNode getAnActiveElement() { result = getActiveElement(_) } + final AstNode getAnActiveElement() { result = this.getActiveElement(_) } /** * Gets the number of active elements of this if config declaration. */ - final int getNumberOfActiveElements() { result = count(int i | exists(getActiveElement(i))) } + final int getNumberOfActiveElements() { + result = count(int i | exists(this.getActiveElement(i))) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/ImportDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ImportDecl.qll index 2c3952de14a..8e5e0354797 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ImportDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ImportDecl.qll @@ -30,12 +30,12 @@ module Generated { /** * Gets the imported module of this import declaration, if it exists. */ - final ModuleDecl getImportedModule() { result = getImmediateImportedModule().resolve() } + final ModuleDecl getImportedModule() { result = this.getImmediateImportedModule().resolve() } /** * Holds if `getImportedModule()` exists. */ - final predicate hasImportedModule() { exists(getImportedModule()) } + final predicate hasImportedModule() { exists(this.getImportedModule()) } /** * Gets the `index`th declaration of this import declaration (0-based). @@ -53,16 +53,18 @@ module Generated { /** * Gets the `index`th declaration of this import declaration (0-based). */ - final ValueDecl getDeclaration(int index) { result = getImmediateDeclaration(index).resolve() } + final ValueDecl getDeclaration(int index) { + result = this.getImmediateDeclaration(index).resolve() + } /** * Gets any of the declarations of this import declaration. */ - final ValueDecl getADeclaration() { result = getDeclaration(_) } + final ValueDecl getADeclaration() { result = this.getDeclaration(_) } /** * Gets the number of declarations of this import declaration. */ - final int getNumberOfDeclarations() { result = count(int i | exists(getDeclaration(i))) } + final int getNumberOfDeclarations() { result = count(int i | exists(this.getDeclaration(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/InfixOperatorDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/InfixOperatorDecl.qll index 36ca7665185..643ab3e3002 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/InfixOperatorDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/InfixOperatorDecl.qll @@ -25,12 +25,12 @@ module Generated { * Gets the precedence group of this infix operator declaration, if it exists. */ final PrecedenceGroupDecl getPrecedenceGroup() { - result = getImmediatePrecedenceGroup().resolve() + result = this.getImmediatePrecedenceGroup().resolve() } /** * Holds if `getPrecedenceGroup()` exists. */ - final predicate hasPrecedenceGroup() { exists(getPrecedenceGroup()) } + final predicate hasPrecedenceGroup() { exists(this.getPrecedenceGroup()) } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/ModuleDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ModuleDecl.qll index 7f11f4a1cbd..d01a14cb3e1 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ModuleDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ModuleDecl.qll @@ -39,12 +39,14 @@ module Generated { * Gets the `index`th imported module of this module declaration (0-based). *Gets any of the imported modules of this module declaration. */ - final ModuleDecl getAnImportedModule() { result = getAnImmediateImportedModule().resolve() } + final ModuleDecl getAnImportedModule() { + result = this.getAnImmediateImportedModule().resolve() + } /** * Gets the number of imported modules of this module declaration. */ - final int getNumberOfImportedModules() { result = count(getAnImportedModule()) } + final int getNumberOfImportedModules() { result = count(this.getAnImportedModule()) } /** * Gets the `index`th exported module of this module declaration (0-based). @@ -64,11 +66,13 @@ module Generated { * Gets the `index`th exported module of this module declaration (0-based). *Gets any of the exported modules of this module declaration. */ - final ModuleDecl getAnExportedModule() { result = getAnImmediateExportedModule().resolve() } + final ModuleDecl getAnExportedModule() { + result = this.getAnImmediateExportedModule().resolve() + } /** * Gets the number of exported modules of this module declaration. */ - final int getNumberOfExportedModules() { result = count(getAnExportedModule()) } + final int getNumberOfExportedModules() { result = count(this.getAnExportedModule()) } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/NominalTypeDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/NominalTypeDecl.qll index 39b7b22f2dd..56a21146f8c 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/NominalTypeDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/NominalTypeDecl.qll @@ -22,6 +22,6 @@ module Generated { /** * Gets the type of this nominal type declaration. */ - final Type getType() { result = getImmediateType().resolve() } + final Type getType() { result = this.getImmediateType().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll index 78cc23c82cb..cccc2625b4c 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll @@ -36,7 +36,9 @@ module Generated { /** * Gets the naming declaration of this opaque type declaration. */ - final ValueDecl getNamingDeclaration() { result = getImmediateNamingDeclaration().resolve() } + final ValueDecl getNamingDeclaration() { + result = this.getImmediateNamingDeclaration().resolve() + } /** * Gets the `index`th opaque generic parameter of this opaque type declaration (0-based). @@ -55,19 +57,19 @@ module Generated { * Gets the `index`th opaque generic parameter of this opaque type declaration (0-based). */ final GenericTypeParamType getOpaqueGenericParam(int index) { - result = getImmediateOpaqueGenericParam(index).resolve() + result = this.getImmediateOpaqueGenericParam(index).resolve() } /** * Gets any of the opaque generic parameters of this opaque type declaration. */ - final GenericTypeParamType getAnOpaqueGenericParam() { result = getOpaqueGenericParam(_) } + final GenericTypeParamType getAnOpaqueGenericParam() { result = this.getOpaqueGenericParam(_) } /** * Gets the number of opaque generic parameters of this opaque type declaration. */ final int getNumberOfOpaqueGenericParams() { - result = count(int i | exists(getOpaqueGenericParam(i))) + result = count(int i | exists(this.getOpaqueGenericParam(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/ParamDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ParamDecl.qll index daa8b3e94dc..1844337b349 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ParamDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ParamDecl.qll @@ -33,14 +33,14 @@ module Generated { * variable for this variable, if any. */ final PatternBindingDecl getPropertyWrapperLocalWrappedVarBinding() { - result = getImmediatePropertyWrapperLocalWrappedVarBinding().resolve() + result = this.getImmediatePropertyWrapperLocalWrappedVarBinding().resolve() } /** * Holds if `getPropertyWrapperLocalWrappedVarBinding()` exists. */ final predicate hasPropertyWrapperLocalWrappedVarBinding() { - exists(getPropertyWrapperLocalWrappedVarBinding()) + exists(this.getPropertyWrapperLocalWrappedVarBinding()) } /** @@ -63,14 +63,14 @@ module Generated { * has a property wrapper. */ final VarDecl getPropertyWrapperLocalWrappedVar() { - result = getImmediatePropertyWrapperLocalWrappedVar().resolve() + result = this.getImmediatePropertyWrapperLocalWrappedVar().resolve() } /** * Holds if `getPropertyWrapperLocalWrappedVar()` exists. */ final predicate hasPropertyWrapperLocalWrappedVar() { - exists(getPropertyWrapperLocalWrappedVar()) + exists(this.getPropertyWrapperLocalWrappedVar()) } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/PatternBindingDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/PatternBindingDecl.qll index 301efcd3df3..61d9ba4ff24 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/PatternBindingDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/PatternBindingDecl.qll @@ -25,17 +25,17 @@ module Generated { /** * Gets the `index`th init of this pattern binding declaration (0-based), if it exists. */ - final Expr getInit(int index) { result = getImmediateInit(index).resolve() } + final Expr getInit(int index) { result = this.getImmediateInit(index).resolve() } /** * Holds if `getInit(index)` exists. */ - final predicate hasInit(int index) { exists(getInit(index)) } + final predicate hasInit(int index) { exists(this.getInit(index)) } /** * Gets any of the inits of this pattern binding declaration. */ - final Expr getAnInit() { result = getInit(_) } + final Expr getAnInit() { result = this.getInit(_) } /** * Gets the `index`th pattern of this pattern binding declaration (0-based). @@ -53,16 +53,16 @@ module Generated { /** * Gets the `index`th pattern of this pattern binding declaration (0-based). */ - final Pattern getPattern(int index) { result = getImmediatePattern(index).resolve() } + final Pattern getPattern(int index) { result = this.getImmediatePattern(index).resolve() } /** * Gets any of the patterns of this pattern binding declaration. */ - final Pattern getAPattern() { result = getPattern(_) } + final Pattern getAPattern() { result = this.getPattern(_) } /** * Gets the number of patterns of this pattern binding declaration. */ - final int getNumberOfPatterns() { result = count(int i | exists(getPattern(i))) } + final int getNumberOfPatterns() { result = count(int i | exists(this.getPattern(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/PoundDiagnosticDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/PoundDiagnosticDecl.qll index 5ee7d1fe2d4..2fe8a6ad421 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/PoundDiagnosticDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/PoundDiagnosticDecl.qll @@ -36,6 +36,6 @@ module Generated { /** * Gets the message of this pound diagnostic declaration. */ - final StringLiteralExpr getMessage() { result = getImmediateMessage().resolve() } + final StringLiteralExpr getMessage() { result = this.getImmediateMessage().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/SubscriptDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/SubscriptDecl.qll index ddf8508db30..090693928be 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/SubscriptDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/SubscriptDecl.qll @@ -26,17 +26,17 @@ module Generated { /** * Gets the `index`th parameter of this subscript declaration (0-based). */ - final ParamDecl getParam(int index) { result = getImmediateParam(index).resolve() } + final ParamDecl getParam(int index) { result = this.getImmediateParam(index).resolve() } /** * Gets any of the parameters of this subscript declaration. */ - final ParamDecl getAParam() { result = getParam(_) } + final ParamDecl getAParam() { result = this.getParam(_) } /** * Gets the number of parameters of this subscript declaration. */ - final int getNumberOfParams() { result = count(int i | exists(getParam(i))) } + final int getNumberOfParams() { result = count(int i | exists(this.getParam(i))) } /** * Gets the element type of this subscript declaration. @@ -54,6 +54,6 @@ module Generated { /** * Gets the element type of this subscript declaration. */ - final Type getElementType() { result = getImmediateElementType().resolve() } + final Type getElementType() { result = this.getImmediateElementType().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/TopLevelCodeDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/TopLevelCodeDecl.qll index 3b9205a81a0..055c9c76f31 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/TopLevelCodeDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/TopLevelCodeDecl.qll @@ -24,6 +24,6 @@ module Generated { /** * Gets the body of this top level code declaration. */ - final BraceStmt getBody() { result = getImmediateBody().resolve() } + final BraceStmt getBody() { result = this.getImmediateBody().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/TypeAliasDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/TypeAliasDecl.qll index d7bd1e8538d..6f5bd013803 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/TypeAliasDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/TypeAliasDecl.qll @@ -35,6 +35,6 @@ module Generated { * typealias MyInt = Int * ``` */ - final Type getAliasedType() { result = getImmediateAliasedType().resolve() } + final Type getAliasedType() { result = this.getImmediateAliasedType().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/TypeDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/TypeDecl.qll index 85d19e61b07..3a16effd78f 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/TypeDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/TypeDecl.qll @@ -27,16 +27,16 @@ module Generated { /** * Gets the `index`th base type of this type declaration (0-based). */ - final Type getBaseType(int index) { result = getImmediateBaseType(index).resolve() } + final Type getBaseType(int index) { result = this.getImmediateBaseType(index).resolve() } /** * Gets any of the base types of this type declaration. */ - final Type getABaseType() { result = getBaseType(_) } + final Type getABaseType() { result = this.getBaseType(_) } /** * Gets the number of base types of this type declaration. */ - final int getNumberOfBaseTypes() { result = count(int i | exists(getBaseType(i))) } + final int getNumberOfBaseTypes() { result = count(int i | exists(this.getBaseType(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/ValueDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ValueDecl.qll index 260d74ebf7b..8d1678a7a72 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ValueDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ValueDecl.qll @@ -22,6 +22,6 @@ module Generated { /** * Gets the interface type of this value declaration. */ - final Type getInterfaceType() { result = getImmediateInterfaceType().resolve() } + final Type getInterfaceType() { result = this.getImmediateInterfaceType().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/VarDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/VarDecl.qll index ecd95c5e8fa..f0d6cc143c7 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/VarDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/VarDecl.qll @@ -45,7 +45,7 @@ module Generated { /** * Gets the type of this variable declaration. */ - final Type getType() { result = getImmediateType().resolve() } + final Type getType() { result = this.getImmediateType().resolve() } /** * Gets the attached property wrapper type of this variable declaration, if it exists. @@ -64,13 +64,15 @@ module Generated { * Gets the attached property wrapper type of this variable declaration, if it exists. */ final Type getAttachedPropertyWrapperType() { - result = getImmediateAttachedPropertyWrapperType().resolve() + result = this.getImmediateAttachedPropertyWrapperType().resolve() } /** * Holds if `getAttachedPropertyWrapperType()` exists. */ - final predicate hasAttachedPropertyWrapperType() { exists(getAttachedPropertyWrapperType()) } + final predicate hasAttachedPropertyWrapperType() { + exists(this.getAttachedPropertyWrapperType()) + } /** * Gets the parent pattern of this variable declaration, if it exists. @@ -88,12 +90,12 @@ module Generated { /** * Gets the parent pattern of this variable declaration, if it exists. */ - final Pattern getParentPattern() { result = getImmediateParentPattern().resolve() } + final Pattern getParentPattern() { result = this.getImmediateParentPattern().resolve() } /** * Holds if `getParentPattern()` exists. */ - final predicate hasParentPattern() { exists(getParentPattern()) } + final predicate hasParentPattern() { exists(this.getParentPattern()) } /** * Gets the parent initializer of this variable declaration, if it exists. @@ -111,12 +113,12 @@ module Generated { /** * Gets the parent initializer of this variable declaration, if it exists. */ - final Expr getParentInitializer() { result = getImmediateParentInitializer().resolve() } + final Expr getParentInitializer() { result = this.getImmediateParentInitializer().resolve() } /** * Holds if `getParentInitializer()` exists. */ - final predicate hasParentInitializer() { exists(getParentInitializer()) } + final predicate hasParentInitializer() { exists(this.getParentInitializer()) } /** * Gets the property wrapper backing variable binding of this variable declaration, if it exists. @@ -138,14 +140,14 @@ module Generated { * variable, if any. See `getPropertyWrapperBackingVar`. */ final PatternBindingDecl getPropertyWrapperBackingVarBinding() { - result = getImmediatePropertyWrapperBackingVarBinding().resolve() + result = this.getImmediatePropertyWrapperBackingVarBinding().resolve() } /** * Holds if `getPropertyWrapperBackingVarBinding()` exists. */ final predicate hasPropertyWrapperBackingVarBinding() { - exists(getPropertyWrapperBackingVarBinding()) + exists(this.getPropertyWrapperBackingVarBinding()) } /** @@ -181,13 +183,13 @@ module Generated { * This predicate returns such variable declaration. */ final VarDecl getPropertyWrapperBackingVar() { - result = getImmediatePropertyWrapperBackingVar().resolve() + result = this.getImmediatePropertyWrapperBackingVar().resolve() } /** * Holds if `getPropertyWrapperBackingVar()` exists. */ - final predicate hasPropertyWrapperBackingVar() { exists(getPropertyWrapperBackingVar()) } + final predicate hasPropertyWrapperBackingVar() { exists(this.getPropertyWrapperBackingVar()) } /** * Gets the property wrapper projection variable binding of this variable declaration, if it exists. @@ -209,14 +211,14 @@ module Generated { * variable, if any. See `getPropertyWrapperProjectionVar`. */ final PatternBindingDecl getPropertyWrapperProjectionVarBinding() { - result = getImmediatePropertyWrapperProjectionVarBinding().resolve() + result = this.getImmediatePropertyWrapperProjectionVarBinding().resolve() } /** * Holds if `getPropertyWrapperProjectionVarBinding()` exists. */ final predicate hasPropertyWrapperProjectionVarBinding() { - exists(getPropertyWrapperProjectionVarBinding()) + exists(this.getPropertyWrapperProjectionVarBinding()) } /** @@ -258,12 +260,14 @@ module Generated { * This predicate returns such variable declaration. */ final VarDecl getPropertyWrapperProjectionVar() { - result = getImmediatePropertyWrapperProjectionVar().resolve() + result = this.getImmediatePropertyWrapperProjectionVar().resolve() } /** * Holds if `getPropertyWrapperProjectionVar()` exists. */ - final predicate hasPropertyWrapperProjectionVar() { exists(getPropertyWrapperProjectionVar()) } + final predicate hasPropertyWrapperProjectionVar() { + exists(this.getPropertyWrapperProjectionVar()) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/AnyTryExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/AnyTryExpr.qll index 20153ef8dbc..663ee79c515 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/AnyTryExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/AnyTryExpr.qll @@ -19,6 +19,6 @@ module Generated { /** * Gets the sub expression of this any try expression. */ - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/AppliedPropertyWrapperExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/AppliedPropertyWrapperExpr.qll index e0510e7d9f4..e57788e5f52 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/AppliedPropertyWrapperExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/AppliedPropertyWrapperExpr.qll @@ -41,7 +41,7 @@ module Generated { * * The value on which the wrapper is applied. */ - final Expr getValue() { result = getImmediateValue().resolve() } + final Expr getValue() { result = this.getImmediateValue().resolve() } /** * Gets the parameter declaration owning this wrapper application. @@ -59,6 +59,6 @@ module Generated { /** * Gets the parameter declaration owning this wrapper application. */ - final ParamDecl getParam() { result = getImmediateParam().resolve() } + final ParamDecl getParam() { result = this.getImmediateParam().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ApplyExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ApplyExpr.qll index b39b3f694bd..08b2e204550 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ApplyExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ApplyExpr.qll @@ -20,7 +20,7 @@ module Generated { /** * Gets the function being applied. */ - final Expr getFunction() { result = getImmediateFunction().resolve() } + final Expr getFunction() { result = this.getImmediateFunction().resolve() } /** * Gets the `index`th argument passed to the applied function (0-based). @@ -38,16 +38,16 @@ module Generated { /** * Gets the `index`th argument passed to the applied function (0-based). */ - final Argument getArgument(int index) { result = getImmediateArgument(index).resolve() } + final Argument getArgument(int index) { result = this.getImmediateArgument(index).resolve() } /** * Gets any of the arguments passed to the applied function. */ - final Argument getAnArgument() { result = getArgument(_) } + final Argument getAnArgument() { result = this.getArgument(_) } /** * Gets the number of arguments passed to the applied function. */ - final int getNumberOfArguments() { result = count(int i | exists(getArgument(i))) } + final int getNumberOfArguments() { result = count(int i | exists(this.getArgument(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/Argument.qll b/swift/ql/lib/codeql/swift/generated/expr/Argument.qll index 58993ca4045..e3043e07420 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/Argument.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/Argument.qll @@ -27,6 +27,6 @@ module Generated { /** * Gets the expression of this argument. */ - final Expr getExpr() { result = getImmediateExpr().resolve() } + final Expr getExpr() { result = this.getImmediateExpr().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ArrayExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ArrayExpr.qll index 8d0218f0824..5a74d70b841 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ArrayExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ArrayExpr.qll @@ -24,16 +24,16 @@ module Generated { /** * Gets the `index`th element of this array expression (0-based). */ - final Expr getElement(int index) { result = getImmediateElement(index).resolve() } + final Expr getElement(int index) { result = this.getImmediateElement(index).resolve() } /** * Gets any of the elements of this array expression. */ - final Expr getAnElement() { result = getElement(_) } + final Expr getAnElement() { result = this.getElement(_) } /** * Gets the number of elements of this array expression. */ - final int getNumberOfElements() { result = count(int i | exists(getElement(i))) } + final int getNumberOfElements() { result = count(int i | exists(this.getElement(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/AssignExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/AssignExpr.qll index 5c1c4ba6d0a..26a8f5dc936 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/AssignExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/AssignExpr.qll @@ -21,7 +21,7 @@ module Generated { /** * Gets the dest of this assign expression. */ - final Expr getDest() { result = getImmediateDest().resolve() } + final Expr getDest() { result = this.getImmediateDest().resolve() } /** * Gets the source of this assign expression. @@ -37,6 +37,6 @@ module Generated { /** * Gets the source of this assign expression. */ - final Expr getSource() { result = getImmediateSource().resolve() } + final Expr getSource() { result = this.getImmediateSource().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/BindOptionalExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/BindOptionalExpr.qll index e6395748185..d827276d0b6 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/BindOptionalExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/BindOptionalExpr.qll @@ -23,6 +23,6 @@ module Generated { /** * Gets the sub expression of this bind optional expression. */ - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/CaptureListExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/CaptureListExpr.qll index 10bc940dca8..0e751537558 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/CaptureListExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/CaptureListExpr.qll @@ -26,18 +26,18 @@ module Generated { * Gets the `index`th binding declaration of this capture list expression (0-based). */ final PatternBindingDecl getBindingDecl(int index) { - result = getImmediateBindingDecl(index).resolve() + result = this.getImmediateBindingDecl(index).resolve() } /** * Gets any of the binding declarations of this capture list expression. */ - final PatternBindingDecl getABindingDecl() { result = getBindingDecl(_) } + final PatternBindingDecl getABindingDecl() { result = this.getBindingDecl(_) } /** * Gets the number of binding declarations of this capture list expression. */ - final int getNumberOfBindingDecls() { result = count(int i | exists(getBindingDecl(i))) } + final int getNumberOfBindingDecls() { result = count(int i | exists(this.getBindingDecl(i))) } /** * Gets the closure body of this capture list expression. @@ -55,6 +55,6 @@ module Generated { /** * Gets the closure body of this capture list expression. */ - final ExplicitClosureExpr getClosureBody() { result = getImmediateClosureBody().resolve() } + final ExplicitClosureExpr getClosureBody() { result = this.getImmediateClosureBody().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/DeclRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DeclRefExpr.qll index 9a429e870fe..89a9858bafd 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DeclRefExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DeclRefExpr.qll @@ -23,7 +23,7 @@ module Generated { /** * Gets the declaration of this declaration reference expression. */ - final Decl getDecl() { result = getImmediateDecl().resolve() } + final Decl getDecl() { result = this.getImmediateDecl().resolve() } /** * Gets the `index`th replacement type of this declaration reference expression (0-based). @@ -42,19 +42,19 @@ module Generated { * Gets the `index`th replacement type of this declaration reference expression (0-based). */ final Type getReplacementType(int index) { - result = getImmediateReplacementType(index).resolve() + result = this.getImmediateReplacementType(index).resolve() } /** * Gets any of the replacement types of this declaration reference expression. */ - final Type getAReplacementType() { result = getReplacementType(_) } + final Type getAReplacementType() { result = this.getReplacementType(_) } /** * Gets the number of replacement types of this declaration reference expression. */ final int getNumberOfReplacementTypes() { - result = count(int i | exists(getReplacementType(i))) + result = count(int i | exists(this.getReplacementType(i))) } /** diff --git a/swift/ql/lib/codeql/swift/generated/expr/DefaultArgumentExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DefaultArgumentExpr.qll index d6bdce8be05..9fa6034bd64 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DefaultArgumentExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DefaultArgumentExpr.qll @@ -24,7 +24,7 @@ module Generated { /** * Gets the parameter declaration of this default argument expression. */ - final ParamDecl getParamDecl() { result = getImmediateParamDecl().resolve() } + final ParamDecl getParamDecl() { result = this.getImmediateParamDecl().resolve() } /** * Gets the parameter index of this default argument expression. @@ -50,11 +50,11 @@ module Generated { /** * Gets the caller side default of this default argument expression, if it exists. */ - final Expr getCallerSideDefault() { result = getImmediateCallerSideDefault().resolve() } + final Expr getCallerSideDefault() { result = this.getImmediateCallerSideDefault().resolve() } /** * Holds if `getCallerSideDefault()` exists. */ - final predicate hasCallerSideDefault() { exists(getCallerSideDefault()) } + final predicate hasCallerSideDefault() { exists(this.getCallerSideDefault()) } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/DictionaryExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DictionaryExpr.qll index 95821ef674b..a210c392fe8 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DictionaryExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DictionaryExpr.qll @@ -24,16 +24,16 @@ module Generated { /** * Gets the `index`th element of this dictionary expression (0-based). */ - final Expr getElement(int index) { result = getImmediateElement(index).resolve() } + final Expr getElement(int index) { result = this.getImmediateElement(index).resolve() } /** * Gets any of the elements of this dictionary expression. */ - final Expr getAnElement() { result = getElement(_) } + final Expr getAnElement() { result = this.getElement(_) } /** * Gets the number of elements of this dictionary expression. */ - final int getNumberOfElements() { result = count(int i | exists(getElement(i))) } + final int getNumberOfElements() { result = count(int i | exists(this.getElement(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/DotSyntaxBaseIgnoredExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DotSyntaxBaseIgnoredExpr.qll index f37fef536fe..746f9dcc9de 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DotSyntaxBaseIgnoredExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DotSyntaxBaseIgnoredExpr.qll @@ -23,7 +23,7 @@ module Generated { /** * Gets the qualifier of this dot syntax base ignored expression. */ - final Expr getQualifier() { result = getImmediateQualifier().resolve() } + final Expr getQualifier() { result = this.getImmediateQualifier().resolve() } /** * Gets the sub expression of this dot syntax base ignored expression. @@ -41,6 +41,6 @@ module Generated { /** * Gets the sub expression of this dot syntax base ignored expression. */ - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/DynamicTypeExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DynamicTypeExpr.qll index 618dd261dbb..c2bd3768675 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DynamicTypeExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DynamicTypeExpr.qll @@ -23,6 +23,6 @@ module Generated { /** * Gets the base of this dynamic type expression. */ - final Expr getBase() { result = getImmediateBase().resolve() } + final Expr getBase() { result = this.getImmediateBase().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/EnumIsCaseExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/EnumIsCaseExpr.qll index f250b60bfe8..b29c5cb98e1 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/EnumIsCaseExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/EnumIsCaseExpr.qll @@ -24,7 +24,7 @@ module Generated { /** * Gets the sub expression of this enum is case expression. */ - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } /** * Gets the element of this enum is case expression. @@ -42,6 +42,6 @@ module Generated { /** * Gets the element of this enum is case expression. */ - final EnumElementDecl getElement() { result = getImmediateElement().resolve() } + final EnumElementDecl getElement() { result = this.getImmediateElement().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ExplicitCastExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ExplicitCastExpr.qll index 1e02bc2aed3..10bcbc5b447 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ExplicitCastExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ExplicitCastExpr.qll @@ -21,6 +21,6 @@ module Generated { /** * Gets the sub expression of this explicit cast expression. */ - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/Expr.qll b/swift/ql/lib/codeql/swift/generated/expr/Expr.qll index 05ee90a6228..c496b07c4fc 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/Expr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/Expr.qll @@ -22,11 +22,11 @@ module Generated { /** * Gets the type of this expression, if it exists. */ - final Type getType() { result = getImmediateType().resolve() } + final Type getType() { result = this.getImmediateType().resolve() } /** * Holds if `getType()` exists. */ - final predicate hasType() { exists(getType()) } + final predicate hasType() { exists(this.getType()) } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ForceValueExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ForceValueExpr.qll index f7fca593cf2..2a4a08e1af7 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ForceValueExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ForceValueExpr.qll @@ -23,6 +23,6 @@ module Generated { /** * Gets the sub expression of this force value expression. */ - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/IdentityExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/IdentityExpr.qll index 34a18a9d8ff..bdff6219fe3 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/IdentityExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/IdentityExpr.qll @@ -21,6 +21,6 @@ module Generated { /** * Gets the sub expression of this identity expression. */ - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/IfExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/IfExpr.qll index 8c18d117dab..8a837f1ad17 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/IfExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/IfExpr.qll @@ -21,7 +21,7 @@ module Generated { /** * Gets the condition of this if expression. */ - final Expr getCondition() { result = getImmediateCondition().resolve() } + final Expr getCondition() { result = this.getImmediateCondition().resolve() } /** * Gets the then expression of this if expression. @@ -37,7 +37,7 @@ module Generated { /** * Gets the then expression of this if expression. */ - final Expr getThenExpr() { result = getImmediateThenExpr().resolve() } + final Expr getThenExpr() { result = this.getImmediateThenExpr().resolve() } /** * Gets the else expression of this if expression. @@ -53,6 +53,6 @@ module Generated { /** * Gets the else expression of this if expression. */ - final Expr getElseExpr() { result = getImmediateElseExpr().resolve() } + final Expr getElseExpr() { result = this.getImmediateElseExpr().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ImplicitConversionExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ImplicitConversionExpr.qll index 11f6b533e24..fdc249c0723 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ImplicitConversionExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ImplicitConversionExpr.qll @@ -21,6 +21,6 @@ module Generated { /** * Gets the sub expression of this implicit conversion expression. */ - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/InOutExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/InOutExpr.qll index 7707e83be07..6cac0fd23ab 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/InOutExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/InOutExpr.qll @@ -21,6 +21,6 @@ module Generated { /** * Gets the sub expression of this in out expression. */ - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll index e43da09c750..db25abe3906 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll @@ -27,13 +27,13 @@ module Generated { * Gets the interpolation expression of this interpolated string literal expression, if it exists. */ final OpaqueValueExpr getInterpolationExpr() { - result = getImmediateInterpolationExpr().resolve() + result = this.getImmediateInterpolationExpr().resolve() } /** * Holds if `getInterpolationExpr()` exists. */ - final predicate hasInterpolationExpr() { exists(getInterpolationExpr()) } + final predicate hasInterpolationExpr() { exists(this.getInterpolationExpr()) } /** * Gets the interpolation count expression of this interpolated string literal expression, if it exists. @@ -52,13 +52,13 @@ module Generated { * Gets the interpolation count expression of this interpolated string literal expression, if it exists. */ final Expr getInterpolationCountExpr() { - result = getImmediateInterpolationCountExpr().resolve() + result = this.getImmediateInterpolationCountExpr().resolve() } /** * Holds if `getInterpolationCountExpr()` exists. */ - final predicate hasInterpolationCountExpr() { exists(getInterpolationCountExpr()) } + final predicate hasInterpolationCountExpr() { exists(this.getInterpolationCountExpr()) } /** * Gets the literal capacity expression of this interpolated string literal expression, if it exists. @@ -76,12 +76,14 @@ module Generated { /** * Gets the literal capacity expression of this interpolated string literal expression, if it exists. */ - final Expr getLiteralCapacityExpr() { result = getImmediateLiteralCapacityExpr().resolve() } + final Expr getLiteralCapacityExpr() { + result = this.getImmediateLiteralCapacityExpr().resolve() + } /** * Holds if `getLiteralCapacityExpr()` exists. */ - final predicate hasLiteralCapacityExpr() { exists(getLiteralCapacityExpr()) } + final predicate hasLiteralCapacityExpr() { exists(this.getLiteralCapacityExpr()) } /** * Gets the appending expression of this interpolated string literal expression, if it exists. @@ -99,11 +101,11 @@ module Generated { /** * Gets the appending expression of this interpolated string literal expression, if it exists. */ - final TapExpr getAppendingExpr() { result = getImmediateAppendingExpr().resolve() } + final TapExpr getAppendingExpr() { result = this.getImmediateAppendingExpr().resolve() } /** * Holds if `getAppendingExpr()` exists. */ - final predicate hasAppendingExpr() { exists(getAppendingExpr()) } + final predicate hasAppendingExpr() { exists(this.getAppendingExpr()) } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/KeyPathApplicationExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/KeyPathApplicationExpr.qll index a64f64c72ca..0cd675fc44d 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/KeyPathApplicationExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/KeyPathApplicationExpr.qll @@ -23,7 +23,7 @@ module Generated { /** * Gets the base of this key path application expression. */ - final Expr getBase() { result = getImmediateBase().resolve() } + final Expr getBase() { result = this.getImmediateBase().resolve() } /** * Gets the key path of this key path application expression. @@ -41,6 +41,6 @@ module Generated { /** * Gets the key path of this key path application expression. */ - final Expr getKeyPath() { result = getImmediateKeyPath().resolve() } + final Expr getKeyPath() { result = this.getImmediateKeyPath().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/KeyPathExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/KeyPathExpr.qll index cdbd17a789d..a7ec4bab8bf 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/KeyPathExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/KeyPathExpr.qll @@ -28,12 +28,12 @@ module Generated { /** * Gets the root of this key path expression, if it exists. */ - final TypeRepr getRoot() { result = getImmediateRoot().resolve() } + final TypeRepr getRoot() { result = this.getImmediateRoot().resolve() } /** * Holds if `getRoot()` exists. */ - final predicate hasRoot() { exists(getRoot()) } + final predicate hasRoot() { exists(this.getRoot()) } /** * Gets the `index`th component of this key path expression (0-based). @@ -52,17 +52,17 @@ module Generated { * Gets the `index`th component of this key path expression (0-based). */ final KeyPathComponent getComponent(int index) { - result = getImmediateComponent(index).resolve() + result = this.getImmediateComponent(index).resolve() } /** * Gets any of the components of this key path expression. */ - final KeyPathComponent getAComponent() { result = getComponent(_) } + final KeyPathComponent getAComponent() { result = this.getComponent(_) } /** * Gets the number of components of this key path expression. */ - final int getNumberOfComponents() { result = count(int i | exists(getComponent(i))) } + final int getNumberOfComponents() { result = count(int i | exists(this.getComponent(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/LazyInitializationExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/LazyInitializationExpr.qll index 0ad1550734e..ee690ad5229 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/LazyInitializationExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/LazyInitializationExpr.qll @@ -23,6 +23,6 @@ module Generated { /** * Gets the sub expression of this lazy initialization expression. */ - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/LookupExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/LookupExpr.qll index 77c5f19de20..d6a81964675 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/LookupExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/LookupExpr.qll @@ -20,7 +20,7 @@ module Generated { /** * Gets the base of this lookup expression. */ - final Expr getBase() { result = getImmediateBase().resolve() } + final Expr getBase() { result = this.getImmediateBase().resolve() } /** * Gets the member of this lookup expression, if it exists. @@ -36,11 +36,11 @@ module Generated { /** * Gets the member of this lookup expression, if it exists. */ - final Decl getMember() { result = getImmediateMember().resolve() } + final Decl getMember() { result = this.getImmediateMember().resolve() } /** * Holds if `getMember()` exists. */ - final predicate hasMember() { exists(getMember()) } + final predicate hasMember() { exists(this.getMember()) } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/MakeTemporarilyEscapableExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/MakeTemporarilyEscapableExpr.qll index 55e0ad3c315..18bb6cf93ae 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/MakeTemporarilyEscapableExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/MakeTemporarilyEscapableExpr.qll @@ -24,7 +24,9 @@ module Generated { /** * Gets the escaping closure of this make temporarily escapable expression. */ - final OpaqueValueExpr getEscapingClosure() { result = getImmediateEscapingClosure().resolve() } + final OpaqueValueExpr getEscapingClosure() { + result = this.getImmediateEscapingClosure().resolve() + } /** * Gets the nonescaping closure of this make temporarily escapable expression. @@ -42,7 +44,7 @@ module Generated { /** * Gets the nonescaping closure of this make temporarily escapable expression. */ - final Expr getNonescapingClosure() { result = getImmediateNonescapingClosure().resolve() } + final Expr getNonescapingClosure() { result = this.getImmediateNonescapingClosure().resolve() } /** * Gets the sub expression of this make temporarily escapable expression. @@ -60,6 +62,6 @@ module Generated { /** * Gets the sub expression of this make temporarily escapable expression. */ - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/MethodLookupExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/MethodLookupExpr.qll index ad5c4e88e88..2fe7cfb174b 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/MethodLookupExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/MethodLookupExpr.qll @@ -19,6 +19,6 @@ module Generated { /** * Gets the the underlying method declaration reference expression. */ - final Expr getMethodRef() { result = getImmediateMethodRef().resolve() } + final Expr getMethodRef() { result = this.getImmediateMethodRef().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll index 14e8404cecb..f12d4cbd960 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll @@ -24,7 +24,7 @@ module Generated { /** * Gets the sub expression of this obj c selector expression. */ - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } /** * Gets the method of this obj c selector expression. @@ -42,6 +42,6 @@ module Generated { /** * Gets the method of this obj c selector expression. */ - final Function getMethod() { result = getImmediateMethod().resolve() } + final Function getMethod() { result = this.getImmediateMethod().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll index 602478ed726..4ce11bcca0f 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll @@ -36,16 +36,16 @@ module Generated { /** * Gets the `index`th argument of this object literal expression (0-based). */ - final Argument getArgument(int index) { result = getImmediateArgument(index).resolve() } + final Argument getArgument(int index) { result = this.getImmediateArgument(index).resolve() } /** * Gets any of the arguments of this object literal expression. */ - final Argument getAnArgument() { result = getArgument(_) } + final Argument getAnArgument() { result = this.getArgument(_) } /** * Gets the number of arguments of this object literal expression. */ - final int getNumberOfArguments() { result = count(int i | exists(getArgument(i))) } + final int getNumberOfArguments() { result = count(int i | exists(this.getArgument(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/OneWayExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/OneWayExpr.qll index e5dfaa6a78f..f8313e157e8 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/OneWayExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/OneWayExpr.qll @@ -21,6 +21,6 @@ module Generated { /** * Gets the sub expression of this one way expression. */ - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/OpenExistentialExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/OpenExistentialExpr.qll index 7bc64759e6b..ad2f3551b26 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/OpenExistentialExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/OpenExistentialExpr.qll @@ -24,7 +24,7 @@ module Generated { /** * Gets the sub expression of this open existential expression. */ - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } /** * Gets the existential of this open existential expression. @@ -42,7 +42,7 @@ module Generated { /** * Gets the existential of this open existential expression. */ - final Expr getExistential() { result = getImmediateExistential().resolve() } + final Expr getExistential() { result = this.getImmediateExistential().resolve() } /** * Gets the opaque expression of this open existential expression. @@ -60,6 +60,6 @@ module Generated { /** * Gets the opaque expression of this open existential expression. */ - final OpaqueValueExpr getOpaqueExpr() { result = getImmediateOpaqueExpr().resolve() } + final OpaqueValueExpr getOpaqueExpr() { result = this.getImmediateOpaqueExpr().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/OptionalEvaluationExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/OptionalEvaluationExpr.qll index 6903cf2d098..f23fd024cf9 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/OptionalEvaluationExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/OptionalEvaluationExpr.qll @@ -23,6 +23,6 @@ module Generated { /** * Gets the sub expression of this optional evaluation expression. */ - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/OtherInitializerRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/OtherInitializerRefExpr.qll index 605b3a7543d..dbd4ba6ecdb 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/OtherInitializerRefExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/OtherInitializerRefExpr.qll @@ -24,6 +24,6 @@ module Generated { /** * Gets the initializer of this other initializer reference expression. */ - final Initializer getInitializer() { result = getImmediateInitializer().resolve() } + final Initializer getInitializer() { result = this.getImmediateInitializer().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll index 6edacb1eeef..7a7478197b7 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll @@ -30,19 +30,19 @@ module Generated { * Gets the `index`th possible declaration of this overloaded declaration reference expression (0-based). */ final ValueDecl getPossibleDeclaration(int index) { - result = getImmediatePossibleDeclaration(index).resolve() + result = this.getImmediatePossibleDeclaration(index).resolve() } /** * Gets any of the possible declarations of this overloaded declaration reference expression. */ - final ValueDecl getAPossibleDeclaration() { result = getPossibleDeclaration(_) } + final ValueDecl getAPossibleDeclaration() { result = this.getPossibleDeclaration(_) } /** * Gets the number of possible declarations of this overloaded declaration reference expression. */ final int getNumberOfPossibleDeclarations() { - result = count(int i | exists(getPossibleDeclaration(i))) + result = count(int i | exists(this.getPossibleDeclaration(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/PropertyWrapperValuePlaceholderExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/PropertyWrapperValuePlaceholderExpr.qll index 3296648d8a1..80e258ec54c 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/PropertyWrapperValuePlaceholderExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/PropertyWrapperValuePlaceholderExpr.qll @@ -30,12 +30,12 @@ module Generated { /** * Gets the wrapped value of this property wrapper value placeholder expression, if it exists. */ - final Expr getWrappedValue() { result = getImmediateWrappedValue().resolve() } + final Expr getWrappedValue() { result = this.getImmediateWrappedValue().resolve() } /** * Holds if `getWrappedValue()` exists. */ - final predicate hasWrappedValue() { exists(getWrappedValue()) } + final predicate hasWrappedValue() { exists(this.getWrappedValue()) } /** * Gets the placeholder of this property wrapper value placeholder expression. @@ -53,6 +53,6 @@ module Generated { /** * Gets the placeholder of this property wrapper value placeholder expression. */ - final OpaqueValueExpr getPlaceholder() { result = getImmediatePlaceholder().resolve() } + final OpaqueValueExpr getPlaceholder() { result = this.getImmediatePlaceholder().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/RebindSelfInInitializerExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/RebindSelfInInitializerExpr.qll index bc3a934912a..e8edcbe2b70 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/RebindSelfInInitializerExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/RebindSelfInInitializerExpr.qll @@ -24,7 +24,7 @@ module Generated { /** * Gets the sub expression of this rebind self in initializer expression. */ - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } /** * Gets the self of this rebind self in initializer expression. @@ -42,6 +42,6 @@ module Generated { /** * Gets the self of this rebind self in initializer expression. */ - final VarDecl getSelf() { result = getImmediateSelf().resolve() } + final VarDecl getSelf() { result = this.getImmediateSelf().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/SelfApplyExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/SelfApplyExpr.qll index daf5e4eda59..d7e14456b43 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/SelfApplyExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/SelfApplyExpr.qll @@ -27,6 +27,6 @@ module Generated { /** * Gets the base of this self apply expression. */ - final Expr getBase() { result = getImmediateBase().resolve() } + final Expr getBase() { result = this.getImmediateBase().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/SequenceExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/SequenceExpr.qll index 5a4ca1b9650..26d5d803c40 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/SequenceExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/SequenceExpr.qll @@ -23,16 +23,16 @@ module Generated { /** * Gets the `index`th element of this sequence expression (0-based). */ - final Expr getElement(int index) { result = getImmediateElement(index).resolve() } + final Expr getElement(int index) { result = this.getImmediateElement(index).resolve() } /** * Gets any of the elements of this sequence expression. */ - final Expr getAnElement() { result = getElement(_) } + final Expr getAnElement() { result = this.getElement(_) } /** * Gets the number of elements of this sequence expression. */ - final int getNumberOfElements() { result = count(int i | exists(getElement(i))) } + final int getNumberOfElements() { result = count(int i | exists(this.getElement(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/SubscriptExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/SubscriptExpr.qll index c5bdfb0207d..6f998636ba3 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/SubscriptExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/SubscriptExpr.qll @@ -24,17 +24,17 @@ module Generated { /** * Gets the `index`th argument of this subscript expression (0-based). */ - final Argument getArgument(int index) { result = getImmediateArgument(index).resolve() } + final Argument getArgument(int index) { result = this.getImmediateArgument(index).resolve() } /** * Gets any of the arguments of this subscript expression. */ - final Argument getAnArgument() { result = getArgument(_) } + final Argument getAnArgument() { result = this.getArgument(_) } /** * Gets the number of arguments of this subscript expression. */ - final int getNumberOfArguments() { result = count(int i | exists(getArgument(i))) } + final int getNumberOfArguments() { result = count(int i | exists(this.getArgument(i))) } /** * Holds if this subscript expression has direct to storage semantics. diff --git a/swift/ql/lib/codeql/swift/generated/expr/SuperRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/SuperRefExpr.qll index 2ee8351e3fb..7718629410d 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/SuperRefExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/SuperRefExpr.qll @@ -24,6 +24,6 @@ module Generated { /** * Gets the self of this super reference expression. */ - final VarDecl getSelf() { result = getImmediateSelf().resolve() } + final VarDecl getSelf() { result = this.getImmediateSelf().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/TapExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/TapExpr.qll index 734c8d311ad..f4f0aa07121 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/TapExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/TapExpr.qll @@ -23,12 +23,12 @@ module Generated { /** * Gets the sub expression of this tap expression, if it exists. */ - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } /** * Holds if `getSubExpr()` exists. */ - final predicate hasSubExpr() { exists(getSubExpr()) } + final predicate hasSubExpr() { exists(this.getSubExpr()) } /** * Gets the body of this tap expression. @@ -44,7 +44,7 @@ module Generated { /** * Gets the body of this tap expression. */ - final BraceStmt getBody() { result = getImmediateBody().resolve() } + final BraceStmt getBody() { result = this.getImmediateBody().resolve() } /** * Gets the variable of this tap expression. @@ -60,6 +60,6 @@ module Generated { /** * Gets the variable of this tap expression. */ - final VarDecl getVar() { result = getImmediateVar().resolve() } + final VarDecl getVar() { result = this.getImmediateVar().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/TupleElementExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/TupleElementExpr.qll index 1216c643214..ed8c67650f0 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/TupleElementExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/TupleElementExpr.qll @@ -23,7 +23,7 @@ module Generated { /** * Gets the sub expression of this tuple element expression. */ - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } /** * Gets the index of this tuple element expression. diff --git a/swift/ql/lib/codeql/swift/generated/expr/TupleExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/TupleExpr.qll index 5db9ee900ba..3435ddc8916 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/TupleExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/TupleExpr.qll @@ -23,16 +23,16 @@ module Generated { /** * Gets the `index`th element of this tuple expression (0-based). */ - final Expr getElement(int index) { result = getImmediateElement(index).resolve() } + final Expr getElement(int index) { result = this.getImmediateElement(index).resolve() } /** * Gets any of the elements of this tuple expression. */ - final Expr getAnElement() { result = getElement(_) } + final Expr getAnElement() { result = this.getElement(_) } /** * Gets the number of elements of this tuple expression. */ - final int getNumberOfElements() { result = count(int i | exists(getElement(i))) } + final int getNumberOfElements() { result = count(int i | exists(this.getElement(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/TypeExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/TypeExpr.qll index 220b5902f2c..d8e729fc250 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/TypeExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/TypeExpr.qll @@ -24,11 +24,11 @@ module Generated { /** * Gets the type representation of this type expression, if it exists. */ - final TypeRepr getTypeRepr() { result = getImmediateTypeRepr().resolve() } + final TypeRepr getTypeRepr() { result = this.getImmediateTypeRepr().resolve() } /** * Holds if `getTypeRepr()` exists. */ - final predicate hasTypeRepr() { exists(getTypeRepr()) } + final predicate hasTypeRepr() { exists(this.getTypeRepr()) } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDeclRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDeclRefExpr.qll index c821cc3b76c..389908abda0 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDeclRefExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDeclRefExpr.qll @@ -18,6 +18,6 @@ module Generated { /** * Holds if `getName()` exists. */ - final predicate hasName() { exists(getName()) } + final predicate hasName() { exists(this.getName()) } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDotExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDotExpr.qll index 94da3aa05e3..d9130d4885e 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDotExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDotExpr.qll @@ -24,7 +24,7 @@ module Generated { /** * Gets the base of this unresolved dot expression. */ - final Expr getBase() { result = getImmediateBase().resolve() } + final Expr getBase() { result = this.getImmediateBase().resolve() } /** * Gets the name of this unresolved dot expression. diff --git a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedPatternExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedPatternExpr.qll index ae7b16de2d3..93e5dde32a0 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedPatternExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedPatternExpr.qll @@ -25,6 +25,6 @@ module Generated { /** * Gets the sub pattern of this unresolved pattern expression. */ - final Pattern getSubPattern() { result = getImmediateSubPattern().resolve() } + final Pattern getSubPattern() { result = this.getImmediateSubPattern().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedSpecializeExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedSpecializeExpr.qll index 60c7379bda8..31dc8f10023 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedSpecializeExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedSpecializeExpr.qll @@ -24,6 +24,6 @@ module Generated { /** * Gets the sub expression of this unresolved specialize expression. */ - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/VarargExpansionExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/VarargExpansionExpr.qll index 6546fe8712b..b4a208b1947 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/VarargExpansionExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/VarargExpansionExpr.qll @@ -23,6 +23,6 @@ module Generated { /** * Gets the sub expression of this vararg expansion expression. */ - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/BindingPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/BindingPattern.qll index 49766479827..1165e0f7d66 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/BindingPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/BindingPattern.qll @@ -23,6 +23,6 @@ module Generated { /** * Gets the sub pattern of this binding pattern. */ - final Pattern getSubPattern() { result = getImmediateSubPattern().resolve() } + final Pattern getSubPattern() { result = this.getImmediateSubPattern().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/EnumElementPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/EnumElementPattern.qll index 5b776d1fbf3..0ff39e60753 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/EnumElementPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/EnumElementPattern.qll @@ -24,7 +24,7 @@ module Generated { /** * Gets the element of this enum element pattern. */ - final EnumElementDecl getElement() { result = getImmediateElement().resolve() } + final EnumElementDecl getElement() { result = this.getImmediateElement().resolve() } /** * Gets the sub pattern of this enum element pattern, if it exists. @@ -42,11 +42,11 @@ module Generated { /** * Gets the sub pattern of this enum element pattern, if it exists. */ - final Pattern getSubPattern() { result = getImmediateSubPattern().resolve() } + final Pattern getSubPattern() { result = this.getImmediateSubPattern().resolve() } /** * Holds if `getSubPattern()` exists. */ - final predicate hasSubPattern() { exists(getSubPattern()) } + final predicate hasSubPattern() { exists(this.getSubPattern()) } } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/ExprPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/ExprPattern.qll index ba9924d88dd..d2140ec8156 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/ExprPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/ExprPattern.qll @@ -24,6 +24,6 @@ module Generated { /** * Gets the sub expression of this expression pattern. */ - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/IsPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/IsPattern.qll index 6265ea62415..aa4a6f7a5fc 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/IsPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/IsPattern.qll @@ -24,12 +24,12 @@ module Generated { /** * Gets the cast type representation of this is pattern, if it exists. */ - final TypeRepr getCastTypeRepr() { result = getImmediateCastTypeRepr().resolve() } + final TypeRepr getCastTypeRepr() { result = this.getImmediateCastTypeRepr().resolve() } /** * Holds if `getCastTypeRepr()` exists. */ - final predicate hasCastTypeRepr() { exists(getCastTypeRepr()) } + final predicate hasCastTypeRepr() { exists(this.getCastTypeRepr()) } /** * Gets the sub pattern of this is pattern, if it exists. @@ -47,11 +47,11 @@ module Generated { /** * Gets the sub pattern of this is pattern, if it exists. */ - final Pattern getSubPattern() { result = getImmediateSubPattern().resolve() } + final Pattern getSubPattern() { result = this.getImmediateSubPattern().resolve() } /** * Holds if `getSubPattern()` exists. */ - final predicate hasSubPattern() { exists(getSubPattern()) } + final predicate hasSubPattern() { exists(this.getSubPattern()) } } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/OptionalSomePattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/OptionalSomePattern.qll index a235351a715..0e3d97b5a08 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/OptionalSomePattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/OptionalSomePattern.qll @@ -23,6 +23,6 @@ module Generated { /** * Gets the sub pattern of this optional some pattern. */ - final Pattern getSubPattern() { result = getImmediateSubPattern().resolve() } + final Pattern getSubPattern() { result = this.getImmediateSubPattern().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/ParenPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/ParenPattern.qll index ce5987c400d..4590b7506d8 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/ParenPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/ParenPattern.qll @@ -23,6 +23,6 @@ module Generated { /** * Gets the sub pattern of this paren pattern. */ - final Pattern getSubPattern() { result = getImmediateSubPattern().resolve() } + final Pattern getSubPattern() { result = this.getImmediateSubPattern().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/TuplePattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/TuplePattern.qll index 31c0cf593a5..150bb6b6008 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/TuplePattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/TuplePattern.qll @@ -23,16 +23,16 @@ module Generated { /** * Gets the `index`th element of this tuple pattern (0-based). */ - final Pattern getElement(int index) { result = getImmediateElement(index).resolve() } + final Pattern getElement(int index) { result = this.getImmediateElement(index).resolve() } /** * Gets any of the elements of this tuple pattern. */ - final Pattern getAnElement() { result = getElement(_) } + final Pattern getAnElement() { result = this.getElement(_) } /** * Gets the number of elements of this tuple pattern. */ - final int getNumberOfElements() { result = count(int i | exists(getElement(i))) } + final int getNumberOfElements() { result = count(int i | exists(this.getElement(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/TypedPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/TypedPattern.qll index e90afe99556..3aa4fd30638 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/TypedPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/TypedPattern.qll @@ -24,7 +24,7 @@ module Generated { /** * Gets the sub pattern of this typed pattern. */ - final Pattern getSubPattern() { result = getImmediateSubPattern().resolve() } + final Pattern getSubPattern() { result = this.getImmediateSubPattern().resolve() } /** * Gets the type representation of this typed pattern, if it exists. @@ -42,11 +42,11 @@ module Generated { /** * Gets the type representation of this typed pattern, if it exists. */ - final TypeRepr getTypeRepr() { result = getImmediateTypeRepr().resolve() } + final TypeRepr getTypeRepr() { result = this.getImmediateTypeRepr().resolve() } /** * Holds if `getTypeRepr()` exists. */ - final predicate hasTypeRepr() { exists(getTypeRepr()) } + final predicate hasTypeRepr() { exists(this.getTypeRepr()) } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll index 5f2245f991d..1686d584dc5 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll @@ -24,16 +24,16 @@ module Generated { /** * Gets the `index`th element of this brace statement (0-based). */ - final AstNode getElement(int index) { result = getImmediateElement(index).resolve() } + final AstNode getElement(int index) { result = this.getImmediateElement(index).resolve() } /** * Gets any of the elements of this brace statement. */ - final AstNode getAnElement() { result = getElement(_) } + final AstNode getAnElement() { result = this.getElement(_) } /** * Gets the number of elements of this brace statement. */ - final int getNumberOfElements() { result = count(int i | exists(getElement(i))) } + final int getNumberOfElements() { result = count(int i | exists(this.getElement(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/BreakStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/BreakStmt.qll index af66eaa3005..7491d9a21a3 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/BreakStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/BreakStmt.qll @@ -17,7 +17,7 @@ module Generated { /** * Holds if `getTargetName()` exists. */ - final predicate hasTargetName() { exists(getTargetName()) } + final predicate hasTargetName() { exists(this.getTargetName()) } /** * Gets the target of this break statement, if it exists. @@ -33,11 +33,11 @@ module Generated { /** * Gets the target of this break statement, if it exists. */ - final Stmt getTarget() { result = getImmediateTarget().resolve() } + final Stmt getTarget() { result = this.getImmediateTarget().resolve() } /** * Holds if `getTarget()` exists. */ - final predicate hasTarget() { exists(getTarget()) } + final predicate hasTarget() { exists(this.getTarget()) } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/CaseLabelItem.qll b/swift/ql/lib/codeql/swift/generated/stmt/CaseLabelItem.qll index 034a448bea9..bdc582997ea 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/CaseLabelItem.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/CaseLabelItem.qll @@ -25,7 +25,7 @@ module Generated { /** * Gets the pattern of this case label item. */ - final Pattern getPattern() { result = getImmediatePattern().resolve() } + final Pattern getPattern() { result = this.getImmediatePattern().resolve() } /** * Gets the guard of this case label item, if it exists. @@ -43,11 +43,11 @@ module Generated { /** * Gets the guard of this case label item, if it exists. */ - final Expr getGuard() { result = getImmediateGuard().resolve() } + final Expr getGuard() { result = this.getImmediateGuard().resolve() } /** * Holds if `getGuard()` exists. */ - final predicate hasGuard() { exists(getGuard()) } + final predicate hasGuard() { exists(this.getGuard()) } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/CaseStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/CaseStmt.qll index a6246070415..1a3b6854b47 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/CaseStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/CaseStmt.qll @@ -23,7 +23,7 @@ module Generated { /** * Gets the body of this case statement. */ - final Stmt getBody() { result = getImmediateBody().resolve() } + final Stmt getBody() { result = this.getImmediateBody().resolve() } /** * Gets the `index`th label of this case statement (0-based). @@ -41,17 +41,17 @@ module Generated { /** * Gets the `index`th label of this case statement (0-based). */ - final CaseLabelItem getLabel(int index) { result = getImmediateLabel(index).resolve() } + final CaseLabelItem getLabel(int index) { result = this.getImmediateLabel(index).resolve() } /** * Gets any of the labels of this case statement. */ - final CaseLabelItem getALabel() { result = getLabel(_) } + final CaseLabelItem getALabel() { result = this.getLabel(_) } /** * Gets the number of labels of this case statement. */ - final int getNumberOfLabels() { result = count(int i | exists(getLabel(i))) } + final int getNumberOfLabels() { result = count(int i | exists(this.getLabel(i))) } /** * Gets the `index`th variable of this case statement (0-based). @@ -69,16 +69,16 @@ module Generated { /** * Gets the `index`th variable of this case statement (0-based). */ - final VarDecl getVariable(int index) { result = getImmediateVariable(index).resolve() } + final VarDecl getVariable(int index) { result = this.getImmediateVariable(index).resolve() } /** * Gets any of the variables of this case statement. */ - final VarDecl getAVariable() { result = getVariable(_) } + final VarDecl getAVariable() { result = this.getVariable(_) } /** * Gets the number of variables of this case statement. */ - final int getNumberOfVariables() { result = count(int i | exists(getVariable(i))) } + final int getNumberOfVariables() { result = count(int i | exists(this.getVariable(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/ConditionElement.qll b/swift/ql/lib/codeql/swift/generated/stmt/ConditionElement.qll index 634418b6b87..bc58ac9eadf 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/ConditionElement.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/ConditionElement.qll @@ -26,12 +26,12 @@ module Generated { /** * Gets the boolean of this condition element, if it exists. */ - final Expr getBoolean() { result = getImmediateBoolean().resolve() } + final Expr getBoolean() { result = this.getImmediateBoolean().resolve() } /** * Holds if `getBoolean()` exists. */ - final predicate hasBoolean() { exists(getBoolean()) } + final predicate hasBoolean() { exists(this.getBoolean()) } /** * Gets the pattern of this condition element, if it exists. @@ -49,12 +49,12 @@ module Generated { /** * Gets the pattern of this condition element, if it exists. */ - final Pattern getPattern() { result = getImmediatePattern().resolve() } + final Pattern getPattern() { result = this.getImmediatePattern().resolve() } /** * Holds if `getPattern()` exists. */ - final predicate hasPattern() { exists(getPattern()) } + final predicate hasPattern() { exists(this.getPattern()) } /** * Gets the initializer of this condition element, if it exists. @@ -72,12 +72,12 @@ module Generated { /** * Gets the initializer of this condition element, if it exists. */ - final Expr getInitializer() { result = getImmediateInitializer().resolve() } + final Expr getInitializer() { result = this.getImmediateInitializer().resolve() } /** * Holds if `getInitializer()` exists. */ - final predicate hasInitializer() { exists(getInitializer()) } + final predicate hasInitializer() { exists(this.getInitializer()) } /** * Gets the availability of this condition element, if it exists. @@ -95,11 +95,11 @@ module Generated { /** * Gets the availability of this condition element, if it exists. */ - final AvailabilityInfo getAvailability() { result = getImmediateAvailability().resolve() } + final AvailabilityInfo getAvailability() { result = this.getImmediateAvailability().resolve() } /** * Holds if `getAvailability()` exists. */ - final predicate hasAvailability() { exists(getAvailability()) } + final predicate hasAvailability() { exists(this.getAvailability()) } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/ContinueStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/ContinueStmt.qll index 18309ed361a..0bb169de636 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/ContinueStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/ContinueStmt.qll @@ -17,7 +17,7 @@ module Generated { /** * Holds if `getTargetName()` exists. */ - final predicate hasTargetName() { exists(getTargetName()) } + final predicate hasTargetName() { exists(this.getTargetName()) } /** * Gets the target of this continue statement, if it exists. @@ -35,11 +35,11 @@ module Generated { /** * Gets the target of this continue statement, if it exists. */ - final Stmt getTarget() { result = getImmediateTarget().resolve() } + final Stmt getTarget() { result = this.getImmediateTarget().resolve() } /** * Holds if `getTarget()` exists. */ - final predicate hasTarget() { exists(getTarget()) } + final predicate hasTarget() { exists(this.getTarget()) } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/DeferStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/DeferStmt.qll index 61b15a282a1..28b65e85fe0 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/DeferStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/DeferStmt.qll @@ -22,6 +22,6 @@ module Generated { /** * Gets the body of this defer statement. */ - final BraceStmt getBody() { result = getImmediateBody().resolve() } + final BraceStmt getBody() { result = this.getImmediateBody().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/DoCatchStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/DoCatchStmt.qll index 642da76726a..7618c71d158 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/DoCatchStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/DoCatchStmt.qll @@ -23,7 +23,7 @@ module Generated { /** * Gets the body of this do catch statement. */ - final Stmt getBody() { result = getImmediateBody().resolve() } + final Stmt getBody() { result = this.getImmediateBody().resolve() } /** * Gets the `index`th catch of this do catch statement (0-based). @@ -41,16 +41,16 @@ module Generated { /** * Gets the `index`th catch of this do catch statement (0-based). */ - final CaseStmt getCatch(int index) { result = getImmediateCatch(index).resolve() } + final CaseStmt getCatch(int index) { result = this.getImmediateCatch(index).resolve() } /** * Gets any of the catches of this do catch statement. */ - final CaseStmt getACatch() { result = getCatch(_) } + final CaseStmt getACatch() { result = this.getCatch(_) } /** * Gets the number of catches of this do catch statement. */ - final int getNumberOfCatches() { result = count(int i | exists(getCatch(i))) } + final int getNumberOfCatches() { result = count(int i | exists(this.getCatch(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/DoStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/DoStmt.qll index e0961f0946a..9a88046e2b4 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/DoStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/DoStmt.qll @@ -22,6 +22,6 @@ module Generated { /** * Gets the body of this do statement. */ - final BraceStmt getBody() { result = getImmediateBody().resolve() } + final BraceStmt getBody() { result = this.getImmediateBody().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/FallthroughStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/FallthroughStmt.qll index bd476b89402..9031a241f95 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/FallthroughStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/FallthroughStmt.qll @@ -24,7 +24,9 @@ module Generated { /** * Gets the fallthrough source of this fallthrough statement. */ - final CaseStmt getFallthroughSource() { result = getImmediateFallthroughSource().resolve() } + final CaseStmt getFallthroughSource() { + result = this.getImmediateFallthroughSource().resolve() + } /** * Gets the fallthrough dest of this fallthrough statement. @@ -42,6 +44,6 @@ module Generated { /** * Gets the fallthrough dest of this fallthrough statement. */ - final CaseStmt getFallthroughDest() { result = getImmediateFallthroughDest().resolve() } + final CaseStmt getFallthroughDest() { result = this.getImmediateFallthroughDest().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/ForEachStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/ForEachStmt.qll index b23c98993eb..64511ad5a20 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/ForEachStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/ForEachStmt.qll @@ -26,7 +26,7 @@ module Generated { /** * Gets the pattern of this for each statement. */ - final Pattern getPattern() { result = getImmediatePattern().resolve() } + final Pattern getPattern() { result = this.getImmediatePattern().resolve() } /** * Gets the sequence of this for each statement. @@ -44,7 +44,7 @@ module Generated { /** * Gets the sequence of this for each statement. */ - final Expr getSequence() { result = getImmediateSequence().resolve() } + final Expr getSequence() { result = this.getImmediateSequence().resolve() } /** * Gets the where of this for each statement, if it exists. @@ -60,12 +60,12 @@ module Generated { /** * Gets the where of this for each statement, if it exists. */ - final Expr getWhere() { result = getImmediateWhere().resolve() } + final Expr getWhere() { result = this.getImmediateWhere().resolve() } /** * Holds if `getWhere()` exists. */ - final predicate hasWhere() { exists(getWhere()) } + final predicate hasWhere() { exists(this.getWhere()) } /** * Gets the body of this for each statement. @@ -83,6 +83,6 @@ module Generated { /** * Gets the body of this for each statement. */ - final BraceStmt getBody() { result = getImmediateBody().resolve() } + final BraceStmt getBody() { result = this.getImmediateBody().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/GuardStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/GuardStmt.qll index 91f33684857..c3fec287475 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/GuardStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/GuardStmt.qll @@ -22,6 +22,6 @@ module Generated { /** * Gets the body of this guard statement. */ - final BraceStmt getBody() { result = getImmediateBody().resolve() } + final BraceStmt getBody() { result = this.getImmediateBody().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/IfStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/IfStmt.qll index a26eb513a22..af40d44ce7a 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/IfStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/IfStmt.qll @@ -21,7 +21,7 @@ module Generated { /** * Gets the then of this if statement. */ - final Stmt getThen() { result = getImmediateThen().resolve() } + final Stmt getThen() { result = this.getImmediateThen().resolve() } /** * Gets the else of this if statement, if it exists. @@ -36,11 +36,11 @@ module Generated { /** * Gets the else of this if statement, if it exists. */ - final Stmt getElse() { result = getImmediateElse().resolve() } + final Stmt getElse() { result = this.getImmediateElse().resolve() } /** * Holds if `getElse()` exists. */ - final predicate hasElse() { exists(getElse()) } + final predicate hasElse() { exists(this.getElse()) } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/LabeledConditionalStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/LabeledConditionalStmt.qll index 64debf2bf54..cf8818b5d84 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/LabeledConditionalStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/LabeledConditionalStmt.qll @@ -22,6 +22,6 @@ module Generated { /** * Gets the condition of this labeled conditional statement. */ - final StmtCondition getCondition() { result = getImmediateCondition().resolve() } + final StmtCondition getCondition() { result = this.getImmediateCondition().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/LabeledStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/LabeledStmt.qll index c1584ee4b1f..4a563c7e063 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/LabeledStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/LabeledStmt.qll @@ -15,6 +15,6 @@ module Generated { /** * Holds if `getLabel()` exists. */ - final predicate hasLabel() { exists(getLabel()) } + final predicate hasLabel() { exists(this.getLabel()) } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/PoundAssertStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/PoundAssertStmt.qll index 52afcc8bb3c..85fe6487362 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/PoundAssertStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/PoundAssertStmt.qll @@ -24,7 +24,7 @@ module Generated { /** * Gets the condition of this pound assert statement. */ - final Expr getCondition() { result = getImmediateCondition().resolve() } + final Expr getCondition() { result = this.getImmediateCondition().resolve() } /** * Gets the message of this pound assert statement. diff --git a/swift/ql/lib/codeql/swift/generated/stmt/RepeatWhileStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/RepeatWhileStmt.qll index 561868b6085..31206b08752 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/RepeatWhileStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/RepeatWhileStmt.qll @@ -25,7 +25,7 @@ module Generated { /** * Gets the condition of this repeat while statement. */ - final Expr getCondition() { result = getImmediateCondition().resolve() } + final Expr getCondition() { result = this.getImmediateCondition().resolve() } /** * Gets the body of this repeat while statement. @@ -43,6 +43,6 @@ module Generated { /** * Gets the body of this repeat while statement. */ - final Stmt getBody() { result = getImmediateBody().resolve() } + final Stmt getBody() { result = this.getImmediateBody().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/ReturnStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/ReturnStmt.qll index 14f9b17d60d..465464611c1 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/ReturnStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/ReturnStmt.qll @@ -22,11 +22,11 @@ module Generated { /** * Gets the result of this return statement, if it exists. */ - final Expr getResult() { result = getImmediateResult().resolve() } + final Expr getResult() { result = this.getImmediateResult().resolve() } /** * Holds if `getResult()` exists. */ - final predicate hasResult() { exists(getResult()) } + final predicate hasResult() { exists(this.getResult()) } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/StmtCondition.qll b/swift/ql/lib/codeql/swift/generated/stmt/StmtCondition.qll index 45b93f32177..e8a9e38dff1 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/StmtCondition.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/StmtCondition.qll @@ -24,16 +24,18 @@ module Generated { /** * Gets the `index`th element of this statement condition (0-based). */ - final ConditionElement getElement(int index) { result = getImmediateElement(index).resolve() } + final ConditionElement getElement(int index) { + result = this.getImmediateElement(index).resolve() + } /** * Gets any of the elements of this statement condition. */ - final ConditionElement getAnElement() { result = getElement(_) } + final ConditionElement getAnElement() { result = this.getElement(_) } /** * Gets the number of elements of this statement condition. */ - final int getNumberOfElements() { result = count(int i | exists(getElement(i))) } + final int getNumberOfElements() { result = count(int i | exists(this.getElement(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/SwitchStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/SwitchStmt.qll index e1921751d22..6c1d73790a6 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/SwitchStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/SwitchStmt.qll @@ -23,7 +23,7 @@ module Generated { /** * Gets the expression of this switch statement. */ - final Expr getExpr() { result = getImmediateExpr().resolve() } + final Expr getExpr() { result = this.getImmediateExpr().resolve() } /** * Gets the `index`th case of this switch statement (0-based). @@ -41,16 +41,16 @@ module Generated { /** * Gets the `index`th case of this switch statement (0-based). */ - final CaseStmt getCase(int index) { result = getImmediateCase(index).resolve() } + final CaseStmt getCase(int index) { result = this.getImmediateCase(index).resolve() } /** * Gets any of the cases of this switch statement. */ - final CaseStmt getACase() { result = getCase(_) } + final CaseStmt getACase() { result = this.getCase(_) } /** * Gets the number of cases of this switch statement. */ - final int getNumberOfCases() { result = count(int i | exists(getCase(i))) } + final int getNumberOfCases() { result = count(int i | exists(this.getCase(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/ThrowStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/ThrowStmt.qll index 05176872e7a..9ef7edabeff 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/ThrowStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/ThrowStmt.qll @@ -22,6 +22,6 @@ module Generated { /** * Gets the sub expression of this throw statement. */ - final Expr getSubExpr() { result = getImmediateSubExpr().resolve() } + final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/WhileStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/WhileStmt.qll index c8858e09fb5..fb117dd9350 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/WhileStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/WhileStmt.qll @@ -22,6 +22,6 @@ module Generated { /** * Gets the body of this while statement. */ - final Stmt getBody() { result = getImmediateBody().resolve() } + final Stmt getBody() { result = this.getImmediateBody().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/YieldStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/YieldStmt.qll index 42d91340d95..f040c892347 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/YieldStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/YieldStmt.qll @@ -24,16 +24,16 @@ module Generated { /** * Gets the `index`th result of this yield statement (0-based). */ - final Expr getResult(int index) { result = getImmediateResult(index).resolve() } + final Expr getResult(int index) { result = this.getImmediateResult(index).resolve() } /** * Gets any of the results of this yield statement. */ - final Expr getAResult() { result = getResult(_) } + final Expr getAResult() { result = this.getResult(_) } /** * Gets the number of results of this yield statement. */ - final int getNumberOfResults() { result = count(int i | exists(getResult(i))) } + final int getNumberOfResults() { result = count(int i | exists(this.getResult(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/AnyFunctionType.qll b/swift/ql/lib/codeql/swift/generated/type/AnyFunctionType.qll index f7a26f75e5e..3778893e461 100644 --- a/swift/ql/lib/codeql/swift/generated/type/AnyFunctionType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/AnyFunctionType.qll @@ -21,7 +21,7 @@ module Generated { /** * Gets the result of this function type. */ - final Type getResult() { result = getImmediateResult().resolve() } + final Type getResult() { result = this.getImmediateResult().resolve() } /** * Gets the `index`th parameter type of this function type (0-based). @@ -39,17 +39,17 @@ module Generated { /** * Gets the `index`th parameter type of this function type (0-based). */ - final Type getParamType(int index) { result = getImmediateParamType(index).resolve() } + final Type getParamType(int index) { result = this.getImmediateParamType(index).resolve() } /** * Gets any of the parameter types of this function type. */ - final Type getAParamType() { result = getParamType(_) } + final Type getAParamType() { result = this.getParamType(_) } /** * Gets the number of parameter types of this function type. */ - final int getNumberOfParamTypes() { result = count(int i | exists(getParamType(i))) } + final int getNumberOfParamTypes() { result = count(int i | exists(this.getParamType(i))) } /** * Holds if this type refers to a throwing function. diff --git a/swift/ql/lib/codeql/swift/generated/type/AnyGenericType.qll b/swift/ql/lib/codeql/swift/generated/type/AnyGenericType.qll index 3f221eb72f6..d6639d7e9a6 100644 --- a/swift/ql/lib/codeql/swift/generated/type/AnyGenericType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/AnyGenericType.qll @@ -22,12 +22,12 @@ module Generated { /** * Gets the parent of this any generic type, if it exists. */ - final Type getParent() { result = getImmediateParent().resolve() } + final Type getParent() { result = this.getImmediateParent().resolve() } /** * Holds if `getParent()` exists. */ - final predicate hasParent() { exists(getParent()) } + final predicate hasParent() { exists(this.getParent()) } /** * Gets the declaration of this any generic type. @@ -45,6 +45,6 @@ module Generated { /** * Gets the declaration of this any generic type. */ - final GenericTypeDecl getDeclaration() { result = getImmediateDeclaration().resolve() } + final GenericTypeDecl getDeclaration() { result = this.getImmediateDeclaration().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ArchetypeType.qll b/swift/ql/lib/codeql/swift/generated/type/ArchetypeType.qll index 55c53181e4b..9b5ef7266a9 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ArchetypeType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ArchetypeType.qll @@ -23,7 +23,7 @@ module Generated { /** * Gets the interface type of this archetype type. */ - final Type getInterfaceType() { result = getImmediateInterfaceType().resolve() } + final Type getInterfaceType() { result = this.getImmediateInterfaceType().resolve() } /** * Gets the superclass of this archetype type, if it exists. @@ -41,12 +41,12 @@ module Generated { /** * Gets the superclass of this archetype type, if it exists. */ - final Type getSuperclass() { result = getImmediateSuperclass().resolve() } + final Type getSuperclass() { result = this.getImmediateSuperclass().resolve() } /** * Holds if `getSuperclass()` exists. */ - final predicate hasSuperclass() { exists(getSuperclass()) } + final predicate hasSuperclass() { exists(this.getSuperclass()) } /** * Gets the `index`th protocol of this archetype type (0-based). @@ -64,16 +64,18 @@ module Generated { /** * Gets the `index`th protocol of this archetype type (0-based). */ - final ProtocolDecl getProtocol(int index) { result = getImmediateProtocol(index).resolve() } + final ProtocolDecl getProtocol(int index) { + result = this.getImmediateProtocol(index).resolve() + } /** * Gets any of the protocols of this archetype type. */ - final ProtocolDecl getAProtocol() { result = getProtocol(_) } + final ProtocolDecl getAProtocol() { result = this.getProtocol(_) } /** * Gets the number of protocols of this archetype type. */ - final int getNumberOfProtocols() { result = count(int i | exists(getProtocol(i))) } + final int getNumberOfProtocols() { result = count(int i | exists(this.getProtocol(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/BoundGenericType.qll b/swift/ql/lib/codeql/swift/generated/type/BoundGenericType.qll index 5128c6273a8..cc8afe7b2dc 100644 --- a/swift/ql/lib/codeql/swift/generated/type/BoundGenericType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/BoundGenericType.qll @@ -22,16 +22,16 @@ module Generated { /** * Gets the `index`th argument type of this bound generic type (0-based). */ - final Type getArgType(int index) { result = getImmediateArgType(index).resolve() } + final Type getArgType(int index) { result = this.getImmediateArgType(index).resolve() } /** * Gets any of the argument types of this bound generic type. */ - final Type getAnArgType() { result = getArgType(_) } + final Type getAnArgType() { result = this.getArgType(_) } /** * Gets the number of argument types of this bound generic type. */ - final int getNumberOfArgTypes() { result = count(int i | exists(getArgType(i))) } + final int getNumberOfArgTypes() { result = count(int i | exists(this.getArgType(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/BuiltinIntegerType.qll b/swift/ql/lib/codeql/swift/generated/type/BuiltinIntegerType.qll index 2a6469b13b1..8a433bfd3bf 100644 --- a/swift/ql/lib/codeql/swift/generated/type/BuiltinIntegerType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/BuiltinIntegerType.qll @@ -17,6 +17,6 @@ module Generated { /** * Holds if `getWidth()` exists. */ - final predicate hasWidth() { exists(getWidth()) } + final predicate hasWidth() { exists(this.getWidth()) } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/DependentMemberType.qll b/swift/ql/lib/codeql/swift/generated/type/DependentMemberType.qll index 6fdd8226dc4..6f229dd0c40 100644 --- a/swift/ql/lib/codeql/swift/generated/type/DependentMemberType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/DependentMemberType.qll @@ -24,7 +24,7 @@ module Generated { /** * Gets the base type of this dependent member type. */ - final Type getBaseType() { result = getImmediateBaseType().resolve() } + final Type getBaseType() { result = this.getImmediateBaseType().resolve() } /** * Gets the associated type declaration of this dependent member type. @@ -43,7 +43,7 @@ module Generated { * Gets the associated type declaration of this dependent member type. */ final AssociatedTypeDecl getAssociatedTypeDecl() { - result = getImmediateAssociatedTypeDecl().resolve() + result = this.getImmediateAssociatedTypeDecl().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/DictionaryType.qll b/swift/ql/lib/codeql/swift/generated/type/DictionaryType.qll index 85d7f977b6e..328cbaf5cab 100644 --- a/swift/ql/lib/codeql/swift/generated/type/DictionaryType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/DictionaryType.qll @@ -24,7 +24,7 @@ module Generated { /** * Gets the key type of this dictionary type. */ - final Type getKeyType() { result = getImmediateKeyType().resolve() } + final Type getKeyType() { result = this.getImmediateKeyType().resolve() } /** * Gets the value type of this dictionary type. @@ -42,6 +42,6 @@ module Generated { /** * Gets the value type of this dictionary type. */ - final Type getValueType() { result = getImmediateValueType().resolve() } + final Type getValueType() { result = this.getImmediateValueType().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/DynamicSelfType.qll b/swift/ql/lib/codeql/swift/generated/type/DynamicSelfType.qll index 58ae1b0c0a1..167d3b3336e 100644 --- a/swift/ql/lib/codeql/swift/generated/type/DynamicSelfType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/DynamicSelfType.qll @@ -23,6 +23,6 @@ module Generated { /** * Gets the static self type of this dynamic self type. */ - final Type getStaticSelfType() { result = getImmediateStaticSelfType().resolve() } + final Type getStaticSelfType() { result = this.getImmediateStaticSelfType().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ExistentialType.qll b/swift/ql/lib/codeql/swift/generated/type/ExistentialType.qll index 9711e39d5db..8aa75be5329 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ExistentialType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ExistentialType.qll @@ -23,6 +23,6 @@ module Generated { /** * Gets the constraint of this existential type. */ - final Type getConstraint() { result = getImmediateConstraint().resolve() } + final Type getConstraint() { result = this.getImmediateConstraint().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/GenericFunctionType.qll b/swift/ql/lib/codeql/swift/generated/type/GenericFunctionType.qll index 0a42fa105b5..26e12c7efe5 100644 --- a/swift/ql/lib/codeql/swift/generated/type/GenericFunctionType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/GenericFunctionType.qll @@ -28,17 +28,17 @@ module Generated { * Gets the `index`th type parameter of this generic type (0-based). */ final GenericTypeParamType getGenericParam(int index) { - result = getImmediateGenericParam(index).resolve() + result = this.getImmediateGenericParam(index).resolve() } /** * Gets any of the type parameters of this generic type. */ - final GenericTypeParamType getAGenericParam() { result = getGenericParam(_) } + final GenericTypeParamType getAGenericParam() { result = this.getGenericParam(_) } /** * Gets the number of type parameters of this generic type. */ - final int getNumberOfGenericParams() { result = count(int i | exists(getGenericParam(i))) } + final int getNumberOfGenericParams() { result = count(int i | exists(this.getGenericParam(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/InOutType.qll b/swift/ql/lib/codeql/swift/generated/type/InOutType.qll index e3e6b512d90..8ca778d928b 100644 --- a/swift/ql/lib/codeql/swift/generated/type/InOutType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/InOutType.qll @@ -23,6 +23,6 @@ module Generated { /** * Gets the object type of this in out type. */ - final Type getObjectType() { result = getImmediateObjectType().resolve() } + final Type getObjectType() { result = this.getImmediateObjectType().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/LValueType.qll b/swift/ql/lib/codeql/swift/generated/type/LValueType.qll index 52215e1c9f1..abae89b74b3 100644 --- a/swift/ql/lib/codeql/swift/generated/type/LValueType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/LValueType.qll @@ -23,6 +23,6 @@ module Generated { /** * Gets the object type of this l value type. */ - final Type getObjectType() { result = getImmediateObjectType().resolve() } + final Type getObjectType() { result = this.getImmediateObjectType().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ModuleType.qll b/swift/ql/lib/codeql/swift/generated/type/ModuleType.qll index b29db987b9d..5b3ea917abd 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ModuleType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ModuleType.qll @@ -24,6 +24,6 @@ module Generated { /** * Gets the module of this module type. */ - final ModuleDecl getModule() { result = getImmediateModule().resolve() } + final ModuleDecl getModule() { result = this.getImmediateModule().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll b/swift/ql/lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll index 59b3da40107..ae8f60310ba 100644 --- a/swift/ql/lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll @@ -29,6 +29,6 @@ module Generated { /** * Gets the declaration of this opaque type archetype type. */ - final OpaqueTypeDecl getDeclaration() { result = getImmediateDeclaration().resolve() } + final OpaqueTypeDecl getDeclaration() { result = this.getImmediateDeclaration().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ParameterizedProtocolType.qll b/swift/ql/lib/codeql/swift/generated/type/ParameterizedProtocolType.qll index 2f16a859f22..bec28eb4746 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ParameterizedProtocolType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ParameterizedProtocolType.qll @@ -29,7 +29,7 @@ module Generated { /** * Gets the base of this parameterized protocol type. */ - final ProtocolType getBase() { result = getImmediateBase().resolve() } + final ProtocolType getBase() { result = this.getImmediateBase().resolve() } /** * Gets the `index`th argument of this parameterized protocol type (0-based). @@ -47,16 +47,16 @@ module Generated { /** * Gets the `index`th argument of this parameterized protocol type (0-based). */ - final Type getArg(int index) { result = getImmediateArg(index).resolve() } + final Type getArg(int index) { result = this.getImmediateArg(index).resolve() } /** * Gets any of the arguments of this parameterized protocol type. */ - final Type getAnArg() { result = getArg(_) } + final Type getAnArg() { result = this.getArg(_) } /** * Gets the number of arguments of this parameterized protocol type. */ - final int getNumberOfArgs() { result = count(int i | exists(getArg(i))) } + final int getNumberOfArgs() { result = count(int i | exists(this.getArg(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ParenType.qll b/swift/ql/lib/codeql/swift/generated/type/ParenType.qll index d25fc23bdbc..b19af82c7e7 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ParenType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ParenType.qll @@ -22,6 +22,6 @@ module Generated { /** * Gets the type of this paren type. */ - final Type getType() { result = getImmediateType().resolve() } + final Type getType() { result = this.getImmediateType().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ProtocolCompositionType.qll b/swift/ql/lib/codeql/swift/generated/type/ProtocolCompositionType.qll index 7082b96ff40..fbde68aed07 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ProtocolCompositionType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ProtocolCompositionType.qll @@ -23,16 +23,16 @@ module Generated { /** * Gets the `index`th member of this protocol composition type (0-based). */ - final Type getMember(int index) { result = getImmediateMember(index).resolve() } + final Type getMember(int index) { result = this.getImmediateMember(index).resolve() } /** * Gets any of the members of this protocol composition type. */ - final Type getAMember() { result = getMember(_) } + final Type getAMember() { result = this.getMember(_) } /** * Gets the number of members of this protocol composition type. */ - final int getNumberOfMembers() { result = count(int i | exists(getMember(i))) } + final int getNumberOfMembers() { result = count(int i | exists(this.getMember(i))) } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ReferenceStorageType.qll b/swift/ql/lib/codeql/swift/generated/type/ReferenceStorageType.qll index d4ec1baed71..f34a2d21a39 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ReferenceStorageType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ReferenceStorageType.qll @@ -21,6 +21,6 @@ module Generated { /** * Gets the referent type of this reference storage type. */ - final Type getReferentType() { result = getImmediateReferentType().resolve() } + final Type getReferentType() { result = this.getImmediateReferentType().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/TupleType.qll b/swift/ql/lib/codeql/swift/generated/type/TupleType.qll index e595a63d242..3a08e3bd593 100644 --- a/swift/ql/lib/codeql/swift/generated/type/TupleType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/TupleType.qll @@ -21,17 +21,17 @@ module Generated { /** * Gets the `index`th type of this tuple type (0-based). */ - final Type getType(int index) { result = getImmediateType(index).resolve() } + final Type getType(int index) { result = this.getImmediateType(index).resolve() } /** * Gets any of the types of this tuple type. */ - final Type getAType() { result = getType(_) } + final Type getAType() { result = this.getType(_) } /** * Gets the number of types of this tuple type. */ - final int getNumberOfTypes() { result = count(int i | exists(getType(i))) } + final int getNumberOfTypes() { result = count(int i | exists(this.getType(i))) } /** * Gets the `index`th name of this tuple type (0-based), if it exists. @@ -43,11 +43,11 @@ module Generated { /** * Holds if `getName(index)` exists. */ - final predicate hasName(int index) { exists(getName(index)) } + final predicate hasName(int index) { exists(this.getName(index)) } /** * Gets any of the names of this tuple type. */ - final string getAName() { result = getName(_) } + final string getAName() { result = this.getName(_) } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/Type.qll b/swift/ql/lib/codeql/swift/generated/type/Type.qll index e69cb133219..17f51174ad3 100644 --- a/swift/ql/lib/codeql/swift/generated/type/Type.qll +++ b/swift/ql/lib/codeql/swift/generated/type/Type.qll @@ -24,6 +24,6 @@ module Generated { /** * Gets the canonical type of this type. */ - final Type getCanonicalType() { result = getImmediateCanonicalType().resolve() } + final Type getCanonicalType() { result = this.getImmediateCanonicalType().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/TypeAliasType.qll b/swift/ql/lib/codeql/swift/generated/type/TypeAliasType.qll index 8f3dd73d794..976df4ee108 100644 --- a/swift/ql/lib/codeql/swift/generated/type/TypeAliasType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/TypeAliasType.qll @@ -24,6 +24,6 @@ module Generated { /** * Gets the declaration of this type alias type. */ - final TypeAliasDecl getDecl() { result = getImmediateDecl().resolve() } + final TypeAliasDecl getDecl() { result = this.getImmediateDecl().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/TypeRepr.qll b/swift/ql/lib/codeql/swift/generated/type/TypeRepr.qll index 17e798273cd..8913869af20 100644 --- a/swift/ql/lib/codeql/swift/generated/type/TypeRepr.qll +++ b/swift/ql/lib/codeql/swift/generated/type/TypeRepr.qll @@ -22,6 +22,6 @@ module Generated { /** * Gets the type of this type representation. */ - final Type getType() { result = getImmediateType().resolve() } + final Type getType() { result = this.getImmediateType().resolve() } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/UnarySyntaxSugarType.qll b/swift/ql/lib/codeql/swift/generated/type/UnarySyntaxSugarType.qll index 619430f74c6..4a02243be68 100644 --- a/swift/ql/lib/codeql/swift/generated/type/UnarySyntaxSugarType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/UnarySyntaxSugarType.qll @@ -22,6 +22,6 @@ module Generated { /** * Gets the base type of this unary syntax sugar type. */ - final Type getBaseType() { result = getImmediateBaseType().resolve() } + final Type getBaseType() { result = this.getImmediateBaseType().resolve() } } } From 1820d36a4e311858c81b167c7d8a6e8eb5d05483 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 10 May 2023 15:36:16 +0100 Subject: [PATCH 259/870] Swift: Autoformat. --- swift/ql/lib/codeql/swift/dataflow/Ssa.qll | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/swift/ql/lib/codeql/swift/dataflow/Ssa.qll b/swift/ql/lib/codeql/swift/dataflow/Ssa.qll index ab4d4c21336..ffe86b34cbe 100644 --- a/swift/ql/lib/codeql/swift/dataflow/Ssa.qll +++ b/swift/ql/lib/codeql/swift/dataflow/Ssa.qll @@ -184,9 +184,7 @@ module Ssa { */ cached predicate assigns(CfgNode value) { - exists( - AssignExpr a, SsaInput::BasicBlock bb, int i - | + exists(AssignExpr a, SsaInput::BasicBlock bb, int i | this.definesAt(_, bb, i) and a = bb.getNode(i).getNode().asAstNode() and value.getNode().asAstNode() = a.getSource() From f02c1edb148304ea9ab920be6153938c5c7368f1 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 10 May 2023 15:40:52 +0100 Subject: [PATCH 260/870] Update docs/codeql/reusables/supported-versions-compilers.rst Co-authored-by: Felicity Chapman --- docs/codeql/reusables/supported-versions-compilers.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/reusables/supported-versions-compilers.rst b/docs/codeql/reusables/supported-versions-compilers.rst index 815fb6642b6..4e43433ced7 100644 --- a/docs/codeql/reusables/supported-versions-compilers.rst +++ b/docs/codeql/reusables/supported-versions-compilers.rst @@ -38,5 +38,5 @@ .. [7] JSX and Flow code, YAML, JSON, HTML, and XML files may also be analyzed with JavaScript files. .. [8] The extractor requires Python 3 to run. To analyze Python 2.7 you should install both versions of Python. .. [9] Requires glibc 2.17. - .. [10] Swift support is currently in beta. Windows is not supported. Linux support is partial (currently only works with Swift 5.7.3). + .. [10] Swift support is currently in beta. Support for the analysis of Swift 5.4-5.7 requires macOS. Swift 5.7.3 can also be analyzed using Linux. .. [11] TypeScript analysis is performed by running the JavaScript extractor with TypeScript enabled. This is the default. From aa14105e1c7301dea3660cf47729423885e529ca Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Wed, 10 May 2023 16:45:07 +0200 Subject: [PATCH 261/870] Don't use the reflexive transitive closure, so that the predicate becomes a little more efficient --- .../semmle/code/java/dataflow/internal/TaintTrackingUtil.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll index 044b250e473..b275c381150 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll @@ -256,7 +256,7 @@ private class BulkData extends RefType { */ private predicate inputStreamWrapper(Constructor c, int argi) { c.getParameterType(argi) instanceof BulkData and - c.getDeclaringType().getASourceSupertype*().hasQualifiedName("java.io", "InputStream") + c.getDeclaringType().getASourceSupertype+().hasQualifiedName("java.io", "InputStream") } /** An object construction that preserves the data flow status of any of its arguments. */ From 97ec7a07eb829e3109742a764911b7886e3dbd5c Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 10 May 2023 15:53:08 +0100 Subject: [PATCH 262/870] Address review comments --- go/extractor/cli/go-autobuilder/go-autobuilder.go | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/go/extractor/cli/go-autobuilder/go-autobuilder.go b/go/extractor/cli/go-autobuilder/go-autobuilder.go index 7be5bd2f153..1b8347bc64c 100644 --- a/go/extractor/cli/go-autobuilder/go-autobuilder.go +++ b/go/extractor/cli/go-autobuilder/go-autobuilder.go @@ -742,17 +742,17 @@ func outsideSupportedRange(version string) bool { // or the empty string if we should not attempt to install a version of Go. func getVersionWhenGoModVersionNotFound(v versionInfo) (msg, version string) { if !v.goEnvVersionFound { - // We definitely need to install a version. We have no indication which version was - // intended to be used to build this project. Go versions are generally backwards + // There is no Go version installed in the environment. We have no indication which version + // was intended to be used to build this project. Go versions are generally backwards // compatible, so we install the maximum supported version. msg = "No version of Go installed and no `go.mod` file found. Writing an environment " + "file specifying the maximum supported version of Go (" + maxGoVersion + ")." version = maxGoVersion diagnostics.EmitNoGoModAndNoGoEnv(msg) } else if outsideSupportedRange(v.goEnvVersion) { - // We definitely need to install a version. We have no indication which version was - // intended to be used to build this project. Go versions are generally backwards - // compatible, so we install the maximum supported version. + // The Go version installed in the environment is not supported. We have no indication + // which version was intended to be used to build this project. Go versions are generally + // backwards compatible, so we install the maximum supported version. msg = "No `go.mod` file found. The version of Go installed in the environment (" + v.goEnvVersion + ") is outside of the supported range (" + minGoVersion + "-" + maxGoVersion + "). Writing an environment file specifying the maximum supported " + @@ -774,7 +774,7 @@ func getVersionWhenGoModVersionNotFound(v versionInfo) (msg, version string) { } // Assuming `v.goModVersion` is above the supported range, emit a diagnostic and return the -// version to install, or the empty string if we should not attempt to install a version of Go. +// empty string to indicate that we should not attempt to install a version of Go. func getVersionWhenGoModVersionTooHigh(v versionInfo) (msg, version string) { // The project is intended to be built with a version of Go that is above the supported // range. We do not install a version of Go. @@ -787,7 +787,7 @@ func getVersionWhenGoModVersionTooHigh(v versionInfo) (msg, version string) { return msg, version } -// Assuming `v.goModVersion` is above the supported range, emit a diagnostic and return the +// Assuming `v.goModVersion` is below the supported range, emit a diagnostic and return the // version to install, or the empty string if we should not attempt to install a version of Go. func getVersionWhenGoModVersionTooLow(v versionInfo) (msg, version string) { if !v.goEnvVersionFound { From cb8c4094fc4e330fcf94c07e7b2035abb9d0786c Mon Sep 17 00:00:00 2001 From: Rasmus Wriedt Larsen Date: Wed, 10 May 2023 17:20:32 +0200 Subject: [PATCH 263/870] Misc: Add `--force` option --- .../accept-expected-changes-from-ci.py | 45 ++++++++++--------- 1 file changed, 24 insertions(+), 21 deletions(-) diff --git a/misc/scripts/accept-expected-changes-from-ci.py b/misc/scripts/accept-expected-changes-from-ci.py index d4d57f26726..8eefcdc8f9a 100755 --- a/misc/scripts/accept-expected-changes-from-ci.py +++ b/misc/scripts/accept-expected-changes-from-ci.py @@ -17,7 +17,7 @@ execution, but it might fail in some cases ¯\_(ツ)_/¯ Code written to hack things together until they work, so don't expect much :D """ - +import argparse import sys import re import tempfile @@ -221,7 +221,7 @@ def get_log_content(status: GithubStatus) -> str: return content -def main(pr_number: Optional[int], sha_override: Optional[str] = None): +def main(pr_number: Optional[int], sha_override: Optional[str] = None, force=False): if not pr_number and not sha_override: raise Exception("Must specify either a PR number or a SHA") @@ -237,7 +237,7 @@ def main(pr_number: Optional[int], sha_override: Optional[str] = None): ["git", "rev-parse", "HEAD"] ).decode("utf-8").strip() - if local_sha != github_sha: + if local_sha != github_sha and not force: LOGGER.error(f"GitHub SHA ({github_sha}) different from your local SHA ({local_sha}), sync your changes first!") sys.exit(1) sha = github_sha @@ -421,23 +421,6 @@ def main(pr_number: Optional[int], sha_override: Optional[str] = None): print("Expected output in semmle-code changed!") -def call_main(): - pr_number = None - override_sha = None - if len(sys.argv) < 2: - pr_number_response = subprocess.check_output([ - "gh", "pr", "view", "--json", "number" - ]).decode("utf-8") - - pr_number = json.loads(pr_number_response)["number"] - else: - if len(sys.argv[1]) > 10: - override_sha = sys.argv[1] - else: - pr_number = int(sys.argv[1]) - main(pr_number, override_sha) - - if __name__ == "__main__": level = logging.INFO @@ -448,6 +431,10 @@ if __name__ == "__main__": except ImportError: logging.basicConfig(level=logging.INFO, format="%(levelname)s: %(message)s") + # parse command line arguments + parser = argparse.ArgumentParser() + parser.add_argument("--force", action="store_true", help="Apply patches even if the local SHA is different from the GitHub PR SHA") + parser.add_argument("posarg", nargs="?", default=None) if DEBUG_LOG_FILE: patches = make_patches_from_log_file(open(DEBUG_LOG_FILE, "r").readlines()) @@ -459,4 +446,20 @@ if __name__ == "__main__": sys.exit(1) os.chdir(CODEQL_REPO_DIR) - call_main() + + pr_number = None + override_sha = None + args = parser.parse_args() + + if args.posarg is None: + pr_number_response = subprocess.check_output([ + "gh", "pr", "view", "--json", "number" + ]).decode("utf-8") + pr_number = json.loads(pr_number_response)["number"] + else: + if len(args.posarg) > 10: + override_sha = args.posarg + else: + pr_number = int(args.posarg) + + main(pr_number, override_sha, force=args.force) From 54d35dbc0b7374469fa05c44fb9063bd562b051a Mon Sep 17 00:00:00 2001 From: Rasmus Wriedt Larsen Date: Wed, 10 May 2023 17:37:16 +0200 Subject: [PATCH 264/870] Misc: Delete empty CONSISTENCY files As requested by `@hvitved` --- misc/scripts/accept-expected-changes-from-ci.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/misc/scripts/accept-expected-changes-from-ci.py b/misc/scripts/accept-expected-changes-from-ci.py index 8eefcdc8f9a..12c1bb21763 100755 --- a/misc/scripts/accept-expected-changes-from-ci.py +++ b/misc/scripts/accept-expected-changes-from-ci.py @@ -66,7 +66,7 @@ if SEMMLE_CODE_DIR is None: @dataclass(frozen=True, eq=True, order=True) class Patch: - filename: str + filename: Path dir: Optional[str] patch_first_line: str patch: List[str] = field(hash=False) @@ -409,6 +409,13 @@ def main(pr_number: Optional[int], sha_override: Optional[str] = None, force=Fal continue subprocess.check_call(["git", "apply", temp.name], cwd=patch.dir) + + if "CONSISTENCY" in patch.filename.parts: + # delete if empty + if os.path.getsize(patch.filename) == 1 and patch.filename.read_text() == "\n": + os.remove(patch.filename) + LOGGER.info(f"Deleted empty CONSISTENCY file '{patch.filename}'") + if patch.dir == SEMMLE_CODE_DIR: semmle_code_changed = True except subprocess.CalledProcessError: From 0a9515dbcd16fa6c0c3d487131d5d3d43a22102d Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Wed, 10 May 2023 16:40:00 +0200 Subject: [PATCH 265/870] python: add tests for built-in collections - constructors: list, tuple, set, dict - methods: - general: copy, pop - list: append - set: add - dict: keys, values, items, get, popitem - functions: sorted, reversed, iter, next --- .../dataflow/coverage/test_builtins.py | 348 ++++++++++++++++++ .../test_collections.py | 31 ++ .../test/experimental/dataflow/validTest.py | 1 + 3 files changed, 380 insertions(+) create mode 100644 python/ql/test/experimental/dataflow/coverage/test_builtins.py diff --git a/python/ql/test/experimental/dataflow/coverage/test_builtins.py b/python/ql/test/experimental/dataflow/coverage/test_builtins.py new file mode 100644 index 00000000000..63f289ffa1d --- /dev/null +++ b/python/ql/test/experimental/dataflow/coverage/test_builtins.py @@ -0,0 +1,348 @@ +# This tests some of the common built-in functions and methods. +# We need a decent model of data flow through these in order to +# analyse most programs. +# +# All functions starting with "test_" should run and execute `print("OK")` exactly once. +# This can be checked by running validTest.py. + +import sys +import os + +sys.path.append(os.path.dirname(os.path.dirname((__file__)))) +from testlib import expects + +# These are defined so that we can evaluate the test code. +NONSOURCE = "not a source" +SOURCE = "source" + +def is_source(x): + return x == "source" or x == b"source" or x == 42 or x == 42.0 or x == 42j + +def SINK(x): + if is_source(x): + print("OK") + else: + print("Unexpected flow", x) + +def SINK_F(x): + if is_source(x): + print("Unexpected flow", x) + else: + print("OK") + + +# Actual tests + +## Container constructors + +### List + +@expects(2) +def test_list_from_list(): + l1 = [SOURCE, NONSOURCE] + l2 = list(l1) + SINK(l2[0]) #$ MISSING: flow="SOURCE, l:-2 -> l2[0]" + SINK_F(l2[1]) # expecting FP due to imprecise flow + +# -- skip list_from_string + +@expects(2) +def test_list_from_tuple(): + t = (SOURCE, NONSOURCE) + l = list(t) + SINK(l[0]) #$ MISSING: flow="SOURCE, l:-2 -> l[0]" + SINK_F(l[1]) # expecting FP due to imprecise flow + +def test_list_from_set(): + s = {SOURCE} + l = list(s) + SINK(l[0]) #$ MISSING: flow="SOURCE, l:-2 -> l[0]" + +@expects(2) +def test_list_from_dict(): + d = {SOURCE: 'v', NONSOURCE: 'v2'} + l = list(d) + SINK(l[0]) #$ MISSING: flow="SOURCE, l:-2 -> l[0]" + SINK_F(l[1]) # expecting FP due to imprecise flow + +### Tuple + +@expects(2) +def test_tuple_from_list(): + l = [SOURCE, NONSOURCE] + t = tuple(l) + SINK(t[0]) #$ MISSING: flow="SOURCE, l:-2 -> t[0]" + SINK_F(t[1]) + +@expects(2) +def test_tuple_from_tuple(): + t0 = (SOURCE, NONSOURCE) + t = tuple(t0) + SINK(t[0]) #$ MISSING: flow="SOURCE, l:-2 -> t[0]" + SINK_F(t[1]) + +def test_tuple_from_set(): + s = {SOURCE} + t = tuple(s) + SINK(t[0]) #$ MISSING: flow="SOURCE, l:-2 -> t[0]" + +@expects(2) +def test_tuple_from_dict(): + d = {SOURCE: "v1", NONSOURCE: "v2"} + t = tuple(d) + SINK(t[0]) #$ MISSING: flow="SOURCE, l:-2 -> t[0]" + SINK_F(t[1]) + + +### Set + +def test_set_from_list(): + l = [SOURCE] + s = set(l) + v = s.pop() + SINK(v) #$ MISSING: flow="SOURCE, l:-3 -> v" + +def test_set_from_tuple(): + t = (SOURCE,) + s = set(t) + v = s.pop() + SINK(v) #$ MISSING: flow="SOURCE, l:-3 -> v" + +def test_set_from_set(): + s0 = {SOURCE} + s = set(s0) + v = s.pop() + SINK(v) #$ MISSING: flow="SOURCE, l:-3 -> v" + +def test_set_from_dict(): + d = {SOURCE: "val"} + s = set(d) + v = s.pop() + SINK(v) #$ MISSING: flow="SOURCE, l:-3 -> v" + + +### Dict + +@expects(2) +def test_dict_from_keyword(): + d = dict(k = SOURCE, k1 = NONSOURCE) + SINK(d["k"]) #$ MISSING: flow="SOURCE, l:-1 -> d[k]" + SINK_F(d["k1"]) + +@expects(2) +def test_dict_from_list(): + d = dict([("k", SOURCE), ("k1", NONSOURCE)]) + SINK(d["k"]) #$ MISSING: flow="SOURCE, l:-1 -> d[k]" + SINK_F(d["k1"]) + +@expects(2) +def test_dict_from_dict(): + d1 = {'k': SOURCE, 'k1': NONSOURCE} + d2 = dict(d1) + SINK(d2["k"]) #$ MISSING: flow="SOURCE, l:-2 -> d[k]" + SINK_F(d2["k1"]) + +## Container methods + +### List + +def test_list_pop(): + l = [SOURCE] + v = l.pop() + SINK(v) #$ flow="SOURCE, l:-2 -> v" + +def test_list_pop_index(): + l = [SOURCE] + v = l.pop(0) + SINK(v) #$ MISSING: flow="SOURCE, l:-2 -> v" + +def test_list_pop_index_imprecise(): + l = [SOURCE, NONSOURCE] + v = l.pop(1) + SINK_F(v) + +@expects(2) +def test_list_copy(): + l0 = [SOURCE, NONSOURCE] + l = l0.copy() + SINK(l[0]) #$ MISSING: flow="SOURCE, l:-2 -> l[0]" + SINK_F(l[1]) + +def test_list_append(): + l = [NONSOURCE] + l.append(SOURCE) + SINK(l[1]) #$ MISSING: flow="SOURCE, l:-1 -> l[1]" + +### Set + +def test_set_pop(): + s = {SOURCE} + v = s.pop() + SINK(v) #$ flow="SOURCE, l:-2 -> v" + +def test_set_copy(): + s0 = {SOURCE} + s = s0.copy() + SINK(s.pop()) #$ MISSING: flow="SOURCE, l:-2 -> s.pop()" + +def test_set_add(): + s = set([]) + s.add(SOURCE) + SINK(s.pop()) #$ MISSING: flow="SOURCE, l:-2 -> s.pop()" + +### Dict + +def test_dict_keys(): + d = {SOURCE: "value"} + keys = d.keys() + key_list = list(keys) + SINK(key_list[0]) #$ MISSING: flow="SOURCE, l:-3 -> key_list[0]" + +def test_dict_values(): + d = {'k': SOURCE} + vals = d.values() + val_list = list(vals) + SINK(val_list[0]) #$ MISSING: flow="SOURCE, l:-3 -> val_list[0]" + +@expects(4) +def test_dict_items(): + d = {'k': SOURCE, SOURCE: "value"} + items = d.items() + item_list = list(items) + SINK_F(item_list[0][0]) # expecting FP due to imprecise flow + SINK(item_list[0][1]) #$ MISSING: flow="SOURCE, l:-4 -> item_list[0][1]" + SINK(item_list[1][0]) #$ MISSING: flow="SOURCE, l:-5 -> item_list[1][0]" + SINK_F(item_list[1][1]) # expecting FP due to imprecise flow + +@expects(2) +def test_dict_pop(): + d = {'k': SOURCE} + v = d.pop("k") + SINK(v) #$ flow="SOURCE, l:-2 -> v" + v1 = d.pop("k", SOURCE) + SINK(v1) #$ flow="SOURCE, l:-4 -> v1" + +@expects(2) +def test_dict_get(): + d = {'k': SOURCE} + v = d.get("k") + SINK(v) #$ flow="SOURCE, l:-2 -> v" + v1 = d.get("k", SOURCE) + SINK(v1) #$ flow="SOURCE, l:-4 -> v1" + +@expects(2) +def test_dict_popitem(): + d = {'k': SOURCE} + t = d.popitem() # could be any pair (before 3.7), but we only have one + SINK_F(t[0]) + SINK(t[1]) #$ MISSING: flow="SOURCE, l:-3 -> t[1]" + +@expects(2) +def test_dict_copy(): + d = {'k': SOURCE, 'k1': NONSOURCE} + d1 = d.copy() + SINK(d1["k"]) #$ MISSING: flow="SOURCE, l:-2 -> d[k]" + SINK_F(d1["k1"]) + + +## Functions on containers + +### sorted + +def test_sorted_list(): + l0 = [SOURCE] + l = sorted(l0) + SINK(l[0]) #$ MISSING: flow="SOURCE, l:-2 -> l[0]" + +def test_sorted_tuple(): + t = (SOURCE,) + l = sorted(t) + SINK(l[0]) #$ MISSING: flow="SOURCE, l:-2 -> l[0]" + +def test_sorted_set(): + s = {SOURCE} + l = sorted(s) + SINK(l[0]) #$ MISSING: flow="SOURCE, l:-2 -> l[0]" + +def test_sorted_dict(): + d = {SOURCE: "val"} + l = sorted(d) + SINK(l[0]) #$ MISSING: flow="SOURCE, l:-2 -> l[0]" + +### reversed + +@expects(2) +def test_reversed_list(): + l0 = [SOURCE, NONSOURCE] + r = reversed(l0) + l = list(r) + SINK_F(l[0]) + SINK(l[1]) #$ MISSING: flow="SOURCE, l:-4 -> l[1]" + +@expects(2) +def test_reversed_tuple(): + t = (SOURCE, NONSOURCE) + r = reversed(t) + l = list(r) + SINK_F(l[0]) + SINK(l[1]) #$ MISSING: flow="SOURCE, l:-4 -> l[1]" + +@expects(2) +def test_reversed_dict(): + d = {SOURCE: "v1", NONSOURCE: "v2"} + r = reversed(d) + l = list(r) + SINK_F(l[0]) + SINK(l[1]) #$ MISSING: flow="SOURCE, l:-4 -> l[1]" + +### iter + +def test_iter_list(): + l0 = [SOURCE] + i = iter(l0) + l = list(i) + SINK(l[0]) #$ MISSING: flow="SOURCE, l:-3 -> l[0]" + +def test_iter_tuple(): + t = (SOURCE,) + i = iter(t) + l = list(i) + SINK(l[0]) #$ MISSING: flow="SOURCE, l:-3 -> l[0]" + +def test_iter_set(): + t = {SOURCE} + i = iter(t) + l = list(i) + SINK(l[0]) #$ MISSING: flow="SOURCE, l:-3 -> l[0]" + +def test_iter_dict(): + d = {SOURCE: "val"} + i = iter(d) + l = list(i) + SINK(l[0]) #$ MISSING: flow="SOURCE, l:-3 -> l[0]" + +### next + +def test_next_list(): + l = [SOURCE] + i = iter(l) + n = next(i) + SINK(n) #$ MISSING: flow="SOURCE, l:-3 -> n" + +def test_next_tuple(): + t = (SOURCE,) + i = iter(t) + n = next(i) + SINK(n) #$ MISSING: flow="SOURCE, l:-3 -> n" + +def test_next_set(): + s = {SOURCE} + i = iter(s) + n = next(i) + SINK(n) #$ MISSING: flow="SOURCE, l:-3 -> n" + +def test_next_dict(): + d = {SOURCE: "val"} + i = iter(d) + n = next(i) + SINK(n) #$ MISSING: flow="SOURCE, l:-3 -> n" \ No newline at end of file diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py index 9faa94ce360..5b384bebaef 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py +++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py @@ -37,6 +37,14 @@ def test_construction(): tuple(tainted_list), # $ tainted set(tainted_list), # $ tainted frozenset(tainted_list), # $ tainted + dict(tainted_dict), # $ tainted + dict(k = tainted_string)["k"], # $ MISSING: tainted + dict(dict(k = tainted_string))["k"], # $ MISSING: tainted + dict(["k", tainted_string]), # $ tainted + ) + + ensure_not_tainted( + dict(k = tainted_string)["k1"] ) @@ -64,6 +72,29 @@ def test_access(x, y, z): for i in reversed(tainted_list): ensure_tainted(i) # $ tainted +def test_access_explicit(x, y, z): + tainted_list = [TAINTED_STRING] + + ensure_tainted( + tainted_list[0], # $ tainted + tainted_list[x], # $ tainted + tainted_list[y:z], # $ tainted + + sorted(tainted_list)[0], # $ tainted + reversed(tainted_list)[0], # $ tainted + iter(tainted_list), # $ tainted + next(iter(tainted_list)), # $ tainted + [i for i in tainted_list], # $ tainted + [tainted_list for _i in [1,2,3]], # $ MISSING: tainted + ) + + a, b, c = tainted_list[0:3] + ensure_tainted(a, b, c) # $ tainted + + for h in tainted_list: + ensure_tainted(h) # $ tainted + for i in reversed(tainted_list): + ensure_tainted(i) # $ tainted def test_dict_access(x): tainted_dict = TAINTED_DICT diff --git a/python/ql/test/experimental/dataflow/validTest.py b/python/ql/test/experimental/dataflow/validTest.py index c76f7f14e01..7de34d4b3a7 100644 --- a/python/ql/test/experimental/dataflow/validTest.py +++ b/python/ql/test/experimental/dataflow/validTest.py @@ -64,6 +64,7 @@ if __name__ == "__main__": check_tests_valid("coverage.test") check_tests_valid("coverage.argumentPassing") check_tests_valid("coverage.datamodel") + check_tests_valid("coverage.test_builtins") check_tests_valid("coverage-py2.classes") check_tests_valid("coverage-py3.classes") check_tests_valid("variable-capture.in") From c92e8dc92fbb6bbdb7cab8d5fb5a589e27454627 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 10 May 2023 17:54:12 +0100 Subject: [PATCH 266/870] Apply suggestions from code review Co-authored-by: Felicity Chapman --- .../analyzing-data-flow-in-swift.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst index 19c98edda52..9de7d620abf 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-swift.rst @@ -29,12 +29,12 @@ The ``Node`` class has a number of useful subclasses, such as ``ExprNode`` for e class Node { /** - * Gets this node's underlying expression, if any. + * Gets the expression that corresponds to this node, if any. */ Expr asExpr() { ... } /** - * Gets this data flow node's corresponding control flow node. + * Gets the control flow node that corresponds to this data flow node. */ ControlFlowNode getCfgNode() { ... } @@ -203,7 +203,7 @@ Using global taint tracking Global taint tracking is to global data flow what local taint tracking is to local data flow. That is, global taint tracking extends global data flow with additional non-value-preserving steps. -The global taint tracking library uses the same configuration module as the global data flow library but taint flow analysis is performed with ``TaintTracking::Global``: +The global taint tracking library uses the same configuration module as the global data flow library. You can perform taint flow analysis using ``TaintTracking::Global``: .. code-block:: ql @@ -216,7 +216,7 @@ The global taint tracking library uses the same configuration module as the glob Predefined sources ~~~~~~~~~~~~~~~~~~ -The data flow library module ``codeql.swift.dataflow.FlowSources`` contains a number of predefined sources, providing a good starting point for defining data flow and taint flow based security queries. +The data flow library module ``codeql.swift.dataflow.FlowSources`` contains a number of predefined sources that you can use to write security queries to track data flow and taint flow. - The class ``RemoteFlowSource`` represents data flow from remote network inputs and from other applications. - The class ``LocalFlowSource`` represents data flow from local user input. @@ -229,7 +229,7 @@ The following global taint-tracking query finds places where a string literal is - Since this is a taint-tracking query, the ``TaintTracking::Global`` module is used. - The ``isSource`` predicate defines sources as any ``StringLiteralExpr``. - The ``isSink`` predicate defines sinks as arguments to a ``CallExpr`` called "password". - - The sources and sinks may need tuning to a particular use, for example if passwords are represented by a type other than ``String`` or passed in arguments of a different name than "password". + - The sources and sinks may need tuning to a particular use, for example, if passwords are represented by a type other than ``String`` or passed in arguments of a different name than "password". .. code-block:: ql From a3c8515629c6094ee1ab3e2171f4d6b44bd874e6 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 10 May 2023 17:20:24 +0100 Subject: [PATCH 267/870] Swift: Accept cross-language standardized CSV sink label. --- .../codeql/swift/security/CleartextLoggingExtensions.qll | 6 +++++- .../ql/lib/codeql/swift/security/SqlInjectionExtensions.qll | 6 +++++- .../swift/security/UncontrolledFormatStringExtensions.qll | 4 +++- .../ql/lib/codeql/swift/security/UnsafeJsEvalExtensions.qll | 6 +++++- 4 files changed, 18 insertions(+), 4 deletions(-) diff --git a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll index 852995d3204..ecd5a5dde53 100644 --- a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll +++ b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll @@ -26,7 +26,11 @@ class CleartextLoggingAdditionalFlowStep extends Unit { * A sink defined in a CSV model. */ private class DefaultCleartextLoggingSink extends CleartextLoggingSink { - DefaultCleartextLoggingSink() { sinkNode(this, "logging") } + DefaultCleartextLoggingSink() { + sinkNode(this, "log-injection") + or + sinkNode(this, "logging") // deprecated label + } } /** diff --git a/swift/ql/lib/codeql/swift/security/SqlInjectionExtensions.qll b/swift/ql/lib/codeql/swift/security/SqlInjectionExtensions.qll index eca2c360d33..7690ce49e6c 100644 --- a/swift/ql/lib/codeql/swift/security/SqlInjectionExtensions.qll +++ b/swift/ql/lib/codeql/swift/security/SqlInjectionExtensions.qll @@ -151,5 +151,9 @@ private class GrdbDefaultSqlInjectionSink extends SqlInjectionSink { * A sink defined in a CSV model. */ private class DefaultSqlInjectionSink extends SqlInjectionSink { - DefaultSqlInjectionSink() { sinkNode(this, "sql") } + DefaultSqlInjectionSink() { + sinkNode(this, "sql-injection") + or + sinkNode(this, "sql") // deprecated label + } } diff --git a/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll b/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll index 500b45815de..eb4e2117681 100644 --- a/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll +++ b/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll @@ -39,6 +39,8 @@ private class DefaultUncontrolledFormatStringSink extends UncontrolledFormatStri this.asExpr() = any(FormattingFunctionCall fc).getFormat() or // a sink defined in a CSV model. - sinkNode(this, "uncontrolled-format-string") + sinkNode(this, "format-string") + or + sinkNode(this, "uncontrolled-format-string") // deprecated label } } diff --git a/swift/ql/lib/codeql/swift/security/UnsafeJsEvalExtensions.qll b/swift/ql/lib/codeql/swift/security/UnsafeJsEvalExtensions.qll index c67a4bb6909..e0391b59cc4 100644 --- a/swift/ql/lib/codeql/swift/security/UnsafeJsEvalExtensions.qll +++ b/swift/ql/lib/codeql/swift/security/UnsafeJsEvalExtensions.qll @@ -144,5 +144,9 @@ private class DefaultUnsafeJsEvalAdditionalFlowStep extends UnsafeJsEvalAddition * A sink defined in a CSV model. */ private class DefaultUnsafeJsEvalSink extends UnsafeJsEvalSink { - DefaultUnsafeJsEvalSink() { sinkNode(this, "js-eval") } + DefaultUnsafeJsEvalSink() { + sinkNode(this, "code-injection") + or + sinkNode(this, "js-eval") // deprecated label + } } From 6283ffc1bb32c1e323ece594a26fa98adb72f898 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Wed, 10 May 2023 19:01:22 +0100 Subject: [PATCH 268/870] Add Swift to path query article --- docs/codeql/writing-codeql-queries/creating-path-queries.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/codeql/writing-codeql-queries/creating-path-queries.rst b/docs/codeql/writing-codeql-queries/creating-path-queries.rst index bf0521b8555..fc3b18a9b95 100644 --- a/docs/codeql/writing-codeql-queries/creating-path-queries.rst +++ b/docs/codeql/writing-codeql-queries/creating-path-queries.rst @@ -56,8 +56,8 @@ You should use the following template: */ import - // For some languages (Java/C++/Python) you need to explicitly import the data flow library, such as - // import semmle.code.java.dataflow.DataFlow + // For some languages (Java/C++/Python/Swift) you need to explicitly import the data flow library, such as + // import semmle.code.java.dataflow.DataFlow or import codeql.swift.dataflow.DataFlow import DataFlow::PathGraph ... From f77c77fdf9baaf83b50f97ad2c30cbe11371632f Mon Sep 17 00:00:00 2001 From: Robert Marsh Date: Wed, 10 May 2023 14:58:11 -0400 Subject: [PATCH 269/870] C++: refactor off-by-one query to use flowstate --- .../CWE/CWE-193/ConstantSizeArrayOffByOne.ql | 98 +++++++++---------- 1 file changed, 44 insertions(+), 54 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql index ce604510d70..8ad251a9fc2 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql @@ -14,7 +14,7 @@ import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.RangeAnalysi import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticExprSpecific import semmle.code.cpp.ir.IR import semmle.code.cpp.ir.dataflow.DataFlow -import StitchedPathGraph +import FieldAddressToDerefFlow::PathGraph pragma[nomagic] Instruction getABoundIn(SemBound b, IRFunction func) { @@ -42,21 +42,6 @@ bindingset[b] pragma[inline_late] predicate bounded2(Instruction i, Instruction b, int delta) { boundedImpl(i, b, delta) } -module FieldAddressToPointerArithmeticConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { isFieldAddressSource(_, source) } - - predicate isSink(DataFlow::Node sink) { - exists(PointerAddInstruction pai | pai.getLeft() = sink.asInstruction()) - } -} - -module FieldAddressToPointerArithmeticFlow = - DataFlow::Global; - -predicate isFieldAddressSource(Field f, DataFlow::Node source) { - source.asInstruction().(FieldAddressInstruction).getField() = f -} - bindingset[delta] predicate isInvalidPointerDerefSinkImpl( int delta, Instruction i, AddressOperand addr, string operation @@ -93,56 +78,61 @@ predicate isInvalidPointerDerefSink2(DataFlow::Node sink, Instruction i, string ) } -predicate isConstantSizeOverflowSource(Field f, FieldAddressToPointerArithmeticFlow::PathNode fieldSource, PointerAddInstruction pai, int delta) { - exists(int size, int bound, FieldAddressToPointerArithmeticFlow::PathNode sink | - FieldAddressToPointerArithmeticFlow::flowPath(fieldSource, sink) and - isFieldAddressSource(f, fieldSource.getNode()) and - pai.getLeft() = sink.getNode().(DataFlow::InstructionNode).asInstruction() and - pai.getElementSize() = f.getUnspecifiedType().(ArrayType).getBaseType().getSize() and - f.getUnspecifiedType().(ArrayType).getArraySize() = size and - semBounded(getSemanticExpr(pai.getRight()), any(SemZeroBound b), bound, true, _) and - delta = bound - size and - delta >= 0 and - size != 0 and - size != 1 - ) +predicate pointerArithOverflow( + PointerArithmeticInstruction pai, Field f, int size, int bound, int delta +) { + pai.getElementSize() = f.getUnspecifiedType().(ArrayType).getBaseType().getSize() and + f.getUnspecifiedType().(ArrayType).getArraySize() = size and + semBounded(getSemanticExpr(pai.getRight()), any(SemZeroBound b), bound, true, _) and + delta = bound - size } -module PointerArithmeticToDerefConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { - isConstantSizeOverflowSource(_, _, source.asInstruction(), _) +module FieldAddressToDerefConfig implements DataFlow::StateConfigSig { + newtype FlowState = + additional TArray(Field f) or + additional TOverflowArithmetic(PointerArithmeticInstruction pai) + + predicate isSource(DataFlow::Node source, FlowState state) { + exists(Field f | + source.asInstruction().(FieldAddressInstruction).getField() = f and + state = TArray(f) + ) } - pragma[inline] - predicate isSink(DataFlow::Node sink) { isInvalidPointerDerefSink1(sink, _, _) } -} - -module MergedPathGraph = DataFlow::MergePathGraph; -class PathNode = MergedPathGraph::PathNode; -module StitchedPathGraph implements DataFlow::PathGraphSig{ - query predicate edges(PathNode a, PathNode b) { - MergedPathGraph::PathGraph::edges(a, b) - or - a.asPathNode2().getNode().(DataFlow::InstructionNode).asInstruction() = b.asPathNode1().getNode().(DataFlow::InstructionNode).asInstruction().(PointerAddInstruction).getLeft() + predicate isSink(DataFlow::Node sink, FlowState state) { + isInvalidPointerDerefSink1(sink, _, _) and + state instanceof TOverflowArithmetic } - query predicate nodes(PathNode n, string key, string val) { - MergedPathGraph::PathGraph::nodes(n, key, val) - } + predicate isBarrier(DataFlow::Node node, FlowState state) { none() } - query predicate subpaths(PathNode arg, PathNode par, PathNode ret, PathNode out) { - MergedPathGraph::PathGraph::subpaths(arg, par, ret, out) + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + exists(PointerArithmeticInstruction pai, Field f, int size, int delta | + state1 = TArray(f) and + state2 = TOverflowArithmetic(pai) and + pai.getLeft() = node1.asInstruction() and + node2.asInstruction() = pai and + pointerArithOverflow(pai, f, size, _, delta) and + delta >= 0 and + size != 0 and + size != 1 + ) } } -module PointerArithmeticToDerefFlow = DataFlow::Global; + +module FieldAddressToDerefFlow = DataFlow::GlobalWithState; from - Field f, PathNode fieldSource, PathNode paiNode, - PathNode sink, Instruction deref, string operation, int delta + Field f, FieldAddressToDerefFlow::PathNode source, PointerArithmeticInstruction pai, + FieldAddressToDerefFlow::PathNode sink, Instruction deref, string operation, int delta where - PointerArithmeticToDerefFlow::flowPath(paiNode.asPathNode1(), sink.asPathNode1()) and + FieldAddressToDerefFlow::flowPath(source, sink) and isInvalidPointerDerefSink2(sink.getNode(), deref, operation) and - isConstantSizeOverflowSource(f, fieldSource.asPathNode2(), paiNode.getNode().asInstruction(), delta) -select paiNode, fieldSource, sink, + source.getState() = FieldAddressToDerefConfig::TArray(f) and + sink.getState() = FieldAddressToDerefConfig::TOverflowArithmetic(pai) and + pointerArithOverflow(pai, f, _, _, delta) +select pai, source, sink, "This pointer arithmetic may have an off-by-" + (delta + 1) + " error allowing it to overrun $@ at this $@.", f, f.getName(), deref, operation From 9c5fc9714a066cbb4f3c19e17addfccfe1564892 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 10 May 2023 17:17:05 +0100 Subject: [PATCH 270/870] Use "Requesting" instead of "Writing environment file" --- .../cli/go-autobuilder/go-autobuilder.go | 29 +++++++++---------- 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/go/extractor/cli/go-autobuilder/go-autobuilder.go b/go/extractor/cli/go-autobuilder/go-autobuilder.go index 1b8347bc64c..784795507a7 100644 --- a/go/extractor/cli/go-autobuilder/go-autobuilder.go +++ b/go/extractor/cli/go-autobuilder/go-autobuilder.go @@ -755,8 +755,8 @@ func getVersionWhenGoModVersionNotFound(v versionInfo) (msg, version string) { // backwards compatible, so we install the maximum supported version. msg = "No `go.mod` file found. The version of Go installed in the environment (" + v.goEnvVersion + ") is outside of the supported range (" + minGoVersion + "-" + - maxGoVersion + "). Writing an environment file specifying the maximum supported " + - "version of Go (" + maxGoVersion + ")." + maxGoVersion + "). Requesting the maximum supported version of Go (" + maxGoVersion + + ")." version = maxGoVersion diagnostics.EmitNoGoModAndGoEnvUnsupported(msg) } else { @@ -764,8 +764,7 @@ func getVersionWhenGoModVersionNotFound(v versionInfo) (msg, version string) { // was intended to be used to build this project. We assume that the installed version is // suitable and do not install a version of Go. msg = "No `go.mod` file found. Version " + v.goEnvVersion + " installed in the " + - "environment is supported. Writing an environment file not specifying any " + - "version of Go." + "environment is supported. Not requesting any version of Go." version = "" diagnostics.EmitNoGoModAndGoEnvSupported(msg) } @@ -780,7 +779,7 @@ func getVersionWhenGoModVersionTooHigh(v versionInfo) (msg, version string) { // range. We do not install a version of Go. msg = "The version of Go found in the `go.mod` file (" + v.goModVersion + ") is above the supported range (" + minGoVersion + "-" + maxGoVersion + - "). Writing an environment file not specifying any version of Go." + "). Not requesting any version of Go." version = "" diagnostics.EmitGoModVersionTooHigh(msg) @@ -796,8 +795,8 @@ func getVersionWhenGoModVersionTooLow(v versionInfo) (msg, version string) { // minimum supported version. msg = "The version of Go found in the `go.mod` file (" + v.goModVersion + ") is below the supported range (" + minGoVersion + "-" + maxGoVersion + - "). No version of Go installed. Writing an environment file specifying the " + - "minimum supported version of Go (" + minGoVersion + ")." + "). No version of Go installed. Requesting the minimum supported version of Go (" + + minGoVersion + ")." version = minGoVersion diagnostics.EmitGoModVersionTooLowAndNoGoEnv(msg) } else if outsideSupportedRange(v.goEnvVersion) { @@ -808,8 +807,7 @@ func getVersionWhenGoModVersionTooLow(v versionInfo) (msg, version string) { ") is below the supported range (" + minGoVersion + "-" + maxGoVersion + "). The version of Go installed in the environment (" + v.goEnvVersion + ") is outside of the supported range (" + minGoVersion + "-" + maxGoVersion + "). " + - "Writing an environment file specifying the minimum supported version of Go (" + - minGoVersion + ")." + "Requesting the minimum supported version of Go (" + minGoVersion + ")." version = minGoVersion diagnostics.EmitGoModVersionTooLowAndEnvVersionUnsupported(msg) } else { @@ -817,7 +815,7 @@ func getVersionWhenGoModVersionTooLow(v versionInfo) (msg, version string) { // below the supported range. We do not install a version of Go. msg = "The version of Go installed in the environment (" + v.goEnvVersion + ") is supported and is high enough for the version found in the `go.mod` file (" + - v.goModVersion + "). Writing an environment file not specifying any version of Go." + v.goModVersion + "). Not requesting any version of Go." version = "" diagnostics.EmitGoModVersionTooLowAndEnvVersionSupported(msg) } @@ -831,8 +829,8 @@ func getVersionWhenGoModVersionSupported(v versionInfo) (msg, version string) { if !v.goEnvVersionFound { // There is no Go version installed. The version in the `go.mod` file is supported. // We install the version from the `go.mod` file. - msg = "No version of Go installed. Writing an environment file specifying the version " + - "of Go found in the `go.mod` file (" + v.goModVersion + ")." + msg = "No version of Go installed. Requesting the version of Go found in the `go.mod` " + + "file (" + v.goModVersion + ")." version = v.goModVersion diagnostics.EmitGoModVersionSupportedAndNoGoEnv(msg) } else if outsideSupportedRange(v.goEnvVersion) { @@ -840,7 +838,7 @@ func getVersionWhenGoModVersionSupported(v versionInfo) (msg, version string) { // the `go.mod` file is supported. We install the version from the `go.mod` file. msg = "The version of Go installed in the environment (" + v.goEnvVersion + ") is outside of the supported range (" + minGoVersion + "-" + maxGoVersion + "). " + - "Writing an environment file specifying the version of Go from the `go.mod` file (" + + "Requesting the version of Go from the `go.mod` file (" + v.goModVersion + ")." version = v.goModVersion diagnostics.EmitGoModVersionSupportedAndGoEnvUnsupported(msg) @@ -850,8 +848,7 @@ func getVersionWhenGoModVersionSupported(v versionInfo) (msg, version string) { // the `go.mod` file. msg = "The version of Go installed in the environment (" + v.goEnvVersion + ") is lower than the version found in the `go.mod` file (" + v.goModVersion + - "). Writing an environment file specifying the version of Go from the `go.mod` " + - "file (" + v.goModVersion + ")." + "). Requesting the version of Go from the `go.mod` file (" + v.goModVersion + ")." version = v.goModVersion diagnostics.EmitGoModVersionSupportedHigherGoEnv(msg) } else { @@ -860,7 +857,7 @@ func getVersionWhenGoModVersionSupported(v versionInfo) (msg, version string) { // a version of Go. msg = "The version of Go installed in the environment (" + v.goEnvVersion + ") is supported and is high enough for the version found in the `go.mod` file (" + - v.goModVersion + "). Writing an environment file not specifying any version of Go." + v.goModVersion + "). Not requesting any version of Go." version = "" diagnostics.EmitGoModVersionSupportedLowerEqualGoEnv(msg) } From 9334cfb22c8a8f889527b3df729ab2f6b03636ce Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 10 May 2023 21:56:56 +0100 Subject: [PATCH 271/870] Change logic when go mod version above max supported version --- .../cli/go-autobuilder/go-autobuilder.go | 61 ++++++++++++++++--- go/extractor/diagnostics/diagnostics.go | 50 ++++++++++++++- 2 files changed, 100 insertions(+), 11 deletions(-) diff --git a/go/extractor/cli/go-autobuilder/go-autobuilder.go b/go/extractor/cli/go-autobuilder/go-autobuilder.go index 784795507a7..0a6816169a9 100644 --- a/go/extractor/cli/go-autobuilder/go-autobuilder.go +++ b/go/extractor/cli/go-autobuilder/go-autobuilder.go @@ -773,15 +773,60 @@ func getVersionWhenGoModVersionNotFound(v versionInfo) (msg, version string) { } // Assuming `v.goModVersion` is above the supported range, emit a diagnostic and return the -// empty string to indicate that we should not attempt to install a version of Go. +// version to install, or the empty string if we should not attempt to install a version of Go. func getVersionWhenGoModVersionTooHigh(v versionInfo) (msg, version string) { - // The project is intended to be built with a version of Go that is above the supported - // range. We do not install a version of Go. - msg = "The version of Go found in the `go.mod` file (" + v.goModVersion + - ") is above the supported range (" + minGoVersion + "-" + maxGoVersion + - "). Not requesting any version of Go." - version = "" - diagnostics.EmitGoModVersionTooHigh(msg) + if !v.goEnvVersionFound { + // The version in the `go.mod` file is above the supported range. There is no Go version + // installed. We install the maximum supported version as a best effort. + msg = "The version of Go found in the `go.mod` file (" + v.goModVersion + + ") is above the supported range (" + minGoVersion + "-" + maxGoVersion + + "). No version of Go installed. Requesting the maximum supported version of Go (" + + maxGoVersion + ")." + version = maxGoVersion + diagnostics.EmitGoModVersionTooHighAndNoGoEnv(msg) + } else if aboveSupportedRange(v.goEnvVersion) { + // The version in the `go.mod` file is above the supported range. The version of Go that + // is installed is above the supported range. We do not install a version of Go. + msg = "The version of Go found in the `go.mod` file (" + v.goModVersion + + ") is above the supported range (" + minGoVersion + "-" + maxGoVersion + + "). The version of Go installed in the environment (" + v.goEnvVersion + + ") is above the supported range (" + minGoVersion + "-" + maxGoVersion + + "). Not requesting any version of Go." + version = "" + diagnostics.EmitGoModVersionTooHighAndEnvVersionTooHigh(msg) + } else if belowSupportedRange(v.goEnvVersion) { + // The version in the `go.mod` file is above the supported range. The version of Go that + // is installed is below the supported range. We install the maximum supported version as + // a best effort. + msg = "The version of Go found in the `go.mod` file (" + v.goModVersion + + ") is above the supported range (" + minGoVersion + "-" + maxGoVersion + + "). The version of Go installed in the environment (" + v.goEnvVersion + + ") is below the supported range (" + minGoVersion + "-" + maxGoVersion + + "). Requesting the maximum supported version of Go (" + maxGoVersion + ")." + version = maxGoVersion + diagnostics.EmitGoModVersionTooHighAndEnvVersionTooLow(msg) + } else if semver.Compare("v"+maxGoVersion, "v"+v.goEnvVersion) > 0 { + // The version in the `go.mod` file is above the supported range. The version of Go that + // is installed is supported and below the maximum supported version. We install the + // maximum supported version as a best effort. + msg = "The version of Go found in the `go.mod` file (" + v.goModVersion + + ") is above the supported range (" + minGoVersion + "-" + maxGoVersion + + "). The version of Go installed in the environment (" + v.goEnvVersion + + ") is below the maximum supported version (" + maxGoVersion + + "). Requesting the maximum supported version of Go (" + maxGoVersion + ")." + version = maxGoVersion + diagnostics.EmitGoModVersionTooHighAndEnvVersionBelowMax(msg) + } else { + // The version in the `go.mod` file is above the supported range. The version of Go that + // is installed is the maximum supported version. We do not install a version of Go. + msg = "The version of Go found in the `go.mod` file (" + v.goModVersion + + ") is above the supported range (" + minGoVersion + "-" + maxGoVersion + + "). The version of Go installed in the environment (" + v.goEnvVersion + + ") is the maximum supported version (" + maxGoVersion + + "). Not requesting any version of Go." + version = "" + diagnostics.EmitGoModVersionTooHighAndEnvVersionMax(msg) + } return msg, version } diff --git a/go/extractor/diagnostics/diagnostics.go b/go/extractor/diagnostics/diagnostics.go index 9cfd5fce771..4ba44739af9 100644 --- a/go/extractor/diagnostics/diagnostics.go +++ b/go/extractor/diagnostics/diagnostics.go @@ -227,10 +227,54 @@ func EmitNoGoModAndGoEnvSupported(msg string) { ) } -func EmitGoModVersionTooHigh(msg string) { +func EmitGoModVersionTooHighAndNoGoEnv(msg string) { emitDiagnostic( - "go/autobuilder/env-go-mod-version-too-high", - "Go version in `go.mod` file above supported range", + "go/autobuilder/env-go-mod-version-too-high-no-go-env", + "Go version in `go.mod` file above supported range and no Go version in environment", + msg, + severityNote, + telemetryOnly, + noLocation, + ) +} + +func EmitGoModVersionTooHighAndEnvVersionTooHigh(msg string) { + emitDiagnostic( + "go/autobuilder/env-go-mod-version-too-high-go-env-too-high", + "Go version in `go.mod` file above supported range and Go version in environment above supported range", + msg, + severityNote, + telemetryOnly, + noLocation, + ) +} + +func EmitGoModVersionTooHighAndEnvVersionTooLow(msg string) { + emitDiagnostic( + "go/autobuilder/env-go-mod-version-too-high-go-env-too-low", + "Go version in `go.mod` file above supported range and Go version in environment below supported range", + msg, + severityNote, + telemetryOnly, + noLocation, + ) +} + +func EmitGoModVersionTooHighAndEnvVersionBelowMax(msg string) { + emitDiagnostic( + "go/autobuilder/env-go-mod-version-too-high-go-env-below-max", + "Go version in `go.mod` file above supported range and Go version in environment is supported and below the maximum supported version", + msg, + severityNote, + telemetryOnly, + noLocation, + ) +} + +func EmitGoModVersionTooHighAndEnvVersionMax(msg string) { + emitDiagnostic( + "go/autobuilder/env-go-mod-version-too-high-go-env-max", + "Go version in `go.mod` file above supported range and Go version in environment is the maximum supported version", msg, severityNote, telemetryOnly, From ec424d7e5188e6beabe1755391d93d3102a296e9 Mon Sep 17 00:00:00 2001 From: Porcupiney Hairs Date: Sat, 22 Apr 2023 02:41:14 +0530 Subject: [PATCH 272/870] Go: Add query to detect DSN Injection. --- go/ql/src/experimental/CWE-134/DsnBad.go | 8 +++ go/ql/src/experimental/CWE-134/DsnGood.go | 12 ++++ .../experimental/CWE-134/DsnInjection.qhelp | 38 ++++++++++++ .../src/experimental/CWE-134/DsnInjection.ql | 22 +++++++ .../CWE-134/DsnInjectionCustomizations.qll | 49 +++++++++++++++ .../experimental/CWE-134/DsnInjectionLocal.ql | 24 ++++++++ go/ql/test/experimental/CWE-134/Dsn.go | 59 +++++++++++++++++++ .../CWE-134/DsnInjection.expected | 8 +++ .../experimental/CWE-134/DsnInjection.qlref | 1 + .../CWE-134/DsnInjectionLocal.expected | 8 +++ .../CWE-134/DsnInjectionLocal.qlref | 1 + 11 files changed, 230 insertions(+) create mode 100644 go/ql/src/experimental/CWE-134/DsnBad.go create mode 100644 go/ql/src/experimental/CWE-134/DsnGood.go create mode 100644 go/ql/src/experimental/CWE-134/DsnInjection.qhelp create mode 100644 go/ql/src/experimental/CWE-134/DsnInjection.ql create mode 100644 go/ql/src/experimental/CWE-134/DsnInjectionCustomizations.qll create mode 100644 go/ql/src/experimental/CWE-134/DsnInjectionLocal.ql create mode 100644 go/ql/test/experimental/CWE-134/Dsn.go create mode 100644 go/ql/test/experimental/CWE-134/DsnInjection.expected create mode 100644 go/ql/test/experimental/CWE-134/DsnInjection.qlref create mode 100644 go/ql/test/experimental/CWE-134/DsnInjectionLocal.expected create mode 100644 go/ql/test/experimental/CWE-134/DsnInjectionLocal.qlref diff --git a/go/ql/src/experimental/CWE-134/DsnBad.go b/go/ql/src/experimental/CWE-134/DsnBad.go new file mode 100644 index 00000000000..f0b2e3c4592 --- /dev/null +++ b/go/ql/src/experimental/CWE-134/DsnBad.go @@ -0,0 +1,8 @@ + +func bad() interface{} { + name := os.Args[1:] + // This is bad. `name` can be something like `test?allowAllFiles=true&` which will allow an attacker to access local files. + dbDSN := fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=utf8", "username", "password", "127.0.0.1", 3306, name) + db, _ := sql.Open("mysql", dbDSN) + return db +} diff --git a/go/ql/src/experimental/CWE-134/DsnGood.go b/go/ql/src/experimental/CWE-134/DsnGood.go new file mode 100644 index 00000000000..0922d3ea1ff --- /dev/null +++ b/go/ql/src/experimental/CWE-134/DsnGood.go @@ -0,0 +1,12 @@ +func good() (interface{}, error) { + name := os.Args[1] + hasBadChar, _ := regexp.MatchString(".*[?].*", name) + + if hasBadChar { + return nil, errors.New("Bad input") + } + + dbDSN := fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=utf8", "username", "password", "127.0.0.1", 3306, name) + db, _ := sql.Open("mysql", dbDSN) + return db, nil +} diff --git a/go/ql/src/experimental/CWE-134/DsnInjection.qhelp b/go/ql/src/experimental/CWE-134/DsnInjection.qhelp new file mode 100644 index 00000000000..0745de946f2 --- /dev/null +++ b/go/ql/src/experimental/CWE-134/DsnInjection.qhelp @@ -0,0 +1,38 @@ + + + + +

    If a Data-Source Name (DSN) is built using untrusted user input without proper sanitization, + the system may be vulnerable to DSN injection vulnerabilities.

    + + + +

    If user input must be included in a DSN, additional steps should be taken to sanitize + untrusted data, such as checking for special characters included in user input.

    +     + + +

    In the following examples, the code accepts the db name from the user, + which it then uses to build a DSN string.

    + +

    The following example uses the unsanitized user input directly + in the process of constructing a DSN name. + A malicious user could provide special characters to change the meaning of this string, and + carry out unexpected database operations.

    + + + +

    In the following example, the input provided by the user is sanitized before it is included + in the DSN string. + This ensures the meaning of the DSN string cannot be changed by a malicious user.

    + + +     + + +
  • + CVE-2022-3023: Data Source Name Injection in pingcap/tidb. +
    • + +

    b!T<3E z{@sqz$34g0ET>0H(w#NelS~#3Zvx+p>GC%~Dfn~eMbai9S2d(RKTkEfakSf>}4O)%2bB~`sK+=STS zP8mNeuHDM1O;nJ{;=uZpVT95Z9UU;GD2fQ2>vy(DdO^YEE0bL7+;!TLQC?s;oBOuQ zX-3LbEArZ>*s0grH_z&IZF}i9l-K%7fp~kn@{pJgFBun=e z?6G8ib(-<0aEP2-`va9q78QYbjg_}Na#dR7gljWNmo)BNgZg9usl%TT0v`6qjtj!s>E-g9=q;sys^WFuZ5`g6i|I=fchUuwy z{WGJENSS5g@!P(mgwg;|H|-?`PF)1a8U`P|?qt$y>0jBHK-7W?Onr_72EAIw;2?{7 zwsjp_&oGa(%C;?-l-YHXwBg3vs4%)cq@R%2WF)o2u1ArUm-rVG5^BIk*GUm z{-D6KX7wu%Cy5_v*=mFqEyC!9W`%C^FBqJed@5)#9z^s^HY~IQUc$!@Z5ht@;ke#N zyoL9Q@FCZOx~m)Yy+f<tZl-nM<+4gJ#mBX^)#C7zFqZPwn~HX$M5XKJC0$7LjG z5+Aeu)-=Xxn>g?HLKUPrJ)|X^C{aX^&aQ-=osTlwEFVWpT(u5p#U!H;{(h@j7!{D( z6Z|>180hgU+73gC97`ad0NTjp&}MKA`{g1t`h<^pqU|n00rD;8)C|&ch@2bjvR6Eu zrEmxtK1MBqszh7gNG=*aKH3+W*CUhT-`AQ1*U+q&y_m5%Ubs~xZmf*C-yZe~UuOC( zu#Sx$;yuRK{GOfD{w4%(<%1xWH9p(*J1&-0N1^n7SfaMGoX_!ebYq^=vibSyu9z5k z+DpG~KzhE)7s3LybXw;#GI>iLY4-#C2hML^tcc89*}EniO32316QaVfG5eFqQ2TZo6Ys)FCuSna-cLYxT*a=AgR24CDJfCQ)ME9jbqZ=~9{5A_;tZm^-d zBzFaT{rt9s9${gpHKiZxHol^CS4UAF% z92sOl8f$}sux37JNV*4lQJA$yy*WSbxj2#_DwjC>5gd2GjSHa$9S*+{ZqO}PM29cR zBh65scvaj!B^_S#7jMZ=OAAZ;eBj8~dc#1Lr0cSPA&jd0&C8vo#p1_ax;eZhdHAy* z6yzD1px^fv!U>8qJ3SNQ^S&iue}32EL)fXo55pqHr4;s>2E>!rM`s%Wjzctn6v1E8 zf$+4GkChc$>Pp>uG=%z+aIm`YcR4Q#(BUOVK;|ZIPYwfp@L+ZD(@xhtkna-#lj{;_ z>vDE>&dJT)>aXE{Qn)N?(H_a@e|Ud{QOvspV{huwBLF#m4id071l71P#ooA}uv=y# z0#q3Mc30XYo0^(t8Uk^0!q=S50F+c5<5z&AGe4i%f^?q47k8aAnD zKv=PV9aBY^Q#koR*fhhlBM3OLJUs#?+i&{9@zc06A@cdJ;$GEn0W))lBBeS7&^6gPpxm~{h5>-d-*c!57j*?CuhgZ30Q9xmFEo%gNldpn@gl5kml*WY@MVkX&3p!{NJCF! z!~J$uX)o{7Cq4lj-RtM)=Q&o|+EKj@9_wSE&_MFty*2pZqTLE)f*163tPWlNkPiAy zPb<|8401z>G;e&Rfz#ycgB`qrvruX_{kqGCS_OHWOHGHfan2Aw)xmhSk4Q?lkX^~5 zgb))d|AV_kEOmuN-Q_;U2dbZIK+o>XUTx%zzIx{|4HN@0M2JJepvnDC8B<14ksegl zrfYE49nI76)9!zbu1B7&Il8Skhg`c=vVY}S58NobGgZW}E_slFSYZYwzA%3^g>sZy~N4R|dVk z+)+;oUA;nf<%{hMf$J$5==Rp^O8n6P+Ok(Gn0+;jK(M7SGD|sumXgx4ZU^vNN66BB zFoflF9egd}WAs&GJeEZX$e?qmmkHWSlgIGdC#Iw$yl60d)II?$o8i&X(P@AZ@@a8( zcGi3{&)3)Y^Ww((y2Alvg75}x_vsa4UoPzsK|+O$prD}ZrmtP=y}U}(W@EhYW&%Xo zGewWyFqVehfSn$`xhT30dkp*6w!C`hS;M5|{rgQ%%$hPFm`p)Bx0%eJ0ThkD{pSGU zk=Q(R1z<X02SleFMJUPenBPR#Ib@_;_Lt!;VG^E=)fPqcU_zu zTJarL?A* zwn}bK{v-~Ho67JZ%sGsw(JCB03$6T`@h}k9GG$d zD5aNpYHCXM4osILVGct1(d_>|YCsd&=&0Cf9*hw4hb_=9Tp2PrW4 z!+%Yl28wn(LCv|TY04pug@uKz2mtO;Kmce6oqX2TP6cXJ!7`(>o}4tKD!0>0;<=+7 z#fR#oi{a<>@P_|0-X&0t{1*WO4S?5Mj3MXidzurim>{fGE_nO41Ay}TBFM+5mgdGE z6U{4r-gEJ;oqZanXn3((K6$~y-CQkR`u|>6&v>lAV22ViSmB_@cQ3jA@>_jrA&AR- zC%Bmn0L#(6dgS@SNeo=aimtj8blI>(!wo-JG)1kkPrY*BUW zUwPU5|Nk;c6oBB-c|!oX&cc$Om)DtHs|LUhkXE4(vrn&HVZF-A^IOOrnL&o?oxugp z*0Pg8Gyi|@*~F7SCkhQKhznqBR?#i>;EhsGo;(36OG~RCRK5WeJ6&Vr#J6uBfAM%w zqa_7+C`|v)4te4I2S^7-E5Npzcw2AE*_2hVYV4EdCt3YBNAV9#RZYGmO1H}O;lV#( zM8QhGuw4AEv1+bn&FYrpL8#k}|Jtm97_HBqSj#Iq_lw&HDROw9Fj#)enO`0#rm=XP zzw|NE#JF;9vz=K`hryoYfJt1oT1Z&<2>S{!)`_#JLd#oG?VS(4{@hB_GSkzC=v!u~ zl=$d+=tS=o-yu!IL=3wozb@9WH{O1?#7@e5>OB{v7|&~IHq8IP{B6KN_rUNsK9SpB zZu01LcQ)F*4|Q*%d5<@%7&=Qgaw&_&P1M+Esdvh81+z1b_sU>n>T3E#+@;%sl?+=^ z{VF{vQ=@y4F)%NkgFWX38GhJ5w-AkxxH?jr>qr2}_PleUFE~U;{k344{qGT~`GA2y zA_GeC=6jNQNZM20zkaQsWXEjNP+%MzQoR8KFl0I^Nr}{_pzD_5VlKe3a=X!2(28ns z00$|pVoyi{FrP&chj~zE=_`@Y<0A>a?cJPG+16b=T*9z$M$&<<*DGTDc`~Wb5tEKN z_dn|M83;^_>T`$Xuv!={zHr;g3kjKG9=&+Hv-OS?|EA2aJA)`r2b`6C#%Ip0I{${s zO;sp+6`hrcZA{PJ%NKom)3QxB(!_vZdx)5CU#fM!g5g{9{LIgE-*qO2IPi+8Vo?0+ z9fSR-(Q8=>PWh&njq$1}DeLktOs8ZV=Jh=>QFo#{hZz>C7s@=5rhdxm&893R{q? zWrNK+`ULsN;lE9!9s@XN{xhUbcSh47;+b>asY8p=>67myGkhSZj=-}Z3T!j z43MN*2hQqmJ@@tI?^1Idcv|3;hR%qsV+ms)J*?=}FY(ec$^iqadef}PYvKvK=@E-s z>%IY!zekk>9?&Cvh!<9f6ZnF0C zP$5U#=gr;Z&|@kw4p_||06!2WhX((LFa-rvz|=n=0Z^e7a_-WS{eA??SA>%dqOXC} z!f&|O`|vaqln@uRAYD9vUw&ZZ^^(FH)=qo;(Aee0*{3BtpM!&98mj=bBn@W|DtpRI zqm#rTp?->&L!76;9JA$X8{d(e^h-qi(i$M6ed^vn`=Yvdz*s(CDCj&8L8#$Viy>8{ zlL|Va#(dUW405nRRs6uZi-38yL^{6xSCx3vA#VPgbx(d=#+#jZMgixi%fX(SUuP0? zGQbKC#(Up2x%Zfa$L;XkN5vuFhN3#_nk zW2f1cZXe_)5#RA2R@wAT`&U75cyni4@nX0dCe4y|Tcr4lb$fc-V&Q%L+V}EuxjS7uHXce$@bJlf?Hh^D&-$CG z#~gzZYH(&A|FP9wXp;!XL;5%F=9qo8^(@kO4l_2*5E$NqVkp1xWgV+qqWO!@qKRy& z!|=8RSz(9Xl{4#Qo!t!tml9SK?pP^?!$bOUOaOx5|C~Xzm&OQ}#>K}A=5f&BS7op` zFLgJvE6P(%bO+(gSKJVn}@&}?@@y#w?>^MNqvcoyeP0Xbg+3IOxXyLzwK zA-5p@_De))M54mJ@!O~+Ejw_kf`i!UD;if*piIh-P z%<27kj!JGPtB&dK&r+(+7c(#S+BZ|7cYfV!Mim@m)s{N%v!ZYvVS~oVf>;k(f z$BN_uJ_HDI`kYuBR}2j^Ib@aXJF_lDilQ%UMknMk%b6l1^F5a^Uayaw>ze2+n9yB) z@G-$y>wZewZr1)`Pisu83-Gxdsn3HVqw zIQ`d-gH3Tts2|<3CUv@xohVm9`f~8OC=zzxmAOq#Av0^y__3$-v$E89%yi1}sZE(p z;a<0Zk4u6(`SqB79f6-WL?RLdIE^8x?Wwi`$uo9Z4=;mL_8;xBiQ5HuYPq{GW7>uQ#-$ zw^N2RCNP=~?q=cu1p7nvz0a77!~ju&1&H;4STZQeD^KK1QmX2HqAE8o$ws&6<)i++ zgy+paHqI~tyT$~ZEwh`{=F*w9T974X-8MtH!klok(Jm8tG*&wFaO;ipsK=qa0b-3Q zRhAu|W+>pE20C;^iB_yEjP*^}03}b|1U+o&+;{OZ(kt-z{#d zsoXZ!S+P_$0t(9bE>YZ`CupI|zCAD^`uTD}UJ_5apD50#aNZt|e!OyYmx=qK=eJw} zroebIXr8b08mQXYC;++E%L|lN1_j4O%$VtPrJCz1)1}&p3Fwc|Y-v-Cw#cJ(=i>6iL#YxgLdCFI8&)x>9-UwuQ zKt@9<)7>!pk&yZpL=wt7gc2pb{ZicCGzC-k$gS>IFaKGnQ`_-ES;DW|D&qP-KkwAw#XxUS6_{ zJiMtR40#d%(x_%nx=p8e2jBRj^}_vmGr_@m&DoX?M^@LXnx0!5r}qQr41(w$W3=8) zI+w1_)KGU22{?Zp&>I~q_E^p05^cB(c&q-vIxAn$k!Gb?eV(nRP#(zKGcff?`$6{d7RtwV z^KtyMa_ECG`Iyfc)+Pstv_V7L+&~~^^}KmmkF1x-AoH}9AAiaCa|()YPD949x{wL@aU*~{&Hgq zD;(ZF;3M!i<4px#O~aqc6#!EScFluM1OqO14-dGLp>2?l!!! z^K&1vYD3)zpdo*Of-&SkUN)z`cVOV9E>8ZMt&Og3vF!UH*Qv>u8|iTV3q%6y`6hwFKd{b3Qih zIWzm}rdmybrTuryZ*<%^Q$txJ33AK5=!su1n?J4IbSA+L$IRbwJHO*9NAWgoP<+{Y zFJPs^tu;}Z9?mSDN)FwvMln&ntVJd;){;$WulU&1ifVgHqZWxUB`Ij1)D}A#nsPry zaE_66QG6C~0x)rM+$spY*e#z}3`fs4H>iva?bNaVy^vD|ra&3M(p$@FC^h z>$rlJQ$IQAiv3J$H(2eaQck9^Fsj+>J}rCS1ic@A1RL@$A)3Tr?IV=P$OVFOQPZOg zWY@H7#xvD7V=rTcU%n30)C|4#D>4(b%lnNCT3}cyg$-gp=!i->D8|=jPm>MXcAxhEU34p#pA_mFCPk^V#)aT5%7cotHfpczO^z#AzATo!3WY5DPA#)(Mw5fU z^LNM7+~sc*7R9sn*&CtL`kIHDA#8=u#`U;sb4h|N?TXgP_9s?w27Raw_bz$PU2=2Y z>JC^)eW~j~Hz^(e0L~m9PnTPtauYh$l3f&>TQXIUZ=^fOkm0O&;&_^ULuODk`eli` z_ib1ZKewyj7-jz|o*u)zRJ0p8*x#*Ge@Wpn4TJbKyz&s6Zn4v3Y1AdGKdX3E>Pk-i zeFBOT__p<1ZykL8u4 z;{*0yeOK%rmC0yHUrDUrLS68+^p`-qwkvxsz6n8;8-t}$L)*G`@@6yr;jtn~X7vP+ z6-$*p2ahnqpKq>Y-Jj?b;=HR*vAjCb;kL1a=}13X^Z1bk2{y48 z-N*-zo{4M^={%j}p&zeq7_tO=QXQ7_cj4MRU5s@Vms6|`+elGLttV~m3e!TxsOm!; zLiPJxee4&MpI*S#Y)ljVmRRC(lA`E|AAuK6jy9iUjk<-EhdVkMbZ)EJT%Bx_i@pbZ zH~|$e)4?3rt+`UkUq|qtMUp4OCN5R2bXg$A!1*h~N7UAcI2$8kV~0)V^XA!INDNI} zj&KU^F|9mVEn#&~^dC+ykfJZYbz6e^&Kyzh6AI`}ZVB`1gwm5o72}lJ18xPD7F36k z;Q%`d8aJ@9w3@MvxDa%Jo9zs9P6$0kdUA_lhxdoQC*y<#ALo2ANg7)=(5iKRoZ#Qf z2xkuVeo@ok+t)~^Mast6`C0`vRF~ZCo;ppL@1xCVB%rb#v^|nSROUAuJXK_TIRxXL zq{eu$xn)~63gH0{*l7Z2XP^)9zgMn}o@SqsM6h}}AgKEDD?QR2sVUiG_wDVvQZXv% zb0zcV7zm0dl}?_4j_Lf#$@M8D*GAdaq~`=#!iKLoycuX+a6i}#B!**NgP=J6 ztqFjz{(kVhzE>I0LgPUIwD_6bd?1chC`ZyAvl(nVjVI&kSFBw3uTu*@Nw?Qbd#`%{ zxsPJYH88F2XG|UbQ0inO?8;0J3ReWrmyo+H;QtG0lsxbcf7rKo8>&h4x2BgP(n3Jm<^-DuJ;l^_}0oK@F7JLV?d&! z@?96-jZo8zZBLlPhuUWB;(U2(U7jeYqHw()j^~F08U#-EtqwtTpB+5NI^TCIg%(u9 zL<10Ui)L^$`Ig5Ztu6T%N`3b=C5OkxgbeD>Cm3=ffEAJt&Yad0Kp+9<@>^xz;c%AK z5#Qt$7S87qKQqnqF*sUv9G&!>*WP4ZnMyc(FP&cE5zrNhgps|kPa$IlqTO@< zM*!h1m}u|*d*gQ*5xVfS(Q#n_RdtYi8$j1ZNU$dJ(G4@W&C4T_xN3sca80$+|*;a(uh_5N#4tIEzTu=JL z!RHG#3F)*@LpSFEpiPGK^dk5z+|rAw8BysKxzQCq^F1BU>o`v%k7A<=?xc9{$!} z*2}AMm<~ZqzdUHAQ+|}{MNw&%Gv0C}H(3(qmBHj6Dh_2{b(G){8qM_hh=#;zJt^3)@B$#!1>@@yj z6S>!7a<+ScWg>RI?3mZk{+Touj~rSxo^Q4_-HdeInu|8M0bA7Bu{RZnlkvtP-fDpxJoCpgM!=MMU5F?Q_TrWMdn@;O?$j0;zgbFf^h8ozFN?aj6KV96Y2e5{#G z3dAX)RkfAi-8n7f73(rgIG%<1U5_TS-VidT9Vv)xrtOixa|=yZrZVF|pr9^RxKx_R8TxaMAQ7 zxDR>YGa!Kzf6qP##FN|GZ7*KTtUf*KJO&8)H(>y;HVyf)?W5nIxh45vH(#|>m?l2w z%7EcHQ?{WwMP!_43Iivr2Bp}c#me-n<9wABZl-2pKKpSRpPA<~8`cZ4UTGBc**gm} z#RJ2+9k)+gC{DlU%Jkpu=a6}V@X%>0-hS%vs4Eo!S{q-X8tl~H>eLz0+FaZru3K(d zSz~8|aSi)FC^SBqn$%er5wY~mxBn;{aMXdkKz3z7y>^OG)%QO74uGD_z1tpQK5Q`8 zY6C1{HSL(J=8?0mVu8+lC-EYS*xI?p94}mm`1;3DH>aJxtu%sF1@5Hs&bTMK9yjjk5&C08zceF*s2WF|vax zQOIWU`oKHwF7Ff2zCCI0OJZLhoqO=hYQ(@M-dYW(xVKuF!1;xdW{Ny%zDi$!b1Uk* zu5fLOZ2Olx2m4B-B*#|5{ zT|q$ZJFPwAN6+12C2V*TZLsbZX7OdiMj`$QecIctgZ!13=@yh+Mp-2*q$|!4hI`SE zNyqXF6<(~gn_e3@bHgU9Vdej`2d}rrjSFJf+GuEwmbTmRoyNw#;zQn%M>E#TMa~xy7xbY(G9wPAi@O%8ToFUagLDDRU^Oh zMUS&Rf-^st>E52Q(cE5~Y}w}q^B!t*FNd$S$aoF{X|LZD^^w%UO;1L(#^XNo0hi4f zFfr-~^&XqSmJf58Q$cr3i>k29=H#2y+g{GS^@rM9DVN7HN%R)RSpiszzfN zMq+O35N7HRLK@IR>gVEpse+-}v22FHirt|?>=ddd;g3C}jya!>H7*xQ%U zG63z8XC1RRo~7JwM8nx(TJzcGL#%XNc{~>xmvm~@Pm#++qka5M=Xqz_5A_1}uq2GHFCqWTavYuPK1) z0|XKPvHk48kVQA!;#);aRNs<`0WGz@=0{GN8(~^H4K!n z*c@(7*;FWIl+hnk>>s`7EVb6x(c{Ps%&2b5-V3GNbF17n`5-9YCSKZ>|GH4d;)Be? z!=O2$Y*+ZrFppHHB}+g(jUWRqK${@zLy65&F6pug5CmBIL*bhQNemU^Bb_M z@6;*48vj=NV3pCogN`ut#)6)ra!(B%ox!3jCQD_VU~AA*{dr*ClPEW53+mFc%G{;e zvSiRX$|9#IZOB+|mP(TNBt5{>-eFKcz<8E=YCY5^Dl4Dd1srvSpa|QDpWihK8poHW zTq+-!R13Pw-7{-fzJ|O91_nzlhMa)`-M>~FdL)<7BO56OxDe%@W(JxT*GFP ziVwZf{{3(Hd>!`d2d=}?tLsyq;AseZ0#j%FOO?IT+T9WFt`F4I8{SAqgdl0ee=vGW!h&`OOcsO>fO`juY>>ZwOBVF7r~S?vFy=Ctx^Z?q|dM zLiQv4J~MzjVNB81*0xk;veBU2q2DF<5yNraP8;h^+0)@F$H_X-mu+`G@k6h~x@e+c zVVK?;)b1Fa%nsiSB80%r0KmqCiVYa_@r!yV0Dk{}Cs11N1aAF~nhPkm_RmYw-qLP< zyOPX(>{!t%J@BHo!%jYX^QB|bh;u4I?6r{_-hetrxuA3;Jr)<53U z*3!aGvMPOsS2?tlR#X%*s)S49iGdJr(UR^sA$)%Q3O2}fMcZMZ6Gc)s3NG2mbgrecYQ|_IQOVi|w zrbL=4TO+`kGgR+QnQ-hMtnE_`_ zzl5ZDW>`$UX+-->S+!M*Oh4C+Me>~YqQ5FB?`(K5kfBh1WMP{d4n>9)Pq= zMG`*;UEB33o$-U@l^id*UV*x^=36iT{oiFjS!9M7^#{lkn zg?u;k2i$}2Toq@+f{CseRFe2-zNsgz1ql+L{f|U+_m)$(OGQWl08^+mDn{bsJ`SZ= zl*7r^Oe-lkG`}R_cPZ?@()rnMNrekJQ$ax)2|%WI!3vx|CtL^+&jYJ|*?`q26up~Z zC9cD=(Ng7aWaaM)F#BPL)7-WE$^ui2zZaIY#0+!ggk^KKAK#XGB!NQ=!96lYON#rb z>n!%z;ehb<-!n?s-qXX#_XGLCgY#Zrh6kvhf!Surl zx5gs&v+^1wUs+!EJ=qmEGM;Pn$pdX%`(gD{Yg52f{53Zg1(Yhm2LO+V`&R|oaKHc) z<6P~*L^S|T9HjRJI6t6n+|tWS=%3%!BA}Rjew--wW(2)?Ba~P*k| zu}T3ueLyN{tfwbnH^6mZO#?V}TsB6)VL8ZfTNx1G=La~UEQTnk*LM17!T3Ev!NEa6 zSRvk@A(g*q2a4tIzP@wEXhk&yCi$#a7D^XAX~zHOl7POM{FOZY(vdRjhl$5nEFj7> zTDGRPKNrhu`rKzQM=SR^CeX@}Fu2*p`B?*|7Y^_y!FJ$6{J3D*FYwU{2wlbYE*zs( zLq%*Z#{snOJw*1E0D3k18jp=c{}r$*=%v02?NdT!fBLlNR;`+WRc-;K?I{GrtF+3jRev4w!9d`HBK)gTzjRy5zZc-0A^;+)AsVJL@!gUEpxXx-p`oGv zPWV9MgTH6>An;)}QFC*0Tg7Z9aL)eh4W>k^%7SO~?yPymnmXIqJ}3l4_!hFfNq%bz z5q53cliiX{&`uBaY<>-H(qT>`u2{)Bw|yHZ_Y%!8bnx2?WWwX zN%eu-6ap+4TWyrJot-pL>S&rgd2c+(v1!zY$?q2-dp|TJQRv|SqXYOQLA$m&IXPOb z7NFA?NLpi{HX_+I(tONh#492WFo^aKXWq`;R3%jsxbUAx7&;A+o^4 zvI@{k0f2Gwv)vzplfFBfQ%z?wOMi#^N4W;As?7-QM2*Si7}9>R6q~PA2lP30*Ju-*03BvSc^5KB5yJ0=O`N(3u2C!XWyA zmQX=gLHscq3U9h)yED#GX&Y%88jW7S?UsCjn43JP0VU`=9kiAM0a9l;>766|f%?An+Mb{+=b; zwg6hQ<$i|>G2|E@=d0HpP7_SJpCu1tg)bxpF#JCUGy|&mfKl!A2p7@<;(Y)d@~@ij z&8<0EufAz(Zf@>b&I7m!${2-R|GA34zx8KUGwmNZAKIl%V-agDPap%3E>KXtEDSi7 zes4KgHwM5sbyv*{K#WbS0nTW^Jx;|Vi$X8Zf8+~(ZMeKYb~wjkxutr2L32B@!&iz7Y(U=Q44nr-VaWcMk>u4d#?$TfBxGMr@7DPS+Cjo3u zUlWk9Kou(C!JEn!1D?9Cjm$xak0AQW)ORfj|LO*^ZXhn})~9oc$D%p4^W@Ktn17pz z7;?c$M^TYvzdd{J7#5I%a-3AAfJ<8|0~$*Yo)AEvb<@K8_Xuf*Fc7Lqk)Su(Z*2+$ zTvYE?`}2AIm6yS%8|J^J9sC9)Zf#SX0rm(v88j5AI>+HJ&A-xhhQ*djHa6`4j7u4i zU!3QcdhacRQ|iwT!Z+wQpdEr=Z=#mRKybj)Q|nFn@7-e%_Z_l<0PiMF$mQnWHvnq_ z{Y~^){Po0@nEDia2;i&(CLC_<&%QqA_Q1GO9Zk*OE-V(%Lg3$jKN5<5gq<5k4bT|I z%N>(kpt~)ZnK!!_{%U2kCPP1hb|8Lv61==v;Q;O`y{euG;LFFw$EyHOi9Z~O50C}; zd&=PT4Zj?$U&r9rD~ksjK>m5AX*}XkQQ(KV$m_{{vTsQe-C($jHSQExN8ER z0o{aW4^da+c2AE0g5-;;-0aqWGU9#Os9z5(;w=w~3iST5{dY~?u>!^p-y`5^fk$~k zTMR&pnb%+dwer(LB!8Fg_ljNb`s0ON;sIGmpj&@jU=f?mcgBLces^NT`52&+`fu~` z+2TJ>fb1f0W>56MoV*Kd9X%DCfNGc76Z&@vel6EkfYWfiv2_m9;Rb101;llcf|-_2o5FMY^B?&yMUsC!s=&@_8E{nE;uOtswS73A zxqWoYRqW*O`>>Zx)dP#-1IkcGNbHAxIz$^c*AJ%1n%@3zwcSE8GrQE$0`%NDMnea3 zgEF@rh1E5y**I?{^;c*Dl+W!Y;*xt*T_^zFgQmckX$f2D*AoLSI-}oiFGw*w=i$~b zSp?jtjx}2?rFMh(`1lopXIl{~@mXv|5FzIWlQ+RxQe5W;S74P+yA;zi3Wy6?lqz=k z(&7A0U6KU;e6IuthQrC@4>a0qptx&y;kDqgVP}$x^ES@q5+@FHG2I^W#zy+T8<{3 zRdlVsD4+Bny@EVm&JBs%x!WU}c7&F(6WIPD?TiO{Z>qZM#hg08SwHn__oo?vS8|)9oC&u4n-Dl+l5$q>O$Xh^F&Yn9abkFcGDWmvc?+jvF zUYq5Zs*IQkx!7D%{Voj@*@c2@h1+5bR(Sb@cgGbIq`#P&%Yb5uwBNP|C+z8XRe#q7 zXnL##9FqXowIX2`?FiINGyouQ?=Ort_#@vyL>Ol?km`rfev3v>eXqhtKyBhdsmIcV zPMNAbOrOPtNLe0$yRV?2;8T%QRaFHHVPUr!&^-yFE=nj-y}TP}W8k+^xP;Mq=^9iv zjCOB6-tjn!T4Q-(Uf&}+DTQ?tp*?3un+2>YZo z&7bb1IC0|PPU9jQM(>Hy`qhYW6!OZJie*bU*Q@=|LM8KQbKH4d_<4U*#T$)D_dUiC zY1HR=s>0fReJ?Ms)cI4u>#?{P06PC_=mcVcNyF|p5ypc&{i4)gE;gp@9V{{i+GfDK zN528H`@d!l3O`gN&c0^Z2@?Q?k-D*-jt3EwYmPIYP1sK6Ddj7YGc9_BR&;;l2QCEj zA93%Lul@YJ@&85TZa%tD@wZ!{7GKLpxWGuA}z0)(~GG{rQd z0IJ=s^#ovZ8Ud+t9VR(~4~E!BMFG_`GaLS50bCA|G5C2hkB_k@Fs!{e%BFsXVd4;H zlgl}FCN*=QHR?aH7(y2K%m*FgBJ2<})akNHKI63mD!AEL>fJKp{Ar>y8B|+)JA*)h zF}F_DxRnDaY3d(Sv-qKPhlzuNxln#)uOP-UQG>tW$J3Z1rX@lCLi1Fm79HCRA7&;_ z5l2NOQzZ@mhxw~PG1$a5ToiYAT9y04t11nTnrZcT>-a<@=F5new|^LOTQ=o>+N{01 zvxUr*TB5}Y2kB^vC;4%oIMh2Q#l5^o|z0)H>VrBCH zd5!1zq^PoTcr=5R7>@4j0fr(;`FpmxE44<^4j>C?VWD=WmAVz@1^euuVfel`pxVzz z5z*1rW%R}TTPV%l#_?e+e8`rVjCjeD+?6yVv0e7~1Thdx65AAxNXDF%?!Uil#0xw+ z!LT3#$cUGQ#(T$i_jfnS0fGD?QVkz+EEm~r^u|Ie6Alz{uN*MGFC>7oFGL|px2NuV z0$S{b(E)>g5G38JP2YHHER0Q=``d*5B`TiP^VMS!pQ-PG0Gp*rW@bI#+1E+CTCeT% z!qtv%KFH5|o+kJlw8x%LGF`=3-Eub?UxEv(qBm9R+FsH$ITx*r#~|k%YV2)28^KsQ8iO4krK3JYmowFP z@c<<+0G|OE&}EP87mYaXZqU~N7JHwEQO`V1Kmm{c#mS@(-DAI_xoD1j@-D)BuK^&6 zSH`oY?Ph@SwyJQ3y`}IhDd1daTe&giMHz|sp`@cnwfbBZm9b|7cfWzyo9o9XKiAT8 za+ZO?FcD%CaS|pt0keF@1%E3NVKMdm4$2!EZ)mYxKW1K{$zcxWRnH?YX} z2)8Gk#w$Qn#M%euxUFAPi}>0VFPKq-g-tA$G?ge^ZCzF7@cO1Di9KkgI**u1Kzl>l zAW6DizOd6=_7Ypd|K^#XgBC7&-iN)?kr_(M7vaQX$t7iA30Rm z;UH@L@m27ZuRuJv0?oAxlD!Tjpt_*A5s1KSo zW5|HX7I{Nlp?azc&VvN`gCKy)n_G|u4`)hQNr0v1M_Ios-sK4j z?*&^ZYa=3xt5zgr2F9eb<>n`he4Peuy^a^~s^rlMIo5_xLjBehf>BmTMauxs%WBX1 zo6#m7#L{L_k4X7pboYY$5X4ou?qOBDuBs|(JP;oz=;IDx3J16?CGM;J9=<;Jnr{u* z1l15nPRpyn(Y_R3K|K?bG)DB9UbU7z;Sa9erQ|ms+KG2@{FYu>Rix#-QKpn&*TQEiDDR_qVoW+d zy-wB3F7wmA*Z1D9)<_lBn|>PJwcPre(MJwUK&^z(WOY@|>hD^;)a9tixctz>sup%y zjs1Y7rz8NzPBvK>@{W+)LrF8Tv5V>5UA`&~Z0vBpANr{@CPlL~VLEWiag0jxK9f9M zh1Ob6(dYFk1?&mY$6H8B72AP9;i>|!1>!dsy#}jaU2!s;=Lo!qO3K?QdaBFihRZU4 z#LBb6(=z8Q24>YCpgv2Hg9L+i?+a`KN^ASkd)|XtfeITSZm?dfzNL9Z(ugAw5zlM!vK?nf+e4y$`!5L0e0?~8a3F|(J` zJa0H+)RzjIhoq51y${KS;7$855dU5?|Bz#654;iE+h4D#c#a1%;6qvfL)aI;6Zd?%jy_(VuY%W%q&+@q8ObiBj^-qa8-Hr# zge~?c^Y_m6mu~{ZxBR)cVi`_~(yvi*FOAsf2iNni?4-oK#E^S#kS&koH3RjcGCqUl zxv`Yq-&;dzX6Qfhl=d3;^AZghbS~g7!Lr#SiO|-XR+3z^AI57fv_bVBIVt&q`l;OH zw+6aVV@nkMx0ktU_)gR&6_iog#sOzj<*rq<>X#YFZ59_l-e77PB(R(=cw-N%w!L~4 zif*{kk%IJLb?(7A@w2m35~{Y_trb`J^@O}Y zo{jJBy~DV1S24}3emWVaJ>~Rq*NHKq6Go1@KG&aRI{7tYYfmjET#1eSSSjjKR>_ts zpD5jy0jPGpw&Q~*?^Y6~^ewTXC-!{0%VY>z#JOiyh)XU}wU+o{AWRAR#GXz+rutfb z?M&v=HeFnP`sH%9l{t6YoOTpF*MjtupewmJ2#@Nhp}>{7MhfUw*8@MSYv_OCG}tvpWu?4ph(h!1)QWi6TN^fAcO;@N zE!bRlKRez7*88|2y_(Me^VGfN(Sgi-EAcuTTq~t5y|``+M544n)Fa^LZ}=8IHob$W zJL>4@2n;OUYKvgLX>a}6X9i?Te3>n%mv(xIz9(5!Q5-OFX`_j@f%E^%P5c!D0I^l+ zM)(FRXJd*xZ-T6pzf)FU(dj#6x7<0k&Q#Man4;KWzT;=jP-Owr`EUnF@aYq+z0VCf z@)7ugRqLHeUEkWc85q6NHAB0PIj>Qkm@L1$i=Vsjf&yAKF=0;^(QUP{c`#*3SA%`u z$IN%=h9?#|Xkn79#~JD^2T>x(HgclY19Wm|lv1&X9cQSU@asKU@!l&) zt?OY6J;#uPPWWty(XFnVDgHnQV5oogOJ(Heb4PG%{*;*e*_2%`ThUPPKo067EpSg$ z?3>7A5VrkN^6G^0e-tR%I3oqscd~R19%$VdzRwu2eCoFz(qWh%-m9T=@`OieWG6%g zrK&+P=^*z(c`e7xiKX#l7X4XZ?vz^fQ9gNP@7&ItYQ0Zgi1Lz`B!gem(;bR8^q0Ph z6xN^4fUENHdC|IL74{6}M@<~cPn7-#H$)1H0d7tJ-UPV@>}USXMw(AbA&+t@o-h^Q zDLbpVQ3`S4s2s5#%`-r>U+AapboINDXR?+($#hThIEkm|Lg57!=l{2|9?g4l2RHG z5kW$_K|s2ZP8E@oVI-v`1nE#f36WA7M7ohul zJZ^3X`S$x)l44VfkkHPOpCIvU%FbIu55A6Y~2YTM(OaB3gJrhhS{A+MKg~m=DF}fL;ltt>foSg!d0nlfr znVBi#*dRQOii&E8dRMSxtq8WjBSi--`3^yQj&IAc;dd94(qBLyoG&cw6mSiLa_Pgq z2yxK?&{cqQnZ_3nEuO}j-g1ezK$$<)p1YL&ZQm@dI&oC8@d!%_=)H~+uj?KQWjm^ek_^R zB%PP&9}NUKhZr6HosrS^w^5qBC8ze;={NQCB?BBBQ{ET2xj@8B4}yBMoYfYR9M*@5 z61LXm&S&)L7w!aE_49DtGQGZG>RG3%srljYHCUuEH<>KAXPu=@+9)`ql2`wuzvHM| zv7V;{_KPBej|2Vvvu?83TVP?zQS^<1CBL-*$sKp8a3IPi1l^%u@$&|puS~?(sA_4=P-Rt77rAvLNz%p#0gmy|5ZlSp zb*5h)IfJg~z%kw#gUOVotO^`T>w@TlJHv>2n8%SD#Ue}nLx8~Cx(Rh%`^G?Pf-yj- zIZO`_vsqgFZL7UT3hSR2L)`YZ2BK!(xwP{3b8E~c))2VXT+O~10)zn%fCqvsbeX|< z2M|f~tHY#Z{M*5r4MmZ5FnllS;DuYEKdu9IKVnZKpV<6_N)N)1-k z0R@ZVDx%^V_WaCj|M>^R>RdvTkAiX{q*Oc(*?L&m=)qHamvd8GGm07>Uj@qoxrX7D zZSEj@4yWWytGpZq2N=jwu~RX))gVg>@OKLY_sDB=>7(~=MK^|KZ1H#J-z)TQxtlsg z^6$B+`3elq-pm*xXc-u2$%Z(kGW78mnU<7)o4uBIqYv;t!2P+Gk92~Pt4%7Fg*^@{ zf`{`>^*T)ec#y_MH<%-8l~n&j`Ff1Y$!ABkr5?Js2p`dA?$L zda;!o{l=j?QAZ}2W);1yL^q+=C!yh}AvYJeuJ1DjT!or745age5Yc8;iX4-uJ$&&} zA@iqN5LH?4{S-DjVNvi570%s#K%L>~+>EInDMqLzA4iVJ8<4-IA!Efs!2!Q7j8o)XSt zGmqZ=41F5d3KaDpZ1HLWE(z1UIt<2YwhvM9SazDOLw%~4b@*fQtlDS<8LKR3<9C4Q znncDH-_Y0wMA=UAZUU)s`KdMe`0eq|(QZU#YLKlk#%iF@2HocQ7L%FvZPOBLnM#Tz{rW*M z$lg3qWGwjwkKRhJhpo-{Txgd(il1hTqGDd^Q|>z*mr44e3sY@E>p>K*0D36i$}JS< z*8B9rLMupYsAn!YBSUUsJLj1MII_+HOT3Us9sLW7Pum;zI`i}MPx6uB{cw%@ZrZL0 zCD4E1tpb+?IzyU@^aO5t)zCs<6>|;Y*>5FNE=ne(qnoY2L^Pvp3+#twoY%*kIz#BytB z*&E^mDT!I~Ey>v`R=%)Nk6-2+_Rc2i>l#OprN}>G`}TS4l>^8o^3MYH>jXzUjhg@@ zh|06h{1Q=76-8D_dsV`?T(JT6Op)rsQpcixA?2|9U?%sEK`OtRjw+i`yZUk(>y#Tp zDpC>PMOH9#FnBRgH*tduCl!(af5By+a{Y#Tnq{71o)VEPDG(o*+->H;1wHlFC_F-& z$!_n_$0jrM`fv=#xrffa1bk=};Di`!#D4VcI3XvFD)VhaY!VVUKChm}b5dSNT=9~Z z-reoXv?`ge!#*<4)#el_!^23&s2qT*vE2y*Xs&+Hw6)qa)nvlsDFiwjV}>;NxU=(X zXc3K=0%F6T5ljxi+g;vdmuc@@Zw`q zVk-?K*(=rdn>jq3&`?awvsm($e810bZ+evNCh0n~2df2IMfQ@oQ&&gYq<4n~H-(|? z_x;v$?Qz*ZBrrTDRvZy1O;3+fSz~Q$F7Fv^I3(O3vv7Zn`r+f-i-BAqF$BX=MVCg)KqvUors1=ae_j&Ryx+L> z#V&i+8^a~D!TF|11-zjA-9qm6q(IXKj^iy(TIdGPV{zbf0_YTynWuYut1{&aVHMhC zh^o%A^9oDcD_g`McX5nm0&Ko1Q2_m^@=(-zp~ce3&4fD?)klYW)P_Vo3}KmLdQrWM z7X`(#v_E|*7hlGbm*H!-DAw|Azs&-f&vJ9q9zTbE^*r1<4F# z=dKvWe~Bzn= zh(Q+(yt^UcZs}4iu-bX7$#~zYRSm2ukit^LW`OyM@557Y!bZG|3jDULO!*p2nluf? zk2=%`lak&btvMKzlCb4kwWP0KH*WCjBaOI>KODr6^UP43C+d!3@`toSzWd{syg#q! z+pIklz5`Z$RV@0E3=)e(4hwxZ2Z-3R!KIzc@lyiRR3Tf$b^1~7jOxC`+=va@c+sEZ z><}`E&yS11)z7ziSdGz8)}29@6hS=_^n>P}3j4hdgOJUe_NIra$@IA)|Um;g@5;qj9(IWZ^ihk2SKDA+{=1< z=A6qQ%$Tlng=RVY%CS5wG1y5Si?VlCbp$cR@Jk^%3RI)TzLTUPyU3}1nTg5x)osr@ z+HYS0G8QC7ojxthqgHn5G!A{d)*z|C3(gdo8}FNm*oT<>?Je{3EqSV7I%=tTu5g2y zZ!RK**J#viBLrVX_#zzQn|K!CJLu=m$><<;US~--AVhdsjKLx+piuI_S++9d$>hdd z*PoF>P{eDf8*)%+d6naV^iW#9xtq}W$ilRd{US?m!u*jR=k6HT>+eOTqgQY8*v@e_ z@`{?YXbNaVc;0LV%>>~kq^Qhva}}itXqn3Pi2=N0zUd{w6h-D;H%Ju4e<3QMUEn_? zM0h7RLQnhgh%hrf2(>;#nKu{@5dqPc%j#S>-SWauO=AVS=5cv<-BCCbe&U;2%iJ6r zLq3!V@^=W?pwAGvPsi&q{mH99cBvZ0W`yG;I17*N^};Vi|5x^OR#tM`PI6s=2#9x#*(C*@btQz+${^fvALqz2(5L zcWJ|f(;~2HYDP$EQ|THiUT)rs*I87e^s;L{eDT{sXk@}(?tK9wf(I3;07Mrc~*|3!Ik}BhXLDA3jJ$@_=R1wgA~s3*)@!(pZBO zr)bUb8#&`j0B>&PIRQ5KVE2r6{clhG_}iYzAepJRxA$(53VJZunR{o~Yhyy9Y^3U17MP{+Z+p=KeMd?P0dw&rfQ*$J1gvz5pG0AaRvH*`vQ&(y>E_|PYk-Zq3- zK__~g_aIzVBl$))8RuSDjwua|^Vbz-gQO&~A?c8J9A+zUaEbKg*-OnU!=Gdir<<8N zjfKiq?>OvaRf(3d+N}O?!9{Y`!*Z%hAbLy(S&wsy zeiGW5d{vwzVOg^kg*+s^v$n`;sBGjY*1F2vd-Gdd8o%X@m^MH{Ac|%=M?;dTQ32yp z;cY)`B*b^&Y6+2yj`IZL`~_rH;FcW_XI5U~Do}W$wfxrf-I$J-$n(<_o73U#*r@~8 zu6D1CT5!i)nFtk~XO0joPJEjTazl1M>*3{!ZbxUdEI+=itkjI7(f44u`Ia0MC7liW zn$4rupwYbPh}Lp(L*(7_i}8$p9#GpiKWDFCir!_ype*f?rxwbYIg(Z#X{}0-==tEd zq1ZhK)!%naz(Wyn>fbTF?q_zlEX&)A1<^puY^Pj@%WM+QLU#nri(qT}g) zFq<5DN>!fDoDV74HJ`waqL^bF=(AL!?)w9#2|a}IRvr0q%iDQ-)Y;|V+u8|B9Fqma z`qc`EeI}LKT2j&=<;$tvR{-Zx7sTm79j^7R-dtwlP2S$U@*oKs*_HJuEEH+P7Ei2% zgOf2~?&p|~uUX5&@<}Xrxpk$F<{u2tWLWQgXRCfBr&c$!ja_mK_Lv;(ZYbGLqpA5>(};O)3*;dpRkuFnbDc&VJ+_)6TAakUn* zgmP|M+vvfP;}{xX<2TR-h~Xu^tHR+mPr(uv zDtbuzhjBNTbH<|74gNgMsOz&{scvMn+-#Eq{~xi`y+;n=yxykp_$@nEXPVq1^0zqqq%9U9RWw5^Jkh0@S%Mv{6 zIG$Qj;acm3I@T;G3F65NV9yz(LdQg2DrTL~B_<}Oo{&JE`xYJj3JHlh$F6m;b?6*4 zf^i0f#~*z0fjaVdf`X*Vsw+l#Wg>$;5;X6~$NR{t-f@g`0K6PY{Q{ta ziHQkpTCQQyl1)Qp5- zStY?khHPHt;UWHDOc#;QfZix5fi)4`$`~cFxq*65up9@-)Mk&X&hQN;-U?Rxt0iq; z=Je*N_e3jPGGV)8d5aw|c0%sO)Q({E>-1(vki0E@KC64L*F6CIlgstO_*rW|NF6b# z$xl^ob6pc1nOne$<`rEo&jUNniVR7Z{6__mpXJh68D8iSl*!Q*bRQ`X#ma*Z7X?s5 zG_>xGl~*0^9|4!+0!Y$TN)WNi>}~{vMmb0oS%!nI9Fot!STWR>t@lx4e|!u~x;O!Q z3ocGqAn9=%;(o56us5^X9}i?(l;_-cO)Jy{L4P_yK|QJWuqB67*e#2}si^tvchZ-Z zlb*@S`n%JQ2(llLIDjJHrf4#b7^OrBL20+rEvKm7)7y>^kH#UYW?urGY8Q}V6@5A$ z-z{r^f3|2yA$s@|S=`xshI(P_y4ugi%uWASE=fYtG=K&Gpr+}>rnSE#%&BQ)0G!8Z zf5^i5;`_@}p|{dY z^O30DeexX*P?b_PrVle0BWM@p-%JFUUH6l{BYk^&FFuvvq%=J6ROn zuV<+wd7c19)r>~uFP!ljZ{EJ08>s_OxOnRhqIeV!i_#{d3h|wSIXsnm6h8Fn| z@hQ-$P~pj<1(e@lk{g@8;IEX}L0thbef zi+R!+Yd@Yzb>Gh|jl|xVOv4P!DYc4oo~#vk8xa3y>HTY#@)SQsms@(fK`t(@tt_7~ zFw#SV^qgLV9vIR)d)8s8Qi{6kXRhtW%2*B+b?m|5o#l^Ew_yO<&A@qHrmkP{tb->* z^KLOGQWGy!&w6+c77QeDkMMLt?}h2xg%_6d?Y_qQOad=2zqE3*S1%(iamqr2>?t?P z4-%CQ6vSxu>&%iDR2`AC?MzjAihY?D;;SGQSdKypcqFoJRgvc3NDQsXJB37m@cNLM zAzHGKejYMt7%raU9g;So8&BwWSw|y5B3Lvo7oL5NV0-L(llBk+iP_UbzZmDcwjs2# zKkrRm#2cyuIe>+)qM|Nm5+@BZ0J`2P@PsQ)`%(9hpG4S(qsqKbXFEA^rmev$KLk-Ew zM_YzxC|Wy0*s>QKraK7);{E+Bm9C>Y@f&~&ypDqXJ$S12uYw-nTfD*{3!flw$D!t^ zSm(NcB7In|QT3R&@eRN9Z@9&-0X|D6*HSTJs-?|AQ12~od~x|ssrt{QBKee=fRkY& zVOgNNy;(KsY+4dUR-3vFQ2v3-ETk@@w~|4E1#tN$-T;O2_7kx(KSjzX?66{@x0FD% z?|PE(Y#g(A6`(bz*hQU^qA*{@P+>i_KHHU?8h`5>O3Fg^^RFGtgU*{Ol?1n@sptix z)4UrPfV?#-^LAtagn1!}F0@nD)onlirWu3y=D=t|E5(oaZ8}9_fnzXTTGK=C|^)5?) zN}DNAN(u2?*>ni-3cWwEnb6whtg^X(;Z;-f%3OJ%7gxjXRDIN!ocgd|{zVs$VPD%~>NAd#?2*c6 z$*tP80Bi-wo-??_@?@_d=qger*0#O;jR+Pz2Kb7mFy|zl8#Z#ompPfZtVU&6iiZv> z9lXNy9}WQmdqO0x@94HVMV-Sf{HrmxII>?7t}#HL#iNaW(#+Y=dS=u6QiF(K_i`Q! zz_!M=x@5>ksr8RV35ce}`WQ?0SRFSz8Fy)eW47J+ zR>an0Z%|^q{fDdL)e$dtTRhXtieVOGg3a)t2Rx5=(>?J1KX?j%U^XRiIb7MS`txcH zJ87QCL+1X|K1z{Q4`-mB&l5g~-T9-q75JvPj$3^1W z?y^703mHQ2`y%mDBEC5DNvQBcJ8uA1fQZ__30RREz#Ips#lprWq6de$@l?gm=2TnW zoVYdhaP}^UgFELQlBJ7Nfy@ha!RuOlkHAjjlTw`v_{$uKWBiuD_zSVW6XR9$K>lG) zQE6_!3*p={ir+MiYxJ%iFhZZ!l?79;>d&_wG@uE3N=$oN7X$4fnSf70q@C$7P1aIv z9#egfbcfXeOM)6xugoY?zN}JTgJQIxR?O2l?4vIdqX>x7l5*bddlVcGL#PTgXA=9x znr`;umpe}h3G*4t%4Vu$kzG%xIq{JBjPLgg3ztwE0A*o z+F|7+6`2@3Ob@!VW|CPm{H57dVja!J!|rKm$K+)%XK+VI#oZSY0Vp&@Yyl2 zY=i)}Y}e3+MDE)CQ=Ecd!FLwKce4_&K}O1^+`hTVXOt^K^L8nLf8?+Xv!dq`A1C5V zdh5Fl;s>2%nLt|lSBwcME=kzKt>#$!4}?ooylYg;R`g9JeVUFkR;#oLFzkgs)q-HR z`skM(bOF17;aRVA3ImguA&smLZb3_6T(y=a(eg(udTS}Tcwj4OqOL`5pq&slwgl2e zzg{SfB@u(C4Q_-C)%ge~q<*z;WzMpX3X0Gg`Z42S-Hwjp*Zu_@1|n+Rv}ObHNPd0* zmZ0f8!zZGrhY_1{)>QxdDQc|kHOTY=i+X3H-+q0hFfhjJb@JAB- zuYE4a^;hp2V&P9)bCPRe0eEo5d_#QZoJL@o@Izptw*=oAJ+RWBRKRH^jUnXS{h9D1 zKqWNvz622)SeYEKh-v_x61kQHoq zAbaMbxy0{Xcd&U9yciemP4?o;fZQS|I7~6E!P{|4n?LJ~3 zv%-^&0j6wbbmkB{D0HwaubUUD28UX4*ln177?ePc7K-jz6zSn(Y+%NcZKpZYryeMh z+ar#((bo!8F!^Cs%V0cQD^^iW#Z3S~xSk$nol=|B;>{pIw~Kf$DNbw3oC=d8vZkIA znRvRa`3=5+3Qrl_*bS^v9nNdoR@(puN_tIT;Q@15JA#1d8nmFz)%6u_YxDoU|2!+rbP3leEO^sdBBk5vD(m9 zTY&`HIU+ugr%95Z9spI;aJ~t>NON0;<~nq??$V#jfjmfz0i>Xq&!~W+04N&ki$kHK zUVRG~{@enI$E%ObFV*D-P?HNk%iEPBZt161^z_T>bdHtnY2iDWd5)RatIiR+0_8IlH0>N?t1fZ5(Kt&ZRIV!Ctz; zo_TV+gq+3Dvu@<+=&O~zYLRBany|7A?u-edEax4H>sc zl_lR-I_RV(oB!hqyUP@!h@YY|mMYSuPBIMk@L=EoVStr*5@l0|h9Tsd4X8M*Mq$OAuOp4?#heJK3yug@uxu zo|_K{fDUOZI9FN|9#)5oMF;f(e%lEv^Rmy-r3Imn9wX$G4@uQWA4*dro9}-}ry04}VbFkT@@$LrZ@NNZ)MCh(kZ*8?(>B3T6egnxtpjPif6^5(R>fZo za=>B%xerb|HNj4&7=tYcW7E<}3&?y8f3@ww$!Dz1^(t8Q7hOT8h~}BB45D3i<P&mMSkZfz!Wmka)#SCTA6KDf=tK*UE}9#7gc(ZQQq#1D2{DWBGPZj13!-H*v)9 zW1JpVrCxCQ!#r4yxq>0gG7SWh%9zN!gEgwL9=OC02R8=B}C! zKOutXZ%7Srst!_k$JKn=O?{`2jL>8B>(BwpqKNens4l(~d7uK+-g6Chv{88`<}u6r ziR?v^%g)ekKOCpI)aYT091Ro|(U8W*MrtL!?`^Q)HOzw5z2)lVF>X~ilv4646Z3fS zJfiyXhQP{O8##GCJ{PhbTud-v*y z(x0s17WZcpfKT-G+8SQ3eb+1a$Y+?Imev(l!mQVlGPdJ&_@X%GW3v_dwWKb&&7NP` z^VxdR8U(dTOe(tC9mC`jLCmzL%8p)P{EcrML%d9$d}~AC6)P>+9>xWL&p3zu83d_H zvBHkr5VOBhFiG=pFE0x&mED3*%^~#Rz;Z@{=3AiJP5+>7tU?ts9U*=o0Uc8n2G_pA z(%RTJOy+jDe=u3*eft{qay1`6e4qBC7_PoJY;=iLyoj}M{$*NWSV?nQaR;< z>W75gnUJWP#m>(0#!kL<9U5Iz*ZxgZr2kZn3r~cQ$3TlM-rM13x1h@3F~iTfXM**oM9BdOJ$u4(Gge*#B^vb!TP ztT1xFuk`-B)H@GQ$DkX;t&eLQ{gV}O)lCfkoGZnm zYbeK425dZN7}J&}Fw?Rmr+oViC|-vl9;2O`&zKm@Re&7@7r&KHP%WB$YFYHK*yTo zw1|sIFSHNt#~4_svh!c@FaT9JbATNYh~}mSvS}7nMCf$)g)W3i+cf36Xh>^GhXy6m zp>3tMGFg%i+2ucM`3~Z|b9>3rEN*2LJ3HgP!ob~G?+2+MDI6f;45aP9R`1_}=p@LF zLS`VJI;x%VHgA@!2uzsm^xyD0lvpyTX%vqZ1o0lnvT z=%U64vDf+u;8_eq$oy&1QIdEfd9%op!HjSB!!#^#?J7Y_wb{Io@!vO%*%;U(ZuGtq{LiRANsCr@)uoD>N~j16K_c5!9%gPL-c9YR7vq)?fN<95OK zPnv;14dFiS3NA-S$FqC$ah|sQ$9l!!^9f^qRW0HskIjt@bg68IAJnf(T^qpZijHzDcOX>^i zW~8z;pQgU`Sr3%lNA~-jk}Z@bWg2J!Zqs+hUW32?EC9cmy6<&fn$JU1_N41d)K4yS z5I3nFrGTE@P^KCAS}^*Q(t;+;YR<;WRmPLP6iggP#XIXcr;~QYshl-6EdJzGSJtpA zzWS}-QqKBq`=Gd@W_5RW*QOve*HG!Hqoe8BfMh%A47Ul)$n|H>o}G=W8m(XB05j6* zT^|ip2*_hp2m~VAZPPAb>)Y=mMx^Dm{R&+LhtG{a4^SRy=oxos-ZcHma@O$uvu`nf zfB4r^#{D+ZADN!cC$(nxYTmyGH6EWs`3PUgf4=iRd%wEc=XIwq`;OX4p9{ce_h6VL zXRZ0wjf2nYu>ToQYo`N4nz7-xTNs|)f(K68)bZQLzwQj)rq1OH|GXgClNSW$&u{Jf zb?3q>d>_m?{(hiJ&>#Q2cedZ=5a`bG5lG0^{=UAblbhQ}+?UfQJ7;v#O?pQ@&EUQ4 zIgN~h!!Hl^b?8q_4P5P{A;55v`huxy3WLU(R-XL|-0Squ$qQvBI=z(8IIFs+MVr27 z^A7v*iJiC*;`C078mdqI*FZ)N@hn&IhO;JBzdRX=cznJOZvXa}CpN0}xBegaKY9r{ zbN{3N|NoyhmA?(j$rB@Q`_I$faX6dK?@a$=0ANO%$Kd>9zptO%z>+~d%H((ZePXCv ze;bDRXKMuGe;NucbV@KLD5d}Y&H3lxW!8<||7|e+G9pya4Yy^VfU}qT%cxq_jQwp} zz+GPdK10vOJMsMX@vn~hdk`T< kINIMocH9{zI)~`aI}hpdE2D*h=|3kcsdP6-{Jz)!1NEuj5&!@I literal 124871 zcmb4r1z45o);5R&l2S?|rP3iK-Khvji!?}=bfW@-bQ*x9bR*IsjS7ggbV#Rk{%bRH zCeC-h?>{rw%rzIV_kQ2^dDgSmx?}AiB}Ex*3{ngvBqVG(SxFTnBur5xB;=py7vMLx z#IJ(kf0ylKwVog$U8O_(hy0ePl@NYO;wYu*_`ufG(Z#^Q1j)|8+{TgB#>DYD7b`m} zC&%V>^H?OLvqU*bF;!RHm6N~+Y7dk4!p~0e3D2oy*J$*sLXxMef&#xs9&wDPL8Zmy!tHz1D} zx?gh|c$}X&pzBe(r?p->aArH(9*GjuW`sr>O~lh>bLWNAJ5 z?L)3dlKRbXW0Q}wGlrdistwbQ8X7g-2C)X!`DIn-@v+IDMWueqSC6lkCi5R(E~$E> ze=tG3h3vn-O9qDQc~%|w(=8%wa^3%aP2}a|gnXuYUn15%;J;pbWqJ9f#nSmZ7Xn>E zg3s42=ZCykzZm*u!Pb76-xjt~5(T!yjN^~sFvf_z1}oU|PgjuKuSwv)Ux#}SvJ&pd zp!|~?Q+e>9JF$L$?ib?r{`(EiGRKJhr)vNQY_(V)~*py97NH zQ384Y*~NrCP8AeWriuQSYxUb`ms<_z@|0TiTNr&9yZ0YXOy6SZ{d!Nh^8fajsz+wS zB__5LbzWHo+;BQo9ZM0|FZV)3}>P{Urm(xkPCP26#` z{`ZCG>$`!{7M)4Kd!a2|E}G|Ka7XmbT(z?QEqCO2NumVS|9jZKd9QTm$=c_~Z2YYa z%DTD*E5!M!LPF$!jc9bi%a<=pcu@-r>#_`|q`!Y(=dri8vpo0=6Yk4raxE1 zWqmxqxB0$fZ!q`oiF8DU%Whv`)pXMA%q1{M$Rp=I@(n@3nh`N=?Kc<)&x(rJ^R(zk z5?{P{5fO1E_BzGa7={Nu4JDqL+>=v z>#H8S9z1~OudlpkGm~?l;~8f$&khUEf=$k5L{23#g5GUtv`9-!uZ`FK__?=3L_`#Q z8y20;B^g}pgq4<%n4c~;#nZ<~G@s`EO6N84Q+ds$D$Ym*@0V&m>!#fXRG zzPA=?jclduudU$fy8rw#0gvr?2%5ImO<}9CDyOa4j}!%m%PwAh=$IF^D%!Oz9d zuT3xb)bLgwe*ULF$_OH5+HY-_&Yv&X!-p^1<_-@J>GbS|c(i+jDRI)K`6VR+aRgj9 zCZliOuXEhkm}+{Esdz6*$As`Zym`3XS|C`?&A0pEM;kIhzTwK*oj9FZ_nqb-g10=@ zU0sw0gjW-VJk*JtrnlxkOB!mqsy8AstGZk%-oHH%U+{_80Fdr(JqRhWSLmZ9cAe z6!w*&VwB1s<<<`t2ROZtU56tSicVpha#9l$rl$>^RBbeCT#Fe=x!S`>P{TSqj}XE5q5l2d*Eu1$im<&bjEp0<^mKH#wih3$rPAL|5+o6DPWZ6VlhUM`#Kfvo zu^?y~up3#?tj!5=8$@tZHGrTkj6wq0@&I;(I_x8@Wdx#Ucq#*($u#O~@wwc>I(d0{ zIBdy&w4(dDhD?l%r`wq#25PRP+w2RD=H`o3XZtdQ9;e4{4+92y{`~-=b4f`_^>$$I zt_+u24VNr_&t!X4<+wbM&sgQM9!$ifYF*VMXG^3t=sTmd3OCdYU&!n zrN4&QP;vTV^QczFYsq%hA3YL!+?4>wKR1h3*ltqvgXm*vGCn1zw{IZvz3dk%b>CS^ zCUunD?PRyJ8m}Q~d{ph6?O1({5pnzJ?Ogi-nGTW z#lJ}SP_ap$w-Lso*910YRXD4ApPCg52zu@pm6x*$ct~1V**GQ}BCZ?BK4-{P zf{q2%^K@Gqb%V@CDahwGUUPtrjg2qjxDfF{5Stu2Db)xC z=p!zmV3Q+%3MUeP@ZxwZ=)T>a5tvp{u`hD=OGFvzev&TQ(niSd1*~5<)vrl!i4>8@ ziB}!6^7FY@D(UIz`CYabzA-L|jMz*r^ydy1JgPRPhZ7eX8mdNulbV{!V>5cIlJ5%b z$5qs@vNA5MJDOFF*_+1+uU=&(V#7gH`PLP}V;4elTiX9kM|bxi+S};pv{W(Q6%}@3 zJ|xogSGPyq_{uy`d}?v}rbzx8#S@;t?#)T&-F(?n2aBBGreYat zVg|3v!Ip{9t1EOn>5Mb2M9X}CE*GBb^z;n=*cB3zY>W@D$7?hf*y1*nC_JrJe^4L{2@>3xqdPBUd|M|SiQg?x6q zeS4}rvzMsjTOmw1au;iHz8Mhwbqm+WYnSs-aehnZBMETnpbRof(3q+GIs$okz$LW~yAdU})uH6}HUwKjat*3VkP zrtnmwxVgDi93VO2XXoZdzc8KpE31=;m6FJ$V}~t>L{1 zpTf`KB)5O^)*pm=I^P+?T0+x8+-yN_K~_%A;n=$OO(x_aE!XtSaAm~A{4Q?p4?6Fm{ym6r&ZIqv`7Ru;CCl8CRa8``zR6=fLT7@C zMVu^-W4F(*fT-i!i{I6p7338Zc9ckvek2OIIe2>3&?RD%ySfdpESL;JE~Xa{cxb|# zHu(DW>uhnw$sS{JyyFie%p+!#qSk!nqmF%)@2iMKylV)XKF46(8CRlP5Tu=qzK&1Uea=J_ zkLMsb`wPA4->E5wd!3cw=YBN${{CKA#u*f>JB+iFwr9Jx^ftaMii!McL=GQV1lNOZ zA|>!U$xE$n_G{>MJVk}ZJr>vf=KR;UHzPyIc;zKa9T!zPv`bAxG4AXyX1=4d@ugLx zCnpzlRhk|tpoaAO6H>+2@Igh9QPd6`A|eMG0f8UTtQd~ZLQ?^5%B^UdfsF|%HsjxaH5SYMxNJd?~7t(*uG)ab7)6ewMJ zdiA>UVdQsI{70-NvkD60oT|v}J_QS36}m({j!ri{swU!d>e*33%BOU9ci{D9f*V=l zI1mc{*UMkzRJ&zD& z*@Jvn>8Y!Ma*Cs6fUD!ooYDZ9G^fI-v0(q`BxNY zIauJ-$)GBj9DE3nY~%qaQtRrEkD(O;at8t~YsB`sYh%@coJV_95$TUn&>YWBy=E!- zk~<{~CtvYcYkPW9NsRDCz2R>z9$>q9zn~YBG^Zem)dZg)nob-A4Qe&7s+bt{>G!c3 zx6-1bp7y7$VHANnzPQp?pGy@@CJN}q#Ke$lAx9w^)aUR|Wy)&(%E4Oo`e|DuA{XdX z*rk+}IYL6JKUuYg51?^v(_k@sA774%yVY%pU?& znwCOB!=;Q#zGo*{GKu(WATE`EpmImE}WEkds)%*@Td=BDU#z{J@S2! z{p@-VDvpwp()IVDnfKpyPR%e7-cvRCNb);nl;cJC1vTtjS{pR+`6(#|UtV3H#bjh= zu3AE(3SmZnsox0M`Qgo9*ja#V@G4vax3(M>6Lg_R#u!Gqzg0!+*%3vbCLIcCEH^v* zTN4>Pc1~*8H{=XGs>w|<|I(6@pIwQ$&l)TyUxbGbE^8I(`!(@Ltvcio3RU>8CApxD zqo>aTwo}deii%S#?^|rtmJ>n7!|TDY&3;pugwHN+d3l+>!e)%W=0;k1=DoM?@B8h1 z5ML)6s&Zlq4z+`3F?v5wt2DhxI!FA7cocG2%8BTZT+n{m{2@8Z!}2^hQFwTGZft2<@s#`O(fYePdebw=3*SezxjTZA0O%woU zAzCI;;5Zyj0n)v#+N1Ekuw3|ETtdR6oKQ^aht(u8kJT&5qB}-?hC(B4h)QlaHsFhl zV(g2iPf^y(sR%g(a1g^Ww}l3(>lW9zCTmj&B9o}O*7of)1?J(8CX7T$1%{PZnN#&W*%>s#J@ zf$z?LWFuvEGCoM2v~TNNH=`miJ*stAbJ%Qbe_Hfnb~>e{9U}q}G<+5o7U_?xQa^o+ z6x`Otx&63Hl^TupCR28Pe(Wcx&v7r3tAF_QH&93WBIROUy!)C{Y8uf+y%_h2|7EWU z=qN9yIoA*4!*D~fK@+N0CP!(=ZP&$!C_dw$edEb1F9q49vA=Y7M(q#eKU8ZsoNQRT z6P|Fhi`eKYQB8h3O_xL_G4wW*PI5~GA!NLYPlZ=2nQdywc2|E~V@r8hZj}ugP?ijv z{F7;5M(c2q;S;K3e@a)0Q8L*aET7-Gh8)XWf?AoL27_yeTm*f;9#3do@x+Vj=$MI* zw(syhE&+bK^sq3StkEMzF`tnPCgM$hMUIADnG@qyCH2j(M1L;3Hq2hRjbcsmxq2>CNyvHX0Xfqb| zf{46gR{ODXqpsY>{^kthZ1cqN*9qCzV$V>sm2N|xjb%O$%Ui(~iNA9gh?DM*d5z!w z;~u|9q!8`NXaKHgmQ9l8Mch^V$U6)=S6fj^3Cl_Oj2)kUEijdeT%8Vj6y<&f$DM8( zXH{9V*w7!bVbmzM0aeOmjNNwIGHz?#i;IhsZ@!5Vxa-45#u>-*FrcEJH4U4bgoFgY zI929VQCDi}{QXAEG>l3yGCn&DrRY!4H`tfZ;V7}VKlU7Xa);uDruBAL*)zYUW#N6y z-)_58Z%GF=4DyuE{s#4R)G)c|8{7vBg44NvO%$%5)Gb#WP;p33KA8l@Dag4cXwcg9 zLm^R?4)2}nZ!m}nY;NGNpO&PsSC^K4ZZBl%)6H;3YoOff%smps{m)y20mfI@ z%wO;IAqvy3=4y#n#8KpNes1j0(3lao^=iix@FawyM5GZYzD*9uAJ zl_9@2Wt7+M5*|0UPiMX=)2#KB25LSUvF5UyoRb|`wED#UO2DNcrkPq6v3W_KBp4fm zDaRyn>u#aq=WaS!yrKw`lkCeJZJ_{z@Wiz~pX+gH3r|Er|fArYKHaO2LR1ly3(+r<#5{K+BT1 z*AVSodJ&J^-B;{lG^isuPtml4+R1O#ANCj0E#5UV%VORFkOKrB&HD&ZGQQy8;O4a_ zkjhtjUvU^Uf3e?Ndo(}M{Q>81WwtAWRe!RFR)RSCtt+Ywi^4rfb^grTOZ^HCEyXF- zKOSABjU*k0EqDnDTA&tD;u=k%nUE(eq>?%(Z-zMx-~K zx`8_6eJH(k1sH8k^Ip2#eClLWoVQ0k&UWM9ZtOIWx!=OMSbOMa^%nx>Jx-In3s z$5xZK7#PeQREB&}aS9ok$k?u;#m7;Z?JRL0?XAD#$=8lDY72|rT5GM%%1dCrBppsk zi`R`B2KhwZMp3ZqDB*0b&Dn*8Z3N{48$BVMpxvlB zI)+rxQwn=7)Z9EcNQ=C*{fb3d`P;1^^tj$%QDzyLj|IIB2`hms85F~XJKL>rT8`tk z`QG3+cv;I6_#OPlHK_GOkq`}(0CpSzL1kR~%L(MaZTmJ;$^K4eP&I?<=`WG92N^7~ zwzaT(lm;|HLXT)Dd&Xa6KggU;krFmy0)8`pf18^u9D_bGIV+!0)N&U>GQ=vpd*^ng5 zR&7Ah;HI^NbiZ77x~I(l)8W!L=o??)(HbX0rO}{9o12>}+4=J2E?xASdyGHcqSYde zG)x`$7Q>0^;C!#ts3+&%n(If)$k?t%n<-AYr?Kgp+tMS+?Fa{QHa1N*k1_lOKhLQR+-)7`-3rDy1_kJkVj7Ct7cw>EW~<}Xa~6UG}{qPPa}-7N&h?`;B@z6eXI$h z;OSxv(LuOeJ>K6;!_aELQ79PiC@J9#nzUD-Ar*QR$YZxMTKRzH*UzufFVI$q`MTbT zu$gS!W%`v_<8`DyS2<;S`qS1p^3O&m4~c}YHJmD(;Q0q3AZF*{_gh+84A)%`x6LIb zp9hy?{E@E_YS`?Ct)mSJT2^6Ue3v;1d(&%BrR+r}{Y0RaJvHYLe{~8^OMZzgb zTz$*BZ2_Y(3^HU$|lIPUw{Mu|{T0Zalv_;A3ALQk^$ z!ZWW0sOnaiUKof2Zhdp{dvC957RgGwu{lZ`C@7JVCmzmzm;f!1ocuZYXoG@+?mZl- z{s`*FoLh6EUmB3x!0zdhmjoYH%(Di)eEG!6jx9%-CObPDUrYg*Frf9LOyKB#&+MhN z9}iR~AR?k)!*;ofZN1*0Ct#H7+VEF#2)mt-5rnx%uKNVlD6XJHLFqNVj%{~#dV)tQ zO*&_3xlE@~@nk;ia26?iao`ige3VQ$B@rQ^_Gf_Jc9)&MXmhf#P)XtYi-=j7qw+N013uVpPL6>1q?$O_y}>jD98viI((DF+&ezZbw$ zEt3fcXe{5nAM^wC1o|}qcC~~)C(C+)(94L4-5)G*UeyjF7JddK?Af5tNqkJBQSL=+ z8bx&dmEEyw7kZp+#Q^U6@>|stCyF%UK(6VA^Vm&xXwjSWx;&+X~1=P@L(($n#)lO6Kwc0fUc^yhQ<{aq2G zAh!GdWm9wW>{o(GB0l4#nPbRRiT`qn{2_3nk5;2JP|MD9A(*;go@bAhSBs0B{VWxl zzr4P!)-LAYP_ovJd--x?^3WyU{zfDR2M0PF;BN(AD-@NKsQ8mlX4lo#d4mY>me*E2 zg;J=uw>O==sGymj=q0LH>}ql-Dh|6zC!yBuq5|^%)YPwt==!1OJ1%6@j!{D>OTKW; z4`d{H$@)^WpWW}mF_1a=Fp7*OiN6avg@q*ed40e6`SuzXxoG$CQwk+&y-8o@l&Pq1JE$w`63e0}S-`XNHw5h3B^Q18x*z;EN6g8g z6KL2*sycyY19`(x8XribqCu<*0eJ{rS7=nKTr}g(!Zp%_bzl_IK#hs(EZWchh(KQ-M@(-1jMj4xtC2;I$d;N)+(<^>#v5NlA+3dnAGg9Imi8GBy1P!uU29 zO#>83Gt71n$=Vd+SwkrVuHyQ+Q{_dM@*QD8mtc~BtM8fllSHVe9YNPX1=3JcgL{;` zaqF9=i^>gpIh03VYeHC1(6?tV(Yp%C0B{RyR5aRU3BbdZ zn0&sfC9>=GEmcazBJ{h(9mjwx$`+H(`>ya|QFt&!9_miyh39Kj4ad8LRbU}hv zOF1nqErs}I63Z=a2m^k|8NK0cOy@=b8VXvN_IeGadh=EXYW!j9+H7#;c#%m-{o!xOkso2DoLL22$^OB#G zYP-wdIL3eg)EY2OOkD!mTfWv^YAWBhH@&kXIu}q<{_XIJ2in^1TEqKGON;xKn)D-D zo10!+zhpGj?)ib-#I4`Zz*e_Etq_>`yc`SAOb&sZS3jOBK0bbcdlSD<>HY1M;a_LR z@6Kix=4=}g^e)hJXQiI%QWW(@(ORllr(5y$?RQBaxr^REFz}7ltPgftybZ)wF5xMl zi{MOkq7Q!kCWcbg^mzh7-S}KRX;GTkxk#96jQ{2T*4R|CZl^%OGZ=YGHs;aiv{LF9tPtk*PzrJ^QJq!d{ z6Jz77-mmGInGeTM)kBo&MM3B2wCw23P?&qRlaFj{Vp93=j;>rt@wB+O_*GV&tdcR` zOdY}pm|V1|IJkV_WK(xlRbwc-8Yx(BKJI(+m3ZNUISSf~(9jR0gn5&|N0MiC4&S!( zZFza^^K^q7=`|PNXOM*0uyDluJ%@j7&a~xX-Q4JUv6JOs6QF^NXcll`k$`55s_?za zYJYUp!*7>8LavI^qNGW$?f*ySX~yGQF;pd=yEcWr`{vo^%vUin1k7YK1E1W&F?dr> zmo(}fw)dG3(vyaUhR@-)TvSfNv#hKvJ=hHO>V|diy=v$%j$7t^jz0Q4m}8c{ID&se+3!xIx#kEB$`k9lHGc=?rr}$3zQLLpY*d^WV zFp-(s2uh~LdkC*yC7sLHe!_-7 z*^Ud!X=9V?H~1pE-$F-5^B;V@zwfH{$uEQj_?48*q{h1J2y8@0t1ve|pBv#1O_Ud( z85yI6M>q1WeE1NxzJJ!0$G^S;aL#LLf*-z&j_SyTk#ft&TJqR2>(*#yycK)a_v4eg zYG1q;y2Ia2FeuMJ98mn#v*k#1xV!prQ54r@rMDr41bjHqToSyQN85~reHp6ouJ<}}7BVro-hh{pkzw$}HRIEFf$@;(nVEQIEt-dW z?0UvJIthJA@*WopMO?*1Dctj|yBDZ$jgr_Lhn)z?tR;&*v+MQP+1d&Sb22qGy+Kb; zVtVZetSwX6-`r5;j*hPU#X`#Ik3e1KlN(R}YO$!>wY8;MmIfdwvUa5O zad`EVn(X7YKO53}_iBN3`0>&9e_o!;uI%QeOP3(jPj(7@SdM-n+B}mo?B6e*`cw>V z>nc#^Mih?iW*8s=lsE}UAfdjAq?G}^Wx3My=hwHHoU-vve_l>b4*DEMnaPc?zdtJC zTJfxpqJ)q^-_`>FQOG%hdd}d2*w}cTlutG@4S1+LGX2kSEacv4m_~myuGD!R!1?=k z)8wOg0J`3LV=n6x^%{!>vRYasVR(}yn*RLgeY;eklp|y&&tE_9foCkZ{56PPlM7%E zO72a(`uo8TKKJ`N@?T}v^o@@Jj0VB}+}}U@)?)CVTma_}nzu|xWAZzH;Ke5w(NJ*Ij0pj16@&EKO%f44S*q8!C z&OdP#-&x7)GkQv3R-fzsVPBV)Ux=U2pE$ROO# z=RfRAii>~BP>6@FXx;|}Z6hr(&1j6QVWIL|7XU-PkTl+ZeiKCTiHN`aVAKEqwUGQJ zMBghd8WIcfo)0>}U`E@m-#!+76C}9b?&ZomSy|Z%hdB&H;{WzU0x<#rN5egY=J&sc z_khV9@c`(XLBQU;yvF8m5oi7X_o2W!I&-+&{A=ICm4E-VX%K;b`!s6d$cP9#u*M;v z^7bggxk3mt9h7Om|GAkKVKP7e!IOrXdI}nF5VJE76B*su|B4Wf;NM>&2)>5%o1|{O z3F8Wd^`~zTlJ&nmdLn|v+6jX9Tqge8rvs|+dywVY_HWC&_#9&4F@Q60%OObcl(@dW zzR@ZtOK?Qq$`*%blC=cp_qThPCV)zQjZHTlG4=5GTa%$Om32PgT-AcX7~+1s=K@NXeR>M@>Os%98YyD{Z=JsEg{)WvPZI<9)?BpvUp@@J!pPs6+)<(Qt5Vf?GgE z#h?ET&$!P}(PirNwB)}%FmwiBE;~;`?lxJI%7wbhw9+9f-!lvGY|}23X(ON^rmT?k zhihP71dt}^w4^E_(WHj9Z};=d>w{nOGZV3lecA{&)^c7UaLam{)z10MloS;C;`tds zngEy=_BlO{WzsNCjAzpmcHdqA&-h4Vwth62`ajpDoT_DwiCKfvigr|FH}y$$@NRFi z7{Z%ZT6llLQ$@k~7KlmF-=CKg5)h=NmXip%moW>2?n6X#+AtW5E%|_o(^%HXXa)?% zG&D4-?Lr0y20#>x9c*tq5-ll>xSkm_-FO}m_7tkac{skfZ-+rt4Y9SF9TnAEnBWR5 zBfy!xmEmZx+}yHNv#`jCv9+@DgzHw=w+xJ?$%M-nJPyF^E@ySxn54c~EN-{hYhoFv z?&Vd>I-@B=z@}SM;e7&~`ww71L$=hRVZ!w{83yK$tWvwUxb}VmpI;Q1Q$q>8fr}ig z-UA>`Mo&TJ@_8WtN1p#`Vcc)&HC%aB+}U{-vP8z<*Vh0KLMVl_iL8l0T8vh+25+{% zXQLi!7`U82yX!dYu4oB{WT#Tdo0w#*sDLUY3g$^%az5WNO)#opTncDzZf;$#`%qX| z=baI^q6GKHlo^B?mYhmNw7mB|>>)Pg`bVqb)ZTH;k2VyYU^{-0ArSMQ;slggR_X40 z9y#ydw;IsdeFpU-Ej2YXLlXKrRey3Ykc_`U_&;K&B0qhisYT~WPsA2CG>q!%=Xcvm z?{scy3#VdYyg~Z%MG=cyJHnL{dLgx}tgP_OJxbJ}S~yq_F>|qa5k{2wZSxQRN?{m+ z{{H^%d>EcXP$R(WX^iegfd&Mo1@c5BgDNyR4|)BA^{~jHZ;g&c5`1OzqZ~WZX?cL+ zj)SBWMVdVpGz=^~_Q1-s>eYEd8lVu?kcBmZ0~G$|wTMq01|BBJ%Aa;rU^=9?uEBc^ z>04Fsj_rds`3-$rAGNwT+*{T)XGI1C;<7Sg|4V{eWdLFk^s`4s43P#h`}>r|#GfaQ$xO9OL>Mik+6#tq@}opjVbuVK=r70TmfuzANy%)-Ys^F2T6YItURNNpK&?)B@&QQUAOLCilXP|tcPxpl zt(xCBx#imOas=9@ShEoawW$N3kQK*}i8X5{-#T!1(rMLn8wP zYsq?lV`_MKIKV&_T}i~n)6>(&#ztB?;Is3%^o5a}Rp0kfZ{7sAt{b3@s1%=CEE%@H z;N%G8_c3tCtlL9y~sVl%)Hav2xq`iiOBkm<Z+Hn8=?ZE{$P)2!z@gENc{K|7Y4MF5mYydhY@l|gJUM#4W1S2xFW#Sy!j zq^4R$LY`)9u4IZBPpEzkoe&Ks+CwEJJD4qD2x?9^Ckd+ik07M%yqy5kfHxt*!BMl2 ztW+y0h0?igM#|(sKAyrRD@+LKvrh}1zA@W7w5w0%r z93kcqm$v_S@Z??qMe<9Hq9-yfXS5yKWoF-iK6i2>SN=i9L;ZXo(eN#nPX?`lWz}PM zMcJIHkpPF%7aHbl7>X-06pD_Cd47ltE+}XN>@MpIfv%3z+)bR&m^70=3m=7oilvld zy0KQI-*}R()Myen&_DVz0@iaT-=EFsX*O+o!c z0Oo~C4leiYSI|6+?Ad`8Vi}4xG;}2Vj;|u;m~m0V78Zz?UtI-hd|;HL+4ST{8qI*=aA%ulpUNsmaIv+)9%elt7u{7Fbm8AJ3F(cUhw%vZ!c~gYw@-N|!9X$8ZWtSgH2I2FQSFx(Y@4K>w<>%M=BHbzGm``;3&P2Q>^dsym)2LdURl zma5-=hUp4^&ndgqF;ZclCcn2pO?in6Kh~MuYKT4F8p&#+?$JlJ_><8mKfgp?A6WSw zA_V}NmDe4@a9D16RFtAOhaNM&Jf@81=$VvYh>wz<-n!=N4xppvp4ELU`__OwGSoLS zJq^|hUm33>J;_wMP65+gRToMD2uAR;1n~`az+elV!UW0an2!<}zDujN@~QQZU$v{> zR{;wcjA@1vz)1D{APn!p2%=?eMnD+Zk8^Kr>kc}^?%fN;IQRrDL@~2^>TeNv8!T`# zr6=Z~+dvGijaEL}@jN}&%0T%7lM2S&-H8I3;y6$#cAIcTWUp4Z{d(VtF0V7-!_GC5 zo=!K+k)RajJ|uVfGWPnrkNUG!txs#~+4#3_qEkr^c!}73+3K;Qs@uN4`pk2&5f8x5 zYPo&(@$olk`if?zfcOn)s@>#cvdoH{Q=!Bn?|FUOA{|4Yg4b|+frD{mNK=`EL#TG~ zvy1`USk)^v#viqQGmxrOCO@;)OKu(REJry~9?zt=G!z4{hj_4_s5?15dCzv&{}~!C z$;<5}q6`XZNPCjAAW21mOFQp_F_dQd0=KQ%%j$gA+D@vfWgpUIi5!MF2l&2yv=w3a zxoiPbqFD(1K_t8ViU2V(NX-i-KDiErktux@73a~)bjwRuBe0(46cn`jJie@39_!m2 z_gEd_7Mz-qbgkt!SHhnwCRD_J6A|p*oXKxq?T1o{-~7{#@z>Utoo(aW_`0y|EFy2K zA>>-u)d}SfeiB0^CYYzOghWKtVWZ_-Rsg}-0Jip8e?!GNDVQSICb@{Np7;3JY;qsG z`9(=U2WLC_HcHg3RPMBpc2I39wN#5$QyL z1GzA+#0bb@l~nwawv|(jO>4ef{Rt|=XwW?I$w7nB0naxi%-<5JeYSF%w2;qQOB08e zJFq6UltS(?uZIoGuyD7mCN)9b>9n-cftir7_NJAU~g?m2`D z{b!`JCQ{M@;s;e(g1j&`wiNZ37S~TQ{JZ|$waL2>ZZSGAEGY?dLJdr>B}qw1H_++C z#9UHh!G3#jy%rx2CD1YNLVVhQK$;Ja5EOqz?mQ(2r?sT#($e?`%Xp*3T*M>^H5%qM z))>AdWYzZG{#8N#jL$f#3_id(LAy-kkj%nXRdwTj5;NY+Q8gSpgLi(aM$6z=iYI@+ z8AegIa9HfTePPTC6Sk+vhT1Cw9SRKoAS!9vyN9^8J;4NJP|vik-v6ooT@+^G*?2wJ zVESQ0BUe#TF^+krr2qR}S2N`if;6_fV)th+Zr8R9i}vtqf9tcSjmzc($oAG`UxI@12_Cy%$Lo~W&ko6v)a7chNXr&b-kfx@umucyi zA>J7&E;?5Dr9t28+_1lOQ9mBew8-Nw^4J@RfkS=8{%EHXHKh9ych(1zds*Z%-g5rb z`EGwp`19xWWmyk#l)y(JNn|daU%$dgZlwUO49qDa;z-!@Rb-^Ov0KDrl(tkUk^7b< zF!ew&*rYL9VJ|_07|lbs*#-&PQI4hKQsyHPzJWaRHyqj#mDs>%qI6mjxrOBrD` zTA}Rz3Z`|`+OZ`9up*-Xp2i@|@gv5*xcJ|i+u8;NdLEgmqXe!g4xISw-tpLF?$oPv zkjfZKs~!dG*A2XPRaF@R6LX$i*I0E#<312Pa-rhK<(wMzBPAf9#hcgChr6Xya51*{ z_!VAHH!TAr!TvnHvCC_^^^?RlO=x|FJQ42BZm7y4VeVU*eiDjY(_Ih(uQ@M;s{8O7 ztj@PSsqk#gQEF0Y5FY8B6}-~|u6Fv|epDQv4;I&%>PH<)E;Fx@m-PZ>Aw*)mAFMMb zI`I$-MJ(4`>VYjUN?@T=uQW}&411~q z?x9nA2O=o(<>c<`qR^?$u%RHvE=+_dmJ_pj&DQ z8JUT{Xa*S>93)E?&tAhx*?SZhOiWC`WUSU*bpaAd;b#P#)V*?@NyKi_R~|SnE}d`w z`J_VbUmBkULiia!B8M?*rFi9(R_TQJM8)lO5z+X*lF~n$wWtqYThVJOVFG^R1~Wa} zD03uulFMAufu+LV^d0X8(X#{1>e1Y=XjQJ?;Dpa|5A)Q7(y{Uv_4ndfAHh#bN2PaMMP1B| z61}xjBDls z1z55B6=L^?uT$(os~nR~q?1(Q5TlWTW6`eSvxCH&DZqUHcqQtCCms6JchFFLid-m}pBDYVxM&%M)dDA9et;f|1jO^3}jW zG2OJBZVqzwckzDid|8nx=hIKYkS_2!7~0S4U8uNNt)Z!@sj50#z(S(`LG#WVenmeF ztqqIG1~CJBK_idT8}mR3Xm-GaY~n{I+IT`uq<&CQadLLp)o zA3ZgadD}KM!)bqDI)Z_Mrg#g7fb9W-GN9gb9qU&o31E6e(q;R!di0p1Wok=h9 z=HrmzlftQQtfX>q2##0lBRS2v=T-ZNZjs#PtJkOxiBNhXNQM#tld4WiAxn>m26hhRhPuzg~ z5aFJ<=jpP*x(bzZc>Q&`#3UAZ6`LDOE;Aa7bjS1W@;Na>-POiwl20DPKB>C||&)(HX#rZsT zWyRSt($Y}3u7z*2x(w0Z3fgiF`gIr@HEEeRIdC%)CdIZX_|ARVMZ-miUcV$UqETVn z{eu1Gp`#2W)?=!e7h=n#2rx?lVD_>%_~IsN+-SYxCV?$?J#PIz2!}Zmy6+6e!L&9Y ztgnFX`b_>|1ULAL6*DMsr%HHYZA>>N8^H@G5%;rty{_7IGj$5fZrDTsteBF<4Dl4b zYs7qZlhC4@h)u!HLj7rccv<+N3%)J3N<*awC2mBN$z3VGKqjNP37@mtQj=Z4Oznr8 zZB&~*`#Xbr3LRA5`^Z{D$eyR$9W7+^x^Wrl^J0DK1v){Y@^ZfY(B!tZw#uu#_4T`t ziZd_KQ~=*8G3F}P^W7iuwIJOchvdlQg(vHBMM+>%leI?YyFy-}JT>8c#8Lu{Yv`EA z;db^Wr{NecmlKz=+yyIiCSEIY04!N5WojKn&bn6Vit_oe!yLW}+IF4@Qv{9}j@y2d$ccO;k=&<1{Vgvv^#+r2`3b>Fn?II`W z+@ZJ-hW_!wF!D2?hs-@l6GkDoX0Mofa@y%j40v2?IA|eNbylcZTY^OZ;JW=eaTMR4 zEGE76XUbF@eI>Z1;Cl{;J7w`Fd$!*e5_Mw-3`yeF<0Z~Izna%Q;WTEAed^`2fR|c# z3q5>|4f6(Jevsl960N;jI%+~n&ei7%WHMhSkMS%;7NdIFM{JFvzp{DDSf8L7V?Wwv zFX_IL<|#kd7{UHfy|N$__N@iMd5%3c0_%Cm@z!TH`yX$(vP()FIBoo4%c(f&zTPsG zfwkJ%*MnKUMoW8Vo2pB*ML^CogX8s+JS!MEWO=5r@sojm2eGE{}Dk zP0z^H#|quHKFZPrzEdFQIU5{PkQ9yvYmq@zRG!)mdik-x1N*`V8dkddH(9zn7JauE zWSFF%Q0vuM9HJX3OvK!R{c*yI(;+ff@;OLfLw`k3@S9eRNI{o zWJpH#%+r=%HJ_(Abe=}tDlBv<+}FMdM)5q|T5TFYT~JuR283R_+aLDusVTD%hP#ko z1)@)ZK|^2lb4VlrkO+SkzUIcOd^_G!x6YGcYy&Zr#<*0xu6NjyKaNwQ&YQoG`A&62 z3<%l}E)y67zL^YaUH#=S2vHc{Z)7)ujO#F9?{B;BovM|Mk!Tszb zen-jSWkK>t4z}@YdY*pCj${hRzFwjOpwiIaffCJ-*EsXexNIOHr+H{pLwvM8^nUapqN(sY-GU?oR(p6=}xC5uIp=p>i z^G`DOR-s#A9SrZ(kfNx#ZPzz2AU}%4y}05c^DtINFhb!XTRYUl=w##(Up}7B&!6cH zz1|{K`7M69oOShL{n46$oMB+bE3Vk4KwO1hBqowO4(ak`;E60u_RpnHWGD4eR*tNW z&aJPwvO>nU_3PK80s^s<&g|mSTm;HbiCehfKvQ%(ig1PMjg7bilU-}o4`))WVhL68 z@(LR10!vkDUaW_Q88It~{E9Sq94Pcr9JyjE6ak#`I?+*YvQ8x)#YwVTG_ZqCvp`WV zTKAYZovcsIcuOlBp8ItP1X3e zd@U*P@4UZjeu$&m6BZ5Ma5Oc*CYC3eKiCKp%Jeuk<24L(xD@>9;w%&_t|OqS)iwiA zE||eb24B}-4;39a6`|wpUG2*q?0(q1Oro3Ri}i{M50Cn!M6{mW5+$(oCS<17sJX`T z`P?8ZVs=p&@JY0Wy2%1uY4^~R<2_Y+!BhdZQ13Y)hT9E(&dy#Bx^|nvd2O_NW?xQY z4=5GYk*C|g77J`tlZ_UyQXErmbTn|lH|PXa9OwH!w(ESam>4`ypoM~%mgp=ETC zkPeklN=a#?S#$}~C9wdJMo>U3c<1uB_u2b7?{oh3qX?|~zOFgP9OFCXr2`o%6*L_! zJ)17Wl?jNI(&C|^9yEPro))f4L)F6873b{DKomsP+47!C`d8cdUw7NYQ+loWl8=P= zwA2#!X!Uq2-l-2c7W04FhA?VLtF5*bs5{Gy>+ll@{anXnQA!9UczSIK(Tp)an@$O7 zhSH_>5PsR63m1CpVXpHN-z)~MD%H`eH;%B8G;Us^x9K?J4Z^~>w(~;~#2e#Jh~TDq z%&`GUHhBNePuCJi%SuX;lacezvGTX8RB`*qYlKDHYx=cAAko0Jr=Xz`zkjQ@%UoSu zT}1^izH`2K0Ux1cV^bjf0<Pw(=g2KwrPpns<*~H*YZrI0$)Oc&r&Ja=l>jVw5s$Fjj1=V_05N3;e%k37#p^pfQ z$6X1qeqyb>2ico4cFjzsS+8=V*LfaPGj_FGvumyLEVGuA1TQX|+k2%TFYyoFV+Vo@ zWf+4j7HXlmsPF(C`>>)CJ@}nakB(L0F^IZdPbp8HI5=*AW!|mzz9^)WaR_2eQ+brPeD~?zvhozstMw;qt6*g| z(@;`IsgCLso5tzzHf^ao*XCfqBpTkv=qzzVbgx3dt7+Y&@1%0#UNrsBjrSyK3iC%3 zAXI;fY1O%rt2L}sLP(eQUTkJHN+VviUxRC|Na>Gr+0Q>P5{~S?j$2?}-zgxL5z!#N_J6F9IeXVN7btr~D88ct=Zs zYut+?uTDu_lQ=ZI$9fjtem2KFlGL9ax17^larnJ2vZ(obBaFiLN502FrMAer>0M1r zyy$=eO1+%sg_SzIH&Hk$0paOMl~AUUMP5`;QbxZ)ES30GS8GRYW9Bi4qB^4j4dUQQrf}h z`Sf^zLNj2T{T$|4(!=>0#_u9fK5f_7tU}W)yEi8d$P6aXM3AUR`DU&{z*W* z5J4c-(z{_gTOmh*=!07PsiVXr-3IM<0cT{y{L(OWNxz|=fis$e7{y0KNgMH7wAI!V zX7TWF8(EQE&`)_xgdgBWk}=`r00f#*uF)6*`S!OeE_Wf!7%ByGMcpw5DYwC+XLR%8 z){F1JiLb1ML^SSq&LCnM1TXi$=e!0U@B%p^kRVth?B74jl_NU1%(w0>(RZe%;>@bR zw~eb*9@UmezAY>CsBVVw)fv0FsVNVM%cuweT_<{o5nW#bt>#}NJ_q zy=Okgj~|!tKfh^bmfnvX<24_@f^VP(ukS`hLtQAVyJ>9t^sNV>-MDFuR6R8&%#h4_ z44!kSbtlel5YPc@^n^!DOc7s6sShR0+n33nto)yfz z%5z2D;xHS3^B)N{Uj{*#)C75}4A>Km`qT8>8z`d+SSi%itDoCcWe}n0yVPF%pIYq`SFY)J^H+Ur7p8e6%~`?%AWWpq zjO!Pi(h0=}yh|Q@IFP_$drKSF7UuQgJEV`;!aVox_Z&QOU4p4^W$^mUy9X9~-EcgL z7w9<`?9fYG)u@o?-FN^&{LaX$cb?soy6l3y;bW+|hjHY+XIkZR@Zc_SZ7AYYmqV20 ziJ>NijLXh3I&~segFF@YLxaQm9Mhs1Y5!#pkia2AHKI)`5;9;~>39!qSwX_6Kh_|; z<7(-Qgmg`6<9_T|fa=?z+nhT*sy`??0fE8ja)Mj3Go$3Qf$EX9M7X~+s~_S20QI}i zp^oIDN9FXsi3{o)5X7R%TRnDoxcsbA@1f0VV$4gJ864QeiPfUh`EvDybl|i}vDH@N zn!ICanQODf%uuJ&IdA+JCOxX@#{x?n-6^3sugBBR{MMdRqmE^(p@HNkX?+02d${*J zB}PJDa_O=~79o~HD5-$C$s<>}-l3}{l(Nn)C~Z^Kk>@v+B22+9%HQMlt~KskXiv}O zS9>&mtUhGF=f=l?bn_6UZ~gQ$7#bSV-FcEz=TDEeQrOB-f&&2uH`qxsafpmIK(W@H z$6T^ZD&$^%V}=c=o*;2S7gVKrLMJ>3?A&5vMl8a#1c$2IpSo6~qN!8g$hk)E-c(S1 z{XuK3A2e1_Nej$qUdR@ju!(TVE=GS9{v(ylx8X!xw?5N9X#VHh!#f0YAf@LkDaTd> z$jNot)=_JGtMLLfXl3k}=R{6P{hhm3>mV0^0|sX9?l8mSyYC$c@D=60x`Xc5Ac?wL z)Y}yoP3W>(JUmY8c9%#OxK6M|ef!`VC&`W}ul~VBK-+ae;_3S~IXnB>TBcp{6@ZOi zl|=`@^y;l|Q_;VaZoU1$AY4k)ef6<!M)l5})K_+p$3+d4QLBZnVQZ`h(lJ# z?IDuHfVcX5G&pbOhWH~Ve z8!NCv0SY$Kj8)Y*KR*vVxiUINua7cA8Oi@=w&+45Dk%c4sIiZTNvcj^4D&|5C<)2Ij&P|iYi~i4hO!c5n8F?vccfzPyUFH=nL#? z5%#0ka=bJfB5-BXU8z=@W zMsiB+2TY^X6uxA7o0F@&a*Ug(E=-OKL`j z+S_0bkGCQB1m^*c#TgzgPDo*+ab;0*_e;sWW#r0EF68<~UMmO&pf0zJt9ILkyQ@HN zGll1g>0(H}Elj|-%p4poEgzCII>_F7w@+n&`EI<50 zN%H%Tze`WcR3hPZ{_=p>E?X4V zJ#aui3QbE(fmAv;X*0ok+V4{LFUPGjIBu~ST8dYtl)S|oF*H3!T3w+d)tlo@dMS(e zfJ5}^P4IQ(XEZDrzww6K1?P4Tm?6Y8aa_InS>f9P-+obP>D|K24(*|!D>$=Vmxyqm z)Rof0r(-NZS$=P4`ep7ZfGMWk6$r`#mq74@%d(h&Bda~m6VJE@K0obX@UaLJGL{3@ zI;cnlIPH3l%d+1Rtwr2^{6Zs#ooXV;7yZf}A^~KQ2t)X{glJTfg%aPd#xXfBrRKB2 zULruvdNgX+>WI;mhUUu~*O4zuR~hGfZ|!^jk>~5!=C8^lR#-MM)i1-v9Gje&n4qPl z{j$(#Z68sDj;3O+?}ccx%~o7_Roa7s8QIqk7!HDcTX})H^kZ*3x=Q7*^jE5LL|tG& zYrC}ww2oAZ3cVYE`%=<LWnX7o7Aw@p?yVk&0CzQ-3F`wOMIfx$Q9CF3u2%D*OcRnER`>>xZ#nC3sJk`p5 zrqO&azYEQ55gjdd22t;qiaJcnyM-WoO|S9vupIM*&SL`V;E=R9HA@c7&xon8I>4g5TVbq1XTZUpqMDkmMk|`k{a%9h z;tn-yqoa_zg$wB~J)+=Q#<+iB!NeF6KR#BPta*S_WI7Nh5- z0G&sm59(erzseq8h*t6P_B%eq#B94dN>eoCtffxGSjGlQzv*nW-&|jx;%xOBln=U% zXtdnZ7YcRvntNZ^iV!u@*fBhI>a3fr#33^TrL``f#xRl?}7c3zLWe^X|d#QXJMcwOrO8Z7tFoBx&7k_5(;VQQD+HjBd z?>B&&Y1!?!mukCokP+H7V(SeTrO~vXtPjo?3!QOWgd2lgZ#=MwFyd22F|pR~47`hg zN7^AGwCi*34>T``ChjJTU>iK9#GLWWTlI2XwU>kA>XsNMJWRmjktfW3J3-4{xO3N!RpkR*-lf2C?Pp$a;I%cZfb ztjzIxxBoZLWbf+eTooeDafgRVD!5n{9z?MC9Hf_yOOsMiMDDH9YidfhNu(y_S;uDXe_v0un@4v^VC)$sKv9^m><;bup7h2cG zyf(M}>rI7s*!J+i05wD=N(s5anu&Ze^!|P7P7(dZqaNq;_-*PB=*J23X;(Yi@Gh&m z12mxUJeY;ORVT(FV!BF9Er;Z8+Gr~%_yo!1uhb@BcGO|tWnNslKx}|kGRe3`ZuK_! z?7gtr`i@D*pFEv^^2h)YC48lSHdLoD2bafvpRIoU>~0Zwu>>moCu3j`PxWwiB<;RE zKKaJOu8&U@%24cz9>+y~BRFB`j>QJu;2g&7R!W3CNlZ$r0vdqnrD{88DG0%}3iNS`T!z$8fPF=5>_IuCQX6exnRTP9hX+;GY zXb2APC>wt0M4U69JsG|D?p#`~lcif5BSNv{L0*e`uFkba#Mca_CuwRoyuVs3k`v4F^OAPJ=5;^K5FGPEWj9et=xsND77%Zui_NoOl?`6xX`I zdu3ykF_H_$YLxM`^#?)ms}UVZs^fz&DYliGpSahD#IVVpS6jh&=|k@D_n3pK0=fp-e*zN!$#{`tL2$W8;^3G=G&>e*O|d%?7I;Z~7vNKW50d-#_V!U6 zIhqwj?egmGGje08X~msaq50W(3g}>x{y$ARR9%Jq2f*!NPVaz>$Ccw(f551eqm~Co ztq3|uacHi>V^peNp4<;wbuBI?WbZ?M?Y)bJaFr3zP`u_=pBkS31bk{MX{|h{<~+x1 z3Ac=KXSxqpi`Xv}6&0S(K6B3pq}!^@m*3!qh2KB7*u$Sk--*1wG}9ycvcx=XA^^GB zX|Y=)&;qutHONI-dn2Pa5Qb(nG6}pG#+Inj?BRc_a9h1N^ViT|ctguaW3^r>o{lJV zr|oU3BKcHJ9ur6eX|I+og>m$qmyZz3L+n-MiT_1#fWkh2Sw=~3HE?{~ zrl`9DuS#Lgxi8E3McgniVfx$b^Oq_Uhr%?qq$I?VZmeM3ce7`tm49IQ) zR%E7?T$6FNK|tAjBmZpxxpFrg$dojqrdbrDuf{0|Z!2Fj&cD=s^*qQ2beCj*9YO6s zQG-Z^#1kKzk!JQJsHIdDWI|WC&7UqEeoWd4Zp(rbK^4Yh!1n<&k}}lz1zmrikZXU_ zpqOw4?Zw4uGQkoJJ;jf=eXnz$;=>=^VftIUVxn(vyRz&o(Gf%P!oJe)wa|Ti-k1Q)SM}%=$D2{eE}xCL-ei_87dzLN-z(f zi!}f_fFC9vZLO>L#}b83qmgyRTbh8ATu)Cg;4u|y9Ess33N-^*;yNFl8 zykJ@koQN&SyNk^R&8bIj^vJ@{3*}~Eq7v}^@bmHYQb1;83S3G58u%5&y_fz8-b(!q-iBg4_zXe< zn78d!RG#2_E27;a*0n@>^V;B#-G%ZOPGZ=w@dCD0l$G(&(F4dn5#KwoNj@8Es)siE zKX(owl?WDN9Sf_fw8eePapEDP`n>OsAcoKOTTB{8DF z?G@w$%bGTIx}(q|;c2P{x~wkSo+h*{&%-#oL$yr)as46^&P2%7R(}2SeOW?;7pT_$ z-+H${jRwIHINgDF)CSW;O=+ry_7DqlZ`8QVg(Eki5kq^mq;xx>{fofb(07g}uf1a3 zX(|;;be-Wdqof~``-XaLClX!d4Uor)8MUC9Y;^@!dVjORi^limCdy_g*Y!T+DuI&L z?7jNdmi`6y?6Tgy1wJ^^+4k?FE}Re#b0DHL!JWdy21SCqcEjEIqnlE4#&LcHgmlk6 zA8cFc+m19B#t2`zc}+9nz2&vQEvYy z)74v`d<1ZpL(M=<{lwHcY8^^*I8trz;W)pk7G{As5wtPW6O0!@K<$FWLmZJom3|P= zfeJIh;abLHyEpb-74pD20WwJDHDrZ(E0>Di+vgA|F&f60?ScUo+CY}9kH7_2xgWUA zZSaa-0$r+<5xd`yv|q$(x3~PK&Q4ib&_N@1p8iO!*=K47ALMPGAujkBR=Zu~vT@Yt4dRy5)g_yc zl)h#GI6^{AO%p_ASHpE~Zf?E$2>2nkS4^;KXF-oG-L*5FZg0MAqNiuO&|ImJ<*=58 zf8tC2l!8$HWicGJPh$HnO0cRt9hUDRQr<7p&WE}}>bV-a+W9dH(^iH)Y&Ui zHz-eoq)%5@Caysi~=0Q*~qa#Es8aXcQX39g%qNa;2z-O=U4KV3Q^()9$u1} z$NmKh0P#${Nxzp5fv#DMESl%{u=}`6VOC)*>*Xb=kzUpaiX0aWl^fYC#YoZ$NmU*p zU9y6ST(hFH;A=9HEG1mo6mCvV*xMswCsw5b8IQMQyUZgEPzmbkv44Ca6nSSixU4~pNynFvQDFDqL_)B;w__jKS91}XYk8%is2CrZq-Q0~7Su%o@ z6h_#ET%oo{D50%c4flt_e?7iDZsaEHmUyD@TFd|UsQ{Yg@&BSGY_*Ic$8vP_^!DI# z`+)1dJ;|9ihU0*`u;+*ZgP4%8jb{LjoN}T(LaC4CZV|Ys(MSCMjX?MdazN7`yv!X? z4w~>9aRp*R&AXAoOo#qjK#L_NKL7pWrZCKpZOK_4d)YalHVt9B*FU+?|5UAt{{l5I z{Pp$@0dWsfyN#fBrR~S?7*%8SQ4vV(!-xF`rVJoxYwtk=&NVL_aI)*a)(gxmbP&rM zFP`yMeE8oeSs)u9A5nxXIxmDB2^6h4EhD4n_#|@TH*-nGwr=vtfnv&~Fi)b9YxO?} z3IF|l{F}sZ1G5iC2T)RVzLJ&y3!%tkI;Q&9-`tV|4p?w%JAB{&{`=77fQ578BCvw~ z|G)l3zHaaWME#_NBI_TvG%4>1@yf_+T&%3ox_IC~$YQ4}T~Q8i zx%Mu>%`Q{=43^}mzPnU}aes1$h=ZNotSyL|94LPm$ngor#>Td<9HMR5z&Hr^jLLk1 z|04}RVr4-fJcGpscy~W1^)7Z}U)zDCv##SuR6BxV5?nv3wzZ)!wzkr9k(61$u*m>; zr*6L-L`pQzCxcp-n$1gh;vOq~r@e9P=QNcBWe%(zd>E+?>f+3Uf{%e}B1-UD{5<0P z-(QPFJ}g4I4ow9GcqKVfeY<2Sue-tiA6(q8Kfc+gohYlQ48VB|7j{{9I1}_0;>1m;Giypdk;(s*W+M=noPuRT;uAjOZLlXWTfk2)70#2 zv}r0ZEa%{kYKkNo*3J%YyYN!dKg>IzwJj?td+b%GUgX+RL+ammG#_~w=E1qJUeqyT5mJ6b`D1i!>|O7l6Pn;){sW&4sC`kVXh+nn zI6?`27M`=lA!^aLP+&A~yft~pi!Sfs~Q*vF;c^pk>(ege`k;Z^6Y=ZET^mo>bWO<8x*pkw%VW@r?xwewvJ~PY!E6fRkhY zx;4S^qyftphtm$VE1f0eOp#ojO1@xxs8E1!gx)5{HI@wJeZ!IA>Et$eL!cuoQmw^0 zceA#())O1Y8Grp!A66{@EBGbE9f2bauu{k9llc|UA5xmq{6R>G2mB;T1bq1bGJgH z`iM}LkV7b4hk~v|+&uW_7F5xb8u25psL?e+^w=cAG$||VH@N3GIYC`>RZxl@Eb07M>K54+00K_hE`ZYwMz2vJ6N5zQT>B+@ZROXOc96v1;Lpj_?|4kI3tU45_^;vro^f-$i_XvT6pl*;^f&&3*y3a| zZ-;BC2XB%@qz@xJ@U$uzv7i{OK<~sT9h7+S%$-)h9=1~sU|Iwn_J9zdKqr>>hY|8s zTI(+k>!vI}uwSxu>o1b|J+-baRzl~9xDlZW=4`N`|02U6q{{)}RuqCoP~(R6Ad_Cc zM6Z6c9j!zsnLIr_Cck3*515iSGdK&uNRcja-F!%bK1txAlg96hwyC_jxg(moFCWi_ z$_Mn;+T9)?V!qM#JYMC=-otxtW*U)kW206@O_zm*(YFR}4I&x?vN&Pwy*s zAkQHe-}wb6-f`mffU4vNQY)s|25?(3VpPNG*V6HmMD9QEjBqWsJb_9!tv=L;5&Vq? zEbz3!CuO0ArJ$g&c?yGn-N_C(Alcr|To}zedU%0XRq^2iZ=kV|b`uUe(RF<50%4HV zh~cUa^ByQ0e?KGe>+g5TTB2aj>2j@O%2(U_OK~4Sd4{nT9DXpw(T5l>02|HC8O}n$ zYjfoR5ztFvM?_sZ^4@>n#Z6e?edXciu94P<;Yo4Jh)RZ_+Z~A`5+y;`wDZ0ZzJ}3X7_Kf-v5_DR3#7kj;CA89SvQ&5F zVO!hZy__9j6Y@rd*zj|bVApcd!Mw%z3YTk-Mny_tdS z!5SLA9ByQWd(bJgXjqT6hn&MT3Y5@AkuTt;H8rL4>3YMp2#FfHWB95t$buq3C0+BD zXwpMv^!T$wqt$CC^eE7;R{oP+;*c?NK z_C9&o>v|7bBL;`1aob=(Fp_&b>dF}Yiw}A+=2HZ4)uKeHPtBZk&8i{*RF4qvpm1+3 zN(_{=xGT-91iEh2#zSP|DX2bGXgoRqP;Ht4xUs5u;CO>os(Av&zieTxY5gE4uv)&7rJ3EY*i^bObocd|salVN3VcW>|Zl>jiS;n~^P zC}W)-(H@ROpP4m;9x3&9cPoE|f?9_mx@QFlEdYm^H)Mrld}Nae?ta!)=+1Q;l8nHv3$lgmT^ew$g>W!FlgfqP8N`m9uY; zLM}mJ>FMv;rROLm$kPmjAhYw{Y=2mx=@2|UWmU2JK_S0S${3BL5}R%Dze&T}KX_yL z`|)E1n3w^UVAEO?{6UuBrz@@wJOYS*Ysh(9H#QxB`lTv8)mOxmc{aLce%+@Rkz=t! z$q1>AU!YCvM1J-r{PfCAr!4%1-);TPaU`=zxA&WIVMB<>muV$<=C_i;3qo4eg)W{h z5-G$B+`83XtPU2l8ed#&n?KV=YNN^Qo4*rqzOy*iPG`QUC?_ff{LLq{du1MTUt6cm zgj%#S|0n3ZdS08F#zwIW3f)%;o(IsqyhQvv3Y`>tRqdj~B)Cu;#BQ*g4vVj@Kk2sD zQ)RPrYg51?Q_g9qfY2-(B~8sQizvPT2T?ItpwSuFv*B`<#xwQ6W`lvf>1lLmez+0} zd5da6gx(BC9d#}XTgwK&-S+VK3P!}K)o-fUej`m|qVz+-;`Tj$vOZ0(u5*=FJ7tB|h z7lo;}g6ndd%Q@~kMxHa3D2Q|XN-J}h@0yr6?**Q9XyOn7jZIGM4H}RX2DV0>TnS%s z>z%p;2IR5~P5>-xNGYhhtMzkaxi!#!Phkd@4k)B~GD+h&zg!1MdtC6trz_tQQK0IS zwSIX4T}`RSFtBf0((f_GRk4)aBr}A8{Zm8g78+3??Xtx>+|>r|ngVoLY>Wh^KKV4! zZ?KN@$9a<;o`~xyI5=#=wl%tsf*ldoalMx9#s z>~9al&D+W@&~sU4gDEYioY})z`&-lOWbs{FsqtN)V+q482=(`XcT^UW1mXmh!@AQR za9n~fmUE2_GJ`VY)l4Gx3wC<*tS2VfOfJL?wNBnD;2FF<9n776u@w9lGw-o|*K4@u z^ZQVE&1|GJW2C>d6W?k!P? z1{BBmpxs9rS)yYde;16YY+x)AasiY>ldFs2T7o^c)OXcKuV;{-VAQc7O2Wd0O z2mMrKxH0=8*Vx#|GO2{@?R%zw^*Hn0v%f4$J!dj@WW79V znm2~z64zv_%eo5*oQy|vBPt&72Yl}-!`<-4!rv(l?n>27JZo(rY(NjBXYL3?8!1jVk51g@}fXQgf`p#`GdJ?#qX&G zy1#$xaMEX?CyX>GkXd24q^+$Dy~7OR{(ArcraA9dlLO3K&~>2!>?y0^_A_8i+MHlD!9eFw7`4()dL}{HlPRp{{0)+Ed9#YO~ipMzUV z`FhB&2fAV$a3I*wNvl#`}amf<-w+MdzRs zi0i{lrq2xTTsAhgkJcz#8NBPA+K+POm1vCG@Xv{=a-i~{J-mR1%T#Z`F<;XQ$#7P8 zs1lZ5(BAhjIwx)PSbqWU|8#k2$|BPGaT5C8V$(^`HjCGAK~V{~$PYhZEFZjf(_)B3 zU{HpAhtDVlQS$<4h`d`^pzX}=IO#!|ZQ^dq{WA&}JXcLAwbxOEzotK%8$lT*psRJ z?Bh#UvM*(d7-dQyf|J|rLU{^>f;3VTd+*JbapgbD-Ne|&&Ay_!d!w3wo&5Li0tdQ@ za0HU=qs`4tbbw^z5B#{e;=wc$0G?UQ4}pmYKmj=yLcItPO7ijuqLmtc>n+4B7#cxN zGt0>B>n9aFK3J$5vA=NW=yo=OF16^@x84AF3U+ACAuYYyR;7$rr+?^Y5z;+{mI34! zh@7)=aID=2fy)(YD=r(zp_&#YhC|t_40D|=*i035^gW+>;1mA~kU5ksr4G6v!oc=* zdy0GK6OpLTqQnv~LWuC;Ax>+^dCK^+%ajr?UABiB0Xww>w2dAz^f)H#pQ?{{Nc~T9Vunog{ zPpRi?Fkv|U&h-h3G(B4D?%nWw89hU(%lnrn;{KRCJt;=7pN?3_Pe6B^w>esKOxHk5 zg3aEr%YO9>uQY5e)P?hb25$)_cZHc%A!Z0cS|j2TwTKpG^g1u-Hj^VLt}zm1eYinW zVq^40w;@wybUk3Sz?}!UngJA~A7+GP%2ibaCCNPwKoP=PeA*Dcm{R!lo5`K`D{(XW zQGu6SJ7=4wGQ(&iG|zn`gpwYPcav&Ye*eBQHoY<-S8dRi&ZFD|8}6c`)e|oYQ}!qkq_Qe&HGT`%N3ZWZe>>#cAijVMP3M`i5_}}&>|_g(fziQ%fm=bRn@g?j z*CR^@`l;e?M~iyEK4HsYSP=5+->;N1oj{x4u~<>re#t4VB$a4MLeO2~Kt*X0_Jm-Q z>XW=6KI6A-)mT=j%jyef*B+dV9MZm3BQ>%lxuuCiJ;foLq44~-f8e0Vl0JLF`RL8w zEGGk6(UOyv)Eg=Fw|e>X_Ws}x?3Q?6n-CFtuwvof$xKZR0a!DDU?Ic=AM(f+x1e~Yu)=<{?eJJ(a)==ivIHS z)!1f1Hv+08y_490q*LY3(#?6SS_-=SoX^F|Iffq zAwDYYKu2%ke$4l+&)oK|6g@h~nD;4RH5KFO;T~-jgQtWJ54aY0MP;w(I9{^C zM$98~zkh;~xmS|sBx(QmU&oUYFtluAXEh~ECj0h-0^w|pu~EEz_PacmX`?d$W4`4z zELN-xF}tKwH60jXPnYQphvw2n^wL~lFf4T2LB1`j0vQPgT0KWx^p0Yl9YfgwEqpid zQJBUx4bWF(R^Axkwg@(AOY6}(JE6^SocJIOno{aTS1#LVm5!OJE@6oehQyl zDMho$W@j5*&9alGwmt#J2=Lf8Qc$T1Rbv*Elx%-|_k}7r$^RS0fGYsc=4js8xqPhe z>fe^}ZU|jF+N!B;%*!KnUJ!^FOoD?jx6Wj3(Fn#o(5(vF923~u5w!<3%C3$Aj@g?+ zQ9Bfd@!K9=;0C{X<8^``E4)iqxPt0I5jnMqQx1#JFN2{+ZBqDOJ7%00PVSW=bp%s0lB9U_x^Xo@*O{kILw6@G+ z$0+H%PYrtZdQC14p1rd!yuEGv)U?^+<}TtaB^jv$MhjN8n(E39MSlGFB76qSmy!-! zZQV0K()wm@Dqn@C)cQV}4g{~V>!o(d|4f}uVakOTkh>Vr;H_ZtR;wO-@+Qv>z&7Yq zcY(f7v`2hBSn~^cJFO^qP75?Dt!K&ENFbKqf-goBKJ$ZLoF5|Of59ib{TC@Tb0oDL z4IsvP6Mc+>7(M***7D*V3Z3_jUrZ$wVW$UE5)3cYK7q3PEi17M&PUZ1NN%!heKq(3 zf<;Crtb)w)q|s#(5izK)fAIZiJnE8BOk=I|1-dY@N+P<|xFwMTP{ASU!YpqZ6t#A@ z@ZsqJhKjE|w&8PtEAli4HO9_-LIXBkA#J8m`=n#8mEpmFREu~m0Zln^x_By*-S>6dN%Q;fFQCxoJxOn zY}o00-bC?<;S7x-IEgGSHuWb@KYs zO`Aahf!mM2-v}|oIeJCOwP=S>f_NDzUcy&t%@iup+h0yyMt-&@6|Ua6TGV0({a=ki z+lcw`w2|XP_3I;!AxG{+3z79|G)A^0@g=%wQ^;4Mgf%eU zz(Ws3M8%bjT!Xna)bLNzP)}?QP=c(bQgtEcvSL}l#iurc1>UI=2;B8Dn0Lgg<+lVS z6HQM|sU1K{%z1he&QR^uw6wbb?UOMwV)e3&$@`5a+OKa)!~R!0gK}pL;fEH9LYAD; zni5Ca9-+c+3JS;ixv!1#cn>+ zy*XSEOVM`|ZUXbRw_84~DFgtyhANn3`YVQ_st*8|`GKM#+ z*5vWhG&b^m{+R`R(I=Cy@YXb+3?M}x;mYu&qCx{h^Rk1z|V6u{fRVX z;r0@C16yxJOG^vvfGjj&u|J0aI@g{Ik7;iMCAu?87`mOAp8k3E^n(c9t1nOc63%~H zbA&^TyUO7a+9Fwmy#-xvhCH$QpclHmXo) zk}UQ;Qj|ltX&8s-(5B&IRw!A$D)C4z9$|vupu;+-TU?WhNpP_DB4Mo6;y7{DwAGK% z;nx8z<{9By{p=^yYzs9pF4s13Tu$c6%xEqvjOQNPr$$C{_X^^d!<69X>EV?(8s#c# zv`#jSla-cYkl@I zp;o%0`oD(2%#s_H(ZRLHhVkG&HW1tRs){_6xrK#i}m*5hk6bB`1rlR^GaZ7_ue^~D*Zh0 zLcltnN}{@EZ<<(9yA9l)-eOHpLal!a2wf}}6@JZlE}Oj7<5}J)LqM0}^UPv`tfKLr z+4URsjLBL{Jl`%A3&awsrhB)MzapfwHptOuPJsGlEW|JJ8T04XhID~KNtXFz(Udjf z`%YZne!pPjc)854b`1USr)ca6c4~^PRV7JCKEbS`;HDg+4>;7izOB}y5#SBSGC-ry zeD|}YU3L!Z=r`f;UmV_@_^=wfOh^Z2%=y>h#L)O(gezAW>s9^Q>Wd}JCN{96Tmbqq zXjZZU`58aqRE1;QAR?cR5`FnS~fAs~hhZTyZ|yvjo5d1x4Ko&C;eOE!J|K_6Tz4gnbSD&FmnN}7qA$KreMM_gVdJ_Pi@9Vf&u` z^u-o0RC~S+#x4>B|GI=vL;Nq9Phss(YqWAa$t9ZjE1U^j$)5_<2$iiW*q(%ND2v~; z9XtYcrBp#p*kzt&Xr7D)Iajk$<{ic=XYJ;g0Q}nKXU2kl`6g9Xb=vPa(A;>>17+sM zP6LZpuyW;S6I9ofLYH~hpO;#y>0;ya=UwbTEXQk&?*E*-*x-K2NHl?(y6ekw$h}2s zNyYUIN}Ban;b*8xDBK?`Ha$E*S+Z&%a24yqC#`ie@-xvrOA)8_gxY6j*gIT|J&~C_ zTu%Ut$;Z7vUwr%H+X)L%#P|CF&$nLY@DIE{j4gb0oA@h9#-x>~66_quApaU20?wrQ zI_uS_%fmmabN%egMQ;i|pO}=PClSz=f`yN5ZM*}PH81S)%S7uDFYTp%|4^dR|7Ww0 zvi)OV3~Y`vZ`I&BPYVt=P?C~*taM^S`DEXT<>|FUlzWLv)W$p#I_08Tmja351e|zy z3QB4MH%36MC&42mtRw1M-KShK3-=Lrb8xdIr=VC}9hXXSnBw|C39O7ebw0P6*YelC ze}DS6x9VVsj0>tGu)1ID(W14YudxadyciD4OriAONxEA`{SY zrVuH!vHaYa%UjGPqyznWfIRS%=hEwTV!Us|v-5ge{hYeczc6dW0zjPnD=v)SQ>Ipz zEAf9I@;6>*d!vxd3pEF(d{PT8lkxP;mBJZW(hqM_(%!Vo!h*-lWe;;^q48S;AA!qK zi~8!Skh>jVwx_?s-eB0fk<<`cB{tUN?VW65CMC}TNsil$?Vq7=)A zXz0r8xQrBV94E^lywEW?$T^*ym~94+eQr!W)&^1IETf7QabZjUS+2^J&i$1%6?{WL z4_XKOylytD5q_xhZG*oPJ8)}!9rU%mj<6o!>6TV37qDL5z6_cQvB@76 zD9|oHwwWaSoyKO&n%ppb@T2!>W`i({6R#SHs$2KQ^+Z8092<(*qf;T9E-kz^Xz^Dz zaJ5HWbG1Y%!#)VkEgO^@0~_muX`k-g%{KM72L(x2*u)APUXzX5r12+}VLabfzYRe7 z$xa%0)8Gza&drs#*U0(aG9Z~-cd(Z|wnI@&3N|_7P42_g@vu;_t^>=nQrc4!e;-DV zji9+l9|{9Slr0he81crbb3+k8L0)jk5k=#q;TTlB4qoSkQS_E}SoGBM5H~D4btyx` z2{pP{h0abfe}u~sedO9xY?A1sx3|irQ|mQx(c7X%*{)s{c6nV`A;;oFKsUdDvJ^)U zY7~+AFp%Ht2*XaE(#DC0eo=K`v3W`|hvtvN*k<66zS@ zys1jg%#1xjfUh~)258p>Y(9qghO#xX=~LAZ9LMO63`1x;UTO*kH?3d*+2xGeml1P$ z%_om`6!~x~;iV$4dm3e(@lm4Mc(HLmNF6qZs@b4pIb#4L*R2LaISjc9V4=Cc8A7V| zN!#OAmi4jsu${t@t*8i$lQ0f?^TD_ajMJWFTW|XNDXhB(TZalwFwZS*lVHkHq?N#M z?MbxScS~q8KeuL8GqqK98>r3|a=aZXNtg{{MOrh379(^5 zw~wgpf@LWws5y)h@pHE*%F~o5WxgHi;e2}pEv{F=vhoB2B@IcMZVPj&fX5w*t9H-Vo*?yW#e=XfIzFCLO%2g2jB0Mk0Nq_}BRy4)?p!9-8RV&j?NXUNH>i z*CM|juJx&;ydU|he~s0;VLuMM-)`Q=aW7sNL7zC)v9K_vqeCnDSi-jr*yHMYddDkW zO2?Zt;QE_%p2i`1RF{1##1agro*R4(ZYy~Jh_fvcXk|_GHYBm z2Nz{Xzp57&5=!~(K7PhgHXd$MW^_09({SdyBbLh^h0mr40V#or7c*1P6!4nORvae9 zv}}%3)wbMKIII_QE6rhF&RH^A(EtN-s@Dy-xQh1T@nJF^={Qj!*2deI>ZG$pX}bQ5 z$V@JB`d+rujg;K%~{t8x|26wT? z#H^nU_=6tO#zb$kM@(=upK&t$vz=}$ZWPH3^m~;LQnT+W23kOLGJFN~=;q=oIv_a?{4EIXU*P4+lO$lj7Yvg1(6$SAV%)u8)z z>U-bU^}8PT<*yzs&gb)fzvgpbFz2Vh{L+PMJ=sl4MpmGJZhrE!(PMky^=rGXaUjDz z$@y43UE9_12b&iWh!I7UU0n)_!cddW)t!I@gzG*kJ_Nj^`upX-9Ac!2>cHnl{}=q* zxm*>RwlfVs1xf?}Ad6UtWS>!<;};Nkw6x%5@rP@+2VAq>-mLd?LcV)=9X3Bx8Xaai z^p7F^&dtjIrPtMwby&7~Eu0#QP!JZ$?JJNDo+cJwL2<%IL3tyF@(DY2J&i|MGB|9`1lVVF;s4 zW@qNh0M)GweS$?P03AR4E(~2wtFrjsRx7rhOC8o*RV7+C zWDVl=nS$h)sxkikEMZl^_EGGEnaa>B{2LKAJfvw_s4a8JcCk=!MJw{Z>*LcBB{rUH zq-zFBa~#{O4QBypFj8PKF6~#^1q8z>_cj> zTvKFeDd;=BEyk{Q?br;a<#Y@QpuZXs;k<8b_h~6B@#=GZMp8cHn)44orLb=?Lm$ql z*^>|tJ1({f05seCf|TX%IjjK~!uHt%W~V^xL7aV(BxmO|)-w8XpHv7tK=2 z-b9Vvq$YF4BTS12MP_h}`8iN0o|`dsu4RXQ;q8kL6F2gQho6UAO$cPcZ-D%KD{uXi zpK6h--|yq(5MG1d!p!0QKsX zg+7J26D`k0Kw}13ZSAw|@hC7se46OXQ_X5rrb)>Qf!9~Yga>vXhB)~hegTa8;6tGN zy43h7_*HZEz#x(~6rdn~6o-Ir6X|(;7u*HOT;xJ(3n6Mo+pb*eLhwRm{`7Jh>`)At zUfKw$iU>Gp2eGKAux%D2U6nvY-B_&I<%7R04B%Lldb>4rbYe5xJ$J;IHpY#+ZE=5Q zrwWtPTj|@4Wg4(JI{4FF2ral7poD2ofi|ElMu{k)@vfK}yEp$!ZrV4_pL3`twVf=ZCu)uQX#C($I^*YZSzo*PZ!c{AKW{mpu3 za;)sD6cLBk@rU)J-?<5DJYCljutee6AitM`daqh(8}K@Ulbdqk{%$NZh(xWF%gK{h${FSX&7B-9Z^#bLe8Eu zMG|^Y6o2|s7jC!!r<9{<1Kr9B{5fLe0hfc4=~vu1Y7yWB0`gAaX=2>0V61cCWeUy# zRu2+8ESzI?ra@!iN^vkUF=!&;{PIEpz{6dvt<+Pa`u67ukDF(Mke!ah`@Ny*_&jib0RZ(}2+nnZ_ z!DS+K(`Sf1Fj8kXGB)Pw!HjWXei(e7TG&ZlwMW|6IA`|4Q}Jiy{ZASS3d$7%x&zNo z9R!&_2Gs7B`R#6~Ji(g<_(HDtCzwyqEe#j(5>c{|dgs!Y9wzdAu4`rjRjku)z7fA~ zBb(v{HuFwZ-bm6lx&TuQ99TW=%9#>;^8zBjkJy4Ib!GYT^KPs?Nhq zCXB0l0=9VS1R_spd%BRaYB^%>>ib#S!q62E-kIzhJnF#(f*x__It-2CUJbQE8Ka$+ zd!c_l;mx5bWK}AO(W2%7dUD4gWJ{MRj2z895x5* z!jQOmCtlA`tag|@We99|z(BViK7mD(*BA9q1g^%Frd=9|(7#wT239I~tq<$S3O`(8 zg6P1QIHs@ALkceS3i!6R8-`L43fhZ+Iiiq_On_xW#1l;&~)*k8$vSODPA1(uRUc#cRPTeeUc-oK2*tY3FoEhaQ1yo%h|g33IJ1A;j2FPN zlETDgW`S3<0cbKT3R`bG0yp8D??AbjbQ2c&XF^=S-6q;c?+FMhNvs5)M@K%cQOhp~ zXLrNC*2%F(`tH(0f>3osLrz!XyjE>{5oo9bQ}f=DVI!Ua!Wfm!^OiibV%RRya|7fP zHrW*~O7w)EJ~;=JdTAP*hXF`t%$y1fEQ?wk_vS+%T~7y)w$c(JOB!rM*Th0pro^UF zJelPb6e{AOCs0S?;H1OgjzbEzDtkyUn&fbFABSzQx%qhw&suCK@@Cpdnh z2JAYbIbWgRf+TcoS3TC1qh*P!n6|DY>$ z#v9YTc~~Jh5xxCb(I3m11=;#wy<+>b$kzF*+$Qa}TF~A5o0FCu5pzo|msz|3`$aa1 z9S0@zXA1*pD+I#c^|*dx&bb$P1;_Z1(y?t4eh^C63h2~!5aJv&z5f|6Xme^Je;@zn(p8Q6Ur{|LRAMegknr087GRWt& zRBuwJ@#B)ZDzbd~{foNo4rMu6X#YdwSVgOBH=DZvTS@$L+s<3vNdv?g+qGvz&m8zH zIWe%Z2-CcvUS-&yZTEM%+fK0v#Tq|))PVo!SuN!SSrAh`y1J0j*G-DwcZ`xQ6Q<1T+Zsr!>&JEB=bG?#JKK_6KtT%xc9V zr{->09PhX`pkL;_1Rv}HNIXBEOWrxT5=N<~e*{~bJHP}$T+3|D+tLI5KZiCL*JWx}Ry2wi6#jqk$(BJ9M*d6>wM`{Oky z;u+$yZqo2G$+L)v$!Fa2FX|yHfugJ_fZnfo0rSgf92NQ$Fu>GjSe0`=>i9->gKqW~ z&0b&W>T2-7)B&pcsi}*%+5iMg1(1?Xul%l@S8x+K(=5(X%J8_GI;{U&gky#aNI2aoi+tE|;NvX({g$u` zh#2WI24M7BD~xL`p8id`v1I>XJ@g#UIW0IkGBeKdH)p+ z0BGJjVO?*vcJ;Fw8j^0k|EavI+Fd}bn>IQX&xcf!c|FZ-+xW6@sL15KJwy38J|hv% zQuG_pr%2`}A*3O{>V%oEU1*;i3Q1C_JXFUPkm(;M4+s$-T4M%VlL!E^6-gR~e>lgO z|52yw#9+ffMGcbccX(r+REQNE;q66skEYC(hADX_K7}{zY)i=Y; zvGwr^XLwlzzCKS>NEvqtBQeoX+WGMkqn4kr3 zUN(aW#j&>eEo~XY^oclu*=`C10D5UjlI+_)nrhZckq0GUx}toMfNG{H;F!t|d?R4w zsBdKC^dZeG30!?D8_UWDjYX{6PT(C$35%vlpo2#xvfZ(Y$Ffzq5^bJ9SpoOBmygb15AwJQjU9J8c92^Wd z?WPskuE*cWyf|#>mD+*?_`#-v=2m9VMo2?|s(B8A-Oh4u>-OUdY#vaTjz{~w3wK@Z z9~$cdQLLvy1mG9Gc+1quB-B2Q0`BG6RYKk z{hL{Pkbc=j5FCPm@mdXv_g*Ylzi}eo!S1mey6i{-y+fd-+V-kmV-{o*6EnXE0l7u^ z9VH@kudI_V29WfQ2th*u6))MHBc~hv zts-6$mi6fBLWQgnh8E8qUzjW>2zevXuzZRC39Ezz=EK+}VFzdq>F)@RU1fTFI3@xU z#GgMtzi9Azl@cTqOJSCxfHfd(d{5>6vz4B1Mxt{t(J-`Cq7h<#%J@Y%*gIx|loSOV za2?2KuO>z3O1lHf;Sz3HfJT}8-j8q8C%3Zhc<=Gvc{}UeZ97ADhaQ2%eO^oVnc*f- zSiq?MlK7UUR_UA~H05`cvIR_QF!8EvMz158R5NZ+$#L)wJ!TSoXbuj^e%hm*MF-3-ynQ%;PttzJ_|R z$7g@F4#ZdeFq1G(SW#L8Vp2tXqUg{+v+Klnk4QB-wDWCBjK$H(KYs|Dw6kcccNtMc zs@U(RRF77#NTt{s$Gqgijyvcz)Ino0GWOc&jKN6EPnqHGKzl_27D+q3F!L-X9{rm0 zPbkTXg3X&;E|CiE+x${~Za~P_{sbedC#~N{*g;`nFGkn|gVcU%AP21ZN;rC=95XjC zS^z}D>l4bxbO1D%ss-2wt>qux<<1}=ZNvKGrOjC4EW|OBr@w+gOV|_OO94NQM!+8E z+h?5@FXzCAku(4t$(58^5@tQOH0XimV4ef+(($(<7qg|U$FsjDwpk8vM|x*Tuh*~n zroY0!8(`zL|8u1;RjJPj)}0-IQ^0)^^#cr?&HFC+`-Plb!$V#btqVI@LJFMN*@ zm-SxR<6kFucb2+--{rXk7)NsjUxSQazoeN*CZ>uxi;6~kW}g&X!=bYESWjsr!)da7z#81D`~}$PXu3zeso@&oCyY8*9@`IjKQL!-%oB8 zK3rz%+vtl<+mf?e&MPxZ0;v>ZT33}AeGlB{z08)_>)I>?Ja}KXR!RvnC-!nr!`6x^ z=8jY;DXHd$>D}vz;l*OF5vXQqC*EnP4Dc*@`RI>wKv5fL+}YC?z1W;)TffB?8lSfg z<;S~5m&GnjQ}XFx&;EokP_7%8ka38bxJYYQ%(8(H%EtbFB*=LU`L?G2R4=(vCpxBe zEd)ExjP{V7%)17Qg$joeoV586VK0$j1GadKWkn39mH(PAt&(_vg z#cn>Cjd+vJXNYrJ2D{XuAF&zwfF0l6tnoBohPJQpQ5@MM=|DEK*>Lg}CRz6GGW<9g zu^p^CE(hgKtIf;2w&RbDM{|yd4BPtOvGcgZkoSN5oJVJ3F)4KblSyo< zYUFRe5o45Z8SHtz)u&0l>bfeJKnk2QD=#D-R_||R92@wTIK}Y}V#1O)Tk=J} zUp(rHYPvf6OFy8&OXJ9$yp4GE!sJO6^U%32ETE zr&MA9j`}7kfFmBU(7Sv&x=P>lv8!Gks4KIR&ODPPz!@!3HDm$y-kUoFAaU+`I}rBz zpBX|ARSg_E|)_zZPT`P5}KlH}}*t zZZMX*soJO|iWoCXef+jsLJ@SY=mH2UqF~_-ZdNO=IhdpWjuR8Afv*($fn!)OB{QQclu!#YDeV0EK9yh2Op~_4+lf4xXP6tmiQ$_=7zV zljL}3P=j5Gu!@Ye@Yj~< zz3OxU*6!Yb#fF7Xh3@I^1wY~@RI1?4Pf5loh6{-r`~`uE$t=MaBNJbTG9>ndUgwP; zr5hCuv>0dF=F6Tb{kgNdwY%l*`(spGV*1^ozrd-)m(rWp99@L{m=#+C-agr?F3r{9 zSCZ+5r3VM*>D z)Fk3;0}H*)OJrItC3WilQZ)Zf0rqhz1JWITd3j;lfL!*lkm2*Z1cJ!deK)3pX+VKw zd}XD9JpZbM?@>euo7!W>B*G8cn#RTm))W>+kbph%m+kkk;ruZmfBjS8A7_Dkk?qe zBxo)Wf9d|B}rxMl)_BWnseq8SZhh0srlV7Vvfdg(;-l!k|8Ha}r$`3Ocfrww4 z89lJ4T8vffkUCI30aRnkPDgpwe2bY&g{CPfLSM2O;PRTZ3c_&zI=!S_W;%>@TO9t` zwV^DEe!gMI2nT)yF?17CK1#ZS)5kQ{COd0a^gKUzO@YqaYnpa1i$lCl5mu?dW8 zm604}-7_|(rRLGp)Rdj^23_x#gdabA9kgT>h;`nKZ943r$#!{ncRS0!sM0g{_1)kI zUt$mwzyISq*YcaXHa#i?cr`pvO8RFn|GI0CsNZomYQuyIp{b<@i_ipY+!YAg!*LF} zettM_fBfW8@9*fqf`4A#dJKmH44m2B@h|JS8_l}EDY%zn4srKA;Ai&F5i85d^|`%* z53Qr)wiE$77M-ab_oNHY8dj0y7ldiB4PZMwOIm}a%2}>z0rFZT+NT1lq z&7~7lK;4^y=M4Na?gK&0rKztsN+~%!ahDYez=uX2yKS%bQ z8UFdd=lI+?v!#!uh}PED{;_T;*k-7Fl>^pm?J83J3Z{d|8+2G^fV6%U!1oT1P#Cf;kka3NS*N3&kjK$w~Nr+~Kw0r`$19B8%haK-{l zGU~SEI3*8{Y?QL0xw%IDSC3Blb}{G4OEvHr?dM(DW6;`?U6<+;!tQelP_)TY^<55o z$ldBIxv^8J1<~i$gBrUsYMS7@`w8B$7yf?kdyL>1@%Jl6yt=x2XJ=bFE~b_u0t-34fioR=qfoUsPxw_w^-UjQqaiWQQJQY1%| zEGC8j{)bw)*Af5za&`RVem*~pPe6_FW7lImg~F|U+6&{+e_}+{1$#P1_p*(w{A&DbhNe_tl5LQIC*RwA-wvnJUmBm zW3LO;(>5@uMg=qA27`t3KGmhaA2?mQyZd~%APX<=UYH43KFDn&o7>u&8X6?PGag1! z;1{A}YWe}fY(Zh6TmwaFYAU#=0TigfY6a+P0AJcaI3SzFPD)SrhL~pX6$E9=8UQ`4 z_0rSRv%nx4{9cXQy%XN5Wck9KgKL?YkrC<8F)<12NZ@%(-pB*NaIo9h8vw?Rf!6`rLd~M?z#;>Tm-GE_RT%dX2J9u@)ue zLUxz8YZ1!9BPFLJQIGuk^@9KH2^GPqdVm#{2cow{+cy{(mPdHH$VYBMO)X<$lB=j` zW@&i{(xVAQfd`Y>MZPbj*eF-Lt0>3=$xoXMI}aM5yUtT z;wFl-%WG>a9GyQMHAu+NhyKmhag+&THtHGbs8voE>1 zxvsp(qM{<)%knb4aMR_qu};fOUfRT#Q3pc+_Wg!OKtMhc!-vYH#>KqulB)l4B&Xv+ zk-pqp=(j9ESt=(d2f!xDQnLse02Y4YFkrU^ofbNA&zL*z zd%#p=a>@w%{GN@!0`tC7akrLfb4nrvi(gkY6JVv`L^f$ zkMqrEf(+QvmixkzURK}OIAsqF509J=0tyM0??5kUg!{;NCF#>Ao3Vv6RB^Ffs30hK z1+La7<6`d7+6m0~Q|O`r^5*&r7Q{?NjKadl0CR`=4^;lw7-OG>I$x>Z2L?40DiZV( za~3s-=q*4O_wdQ%$Fkb1cM|A`Y;A2xX)o9>559SGjgfH1+tQL*k8~=q0MORHtjYPS z8}j(t!%4z~VyTc1sYvQ3gA-a=ZMWw0!Pd z2?;MU=Gu~}xDKf}9xI2_AcmT7^D`XL!26sUy1J|dtgP_LiZH7RIsNllWI(lM9;SkV zw%C5P0;T|@Q_Ekz+)^b_whR}vy1AH;)KzA~#drY=t7RKd7EDFR*fL#ZK_Ma6lqrUS zqm>?qQ$0Ypj%QMv+ka*qZcT?z45AYN@m)QnL~QC^`(Zx1OZda* z>&K6b9IV3s`!Oat);u~oil{S5E|is(lZz~iRDw_i9}^UTn1}H}!{ycYg36E3~1e&t>zaJf>V(C(nvct+~s$y`@DmOM4-#= zHSMb{pWjf-xl=rR+@C?J8c>89d?z`zA@}HmTL~E_j?4Jb_$CRXF#>yIN?9~Xc1-Lk zMTWkC`y{jf%fT!sY@#3e_gvVYg9P=?P6u!$JY6PmIHIEPp8YTP0^)usA;p)DnwKwC zK%H%HFdfv--a1^Nql2E{BghJA(8V=nE-3x@@k3T$U{SG4M#?dlJWM#y5u{G#24BA( z9!3GWzolhiO!dRH=o@e;SLA^(CacKfb`%ZTKoJupn<7XOCu9P1rXtn=P}fg-0i4;Q z47Gva+o{N9V$5ytE;Dnmp)>lP8GBh-PVjUxU{>esmZs{xPuz<=qyi()rbGF1N3vR! z?U#99*5f&!un*|C;Tzvb6g*jfUTik=z6)EgJy8@!U~jb(D!**F)>%DV@vN@PxyCMS zF#nUyJx)1yA2ofE^v|f#Vb%e?de9~|3u*WsBhx4f3 zYkae|rpEi*_EjE!uU#XE1E<(TE&H%gXv{{DWZ z$KNZpH?~FpBbXe$r}efhRv_mBO^6e4EMN)eUgGOv(f%|}L@jccYapFellsq1!D zl3S~mbVoMo#SGH$B5R~kA2c$nYy~4xP93SpC1!I@HkEl=vd&YHg37*8(M}D&-^0;A zt!Nt$m1zyQx}_Xp$Zqiu_G!IIy%^4Ha(u5-r3n}I8|V@^I61$&D=Xu_<%fcz zeWCsuXr-;tU>?r$bgkQ-`H1xIr5nO=Oz3A@ucii!WiBgJXq9YXmd zJ2{!94u=|12BRiCZVm;U{GFmfz&LFRV5%zKDDTpyTI(K*k`7$<2ipH|y^X3%z>Zr+ z@rYW`*BBLluV`x?M%&+Edl^*tVanWMnDmD3ac=gDY`GitXW~&42D18>(TXO+A{&=U zHO(X?Qykg8k#k5$NLbn}gDxNH#fy#cKtTGE<~ZGKbN+jM#xaM7UKj~LYcA8yY?Di; zr>E0XQztpGxKOzH{5?JQu%O*BYc;pANiFM{o6`*?2c4nVv5PRkBV)wM6ZZ4<_3nYs z9$gj;psQ+UCns{oOTxm!Mt&ecPRdUPw-Y8?Zp^+$48YEEYR?OR^DO6qNX8~|HtF)O zqSBSMUdF}6U0wm*WCSA@S1dE2*0e+aq_Tvk)X(J{Kiwx??>V`aZ7UOUliGHfHx~U< zFK#nI%PxUc|2l%n>-V6X^E?sLz*PKUX>;g{jR@h!LnhGyA%{X-_L}-ft7s*O3j^1w z5M>L%!QREb$-zv9GqztGT()e(_42yLcnRQmU*0poU6!3WR}{1gYH3wi0Q6N~>g$tZVOOU_M1Ul&);^r5 zl9E%?S0Fjgdez?Y#xJN4mu z!S@(OiR4~Ngi(v9=Ckg}*;yf0Y$DJJg9dUJ>j7A^hKGljrHB5<1<^`_2F2G$OLhA4 zpSRvUgPF0EP(z^Wp_;#!S5Q}%ICc?M22h_~$)#S09}h}HrXq|Var+=J5Gt!?J50$8 zvfTio&ohi)B*VnUrVx7X9$=Ia^HWny(yXlh{{E1oWm?1_@eV|nEwMpK(+y2pvuByT zQJC~Y6EN$;-I7~`c)y0*u)MoF{(P(1mFw^2c$_WWhn5N@-^`Hidt8!(OSqi$D70dY zoP%-pYq{cYHx0>ND#WPm=*qDVMT+{^FZM${FV`xyl3(N;w6wIA7R!4_N6;QHw~2tO zLPvYMY~Pyf@xon92o)T=VNzJa?X+B0T}@&A_t2M|$K;TAd8Ymg+<6`q@<1tZDWclY!Iv)?|DBEHaYe}^~`Kb#Z9t2>=Npp6S z09bj*gc4O?_(aa1FEsNGE%1u!$_rwz-G#s(z0T zzfXE=4FO|@Pzu82K2t$uH)qvT>WmrexZT}d4PoSj-?`Hh+kdb-hA&6Z)R+5im=@jN4|3=s*^=oXp$u^CPqwP( z+m}PRKMWeH>6wPudQXOWAp3l}HCXi6@J(4@!3YgOx&J^$DEKa4(RvB*;*+(~drDfS z>Y&E()w7D~sQ5^{9W^M2hkq^HaTR{pL#NWjA>w^Ng&?B4jrf5b7Z?}_aRFRV!Pk;B zbL~H$Dme0yc)HmAuDbX)RhJWDQnk#|(vnHLcTdTAXU`qaM_1PY|Smu3Sb)+QZY6!&a}nvXcC&%=Fv0Y<1yg+5|MRdV1Fewk9Iu|8IvVB#g5>cYQ3Ss}0S)wKkaG*2mKlJwzWJ6;BmLKZ23lyqH=vEd z9>aB*o10_8jNG8{I68+3w`@m0zXBdqTP*@+HPbEwOqK`&KBS#E8QGO9rk#)3Q9={K z*X<}1y#2so>u3;9D;)Fp)YLwCySu-{ zwSUlzWE^N1xDfOwv4%a3E%cDA3Fb6?bAbD8NNiLtK_pP&7v`=c41J94a>u>*Jgq)D zS{Vz6&$3aWdz+d+gS_FN7w;)?xSXdzmh3h6%(M{0xzS<1EDyl*z&JqZIvI0WqfnSL7pdEp69Pew)t z#)?ZV^rw@59?iLXS1|R5n5B&k1ud2=vykhC_(B9#W4Eap@c>0bMwb}Zzvjtl6-Sr(Fkzx?< zWdeY?xR{uH0Dek&_&{yhe~nKerSgH{1V#ET?=PT2; zU>TufbzvBd?gx0%RT^dh0w2!qe&o~BxnXT75M6}7{k8}({+wGT?)~6VB-gcTFG{ST z0nl+(Y?oKP3W28fPhSqTOw`T4Kj1XMpX5_e3#1SVLXhYR`CEcTS}xaoGgzU}x(c0f zldVaj>&wV3EBxyS-ltJgaJWlQzyLXg0ZnJ;9ZD$iig9awzfnG`V!SkxIBB)0tB>kozlrfF*~*amuFbKuJ!n0>LFL ztfo^u18^>cDqZoxfhtXHV`G9nhx5DEZ~Lok9#t@Gt3dT@SLj}S4zxBv`g<7I?-(1u z12pl(%N*qe^mvI3a7dnPPUHjoDJ>=C1}k@#=(Isf$rLbQzuRqw#-(sPm*p%-dPS{t zbbPGI>`OG0EgA=`-~4QlM^Hb2NDix#It#fl4%IFIb^1K=IA4JR@%3_7hm0$BTpk2a zOK96`3Jbs7^m+*_w@K2H#|AZ}rQt+r9L_Q1G&D>^yCkm%*vcrrdu)mNJ}ks(k8FtFZe5|ByMxKU>1 zDE<@5O{Sl-72rfGt-m-s%f%7)381CJaz}%`memhza4{qR?Rw=FMFRsdy~#(#F%>fl z3q$t$`U^Cok5IqGSnP1DGd0OKs-IYZeXOxwvnUH|){%ajIhd8nO__n}K4=D%4AVaXNtnoQgi=aF*t1N}xvwKwb6z{ntPPBg zg7?^?FYf_uN22lf9GBeqGs}@(-TT;kjXWFSDy}c%!EAc{^weIS zzcHQOA^iYDAMS$ZVbGAfjN_rD#GfmDS8&nOdm9%=1a7eku)EO_S|_Aw=fOl~q=&R5E*w6WtLn77IFM#pq_PcAO{xd12UCyvuH!X23R>zbfMp2uLU zA)}gY?(E#lHPPjEE6SXZ288I=FRsA3MWOjL;X=Pi5dH=QHGEW1Nd832f|-mC+g`eO zajD%W$vpx#M$g5)9{#f{anv>dkkz7>L3cLW6#-W$`Vo+YE2D%qFfK>Q75xlqbOumo zN{Y_Zu#98=js`07)RAYcU z{s}jqYAkrX*$pFG`C+0aBUj~szmQ&U_*bpEv9ZJp6&edJO|5C|=*O*~Q{(Yx0`cqD zV^0^1Xzi~c{qquhvULB(lyjJv^5<)n=zhK%2zSFHmBKvIOJGYlyjQ3P$L-ktLz~w# z$V`@xthZAfBVoIsKl}ducn=h+ zl-e9@Y-v|O*Yj2gGy$z`IE38%+fUx3>lzzBCSeqZ;j~%bW?;DMi`XO?La2zI$T~V^ z9q+1#Rue9~0;^bUyaO^#N}e#-AM2(nAfh-ULS-`<= zoJQfttROeH$@rNW01|sGAA<0j;$T63zxMT@$4^cHE<<;{`R>Bg+sRJOwrs52g2%uxF02x|zKC6>F%17J_7eF_R-9UaS6qH1(=tr2BYlh^X< zz28$;D=IaICMUOmkgyanoWn3c#kc1PD#rDNXf-jr$CbFnwW|O;B%id`ZFXD7-}rnK zH&L!%e>0ie-`;Ri7@wRXszuSR0#Psn@2N#sG+`Jv?}+OZ6s#e)czAfKsfO>}#kqa^ zcCc_{E*pxY5Q3SDC*NZv6?-o|Z5WM2@n&u@btqNS%a?jOCTyPbP_dR|Cm zg#VvK;4iYR6>p^x;ySyfRM9{h+C@&5gL*nH`nf&FuHl(1o(u#{ZJ^7{G{ zjH`>Js(KcNulMAAy<>p|FYGFlV&frfekB^^dIeT+&*K956(9!%w{6@2(x1+wN5t04 zc~905wD;c+g4e~Q@W>-Vh)hmSYZTttglA6R%2`m5cnFjo6l#juKI{5$x0LwQ^mMQ2 z*qER7FGv97`7bS9zA}W|GF)7EJcltBiGj;F_~cnsl*I=up#lM|E?9xJ5%*?R(!2a z3VZho2cn+cUlv!CW`jwJd`2&S{ zp(zQD$BsKWxoAyalnChk{qF1e`O$KAydZbGEUyT9#A1v2X5fl+&vM9EeILdL>wDN@ zgfwmk5Z|858Ew z9b+Xxhd~@gBB8?LpNAOg$g;UsQu-qA7>`cZyeIgnQA$!$g;6Mzhw-E>nyi%^%r|dK zbXWyz&dmug1v})D>sqYvSL?hp6_b05=O+bSSw2ea@do_ z3i%b-3+ZUX=p_;#>)K7DQT}^WvvrKmR4J$tn-=Qd6|eio#5lDl#mCD*DG9r@v9U3r zOD`;lqEid;xc_6_`tM%yx|jFGIDjqun|aD_R9%OGKL92jWo50Pw1Ew(sN&HUv<6`2 z0>TfT7AtiykXiWM1g%DfOGNT6j>8%_ztpGJ*Lzsw6uHHp6Grk9)7`dnT9O)KsqT36 znL;l|?2#BJr}*vL1>i2}xe4l1>TwMXs_EE7o?c$=8lItkK0YIz=IGp+89{UrW+GbD z)RabsNMcbi$~%E7pO3E=Rugcc*Fh}3Do&t*kY;wa;N@=!#nsghX=YL(hW~WJMeD~Q zCrPjr;PSCem+R?lr7>d1L8Z5@!x&QcJXhEdTOXRo4USn40$&1}`Vk{oncv~iyzoM! z%~fUw+J!3EQnRl@cAxOlhIH4$~Ex_kvAI3gmiCVCb86k>cmu0J~3M8$he!@`tZ?S5Zl zqcCN*$QySnt|S5de_ZHOgyh%8a9d%DU;pqINg(?Z2%~H~D`< z-mPwLqu;-eBmG*Nm^ixS|BJ4xp&|B5*=Ook-T5>sfyqfpBd$ANH$SIMb!%wW zN$KloY4z?yi9Vbsi1hICs_?Dc*`WpAk{2Klm=&;F@S$n)8)*xBPBTcK_szo~$2 z%w=Rf<0N!;cK*~q_V~D@q@=moTday&B-OpB-Dp5t{EF_1(BGlTIo_v#MqZeh&bw=d ze^o}~+tNJ~=cNbZ#t-}YDs*(}!aMJ$1*MDLzyj=xld3HNsuPFtM{t=41GJA_-rqfg1aLPqCT;F(p|<%dNvgQa z8l|I#WNz?3^)=CTgEh@8?Z*20m<|jc)%%q^98Or7l9?q2cfRiKrlv_4w+@>>!rdYm ze8WSMulGW?dUTZm25m}PW%0~~ioM~-3?#SDE^^&ac+Ds4G2|L@afj5nwX@S7Dkw1K zy)voyVpDeTF%(?P2w$<{>q_e+3i1`!iN}^&R3Kq;CzmKSEp0w=d^`!}9WWW^lDG{8 zf!(4NFYGK}>Ivagp0)FT0EhnMX+RyaYXeBjeEB*yG{I}L5T2SxR5y^9mi$VmyIsGe zpA5HYPDLf8q>Lqi%=prr-2MB{zI;qo+4|z@;_SSR290aC(4W5c70I;zXei&5@7;p| z8W;P5x+xDUK0ssh`NKmvu)=e4BnF<}-un7NCz2NHARQb@-Q8?Alyq1lE7ovv4mOQj z+@4B;x8>coQhh^siEAfU>M4g2INxBx-?8)ss6sKc{vlR*K_SOE(-$sWu$n-l<^7&* zqVjNQAMC_Zg17|E6Acql4;|zxC;%i%X-dD+>^ug06q%CQxjDBiNDegn-@dIz2(D}< zXP*z9<9?x&DtLZSxUIFdtV}E)00G&ogfwuf%N3jQN6kkromRA(Z@eK+rXx~NV1q|| z*-sbPtE1Xcal*3>rg{J(+XJXe60mcae}2JRZx%nm*CWjCO|(_DC(mQhgjGvWRnXAjQl!Gr>w254I6Q(Q)whuwG8NvYuS0QeKOel-m>Lr=@>l& z;A+`!rV`u#lE3j&{wsg`^mVv)babE)pSNevxbH8lDkf5dqBv+n)<%>FVbs(|Dq0pO z?Dpln{jz%O@f*yMdJDdNam-++CG{#KlTp~OJVnWmQQ}f zte_sRaNiARMl$_a%hjej3VshBK*1{EhBp8&b8U|R)U;3>GVm&8jvFf4uR)={(fsTg z@zwR47ufD^pX{EgW5zgzgk5m*uN)5#cThPcL8hv}o)_G7kEl1JSiZ7?r#M+qmpX!^z7XGG&0 zld_O-W0p53RTb__?i3CHbOzTz_*d!e-Drs?RTOYY3s+n$bB&^wGanb9G9mma^ z@zac|-2eYn3m|vENp*Mg5kPG{RPm93Mo*{16`Km-`Stx6KrV=k-}b=(d~NW`6!7&s zgPE19^k0TK67nJE7sUs8)~_T3vhfg}`G`v_wZ*bJ`W6hV3dk;PAt!NmpGv@cwRKa! z5hV$ZM{`w%Xf742rV2XOv?{n?UVxtELLg+><6x40<6cOk!s{M$q9)P0k0Od;*AZ(h z{OD`x?b?}{nPtrocDc8+DHKYBdM79C=imE^@?u5K-Q>Q*W%cY%^ngM_Bek$$8BwRE zhQ_3uindI?;{Ign;ou(K&E1enaqilZ>uEv2kx@*a)mxJN@}cMTsOU)%nQ z(f^V}FB1JtqOp_Y95RnAKPMY0Zy?S?gKN}=G$&Cwx{ip7dcAZWlOrFQVA9YEJljvB zu4^YiWlDC<8GggFY$f_7h;FFx?cyRev^Y6GWWgekL+i%4wh!(m?%qmo!KvIYsMwG? z#_t9eWMUFw%_Q2=3!SpIP7&MvA8qwMKk#zD2Um+&2Pdmxh0`E|^ZIm<*>PECKAs-R zYO$b#%(-#DysS*SxOTHHdBe3VLs@Z2%H+XKGOK~EY$wIIUs9u48%m@w1c?I$Y-C*Q zSmne-A4^W5)CmYEtqdpVc`w35lbu;}=GMl>r{gSQMUVCHaE17=gQLCUiI3|A7AT_H zr^-#^BE_P$*jz>rZDvV6xsW+)8OXT?CFRisNUtSFuZ9HYcQPuD8CA=C7rK{i3 z+PLObQ^s3j`ZRBaV0_L+{cS$Enn*&cY>@LcQr~d#mT{({$Tu*fTj-T?LJJP+3-!Qu z`ro$nzoWzBDk>Zm6b7Jo`G4sTPQns(lY>qzO8Iz#vx;mgIPYb&nrHn;ITJyGAhOIR z*$if-(WvCbyn$|4@bFMoc>z0=6xW4X)O2@#hlywPCZ&gzGF>rrKh{R2Ymh^-Eii8F>l{blMb{b7z?A&|;FX1Zc;zlAcGsy1$G78cOD7h3D})kKF# z1q5Q^C;?D>D+D|_osArm(;|f2ON8h#X-5dA{5WDpw-v&`&inn6rD~;do32iUwyo{& z6!t2-dWILl26sHaoWOJVo@m*5vH}vB!I;s8?GHTz913oNm5ZVs(V7P)@4?BCV7Rd8 zNzf3U?Ai=3)C)A_)pLBEaoL~bO~UWo0WPk;QFu=DKsG~>2E)ypC!yH(h8o*P_O7Wu z2*Npt670{9_58>wMOPx+UK4d{Z26R$5KvOOr3C3x z>5>p>q(iz(x*PAB?YZad^Sk@<$q%A4@B74B>tE-^B%h!Fj3IY=S%rmook;s88fusA zRPkX-X`obr6^@R^eF+UPdPv6l2|0bq7le%LQFh$D0k9DcqOk4RZwy`{EGsJpVT#ys z`}&LvwyB#TEej0t>cO~2xhSz-n1cVJR=^B+gNRgdM;!03eP$?A8aZj{A$n^R#Y&*7!+wL4jIxaD)e%Uk!;rP(O0aHQ;3>*1Jix+7YPs0h8eKLM!O(4BsikgoE2l zJ|nmNCONl#R7{3L%Wl@P<+s7XU<|yws6gUUhR?XKSn$oRgl98p?pN6J=BK!g$W(_dUhpCXAU3C07lS#-?4GHW?L1NWVCZ5Yh z(pi6)(k;x-6A%!9nxEbW3SZ0VI1mm>Ea$KP=uO|b+w0)F!L;y)9gHwaR~^URmi}|8 zYUku+Wnlr)3`AIn#`iET9N=+S#5%0v_c%*WO})#+R0Bl%YAweQ{FfpmNPieRn;054 zx6rPQm8YDt2Y?{3&0QoNTv@20)`Jk~k~Ekh1TN>PgM&ouF|>Ywf;n8Eyg;S7Ubwh? zg!Z}az5)!=yD@wfkigq8H-EP_f_?pZOtk}qN#*BT1`1?Hd&o#JG8T{WQzH`sr;X zMD9IRQ~PdiX~}0lpN$yxdSALs8X|VUf6MhieyslPY3lx4w}u2E-aLmbtn=%*q0H3 z`0r4gM|zi#vd0hpsPIvjjzuYMw4Y9x;#ILPe7c@HW4P?!wi;Gw$U{&P0|X5hm%OT~ z74c~#v)CgVe(YsYz>Zal5m{HG(J{@gq#nWiac*{Y#TeYRuV9dx5!~sW_%1Xm)Sli5 z;Ygymh|2Ii%!syoE|vIz$-EO33@Z~vBIkiKif{*>OP{(>i$-!R06D$IrZ5SuDrMCr z8WZ#$;ZIk29h0FI_ZVbB3QOwNarOzQ3&3e_J_q_}^dvkOy10&iZtz#SjePr8kLzf5 z(=o{GSL^#cbxv`A4*)rX3$MHG`upEh=S|vsTJ5Y9=8O$K8w6OuuF;MUYgePPn zS{8Nz()}9+|6i9yGdVz52M5lwsqB1zO)_D&ThyT z=+d{5^N8yV;A|0vT1yU#NQMct2pDPZ9uBL){hNKs0X(BM?$_yj{0^9?Dt{DUq=ZhI zJ>>WM9f4R!Px06*%)lx8TT<)?{pm1=Ad-D%7b`d>DWHp=STtpa~`aDGfdk?-}9?#aDuRd~w8JqH2yuQ6Ng@G6c**V&Y-9cR9}-g@amU z=~u*hd=D6@sFb4>)M<1nMtfeC=rstdU3@|f>R;LF6Z7P`DR6tm#`s{syA$A`l zl>Al*5f9T2PPAWk@or?M9jVtpp9as+FvNdDw}!yejXm?_cK}B2^z=<biC4S;l% z^KR|WtYyiagPuCaS=CbIq$Ju(yD|$v@f?(#YE^f3cb7P-;?&f9vp;_hCmwd@4vT7R z#=1(5F{s?kUaBtZaIlTi$^{Ko&_-soGNI-*c=lO~Oz{d2frjvJD9EQ!NXn zw%_YzR`8S5ss9EG1N=@GE?vvbc>}-{;PYSA@N0{s%%pou)7=Ny95oxiepQQSs+vOi zMDK9)EG8lCzIJqIMVq}}HUtTnQf25BEBuN5T-lhJP@E4TI*N*)a!24M>I-g6i8gQx zgAKXWvIrbUdg0heIO(3+ztjHXeoIqRhis!*`A?{HIFqr392|CMoAlGMiBc4K7Uku; z5CQ)F^VRPQ3gj}k&lCwB%^yFk0&Mj6c6>#DButXa*sz5>nuB+$MXT zuk*#10tfYry&?Yo>9p6#XYfcmO2o1Ptk(hChj#Dw4hI{QR|CDp#l>0Qfvn6vA8w)A z(Ja6vHQ=GD%CSz(FRZ5495@7E&*mnpHHMX$ZiyqI*{_ncR@$n5ahiXww0@v?;s2_# z&|U_XU?X}=Vv_0g9Q7qPIXR;6@ndqE%N1b+AX|!gMd<%)dA9x{QUAtb(N72f!rd4x zvm#5mjCQxGy=rGWhBRp2Kv{R*^Y zs{D_7vM|v@?1sO-5dug9J;}3@i<~n3FQ4hta{n>J4rm2?1 zI&t}`!UQ$*lOkDF(`TEr)(;w`|B~{umHur`x`l~&`t<3)zi(3uZQ>9hlLf!khyhU5 zavpJ+^J!R0^7G>2qZK20IuCdHIZLh9ciJ)*ZZ|Cl1Wh za&kt$BpZbpUr@T#o5~C|<5i0Tt8}i3V3w6TE)q+DKikB$RiYjBOc~S63tGwE_Foo+ zFW~CZv=WoyMkd)M^ha9NFFK7yZGNgTB{OT;xK@?0@m@)_H_y8Rcjz97e`kk*hqrzN z1|R7!Q@69A=8iAv(-ol}#4?Pl)Gs}!5mrr$%g7s*rQfwz=V$HEB92;IPZdfyH45kj37<-8($Q#l{AMs)!GE;0W(u)8_L*fv)-yQF?Sx zkD;-S_O}RTG7Uae@$ESo_E{pLdpqd2YIEY)r5w(_0A49`$Ym=$Gg17Rmw`WxxH||N zm$|LGdPJ&$-e6ji+3bh?g_KJRp%R66(a`Q%U>s%q9bq4{n(>Znv~?Guz7KKriypTu z6zUF-yTI$A!~9Ds&KCW*mG-ZR{BI7n6?C~Yf-nuAjl7JDi_2vTk>5c*^9_s)5WMER zL5YzVcbi~Bu>52sx+WnhjgKSX^pT1&eDX9tl7|is2j25Kg5oJ+j+Z`uyI(w>C??ck z2!0KixC3^Jr*%O)dQ40vTP5@oy1&8&f|f6JJXWhX{ka_a7Z>tU9PsM?4HcsLGYURT zw3e;^=55BpSp|^&iFy<*pTL7-FM6Z&qxOEwY0S2fPP~YYGZNrWCRGcn$G?kD(9-;l z{gmQMEx%dE{&Iv**F`v$*(Kh?SMLc2?Ff?soMOKQIlGA&$H&D5@?aNweIAG!^G4Ra z)^AVETzr9^pw)@lmHl+c_RVPeV8DRFpLJf1vzD$*tBn|Mhfq^>e>0Raejuh_JiItaY3g$1S*GiXM-XXgWTi4{U+8%| zmXY2+lC0W+fp$9vwBhYUqL}ZRu%?&$TP+L@&7D=OgcbxoSd9s$_g4j{M2g- z&0euCMfk*9{hLuf3 z`D9pA=g@G>Lz95D@H7ak=ok#JA{8<7ux2o+l6Y-vxKfKAg4OiNYEk>xlzjTTin-Bn zfH!ZJ(Su!gUX$B{Ynao2JWQ8=d76?Y?3K{%ZWK~xZ}E;B66Rk~2dnGYi{h5BjCjij z@ZE~!FBizph2!Ti#H22!sekJH`_N=~apBZx1(G_TJ-(931tA^8z6YC3R1XllU>O2Y;Ukyg?cum zs7F~X7&a!LPVIWy%YPjp@JGFIXrsF3CE0=5h#CnE#Hk1C<4n3%4( z2O_Ep6z+4^N7zykcSXn+DsC%TXmxfni@piS(bev)FUnkTOHmene5&OZdi>5mASXw| zJvuIK(>)?T}iKf)pxql#D-l4;~f3MB7Vg#J&@u)Msh=|l= z?1z$2`xj>pxDnh${d3~uvxi`D?JQ;>Cgf5~cz)Q;tgp+_(YBAjM50PfJx^FI6Yh||+;7d|9(t_vT|~7EDTpnh|lkO>96a zhUOO>L|xjLc|Auhl%<*Lv8Lu~Z4EYut*C0@j6SR+)wkAk3;Ml{yQ)$B6_PY>yc)lo zTm(G#e75v@U}f`S$o8Z*ILSxy_FFIX5T9<(#-$-uPZ4kDn5Dg1nOgT^%jZ{a7xz%Q}dr~KA+KX zHt$!$x9X0FPMpKP$t;YPzV7vbx)koLO<(aZmR z|G;--+km@5UPm(tgfP)D+k~7yKb}SB^v)Q0lcWr_97IWa$PUw(VI7 zGg3r;Z$oeg`mY-kSn$7@$bWk=KZ^ifKCp#=Q~#cO4NuTou*lrtle?=uTzc|dSs@Zn zcSNumJs{|7y%M+H^i2`##3lW`6K4i_5EXoDc9Dm>z2uIR8xWSeh3)E@U(xk~u#uO%ZO_}^?wfKvWXt>gsmuX<>H z!0p16!v`O!Cr?1n$b4C)9oaHzPzzG~nu3H`QVbn?J9C)F88K^_3Pm`48e(azPZjGg zRkzH-l#+z!|9g$n(Es;;_;32=e{3K)oiu9Qxyg`c=jURk5p03zA(cTY+%0gLzeaCG zZbi(}2bWhOjj#|6c@FSjN$lz4-M*7!#oJ^?CaMt>PKrdG86*~H5^(uiX8E^i!g`(` z!pwS;5ITCj5kg5GXcwcl%aQ2sj|6{w%gguX`tLcz-(Jj)0XXgofH1Nozp&64ttBc& zSS%FiWxYNQs*^X$ui7C(HHX{7+l)Ze{YWb;*4p?POZ)Xcg^jGMQV+@3L``4a*W$8| zuFS~5#5OjB8$98h0OTjnte=Ie*G=jBhVW+W_jZrS&n$1y3!{Bo%wNd8AOG{IvAFRx zNtp)fBf3-l?P>jH+WoBpzt{5hYg%gRGjLD?QfWzf`6EuwB*;unNtuGjI`TzHQF}0yZKLE26RwmuC1?&{hWUWTetY> z%i_^VTVuGN%qH%qj(R(sF}F574TBmLceHOZC}Xg}Zw$n5{z_#+7r!4k(157;^@Tn7{!el9 z={tLmP>sebg}?Pk|HY2_`=^bIk0&G`7#JG5-r?&Fh&4pr2G&Tuv9bJvj49ueTuhR9 zH&Pn;{i}H#w|+kPxU%#3qTyrsCUr+@X__LI$JYW|)co7z^xHYmL*6-PzlDmY$p~A$ z!ju5&l9^}=(Mi3C(J~dQ2J&ZgO3%!ViIgghjfSrospOZi9&jJ!nxKXMK=L+QGOC|2 zLvMfM`eWPATh?`6)Gy?4h<9z0()E8d3$+CIPUU}2JX`$8;NT-YDKtanbcsvB(c|d3 z62;s2co&zJ1p^xoMXs+rw!gAGf(%5HiJ)^FY_ay(o|%gF#Z`JVeS5@V6^;1$#8E`x z>E`+CpfMJK5Bg(sy0%II7ytL&f+i;QzZ-|EV4kC((Ea}Xdx!_@;|&GzefA}^Cz{>P z@sx9<;m=lQt@PR7^}D~Ne(YQZ&7(laoV&_w648-HR}m56pTq}U)(v(!^sDA7LxWeF z?v0JEI{YO!)PpMtq#>xE|0crxXRH4c4+`cP|L*UNf3^)db4d}t7El6$39mB;C)Wlj zmz30`M#gxTbKZbToaX&M4={mwLle!s z2-+x`j&Q#_n738_nMtr)DKY(|#8k=I`2a903v+W2=YUy?RNd`>s(@gi&0nXZp?Q45 zRkE_WDkCMO#>{T#_;bMQbE?SP+}sDvpS!D|04llf=tJ)V($tzaJT807;U7PyuzL!d z6(NqhSwTuRI?BUS2~7VeJ2y8!FenNf9vTuC6JyMS*-Xtp&vbrI_U7P=7+6nl?d)h) z+8g<>4CQNx)OGvU1O&ndD`Mn-`37<7B>*$qoJyC?jS07|6hYQGQK09TH(aAKqkge9 z-SFiu08(nq`|i?>rqzcyd?!1*b?{^wMZLuJE8!)0KSsMAtH~jHIlIY7Z{6y^ zJE_M@D=th#3dw<5fFUa zZVGCA$JrS_M;Cb)^Bv07;`h@2KXcQ9f^`6G4J@X^3~V4Y89=h0Dn5SxmGW4?&p_T^ zIQr?CPjz+m6TR8gzfd+Pfe#x%)Zyyll4C9fGfcii47;BL^lAmlKvDzr3>QnA4LFOr z()Z0DvakST{97ZT0%Px6_%Y}he#@4}DwbEq?ZJVELBJ%0x=F%r`Nm``eErHBFe{k; zzOk}`Ql`Z#JNhHNPzw9p$MlHfYjixOlaoG~p{cYwZf>W5Wk(AsTUsK>cr%ww@89IO z`p>p+C}1D{`VaY3e0VNI*dQ7Z7R3OA1PB(J8HFT0yrdU!!qAk?Z;@TQCZndN3}aZn z*z4zv1?a%Bs?h^dGpM9Sa6pG7W1`4XsH&{I1GH4JWM5GEWTmI)_JIkhv>F7kYL(Eb zMtd&zJmckcGb&Qz@`lJYMH;JAaN$u`FHfZQEfeJBO~Ci|5m}~~z9SS5?jDcJKDi&; z7cwxZcGDN@i=nFnHkzCJA~f5G1s$Dbx)UHHpro~NM1#zpJD5ui-EKaZXXlm#tbsII zODCsb1{^euD{{{NysI10Lq3yxQA1p!LANRRt`ns;d~0g569yeLrW_wkN+Z?ni9+F+ z$;nlPn{u%e;BO?ba2mn^%GkvKN`ADx-D6eNsI@Y6;fCyNQzM$tW4m7$FS(EWA^@bL zj|?utgWT$5cC%o|)Lmt1dj|(M3>p?Cd(aP$2&3pz0El$l0nv6s9yF6tcDSLH2wJA103K}beMn->uoJ3Kf@NLUbo z*Eieri~y=Er4VU$SU6X&Q8@WrEKrdpqfUerEltf8$4$U@^N3h=))p4zC;^H3S#DEO z4n({7z$m7KH+M{x|9@}~92mg$Bp(=3=cLb`J)`0v0jiKZER$4h{N8IIuQlG0#@Xr_ z8Oh02&iV2s=^-dU+VRY&?|}Xo)KXCq5$|GRz+mYa-phT42X^t64FHma5DK+{@;plL z#bsif_G%`rZ2WL-k4?;uKPa&2}x&W z@cN8}TAL;GsNZ)a&+WWQ1pOp+DCN4w_$GT^*(w*wn~e+xtkT@O$M{JFm}L19i$=En2$IyJvE;0WTx?eY&Af=e@y! z0oya+ZnL*OG`$I62fO5Gl@ntNF8K*k*S7=@EXUgJ-CdMU_f$%2rdw=@o@k%BE|lhzx5l;07n>be=|XAQKYs# zIy$ly2F)fWcFPiFwg?FGT%6`x@iq?RWo1>>a^QxgGlApc9d)0$Ekszy(}>05sqOFY zx3vNSNSEeN7=z-K3<4%>_}c1&qE#q_0Y5EZ;QKX~}fXtwOJ`cczkm=UY7%u~eecNlbu(XT{ z2h7XDV)b1@LdHYir^HvUzR}*>-d-=)G*!fj2Evg*Ak2#$l#HhJwtu3OC9h#8wzTcB zsi=X!2mL=Ev^b&l56V#S)2at1`P!AruTj>Kt=CZTpLd`3ltEOYiad-WU%uo&mq}T9 z#0ah*;SXX^NAE`*1hRf&GVgIf$Wm$voPs74U@i!c=o2sp<7oy*N83yJ9KC=wOq>GI z6HlI`E8Ezxs?qafSfVa>ueXwRJAiu`ijHCeJT7Es1@RJ8kt5>o*AssfiD60L5fJ3R z?H6mZ8`TXVv7okfcAl9A-$EmlNgTq_-abYs2~>x3vOJ22hH%QKXf1HJkdr5Y4JsUf zQNyN8%eaRv;odknID7G7b2-q42=z< zF#X%f6|8-2^5E-R_5vV>-}?u+@VQ(N=mYtSD)-IDk2X?L*RpcnBhPv6?KESd*w<>H zNO|s7UQ$9gH#++HL%_p@dwB3fKsqfO`EL$xU_d}eMK-0Npr=lv)fJFxYpY6!2Gf(Q@L5f=vr2%Ks&x=ViJ&dMYSA9AW3vZsmMr@3AvtJkEbaG6QM#QG9hVc2I2sa zcV&wYu-&)10!odA_x8IulmeYXNgqt<_JLK`1wxicYUIubqv<;E!;fy)BC=JGX5r7M^n!H;oqZjQRB6cQ^qv!L7q`{f>1!GSxl*cX0KfY{D}Cl*z& z?zB%%rhfdm8J$U-LhI8*54FO^FfG_|aMM{`;bF!^kv}`W>Lxtv4<)0D$;9~U~TjE z5fM@5ruCJc;P_a5R$(6vd~=b~sflD88w(a;loP_=AKw;trs6aB#!xM+uC9*Qq#8n$ zvyP4ql|oQYkD~ksBN1U?QO8%%-$~5V-GI%{N+&?!F72h<-L|nW;jX_ zLVgznGYs@VO)rm`Dwx0r+Znk zLTUM8JNR1CcM870qZai@{g*jByIT`LyrnKSE_oM zoQ`Zuv(XyuEL*faJgRtCYhULVbY2|Dc?x%LKj4@N=E?kU$OqnGf8X8U(F}O}83G-r z8T@!b_lJ^SS4t`CRxh*th4l<>%7YA9t{_?Ii7r4C@j5%{~m%@ zY^;HC^_WRJ`&8k8QJtpdd?)>`v|MnyJ0;~|%K09CP8yY;7K!d-nlXo^sjlnbFx#}L zdqt^Bck)U?uvg3UBL!mRxnGA*{plDnTXkxSR$nV?5aZI6TH$IWSXgt4+>_H}$}i9_ zizXiD{&F%x_!x#-9k`sw8MJ|K8=j1OFWcSwWJkKtk~H(3$OO4HSd{Ti>@^MB$>w;Y zU!Lv(1vS5$>uYu~$5)Gs*xF?Hvy8$9;P=^d_GjEf6TTMC&*dpj`#%eDHx+i9YdoKy zoK=dGk-cPpob+?rT77i_Wq6=0=Kk+kgMv|+p%e`{Dv z*}+i|7aIc|hpoy#@;Bi8>On zc3gwwnTi7)ReDr|g;HzM)Hl$nfm0tp-(po|CG>RdwVtSsyE3Xzyk~fLcycm1DoQqp zPD`uyY>tmWNT?yIc^lkS42_IbAXS2}n@t$X`X@A@o#KkX+EG(0Q0aTNwZe57#m7ZT z<^fR$3lkGW#7{zEgy1rhkid|Dre}UOAL=kLis&va;fD(>I3U2u(Q#*gpOHm}InN(T z8V2HT;k3T|JB?sW;$N0@cqBvC;~0gne|RILxOD#TVy1or`U7ELzr8O0Hk7bD$LDX)R4ZKka}^U}NKp zcB#9|Ys_HmTMhLyKY5nUt5s@9rN6kGzez5Lz}Q;-*yT83TI=dGoGPN0*7famNTsDj zmbLa2wK6BQ3x~Dtch}PesoW%e^pJ#!Q`4;4W7nun?OEw+VnIQJM&p1m7Wc)j=@Me% zGf`9F*=6>n(MVQTog|eUQ<1V(5;3AHr?=WFICpA_RYz(rIof$Jq7x#QfHJL5O#mD%Ol!JB}4?e;S|x#&wm zJy&93F0Kh9B6W53-5Z2|ptYpaurb(m9Mj&@I(_E6+j;m4dD{QW8rTP-E^LhLWkpuA zorj)NgZo^i>36A&j2dFN%3cD;hv1~zi<;_k9a8DzfI?lJWZT|H1`5Qup!@l2cH7s? zC5t*=7}s^cRe8~v#`FB9aD1IhmEvph0Njb)99YD~rUy(8c*=LM5dj!wuhsKIvbApw zt42HQV`2nR>K55iL~1;3zOCX=9Q`O{SEpyAr?8SqbGn$1CD#M3ng=G?G~QkxUKaD} zK4grfJ-H$aDI&F}2Q}vCk!D8IFAnxFZP3UgXJ;26^`-WOM-(;gMtQ(J<|84AApadb zFh4o3?$4#YYq9@xfy#-k+zqEkna!5OJ3a?5bm61TPq#k#n_W}i%!afIM)tlD7v=s4f%y_* zu(8 zkw9AXKSoEnVCu(CK}y9QwbjWPF!qq7jlN22b;ai;36OfWZ zDAxGPQaT{%ds_ka2f@gW>}lfV?>fQ#3%2*|t#xv|^s zVlbVX8!LG2QbFh*(ZYi{;<}?I$SOUmo;sJ0%A)#LTP4c|3FA)CFM_4POYp3QYoiXv zCqSMBi#E}HL*D~`pMUx;GVJZYZYF8=K z&dx5wSbkv0MD6HzbnNf3=e3!D#9-8Zjs+@@7*sKqkjq z-6~}Q1AitI850x410D(Qc%QR)#zBZ*eH42{L2+%vC7_tlw~Poz2r#0^Y8N;98DfTX z{68Wq@05-Y$U2JVd@4znV-_vs4l7wWiRf$GjeMjiI)L5GY)W6y%9!gpZEZgFsEn<4 z$5H=0<5Sv1F=ELsREFntJ?&xO z&>D|?E}whSQ#?28m(!T^4*fXckJtoSF5Cq17E*hsXxiFD5~(+*Z5fQ!*E0(;62Fw! zY1Eea&X!D`Kd-acIA-{4OKpPh`-t~4knF7|wFf4?9JbAgVBkI$7iZZz%v!B`WoQH? z8MdCed6o6k(SW)AP)hO|H;Cpa<>MI89l%ypi>`J%bnTm{W*)!gvaCobAt@(kA(l)8 z=NunjB9{%zT4iYp*W8cZ(NrudhsDmqybh?4w@3P^p{ySnDH&>OlOMpoiC7cSDz#YR z869Z~LOWPze0lVK&bix*-%Z*uE1!#xyqVI~FaDih0B%atxu@=0--F?{)*n?3Z^pD! zKDgZphCqPiYf1>+s&b*%=yAkk6h+n; z954np>bwsxdv`hQ^EJ$|3h7cJLgU570ZT^_vr*#H$B6+*cLLp5BLtlI4e6e z%Z(DPf-G{cx5{#npGn*r6`u6K&{e>@ec2(8G^$f`#L1h8-osr=Tyj$CGu7ZXLyrUd zKqT{4P(HJUUDX?|!O`A^p@}yK{BxG85d{k|TwmP{RErsE>&PUt)@-Jj@D~&eYBsdZ zrjItpcK28(%Gw1j&B%~MEPK}DwXUZJ`h!o%KYwl@$l_Iv;_PSW4W#qfllnD%+ z_(3bd`R70zb9XX@z)0oDlm?6K?sd&+fpCVy_~- zHRWQDR*B-FKo$x^I1cv(ic>(3iO~Pvc%oWbWYq{&u)FGR7H^rtrzNgoWk72Iv`!(J zuM&Jxl#;h(z3Ej=8vv5Ygry<&M31(b-QDwoGlykuH0yjJ|vN-pr%4=#| z7%-;7Ltpw~09w(k0<29%lx>$hT+THwpQOZt$T7MT|l*jGPuE3%t1T{&Un zoksSrp-udoNh5t(?dkrJDIuFrSPQr%N>{!sB%V`8AE)P+J%X6~vvhp5%k&xBWu;$& zpuAgG@MvSfpvUzj|Iz`xv7Ejrp5yPj+}{TV-cswjA3YCQ7V=C;Uw%u~)tM*wK9_2} za$iUz%D|0eGXL|77f3tYc;#3Yu5Ap;6d_&Y!S3#h!ROkUQdVP+nb2jcZN(>~Xn#yAn%!Af+dt1(1(G zQh4pVlkp-?CW)=)w1ib|gw#kZF4&oRt1o5SOLD7+(3!XejFfItHb<(o_bD zBsm|@S9!{-RTr&_HYD{I#ktfbJq$K~-1J4BQov$+hNr4NSRb(oyXePANsM66mqxYM zWnLna`X%2H&tRi0RnV=DUK(xrSjR&h1nZA5=X%PwV}~)L%XzEf#c$r6D06Ii)vt|K zhTOW0#$Os67_yP_T%;=ow6gUw4;)LlFQ#iNjQzD9ok~QINbfD*asgHb;O14%RuH;C zP$0Qd@ZcxYO>{09+m1)ohx@fR{p54=nMCfO<#QlCS=uD+8nDN4C&rA%cGNj_;Hnv&QW%JA-&%s3TyGaWogI>v>)Z zm$0D6*%LxiYFO?cz@K|a40<}r*8(^G_W~wC4Ht?0K-C8}^?-_j@_Y?MEr=S=U$w0X zC0ik&4pc}H$hfnfNvH4vSSi=6rtg4g9GTME*_kc}Jt@}p>+P+rVH?3nofD~B&7Do5L%2YW)3y7c3sCb93CUE?0Vi=r#ylyLX~_u}*6O*5B45U| z{5QamE|d7QAPjkmK+uheq6pC*ix@e1M|~kPyrulM&ks+%mo#GHX7x4+aq;Msc>*&q z4}s5vUHIdWDfNWOimbqYM=T;hO49j@Y5Ka{-pK)ME;>JIvucXCIFh|DPm=N{T`Yk& z*as{^10cwtNr=15l?8Q6_EFevHQ6AA88$1Jc4TFF1kZSB=Z83gAQQwUlEbEU`2nQm zfw*9Ja%^hLqz~wcWlM{07vnD$?$eUNzNv9Jzxv$q<#Fcjx9yW;ty806VyO}AwQ0T6 z$W0d8n!~2gA0*7XQ!JwJj08uZse=s`u5&;!HwwKV;%<^)`O|r`XW;$ev}wHxv$Lr> z-tSFg{1~Fiz5@f2@lw2E3HMH;Jx|WX6uLv_q*^D93ajj1cE8!BJhWIHQlnB35(_8s z_+?(5ik5P=YN?nx0rN3 zcEkKpue7&ymMcNLA_6-lr{ypoIUyWGAb9?QSMl;-VT~Q%c74oN;Gj&IWz@ynbgun2 zr>*^Y1{8bf!5Ej4K&h0Nx$Zr)ur7SfiM}uU;hd|;;1ZbDwAI&Kx*(OJdNFq-i!sqi z%l024@j?07UeVhy?_qbu!JnX6yJO29R3@~M6#ep7oQODQURr5GQnzMHj6zb-v%fYe z=JlPK72&AEwQLe3#kkGs;%f0({N7$$D(+@e(#B7QaXyefr|};C9DKU>=d=mtO3Y)<;)8$y}-jg-c~^I>rQ^=K{Q9-@ZsEA$=)Ot zKLR)*R6N`>U*azR71|VFjS?wufHW590+v5Mc@;AMXaDxFf_xv8JC5!l5bsoF>vFc~R@{*TVcTzTl&nM$mLV&w=%ps<1azKyvR^@DAeDY0J7V$--^373TBo)UcGUSsIDm=~ypFb5{lck^Q z9y(yDDJCaww!+OdLlMCa2_FIh2O4knmQF;&f! z$CC1>cGd}KwL-T}+ZYl?IptAvUriFtuk3N6wVh@*#i!SLXc&yPM(_L&6jC@I8m_n8 zC8A;&Mt1!=$_n<7m3!D#w&Ts9D>>BUgU}6&Wf8s&#QXajQ%u)sXt=r@0#kG{OF;D^ zt<^kRM5W{Y%tC?>5L4S@N#^BEC2r1x1g!DNm^RJqEBqGCMr1kh65UGH5%SpH1zA7 z#9cwF5Bd2uUlS-6t7hyG30SQTidqKXK*y43? z!f1lF(-)fzA0J=T)KpkR@1bf0}QB2o;@P6Z{ditLn zSCl=jeJog~%zM%XxNT)F#5KOgGJyDm0ZYU5I2RRtD=RrxGjPdDPHyZ(mr=yw)VC4b znG(2HLk$1!+gUDm9=69&A0;#;e%N>=S5W7?37_x|ne5Vo~1tv{w1+i7SVL}DEl&*tGgd?=+=sG|Ka zyZOBkgqKje4~EUDeVTi1xWtu>(bTCg{&O7rTR&=aSnIi+Y9L%} z>w>8x!2YVRFF8Q(Em#>OQxM(7F3MB$2(GPo!7ZVxJ3y1n&o8{4;^C=O#Xm1zR)Td> zns^Z9T_Tm1Kdqcc`+V^}>u18$ndR!W?jYo7kU*EhYpv5`pS#r!;8n9@le8!6kMD9F zzDwC>;n!HrZX@_QL(FFe7?loN?l?scgmLZU)Ih+(yKF0Uw3&;$06a4yxwEE;YCg z1@s%g#oF*x9`u9fC-QogLe7iX7v#j1Wo0y>L4Eah&@@TJeNVW-&GInV^$uG*9#T~D zhWv|P8&PzOVRPdCMc&)&wx4=~LsHE(=~nc)9kTJ_WZUXRt_#UrtYM3|x=y;sL~ET#EJS4vUP}AmM53{$XZ0}h z>Ft)ny>317STGV>e*LMbx8cmiO@@<}tb^l$Eo6+n{5W%1_ltk*w#RXYuKj$d=NYwx z$99me?Q8j)tkKEI7rQCH64%K)DKEDCpwM(Eh`=V}f`mq?M$}!VnUhVSM~Bt|I$0os zblhO~Jn2t?5|t?zLq%CxSnK`{$Js%79r%X(XCE90c$`&algL_F}xml{nTC`R!Uf^Gj7MM*N9va3>?Dkp1@a zoIq9Hk;-oa#z&-;W%mP13!|g@UL@qLjbp^KrF)5Rm-q(G7d%2P86=>6H(uM!c=33w zWr|X~6Q~h!-@XPHgnD$v|Fz|WYnK<)^xu2U!AN`wL@3#uEHDCkJR~hXT;EWPR^$1o zH9#Rzp!AK~fZ?O9BBLN~;UI0~)Qgo_oZu6Q;#h}AYoj?AlUpRD$f$non|bO%lOsQ# zJV1!Kxm}g8K13*5t>@LwY2U9aVtvHU?Gi@3bXK`eFfek}&0u=$M{kg&s3|fzd4Eo9 zu`)-3mxOeD^m#d&n8ppW=_g?+8zjrCB|TFQ?*@AJolHk(Z=geL%ehMAo`E^fBN`?{ zIqS|cIhjMwu)f+Kc@t~iHI6t{Z&s@R2ffXo@EcqGH_NVqs7qiH`YY45n6_&jp>3UhL|S~U*NJEd0J%mA+s zSy>Wu&)6_2`cV*$*@U7!DB-PR+B!P=YpDB0K9+1fCxzkPUJN?aUW zy+HeT+lCkczm)M%WapsZi29S)*w!(y%W1$?8v<>ZSf4yCALO+zm648=xgd?*FMrye zd=Mm{816k&$wHx{AFl-A%751-bjCgS0O`a!dG_`K9&T=Zkf=p?nr!sECP;HkIE6S< z?Gr!MT)hl~=2*3TuYpn#&EW^H#?fazDA_;c=&0tiHF20)N!ks0iI4;}7-5+-5?i-a6HaS-{_Q;4GA{Ga0 zW4Hff4WC_advFwQhv^}U3}BNTNiKw9=79+Hs$7~9@#jLX#6hzAcuF4pumzYgoJywKSW>8XPhDqEDfYPD!98(h5e z()*G;N?3w7#5rL`;>aWFa;Zy|dzVB6B&Ipx8V`(>JiTzW6!F z$i>o`lxLtRe&2Fh57;BMknu}^tqN>;XJ9WErV$r|m65AW`jwS5NtsjR^L1cValZiP zRs{tG;6(y)%{54@9$3yDFYTCHp4i&jEdt z?5A^!s*df*(SXt1!R2VSWS)7LIF{k3iwthIj zR{%Y4%)~Z}(-Qwl=bYA7Hdz_Vq)xboWx%II?x4sFFA+{j-!d-)jYh%{Cdo05C{>o5 zT(;?(FB#gaTFpIWxET-lRXF#Rau#yqHN@+mkRb2HJRb6M_3XHjnXiKDVOrw#!8pu| zy1=kF6Iq6iv+>IP=ug>1*6^g*BC;1#waOvdl{F5Vlh`~Nw;Q~Brm*vaVG+a3`k@hc z^d|EW>9#($N>#QW#@c)uV>vPXHOVFGfQ0AruTUEw`d`1t?7n1Yr#;v>z_e2i*;r(d zSrrPku{o0Tq!{1P&o6AqWbhf;1vXNp~ZnG)RY(2uOG50qO4U z?(RI_Iy3XU;&jgxRFWR0>Xv?>!d zFBu%v?trK98Ls>9z;%-3x;{n$-Og@Pz!j3kc{U5n{OO?=ZC794ou-tNh^?0BzL=Sp zhr@Y>fzWVhun$R0(_(pxyC3A<1j%8(ib#K!o|-y64nl9j^=IY}DI2RE*Qkw9 zd`6J{apn+(13V@By^~5X+{9ok4#CQ2zH_25^Zv|c1h9w$?Z?Q)&#tar zO_tCedDlahC#{YsVo4!Mb0q&~U}!CL#vk+l#IiXe93UbEO51WSTl774P(A^@g2xLo z=i9&7*srli9iM(FUjh*2>j>s6o@xmsC#$=523;-kdl5{a z@71Yyug>v>p$D7MFb_jxv0QP+;|CPiX$8soh<+f_9~c3|VfK4k-HopyoYq{t49sgk zp(pO~tK?gQteN+X`;W0H`*3YGD+B2B-KcGgC9SWZPLE^cIhEsv32u$2}?!d3Shi(4L@^O{-PU zN5DFD>Z|?KyYbAN@EZL_^&ePOZJ(rD2-UU5-_9R*esxZ#Xwmyl({X`e5pzpb^-H_{ z{#1yN&)c|3K$UGqe$eOGycY;w;2e&;R4(RA-LJ@TntJL~Go_u)ju#!E6O}Yr9_1|Y zN?o{K>}QZuRb8E{Yx^BW#wj->+yUw)>ZrN&`YQ--)6#yLLLT;HXsZgpCP5yJtle1& zK_187VH|gtc7UsnXEqDeYzb0FZ?>jDNd)ka6%Zl}k`&EEvG~J)qvicYfVQ`Q?Vs?# z!mAlT0oz8T^P@Ma8~)hMp%p-$+zjU~n~+mnibB402f6X;#Ia&%$+yVJ$}S2dMgesjm#aC{$6<4}f8z1M!@3X-h%TEvIKrK0IY@YMCk*DtwGUr6~n zb~Wa#QrWpe-S=svwW>AsAU(jz7_(>5lA&`Biq6+}tPbN)o(s@h`w`Uh-S85hU3+Dj zYBmMpL3cDAGxLwVZhVcpG(AxP$eHNT4PA1SawIq^JvKs(8Ah>OeP4DSt9iN=sVKU$ zqoP!3^f)3dqa2tgL2kH}ek<39H6{JQ8T83lCpu%4X1dAx79kA|=+ByDP{l_qH!Vi# z6!FA6IrE#c-LM71gHveP%*L(AtvFJ##f^t2-t+g3ZszGHB>yTZ*`qFvni3W=5j=$ih zA!fxL2L;o3%6rf*BYlSkUy#gA&(VAMViqCkdAY!(`+$u$SIU<#>M6FIki_EjW_xP|p@m?r>I zOH&=5fWP7E>$txj?P1dV2{Nw`em~O~bgXcCdSdJ7=voRsgw1|p6HzD zhg4W)9TEVQ?>C_j5fEuVSYZ?pQ2l%x1DexE$^>8zKg+y|DmSk^RXJ?lbU!F$1@OW0 zFb2Z^1=NU{KQ$NE+(0rqH2U?gmQE}JaxaSE#dt8uPTwGiHoe_{%3ilMb8aTbssQWGKdantjy!>sQ3l=)9^-^gVT* zq$#_Z*;-RxdHF2bxR4IOmASUf)t}hvQ%c7S4+4R|yr@UuOzl{?yoTDnV_|`zrs`@k zk%dEtop{x+H3QJn2X#ZwdHl~<@}}W{Zg@ym2go6^94){g`lY;P4~IP@2LJ;TkLyuy zSUwo&JS8xA1%pT9sH#dR_w%%*W0(n|pFM-wsnKnF{Futnuqz3D%hsz=8-B;~?(sX% zMlmC+te6I}{e}{rUyJ$c2i~=s3?Jj~n>+GzPQAZp)&RjHIoF?{3h!-)fhN@rP&54eNCeYMiWSCx%9OgK4 zRz~Y}Q*>m!7XJ(zkv~1X5 zCo+C~A^aUn3;`PzHYM=!ILP}09~t=p0Icl(OBEHC;EmnZ`ucq+?+ax&Te!ybK&@2c z&TXEKHt0lgtG*xirTa9W5F6|4zkr2B0!V-c&!xFnU>KVDt4gi#?^0b*(9i{v@psj# z1yvg&;*JSu>X-3&Y@X57)Exfi046|)Xa`lR&1rWx-1Y5+F380*4?NX%$Jzd)WPEBTy9QF9O*bpo=jm4-C;-!JzTSt;xFK_aSQn3q1 z9PSDvEkfJqYm>4Rz;G)dm480fyamY=FhY&|-7Vps0PKN{QRL`ztHjCud3ZMW{$USE zOw6R`#cc{5UES%GD2%a%Lzi46N=aq9i7T?BCXUL2)gRL4<+1IQ-@L9rqv=6 zM9*!?ipJEGe#z#652#29I_^Y2~3{>60z}j#fJ=Juy zOR?3a)EU1hAHH;*VDfrVJr@T}={pYIYhnzdmY&^bVI9^(iEiqSbrz!%KIX*=!9Wwn zKsc1bWh6E@R06D7{=+jre&(v^3xy zgFeU(Ah(4nNH+FOaHFCD^_g)eU;6k!r~$fC>B_yu`oSpy?n#Hw{>&KS9_*C+-v$&< zHl$O%X)t|Y%3@BAxH!<)3ck(s^t?WHTRZZ)VYKP#rZ6QA2#a`vt_^ezGuV14k2yZP zLUd4yov+2mz@quetsfLQ!lZl9-=W}BYMo}wf1?Tq-3e#7E8ZE*mw9*o^X8|u zu}GBymX@I*Z{ef*Jg7pZ6nN?{TxddwwLj%EwP942>~vE5YvjTS@zwsKB2Ss?+d}(> zyzIv5NYd6EISDIq-!AYhdU}dV0~?3w!qg2<_Y4mWYs;Ie9FtaOr47qXoiT2&+8XwG zb}diHDVO_?zMZovQg$$kpyRI5p>44G30PB*a3!a&T0cH$b0lukzIf>pID*x~p&}vu zumUustq6&9l5aR9T)5!4KY?|~7U)#f*Y_qzTj1L*%*tJYLp1HD0XUBl)`#0VDoO%D z(VF8o;#{5C+RGmQg_&pDxQK@r;^5i*Y$N2XP`mp0c&}TC0yu65Pl;1wGW$nIJ1+Gy z2W>fbPWMMZ^xeQ7aB0Jnis=L+bO1^I1j8U^=9aOs==>)dcNzp@^WS;N!5m)NV(3p9 zvPe*(`$-$nU6I9>_9>FMVW^mU@_MNk9W-hw)x7Q-HD_i?89MwjCgc$Duc@{%$18wp z=vM<5Q_70B9=*C_MmFLdhUipKh!&RJHJ+e1j*sGSp${*_BFO{tgh4f*n2V7;Wj1s7 z-jg$eoY)6Zz47+3ROtU<(TEFMdY2Zp`hf_5%mVaY~8h_ROy~BIyv}n}3Pmi>b zR=X;`5-~H#Gd|UP2^u5dqaXv*{cPwfe3*WA>uTUq&`Zhl>=3et<$gi*a!r zZ?J(b;>%ZbK_yHgm7$~~QkbyOh1@NK<8&)cm+tiR?rzX0MTolyEAF@SX$4UT+{eID zdz*87`gz9sJl4J` z%l>R3D!y5jpB$^rY2xP3nsqCRyHsVRZO{4wc`)z8DFSJJKL>M{7GLS6u=NeWuyQ6W7K;-=;9|95T30@m>&rY>9qOY~s?yB$DMW}1Y=37c-7m;=Ab;qwZR1j3yJik9cttXB)6P(V0rIYJ z1KJ}rS?ZpV*tTBP9JmcGEG&?5VTi*06a->H@zY$sZ1D4j&Z41_@IQ|a0vo9ruH4en zuR`TgcC%Jr5{L0LXNmb@#RYr5OB#>$3%2Hd-^Zjd5xGi91M#Hk zG-a3&igcd2)T5Pj7p|((*U1?bMQ0Lem=q-JW^|5<=#Gz0)6)yknkphgJ@)1-Q4UH$ zMLMoPp^7cdI$1#06UX@=PYU7>-qSw40-nu5dA4864j$|5`$}F({xJz1(*Vx_nUX}S z!xE(Nz4yvg*C0i1bD=K_r`J3?PJ1N%zmXrnfigU^+vCdaiucBF=(f!hDoQ z21j%t=e^vWW5~)0H-`ZlN6K<1k+}jowI)+FR!pp{)Os2Y20~}z{{44|a=n3f1f6en zbT(?-ZDwrbq5Gb$*e6hl{|d?)&>G{Wjhood;|YmeD&f|iKc`^ZPYx(dPt{%9HW7YYXVMt;US&1v06wR5TSE*Oa`E@Ycjo43KNALbNqb|*bj7z%*{ftrvi=Im_WOIiz;NJ*c5%XPJX(eLg}YeTqty# z@u)R2a%G`BK&D$$qUp(sqE~^@)+{Z{CWe|;mjX*RhBNW>WN%tZqSz1mk0yN%fPLV( z9}!z!fpxCy!CUd~Q#S;K@Ttmtef;&jw@*iOg7QS%6A~B`I>>-v((WwA8UL!gT&(9^ zEjFmT=dT;9=jCGaAdQV_%sSsQd-`0DM8HAV3Me@?mj@D=B-4W&JN*I?W25Qn%aos@ zjuRveq@&(}6DRp=8%w#|hj)p-dh}f;ELPc5s`dt`gkfjMhR+lko-$=Jc` zz2s!G55h!A|A_CmSH+4>VrrV)JIks$%(SFV^2EbyjUR#sIp(9=6i)i%#G(G8E7W24xN zL01wKD<&s<`wUTN^zh1suDt zKUeQgb!zVs=>ySX&J&3QIpLj7%Yo?CM$|F>{q3&$>9NsmfoaDLBSAc5OtpTxgoU)O zRWq%rb9A!}P%C_(`_B2Go!CTJQhai4t&QL*Sg))(?3Ik2?iPe|83HOnM@OgBjnZTa z4Y1^PI7Wzue*E|mJv2a1xzVjr4_{~(LEGMX0|1%s?PtJf`Dcy$`=(&yxQvXi0Wug4 z)6>&NO5FaUIywwkIFwoHx&Ijw{2Cu0f3zm8_u>vC#pV?S8z_3foMR>!=4vd07?j*5 zpRw4dEaOBxiFc$@H#cXTFc$AQFUa^RSe+holPnbI7;J&bG^Lszc%Ho=1CQkE4{fTA zXDGf+z|I3T&G?XY_z@1En^982dqSHFto4ZzZSBP5WDhsD_J^jI{W{}zRj_+I9~z=g zkf&n;*ZB4i+YG{^QaZbTXnKP~_TK}zb7!70k0O^)K08CKJI~|Kx^12l-IYQNE?H1T z>PCs?p-Xw)T6%jN1w2PPGT{^}qsBLZmDN?l&7ZZ@wDn0J1O=tU5 z9m~LVqPx2r+8uDVoBHaCBp0BCz0uXG4~Pgsc??XpXc+#W!4Fv0??_zo!<=)iL8m~a zz(5(+ERjOuKe>Sv7zvc)sl3ty}Ra zDW1*%?;0vFg^bMXI2fhp<;CskJT$lB`=?!UkaHtJl=s|I_?;2E11O?Rn55kkY_&x{iT0F+IIK+d^R=UIR9qXj#Q5_lBR( z!-c;PgSD-xg$1$oZ6LoifQK?3HUBgotQQ*G+}fVPT8A^{(&h#IQ*astx^``E#bYGe zX5=FBiI5Noeo*S7fywNXIANhR`=vG98cGl`w<)Ss!8*TT}LU@r?q|& zJ{dt_Ji^`-?#Xk1i#=XA6PmjoaU~TEOmbMYH+}|E6SuDynw~wQ-m-nqC^LMb+MVdf z@=8mU4kf>xTwq>*fnju`!p6}UD(ce@g~uWyHE76;UmSET91xbP5uIg^kB{dB5|Ysw z2Sz+7rzjGQ)6EbhpY`TVPEJ{kJ8}gER1}YII__6dgVUTy-Y3w*0>gT-Dp65U*F@64 zcV)XRc?r?>`sR#;-^25K-)dgK^`)&%3in;5-TwLn*w(GCE)wv>#>URLQ8mMkT=4FG z_JOby9Nq`n{Ni-hE1WRM$jFqM8yX0#!NVYczGuqJU@&(91l5#|04v~;cyDN(8+M|; zp&|7UuqmkELZ{aa8O!_Y*S+=i?}*5R^>rhi!)X#Z@7w`-x!TrN$L`oVdg{#CORY}Bw)NLeZ68`f1eK|9rZ-VzxTb%*9Nh&4^lysGcz*s@(q{F zl!OE81!66fv3pUvKc6og2?*SECP&o@I3Bm560jHXISg+8>zDfrA;Yb$5MMs;Z<=AB z`S|qgs?wQ?{<9cZq{@F~oHG@qz@-B*R@l(eN=nVAUe_39-P+&&h>hh&%W2XIry|qP zUm1;>LP8)qo~|HKbp<~|=q`wsgR(GcPXNW(W#&oFMfkhM?tfHM&~~c7>niAt7lLdY zDLDchp8BH+{@{s%HNbUxNT6=`(z~x$ib+#fSy9y%-l(Gjlw}qO(jyNFP#ssN)_y$5=enz9TADT=ohk?nSgP{*$}^bcc9C@)v;R3>)Tkcsqc?I}ddC zi_j4U;0rzWeIsljzc!>D%eQ=qet5FVDuAkT964DR>h|G69#1)*Y(<}N;>!F~2o=2W zhw#3i_&?lt{=vQ$9iLxZBp1REm6atvV!wRl3h3&CGED?X7T*vQJ|)XrdY7roa;)dr zh7626boXK!-92>V$Vuco+#S<+QIKd%2L>U3tE2z1K4;FLZQy>FC#j$_@=8NXLq(jB zRcF6Pv(RC;f(DtfzJ^Ae8zIAU-M*T)WvCF;kYVrsoWMX8LH@~3#%Z^J<7GeF^$+iV z;!00F0inOYTkQX1C-kb}KSIBuahXoBB_+1l&_sLu_^jdsH{iqc_sc0Lo0*wOO8U5Q zJ^;;auw(VS;I^)W{$-Pv$e9gJH^*ZniXi&*pzW2EV@hK;jqb1*D7pO!l2iQOg}k;v zaD@g`{Xok5^D7~e*Gp)n8ZtcAkn9BAshYR(d3O6tV<-W&;r8|I5@e!@ncE*H*Z;Mf z{#-XN-amyvC{5w$fH0JkyK_wLEDve(gr9CR5Sz>MGNaznQra6w731B6%5c@BWV5FI zgI5>-uUPo=W7$^!N5a9Y$jRB=%c~hgJb(d{lr)g3CIp7>!or^uyP&RLDI>imom2Y{ zHSYge=-(7^InjR7j<>;Mu8<|=%@8a9^AjAO|NSZCvNb?|Zf5@Se@rbtO2gAwm;tn( z;q?>AQ?j5->eD}dJ^>-0-wvmrJf@|e)Ej;7&Rh#(Ui^uFfWtgP6+(1{%OhI_%_v=2 zNENWoIDL&w)f)2jfH^`KZ?WySZ{OTEw<}sTXN%*+I zfvy#R`>M-Pef9HYy2{xf3eG!vN5uh_MUQ*YitGw1()ltP*tMfIBfNKpTeJds`|1)0 z)a2(E4$a1HcYZ0Bf%V$dFyzJ(8K}N#;k4(i{{crjbWN$zGOu8U_1GHX}TVSP0w zOUo>SY^81|?3?HyuUplYM0K6fK| z!9)RHTqYux+3!K<$jDmaA{YnIG{#nwa_}-i2QWL<84S<;AJAD>RK!ebyuYqBYH(La zzTlmqu|kgr0)D(Pm(j5PU8<|tzsjz!H#1o`di==q z1^8l!t0>=k`TSXSiiPyeJGYBA*LU*kkcs>jT@6)DRRW2t(<8g|$kdfm_9h2hw0{Wc z1{pS`Pd?{CmM4$+eO|`R#caaFJN{Sq3wdU1SY9?(bx3yWsA=kcyLPQxDZ-}sZgh7s zi@Lo@+))J0miI4w3|A*b3bOGc3;FX&oa|9Ue1$Zgba64M%<5|6ZtKwnu{RE?e+JFz zUe=+|&6$)DakCz!61+8v9DNNcD3K4#6ZbCr%jC(% z#U5YfPdX`DFhs`Fk@N8~nk%XWHF-yW{j1OIJ=v{^s6y1v}3;TzHZ;Ey@AY`K? zym?#mJ9Ngy@KiJJs%7nZY)%nN509NpNl}(pSbZiue3lTD?_@C1op})P{hiAf?nqhj z?@d2-MU+0eZow@Ejst~}C{W=$`@%%s;bp7;TV9Htly2cdO$Z+BzwKwBi(UkU>-0S% zw(BY^6GbP)-pA}LONM(x9Aeu}9#`Y;ij&IxUZMbw|Mh*N^J$5#t5ykVZas@x)XmJA zOan$@K~Fqb7DyXc9%FwP&kURL>$FlFxWRbCIIaH0TV2g81X4Pv!Q={IK;M4NHPEcR z+(Mz*N%Zi1U3~VKpl(|l-Ve#j#=)}W2SEUvLF8=K}aCFx75Vs)g4 zU5ECeNgf2D^6{)ka#U>&Eok4BCrp&;7m#p?zp#wMDz3so?WQ5)~g579{O3?$d>cIx1OS#hXcmQK7<(#s~nV-dm; zj(ar83PFoGM8e7M5IFitKF+XPJg`Zpe}t;3v3y0owDs&_Y8GhyWM-&^%1h{mGt7`H zsD85On;?*yD>QMC+TJ`$wX}v$lbk8Cg-1YHv54;N^LL1XsR``_o~v;nH8^-dUt^x5QN80{#E zV6S7msjCbn;R&-$TL0d&Ct|A@vR?_tXW1QruZ+$@XyY7FBc(;4E6YXn9!!kA|E!@- zUwa8ni;S+$>T@(Pd*eu@+5p}9}NiQvlIQw&kRi{8n=JvLKs-7SqTl!Hb1CKFgSVL@`UUse6D%W$O7?tg zW7oI~)YokHe5U4>tsHEL^Md_f>n8fYPQEKsrn+$nt7ubEUS6KTZ)8klRyA0y}Dd(YlqJZY&SSgv01qb4=HgtF6U(sT@%zgo+3|JT@%5!9{WWbSR~&M=_hi z#^R~j)Ch;s`Gc8Vr>=^P1NXE|)dTRWW)xL)T%^A`yO7z~DM)qOFEa3z!md2Y`!-Yd zm*%1MVq^=)vesH{$?A+t0y=}Kp8gJ;M%vSizFX@pEBP3NZOm%hIbzdk@3A7NRlG}_ z)K4OGUiwi5f3-7dIj)V*Tjjdj+>mSBVcd$q>J4_qwnnwvq;1=+5m$%G>5kXeH{Sk? zFL;sW^ESJMHI<6B9n$*>|C_@mfxElVt>0NC13)%(#+)$S~fQMwKU20b6dn;0$^ zjGw(a7brXUNws6UhR0;LJVl6T`8tLWkxL8jE^nIUUVA_k1wzxnURjkt-618&1^cOZ zi_+;Kb$sD*9`*3vZao#(D=b$2y}Y9^hWna>gIxy!vxC{5yB6K6)_uW3;)dEC?=f75 zc2K)1*u0iYZTZ8}3YxnuV0pBX=v!*NW~kU&uE>*DD{DCw->a&zzJokAR9qFNK&YH7 zW^B$ae|k5vPhp9YCl2UhH#dHqpcQ+5c)8-KqTx!iGc+1boS*{&qFk9Z*2aRbW ziChE|P2~Z}x=>#CQ_V#&s`mF1)o#@j#k)B~imB6FOltF!jT@V)imR>@RfO9gZ(`$= z=0)xGP7G)Na4oSxOxv4d4Rg89=X~`s2;4i_?Xiza5O^JQ?V6W(!55$H@Rf;EYMll; zpHen1-m)qp+Ri6Fg-4qz)@n-&E3zh+W-l^@@<`Sx4Q2^SUSn>wv^l9zNaNjOZ@+YE zxyxt!>7}efc6wR9V;WPVaaYa3tCbArajv0)0M7A=MZB^!F-sgu`+XDV=?6w)t%iC= zk|NyaKIkUQS3RC?8%(;v%a$~MFePxec6#Z`$jX)HDT{f9`6u)uDx<@r*E&#`KJd`u zx+t7{BZVU38KxeOL^6RVo|}Y>IApW}`3ixB6o|VLSGanf?+tfoE%u+I8c^<%ifavP zMW)YKx}M@LY>p75fW^w6d#O-8q;DeLa$H+SC&r2HOj|P!dOuBaT99$<>tNJDCmqZe zih%I|8h|idcx{USYI$(fXoh@>k;!%U`}d~~R_04`r;n*M`ZxPfp=_m9%1^Q-el8II zOx4SNDf;k%5jNPDWTXik#{><^FbVufF=^D4)2a8pKyRRvRif$F`UB}C)U1#-Fj5s$ zbht0TiR@oVWBsHz-rslZ&a$Zd2v@l%)|2b>&{4y9XX1@n2SFvKPx+;65Kj|YN}Ha0 zhFyX(FIQ}1CTP_=Inxrd*ZT-?&cPOE?5r(9n6YBoa+13^G0P&4a zSdi6}Sjo!3pwpc=*A_$qhZyFNSKTy<&o|;(bGrVU%Gn^7))J0}=Ud|2&P*c0T15sk}iG zd`uAx*ZSrbf%RSHxry77ETgCpwW^Z+m+0j`-OSsq(W0U#8OwY^HWHsU=NRkhBd0%Z z)RymY@M_uOB9Z4Z1NQZ^inM0=DyJpt6V0o|kAB@gq(B&4S4uFncTle?{4}@My71UH zr-?4Wg*BZLSrRk5eE229K%Un4y7Yuj5I($;6V0{q(!Jwak?aC;`{K{#ySh{4R7pg~ zCgW_Mw(Y#n;dP4#vv zc)p4Q&sSgPQn*TYQ^jKry*Cwbsp@pvF2M+ znH!Azs1J&48CE1q+NW=OwvcXxp@Ull~SQ+h@OiWdH7J=kRM4GiGa^VotJ8 zWJE1NU8wb`e7A#-ihjN!{mMtl+P&e54p&w#F-eTN&%e?s(yHUBdigqpG^Olz9Z9dv zYApWf(wHioSbOZJuHEEN2B7g$B|DpA`I1^!QO-dV+mN;+SFV1O5@pY1^PE-a;k#Fj z4VNn|MNX}rbN^+EY3zxKi$2!y1>Jbj2ixJrAkY9ON1R)49!4+xO#}51>8uZ3KcCwW z`Ako1Fp8AM&~^g%$f8S@Qyk>CODE83CJy9pI&j7ATN2g;WfwQVYviy zQl0)M#RK1{LiiL-{a-00Ig7@o^zK=-=$7T@UtsOZV#*>~-Oq&||!luenBZ zyGi;Y++mzQVn60IDK0Xa(~XrEXIRg92sO>=g$oFo=%W6E1cUAcLb*|Jn@2ZIL z)pb#=c!bJnjD32&o#$h@o9bUoDWtf&q>mvw=UQ)OFy2m)r6iEq8$6^R!K=)*gx=Y= z6^^SUY++{?8b3{ony}HeH?{$vzsCP{@q>ej|7-C90zL>#+3*kXkKfI=f0nMf*40;* z_?5vg)oLpt=F%?qrwO{3xd_uC3WZB5csP_IK@#RUn^=rHV$@UjEm7u*xWC5r$MO46 zo5-0jYp6ZcP_VN0_zNB^GGK@X1qGMp>i*ceddYq3nRh1HRUArP;YlOzeM3FfpX>wv zACAfb2JVh8XXEZe?moDjI&G;ra&E+g8W79@gyxUt67aL6{45Jza@~KqTsK{R#WbyZH8z$ao~5om_@tOGuJz480VeK4eAR z=Uhtv7tt?SIS8?bUf2eTSSa4sC6QLoN z*(EkuanE*4MiDp3$za@SCB@O7#A2YrxO~PhwRocs)fCLTpok$_(ZU0Y6IYfoxQ;HPQA8}*1o}TH!c5VA@&bUTv3J1i}r^NBO!YVNpvTgtSd@tO;qt-Vx4U! z+h2GX^K6kPviOl&C+GsU=i4Bz)HkDm6Th=-)Cz`8BUj3ugw7)ePM_6US{5EM)WgSB zKpv=kV5Fx*&7M@R6~C&Z)i7i$J7~gta(9MwFnf$7!BT9atd=8x`3*nMo3V6597>yL ze}U56y5OOPtezGg97>$7x(^}_S=u5v)WP4QX+{sqkvTuxanB9>3I0e1 z7me#!GO9dzjm|f*n+n07d<(smpWrws?`nZ1#D~3FFiuE&fRHgjB-mdgJD5s+pdmIA zgO?jB-(Q3B=6?_~#sY1-CYkSjk zUhMd1xhoB~)h)x?I6-05iyww6(l9wKS(wn0%KKJjT~clw*teVbwDExj=Q z7@(?uoORVyC8fBm(QSRh!*(EV|F1pnJO-p&pfso|D8TICt|uU5ax`0bES5t#jh;mt zyt3)YuxJY^7NVZ^&gfb7h!G+(5oc5_+@EU&z3qW7gM3-XI|9V7n+uZdc1!(}pJ&ud z6zeVHzj_nhPSQ(#AjTOLu@F#Cu`uZWt*1DDqGpVj>)1E1XiBqn#L>Qn!m-msT)d^* zJ|M7dZ1nVVNR0IihlHyAjqpuY3$}!fhgzkj!^t#+ApP}45w~%W(ebq4y{+WzSE`H} z26KtggD%t?TLzzzeFaa04`0iEet4g=d3Vl==dibez$nMZ%3%CXW5e<0a(bDkRs&m_ zM*OYlvHtI@+_`o>#8v3(MnTF@pg^rdPBov!=NWl<_D?~}*{Ujv-1&~>=&K=m$>C9c zoi$@rhdmOrlH@5;7NIX+et&-L8;jP7c}3Zq-Igdh|A;_snUGJ?WQQhX42t=SzBDyO z@(Fz`z9c+Uq-DC}7ael!d37+Zr=QLjImO~ZKKrCIj-R2goLr?cmj6J1`XaNB7-e~( z$?=+xzR8%NdPlAa)xl}Z&R`Wy-59qPUl}=Tx@zK1ZT#lmR1WgW3`K`W9E9S44#S~| zb;hpi>H;M04tz=}gtm<#2RlfIi6J*bVvJ!97+bn`tIVrA}?hf^gV#!2~U zMGSK$BzOCD@@?vUi;gmQcSu-H<*98ZnFhaG+{#Iv5Q=Tn>M$Fqps}67HoC9h!k{=J zQ6!?Chm0vvLN%fCV^|;qA*=!9GPYW?7j-=6Hhq<1kyfNkz?IkVWF3{&W3T^5Q2O7J zNVT6@=mK3WMUG{`{)#NS*{y*A7E>M9habM*Gz@%IdbBwTody$P)Osh7(Ru6E_6jGJ7$@gH>(ogfWfj+uwz(33Ad{%tJ;o3{6BR~* zF0rchm+$MY50%@O?0hJsd}x!Ko!$8an{bL`S;=A|CIP7i(e*7evFdfOdUvSDE!L4O zFIDIRq!g6-g+>@S^N@u_y|P@lx1^{`y!T2kQnewqCo-IG+WT%Wbrt~&Bw=!u<1(%F zntr`)gEWbBXCs3H6 z&c}UvI?`Nfp!I0xi)e=9%xb|r2zaG0;3$`#hM<@|!`sSZJ>O8HT$xsFRxp&!maKDp z-l*F5401*BKQx{7lBtpmr!W36Uf&|NV$x}>X`R)Z5XdJ`nlfle(XKo?kRvXt8Gj4u zXyx3RP`srw^=)#PiHg1b)0m>Dr6?V?%2084*sNuzjm=T&C3QXFH@B}Hu&mikj54-; z&C#;3UYnF(HGKSJRY|TazWgOgNoi&63zR;#LG=RJ^Q#XD)pqXFw$~*WfJPoAn6$c@{^jg@aeohr2VFv2z)n z`f`H5HhQ*rP+|^N8dJY?W;p9vjrTJPEHcc#T3dI$D|2;)FJg+k*HQNT;6<#cum2iW-K*@J!`YV+{tXfOS^FqhYTqSofNc$3YZVW zViS38+Grp7%4A2I(tG3dlha}(H+m31XS9q8xk^|?Ncc1G>Vs$0)axz}2NoEh<5^Gd zFCcfx?cD>TKch}?7=4%T1W|(uf>5nl7xZ6^DN4M~v4!5cc@xlF(C>odG8I5KlcbPa z&j)au&KiJV((W>M6c73ph%MJZ#nUvm#lgkZ^bqV@sq2mmMf)^L003(TK z_EJ@KjjUH_cWum&)ijLPGF^+5#`qfg(AOU?v_Im6qRi^=Uc{X<&hoEbbrB)K)l>cw zd@&a}f=8>$1&7DFtG)eu5Qt;wydTJ(X=Ni6;I`RL%rlJOHU;~+z2t)}l70^ha7;78 z^JP-ZPtD4bUgQ}E4qbL76|co>nU;00o1gJJhvqY6zjA!&wQ*_rCc}vI*eeKsXq%tY zsM6H|EUw72pR3i-ckgY2yZZY24~))_|JL?I&$g@a;eqC+8v=N&bLe4e(?;{yuTBEzJW*tNtd7VMF;vN~kV;$zgZ*yVEc2JVL|gI3S!vOLAFde`iN z0VJ}xcrYgzUl3Dbc~3`_iUJ`%{iYyIdv3Kp_oe6qBVWWX_`#YK{m{ z7t6pE=Esj;^0vqO#)^Gqpj^jG5m>L-@4>D$-L@(d<83<@5#E9?SpVJggmz1D%%B## zq^4tgA?W$@=lO#*BNbU7zF^H4mew5g za45Jff`OUY^a!`h0_tV)zFrG71fAu+*z>I?$DR znFl=0R;og&m3!KJT$9$1mHv%mE;e|A*1w+MyAvJTZ+*r8e0>Z9$iA-+!47R5jsPm6s>R&6(%F2!PKwj}qwq2k>=RyCpKHqlt_ zf0?$_r2j=#e?^Z0>;M{@01v9ygI=)W7Knw#D@%)ud9)0y)U4MI2u5>t0wM|k5EvZI zOLaR8EHP`n!*`blpmrr6a7!{#-fdly2Vr_rMy3c<%D$v{U-9;SAZx~p({a(-UA>1Ca(q~caDc^$+g+m3p*d`Dg z_CX~=@4$vZ!HhO2c7>drSYifR_ngH6U=OpDGEC$PVlJyCC!U}~Ad!`tn!0sRYC6X< z@~K)}IVnBe!i4}fg4@aI=2of+IbyocN=GN`=*=C-E8CRlFuoo`$n?K0`o?k9a1`W- z$}JPZA-E#A9^s-f*U@}Mf=eUu1vr$jn|A3#fEZzYy<@UJS0~4yI=Dm-E(RLyH4csk z*0L+3Wr_}rt&ojKbjEMo-2dy;09BfQxZOLlFpLLB^SxsXSV7iKYm@o9Ug< zhn~0>-w$ zKiZadYky-(_Mz#|n3&2WBEkCcKSO5oGxQTa{gFyIjlesl^Z)l?1F(4|hn9y5q!=R= zdBiAxLOJgb2gu-}0i}S0-DLIC)sXXJ6$beWMwawIZ4CqHuuef&}XdBwCm*nAH+iml&zeQxJ=QF%w`gXYY9fP9XoH(uW3 zzKV|ieyd+?xAl($HjYm82Bhjz<+6UkF5X&@!f=KEn=bg?($fdc8PlV~sx@<*0>2n=gB+eOzd#6JI1K@Pxl7p#TIh|>|9IWW2_CLCO@(0s;D?`OR)&~_Kr z;jd6%pnDDR49M5t?-X}k^o9#J0;Kqh98sr2NcbkZ^-8Ronwoqb5BW8h=pcBakNnVn zcV~|Q1uT}d2b`R`BB$fnbjG3Z9AbK3#(>A7YNa;Qozw*}r>mizC$k;UlLqe7YA(4RKd2_N>YrQ7m;FV-Js^ldu(m3DR^=xj-X(U1yMf`s?k|6>i zEBzkt9+!k%aqUlb`tl5`)Iscr^UlAYFyoIB;*T6K9DSp;s{qrdCA^@&_|a{sp-OcR zHfLnb<-rR&9S4xrFd$1?oV@-BzMppYsOewdf9+qjpvNT;ch1iLzz1fbz&ixWp-PEG z+EoyeDFFQ~imNrLmQ`)yuvm|x+biIJq&8&dT#+id!_1sB!>$F^pd-#tOXDH*3ENg4 z@bFr1#?6(JK(VpP@Pq>&2Q7^zYmVOI_vhask;i-~eDFVf$I<6-4c+TcGrv_$m`ETc z!F%EZY5=G$LB5jRkq{Hh6cFM1eG6&NHivzHXXp~>>1j(Sm~liP=$=y6K8!Db6qBIx zX0Oy~3X+@TNF-Pfx8jiLf;mrXj`VOCkNF^Ik!e*{`y7$mDiO?V>oDe1 z<%-8^?tV0))f~E@!lBhlIe?`&$EA)bB@G)cyMK)pz2SH`jhMDlgCI!Vh|rm$3_}zQ zaQ<1BCRVP2#jMQ{&VlMXS#rJK7w@qc=}TG8^!$7a0EH~|8ET^$JfV|h?a#%Fm)9>^ zLsiz)*vKa$c#-UCmdh1^w&YQ0dI(1ReFrke`bTlsJ#Gn^4vex#ODqlN+hhLyedq>d zCB=urb;Z8)Y4`Zvc%?J? zp#jhj{nECmxJeUeP=gZ>1<5})8@lKE$Mes-!7?0@p_knLGpy3Tm;AB8biH41>O|k* z;2^k9O;)>ujEn*!?Bu){>E{1_RvkS(zJ7G2$ya4l509|&o&|iEqtrfE%lw}uJ!TQ; z-syMaBTrTgBei~dQF3=KOh6Fyyz9;$#SvgcmlgKtZ2Nb!GUMWyQ*36YQG@?2kVl7l zGCSx;&~L{)`EjmUCS|Ye#0j9xjLxfR;@%JeD{elR?Uc<7TUSJc_byXNc zA*et8!u$WV_nu)VAI5$w+Sf z@N-u|C0jREn4kYe;MQqI`M71!(N*}zCs6=u*B>aO2X7jEf|w4Ro()Z7*!|#nbi5h= zJ`BSzfevcj*a~>-F~jJQno}6&$8Sr;8f*T(C1BC^3aMERGz;kdE6|;D<;r9D<=`n~ zUw|M(URl{dfadde?g*hBgqj6#vVh^B;(q>CtMLNkY{xr+0yZQ+K>Frml6n!D9qM1O zD>g0$onya&#U9$<8rz=xnJ`#SZ+I%0s@=Dpko-FR5x(pUqkKSARE921)puX@(Fxpd z-GZ0T`!$acQ^D}h7JQ-W|5?g+a4yncfru4JrtM=mU8Tk#xuga8S*#RHovOR~4rXDw zPDh4)xB1*p!QAg$7?o?Tzt&S^jfU6?$C>}1{pS{sPgEd?%=B#_{`26%;c!<#Y)ZA# zyC>H;HvJUD^VZ-}L8pnndB^vdK!;yg7=61u4A{ED#Dr^l@}#}-&qo37C0y}01LTTU z1m0Spcnaet35duWu0Mlq3-M2u`M~#Q!m$I>oLzq%Kgdf~`gz}*X>4jb9#2TlkHWw> zZI@(tM!^9A9g{}$KX^?R6f=K$O~^O*YwWWnu9Nsgx72F_pt*AV2{ki}j!&O1!cac{ z(LYL$-TuozLO$J%mc2~^mP+t_o&_BFDXst5 z2ILZKV8t@-d_8!IcwL1TT!D63H_#bmy?OKG$&($EzYl$P9{%Fqk+-VY#`4-Nql29j z&^kDl{R~zYNPP0=g1&v~ zSgZ(75=;E$kl%OPWbY2(V{iJj`jLQRNy}1Vv*d|Urw^r-b3TRgI)@!ooeUF})yIx#-AXYM zyEC#em>+AxjXBAr9g=6_>aH_L-Nri9_cz7yF+y?$oSx;@+B-?fgQ>y}OVj)j z<|`1hL}fE2b1tqP3gi3C6rw#@65QfOU>t6R{QQlH<&Rpqmzjm%<{lq$TlkIEEoj#tK`{RjF zG5TUye>>cAT=|xf4YV&jd~^ECmqldF zdqsCKN(CzkDt30ofg8g`tG)hS(>(?4L8=cjc!!Wjbu5aIJW(nt$S_F5_sUbmI=;G} zx9?~O%E@)QpQ1+$d|t*?dU|Md#~8;ZPc%deKxzSJ9{v4cySImYa`pSq-qL9ypt5<> ze4I$(48=ksCi3n2LzRyv3M;h~d@6}Cl|@FKVkCppcLx~e81$CdjK-BnuS#t(ve*{} zUZAE))LNM38-FTJb*l?1rckv$kz*gd>BCjrE9UDH8hHyhK-=SgrBLOBKUU<@;qr(Jlr1|i1`fgWly2SOX^-tAx&yLT`x3HtIO^NQ=h_HoS>#uiK_ zdoZyzN!5Lk2)$V?W*bA6XS<1Gtc+2%t#DxXC_B$f#y*U8E^G($tVc?szW-!=qh?)i z87=j_zOLGquB7WlW{15Zq(E`u`*Q=H#Oz81%HXI>7V&op0TdVP&_13|8MD|3zm82N$+RULUL_VFua+zT`=GN`8Rn~%<6@rK%p zHET(3El%@A&WOhuDxFx|XefoUOjAR{HJz3#N=KD7G)A}97a^$g4GPkTKW_t8ZDAH0 zh3hVYAV*l(qBEXkOSpS@t`d4!3!<6^Ppbh?cIX78R+@T*oebi}M)584$ny^zIeqff zfn`}Y&tRT8?&n~Xu`CG6D{R=uL_?!GQ05HTleyV2!ci9dWJ68gO7KgE*QydACB({Z zKKY1aV8qdE_V)#Fhk~MBKx?rk8-H&pHCYr=<+#k{Ka~@IFSy3u{5s$=ih|Xe!OcxU zcoUXvTK%q95m)J{m6Q9{TolNA%lkWfoKz1aoQwz62v8H~dI=rr6kM11?k${nmMZYy zXQ1(y(s{6wkUX7uW(F(-*G8X?@@7W0HP!gwa1Yv?x7Q!66z6%p!@8?hD|c9|Do_;t zH;v*nUj_A~7k^D9LJUx);hMgf&Y8u>v8g$-5j*x%*FHO87)dQv^|MukCEulA4Yj@k z7QVBXV%S#f5N+G?&1DtfTJU_W_;*2Jk6b<>(i518X( z_xM?X%OO_%m1$*%6=wV%vMQj=&su)f>`cQDy|`tRX44)-qf_CrJJkvG`Ya%IWDX(u7eD2M$ZW(PRxR&&%&Txv^BpPhn|l76an9C7^yh#J5$^vb)h z&h|75tsf~XX(giMvrE$z3MQM7R95cQjIzDN+&<%~0&giOHku_&F56K?RQDxv-i9$G z(EOc;o(5-Ou4K2kne-YcJ1aCcCPvw%;02K1dR5= zeR`0sC90~b$~75r-y{oWo&_;?>Gt0Zz*lcbKTru$8;1`c=43OfTBi$Ss^{dwz5;ct%d zna8S=8q#dN=p$TJ;NrLTCtC{IFCoRo$E(96E$|gE)iGo@N?+oO*gb>L#0+Yl*0v9u zA)FeqKhinrFz~4pi8_#~$^*pwKNGcKHG%>pwJ_ym2ipM7s@^X3G}!XC+45>?LbI zW#6HrBh90gk9wQ^k#tCMzT1&COT@9rL3JzP)e>!_c*oK^udh>Bhw?l}kISuR?3QI1 zvhUc*2{nh;k)h+*Q?x<}4?E#|v!ArVs|5SDOl$yF(zt$ht}FZA)a;;cMp1$gIHDjo zuYZ3PC^w#r1kT6V+1Sq^%>#6joMAg(2Lx7+7Wv6Y-gByi z$2YTVXZyT>NppT=ZT#&MUR6!l2;LAzIF{^e=x#eg^@MkK%aq={#ggx`L}<$h8+~G1 zJ>M>ay%C#{R`AR4RNV9h7fDo}HJ2IH@X&J$>1tz`$%c!z1L@mra|+w7`N|CfG~f-& zkp;Gu61X%*-m7ap;|uInzbSdRzWs~uK0Hr>EORh}T#S9tXG$&$@h=R+IgVTMbj$vH zRWWVqe=N>I>3t?IO0_0{&U$6K@r*l-i1#NbwD7*fP+sGFia>D3o_)9c&yTv}doP6# zrj@xHGb^@PE_Kf@W7noD4k`6CJi8sQK3cPR8kU}iv|v1Z_OASB=3POU#T>e@Of@W_ z7!abuo3GRSX>m7Q2z~DkILYz>*@&a{r%V^`&uxsbk=DY8kn*2wZZSNu`*9 z49Pn8(hY;*Y>_d^MUEm_xf{J4X3#y*{?{ zLM`}WAcLdVlP|N$?_@1Ce3sK?!;zTRr~ZP<6nJPu1}U)J!MDCraM4B9&WV_UGwv1n zag(5~+}`Pm0J?{2Y)iMRH#bT;bV$>5Nl1``GTPorOkW>kp_c|p0UQ%wdY3l!Wh?M~ z2^ai@=qBY!FFB6TE@)a>2J?`ER1;_EJMHF6>$VWKceqOW?-TU(-~4^3nx6&kwHC2>XzgZ`?hVibK{xk1b8^~yxbExEz&xj36`0#58(iwso2bX;3)kW!ZPs`SHV zy|3mGJfBMD&)u+Chn!$ z`uZGc!{_JN10+RP7paM?ZgZ3QmRy0s>CD!fHS`&e>1anH(7l!`?<095Zfg4lZecSs zA=7o<5%i@DXiHwc#HW~xWIlt4q2d^GHkX>E%mWwKu9?G}5R6KJ#b>c}Z+ECiJ+8Lz zJD?fbS2Q+QFjwp!lV%<&xv^rAQM>_954KCfvd0;&t-8i%WAz>JK2buT1wD;ZoOuk& z{&Gso5XPN4dGhfs+W4fTDs4HVS&sQZ4`v-9N&K-~H`v;VrZIrQtJp3FS`XE!YK0Tv z9~z^)_WAQ?)B?;!@@jJ~a1ba~v=r&Yh95_X-SwqX=+WmG!?e`)9FuGhV5EuJt2ge5 zBtfn7B@F1aTfh{R^*xFHOukUAqNu1xqZkKekvpX4%hlfQ3e^{WEjz**qhxNLy=9lx zDj~5j2ELranbURQ`z=b`7Np-$0&1=PamOd;*umL-oE*{Xq`IKIDcc23EGO2i`T&N# z3AUms3f|t^k zd$H22lQYUI$yhgIYKPtBARaX|tkv^weiEC3q+e_*l5`EMdpIXK0;iz-Avc8Zh7dQA zF*XxAC#~KPYp%~0%z+QZ)|8ibhc9;X5-Cy7-7#M#ey*!(Ir@1Ko|d@fM5&&hLxbS0 z$WyTygrhdT!en~lz>tu2y;!Lz1Q0?kG(U?XW8bhm%|S>G)+s-*i$g)VsLR^ra-y!_ z+@%ZQl)=|k3+-i*%Dn7y2|%DNL`A=Q7To0zyO-a+01;(>pSTOY_pHrA^<~bEbxP}O zvKRQ?NzWiK8(HMzN6Om)ukOoX)!dflvc5n<3p4d0PspXbx#)qse7^CJu)nTt${c6SjAS7q0-zg7LN&u%M&2M+|S?>q@o~qnivbGOV&tpf*vF&tyK<6fJo%os@L*xCHgd*EJ`0r!CL8;rbtyY(=r=(~r>iC4&#H zKRjH*N&Ma|Egaifr(B(AG&}vG;V``Aph$<($x*L8twd|zAU2k~3i)-6D;0>G1Vc91IpuQeYWW^iV|n;$zZ0<&) zCrs^`tn3p-#xDw#1h}qpqeYHcrM?6o`D4%*j(Vz)YfoP=tjx@CM_dsjsNDq2K2ri_ zTg66c`ZmLehbG@)YKDO#VRR2^Tw;Pii&BDn|-AN-SrjG zDlw*85d<|`v*?m$_b{7dN?*Y7D#R5R+kuP}sI3|3=rl3kQ&UqL|Dzu*0IbBfDvgPi z6Bgh@#oYU0i~(EXb#pJ%uy^bt=8B?o#_z*%0~Nm%%t2<&x_$7C62P~;XjZHL*iECQ zJEizUo%RYAAy!{CJxLj3=cG6FTQtHIdZjK zfsRux_|t3f8#YLqM9kr=Ht=8NZMe>(2L7m-(HK6_K(|x*-R0U{4ucu%*a~iYKOu_= zhWgh`G%7AdZ~PA_D42)@W?`h(s>G`fmJ}JY z)@GeBa|T|{VsIvv%%FdWBqis>f-?4M7IX~pAq#XJZQ$Z!=>}DSi4@B59>HO*R-t+k zQ!N%jJ~DRh8IqLj?AD^1bzg3D-7I>9RkZ?WVi<5u>msNx@^m{05T|`GeRETuS!pAbXciW}>M1!m zk>rn+rar7wMw}7r{?ab`pd^j*9D9Y~&WFx22yZdxw2@eViS+JHOCauF)Tf}Jdi`mc z)99#%Eptvn!X>iCdwA`o)Sy{7d;&r}9?OLfC1Jwe(#FQ`2q%jjXt=n(^!)1rndQ>B zZ($o9esk#nxdk;R;I@=mi;;VQBVRyBeeuPq1y+e=Ov{iIE<4wPk0OhfR7f>9AnH46%G*%xDtz zEXD{za|1D2ZLdNg(;Po*-d;K&T3f@M)HUAi%kLMdw3Zg>i}6sWXPT(u6{V87W>;=# z&Q;GVd-CjRnR-uDBMWO{oN%MU%+ng8YVN?|%;so+W&0%tS{i0@n*Xw`$?%Btt+ul&ERl=(Tu1=j?oW6m`&D}m4?I6%l+DHIX+#9Eb>9e89h{m=>t4H+OYWcyt(2W|_@y2oS5))Q> zI8O5m$yt`&+`xR<`+0W=#=J9fq*wpNYQ$b6TO3Ohk?8&?axIL(s;;P4OrpN!a}eW{ z(a<)W;OiM!mPS(%pU0<0@rf#dn>8OUw%tr?Asf){Hv;E=1C1+JD}**0IXP|Gl2^PN zqEp~31F6L_*9+Egt4O1EW+`>vreby}(?P&#ct#L5TLhnKFu&d2b7O9ifpXhh=~dqC zrH2&L#UvhGP*hAeVKcG;!C>i$?xVgSS;~fV;JEnsD_&LF=_uaa*~E&m6OtowUCmTR zN%|>JHVK3^G2?xIY|ovBCkX{E6`T2wFzxT;sZ(;v)=;Y(Pj{dZWB{$g=a`O5^+0&o9C_WLwps~-5JftNPG<%O)U|dxKqPb9| z8|7klA;s956ZWZ)OgEkdVrqD0Mi}NgbOy{8-ePh>{+~?()srUR9h2L_8Z{*3>%VS zlAt&_UIiH#`D8ZyB!^g-b%|qOQZCerx9AG~3IX016EQJU)5T0;n8yJ}EM|DGvTX~j z2Wp|fW*ysBpw~ZcL+l8>j7sK{Ep+tj>S}6RP@?de2j=Ci^p$h${0kN_;NsLpy}Jh) z0cg!lN=j;wS#Z2&wWO80f#kX@9<%pQL%OK-J*2Zt`zm9yvX+cDdE~pn^svoxoM2MS zeY4C9Ira9dOiGhRL-9xjTnQFg(!Zu)&SI@+ma-e@Mkpq1vVCn?Y;`Rxg@gfw@0c@AnyjT9G(lSe(nJ{qc!MbUb1NJwYvdjEWBS^yJ_Tl7UsSeF49xX6-!kl z4Nl01!?Bp0Tz{G0eac(Mb`W=(-kcf2X#!brW@wK{Y6jPd)qZM~fo3Aah0S4E+$wn$ zVvpo>QBQ>i(s;0j^7Ua^k40XlfQN+kBqG8(#7>p_g)(uaEvGfsN1+>1Rj-8etjhd* zEpb4nyC%ncYe{wY(c=QP%qPz*sy&-%&tyHe9ca%=v!Un&IytacEEojY{V@ zY1jyv%}Q7BF3YXYlnj0{*OWc{u&06-E;0Fu!Qrs66r%Z2y|;6mNhV^w;3)Fl1p@7< zrnv-d5({PO5LTTX$M=SSUR$X58T9>HT3W8JuOpS~Lx$^yR#qyJuND&>Ku_r2J?o`$ zIo%hzKq)|=@CfQA5$g*`SIEnRID}jDFgY3)8ag>OWggR&N9x!DRTaQ~P#F1EsTlEsw8U_#&1w%idkwO`F&8$cxS$>+#XS!dv>8CV5)wu~o>6I`x-eqU z-;r;gdV1vbG&tT&IZ(3*PYiN}EmXBR$;15tOcii6MNi(tJR*%TvXjtpJ>D3beSw+7 zdPPr2$a%UV%&<6Fs1;nFu@6DSOqw2>A$Lq%&04|zOmq5uuiOrYWFZWwSIOO@vz>e% zyZ^Y0jJnQW(zDvpvmWz4Qjhar-MYJbA}3qx-Q=e}OiOICi=8o!hAyo$dKroyu7i05 z5nj)w^M_v$x+~&|1iR2?K8ZO^TSsuFi037AdW+tbh{(mrs5Eg{o~qS*45=O{KQzDE z_Gjrhv6^_SGd>fH%_M1TNYk2tj(mdG)Psz3?D_`J2yv${J^q$CIh$UhmUcrBN zw8s;cJgU%WcL~}t4V--bLzuvv<8|}584(!QbAL7ZAG81-?rU=|{`Wz)+&5YjSE}G+??-qcvPC`bS z&CD%`@F#xru?-UHv{y0#-7CS~&})pZ17DI0u0^bx(zLoT z=;)HQC*tp^n95(cxUeh%&hzS>Yjz8ASpyYrg+}7r@6H#nIYHGRPp6h=a<*Z4l6=;| zPUjpuey9ciQbXxGXh_+;INc0SQ!cqDMJClOaPhYzn$mL0@uz$vBkh0?(qxsbGMs}- zIwA*gjC}X8agscX-m_4o^~QDr|$fEo&W6AGt_%$MEd{4qkRh@IpIm zcz8He<lg373`S0BI)77HDVMns};fL zj4SJoazx~JKNk>i96JWXU|C>Hne`0>K_VNwTq%+MxLYB}7BW8;V=Q+J)f?5vK0p#& zJ|P z@P2xP@v^)ag14eqj0<{FeVs-ih7zj0LMZ$71tx#m!-zDCZWA8jv-l-q8 zgW9I@+b4H`ULKQly>gL@1A?E&c@LLIb|2&ZbcxNnsS{M-enc z2dYW}f<*j?C0ztLY)6jsChyuC8u}-?V4P9)NbTpkS)=Rc`Obxe6cq~I;X_zZz?}hf zYwxoUQ_7<8JT!}Qec*X zbKdD(#_H4tF>;!8Woe_lc>k;X9qoW;thJTUH(_Q65y@peeNvg5tth8^@~E9P!V+^z z$EJ}Xjc2!?ekR)f!;j93FPCccIIHTJk~CrkUv6Dmw~xXwg_XbVKd9FRzBi07&{lZ) z`0W!187^pyDJIm>kq1Nuvbz}98$bO8S7;JNqh_P&lDePJmm%lG;w%yn6{x+$xN^V| z!~O$|QUsKX^DQo<8_r5?9}_!h3u6kb1)wd}44{xm&{T;*s;_&=Ma{ZS_6~Mr# zx=MkKT5m=LGg+E*?i-^GtD;5-p|t(1w#Vo98=tnzpiA$|Xw1w1s`h_} zdW|fuLzdULl%qm#5YN&@1uUAv4J#fe6M-*N=3?}@aei1N#0G~zc^}F8vA72QB zCD91Yqi5eUx8D*#$ZGAeZ2LF(x9)}gs1QLQk-u|13B4#mzxYkZjI9Wuk>rPF5#&Qi zzZLS|3w1y3orHfmCb0jUj~Roy3;@CnKQ;w?|4aA&#$G>=D zw?9l!u*=KKYxN&2{fY5F?!%QmsvbSjMEkeyf&VXGLGuV^(ZC$NUw_5V=ng8ew(S^o>+uue3w8hjoZGWYchf z=9xU|OuEYq8fMIu&0+&L80ch(9?UK=(iOW?3%JPNiaY)gJHmMJE@>?0B(+;|p2@k* zl-2lC?T_g^htH3F?)K+RV12rFke)hbVR5m3JuvXVP7f_o0I^%1Y=vYTJ)tKQu^{o0 zrc%-yqy(i@s4iOq&jUf&%n3{n*@!-1EgcI9`WJR(q|1=C*-T1iI9Uw^zQP`)t|x`1(*HlF!5}KI`t% zLXLRqZQP^O4RvpowA7oO{<58b=V|w?VpSi$+VN);iF)crHZkJSbZFK>T}DCro>~7c+o4N_HFBNsNF->FCo=EH7E#W=T&40*L@M*tfZuCBCFB13I$rT^^LCVzB*0c`o(khO6)7yc zEIB4&n1iv{WvXgo-`R3c)7?>R7k<8;0(8BdA^zYefz=dHcw6mje@`8570lyH$ZNON z5maEt1a=-Up(TVO!jYhd;{ z&n^+y7WNVY{g0sUjRAP)raG`emLF1K+IVK)~T|)MFF1>+IH{43Rsu*z6 z7cVBLNp;KzQdSJm2-p-0LBH1;BV#_X_QzI~yOYxZ&Ec_i6$-qOhpW0rN9la$P)kI?BIw3G^s9V8;*{&|8RDJK|%7#Qf4#& ztmXZRvzxCRTZC2w1!Q2+kJ^9xg|!d*c$MIbV@!|J%ktXW2tRuk^RN%c_%HO4gIDa^ z>>^xleA{>J?04p0*=LPN!VO+O1}q2d+|C%^?q7f%DXZS=z^(%&zWq>#D15%= zdDG}TF9;NXgJ%bwGC%7B_ko2z3m@a<9sx`Mr6UU(`cWy*Efk38h5TP|h?r4wUZ?#c zMsgewm4@g;be8`9H-x925x-1SOFWJ8{=_78mbXld=Uh<0)u9m?9C`SM7R8>$G`CvJ zNe&vUn3*Pbj{G4}Zyjmjr#g+Eah@^Jhk85J8%^PAP6O~phN8>U8co9{K?Px1_#T^%CbEZywA660LBWk;$U|qp$|*? z7=jyEqC2G&W+PV?&G+FscMp%Lsi}g3qK7_&S66yO>pv4Nm~fa~;NnW^ zi@Kq_Qn=U;7PFHSX*P}pAM*8UcJLw&ow#JS`Wb%_@*p{xRRZbc->|vI%F0Za3l-0p z12$JxUF{q70-C2e3rH65y|tSYfIDx_^p6M(2w-^p_V!My$HGvuNI?Oxk16h?d8G=t>D&utxi6qXZ zmv@^a=%;Zn?>0RRH4fvI5?}1pDH)*a%&(CxV%9CYvB$`TvzQlo9T~R76B#y;7!Vbs z!f>6i!E+%mjS9{VcX(4r~sF6a5{*XMywFt#6B_^4E5B{RucioxMf1*ge@ zSpj+X>F!eMvBXFD+*3<$sx9;^tB!SEPp;yHDMe7|&qt5Kd2^M4A&{Ml zB)jnih@H>Cc>;TWu6Q#&ygDCM^}G}7nL}dte(q&>J+6#4i!JZ{n>U2y-5?(j@piAD z=Uwfe+sS|`x+ww*A`z_50RRMlg0q%aJ4&KeyxUd<;J3Tg#5#31oNQVPkR23(yGx*j zSGjaz_r^$r>gsQw*Dx3X7mGEQI*w*ms|u}zTidUm-c4p5mm3m_Y^&7Y=mz+$_Y==P z{1&U%L$GmNs;13Wi)Jfduit34fAB7ZSuC}qU(S~dhtErnd2vaL*F`*W{1+4mi6DtP z569*dRX2DigONRbg_fCZJs)M2ErmQN7rG!t{N>H8Ql5zrzCCOT+;rlJb;&+u$Sg{? zWXIHcnI*@?edviB99{B&O28S^WL4e~exPiuN59NK@(-Su?{zQ{IBAh6+m#Rl!AB^R z#cE?p3Mco+yO$S$8R?IVmW3{vF6bI!G#j>LkfiFZ>$%qGK zqt%!y?;A|8-f^x+^wBLNPdSU~pzGJ5;Cu|qn6uB+fv=4)YzU@eAXsHE?sj=NbGo;v0E=A!otW8PS16JtK|36X%mfAo z!p>9v55YG2Ic!00ShvV*!ml8?tf!RPzAa|jk6d}3#6VB4MTF=O$31;TLkm?%)q||} z?P1$(mFbfRz{Z#5FtjrB1#uz%&ecLJX#h>jjid)w86L$U(3UBI^M`(o1_H^A*YZ97 z-C~A`9#A~Q4(ijdL;Rvuq}8}+dEVBfCUcY1%;xkb@a#C*W3!a$LF=?7hE)EM`joxy za+w%ZXfV0*1lF@0BqXrc%`|OVtuZY;W4+YPQd{@<2N$jVkCOS$a{r+*{`TS?lopz+ zh(KwN>}I0f@$7@xSGh!(Q+j(4}Q#mDxrYOrSbllkM)U%Xhey9!)0-v z4kX~-fUA00YWC~Hj8_iF>S$OvrHTyuik0Z0m@NN*xoF96tM@cadqYhUf_y^Lp$R+Q z4|gsP@sQCmF%?6n;`9vUMlma_=5yI5<2!jcNvIg;_{VO>Lf^T{nsT z2(WB7a4IuyARU5Q;IiGwYJTP)Jh$kBUO%0E2MeqTR)$9qlH#*6<93Y_8vG7n@nSM1BJOg+ZJDS&BD-$4)6b9$1=wPiSEHpOU?C**% z$|aM@od}wUObq^nljcg~pvi8a6mQ6LP;C*kwgkd#JWuxB?)t@WfmPh1Z2xsLE&j$A zrW+O!tE?9)((_X`hsZA+bpo9W-u2-V^x0g-gHGuw896u%0A|oT)mURaSCkm&b2b+= zPS3xh;#4j9~%%pG*v& z?c}WFF{nwkT0MOl{f#sW2w2)9&5*XW?@6=SNc@q)cC30Y7dM9zjTIXSHQ&GFt3NOA zC{5@k0yy$9MY=)UurvBbCF6pitVG9( zGm*tPcK35kS|6{QJPJv#30vQy@<6kW^hcS$jx+mAm?|v4leS%_43)^JSq0ta?8Mhe zZ&}8FkC3T8Hwi)zvf*}0(YlChYUB5nrp|`?B&mYuKwMuSnsq>P^xp2%*n%4xo$-*` zofJ-pT01jF&F&j0|9E0L(B|-19n(P!ER;7DpFz9@R2N%iz^a-7!CYJ0?7jx>V0{#y z3dAZQ%X4@$tY=;Ey`d*@1HB@LE~})nFNC2c;A|_jKe$Fn4wX>oGltWmE6+5M{5F80 zxHIxgH`zSTUgw`$IDnZGGz{-IXm9X7T;D_D)SGf=CqHY%VnK-e%SLk|bZTKca&i{U zVy;jyAhnKq)}B}R-gc1)3)-wbY!pdCqvB)RWsxWu(Im51``%CtjI!Ifd!`36@@7UL z8XCUY$-Z>Y%)4aqHfcRZG2k0ShGL?DbEX&yK7g%{2h$!ual-ue*8(WT{n6_HeGbk) zY7=~G{&cCTuSd`7&*pVn|C?}S9}`Pv|C;7p2HdX_T9K_u05T3r2ne{IO^`JxT63iZ z!Njx{?|>U7B4PDjtdW|-aKSTkx8c<_J++*i*{IyjV($rR^(o$l_Yq|5U=)Ziv#4ym z@(Y|x$c zWEGMl77Jej>g4p$jN5K&4SN34l9S(&6tNi*l0(B|UF=hGpbFSQ`3zy=K=S_L#f!*k zHP9c`?~Cz7&uLW-Q$fr~Vj(2s-3m5Ah)Ylj9Ci|LN&oQ83~L5#x zpMqQuU@y+R@wL>3q5l4=j`@cDqLPvpIe%0M1J0^xiIE)h0K7N6oM||lQhEzUkq#3_ zgG_4c7dNC{Y|D$_8%D(^x8o?~5wBWZ?If#FIH$Q7y@3*|ks>(T9+N3kt|WB<eP>dRr^U~n;0uNY<3unSPzg;c>_C1I4x znz>e)QL1oD3yr<+c8D<$8P0(bR9b^5$dGQoK2%<`8Z(zx01VPwk_ku@a-idUj!IF| zE<1ftQ(}uuzbGGQ@Sz3sju!LuoBcV=eqNnc}&Bj zq70|31TMD|BsrA(`uN;eQnFp1l!*vCGwXsfYcGBGv>YE(TN!>s-CbrIl4I7%1c1+R zUlQo;5#yQE+}mzP74ckRbN0x&1xxe5v6ZVzO(IEKK#$?3o62b(<&$Udp+V2ss5p&@ zDjEwaTuPva4b9CuLb$h}lE;yn%@qDh3XfpJQzYr%wLJQJl*)7OZ+yXgcPad`uK+#p zgy}rrSOP#9nztR}9cTke0rF zHrPgG>D7ONy$A^j;b%cAFvhWm?b(AcR{bU!@a;hSJK4|t`!yC1ABkpHvcpo5v1g&u^dXdp#_U7k|sloIGz4lYc<}vNQ zP>-STTf8&|hmZK@Z1r1aS`e$`HRt@>)X@d#Q8EtmdiijspCl1 z(R*TK;ozYAHmP3{G$;6@_NO~!-i(oW3ZnY{h!@~J#JZ{^3nCwlzUfp+J9?Dm4 zfm={BPg-UoV@K?Qf1ghRgA#i=BlfK7y)t2A5`80R>Z5w1Mbz7Aw1)#S}&GX1tsq)s>@n_7pz>Iyy zbn#wDy~tr`()eOgJ`JgLkW6r5P4Qej+uaLUGxc`femJ>agQah)V!I-=KG*PXt^xlW z?pasp8vXDXn?W}q(ngoc zMhrE9?}G5fBr6^ZTfj2!G(;*fG#~4?4f+pOe{qA2mB0CI%edrP%!H-~dexF42X1jq zPOsHH52!g+*WpTvA4*FveK>)%u_Apnk`Y!5!*{o-rNJy90x}Q0-E6LKv_JyRL@)cw z1|-PlQdhqoGcnK7>%;<2z}EY`d>!8z#ySKB#-FmRhIA{)L8!4IJz|V0z=N@0#@T#@ zJYsGX=|vY&SqeV8ZZTJ(y$ZD$NUzOm??bhw-=JEg10MPjBJjuMG&B;5&L0Qldm!sh z0A{m6ES-x<)UPR$Z=%FzQByvRa~n;+tX1<~v*)a&Nuqv}6>K3vNO#oK&IQ8%mx7v}2 zdZ%6sNobrM=)`g6K{j^h{dVcevGi+{NG_Id3Ctc)q&tMKMP5;My05U@S=usJeY?1B z1C35l)xEZwwa?dZeB*0A!08GEyCmKc0}V~N^07ml?Y!Fci(#KUUUWHfYV&aCl^1mu z#13gf#tHlb)VUjK9j;3gmv@9F!Ia|sROF4ldeQG?i`vC_#Kf4-7A&~4eBK2=q#jQ$ zV7px?r`pRtK;|J4ZY4`e<0!acb_&9;gbn$#M*fM)KMB_DE7^S>Nu3_8E{@5$oZ>q(k@BP+vzgVC?kk z%ZoEky=8*E?LpgCJ9~}c;nwluQM^53$Uu7~5PS-$MKw3_uZ%tm5V^QVsM1%kX!v1B65Kf$6bi-VV(P{DqLQDI*N^s(}emu)ZGIL zs}H$Vqt5*XM}_Xz%)#Qx9@OEug7T(a)z|Vj1<;plKQYiB(9|k>3ze*vvKrsm3XApa z6}`vOq2!Zb00dqVWlOWY^b(b-3uEv#>=e5b*0#hq92;m@tX}J2W*u&AN`w}9WeQmd zoacLHn1cvGOD+{k`cf^=IQ8xIEM{hTW5ji-9jKmGIoBXQ6u0ljz2ArG_S-$#2sYzd^4)1$YHd{pH8?*J?kh4Bq`u=ve ztA~sF@(>V9Xt92>9MTKsm1?m^fBWs-`+s6sZj+0NSGOfvYY9szYr~ZVQEq@)0XD#4 zhy~1QB#h6LccMc^7IRLRrEWW{*cw7)(?osjRe(x({}Fw;ZF4U48iQ^bw(P)|7^*ld zoNTt)yratVU22~{x;_%i1Z+lXMG_=5W5+1zEe9eV_$$AaK6{GMD*pLA890ZR64nv@ zt{6XF{*gaZt3OdaLLR{{}n$S zLG{B|NJ0gwsfqtb8PsnLE_m>#fcfm9ga3s2>?yY8vVtzqwxVeMj`D$DF2-Mj zB1nn|$ssatGw}5D^Lx<`Jt!0Rob=;=rr1RQ-}8qnoQlwT?mj7!1e`Q9DuHo%^X9h7 zg|rsKU&2o?RIoo6$?xsyJ-z%-r`lhago76H^1s|1;jBj8#kOHTPbTeOq#1gQv$LIx z9b(_GP2W=bb1=q(Q~&8nM4l5ulX*9=89`5D!?`OjK=swcS{+eFMr1ZpzUeG{L(3%R zN*h5158%9B3&SLku=z5@6|+Ba=ulFwNfi}d&P|B0$Ha?3xw zA%)N1VK83*_#E;7LEs#@-k-o7vA0MP$hVw2kQf&ysB%G%{-=Ux$On*(4E;GKu!~#T z+7J4j!9vT)#01C|?{)>P5Q!|kyaZi_v=x3zZ_kZ$}NeS=`2tc>@O>mWg zAE!G0_)98(aWWwv77YKVr0HKT3%q~le7KCrIZTF)8m4dUPXoj zdfq=CBVaIrn)zQS=P$6vzjh+J{}*Ez{#9tE&iv?1@G=YB27e6N9q05 z%<$k(h8+C0(#ReMcpoy>WzFRzxLLwqAA)-+;g`7%G%LUSnfrD_VC!Ju>*0SoOl{V0 z{Gxh=>@kx6_0s=hsL1!5{2z};aKC`^{>P>KzaHBETMvyL5bU4L(fGE-V0gkJ%yIcA zC+|Pr*gyI#;7fs+{TAR||Knl^7!K1teinTo`|Fr-SLu6-|1(B@Pt*ACbKa1P|79Q% z_qVN0_#fS03U;`YUt7MP3A+DyJSP4RqqXNe{Y~-w$1`E*Z<8HAIhwE-Xa*ew}l7i{{PhR{#rinvS diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-swift-query-results-2.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-swift-query-results-2.png index 83d0414905df935ff81e046704972e7557ab67f2..b3e42e7a9548384bb09bc4d6e5cec61a999aeb7e 100644 GIT binary patch literal 135446 zcmaHz1yqzx`|v5H!37qOltpUkZje||1SA#^k&^C4q&pT6P(bPKmXz)mLAq1AyZLUO zc;ow@=RF6HXZOCDxn|~?Yp(bWAxes}xL9OZNJvPyFP=-QAR%F}At9lJW1s-vnB%j{ z1OH*#KG$?WLLz>8{|`9<+(`s{`PdQm+ELZU*zvu-y%CbFzL~Wno3)YS6CO4WHZIPC zCuT87D33B;NK3$7rnVb`sp8u;g2&Su@}t{5}C(J&q{rayZW{PdfIB*f&= zlW))I;|)ut2MAF7FzDA9(_eJ*?NkZZ1kKL2&F-vOyE#_d1Pyu2M{o~0Dp#IPRgURg zC3<{pwCPW?t5Dy06Qf>~e=(YPWTA>CLCP3LUj5(~1BUMt9NLK)wkS*bZ!g7X^hq${5t_uK%=5_S(lCsFzh|uk+8Pr-&d$Y< zcm$>a8hn006ZOZtx`rWtG^JgEaM6PM|5F2OnlO?5g#?=hR;c8o`=*~@sJK6Wnhrse z7$niWmxbWP5tqf7B?V8zZKsSf$oC2GBAP_xk`x4V-(zDp!5;Gs-685O-@`N7-NPItbGzkQLh%_)vj7!MNr}q+V z;DPP-Zng{o8Se-42#rbXDZzb%>!B?7qYB9k#f#S=`RB(k;q4w4)RAicICaH>rnNRj z|6}H(G|P>Pw5xAp#{XA8!g%pSRd4=j?$2_A-F6%9D*5M#{#jIEb&v(M%Sk2w{Q~~O zbjTD2PrioLU)B}^vvEIBzE3)Wq#^f<=@CWu#~M0zL6>&jcHK^R|Hs4|{4uRMQGWFQ z(zr6g?n#rB8}%-MyK8J|*ng>COd-T}@c59qBn0uu|3@fd!feZKD(eqLEqi?UXs_{V z*CNZMn%ZjEa@ErRUiM>H?EUgctF%cBTiDdo0TS}DLzhxD2{ovz+Sa3JD>Oi8`g*ow znkEhVt=QQszwvLGJAw=s9uOlZ1RnD6$uTG5FjLFw%r!w3cQ- zs;IX) zB8Sh-785!iSxpqHfUMU!EP5x5j;dH*2-+mrdASdDZJMZXYZ%Sn5pRsKl%UGZ zp>|zWLB|uXWcyJyjd0R~tI5DSyylFo^T=QX=_b7W6c|=2)@xIz^Y$`>F1-FsPS@jg zgG)}6fka~yPkXAuINScOoQrUF9JUEM&SvLXCk%`u8-P^1Ts-CyI zqQ2{iIQpIF@N?(E>_G>KuDgZ!03Z>Wc+>6W*2PYB(~VUW`j21Y(KTi=`C~jGG&t&+d7SH*hukJ`x+(DknyQ-NY*)ER-x(Rxxu6SC3zL^1*|&Ec#~0t-L4P1bRB;1 z&R>pITh|}R+y?lF{f<_3o-)hXRkP}2t*$Sl7O8bmUoLIKt2^vvPU~lVb-O@V>V9#k z-j9{@LA~gW)2|l{yed(IuSABl@JpplewPB90gvI$yWN@Z1&Gpj9f*!ll3@(d*T!2P zsSbiMRKJ>Gz2G9)`qO;%lx9M9Yp>=sblnUV0O>5$y{u(V?<%F#P@R_(jn5Y z;~Kwg?W)-#B%XwzBU&ORmk%=>9|rh_3guutN5(=9UmDg7YI+xJX^)89Z~O#Sm} zud8Y}Eyd#1{9Pljc1WY=LfOffmRpJn_BtAzT#ftUc=#17x+UJ5EWwizRn{Mr?`MDs z0;R@6Ga-D|GwU9g{9Z@=C5@MxdpQAadmeiYXUXn|J=wjs(^l0j{Fc?T&iB(CiZ;7U zle_TK>-LE9y`@ymCvU^2yZ+&W-&ElKxxv;8m*mAIz;u_@T6_EyJ#(aVMUbV`BWFW6 z@@*eN9;h*k5P9uXj@zFl%wHP^Ri0mtH+dRZM2Z&#FP23L?>D2`uyn+kBnv*x4L0hF zRUR3@EX@~be{7OyH)Gc&aaH;I!3&us#R&|L?LQ9-Bk0m^AICu+X??tSj*w?C!0N!I z_qq@QHhX#a6rv7&b{QBC4t|*l&(<4um1STlW))4n&sPSeXqP%nPY}?-+r6&4yso_x zyo+P+0{z>`ZR%;L-aS_Z<)nDl#%w0NpUX=M$qkl3M%_5*qQ2WM|A{AdzOXM;l0O<% zEpQn!dwJ${cb46|-_QLsb=1n~i`LV19SyRU{V!e@Uxu?4EMmg6o^t$x4EswW@RdR7 zkU)jP;G5HF_K~R+kJCxOX0YUI$zxq#eqT$TE{C_b24E-2F5=^Dq}aA%8g^IFt!Qv4 ztv>`yXkE~zN}2M{AnQ+I6p`z&8)gKtfhC5u%P&e_R0HEs);GI;H82!fR-q93tcavPJPXm6Fpdp$SE>eJHl9|_|U0|Op9q?(|Kr9^Rj!q zcjydPZF4&f9{ zV64%cR|6gWm&5p`oo-fQ}Fsrt#RL6ux1~OX&#p-z+nI;TW;b=CG z!#Uhex1HTe?RZ#@RHjP_`#)2NF2~r!cpIFkL$hnt&8AKbXyIr9nY$v)x)w;x>W9*( zeuNC;V$v2$AjWbRVxt6p8=YBE2Wu~06rC6OewFQ|IS_eDV?)$y#tc!iYnk{@sqL13 zDec23#8(lc!wOXuc( z(c*sYpzFr9qDeE^_W8BC%&t5eW%(hvmN?7;UJRstL>1tavofHzAG7Vw@rcl^GwiW@ z33rlMS-QdRLFb+kK``21NQ47_^}}Y%*kFemjc<3Za$~=*zc{^)$1M0@ZRgru!lL=D z-E#oSy@bj!iAOCvqB-^(#GstZnUnjrOqcS*N>q%C?|K^ltRvxrm)IfdeZ{F^p$Ufu_=6{GYo^;lLRD0r=b1INUEUil%3woldZ|k46HNzC5+J5gJ$&g zrTSdYgzr73yj}8n%`|>ivPF`n^9TNAITu?^w_B}@Ph1`sPemjtfp}2jmu!(z85ugC zNt0=ADbwP4-cF|6Xinse6mT3f9@U?O@^9Rn&HqG8eg#Wiw(b4VW(NPZ$+*W}_1l?q z)56neoZ5ZAWnYNgrEXyS$MM@!-Ow)sBia*b75MMXMvupU?watNpsn)MVfN=6ue>(p zp4~1q$td$k+L~)J-J5iNC4wr~o?mp7#=8uYnz7Y#Z3C^pq~Fqyo@r4P#J#BDAgo{c ze&NfBKKQc`Q%f0Cn5&?>ttb0A(0yOzWw34jYFUj`YpN8~cWnR77lB^~&k6LOQmI=w zb81_FpflF6b`fEa`zu&cgX6}p^|iu-!Ve6ulD8Y$ymmr=&Tp$?kyOMInCJ6>C8npe zg^Fc*6i6bpiUwy1y_T(+w|Ql>nIp7nHos{l=9|G_{(gfk*)=MUg-mF}>;(Wz>!Hw1 zeO(=y{x5}U88yZQ6rxoyS+8&TYorK2v=XR(k&yQv$S(4rKHQvw>~!J{>1pe zp4aqKP7G9u2tE9x{G>#`@-YQh7rz{K7+pDIbinV=BrqpHVeLm#mF*B8?aOvrxk zA0m=4tbWYaeR+kS7u$q`sE;e2F zH4$ZJCN_pR(KDft?d0FQPCzvOf;eME%ZBJ3?WRO5xHcVwWrOYhT+j9AiVn6_)0`)aipCY2D#_}3q>mh?awGTrq6qw&B zSS=_DZ9J`0Bb^uijM$G4REXELpRlXe4S7^-#+0UQr~wwG+?pGSdo2wk3gmx(6x`3n z(=Ah)OfijrYZ@8!w<_smL-;HwI8yQAU;nTfMxpa`;acoE8d50lG^z}*MBZvr%9wou zUK~TEP&XR)!3$6$l8xP7is!X>BZ~b+Za}JZB_A$pzT%{>*`q?L_GG}SO=v6|G9Yp! z&tLAXoQlkpJPARPF`;U2kicLg z&2z$v9B#o%o;Bts6#Na&oiqDOJ3$&ppOd9vrJo(uoLstRf9g7Lq$sd7^iz9siSlHv zc^q?J<*Gh*t9PaLJlD@<1$+#>f<^t-%&DOq$QM0mgpFC1tKG< zsfv{Lat6j{rFSgJ4+hvdY5GU@fh(7%M#>uy;5<}5ESU2i6k{_F;^z;Ipa_L)YPF@xH320w%D z@W$f>pn&Pq@b)>ky`yeg@~=y$lP2@WyGtEcqQCHOpYI(KdIpyrA)`|W^ygxHG>9^I?QR z5FAa5_2E;79!nO5y`ZCmI3v^bP{D!qpo~j>FUMVbg+J3=mdRZHryvfROmNn)LZHw(!_H5%k3?lwpf!LVEpR*`!9@GIpu|8lZUa1$+N0iThBf~2x2W>_o zQi%r&Q{SCN6Oq2@u>P=(n*$k~{zas`YRy7$Val~9UljsH6DC|Emo&$U;5-G+244PY z2YL@@iGG>PZ@amV!&N~@??q$#rCOKL=89(=ev0b%qEopv7aKfWB+)J-H^Wk5e*YZy zEMyW~QJW@20QO@p(fVLQMFfQ$x*FDw42pxX0whhu+~JVFzch_ra7G@$S z36MGP>KqgJ!E61JbPTI?@hFJNZ}jJCxX8tRX{}SxHm==uU0a88o0Ao zSuWscFJ-Geo3X9KKTZE^LnS^1t<__o&%S=cBMI|gQIcygj7?*z;q*_C{VU1WQ#vn; zg92852OdhxLo<IWbP9X^vGg0oS_rUJZnEjpmhvL#&j#9^3)CJ=^1UWIwI5t{SN2^RkKv6EZDQpaylz3#^UCiVkV;Tninvk9TTNoq7bpv~an z38T51$*=)zu%l(-*PRrzqHsRl4^aJuT^GS^TdAgDHP&Q!SiAz)$D5rf-!nnJux<} zd@EJ8$QpD1&2kjguR0c|Z8nR&TQmK)y~vsQR)87PoCZg?UeR-Oi51_R9abk<&hjg} zoTdY-=qFk2w7VCTEBecx4%$kImW8`S%+M%y@EQ~lM&uSbBKz4+Jk3W^3z`mgaV2fd zSLsQrPTdb9zO3LNbpeukfHQI25$#9+M+E?oDOeSh9n&1{QdML#t^$ z1%8&@)mFM;xHb_&)79ixADLFW0g6=~wJSK>J!-wV=#9S+*|;H{UT$N|tQ1@Y2h8dA z))RF!1s}3mDO&00dBKr)whK~BnGjNrQwMiy@Min83P}G^Gy#W2rP}Y6<1cZVgBW8^ zPEE~yvuUKD|3VAe|lnRv2J{TzBBFNNQGQic&-TLQH%(M*DXA&rn1K` z7GRSPn{}3k)odl(e}$1SU~V_%vFb5v;hwEe2!dNcxrs_YJtPJ#tKr=_5Iv$d0qFQX z2aeLPXmW>|D8zKA^loWy9tNL+hK(fY1nsxgJh;8OY?@O5a`p2<^wt2?Ki0z$FQDj; z{JCLy3{ZZMg4ve3EaYMkyO$gP93b(vIH3nGBCcEklTtg`>I-g_(t00**q8LI!*ITt zQRr9Fg8F*ASmMD_OrY;_-*pV%22PEIRPP z?c@;w`cs4`lLFI?~_o77JBSJK}t_#1s5*H*kn1)Bj962rfP1 z`0yihRTgAD_0uN#O(*q+fPB=jt~C|fcZ-0Wc)sWTBx699t!LhNgdqMf7_lD`Jh(Kn zl_P$Wmmsl^epi{hY;|J~RLAa}b3J8HV&7aoR_Dh)rz77kFV!mh^_+)bpT~BKntPJa zbdIvEmL$afaW-3oURvNqTP_BKMpLd4^xNokfjBY19D%SsQ(}zjQ?30*^|_r4F8#vK zWgC6GuR05o=*2~?u&oL#t*8+u7}SZd6$>fG)DTd6X)R7;B4g05AK4$yS}O;;KdPuu z_Il^uUAK6V8`2(^eg2~=#s8oH15SKiM+G=CTY{$0;|GQzeR&w~P5hZB+@Zc%G-ETx z2WO0fak)FGObS0IQ-aBDzo-fxztV!X8fcI@=o$GjLh)~D&=r!Fo8t&YC3!2_k8*Y$ z@1nSO--z904Le^B1=Ll9zxCLW03X{4!u{QZmg>D$$W4|z!>y>5rzKS5sSwQRkYImH zjrggzF>N;&(G)F;H)Nx!5Xlqfoks*X#E(dE3y-AE%`uiAyChU(L7*oFR#4xJXy<@8 z9BBa|tSZk%q3JUcgi~=8=n7`YLK6-&%#s#DvkZL zK~e5Xctg`&Ug7CaB-VxA{+Z%*4MMC_CGzQs#7^j*mK76(h6b5bCdJk7#QtGUIZ4#aBKS{L4%rFuF zN3k`t1WRtFGIjZ=;DM2UKe{yK@@4oOY7VZNq79ezDPfKgSwaPJdVV@{7f96NiZG?G z>l%qu8;OW+CaEA1w4gOCCiEP}=YxXeX@4g|Ex-prp$9+LFMBu5e8OCPF2EQ!k^9@$ zZ@9m1%Yu+vyg_;&v2U9k(~b{Ya#qs~@i;}yCdQ7w_|siU#R+rYq$#i>DJ*2Rxit@C z9jnf_u>=HdrIoi08^P&yi}ms8Z$@~py$66?3y+5mM7N{f z4h4Vh?5WeF8N-!ew3#bEu2wifdCbxrE=wX}KN3lQvKAdbwhu??Ycu}x-D!1`l|SOS zAi0652;&)0egI`Teo?T>3zoZ&p*gywy$!daF}Z@Cl{MXj=kkxWmUiW7c ze6mCX`hkWXNV=3sZDTQW*0nwlC2-r0l!yB67H9-cd82btrGqCIq#xX^PUQXVCMs1R zNKMfd3dRd>&xc?28kx1yt$0g8vh!EhMGGnhcV3Y`pc(CO@PFEmPD~SouvJG&Wo31I z7;svzWbhH?{f~Iw*uXBeeELde7QQJ)_6U+++Eis@Vci5j0e|Qe>inP=%}Ji9YiZT9 z#t8--@i>oivbOPaqd1V^xD=QPkZV^`s zAvtn!ec8-qhVmwyeHr7zM~~%gXGUEf)PW~IjHE)sj`jtPq~a0Y7x8iBlO|pMOu=PK6JYEU*6>@wILmDsu8!MJe zM;J2@JbZS#1T#i+huknI!dSFxM~crcf3%1#U3%86HBbOvuP!a!eNFeoKep`B0;@oKF5~yE5UqRS{2;?NOaCRrdJ6c2T3xfg4flS&$m4Z z?Z;S`;veKjaux(5N;DNNtvIpyTb8Bd%lCr%Aq58xv^IVCT48Q025w$Ct>X*_F3azb zu?0oMlnRI@&Sy6{hNr+BeyS5V*r$}wnPYkTq%g;V)CjBN9k2)OR zq2Po2T41#eisHQOVVl0g_*%Mt1RgDSaerRJ_p?Q{C9Em0YWpXjd>FF5L=)NBP9B59 z+{LS@ltIk{VF`+{U$C8^T4x;Vb~Q9SYkbZ^R31WIOA{9vsqY7xUk-#VDu$bN-3_-dpNesP4y+w|gae0?#TP zRl6#q0!z$)5P3*SB%mh{LVdd*L>XAbC;pJ?eSFCi95ks=x!jvr7>l0j8z9d2}7W6GSu4^O{1R}sx`uYuv zRG$UDJhR{y=|89cjA;H@s%;Wkdd!R0sPfnxY2HYNqk{MS6Q3yJYw5ojqClfU3}-D= zSy;brsa}e6@W+)k)SDz>Cd9%JnWP2g*$@$m1M=_);QdGjNt)5KZ1?i6QWeqQ>T7?D zWXD`|y(^8p*8V!d3X_ET^6AUkSzy;h$%=tn_&U9)1Vi41YniGqbv_2I6LHglz{+64 zu8;nfHKqqu_|(D{%e^1EwM+(Rz1#D!tEcq)IF*+~-;*{O=CBs1faspRAcKxc;Xf?K z_}HAbZTe*i83%H`Z6f|MFPJ0IK3Mnm@Cy^TMP_`%hiDr-?6;YeNGywPwRxz1ep2E^ z8Govg1sN3cf2xG`euIzzwdf5~&|e0Rf)hN3;fLyguaZhj5e{Zfr)D^18g z%dx`mWrn6E2zDA{{H6B$+22j?0yiQN&!j*BJk-DN;@5x6OQC;qYL)ua-<1C1ed;VB z>`(J3-#5m4qeRPRlzv6xn0c&N`K_+3kB#)*|B`&$)x}ZUMvM2Boh#j{KoqzOrS+AtmYOMVIr1UAyp*#Z%B2F)q&8UC+ z8wf{T(Py~-@_u|w(m+h?&9hBdNSqFFMfa=`Q)^8x>&R>9u(W(IaFF&P!ZWy4RFt*D zIa;Y9t(W{H_i;`R9Bl#qyjk%k41M*Y>Gsb zKBF|dMm5H-mMxnv)~<`4?78hj|E2owQk7K8_mi|GF$|WntJB)o^~%#ra2!Q|mDH?# z`?AFIq+p$a3Ql_{Wkg%bVSYwp5~)#gnoFa+A0h`wo6mMA_rcZu(yES6T2Tm~U(k2! zzFD66@g{=3`8A_7){U*J4&rb&*&~Ns(^J~DSng~W_l4~ym&_O9Y}U35aT$#^U>$Nk zemQD2wB33r7<5SnU9*=AjU*DuEu9cR!Sd>ux72@)$b|bB3EsFgY9O+-rJJWe+yMui za8*9hUGuV}L5z;eOnU)gZ9y-~_n6)y#(D+Q$Y_~&B}DPtku>2wnBXgRc`0dF>B&p< zOmXHg-6Y+If3svG84wID(ZXB|)WCkX(>7cdtUL^K6S$`8SXJk<#eoC5*H{DcxUVS} zabB-}BXF9^0D~7BBLryMvZH>jjs#~gjs(l@r%nYN+k#k*u?b7r%}=y)v4tLB`Gf1V zU*rYTAoQhRJWf+~AH=6zm3+9HHE^b#bolFj0kIh!3lU{o&1j?OFAQ#jR0%z9-E?OB zq|Nk%uhHSTIM-i1D6!^&%q&ug`nvuwrP-P^$Q&;_*p!>vXA&P*GLwJLTzpKdve!)7 z_`4)+0-l4+vebBa5W7tQ0mp>xZwdMelNa=h=XvA0sF-rt7x3jm&Jt*U*HvXR{>yD+ z0MT@06S(maaqZ3?4wT11V~vfup{oj&{$1?rOg`g3_)euKRpQy+>kfOS>& z{fjRp!;7D|!smxVV1i&y5hXvFR=8ONPx@c zVZ5JxE2Z!EK@mqKZ_v}&)ZLzZj^KcQjiUGsY++DK9l&A89v)n_3K09x-{V^E&XqyZ zMR)3ay=}(-#vE%AFWJ7gOFen^y!)x--*hbME11afpi~=&x-{0?Y#rB)ED{};MUG-x zvb&d8KGTB|HdfeZvW4RAgZwe9RN!1nITL`5^x3aUIrTHJHpl%Jk}Jtv___=w!wMs0 zIYPX#Ad356RAuyQm?iN)1Gp{0V9tcn(F9oGKO(&LgHQiIhV^gCm20LDvXc7ZpWsoF zqI>ufz)tRw%zLI2!2yT^I|FF-tNJNUHVpPvGF@%ds9 zP!`bsAJC{I3|M;!^?!zkNtu@bP>1jz5!ZXP_rDS7zd7C>rF%1F|9RR>!3Y0)b?f`%dC3cc*(rF;8X!RL_dk+&e{$aUpOi4~Iafb?v2!3D z4IsMrpfvD9gZ&3R`^TqTwA|nzD%W*vbOm$lKOajxvj39;zkk_Z&KvPW9Y{)J{@J{5 zB=(=GcHbEs1&&q*xrea->YMF9`v&0k@sck9Vg1+B?|-V`A41Y~|G}C6(S!Mae$QxG z`S<&y|1E{fehd2Fiuh-XhJQ`^{ihf`ym$amWc+utEPra${V3B2QX!21a@sBN`R~U6 zOPFV{Lfs~vKUeU+vHyCAyu&*bNopE`V?ZKeUNqHbaqh6q1L?-T8AD`|J zM#j6D=r9l`=5cAv%j$UIVQCxn`SS(91X@j{F$?$Cw-nlEFXdZA0D$S|uXB&jhj?FS zNd9|pF?#w1^FU@6K$~~#_8Mgy5jv{da~@~2(dM(YPD%X5YWrc_1Ek*X%1x@eKsN>e za<^F2$5vPPg}mPCs_pmdo=GVFyO!ebt7Oa%ck;eVnHu6TeXt@&gXWu#iC%4&b9;qa zZ)we65{nDo91mM;eLn@tr8Z{MFZ$Ti=N{8x^&wtn({s0p;V_OxcVc8etlnd*(7 z0Q5gq&Tk>LCl|w#(|WTjoPTb@BIr0_DvR1}yR0fiyHu|QiO6lMsG4oWjLN>7rr4|g z?)J*ecKjoyZ8NgQNydS;NBNF;GrT=7Cs{7x9Go&{6f}V{uTm^Mrnoj`bZt%>rp7s^k;kF>L&Y1R*^LI8k^6f`}Tc zv{9gkK>k{{DH(g5?z%L2FX~4)qBL9V?)oSXZwxNFOK9`lo5a7<(B63To1i?lwg)u~ zW~kU91yGuW%0M#xFN@(X$APXu&TmZw9=c|ubR#_c4j4W3YN6^G`_P?m)%o6Z2-Xk+ zxB`HjEJY@31x2w{nFxdKi@{H-6M!;fQMetLw>4GHQhKeqH3I)J`}iXx+V~`5p%3@n zy)#t?`EmW%GRnZ}&*t13U@!o)Hy+o1-%;R_J*?%ddk$gXu~0;_JWS-ZAl?{qADxIu zQ(ls|cCXv1V*Y?A7*&a(e(;ss1P`1Uk2<(uOGD&mt!TpwgDHW`r4uSf@lq3(HQjb9 zNvtM%ZC>C)-))ZMiFnM_f3WgMTOq2X0!OJ{G5C`)p*)2G?;5kx2_#i<#;yA1dcnA;jxj?PfCk&(~d(SlALmV8!Rw+p?yb;cZt z$}TPO8d!Q7|BQ?Q$-F5-`Gt$Zx)J@IjPWg?AlpYnbk6ziJ1r)`14a{9XSs=pTp`}d zOQe&L-2XJbr5;ktQ&Q@nc8zCdyJff&Ls7{;UVnY)lo{kFa{%gWp%-Oygk*&X%C&;P zr``pdodyW$-%&Kxycqy2c1()tPbX$BV&Hq8O{SpAlm)GU;Z4)n| zw-pAjnunCx1XoqYCSy&3^V_`k>W>t!Y|c|lLuvpwLKdN<)>OVzHJxo`-vQRhbY(7H zm|}$f0_B58{zrOv}_z}G!!uczod_9`OZor$#C#i#t0%?7rHJTyC z{g9Tm`SD6sNuZA$tXA1;ufO-{Xnuw3{0qOb=M5j(&>Zy&Vhtf!xGcSWiQ)@IX@d>% z*32l0@6I8zC9FpwbQxoL1Y_1oZoA)=F=gY(YqG%Hp%m_{_+= z573*Renxm6XZSE(1mcnxu2_s0FCVf$2_L#TrMmc}0$ zX{K!i#!Repe9*{$>)NDsOVUb>&3Lx&X#4F4!>ejCPNoOOCq8M&$mkweR$`5RV*BM*4gs0 zBj|XbalG5G%i|3m6l#~gv8i_LU?LSzOg=H! zqpuQQGaf?ZYm-CEt79I@GpFjDRbvYI5I3{?Gf8D|pIC27B%8hw1j)Cl@HGXWg?uVD zD?mD7IBeXW#;@xGDT~`E>JHK-N;n6y7%m?Q*MhHq!`wQQOsw@iZE+W(WU1m*SLIN} zM4tVS(4guaTLP>Uh))?$}EHY3K~-Hb;^0J{v^j)l44~L)oD$dn?s~idjg$W6# zCM`eCtBv6LA;9BF|BI_Z8`GmCFn`NOSD^XF@4e9xQHmUA?4^5=&=3 zY~la1yP&Y5HO6O`_C+$Mrki0Kl)&cR)6&0D!b)c4>cfPQKF&-Pe_=3(t<*NA6foWf+y;^pyT2RN9Gz%W93%1#al7D$ z|2F7$DU|&i4;BeufO>ty*e$A{=@6>ONW^oGt_^-=kQCW+^}JIG`RyEOF#NP(ga5Pf zc7ggPFVuJE0`Sj;&*5m(RE~`6KPIn<@K7?gR959Ox}AjDnen*OqJ~KXJ*+%*u&l&pXc7n$d6I?& z)A$+2Ud4KW?gfBuShyZ=!Y27%6bv%weW*UKqXYUuUs2f&~EV^mn!HeBj zyJtd^xLdLV3UBD=fZNrJgD?Y&ajD*Vm3QPw8zG(r*$0Fh+vCwUydEuRl7iFO$A<#E zOR7pdEVBxbxr%KB^;|@-sMwgI(g&#+`6tRHoEoHSlx1nCM`D*~9bft)xF)U_swLMx z|4;!b=DE_Y(Ply*NA35ir($leG3F0=V2Nu|o7%{S85=WMD$il?`1szgS2iE9fS|c_ z(l_Kc5L;m3FFpT5X<{>&psn~rku&v;cqp)yaFM@yez zm?5=mDLfnXGLs@q&xBR<8g*A-JIGmR0xVz5$uw?u>J*OHmkKsJwozo#8N*lfJ$qno zhgUAkWcEtf7NO<$>GahovgO7O)>IJVD;x7Qq{C2ifOX1O|KT(?B;gromx=U)nj_$K zm1W#b{h+M#lzIR(ZDd?p^nocU8=X1-ZLoEVz?+Esi?M3Lwb1R?j@`7e(cgbD+IJ|B zxp&CGa(^o5YHcRFR?BLU9Yl*gDJsI!5~wKOu!u*L4!1-#l}L_cLkjIk{eL^av$Abj zz1G+Aqt1#c6k(ZTP$oGn%_{}@W&VjZfombSoMl6se;jd}KxSmOCGXYf!*(hg)#C>RlPXh`0+! zjPSkao>g@?X=Q-Cj_U*Bs!JfTwnYO)5q%H{GJX6tU#V+>wv|sr_wI7MVK6{HQCk$0 zGn^&=Be({ zh6M6H5z(8Vn$D*p{lMk)md2Z6NUFHgNurrbeIlK$jkxtVK`S0XY_(TDo^2%y`ErG7 z`eKwWTuKbATxp&i7HVmVlbwe51r&#x{m8RsI{H&?KL@GYjh@~sC3_Z~f4hmR^9G^S^R-`qJbx59yYE7&-LVW(h zO#@|(hSWen(JY~{KJp|tI9jfHkL2^K@b;&+x@;SDW`u8YKUYq&KV1~^Id}vgHp#J{ z7=B!Fs;i~J;iHvPBTRo3wa%8{GA_3S9p-f&|M?2A4|5jL?H__E9@z2E$!Z9Z;K3ry zRy5+%Av1GZ>7i_L<-M9NF6vA-)E{-cOvnN1uSibpvNOQHt?}0gT+Gwe0S=_7{L@er zRmzc!AB%9%ILB4%tJxh*^p3vZkB;EDVZpZzjV~X}$2x2eXXWjE>k>vO99!aU#o!ju zT!)&{)ZHbuhHH@&uoN)+&iFZZZA^BqUF=Y^@=H&hb2?TQs=!jyYwp?ANY*&+kquvY zH5UwM$4|}Wm@ZoP?Xs@^xL20}m7Qhl*0T>YX7k(hXO69bYlEHbt7$wYdK{}eyi9N1 zfZF-GQhpCHR~M7TbUJYBV@kcqHc|C!)w1&w^#0QJ{e*8t?)82$ZHAcPwi%O8vS_bKa^bBMzx&10CV=Q?bm}#m%N7A zRzz+UElB~uED`4~4Vs}1*7>BscJDTP;VT}HRp#t%Dn(j}i7JnDG}6|?Gd4=0Wn)<~ z`XfJk=kuw0j<|90tMA`u%8tGcVGaYQ#e0gVRuP;U$?`~_2tBe3rD<@hX@U}Sk`%0F z=Ot!gZw%ru!^C%#mgL_i#Lr^5>TULb-D;@xv?qQ!+v)Ists2>XgK1TUOYUBMGL+pH-j`22S!r zS+0eal$XX$`L~teYSO@A%pMz@ zD<+Qb{nDecDe7aL(#3NY9()Pq+&5Ma#FkvtF{u&5?pi~zfE6hl%wH#@!>O}~fm8qy z;<~#%Yoe~D<9NjORZIN51z#zUAZS>H;MG?xBJU<~;IAlDtZetO7!_=cH$Qf#+I;Xt z%lY6ly~4MPH)s&=tG6h1=K~Os}M6E^VLKuBu>w%CXof zXgoNt87p!V*K#``iTtv^Py)7}YP#WL7;A*;il9#b-R5)FQE7!)urs2!4uP z7E4N^6u+y+7RNzVW~o2_%=4%tS>ukbnmF;`x~9ljcEg0N?n8Sn=cYgg#AW$m3c~ga zmnS6V$mppvS?Wu;e@d+t3|4bEz$U|y1@<~u933Ux_%3d(Ul6rPTk5~xkp3lw+tK}N z(Pj4k#IADQnL|Gn77h5=C7PtpP9em+W zv)!OCtNogVdAE4@@%)Cv2KFDS{DxN?w<75zRpEJffdk8%+e+q*H6RKN{p=^z3@c^T zgSeCX2iE38XUczG7H7sD;dnql}zV)$aLoyG@@syQ{?&ws;Wq!slwV)M5xOC9D#OWcc5NBlJY$va51{G`T=B{#p}k(E`iG z4A-p4w(QR#7(p@2+HaT0XS?$(XY@w%WQj5t-xbixKnMREG7#ZYx&DHVs9lF1ir@Lt ze%IVoY?vad`YOl&nOJPBF8F=8@4lJ%gno)hOtv^A2cLnNlqEIG+M;4vuj8phhsw{@ z2s8SPPF-DQq{})YrD0ZjpgG68iPz78y}4pF4Lt+#DCIdlI!Y=H2-MHl1QCcLJWQ1W zyvv(=fU>g(?Rv-f2*OibLjN+1t0|?J;-z*?WvU_yty$!UlN@|ARo1x!$NJbJv^#Fm zZp_e};o6nF9viu`l=y?rj}Dz-^Zoe_#^rVqE4}Pc-{p#**+j=(qyHD?&=(L2Ug+bv zG326;%m>JKf8~OZGhKQ=&N@%xJ;)yX5>+`;DTH^(x^2N(2=rOw$28a~J!e3s!*R0&h8Ols8Fkw@9b0qc3|DvjYB}1-tLZA*1pQFZ3>=;GRjYmXH!=l;B^L9ezkJZgidSvDp z3w=O<&5tkYLj3oB+MqH2+pHg@v+iX`EW8ePPTu zuAK})Ry*yFfwfTvvMZcH%`{ap5#HgBEOI-UnC^gJ5D^u{NMWnSc2N>9X{_PY1y_b> zJpHNm4||JOF5{|TL{?u}K(w_a_!wEl~EMYD!zv*fuI3BkO*VO72C=*tVUzDcDqB8ZWCaZj@s)_$AG< zB^8~|Ci8_c5AkN0qgOr9lOw}aShPW{9`QhO(Hgj2u@>79HZtNXvDvy}Fy{Gm?et=B z%jRoy+cxrRD&W)FbtII++$6bpqan#)6R7=(@LUA4?obCT+p{`qWjXUC;JO9uHO*S% zP(ixdy_j2b7h`M2DdB$!jjcwR0ErtfpK8+_gWke@vuo&1RfaC1K`FykX$0oFAb_3M zH?8HWF`BB_8v{%glfE;o6t5VB2&)^rEVt)u#U(2frJHXMSDvrCO6R*rnXMgGzJ1|b zt@7fL6Jt+?1P9N_j4hWM9mzh)xyc+%A5Y12$F+j9-=g*Fh^p1!LWZl;kh}_+9`$fM zy~1xAs5+Sx1}x}0dREp)8Bn78|9(CEP>DLIbbV|6UDULLRYPpH6stm2uvOX_lBdug zmHB-L2p#pmmlZf~AazXACe7^VHfatHzZeSd2bu6XGU z8!iC=wtw5q8Ii5;Jk|dK zJ7wQ^t(4@{Kb@}3Xk5JA`JUToYa`>05k<%BL&p7Ay(PQz>WuV|6^CJ}LU0lJMPfXU z>lA8h$2OHl6!as)Fxd2KDRNw06ain`xXp=Os|q7{negUDCE3q#J{cqrabR*{ITghd zXR3Fhj>(l|N_C#%9yBrapSZ*+c4Qg?Dik};r$Vm&#+60tRjL*|16*&Nb{+h5tBrGmRZvAj>$LrxR zn{`R8OlsD5Xo+^C4`beR0K=;Hh4T@q+8Z9$X>QGUWk@8Gu4RlW1|G}oDvM+hES?Fn zKW#qFBh%rzx1SVYkH@cuQT^o6_ZlP+AaMV(XrfE|1mE>ymjbiES`{A`#GfzF?8zX| zXOIqcz#wdTe*;Ug{L9i0s?5{Vm_W6SHeg~W>tVV1v?b-j#0`o3PjUWhcz`hjdgB@j z{?u&xA^_joGZCYx-x*LuHdQU_In`v z3PbiD{2IW2e(RL(0OZe8eEy*i^3u~8Q@8^RP>2F>Ttu_~Tsid-!>i?161AzW1$gBl zElw=LK4YSn#5G<%=sZAX`00htvhl~ z`puUn!sk`h6?vhWl*qxzzyfgF78PX2(5AQb1k<&W8&y1aQZ6a(m>AH&j^I8rj?J_| zJ-0O&t<@Owl;<*_5t`yUM$0Vj+(6nI(v;HpJkJ(`?xw4n^(_S>T{HX!gdbQLe2vj* z&`ar)xYj4%Q^ovqi>^{g^we|Cz`%&S0@g%&HJFcpyVFh z|3C^_?5d3(K%ek2)G9DuVdlr2w#!z5@{n^$M2FnjRZpDXqRS!7V0IdCcp%#R*LxLK zdara-)GV~+7_18Kt|QDEDvVZG|AN}mXe@2mHV5m6Ih1EXIL*=(!va7}XP|>wct8E$ z;uzi)5n|T{aWrJCA+l4%fV)Hve2u|o2xI$*gdRX`Rcl$gq7l{>5xDDMYupt}=8<7d zU=bP_UQYau31uZ<_p=iw(>?@UIoKE;qF9h8viw=z>8g!eyTP|AL$&C(*T}J$j+N)! zFVEy@y@ubrK&^B!YO_&KOhV+PFjA?1sRivmy4c!)8$DE1CB|)bS>q})Xg>}qT7EOW zxFG6S9nJ+$7XQ$aU8dgS7z&s2QvyP@TKS%;L`y1n3kT9`4kJd2n4!yD84_`C`ih0! zW9~wlxqmr=)c0Z-C)LWJkRH~>#alY{7UYJ@G6Eoz$HNG^(c0kCL9JvD zjMygqmEksG>|eqv|5eN!KoEYZ85&3lU|h_9QN3xjz0?>z-{A*BhbM|8PQzaO1Ym$p z*0SoaxBqEOOx7EkvkMb4j`zUty)OaEN3OprDKw-ZA=2$lKg)y>uD=!LKJR6gUND>) z6e8kpT5mbs%XF1SsH-*c{MmCom!;iXt7>L(!G@mIQQ&W?+01E4Zt|7y9QidTI5>20 zCO{2Ca{e+zOXx{M@UkM@eQOiw^_zM!zv~FKKtvNun%aJ47fzLFguw2ht~L;ho7i@1 z!p7MCMSW`^>P!1N)h)}SrSco1a^qAk)6nU^u)}qHi>6BPTfF%qJqgEJ`~BVpS`tD0 zxg)WNlG|-7S&2UO$yg_54npE9fPaNvifn9F%#W)ENaw6>I$gKrNGW`6FMzJRdygEo zASE6=nNh4;iaf+{Jz)6#GVT>sbj7ugJ5t{;8R!Ua(X&Vj^d&BB`n3cl?}bLok$_EA z^k-B+4|XWoaI9OOn{ulJR-)ItOEP6@36&pV6t0gvp3e&H{KS02pt1&_>gD^Af;Q#i^SLFwm2trjh&=ee8_pOE!DW{XMerkPzP(r|jZ;b|MMjZCd(cwLCSSA~7q?J!mC?Ey+AEEsPzd z!K2EXN*3Qo1Ud<78g}r`n(|S8g(Z4<)>Dd*we`@;PsclBffND0V?B1`I~HE>Avcm7(35JW2{4RksI{Wr=d+XMg*@b1_pOqfWy zyfw&E*};=lmC(tV3&%4&Isx;)J{v!%{*aQBv z4ypijE}5f51T`QsG~~ujCP85cuwY_}!()-DdJGIHZ5PFi<@yN&vpbryJQ$- zGQujWR2$_>BEA93hal0D94%(E+mS925?{CyTG=suCcpUldBiYEu6?D9*-0B%Ga~$M zc3`?k%kYVWVL9oIqEd5b1}AzJP3G$$?}8 zDOK-VCLgX)#QE7|?P4Hp7Nhq6u-7P(2c9%(0!v@){dw_gq2LdPcHK0X-T%T>&`hOv z&$moc(hbp#9T>oT2zL0H)vC~T8G^|9i zbr2mkPS$BXPWq(s@Sf2K{I%o2@tehZjUWpIdW1b62_G)*IH2l)D^NOf3u(h38WVhh zT8O`Ih6Rw}(XvGsh>1*l&C)l>46#`oY`8@d@{~FKD_dyO{=2_}hB^FN^;TVRo<-9P zpI+2GVV{{_{P?~AomI4%^XrVCUC}Jq77Tltk0E+gA0a6z@U0n71gpJ0QGR~~qM(*& z4UaA1zON7aNNG@HrMYbJ38138cf1N04e${vT|t6ruK#e4x5(uGbn$=Qi#1*Ws#~Zz zE(VDa=8G}FLlTmIFUX*lq>44?iLTU^hvcX@pNjbBknXAq9`WDx;XU$yN{sVZaqe?0 z*k=hZyk&5H8As#cnJmeKB0`krMdILsM5KC zc%`zOG4TWEaUQ!V@%q-Ukl!?P9`ouQS{+&uH%zp6prYvpLvySt+PeD@CQ6#Q%>3;zUwo%3;qAEN4spiw`r51s_F2^nP7g#>lMYo zXB_0=@VbH4vAO8oYY?gm|NgEZym(Ycz;7k9nB0NE4acCr<--MOXEsmq=;B?`dP{l{ z%Rbq!L^ql_rN|vy3kY50`bBK74ti#ta_iS(WWIl< zXxv2X*5GDvv91C{fM?$h6N{jCrzTPC_a8*$p8#Df4vugq*J-9(%T`4tOcnmf{u&+k zjaddiBSSIx@iDV7L`Vwxc_UmMEtKRskx8Qo)kqH(Q>OKs0QB`}RyyUkaJhuTFpW@g zG;#Q`Gj&cZdVc1vA_yk5XdjzD@~UM%cP6VN01Q>MWRL#@f#F)4uMCv~2?zq^%YZjd z6P#3r1Qw`z8 z;I_oD*S7A%9+dXzEUp(YC+7l2H~)Tp=dzULZJ>7Jr=7J3U$af2gfvPsWgw{>Z_(Zz zs=z7=A-2S&7#H;`V;&v{aJnRhLi`~*`Nv@Y3TO*WUC`LVWfVS}yv#%N2dK8u^gLp1h z8Itf*2yx+}xM<0O(`WB(LL)zYuc&#^!O)hq$oml`ba>F?Jo*4Jn|#mSR{Tsh-+{Chxe5K+6|MYTJ5X;YItGG;`3$u<{SEx z@9g!fwu5Y1qyHbg5(K9RoO9PPHf@AoJPA>rOj*B2pGGPGC++{jr;z`PGs_Do|0L^AUyiLI85*WB&R*DOv+(nnDdJzky638 z59n2j_!PEp)yzn=J*)O|>CYHo^i0mug$(WSB=Z>Gq8u=fq~;9kol;wO*B|8LXxz&~ z?lp~9-;+>>L&9c_gQ>!!DDLYA!?eSLC zw(A8p2(57Y{qdG*5PT(Ox?$b!(?W8@u@0nSV?T73eEn!DJz`3bPpWpj^oFy5!|m$N zkTceb-FZETj5Q|xef=&GatU&4kU}wv;E8BX1So%bG{m4FqY1kk_xo}i1+)5pW>fsv zPImgoy@as>l{)gTCfBtW~ zjt6sCJOhAo>1~N+(x@tkZO;*WN5(7aLPcYFORwzs1$$u=7(qZ&39`>{UF8{q$d(Q6JFxnYZ8ub55`L|w+7-xy1X@@QIGR`x^C4K|Ip5q&+SL2RaiGPP^GmD* zc<6h-!Iyuwbm*k1?2g90p0C}M|A%kP1Xes3x94rOBFaq9Z;J{1Zv6#!1t5y5N&F>VL&GqZB0&pQRTt^P}VT zFS2kj3!Q?fWDLbj1$v~dhMq^@NX0`GFhZw@>(%<-TpH8G!P(Lko{aqx4&d8Dn5x^Z zuKi@QKj>BdHz5gF*ava)8UO}p_J2=1UpmF?4a+Nw!6pM=0;7re%NS~HNk?l)m-HQX z@mZbSb%0Se?+Y(AbpBb-^hy@VuT^adNk!w}Phn(u9hGL=_W(|G|7Lyw^9U{h%7TdB zsX)NJhTZ@5S*=`Mcrp$EnKGGN29D;+vw`0S256M)XIW% zrYZF#tWd+3Kz9Hs17OgIuw}QEFRj{HD7fz|P4^4|8c8#9%3b!|+TdRROQXI9I(WHi zL6_SDSoQBt`_U{t$J2SMkFXvDR*5#AuP4si*nvqLuKW0=h&AA`R8G2fK>$#fp=>NW zf4U%b6$jUUFus8UZ z09&9OPx*2n#UBYEGdTcIa0|FBiGQxToWuk0%?1a>Oy_ZaU0p!w|8fV2Da+&O9=)FU zg#`i7t4ySM{R5y+f?L7_01p%_-|ZOQ;e;EPq?dQJL88)Q?N8kN$^!6_&3X@jpWEm6 zM&^S%Qwl9>rQ?_p4g6;e%ez^`#c#qANu)U_CG7OEdKAZb6SjB3rw&`K)6By z;(IX>nJn8y-nc{sfNun14XQv%6tMo`DryxXO*_gEw2a(w0yy3j!Z z#-||u>IZamtKZ)>NR=Q1=hCNNv!yEOEHD(d8J#}>BvUD68ur89@sFQC3__`qs?AX1 z2wylPZ+!(o9pU?pU|>oR$97=nsc}s3UqGf+6ZQ2?V?Fnpu$QNgwHk|TE^S8X^4R@b z1cMl{&?mr3fkFv+-u+@L^g;3D8*#6v%Sr0>jL>H;}(!T zb-zEfiRXF7YK_yeZ@;Nk{>SxJ`bCZKC^P{Y$M9wfn{Z%%++lf>&RC3!HD$En*Y(|_ z$VHm17>2D4-o7^8{Wx*m0Oe-5t`^1_T=6+A8qrBLgSCF{%!acq8%E0A+dlxFa_7OZ zLbp5h@o-6G3!grOIxWT*x2?q;+y882?>?^Xyu8(LJOI%pnzsBk8u;CO)(xzb)ppSz z`?iO@pEv7Te$T`)gdNWO4nvMyCmeK{Yr$s66638`c~4m_yYb0qet#0Z=S92+jv9H% zYW}1Yz5jdpx%FkNRgk(_ulaB70GqJGkP|D<{~kjpOU?olrmF-7@lBt0kU56Go#5L#(P$USP>vSz7ezQod z+}dO1K0B5^q)sVvGT$_*CtQVc3S!Lr{L$iQn~c2B;Ldpl`>Rv=`!3ax2fRE3F(kg{ zFT$ZR!ss}_^by;IYd68zLF__s?1x9okpktma6pWS^`^N-xAd~8^LE*0idyk(VPh&1 z-$;X9u7=5{TA0`l|3yImyocd!BXNPXK2Zgn*RaR#4Wk)#}jN<%a|Y zmH;NN@JSy>dksiELIsgH^jQ%skhEV2L@cvx0m}Z*vFhQjTL8?tBcpNu=+fX0gAO$T zN8bO$vkx_XnIj*NDDj8+>2zOr0AX1Yt1!z?{2^h&iu&(y`d5oA`>XAb6@t|tUW%@= zzmLSzRrz#MF06al&^_P{Pv>iB?(tUr$Y<}KTk!QB`{GWmAadPSsOvOaN(=G59&7&1 z*3)i7Y29{_Inu1YZr7*dc5*1J+2-Z6n^vCXvHdDd;dgl!oJ6@U{px@HTIGMY$(r5S zAmvf}zh^#xA+LC3i6=wfHtZ#&JNyGj`>5lDrrESD*WbXUdHs2JZ&~;EU(J~@D6CLo z;7CevDgN8&ENi9;$fK>cssQ~=;rXBQUsMZtNp`k_{=UM~riRUOi6}wvyv;eLsb_i@ z0LL@mo5{q!!&|4eooHS%PbYhMyJS2xHU9~d2cw1!z~{qlQb`NIlP^lqGICyH+zXnO z9JG;ksp}7aZ2jbk9ir9^^J9Q;zS$E>Gw%2k($v82tRX)@e33p8KiMR;r_{*`OjE&c z+*O4SPI#|^j%wiQk$#n2zq9FDW*@h`=*?t|6_q42kvAOea73XOPFX1D0Y3j6em>i! z2-vdburbs3ps}@0BI6rr-^f%=uez_w@vfO_&{yj51620)HC2)PV168h@UrCR$JZ^y zVL94oFlXG8opC|v;o2h=S9FQM(W`nG6_y@mNHi`Btq|AQTY{D>KjIpJB92aMO@_R{9jO9Pd z;ND*iC2QOHb)Zf&p?i5!uOZazHYdJ2bhVq3F!4}A$y?QtUn-=BsqZ&!q97EL;o5Ds z%V6K}qR-U7IZ#0_TeEX86A@-=1*C5`_Uldy{N+{m^Ue1DXAj9Ob!XjDBy2wWPBSd- zT7hwVucH*q`WRZCLuJM5`f)-J^Kk2JH)&`co`;Y7XLU?i!u}f6arZaHtuMXBt-j}n zzCBSfoy-3w!V&Y-&B$M;jXRepgYqR~#1Kpvt?smgc}`o`U#j#@!lbT9NS=Y2Iw{4a zPP=TX@PB%z3qPNB0$$!^Vt1IdsG)kl(tp&;C61qBLhiNJkc+f}vugit6}}aa8`6mqDfOBsvYjmWeJ^*eWd?r?p1>C@1?=#TmFA98WF>+s z+`0yx2H#6AJOo9XvpzvK=!g75o!A8^#~6ly++q!jJY9p}xoXEHoImExX8gW1+9z?d z>CXqe?dX=${5<+4=~y?7=IdH4_ou$;lbgIe`o4$*@lf2p8*XLG)sp={Ub3D**P9#+2N`};Ak)@ zhXgyrYA7|IN1W04&wb^;0%)Hrd#ZoGv&p+Jao)7A`fYpJ!n?8IJ~KGcWaJ6SoJp&O z&63eXH?(ow{;7JY0FqJd_E7r(2OFXWeDxAV^_*$bqK-cpz=Eg~ScTr{hrGS!m%|}DUbN;K& zdD}X)_M~M74cBKset@}KWkRTP-Dn`Zd0gMMk5)rpBqG$Fw%opTU^rS>3X7mRtiu1c z%3|Fcng9A5+9|5<YM)AwBL0{wz=z(LMxlw>Xn)W`jnPPL%q&D;V}!05i(eF6z^*flow<(nk{uF| z!CvU2!w9=?dy88=%yZBCi!BKPoQIfxe{nxr z_+Toh>maFC^-ceO+%r4v>!n<(j;1+kwA@E36uj>5JyWtl+&V^5!NA2&cpqV@#z=h5 z>UR1wTVpo%O}kLxg0N{HfO}XuSZ1+jkGfkg)tR})e_~@q!AM+Q4FR5y|m@VW$VXce>$AtlgOfL0M}RR&A#mCzbEYv?y6Er=TEOVzl2Ck(qT!l zh-8gSY->2Kb5O>Rv9I60!HMwX;Y=BdHs`8`;UqGNj!Df`zd7&Ggx!{uTnX_e0D?X#63LASG)S}f?tF_c|w;qXyoRrq1`g}jJ& zPNMhZw|H4$6 zIz6;kD87C&#_9dV7=Th#{ZBWihcJ#b(g{ zx}DkDvb^?$WkERBupFJq=L&poSjb73HsE;fB-Cu$#BH4Jev+82kom)5zc_p9Zy1Y# z)|%bg4}<=Ty}S5I@PK^QTwq^IsE58>cR!(QyVqa%lM}4)n~jVkMt2Q6zN^G5hSi_$8B7mO+u)6F z4Y;PiFaH(+-WZy`Af%NAyoP2hQ8I2;|E#?a8G@S*i#ff*+o&K@rTbw zh0hb%s8?r%G01%+t9{ZJZd+WAP^MiRiDsG8M*1L%N5v}da&MLCV(U0r?^7jMtG7@o zt=mq-^jDsXP=su?1%@W3d*1#=2z;s;Au4|MmW3p4`yNJOV$i+_YkZZwx&fvcJx(Nv z=Qpwn1k2irV1^cz3c|yfLCuUJY?*^tc5iJmDw}DpnX=duccS31k(=cJhK76x{>$2jy(j*XX?DszXE;c?S_(QpTPXhZmYO^9UQfK1i zM-xn0I=?RNL}Z}RH%J%EO7>6;F4;K#nF!j#WocvJgHBo!%^I?sv|adID!?F8h8VJP zp(u8hv)8~wv1Kgy+;nt>Ni%#uZ`wO<2;2N${Y!aecZ>`$6*Bu+VoGm zmzH-d0yN{k9uNN4o}L2>Pt?nXT^XeBXr#f=k3u12&!&Bpew-C~Gsl!|w^KCmMuXi7 z8ZR6qP|KN3{AcDdeM+ImxzB8(phmOu^g#rpC1lPEbk1LFh8aJd_c1$g;iW+L!=cGJ zv~`@^QN?0-MtKq2pF8jya(EoKY!~>STz7fZIcKcZ^-(r2+TFIF_B(=_^+*X7$|L5{ zQ@T%|FKSgp(-5RUFfj3Y=!Dj=fl2tJZ&)g9x)ySvedS~3UIsvR%^An0cT-4apxHi8 zQaccrolz0a%ZN>Ky=xv_T%5)L)ok%9eH(rXFi5IyhlSalN_dWY^PBMN#Wada!)A3JP22W06@a*m}Iwo}`N4c~=219*tB&=Eo+M$lu;uNyD)wyd@$E^dw&TIpdYdX@zb%v}j5 zxZizKd)BqaOi#buOq?HEHa{X-ZGByfe+!)q2A_~M*YQJ~K{A}>%z-j)pQN01%eX#t z`J`zYw4g`V5UYZGCb>LdJ$iM^?i;>87<%2hhDB)Tg)*x-t?K?bij`6gS*kaOfB(`a zO?XB;lk=xf0;Db6^NXhP$cc56l^svCX$S2U3!jX|`v%$#$mFFX1XudSSIUgH_a^QzGt6_E2qu zoL@FFAmn%cTR5AZUN@@^b&;)GD|~{$2YGu;^BkXwQ-?VA4;>IJc z&51bPn(2ZUSfKFecKVZx(V!YcRQ-p1J1+vrGW~R4ysaj;d&Qh0)NfGIV9L_rp@8hN$s zMCuw0XZNs+2fN=LchkG)z^7-gJ_@lBsgCIP{5Zp2cgbkURTTVgk3EGe$Th7eJdi8ZplLBr~YnW`n*?-CzI$d z_XWG7_|ke(Sc%w7A!?KRYqq-`<}fj&+vh&^1LRsfk<|{|8SJ)iDngvnBPj~M8s`M( zQJr8CzETTzEJ6MCA8zh6Sdp?}ue*y? zOxW^)I1-E#?;*JriVEyU?AOV;{iq8<$2D+57{%=OEeX((SJSHIMd44uFM4=XQWs7W zG5uB7Q%-hbgK5TJBg5-Li0?!Bz9kQ2zAWb`U!KE}Y8GRM zes#f{+HQUTWn8TIJe>-3T)EBfHP<(}c)N#$f|nc4uP(o>L#nQWGt^aup#h&eOLLIf z5seUGHqNw+ur~H_G)c%Hx<6e$X=_J@4q@qaSti@#7e#7&VIFaPyx~a zVM1Wo-_|FPNlY{HM_f8qn?9YvIn58d;rCRnx7-K?Tqw#EX~0`W7N}k7_crzFz(YnW zD#k3--rH0?JNM1c?fVG@QNqyRw2iInJ?Sa}`TO?&?i`6l(bC@*_m5`9M?i7(W~0OR zDQ&Q@2?j4W>ny-?MI{`JeUleQw8?f)hZ#%E*`I;VQGeW~N)PM*zV$^~HBgJS2Ld`W z2_?n+^!cmjJMAp8F?kbmjlDPLxn!aqA!MS^J%(7Whd8bzndL0O_(rEsK=fEUsKj@C z8G#s5J@H*qtp;&99K(3)r-zWd&FSVO_t6awgU)h#KJ^Q}Jw`}*RXCeO4m zB&31llFnOa=Tx9?9F~sWc<{)dNcDybhyC)EuUt;@xGCZ{5#Qffn{)gVo23c)Jn%-j zJq|rACDOf1zdOmD3Mq_=1MCL{x%VJk$e+^{jWmP@IdMEuJP-*)g46cmZi4SSGhU!& zv~-K{vfK+A>p7 zEw+DC^?E3v7USI_@v$f(*&SL>rV499^u>~<^3dj$hikguuWt9jpL<`O{;F(Z`#+iu zMvUU*A^%I@KoI!&B#eLtaAuKt(0fkKNbon>8xQSBU40?w*G}RahF+wC;0h!q)c|@i zC3qjrsjMgwXn^<<^K|*sywU+tvF?8UE(*5-1C$+2S|Y)=Y60A=?)fFEh$aYJq05E6 zdiI7%BPvSqO#rQceu5XAdF_(H*nUEJ2B)d)o@p zk4Ra(z}(n97dx|AH6A5+Sj$1#bs%)2#*rGwT;CiL4hNxo5soUsaM3UVg zUfYFZW$E|4h>c@yn$&8cNON6!*r%6xN(SvxD$hq4t3A=ccy(r2#_u_l6Q9cQi*Mit zo^3-CxR$x8L!>`vG3zvqetEn5F|SY;*A(^>LcZykK20t)L5=yX5rTq{((dRnU2>yjiQ8`TN68+`_je&4LzlND#{zU zJmly1N#;L({Ez@ifJ!An+t!Hs1j3AU_QDV;(oQyY z{gxz1$}JWj_RZ78I!1?w<@c4aSf2lS$`ZI@Rbw$1I3_U-YhKtoHvgWpYf68k8b3Zg zEUO2C{JrROkcoE%KXKaURUcd_&=s%XEn$A@u6<}Zxg!ddB0Q@CZ|C15Y2`;`y@*3K z1vV)5B8-L=vZ4`6)u#|a%~+3mQ`~;2u4xh?@%H&NG@mKq#VGzHUu&C4Oq~U^2YB4Hwe-l!9HpB^i`#;Bn2$L~u zLkfM5K?xrV+w3SL1=Aq;6M+{X1jhmCh1Yk5{{?tm72&t2XX3yY zz*wL_(x3+8K2-it?C=&v_z%377${#ZVtDq>Y4VWsBH)$akwYfr!%-e)fPhoA-nN@$ zdeML|7hm$x#nO8^PV)6JlcQ6>XX%Jep~CL`#jCSwx}S}O0&*hMB>BLM`T^qm<=+w|cR^?)!SKfQ0t-zI8=B@_){L-Nozz%mXMC_3~G0Be*|? zR0_yPKg|=Cf3wh5gx7^U`fRc!ieQalr&_k!MS{h0A`tInBoT2+O&kvmB+Y3DH|WLI zf{LiQ(@Yf_ENn%UakyxMz#Csc`}rRgRl3~|bb8#*U61Dv&urT-TM*^05D+f4t&Pwp z;N`R<7i1>!;31Yl?n$d3fkM_!Nh+UXUUba_zSkCIxm&}HL*ue%mtj;2y_g7T z<>|BNPJIy`q=h%O?oDKVM8NSfnPz>27av|=95ehc2`0r{t7JSH8%gT&4DKxIN5{{( zDU@F3@i_jmu|q|FMl8Bn4LXFhYrm@BBzBEG?p%)l>~@6`s8Vqde|@r=xtjf&GsI-_ zO(E#rcefhf8iXg~yohE_-jR5>%yr~gu)y7G%f$Unyk>Zzf5KFeFH_kejb)D*PSwVb z_|5T5LB7zgh|sVG*k8+yHkS$tAL25?rX`~cKoD$50Wu`Vye`RCaw=%Mc>GMn1-)oD zhZC)+7!Q*10e6X9vC*g9UxaA^vgM|fydu!(?Z3mqm|Te#2c{@Sg6t%Yr}DVhb|#LM z?s7@T|~45+A!a3#~kBL_4J7DEK12T>Z46@Qzt&uoB0Mzvq)GPkRbdf^Rdon?>Wn zY<)hPV47=)iB7NLEA72_HqO_L8tjoNeTnuef_dmEANOV!DD-qn)4;FI2vB>QA zf6Mi&zWe1dgKW%_$<2e;DZ{MX8$;))wo!L+}U)Bs-SpH10p6K?4XS^C>^3{}RTK&D%lwp|v$e3BdzlK)SxLd@`>Q z{C(Y6#KaEV?UP&iXKM9GD0p?RH+#c(kv#(1$ad-ED9O(Bcu9)UAcko5=F0DJgSw@1 z2lRrBQO=a2FLpjkD0|DesJ<_5 z6mXD|7#JFfp@#01h5=C!5Cv&Oq`SLw=oXMhx|Hr#B&0#Q8v*I&9{kn+-ut|HKJZ2z zXU^HP&)Vx7YprU#N$MVj$W#^qc1RXsYN^5;y7N$L9|Z0*rBBhuR#FiKNUsu_l!7+Y z>m$)Nc#q=UG2a7YlyJW?b~PN;p8-Ecozf5zg&05(lWeW5FwBrMJE!5sW%!k4r)V~^iDTb`u&JT@ISF; zzjr0mXiX9?wh3aa6|`BEu~Y6+*V8)4(Z~tOCbf^3-W96OLB4y%9`6rhh*`9J(Zhld z`CVZ|^3N7p9_dYBAryH;!YSb?p;jeB_US4ZWziDYNime>uh z_;p41UEy5^a2Qx@yZH-{ZecENNhf+ca;08XuSkJI3}XCkik6+C4?t--hGi{jZpVwV zukW`kMkrvk3mPXI+zz1hOCUg1-OAO;^1}x?|`;reu+#TBXK+8bHG9 z;I}i3<&O(d!fx>r(U{yRdW&ZBWrZn6D?GN$xl$M21Vd4JW`C>SDn!I8{7vgaVH6?U zBa5($j8d`pD< zYqOINS^9vFe(L+G>s#Hoe#oDTC!e4rh7|NjytShghU?0ZrLc{KB3a*JWTW>hcwXke zNRwJcnyj_;o``MTGO=BuyhX%lBdRPA;0e=jVzW7Hfd=&}qUn zp+QIZ%#$^0;y`DY1Ui}9q#C@VOD7M$AKs~JX~MFJJ~mD49}V1rncm*aKg~w>cpz_I z8lsXTi^0<-u)kQ2&|pEy;2X(g+Px<`CSV4y)J#{2my)s4vA>Q#IkUbw$Z_>J^;^5V zqPB$~=eJggcmMAUA4GAzcd2-^ zSbjzYkQ}U9l^U0Yx+m}bqA=Q_b#mShDq=`bukk9mG65<}(D^DvIe0nQo~&n}zI=7@ zI1mdzBl->wk<0;(tn3hFze)*#zTz2_88635kAq(y;|HDI4F-^KJc8@nlQ*d!N;ryh z+#0>Y`K;gWm$anO)B{o^88Jz9=cK1|Rz`;m_o6%7yr)N&z5oq2cz#g1#c0u`*vTD4!xk$b%fdHNvtJK4Z<}uZIGN zQTm(q+a)v&vhDtA{`?1>U9%-di9{j9@E!%_*48VE0Yl36$@s+En%s{}42U6+oZ4mP z;v`a zK>H;UqtOk%Y8{gY&;WKP8vkql=dHUj!B9LVg496ei;J9IIW=Dsl8?6!HWofBgT~BV zKFyHieR_PYBJ=oKaC_c?l(7y{)DQ1?)PL})O9dq6 zNeOW08J&*CpBB1 zkMn%TqdX-nQoCDK3RQUttSTWNMBeKdYN6{^jl8bF9}&7LgZN; ztK&D8TbFqM1Bcc}@>Mju8j0U%wr&+)t*m!~&k9m!wKKw!ao{yaT1uFW!;aSF4Qfks zo%3ds7n{izqSLFsXxfzzLT!+LUQt;_n-#C-bGH~$G`W2I;uElro?*Ug{wf)fwzpT0(?X{@q zcNLiwbGXCKgyKuK?yFCuRB%IM<35eMSZ*1xA_aU`!{uq66mM~Q%kSLDLvh+UjoL%!)q`*`=O2$nJTU4;ubv7c zre9;bJ#zNoF$|n%=hGGP;&s8InaY}^a~)h{14}N5t zelyXT+DM_};0aRb3_3#n9~$$TX=ZA%7{}yGa160cB*E+PAtW?SgNqVKUnN~=Ciwi| zL61oBmnCUs7&Plch-pQ@h7=tG24v?876*KRV!xF+zm@nw+XK-suUA?`*7>M)Vm;1j zF=;elQuSc3N~Ck&5|{NGf&jcqVU#_r5^!>_P2rvoZ7l74%8X>dAXFI|pCfU~;{pA& zNsC&5ad#q8oG_x}FgD_KQnfRCAwbnJT@|$}9ufqFBIT&!E+U+Cya`S_i?9!$_`a;# zpJ*f`#DwPxNfKlS2avu=UN^v;Wa9wn(Av4m%wD^RY(E+B0Dv0w9LA{NtQnubAC4Gp z{D@agcyAuJsTbr-N$J{!_F;8O2F$st=r%!8LnUHouE#WvJ(~DsqV6X= z$N;Z98r3OAHlXb~SwPQSXw|DP0jH8avE5GCw|XF7NvRjxvNAzr7tmqWRdw$ZdB?<>VXD17&CNvjW|9(g*i?p2 zMo~Z5LR-zG7bPydS|;6_SYC^Q7F6Y+?~(z>FFFDSed?EI^!A{rbLDQWMsyL`bUroX zwXpLrLUHDlRihs4`Z1eNx-{gl=yjbw@2OH`fQ(Y{gtfF6Gvuquo>08*5N!`ToTO_R zo5k*#Fk#65oVDXc1#Gjseq6C%bv39RFSe!VcX?^F`+0x z(M-rf=F?gBG)D^0r3SsyFma{OG0)Ddz*Yf`k12!BsfyO|0DOFZ$phc*FtLbVty<~E z)!VPQ{JZE|ug~`8l*S8%7854rr0bR`crGS&9U3{b8LZmly!E z0Y9?lUuEUU|3X+WME0LwvtAeqMhXcq759Dt!2c{N%9{6 zX}X}T0Wg(qc)Hen(h3mV&-NF*b@RVPQDum_p8^wxLeGf4Mm}zI-q&r~k7HCCnhC@r z9{L58E#Q}WYG_Ptjpna;+7?ch>1efjiP}7kKI<@9IR#L_$%b5))~^5Lwy{dzyfh|=Bd4V9?dY70f#k$fCO{ja5*R`;_q zWB1I!#mOiM5`3QEd9wW)p!5C^;D7eU{T~o!7*ZWnzdi3r z;2Ihl6VIn>EX^Og0wcm4kHq{Q;l)>&jWgHbj(rw;+X334cOz=YLw{CKQqqN$Ae$+D z_HwQ*aIVpL=Q*B2h2xHz;2yX<6Rq?odKblJYBv4Pwn;tjh>W$xfm8tim5GmG?ZbSj z+3h%0Kto~P8*-5pwkiSJzC?Oj^-&I*40`sSnpWh+P3d688)( z+el|H?owcRK>=rI2ojR^b*7|$|4PsBYLJ7Ep~)5C^B!DS&8t0Wmi>=bEG>cO=DEp4Y+R2`%BFv-NNdLe#vIgofq{02&Kw*O)_FhhLdnrixRV3_5T|hIc_@UG4#&Ee(cZ)0X=w5y6`dt`gdHU{SzXA zueON(sj{y!$mKgS(&6D@gToen=}k0^w6bkhU7eu*UF;QliBuGIQj9SX1DL(7v~DO% z8qEjPMRB}6&eD?#g-HraVj!r0@j>5y4JQrF1T=gVYO?p)u;tC+oWo9_AZbpW#y0L_ zw?7cafOW{`)~vk%rXmm!7PPkLO$l9Skhk(#S%TnIJBBAmPU{TB@G7fG*Ml#2OHMfM zo;JxBhiA{DuujiSmOPKhY>M>enBD~Md6o!xn(vwkjaLsE4_j5Zw_>CdA2_WWT`ZMy z6$9=MiPAskz#oz|0ysx6sPL;R;L?!w1O2-$=Mbh=Q^**(tMYpEEl> zm-T+q_D6tq7W&s6UJ^aVzkBkb-CB%e|J?0vQjD3Db0cW08aEWmt$F9P$0l^%UUf7l z-m^D$RNLJ0CS(Xr=;yDrB_aeK`KuGqKtqe@qaanCg$pQt3#Z$sle`Wgyx(}g_5el< ztBHogyIg;tWj|tX_Uheipp0e}5@a|w2P*8e8)D4{>}<`-iqC;?R4m30SwmubUK5V5 zhkZu~;*Au3XjrGz-%qXbtE0r-WdSUP)afQy`^|Kf28|~IeUeIP!sDgXCd2t^*t9t`@>K=dgO@mF&rr+xx7>t-i_J#`?yg18q#EG&H7P165Ea5y0BWhO zFx*<;Z8?AHlqa?_Dc2}zm}2MZA1aW-hme@sKF&n%@=`lDJ3m+&)}6_bi#j~CGhH`| z4mijMlL3?99W>IE+c1|3+5jE6$|RAmG}FS9-$FrBrT=T3`g-R3rR>n(Eq%G~>s8e@ z+7Lw|x>`-Srxsg?k4dLYhDsbCsznL-%?zYq28J(wf4I&DJ;`dO``mgC~)omXV6o}v6Xg)6gx_SG<-&w(%q%@iJHjIry?B5ad0S=uA`^z}?M93}18u35|`7 zeJCH#o&pNjNP+02@(TY1ur%1Vv#N)6glc+>C`Vhv>tq1?$?->&?M#Aj zMn-)inZF+tvP5Pb=oPJr!>d8JvTiXPpDec4o$n=7L! z=6aZ`*XkuX{}e#Cb-G3h7+#dXOvD-i70|8g!J_0vKIvx~c+;n*`zWsRiraf&Z4a{H zJ`*`NS6Ki_Lr0t!9L7*=&5MtI0d&7u)im9^HW{!Z;7FTg*&4dB6p$l8dJws&lRcM4 zlqZYNe8!3|TkQi-qOs0oIpCxVlNug6BeP#d3rSFAc$T$k< znzQCby4LR>8R8sPwi(P5>7E_7)ErGVOMWx@zz|3~r-2l{JqpWDMdy`LLVP*)BUZZoK1Jip%$fJ8_?)6QIKl zCoVTtQc&L0Jxg3&7LK_V&C+6L>racz;A@uf`cd8^eS#HVE|HgF!a3lpf$Y=fz-K*mOpkU8W|xOuyEjQ!)GDa0 zb5$eBb*)|6-s2tUU0YO3KB)H^eB0&zU88oxM~S9xNf$b3?rI4qn1y7AXqSsJxWh19AO)CiFYQ+_ppD}f~Za4h~=>h9~(bHR*~tirryE2 z>$X{%=Q40n_>kd(c^EI60gt99vRMn#!m2}Z2w~)Nef{fWJD*Qe&{by6OcHQ7XTq49 zI~F>q#=qNBr6+1kK>MQ&b^RE1`e;6k;13;)UB&B0Q#`Zjy*j@PLm-Y9bLHb!sXyMj z9RLNhXpqpaj5QWh%imQr#{(ItY2&EjS zN4Ig&ow&?GMY$*6@7z(ZNkB}ce7IrvT)V#S|f-I9Cj5CuVB=(*QS$R4S!!R=vOX;ajW0 zBzg3v&kaMkUBTRj#hBRLkAoKaf0kXPPNHr4m#?;8s z1K)oWDF*iQZ#u25&sNBJy}_A*475@mhQ&8|im9uRUdrv)%(>uLQ#Tmkbq3lQY5yZuG zNo;{hnwryF98H5hr!}x^iLPU0hsgKYotREcplZbMSW4Hdt@Gb>n?!xUNY;-LGIHs( zomj)R>qFRdhz7dE5igOMaX2o?^kdo+0Tz|;Z1iNFI{qUR1&VAwO*~P3rQt5-r{)E5 z)D+s5wm0L;MA-vnA7Ic$&7rVwGO>b1PgAj{rsu<3Fmn}ES%W%FqfKC>~H{990Ky;{{*Tulg>B!-duH8%S<@7oLG z9VKgZp#8)c-HUbGQWNa{#ZZMG>7vDGG41j=%cYi4gID|Jvz^7|{JR0&gTNHvVu}oL zZ?6#Wa|*Zw43foH7AU{TbPv@F=!)J&wJdwcMdsC{4d}Oo`yN>}!lYCwPe@zmck}J{ zqpCk=hX{zJvCCa5iN0&*_#%W2AS6zR1$rd3;VhND|H)^V7n;GF0woCDwZlQ1R1Dje8Hl=k}BisT7NsrGaV0G ze$Q`9rkSp%^^2 zWJ{r=vL3`5Yq#s&YSv8={99(sy*SnYq-x+j+c~{+pgl zMdqNII)nL3zoX8(U#XLMv_zBmSS@xdnpnM3C8oF?s{}ItK?Bu^YV%3ncw}TykMIF7 zmVB|?lse>N9tbH-h>T&PKMTmL*J4`T%D7d7DtHEJjw2 zB4wi@Bb(~<(p;09>Ezr}Y}(oL%03!HNU&gAzVkgu0*r*)hI=WyzwY@yz3Zgsx7Yg( zvNwI^`{pMWRr{y&Jph#;m4H9!6_n5HFC2r;76ad=uLb0{v zb2MJ1R;|^5fe;wCiPJx03|sNw%qn%2S`w1AU-rV77;f^CxKE&nn4k>FN0|2;|BF&u zt;sNK5v1V44f6IhwlkEZf@*21#v)5OW6wQeNAv9(TP&eX^jtDH@A(k9_2oqH@;uxI zl6BG8)m?&PAXL04`FKc;ksIBGXwO7ToqkkWXa2WXVD1OO2}iOIFccy0{zUv4WFiAf z8P*VT^{l7V+F2p}Oef#dj5gej-_0bFqQF6VSlrEgq)7pSFn{pur(#x@THDfDfM5xO zYt*Ftjf>aIber91B9~ktK*I}~r;I6wJ#uRNxxh$kX3mN#@4H(c;*5j@!cqdJFw1qT zkr84sss1i32{4`qiyeiuu@LO9a1Aq5da18ZCUX8q0+sny-o2Dy_3mddp|}M-LvZ1lb=_S$)BXu`m>{W0+MgXF^UdCg8>lW16?i!yp8=k+SiKx@^xXSq zKS%=ZO3`L+?%a_F{O>p0O#qW8Q^mN{i>xA$E-XNr8m%Q7pn|p0K5A67x8nGcrbSaD zOdxS8NxuQ(rd^lfZrP6sn+vD0tgS7zppCKjG&WPkaQs#av#Log`zC6&PP4*A$)nrn zP7IS+5-n2zw&C&})@)VCf~~Ef;P*2i5~#q70Ozu$r-9+>xTgia+PAwjJV5I>Lz zO+)b_sFQ-@mD4}*;rT#;JhoFr%x1C8mMl*#y4zy{Sf%OUyaRE-j{GJyQb9IM$3)K0i*pS3T!_h{6M)V`fh_AF@=)o zCYA&;lC<)b@gESI>PlqT?kE>NVMctYE3VHBVNhW~IiUfO9B&SH3I{qQ+7-E)`CZ1d#VM`8D6WVjJy?d*d`GT`BDLfT&n zP^-14zh@L{oL_3U8JWJf4Z55;P-v8r;2k~3{jFDQKj9dfM+Psbo&Ka8quHy)Bb|dj zQ1I>xnj!|hp;RaL?8^~h^t?vxFe($}z&tx{0)_4qAg{OO#oXTRhaI3xpj>0?zIkJEOG8y2O-&;%?hSyx z%SlfxfBLmWHY9wA z_@dW6XD!w(s>Ep!O8-hW^;AVS1sUdtB_YdH$mx4^!b&@=P4~WdG$XSRU^P2%*9THJ z(&7EIFKAkpc%(xzkse7I9~f;3x-&064^=cn2MVWQ3KE}nbb((txCUJPfY(w zpB;gRDi)kKzGGgq5p`Y)eDFZFk18Rvv4#%eJmP558_^kzb61yNn4$A{vu@fX!ZEeU zVaIA&P0yxC1vLA6_~Q>U(dd^DWc50&mY-xGmZG+0fy0WSe8#WnhrrUym(x|&)>Iuf ziOdo!Sed0TB6_d`pjFg}MPy4NHyo3J4HH_Vqup7mKjADep1Rj!ObGzLpnd+b1ae|T zH0R^0cw88t$PR|;8J{aN;9cRXWCU`i0mr^Y8#lP!OxYvcr*rslk3G$KX-_U^)Z> zVCMrNHyOCa0PmS<<0qVc#J55T@XueAoLVsxKL%LCJmr^Lod}dnE2Qpkzj0V1zFJ-! z4&;F3Y-RM*)E~}ec!ErI5O_d(-lPzNKl{T?lA!>k67U*>Rl0e19LA4<1^|nov7aGC@zhG~-E=_s{h&T9rJEi29@Z>zr|CcajFWIuH6#bm zA=%k9LK8uqdPyJwHbUX`%qamWKa<`r%0B;@rG`hkf%@40?|UbZ1k((qa0(4JkfqGA zPeZf+MvRE;>-P!me@JCBSJ<+DvUu zh_cYPQrw@W+;$pz5Qm;~_@V8$NZ=xWR*OOdA2x3t9gr`8;H;T?V$6ia#{9$FMR0Nu zHvb_=sC`mO8wQP}C&GkxX=8m>{V4>K3M;$UTV%l3T1nY3=8va)bMC!E?fz&&41j1P zukxRMYT6nL_@Z%(+%DV0Qv~GL`T&T;c_N~3}8Ss}mFhq#m_g&!LncVr>IV^f15`sN-I8+L8SOiRi#rHr*b#}oUp1K?O0KZaSqAhHkiUkGHt6Zmb9lx(s>8}%4`!b@ecsehu-?iz_y z3gUgiUn*QGdwU5ORcY8EU?9o$h5D7Ce(YFFrcwLAcK9~1_>h(LFYy@fUQ+ra4HI%8 zB>eJ#`r~|TIJJ}HOSadqUw5B$n831u^}#2}+Dh$zNdS8`e4K%)B3Z=t(!}|l+CczY zSvgxhOv*W}u|?Cds27XeYd)6nhYn@Av}#%`CT_oXiq}h?`siItpaD>)nls0@Dn~sa z%e4`1^wbne@^LzrU9{$#$zhhRJBt9^y-5vY7&d4$noW^V*2$U?60*? zg{^??MqtrZLPs^q$vsLIRVvgZMrgq6n3_T=Kw!hx6%1Y0FrZPEiLTD%`~Jxu`-L5` z;NKeJzv8zE#22JU%%Q75j*y5z^98MZi;CI_1S(X9vnh}m8I;m3#;YH0p9B4}QoB`Y zn4cD!a$i!TW^|{LHZ9*fd&kX1YiZscHEvPFcMvYU+3 zeM)%ZH<_^_hmB4KI?H$a*!eeBdQFWFG3i2}UFNvi`nsW7x5$>f;|cQ+rW}4m4j2zZ- zQJJa>cfQbaQmd^yM7$bO+}q-#n~`)Q74#OSYDho)_;|`ONmC6^-Zvr9m#ysan^iHgnB@NS2V#MB!d;_E-A7Wj zxAX*3gXV?W;M=O!#>NOe7)KZCn5nyEm2m{g}Y3pF%#HPqNGY@rLkflJ&C+ z`PdDZ_K(8M6a!5z+Qas^~dnfhh zKbC%nanKAtGdd`|@`cg4oI5 zrM$4R*zUOznuYhpwxjk2;Ik1Fxc<2`cJV=IFda_Gdh2|)p|@ChYSH9+H6IK#v6>V* zIRD<_zd+}OeGs+sz2oazLUqMbgpjG+hQcl1<(Hea`Em?hiD`g@4em=IPr4axRtl7$ znCEiZuDZr>h5z@QsIVg>UdgyAgWhy->%BKJl6C*}QOLe(3UK%sq^0p&rWglz24T}8 zO!7|q0y$Qru2nR;IUKIc=6Bb4_(MHwFEs&g*#fH&JsU@9U3f**92Sn{$Hp*K_9{`A zg9BFwHq8chu(Mg!55QD>)nSFl{;FwZ++1L5NFgy|kmbP(8!8rxZ&vS=(Q4NQv})s) z%ai77_GTA4WChoA1O0F7%ke3GR+Z1<;U)oh){-)lA^gOXr~AHUw;}tPm~$mIy_9T>{1?AT0YnK)V-Gaaw@(l7NYEn4N-x z9%k@N!>gfeskf+j0399=QQIvNL?TZT9dG?aooG#zvCR7%L6h-)tCINba*zLFU_5O_ z_LoDOIV0i$kIUmi2bYcfMxgAY0O;D*7wI`^J!`fMGw4h#XV-3U+g&C75n+<&u++E% zc;D65l+qjBI{AS?npVk4rapI8bJbLA#{K1D7r!nlH_Stz_{mj0PL7xTs2aJ>UY8nQ zmx5=US9^Y|E={TvXw=hCva4HZpXxd4sif;Z{@+K=A3Bnl`CXNil++KKi1p3l6w=m* zXd8JlfP-3nAG>njNyY!^CLJ1}f`mX*a?<7nfSSNVN<28-FvF@sTy)6m${L##`ud@s z{=nrc|0f*3=U=3YF*c8D*BjBNWa!m@aT`xkB!Ukac-MHSKQE0=GX<(peQ?%jzr7GZ zwRQx&GI_tI-JgDaJC~QnX0%qb7(A1!+|^0;U*Lg>Lp}rGogo1F@DT}h{~|CU;J||O zeJ|uA95XMJfYB`*T}TiROLhW*=HK6JUqzXW<^k416;Me@9e!X6?(4^LLD>UG&VwJT z=l~91N%i$q1F+jDwd}}hyoY1PD{G*Aan8@8cfZh&PVASQU&@@+x)W3Ca=kk`-<46V zT468Bx8$^Rm@urJ3Xi4N$GvaEgAcLIJp4f6n=)I*SvAx^1hQ1KLMgQN@Yn&NCkMmbg;bKvAE)Xpo>-u|cw@^HK2`mGHyP7sjhP z8kM$B%8;L=f%6ufP^5n?q`Bjyx4NLZC)$!Oq&Et>x7+PksXw25EaXM@-Nx$foPfLa zsuBDkJA}G3Q26UhIMPh9tt#^KmA#8gnAOF%C(gqgdpE&zaz5=bzA4=1;M2)>conMT zwLvC?zkTQr1+)Y;WWZApMs6hB0skEELFSks`*;g_2E(q`SOJ@ z20e`ddLb|;mW1-Va%R--i}_@AR@EQQVOI?@r6(`u0-0{E?b>#!ug=m6PLeNHo$V1? zKVo<)j=;4}(QxhIMYE5;%f(lqSJ5}HO27)sq@^b^OVa-)Yk(yaDC{iPZJvIm48rrP z2*7zPTxWcBvco8deBMp~r^c7USuQ!5-rcnjI{8X&jRyy8$BKRQpW$8&;i=5P<4i--+J2HhI6`2u5I zrs0^}p3)VBVz1S6!96zX>9~f+0|)$?qED}^KVH+M>=_;Q!f6zmKd5Ek z7I(w5m0>2LU19vAQSN!Te~FBmHEe@L+(KYB-VHnP2;%A}QhDJ%@k(M&e`n3s5i1rs zqkIFsWU7w#xX2evOZd0*l`Q}H+4f3&wJ;d19>Hj{Iw?RiXQN zQmZsw@Cp8TK=o9|cJ;(F8Q24|9^5jeDV=FSg9!r+E>r)UkmEA#X1)NyHxWQx^FnxO z=*|*G& zF3c>I04H~&Dc58FXe=aL*YOV}vaafRgzAM0R7>dO8+)^@n+4Yd3FKewje}aM6LH|+L1qShpLVnuc2FX&PJQcFQTX#Lr=eVj0Tt1{am~*`C-4ULGb!I z{O9x|r8sJ|o@X9ZWbkXZyB0y%=T?$Nb9(u{*+3TU4BCK)Kk35yqScoU`^7$osilZ| z9HS=%AOEhS74lPT2Qc!%QitfX%J=5{XoFo)fk0~9-y0Kqjo!CFH!dgMT5kTLcjlGz z#QYkm$%c#1h~ikhjyFG3`nL0!>paBiP{kmabma|RPqt4QTM5PPtG*$>-5kPE#A9fF zpDW(s`Btv!2Vw|@($BzcN+s^wc?@((a;f7s2&Fqh9*C8XtT#i&bRnb_VxIJAK9Ij~ zm}~MZ7m;z)TDZALzp(K=uHy1am3bk0BbD5;yI8=z&c8Xe- zJBHVrc!K(4_sEFCJbqHftLqiVBm2Yz7Ne1H)GT5g?(qV0VjQ)M#5yd`78m5$qozeW zl&5|mgWxgw^n~QOMMgLnMYBIJ2-RP0LP#j0}PK#UgWwXMj#q*_D9MdYU3rzQ=w90ydF$kWwc&I{GMJCO^J_yW*@ zWcs}Z&81N7HB@9jNnQ7G!W3-AKh`Hg#Q+6J_>6uyxLyD#!azUaJ4-G-Li$a?>kc1eX#Ip=Uh7G(ID~|_BxXk_-D(n`c%p%B?Pu6>;<|jLWeff z+lfauFe&ZqvNIm=1J=(kfz*H7oJSAa>C9Y>i)8^P1dCaKME-&}i%T1*u>8Vh;4d<2 zm<;RS@$@!~m;|I~D&?+jI2d-b>?IRIBOy6Ez%KQi{r>qFmk*n}F?z0GG3cQtF9&AQ zthc?<4FQfmgEheS1zwP*)FwMky2|KHiW9%#?wVu%p9kfAc1T`qCWdPqh>$ui){&W( z_FcOlsv6g}3CsX6!rL`{`GP-8Sl)7Z?;ZCQfWX5kMN?qe7kQ?aXZikX)?Pp7>^r3$ zP~^l#_SMxrYm1lL%22^^T{6q@;tl79bs)tNp4+gO<3hu6tbj3BR(zAM2h~LFQ?}p5 z02nCYtZl$iF`s4}e^lpJRkaLXRClbT1fGinl1pv2XS`u6+(trE#wX;_OVhF+0zc#m z499Z=%oFe!Snv;>H<1JmEbWGkH3)kCuqDzzMUapyN27jH(bn&5RAC!Px zHjN2|$p}w~AisOghiDU#sn?gmd7HL;(Lq;AYPci}2Opry4Jaju)_Z;WS^pzfYqZv@ zYF;a16HO=T3kd+%ia*-j?xPfbGwmQPC^yl1ey~cUy=fTOttJEJiL$D53tfdqeAy1K9uASqelEVk>K=%d; zcDk;lhpNWv7kZ@+K_4!byOlND?8dfBlf9&Wj=a`$6Bdq(gwnl>-4TLkO1wN(Yji#6 zrVX`tx}+SS@k!#cU7^PAua|V z5Ic~iqbzA`&5a6_!lXE6`1;KTMQ=H4E%<;|OWILZ;1FO9tID<0s$2{upVcuwhUc2B zeLZmp2-uk81gv7%V7FHY(Ceh^3El19sq+6I32%t6CU{E@{P>9z0V>KbZ3l&mQ*dKn<|MgN##5q!csR$ zn|~np!iCH!Bv=}Z9Q@qVsmFq{LL04jTr=NkKWg=rulkR}7iPV;#Np7cVGBQGMd6GP zX#$OtwUE>zbkw-gueMnsns+P9<0+1Ef%;)gmCT(WQ=LXr?8v;97>w5Dy~BgZ0uc4L zCD`N;C|T$O=jb~7gxotqF?j&uv!SJZ3SklU+TOjD{-&=f(2WhogS;L06|nr#v396= z{4ULJXG#j(&@4J_5TJo``6?4g;bvVJEk{)DPiE~_;$AqlJqY(r(4Omh`h^2&*);hePScJ&=U-E(Zqv*ZR*BE zJr6eJ@4PBXbv3;_&+8m9QQ1n;#!ThFDNDV*-%wghcZSA}WfG+cNYz<`8APV-x(2$S zsB!@PU1dTgE?&FG5qwPgnKj>Q|w<#yJ>+>4diP>~Egnt7?Ljh7? zNpx*Lm{hvh!y&RV`;&7=l zeSd_a<}v^hHLPX{=(E&l$M&Sc@}md5{!gEff7rfwpf9ao9>6E&k;0#X9z;twI{lih zBqStE0D4id>Nb(wT_2As-7HA;YUG%Jn3VwR^5jXgbrp~x*K;zqmnqYuq@Mx3G$YOe z`B=&q0}EImU(=(<;>q2`6cM=LjTf!yn=bhgg+s@pFK0^yi{MtJ@eJE7;wQgcMb9gK zRD(DYrtkwj010JV(f&-?{qkk$^bbI#yX_2=kxoHlFv9mX-LjIJ)aKe2RRF<1h_w&l z3;<{{R-hwjO;)}ihsybJ3VDsk8U~4jcnhV*)%)BD)Wh=`_u?IPN;s;N!%njw!uVND zcK+uNz*sn$l}Us7Uh3jnNOu7rb4SsavPvDYt5r#aDbQ$TWE>~~zWzKb|ISqtBTNct z`r7LMqNK+^|Amlw^MY#v%L*Kf%xDRqCN>rU5F+HlCbgqCV&}}y!>4gpYT_L)B&H<6 zd@7&`dVx6n(@Nw2y~@0DaG**-E>p_X)bv38Vhmw}sywW12GlQ|=Y$lF9un+gZpC(8 z=)Qcjl;A{bhWc*RA+~7D7WM5@HuE?S2yy>pm!ir`@Aw)z2+jAsQkjF99UW7-NCD>0 zVV1*o9yjYc6F+``ix4$P31H+!D5E8B=$Z-^9dGP=pQ~v4dAktJDMAqk6zrpq>m8Gt z3rVLgKGV)0HgxnE5#fDR4yh&93Yv=;vCTsN?rq?9B>jZfQB{2Jhl504i&0-z;alXN zhNWm=X;8?MlwTKfLeMm+oI3hIS@ zZPI>Y!*&W|wvVTfb5hg6=5m~B7>m7~afj@fwd%lNYFI_6qkWB1PjZ=QiW6JNs=@!m z*IR%^xrJSzf^^Bikdi|s_nc`Ra2% z@XA{m)=P<~mo;?~x5RI=NmBVQJU+Vr*;({wjoJas@BokHSKr~o)Rm@X>pqUAx8u7s zw201~nS@Kqb1$d*iTX;K#fD}gD*$8q41 zt~%v>>eHwBaGy9%MVzg+_-tz6`HUB+VSj+|x#L#AV%)gbNJ$X63ZYrOS65PoG<)(K ze?IHed);5~rE7n8H3n=-KVge$!6#TXd44=v83p^c&6Xm4kiD`u7GBT~Pkgqu2X;^% zb21=l2jZjwlr4|x&un?v$ZijGG9TBUmCXl7br{)+Q%0pk--u&(466UMk4iq;=vS6$ zdNwq6ZPBY$@E!+FxRvKRb? zLvW7bL~~(10erO=^IgUZdKlMuUeo!rKGa_-n#V|Gp^o)n^Z|h@8dZFdxp$Exh+J)S zj%FK}h?@B&Nx_3Y-LDcOq%UX|zfp-T1Oyo9_^j&AXk$%<7Mhfmm7&(7WZ;;_X|uP< z0#ZTFFA5ZaH|A-#_y|$`yl}NvF^xo49TGV_vX}GZJj~1_y1d=>AWrPFv_6x*j-=C0 z8dfE$9vpl+>LBFuww{p7X$Z&e9Vk>&{A}0m>u!;LQ&#MLlLMuV!$iWpd(tw!Vcj3` zS^H;$=8+cblz^#I61k_&^>VF%Bym)z>}0EoS)E1n6ZYQL276zb2KyU7^vDsNUw5Tj zhLp}diK&S0)#r#*C6)`)XLx*F{baLh9P*miYAltC1d(Pse{16))0KgiYMx_`h~#VT z-K8}rupgR~7!)!DwaGtcqboRq=ZxFRy{F2S2pMQ8n4eplw)c(G+0F>dRS2f5oV&dj z5#w5g?JXpp{dBdnSHpOc$u^)MYPE-=$l7Uhi`cCvl-rb^v@OX4o?kW7W4m8zn+~{h zC$F=tsByOs1D~D6OE`+mvt%fQj1=8oiB^ONFuLg(HFt&ZS;;Y6Rb=JK89%qmL+V$U zy+I2nY*MVacbtRf@IRmtd=MA$eWroysSYGV((&YA)3c3VOw7I~q?8ZnEe@(Tllio!>mZN)h@V#VQTOLYcNH12~ zwVWSCdpS&yjQ#xxDM62EfSvV>U`YH&2FKjN;tHbG8)knc1_D+6e%_S0W&A>PQzy!B zee!sp=j(^(Gp@iJqqH-L;;M#!rb}ioyK^I(=F`i6C*@p+ zXRGY@EOH2Y9|e;tx&=}R%^&FmjSqdXp{((>ZE0Ji=k+{S)lGc;v*Q?Wuw5ozM|+mj zRE>G*Iv*Vjf7}-hG$3mo{-kNLuLZx!It{g2r$@YsN>0`rdg&RWXts8 z_$l$L2)V>I290d+XWWU(+EroXlYQwMSXrx(2};3%(d<~?DMQyvmx6mMI&YjQQIaI2 z-79Un^ypE*y-lt3J9tW+Z;$Nb&Z)Er?uIQ6cP`P;T@n-fQgi6R<1X^4B=OGa^z#U1 z%>!;pnp!5uK~l=x_5dQh>@!e~NywjdqhycdmiGQak$tDWLhbA^rTT087LzfiA6$ln z@+_^L(hROVSRqXs)+;#YZI`-jUi64uDo_hRQLHEAKXINp58lCVFFN`BHRAc!!~bAt z`FY5lYYu8rlAw+D=gVItw8Gyi8$UULD$I6EK;47rqsNA_xRD9N(KWIs;=;|REF&1D zDG6^Jz7(>l%q9msP{EGKMKu?_8U0$nST>Y3RkhLDDzSa7`cm*E`mWvj&|(~WI;Zs8 zjAE@i9_PKw7#>KL@z-U$9}}EjcYG{cSs$%jxvx(4lM^T=(gI+M=|pdKUXYaQ(&ziT zWqgTEtG!oJ&3JSZFTD$;vDyKW3$O1kx5=;C2{SwuYF>RucfiF%8J@i3CX`IxX|ynL zgZ8-RzBYNF;=Lwq<%1VjKJl33f5&>^zSM!wu2kp7_?X}^sh*A(V{cZK10$=l0q2Bx z(6=;`j7|2K=u6ldL9A}J@8obdEAO1t8Z#VVJeKaCQC-5N2iOdk*!(YSxr}B)!=Ps0 zMq}G$?CM#S*JVPlRvr@U-8^{{p>;l~rTCwL1>ocbkbQoo4`8nNGaa(Aa(GiY!8Az$ zd4O#&u|sS;*PBPfT5!Fxh_>#^fUw+8_Bb3vH}XaR)+3em4jIKxEqa zjCMcI*qh@VP3C-W!_^&)bd~K8zrcNRq*>QJlCVY{{TqWbcO7rwYsTW zJf@Y7eDQg7`>&MaE7msQ6rG6+gBKY6AHc5+sL6alIfU7kUkG1TO0bD?WJ|dIyse-9 zMZ0wxhO*{Q>nSsBU zeH2hcSOqQ7|A6|xX?*|I7|?VF&foGE=(|FH4m`iK0O?=K&UDsx<98eurTF`lCHseR zfW8m(fBX}w{a>F0KK7rZ8n6ePoSgpO&ES7;1kIYj2Xd1R_0MkKA$&+csTmpD&+DeT zF9Iu9`swVVGfEgxz1Z9QY~{(`%!vNRuSNF>rpE~FT;D~;W~7m# zsMGbN**oA}nn?}?UJqB=>+GSeHT$}mF9f(^_v1?AoYQJ0UW?4%?F!<*9L*~z=JoLK z?vwmtxxX}%zcZu1ru_$X%D@4!ltufHVS0M{Ou*YLiP4N$I*Ipd&44OKNX6@8O2QzW z1`nqkp06VQR*zjznhFm_?wi}Wxq6Vkyt-T*lFn8P@ZmzdP|0stONV6nNJu){)Cn(+ z6e_|uvS!m3ERo$u3Q3J~=aZqJYVt7Cm@cYn?{ zzkdZBRB(ZcpvzPZaQhrg1npOVKWO$Q%Y<}R&+J9sM4QxoJ?i3r8&nHFsFit-#lh+Z z2?)5Z!K6ral*mH}{ya}gy7izy4`>YFC*YD?JjI;m-7>qBe#(HKZ_yEa8i`MyA%$+y zX4mI}v9Mfj#TdHO{A6e;9JcW}?K+@)E0(+hrLi5RMdoEI9UTa|W46@!Ig4qu(4As4 zst|{!igk8WsPRB9`e8I-K;a3?C_%VQHPFJENhox`=_$CU2Ui%^5fGfNYXb+&v)D5F?uT}Fi5QXwq zhB%f}EO1~6;0d7{KD+af04iKv03s>179`Bl`5Kv`;Qq&6YoP#Z-}}xO_6M($C`!}1 z8#XDCHy}cd{)*kv0%7bym1ORLUSC*wutKAmNt)C(+48qP9_DOwZE2rk za+uZlO3tX?_)4|%_N_9pO?}UkgQiE$1vdu?wy2gDoUZW<4`-%QRi5AwTwWd;>O0P7 zQ{yW5r_qyD0CK}LzLWHLQ3nY0I4rhGOXFdc=CXPr3r$BCUHH`m4LS|a(72*?{-WxF z?zQT&Oq}g4k7ev!JZb2o?DKmI49@n+0)c7f0ZmTn7JBMmn7KQowO->=xyT4UmIO^C zijlWMmDzv1;<<6x|2+MXSQ6K0BXzntxAKjz;}##AlKQtWPU~8_eQ!M5-ga?a3ue?F2b9wzGkiHKo??|h3d(55erUVQ7_`N=yT ze1w(h>=oZ`%eg=6ux(l4OU_q|79h0>Bu-6PQAX`ShoDUbw12*Tq^&eVCVbZks8Dnh zp`~|75GwctOt=UOS~6xYa!ClHbs48Pv#IjF+80#U9Q)gmk-I>tgXsh_Sans6E(2sK z7P9y={KTv*iKn}4yYiPe@=dPan^=r)9CgCUtYiO(jnhO==YRF3JgbK#0Y5)+2@4Rg ze!4qKL`C_n-QX*0-7kipcVY${gv*|ggX|ZL46#>rIe%Y5Y7wB)O#Gv$DLX{hojzJ| zh}_(DjjbAct|lKNq@5B**#uX(`-GNK1&>yzhDq@7{_Q-Qr;8Rh#UUINdIn64^v}BT z+;1h<5-ssp)rK%apyFsx~4I1`<{jb*sXdd7pLjY3&TwKpgK(Jxr%m;nbKurmcr?Z`5JvkS- zwzhV6`%7LLR+&7|zXkls$sabGi@gr`Ow8xNSeV6vjV7mX8&G%1z?LM-l(i*r_2En6 zPuE>+G)WQPMDHFjp6Wy%0U4ULZRzI^S9m2p*Ec3P0v(e2T&NfzSSpt22pN5-821%2WXO3 z!$`lHHlG}_^DS|e_w_zy5d;`SBb^8E=VNY?}P(1dk?N%O-| zJ9k}er7y_}@7}Y!)hF1KT}%Hunl;btgt#ON&+p7iuJu*42$!xte*t{xQlVE6eyXFM(&G4@sAD1(Ano{$W!;IrN^*mu)<_S*P9e!u2CCB`#p%86}GS z6V^K&(F)l;3Ru$#o05#uedkq{pAV}7&KU0TZnDSUh1SIhZZE0RW=*+wocaxEj^I4? z0X{pxrYL4I0gBEBQu!?1fW^cDi5&LNLI^Z$KDtz|I3KFS>!tTDyHXg&$ETIq;QG;k zB%kdp#tV{>Tnc0hw!H1^*mbZp#+I7$@Xvr0OZk@!xWZ@i>F9?rVN2AC^TflLFZ3ix z;N7rM*Ec(BdnE_mu&B zJ$}KE0~P_3MOE_GP_RW>-W(KEhKLC$9P&|AsJQE)XpGDTh17N5>tLa5()t8K7qaGS z>RS5Ac&0HGqRVe>&u`AF5AX)@zv#@p9jFC6i)d9ijww2^|9;eGN&LgOuGdqja*pm`w7Y~-QH~4ipSF} zzU9Vp_dpfK%V}$QVB(Fpm)A1X3lpITq5WY^@cHv%OLYAO922m4`$z|?+a8O;3e{u} zQMwZgZO2l-gawq`wIq-PkRP?=1hQ06=sa}hU`GqO>6PL3MP$44;HBE|w@54< zrGm6alDPQ~Vav#uOQvFF_fl??#KELb3;Tx`>qrk2$6=}oqKMhli3ykQlP^p-14eEh zC57O`S*>Fx2Z0V%hc=AK7`_Or!>A=5S^oT5Wuu(bK;I?WsvEZ++J99yVMvqA<>~YB z(uus0@NJpOrf5zLu3BG#M!zZZ5+#-%%W{6X7W$T)UaKpXAVr#fNB)5ACt+$Vl2Sv0 ztt!ad?{FFUn9Z(A837r^xn@#V$^^%JI9GO=(OP!bxLBAx6??-6@w*jf6#)UU=c%)m zY8Hmz%M8+P=$V|LRF1G?lD#^eQnKGo=q8|$a52?J%D%3++Qle1TD1m1+Jgdo*8~g+ zD|bq(PR1bt$4DW{aRdrQo~WB^u0aq44|5KQ-PQpx;e;IeFE$u zvu$e^LSD32gYslhiSK;>20=``LlG?XN6&>}(la(|$3tAeM~T`%GCkEAK3+tiz5ogwOFr`NMAW z+}mpf$LnLUu=-2Uj}=r?f)LyTE5}=b7AP1QEpHg9#glRtczzKl0E+3R!{c@=b_51k zJ$VAMNubulv1*kvPY>=pVhUS_nZz11JRX8oTVeZ-yqtUouM%3XHWFmc%Ez;BCcIWl z4qc$TS$S_kggiVK&wdnAj)i0|eU7PDe+L~2LK8vXz^`=oy^N!k&yUi5mk&0V>@e`D zrH}hth5didf|ZMp)7b&k5mW52v9UvrKYlJ;0X^-cbMaP4wBCK(Je%-_JR}siN>C>Y(81xPVonMt@RKd#7*ExWB0kw~L{$v!PYkbw*esjt>y#LYl}C+Fx+? zqQ*rq2rsdw*7xBecAj+q)QG*Ehc_4TeKw>mw~q0Z3K>G0krAQ9#VBn^)K^}f90do> zziqVZ!G6sZ&2t~sJd)j@dA&tXCH#cp%rX1B-PA{|S*o$&L{zh%OOwnA6$Vt*@SKqMCtA-)}VKjHJ_^s+>5j~J11Van-X@khUVBGQRT z^+=!AlH$IN*RX*YROfq>KS#z7Gv2H#(5~wSWR*7BJ+H;#-48<9pRzwBxefX_RhUsV zoccgD!Xo~pFXRL_uJhPkR56ZybLq~Tw7YblSrU-=RK_p;D(SjN#2sVmRqWn?1NzM- z(8?ddMW~ptQu~dk7e@&6Z_1voY6X%$O^m?Xs_7QYihayw`a_W=+~Yr!I28(e>wi)U zZLH15bGa^`hquktIElNGM=ueey`9-+4+= z^@Kt<9QNTQ?&NcIeIP*XRBy7@d2RW3pmhHFZk^H-#E8r8W_cvI-503ZrG8BWZQ8<)v) z_aa#J2plrJ9arBM1(FWjT453up1b??X&~LlxaFq13BbBbZNKo|_^}9irO|G>-a}YD z!(|eb;)qX~+8kyv7tOt#r`Wz@VKAHL-aWg<(61TyW1J0ouY4FW-9xFU;G;G?L(11D znj6it!^t0G=~#X$K8tDHxyyl4acE-Ii6?B1p=jFkdZ-?kySxSuX#Vc2kbfJiihC3x zQ_ms*9TlB|D?Fp~iW*>ATGTztmll07@eynegXtA3Y`WjgyC2PJN7A1_%Zd1yX$>mz z2u~c`+XVYT3C}_Lu~0)s@)b`6gy6l|SA6;&^xo$M4RdhZe5;isV;*PaokWFC`kF~K zNBjA`3M+kACsX+Hd-WhP#rH&PJPGt?0DSJ5}TPo zwE*v0EZ*CH<{|3yd=J&<>$96vX=KaLN{R*U??FqiiFpKEr$Kdig>8ASz6qPxccB~m zgeMS$$0UM(W@G4@Lk2JjlEeHEU3DXZl?NVaZTanv_1MsuirX2*&?_6)v7@)U>0wEGh#H`MiN8N++9 zS8Pgy8KRQ0_h%PTH*gq6$fI;09FWq%kkv5hZx65}C&+1pAuZcd(4zrZ(aS+MMmt`8z0v_%W< zc>2nBl)U;wfG)}tH>mX}a-I$?d5o_4n)DNg&~#(-#T~S^wuai{qdIfqG&}0ehCe41 zE6>~^KLLJ>m4;nJ6&l-)fFW_50P=v2d(~#mNvhB=4LQs!q$~3?Rv_;_kh;1u5B#J2 zfox^|a(~1XnGzk6fPvc-2XV}NVaf|^9>}+EHLrm-d+NIPJZl!yKb~r~FwvlrZa`Xo z%*DVy{K99n^y%={u_Sh7Ja-38WuG*YIJ$(cZU$5CQk_1c2e|Tw0@>_FyHr~B= z!!M)7jDM*IWz3V3aVCQOBc57u*_UJb#I2=c0c!BI{dtzJT#TN0cU4AyG6II5_3|v@ zN-7ygKv7YrAddECbiAn<2UTE{C^Z3In9M-acc~*Y;B@f;;|Jp~DITIn#^E4zei56k zAtD+^X|R85A*EH(wb(@RrX8?|*+Gbg($3&#$L3$8||Vc26yW4{cd3>oSnR5|o=rAyQte1pmT>QX4iM`X#W}$y z0~k&sxU!?Th!U}L=LZ;<`#m4S=bY&$&fi)sOnUWj1P0ops1(6J6T) z;H%!#rh2u$?lHU1QYgi@@X|{ZZE=PR@e$vO1fg#kgi% zesIpvuVQR)1;1wz@U-im6DD$*U(DGiG??>mhq}l9SWA+$yx)_tKOnJ=NkWD9V4NtT z8rj{)L*f$ZIfD9zQLfkY?vtV)#}|i~Uzhik1k+LFX6m$79v(~V-@Fizlvn2AnmD>w zE~~b1@99mi8V6!1gBUte(1Bb1vv5guinJk*8yu5dOVG14i%Cf)+QIJ2lO!|mx7f@F zdI>3S3vH_4Ff!lzeBDW|RuN2=eC+r8DK!RI2nfQ40AWN?29f1a);^Yxn}4V%CwmOk z(U+k?ABELbBLr9qCY}0U@Al5Z=nYyOmqbs9R&h@ z8OPc{A=s85)*LbDBqUNp{Z7Tuw5(O_jQzaTB*H?d-vjZwgWXHxk&!$^_Kh)5qjyBn6^BsM9I*x!~@!{P#rmV=|QE?XuAPh_rkpOc%r;3JnH1 z6UoZCP=h;#rBR>HLEYlbM5XEQQc+Qn0X3Fr#z3N><^6FN{Q8aK&*x{=A*WnhQir+7 zREt1W&AvvZ@+&1zPA4rCp-pt43)0;zg1?@wk;c5%X}l~lAFgY=@n zrN~^^J+T>~qjPgShV22H`MYGg_tip6Phy3gC%9E-eZGw_m$RKgdnnou76}ilzud>v ztZAL5Z6~Ed1Rbpwd(EB@@&qsn0&GV)Ao`8L7!rn~(IPRY#ykOyP-KLL)vJdbjRDbXbTRs5`(0{sa&F*@iLuw^ zGt?s2>XY`sI7Ph=SJ}D;FtGEZ>T|)d8!>tB0twyQb}4VmX9sPm{soE^hqY0M;80vl z?xT#2b(@%)N)tvk{dn{^_vKt5c;p zM&>a+xmUYS$1@z*4T|iFKuUd6fA`3Xr!Q8J*+l+&%$kS~sU8R{L84^Qr zG#a3-QzGp&89bX&dXAB{AqTG*FI@$}_4jo9Y@HM+5Zw2rV@#do&0n zdgAD%z&UY&h`W~1)ERtwWRFZ&0gN~8wZr3I9sX^C3dE$LX4HqMjq4#D4%4~Vd4mer6%kTNSe1hWfVt< znRNuyClbHi$2=r0%!^)wT+_<-d7;#H{SpO&3NPRqS|9rhXZ7Frt5czQ$=TTqe?J0E z6hQwDSOtIh6+Ap}Otg-|A0!T-MHe6ccU=jav}mKvH7wh2LLsnwK3jLR2Rj6|>VB&n z{I8eZK))1?_x>f&AYt8czwJ6MB4C38B+!#Yqu_s;>1bVq-@DnxSmyq9`M98E{Pz1m zKQ8Ez2Ih7EK|~9_UuXk?8~&gFe^mhjycbqiSJ5_G|DP`bv>UX?$Zx{Mh1FXMk-9w;EtsE>S@o^I})M4?di0v_Rp&%3)7)(3&WJTScI0xGNZ!$-U8 zF|Yt*^xN})Pt>1jicJCOKnZdv7b)TW1^RLt#Ep@Rj~HcvXxH4_+}k}62?_H_`F%Gc z2Ypum_vjAgg9U=8Grea0DmqN;5`&MgZ+ag#V*YcJ;iYualhBffj$_X%&0nVc+m(Cq zG@+*sJq5O;XgbloUu{&B(9MITctVx_H*eHQ5c4S`-$#`hpPZw`G=58L{Lg6xUkrK= zz-DBmtz>GNnT!1B_L4^eY7Ml||8jf&VZ5Nf=?ypfsjX2$%=%86cQc!qm{g=1NH*@KhvBajfZOb`l7Yo{wfnAJw=9Y$gDkofC+XWp!ESw^0}BF^Z@@JXjHz!g?P&0)`~U=siZDl&2?$mW&^(}35$t=Qz`k$lZM7d zuGo^2l7FAAd@lxs^j3et|M*g1_ezY=$ExGOH@W2E(JtvW+XSMU{d0z`egL$tBm>Bm z{GVY0OYQHQqsS4FZ1Uu5ig<=izuJ#6vjs!Wf+W~vWpniGm%Ft#Zy!r9W$?DFv=qGp{s@`;bFU}@*YIaUlPEYhH?)KwY;~-caGX^BeOCT^ zEu!*zT3TAsIz2!$>JpLmvGsC)V%NLCgM|mcWYD}N`Tx2kln&&lsOO>*GXXI%aTRez z__z~2J-yc=h!6ko5jW+6y|OI_r(6`AX|SuI3rPAxM0K>a`N5Exy0`fP`8-h4od;$P z%iOItwJ0FeEKT_wXu9TW`1?09bX}0G{@sTD4kQqifG_q^S+;`b?X`AKiB3U6Dt^5c zV2fC|hQeM1P`|xDABJ18*FRa``;n5zVNpptn|iyIV%$jJtS*1OyV$iyMR>3aed2(5vOY zD@R1>mX1y>mmLT&C(57OU7wzsnwp;Guq6ThEUUgxl^LI&fc5Gv&4J3-1^yOQz9gni z9@ZON73MD|?nVLEA8!|qd?cv8-2^T^|4P+B5Jc?2Hr0ttOv%%;md??^A%SIOh2q3X z605;+j2!_f(Q|0857+av@9o!r~RKRyl-&b)c`})htOljlz8vV`@XdS1oPX(6mw{PFlM1Ocr zPGc$x!~h?g;WPn7OTedHuL>~G({pa8`lMjl{ciOo$8&euOG-M>C*$yZ0Xy$6O0V8# z2Re!Bew6?!%LuESuq-fEc3`I&4AAcZw!Y}a@b3fQ1q|9u>Q&}Qy|5(ccJM@-x63(- z6nLDUUIlx(huu+KJ{v#|<~I~>;ctuM;i4y9Urjr5S65ZFlnTdhxCx9h`Z%MBzc}>% zE_)cN-xeB1{9P!JSmeRDJh!s2#Fe07FRa)@Y+n_81bu?4Dr>Fa0hMefjV!-)A;$Z} zH^wEmE35td{R`|GEJ%wp8EQ{XR0g-eL6;S00<|+IX#N7|UduheIKW8@B;^yCr_$9$ zMcCVvqZ9|TG--u3&CRyEYvaDYz6Lr39~wJX)7~B30Mcvm=8wHI^GjysA>{^@f`*Rh zksyHnC2{`Uf%B1Bpy5`vjjM+FShgdVgd;tXU}I(p?`$`N!DMn~XIHBH(R}~2G}T_b zd4g(Zm@D$RaBp`M;jkG@m-H%b@y+zbtamE>D>)SAj}RqjPga z>B1=HVx@wyxrFkdWZbKL{hB>ko(+Y32pcNFvr){DxgUN0k`)Crd!7>!VuYXj0h~PO zY6h(n9J3sz%O{zNZgM2Jh7$MtPOYQV#2w;D|ED*pNQvzh4@ZX`Wj<0lOU787`^9bs zfET2{Qhi{KgRQNv3n&gX;ie0<6;&F(HZ%D#F(hB3aO>8S!T>J<)s!rin^nd-I*C|9 z-WF=Sn9{*cf2-{0(9th-FR`Qq9>Q zLaxV2<>sAXr@K&R~468S(L9&~tO$<@^rI6Ph_3I6gV1f3yXgfJ)qpiDRIg!XUy=THLAeFgAS zp(FM6-SsLgEln>fD=h?;Aj^-n!pIL;4Z76<&ZC8i0KIcc@hra{Gbq!$Y(s^tKy>@( zL(yVyfA>I8Jg0$T3|T#i>U`&XZ`j8}C3A34Em(>Tg%=0YzkBy^cb7O#-$0PfNKsJ{ zY%E>j?I)UPDS>n=)#&;Cy^FIu#@(_z-W_d{>xT6H&J)G+wG* zqRxHxw8)nJiOgG>dW_hTX>FNg#`~*VYIk?2c_(oKM&8RsrBDkG(VV{#b>VXTX!!^d zJwpPW^iAcdihWzv>pLFU@MVr|H}ef?VL0JpUZi(2e|3d?jm@5!43kBfiSxV0L)!*w ztw#|zRZbq}3@=0(w%pZPHhYxh`!jrywwW78`s-IGlN<$=3F}Cw-TO{^RCjI<@%?&P zI`dP|harbM)%LFPa`1x#C(7UaiG#WnfvLkU&e2*EebXhi?5qOL?nr^t!Zl^@`=kkh>!^%!v#Xu^E%l|6kp=oM zYloakv-BJe_AeElFvM29u9dqM3 z@cU>-2EsWx^P@@|5=8bNkt0~cU?!%i*h5FVAP!kK292?Aabja*Ig}v>uYUxwJjVd5 z?qX391%n_}31PLaT${;!<5qtcU;yxRhRQZ){Q#~x-;^Lzn^;L85`5IhaE~ZP>dB3H zExCNWL5^K#ERL*^x<(~Y$LN~9h*|8tcq+bfOb*AntG?fus2;C#5OO(lQ@tY{I$}Q4M5MP5%dlWt?{f{}ew{z13oTN{}iCfdGrrvXTa!w>iC{w$m%-eYGsb?`X zl1g@!Po@^U(hQ?C()7RzZ+an2lO2wQclFaIS#-G%f(>V|kWdNYc%Q(UR0gxg z>FAS|hGCR=T@0+w|1|k)xH9|tHJRdrLauAi^SwzYLTR}8tQUISZIqG#E6ZaNyv+8L z=n5(U;_YPZJ4_0iFpD*xd#zgSw=l@diFPECAy{=@%n*2b(4O2j;Ksycx@m6=Agb^S zC%?bD*j7Er?-qV>@?XZPm&CXXYU|jn0rwYUu2n=>k%1ClDhxbUb=BVfLv0j%QW8nj z$mf?oy|0;za^dOg$S}M5QGNW{&&Mu4aT%Qd645G2DZ+BiBO}`yqw63ktWC ztZfOq;(X`smQ@LR!@8s@7$og$5Gq;o^16+0%*B~w_4;44r25*CaXD9i=we2xtn2kR zQQn%|iK5w!A2HF^d8n!YO>A4Y-)Y{_`W&f*r0tt0`0%tV2(Q`bz4p_hb^8EqB_|pi z(R^fg_hAalou9KZ%0B>I{4mxB{>DdhL8^cOmuO@O-Zme|>k&oHg9K@-fe>H10>ibS zMiGdDxp^B!>E&02<9hRYV@qJK+VN@|PT#(H?r4dWNi*+`lap~n`{+T|82rDH>kPU zdiz%h@4SOsY@sN^?qv@J1HPq0eB5QT91I<-y=_T7-vOeq6S4G`miIR&Ev9ro6~Dr7 z=l>EKw=Tnu>UV{PDP8xnG>ToqDgq_=k4LL07)CAG2YWWoJZ#n}bO4b8Gwg^PVwvu0!{H8pb%<1MN1)Oh);mp_QW z>}y%);~tG@AF++xyATdOXkJWO{RatAALqD=P>C*XLz6;v+#e?g&1+bbs#nDXXmylG z3h;&w9h{zhUFx#~w=##mm5rF61thc+H5G#*&Uz#jIp}oe;%qGPb_djqx&Is+U4BtfZ=k9+mPa?p_Cv`Hs?1{8E=x&aTHGB<6Y#PvoM%Pl znvq9fZQdCq(LNBb=#k2U8_m)0>a5x6PG?u|%C`B%lo8^uzIZS*rW~f%>|g3bpjEQ| z(;VoCcq8<63HNeil=!>v*OXPwT(b`(H8iowaDCWrUh*tmvP;JjE7-&I^d;vfxkp6r z3#SC%|N3Te&=ltjO2I@X?y*@sis1C!;IJ_>sb%li+=HXUwZFIC&qsPxGQK|e)H>+Wvc!wvXk3I0M;;WCYM!P^rMc zDG~XBf@R?pN_Z{zHyOIQxuxvA6$IXQie|b*LJCxi_bCiRjAw~6(;xjnx?=Ohxbls= zz5224>n5xk_bMuRJA7SekQ#M-I=N*Hc+Lc8B0|hDKi6Wf-dN|5JoS z^IB8+(A=PIK`)KlVgxKmxKLY(AV&e2^ai^`w8BMXo=Ka=QWhK0L{JQ+j@>2jREOKo z9nmmA7l63zMacx6!N6~ikO@Z>830FeIYPiKJ0#P_Qh>=p)zs7m2M1?9etdF6Utj;g z(ht@O5A#a_YM;J_?z61aGF8G#`u*w%o?Fd7u=+mv+1Jr4Npy-;Cczo= zk#sj82YBMLghpAzjy3#y94x5*mfbNh0Wz6)AtEd0vrjRM8-xF;Qi*`z)3?%}+D{0# zqkE>o`Kh5%jTLiW3P=!uYjk#Y_D}(yjVYPcrK$NK-`OTl;JEth{Q7bt@O^#50aTXv zTevlo?U-mlQ5Pg;D=npC#*SlTx)~+wtXccv-Fa){6i)9k>$Rb9TWJ%u)zQ2snOp{k z1wpr>8g@USm~^0Ft}h_t6P*K5JKuDwe|EucUU4in&Rh)a3NmvHO#HyUtNDbSF4%h6 zu(rOY?)54b?kp-UjoG`yTi7@#1ZpkOA9=D`5cYX2(3wYH>h~1Bjv~$fW^aAB=y@Cx z@emaECbAmeVQDOw$*wfdcMZ%cQc5YsJBG7wQ;}ysrLjv?zu0OK_EFo7nj3xFA=v;JIU$ZS@e z@XlnLK5E;qP!KCiMt!ZkatAufdi+s(n=hsuezM}KXZB6%#oY;?H*5S(1H?IXup|yVh%KPd>PN4dOrq@2YcbMm5mg(ZkI)gR^F9QvY z*zH?Aa!jApXm381+)eooF8*!qwO)FYWF^AEg$1YI$B9n5jLPqIQ=IKY3T2K;6-cdk^ZKbFSU+K^*#j^2#PIOV zMZq=Cb$s8Eenx~SbZqjXK-k>&3)^+ttMti3<_}c}(O7=#t_cpzLx$%Y^?aJpEq78m z931qi%%L%iW^hY_!#>%f^CytYfIooEZh|K84)ddo8r_~2>d;Df*=#tKe5BL+7o z68|}Hy%JfKkO~T+{^~DiB)XXJvg1Nu@-1AZh|ez1tvnVm8yj1yqlW2`eX}}}yssU(^ZBMg zy^E!1!u4j0Dq(3Ui8wL(evhIPj>1>?RS}_U?11G{`cz0F9`;_?OrE#Ax1`~_8Uc{o zHYltx`hBZ-_gT!>lRbKP%#vr1XtKBTBhEd5G?Y9$&qd~k&JH0U3InxE{0w%@EcjGz zUS3y2*sU6qN;EerOXhydbO6Yzy@Ei)W1~%8;%{D5hT%2j889eG3e}`Sg>Ij53Ia#-Bt#Vp}^M)nyzYHXO`R$jF*E;q4xLoI(aooRN6E4TovG zqFAm2|At?L69;==53}u6po-odBSgU2#mK!KoAHRMxBX|s2Qeyh77kBH&RzkhHLUdd ze=F0_M63%${{H>8gv&}2O`=Av0Rr9Z1Ox;CZhe4!0AaZyeJ~#}cy%LbfU{F*Il$ij ztMCI`#3){VxI7_Ks1%Fal7m2~{d1=CCP~kE5xKYIDs2iD!B{*II+IW91gRJHM-Hz= z>Rd~0c|n0-ie}G`UIV-ekDP%K`6(6`yZQtPmSFGAnkC=|m$9GxO=|7syrg<&nJ2cl zeYxSSB>r5ySt-fy$%m9(Pv=`2=!%&YEayh$#)mzj@XW#3ae5dJr%KA}VmSywN-9*pnf0OD=B-hS7n(%&u}`?Hy7(-V|EWfvug0FYMe<}u`{gmQg(uu9c@&dMKi4aFy;-hyxbN;JauaA$kZVsD}0HrH+M1%p1#8VTF?n> z=6qzM9!Yg|<BVCd$R zE7DLeYcgFZBFb#RQXLeAOMJK@;IPNG#liOs?_A!LApzy5c%+li{*8^ zX>qogUA%7&M)D^`qWPAmz5F*URhVtZ_J1s~JnqIBeyK~d4LO6Z(aO}7%+Pm!O9@(S z1yURX4`r-=@puW}jmot8SiKVQ%E4JOG5=Yx1#^?ZRsZBghSP174S!;r#90-mmt@!F zcU&&XqQ|6jzgpW{a|Al@JUoB#fc8q#7FKj3QzlQu^}#cP>SF= zRW$C%>`nvZ-NweYW!>=G=Dgosf6T7Y?Vk;T?3-!)80i^q13F8LHykOFmZz{OT4xIc z>>u2s7CK4tkxK|U#GNzB=uW^J{IqUv91*(~K>2ouDtU~Y*pMZfFis`zb;8*P{SUWk ztpuSdAH0O4t57fjt&O}0gv5Hf9zHI&K||q5#_#AD-82sHFR+o8Aiv8&6#EVy=p13i zM?d-bN?D`rrC@D{Q2jImPD!+DQPszxQf-N)!tctY6s#kHVQ;oLmTSVbBD#|zX>qer zh#&%}?Cpq6$e*$&sJx*eOqD-CF5u3vMxG#aCB|gUX&g`IU^L5;zAS{xLox+ zQ{K9$$h&M|IN_G{8+1yZT&T?#kqZn&_f_nbcuYY5slu2kL8yyvP!$0^8OQRe> z4LS!PMEU5Kp~J-A-wo0P0_~nBT!z2@k-(i!i~x%5PeIWpjoY$a`uQ9+XmSg(qT)8{Y*qp|+ka>SV5F7Y z@{xeU(F!fjtExe>zR=Dc0>>~u6WkU}B;y!A)N!yVWCoNlRY zb(1a85c@|93td0uYz;pv&hEM&QaD;M`%2~e;|eA>=e;#Oeeuch(^0$-|J9uHd-a#! zo&P$Cwr~DYOo^Zq_n24XkKoeNEG;Q%ns(ke>uWm$cvjJ-b9GxvnQs6P8u<1uijeB2 zVM8lu`Z(F@ynH1scC%fKSkLmsHmrWcMAB}QX$l0n4`f14Hv7_lyk?1)h86606Y_cR z0*uI{^3UV_C&t0m>8Z1Q6AaujeTAa%5fvWFkfO@_yx-eGhS$&X{Y~$)vupLPwKiPW z4jz71p$NHaZg?E+xzD)m+(_cb7@FaC)?R((quUn%tj$jP$GG<)4NP7Jz-v%>k z6xs37DxQ`ab@2W9J2xDm-4dY2ZV__o>lg%Fi}fpCeZ%KPK9S``IXF6wo`vj=8v^C! z*7LLDHeNxG^6F~YF=qfXQuq7Ld-NeBrKG&46f;JyKf6N-V8a1WuZ+2-{#~F)2bf4O z-~5kJ3P^b9p`M@b??09Df9sVJg@@RACV@(betm|YvF5KVmga9hys;d!%i8f{1>Dl; z)2(-BY#m-2?DsI4YIlpj@u%>-yAI9EyLRX+B_#2dP2+C)ClXhvjzIxlK&0$1_m(V^ zzQj2=K9srC7g)qfIKD3g_re&of$`}SaB2mwSt!Ix#B#J@9}*Pni0&oG@p8(?@1f@ zriB6R#*Gx4|G+JOZ$hP&TS1n&0iF35aSO1>_rg0 zHw40VlbO@~a6OX)46y8B(OKXuMO|{ejQ?vEAx6F|$Tl0-()yv+miBkq0iH^qLOUYq z6AMRo8bI3wsYoz~kfuLeP%qLt-L@YnGw5X(VPFm9=Hb0nalSz;&O&r|f@CuBAwO(| zmXrR1@WT~RJ4$MNfn)C_eRhRzA@ZJKDA|K!<%r-nL~csr&KH5@BMI82*`EI(zCK0LC=KxBjDZVC*UJ?a7WG=? zvU6pX*XC@}cfFc-Z^MkG)d^9X1oHfMz6loGfPIC7^G_dj2CVbD2W62f41+h->q zzH52dpzXt(`|@|Zj&q!aOwFX8{f_J=Cp9v45x3gfXrq5>_e0H`=S1ki@#R;y@>&J` zHTAqQG2~&mT9Tg!?bwcGBo#)nixLi!rsv$WD4qK?47~eeZsxO>S3@p;@Gouk#ypN2 z!820(+8Hrz*;2|u?r2r5$`)_!aN$bdobKP*w(&oU`(eZ$9&eQPASdI6EVDpUMp|a{h+OfaeP1|t)6z{X_bBYFrq!sp_ zuA2oEdnJG(X#ko&6J5CE60L}*#^*jV!v&sH!n)2lrswYN?mZDrx*h<^JhE?@+j560 zlb3Q+%7(>HT*n4n5e3@&dl7`USx@%6IeP8esb?m%CnT^5vbZhB3Y=y=(rteOS*7+? zw1zC_%SMkf)|FB-u=xH_pPD)kq*6Z~KJhrVLNayAn26X5p}~lH0exV>z++;ta=p5@fgrpstcP7i_S+X?{Sge?* z6QI5N7|k{Lsn^e?#nZBU7>{nS1i_4T=YY!>ZeeLTcB19&UC&#Pmv?Bv>$v*tpyX8% zK!7yhpdr3CYmC==vdm(H*%JdCE%di4)yjpmvDor*LZ;C69!y$lg)F3Nb*$DoHsflO zW!!N3el9(%AdLU(f@+beY>T5E^3)n1wOQSLdrZo7Y_Zy+PU~Ph=B(EkqS}P3n?gaN zMO*ZuI7fn-<6H31_{0{n{IS!gF0GW!P3C6fvRo6}(2u#bBK)Bi7U-}{ZP$TI(y=7b zl4ow&7Wo(1Df()mn&A_OZmi3;{#7eX70X$20SdzOREF>G*nIKa#8Y_2FhSkGtgcn*10v!(8W zpc5~r%6x?p$3a;nTqcCkih4PlCM$hX~ulK!i z%~hZ;cuA^*GB?z3u*7~bHQLwcwC!X$K4$Bzeco(m{i)t0i)3TEGA|>erB;T_c5NfF z{Y0je;rDu3TtD0uI`Y9LITx`w<1$A)t|Zxr7SVjh=DNTJW30t=9GSRJ^cl&NNs6Y; zjXk>wh(SxewEX*~)aVMmYQh7ofK11GAw?0Id+`-W6 zpxs+@CS|2!9nRv$6*LTc5a!&mW|bbsI9n{9!l!Yp6s(%zp;KTSe;^hRy?p?a&!Ic4Zo6D>Q|3BNP+9 zi^Pz9v&lJp>WZ0POSd^;P^aL#yja;uIehEy8I;BT%x_-kgL<36GEwC}@wSq-&c7R^ z$4R9y7^Jbx;Qfn!^r+xl-^Fs$&jahCX%uAkhP@x$-rEiG#zfRb{OKguaTMU1*l?DV z;5uLvNwbp*TrqH4X?k)kJhXUCu;grN&FLcNvT zEa|OlU2!zcn9o5k-wFd&=M#%@ob$mAiuPQwpZ%g&wP$|C`076}ziV#XPrTY-cWQn4 zErb5gL~#a1hWldc4O%50yP0&7Lg88H4omS}3y!)&GJ^+EYBIt*l$_jQcdII~SEDnf z#$yWaVKe#rO&f~AI2$!H5fTNyWHo3RL&FS7TZUO=hG!AJAO{EOmecyY;mD>hqqzp& zHm=7POj}U@Xz6~659;)kk8rZaOncsA&N2kFY}{y94x)mJqA7&bjEK1Rd_&;7rEqd0 z4v}V%D2fU&;gXMC$2*SBpypC`)psi~dq&rYqu_6v`nk;}@RV&C1J?I19t!a@<;Z&_{RyMrVx{>M?twc zxy|^<#)s4@rnomr9{AFd>$ zU{i?6VPNztukPL@d%%|b_)D%VMKJu^y-_6)>c%PYHVAwb!Suf^PxI98cjw@23xeFw zQ7pKX<$?|RsC(QVMg_xephvIbJ`XN^P7Dh_xVnQRyx>+~bcMTn@%Pdqn&rsjD)*#V zrHr)ClgGBgaN$CUr~RpcW;i!~20xZ+m2Gg1{=utY8?QgT90LESU!-c@_FzQ7NDp;S zAEirmz?NF<>9#xk8Mt#jrr``A%Rl&|$4hH}- z-Yka6z{rR(9R=*I&ywE4sJ5*Won$-^8|LTdOG4wi>-%QzFS2}(OdO)G*WyUAYR{re zDLL+%Um#gDjhy~7aM;&sfMrB)vpGvf4|`2Jrn}s!n1R1guTJ&~ESO7um3lj>NGXck z*Lz+OBBA1{=3uGiM0gxJi$Kj{nMB01;wqZfCa&s$3O2& zTJOrGEJ~AaQ`_NilD6^25iv*Gjt1A`(NhQw4czwV3FrH=heS(Bm6wJd!QaBtA#qAY zdd=*vZZ`xT)h2bi7>-r?t$V?ooidAS5JhNaYAyIJ9nzVeR*C}9ImwEmaF7!-m zDen*QZ<8G5fKsj?oR#<6-c9!k)Dub&BH;gsXMA-=L%soWk}3fY%(|ZCL)4!tIKRe& z*vpY1T|eMx&+7xaBIYb2zxA=6d7*KJJ%kY2vPLO8JUhi{^%1yb<~_q!N59dbsxI4Z zQ2(?4wqU~noJRlVvyuDUI9lsZlJ)w$oVGqBqj}OGbt~v?!@rw4!PikAMM-MFbcjq} zR98iEnPN1V%#usGi=s`!?Yt5fOeUce&f6L^8NGq6-n>qXz4efcxej9KSgFvCtL}>Ku8Ez?SgWMFlNGW!cROX zu?KLRrwp_=E7sE2DHAB|^@l7&5%@827XX^#nm2z@`j4d#<_w@?F= zcQ+X~PAsdLGa-(8clf|6*N(j;m(dmLzU#vCkyj*a1GKf&*KeYU--Bn7MX3-^cUSRfURs*6MwU|KgkNJJX^VXF0IC+zioCDMGq3`qEaolS6`+uMgBpNLv;Nk39V zgVn>wU|IRkEZn|{YyxZE00PLk6AK&>_b3saBtR(+malTdi(kG1-fVWoe}1bRfF6t{A}Bal_9C<7 zeLLNnZ1u_XN?0!OH;10r3^|h0{+8F|l@FYzvnS$Z&Ew0bApy0n?RI9_kupHXR%pDK zQNkPGez-t$NzjQv`TCE$%a%5sq(Tl-scJubYxS+hWt4>Oj#w-*J?4+7w4IAc#7c*_ zepiWV%sqFy341FR`w8=zm|qDd?2!x!GIL|=l`7wpa)g0zsfqJn+`wVJRr#}M$!%6sL$+HsX^`RHBQXyZOMze8=6b*wz{$K=P_s=& zGWg?%LESwBRyU>?4V=2@ODf)DJNw4&(c$6F__sXZMCDCawt*vLR)P%^Az|551mhDY zM#hw}z8Y`?RM!@O*Lysuctx4^ZJNcEP_8=J!B(%&N?A&Qr)%Qd+dz99A z9wp+&k&py~-kDeT%Vw#RK<;4k>*m=VB(z2jfDKld!(&OWMmEpBVN?1X`h|}$>4-92 zKc|Of1lPW_HNU^yd7-s2^L|ddN)U;FtDyuI@9Q6_X@~^ocbqwIF5RxpfS+x=ebONp zX!$#3Urqn;DYUL7I7vPFZTWzoNXK}{wk^yOz2ZNvBTSO$p1XIRxGu z1b=1s`tAp`=8QU#-shq;h`r!a#Jv5e1fkX_<)^tNa6-NP=rtZYmNZ-6h`%@}LSZ|n z4!WV+NSZAH&33OjObdS71E+_jk*-kl#V&m_q63*#G_k26?2SE0#hgBpCW<7jBSQf{ zC@eZg3;Kacd#el?di%yBv26i$*g{!gU?9*DR_hVR=k75x4_g|(3IioE0H^tqNof+m z-s;$5{%#FT&09){6dOEbC81F5lV`Dz5evKg|3@)O6D*VgO_9$5%H7qQl)g>{`HQ-2 zz(n8k_hWNJYL^nS$nISd(F%e;*jW7|6oc+9 zhmWlg%|>LMCjKP^A3NIf__u)gc1Sj2i5FNKE$eZ{9K~R1vaUS_gCe|Qu;`p?t%r>J zZO}cE|H1z1;&;c^`+H_wp+fkw1Iv?oA})X$_R>(ha18ebcc)zeW;8eC4Bm(2A0A&r z@_2vO;z-Zxr*GkzN!VR#PxP@+jamcK(_uw;FMQ2yZPgon%iAB{jm2fVX}+K}_z_`% zkjKXITdvFAVkg|5?q`QF)@bUoM66b1nw6d{I{ieKqgHk)2k8iQg~wK1+r4m~wNZf2j?v;b!>H4FoYt z6j z!JN^uf3E-W%Oi#q(<^m!IuFPXzl9G2a5O{U>}e=`c>d?8DuE)56U`hHqgZv9+b0@{A3z_4EnA+c%uB-h!p>kDQ&WDO^SnCZH@=X#4Tgld%A zihX)Res_1F1$ZwcO5F}j1dKt5vF|w*HMPoyG-V(U_GZme#1k-fS)+Sqnx!BwW1e0R zn};qBP?qeTjqwd}cVOmI&)b(i%^|QH;!_<(1M^O4__qo?MRwZP{GR2bekLraP22O`4#Ba2x6=78$;GP z6$Xq(xiICqTUb@gudhl^v5;|P%awIxO#D{Xm4y>D_Unl*hqn6k-?fIEg~q@9*>bk` z0|58~1&J^}%>s-Z4O;u)oeLJ46(%X@tAj?-_|^S} zH<}HJACC?5;7*UraQv{5%lUs8xU!uuEi>0vtGe~e4W9F~s2c6RXA7l@;$YdAdUAPx zfM(kZ?PfVgKfwQxH)zSpWCma7xReT+O2AWuxk0^D8Ro{0dL=J!r9w=KdJm9eqt&;j zy(29oWBGLAiey!|{MkJTTmgwos#fS(aCiC(!(>$W!Nl#>*!)pPX` zdpr+=cRe9{3N2{C`dSNXYIn*ReIO8cz1N{YbSty^y`J3`m7+O}*A?S;%bg3S!x?0< zJ_tiKe%q)@C9&IEiY}*XBM%diR?vP?^}t>E2M?oXrh`I&vy2T34VaJ&9AcM2fXOeA zy;y*T0{KRFr6gqpOgd!P$}sRrYGc8o=Nhv?+wAQC(zC@MKF@vYVGX}qwB8Nrn}?~% za~FSpTP^{oOfCiWHdCepSz@kDREPaC^dpxsfzV)e+H45iDCh|hm~!yx>sBiXAH@lx zqxo*gcH84z+JE0Sy8j%wcx1j$xuro0JwRp+k3aM}qYmY|#Lz^|<$IFJ}M)t=br`$uFwjLs1eSB)ZQ9E7R5AsDX(H zwvK3>a=>cv^EmB0f3mDhlBiG4WdA0{ppNTn*5}hzgdz@~Q7^r0wiWcHBMlwBqC$7h z$Gn{)6YJuLP`+wOWpaq$w-WU(Y&OVw?gzuCgK!@|q~S|$rF?*b&pY=|9p;bOr5y+A z`+bRdAO`7o46h0P=A5hftR|)6>Ukp<^$qZ@r^%a+d8~& zHi@>+P`52+xmpOK=l$KR?Udiv62Zz)P)YQ=u2iD&b3{xt*b5FPqC!LSE0tSp-dLS0 z00{fA7J!|><{ z5dD$JerEp>XRjewl!S@NffU*Jll+L$Ijb*7;~zNf&@9hb!gC`VPaLYcPvQ8z+G^Tu zWl1jf2kq)q)(vD?dqv9=uYqjPk?_F{?QcIpBLVeds-U@?ivwD3cl1J)mBtQB+BL@n zgN>NaR++t+K&>12y}bW!(-a+76-14MGSyj)f)=K`n31xb%94d+u77O*?9hk~6*k+Q ze_l0Br=IQo(UfH!!$%&ITj0>+0Cy$-N``h64|QSFF!npovePF9tBH^0XZe>|szUovpQ-ck{T zM~??<3`@Mw_AYyl9I*-2yQ3Ky_9~)wgkq$M<1H-OO5XV+Q&pm_%9~6H2o}Hcyu+Ld ztay7;tX%+n=}Ei6+Ljs_tTcy@WMF!CLcVZT28ITzEW#1h()J0wEfGiRdTz*z7%-Wi zB0WxiIAd-9tmVp*F2IxqzX7;XFbmG@_}&U?kf=@jarYC+rF^V6nfXOJCU9QyMVr2N zzAd5k%p~CNBt*GBJG=gK^^l^vf*l3Bv52%*L3(gcV!l)oi~+L~q>=CXr@SK#8+Zp~`0ds@FJ9aWr}y~9 znGVV6_o1@=eZSUranR9S)d3r6rkM6(%R)NP<}X3`u5@a|V`b@4xb~>TbK6rRB96^( z!+iM~FJH@H(e@0ViXbG;Y#&r=RuuAgc6wC(DAV%)z{jM3kQj2`N8a6I5Wgo*j*^Ni%d{7h(>9!5ET5nC z`ThFN38lp^iHm}OAX?ej`Onhs2!*`3Mh4bUqR0DB+InpQ!jz(eN(A=f$UPI?JT9j{ z+5Mb)8{sJ7IG)Qr$p6XZ#2U0a8ayHnF^H1FJB=uTy9fz}^p>wbs_nUC!=x*cK7NZ& zXQzi5@&tiv8P`Z$I*&3PSbx}wOdEF-NytOLJdCD)GFgRM0eYBcSHk1 zl3?xsAtc}0^34Euap*3@h*6#m1=)xFIJ6t`ngH8*lPU;{wyvDA?G8*l_>Fv$EZ}%3idI|6<2n8xNNzeQSlNgU! z`t<#_oPO;qSr`(By&*|qiPe}+xe31HGIsW9oxhT9=^XF}*AADmq%c(HBb1mu^;;aV z&jrL{SWsR}*I**|Z{orRtq^4e*l~2}ZcGV5EeZ(d_FKu7d^16e&uaLaN}~&cBvz7* zAU#+oUNCf_FL;Vyi)em=74ehEmdiCn=AfZvj6qsQms<-jqu`0L@uTLQv>{Y)K{Wfu zvg+5IbV%!flqM?i1bZ7$PRLza47H=bS(xkK6`UAxa&3L|L0s?w1h zxpbF+ zcx36>^>g&$*`0jZ(n`rurMv)0OU~T%82y3EP;(BIFo_yxL#iMH;@LB}dDN6u1Kv{X&MOv|Z zn@tutFH96tQb)A&UBzKg3H2|z7-T??7QIF}mA;*XXNO6cbghYyF}UDai+LXWr0lhn zeEdHUCXS})KMC-_g09K?F3NAddUgZ!$yen_P}LVxAlo7S%#73Gp0w7LJszAJ6g|)f z70Ee1|Ce(E)r;U8^dsfQL$Mz`*E)hS(3tR0%govuX~D}9|J=~f5V#Ra?R9l&_fuzL zh}%WOelVj2YWJ6F#6o9l@1IB{->O`Vgj2boQz1-N1GOyiob(GyX$1mew_ny^Q_c{v ze|AZS@VgD-|Ehc30?i9=vD?!Y;SZ~*-VgnFCd>*duzc+zx0_h9?3E=$L*NEeDE~1= zj!0uyKHGszl1Xhz*a|*NO*5!}?R&hF1AmBuod0Zhb~-qqoN=nJuVqN6?IuOOC{=4! z&b}4Be)dxm3U=(6%meo&XVIn~a&ww$%loii4E-I>m&31_Is+NPqgx+ISM$C3Y-fT_ zN2u{Xzbk9vh;)fuCS*46+Dj{#ik`C<;p+2`^lX$6QwyAPof` zgj4zjmw}A3?!Q6?{QGLkxDd>n_SF8b8J-V;XP66WawHKGqpV`tH#@I_SARPFxaXdzwb)D8NHMe)zOs$E6U;~jf~9ek$=$#x#l`Cxi)ZY zX>|Gm6k%Pl! zPb{tj#<0gmORj!q_PYsABTXFIjWh}Z%tkhvG06htI(e94dv|&H>A|)7ZH7hk+;vX+-**K-pD()JjLrNGkbM4CBzfNwv|aqiO;jd% z4b|yZzX5l?|A9dN<}v?O=Ky<=I8NWNH5BK`_9|sPoSAM|r%lxVA>m}cs7Kcs2O#fdv z?Hf@}&YQ>HcT;TKJYK5+vh_c%A*qaOHP^tKf19?L314VeuTH%b6{n4#TIAI${&El> z+pk}}|A|FCQapFe#U8`)8Ox}Z+n>c-X6D8$(sz59b1n6iCp+y^OJuZNc0?U7^C|QN zR?ap+Wt@k|N#}6=Qx3e^{qx1ZlImMkoN@=DRP{Qi!rn~uX0Cvi{qOrSxOlA&0(+@o zV8M7?pOBJL7!Eod>OS@+2@G9@%gM`UtpINfn4Ra1PFV}vxp_`sBBv8}bOg`-__z%X z+v<5IVDm%HPGb8(zs3`eg%Mc&Skv7O+hZ;3&5zYi1uW8ZKa1MPD`!CVIlz%KMDj4YS(oS6mVC zYF%WaXjFsuudvA|(Zi{oPY!eBFUj{u4Xy!U>9A_Tr##!)#x9pFVcLPj^4)Ruj;ym- z;9v2-b7?p8m}KaLezl;=<40|ij|`7Z0{!$EGv@2|I8zG#vhrzYe~oyy8^^CoN?5V^^jQ+>Moh%IqN&%3WY4?fu{>i$_bHdFX57_q>x4$#EvpVqFAr&L;Z zE`Jg~%Ln18cm0#ngxw$OFITk-&5Mi^<^9SjBI=k6)p!ef;&xsN`nt6}e18i(H57Oy z?Z3RwfHKplzl}+ru8)-(yuHr?@(L9% zgWkmT@jQhF!YxO7&iy`fYxOroJD>D~J898dv(kq%rZy*T!|TICel-t8?vCN#>6%wo z(y5i+IUM{*?mzcdp#M@~)~hf1it1wB)7?$gvS0Z3blWRD+b>Baz;1NPHa9s*_4^FW z-ecP}K0F^WJ;b>X@VTu0nKN1^4l?qb)JtBy4bO%Xw`w75WeE|QJdooVmuO)@dLXqk zsp0fKcfC^w#zc)Ab_A2YS?8%{W~*Y|lwxTtZDc|Hn`-$}w(YSRg#7w4s-sByGYp?6(}^wPwI^q9@0 z*RPZ8!urbx_{unMO4<%8xm6@7^9l<3;sY*rTS$k#D0ExR+0-qGfN6NjNb#S;K2as} zYP*h;pLc#T9#4wuc*7i=8O{*~sy|=TwrkE@y&3aYA`!9pSiJ4A)goGOe(#}5t8gUS z)~AA+%Q5ssH+}=@bE>(3RK3|aT@OTPm2XFN|cs&^Yh`VxtnnDBa|!5?vE>TI8<$>@^xz^*5a~L5KkL59=Go2fy33HH z;DAH&z|!{DJhf0K1F_xeNBn40siYjcFQye9ld<-tiN>_3sL%UK)_+>84Ida6QDcxr zR_e#Tu01-2^;bSh4L0v)m#5!O=Hc^S3LAb#$~H?o3AQ4?AwIKnZ*PfHObrpr`lQI;{U8*uU6f znd1`r)zEFl#6?YI@Sc~i_vwn0IMf|SLeX(Ej@F}c{-i0RX4lc!kQycXN(}z{WVZOr zF-h*;vGAw4de`M{4kZcOdPmoxi0}xiub=E5^LYFmsY63lB^Z^4)A!rQIA|nd5ChP- zLFey+BlVcs2gvM6YQm1ukmrRy`#+B&MNWwl^DVT>zj#oT92>F}7>c}Ua6UU9`7L^W z-cDiWbJ_gF?D_cB!m(P=Y?v9I4gts3w8#34yn6KB)s{=4)tsXpC}_DOZ>O25lbAB+ zx(R0|bfM$DTT`L`Vm7P>eRf&Cnc`!Ad_J|MtBp^L?8KK2aCTyFR z9ewU^cfD34kYP~oul2^D*sB&nk+1W(irDQ(yU>cSp~iG+xNYbMKb3b;IGthlB{?WBdvefnnH7kGlZeQhl3zUt6du&k)f z;Yz31#|A9b&$!V=q%_`|U#feaLR{|AqK^k3PGXux4MNmn_-5TPH`#8tM~a9<9N~m& zlXY_i7;k_(o*mKJp{fTukwl<35Jz~Tz;}`;O=lfI@?M{ zXH~i$RgH#9LSL5xyjt1hm6Mac1Ko?TfhC~cB7I${GA<^Rhyo9?L+G znJvCF@VU}tk7S> z^$>A27dQ9kEe%v*-=A?YJ#4r-Na28ujjzZq+#=9B;t8I&D&K$f%8{j3ao^vPfVMk| zyLDfw&YkO{JDIn2E+^T04U&O*#G*fG#*>fz9XgE`cA?tgm@mqvbE!N-{r%yMfd8lH z%G561TTAH|SZ(>F$UtE|H)?Fub7DVFo2);*ds!Ztx8S}x)4h+qNSc&}q1dwgODVI$ zEbz`+5>vkJ_A_a6Be^TU)?cP=kKT3||b|M~vfkyqA8k_IobHz96NMdbBI-ou%8_My4nslm5D= zNnT(3@@>KB__p?3HAy=draN=ur$-TEa289*<7WF6@QNP+++K`Zypbt`;!qUO5SrdqtWV%dg-Oxy>ue`>}8T}ThPjI z#l!8Wr$n@_nSwA`6=fDU(Sjt1<-joY*Zgn^SsyChd@8Ox9G5KObp{sH{wbin;$3Hg zpKX1}lxk-gi!H<(It2XTWq>0tjH&_Y5(>>SvuLGhy_dV-%jeygOaAgl+Co93DS}SS4}?@j1kDqSgU1`c zz8cNboD7f42!03z%Rt;*EclZrZdkVjNRxpV$FWdH_*lNDi9jir*Pok8J@}-#UUW&Oz2xO2y_}x2>A274{ac&NW2n9FlCercfyey;R{qLQ|oOPmgBqa`KM|{1S z0Sa?^h(+oNkw_Y}zE}7zVUyNF#gxcjem)EL-8kxCB9A9AAy0WIHS^`DjTU}P9F5jU z+f2JEDBB=gN+c6kmX!k_ER5`-cZuzk3{g#-=(TO3ZFeR2m#G zPLnPJ$Mw{oy83e>&ZusR-5`^t`=$3cwC78}-$og}J{iu?z*UhPSH{_I4sCdRrn{P3 z$jrjh+peIXuupbAv${7qsa5;#RQ?=Tkb#Ph=tm3qRb~tSfMHf}|NdUA*~slNE(sH3 z$XKZB#C7_k;-a+pC#Fve!~Imj&-dG#&A)j32HT8A-q)puC%2r>4$VOT%6`WkN|1M@O#qdwi8lM8|6Df7ZMM9j$13; zttt{)RH`|-WE;Xa>-se17rBy98Upvu_nwCl_%0wAK;vS+x3c!>LoZz0NHH0w7QkdZ zN`;ya{R21Gp>Li&U?WJQj-X6faN_WCRrc`)TM zP76+m=(JJJL~?aM(f7JSo_ijwZYD_Ix_pp-6^6if?MPP~S*xU?7S)gQ|I*F6NVs{Q z2HhOf^`P!o@242Cp9+V}-gsn-?400 zy=AmjDP+GZDZixKPwSixId>bZcF3sy)b=uHuDtWyFb%@-#MUb3Wj{x4%Qzv8Jgwus z$^GUhlVr%q6$V9n+G^zyl(G^hB!FaRvUju1_K&=eslA}Gq`lLpYH0Vyq8$-#sov80>L7ON9)tMjJ!QMuuu_iZRi!|QYy)zuo>;CQ&-_cSMK!A^2 z+1AtTO$tc)(zKuh2S*$?P-aYXGO*}dffvsPlUz;vO(>CvXQ2zDiC2EIXe{3+4|`~S z*@if(R~;Ko$Fe;@xmrv$^iJ=VmQIvau#6Ad+C#<&MXFZxd*Cg1cc=>En#(W12!|9G z#+kK{w7I2Z?kdatycHFNq7;&bc$zsarX zO52ppM5ZLdHHT@s=5jVg(}PrWX1rKUI)vu1AvpK7OI3*Wv*-JmUq4x5&wL=UJ?g(` z;p=suSA9mU=sAY>t-{*CwNSgI-n(>aF(%M*>P{AMqP?SI>86LKY-Nn=lc8I)6x%*W zIXr|8k&5!CtXiPTO>n5!@fNZc;2fBLLPQ00Qdqy-uHC(jYCJzYv%Asri0R!SW~HH% zD*Ym@%k*o#G%$CXk+#3QmPq8ESzC>LHg@&H$|c(h+~j{GWMBr+&wLU>lo%S@7n7h% z05F1L!PsgoS1EOTJ`o#T$HIR&I87e$;!&`p+ut?KFC?T{p_uQs=H2K8D;pWC01Vll zS9sk1P4ir@iiqi=#ge!7t%Md(V;9v+&XO*N;ocm2F0D0tXYC#hM||a6iO$q06U9|H-_^S?M@x&^8GVDI-zQ9sdRw= zCs)McJw{$WE;wfd-`MdA7V?n#JF%kORc2W97b=UxsbHT_7U^fOv_awT0Vk(xx%)~t zVDQtsU!j5_!J3_zierUgDabm-7M*ES_|qGK>eaKQeR8VYn0%*R zc87s}W&|wlWfd#y*KARfs!uxLL7le9fy$_=G8BHE*M`=Cy@h-+MbopOd)L3R*YK)G zr)%{iH0<5PuVN2G92 zkgL>gC@N}Bp=CI)X1`r~o7^eNM$hh3p(JQFR#`p8C^Vmq1JX=YM=|ebE^0eqT>_0M zp}y&Di9ocY zHfeuutjVC7o#%cY^5ev#3^Qsu0pUZV?B+n9+1(EgAW=egQ`!cnd8MfD1{v-lC0522 zH^EJ$(BTWs_j{4-GxwLGdHkRI8mM6i#E6kUp^$gMPlZ^=yj4X$UuA8H_a{?&?>NEl zGo{>$e*-~=4l+%kYiSFt>tz+lu_e`n$vdkmBMe42xQPy75LDEaJVUep30L)7xE!^9 zwqflUG5qeYf*p{QY5QR{+$i9>`%1{?_h#X9x&9Uu{d24@*K)sCV*h$6Tf zH>${$>c9kL?@F_753hvgrYmwaX!VZFFg4-#VxRC+IO=}NH*@k}X-gf-!t~Z&P{_^0 zByJIJSX3*YvAnOOn-x(@pz9iO^b2^x-@iOZu90K2@-j#a)1?IW$4^6Vfg9)#Vw#NM zwV!hL@A}X@iiACu_z@OE6h}mGK>IX3n5YnBic0W@%R3a6KO#%`qIS|XMS%F*W4mhY zk>1zs))4Y)dYZs5#`84{`8c~KbM;;(aiULQj1ptyI6`1dNq8M<6C~?NQ+&+jy{l`d zRm?Thiv0l9IQQ5GHWaFj&drtAwq9Tkx1-c}6VVcNqiL<{L)$Bn7dwhDm7CVNZwYWI zF?i91>0F;*juIbgsM0gU@eXaJ#+9g~xP#}=cknW(UlBf=)V&2KuUiT(}HoNQ0cm1oOn}i2u2Vq2yT@m9Qp_HVbz>_7?%xxlNSZO#=wp!)Y7#sV}(0*bJDqa zg^%ziveP%kr`p0=9pbY7Ubht7V&`YBa21ik(qEX$9R_H;Ea$B{IxP}d>IL|kqK#v^A123aCBGd0frL`${_cu2e*`>4&FWyFNUg+l z69y&S4olL57E`_%>0Uj?r}q${n_<6$GLzB$GOqP!S?;+~{$}V`!XC}lbjYF1Bm92d z1C#XA1HU-wh(>pzvy>$KD2lg_?&l~veWA%arRn4sCk$fbe=}#qX8YLW7Y=wIW+~N} z*aq(+XTH_qSdtK6sGcuhR0HMRgFvE6dBj-wqIAYusH){qpPs*+LP>5EHE5g6ff}RXAfk*gIWISu!J~ z70jf*a7X&;b*evoNALK=ugzxpH{F#80l_5nlB@FWaXwL_F*ah7`*7EDSDaYmuAS}n za&BRLOxq6C$IxT@)c`TbN{#)2$B$pPqK|TARB%YNxz!JQ+OK>({!~o#V=Hj+oD{fW zfWZFXIVE>yh+P(!Z;whV@J*O)>xAlGfqlmvu9oS4u`;J)}qp7G8=O2uEA5 z6xsJmKMC^~XYrGRnPH*3L{VZs5KKIf$|pWe0FY&;c2xImeFv`BSW!L+BIw_-NZA-QHE?sseahitSj!U1+Oj81Q|isFGG4I1m74qvVKv%Rg(Pjjz}s&j8Vt6f9sMW zjZn>&NZpsfVL8^6qe5TqRiLcTNhv+*{aOEBb;td(S zp>%~_BOl?+4T$Faoyg|Hy%mw}gj3w;=)wou?0U8D+gkd-ApVAUFfaPfk#O3S+NYQw zN{tw=n-BMCg~e-j$p)aI#P7E_C4UrPl$@Dh$96jBU(zouJ&Q>buXQyna+&=Og0j2J zpuf-AVYFYXZnCfX`6c5Wx|=qb6N|?eqZdXI@aaC9m^godF*ZM0q2FQN_nNG86=Y2z zGW~{HL13sc6WfXE6h*xU^`HY-{k;6%SWa;+Os+rYrjA^S4;YZ&wvaT|USM|`8i1Frvuz2$+>V|P!S zqP$d5iE7aYqsFh;1iDrk)I#~1OQ4&*x**t~luYO?dUjH}j(|%dwj%x)U0)p+Rk&_V zcMS~PLk%F^p@a+}N~v^rcQ?{QqqHI+p_Ftt0@5KNA>G{#-^P2+J@=gN-rsNj8-~62 zyWe=8^*n1W<=gAs(EiXch>Bj1-2;sUjG9uq)OUD9I&*I3lp;llA<>dOhbh{T#-Q~) zRu`>;NPdTv6)x<(ZFZwhu`B$E*D^|!yH9+M_mz=KSHb6=sRVl6D8o)?f&3K|Qi84*s}dqUGIz=~HKsdXDU;!glKO%fx;*{$ zr2aXGOGu9xtg6uhKpXL)BXR0ovQhog!e0`AQRwdROL2{B`+W3CyoE7SLe=j+o8`rm zensW7R%P8Mju6mUN%Nt&HDdpf{UD$5%*SK^yYAQzkxzb^TjmB2o+v`{#w3{ zWuU9y@#j_rr6FPmeF-eCRwXcbW;8&S0htri_i?LZ0T_|iMyS3FV5zZZM3PU`ZQ^|~ z0ZBA;x51k1W56uQzsLJ)cD9s$hr#W;UZ^+Euf5$2hwl+Idg#TMZh*bAl_N)MAn+2l z;Sc*Btx?esl}L=GCtYFr=0yV0Gv7e?8&r2Qw#M= zzNu)YN|rpBC&xM@=70v2B)jk;qSA;DFp)bIh;cvRTG0@9F4El!L3cJ1F-j9ZE82Y2+&~iWYkBSUjvFc3)u;Ne3i6cWsm-}sYBLP=H}&mvORUD z(gmDmp%f}c?t`J|(c7BuY5WA&3UKn9US5bP*`4uJuJ)$-^pFgRo7g98XA6geKHmZd z$d99^vI40HU?Y3}jM8i(wpbv_*~t4aAl#!lpoU)FtlKMi?hK=%6Br+|HH z2G zWNbSbLo~wvr%&QJ1Nm?N!8+wo;f6VB`)*)46ZwCU@7}&7k;rl=uJyuEm07}g%UtE~ zu1qx8Oj?=@;J(rr)tj>!Fd5_*xL496Btg*4p_wpj-7P570EH zB?Y>>yStJBJtCj`Yl|tcP=1J4?gZ9Pee!mFkSim&+}uxm#vXO#f@+$67PL`u9+ysk zJk}NtR32me#kPO_nPBDeyE}um5(@2ie>=u~2RZ-siAo7fzsJ8Qv><9^AJBRbZ5wdZ z_2;EZ*Op7!Ha=e~ta?j*J@T!d<*a!Zr@@$edw2SUXQxG%^}JcVKeS_8G5UVmzE=#$ ziQ0N%q;kW9?j@%9Jncv#YANh3mJQIOX6vYi_QER6dIW3PVl6UUtDGjEpFJ5SEO|q! z5~J|Nw7x15QboOQ@%iED74v*v4?xwuwGX7(61@y1T^V#xC zVKbT?PrPa$e&|*3xPTLm^?OHyhx~XgUEF-W`itT>^g@yF*;$=xgvmWO-I!YSjoYq= z_V%0c39Y2Co0GcaU0t|V*d3bIp50Xm_^m^wGdmajFZ`g%>N9K-S#kUyS>Vu@*~WqQ z$I%T~sBX3%$Z*fi$fPAPd5c(xvBj-NWu81Z=fPy3T7!V4;ewWMA?|F>y^o0rb*N9N z+v!K$joSVsJ`Cp$;=8aK{`u>~6GYFsyYiN3%j^WNMyplY0joN~mXu3w3~JtGy~d3R z(%!Eu@Q7$gnEanke1>C_Zpnl-bxUXmj(#>PXok&_nzE8HmKH8KC^?vy3Mg}55lRmO zGmm7c+}q%W^*K19B(9$o9^p%jnuW2KW|Y_D`2veS?N#PmMAUTgo_;@4To?+erSy4l zDCB$K^Aq_I!cLr@+f#rQ0+2IaagBt~O25O3Ut1J01lXhU8IrUZuHNKA_EaMsfKnVh zjQg0g39Ner3~@vbDJM5PV5-tbA(Am+DB+_0YNMz%=g)T?6_9%3+r|9d>e;=X_w9!Xf z#L}&GGI>IxHR0Z**L!(b*1^H zI;O715J;92abgOQ zT&+qnUPo@)0aHv2C%Agod#UhzhlU26EfpYcSbMNHv4L+1r5QE1h&YT}3zqZf?>=a0 ze1du;+F09*%)t(YtTo5mfU_HaHQ1}%}bDupzVB#hy6Mf z>5~befclu;`3S6>&ME zAJ_o#aG!_b&C5)^j~A82ca$`&+e#v20->gd!Etv2F5qlw8}uUcgwy<*(q`Ak+?`|m z4Tcc7K^^=i8BJA2T_pr-*s)~P;5$@0RNiAb;9jB*x*Qj9n=3;0Hh8(Y8V(oVddC89 zOE=zmo~KoHM(q*;sW@|Lhj!e>j;hEsXs9BhlHnMmfu$`M`eS6Qt@v3~%e?{tPwl2*E7OKv4?hec^8s2tlHd z0NAh$mkbe*&0c7Z+c-1p8vU%m4C=+a_zpGYi>ipg2cBvE4mVh*wjR=x9+Q1?RlZ>l zyCMva9Sv_IDM=*m_pTNS2k>K1Kh#869CCqS1Dy`I@uuG!I@K%(p z2(d_s!7iO5?bv!9 z-;<{1RHJrPD^c;89+$jG;s6k~@hSBgoG)ump#}Hm2vr0@2A+u?Hzgg**}vaDj5Cud z9sJbWc$jQUY>DNY|qH#TpiyWYrz{IMK_UU?x!>576($QpCEGDhm zwWz$5GI%rUI|jMy6|I+`RF)?HioXF|EscWsM9+=1d7J2-BF3i4j(%FZfMN%^0_KVfe_7$E&ZN9yFHzSgH|4AbO0< zQRr2z3-DIsyb1ZqM?fH#8=*y900hX)Fa7yVqn~+dcS~F<^TBK8CGO%9Hn``5)4110 zWwsaa^7jq)Ck~SRGMj9#Q>|02=fA+mfn{|Dfd3?N4^M%XfK=@aG zM*&?5WT5u_d$Go2TjrCGe*`{m8**dfoJL!MgE&W~MXo7_GoQ}-mYqA678S8mfsYC# z?iAQgJ_KNJs?GJ0L4Zp-F7O@i)W}HxB0I8= zmIDh%K_Tq4q|uPM12RIGsVA^=M*yCKY^D|0?{lN}l!MiVvSW%zjXHFtan!(<_FxnVof5(;3+drBF6tq5IPcg7I6XI9Sqc+B7k>i4{}k^?(U zY4_n;8N6;s!-(tFFvy&<0b(FkD*k_TbYGYn!WN)Xhzd8;;dP3!{io&*W zYb`TJ;OAnZNzrlsKCC8hsFBi3PJzHyZY;R^Zld2I^`@O$&nCLly)-#YtlQ~&!XeVU zN~AqfF#7|gf3xRWgqv4xk)zvd8^_Mo`0A1lGM9G(GlVH!IEFEm6(~iT4|zpX18vYh z@4imv;{g_Knpfw0w1X}|ibLtQ><%q=o%l4bHXP+kGHPz9`JQ3_NZ>~H065ZUy=ErP ztZm%IUOfvAVo;l-)=O|AFcEPd7uhdfL4v-)RKu;Lom3 zJAm@fC{2GB>N;LKha{=G z%rHsNj6C_%JPWWxz~bliSH7P6Rj51F#Sb4u`hi21ph*cE=Bb4J?syD^GE?~M$kN3U z5Rq0c#^R$fWd8Fb`$B?FGS2&TMDMV!m%QM+&8*!-T6mkMA6Fr=^sTU2p?U}(bVF6= zrE)6oYrz+3%wOURv4w+v)x4u+7o%ajZasLwii6zdbC%c$Gr=X(n9;mtfx_&jtj*EX z)D(lL2+-^PDr5PdXa0FU`B6-C04 z7+=I0-!linie9UUklA_XO$zJ9^1#^nT`p+w{4a(6z5y;Rnrde&<*WNmT*?w59g@yo_(rJ78)^VRFwd+; zDqu(DdB=fofb}|tc~+ZFFnMx<4`OmLpeCowRxnm7opl)TzI_2A zi*$qXLrP$wx4sf0rvuogLoe7{EbnXS-duf7%OG4lCoQBO;XD7$52B6Y#Or)wSnsxN zmrxKtfkRS-l0R(>qObw?w;oIBmtm#$GZ9EHFm{)@ywcQ&T>aAL%o*5a%X9U(Y~@U> zt0=YJ&VO7oA)oVj?J;#UexofaI9Dyv(ILJW)&spooeuQD&HGrDpT=S=g~|M;3cIEE zNM5GAf;8^4zzs5PrG(`TmBfd#lD!k(Bq*d+dV0B*Kw4@QnE3oz617LT^Myr=OPKh0 zZ@XkMGzB5=sLVGs4L<+6xcr@r0fo4W2mCgzR#9i@wWkZY&B7SALPU0K^$ZbtNeZLm zTl`slaPx}P+X07z&J8f+!bPCJ{bS>gjbZ!KHs9_#ZK$kgPV5#HH1Y%WS_#h zb8AZj<8!Iq_p$f^zoIK@4)wL%flGoIpH)y%S+&gcT?=o=g&N9FX^^_2(dxsNA|S?G z{mj@Bvv=cju9q4K5M(_Y!iS;w_5c8QXAzVPhCs(^?QB*OBun+6!4jmoF6Rg^Xuex~ z9W}-DaV!gQB@e7&EDymUtfhKyzO5!+$N+JsbTK0iyv@467Z7(TJfaoyOACR(YnViF9ykY-OvTmf zGD?EW9rd@@bMfLtF57!DQ>qUiPN#+(jZVqqrkZjPcj&?8TZ&rV2Q6!9r3c1Pom+1!nzz5#TX9};z= zK@wUUSFnO=*2!I#|J&$iWlro+gDBz?2o zhz`qo)1Xe&fX#)>&n=fmak`r%gTlz!n#i%L#yclMsbfamABeS7O(|2;4pB{qFGts;Eor2ply2*jpTC!cZf6KqGQtV-> z{hi{0h3N2>ZfDEVqG#ry)H5R47!@d*nW@TwrOdC`9;qC4d^};MRW#33!1^a6IsB>k z&2A+EB|YEyccQL@r#86RvMQrl169#;tRA$ahtwzj#7l)L@2!7VmzadU(i?L%f&2 zr$0kkz$5RFO%ohc3=lJOFw$w5T71v0<079ZfjW+$!kIsxap^Wu3}5KZ50KMY)=0$3sGdgkGnm2ZB1w_1lItMw@;T@=bZdt^5XSgW9T0~8{F$9Y3lA<7D9Ycc#4dB-<(9Tfp zjGJl^y+!|ixEP>{XH>nO|LE}WZA1kHi+{e!3+UN_zRR~t2R?sCOEz-E2GOqk;rsF8 zZaVgbGUa~1+in+Y+>~BdL9RXl1%34XS6PW@Ao5Ao^Yh=PEed}aw@9Y)0&4HqX>kFE zpFMvA#;>YxfQC=7WrNeoqvR&aE8sr=ajSr@)Z^!k(&P1c*#G_Ff4wJipllk@cc|$A zNA>Zp@&PC9zYN*O_mblr0f{FbotgqnqQO$YzvRnO7(ayq>N@}QD+&#S0OYRD$Cvl` z>&IvNx8H|CG_wH0(cj0-di?&MG}fF#svO{!w+{|j9%l`3;Yi>H{*K8%Z;J(rgqjXi zp#S%u>jKu$mK0=UkBs>LD7!`^RwxOYDGX$zo-)oRk;wEm}C_!4vHCje%dw(EPfy>8>s`Y>3# zFn`5S`Z?fg4afnuC+%r!xFUwF?GH)|9q>i&*W2WThYb9$LZ@WO9tsXfFoNn_t-VfW zzP(MV2BZXlHTX}jJORKL)EhR};Kq&*&8e((vB&}pAY2{gAgeikMHbQ{N)<|{yuph-{%$U z2++LWp~mIr;ejpkxVwfzynTG;j{t!DR0d=-SzIp5sZ$dTH4eGH(@4R9TUvkZo8p<9 z5#xTRBI7r>&X@6kRtB}fqhXC$doe7aZ?46|2GR@IKzl;(iE%4g(+0H1jJoTn1N1+G zfFx@FtBI+Cp?f=*;TDsEp@7pP3)EOZP1k4Zt|h3*p=Hp9A^PEFF?fF}XydGpi?|4wk3>FqfXK(UMgxWoqzl-DWD=vT=o(10zEMG8O9tqVqeXpF zFJ5&0sWE99sF<@fy(6Iqn(i%HYK6*L*?o3e&$1^V#^W_lXD?bbzXLF9AjE$cKxZG9 z<>O)pK82%Ukdc~(K$Wg>WeE;CqtP6|8O2peRYq}Mkl(sx`c9M$Og-=F?)TgQfcAKn z_mhz=8ugoJe5hN#pB=ZJ#RZ!_#sL@N};1)GCb;ijPC@E_>Uq`3)Kc1Lc@W20&g7Jw~ z!UZwv`YHOsoCk{3`S7y`v0LC=YVe?T?Exy`RBE_2dsT{*pS-RhHMMqstO6Qe%>su8 z78k3XuIlfKheHLb&J+W`V185&7DqFa9-v0i;;}+ff$K=-(Cm}jY?I>gyNDW{v(^6& z;B#Lt9~fj?Jm*Hh00cr`YABpFhO1J*(Hy@6@=zNii__Yyk+ADv6CVmNg;%MBZ4&aV5y!wZKR%$uJDs5gom>iNa(j_}tY#G4*Z z=pXp?&lFgcMQGIM9f=PO%&IfQ`t}s1A;Q7+)T!kaf2bqd?#3#=E$;P^HGU7DH-o16U5fWs$+AeNq<)nCy=Y6k2I(AxL zQv)>1E{*^Zt9XQ`XxQ&{18)3&?|YD^O7}SI>{;!RFe2CWx}crYK1;gFwbBB3x_?iJ ze@%2%I7B7O%Fr;2PNfUb?f`1mRaKfmEA@1X-wi;<9(`%t8HOt$AmFk-fGG*GjA}Mh znVvmf>t}hH3aIcq-yM%85oYhSRxx5%+t;*m@LW(f-YC0fO4Mx4`7~aeVmpHY5Pg1c zR&1fuKi(N}k^Vqiea19aS7)lkDc}nO)gQ;}j>)Oj&zo~9>gCUlHD)XCq3)=y)hqJ| z;Gq0TF1I^eb!I2K8?g%1XH`qCU6R(Y_hDz{9n?!(LZz)yOk2~gH$9)l8_AzTFHigz zIJ$OFMI<%bGKs-QclZ)r?-pC{;R6U?#N^Ggadq4?yof1YbR#@*=rQVTbo5+*R(`J+ zb_Wo8gvDL`+Jq80G>2$$VIiM6edWk&TpmWb=Sv2;LK*R&ETjY&4-=p5Win&~1zRKq z%LInBV5mGf*$*E=yufAH6T)a^I3CE>VJh1 ze|IEcQ<5bI1UzN3voH{lvoVy#k3s+u+llFEVSs0@3^u~#fX>Ym!lJ9^s4q+4P)Tpxe8=V^%KHAAnC#X^YCLEfaC&QFI=BmSJjAq7WSgRfEw0;$jRA`piPB5 zKbXD{hcE31%WVFuq9gvs`HS0td!r!n<@>W)iN?01pf~>(ifuuWv_Pmq5EVOxKt#jf zn{B|z>XCxy(htz~gGg360L6-_J!lud+x8n5#xdqL?%NlD8G3Xv@2iLNol3%z;8y=y zXonKPrrfHZ;Q_jZ;KSZajXAYc`FF=zdse6s@b3mQyaWymh2cI<-)(FMY+}Wd$>4fkTQ#WM+|n z$1)7C!bdU*ioQ*HuSdxMo?=R$QaCob_7su^)TykpG2UE{*=E!Xid7tIHu`$kKO29H zr2o`y>IKLC$6%pCb6Q&^9-v6^l9oZJgh*AUKMB1QRaI3F;2n0s_iXp_{ryT65GFG20z3>huXQ}+4U+P z`N-TKYTv4Kg1`{uojeT#pV#`<^HuZL*5+Nbf66alzgx_1uz}g4#fQYEP`2)8KUuI_TSE>Cvdt@H{)`$^ z)MIDL+JsvI3g_!BEgRmDN-4juH@J2$5DoU4IcM+i=#t-*H`s;bV3>-0^xY!xKPygf;LB&<-q=Yd)2QqNBA45&m zuEr|eFDZi`a{aQd4MX$MYuGTHvp<%zXpC97@!7E)ji(dCt(RkbXeEJ5opBPlv3|K9 zRbPNXD#uV^zRr_iq=qSLsduWt~S(MImg=?h@bRz#+btawxLS`v3TjU~B|Eb%(E-bGR zzuRu0;r-wC2{Y(2pkIrOjO--~(y6sisu|ndA-LD8G#?~v_-;M%?L+YBr8b(*QXD8Nqfj^_eOK%Fo^H0{jOX2Ixcr#ear= z!$9rhq0-N_+gUI7*og)O5fE;_iCfJ{5P^*Oe8Ym=bjbzvn_3!~!EJP!-$iUTYf={`4=4X|v|Ot^ z)&mAUioB+i0<4KP5F|XaT$ca}GbYXLv`O60UJjia@Vyq0BuRn>ZHjp3i2Iln4x3xd zD>d4w7Vx?Yw;1)lj=$)L*Pmp*DlGc*B{ahqe$F4u3@&$hP{rKRZ}7IWWcAKr8(Nzx zWBIh{Vc&ZW^do9+VN0;|R8(Uqn}V}>EQe9=F?e>iR0%S0t(-8?I?| zOP6Wb?zaFP;`OXLHZk3^mg1bB1AFmjH?;w`Kkb4ONZ^^w&~6+lH~Umh$*3dIsO=QkPI zvxMM6-et8$LJ4MMX-&u~=?|ofOn)O~goFJX2F@{g{9Vo(Or5jx3ACxRx_?awEsQ1r zC`oaU=asNw5>OKz%EKE~>5`-E$;NnAnA7qUn8t$p-CErPW%DB^TZUXVfOL*duWZ#M zf^EcnKQ8rk^Aqz!1!I<8-h?LvRUOHKj4F2xgQM;~H|KE&7xNwUBUIpcdOM~>82AW~ zDEl|uM-&WP8w4m}6DW<$&+iGLL5&OI4*vj6%BjH~*X%D9A4w_vYz5eGXi@2)uY)#3 zp@J%qfYF1VPDfge>Wf~;R{qST^=bOImf`yW&KM8e=X-0=+jvL5{KTgVC|+dREsBMMTteK!P0=X z9CdDd!tmm7BVu9R)|pT3-_NLXZOS7d1SR)_209*85rTS$K@0^4j2^Y>X;7q8xk@b4 z;cJiL1tD@}esFeP`Ahm`huEu8VFYC>3iOWaby8Bl&zosRIT&Pbvt0+uB0aW9`Q?zT zHorFUO@m|>F3)}ZCWWwCb^OkT=(zdf$T8U1hZ_POdMZ6f?s}9Tq#t3yf5CydH~=Uw zISwc(gb)?$){i;hY;&ERp4M3!?afpJ4UaWwHZ>uvUtTN*%k}{~!S|*wRr?YT-w~EX zib;nipN$qQHS77Qf1&Xr>^0F$lYi}qo8$QP#*K)w`0IR*2!SPo5d`;Dwq#4F1#!Mf z#!&r=D%!V7E9ELKH=`Y!cBrw&4rqtNjCf})&yIu3^jQ&*BKtjb;;U<3DcQE)a455l zG~RqCho&TLW%xXmZjevqW;npOnBsTfea)1ZsB}+40_!r*a&IP&yysB;(L3Nz;4oLy z^8-iN|5Qk@NF=SKKran($F)Ea=|T+;D&qJMoFpB@AEiUt^YNEk-lk*uCx@?Ba- zE^;k!CiYPG?gZ2~FFxFE5C6we^%tCs#sNEBM4(9DIka}uquiD)+>4yZ0w5-7%V->6 z^&)s!=hO79;ymDHm+N}&hBopIH=5cbYX9G1&X>QKyVnUIovJEBf4#Ur2B67jwj5>l zh3mE>r<;5g1S1UBtBPeGCaYd_^eAp{VTO}k9=>mM*Y2~iZV=RX!36aq z>}@|+2O#c`i|gs!r1s0PX5T{0p0ZZ;lHYAtMrHpVeF!}MAoWp?a-9DYdhS670Ct(2 zGs+oQu0EGfL;*?`|F%TYVBaPG?s%>(ii8s-294S1dif&%nJBXTgU9e_Id1v4D)1Qb z0L|+E$jbXL;leKKIFL0dj>kv**FGd71seEAUEptJ;eXsWJzTO3qXy`j zdn_9K=aversW-ryRP){kpd9ON;Ysrl#WjWS3r@=%LV*H@}jq z)ivx&KVWiMeWf`wsIMzlYT4cN`ToW}`cqG0K85}?!;hE@O31C_{}`i2D3V>#Nibx4 zds`6w8{j~SuJQKm6>bL5+PiVTF_K9#Vj?dvxBzY3v^{Z~22 z4Cwxp9B*rrq*3YW2*p-x{xv_(F>QE#x#h>CLDmx6O!WT3PqYU~%Iv@ms#kV%r%l#X( z-zvyb53x77l|;p%@0j6>9LeLy9=tzui_MT8m)8GWUH~p&3OhYJBgTSDq6IVZKhds& zQoud$uQtr^0mqMD7*E-6-TYFUE9jL-)g9ztk*1#~^<@1hAN#>{))@^M=|Ym5t}CLN zApTxAeSnaxKA~QvK`$B>MzU$1kQ9%eh^A7Habr8D7wb;iZ)2UJK52w)ON|ywM0w=q z_>nBSCI1r3z6p6=_lVeV0O1-fcZwfvMUU)bQY0?9UHgZ=T9p+aRF3`9GO5bRFzRwI z$&2}B7ivAT zPJ@doM!S%{{`%_ z?)~)UHD^(77Jucq!&=SV@!6t7@ehdxQT^Mi(JQk|cefO``jaOt?y_jLK11C5)L&SZ z)!HvQ1XlDp*6%29H|2LC!R_>AX|Ad=eU*U+Kv&N{tI+_w2;gcVkP%C5$qv7Zd4M@k zRavoi(B$-EcEHlH~dEUO{)hakhSYT6UaN!Ov3h= zkIF-QrQ$5A7omtIWXu!1=+*SYk?d&YNbW_J9B=nW(-1$C7(2WqR@t{JBIZwZbQ?+Q zLw+>Ky+J+s|5m(g}&4zu;6heX~e-Y}*j5QtZ|8At3dAu<+$bt(ZCm z!kAkA=p{KQ-~ux)YA$ouB+uSe%sql)e3*urGf^4PRFH zR3RX%j~{!Qbp)I3kA}7W;MQ~AO22p_+h?G*4%x)Dq~_+7_#NrD!dM_37U25jOa>lU z_*|dQDm#MP07U%!5N3i<;S zHFnujtxB|sv}6vQumqhNTR@xly5Ha)NCbRjY>9ZB`21HbLbi>wlZlu>NSfq17??+N z2;q(yVZkN67zmNEU3l#1uW^we&#c~-B_3iKtEmSLi_i$&R=Gyv}Bq>aP3E>AD9 zA-ynFz2er`PrqN4he2LY%*B_Ep<>efMC|{uC}=*_K3)Iu*_ZppXpDfdH}rf})MBlA zNzP(j2NA0ZlUp4kKW+_Q@!;vSbS$s>u#k?UGBU>`oE>)p%xWK~`3QC5i$V5vF~y zVZM@Me0S^}wDdbRK_0K|jUicnN3*%~ALB_P%!MDT)j*aWtLqR@Pdb2()bJGM`FCC< zkCU&bW5z+GGg1E)?m)64kl045e6O6PK>uENarwdzZ*$)gF~TBS0oaWI?(v>P1wX84 zPV<|E9-hz);OK{hh!>+yr^HCl?Gh^H&O`~C<3U!yV6qsSlMWV$pz<=8NNvYMaW($& z^u=C|tbOkv8IWeQLpzNN>gnMrybT~_X6p@t*2uMYwAIQ+$z9wk(VPY%zJMEhO|4vt zIg=}&>Afc_J}3;**x50}-%m1k!aiA+`lv{{YjZmlZEUkU-Nee@VK0kp)@{7e&?UB> zG`|HOVTW+lrXJFusQJ0npgr$a=Zxz1Eg7eu_;{M=UW8zkIsxCd{xaPp{=LZdEFJH6 ze5Y=NU7oNZ{;~ek0%2^5gYJ|h?y4)s6u=uDIsVj*?B)1qF(~coC1KLoHnEZZ(xra7 z#kxMuCD!_<7I8$vC-w=GxeTiuB)G8Dspw~JpeA?9CqV|<8o6(IIZJeKG$MYy=PtkA z1Zd2zwd)p3If(~Re5EO7mvVCZ-moujgCR1YrD5Oz{%6Atz*P8MX@QLjly4B*5HQ;P zFri4%+4c4H#l-;F;)q_v9SMk^xsiFRXY3-ff}%*dI5|0GjYDj|78LeMG_>Qm$EuIz|5x?#*qx?#NCUb?Y-PeR*9gp$Sm?0wK+riEu#^r@ z`iC_T|2qQahIDMO5r;vNVGz0HNTRS>xy%!zSCJ`O&WjimX>*#4###PQBpt_T?F<)g_GVnE4j_i}$T!#SzdOJgIgxbSNo*v}(o1RrpFkow_owh5L z5a=u5Col!=u;%(gph{ZFZrpC9qmgpX5iw~YcFRG62%An*?pA)wN3Mu%z0`pRbs)PZ zq4b8h%_uW2Spe^Xq!J0I5>N7L6EkM$|25(O+e+#bjvzwthTCoXSGDopc8S4fbN=ba&G9_>bw=lj_vsi@ji z^z|tvb?k3-fWn2<3c3WKCxA5b;62F{mvk(@zZb0mG8yFVjWw(?*s!(?d z0>IIgVDXpcE5G;G;gmNYjP~Du7v;f>;@gRR&k4uaOyY1-8)R@w$aa>Bq_(k-|3SlO zoN1(!4lFwBp(V8T9W^&W_sBPwpIzx4$}ylF3_e+vW6jxBA3pwe>S-qHSTOFxnPW+; zT8;>VsGTzky-w(m5CypPW58CP6LDw}^sin9jK7JVL6#MeTFwm7-!{_tUmAIlZhzj9 z-69T>C~4<2ABbH8Uxp%X zZ%>9kt__W2nB!Jo7n>WmYRE#x(FZ6bE3{1A$D?OcTt_ju{9apQJ$>G69>H?5fE`c@ z8RuXoE;T+HOq`aBSi4SftdCk-m30w|_W>FmYBeQhhb{$j_cY;?GL~l#M;1#_ z^edb=!4%VCyyd82Q_UzG*kA!F!P$nyDd7t|b#ssbS3v*lf87ior>3MB`VtB@DQ7eS z_sDZ;p%?VbRiD12G5m&PA%Io8=FOiR$Dsdy4n`U?%Pj18BpfEc(+;iVt33^|bZ4u5 zBcf<<)>!wNB96v88$-x@r_^eY3qG>F1e(!6Fj;(QrFy3MJXAjFu6jN4H&I7)Pa0IZ z$UOvymL2{be!voQBw=vvlUjtlbZnO zw?(*?rNsmFWi6nk<{xkn8`9s>Cs6xBWt2P!KU(Pt511;}stn;Q)~2X$A7(hRad-o;Qik@Rz-l@7WQagUKsQFs+grE>+dtNjPkKW;?s4h+`u2 zbweFvdEXc|Y}!D4l#I``e=X~~Vvfc(oB)BfP9x-l&`(C|$S9Wg)(2`;eH?3L*ztpH zX_*o6qov$XY3!p$(r?Ks`1jz*%J7#QeU1%k$vv!vIxjok)ybg{(kaW=KoQ;eRMm1Y z)-3ED@HvtIBDv6nqJ{cA12#%d^gWi?w%_ZVlnMuuZ3iBAGKCIZSs(ES@wTZw^O?91Oi|2kOB6 zcHm@hks3+;4UL4ghBGRnBiT$|A5K6cL3(3tHvaQbQyVbbT}gHlBWX$Doqr3tEuPy|44i9c&gh!e!P%Q z_9@3of)s90cnbNqr#WT+BVwwc?^(oj~cg zucnr0{LL}G*f2Ia%Jo&|yfgis`u*gOZS>^e@S>Q>MRm$8NI534m{aal1S5;lrZdy>?UBQGM0pdndc^ z%xFu3@TRNmlBmb7qiejw99@Jghm*a`(y?xo>BrJ<0KFptqnv+&Y{7TOcBSjmb=+87 z^aRnwa3e2D>~u2o@20@Ytv~FSJ$_;63i8eI#hAAy^BfaLIBm}=+qq3t+Q|dQ;a`AaE0U!R2=n#4kqz9DO0CMmfW*Ryxb_Jnw)k+;G6Z)7~vUVb}d|Ee=*VG<_?4SCCZ)v zk=K!Y^Yhi9@>AmFp!(MG5&3(>Mk7Y8@@brY7PKuJe5CeY3Q80s`l=H|u${hlxX`*s z>|D(&T7Cq7h#ilQ&r`27n}%L^hi7?>MuvNs1&5hLh;fyk+ptztY&)4di zYuqDReKwcOF0m*C4%$seC@V>X-c+gh;A2!o4hn4g@;wy!=a4e=x$Z4@H>8DLx^g3x zHQK`C;uYlPXXx}}-=UFvbkeKm&RrUBT77ggh2f-JTPo-K0^w3vJ&2)Q0zS(A_0X= zS5h+V2^pY<6g?QI?GEzXbVwJC>x816<&ye)#cSFs&OLG89ezSUA+1P?WN?hF$ss1^ zEGAbZo=chRQiTKWVu2v(U3;nq>3HzU)bz63G<$0^V5Ch~wpS;3!doi1Ke>XS*2f{( zb5DCT5D4Ll$r1D|_wQ*NbjYVb9z337%uy7-&v@l&Jt6%S^ajEH*0NTK?^B}^g7U-| zAn##(A+-iQbp6rI;LQ>GpKe}w8xFep0xk)JPP5iIYlbW}I3Si>7LW8YowNB(;J5bv;aaaJwywx*W#^Vm8uAg16D9oh2BsZc-CPhSVl ztaq45i6=Wr5f|bhf+;_o_zZ z%B$;p5mrONUt}B$ZEhSaECh2L#@*HrSb0S7;PJCZTE<-|u6LaBZ!t{|zN??nBAPVQ zGsKvcmrL0O2goao;?3<(N5dZdSnz~!YubMA9WrOYw5musyv3#?h7kzs$$VFy@j6V? zMhFGS$TQA3fB$wUx<90sA-HXnvop`+BAGxp86K`1WhRd}2oyT&+eIaI4+?~{x(?g&tJXAIL{ z<{j`iC^`7Up(9Yz?-4!a$~E$BY;~Hv`8{`}UYawnMMCzTO-vd%-v3nt@^6lg8!hIa zeR}Hq!&#-EH*Kw@&LU{h2MDuZtCJw{^OC2@@V{fYJYawM;hFeP15weLfe0TD?}tU| zFUIZ97A|2S*?u~8et3QU2n|CRFkZpOs(yHb&KS3UcziT|nO#6)#OuN$E0^vK1ge(V zY{#8Zb5>tjKSwKyJm2@Z{I{_r7Wn0hLqVVk{mZTOqbWbjA^sTKSm0;Yhcfqp1Nj;8 z`EMf>fil(^XZg$R^yheVz|dk7)@Ob77jOA5D^uuS4{=7epFPH(R;E9_NPoGJ{`Hu^ z%5>&M`pp{tqwjG3no75TRi>!O-X#@edv($v zpvgdWONfU@jDrRRN@3=XpadRB0+tHDvd%HLwW=iy@4iw7Ep_x5E+hgYE^F5;2s%DW zK#M4@UVRrqP2Hg5vlDdb%70HV3Ugv*u~+b?+vg1Zs)kee06y2<-EC%O27|%2wzgzw z0dj|V@TKn#VLMxcM`kjN1M~Mx{96rw1mPT#j^;v^^eQVWQ!rC}zgm$4`|p3> zy5Wr4uk+k9Pf?a|aw=sD1QSp49GS1rb!{CTv)4Pmhl2l4Uj&1dqWlK%@8|LQj*U)^ zcIRfeZAO@B@bgiH&IZr9tW<*JaR2-L1+kS427#J8#E4=~JMGW^fo*2Q&+jBpHT0xVyc!w;&coKPjmJ(PB zo|1#(^3QedZ+~5)(%Ihe=^4y_UAhGiRiwMdi@hK3<>jSIQ0l(*0i=@mZoE*LV%lXA zA^hKOk{Xrr*#iZisf1p`KK{tyK;^jzRkNljv4Mmm3I9L-Ue%T^G_e}k45%uB!A6&U`6di7@JlA z<;Jfi_D|R3qu(3JFGuMAuEDS1_EU9$hy3pW1|C_jzqB#G7mwe|2fxG*Ny)E!|7#Zm zN{dHu99d-k`j5>a+v)?*QvAZ~X(^B;cHF-%3O4uOVaWgcwtD?+Tm3Z_|Gujh)W^r? z_pb794a|GcRlgeikIzdAlP3geA6<>iQ$v-MK$BG5_dwG+fftKO4O1)80F; zzzV+Qwf``$Dw=*nF@`vP)QM-n*-2|^{&G(%gPXMQ4#dmJYLjP0DC~p9kyPWm-{BHP z?T=E2K%oGVO(bEetEpuM=I7;|JnViUIy1%Z%e}t2IazA*uIDz83jzZQhAfyLzN~sW zQ_dxL`Y635=Z}fPOJrK*Zf@s&BRj%l<&Qhhkz@^3ck=HX$Am4D@dAC=v zx>j!QPIj{5qL=wgz-@uS1@Dq7xrP7&0IHWr7JCD{IM zh@7-b)FTU&~_72jlO3Xoqp47SoK!>_j)B0b*_;jU~xtfx+_MGARX z=c63P)|i;giv=1uiSt;a_=1SZ-C2C!YDY7REH`JCK!IZGJesq~`wL+NdFn)8!AV$k zHP^GYx9w>zf+(O`Ny5RQ_=oal*?y(#S;p*nwgn(`{4)6BG?Ol)un;5@bT2#~$`*b_ zn;^E`x&veL+x40BFJiWpd{XTn?wF-OtJ9S9)C*yc$${+7>HB(-%qT=2$P;7@gfAxD z!!~h+vD|PmyMtdu9v10Hru>HORyJ9u}Dg9dO5o>O0AbHGZ2$ThCm*)01rqF>{9^fsH6(ZTy8dq(j&E$Flb8d;>J>Rl^sC5XL{;!-hY~fVvx9I&%+m(HpM~ zWYsx=?Nhtp5;gdmj%2D#00lCa;@tHc^Q0ji^;wQYr$bC*nirYwUVXadUn6%?9|0$Z z-Y`Nc2U#Q|a?NGosgJBG;5{$T1(NY9zximeGHbW%GNrN=0x#$@LLL*{m&yBF*3>1R z*iX#BG7V>FX;5{{V4Nf4R_~F-K|`XOvl%dqmWVq)%Fd6%FeXvK)FrIRy4{g*G})8S zjng=_qgX8Wrga10epd_UZ4=+kwy#a;rP0Nw-0F>f9O8HRi64%`??6%+fYj4o$b0K+ zIWI^IODy}-Eg6izecdk$VN}gdm>4b8xj8}oqj2X37x@ZbQyVXG<$|z@ljuFzwZr@dWE|ttbtl;U;bSQyOa%sayx)!8H zB;2K0Pqo5-^a9uST8V0k?g{bJsl@00X93Nx1LhCZTA6{tcpy_+99LUgyC5D5nfk5u zPXnzb?%ehw2$G*Z2Yi5}4SRP2`yHN#{^Sx+kJ!osg^sq8Qp-<<>?ByUI3==$Y89c# zI@zepd=<($GtLSzWSs^#>Brd!+Lbaj~*ig5hi%Mlj@c3VRf8--_s(D!I?kBWD17$hGY zsyVFrLKcsg#CGpa#_&19k-Ijq>*=9#1&Yea*C%Uty~o!EiS9y=I~S?moh-Z^4X_$} zlyohD<2$a?EnkL?F3$ zT?*gkXc5hyM^k{N{{_7Uh(V=1&ar{>@gaRG#4l)hdHIjBM6t24+ef0`))Yx9fI?^k z0EKtoXc^HNj}=@xZxqKlNpy}BYQdF79bO61BxAY)s! zbD(OCvme7y=jEk@P`I3r-YE(wFSsfYlvAsnQktUrRzxK2Ul8b6u%0ATgODC&y2y=5Bw@R?wl)4SIyzFP#=c;a<8D_z43&yYic0H>AH>)1r+*sw;;cq zWmRDcEr5IuAu{|oApX0@*=^dA zFG_l!7))5Z1p8;-k|KZ0CfbOpP_&KOGx^sNg_ABe2xP-_jy%$K0~>Iyi0Ysv z=XJnwiFvWacASG;=)viI@LF04yXAfDhp0&p(WXv`Plpe{Ke^E<0@c@#MvJ3nqBeS9>bA+E%q@^z@V}+;0sZ=q@om@NLeJ|y%(pg8G$I@LS(HNw9fcLd6u2Kl0;Ds!l1r;{ru{H zxu}hNA)rIlJsb}Tr?NLCH$vbY+WCd+2dz$kuPj5uGkH1EC+zWG6r_bJdq!BeRWk&T z-j7HUUik)06Evfr881BLyB!H~!7?xgt^I}bXhza)fA&6pAJvLLl=| zJcZvDE1%s3vwlH?IPE%(nL;2ny00q?Mv&Ll56JBI0_Z+L($PDtN)qnWuKaav&UF)P zhXLkPnuj$-*lhWXU(-U<0<0bdC|KfLE=zhm)2<$51$)#n`Ueqy_LL{2mMT(z0Sv|U zcR<gGHn z^v+`j+4;6z=vzJAC^%nKS(ZhedQ?l0fm^Os2jm)#9PqChocJf)5I`7p6rMwS_8(HHZ$hUm6?{Kaxz-_ijsTQ#q zEwMee9@I8_;X&JAjNQ=nG{hiBKKyy%d;P0n;$l!=9#J?8vH$R{io6I_xkzM%4$Ex? z;@$7n9?LUMYFa5TnoPr*6VhKJVIpLB>LN;%3jvrShNd6mWNc>Wb*4!@d1vu=u&*Zh z%#i9-T_8RtFlW~r?36p~a_x0}p|4OpDBPvE7puR%&Isq=Q0Y)J?|9MsC54Le3kNaz zt+?D{pTlW5a&;2AUh%Fv)nhqb3mQ3~&?1}ke1nL;={y4d>9k`6iH%6Vhmz18ecD{{ zu%Q4_tLl4Q(2-no1Q#U{Spb<(Uz{?fk76FB`A9?{HDbb7+x;E=eZ~j@XVw#sd={(; z)r6iq`|~s&mWCk@FcA83xP8+%cZ)=3$7dJdN z>ePa+F*Iv)Z{cn(-{(*#&QJjs2)aeXIU;^=HkJFJW z+CCV`DSCS$4Us>(Lrfnf@u(agMH@Kxb)$In`|>k@j&hIcX2{6zF2p*d2`EqqnY;}H zXCk$}0wOD>JYD%%BYaqyWn^%&c)mfWF8YlXelGFMX*0@?gpGb){OP&$h*0WR?4l1xKr zrQ)+}1;(HcuLr^Wm1?!2cA8K~Z1B*PtKcqw{WnQ-QhJu9v5eALXgPQrAWD=y!-fCrE~Dt{XV;<$A`*x6S5f@@ zHQEgM(vBO2g~AetfR9?xuhBmmRusNPi=F*e{O`%G#EcNXkO-2ul)yndethNZ zyFb1{+=f;<`{92sWvm75K(B6XwSkNO`+CF(aV_vBfv5e^u)m)cZHY`4@d2&;*FnnpAAoLzo&WJkTN(TbmGFnr(Gc(}{~v8W zYy6MTQZ-RnufPv|!7snMx!E1ED0uKXGX3+yd9bvq;RWC*21klgI1yTHEAQ(PVOHEV z>2AHruJQM>E`#0bj6JP<>UqI}80zYWGt0>#PRDq~$=*UIb+`2tQIZNq`k^J6u07_HPk=m{(b(*^Ka-!*=w|4h@5E?d4`?O(=|xN+#T>K(Y`4^ z@L+XlN>$MHp$%%JK7TbOan{OVHFx-+XUa-pVYM)zN6*S5B|lzr@$)K)`-?=bMl+l6 z0l$-WoYm<%^X_cy`u5?%wC^K9Omth=Tn@RV*Q$0j3!1;W-gf!CkZ$j$H%o@`$)W4v zzEj|Sb;4)%!IR}1dQ7qh_|pp^d2XG@{oS&8 zHHG1Up7!!$v8&z$;@xanjo7N!X@rSDmJ5Kmy zbv$(x^A~4yW@1j<0)Gx|tPL`zKy2_srA_s_D48tVkD%gwIewC$hrMAhV3QtEdV<3A zM#xlK=hBsl`T7BN1TZ~dIDyR%DV}fLGN)tfK zC-LyF7_JZHo<|sW#<9%p0u=JlBcJZlq1)C z3s|HZqt+dtTvd(XDbS5~8%Y?YWWk9|T%XdLbcD!OqqY!`@?qZC65A>B3ZFO6hSY=`1DE10~A zTF~&THg3;@mZ+<)=`2cpG18VfF7MQv8nD_+>QsSb}9Vr$M8vR<__u_ zBOiqL4gdOgv5nVN`|R7rScAL7r!tof){(_IK?N9QuO+mhUb-72gC;Z82bd1h0uvGiV1AZPQ{Qv<GOB&otDZG8bGf;AS6hP zao^bYKnf(c>!S_qp4vGVI>+yr61StJKK(g*YN=~OxvERX$oJxo`Yl=U`T`gT@n=Na zK;u^FA2G02alE>oUko;;xr%eaOf9kcWe@o}8%<@L5iOsDh!Jzfp}MTkb7MiNXX5>1ON zTsmkAA+O$q=w6hyA^VJ1=JvXWzt#)4X6oy6f3y*j?*7!TP-jUS%G9UEss)WV@U3;h z1+oJSYJPNZNL&m~PGpW32=(&x~(k5z2Ww{&O3?_r+3b{DYY2$NuGN!n?`(jNYBKUwU~#vGwh znlBBe<#4sSoA-kgU}+mS9qB*Y9AUmGfV4HY8V|fnUmq2F82*Aanp2x)frhORbpe7f zR=ZW)ob%HD%2e$$Z~mcf1{36_Oue`6iUDuql+1_rrw?kgS&byc!+K5i%cdF*PWop< zz3FI3&j@nU(2Nu10CId;wNFhdI}O|@?hE-}@= z=k@0p{s>N3a1r8b1Z6lwRRSj<{LhjAP$^SwT6VTMs1&sg0^S6#NxEgM{s7yU?H$61YSY>WDriijFOl}Xmlidgz)~%~) zVq`&xg?{!%6UuR!d41&~S2S}-uQ@W|+33>L?X!9KWzpiH)o%TRhza@-7(0)Pkvh>< z8pV4ebSd2R@XHbj%O2xOKp+_+-N@&8Y&cU2Eb`-@TOp;OdjT_O1#i371&*sNFY=mO zk)(Qy4qrg6*FvhHZ3IZGUb$60<(@QA14ImF8YlClO$lJx*u*b~pQV%otDz=y?)Tgm zCj9Pp(|UC#7u)p?Wv zn|s2Onn$cEDrxrhgk-f!M3}9Xq;N!?I05CIW{3=HAn#hQ^TW)Eezs;_kuGA3TrF~~ ze$)Wp4=T}-?$x=srC~e8>xD zlIdp}GhC+y5YoY26JAROzF}@MhfkL^90hQ!Hg6yvovPgxgi^I2Ld^d{5-5GmrCG3wi9zYhgs!sz*g8~_BnEP)6_<1 ztC+3i^97BE?Cl$Z=FWE2an!0|Rl}G5y}|>>*BjKC1opXNYSB=8(?0OL4*2Bf<}!Ya z%ww|~15%v4DEZ;x;f{32?+vG4H%j4sCHq6Q>vs`KOX*aF6Nv0m7iR>#Y(N-?m!5!& z?qhtb2{Oz-?_!|qI$MERk3yWy{8cMS9i>+Jby2W2w*uk+hmyzV+4HreU zjKtQXUI#08sD5g0BjaD6`hZ@0A6FGz3RhY3y)0QX5kTd~V%Kv6_v<@ND9Y__WbM}~EJH>B39tEV4%Pww!)=th^^Sd0@f z!_K^6`34oV@p5q{v#kVvxzYaDLBY8Y0<&D-*g%xR<~YcPj_0CeS*1@4uiDo%*W!Zu zDINS{mF1|xGjX^fGBqthxyUREEyq6y=ip)^D1baZCAOw7p67@>Kfel@ZCrPJmT~l! zihn};NY=*X?W3s85idNfuh}GT&OkeDAMR2!y)WnpsWbbQ78Agvs$qr6d75&xq?a4j(=NfA2{Y=Fu>5xfb-! zg+Xjwfm~9xDB7@Ry5(%&;L87gywCv)q}&UUDSjL~JG)3s4E+4?ScFF1t!d{@mfZ*Q z2NMp(F)72~j**umJBULS2d>?gzi~y92%KI^G*x=yQZAXDPozuJ)Ui(F6t^gyN`}%S z_+#l5Voa-1O*+au0Xk5mfFAvfosmVevj>HEtsseK1zrvrqJ_JWYWX&S2tM&R-l(-I zk?KZ_NdaV|?CSgC7BoXulqgY@ZiRa-lW>c9gC9x)DYS~Nn@BD<6sA$*WJ%InKYR+t zd5mRkl&@^@<~2z^*sMo=qP7&>X3UjuVr z3{Tntp@xCaejBNQkkkAdo8ng^UaA`zej5G#{Z8+$d7PZAh-zTG0ddJNLrb{YNE^u3 zTLOQ&be>`RsY?m2sw4mjTbJ{3T==wRb(Akx)0drwRW@6WtCaANE%c&4l5!(5&CYME zXPrS2oVf1Bw1WxB(tQScH@UmeO3aE2S!#DPgpjfZnqH|Nc&7_|A7ebvJGTJuPrNN^P7r#T4Qk zB7LkpHHj-Jkn9WA`-;P{B=^IbX{QcLt0^8=p;Lr|{+(#Mc#XNs1fOO1Vco^wkV(4V z_@^>I5uQ{;h?O%OBk_eRBM)n4=ml$Gk&A!sF`)j}Jm>}hbuHq*r+KPaVl|j;YhsGD z?G0!YwEIx;`kuNGnvx#?Jm>_Nv0Pi+@yr)~8}7yW&CmU4 zv>WrsrumR-AqAmz=3Yo*Ym$P0gLNoWkbvyPj-4Y#?C(Nj1{LV7Mp)Wx>S^x#%9a52 zT*@W}6~C$+XyUMbM$co)ZCqR45UHEs%&qnyGkrog$cyPP76b34{A%@{L zw-0MtzAlM2MgDFLC{P}w1@(imXM1AWh5Mrg*w@K4MRJ4V)N^+|c_syX)H7J6&Ux5# zsAuUcFSGOQzPDy|P-8WhWZ%A^z%0IGVoulOvZp*SrBJ(0`s*N_h6?(CG67hUE`tip zc66RYdQrO;gCaMIAh~+7`xT-3yZF41vT}5kYiKt*%JEV}H*>1f{aX?T8~_(m11B(C;j;E&wfK&3}=|Zf5CM9XR0l(|G??eHKD|oE&l`2Ng(Er zb{GB&qccNN3VT%)7Zd&mOjlX}Im3ki4b#P)p=tkh7iL6&{(r)NN~xFr2Lpr_Ld?L$ z!A^^-yuY#jVOuA8+kRH<>}J2AN;L$S&P=`Nn$`5jto55502zd<$67zDui;-Q`Jlev zNiD-77$w7T&y;C81k<3=)SRM20?YjB8jaoMZW+-^MH zeyss=QBU^urAAZ{rhiWn_IAIwLZM|~0226ng^vRPLKMBMecjp_!jSQw5T5!8*YJ2> z-K*?l!%95t6?WGx`CIxZ>MOH-WZ||S)O5yZb9GclOI>!$S{Xg)WDnFwi;D8|s3-;- zvLtVoY@N12SKRM@uVwj2leTLHbKRDyudnp7l2C}SH#*FfUeKu;VZdKa`B1R?&U+)# zZP@B#-`1XCow?a7z3T0Bw*mFMeEmqpS{jK(W>qpu=*4g|qnR|q+ zQkl;k<Zi63M^=OHajB~}quWJ#{Ntx{}CnlIcCY^Bj z-i8hNv#*`+cCaravJ?Asdy0&o$i8!aX+QFkQPlGDXssuYe1=)>jDC+Cno{1mReq%< zik^DcKF_Yl9d~1kyv7`3psng9?Y-R0c%C;i3s$`hv3BI5_Yx3s6kgmHUtr%=`L$g2 zpH02k8wl}nykX^p86bvGyDDTgKu6D8vjw!>9@CyHVdR|KH46k;g23g>RAOQ0L_0At z;n4VHxqiFOW}?c@z7r%2FM%s*lK4pt@ZHYEw&ym}`i5nJWUwBuDMdXa(vHX-yL*@> zSHY@-@vh-(wivT{OmG^r2*a)0P_YZauqVm|JhQCeRqJPtKQM9et&)F@?yIx9kWJ5W z|Dg5Tsr8aCb-LU8iM}3HJ^V6i*L?w17DMFf*C7IKxsk+L(z<>O^As&;9d+zyqPPcR z?zWM%ELBf9L?l$BcQD&8_jHZ+oDRM;+XS)ecgbxEk|n~)lG7ydTTqV(n`t-pF&6Uo zSx>br9qxRI_v)|rh>psF7eeSYS4UJ)LEck$8|k~zj)AR-qhrKX@QU8|&8L_WCd^iM zM)RnY1lYozM9F^G%+?b1XzR?6~>2hrb4kMna1$(79BwOFOf!z~q$WNDvs|`aRq0lhK!;d7q?t5O5-a0`9v`n;z}Zg3)+S)lFSWh8}ZI zyi<2_Sma@DXGv-2^-qcYcV1HxG_@oFXyX&@))JXjKAvF8+Zza5GB&<_@zJ)3pFlax z4#|K>udc4vEr8Io^Yt2n?7mgX@_Eli(|U;b51%UJOi|g_%wbQ|I4{XmE3ZKT#RX1c zkv8eD7vN;W(lGqBBTp?jc#F6#lrXZ(fl__kRrZlm5JQ8KaDr9<%wICoGtf!E?U7?= za%B;J8Z0fgpJZWA5XUr*XQuj|DQO{!HKY|Fgl&!IoJGK{#H6t-_Hsz&32$4^tewq` ztSPT=dXWScW%2VGS5529V~|jH4zww<=EdX#rz-PnkA4IGXDCM)KsoNWdt%4yd*#|S zY}ai}N~)W7)LtA75RVJQ!>evnfl~rd{M}EG&>6cgL_9fGm7{H*Vw~bYJLT@ZM^5@> z-(Jc{Zo@S+p_Z<~%ET6~ZR#!LqTp=ha_vOr6Kb1L7guBsY2#!!(+N&xQEK;Y8nFu( zgvuCDrgF$L@g#IJMpVE*U#51x#$0IB$N7Hbyx zYyOR*88R^B|Aq=rwm@!f=ZPG-XW)cY4N8C5j+NYgL;$quOz()t+RtipsyqxjUIFKQ zz35Bo_nifw@w?nWVd0S8DZyFbr~L~=jPvA9O86?<5f@sZ9qr+k-Mr2#J6GePKO}tGtTCx7N zTBqG1A~Or~66a;(O$2vPNd}H4l!DSJg0M-X8{Jpka#+I>Sh6i2$({Q%dNQQc1n{XV zNM2Z00{&x^byvedJuD2Ri?5zh5oFf7Cg+n{tay3jeM<*G6&dc->Xf;Bq;eui z-)=lZ9ld7MJ?&qZiF9|W2eARvN$|t=-Ew#t;{ZBTZEL+w%-Lwn>lfj-YlH-tN9||y zScO$|0Y+so#J0GwaR1dsx4@dc9>J>=6t)><^po!&-)bDQTie_m5*=o3L303dr~3pC zL=94q(1;-mI8+B4acx-bt-zA^Mv`ucWbwsTswpd?zq3Lvhk3n5yloKDZLe$SXU zm=-|(+Mxh5g~PSKzaKk|1~B)-a-2mjERj!o7q6AtRo@^gEG)EtEFf3I0<2~0uu_0J zeyeUQiU5AEM7!^rP|^b1Qq!uqo;$cNY?4^sDnmu(rvrnJU9uTn@tFnXFNe#k>`W7q zjbApm;oiLKR!OXQ~rAnioOM*Wj5I5b*!_m zt)6g9g`tK3r8O11%@Zk{d-!-t#%q5}>XrQD+vKfOV}Nz7o53L6XeGtOkHR8NwP4`; ziXk%#%aLPj-0ctx$`2-g(CrNI0FVrEMBT3W)|!rd++_&4zj&EZ?Lm80O(e)@<~S!F zZ{h?H^An3(cZ|0uYc-+oi?`D$4LfIO31p!rR~fine*ITMFmCLsv3f z6w8D?RSFSMHOvr^Ung+I301*9Iak%w>Gpo4>Vqz?Xf>k+XKXSmNLbo+u)nHqwObt9 zystU~O!kVxqD&0k`T_p{t8XkB7xi(R;VxB$2O4CWUjq=W35%ctefO9>3w=JBUA|k_ z+{MJ&>pzG248j7yiO+;Jcf7ku^ZIap>x(?f=wnx~kN8J`GJmVyugdgU$)gRBC z9#q@cpT3KlaNa1a29%T0My|_n1S&~}bYJP+P{-<~fF>f>$Y)!BGBS4i?)AspjEPr{ zq)Gu$%O#^uh`pwkem6cOI&11kQacQ0w6Dl4H(rYn?f?aV{ob5u5*P{!ydCca*Jocv z7~d}-bSyp>ZTI=6Fo4JCQx>0Ch<^#(`I>wwz{xJ3Wve*5_8uyTgART?a};;=7kyCy z12E4cfQQG9p_Q@&_AZ(Crd&I91=&-#2gO3H(^81GX=6>C&%~JpiP0Nm(4#9&U%DLt z<^$v&;?&afJ0x>BF}e(Ud8*PBhDRG68&{4!8z$EEPI6W}>RU2W((?99P>SqGX| zvKVz$mp$to0JADxplU7v7%pSLcwVIbrX3$;{HE9UfODcKO5VP{2@13;!%7THqa4yK zt*+TfQ_Iv%6=CehG6;6K6=K#bSnIm&I82sMjkFbALS))gMRGduA=wG!hC>}c3d^}G zQ~#;cHD=Eq*SBuc?xkOnIrLFa#xvGGxe3EpRg?_vf~ckx~z_eXi4FmRtsF;e{+R8l~Kb`GUW zzjpkTm@f;#kpO1a87Ou#ZC6~&!k;5<_rB;Y zC85umcVwy%^+Hgc4$<-f8Pv`5``~$|qynbY=bouO1LJSi)YY|C*1?9MsS`6fs{(J? zqULd!w!QFNtwvhp4NyT$#p&4BUO-@IQHj;$-_~T6%VjXlI$^kAN!+P9)K8{ln%VWi zu)>y6>?&U2e1%l>{B3*X91P)+&u1zlW7C{Y*0lFrH$3>)I&x(ICq&#ic#mylEQ{a}{eG=RH?Op0#s-oZ_o_Z-^P}>&iS|Z_0nEx>p z0dLZF4BXfV>DJIIPagmT*Kz8gd}88h%1a!Ow7Dn5+N6?`KT7@EWZ& zv96*G1?4K7zusF;ODih{-jMvxSKX+3d;65eJ-vvc23LoB& z7mh>mBi3^2D2#E`Ss0YA;_I;-We36PnJ-5byI8LmJN{J+ zOUXBoiSNQ>Fi4XP==+Bk5zXS$5AmZpL24l-fJG+c)?~fCm`{y`h9HwjFz3!8BRjr( zXtkXHJtGTYFN(8s*PXdlj$>Q_cek+!a2|sa2JsS>X;3=xvd%)OjO%xpzLza5u(W?I-u*1t?^^zaHm7 zpXE%creN5n74;F)Xw4c=2YShygV9cQ$8~1ZqiM?L+V6n*2X5B*U5)WB^PTxbo1!x< zAvn(JW@VH4p6CQDQ(J50SOTjl|gkOprslB6AnCGVOAz9DYxWp=q- zl3)ko0%hGArncY^rp!pWIxQz@z3MXFvS%bO!0Wqdet%KEq~8ArIU%^{ z=YxYY?Vm2upO|F3@dRCz(G`QdmRszRj+uy&NJrCmMO@{6Z+Bl2jTc{~;W{XjJPcN^ zvge9y`Cp(AsPN2ekrhBFr$(ZpX#2NNj;s{s^!2mV{~s(8L|{LWNG7pAkjN+0qEG$< zhtx#9>Cd=({NIwnPIRiqe+mYzb>#g4c=o?qzSW<%fQ}(8Cx1yO0UeMkcI7YOA!yp) z&?|BOpOVCXe9{R-mq0A|*DV0R_;&{}0EiMp-l8YD`KMeF0J^_rkpLqFXO{IL#{c{( z`s}NwKVeUxY5c8PEG-B{Gxxdn14bU8=-}{TD&yc;mM5*5ALYFu?HH&zn?E=1Uw(`pE_JB2nBX1 zx6(b-n!qjAVpRG;HZzv9`jE;myzdU~{QIP-v-Gn;AnL#=UiMQYJwPL!Bk-A*$odG+b! z%bqAf>i3oW;wIm{;7?O;vO`92E3JB^HEM+Kk#q(8tPrS$MFYZvaRnMj>0^%J3IfOypVvmhY)L zxBT$&8Yf!NZWi4}(aLRTuKVFLKqyw$dsVhR3~5>xGI);)!suf~`5vtbw^wH zcD2|zq%ierfr?5yZs&Y<8a$e{q1>{(HenUJXJQ;MIzK|F*TJ@DGQ#LG^1KYTCLaEpbLXW2fLa(yq3}bP|EJ;UI}yp7Ti$a^ zqkv~tIgUtvZz`TF`u(7O$BKlrWb_-2t*1*>geg2aJ>Vt+;Gb3>7tOw#e z$gkC|=Zqx)s71VN@fnM3J6?udZvMKz@ofvF9dpTU0YqgBAhh^_A&gf=i?r$6mV>vK z7nqzVEQ;eYAx&uTu*Hi9YxhIrvNi$=FO1COw8(2h|4&)h9?t~ZzYE2qtu|qkHC`m$+ln9%JY>snGC{)f3Lk=-4$JxR5-g=(i_j!N6 zKezpHe?I%%_xEsJ*Y|sk<^WLr9qG*PV;WwsUeVVR5SgYHJ;qdQIB*8&Iir&kAP7Hh zyoY0YbJJ`pgWs^S1prwC_ukl7T>COfkYxz%`vvUI@5hS;r>$Gwz8s$nPMf^lkt6u& zzQQwDA|c~tHR<}?SN&zKLX>vp(oBdFW^Q8Koq=Qjh|X@NNY_+O1dyEZql*c^^f_9V zq(N}{5N1*f87a?0zF@`uIUa_n4QbcL@+Y#B`)a*9e{EvjTKvLgU)H^g%V^MYBIC?1oxP=bZ z#TC;WGNymN4U>lEI%kPXD{hGEovSudNY0#Dw_hTka0Ban=j1FH z5iN0xiYq_clz4OGM8nTz&W;qaCS#?3K(Ff9Y_FrKG;Ox?tM~(VdAq7%8dkNa9Z#k)Rs?m!<+1M8dqE@Lg)@|+ zul2j)oT$b|?PZ4gj)K!X%tB0+kuR6^0+Q%jW;_U=Wo|CHTxl5ivKLmNYFvz+U&wzD|+bb4{-~iqkBgTT1Scw zgnC||nADoFw2pcd2w84UXsdX0P+AFpNU+A?HZq*ERkTWemM}Y{s|{=mEGOG3ujsRiE7^V6ZJ%0`6<2 z)0SBmN=Kg{z(BLESI>(M0uUDhcp4-;NZY;SZol;2KPLUs2KX1ITP?#7v{VGuYV(_W0vmuRIQlB2a^_YtgyH%8>tku8%@7MaVzJ35?3^C z>V}pDvx1;EaGbP9)TYHzoE3K~!<{5+6GOlO#4pmCY=3HV;qr zH&K=6o`MIL$NYfA|A^TRUyR-{R7OS-rVSBQJVlJ?)VwJ#8{0K;d}eo(4@W<%9( zyRbdeJ@5FdJoAw;idA6=3N|0w1LG9kUN8TkGQ;`N?ak)Tcp=pHIXKRe%oKd`7?(R} zx@-y+R;SFHrwdi7qZ3L3wN!g z9BPpFS)c+toYLtWEA`KD!GNrxGI08EG4)4~OZXAgxW*^XeuEM7cgTY%myN-&H-?29 zuQf2pU zb1Y_BdOz$t)EO!HtW4(9DF+jIT{>Ueo95$F;s$dLfdQ%NAdk;=TdOkkrA-)EVq8~* zUm$NtJrwDdizF$}?T<>odDS({dbml-0n|KqA6>jkS9)+vaXg?tQ#+PubNZ7v+R{LO zd5e9>(k5>&OPCtl#>z_F3%1Ys)G_50WmkgZE%`)sz?1)n26xi@J+G6iNsI#MYLl)7 zBC2}n+c$eg$l2_6K%u!C8;2pSD4+~gFM$-i;GJZ99L+v?QRNxz;CgsHr^f%p-9ng3 z7t?1^-FK(Kd{wc+LrbOiCMgFIf}}*ojkG28D^*jFjj}6hZuiWj<=;Y z!RdaX65h%u+6$|2rk!$p?gmz47*qHxQ`t_&bJIrVp_f+cso0aQd#yd$o{lA2_bPZQ zdTB=|D0vN+j^dU3dlR~6V=E!MJ?on3YUr&U)rg7 zALwGipLWXboT=GWAmtrhyG-w_{f6|RCwmyq{p1OC{4=>%38^QhFcaS|NWJzE&^#2Isu6G_T2hJA;*dqp>MBq>g-%Qk&90@ z6o0V(Wv4w~k&p7ZE_kNCuJ;TqL4|HXFe$S|y$E~19U%k9ek3uIj0cTO%9GgXH`#$5u-+m9(IpxvfDMWBt>7U;Brm#bhCotIM?Wk>$^E$xbS+* z-t$2aI`Bs_4?P$RflH2@C^3^Bitke3){hH4f0*`EH2*1?+;Quq#}>Bcj3z+v3Jq&X zdlh+eK3B?P?m#l&JMPAtV})_8fi?dOY7Owy6Gh5E3o-R6vNO+y0JT20mpuWN*oi0s zuhmc1NI*eFP?eWf2C(*(L$h9G**G_FXN;wxW5dr?W>E4e9tGDr$AZ)%^+OHwQVaCI zm6j^^_j^+8f7o0kB}%?nS`!Cd3H_=9C_cd-r}OG!K3l_@rMk46#crl!2A(u&OborZ z8Tf4UC&Gk9mG$kQ9{njO^TTd&a$<^iK+!k&q0WbdCJv-S7KPRE^HI@4&mg zNI(T$!>2xha-_RY2iu0kwmx@N5=0Cy({^XX=dqy(pz3;RRbH9Hg1u$%RE38hiVhJa zbZS;7>Hbdmpjicg)mMZJYP=PFy$;xT*QEm-y&WqzW6|H+J7H7?1S_Dya0Zf7H~)0F zb>JR`JNQs+8Q|Auq8O58QB@X%%u5fM&|#yCWzTMIkzNS*9SsC59w@F&om5pr4tMfN zF_9a1lj6DA?4O0O>^kRBPz~3Tva~ZGyPKl@2)l)6u#G&|;qf-{dm@QfLZl6caSyl% zF(b)sH<~?VADMfbm7BFd&m7orTY=;Q3r~x?WG_>;#!BOp8sZ!1-S`p06kRQXgTz7_ zd;_yFUer!zMFo--mz&bnMVqLmB`})T`_?_yI!G<6#1Nx+>3GI8$qoC~xa3n}HT73Z z{j2)9<6oqFjzO`9Jh|du_h-_T&4L9m-VuPS1NLU3N@_96h3#NE@!T~S(FokI+eic; z9uVlU_O6!OwlezWiwGH$Dz!!#P*;|hxM#qvw}F?ox8c}#*5reK*+u>UNvY*JEL^&2 z-7J3l!se}q0vK3MF|{yJYp$-j(tRL6e*WTGQy16~GzqPbUtUg_4Y6de)4Nr)or|gU)%^OjDuQ5<|vzd479N#$y{eiqlb~s6bqLIf?2> zzR+!pAxBv;ZohD zH0`A->Ac%s2`LzJYPdCVjB9^@?pkehdybA@9hv-naoYb9lFfFt5)gRq z;s1duzh<&LZWxw21Ho4F$}PFO71&9;CQ?_0z8H$uIyq}YsTiDvU z%@I>T;ZM0kQED>7T?n5=ar2ZzqYWnk-ahqpuUCu_=-g9o?wQDMFrhI6H$A|nPTsz7 zUumq1Otd%Xcul$f0nuvnrq}N)CC{O~c9h55gtIDVr$t?e(UC4Ecgz^B<>)XF~K$Lf#gIVALTXSaUk=-w|}!PnJYRW;_Rl7Nyl-g^t;k*J70IG?m}oD z1p^7as>hdk0ZOq`m0rQqEtUb{3=AsYz(+O_>Tj~#JMP%5`_OKY?_`+YD01-+_uZTk z9BKw3g=Kc^czxp&d0M)JNzDEJZd&)NVKcb(4u?5_dV&r$F7BHR#bB z&fZ>iI2z*2k^Gi1Y0^S=)RohCS*2Q^jZZP13Yt&NT?;KKb|-t@+1(l712WJ*-^4Ej ztckel8Bm9_`B+&$nwRyEX+u8IC#(rQ4W=iHt310bhC`{lP{J<^g`J*mSP|zDw4t zRIS%S-E`3E&7xmWa*8SKG0R2tdC=JVxe80!E_4cNi;*i065p-4C%w-n(){FLOz+d2 zk!KMYatekd0j;UEu$;MskV!cMrj&^9Z@oyEk2D$BF2~7+anHOqVZS#giN;~T3;*=Q>0no0A?Xwmu@ok10!<8o>S-0>luUVlp zwRfcf{-(5iS zMdMvymBnX_{HHOx$8EeM(QCY|V?+{P&V`M|!^0OkPrO&Z)LvNO#oC&NYzftejEfUR z=KV!hv>vscnrpIN`IE^w;8jRFwk?^6ao?vsdR}~=EH|6kyQjfD|JZy_zgpjAi(FJg~>_84$o*`|BSl$+jD=NMwf^ccGJq`PqFyL$8%T?nYRsb*>D&X53upwqBC7aXm@tB+>l zZn~i-!OR|3lCLo+NMjgx|FjhU8$VpB6byZK`aO8bN=S!W5JBku*k(bVEsV_ z|Hfj;W1XuO(6Hv?bNxJ}0F(Tk+x7;=k|eD5$z-1SZ%eHUuLnLa1wc>+aOHg`z3(<3 z&+%h(YK(Tc;i}b9nO_n4K!AS8B>#AV`i2&TiKjr+`wO`Lo6{K-Dfpk|0Py{mI(97cTW3;c@3ftRg zJ#*ExIp`pJK=}Ff$>iO$AhO05mevNP^(jx(yW=|$sfRx?is|REXFAb@U#p@^AKIb^ie%LjKxt0DGtWo09pz-~U%O{y)Ef wod_MP0MsvG^Xn$-&)@+_u6}pGyl4;`-)#ogu1H26+&7<3=E7bN{Vut7#I*<3=FIo z2o`w9mXz;4_!ohbqMj=T##J`-KbYy1T`=$_jT=JOP0R7Io981JOAMz+Hc#AmpIEvv z3-I3Ly~V%FY?F+EfqJbZC#~&e{PQBrlTs;VJ8m#wXU@Q}`RukQ9svOhfg@Wyf*b}3 z<%+<{Zzl*MVA>w;)Vz;8`i$kl;f`VD-E6!W!*GC#?z?cSE=yO(%!W-qu%#h&W=<2v~OGjH0Ft`jEEy;%qZDl<&9BJ#TP8;{`m$ScA zga$K*-jMfW=lK1)%8~Noh0pQYZlzo#I7#Re$qCJ?IMQTkxU(O~DeMS1G((vokD@e8 zBK~?kizv~6lA=G0_cuN}5gjS)^0UnM_ZOar{P%+w6c#ev^*JB>cE*Z;$b6En%d&+N z1v5hiu$~x2MAYC=fSU?^+gV)M@z<-pLsL^zQp|0+?GxwU{)W~V38U!Vgx{-dB{EvF zzxRaJdfv@=Zb!gaAXo6e`Ii=4hXgYV5Y@Z0b4-%o&xc5pwO`HqNKWzlMMRNjS+@O@ z9XvV#X1BAFl=tXWyN;YpeyOW`Gl3N>nZf^9vevdwx46N2!T$Tz$WsV>gQC}#{J(z| ztnKO7oNIsg&<}1)k6DHNUfgGYYpobXpYHe1c>WHZzp=U#_lMc~9}vl4%l@r(Jz^5} zI@@~qch}YW>$*YRcI4k&B4rhonE)j6jo9yp^Y^0QgCokS?nxB-43PgG1mFx}PCGlP zx176%r>}g;|{bxi;DhKEAYR=8r)2}$=ua{?cs)mwFwdV3r-Mrq3FHv ztZLx3*wILyLLGxN&K+m{dRmtMwNpoMRO+_p(8vBO4>TlDr_h>6sR;DIz9Tdj{;?16f1E+10Fo%jMogd{V}z3z#TV z3RRpEMHQys=Zk2ZVR>tIYyp|W2R3`$qt!p2)E%l1+gzZXS@{YESPRS;R%*N!Kp)5(%<;7Wh zyUa={yO5B_;m@!6Wb~qLiryRe^h_=99}lF3hcnsI*$cI*-C+Y6lgNq!&Z<3WswpQU zBjXq#C9Awi!{sntt$~`jt)Zc@B#~cK#Pg6#Y9Q`fSqvVhsHlGB`m-)vMHX?UB1-*Gm1YesOkgCQOp*WuoJAV%x+;6!-`rYEvx))ze{y=-if3(7= z(Xr*?u-pCQtOa!jmL@~kS!TP7vbEXwC|;6^&sclL!+xgrigSEfLc)TezU9f@3d+EI zsVj!NRd8Zr!p-)LLEQshqK1YBLCdvn$xKoAQWrryB_$=dG_c$aE;Y6X8zv~)%YgL&(6Mg?^A6u@=&lLsz=S)Sk?Z>Pr+dr2nG(L^wRjnj_kCeOer=4Y~TMm;yzuFGTKPw2wCA!L$Dj5#bPz#4W>c{^!U2$6M zYd6$5KR6;mwd#JYB^kT37sM;3{e###m<@=htT6I}<`qsQK?inVc_9zA@m&m}n2ej$@Mi=(G?#O_KIn%=51IUcT?qmaPG{ zDh>;HPq07b#wUWypH`9^U&q3bk&y7`J#EF%KUb!MQzwhs5r0tVE9&Dx5H`LG(}!dX zMsHq%WLQFG<{)7xWk%Yj!Y-YVz0}$V_lzgk~R}>ug!((D}c=?#Ia#>t%+J^qonIyoRt5`U# zZF7flRKUi#fA5|qZvYuQHV1zYrgJRE+zP^JZa-EpWxV^e*zoe2rd(cN zu-n#b!yU&t7!1ahia%TG7F!>cTy~Z4bS&#Kzc%FiXn}GZql6~iRkBcs?X_{F=8M*y zZ=Um@@8Yh+#bE)Lf6GI|7_~5&tSg+Z2+etqm&m%F-WGzd<$2=^2xU+pl$DiNKfkK- z*wkP7*5rM8e!}gcNDu)_c>Q`nl<=~oxcH@j4LM2p)Kw#s-u`|qv2k*8IF>h}8(&99 zr>Aarsax%}s5{t5eH*(or6VdNDXj7CWwv@%k7FvZZ-5M1ju)(6N(?tUSf6lO6ujqf z2jcAP%yu*TbG5_9fdoW4Tq+lFvrLKRAo=C*m+nj5d-v8~-L^7r@?z1HyI|FnlK^Gs zPA=;;RTaf%vD?=;`Grbk_s6{TQi}?TJOmWhNYxw_G;!?pK2Eh!%$dU5r)4F~I>NKg zmpNgCB=o}BSo$|r9!3f~FX9x~o*(b_tw^#WLMa1I`c0ffTaG*V#%tw!3c|%ax5T}6 zq#Sgm$XJVGe6p>EGTCmQ?-xm`C@QKOUlE3eLc+hh?u6d{cQlIUhaVq%ZBta1%MFS{L!AFasZQTa(j)ldCsIl63Vjz>*At7gqwUJ3M;PpI`g}+rmeQ?|JA%RP zkn;l(uXdV0viLRl;>oYoE1Zb@{QUhxP!@tCVFKS8J(+HrV$eSO_Q74N;xu2YNEKum zkYDDmeyxaO`~~*&(T_1skbl6f_ECyD$%7mff=}Az-bMh`$*7(a#eW9EE% zYLiDq2u%9v*=8MVp)%ltC$emBvcPVt!n`XQ&dXc7$v)o3!yAcXJmuF#90(Fb-snqF z_x08w>P6fY+A z2M=vfgP@G)XjrNnujPAA!XRqa0SPltrOMvkA`CgDrGz)`uS~Q;oor!Nb4}iT8!TS%VEou}!-mnr*#wtJjGZLyIp*-# zSXEWku3ytD`D)f9IV;Gj-eq!pI2KYOTxR5@2Je*?%~)YB4e7&9illsu{BW{D>9Ee{ zU@Ovj(hDu@i`cib|4}OBH9MBN<35>vT^}VV;MOF|PN=h;C}p6vn=Jn^Q8u;M8D*o@ zx$y0+PDP*^KCoTe~bsFFVJ(H(nDA$I>~GxnSND|>+trq54)!Nb4QI?zq8Jm+{c zV;-B|F6$e^Aojr9Xt+d+b4j7j{%dfk9>uGyEVWGNHTn23np+kST*|9gxl_Yttvc$XWaHyU>$fSiIQ@rr9S}_CCOR*_2;Dny=k49@(!`0LYV?RugJU@c zww$lwAUn^{9RNJ(c+)Y!uF=@p!eTkq#9!%kQAfaecYvvRkv)BVX1y`3m>0AY3s0MO^i@@t^v(J9n8ZBpH;5x~Gta#~JgNfSUbWIj zLEd_y3idLoOhTEh!4he}vFw0zNcKnpBtAY~>cuC?^G}jaoXnSP92pS8h}PaWJnx)@ z5?Ey{uW%rQuNz3Xj4M*Y)sK}u1p1TvvF5IG#pYNp?u&#=HNukL5>_ZnOJmCDh{w60 z+nj0wn=x)gHbUj1lX%X$T>0(}KSQWf25rn{tBKJ~h-ReJ6EFXU@8t{}qYKGw`^jFz z`qzqT-UvEO3lQE4^=^vL*49=h3z}yTv`r$cz;zJEVeu7nTWfuYpAN~r-|9=)IW8TN zVm6p5VbJi?2~?UoSR_%AA){d-eYL}k$3puvLk`T#ECHJr{uAo!T#!oNJ{@Hb45*EK_pAv8@eEiR|T=gg0KbMo^;XF`wh(`(5Qrqusge@e89K&Lnfrfz|Q;lBNS zqp3$ApIgI5QQW2Gd_oL34tzD=-Yu<-U>qQ2qFsNJ1e^KUMjCqY5V%#-iq>RcM)u)!PQC@VX7`zq8NMJWDLfb9D4tw zErv}QaqqoQGup)KM)giX=K`N`;rZx()65lY)@mCmeEtXCELe<;BP{^|;_6aITi+Q%TDYHB0@DkywsOsJ&*Wc0_2Lxbw87&eMdwBMpIKm9An8QF7fl%eMX zAAjvjgFa?`Lweh3d!mfW-NE3MkV9IeHc)3>MqdvsTYT{&;R=={Q!M#$Dzz#(OY+>DPVTOxUUSgTkI(Qb z)2z_PBc_&;KD97gegv19qNZ+A(XBjy=%=$PqtM-yj`t)Wc6 zL7b`K*U^;c_FSj(^@>}UEJL7)w({eW*izU-t?&gj_#ANeF+ORoY`IL!kZaZK0Qp~f z5Oo}flG1DU3)+iD_0mjFxP>IKVz}&qjq6s)GSnMkFP)Ryb50<>=hPOA3)&1XJ_+}A zmG}3R+ z&)bTbFfRFnO~2rZWs0~y?upNlSC>F{L*P~H=s>Wiyt(ixOzRF0ZEN33Y-lLX)+pka z7qT_z$B!Rij*@Cj$~gVfmY>hI71gapoUm)r9fd6x#EU?_8tjJi@g0RT`#Er$En?ye zU-xbb>gMT`8`EzHPGKz`V?rwB7#f@E1cqg1*GMsfFsRr=C(8&(^Y@#Nc-Vih^#KVH7 zP~YF$3+g}4%v@)fsdJoKRahS{p&00t<8mC(hM^kW4jNlCEj)ZnCt`H(4MHOHgJ2_^Enn>)glRTN(q zkVL>55qssx{EVh*X*JozTNN1b?r%n2^T*fCRLG{mw;Pv){g zY@}d3E{OHo>fva5L%A^JZUJ9>*m63-*DUoK8CU>WMmhTbqGOwQxqz=j)(L{Sz{N%r zXE5qE8FJ;-`7r^&z#^}bVmz!c)Zis8R_-MQxljBW*K}OKx%tXotIb#qlYyZz-=JEG z$LanLSw=H31TR~yY=aJWnLi)$Ja=MDA6op5>7-JY>W%;vEi znXh|AGdf$PBc;X?_9%#HZiQxmDD{|+2oGj==93A<#^Flr1#S8NF(przkqn}?Bg9BY~Zy=&+ zZa)_n7%NlN)Fhv7GyU@R(elE)jCm?P4YDRk=38P~+PyPg<0jn(fp}BGEB7Ojt^#r- zt(@tgi)Tz>ef;^QG$TWX@UwMS0T!L*j*S!-y;eKy&bG!3mx)_XkDUl*z(}PCy}Vhh zKtC|PY&s+V++Q09dDl8gbZ?k*v*l#K(ON6)@s-nwN`FMUO$`rwb|!1w;I{vf82W6j z>6G5(S+Xun?+(Tq0tqxDk>ZcMYB08Xx*FNNGb+QeCvh+wHABxfAobMsZ3Fs50@tO6 z)KXZ92k_1Tq9}G=k7L`Y!=st*W)md+=ofug7;G1$)yT(2Cr4o_7I&9zS(;>|^ z0vH6*oqzVje?4RZ0kaV=JipU@4PH<6xHp@n*w!p#{CeVrG>-PyhANB%3{qLwqTI!q z0n&KEtH#;+LqRJ@d=5Excrxvx=T;52$f<57(|r=8MEkF$^ah5tR9M@+=Q{eWpGf?T zjvv8UuU!if7d@Y7xvM}iG`Q?K!kohDL=c~dLu)=>rN(R^%nyQv7hinP{D4*}atA~P zKuG>VPm0TJl%Q6F8Q!P+HoE1MkL-SZAA0C}nw#rUfMdregbae%idn<4HdXh&TxMWi zOx8NgINhIC&bk^QRR$fgUm&>vliToC?I*aG%@#-#07;C;$L}WnfqWJeJRDrqa~-im z{#6w8O1aX+icK!=KkF@e$)|DO1gyN55>;_`ubG}~-N4+eV4^^Mx~7RUQq`OmG)4Ey z$jqA3&hbIQ>U>m~GJLUd`(vKFt&s-}%oNXZ535u?I zKU0Aba2Jb5uI&F9`*L0;WSOW46$LyD^>vWWUS;=Q4Xa_be^cIcfAa^?R!HsPx+oa~ zgNiS}9Ml>FhR1W%tDE0NOurObwWG!OWHfUfA%{RDSbcha#oC;1xZ|#uT24=fe^&C1 zA(i|9UuZt;U8#qLbynipuY2RdxO>O!i1_cAToi6z9Rzi1ijl*O$L>2MGP?()DvD<# z_*`Bgm8o}jHcrVOfKYKKVq+}8of`Mx-|%md^t6O9d0GAqZn#fxG(C6%M z)3%XU+%kTeL_gB$QUp7){1Z0EOHe^dZxUI*(WDn3>m92!k=$F`@fiVYLsw%{-t^9_ zlQ8nLCXRmdGQX5T2I~&J3Y%*7rgHiN&`!%WW-nA2y1(nABcbBY$eB^ANs?8VsxK~W z?}#2$jX8d@tC3n*NJoe>Gi!*tOXdMb?6_c!H^v0tOCKEO^am9pM}={-BBV?W9Sbe{ z?>VXl0VD=@*};J$knf}!@jRJufABo~rB3=CL{C2;ZHm?8&<|1ILF?5l%}|pm=v&yr zPG)baS}JQi<-#Vnxn^iZz)i_ZP!T#baR{TWwo!h|J1i%LN1`2h9`kSC(ye@9J9vF&7G_A1lK#H+jb{9 zmRS*Qw!7Hrc0VJ}#XE><;Clk$RzY}pIHV~xp*sjPSYun)5yOR)FYvwM3FD~v3qQSo zRsd-dSP;fBmhb7Mu!3F|(!aUp=Z5{#LLeFMC%(ShpgFK<|< zXk>us5l-l#;92grqeL8nC6I_=9gdGZKYu#CoK*#&+8qmz2=8~iqUBJ@#!m7X{)IUBX0S!2PS?8$$LJ>00s{|9>-TXPC{>Q z=9_4o?-Jb}_Yz#5PPKpq4miKq4j7u^RfMTtVEP14*l1iS(iyH9o@Fe%+3foPWfw8zjU?)0H zT{iM<%;yW_b%fK?w{ut-07pL#%MYKOHH?g~!r9!qVmxaGiZptxY#WmW7^7-KQ{Z>e zPW$Q z{&GIXIU7pxj=_p&rJfb+!8bC^#tmxp*u0m1+yF?3cRw+O)t=si`Wq>by@b89|9Wc= zd0jmxA@TUNRY81fK4g_3P00R>RL&rUfF1=I+gt^e6qKEGRGuR00zm%-*$Q!tBOKhW zYDuU!o(bVFOaRp@Eu)7tvsu3{Y!O({{gO}EAqEf47VH73&_{bevRG1ANXmCqG+i_N+X+D-Q(%XqzySaIlwgxWr!pmVDL&_M=#z*;rL0`?Z@b|b88oP z>T6hA<~#H57hy_@id=kr-8^znp744XcW3x~5p!P;EtK4Bw4LCNM82r57MOPKeZk&W z5QL+}#rZw}b-4`Z;kiZ{!U4y92h%V#yr20S7$eCpP)q>(v+1#V1{fJ>ht)MSa@w1i z`yYgb8oxHLP~En)Cg$DzdR{(RG3C1tN4$;4C{)X;XsVfaMuGkQU}g?L+EkmDpaWbP z&HiZGswwyA5sP;@!;yGva6x!XjWX7nO_`+i6Q4j@sfP7-rX^H&zCnpyMKbx>JRy4v%UMls2~7t17URa7 zU68)UJ=U-@*tD5xS$Q0#{!KUBj%RHJ!>)L9`JtT%nj6uQyab@U*WAx$M)tnL`u&3EtK<;!|e(CHSp zn%r5^roXw)127fvdUumwpC?zE)4Fs{|6*}M*^16`gnV|m&e23o&3&Ng$hrVtS+v2l zjRC_+dbknAbju>##Tx__r(~L8pCu>aEjNbG!8$@Um@|a-?o(m!XvSXv#I*nRA$bwG z+Vg`vgJIK}%@++w;b$mjh@g` zImQix+UUz4^DQlezv9!=4IVsro=R5pri7}8-|t-R-aWzy8d!c4E5fTtWh4B`CvxIf zZ3R~p-DdVZK{p_?$Arl|b0T~lVPR#JxQd2uVjK%n`AlLhFq-+iKELEIQhl9Ud5&cYXxM$% zfQt>2H+=D4?nQ&nfj)ZP7fGxjH6LCa&7)>oF6iEn4L&{mY6Wv0$whqWP#XD;W;LLY z^>GexbN)u%Ai2%;*PnuxhdltC{@`wiaw;!86<>k^^rvhuau<+&I{lk7btUI(RPFly zVBlT^4A0K+xLP3oeRMBcAtl`<9EXt)85Ivq;64hCgC!&-?N?=85U=h5l39eGG$F{}$s%fRGWZVE57R<5lRp|GPH_)Ag;hR=7Qy(Wh2JYq z>N!TH_fQOM_t9pDq4moJzR@nKei}zj9He(aJjTi%=L(m|h6FV`Vf@@DS)O=p(L!Tl zDFF4uIlyjsJNM}XZ?=f#raA`4{g+7BVeB$!czG&K0RO+^`dw1e_-(5}fnwOgPCA0461*n^PK>JrJ985s9n_U5?_w04+4Sg=;Y(ccRH6~FgUWvK3De?Z`E=FNrp?G z%k-&yt6n6)!B&*&oGho_7=-ZzYh~9Yv;mbaXGuQC)PilhIFy+l;s?-kEsoU$9 zVxGKnkm*{7sG{4pM%4(N*6#zSoJ7`iPIY{YOkN?aO9T$))ylmkWsq_;3^^dY36Ph^ zOZ)m0=R;)t%a=XUUds!;SfsX!X`A@e{nyMB&rLx^wicn!TVUECjF_z<+49Nta%4x|{GTke39$cTQoNHrvjyJH)2D4CW7Sp1P+pAQVy!h-N%Ct=;HjqG|5ln1Fy4GW}##;v&CG`jV zp=phtjBK5G@JR`(*X)~j@I880>7(xlw;#bCRE#78WPv=hF@GO8U!qENfBe1 zrbe?OG>{W^t5tgVtyV(Q{>xvsSD34|$R`Kad?HBFs`leD70=aFu^HjH%FrH)CXM)c zLef19UNCBPsSB9iCx0eXL0BwS9*S>8jm#ZZC%53}#HppByZlR;sP;6yC+@{k>awSp zUYbvU2glF3^3NgWiA7eP>mzsd5v7)`MFR1`1TFqMV`wp?}m_Ce4+)px0` z<>JlVY9;^&RNGCdQUwt^RjCWKwg+OazMz9+)wjfgxfvw+I*B~=xGNx`4N5__zby}# zM)LwdAqX@G?0!#;tUCollSOa1UP*A;GY8(TIxao)_Lz?iL{(tNAxshezS(<(SoGf>*XuW&C6HB*G?#W9gzza zW_H;Z*})rTud@k|&Ly5T8_4kwp4%0R4T-F+K*we6+1eMR1{5-_RjLcHr2ed=rI`D; zx~)8nv3ZN$G<#SNDh!oSU`7NvQPCfZJ>z_9jEuTo$B4vDNc5s zDn`vd2P9VnmOP%L_N34Nokpf z-`^>;-A9RIXnNOeot6*_qo)zzz|UX18? zr6MIXo2)beB_Yqu3)x14<`gaQ_rh|60NTHDFkEG&_Ts4%K~mXOLq0>n=_o1sCeC5K za2WLNPWJ>7J-ix;z6?%Iy24#U4qisi?!c7M(M%)>zO^y!XHHY-$9pL@=5|6R=KG z$j3!0Mv)lGDc7a3xFDw805buEdb*JFS+N%*0EIwbl^;MviWV)z(F)${+(GLEWO>jG z>Iz{J-JK`YlKAmGU@|i>`2{9Iu69s~!L>C-X%1Uu`4t*ws_g&*vD0r7L*a73(ce6S zL@IM_B;I_iNUg>D7l*^T1VcU7a`on@yEj9YWPobUhn`2Rw?@GpP453ii&|nr>9(8# z%8bF5QGZm5$y+Mx*UUX=wK_g|VXd9?X4{em#-W7U8ksHUbO*L(r`^Q5$>oX(@}$|) zfgry_y()ejj4V6X7eedymM(oTC*Oh6oo&dt)4_sjx!h>set4s)_&Gl*WwMmH5GP*p z?Mm9c?hjFF^+6z&rSF8h^`_h~u&x}w2fad2SJBb_RW1^eEcg;Oax=TcaWhT9752u= zt}3)u>*e=Zs~x;Y<3pdjnF698ltr$JxHvoWGdfl4>Fbv+P6US$kqR?A?VxozqBx0J zS&ki3Z9@lZBeIA$okg&mA;Dz~S{uce{vLS8EHf79rf8lBwM2=h0-YWQyF-XGAX5#Q zKU^)_sNcCGHGg(Z(ZLt9lG2SVU!}qDX1<5f8o&%zMy-t+%OO%<)s3g%_==Qqxy(*d z7U4Sb?Ts()THxc$Jtm>P87PELLSMW%aS!TspfyvIEw$&k@GxmAOCVI_pBxv*UnUJ8 zf_co2AOk)O>rhNa(?>jrn*isQPQQg5p#~*%u&=MLzrVkyN4?^-2(**d-*egf-iO_R z2d~XFpJhvj?2LwwbEkTe6#<%7_}V#+zoPdAzTQ108CjEt_247cgREyDs11`cGU%(3 zz2?cRX6M;;6v z(lPu%0M_(bY(IG;alNantJXCp0ndK1x#Giz)1HKDVD?Xw47f}9oRA1w?;IHwrGcR4 z`-NA0(G|z!xSx(6c(y@JEgS_@pt&hk3>Fl`!Y)7|!YeVi@cLIDCag9%7>gd~^drh_YPt?R1S;WPRm_aV5&R3Xgy_9K$t!SQ%7;{AInb2J+1hgJ(-y~s5z_?Q>UlFnL`BJJ(chpLe>M262GYqt(%MBaX4%baYuaRp zA;6Z@52dGhbHPgLm5qD`;lmxzY4X1~4J=A^!ye?4kYJDuOKC0E$g}>kZ{L_KL@esI zCe=_>%g~06#Rut;&1%>rPJ5bk({WUz$2rR-G#CCXYU^z_R*?DQ$B!2+xsfT@Y45FD zAGMHI2X@l7+)qsD+iG2QioI zjcQGP{=ATZ7eL}b>-K{Rs0M31!Ub5+HQ>9D>-Wzy(qrxJ5Z$UI)-?7eYM>^3HAcY!2PlQ>ioPkg;a`A1D`)_gHAl-DY{3A8s>NsBy0qWNCB-#0r+phqPro7lg0$ zr#iY^d7@U64vayte;I?UT>yulBnNp5U{)IPk?233BYF@3LOaPP{&ommI5)R`t^HRZ zuAA_1%?I79utGdq01<=ZLZ@GpwO@zyozG_20cR`atj;Om_EorvnTZGF5>9^fJ5A27Ea< z{}E5`#>WAt09;SBf6F`M1BCTqq)dO;QjNm+^8apo64a3g_ZRZ_ zyg)!a05n`Qm?vHSt{<+Qh~L<64kKhA1^-l%_lwvCURoII9Mf;$h` z1pj)|De8~Qdlvogk4paeH9&R!^K9oJQU2?{Sy@;XzPvLBRs`~Y-@`*tI{tZb6OcUq z5ljC#>Qax=tLfr;|~oER+PAX z|J+ufT_HuVkW;Q(W)?8R2o(9@(PeqHbn#u>lz-lLwfzCWRA^NrkAGGTsZOxZih3Mv z&V*?*+SVZyVuEcxZ-(f-d~iFsBK{sK4B0r2Iw{Q&a7+FGR*c0v|0 z0>rhz@T!@)IehRXzj;zw?=2wIUH-zE^>nn>!C-|Pi=C4b|CKiodvzt}hH$c}M8(g> z<=8HNF_Sn3m2UwPI6Z(RibXsr$U*0);|$u><%U!9OKH{^u6H>~| zEZ0R)T4tgea_LX3bI<-AW0R61v{uJiD}hzYJed$}z5Q!X?L^7H%#O$p2R@9l&7Eu7 zjz6-V?kQonBrQ64qkT?cqz`8pxp{aJh)s_%@zH}pLp#RrJ9!s?@;{#h)ndZqhJf@K zAOgTXZ=-2hC!3k6%?yu@-k(*vRQi1vz#{jB|80YUei{rjegZg>I)0R!wA}r?+F?hI z#FKuU>mpxnoQOqSLYfJ129d-li9$5k12LtXkMu=+ED z%LSXR)7fKlx}cUW0yN>*XuR&!4!!{?>&6_|{7y>Ehx@p)08a>yiz||*1a>$r-l=LS z!2Q)xUDpk~tzY-#buqL}OIJ4>pXNygN2z>htv=+tfB6()pU+MqD?-;sUlYgrSo625 z^sn9SFa4KWK{*nbAhrN^2*6E4RiCK3N}$jHXhOXnCSCV^6&1ueaIf$@G|HIo1|#c^ z>=$4s+yYaxXPI8(d3@mhzFP*fs#e2#BIuS_XzD-P8eG%X#8Jhu3Kie|Dn>>_6EWX6 zFo0n6Nw4cjL)~q}{@}40X)^Tr^S%gGWO_b80_#Ntv0+mHy9CO8;nZKuM8y6DCN2KL z!9$HDAX8xD5x0`MuMJB#$l$+7NK6FNEmMsV(JCEpu8Vi~#j``aQgQmA)p@5bgEYSs z);!`R`h>Cr(J={sRuK^zPr}H=Pr()8-y0IK5?C?z9DaQt_~HlfVxXanSA-V3d@~eF z)yo-c^mL^E>h&}NgpXC}2-<7XJPjyd z4!dI+WO1+@-NNHi`6++q0D})q6ifp@f7**O2OR^O3BRa{b#6ZBSX<+cbUSi-&>I*e zwgsM#iF`i;T#+$l|nhWncWw!Sq!RBHuTxk5CxbPgCCV8D*Su}20N zCYU!6ssMLqWetppQ;{))L?H45@ zQm_6ZM@MXK2?y77k2SO&=f8bR_OBs)+Hh7| zb5;Q+LE)&hkV#4}un(F6@qF=(bIU=LBG~JXt;2_uNh(}DUi(>)#6p#z5O1Fnwbj$N)fD%&Q1-G36^MKkMW$mgicP18>4b<&+Hv2j zL?>fn;|)9JkO5t)F@oR<0k8!f;+;4HXiBFHU=d678jv@45?pcHC$JpI8N@u6XSv{T z4dW>s4@sAM({+w5z-2fT$3r#_ct6U@tK4|?$v`5vSx}i}A)x|T>m%H$0+4UjjZJoP z)Fl?%f2>gG@J}0Y8{hCRm@SSBs;kAXs2mAz{}$x)DIK=(-qwXza?7UYcLJ%_-NEzQ zT|_JuOi0{*{8>uH(&&{MguGYR%4dHq=p1wM$St7lM&J@KUN0QnYgnhqr&kFEbc-%s ztJlyCK0W}LOR^#hjJ-dR&zzGc%7}r$1%3n7th+`IL@KYsdnTa?La$k5j^mMfJm{YE z5ep)lWUuMqCGwdiP>jQ>c+Iejy@$4f(6SkJXg>|5>?mcDYURk)@sm<8oDpGD3 z%%a&86Fkc0A0 z$eyi}0)`1BFLmIeM8itde`HOE(@8^Hob(A{H1__DT1t9QOVts3H^Jmd`8X##TMDsf z>T5?P49EH5m-lpjgo`5hHicK?JhTW*uiP*2kEo_oz?OCtiHKBWGF`}ce1w~MYaL)8 z<8_vA{mwitXb`jnWr~c&qq6P$$Cv=nuNVOxo4uuSNO3XODIz1y#Tz;JAWu-n)fV$|_@m?e z$J$j0D6?>qwgxMMAl=He3R#?+c_h%*3q^R_O!*}{e#mO}t_Idgg1N0hNbtVzq)*xd zIF={Q6zaJ9LQI^=7LacHahTjnloQw@Muq4|beO?rkKDS2y-fE_kPCy`_J&(fIkirr z>&b2u9uK;SlZjdZj?8Td>U%B9jN)E_e$HeyH$ovG9051E0YZP zZel3$N`pxwjh-y`B!EWfHGsfKA$4QATj`hGZ+nkqfUBcpA+Y(Z-jNtway4z!lb?@ zrKCKzv|Pw(=X(eAQQWp=54>hLIW>g==>&x9%aTXPrNz-76qDz5nkSsN>8^0R;*)876%d)LaD6==LtDa45Y5yD785pvBbb0atHtQ=|VA4q2bw1o8v z&jHQADt+_lHFmMS#<~-kBlZL03<{c^*Y#l0fu=A|l@3r64;6gAA5%7fs(t<$Q4l1C z>ps1=(%&1xY{WfmCpp_vFCXsML%G#4IxbMR#;F;iy!skOZ&%RjGZ+#rxFp`bdEU%)KuBnl%}HfzTEVU1?=}#f zk@JGpiO)$s2fFxi0`piMgNh{GT68hj$pETqyG*uB{07!`g>$AHTQMYZz0Gf8+0g&I z;L-1Hb=d3?JXkW~7ts&?N=`QO*91AR-Sr6``c-KZtI`@FFZMESS{-NBmM>zEmWjfagY#rw<=}Dm6*OdQ{VNqs1y#*3mCvdka$f2^W${_Tnpz{$H8E@x274&U(o`vZZCp-<}E{Hofr;i zh!PT!yyh1(@*7bC#$8;~=-kVcP-3xwMS8B)6|uUy zYEF@S4e^N&&~rz~wL}8-!L|1K0|f0j@H)(DJ99qB13`frEO#1J;T2qHE zp4Eb%6nO6P`DI>+qj58dvtpG=LHI4ga)Y{9ahzMP&QD|Pn;jaA7yEH`@{S3F^^kIt z8r69Uab0#*A~_cwsT0S~B|!h(8ZqX^`haEf9&l#?B@VLfN3jE`uro~Aa7@JY``fTX z_e9F4aA;_*qAF|8+2AW6fEEAlF7bwAExbUA1!liJrM=L5k)}$?x4%k!fVGjDnE}Xk zS>d9@(7$k2pVDB45!joSr6+&fqJAG+q%D)6ZY){GvARcraYdaQ4c%QO;!ffFc#Ng< zVfv8bpJAE|YhxOrt0X?aR~ZhS%)87{b8{15U+PWdoJ_&S1r`=1hcHYKoG>aXEiAx7 z6<sD*<^B`ZrIeucnb~YD)IapGuUF9CNy!o@C;b`o>`%TZA&T$d0Ssbk;Z4v$D zwSvJ3tjE{n@`xDsx90<%g#o>uy-VFOU|`@_A?Nv|s-9c3C59d+j+-Q{JQCh1yhisJ zpI4;`VjL;4g9-dHlh$2=x&Swu+Lz>)EPnABmN_s*LpPs@DF}UPF`Hqxcx~72V*`Fr zLEWzb7X0f9itFJG&{F2}?2RZeJsPVd+T`2UtFE{vn*X&@^Z%jhyyLOp-?wkikX(qY zsH`%w_a0@Fm6c>f_9mN%vZatMTeA1w6|%FkXZGIDdG&pMzvuh-_kP`V<@${CbDYQV zKHI4I-t?p8JXyJ@9+@Cp-uzwLJ6Zr{wY!Y#vHEn(U!C}a5A1nSFeA?41YKEwX41f} zhxUP<$x#*O^Ey*wiNEK`fqPL1-IkEKPAG?9xwXCg9h|?)+%-0+BH;(w0Y*`)YpE?y zCMYv+uS$NY9A|$9<*^;#DqlFCoylA_Dtm`-2MTYLw})tvVSU261+N?ZrK;*G)%$PT z7!h3aK|$0k*PFBnhAG*uw@X_|U}6Uw9WiLDj&#A7o<=w1)FWN*T5UVf2*@1Dl1AftenNa9mtm?CeCE!)-&dUM?!i=nan?*1!7)u3n}Q?J%`P&eu2oXQ+fa;C!Ogr%MZ1|QJ zhui*&+IXgbNTjb}y@&guR)$nnCq`%5$EH(y0m2*(h{?){Y-}!B9&2}Vj1Gf7;Dt*y7 zhVpImnbRlEba1vE*`--bAMcj4wF>a5} zt5*fP9-RVFsFQD-Sh5E9@Z%!J4;dfQt18}+S}e!Xw5YN~P^fNXhuJmzuKTAny>!@E zxOO3k_rO}c7LAnOAeNzgkaM;n^~In}XZ;(cXSGES*$9Gmk2DBLaZ>Z&#H!v!nRL2d z+x+J&N*(Q082utCUi3I2*mdXYKit<%Z{eQg7Cu(hI-#{&UG)6G3u~+ZR;_Rak=KCa z{_`#E|L?ASvNB!{;Z6&z;I#l0b5&b&b8{kE(Yk>6T;;WlJx<_i{0snZRMkt16a4T` zF);yL4!^f82EPy_@1A;kY(tZ4cE|k3&a>;{9Rux@JeG)QvcjKYdUm=|q^PgI%V&Q1 z^4xWTF_-iXyO@~I_Du71Pc$lFSU^V3{0*k~H{c{^44V4YG1&Pl+ZfK zhljyhuKBjA`!q`ZANsZ(->)RleU@;SIioUqVB2{3YsTCwyhrQ2JJstx%Ju_{W3LT6 z=*(WL+f1-gh{o5+{-|pETh(@1Xre!?Kpa&#?{O_;^`pN}TzB zYxD1)v~M@j_WbG`<;Ev5Y}^ssP}bP&Kl&*DaXPiEK|TOnn92MtcqQb-RZ@dmetcu= zt5Kt#wNCOCsFSSL3u47C*xO^|*ekIYk6C67L${BHR!j|P8Jqjthe=jTn%n|3zNeO@ zmaX?Kg@)qc^*{rkjey&Q*=e%Me&L%TWrswl>I9_|mF>xw`AbP5--o_JAsym6_AzEY z3Q*q>rL@B*T?bX55u_s4c~O zjH&5m^hld1Jo;l|yIe^u9fZ#;)pdn@-@fs;KfA-n7cXgl(v?91p|P|AJN^Zl;twy@ z<9AW7BVTggMCWlVxmL{8Vn$TuiLddzy!M(`7=^Z{;w&KcPLl%FFEgAhoaJEAZfB2? z6HOk0c-lsb;(y9PpqPb+$m`=sk3UWD6zhK?Znf~c)O-xGV@08(dBdPA&On+jcYGw3 zLD>6T$J&!--HE&0KtWv{@JsR6+aM5**JqRwF;TJi4MeBye!~ib{OKmCbEu=s80;@j zoh^UO`iMli^=n{Qd0rc)!=(6=3hSN{+vno6T=W5|{pO?qM!nY=FDK^?2#$z7sG@Ns z(YCKfjeL|iowp5TIqNkW+d$dg&OngN6uX7ljuuf{uNj%1+?CN$A$TO>xb*Iqd#E{E zkj+>z>I3=)S(Ig~GsQ~G&T9L4tVJw8lIFL!C@ulHfN}fY+^z0f_q{JW19{m5GSo7$ zyr|wd*nAkc0GQEz{9TL#Y)*Uk&gOi5S|EyAld8T|~Ejm>}%%{(yA_r^00hXr{S z&ueT&qUQHz;}L$e1M6(Q>tPHzGd0JGYvA$K)G=`L#>~5+Mlf)1es@UKRBZ(~Kszjc z{AIXymK76 zBze>I@~)>f=G)`UN$;@6rH{pbd*Vlen6Qd22qo&x4d1WEnzgAgkCXixk6W3jyA4l$ z{domq;jC+ZFQ^3^Frs#rq>??N>5udEz$ffFjml3Dsl2kk0&(R&%@3#3A+L9G_b;tia|+ zwfw5Ia9POFU0Jb78O(GVv6y(@jl&@UuO2f8;f!)~YurO=bFkqc{IWveo{W+U&caC^ zZi7;&QBXYBwS%{-3Djj-Ma6f?e#dJ1m}MtptM`6hexPrB7^;j>3k9_WkYVLLsDQl# zOGJBzd1xUBbN80fYYcW7JEGA#_q|Dkq`x`OH)o4 zOGVQOoxu&aC~eNfdAcs&C)lvU;|d?w5qSqq4o3b{opBro1_%GV6lwecmwK+$3G9)7 z6qbYSH5N>kzy$PqpRW}nGuBVHvPYVU_wy!B^+5Jt^m3n*=9{5Na~0>Zovy2P*`U1m zn(i?z(KT3PAhei=`G5&;z_Ww8x9g+uA-I5jV+5ghAx?SS2~@=Kzf-k*GG^OkQWDdG zI?Y458qDFSl%D%Uc^0I@w9IG^=+{&#{ngVH|KkP z+x9bCa&22J)FX8a%Grv}z?jvnY#?Hr5KQM=-IGu4q$&YyQ zdSZY4=}~EXohlpq{-?dW?XOY<1BHL>Om)X_o&+{zV(2Xm4I*ORZj4Xx-b?y6wN_V3 zG``)pZLZyr>2qyeWG^pt)c?_T0jVFO8SI>MiAmTKZXBY=$MX^0TU!`P9Z9%!Gq?%c znZa^fllG~_#l=gVRHL|UgBKYQqI0Ake$!HNUXL<2=4riGvw9J)=B93Jh@IOOcuUw; z$d=#qMa*K=gjWRfH06t4gcf!v)DQF`9}+X_vu6JI|MP%IkTR!Azug7FuVu7(67Dpx zS;{TT^nbj?mR}*a$16diVwNst+GmQ**kM*WZYIoQ&*=-RYaT=k;Hy2mWd^ zmwYhp$U>m5kmr{5|5fbx3Vu{P<$kSOv@?p4$fE9nPO)!|y@8}A1;@zF2rywN+ds{l zYMKvu(!SnC?M<*0YZ_cSjw1!w*S)SY!eYXm)$Ekr_$eDZ1{n+=MkL@V{~PXpuRb=F zrPvY17bz5FYf#CC#q@s<#0rhUGOJ|lVHV|2pkJ7c{xZ)YL1InWuZa#Qp5`W!ZsLD0 zp1D%1eWW6|k%ap{mt8!!-M^k|%crU;{>{ZYXivZ~y|W-0*QI=2k~tk*Sxy*sfYAvJ z4FxHGNFK~Ex3e$RDt7eXjWYXWmiUo!e7_xrFT>1VyKsJuBz6H@(qSmi%9)(813*2R ztrrp#Ys|}AgK}m;I>Y}tTKyGq_B#t1n(J+jEjoG{= zX|54ibTX+M&C%T;FGiX`Uk#q~m|=oQI)qyJrnm1OnS1j+{vall3?`&tCB=a4j9Se5 zwX!l{NeKHX9A{7Jo-+H3(*sTHO_#^G&2(LE`iRmkKm$KKv-mGP&P;m0xHxsaVvqZZ%7 zSnh&I{p|=){Hgs*{Ky3z=BzOjQM~^uTxs;fzZZmhE<#&HV2`-SJ?xik`ZPC%@iy%V zDh+#dTwJ>=#?#dhvxUZ@`!%ujkq_#G5-zGDiW#PDx&r9x_j*j#0deK4`0N)NAA>1A zxdF@jQ_b!5AtxUEU`fo7DKMV&-Zi4No&C~;W3w{u!{WS|9e>I3Hs?V%1E0o^z}MxL z3<|_AK53}9{uQ~$n`Rqf%<7&gGdDvk>m}3fZ0hs)*N6-A$wu_vnljNrYxHgnT9kSj z0jG)JJ=ZHc8di#(N3?l458?tjbXn2jzAR^T$fh?11p61LV?-DEREW=Pgh{&7Q+f*# zxc#;i1_Qt1dY|qr#<~%STfo_)18vh&E$XeZ{edt>`jcwCKrv3r=jJx{Ymn;vbt2Z_K>0{-JLVk0-pM-TY=5bX#{kaHF za4$cgTfRNu*qrsF9LfllduZLFLhKZ&jIlaJKOsU=peOX$&ZysOp#(kFF}hO^89TFh zG8@`|?UuKJg`OK0Z*ob%OwptNyx_ib%o~P6lD-dT&rQ%@r2NA4zx;(+@qB`e#IdEs!XF>NaO}6474Q1bB zLAg52Tx)_*qGL*d1)5Y#zk6>bf2YcEi37K;5qjd8u_*a%R<+`sq%7;@^KzvM%>E7T z(wdJFyYPU${1WWcOn@($Z19?>d5mgW6;&xL6mz-4S>=5p z*#1k173C-y`95jT0UdPs`x`c+ofzejJ#WUmbt3OSun+u#DyEoM_)O@UDwlz6=y_`3=j6Qvmi4qeJ@S^GaabCV)MpL@p zXQliz{yVg>D>eZVQ5)0Q zy-`%tGU5XE7Ukm4GH(o-VD4w*6hB6acIudrKX3VpW`emzGe*5^l_Uw2vyI;1tUIU~ z8G%Cjk+*uXoY5%=c#_FlO|dN?%FiS!`5v+Rp!=xy4Br}mHKa+ND<$kZ_nBsBf$2wk zb{Ql**;`zSUR+&08gCDocGzX0eb=5O2acO0RF4hR{QW*$K_R7Qk6d zI&XsuL*$p$sY~2Mc$sI<|xy?ql)f86H$Hl#V9VAC`S-&);fj4jCjyL9KQ zH&(nl2K63vsX*K_Bc1&HQIVR-MZrEoiBz^$zoG!xdPrd>PDK zU?k0KzF4;cL)#;A)MInt7xT;MKlC;o7NhN$5EY1ODJdy|9k3wgx}zd6wD61 zKIedJc1mmHecBlt8>?E~Vzj9!XUTjo3COLIymQ*yugtPVKl(1~$yr9-g4dYbLpLlEt9ZE^}j|EU^KNsp}E9?8y!E|GJP-CXKPLImhT2 z2pBNIkjm&2= zTY#1gZG?8xU$<_Z58x!RiddC5d0>feGJj?FZ=|grL8~%a>E?0ytFxIZce%2)_u4Uy z49t^soA{FmDvD!PnHhu~PxtC*2%jjT$yuV@H#(wVUd^gY1tCc~(HED-ORqZ7@$!CnPAR31V@MN_sArQI^6}%%Q1pnJYn0q3H^_d07f-XZuSE^_wSp#A+PXy5iF&#CzhmGsRX67q!QGKvW^k5Q9flipCf3+Wp|2b}GZ_X4)>) z7`og%(Jr}3A!hm0XJQjY{IgfZN~^xF(WCZq4P%-}$z8`3{sAeZW34)#-WN7y{iyiC)0ZO@XcY$hLUuB;IZ7+%--+(^mSB0{&7&)H17~?vX_zC>iSvD+9piJ z(@zKnHc>0>3|C|znk9*gFD%fMbPS3(W&~rJNi*p{WAH|^B_A_|fKb6ROsoVW*&vf9 zBWx~ z!MfbCY3+E7ktz@VyHTP^{RM2d9o6Zlr-vKs8&o?>sr2r4MdGjWF_RaGJgaqE1n(ek zTHVK`#FTWEzk1ZwM1YR}yW*mC9tFw+@z5_OY3UkB>lhLPdv)`s5__Y%O<}0@1PwBS zWF1PlYYkt?aVHbXX8yetA|>1ZYeQ}!8@e{s=RE&Li4i}QIY9ERj2-Q_$`r2DKLg)- z$9oJmv{c#Es4{62!Ag{+gr009V|@nCdi31HF$x>pVuVDZ788+x=dYS=s-~CkZ8j^1 z#oV4FlaWJ4%>F7rC)(+8gEjANZgx6`3M+ys5A!6JURBa%Yx*bGeF~i{oC)?h)C2O; zkd~K&w12KexXrM6!`68^1bCQ7>0Qq}3PmOG{W#owqf^`u)=1e1)N`J@rAC}S(nA90 zFFVVT%@)I#FUgNj(5#2aN(kc+vr82%ar8v4pFPo)_(NanN$c*uc<}Q*qS?eKDeawe z%9ECQ#Ozk?H|Pl6xmm``EU%IYy)(?8FUtckmv1%d4tVubspCY;zE0OSl&30*eSUcJ zOW>mq^wDw&Jhv>S?j=hOG7i;gbsqglQ!;PmeCZlZfBNGjn%7yh;FJg2j!lW}Uw-N- zrwB|OgYBz6qmg^=r#YZ9!Swk>$-DIh^Yh*$0q8PwPvh>;amz06Oc*FCUR%TQKErg| zEAtMO-^$VY-3Sl;jn{Z1OLqP$7YE7&uYLV1^zqNsu=CqmKI4&?~5 z<1yUBJ0Xije7*>X*#D^*eFjqP$g8pq8cCPiw+><;)^{zd7ym^po05dBSxB-E95jghq7?JB?=rGX(gqMKxy5&A0MHhn}xQa{6OrbYJNv9XEh*-~=@ zl52%_o2udmzrdwlCYh5)LO7ENc)mauP3tq<5^C#C$m6D@pv;R1fH}Q7c<^YXoD!uf z7A)mp731*`ET~dp5r0Fc_X1f2G)6zhg#{^;P4 zW1op=py=iE8op->E;uc_)2jV3z8Qz!W6e-XtQQPxiZ4t&JZhu_a1}#w1agFb_1xe4 zHzKEgLr`7-iqSvIKNlaezP|B>wEO{5XTiV~e<;p@ruZ?S20@BLNmQY7^#%Vie~&=X z=e`75K61*Ze#1=%s6}WtE>GIsUh^A8oyrTW(NkU5ksBDhk(ZZiY^VFrlVf+U7&qY+ z<3^gYAoRK-_0!n9*HMlnh``?bwGU`!?WXU0R6E&6b3ZKxjjq@Km9fHzh^aWBdFZp z7C={MFk5HS15RyV{@oo*RF|9)`IeU#I&y;IAqr-T>{RJynG5e+a z-V(vdTbO=fGxI2apNHLg$CZqMPaT8&jKP^)pt9Xd{Vf)Jym~}4KjLQdr;rhA3$In8 zd~a%sje{NHUxEpvQ8v^W(+OTm{jn-(Qx4`PB-q(Mhd7-_IF8=P6N>_@3&Ik7d7B*3 z^sk@C(I;_chMb}kkUt*F)69=mK!!P?8-+}wSzsYeCbRDvzia)eb0?v(BDVv-(t*x;{K`-NzS;kn{h&LACKCGAx6xeDrK;q;G|Nb14x0Zi-M&*6!KhaEP**P!ZATY0wi zU2A@m4geRPK&xYPYczdt#mY2x|ILob*cYW+HHqM?l9i~FM+txX6P~VvpWUF}vr7Vy zLFjyHOcbrE*3!Hw#Hx6G;xPGLm}Vu&yoWi7*?JA5?iCMpj3z4f`C}GFg; z@&WbWCbNI>0}g)`kG=*8dOxXUQKGl~+8@lATfUbJ=QDG&NxZ-Ir9Agcv+72+Oz1Ym zZgNs7pN8_g{Joh#_zXmiOK)nj3Uv$>)>lHM?;%^8;Y&`FXNx+l_MbGE1Txtd$c0RB z85TkTwJOyK7&`aI*9}5bSD%a9+kZX~gV`IB-sa5DVFtp2`}y&=OBY&layeEE=wgR= z(%<|XfwbeZ`@<|DMP)v4Y^59m?z2#|iE=rt^b1{T-BXnu&J?1b<0^J@;5bvJ$rpEk zT-PW~747f$2u?7G3(kOiyF>mmyg+DbCGxfu)Yh3+0-1&=2DT{Y^5#3dwKzCFDScD@&W*%Dl4#?}(0tAa7FGS!0{Dk!C3Cy3b1Ym0M=; z!u#1yg7aHp%!rxs^XIjPUz*7{w3r`er~H%sJkp3~15S>xtdE!f-W8kdrI$Ir0|z(6 zZ-8iIZNV(r`R9bHMGJmMqQcCO!NW-V1_Zo}ytl|Hi!iJ4#y_#=S8W`U>jK?MIOAb( z(1*|B@$_zF@Yb3JI2eO~fIApu&R0c%HVSdZsw3K~`}$SIP?iFcf2a><-(9)ja|9gW zL$%oNybaBB^k`=+_=S=fdJ)SC%91j}4VK8MO+YV|zjHX3f;A~{lY~S{W5pMs9$>p? zWM$3I$ytGJ`~pl$!)?camsVF-7x=#h8k%%`Siiaip@8$+)*+iw{Pn^QSOYF#@nhr% zi%s@nvC9q?%PqJt;AS^v>{XK?2tueC8Y=&aOeCgmcc1024We7faE z&wK|-28M=N>((5t@@ducIG&u)f9MF*xU9D_5YP z8m=%||40Z87acL*taut#A-Dc49G#BX7-}xLc9-=S{ujTIZanjdwC|d)o+MJo>{XnH zpXZvml&R2SsdP@8oU)(2Nn)0nc=9BQULWWyzGsL^ao`-eg=Sou0o-M1zO5m!zj~0RPePYv+QBN`|6EMBQ_f$J*gawfR#R*cY?uM z5>v4?2x1C~M_jEp>%7iB++(r-KrbFlNS!0p*8{_i_SNt!M3#_Kj=JQz)QjpGAdR=A zY)MTOm_-aBh`xg7;*ZcyU3-vi_DlT$Sf4BTp8?(31drX9t^i7EUw?{TKl<@5J^BPH zNd<+K0-$JCN}e`L?01Lz$I~N^fhCI1P@3t5kv$@YyK{&KcL|sar`YpJ6|jVUiDAJp zq@^YT9RYM2$rmyyVQ(KNut^X@EmqT&8Q}2HX+@Q^4_&1X6IiCPqpfkQ+FiC6Zvj;V zdW{;B@ei0+2>kDSkq0+RZ_U;ZR3xLGtr3bj067jUfwrB}g{J$oH7YC|d0}AUiT(ph z*wO!dq59XO1kJElQK#?M@0V&3JIkhhLqrK|P{|EGa6EM*NVVjbvpl_@^NmAzEe#lY{3%m`08=wb;&p!0q+_sFS!lH9 zn?l0EgO3lHhq#uIOS__u0UH(BkHIAFN`au=N)KMD?KyE~MST-1r_QiHOke89ke1yN z$jQkOr++EuYxEnUh0yJNsS!_KXIk(8#%!HC^ZGHQ0ORE&)f=%pKtRiI7>-U(R+bnc zGzzGys)7x;BC`%!c$Xds@d}RMS-8_zRRA{M?w%g?9pROS-QWbWry9Qlk2@2Du%UHT zL4jhmr7mQ7ZhO<+IxxkuW7?&K>~b}?oj~N%3k=wf_z@eKSNl>SuL^9NOOq(3CVjP; zJDHi{wUXZbP6`e1t@~w^g4*b63;uLB+{d zVLur;`7LMi@VEHZ`Wh`>>S`8h9LJA$%-b?Q+~zFnt`g?C<12~8;OLicKT$i~WkeqG z1k|1p-9@jv$5HgIOl^gHo^cI?XN9yyu*}Ce5Wjcz%TnRbQNUNM9g28obW*%F%I{As z;Cj(V{GyhQm!P`q{?VEDE3^I_oLKk&7yGqC25S4C$SW$s5KjvjRiSd<1c}i(JER7x zrL&Sr{EW7Pg99EuKDwwR3QP(yF2+v&-I0ippi_yIj4vH&>+B?gtN}n@L%y;X&9K*v z`IfWBZ1XzucymJ^6}KrXZ8g!Z!HLNr6vr1-BK`Y<4#-SsrFWC=Or_oXYvoel85)H<`k9}*L-exxl#L%wB_Sw79V#oBPk4H-H$#f}biFlEwwuK-J; z79PwNuQne&ek_@sdcId@Jl(`2IYNp+V7Mo)%=pi(q4Rm|Z^lqkQ@=;wl{^*AjnH6d zDQ@C^IqoFC7Ri}@mRemL{wd?R;FlZ}{2GKr@(3sO9JnPn#)Z<$BNB@5nLX#dpI7K( zMSydyko3Q@zc$FbFoCUCU3w4DdKPZ<^z=*#8ru7V6+*ShtQiVcJ9XG)PbR`)RiH-sZJ@Q^&V-p0`%*BQpyw`*q{h96 zf<>ck8O1Kl0dWcz;{Qc|`2Tne{<1RqfG@MXq;)>=!FweCa15&_Q%A%-@{x>(^rk=k3Yia2hkt2^QwTS=gSBZo#01P{qf^_HVM$4NOUe4mH z%Ss>er&c$DAAIIWE>w741Al@7m(AUOpjXa{s$;iSl7fq)#{aw`{$=4CkB$AmTvcA@ zZR==nU3=|8h6n%qX8}hny@)a*n6j;(V9)xW+27xs|BiKUV^|f^%fJ^6MP?buK#)Pt zwf?`UdJ8gONkFB3mUtC$owsbOpLj%&MX+q-4x!#RH)1_Yt?>W<<3P8CBKcXNbD2Ex zK^xRIe>~-pGdutLPvfzYIj_7r{BuckTXI9qX4dne95u^Y330+1 zIj?(F5Wt6+wVbT;`iN5XS}^SOgOnM0*z53n3A76Ck*=2P3B)C_+kO;tFV`9$+BR#A zOOjrbzD_?tA}ZgY6s9g_D7BlFB)yIS7M=Dqe_@Fsl-Nv&$1e`Rm43LMwzPFIeg4=$ z;|@!a!g!TPZo5#%xC@N?T^TZeH5Zv>P*Okg-~kovFj%%edp>x^Qk9^2R(#tj9#ONF zG{m2rv||% zo3#Ww4~uxzOx;co3PffA{;=Ga;%+z#`M`F(ogY(gWccH?=UsHHi2vPR2Y)}kazm?J`N$Lj zL$M{{T9BIUMn@&YnKH-Qg%dnk7^O0fXiqKztP2j`K*;_BHEIJg>Mo)47% zGbub)WCG|h^spIT9=ZNh4&{frS$F&NuuVCr#JrOTZJNBk_{YJ(01z!h81%OM;R^u3 z7c`r)DXy8PIda-Gfhi^9HE4>*%X_m=zE-N!0zQ}DLE8#yYZ;&mi% za$8(?Z@4_Q+8y&x@JpxAao&f}lu69tfW+`P6f&fbOrYjqku`u`qj5gjvE~{;OMo1a z_k0MGNMF~2; zQn@u=>owYdJGgXH;zcb41zqM46Tjve_wc-yQFM)eEhI&RUdz^LeY&#eb5YVPR-c%4 zE2*RK&OPK$$A{=>OE>?D3gE|wLTx%6w0(I2!h~*&#hN;Xk5D6U4;D+{@pl3z3nJz^ z%>G6O#6AG0@kzBX9EPxlN5zg0!jLm_8(zDE&TctD%k*d#ZaNGl*b!^v<@pXlApjlg ze+%xPO=$a&l9G0z?)o-;sjoz5<_qIE?kw)qT6`3q#YI zg0E(=K8M(&NAH2*-EzVwXX_HCW+5kzvyu02jfV$j6uC^Y6KynUv{tlUz&BhLKW;M| zS_F;fuS3bs5+#~-HLCBM1y8{xTKwo)Jkm1gD zZa2TfLP)4~SYs9;b2eRDGcyDFPW(KB;}hZAI2Qh2V$-b)Cr%5i(4**+kaAX|&lQya zm$C=`qq~&{eel_P1xui*NIEPDN@J+g;VTID#Ek~*dcd$-6&V8U=x7b&4IwB0^7rrY z<9-Kc8As)N!#{6&MR4)_70XD*Hak+oAhqsNx$XhHxWZi?OkR zTt{OmS!E7?|4L$$?Ae#7qQ6U8ap-Fum)T^Vy&+fOoLf2k6*ACANL%ZD(cwjU(LD9F zLGbl{+sC(D??28ylaf;w?+8zMIJ(W}tXJ&OZN6NYQuA%=NBmiY;k1EQj%8QQj%V@Me@{-6fbga~z$lx(0 z1`6z&Zby(9U};5`{?^dclyTPs{ItF?3?LTH3h_vX_nv+)d|i2Ua4J+6lFzH3pu+bl*3>LW%$1Y04l+RO+R}pBL+dXYDZ!ji;vpM|@Z-%Kuw=D5&&t2si5u#?eDik9`Ok zJ9j|t*lITY)GV)C@8F<-x0NSM5h?rqDicRA3Y>WY``>o6Kf5u=aId-G!gpR}&tUL4 z({GvN3gA**?(o_m8`#h@Fi`q^%lGsK6!#B*Lt6x8mjzTO_>a^=qVcR zcx}!^kedr9l+Y&E133MJgl#%pFX&)$HzC4y?OeolGYL+r)xo|8NWzn)vGLdRbjj*TKMh&j&g%S)r?8Hr7>{Kp z*&(dH?AgPqd+l~Mg#W2BL_Gik3^@#;2_x4J3j|2K}dfKg|3fEoX!LVj2!c!Ya$m)+J%~i-MLu)dlv(^BWItkP7KPdZZNW z{C5bG?A9pT6WL&%q-H$}BG2)32Yv!JEeGP!#aIq<__$PAVH|JmEr}`r;jpkqt)F`}@pL?^Co_d!6-W zPaO5;>y)n!8fX_y`z~*P(~v#4D}FF>r0yTa*!$2wA?K&zQ~RA}wXq;ixseT>MvJME z4DG|{<>TRc*@dRRm0wRUCi1=e*t~Ou-s?S5ME<-h)c&g2N>aw7$(#;#EtpF)* ze*w`a#phB$VBJL4q0xd@9pfkW;^fI0ND5Fly`$s_<(2x!xDIDu0aioTCjhb0%#6C$ zDiL35jrw|wfTZ-&5&HWGT2*tA={68ZzTY6WU+KS{kxy<*wf(2oRmIvbmp^L(#Szgo|zOF8$xojY%mTlrVZjAF-@%@W*L>glc4BSlh*;TY-zw_{MH5H7V0Ms1M1{xe* zuFz$em^ME8^d@f!u2CSW{0&+AwIXvDnT-C_E$nqVB-o7j{ICQDMiMqEh*Y^jfz=3f?{f_0$#DXL$w`f>2&OKN(M987#If zD{;o4uyi7B`!|FZtTO%Va}633Y)JGxbz~>aH0_PB%0ooIkIT=jeVbS#I&xK5t#l*%+ zi_mpPez5-9xG~VN(R_8H*QmYow0upsDx6+g_S2l{ZWjw)Xo!VUGDO=K-m3K6CGx}R z&Zt3k8$2s>bC!QcXvH5;*-vvg zv>Nm3q?HllS*x5%ZOszptAlqxWmTKB1g%9W`JR2RsFzih8V?u2W~PuKF@vIyQ5iB% zM*1~^Zf(*c7B=m9S@~kWM2w#g3ms`BbSfuXWALa6dAM&ac6J(6cO$C zW8q;qMe)U^(xFdXxA$p#aLr&<96X5OXYAp_l4~ldhXItoq_aXa^R*0eg5<Ot3fy)9^f7JV8o(51f7Ed%R$-}}Xvyu8Ql z`Ite{LBp6YIU4?qE{pww%iy+i&si)zppPHb77N1|vB$~qxCF(vg4!P|Gn~!`Xhlpv zMH$oIzI#{ay#8UCPswinCc~Xcb4p%kFB$Bh=8sFJP^+-~Xn`goIFO89?_ehJ^Gt9v zG{X}XQc`4o*K#y&uJCljr?h709xJzs4_)X&zVI5(EM0)vSoR%K8{qeRy;;NZ2CUJ+ z*Nk9td;4wuX$>%+El6i&13DptNuJhGiYA&KV8Aa2eHAj!&M3DT&-E8i1LvTDxH*?S zx%n#tJ6u;sXXU;_zo|^GV;PLG{$-ytcChj54n@Vb}#2X(W@o zRs;`-mGoOB-TNbEiKi zh-gJ5ERU##dClftG4yWRo1PI-2P=K9mp+=G>=tv`)pt=3x1MtLy%cku-OcD!u|NMg zap*u*vQbNeqr)AsnUT$z*s2U*2Jgj zFxVFRd}jjnYZ1Z7=l}QIiW~0S#;{dV3k7gcwv9y-?RS+#UL~lVwq2LrpQgIY6PKF( zOfLlr^Ak4mK-Ey_Y0u2E7jTpVxaZwq~&C&D1o zMT%KYkat8QP*fD2)WwOZ%V*gkxXo=NBG?% zcaiu3)tq{D%dNFZa%O))9hI-gNtu`x_VeB=XJ$fW`Q)0gT^5MCS z+XxlbIp-z#`??&rrbQC8f|{!LJmny@DfBjseE5v8Z|McTO0emDg{FS(foVZD3L4r} zBc(|rc`OGV+9$K3gKpbx$Xt{jY5CnaY^p%d!|FiQuY#p+JI{C5UD;ea|I|1uh&}AX z$vh$l^5^HIj*nPcMkorzbsiWt#=F;%2}WHy*8S<%wvp%a4SB}xrf?>}lSA|f3XfY; zKZTw9K$ifX8`xA%oMn0zMM&Qvnj;5mv;tv0r;Y)g#h_;qKh!pk-p$l3R{XTH$s-1n^Aism zzh7yioeRIR;My4{&^dV^vog6A{CnW(Lx9c#gP>J1w8?~&hfCM>{;p3(I7MuteNq%3p)mH#-vAs^g3zu`Ap!Z5SGE zP1Ni)4X+!u=)}0~?py6fuFl`w7HfAuU--S4&liy*=yS40;Jvgl<``)bU3l_hJ-%|Q zrJ*KUR0f7Z^Sd9S1r<$K4dav~uq92_UTyD%Y10TlF^Z>aKNW`oH8^tz>wH~)?6$dE zqT;_NX|Y0*1U>zBw^vIO^clGk1@NYtheVbQ&3?% z%6LcM{_o;Y;aX*z&ZYOu*t6LC%KMW|E;htC6kD47HeWmRso^a7?hX z%kpV~;LKEVnN_G6N=M{UdC{-a>Bv#)NV2~%5$}I&vJhUb(EHSL?)bauWfhHfj4f1QO@l1Q<=N+zpcZd)?$o zDfZRT$p^)CFyQx8CUfv7`);*fetZn0ih88;XX_fWQ-YP<)s8jiAg<(; z@+kVMcv}5NZ;CUyq+ zfol13(zT3C7SnVWilTEHNSI@gPhiZ&j%i>Rm{$>**S9NkY~QX9*V)KO4j9t zvR4O;aw#+sgoR!GfB1UqsH)npT^JRlq!gs2kxr!>B&DQ78VTtZkWfHk3kXO^Bi#)G zA}OUvN~?5Bhcw^ZKJPEid(QaA@Sn#A*=w(LuY1n>npeQW7V_sx6FCYIQChF1P)F3} z6589Q=Wcq()9QZ+qbi@1t2WR3<*>|QdpM9E>J&{2U8seGHk`_USI7E2#wX-TgUC(6CRtwO7A=EbgqnV2p?9>k^JvO-*)@@H%rK|PI=D{H5$MA;BFAs(Vb!ni>ji4Rgc-6{~0#;8IE?!uH z{S)p<96+M+w9uX+<0+Id=4fL9YWzBoy!z6`jkUFx?9=WbEH}_Bzs-Z$(E>9&``vzM z((@i?WB`P${zPA4>QM2CQ9V5g^IX*814ko*F|T@zAKirCYHv}^5Hbaby=%wH!}-zR zUQ}5*{r?=zK`)##1{ zu|^oJGw0ABnZvX^BR{`;*??aN4BD$t0SS-&D*S^n67?<1{4JqpKQKnI5vQ*sb4x?6 zztNlZvrqV=3HivITebmf+rU@Mw>KVWEm22(Ggc94I6tcab2lvxyxN;r@eDI9Tu2B> z$Rbd0*uUxI5fBdsD~eU6E2XKsqf$d;ky*9tmC!y-4$iKlC*9|`zIa)vYZ3d2;`cy(FK=Z+(*J$%H}0Cd%L?fpM$#IsHMkrs@(!WN z;n;K>ED9?TJE7E^F?|0Wr{nZU>JzBgQ7=C@_%99zzhNc6?_4`u&8xrP#wqM+iuV-n zt!01v(yQlP+n2{5d36qd{G=n~aoZ=1+#0&gap%v>9t~$1?#01tgCUxW=KkwA6o!nE z|DHUB5xyjLANk`md$mlyOXL1aFn4}iHTd+p`se*gN>y`O;`AT`1d6AX=Gal&E66>L zxs_OKK+M4g4h$*ZAcry(%ymFR-GF2W`1qVXu#Yynx-|m>bLl9=!png0v_}DuXF5O} z1xCOIRB9i)OVZ>i)HT4TF1+4aLK`W(FsM&zz|ceC$|&uJysUitt(A1oTQDdB_sWD{ zRC8j(b#lKR=dPBIbD6Z@tykW&u&^NfB8B#>YdE(LN;y8Hg;!2i6)ET4pK*_KXU>E% z#t(vC>gOe?ZMDFIj_|1XqIexlg|lr#n&DN(^%Q;%Ug0l3zGB|rCkj+`77aRx{HkuF1r5@y-lw`qXr(N)1-y;{Sn;`-`Zox_hRt2Zus zKq{fHxB_ln`d++``l-8Xx39%0q4cTMuiexwxW+WzSQ^}PTk(GGR%TbA=uf=<6h8z5~ z?SY_}Z%_)6SmDf*;}uKqQp;Zn{gHu~c|B8bk0;SnZ?c&BmBrX+)Zj7?2fFg*8e1G+ z5swCfL^d!(>vs#{A(0G@Nass8(+^=bXvnl&yQB6T8Mu5H^~pyML>@;gVY4Bx9w9K$ zgWCW>@)mePIqoBl(poY`pNYjUkDL&BzLAoQwTA}{m+?}zYJcbyW0C-MHtMb z-}_lPfqrVYo&3cTu4}dv|hBa1W!N5Y`#q?UZdiWo$9KajspI1rH5U zekvpr1f{V`HC2dcF#KY)tofn=Pz;tBaqvBmqohY^wnh=Zh-sLq()r|^gK?7_*crLC z>rxYo%K2O*kU$L^RYaucotFvW9_dei+}~Wv(?hI4maNOua!_9yp{NJh^X*m}0_zJF z*9WMfww!_vHtRYi*Yhu#cY((h`!!NB@Vc|Y=osft*az2Tb*vSal>y!k@rKNqC1hQ_ zTGv>HDTJNQPxc_B@*zPVlDq1$kofu$Wp~xHEu-DKm+Ggww^VYK5~aF!a(2BWaCcNv&@O36aOgapRIl5dUV-_^sj&Zm*#0=^6c zVr1Q6u+y-XxI3&XtdGtpwM*nAI3D0E@T`zLqW}2kjFV~wp{eK&9Jn+dajB!u`xxIM z%;wD8yg|{$B9rmuOJCn%tpu9t$InvtRH8&WT}JC71ynLEmMM_)|JWJJ;2i$wg0AyKcpz0 zMUBo(Yq77rE8UgIdQ;Do8O*m{EJP=-T&8G=M_O-8Gm?Fab4tv>3cKCgDUEZE(x2z}5pd%RS=nV^_Y8+T9Dd@mMFPbHm~1Qx%Eot&EefoFc7FG+LR) zr+1h$pR6^K?j;C6K5isSwOmg!CSoR1X1%ap46}qV8YYlBx3}{XNbg%RCGZ(*xaL%3V=zG4^^(;Z3+jS1 zos1LzCy=|{;9!!e^(*+cKEW4HSm8J=hS1Z}$^jxG`galbH^$(4J`ja1vF?5v_q36T z2Zv+`skZ%s2bp@pd|odNrieHn+2LnDYxI!N(MtOU^#zADpi;rO?e>9PK?0mrZr?iCe9N~gG!l^#;!-g-8XC3Bro7np! zCQF--w^``B^CKzjM^Q4q<}Gi70lA3Wy)lOO4PR@g(}|r2b!szsN9^7AySwFCmRk-v zOrWD=PI7M~7?aVi>9i=A-=RV>bxRwfzF&DH$fUE^F>O(F3!Rfe)$Uo<@xyCuCb;UT z&l{d3OF2Gqvjfia^Ba#z6W%EUE(?ZieN{w*R=+4F`HOysB>L&!1GbsxJ-#LoCQ{yJ z*UvT}qn8md7ydv^d5v(*CG0)d%YPLiQx2KN9j0+>O;W=(V$LE*p0&q_nE^V+J~GMR zZ${NIW|Tsfe((L)ifum6$M)Q>@FDODcb%?w$2)G9Ltunh6eTzsDXOFDO|;1@PziZs z;lv!xH3{DAFcxk!M^zwr)^}s%{J$3mH~4I=1ztx^3az}n>Rn!SRbGJ@&39a;S98*J zj$BnS{^qSyo^L|{vBn=aA0H7`RRF(spIziL$hkjIAOIJV7wEsoD*{ErYgqADjsPBa^*M?2={<&e6=v)Y`-waLi4R9cY#h*SF{bsbFi zG8YA32)3RBUe=ALi^wl7mKO6lKN#yQe*@zwjb4C4SQDN(HHC(St51=EU3=Tk>Z5L| z#RK#ZR~R1&QcMU@&qI0bHkBxf{@9#HYrE`wPiSDO#+oyxvcWGTTKdUdNISf1hxA2}s ztfmyg1;0>nK})oFV8Gl^(gNoIpl%rFMCN*4Me?gk^*z0gQDlGd$V_@{%AB8iCHs>T z<>B25%jk*ij>Y4baiR2zksB@O2S|OU8&_T0&47Ow#zuy2AB7&+-^)wQ%7{#)>v^Cq z4LZAF%YPYu-V9*_=#GJg<_bGL;gW1T?EsrZ#}1^yO^rA=+*6bt$m-&4=aSr3|9topo!PQu7e^M~ zZu0j-EZ>7kgYe1n=(`Uin*H`_2|ibe;1r$5H(R%{?UFQf%+6bNQxy|d==ip^%*nOf z##R6PS#M7_WZd6@_|%HiP^ynE;jrR97rEBG=ku!SXi(U z-1{jHoW}tI*Anr+hl4KZ-5ur+hOVJSNb(V@qROYSxDW~;3gYUJhRAU2oZ~W<>0CJj zVb^y_Ti=}9=Vp#DJwW>Cd4LfFR{hksGP5AqrfDD;#T?rP1!33g5~#jEK3sqU zC_{ZOZu%atV9Ik)8&gp|>q15bfZrM7Xm0Il;OTROCF8X^BPJat6PT<1SjX{sNFXvy zyi2wEo_0-#tOfd?9&w-+F7Bdre0WH}l<0HN41qmYybwHg0Z+8Y=t9;2aG^U z1_(t6KyfflA%2Lh6163l;t9#5O!qiTObxSN$}PVDfVwC%qXIlH40|7Zdl0Qw7I{Z+ znExjj)v+A6L^++YyNgs`wF8_9XdEEkl1^>ODnlu}hX~i`ltJyQa^y7x&!N1Fb124} z7qgAEhWCX2BoA2iB`nZusHtUVnNK7h4aV?M#Fz=?n3h4)XWkr0cqJy-k$SnMX8P`p zQtPRD9Z;JH;9MI!)9k2{C&;i*=shc$*62N4ZIAtsBc=Yirqhr$Gb1BImfQ1;gxzt` zc~5NV}o8)=P>K>bD`9W@Mofu41NMCLck zVJNcM^j$K{B`qohcu-g4!hi7=?`_XM;J@YuxZDxlvug&_=Gxvc^>524;uQjv<^Dt5 zKfI3|EC>&ORRTk3giW! zh&<1N#CRaTD(I|pgdSU?e4vp1; zRfJdWF{D#Bn<97P^w=WW35XWkL!Z}r^7ZB@JC1(siOsyqfZN%Tv*r^Cs-}fo>FTI9 zMnPiU``!5u{{y!1W)fb>LZ_j8ZYwrn^AUyDeKXKqYYH2Y+on-rmUVG-!w6wgFq7=q zBq=ypNsd2&$cr}{nkVx?vseyU%)mz?YH->pvu^(_dF!F{BmVSemS)&rl&!$?OZ;NR!vaT*r?NTPG(vskc=T&kN<< z0blc64Hs-jzVg;O5TN$q#f;Sp zQlozJJU%L1_c!{C{OE3m`>T&uT>a)B;!ui^I8O6+m7obz0tp#t<&Xz0S^Ks`BdTT_ zY26)r^ExIZ^aW#$W;ot~f%?&VTneFqv(=OA?b_{-%O9M`Bk-=S&TR!%)w~SgoHHfR z0SW6&P|y{uhtqU>80#YIusmtBgr7I?&T@MPVg5;skBxOZuGDvnYI!9Lq9pDOu?h&W z%3`Dlslg>|i3p~i+B|~64Go6)`&!$A{QQgxy?VAqO%9u%Vvw~HC( zZ1U!~-O3=?40l-tk~g+>j!|jhSkQ*=_u}hwEG59J6JniOV3Qj^9DLhVcg5V?{Mp82 z2b!#LPm3?v3S#_A;;)QrlVHO{YH`Nn3F1W7SEz5Um#3PdA>HwF(2iXJvY=~!s$f$T z+2@^ozcbIldkr@FC_w=NqIOqxpfz*Cc$ZrQ(xB9saQdv{ zr90ev*qY@H&z?-gan3(q0>W^HGErGPq%44_(<)NLdY)7GfHYae<-UC-;b6rdlHHZ7 z*Cc`#)E@7@Bs^;FZxkNfaZjtF54xdyTryeuYOHCq`8WBZO*GGiJ^@s?yn^^Mdp99P z0*J7A|7c2E<=unSQ(BoDq`Y32Fg)8KdgMJC%q;h^FS&$W8t5QXPlcAL9Y z*K<+LFAuU(#QlV4{C(o`{=?c*&c+CY9gU7Mp3}J0Ann4|<$AeFfyA~;>L%k#KHj#U zVuH&!7cV-bci-@m=ucxm(fEAA07(ME!q1^o*nB>27?Y9`-VSW}@y8)_Z^5hm9f%YM zUvl6Y_`|>hWMuWgRDHlMJv@UdVPgZNzV|iDlZaEL*AWrldU{$-BLrXDfheiX)Y+eu zMJEalO|X=ZjRY&}*9fD~Qz1@H$AJvVD+Vh7P-o^=ve4pOFYSi5!?}{_dLQHZMOquT zv)ZH1{holctHjmFc(|Xwxu)GwG@8d{x)oAD3jFB#mNpc|>>_%j#d;d*>Sn@QR0hO7Ec7q8GHoW!*{GbAg(h# z<7sOES~jV!&e^l;tGN_#8L^7<&;=9Px72gVnu>-^Sr*1=qqrPbUEvN*>0m*z#;Q{JWJbmyYuIB zJb_A6;Xf3kT0wGe(n$y`IdmlrFNOMz8+98RBKhw77)(TPZspJDml}N36X?8?z-6}| z%V|SA%@EZ%LjFB;3qeFKxRmh0HpvZ?0j78pRb{qKgPv!fjSv!jDIcAVN7l!@H%Xn7 z;&E7$T;@)!8ZewURtpl}ze@`HJ#B<{Hvi$;#h$Oq;8ECbp8vvef`VUKmEw8vSA!NF zBk`UEmX`LnBio(eg*q$VSI^vuE&pH|UbO-)WjsD4FBKYGQPb1}kOE>-TzIjqe-cm4 zI((zFVwSQtfJAKbhXesce+TWSy2()y9I5qg?jw1^hy4cSZ5TEttV~Hl%`Wx_k>{+V z_KCVp-53_9p1=2HzK+thhW-{290CT+nB!!{(%TZC!9-AVKV~Jl@4mVFWiff|wrZ*c zD%#UG95;@$tRi#8eS~NDIbAQ8=OzEc)J~QskZPCsL}~1QUNdza3$V2x{$yD@Ay^;PkOc+>3U?XvVc<|}a{e-vOy!WLM7*^IL z7}2zC*#C^Do)du#3C;mKjDL3JBd7!a!ySXhhwKI9p{+&OAZ{&S1q=+WOnoTJ+dK9} zj=V6hI4|{*KA8uB?+>M-oCnAKK)jbitFr{2e6?fL%{Gu{J4adOX6+?0fwl0Lkr+@N zq#%`Y#?2h+(j=0|oomIn4D_tQM5^z~>&$+SMr1v6Bn?ykucL^RHHwhOZ_mC58Y$E| z5Q)=r9!>`^m^EM6f{>Ea5Q91;EfV858CW+vzEA&(v}8{u%|gEaie01tAIp66Qa0Ht;|26siv ze?#l=xa5IrS}O2YXFWm;;d9^`@(2C^R`3UuY#=&G7j(4*u>i}sl$)EImevUPHsF(j z+Hwh$9H5cXYAq!d^Erat*6oilC+QdjC3JYZ2Plcq9)lgPxc`O7IY*2)Z2I6mEh8&i zXd)Ly4o9b!NaU;Xg&GgejqDs8wOA|wXaIioAPCxx`sl|_w4vdKyL)>*fp2%8yt#_W z(2V?wM_*?)F0teJ{F*0m&8-6%^jK*dxx7g_{?b;GqDXD0;BoUd^i+-n3|vhV^KDpL zIBY|jM{CM~fg)10a5(4*YB7+gXwpZ3+!=_;`SN6;;($aD^`OB#Q~UYoA{^R)$D$R@ zgCyCSeP4t_vOM(h6br$Vt=RDWL9p(&F{y>t=x?m2SI}rA5uo+`&z4p1JIOvE5gYEl zxE}xrC}nDT2pbHnH_^Y0*V0a?ypY!gWZWe4CaG{``<~{Hg-v?{H zXoNm8;QFL2zPg&{!t)Y@S^zo&T-5Bf$KcfhtTWB;`U3m#3!y&g0~^wVz8?yqlLV1! zyO5J9@NgTy!U(I@aoP_+C>VDnrFM>o0;2K=-;a=+m6a8bLMZ66$Lr6gAyL0@1EF*C z?K4_GMX&XTxDA9m5HP=Z&<6AYElt23ajC>^H2;kamTG}Cc^anw=k-UR9f0@?;1wS=?o!rAMLOfo)31=nc|&(Cv<|Jjh(>yHr(G;jbdw zY^1?@Hg*h~O$OOs){D%{fXPKRb&EQJLk1;ewJ<8ZA?+XSF}@2tiV7I0=+z1}a-F#S zT``|w$(+Z*{ubc?Lg3rq_r?v>7@31u>Dm8AfCz)Hw@d;NxNki2dR&8y;1dB>mD&{9 z_fHp)L|3yh3ug3b=8b@xfrIhNXbF%8)^DOIVxKsB+Ay1|&<}tS6IO%gPNvJ#laQUP z3@`->a4TrP4S^G_F*g`{qG(~nuIk4MInf%?B1j*e0DOJgEOYaZ2Vsi6k)TY2+~LTH zT18|+jawt0LUL$mIASX?a6fBGQX#rF9E0leHnplI#M1B z3+&dttY&p3rQ$(o>?EyUMzJ{UEhz(;^yqzHU1kOr}N^;9M0#+}uwsJG2XeG6^ z<6TBTimkK*OhzE5gMUeJv#mTqx2Sm^(-KV5fDQk5*OQXbw9D&VT`nL_W3yd~Tk*hr zI)6BG37|xgXNmp+n}HkwZI)SVQT#%*79kIC3j%Ccc~_YN zcKI&(SZZCTW!^9^fsdB#BZ#@0y}ZKOobyiTuSKkWkI`afmf|7(8B<5lY`LN97r3`i ztE^hdh{`ZaiC$_WU{?IcvT`42Hb<5TbDQVWHrYDL*z-9v{RXnUz8mp+?=Zl8;DCr27L<0Gk)fes>bsTw z3PvQ=ObA&P@;1qbtbDRxJURV+R-K&l@*f83lHLvke__q5R8A z7|9AHiJ2g$OQ zS`TM2BnEaK2Mz+_@BH7Se6liF8-K23_XqE$xPA<<;uawALb{_kj<)-R^Z9G*4fX5o z_}@7W=yw0W5{o7s5=5T)YV6eGlwn z{EbTg=B-jv@W&4k>rE-hT^h&<{qp7ENppUFs8kpn`yW+0-$ojq3;Y%FqpB+9xvlw> zC6Y3izTO?hAAHt&4J&{-JzZTo;WzU_56edhO4=qX+~ZTu=S2odgo9R_8=>7yizOBV zoyN3C&*YI>^t4oFuLaPcM)B@pbqpR{Z`lndkWOQ$wsW7CCjc5+q0^J@C@M{cKq!Zt z$edC=t0+`YUa24uEtDLVgJ2k56Ag-KFM z7rz=0XP41j8-L^%E}%R{wrIq4!U`3i>?hLhCSDfY%G`Yd;YCzU7XxRz`izVh#C9l1 zhlPrBScJGD-&=GUydk%Kfr{5A)@5YzV0{c@WZ7*O^YZo%6qUllLOy#RPNfEz-cK&V zu%e>Evg<7oWVq<-Lzeh5(+X&s4IA=tISmmK-tsOm=pcJ_v(efE1Z;n+BTcsAWx@C3 zUj_Z(FO}o2gbuep0dD=|(fOBQp(GKdlc2!uv0^EL_f6hb%(NU8;$Chsa`x{Z`9|hu zzZrX5rHo!icjz*9d57QzPM|#dFNKf%PrK85IwK5RtHcfi8 zf@TU9sT;H)(7Ft-5zatMB_K)E9tnbOjb30*Sz21Ml+m%tp!AcC^F9i|JOhTdJkiHe z!k6EGSTm3-W)^sRCwK8KJYqOZ(L6POrm_4SEHl33aGNZCAS|pskEN|lXkt+9Djp0z zNb`ydK$>-RH)=~4X%j3AhONGn+BpzRa?w5~p*%xO*1nJ)GWx^-e6NVePhF3!-=_Vw zI*6c_@j03ek?~-Ic;DDSXgiAX-AO@)E<=5TITJX_3v$UOU`k+(HB-<()B%G8%|@=j ziyMX9FxR`Kt9Q4ABi4~pW4K0#LVhfbLq^HaJkk%JSt=W&LbiHNaK7LORl%kwZOom*pR zJ>{hV(Q)z8XBW}CHfwt(+{88rR|4NiON2lt63J z`Q#C;3^YHZp>SBq|L-Du|GmD+(!^AamL(8{IZy1&Ce8@m0Hd{-Y8@fAx^_`m{e>Rmk zkI&rao!2%hRHTo&Jk(8l=n~j*6>aZP$q=KvjglBVBoNy|YiQmko_OUd7dd6AfEbEUq%T>2+3D^3{(MObt0recb)Xs=Be3+e{FWpW zAPF*Cm#0rGEorSs3bm~Dz24F?C?`q#Wo@)&G2Ic{$GG*+;(EGn^ZnJtlpG%Wy}%pf z+)rr_G~?OWxC0Ex6bPznZ^vB@O|Mhh$x(LY6TlPBMJ%C3*Xs zBqh&CKQ?1+MkL5{_sX;1xcfFhSJ&);!szhvgE@8~EIe^CVa^twv4xUFm+#pgfDE-q zfD5)!OWZx$na-}9Wo3i?OY!Ia7gQb5i_hmTF-=3ZS|{vZPG-8hsN zLDyKX1~4RfKYuQ`Q?h(6bFWEqiBrGc<*uCk&!0c<5N=FVg}jC%^KEaHJjdqqc-vCF zD%n?OCl{w%_41dgeGky(p-^hSS9l9}TwnAHu`h6hI%e+-SHLFbSg@#2z`?;`v3Z>J zf!5k_BCHnqZq>Dpq zj#+ecCq-jdv8`p~X+L_m82(V3nRwS9_SDSKA_yzYHM-YBT>A}X$jbx)?v6xeit^R~6g-5SPPU1;u=)aXLzb^1|eopg@ zt8J>Q+D;(OWx!K96*qBxcy&1Nus^_8Kw0&4=I2P{)iok-&MyNe;kpE<2c(nyzUXek z(xcWrwp{1edzL~dGw^Sau1OE%T045B(FWks=x&h>BFeqkyZbcc=A1PP`#3&)AM2VP zZ$>VTStD$-$|2l=PMO zy2u>vFx|w?sy|GXBFo5b*bp1Yc7oHl1Dyeh_@|P|N(*eA3$R<&>Soj%JOO7kmW8*v z3`kZ#mU2=xBqHGs$rVKzS3BO@oUP~zP7BIu_CK0Mk8}jTGMV>{ZQVm4|iAV?K+mu2&rDRkS8h z*?2-18JhOx=iY9uKTWRa398(0U4p8Fl6f2scHza6#&vN9W$nw06CSU_`wk}q%o-t- zUlI-~+?!wSuW0n#;YSDrz;RO>DBI-Mkq8Kl@^4YMXV3PCb774!3kxT|Ua`I6`_|gt zJ}%*kT(Xd|tP1*PLKQNy#OW7LZWq`YI?K`53+A>u$_z~B{IoF%5(#vyp`|x0T~4YJ z&8coDEdE7c+G%hzNo#8N37fn_#0lHaIK9Uils#n=i=$mwggiyrC24vbtLk#u=mn;N zlExpbthI|$u;Q3=MWd6va30_V%bCcmj3-j1i&6?T6vw>hX%L`|o)GcLt|mBn{391@ z`efm$-;_iz$|}kU3bB`v(UxUQCI8ZF^zE#}*o^Zk{M!>2cdI4M7x2-JtM;vyI}rKP z%Q2GT-^qSNhcEAVl@*4d51(I?th-D10{w@ls>A9)&$nI1AFG8487kJSZ5K5y&xo3O zF)gnD)*0j7O0L$`O?Y?Cs#EUD9!hNHb{d{JgdZp`WwO9}1qBmb8x<8S@*CX3T&Dp^ zh0)i~Ks+%>$TK_P{if$K1Z}&fR{DySyN1SFk&gbtva;nb*&qQQnkvcsRyYYqymT=` zwg^!2?nTQ{CW?5uKttt|?;a})$WGThfkqII<1dj?rIVRJyp@p4`8VPhbFVpv`n@Ll zfat7gKkX9Z7JdhS%G}A4Su*FQ+ zx=*TF>~qicbyK_f7(&2%KVPF5;{-76SkZVDHRTWrs zBo>ZO+;b74_IN^gog@kWhF77!Dsk{@2bu0X#i0osneJ>3SqDuIhDtOP`uB;vJ~kA7 zZmE16(J?A^c;RBYeE`Q6le+e>pCBVV}D;%j;`UlJm2nKYgkDnBaln{w$vF zSA`17R}=yjMl0#fuQhsOsF&2aDe13#<3w{n6(YVFJ<4~8_!yGi7*^gVr8)Dt!R?w< zacDriX`=JwU98a!QV(^+)QHjQJj>^s1MIg?7qpKVpOIbs7JqMPF3e>&6OBKKDEDV~ z`V-$%=NTI4$z}JfN6XT`DhSpP$&NmCaqSAze-*2YG|#y(*kGJarV7CXsKA@%t_J0+ zC~k6fa9AR_9&F@)?ymKezTTkJgq$W-#7jN>qe6TW#(OHiBgqlmOnBbe@W5SDl2l&# z1Q1=3#3wXVPTPG!a$U&w@M5frymWWEuuxSs+e3jOb$QZZo61Zkiqg~iwrcbfi-So2 zba?oMY0B_Sv+tsXSYUV3tHGn3J^DIzA@j;7>C=z9j)Ry2CINKj9SEcbduGODt^^rQ zaCqZ~!w0Nmnd$qUIUy$}-b7dqGD?Z}avqWfNqr5~jbx z*zbUDUgFO|;p--ax}uHB&BM^nKmT?FF%#-;_DrExmTx+eo+m;eFOHQDFGs8cn|YN5 zKmTWFgXk~cEV{X*dtHhLxF6Is!qF4|q+3~4TF%~OC%0vlis$ZT=70P12gbfJodY@_ z`2ttm{n`F**VoRg`j_u8*Wdmg!Z^W4T`j6Cmhw)UygHI#W19L3BV%u_l#}DfqwXpC zBa(xqo2+fyB1d&M$W6MVY^iKQY^J4%8#->@-VGP0s2s#_V|G@Pz=KE^(@XuC+@(P- z)aQ6{kH0H!rl{Ne^K{G2Wx6qLOp-Rx(vtIMng3^lP!c`cZcq0+DTp3M&J@mhw0ULW zJ!(sO-2dfEOdO4FH6GtLyup~eir3N6Erb|GL8H^q(4dLaoM|S*!^7jG{H7~QisoS4 z{EhSZ=B%P^@#7DX^MDWvc-tE${vqEl@;a@%qCD_A=| zSeR7ibUY<4INNPWr+ggU%w$E}{2i*%exfQznJ{Bq81M5-TZP%dg8P&@ygvH+hkQg4 z)-oa@msFl~oQIcHSjPuYK14=MTa&bjc5OHJh^pV7$p(0ss2xTY;E8u~UehH&3mLIR ze_ethS4^a)q0t`Piafe^mjPnwG6=5pT1<6BAR%kr0Vq!Iz4z)+j<2sT;qTSe!7e`` z4P=?Y=vjzIODvJGTIpGwU1th**?8@xpxhlF zp;l%SucYLeC)U>LzF~?A5+M?u{!SPAF;xNC(&qLu^0kv|Qaks5dtZ!+`54^Girf^% z7r9F)eCri7~Y*gpQpclj4rVv znfc{IQh)&==|$qeQD!KL*y(#rfh#)y6bkL2UJeUSSgJY-Le1yjZXT8yv_=w1cCo(p z;u@Ly`Ms6)kUre!E(-N5Jf4g&wv+SZloW6U=nM`HhH+kj_3yZ}v|kew3eByMlDbc| zJ8J_r^I)_AxaID;UkWCa7s&x@9*fCvQtUK3%6At`ashe-#RYi%UJE_Md7=#xpKuG9 zhbjG5b{5~9nZ-FehrYk!HET0EOxmc3Jsc8|W3KFHGP!^r%>Fz3=`K9)AzYE8@ta1b z0g(y(7Ho9f+MmB_Gx`POhERHUTT$(QsIJbB%Ki1rh{eXy@iHejHL2&~^lTEvZDLpT;|8jqFqU8{i)~N-EDc!7d?BBfda-1f`Dui8rQ3YBQE&ahj~ML8 z8X~nH?;G#h4khk&2N8S-^kp?O%&EM+zxbN;DXO{V%h~Deo=p3PXaUfa*e$~Tt}?CEVTk2VzR>=>J>dtpsgfFN>Y6(HoLGzHP18GdDlHKqwY0yDv46b!EV=ND z=^0)-qP$tJ?IMnKyn+@(NKf;v+V|7`?u+gF;V0N%4uN&dWTh)01&Z3Eo)X< zf}}IEY4O2};)zpZJSBhW4%!j;p*t1YV6QK9iVC)T+BC`{88p?v&&gk^emZ<)p{$J4 zth4{x_$=TxcuQz?7a%L#?d*Ed6gO;voG?k#qAw9-dsT8TMi5auIB4Hwf{7&aQ}@MH z*}Lx_?1ua3j;mUa{@#`S-K$M+yF5fC8%@+_{FpHYWKoag_;` zvq1QI$2#rygY&F%T8u;#WwCBvELIEawZft8#s_+m^ukfA)|dJiUy%!k){K?*a}EBD z!v&1>2C~(Qi4Br6ALGf^{%U*f#Fua17Ei9A8woswol!cq+92*;=`S&t2EC!A zD~t(v2`}I&UZaL^Ndind{x6AgZQX~HpZ%mXaMLfMGWrJWb}zJZE^*O#_cMAUbMk6G zJ<#&;vNwy>4zd%UNyD$yuiV-9Re2>utR2#V`{ODs8|EC2_gmS$*DVc)lk*QmC5?G! zEZ?w5pyMvHja#MqC%R>kchAJA=@ZOlaPjT!w&M58R$g9jC6l~Pj>h8xFO{htfvJHR zfgS;!5q2v{Qd^&y%s}EI?R9Nbls;sa47USVsylc*pN^N33sJz=nJjhb?17s4>SIN$ zH~C{>!y5I^)3=&VmCj!=jvcC|-LupC9m?zV<$LxJ|0;@==te4)b#K@h@}5EbK_5da zaEP_KgW)|N85z0bXlIwg{a`|wv+0NyT>)$w7c$H(7ThGhN7JCykI;#GeG4;89?lDw zmtYOZ|5aLyCOa3CSu!=R&T6@gD=M`)K_W0LL~BaVrsTx}*#Kj>?|&C<&F`n0C&o7ZuSAAk877$$OW?G@kqAv@t@0u%@8V zRa=2M-Jz`^rH0~YgRcZ55jWpO(WqhS)cJd%mfzbRL*fkAFD4iaCcBdtdgX7F2Bbr% zAK-j;+3u9HlEFW@Dg>aKbP|hl-|3GF&6CoJJvtX7PURJ{k^1HE zcO_!1-+bMIfYZq%f{iq>&j@eq>0;|LdZrcxib?O^<@c8$lM(cq(fR}&32$1;AT5>i z^w%~wwP~JXS;~k&cOt?SPy=#n--0l(FxKjCMQ&1SPIGTAY(JND2eFSDJbr>&MY~Yo zD$5y@%|a9AvNe5b5S{Zito&wDOze}j!@B(h@3hz%dbS560>qr02T3vS820DQ0v46* zW0urQUqo^*t6QoS+>vj8X?ptT2Z1R|3cuMfLjJ4PIx5!*E-HB$T|CNLN^6B{ZOA*) zq&%smGNJe};um5dB7#6ChKj(3lv1*7KxOS4x!Eg{wSM)8!LD!PjknvXXxr*P)0Wfz zHo&fi2@?78+pi?V0)Pa);6_KnGDs2&M!-!Dm_NXgAG3;9yF|Z(K@u#3uqHIXMZS4Z z=!+@P5`lje$_zqW>#kC08a;UNqe%H^{t5PX*Oi=b!CL_zNqL;48_ygS@aty&pY9o{GrcMcr7eo+*7U82f(H#cB5maxXF1jF`^ z<&&Lo>j;TVJ~jtV9*#Q!4bN71KRvy4e=Yy#28Qt1Rr2c(w1c(?$+d%=Pwb4$W{v85 zL&vVVs~z^Z<@=QjX07zD@tVq@%=iFK@;?->Sf?FS<*++M1j2A&JqP`vLA{HGy7~~Z zv2$bVM&2s*PwmN7MbqmsVUGf6=!h0*{(O$nGgvER?qlX8P2y%~%3k!&<8m3fT~@^Q zJ{42+;B3-IRYe9fb2e!}wo){wp0|T$?K7E;>Q?C}VG(orT;vB+(O<#eSSa3W zwRbG(mE+k5_4%>&5!=UeelS_x3hiOqU(hBV7Sq_1U7y5U*DqHM=d-=#=*ax%F#bp3 zpkG6D87d0>oxgSJ?^n5N5SE^SS@{L7n2GlFP4pD^&o8KWN~eiEkBw0z2n+U02#1`g z`PEd&LuvmF7X9ZY*HBAnv?{z??CV6K1TrvJJ^*eA&D+zBF@rG{f0{1%fNrvE8w z|9liCv8;@M8k8pZ-y{$I9~WXPV=`g$&lf~NF~|6?ZtCx+JgmFTrt1WwN{}_R{&P3s zH^J|6C8<9}y^5@v|Jt<15P+u87Gt3I98qBZ{h`h~vYTQr|DJdL{utBjTn#ORgj78_ zi$weT6Xv*d&(bCSd-YZjy;LLUi`fyr{r3mL1;c;%Uj09A-B)dRtnuN~6@P!gq}Oy| z^A^T`Zy&X^<#sjyf1d$wNMK+fbc6Ks&wfiUiTio4`d_YfT)O}15cm7DTkt?{wchgY z1-=NX^6zSxHa0xJ{JG=jNF!kVzdwwUh&!z$6nb*`b6yX6aog6*hSRyrEh=ODCQr_v z`S`Xh4=0V+MRJDK?wfpfX1FWE{xJ!UAhDDstNWq1gUsWR(Ntx0V|(8S5^E6?O%&Yh zj7Dbm4?i%3qLiopG`XH+nKP=8I^*N(DEK-!rxM)g*4L3SmC-oSUAZQKuCrOU(7k!* zd>yOR`G4QYoxg7YV+&&2Q^cMoE-9(7P@f0bWTT_nrF@W?LNrqCeXtf88QIj-ba8R< z>({T&&Q9)qa|OSNfZsl;+1)8~KU9H#5{ z2J@ChYwTsejZ3C$eQFYJwhQvR>%(`1wt=);3>O$+F8C!Oy8KJj-E8%;bo!_?qp>Hy z^SAH85h#$Im4|>NZ}fbRB1;7|dog}E@opuyZFpuyUuY^HUD+=B*AW(dW1Jb5_IgMvYJd3v0}=aJt>6X=5m7 z$6BUwc<;)XNb_;kn2;)ky}#|VJ<}}Q^8Rnh;?9NK8A7KXBnKPwkWo;(^Gwy>PBW6? z!`6@Ys&^Xqa|rOR-%O&5(a?20t^J^dqgA%WXLGac({UsVh`Gmf!fgm7D8fI~UJk6w z4(eKcR!KJ0ZSSH~l07eXYWvq0y>y>GZTY-aR?0W`zu!7D*15J<*qG(CK)l+(%HG^` z@W6#!?6N}Kv9FxXy+pdfL_24D08Q0a0p1Ndd-2oXRd9y9;{yVAEm8EZ@Ir@HIhIG=sA9WJUf zvDoF@*U`-qnYeFY%UkC+|MA6}URVB%%T4h!p^@V0f#)afs^S;>0cz}587he?Mzx%m zvZ{QdjXrq>Im-sLXS2!#;tdu6R59qX`j11Y0CUTq4a;>n}-Xi%2#+HV!Re- za%xJ;x(@7Y2dAdK68S6zJcY;xHzyx}J6RTz2f_j&zno>kgtXZlxZ^c9YH15?O=YCt zx_i}#(3{!Li)CSi#~^}n`_5BE#jOctT2}9;Z;x^qG(J({X?}03xHYP?FRz3-hCrcn z*>Nqib%$iM-ZKJikLaM?f@l3CGFeu%j|qfA-ZXb?l$-a{WHDX6u&MuvX5Nh=7ND4xg^>sADa2FAt`5|Ncc-UdraNeMedbR`87wYCD-cQ9Gj&>)2P zb8sNK-Exg(K@)lP1lX*Zox?R%t22*(ZhacwYyE{INB-q`IM#KKV!#1*HB6ANt zsZ1-0I1LqLmm5cTX001W;v4c#MVy$z~PE)5@ux4;}-chZwqGURB%yGr{yyRI} zO)27cThhy)WkX^HpFHNPS~-i!X|Pz6a4DYe4Z9MT8GTgwxby!JcGdw=u3OtTKtM@h z06_!>5Mc<5l#m!gq`O5*y1S%dXb@0Ry1P4-lI})2MY`d;N8RV$XP@`H-~M+G<1^1) z>%P{te(O8!%1DLT)Ah&kE-xhN?3TL<3e-*xC(y{_vEqeF4d7!2`BU?p8gQh`!CJ~u z`tj|~*x-2kSnQL@oKb^VVNG5GZqy<6DJl7&crX=*0NwU7277DYH*r9$PETBxZIs$x z()D;JUC<9pU3LGob;h&Jz_YohE=liV;p65$WsNbuZ`Y_FhWnLkZ*1l%w;*3_JUY`K|x)(4&@6I04cCUS2{B~DJ z|FdZcm`8^01@-m(j4$gpj!CzraQZh^rAP;ajt5c<&EgyrRf1>4GQKK(o|K(DT+TXL zBT0RBI1#%|pjcLVfQhofHI%5yeR_+9%m$SBYNnq$BxrGSc}R4Pl|t{@FLfsAE-UtL z1>1Vs&h19eN)@!5<7|BWo}ku@p_m`l5m{(8!&oyq_}y*U^@ja)};lDU!3>!ACDo*)V0wMg;8L zl0bi0uw$TTMZ7cWWL~3cwa40V=Y|sa_0A#znT67r{zhAV%hVwP0uhc?!A8H;0-?LT+D5@`m-5( zC#6{NF2<|nPWfO`k}(&lf_sEuLG_Sg#2@O~%lpUjPQR)cqYtxK+f_VYYZ@xit&of2 z(H>6HHhaZF_5)Zh&(4Qx^efX>J1a(0RfM-~7hcu6tYFK}@urfLSPU|4q>1CXFh-$s zGHSOWL^dN~zU5b;>m143ZpYH(s`w)vx_6zHCa&z}`Zwg-|4%phV zl5x#ggwIBw)}k>%u%k6gTif(r zK~TT@kZQ{ecV5)F@9c@NpL#c*gjo0|O`49@oKaKfpWidK6HgYwt|7I$ELjoQ89v_N zveGlYN7S1@uG8hN^V+$02R+x1+;x9B^~Y4**_QmaIa)$$T9tOm(1$oGe|oT~VQk%M z2(XpR2Ax&i+J;@LZ31k!zqPHb`myh>RW`vEy`Iazzr@ZzS^f&I&UohM{NzKL-Q z&P@L0ahj|{R4i=PCLCAeE126mfR0YXZ#-iv@e|(E+i)B{ zH{?+0wJe;NIYlFXyg#MC&%{kmX2EaO>#lu2)kOXL{0?V6xod3)9%qANcOk3OZafaV z2pWt1T35uj>r2{bRpaLoCpwGrmb4l5hL{9}mYc1U_3D*Z%aa*F$?aoj>lQrz;pO$N z3r@k0BeCLTK3y(zTEqK_5*?2))oU#~vF~F)KEYWT(Vf=g#M5*==nmSh&uCa{UgSK{ z4YC|*sNZE&zf+2{UiJmCx;~q9+qw6+0i5_9{)0lVvf0ebz*Kt%*6mN2qMhH1TO?nh58k1$Y>!quNE&*+WW z;$aCuDFPE~+C#T1Dl7Ei;e+a$nvB<^zx<2)D&hh_wAlIJ4=f=z%w=ToPYF*oVN~y-iZ3VkiFoQ$VwBSMWvL zkCWAiJ;y2ai9(an>)cS$3b0zk*M!0O1F*s3d{o#yOLA>#zi8qaAm?YG4P7x{cUg{@&(>lST`!tvTeT39S+w)f zd}r;x`Qn)5>cYLDETmy4Sgx;R;BIO}SN<(B*8tWU38N#0{9M&{{7Uh*f-vZJ#e8cO z!^vXKvT}}if*%547t}DkZ7Y$_cU~}6c&QG=UcdfG*!lVZ$t7ZUV#YY7y?vS%_wSNI zj|wcgrlzK$p&=tfxNf8r*z;NMf^y!Tus1-bRlR7Z3dsyDH)a7GM{#&O@{D=&L+$l) z;_20FeDvxzj6B_R+wPvt=Fg6FtLSoQ3S|&+2B@B6((QJN$%S^5>#|3essc9(}Rx*3J^7Gkg8&HA_Jq$A_>$ z5axYvixmnBeobVxe}E@(FJsw&4P=7QJ6!9H#?jsi!kS&JIzD1*v!1^sIlPRPcl~UaXzn-!nMfOLXbkX}=q@Rd@6L6P5a039@Yv zX2F^YbI~RIRZ0?5l8W*)?^fn2hF}JDchYCh^p(N&AQAeL%DmInk?QQFjj!dkY2}$7 znT3le35Mno@^G)H|M1Xh#VCT_keKcLX)IQ~^pZf~`3~v9apMm~j?7u;N3eTJ#gPme zCc%LUd>jdjKU}OK7YY3wEY6p5@6)OZ-jiy}mQy>B#efnj{_w#<-RE9hK3R0TvVgd8 zoGjQetCB}P{>Q40_I&sb^f`T-)3{{|tUI70!qm(x1M2c*{f$B^D7S0h$eY=zACw6=8tF$lIWg4}@aAC<+ zRwZoei(TGzmUBveS$a&auAhuZ7U1Ao%AVirNKgbRI-0Xc5m^c7(v*#NI@%7YjAO_^ z2Ses`cs^Hk2eDVbChkl#L#G>9flH-=cNiO>UqZR`&SB*}fjp~K_nmaS{j86uUj~*a}|3n*LxON=q#kG-_;qDA0VH> z=|UVIuG?VCpuIER7z}`Vo<5+B$#S75<lbf0QFEVb42hS5M7xc0wdT z>v7frE+Zn;44e8nS>!)v>=yGXBnNF?twhfmbc^_?3l~BxHbzXSm~<*(Cw2P0u~zXr zdIwXdlb6N^OUw;n8)3{}x9hLm19Cm#&FiJ$M`1KrrVZNen?@U=kn&HdVkR5GTUR@= zHfFsGbNxU#*b4NPT@x_)>tC$QP!qTZ{<&zm=$r8r1VMIA6%|-dq$wLl^3}WGz$~ng zG^c=)Ra6ufVBO&{_VKeppyk$r+)4M9q~_)BSK6$a@uxZ zhJ>k*F+^XqcVV+~5AHn~AsKs09R}XUz;|$5*4T{z=DK{0EJv3LX&s82H}+5FKe5g7 zbi>0lBLxQcd<17l6xmIwIX{7Q$)z36Vl^=~vVCzZ&8un>kCyl>9F$x}h$ty|)xWy# zUoOBs{xO1W(nC_vMMSn`uenrtE;Q#Rcc~U4Bw+Axeq>M|Gt4r&q}rP9$anA1f0;& z2xYl+icPTZxmF*gfE9OhK%=bNo(Mz&d_$2YTnpsm6mgrbnuKW-Gg}-j77JE3ySIJ1 z^~tXL7efcEx-_{hJ;?V7r)%7?T{sST!1La9S8TyFLysCOb^c!4R#IDr)`FI)jV{6;MfU(msCRCR<@IKBQmwj|?Aw?SG$#WM5rpB6TEI_Yx1CkT+Gmpf3wkB5lwB#yO7 zl%F1xuFogqT+Hu|ZoB;4*)XdUYp zVug^fgoGZRCg9GO7m?M}B#-uyYBY!jNX=bfW!s&lqoY$BpEz=h|H<=#4{;jLCnigFfg@o)+9?k3F9!Y}m6V#&GaN!djk zWo)xysG*|bWQO%l^FXAbd)uvpr*;xvZg1B3{H>`4*(jzK-0LH|_gtx5Bdxj3q9;H5 z?dwI_aP*{Dv4KG|!vF)c)TFX#qXhPo1nK=BYax{)cgrv;pgKMII$k`6O=w8<$8j*rYQ%xv_xue!~U+H^gTv zlU7tkQSOE#5X}cd6XrxJpsR-SoljN6$dXOr=onR&_@;ktbiEBfC+rnq^UIPm%00OX zDEN7>(Yc_Ta5`J<@^RPBVs>!@~sT8&FdO{GTQ!ChCO#yhR}S=U8Pp zOfUb!&z@r=At3>j4dwi~IDHy@dTi&aD4ZZozyuC9px6c+Ir?zd82a8(Wf~xz-Nsr7 zve6~w=y%ILbHOmppY3WwhO9#IUaEM_K(8|Yy24`eMOt}rr?!z^L1Tze;~45=kESX)ZIcx|j4lN34OT^6&(5b;)?I1?BNT1CS=9%W)}LTP z#l9&;(EYeK@A#>oOV;nXZ(IGSFuBi4u-4jf#14kaZtF!eU(1`&l^vSm3rN|>7Z_Tw zXlT;(=VQCsD+;``SS*o*jPD6%<x6Qx* z_CYEhU7o>#$-*UH-ndO`)QddzguvHI1i%9Qvu99fpTb7YwE&nCcgn3z!sh(Eh7DSZ zptwL{mG0tI-+ z)^z^grU1V(Xs$|`Aw<#kGG-X$6_DaYW&45KWr6MugkcVeFCkn?dDH1=AJr?1j(yT;FC*#0I~@g-UbkfZJpp`Z5*^OLV87^N z?uxiXqlar4;`a!Du7}~@{l;vxxBwL`tgVly5;ClDn|u(wVPFA<=N6lY4)|1K(n^6p z7!h`f(^FCwULJjkESjJL;$vmYk#|vx;8rphvTS?7z)BXh`S?=madwScG=&VClb-% zkDs$@YvWuzkiG6hvAheRplDIU^<)WbASEZ&_Qcz$93h}bTJ%33IZM4aH zZ~}t-mBllC)myRjr!*RBL+6GYMxLt7sHKnm6k~AqNM~p4t0x8{qi0{Ho{-Bj(i_(o zF3kt0D~>K@y;d{TnEr0dLWExz?fGpdIO2W=Z}GHYOc$afzsDcbj)phUb^G$deHxA9k=XG}wT&uC6!PMJf5l-e z>)mYAC_6u53_+nY3shw4wP_$c!DclE6U7N--47kQf|IJsvq$aRoDZ8p(U)~Va-H3q z$^4sM)Xy909OJ3H>cv1j87ev^nlZ!OGG39~x$G%CTWNLlqb7ql3UuU(n>SP}n4Syi z+I#*}kd1oU#_t=z02aT>8$er%_Fh+i?dSE7QgU!mIX$YtWac>1%@G=&(3hGrHwV%% zof~yj2ykCrtQ3)n2;~TtNIdaMq%kwzSXo;Z)wK~AwO5J-HA5LCE6f8`bI}~$EJ$%` zIA5Kd?I*08p9Ht`I6ndGD2FG_rQ=lI_neSln zyZUv2-mKAFVxP`;D9;Di+5rd_48RZbA>~lhrvI6Ex0xP5EH2Mayp-_(A9p1y3J47H z?Fsx!cp!74mKwlALq{h%Y+eo$mG3LhT}f2&e$2}NO)Gy@U(Hxga@Id zR+v`oM1h;s{PoZuq30Y5;ZI0;ke3bl<*wkcp@6faiiYHHsleBk{K>D>wlh@McP9Il z@PN#GDlx#+WePmKN#rEMm7v36-w$kZMvJ{=NqQ2IQ^6}O7NR1c8ea$;G#q&8`P9fH zh(GN28P+`7cDrf`ab#kC3gdS}(Xc-KM(aqHAPe(a)cRQ+_28mWxz>?URPx>3S}8`c zr^lA>9lIx%gDmOSuJ%KYR|oeT#erij?L)Z(xIJ9P4$qK&f7>5hu`L_>)1R~4m9g+x z%be5B@kTUu=NQ^R2=5Fg>+3e`r>_J?zlztSdJr2^Pe>Zzjz_fTqR&T^bXp93iLTOu zFGjPhlLb!j@ir*l5WnDkn-O`Pyos8{-%GO!?0;ZuM~Vg)ZbX@Ut;AFo;-}+?r7Z2z;$mhfH{fCKk%H`L7QgH8=%`g# zW?7jH=;V_*Cd{n{(46#79K*Uei@m6P#8&X*Vg|=X%+tYXVQoHHYaIHJyW;JvkM_uEh7+%0-feAc>-fT)HMTN77SM7Q=z z$K&=OdauKbv0W^$Vz8|ek@ZC^l#{mzTOZm`vs z*c7c|A+sHxIJ`>@2Qgk5<=yXK*;cD#u|h0hlJJtA^IOJ1*C7`-TM}Y$qJ2g*Hu49s zrMk?^qctqaRX4KP4}RQp%-R6^#K0%cll++a*-K0=g#pVhoChwRr-iPTLB=dDq4hWA z_PS-aeJfWhzihsiwcTu`>-Zw;**AW*n`5@Romg7sPrTlt&%>i%degs0yHGij-%h1k zNA7v(Dz{7oQn$FnNAv+lRhDwBtZ|H^N}>{}KNi-zL})}DCYf!(xVXL$Z{Pwka^eS-)wkBxbH`_-W@M$;qkNRAMA zG&iSXMaHV;l*@f69lRt?(+-=OuPzUowEe+dYcv}cmCs0ZdOeLL4{T`D)q5{3C79OWf}TG*eJmhejz@Rf{5a8la96V4tH52$C=$8!`X zV;>CUUy==#>3ofS6t1pBg->pw!ZG&}%|qf*+0~&U_Kz_uKhCOnBU;2D{DH8m^9;HO=x*Tgsw2O#d^6TLW3~g>D4#V7O-a zoZGbgLzJDiZH)&P{CL-{tymqN!zJELeCmG?sEDACts-@{Jbadd&K}|Kyp#`P0MzJ) z4`vJ~Z9)I^r{F)QvCKnnrw48UTT|Pu*&TsP7Mpn)G~#^kay3=#~noUA**neBtEjLx}^Q|Q_631g#hprP3^IdMX> z#M$ck?)Sgk8Je2-l<=^_&(l$_z26D?w#q+{QP^O0lwU;6Og!ti^K!tc*@+yJaT7D{ zX1-eNKMg#0QlN2FJ+U|*LRby zUAx*B737o4)tf$F8ySg53p8w`oa-#}|BnaD^RuWlKKK~*%hU6f+abXR91K4OZc$-B zB)I1gnJ`hF{Z--xjPxe$dl=jEe`*fMRCkef8{lf7!J7Gymr$hd=lv7k|K;BS0F`E> zN$J0PgEU|_@Sk&tece|24ujda@zY_(Tu3o)VeTi^?bqlrI>Uwaw&%aHv)?k_BC>|am%8Vh{pG1HT$ zvDe-c|CZ^FnKcVz(VPm-3A6J@=A^6yP z3;(cjlxwZ%N_bM%X@C1iU-vBv-upyy?IE@@P1+YSRKb`@ZGs?!0X1D`HRZH4A?cx{ z-d*EwqjbiM&(~WcY$9pANpJ6w1O(bwN)2Y!e}5X#=qI?rAV~JVKgJzG22hCh?rko5 zNZTNx48XKzucwNFVhei1eq=QRy@BIulJ6?x*4Ea=#YJ6RU0GQfC{k0@4UPscVW&x6 zRjp)DT!%0ujv;?4T$n|S^G@Kg--n|WMUyV7S2Z_lM+X-e^Ty)zTWPU>RL_4^wDK=Q zO#y1s9@i&$TFR6NfpYBj_XW#QB2u`tFppT~^w!h$R{Zt#Qk(-P;W0E$O+oZn_n2TD zU+lg|H>lq3F|?BZ_h0h67VE~}Jw~+RNRyFt0BEEnPt$-r7lMPa<#X4*5NXN*pAnVp z&3S<>)9CKhyc~rz!8M$ecY-8`I5d8FIPIf#^V4X}eva4oy9QK42|`@btw?_^ zW0w)bTSMFGHGz0g^|_|7B}-K5@&+DwO9}7VYh)?yzfFiSgvd7)JWvN=iz;Jh$MymZ z+>;dLFBAkNB}1}P4f>Pe+2NYq-QBg`ot>QkX+cd(3tS`?I-u+Yd56+5e0je;PeEDY z#i#ig^_hLs=>(B*$7+alQOErYP%x_?Xic|qP%iK`4_#5*LR69OyN^_aU=zZR#kPl^ z|M8#s4o#Q1$#BYz}q8zdiYrSA6*<`YO3z&fc{&4+ZjDT5n>vI|O zp=81o=okP>6lZ4g`FV;Ud{^=Xo<<-Z;~7k9C@PZnekks^^M!~*Nkt`_A3F+63X9K< zHKXc3d7j1@5#GzqVfgO+PNyV)LjgtW^)1w2Pix@;(Lz(g!zcVblK6cHfH0^8GK?he zMXCm~a(H~aco<;dWsg1?G;=$f1RaP^B;8IU9JwF-wKPIo z=e(D=HyX0}c2N>%I%3V!UUHFYVERF@4uRtlW6f)Io`eKvZQ0VqY$vl_rfULq0oat> zy_;jjeCvB)7aAgv`!oZO%xg=Vs7n9n_(J|O&Vj}Y(%R8r>4+jLLUfKVrOMd?i9PCU zUHJATr8z^FOBW|Y+H2)6g=4npu!=5lfA8EML75Ur*nr_)X}CNnSU(7-0f3*>c93Hr zI^fhpWI&2Q($>s5S#z46faqT{m>M8{{Pqrf0P>Lw*e&G^z9B-s6e64MS+5Ue0fb`K zXs{xb_TBAFVADFpeBk_(53<`)4`~vU+CMn(U!oC!Dve;o$2|nQ!CUbq!h)KHs|;6zJd3t>b$s~MD}dv?r~-L z(%QYB=AvEl+E1-tRS&JP_QYH)XCLJ0zD+Bwp%8@f&?^X*nc-w92UbcPV4IOuf1qyG zi^VmMyz#@AvOSAfOv{5v+U+Mr?I-rC@s4-@R=3D7o( z#dBlmtCugF1C)O0xj$HUdSVuMUUGy}k*$sgFKrYeN+8Utd=0WqM`{%n|%<^?lU_7`jznUSUu00+$ zY6}pCvwuO@FNO*K0Y5a1Ay&7xObiUxfS(d{nE|)`SFdEg#ITx9iLj`us-7$f;BX6W zCyO{a)z}SQT!5S;0}+P;hzeQ>I&Kn{1#L2!SLc0yXy~END9+M#=A)ZNRR~=jG&mwQ6*YY1k9)G=yL3dO z{B1bXgdPPs za=GY6oHG=R6@f>B6|3)f4cgFoh^|M>S>Mhip(G2RaHk419rB0pNhzj2$YE1N!B6kd zF&aT#L}f)-lM3ac|6m+qkbAZDtv)6&H~HfG!0x59;Y-7N7s*|HOi!v%pOj`LAM#gm zTHE=~sp1M`46nZN>EM%E^V4^qoB7g5IS2?TY%}2rD`6oi0x1%p&Vm^OoNnw<81LYP zPCn{{w?x_UqtNe#qj^)iDC{ zFQ7Uw_&&!x0Sx*-wh_&zE#XOknQkzcp7n}n=k{>1l%TTmy}HzbH4twc)ur%qaC{25 z4?`}|+bf2o*o!K(5>MJ0WbU=h2VYybWein7xlmtsLsv;?ssO{vbYy)06`Q`(D-Ken zI;!Tts)UosB8n=O^%84EJrnm%u8~d44QU_u{SV>kcDht%i<2I#CGDcwmw~Co%a*e+e@vHw;KLo8K4;{pWQ>0q>4-_ zKbn$y*Zr|e_N2+tOfJ`Nir%K!qx(KhiuVnP`PPf6_IIT1eo?rCH2x6jhF%&%)B{n| zN&2qPXuKr+R?_EO^kg%Yu5dq42;;j>gi2Ol`qEYzBVIxKGX(V{=yZ%~8qudOft&XB~5=g!oU-~3?`Rpez>qJrUV?De3B6;J;ft@AB#h=M*rHPzL} zOM{ZU-FTwj$*Q$5@$=-K}c4q!b{N`Mnj+O1GoDnQF)1U8`CiSF37hlVe23x%T48ah*nWkw$Bg8HAWJfH^MUELG(hxET` zX((;>q}|sd+@pC48~&0Zz&$U)8^AP=YcejgS#+kV=md1(onYshn{?N9n1 zz8c~@!509 zkLmRCYZ~>7Gh8=Nkpj*kv06yjhYzg^*KP1114x`mO4_Q}W1ROC-HE)3fL3x$A-u{U zbCI9VbXo%#c8E-DBGjq+6de$YZ_e%CPwKsik1HCvo`Mg3SpoG+dUCHGB^ilqIPf=f zkm8<``9=j*@WNZ+GWfEb#Fb@FNu!Q>ql{F#LO6}NDxE7vy{^S%h+u(FZ(!v_-_Z6` z8%>XJZXUX_Sz}D=iqPZTX4bGJv_*d#p`K_Rn-)W+rW(VYQ)ohzZzxJ>*hfN8#*544 zA;`(As!*)_;MHAY1=xfneNZw)i~aeO{wj39ll8kxge!Eb!#0Ij>^lDbz6QoE&)@*t z8gl{4L}m}!6UXhlFn)5Urk^zFnjvrDB3@x%F<8e5$PEfh8lB)oH4jo#mQ6ZyWuM{` z9mr>W{RxEm8`s*N^5yygo~^hS#Ilj+$>dL)4%Y!0Xg|e&Jr2-1ynVW=S=0d;GnM?C9AhadB@c=`wvzZ? zx8t^e`fUqneSW@#x5p}=yQCWe+r~oDEruc_Z|tB2hc|Q8+{VVnf{f5bxf)7#u1%)4%dNq10iI1@_rXyjRV93~c4!6~ex z54ZgoC-U?@4-OAy?`Ycu;?X|ydo7zJ`zYrkrDhM=tC7;mIOZZ~vmq1UQDK~2zuqzY z@UY)M3ex0nTpqlrgw7*ACAu%_Yt2vF^a(i1Qp^ZC)(2Jk9zMNJ;^gk^aMwAek_eSF zmjdJTeQK4DPqR|LI6FuQJ5&?rXtybNl|9j&4tT>2NDN6hzHjYgi&6Yu%jjdirnGN+ z1Iike9)eS+;Ti9KM|8vyLNk2G$ZhdpRCA@`=MCTzq?N4S9}qJd$pu?9&g8ZIS%6x# zCWR$M92P|RljEq1RpO!SSXm&tVb~g&oRS*QFkOgiRM)|LKuWsGC1u}&*PTO@? z$01j9pLt9OF1*5y0n%f&?aoDhlBQAdO|Bo`!K?vYRyiE^AEAN9HDb)7AjIS{qx~pk zO(nEXDYCBfyY!Mn6^H9*Bf$Q&(;aJ`&lAy;2pYo+0iCSgYDFSiQtr8K=LhD7^YDPx z0A(8+78kSB+w*9POG`UKBE|0y&$b(`hGZp?ClJs%O8KxIxgO-RzJk3SFV@}vvJL)s z2F2E`3vndXJbGfv_qdA=|2g;n7;&(=K^v}FdE|XJ;^D#mzLZyV_CxNyZ_n;$kc-_< zV*YX8A{S^$et5groYGk#PA>;8?p#w^8NeWFK~S)J3-3ISHh{N3Yfp<>DR_3y!FTw$ z8Lo^M^|}tsqMHTNTlDXkZu{9&?z3&*-2$B;g%k8wy4ORTp6%Xu%+2$Ado@2W!ePtq zB1vrV0;S~1qB95q^P2EpbVn+4l}@0zpxCGz+VTfOM-;p;p-CE@OrVR|nzMfzk@0(p z{XD<#&r*ZFB0_uB6_uM86Yp2_Yei7CGCsS=(CdVye1`7Lgf^Y_v1RVL z=+R4K4*kX(Tg{IAR-KU$%7}N!Bgc7Ygi^Csya>wA{@J;<5PHp=0pBDKot0Q3ktYw_ z;dhy@c9{trw(E|Dj1t2mBIrbrEA{q?U;~xwQO#_>5GN-m`z~0^=G|;F_MTL^6|=6f z3&`G%NiP*pBm)GityY3>pA3zSweRqrf5)L;baD*>rG%dJi?R+59Bl`kVT`I|%|V3= z0--}4zjM@<x7@(>vkDrzL z)~y1}rsP@7`_yX|Cw>`;t|~}M1BgudVkTSi-?NaKrWMLBaRx;~ppAxb5!-^#RgW4o z(Pu=v3`>iL+*8Y2n!)WeVr}wMo`^ynb`;_0cduNVdAfVKxJEE&gDA&!1*&XA)j71@ ztws#ZWdI&l(0 zuu^$1)+FV&>>AGE9rOG%)K9z3TvIgAilM7V2}jzlm*dqBSuYIJ*tZ@_)(FmH4Y;kn zWQR@wV>LMRZ33WAVIBm1L4|978^b~XNOB%`G84M|?n|!FKL^gKL>J$Ko)_EZ{or8E z`%?XKlo>g2N?g^C4XL{eH`b8taj?a;g7EkwU_}s5P?Z4T$xNX3+gtiLn7Q!^^ z6hYs0#3WesqM(G=n!2+@#*NO+x|#5)pN&;OkG1s8)}Kj{NbA3wC+S*bR9FlRstgnX z!i&~)Jw=x4M#+{lVJ@pbS?j9~VxF+*KRbLvChdEx1T*Avaw_;|uHW2~r(8JwZ-9jXb3yo!bqv!I#GL3eZW}{}wa!Su18+>xA^so1trPKxk@0|L z#SK~3&n}}5sxfl#8z0cpI~7`D?hqE3m$pHl2Z9H=~jU2kp@plaYst?hfNSS&;lq+D;DPJ|reuLu5gI zo!i2%`%2&SLs>EC>FMR(RpxTPA08TNHA^+yqEBUX%fs>i$YJ%cz+!rAEc3SvDNW0$ zm^QQD7UUV$pg|Mn$!&U{@H&7_sKG;_5?T1;EoeH0`Y(wcWMaWUF8*A@!C05l&ThEK zdv!&2+i;cd6PZ}=u%mDGaRwy`U|CG!RML8JEt^rxThR|yJ>F|R45d2@qVaQ}zW(Hc zAx=isSlH8QEcrP`+@^u~w?TofFGHTDIn(;BFwFOK;29CB0uYvzkrY{TwRH(D6^!4J zy(#DEPqZBi_*a0kppbrz0)x`h>ZeG?Y0&P7-MzRRq5_w=b#Ae!zFsb6Prm)x%Sks7 z(8p#ciKh^#fR3(evxQKd4?^$AI4r&B0fW(9GlA0vG5bIT_{T(GENsp7ID9gHMd)G4 zWoyngCPH@*pPU&v*gL zBS`uAmqI~gIL@V1YhQF5OA!732c*;K?6h`y|tHUGs1-arJfY-p|$}$5(QM*VDK962!P_a#M5JG-`X=}ixA8Z!KXf%yVGv(rxt(>> z1j}iOQ8E|4#(H#k3y*=3iHT?nGMto7F`%Z$@b&g!T^0=EBS15!JyBj%&DB7PU-AaqU?hUUckKP8tZn>LnXffN>q$nkRh06FN`a+hj@ z_i}-E$jR9esHd7vTV=?*UiMf45Xi$aMD9Ah-=__DbUfN{8F`7WhpYfQnOTqACTnRG zLcais0qpE4u%1}fgda9=mkJrcLtBF=#{V93NrH%~m>um`YDj=G7k!3g%_#toLAx!c zr9W4ICg^Il_WeH}XHI~Ky~hS@#-W>=0_T9f08+Gm;1u4o_Xg@6r1%j4Y6hX?tkwZ~ ztlYtQve|j9xB%!a1ADI@EnGQ zE2NlvaQ39BFELBsI!B-nts4v_MJlP3;)rravUI0FnTQXy?vj7ids|LjlHoqm-)+C&qnp)l-3Og96c5m3&Ekj zzD77${(_W;l$Sts0lYnYJvgvfB3wM;;_gF=SF2VMBHXd74ULSDz8re2QII+TwLS9O ziQ3X?YPp^FnUTXLmVYJv1Gm@WPFz<>`X-f6M8bi4f_PNM8Y#oGvy}qoa4#y^GR9t! zb{|w;T{H1JyPk&t>(!@!k3-7iHyEaPvm_^9sW25T~OKBpM8F%V>H$|#5?uNb>BavF@a}Rj(5~UOx==B1Jvq*#GFl%a_ z`}Xu1-EM)L*|a3WTpIArrnkb17y>IuKSclJQslxXpi)4w;Y#oqDz{5dPCIr~#a~`;$uE9sx5Vkyqy{ytF4o z#f1ILF@WV%dvQ3qUZw}{GZTX#L|`s5%*G;r-Jod=KVMqc|@N9~;e8 zE=h1)r#tNy(EO0Kl`avVecNLL2*56f z6ag3?bWvaq+9oS72d&q@eIG>agE)#0qF-j`=P$=NI5-sV??-F8Rso|t0uvMS=Qpub zpw?T7hYur^ir#)9zx;`of0Cnlu^y?YVNo*;Vv~KU2v51}Y$oOKPoL;u25v{wb|4l9 zEh4~8ai-zwtidWYBj{~Ek5#Dcc1j43p|P2 z-XUqlo2nKnb%!|bLbIYUcZNi-!y7Q=X%bh_GAi+WT=!yU0ce7M_>K-d)D_G(MD&|g z5SGI(g5?jKL7S=`{^lJe5WhN|ZB+o6e5T=XWLz9W$|EJfvrjimm1TgTgSe$H zIO|nC7HD<+xv(%)Gb$=7+tC#^55m*+GEHE687d4c zpT2Y=loVM?h3p>N4{xlKfq3_}>TM%C997&Jz39oF9<;aq&EUKEWFC zGXY-q;SFN3KU@4~|BQRj^lE`B2V(mDv`5w|iLVl!epC$&4FQfrmK1J3E3j>3?cT)U z`pmCoc(^$ZmIC0e10HR|=C*({xS;`B)gR-OIe|gd45a*-P~AYy|L#K4C?`?yDgo;E z|7BGw{|$rszdw}l*}&W!7fIv#zd!c?avj$E=RG%8{(g(VR`sa*udNi_qZ#j)IKu@N z-S{yq}bj*Fr)W#mWR`+v1BhW@LzA>}u@2au{# ziz27URbziasXo5@yW6Z8MO(8Od5Cu?d-P2Of8 z6>x7MWskVI)#Z1MKz#>L(!kc8E#&5=s2EL8dgtF>?ydh}=-dVN{V-zK+k^Gt{Fi_w zsCV@SnEA7_XA!GwYtoU=8C6O}0b=djv0K$_g-%CK2(ob+mPf78-1cBxM`ZZj9gZhas%LK5uAnj>P zotm1O87g_0ht5fzeF%D1?1?Gi-S{&i*Z&QLhW{K;vwG+h1YKO}di_`3em0?jjt6H7 zUX=g+FF17NS^{r;M3oa-Al&P$&$VvzY4#sA2^fP2y3U;ghu>XX(iSb+VO6F|}J z1IJZLRtTtgm23A|?uqZ(re|c7rwsT%-hxMZYr(I=%k*YsYP;R1wJ|e4U*Z4rH%(1V zD5`kz@$n$>{8wEdsS1!Wz~F0En8x2${y%=9pEO&)&q~v6NknB<_Q~~>PtC=%U z+vM8+k6-yadW(*ZE=ef_S!}?W+T7gi>FEKH7cftV$8#P4qnbS+g^`kyo~X;|*h7G( zt+70cWV=WJGofRh@x91wM~UHoYz%*1zcq3;AxH6dB%{`xi@cZvtKq@Xk)54gPAGhQ ze4J;H^8H_za~1GI>9JFDa~b4&v;Mife}C!w;8RC3O>is%3GeksND-)(v_-eHw3KU4 zUP*8YMq?ue?2mX3tMu$tf7UcZl)Jfpt55&F>HU3_k-s1R`S{SkE*vG6OP#a{_HTiW zEBnoqficZd+sL0;Me^^n>WhLPR2cqJ;h($NHCqu$&B?K`k5N&kt-t2uS90Vm{PLS^ z_|Gl&Jsuqc!~LHyX6D{UE+8KTI@JP$k;A8!ATkDvR4qQFS_*aJMYkbskuQwAIy zzd~iW0A7|^VW3iDnW{?N{S$1?YcRXIsf<-*fpplKha8XfFK@38$avO+vDOe!Ib-5I+NXi0!h}WH2 z6)ceJCLNZMky%ri`mU&=5<`%6gsBL6Zp&SJb0fK4qfHU)cXM+T;Dr3=yUR5mFZLe9 z_4bC}52LmOd0V-g_`ZN&_TyUW#Dq$nh+_b#vJDT9DzB)>@px%jH6`-Z7C0Sj~qv+?4ztgN+9`aXI} z15S4Ud%&VQW)buhezk^dAfjv@8Re+siQ?i#PfYx|;UIZ6c{>*K+6|;#y*lhfZf$gZ z*l=uIj5!au3>3e_Si_Q&lRajKCnqxyTJZN6A-|^WztE-s93=`EOpJ!|)-Cq%sHk)e z9878&#>kj!sTl?G+}dy6fOuKR05m0`-!s@-?gr}z++P33 zr-^~kiWia)B?9xWUk)~We>4_C8&Ur3%^;Z3|L3551ox|g{Vd?Uu)H~#MTx~Ifu zLm^m7cVX*|^WJV(jye-ti?;4+!+r(N0-6nRerR}j=l1#rsbh6{M#jooMg)5gi0ygO z(j7AxB*n$kD$J%TrQt3cGCx^0?Z2bCY6}TH6!u%{N=y;~gbx6EIG7xe!BMwU3lfo( zEXdCX{a*z@SWxr`ZflEO7k^rE`qACp$LH1+Yk$S{YucDLRC^td3=IsVQR{0;PrLpf zVc#7{b^G_PQX!RNWu&q@AcCCu9@Zd+)unS28j}h>($FhwytJ-S>Ar z-{<-H^S^g$w$C4>-fvAqoGr7@fiXTzKdU!0GBOXD@!|GMJ-aMWnEC%a2aE)mh_#}lRXe9z ze$fE0?lwUwK+V1-DO*XQQ|d5MeEI$jl6)?jXSkyyITx!(*Y1P3J7}-w9K|X~D9XxS znI78|n|D0lqExI~JViE&H6%;W!?Ju%GSj~D*x^XP( z%^Qn}^F#w0g@IdJ4y)vcHJ5S4rPxpOj}LeA-W9_MKR<7nG~XlRSng_Ktvbp&V``8p z^G1{L(~ZVh?%~;4TkC*p?MH0dRSi2zU%W1$p>?I%7z+`L172SsmMnet5N7x|B)hwO zP5+)@cCrfo`DUOw?iX612{cjDP$s<-Y)L7Na*tNSN{TqZY7vYc2A7!jlc*9(K@^`8 zWIirmwoO+VNDm(#9;UB>BfSk@v$+Z62`qXds6#?Rz~U(>qOEKcxG&FPvl-(P!!+WZ z(Al~ACv^?h^Z4_@V%P;3iBMR}->;~wv~RbRe}*Y#tcD(*)TBmmc?fp$$=vOv(OJV; zWKN+f9t#3C6T_-Do9Mi>w5;j~t=9=PgxG)im_9WlUmBo>WTNDD(a`Rb-nX=ZyG2{k{V2lzmaVjc;3Pn+J220MH2?=%o4r16YkZqsd2 zl!1#&RW*?_sL3riM;xFc4S5S6;X9(bboaQq_xJYpj>LQhs~b^lb&}B7P1)=1m(`!x z_sesKYwB3yYv%sVSgFCIv!*W~vE#n^(*qk^y0#LK!C0boQxBX;^!l0CUFM&+hcvvT z5ZWElkw844jfcKLBuU6&u%dFnJ?&E7V(;QtT5;g0#jw^hu$MCvt*b_%oj>z~1@Qfr zj2TylrNfzduvXQ}+RhE_zhw>6$9Ii8e)6O#U@~&@IX~5L?8#UHH*Ecfrx?G;RBWz=Y*kn=Jw8<_>MNB~$(b|n&{4E=%n`Z4t zv>mm+_p@Ky9cQ;p%Y-jzz%OvUQd{(cum zR3b`ka&rAQEo^PSVT=_deF1PfPTsq0V1f|bh;8`U`U-YoWMpKfRVnoT7j@4zC*Cm& z%7Gh34Yiy|H8DNCWaMGY2LNQUHaBR=oI}$uNcqnQ`UAOpMlduv*{ddUcX4ScFE5g2 zNd3Xzjo~y1;$3W|t4c+ms_}J#=vN?m z;}x#&+_KKW0_>Hw8A(^Mxaqz=kB_1pDcO>s$p?d`0+xP{zn$ zIB4erbT3$`s2AzfLT1;{ATYbvkXHOGF9|dlhA-IP-y(4#l+T%1?2i~(C!VMX&qZ~HuqO&_)q{MO-dztiBh2M2%5bA0fo*MbE~`fHK7SyAVomCxtd)U<>p5q% zYihRK%E{5%s>fhh^E)dIC<3ecKuo*ZWY3@@S*O#nByc#m)%5g-dhi8>0IC+*IxO>m zLYT!dIN~;VC-=cZ-AW?D^n)ly=G1PHyvj+Xqxb=t1C0bK)~VkGNT?G|7d!NNsmpni z)0SnD6ktdid^_p+<}Xh?E4;#&$*B93-N;EEwx?jstL0AFQwo52Pdj&5|IjK7EOj`2 z$YUsO_e!&eiP&8rC%V*J94@@zUcq1AhNWe+@*tUmM#gG%ix?%KPwu|t(Wo@(BQ#=a zg@E2QCT1j56LWAVLt6gJ^&fujAGdzc+Z6f~AVoc#%|ARkngSW)ZrXc9%gw9KcEDao z^_Ext^#Iwp!;3iHkyG@)$poim;DyntYGn>-&) zi^VqiV*C3!Wly|wu8lGl_Q-M<^=ATE8VHHEq;I?FNMz<0qVjKvCiccL8$W51OcIDz ziJuAAsqBbIEx%SJ#T0>F&Ed>{+kZ5pRH;p{>YRQ|b`GFKdM;2tFYV>!zfwuHm&RBfs(Sk;R^4!eal{Hm< zWBhpD0+5BU4~SQgQ21eYom^DdnB;D>gp?&~dxaJzIia+jCB@8A;EIt3;=NlXMeot5 z{m}F$)aIO{`~F!N_#5Nf z#3Z_JQLA>#JzW$h27QMiO&-vZ!LHZqJtfR%V16*5SEhh zhE4$x4bZirG79J%fumR-q&Fjmr<0)Fe3BA_)>m|$_5enZ4##FrD7hK@`^`eN+S)J4L zNf|pTT)@r-4llG$&R)Ksxvj-86q?8(^eroM@K(3o81y*#N9FUDOXTDK(G**W0bF(l zQWE8&;of(K@!?a0Pp|vj5p80wwF3RAkxZ1+wL~Z4&gvou zzZSN$TeuyWLin+mq$S4|4?-M%02NyE$LVf#GE3CEl)yk$T)YE3v{W*`pk{D~V13eFIU}xGvF3cFjVc#8Z6^@|;q# z6G@TjlP+14>b|2Fd{=c^;zddJqg?W{x7_asH*h*=fE!dUiQO7rM7MGy!+S7pdItXS~84ZQ|0x2tt1VNWzD7j1+gm;ZWh=tbH3Y`m#g&>ZO9f z8iVbV9yPK1%gh#9CKIiJvUIOedjP>mK_uao0JQ=9+<*FLtOZ(~X!=oSiM7JuLR2Lx zo{x@>JUu){tmNPa`pIBiWK+#AEbIfdku`G|>XyvBgTl1bnm&0_i1jB$;5WX1KQ|=X zUhu@=a;Qg&#-r<3j+U6E2b4K%ZdAD`d%nfQ3Qzr-t$Cq{hp#DhX$z!bUW5lcoj&Qv zeDg@Hy-L8V-_kwLwO#tIXvQ!&S4ucorSV2~(glg5?x^bHkRBHY2AMI{Yc1(u_;UB_ zFfv8<*}hCO;qp>}>x+k{s+SmBd10wvmQdsfmxr`;N4Zi85ucr#|JVr7x6vhpzAf>n z=-|*$>P!|rCFRGQOYi(d&ziHoSIWUoZcx6B$;Dez`y(e9MUy*b_3wO3X zFD0>IuUnopf%z4Qr%xjn^$ybCnSH{E*tjPV7Dy1Ts z9PxVIkSg^(k(!@@9^2E~F9;B~zt0Mfx|cpgqvPgdvvF?{Gi>)U>-v1mF&9Yi+$8_3 zB?))HUtQE7y{g01fLn&jshOGL{?_I&6!~2=Jgh`8yz{f|x+{<#{GmsbzpN34s%8S8 zy@`63Q9tUNLms0o#k1(e5Y$%A+@qBe(RTG-lF^f5DSKD2OTOHy=Iq{z93+la^Ls1e zb9_h~$#x2V^K6PA)Q!g$yIUbkn@QO|;!hJ7kELQ!r0 z$Q~x0$sYcr``(51GI#OGAbtPb-ey!*KN2Z?T1Mx^h6Mh-@53>7)E2I>Heoey>RNmoSjp-(InC9@Qux zMZXa;1~5yEvg>VuDW)3HAvMt$mM>K&0=2{AMHm8{Pq9tKGZynAwM(T5hWf)OFZM6# z4&B*;qYiVTx|vzCElDPd<`{OB`Ef&B|4Zk! zvD`2PFgFK=>s;Exf-wOZKPr+n9t{>K-J%rodb6ZN-1y9b{o5Vo3y4F!Tz_VU%r&es zkLL|+*@k{uB|-UW)Io8ByvmQ~eTT}`)u^7x`8^)<6;iasJ;%YyE-3gUCSEGwGT(CT z2OKr@4WAeHIv!2mau!QX?ztKxlkV7MfA~o7!zbIKoMeC0^^Xt`%xb|QV5F$?>cngx zK?W*1PE0V7V*4@GQ`qU$nE*d8_=gnRr1klM^G0Un2GhbXG!a`O4#ju@lsmU@!>5Ju z^a+5XJs?ub!y>?Cghm%oj{l<fw$PFuY zFfyX-;$UZ2ae9bq@ubOX6~(J}$w#pGH1^gmA9!7!C;K+n_sh-k{uZ`Tkq_U=ajnyc zlBQ%C5qp?nRLxpz_h1iRfmn(0WlCuc3MX8%LZ4oG8vUirUhZsO13^oRFs9S@x-A8P z-`S)0@+Npk!rLcP$zoFOls~`tFw=xET4s;7uX!XO^mqw*s2Qk;s}u9;?vgYR?-0{M zU(o^G*q&4S-C8Z?RY|At#P(VQfFz#X_q1vDRSJYy9b-? ziBGtwD4ScshGeiZ&g6|f6-4V9I<#IHKr(-5f2*_lf7t+wEnt;0R$9i4Kca4LBVR}rX_ zq}1p%Zi&RS(3KmbQFa~>*A3#eN=3*jO&N+WM8&%0(%Fv^#5xh$eMB6{O-9ywr@uI_O2n<8E&7T?XI1Koi@cg*C92Z6akSBU*+$u9RcStc$5cFtWHU^S9jeL? zuZp(>i@sjqTd`Jx)yGROe+Tc$+9n2B6RN|7PDXP%Q@a(3V`xtpm@_MU&@l4dVf#4p zhaWVmG(QIpK6wF@bzVGwW`6;hmo7mwqO^^J&6gC6_XqqU-$gk?FiqQ}z({Lle*bZ2u491Fp%BsJjHspx{fUF)=08&YnP;4jY zOsjhMf?|N<<5awJ!Bh!16XHiSwZ9BGUOrE@GI=NRVvm^W#E|x-wgY0miMCck4tF`J zG40>9pv7${7ivZryV^w^deH#1DDkUrTq12XY_3i7CfwP(9w>A{Lqq!K`O~(c;2E7= zPhD&IcSwChSHeIduGs#5Q+y9&YGcujOMXnZ&=^GnJ2da4d7pC1XNsI08UTtF?A{Kw zcbW^;{GxIGJh-e`NMWG9Mtx?Yd;%S#VN0tX&&^doG_)^v!K5%Keuf$N&v}zN*!W#L zv+>j1fvt3rljv{I<^lB93Xv}`)Y{P{P0!np2OK^bu(J&I4kNYi0w|O6y0(;N&ScCD z3dznZq$-znmbsL4LX$-s-wQt#%fev`liYIuR;VV{=Di^VFlDpYi%C_C)9dsbecTRq zBa`fjQZ}O{1&=@_VR1}=uXAu4d3K&$Y&^aosve`FCT%x$3{n+AP1hfSLP`8Uz#T{& zsPW7T1LKnX;l&*H4{Pr2ENt7X*$%~)Vw#BmngN~9^SB-TFFj8yv=F;TI!?DNV%f1S zaBG>`)9-43)!k7@C|JjzfSZ)+=fW@{FqWN~xn>NrKhpFf;Tt=I3Sqn$~|Rp`Zyx zeF5Zx3Z1J+))9tC^hWOcL$4yv><@c)Wf<;xChJxTnO?goRy3|rCLK?W8_elSl)&YR z8B7`MNET7TFlEv(qkB$2_}cA=Pmc{tDCX(YQvuiUJcpDJbc{HkXa1ST&Hp~wJ~L(0 zJ|9S7wJq4-V7fea9wm2SIe+d+7<7w94R5*JHLb#YF0|blIH;=soq*`JG2vBagaCyA zhtf!?eE!9EH7$yir5@{edqlO;ACc8g!^$PsS_;*TxL&(2)h43byllfl|rl+!h&YwGm z`r_@%|Mh9!X`w9knE#}C&jMlb75-abn&h*g%=-Snf3QT&56|TP`&(fA_dkCtdL=J#(2OGcim1Y|VJPy#4GVAKJ>LFk)Ad4&7X?%gW=;>rWKY>BbgD zJrZ(Gc1MPrMw}N-EmXSoHjXhs6GIc<3@g52x@J?w^59-M-L*%Q+({3aXOmWo*k9ep z8M(@M59W)LUq6CE0JxmzZ1Hb2IKmVk)rx;)J@WbUZ-5Siykq`&d|7!p;PFm=)Nds5 z*c(E^%YYR^)=_vvTwPaJ*Xa#dz2}T$qS^rmzWv?ZkI2nirT**})CBb`N>Gb{8UR7N zWd)=tq?+A@PJS5?Am0SP#1cO_TsS`M>T7ED{5a;JIQm$1q3t>G=>qfV!gTez&)xZJ zt-6uJuF6(zFHHS4lt);SlLUTFjkFTEk(+3b4ykT%znYioeffG(O1Z9yUFPfkEk@yd zGPgzBTmt?OB^-#ivQ$u*8S4KS3Lv{STYwKVY$!WAa!86U!z@DQps;#IDOJ%5kk=K$ zfSy+@_R6(9iSpe4!K_pBNZc!JV38tbp{$Vf`OSQdoiv_hz_eBjfV@hyN8%l*1O2o& zM%DFH|MAp?7gwtb!2JuCOEZvg5ML!g{+5Uq<|+tm&?2C9 zIi}A1R<}{=u^wWdZudZ@>rS}Vq!m8zEKRM__nem(mH5>*cm+_VLq&=a0CVNb5lLrOq>yswd~AiFgB$ z@^lUWimZ~V_-fDZo|LQiE?>==>%IN3>#Ub6yq&JwK5t(YkPp5=5KyC^c|r zOxt!yLQ7kFbZs-IB$SP?k?vZ29MtGfrk3Bg?%4(Y)eJ$|^g;z9_0Rom+Ny;B2`CiD z^w;Gospt+kRw2l}i$6Z%ed?RFwf z(MxVv3AOC}eW~0jisv0NER{CbBq%Ok+D<*QBBzDeNPp(;E6e{V{jIDtVI31lP&+Ez)3J##Y_*y{E_gri#DA zO_`<)2}5u%Yan{2d^V;7PNpOT&Mm0rjG3PdGMy)cT}rXJz5|SB^Ps4}oL5@A!%i2ZHUW9?&ou$wtn{78~|vn652?b9^G($Cm%`u(CR-KtUk63XgU zCB6uPxx5|ub=A*oTWJ#`-71mY`P{E0DBQ>O%r7hPv6623h5hcGZQzgmIVWax&bbXK z1w&8pN3gHefw-BA-Q)7y1Ax_c7_FehBp8ez09lI7i*G&KgG@)y`+#~Bdzt&wY+wZ!&6oho_gZ-%VMBV4z{1(`D0osKGc7 zdRqW|Sd9HpK@m}Xs$k3DzFj=hC+EsrZmqAIN4_+Ye0T4;bfI7`!OMcc-x3=(Rvf$8 zPI{Pcxr_N@8rBB#;$KJ2Y$#tz2pFY*BTe3_{my`E73Zl!r> zgo7Q*E5&yPD~Xf4Vr z`iinj+PUn>MY{D8wBiIu9pC(g*eEH#0w_->QfwphdK#8f)-RoMb2Fg4|7xsjJ+3+H zj{9saNSEeX-%3x-*-rzIOi^-7%pS06dfw=w#O>n%8y?L+25#NxGNJ{*O`G{F?JYR(--xa8#Mq0&=h14|_ zysIR4i(uq9p|$Jc>aORls7?Ol?w5nK6qRdI2C}ItALwqTmN{3K3uKx!9#qx`xKtV{ zCw*ri_e{`!(xlGvwqQ7%_2ylfWidyq%MUh$pC({Q*ax_e7WeNzD$bheuD*E4dR(|4 zQ}MZMm275TNiX_Nq@qf1LZ*!^{`1ZLz#A3Cilj!? z?G<0^YNyn>YV0e#d-xFSTk{xrc{LmDiU{WVZrC2s?mBE2tMIw;-%(> zrt$}mI<%ud2vcAGtycUlV`rK(xxJX*bVTv{uW^G{*f%&G1v2-KQu#=7LudmS0`!Bm z5%i?Zi`7IK)(w0GruP|Jh4VU%XJ?feU9YQB%G3o2P?6a>k-q|z z5>$I=KU~qPcaa<5D$kLMIC=@NOj8TFc;zB$zo zBG_EXPR<*&)7;;NTk@)#X|5G0QNB7EEX3F&%_+_skIz}jk#ePXyS;1|oM^1bKaj|; zuDYAs)bu#|>i8QDvtQSzk#T@Mwh>!NV=mY1C~GD?H}#ysjy?(pbzhC5+%Inny^T{u z0LaOj0A1O}rYMik0(W{tWrU)x1ysjsr)^aA6#+h(w_pvG%l)Tc1elJ;1GVi(2^}5U z#VW*UC7aBtiyzbC9>nN?B$PQG$eZui}zS0)w*uBi^PNh)_!u2D{~k@u^rjV0KQ z7*lD-Y8QHhiyS{5uVdhNAZgZ>WBO$xjy0M?RwhL0h3}F<0n_G6y`7x?Z;=6Lpzz9~=|T`OR@ zNHiPlc8bs6BIDjX5sp!pKKA|QUUA%`PkA2df5l_#U>uy9SK^gk@heZVI!Jt~zh-Bj z9sBGBwxP`9!hOfJ(0oCQlSk`8+Pl(A~xxw}^`E0ALxZA|O>&B_>_J`r1Mq!eGAZuo7ngqg7FFdkFwtHhavLIY%_R;r309~o;PK=W)E@+spYqQis?T8#@f zR4MXrdFG}nk8VHx*#c)j2QVQ4ut#k6PIChW-;*a$U381&y-TKRqiH%^Wn|%VT*8i~ zp`~r!>Sc_$Vq;~M&ZqKbwxb20t=qEhGF~ggnNCbPhmb!4LR2vyB{Fg|buR-;Cz6Uw z`e=V6TOng$v6M3HYu9TtW8)efmYxRXSGoJI=fBD)2}pD0R>Gm(-qQ`&za`}@qx<5G zHvsRL#(Y!IBkG=#re;q%H{4a-;v+iH@d9|BieCH=P}6Tf48t|R(#F250ap%S_&^pl z)9gUfLcD}Uw@yV}y&7QEFj;otkvdFzL@J})yg%dV#N?y}v~jNKTd?B}6JAuvjx;!7 z0xW#n&y;F4Gw(4^J<7TIqmA8zp>K!s-%0Y`XFd`=%Rc}VVFBchk=??yll~7a&|6Sd zZAS4L(-|zZD$K+479ywCv+B{NAE2OFEZSAyL47wvyE!=Q?#o9!%8<0+T&5~EFq=dF zusi+-owB7;FK_;uyj+SJhq{AfNNRvIW|7tA`rtJ~aeN!PonbAFN!|No&t8m9O`9GU z<_RT+|0@*b@_7veLBjU(gTA9J=j%N@WQO98$nvcHt7xJ@4vdT=kL}Pdph3cfYOsl* z@&saW*I)8pyF=cMbCv%A-|y&1*At6RZs83cqrnwqu|97=$xiV&4@nfM z$<-L!us%N16Z?DW;mV1`Xn`=BN{G2YkA1OlYS#tjB8F-oQ+gS+&tgp?yrzh|kGKm0 zjc1WHP?7@IydX`;J}a6EZ%ZSx8>N~f1%kzr8b^EU^-CY|6a-R5=ekQMG{`}{gVhGd z2t{Ik514Fo+x_no>7p&;$T*-#LOz|lm8+bs(oGxN*Ri|%o;B#jm@~ec*OiEe^4*iQ zjdAg&VvpKt{pOP%2fRII02uI{+Ras&5KAEr$WqM*Z!$R7Pm|%5|K86X7NJ8rVP5Te_X+tY^VAXM{Lo8kMjST-V=GYrmoQG}Tsz zrZ!@wTZ*0KTX#4m$OnO}WS4XuXye8Tg;zb)74x>1q5vFTMJ&%h5s7ug}P`<>`N9cwD2FVQdXlPPZ3G zH>ayjRxa|uaAq*7!r{B|gD?8@YTRenQ9{|5^0%$Y)zA~wFfYL%{+WeHVug+~#)xBZ zkJ7Nt41$CG8*Twcz#TQeM9iI9R?R|oMuG&D>jSpz1FX{z7c$!Z#Om+sk!)VdrlqTQ zJB0;De0Xdc$4%U27HROt{zPX91x3qCf;qAt1N_Z*7^mlna@{L+I855ImAdp)iti2o zPDKV1lrG*5$YYDHS6xJ?2d5}}eyXQh#oN44=g-POnCq(_IeO=j1-^4sDRv$%Ic zs`V=*dI`lfJL7g~q{{5n;ef>3N1j%K7ikvhNrmQKZ(n=GCX07pW?bFUCnM;rc|-xY zS)qdkJc2DNef?*z0NBQBC`Tc?06EH%lnTBT<2*>^r`|}Xnb4`yx}k9FbbRQ%J4rhe z$R#(>m2+JOXH&k{PmyZxk~tLA%{ig2Yx^5(?k>X+lsqiur;mpm?1wE@=)4^;7 zD3=Tic$dMzPGaH}xCq&Od4_dBt-a?az_1Ye>$X7a3o4rs=jjdLzp;=s5|B$W&x`PS z)FnTOc&5E%qA1m=g*ey2_#kXS;AJH#l?Ea-;w*d z!!OkgN~Mw95yS4hm6os1-Jsq-&0y%$LX1gny{fOF+xg_X@Z|JGzB~7@R|lOO(b{ZG zqs+|lxIr7)OG;&`%(0szq`j|v8qPnF8wD}egOHn>qS^Y#{7tI2Ulvb^)G(+flAT(5 zVi`+ZOK41xn3T;Vsrg1r;e0U3u!iMin`pAcLHeKW-(qvoHMX3n-s`q$>;rCiKTbzbbv~Dv(@&S;3fH zTCIUkkx;et{W3v@X`0AvenOxn25*-L;RyZ!VQC9?%c5Y>=pWU5N-bcB8z>#acVi&M zqYFcGT0fU_gXJK?zQPDMIGmv6#q&T!@*UXzIEDt|f$2-PEIjx$5cj*5jyX~YM7%7z zoqt}|bzT)RdOvAQ{qKRZCro7D%8$Sy2qGY7yzQqyuBT$sOfc7<>L^CHRa}EJiTuKO z2t8QkgP374rO5>7%Z!jOj3;Dz`!eemMV4)9s|tT98$Gcnc<}vLq4;{nK>2LUwEAd^G_-m2;3}!Em_kSm_T@^qN{_8?DFlW zVd3GamVU($6hP7Wid|L&k^xVE^Mq8PP6nxf*FuLt)|Gt0?DM1x+1=m2=w@CTe&5jc z3&22sD;a-8299-wFPG=g)v2Lda5hR61VT3^FHCRt>Gstd{y49Hra1PphCINt*Yb%{ z^9x@#)2*=+VU3V=Kq+YqQOo*6>1Ab=&*W|xZ6N+>;wmAaSfx>Y>$hAC^Wl=WHYae7 z0oTH?04^9#{N`uc)>)o1fCf@hihzd2q_u?wz3l`T@aDWgHT>DA`;x0GBSpT_-Usbt z61)u_99ZRyu->Ed1$X$GG}SY$i5{<1{2m7k8}?37pJUnhq(+|ZUR6qM z_b+n`Xdl|&F9>{}ru0?Jjo4dn{w>q4Li%;LA)70U$1dwvODUG+dA>Vt3pnl7!g#U0 zW$9R16LG<&$w$eyXD_Pvtv+?)gQ5p>mz+5?)p=X{ss0%{qMQYRQ8BOGC}+e3$coQ( zxc<(!U9_B?lC%~76>CVdoE|dlr|9XlY~jV{_a&V|r43i&0b7$>@5}N$Z_qTOGnapI zGB{PzKrj5@+t8^5Yo{a*{!U`SBQ>#s-Bf1lI;$v};0T*dPmKCCKLsgNzq6wSd8bgL zbRJTH-&1SDo1h~(J5q% zqVb7hm#qSQp)5!h21O>ZwXafaWfW3~{WPGozr`0)dT>+Neja_)DTM%~sT8{Gaj+O$ zt5Qt?>3oj}VWQ9^qYDD|cxS*_S9=_pV!IStLQz&$_S9SC6xFXmk%SBKa&mxg5ueAY z16m|1lYkz}+uN_MsCbwxq)WhmmSiZqu{|uVzpF$dujY1Z^SK|xGr2)#6kzkU0sg%N(d`%Y5P#itOu$-^YqSoN8 z>%F=1Z<7hM_P1@TT>Q@B|VAqmf!JpGi9$sc;)!hSovutLtDh`sJMsgGf_^{!QyfSiDJmv69sS@(PJtRT?k%s;Op%|EX7SER>mcLg`c_+9Do{ zIhr9W(Kv>0=$rLy_n__-$WTR^6!?4qO8lZyDFq>mPB&uGx9e-_<9_>yn?ePFo8*5J zuwd<%S6%!FTKaf*{$^b-KYpaEyY5oIy}b>R5(7WZ2mRp6i^ziGJm0VxK*HyX%-8Ru zx(?sN&YjD=x74_~lY<_RxZvH2*@yh{7nE^MJc0TK>-B@)`C&j}8fqssnN|vn<`>^W zgyG~?%)3;Ee>E zlrhSC#j|0PJ4u?xnM)~oI#vBlW$bALb6xcn7shu6G#B&|Jltll+)yX59pjgaRE)xi za6Rd%7ydw;Ij4WN3n!2`joTmib;=71<@{R}VLcUL8Ewr1GND4#sI-j6I@oEseA`Zd zpI_VmX#}!U`;zyMm}5hnS& zEo=pyof0g=g@I5DD7MFsC39I3UatvykG!Kun=SROZx3>ZOo|9t@sld&QJXhq7I2JL zz7W9-Kg-?z@R=J3L|iTRu+M);6|4U8U!a+zDsX|Ts&?GEq;B=(3F>-REj>G}OCKb) zjNG=q-VN~nD|^;ANy~}+O~gmOZwV1TF-uF@6pQg$eC( zO8cm^!mjNkwUW@dDh*MtPp)K9hS=l)gVRq@vFr4eY1!ND$e%k4`D9~ZMJ&pZE88c< z+pITRrDDSxnSapT71Ck>emNZ17<|f|L3h}>)PwaI(_CVwmM{37jPR;+6kwd-KewfH zc&_q<<0zHs1~#Liul^|tz1uH8dL2}lbeucbMIxJGq(`5Tq@>Rdp8tE3f1NHq{3f@2gY)VYrNq3(+}+|S&t>l`8$E;b=-#a*6m+eTH0wu4C5u>rtygFK zeib!mIAP~WRTKn@`YeV!?0EZf${LirD#&=gyx3;>fTAEV_1>mxR*ZCiKB<~YW$a{c zebGy%=lZ1-FvoG{AFVo_n|3T}<7`N^JnYKq#+IG=kUsvtP-^Ds?2(A}sk?>%##0An zJ|XUT5sYD{x!t*xoWzv|0toS&OwQ}Q;aRCapA%Ro$|UmEr`9~fX&z#GyoHHqL!+o}HS?7Zm~u`^&G;--IL#(gxmJgUAvgb?=kk z?ktma&iPmeoN&GrHyt8Z^%^}?{nHG@#r`8a4MELKN9=}gsgV1F2N%}wNC`o1v+2Wg} z1on%)1hbcZkY>N+1d#BmEKsvNv_;tdbnmqgJN*KiXGZR%mtfSTm>Mp|ebHOi(lQV0 z;xJ4TwzsxwvYZL9F82b;!cfd3NoGSUR=*N7@3#si$_7gPOvLT-%-a{AbP;d;EJ%te zoLrI%b5ADT7rgWVUAt;hHGSA%Wb$T@)gvn&Z9L;k5T+5IV?{6x#Xk`@QL2e8?=lQe zTP8R;;YJak66b>)sy350nL;~~XtUJbSMVjG*vf@s*B%$$2dS@t(5NE$)a%*yU2 z8b+E(R4t%K!8YHF0v4XT!05{vS{S%+qMg?yd0(nj#B)|>zf08bhOjCwEZ zQUOq#_Omoht85e%!!w*v11lTqVYqGj`ugaH2M6!l#@-pH+O&Dyi45%R3O}!fXbELY zNt;1kf*B|+W?74`J0hU@$e!3cuIH2Z0(6wLE6fq&Pk(QA)qV{}X)A-?%EH0|46V1t z+u@{zj^Z_?1fcGt#IQjehMg9d-Vh`?)d|_%!HP-XmV&(ehj2>C1?-4+Bud4CSJZX_ zu1bK2Se*4SML;;#&&it4Zk72k*my)thx6{;6wyb)XP_l(aVl?>b})KrR}+zyeT6kK z2wqhOx=smdaN_eO;*O5(o#n|C`ZUycpaVy%92_8+80-Zi?Vs752hdZ;VxLpzUHa_% z-r{RwRHq(C95`0vQ*)iv7E(p)jqr(z-V#8&IJqGoQ7N@_?IJ~he78b#WvQ`??4s@xlV-TKNbvMFxwZq@Jfev^BxWfZ<# zx*A?Q&|~?Y4v+!*F|~Ho7?AW^iYj!_beMHIK(q46=bE8vt8>sP*+qeHJWyRXviI}Y zM*uB7e`^a?v9|ImW>;pr_fmQnJm~$RzWmG|_&|rRjIv86R z6VCS%y5OWIl!mAgS#R|@>Q$n=ce8j>sS4cq;%9v~fN{DpQV0qrdig>p5qzeDo-69= z7K*k+hljUB$1-WAiONT#ri{Lv)d7(-E?XNBulu%wL&y<+UW^pkpOXb|(>sz~swI&K zkB%F|R?>{Y#C(~wbKOAvXGHTz?5|8~mv(Ogis(*RR~+0RsC#?bUtT!pFgR37A;EX$ zZ{#;Yu0^(kFKX=-!nL=X70W5Ua~F(Y=a(U>DY)A5tlJC!V8`0=TfTl#7jM(o;p# z%R04Brb>Ptx~d#Ts}tQq6gBS)2QZVpRUg=1%HGkrjfJ~7^-I%D8`CQdfIQ=|5hY^< zfu~C$)~Cmh)PjA}}Rm~FF+nP?qR^9TQvC+7AVowA_nU@`yr|-co_3ib}FarB` zFqR23Rg8J&T13Tlvt734iN;8lOJ@;*V$5pZPH4!_*IJKuX76Pqx2%^aHVPzh;ijFi zQ;Rryyu9<|*sPCJS*Z7NlrvSs7I*P=W6xS!6LBYRgZ2w}1uLzqZ7p-@FTvjpRhz&4 z2rnIk_Ya1H_DM-dRJx0S%D@t_VoxO~voVih0sd{Y@^8Z$sDggXfP8TO`}Znbtv6`1 zigjw!9v?X!Y?)wzLY;DBs0th>kTvhG=MF=luHd*0z9{Ejgdr&yt?7H0yOsS-? zY)im$E(GoFY9>j6o1CD-0tW5Aw8TtRM#cj0Ms(WKVm_Cfy|%#) z>H1`4Uv=pbB#Nr!$r1;C#w_UZwc7Lt2$FSoKXFhuOi8*50T*AD>=-b#L1Fl3!&GRpf_ zYMczJa{xAizspAdLy{=%%FAhg6ocTA9nh*B7S9x-lu;*PsXm<#-|)v+3zq1ia#N+Z zsH1QRA33JHUZfRGWhnaXp_OZX1p>i0z=EkPsez` z@8mRc@@I@Dez1N&`{BK)(kqJ>Ocl*@CSFZ8OdQOIrUpfSk5vEmWHoIs+>E<7e?Kuw zXhZWJ5@17J%^u~ajlv|GDd<*pC5Lu6HHpgio*JGdkq!+>Aan})gK!CJIv!rbUtfU1 zw?zOr)L;@|rFGr*c?!}PC`seu<1}V4aD;K5#;fzldu48$^UoZwg2ox$6s?zr#CQDq z*H`QT2UP!9%ySoXCt>K!x4|xRCl0j0%(-D$CsELoMwYb~RhyJXZRrQYm0_V~013H} z_%(g6)nRG#K_YV^KlZ@*vk0(ex+E~>RAWu~^an(I#wrujLO5BJNN<{x;nDfbG1?Vvsz0IkrVnwy0`7CNJA15Lroy1N&q8*3K-r5Pl zl(olD<95hvY*$?(Vm^1@XpETe`c#;*e)98D^GTR-Pv%tk|C3EI{EY|KD!@g<*Z2J; z!n@Hinkozv$pyoyjxr>OG!bVS2r?+%4SrS5jOsA&$el7Bbgp9bH=Nb9ZOt#mV7&b;>{H|# zOHt4v^(97%xZs!PgG8^=e>xm6IAT%E63AS$k`JHK^LEEhjdB09zu$gacO5bMp;EG+ zLSN+Hz~PDr&=*6oFR1=+_5}!_{AOXmE%ue6SJKlv1zaMaA3V1fdcd4sug=NB%8F6_ zniVrr3LP#4wBM|?PM!w1s<*}`c5yq>EasiBkK)~fH5BbDBkYZvkPNiN0ThP1a5IyE! zAV}|#aY9}m05Ss2KUddkEX}CI#C{21)twoz_d+RkQp5o_(rh59Fpux7G3LBn&39aJ zEfGVXY6Ac8M*V~C&Ei9xuxA#OJ(OmWw#3-q%$AL>U(r5KwMIS5a1yD3I9Hlw!tqLW z_bYCfZ;2K{4LNmX0v9KkvP@}Bk2?XQ4-BM69ew?ps>|jt!iX*9w&Hyqt_Pkr&~U^0 z{W^!kgF9z-&Cn4vu0HrxQnWVuta|mxoOo=e~3S&D0v&YT@@EPv4QVRyI2 zw?B(KwCoot7cCf4Yusab_h`~ejffSSS)%duG{ecuB&zfIg1WaFf62zi((vay82^E; zm&!QPTHC|?ht`@6AkK8;)IqQjh1sM|2GetZ2u#2f-qIXoM?Il4rYdOGhl)vAn-CcT zjc;Amt!szF*BvN-JcL{>TKj?qqM<}&_gSHFrW}gA&=Z}ivm01vyIT~kWEq63EkE_-&90^4iFFaV{p|e-FD_jhanglcFMja&OY)p< z%7qc#%M()#FTbd@|1?pT5V*ppC{W9X+W14S>FzlBME3R~OT3(m^O=T>MNANN@SCvBUH=E!B~8lv(~}!jL3wm`zIEa6s!BSV8#1~8$vSO zo-<3bkvH>$OudER@4zhhgSy9+wh_17J&C%SoaOXbo_WGNrZfKcVN_A^^2f&Qi?w+C z(kkESr{X7_CZ|4ZRzDq!&IGKY#p(O{BzJ>yMRecPe~nKl!9ipjomKmZWVvZSYTC2R zJpiQ)%Cii{jCsEI=X*h5=QHTl@cW$n9*j<;K^?Owg>1~w!^WbK@LO+nXjjzxBENjS z;9kOsd_eI`L_#q)zms25Ez2jyu?xHx=cK*el<@DeNjtjB$*oqr>8N3T<`=O>_T+0G z^M~Aba`ad=uhN@^?iK{&&ZbgwMj(!tDO=$ls$qA5P<4QeFk3Z?YCP4n0Z08NP zgcyzZxv#d;@Enx zNrFj1RtZNLXc$tfv5_zS3mF6n+90Jcod`$asqY$u+Y7jKSBd$C>zYc4-pMC?VK1Ro zy!J#OQ-wl%7n(p-}|~j-Lq<-d^`~K{_Z5{}OB{ zU_N*5uP43#bD{G1lS6f5-*r3+4G05msXtVrs9CENLpTqkW&v%*W(?+|CbbWeR zQroOd^WKF_7KamZ9-|TL4mD+{r)oL@d3r%VvijE*5h}gDXwg@`{YlLw#-0Cu?!G}c zL?1N*%CKzajGN%OQK=}v5K|mU1JOHLN)OTiy{GVdQW8>hAa)--j6X{kEmZ0|?iJ`- zf~te=nzknND!xN#edTb@UA-1%ZSC{@&V-iKPw8lr3HaLarI3r+ba2{)yjE3XWld&k z{XoE7pYoZ5cb#+f=fg-h_sE@jke)O*YR;|Yc9=A?cncY)prX*wSeIAQ8_D8&x&hMx&A^tRbD~>Czy_Ja!=8<)9K6~4HA0#s z+}3FO#bvjV!;pB{FKRJUv1$_m>XYjGe8SY>t9T1V|2_q8PH^%3rU@ z8P;r6WUZHZvYwtJvS*42@%uIN(n5dfGd*~m<=C&eE?<ZZ<}|H`4KxcD?TG6KZYnc3O-@4d$}R^g`Y(XhAN@%-hQFtcDzQWp{6)#LHrYQ16qG~q$rsBQMj)*PF&*|VnEq`mr>LN z5HWu&O#~`DOtAcc3`l0K+nps+w)$3k;q)XXsd<}!j{h9I+#%JFxcua6Qz5nEPP6E-D~0Yc#rGj<|7Hkk?hIA z>Y9M>mm0Z@Ho?i3bt3#HqPxPm;{(HYhm8aj;388t19o(I&$L|kO6U&O2c71VgxD{v zTGE3&fpNtG>h*w5G^o_6D?&)~A`8(WpYMc@5%xF^g{Pb!sX_eGGH$X$E3yI6eqVhI zslIwCf%detWCj*25Gt_LV{Z)m$CPxk3LIG*6)Z~qDWca8`jQ3J|0n;I%q}}0Fn?r% z5B4SuRNWeMTp2M$N)!QKwm_?43L*)N#arY<$EkT2;ISoBDoG84S)?Le5T*0N?a8Ou zFpMX|^-8EeVa!gA)-@0dS+hS!{+JU8lZ^oFuTS5AuvVuTcB+)JgA4WDr^ga^3$Qvr z|5>CH;vAt8;=NRzA5-SCoWJbIJp~IY$QulcF_)$h6BWB%lZQUL$>^>C^%}d=*W2P) zOnOUMnvKaT5Y4Cjr<6Nuvz|xC3iBS&7BlU=MM-7T=ObD)|N>*US9NW^L4;Xw1x`AIDL%Y z_e+MmFL#qDiPUpgcFe>i33m%!y*nJw0~jc82&?%dA8$t-CYr-q$%io@Jr?HqmV{up zZ6gWJ87ycLeeoA4p*`$qrNlX3F)f0z+e(l82kPPEq5I&$=4)YAQLoKog+^J;RPT4w zr}TYe_4&sm2EZ?JH&c~Y5QL<4{r-JR1JJqLICfT4>3kBTMT{x)fk|&TOUB;lri-HW zj!5o*A%s_E1A@7$vbuW0cmMzk zHEh=h#4qE>KZVN~N-8yaNd>orb9cVCbM-@ajg#Z~qHt(^!sd~G1EctHd zqRVBe92h;gcw%1PomHsqe989t6x#q;)W8UT1|@luREz2XV~%SOddc(obVqY(a^h^W z1ac2N`98Hu*@hF-zl(~pc|zcc`w`MkM!Do~05!m>I>A-Om2?99aA7N3@g+e#m;Mgo zSlfnO*5hRlsvjHH&hD`4LPhCe76KNDLYB~3(AIW6JsvrfBkLH1muOJDZuA3jo=rDS zG*4+2kgbTcTWk*m9SaRVaU@7{y*L7r&75(eUjvDPZex-UD1f-wX*B-Tzm~O|uysFb zLhEG^9IaH;ncm9Rabr_7(E~k(qSV1!kIPC|Tp5A?#(mf!ARzhUK_xE05-WCPV-?)w ze(z^_?gwe_Q593a)s*h-b~>dLYSbS-nX_*4INYe<*5)maS;P#p0=bMx>!QXQkHHrW zLS>B&#|`)=3aH&CVF&c$FO+{}=1S})M2&CSw9Gd@LoJM*|HL9I?ONCkj;8oovVEC$ zjU6!ejs2tX$FAEO9epyg=`WUiUJpB-+_hTU zt{Au4;c*ML>*PJ1<=k=8pJyNA-<_GCD~Oj@_|aunn!#A=+c>|ks+IR$UiCXEf$GSW zkr?^qghpP=Qc;@Db;Z)@jt5Bfpn{+LoU4xv2*S7Cvt0ckp{W~I64-qV+hctMA~-nJ z2?(F(ktGCISxk;f@86ZE`Ze#jQbFZe9`#ysfxHNKKgUz!Xt{RR&UY3gv^{yD?sjOK z(^%Q`TbiGy$RPat-LI#*kIASwoyv_!qTwDp3%gBlbX!Q+CN~F}^>fB?2lu0O(--oC z9T)lB?ic6d-0+L@j(+v>=`=(ZuI6+o`L+FOW4d^Ed{*ILBahwjC6(2Djr7W3BEOs= z8>aGW`KBMMOM{IWn!mD;b$D9U_Qxkl+KqKXRW1_WzL##P6KEzl4O^X32(`ddP$$&e zC-1M1H7|ung0Ls=#n?YqZfZgwZr5oipId46c4QktZ8~*xH03uhmb#S*pBD_nk)RT& zs{IX5eA(&mi3@X*jd|P`S%nz__V5pS68icF==Qb?IBEtE!o= z6)fb@IY&eCTJwDWFOuI0zFp_K-A#Lk(p7fp-ED;I4=+jtEa>4z{6{h+5i*r1R=JOyA`&$u@ zZ#zOp_dMU5tLGe7I$Ez9Ic{HsUE;&rWs;_!ix{_K+MqgQLf^ z%9mTUmnWrv4%_${vnvs zdRa!%K1@Bs4x>5x1yr53EH=-&7;(`k#M8LVxfR9uu^+mxopQ^KLiwERhm(0LbW1l*rb@z~6e0bnZbrJg#-{f2kY z7n_JyOL?`KXoi*Z)CV?@BZR^{#|;5=WXo1!p@W+IDa9^c8TIHEO!ngyC&iZ{@9!}! zA`6>--L8jSH@I#mc4UPt8e3WL+WxneI1(HlFs<=YKriv_EV{oLD}8WDmHwov?XcjYCVb>b2-&?K`#<2zx6wqSU?;#IOa_SMy2KOQfptR)2G?#W71$V%nMT_3?-C zzp@RqKf-dlUcYQ|In0p%vex8C%~bROK^hm4nl#e{SJOgIHznJVB=km6@}e2w+YxC3 zismU}JKG%s55p*h8;|XDTump1yDa>p=SC>s5 z`kc$(eos9XBKY0r9~O*!r&Ce4b-C&Fe6+T)!RGrlkNp-AgH&9o4@`b3T2Bo1RV!3o z9k1fM06Zx=dfjA;W4*J*zbIXjrT%om7D7<~#P}9#51bMAIb}38bjH#6*7G&J@Sq%B z1yU=2`H>2js>Z=(c@?e8%_6Ua$lJ40!Rr1=(`>ezWAwz=aZO31KJ81LULEHPEnoU+ zP6vwyDBtY#*)QdpYq8KRZR32nV{I?5_9{p%U26^<63S{+5?BuNm9=MD+&J~(q?c58 zq~zdI?S7rJ)ns&{K{#uQ+a|Y@;u^ldskVbY$QN5iB=LE~;wv33cN1;Ud^)f(G5AEA zg!=1E%vJpf?$ekGH+9!(51DE336^E@_Pnzvj13Ztazvm1BQQeFdtM?RWJdlqbhH(B zXtgU-?0OEw)CQXU5K6S7D zo+sxvjejsX#;<-&M$t^I{r&@@^mFI@x(+#&>`|XNP)R28+5y#HFl`uxOd^l%Xr2-n zKgmc-D?BIT0~u2ud=$Wgth)8V|CnrRSL~)d2B>`^)2<{LCU3{cq$CQ%8OmK+*BkqB zTquWmEb@{*CYz?}F=#|{QGDoINnJu!V-vkFFfwXHUu;I0jScWljSQ(pJimy$t4TE# z<4Qriy$8SonfI?j=9ud2t9O9IMSbiIF7?uQG=E_2Kn6SSajLoW3<(@O@>W)_QE}QG z<4u12Dqhw-+JfYZ>+@B)K@X?1?39u0VN8fJ z?lOlT`Xa#s`oy+nJHP&<4dCC%MC&54N`BZ4MJ<3p4||5Qh3k_+iRFi6TZL->I3Nw zx-iGXu|eae8kPsWD5*=@dt@wMob-b;@$uU#n!ra1mAi4R_v^nA{W*U4 zRKa9WhLWs_}s?D<|QT?em#XyJT*(`mPR- z{!Q)hk3EouTesm9kqn_T-)x`%tm;v!Q30tYMo1T>5tE9toP__UAr?3ZxwH^xC`)(5A64Ez7 zoverkE_L}LpBuw`e}dWQW7N2pByh`b$x^SMuclm|Ok1yS*HaOq$o@8a-Ho*W%la4w zbXnlCui3!2C+#byt*h<6?+3i{Ad|g9xA>uYQX#D-Qw4L*bd|M2W={Wea6_YS1lSO# zT|9wuvE7x5=z1-dan4PkcLFHTD=p1^&zT!U?g71AGI2uBU*4zhote~{JO$&j;nJX1 zftj6zaL+B=A$sxQ45+t{o@OI1L535pX3&q98IlvQPLhz5 zbgeMbcbMV?d|yF4O<_@yobb2J@uDV>vznLqf{!InLh0q%oJ;~&_j|^#5LVm8c97Sn zg65P>J1941EP9V&c>N|vFdsLbkbe*BDFGn1DTzaeG<^hpl(k%-exiCzt$C%TZ05?@ zMP8saFa;PX?_IH(?qC6d87D^aebl~0jKS(kQjsS-5sf|^EUGCsP`pOX-yeey*vHM) z9FjJfPbYh2FgC>vDHvh!lb8F?h{pJ2&Hk3K`B;UiRy*yC?>Z%2J-c_=kk!dOHp{xG zd(I$wXW$DGOB}8-yOJ;9pvIifL|O~BtcuPe$`4s~SJT4zObQ?K2I7zba1=>Q9RB3< zRi4qG*&mbxs~&*;Y``-g?UyZQp1xX1D@lH_w_G{vAN*lvRr@}r=X1+x!8hH3AXIZO zXhWRSBrCPtOTpntGa-h1ulhA6&3f?3N2Gx#{QS6T>kendcxZzJkMrLd7lz3)LwwA2 zX2KB`%~B*5Md9Sj!zJmgv%hlmD+iS)<#ux?VJ+QyFG_%wMw!X9{VLLdyufrL57nE80{J>xS!x@qZ)?Nc{Ub5zrEMzh-jg zY+v7_S_$0FXVnc9#Wbo`ey9?ti)!7WxG(1@@r3)q3nT4Egl_3XTLlo^YjNXdr-47} z1S7bnOtS)@D`x6-N+pmX)Fo0ooF{m7o^5ZeX98>Q*xtxz?p1ib)Yl4o?V&yN0{9jm zxxJSwhR7?uG11A4sB;ScRd3;-a>ITkYX)m9R}?Ss@TaxKM=5`}S?$kt9iP>|Q$3Az zAJ=y|NjsbSvpA*a~N0}UrZiKwoL&yNoYe#FX5bZZ9BF<9Eu=aSSUMO^;Y&b006650pSvc%}4;kOUINm+aiW!L+gsD=yg6-{V+qWS}ROMdP8cz?3H{p4=<1fL#s4+)}lR|+#f~fXbEyTdC z@w#N}=O-j6g8bT;ZqXj@hx&}YU#K;OIUErN@nuKt<){ z(nFq2L8l#!sitN31}zqN+QWou+jk*h*=*$w=LakNj$7d(*aFJDkiSm0dq8M^^(pyN z3ZOA0;aH>2mcnMOxHXk7d}!1ALBbO4VWDu0 z@NyWx%K>dnMt%d}b=tB4|8K5JpWVZJ-zw@7YRPhc8i~*$S$83-usLAXy=9%&J32Rq z1~(D~ml}Jp5iBQ#uf3`M6S1ZN1lGWRTLMC~1bc-)FnN#8&uhbAl?L6Bfa`F>KZqFO zjF$GeI5OoU$r}Ur^^KD+RyR%YjCX0h(wfzP!W=u52FvUDY4@b4{@?+{eeFjVGde$C zr?=Kao(h8VpDq@u1<<}^_bKJR!P9_9P<`iD0kEX+4`KcWMV?|bTJ@@fj6AxIvHro{bFgIdfQ znwq%>p}lW0E2+U~#?G^Q&S&|U2NwlqMXI7NI@Oi5#yh(7i{H`orhh;O#q}GvxjarP zhKaq~?7$c1b2v%B@lY<(TyGkf1{2$}Yn^E< z=vw6NID1~}N76!meEuLcup2A@I>uFto#~q8$11?mq@&9- z+&CxB20)Plf^rx}NzR_{gL}tU-lx1m^PJ(o7F@pH8JxmTHr=R*@6~X=SmY%Cg$&3& zynA;BD%~@fbJokG__8!vdykTYtK&9L+Wufe7iJVX*;Vm1!a$&NIsr{%+1l(JVH=gz zeFW3*%*C!o!rF1JmsbKlWd4k=%UkNN#PkgoIhXEU)%bkEe@w3XOXRb=*XoxC(6NaU zQw`@v<7apm6zSng_s>;rCHrZncUYqG)De^C#>K0*#Eoj+LSK#pub{{oCO zHT@PNbfLv*;PRuL2;*`r)oJm*iINU=1hY;?Vi#lp7~}5cdfd3@i4|e6$8qEAO|*Dw z#s3z{U=={UK|!-iR~avK_w zmR#o&{~Rs3+tmf)-vpH7#6X+?M z_mBa=+`G;nCskwv4(3mS)QtopzF&L$^-{IgH)H@$EV9zzq9B)J z;AlOc;7y9>56XNg1}1N^uMWv2#}v%O^hXizx);Q4p5tDSl!KJcmSSq5%f;X;pJ~Q@ z_T_CVPXj))hC zxi<9#;D(poT(vmj(%k! zwZqSCjd~RU;&R11;{tcp>Z&$vUuXdjV>dx1wHc1vQ8l<4gV^S@8>_(X`O!RtNzb@E z3TfPo`1WR0qc<8;yz9;r&|mx9eO}}9TP_2vhyARZ<2wLA{Sx{mV8*Yy|H!c35Gk&* zI}$W_EL&6884`bk1%yM<2mafpLe`c?qQ$a6lT!Keou4RSg6>AI*%VPeg!M3GWLjVL zQ@iDE|CpD3WI))M+P$x!N0^XO7bQI4S{}N_@-yXNzl+X0@;R_wJ9u7$5^+C^(>(gN zsSNe_$cW7{P~9v^ibe}Cd9!py(aWV381o1)L>bZ5K0mEFlO@F|6e)h=+T&Ad(Y%a76Ke*ttSWffPKuI0Keylc_Aor+qk4A1mXKXNm^!o zc~$eB4Y49e^fmlNK&}yx7p?vS5-3xDTZYCJb(lNLqNYSW1mPFZ%U4x}I`t9?koKv^Kb0 z3btXy1=Xg+B*tKJ{sJI31SJx+3wDv4oNPB zP>T;6A{G|F97kHWgu33)=p<@s9R8#@V6l?gBI7p?u5rIM)#cgYLM(A9b?HHm3DXaj z>j6bBj)Saka*g;zj>&5&HR2iv2d?4=?eu1mk88UW!?cr7p$WHleQ6IF0wE>4d#Slz zSX#DxM!(0DYqSLLH#uY+3j(O%p9UiYJr8{2*H*QYmeN-`uAY@bN>)>AJ_JE90q|k- zkz>DcQngj@yJG4!Nm|KZdnW2avLunT0<6X#5y90EEe*jfV#_N6CphUhZwt^3Mz{Gi z1`(M<6LZcYfq`f)wXWpf)ldMuI%R_5z!3gXUV;;ttYY}lg<9r|qcm$xSD&Y}VTZDh zAs!q{kht5{t_`yNgs)-k?x&ui0WStMS`*S(NJwYU^M z`h)k?0Fm)s+M}Z)jc8S-ocpy!1$Bpy`cpB44Aok7OK#g814T5@lrcuX?Z>1E>EZSzt;2c79U&N}N@H#_SkwTBH3k7v445Gsl3?Ec8C z^gprvn%%nC3Pj>e#hbb+1Z@^jJ!pXOi%8O(9Pg3IujL@@Ypxu4^I!Lsam_ZtQvj(0 zERvc%uzGGt9q*$z0jYzu&0NKvx}LKDBC?AD;Y;;e*1&M5tW2W(SPHgX0e|uew7$a- z)$Zq|Z7?w-qZf7e>W9i@0=+~|T|NotO2f3DY7h<;mOI zyB!93!>%Fc9q5+)TnwhLHpB7Ke-yrr(P`IUwn)P7E`Lms&HH)Q=Wimm^c`e?HeBg0 ze=tvrvF&DT&jz0rwA!Ph#kyG-^u4<$+P~|~A|~wicu3G!y&~DMnyIm?pwJ(&esWZu z-&cj+KKJ4jhy=!`Jmgr+tww=#%2G)RChycS(R&3^w(=6GJh}qT$u>DVXQe>1VsD{n z=d%IBpeJ8XnfiL$2CYX$QmIBjFZZ3vdLI8ZjtIoK9oa?9(NE#?So=9p07S~8&QCO# zMtJBww6^`~qwnC&zpp7jIZ zpOI{;HU{HHxj3lwJBzf;UCWqt?g!j3N5uXlA+JMlg23yeL?$6dl-<;qkfu(MC=R#2 z7B*^>&k)W1!C)6#IJ560zLO+{-&$2_eU3 zSY7ARj6ZofnDjg@|4MtH`U+80Pt}+FsCc+vu=Uu-95~fmLEYW7nCW#g?78jpT$tO` z2;A@c{o86q zCDV?F*lwkjeiUdX_BVHZ$MaIi9!-_clM(b}Qw-CCRwG8LH9dH3zp4>fm#Ptf@B(M5wjOslb=bWE$x`;Mc~ z%gUv?K2t5Nrab=l30maC%ul5mF1@VdrCMg~%jY)JC49MCv2;C%fZrs(?Q?4wvYisP zIE%HvNGGbO&$5h@L_!I|`qy}121sZ9D^=B`3kGM{X7(13ng`BKa9}C5{UHrs)l<(* zmNjXIEGm64kidYo2a~e%U_;rAq#R-CEeK~`H>O>KmCz;ym%9j-UDPSuOfhT)Zyphz z`3?KR1md7p78}z&d?6MsPvEYLy(G#?p3>yVO@e0*4PRqxEH`4;RGDLx6zn0x_PBm{ zucj2dxu6c|q13WI6M-g;fo29#lYeoIEDv!}vNuHJKZ(L;W%eL^HjmJj(FKOVz|4#+ zDA)oPs4F=F0*^Hiv77S%s>vkE&2B=EPbHLb`dKgDpc4_^E1P!uH0>FxE))&gIuSWx zH1bkY(Kf);y$mD%i3orHhn=&1pNRfW{>x0jOaYs7=o;9-5(RQS6H6%tUBx7Rb~b|- z7+2K-dUSluYYOcHnmnYpq&ctHQ|Rc>P_s2htSB4sU3_^I2a(sxF5MQt<8c^D8LEA$ z`%%khFLrb<3vJHm1J51o<3pO8{*`gs%`=2NEIqg{sL)OPmlK@alfouSqs6pCh=mo7 z0QPwdqa?!DT0%Yhf|#Riv+v5NL&=rdWh1Et70s!>D`uxPYI@h5z`I0d5j=2t<};09 z4wHR#&sTB8V~96nbdAocbOT4xPN279J)r%-y>Eg1XsXrh+{tQUxk5;!zGUIV#+fj2 zremWGd*&)&EZIx#nKO*Mwf2Lnsbvt~5Y}*6yWfXV2UJIMyXyDCPo5g_;L`WX-|aBl zi+3&1f!Pe77VK9|xTOLspPVl#E6%o8wR8Eq&74R%w+iaL*t|L9H;4S^EH9lEs(xnb zRPOL~-4nX7f95Y6@RRKWljs-_8E!-MqadUa?@9}o1Togc+xyeg<`VDsYih(0^kj58 zsK@%z9Wm@yZclc#fR;DwrFZxQS<*A7`>GnV&%jN_3z&zjV2Y7e5}#!FMheeX=^#1g zT$Yj>msTmY&jU=KYXGL#-@*LcSVej7gB;UR9*G)YR z_EWfF}BXl8(rxT$p$4PUG)EQ*y^5JVo> znFB9)J{r<0wS{7n-Kh*MHdLs*MkIt(mo6kR|=fgfq}y(Rb6@$HPBPG1_e(? zFe&*DL1JR!H3n5)4;6x;@EAfOj$d())bHJR3xBlqbaw-PS#MX@4aNCvf2lKs>=c*? zN5{tx>r51Ai@ZU8AQsrZ+mrZH~DopdYUFpey!0sZTn}sogL_>Mi`LHS zGX`*#y4b>T=&5^$=g-QF54__k0+Y3ysWHs__&rPApr_M%(9ukPPwq#WP_g|9STdB1 zEw1sfc4SJ-u+70pGUy>UdU{U@kfc6V86FXf7)}1ogz8C5=PDvGA_PMgwyZy`nM`27 zJsOfEe1E*u2y_tk$_6v~`SA)IF*TZj3hqq1?G;!%wJw{hTi)*Z`S!?!+=SMv!9mT|_>e1l#e>bWA`wbFH zG&A`6On>Rbqg2aDh0qEr`8&m`cvf9;E^$Y=Q)o`A%EZGE>#}Mk>5|KK4@k&YvG?Qo z)y}_)Kb%JdOp^H0f(Edjy>fzVqJLNoOwdp!wJ|2ctWsrznR_UiTZkVL~Fbvd(YEQwTWGOHYsX=4~ ziz6Vc#)du*`~a-*iLlH4-Q|_UZSuf0UvR%sP1T!9`vCbYTk6?1qeQ_-tjZpDQN4GF zGY7Pi2vcal_~iW*|ARPWvRiWnTO58{Ji&qkZg4V6v_*p zqdt5A=EMuPxxs!eDIj4uVP&pasWvuWSxEU@feUvSQOxzmmb8%E#Qo$EHRP%gs>p(bRdCSE+*(1fZ_#=BXTsGk}E%#1};W!Q@_?G7135)C*OAZ#iWWJHw$?-bN=#v2EmNW#_(t7}OcEU$q`4aaK_|7t4=>0wz)z6A#`4f&P!$v77}D@o8z*eUIlS2TdUS`4jwDb>^C>M= zH>i$O`&E=xs5UL$1omC<0jb{e&9z7NO)KkRPi7ItaPLfa5nuC3=bku0GG#1;G?WZ~hMvtBvA?Xs~h2v zEgeA1aQ~^9+#MNo{%I&+C2TnG8|W2Zd`LoSm34$B?Z+FROmjL?)}~w>@VnEN@_2zZ zsK}yJ)ZFwnJ|8XQff<aQzTgA@`mA zrRkG#PTHRiZ-}zRK6PZh z%H`=KFcTox4Ur+cmJ8utSD3TFJya=F(x?fl?;P1&L)fe@nzu###C%60((pAh-9Vin zTP`IlX}-qJ7;w(Wb-SMqcs6PKEy_n01OSOv(8&ir=OJ?a_NFNi`;rg3J$7s1uCZwq zO3XroY1S`8S65cR!jT9i|KkiI9)O?%beR&*>5lQV2u)jkvAL~gQV#$N8}3 z@$`L=PugQtALXVP*W@;+$^+<{$hmi3jXs-s6RZvj4tfey9J=m`SPJ>b>f4QA*OB zImfO)zATB-HwAXqNG96J@6$ba_A;Ke4he^m_V)^}Z4~M;^h?nS+Q~8I(6p+d%vdNz z0jxb@DP^vy=&_KYd{k5ef&IQ*%K3>_*ZC0CU$Jg3FJ?me9#^?6cRi2Rq%SVfsM}1f+M0v+@H}{OBu=dqV7|6> zL|aGqs7bl`va0jWr*YyO=$lpMZ*-zVQJ1<(HLtJqpnfYM!gKYRR2>&5x6|W)h?_JB zehPbIr9G02TXp;^y_2lAFHO<4xfxf|MiGIaVCnk~{UI9?i(6O^sBilbtPS>l_`EJ>bWigKb%QQ0h7ZFC^F@B>hm;s7#Kt5$4@>5>b9h2BA5Q;tdE zcsMPr{YY6)ps-i%8{D_IY4o@XY-n<>y1$}%rB_#X78l$uuUV}kFR($gE=K@R?%89P zgA?}1l_m?grE~5xNM6U#Wzox~42tMAt}c{AzY~AokN01#q<-v-XVbmrYP<mMfHuavj*wKlZ~gHoBA?QN zE=wy8i;eFbz;MO_zVMJPIZtYqs39&G&U}@j*8((+K}qqr0B%51lJ`qBmbZZN0MC)k zuMnS$=cvCfhyC1u{mSoo#m;}84t$##cPQaXyOld0{#7t;E<=?UEl=3W^AQfXptUk* zXCrMVk>5-5?SSq9vXLV3;AJ09pW9*dzVi6)OqJ>7Tu9@4P68Rms3qhggFTk4?Cb?^ z-waF%mty*qd}p>&j%@(ej#w~#yAfaKw0j*smlNm0XW-JqZEraZ`fv`Jx9_UP#@a7N ziAduJaOSv-a~5T54L4-=Qsi6Ghh0UwqTjKF;UfR0V&tJt<|y3oD2qr1G8;p|CuHwv zt8@tZG=}?Rx`sG*i_c^FZabhOa+7EW%yuNnYP4F8cB% za68^mw7~ zofRAFMKJdj#M!aCoirCG1D)%J9B(*J8|8X5m5_T^)H6~r%E{O}KfF7q1%t)z6QqHe zkm>IXuiH}K+9TO^&GQL>IC^;1ZcgP{gru}IQGPe$66qRvHP_ZX2{frH)$N(QPx|aQ zNYeyW)J5wlzr2#tTRSp6ev~Xk5fwbbYJZsZG)ve3w63aos_)Wy{KB%r&R8484YA)Z z9mOkx+$O!TZKv90qB}sj=il4L;(}YyC5p4k((y!w5W5ZWgutCZZ8)ZJ;FvR3g1xlQ z`AF#zHE61*f4?cFK81sGAq06VnDYIB`q}xHwE8!jq6FeQb0Xr|kP@AiI}Z7Xy!GMi zd~TlS15cYuJar!6{H|BpPV}S@HXQ21k7!@HQMO+EZdrOEv*dCZri2Y6e3+3sr)M*8ug=QWH61^XSvexXp#T(33itn9bXc)+-t|GcOk; z+D$+2WuEOE#}a4QgL`xQR_LkO$Qk;ai#dx1V_9~{NVy+Xu>Tg4+%hS=#9~)q&0#S0Zdy+9XEwJonA4+=w zciN~ia+$cUSxv5U-cJLxD?Jcp_UB*Pl|t4BUiY&%|In_+miG7R#O&#uK3&w4+xQR z_uU?jB)0AdFfsL3i-FpZ7j@_}>qq7Jq`V$iliLjYB6+<5M4>GRt}z45mGAMb*BV$K zLf@|zYWa(;()l<`9?kV9a08TFf;PCLs>k4LEVTGs=zhfiTsK=f7x<8gv{kpfyu2%( zNbx5lpHUy!IvGUkes2=Eo-ALf5riw<&;q`A6lz}YFRtX{BFWAf)=O()l!PLTML6ue zH5B4$5ZhCdik#z!C9|Fad8l1yED)S+5Bbx(JZm*`n)Ij2l`lt)TdmP;-(?czp-?Nk zxWMNQk-2q?g2rk0Svn9f$fuR>M|EWRk+LOo=|1y%{WO6~cdI&Z!%y(n01z(d4nGYn z#8xoAImLnYD@*2EnyA!Jb)dpL{)@5UdGk*{R1o&6U*WjG64H&yZutk3(LfH&31kw5 z;2XV6F9xrqCoVz?ZHZE{r3FC)tK-f?SV#hgC9sQNjFtj>2pFtoE4Wo$q`6W^6BOAA zSn@=k@eK~n=4!p8(PpXNYXuU7n?u%IR`?ziv&Me?6W_wO7pFkp#SM^ro5ccCK%w6| z55M+EpgA$22P7yw{_&v#)v`57$&2FPWd;{2k`;1GM)0SGZd8nGse@6&Xk9R2KnB>3 ze(M5Z6t$7mV~RI1aW%<=bhTLEh5DiI338pbHNt^}$NB-{{`7V>>e+$w4LO36tu_j%iF!9-mxKk#u zME~khulFzPN71vcRw6)b=O6GvtjGWMqbO~_Y<}7DuaL%s7?IKlFFV$%Za+`^|;va~`#Ofi- zpdePrqQNYD&!%_4N4%u^?5vE%MY;40L(-OUW7>ND+_2dj3-55N$x)vtpL3*e_pheq zEN8)Aj9X6xZ%RwRoCpzRW)N-*TnBR5C7`N}GHyuY5@5dh@NCyjzZ)=Y8Ndd=7_k&B z64AzT&5vdyT+QNB%6zgvQ|HvCNcCdgFgB8L_tgjhtXlf!O@3Q%uo82b&#gF86*9nj z`)$|ZxDvOcxGDumaE|oRGlXn#heuP;-m;*Y76_OUDI^UHlNQ?zvcOB*Cl z1ZO}iLQ~RU;C6X7JP%4&eN(G{*dL$X1Lgo=h3P;u!h`2a{$Y9OwCnyeKLDmWPAVpTF_nkL(c!@9Pgk(TM-$e^Wwi0sjxsENO4vv0Go{LnCfu-1<@t{M$Fb2KWkJ zdM_s@?0WQ49GVdu{1C+d{*T|(iXoHxlIAYpo9IOA8{E2m>)Gr7=9?^6J9}p}HVWPR zod4~6UKHH?F>D|Z_?9@Y`29z>ZY_c+<9~h)@SB7JqQ}PWu0JF~^#A=mIO)`%e|(99fb4tTw@<05(NUT@t zNotY4#Aj4;vDd?)6A+t-3>{`$51k zll>sGl9vA7=K~ZS1nTcth)RLuIujmz*;7bwFuSZkjyr@_c^XAa$xMk#Xniamm@xRb zX1O)(t|S|t8YfPwlVUy&uXoz@qy?AUkOSKY&5tf8(?LyF7t>U5MnTuBGf*$0M#+LB zyM2W6KWj>ON(DR8X{e|H=|}40S1PGoDqx7My3&g;?9z_~gd{U=`Ys2k#34fU;GIIs?Q<=7{DpgO@rWD5cN{z&`SZCXPm` zYct^(AbGtJSAyGJblI6PMCQIlN#c%xd3(#yjdj9qUXz;Vo?I>b`nCj+SsJC+%Ygnk z$ZPsTG1q8!x>q8{Wp6bLKTF>fp2?78R0oq{xbyz!>p0^^&c$c1u9=+E-F{y;5^%G9 zxpnIiNip?*wgjxt8lYfeXQVFZ2&DkJ`ca^+|NT2nRHOuQlZQhiT@Y|XbQ_Y4itxJA zUK3V2fygQN3W<;$`>S*q9>9Ej86u8x z*R~V~cZb@|t;XZdjrac_V_zLr)wcGHf|4RB4N8ZkN+aD}o9^!J5~M-81Vp;K8>B-z zMMAnky5*aA?tS&1d%WZGFUMHh?b>V3^~@)J(GYt7AprXzDVYdQgz3?K^!(xwc3!)C zRCEH1(72c*(s!WXpt#RjzPK_qw~%biRh8$cRh-jDiB50-WNxCtzI=972q(Qd(@gxv zQ`c%Nz+BLM^aq)6;A#G@&_%8Fl_~el(&w`&%h|fCZRr}zGmR$4ZyVhyOY9lgV+{`b z@9oyDzyRf7;>$ie^WIAY6i}jZgXKBZv@^{BE!+%e!0RQ^Y-qj$tbI~QL%(gK;#Wta zbUlEOj|V8eB93Q`29Jcpyj&MYC%!uEjp_hJfzkT7cS1PXMMm8KxYS?+NNpeYlW$IS z?V($Z+E+$T@V4$TQn}?Qpr{kYD<7 z-`y$A3RH!Ye$4@;UkBec074_$^yZwF$@=)4q8x60ApHdu1r$5}t%8LQJXHpP-Z-SH zs>+;HBJriDpAXO}=|iQ_<+p1tGlA2u>zA%fS;A->EQ=dr(m*|GWGo77^l{a@G5WLx zJ04?yi0nWqw`#>A*43$`v4DMr)Bx$|JslHb{IK|3t;yudQ$gMWkXcXwwgB%lZ z@aQ!6h7OVH)x+P0FKXTVfaMagz8H&p@Adlf_@xzfiJ2RI;<$+ZG?Lq6!u8quv=r4h#$w@s7*`FLzMn+CDF z!8)y(ai`LYjGOInt!d}?B*M(eFA)$Ki{QTO)-+)mb93M!e>CRm+*e&L9u|jOanzC? zh+f4v;Dx)-o<3-~_S}9Y?RkC=#&KG`CfrfbeatS!341cwxM1doPCtdOGn!FD%Q9S9 z!9k$xJh|B+4QUa0tLXtr_xnlR5sT$~`Y=dI-?c@3@j5;~=^D*QIv6Ma89dk`fb4D z&F_OAPCLSqa615xTeSCNH;G>BB4v@p^Za|HK%nH;0r+Oh^P3YqK7GOX&}<`+3>(eweXHdAP(;$CrS1E&t9d z_N(f;bD^{4FGzaP|8StlqUPxe>KhqVgnaL#DFI|xb3tWA2!vUu4MvfYvWyrBXkn>1 zB_)ES=8dr_^*5xs+l#NkNbz;A=q8oS*H*52tLgQT1hNZ`?Wa`2t`L$kO98K+xL;$? z>bBZxczLmMJubNDSc|J?u=`A{B=$m;R9SYm&+WYOMjRgbeRckBV@)ZsZ3qr$PG3n|5s5HvrZS8WXHNK%ndz& ztGHl+=4*Cwof=pt&J;i;h)Y$E-mkR5tj8>~X<%a8fZ6veKb_nR4RoFYuC?%Hcd$EM zbCGvrof!0h=LbV@`ZnO6+nZC8BPUs+Mw_E2@tHLAe#_;=K(hc(&}X+oGu+91Rz;O# zI6mOBR!LJgOMUq1Dt1yR(o-m?4xl6YD_H%+5!#9=qY@Ah?BL{1CF0`Z);BcJ(9m!Z zN_%?#0HRIP+D~1YG{Krw6DKAmdA$DEze-I@o5f<=3w#OhCMC91&%sHb(5G>{Em4~G{lQH!| z2N}ymqI9j-96^HS=2g*D=sAjYM{tCTFET!kh)=-k@zjE~=(5Tocvx%a!XH!OzA*?1 z&ayCXy8l>ZqjTI@##Zdgb72pCb@5iH=B1PQBA2@f+e2b-u-w}ACWLZ&?V!F$?q=yy zMB!v#1V#jCs5DEb9~#g|SMFa@PXREvH>4wg=mUc1;L|DJTK84Au*UZau9YEG+%FD%n?lq(lM@2L)ww@Bh^H zo_2SFyt^$JNc!G!bi#!}qLjkLK}##y1ZN6nYg}Ah*KuriYq=W^0; z1=m}bzq2z^7%y>+dDTo3^@MQtj)KJEn)hS17gcvF?9&QrOe{aqd)u3e5Mc}&#;O$4V~)LX7`ov}a0Y`-fjbN!&kID#}nBQ#^dojHo9u!%gf7TfQrn| zpQdF9^`%q=S}rXHpvg{+!3&=6N*U_07N(dE4i07O?1g2l{`Qa6u7;LmttzvMeoA!o z-bUfYhWU`LhJ*x&uQSr;*nyjmm0p|lrp&<~kZ2K6{TvM12W$b25T$1Sx~)!i5=3Ee zTpq=}!tOk0yzQPrzr4SGbF%USH2FPL;Ak4jJMJ`6YQ4)+`IK?`A2T=tzJyC%@d8{e zd1jvjK^HkR4$60+Xb>v-(bLACWujQAg0nYo6UQsvsGl&b#?fkOS>k>XTnb~5>1^PX z)y5h4a0nA2620EKgIZFg$1o4haDOhK{WSCWByvto*xU)O5QsIrFNU zsQ<|0wO)aTmH8ToMKBkVu zhE*#p&ZOY5iMgU4*52&RN%T+)a{nFxZtfEUZYMK+d}b#H^WOL}M4$6hGyhs(gdS1B zmxviRMU9Z3TSzX{*%V;AtJCnHB_!pQzAXos3c5R$g_AtU%FeR`!Vu2U0ss;n_~?V0 zLG$wwVD(C~_4QrUL3!8mt=CQVnlXE&T~XP@KbM~zj-OpUP3982{C8HyVdC-W_I z*-+HBVdHwU!q>Fp+=g{AgF2~b_;PctZa2op%AuI@(i}3(Z#E|_f|c!tVX&G{+r!b| zldgbJlyxt_@WxPu2U3!}uwQwb&WfN@rY8tDLLXn4_dTyV!BH7htaU2@PK1-x%y~p> zb*N!|E{e7SOtvxH~06Qrh|>m%(frV(Qtud z9BeC4Rh2iCI_|1s1{VTAJ)LER!+zw&}M=VI^d>d5%P|{qD4A60BirsBNG=VN<$_tVTNl$qAdWgb?ZG zRmFmO#J9JwkEsqpeu?&MvdVlViocqe^f6uDg$O4+@;Jk!W0AY=KCjp zJ4VyDv%|W0N|z;gN&0aVy;qOBgNK{aHw4OvLAHx`oy^T*kBl2^e>kp$KUEY6@MSBh zIt<^35uyaD_hrpAcG#TNeUQRSf&Rb(nXXrjPVdna5LsvqAD)6HVlr#$bkA@bK5H)P z{qOBmhPn7%74>L+$S69suu#J9Ax)Ia)4ev(-B6_DTYP}{#JYEK67pBD;t9l*Rnagu z4~~~7(6T#h>cAquS2UEVf0x#}PJ!G8=YUebfhLc$N!;o6wcz#z6d-=&qOW4_M6*Kx zGT9?}lG>ld(3 z2yYK^KGv<&$9YF0@WoMFZ^QwxpbkA2;5K?^5N+G&TIe_k-n6E}nPUP+9-_N+S0vu& z<3h`=cI#*CM9hP)02#@AZ0>0fkWr6{`lQnDR3M%h&N2tZ84>6;X^w1)Q6CF^g7=jJptHJgDM0?@`D?Y|@610RBo z&CSKOpBy7`18^enxH~cFKm@#<2q+dnwqixO9qTNsvz)dTep#cAXeNu|h8uo}*RsJW zziBnpUqZsf_c#H|74M2!Yi`8a*dj&DtKrZztU9+YVWSCOUkX%stT&O%c}v=H4UJj4 z+jS{Nm0nbA`uJtUVJYW3QwyHl)+@^Z2pFdD%3j7-zP?=GUgRp(`uf=I`M-d5Alp_y z1j;#n#D6GO3bxs&J@xLu9_NqW!I^D!&Q*=OtzhAkX(u@J>Lm|D5E6^tnp0 zu6P-gx>4mhIt^^&XAsn!kw(m4mPs5UpS2EoIytMLM68WI>ZJ`sKmd2yS4 zN-T~)u+{q$!Mxl43BLRBhK-4Zwty_J$=hTsQ8Bc}r_7t5>y9`PGCld}>G}Dn^Kdqn zZFWyVTM9@HWz~O+uba<@25FtH)7}s2PJd`MRN&hJ1%-z2+nUE8nF&fHvqpOOgoPnv zmQzwt1iXVO*k}Uos`9Hoa(HdMgHdRCPw)CoM9qWRG;Q(<=H|HfnFP@eZYIqg49YrCJ&F(xk5AOxE_ z*vAuZkJ`(KK@>iDo5>&7&OpvOD*aB3)AiW-n>B2BT&>rwcd);_+EA-Q*tRVy$0^|m zx5BMj4KV;!Gv&V#;DC7DT&!EQER1obfY*-cRa`OXHEkO>OBGQ@>EHvQw9B9hXGOax zOF@(=&-2J-(v(*rq!hXFg_b)p`I)z4+)JQ0c@pJ&GuH>1SqCY|xfMkGjJatg;sT^k zQY`geR|gs-|Im(1{+Mb4Fi|_`D{E`{5rRM!Yj_+`$9&a4@7c)@JHNl2& zzdyS=BRZ#^I$GdV;9KvYa4dprlUL6%N>>4@DdWQ243dCI!wgMuo7L>;!A#+?X;N_P z>(CeEoe@G#I8fIsPSSg3BcqC02FFQ8`UC_#cF=Lq@~&Y;t)*km3M0d^X9N8Xd!0KJ&8e9-DH0T3gL-jAnJ144v^6?Q;!N8wEd7Xs@$#sVyeDohpIqc zXxuvR%of$Y5`aEV2|4GhTv#-?^a@JJThi;*2KQ3y@!52BOfMI*F6H)$GlI*47P+s~OJynih@DnugnxnwlRa zS2RD)IQIW(*Z_uSBmjcI6_tE9>4<^ny*|@g!1=+43iW1u9gKtl6Z<}4MnKj4((UeA zgY5zd>p#3sV7dc5p<07Qo{35!?98sbF4eOzQqz<*i7bPM`i?X_Tecdn<;8KlC|W~b zn$q`kZ2Uo&DE)TkQPWB;@zA>2mxvatr0t$P^)T%JE_Z<1K1dh9j87!$-F>JxMtJW- zf->n}ADs6_w;eKs6o#t)L%lCO>O}f*PX6JlO@2o=Kbc`eGflT`x=KzVV{* zF#LChmyk+@d6(HjeS1$aq@^@By-8L4V(AUze}9sbdI^k$@9s+IAuxq#rR@Ii-N~_G->Xmzs!pJ z!_{iylml5*uyTYfmdUP+X!^j?A>;kd(o*{5ed2Zt%lkT1=BJk&M-Dsc^+-xVPEGO3 z%QVc)-bQ%#WjS42?kzdhxz=yv>1zw}dnmu}L~b4&^}cpvd157>N~nSPngm%cuKZCJ z|G8}_@~_i)2@Pamp_q$jS1bacwk}W@VblYH*^1-ocm7{|Z%=^cHgIQjbZ|I%H~~^G zSy@JlnU_^;eg@#~q+y*LWGAE^mt|8r4(7Vs5yl=@VPYR7I8V7<$fwKKwMQ=^#GH*k znIN)7EjYTl^yDGUcWSr@hJWu;Mo$pC*yiHk*G0~dt|G52A<$c!7Q#iK9xLbo3+qa@ zxZlUp7s?93I?r2O9orMP&zHza7(T6|--RPJH2erKTxPXT)rTA1Dmwqolz44MSJyT7?6hM}qa0F?CCk{0? zV0uOqUTWKrQ=9PyyY1%1MD7f0E{v(z$BX@p?7uciusA2Lyq8xC zG^7JKyv!|*kBoe({&c7AG7^C~0yLr!OcJ@hnyE2H0RqwGG0=yni{Az`&>Sr>jGdhw z^+xA1>X6oC@WJR_0@E2p(YAs6@F(`E4l6W9y*p$v$;x zFgBsfiJ$xCj=mbxELrpEed4d-@QEqF?j#eA&GUrS(X;)9!O5rKyQ$$|HLMC?nA3M} z{A%D+(t(4?s4%b;m&5V7bl&*yqc$_}PJnwlFZm=E~g3i=8caeLVXPBuDeWpbxy#q)D@Kt8^GIyBx8o ztJh?EXKpMt`*jjJ3ch?m_7r@wQoX;Rm`m5lT8kNa*&!0QRm={q991~%3Oc6}{hRjO^Z&ARSBN7NTIeV5CD!kX7dKp2E_*+b2B^7*WbN74dmmWxynk5iRVM-7c@#yvK&G$m4x(u=$` zE6BnN-WH2yHU!+zJvl#i@U!R6B#;a5`F>v4wYifi@$HJnS+nbgLWbm%^E8cwM@}i( zu);=T?trpd$h=p^0(&hLn&X}bf2(0q&{S}s3ZlK{f4r2`#C|_zqM6aiB@;9GcmW+7 zzz&4TI5;>awoxeovrUBg_(hUu^b~-#AIt^Nj zqUaW>ENpw~Y8T?HfSpqI1+A(V45k7B$O*T@XU~UTQkGpSm-7kALvGFYdr5tan+1|{HVW8+{=&In!KDAfB( zFrRK#QE(Q^{;&$i!B*UZX}Lwa2oP=r2U5Pnn(rFGx2Th8FhcZuC!)R~J2J8(dAebU zn^^c!XK1aA&bPwL-HhV76!4re(vh4!p_vpKq&g{o=aQ`TWP|J#X-26>XcLYyuvj%q zT0K!)5NCNrCnVWJWH~~hb(Pxu^hW?sj!LsZs-L`GSPVkA&&vc63`^{D#|YI_Axq7# zHT}cx6A@oii)uaejN}2K$Mr4mlqZm*3-)vT1Ra7&abA1 z7yF!^{v)Ga7a(Zn>YJIF2?};L>^B#HQR9jcp)-Prl=={nV7j^9a3$*oF5i8c=TXE| zVFrRQug`e2$x*c2yffdv`yA-hB!&$b$Z0IB<8MfGUc6?`LmJc+947Lk^Z$DEl|~E~pJ-9IWx5Wwmw_*l*f( z19Zhyba?bu46!|_y@GetCno!_M!Wh1dm)7f$6C~_yzFLQ@SfTD6k~c&dcp7}>AF@% zruKJYCBsIejzie^zULwn^m-l^y^)HL3J&vK=S7qEo$v3Yl%l}QEs>#)!wuh&+*7Dz zVT1B3zVvCqwsLuoT~?Wr=c^;$x3oJiTR=1Q`} zYT_#O1cxKV&(@n!jJ4AO3v9I?1G7k*xyU8rV&*$ZFBQb&px=W;-YZ^tM@Prupbd}J zSS6r0Urk&HW;;m?Iz9mYL65;}qiM&dBriV}LnW_JhY@%E8Cv?Dl+pt^ib(Xy&xw4o z!y^?M?E-S7$7T!D9U|o!jxB2Cm>@5*Z^bAaPO;9>uqic-7nUZ)e3_s5Hd3J~h}2BX z?P0m$iBe)M5}a>HuDfIjO*FaRwy-P`XY za-N(}B>sYPvuP;0w1Fc^Tu?fFnUL>cTr;^oW`Oe6CM?SNl~ll~wuOnmRT@jmtQ^rN zuQ9y3(3H-&*|K>m()MB_Xy{t8`wqaKi8qQ43!Umg-m*ECUJKaHOS;g>Op}k_MkLdx zDG3`|GgF*6rL+t)Ax31Xyell$4?bDrZCFZu&17iYBgh=q&EtjgmBl#_de?h_#zCy= z>4hb`iWL90lWlX&)Smo2-s7>f7pw8^s{x#c{$(wI3`mhK0~x{ruWJr+2U8-wM*cea@2qTCcCRwjR3*1v&Vm02aj31GI|u zYc7psGnS6BaN`Y4ZYQ4!utz;ZS4t`aqpgw$zjE@PZ;DwD3uIZAzeT`K$ zg{)E=N_bsDI6)@|PqvpppsP!So=v{atDf(LP45BX4yzpO%O&Qrg-&8cd3%~R%I8#W zLACrxSe>6+x+glv2~57T1hOsw&TQ_2O~)3pD}S`QsLoXl@~1(9-q#1!I7txS8`WQs zOqs?zNT%(I2uPNXARSAcAzx^}J9AQJnt--2(3jg1lmQ%$EztI@0Vb6JZ==a2m*7M{ zu9|?1bV&$!|L_aSD;~B#CdKO=!FF+^iQ+Ad)~E{Ki3{tvd-vL%-D9I4xTbr5Od)sw zgd>hEWoFx4NO#O?t*-FUNUUs)I7F3ylQsmC7nR-I%GmOWPqe)2AZ1^pvU{aL($e4- z?w!a(veK^SE4)xoiwh0cc`-tQEZkmNf<3v3hu~ z6xEruGErp$TdcwpG8Y<;mq=QSmsZ+>levb9a`f@X^c)ah5{=IquP85Qa7;ai)r53$ zhAPCHx+Uo3vxbF-1+&K%`Bw=gH{w+duxW>EDsJ<&eA7^=x-A&2FC(`@_FC1u0{fNm z+2zB4OmMaAoanS0iufC8$!g?B#ZKVM_aJDx#C`2Mx@E&Ucts&wek?e7I!V*}x{>)* z!I(N>?xW3$WPIyAsP*dOrJaTqx-B7(W+N*Xv5>Bez}o3E6@Zj(8LA^To|g|qOP>!M zQ65VcFPMwquBxE^Z&aS@+zAm7E4-7!>x6u|GZCeXg8)}t?Wj>YYydOv zvkVGq#WaQ3>!&cHg5^WUb~DrZf`>(Bl@A{Khm(?T2sf7n;q*LuG`Oy6$Dd3R7{qD&p9gIvqF36Z6Kg56*qE&1mqI(VV^}^pwa{7lgzO6)SM<`rDVjhnza%de8VUY zi#q9#@N+y~eCq1N928Pu1cRdbq)kj}Lq*TbLo{7}$fXy(0|^*_8kn_7*2iY{cTS65 zvwiI(&FFhYDeoBz^Kmj>@5Pg8Z5rZiejdekLVo3A4_n6V52cj$sG-n-@gi)NK>Pmq ziy;!Lv>0t)Ai6!TarC*5J-c^&S{bkZ8BdM6t4UKu=K~ga4hW3KJuXX0pZ?qiO6;&0 z$sMOMkqJPT9oA6p`dWyvO%O~pinRd|s-ZH|D_!X9cu_hZxzX@;>5_|W)T31u(e^?5 zQ~t<@bV`M40Vtay{z8owT>u-=^5hp78KcDci|IOraU!P+(-jQRK&RH{2cm~dPMBC& z1v18fwpQXwFxu#HRQnxdK?;G2!X# zX8H)Z$0@ce)enSqi&erOl|_NdqSiKPp+Z?13+BshhFBE~Sa8h%IL9Rt_$bdU8fG^+ zsh)>+4Es4BYVg-hUHcWF!Z)?{b#S;4?h-Cc=4hB(se4Opx=uaxPwzx5wV5EW(I}TL z1yb&q<m&qDMK=*&cM9tM-u{E@FwV= zT5DbRE9qll$xGS{hUL!fhn?lQ_>X1#Hj~3VyI`FIBF!A;+2P;_AYYhLL9c6GSw2pV z=h>aq&>*F%D0M?YbEtzciH0vDjvDV|)zd5+;Exse8WwL>9~X9xMB5(VRY8>%Mz)Dd zrpva`gnn!I9O64+lgT{f7r-V$HY&)BT}n*+xJ{eJ4|zHe{aTYyhA;FvjqW$O$C{_y zWde6$M>I_G@u5_q)71uv2`J3-;_7r>T*6^rX-MGf&LoxPv2VD41@0MP-8Oj-f&}Vt z5Wvj%ACHSz_{5o+8DQb;=ITl=k&w#ATxq??=ZG~~tWm(H*QKDOWM{oIT}F)&Qz-bC z3RZsKc^PaJFYm^pFiDM>pXZ8QiY1)cXqNyQIv~!ma^Um~KcY7=ZdH+;DT)kzzc!r2`JWj5#uw{+V zF`seaX;SMc3>yJ_nQf660AV>dnyli|&&Myo)FCi!o#T!uCBzSp7s2|{3bbbIR&g5o z4ij^(#|z;YxeEovxYU4zqZ8MwkDP6ej4E{<*i@8|bV5MjGYtR2tiTfV$}It@cBBag zJZ9C}=a1TYrrrV75uJ9}Sg(g7v^@jE%0cYU+slcG7b17it&&h_h%e(a{_}iZl0`*U z`+ex$uUx7+ey5`}9`BV(B#7@0yc_}0?Bh`P0iXco$^3lWXj1;-S+YBvuJkRZ0nE}) z_IJ=Bo2~Z*AJVv{l8F)nMTbVlK3PYg(D0=Uvmo=FqD%(o;+fm_m=PtO7C)7+?zYiTFFusObE~c~$K3E;h(Uzd-Y(Ig^ zdr+^}W7)20&1HN$$@u2oUx%u$punwdr556EHHZ?R3AaN8OiZYfVE#X3e4_UhhZoA# zJG6crVj(x*oPJfWZEE6*DvM-~T5x+Rx-yZcHB;PYT&LuZj_ycKgMA;qk{D7q-htr& z`*!e$Gd-P0hNOaJb)Hiokr z_Xs0{rfVu9OxVZflZryy*OgWI)Zk$yT?Ta+m!*Who|lrxLhPz$KW4JQHg}D&8eG;( z4I%GNHBzlW2r)aYMck0#uZATk`b@TDK^Su_*0nk+OS{F>Du%?N7Ybgb2s-i$`F!%Q z;RA6-?_z9=V1W2CCqVUng2y?I-?F6@I*+viweh@Gcnp%K-sI>nlo?{K-5uNmM;4Oz zWaZ&rG2|*|IX+7IQ}DO&r@2ldW>b+3x=SDvp-;pjz zg?5>wFro@%t--@+5)uQNH9zE}mpc47jq*v}6G*8uMJ14!p4G8^;k{j55eJeikr-%< z*UwNxSMp)Fjy8}LElH1sjmbpChH)l#WR1EvATT*WI2qFs1w1L92BiI;Y2P!b`y$o2 zY9{5)?Z@?-S)2j^0i^gu{^XJE{+`QTWS}`$4+l+8D~?6FY`eJ<@NjiwzKjcyR_{AqY$MKM2li6`OoZ~}l>hSJ{m009)RdEuJYM&^JV4Vj9bN14qADP|3MwlZl!~fr6q2sEqKz7^FdRo+mZ4sX>xuY!9=(+6 zV|Q-z#L8$$o`v7c%+z_&B`K=<^chD?&2|;fhL*m9a`1sT74u6P;xz&)x+T*WU_059 zWnpKWJxHqJ!9w^&<+2I-$!?3%1N3@KnrYIWfdR#5A#rpXGhe>+cG@c{DM=?WOJd^Q zNxb7&ZEkENfX4q!@=TQ0+ow3S`s5yX(XWoeuW|eBr-O7IjI%QmAOdUOge@=1&e;3) zmMi&HI(budLB``+J|fU#dWliTy>cTbt!U?-c#qx_F+I9rD9`i*XESlL61Bvg%! z^}ON<4~b9UMR*YH@14NZr&x?c%j+;s7WB|T`r)>R;V)+pk7s(du$(Q&RYRBL4B-lk zzHhRT`)nyZ4=$zisp&1qA%LHG`|5%c9Y(N*I1tI{8$4+H@aI@bK=ZweD6TjdfvJ+X zeBMMFnc1I(ZVb)A^i0V}lXt(w6Qx;zmU#HUWH9dZ~wZ3Act&bJTs02iO+m z-%rxmGLUu$rXVQQ>AOyh?5a2#pN1zgk{;gxKDzI;8`9i7$;AD|Vk#zFY~C8wIr8u` z&^~DS*?R$Mpt>4)|19@_wtTy4_lgMPy zXI9d5x>ZmjWcyrB{!ku;6gq{l-tnVaHbJ28bI*wBm2>&0?U+3$4Fw@!S~7`&NkRG^ zyA_iG@7yZZVuTPC6S97_X{VtmC_5Tv@9b`ILA5sVz|%=lwz`GYFpCvg!#f#`NaO1) z)5p&q`hJ64H7{j8D@K-5!zq~Aq^jCo+w4RjM}>Lklayjuq$9Tzu_Cc27zd!5`;G_Q zhgDw+8O09NS1-;)tA*>`&ftMF_L+?$ zGg7pT>R7>Xi@bQhfvIkBb&cl*rOI;=v`KAf#xGVGXCzXoE<-j$@4Hpo$bsI?x9zus z1?7QfIK9D7H;84-(g^w#WJloDE1A@sN)?_OCNTnq(T>93gBlqqV0;SiW=Sx_(!8o4 zAJw#lt4;1bZgF3w4EUH`h`WV`>yLR4${J-Z7)o0J9dtBSfzEy){O{AvpOAP!%K{8j zFe5_oWQr+0lF<)qNe~nAN_2i1u^^*76HVkC_0qT(40o7F0vPYrdjObP1bb^R)DRL# zUw=n{-;IHfH)KQa=Flz2P}WaULV`weYO0G_O~D)*DigVsxb+1z$P0dr&w6Zr&c5%4 z&PFzh2_a#Vdv;jH1y0D`uLS#omDL!JSK04D!KXQTY5Qp^qkhAIf(VfQs^osBl`h8< zLQ%DCx!)$Xp_XPc0G8?qya&HQE%fcHC8%GU@s2|Z^iJ}~?mqwX5C6mey!vm3spsas zpVt`x@rmbO(Cd|225Mr=yXo%FOWHlZ{}h0vP_AYN{OEtY`is7Li*>wz7UKSRZ*2nH2nbG6<4MACbCNH?vrmu9{yTFe5?{oZ}>zx zaT1z3?s7-OyALqT{Av_MEbG$TzXKoq@%oZM0hr0h2|;YV^mm`!{d?`o-xswL0uxsx zMf%O7;A?f^0|} zty(t1gNfPMLS}*C>x(1B5rv5!vAyuZIe?Y`glOj9*Tz}F_XSW&w6n8Ps8gp?wEvs{ zfVh}dlrLV$W8%IrysK|;RlF|xwG=l0{w)E#Ft4GYO!!0vcolwI?djl+?QOf(VC6d7 zERJM$cJ}EP2``MosBz1Qfo+q*Gs!MWSTI0mMtZVe(a>;5cfgcX{NuCg?}blnGX=K+ zM6R2fnrLZhL2FzMAoWk!rJBx{LU<|CYf@8r{N$AXxLkLAKgS(q1Qk?Z1kdjF5E#;U zBRqHobaPWv-#Br&otlHx<&QT&!^L&e6G;LHXMm72J~>%##9%Udr^?29r#htS7;z^Y>6f6kKBz$AVKU(u@hf_(oJsB9>ujZgl0)xK;gyicX#;7IyU zceiq2teMM)O1l4n)g~Qqg8#ThV^z%r?d|Q4Pfr05Bkv!1JsN-UdXf!4Cw%JMXrhie z{NoQ)LXaG;1bn+wB!GhefCDZ!M^)8CKvn_f^RBM0=d^ZfpJio3W-VFbRm$~)5V9Ko zcw>K2Vsi8Ib%(S;_ktQj98jRwY6=0F+wY;-U;98IwW31aPsr!bUt%W6Y9%P~PXq?z zQcYm`NB0egF&dK^>yw=cPg?$rSweWf$|76!za$IrtBC>8`pb*Et&H#`0vkJW(mS`P zX!Sl2!0kBS2smTS5hjLCwHjg8cz zgRn}G2Y>#3!h-6}?q7gN9`I`iJSFgE0)`m1zO0m#)UZ7qiR(US1uC#fhG5aJ-3M4~ z>X)`J%cHJH%xdl;5LCvaUjq}iVlXfP?ndlv)OU(|J2-zpmp+21sNlq_lxlk;yu<(F zjnR;i8<+nx;PLxslmD^Y04}xwS4u1t{^w1F{*tW@0;B&wVyRE|j~|`@f07v)J4>YU zuT#q6*YO07ZUq5q(?8w@zjvQe`i#!sz611x?*5Z5E2+P(!?iyy{Vg5C$NDWDOG5waGi~3Y&F}x; z=-?;I4nULs$9?={hW#Z^k_<%})b?l|U>8zmh)Iya7rq(q_}llL>_`v4bU9q9tbBQ* z>)Ufa0M8ReY5cs9dnKP^qwn((UJ{Qz6W0%Vw zD(S@9c-%n}Iw!&GgrFh^S4U#Hu3mI3zyK(WPC>Lg}j{^XzDfui`XcIoGu9T)`(m} z?qljq0yenD=<#LQgTllqxQeeLQ}4^Mwmf5?Bt>|87*yK#HKUQsm3qY8O8)y{2gENbeuEDV z{u6v~91Kh^c7MVL&46;8RntivD-Jj^^3@Ug!5ffrKk7|sg*D$qF%Nsj9ddAqO1}0} zzmaSm$@j|IhWcD~=Um@N8}vzxe1#7yxqZZUV-otX!qHU5z=eO(3QY@T3A>l}GCAU($TZHH1i(lUGmT zE%2Qgh#(#EZ@#*$BF7TjE4_E1h4@CYf7W8re!Xc^jSuHBjKu#)l-x>(hHsy0e57NM z(i39HChjpET>8RCvM?|`4qJ2uDc)2GU}-;7RP_>Ax9Eq0esvCys8Z{*R9qdiXXfj= zV12ezK|3~B;T_(B@zR)@Q!GH-Tq3B|*`uQbkn|y0Nu&QQfX7Fh3HnX|H0Gc`Kw`S5 z{zS@cZEZO}9?OwdN=r30HD!IR*M)>BrijzR##* zoV&JS<~QWcFw`59w<57LFPyRhmyQ2+XxZBOWS8a_6&bW^k7kO3`H;t5bUz}z^PuJ9 zt*WfFb_bvW>X>{cPdgv|_V)W*$iDA4JGGy7*1Z<0-`bQP&yV_cC}IUMJ|rU_Wef>O zlQw7K1Gg2qC|41;Z8!Y$_Z%?OIMKcs8j3EE8G6+RRR231hI69mktNSC?C8#c&j4xa zuJe2CbJF(UZ{9Wn65Q~24VkPMc8SW--}jZ!AzjP?y#lchzKauKha7+3Lq&l5tMkicz7PK7eI)ZFqFLW zqTJ7HY*b&<1q2g9*xdx2u)7cu75upg{YXdIhe9upV?*qdqN$4zB45ho%02vY8KcZ@ zwu;6rSsT5{#7N+p1^~wIT|8-Afq&M9MgijW!zJ-vTU^JK08AR+)9{SB! zyH(`JH?$KLp%7FWA9e?Sng}8F5Bpkbd(m0)>WSOhEth`^DPFHZHgyu6H9dkrxEJl9;o`_U$AAYE^O4KVmB}|-;bkQUI zQap{={9bUqkAv|9h9}mZP9RPhTE3?*X^v=u;Uk*vK;@w0lb~6`+2AF)Urn4#eEfrK z15&1pYA+sBOxt6jmAyF@&!dHhi`*%)DpsAS8hJ2s=y#t+x5qh2Av_yl2~I;IZ1|mO zFsiwrOv%d3XR3obvtWH6@|&w--K4E^#`w2jM%J^V=J`c#bf41RmY1Da6N9s~_r3aSM(H&-GC_i;)(ysmI%)RFk2 z!DC-j>x#)rJ{;>VQ$gj52~e$_D?GG-_Gqg_iof(9H4FHb>L5kS=&OHzU%FkSluF@?ANRV_%aj%l74 z)6n?k-xBSE+`#^LdJgmd#-^|_fea@MthJ56@nJvx5jp4s{_BT5#38Io^!aezP{a1p zpyL~kryPP-gP0FG$XTPxBPHrz`_+eWDh-O?qj(taU)C$OBu3sI96^!YPG{1e)e_!i=wK%w`(~F9VSZXWV ze|3ZQ+CVpmjd)GK!Qqv#0HFM@OX|eeNm1Pe1}5wtoK9B>ruL#qRk)-eDS~6tuoSiU zyqXizu&_o(S?R<20!8M4NEjRC{I}xj3?oF;@fVDNA}T#V&m3kw6<%*n!Dkt;jic=A z@E2$;M#Y6nP&s1z=SmI3lM*Y#3MuGAT!5Ux%6Vrn3dys}Aat-5aNhHNG&2{IqYbqM zaaLp~>r~qu=vnKu*zO)bAYar76&`$d{3! ziw{BUe)YW#b(5Qwm#N1(4}NL4Ff5{F(6Vht<^D3KPu_c;d5&Mrp?|>x|GMgxU!5&-GA9Qw6G-3Ubk3rNQUA1+u zVLHG4- zQ}$sx4?^bm`G2(iWmHyc+Xf07poB<^NZ-;aARtJ0cc-K@NP~oQcS(0QN_VGpceh9* zy)SS*?^=&*t>^ppkIfIqZ~*h3b8^Lb9p@2GoUFUQvly=yl2NWnkmPG;Vdp^qeP0xIff6h(LuA|!o2Dvlz+UY%X`&cw6duiiKZ z#A$`dqN(W!Dc11dkqA7c;1)FY5~ntv&=fUBkrdHu5X*;gQDBcGQAMx6wDzQPOws$% z_(YFaUH>|&`k`wRPrPsDi;pSS6MhQD!qT_!1GfKUV9 zvF-KA70f<2SS!q`=lL)MC73Mi+|@h$@nmpRB0Xzh&}pV5DB_vujdRhwbitDMKxbJH z%8)>!R!edd638?QlPFOJA2vHeu^EzIq2V?4 z&}kC$N9wfONVF_9kGCw)+}S+W75gY)*z_AJxO$lla}mq#bnXTXzroZWXI9T_yE_A7 z(DD$FUw>F?jaGN?g`-igwY!xyvY@2jzD)0R*_=@fS)WE_A!emSXR!|eHY{6pg{4TP zxxttCL~JhDs*m5ZZL5I38g&jKDr@Q_YFW;TwN}7bjYxJDpaDmu#ORY-&g{frDK*vatz@ayFkQklTq_G~erY^1@iBzK& z3-j`u8^FEQv3nryE4DOY;x;z(=-p?+9Gd4z5AK;iQNU(n!rj@mY462&BGL$2(|`J> z{ueGCc9w=g7&Ln3Dv${KHf9^!g*H-E#sm3bNzN>ub~joI%h(DzOS`e4RJPy-w#>aJ zF@(p^)fkv~Q1{HCls4E)c$EW*DZPl^J^m|LtWL26G97RG!0o~6_oQ#T7 z5AF#vo^8M5BmEO`L5sF4fB`Pfz~uSpLCCqzV}Xzff~?j6UV;u3U#Le#pU?<|oCqFT zzP=ywqI0i%BI3-VhpGu?qJf~-#X3a|8!6;fVu0>b2$8JZsR}s4L_?jX2|ye zLhpYCpnvs)!H)hf7r2w~a@=tW{`DGZkpB&0|HYJ=iR2d$?(zGYC%^~n1_06E-|pis z$nuvS{oj7%PU;VitaqRA>2DkS9h&__p4YGoocMp;#qW^*|H&}^e>|`})SWsX+^isq zCswU4)*)*dA3yf(MRRmbc=qzYH*fXATxVpMndp^D8cIRwySc(lYu) zI{A7^)^jLj}~&E1S;{JZJpm*W;q=fYNU%a+-}F zyEQN`-9lvng1Q^~O4}hD{!revJKAa;!*p*eQa5DvSjI$Jvru*G#SxR7zLyI6p6zPS z)1HbIDb1nJx2QsbH$?|r4f{ZS58q8P+i2+8lqwu4z}6BKWt^9$Bme?T04%H za$ip;I{NBhbX=p{A6)Dc97q_RXdS4)!a&+k39gUGaSI50aI9Mmdn*vcz?1qiE_M+; z?Iugjb-Fc_*eK?n%dj)PF?HbDteNsadO|H@ivPB=z=*oK-TwP>xdJ8j?c29Hsa1=r zTZ;f-EGavZ+S@A%0=l=h49iT4=RkIV9HcDc<{7jELLb|pOJF6stu=DiBM|Qrz6@od zStCmwS+dq@?e`XL2kl{=>cjEwOe6IiV;NjCx+Q#diylWuBHx2=nnOp- z*IH!nGLpNDB1rU;tRMG=1?Vv5aZ`J`Hc-sR<{a6sVYNLu!c{1jDhn(ga1{~?k!3C0 znlt5#b8wV4`E~3rJqmF@Ep?>|~1+LQtl~i(bjT3GXt#GR>2U=2PzpY&Fm6 zSxba;Gi1-MtE*^^;(D-fNSX)^Y zTfPDz3UaS?_`pdphdXwyKdA@~x(wubI=}tCKB}OR0Mw>fX0=>qD+|END!n_S_>psv zTb3sw{tjh)W7TzRU5S`~Rsd^P9_p;NqD*#Jd6@rwO|tJ&F}k^@Ztcyt=z2`*Gn%ZH z^yjxAXJ~r36ug@vGP=qk*kpO7j9e3U$CKoV{|>Hi{tm7)vcxJP0}}v468WQ+C~f-g zS4SVDQ3w%pKNLdeE;T=+VF;U{(*WCWH7j&Zs5z}7vc&x@cSj=3v=%zY9|g1PYwYTk zP22x~tZz^+=8%zZK0T5F!I%|BTMky!;{{I3D$@Bd)W*7jW(z8uK>m~^6)?J0zh44ZyicE8n&!;%F4?hiFwc6dXo-(rlo)1xAN}8hZ4Aq;+1t$ zJ40Dh#B?k`OKo9y%K1{Rs!LU1PudYWB6?lTEi~Say(?MI9P$VuzD5`IU8xg!nOfa+ z@0<7bSGrh_aeKXQy9VXL(Ipn%!pPNmq8ET^`_fwQ%56D=%^f#Zug7&DNlOp(?C9*_ zRgfJdx_aS9*c+l9;#+|rVnD=%zz3I#w0KIQEur|qX zCi+tA2YjcNHAW!bJ*|;3A6@GHo>*JWZ6o9O9hfKyh3Xgun?FbxQje66B1wA*%oir} zVOKY282BzfTMAV$V*-*d1Rxic?1(DjzFXJT8EDTy-(*kb&?7O^1D&=MDK6KXCxDg| z*rTXVNvtG_2cH=Bdu2&aRlcv{BU^Pu)mW2(82Jt$5OIHB8WNMq&XVGb+~ z_jnG@t;;lhy@%ToW?a?G_lxl)t6F$mM92s192N6nwni`uIcu!bgYZZI9bgybj~hwojp;rBqt$dq#q$3JA2zbj2l<=T#&xht5aiI>^!tm4o99 z3lSLnKJ$=B1qTpLTU={&bhCqt-399;;9eQ?dE6eic`PqJFptQ5gvZzwH;!w(%9 z)}Dp{TnR3AB-;O55!UZGz#X^Y5BFujumRZTR#~Q(m)Gv@Zg;nEa7TDjQiJI%%L%%m zdXWOiSBNS|WUl+*_SXSF~^~rF^ODGsF=_ zakVGfvbe793jFcy7d~CZzpyih3@{kXB!lt z6aZXZbKQayrn=gLxCuSc6j4~wC=GFRn0+FNl;{EJIjBKVfH*BW;gg+IPqqGVnTWIG z48B_-HPHwIk355cmDG+V4PyTFE)1)<9<{>M)RFk6u`Viv-V zyRnc>VXKD7F!X8Jj^HY6*;~YNJ}i=;)o+jSV_+1g&c);74`;Y3UltyYAqThq!>sTm z)(3q#t-Qa{=G=0Niq^iynBYDv?yPc5D(KMkGfNhJVax73hf2u$?*Kie?W3Qx6IFo zTBuNY{m~OlKcvLn`I*N4a=JBiOh{d|Q^-k_su* z%&V1rYw1)(ofY&4trgETj?mXcS?sW6sJ?>oP_vwNh(k|c!0?B+Z=Lf&MOS%P_V9O{ zyoC658>$nmMf$5FHM4v(Ga}(tVUozA5rD}u{=H0L$F_0MKjkjHvp+Rgk?Ia zo`H5q_F61EVdb?3m0;!K^w56ZiX_}FH{qia8b%90O(WDwP8Q54z#VoCW^9Z#Nds5L z3*Cyzk|-S?9X>ll9z;5Cy$TZ0K|s(di@Be!@J@@C_U6pWH zA1I{%1G`JUDH2y}6x=ZC698&aWD87oqDO>sA!zU-5#6ikkubiX8(n;6t^Hfa9Pk{^ zFD`J(A$Cwa|HYNOL&t&Zv>o$yVPRp3c1P~5>Te%5tckOabWA%8a~Fk?syXwK^s@_j z4;>ejW5S{uWg`908#xnOv*Zmt8;FrAfIuTX{T zRIM8HgK@E}@fH%Fo?aOZJzmkZIR=eR>;^?-Eka(751?B>@REMRk_ZOWGZO~%0SWvR zY|&HhC1eD^VSrlirWR$c?K9!`F>xwEfmi31tO&{dna@GXbvYU~p|qA9O`_tqYl);9DoWS&kG+!jK#(MMl>3HARA`VN~WN_`)p(@jR~kl5L0s(Wqf63xtm z(Xra;{f>`t(}KBvx^>JgV3w>jU^cWjEx;T!>Gqn(TR%OVLxpYFg_6OT+$ys6W@qXEXCz%cP@{8PKL=M#20C`F48=O!y?0Mp@___WyJM= zn0FtH_$35%!YPuvQ48TTz`+2sUh>O$0hXD4%9+a6Qz*Spi=wYb@r#~Od8nT7Whf#$?>3;q$oG5MeQ8_`eYTag6cp~R;|^+V^{+Gh{RsgUpQD|~VUF?0z~ zV-KvQ=X9)*V7GBTHB{x=*jEM*+r|S&zOU~W?2d|R8ThsmIql+VSr;HC0`aj(6R#n#OiwdO9K=AyQ zg+;bA^}mwk;dAoxL`=qbi7;r?^M%vP!C6TV=*3tbZkyQ}>I zocT2e-`9Dg(?X$qhI$Wd<{Th#197ea4zB1a;f=~6YMyH01}6G`gw-7ut(CA?D@F81 z9ddH%4SYA#pfQ^g_oPO~?E}C3kzY`cpU*!mIAxGR^}4Okps7g$@+<$z&ei}hcz|_< zp{Z#iNM4wVKcI7taBGEp!Bbp^s%YN)6w5Y9N14N8MUm<#@*L=(&G5ON*>DFCEQ|M% zLw}VM=I^&3BoP*ZIFNt4Hl?2-x-N87FX43YPqe`utH z(`VcBq3d_f(L`D3oWdRbLX$~=xHd;&h(O7#p%<`8&r9j&_$r`tXmV7&p8D1^8F*`U zpuKpn(>Bg7IjF^_Xp&pZd-IQTS7Ja%22i&&ir?M;Yx1yN89{ueXiO<6=70}m-Q__~ zXjH7A(k6!hSMwsX9H=rCJVo%g@*^X{S2xGsKeT`F+LZ^w|4>Q2p(dBKVg!RM2Z5g& z6PIH&zowcr3+ni-Ls#$NA@DIl|p*q*eWJG-Fp>GmS~F@rv^P+rJWd|DZ#!1*?a=kzap|YfrqRQ)qeFCTk&v z%>Se{)24y>ix^=pmE{6&)8|A896D@*HrywI@br4lQ^>OWy?a6U@UtXQf_Z};ZN*SK ze|nz)0<*kFc#k}fJSIS(1#h)vjf6dZ#Y}Ci_wXlIirmpt{uD1ss{Yza?>s~C>h7hp zPc|VF+H{i9zLe@L;f1(1QQ-3lN^5jBVvF5Ne?(VH$EaIBVyD{qF1kd;ay^$NY^d4zPTX$Y^;dV7kZoJ6t<7JRFSk_R(F?=Kq4G@94k3 z++6<+od()3qyI@3S1*5YXSw>XtacE`_&;v-6_*To_rGG}|9Rbj?jFXw_{eOsofR}W zk#C)6ISsXbFPh3A{E6tHQBjP#-Dt;4G2x&A@yV{sJW^-vEHF6|z5#a&fnQ>uLv+cJ^?19z^zrU3n>PdBQhnd4F{GD`PPKCLd!^f*0r(EcWZXn zjo8fVV{!o4YN_7=-nTEzs>*|L#wKs5L?Trpz*bX>G#~fC9OhB`TmdIrpZ>PN+}+li ztMyVlYFwfq2oBLIDIxLFi`$@LMjz8KL-up|+Rv7G>RK^%GVEttPSTaxM9P}ylw`0T zpjmaEJF~kO_xvjQI&-=bt&?njA37Z?4GObr`aMQR{q#eDg+4*FGOruzEq;{$<<@QY-;HZcM@(b{qTX?y%p60e0mPMzQVjA_XFDp#K#%GRm9EH#j?3 z&E+)|xuJqfd@)+{kmKj(A53+bhYnLcA8Nm;vy)SxPqVhuM{<7Im{)$N2+1*{UGco!8@kbqq ze_H}|VHS`amXt`L!}&r~OKWQ{f%C1)&DAL=bKcOI&9MUhCBvR28Y>myea-ia9=U3+ zR{Y=QCNkTGJqmoPA5v?4Jl5gP( zcy@X-GBPVa;L>%iZ9(VoIURqPIG#xhaD^&i0RFEcXl2hpF8Y;$E~LV$aXLAnCf5&~ z`9~ZkW$E)_43oa{kjvNWzMDa`e%;cGO5t{{Ed|s$&Jz~K{FwX}+n>6qaf@R&=9UVd zj*gEt>Qc_!qtI&QaSEaExn-x%qa6`7JH>A$yl}S?(x&9g?4X(VT8(>1LAY-#BV?PL zq+H-rDrP@&42p)c?L^voqBg&UX8Ez7k7l4tAo@xCwEPXOz!gsPrWat>Or$KY$Xl{R zp?`fG`B!zuzrbD(?0IaThfa*J0Tl#FsmnG*PVS4#yYOvAoE37f8~68{xX}4jgkUKP&@~ zF5~6^O5(mfadk3nc}*kY+}N(IKd*=cDCBusu#{1W{*l&x2eC`1 zMb?(@>H=vS3SU8Py_R_9V+t(~2;$?)T)%@Y2+JzqX`Q3snd5MC*>=+Ve0@-kl=Dre za>R6#hX~krxUu{AkM6)8u9E&>Wi@<@Q(L+qUX4-{UkwsVKc=75eouVy|WW}OKXU8#*!Sr!7x_JaR~z?)gu zyO>lJvAq6XBVviuT`^I19{_KqR<75rUloy!;QRxh;lA5L;LY~|f)EM^A^bUVHGb`I z*YrqmLU^op$=V<~{*VF!ydTWrD&khpeKRnpzh zMyA;T0Z)QzRH?6d00sIBpcu(fld7jEKl39cBTI=kF)=BsKR4XNsr%7z!)_*gH$J4L z5asa#5+=g1xq3+`WV~w~BCmZC#~0|vVyKt66Xk>G3OpK>W=X*ikq2aVD%V=VVP5C@c5jiyE6!^$_WF!k=Qqffo7}jn4 z!yAxQqDW0kO9O-ea7wOwngfL8YEaS=62TqI_CM-Q0Y)K9`bODJBnXcq@g<<@9a$_k zdtO?A=>alomK)TlF)+mMUc*7i{riLT#{nFbA;g;bgfXQ$=+7)mGl8u~e~)6$B&y(* z?2i}nCk9#8I&i9TG(d+DoiGEktflzfIk?&JM29jUByvF5y5ZPJ1%_)$d zIt4)j3SjJ**9Is8-90^k9X~Zay=ms~)+Cnx{Zq5jU5-)01`eR?@g{mnwMm&zEt%=r zV5#`!IU55VtFzE)2X>|;y5r7>I3pw6IUzktgurJ^+d$!^y^>KJ^VOgJ2ydF8C>|*O z2evm4)cYhwv4n5Ex3i=LspySX&>&^IW4X`r`S6MYeG`|~t!et^x46OJsF3;=0izIF zZuw3Zmh8xTkH#Npu({4^2~o&cV~uOgirM3Ic{p-wR^{!dM ztX6?}nxV*zJOSaM3fRZm)Q{2I{6d84bRKb+KtS1*=88Od4Z0)wFf8!w?{M}7(-qZc z8}E1e@OUW~{noXl@cc!AmwTsnt@(YbtTqQQ?>xDeT+zT}**gAAt6B<@;F*}BuR)-8 z>?_R&ZMq)3dV0jsqDoyqB*1E86CJiYvFpbA*`QnDHLbxx{rRQ%2ZXcp}*L+XWSG!b-#Dlkjt% zuu9+m*t|AOik>~C9)Dge4GMV;e!+o-#;v$e4DtuTD5Y~1H>2)OEofUv}f z`%hYY2R8omjBkP@=os{vpi!!i;HZ6t<;C=;vAF&UIk1xe7CzC`Y8DfIoxQy}N$)@% zOP;O)0&A<64+GFlF6-(Fc=5 zDSmPLfcYO7?R8B}2&^$-DU)A7_HRgBTpl+80|SGUs>Wt@ZEZX}IB#;C&RCMO=!rTx zv2`53GyJ0+Ku&(!4lreSYd{$5l^A#sW;C+7Bb+%*YW(KJD41be<<<;&*{STTFL z=;S;TDlg+SmY=K`~cu}v8By?pSh;baqYxz%C zAXNj>UJp_L`4qn~2FYCf-YdRMM$GmZ8j@y21YR21+|P7%bj)K84h{g*R%WGYJ#m=; znNa)8yRT0?s7SE{LPcdV_0<3zrLmQOUEN%J1ER0<|21`>GhRg;4Qo&-$X2Fh~;ie}+3lvvO)Dv1_}l>{94nfUBg9VnbP zB@m$5mQ6I5`*|>q-o57;TW30J*8~4;UfLG_)kBc1uH@NPtDK)NoyWe)x$u00Wniou z$I#m&^jS20Dx=vEFMoqoF=WYY3Pq!k>v;88!B{RjbPAX69p6U!bzl$+nOP}|kH_)T z#(6Y=o6K~KM_m9mWT`kx%Jd^6zY#XqkRQY>G7j)g2wfz?aVf!R;<59Rf{{dKub=sc z(UTh@pp~Z@S;A)6boxbeJV{RuaR7YM~>tzfxC0{?g zG6R05o~Cp=R&ec@N`n+EcjWt`r%$gm1L!lxjDEw=K&(%fZk|HEViUWoH4Y39Fap=r z)m2rLm6Uu1s84d-!@x7;wjGkPK#s=8$7iV0-Sbll4#mIM`JE^P?V0%FksaSCO(A5R z_DeyJGKk^HBNQD?lGf*Rt{veOF+$V8lL0N7ZV+gTVp=Q&+r;~=6VqphoYM)B*;0gR z&TlGg*Cal~+g{&D7&F_%=UsmDOsJIpU>|NFD>O;ohDk_BJA=O~GsE=YgAbNRB@sa@ z5tPpb689%0CZCrF$7=6wmuHPlYRl%--ufO4JL|E3<2meob+o|6hTEWVoD0Q%wVCSs?*~X+2b7Vzu^WfB&0Tk0Yc&%IokL4C zAW~lO(rVYR`1$0~vXP<3Zf{3F$48JX-BQqzJN}`qpLoziLB7Yy*5XcCq#&7@q`7|X zSF_Uwfi%yOHZKui&APN1-%w{;FBE;AddafmYKC#;C7p166}^@JxnAfJ&EQjFK*34s zyf6#Vv5V1&15{$x&4kd$K@RvOZG3im$^>b<6hxeXt=N+xiqZ)7z*Hq(uF1qYl{psjEb)HAJlYf~SvJqTXFqumJGy{y<&RSa1j z8t7XyxOsPOH|(u?)gSubH~BNir$`!Y-Ig%>J^dNo(St3wFQ+6?YufwYeF{4 z`PWpUoqUh;Q8f1$3wHDP+$#)#7{#L{pYs!pXTdm*9l>-W*-V0Cm z>-#gy8Iy`hX!7*HCg6{>y*yV-cJWWggCZE=D;cQMo;725kth87r8&_SRRzIyH!dN5 zpF-GjNx7%d4w0JE#+Y!WJRqqctuS5X8?Mk}idE`)IhKLmT8C)MS4?8>lFF zczAA~{$Fo`l?ye|&z$;SFX1RhqR(QpGf`20Otp#?%>(ZC>G<2M*&=<(4V5?gdwwAf z_%rFCJ>MK1|JkIJUP(mq#2?ua(V(Z)psH6~X!U7t|ub_XH7f z8;K9<@#Czi72Af3grVw|9-0R1=g$S>4s4Q(B;wzs7|-><1NW`z`D?}|Q9(f;=__*l zz%Wj4EIVuFY)zhm8ngTnOZ`pBEH`NhXhK2j4Z5Hp2~%LfWo#^HUG_*@U&ry8{TPSv z6jVciQnWC}v*_~j@(mQEBbOcuii(ftElWcg;zO8)+~!u~37^aaYh`T_io~5pjtA%8 z&fVn6Du^f$yej#0v=gxGoto6vyEGiiCyr z5$KVb0HH3ycFs2_NL*A@Hn#V2;W3A#H`0?-7=5|^2nSx|0rj3-tViA*Z)+~ntCe|? zpH`%1`pyplVXJQ!Sv6dYJrTmVDO-G87FY|^L~9(@yIaG<>WOj+PmrWM{^^B*g*!A9 z`Mnaw5+HH(cXf63^oWRv$O!APva-IBee>}oUwX>bMyj6f@O-<-^1ZNdH;wbY|Iv}v z`3otiujHvPcD!KZS02KP966hUCPHhvaNN=`wXPa@q#t1_%=z7pE$$0{$ zJeo+R=r?mEoQquA9?my&X)A{}+4iTeKPrOJcA&>H*PXNKJ-3!3=x>kAxjtg;Z}2vR*mUGf=*wV5^0qP_(Pbsa ziwD%s4)?n+Sk+ZF`&stYsPfGZRrxxN4mBAViPa6aJttH0oUMCkB__~8QZ%A*x)(@V zn4MwkUKms@b|IJSv>9nwRawgdrG}qlnsbuZICUID`>1`7i(7kmCNRZn?T9%`qw8Zh zVy;n2`$IF-}Pya#&BLu{Q;gr7JDj_o0KpVrSo_l;Slu&S&=RyjWvu$cae& zxSPdsMTRkNzmAiUjtQoQmvX8Pedw91wb2Z5x}N}V;s!H%2tI@0xdINWvmwt-u}91# zGp?-Mm$I@|^p)auW^7$8{_Cl!Y70N|XU|SWD@w~vGrXVUCcOEMQ@Fd*r0VdPk&&s& zJH-rj=v3#?61APkR;+36ThB-aF-J$=UG=l4ra4_(%E+g?9FmMbc*I@lbR56b#Zh3u zQ?%~p)4uXz8Wf2FGUVlBMt0h!ofZMd@teA?$En{6^OEnmytWHd%@ECE1-rmbR2SjUQ>3557^~BCKI|$lWce&gQw=!5d+VYDZ@fsnKVq zjGJfA*wxu&3td8B_dYqTC*9VNvkjBeo=z3}eVVR2kT1QRKYJ?hR7y%pxT_Z&^Qx}9 zDT*$)6dK@QVY@mz1qB87PET*HPaBF}e}4!jYs189GWI*W zc>N}il1S$-*%^y%JS+U*3`C7kI=+q%voEqviR2e?;Nm7!&JJ@hu=QwHI;X%&-?$DT z>*=i|DGX5D=9)rNj;16eDgcr(&Xjl%4h=XQEhE03nT5Mb4~OV?jOsTyV?OvED2%52*;UOrZ- z&B+#Zj^GtI^v^rX-BITi`z;)4<(T_M@#5jY*muJ`jmtL2IxeuEa zOnpUjJh<+-)zs^EHXZjp6YC7j#n%3%hx=xQA#bU8hr2LHP>k!(cPt=2;7O1vI@|s2KZzs-=m5g%!* z+}qpmAT6KST3SLlblRZ&J~}&$_dJx4JpJ^nQp|Fvq`I1T^sMtM1H*c$gN&}2OrE{y zWbP5SK24sKhvbZrnRcYx<271amWSF4iD&guQDRD+?Q5B<9`r2Lm0x?`QxIbuJn>oE zx8=s+o3KXzsxebuh)azUjAwR)81zhGMA$4LJu2_r_+*&$MCKgrg>=kn7{6){=mS=#SNRSIxJ-%kbgWD7)fnXxJ zkdYV3tA(z7ZE0VIUm+OtEB>H(o}oW&51X>t-D>+tTX8v!<3K`)vVka;4{fmYWYeHQ zpE^@@b4g3-hFl?iP!2{-niu(xI(PPirKORfA!wFa_>n>=C@5%XXh=u|&YT}}aBx`e zzJo9^jZaTs0HoK|)m6Cb@~g*?;r-hkc3P@+azc8}@J!SlY_Nx!Y!zo;o(4ng(rvW0 zd1A{q22K#3%*Q#to8HB>FU6qB)IpDxu=!}{AU~Bp*t1&Z2z4A%_`E=V9d)-|Qn%Rd z`@)FMJNsXYm?}m_W71~*GIsgS< zZsPV)jMR96;W4>>LuFQNGp=aA#g|Vu^&AXe=BuA77dAU9v#Ee*JxVKM4Y%Tz;! zl;e+G<5)bO#9x&vSeoN2Ojn%@wCv2!mZ9=iL03P7ST>=T4eWcC9jd>`|qc zhVj$!%>pDoWIkSu`x*>X^^ z*?QY`6u-H6aJRHY7bBQR^~%n;>Q(<3lGa#I==xs^qsm&&kTkyhx#OFzhyb~e1J9itXi#2(ow+#IL9n*tk$pB?6E zbuhex-@R39K`}7VOxzPmcyc%?fE zx3X)|2=F0m!Bm#6?d6HF(qBCCIx}|SiBS1sB1j|Fdu;~lvV@J5!L17!`qbu=V+xKw zdd?UJPh*oG&zPoEQg>HM^bDZksaRh5A$>91ce;9{O^Op$Uxpn!zA=*q&7N$s69|bl zC54ywpN#RiG!>EZI04hW4L$MXX@4ix<|fukh5y9Fj4TahlVL5~RDTpWebB&vNESfm zvvR}_9t0D6?{kgaBR2(y;vGVJ6W>fv7j*Rg1zu-K&WY+XCFhF~vLwMl?a}vmd_Gxh zl+m%3(n^mXs3gD(a#n}v!WGt>ZP9s zKpwmds|-|s;}oZ&*fc+6tx#bQ?TlR)Q(iaBMEc!2nQ7Ye(6=o^HG)xzAK69?`a8yW zE^a+Cynpur;a2~XyjAiE>vC{}C;yt^4&Loojx*KVj%Tl>6MCym&+$WR!@lT}OzyiH z>~CQiCFT0hg>D|xyKG!aD&3FE=u3xF8IESVAWgNf@(0rYu{7y}>M}*E4HoaipBVRGUyE@ylOqVVe#u_Uj*mL82y>W>~gY)0k7n&ikP#NN_e1r{a%|YY=AmG`bWVrD}g*-W_=UOzi+mE;7sy?`lI}t&-r!OqHdufp>a3VXjJ{6%{AieUptCE6`E%_#>zWz`+H(^Ey(?;jTA zicgKZTKGU+-(zH;n44G>z^*+cFArSgpNPqi`&X}5;znfmCd;v1e=M}~{BdS?q0zbO zFxePeZEE0euam@@L@B{TGJ?j(`+oleI9-XvoeZ~YhUY~L5Y-hbOz~dHnkn5#NO7Uv zPeJ+}LS;+46$Q^?zh3e5^duvKed*OeJjc~4oHHEzOJ)s6`Y(y=+An=bHn zkTK|tu|UoAJ)1hi{RBynId|9yAgk;yg_59x`Pb41|_V1I>wN zsp`$CzAMH1tF%fwwnNFUq5B5WmEzgnk!=ar^4hq^lfs6+5HQyEn-Jp>eCO`(=VG#G z<_Oqs4jIQv9PGEZ8zjvlmit)pqG|q+8?gJ(m7DiXejFb;TtLeG>td>(}+7B{Q*L?P7)%~#t9ygZvad1ti!0n-O>)dk*OSLG*Q3DN`kCT-5PY}YHoO_)V z^7?fIs%O&G&U@jm2kuRcY+(DD|Jlxzeem7PB@WLQ-}!1=!xHNdoO)`jcx-GK8CF(S zNaq{Qh)v|q>c1&p7xyrsK?Z3duuUe?$aJG?IwpNgP)>?ORvPM0qRsG zHeIB7S8=omRpwP)I6rAi>b#@}pA?nMf(v01h*z)g8hr*lYIv)ZcF0PGHXMe z=P$&%Dc>x=e_@_wTUJ&V_ZBv9bI?_xX|6w@PO5dqX*gYlcQ}x7x~FOyozKeY=%`tD z_=^CjXh-`FU{`r+8nnQH^)lj~HL-%VIc;5G@Z0Gm$3k)1?Mx2S*c-ya>==Km-t5|` z1nZZHQ=MpHGguYn!@U2O6|&B}ZqO7>o6!jN$TCUba;@>&knY*706kuy+zs#aD}U-!reNkp`Z(@OpDuvj9%LeEycN! zdti2$rYzKkADQ?q$4`}Ufo|?$9K1_8 z_!_;D1VRp1&6ZDgXC;Z3CuBL^0aW_3r}`YmlF}(#Wvu7~P)f|D@A+x|_R0t7{p>(w zATvR+>SOMui4tv1P0bm~y~D$gKsOu_gtH;pt!ISq_bDtU<6~AgRoEt?VI(Cs+34qc76o!H#Z;Q(^PYSBa zII+ZU51|U*!~%D7HZ!l$47x78N&p_x6FOEg;Cwqdz`}Nf8u^V}UST}lKSRDpu6UdN zWmKl53$ICBgc2vfvmeN(!5}*$m8bcrsNB3n*sUzA2zpQ*g5Pp7sEA?{aw;e$^ACE^Bg7G-6 zr;LjBMa2repHsVvujVwad@0d=zue8n{RLr8YG~|znwj7wz*YTXGe>qH)0Wq7+(7{u z-BT1LJEkW1Z8gV?5S%SYGS?MU4Me|H8Do;e*gvrahroKqN9|})V=K?(C+yBf!ebP; ze@KfC?aES>XAJv`)dO0Vq@)EAtGILhV)ikd->Q_MLED3@QScY(6J<|XL!Ga$VtNl@ zP>23Vv&(#w4WDB_BCj+Y5vqcMlt{{e-N)moXC(zrg=PQGc9*;O)YTS+E)U-^RlsR& zeo0tSs(X^_?D8dh?)5~y?=Z1SsEXA$WnV6G`QuWy^v`#Gw(MB+3^)YJB+UJTxzYl? zZ*sA|NiCt%#Ea?S^_Z_2TfMc!Vt0hZsOA)qLW*2{qjD|fE#o*gDLYghK9 zr$@!tzp1-XeM!*uhU%h@#R2F8a^~jSfotl4Gp#Oyek~BEh0CrDThHXXzF>c<${hEn zF=x|Hf8?ATAER5EB@S#IDs@?Kp*!uN#-r6+!j4>L1WraBTEBDlv*`D~+1;1^3cuTW zRJAHL`u6SqXX3?NYxEo6h4|Udcz9ev!s_$S)}#76cQmbzyQ91*^WWrk{r~Rm`Z_bD zJ>Cstl;~!b&xI#oZ#%uPsbX_+k2%599E z#!A2mCg7ynhmI-eeWCeX;Mq`M=mMwpY?Ls3xm8KP)j}Mn;lP=Xix)5cXAWAkXv5*z RPIo|KD4wo&^Em(j diff --git a/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-swift.png b/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-swift.png index e380f0e6eb3912a531143c8b77be62bcc1b45cf0..e7caf3dd438ba04b68b4442602799798d0e4a473 100644 GIT binary patch literal 34071 zcmb@tcT`hdw>}y`iXb2eA|UXBA}xT0B25%20wOI5p%Z`WEf0vz}>AnVmuHU}+N0iFg&H&tGc2$78YCBrEdYHPH zgPcsQ9bAPR%w7Ky5xOgM|K9Jvtm8qTpj>77ClJr^^~R7&h>m;HM)NCqhG(yWzDq2n zz5c;Pbyb4$D#h(s3VO|Fyi^JdH%LDr273C;eGEhw`=Htn7Daxr_eC03H|uzWiRvGx zJvwlmX}X+IGo9^_S$X_zDr8!{42{nevG*2lzwt8iUg@243Qmaj+?#jz+H1DV&ViVJgw*Z%m9{jf^@RM>N z@SnF_JiTcC>G+>}|9_3+pJDxvaRAN#IgbAv*8gc7popSBQ*3Zf1Ph^IBV5mcmFVF} z=lVzO_y}zpWUeU*z(`3U1Im!(;QXvf~pIHX>VRk1MY)*>+N zjE`f)kM#P<*L^Z>vp?My6xgKyULJGoz@JhcV|MiFlpGI+R+f7$d3eV6JjT`%s=*>b;j_7qjm?MGE&j#!LC197=69 z>>346d#{z`XL#ET7mo#xdu)umou84|;HL#wwt$aOS#aw&Z9iSf&#koV+Z?O(zy!WQ zvNk)-wosAo^*rdiJ<*r^;9wP3v_oJvEqKQ@}Q!1$-U()$EH(d ze_`FaDxtvGvL*s$pc^Ym@!Ck4t<+ZYx&M57RHgolwgmDG28SD1Y$T#k|xRL^`= zLS}l*lj*C{&Ed5`SH}j-9$@;Wl(Qim{-fnDl|aKAd+~vLPpI;Az=CD8V4GPh)pQtv})O`C$&-3iWOW*%+`y4*vMslw0y)kU@D>c=vV5-I9i>!7_bQ4 z<9^^*Y4j;I#}pZo(Y{9{fN{VmMoDOkH7+Fx$~wR-Z*+VC)H+-|Sw(YX! zP}%snJ8IQXm1R}p;sil`g^jibyZG#aSdcAYZ)Hqrv;JCRc+0oF!8pp`#y`dmtQr}% z0@{5{^~^1_3!QjfQ13a=!{K6GemOl79vsTFm5784tXq-mbFe8&hPtGy7=5$WYJdyZ zRu=t$<^HSh73SUVsaX@~J~9w}4yIyC_7w4A@{`)`Q(dId9XN8FAzRQsD zfl{ItcrrX&hTS*DOW=VBenTXY!LQ@Z`aTuc^hbVVf4m$C%BCjtxN2pnu*okt<@{tx z_PqIVz`jlZuFP1L8??H0emZl$pAfJs9+1O*z9W1dJNaGqq*c}mCwn$8ONeEYavvSO z6v-8y+oF8FD|aaW~KRTt$7s# z>BJgQ-quyUC#qio>?5mNMX-_zD65zqMWVoi7e~&s%+^XN{`b0)q+Aw4OVUNG2h{@z z+K$3`_-^B~!Lt`?HQ4=u!hrLGfWC)c$0{w)e~C9=rhOdZy485FDzd*b(tPH&|M5w% z?wDGw`$ozGaD075FhR@E&HEpVaP#VjPH&Hi4KD4Os&ivnaH-3^`P6o%!HZD!PKBq6 zj7!%GlwekGSMs1D4Wue7q1QeKcpXZ#*Wql4Aa01JbczQ5>eDg^Kz0S6v9mT@tQo*TbK?P1C{%z`Cz0*-3}hPp?Ld`iH3lo!1P6|Yv1 zK31^>P!YcamwL8-mptaKaO&j=Q zJ!o500I(;?q~t|}jGKxh?<$C$uIe;XN<3pGN-!(4%d+7ytaVW+e-^H)br>&ra=H~@ zY-OxMcTMy^L?OSe2$snDi~SC54&1R_wkXjde?c5;P2)AY?{-1d8?Mhwnz zlcYbz7T&TRE>7MN7nEFgJjXlcq!XNJSVVaD*BLApbri*4@D#o5FWCzg1);zTU7zFq z7tuo_9>NiU=KL?Er(L1$Xf^50v^6v zKHzpyOaKsHRrd7j-R-M{-*9$t0o~xouOh1w8V`2+WYtS?L^`AuT5WwyPE<6_9v2US+L~RTQl}s}B5;E@f#CiIBPF+D(Z|yn?zk+JdG8vno+7Mzi3Eue$PVD1M`lO-o76G$oZ8G$vZO!=Z=e*u5ys897p{-l3nHw`YV8N;!Pep zPWzre5tZ7s{?(&9{8+RQ=%1R4Z_#tyhip)S@BS*3iep!qOey-N8&Zyh>2J)}ix`cDf9kOM zXrZHgJx*(dH%Ao+h6f-4G?u=xdv|A2#s{zElrU^#_QW`e2$kj@CKBBJnz)!z05&>t zuraX}asVJg>o9-$ib1`>xi-~*MQWpNZ3^wz1WLr!Gki_6nwXg0M{1OGOMzuy#t~7% z&ZT{5zr@E8`95TiL2Q zN4lp^Sg}m|%MUxE*=!r<2>WYLOSrTXkSGK~4Pg$=Z`iXq+DyGfh8nzfuiREx)UoVI zvfhXnlyzIJ^4YS_3Vy3Sr`Doat@6f@8KjEFF$wCq?k(TT)JFxJpK*i0Y=v!bWkUNc z-@M>-DUZvRf)L-~DGzayKluQt*jrF|PH6N~e(16B`Mz=fdks|_ zEys)O>+w%<9w^;Pi{P}jFOe04{`*D7V?GxlyrSSW1GrMWFawgowFy9<3T^^Dt0>+? zh#dabpjv*k2n^~Lu;h#A-ytVut`yggP?+RV&nRZiEonT(Pas28zUscO3Hpmw+~H5I zW57g|0RBAxO=)|%jmfy`F@FSt<)M=X)*paaoVV#aDUB5skT*>bD(7K^ly+5qnZb9F z1t+i=b{V&zCVVet@CIpj3!V%`**SXwMS+xvd$~U+r0EFHGX|?ty{tc6f5j;@-gRwQ zu(+53=CQL#nOwuoKXTPUX}vSSk_2q2EN5~`*jH84VR)^)2u_LEK4?B~L=UKkDWvCp z{JdbgrlTdRB>POg>$um^{~D**Of(4?Au>*Hnu6b$P};9O)8LF*=psR-v7YVa%c5m3 zVOz+EeYtEKeGXpS7jCl;zIMKHT*%?%1}e55$~)ckXdcSjW0SgtQQ_1ht96+C!r6cM z0-9aSM8m7jK>*Rp$SI^SqukcSkQq9+o!c6_ShX(0--#ips5<iw60hVVb@HBWV;37zTN|RDwP@t2c!_bSAgIk`> z@g?xV_%M{()3L0Y5}|fK=AZ?!q*IlQTGbjaB3j;IXOK}c{DPO@l-^oI`*PY>y&voP z2Qt1Wxq-NsAsaBQ6U=E>$58iIXX9EPd{hruV!%;8A}r@fyeniVvsCL|`Pa=VZ^1`koqOL!=P3 zE5@fKEDOq4ubJ^FuUJq{T(0@t44o?k(lFBpt(KIw;nBkaUqevET9+TJM6qMIt-YIW zDMhbO)r-eh*iY4oMw$$=#yb{#5%j4AQYeZ=UK#T}- z29deb7b5^`5qbLl%0QJY;P(rjPz*wpBdD%}o!~GElVrUrt1OAD@rMbP^fG8oOw$jm zz2yNYA3k@@@$<$7)V3jsClLTLQDN?9lxbe_M)W2)?Z4gn1x0cZ9TB{&CR6NPWNk8?#s6O7!-9vv;j0Vz>}Z6%Oh z7yj7XS?vBBWBmPse-SAE!TkI|_kS+`i}?YFp#RDI{J#@He;AX0c%cjC=RX;fe-T0d z!TkJzTz@YAi}?YFpg+vdKfKWYi3s|?8^=HV*8e4;bYWoQ-Rq2Hl${7*O#xr%O0I{7Vhp`JyutIgwz|yzdS%}u9nMo{fQ^Y- z+vENm&MNElGtmC^NU0%rgCBse@pyo6)A{}EQ(>j`(48no0886U`2I?^e3356O{Phb zdnX^rL(Dt!){ON#J{M)t6-S!_BgXleOS-S_0USZZ$=T{!*(wEZ`9yA$YoE*k!!e%j zmg49H0CT>MRz&jSTVP5$Thop8NmzhI8~WlrufiJ9eUWwA%m4vs;^)!R4n-1ot>Q?+iOdCY!)j7qD{WO zU7}oT38p%j@-Su#TSK}9a-*#V`qzzVE?|6S7tG$#WYMViren(FGUQpPm zfuWQ!@#s#7VhsDd<3M!UdeUZd^Glaz^+!jq+R2(vcDeyO%V$U78LJswRqgLw`t?B| zmd3F+MbvbDy|Ui(x0!Wn8(<91ewX0DY~Y=4pZ*?w86&gT|1?2vt{VY-8_Eq+cqwt3 zp`%A>stX!^NBd}bDf{RBd!m8^Uw()2WNa^Hdjf#7bbo71WmdP@zp+bp#Je<&46pKW zC|>g~_W8_Q5&4lN^R7>Pk-KZ67=9m}5k(P$u4bg!#K_{`_8CqFAG9rNOdw2CbcEjI zdr-;`Qq7gt11x{qE^vQeP(dly8}rtA03ULNImON$SYoH+On(AW>_$_OWuFl@s5o0J z0@(cX-sC7?etwnf5E^BOpN9)by#5tgSu(h-jf1)cBCbBjhsfz@1`Efl<0C#}UNy&K8ku6C|G#9*jOc*X9H=U{FpkSaK8f^27+{Kf~; zBwojNFb!U}-u=}(z)LD-ZZVIgqSjDassD;oR9FNz`_}3fOs>+XFY8jJG3 z*QSvK-nFv(^H!TOf@ZbUpw`S@WXebM^kNr|M@2`SM(cZOZC`oBVrS5*>y2<^nTj(!0)H-$gDZ%o8HD~*4yOFk>PhaWMHS0cOeES)|prTr+o2MGBqxFQ|5=NcL% zjgpo+non-HokfxqbOj6Q=!pNdk0GI5uq#X8CMlL4$!*ZuDJCSX`r>Y53WsSO&v*)z z&rMfEY}eoBq=4XaqH+%&SoHLq3#tu;@?(^YBg2W|5!VH2bi%$L7RJb)J@n2|1N0sx z{zA)uwIQgLQWNs^(hr1~)mTM5xfU|2Mt!(Sg&15p_rUK6$g6Wa_+T?5g+lK*e6eUA$Lz=%}f;zuQ59|3&8JJW7%Z1W?27@w=p z%N^Epz-`;btFsi8iB!wK3$j{95Hd`&v!j;)qL{8zg%r+p|GJPSpYG7%SW4J8Yk9+h zWS#F?T3NzXAQ8V^_@i=0G6RdaK=qu$9mD7XXITk(79d7G(sIj#cSXI#SeiCjtRB;YXdY0wf#QR=wWJADaT+Nx= zuZC82WTh3+^oraIAgJ}$aqPs&de^(uB}lxMcLBeK-`35VAJOE_6og*lHD6iveg*xe z+|xN`B#1NG;BmvNc`l6;Sm-J(QpA6icbSOW#w;#TYG{Q$4s&P!8 zs6$QzUKIgMONq+)w2>ubKRRla5(AJ+xyy?F?-ArdUwZb}w)QqA%J@M=Ub{XmNp}<= z!M3tT3)l38*0cKs`yz+xRY>6c#EbUhHO+lPYk;mZ0I;d&HAg!_hINWtgB`6f;Fi+U z5E=o7B2j>yFm^j7xUnhYNqa7%!l(Xr&`g*e;TeL;hp9m-1?#Gpst}p31gpR3M2Arl z#Bc(^K{cDMjG7^C@GAEu8|6U6$JAz>fLG+Hp8EpS_zLx*khg%+L*229d@#9oY#K|v z+->_N8UHsWvCIi-!!W$o z5RMuJ$>HC(@jT4h5zBs4sz@2!jsbicp1a)&tK4F7k%4ZI#Qt*FX-bj&F(ORxSC8l# zg+6<>`l795{jb)^QN0yhwF<|E9QL_mXJ~*XX(Lv(a87Wb60u767`nbn+2gg_D=r#H zPv|?kj&6XGWp5yzQNfP;`s(rauYhd#<^Hb; zwkfoxlU3Pww00Z}iZ`tPkM9JqK-iJvNdN^7}8Z}niwg$V4J zm$|p!T}{@xyVN)0!5)*qe+lI~?xVcB3rV@T6eU^@b62G``TfyS^Qqsd#ulADi@r^N z!7g>2NbC2CZOeeDZBb%~Pb(3U1OiE(=64(32Y`%L=ly{^!dpyBh>iCV&4Q*6+Ke#YKskaY3Bx(5lRl% zTdN-`xhd&dkRiy@M_Brvlh8FV8+UXB_6=J+Q;?ZU?CWB^1|t&MR_X zQH@l7qsd!vGbi-EHDk9LMBv058!o@3cL}uE7O1oVy$vnRLO^MifEQ(W5+JrAao+K z^Ze~(diisdB(Ckz=5=06?xsPhtgU)~7>6sAB5NK zxvPen;=C_AO8Ma?t9Q<%))gmksN)smWNK#%n}+j>0)vfW>m z&D&ooiWffE=Eikaa8thbxH(h^T{9yZ{?)6WZP13gJq)OgyCmRuR+{j*k=?JAy2MM>zxNS=|ztLPIxJRP9szOqkknfvRdQIoI4TZ%`%DrC&uoSYYJ$*Ue3s?IjrJ;!K6%5>~2UP1`-tTwJd^Za}>7b?%Eb z6M>scwyyJTT`J$jTyj&N|45Pca$)>q(2mk7)fHx@NM<-Yae}k<`jDX-sA#m*=p}Hq z)lvvtq-7?xzwJ?D+DhhTcg~m_$yQHz)Sw`v$z~E9yihn@uE|CUuL%5pyw#lf3J%0` z#>PQ%=$Nm9UuHKM{JKAL3GU>5lSWunjLx$j-sfuq*G;^bJy(9~?{I4(_ph2*r^xE| zs9yWadpIi>B;Z&UMw1?Vgm0v1%mo$5;W|Do9t`U{hBzk5UyfTs9J}1*%(O?1{@ZBD zpAO}#_c^Qt`$G*80B<>_3%G_|j(i>ak?GycJf_Ujy@LRCvfo-AM)dz=*Pi_r=*rhChp|#W5he3xJj<7w5e^j*%~I2p}Izk z0vH(Nc5WSr6uok@Pdsp3h6y&P?2{2j~PfFpzcBRz8Mb3|DIGd{^GJ&xE@7y+ngy|E9KP} zI<#mX*~k!pz7UK0wxJtmaM(@*o@j4G-M5q=ShSFBd>k0%;E%UTf7k?i# zJl#mEQ}=ZnVB`fN7j~9;d{)hEJ7W>UaN}#4r5`FbbD}~fG$A^gz|Q!$0iGL91=tAP z&fMt>*e>J34EC){3=y=55^{}yzRt)~@m8Qw+(slk3B@Vx!tyU0QY4{!cHHUyY3Qa6+T zm3wyJmCDssCKerDzrpeHiAwWBZIUbZpd}!1SrMX> zs0&vvYNx(|TW!By3N7K7&dw+R$l^gsvBEWwDy%UVC>uGj2o?#*99&j8ew26#ZpQo8 z%yj4T9*{rIbV1XY5>iq)mV1&bn`{7D|3Wyq>bG&i(Ulm27^Wfuo73G1OZ`Q(_gu#Q z_M|7A=M0f(RDmZHK=3%7s|uzF2VlG*1{Q3D`|UZDX_+U-^1-w#)=?1YMzF- zW#kkOF)9gDnz`x-P`Bm1iww;_5b^uno$Q?tTz)*AuTvg*MzrHnC?;NLKhR%6`199T zP*R7!Clv0-O%_MJ_AS`DEIjahBN)Pf*-=sChGYy14sDO}z&}AI>Z>>#RdQf{dYBYQ zr|z?q$0&^t3S^j_AgNPAYCu}qL;0xo#ycJv;F4zu#MNP^vgpsXCYkxV=H$h=SCpo; zb#>HZ4DaJA8}$ksr{gRAI{AY5zg-u_y96=6?&xZ6xsktghs`{x(vni7AD;hw?3iZD6 zP0|WmlHPkU@r8Q>Ksp4Cjg4Qu!B%@VQr;eJy%+55tvE5_ObFB8)1GNMZP}pUUnvNp zXx&&V(2DpHkp97>QdGdb@`7|NH3q2;Zb3V@se4^F%b&fKV)ti^elt?6`;zMTV2i_k z$lvz|8NBJXMB%^({bVWrE9+jq1K=P%bK(6dzP>6LWzO~!$iwXIJ>K+U3%ROr>_F)E zQuX^<#X$X0`&o<2NOdqO*P|Ac5EB~Ce+IRJr{4Vbi+OO3%H}j%XV&e9G5NTI?M~An zO1eI@UQn~|xsiaHP2OjA+8;aAdUrlIV~K9dYLD>)UZ`ZxCZ@WQHpe?B|E}dyZ?#m^^Pzw zII^k@SUggTD{JZQd-H}^Zrp{SXuCgkPq*$7AGhOlKtKmjk@Lyl?RiP4@rnhIZ@x6x z0wpLiuqRdCOFDWaO8qV5sVNELBU*9ZpNkt0Knb)Mk%j)Uz1iyxTJ`PINYI+n*XK*j zPZu@jU`Wf4#X;FmLJtk^9}1*U8iw{3vS5wO6t1@cD4pp&oUZo!u4U7!(L8AS}m6@1{Bi#BMAZc{Wu=`RH6GuQPqF zQq`3m=bE0QyRcXCkQTF}dq3v`H^N(i?M|mItkhsdUNkIw$JJ4@@a~#gmivqBr-4v` zMoBqZ$-B3vG|wsy(eAkvIot9#A1jfsBkcj;y120lq(9+}cQPzldhZ~MHYPejaDPh# zpLSl5zJ`j+r`z!MXhXoQoTy`^K}CbnQJYqQjCm`;T1Kf{sXzjG4JJ-&o%m}&)j=(N znw6JHoY6!9>CWMQXv#psIQC$@LC7bm=!OdO+d_^2K>Xv!nghPihAsBXLc7oYDw~Bo zVTY9JI>EmcB;Xh1JMRS=KH6n!X+IMG7f17gJdVDC`;|OfAjVY46os*!_uPDZYa=Hjb z7A_B#1}{#=M0y)7Z8s6{fG)3wY7X1^Z&{XApaKx5ZhVWIF>!!C{S&$Ta*;(RsJkqS zEG^vQhKSXN(j<#!7r87DhwV!9`I?S0wTfHH_-C%E_0heunZ&fG-fW8KcB4hUxwBQ< z5tWHA-#^YUkSZ5%iajXxVvCgX7@T$@4c0- zwXwCRN}`0suEEW{oM8Wg{`UQl1M0GOuz#<08c3l2WsVe!$?O$@NYzCQq|bJ&Vv$>i zxv2c_069#Q@H0A5Lin~{n|idQuT9HBnzk1pG7>&bruQjjP@=M(-7?;864a(&vr<_f z<2O3LUG1xgjP9qdE-9Hefq_k~VJjaDRVJXqf3 zMmzatpq)fEp9-6629qO4eV?8$`>YzMl5y1F&95ER1oLkkLsF_x{b<};YTh=9>nR<%-cbAM@ zjIPDiY2WyiFTQ#?=SvCiPu}^XoIcGPRS3al6l0Zs30r;2qXu9i34Pp4>)Ff~QpZ1q z*XA%Fua^&IFZj@YBiv=@C!b%5PVV#7`n~!Z#r3iID!bC$Q=8G8xm%*wobN>E>}p{H z!;@`JhO6!Mg`G0=7{+b~r>B)2n!Dj_b(p#cIh2qp=@D7=t&T zuTb(nR|Y7#)|Sr=B5opNcn7}EaZ6m51}8*}gRYsP?kR-3tIkTF=S%fF zl2}Nf{<3DyBBjINP&=~+CtQ1NaJN5yn*Wn(L6B(X^Wudi%kmNVM4iil;dp-LQRLe! zhqU{@Z0ukmt7jMd4Gi(})<4D8prUa^3LhR}@I-Js4^A{TU8;8}J zVwgh4ikC$9HJ|(*gjf;{$MC!S-s{0enhrc?5>oBb{%(^o262qBbzu$g?4Bs6`ZmUyihtFe z%Yll=HQ~w6b{C0kLGYT6kQ&MV_IO6sD@P?p#&i2;(B*3m^FxzgoO6C?UMs~BKBhhL z(~JKJmG%c}h8D;3RM^;xKiJ$JKy0PiYUMv_zzzIY2mez${8JnMzqG@D+XA2t{#!e| zsM!Di&<-IyM6mo9Qx_pS(pfaQEcHLXf1&#V-~TVI^`iNA;n2T&@u#N$--70UYLEXG zH2-@qE(!xm$)ZxO7=2N47%QjM$*IPooagB#h9f7d^W4fDyv99lioW_zFrTNfV-9dC znk>-OF6ET_m)dv_v=;Iu%e3|0%l6{3{#b6+)%{wL#{B)3%5(KiQEQz2>vt*WO{Xot zsnp4#!s*Fim>?{`U2U`3?gcld+_d#bIHSCM^Vh~i`vxF7nvcA2Y0Xo+vGrfWoY4gp zDaYLb3V+6d0+(t1@g_ehP*JJ%beOQ4;yinu(=kzT7HfijcRWY4^!(&(X9xbpqw0L; z%K99O-Yr|(UIIAnt0(QhC+d)f7!Fi`QxD)ah)^tI4w5z-*IZH^-Vwpk?o26S$)2zB zC;d&h!_sy$WCg+K)n5YPU^Fh{CSt$5;ZjP#0q=8W(ifUx-_30t(0h&1+<43%UDC zP}+SxXcBE(#_wP=-`+d^1HU0<`|JBskFL|kxah{cTAP!@P9MDV$=*=kckR5M0*{gN z?;ktRuT}=hZGL0wTvxny7LWk7=GGo5ab*ecLV?gNY}Qk9#>UlwoRG%i5m3?MX`_#t z0W%?^+Av#;{}#^i*Hf7e;jMnhlb{lvI}Y{Z=7%1a9c0>tlB?#A!t^s&L_GCIjaW60 z-DN_GEN1Bh{f_xH&sGUW=47NuuOen?@x3Dw4*C=&sdUYuQ6RRce1!N zy~*cgFryDQ7`@P|+9dBVnp=*BID6>dw;Ay!fj`Lb7O@*EwzqvBa3S>b#{l>(a2aQr z>37FKE1)?)L*^JO&bT_^p}{D=56G>yQjX1jjTX@-L+Y~VTgH{YzJ})bU9&pI8}4rs zCSr?pGRxXXChFYk+1iyj{JuHSTuANvhWjig)M+(CD#o>OqNu9dHn$>P1q*MjJ!qd` z6-#MYLma95vQ-as4;zxnvo@D)jUMIu)7$$_cb1LgZ={4z6h9gHxSJ<);=NaTRw*9f zQFRS=J4S4;A3?6#WMFtF(g0xhG*?``R`&BtzK;5(+I1RIvoef-KYTaQ)O~im2kkp! zZSpd&`ifXoD9k zNMPsZ*H*^(yu&ZN2IV?sXRASarD(u}=j2R*=>Qe)te(Az>u{{&RUbbyK!8*)sm$sG zT++(-zi-+-gg;2yS62jeOP^vUh!x{JnoNYzDs9yb2)U{T#Q2qfpWC0N%6w;bdir83 z$t5vb8u934=bv>n*7%RK`!1OE5}O=Q(ZJe^WZdKKCHC{4#P4k6FN8MqMC~R==Q3W! ze`aa4d^eYBVdVLo*Jfp3U^s8>o96K6sle&r>dNJDFH!jR4o4Y0@%OE~bbtBb;rpNj z%9m>1zKLTGQ|K@Ig{>=0`t+q*sHVNL_Au?nQV3u8?&3LVKf=0j^NH3=9|a`#;Lr2{ zYJ2%cPl{-bMYJz|{Yb?r!gCBb?@`?fuvWiT;x@7&g+$n;!6 zB;qEReb^>!*pDAxMk&gAwlncduO2@{>ZbZ-4U*Ys?OgLSompYEn+=Uu0_Y8| z_FG$%Qx&Hiw`vKImvb=B7faqOI@zqB_0GC1(z>UfoR$WEDDM3!8lf%jqVtZdJwtKJ zDAR?>rBCh<6O*Y^iOi>YC7weDgd3nk-M17YkCt;{M1QK6G`V&V7c&|AcFGOf)Z{jL zCZzv(OA0`9C=vYO3N@=3GlG(;h))T39jH}%Vrm=5qh7NJFwI{0u_BkuM+n zH)@g_tSHAbnd}2@nf8j7NCGacA~C&#CevkZ_MVUUcz3m*�ng6!RZf4KXHy%`}nB zc(2(<;YEc?ym7B--3C7EBs-)G-BmyKKP3~^t8!h%CQsELbSh6KfOShR)j_I0QKMY# z3bzq9b3mm>=Ober@sQ%Q-@z1?q@QRFW&4wi&+7XN%jJGe+$EH&+Ba`k z_Zlg&*U4#a>InrR1d!9&t6RaRAA4DgINeqoHwNOR)XzrN-ez0MPHm1k{BEt#V`NztYtVY8YQpyF%iO#5C6@HqY!GLa za7h!yK6@w+D%CM=yzbz>HGNt=3D?)6m2Hrv#n7uf^Yf{as_cV{2b>)+7AwWDbKIjD z0c3*W-sA_CPtD9=4`XWfN_6jjOmCv;NeJD7Kkzv^I~LdS$d4*;)qJC>X;90R?z8It zO}FJ~Z&NKmHV9Lj^d{ZoL6cZzRp3+}V#Q~C1<+BOhHx5VCHOc}muYbJvJN*ZRSAB5 ztdDhR<*tHPTR4t@DP$NQQa9E#L(0|p;=1B(Gd$<2G#p2bMl`6}vgC~JX97 z`yi*SGDS~I7IY&p70^00pnMa@0i2|}ABgZTO|7%uj2;@3U<)19?(xyw z60x|h4gca47F+9^WtPGfxOid(V6Z~tQaDdcDJ5016z0CW)5@T^!ZO&nNz0k5$>6w) zjF-}#^2xMacv zI=ZpAIpy=tY`gyS;ZxUa)mKzC_7lmJD29QYE_veX)lOp-jNW_#ub$`U$+~jYM4v0` zLm|#wvbUVCE3_h6Ljxa@P|kmMeRo1wV{k=tc$&mJ1PSkj(E-|?!i%Gg;XGIOx)NY& z-NB6SVT;m`MbIi2{P%t3A-Zw%dvD_?QQ?y44{v}1>izvS4lVW~Vzeu$Gx}40>q3>5 zGo$D)C~k`VHbMpJjU?>N)>jRu1d9M&im&d6Pn;Y@Y#OT|Gd8r7L zZe95DQljF{dZX~_2R6OR6K#gnEPhHkl6d6=H*spCFC#EfTfYE)%&MfB1HkR;L2M;2N{)jh=8I|3LIx(`~xZFvB&QdTE;pG z&EmPWb`oy}zv0!o)gr=)@tzH4%1NRlH_8|T7;41T_Z#tPR^9RM6Nof|Xm17txrH*Y zE-rIMrhf#gJG2EMS0E620To(og5%_2`H%6n8T}@BD1A#m=OR5>Tgi(tIoVta6R0gU zxQ%?w#|@)-k{&yseV79PqLzeE*7t%3>th}Qxyv1G#9%`%{Q}qTPN_=K(hl9Eys8he zkt}c|sHi~ubs$g-BK1Pd9H(8m$nBbxRy>w8FdxIAO^n1$YOAMLa;qjtn~3xq0m>b2 z20@!BDDCv~gD}I{P;7T%*<^NsEC|kps*B}v(Bn!fXf|i7q)0hK9dyl^d)GS6YW>HA zOLRPns(#?Mg+__^wBGTUVDBgnxNjq2x)#5sIbui+D9R9@B0^~@C%;#Jib9jqucKRf z*}ko9Wybv+z2nue!}zls0BD5M7Tp2Cj;l?HZ~e(`?C3ZcgR}}X5rU%AVous5l_S(_ zl7l&RT!9Es+N)DO+W0}ZBr)8v>Bz$6IKgtsEk}zeynUitJ{g8IwTcB9z_llDrTWeS zX9R7ex`e15%##|5IMPwMP$@0d8yp~uM)ep|I)tY z08SP$hWyajmez-_QUShQHQ5UHA zS0xCgSa-fR^*dkz!97InOj!4e)5A9T!Ju%SJo}j@?aRhl zr`s*Fb@}nZX)PNOu5Jydr4l#Tr%2P=*;Zd}k4K1S5CU3iAQQF_gc<>>G3S!p*HWwB;Nu=4z0AOVTS zJhesSE#d0c1#-BGts5b^>TM-fk%Qa^8K~3C+wVs^Eiz%%6hxa!+&gqEf_0V%vN5JiFOnCPL^; z)JAuz&?C|E{e_-k1mVnj0EsWoiP{Yw9?!3gE2~Ccos#waTw^y?luA-uek|ta;iX@_ z%{|n|UU)BXKS%#4QpIHbzQ25qg&OnzMG`HLen#<<+cZQs%mwI4Wy@^m6HmqxrzEQ% zXbt5+?*0#xp-QrR*|&+|NRuB$B|e@n=szeHCb) z;jtrdE_J1uAoQr<$*o{rL^Wjl)36Sm33_!>)=R69+jx9YEB5nKUQJGcUI(LXmo(Cq zI9m4`c)uItbK*kdu|(ZV!Gb=0nb#A7)V&E~?*OF!ZbayXL*@MUuUF15NTGeDOi8!) zWp#K?$53=Js*20`n{HSA3~+M9N6mqCL4fZ0E~}(8AOSB$T!I(HZpg^oB{5+pLO%A% zykp<(X6~CRxn5A3(8pSUy5BY~|9UCx2IaKZgCc6j#YVdkn4P}qqlAYmyRtS?rdJJW zLBkm`v}=E9Z*X_UArs>Pz3^$@XX!#{CWi@MmEad|J`Z`XL_#YFcJ@?|*jbIxcW^=;lFkMx)f7qkU_GaI^TC@dN*;bO zvx*ypCcT8Y>Xw8A!z9zxrn`(LY7(_&JM&FzLW~%#MlVa7i}ME;mDElhK$TMdlM0>I z%N-b4hO#KCtI0TqK=Tt5~t@CsX~8@$?eLsUnlt@1&=dpqTv-n-3wWC7mqr3>dPOrc&RgsUcEY zsyA9kjxx)8rNqb?5&4g)hLgf2q@JI}R41j-vogvp-VgwvA*c}CT($2JSXx2z(VSAd z*sr3t?3Vy)l?c9!j~mDaa?q0kE-%#3Pir=Ux)nB8w_P7XQe=OSHKizQH{_=A?tRqi z&R7@}%`sWi5qUX983knC%B~k|DNZ(!TRl}wb^cWpf=4aox+#U=0spf_G~@IzKBq@s z_`xSY(Nvi98zD`t3aga3QvvsNx5vso&cUuy+5_U+$BhX~|serbq+Q;)_?<-4A z9Sa<|CJ;=*44~s?Fi5rSIHJ)wRm{GT(Wr_iY}+-ckj`ON4+r@+B^k-Bldz_7D-bw# zh+XBKGa|-xZQkYX5ven4V=<@FyO|)Ylbe(veY7AEQ8iv|A95hjh<(Xf9CC5?o&?oz zf8_#_a6)833E=zLPj>d#Mxc8t!j`=$Ot7nEut3C3%-xeNkTySta`#d%zt<)w|BvdM zCd&M3Y}Gmo9|dW7DpiR;mA~YX6b+@c7RX(Up!B*DZGo=!v)(f2kfnPQxEVV_kDP|qoey?akXhKJRJ(Z}Y92&Tz)XJWNHJnvJ^ zYo^+3s+2y71TO^?u3HTEGnDS7UF~6>kx_#uU&=?6XCNBO0_0Gszc0AN;6Irnz+GOc z=6cA&Q#2gg-YD+qKNp`=*xC2U2X~DGdQY!^HY=pM;FX&qokxgp;Wd%hzizT+#HDX* zJPqV_cRD*!PRdu($ivx-@DuN0KsDQxUl%ygdNOx`6^rk^Tx>Es> z?k?%>ln&{VZjh8l5R~Swjh^>C?-{>w?(aLsz4w1ud(~&ox#oPHXWnZLmKxsh_F~LG zC)8*K$hKnbw6i0kPnC$~umF{fu%9^8g;@uZi4hh_i%wyW1T^u)Ukt4e#8=6V&$CdQ zY2QbQyn~<%9@Wlh`2h4M@~Edmi5`Y~$${sN#bZ&1dy6B1l};8{AzaVRV!v%>;;~G6 zL)mg=`x%M;$rhs*iz@9g0&MwPLNd=m#3l<&0cR&kp5Iv0+t&L8SA450HW6xZ_t#L$ z4pqg7+r;SlUb-WtFL0BvS7>Rlin(2$gu!1{>tn!4O0p^eDhUCJ#zOV`-W+e<05ht5 z5j-zJ=0m|NJEFnb9UJj7fL1$& z)h~T(M7+qI0MYgMO^$2(Vp6L5$eB+r4w2cIPP9BY?<^%nY;EMJV{_Y}Q46j_h+~>B ze$L_BV#qRu!I`BK=lAjSLl?tPqo%x8s=~-X%>fmjeK+G|XC5^l)=^Ce5(Kh5*WlXE zY2?yFo+ySBeZ2i%T@27!mb`mis{s^eP+MGFo)LC*S13quxdjzSiddtgKR_X75>>KO zZt^dH4Q^U|+9xLRAxgm;eJ<}JUYe^Y$jBW=jVA0@I(XpSg+(DGng7<{i@%cNjI5Qs z5R(@LWBD<5MloB1nr*i?>sfkgs;cATLz}Y&_QCnxhSNf+%X=z=lF9BDj%@Ksk7M@L zF9k9(ZEmOXrk&;~1f9Gr@yY#A$BfyJ5~Un8emlzU^^HM*ZyJP?xfqjW%5Mf73}PBS zQat-8mKPZgZTQKlZhhdu`$Gi3FBS2aJ zkVS5TB&OXW7t$S_7#B>z2%IJgp++b^WZMcx=`k@LNNyB0_k9-`hSIYa(i!cbg7xs_ z13~kV=}50g`bX|NGmg{B@HMX3p^RUU@%$Sx22)}7?ponC9 z8NuBa7Zbt~686_4K&u9%PU@=!PILjx9mu6DLD|9S{Z%TfnAAVB`Idyf>CX@FB+?H^Kb3mIcbfpU*olLzXc zKq&n+IN;bU`2X`aYG|Rp71rOR|MMSfQA_{{-=#ztxq`ncp5I1tVNi)j>Hs^dmH*Ev zJuiTlw4f-Ja{qG^VLc?=4#k6cK+s{YfCRZ~f7SA5^woJY@@sCZvu-#D4min>!tFvm}wlFqN z8LFmP@w#HJ)^bUhcOR6g^5fWyfx6J$G-bf4Sm|N=eM~C{fa8PISOS7rQ_;N%&o|?- z3pDHB?~b+Al;?p9u&fNRS?&xKCk-a$yogkrs@_Yn7=3#!xK2J6(@xIcMU8G0bSAsWIAhF?9Pxzk5RdAW|80XhN1iGC(;RuKNAhq z>!)T*xjg6c21o|1aho9Gfh6ohSp#dMF;8`mp8P&Ckezu3ia9$#Ug9S25n}c_T!$F& znvOWD(o=LZUJBATP4k@}3@@mbM4Cf}ft*&%4|T$Z(0V#NOQHOhs@^1?4y7C|ebeLa zNaz@n%~ZKOX;?HxkcddR!&&}_3`k?Np9}zaxxxVW&Nk6ph|Oo}9Ltu{MN?T*g}jY| zIO1I=!^f4(2hF4^M~J`&<79OYd|t!#60=7@(EOz?2rLWs|hO#-5Gpv1zi2&MH8^YR=Ks!a<%|(J_ z%n2SSRwA@e3#wl@n{wU+9fY-dYF`@3{T1n&RBP=DcI6P+20N=D#d?mdUguy5D!ky~ z-Y+fd^exd|em*0WrbP{Pwf49Lhl%^=#F9=9c$8X~rt!(Y@ZE3Bf7=o&znk_rGPUa2 z`Cthhmni_G2C-D!Ba@k^HW`28hCAimzqvN3i_Nm{tz!p6r3S>lUs6aBxW_u!JjitU z**n2O$(p5wLC6~k;yx!vM^0xTQR_89hU`|l}X7YjZWc&+sF zsXN4|EPfwUQK5Qt%L@I)VeIc)zETdhFRvT_D;?_@=;T z*V+LkD^3MSaGSl!Z|~w)j6ILZBN@XySe6VlWdeuTMaj7xL`&LY$~=P&dSg;Tg)w@oLK zQHw`bfdEr!Jav*hVH1J>;MbY^B98C{DnOU6Y{)3i@H zcub-PN@Rw4r>!hzQ*6`gfJmJR1B{qb7&eM;Zt%42SmQCP8 zT}_2iB+g~;skpEXES0Ploah4|fEm4ZO&{NTOX?D`F!X$V=R2mojW4OrQuCq}exx zFOMS8v2~hDh{zHARd6f!8vd%)Z)HB`QT_qVpyhanz6-mu9^K!D-wdIzKL4Ps3<2ChZH2>#k-W~C<@6f@d7FHMgu z@65`6mmr9sRbwXF7NQPhG`-Y9rc$9eY!b+<+ccx0ezzVx zZ>-l;h61A7XE)+r$)>(DsuWClm9r<_FXfV@NyvAY{lIQB?o_~aQJ|Py{IF4cjp%2> z;0)SHEf8n1ne}>0SQHo98-I!1Q||%4bT6{J(iQIDzFUYK*7Sbdj~$}MdvE*}M)Pxm zc~7##js$(~F{&?j!kX-V0p&BhE!;=>g_k?nLbcQ2-Fa7)n!Qa^g*2W>Q7-&ME!Oko z*1FYXE}+Lw8Y;bD_sHndG=n7_Y5f%dj|!wfNr`r+tF*Lbv3;>OB|(Z?gbK*wjC_zT zQRcn4{hk&NG1BpXa7`O^Vzt-w)2et?rjgk`nI#HN{*P^3Ue>yu zJCRP@ED9NaTN#ayMi}r_SC=f${ z?1x=K?f1MpMuveD;TUO>Xc|Kji-B-_`+D{ybw?HCF>inTe=zf4hw3|qz+AVt?&q-VB@$dgUcU00wR@%GwWV>r#wk3Ta#s7&5h>^bxk{__wO4W z@TZvN>XVQ4j7PyNcxrgxp><(aGw-mdyvdi<$@k$BE|>Vy%=gLf*_}Ibh|GHvelLA% z>KO)`X?{H>_-2l^woD`EqR)cWfh|ALrkunX)pBZAs zGB&v8Oa*F~!%<#?LAgC|a9&B$=j!7y+%oNrDfv0XYs1yKta*Sk0?}w+&SiPh_Ai|e zko5QoPxlLjRWaMOVn6^>@xBB>)Vy@N5y+bldL4)d?kz`9H4!-Y32$|aD^z=-bw?B) zwj#pms@@w8tmeF3;m78v^ChTGecBjkZX5Y{V`0UI%|;R&3dY_+Dzj`JEs}mpVkz_u zM%OenTGnh=vY`ANHEOHbRa?lqk>yd@Fi|yn<(wZ!7;15UGM{-KHKx&-G#@*K@?{3|Iz`&^SsxVy2o2zfQdv7UY(yMmM%zFR*{~maG6Bv{u}^@Y6GiuHc~5!laX445Fdu?*k7XR7N3VO=C4i z;IRzMd^#mB^&Q6auo%zd-7|@jjZTJ^+%44M9haVObOhM zeo-HUC$k=+!O^rAef@Su2sALx8E%rDXzb@Odb^>OfNGOj8BFkRn`iqb)soaIU$vs< zR*EP(JZI_U&DCzqC*3G;?QPPkQ9113X4I$^UqTozE!UO+O3xy1D%N1j_A`a=4yl-M zuU1>3d8#X}B)2_1B^ezlVm+|^-u1zjY@Y;_9*ohP+fVgT;r&T2l|{ud_Rl))6Qc7i zv@j8lj;G%%b49I7SRqe*)gpw9CgmghUwx~CF{EK@jhWdD*N;RTzRpM&`V{i0i3N>l zXI%V{lvh?DHuqD`S$HW68LRi#_D^alEoSYS3jQDc-%~+93nf28zcUFL6%fBMKj}m3 zcd)l~&*aCOqC(R5u=mY^i%Ja^fZnBj`#gl!Q7_?Ik>0J4Hi~r(^4qbjtz5XziEeQR3tRqx(~z|BtLnf zRaZTR+2{6A20y?RodGqz{edYUDsv#OUHp>;4X%wxk23)ZX@4H(9szeB?{x*o2Mfu>PayUsY&&PCTfl|RS&M?^Vg{U zn1Y#8tY6FRck^yv-!p@B(>uN@Xn{D`-fo=@SwT$90rJ$oXKA z49X`H2mK)lj!maoJH{m_5`MhwDF6)gI%HGHeAncbIKSG-tGCLP>b(+7(M;|rpn!>V z@3#c19yOH?ilz{-@@Apr$nA>bX5Cxs_`D+xg9QF-+_ zsSeRd5v-@q0Q)TxTnh2 ze5Wr}a)?=Sz{Huj;&z8*B0h`gBW}VK#a!%agX*#dkkhL3X{SX%uHl(5pnpTBc?;>w;k`#4KF zhV(^NIB!zTS1U--U>aqwBmLDD5Bo^VG%k<&qbOmi^dvsGB2t6pTw z$?E7bzTHB@HmYH1>}$hWMJrO9yC8j&Q*t5eqBJ3#^A5a*ekWIIuAz>ZWT4U$9qfg@ zG*1^>z$JHFMv)l(5dfl)&57d7UYjzzw9M9SQVHJsp+haJ@DC ziuKaHGtuZ#y~T}%00Pe0CCwwjD29Qzza*_WQ-J6I4{{tTm|`(VcEBzEB8}EwX43t3 zQ|UYL7EU3e@B4}@8mVe~VfVtfZJ8^_?o^a++qC<4V|>(eD6QX@#}PVFlua>qs%^gDN5QP;=-@=iD!%^H;U5JKtZfbS;+(==6O)drh& zmUCAi4tUOEwJh4ln$34`i$i_W9f`5Jy2Wc8*WsfP0&t`I$r{(7?9!j}@J|U90Vy{} zehkiTl-e9mG~actm{8KvShm;SI zBl5#QrZ#DY>Q=bAiFJa?Nu<7;_a`e*SG@VGRI*&uEm0!-^Hz?wj%E^H^`TGM?x#_P zbKbk%BjI?r9Ee_HP$ZddhH7b|ibn>R`VOFGSyt1&PawftR-k?#YHw${DA@IL%9O3k z!>QqM!Loqla8L*IF?!DH&EcJ?vSSkl?`j2#?=!(g655gqDZ!4gd|CS1)f_V8&4Q25 zp)*P#Oqt00Mw18AKD3dMm6CYWTd|T#9`7iRDUlt)bd)Xm(lt9Wd-J|YPgKDI6R~Qk z`{i4Znp4fNtEHro;Z2F=aXL_Z86~2N`tQ4^`B_7Z7{;`?^RZbW18COB3B#T>I+uQM zhBWOvF0#kNAmJeB>pB-+iTYvj;BDm@N>8TSuV}7&ML~+!Pn=nJ`lx$jH5GeNfIn0IM+noE}@?Yai`7g~M7mFXs%x!?9HPzsf@ z7=->{liBqVzYKVSD%tOK>m330P0hj(-P#elhx7^E--uh8xcSR& zWK`D4+KFYLK;y7@14^+B4?zGS&6R4UnzR;;T^vRykHfdC#u^P#od~`zCgxw0Fe0rOy^~k5Q~YNlDXVB{3ycaC|dI z?fa)8?ss$*<)BzNR1t{1Ow-=f8dkQyQU&+0#qFVxoc)kFRsN7gY|_l}nJ8w<8ONv3 zJ=|RFd`?`$7B8^jWzfto#cOuY&~QAB>OAQN=_BpDsZ^I-YVUCsEeocmigu+dH`?D$ zJD{(;72yyOJ4e*Ei<#(Ph)H8{AX7Mmo3H>_Ew z>wI$qQZRl_HiWi^4-h%&s^ycAxoB`t^O-d{Z0Og4T7 zG?5q=yvUVkBrg4&PIYCOgj&;xu_SK5e{P}y#e2~{WHwvT{E((<_?}>1nXZtU;(*#9 zmpFHc{1fnAB*21+sI-ZE7UX`|=?{xUDK5W__lT`>JgB9+4-%G$fuIZOHAEezR~4Wl z33H4PBtSSG1qcu+igk-rViWBR%W;HQ1Vm+HS5uD&K4Rv8B?RiCAKI`B-nvfjg1cTq zD(110rAxUifIf@UCjjpx7Mfu{sZbdH6#c-B2#vmP>Pf$mQeBwvpthOmHZ|pgfsVOJ z!|3a9Ui^U%&ZVuigxoOWzWw6lQ={kfk5_&D9^<&73plrY?2|D}?86Zy)*nuH6Oiyj zReb3C{);&Lj^XW$A&v@JpWEBx(C$15qjZMe^r~z_C%6=$bT)MLT$V>ATEJPZJH~#O zwz$)Ob5r94v0?m?w1Ac)nNz_W7d6C_nL!yP@mT~fygJJzI`boYU#t5*e1 zsM4$!U-9=C|EqI78^fI12%_y353aSq@3@5^y0S7&~K^M{!W2IP|sIz5UFh?;#xDfO04S5IJ~7Vti`)CT9*L`4 zjNDA6nKKs68kyJ!DwRv4&4NV{z{A9xPkoM^%d(wzb3E}`md1C^Fj@J8R9PA6C?92W z8;*zwMsLVimT(^R3W)IFI(MQ-RMr@Xb3(<|>*^TYCRoWNX_Ae_x#@q#LD@$46y&in z#T9Fr7LiE=q?WvG8HcT|71xI|MZ&N<*1j+A8yls9<*8ksc7bV~=vOhJe)P1Y$8DuMQs9>&8Pj9Jny+H}1W(AFM5E2Mf-&Qv%(2cH z5`=Dxf;)s|nKoauc_Y5X(Xr7@njLgOY`8Zh7Sh_yO|0zD%6NCh)dTyL_eA^{AlvUY z4UBVrK2WTO9OTHDC0`E8jf^TVE0?QKf8X#7S0ygUX87iA3RxT?f1?w+VYSelZK)^( z%{r8;5WArPF#>X%#d`d%YPH&}?M7qhYCCsaVlxUsMLPL04tz6>7C9zRXQQZY$f!^T z`aWUCOK30siWCzwab1Y5>_WAuy7m|}#Q@LLm5qN0p9YLF`&Y)kjf~$k|UEooY;S2 zGF|V%uvte)sB$z;M@f>+#9Q72?gkV?O8ta23S_&eqyE%uw{2E+}POYfh!ALR?2 zECD(|ET=g+io^!5-5#JTG93VN(pa}Khso^1+-VKxr!1IC<e?fXRdN_>1cLS{2ki;Ywu3{8njf3DVuGRCuA zgRf?1u{dU!x$AB+^z)l=A@7{!mysKIq!|q*8bzU=cemoI&o?4?iqh5v_L#o8CvG~1q_`qMraqpkN@U>xg~sI1WozzB3H@Y6IdaBN;TulP0T z!}p!~H=`0V$4gtsT_!?p!=A|PbpV6a;?GrtDecQNsHgejhz&Un`p?S_aB(R9vMb4 zm)(}b`Vh6mBW}liJy%qCB1QmvW}0Y**o!2Ja>TFiM8S0VViLjyu8*Dk8KS>EIJNog z*YTc-kNb2l7-z6B0VQv5_E#_8;hpKugKOqDHLMULap4W=Kfc7uonomK9iax#yEuMt zsTaRl&fUDDdl&T7fCp;Ycbif#|6!t;rxfbg+MbqTBA#bYaoD>+nyiZ1Kbl}%JuUxY zOlR7TYuM)monFq*C0dBUR&WR}pUggd$l^oifqGp(#PJs9En#Bx&$snOsl2+_Pzhyk zwZ+~Qin`Nx$MiOT($C^KLnn9ZuU7RiEUfhS>u%25E4f^@o0(P`h0@!+-(~>W3W*`8 z#aU?czX!_m<1ngR{&GwbZswEU zwB4O86FK@8PdQtA{ygxr=UJ$J$FOL^=Ue}Xwr+XWpeeXA~8vF=_k| zOMSU2^G_og48D=gP&T-eNz3$*coPXb5JxuSHtNY4VrfUWbtfuDK|zaZq!$aLLeGD( z47xbcAqrG0a!t_lxg|&&nP#D`wm-yM<6P$}eqr#OkC`_%T3#LxMK7MMV@Ro1;l!%U(le6{V-nrZ*{e{kjw~M(GS3GLBXD23q>?dXnsZMuo4l1~|Uf zT?bUqEe)slD;VwpOVMOU&B|oIx1kGz7I6qFHUy)fp+UWN>wEAVv;(zztwuMfa^V?h z7bahSa&fx*;?g{HX!PBb%w6^b(vu^F9L6?*mI-Ufwhv5H+7%+4=|E_L3#DP|Z$HH+ z<5~JdxffNc4UH*vyX>1LO!5!^Mb1ngKoOxy#$)K}WUDfKbJDBG!M3wnr9_drMd?D3 z=M=Z|=LSjR(Mmk@!6moNSwf^pQAdur`^njqOxe=XcEfj+-X4H)*lK8rX3B=QrjCQ1bv$%&gGQS=kzF^2^L(FEyu!I- zM_ygLT&L2I3~@^3vyWYQB;o^iaY%J*lor0WIXC)#LNK_l9@}R9s8S(BUZ%U?Dp5p8 z&E)0g=H}&bnoSX!V1W`p0c%;!7oUOMw?uF0qPAdtnlG$2hAtwPR42bcZinaUJVo?6 zko^2y2UnetqsUR7_glEL+R<_UY@*j;=A?Pn`M}Ru-SYdFj&E~65&zo8kEnSP!`)AI zP*7er)pUR+8B7P`)*UA!3P0lF@X4Qj8L9n6$w0;mL=KfSsm0`*-g%&-ppdV55VhqN z?o{+dGhHqLNp*YHy{`c10(zj4fqo!{7t1f~M%-*)07{3|0N*#zvui2$VpHo95)e#s zh)gvUYMfGQiYs3L5oP~r0v^y6(1&7YyE~i;ogNc@HI=8&X*ZQJ1mP-`rjA+X-;-VK zR_Cj9dt;vdI$G`_pe@j_Kab-UhW(O?bm()yi;$xXJ0(0{eA$! zk2c1trY|Y2JKH|_xg?3adI|~(91d$=QnvPmUjj<=L9-`DFa@96Ld)fH2aRORTDLtz zmHE77X>2EK@@o@7Q$2WYwf}^v{-Bg88yIq|t3|yICnECHZB~tX1UgK`y0dSzW=KSr zR>B-A%Jd`p>&(Z25ZR|EER29$#$)P3>1!>W)l>5=%qC0QB6n5Wg-Cf$ZuZcC zSMQy}jfs*fY>|GTlj&W6VO>cAJPz7j6kyrjm~)&%a``1XB$Ih53#bF!4RZ8BZE8Ib zcwncMNaeC0>38p{HAeHmr24`r+|QmiiVVr{oh#Nfj{&c|lmSp(Z@MFLyq9DWof_RQ zQSB4tc!3z}0TxghCxIUBpJo3K4IHqc&jb4TQ*v-`ANMthGl4WdgPpKHhLjYBLeo^0 zxfXYzr>iBk*rX`(=AbFXV)2$>C~S(fS8duXgZ`SDowPaP37~gp=8t@M35!9W-VzYO z?%&l(>Lc>=q!j+V=dRxLtR_UR)R)gvZ;P7H+P@V0PPpaHlQgRSgy(nm9%m*2!Ffgs zDL|y0Ub8_8h_fhMEZc|3Jr*Nm>;xM(+-YVaRNiKz*XwD$@`3{aj+@V|BAi+;JpFNA z+wdKlxvoa2rj(CRSN9EoG>Et{OjQA-;xn_>8NH6{r&$*{16d=2I+`1*!_rN!qo5$} z{89srE1$V;7ZnwmpLfzXCvYFXF&6gqHa+$P@?Mecx_GME=qkm|zmm?H6P7#3s;Nce2OS3Qu}!Zg z0~-li?P9_kPn$6)W)h0avJWYBMbb@oBp;=H&W{~h8m`BooYbQnFFYR_Qf({WmA}w* zrb}D)m#O?=f082iN}N?(!sT#O8LaJ{&_yo*-9Sl2INr=ewCh$*kr_rD)P8es1|acI z7OtvR;B~v6U`g@nYCTgCkR7a;KtX;JqX{zWkEJXzxuBiuKxUS1djP`=*am>&J>3U= zS)%da#}xPIzL3L#?L$RQcAI%MEWPL)w2yGv6fua`a|cS`-T^}sN6|w|G6~N@HKi1k zbu?g3C%_DU#-BkSUKKfB4Pz0X$tpVNUH^J!AgLn!-2K9QK2jGnqsw^llt{YP{W5S} zv_yxIkJo-@CZ1GcbXG;!m#1eKkse~o94ANe0HD$~l`p_sm2OLYr`z7N$xkW=0=ZFT zBdIZKVkxPsyVRFo`7~)~Mup;1bCKWFmBSRV!N$LC4yQIeN$t_AaOFec0GSIwD72pf+pEi&jw z0H~&|sj#nf#EqrE$*&-~QsA06`FZ@~8Dh8zrZ%>wS78;sXX;m`nPb1jb z+1rNi2c#3-1jXdLo+We44? zAU{G*hv|EM z!?LL9r2>^Sp&32`+T&@$^}~|f@LD?!+)T4JolsqF0OSq^?-8W!_V5_p!@tkWJgdPt zC8&xE8-u@(+TP}IanM)0TiO;;=o0xMJS(eYQ%Q{%9^FZM%u|O0K!U{7X7;d&caS$E zG27~M-C3^tU38q&!xb~B9Lfz+$_;_-XiY#!1zE?;l+`B&Lab_>Y5`{Bx>WrSDCo#P zQ{~^!&(H5Q(8!3#1>Ggpn;wgy;vl1hli>T-MMIpIE-^;NCos3FUHUW^AgrEY{s}b5 zNKuN|xi=@o+6|yK!=m(g^a)gUpCEb>`4mD)ofO3J-dS2yA1E|_rnR?AuBW1x$b>`Z z3!&~9?Try}anvQM%zdrhOlX0j)y7LfWEFkXCc2g9F5H2gG5ZRREedTV+Wq;$He4jsk%bUT>-*O6s;kEnQHTzZU9OJ<}#Vyq(2)DWh zH{~BAxoWj7Z71EUX2sI!I)`g%Fk_d^F|)oqrTBMuL>)R%O*Tey8cM^KT`7u{fT>Q4 zMLuZrNUlD_?;slJc?U4%ZlrnBI?zox0QHudPga;HFJOQK87-6! zUFWUZR=I67aRw3SSUmien7WbGDGAtUA{OxtS%6=sb6(Nyf}brGxbMR&l^mj>^HI?G zyG!w}ls?W~B$7r#lx|DMFh6zId-dv-Q%+?i$0dcds`-7%c#iWRVD-c2-JtkC+9IiT zdm0}CmrQ<%;fpjT*Yj&xGMASP&-Dad#D0~T(4`3)edr7;SP++(BOxX2xrnH?)Lh8= z+*|^+Ye>-}&e*EIJ*;uOKg}nkUTY@Y73G@9<6H@>Nh9TOC;+1ix^ZV7r|$vbtmO{y zNQl^3jPCOSaED-A)uF z22J8+W%sDNY8fma~%^m#Z!l<{^I~s-8CMw^wVTDV~LS>r=aLd?NLH5b6N}L>= znL}DU+UWb&M}^#CVK=Rs05efdFb}lO{wyGXv>ljmG$k6AZF5^75~iF))rIjK0dzoU z{6>NNBak7bMtUt&iKY#~_Mysh^AjLiwFO=$$4xi#k!`N~apm$sU#H`&)q)wMH-3mX z{}nJ>G{9y(V2{6%&`x$^_)w+Xs01n#wtS7WSkqy_yAw8DWiBK0`>(IEFNq(3Z^%@K zsi<7}NK}6+u%{d92f$pVq&!j`1u<$V|L?hi+y|PHp*9fL%Yng^l?Q6XroQknKmxLW z_x(}Dj*O{6wg5ffxfR*GXf9}Ces+EgX&@h8B~9=^q&1-;;OgocRk&ze`RN7HkY6R3 zY_YfAA}=N~O#_w-!oJ@l(f|FsW3FN#r7GVvRjlpVn2Y+a|Ge_*S2-D^L%RBZu&q~5 z*FTOEEK>g8M!bqykPEqTBUir;#`rVEe~p1W!oSBr`MoFqn$@3B;@`*k;|H#m3I6j> zUhB^ozXPTJHpbr*znaJ26aQ--|1rj&ZTtVV_^UDgY$uozavuMa#b2%Ezi!}vEdJ^c z{+jsJTK>;&;D0P0d655o1OMydG2#Ei+w*^Y1OIt@{`VXB-xq(C#JLL9|GI(yv4O}` z&wn4||L_L(BuD0g^1m{2TwT@p)|NlBN2fV8kIEU|Qnf=EcW zfJn21bi?!A`{eKW@0oe$op;`O&dfb$;2dijj$X!kxf$umJpR-4Ly+~h}I zojcEd^Za>n|6SWfCVNqTh4!DDUSgYGUBB{OzC5veW$etwoT%mDQd#UWe<_s5bk8Gg zdUEzM_Azf(6uYL6?D9$Z?Fn6N_)pKa_ik&+L5*o^92X}ir_oI@GGD>hOI?2c{>zui z=}F)6Ee{bTI~w|bzxV%-Gr;_Dn(a*2$CwWl<2)u%+(JUjt?}Z5`qlFzRTT(Lzjb1t ze(5vAZy_wUmn;L^-3`2wWEBI)a5@}9sah&CO35>_K_H`1AUr>#9ER(87X^=Ut9wh_GHcg23 zUVW0%(%L2ApYRLF9c&pZc`Ny9mVCldcr1;`4E#vF6I#7J#e~X!m2dp*V9}*!cYn!8 z&gkn2RJLrj8XG5PL!`c3E$`KL6EBj^iP?=rgtgc8$s(-QULL2`3u-I#IrKK2x@tG> zy}wg|8M}d*bDDW~t+}J_x6MGdCh?0Obp;(qRCM$`3cKB<8ad8&o1tR2AUNWSqtK0y zUyR6a%?}jX4wsi{VAyL<`439s;pA#|hnJo{atIzyyGM(n;*gTsEvebZiFoX7*++dL z)cxLF&fn+IDXc$C!25~ltn6IJweLFZHW5fUpI-=tkV6J zZmW&q?{T^%mqdB3R;T!5EV+3ywLDJa8$wtRtzY5FmWC@fdvUrthhu(hlFsu_7nG>* z$Xvbjg{qK?;bS)1NMr_+gvZ8wj&@;%%Tfp2&_H2OTY^;Py4UW8+Yqe*2Pfyj84Qcn ziDO4{d_UDwNSU@=q{>_zsbUiQ($v(nQ{uBLZo%HSs(H3M@a;cl&;;r%J{Mh)p{-_V z8E4lM!>^0c^gGLfbDizv<~KD7E>4My6uym0kn z8$#KZ_}^Hnxopg9kNzd3T@-)nPHGlxmzHco-BG7K)~nd+io4-4hlTp45KY zQ{}OlBF#?o$7|;tjZorV963@)CoV&}(5!6(cYdhYCR4k!GhKyX^d*m;U*~CSrGRd+ z9@Ay+^&aI{WGd3ne);Au^dLF{)sJc235m*7Po^mC{*fR>ynr?_@yogE`x;tRxEorP zr|$A%*|;M*_2NuN>Nowvb^XIkKmCK1*!|s2pVg`0z5PtN{qF>;_Fq2xd57H5J_pl2 z&dsa`ZHL=(1#@hN%WT6AFOOOE=3E=?h5xNP>k&HZ#gzwf((Y?Bp+0-5xpW7A{Nx&i zcOr7|5-OXE!=kh_&Wk^1v(?)_sdJU-ME0eG(j83dA1FCnFANgOZ)#EW2zXNMIa^_D+n0+j7vtfXZads-!|neW`*OHp zcZfVZ>rs);%%;5_Kf2ez@5d!4ci2~RK(JK|V+lh;okv&R*WT;N^PU`}3_D|LVlo@= zFy27bjKBT%VzN@%rx2N{^Pc}0cr~WJ1k+ZXGR1T9Jmng+v>uu1>DuK*mOYj>qbW*T zNi5dG<-uZF#nxp=&f{7vl1|-(nDBs(qgwpB#obc$@bRW~O>75??lImK_P`v~g6@@5 zK!1~TJwk<#6SLU~J=_XCyi~^qM^v*NU(->8?(!e-v;7)xW7CgM{@rm1)pH+}{VVTa zF0W`&A<@1w?Ov{W>GWJLF5Z;0E}ZL*o~UG^j7J9b+Val2)&3V}hmH9G9qk(LD&*VO zry1t5=@7_L4N9NwSf4Bm+ln$e=#;XG3c=PsnpCUMf3u^>c`DBLQNv}9-=gI&-gx#= zTvph79jiY}v+L)xb-Yi+mrUiNgu{fL_bSuCJi)4uQPlEs-pt{C%^^<^Ox&F4HRb;l zY0O#Qh(q7)x#+BgJpGzQtVhpx9DE{dP&ftO^2WkYf%DRnz9-#eSUetYGvqAGe?#T| zJUYL}kH(uf|C4z^@$4WW9(e+Pj)umno`&oC#Lie#G~&{wqz7tQrluhggcnPh=*MpU z(tmc=nNshV?IJ1Dh+4Y?Rcpho1W`T4>A>!x3I{fPgQ&p zF8c?{cpQdeU|?VjpSF=)#Ha2XwdMBXZ|D!9Y)uXi_8rJfHl2P(vZL_12|Tsu|1S7M zK6LrxjmsPy$rxg&;y|#0MM=h}^ z@R*k2K)$hG@g*_qQsjABk0A=LD?FLz@kJuyRScxLW`uLyS(^=|)2nptC{eC-UWm($ zmh;3ay7}i;xvj?7Y2GXk!FXNa;!2es`PBI6JS{Dn@cWHamF`3Po_7>E2m8BLN{Ipz z652t5!5cc|PFcvxww|mB}3%%}Jn4;O0o#nHrypocC8q(0R>drKg6{rTY^ z>O*$B4_Gntb}UNJV@#jD_B`CO>G$Di1gcVsR_b3nR=BoPpEy)#7Ml0u{h&8YnCkLA zsBD$^N13WbqiFINJCUq=vp9n{S`ixo>EwkN2p;De`NkD>x4Y6lBUf{+u`xQoN(7!Np27{~N{ zS|8~=azj|8bodHvhb7TWGBCS)zg2tf_C`xLo+S>#IczX`b-XhWbcP?%$tNSu^<_%){gXKZBQvKOI`gdxIDRivTfE;}mZu{e2xK_nTt{U5K(m7M*D|d9MKB zSjP8YQN%A_&JK45%#m(XElIW~&{{9CvH5!>52mNgak?mb|RY$?~gB8I;4JKV*QQMz4a9j8rEsLDp9%P48b_cf^6fC+wh09LF z*6gJtyh7d>-8!yy|96PLfBu#zMb3v0LX68#pT1qgX~YWZ=bN=9*41&MTUwaY7Z6OF zBKAg!Vi!q$30nfDQ4hhw;wA3l17Ge$IiDwSXlO|9r_Z+j(C{E&0zV9*=g)gm#Y;E4Fkq9aAAVy?YN`_X1&_EsHvOoI%}B{q!E^2~q(?N=vh5AJYBdB@Gj zw39VEYlPgps^haZ6E2o}y_QkP=#^M|#feO{q}-rng|@d1!Aw^1c^3^#VE+YG!8D^P zi|9*Hk~knl7;ejY0nAkMZY9Gi1;xbC!*bwpx}F7yu|WBvD6b0QMFY?Ow^p6MpZAOkM zcfQZXjmTdd^j@86EpIxK1IKNdu8BqJ1l)vH|D$%erq+3LiPLj;1Gl&DC%4D366~tK zNnbZVZ!N+0^rb`c;!s;l%Y7Nd;&26n$D7H20%B1LKKrJqYm94prO!CHjMIWmdHMLd z*=Gl*yYf`u{iQynU*qldv-Bqtr=ybpAify*M2*{OMsCyhOU4Td6o6ISA0$X(+7hdD z7>=E}Xs}R!m4a_Tlf{_3kxorRL;u>wOvfWcQ+*Iayto?P@9$wl0=>kYw-0_-8-6*4 z+EMJk_w#W2a4)IgqU5V=0MC_8@+9V zWk~MecN=H?`}eatsN-&r-73|ET6lznIy4bSxR&Nsa|b_uhOJz5-DOb^AQFIKols^2 z?U=Q1atHZ96m=fYJJ;LQ>?0A?AJSp}z~VW~wGnty`KkVD$K|_!7B+zM5(N5H2OqfA z9IWRNQeZOm78{czEiJQ=2MePII9MP$k9&df?w+!~jDqu;d_#i2xjqvU6QvlsiOET* zYYqvC0e+9`c{PW-HL>D9G?_%gh?+xV>_>8b{`@(*zvxnMt*jyBuUcLyDP4u!Z=r1B zHjE3cxa6&WHrYOz3h;;qpagnhkD!yN&obX=&qaIat6=J01&Hl@4^v42g1Msu+q|@g z6=)HHLF6<&-+X&=YF^bfz?ha^9ZZpVYazxk+t@RjLJAmR9- znOBYEF$OgKc0Rj9utT4kngU+x-T3U`Xk`8)B04&Kyz&(Q&2q~N{WlBc4wgfq41Tn= z>EjKak9;(9bAgaGO>`u%l<>2%Rm zsh{a83^tcwF7AaMF3T0Y{}uFp;<--jxZNg^VA-P_XMrBM;kG;RAgZJ@Q2rcwFD%-p zQXoQPJD5l7eLwss2Nyj4Ejs(3V%5`x6Zo%Ft+ddSe;L+&t*qRu_KK`>8PPO_B9xFY z4h+1~TvPpN<}^^M3K($P+mye7uSsF%Jb@FGah5sFp3lEPB87S+QV7z=8a8n5#~Bk5 zo58iigV96Xa0kzZq=U6g(*5@VfDi1r=gyEEDz`UA?VhOxGs&Q&ayu;eeu89=X!d2Z zeC<#2JWio+#Z6X?EW%xQChhol@ah&LWLThsHG7kS1lB;RtF$R+@Rf47nTp_LxLMnJ zpMy-76YO9|1Gx;$aD(xigmD1OYWB(Xu+NdKrHymqy z$r%tAg&X9qo&jCM2MO?Q9~x-c?qJG}_dGT9$+#Rn9o_!ccxd^|pk`QD*dNej`bJ78 z0ES^yRYUd=K8Ia$`;k`DCygrequSH%McxTzbt_@_IUF9{M=L7_TB$#8Fss>awfnik zV|~TdP7BEm11aM8Aeq1z>5q2?N@qWQ8@-lpjX>qDg&0H}AE|V6{QQElywqt{qc8Ub z5bP@N{XqtfedxG_t>tl`DAw#+&d$Y%*9sw_Hrb%?C2FPvfIN$xs6-|J9#{X3F(?S}PR8B%R6Ar(drR zL^AtO4U)J~S?9FVe1FG2ojmO6mDN>fYCEnKd5RqO!2ew$#q6Dzs12lsy|4co8h|LU zo$(>>(%-mlle<=4QBm;>s0|_dC-Bvmxo*F`;k{S-Aain;>MNrHiKAomkMP0&=PMa( zimlgVL=}grmP^C5W7IxdU)~8B{|xMBhd<emS5Edp(~EgSi#I&_cpH~U}wm}^W$ z_Idmt74?6=XC(dqg);!}KB#t=0Dh4Y7(%1gv z|Ei%rJ<`|bDE`$Zxn-oU*^m9rw`nN4(T?Qs_02PXFAmOQpDLzEK8Ei_QjL)c)uok^ z^aKC%1I!5rGl@IiU(*j&Wv5SpT8%>Z9PGY=Qr#1}bnlY!dz z&(bD+tcRmBJ=nfT9yM7c-eFQ1wg2J0u$d)=#kB=A9odop{DysfAMa7xCX3CqCw~Dw zNX)vwz1T(V)&o_+__>yd_r-mF!7jnCol-@k!F zmQU7(MdI`^&>PO7dxQ5s+^}y;lo@Xbc5LpsC40dg>9RC39Q{%3)92^7^+#wi%*w>~ zP&T=y8dzVBJ$xcQ6h#zZiR>VDZn1_2G1&9H83hKH0_KX4Ersg|0lru}%soj;^SalZRlj|~3ShdEfF2QYI1 zE!O-kWq$x#07w@-$ivND)`{Y7SYlJP{uJ-oN@le-GjGO0QuW|oR~91Q^$+!pSQ#0m z6vr<40|*acjGjazVg<{^u2UR4vnHEen7-O$x(;EXWIBUH*| zy>_++J*q$_5b6Dvt6kVo(hG*dIt=RcNf7RfmWN90>_#f16J=Za3Vwe_n1J*=($HZ? z50!4E?$Wxh1Wf7IK%p6-k0x-fEnN+?9e+^WW-SM+ZPVRSPG^>I5aCFEy`*k=?_Pk_X46H&%F|jd%CEcpewzzliV0USF?pdYJp{%$|bS(S;@NX}wZa5w3 z-3t!eVZ-rqKGh}py6Pu+R6pQjdItHRs(Mov;}EXbuV1&m5wVvK{bkY|Gs}M&$>8AV zI82cpIwD^Rwm{slycUAIH$^GPiK`CkuGo5jlWta=^~SSWO~h?ukiovl{33RIQcnd^ z0=r@#JBr|8*_H9wXbit5AmGgXhaK&-UHO(ps+S*id}o_ny^un;BD36Dv0SCYF1vhz z;$PL#Jxiui3S?+WJzFru?eM^Bb?Rhs@iFpVI3~SyS|)MZB0`3EEtFn~-t+l@C5|}| zF3~}1XIQ1b_TBc}+sfBP=kNFB={Fx6cA&g>&kL82(0n0Yo84;)x1CRq>C+>R3=1hwFEVr#dVb`G@1!QOUUy;?r4hp*_fUpI$e;7yw8N6+Y2xvv+z1UhYqdVOkw zxxdPzg!#R8p=lXZ{n{!;O2hGDdbM?T7K8c|JYwAsvQOZlqL(V91Q{J28j7q3nowtY zm<()2Dzy_oeKgRpn3c5~rXOnwU=1{L|2j+>4 zBC_muQrIw_^t*N{%gYA=*o4L?pZgYCU}9xg?Xmd-ckuP|OOt9bbh#6TDC=G6v1$7) zB%!F7rFoB+5W5E>Hf0n%kBBm02MFgH1jK)HSLiL zKmnUVpkXMSCWx}#Fi6(c*5HUhUi`{xzydR-RC%oO>u&0}>B_tVQVI{#EJQ zM`W<6w^XCQepQs%=9<6Bcf7b*6+@L~+LpKwgO%4&-UV5ygE?}L)OHRb>x;uf{64BT zd7MA8jm*@j(`{47RJI5@*Cr!Ban|lY*8t&^FsxJ5mw5q<#B+a#pm%Y5F4>(T2fPL+o4#tIV8kI{fy%$29IS?JJx}=;9Tr z)nE{OGM~*R2a}?$Lb;{2m2^MSfW{6uq?W9TU6;?Jx$h@R*HK~imJV7hdHf3K1guMSfZ#tn>I>#eSWXab`>Z;nfIsRQcaZ3;-56qM1JS! zQIcpJ?0+YT$({@dl)h}8DZsK<1o?c0@Lf) zuSdqOWWHzq{_53HG)Zi;>ihUSF_=lr`dKq;QN9bSxP(v|Cr^Ox!K)7xFsXYtnqbIz zzQ1d-zxVsM5w3a2Ea{{9-3Je%tvtMP*aa13^&A9dRb!%~%bfMcbBZ~_3^QLB#4>ZN zgthI04q7!zS8!N>N*?7GI(C)dkll=mar$`b)Ty5ins-$!1VbH~J81TW?y0HuDbEO+ zhJbL33TBnjLC{qDq%q~%<#Vd>o4u9^(jf9U-(-8j9cTA=dnr6O4zwn4j&N0#DgA2J zTSkv*45*mI_GY^>JIu6JD8Vct!ra^>_KlYCcAp?eg5*|Z9H*h7QE3I^BYhq80@46D zJoq#AQo3oVrTf?m&s)35EZD^^{IcHj-C2dhPfCoxoz+*_wkGm^){Q+ZE`vsg>A8}7 zesVk+3(B7C)5eGUx);~CwQ!&Ymi!+727l-GMAyDIb8$#I15KAgfZ19>Zai;kHzgJg*~^Hk5l&TUK!CqV~xCd%GPL_l?jW?xykuw!gPknM45C+`LJxjwmzAM-;X zbDlkr!#Jg9{)&;A$p*owV)7W3NNRZGSAG-;TH&XC@fadf3iV}U)$GTIETsVl!eajd z@Tq#tQ4(oZty=E|0dBvv80DJBDd6j&9HRZfpT3M2!9v_G%x5SAy$GKs!2x`3Tu!EzijOW%vdO>t~T2S)K znu)a@%@=wajjyBjj?Zr_tmKKM1L|4gXpQI5;sn2zHyYHCxs*NB=b-|0#fFaf;%JQ^ z6CWSnDXI5WR*z{^zMGBQ+1+3%(#D9BoP7cy?o;QP9E)I&L975snpHDwZcFYBvgWu1 zFq?rpcit1=<&Cgn+^`raC!RP+2g|Omb3O)A1q}orPv216=kxi4;D-=Xbj_68Rp#A-en&6l&&M4PqF{!_F=Fkc}#&t*OhIx?~UPH=>k^968U2) z=X)+Mt_a9_>nXhvbz6xdQJ5+Zaf$814h@>O%m)1E@^0L&CnFydaqXb%>w*}P2za8m z1)ED(cZ}o-J7ML#qtx;q2O<`ok;kZ%*TpuDX(dNRS#OFVCmTz9*yPSKiRtkI!0WCD z;^C$nxROMRo*ah+$n=kd&Ed|OUQKzOK?5so+`l)?i?0o{k0r)}_VGKwcZ$v%`*K&Y z;Ooji5U?1ZYdpJ}O+%5+*2W_}1kK{Z57^i`OT5nl9bfAzkdYKG}IM%fTBdZ`#Z!4CQcsP>(q|c>Ga5(|gKY+mloeEpJn)VzxPZsynIW_Sy?fR8YZZ zE%L^Tk1idrxt@)=Z$yosParH^`dh#*>H0{oHh)vDvco6Uoq}()gWl-x+tT#qKFcaS zu{{1Q+C)o9NeLvHa>r>^aLB4PN%z$nzu9Hu(ldE%bgiPhF_kZSlIM%JI4s>)pLQ@{7Bf$jd0n+FUp6_Y6T#*r} zws+)TVCX8zV=$Sxn#bIoOtBlC>h{gi#^{i`I(ghCf) zUOTg=J7S~TE7*sMEK;#KTxJ&IZ=N}R{_4LrH_03ptm{&O{B+S)lj`S}l$)WB{Voqf z)avcCTgg;L&9nSMs;^zW8W!36g5OR~-(7sC#9BE7FXqo0m8hMd|Z#QC~9D_wx@@W?+ zs#@>XuoGO3j&F|Pdd0ITwMGIaD!b>uz7f1%L>}`lMr;cvMe?OykQBi>;b!YjORFAn zkG_2t@3fU}WCcjPwDVi2TB7uJ?h8P^Wg7K1Ud5DMIPB%x0*hai!ykXeC}ilwQsZ=& zmyL~#?1Z?v(?1$S3}dbWneQAdvFsTv`0JK<^=8-QH4^*5<@XtWc@rD6Sm8LGyE#?| zT6s<|VC}0*L7sxUczvcd#@2tcja!`ik%7%Cr@`cLNmstOZILnx8iyr!16gxHA)sLk z?jyxXVpbK>6}k+RgJ_2Ay~9IiVgCmhW-ruXyj^vctGS!8TPZb*z!+6WksZC{Vad6{ z=PgZ5oqdI6jrZ8-~ z&NZY1kw`Dp!3Ts{w=IZa+Xo0#Zk#q;33pH{c$jc#t5N!|iUVC!&H@5{Syt=fwQ&iFK4(5Egqz zfISM&%4SVf6HR|cfC%4P;I9`k&`bNq4WlqdJ6;J00^5&O=Fl=jy7=Yp=K1hi|BA! z_d9b*W4WCdKa%CVURC32{>qs>mR~m``b6U~LcYQApErCCDxG>f#hV|WCUy$y6n&!a zLU5FlHSctaxx_P6gc3kdXjGg2!pKyR(EeP7{`RXB$MWwU$w2_$ch0f7GmMQfQfd)g zk*CGx>urk*nA#ygK{y{+DK&Uy{=dsIdH&4) zOG5NZ+zp{601I%B;M!e@ysC5p-|IGIT_E&uWT2hv+z!ISR;iTCYP{irEqclMX z$`mVSNpCPf(;mDPR=!89s8UM2Tkc%m+YGb?9W-Zv-T}JSXY0;=cN%%tb*;#PNs~wa zL=iRL%vf}!A_GMGvTd@ZyI!?>SK~P*a@#=KY5pe6$5`0Z(e>>ZC^f&eaWkKo-J%4V zo_sf&V50|v9EtldxAHvtiAMjJx?y-s=ZNf*=E`ddzIYS@LM#Xx|CO&XwiQyLa(7gX zS#nK=PX7L)i?i$IrQl0G#v|rwn9X7k0OQ;pWVhy1AgDx>BrkSlFnhrSR{QX7y2|Zg zf7Py(jhux>GD7pdsOH32JBN5-1)h`-vn!_?JCXxvvlPQ7S8n4~rzw|YSye!W{rGWj zNICy2&TIFqb7rFTSDTU}OVZ1zT)mEs6?K>NHrgssfBIYWL2xWCM}qx^{4a1A0d`43 z-j)PU*?f#`JY-|S5)-S_k5m~dmeURj(pmfZQfei4EkZ0!69rW;k7|*`%%w%2&@xll zp@uj|Z;eUYWZYK*I13}5`*T2;=bG=Us6^HSIk$0!K#>i*IqHz)1`NF1aLmC99>@Rg zNTOt>`GoW}5x%6&BkVrGAGw&Xw?0e%3LO6mOot(Q2T<3WgrQGAjO+sEYY=Y!&lozv zs3uuLVM?#anr%ymNai)C!Tu`1lY4eQrzS$C1o+t;&Nor0p;qbZ1U-=m`Z#J9$!^=i zKxumlcl$=hbGUra^r;K9O<_TBrLhEcpBN*Vg%@V?O{%rWKZ8dU- z=^iM8pp$kL3->ug&-cUsKH&%-kw(+4(ClcAF4JH@Ff5+QBLwesR3PhgP0cuRa%0%&PC+?2l0R{d(Ljmqu4aiBCNyCGgsJ&aE}oj) zKnRVH6?yGC<6Peh8Nc!58S2QbrqG7<*!)>umv=O0$aNUyzEHW`?L3~v^;8{`KOxPwxFxN z(#-vi{K@IGt{@fm;&z}z zspqN|l*R&dWPxbBzWz>8=cJVL{JW)EjOy~Tj>DmB3p~;&RLiW*S!>Cb~YBU7%9Vf+NUz4n5nta z2(kSt?-6HrfWrMAeY)VE@&^D@fy)&WaSvnZO7j?<-W24ye7TVp(9n-vc|PBb1^n>f zmHuhTwc6VX3yE`(iIOLT1XOb3Tu1qCg%sQH$oq27NFhifay0Kd5Sw}@ZF-dX6Z-*3 zq#oW5zEXRhGpYYi&o<7e$1VM;~yyhaL&Z`RJJ-Tu`JH3$NlW8u%q4Y{@6I`OP zZ+=>C&JPIVe6~c6HDwMPnynUiENQN-!0Lmmw;rudbz41ZGf-?JRg%jY(3R2$hX3$f zpcE%g)@|j2#}kE(hqCg;_B}Z4D^PhnnC{eQgSnNXG%Skx(?9H42fjeM9lO_CF`L1= zOWm4?Kl^#!6*UT4c!OJzG=Qa^PH|wMQ;#{>NWVRV5Nfgjyn`YpXd|N^W|>K zrBHZfe!x)f^akU=c5CCIJ0qAPVLx>H)M&FVy1BV63eolBBs=-TQ612$vkT^Tl$M>> zJ=W(;1ohpOQ*Q@H1Xf;UI>!+kmus<3!6)^mb4;(`={-oMFz1tuG4cD2KYsMaY#bf} zOyEe+aC=|y8F<35_;%k&Y@=4}6KAf{HD!O(^P5C*yVBmCG&t9d3{v)SB zDogDc3oJz~2C$n&Nx!bN-2O{PJ&dZnSARA~EFv;;{dwRL&qFY}^DuUC!eFZNHzhX4 zbMyF^noa?8Bz)?3QR$~(daonblldV2icH4LHx*?S3$|7&_uEi721|XgI41bR@?<4e zR)(=k91gxFk4(OIfrH4)&;LM7z^A{A!>qbE2L?ntwcXn2CkVKQgS;~b7S(C4{;WsS z0ko^IpCR0v!`OD6-ty+(0H(>QPw#UV2&`o}E)2ub?6F(PRcFiMpsem3ikF^~s69X5 z%fq(f)VcpG7(nWa5`F$*3l#1HJSj}oq4=Q+d_g8 zGHZn06H?Wwzys*T-0~xN9DKQfK0kIodslo!_KxB1w!<5(b_0r=DaoK28YVsdq2VPl zLPo@X=y@`~7uCA+Lm-G6m;<^$Wc9z;!#nTgROm(`y6<=_)bukP2a^>dny}Utnq;h2(P4;rqP) z2STkf!mXz}$2-fVv!TawbtK?qDNYW3Q3q{$b|Dy{F#x8F3r{Gs1auDPVbf@Gjc{~$ z_?T3LgVuzbmu~Oy36J=I%KKg)E1#iuzQX$V+7(1+w15JccZ&{h`=fA`o~~2fM?nUq!&?>)rE;zIc!ybRiJK(Ehb&f zoKHY%YB$%sA3p{fPn8s()WgS*MeKhoqKohu1r$urp{`Br0J$B&_6KiuXK`Yk!-|^u z20Oo3vZ08g&;1J$36(EbCZ4ZQMZSNZ6(siSYTah2XGrDC;-{wzh9Cj*42$@*PAm11 zI`4d|c=p~mC6wkiF@*-G*4%$=`JI9_7=b)IcXDSbXN}k9dQ=1^*8}wgh@jN{9`sU$ z*`5B4wJeFAd{(?^Rk zGsS-Rz%0op&i>+nq}VaOZv?E4{!fCTha4tI2E!!0NU={ZRgioxCdPq4G;4C?2K+o8 z!bA$@hmjBgRWarMnPh4DTQ3NXJ+|$1$@k+D@B0i^SzXnhd&i+@1P z2iEXbFD>mU6n5@~P}19iC*xpn46pR1=H$%7(;awPCBVn$l>YACy?fy(9w$gF~Dx-MY zYq>}DKQxSb3S0N=jbW!si19PZG_ztxe}2^q-?7;j!#+*#znuJD7xFLmRR2Eu+#4wn zxPXkJp5A8?Q6+eH=9pAm^E(Xc7dOjA^!S_~#8~u{xpc+Y3_B!bY7h0Uj{H1#yoC>( z9P{o{`;JM4!G7zGte3hrBG&yGD3^Tu!i-$V)U31pXTsXwf^3MRgF`Qj>}6W0K4;<_ zkNqVBxJFuyuUrV?v^hl*}2&6GBT`Mk~cv9g^twFJczpcYq5bBzn%nH6iai0 z=k^LbUBu~?T|avyr!;K@Ok81N$F`fD?L?9QraAiNKmHUP8TL-7?5K~=8pvrL8&NyR z9H&o}1T z>g~Puh4m0!Q61Uz_EI5kWpZIa*y8ZuB|Nf9`YXA%y)!vYZ4y7{@A=PSo0aDHnsLal%Wun zxR4lw<)<6)FIsvRmDrx!>|04^+>4G8)36vRPqkW>Xw@lJ`Hqe%n`kTz7QZbZ8Fk(H zv-nBeaCw_WXHL5H9qW!{k1ub6C$7Eu!S{XGQ_8CT+Q6l(yG+Bn7>5DD4CVvDZK)(3 zrMLF}1LFL&Z}<|Tb&ClzE6ICZ>Bbwj^WrA*T}XZ>o6T^API^_fYm9k8h8D5iDuZeK z?|MJk8)MJBQ~yQK+!QEpQi*>u+{~sm_A|C`s;W$A-!BqL!z8|cTi2OMNDIN$%il|8 zRTs|Ed;k7SyQ=OHvYTFMwv<}&VmAAb`GKiZP|&aiw?WM&%b6!X(0jHhUY$u%#3Yqt08m-%R#$%7*aImL@^>hQ-0#~uTx9vE}3lD^i z0Ym>(&!fn>_1Y@)@qI6oH$R?p)9EwW!#R)C|G375CW2)s##p$h-0_@xM694cclu`E z3~j=$2|df6u$^%Jv%^r9oiq0Q(nYgzIaKacf-S>N&4XBq71Z7M>eL`FOp=0W)J(7C z&9;s&)790v;bDE3HdU=&wzM`AI`Q^yar7}c5t^Mhi;Z0l)AQb?hF<^j<9Uyddv)G> zwfL`Idt(dLnz9wa7jyW@$v(aKvHTH{M#5T{_T3l~Bhiw8=zctd|UkJaG&`y9V|mm`o7QFeJrMiNv; zYYuH4oO+WsPY1`>(6Iw9>hB6Unf|k3!nbYW@;fLGx-_j#^&H zKO7!CZu=FU%fFI>4>pPpWE_?^bJsJ;R9I@(7sD=b8}~lxRMPI*iiZq#ecn+W6^lq& zkLmvPKD}lIADSKFb9#fxCC_Y|E7ny!6;Us5Pxc4n3#O9f;-i?x0eFgYj>q!pm2KD_Jf3D zukL0pJPC@o>p`tyk845RxG$4Q!l9_-iT&xZ=MW-p8d$^~et;(_n-CaOv@?zSApL88 zz)^<*EPqSvIT~Urq@x!7LnZK>d#92qwQ!Q$O-56lspb8}9&*~uvUW*(2{pS)N<$8O zwM|-1jnRxE7sG1ggD6&-zTLa_UM0j_=$cgwZMs0%8c$sW-WSE6Wi@s?h_Am33r*t6L;cYO$}bLIS|2ZnfHGRH&wetWT=Sn zoAG)5Y$GzL)B5LUoNd|pcNC||*afm^$$RmJTuE|194rU;Lcty>D@1L%=XRj=1XQEG zi!wy9l-DOAbTV8LNQTIXrqsGP7s1^un!ci%Q|!Jj${%bEY25I(Z|7?OB_LLY zM;gbpjUf-5S1}bRI zAdSXI;B|{psVo(blD(6s@e|Jrz5r?`Fd1+&Ox~tF)>`Uvd+`2^0tE(-rx~HcB^DD6 z>E->&`fS5@VN4Nzzb1nuYRVY#I6Ty+0=F%9Z6jTuaW`k$vMupm=WK$Ag>sVYz9+VB zu*PSwJ4?7BIKIEaCD2Y&%a4i)9{c9Bw9Ml>G=O|=@FT2RV7|k>Gi|TK>!I6XE5ANd z=%b@p!dPO4H+o(^J3OG+ad>m)(wMHME_n=dB!tPDIY2u+ypY^v3&&OU(O~7{Ed@_( zH{($)hs%@J*Z4kY42ZRwI};knkQdC$bwROi`21u_aRVdQq!*VAm<9(&S~`hrZ~tun)`|x4tbUA z1?13WR#IE{X20YMRLIzU^lofb856zft?>CsPD}b7^fgX6OAK>6>dVIgHGvKOi@Ohk zj+Xp(Y?vQ@I5M@Ygl>^4yTjH~iDuGf7BMRj5VP%l%;d^ZdxXr_e5;8Z2Co-*wSwq< zpfejp)ag{-Q>QbfeGc@-DJJ0=i*8Ab>(Ch%NqN-5NY%GK(l{%StG;0{Ea`$6-CEuT zRN=9iyNA3p2}#ePlBG2*4Y@HcT|T)I+3mqeBtoeeNy8d%lfxn)<2I?Xjg69ukV>u2U@%+VG6A9)7sd=qe>; zq>8e0>FYMw-jT9m%9BSS)&2^QJR%~J!&(|bfk>+Lw~)62pYUg2jt+S*R0IT(vaO=Q z8}{4JuQPXE2X)SNc=`;Jm`3jv9_se`f`Ts_=R})gowrvswYis!N2@7pM-M(%2!qz3 zrq=d{khk(GD?U*YvoqIYm7c!qg#m<>lL^_H(s8r%26QZ2AA|0tnl-0zBLldu#0q)` zrXQuk7oZX`%}IBYs#NBTA~PmC)V`%Tq3^Q_>oZ*xYs5Y%X)}!|AXCY#$c`8Urcf7T z5_ddHm@ToHS3CWCRJh*EF-xzm>&dsiyb-fO9?otTh?Q8!@5$`{xMnl|@*gdMIIaZ* zK2nvi)GVyUz-*`BL?WhrvdHr+~(kppXl@MB#y_QuY8Zz}N zE2h4Fb%MfUs%4-nvu%Fh5tt2Xa>aj{{n(>8-qed5GN4lrNxq<>vgxr}0QIDC0n;75 zhYfNNYfAC#omgs)&1*DUt$Q6*t~`=4_Cj8EBkh>z0<-HUdtXOXKQ zLl6teuzi2(R_epZ5Kdv;VY9mF0>$Q|X!?rukgoa>uKg~h^tb4bSV`{CXX&T-YL#2w z{Z^*QS|`IArrzGqm~8ddV`Y8ssISjf?2u^H@$puW>H=W|;h{KPbg*(~d9`_E>Faof z$wG_Y^u*FU+KP}*eS{CP^KbGl834q+z0=uw7<)F`PLpbW$i??HO{bXvZ=9q_(;A$# zuKk~1hJ&3)_$J{|x=L(rW1HY$&Ed!3+!fWQw&XGFx>9Z{-7wS4TH_q&x-Cda&&1|I zKdOgKO=m5ZC!1pdk+I0h>Wd+KtkfkZdNra)D!M0Ui;M-~s^yvVD_t%6@!|LG?N7Jr zesc6Xd742WTx^Bc3CbpT=c@g};JVI*%8meLPX1gS0z7vkL&(S&&-b5%6jsmgmiP4q zSFc>T(yS6GH}QHVTfwioPqQcPL*tVU67O6Z;mZ76j$z`XSP9{Z6u%qfaC3sYu>%l( zZY2$}i0$@;)HC=uXITvGARh1}p%TZVT58i|G0UPuH<^3((slW>FI1mgX-TNKNgZ_M zh9O0cWtE8CG55{Is`{W<6H`+`?E*dLn?WPA*WzfeD8rONA)U3paOH{JwS?7G;5yl) z>EVCXitt{X3YLEey{Hv}H!dT{T?*&2=!A#3MLfb|Rw zJ*<RnsATc0NY7DJZ(F`_FocGOnFY32mFmRJAG zN&KmeYUk#pizUmqx1D7lw2qWoIBH+GBXIBp(J&Kj=A;Sy2|N+V1#2VfM)Obzb4Biq zA4zk{RE+nfi&c1EGc;!mOA7d0b}|=V-m=~1@~UUHnXe$Wf7&O*MxMs69lH&^OKmA! zt9<|dNVS)l_5g>z%;Q-*t7of}-c`1ZVPkaY-4%5)(qnx1RgzcL1|D9URk4CB3!C@W z=eYOoNyC0>tG5G^$phC)2-hKJY?U$hmx$rcnl^HNRPI5L-&rra`o6qoE`GO^#z!xS zBKPfNA6Ri$`{>L5m}v}8oz&$E#r}LUdjU0am#A_~Yol(GdNjMcJ9)(v+%X;M*x@6W zoWBN-+-KO{3es6Vro~7Dr`E!oaa%5iS*ZqVxdz6sKAb>uq0?-8HUz`8xtnOOFk&=7 zQdQMT2Tr}a$rd#{Qr!CbQJf@ByYLBv@bv-_>+@B4i+kIrHMDC+TBD~<;~#rTE?vDF zErCCmp9mS{-$2$$Q&h#e&+#J(ARY6oVZ1=M)8&Pc72{4 zTi@uC@qCd)t(A8E<2OUqXXDNRuNsGoNc$0=tz_R&C9E+kj!D^**<8nL_f5G_r}t9i zya{HSJ+@$Wj+~7B>?e3T0`n1SJwo<>wfB|*QLkOsI2=V$4;Todl!An$N=aLQfJhH8 zG=jts(j5Ydk|IM3NXIbr0MaUrbl0Frry!m09?x^1bDsDA_5Xgm&&MNEzw5g8wfEX< zt^I3p=$AXDGCeI#!gK#&ES;Du=ZEH0aNda#_voLfZzWtA$IRh~VNhJPW43;0*uU%SRLMS$kEQ5olxXvGhKH*WaaKaWhmX*+2wQs_L{q~vA+6^ZREy}FP5 zdwU>4c;t)?YsSFk*dJ-T4(=Fnn;aadAVl)1eBi@pM1V?R4}V_iESg!mYbE=Nhqu}o z93{kT2Wnoyr6ob@_Zsmll|TQUoR*m6xizM1#>8+^M;m93<%ABE0uyUhDW8ywH}~*e zF33>!g=S$%d;qd!@iGME5Fm?$Hka0uCy}^Zor7zyiBQUOG*u__Wr`vxO2!5Z2Z&Q} zF&`vM*(HxrcWSBR8Ah=e7mSpU_CD5yLJ`y@@Re+K|6|6V(mXn{xVN)6sPr zZ1G&54twl52YH56$t0cehg<!>6`i@V@)3<-%Zh1uuCpntsFaF|f6Fs|4^n2nT4C4qGO_;R zE(J*Kx&ufw419&+EXQ8W_?=*jXnVCRxv5PPxQX({6B~B#Y#rz({DjQ_LV;FxRAg*y zE@s_Iy2^L0IehKYL)Xc)BOb323r+mTZYYX`-Ade#z7!hPvs*G%To1(8rrkbEx2ww_ zVm113oW1L_ctr(oED@>&J%@Y~^q#%@&aRGH%Gvzvy>7nRLZdcJNae3(BQ)z{zFasY z;Yms4DqKNt;kTeHYC9RdpX78J{4L}TL68wpa{g5Qxz(8uaOs=@ zyQrE1TX4Ku81A!lHF?tGo^g9)y5h=74fF4Z3`^E4KRJ>NQdoAztMYO9NEZ?MR@Z@L ziaxUZ;Z16N8b1HWdBW?b^WZ<@u7kkK{pT-qEJr+A`=^U#?221gFIPuuRw@+(YKS9Sn8J{9eK<1us z65yQPUi zt1Z|X6&J8oa7nIIBC~0`;l_rtT3uJC9^f+FDp`3t^EP`c=XktaB9e6kXnNRvE@_#= z{&6q#lJm(=eF$%y!55aH=KNvwWKyXvB0WtMLeo#|1+FR0ivF=mDtT}IrwtZZQvBBa zhzURerp}V(Cy%S)PQbOwgGCZYQcscW1A2y=i99&&kc z>K$VDZNA-&DIUTti0o)pGcGCt77sRakQtHySD8EKw6w>m{C9=Vc0SW34q-aviU25r zO7}owK4mv3_C}yUgj$|KxX~@X+A9U$yycD4LXeKy8P;3fWimZbn^m>d1(BS*uXP$* zaox-}VNUH&#oGXxv{*Uw;$VTtUS(*K8n=6Rc&vx?5fIm4aV6(f{hi^cfh&CWw?;qSi4u`YA3yUK6SXWZY;*wifBwsPcI$ zgYb-g+3{+%PRpe+>3bJQ)bN%&R+puvbB3 zJX-ca@c4+iO!CSFXRoH`h$wl`)=b;lCo+?7~)GTx`FiC9Tu! zuX+f=hcGcefT6v}%Te5~o%pz}5HJ@AR;|lsA9YRyS#|T>8+etb6rN7!dRFFZba%D7 zc}jypGN$~C;Hfr|w2cK`1AArNCyg(fle#EDkJ{Pm>CHSnJuM@lx!Wxy^byfpUEXU+ zl{&1(ijQ2{TYg+@_6o$;`Qc>@+v}K@P=DeKi6eQIm4L}`9a9-|-_$$#L84y_Zy;9F zc$nP3eVaa8UWtciJV2oGkyrB*f9)*Tec`fZbDm_kq3v&ose^?ll*!oa?x|Mw`KJT9 z2aD=Vgp#<>A8y^=??__#iCoqoy!PdxStm6d5eMr`M&cv|tbDBe#4fUXqk4X|YD$synKm_k3awNN*-CN_a~up;9ET}E9j6HB zr`0Q7(Zuj{6L8O3RY)O`g1X1R)wQ9}cwF3VQ#u3V zb^uX8oCo5mX{gsVR^qIkfoUo|WR8*LiC4p9j!-RjDWk;)xZ3 z{s0wd#7Xmm^*LS;7rzY<4SRBz<-M@O@D=GAO!C3G)ZS8yAr|Z6_LG+c;8Fj6;LE2d z?hT>wyw0l=%r1?%JI}s4bM2Pc&2<~MMOSt`_w)>-s>f=L#eXyhrkIOw@#-gE{}W`{ zcv{`puk}EEOR@_6NjRAwj#KKt`QmRPds4T&CAJB`hfgEYScfX#j7kkO#TEUbpO+Z` zmMv@p6GoX(oui)x4yZS!9)m=L^i^X2x%5KP;5GuFLBHez`8WCz)xAadq zp*UG@;z-jTArORg#IYQogg9RHAQ$3x`|!i*{xKX8Y6b71lF{ybI2v50M7Xo%xB+!; zjVm_z^6ZSaAN-12_RqE+_>Yc`G&d*858*4ET4H!-+`Ae8r}_0OFekW;eM*j7)okue z5X1nl{q0k9-+u5jG0D+@6nn6=rGf0_VP>+t-wN0K3gu~h)@mETp?YwO=%THavFuB5 zi!Rmx_BIY)o^Q9B29!q&jYmM2sZ((pE_9sz+-bd{{6;;FBo+DQdq3lO*A83cHsg;O z;v5}dyW{UYheiClTIi2&Fhuh#nM=NA=~%!7#x}IHy9IV7-c)1HdnA5^ivA6plt*&E z5-$KCWN)d|#bc&bf9KEh z1>{hcz{3P10w1#cI*{*!QH=if&&PUVcK|S8J=i=&aoTn3$tqU4iZ~J!G*^^W`PAqq zXmV14%84~HGJ*pA>H2H|Kj|M}CB$(S?H_uXSKR*e4xEfRI~UgS%^M2rpJ!Xk^1IWBOyor4|_Pm)G`}zN4y>Ry%F@lbduQtHK)SL1> z$QQy`U3b>fem74yRR8f$n9`$}zw{e{-5}>*4hDOLAe#TY2N7|kmu03NG@ryhBE^+v zC#4CUR|VL9gokwQm_#EHMz5w9z_ZuDg@O>Chq*hF4 zAAy+O9voKWz)ul4W(}t&LxKLy%ED6q`_Et8``h3Gb6DiOYS@Oo-`v`27ySFZUi_=W zEqyEp=oSjmH?Q&Y^MkrfLP8JN+hG2bO9y{@m*^kHO!m>_^fZCX!sX7$&#!hY2Y{7| z3;)+21?bt!<^UI{+!+4Bo9G|g3(6W(f)VJI--rGj(LZF62{e>$h|zmxHb8>PJq|DX z-~S4VShD>48I1%VjZ7e9gX!IGpN)DZGc&VT-L`m<0dV?;C-kphHQEJW4FEY7qh)~b zZJauFDwkj|PN0kY=28%f_&|_V<^ib(bd&IhK>zT^5I*AgiGOhy7_VJ3*qHC5+#nmtj7y%ez0J!v#`iYE{=P7Q{Ivla=e5C9DWVZ$)eEcCadk?!1{W-VogN9={S2H zux*CFhI9u|j+--s{R025k6?)a+WY2@!==`R)@mQxV|cf~5*jELk)>)02kr3{5CcQ= z6Lqz4=3M@U8}t0qA+$hB+bT3}g)(oT(#0n)rUQtz3tgmvv>bYFN(qnf7sq72Ls%{h zBRvTM9&$({A_WMrMg#Cd!T5MERpw>&voOE{v&7@y*H)`tzRYC&qtMv$Y6oNEO)xGS z_-fIWJOwKUi0(CMjp5c~45H3g{aXh(uY!UGdV_w8i?rhp3C67xV!{S+9E&4s__XzGH>u(s?ew{8p;>o-i;z z8t59RHNhaTAZeaLdhLV#r`gIdbdbs^BLIovU3tI=<_KrEqGjK5TiLAAt~^-#b;ds8 zy*j?U1FkUBBDhUWr$#@n{Zf2;$+WFfRwsolskpeeRNxMQ;i)kH1Fj^3-3k9@xnce3 zz;Jgkvp59Ba73C=q2@sDh5Mmc(T8|M>98+t!RY8}b%PPIj%yT*09Ok* z(XA$2_Gmps|18*#H4np)*+m${ck9^od4U;1@$>KZ<@0Q9ZMC6*Ao><~*PD`+II=nt zGRxh0VohvH6uMV^FF-1SxE~A|a?MDpiJ-3b4dsw#Q1&HSfK^ryzcz-XL8Jf*TDO-8 zS)+_nduEFjt=uEiB(1kzmYmA)S|5@##V^2$7BxQXEowiTFP^eE59D!hzjgs=$>YUm zcq5OcKCnlHCXgA;cfk6={$#jnuL7K3B?)|VF1@*#`FK}*iLEofX;n)@c74=q0sQ%!G)cpJ=fem0N!7HEv zxCbsO$n)+gF_Uy#%S-T?f>xu~$K@PjAx#+=5hoqU8~@NTMQ%gt;<8iiU&l?1Smf5L zo=_x#?#p^VB&ApfgPHbhf82yR=zjXVo`ITst`FoAdoOE^G~jujV>_+^3X5C2DeBsy zjk`N=&vn&+KJxPA%fom>9zAc$PXtSn2PIZx(^_gVRQhxho};Dgyu48A#+4($hQ=5B zjy{D78Y0G$dEm0wa{`VZ4!m0X$0`!ZxG@{zUYX!Axi0Urw`mD`2FrbLt~LMu4D}kh zxUh3R=lawm$#$}l&+v90WQ!NqNE9Ms;zV>uKuA^%5ClTPZ8N9egQ*0^HXW^xZqUsoV-_YaQ+WYvtK~UF=Mhuz|-TPzhdbf@wW3mG%<7&(hB|9!15r{ zb!nL2@@j>VSs>ZfcewuU1;~VpKfS&7081@YTPPMbfVoBxpSxR{kByFMdvrrywvC8D zTMVc{=JB(iU_sufc^JXlU(sR$r4E?fq|vOV@e1^FwuHhFwGyd5K>MaQ%Kki|1tu71 z*}?p2xU7c7EgV^_+o0DzIaxZ$&BqoaHZm5->Xt^CM-V{c@HD3&IwsYxuiJBEzj^bf zJR4-?O#z34yBw@hr{cD z=hC;_gWAi2PcKvt-`iUZXTq6d?L{|H>((Dr9I6Yzz{d-F>JZjSy84BVvf8QRzxOrm zDwY1me1xfuuPr?EkLzG43EI3ikst5)M8Jdt7on#GS7n(F1~&*j-7Ogdjm;9aoUPi1)LK(rOmc28no>@``OMe zt@Fl5Q%2#N)#nw~=;x#=>q+MyYpq$EQfY&~0p_@MYzf3h-;=GMLqfqc5nZws-$yBS z^kui<2CODND?ygc!#8x_w3j;V z${*0G8Bq__U)Q7SVi4mO5or`miK+YueejJEB}~N>dyRnFnS5|#HqY>5Hp!jUd;uC6Z@X?(P34)IFrs5l*Rd=XIe?1u+jX%rt{G@O&lRC zx9cAYd){S)U|*7ynW}vi!yA8*>!HY^PkB@x*_G9m_$ZFOI3r4VgbtDyYf?kygCa@)PiizVCVz#ZQe{- zsnMqa$w_tbv&r6Dpo`bTz1|+st<`UGak7nzE&BS%C3}rFZ{lMPeZ5&dm1n~O-m9;b zF1~pm!29g$Y#+yd&oHB`4boOWh+aH;-Gpq`JBjKN-Qf{pAD;KR=LBN9> zkl+Unw^)u|jX?`KYgdg07$^FW>q3=)3t(&13-DQ)gW7;y(nV+uwwFh7u=_cqTY`e> zhxm$8Rq=3q(Bce>+1C3$t0 zp#ZcCE22H!1qBUMpV*))3l@+8>$6Z2=pQ7KoT1X#GhI)YC_Fzm)lxJ$bIDmmAAgVW zivEr6Hvsf-2TSU3jB)8WERXI$QUtV=%GA_4;bP#%MhbK%%H-V*gs<5rdFBr=Ue_Ae z*ktA5(Q}*w1;RjpeRt}Ml8csg!M$Jxa?4y5VPjJu{|ED4$`~s^(#WEQmvkM85}`lc z%wZ$MO(Au25caoXiCS4QBTMn6?1i9Z>^@dp^f@3>rO8T52{+f^QOX3R#3b_q`@!lx zvkx8A<*TN}nm>yQrQ8-g_E=D278fS_eCU%D5)+qoKsJ*oErS?xj{M?3M*H(sb*s-5 z$!@#r$rI+gAYbtX@J`e1UWq$sKgU;PEXFF-lDXYMlW#i)}9VGaV8%`N!Y-` zFZdV8B=ap1P((ZpNo_Qi#HwD_Z|>@8FR_r|qY1D8lVMZeJ&WftrqT^@L(S(qCkRdj znNppHE2^GATw4iQuU-*gD@;ye*m>yeHb$tPs_o})bGY^`jaDD{=5e=tWM>fm zG(l}f8#|y%^(P(JVl4QOFzZw}_OyV{y}LDd@SSo*kP1}Gv>RZ*zMreXbXo0OB-l+! zRxk_+HphA#Yf^CoOF8MR!lz(&W}@fYw>zKN-xY2rB`)t%DTTVxvXx(=U2GagiNQ^o zdsq&8U7Ea685Xn8`k+6_!diI5-bO7Y$0#-(0&-M6%#B%6 zN+4FLzye~akpHu)^li$+GVf|cE-#7PhunD$;vwpF;Y<>EJvr6H* ztb=xtb*Y00sN6&L-ad)X|i^i^>63?3Y@3 zd6BcW`*_P_9J$;09Z%t=rgRqxC31`$5YOi%^driC(ODDWhDJZ^(s z#v&_lyZw*6&U<%-4mn7`7Oh zrm6?^ePo6_<)FzD7-L4%!!sC?q6P&fOFHvk{(5&VWJa>9{+zqRxr~44Ew`TV<&F_n+gXj=UD>KEbJRVe(2hao}LA_4D@VyW2$ z{2Jr#pd&u+36r=i0v@s$fpnv}m7$dK?SML4;4=pk(*qjmUrX0#u;Q}x%W~D}3Qj9! z@n&$&-v$VT9L~nrQbX*y2^Tq3fR^}0LsJ?F%GOBC{%~>lwe_fz55**=#5VevGKnL< z?e#j-30l49%Xg^;$vi8;NdwOPTM5WbF&mH`G);g{hC>(;2RW!Wp^O6TbCp8h%=)1# zqPpC?X6_kfpnhc$OPr%h2bhu<8~V!LFDPK8(tjDB(7>{(TlPE&!C6}n6(v* zzyF4%wy+t?)B{x&AHFEVolV}z;&?Ef*aO#ZT|pt4ExEHJFLw9zU<<|+E(NrA zU;zx0c}iE&he@rYV;j#~af!ca;3F=3xG^TfK73OwZbVKc4yYa)G+mzL-F9aTc2wL} zvc5J^6N=alu|xrvO0wYQ_VzB>K~s$c$${Nv4A}ydK>Ts%!1xtcX05kVr|a`Rpuc+* znnbx9B+R}i(p-5tB|}CC5ZLJD-L4X$)JlTfU20^`!@W(+E?4qy^>h28E_adUMiufh zYJt44JaWstl;-S>J|*82RtDjn%`;-IK-=ISv|ZPW+fDp)M_a2N$We#m2btZyy{cOu zvDBha1agjd*arY_qvynp8wW-N;AU+Luz|FK{eoxmJE1p`aWJ;Q<03JF7N{+RRl9lu zi0Fu&Ix#%{5t_JvdCW@p9cZdX$r}O4v6u`aApnxa6Ap*&f~$6L|E(KXD89OCnL5BV zrb@$qPTqSeI0oiDO{st!e)8tg|1%d24^wVM8lo6wdQw5MdfVH z60fqKWv%&-anrSxsu(S$D;=aYnR_^>Zq1TizTG>afA5KqkoMZkbV1ECU_FvqqK(ay z=ju1~W)5MH`2OuvqSdL3lgwXZH->Ud21UY&(BA<#Px{fu{cwYbN7yjr#g!d<^75+rrk}C&OL&h!F%Y zJ1Z3{>CWldQ}O3nR7G67L*->;x)dM0^(@OvQ?Q(CRh%T9{ern}f3*QN!i34VYEKsp zVPynil)|S{+1~LxJtKMR?L0!`m1JM@;SAonF!^1)n7dJaH*NDR8&2zs6bx$HJLyqV zZPH?9w(`{2Y5vWXb6*en&frKG9E-5Q`xop_WY*Q;kp<)4;hx)oXw>JYyx8^J&3d@f zBr;YC&t0<~-Dd8#7e*}f3j_$f!=~?jk{wuci38bq7dX>8G%&29Z{o?0_Z~tm z-Tlnm1B*w$ed>V@vRuLUI+#3r$wtm}B=ST+a~>cvsY5mnJG*B~<6d{E_SR*P z)$SknlTr#)!NMO%E`Q%`#^GfhF}wq%Ef-E(s~VkuJjfkDLgt832j_(jA9RKGycpRVXU(-fZpL9WI7kFQeK#yv)Dq{2fr~Ko$48Q9_f47Oh1t7}3(JkUea2WbWiwP4BF1!-0RugS*Ymk#i4NXUuY$7^X}_J` zQ%G|Fo#~`f&Y?E#YGT=Lj%vU!i?^0T@dHeIKjQW?^=b~gXV49f$D-)O_L9WnLZt*Q zIG%fdMWFTyjNvhvIi*%gKuC4g9i|}-rIW(zDPVG;j1;--2i=LC{_IUHv)%dQG}1qK z`D))i#Zbmw9iM>%fqSu~zLUH)Sny*_!)0at@KZhws3tMwj1*vaFs-$qVs}nRhLg0Y zwE2$h%f5BJ+~qcQtF-CvK4{y`5)?}VwzLje>h2nw)Zy_wy-E(S_;=vE*uM(j~AJ8 z!t5Zhnm?*<-5)Q6VAM*({xG_gQO1l;eYPgEG`-V~oQM}*19&t~#09JR0e?Y)I5P9sA}L^4!(}#4!8a5d zlnbgX0roLD1z_~>1o9T^WdbGu3AN?jfZjD6ad@tFn_&Ocen%(Y6 z+<^0Tgeh@9JVOAeQXQg028tFv>DUAdffwjIMopanJuL%d4p*4QN81SdB*KIg zAld@gvq>P0t->H!Elx@I$*DOrr@3x5dPb9UGR!I&E1K!qOw#*iTeeBffWW||^-VI) z!sZR|wEFoF1HGho(#_oQ=XGD0T?WSrZi6XLcjv zDnmi%kx|nS&D5WU^Kd4na@aUHXv9b3m)6ozSEu&II-o%-t5o2vR$Vt)fE>jw6dh$K zV`1{9bH2Msp=?G#WBG^HCm+ba<$6H`|3H619SVt~oYoo1a`f)gqi&KyfT6Zu1yBQY zUecfh#-n2oCZ8@1C#LhC2Zm<1#8x_M1N0~z_I-G2!4WWEJ-{-8ERR&O{CPEfto-K1 zfc4ion!sEVNc&>$mmh8!I9!z%LDag8#q_hiQRJ!(@Ln%o8W{ZyXzA^N-d`inlb|NO za-x}Ll8ncFm@5FO}9=VP3= zcDd9SP%6hbv-~|6rbyKVLJDs~P&Pc(3q88DwB_l0p9C2>0a*j@W=|>!!YHdTLFepp z;{JZ@lu|5Xh3e4JlUkmv|NFT|M@O47aS~c^Y3b=^vdmR1D6=gw%1a$F0+z9k))&oK z1`d*R4%mUl$IEL6b-X3#tE*me8J`Dq{ZBY=wV)td%G0TsUYe6RndfyxJUq4*Tmx>Q zW1yAJsaOEcijR*Bo|xQcu>&m8zJ%})8eDlJoF4c0s(Aa{)+;vv6CN=bx3NuKa1UH<`dQ!UkjV>Y8$(ULq3Paq4d^0$VDiq?F`w2F)_V}^`k$i_v2#fKAM z+VsLL)hD8Q_phB4<#V|OTr7(RjhfA)$Xs)Qp=XgO^%skHh_V16>>;JHDmCHt8`VIa%bSi2~RLwH-?SO9dln^c0MjXo~c92 zcci~M+4gpT*6Q#p4$c8e31fMt3IW{|r5;b?*IrMxLjRgY&XTUKyQP3K^@3;G3u}ix_<8e)%QM&BJC)dn1fo5qpup$B3 z!t3dgtGjt2=5$rS;ApV|cGSaP5n5O-^(~YNddb8n2t6=+U{Du(qXS=R4L-|zcig$A zzM`YXbLqxy9qvcP-=(Y7IYNAsg?ms@;dKYm0_yS={qL6qK6AY_c$2;r5)l*5+aOro z+&EYuaq#X6OvXY0ugQTZN=NN~UUaoKTmDpjbvf`;`bw|L8Zua}@3!Ie?yl!)ag1 zeP6%62Y>dP|56GA47hq3v>nx6fQ9`Mg^Dzn$TI(}rvX~(iI>A;i*Gvl4d$x(Aa)&A zQX`1PL{O3iyR`{A#og(WcGw^}xqe{P+zq}4U$&^ou3cU6$BjtB7@c+i8#WSia&n*> z4g&zT!Rg$Z{jCIuAN4deW|6%v|MP)WyczOB`+Aij+WS>nTgEb`18HhAczLZ7ht>ic zgSMQ3wDEvB8L{F*MhO)T3~O+IK%rvBDt%zpe{xdnA(30 z4^ls1z4l4|#iTJ1Os?qbRJry=%-`g$$gYh5c9I;7+Jp@e_z$BhKo7W@htq8|I|Ez; z2JleswT4s?EH89j9QPwdz}Dc;MD<}V2kn#wdF`H#xj`rA`AG*L=!cFym#6Pb^NNJ2 zCS4>NWNzdf)WUWZ7Aht0k!86KQP)dZXf4Z`w-U=Z?V7_@wLGa0mdwn?D;=Z>nmt6k zTPu=aq%k@4%Sjv;FerYjjUUVM``bzXi?Nl#XWsh==0E~=&(Q~8uP?d2Gm9p}UHp5w zusdFSV4Wg3j;~GIwr=1t?Z@rs#%589#@>C&9$Rmi&sNc>sx)vv=Mv?!=rx-CdO=SP z2WAb!=_|8_*@D^2En7VSTKK0k?>Jgt#4M`ksKhjM-3uIw+(|74LNgJsv%vwuc?s=gNVb{VP5dTiv^hag9Lgm(eu(eSQ$OF^D`{Vuop( z=HG>N`U+N_!`Hm(^vjYS?eI*YD zniE;xEB|s7pOY}ivR2;obJVG{{LFsV9xDNEixGUTB~E7y|CjmEk3}4PYJ9a9hMnZUB5lm!Sn<&-2a>zbiaS@LhCke^NH~TQ zhYfpdt%eMh_x)w=#>_*~{1el8y=@`d_D!YyJ?RtX;CdiX@`&RKDM(zda$oy_0Ru2J@Bnbh93qSPhJ<*CqRU_2-AhSyjpuQ6c|4F#F67Yqas0 zr?ahvA@}0>s^D90Q<|l;B!t6#F6!T*2YgcbYuP#fl%UO8{(WQ2QBaiNd$gNH)LoV8 z<6nJ@v-&ud8B@HXvvW*v9Ol&2kv-4X6uC^8DK01<_qSoFnCOCpqM zqanAV`{Ov9d=$99_TIXoGxKFl@(K7Hb^go*Bb_nj#*gN{C$Pd>^a3WKF#RQ;`OkzB zO@=$q#wdrJ?~iaNi-zSciP^^H#+Mx=k!`=j!TB`G6V)iN33V4fwn}tV4eFYCp?`mMpgc7!4CIBs^DO_B+n!9^U$&vnH-4UV z$t@%NaTaVL2YHDuFjdjw;PP04Zb>X3D(Op3rQ6S#$gK`u&ZcYQaRw*#X z^{_Ntc6@g&KKU5Ku7buq!56QtcYln>ed)~BQFOt#T5xUBNjVo=x*T1!>m%4;4(?d} zYMml>NYf@}1vIj(9rv>{9ko`sbk-xd(XtY}qpSxe?2Hnn^F*IMD1AsU2*_Od*S5R_ z?x5i01yXF#y#+zF%zE7~#y1NdMPzrSL*tWXrVG63>(sZCDUdhhV{x<5XuR8G zG50|c(sA~C_N|^AHUHdWQmt0@iz3>Gj(xJG`|?HP9AC&$llsa~k-C}L z9I(NRBItL3{{ZbS>&?Z9={5@Y;05%?R1*`UVO5Wg-95TmV|B_h0^7QmV&WzNyK1$? zD2lsp--N-~E7u$vL7G!RhXq&0-EI1fDPS>T7n=d&sjR2uK+Mv=ngZ|zT47a7zu(o% zrNUtWa8p+oJD?=bVM{GXtS0K-DC?D4=>S&00!~!xz>)r6sU+~aC@(%PERa}h1b#Q< z`4w(kPCyVYDOc3iUUbu^>oP=x`G{DSA5eqgJG_*CyoeR~2&Tjw%fLzq{0#RY5Oj*5 z!3jAQ81D_Jam<6IYq5XtjfMKKBlf=ul*NWnEy4$+I2e5Ld07IkWFEjs$vjrJnEi)3 zK!)C~_q9m~V?o?OwO@aZK&{RN;zKLMdHW?e;_j%0*HkIJQ!c={(8(4N0@@Z~;5;dq zIjk2ttLE=4SkehkF#vAh>?YA@|aDJze|n85WF zi4QF?aYk_|(k3P*GvIIBR?40OMQeLA-0D>UA6hxDK1rcG9Lk~m zDA4xujxB*7j9+}24tbcsIdEB=)LMvO(mNU9+h4I|QmSADDF+N!1+SJ$$y*$#;uBgD z9bM+HUmG|Ko$4hX-QXc?mj@H&IgM=7;JSYCet{wW%j&TlNG zf#r1o)WW6jx^{MrAS@rmVZOnnrz8psm@JD#Ku;V5=+~+@fn#b3kXES;&JYbA8js|L zzJR0TI4tIJ82TU)_&|Ixw+aBa1S%3Ug3t5{6$|hvFwZ(R$5n*DlM9IM}i zGz)S`0gfJEjUzRIk%k};DZI7`=$e>zTT@g1;OD@L9u&xh=saL64S(a|A()8^*%IOg>O z|8zN-EadVAjV4!-BjUEKdyxK!r($m2d z_^*X*!Im%vMM6u*@ec}iseB7>=w_I>W87s|kXlwlg_0apDWrr_8mMS> zZ(LvwGZ<4i^o26Omp0LQTU{PZ`K|$eUiaZI8frJKr`E3Uhe~E3P?(3c=Xx0fcq@PI zy`W?ep@|C$3PKSMK@ChK00@5)t9r*`@Ofa&@eyY-Lp0DMQDfvy5Xp*_jghOc5|%Mg zesj?744=+NmRd3K$bVtt0f&;|VzWZe6{rMYuz{paUv?jI9IWdpxujfxt5x+Jjox4X z;zgCxbf}?JJTe8LX@O3Y$t}&HqQ3CNtroy!Qnx?Z9ZO$~C?SYC_|HHm#-!L7Vg%yO z8cYw7dD<2P@2^G$hphK{_;{d^SED1qTVKUFlpvS#z+dmDO}o_L2v| zr0k3F41ozvDU`of8XY|d;a6a-v2;AQw*i3KaLKr7hV!d4;Lh@QM`Qs+0K-cRB91vA zG6wCSX)D~(sCq**EC!NS#jD~c;6MnMowW$n&v;DcFK!nvl)}@C))OfuFnMDBGjP_i zrnh8`wSne-MJwpG`!*>@0MG-FTQ3QmlIc-4dKFtF;83W|j{l(&11 z;REh}X#$Wt9bBrASyn;a0Df^Tk8JgHbbzqqQ6M;T7aD4`wzL$d(XwHmPoe~C*}29B zk{(Epv)chBxceCh2FmZ)O+VJuu5t~o$nG=#NV*~X{VQR#UgWqK<|z~gYXYY6$hX#n93BmoQgkd~Gfn9j@A zND#4B3&e5{@qwh;I!f{e*y4B=eXn~%kroZOnis>J=ZYh*e}B#FsK00)XMpAbQsV~| z2c_0W-?XNBSVl^;Fq~31*rJWv9>?*@Jw=1dx4jY!%8XFB0ZlXA!`H3UQ_#*rt}iFZ zm(e?3j8KpBsxs-&{p%Ysb88l=HY#6+tGOgc5gnDjF*%8bD@pe0y~F6+#@QDgkOh!x zG>yZIK)!lv5K$Qh{mmnVUG@9ISLKij=^NORi@#V2XyEU=}IQ zZ1khtd2#TTbx}*srCR|`l6IL) zDTa5ElnfUHMI7KqVLYdTx@M5!P8UR`oR~q-JXN2&moQw>ve=oFLeG~}yq>XBbZ4!LcIOJ4 zwXD_hHqg9J5(pI|^F=0?MLskyF{(NIKfa#yP0l}gfc%xH4iYjX!vGsF8MQ`*P zw37g9R!s)T!E|?Z)tk`uCFE{Iq_2QfT(?qlq$_gt86---ew_h}<1QF<4f~OE?;JQ+ z|L{NyO6|bdNc$SdMp_?KYQ^3Bp0Sq?gWn>aAtnCR-QwV?Qc5Af z5z**gV1~Jr$ikq47h5lAU6NXu^wJ0-nuJe~P{X)imB7NYNbRC$!MKYAM{-F^i+UJ| zg;M%C)~5j`y@bYw26>8L))ce~T@|oh?aP{7Tx)hvu;S8rmpjI#CS){o1?M ztswcD%LZ-X+|t{#A$V)HKj~tv916fhq9q2yl>Rf<-J9{JbbpS4 z#rF0uP-@j*qF{Oa_GlifQIITJ%?R)=k@vSZ9pE2(=XocbQ2|u~FR!R#eWa@x)ZyN6_owzp-Lg5jEoIcU@xXiEo3_h=^(f?jpu0c5(;#pZNqc= z5pqEnh9KU1W=0Dh)V&F>R=d>_CjGFkY=Gb*0~O6MBsuUpIC9*;?toYQtOutuK@pJ| zcM?61=?~>*kkhYk!yJ?LQg$h!wb!qyw+Nz4eQ;@jC!r0T9qtSIfQZyy0^`TO0d*6Y zr+GykcCP$y`26>~g4X-tpNe2q-C;IdJO|K@07Msuc~$kl7L14V9|^DP69gjinHmV2 znZ%PQ%FlovHL4zhb$LI0Ln7S2jLKcxfnmgl38)2ES8WvhqxbNuf4+y93B(u70}VL) zlIn$~;S~U*5dGWJe&YP}Uyt@*`eA24BH_=fssDj^CO}vQ|BLWMuMxD|K&KCo27oG+ zxF5FH@2<^N>VMFgzo<+9{Ow=q;XfEXv@eK=Zr%M`>`nMMB17-Lzc+XY13E_Z_w)FF zE?fWa7x?cJ`0o?=?-Tg%6Zr2F`0o?=|K$mMXy7ybd34M)B(J-S`I Date: Tue, 9 May 2023 09:38:46 +0200 Subject: [PATCH 170/870] Swift: fix autobuilder extern definition --- swift/xcode-autobuilder/XcodeBuildLogging.h | 4 ---- swift/xcode-autobuilder/xcode-autobuilder.cpp | 3 +++ 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/swift/xcode-autobuilder/XcodeBuildLogging.h b/swift/xcode-autobuilder/XcodeBuildLogging.h index 8dfc3111c4d..9d72b20c2d3 100644 --- a/swift/xcode-autobuilder/XcodeBuildLogging.h +++ b/swift/xcode-autobuilder/XcodeBuildLogging.h @@ -2,10 +2,6 @@ #include "swift/logging/SwiftLogging.h" -namespace codeql { -constexpr const std::string_view programName = "autobuilder"; -} - namespace codeql_diagnostics { constexpr codeql::SwiftDiagnosticsSource build_command_failed{ "build_command_failed", diff --git a/swift/xcode-autobuilder/xcode-autobuilder.cpp b/swift/xcode-autobuilder/xcode-autobuilder.cpp index 8c6650094ba..4fcdca5a38a 100644 --- a/swift/xcode-autobuilder/xcode-autobuilder.cpp +++ b/swift/xcode-autobuilder/xcode-autobuilder.cpp @@ -4,10 +4,13 @@ #include "swift/xcode-autobuilder/XcodeTarget.h" #include "swift/xcode-autobuilder/XcodeBuildRunner.h" #include "swift/xcode-autobuilder/XcodeProjectParser.h" +#include "swift/xcode-autobuilder/XcodeBuildLogging.h" static const char* Application = "com.apple.product-type.application"; static const char* Framework = "com.apple.product-type.framework"; +const std::string_view codeql::programName = "autobuilder"; + struct CLIArgs { std::string workingDir; bool dryRun; From 0d9dcb161f2d6039b1dea903b9dc6edce0453f50 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 9 May 2023 10:01:38 +0200 Subject: [PATCH 171/870] Swift: auto-flush logs at exit --- swift/extractor/main.cpp | 2 -- swift/logging/SwiftLogging.h | 2 ++ swift/xcode-autobuilder/XcodeBuildRunner.cpp | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/swift/extractor/main.cpp b/swift/extractor/main.cpp index f195193e5d7..82bc9cf1d73 100644 --- a/swift/extractor/main.cpp +++ b/swift/extractor/main.cpp @@ -227,7 +227,5 @@ int main(int argc, char** argv, char** envp) { observer.markSuccessfullyExtractedFiles(); } - codeql::Log::flush(); - return frontend_rc; } diff --git a/swift/logging/SwiftLogging.h b/swift/logging/SwiftLogging.h index 4a24996ad6e..d904a66553d 100644 --- a/swift/logging/SwiftLogging.h +++ b/swift/logging/SwiftLogging.h @@ -110,6 +110,8 @@ class Log { Level level; }; + ~Log() { flushImpl(); } + // Flush logs to the designated outputs static void flush() { instance().flushImpl(); } diff --git a/swift/xcode-autobuilder/XcodeBuildRunner.cpp b/swift/xcode-autobuilder/XcodeBuildRunner.cpp index 4c20440c3b9..675f56ab671 100644 --- a/swift/xcode-autobuilder/XcodeBuildRunner.cpp +++ b/swift/xcode-autobuilder/XcodeBuildRunner.cpp @@ -65,7 +65,6 @@ void buildTarget(Target& target, bool dryRun) { if (!exec(argv)) { DIAGNOSE_ERROR(build_command_failed, "The detected build command failed (tried {})", absl::StrJoin(argv, " ")); - codeql::Log::flush(); exit(1); } } From 08c43bc9b02e18ae948a9d4d1671c34f671fe295 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 9 May 2023 10:11:13 +0200 Subject: [PATCH 172/870] Swift: move diagnostics definition to the source file --- swift/xcode-autobuilder/XcodeBuildLogging.h | 13 ------------- swift/xcode-autobuilder/XcodeBuildRunner.cpp | 12 +++++++++++- swift/xcode-autobuilder/xcode-autobuilder.cpp | 2 +- 3 files changed, 12 insertions(+), 15 deletions(-) delete mode 100644 swift/xcode-autobuilder/XcodeBuildLogging.h diff --git a/swift/xcode-autobuilder/XcodeBuildLogging.h b/swift/xcode-autobuilder/XcodeBuildLogging.h deleted file mode 100644 index 9d72b20c2d3..00000000000 --- a/swift/xcode-autobuilder/XcodeBuildLogging.h +++ /dev/null @@ -1,13 +0,0 @@ -#pragma once - -#include "swift/logging/SwiftLogging.h" - -namespace codeql_diagnostics { -constexpr codeql::SwiftDiagnosticsSource build_command_failed{ - "build_command_failed", - "Detected build command failed", - "Set up a manual build command", - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/" - "automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning", -}; -} // namespace codeql_diagnostics diff --git a/swift/xcode-autobuilder/XcodeBuildRunner.cpp b/swift/xcode-autobuilder/XcodeBuildRunner.cpp index 675f56ab671..4cdc6b500dc 100644 --- a/swift/xcode-autobuilder/XcodeBuildRunner.cpp +++ b/swift/xcode-autobuilder/XcodeBuildRunner.cpp @@ -5,7 +5,17 @@ #include #include "absl/strings/str_join.h" -#include "swift/xcode-autobuilder/XcodeBuildLogging.h" +#include "swift/logging/SwiftLogging.h" + +namespace codeql_diagnostics { +constexpr codeql::SwiftDiagnosticsSource build_command_failed{ + "build_command_failed", + "Detected build command failed", + "Set up a manual build command", + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/" + "automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning", +}; +} static codeql::Logger& logger() { static codeql::Logger ret{"build"}; diff --git a/swift/xcode-autobuilder/xcode-autobuilder.cpp b/swift/xcode-autobuilder/xcode-autobuilder.cpp index 4fcdca5a38a..ca6dbe5dcac 100644 --- a/swift/xcode-autobuilder/xcode-autobuilder.cpp +++ b/swift/xcode-autobuilder/xcode-autobuilder.cpp @@ -4,7 +4,7 @@ #include "swift/xcode-autobuilder/XcodeTarget.h" #include "swift/xcode-autobuilder/XcodeBuildRunner.h" #include "swift/xcode-autobuilder/XcodeProjectParser.h" -#include "swift/xcode-autobuilder/XcodeBuildLogging.h" +#include "swift/logging/SwiftLogging.h" static const char* Application = "com.apple.product-type.application"; static const char* Framework = "com.apple.product-type.framework"; From e17a8d03ab8e2b870249e21ff8cf1a585f111893 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 9 May 2023 10:13:42 +0200 Subject: [PATCH 173/870] Swift: add diagnostic for no project found --- .../no-build-system/diagnostics.expected | 17 ++++++++++++++ .../autobuilder/no-build-system/test.py | 5 ++++ .../autobuilder/no-build-system/x.swift | 0 .../xcode-autobuilder/XcodeProjectParser.cpp | 23 ++++++++++++++++--- 4 files changed, 42 insertions(+), 3 deletions(-) create mode 100644 swift/integration-tests/osx-only/autobuilder/no-build-system/diagnostics.expected create mode 100644 swift/integration-tests/osx-only/autobuilder/no-build-system/test.py create mode 100644 swift/integration-tests/osx-only/autobuilder/no-build-system/x.swift diff --git a/swift/integration-tests/osx-only/autobuilder/no-build-system/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/no-build-system/diagnostics.expected new file mode 100644 index 00000000000..9b0d377ed27 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/no-build-system/diagnostics.expected @@ -0,0 +1,17 @@ +{ + "helpLinks": [ + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning" + ], + "plaintextMessage": "No Xcode project or workspace was found.\n\nSet up a manual build command.", + "severity": "error", + "source": { + "extractorName": "swift", + "id": "swift/autobuilder/no-project-found", + "name": "No Xcode project or workspace detected" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": true, + "telemetry": true + } +} diff --git a/swift/integration-tests/osx-only/autobuilder/no-build-system/test.py b/swift/integration-tests/osx-only/autobuilder/no-build-system/test.py new file mode 100644 index 00000000000..37aaa3ce344 --- /dev/null +++ b/swift/integration-tests/osx-only/autobuilder/no-build-system/test.py @@ -0,0 +1,5 @@ +from create_database_utils import * +from diagnostics_test_utils import * + +run_codeql_database_create([], lang='swift', keep_trap=True, db=None, runFunction=runUnsuccessfully) +check_diagnostics() diff --git a/swift/integration-tests/osx-only/autobuilder/no-build-system/x.swift b/swift/integration-tests/osx-only/autobuilder/no-build-system/x.swift new file mode 100644 index 00000000000..e69de29bb2d diff --git a/swift/xcode-autobuilder/XcodeProjectParser.cpp b/swift/xcode-autobuilder/XcodeProjectParser.cpp index 5fb20ad625a..36f1361bfca 100644 --- a/swift/xcode-autobuilder/XcodeProjectParser.cpp +++ b/swift/xcode-autobuilder/XcodeProjectParser.cpp @@ -1,6 +1,4 @@ #include "swift/xcode-autobuilder/XcodeProjectParser.h" -#include "swift/xcode-autobuilder/XcodeWorkspaceParser.h" -#include "swift/xcode-autobuilder/CFHelpers.h" #include #include @@ -9,8 +7,27 @@ #include #include +#include "swift/xcode-autobuilder/XcodeWorkspaceParser.h" +#include "swift/xcode-autobuilder/CFHelpers.h" +#include "swift/logging/SwiftLogging.h" + +namespace codeql_diagnostics { +constexpr codeql::SwiftDiagnosticsSource no_project_found{ + "no_project_found", + "No Xcode project or workspace detected", + "Set up a manual build command", + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/" + "automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning", +}; +} // namespace codeql_diagnostics + namespace fs = std::filesystem; +static codeql::Logger& logger() { + static codeql::Logger ret{"project"}; + return ret; +} + struct TargetData { std::string workspace; std::string project; @@ -253,7 +270,7 @@ std::vector collectTargets(const std::string& workingDir) { // Getting a list of workspaces and the project that belong to them auto workspaces = collectWorkspaces(workingDir); if (workspaces.empty()) { - std::cerr << "[xcode autobuilder] Xcode project or workspace not found\n"; + DIAGNOSE_ERROR(no_project_found, "No Xcode project or workspace was found"); exit(1); } From 8f26c7e2d22d5237a5390f045274263d65c6c7f4 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 9 May 2023 10:52:26 +0200 Subject: [PATCH 174/870] Swift: add one more help link to diagnostics --- .../autobuilder/failure/diagnostics.expected | 3 ++- .../autobuilder/no-build-system/diagnostics.expected | 3 ++- .../xcode-autobuilder/CustomizingBuildDiagnostics.h | 12 ++++++++++++ swift/xcode-autobuilder/XcodeBuildRunner.cpp | 9 +++------ swift/xcode-autobuilder/XcodeProjectParser.cpp | 9 +++------ 5 files changed, 22 insertions(+), 14 deletions(-) create mode 100644 swift/xcode-autobuilder/CustomizingBuildDiagnostics.h diff --git a/swift/integration-tests/osx-only/autobuilder/failure/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/failure/diagnostics.expected index 737e28baae1..fdb36dc401b 100644 --- a/swift/integration-tests/osx-only/autobuilder/failure/diagnostics.expected +++ b/swift/integration-tests/osx-only/autobuilder/failure/diagnostics.expected @@ -1,6 +1,7 @@ { "helpLinks": [ - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning" + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning", + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language" ], "plaintextMessage": "The detected build command failed (tried /usr/bin/xcodebuild build -project /hello-failure.xcodeproj -target hello-failure CODE_SIGNING_REQUIRED=NO CODE_SIGNING_ALLOWED=NO).\n\nSet up a manual build command.", "severity": "error", diff --git a/swift/integration-tests/osx-only/autobuilder/no-build-system/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/no-build-system/diagnostics.expected index 9b0d377ed27..1e988936c9a 100644 --- a/swift/integration-tests/osx-only/autobuilder/no-build-system/diagnostics.expected +++ b/swift/integration-tests/osx-only/autobuilder/no-build-system/diagnostics.expected @@ -1,6 +1,7 @@ { "helpLinks": [ - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning" + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning", + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language" ], "plaintextMessage": "No Xcode project or workspace was found.\n\nSet up a manual build command.", "severity": "error", diff --git a/swift/xcode-autobuilder/CustomizingBuildDiagnostics.h b/swift/xcode-autobuilder/CustomizingBuildDiagnostics.h new file mode 100644 index 00000000000..7920e4a62ca --- /dev/null +++ b/swift/xcode-autobuilder/CustomizingBuildDiagnostics.h @@ -0,0 +1,12 @@ +#include + +namespace codeql_diagnostics { +constexpr std::string_view customizingBuildAction = "Set up a manual build command"; +constexpr std::string_view customizingBuildHelpLinks = + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/" + "automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning " + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/" + "automatically-scanning-your-code-for-vulnerabilities-and-errors/" + "configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-" + "language"; +} // namespace codeql_diagnostics diff --git a/swift/xcode-autobuilder/XcodeBuildRunner.cpp b/swift/xcode-autobuilder/XcodeBuildRunner.cpp index 4cdc6b500dc..4bbb269f3ae 100644 --- a/swift/xcode-autobuilder/XcodeBuildRunner.cpp +++ b/swift/xcode-autobuilder/XcodeBuildRunner.cpp @@ -6,15 +6,12 @@ #include "absl/strings/str_join.h" #include "swift/logging/SwiftLogging.h" +#include "swift/xcode-autobuilder/CustomizingBuildDiagnostics.h" namespace codeql_diagnostics { constexpr codeql::SwiftDiagnosticsSource build_command_failed{ - "build_command_failed", - "Detected build command failed", - "Set up a manual build command", - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/" - "automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning", -}; + "build_command_failed", "Detected build command failed", customizingBuildAction, + customizingBuildHelpLinks}; } static codeql::Logger& logger() { diff --git a/swift/xcode-autobuilder/XcodeProjectParser.cpp b/swift/xcode-autobuilder/XcodeProjectParser.cpp index 36f1361bfca..9ace4b43696 100644 --- a/swift/xcode-autobuilder/XcodeProjectParser.cpp +++ b/swift/xcode-autobuilder/XcodeProjectParser.cpp @@ -10,15 +10,12 @@ #include "swift/xcode-autobuilder/XcodeWorkspaceParser.h" #include "swift/xcode-autobuilder/CFHelpers.h" #include "swift/logging/SwiftLogging.h" +#include "swift/xcode-autobuilder/CustomizingBuildDiagnostics.h" namespace codeql_diagnostics { constexpr codeql::SwiftDiagnosticsSource no_project_found{ - "no_project_found", - "No Xcode project or workspace detected", - "Set up a manual build command", - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/" - "automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning", -}; + "no_project_found", "No Xcode project or workspace detected", customizingBuildAction, + customizingBuildHelpLinks}; } // namespace codeql_diagnostics namespace fs = std::filesystem; From fc40673982cbd58b954898c8c4f30755e04ca168 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 5 May 2023 13:58:47 +0100 Subject: [PATCH 175/870] Swift: Add Swift to supported-frameworks.rst --- .../codeql/reusables/supported-frameworks.rst | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/docs/codeql/reusables/supported-frameworks.rst b/docs/codeql/reusables/supported-frameworks.rst index cd1112a6e0c..468e83eed6f 100644 --- a/docs/codeql/reusables/supported-frameworks.rst +++ b/docs/codeql/reusables/supported-frameworks.rst @@ -278,3 +278,32 @@ and the CodeQL library pack ``codeql/ruby-all`` (`changelog `__, `source `__) +and the CodeQL library pack ``codeql/swift-all`` (`changelog `__, `source `__). + +.. csv-table:: + :header-rows: 1 + :class: fullWidthTable + :widths: auto + + Name, Category + `AEXML <>`__, XML processing library + `Alamofire `__, Network communicator + `Core Data `__, Database + `CryptoKit `__, Cryptography library + `CryptoSwift `__, Cryptography library + `Foundation `__, Utility library + `GRDB `__, Database + `JavaScriptCore `__, Scripting library + `Libxml2 `__, XML processing library + `Network `__, Network communicator + `Realm Swift `__, Database + `RNCryptor `__, Cryptography library + `SQLite3 `__, Database + `SQLite.swift `__, Database + `WebKit `__, User interface library From 0d1df816674092bd414c80da5b2c1647017ee153 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 9 May 2023 09:35:08 +0100 Subject: [PATCH 176/870] Swift: Update supported-versions-compilers.rst --- docs/codeql/reusables/supported-versions-compilers.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/codeql/reusables/supported-versions-compilers.rst b/docs/codeql/reusables/supported-versions-compilers.rst index 04bc890c707..34d02f23fd7 100644 --- a/docs/codeql/reusables/supported-versions-compilers.rst +++ b/docs/codeql/reusables/supported-versions-compilers.rst @@ -24,6 +24,7 @@ JavaScript,ECMAScript 2022 or lower,Not applicable,"``.js``, ``.jsx``, ``.mjs``, ``.es``, ``.es6``, ``.htm``, ``.html``, ``.xhtm``, ``.xhtml``, ``.vue``, ``.hbs``, ``.ejs``, ``.njk``, ``.json``, ``.yaml``, ``.yml``, ``.raml``, ``.xml`` [7]_" Python [8]_,"2.7, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, 3.11",Not applicable,``.py`` Ruby [9]_,"up to 3.2",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``" + Swift,"Swift 5.4-5.7","Swift compiler","``.swift``" TypeScript [10]_,"2.6-5.0",Standard TypeScript compiler,"``.ts``, ``.tsx``, ``.mts``, ``.cts``" .. container:: footnote-group From f619a63f6fabb0d1366069374ee51b3aad28c70c Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Wed, 3 May 2023 15:17:03 +0200 Subject: [PATCH 177/870] JS: Make implicit this receivers explicit --- .../EndpointCharacteristics.qll | 26 +++++++++---------- .../adaptivethreatmodeling/EndpointTypes.qll | 2 +- .../NosqlInjectionATM.qll | 12 ++++----- .../adaptivethreatmodeling/TaintedPathATM.qll | 6 ++--- .../modelbuilding/extraction/Labels.qll | 2 +- .../modelbuilding/extraction/Queries.qll | 2 +- 6 files changed, 25 insertions(+), 25 deletions(-) diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll index 6bb2f29d05c..5d289d4512c 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll +++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll @@ -220,7 +220,7 @@ private class DomBasedXssSinkCharacteristic extends EndpointCharacteristic { ) { endpointClass instanceof XssSinkType and isPositiveIndicator = true and - confidence = maximalConfidence() + confidence = this.maximalConfidence() } } @@ -238,7 +238,7 @@ private class TaintedPathSinkCharacteristic extends EndpointCharacteristic { ) { endpointClass instanceof TaintedPathSinkType and isPositiveIndicator = true and - confidence = maximalConfidence() + confidence = this.maximalConfidence() } } @@ -256,7 +256,7 @@ private class SqlInjectionSinkCharacteristic extends EndpointCharacteristic { ) { endpointClass instanceof SqlInjectionSinkType and isPositiveIndicator = true and - confidence = maximalConfidence() + confidence = this.maximalConfidence() } } @@ -274,7 +274,7 @@ private class NosqlInjectionSinkCharacteristic extends EndpointCharacteristic { ) { endpointClass instanceof NosqlInjectionSinkType and isPositiveIndicator = true and - confidence = maximalConfidence() + confidence = this.maximalConfidence() } } @@ -296,7 +296,7 @@ private class ShellCommandInjectionFromEnvironmentSinkCharacteristic extends End ) { endpointClass instanceof ShellCommandInjectionFromEnvironmentSinkType and isPositiveIndicator = true and - confidence = maximalConfidence() + confidence = this.maximalConfidence() } } @@ -335,7 +335,7 @@ abstract private class NotASinkCharacteristic extends EndpointCharacteristic { ) { endpointClass instanceof NegativeType and isPositiveIndicator = true and - confidence = highConfidence() + confidence = this.highConfidence() } } @@ -354,7 +354,7 @@ abstract class LikelyNotASinkCharacteristic extends EndpointCharacteristic { ) { endpointClass instanceof NegativeType and isPositiveIndicator = true and - confidence = mediumConfidence() + confidence = this.mediumConfidence() } } @@ -685,7 +685,7 @@ abstract private class StandardEndpointFilterCharacteristic extends EndpointFilt ) { endpointClass instanceof NegativeType and isPositiveIndicator = true and - confidence = mediumConfidence() + confidence = this.mediumConfidence() } } @@ -786,7 +786,7 @@ abstract private class NosqlInjectionSinkEndpointFilterCharacteristic extends En ) { endpointClass instanceof NosqlInjectionSinkType and isPositiveIndicator = false and - confidence = mediumConfidence() + confidence = this.mediumConfidence() } } @@ -817,7 +817,7 @@ private class ModeledSinkCharacteristic extends NosqlInjectionSinkEndpointFilter override predicate appliesToEndpoint(DataFlow::Node n) { exists(DataFlow::CallNode call | n = call.getAnArgument() | // Remove modeled sinks - isArgumentToKnownLibrarySinkFunction(n) + this.isArgumentToKnownLibrarySinkFunction(n) ) } } @@ -928,7 +928,7 @@ abstract private class SqlInjectionSinkEndpointFilterCharacteristic extends Endp ) { endpointClass instanceof SqlInjectionSinkType and isPositiveIndicator = false and - confidence = mediumConfidence() + confidence = this.mediumConfidence() } } @@ -1002,7 +1002,7 @@ abstract private class TaintedPathSinkEndpointFilterCharacteristic extends Endpo ) { endpointClass instanceof TaintedPathSinkType and isPositiveIndicator = false and - confidence = mediumConfidence() + confidence = this.mediumConfidence() } } @@ -1055,7 +1055,7 @@ abstract private class XssSinkEndpointFilterCharacteristic extends EndpointFilte ) { endpointClass instanceof XssSinkType and isPositiveIndicator = false and - confidence = mediumConfidence() + confidence = this.mediumConfidence() } } diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll index 452128083fa..24d67e68db3 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll +++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointTypes.qll @@ -24,7 +24,7 @@ abstract class EndpointType extends TEndpointType { */ abstract int getEncoding(); - string toString() { result = getDescription() } + string toString() { result = this.getDescription() } } /** The `Negative` class that can be predicted by endpoint scoring models. */ diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/NosqlInjectionATM.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/NosqlInjectionATM.qll index e6d602280a4..33614da5dfc 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/NosqlInjectionATM.qll +++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/NosqlInjectionATM.qll @@ -33,7 +33,7 @@ class NosqlInjectionAtmConfig extends AtmConfig { sink.(NosqlInjection::Sink).getAFlowLabel() = label or // Allow effective sinks to have any taint label - isEffectiveSink(sink) + this.isEffectiveSink(sink) } override predicate isSanitizer(DataFlow::Node node) { @@ -49,11 +49,11 @@ class NosqlInjectionAtmConfig extends AtmConfig { DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl ) { // additional flow steps from the base (non-boosted) security query - isBaseAdditionalFlowStep(src, trg, inlbl, outlbl) + this.isBaseAdditionalFlowStep(src, trg, inlbl, outlbl) or // relaxed version of previous step to track taint through unmodeled NoSQL query objects - isEffectiveSink(trg) and - src = getASubexpressionWithinQuery(trg) + this.isEffectiveSink(trg) and + src = this.getASubexpressionWithinQuery(trg) } /** Holds if src -> trg is an additional flow step in the non-boosted NoSql injection security query. */ @@ -80,9 +80,9 @@ class NosqlInjectionAtmConfig extends AtmConfig { * involving more complex queries. */ private DataFlow::Node getASubexpressionWithinQuery(DataFlow::Node query) { - isEffectiveSink(query) and + this.isEffectiveSink(query) and exists(DataFlow::SourceNode receiver | - receiver = [getASubexpressionWithinQuery(query), query].getALocalSource() + receiver = [this.getASubexpressionWithinQuery(query), query].getALocalSource() | result = [ diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/TaintedPathATM.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/TaintedPathATM.qll index de5c9fab415..c20eceb0f9c 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/TaintedPathATM.qll +++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/TaintedPathATM.qll @@ -25,7 +25,7 @@ class TaintedPathAtmConfig extends AtmConfig { label = sink.(TaintedPath::Sink).getAFlowLabel() or // Allow effective sinks to have any taint label - isEffectiveSink(sink) + this.isEffectiveSink(sink) } override predicate isSanitizer(DataFlow::Node node) { node instanceof TaintedPath::Sanitizer } @@ -54,10 +54,10 @@ class TaintedPathAtmConfig extends AtmConfig { private class BarrierGuardNodeAsSanitizerGuardNode extends TaintTracking::LabeledSanitizerGuardNode instanceof TaintedPath::BarrierGuardNode { override predicate sanitizes(boolean outcome, Expr e) { - blocks(outcome, e) or blocks(outcome, e, _) + this.blocks(outcome, e) or this.blocks(outcome, e, _) } override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { - sanitizes(outcome, e) and exists(label) + this.sanitizes(outcome, e) and exists(label) } } diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Labels.qll b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Labels.qll index 85ced189b30..dc2c449a20b 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Labels.qll +++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Labels.qll @@ -13,7 +13,7 @@ newtype TEndpointLabel = abstract class EndpointLabel extends TEndpointLabel { abstract string getEncoding(); - string toString() { result = getEncoding() } + string toString() { result = this.getEncoding() } } class SinkLabel extends EndpointLabel, TSinkLabel { diff --git a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Queries.qll b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Queries.qll index 4f7260e7e62..488c2f51914 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Queries.qll +++ b/javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/extraction/Queries.qll @@ -15,7 +15,7 @@ newtype TQuery = abstract class Query extends TQuery { abstract string getName(); - string toString() { result = getName() } + string toString() { result = this.getName() } } class NosqlInjectionQuery extends Query, TNosqlInjectionQuery { From d278340f942aa37f7ac0b26c1616e8450af67bd8 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 9 May 2023 10:55:17 +0100 Subject: [PATCH 178/870] Swift: Add missing link. --- docs/codeql/reusables/supported-frameworks.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/reusables/supported-frameworks.rst b/docs/codeql/reusables/supported-frameworks.rst index 468e83eed6f..6981bb35ed5 100644 --- a/docs/codeql/reusables/supported-frameworks.rst +++ b/docs/codeql/reusables/supported-frameworks.rst @@ -292,7 +292,7 @@ and the CodeQL library pack ``codeql/swift-all`` (`changelog `__, XML processing library + `AEXML `__, XML processing library `Alamofire `__, Network communicator `Core Data `__, Database `CryptoKit `__, Cryptography library From 1ad23c5366788c37e6dc68aacc781d98618152e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= Date: Tue, 9 May 2023 12:23:06 +0200 Subject: [PATCH 179/870] Apply suggestions from code review Co-authored-by: Asger F --- javascript/ql/lib/change-notes/2023-04-03-gh-injection.md | 2 +- javascript/ql/lib/semmle/javascript/Actions.qll | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/change-notes/2023-04-03-gh-injection.md b/javascript/ql/lib/change-notes/2023-04-03-gh-injection.md index 8cc9626e478..63e913eb694 100644 --- a/javascript/ql/lib/change-notes/2023-04-03-gh-injection.md +++ b/javascript/ql/lib/change-notes/2023-04-03-gh-injection.md @@ -1,4 +1,4 @@ --- category: minorAnalysis --- -* Improved the queries for injection vulnerabilities in GitHub Actions workflows (`js/actions/command-injection` and `js/actions/pull-request-target`) and the associated library `semmle.javascript.Actions`. These now support steps defined in composite actions, in addition to steps defined in Actions workflow files. It supports more potentially untrusted input values. Additioanlly to the shell injections it now also detects injections in `actions/github-script`. It also detects simple injections from user controlled `${{ env.name }}`. Additionally to the `yml` extension now it also supports workflows with the `yaml` extension. \ No newline at end of file +* Improved the queries for injection vulnerabilities in GitHub Actions workflows (`js/actions/command-injection` and `js/actions/pull-request-target`) and the associated library `semmle.javascript.Actions`. These now support steps defined in composite actions, in addition to steps defined in Actions workflow files. It supports more potentially untrusted input values. Additionally to the shell injections it now also detects injections in `actions/github-script`. It also detects simple injections from user controlled `${{ env.name }}`. Additionally to the `yml` extension now it also supports workflows with the `yaml` extension. \ No newline at end of file diff --git a/javascript/ql/lib/semmle/javascript/Actions.qll b/javascript/ql/lib/semmle/javascript/Actions.qll index 4bbc9816007..36a4b6ebc21 100644 --- a/javascript/ql/lib/semmle/javascript/Actions.qll +++ b/javascript/ql/lib/semmle/javascript/Actions.qll @@ -16,7 +16,7 @@ module Actions { exists(File f | f = this.getLocation().getFile() and ( - f.getRelativePath().regexpMatch("(^|.*/)\\.github/workflows/.*\\.y(?:a?)ml$") + f.getRelativePath().regexpMatch("(^|.*/)\\.github/workflows/.*\\.ya?ml$") or f.getBaseName() = "action.yml" ) From 5aa71352dc619cd15f0b22b4585d9ff38fc7b47c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= Date: Tue, 9 May 2023 12:23:52 +0200 Subject: [PATCH 180/870] Update javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp Co-authored-by: Asger F --- javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp b/javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp index d010a75a46b..df9d97e4e6b 100644 --- a/javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp +++ b/javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp @@ -21,7 +21,7 @@ The best practice to avoid code injection vulnerabilities in GitHub workflows is to set the untrusted input value of the expression to an intermediate environment variable and then use the environment variable - using the native syntax of the shell/script interpreter (i.e. NOT the ${{ env.VAR }}). + using the native syntax of the shell/script interpreter (that is, not ${{ env.VAR }}).

    + \ No newline at end of file diff --git a/go/ql/src/experimental/CWE-134/DsnInjection.ql b/go/ql/src/experimental/CWE-134/DsnInjection.ql new file mode 100644 index 00000000000..89bb83f9284 --- /dev/null +++ b/go/ql/src/experimental/CWE-134/DsnInjection.ql @@ -0,0 +1,22 @@ +/** + * @name SQL Data-source URI built from user-controlled sources + * @description Building an SQL data-source URI from untrusted sources can allow attacker to compromise security + * @kind path-problem + * @problem.severity error + * @id go/dsn-injection + * @tags security + * experimental + * external/cwe/cwe-134 + */ + +import go +import DataFlow::PathGraph +import DsnInjectionCustomizations + +/** An untrusted flow source taken as a source for the `DsnInjection` taint-flow configuration. */ +private class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSource { } + +from DsnInjection cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasFlowPath(source, sink) +select sink.getNode(), source, sink, "This query depends on a $@.", source.getNode(), + "user-provided value" diff --git a/go/ql/src/experimental/CWE-134/DsnInjectionCustomizations.qll b/go/ql/src/experimental/CWE-134/DsnInjectionCustomizations.qll new file mode 100644 index 00000000000..c87edd989a9 --- /dev/null +++ b/go/ql/src/experimental/CWE-134/DsnInjectionCustomizations.qll @@ -0,0 +1,49 @@ +/** Provides a taint-tracking model to reason about Data-Source name injection vulnerabilities. */ + +import go +import DataFlow::PathGraph +import semmle.go.dataflow.barrierguardutil.RegexpCheck + +/** A source for `DsnInjection` taint-flow configuration. */ +abstract class Source extends DataFlow::Node { } + +/** A taint-tracking configuration to reason about Data Source Name injection vulnerabilities. */ +class DsnInjection extends TaintTracking::Configuration { + DsnInjection() { this = "DsnInjection" } + + override predicate isSource(DataFlow::Node node) { node instanceof Source } + + override predicate isSink(DataFlow::Node node) { + exists(Function f | f.hasQualifiedName("database/sql", "Open") | + node = f.getACall().getArgument(1) + ) + } + + override predicate isSanitizer(DataFlow::Node node) { node instanceof RegexpCheckBarrier } +} + +/** A model of a function which decodes or unmarshals a tainted input, propagating taint from any argument to either the method receiver or return value. */ +private class DecodeFunctionModel extends TaintTracking::FunctionModel { + DecodeFunctionModel() { + // This matches any function with a name like `Decode`,`Unmarshal` or `Parse`. + // This is done to allow taints stored in encoded forms, such as in toml or json to flow freely. + this.getName().matches("(?i).*(parse|decode|unmarshal).*") + } + + override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { + input.isParameter(_) and + (output.isResult(0) or output.isReceiver()) + } +} + +/** A model of `flag.Parse`, propagating tainted input passed via CLI flags to `Parse`'s result. */ +private class FlagSetFunctionModel extends TaintTracking::FunctionModel { + FunctionInput inp; + FunctionOutput outp; + + FlagSetFunctionModel() { this.hasQualifiedName("flag", "Parse") } + + override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { + input.isParameter(0) and output.isResult() + } +} diff --git a/go/ql/src/experimental/CWE-134/DsnInjectionLocal.ql b/go/ql/src/experimental/CWE-134/DsnInjectionLocal.ql new file mode 100644 index 00000000000..8c09481b558 --- /dev/null +++ b/go/ql/src/experimental/CWE-134/DsnInjectionLocal.ql @@ -0,0 +1,24 @@ +/** + * @name SQL Data-source URI built from local user-controlled sources + * @description Building an SQL data-source URI from untrusted sources can allow attacker to compromise security + * @kind path-problem + * @problem.severity error + * @id go/dsn-injection + * @tags security + * experimental + * external/cwe/cwe-134 + */ + +import go +import DataFlow::PathGraph +import DsnInjectionCustomizations + +/** An argument passed via the command line taken as a source for the `DsnInjection` taint-flow configuration. */ +private class OsArgsSource extends Source { + OsArgsSource() { this = any(Variable c | c.hasQualifiedName("os", "Args")).getARead() } +} + +from DsnInjection cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasFlowPath(source, sink) +select sink.getNode(), source, sink, "This query depends on a $@.", source.getNode(), + "user-provided value" diff --git a/go/ql/test/experimental/CWE-134/Dsn.go b/go/ql/test/experimental/CWE-134/Dsn.go new file mode 100644 index 00000000000..b19a8a60816 --- /dev/null +++ b/go/ql/test/experimental/CWE-134/Dsn.go @@ -0,0 +1,59 @@ +package main + +import ( + "database/sql" + "errors" + "fmt" + "net/http" + "os" + "regexp" +) + +func good() (interface{}, error) { + name := os.Args[1] + hasBadChar, _ := regexp.MatchString(".*[?].*", name) + + if hasBadChar { + return nil, errors.New("bad input") + } + + dbDSN := fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=utf8", "username", "password", "127.0.0.1", 3306, name) + db, _ := sql.Open("mysql", dbDSN) + return db, nil +} + +func bad() interface{} { + name2 := os.Args[1:] + // This is bad. `name` can be something like `test?allowAllFiles=true&` which will allow an attacker to access local files. + dbDSN := fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=utf8", "username", "password", "127.0.0.1", 3306, name2[0]) + db, _ := sql.Open("mysql", dbDSN) + return db +} + +func good2(w http.ResponseWriter, req *http.Request) (interface{}, error) { + name := req.FormValue("name") + hasBadChar, _ := regexp.MatchString(".*[?].*", name) + + if hasBadChar { + return nil, errors.New("bad input") + } + + dbDSN := fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=utf8", "username", "password", "127.0.0.1", 3306, name) + db, _ := sql.Open("mysql", dbDSN) + return db, nil +} + +func bad2(w http.ResponseWriter, req *http.Request) interface{} { + name := req.FormValue("name") + // This is bad. `name` can be something like `test?allowAllFiles=true&` which will allow an attacker to access local files. + dbDSN := fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=utf8", "username", "password", "127.0.0.1", 3306, name) + db, _ := sql.Open("mysql", dbDSN) + return db +} + +func main() { + bad2(nil, nil) + good() + bad() + good2(nil, nil) +} diff --git a/go/ql/test/experimental/CWE-134/DsnInjection.expected b/go/ql/test/experimental/CWE-134/DsnInjection.expected new file mode 100644 index 00000000000..de054067a01 --- /dev/null +++ b/go/ql/test/experimental/CWE-134/DsnInjection.expected @@ -0,0 +1,8 @@ +edges +| Dsn.go:47:10:47:30 | call to FormValue | Dsn.go:50:29:50:33 | dbDSN | +nodes +| Dsn.go:47:10:47:30 | call to FormValue | semmle.label | call to FormValue | +| Dsn.go:50:29:50:33 | dbDSN | semmle.label | dbDSN | +subpaths +#select +| Dsn.go:50:29:50:33 | dbDSN | Dsn.go:47:10:47:30 | call to FormValue | Dsn.go:50:29:50:33 | dbDSN | This query depends on a $@. | Dsn.go:47:10:47:30 | call to FormValue | user-provided value | diff --git a/go/ql/test/experimental/CWE-134/DsnInjection.qlref b/go/ql/test/experimental/CWE-134/DsnInjection.qlref new file mode 100644 index 00000000000..c2308280884 --- /dev/null +++ b/go/ql/test/experimental/CWE-134/DsnInjection.qlref @@ -0,0 +1 @@ +experimental/CWE-134/DsnInjection.ql \ No newline at end of file diff --git a/go/ql/test/experimental/CWE-134/DsnInjectionLocal.expected b/go/ql/test/experimental/CWE-134/DsnInjectionLocal.expected new file mode 100644 index 00000000000..a4d8a822bbe --- /dev/null +++ b/go/ql/test/experimental/CWE-134/DsnInjectionLocal.expected @@ -0,0 +1,8 @@ +edges +| Dsn.go:26:11:26:17 | selection of Args | Dsn.go:29:29:29:33 | dbDSN | +nodes +| Dsn.go:26:11:26:17 | selection of Args | semmle.label | selection of Args | +| Dsn.go:29:29:29:33 | dbDSN | semmle.label | dbDSN | +subpaths +#select +| Dsn.go:29:29:29:33 | dbDSN | Dsn.go:26:11:26:17 | selection of Args | Dsn.go:29:29:29:33 | dbDSN | This query depends on a $@. | Dsn.go:26:11:26:17 | selection of Args | user-provided value | diff --git a/go/ql/test/experimental/CWE-134/DsnInjectionLocal.qlref b/go/ql/test/experimental/CWE-134/DsnInjectionLocal.qlref new file mode 100644 index 00000000000..b7b7e2bdbdd --- /dev/null +++ b/go/ql/test/experimental/CWE-134/DsnInjectionLocal.qlref @@ -0,0 +1 @@ +experimental/CWE-134/DsnInjectionLocal.ql \ No newline at end of file From 7da6bb6e249d57615b012f72abff428ff53fd2a7 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 11 May 2023 00:15:11 +0000 Subject: [PATCH 273/870] Add changed framework coverage reports --- java/documentation/library-coverage/coverage.csv | 1 + java/documentation/library-coverage/coverage.rst | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/java/documentation/library-coverage/coverage.csv b/java/documentation/library-coverage/coverage.csv index 4ff5999f00a..940e696f9df 100644 --- a/java/documentation/library-coverage/coverage.csv +++ b/java/documentation/library-coverage/coverage.csv @@ -88,6 +88,7 @@ org.apache.commons.jexl2,15,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,, org.apache.commons.jexl3,15,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,, org.apache.commons.lang3,6,,424,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,293,131 org.apache.commons.logging,6,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,, +org.apache.commons.net,9,12,,,,,,,,,,,,,,,,6,,3,,,,,,,,,,,,,,,,,,,12,, org.apache.commons.ognl,6,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,, org.apache.commons.text,,,272,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,220,52 org.apache.directory.ldap.client.api,1,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,, diff --git a/java/documentation/library-coverage/coverage.rst b/java/documentation/library-coverage/coverage.rst index f880c81f642..d6190c16758 100644 --- a/java/documentation/library-coverage/coverage.rst +++ b/java/documentation/library-coverage/coverage.rst @@ -22,6 +22,6 @@ Java framework & library support Java extensions,"``javax.*``, ``jakarta.*``",63,611,34,1,4,,1,1,2 Kotlin Standard Library,``kotlin*``,,1843,16,11,,,,,2 `Spring `_,``org.springframework.*``,29,483,104,2,,19,14,,29 - Others,"``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.hubspot.jinjava``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.thoughtworks.xstream``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jodd.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.geogebra.web.full.main``, ``org.hibernate``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",77,817,506,26,,18,18,,175 - Totals,,234,9109,1948,174,10,113,33,1,355 + Others,"``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.hubspot.jinjava``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.thoughtworks.xstream``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jodd.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.geogebra.web.full.main``, ``org.hibernate``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",89,817,515,26,,18,18,,181 + Totals,,246,9109,1957,174,10,113,33,1,361 From d536157c1a9289a2c6880ac252901d0d002212d5 Mon Sep 17 00:00:00 2001 From: Porcupiney Hairs Date: Sun, 7 May 2023 10:13:25 +0530 Subject: [PATCH 274/870] Go : Add query to detect potential timing attacks --- .../semmle/go/security/SensitiveActions.qll | 2 +- go/ql/src/experimental/CWE-203/Timing.qhelp | 36 ++++++++ go/ql/src/experimental/CWE-203/Timing.ql | 82 +++++++++++++++++++ go/ql/src/experimental/CWE-203/timingBad.go | 11 +++ go/ql/src/experimental/CWE-203/timingGood.go | 10 +++ .../test/experimental/CWE-203/Timing.expected | 10 +++ go/ql/test/experimental/CWE-203/Timing.qlref | 1 + go/ql/test/experimental/CWE-203/timing.go | 37 +++++++++ 8 files changed, 188 insertions(+), 1 deletion(-) create mode 100644 go/ql/src/experimental/CWE-203/Timing.qhelp create mode 100644 go/ql/src/experimental/CWE-203/Timing.ql create mode 100644 go/ql/src/experimental/CWE-203/timingBad.go create mode 100644 go/ql/src/experimental/CWE-203/timingGood.go create mode 100644 go/ql/test/experimental/CWE-203/Timing.expected create mode 100644 go/ql/test/experimental/CWE-203/Timing.qlref create mode 100644 go/ql/test/experimental/CWE-203/timing.go diff --git a/go/ql/lib/semmle/go/security/SensitiveActions.qll b/go/ql/lib/semmle/go/security/SensitiveActions.qll index fdd9661ead6..748d7fb1458 100644 --- a/go/ql/lib/semmle/go/security/SensitiveActions.qll +++ b/go/ql/lib/semmle/go/security/SensitiveActions.qll @@ -35,7 +35,7 @@ module HeuristicNames { */ string maybePassword() { result = "(?is).*pass(wd|word|code|phrase)(?!.*question).*" or - result = "(?is).*(auth(entication|ori[sz]ation)?)key.*" + result = "(?is).*(auth(entication|ori[sz]ation)?|api)key.*" } /** diff --git a/go/ql/src/experimental/CWE-203/Timing.qhelp b/go/ql/src/experimental/CWE-203/Timing.qhelp new file mode 100644 index 00000000000..7233c4c6c50 --- /dev/null +++ b/go/ql/src/experimental/CWE-203/Timing.qhelp @@ -0,0 +1,36 @@ + + + +

    + Using a non-constant time comparision to compare sensitive information can lead to auth + vulnerabilities. +

    +     + + +

    Use of a constant time comparision function such as crypto/subtle package's + ConstantTimeCompare function can prevent this vulnerability.

    +     + + +

    In the following examples, the code accepts a secret via a HTTP header in variable + secretHeader and a secret from the user in theheaderSecret variable, which + are then compared with a system stored secret to perform authentication.

    + + + + +

    In the following example, the input provided by the user is compared using the + ConstantTimeComapre function. This ensures that timing attacks are not possible in this + case.

    + + +     + + +
  • National Vulnerability Database: + CVE-2022-24912.
    • +
  • Verbose Logging: A + timing attack in action
    • +     +     \ No newline at end of file diff --git a/go/ql/src/experimental/CWE-203/Timing.ql b/go/ql/src/experimental/CWE-203/Timing.ql new file mode 100644 index 00000000000..a56a7a81540 --- /dev/null +++ b/go/ql/src/experimental/CWE-203/Timing.ql @@ -0,0 +1,82 @@ +/** + * @name Timing attacks due to comparision of sensitive secrets + * @description using a non-constant time comparision method to comapre secrets can lead to authoriztion vulnerabilities + * @kind path-problem + * @problem.severity warning + * @id go/timing-attack + * @tags security + * experimental + * external/cwe/cwe-203 + */ + +import go +import DataFlow::PathGraph +import semmle.go.security.SensitiveActions + +private predicate isBadResult(DataFlow::Node e) { + exists(string path | path = e.asExpr().getFile().getAbsolutePath().toLowerCase() | + path.matches(["%fake%", "%dummy%", "%test%", "%example%"]) and not path.matches("%ql/test%") + ) +} + +/** + * A data flow source for timing attack vulnerabilities. + */ +abstract class Source extends DataFlow::Node { } + +/** + * A data flow sink for timing attack vulnerabilities. + */ +abstract class Sink extends DataFlow::Node { } + +/** + * A sanitizer for timing attack vulnerabilities. + */ +abstract class Sanitizer extends DataFlow::Node { } + +/** A taint-tracking sink which models comparisions of sensitive variables. */ +private class SensitiveCompareSink extends Sink { + ComparisonExpr c; + + SensitiveCompareSink() { + // We select a comparision where a secret or password is tested. + exists(SensitiveVariableAccess op1, Expr op2 | + op1.getClassification() = [SensitiveExpr::secret(), SensitiveExpr::password()] and + // exclude grant to avoid FP from OAuth + not op1.getClassification().matches("%grant%") and + op1 = c.getAnOperand() and + op2 = c.getAnOperand() and + not op1 = op2 and + not ( + // Comparisions with `nil` should be excluded. + op2 = Builtin::nil().getAReference() + or + // Comparisions with empty string should also be excluded. + op2.getStringValue().length() = 0 + ) + | + // It is important to note that the name of both the operands need not be + // `sensitive`. Even if one of the operands appears to be sensitive, we consider it a potential sink. + c.getAnOperand() = this.asExpr() + ) + } + + DataFlow::Node getOtherOperand() { result.asExpr() = c.getAnOperand() and not result = this } +} + +class SecretTracking extends TaintTracking::Configuration { + SecretTracking() { this = "SecretTracking" } + + override predicate isSource(DataFlow::Node source) { + source instanceof UntrustedFlowSource and not isBadResult(source) + } + + override predicate isSink(DataFlow::Node sink) { sink instanceof Sink and not isBadResult(sink) } +} + +from SecretTracking cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where + cfg.hasFlowPath(source, sink) and + not cfg.hasFlowTo(sink.getNode().(SensitiveCompareSink).getOtherOperand()) +select sink.getNode(), source, sink, "$@ may be vulnerable to timing attacks.", source.getNode(), + "Hardcoded String" diff --git a/go/ql/src/experimental/CWE-203/timingBad.go b/go/ql/src/experimental/CWE-203/timingBad.go new file mode 100644 index 00000000000..7bb25c4ec64 --- /dev/null +++ b/go/ql/src/experimental/CWE-203/timingBad.go @@ -0,0 +1,11 @@ +func bad(w http.ResponseWriter, req *http.Request, []byte secret) (interface{}, error) { + + secretHeader := "X-Secret" + + headerSecret := req.Header.Get(secretHeader) + secretStr := string(secret) + if len(secret) != 0 && headerSecret != secretStr { + return nil, fmt.Errorf("header %s=%s did not match expected secret", secretHeader, headerSecret) + } + return nil, nil +} \ No newline at end of file diff --git a/go/ql/src/experimental/CWE-203/timingGood.go b/go/ql/src/experimental/CWE-203/timingGood.go new file mode 100644 index 00000000000..7de6eca3f8a --- /dev/null +++ b/go/ql/src/experimental/CWE-203/timingGood.go @@ -0,0 +1,10 @@ +func good(w http.ResponseWriter, req *http.Request, []byte secret) (interface{}, error) { + + secretHeader := "X-Secret" + + headerSecret := req.Header.Get(secretHeader) + if len(secret) != 0 && subtle.ConstantTimeCompare(secret, []byte(headerSecret)) != 1 { + return nil, fmt.Errorf("header %s=%s did not match expected secret", secretHeader, headerSecret) + } + return nil, nil +} \ No newline at end of file diff --git a/go/ql/test/experimental/CWE-203/Timing.expected b/go/ql/test/experimental/CWE-203/Timing.expected new file mode 100644 index 00000000000..a94866cda5a --- /dev/null +++ b/go/ql/test/experimental/CWE-203/Timing.expected @@ -0,0 +1,10 @@ +edges +| timing.go:14:18:14:27 | selection of Header | timing.go:14:18:14:45 | call to Get | +| timing.go:14:18:14:45 | call to Get | timing.go:16:25:16:36 | headerSecret | +nodes +| timing.go:14:18:14:27 | selection of Header | semmle.label | selection of Header | +| timing.go:14:18:14:45 | call to Get | semmle.label | call to Get | +| timing.go:16:25:16:36 | headerSecret | semmle.label | headerSecret | +subpaths +#select +| timing.go:16:25:16:36 | headerSecret | timing.go:14:18:14:27 | selection of Header | timing.go:16:25:16:36 | headerSecret | $@ may be vulnerable to timing attacks. | timing.go:14:18:14:27 | selection of Header | Hardcoded String | diff --git a/go/ql/test/experimental/CWE-203/Timing.qlref b/go/ql/test/experimental/CWE-203/Timing.qlref new file mode 100644 index 00000000000..6a51fa3db08 --- /dev/null +++ b/go/ql/test/experimental/CWE-203/Timing.qlref @@ -0,0 +1 @@ +experimental/CWE-203/Timing.ql \ No newline at end of file diff --git a/go/ql/test/experimental/CWE-203/timing.go b/go/ql/test/experimental/CWE-203/timing.go new file mode 100644 index 00000000000..627d1a59a36 --- /dev/null +++ b/go/ql/test/experimental/CWE-203/timing.go @@ -0,0 +1,37 @@ +package main + +import ( + "crypto/subtle" + "fmt" + "net/http" +) + +func bad(w http.ResponseWriter, req *http.Request) (interface{}, error) { + + secret := "MySuperSecretPasscode" + secretHeader := "X-Secret" + + headerSecret := req.Header.Get(secretHeader) + secretStr := string(secret) + if len(secret) != 0 && headerSecret != secretStr { + return nil, fmt.Errorf("header %s=%s did not match expected secret", secretHeader, headerSecret) + } + return nil, nil +} + +func good(w http.ResponseWriter, req *http.Request) (interface{}, error) { + + secret := []byte("MySuperSecretPasscode") + secretHeader := "X-Secret" + + headerSecret := req.Header.Get(secretHeader) + if len(secret) != 0 && subtle.ConstantTimeCompare(secret, []byte(headerSecret)) != 1 { + return nil, fmt.Errorf("header %s=%s did not match expected secret", secretHeader, headerSecret) + } + return nil, nil +} + +func main() { + bad(nil, nil) + good(nil, nil) +} From 92a4a798a038f98cc85f4713e859ce78e32f68dc Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Thu, 11 May 2023 06:34:06 +0200 Subject: [PATCH 275/870] Swift: apply review suggestions --- swift/xcode-autobuilder/XcodeProjectParser.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/swift/xcode-autobuilder/XcodeProjectParser.cpp b/swift/xcode-autobuilder/XcodeProjectParser.cpp index 65f3a7dc74e..672fb2f928d 100644 --- a/swift/xcode-autobuilder/XcodeProjectParser.cpp +++ b/swift/xcode-autobuilder/XcodeProjectParser.cpp @@ -1,5 +1,6 @@ #include "swift/xcode-autobuilder/XcodeProjectParser.h" +#include #include #include #include @@ -232,7 +233,6 @@ static std::unordered_map> collectWorkspac std::unordered_set projectsBelongingToWorkspace; std::vector files = collectFiles(workingDir); for (auto& path : files) { - std::cerr << path.c_str() << '\n'; if (path.extension() == ".xcworkspace") { auto projects = readProjectsFromWorkspace(path.string()); for (auto& project : projects) { @@ -243,11 +243,11 @@ static std::unordered_map> collectWorkspac // a package manifest must begin with a specific header comment // see https://docs.swift.org/package-manager/PackageDescription/PackageDescription.html static constexpr std::string_view packageHeader = "// swift-tools-version:"; - char buffer[packageHeader.size()]; - if (std::ifstream{path}.read(buffer, packageHeader.size()) && buffer == packageHeader) { + std::array buffer; + std::string_view bufferView{buffer.data(), buffer.size()}; + if (std::ifstream{path}.read(buffer.data(), buffer.size()) && bufferView == packageHeader) { swiftPackageEncountered = true; } - std::cerr << " " << std::string_view{buffer} << '\n'; } } // Collect all projects not belonging to any workspace into a separate empty bucket From 1f0cb9eeb883dc2fa77380ded470f6c57e92a73d Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Thu, 11 May 2023 08:35:59 +0200 Subject: [PATCH 276/870] Swift: Enable implicit this receiver warnings --- swift/ql/lib/qlpack.yml | 1 + swift/ql/src/qlpack.yml | 1 + swift/ql/test/qlpack.yml | 1 + 3 files changed, 3 insertions(+) diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 3d3f00eb029..3cb8840e0eb 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -9,3 +9,4 @@ dependencies: codeql/ssa: ${workspace} codeql/tutorial: ${workspace} codeql/util: ${workspace} +warnOnImplicitThis: true diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 200a62f3baa..7e473775c1c 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -10,3 +10,4 @@ dependencies: codeql/swift-all: ${workspace} codeql/suite-helpers: ${workspace} codeql/util: ${workspace} +warnOnImplicitThis: true diff --git a/swift/ql/test/qlpack.yml b/swift/ql/test/qlpack.yml index d6ce38e4826..8c7eb08e9ad 100644 --- a/swift/ql/test/qlpack.yml +++ b/swift/ql/test/qlpack.yml @@ -5,3 +5,4 @@ dependencies: codeql/swift-queries: ${workspace} tests: . extractor: swift +warnOnImplicitThis: true From 5fcc5e1d4aa3735e1ac49c1223e6da45a64c5f85 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Thu, 11 May 2023 08:57:41 +0200 Subject: [PATCH 277/870] Swift: initialize char buffer --- swift/xcode-autobuilder/XcodeProjectParser.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/swift/xcode-autobuilder/XcodeProjectParser.cpp b/swift/xcode-autobuilder/XcodeProjectParser.cpp index 672fb2f928d..116384385ec 100644 --- a/swift/xcode-autobuilder/XcodeProjectParser.cpp +++ b/swift/xcode-autobuilder/XcodeProjectParser.cpp @@ -243,7 +243,7 @@ static std::unordered_map> collectWorkspac // a package manifest must begin with a specific header comment // see https://docs.swift.org/package-manager/PackageDescription/PackageDescription.html static constexpr std::string_view packageHeader = "// swift-tools-version:"; - std::array buffer; + std::array buffer{}; std::string_view bufferView{buffer.data(), buffer.size()}; if (std::ifstream{path}.read(buffer.data(), buffer.size()) && bufferView == packageHeader) { swiftPackageEncountered = true; From f1893dae85224afa91051d061690c9daa8f42ecd Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 11 May 2023 09:10:54 +0100 Subject: [PATCH 278/870] Swift: Repair UIKit framework after merge. --- swift/ql/lib/codeql/swift/frameworks/Frameworks.qll | 5 +++-- swift/ql/lib/codeql/swift/frameworks/UIKit/UIKit.qll | 5 +++++ 2 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 swift/ql/lib/codeql/swift/frameworks/UIKit/UIKit.qll diff --git a/swift/ql/lib/codeql/swift/frameworks/Frameworks.qll b/swift/ql/lib/codeql/swift/frameworks/Frameworks.qll index da98eba28c0..4d00ea7cbc9 100644 --- a/swift/ql/lib/codeql/swift/frameworks/Frameworks.qll +++ b/swift/ql/lib/codeql/swift/frameworks/Frameworks.qll @@ -2,6 +2,7 @@ * This file imports all models of frameworks and libraries. */ -private import StandardLibrary.StandardLibrary -private import Xml.Xml private import Alamofire.Alamofire +private import StandardLibrary.StandardLibrary +private import UIKit.UIKit +private import Xml.Xml diff --git a/swift/ql/lib/codeql/swift/frameworks/UIKit/UIKit.qll b/swift/ql/lib/codeql/swift/frameworks/UIKit/UIKit.qll new file mode 100644 index 00000000000..a53b9b07b73 --- /dev/null +++ b/swift/ql/lib/codeql/swift/frameworks/UIKit/UIKit.qll @@ -0,0 +1,5 @@ +/** + * This file imports all models of UIKit-related frameworks and libraries. + */ + +import UITextField From 75ea449147b435d71c709e59d7250592dd8e4fad Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 11 May 2023 10:49:39 +0200 Subject: [PATCH 279/870] C#: Only include source code nodes in the identity local step consistency check. --- csharp/ql/consistency-queries/DataFlowConsistency.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/csharp/ql/consistency-queries/DataFlowConsistency.ql b/csharp/ql/consistency-queries/DataFlowConsistency.ql index 48818a91b15..ab18b0b45b8 100644 --- a/csharp/ql/consistency-queries/DataFlowConsistency.ql +++ b/csharp/ql/consistency-queries/DataFlowConsistency.ql @@ -72,5 +72,5 @@ private class MyConsistencyConfiguration extends ConsistencyConfiguration { override predicate reverseReadExclude(Node n) { n.asExpr() = any(AwaitExpr ae).getExpr() } - override predicate identityLocalStepExclude(Node n) { this.missingLocationExclude(n) } + override predicate identityLocalStepExclude(Node n) { n.getLocation().getFile().fromLibrary() } } From b0ec089a3a782e35d2302e4243b0b55a75c8e56e Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Thu, 11 May 2023 10:52:09 +0200 Subject: [PATCH 280/870] Update MaD Declarations after Triage --- java/ql/lib/change-notes/2023-05-11-new-models.md | 6 ++++++ java/ql/lib/ext/org.apache.hadoop.fs.model.yml | 14 ++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 java/ql/lib/change-notes/2023-05-11-new-models.md create mode 100644 java/ql/lib/ext/org.apache.hadoop.fs.model.yml diff --git a/java/ql/lib/change-notes/2023-05-11-new-models.md b/java/ql/lib/change-notes/2023-05-11-new-models.md new file mode 100644 index 00000000000..067105b4aca --- /dev/null +++ b/java/ql/lib/change-notes/2023-05-11-new-models.md @@ -0,0 +1,6 @@ +--- +category: minorAnalysis +--- +* Added models for the following packages: + + * org.apache.hadoop.fs diff --git a/java/ql/lib/ext/org.apache.hadoop.fs.model.yml b/java/ql/lib/ext/org.apache.hadoop.fs.model.yml new file mode 100644 index 00000000000..c9a24e49e38 --- /dev/null +++ b/java/ql/lib/ext/org.apache.hadoop.fs.model.yml @@ -0,0 +1,14 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + - ["org.apache.hadoop.fs", "Path", True, "Path", "(Path,Path)", "", "Argument[0]", "Argument[this]", "taint", "ai-generated"] + - ["org.apache.hadoop.fs", "Path", True, "Path", "(Path,Path)", "", "Argument[1]", "Argument[this]", "taint", "ai-generated"] + - ["org.apache.hadoop.fs", "Path", True, "Path", "(Path,String)", "", "Argument[0]", "Argument[this]", "taint", "ai-generated"] + - ["org.apache.hadoop.fs", "Path", True, "Path", "(Path,String)", "", "Argument[1]", "Argument[this]", "taint", "ai-generated"] + - ["org.apache.hadoop.fs", "Path", True, "Path", "(String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "ai-generated"] + - ["org.apache.hadoop.fs", "Path", True, "Path", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "ai-generated"] + - ["org.apache.hadoop.fs", "Path", True, "Path", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "ai-generated"] + - ["org.apache.hadoop.fs", "Path", True, "Path", "(String)", "", "Argument[0]", "Argument[this]", "taint", "ai-generated"] + - ["org.apache.hadoop.fs", "Path", True, "Path", "(URI)", "", "Argument[0]", "Argument[this]", "taint", "ai-generated"] From 59993ea347aab7c09369ddbe42e80e4da7b046e2 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 11 May 2023 11:12:24 +0200 Subject: [PATCH 281/870] C#: Update expected test output. --- .../CONSISTENCY/DataFlowConsistency.expected | 263 ------ .../CONSISTENCY/DataFlowConsistency.expected | 263 ------ .../CONSISTENCY/DataFlowConsistency.expected | 263 ------ .../CONSISTENCY/DataFlowConsistency.expected | 263 ------ .../CONSISTENCY/DataFlowConsistency.expected | 263 ------ .../CONSISTENCY/DataFlowConsistency.expected | 263 ------ .../CONSISTENCY/DataFlowConsistency.expected | 263 ------ .../CONSISTENCY/DataFlowConsistency.expected | 263 ------ .../CONSISTENCY/DataFlowConsistency.expected | 263 ------ .../CONSISTENCY/DataFlowConsistency.expected | 749 ------------------ .../CONSISTENCY/DataFlowConsistency.expected | 346 -------- .../CONSISTENCY/DataFlowConsistency.expected | 263 ------ .../CONSISTENCY/DataFlowConsistency.expected | 715 ----------------- 13 files changed, 4440 deletions(-) diff --git a/csharp/ql/test/library-tests/cil/attributes/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/cil/attributes/CONSISTENCY/DataFlowConsistency.expected index 293dce08987..e69de29bb2d 100644 --- a/csharp/ql/test/library-tests/cil/attributes/CONSISTENCY/DataFlowConsistency.expected +++ b/csharp/ql/test/library-tests/cil/attributes/CONSISTENCY/DataFlowConsistency.expected @@ -1,263 +0,0 @@ -identityLocalStep -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi read(Local variable 5 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 6 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method Write) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CreateParentsAndDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method DisposeOnShutdown) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiByte_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiChar_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonLatin1Char_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetTimeZoneIds) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateInterfaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SpinUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method Clone) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetCaseInsensitiveObjectInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method RemoveLeadingInQuoteSpaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TranscodeToUtf8) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryDequeue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryPeek) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method DispatchEventsToEventListeners) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method SymmetricExceptWithUniqueHashSet) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method WaitAllCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetDatePart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method IntersectWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetBytesWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetCharsWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetDelegatesFromContinuationObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 9 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 11 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 12 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 14 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 15 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddExceptionsFromChildren) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of EnsureDescriptorsInitialized) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RemoveReferencesToListenerInEventSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RoundNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of Append) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContainsValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetString) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ReadXdgDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of SearchForChildByTag) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ContinueTryEnterWithThreadTracking) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Replace) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ReplaceAllInChunk) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of SplitInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Trim) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Wait) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of FormatScientific) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method Equals) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetDefaultValueInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetHashCode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InitializeConfigAndDetermineUsePortableThreadPool) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InsertAtCurrentHashNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveAll) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveDirectoryRecursive) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ExecuteCallbackHandlers) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryEnterReadLockCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 10 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 17 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 33 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 1 of FindSection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of ScaleResult) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetChars) | Node steps to itself | diff --git a/csharp/ql/test/library-tests/cil/consistency/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/cil/consistency/CONSISTENCY/DataFlowConsistency.expected index 293dce08987..e69de29bb2d 100644 --- a/csharp/ql/test/library-tests/cil/consistency/CONSISTENCY/DataFlowConsistency.expected +++ b/csharp/ql/test/library-tests/cil/consistency/CONSISTENCY/DataFlowConsistency.expected @@ -1,263 +0,0 @@ -identityLocalStep -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi read(Local variable 5 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 6 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method Write) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CreateParentsAndDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method DisposeOnShutdown) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiByte_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiChar_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonLatin1Char_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetTimeZoneIds) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateInterfaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SpinUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method Clone) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetCaseInsensitiveObjectInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method RemoveLeadingInQuoteSpaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TranscodeToUtf8) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryDequeue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryPeek) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method DispatchEventsToEventListeners) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method SymmetricExceptWithUniqueHashSet) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method WaitAllCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetDatePart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method IntersectWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetBytesWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetCharsWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetDelegatesFromContinuationObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 9 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 11 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 12 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 14 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 15 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddExceptionsFromChildren) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of EnsureDescriptorsInitialized) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RemoveReferencesToListenerInEventSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RoundNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of Append) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContainsValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetString) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ReadXdgDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of SearchForChildByTag) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ContinueTryEnterWithThreadTracking) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Replace) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ReplaceAllInChunk) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of SplitInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Trim) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Wait) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of FormatScientific) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method Equals) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetDefaultValueInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetHashCode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InitializeConfigAndDetermineUsePortableThreadPool) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InsertAtCurrentHashNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveAll) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveDirectoryRecursive) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ExecuteCallbackHandlers) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryEnterReadLockCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 10 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 17 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 33 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 1 of FindSection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of ScaleResult) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetChars) | Node steps to itself | diff --git a/csharp/ql/test/library-tests/cil/dataflow/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/cil/dataflow/CONSISTENCY/DataFlowConsistency.expected index 293dce08987..e69de29bb2d 100644 --- a/csharp/ql/test/library-tests/cil/dataflow/CONSISTENCY/DataFlowConsistency.expected +++ b/csharp/ql/test/library-tests/cil/dataflow/CONSISTENCY/DataFlowConsistency.expected @@ -1,263 +0,0 @@ -identityLocalStep -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi read(Local variable 5 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 6 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method Write) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CreateParentsAndDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method DisposeOnShutdown) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiByte_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiChar_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonLatin1Char_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetTimeZoneIds) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateInterfaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SpinUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method Clone) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetCaseInsensitiveObjectInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method RemoveLeadingInQuoteSpaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TranscodeToUtf8) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryDequeue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryPeek) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method DispatchEventsToEventListeners) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method SymmetricExceptWithUniqueHashSet) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method WaitAllCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetDatePart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method IntersectWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetBytesWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetCharsWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetDelegatesFromContinuationObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 9 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 11 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 12 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 14 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 15 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddExceptionsFromChildren) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of EnsureDescriptorsInitialized) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RemoveReferencesToListenerInEventSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RoundNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of Append) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContainsValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetString) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ReadXdgDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of SearchForChildByTag) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ContinueTryEnterWithThreadTracking) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Replace) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ReplaceAllInChunk) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of SplitInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Trim) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Wait) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of FormatScientific) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method Equals) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetDefaultValueInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetHashCode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InitializeConfigAndDetermineUsePortableThreadPool) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InsertAtCurrentHashNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveAll) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveDirectoryRecursive) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ExecuteCallbackHandlers) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryEnterReadLockCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 10 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 17 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 33 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 1 of FindSection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of ScaleResult) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetChars) | Node steps to itself | diff --git a/csharp/ql/test/library-tests/cil/enums/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/cil/enums/CONSISTENCY/DataFlowConsistency.expected index 293dce08987..e69de29bb2d 100644 --- a/csharp/ql/test/library-tests/cil/enums/CONSISTENCY/DataFlowConsistency.expected +++ b/csharp/ql/test/library-tests/cil/enums/CONSISTENCY/DataFlowConsistency.expected @@ -1,263 +0,0 @@ -identityLocalStep -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi read(Local variable 5 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 6 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method Write) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CreateParentsAndDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method DisposeOnShutdown) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiByte_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiChar_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonLatin1Char_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetTimeZoneIds) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateInterfaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SpinUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method Clone) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetCaseInsensitiveObjectInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method RemoveLeadingInQuoteSpaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TranscodeToUtf8) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryDequeue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryPeek) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method DispatchEventsToEventListeners) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method SymmetricExceptWithUniqueHashSet) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method WaitAllCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetDatePart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method IntersectWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetBytesWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetCharsWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetDelegatesFromContinuationObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 9 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 11 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 12 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 14 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 15 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddExceptionsFromChildren) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of EnsureDescriptorsInitialized) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RemoveReferencesToListenerInEventSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RoundNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of Append) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContainsValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetString) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ReadXdgDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of SearchForChildByTag) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ContinueTryEnterWithThreadTracking) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Replace) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ReplaceAllInChunk) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of SplitInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Trim) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Wait) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of FormatScientific) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method Equals) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetDefaultValueInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetHashCode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InitializeConfigAndDetermineUsePortableThreadPool) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InsertAtCurrentHashNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveAll) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveDirectoryRecursive) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ExecuteCallbackHandlers) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryEnterReadLockCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 10 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 17 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 33 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 1 of FindSection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of ScaleResult) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetChars) | Node steps to itself | diff --git a/csharp/ql/test/library-tests/cil/functionPointers/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/cil/functionPointers/CONSISTENCY/DataFlowConsistency.expected index 293dce08987..e69de29bb2d 100644 --- a/csharp/ql/test/library-tests/cil/functionPointers/CONSISTENCY/DataFlowConsistency.expected +++ b/csharp/ql/test/library-tests/cil/functionPointers/CONSISTENCY/DataFlowConsistency.expected @@ -1,263 +0,0 @@ -identityLocalStep -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi read(Local variable 5 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 6 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method Write) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CreateParentsAndDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method DisposeOnShutdown) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiByte_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiChar_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonLatin1Char_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetTimeZoneIds) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateInterfaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SpinUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method Clone) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetCaseInsensitiveObjectInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method RemoveLeadingInQuoteSpaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TranscodeToUtf8) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryDequeue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryPeek) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method DispatchEventsToEventListeners) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method SymmetricExceptWithUniqueHashSet) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method WaitAllCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetDatePart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method IntersectWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetBytesWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetCharsWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetDelegatesFromContinuationObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 9 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 11 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 12 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 14 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 15 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddExceptionsFromChildren) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of EnsureDescriptorsInitialized) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RemoveReferencesToListenerInEventSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RoundNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of Append) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContainsValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetString) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ReadXdgDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of SearchForChildByTag) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ContinueTryEnterWithThreadTracking) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Replace) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ReplaceAllInChunk) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of SplitInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Trim) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Wait) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of FormatScientific) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method Equals) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetDefaultValueInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetHashCode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InitializeConfigAndDetermineUsePortableThreadPool) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InsertAtCurrentHashNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveAll) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveDirectoryRecursive) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ExecuteCallbackHandlers) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryEnterReadLockCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 10 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 17 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 33 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 1 of FindSection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of ScaleResult) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetChars) | Node steps to itself | diff --git a/csharp/ql/test/library-tests/cil/init-only-prop/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/cil/init-only-prop/CONSISTENCY/DataFlowConsistency.expected index 293dce08987..e69de29bb2d 100644 --- a/csharp/ql/test/library-tests/cil/init-only-prop/CONSISTENCY/DataFlowConsistency.expected +++ b/csharp/ql/test/library-tests/cil/init-only-prop/CONSISTENCY/DataFlowConsistency.expected @@ -1,263 +0,0 @@ -identityLocalStep -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi read(Local variable 5 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 6 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method Write) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CreateParentsAndDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method DisposeOnShutdown) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiByte_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiChar_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonLatin1Char_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetTimeZoneIds) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateInterfaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SpinUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method Clone) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetCaseInsensitiveObjectInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method RemoveLeadingInQuoteSpaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TranscodeToUtf8) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryDequeue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryPeek) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method DispatchEventsToEventListeners) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method SymmetricExceptWithUniqueHashSet) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method WaitAllCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetDatePart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method IntersectWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetBytesWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetCharsWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetDelegatesFromContinuationObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 9 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 11 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 12 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 14 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 15 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddExceptionsFromChildren) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of EnsureDescriptorsInitialized) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RemoveReferencesToListenerInEventSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RoundNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of Append) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContainsValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetString) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ReadXdgDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of SearchForChildByTag) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ContinueTryEnterWithThreadTracking) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Replace) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ReplaceAllInChunk) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of SplitInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Trim) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Wait) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of FormatScientific) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method Equals) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetDefaultValueInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetHashCode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InitializeConfigAndDetermineUsePortableThreadPool) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InsertAtCurrentHashNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveAll) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveDirectoryRecursive) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ExecuteCallbackHandlers) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryEnterReadLockCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 10 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 17 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 33 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 1 of FindSection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of ScaleResult) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetChars) | Node steps to itself | diff --git a/csharp/ql/test/library-tests/cil/pdbs/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/cil/pdbs/CONSISTENCY/DataFlowConsistency.expected index 293dce08987..e69de29bb2d 100644 --- a/csharp/ql/test/library-tests/cil/pdbs/CONSISTENCY/DataFlowConsistency.expected +++ b/csharp/ql/test/library-tests/cil/pdbs/CONSISTENCY/DataFlowConsistency.expected @@ -1,263 +0,0 @@ -identityLocalStep -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi read(Local variable 5 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 6 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method Write) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CreateParentsAndDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method DisposeOnShutdown) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiByte_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiChar_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonLatin1Char_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetTimeZoneIds) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateInterfaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SpinUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method Clone) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetCaseInsensitiveObjectInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method RemoveLeadingInQuoteSpaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TranscodeToUtf8) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryDequeue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryPeek) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method DispatchEventsToEventListeners) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method SymmetricExceptWithUniqueHashSet) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method WaitAllCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetDatePart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method IntersectWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetBytesWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetCharsWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetDelegatesFromContinuationObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 9 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 11 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 12 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 14 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 15 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddExceptionsFromChildren) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of EnsureDescriptorsInitialized) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RemoveReferencesToListenerInEventSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RoundNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of Append) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContainsValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetString) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ReadXdgDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of SearchForChildByTag) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ContinueTryEnterWithThreadTracking) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Replace) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ReplaceAllInChunk) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of SplitInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Trim) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Wait) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of FormatScientific) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method Equals) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetDefaultValueInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetHashCode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InitializeConfigAndDetermineUsePortableThreadPool) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InsertAtCurrentHashNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveAll) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveDirectoryRecursive) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ExecuteCallbackHandlers) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryEnterReadLockCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 10 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 17 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 33 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 1 of FindSection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of ScaleResult) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetChars) | Node steps to itself | diff --git a/csharp/ql/test/library-tests/cil/regressions/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/cil/regressions/CONSISTENCY/DataFlowConsistency.expected index 293dce08987..e69de29bb2d 100644 --- a/csharp/ql/test/library-tests/cil/regressions/CONSISTENCY/DataFlowConsistency.expected +++ b/csharp/ql/test/library-tests/cil/regressions/CONSISTENCY/DataFlowConsistency.expected @@ -1,263 +0,0 @@ -identityLocalStep -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi read(Local variable 5 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 6 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method Write) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CreateParentsAndDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method DisposeOnShutdown) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiByte_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiChar_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonLatin1Char_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetTimeZoneIds) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateInterfaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SpinUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method Clone) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetCaseInsensitiveObjectInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method RemoveLeadingInQuoteSpaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TranscodeToUtf8) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryDequeue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryPeek) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method DispatchEventsToEventListeners) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method SymmetricExceptWithUniqueHashSet) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method WaitAllCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetDatePart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method IntersectWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetBytesWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetCharsWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetDelegatesFromContinuationObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 9 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 11 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 12 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 14 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 15 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddExceptionsFromChildren) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of EnsureDescriptorsInitialized) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RemoveReferencesToListenerInEventSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RoundNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of Append) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContainsValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetString) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ReadXdgDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of SearchForChildByTag) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ContinueTryEnterWithThreadTracking) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Replace) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ReplaceAllInChunk) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of SplitInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Trim) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Wait) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of FormatScientific) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method Equals) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetDefaultValueInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetHashCode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InitializeConfigAndDetermineUsePortableThreadPool) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InsertAtCurrentHashNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveAll) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveDirectoryRecursive) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ExecuteCallbackHandlers) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryEnterReadLockCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 10 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 17 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 33 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 1 of FindSection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of ScaleResult) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetChars) | Node steps to itself | diff --git a/csharp/ql/test/library-tests/cil/typeAnnotations/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/cil/typeAnnotations/CONSISTENCY/DataFlowConsistency.expected index 293dce08987..e69de29bb2d 100644 --- a/csharp/ql/test/library-tests/cil/typeAnnotations/CONSISTENCY/DataFlowConsistency.expected +++ b/csharp/ql/test/library-tests/cil/typeAnnotations/CONSISTENCY/DataFlowConsistency.expected @@ -1,263 +0,0 @@ -identityLocalStep -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi read(Local variable 5 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 6 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method Write) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CreateParentsAndDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method DisposeOnShutdown) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiByte_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiChar_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonLatin1Char_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetTimeZoneIds) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateInterfaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SpinUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method Clone) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetCaseInsensitiveObjectInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method RemoveLeadingInQuoteSpaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TranscodeToUtf8) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryDequeue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryPeek) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method DispatchEventsToEventListeners) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method SymmetricExceptWithUniqueHashSet) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method WaitAllCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetDatePart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method IntersectWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetBytesWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetCharsWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetDelegatesFromContinuationObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 9 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 11 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 12 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 14 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 15 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddExceptionsFromChildren) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of EnsureDescriptorsInitialized) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RemoveReferencesToListenerInEventSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RoundNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of Append) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContainsValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetString) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ReadXdgDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of SearchForChildByTag) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ContinueTryEnterWithThreadTracking) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Replace) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ReplaceAllInChunk) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of SplitInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Trim) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Wait) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of FormatScientific) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method Equals) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetDefaultValueInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetHashCode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InitializeConfigAndDetermineUsePortableThreadPool) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InsertAtCurrentHashNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveAll) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveDirectoryRecursive) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ExecuteCallbackHandlers) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryEnterReadLockCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 10 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 17 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 33 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 1 of FindSection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of ScaleResult) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetChars) | Node steps to itself | diff --git a/csharp/ql/test/library-tests/commons/Disposal/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/commons/Disposal/CONSISTENCY/DataFlowConsistency.expected index 843def6eaca..e69de29bb2d 100644 --- a/csharp/ql/test/library-tests/commons/Disposal/CONSISTENCY/DataFlowConsistency.expected +++ b/csharp/ql/test/library-tests/commons/Disposal/CONSISTENCY/DataFlowConsistency.expected @@ -1,749 +0,0 @@ -identityLocalStep -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi read(Local variable 5 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 6 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method Write) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Local variable 0 of method OnServerGoAway) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Local variable 1 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Local variable 1 of method ParseHeaderNameValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Local variable 1 of method Read) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Local variable 2 of method ParseAndAddValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Local variable 2 of method RemoveStalePools) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Local variable 2 of method TryParseAndAddRawHeaderValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Local variable 3 of method ContainsParsedValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Local variable 3 of method ProcessGoAwayFrame) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Local variable 3 of method RemoveParsedValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Local variable 4 of method b__104_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetParsedValueLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Local variable 12 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetEligibleClientCertificate) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Parameter 0 of HandleAltSvc) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Parameter 0 of ProcessKeepAliveHeader) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Parameter 0 of ProcessSettingsFrame) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Parameter 0 of RemoveStalePools) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyTo) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Parameter 2 of ContainsParsedValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Parameter 2 of GetExpressionLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Parameter 2 of HandleAltSvc) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Parameter 2 of RemoveParsedValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Parameter 2 of TryGetPooledHttp11Connection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Parameter 2 of TrySkipFirstBlob) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetExpressionLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Parameter 4 of GetExpressionLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetExpressionLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi(Local variable 0 of method g__ScavengeConnectionList\|118_1) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi(Local variable 0 of method HandleAltSvc) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi(Local variable 0 of method TrySkipFirstBlob) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi(Local variable 1 of method HandleAltSvc) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi(Local variable 1 of method ProcessSettingsFrame) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetNumberLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi(Local variable 2 of method HandleAltSvc) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi(Local variable 3 of method GetExpressionLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi(Local variable 3 of method ProcessKeepAliveHeader) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi(Local variable 4 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi(Local variable 7 of method GetParsedValueLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi(Local variable 11 of method GetParsedValueLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi(Local variable 12 of method GetParsedValueLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi(Local variable 12 of method HandleAltSvc) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi(Local variable 13 of method GetParsedValueLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi(Local variable 14 of method GetParsedValueLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi(Local variable 15 of method GetParsedValueLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Net.Http.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyTo) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CreateParentsAndDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method DisposeOnShutdown) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiByte_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiChar_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonLatin1Char_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetTimeZoneIds) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateInterfaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SpinUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method Clone) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetCaseInsensitiveObjectInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method RemoveLeadingInQuoteSpaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TranscodeToUtf8) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryDequeue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryPeek) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method DispatchEventsToEventListeners) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method SymmetricExceptWithUniqueHashSet) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method WaitAllCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetDatePart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method IntersectWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetBytesWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetCharsWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetDelegatesFromContinuationObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 9 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 11 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 12 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 14 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 15 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddExceptionsFromChildren) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of EnsureDescriptorsInitialized) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RemoveReferencesToListenerInEventSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RoundNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of Append) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContainsValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetString) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ReadXdgDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of SearchForChildByTag) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ContinueTryEnterWithThreadTracking) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Replace) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ReplaceAllInChunk) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of SplitInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Trim) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Wait) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of FormatScientific) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method Equals) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetDefaultValueInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetHashCode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InitializeConfigAndDetermineUsePortableThreadPool) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InsertAtCurrentHashNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveAll) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveDirectoryRecursive) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ExecuteCallbackHandlers) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryEnterReadLockCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 10 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 17 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 33 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 1 of FindSection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of ScaleResult) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AddDefaultAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CheckAttributeGroupRestriction) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CheckForDuplicateType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CompileLiteralElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CompileSorts) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method DblToRgbFast) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method Evaluate) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ExpectedParticles) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method Find) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GenerateInitCallbacksMethod) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetDefaultAttribute) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetNamespaceListSymbols) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetNamespaceListSymbols) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetNamespaceOfPrefixStrict) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetNamespaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetNamespacesInScope) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetNamespacesInScope) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetPrefixOfNamespaceStrict) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetPreviousContentSibling) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method Intersection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ListAsString) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ListUsedPrefixes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method LoadEntityReferenceNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method LookupNamespace) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ParseDocumentContent) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method Prepare) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method RawText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method RawText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ResolveQNameDynamic) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ScanLiteral) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method WriteAttributeTextBlock) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method WriteAttributeTextBlock) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method WriteElementTextBlock) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method WriteElementTextBlock) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method WriteHtmlAttributeText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method WriteHtmlAttributeText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method WriteRawWithCharChecking) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method WriteRawWithCharChecking) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method WriteStartElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method WriteUriAttributeText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method WriteUriAttributeText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method get_NamespaceList) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method Add) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method DblToRgbFast) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method Document) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetExpectedAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetNamespaceOfPrefixStrict) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetNamespacesInScope) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method ImplReadXmlText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method ImportDerivedTypes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method MoveToPrevious) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method Prepare) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method RawTextNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method RawTextNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method ScanLiteral) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method Write) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method WriteAttributeTextBlockNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method WriteAttributeTextBlockNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method WriteElementTextBlockNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method WriteElementTextBlockNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method WriteElementTo) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method WriteRawWithCharCheckingNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method WriteRawWithCharCheckingNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method Add) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method CheckUseAttrubuteSetInList) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method DblToRgbFast) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method InferElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method ParseAttributeValueSlow) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method ParseElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method ParseElementAsync) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method ParseFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method ScanLiteral) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method VisitCallTemplate) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method WriteCDataSection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method WriteCDataSection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method WriteCommentOrPi) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method WriteCommentOrPi) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 3 of method DblToRgbFast) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 3 of method LoadElementNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 3 of method Refactor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 3 of method RemoveSchemaFromCaches) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 3 of method VisitApplyTemplates) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 3 of method WriteCDataSectionNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 3 of method WriteCDataSectionNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 3 of method WriteCommentOrPiNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 3 of method WriteCommentOrPiNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 4 of method CheckText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 4 of method CompileLiteralElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 4 of method ExportSpecialMapping) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GenerateLiteralMembersElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 4 of method ParseAttributeValueSlow) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 4 of method Refactor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 5 of method ConvertToDecimal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 5 of method ParseAttributeValueSlow) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 5 of method Refactor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetContext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 6 of method InferElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 6 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 6 of method ReadByteArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GenerateEncodedMembersElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 7 of method ParseAttributeValueSlow) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 8 of method GenerateEncodedMembersElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddDefaultAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddImportDependencies) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of AnalyzeAvt) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckAttributeGroupRestriction) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckAttributeGroupRestriction) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckAttributeSets_RecurceInContainer) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckAttributeSets_RecurceInList) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckParticleDerivation) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckUseAttrubuteSetInList) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileAndSortMatches) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileAttributeGroup) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileAttributeGroup) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileComplexType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileLiteralElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileProtoTemplate) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileSorts) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyFromCompiledSet) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyFromCompiledSet) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyFromCompiledSet) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyFromCompiledSet) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CreateIdTables) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of DepthFirstSearch) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of DepthFirstSearch) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of DepthFirstSearch) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of DepthFirstSearch) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of EatWhitespaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of EndElementIdentityConstraints) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of EndElementIdentityConstraints) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Evaluate) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Execute) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ExpectedElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ExpectedParticles) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ExportRootIfNecessary) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ExportSpecialMapping) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ExportSpecialMapping) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Find) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of FindCaseInsensitiveString) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of FindSchemaType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of GenerateBegin) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of GenerateBegin) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of GenerateBegin) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of GenerateBegin) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of GenerateBegin) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of GenerateBegin) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of GenerateInitCallbacksMethod) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of GenerateInitCallbacksMethod) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetNamespaceListSymbols) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetNamespacesInScope) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetNamespacesInScope) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ImportDerivedTypes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of InferSchema1) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of InitCallbacks) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of InitCallbacks) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ListAsString) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of LoadDocumentType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of LoadElementNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of LookupPrefix) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Merge) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of MoveToFirstNamespace) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of MoveToFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParseAttributeValueChunk) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParseAttributeValueSlow) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParseAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParseCDataOrComment) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParseElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParseElementAsync) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParseEndElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParseEndElementAsync_CheckEndTag) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParsePIValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParseQName) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParseText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParseTextAsync) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Prepare) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ProcessSubstitutionGroups) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of PropagateFlag) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of PropagateSideEffectsFlag) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of PropagateSideEffectsFlag) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of RawText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of RawText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of RawTextNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of RawTextNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ResolveQNameDynamic) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of SkipUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of StartParsing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ValidateElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of VisitCallTemplate) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Write) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteAttributeTextBlock) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteAttributeTextBlock) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteAttributeTextBlockNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteAttributeTextBlockNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteCDataSection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteCDataSection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteCDataSectionNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteCDataSectionNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteCommentOrPi) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteCommentOrPi) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteCommentOrPiNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteCommentOrPiNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteElementTextBlock) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteElementTextBlock) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteElementTextBlockNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteElementTextBlockNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteEnumAndArrayTypes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteEnumAndArrayTypes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteEnumAndArrayTypes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteEnumAndArrayTypes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteHtmlAttributeText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteHtmlAttributeText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteRawWithCharChecking) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteRawWithCharChecking) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteRawWithCharCheckingNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteRawWithCharCheckingNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteReflectionInit) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteStartElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteUriAttributeText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteUriAttributeText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of Add) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of AddDefaultAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of AddImport) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of CheckAttributeGroupRestriction) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of CheckAttributeSets_RecurceInContainer) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of CheckDuplicateParams) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of CompileAndSortMatches) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of CompileComplexType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyTo) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of EatWhitespaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of FillModeFlags) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of FindAttribute) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of FindAttributeRef) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of FindImport) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetNamespaceListSymbols) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetNamespacesInScope) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetPrefixOfNamespaceStrict) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of HasParticleRef) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ImportDerivedTypes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ImportDerivedTypes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of InferElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ListUsedPrefixes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of LookupPrefix) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of Merge) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of MoveToFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of MoveToFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of MoveToNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ParseCDataOrComment) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ParseEndElementAsync_Finish) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ParsePI) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ParseQName) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of PropagateFlag) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ReadToDescendant) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ReadToDescendant) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ReadToFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ReadToFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ReplaceNamespaceAlias) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ScanLiteral) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ScanQName) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ScanQName) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ShouldStripSpace) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of TryLookupPrefix) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of VisitApplyTemplates) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of VisitCallTemplate) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of WriteNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of CheckAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of CheckDuplicateElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of CheckWithParam) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of CompileAvt) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of CompileSorts) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of CompileXPath) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of DepthFirstSearch) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of ExpectedElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of ExpectedParticles) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of ExportSpecialMapping) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of ExportSpecialMapping) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of FindAttributeRef) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of GetDefaultAttribute) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of InferElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of ListAsString) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of MoveToFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of MoveToFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of MoveToNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of MoveToPrevious) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of ParseAttributeValueSlow) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of ParseEndElementAsync_Finish) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of ReadToDescendant) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of ReadToFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of ShouldStripSpace) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of SkipUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of Write) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of WriteAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of WriteNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 3 of ExpectedParticles) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 3 of Find) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetContentFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetDefaultAttribute) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetElementFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetTextFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 3 of InferElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 3 of ParseAttributeValueSlow) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 3 of ParseEndElementAsync_Finish) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 3 of WriteAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 3 of WriteEnumAndArrayTypes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 4 of ConvertToDecimal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 4 of GetDefaultAttribute) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 4 of WriteAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 4 of WriteEnumAndArrayTypes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetElementFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method AnalyzeAvt) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method CompileComplexType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method ContainsIdAttribute) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method Evaluate) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method ExpectedElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method FindCaseInsensitiveString) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method FindStylesheetElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetContext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method IncrementalRead) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method LoadDeclarationNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method LoadDocumentTypeNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method ParseQName) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method ParseQName) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method PopulateMemberInfos) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method Read) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method ReadXmlNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method ScanCondSection3) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method ScanQName) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method SkipUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method WriteAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method EatWhitespaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method Evaluate) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method GenerateInitCallbacksMethod) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetContext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetDefaultAttributePrefix) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetDefaultPrefix) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method InferElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method LoadDeclarationNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method LoadDocumentTypeNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method NonCDataNormalize) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method ReadTextNodes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method ScanAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method SkipUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method VisitStrConcat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method CDataNormalize) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method Decode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method IncrementalRead) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method LoadDeclarationNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method NonCDataNormalize) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method ParseCDataOrComment) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method ParsePIValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method ParseText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method ParseXmlDeclaration) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method ReadTextNodes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method ScanAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method SkipUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 3 of method CDataNormalize) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 3 of method Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 3 of method Decode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 3 of method ParseAttributeValueSlow) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 3 of method ParseCDataOrComment) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 3 of method ParseFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 3 of method ParsePIValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 3 of method ParseText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 3 of method SkipUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 4 of method InferElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 4 of method ParseText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 4 of method ReadByteArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 4 of method VisitApplyTemplates) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 6 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 6 of method ParseDocumentContent) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 6 of method get_Value) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 7 of method GetContext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 7 of method InferElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 7 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 7 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 7 of method ParseText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 8 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 8 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 8 of method ParseAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 8 of method ParseText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 9 of method FillModeFlags) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 11 of method ExportSpecialMapping) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 14 of method IncrementalRead) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 15 of method DblToRgbFast) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 16 of method DblToRgbFast) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyTo) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Parameter 4 of ParseTextAsync) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Parameter 5 of ParseTextAsync) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Parameter 6 of ParseTextAsync) | Node steps to itself | diff --git a/csharp/ql/test/library-tests/controlflow/guards/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/controlflow/guards/CONSISTENCY/DataFlowConsistency.expected index 144414d6a64..6ce61dd67a2 100644 --- a/csharp/ql/test/library-tests/controlflow/guards/CONSISTENCY/DataFlowConsistency.expected +++ b/csharp/ql/test/library-tests/controlflow/guards/CONSISTENCY/DataFlowConsistency.expected @@ -1,348 +1,2 @@ identityLocalStep | Splitting.cs:133:21:133:29 | [b (line 123): false] this access | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Collections.dll:0:0:0:0 | SSA phi read(Local variable 0 of method InOrderTreeWalk) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Collections.dll:0:0:0:0 | SSA phi read(Local variable 0 of method InOrderTreeWalk) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Collections.dll:0:0:0:0 | SSA phi read(Local variable 0 of method IntersectWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Collections.dll:0:0:0:0 | SSA phi read(Local variable 1 of method RemoveAllElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Collections.dll:0:0:0:0 | SSA phi read(Local variable 2 of method ExceptWith) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Collections.dll:0:0:0:0 | SSA phi read(Local variable 2 of method IntersectWith) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Collections.dll:0:0:0:0 | SSA phi read(Local variable 4 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Collections.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetHashCode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Collections.dll:0:0:0:0 | SSA phi read(Parameter 2 of CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Collections.dll:0:0:0:0 | SSA phi read(Parameter 2 of FindRange) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Collections.dll:0:0:0:0 | SSA phi read(Parameter 4 of FindRange) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Collections.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetHashCode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Collections.dll:0:0:0:0 | SSA phi(Local variable 1 of method get_MaxInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Collections.dll:0:0:0:0 | SSA phi(Local variable 1 of method get_MinInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Collections.dll:0:0:0:0 | SSA phi(Local variable 3 of method IntersectWith) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Collections.dll:0:0:0:0 | SSA phi(Local variable 4 of method MoveDownDefaultComparer) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Collections.dll:0:0:0:0 | SSA phi(Local variable 5 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Collections.dll:0:0:0:0 | SSA phi(Local variable 5 of method MoveDownCustomComparer) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Collections.dll:0:0:0:0 | SSA phi(Local variable 6 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi read(Local variable 5 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 6 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method Write) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CreateForJoin) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PartialQuickSort) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToList) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToList) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryGetLast) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi read(Local variable 1 of method QuickSelect) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi read(Local variable 1 of method ToArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi read(Local variable 2 of method Max) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi read(Local variable 2 of method Min) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi read(Parameter 1 of Max) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi read(Parameter 1 of Min) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi read(Parameter 2 of MaxBy) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi read(Parameter 2 of MinBy) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method Count) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method LongCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method Max) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method Max) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method Max) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method Max) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method MaxFloat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method MaxFloat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method MaxFloat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method MaxFloat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method MaxInteger) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method MaxInteger) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method MaxInteger) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method MaxInteger) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method Min) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method Min) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method Min) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method Min) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method MinFloat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method MinFloat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method MinInteger) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method MinInteger) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method Sum) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 0 of method Sum) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 1 of method MaxBy) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 1 of method MaxBy) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 1 of method MaxBy) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 1 of method MinBy) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 1 of method MinBy) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 1 of method MinBy) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 1 of method PartialQuickSort) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 2 of method Average) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 2 of method Average) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 2 of method Max) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 2 of method Max) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 2 of method MaxBy) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 2 of method Min) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 2 of method Min) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 2 of method MinBy) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 2 of method MinFloat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 2 of method MinFloat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 2 of method QuickSelect) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryGetFirst) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryGetLast) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryGetLast) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 3 of method Average) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 3 of method Average) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Linq.dll:0:0:0:0 | SSA phi(Local variable 5 of method TryGetLast) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CreateParentsAndDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method DisposeOnShutdown) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiByte_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiChar_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonLatin1Char_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetTimeZoneIds) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateInterfaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SpinUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method Clone) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetCaseInsensitiveObjectInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method RemoveLeadingInQuoteSpaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TranscodeToUtf8) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryDequeue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryPeek) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method DispatchEventsToEventListeners) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method SymmetricExceptWithUniqueHashSet) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method WaitAllCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetDatePart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method IntersectWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetBytesWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetCharsWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetDelegatesFromContinuationObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 9 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 11 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 12 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 14 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 15 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddExceptionsFromChildren) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of EnsureDescriptorsInitialized) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RemoveReferencesToListenerInEventSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RoundNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of Append) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContainsValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetString) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ReadXdgDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of SearchForChildByTag) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ContinueTryEnterWithThreadTracking) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Replace) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ReplaceAllInChunk) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of SplitInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Trim) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Wait) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of FormatScientific) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method Equals) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetDefaultValueInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetHashCode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InitializeConfigAndDetermineUsePortableThreadPool) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InsertAtCurrentHashNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveAll) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveDirectoryRecursive) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ExecuteCallbackHandlers) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryEnterReadLockCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 10 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 17 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 33 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 1 of FindSection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of ScaleResult) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetChars) | Node steps to itself | diff --git a/csharp/ql/test/library-tests/csharp11/cil/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/csharp11/cil/CONSISTENCY/DataFlowConsistency.expected index 293dce08987..e69de29bb2d 100644 --- a/csharp/ql/test/library-tests/csharp11/cil/CONSISTENCY/DataFlowConsistency.expected +++ b/csharp/ql/test/library-tests/csharp11/cil/CONSISTENCY/DataFlowConsistency.expected @@ -1,263 +0,0 @@ -identityLocalStep -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi read(Local variable 5 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 6 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method Write) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CreateParentsAndDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method DisposeOnShutdown) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiByte_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiChar_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonLatin1Char_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetTimeZoneIds) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateInterfaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SpinUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method Clone) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetCaseInsensitiveObjectInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method RemoveLeadingInQuoteSpaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TranscodeToUtf8) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryDequeue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryPeek) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method DispatchEventsToEventListeners) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method SymmetricExceptWithUniqueHashSet) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method WaitAllCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetDatePart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method IntersectWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetBytesWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetCharsWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetDelegatesFromContinuationObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 9 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 11 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 12 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 14 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 15 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddExceptionsFromChildren) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of EnsureDescriptorsInitialized) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RemoveReferencesToListenerInEventSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RoundNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of Append) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContainsValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetString) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ReadXdgDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of SearchForChildByTag) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ContinueTryEnterWithThreadTracking) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Replace) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ReplaceAllInChunk) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of SplitInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Trim) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Wait) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of FormatScientific) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method Equals) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetDefaultValueInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetHashCode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InitializeConfigAndDetermineUsePortableThreadPool) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InsertAtCurrentHashNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveAll) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveDirectoryRecursive) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ExecuteCallbackHandlers) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryEnterReadLockCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 10 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 17 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 33 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 1 of FindSection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of ScaleResult) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetChars) | Node steps to itself | diff --git a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/CONSISTENCY/DataFlowConsistency.expected index e82ad8a3eae..e69de29bb2d 100644 --- a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/CONSISTENCY/DataFlowConsistency.expected +++ b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/CONSISTENCY/DataFlowConsistency.expected @@ -1,715 +0,0 @@ -identityLocalStep -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.ComponentModel.Primitives.dll:0:0:0:0 | SSA phi read(Parameter 1 of get_Item) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi read(Local variable 5 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 6 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method ReadLineCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Console.dll:0:0:0:0 | SSA phi(Local variable 7 of method Write) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.IO.Compression.dll:0:0:0:0 | SSA phi read(Local variable 0 of method RemoveZip64Blocks) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.IO.Compression.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetAndRemoveZip64Block) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.IO.Compression.dll:0:0:0:0 | SSA phi read(Local variable 2 of method WriteFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.IO.Compression.dll:0:0:0:0 | SSA phi read(Parameter 0 of MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.IO.Compression.dll:0:0:0:0 | SSA phi read(Parameter 0 of MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.IO.Compression.dll:0:0:0:0 | SSA phi read(Parameter 0 of MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.IO.Compression.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetAndRemoveZip64Block) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.IO.Compression.dll:0:0:0:0 | SSA phi read(Parameter 2 of GetAndRemoveZip64Block) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.IO.Compression.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetAndRemoveZip64Block) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.IO.Compression.dll:0:0:0:0 | SSA phi read(Parameter 4 of GetAndRemoveZip64Block) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.IO.Compression.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetAndRemoveZip64Block) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.IO.Compression.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetAndRemoveZip64Block) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CreateParentsAndDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method DisposeOnShutdown) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiByte_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonAsciiChar_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetIndexOfFirstNonLatin1Char_Default) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetTimeZoneIds) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateInterfaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SpinUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 0 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method Clone) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetCaseInsensitiveObjectInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetSessions) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method RemoveLeadingInQuoteSpaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TranscodeToUtf8) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryDequeue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 1 of method TryPeek) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method DispatchEventsToEventListeners) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method SymmetricExceptWithUniqueHashSet) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 2 of method WaitAllCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method GetDatePart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method IntersectWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 3 of method TryDecodeFromUtf16) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GateThreadStart) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetBytesWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GetCharsWithFallback) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 5 of method SymmetricExceptWithEnumerable) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetDelegatesFromContinuationObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 9 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 11 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 12 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 13 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 14 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Local variable 15 of method PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddExceptionsFromChildren) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of EnsureDescriptorsInitialized) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateConstructors) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of PopulateMethods) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RemoveReferencesToListenerInEventSources) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of RoundNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 0 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of Append) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContainsValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ContinueTryEnter) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetObject) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetString) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of ReadXdgDirectory) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 1 of SearchForChildByTag) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ContinueTryEnterWithThreadTracking) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Replace) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of ReplaceAllInChunk) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of SplitInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Trim) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 2 of Wait) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of FormatScientific) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method Equals) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetDefaultValueInternal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetHashCode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InitializeConfigAndDetermineUsePortableThreadPool) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method InsertAtCurrentHashNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveAll) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method RemoveDirectoryRecursive) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 0 of method TryParseInt64D) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method CheckNullabilityAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ExecuteCallbackHandlers) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetPointerToFirstInvalidByte) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToKeyValuePairsArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method TranslateToManifestConvention) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 1 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method FromBase64_ComputeResultLength) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryEnterReadLockCore) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 2 of method TryParseUInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method g__LogDataStore\|23_0) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ScanDateWord) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToLower) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method ToUpper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt16N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt32N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseInt64N) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 3 of method TryParseSByteN) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetByteCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method MatchPattern) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 4 of method OnStop) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method CheckUniqueAndUnfoundElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method FormCompoundType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method GetNextToken) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method OnDeserialization) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method PickPivotAndPartition) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 5 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method GetCharCount) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method Set) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 6 of method VarDecCmpSub) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method ToTitleCase) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 7 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseNumber) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 8 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryFromBase64Chars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 9 of method TryParseStatusFile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 10 of method EnumerateFilesRecursively) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 15 of method AppendFormatHelper) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 17 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Local variable 33 of method NumberToStringFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 1 of FindSection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyEntries) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyKeys) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyValues) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 2 of ScaleResult) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of AddDateWords) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetBytes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.CoreLib.dll:0:0:0:0 | SSA phi(Parameter 3 of GetChars) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method AddDefaultAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CheckAttributeGroupRestriction) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CheckForDuplicateType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CompileLiteralElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method CompileSorts) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method DblToRgbFast) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method Evaluate) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ExpectedParticles) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method Find) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GenerateInitCallbacksMethod) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetDefaultAttribute) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetNamespaceListSymbols) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetNamespaceListSymbols) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetNamespaceOfPrefixStrict) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetNamespaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetNamespacesInScope) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetNamespacesInScope) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetPrefixOfNamespaceStrict) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method GetPreviousContentSibling) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method Intersection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ListAsString) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ListUsedPrefixes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method LoadEntityReferenceNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method LookupNamespace) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ParseDocumentContent) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method Prepare) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method RawText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method RawText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ResolveQNameDynamic) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method ScanLiteral) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method WriteAttributeTextBlock) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method WriteAttributeTextBlock) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method WriteElementTextBlock) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method WriteElementTextBlock) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method WriteHtmlAttributeText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method WriteHtmlAttributeText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method WriteRawWithCharChecking) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method WriteRawWithCharChecking) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method WriteStartElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method WriteUriAttributeText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method WriteUriAttributeText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 0 of method get_NamespaceList) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method Add) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method DblToRgbFast) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method Document) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetExpectedAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetNamespaceOfPrefixStrict) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method GetNamespacesInScope) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method ImplReadXmlText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method ImportDerivedTypes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method MoveToPrevious) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method Prepare) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method RawTextNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method RawTextNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method ScanLiteral) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method Write) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method WriteAttributeTextBlockNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method WriteAttributeTextBlockNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method WriteElementTextBlockNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method WriteElementTextBlockNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method WriteElementTo) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method WriteRawWithCharCheckingNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 1 of method WriteRawWithCharCheckingNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method Add) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method CheckUseAttrubuteSetInList) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method DblToRgbFast) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method InferElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method ParseAttributeValueSlow) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method ParseElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method ParseElementAsync) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method ParseFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method ScanLiteral) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method VisitCallTemplate) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method WriteCDataSection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method WriteCDataSection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method WriteCommentOrPi) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 2 of method WriteCommentOrPi) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 3 of method CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 3 of method DblToRgbFast) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 3 of method LoadElementNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 3 of method Refactor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 3 of method RemoveSchemaFromCaches) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 3 of method VisitApplyTemplates) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 3 of method WriteCDataSectionNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 3 of method WriteCDataSectionNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 3 of method WriteCommentOrPiNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 3 of method WriteCommentOrPiNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 4 of method CheckText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 4 of method CompileLiteralElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 4 of method ExportSpecialMapping) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 4 of method GenerateLiteralMembersElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 4 of method ParseAttributeValueSlow) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 4 of method Refactor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 5 of method ConvertToDecimal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 5 of method ParseAttributeValueSlow) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 5 of method Refactor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 6 of method GetContext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 6 of method InferElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 6 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 6 of method ReadByteArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 7 of method GenerateEncodedMembersElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 7 of method ParseAttributeValueSlow) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Local variable 8 of method GenerateEncodedMembersElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddDefaultAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of AddImportDependencies) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of AnalyzeAvt) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckAttributeGroupRestriction) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckAttributeGroupRestriction) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckAttributeSets_RecurceInContainer) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckAttributeSets_RecurceInList) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckParticleDerivation) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CheckUseAttrubuteSetInList) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileAndSortMatches) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileAttributeGroup) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileAttributeGroup) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileComplexType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileLiteralElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileProtoTemplate) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CompileSorts) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyFromCompiledSet) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyFromCompiledSet) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyFromCompiledSet) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyFromCompiledSet) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CopyNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of CreateIdTables) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of DepthFirstSearch) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of DepthFirstSearch) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of DepthFirstSearch) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of DepthFirstSearch) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of EatWhitespaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of EndElementIdentityConstraints) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of EndElementIdentityConstraints) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Evaluate) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Execute) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ExpectedElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ExpectedParticles) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ExportRootIfNecessary) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ExportSpecialMapping) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ExportSpecialMapping) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Find) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of FindCaseInsensitiveString) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of FindSchemaType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of GenerateBegin) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of GenerateBegin) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of GenerateBegin) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of GenerateBegin) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of GenerateBegin) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of GenerateBegin) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of GenerateInitCallbacksMethod) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of GenerateInitCallbacksMethod) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetNamespaceListSymbols) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetNamespacesInScope) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of GetNamespacesInScope) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ImportDerivedTypes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of InferSchema1) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of InitCallbacks) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of InitCallbacks) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ListAsString) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of LoadDocumentType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of LoadElementNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of LookupPrefix) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Merge) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of MoveToFirstNamespace) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of MoveToFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParseAttributeValueChunk) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParseAttributeValueSlow) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParseAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParseCDataOrComment) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParseElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParseElementAsync) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParseEndElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParseEndElementAsync_CheckEndTag) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParsePIValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParseQName) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParseText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ParseTextAsync) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Prepare) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ProcessSubstitutionGroups) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of PropagateFlag) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of PropagateSideEffectsFlag) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of PropagateSideEffectsFlag) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of RawText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of RawText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of RawTextNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of RawTextNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ResolveQNameDynamic) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of SkipUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of StartParsing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of ValidateElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of VisitCallTemplate) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of Write) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteAttributeTextBlock) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteAttributeTextBlock) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteAttributeTextBlockNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteAttributeTextBlockNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteCDataSection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteCDataSection) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteCDataSectionNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteCDataSectionNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteCommentOrPi) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteCommentOrPi) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteCommentOrPiNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteCommentOrPiNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteElementTextBlock) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteElementTextBlock) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteElementTextBlockNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteElementTextBlockNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteEnumAndArrayTypes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteEnumAndArrayTypes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteEnumAndArrayTypes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteEnumAndArrayTypes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteHtmlAttributeText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteHtmlAttributeText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteRawWithCharChecking) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteRawWithCharChecking) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteRawWithCharCheckingNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteRawWithCharCheckingNoFlush) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteReflectionInit) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteStartElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteUriAttributeText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 0 of WriteUriAttributeText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of Add) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of AddDefaultAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of AddImport) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of CheckAttributeGroupRestriction) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of CheckAttributeSets_RecurceInContainer) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of CheckDuplicateParams) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of CompileAndSortMatches) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of CompileComplexType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of CopyTo) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of EatWhitespaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of FillModeFlags) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of FindAttribute) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of FindAttributeRef) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of FindImport) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetNamespaceListSymbols) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetNamespacesInScope) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of GetPrefixOfNamespaceStrict) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of HasParticleRef) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ImportDerivedTypes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ImportDerivedTypes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of InferElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ListUsedPrefixes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of LookupPrefix) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of Merge) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of MoveToFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of MoveToFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of MoveToNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ParseCDataOrComment) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ParseEndElementAsync_Finish) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ParsePI) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ParseQName) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of PropagateFlag) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ReadToDescendant) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ReadToDescendant) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ReadToFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ReadToFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ReplaceNamespaceAlias) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ScanLiteral) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ScanQName) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ScanQName) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of ShouldStripSpace) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of TryLookupPrefix) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of VisitApplyTemplates) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of VisitCallTemplate) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 1 of WriteNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of CheckAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of CheckDuplicateElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of CheckWithParam) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of CompileAvt) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of CompileLocalAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of CompileSorts) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of CompileXPath) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of DepthFirstSearch) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of ExpectedElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of ExpectedParticles) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of ExportSpecialMapping) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of ExportSpecialMapping) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of FindAttributeRef) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of GetDefaultAttribute) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of InferElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of ListAsString) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of MoveToFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of MoveToFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of MoveToNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of MoveToPrevious) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of ParseAttributeValueSlow) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of ParseEndElementAsync_Finish) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of ReadToDescendant) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of ReadToFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of ShouldStripSpace) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of SkipUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of Write) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of WriteAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 2 of WriteNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 3 of ExpectedParticles) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 3 of Find) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetContentFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetDefaultAttribute) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetElementFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 3 of GetTextFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 3 of InferElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 3 of ParseAttributeValueSlow) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 3 of ParseEndElementAsync_Finish) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 3 of WriteAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 3 of WriteEnumAndArrayTypes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 4 of ConvertToDecimal) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 4 of GetDefaultAttribute) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 4 of WriteAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 4 of WriteEnumAndArrayTypes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi read(Parameter 5 of GetElementFollowing) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method .ctor) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method AnalyzeAvt) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method CompileComplexType) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method ContainsIdAttribute) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method Evaluate) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method ExpectedElements) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method FindCaseInsensitiveString) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method FindStylesheetElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method GetContext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method IncrementalRead) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method LoadDeclarationNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method LoadDocumentTypeNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method ParseQName) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method ParseQName) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method PopulateMemberInfos) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method Read) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method ReadXmlNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method ScanCondSection3) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method ScanQName) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method SkipUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 0 of method WriteAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method EatWhitespaces) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method Evaluate) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method GenerateInitCallbacksMethod) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetContext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetDefaultAttributePrefix) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method GetDefaultPrefix) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method InferElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method LoadDeclarationNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method LoadDocumentTypeNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method NonCDataNormalize) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method ReadTextNodes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method ScanAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method SkipUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 1 of method VisitStrConcat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method CDataNormalize) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method Decode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method IncrementalRead) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method LoadDeclarationNode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method NonCDataNormalize) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method ParseCDataOrComment) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method ParsePIValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method ParseText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method ParseXmlDeclaration) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method ReadTextNodes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method ScanAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 2 of method SkipUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 3 of method CDataNormalize) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 3 of method Compile) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 3 of method Decode) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 3 of method ParseAttributeValueSlow) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 3 of method ParseCDataOrComment) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 3 of method ParseFormat) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 3 of method ParsePIValue) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 3 of method ParseText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 3 of method SkipUntil) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 4 of method InferElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 4 of method ParseText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 4 of method ReadByteArray) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 4 of method VisitApplyTemplates) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 6 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 6 of method ParseDocumentContent) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 6 of method get_Value) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 7 of method GetContext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 7 of method InferElement) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 7 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 7 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 7 of method ParseText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 8 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 8 of method MoveNext) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 8 of method ParseAttributes) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 8 of method ParseText) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 9 of method FillModeFlags) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 11 of method ExportSpecialMapping) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 14 of method IncrementalRead) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 15 of method DblToRgbFast) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Local variable 16 of method DblToRgbFast) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Parameter 2 of CopyTo) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Parameter 4 of ParseTextAsync) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Parameter 5 of ParseTextAsync) | Node steps to itself | -| file:///home/runner/work/codeql/codeql/csharp/extractor-pack/tools/linux64/System.Private.Xml.dll:0:0:0:0 | SSA phi(Parameter 6 of ParseTextAsync) | Node steps to itself | From e15610cfcd1844056ae50fba8b5982f62daf47d5 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Thu, 11 May 2023 11:32:05 +0200 Subject: [PATCH 282/870] use ascii dash --- java/ql/src/Telemetry/AutomodelSharedUtil.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/src/Telemetry/AutomodelSharedUtil.qll b/java/ql/src/Telemetry/AutomodelSharedUtil.qll index 6e323de9ebb..e03e46abd1d 100644 --- a/java/ql/src/Telemetry/AutomodelSharedUtil.qll +++ b/java/ql/src/Telemetry/AutomodelSharedUtil.qll @@ -3,7 +3,7 @@ * * It extends `string`, but adds a mock `hasLocationInfo` method that returns the string itself as the file name. * - * Use this, when you want to return a string value from a query using $@ notation — the string value + * Use this, when you want to return a string value from a query using $@ notation - the string value * will be included in the sarif file. * * From 489a73c2c33c25beb065102b6d5bc0d7659a0ddb Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Thu, 11 May 2023 10:28:03 +0200 Subject: [PATCH 283/870] JS: Make implicit this receivers explicit --- .../lib/semmle/javascript/linters/ESLint.qll | 24 +++++++++++-------- .../javascript/meta/ExtractionMetrics.qll | 10 ++++---- 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/linters/ESLint.qll b/javascript/ql/lib/semmle/javascript/linters/ESLint.qll index 380295dea1e..acc52a5d6b5 100644 --- a/javascript/ql/lib/semmle/javascript/linters/ESLint.qll +++ b/javascript/ql/lib/semmle/javascript/linters/ESLint.qll @@ -10,10 +10,12 @@ module ESLint { */ abstract class Configuration extends Locatable { /** Gets the folder in which this configuration file is located. */ - private Folder getEnclosingFolder() { result = getFile().getParentContainer() } + private Folder getEnclosingFolder() { result = this.getFile().getParentContainer() } /** Holds if this configuration file applies to the code in `tl`. */ - predicate appliesTo(TopLevel tl) { tl.getFile().getParentContainer+() = getEnclosingFolder() } + predicate appliesTo(TopLevel tl) { + tl.getFile().getParentContainer+() = this.getEnclosingFolder() + } /** Gets the `globals` configuration object of this file, if any. */ abstract ConfigurationObject getGlobals(); @@ -39,11 +41,11 @@ module ESLint { /** An `.eslintrc.json` file. */ private class EslintrcJson extends JsonConfiguration { EslintrcJson() { - isTopLevel() and - exists(string n | n = getFile().getBaseName() | n = ".eslintrc.json" or n = ".eslintrc") + this.isTopLevel() and + exists(string n | n = this.getFile().getBaseName() | n = ".eslintrc.json" or n = ".eslintrc") } - override ConfigurationObject getGlobals() { result = getPropValue("globals") } + override ConfigurationObject getGlobals() { result = this.getPropValue("globals") } } /** An ESLint configuration object in JSON format. */ @@ -51,7 +53,7 @@ module ESLint { override Configuration getConfiguration() { this = result.(JsonConfiguration).getPropValue(_) } override boolean getBooleanProperty(string p) { - exists(string v | v = getPropValue(p).(JsonBoolean).getValue() | + exists(string v | v = this.getPropValue(p).(JsonBoolean).getValue() | v = "true" and result = true or v = "false" and result = false @@ -62,7 +64,7 @@ module ESLint { /** An `.eslintrc.yaml` file. */ private class EslintrcYaml extends Configuration instanceof YamlMapping, YamlDocument { EslintrcYaml() { - exists(string n | n = getFile().getBaseName() | + exists(string n | n = this.(Locatable).getFile().getBaseName() | n = ".eslintrc.yaml" or n = ".eslintrc.yml" or n = ".eslintrc" ) } @@ -91,7 +93,7 @@ module ESLint { exists(PackageJson pkg | this = pkg.getPropValue("eslintConfig")) } - override ConfigurationObject getGlobals() { result = getPropValue("globals") } + override ConfigurationObject getGlobals() { result = this.getPropValue("globals") } } /** An ESLint `globals` configuration object. */ @@ -99,10 +101,12 @@ module ESLint { GlobalsConfigurationObject() { this = any(Configuration cfg).getGlobals() } override predicate declaresGlobal(string name, boolean writable) { - getBooleanProperty(name) = writable + this.getBooleanProperty(name) = writable } - override predicate appliesTo(ExprOrStmt s) { getConfiguration().appliesTo(s.getTopLevel()) } + override predicate appliesTo(ExprOrStmt s) { + this.getConfiguration().appliesTo(s.getTopLevel()) + } abstract override Configuration getConfiguration(); diff --git a/javascript/ql/lib/semmle/javascript/meta/ExtractionMetrics.qll b/javascript/ql/lib/semmle/javascript/meta/ExtractionMetrics.qll index 06222b99d43..0bc4f32d4bc 100644 --- a/javascript/ql/lib/semmle/javascript/meta/ExtractionMetrics.qll +++ b/javascript/ql/lib/semmle/javascript/meta/ExtractionMetrics.qll @@ -17,22 +17,22 @@ module ExtractionMetrics { /** * Gets the CPU time in nanoseconds it took to extract this file. */ - float getCpuTime() { result = strictsum(getTime(_, 0)) } + float getCpuTime() { result = strictsum(this.getTime(_, 0)) } /** * Gets the wall-clock time in nanoseconds it took to extract this file. */ - float getWallclockTime() { result = strictsum(getTime(_, 1)) } + float getWallclockTime() { result = strictsum(this.getTime(_, 1)) } /** * Gets the CPU time in nanoseconds it took to process phase `phaseName` during the extraction of this file. */ - float getCpuTime(PhaseName phaseName) { result = getTime(phaseName, 0) } + float getCpuTime(PhaseName phaseName) { result = this.getTime(phaseName, 0) } /** * Gets the wall-clock time in nanoseconds it took to process phase `phaseName` during the extraction of this file. */ - float getWallclockTime(PhaseName phaseName) { result = getTime(phaseName, 1) } + float getWallclockTime(PhaseName phaseName) { result = this.getTime(phaseName, 1) } /** * Holds if this file was extracted from the trap cache. @@ -60,7 +60,7 @@ module ExtractionMetrics { ) = time | // assume the cache-lookup was for free - if isFromCache() then result = 0 else result = time + if this.isFromCache() then result = 0 else result = time ) } } From 8fac01e84f67289b009100aaa821eb480e1d1052 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 11 May 2023 11:29:44 +0100 Subject: [PATCH 284/870] Swift: Remove the old sinks. --- .../codeql/swift/security/CleartextLoggingExtensions.qll | 6 +----- .../ql/lib/codeql/swift/security/SqlInjectionExtensions.qll | 6 +----- .../swift/security/UncontrolledFormatStringExtensions.qll | 2 -- .../ql/lib/codeql/swift/security/UnsafeJsEvalExtensions.qll | 6 +----- 4 files changed, 3 insertions(+), 17 deletions(-) diff --git a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll index ecd5a5dde53..bb3f7603978 100644 --- a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll +++ b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll @@ -26,11 +26,7 @@ class CleartextLoggingAdditionalFlowStep extends Unit { * A sink defined in a CSV model. */ private class DefaultCleartextLoggingSink extends CleartextLoggingSink { - DefaultCleartextLoggingSink() { - sinkNode(this, "log-injection") - or - sinkNode(this, "logging") // deprecated label - } + DefaultCleartextLoggingSink() { sinkNode(this, "log-injection") } } /** diff --git a/swift/ql/lib/codeql/swift/security/SqlInjectionExtensions.qll b/swift/ql/lib/codeql/swift/security/SqlInjectionExtensions.qll index 7690ce49e6c..1aac3571f53 100644 --- a/swift/ql/lib/codeql/swift/security/SqlInjectionExtensions.qll +++ b/swift/ql/lib/codeql/swift/security/SqlInjectionExtensions.qll @@ -151,9 +151,5 @@ private class GrdbDefaultSqlInjectionSink extends SqlInjectionSink { * A sink defined in a CSV model. */ private class DefaultSqlInjectionSink extends SqlInjectionSink { - DefaultSqlInjectionSink() { - sinkNode(this, "sql-injection") - or - sinkNode(this, "sql") // deprecated label - } + DefaultSqlInjectionSink() { sinkNode(this, "sql-injection") } } diff --git a/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll b/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll index eb4e2117681..c2d587a35c2 100644 --- a/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll +++ b/swift/ql/lib/codeql/swift/security/UncontrolledFormatStringExtensions.qll @@ -40,7 +40,5 @@ private class DefaultUncontrolledFormatStringSink extends UncontrolledFormatStri or // a sink defined in a CSV model. sinkNode(this, "format-string") - or - sinkNode(this, "uncontrolled-format-string") // deprecated label } } diff --git a/swift/ql/lib/codeql/swift/security/UnsafeJsEvalExtensions.qll b/swift/ql/lib/codeql/swift/security/UnsafeJsEvalExtensions.qll index e0391b59cc4..61128984cb9 100644 --- a/swift/ql/lib/codeql/swift/security/UnsafeJsEvalExtensions.qll +++ b/swift/ql/lib/codeql/swift/security/UnsafeJsEvalExtensions.qll @@ -144,9 +144,5 @@ private class DefaultUnsafeJsEvalAdditionalFlowStep extends UnsafeJsEvalAddition * A sink defined in a CSV model. */ private class DefaultUnsafeJsEvalSink extends UnsafeJsEvalSink { - DefaultUnsafeJsEvalSink() { - sinkNode(this, "code-injection") - or - sinkNode(this, "js-eval") // deprecated label - } + DefaultUnsafeJsEvalSink() { sinkNode(this, "code-injection") } } From 874a426779d3fbf021a5151e7985440b833e50d3 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 11 May 2023 11:51:42 +0100 Subject: [PATCH 285/870] Add identify-environment scripts --- go/codeql-tools/identify-environment.cmd | 8 ++++++++ go/codeql-tools/identify-environment.sh | 10 ++++++++++ 2 files changed, 18 insertions(+) create mode 100644 go/codeql-tools/identify-environment.cmd create mode 100755 go/codeql-tools/identify-environment.sh diff --git a/go/codeql-tools/identify-environment.cmd b/go/codeql-tools/identify-environment.cmd new file mode 100644 index 00000000000..1843805e3c7 --- /dev/null +++ b/go/codeql-tools/identify-environment.cmd @@ -0,0 +1,8 @@ +@echo off +SETLOCAL EnableDelayedExpansion + +type NUL && "%CODEQL_EXTRACTOR_GO_ROOT%/tools/%CODEQL_PLATFORM%/go-autobuilder.exe" --identify-environment + +exit /b %ERRORLEVEL% + +ENDLOCAL diff --git a/go/codeql-tools/identify-environment.sh b/go/codeql-tools/identify-environment.sh new file mode 100755 index 00000000000..27d48329065 --- /dev/null +++ b/go/codeql-tools/identify-environment.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +set -eu + +if [ "$CODEQL_PLATFORM" != "linux64" ] && [ "$CODEQL_PLATFORM" != "osx64" ] ; then + echo "Automatic build detection for $CODEQL_PLATFORM is not implemented." + exit 1 +fi + +"$CODEQL_EXTRACTOR_GO_ROOT/tools/$CODEQL_PLATFORM/go-autobuilder" --identify-environment From a920c138693bc7e74313472fc3d54a6131ebab4c Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Thu, 11 May 2023 12:41:02 +0200 Subject: [PATCH 286/870] Remove ql/implicit-this restriction to files with explicit this --- ql/ql/src/codeql_ql/style/ImplicitThisQuery.qll | 12 +----------- ql/ql/test/queries/style/ImplicitThis/Bad2.qll | 9 +++++++++ .../queries/style/ImplicitThis/ImplicitThis.expected | 1 + ql/ql/test/queries/style/ImplicitThis/Okay.qll | 3 --- 4 files changed, 11 insertions(+), 14 deletions(-) create mode 100644 ql/ql/test/queries/style/ImplicitThis/Bad2.qll diff --git a/ql/ql/src/codeql_ql/style/ImplicitThisQuery.qll b/ql/ql/src/codeql_ql/style/ImplicitThisQuery.qll index 9fc820f49f1..af71dc09265 100644 --- a/ql/ql/src/codeql_ql/style/ImplicitThisQuery.qll +++ b/ql/ql/src/codeql_ql/style/ImplicitThisQuery.qll @@ -1,12 +1,5 @@ import ql -MemberCall explicitThisCallInFile(File f) { - result.getLocation().getFile() = f and - result.getBase() instanceof ThisAccess and - // Exclude `this.(Type).whatever(...)`, as some files have that as their only instance of `this`. - not result = any(InlineCast c).getBase() -} - PredicateCall implicitThisCallInFile(File f) { result.getLocation().getFile() = f and exists(result.getTarget().getDeclaringType().getASuperType()) and @@ -14,7 +7,4 @@ PredicateCall implicitThisCallInFile(File f) { not exists(result.getQualifier()) } -PredicateCall confusingImplicitThisCall(File f) { - result = implicitThisCallInFile(f) and - exists(explicitThisCallInFile(f)) -} +PredicateCall confusingImplicitThisCall(File f) { result = implicitThisCallInFile(f) } diff --git a/ql/ql/test/queries/style/ImplicitThis/Bad2.qll b/ql/ql/test/queries/style/ImplicitThis/Bad2.qll new file mode 100644 index 00000000000..27d7485ca4f --- /dev/null +++ b/ql/ql/test/queries/style/ImplicitThis/Bad2.qll @@ -0,0 +1,9 @@ +import ql + +class Foo extends string { + Foo() { this = "hello" } + + string getBar() { result = "bar" } + + string getBarWithoutThis() { result = getBar() } +} diff --git a/ql/ql/test/queries/style/ImplicitThis/ImplicitThis.expected b/ql/ql/test/queries/style/ImplicitThis/ImplicitThis.expected index fa3adbaf992..f3f2813c3a4 100644 --- a/ql/ql/test/queries/style/ImplicitThis/ImplicitThis.expected +++ b/ql/ql/test/queries/style/ImplicitThis/ImplicitThis.expected @@ -1 +1,2 @@ +| Bad2.qll:8:41:8:48 | PredicateCall | Use of implicit `this`. | | Bad.qll:10:41:10:48 | PredicateCall | Use of implicit `this`. | diff --git a/ql/ql/test/queries/style/ImplicitThis/Okay.qll b/ql/ql/test/queries/style/ImplicitThis/Okay.qll index 37c9dd4ab2a..70253c64cf6 100644 --- a/ql/ql/test/queries/style/ImplicitThis/Okay.qll +++ b/ql/ql/test/queries/style/ImplicitThis/Okay.qll @@ -5,9 +5,6 @@ class Foo extends string { string getBar() { result = "bar" } - /* Okay, because we don't write `this.some_method` anywhere */ - string getBarWithoutThis() { result = getBar() } - /* Okay, because this is the only way to cast `this`. */ string useThisWithInlineCast() { result = this.(string).toUpperCase() } } From 15a7fdd2971703e76da537ad91d93a47046614e0 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 11 May 2023 12:47:42 +0100 Subject: [PATCH 287/870] Swift: Update existing CSV sinks to new labels. --- .../security/CleartextLoggingExtensions.qll | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll index bb3f7603978..1adc157fb6f 100644 --- a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll +++ b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll @@ -80,25 +80,25 @@ private class LoggingSinks extends SinkModelCsv { override predicate row(string row) { row = [ - ";;false;print(_:separator:terminator:);;;Argument[0].ArrayElement;logging", - ";;false;print(_:separator:terminator:);;;Argument[1..2];logging", - ";;false;print(_:separator:terminator:toStream:);;;Argument[0].ArrayElement;logging", - ";;false;print(_:separator:terminator:toStream:);;;Argument[1..2];logging", - ";;false;NSLog(_:_:);;;Argument[0];logging", - ";;false;NSLog(_:_:);;;Argument[1].ArrayElement;logging", - ";;false;NSLogv(_:_:);;;Argument[0];logging", - ";;false;NSLogv(_:_:);;;Argument[1].ArrayElement;logging", - ";;false;vfprintf(_:_:_:);;;Agument[1..2];logging", - ";Logger;true;log(_:);;;Argument[0];logging", - ";Logger;true;log(level:_:);;;Argument[1];logging", - ";Logger;true;trace(_:);;;Argument[1];logging", - ";Logger;true;debug(_:);;;Argument[1];logging", - ";Logger;true;info(_:);;;Argument[1];logging", - ";Logger;true;notice(_:);;;Argument[1];logging", - ";Logger;true;warning(_:);;;Argument[1];logging", - ";Logger;true;error(_:);;;Argument[1];logging", - ";Logger;true;critical(_:);;;Argument[1];logging", - ";Logger;true;fault(_:);;;Argument[1];logging", + ";;false;print(_:separator:terminator:);;;Argument[0].ArrayElement;log-injection", + ";;false;print(_:separator:terminator:);;;Argument[1..2];log-injection", + ";;false;print(_:separator:terminator:toStream:);;;Argument[0].ArrayElement;log-injection", + ";;false;print(_:separator:terminator:toStream:);;;Argument[1..2];log-injection", + ";;false;NSLog(_:_:);;;Argument[0];log-injection", + ";;false;NSLog(_:_:);;;Argument[1].ArrayElement;log-injection", + ";;false;NSLogv(_:_:);;;Argument[0];log-injection", + ";;false;NSLogv(_:_:);;;Argument[1].ArrayElement;log-injection", + ";;false;vfprintf(_:_:_:);;;Agument[1..2];log-injection", + ";Logger;true;log(_:);;;Argument[0];log-injection", + ";Logger;true;log(level:_:);;;Argument[1];log-injection", + ";Logger;true;trace(_:);;;Argument[1];log-injection", + ";Logger;true;debug(_:);;;Argument[1];log-injection", + ";Logger;true;info(_:);;;Argument[1];log-injection", + ";Logger;true;notice(_:);;;Argument[1];log-injection", + ";Logger;true;warning(_:);;;Argument[1];log-injection", + ";Logger;true;error(_:);;;Argument[1];log-injection", + ";Logger;true;critical(_:);;;Argument[1];log-injection", + ";Logger;true;fault(_:);;;Argument[1];log-injection", ] } } From 9b35a9f74adec0dd62a144ee97939b52d7c28693 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Thu, 11 May 2023 14:01:25 +0200 Subject: [PATCH 288/870] Update java/ql/lib/ext/org.apache.hadoop.fs.model.yml Co-authored-by: Tony Torralba --- java/ql/lib/ext/org.apache.hadoop.fs.model.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/java/ql/lib/ext/org.apache.hadoop.fs.model.yml b/java/ql/lib/ext/org.apache.hadoop.fs.model.yml index c9a24e49e38..0ad8238f430 100644 --- a/java/ql/lib/ext/org.apache.hadoop.fs.model.yml +++ b/java/ql/lib/ext/org.apache.hadoop.fs.model.yml @@ -7,6 +7,7 @@ extensions: - ["org.apache.hadoop.fs", "Path", True, "Path", "(Path,Path)", "", "Argument[1]", "Argument[this]", "taint", "ai-generated"] - ["org.apache.hadoop.fs", "Path", True, "Path", "(Path,String)", "", "Argument[0]", "Argument[this]", "taint", "ai-generated"] - ["org.apache.hadoop.fs", "Path", True, "Path", "(Path,String)", "", "Argument[1]", "Argument[this]", "taint", "ai-generated"] + - ["org.apache.hadoop.fs", "Path", True, "Path", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "ai-generated"] - ["org.apache.hadoop.fs", "Path", True, "Path", "(String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "ai-generated"] - ["org.apache.hadoop.fs", "Path", True, "Path", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "ai-generated"] - ["org.apache.hadoop.fs", "Path", True, "Path", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "ai-generated"] From 712561ffa25a9637157b37e61ddb8336e4e5fc2d Mon Sep 17 00:00:00 2001 From: Ian Lynagh Date: Thu, 11 May 2023 13:02:35 +0100 Subject: [PATCH 289/870] Kotlin: Fix recommended variable names in error messages --- .../src/main/java/com/semmle/extractor/java/OdasaOutput.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java b/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java index fd4d71562f0..a1cc667dd43 100644 --- a/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java +++ b/java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java @@ -75,11 +75,11 @@ public class OdasaOutput { public OdasaOutput(boolean trackClassOrigins, Logger log) { String trapFolderVar = Env.systemEnv().getFirstNonEmpty("CODEQL_EXTRACTOR_JAVA_TRAP_DIR", Var.TRAP_FOLDER.name()); if (trapFolderVar == null) { - throw new ResourceError(Var.ODASA_JAVA_LAYOUT + " was not set"); + throw new ResourceError("CODEQL_EXTRACTOR_JAVA_TRAP_DIR was not set"); } String sourceArchiveVar = Env.systemEnv().getFirstNonEmpty("CODEQL_EXTRACTOR_JAVA_SOURCE_ARCHIVE_DIR", Var.SOURCE_ARCHIVE.name()); if (sourceArchiveVar == null) { - throw new ResourceError(Var.SOURCE_ARCHIVE + " was not set"); + throw new ResourceError("CODEQL_EXTRACTOR_JAVA_SOURCE_ARCHIVE_DIR was not set"); } this.trapFolder = new File(trapFolderVar); this.sourceArchiveFolder = new File(sourceArchiveVar); From 587ee539170df39f47e6359db51d063391bbf356 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Thu, 11 May 2023 14:09:27 +0200 Subject: [PATCH 290/870] Java: Fix ExternalApi.jarContainer(). --- java/ql/src/Telemetry/ExternalApi.qll | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/java/ql/src/Telemetry/ExternalApi.qll b/java/ql/src/Telemetry/ExternalApi.qll index 6189d12ba25..a8624f8fef6 100644 --- a/java/ql/src/Telemetry/ExternalApi.qll +++ b/java/ql/src/Telemetry/ExternalApi.qll @@ -10,10 +10,6 @@ private import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummary private import semmle.code.java.dataflow.TaintTracking private import semmle.code.java.dataflow.internal.ModelExclusions -private string containerAsJar(Container container) { - if container instanceof JarFile then result = container.getBaseName() else result = "rt.jar" -} - /** Holds if the given callable is not worth supporting. */ private predicate isUninteresting(Callable c) { c.getDeclaringType() instanceof TestLibrary or @@ -35,10 +31,18 @@ class ExternalApi extends Callable { "#" + this.getName() + paramsString(this) } + private string getJarName() { + result = this.getCompilationUnit().getParentContainer*().(JarFile).getBaseName() + } + /** * Gets the jar file containing this API. Normalizes the Java Runtime to "rt.jar" despite the presence of modules. */ - string jarContainer() { result = containerAsJar(this.getCompilationUnit().getParentContainer*()) } + string jarContainer() { + result = this.getJarName() + or + not exists(this.getJarName()) and result = "rt.jar" + } /** Gets a node that is an input to a call to this API. */ private DataFlow::Node getAnInput() { From c17b0e809fa78810ce72e1aa001535eb07e8f8d9 Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Thu, 11 May 2023 14:53:56 +0200 Subject: [PATCH 291/870] Apply suggestions from code review --- java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll index 08486b214d5..a0a2b3f1159 100644 --- a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll @@ -53,17 +53,17 @@ signature module CandidateSig { predicate isKnownKind(string kind, string humanReadableLabel, EndpointType type); /** - * Should hold for any endpoint that is a flow sanitizer. + * Holds if `e` is a flow sanitizer, and has type `t`. */ predicate isSanitizer(Endpoint e, EndpointType t); /** - * Should hold for any endpoint that is a sink of the given (known or unknown) kind. + * Holds if `e` is a sink with the label `label`. */ predicate isSink(Endpoint e, string kind); /** - * Should hold for any endpoint that is known to not be any sink. + * Holds if `e` is not a sink of any kind. */ predicate isNeutral(Endpoint e); From ca6ae26aad9d5243a62d387a9c1baed13d1c4960 Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Thu, 11 May 2023 14:56:16 +0200 Subject: [PATCH 292/870] Change provenance to ai-manual --- .../ql/lib/ext/org.apache.hadoop.fs.model.yml | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/java/ql/lib/ext/org.apache.hadoop.fs.model.yml b/java/ql/lib/ext/org.apache.hadoop.fs.model.yml index 0ad8238f430..ba819b73776 100644 --- a/java/ql/lib/ext/org.apache.hadoop.fs.model.yml +++ b/java/ql/lib/ext/org.apache.hadoop.fs.model.yml @@ -3,13 +3,13 @@ extensions: pack: codeql/java-all extensible: summaryModel data: - - ["org.apache.hadoop.fs", "Path", True, "Path", "(Path,Path)", "", "Argument[0]", "Argument[this]", "taint", "ai-generated"] - - ["org.apache.hadoop.fs", "Path", True, "Path", "(Path,Path)", "", "Argument[1]", "Argument[this]", "taint", "ai-generated"] - - ["org.apache.hadoop.fs", "Path", True, "Path", "(Path,String)", "", "Argument[0]", "Argument[this]", "taint", "ai-generated"] - - ["org.apache.hadoop.fs", "Path", True, "Path", "(Path,String)", "", "Argument[1]", "Argument[this]", "taint", "ai-generated"] - - ["org.apache.hadoop.fs", "Path", True, "Path", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "ai-generated"] - - ["org.apache.hadoop.fs", "Path", True, "Path", "(String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "ai-generated"] - - ["org.apache.hadoop.fs", "Path", True, "Path", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "ai-generated"] - - ["org.apache.hadoop.fs", "Path", True, "Path", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "ai-generated"] - - ["org.apache.hadoop.fs", "Path", True, "Path", "(String)", "", "Argument[0]", "Argument[this]", "taint", "ai-generated"] - - ["org.apache.hadoop.fs", "Path", True, "Path", "(URI)", "", "Argument[0]", "Argument[this]", "taint", "ai-generated"] + - ["org.apache.hadoop.fs", "Path", True, "Path", "(Path,Path)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"] + - ["org.apache.hadoop.fs", "Path", True, "Path", "(Path,Path)", "", "Argument[1]", "Argument[this]", "taint", "ai-manual"] + - ["org.apache.hadoop.fs", "Path", True, "Path", "(Path,String)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"] + - ["org.apache.hadoop.fs", "Path", True, "Path", "(Path,String)", "", "Argument[1]", "Argument[this]", "taint", "ai-manual"] + - ["org.apache.hadoop.fs", "Path", True, "Path", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "ai-manual"] + - ["org.apache.hadoop.fs", "Path", True, "Path", "(String,String,String)", "", "Argument[2]", "Argument[this]", "taint", "ai-manual"] + - ["org.apache.hadoop.fs", "Path", True, "Path", "(String,String)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"] + - ["org.apache.hadoop.fs", "Path", True, "Path", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "ai-manual"] + - ["org.apache.hadoop.fs", "Path", True, "Path", "(String)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"] + - ["org.apache.hadoop.fs", "Path", True, "Path", "(URI)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"] From 02a224c28f4e2e9727d5976fe86d742ae3333a92 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 11 May 2023 14:26:56 +0100 Subject: [PATCH 293/870] --identify-environment should write json to stdout --- .../cli/go-autobuilder/go-autobuilder.go | 40 +++++-------------- 1 file changed, 9 insertions(+), 31 deletions(-) diff --git a/go/extractor/cli/go-autobuilder/go-autobuilder.go b/go/extractor/cli/go-autobuilder/go-autobuilder.go index 0a6816169a9..cda8366959d 100644 --- a/go/extractor/cli/go-autobuilder/go-autobuilder.go +++ b/go/extractor/cli/go-autobuilder/go-autobuilder.go @@ -25,10 +25,8 @@ func usage() { Options: --identify-environment - Produce an environment file specifying which Go version should be installed in the environment - so that autobuilding will be successful. The location of this file is controlled by the - environment variable CODEQL_EXTRACTOR_ENVIRONMENT_JSON, or defaults to 'environment.json' if - that is not set. + Output some json on stdout specifying which Go version should be installed in the environment + so that autobuilding will be successful. Build behavior: @@ -928,39 +926,19 @@ func getVersionToInstall(v versionInfo) (msg, version string) { return getVersionWhenGoModVersionSupported(v) } -// Write an environment file to the current directory. If `version` is the empty string then -// write an empty environment file, otherwise write an environment file specifying the version -// of Go to install. The path to the environment file is specified by the -// CODEQL_EXTRACTOR_ENVIRONMENT_JSON environment variable, or defaults to `environment.json`. -func writeEnvironmentFile(version string) { +// Output some JSON to stdout specifying the version of Go to install, unless `version` is the +// empty string. +func outputEnvironmentJson(version string) { var content string if version == "" { content = `{ "include": [] }` } else { content = `{ "include": [ { "go": { "version": "` + version + `" } } ] }` } + _, err := fmt.Fprint(os.Stdout, content) - filename, ok := os.LookupEnv("CODEQL_EXTRACTOR_ENVIRONMENT_JSON") - if !ok { - filename = "environment.json" - } - - targetFile, err := os.Create(filename) if err != nil { - log.Println("Failed to create environment file " + filename + ": ") - log.Println(err) - return - } - defer func() { - if err := targetFile.Close(); err != nil { - log.Println("Failed to close environment file " + filename + ":") - log.Println(err) - } - }() - - _, err = targetFile.WriteString(content) - if err != nil { - log.Println("Failed to write to environment file " + filename + ": ") + log.Println("Failed to write environment json to stdout: ") log.Println(err) } } @@ -984,7 +962,7 @@ func isGoInstalled() bool { return err == nil } -// Get the version of Go to install and write it to an environment file. +// Get the version of Go to install and output it to stdout as json. func identifyEnvironment() { var v versionInfo depMode := getDepMode() @@ -998,7 +976,7 @@ func identifyEnvironment() { msg, versionToInstall := getVersionToInstall(v) log.Println(msg) - writeEnvironmentFile(versionToInstall) + outputEnvironmentJson(versionToInstall) } func main() { From 1beb348d95ea7ef9bac9d898894369ba7ca8630a Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 11 May 2023 14:27:11 +0100 Subject: [PATCH 294/870] Fix outdated message --- go/extractor/cli/go-autobuilder/go-autobuilder.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/go/extractor/cli/go-autobuilder/go-autobuilder.go b/go/extractor/cli/go-autobuilder/go-autobuilder.go index cda8366959d..9fcad68d42a 100644 --- a/go/extractor/cli/go-autobuilder/go-autobuilder.go +++ b/go/extractor/cli/go-autobuilder/go-autobuilder.go @@ -743,8 +743,8 @@ func getVersionWhenGoModVersionNotFound(v versionInfo) (msg, version string) { // There is no Go version installed in the environment. We have no indication which version // was intended to be used to build this project. Go versions are generally backwards // compatible, so we install the maximum supported version. - msg = "No version of Go installed and no `go.mod` file found. Writing an environment " + - "file specifying the maximum supported version of Go (" + maxGoVersion + ")." + msg = "No version of Go installed and no `go.mod` file found. Requesting the maximum " + + "supported version of Go (" + maxGoVersion + ")." version = maxGoVersion diagnostics.EmitNoGoModAndNoGoEnv(msg) } else if outsideSupportedRange(v.goEnvVersion) { From 0915d2ad77c11191f38d4a0b614d0c8778f69c3b Mon Sep 17 00:00:00 2001 From: Alexandre Boulgakov Date: Thu, 11 May 2023 14:43:13 +0100 Subject: [PATCH 295/870] Swift: Emit a diagnostic when attempting to use the autobuilder on Linux. --- swift/BUILD.bazel | 10 +++++- .../unsupported-os/diagnostics.expected | 19 ++++++++++ .../autobuilder/unsupported-os/test.py | 5 +++ swift/tools/autobuild.sh | 3 +- .../tools/autobuilder-diagnostics/BUILD.bazel | 17 +++++++++ .../IncompatibleOs.cpp | 35 +++++++++++++++++++ 6 files changed, 86 insertions(+), 3 deletions(-) create mode 100644 swift/integration-tests/linux-only/autobuilder/unsupported-os/diagnostics.expected create mode 100644 swift/integration-tests/linux-only/autobuilder/unsupported-os/test.py create mode 100644 swift/tools/autobuilder-diagnostics/BUILD.bazel create mode 100644 swift/tools/autobuilder-diagnostics/IncompatibleOs.cpp diff --git a/swift/BUILD.bazel b/swift/BUILD.bazel index eb7e6a86997..c4e41bb0817 100644 --- a/swift/BUILD.bazel +++ b/swift/BUILD.bazel @@ -57,6 +57,12 @@ pkg_runfiles( prefix = "tools/" + codeql_platform, ) +pkg_runfiles( + name = "incompatible-os", + srcs = ["//swift/tools/autobuilder-diagnostics:incompatible-os"], + prefix = "tools/" + codeql_platform, +) + pkg_files( name = "swift-test-sdk-arch", srcs = ["//swift/third_party/swift-llvm-support:swift-test-sdk"], @@ -70,7 +76,9 @@ pkg_filegroup( ":extractor", ":swift-test-sdk-arch", ] + select({ - "@platforms//os:linux": [], + "@platforms//os:linux": [ + ":incompatible-os", + ], "@platforms//os:macos": [ ":xcode-autobuilder", ], diff --git a/swift/integration-tests/linux-only/autobuilder/unsupported-os/diagnostics.expected b/swift/integration-tests/linux-only/autobuilder/unsupported-os/diagnostics.expected new file mode 100644 index 00000000000..6b5e3b71bbc --- /dev/null +++ b/swift/integration-tests/linux-only/autobuilder/unsupported-os/diagnostics.expected @@ -0,0 +1,19 @@ +{ + "helpLinks": [ + "https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idruns-on", + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning", + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language" + ], + "plaintextMessage": "CodeQL Swift analysis is currently only officially supported on macOS.\n\nChange the action runner to a macOS one. Analysis on Linux might work, but requires setting up a custom build command.", + "severity": "error", + "source": { + "extractorName": "swift", + "id": "swift/autobuilder/incompatible-os", + "name": "Incompatible operating system for autobuild (expected macOS)" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": true, + "telemetry": true + } +} diff --git a/swift/integration-tests/linux-only/autobuilder/unsupported-os/test.py b/swift/integration-tests/linux-only/autobuilder/unsupported-os/test.py new file mode 100644 index 00000000000..37aaa3ce344 --- /dev/null +++ b/swift/integration-tests/linux-only/autobuilder/unsupported-os/test.py @@ -0,0 +1,5 @@ +from create_database_utils import * +from diagnostics_test_utils import * + +run_codeql_database_create([], lang='swift', keep_trap=True, db=None, runFunction=runUnsuccessfully) +check_diagnostics() diff --git a/swift/tools/autobuild.sh b/swift/tools/autobuild.sh index e16f2153656..9be42363be6 100755 --- a/swift/tools/autobuild.sh +++ b/swift/tools/autobuild.sh @@ -3,6 +3,5 @@ if [[ "$OSTYPE" == "darwin"* ]]; then exec "${CODEQL_EXTRACTOR_SWIFT_ROOT}/tools/${CODEQL_PLATFORM}/xcode-autobuilder" else - echo "Not implemented yet" - exit 1 + exec "${CODEQL_EXTRACTOR_SWIFT_ROOT}/tools/${CODEQL_PLATFORM}/incompatible-os" fi diff --git a/swift/tools/autobuilder-diagnostics/BUILD.bazel b/swift/tools/autobuilder-diagnostics/BUILD.bazel new file mode 100644 index 00000000000..77d90121155 --- /dev/null +++ b/swift/tools/autobuilder-diagnostics/BUILD.bazel @@ -0,0 +1,17 @@ +load("//swift:rules.bzl", "swift_cc_binary") +load("//misc/bazel/cmake:cmake.bzl", "generate_cmake") + +swift_cc_binary( + name = "incompatible-os", + srcs = ["IncompatibleOs.cpp"], + visibility = ["//swift:__subpackages__"], + deps = [ + "//swift/logging", + ], +) + +generate_cmake( + name = "cmake", + targets = [":incompatible-os"], + visibility = ["//visibility:public"], +) diff --git a/swift/tools/autobuilder-diagnostics/IncompatibleOs.cpp b/swift/tools/autobuilder-diagnostics/IncompatibleOs.cpp new file mode 100644 index 00000000000..a9d1c552d76 --- /dev/null +++ b/swift/tools/autobuilder-diagnostics/IncompatibleOs.cpp @@ -0,0 +1,35 @@ +// Unconditionally emits a diagnostic about running the autobuilder on an incompatible, non-macOS OS +// and exits with an error code. +// +// This is implemented as a C++ binary instead of a hardcoded JSON file so we can leverage existing +// diagnostic machinery for emitting correct timestamps, generating correct file names, etc. + +#include "swift/logging/SwiftLogging.h" + +const std::string_view codeql::programName = "autobuilder"; + +namespace codeql_diagnostics { +constexpr codeql::SwiftDiagnosticsSource incompatible_os{ + "incompatible_os", "Incompatible operating system for autobuild (expected macOS)", + "Change the action runner to a macOS one. Analysis on Linux might work, but requires setting " + "up a custom build command", + "https://docs.github.com/en/actions/using-workflows/" + "workflow-syntax-for-github-actions#jobsjob_idruns-on " + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/" + "automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning " + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/" + "automatically-scanning-your-code-for-vulnerabilities-and-errors/" + "configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-" + "language"}; +} // namespace codeql_diagnostics + +static codeql::Logger& logger() { + static codeql::Logger ret{"main"}; + return ret; +} + +int main() { + DIAGNOSE_ERROR(incompatible_os, + "CodeQL Swift analysis is currently only officially supported on macOS"); + return 1; +} From c31ad01579e48164131c003f822e2afaf5cf088f Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Thu, 11 May 2023 16:18:52 +0200 Subject: [PATCH 296/870] squash ql-for-ql warnings --- .../Telemetry/AutomodelFrameworkModeCharacteristics.qll | 2 +- java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll index 990e30791f6..c2d119e8f29 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll @@ -173,7 +173,7 @@ class FrameworkModeMetadataExtractor extends MetadataExtractor { e.asParameter() = callable.getParameter(input) and package = callable.getDeclaringType().getPackage().getName() and type = callable.getDeclaringType().getErasure().(RefType).nestedName() and - subtypes = considerSubtypes(callable) and + subtypes = this.considerSubtypes(callable) and name = e.toString() and signature = ExternalFlow::paramsString(callable) ) diff --git a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll index a0a2b3f1159..f23340bf34f 100644 --- a/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelSharedCharacteristics.qll @@ -58,7 +58,7 @@ signature module CandidateSig { predicate isSanitizer(Endpoint e, EndpointType t); /** - * Holds if `e` is a sink with the label `label`. + * Holds if `e` is a sink with the label `kind`. */ predicate isSink(Endpoint e, string kind); @@ -273,12 +273,12 @@ module SharedCharacteristics { * Endpoints identified as sinks by the `CandidateSig` implementation are sinks with maximal confidence. */ private class KnownSinkCharacteristic extends SinkCharacteristic { - string madLabel; + string madKind; Candidate::EndpointType endpointType; - KnownSinkCharacteristic() { Candidate::isKnownKind(madLabel, this, endpointType) } + KnownSinkCharacteristic() { Candidate::isKnownKind(madKind, this, endpointType) } - override predicate appliesToEndpoint(Candidate::Endpoint e) { Candidate::isSink(e, madLabel) } + override predicate appliesToEndpoint(Candidate::Endpoint e) { Candidate::isSink(e, madKind) } override Candidate::EndpointType getSinkType() { result = endpointType } } From 760ba82c7acdd8c52eddc455afc9cd35c2869e16 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 11 May 2023 16:40:59 +0100 Subject: [PATCH 297/870] Fix unit tests --- .../cli/go-autobuilder/go-autobuilder_test.go | 60 ++++++++----------- 1 file changed, 26 insertions(+), 34 deletions(-) diff --git a/go/extractor/cli/go-autobuilder/go-autobuilder_test.go b/go/extractor/cli/go-autobuilder/go-autobuilder_test.go index caaa06e234d..8cb97be17ec 100644 --- a/go/extractor/cli/go-autobuilder/go-autobuilder_test.go +++ b/go/extractor/cli/go-autobuilder/go-autobuilder_test.go @@ -36,45 +36,37 @@ func TestParseGoVersion(t *testing.T) { func TestGetVersionToInstall(t *testing.T) { tests := map[versionInfo]string{ - // checkForUnsupportedVersions() - - // go.mod version below minGoVersion - {"0.0", true, "1.20.3", true}: "", - {"0.0", true, "9999.0", true}: "", - {"0.0", true, "1.2.2", true}: "", - {"0.0", true, "", false}: "", - // go.mod version above maxGoVersion - {"9999.0", true, "1.20.3", true}: "", - {"9999.0", true, "9999.0.1", true}: "", - {"9999.0", true, "1.1", true}: "", - {"9999.0", true, "", false}: "", - // Go installation found with version below minGoVersion - {"1.20", true, "1.2.2", true}: "1.20", - {"1.11", true, "1.2.2", true}: "1.11", + // getVersionWhenGoModVersionNotFound() + {"", false, "", false}: maxGoVersion, {"", false, "1.2.2", true}: maxGoVersion, - // Go installation found with version above maxGoVersion + {"", false, "9999.0.1", true}: maxGoVersion, + {"", false, "1.11.13", true}: "", + {"", false, "1.20.3", true}: "", + + // getVersionWhenGoModVersionTooHigh() + {"9999.0", true, "", false}: maxGoVersion, + {"9999.0", true, "9999.0.1", true}: "", + {"9999.0", true, "1.1", true}: maxGoVersion, + {"9999.0", true, minGoVersion, false}: maxGoVersion, + {"9999.0", true, maxGoVersion, true}: "", + + // getVersionWhenGoModVersionTooLow() + {"0.0", true, "", false}: minGoVersion, + {"0.0", true, "9999.0", true}: minGoVersion, + {"0.0", true, "1.2.2", true}: minGoVersion, + {"0.0", true, "1.20.3", true}: "", + + // getVersionWhenGoModVersionSupported() + {"1.20", true, "", false}: "1.20", + {"1.11", true, "", false}: "1.11", + {"1.20", true, "1.2.2", true}: "1.20", + {"1.11", true, "1.2.2", true}: "1.11", {"1.20", true, "9999.0.1", true}: "1.20", {"1.11", true, "9999.0.1", true}: "1.11", - {"", false, "9999.0.1", true}: maxGoVersion, - - // checkForVersionsNotFound() - - // Go installation not found, go.mod version in supported range - {"1.20", true, "", false}: "1.20", - {"1.11", true, "", false}: "1.11", - // Go installation not found, go.mod not found - {"", false, "", false}: maxGoVersion, - // Go installation found with version in supported range, go.mod not found - {"", false, "1.11.13", true}: "", - {"", false, "1.20.3", true}: "", - - // compareVersions() - - // Go installation found with version in supported range, go.mod version in supported range and go.mod version > go installation version + // go.mod version > go installation version {"1.20", true, "1.11.13", true}: "1.20", {"1.20", true, "1.12", true}: "1.20", - // Go installation found with version in supported range, go.mod version in supported range and go.mod version <= go installation version - // (Note comparisons ignore the patch version) + // go.mod version <= go installation version (Note comparisons ignore the patch version) {"1.11", true, "1.20", true}: "", {"1.11", true, "1.20.3", true}: "", {"1.20", true, "1.20.3", true}: "", From 3f2a059b3be21919d7ba0f24149b8b339a13a7a7 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Thu, 11 May 2023 17:52:02 +0200 Subject: [PATCH 298/870] Swift: add location support to TSP diagnostics This required a bit of an overhaul of the original integration of JSON diagnostics into binlog. The problem is that it is quite hard to add a kind of metadata to binlog entries without changing its code. Another problem is that when wanting to avoid double evaluation of logging macro arguments one cannot really add a separate "diagnose" step easily. The proposed solution consists in two things: * hook into a binlog plumbing function by providing a better overload resolution match, which happens after logging macro expansion, bypassing the problem of double evaluation * in that hook, produce the diagnostic directly, without waiting to reconstruct the diagnostics entry from the binlog serialized entry. This allows to forgo the weird category to diagnostic mapping, and now a diagnostics emission simply happens when a diagnostic source is given as the first argument after the log format string. A flavour of diganostics sources with locations is then added with the same mechanism, allowing to write something like ```cpp LOG_ERROR("[{}] ouch!", internalError.withLocation("foo.swift", 32)); ``` --- swift/logging/BUILD.bazel | 1 + swift/logging/SwiftDiagnostics.cpp | 55 +++----- swift/logging/SwiftDiagnostics.h | 123 +++++++++++++----- swift/logging/SwiftLogging.cpp | 19 +-- swift/logging/SwiftLogging.h | 116 +++++++++++++---- swift/third_party/BUILD.fmt.bazel | 10 ++ swift/third_party/load.bzl | 8 ++ .../CustomizingBuildDiagnostics.h | 4 +- swift/xcode-autobuilder/XcodeBuildRunner.cpp | 10 +- swift/xcode-autobuilder/xcode-autobuilder.cpp | 33 ++--- 10 files changed, 245 insertions(+), 134 deletions(-) create mode 100644 swift/third_party/BUILD.fmt.bazel diff --git a/swift/logging/BUILD.bazel b/swift/logging/BUILD.bazel index 598d3a3aa31..e38447e785d 100644 --- a/swift/logging/BUILD.bazel +++ b/swift/logging/BUILD.bazel @@ -6,6 +6,7 @@ cc_library( deps = [ "@absl//absl/strings", "@binlog", + "@fmt", "@json", ], ) diff --git a/swift/logging/SwiftDiagnostics.cpp b/swift/logging/SwiftDiagnostics.cpp index dfe86f8186f..947f74de01c 100644 --- a/swift/logging/SwiftDiagnostics.cpp +++ b/swift/logging/SwiftDiagnostics.cpp @@ -1,7 +1,6 @@ #include "swift/logging/SwiftDiagnostics.h" #include -#include #include "absl/strings/str_join.h" #include "absl/strings/str_cat.h" #include "absl/strings/str_split.h" @@ -9,17 +8,9 @@ namespace codeql { -namespace { -Logger& logger() { - static Logger ret{"diagnostics"}; - return ret; -} -} // namespace - -void SwiftDiagnosticsSource::emit(std::ostream& out, - std::string_view timestamp, - std::string_view message) const { - nlohmann::json entry = { +nlohmann::json SwiftDiagnosticsSource::json(const std::chrono::system_clock::time_point& timestamp, + std::string_view message) const { + return { {"source", { {"id", sourceId()}, @@ -35,34 +26,28 @@ void SwiftDiagnosticsSource::emit(std::ostream& out, {"severity", "error"}, {"helpLinks", std::vector(absl::StrSplit(helpLinks, ' '))}, {"plaintextMessage", absl::StrCat(message, ".\n\n", action, ".")}, - {"timestamp", timestamp}, + {"timestamp", fmt::format("{:%FT%T%z}", timestamp)}, }; - out << entry << '\n'; } std::string SwiftDiagnosticsSource::sourceId() const { - auto ret = absl::StrJoin({extractorName, programName, id}, "/"); - std::replace(ret.begin(), ret.end(), '_', '-'); - return ret; -} -void SwiftDiagnosticsSource::registerImpl(const SwiftDiagnosticsSource* source) { - auto [it, inserted] = map().emplace(source->id, source); - CODEQL_ASSERT(inserted, "duplicate diagnostics source detected with id {}", source->id); + return absl::StrJoin({extractorName, programName, id}, "/"); } -void SwiftDiagnosticsDumper::write(const char* buffer, std::size_t bufferSize) { - binlog::Range range{buffer, bufferSize}; - binlog::RangeEntryStream input{range}; - while (auto event = events.nextEvent(input)) { - const auto& source = SwiftDiagnosticsSource::get(event->source->category); - std::ostringstream oss; - timestampedMessagePrinter.printEvent(oss, *event, events.writerProp(), events.clockSync()); - // TODO(C++20) use oss.view() directly - auto data = oss.str(); - std::string_view view = data; - using ViewPair = std::pair; - auto [timestamp, message] = ViewPair(absl::StrSplit(view, absl::MaxSplits(' ', 1))); - source.emit(output, timestamp, message); - } +nlohmann::json SwiftDiagnosticsSourceWithLocation::json( + const std::chrono::system_clock::time_point& timestamp, + std::string_view message) const { + auto ret = source.json(timestamp, message); + auto& location = ret["location"] = {{"file", file}}; + if (startLine) location["startLine"] = startLine; + if (startColumn) location["startColumn"] = startColumn; + if (endLine) location["endLine"] = endLine; + if (endColumn) location["endColumn"] = endColumn; + return ret; +} + +std::string SwiftDiagnosticsSourceWithLocation::str() const { + return absl::StrCat(source.id, "@", file, ":", startLine, ":", startColumn, ":", endLine, ":", + endColumn); } } // namespace codeql diff --git a/swift/logging/SwiftDiagnostics.h b/swift/logging/SwiftDiagnostics.h index 81d7f170ff3..6b97bbf6c0a 100644 --- a/swift/logging/SwiftDiagnostics.h +++ b/swift/logging/SwiftDiagnostics.h @@ -1,7 +1,6 @@ #pragma once -#include -#include +#include #include #include #include @@ -10,11 +9,31 @@ #include #include #include +#include +#include +#include namespace codeql { extern const std::string_view programName; +struct SwiftDiagnosticsSource; + +struct SwiftDiagnosticsSourceWithLocation { + const SwiftDiagnosticsSource& source; + std::string_view file; + unsigned startLine; + unsigned startColumn; + unsigned endLine; + unsigned endColumn; + + // see SwiftDiagnosticsSource::json + nlohmann::json json(const std::chrono::system_clock::time_point& timestamp, + std::string_view message) const; + + std::string str() const; +}; + // Models a diagnostic source for Swift, holding static information that goes out into a diagnostic // These are internally stored into a map on id's. A specific error log can use binlog's category // as id, which will then be used to recover the diagnostic source while dumping. @@ -29,36 +48,25 @@ struct SwiftDiagnosticsSource { // for the moment, we only output errors, so no need to store the severity - // registers a diagnostics source for later retrieval with get, if not done yet - template - static void ensureRegistered() { - static std::once_flag once; - std::call_once(once, registerImpl, Source); - } - - // gets a previously inscribed SwiftDiagnosticsSource for the given id. Will abort if none exists - static const SwiftDiagnosticsSource& get(const std::string& id) { return *map().at(id); } - - // emit a JSON diagnostics for this source with the given timestamp and message to out + // create a JSON diagnostics for this source with the given timestamp and message to out // A plaintextMessage is used that includes both the message and the action to take. Dots are // appended to both. The id is used to construct the source id in the form - // `swift//` - void emit(std::ostream& out, std::string_view timestamp, std::string_view message) const; + // `swift//` + nlohmann::json json(const std::chrono::system_clock::time_point& timestamp, + std::string_view message) const; + + SwiftDiagnosticsSourceWithLocation withLocation(std::string_view file, + unsigned startLine = 0, + unsigned startColumn = 0, + unsigned endLine = 0, + unsigned endColumn = 0) const { + return {*this, file, startLine, startColumn, endLine, endColumn}; + } private: - static void registerImpl(const SwiftDiagnosticsSource* source); - std::string sourceId() const; - using Map = std::unordered_map; - - static Map& map() { - static Map ret; - return ret; - } }; -// An output modeling binlog's output stream concept that intercepts binlog entries and translates -// them to appropriate diagnostics JSON entries class SwiftDiagnosticsDumper { public: // opens path for writing out JSON entries. Returns whether the operation was successful. @@ -69,22 +77,65 @@ class SwiftDiagnosticsDumper { void flush() { output.flush(); } - // write out binlog entries as corresponding JSON diagnostics entries. Expects all entries to have - // a category equal to an id of a previously created SwiftDiagnosticSource. - void write(const char* buffer, std::size_t bufferSize); + template + void write(const Source& source, + const std::chrono::system_clock::time_point& timestamp, + std::string_view message) { + if (output) { + output << source.json(timestamp, message) << '\n'; + } + } + + bool good() const { return output.good(); } + explicit operator bool() const { return good(); } private: - binlog::EventStream events; std::ofstream output; - binlog::PrettyPrinter timestampedMessagePrinter{"%u %m", "%Y-%m-%dT%H:%M:%S.%NZ"}; }; -} // namespace codeql - -namespace codeql_diagnostics { -constexpr codeql::SwiftDiagnosticsSource internal_error{ - "internal_error", +constexpr codeql::SwiftDiagnosticsSource internalError{ + "internal-error", "Internal error", "Contact us about this issue", }; -} // namespace codeql_diagnostics +} // namespace codeql + +namespace mserialize { +// log diagnostic sources using just their id, using binlog/mserialize internal plumbing +template <> +struct CustomTag : detail::BuiltinTag { + using T = codeql::SwiftDiagnosticsSource; +}; + +template <> +struct CustomSerializer { + template + static void serialize(const codeql::SwiftDiagnosticsSource& source, OutputStream& out) { + mserialize::serialize(source.id, out); + } + + static size_t serialized_size(const codeql::SwiftDiagnosticsSource& source) { + return mserialize::serialized_size(source.id); + } +}; + +template <> +struct CustomTag + : detail::BuiltinTag { + using T = codeql::SwiftDiagnosticsSourceWithLocation; +}; + +template <> +struct CustomSerializer { + template + static void serialize(const codeql::SwiftDiagnosticsSourceWithLocation& source, + OutputStream& out) { + mserialize::serialize(source.str(), out); + } + + static size_t serialized_size(const codeql::SwiftDiagnosticsSourceWithLocation& source) { + return mserialize::serialized_size(source.str()); + } +}; + +} // namespace mserialize diff --git a/swift/logging/SwiftLogging.cpp b/swift/logging/SwiftLogging.cpp index 2cea555e0c8..e4db45f9872 100644 --- a/swift/logging/SwiftLogging.cpp +++ b/swift/logging/SwiftLogging.cpp @@ -60,7 +60,7 @@ std::vector Log::collectLevelRulesAndReturnProblems(const char* env // expect comma-separated : std::regex comma{","}; std::regex levelAssignment{ - R"((?:([*./\w]+)|(?:out:(binary|text|console|diagnostics))):()" LEVEL_REGEX_PATTERN ")"}; + R"((?:([*./\w]+)|(?:out:(binary|text|console))):()" LEVEL_REGEX_PATTERN ")"}; std::cregex_token_iterator begin{levels, levels + strlen(levels), comma, -1}; std::cregex_token_iterator end{}; for (auto it = begin; it != end; ++it) { @@ -84,8 +84,6 @@ std::vector Log::collectLevelRulesAndReturnProblems(const char* env text.level = level; } else if (out == "console") { console.level = level; - } else if (out == "diagnostics") { - diagnostics.level = level; } } } else { @@ -132,30 +130,27 @@ void Log::configure() { text.level = Level::no_logs; } } - if (diagnostics) { - std::filesystem::path diagFile = - getEnvOr("CODEQL_EXTRACTOR_SWIFT_DIAGNOSTIC_DIR", "extractor-out/diagnostics"); + if (auto diagDir = getEnvOr("CODEQL_EXTRACTOR_SWIFT_DIAGNOSTIC_DIR", nullptr)) { + std::filesystem::path diagFile = diagDir; diagFile /= programName; diagFile /= logBaseName; diagFile.replace_extension(".jsonl"); std::error_code ec; std::filesystem::create_directories(diagFile.parent_path(), ec); if (!ec) { - if (!diagnostics.output.open(diagFile)) { + if (!diagnostics.open(diagFile)) { problems.emplace_back("Unable to open diagnostics json file " + diagFile.string()); - diagnostics.level = Level::no_logs; } } else { problems.emplace_back("Unable to create diagnostics directory " + diagFile.parent_path().string() + ": " + ec.message()); - diagnostics.level = Level::no_logs; } } for (const auto& problem : problems) { LOG_ERROR("{}", problem); } LOG_INFO("Logging configured (binary: {}, text: {}, console: {}, diagnostics: {})", binary.level, - text.level, console.level, diagnostics.level); + text.level, console.level, diagnostics.good()); initialized = true; flushImpl(); } @@ -169,7 +164,7 @@ void Log::flushImpl() { binary.output.flush(); } if (diagnostics) { - diagnostics.output.flush(); + diagnostics.flush(); } } @@ -190,7 +185,6 @@ Log& Log::write(const char* buffer, std::streamsize size) { if (text) text.write(buffer, size); if (binary) binary.write(buffer, size); if (console) console.write(buffer, size); - if (diagnostics) diagnostics.write(buffer, size); return *this; } @@ -198,5 +192,4 @@ Logger& Log::logger() { static Logger ret{getLoggerConfigurationImpl("logging")}; return ret; } - } // namespace codeql diff --git a/swift/logging/SwiftLogging.h b/swift/logging/SwiftLogging.h index e07b46e245d..8c235872068 100644 --- a/swift/logging/SwiftLogging.h +++ b/swift/logging/SwiftLogging.h @@ -23,6 +23,11 @@ // * passing a logger around using a `Logger& logger` function parameter // They are created with a name that appears in the logs and can be used to filter debug levels (see // `Logger`). +// If the first argument after the format is a SwiftDiagnosticSource or +// SwiftDiagnosticSourceWithLocation, a JSON diagnostic entry is emitted. In this case the +// format string **must** start with "[{}] " (which is checked at compile time), and everything +// following that is used to form the message in the diagnostics using fmt::format instead of the +// internal binlog formatting. The two are fairly compatible though. #define LOG_CRITICAL(...) LOG_WITH_LEVEL(critical, __VA_ARGS__) #define LOG_ERROR(...) LOG_WITH_LEVEL(error, __VA_ARGS__) #define LOG_WARNING(...) LOG_WITH_LEVEL(warning, __VA_ARGS__) @@ -30,11 +35,18 @@ #define LOG_DEBUG(...) LOG_WITH_LEVEL(debug, __VA_ARGS__) #define LOG_TRACE(...) LOG_WITH_LEVEL(trace, __VA_ARGS__) +#define CODEQL_GET_SECOND(...) CODEQL_GET_SECOND_I(__VA_ARGS__, 0, 0) +#define CODEQL_GET_SECOND_I(X, Y, ...) Y + // only do the actual logging if the picked up `Logger` instance is configured to handle the // provided log level. `LEVEL` must be a compile-time constant. `logger()` is evaluated once +// TODO(C++20) replace non-standard ##__VA_ARGS__ with __VA_OPT__(,) __VA_ARGS__ #define LOG_WITH_LEVEL_AND_CATEGORY(LEVEL, CATEGORY, ...) \ do { \ - constexpr codeql::Log::Level _level = ::codeql::Log::Level::LEVEL; \ + static_assert(::codeql::detail::checkLogArgs( \ + MSERIALIZE_FIRST(__VA_ARGS__)), \ + "diagnostics logs must have format starting with \"[{}]\""); \ + constexpr auto _level = ::codeql::Log::Level::LEVEL; \ ::codeql::Logger& _logger = logger(); \ if (_level >= _logger.level()) { \ BINLOG_CREATE_SOURCE_AND_EVENT(_logger.writer(), _level, CATEGORY, ::binlog::clockNow(), \ @@ -47,17 +59,6 @@ #define LOG_WITH_LEVEL(LEVEL, ...) LOG_WITH_LEVEL_AND_CATEGORY(LEVEL, , __VA_ARGS__) -// Emit errors with a specified diagnostics ID. This must be the name of a `SwiftDiagnosticsSource` -// defined in the `codeql_diagnostics` namespace, which must have `id` equal to its name. -#define DIAGNOSE_CRITICAL(ID, ...) DIAGNOSE_WITH_LEVEL(critical, ID, __VA_ARGS__) -#define DIAGNOSE_ERROR(ID, ...) DIAGNOSE_WITH_LEVEL(error, ID, __VA_ARGS__) - -#define DIAGNOSE_WITH_LEVEL(LEVEL, ID, ...) \ - do { \ - ::codeql::SwiftDiagnosticsSource::ensureRegistered<&::codeql_diagnostics::ID>(); \ - LOG_WITH_LEVEL_AND_CATEGORY(LEVEL, ID, __VA_ARGS__); \ - } while (false) - // avoid calling into binlog's original macros #undef BINLOG_CRITICAL #undef BINLOG_CRITICAL_W @@ -125,6 +126,13 @@ class Log { return instance().getLoggerConfigurationImpl(name); } + template + static void diagnose(const Source& source, + const std::chrono::system_clock::time_point& time, + std::string_view message) { + instance().diagnostics.write(source, time, message); + } + private: static constexpr const char* format = "%u %S [%n] %m (%G:%L)\n"; static bool initialized; @@ -140,14 +148,13 @@ class Log { void configure(); void flushImpl(); + LoggerConfiguration getLoggerConfigurationImpl(std::string_view name); // make `session.consume(*this)` work, which requires access to `write` friend binlog::Session; Log& write(const char* buffer, std::streamsize size); - struct OnlyWithCategory {}; - // Output filtered according to a configured log level template struct FilteredOutput { @@ -159,12 +166,6 @@ class Log { FilteredOutput(Level level, Args&&... args) : level{level}, output{std::forward(args)...}, filter{filterOnLevel()} {} - template - FilteredOutput(OnlyWithCategory, Level level, Args&&... args) - : level{level}, - output{std::forward(args)...}, - filter{filterOnLevelAndNonEmptyCategory()} {} - FilteredOutput& write(const char* buffer, std::streamsize size) { filter.writeAllowed(buffer, size, output); return *this; @@ -174,12 +175,6 @@ class Log { return [this](const binlog::EventSource& src) { return src.severity >= level; }; } - binlog::EventFilter::Predicate filterOnLevelAndNonEmptyCategory() const { - return [this](const binlog::EventSource& src) { - return !src.category.empty() && src.severity >= level; - }; - } - // if configured as `no_logs`, the output is effectively disabled explicit operator bool() const { return level < Level::no_logs; } }; @@ -192,7 +187,7 @@ class Log { FilteredOutput binary{Level::no_logs}; FilteredOutput text{Level::info, textFile, format}; FilteredOutput console{Level::warning, std::cerr, format}; - FilteredOutput diagnostics{OnlyWithCategory{}, Level::error}; + SwiftDiagnosticsDumper diagnostics{}; LevelRules sourceRules; std::vector collectLevelRulesAndReturnProblems(const char* envVar); }; @@ -228,4 +223,71 @@ class Logger { Log::Level level_; }; +namespace detail { +constexpr std::string_view diagnosticsFormatPrefix = "[{}] "; + +template +constexpr bool checkLogArgs(std::string_view format) { + using Type = std::remove_cv_t>; + constexpr bool isDiagnostic = std::is_same_v || + std::is_same_v; + return !isDiagnostic || + format.substr(0, diagnosticsFormatPrefix.size()) == diagnosticsFormatPrefix; +} + +template +void binlogAddEventIgnoreFirstOverload(Writer& writer, + std::uint64_t eventSourceId, + std::uint64_t clock, + const char* format, + const Source& source, + T&&... t) { + std::chrono::system_clock::time_point point{ + std::chrono::duration_cast( + std::chrono::nanoseconds{clock})}; + constexpr auto offset = ::codeql::detail::diagnosticsFormatPrefix.size(); + ::codeql::Log::diagnose(source, point, fmt::format(format + offset, t...)); + writer.addEvent(eventSourceId, clock, source, std::forward(t)...); +} + +} // namespace detail } // namespace codeql + +// we intercept this binlog plumbing function providing better overload resolution matches in +// case the first non-format argument is a diagnostic source, and emit it in that case with the +// same timestamp +namespace binlog::detail { +template +void addEventIgnoreFirst(Writer& writer, + std::uint64_t eventSourceId, + std::uint64_t clock, + const char (&format)[N], + const codeql::SwiftDiagnosticsSource& source, + T&&... t) { + codeql::detail::binlogAddEventIgnoreFirstOverload(writer, eventSourceId, clock, format, source, + std::forward(t)...); +} + +template +void addEventIgnoreFirst(Writer& writer, + std::uint64_t eventSourceId, + std::uint64_t clock, + const char (&format)[N], + codeql::SwiftDiagnosticsSourceWithLocation&& source, + T&&... t) { + codeql::detail::binlogAddEventIgnoreFirstOverload(writer, eventSourceId, clock, format, source, + std::forward(t)...); +} + +template +void addEventIgnoreFirst(Writer& writer, + std::uint64_t eventSourceId, + std::uint64_t clock, + const char (&format)[N], + const codeql::SwiftDiagnosticsSourceWithLocation& source, + T&&... t) { + codeql::detail::binlogAddEventIgnoreFirstOverload(writer, eventSourceId, clock, format, source, + std::forward(t)...); +} + +} // namespace binlog::detail diff --git a/swift/third_party/BUILD.fmt.bazel b/swift/third_party/BUILD.fmt.bazel new file mode 100644 index 00000000000..78a3639bf26 --- /dev/null +++ b/swift/third_party/BUILD.fmt.bazel @@ -0,0 +1,10 @@ +cc_library( + name = "fmt", + srcs = [ + "src/format.cc", + "src/os.cc", + ], + hdrs = glob(["include/**/*.h"]), + includes = ["include"], + visibility = ["//visibility:public"], +) diff --git a/swift/third_party/load.bzl b/swift/third_party/load.bzl index cc5de3427a0..b909ff97e21 100644 --- a/swift/third_party/load.bzl +++ b/swift/third_party/load.bzl @@ -70,3 +70,11 @@ def load_dependencies(workspace_name): commit = "6af826d0bdb55e4b69e3ad817576745335f243ca", sha256 = "702bb0231a5e21c0374230fed86c8ae3d07ee50f34ffd420e7f8249854b7d85b", ) + + _github_archive( + name = "fmt", + repository = "fmtlib/fmt", + build_file = _build(workspace_name, "fmt"), + commit = "a0b8a92e3d1532361c2f7feb63babc5c18d00ef2", + sha256 = "ccf872fd4aa9ab3d030d62cffcb258ca27f021b2023a0244b2cf476f984be955", + ) diff --git a/swift/xcode-autobuilder/CustomizingBuildDiagnostics.h b/swift/xcode-autobuilder/CustomizingBuildDiagnostics.h index 7920e4a62ca..d8c68136e2f 100644 --- a/swift/xcode-autobuilder/CustomizingBuildDiagnostics.h +++ b/swift/xcode-autobuilder/CustomizingBuildDiagnostics.h @@ -1,6 +1,6 @@ #include -namespace codeql_diagnostics { +namespace codeql { constexpr std::string_view customizingBuildAction = "Set up a manual build command"; constexpr std::string_view customizingBuildHelpLinks = "https://docs.github.com/en/enterprise-server/code-security/code-scanning/" @@ -9,4 +9,4 @@ constexpr std::string_view customizingBuildHelpLinks = "automatically-scanning-your-code-for-vulnerabilities-and-errors/" "configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-" "language"; -} // namespace codeql_diagnostics +} // namespace codeql diff --git a/swift/xcode-autobuilder/XcodeBuildRunner.cpp b/swift/xcode-autobuilder/XcodeBuildRunner.cpp index d6e14155052..3d34509eb85 100644 --- a/swift/xcode-autobuilder/XcodeBuildRunner.cpp +++ b/swift/xcode-autobuilder/XcodeBuildRunner.cpp @@ -8,9 +8,9 @@ #include "swift/logging/SwiftLogging.h" #include "swift/xcode-autobuilder/CustomizingBuildDiagnostics.h" -namespace codeql_diagnostics { -constexpr codeql::SwiftDiagnosticsSource build_command_failed{ - "build_command_failed", "Detected build command failed", customizingBuildAction, +namespace codeql { +constexpr SwiftDiagnosticsSource buildCommandFailed{ + "build-command-failed", "Detected build command failed", customizingBuildAction, customizingBuildHelpLinks}; } @@ -70,8 +70,8 @@ void buildTarget(Target& target, bool dryRun) { std::cout << absl::StrJoin(argv, " ") << "\n"; } else { if (!exec(argv)) { - DIAGNOSE_ERROR(build_command_failed, "The detected build command failed (tried {})", - absl::StrJoin(argv, " ")); + LOG_ERROR("[{}] The detected build command failed (tried {})", codeql::buildCommandFailed, + absl::StrJoin(argv, " ")); codeql::Log::flush(); exit(1); } diff --git a/swift/xcode-autobuilder/xcode-autobuilder.cpp b/swift/xcode-autobuilder/xcode-autobuilder.cpp index bcdf826700b..de50ed33c1f 100644 --- a/swift/xcode-autobuilder/xcode-autobuilder.cpp +++ b/swift/xcode-autobuilder/xcode-autobuilder.cpp @@ -12,19 +12,19 @@ static const char* unitTest = "com.apple.product-type.bundle.unit-test"; const std::string_view codeql::programName = "autobuilder"; -namespace codeql_diagnostics { -constexpr codeql::SwiftDiagnosticsSource no_project_found{ - "no_project_found", "No Xcode project or workspace detected", customizingBuildAction, - customizingBuildHelpLinks}; +namespace codeql { +constexpr SwiftDiagnosticsSource noProjectFound{"no-project-found", + "No Xcode project or workspace detected", + customizingBuildAction, customizingBuildHelpLinks}; -constexpr codeql::SwiftDiagnosticsSource no_swift_target{ - "no_swift_target", "No Swift compilation target found", customizingBuildAction, - customizingBuildHelpLinks}; +constexpr SwiftDiagnosticsSource noSwiftTarget{"no-swift-target", + "No Swift compilation target found", + customizingBuildAction, customizingBuildHelpLinks}; -constexpr codeql::SwiftDiagnosticsSource spm_not_supported{ - "spm_not_supported", "Swift Package Manager build unsupported by autobuild", +constexpr SwiftDiagnosticsSource spmNotSupported{ + "spm-not-supported", "Swift Package Manager build unsupported by autobuild", customizingBuildAction, customizingBuildHelpLinks}; -} // namespace codeql_diagnostics +} // namespace codeql static codeql::Logger& logger() { static codeql::Logger ret{"main"}; @@ -53,14 +53,15 @@ static void autobuild(const CLIArgs& args) { std::sort(std::begin(targets), std::end(targets), [](Target& lhs, Target& rhs) { return lhs.fileCount > rhs.fileCount; }); if ((!collected.xcodeEncountered || targets.empty()) && collected.swiftPackageEncountered) { - DIAGNOSE_ERROR(spm_not_supported, - "No viable Swift Xcode target was found but a Swift package was detected. Swift " - "Package Manager builds are not yet supported by the autobuilder"); + LOG_ERROR("[{}] No viable Swift Xcode target was found but a Swift package was detected. Swift " + "Package Manager builds are not yet supported by the autobuilder", + codeql::spmNotSupported); } else if (!collected.xcodeEncountered) { - DIAGNOSE_ERROR(no_project_found, "No Xcode project or workspace was found"); + LOG_ERROR("[{}] No Xcode project or workspace was found", codeql::noProjectFound); } else if (targets.empty()) { - DIAGNOSE_ERROR(no_swift_target, "All targets found within Xcode projects or workspaces either " - "have no Swift sources or are tests"); + LOG_ERROR("[{}] All targets found within Xcode projects or workspaces either " + "have no Swift sources or are tests", + codeql::noSwiftTarget); } else { LOG_INFO("Selected {}", targets.front()); buildTarget(targets.front(), args.dryRun); From 3981bb1f58f6f8514123f160771d1be2388ef288 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 11 May 2023 17:10:02 +0100 Subject: [PATCH 299/870] Indent comment in Makefile better --- go/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go/Makefile b/go/Makefile index 8950bac6a21..60a47fd09d6 100644 --- a/go/Makefile +++ b/go/Makefile @@ -113,7 +113,7 @@ ql/lib/go.dbscheme.stats: ql/lib/go.dbscheme build/stats/src.stamp extractor test: all build/testdb/check-upgrade-path codeql test run -j0 ql/test --search-path build/codeql-extractor-go --consistency-queries ql/test/consistency --compilation-cache=$(cache) - # use GOOS=linux because GOOS=darwin GOARCH=386 is no longer supported +# use GOOS=linux because GOOS=darwin GOARCH=386 is no longer supported env GOOS=linux GOARCH=386 codeql$(EXE) test run -j0 ql/test/query-tests/Security/CWE-681 --search-path build/codeql-extractor-go --consistency-queries ql/test/consistency --compilation-cache=$(cache) cd extractor; go test -mod=vendor ./... | grep -vF "[no test files]" bash extractor-smoke-test/test.sh || (echo "Extractor smoke test FAILED"; exit 1) From 77c83577052ff79e839ebf8017cdb07425010254 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 11 May 2023 17:07:47 +0100 Subject: [PATCH 300/870] Do not obscure exit code with call to grep The output is a bit more verbose, but this is hard to avoid --- go/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go/Makefile b/go/Makefile index 60a47fd09d6..7e119b36f03 100644 --- a/go/Makefile +++ b/go/Makefile @@ -115,7 +115,7 @@ test: all build/testdb/check-upgrade-path codeql test run -j0 ql/test --search-path build/codeql-extractor-go --consistency-queries ql/test/consistency --compilation-cache=$(cache) # use GOOS=linux because GOOS=darwin GOARCH=386 is no longer supported env GOOS=linux GOARCH=386 codeql$(EXE) test run -j0 ql/test/query-tests/Security/CWE-681 --search-path build/codeql-extractor-go --consistency-queries ql/test/consistency --compilation-cache=$(cache) - cd extractor; go test -mod=vendor ./... | grep -vF "[no test files]" + cd extractor; go test -mod=vendor ./... bash extractor-smoke-test/test.sh || (echo "Extractor smoke test FAILED"; exit 1) .PHONY: build/testdb/check-upgrade-path From ae6fda03b7aed665418440fe911975080c218252 Mon Sep 17 00:00:00 2001 From: Porcupiney Hairs Date: Thu, 11 May 2023 23:56:50 +0530 Subject: [PATCH 301/870] Include changes from review --- go/ql/src/experimental/CWE-203/Timing.qhelp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go/ql/src/experimental/CWE-203/Timing.qhelp b/go/ql/src/experimental/CWE-203/Timing.qhelp index 7233c4c6c50..5fe189d66b5 100644 --- a/go/ql/src/experimental/CWE-203/Timing.qhelp +++ b/go/ql/src/experimental/CWE-203/Timing.qhelp @@ -14,7 +14,7 @@

    In the following examples, the code accepts a secret via a HTTP header in variable - secretHeader and a secret from the user in theheaderSecret variable, which + secretHeader and a secret from the user in the headerSecret variable, which are then compared with a system stored secret to perform authentication.

    From 2c518c1fa6d2602ba0b7cb6a0b97136fae6866bf Mon Sep 17 00:00:00 2001 From: Porcupiney Hairs Date: Fri, 12 May 2023 01:59:42 +0530 Subject: [PATCH 302/870] Include changes from review --- .../CWE-134/DsnInjectionCustomizations.qll | 5 +---- go/ql/test/experimental/CWE-134/Dsn.go | 18 ++++++++++++++++++ .../CWE-134/DsnInjectionLocal.expected | 19 +++++++++++++++++++ 3 files changed, 38 insertions(+), 4 deletions(-) diff --git a/go/ql/src/experimental/CWE-134/DsnInjectionCustomizations.qll b/go/ql/src/experimental/CWE-134/DsnInjectionCustomizations.qll index c87edd989a9..de547b8a07d 100644 --- a/go/ql/src/experimental/CWE-134/DsnInjectionCustomizations.qll +++ b/go/ql/src/experimental/CWE-134/DsnInjectionCustomizations.qll @@ -27,7 +27,7 @@ private class DecodeFunctionModel extends TaintTracking::FunctionModel { DecodeFunctionModel() { // This matches any function with a name like `Decode`,`Unmarshal` or `Parse`. // This is done to allow taints stored in encoded forms, such as in toml or json to flow freely. - this.getName().matches("(?i).*(parse|decode|unmarshal).*") + this.getName().regexpMatch("(?i).*(parse|decode|unmarshal).*") } override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { @@ -38,9 +38,6 @@ private class DecodeFunctionModel extends TaintTracking::FunctionModel { /** A model of `flag.Parse`, propagating tainted input passed via CLI flags to `Parse`'s result. */ private class FlagSetFunctionModel extends TaintTracking::FunctionModel { - FunctionInput inp; - FunctionOutput outp; - FlagSetFunctionModel() { this.hasQualifiedName("flag", "Parse") } override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { diff --git a/go/ql/test/experimental/CWE-134/Dsn.go b/go/ql/test/experimental/CWE-134/Dsn.go index b19a8a60816..3cdabc7cb3f 100644 --- a/go/ql/test/experimental/CWE-134/Dsn.go +++ b/go/ql/test/experimental/CWE-134/Dsn.go @@ -51,6 +51,24 @@ func bad2(w http.ResponseWriter, req *http.Request) interface{} { return db } +type Config struct { + dsn string +} + +func NewConfig() *Config { return &Config{dsn: ""} } +func (Config) Parse([]string) error { return nil } + +func RegexFuncModelTest(w http.ResponseWriter, req *http.Request) (interface{}, error) { + cfg := NewConfig() + err := cfg.Parse(os.Args[1:]) // This is bad. `name` can be something like `test?allowAllFiles=true&` which will allow an attacker to access local files. + if err != nil { + return nil, err + } + dbDSN := fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=utf8", "username", "password", "127.0.0.1", 3306, cfg.dsn) + db, _ := sql.Open("mysql", dbDSN) + return db, nil +} + func main() { bad2(nil, nil) good() diff --git a/go/ql/test/experimental/CWE-134/DsnInjectionLocal.expected b/go/ql/test/experimental/CWE-134/DsnInjectionLocal.expected index a4d8a822bbe..de5e959d43f 100644 --- a/go/ql/test/experimental/CWE-134/DsnInjectionLocal.expected +++ b/go/ql/test/experimental/CWE-134/DsnInjectionLocal.expected @@ -1,8 +1,27 @@ edges | Dsn.go:26:11:26:17 | selection of Args | Dsn.go:29:29:29:33 | dbDSN | +| Dsn.go:62:2:62:4 | definition of cfg [pointer] | Dsn.go:63:9:63:11 | cfg [pointer] | +| Dsn.go:62:2:62:4 | definition of cfg [pointer] | Dsn.go:67:102:67:104 | cfg [pointer] | +| Dsn.go:63:9:63:11 | cfg [pointer] | Dsn.go:63:9:63:11 | implicit dereference | +| Dsn.go:63:9:63:11 | implicit dereference | Dsn.go:62:2:62:4 | definition of cfg [pointer] | +| Dsn.go:63:9:63:11 | implicit dereference | Dsn.go:63:9:63:11 | implicit dereference | +| Dsn.go:63:9:63:11 | implicit dereference | Dsn.go:68:29:68:33 | dbDSN | +| Dsn.go:63:19:63:25 | selection of Args | Dsn.go:63:9:63:11 | implicit dereference | +| Dsn.go:63:19:63:25 | selection of Args | Dsn.go:68:29:68:33 | dbDSN | +| Dsn.go:67:102:67:104 | cfg [pointer] | Dsn.go:67:102:67:104 | implicit dereference | +| Dsn.go:67:102:67:104 | implicit dereference | Dsn.go:63:9:63:11 | implicit dereference | +| Dsn.go:67:102:67:104 | implicit dereference | Dsn.go:68:29:68:33 | dbDSN | nodes | Dsn.go:26:11:26:17 | selection of Args | semmle.label | selection of Args | | Dsn.go:29:29:29:33 | dbDSN | semmle.label | dbDSN | +| Dsn.go:62:2:62:4 | definition of cfg [pointer] | semmle.label | definition of cfg [pointer] | +| Dsn.go:63:9:63:11 | cfg [pointer] | semmle.label | cfg [pointer] | +| Dsn.go:63:9:63:11 | implicit dereference | semmle.label | implicit dereference | +| Dsn.go:63:19:63:25 | selection of Args | semmle.label | selection of Args | +| Dsn.go:67:102:67:104 | cfg [pointer] | semmle.label | cfg [pointer] | +| Dsn.go:67:102:67:104 | implicit dereference | semmle.label | implicit dereference | +| Dsn.go:68:29:68:33 | dbDSN | semmle.label | dbDSN | subpaths #select | Dsn.go:29:29:29:33 | dbDSN | Dsn.go:26:11:26:17 | selection of Args | Dsn.go:29:29:29:33 | dbDSN | This query depends on a $@. | Dsn.go:26:11:26:17 | selection of Args | user-provided value | +| Dsn.go:68:29:68:33 | dbDSN | Dsn.go:63:19:63:25 | selection of Args | Dsn.go:68:29:68:33 | dbDSN | This query depends on a $@. | Dsn.go:63:19:63:25 | selection of Args | user-provided value | From b6c2db6baf606c055f421ea7275edb673aa4f6f2 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Thu, 11 May 2023 22:10:09 +0100 Subject: [PATCH 303/870] Fix duplicate query ID --- go/ql/src/experimental/CWE-134/DsnInjectionLocal.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go/ql/src/experimental/CWE-134/DsnInjectionLocal.ql b/go/ql/src/experimental/CWE-134/DsnInjectionLocal.ql index 8c09481b558..7ecd3b1cc8a 100644 --- a/go/ql/src/experimental/CWE-134/DsnInjectionLocal.ql +++ b/go/ql/src/experimental/CWE-134/DsnInjectionLocal.ql @@ -3,7 +3,7 @@ * @description Building an SQL data-source URI from untrusted sources can allow attacker to compromise security * @kind path-problem * @problem.severity error - * @id go/dsn-injection + * @id go/dsn-injection-local * @tags security * experimental * external/cwe/cwe-134 From a10b11e09e48e3918dd0d5dbff4955c05e8c910c Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Thu, 11 May 2023 22:12:17 +0100 Subject: [PATCH 304/870] Fix spelling and remove dead code --- go/ql/src/experimental/CWE-203/Timing.ql | 22 ++++++---------------- 1 file changed, 6 insertions(+), 16 deletions(-) diff --git a/go/ql/src/experimental/CWE-203/Timing.ql b/go/ql/src/experimental/CWE-203/Timing.ql index a56a7a81540..4497c6ae4c1 100644 --- a/go/ql/src/experimental/CWE-203/Timing.ql +++ b/go/ql/src/experimental/CWE-203/Timing.ql @@ -1,6 +1,6 @@ /** - * @name Timing attacks due to comparision of sensitive secrets - * @description using a non-constant time comparision method to comapre secrets can lead to authoriztion vulnerabilities + * @name Timing attacks due to comparison of sensitive secrets + * @description using a non-constant time comparison method to comapre secrets can lead to authoriztion vulnerabilities * @kind path-problem * @problem.severity warning * @id go/timing-attack @@ -19,27 +19,17 @@ private predicate isBadResult(DataFlow::Node e) { ) } -/** - * A data flow source for timing attack vulnerabilities. - */ -abstract class Source extends DataFlow::Node { } - /** * A data flow sink for timing attack vulnerabilities. */ abstract class Sink extends DataFlow::Node { } -/** - * A sanitizer for timing attack vulnerabilities. - */ -abstract class Sanitizer extends DataFlow::Node { } - -/** A taint-tracking sink which models comparisions of sensitive variables. */ +/** A taint-tracking sink which models comparisons of sensitive variables. */ private class SensitiveCompareSink extends Sink { ComparisonExpr c; SensitiveCompareSink() { - // We select a comparision where a secret or password is tested. + // We select a comparison where a secret or password is tested. exists(SensitiveVariableAccess op1, Expr op2 | op1.getClassification() = [SensitiveExpr::secret(), SensitiveExpr::password()] and // exclude grant to avoid FP from OAuth @@ -48,10 +38,10 @@ private class SensitiveCompareSink extends Sink { op2 = c.getAnOperand() and not op1 = op2 and not ( - // Comparisions with `nil` should be excluded. + // Comparisons with `nil` should be excluded. op2 = Builtin::nil().getAReference() or - // Comparisions with empty string should also be excluded. + // Comparisons with empty string should also be excluded. op2.getStringValue().length() = 0 ) | From 99f4eef9c5ec742a141b3dab5d39663cdf55646b Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Thu, 11 May 2023 22:12:35 +0100 Subject: [PATCH 305/870] Fix spelling --- go/ql/src/experimental/CWE-203/Timing.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go/ql/src/experimental/CWE-203/Timing.ql b/go/ql/src/experimental/CWE-203/Timing.ql index 4497c6ae4c1..a22fd8727cd 100644 --- a/go/ql/src/experimental/CWE-203/Timing.ql +++ b/go/ql/src/experimental/CWE-203/Timing.ql @@ -1,6 +1,6 @@ /** * @name Timing attacks due to comparison of sensitive secrets - * @description using a non-constant time comparison method to comapre secrets can lead to authoriztion vulnerabilities + * @description using a non-constant time comparison method to compare secrets can lead to authoriztion vulnerabilities * @kind path-problem * @problem.severity warning * @id go/timing-attack From 996d864e735bf2f7d310f1f98e022cbc5c992298 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 12 May 2023 00:15:01 +0000 Subject: [PATCH 306/870] Add changed framework coverage reports --- java/documentation/library-coverage/coverage.csv | 1 + java/documentation/library-coverage/coverage.rst | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/java/documentation/library-coverage/coverage.csv b/java/documentation/library-coverage/coverage.csv index 940e696f9df..743830ac5d2 100644 --- a/java/documentation/library-coverage/coverage.csv +++ b/java/documentation/library-coverage/coverage.csv @@ -92,6 +92,7 @@ org.apache.commons.net,9,12,,,,,,,,,,,,,,,,6,,3,,,,,,,,,,,,,,,,,,,12,, org.apache.commons.ognl,6,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,, org.apache.commons.text,,,272,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,220,52 org.apache.directory.ldap.client.api,1,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,, +org.apache.hadoop.fs,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10, org.apache.hadoop.hive.metastore,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,, org.apache.hc.client5.http.async.methods,84,,,,,,,,,,,,,,,,,84,,,,,,,,,,,,,,,,,,,,,,, org.apache.hc.client5.http.classic.methods,37,,,,,,,,,,,,,,,,,37,,,,,,,,,,,,,,,,,,,,,,, diff --git a/java/documentation/library-coverage/coverage.rst b/java/documentation/library-coverage/coverage.rst index d6190c16758..f02c43ccc34 100644 --- a/java/documentation/library-coverage/coverage.rst +++ b/java/documentation/library-coverage/coverage.rst @@ -22,6 +22,6 @@ Java framework & library support Java extensions,"``javax.*``, ``jakarta.*``",63,611,34,1,4,,1,1,2 Kotlin Standard Library,``kotlin*``,,1843,16,11,,,,,2 `Spring `_,``org.springframework.*``,29,483,104,2,,19,14,,29 - Others,"``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.hubspot.jinjava``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.thoughtworks.xstream``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jodd.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.geogebra.web.full.main``, ``org.hibernate``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",89,817,515,26,,18,18,,181 - Totals,,246,9109,1957,174,10,113,33,1,361 + Others,"``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.hubspot.jinjava``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.thoughtworks.xstream``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jodd.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.geogebra.web.full.main``, ``org.hibernate``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",89,827,515,26,,18,18,,181 + Totals,,246,9119,1957,174,10,113,33,1,361 From 03f4625b5fda13569f0a64661a06569fb23294cf Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Fri, 12 May 2023 06:29:38 +0200 Subject: [PATCH 307/870] Swift: go back to explicit `DIAGNOSE_ERROR` macros --- .../diagnostics_test_utils.py | 2 +- swift/logging/SwiftDiagnostics.cpp | 47 ++++--- swift/logging/SwiftDiagnostics.h | 78 +++-------- swift/logging/SwiftLogging.h | 128 ++++++++---------- swift/xcode-autobuilder/XcodeBuildRunner.cpp | 12 +- swift/xcode-autobuilder/xcode-autobuilder.cpp | 31 ++--- 6 files changed, 119 insertions(+), 179 deletions(-) diff --git a/swift/integration-tests/diagnostics_test_utils.py b/swift/integration-tests/diagnostics_test_utils.py index aa6f8df7488..b1d0d52b3a4 100644 --- a/swift/integration-tests/diagnostics_test_utils.py +++ b/swift/integration-tests/diagnostics_test_utils.py @@ -60,5 +60,5 @@ def check_diagnostics(test_dir=".", test_db="db"): actual_out.write(actual) actual = actual.splitlines(keepends=True) expected = expected.splitlines(keepends=True) - print("".join(difflib.unified_diff(actual, expected, fromfile="diagnostics.actual", tofile="diagnostics.expected")), file=sys.stderr) + print("".join(difflib.unified_diff(expected, actual, fromfile="diagnostics.expected", tofile="diagnostics.actual")), file=sys.stderr) sys.exit(1) diff --git a/swift/logging/SwiftDiagnostics.cpp b/swift/logging/SwiftDiagnostics.cpp index 947f74de01c..35a5389c8ed 100644 --- a/swift/logging/SwiftDiagnostics.cpp +++ b/swift/logging/SwiftDiagnostics.cpp @@ -8,12 +8,12 @@ namespace codeql { -nlohmann::json SwiftDiagnosticsSource::json(const std::chrono::system_clock::time_point& timestamp, - std::string_view message) const { - return { +nlohmann::json SwiftDiagnostic::json(const std::chrono::system_clock::time_point& timestamp, + std::string_view message) const { + nlohmann::json ret{ {"source", { - {"id", sourceId()}, + {"id", absl::StrJoin({extractorName, programName, id}, "/")}, {"name", name}, {"extractorName", extractorName}, }}, @@ -28,26 +28,29 @@ nlohmann::json SwiftDiagnosticsSource::json(const std::chrono::system_clock::tim {"plaintextMessage", absl::StrCat(message, ".\n\n", action, ".")}, {"timestamp", fmt::format("{:%FT%T%z}", timestamp)}, }; -} - -std::string SwiftDiagnosticsSource::sourceId() const { - return absl::StrJoin({extractorName, programName, id}, "/"); -} - -nlohmann::json SwiftDiagnosticsSourceWithLocation::json( - const std::chrono::system_clock::time_point& timestamp, - std::string_view message) const { - auto ret = source.json(timestamp, message); - auto& location = ret["location"] = {{"file", file}}; - if (startLine) location["startLine"] = startLine; - if (startColumn) location["startColumn"] = startColumn; - if (endLine) location["endLine"] = endLine; - if (endColumn) location["endColumn"] = endColumn; + if (location) { + ret["location"] = location->json(); + } return ret; } -std::string SwiftDiagnosticsSourceWithLocation::str() const { - return absl::StrCat(source.id, "@", file, ":", startLine, ":", startColumn, ":", endLine, ":", - endColumn); +std::string SwiftDiagnostic::abbreviation() const { + if (location) { + return absl::StrCat(id, "@", location->str()); + } + return std::string{id}; +} + +nlohmann::json SwiftDiagnosticsLocation::json() const { + nlohmann::json ret{{"file", file}}; + if (startLine) ret["startLine"] = startLine; + if (startColumn) ret["startColumn"] = startColumn; + if (endLine) ret["endLine"] = endLine; + if (endColumn) ret["endColumn"] = endColumn; + return ret; +} + +std::string SwiftDiagnosticsLocation::str() const { + return absl::StrJoin(std::tuple{file, startLine, startColumn, endLine, endColumn}, ":"); } } // namespace codeql diff --git a/swift/logging/SwiftDiagnostics.h b/swift/logging/SwiftDiagnostics.h index 6b97bbf6c0a..c42a3ec781e 100644 --- a/swift/logging/SwiftDiagnostics.h +++ b/swift/logging/SwiftDiagnostics.h @@ -4,6 +4,7 @@ #include #include #include +#include #include #include #include @@ -17,19 +18,14 @@ namespace codeql { extern const std::string_view programName; -struct SwiftDiagnosticsSource; - -struct SwiftDiagnosticsSourceWithLocation { - const SwiftDiagnosticsSource& source; +struct SwiftDiagnosticsLocation { std::string_view file; unsigned startLine; unsigned startColumn; unsigned endLine; unsigned endColumn; - // see SwiftDiagnosticsSource::json - nlohmann::json json(const std::chrono::system_clock::time_point& timestamp, - std::string_view message) const; + nlohmann::json json() const; std::string str() const; }; @@ -37,7 +33,7 @@ struct SwiftDiagnosticsSourceWithLocation { // Models a diagnostic source for Swift, holding static information that goes out into a diagnostic // These are internally stored into a map on id's. A specific error log can use binlog's category // as id, which will then be used to recover the diagnostic source while dumping. -struct SwiftDiagnosticsSource { +struct SwiftDiagnostic { std::string_view id; std::string_view name; static constexpr std::string_view extractorName = "swift"; @@ -46,6 +42,7 @@ struct SwiftDiagnosticsSource { // TODO(C++20) with vector going constexpr this can be turned to `std::vector` std::string_view helpLinks; + std::optional location; // for the moment, we only output errors, so no need to store the severity // create a JSON diagnostics for this source with the given timestamp and message to out @@ -55,16 +52,18 @@ struct SwiftDiagnosticsSource { nlohmann::json json(const std::chrono::system_clock::time_point& timestamp, std::string_view message) const; - SwiftDiagnosticsSourceWithLocation withLocation(std::string_view file, - unsigned startLine = 0, - unsigned startColumn = 0, - unsigned endLine = 0, - unsigned endColumn = 0) const { - return {*this, file, startLine, startColumn, endLine, endColumn}; - } + // returns or @ if a location is present + std::string abbreviation() const; - private: - std::string sourceId() const; + SwiftDiagnostic withLocation(std::string_view file, + unsigned startLine = 0, + unsigned startColumn = 0, + unsigned endLine = 0, + unsigned endColumn = 0) const { + auto ret = *this; + ret.location = SwiftDiagnosticsLocation{file, startLine, startColumn, endLine, endColumn}; + return ret; + } }; class SwiftDiagnosticsDumper { @@ -77,8 +76,7 @@ class SwiftDiagnosticsDumper { void flush() { output.flush(); } - template - void write(const Source& source, + void write(const SwiftDiagnostic& source, const std::chrono::system_clock::time_point& timestamp, std::string_view message) { if (output) { @@ -93,49 +91,9 @@ class SwiftDiagnosticsDumper { std::ofstream output; }; -constexpr codeql::SwiftDiagnosticsSource internalError{ +constexpr SwiftDiagnostic internalError{ "internal-error", "Internal error", "Contact us about this issue", }; } // namespace codeql - -namespace mserialize { -// log diagnostic sources using just their id, using binlog/mserialize internal plumbing -template <> -struct CustomTag : detail::BuiltinTag { - using T = codeql::SwiftDiagnosticsSource; -}; - -template <> -struct CustomSerializer { - template - static void serialize(const codeql::SwiftDiagnosticsSource& source, OutputStream& out) { - mserialize::serialize(source.id, out); - } - - static size_t serialized_size(const codeql::SwiftDiagnosticsSource& source) { - return mserialize::serialized_size(source.id); - } -}; - -template <> -struct CustomTag - : detail::BuiltinTag { - using T = codeql::SwiftDiagnosticsSourceWithLocation; -}; - -template <> -struct CustomSerializer { - template - static void serialize(const codeql::SwiftDiagnosticsSourceWithLocation& source, - OutputStream& out) { - mserialize::serialize(source.str(), out); - } - - static size_t serialized_size(const codeql::SwiftDiagnosticsSourceWithLocation& source) { - return mserialize::serialized_size(source.str()); - } -}; - -} // namespace mserialize diff --git a/swift/logging/SwiftLogging.h b/swift/logging/SwiftLogging.h index 8c235872068..b246210b931 100644 --- a/swift/logging/SwiftLogging.h +++ b/swift/logging/SwiftLogging.h @@ -35,29 +35,31 @@ #define LOG_DEBUG(...) LOG_WITH_LEVEL(debug, __VA_ARGS__) #define LOG_TRACE(...) LOG_WITH_LEVEL(trace, __VA_ARGS__) -#define CODEQL_GET_SECOND(...) CODEQL_GET_SECOND_I(__VA_ARGS__, 0, 0) -#define CODEQL_GET_SECOND_I(X, Y, ...) Y - // only do the actual logging if the picked up `Logger` instance is configured to handle the // provided log level. `LEVEL` must be a compile-time constant. `logger()` is evaluated once -// TODO(C++20) replace non-standard ##__VA_ARGS__ with __VA_OPT__(,) __VA_ARGS__ -#define LOG_WITH_LEVEL_AND_CATEGORY(LEVEL, CATEGORY, ...) \ - do { \ - static_assert(::codeql::detail::checkLogArgs( \ - MSERIALIZE_FIRST(__VA_ARGS__)), \ - "diagnostics logs must have format starting with \"[{}]\""); \ - constexpr auto _level = ::codeql::Log::Level::LEVEL; \ - ::codeql::Logger& _logger = logger(); \ - if (_level >= _logger.level()) { \ - BINLOG_CREATE_SOURCE_AND_EVENT(_logger.writer(), _level, CATEGORY, ::binlog::clockNow(), \ - __VA_ARGS__); \ - } \ - if (_level >= ::codeql::Log::Level::error) { \ - ::codeql::Log::flush(); \ - } \ +#define LOG_WITH_LEVEL(LEVEL, ...) \ + do { \ + constexpr auto _level = ::codeql::Log::Level::LEVEL; \ + ::codeql::Logger& _logger = logger(); \ + if (_level >= _logger.level()) { \ + BINLOG_CREATE_SOURCE_AND_EVENT(_logger.writer(), _level, /*category*/, ::binlog::clockNow(), \ + __VA_ARGS__); \ + } \ + if (_level >= ::codeql::Log::Level::error) { \ + ::codeql::Log::flush(); \ + } \ } while (false) -#define LOG_WITH_LEVEL(LEVEL, ...) LOG_WITH_LEVEL_AND_CATEGORY(LEVEL, , __VA_ARGS__) +// Emit errors with a specified SwiftDiagnostic object. These will be both logged and outputted as +// JSON DB diagnostics +#define DIAGNOSE_CRITICAL(ID, ...) DIAGNOSE_WITH_LEVEL(critical, ID, __VA_ARGS__) +#define DIAGNOSE_ERROR(ID, ...) DIAGNOSE_WITH_LEVEL(error, ID, __VA_ARGS__) + +#define CODEQL_DIAGNOSTIC_LOG_FORMAT_PREFIX "[{}] " +// TODO(C++20) replace non-standard , ##__VA_ARGS__ with __VA_OPT__(,) __VA_ARGS__ +#define DIAGNOSE_WITH_LEVEL(LEVEL, ID, FORMAT, ...) \ + LOG_WITH_LEVEL(LEVEL, CODEQL_DIAGNOSTIC_LOG_FORMAT_PREFIX FORMAT, \ + ::codeql::detail::SwiftDiagnosticLogWrapper{ID}, ##__VA_ARGS__); // avoid calling into binlog's original macros #undef BINLOG_CRITICAL @@ -126,8 +128,7 @@ class Log { return instance().getLoggerConfigurationImpl(name); } - template - static void diagnose(const Source& source, + static void diagnose(const SwiftDiagnostic& source, const std::chrono::system_clock::time_point& time, std::string_view message) { instance().diagnostics.write(source, time, message); @@ -224,31 +225,9 @@ class Logger { }; namespace detail { -constexpr std::string_view diagnosticsFormatPrefix = "[{}] "; - -template -constexpr bool checkLogArgs(std::string_view format) { - using Type = std::remove_cv_t>; - constexpr bool isDiagnostic = std::is_same_v || - std::is_same_v; - return !isDiagnostic || - format.substr(0, diagnosticsFormatPrefix.size()) == diagnosticsFormatPrefix; -} - -template -void binlogAddEventIgnoreFirstOverload(Writer& writer, - std::uint64_t eventSourceId, - std::uint64_t clock, - const char* format, - const Source& source, - T&&... t) { - std::chrono::system_clock::time_point point{ - std::chrono::duration_cast( - std::chrono::nanoseconds{clock})}; - constexpr auto offset = ::codeql::detail::diagnosticsFormatPrefix.size(); - ::codeql::Log::diagnose(source, point, fmt::format(format + offset, t...)); - writer.addEvent(eventSourceId, clock, source, std::forward(t)...); -} +struct SwiftDiagnosticLogWrapper { + const SwiftDiagnostic& value; +}; } // namespace detail } // namespace codeql @@ -262,32 +241,37 @@ void addEventIgnoreFirst(Writer& writer, std::uint64_t eventSourceId, std::uint64_t clock, const char (&format)[N], - const codeql::SwiftDiagnosticsSource& source, + codeql::detail::SwiftDiagnosticLogWrapper&& source, T&&... t) { - codeql::detail::binlogAddEventIgnoreFirstOverload(writer, eventSourceId, clock, format, source, - std::forward(t)...); + std::chrono::system_clock::time_point point{ + std::chrono::duration_cast( + std::chrono::nanoseconds{clock})}; + constexpr std::string_view prefix = CODEQL_DIAGNOSTIC_LOG_FORMAT_PREFIX; + ::codeql::Log::diagnose(source.value, point, fmt::format(format + prefix.size(), t...)); + writer.addEvent(eventSourceId, clock, source, std::forward(t)...); } - -template -void addEventIgnoreFirst(Writer& writer, - std::uint64_t eventSourceId, - std::uint64_t clock, - const char (&format)[N], - codeql::SwiftDiagnosticsSourceWithLocation&& source, - T&&... t) { - codeql::detail::binlogAddEventIgnoreFirstOverload(writer, eventSourceId, clock, format, source, - std::forward(t)...); -} - -template -void addEventIgnoreFirst(Writer& writer, - std::uint64_t eventSourceId, - std::uint64_t clock, - const char (&format)[N], - const codeql::SwiftDiagnosticsSourceWithLocation& source, - T&&... t) { - codeql::detail::binlogAddEventIgnoreFirstOverload(writer, eventSourceId, clock, format, source, - std::forward(t)...); -} - } // namespace binlog::detail + +namespace mserialize { +// log diagnostics wrapper using the abbreviation of the underlying diagnostic, using +// binlog/mserialize internal plumbing +template <> +struct CustomTag + : detail::BuiltinTag { + using T = codeql::detail::SwiftDiagnosticLogWrapper; +}; + +template <> +struct CustomSerializer { + template + static void serialize(const codeql::detail::SwiftDiagnosticLogWrapper& source, + OutputStream& out) { + mserialize::serialize(source.value.abbreviation(), out); + } + + static size_t serialized_size(const codeql::detail::SwiftDiagnosticLogWrapper& source) { + return mserialize::serialized_size(source.value.abbreviation()); + } +}; + +} // namespace mserialize diff --git a/swift/xcode-autobuilder/XcodeBuildRunner.cpp b/swift/xcode-autobuilder/XcodeBuildRunner.cpp index 3d34509eb85..163a639db00 100644 --- a/swift/xcode-autobuilder/XcodeBuildRunner.cpp +++ b/swift/xcode-autobuilder/XcodeBuildRunner.cpp @@ -8,11 +8,9 @@ #include "swift/logging/SwiftLogging.h" #include "swift/xcode-autobuilder/CustomizingBuildDiagnostics.h" -namespace codeql { -constexpr SwiftDiagnosticsSource buildCommandFailed{ - "build-command-failed", "Detected build command failed", customizingBuildAction, - customizingBuildHelpLinks}; -} +constexpr codeql::SwiftDiagnostic buildCommandFailed{ + "build-command-failed", "Detected build command failed", codeql::customizingBuildAction, + codeql::customizingBuildHelpLinks}; static codeql::Logger& logger() { static codeql::Logger ret{"build"}; @@ -70,8 +68,8 @@ void buildTarget(Target& target, bool dryRun) { std::cout << absl::StrJoin(argv, " ") << "\n"; } else { if (!exec(argv)) { - LOG_ERROR("[{}] The detected build command failed (tried {})", codeql::buildCommandFailed, - absl::StrJoin(argv, " ")); + DIAGNOSE_ERROR(buildCommandFailed, "The detected build command failed (tried {})", + absl::StrJoin(argv, " ")); codeql::Log::flush(); exit(1); } diff --git a/swift/xcode-autobuilder/xcode-autobuilder.cpp b/swift/xcode-autobuilder/xcode-autobuilder.cpp index de50ed33c1f..5a00c885880 100644 --- a/swift/xcode-autobuilder/xcode-autobuilder.cpp +++ b/swift/xcode-autobuilder/xcode-autobuilder.cpp @@ -12,19 +12,17 @@ static const char* unitTest = "com.apple.product-type.bundle.unit-test"; const std::string_view codeql::programName = "autobuilder"; -namespace codeql { -constexpr SwiftDiagnosticsSource noProjectFound{"no-project-found", - "No Xcode project or workspace detected", - customizingBuildAction, customizingBuildHelpLinks}; +constexpr codeql::SwiftDiagnostic noProjectFound{ + "no-project-found", "No Xcode project or workspace detected", codeql::customizingBuildAction, + codeql::customizingBuildHelpLinks}; -constexpr SwiftDiagnosticsSource noSwiftTarget{"no-swift-target", - "No Swift compilation target found", - customizingBuildAction, customizingBuildHelpLinks}; +constexpr codeql::SwiftDiagnostic noSwiftTarget{ + "no-swift-target", "No Swift compilation target found", codeql::customizingBuildAction, + codeql::customizingBuildHelpLinks}; -constexpr SwiftDiagnosticsSource spmNotSupported{ +constexpr codeql::SwiftDiagnostic spmNotSupported{ "spm-not-supported", "Swift Package Manager build unsupported by autobuild", - customizingBuildAction, customizingBuildHelpLinks}; -} // namespace codeql + codeql::customizingBuildAction, codeql::customizingBuildHelpLinks}; static codeql::Logger& logger() { static codeql::Logger ret{"main"}; @@ -53,15 +51,14 @@ static void autobuild(const CLIArgs& args) { std::sort(std::begin(targets), std::end(targets), [](Target& lhs, Target& rhs) { return lhs.fileCount > rhs.fileCount; }); if ((!collected.xcodeEncountered || targets.empty()) && collected.swiftPackageEncountered) { - LOG_ERROR("[{}] No viable Swift Xcode target was found but a Swift package was detected. Swift " - "Package Manager builds are not yet supported by the autobuilder", - codeql::spmNotSupported); + DIAGNOSE_ERROR(spmNotSupported, + "No viable Swift Xcode target was found but a Swift package was detected. Swift " + "Package Manager builds are not yet supported by the autobuilder"); } else if (!collected.xcodeEncountered) { - LOG_ERROR("[{}] No Xcode project or workspace was found", codeql::noProjectFound); + DIAGNOSE_ERROR(noProjectFound, "No Xcode project or workspace was found"); } else if (targets.empty()) { - LOG_ERROR("[{}] All targets found within Xcode projects or workspaces either " - "have no Swift sources or are tests", - codeql::noSwiftTarget); + DIAGNOSE_ERROR(noSwiftTarget, "All targets found within Xcode projects or workspaces either " + "have no Swift sources or are tests"); } else { LOG_INFO("Selected {}", targets.front()); buildTarget(targets.front(), args.dryRun); From 86777fa4c2474996562c09aaf29bbe8eabf070a5 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Fri, 12 May 2023 08:23:14 +0200 Subject: [PATCH 308/870] Swift: remove obsolete comment --- swift/logging/SwiftLogging.h | 5 ----- 1 file changed, 5 deletions(-) diff --git a/swift/logging/SwiftLogging.h b/swift/logging/SwiftLogging.h index b246210b931..33e9d87770a 100644 --- a/swift/logging/SwiftLogging.h +++ b/swift/logging/SwiftLogging.h @@ -23,11 +23,6 @@ // * passing a logger around using a `Logger& logger` function parameter // They are created with a name that appears in the logs and can be used to filter debug levels (see // `Logger`). -// If the first argument after the format is a SwiftDiagnosticSource or -// SwiftDiagnosticSourceWithLocation, a JSON diagnostic entry is emitted. In this case the -// format string **must** start with "[{}] " (which is checked at compile time), and everything -// following that is used to form the message in the diagnostics using fmt::format instead of the -// internal binlog formatting. The two are fairly compatible though. #define LOG_CRITICAL(...) LOG_WITH_LEVEL(critical, __VA_ARGS__) #define LOG_ERROR(...) LOG_WITH_LEVEL(error, __VA_ARGS__) #define LOG_WARNING(...) LOG_WITH_LEVEL(warning, __VA_ARGS__) From dedbd9ab636f3ea6666594ef8ed4b623bf601ec0 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Fri, 12 May 2023 08:30:43 +0200 Subject: [PATCH 309/870] Swift: remove unneeded `SwiftDiagnosticsDumper` --- swift/logging/SwiftDiagnostics.h | 25 ------------------------- swift/logging/SwiftLogging.cpp | 11 ++++++++++- swift/logging/SwiftLogging.h | 7 +++++-- 3 files changed, 15 insertions(+), 28 deletions(-) diff --git a/swift/logging/SwiftDiagnostics.h b/swift/logging/SwiftDiagnostics.h index c42a3ec781e..ce5dd241778 100644 --- a/swift/logging/SwiftDiagnostics.h +++ b/swift/logging/SwiftDiagnostics.h @@ -66,31 +66,6 @@ struct SwiftDiagnostic { } }; -class SwiftDiagnosticsDumper { - public: - // opens path for writing out JSON entries. Returns whether the operation was successful. - bool open(const std::filesystem::path& path) { - output.open(path); - return output.good(); - } - - void flush() { output.flush(); } - - void write(const SwiftDiagnostic& source, - const std::chrono::system_clock::time_point& timestamp, - std::string_view message) { - if (output) { - output << source.json(timestamp, message) << '\n'; - } - } - - bool good() const { return output.good(); } - explicit operator bool() const { return good(); } - - private: - std::ofstream output; -}; - constexpr SwiftDiagnostic internalError{ "internal-error", "Internal error", diff --git a/swift/logging/SwiftLogging.cpp b/swift/logging/SwiftLogging.cpp index e4db45f9872..2f01c4fa0b0 100644 --- a/swift/logging/SwiftLogging.cpp +++ b/swift/logging/SwiftLogging.cpp @@ -138,7 +138,8 @@ void Log::configure() { std::error_code ec; std::filesystem::create_directories(diagFile.parent_path(), ec); if (!ec) { - if (!diagnostics.open(diagFile)) { + diagnostics.open(diagFile); + if (!diagnostics) { problems.emplace_back("Unable to open diagnostics json file " + diagFile.string()); } } else { @@ -168,6 +169,14 @@ void Log::flushImpl() { } } +void Log::diagnoseImpl(const SwiftDiagnostic& source, + const std::chrono::system_clock::time_point& time, + std::string_view message) { + if (diagnostics) { + diagnostics << source.json(time, message) << '\n'; + } +} + Log::LoggerConfiguration Log::getLoggerConfigurationImpl(std::string_view name) { LoggerConfiguration ret{session, std::string{programName}}; ret.fullyQualifiedName += '/'; diff --git a/swift/logging/SwiftLogging.h b/swift/logging/SwiftLogging.h index 33e9d87770a..04dfbf2a8b1 100644 --- a/swift/logging/SwiftLogging.h +++ b/swift/logging/SwiftLogging.h @@ -126,7 +126,7 @@ class Log { static void diagnose(const SwiftDiagnostic& source, const std::chrono::system_clock::time_point& time, std::string_view message) { - instance().diagnostics.write(source, time, message); + instance().diagnoseImpl(source, time, message); } private: @@ -144,6 +144,9 @@ class Log { void configure(); void flushImpl(); + void diagnoseImpl(const SwiftDiagnostic& source, + const std::chrono::system_clock::time_point& time, + std::string_view message); LoggerConfiguration getLoggerConfigurationImpl(std::string_view name); @@ -183,7 +186,7 @@ class Log { FilteredOutput binary{Level::no_logs}; FilteredOutput text{Level::info, textFile, format}; FilteredOutput console{Level::warning, std::cerr, format}; - SwiftDiagnosticsDumper diagnostics{}; + std::ofstream diagnostics{}; LevelRules sourceRules; std::vector collectLevelRulesAndReturnProblems(const char* envVar); }; From cce9352272391d42ebf2122c7c020c053bb7ff02 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Fri, 12 May 2023 09:03:14 +0200 Subject: [PATCH 310/870] Swift: add visibility customization to diagnostics --- swift/logging/SwiftDiagnostics.cpp | 10 +++++++--- swift/logging/SwiftDiagnostics.h | 30 +++++++++++++++++++++++++++--- 2 files changed, 34 insertions(+), 6 deletions(-) diff --git a/swift/logging/SwiftDiagnostics.cpp b/swift/logging/SwiftDiagnostics.cpp index 35a5389c8ed..4c490486a26 100644 --- a/swift/logging/SwiftDiagnostics.cpp +++ b/swift/logging/SwiftDiagnostics.cpp @@ -19,9 +19,9 @@ nlohmann::json SwiftDiagnostic::json(const std::chrono::system_clock::time_point }}, {"visibility", { - {"statusPage", true}, - {"cliSummaryTable", true}, - {"telemetry", true}, + {"statusPage", has(Visibility::statusPage)}, + {"cliSummaryTable", has(Visibility::cliSummaryTable)}, + {"telemetry", has(Visibility::telemetry)}, }}, {"severity", "error"}, {"helpLinks", std::vector(absl::StrSplit(helpLinks, ' '))}, @@ -41,6 +41,10 @@ std::string SwiftDiagnostic::abbreviation() const { return std::string{id}; } +bool SwiftDiagnostic::has(SwiftDiagnostic::Visibility v) const { + return (visibility & v) != Visibility::none; +} + nlohmann::json SwiftDiagnosticsLocation::json() const { nlohmann::json ret{{"file", file}}; if (startLine) ret["startLine"] = startLine; diff --git a/swift/logging/SwiftDiagnostics.h b/swift/logging/SwiftDiagnostics.h index ce5dd241778..8c7117f26ce 100644 --- a/swift/logging/SwiftDiagnostics.h +++ b/swift/logging/SwiftDiagnostics.h @@ -26,7 +26,6 @@ struct SwiftDiagnosticsLocation { unsigned endColumn; nlohmann::json json() const; - std::string str() const; }; @@ -34,6 +33,14 @@ struct SwiftDiagnosticsLocation { // These are internally stored into a map on id's. A specific error log can use binlog's category // as id, which will then be used to recover the diagnostic source while dumping. struct SwiftDiagnostic { + enum class Visibility : unsigned char { + none = 0b000, + statusPage = 0b001, + cliSummaryTable = 0b010, + telemetry = 0b100, + all = 0b111, + }; + std::string_view id; std::string_view name; static constexpr std::string_view extractorName = "swift"; @@ -41,10 +48,12 @@ struct SwiftDiagnostic { // space separated if more than 1. Not a vector to allow constexpr // TODO(C++20) with vector going constexpr this can be turned to `std::vector` std::string_view helpLinks; - - std::optional location; // for the moment, we only output errors, so no need to store the severity + Visibility visibility{Visibility::all}; + + std::optional location{}; + // create a JSON diagnostics for this source with the given timestamp and message to out // A plaintextMessage is used that includes both the message and the action to take. Dots are // appended to both. The id is used to construct the source id in the form @@ -64,8 +73,23 @@ struct SwiftDiagnostic { ret.location = SwiftDiagnosticsLocation{file, startLine, startColumn, endLine, endColumn}; return ret; } + + private: + bool has(Visibility v) const; }; +inline constexpr SwiftDiagnostic::Visibility operator|(SwiftDiagnostic::Visibility lhs, + SwiftDiagnostic::Visibility rhs) { + return static_cast(static_cast(lhs) | + static_cast(rhs)); +} + +inline constexpr SwiftDiagnostic::Visibility operator&(SwiftDiagnostic::Visibility lhs, + SwiftDiagnostic::Visibility rhs) { + return static_cast(static_cast(lhs) & + static_cast(rhs)); +} + constexpr SwiftDiagnostic internalError{ "internal-error", "Internal error", From 9ffada31a8cceff2dda4b62cceb4820b5eea60e6 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Fri, 12 May 2023 09:19:44 +0200 Subject: [PATCH 311/870] Swift: make internal error telemetry only for the moment --- swift/logging/SwiftDiagnostics.h | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/swift/logging/SwiftDiagnostics.h b/swift/logging/SwiftDiagnostics.h index 8c7117f26ce..6e539b0330b 100644 --- a/swift/logging/SwiftDiagnostics.h +++ b/swift/logging/SwiftDiagnostics.h @@ -54,6 +54,16 @@ struct SwiftDiagnostic { std::optional location{}; + constexpr SwiftDiagnostic(std::string_view id, + std::string_view name, + std::string_view action = "", + std::string_view helpLinks = "", + Visibility visibility = Visibility::all) + : id{id}, name{name}, action{action}, helpLinks{helpLinks}, visibility{visibility} {} + + constexpr SwiftDiagnostic(std::string_view id, std::string_view name, Visibility visibility) + : SwiftDiagnostic(id, name, "", "", visibility) {} + // create a JSON diagnostics for this source with the given timestamp and message to out // A plaintextMessage is used that includes both the message and the action to take. Dots are // appended to both. The id is used to construct the source id in the form @@ -93,6 +103,6 @@ inline constexpr SwiftDiagnostic::Visibility operator&(SwiftDiagnostic::Visibili constexpr SwiftDiagnostic internalError{ "internal-error", "Internal error", - "Contact us about this issue", + SwiftDiagnostic::Visibility::telemetry, }; } // namespace codeql From 189f8515c065d9aef67c5e98f9932342232d2a3c Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Fri, 12 May 2023 08:50:16 +0200 Subject: [PATCH 312/870] JS: Make implicit this receivers explicit --- .../javascript/frameworks/AngularJS/AngularJSCore.qll | 2 +- .../test/tutorials/Validating RAML-based APIs/query1.ql | 2 +- .../test/tutorials/Validating RAML-based APIs/query2.ql | 8 ++++---- .../test/tutorials/Validating RAML-based APIs/query3.ql | 8 ++++---- .../test/tutorials/Validating RAML-based APIs/query4.ql | 8 ++++---- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll b/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll index 15999d55217..4997674375d 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/AngularJS/AngularJSCore.qll @@ -507,7 +507,7 @@ class DirectiveTargetName extends string { * `:` and `_` count as component delimiters. */ string getRawComponent(int i) { - result = toLowerCase().regexpFind("(?<=^|[-:_])[a-zA-Z0-9]+(?=$|[-:_])", i, _) + result = this.toLowerCase().regexpFind("(?<=^|[-:_])[a-zA-Z0-9]+(?=$|[-:_])", i, _) } /** diff --git a/javascript/ql/test/tutorials/Validating RAML-based APIs/query1.ql b/javascript/ql/test/tutorials/Validating RAML-based APIs/query1.ql index 6a5c8cf71cb..6d64030898f 100644 --- a/javascript/ql/test/tutorials/Validating RAML-based APIs/query1.ql +++ b/javascript/ql/test/tutorials/Validating RAML-based APIs/query1.ql @@ -2,7 +2,7 @@ import javascript /** A RAML specification. */ class RamlSpec extends YamlDocument, YamlMapping { - RamlSpec() { getLocation().getFile().getExtension() = "raml" } + RamlSpec() { this.getLocation().getFile().getExtension() = "raml" } } from RamlSpec s diff --git a/javascript/ql/test/tutorials/Validating RAML-based APIs/query2.ql b/javascript/ql/test/tutorials/Validating RAML-based APIs/query2.ql index 47e264001e4..45c9c124be2 100644 --- a/javascript/ql/test/tutorials/Validating RAML-based APIs/query2.ql +++ b/javascript/ql/test/tutorials/Validating RAML-based APIs/query2.ql @@ -4,13 +4,13 @@ string httpVerb() { result = ["get", "put", "post", "delete"] } /** A RAML specification. */ class RamlSpec extends YamlDocument, YamlMapping { - RamlSpec() { getLocation().getFile().getExtension() = "raml" } + RamlSpec() { this.getLocation().getFile().getExtension() = "raml" } } /** A RAML resource specification. */ class RamlResource extends YamlMapping { RamlResource() { - getDocument() instanceof RamlSpec and + this.getDocument() instanceof RamlSpec and exists(YamlMapping m, string name | this = m.lookup(name) and name.matches("/%") @@ -30,14 +30,14 @@ class RamlResource extends YamlMapping { /** Get the method for this resource with the given verb. */ RamlMethod getMethod(string verb) { verb = httpVerb() and - result = lookup(verb) + result = this.lookup(verb) } } /** A RAML method specification. */ class RamlMethod extends YamlValue { RamlMethod() { - getDocument() instanceof RamlSpec and + this.getDocument() instanceof RamlSpec and exists(YamlMapping obj | this = obj.lookup(httpVerb())) } diff --git a/javascript/ql/test/tutorials/Validating RAML-based APIs/query3.ql b/javascript/ql/test/tutorials/Validating RAML-based APIs/query3.ql index 12e38689590..4b532f69fad 100644 --- a/javascript/ql/test/tutorials/Validating RAML-based APIs/query3.ql +++ b/javascript/ql/test/tutorials/Validating RAML-based APIs/query3.ql @@ -4,13 +4,13 @@ string httpVerb() { result = ["get", "put", "post", "delete"] } /** A RAML specification. */ class RamlSpec extends YamlDocument, YamlMapping { - RamlSpec() { getLocation().getFile().getExtension() = "raml" } + RamlSpec() { this.getLocation().getFile().getExtension() = "raml" } } /** A RAML resource specification. */ class RamlResource extends YamlMapping { RamlResource() { - getDocument() instanceof RamlSpec and + this.getDocument() instanceof RamlSpec and exists(YamlMapping m, string name | this = m.lookup(name) and name.matches("/%") @@ -30,13 +30,13 @@ class RamlResource extends YamlMapping { /** Get the method for this resource with the given verb. */ RamlMethod getMethod(string verb) { verb = httpVerb() and - result = lookup(verb) + result = this.lookup(verb) } } class RamlMethod extends YamlValue { RamlMethod() { - getDocument() instanceof RamlSpec and + this.getDocument() instanceof RamlSpec and exists(YamlMapping obj | this = obj.lookup(httpVerb())) } } diff --git a/javascript/ql/test/tutorials/Validating RAML-based APIs/query4.ql b/javascript/ql/test/tutorials/Validating RAML-based APIs/query4.ql index fe3986d2763..59921f5b79b 100644 --- a/javascript/ql/test/tutorials/Validating RAML-based APIs/query4.ql +++ b/javascript/ql/test/tutorials/Validating RAML-based APIs/query4.ql @@ -4,13 +4,13 @@ string httpVerb() { result = ["get", "put", "post", "delete"] } /** A RAML specification. */ class RamlSpec extends YamlDocument, YamlMapping { - RamlSpec() { getLocation().getFile().getExtension() = "raml" } + RamlSpec() { this.getLocation().getFile().getExtension() = "raml" } } /** A RAML resource specification. */ class RamlResource extends YamlMapping { RamlResource() { - getDocument() instanceof RamlSpec and + this.getDocument() instanceof RamlSpec and exists(YamlMapping m, string name | this = m.lookup(name) and name.matches("/%") @@ -30,14 +30,14 @@ class RamlResource extends YamlMapping { /** Get the method for this resource with the given verb. */ RamlMethod getMethod(string verb) { verb = httpVerb() and - result = lookup(verb) + result = this.lookup(verb) } } /** A RAML method specification. */ class RamlMethod extends YamlValue { RamlMethod() { - getDocument() instanceof RamlSpec and + this.getDocument() instanceof RamlSpec and exists(YamlMapping obj | this = obj.lookup(httpVerb())) } From 7dd9906e952e86718b0be36a437a113a29fe552c Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Fri, 12 May 2023 08:25:07 +0200 Subject: [PATCH 313/870] JS: Enable implicit this receiver warnings --- javascript/ql/lib/qlpack.yml | 1 + javascript/ql/src/qlpack.yml | 1 + javascript/ql/test/qlpack.yml | 1 + 3 files changed, 3 insertions(+) diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 3864785cd12..4b0fa8d4ffb 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -12,3 +12,4 @@ dependencies: codeql/yaml: ${workspace} dataExtensions: - semmle/javascript/frameworks/**/model.yml +warnOnImplicitThis: true diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 1da21c597ab..2c62c9e75d5 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -11,3 +11,4 @@ dependencies: codeql/suite-helpers: ${workspace} codeql/typos: ${workspace} codeql/util: ${workspace} +warnOnImplicitThis: true diff --git a/javascript/ql/test/qlpack.yml b/javascript/ql/test/qlpack.yml index e5cdedb3b0e..566916b499f 100644 --- a/javascript/ql/test/qlpack.yml +++ b/javascript/ql/test/qlpack.yml @@ -7,3 +7,4 @@ extractor: javascript tests: . dataExtensions: - library-tests/DataExtensions/*.model.yml +warnOnImplicitThis: true From a48fa652ceb734db3ed23a0a66d8f62998ef7c16 Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Fri, 12 May 2023 10:57:49 +0200 Subject: [PATCH 314/870] Java: Add SQLi sinks for Spring JDBC --- .../2023-05-12-spring-jdbc-sql-sinks.md | 4 + ...ngframework.jdbc.core.namedparam.model.yml | 15 ++++ .../CWE-089/semmle/examples/SpringJdbc.java | 39 +++++++++- .../jdbc/core/JdbcOperations.java | 70 ++++++++--------- .../jdbc/core/JdbcTemplate.java | 76 +++++++++---------- .../NamedParameterJdbcOperations.java | 52 +++++++++++++ .../jdbc/core/namedparam/ParsedSql.java | 12 --- .../core/namedparam/SqlParameterSource.java | 14 ++++ .../jdbc/support/JdbcAccessor.java | 2 + .../jdbc/support/KeyHolder.java | 2 +- 10 files changed, 199 insertions(+), 87 deletions(-) create mode 100644 java/ql/lib/change-notes/2023-05-12-spring-jdbc-sql-sinks.md create mode 100644 java/ql/lib/ext/org.springframework.jdbc.core.namedparam.model.yml create mode 100644 java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/namedparam/NamedParameterJdbcOperations.java create mode 100644 java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/namedparam/SqlParameterSource.java diff --git a/java/ql/lib/change-notes/2023-05-12-spring-jdbc-sql-sinks.md b/java/ql/lib/change-notes/2023-05-12-spring-jdbc-sql-sinks.md new file mode 100644 index 00000000000..68d6c2b45fe --- /dev/null +++ b/java/ql/lib/change-notes/2023-05-12-spring-jdbc-sql-sinks.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added SQL injection sinks for Spring JDBC's `NamedParameterJdbcOperations`. \ No newline at end of file diff --git a/java/ql/lib/ext/org.springframework.jdbc.core.namedparam.model.yml b/java/ql/lib/ext/org.springframework.jdbc.core.namedparam.model.yml new file mode 100644 index 00000000000..a3dd5738d27 --- /dev/null +++ b/java/ql/lib/ext/org.springframework.jdbc.core.namedparam.model.yml @@ -0,0 +1,15 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "batchUpdate", "", "", "Argument[0]", "sql", "manual"] + - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "batchUpdate", "(String[])", "", "Argument[0]", "sql", "manual"] + - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "execute", "", "", "Argument[0]", "sql", "manual"] + - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "query", "", "", "Argument[0]", "sql", "manual"] + - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "queryForList", "", "", "Argument[0]", "sql", "manual"] + - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "queryForMap", "", "", "Argument[0]", "sql", "manual"] + - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "queryForObject", "", "", "Argument[0]", "sql", "manual"] + - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "queryForRowSet", "", "", "Argument[0]", "sql", "manual"] + - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "queryForStream", "", "", "Argument[0]", "sql", "manual"] + - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "update", "", "", "Argument[0]", "sql", "manual"] diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/SpringJdbc.java b/java/ql/test/query-tests/security/CWE-089/semmle/examples/SpringJdbc.java index c83d238576a..9aaaf1bc9fc 100644 --- a/java/ql/test/query-tests/security/CWE-089/semmle/examples/SpringJdbc.java +++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/SpringJdbc.java @@ -1,7 +1,13 @@ import java.sql.ResultSet; import java.util.Map; import org.springframework.jdbc.core.JdbcTemplate; +import org.springframework.jdbc.core.namedparam.NamedParameterJdbcOperations; +import org.springframework.jdbc.core.namedparam.SqlParameterSource; +import org.springframework.jdbc.core.PreparedStatementCallback; +import org.springframework.jdbc.core.ResultSetExtractor; +import org.springframework.jdbc.core.RowCallbackHandler; import org.springframework.jdbc.core.RowMapper; +import org.springframework.jdbc.core.SqlParameter; import org.springframework.jdbc.object.BatchSqlUpdate; import org.springframework.jdbc.object.MappingSqlQueryWithParameters; import org.springframework.jdbc.object.SqlFunction; @@ -22,7 +28,7 @@ public class SpringJdbc { } } - public static void test(JdbcTemplate template) { + public static void test(JdbcTemplate template, NamedParameterJdbcOperations namedParamTemplate) { new BatchSqlUpdate(null, source()); // $ sqlInjection new SqlFunction(null, source()); // $ sqlInjection new SqlUpdate(null, source()); // $ sqlInjection @@ -39,6 +45,37 @@ public class SpringJdbc { template.queryForObject(source(), (Class)null); // $ sqlInjection template.queryForRowSet(source()); // $ sqlInjection template.queryForStream(source(), (RowMapper)null); // $ sqlInjection + + namedParamTemplate.batchUpdate(source(), (Map[]) null); // $ sqlInjection + namedParamTemplate.batchUpdate(source(), (SqlParameterSource[]) null); // $ sqlInjection + namedParamTemplate.execute(source(), (PreparedStatementCallback) null); // $ sqlInjection + namedParamTemplate.execute(source(), (Map) null, (PreparedStatementCallback) null); // $ sqlInjection + namedParamTemplate.execute(source(), (SqlParameterSource) null, (PreparedStatementCallback) null); // $ sqlInjection + namedParamTemplate.query(source(), (Map) null, (ResultSetExtractor) null); // $ sqlInjection + namedParamTemplate.query(source(), (Map) null, (RowMapper) null); // $ sqlInjection + namedParamTemplate.query(source(), (Map) null, (RowCallbackHandler) null); // $ sqlInjection + namedParamTemplate.query(source(), (SqlParameterSource) null, (ResultSetExtractor) null); // $ sqlInjection + namedParamTemplate.query(source(), (SqlParameterSource) null, (RowMapper) null); // $ sqlInjection + namedParamTemplate.query(source(), (SqlParameterSource) null, (RowCallbackHandler) null); // $ sqlInjection + namedParamTemplate.query(source(), (ResultSetExtractor) null); // $ sqlInjection + namedParamTemplate.query(source(), (RowMapper) null); // $ sqlInjection + namedParamTemplate.query(source(), (RowCallbackHandler) null); // $ sqlInjection + namedParamTemplate.queryForList(source(), (Map) null); // $ sqlInjection + namedParamTemplate.queryForList(source(), (Map) null, (Class) null); // $ sqlInjection + namedParamTemplate.queryForMap(source(), (Map) null); // $ sqlInjection + namedParamTemplate.queryForMap(source(), (SqlParameterSource) null); // $ sqlInjection + namedParamTemplate.queryForObject(source(), (Map) null, (Class) null); // $ sqlInjection + namedParamTemplate.queryForObject(source(), (Map) null, (RowMapper) null); // $ sqlInjection + namedParamTemplate.queryForObject(source(), (SqlParameterSource) null, (Class) null); // $ sqlInjection + namedParamTemplate.queryForObject(source(), (SqlParameterSource) null, (RowMapper) null); // $ sqlInjection + namedParamTemplate.queryForRowSet(source(), (Map) null); // $ sqlInjection + namedParamTemplate.queryForRowSet(source(), (SqlParameterSource) null); // $ sqlInjection + namedParamTemplate.queryForStream(source(), (Map) null, (RowMapper) null); // $ sqlInjection + namedParamTemplate.queryForStream(source(), (SqlParameterSource) null, (RowMapper) null); // $ sqlInjection + namedParamTemplate.update(source(), (Map) null); // $ sqlInjection + namedParamTemplate.update(source(), (SqlParameterSource) null); // $ sqlInjection + namedParamTemplate.update(source(), null, null); // $ sqlInjection + namedParamTemplate.update(source(), null, null, null); // $ sqlInjection } } \ No newline at end of file diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/JdbcOperations.java b/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/JdbcOperations.java index 08ba78baa99..74f7cd40dbf 100644 --- a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/JdbcOperations.java +++ b/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/JdbcOperations.java @@ -24,41 +24,41 @@ import org.springframework.jdbc.support.rowset.SqlRowSet; public interface JdbcOperations { - List query(PreparedStatementCreator p0, RowMapper p1); - List query(String p0, Object[] p1, RowMapper p2); - List query(String p0, Object[] p1, int[] p2, RowMapper p3); - List query(String p0, PreparedStatementSetter p1, RowMapper p2); - List query(String p0, RowMapper p1); - List query(String p0, RowMapper p1, Object... p2); - List queryForList(String p0, Class p1); - List queryForList(String p0, Class p1, Object... p2); - List queryForList(String p0, Object[] p1, Class p2); - List queryForList(String p0, Object[] p1, int[] p2, Class p3); - Stream queryForStream(PreparedStatementCreator p0, RowMapper p1); - Stream queryForStream(String p0, PreparedStatementSetter p1, RowMapper p2); - Stream queryForStream(String p0, RowMapper p1); - Stream queryForStream(String p0, RowMapper p1, Object... p2); - T execute(CallableStatementCreator p0, CallableStatementCallback p1); - T execute(ConnectionCallback p0); - T execute(PreparedStatementCreator p0, PreparedStatementCallback p1); - T execute(StatementCallback p0); - T execute(String p0, CallableStatementCallback p1); - T execute(String p0, PreparedStatementCallback p1); - T query(PreparedStatementCreator p0, ResultSetExtractor p1); - T query(String p0, Object[] p1, ResultSetExtractor p2); - T query(String p0, Object[] p1, int[] p2, ResultSetExtractor p3); - T query(String p0, PreparedStatementSetter p1, ResultSetExtractor p2); - T query(String p0, ResultSetExtractor p1); - T query(String p0, ResultSetExtractor p1, Object... p2); - T queryForObject(String p0, Class p1); - T queryForObject(String p0, Class p1, Object... p2); - T queryForObject(String p0, Object[] p1, Class p2); - T queryForObject(String p0, Object[] p1, RowMapper p2); - T queryForObject(String p0, Object[] p1, int[] p2, Class p3); - T queryForObject(String p0, Object[] p1, int[] p2, RowMapper p3); - T queryForObject(String p0, RowMapper p1); - T queryForObject(String p0, RowMapper p1, Object... p2); - int[] batchUpdate(String p0, Collection p1, int p2, ParameterizedPreparedStatementSetter p3); + T execute(CallableStatementCreator p0, org.springframework.jdbc.core.CallableStatementCallback p1); + T execute(PreparedStatementCreator p0, org.springframework.jdbc.core.PreparedStatementCallback p1); + T execute(String p0, org.springframework.jdbc.core.CallableStatementCallback p1); + T execute(String p0, org.springframework.jdbc.core.PreparedStatementCallback p1); + T execute(org.springframework.jdbc.core.ConnectionCallback p0); + T execute(org.springframework.jdbc.core.StatementCallback p0); + T query(PreparedStatementCreator p0, org.springframework.jdbc.core.ResultSetExtractor p1); + T query(String p0, Object[] p1, int[] p2, org.springframework.jdbc.core.ResultSetExtractor p3); + T query(String p0, Object[] p1, org.springframework.jdbc.core.ResultSetExtractor p2); + T query(String p0, PreparedStatementSetter p1, org.springframework.jdbc.core.ResultSetExtractor p2); + T query(String p0, org.springframework.jdbc.core.ResultSetExtractor p1); + T query(String p0, org.springframework.jdbc.core.ResultSetExtractor p1, Object... p2); + T queryForObject(String p0, Object[] p1, int[] p2, java.lang.Class p3); + T queryForObject(String p0, Object[] p1, int[] p2, org.springframework.jdbc.core.RowMapper p3); + T queryForObject(String p0, Object[] p1, java.lang.Class p2); + T queryForObject(String p0, Object[] p1, org.springframework.jdbc.core.RowMapper p2); + T queryForObject(String p0, java.lang.Class p1); + T queryForObject(String p0, java.lang.Class p1, Object... p2); + T queryForObject(String p0, org.springframework.jdbc.core.RowMapper p1); + T queryForObject(String p0, org.springframework.jdbc.core.RowMapper p1, Object... p2); + int[][] batchUpdate(String p0, java.util.Collection p1, int p2, org.springframework.jdbc.core.ParameterizedPreparedStatementSetter p3); + java.util.List query(PreparedStatementCreator p0, org.springframework.jdbc.core.RowMapper p1); + java.util.List query(String p0, Object[] p1, int[] p2, org.springframework.jdbc.core.RowMapper p3); + java.util.List query(String p0, Object[] p1, org.springframework.jdbc.core.RowMapper p2); + java.util.List query(String p0, PreparedStatementSetter p1, org.springframework.jdbc.core.RowMapper p2); + java.util.List query(String p0, org.springframework.jdbc.core.RowMapper p1); + java.util.List query(String p0, org.springframework.jdbc.core.RowMapper p1, Object... p2); + java.util.List queryForList(String p0, Object[] p1, int[] p2, java.lang.Class p3); + java.util.List queryForList(String p0, Object[] p1, java.lang.Class p2); + java.util.List queryForList(String p0, java.lang.Class p1); + java.util.List queryForList(String p0, java.lang.Class p1, Object... p2); + java.util.stream.Stream queryForStream(PreparedStatementCreator p0, org.springframework.jdbc.core.RowMapper p1); + java.util.stream.Stream queryForStream(String p0, PreparedStatementSetter p1, org.springframework.jdbc.core.RowMapper p2); + java.util.stream.Stream queryForStream(String p0, org.springframework.jdbc.core.RowMapper p1); + java.util.stream.Stream queryForStream(String p0, org.springframework.jdbc.core.RowMapper p1, Object... p2); List> queryForList(String p0); List> queryForList(String p0, Object... p1); List> queryForList(String p0, Object[] p1, int[] p2); diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/JdbcTemplate.java b/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/JdbcTemplate.java index 65fb5d6d22e..1f154499fb4 100644 --- a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/JdbcTemplate.java +++ b/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/JdbcTemplate.java @@ -35,7 +35,7 @@ import org.springframework.jdbc.support.rowset.SqlRowSet; public class JdbcTemplate extends JdbcAccessor implements JdbcOperations { - protected RowMapper getSingleColumnRowMapper(Class p0){ return null; } + protected org.springframework.jdbc.core.RowMapper getSingleColumnRowMapper(java.lang.Class p0){ return null; } protected Connection createConnectionProxy(Connection p0){ return null; } protected DataAccessException translateException(String p0, String p1, SQLException p2){ return null; } protected Map createResultsMap(){ return null; } @@ -49,43 +49,43 @@ public class JdbcTemplate extends JdbcAccessor implements JdbcOperations protected void applyStatementSettings(Statement p0){} protected void handleWarnings(SQLWarning p0){} protected void handleWarnings(Statement p0){} - public List query(PreparedStatementCreator p0, RowMapper p1){ return null; } - public List query(String p0, Object[] p1, RowMapper p2){ return null; } - public List query(String p0, Object[] p1, int[] p2, RowMapper p3){ return null; } - public List query(String p0, PreparedStatementSetter p1, RowMapper p2){ return null; } - public List query(String p0, RowMapper p1){ return null; } - public List query(String p0, RowMapper p1, Object... p2){ return null; } - public List queryForList(String p0, Class p1){ return null; } - public List queryForList(String p0, Class p1, Object... p2){ return null; } - public List queryForList(String p0, Object[] p1, Class p2){ return null; } - public List queryForList(String p0, Object[] p1, int[] p2, Class p3){ return null; } - public Stream queryForStream(PreparedStatementCreator p0, PreparedStatementSetter p1, RowMapper p2){ return null; } - public Stream queryForStream(PreparedStatementCreator p0, RowMapper p1){ return null; } - public Stream queryForStream(String p0, PreparedStatementSetter p1, RowMapper p2){ return null; } - public Stream queryForStream(String p0, RowMapper p1){ return null; } - public Stream queryForStream(String p0, RowMapper p1, Object... p2){ return null; } - public T execute(CallableStatementCreator p0, CallableStatementCallback p1){ return null; } - public T execute(ConnectionCallback p0){ return null; } - public T execute(PreparedStatementCreator p0, PreparedStatementCallback p1){ return null; } - public T execute(StatementCallback p0){ return null; } - public T execute(String p0, CallableStatementCallback p1){ return null; } - public T execute(String p0, PreparedStatementCallback p1){ return null; } - public T query(PreparedStatementCreator p0, PreparedStatementSetter p1, ResultSetExtractor p2){ return null; } - public T query(PreparedStatementCreator p0, ResultSetExtractor p1){ return null; } - public T query(String p0, Object[] p1, ResultSetExtractor p2){ return null; } - public T query(String p0, Object[] p1, int[] p2, ResultSetExtractor p3){ return null; } - public T query(String p0, PreparedStatementSetter p1, ResultSetExtractor p2){ return null; } - public T query(String p0, ResultSetExtractor p1){ return null; } - public T query(String p0, ResultSetExtractor p1, Object... p2){ return null; } - public T queryForObject(String p0, Class p1){ return null; } - public T queryForObject(String p0, Class p1, Object... p2){ return null; } - public T queryForObject(String p0, Object[] p1, Class p2){ return null; } - public T queryForObject(String p0, Object[] p1, RowMapper p2){ return null; } - public T queryForObject(String p0, Object[] p1, int[] p2, Class p3){ return null; } - public T queryForObject(String p0, Object[] p1, int[] p2, RowMapper p3){ return null; } - public T queryForObject(String p0, RowMapper p1){ return null; } - public T queryForObject(String p0, RowMapper p1, Object... p2){ return null; } - public int[] batchUpdate(String p0, Collection p1, int p2, ParameterizedPreparedStatementSetter p3){ return null; } + public T execute(CallableStatementCreator p0, org.springframework.jdbc.core.CallableStatementCallback p1){ return null; } + public T execute(PreparedStatementCreator p0, org.springframework.jdbc.core.PreparedStatementCallback p1){ return null; } + public T execute(String p0, org.springframework.jdbc.core.CallableStatementCallback p1){ return null; } + public T execute(String p0, org.springframework.jdbc.core.PreparedStatementCallback p1){ return null; } + public T execute(org.springframework.jdbc.core.ConnectionCallback p0){ return null; } + public T execute(org.springframework.jdbc.core.StatementCallback p0){ return null; } + public T query(PreparedStatementCreator p0, PreparedStatementSetter p1, org.springframework.jdbc.core.ResultSetExtractor p2){ return null; } + public T query(PreparedStatementCreator p0, org.springframework.jdbc.core.ResultSetExtractor p1){ return null; } + public T query(String p0, Object[] p1, int[] p2, org.springframework.jdbc.core.ResultSetExtractor p3){ return null; } + public T query(String p0, Object[] p1, org.springframework.jdbc.core.ResultSetExtractor p2){ return null; } + public T query(String p0, PreparedStatementSetter p1, org.springframework.jdbc.core.ResultSetExtractor p2){ return null; } + public T query(String p0, org.springframework.jdbc.core.ResultSetExtractor p1){ return null; } + public T query(String p0, org.springframework.jdbc.core.ResultSetExtractor p1, Object... p2){ return null; } + public T queryForObject(String p0, Object[] p1, int[] p2, java.lang.Class p3){ return null; } + public T queryForObject(String p0, Object[] p1, int[] p2, org.springframework.jdbc.core.RowMapper p3){ return null; } + public T queryForObject(String p0, Object[] p1, java.lang.Class p2){ return null; } + public T queryForObject(String p0, Object[] p1, org.springframework.jdbc.core.RowMapper p2){ return null; } + public T queryForObject(String p0, java.lang.Class p1){ return null; } + public T queryForObject(String p0, java.lang.Class p1, Object... p2){ return null; } + public T queryForObject(String p0, org.springframework.jdbc.core.RowMapper p1){ return null; } + public T queryForObject(String p0, org.springframework.jdbc.core.RowMapper p1, Object... p2){ return null; } + public int[][] batchUpdate(String p0, java.util.Collection p1, int p2, org.springframework.jdbc.core.ParameterizedPreparedStatementSetter p3){ return null; } + public java.util.List query(PreparedStatementCreator p0, org.springframework.jdbc.core.RowMapper p1){ return null; } + public java.util.List query(String p0, Object[] p1, int[] p2, org.springframework.jdbc.core.RowMapper p3){ return null; } + public java.util.List query(String p0, Object[] p1, org.springframework.jdbc.core.RowMapper p2){ return null; } + public java.util.List query(String p0, PreparedStatementSetter p1, org.springframework.jdbc.core.RowMapper p2){ return null; } + public java.util.List query(String p0, org.springframework.jdbc.core.RowMapper p1){ return null; } + public java.util.List query(String p0, org.springframework.jdbc.core.RowMapper p1, Object... p2){ return null; } + public java.util.List queryForList(String p0, Object[] p1, int[] p2, java.lang.Class p3){ return null; } + public java.util.List queryForList(String p0, Object[] p1, java.lang.Class p2){ return null; } + public java.util.List queryForList(String p0, java.lang.Class p1){ return null; } + public java.util.List queryForList(String p0, java.lang.Class p1, Object... p2){ return null; } + public java.util.stream.Stream queryForStream(PreparedStatementCreator p0, PreparedStatementSetter p1, org.springframework.jdbc.core.RowMapper p2){ return null; } + public java.util.stream.Stream queryForStream(PreparedStatementCreator p0, org.springframework.jdbc.core.RowMapper p1){ return null; } + public java.util.stream.Stream queryForStream(String p0, PreparedStatementSetter p1, org.springframework.jdbc.core.RowMapper p2){ return null; } + public java.util.stream.Stream queryForStream(String p0, org.springframework.jdbc.core.RowMapper p1){ return null; } + public java.util.stream.Stream queryForStream(String p0, org.springframework.jdbc.core.RowMapper p1, Object... p2){ return null; } public JdbcTemplate(){} public JdbcTemplate(DataSource p0){} public JdbcTemplate(DataSource p0, boolean p1){} diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/namedparam/NamedParameterJdbcOperations.java b/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/namedparam/NamedParameterJdbcOperations.java new file mode 100644 index 00000000000..de787490da1 --- /dev/null +++ b/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/namedparam/NamedParameterJdbcOperations.java @@ -0,0 +1,52 @@ +// Generated automatically from org.springframework.jdbc.core.namedparam.NamedParameterJdbcOperations for testing purposes + +package org.springframework.jdbc.core.namedparam; + +import java.util.List; +import java.util.Map; +import java.util.stream.Stream; +import org.springframework.jdbc.core.JdbcOperations; +import org.springframework.jdbc.core.PreparedStatementCallback; +import org.springframework.jdbc.core.ResultSetExtractor; +import org.springframework.jdbc.core.RowCallbackHandler; +import org.springframework.jdbc.core.RowMapper; +import org.springframework.jdbc.core.namedparam.SqlParameterSource; +import org.springframework.jdbc.support.KeyHolder; +import org.springframework.jdbc.support.rowset.SqlRowSet; + +public interface NamedParameterJdbcOperations +{ + T execute(String p0, Map p1, org.springframework.jdbc.core.PreparedStatementCallback p2); + T execute(String p0, SqlParameterSource p1, org.springframework.jdbc.core.PreparedStatementCallback p2); + T execute(String p0, org.springframework.jdbc.core.PreparedStatementCallback p1); + T query(String p0, Map p1, org.springframework.jdbc.core.ResultSetExtractor p2); + T query(String p0, SqlParameterSource p1, org.springframework.jdbc.core.ResultSetExtractor p2); + T query(String p0, org.springframework.jdbc.core.ResultSetExtractor p1); + T queryForObject(String p0, Map p1, java.lang.Class p2); + T queryForObject(String p0, Map p1, org.springframework.jdbc.core.RowMapper p2); + T queryForObject(String p0, SqlParameterSource p1, java.lang.Class p2); + T queryForObject(String p0, SqlParameterSource p1, org.springframework.jdbc.core.RowMapper p2); + java.util.List query(String p0, Map p1, org.springframework.jdbc.core.RowMapper p2); + java.util.List query(String p0, SqlParameterSource p1, org.springframework.jdbc.core.RowMapper p2); + java.util.List query(String p0, org.springframework.jdbc.core.RowMapper p1); + java.util.List queryForList(String p0, Map p1, java.lang.Class p2); + java.util.List queryForList(String p0, SqlParameterSource p1, java.lang.Class p2); + java.util.stream.Stream queryForStream(String p0, Map p1, org.springframework.jdbc.core.RowMapper p2); + java.util.stream.Stream queryForStream(String p0, SqlParameterSource p1, org.springframework.jdbc.core.RowMapper p2); + JdbcOperations getJdbcOperations(); + List> queryForList(String p0, Map p1); + List> queryForList(String p0, SqlParameterSource p1); + Map queryForMap(String p0, Map p1); + Map queryForMap(String p0, SqlParameterSource p1); + SqlRowSet queryForRowSet(String p0, Map p1); + SqlRowSet queryForRowSet(String p0, SqlParameterSource p1); + int update(String p0, Map p1); + int update(String p0, SqlParameterSource p1); + int update(String p0, SqlParameterSource p1, KeyHolder p2); + int update(String p0, SqlParameterSource p1, KeyHolder p2, String[] p3); + int[] batchUpdate(String p0, Map[] p1); + int[] batchUpdate(String p0, SqlParameterSource[] p1); + void query(String p0, Map p1, RowCallbackHandler p2); + void query(String p0, RowCallbackHandler p1); + void query(String p0, SqlParameterSource p1, RowCallbackHandler p2); +} diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/namedparam/ParsedSql.java b/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/namedparam/ParsedSql.java index a304a40a32c..1ea7fb37448 100644 --- a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/namedparam/ParsedSql.java +++ b/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/namedparam/ParsedSql.java @@ -2,21 +2,9 @@ package org.springframework.jdbc.core.namedparam; -import java.util.List; public class ParsedSql { protected ParsedSql() {} - List getParameterNames(){ return null; } - ParsedSql(String p0){} - String getOriginalSql(){ return null; } - int getNamedParameterCount(){ return 0; } - int getTotalParameterCount(){ return 0; } - int getUnnamedParameterCount(){ return 0; } - int[] getParameterIndexes(int p0){ return null; } public String toString(){ return null; } - void addNamedParameter(String p0, int p1, int p2){} - void setNamedParameterCount(int p0){} - void setTotalParameterCount(int p0){} - void setUnnamedParameterCount(int p0){} } diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/namedparam/SqlParameterSource.java b/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/namedparam/SqlParameterSource.java new file mode 100644 index 00000000000..e0095623b68 --- /dev/null +++ b/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/core/namedparam/SqlParameterSource.java @@ -0,0 +1,14 @@ +// Generated automatically from org.springframework.jdbc.core.namedparam.SqlParameterSource for testing purposes + +package org.springframework.jdbc.core.namedparam; + + +public interface SqlParameterSource +{ + Object getValue(String p0); + boolean hasValue(String p0); + default String getTypeName(String p0){ return null; } + default String[] getParameterNames(){ return null; } + default int getSqlType(String p0){ return 0; } + static int TYPE_UNKNOWN = 0; +} diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/support/JdbcAccessor.java b/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/support/JdbcAccessor.java index d852955dba8..347e8212c36 100644 --- a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/support/JdbcAccessor.java +++ b/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/support/JdbcAccessor.java @@ -3,12 +3,14 @@ package org.springframework.jdbc.support; import javax.sql.DataSource; +import org.apache.commons.logging.Log; import org.springframework.beans.factory.InitializingBean; import org.springframework.jdbc.support.SQLExceptionTranslator; abstract public class JdbcAccessor implements InitializingBean { protected DataSource obtainDataSource(){ return null; } + protected final Log logger = null; public DataSource getDataSource(){ return null; } public JdbcAccessor(){} public SQLExceptionTranslator getExceptionTranslator(){ return null; } diff --git a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/support/KeyHolder.java b/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/support/KeyHolder.java index e699415370e..e19f1c5ff64 100644 --- a/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/support/KeyHolder.java +++ b/java/ql/test/stubs/springframework-5.3.8/org/springframework/jdbc/support/KeyHolder.java @@ -7,7 +7,7 @@ import java.util.Map; public interface KeyHolder { - T getKeyAs(Class p0); + T getKeyAs(java.lang.Class p0); List> getKeyList(); Map getKeys(); Number getKey(); From 3dbc0cf0b60a945d410b06a87590078a71e5e386 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Fri, 12 May 2023 11:29:46 +0200 Subject: [PATCH 315/870] QL: Make implicit receivers explicit --- ql/ql/src/codeql/Locations.qll | 4 +-- .../codeql_ql/style/UseSetLiteralQuery.qll | 36 ++++++++++--------- ql/ql/test/callgraph/Foo.qll | 2 +- ql/ql/test/callgraph/callgraph.expected | 2 +- 4 files changed, 24 insertions(+), 20 deletions(-) diff --git a/ql/ql/src/codeql/Locations.qll b/ql/ql/src/codeql/Locations.qll index 9a067d89da4..1cfb8a8d41a 100644 --- a/ql/ql/src/codeql/Locations.qll +++ b/ql/ql/src/codeql/Locations.qll @@ -25,13 +25,13 @@ class Location extends @location { int getEndColumn() { locations_default(this, _, _, _, _, result) } /** Gets the number of lines covered by this location. */ - int getNumLines() { result = getEndLine() - getStartLine() + 1 } + int getNumLines() { result = this.getEndLine() - this.getStartLine() + 1 } /** Gets a textual representation of this element. */ cached string toString() { exists(string filepath, int startline, int startcolumn, int endline, int endcolumn | - hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and + this.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and result = filepath + "@" + startline + ":" + startcolumn + ":" + endline + ":" + endcolumn ) } diff --git a/ql/ql/src/codeql_ql/style/UseSetLiteralQuery.qll b/ql/ql/src/codeql_ql/style/UseSetLiteralQuery.qll index c253f3da7fe..125251c0d62 100644 --- a/ql/ql/src/codeql_ql/style/UseSetLiteralQuery.qll +++ b/ql/ql/src/codeql_ql/style/UseSetLiteralQuery.qll @@ -16,7 +16,7 @@ class DisjunctionChain extends Disjunction { Formula getOperand(int i) { result = rank[i + 1](Formula operand, Location l | - operand = getAnOperand*() and + operand = this.getAnOperand*() and not operand instanceof Disjunction and l = operand.getLocation() | @@ -33,16 +33,16 @@ class DisjunctionChain extends Disjunction { */ class EqualsLiteral extends ComparisonFormula { EqualsLiteral() { - getOperator() = "=" and - getAnOperand() instanceof Literal + this.getOperator() = "=" and + this.getAnOperand() instanceof Literal } AstNode getOther() { - result = getAnOperand() and + result = this.getAnOperand() and not result instanceof Literal } - Literal getLiteral() { result = getAnOperand() } + Literal getLiteral() { result = this.getAnOperand() } } /** @@ -60,29 +60,33 @@ class DisjunctionEqualsLiteral extends DisjunctionChain { DisjunctionEqualsLiteral() { // VarAccess on the same variable exists(VarDef v | - forex(Formula f | f = getOperand(_) | + forex(Formula f | f = this.getOperand(_) | f.(EqualsLiteral).getAnOperand().(VarAccess).getDeclaration() = v ) and - firstOperand = getOperand(0).(EqualsLiteral).getAnOperand() and + firstOperand = this.getOperand(0).(EqualsLiteral).getAnOperand() and firstOperand.(VarAccess).getDeclaration() = v ) or // FieldAccess on the same variable exists(FieldDecl v | - forex(Formula f | f = getOperand(_) | + forex(Formula f | f = this.getOperand(_) | f.(EqualsLiteral).getAnOperand().(FieldAccess).getDeclaration() = v ) and - firstOperand = getOperand(0).(EqualsLiteral).getAnOperand() and + firstOperand = this.getOperand(0).(EqualsLiteral).getAnOperand() and firstOperand.(FieldAccess).getDeclaration() = v ) or // ThisAccess - forex(Formula f | f = getOperand(_) | f.(EqualsLiteral).getAnOperand() instanceof ThisAccess) and - firstOperand = getOperand(0).(EqualsLiteral).getAnOperand().(ThisAccess) + forex(Formula f | f = this.getOperand(_) | + f.(EqualsLiteral).getAnOperand() instanceof ThisAccess + ) and + firstOperand = this.getOperand(0).(EqualsLiteral).getAnOperand().(ThisAccess) or // ResultAccess - forex(Formula f | f = getOperand(_) | f.(EqualsLiteral).getAnOperand() instanceof ResultAccess) and - firstOperand = getOperand(0).(EqualsLiteral).getAnOperand().(ResultAccess) + forex(Formula f | f = this.getOperand(_) | + f.(EqualsLiteral).getAnOperand() instanceof ResultAccess + ) and + firstOperand = this.getOperand(0).(EqualsLiteral).getAnOperand().(ResultAccess) // (in principle something like GlobalValueNumbering could be used to generalize this) } @@ -100,8 +104,8 @@ class DisjunctionEqualsLiteral extends DisjunctionChain { */ class CallLiteral extends Call { CallLiteral() { - getNumberOfArguments() = 1 and - getArgument(0) instanceof Literal + this.getNumberOfArguments() = 1 and + this.getArgument(0) instanceof Literal } } @@ -118,7 +122,7 @@ class DisjunctionPredicateLiteral extends DisjunctionChain { DisjunctionPredicateLiteral() { // Call to the same target exists(PredicateOrBuiltin target | - forex(Formula f | f = getOperand(_) | f.(CallLiteral).getTarget() = target) + forex(Formula f | f = this.getOperand(_) | f.(CallLiteral).getTarget() = target) ) } } diff --git a/ql/ql/test/callgraph/Foo.qll b/ql/ql/test/callgraph/Foo.qll index 70cb53587cf..9d40471f78d 100644 --- a/ql/ql/test/callgraph/Foo.qll +++ b/ql/ql/test/callgraph/Foo.qll @@ -7,7 +7,7 @@ query predicate test() { foo() } class Foo extends AstNode { predicate bar() { none() } - predicate baz() { bar() } + predicate baz() { this.bar() } } class Sub extends Foo { diff --git a/ql/ql/test/callgraph/callgraph.expected b/ql/ql/test/callgraph/callgraph.expected index 823e8d2553a..ad54bd22bab 100644 --- a/ql/ql/test/callgraph/callgraph.expected +++ b/ql/ql/test/callgraph/callgraph.expected @@ -5,7 +5,7 @@ getTarget | Bar.qll:30:12:30:32 | MemberCall | Bar.qll:19:7:19:18 | ClassPredicate getParameter | | Baz.qll:8:18:8:44 | MemberCall | Baz.qll:4:10:4:24 | ClassPredicate getImportedPath | | Foo.qll:5:26:5:30 | PredicateCall | Foo.qll:3:11:3:13 | ClasslessPredicate foo | -| Foo.qll:10:21:10:25 | PredicateCall | Foo.qll:8:13:8:15 | ClassPredicate bar | +| Foo.qll:10:21:10:30 | MemberCall | Foo.qll:8:13:8:15 | ClassPredicate bar | | Foo.qll:14:34:14:44 | MemberCall | Foo.qll:10:13:10:15 | ClassPredicate baz | | Foo.qll:17:27:17:42 | MemberCall | Foo.qll:8:13:8:15 | ClassPredicate bar | | Foo.qll:29:5:29:16 | PredicateCall | Foo.qll:20:13:20:20 | ClasslessPredicate myThing2 | From 1af1bf89177c9dc08023f261e5be6288beefa2dd Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Fri, 12 May 2023 11:30:24 +0200 Subject: [PATCH 316/870] QL: Enable implicit this receiver warnings --- ql/ql/src/qlpack.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ql/ql/src/qlpack.yml b/ql/ql/src/qlpack.yml index 82ea061b25a..46eb43ff429 100644 --- a/ql/ql/src/qlpack.yml +++ b/ql/ql/src/qlpack.yml @@ -8,3 +8,4 @@ extractor: ql dependencies: codeql/typos: ${workspace} codeql/util: ${workspace} +warnOnImplicitThis: true From 75e36e89de6ab7c1ff71235a7ab9297ee23f60fe Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 12 May 2023 10:34:48 +0100 Subject: [PATCH 317/870] C++: Precompute the set of necessary states. --- .../Likely Bugs/OverrunWriteProductFlow.ql | 111 +++++++- .../CWE-119/OverrunWriteProductFlow.expected | 248 +----------------- 2 files changed, 110 insertions(+), 249 deletions(-) diff --git a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql b/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql index 79a5497f46d..e35c48c9d9b 100644 --- a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql +++ b/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql @@ -78,6 +78,113 @@ predicate isSinkPairImpl( ) } +module ValidState { + /** + * In the `StringSizeConfig` configuration we use an integer as the flow state for the second + * projection of the dataflow graph. The integer represents an offset that is added to the + * size of the allocation. For example, given: + * ```cpp + * char* p = new char[size + 1]; + * size += 1; + * memset(p, 0, size); + * ``` + * the initial flow state is `1`. This represents the fact that `size + 1` is a valid bound + * for the size of the allocation pointed to by `p`. After updating the size using `+=`, the + * flow state changes to `0`, which represents the fact that `size + 0` is a valid bound for + * the allocation. + * + * So we need to compute a set of valid integers that represent the offset applied to the + * size. We do this in two steps: + * 1. We first perform the dataflow traversal that the second projection of the product-flow + * library will perform, and visit all the places where the size argument is modified. + * 2. Once that dataflow traversal is done, we accumulate the offsets added at each places + * where the offset is modified (see `validStateImpl`). + * + * Because we want to guarantee that each place where we modify the offset has a `PathNode` + * we "flip" a boolean flow state in each `isAdditionalFlowStep`. This ensures that the node + * has a corresponding `PathNode`. + */ + private module ValidStateConfig implements DataFlow::StateConfigSig { + class FlowState = boolean; + + predicate isSource(DataFlow::Node source, FlowState state) { + hasSize(_, source, _) and + state = false + } + + predicate isSink(DataFlow::Node sink, FlowState state) { + isSinkPairImpl(_, _, sink, _, _) and + state = [false, true] + } + + predicate isBarrier(DataFlow::Node node, FlowState state) { none() } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 + ) { + exists(AddInstruction add, Operand op, int delta | + add.hasOperands(node1.asOperand(), op) and + semBounded(getSemanticExpr(op.getDef()), any(SemZeroBound zero), delta, true, _) and + node2.asInstruction() = add and + state1 = [false, true] and + state2 = state1.booleanNot() + ) + } + + predicate includeHiddenNodes() { any() } + } + + private import DataFlow::GlobalWithState + + private predicate inLoop(PathNode n) { n.getASuccessor+() = n } + + /** + * Holds if `value` is a possible offset for `n`. + * + * To ensure termination, we limit `value` to be in the + * range `[-2, 2]` if the node is part of a loop. Without + * this restriction we wouldn't terminate on an example like: + * ```cpp + * while(unknown()) { size++; } + * ``` + */ + private predicate validStateImpl(PathNode n, int value) { + (inLoop(n) implies value = [-2 .. 2]) and + ( + hasSize(_, n.getNode(), value) + or + exists(int delta, PathNode n0 | + n0.getASuccessor() = n and + validStateImpl(n0, value) and + isSinkPairImpl(_, _, n.getNode(), delta, _) and + delta > value + ) + or + exists(PathNode n0, DataFlow::Node node, int value0 | + n0.getASuccessor() = n and + validStateImpl(n0, value0) and + node = n.getNode() + | + exists(AddInstruction add, Operand op1, Operand op2, int delta | + add = node.asInstruction() and + add.hasOperands(op1, op2) and + value0 = value + delta and + semBounded(getSemanticExpr([op1, op2].getDef()), any(SemZeroBound zero), delta, true, _) + ) + or + not node.asInstruction() instanceof AddInstruction and + value = value0 + ) + ) + } + + predicate validState(DataFlow::Node n, int value) { + validStateImpl(any(PathNode pn | pn.getNode() = n), value) + } +} + +import ValidState + module StringSizeConfig implements ProductFlow::StateConfigSig { class FlowState1 = Unit; @@ -100,7 +207,7 @@ module StringSizeConfig implements ProductFlow::StateConfigSig { DataFlow::Node bufSink, FlowState1 state1, DataFlow::Node sizeSink, FlowState2 state2 ) { exists(state1) and - state2 = [-32 .. 32] and // An arbitrary bound because we need to bound `state2` + validState(sizeSink, state2) and exists(int delta | isSinkPairImpl(_, bufSink, sizeSink, delta, _) and delta > state2 @@ -120,8 +227,8 @@ module StringSizeConfig implements ProductFlow::StateConfigSig { predicate isAdditionalFlowStep2( DataFlow::Node node1, FlowState2 state1, DataFlow::Node node2, FlowState2 state2 ) { + validState(node2, state2) and exists(AddInstruction add, Operand op, int delta, int s1, int s2 | - s1 = [-32 .. 32] and // An arbitrary bound because we need to bound `state` state1 = s1 and state2 = s2 and add.hasOperands(node1.asOperand(), op) and diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected index 3b450ac9b8f..b8d75b618c6 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected @@ -1,202 +1,62 @@ edges -| test.cpp:16:11:16:21 | mk_string_t indirection [string] | test.cpp:24:21:24:31 | call to mk_string_t indirection [string] | -| test.cpp:16:11:16:21 | mk_string_t indirection [string] | test.cpp:34:21:34:31 | call to mk_string_t indirection [string] | | test.cpp:16:11:16:21 | mk_string_t indirection [string] | test.cpp:39:21:39:31 | call to mk_string_t indirection [string] | | test.cpp:18:5:18:30 | ... = ... | test.cpp:18:10:18:15 | str indirection [post update] [string] | | test.cpp:18:10:18:15 | str indirection [post update] [string] | test.cpp:16:11:16:21 | mk_string_t indirection [string] | | test.cpp:18:19:18:24 | call to malloc | test.cpp:18:5:18:30 | ... = ... | -| test.cpp:24:21:24:31 | call to mk_string_t indirection [string] | test.cpp:26:13:26:15 | str indirection [string] | -| test.cpp:26:13:26:15 | str indirection [string] | test.cpp:26:18:26:23 | string | -| test.cpp:26:13:26:15 | str indirection [string] | test.cpp:26:18:26:23 | string indirection | -| test.cpp:26:18:26:23 | string indirection | test.cpp:26:18:26:23 | string | -| test.cpp:29:32:29:34 | str indirection [string] | test.cpp:30:13:30:15 | str indirection [string] | -| test.cpp:30:13:30:15 | str indirection [string] | test.cpp:30:18:30:23 | string | -| test.cpp:30:13:30:15 | str indirection [string] | test.cpp:30:18:30:23 | string indirection | -| test.cpp:30:18:30:23 | string indirection | test.cpp:30:18:30:23 | string | -| test.cpp:34:21:34:31 | call to mk_string_t indirection [string] | test.cpp:35:21:35:23 | str indirection [string] | -| test.cpp:35:21:35:23 | str indirection [string] | test.cpp:29:32:29:34 | str indirection [string] | -| test.cpp:39:21:39:31 | call to mk_string_t indirection [string] | test.cpp:41:13:41:15 | str indirection [string] | | test.cpp:39:21:39:31 | call to mk_string_t indirection [string] | test.cpp:42:13:42:15 | str indirection [string] | -| test.cpp:39:21:39:31 | call to mk_string_t indirection [string] | test.cpp:44:13:44:15 | str indirection [string] | -| test.cpp:39:21:39:31 | call to mk_string_t indirection [string] | test.cpp:45:13:45:15 | str indirection [string] | -| test.cpp:39:21:39:31 | call to mk_string_t indirection [string] | test.cpp:48:17:48:19 | str indirection [string] | -| test.cpp:39:21:39:31 | call to mk_string_t indirection [string] | test.cpp:52:17:52:19 | str indirection [string] | -| test.cpp:39:21:39:31 | call to mk_string_t indirection [string] | test.cpp:56:17:56:19 | str indirection [string] | -| test.cpp:39:21:39:31 | call to mk_string_t indirection [string] | test.cpp:60:17:60:19 | str indirection [string] | -| test.cpp:39:21:39:31 | call to mk_string_t indirection [string] | test.cpp:64:17:64:19 | str indirection [string] | -| test.cpp:39:21:39:31 | call to mk_string_t indirection [string] | test.cpp:68:17:68:19 | str indirection [string] | | test.cpp:39:21:39:31 | call to mk_string_t indirection [string] | test.cpp:72:17:72:19 | str indirection [string] | -| test.cpp:39:21:39:31 | call to mk_string_t indirection [string] | test.cpp:76:17:76:19 | str indirection [string] | | test.cpp:39:21:39:31 | call to mk_string_t indirection [string] | test.cpp:80:17:80:19 | str indirection [string] | -| test.cpp:39:21:39:31 | call to mk_string_t indirection [string] | test.cpp:84:17:84:19 | str indirection [string] | -| test.cpp:41:13:41:15 | str indirection [string] | test.cpp:41:18:41:23 | string | -| test.cpp:41:13:41:15 | str indirection [string] | test.cpp:41:18:41:23 | string indirection | -| test.cpp:41:18:41:23 | string indirection | test.cpp:41:18:41:23 | string | | test.cpp:42:13:42:15 | str indirection [string] | test.cpp:42:18:42:23 | string | | test.cpp:42:13:42:15 | str indirection [string] | test.cpp:42:18:42:23 | string indirection | | test.cpp:42:18:42:23 | string indirection | test.cpp:42:18:42:23 | string | -| test.cpp:44:13:44:15 | str indirection [string] | test.cpp:44:18:44:23 | string | -| test.cpp:44:13:44:15 | str indirection [string] | test.cpp:44:18:44:23 | string indirection | -| test.cpp:44:18:44:23 | string indirection | test.cpp:44:18:44:23 | string | -| test.cpp:45:13:45:15 | str indirection [string] | test.cpp:45:18:45:23 | string | -| test.cpp:45:13:45:15 | str indirection [string] | test.cpp:45:18:45:23 | string indirection | -| test.cpp:45:18:45:23 | string indirection | test.cpp:45:18:45:23 | string | -| test.cpp:48:17:48:19 | str indirection [string] | test.cpp:48:22:48:27 | string | -| test.cpp:48:17:48:19 | str indirection [string] | test.cpp:48:22:48:27 | string indirection | -| test.cpp:48:22:48:27 | string indirection | test.cpp:48:22:48:27 | string | -| test.cpp:52:17:52:19 | str indirection [string] | test.cpp:52:22:52:27 | string | -| test.cpp:52:17:52:19 | str indirection [string] | test.cpp:52:22:52:27 | string indirection | -| test.cpp:52:22:52:27 | string indirection | test.cpp:52:22:52:27 | string | -| test.cpp:56:17:56:19 | str indirection [string] | test.cpp:56:22:56:27 | string | -| test.cpp:56:17:56:19 | str indirection [string] | test.cpp:56:22:56:27 | string indirection | -| test.cpp:56:22:56:27 | string indirection | test.cpp:56:22:56:27 | string | -| test.cpp:60:17:60:19 | str indirection [string] | test.cpp:60:22:60:27 | string | -| test.cpp:60:17:60:19 | str indirection [string] | test.cpp:60:22:60:27 | string indirection | -| test.cpp:60:22:60:27 | string indirection | test.cpp:60:22:60:27 | string | -| test.cpp:64:17:64:19 | str indirection [string] | test.cpp:64:22:64:27 | string | -| test.cpp:64:17:64:19 | str indirection [string] | test.cpp:64:22:64:27 | string indirection | -| test.cpp:64:22:64:27 | string indirection | test.cpp:64:22:64:27 | string | -| test.cpp:68:17:68:19 | str indirection [string] | test.cpp:68:22:68:27 | string | -| test.cpp:68:17:68:19 | str indirection [string] | test.cpp:68:22:68:27 | string indirection | -| test.cpp:68:22:68:27 | string indirection | test.cpp:68:22:68:27 | string | | test.cpp:72:17:72:19 | str indirection [string] | test.cpp:72:22:72:27 | string | | test.cpp:72:17:72:19 | str indirection [string] | test.cpp:72:22:72:27 | string indirection | | test.cpp:72:22:72:27 | string indirection | test.cpp:72:22:72:27 | string | -| test.cpp:76:17:76:19 | str indirection [string] | test.cpp:76:22:76:27 | string | -| test.cpp:76:17:76:19 | str indirection [string] | test.cpp:76:22:76:27 | string indirection | -| test.cpp:76:22:76:27 | string indirection | test.cpp:76:22:76:27 | string | | test.cpp:80:17:80:19 | str indirection [string] | test.cpp:80:22:80:27 | string | | test.cpp:80:17:80:19 | str indirection [string] | test.cpp:80:22:80:27 | string indirection | | test.cpp:80:22:80:27 | string indirection | test.cpp:80:22:80:27 | string | -| test.cpp:84:17:84:19 | str indirection [string] | test.cpp:84:22:84:27 | string | -| test.cpp:84:17:84:19 | str indirection [string] | test.cpp:84:22:84:27 | string indirection | -| test.cpp:84:22:84:27 | string indirection | test.cpp:84:22:84:27 | string | | test.cpp:88:11:88:30 | mk_string_t_plus_one indirection [string] | test.cpp:96:21:96:40 | call to mk_string_t_plus_one indirection [string] | | test.cpp:90:5:90:34 | ... = ... | test.cpp:90:10:90:15 | str indirection [post update] [string] | | test.cpp:90:10:90:15 | str indirection [post update] [string] | test.cpp:88:11:88:30 | mk_string_t_plus_one indirection [string] | | test.cpp:90:19:90:24 | call to malloc | test.cpp:90:5:90:34 | ... = ... | -| test.cpp:96:21:96:40 | call to mk_string_t_plus_one indirection [string] | test.cpp:98:13:98:15 | str indirection [string] | | test.cpp:96:21:96:40 | call to mk_string_t_plus_one indirection [string] | test.cpp:99:13:99:15 | str indirection [string] | -| test.cpp:96:21:96:40 | call to mk_string_t_plus_one indirection [string] | test.cpp:101:13:101:15 | str indirection [string] | -| test.cpp:96:21:96:40 | call to mk_string_t_plus_one indirection [string] | test.cpp:102:13:102:15 | str indirection [string] | -| test.cpp:96:21:96:40 | call to mk_string_t_plus_one indirection [string] | test.cpp:105:17:105:19 | str indirection [string] | -| test.cpp:96:21:96:40 | call to mk_string_t_plus_one indirection [string] | test.cpp:109:17:109:19 | str indirection [string] | -| test.cpp:96:21:96:40 | call to mk_string_t_plus_one indirection [string] | test.cpp:113:17:113:19 | str indirection [string] | -| test.cpp:96:21:96:40 | call to mk_string_t_plus_one indirection [string] | test.cpp:117:17:117:19 | str indirection [string] | -| test.cpp:96:21:96:40 | call to mk_string_t_plus_one indirection [string] | test.cpp:121:17:121:19 | str indirection [string] | -| test.cpp:96:21:96:40 | call to mk_string_t_plus_one indirection [string] | test.cpp:125:17:125:19 | str indirection [string] | | test.cpp:96:21:96:40 | call to mk_string_t_plus_one indirection [string] | test.cpp:129:17:129:19 | str indirection [string] | -| test.cpp:96:21:96:40 | call to mk_string_t_plus_one indirection [string] | test.cpp:133:17:133:19 | str indirection [string] | | test.cpp:96:21:96:40 | call to mk_string_t_plus_one indirection [string] | test.cpp:137:17:137:19 | str indirection [string] | -| test.cpp:96:21:96:40 | call to mk_string_t_plus_one indirection [string] | test.cpp:141:17:141:19 | str indirection [string] | -| test.cpp:98:13:98:15 | str indirection [string] | test.cpp:98:18:98:23 | string | -| test.cpp:98:13:98:15 | str indirection [string] | test.cpp:98:18:98:23 | string indirection | -| test.cpp:98:18:98:23 | string indirection | test.cpp:98:18:98:23 | string | | test.cpp:99:13:99:15 | str indirection [string] | test.cpp:99:18:99:23 | string | | test.cpp:99:13:99:15 | str indirection [string] | test.cpp:99:18:99:23 | string indirection | | test.cpp:99:18:99:23 | string indirection | test.cpp:99:18:99:23 | string | -| test.cpp:101:13:101:15 | str indirection [string] | test.cpp:101:18:101:23 | string | -| test.cpp:101:13:101:15 | str indirection [string] | test.cpp:101:18:101:23 | string indirection | -| test.cpp:101:18:101:23 | string indirection | test.cpp:101:18:101:23 | string | -| test.cpp:102:13:102:15 | str indirection [string] | test.cpp:102:18:102:23 | string | -| test.cpp:102:13:102:15 | str indirection [string] | test.cpp:102:18:102:23 | string indirection | -| test.cpp:102:18:102:23 | string indirection | test.cpp:102:18:102:23 | string | -| test.cpp:105:17:105:19 | str indirection [string] | test.cpp:105:22:105:27 | string | -| test.cpp:105:17:105:19 | str indirection [string] | test.cpp:105:22:105:27 | string indirection | -| test.cpp:105:22:105:27 | string indirection | test.cpp:105:22:105:27 | string | -| test.cpp:109:17:109:19 | str indirection [string] | test.cpp:109:22:109:27 | string | -| test.cpp:109:17:109:19 | str indirection [string] | test.cpp:109:22:109:27 | string indirection | -| test.cpp:109:22:109:27 | string indirection | test.cpp:109:22:109:27 | string | -| test.cpp:113:17:113:19 | str indirection [string] | test.cpp:113:22:113:27 | string | -| test.cpp:113:17:113:19 | str indirection [string] | test.cpp:113:22:113:27 | string indirection | -| test.cpp:113:22:113:27 | string indirection | test.cpp:113:22:113:27 | string | -| test.cpp:117:17:117:19 | str indirection [string] | test.cpp:117:22:117:27 | string | -| test.cpp:117:17:117:19 | str indirection [string] | test.cpp:117:22:117:27 | string indirection | -| test.cpp:117:22:117:27 | string indirection | test.cpp:117:22:117:27 | string | -| test.cpp:121:17:121:19 | str indirection [string] | test.cpp:121:22:121:27 | string | -| test.cpp:121:17:121:19 | str indirection [string] | test.cpp:121:22:121:27 | string indirection | -| test.cpp:121:22:121:27 | string indirection | test.cpp:121:22:121:27 | string | -| test.cpp:125:17:125:19 | str indirection [string] | test.cpp:125:22:125:27 | string | -| test.cpp:125:17:125:19 | str indirection [string] | test.cpp:125:22:125:27 | string indirection | -| test.cpp:125:22:125:27 | string indirection | test.cpp:125:22:125:27 | string | | test.cpp:129:17:129:19 | str indirection [string] | test.cpp:129:22:129:27 | string | | test.cpp:129:17:129:19 | str indirection [string] | test.cpp:129:22:129:27 | string indirection | | test.cpp:129:22:129:27 | string indirection | test.cpp:129:22:129:27 | string | -| test.cpp:133:17:133:19 | str indirection [string] | test.cpp:133:22:133:27 | string | -| test.cpp:133:17:133:19 | str indirection [string] | test.cpp:133:22:133:27 | string indirection | -| test.cpp:133:22:133:27 | string indirection | test.cpp:133:22:133:27 | string | | test.cpp:137:17:137:19 | str indirection [string] | test.cpp:137:22:137:27 | string | | test.cpp:137:17:137:19 | str indirection [string] | test.cpp:137:22:137:27 | string indirection | | test.cpp:137:22:137:27 | string indirection | test.cpp:137:22:137:27 | string | -| test.cpp:141:17:141:19 | str indirection [string] | test.cpp:141:22:141:27 | string | -| test.cpp:141:17:141:19 | str indirection [string] | test.cpp:141:22:141:27 | string indirection | -| test.cpp:141:22:141:27 | string indirection | test.cpp:141:22:141:27 | string | | test.cpp:147:5:147:34 | ... = ... | test.cpp:147:10:147:15 | str indirection [post update] [string] | -| test.cpp:147:10:147:15 | str indirection [post update] [string] | test.cpp:150:13:150:15 | str indirection [string] | -| test.cpp:147:10:147:15 | str indirection [post update] [string] | test.cpp:151:13:151:15 | str indirection [string] | | test.cpp:147:10:147:15 | str indirection [post update] [string] | test.cpp:152:13:152:15 | str indirection [string] | | test.cpp:147:10:147:15 | str indirection [post update] [string] | test.cpp:154:13:154:15 | str indirection [string] | -| test.cpp:147:10:147:15 | str indirection [post update] [string] | test.cpp:155:13:155:15 | str indirection [string] | | test.cpp:147:10:147:15 | str indirection [post update] [string] | test.cpp:156:13:156:15 | str indirection [string] | -| test.cpp:147:10:147:15 | str indirection [post update] [string] | test.cpp:159:17:159:19 | str indirection [string] | -| test.cpp:147:10:147:15 | str indirection [post update] [string] | test.cpp:163:17:163:19 | str indirection [string] | -| test.cpp:147:10:147:15 | str indirection [post update] [string] | test.cpp:167:17:167:19 | str indirection [string] | -| test.cpp:147:10:147:15 | str indirection [post update] [string] | test.cpp:171:17:171:19 | str indirection [string] | | test.cpp:147:10:147:15 | str indirection [post update] [string] | test.cpp:175:17:175:19 | str indirection [string] | -| test.cpp:147:10:147:15 | str indirection [post update] [string] | test.cpp:179:17:179:19 | str indirection [string] | -| test.cpp:147:10:147:15 | str indirection [post update] [string] | test.cpp:183:17:183:19 | str indirection [string] | | test.cpp:147:10:147:15 | str indirection [post update] [string] | test.cpp:187:17:187:19 | str indirection [string] | -| test.cpp:147:10:147:15 | str indirection [post update] [string] | test.cpp:191:17:191:19 | str indirection [string] | | test.cpp:147:10:147:15 | str indirection [post update] [string] | test.cpp:195:17:195:19 | str indirection [string] | | test.cpp:147:10:147:15 | str indirection [post update] [string] | test.cpp:199:17:199:19 | str indirection [string] | | test.cpp:147:10:147:15 | str indirection [post update] [string] | test.cpp:203:17:203:19 | str indirection [string] | | test.cpp:147:10:147:15 | str indirection [post update] [string] | test.cpp:207:17:207:19 | str indirection [string] | | test.cpp:147:19:147:24 | call to malloc | test.cpp:147:5:147:34 | ... = ... | -| test.cpp:150:13:150:15 | str indirection [string] | test.cpp:150:18:150:23 | string | -| test.cpp:150:13:150:15 | str indirection [string] | test.cpp:150:18:150:23 | string indirection | -| test.cpp:150:18:150:23 | string indirection | test.cpp:150:18:150:23 | string | -| test.cpp:151:13:151:15 | str indirection [string] | test.cpp:151:18:151:23 | string | -| test.cpp:151:13:151:15 | str indirection [string] | test.cpp:151:18:151:23 | string indirection | -| test.cpp:151:18:151:23 | string indirection | test.cpp:151:18:151:23 | string | | test.cpp:152:13:152:15 | str indirection [string] | test.cpp:152:18:152:23 | string | | test.cpp:152:13:152:15 | str indirection [string] | test.cpp:152:18:152:23 | string indirection | | test.cpp:152:18:152:23 | string indirection | test.cpp:152:18:152:23 | string | | test.cpp:154:13:154:15 | str indirection [string] | test.cpp:154:18:154:23 | string | | test.cpp:154:13:154:15 | str indirection [string] | test.cpp:154:18:154:23 | string indirection | | test.cpp:154:18:154:23 | string indirection | test.cpp:154:18:154:23 | string | -| test.cpp:155:13:155:15 | str indirection [string] | test.cpp:155:18:155:23 | string | -| test.cpp:155:13:155:15 | str indirection [string] | test.cpp:155:18:155:23 | string indirection | -| test.cpp:155:18:155:23 | string indirection | test.cpp:155:18:155:23 | string | | test.cpp:156:13:156:15 | str indirection [string] | test.cpp:156:18:156:23 | string | | test.cpp:156:13:156:15 | str indirection [string] | test.cpp:156:18:156:23 | string indirection | | test.cpp:156:18:156:23 | string indirection | test.cpp:156:18:156:23 | string | -| test.cpp:159:17:159:19 | str indirection [string] | test.cpp:159:22:159:27 | string | -| test.cpp:159:17:159:19 | str indirection [string] | test.cpp:159:22:159:27 | string indirection | -| test.cpp:159:22:159:27 | string indirection | test.cpp:159:22:159:27 | string | -| test.cpp:163:17:163:19 | str indirection [string] | test.cpp:163:22:163:27 | string | -| test.cpp:163:17:163:19 | str indirection [string] | test.cpp:163:22:163:27 | string indirection | -| test.cpp:163:22:163:27 | string indirection | test.cpp:163:22:163:27 | string | -| test.cpp:167:17:167:19 | str indirection [string] | test.cpp:167:22:167:27 | string | -| test.cpp:167:17:167:19 | str indirection [string] | test.cpp:167:22:167:27 | string indirection | -| test.cpp:167:22:167:27 | string indirection | test.cpp:167:22:167:27 | string | -| test.cpp:171:17:171:19 | str indirection [string] | test.cpp:171:22:171:27 | string | -| test.cpp:171:17:171:19 | str indirection [string] | test.cpp:171:22:171:27 | string indirection | -| test.cpp:171:22:171:27 | string indirection | test.cpp:171:22:171:27 | string | | test.cpp:175:17:175:19 | str indirection [string] | test.cpp:175:22:175:27 | string | | test.cpp:175:17:175:19 | str indirection [string] | test.cpp:175:22:175:27 | string indirection | | test.cpp:175:22:175:27 | string indirection | test.cpp:175:22:175:27 | string | -| test.cpp:179:17:179:19 | str indirection [string] | test.cpp:179:22:179:27 | string | -| test.cpp:179:17:179:19 | str indirection [string] | test.cpp:179:22:179:27 | string indirection | -| test.cpp:179:22:179:27 | string indirection | test.cpp:179:22:179:27 | string | -| test.cpp:183:17:183:19 | str indirection [string] | test.cpp:183:22:183:27 | string | -| test.cpp:183:17:183:19 | str indirection [string] | test.cpp:183:22:183:27 | string indirection | -| test.cpp:183:22:183:27 | string indirection | test.cpp:183:22:183:27 | string | | test.cpp:187:17:187:19 | str indirection [string] | test.cpp:187:22:187:27 | string | | test.cpp:187:17:187:19 | str indirection [string] | test.cpp:187:22:187:27 | string indirection | | test.cpp:187:22:187:27 | string indirection | test.cpp:187:22:187:27 | string | -| test.cpp:191:17:191:19 | str indirection [string] | test.cpp:191:22:191:27 | string | -| test.cpp:191:17:191:19 | str indirection [string] | test.cpp:191:22:191:27 | string indirection | -| test.cpp:191:22:191:27 | string indirection | test.cpp:191:22:191:27 | string | | test.cpp:195:17:195:19 | str indirection [string] | test.cpp:195:22:195:27 | string | | test.cpp:195:17:195:19 | str indirection [string] | test.cpp:195:22:195:27 | string indirection | | test.cpp:195:22:195:27 | string indirection | test.cpp:195:22:195:27 | string | @@ -228,154 +88,48 @@ nodes | test.cpp:18:5:18:30 | ... = ... | semmle.label | ... = ... | | test.cpp:18:10:18:15 | str indirection [post update] [string] | semmle.label | str indirection [post update] [string] | | test.cpp:18:19:18:24 | call to malloc | semmle.label | call to malloc | -| test.cpp:24:21:24:31 | call to mk_string_t indirection [string] | semmle.label | call to mk_string_t indirection [string] | -| test.cpp:26:13:26:15 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:26:18:26:23 | string | semmle.label | string | -| test.cpp:26:18:26:23 | string indirection | semmle.label | string indirection | -| test.cpp:29:32:29:34 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:30:13:30:15 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:30:18:30:23 | string | semmle.label | string | -| test.cpp:30:18:30:23 | string indirection | semmle.label | string indirection | -| test.cpp:34:21:34:31 | call to mk_string_t indirection [string] | semmle.label | call to mk_string_t indirection [string] | -| test.cpp:35:21:35:23 | str indirection [string] | semmle.label | str indirection [string] | | test.cpp:39:21:39:31 | call to mk_string_t indirection [string] | semmle.label | call to mk_string_t indirection [string] | -| test.cpp:41:13:41:15 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:41:18:41:23 | string | semmle.label | string | -| test.cpp:41:18:41:23 | string indirection | semmle.label | string indirection | | test.cpp:42:13:42:15 | str indirection [string] | semmle.label | str indirection [string] | | test.cpp:42:18:42:23 | string | semmle.label | string | | test.cpp:42:18:42:23 | string indirection | semmle.label | string indirection | -| test.cpp:44:13:44:15 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:44:18:44:23 | string | semmle.label | string | -| test.cpp:44:18:44:23 | string indirection | semmle.label | string indirection | -| test.cpp:45:13:45:15 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:45:18:45:23 | string | semmle.label | string | -| test.cpp:45:18:45:23 | string indirection | semmle.label | string indirection | -| test.cpp:48:17:48:19 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:48:22:48:27 | string | semmle.label | string | -| test.cpp:48:22:48:27 | string indirection | semmle.label | string indirection | -| test.cpp:52:17:52:19 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:52:22:52:27 | string | semmle.label | string | -| test.cpp:52:22:52:27 | string indirection | semmle.label | string indirection | -| test.cpp:56:17:56:19 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:56:22:56:27 | string | semmle.label | string | -| test.cpp:56:22:56:27 | string indirection | semmle.label | string indirection | -| test.cpp:60:17:60:19 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:60:22:60:27 | string | semmle.label | string | -| test.cpp:60:22:60:27 | string indirection | semmle.label | string indirection | -| test.cpp:64:17:64:19 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:64:22:64:27 | string | semmle.label | string | -| test.cpp:64:22:64:27 | string indirection | semmle.label | string indirection | -| test.cpp:68:17:68:19 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:68:22:68:27 | string | semmle.label | string | -| test.cpp:68:22:68:27 | string indirection | semmle.label | string indirection | | test.cpp:72:17:72:19 | str indirection [string] | semmle.label | str indirection [string] | | test.cpp:72:22:72:27 | string | semmle.label | string | | test.cpp:72:22:72:27 | string indirection | semmle.label | string indirection | -| test.cpp:76:17:76:19 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:76:22:76:27 | string | semmle.label | string | -| test.cpp:76:22:76:27 | string indirection | semmle.label | string indirection | | test.cpp:80:17:80:19 | str indirection [string] | semmle.label | str indirection [string] | | test.cpp:80:22:80:27 | string | semmle.label | string | | test.cpp:80:22:80:27 | string indirection | semmle.label | string indirection | -| test.cpp:84:17:84:19 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:84:22:84:27 | string | semmle.label | string | -| test.cpp:84:22:84:27 | string indirection | semmle.label | string indirection | | test.cpp:88:11:88:30 | mk_string_t_plus_one indirection [string] | semmle.label | mk_string_t_plus_one indirection [string] | | test.cpp:90:5:90:34 | ... = ... | semmle.label | ... = ... | | test.cpp:90:10:90:15 | str indirection [post update] [string] | semmle.label | str indirection [post update] [string] | | test.cpp:90:19:90:24 | call to malloc | semmle.label | call to malloc | | test.cpp:96:21:96:40 | call to mk_string_t_plus_one indirection [string] | semmle.label | call to mk_string_t_plus_one indirection [string] | -| test.cpp:98:13:98:15 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:98:18:98:23 | string | semmle.label | string | -| test.cpp:98:18:98:23 | string indirection | semmle.label | string indirection | | test.cpp:99:13:99:15 | str indirection [string] | semmle.label | str indirection [string] | | test.cpp:99:18:99:23 | string | semmle.label | string | | test.cpp:99:18:99:23 | string indirection | semmle.label | string indirection | -| test.cpp:101:13:101:15 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:101:18:101:23 | string | semmle.label | string | -| test.cpp:101:18:101:23 | string indirection | semmle.label | string indirection | -| test.cpp:102:13:102:15 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:102:18:102:23 | string | semmle.label | string | -| test.cpp:102:18:102:23 | string indirection | semmle.label | string indirection | -| test.cpp:105:17:105:19 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:105:22:105:27 | string | semmle.label | string | -| test.cpp:105:22:105:27 | string indirection | semmle.label | string indirection | -| test.cpp:109:17:109:19 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:109:22:109:27 | string | semmle.label | string | -| test.cpp:109:22:109:27 | string indirection | semmle.label | string indirection | -| test.cpp:113:17:113:19 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:113:22:113:27 | string | semmle.label | string | -| test.cpp:113:22:113:27 | string indirection | semmle.label | string indirection | -| test.cpp:117:17:117:19 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:117:22:117:27 | string | semmle.label | string | -| test.cpp:117:22:117:27 | string indirection | semmle.label | string indirection | -| test.cpp:121:17:121:19 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:121:22:121:27 | string | semmle.label | string | -| test.cpp:121:22:121:27 | string indirection | semmle.label | string indirection | -| test.cpp:125:17:125:19 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:125:22:125:27 | string | semmle.label | string | -| test.cpp:125:22:125:27 | string indirection | semmle.label | string indirection | | test.cpp:129:17:129:19 | str indirection [string] | semmle.label | str indirection [string] | | test.cpp:129:22:129:27 | string | semmle.label | string | | test.cpp:129:22:129:27 | string indirection | semmle.label | string indirection | -| test.cpp:133:17:133:19 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:133:22:133:27 | string | semmle.label | string | -| test.cpp:133:22:133:27 | string indirection | semmle.label | string indirection | | test.cpp:137:17:137:19 | str indirection [string] | semmle.label | str indirection [string] | | test.cpp:137:22:137:27 | string | semmle.label | string | | test.cpp:137:22:137:27 | string indirection | semmle.label | string indirection | -| test.cpp:141:17:141:19 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:141:22:141:27 | string | semmle.label | string | -| test.cpp:141:22:141:27 | string indirection | semmle.label | string indirection | | test.cpp:147:5:147:34 | ... = ... | semmle.label | ... = ... | | test.cpp:147:10:147:15 | str indirection [post update] [string] | semmle.label | str indirection [post update] [string] | | test.cpp:147:19:147:24 | call to malloc | semmle.label | call to malloc | -| test.cpp:150:13:150:15 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:150:18:150:23 | string | semmle.label | string | -| test.cpp:150:18:150:23 | string indirection | semmle.label | string indirection | -| test.cpp:151:13:151:15 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:151:18:151:23 | string | semmle.label | string | -| test.cpp:151:18:151:23 | string indirection | semmle.label | string indirection | | test.cpp:152:13:152:15 | str indirection [string] | semmle.label | str indirection [string] | | test.cpp:152:18:152:23 | string | semmle.label | string | | test.cpp:152:18:152:23 | string indirection | semmle.label | string indirection | | test.cpp:154:13:154:15 | str indirection [string] | semmle.label | str indirection [string] | | test.cpp:154:18:154:23 | string | semmle.label | string | | test.cpp:154:18:154:23 | string indirection | semmle.label | string indirection | -| test.cpp:155:13:155:15 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:155:18:155:23 | string | semmle.label | string | -| test.cpp:155:18:155:23 | string indirection | semmle.label | string indirection | | test.cpp:156:13:156:15 | str indirection [string] | semmle.label | str indirection [string] | | test.cpp:156:18:156:23 | string | semmle.label | string | | test.cpp:156:18:156:23 | string indirection | semmle.label | string indirection | -| test.cpp:159:17:159:19 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:159:22:159:27 | string | semmle.label | string | -| test.cpp:159:22:159:27 | string indirection | semmle.label | string indirection | -| test.cpp:163:17:163:19 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:163:22:163:27 | string | semmle.label | string | -| test.cpp:163:22:163:27 | string indirection | semmle.label | string indirection | -| test.cpp:167:17:167:19 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:167:22:167:27 | string | semmle.label | string | -| test.cpp:167:22:167:27 | string indirection | semmle.label | string indirection | -| test.cpp:171:17:171:19 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:171:22:171:27 | string | semmle.label | string | -| test.cpp:171:22:171:27 | string indirection | semmle.label | string indirection | | test.cpp:175:17:175:19 | str indirection [string] | semmle.label | str indirection [string] | | test.cpp:175:22:175:27 | string | semmle.label | string | | test.cpp:175:22:175:27 | string indirection | semmle.label | string indirection | -| test.cpp:179:17:179:19 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:179:22:179:27 | string | semmle.label | string | -| test.cpp:179:22:179:27 | string indirection | semmle.label | string indirection | -| test.cpp:183:17:183:19 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:183:22:183:27 | string | semmle.label | string | -| test.cpp:183:22:183:27 | string indirection | semmle.label | string indirection | | test.cpp:187:17:187:19 | str indirection [string] | semmle.label | str indirection [string] | | test.cpp:187:22:187:27 | string | semmle.label | string | | test.cpp:187:22:187:27 | string indirection | semmle.label | string indirection | -| test.cpp:191:17:191:19 | str indirection [string] | semmle.label | str indirection [string] | -| test.cpp:191:22:191:27 | string | semmle.label | string | -| test.cpp:191:22:191:27 | string indirection | semmle.label | string indirection | | test.cpp:195:17:195:19 | str indirection [string] | semmle.label | str indirection [string] | | test.cpp:195:22:195:27 | string | semmle.label | string | | test.cpp:195:22:195:27 | string indirection | semmle.label | string indirection | @@ -423,6 +177,6 @@ subpaths | test.cpp:199:9:199:15 | call to strncpy | test.cpp:147:19:147:24 | call to malloc | test.cpp:199:22:199:27 | string | This write may overflow $@ by 2 elements. | test.cpp:199:22:199:27 | string | string | | test.cpp:203:9:203:15 | call to strncpy | test.cpp:147:19:147:24 | call to malloc | test.cpp:203:22:203:27 | string | This write may overflow $@ by 2 elements. | test.cpp:203:22:203:27 | string | string | | test.cpp:207:9:207:15 | call to strncpy | test.cpp:147:19:147:24 | call to malloc | test.cpp:207:22:207:27 | string | This write may overflow $@ by 3 elements. | test.cpp:207:22:207:27 | string | string | -| test.cpp:232:3:232:8 | call to memset | test.cpp:228:43:228:48 | call to malloc | test.cpp:232:10:232:15 | buffer | This write may overflow $@ by 32 elements. | test.cpp:232:10:232:15 | buffer | buffer | +| test.cpp:232:3:232:8 | call to memset | test.cpp:228:43:228:48 | call to malloc | test.cpp:232:10:232:15 | buffer | This write may overflow $@ by 2 elements. | test.cpp:232:10:232:15 | buffer | buffer | | test.cpp:243:5:243:10 | call to memset | test.cpp:241:27:241:32 | call to malloc | test.cpp:243:12:243:21 | string | This write may overflow $@ by 1 element. | test.cpp:243:16:243:21 | string | string | | test.cpp:250:5:250:10 | call to memset | test.cpp:249:20:249:27 | call to my_alloc | test.cpp:250:12:250:12 | p | This write may overflow $@ by 1 element. | test.cpp:250:12:250:12 | p | p | From fe2f36a1fec2843291f235d85baae842dbd89d03 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Fri, 12 May 2023 12:12:48 +0200 Subject: [PATCH 318/870] JS: Make implicit this receivers explicit --- .../ql/test/tutorials/Validating RAML-based APIs/RAML.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/test/tutorials/Validating RAML-based APIs/RAML.qll b/javascript/ql/test/tutorials/Validating RAML-based APIs/RAML.qll index b110a339046..5c22bf65ab9 100644 --- a/javascript/ql/test/tutorials/Validating RAML-based APIs/RAML.qll +++ b/javascript/ql/test/tutorials/Validating RAML-based APIs/RAML.qll @@ -34,7 +34,7 @@ class RamlResource extends YamlMapping { /** Get the method for this resource with the given verb. */ RamlMethod getMethod(string verb) { verb = httpVerb() and - result = lookup(verb) + result = this.lookup(verb) } } From 7c5625a4dc26073e34ce438cc800d6bd132e71e6 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Fri, 12 May 2023 12:11:29 +0200 Subject: [PATCH 319/870] Go: Make implicit this receivers explicit --- go/ql/test/TestUtilities/InlineFlowTest.qll | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/go/ql/test/TestUtilities/InlineFlowTest.qll b/go/ql/test/TestUtilities/InlineFlowTest.qll index 13db1f9ccbb..f080de86e16 100644 --- a/go/ql/test/TestUtilities/InlineFlowTest.qll +++ b/go/ql/test/TestUtilities/InlineFlowTest.qll @@ -78,7 +78,7 @@ class InlineFlowTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "hasValueFlow" and - exists(DataFlow::Node sink | getValueFlowConfig().hasFlowTo(sink) | + exists(DataFlow::Node sink | this.getValueFlowConfig().hasFlowTo(sink) | sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(), location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and element = sink.toString() and @@ -87,7 +87,8 @@ class InlineFlowTest extends InlineExpectationsTest { or tag = "hasTaintFlow" and exists(DataFlow::Node src, DataFlow::Node sink | - getTaintFlowConfig().hasFlow(src, sink) and not getValueFlowConfig().hasFlow(src, sink) + this.getTaintFlowConfig().hasFlow(src, sink) and + not this.getValueFlowConfig().hasFlow(src, sink) | sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(), location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and From d40cd0f275128f2e8f4a7f0b23f35df754ec38ce Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Fri, 12 May 2023 12:08:52 +0200 Subject: [PATCH 320/870] Java: Make implicit this receivers explicit --- java/ql/lib/semmle/code/java/frameworks/Camel.qll | 14 +++++++------- java/ql/src/qlpack.yml | 2 +- java/ql/test/TestUtilities/InlineFlowTest.qll | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/java/ql/lib/semmle/code/java/frameworks/Camel.qll b/java/ql/lib/semmle/code/java/frameworks/Camel.qll index 4a1cf58779e..0548cc58122 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Camel.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Camel.qll @@ -27,8 +27,8 @@ deprecated class CamelToURI = CamelToUri; class CamelToBeanUri extends CamelToUri { CamelToBeanUri() { // A `` element references a bean if the URI starts with "bean:", or there is no scheme. - matches("bean:%") or - not exists(indexOf(":")) + this.matches("bean:%") or + not exists(this.indexOf(":")) } /** @@ -38,13 +38,13 @@ class CamelToBeanUri extends CamelToUri { * parameter parts are optional. */ string getBeanIdentifier() { - if not exists(indexOf(":")) + if not exists(this.indexOf(":")) then result = this else - exists(int start | start = indexOf(":", 0, 0) + 1 | - if not exists(indexOf("?")) - then result = suffix(start) - else result = substring(start, indexOf("?", 0, 0)) + exists(int start | start = this.indexOf(":", 0, 0) + 1 | + if not exists(this.indexOf("?")) + then result = this.suffix(start) + else result = this.substring(start, this.indexOf("?", 0, 0)) ) } diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index bc528c5c590..3e640f9376f 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -12,4 +12,4 @@ dependencies: codeql/util: ${workspace} dataExtensions: - Telemetry/ExtractorInformation.yml -warnOmImplicitThis: true +warnOnImplicitThis: true diff --git a/java/ql/test/TestUtilities/InlineFlowTest.qll b/java/ql/test/TestUtilities/InlineFlowTest.qll index 0700708fcb7..1731b73f24e 100644 --- a/java/ql/test/TestUtilities/InlineFlowTest.qll +++ b/java/ql/test/TestUtilities/InlineFlowTest.qll @@ -73,7 +73,7 @@ class InlineFlowTest extends InlineExpectationsTest { override predicate hasActualResult(Location location, string element, string tag, string value) { tag = "hasValueFlow" and - exists(DataFlow::Node src, DataFlow::Node sink | hasValueFlow(src, sink) | + exists(DataFlow::Node src, DataFlow::Node sink | this.hasValueFlow(src, sink) | sink.getLocation() = location and element = sink.toString() and if exists(getSourceArgString(src)) then value = getSourceArgString(src) else value = "" @@ -81,7 +81,7 @@ class InlineFlowTest extends InlineExpectationsTest { or tag = "hasTaintFlow" and exists(DataFlow::Node src, DataFlow::Node sink | - hasTaintFlow(src, sink) and not hasValueFlow(src, sink) + this.hasTaintFlow(src, sink) and not this.hasValueFlow(src, sink) | sink.getLocation() = location and element = sink.toString() and From 62b60f490c8c11e90bb0a9b86fe1b5466463f46d Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 12 May 2023 12:54:17 +0200 Subject: [PATCH 321/870] Apply suggestions from code review Co-authored-by: Rasmus Wriedt Larsen --- .../dataflow/coverage/test_builtins.py | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/python/ql/test/experimental/dataflow/coverage/test_builtins.py b/python/ql/test/experimental/dataflow/coverage/test_builtins.py index 63f289ffa1d..e0e37394cc8 100644 --- a/python/ql/test/experimental/dataflow/coverage/test_builtins.py +++ b/python/ql/test/experimental/dataflow/coverage/test_builtins.py @@ -219,16 +219,18 @@ def test_dict_pop(): d = {'k': SOURCE} v = d.pop("k") SINK(v) #$ flow="SOURCE, l:-2 -> v" - v1 = d.pop("k", SOURCE) - SINK(v1) #$ flow="SOURCE, l:-4 -> v1" + v1 = d.pop("k", NONSOURCE) + SINK_F(v1) #$ SPURIOUS: flow="SOURCE, l:-4 -> v1" + v2 = d.pop("non-existing", SOURCE) + SINK(v2) #$ MISSING: flow="SOURCE, l:-1 -> v2" @expects(2) def test_dict_get(): d = {'k': SOURCE} v = d.get("k") SINK(v) #$ flow="SOURCE, l:-2 -> v" - v1 = d.get("k", SOURCE) - SINK(v1) #$ flow="SOURCE, l:-4 -> v1" + v1 = d.get("non-existing", SOURCE) + SINK(v1) #$ flow="SOURCE, l:-1 -> v1" @expects(2) def test_dict_popitem(): @@ -321,6 +323,13 @@ def test_iter_dict(): l = list(i) SINK(l[0]) #$ MISSING: flow="SOURCE, l:-3 -> l[0]" +def test_iter_iter(): + # applying iter() to the result of iter() is basically a no-op + l0 = [SOURCE] + i = iter(iter(l0)) + l = list(i) + SINK(l[0]) #$ MISSING: flow="SOURCE, l:-3 -> l[0]" + ### next def test_next_list(): From e58b99ddd127d20194a6e0aeff0e2665e1306fbd Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 12 May 2023 11:18:04 +0100 Subject: [PATCH 322/870] C++: Don't carry the sources around as columns during the main loop of product flow. --- .../semmle/code/cpp/dataflow/ProductFlow.qll | 87 +++++++++++++++---- 1 file changed, 68 insertions(+), 19 deletions(-) diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll b/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll index c2c27158434..12904fd6d0b 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll @@ -324,25 +324,71 @@ module ProductFlow { module Flow2 = DataFlow::GlobalWithState; + private predicate isSourcePair(Flow1::PathNode node1, Flow2::PathNode node2) { + Config::isSourcePair(node1.getNode(), node1.getState(), node2.getNode(), node2.getState()) + } + + private predicate isSinkPair(Flow1::PathNode node1, Flow2::PathNode node2) { + Config::isSinkPair(node1.getNode(), node1.getState(), node2.getNode(), node2.getState()) + } + + pragma[assume_small_delta] pragma[nomagic] - private predicate reachableInterprocEntry( - Flow1::PathNode source1, Flow2::PathNode source2, Flow1::PathNode node1, Flow2::PathNode node2 - ) { - Config::isSourcePair(node1.getNode(), node1.getState(), node2.getNode(), node2.getState()) and - node1 = source1 and - node2 = source2 + private predicate fwdReachableInterprocEntry(Flow1::PathNode node1, Flow2::PathNode node2) { + isSourcePair(node1, node2) or - exists( - Flow1::PathNode midEntry1, Flow2::PathNode midEntry2, Flow1::PathNode midExit1, - Flow2::PathNode midExit2 - | - reachableInterprocEntry(source1, source2, midEntry1, midEntry2) and - interprocEdgePair(midExit1, midExit2, node1, node2) and - localPathStep1*(midEntry1, midExit1) and - localPathStep2*(midEntry2, midExit2) + exists(Flow1::PathNode pred1, Flow2::PathNode pred2 | + fwdReachableInterprocEntry(pred1, pred2) and + isSuccessor(pred1, pred2, node1, node2) ) } + bindingset[pred1, pred2] + bindingset[succ1, succ2] + private predicate isSuccessor( + Flow1::PathNode pred1, Flow2::PathNode pred2, Flow1::PathNode succ1, Flow2::PathNode succ2 + ) { + exists(Flow1::PathNode mid1, Flow2::PathNode mid2 | + localPathStep1*(pred1, mid1) and + localPathStep2*(pred2, mid2) + | + isSinkPair(mid1, mid2) and + succ1 = mid1 and + succ2 = mid2 + or + interprocEdgePair(mid1, mid2, succ1, succ2) + ) + } + + pragma[assume_small_delta] + pragma[nomagic] + private predicate revReachableInterprocEntry(Flow1::PathNode node1, Flow2::PathNode node2) { + fwdReachableInterprocEntry(node1, node2) and + ( + isSinkPair(node1, node2) + or + exists(Flow1::PathNode succ1, Flow2::PathNode succ2 | + revReachableInterprocEntry(succ1, succ2) and + isSuccessor(node1, node2, succ1, succ2) + ) + ) + } + + private newtype TNodePair = + TMkNodePair(Flow1::PathNode node1, Flow2::PathNode node2) { + revReachableInterprocEntry(node1, node2) + } + + private predicate pathSucc(TNodePair n1, TNodePair n2) { + exists(Flow1::PathNode n11, Flow2::PathNode n12, Flow1::PathNode n21, Flow2::PathNode n22 | + n1 = TMkNodePair(n11, n12) and + n2 = TMkNodePair(n21, n22) and + isSuccessor(n11, n12, n21, n22) + ) + } + + private predicate pathSuccPlus(TNodePair n1, TNodePair n2) = fastTC(pathSucc/2)(n1, n2) + private predicate localPathStep1(Flow1::PathNode pred, Flow1::PathNode succ) { Flow1::PathGraph::edges(pred, succ) and pragma[only_bind_out](pred.getNode().getEnclosingCallable()) = @@ -474,11 +520,14 @@ module ProductFlow { private predicate reachable( Flow1::PathNode source1, Flow2::PathNode source2, Flow1::PathNode sink1, Flow2::PathNode sink2 ) { - exists(Flow1::PathNode mid1, Flow2::PathNode mid2 | - reachableInterprocEntry(source1, source2, mid1, mid2) and - Config::isSinkPair(sink1.getNode(), sink1.getState(), sink2.getNode(), sink2.getState()) and - localPathStep1*(mid1, sink1) and - localPathStep2*(mid2, sink2) + isSourcePair(source1, source2) and + isSinkPair(sink1, sink2) and + exists(TNodePair n1, TNodePair n2 | + n1 = TMkNodePair(source1, source2) and + n2 = TMkNodePair(sink1, sink2) + | + pathSuccPlus(n1, n2) or + n1 = n2 ) } } From 594da1a21aa7a6ae271d23ba25724b8ab3399bd4 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 12 May 2023 12:05:09 +0100 Subject: [PATCH 323/870] C++: Speedup 'isSuccessor'. --- .../semmle/code/cpp/dataflow/ProductFlow.qll | 85 ++++++++++++++++++- 1 file changed, 83 insertions(+), 2 deletions(-) diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll b/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll index 12904fd6d0b..3dafcd790c2 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll @@ -343,14 +343,95 @@ module ProductFlow { ) } + pragma[assume_small_delta] + pragma[nomagic] + private predicate fwdLocalPathStep1(Flow1::PathNode n) { + fwdReachableInterprocEntry(n, _) + or + exists(Flow1::PathNode mid | + fwdLocalPathStep1(mid) and + localPathStep1(mid, n) + ) + } + + pragma[assume_small_delta] + pragma[nomagic] + private predicate revLocalPathStep1(Flow1::PathNode n) { + fwdLocalPathStep1(n) and + ( + isSinkPair(n, _) + or + interprocEdgePair(n, _, _, _) + or + exists(Flow1::PathNode mid | + revLocalPathStep1(mid) and + localPathStep1(n, mid) + ) + ) + } + + pragma[assume_small_delta] + private predicate prunedLocalPathStep1(Flow1::PathNode n1, Flow1::PathNode n2) { + revLocalPathStep1(n1) and + revLocalPathStep1(n2) and + localPathStep1(n1, n2) + } + + pragma[nomagic] + private predicate fwdLocalPathStep2(Flow2::PathNode n) { + fwdReachableInterprocEntry(_, n) + or + exists(Flow2::PathNode mid | + fwdLocalPathStep2(mid) and + localPathStep2(mid, n) + ) + } + + pragma[assume_small_delta] + pragma[nomagic] + private predicate revLocalPathStep2(Flow2::PathNode n) { + fwdLocalPathStep2(n) and + ( + isSinkPair(_, n) + or + interprocEdgePair(_, n, _, _) + or + exists(Flow2::PathNode mid | + revLocalPathStep2(mid) and + localPathStep2(n, mid) + ) + ) + } + + pragma[assume_small_delta] + private predicate prunedLocalPathStep2(Flow2::PathNode n1, Flow2::PathNode n2) { + revLocalPathStep2(n1) and + revLocalPathStep2(n2) and + localPathStep2(n1, n2) + } + + private predicate localPathStep1SuccPlus(Flow1::PathNode n1, Flow1::PathNode n2) = + fastTC(prunedLocalPathStep1/2)(n1, n2) + + private predicate localPathStep2SuccPlus(Flow2::PathNode n1, Flow2::PathNode n2) = + fastTC(prunedLocalPathStep2/2)(n1, n2) + + private predicate localPathStep1Tc(Flow1::PathNode n1, Flow1::PathNode n2) { + localPathStep1SuccPlus(n1, n2) or n1 = n2 + } + + private predicate localPathStep2Tc(Flow2::PathNode n1, Flow2::PathNode n2) { + localPathStep2SuccPlus(n1, n2) or n1 = n2 + } + bindingset[pred1, pred2] bindingset[succ1, succ2] private predicate isSuccessor( Flow1::PathNode pred1, Flow2::PathNode pred2, Flow1::PathNode succ1, Flow2::PathNode succ2 ) { exists(Flow1::PathNode mid1, Flow2::PathNode mid2 | - localPathStep1*(pred1, mid1) and - localPathStep2*(pred2, mid2) + localPathStep1Tc(pred1, mid1) and + localPathStep2Tc(pred2, mid2) | isSinkPair(mid1, mid2) and succ1 = mid1 and From 6a5fc3c1b16e5b3026b1b049a800f316a6fabeab Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 12 May 2023 13:06:08 +0200 Subject: [PATCH 324/870] Update python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py --- .../defaultAdditionalTaintStep/test_collections.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py index 5b384bebaef..df30a75c3e3 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py +++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py @@ -85,7 +85,9 @@ def test_access_explicit(x, y, z): iter(tainted_list), # $ tainted next(iter(tainted_list)), # $ tainted [i for i in tainted_list], # $ tainted - [tainted_list for _i in [1,2,3]], # $ MISSING: tainted + [tainted_list for i in [1,2,3]], # $ MISSING: tainted + [TAINTED_STRING for i in [1,2,3]], # $ tainted + [tainted_list], # $ tainted ) a, b, c = tainted_list[0:3] From ad51767374fa98164f573a3828bfabb0b6e8f5d5 Mon Sep 17 00:00:00 2001 From: Ian Lynagh Date: Thu, 11 May 2023 18:01:07 +0100 Subject: [PATCH 325/870] Kotlin: Add comment describing Kotlin array predicates --- .../src/main/kotlin/KotlinUsesExtractor.kt | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt b/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt index c72f094808b..13a0b92f928 100644 --- a/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt +++ b/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt @@ -551,6 +551,20 @@ open class KotlinUsesExtractor( ) } + /* + Kotlin arrays can be broken down as: + + isArray(t) + |- t.isBoxedArray + | |- t.isArray() e.g. Array, Array + | |- t.isNullableArray() e.g. Array?, Array? + |- t.isPrimitiveArray() e.g. BooleanArray + + For the corresponding Java types: + Boxed arrays are represented as e.g. java.lang.Boolean[]. + Primitive arrays are represented as e.g. boolean[]. + */ + data class ArrayInfo(val elementTypeResults: TypeResults, val componentTypeResults: TypeResults, val dimensions: Int) From 2458fa0ab3aa598306d4aad57fc0809d31dbc7d9 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 12 May 2023 12:50:40 +0100 Subject: [PATCH 326/870] C++: Push conjunct into 'isSuccessor' and rename it to 'fwdIsSuccessor'. --- .../semmle/code/cpp/dataflow/ProductFlow.qll | 24 +++++++------------ 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll b/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll index 3dafcd790c2..d21391bc93c 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll @@ -337,10 +337,7 @@ module ProductFlow { private predicate fwdReachableInterprocEntry(Flow1::PathNode node1, Flow2::PathNode node2) { isSourcePair(node1, node2) or - exists(Flow1::PathNode pred1, Flow2::PathNode pred2 | - fwdReachableInterprocEntry(pred1, pred2) and - isSuccessor(pred1, pred2, node1, node2) - ) + fwdIsSuccessor(_, _, node1, node2) } pragma[assume_small_delta] @@ -424,11 +421,10 @@ module ProductFlow { localPathStep2SuccPlus(n1, n2) or n1 = n2 } - bindingset[pred1, pred2] - bindingset[succ1, succ2] - private predicate isSuccessor( + private predicate fwdIsSuccessor( Flow1::PathNode pred1, Flow2::PathNode pred2, Flow1::PathNode succ1, Flow2::PathNode succ2 ) { + fwdReachableInterprocEntry(pred1, pred2) and exists(Flow1::PathNode mid1, Flow2::PathNode mid2 | localPathStep1Tc(pred1, mid1) and localPathStep2Tc(pred2, mid2) @@ -445,13 +441,11 @@ module ProductFlow { pragma[nomagic] private predicate revReachableInterprocEntry(Flow1::PathNode node1, Flow2::PathNode node2) { fwdReachableInterprocEntry(node1, node2) and - ( - isSinkPair(node1, node2) - or - exists(Flow1::PathNode succ1, Flow2::PathNode succ2 | - revReachableInterprocEntry(succ1, succ2) and - isSuccessor(node1, node2, succ1, succ2) - ) + isSinkPair(node1, node2) + or + exists(Flow1::PathNode succ1, Flow2::PathNode succ2 | + revReachableInterprocEntry(succ1, succ2) and + fwdIsSuccessor(node1, node2, succ1, succ2) ) } @@ -464,7 +458,7 @@ module ProductFlow { exists(Flow1::PathNode n11, Flow2::PathNode n12, Flow1::PathNode n21, Flow2::PathNode n22 | n1 = TMkNodePair(n11, n12) and n2 = TMkNodePair(n21, n22) and - isSuccessor(n11, n12, n21, n22) + fwdIsSuccessor(n11, n12, n21, n22) ) } From 1b848bb510cc9e086c7b3d86550f37f8f09ee9ea Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Fri, 12 May 2023 13:51:50 +0200 Subject: [PATCH 327/870] python: fix tests --- .../dataflow/coverage/test_builtins.py | 2 +- .../dataflow-consistency.expected | 20 +++++++++++-------- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/python/ql/test/experimental/dataflow/coverage/test_builtins.py b/python/ql/test/experimental/dataflow/coverage/test_builtins.py index e0e37394cc8..917b74a263f 100644 --- a/python/ql/test/experimental/dataflow/coverage/test_builtins.py +++ b/python/ql/test/experimental/dataflow/coverage/test_builtins.py @@ -230,7 +230,7 @@ def test_dict_get(): v = d.get("k") SINK(v) #$ flow="SOURCE, l:-2 -> v" v1 = d.get("non-existing", SOURCE) - SINK(v1) #$ flow="SOURCE, l:-1 -> v1" + SINK(v1) #$ MISSING: flow="SOURCE, l:-1 -> v1" @expects(2) def test_dict_popitem(): diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/dataflow-consistency.expected b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/dataflow-consistency.expected index 08bfb0aed8f..d6c0a2a32b2 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/dataflow-consistency.expected +++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/dataflow-consistency.expected @@ -25,13 +25,17 @@ uniqueParameterNodePosition uniqueContentApprox identityLocalStep | test_async.py:48:9:48:22 | ControlFlowNode for ensure_tainted | Node steps to itself | -| test_collections.py:56:10:56:21 | ControlFlowNode for tainted_list | Node steps to itself | -| test_collections.py:63:9:63:22 | ControlFlowNode for ensure_tainted | Node steps to itself | -| test_collections.py:65:9:65:22 | ControlFlowNode for ensure_tainted | Node steps to itself | -| test_collections.py:79:9:79:22 | ControlFlowNode for ensure_tainted | Node steps to itself | -| test_collections.py:81:9:81:22 | ControlFlowNode for ensure_tainted | Node steps to itself | +| test_collections.py:64:10:64:21 | ControlFlowNode for tainted_list | Node steps to itself | +| test_collections.py:71:9:71:22 | ControlFlowNode for ensure_tainted | Node steps to itself | +| test_collections.py:73:9:73:22 | ControlFlowNode for ensure_tainted | Node steps to itself | +| test_collections.py:88:10:88:21 | ControlFlowNode for tainted_list | Node steps to itself | +| test_collections.py:89:10:89:23 | ControlFlowNode for TAINTED_STRING | Node steps to itself | +| test_collections.py:97:9:97:22 | ControlFlowNode for ensure_tainted | Node steps to itself | +| test_collections.py:99:9:99:22 | ControlFlowNode for ensure_tainted | Node steps to itself | +| test_collections.py:112:9:112:22 | ControlFlowNode for ensure_tainted | Node steps to itself | | test_collections.py:114:9:114:22 | ControlFlowNode for ensure_tainted | Node steps to itself | -| test_collections.py:116:9:116:22 | ControlFlowNode for ensure_tainted | Node steps to itself | -| test_collections.py:213:9:213:15 | ControlFlowNode for my_dict | Node steps to itself | -| test_collections.py:213:22:213:33 | ControlFlowNode for tainted_dict | Node steps to itself | +| test_collections.py:147:9:147:22 | ControlFlowNode for ensure_tainted | Node steps to itself | +| test_collections.py:149:9:149:22 | ControlFlowNode for ensure_tainted | Node steps to itself | +| test_collections.py:246:9:246:15 | ControlFlowNode for my_dict | Node steps to itself | +| test_collections.py:246:22:246:33 | ControlFlowNode for tainted_dict | Node steps to itself | | test_for.py:24:9:24:22 | ControlFlowNode for ensure_tainted | Node steps to itself | From 826e87f4352f38136ce49b8618013fa4b9b3b29b Mon Sep 17 00:00:00 2001 From: Ian Lynagh Date: Fri, 12 May 2023 12:48:40 +0100 Subject: [PATCH 328/870] Kotlin: Simplify some array tests --- .../src/main/kotlin/KotlinUsesExtractor.kt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt b/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt index 13a0b92f928..3799d4d9fc9 100644 --- a/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt +++ b/java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt @@ -239,8 +239,6 @@ open class KotlinUsesExtractor( return UseClassInstanceResult(classTypeResult, extractClass) } - private fun isArray(t: IrSimpleType) = t.isBoxedArray || t.isPrimitiveArray() - private fun extractClassLaterIfExternal(c: IrClass) { if (isExternalDeclaration(c)) { extractExternalClassLater(c) @@ -565,6 +563,8 @@ open class KotlinUsesExtractor( Primitive arrays are represented as e.g. boolean[]. */ + private fun isArray(t: IrType) = t.isBoxedArray || t.isPrimitiveArray() + data class ArrayInfo(val elementTypeResults: TypeResults, val componentTypeResults: TypeResults, val dimensions: Int) @@ -579,7 +579,7 @@ open class KotlinUsesExtractor( */ private fun useArrayType(t: IrType, isPrimitiveArray: Boolean): ArrayInfo { - if (!t.isBoxedArray && !t.isPrimitiveArray()) { + if (!isArray(t)) { val nullableT = if (t.isPrimitiveType() && !isPrimitiveArray) t.makeNullable() else t val typeResults = useType(nullableT) return ArrayInfo(typeResults, typeResults, 0) @@ -1155,13 +1155,13 @@ open class KotlinUsesExtractor( } } else { t.classOrNull?.let { tCls -> - if (t.isArray() || t.isNullableArray()) { + if (t.isBoxedArray) { (t.arguments.singleOrNull() as? IrTypeProjection)?.let { elementTypeArg -> val elementType = elementTypeArg.type val replacedElementType = kClassToJavaClass(elementType) if (replacedElementType !== elementType) { val newArg = makeTypeProjection(replacedElementType, elementTypeArg.variance) - return tCls.typeWithArguments(listOf(newArg)).codeQlWithHasQuestionMark(t.isNullableArray()) + return tCls.typeWithArguments(listOf(newArg)).codeQlWithHasQuestionMark(t.isNullable()) } } } @@ -1592,7 +1592,7 @@ open class KotlinUsesExtractor( } if (owner is IrClass) { - if (t.isArray() || t.isNullableArray()) { + if (t.isBoxedArray) { val elementType = t.getArrayElementType(pluginContext.irBuiltIns) val erasedElementType = erase(elementType) return owner.typeWith(erasedElementType).codeQlWithHasQuestionMark(t.isNullable()) From 0b7fc3cbf758568b5b621d3d41bb8086788db4fa Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 12 May 2023 13:00:39 +0100 Subject: [PATCH 329/870] C++: Add a FP testcase involving flow through back-edges. --- .../Security/CWE/CWE-119/OverrunWriteProductFlow.expected | 4 ++++ .../query-tests/Security/CWE/CWE-119/test.cpp | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected index 3b450ac9b8f..eee8b698399 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected @@ -223,6 +223,7 @@ edges | test.cpp:243:12:243:14 | str indirection [string] | test.cpp:243:16:243:21 | string indirection | | test.cpp:243:16:243:21 | string indirection | test.cpp:243:12:243:21 | string | | test.cpp:249:20:249:27 | call to my_alloc | test.cpp:250:12:250:12 | p | +| test.cpp:256:17:256:22 | call to malloc | test.cpp:257:12:257:12 | p | nodes | test.cpp:16:11:16:21 | mk_string_t indirection [string] | semmle.label | mk_string_t indirection [string] | | test.cpp:18:5:18:30 | ... = ... | semmle.label | ... = ... | @@ -405,6 +406,8 @@ nodes | test.cpp:243:16:243:21 | string indirection | semmle.label | string indirection | | test.cpp:249:20:249:27 | call to my_alloc | semmle.label | call to my_alloc | | test.cpp:250:12:250:12 | p | semmle.label | p | +| test.cpp:256:17:256:22 | call to malloc | semmle.label | call to malloc | +| test.cpp:257:12:257:12 | p | semmle.label | p | subpaths | test.cpp:242:22:242:27 | buffer | test.cpp:235:40:235:45 | buffer | test.cpp:236:12:236:17 | p_str indirection [post update] [string] | test.cpp:242:16:242:19 | set_string output argument [string] | #select @@ -426,3 +429,4 @@ subpaths | test.cpp:232:3:232:8 | call to memset | test.cpp:228:43:228:48 | call to malloc | test.cpp:232:10:232:15 | buffer | This write may overflow $@ by 32 elements. | test.cpp:232:10:232:15 | buffer | buffer | | test.cpp:243:5:243:10 | call to memset | test.cpp:241:27:241:32 | call to malloc | test.cpp:243:12:243:21 | string | This write may overflow $@ by 1 element. | test.cpp:243:16:243:21 | string | string | | test.cpp:250:5:250:10 | call to memset | test.cpp:249:20:249:27 | call to my_alloc | test.cpp:250:12:250:12 | p | This write may overflow $@ by 1 element. | test.cpp:250:12:250:12 | p | p | +| test.cpp:257:5:257:10 | call to memset | test.cpp:256:17:256:22 | call to malloc | test.cpp:257:12:257:12 | p | This write may overflow $@ by 32 elements. | test.cpp:257:12:257:12 | p | p | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp index 8a7afb1a4a3..23e9c364836 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp @@ -248,4 +248,12 @@ void* my_alloc(unsigned size); void foo(unsigned size) { int* p = (int*)my_alloc(size); // BAD memset(p, 0, size + 1); +} + +void test6(unsigned long n, char *p) { + while (unknown()) { + n++; + p = (char *)malloc(n); + memset(p, 0, n); // GOOD [FALSE POSITIVE] + } } \ No newline at end of file From f20a69074a768ef7972160aa7833aec9d476a941 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 12 May 2023 13:01:29 +0100 Subject: [PATCH 330/870] C++: Remove flow through ssa phi back-edges. --- .../src/experimental/Likely Bugs/OverrunWriteProductFlow.ql | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql b/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql index 79a5497f46d..025f39bd4a7 100644 --- a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql +++ b/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql @@ -111,6 +111,10 @@ module StringSizeConfig implements ProductFlow::StateConfigSig { predicate isBarrier2(DataFlow::Node node, FlowState2 state) { none() } + predicate isBarrierOut2(DataFlow::Node node) { + node = any(DataFlow::SsaPhiNode phi).getAnInput(true) + } + predicate isAdditionalFlowStep1( DataFlow::Node node1, FlowState1 state1, DataFlow::Node node2, FlowState1 state2 ) { From de1f81a4b9c079747d8a33dc6b3358002a15c431 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 12 May 2023 13:01:42 +0100 Subject: [PATCH 331/870] C++: Accept test changes. --- .../Security/CWE/CWE-119/OverrunWriteProductFlow.expected | 2 -- .../experimental/query-tests/Security/CWE/CWE-119/test.cpp | 4 ++-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected index eee8b698399..00b15ea5fac 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected @@ -426,7 +426,5 @@ subpaths | test.cpp:199:9:199:15 | call to strncpy | test.cpp:147:19:147:24 | call to malloc | test.cpp:199:22:199:27 | string | This write may overflow $@ by 2 elements. | test.cpp:199:22:199:27 | string | string | | test.cpp:203:9:203:15 | call to strncpy | test.cpp:147:19:147:24 | call to malloc | test.cpp:203:22:203:27 | string | This write may overflow $@ by 2 elements. | test.cpp:203:22:203:27 | string | string | | test.cpp:207:9:207:15 | call to strncpy | test.cpp:147:19:147:24 | call to malloc | test.cpp:207:22:207:27 | string | This write may overflow $@ by 3 elements. | test.cpp:207:22:207:27 | string | string | -| test.cpp:232:3:232:8 | call to memset | test.cpp:228:43:228:48 | call to malloc | test.cpp:232:10:232:15 | buffer | This write may overflow $@ by 32 elements. | test.cpp:232:10:232:15 | buffer | buffer | | test.cpp:243:5:243:10 | call to memset | test.cpp:241:27:241:32 | call to malloc | test.cpp:243:12:243:21 | string | This write may overflow $@ by 1 element. | test.cpp:243:16:243:21 | string | string | | test.cpp:250:5:250:10 | call to memset | test.cpp:249:20:249:27 | call to my_alloc | test.cpp:250:12:250:12 | p | This write may overflow $@ by 1 element. | test.cpp:250:12:250:12 | p | p | -| test.cpp:257:5:257:10 | call to memset | test.cpp:256:17:256:22 | call to malloc | test.cpp:257:12:257:12 | p | This write may overflow $@ by 32 elements. | test.cpp:257:12:257:12 | p | p | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp index 23e9c364836..7c73a357c55 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp @@ -229,7 +229,7 @@ void repeated_alerts(unsigned size, unsigned offset) { while(unknown()) { ++size; } - memset(buffer, 0, size); // BAD + memset(buffer, 0, size); // BAD [NOT DETECTED] } void set_string(string_t* p_str, char* buffer) { @@ -254,6 +254,6 @@ void test6(unsigned long n, char *p) { while (unknown()) { n++; p = (char *)malloc(n); - memset(p, 0, n); // GOOD [FALSE POSITIVE] + memset(p, 0, n); // GOOD } } \ No newline at end of file From 81adf5aad42e8686adba41fdf5da96153056340d Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Fri, 12 May 2023 14:28:41 +0200 Subject: [PATCH 332/870] python: remember to adjust annotation --- python/ql/test/experimental/dataflow/coverage/test_builtins.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/ql/test/experimental/dataflow/coverage/test_builtins.py b/python/ql/test/experimental/dataflow/coverage/test_builtins.py index 917b74a263f..5d9d92ffcb8 100644 --- a/python/ql/test/experimental/dataflow/coverage/test_builtins.py +++ b/python/ql/test/experimental/dataflow/coverage/test_builtins.py @@ -214,7 +214,7 @@ def test_dict_items(): SINK(item_list[1][0]) #$ MISSING: flow="SOURCE, l:-5 -> item_list[1][0]" SINK_F(item_list[1][1]) # expecting FP due to imprecise flow -@expects(2) +@expects(3) def test_dict_pop(): d = {'k': SOURCE} v = d.pop("k") From 3f01a2157bffdc3771809d42d94173bbaa6c9e75 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 12 May 2023 13:41:34 +0100 Subject: [PATCH 333/870] Revert "C++: Speedup 'isSuccessor'." This reverts commit 594da1a21aa7a6ae271d23ba25724b8ab3399bd4. --- .../semmle/code/cpp/dataflow/ProductFlow.qll | 85 +------------------ 1 file changed, 2 insertions(+), 83 deletions(-) diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll b/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll index d21391bc93c..c0226c9fd66 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll @@ -340,94 +340,13 @@ module ProductFlow { fwdIsSuccessor(_, _, node1, node2) } - pragma[assume_small_delta] - pragma[nomagic] - private predicate fwdLocalPathStep1(Flow1::PathNode n) { - fwdReachableInterprocEntry(n, _) - or - exists(Flow1::PathNode mid | - fwdLocalPathStep1(mid) and - localPathStep1(mid, n) - ) - } - - pragma[assume_small_delta] - pragma[nomagic] - private predicate revLocalPathStep1(Flow1::PathNode n) { - fwdLocalPathStep1(n) and - ( - isSinkPair(n, _) - or - interprocEdgePair(n, _, _, _) - or - exists(Flow1::PathNode mid | - revLocalPathStep1(mid) and - localPathStep1(n, mid) - ) - ) - } - - pragma[assume_small_delta] - private predicate prunedLocalPathStep1(Flow1::PathNode n1, Flow1::PathNode n2) { - revLocalPathStep1(n1) and - revLocalPathStep1(n2) and - localPathStep1(n1, n2) - } - - pragma[nomagic] - private predicate fwdLocalPathStep2(Flow2::PathNode n) { - fwdReachableInterprocEntry(_, n) - or - exists(Flow2::PathNode mid | - fwdLocalPathStep2(mid) and - localPathStep2(mid, n) - ) - } - - pragma[assume_small_delta] - pragma[nomagic] - private predicate revLocalPathStep2(Flow2::PathNode n) { - fwdLocalPathStep2(n) and - ( - isSinkPair(_, n) - or - interprocEdgePair(_, n, _, _) - or - exists(Flow2::PathNode mid | - revLocalPathStep2(mid) and - localPathStep2(n, mid) - ) - ) - } - - pragma[assume_small_delta] - private predicate prunedLocalPathStep2(Flow2::PathNode n1, Flow2::PathNode n2) { - revLocalPathStep2(n1) and - revLocalPathStep2(n2) and - localPathStep2(n1, n2) - } - - private predicate localPathStep1SuccPlus(Flow1::PathNode n1, Flow1::PathNode n2) = - fastTC(prunedLocalPathStep1/2)(n1, n2) - - private predicate localPathStep2SuccPlus(Flow2::PathNode n1, Flow2::PathNode n2) = - fastTC(prunedLocalPathStep2/2)(n1, n2) - - private predicate localPathStep1Tc(Flow1::PathNode n1, Flow1::PathNode n2) { - localPathStep1SuccPlus(n1, n2) or n1 = n2 - } - - private predicate localPathStep2Tc(Flow2::PathNode n1, Flow2::PathNode n2) { - localPathStep2SuccPlus(n1, n2) or n1 = n2 - } - private predicate fwdIsSuccessor( Flow1::PathNode pred1, Flow2::PathNode pred2, Flow1::PathNode succ1, Flow2::PathNode succ2 ) { fwdReachableInterprocEntry(pred1, pred2) and exists(Flow1::PathNode mid1, Flow2::PathNode mid2 | - localPathStep1Tc(pred1, mid1) and - localPathStep2Tc(pred2, mid2) + localPathStep1*(pred1, mid1) and + localPathStep2*(pred2, mid2) | isSinkPair(mid1, mid2) and succ1 = mid1 and From a4f6ccf2fcb2391af973649710122e55760ef794 Mon Sep 17 00:00:00 2001 From: Max Schaefer <54907921+max-schaefer@users.noreply.github.com> Date: Fri, 12 May 2023 14:21:40 +0100 Subject: [PATCH 334/870] JavaScript: Use gender-neutral language in qhelp for js/user-controlled-bypass --- javascript/ql/src/Security/CWE-807/example.inc.qhelp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/src/Security/CWE-807/example.inc.qhelp b/javascript/ql/src/Security/CWE-807/example.inc.qhelp index 7a3021689b1..565af0d24bd 100644 --- a/javascript/ql/src/Security/CWE-807/example.inc.qhelp +++ b/javascript/ql/src/Security/CWE-807/example.inc.qhelp @@ -18,7 +18,7 @@

    This security check is, however, insufficient since an - attacker can craft his cookie values to match those of any user. To + attacker can craft their cookie values to match those of any user. To prevent this, the server can cryptographically sign the security critical cookie values: From 2e7eb5031913c77cc475db5f407288772231594e Mon Sep 17 00:00:00 2001 From: Max Schaefer <54907921+max-schaefer@users.noreply.github.com> Date: Fri, 12 May 2023 14:42:11 +0100 Subject: [PATCH 335/870] JavaScript: Use synchronous APIs in examples for js/shell-command-constructed-from-input. --- .../CWE-078/examples/unsafe-shell-command-construction.js | 2 +- .../CWE-078/examples/unsafe-shell-command-construction_fixed.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/javascript/ql/src/Security/CWE-078/examples/unsafe-shell-command-construction.js b/javascript/ql/src/Security/CWE-078/examples/unsafe-shell-command-construction.js index d2d1869746f..f8f3d8b7514 100644 --- a/javascript/ql/src/Security/CWE-078/examples/unsafe-shell-command-construction.js +++ b/javascript/ql/src/Security/CWE-078/examples/unsafe-shell-command-construction.js @@ -1,5 +1,5 @@ var cp = require("child_process"); module.exports = function download(path, callback) { - cp.exec("wget " + path, callback); + cp.execSync("wget " + path, callback); } diff --git a/javascript/ql/src/Security/CWE-078/examples/unsafe-shell-command-construction_fixed.js b/javascript/ql/src/Security/CWE-078/examples/unsafe-shell-command-construction_fixed.js index 9f6bb249adc..4a8c880ad8f 100644 --- a/javascript/ql/src/Security/CWE-078/examples/unsafe-shell-command-construction_fixed.js +++ b/javascript/ql/src/Security/CWE-078/examples/unsafe-shell-command-construction_fixed.js @@ -1,5 +1,5 @@ var cp = require("child_process"); module.exports = function download(path, callback) { - cp.execFile("wget", [path], callback); + cp.execFileSync("wget", [path], callback); } From 41df8cafe58e0847da2a21f048b8be66f142dc8d Mon Sep 17 00:00:00 2001 From: Philip Ginsbach Date: Fri, 12 May 2023 15:20:50 +0100 Subject: [PATCH 336/870] 'Expr' is more appropriate than 'Id' now that instantiation can be involved --- .../ql-language-specification.rst | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/docs/codeql/ql-language-reference/ql-language-specification.rst b/docs/codeql/ql-language-reference/ql-language-specification.rst index ac60ea55c1b..f8c3637b735 100644 --- a/docs/codeql/ql-language-reference/ql-language-specification.rst +++ b/docs/codeql/ql-language-reference/ql-language-specification.rst @@ -208,12 +208,12 @@ An import directive refers to a module identifier: :: - import ::= annotations "import" importModuleId ("as" modulename)? + import ::= annotations "import" importModuleExpr ("as" modulename)? qualId ::= simpleId | qualId "." simpleId - importModuleId ::= qualId - | importModuleId "::" simpleId + importModuleExpr ::= qualId + | importModuleExpr "::" simpleId An import directive may optionally name the imported module using an ``as`` declaration. If a name is defined, then the import directive adds to the declared module environment of the current module a mapping from the name to the declaration of the imported module. Otherwise, the current module *directly imports* the imported module. @@ -280,9 +280,9 @@ With the exception of class domain types and character types (which cannot be re :: - type ::= (moduleId "::")? classname | dbasetype | "boolean" | "date" | "float" | "int" | "string" + type ::= (moduleExpr "::")? classname | dbasetype | "boolean" | "date" | "float" | "int" | "string" - moduleId ::= simpleId | moduleId "::" simpleId + moduleExpr ::= simpleId | moduleExpr "::" simpleId A type reference is resolved to a type as follows: @@ -597,7 +597,7 @@ Identifiers are used in following syntactic constructs: modulename ::= simpleId classname ::= upperId dbasetype ::= atLowerId - predicateRef ::= (moduleId "::")? literalId + predicateRef ::= (moduleExpr "::")? literalId predicateName ::= lowerId varname ::= lowerId literalId ::= lowerId | atLowerId @@ -1615,7 +1615,7 @@ Aliases define new names for existing QL entities. alias ::= qldoc? annotations "predicate" literalId "=" predicateRef "/" int ";" | qldoc? annotations "class" classname "=" type ";" - | qldoc? annotations "module" modulename "=" moduleId ";" + | qldoc? annotations "module" modulename "=" moduleExpr ";" An alias introduces a binding from the new name to the entity referred to by the right-hand side in the current module's declared predicate, type, or module environment respectively. @@ -2068,12 +2068,12 @@ The complete grammar for QL is as follows: moduleBody ::= (import | predicate | class | module | alias | select)* - import ::= annotations "import" importModuleId ("as" modulename)? + import ::= annotations "import" importModuleExpr ("as" modulename)? qualId ::= simpleId | qualId "." simpleId - importModuleId ::= qualId - | importModuleId "::" simpleId + importModuleExpr ::= qualId + | importModuleExpr "::" simpleId select ::= ("from" var_decls)? ("where" formula)? "select" as_exprs ("order" "by" orderbys)? @@ -2120,15 +2120,15 @@ The complete grammar for QL is as follows: field ::= qldoc? annotations var_decl ";" - moduleId ::= simpleId | moduleId "::" simpleId + moduleExpr ::= simpleId | moduleExpr "::" simpleId - type ::= (moduleId "::")? classname | dbasetype | "boolean" | "date" | "float" | "int" | "string" + type ::= (moduleExpr "::")? classname | dbasetype | "boolean" | "date" | "float" | "int" | "string" exprs ::= expr ("," expr)* alias ::= qldoc? annotations "predicate" literalId "=" predicateRef "/" int ";" | qldoc? annotations "class" classname "=" type ";" - | qldoc? annotations "module" modulename "=" moduleId ";" + | qldoc? annotations "module" modulename "=" moduleExpr ";" var_decls ::= (var_decl ("," var_decl)*)? @@ -2249,7 +2249,7 @@ The complete grammar for QL is as follows: dbasetype ::= atLowerId - predicateRef ::= (moduleId "::")? literalId + predicateRef ::= (moduleExpr "::")? literalId predicateName ::= lowerId From eb493a19812819872634c0f7769d24ba471713c6 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 12 May 2023 16:25:34 +0200 Subject: [PATCH 337/870] C++: Add FP test case for `cpp/invalid-pointer-deref` Also add reduced range analysis test case that seems to expose the underlying reason for the FP. --- .../pointer-deref/InvalidPointerDeref.expected | 5 +++++ .../Security/CWE/CWE-193/pointer-deref/test.cpp | 16 +++++++++++++++- .../library-tests/ir/range-analysis/test.cpp | 10 ++++++++++ 3 files changed, 30 insertions(+), 1 deletion(-) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected index 76adf3dba50..011b1f8e161 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected @@ -649,6 +649,10 @@ edges | test.cpp:280:13:280:24 | new[] | test.cpp:281:14:281:15 | xs | | test.cpp:290:13:290:24 | new[] | test.cpp:291:14:291:15 | xs | | test.cpp:290:13:290:24 | new[] | test.cpp:292:30:292:30 | x | +| test.cpp:304:15:304:26 | new[] | test.cpp:307:5:307:6 | xs | +| test.cpp:304:15:304:26 | new[] | test.cpp:308:5:308:6 | xs | +| test.cpp:308:5:308:6 | xs | test.cpp:308:5:308:11 | access to array | +| test.cpp:308:5:308:11 | access to array | test.cpp:308:5:308:29 | Store: ... = ... | #select | test.cpp:6:14:6:15 | Load: * ... | test.cpp:4:15:4:20 | call to malloc | test.cpp:6:14:6:15 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:4:15:4:20 | call to malloc | call to malloc | test.cpp:5:19:5:22 | size | size | | test.cpp:8:14:8:21 | Load: * ... | test.cpp:4:15:4:20 | call to malloc | test.cpp:8:14:8:21 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:4:15:4:20 | call to malloc | call to malloc | test.cpp:5:19:5:22 | size | size | @@ -672,3 +676,4 @@ edges | test.cpp:254:9:254:16 | Store: ... = ... | test.cpp:248:24:248:30 | call to realloc | test.cpp:254:9:254:16 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:248:24:248:30 | call to realloc | call to realloc | test.cpp:254:11:254:11 | i | i | | test.cpp:264:13:264:14 | Load: * ... | test.cpp:260:13:260:24 | new[] | test.cpp:264:13:264:14 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:260:13:260:24 | new[] | new[] | test.cpp:261:19:261:21 | len | len | | test.cpp:274:5:274:10 | Store: ... = ... | test.cpp:270:13:270:24 | new[] | test.cpp:274:5:274:10 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:270:13:270:24 | new[] | new[] | test.cpp:271:19:271:21 | len | len | +| test.cpp:308:5:308:29 | Store: ... = ... | test.cpp:304:15:304:26 | new[] | test.cpp:308:5:308:29 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:304:15:304:26 | new[] | new[] | test.cpp:308:8:308:10 | ... + ... | ... + ... | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp index fd971c786cb..4536e2bd2e6 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp @@ -293,4 +293,18 @@ void test20(unsigned len) { *x = 0; // GOOD } -} \ No newline at end of file +} + +void* test21_get(int n); + +void test21() { + int n = 0; + while (test21_get(n)) n+=2; + + void** xs = new void*[n]; + + for (int i = 0; i < n; i += 2) { + xs[i] = test21_get(i); + xs[i+1] = test21_get(i+1); + } +} diff --git a/cpp/ql/test/library-tests/ir/range-analysis/test.cpp b/cpp/ql/test/library-tests/ir/range-analysis/test.cpp index 682b74d2e78..4c5a3c558c2 100644 --- a/cpp/ql/test/library-tests/ir/range-analysis/test.cpp +++ b/cpp/ql/test/library-tests/ir/range-analysis/test.cpp @@ -49,3 +49,13 @@ return 0; } + void* f3_get(int n); + + void f3() { + int n = 0; + while (f3_get(n)) n+=2; + + for (int i = 0; i < n; i += 2) { + range(i); // $ range=>=0 SPURIOUS: range="<=call to f3_get-1" range="<=call to f3_get-2" + } + } From c5be3fb6c04373566b61c40af995b8b1c8457c17 Mon Sep 17 00:00:00 2001 From: Philip Ginsbach Date: Fri, 12 May 2023 09:38:47 +0100 Subject: [PATCH 338/870] add missing syntax for parameterised module declaration --- .../ql-language-specification.rst | 34 ++++++++++++++----- 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/docs/codeql/ql-language-reference/ql-language-specification.rst b/docs/codeql/ql-language-reference/ql-language-specification.rst index f8c3637b735..744a21ceaf1 100644 --- a/docs/codeql/ql-language-reference/ql-language-specification.rst +++ b/docs/codeql/ql-language-reference/ql-language-specification.rst @@ -176,7 +176,11 @@ A QL module definition has the following syntax: :: - module ::= annotation* "module" modulename "{" moduleBody "}" + module ::= annotation* "module" modulename parameters? implements? "{" moduleBody "}" + + parameters ::= "<" signatureExpr simpleId ("," signatureExpr simpleId)* ">" + + implements ::= "implements" moduleSignatureExpr ("," moduleSignatureExpr)* moduleBody ::= (import | predicate | class | module | alias | select)* @@ -212,8 +216,11 @@ An import directive refers to a module identifier: qualId ::= simpleId | qualId "." simpleId - importModuleExpr ::= qualId - | importModuleExpr "::" simpleId + importModuleExpr ::= qualId | importModuleExpr "::" simpleId arguments? + + arguments ::= "<" argument ("," argument)* ">" + + argument ::= moduleExpr | type | predicateRef "/" int An import directive may optionally name the imported module using an ``as`` declaration. If a name is defined, then the import directive adds to the declared module environment of the current module a mapping from the name to the declaration of the imported module. Otherwise, the current module *directly imports* the imported module. @@ -282,7 +289,7 @@ With the exception of class domain types and character types (which cannot be re type ::= (moduleExpr "::")? classname | dbasetype | "boolean" | "date" | "float" | "int" | "string" - moduleExpr ::= simpleId | moduleExpr "::" simpleId + moduleExpr ::= simpleId arguments? | moduleExpr "::" simpleId arguments? A type reference is resolved to a type as follows: @@ -2064,7 +2071,11 @@ The complete grammar for QL is as follows: ql ::= qldoc? moduleBody - module ::= annotation* "module" modulename "{" moduleBody "}" + module ::= annotation* "module" modulename parameters? implements? "{" moduleBody "}" + + parameters ::= "<" signatureExpr simpleId ("," signatureExpr simpleId)* ">" + + implements ::= "implements" moduleSignatureExpr ("," moduleSignatureExpr)* moduleBody ::= (import | predicate | class | module | alias | select)* @@ -2072,8 +2083,11 @@ The complete grammar for QL is as follows: qualId ::= simpleId | qualId "." simpleId - importModuleExpr ::= qualId - | importModuleExpr "::" simpleId + importModuleExpr ::= qualId | importModuleExpr "::" simpleId arguments? + + arguments ::= "<" argument ("," argument)* ">" + + argument ::= moduleExpr | type | predicateRef "/" int select ::= ("from" var_decls)? ("where" formula)? "select" as_exprs ("order" "by" orderbys)? @@ -2120,7 +2134,11 @@ The complete grammar for QL is as follows: field ::= qldoc? annotations var_decl ";" - moduleExpr ::= simpleId | moduleExpr "::" simpleId + moduleExpr ::= simpleId arguments? | moduleExpr "::" simpleId arguments? + + moduleSignatureExpr ::= (moduleExpr "::")? upperId arguments? + + signatureExpr : (moduleExpr "::")? simpleId ("/" Integer | arguments)?; type ::= (moduleExpr "::")? classname | dbasetype | "boolean" | "date" | "float" | "int" | "string" From e1cc7dcdc162060d609828649040c9c8f84d36e5 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 12 May 2023 14:14:13 +0100 Subject: [PATCH 339/870] C++: Tweak join orders. --- .../semmle/code/cpp/dataflow/ProductFlow.qll | 41 +++++++++++++++---- 1 file changed, 32 insertions(+), 9 deletions(-) diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll b/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll index c0226c9fd66..6977017dcbc 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll @@ -340,19 +340,42 @@ module ProductFlow { fwdIsSuccessor(_, _, node1, node2) } + pragma[nomagic] + private predicate fwdIsSuccessorExit( + Flow1::PathNode mid1, Flow2::PathNode mid2, Flow1::PathNode succ1, Flow2::PathNode succ2 + ) { + isSinkPair(mid1, mid2) and + succ1 = mid1 and + succ2 = mid2 + or + interprocEdgePair(mid1, mid2, succ1, succ2) + } + + private predicate fwdIsSuccessor1( + Flow1::PathNode pred1, Flow2::PathNode pred2, Flow1::PathNode mid1, Flow2::PathNode mid2, + Flow1::PathNode succ1, Flow2::PathNode succ2 + ) { + fwdReachableInterprocEntry(pred1, pred2) and + localPathStep1*(pred1, mid1) and + fwdIsSuccessorExit(pragma[only_bind_into](mid1), pragma[only_bind_into](mid2), succ1, succ2) + } + + private predicate fwdIsSuccessor2( + Flow1::PathNode pred1, Flow2::PathNode pred2, Flow1::PathNode mid1, Flow2::PathNode mid2, + Flow1::PathNode succ1, Flow2::PathNode succ2 + ) { + fwdReachableInterprocEntry(pred1, pred2) and + localPathStep2*(pred2, mid2) and + fwdIsSuccessorExit(pragma[only_bind_into](mid1), pragma[only_bind_into](mid2), succ1, succ2) + } + + pragma[assume_small_delta] private predicate fwdIsSuccessor( Flow1::PathNode pred1, Flow2::PathNode pred2, Flow1::PathNode succ1, Flow2::PathNode succ2 ) { - fwdReachableInterprocEntry(pred1, pred2) and exists(Flow1::PathNode mid1, Flow2::PathNode mid2 | - localPathStep1*(pred1, mid1) and - localPathStep2*(pred2, mid2) - | - isSinkPair(mid1, mid2) and - succ1 = mid1 and - succ2 = mid2 - or - interprocEdgePair(mid1, mid2, succ1, succ2) + fwdIsSuccessor1(pred1, pred2, mid1, mid2, succ1, succ2) and + fwdIsSuccessor2(pred1, pred2, mid1, mid2, succ1, succ2) ) } From 549fa7e288fd72a57c43d6175837df7a461388d0 Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Fri, 12 May 2023 15:43:27 +0200 Subject: [PATCH 340/870] Java: make inputStreamWrapper only act on constructors from outside of source --- .../lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll | 1 + 1 file changed, 1 insertion(+) diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll index b275c381150..af8f2273cbe 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll @@ -255,6 +255,7 @@ private class BulkData extends RefType { * status of its argument. */ private predicate inputStreamWrapper(Constructor c, int argi) { + not c.fromSource() and c.getParameterType(argi) instanceof BulkData and c.getDeclaringType().getASourceSupertype+().hasQualifiedName("java.io", "InputStream") } From 584adf843a5ab7aa0aa5ad997100876d161928f9 Mon Sep 17 00:00:00 2001 From: Robert Marsh Date: Fri, 12 May 2023 12:43:10 -0400 Subject: [PATCH 341/870] C++: restrict flowstates in constant off-by-one query --- .../Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql index 8ad251a9fc2..943faf6d75c 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql @@ -89,8 +89,10 @@ predicate pointerArithOverflow( module FieldAddressToDerefConfig implements DataFlow::StateConfigSig { newtype FlowState = - additional TArray(Field f) or - additional TOverflowArithmetic(PointerArithmeticInstruction pai) + additional TArray(Field f) { pointerArithOverflow(_, f, _, _, _) } or + additional TOverflowArithmetic(PointerArithmeticInstruction pai) { + pointerArithOverflow(pai, _, _, _, _) + } predicate isSource(DataFlow::Node source, FlowState state) { exists(Field f | From 6f66c047d04bc32a552deffe4037524b2c4d040e Mon Sep 17 00:00:00 2001 From: tyage Date: Sat, 13 May 2023 09:12:28 +0000 Subject: [PATCH 342/870] JS: ignoresub pkgs in node_modules directory --- javascript/ql/lib/semmle/javascript/NPM.qll | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/NPM.qll b/javascript/ql/lib/semmle/javascript/NPM.qll index 319df501a88..f79a3c4d8b3 100644 --- a/javascript/ql/lib/semmle/javascript/NPM.qll +++ b/javascript/ql/lib/semmle/javascript/NPM.qll @@ -19,13 +19,14 @@ class PackageJson extends JsonObject { string getPackageName() { result = this.getPropStringValue("name") or - exists(PackageJson parentPkg, Container currentDir, Container parentDir, string parentPkgName | + exists(PackageJson parentPkg, Container currentDir, Container parentDir, string parentPkgName, string pkgNameDiff | currentDir = this.getJsonFile().getParentContainer() and parentDir = parentPkg.getJsonFile().getParentContainer() and parentPkgName = parentPkg.getPropStringValue("name") and parentDir.getAChildContainer+() = currentDir and - result = - parentPkgName + currentDir.getAbsolutePath().suffix(parentDir.getAbsolutePath().length()) + pkgNameDiff = currentDir.getAbsolutePath().suffix(parentDir.getAbsolutePath().length()) and + not exists(pkgNameDiff.indexOf("/node_modules/")) and + result = parentPkgName + pkgNameDiff ) } From 93af0d0c2f9e658ca7147117fb8da76b257c3459 Mon Sep 17 00:00:00 2001 From: tyage Date: Sat, 13 May 2023 17:37:31 +0000 Subject: [PATCH 343/870] formatting --- javascript/ql/lib/semmle/javascript/NPM.qll | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/NPM.qll b/javascript/ql/lib/semmle/javascript/NPM.qll index f79a3c4d8b3..147ed617745 100644 --- a/javascript/ql/lib/semmle/javascript/NPM.qll +++ b/javascript/ql/lib/semmle/javascript/NPM.qll @@ -19,7 +19,10 @@ class PackageJson extends JsonObject { string getPackageName() { result = this.getPropStringValue("name") or - exists(PackageJson parentPkg, Container currentDir, Container parentDir, string parentPkgName, string pkgNameDiff | + exists( + PackageJson parentPkg, Container currentDir, Container parentDir, string parentPkgName, + string pkgNameDiff + | currentDir = this.getJsonFile().getParentContainer() and parentDir = parentPkg.getJsonFile().getParentContainer() and parentPkgName = parentPkg.getPropStringValue("name") and From 95cd948f097935ac20ee4166d4486eab7806db61 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Sun, 14 May 2023 22:33:48 +0200 Subject: [PATCH 344/870] Swift: order help links in integration test checks They are currently a set within the codeql cli. --- swift/integration-tests/diagnostics_test_utils.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/swift/integration-tests/diagnostics_test_utils.py b/swift/integration-tests/diagnostics_test_utils.py index aa6f8df7488..f868d16debf 100644 --- a/swift/integration-tests/diagnostics_test_utils.py +++ b/swift/integration-tests/diagnostics_test_utils.py @@ -40,6 +40,9 @@ def _load_concatenated_json(text): def _normalize_json(data): + # at the moment helpLinks are a set within the codeql cli + for e in data: + e.get("helpLinks", []).sort() entries = [json.dumps(e, sort_keys=True, indent=2) for e in data] entries.sort() entries.append("") From 75dd4c86537505bd9168c766bf01cea2d7757138 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Thu, 4 May 2023 11:13:06 +0200 Subject: [PATCH 345/870] C#: Filter away use-use steps from a node into itself --- .../csharp/dataflow/internal/DataFlowPrivate.qll | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll index 8e8661f82d5..bb052ae4010 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll @@ -440,7 +440,8 @@ module LocalFlow { exists(CIL::ReadAccess readFrom, CIL::ReadAccess readTo | CilSsaImpl::hasAdjacentReadsExt(def, readFrom, readTo) and nodeTo = TCilExprNode(readTo) and - nodeFrom = TCilExprNode(readFrom) + nodeFrom = TCilExprNode(readFrom) and + nodeFrom != nodeTo ) or // Flow into phi (read) node @@ -483,7 +484,8 @@ module LocalFlow { or hasNodePath(any(LocalExprStepConfiguration x), nodeFrom, nodeTo) or - ThisFlow::adjacentThisRefs(nodeFrom, nodeTo) + ThisFlow::adjacentThisRefs(nodeFrom, nodeTo) and + nodeFrom != nodeTo or ThisFlow::adjacentThisRefs(nodeFrom.(PostUpdateNode).getPreUpdateNode(), nodeTo) or @@ -541,7 +543,8 @@ predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) { exists(SsaImpl::DefinitionExt def | LocalFlow::localSsaFlowStepUseUse(def, nodeFrom, nodeTo) and not FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow(nodeFrom, _) and - not LocalFlow::usesInstanceField(def) + not LocalFlow::usesInstanceField(def) and + nodeFrom != nodeTo ) or // Flow into phi (read)/uncertain SSA definition node from read @@ -880,7 +883,8 @@ private module Cached { predicate localFlowStepImpl(Node nodeFrom, Node nodeTo) { LocalFlow::localFlowStepCommon(nodeFrom, nodeTo) or - LocalFlow::localSsaFlowStepUseUse(_, nodeFrom, nodeTo) + LocalFlow::localSsaFlowStepUseUse(_, nodeFrom, nodeTo) and + nodeFrom != nodeTo or exists(SsaImpl::DefinitionExt def | LocalFlow::localSsaFlowStep(def, nodeFrom, nodeTo) and From 165dc0b9bff6d98fa515396df98c62c325397d62 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 8 May 2023 09:25:04 +0200 Subject: [PATCH 346/870] C#: Filter away phi (read) input steps from a node into itself --- .../code/csharp/dataflow/internal/DataFlowPrivate.qll | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll index bb052ae4010..d683e03dc2d 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll @@ -335,7 +335,8 @@ module LocalFlow { exists(ControlFlow::BasicBlock bb, int i | SsaImpl::lastRefBeforeRedefExt(def, bb, i, next.getDefinitionExt()) and def.definesAt(_, bb, i, _) and - def = getSsaDefinitionExt(nodeFrom) + def = getSsaDefinitionExt(nodeFrom) and + nodeFrom != next ) } @@ -414,7 +415,8 @@ module LocalFlow { ) { exists(CIL::BasicBlock bb, int i | CilSsaImpl::lastRefBeforeRedefExt(def, bb, i, next) | def.definesAt(_, bb, i, _) and - def = nodeFrom.(CilSsaDefinitionExtNode).getDefinition() + def = nodeFrom.(CilSsaDefinitionExtNode).getDefinition() and + def != next or nodeFrom = TCilExprNode(bb.getNode(i).(CIL::ReadAccess)) ) From 3c173df69e00f48d139c444398200d4ac77c1db4 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 8 May 2023 10:21:25 +0200 Subject: [PATCH 347/870] C#: Update expected test output --- .../ir/offbyone/CONSISTENCY/DataFlowConsistency.expected | 7 ------- .../attributes/CONSISTENCY/DataFlowConsistency.expected | 0 .../consistency/CONSISTENCY/DataFlowConsistency.expected | 0 .../cil/dataflow/CONSISTENCY/DataFlowConsistency.expected | 0 .../cil/enums/CONSISTENCY/DataFlowConsistency.expected | 0 .../CONSISTENCY/DataFlowConsistency.expected | 0 .../CONSISTENCY/DataFlowConsistency.expected | 0 .../cil/pdbs/CONSISTENCY/DataFlowConsistency.expected | 0 .../regressions/CONSISTENCY/DataFlowConsistency.expected | 0 .../CONSISTENCY/DataFlowConsistency.expected | 0 .../Disposal/CONSISTENCY/DataFlowConsistency.expected | 0 .../graph/CONSISTENCY/DataFlowConsistency.expected | 2 -- .../guards/CONSISTENCY/DataFlowConsistency.expected | 2 -- .../splits/CONSISTENCY/DataFlowConsistency.expected | 7 ------- .../csharp11/cil/CONSISTENCY/DataFlowConsistency.expected | 0 .../defuse/CONSISTENCY/DataFlowConsistency.expected | 2 -- .../global/CONSISTENCY/DataFlowConsistency.expected | 2 -- .../dataflow/ssa/CONSISTENCY/DataFlowConsistency.expected | 3 --- .../CONSISTENCY/DataFlowConsistency.expected | 0 .../Nullness/CONSISTENCY/DataFlowConsistency.expected | 4 ---- .../ZipSlip/CONSISTENCY/DataFlowConsistency.expected | 2 -- 21 files changed, 31 deletions(-) delete mode 100644 csharp/ql/test/experimental/ir/offbyone/CONSISTENCY/DataFlowConsistency.expected delete mode 100644 csharp/ql/test/library-tests/cil/attributes/CONSISTENCY/DataFlowConsistency.expected delete mode 100644 csharp/ql/test/library-tests/cil/consistency/CONSISTENCY/DataFlowConsistency.expected delete mode 100644 csharp/ql/test/library-tests/cil/dataflow/CONSISTENCY/DataFlowConsistency.expected delete mode 100644 csharp/ql/test/library-tests/cil/enums/CONSISTENCY/DataFlowConsistency.expected delete mode 100644 csharp/ql/test/library-tests/cil/functionPointers/CONSISTENCY/DataFlowConsistency.expected delete mode 100644 csharp/ql/test/library-tests/cil/init-only-prop/CONSISTENCY/DataFlowConsistency.expected delete mode 100644 csharp/ql/test/library-tests/cil/pdbs/CONSISTENCY/DataFlowConsistency.expected delete mode 100644 csharp/ql/test/library-tests/cil/regressions/CONSISTENCY/DataFlowConsistency.expected delete mode 100644 csharp/ql/test/library-tests/cil/typeAnnotations/CONSISTENCY/DataFlowConsistency.expected delete mode 100644 csharp/ql/test/library-tests/commons/Disposal/CONSISTENCY/DataFlowConsistency.expected delete mode 100644 csharp/ql/test/library-tests/controlflow/graph/CONSISTENCY/DataFlowConsistency.expected delete mode 100644 csharp/ql/test/library-tests/controlflow/guards/CONSISTENCY/DataFlowConsistency.expected delete mode 100644 csharp/ql/test/library-tests/controlflow/splits/CONSISTENCY/DataFlowConsistency.expected delete mode 100644 csharp/ql/test/library-tests/csharp11/cil/CONSISTENCY/DataFlowConsistency.expected delete mode 100644 csharp/ql/test/library-tests/dataflow/defuse/CONSISTENCY/DataFlowConsistency.expected delete mode 100644 csharp/ql/test/library-tests/dataflow/global/CONSISTENCY/DataFlowConsistency.expected delete mode 100644 csharp/ql/test/library-tests/dataflow/ssa/CONSISTENCY/DataFlowConsistency.expected delete mode 100644 csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/CONSISTENCY/DataFlowConsistency.expected delete mode 100644 csharp/ql/test/query-tests/Nullness/CONSISTENCY/DataFlowConsistency.expected delete mode 100644 csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/CONSISTENCY/DataFlowConsistency.expected diff --git a/csharp/ql/test/experimental/ir/offbyone/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/experimental/ir/offbyone/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index 71bfae520bc..00000000000 --- a/csharp/ql/test/experimental/ir/offbyone/CONSISTENCY/DataFlowConsistency.expected +++ /dev/null @@ -1,7 +0,0 @@ -identityLocalStep -| test.cs:17:41:17:44 | this access | Node steps to itself | -| test.cs:34:41:34:44 | this access | Node steps to itself | -| test.cs:52:41:52:44 | this access | Node steps to itself | -| test.cs:67:41:67:44 | this access | Node steps to itself | -| test.cs:77:22:77:24 | this access | Node steps to itself | -| test.cs:90:41:90:44 | this access | Node steps to itself | diff --git a/csharp/ql/test/library-tests/cil/attributes/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/cil/attributes/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/csharp/ql/test/library-tests/cil/consistency/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/cil/consistency/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/csharp/ql/test/library-tests/cil/dataflow/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/cil/dataflow/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/csharp/ql/test/library-tests/cil/enums/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/cil/enums/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/csharp/ql/test/library-tests/cil/functionPointers/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/cil/functionPointers/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/csharp/ql/test/library-tests/cil/init-only-prop/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/cil/init-only-prop/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/csharp/ql/test/library-tests/cil/pdbs/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/cil/pdbs/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/csharp/ql/test/library-tests/cil/regressions/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/cil/regressions/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/csharp/ql/test/library-tests/cil/typeAnnotations/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/cil/typeAnnotations/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/csharp/ql/test/library-tests/commons/Disposal/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/commons/Disposal/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/csharp/ql/test/library-tests/controlflow/graph/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/controlflow/graph/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index 4bcd7a82ef6..00000000000 --- a/csharp/ql/test/library-tests/controlflow/graph/CONSISTENCY/DataFlowConsistency.expected +++ /dev/null @@ -1,2 +0,0 @@ -identityLocalStep -| Conditions.cs:133:17:133:22 | [Field1 (line 129): false] this access | Node steps to itself | diff --git a/csharp/ql/test/library-tests/controlflow/guards/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/controlflow/guards/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index 6ce61dd67a2..00000000000 --- a/csharp/ql/test/library-tests/controlflow/guards/CONSISTENCY/DataFlowConsistency.expected +++ /dev/null @@ -1,2 +0,0 @@ -identityLocalStep -| Splitting.cs:133:21:133:29 | [b (line 123): false] this access | Node steps to itself | diff --git a/csharp/ql/test/library-tests/controlflow/splits/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/controlflow/splits/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index dee61bfe398..00000000000 --- a/csharp/ql/test/library-tests/controlflow/splits/CONSISTENCY/DataFlowConsistency.expected +++ /dev/null @@ -1,7 +0,0 @@ -identityLocalStep -| SplittingStressTest.cs:172:16:172:16 | SSA phi read(b29) | Node steps to itself | -| SplittingStressTest.cs:179:13:183:13 | [b1 (line 170): false] SSA phi read(b1) | Node steps to itself | -| SplittingStressTest.cs:184:13:188:13 | [b2 (line 170): false] SSA phi read(b2) | Node steps to itself | -| SplittingStressTest.cs:189:13:193:13 | [b3 (line 170): false] SSA phi read(b3) | Node steps to itself | -| SplittingStressTest.cs:194:13:198:13 | [b4 (line 170): false] SSA phi read(b4) | Node steps to itself | -| SplittingStressTest.cs:199:13:203:13 | [b5 (line 170): false] SSA phi read(b5) | Node steps to itself | diff --git a/csharp/ql/test/library-tests/csharp11/cil/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/csharp11/cil/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/csharp/ql/test/library-tests/dataflow/defuse/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/dataflow/defuse/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index 1104445ed2f..00000000000 --- a/csharp/ql/test/library-tests/dataflow/defuse/CONSISTENCY/DataFlowConsistency.expected +++ /dev/null @@ -1,2 +0,0 @@ -identityLocalStep -| Test.cs:80:37:80:42 | this access | Node steps to itself | diff --git a/csharp/ql/test/library-tests/dataflow/global/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/dataflow/global/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index e755d1c4bd7..00000000000 --- a/csharp/ql/test/library-tests/dataflow/global/CONSISTENCY/DataFlowConsistency.expected +++ /dev/null @@ -1,2 +0,0 @@ -identityLocalStep -| GlobalDataFlow.cs:573:9:576:9 | SSA phi read(f) | Node steps to itself | diff --git a/csharp/ql/test/library-tests/dataflow/ssa/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/library-tests/dataflow/ssa/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index 5de33a0fe4c..00000000000 --- a/csharp/ql/test/library-tests/dataflow/ssa/CONSISTENCY/DataFlowConsistency.expected +++ /dev/null @@ -1,3 +0,0 @@ -identityLocalStep -| DefUse.cs:80:37:80:42 | this access | Node steps to itself | -| Properties.cs:65:24:65:31 | this access | Node steps to itself | diff --git a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/csharp/ql/test/query-tests/Nullness/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/query-tests/Nullness/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index cb035c61bd6..00000000000 --- a/csharp/ql/test/query-tests/Nullness/CONSISTENCY/DataFlowConsistency.expected +++ /dev/null @@ -1,4 +0,0 @@ -identityLocalStep -| D.cs:320:17:320:25 | this access | Node steps to itself | -| E.cs:123:21:123:24 | SSA phi read(x) | Node steps to itself | -| E.cs:123:21:123:24 | SSA phi(i) | Node steps to itself | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/CONSISTENCY/DataFlowConsistency.expected b/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index 437c6183574..00000000000 --- a/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/CONSISTENCY/DataFlowConsistency.expected +++ /dev/null @@ -1,2 +0,0 @@ -identityLocalStep -| ZipSlip.cs:13:13:45:13 | SSA phi read(destDirectory) | Node steps to itself | From 027cb2d335f1fef0b5e0254843070acca91a2dca Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 15 May 2023 09:36:37 +0200 Subject: [PATCH 348/870] C#: Reenable consistency check --- csharp/ql/consistency-queries/DataFlowConsistency.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/csharp/ql/consistency-queries/DataFlowConsistency.ql b/csharp/ql/consistency-queries/DataFlowConsistency.ql index ab18b0b45b8..d2c83cd82cc 100644 --- a/csharp/ql/consistency-queries/DataFlowConsistency.ql +++ b/csharp/ql/consistency-queries/DataFlowConsistency.ql @@ -72,5 +72,5 @@ private class MyConsistencyConfiguration extends ConsistencyConfiguration { override predicate reverseReadExclude(Node n) { n.asExpr() = any(AwaitExpr ae).getExpr() } - override predicate identityLocalStepExclude(Node n) { n.getLocation().getFile().fromLibrary() } + override predicate identityLocalStepExclude(Node n) { none() } } From a2cb331ebeb2c8b9e51a205c130b16a56e60361e Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Mon, 15 May 2023 10:02:24 +0200 Subject: [PATCH 349/870] Swift: remove hacky binlog interception --- swift/logging/SwiftLogging.cpp | 4 +- swift/logging/SwiftLogging.h | 68 +++++++++++++++------------------- 2 files changed, 32 insertions(+), 40 deletions(-) diff --git a/swift/logging/SwiftLogging.cpp b/swift/logging/SwiftLogging.cpp index 2f01c4fa0b0..952021f740f 100644 --- a/swift/logging/SwiftLogging.cpp +++ b/swift/logging/SwiftLogging.cpp @@ -170,8 +170,10 @@ void Log::flushImpl() { } void Log::diagnoseImpl(const SwiftDiagnostic& source, - const std::chrono::system_clock::time_point& time, + const std::chrono::nanoseconds& elapsed, std::string_view message) { + using Clock = std::chrono::system_clock; + Clock::time_point time{std::chrono::duration_cast(elapsed)}; if (diagnostics) { diagnostics << source.json(time, message) << '\n'; } diff --git a/swift/logging/SwiftLogging.h b/swift/logging/SwiftLogging.h index 04dfbf2a8b1..f5e3e2597af 100644 --- a/swift/logging/SwiftLogging.h +++ b/swift/logging/SwiftLogging.h @@ -1,5 +1,6 @@ #pragma once +#include #include #include #include @@ -30,31 +31,40 @@ #define LOG_DEBUG(...) LOG_WITH_LEVEL(debug, __VA_ARGS__) #define LOG_TRACE(...) LOG_WITH_LEVEL(trace, __VA_ARGS__) +#define LOG_WITH_LEVEL(LEVEL, ...) LOG_WITH_LEVEL_AND_TIME(LEVEL, ::binlog::clockNow(), __VA_ARGS__) // only do the actual logging if the picked up `Logger` instance is configured to handle the // provided log level. `LEVEL` must be a compile-time constant. `logger()` is evaluated once -#define LOG_WITH_LEVEL(LEVEL, ...) \ - do { \ - constexpr auto _level = ::codeql::Log::Level::LEVEL; \ - ::codeql::Logger& _logger = logger(); \ - if (_level >= _logger.level()) { \ - BINLOG_CREATE_SOURCE_AND_EVENT(_logger.writer(), _level, /*category*/, ::binlog::clockNow(), \ - __VA_ARGS__); \ - } \ - if (_level >= ::codeql::Log::Level::error) { \ - ::codeql::Log::flush(); \ - } \ +#define LOG_WITH_LEVEL_AND_TIME(LEVEL, TIME, ...) \ + do { \ + constexpr auto _level = ::codeql::Log::Level::LEVEL; \ + ::codeql::Logger& _logger = logger(); \ + if (_level >= _logger.level()) { \ + BINLOG_CREATE_SOURCE_AND_EVENT(_logger.writer(), _level, /*category*/, TIME, __VA_ARGS__); \ + } \ + if (_level >= ::codeql::Log::Level::error) { \ + ::codeql::Log::flush(); \ + } \ } while (false) // Emit errors with a specified SwiftDiagnostic object. These will be both logged and outputted as -// JSON DB diagnostics -#define DIAGNOSE_CRITICAL(ID, ...) DIAGNOSE_WITH_LEVEL(critical, ID, __VA_ARGS__) +// JSON DB diagnostics. The format must be appliable to the following arguments both as binlog and +// as fmt::format formatting. +// Beware that contrary to LOG_* macros, arguments right of the format will be evaluated twice. ID +// is evaluated once though. #define DIAGNOSE_ERROR(ID, ...) DIAGNOSE_WITH_LEVEL(error, ID, __VA_ARGS__) +#define DIAGNOSE_CRITICAL(ID, ...) DIAGNOSE_WITH_LEVEL(critical, ID, __VA_ARGS__) #define CODEQL_DIAGNOSTIC_LOG_FORMAT_PREFIX "[{}] " // TODO(C++20) replace non-standard , ##__VA_ARGS__ with __VA_OPT__(,) __VA_ARGS__ -#define DIAGNOSE_WITH_LEVEL(LEVEL, ID, FORMAT, ...) \ - LOG_WITH_LEVEL(LEVEL, CODEQL_DIAGNOSTIC_LOG_FORMAT_PREFIX FORMAT, \ - ::codeql::detail::SwiftDiagnosticLogWrapper{ID}, ##__VA_ARGS__); +#define DIAGNOSE_WITH_LEVEL(LEVEL, ID, FORMAT, ...) \ + do { \ + auto _now = ::binlog::clockNow(); \ + const ::codeql::SwiftDiagnostic& _id = ID; \ + ::codeql::Log::diagnose(_id, std::chrono::nanoseconds{_now}, \ + fmt::format(FORMAT, ##__VA_ARGS__)); \ + LOG_WITH_LEVEL_AND_TIME(LEVEL, _now, CODEQL_DIAGNOSTIC_LOG_FORMAT_PREFIX FORMAT, \ + ::codeql::detail::SwiftDiagnosticLogWrapper{_id}, ##__VA_ARGS__); \ + } while (false) // avoid calling into binlog's original macros #undef BINLOG_CRITICAL @@ -124,9 +134,9 @@ class Log { } static void diagnose(const SwiftDiagnostic& source, - const std::chrono::system_clock::time_point& time, + const std::chrono::nanoseconds& elapsed, std::string_view message) { - instance().diagnoseImpl(source, time, message); + instance().diagnoseImpl(source, elapsed, message); } private: @@ -145,7 +155,7 @@ class Log { void configure(); void flushImpl(); void diagnoseImpl(const SwiftDiagnostic& source, - const std::chrono::system_clock::time_point& time, + const std::chrono::nanoseconds& elapsed, std::string_view message); LoggerConfiguration getLoggerConfigurationImpl(std::string_view name); @@ -230,26 +240,6 @@ struct SwiftDiagnosticLogWrapper { } // namespace detail } // namespace codeql -// we intercept this binlog plumbing function providing better overload resolution matches in -// case the first non-format argument is a diagnostic source, and emit it in that case with the -// same timestamp -namespace binlog::detail { -template -void addEventIgnoreFirst(Writer& writer, - std::uint64_t eventSourceId, - std::uint64_t clock, - const char (&format)[N], - codeql::detail::SwiftDiagnosticLogWrapper&& source, - T&&... t) { - std::chrono::system_clock::time_point point{ - std::chrono::duration_cast( - std::chrono::nanoseconds{clock})}; - constexpr std::string_view prefix = CODEQL_DIAGNOSTIC_LOG_FORMAT_PREFIX; - ::codeql::Log::diagnose(source.value, point, fmt::format(format + prefix.size(), t...)); - writer.addEvent(eventSourceId, clock, source, std::forward(t)...); -} -} // namespace binlog::detail - namespace mserialize { // log diagnostics wrapper using the abbreviation of the underlying diagnostic, using // binlog/mserialize internal plumbing From dbff3e4fa4c2d1efdd1e3e3301139e27d0420d0b Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Mon, 15 May 2023 10:08:35 +0200 Subject: [PATCH 350/870] Swift: remove unneeded `SwiftDiagnosticLogWrapper` --- swift/logging/SwiftLogging.h | 46 +++++++----------------------------- 1 file changed, 8 insertions(+), 38 deletions(-) diff --git a/swift/logging/SwiftLogging.h b/swift/logging/SwiftLogging.h index f5e3e2597af..ce0d4cd0c9e 100644 --- a/swift/logging/SwiftLogging.h +++ b/swift/logging/SwiftLogging.h @@ -56,14 +56,14 @@ #define CODEQL_DIAGNOSTIC_LOG_FORMAT_PREFIX "[{}] " // TODO(C++20) replace non-standard , ##__VA_ARGS__ with __VA_OPT__(,) __VA_ARGS__ -#define DIAGNOSE_WITH_LEVEL(LEVEL, ID, FORMAT, ...) \ - do { \ - auto _now = ::binlog::clockNow(); \ - const ::codeql::SwiftDiagnostic& _id = ID; \ - ::codeql::Log::diagnose(_id, std::chrono::nanoseconds{_now}, \ - fmt::format(FORMAT, ##__VA_ARGS__)); \ - LOG_WITH_LEVEL_AND_TIME(LEVEL, _now, CODEQL_DIAGNOSTIC_LOG_FORMAT_PREFIX FORMAT, \ - ::codeql::detail::SwiftDiagnosticLogWrapper{_id}, ##__VA_ARGS__); \ +#define DIAGNOSE_WITH_LEVEL(LEVEL, ID, FORMAT, ...) \ + do { \ + auto _now = ::binlog::clockNow(); \ + const ::codeql::SwiftDiagnostic& _id = ID; \ + ::codeql::Log::diagnose(_id, std::chrono::nanoseconds{_now}, \ + fmt::format(FORMAT, ##__VA_ARGS__)); \ + LOG_WITH_LEVEL_AND_TIME(LEVEL, _now, CODEQL_DIAGNOSTIC_LOG_FORMAT_PREFIX FORMAT, \ + _id.abbreviation(), ##__VA_ARGS__); \ } while (false) // avoid calling into binlog's original macros @@ -232,34 +232,4 @@ class Logger { Log::Level level_; }; -namespace detail { -struct SwiftDiagnosticLogWrapper { - const SwiftDiagnostic& value; -}; - -} // namespace detail } // namespace codeql - -namespace mserialize { -// log diagnostics wrapper using the abbreviation of the underlying diagnostic, using -// binlog/mserialize internal plumbing -template <> -struct CustomTag - : detail::BuiltinTag { - using T = codeql::detail::SwiftDiagnosticLogWrapper; -}; - -template <> -struct CustomSerializer { - template - static void serialize(const codeql::detail::SwiftDiagnosticLogWrapper& source, - OutputStream& out) { - mserialize::serialize(source.value.abbreviation(), out); - } - - static size_t serialized_size(const codeql::detail::SwiftDiagnosticLogWrapper& source) { - return mserialize::serialized_size(source.value.abbreviation()); - } -}; - -} // namespace mserialize From 3193b3b171c01bb7c49dc52452389ee3fe9f2ca7 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 15 May 2023 10:51:21 +0100 Subject: [PATCH 351/870] Swift: Make the CleartextLogging.ql query ID consistent with the other swift/cleartext-* queries. --- swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql b/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql index 2d76f1d3e7e..d4314ab1631 100644 --- a/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql +++ b/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql @@ -6,7 +6,7 @@ * @problem.severity error * @security-severity 7.5 * @precision high - * @id swift/clear-text-logging + * @id swift/cleartext-logging * @tags security * external/cwe/cwe-312 * external/cwe/cwe-359 From a7712b608a9b052df9ff3c3f2d6ddc8a2040d84e Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 15 May 2023 11:14:06 +0100 Subject: [PATCH 352/870] C++: Add more comments. --- .../Likely Bugs/OverrunWriteProductFlow.ql | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql b/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql index e35c48c9d9b..6d5acfcfa56 100644 --- a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql +++ b/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql @@ -149,10 +149,30 @@ module ValidState { * ``` */ private predicate validStateImpl(PathNode n, int value) { + // If the dataflow node depends recursively on itself we restrict the range. (inLoop(n) implies value = [-2 .. 2]) and ( + // For the dataflow source we have an allocation such as `malloc(size + k)`, + // and the value of the flow-state is then `k`. hasSize(_, n.getNode(), value) or + // For a dataflow sink any `value` that is strictly smaller than the delta + // needs to be a valid flow-state. That is, for a snippet like: + // ``` + // p = new char[size]; + // memset(p, 0, size + 2); + // ``` + // the valid flow-states at the `memset` must include `0` since the flow-state + // at the source is `0`. Similarly, for an example such as: + // ``` + // p = new char[size + 1]; + // memset(p, 0, size + 2); + // ``` + // the flow-state at the `memset` must include `1` since `1` is the flow-state + // after the source. + // + // So we find a valid flow-state at the sink's predecessor, and use the definition + // of our sink predicate to compute the valid flow-states at the sink. exists(int delta, PathNode n0 | n0.getASuccessor() = n and validStateImpl(n0, value) and @@ -160,6 +180,14 @@ module ValidState { delta > value ) or + // For a non-source and non-sink node there is two cases to consider. + // 1. A node where we have to update the flow-state, or + // 2. A node that doesn't update the flow-state. + // + // For case 1, we compute the new flow-state by adding the constant operand of the + // `AddInstruction` to the flow-state of any predecessor node. + // For case 2 we simply propagate the valid flow-states from the predecessor node to + // the next one. exists(PathNode n0, DataFlow::Node node, int value0 | n0.getASuccessor() = n and validStateImpl(n0, value0) and From 2a4d7cb642f5bd6c7121d9b3205f6d8e84812bc0 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 15 May 2023 11:53:58 +0100 Subject: [PATCH 353/870] Swift: Make the result message consistent as well. --- .../src/queries/Security/CWE-312/CleartextLogging.ql | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql b/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql index d4314ab1631..764a4af3d94 100644 --- a/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql +++ b/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql @@ -18,7 +18,9 @@ import codeql.swift.dataflow.DataFlow import codeql.swift.security.CleartextLoggingQuery import CleartextLoggingFlow::PathGraph -from CleartextLoggingFlow::PathNode src, CleartextLoggingFlow::PathNode sink -where CleartextLoggingFlow::flowPath(src, sink) -select sink.getNode(), src, sink, "This $@ is written to a log file.", src.getNode(), - "potentially sensitive information" +from CleartextLoggingFlow::PathNode source, CleartextLoggingFlow::PathNode sink +where CleartextLoggingFlow::flowPath(source, sink) +select sink, source, sink, + "This operation writes '" + sink.toString() + + "' to a log file. It may contain unencrypted sensitive data from $@.", source, + source.getNode().toString() From cfcd26cf0db67e8d957508708fd015b132678b9f Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Mon, 15 May 2023 12:41:30 +0200 Subject: [PATCH 354/870] Swift: support markdown TSP diagnostics --- .../unsupported-os/diagnostics.expected | 8 +++---- swift/logging/SwiftDiagnostics.cpp | 3 ++- swift/logging/SwiftDiagnostics.h | 22 +++++++++++++++---- .../IncompatibleOs.cpp | 17 ++++++++------ .../CustomizingBuildDiagnostics.h | 2 +- swift/xcode-autobuilder/XcodeBuildRunner.cpp | 3 ++- swift/xcode-autobuilder/xcode-autobuilder.cpp | 9 +++++--- 7 files changed, 42 insertions(+), 22 deletions(-) diff --git a/swift/integration-tests/linux-only/autobuilder/unsupported-os/diagnostics.expected b/swift/integration-tests/linux-only/autobuilder/unsupported-os/diagnostics.expected index 6b5e3b71bbc..2d3c70daab3 100644 --- a/swift/integration-tests/linux-only/autobuilder/unsupported-os/diagnostics.expected +++ b/swift/integration-tests/linux-only/autobuilder/unsupported-os/diagnostics.expected @@ -1,15 +1,13 @@ { "helpLinks": [ - "https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idruns-on", - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning", - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language" + "" ], - "plaintextMessage": "CodeQL Swift analysis is currently only officially supported on macOS.\n\nChange the action runner to a macOS one. Analysis on Linux might work, but requires setting up a custom build command.", + "markdownMessage": "Currently, `autobuild` for Swift analysis is only supported on macOS.\n\n[Change the Actions runner][1] to run on macOS.\n\nYou may be able to run analysis on Linux by setting up a [manual build command][2].\n\n[1]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idruns-on\n[2]: https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language", "severity": "error", "source": { "extractorName": "swift", "id": "swift/autobuilder/incompatible-os", - "name": "Incompatible operating system for autobuild (expected macOS)" + "name": "Incompatible operating system (expected macOS)" }, "visibility": { "cliSummaryTable": true, diff --git a/swift/logging/SwiftDiagnostics.cpp b/swift/logging/SwiftDiagnostics.cpp index 4c490486a26..690d03cbbaf 100644 --- a/swift/logging/SwiftDiagnostics.cpp +++ b/swift/logging/SwiftDiagnostics.cpp @@ -25,7 +25,8 @@ nlohmann::json SwiftDiagnostic::json(const std::chrono::system_clock::time_point }}, {"severity", "error"}, {"helpLinks", std::vector(absl::StrSplit(helpLinks, ' '))}, - {"plaintextMessage", absl::StrCat(message, ".\n\n", action, ".")}, + {format == Format::markdown ? "markdownMessage" : "plaintextMessage", + absl::StrCat(message, ".\n\n", action)}, {"timestamp", fmt::format("{:%FT%T%z}", timestamp)}, }; if (location) { diff --git a/swift/logging/SwiftDiagnostics.h b/swift/logging/SwiftDiagnostics.h index 6e539b0330b..34854c6ab65 100644 --- a/swift/logging/SwiftDiagnostics.h +++ b/swift/logging/SwiftDiagnostics.h @@ -33,6 +33,11 @@ struct SwiftDiagnosticsLocation { // These are internally stored into a map on id's. A specific error log can use binlog's category // as id, which will then be used to recover the diagnostic source while dumping. struct SwiftDiagnostic { + enum class Format { + plaintext, + markdown, + }; + enum class Visibility : unsigned char { none = 0b000, statusPage = 0b001, @@ -44,6 +49,7 @@ struct SwiftDiagnostic { std::string_view id; std::string_view name; static constexpr std::string_view extractorName = "swift"; + Format format; std::string_view action; // space separated if more than 1. Not a vector to allow constexpr // TODO(C++20) with vector going constexpr this can be turned to `std::vector` @@ -54,15 +60,20 @@ struct SwiftDiagnostic { std::optional location{}; + // notice help links are really required only for plaintext messages, otherwise they should be + // directly embedded in the markdown message constexpr SwiftDiagnostic(std::string_view id, std::string_view name, + Format format, std::string_view action = "", std::string_view helpLinks = "", Visibility visibility = Visibility::all) - : id{id}, name{name}, action{action}, helpLinks{helpLinks}, visibility{visibility} {} - - constexpr SwiftDiagnostic(std::string_view id, std::string_view name, Visibility visibility) - : SwiftDiagnostic(id, name, "", "", visibility) {} + : id{id}, + name{name}, + format{format}, + action{action}, + helpLinks{helpLinks}, + visibility{visibility} {} // create a JSON diagnostics for this source with the given timestamp and message to out // A plaintextMessage is used that includes both the message and the action to take. Dots are @@ -103,6 +114,9 @@ inline constexpr SwiftDiagnostic::Visibility operator&(SwiftDiagnostic::Visibili constexpr SwiftDiagnostic internalError{ "internal-error", "Internal error", + SwiftDiagnostic::Format::plaintext, + /* action=*/"", + /* helpLinks=*/"", SwiftDiagnostic::Visibility::telemetry, }; } // namespace codeql diff --git a/swift/tools/autobuilder-diagnostics/IncompatibleOs.cpp b/swift/tools/autobuilder-diagnostics/IncompatibleOs.cpp index 6dd010036cf..c949c360c26 100644 --- a/swift/tools/autobuilder-diagnostics/IncompatibleOs.cpp +++ b/swift/tools/autobuilder-diagnostics/IncompatibleOs.cpp @@ -9,13 +9,16 @@ const std::string_view codeql::programName = "autobuilder"; constexpr codeql::SwiftDiagnostic incompatibleOs{ - "incompatible-os", "Incompatible operating system for autobuild (expected macOS)", - "Change the action runner to a macOS one. Analysis on Linux might work, but requires setting " - "up a custom build command", + "incompatible-os", "Incompatible operating system (expected macOS)", + codeql::SwiftDiagnostic::Format::markdown, + "[Change the Actions runner][1] to run on macOS.\n" + "\n" + "You may be able to run analysis on Linux by setting up a [manual build command][2].\n" + "\n" + "[1]: " "https://docs.github.com/en/actions/using-workflows/" - "workflow-syntax-for-github-actions#jobsjob_idruns-on " - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/" - "automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning " + "workflow-syntax-for-github-actions#jobsjob_idruns-on\n" + "[2]: " "https://docs.github.com/en/enterprise-server/code-security/code-scanning/" "automatically-scanning-your-code-for-vulnerabilities-and-errors/" "configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-" @@ -28,6 +31,6 @@ static codeql::Logger& logger() { int main() { DIAGNOSE_ERROR(incompatibleOs, - "CodeQL Swift analysis is currently only officially supported on macOS"); + "Currently, `autobuild` for Swift analysis is only supported on macOS"); return 1; } diff --git a/swift/xcode-autobuilder/CustomizingBuildDiagnostics.h b/swift/xcode-autobuilder/CustomizingBuildDiagnostics.h index d8c68136e2f..c1d7809054c 100644 --- a/swift/xcode-autobuilder/CustomizingBuildDiagnostics.h +++ b/swift/xcode-autobuilder/CustomizingBuildDiagnostics.h @@ -1,7 +1,7 @@ #include namespace codeql { -constexpr std::string_view customizingBuildAction = "Set up a manual build command"; +constexpr std::string_view customizingBuildAction = "Set up a manual build command."; constexpr std::string_view customizingBuildHelpLinks = "https://docs.github.com/en/enterprise-server/code-security/code-scanning/" "automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning " diff --git a/swift/xcode-autobuilder/XcodeBuildRunner.cpp b/swift/xcode-autobuilder/XcodeBuildRunner.cpp index 163a639db00..aedd1ada0b7 100644 --- a/swift/xcode-autobuilder/XcodeBuildRunner.cpp +++ b/swift/xcode-autobuilder/XcodeBuildRunner.cpp @@ -9,7 +9,8 @@ #include "swift/xcode-autobuilder/CustomizingBuildDiagnostics.h" constexpr codeql::SwiftDiagnostic buildCommandFailed{ - "build-command-failed", "Detected build command failed", codeql::customizingBuildAction, + "build-command-failed", "Detected build command failed", + codeql::SwiftDiagnostic::Format::plaintext, codeql::customizingBuildAction, codeql::customizingBuildHelpLinks}; static codeql::Logger& logger() { diff --git a/swift/xcode-autobuilder/xcode-autobuilder.cpp b/swift/xcode-autobuilder/xcode-autobuilder.cpp index 5a00c885880..54973fe0114 100644 --- a/swift/xcode-autobuilder/xcode-autobuilder.cpp +++ b/swift/xcode-autobuilder/xcode-autobuilder.cpp @@ -13,16 +13,19 @@ static const char* unitTest = "com.apple.product-type.bundle.unit-test"; const std::string_view codeql::programName = "autobuilder"; constexpr codeql::SwiftDiagnostic noProjectFound{ - "no-project-found", "No Xcode project or workspace detected", codeql::customizingBuildAction, + "no-project-found", "No Xcode project or workspace detected", + codeql::SwiftDiagnostic::Format::plaintext, codeql::customizingBuildAction, codeql::customizingBuildHelpLinks}; constexpr codeql::SwiftDiagnostic noSwiftTarget{ - "no-swift-target", "No Swift compilation target found", codeql::customizingBuildAction, + "no-swift-target", "No Swift compilation target found", + codeql::SwiftDiagnostic::Format::plaintext, codeql::customizingBuildAction, codeql::customizingBuildHelpLinks}; constexpr codeql::SwiftDiagnostic spmNotSupported{ "spm-not-supported", "Swift Package Manager build unsupported by autobuild", - codeql::customizingBuildAction, codeql::customizingBuildHelpLinks}; + codeql::SwiftDiagnostic::Format::plaintext, codeql::customizingBuildAction, + codeql::customizingBuildHelpLinks}; static codeql::Logger& logger() { static codeql::Logger ret{"main"}; From 10d084fbbf42ecc7565c29925608f1e42cae1f86 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Mon, 15 May 2023 13:47:00 +0200 Subject: [PATCH 355/870] Swift: update comment --- swift/logging/SwiftDiagnostics.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/swift/logging/SwiftDiagnostics.h b/swift/logging/SwiftDiagnostics.h index 34854c6ab65..ab227aae873 100644 --- a/swift/logging/SwiftDiagnostics.h +++ b/swift/logging/SwiftDiagnostics.h @@ -75,10 +75,10 @@ struct SwiftDiagnostic { helpLinks{helpLinks}, visibility{visibility} {} - // create a JSON diagnostics for this source with the given timestamp and message to out - // A plaintextMessage is used that includes both the message and the action to take. Dots are - // appended to both. The id is used to construct the source id in the form - // `swift//` + // create a JSON diagnostics for this source with the given `timestamp` and `message` + // Depending on format, either a plaintextMessage or markdownMessage is used that includes both + // the message and the action to take. A dot '.' is appended to `message`. The id is used to + // construct the source id in the form `swift//` nlohmann::json json(const std::chrono::system_clock::time_point& timestamp, std::string_view message) const; From f31709fb29764a83f5801d68543c2ab886b45751 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 15 May 2023 13:36:29 +0100 Subject: [PATCH 356/870] C++: Make comment more clear. --- .../Likely Bugs/OverrunWriteProductFlow.ql | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql b/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql index 6d5acfcfa56..38682ac6a01 100644 --- a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql +++ b/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql @@ -159,17 +159,12 @@ module ValidState { // For a dataflow sink any `value` that is strictly smaller than the delta // needs to be a valid flow-state. That is, for a snippet like: // ``` - // p = new char[size]; + // p = b ? new char[size] : new char[size + 1]; // memset(p, 0, size + 2); // ``` - // the valid flow-states at the `memset` must include `0` since the flow-state - // at the source is `0`. Similarly, for an example such as: - // ``` - // p = new char[size + 1]; - // memset(p, 0, size + 2); - // ``` - // the flow-state at the `memset` must include `1` since `1` is the flow-state - // after the source. + // the valid flow-states at the `memset` must include set set `{0, 1}` since the + // flow-state at `new char[size]` is `0`, and the flow-state at `new char[size + 1]` + // is `1`. // // So we find a valid flow-state at the sink's predecessor, and use the definition // of our sink predicate to compute the valid flow-states at the sink. From dba951111a2d75b83a04302ae209a162b840c7fd Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 12 May 2023 11:31:27 +0100 Subject: [PATCH 357/870] Swift: Add more sensitive data test cases. --- .../CWE-311/CleartextTransmission.expected | 42 ++++++++++++------- .../Security/CWE-311/SensitiveExprs.expected | 17 +++++--- .../Security/CWE-311/testSend.swift | 14 ++++++- 3 files changed, 50 insertions(+), 23 deletions(-) diff --git a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected index ed65adcc9b6..459d3cba917 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected @@ -7,11 +7,11 @@ edges | testSend.swift:33:19:33:19 | passwordPlain | testSend.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | | testSend.swift:33:19:33:19 | passwordPlain | testSend.swift:33:14:33:32 | call to Data.init(_:) | | testSend.swift:41:10:41:18 | data | testSend.swift:41:45:41:45 | data | -| testSend.swift:45:13:45:13 | password | testSend.swift:52:27:52:27 | str1 | -| testSend.swift:46:13:46:13 | password | testSend.swift:53:27:53:27 | str2 | -| testSend.swift:47:13:47:25 | call to pad(_:) | testSend.swift:54:27:54:27 | str3 | -| testSend.swift:47:17:47:17 | password | testSend.swift:41:10:41:18 | data | -| testSend.swift:47:17:47:17 | password | testSend.swift:47:13:47:25 | call to pad(_:) | +| testSend.swift:52:13:52:13 | password | testSend.swift:59:27:59:27 | str1 | +| testSend.swift:53:13:53:13 | password | testSend.swift:60:27:60:27 | str2 | +| testSend.swift:54:13:54:25 | call to pad(_:) | testSend.swift:61:27:61:27 | str3 | +| testSend.swift:54:17:54:17 | password | testSend.swift:41:10:41:18 | data | +| testSend.swift:54:17:54:17 | password | testSend.swift:54:13:54:25 | call to pad(_:) | | testURL.swift:13:54:13:54 | passwd | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | | testURL.swift:16:55:16:55 | credit_card_no | testURL.swift:16:22:16:55 | ... .+(_:_:) ... | nodes @@ -29,13 +29,18 @@ nodes | testSend.swift:37:19:37:19 | data2 | semmle.label | data2 | | testSend.swift:41:10:41:18 | data | semmle.label | data | | testSend.swift:41:45:41:45 | data | semmle.label | data | -| testSend.swift:45:13:45:13 | password | semmle.label | password | -| testSend.swift:46:13:46:13 | password | semmle.label | password | -| testSend.swift:47:13:47:25 | call to pad(_:) | semmle.label | call to pad(_:) | -| testSend.swift:47:17:47:17 | password | semmle.label | password | -| testSend.swift:52:27:52:27 | str1 | semmle.label | str1 | -| testSend.swift:53:27:53:27 | str2 | semmle.label | str2 | -| testSend.swift:54:27:54:27 | str3 | semmle.label | str3 | +| testSend.swift:52:13:52:13 | password | semmle.label | password | +| testSend.swift:53:13:53:13 | password | semmle.label | password | +| testSend.swift:54:13:54:25 | call to pad(_:) | semmle.label | call to pad(_:) | +| testSend.swift:54:17:54:17 | password | semmle.label | password | +| testSend.swift:59:27:59:27 | str1 | semmle.label | str1 | +| testSend.swift:60:27:60:27 | str2 | semmle.label | str2 | +| testSend.swift:61:27:61:27 | str3 | semmle.label | str3 | +| testSend.swift:65:27:65:27 | license_key | semmle.label | license_key | +| testSend.swift:66:27:66:30 | .mobileNumber | semmle.label | .mobileNumber | +| testSend.swift:67:27:67:30 | .mobileUrl | semmle.label | .mobileUrl | +| testSend.swift:68:27:68:30 | .mobilePlayer | semmle.label | .mobilePlayer | +| testSend.swift:69:27:69:30 | .passwordFeatureEnabled | semmle.label | .passwordFeatureEnabled | | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | | testURL.swift:13:54:13:54 | passwd | semmle.label | passwd | | testURL.swift:16:22:16:55 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | @@ -43,16 +48,21 @@ nodes | testURL.swift:20:22:20:22 | passwd | semmle.label | passwd | subpaths | testSend.swift:33:19:33:19 | passwordPlain | testSend.swift:5:5:5:29 | [summary param] 0 in Data.init(_:) | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) | testSend.swift:33:14:33:32 | call to Data.init(_:) | -| testSend.swift:47:17:47:17 | password | testSend.swift:41:10:41:18 | data | testSend.swift:41:45:41:45 | data | testSend.swift:47:13:47:25 | call to pad(_:) | +| testSend.swift:54:17:54:17 | password | testSend.swift:41:10:41:18 | data | testSend.swift:41:45:41:45 | data | testSend.swift:54:13:54:25 | call to pad(_:) | #select | testAlamofire.swift:150:13:150:45 | ... .+(_:_:) ... | testAlamofire.swift:150:45:150:45 | password | testAlamofire.swift:150:13:150:45 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testAlamofire.swift:150:45:150:45 | password | password | | testAlamofire.swift:152:19:152:51 | ... .+(_:_:) ... | testAlamofire.swift:152:51:152:51 | password | testAlamofire.swift:152:19:152:51 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testAlamofire.swift:152:51:152:51 | password | password | | testAlamofire.swift:154:14:154:46 | ... .+(_:_:) ... | testAlamofire.swift:154:38:154:38 | email | testAlamofire.swift:154:14:154:46 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testAlamofire.swift:154:38:154:38 | email | email | | testSend.swift:29:19:29:19 | passwordPlain | testSend.swift:29:19:29:19 | passwordPlain | testSend.swift:29:19:29:19 | passwordPlain | This operation transmits 'passwordPlain', which may contain unencrypted sensitive data from $@. | testSend.swift:29:19:29:19 | passwordPlain | passwordPlain | | testSend.swift:37:19:37:19 | data2 | testSend.swift:33:19:33:19 | passwordPlain | testSend.swift:37:19:37:19 | data2 | This operation transmits 'data2', which may contain unencrypted sensitive data from $@. | testSend.swift:33:19:33:19 | passwordPlain | passwordPlain | -| testSend.swift:52:27:52:27 | str1 | testSend.swift:45:13:45:13 | password | testSend.swift:52:27:52:27 | str1 | This operation transmits 'str1', which may contain unencrypted sensitive data from $@. | testSend.swift:45:13:45:13 | password | password | -| testSend.swift:53:27:53:27 | str2 | testSend.swift:46:13:46:13 | password | testSend.swift:53:27:53:27 | str2 | This operation transmits 'str2', which may contain unencrypted sensitive data from $@. | testSend.swift:46:13:46:13 | password | password | -| testSend.swift:54:27:54:27 | str3 | testSend.swift:47:17:47:17 | password | testSend.swift:54:27:54:27 | str3 | This operation transmits 'str3', which may contain unencrypted sensitive data from $@. | testSend.swift:47:17:47:17 | password | password | +| testSend.swift:59:27:59:27 | str1 | testSend.swift:52:13:52:13 | password | testSend.swift:59:27:59:27 | str1 | This operation transmits 'str1', which may contain unencrypted sensitive data from $@. | testSend.swift:52:13:52:13 | password | password | +| testSend.swift:60:27:60:27 | str2 | testSend.swift:53:13:53:13 | password | testSend.swift:60:27:60:27 | str2 | This operation transmits 'str2', which may contain unencrypted sensitive data from $@. | testSend.swift:53:13:53:13 | password | password | +| testSend.swift:61:27:61:27 | str3 | testSend.swift:54:17:54:17 | password | testSend.swift:61:27:61:27 | str3 | This operation transmits 'str3', which may contain unencrypted sensitive data from $@. | testSend.swift:54:17:54:17 | password | password | +| testSend.swift:65:27:65:27 | license_key | testSend.swift:65:27:65:27 | license_key | testSend.swift:65:27:65:27 | license_key | This operation transmits 'license_key', which may contain unencrypted sensitive data from $@. | testSend.swift:65:27:65:27 | license_key | license_key | +| testSend.swift:66:27:66:30 | .mobileNumber | testSend.swift:66:27:66:30 | .mobileNumber | testSend.swift:66:27:66:30 | .mobileNumber | This operation transmits '.mobileNumber', which may contain unencrypted sensitive data from $@. | testSend.swift:66:27:66:30 | .mobileNumber | .mobileNumber | +| testSend.swift:67:27:67:30 | .mobileUrl | testSend.swift:67:27:67:30 | .mobileUrl | testSend.swift:67:27:67:30 | .mobileUrl | This operation transmits '.mobileUrl', which may contain unencrypted sensitive data from $@. | testSend.swift:67:27:67:30 | .mobileUrl | .mobileUrl | +| testSend.swift:68:27:68:30 | .mobilePlayer | testSend.swift:68:27:68:30 | .mobilePlayer | testSend.swift:68:27:68:30 | .mobilePlayer | This operation transmits '.mobilePlayer', which may contain unencrypted sensitive data from $@. | testSend.swift:68:27:68:30 | .mobilePlayer | .mobilePlayer | +| testSend.swift:69:27:69:30 | .passwordFeatureEnabled | testSend.swift:69:27:69:30 | .passwordFeatureEnabled | testSend.swift:69:27:69:30 | .passwordFeatureEnabled | This operation transmits '.passwordFeatureEnabled', which may contain unencrypted sensitive data from $@. | testSend.swift:69:27:69:30 | .passwordFeatureEnabled | .passwordFeatureEnabled | | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | testURL.swift:13:54:13:54 | passwd | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:13:54:13:54 | passwd | passwd | | testURL.swift:16:22:16:55 | ... .+(_:_:) ... | testURL.swift:16:55:16:55 | credit_card_no | testURL.swift:16:22:16:55 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:16:55:16:55 | credit_card_no | credit_card_no | | testURL.swift:20:22:20:22 | passwd | testURL.swift:20:22:20:22 | passwd | testURL.swift:20:22:20:22 | passwd | This operation transmits 'passwd', which may contain unencrypted sensitive data from $@. | testURL.swift:20:22:20:22 | passwd | passwd | diff --git a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected index ef794d4004a..9e06f8f7314 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected @@ -120,12 +120,17 @@ | testRealm.swift:73:15:73:15 | myPassword | label:myPassword, type:credential | | testSend.swift:29:19:29:19 | passwordPlain | label:passwordPlain, type:credential | | testSend.swift:33:19:33:19 | passwordPlain | label:passwordPlain, type:credential | -| testSend.swift:45:13:45:13 | password | label:password, type:credential | -| testSend.swift:46:13:46:13 | password | label:password, type:credential | -| testSend.swift:47:17:47:17 | password | label:password, type:credential | -| testSend.swift:48:23:48:23 | password | label:password, type:credential | -| testSend.swift:49:27:49:27 | password | label:password, type:credential | -| testSend.swift:50:27:50:27 | password | label:password, type:credential | +| testSend.swift:52:13:52:13 | password | label:password, type:credential | +| testSend.swift:53:13:53:13 | password | label:password, type:credential | +| testSend.swift:54:17:54:17 | password | label:password, type:credential | +| testSend.swift:55:23:55:23 | password | label:password, type:credential | +| testSend.swift:56:27:56:27 | password | label:password, type:credential | +| testSend.swift:57:27:57:27 | password | label:password, type:credential | +| testSend.swift:65:27:65:27 | license_key | label:license_key, type:credential | +| testSend.swift:66:27:66:30 | .mobileNumber | label:mobileNumber, type:private information | +| testSend.swift:67:27:67:30 | .mobileUrl | label:mobileUrl, type:private information | +| testSend.swift:68:27:68:30 | .mobilePlayer | label:mobilePlayer, type:private information | +| testSend.swift:69:27:69:30 | .passwordFeatureEnabled | label:passwordFeatureEnabled, type:credential | | testURL.swift:13:54:13:54 | passwd | label:passwd, type:credential | | testURL.swift:16:55:16:55 | credit_card_no | label:credit_card_no, type:private information | | testURL.swift:20:22:20:22 | passwd | label:passwd, type:credential | diff --git a/swift/ql/test/query-tests/Security/CWE-311/testSend.swift b/swift/ql/test/query-tests/Security/CWE-311/testSend.swift index aaf2e3487f2..6ba78ede6e7 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/testSend.swift +++ b/swift/ql/test/query-tests/Security/CWE-311/testSend.swift @@ -41,7 +41,14 @@ func test1(passwordPlain : String, passwordHash : String) { func pad(_ data: String) -> String { return data } func aes_crypt(_ data: String) -> String { return data } -func test2(password : String, connection : NWConnection) { +struct MyStruct { + var mobileNumber: String + var mobileUrl: String + var mobilePlayer: String + var passwordFeatureEnabled: Bool +} + +func test2(password : String, license_key: String, ms: MyStruct, connection : NWConnection) { let str1 = password let str2 = password + " " let str3 = pad(password) @@ -55,4 +62,9 @@ func test2(password : String, connection : NWConnection) { connection.send(content: str4, completion: .idempotent) // GOOD (encrypted) connection.send(content: str5, completion: .idempotent) // GOOD (encrypted) connection.send(content: str6, completion: .idempotent) // GOOD (encrypted) + connection.send(content: license_key, completion: .idempotent) // BAD + connection.send(content: ms.mobileNumber, completion: .idempotent) // BAD + connection.send(content: ms.mobileUrl, completion: .idempotent) // GOOD (not sensitive) [FALSE POSITIVE] + connection.send(content: ms.mobilePlayer, completion: .idempotent) // GOOD (not sensitive) [FALSE POSITIVE] + connection.send(content: ms.passwordFeatureEnabled, completion: .idempotent) // GOOD (not sensitive) [FALSE POSITIVE] } From e59d7e03456b1b0b8d3bc57098b1d7032224cd59 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 12 May 2023 11:37:38 +0100 Subject: [PATCH 358/870] Swift: Remove assumption that 'username' is not sensitive (in the tests). --- swift/ql/test/query-tests/Security/CWE-311/testRealm.swift | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/swift/ql/test/query-tests/Security/CWE-311/testRealm.swift b/swift/ql/test/query-tests/Security/CWE-311/testRealm.swift index 8bcf9ce83f5..94bc9e07800 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/testRealm.swift +++ b/swift/ql/test/query-tests/Security/CWE-311/testRealm.swift @@ -30,11 +30,11 @@ class MyRealmSwiftObject : RealmSwiftObject { class MyRealmSwiftObject2 : Object { override init() { password = "" } - var username: String? + var harmless: String? var password: String? } -func test1(realm : Realm, myUsername: String, myPassword : String, myHashedPassword : String) { +func test1(realm : Realm, myHarmless: String, myPassword : String, myHashedPassword : String) { // add objects (within a transaction) ... let a = MyRealmSwiftObject() @@ -69,7 +69,7 @@ func test1(realm : Realm, myUsername: String, myPassword : String, myHashedPassw // MyRealmSwiftObject2... let h = MyRealmSwiftObject2() - h.username = myUsername // GOOD (not sensitive) + h.harmless = myHarmless // GOOD (not sensitive) h.password = myPassword // BAD realm.add(h) } From f1c124a3da3ffd8e1d91cae95fd6d779b7481c9d Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 15 May 2023 14:01:17 +0100 Subject: [PATCH 359/870] C++: Share more code between 'ValidState' and 'StringSizeConfig'. --- .../Likely Bugs/OverrunWriteProductFlow.ql | 39 ++++++++++++------- 1 file changed, 24 insertions(+), 15 deletions(-) diff --git a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql b/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql index 38682ac6a01..c6941ccc15c 100644 --- a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql +++ b/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql @@ -183,19 +183,18 @@ module ValidState { // `AddInstruction` to the flow-state of any predecessor node. // For case 2 we simply propagate the valid flow-states from the predecessor node to // the next one. - exists(PathNode n0, DataFlow::Node node, int value0 | + exists(PathNode n0, DataFlow::Node node0, DataFlow::Node node, int value0 | n0.getASuccessor() = n and validStateImpl(n0, value0) and - node = n.getNode() + node = n.getNode() and + node0 = n0.getNode() | - exists(AddInstruction add, Operand op1, Operand op2, int delta | - add = node.asInstruction() and - add.hasOperands(op1, op2) and - value0 = value + delta and - semBounded(getSemanticExpr([op1, op2].getDef()), any(SemZeroBound zero), delta, true, _) + exists(int delta | + isAdditionalFlowStep2(node0, node, delta) and + value0 = value + delta ) or - not node.asInstruction() instanceof AddInstruction and + not isAdditionalFlowStep2(node0, node, _) and value = value0 ) ) @@ -208,6 +207,20 @@ module ValidState { import ValidState +/** + * Holds if `node2` is a dataflow node that represents an addition of two operands `op1` + * and `op2` such that: + * 1. `node1` is the dataflow node that represents `op1`, and + * 2. the value of `op2` can be upper bounded by `delta.` + */ +predicate isAdditionalFlowStep2(DataFlow::Node node1, DataFlow::Node node2, int delta) { + exists(AddInstruction add, Operand op | + add.hasOperands(node1.asOperand(), op) and + semBounded(getSemanticExpr(op.getDef()), any(SemZeroBound zero), delta, true, _) and + node2.asInstruction() = add + ) +} + module StringSizeConfig implements ProductFlow::StateConfigSig { class FlowState1 = Unit; @@ -251,13 +264,9 @@ module StringSizeConfig implements ProductFlow::StateConfigSig { DataFlow::Node node1, FlowState2 state1, DataFlow::Node node2, FlowState2 state2 ) { validState(node2, state2) and - exists(AddInstruction add, Operand op, int delta, int s1, int s2 | - state1 = s1 and - state2 = s2 and - add.hasOperands(node1.asOperand(), op) and - semBounded(getSemanticExpr(op.getDef()), any(SemZeroBound zero), delta, true, _) and - node2.asInstruction() = add and - s1 = s2 + delta + exists(int delta | + isAdditionalFlowStep2(node1, node2, delta) and + state1 = state2 + delta ) } } From 650e9e1088ac400888ef98c70980ba215640e532 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 15 May 2023 14:05:41 +0100 Subject: [PATCH 360/870] C++: Fix Code Scanning error. --- cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql b/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql index c6941ccc15c..2485048a84a 100644 --- a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql +++ b/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql @@ -162,7 +162,7 @@ module ValidState { // p = b ? new char[size] : new char[size + 1]; // memset(p, 0, size + 2); // ``` - // the valid flow-states at the `memset` must include set set `{0, 1}` since the + // the valid flow-states at the `memset` must include the set `{0, 1}` since the // flow-state at `new char[size]` is `0`, and the flow-state at `new char[size + 1]` // is `1`. // From 27c8eb301e0a1876cb6803954d52bd0b22a6e3cb Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 15 May 2023 14:08:22 +0100 Subject: [PATCH 361/870] Swift: Fix URL-related FPs. --- swift/ql/lib/codeql/swift/security/SensitiveExprs.qll | 2 +- .../query-tests/Security/CWE-311/CleartextTransmission.expected | 2 -- .../test/query-tests/Security/CWE-311/SensitiveExprs.expected | 1 - swift/ql/test/query-tests/Security/CWE-311/testSend.swift | 2 +- 4 files changed, 2 insertions(+), 5 deletions(-) diff --git a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll index aa66f6d93fd..c1bc5d0bd50 100644 --- a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll +++ b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll @@ -69,7 +69,7 @@ class SensitivePrivateInfo extends SensitiveDataType, TPrivateInfo { * contain hashed or encrypted data, or are only a reference to data that is * actually stored elsewhere. */ -private string regexpProbablySafe() { result = ".*(hash|crypt|file|path|invalid).*" } +private string regexpProbablySafe() { result = ".*(hash|crypt|file|path|url|invalid).*" } /** * A `VarDecl` that might be used to contain sensitive data. diff --git a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected index 459d3cba917..13c8c921f2d 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected @@ -38,7 +38,6 @@ nodes | testSend.swift:61:27:61:27 | str3 | semmle.label | str3 | | testSend.swift:65:27:65:27 | license_key | semmle.label | license_key | | testSend.swift:66:27:66:30 | .mobileNumber | semmle.label | .mobileNumber | -| testSend.swift:67:27:67:30 | .mobileUrl | semmle.label | .mobileUrl | | testSend.swift:68:27:68:30 | .mobilePlayer | semmle.label | .mobilePlayer | | testSend.swift:69:27:69:30 | .passwordFeatureEnabled | semmle.label | .passwordFeatureEnabled | | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | @@ -60,7 +59,6 @@ subpaths | testSend.swift:61:27:61:27 | str3 | testSend.swift:54:17:54:17 | password | testSend.swift:61:27:61:27 | str3 | This operation transmits 'str3', which may contain unencrypted sensitive data from $@. | testSend.swift:54:17:54:17 | password | password | | testSend.swift:65:27:65:27 | license_key | testSend.swift:65:27:65:27 | license_key | testSend.swift:65:27:65:27 | license_key | This operation transmits 'license_key', which may contain unencrypted sensitive data from $@. | testSend.swift:65:27:65:27 | license_key | license_key | | testSend.swift:66:27:66:30 | .mobileNumber | testSend.swift:66:27:66:30 | .mobileNumber | testSend.swift:66:27:66:30 | .mobileNumber | This operation transmits '.mobileNumber', which may contain unencrypted sensitive data from $@. | testSend.swift:66:27:66:30 | .mobileNumber | .mobileNumber | -| testSend.swift:67:27:67:30 | .mobileUrl | testSend.swift:67:27:67:30 | .mobileUrl | testSend.swift:67:27:67:30 | .mobileUrl | This operation transmits '.mobileUrl', which may contain unencrypted sensitive data from $@. | testSend.swift:67:27:67:30 | .mobileUrl | .mobileUrl | | testSend.swift:68:27:68:30 | .mobilePlayer | testSend.swift:68:27:68:30 | .mobilePlayer | testSend.swift:68:27:68:30 | .mobilePlayer | This operation transmits '.mobilePlayer', which may contain unencrypted sensitive data from $@. | testSend.swift:68:27:68:30 | .mobilePlayer | .mobilePlayer | | testSend.swift:69:27:69:30 | .passwordFeatureEnabled | testSend.swift:69:27:69:30 | .passwordFeatureEnabled | testSend.swift:69:27:69:30 | .passwordFeatureEnabled | This operation transmits '.passwordFeatureEnabled', which may contain unencrypted sensitive data from $@. | testSend.swift:69:27:69:30 | .passwordFeatureEnabled | .passwordFeatureEnabled | | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | testURL.swift:13:54:13:54 | passwd | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:13:54:13:54 | passwd | passwd | diff --git a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected index 9e06f8f7314..ebda7360324 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected @@ -128,7 +128,6 @@ | testSend.swift:57:27:57:27 | password | label:password, type:credential | | testSend.swift:65:27:65:27 | license_key | label:license_key, type:credential | | testSend.swift:66:27:66:30 | .mobileNumber | label:mobileNumber, type:private information | -| testSend.swift:67:27:67:30 | .mobileUrl | label:mobileUrl, type:private information | | testSend.swift:68:27:68:30 | .mobilePlayer | label:mobilePlayer, type:private information | | testSend.swift:69:27:69:30 | .passwordFeatureEnabled | label:passwordFeatureEnabled, type:credential | | testURL.swift:13:54:13:54 | passwd | label:passwd, type:credential | diff --git a/swift/ql/test/query-tests/Security/CWE-311/testSend.swift b/swift/ql/test/query-tests/Security/CWE-311/testSend.swift index 6ba78ede6e7..4504b09c4e0 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/testSend.swift +++ b/swift/ql/test/query-tests/Security/CWE-311/testSend.swift @@ -64,7 +64,7 @@ func test2(password : String, license_key: String, ms: MyStruct, connection : NW connection.send(content: str6, completion: .idempotent) // GOOD (encrypted) connection.send(content: license_key, completion: .idempotent) // BAD connection.send(content: ms.mobileNumber, completion: .idempotent) // BAD - connection.send(content: ms.mobileUrl, completion: .idempotent) // GOOD (not sensitive) [FALSE POSITIVE] + connection.send(content: ms.mobileUrl, completion: .idempotent) // GOOD (not sensitive) connection.send(content: ms.mobilePlayer, completion: .idempotent) // GOOD (not sensitive) [FALSE POSITIVE] connection.send(content: ms.passwordFeatureEnabled, completion: .idempotent) // GOOD (not sensitive) [FALSE POSITIVE] } From f46620c455b76b49381fbde233c70431fafd8f8d Mon Sep 17 00:00:00 2001 From: Maiky <76447395+maikypedia@users.noreply.github.com> Date: Mon, 15 May 2023 15:09:44 +0200 Subject: [PATCH 362/870] Var only used in one side of disjunct --- ruby/ql/lib/codeql/ruby/frameworks/Mysql2.qll | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Mysql2.qll b/ruby/ql/lib/codeql/ruby/frameworks/Mysql2.qll index efea7383a4c..c1c74813b75 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/Mysql2.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/Mysql2.qll @@ -35,12 +35,14 @@ module Mysql2 { private DataFlow::Node query; Mysql2Execution() { - exists(Mysql2Connection mysql2Connection, DataFlow::CallNode prepareCall | + exists(Mysql2Connection mysql2Connection | this = mysql2Connection.getAMethodCall("query") and query = this.getArgument(0) or - prepareCall = mysql2Connection.getAMethodCall("prepare") and - query = prepareCall.getArgument(0) and - this = prepareCall.getAMethodCall("execute") + exists(DataFlow::CallNode prepareCall | + prepareCall = mysql2Connection.getAMethodCall("prepare") and + query = prepareCall.getArgument(0) and + this = prepareCall.getAMethodCall("execute") + ) ) } From a0cba8cb6b2eca1ee48a5a3f6412187dda5dc8b2 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 12 May 2023 22:47:03 +0100 Subject: [PATCH 363/870] Swift: Address boolean value FPs. --- .../swift/security/CleartextLoggingExtensions.qll | 12 ++++++++++++ .../security/CleartextStorageDatabaseExtensions.qll | 11 ++++++++--- .../CleartextStoragePreferencesExtensions.qll | 12 ++++++++---- .../security/CleartextTransmissionExtensions.qll | 11 ++++++++--- .../Security/CWE-311/CleartextTransmission.expected | 2 -- .../test/query-tests/Security/CWE-311/testSend.swift | 2 +- 6 files changed, 37 insertions(+), 13 deletions(-) diff --git a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll index 1adc157fb6f..8f36a95e99d 100644 --- a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll +++ b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll @@ -29,6 +29,18 @@ private class DefaultCleartextLoggingSink extends CleartextLoggingSink { DefaultCleartextLoggingSink() { sinkNode(this, "log-injection") } } +/** + * An barrier for cleartext logging vulnerabilities. + * - encryption; encrypted values are not cleartext. + * - booleans; these are more likely to be settings, rather than actual sensitive data. + */ +private class CleartextLoggingDefaultBarrier extends CleartextLoggingBarrier { + CleartextLoggingDefaultBarrier() { + this.asExpr() instanceof EncryptedExpr or + this.asExpr().getType().getUnderlyingType() instanceof BoolType + } +} + /** * A barrier for `OSLogMessage`s configured with the appropriate privacy option. * Numeric and boolean arguments aren't redacted unless the `private` or `sensitive` options are used. diff --git a/swift/ql/lib/codeql/swift/security/CleartextStorageDatabaseExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextStorageDatabaseExtensions.qll index 4d024ced959..cb7e8c53ec8 100644 --- a/swift/ql/lib/codeql/swift/security/CleartextStorageDatabaseExtensions.qll +++ b/swift/ql/lib/codeql/swift/security/CleartextStorageDatabaseExtensions.qll @@ -114,10 +114,15 @@ private class CleartextStorageDatabaseSinks extends SinkModelCsv { } /** - * An encryption barrier for cleartext database storage vulnerabilities. + * An barrier for cleartext database storage vulnerabilities. + * - encryption; encrypted values are not cleartext. + * - booleans; these are more likely to be settings, rather than actual sensitive data. */ -private class CleartextStorageDatabaseEncryptionBarrier extends CleartextStorageDatabaseBarrier { - CleartextStorageDatabaseEncryptionBarrier() { this.asExpr() instanceof EncryptedExpr } +private class CleartextStorageDatabaseDefaultBarrier extends CleartextStorageDatabaseBarrier { + CleartextStorageDatabaseDefaultBarrier() { + this.asExpr() instanceof EncryptedExpr or + this.asExpr().getType().getUnderlyingType() instanceof BoolType + } } /** diff --git a/swift/ql/lib/codeql/swift/security/CleartextStoragePreferencesExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextStoragePreferencesExtensions.qll index cc7a443e8e2..b3306dabc9f 100644 --- a/swift/ql/lib/codeql/swift/security/CleartextStoragePreferencesExtensions.qll +++ b/swift/ql/lib/codeql/swift/security/CleartextStoragePreferencesExtensions.qll @@ -74,11 +74,15 @@ private class NSUserDefaultsControllerStore extends CleartextStoragePreferencesS } /** - * An encryption barrier for cleartext preferences storage vulnerabilities. + * An barrier for cleartext preferences storage vulnerabilities. + * - encryption; encrypted values are not cleartext. + * - booleans; these are more likely to be settings, rather than actual sensitive data. */ -private class CleartextStoragePreferencesEncryptionBarrier extends CleartextStoragePreferencesBarrier -{ - CleartextStoragePreferencesEncryptionBarrier() { this.asExpr() instanceof EncryptedExpr } +private class CleartextStoragePreferencesDefaultBarrier extends CleartextStoragePreferencesBarrier { + CleartextStoragePreferencesDefaultBarrier() { + this.asExpr() instanceof EncryptedExpr or + this.asExpr().getType().getUnderlyingType() instanceof BoolType + } } /** diff --git a/swift/ql/lib/codeql/swift/security/CleartextTransmissionExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextTransmissionExtensions.qll index 760a2f3500b..a9dedff2f6c 100644 --- a/swift/ql/lib/codeql/swift/security/CleartextTransmissionExtensions.qll +++ b/swift/ql/lib/codeql/swift/security/CleartextTransmissionExtensions.qll @@ -81,10 +81,15 @@ private class AlamofireTransmittedSink extends CleartextTransmissionSink { } /** - * An encryption barrier for cleartext transmission vulnerabilities. + * An barrier for cleartext transmission vulnerabilities. + * - encryption; encrypted values are not cleartext. + * - booleans; these are more likely to be settings, rather than actual sensitive data. */ -private class CleartextTransmissionEncryptionBarrier extends CleartextTransmissionBarrier { - CleartextTransmissionEncryptionBarrier() { this.asExpr() instanceof EncryptedExpr } +private class CleartextTransmissionDefaultBarrier extends CleartextTransmissionBarrier { + CleartextTransmissionDefaultBarrier() { + this.asExpr() instanceof EncryptedExpr or + this.asExpr().getType().getUnderlyingType() instanceof BoolType + } } /** diff --git a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected index 13c8c921f2d..32a04544c2f 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected @@ -39,7 +39,6 @@ nodes | testSend.swift:65:27:65:27 | license_key | semmle.label | license_key | | testSend.swift:66:27:66:30 | .mobileNumber | semmle.label | .mobileNumber | | testSend.swift:68:27:68:30 | .mobilePlayer | semmle.label | .mobilePlayer | -| testSend.swift:69:27:69:30 | .passwordFeatureEnabled | semmle.label | .passwordFeatureEnabled | | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | | testURL.swift:13:54:13:54 | passwd | semmle.label | passwd | | testURL.swift:16:22:16:55 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | @@ -60,7 +59,6 @@ subpaths | testSend.swift:65:27:65:27 | license_key | testSend.swift:65:27:65:27 | license_key | testSend.swift:65:27:65:27 | license_key | This operation transmits 'license_key', which may contain unencrypted sensitive data from $@. | testSend.swift:65:27:65:27 | license_key | license_key | | testSend.swift:66:27:66:30 | .mobileNumber | testSend.swift:66:27:66:30 | .mobileNumber | testSend.swift:66:27:66:30 | .mobileNumber | This operation transmits '.mobileNumber', which may contain unencrypted sensitive data from $@. | testSend.swift:66:27:66:30 | .mobileNumber | .mobileNumber | | testSend.swift:68:27:68:30 | .mobilePlayer | testSend.swift:68:27:68:30 | .mobilePlayer | testSend.swift:68:27:68:30 | .mobilePlayer | This operation transmits '.mobilePlayer', which may contain unencrypted sensitive data from $@. | testSend.swift:68:27:68:30 | .mobilePlayer | .mobilePlayer | -| testSend.swift:69:27:69:30 | .passwordFeatureEnabled | testSend.swift:69:27:69:30 | .passwordFeatureEnabled | testSend.swift:69:27:69:30 | .passwordFeatureEnabled | This operation transmits '.passwordFeatureEnabled', which may contain unencrypted sensitive data from $@. | testSend.swift:69:27:69:30 | .passwordFeatureEnabled | .passwordFeatureEnabled | | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | testURL.swift:13:54:13:54 | passwd | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:13:54:13:54 | passwd | passwd | | testURL.swift:16:22:16:55 | ... .+(_:_:) ... | testURL.swift:16:55:16:55 | credit_card_no | testURL.swift:16:22:16:55 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:16:55:16:55 | credit_card_no | credit_card_no | | testURL.swift:20:22:20:22 | passwd | testURL.swift:20:22:20:22 | passwd | testURL.swift:20:22:20:22 | passwd | This operation transmits 'passwd', which may contain unencrypted sensitive data from $@. | testURL.swift:20:22:20:22 | passwd | passwd | diff --git a/swift/ql/test/query-tests/Security/CWE-311/testSend.swift b/swift/ql/test/query-tests/Security/CWE-311/testSend.swift index 4504b09c4e0..ee6bf6beaf5 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/testSend.swift +++ b/swift/ql/test/query-tests/Security/CWE-311/testSend.swift @@ -66,5 +66,5 @@ func test2(password : String, license_key: String, ms: MyStruct, connection : NW connection.send(content: ms.mobileNumber, completion: .idempotent) // BAD connection.send(content: ms.mobileUrl, completion: .idempotent) // GOOD (not sensitive) connection.send(content: ms.mobilePlayer, completion: .idempotent) // GOOD (not sensitive) [FALSE POSITIVE] - connection.send(content: ms.passwordFeatureEnabled, completion: .idempotent) // GOOD (not sensitive) [FALSE POSITIVE] + connection.send(content: ms.passwordFeatureEnabled, completion: .idempotent) // GOOD (not sensitive) } From 3c002353755bb8af5d26770d6e01b07bd1d65020 Mon Sep 17 00:00:00 2001 From: Maiky <76447395+maikypedia@users.noreply.github.com> Date: Mon, 15 May 2023 15:56:52 +0200 Subject: [PATCH 364/870] Add SqlSanitization to `Concepts` and turn private --- ruby/ql/lib/codeql/ruby/Concepts.qll | 13 +++++++++++++ ruby/ql/lib/codeql/ruby/Frameworks.qll | 1 + .../ruby/security/SqlInjectionCustomizations.qll | 4 ++-- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/Concepts.qll b/ruby/ql/lib/codeql/ruby/Concepts.qll index ec27694581f..0a403734512 100644 --- a/ruby/ql/lib/codeql/ruby/Concepts.qll +++ b/ruby/ql/lib/codeql/ruby/Concepts.qll @@ -78,6 +78,19 @@ module SqlExecution { } } + /** + * A data-flow node that performs SQL sanitization. + */ + class SqlSanitization extends DataFlow::Node instanceof SqlSanitization::Range { } + + /** Provides a class for modeling new SQL sanitization APIs. */ + module SqlSanitization { + /** + * A data-flow node that performs SQL sanitization. + */ + abstract class Range extends DataFlow::Node { } + } + /** * A data-flow node that executes a regular expression. * diff --git a/ruby/ql/lib/codeql/ruby/Frameworks.qll b/ruby/ql/lib/codeql/ruby/Frameworks.qll index e61ac723e7e..7da37077df9 100644 --- a/ruby/ql/lib/codeql/ruby/Frameworks.qll +++ b/ruby/ql/lib/codeql/ruby/Frameworks.qll @@ -32,3 +32,4 @@ private import codeql.ruby.frameworks.Slim private import codeql.ruby.frameworks.Sinatra private import codeql.ruby.frameworks.Twirp private import codeql.ruby.frameworks.Sqlite3 +private import codeql.ruby.frameworks.Mysql2 \ No newline at end of file diff --git a/ruby/ql/lib/codeql/ruby/security/SqlInjectionCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/SqlInjectionCustomizations.qll index 546e84e023b..e1e1b630d9d 100644 --- a/ruby/ql/lib/codeql/ruby/security/SqlInjectionCustomizations.qll +++ b/ruby/ql/lib/codeql/ruby/security/SqlInjectionCustomizations.qll @@ -57,7 +57,7 @@ module SqlInjection { /** * A call to `Mysql2::Client.escape`, considered as a sanitizer. */ - class Mysql2EscapeSanitization extends Sanitizer { + private class Mysql2EscapeSanitization extends Sanitizer { Mysql2EscapeSanitization() { this = API::getTopLevelMember("Mysql2").getMember("Client").getAMethodCall("escape") } @@ -66,7 +66,7 @@ module SqlInjection { /** * A call to `SQLite3::Database.quote`, considered as a sanitizer. */ - class SQLite3EscapeSanitization extends Sanitizer { + private class SQLite3EscapeSanitization extends Sanitizer { SQLite3EscapeSanitization() { this = API::getTopLevelMember("SQLite3").getMember("Database").getAMethodCall("quote") } From 3cdb27725ad3d20a1ac82712c2682cd37c5b6249 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 8 May 2023 12:40:47 +0200 Subject: [PATCH 365/870] Ruby: Add more call graph tests --- .../library-tests/modules/ancestors.expected | 42 +- .../library-tests/modules/callgraph.expected | 430 ++-- ruby/ql/test/library-tests/modules/calls.rb | 16 + .../library-tests/modules/methods.expected | 974 ++++---- .../library-tests/modules/modules.expected | 1984 +++++++++-------- .../modules/superclasses.expected | 42 +- 6 files changed, 1798 insertions(+), 1690 deletions(-) diff --git a/ruby/ql/test/library-tests/modules/ancestors.expected b/ruby/ql/test/library-tests/modules/ancestors.expected index 2ebc068459f..042808a34f0 100644 --- a/ruby/ql/test/library-tests/modules/ancestors.expected +++ b/ruby/ql/test/library-tests/modules/ancestors.expected @@ -94,64 +94,64 @@ calls.rb: # 325| C1 #-----| super -> Object -# 331| C2 +# 335| C2 #-----| super -> C1 -# 337| C3 +# 341| C3 #-----| super -> C2 -# 377| SingletonOverride1 +# 385| SingletonOverride1 #-----| super -> Object -# 412| SingletonOverride2 +# 420| SingletonOverride2 #-----| super -> SingletonOverride1 -# 433| ConditionalInstanceMethods +# 441| ConditionalInstanceMethods #-----| super -> Object -# 496| ExtendSingletonMethod +# 504| ExtendSingletonMethod -# 506| ExtendSingletonMethod2 +# 514| ExtendSingletonMethod2 -# 512| ExtendSingletonMethod3 +# 520| ExtendSingletonMethod3 -# 525| ProtectedMethodInModule +# 533| ProtectedMethodInModule -# 531| ProtectedMethods +# 539| ProtectedMethods #-----| super -> Object #-----| include -> ProtectedMethodInModule -# 550| ProtectedMethodsSub +# 558| ProtectedMethodsSub #-----| super -> ProtectedMethods -# 564| SingletonUpCall_Base +# 572| SingletonUpCall_Base #-----| super -> Object -# 568| SingletonUpCall_Sub +# 576| SingletonUpCall_Sub #-----| super -> SingletonUpCall_Base -# 576| SingletonUpCall_SubSub +# 584| SingletonUpCall_SubSub #-----| super -> SingletonUpCall_Sub -# 583| SingletonA +# 591| SingletonA #-----| super -> Object -# 596| SingletonB +# 604| SingletonB #-----| super -> SingletonA -# 605| SingletonC +# 613| SingletonC #-----| super -> SingletonA -# 618| Included +# 626| Included -# 626| IncludesIncluded +# 634| IncludesIncluded #-----| super -> Object #-----| include -> Included -# 633| CustomNew1 +# 641| CustomNew1 #-----| super -> Object -# 641| CustomNew2 +# 649| CustomNew2 #-----| super -> Object hello.rb: diff --git a/ruby/ql/test/library-tests/modules/callgraph.expected b/ruby/ql/test/library-tests/modules/callgraph.expected index d888b8b2474..01b57aab2f8 100644 --- a/ruby/ql/test/library-tests/modules/callgraph.expected +++ b/ruby/ql/test/library-tests/modules/callgraph.expected @@ -117,134 +117,145 @@ getTarget | calls.rb:320:5:320:16 | call to instance | calls.rb:311:5:314:7 | instance | | calls.rb:323:1:323:17 | call to singleton | calls.rb:316:5:318:7 | singleton | | calls.rb:327:9:327:26 | call to puts | calls.rb:102:5:102:30 | puts | -| calls.rb:333:9:333:26 | call to puts | calls.rb:102:5:102:30 | puts | -| calls.rb:339:9:339:26 | call to puts | calls.rb:102:5:102:30 | puts | -| calls.rb:346:9:346:18 | call to instance | calls.rb:338:5:340:7 | instance | -| calls.rb:348:9:348:18 | call to instance | calls.rb:332:5:334:7 | instance | -| calls.rb:348:9:348:18 | call to instance | calls.rb:338:5:340:7 | instance | -| calls.rb:350:9:350:18 | call to instance | calls.rb:326:5:328:7 | instance | -| calls.rb:350:9:350:18 | call to instance | calls.rb:332:5:334:7 | instance | -| calls.rb:350:9:350:18 | call to instance | calls.rb:338:5:340:7 | instance | -| calls.rb:355:20:355:29 | call to instance | calls.rb:338:5:340:7 | instance | -| calls.rb:356:26:356:36 | call to instance | calls.rb:332:5:334:7 | instance | -| calls.rb:356:26:356:36 | call to instance | calls.rb:338:5:340:7 | instance | -| calls.rb:357:26:357:36 | call to instance | calls.rb:326:5:328:7 | instance | -| calls.rb:357:26:357:36 | call to instance | calls.rb:332:5:334:7 | instance | -| calls.rb:357:26:357:36 | call to instance | calls.rb:338:5:340:7 | instance | -| calls.rb:361:6:361:11 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:362:1:362:11 | call to instance | calls.rb:326:5:328:7 | instance | -| calls.rb:363:1:363:25 | call to pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:363:19:363:24 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:364:1:364:25 | call to pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:364:19:364:24 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:365:1:365:25 | call to pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:365:19:365:24 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:369:9:369:28 | call to puts | calls.rb:102:5:102:30 | puts | -| calls.rb:373:6:373:11 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:374:1:374:16 | call to add_singleton | calls.rb:367:1:371:3 | add_singleton | -| calls.rb:375:1:375:11 | call to instance | calls.rb:326:5:328:7 | instance | -| calls.rb:375:1:375:11 | call to instance | calls.rb:368:5:370:7 | instance | -| calls.rb:380:13:380:48 | call to puts | calls.rb:102:5:102:30 | puts | -| calls.rb:384:13:384:22 | call to singleton1 | calls.rb:379:9:381:11 | singleton1 | -| calls.rb:384:13:384:22 | call to singleton1 | calls.rb:414:9:416:11 | singleton1 | -| calls.rb:388:13:388:20 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:388:13:388:30 | call to instance1 | calls.rb:402:5:404:7 | instance1 | -| calls.rb:388:13:388:30 | call to instance1 | calls.rb:423:5:425:7 | instance1 | -| calls.rb:393:9:393:44 | call to puts | calls.rb:102:5:102:30 | puts | -| calls.rb:397:9:397:18 | call to singleton2 | calls.rb:392:5:394:7 | singleton2 | -| calls.rb:397:9:397:18 | call to singleton2 | calls.rb:419:5:421:7 | singleton2 | -| calls.rb:400:5:400:14 | call to singleton2 | calls.rb:392:5:394:7 | singleton2 | -| calls.rb:403:9:403:43 | call to puts | calls.rb:102:5:102:30 | puts | -| calls.rb:407:1:407:29 | call to singleton1 | calls.rb:379:9:381:11 | singleton1 | -| calls.rb:408:1:408:29 | call to singleton2 | calls.rb:392:5:394:7 | singleton2 | -| calls.rb:409:1:409:34 | call to call_singleton1 | calls.rb:383:9:385:11 | call_singleton1 | -| calls.rb:410:1:410:34 | call to call_singleton2 | calls.rb:396:5:398:7 | call_singleton2 | -| calls.rb:415:13:415:48 | call to puts | calls.rb:102:5:102:30 | puts | -| calls.rb:420:9:420:44 | call to puts | calls.rb:102:5:102:30 | puts | -| calls.rb:424:9:424:43 | call to puts | calls.rb:102:5:102:30 | puts | -| calls.rb:428:1:428:29 | call to singleton1 | calls.rb:414:9:416:11 | singleton1 | -| calls.rb:429:1:429:29 | call to singleton2 | calls.rb:419:5:421:7 | singleton2 | -| calls.rb:430:1:430:34 | call to call_singleton1 | calls.rb:383:9:385:11 | call_singleton1 | -| calls.rb:431:1:431:34 | call to call_singleton2 | calls.rb:396:5:398:7 | call_singleton2 | -| calls.rb:436:13:436:48 | call to puts | calls.rb:102:5:102:30 | puts | -| calls.rb:441:9:441:44 | call to puts | calls.rb:102:5:102:30 | puts | +| calls.rb:337:9:337:26 | call to puts | calls.rb:102:5:102:30 | puts | +| calls.rb:343:9:343:26 | call to puts | calls.rb:102:5:102:30 | puts | +| calls.rb:350:9:350:18 | call to instance | calls.rb:342:5:344:7 | instance | +| calls.rb:352:9:352:18 | call to instance | calls.rb:336:5:338:7 | instance | +| calls.rb:352:9:352:18 | call to instance | calls.rb:342:5:344:7 | instance | +| calls.rb:354:9:354:18 | call to instance | calls.rb:326:5:328:7 | instance | +| calls.rb:354:9:354:18 | call to instance | calls.rb:336:5:338:7 | instance | +| calls.rb:354:9:354:18 | call to instance | calls.rb:342:5:344:7 | instance | +| calls.rb:359:20:359:29 | call to instance | calls.rb:342:5:344:7 | instance | +| calls.rb:360:26:360:36 | call to instance | calls.rb:336:5:338:7 | instance | +| calls.rb:360:26:360:36 | call to instance | calls.rb:342:5:344:7 | instance | +| calls.rb:361:26:361:36 | call to instance | calls.rb:326:5:328:7 | instance | +| calls.rb:361:26:361:36 | call to instance | calls.rb:336:5:338:7 | instance | +| calls.rb:361:26:361:36 | call to instance | calls.rb:342:5:344:7 | instance | +| calls.rb:365:6:365:11 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:366:1:366:11 | call to instance | calls.rb:326:5:328:7 | instance | +| calls.rb:368:1:368:25 | call to pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:368:19:368:24 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:369:1:369:25 | call to pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:369:19:369:24 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:370:1:370:25 | call to pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:370:19:370:24 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:372:1:372:6 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:372:1:372:18 | call to return_self | calls.rb:330:5:332:7 | return_self | +| calls.rb:372:1:372:27 | call to instance | calls.rb:326:5:328:7 | instance | +| calls.rb:372:1:372:27 | call to instance | calls.rb:336:5:338:7 | instance | +| calls.rb:372:1:372:27 | call to instance | calls.rb:342:5:344:7 | instance | +| calls.rb:376:9:376:28 | call to puts | calls.rb:102:5:102:30 | puts | +| calls.rb:380:6:380:11 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:381:1:381:16 | call to add_singleton | calls.rb:374:1:378:3 | add_singleton | +| calls.rb:382:1:382:11 | call to instance | calls.rb:326:5:328:7 | instance | +| calls.rb:382:1:382:11 | call to instance | calls.rb:375:5:377:7 | instance | +| calls.rb:383:1:383:14 | call to return_self | calls.rb:330:5:332:7 | return_self | +| calls.rb:383:1:383:23 | call to instance | calls.rb:326:5:328:7 | instance | +| calls.rb:383:1:383:23 | call to instance | calls.rb:336:5:338:7 | instance | +| calls.rb:383:1:383:23 | call to instance | calls.rb:342:5:344:7 | instance | +| calls.rb:388:13:388:48 | call to puts | calls.rb:102:5:102:30 | puts | +| calls.rb:392:13:392:22 | call to singleton1 | calls.rb:387:9:389:11 | singleton1 | +| calls.rb:392:13:392:22 | call to singleton1 | calls.rb:422:9:424:11 | singleton1 | +| calls.rb:396:13:396:20 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:396:13:396:30 | call to instance1 | calls.rb:410:5:412:7 | instance1 | +| calls.rb:396:13:396:30 | call to instance1 | calls.rb:431:5:433:7 | instance1 | +| calls.rb:401:9:401:44 | call to puts | calls.rb:102:5:102:30 | puts | +| calls.rb:405:9:405:18 | call to singleton2 | calls.rb:400:5:402:7 | singleton2 | +| calls.rb:405:9:405:18 | call to singleton2 | calls.rb:427:5:429:7 | singleton2 | +| calls.rb:408:5:408:14 | call to singleton2 | calls.rb:400:5:402:7 | singleton2 | +| calls.rb:411:9:411:43 | call to puts | calls.rb:102:5:102:30 | puts | +| calls.rb:415:1:415:29 | call to singleton1 | calls.rb:387:9:389:11 | singleton1 | +| calls.rb:416:1:416:29 | call to singleton2 | calls.rb:400:5:402:7 | singleton2 | +| calls.rb:417:1:417:34 | call to call_singleton1 | calls.rb:391:9:393:11 | call_singleton1 | +| calls.rb:418:1:418:34 | call to call_singleton2 | calls.rb:404:5:406:7 | call_singleton2 | +| calls.rb:423:13:423:48 | call to puts | calls.rb:102:5:102:30 | puts | +| calls.rb:428:9:428:44 | call to puts | calls.rb:102:5:102:30 | puts | +| calls.rb:432:9:432:43 | call to puts | calls.rb:102:5:102:30 | puts | +| calls.rb:436:1:436:29 | call to singleton1 | calls.rb:422:9:424:11 | singleton1 | +| calls.rb:437:1:437:29 | call to singleton2 | calls.rb:427:5:429:7 | singleton2 | +| calls.rb:438:1:438:34 | call to call_singleton1 | calls.rb:391:9:393:11 | call_singleton1 | +| calls.rb:439:1:439:34 | call to call_singleton2 | calls.rb:404:5:406:7 | call_singleton2 | | calls.rb:444:13:444:48 | call to puts | calls.rb:102:5:102:30 | puts | -| calls.rb:447:17:447:52 | call to puts | calls.rb:102:5:102:30 | puts | -| calls.rb:455:9:459:11 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:455:9:459:15 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:457:17:457:40 | call to puts | calls.rb:102:5:102:30 | puts | -| calls.rb:463:1:463:30 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:463:1:463:33 | call to m1 | calls.rb:435:9:437:11 | m1 | -| calls.rb:464:1:464:30 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:465:1:465:30 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:465:1:465:33 | call to m2 | calls.rb:440:5:452:7 | m2 | -| calls.rb:466:1:466:30 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:467:1:467:30 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:468:1:468:30 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:470:27:488:3 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:473:13:473:22 | call to puts | calls.rb:102:5:102:30 | puts | -| calls.rb:477:5:481:7 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:477:5:481:11 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:479:13:479:22 | call to puts | calls.rb:102:5:102:30 | puts | -| calls.rb:485:13:485:27 | call to puts | calls.rb:102:5:102:30 | puts | -| calls.rb:490:1:490:27 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:491:1:491:27 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:492:1:492:27 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:493:1:493:27 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:494:1:494:27 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:504:1:504:31 | call to singleton | calls.rb:497:5:499:7 | singleton | -| calls.rb:510:1:510:32 | call to singleton | calls.rb:497:5:499:7 | singleton | -| calls.rb:517:1:517:32 | call to singleton | calls.rb:497:5:499:7 | singleton | -| calls.rb:523:1:523:13 | call to singleton | calls.rb:497:5:499:7 | singleton | -| calls.rb:532:5:532:35 | call to include | calls.rb:108:5:110:7 | include | -| calls.rb:535:9:535:35 | call to puts | calls.rb:102:5:102:30 | puts | -| calls.rb:539:9:539:11 | call to foo | calls.rb:526:15:528:7 | foo | -| calls.rb:540:9:540:11 | call to bar | calls.rb:534:15:536:7 | bar | -| calls.rb:541:9:541:28 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:541:9:541:32 | call to foo | calls.rb:526:15:528:7 | foo | -| calls.rb:542:9:542:28 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:542:9:542:32 | call to bar | calls.rb:534:15:536:7 | bar | -| calls.rb:546:1:546:20 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:547:1:547:20 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:548:1:548:20 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:548:1:548:24 | call to baz | calls.rb:538:5:543:7 | baz | -| calls.rb:552:9:552:11 | call to foo | calls.rb:526:15:528:7 | foo | -| calls.rb:553:9:553:31 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:553:9:553:35 | call to foo | calls.rb:526:15:528:7 | foo | -| calls.rb:557:1:557:23 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:558:1:558:23 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:559:1:559:23 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:559:1:559:27 | call to baz | calls.rb:551:5:554:7 | baz | -| calls.rb:561:2:561:6 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:561:20:561:24 | call to baz | calls.rb:51:5:57:7 | baz | -| calls.rb:562:26:562:37 | call to capitalize | calls.rb:97:5:97:23 | capitalize | -| calls.rb:569:5:569:13 | call to singleton | calls.rb:565:5:566:7 | singleton | -| calls.rb:572:9:572:17 | call to singleton | calls.rb:565:5:566:7 | singleton | -| calls.rb:573:9:573:18 | call to singleton2 | calls.rb:577:5:578:7 | singleton2 | -| calls.rb:580:5:580:14 | call to mid_method | calls.rb:571:5:574:7 | mid_method | -| calls.rb:588:9:588:18 | call to singleton1 | calls.rb:584:5:585:7 | singleton1 | -| calls.rb:588:9:588:18 | call to singleton1 | calls.rb:597:5:598:7 | singleton1 | -| calls.rb:588:9:588:18 | call to singleton1 | calls.rb:606:5:607:7 | singleton1 | -| calls.rb:592:9:592:23 | call to call_singleton1 | calls.rb:587:5:589:7 | call_singleton1 | -| calls.rb:592:9:592:23 | call to call_singleton1 | calls.rb:600:5:602:7 | call_singleton1 | -| calls.rb:592:9:592:23 | call to call_singleton1 | calls.rb:609:5:611:7 | call_singleton1 | -| calls.rb:601:9:601:18 | call to singleton1 | calls.rb:597:5:598:7 | singleton1 | -| calls.rb:610:9:610:18 | call to singleton1 | calls.rb:606:5:607:7 | singleton1 | -| calls.rb:614:1:614:31 | call to call_call_singleton1 | calls.rb:591:5:593:7 | call_call_singleton1 | -| calls.rb:615:1:615:31 | call to call_call_singleton1 | calls.rb:591:5:593:7 | call_call_singleton1 | -| calls.rb:616:1:616:31 | call to call_call_singleton1 | calls.rb:591:5:593:7 | call_call_singleton1 | -| calls.rb:620:9:620:16 | call to bar | calls.rb:622:5:623:7 | bar | -| calls.rb:620:9:620:16 | call to bar | calls.rb:628:5:630:7 | bar | -| calls.rb:627:5:627:20 | call to include | calls.rb:108:5:110:7 | include | -| calls.rb:629:9:629:13 | super call to bar | calls.rb:622:5:623:7 | bar | -| calls.rb:635:9:635:14 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:639:1:639:14 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:639:1:639:14 | call to new | calls.rb:634:5:636:7 | new | -| calls.rb:639:1:639:23 | call to instance | calls.rb:326:5:328:7 | instance | -| calls.rb:647:9:647:34 | call to puts | calls.rb:102:5:102:30 | puts | -| calls.rb:651:1:651:14 | call to new | calls.rb:117:5:117:16 | new | -| calls.rb:651:1:651:14 | call to new | calls.rb:642:5:644:7 | new | -| calls.rb:651:1:651:23 | call to instance | calls.rb:646:5:648:7 | instance | +| calls.rb:449:9:449:44 | call to puts | calls.rb:102:5:102:30 | puts | +| calls.rb:452:13:452:48 | call to puts | calls.rb:102:5:102:30 | puts | +| calls.rb:455:17:455:52 | call to puts | calls.rb:102:5:102:30 | puts | +| calls.rb:463:9:467:11 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:463:9:467:15 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:465:17:465:40 | call to puts | calls.rb:102:5:102:30 | puts | +| calls.rb:471:1:471:30 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:471:1:471:33 | call to m1 | calls.rb:443:9:445:11 | m1 | +| calls.rb:472:1:472:30 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:473:1:473:30 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:473:1:473:33 | call to m2 | calls.rb:448:5:460:7 | m2 | +| calls.rb:474:1:474:30 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:475:1:475:30 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:476:1:476:30 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:478:27:496:3 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:481:13:481:22 | call to puts | calls.rb:102:5:102:30 | puts | +| calls.rb:485:5:489:7 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:485:5:489:11 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:487:13:487:22 | call to puts | calls.rb:102:5:102:30 | puts | +| calls.rb:493:13:493:27 | call to puts | calls.rb:102:5:102:30 | puts | +| calls.rb:498:1:498:27 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:499:1:499:27 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:500:1:500:27 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:501:1:501:27 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:502:1:502:27 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:512:1:512:31 | call to singleton | calls.rb:505:5:507:7 | singleton | +| calls.rb:518:1:518:32 | call to singleton | calls.rb:505:5:507:7 | singleton | +| calls.rb:525:1:525:32 | call to singleton | calls.rb:505:5:507:7 | singleton | +| calls.rb:531:1:531:13 | call to singleton | calls.rb:505:5:507:7 | singleton | +| calls.rb:540:5:540:35 | call to include | calls.rb:108:5:110:7 | include | +| calls.rb:543:9:543:35 | call to puts | calls.rb:102:5:102:30 | puts | +| calls.rb:547:9:547:11 | call to foo | calls.rb:534:15:536:7 | foo | +| calls.rb:548:9:548:11 | call to bar | calls.rb:542:15:544:7 | bar | +| calls.rb:549:9:549:28 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:549:9:549:32 | call to foo | calls.rb:534:15:536:7 | foo | +| calls.rb:550:9:550:28 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:550:9:550:32 | call to bar | calls.rb:542:15:544:7 | bar | +| calls.rb:554:1:554:20 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:555:1:555:20 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:556:1:556:20 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:556:1:556:24 | call to baz | calls.rb:546:5:551:7 | baz | +| calls.rb:560:9:560:11 | call to foo | calls.rb:534:15:536:7 | foo | +| calls.rb:561:9:561:31 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:561:9:561:35 | call to foo | calls.rb:534:15:536:7 | foo | +| calls.rb:565:1:565:23 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:566:1:566:23 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:567:1:567:23 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:567:1:567:27 | call to baz | calls.rb:559:5:562:7 | baz | +| calls.rb:569:2:569:6 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:569:20:569:24 | call to baz | calls.rb:51:5:57:7 | baz | +| calls.rb:570:26:570:37 | call to capitalize | calls.rb:97:5:97:23 | capitalize | +| calls.rb:577:5:577:13 | call to singleton | calls.rb:573:5:574:7 | singleton | +| calls.rb:580:9:580:17 | call to singleton | calls.rb:573:5:574:7 | singleton | +| calls.rb:581:9:581:18 | call to singleton2 | calls.rb:585:5:586:7 | singleton2 | +| calls.rb:588:5:588:14 | call to mid_method | calls.rb:579:5:582:7 | mid_method | +| calls.rb:596:9:596:18 | call to singleton1 | calls.rb:592:5:593:7 | singleton1 | +| calls.rb:596:9:596:18 | call to singleton1 | calls.rb:605:5:606:7 | singleton1 | +| calls.rb:596:9:596:18 | call to singleton1 | calls.rb:614:5:615:7 | singleton1 | +| calls.rb:600:9:600:23 | call to call_singleton1 | calls.rb:595:5:597:7 | call_singleton1 | +| calls.rb:600:9:600:23 | call to call_singleton1 | calls.rb:608:5:610:7 | call_singleton1 | +| calls.rb:600:9:600:23 | call to call_singleton1 | calls.rb:617:5:619:7 | call_singleton1 | +| calls.rb:609:9:609:18 | call to singleton1 | calls.rb:605:5:606:7 | singleton1 | +| calls.rb:618:9:618:18 | call to singleton1 | calls.rb:614:5:615:7 | singleton1 | +| calls.rb:622:1:622:31 | call to call_call_singleton1 | calls.rb:599:5:601:7 | call_call_singleton1 | +| calls.rb:623:1:623:31 | call to call_call_singleton1 | calls.rb:599:5:601:7 | call_call_singleton1 | +| calls.rb:624:1:624:31 | call to call_call_singleton1 | calls.rb:599:5:601:7 | call_call_singleton1 | +| calls.rb:628:9:628:16 | call to bar | calls.rb:630:5:631:7 | bar | +| calls.rb:628:9:628:16 | call to bar | calls.rb:636:5:638:7 | bar | +| calls.rb:635:5:635:20 | call to include | calls.rb:108:5:110:7 | include | +| calls.rb:637:9:637:13 | super call to bar | calls.rb:630:5:631:7 | bar | +| calls.rb:643:9:643:14 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:647:1:647:14 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:647:1:647:14 | call to new | calls.rb:642:5:644:7 | new | +| calls.rb:647:1:647:23 | call to instance | calls.rb:326:5:328:7 | instance | +| calls.rb:655:9:655:34 | call to puts | calls.rb:102:5:102:30 | puts | +| calls.rb:659:1:659:14 | call to new | calls.rb:117:5:117:16 | new | +| calls.rb:659:1:659:14 | call to new | calls.rb:650:5:652:7 | new | +| calls.rb:659:1:659:23 | call to instance | calls.rb:654:5:656:7 | instance | +| calls.rb:667:2:667:25 | call to capture_parameter | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:667:20:667:25 | call to new | calls.rb:117:5:117:16 | new | | hello.rb:12:5:12:24 | call to include | calls.rb:108:5:110:7 | include | | hello.rb:14:16:14:20 | call to hello | hello.rb:2:5:4:7 | hello | | hello.rb:20:16:20:20 | super call to message | hello.rb:13:5:15:7 | message | @@ -330,46 +341,49 @@ unresolvedCall | calls.rb:274:1:274:14 | call to singleton_g | | calls.rb:276:1:276:14 | call to singleton_g | | calls.rb:313:9:313:20 | call to instance | -| calls.rb:434:8:434:13 | call to rand | -| calls.rb:434:8:434:17 | ... > ... | -| calls.rb:451:9:451:10 | call to m3 | -| calls.rb:454:8:454:13 | call to rand | -| calls.rb:454:8:454:17 | ... > ... | -| calls.rb:455:9:459:18 | call to m5 | -| calls.rb:464:1:464:33 | call to m3 | -| calls.rb:466:1:466:33 | call to m3 | -| calls.rb:467:1:467:33 | call to m4 | -| calls.rb:468:1:468:33 | call to m5 | -| calls.rb:471:5:471:11 | call to [] | -| calls.rb:471:5:475:7 | call to each | -| calls.rb:477:5:481:15 | call to bar | -| calls.rb:483:5:483:11 | call to [] | -| calls.rb:483:5:487:7 | call to each | -| calls.rb:484:9:486:11 | call to define_method | -| calls.rb:490:1:490:31 | call to foo | -| calls.rb:491:1:491:31 | call to bar | -| calls.rb:492:1:492:33 | call to baz_0 | -| calls.rb:493:1:493:33 | call to baz_1 | -| calls.rb:494:1:494:33 | call to baz_2 | -| calls.rb:498:9:498:46 | call to puts | -| calls.rb:501:5:501:15 | call to extend | -| calls.rb:507:5:507:32 | call to extend | -| calls.rb:515:1:515:51 | call to extend | -| calls.rb:520:1:520:13 | call to singleton | -| calls.rb:521:1:521:32 | call to extend | -| calls.rb:526:5:528:7 | call to protected | -| calls.rb:527:9:527:42 | call to puts | +| calls.rb:442:8:442:13 | call to rand | +| calls.rb:442:8:442:17 | ... > ... | +| calls.rb:459:9:459:10 | call to m3 | +| calls.rb:462:8:462:13 | call to rand | +| calls.rb:462:8:462:17 | ... > ... | +| calls.rb:463:9:467:18 | call to m5 | +| calls.rb:472:1:472:33 | call to m3 | +| calls.rb:474:1:474:33 | call to m3 | +| calls.rb:475:1:475:33 | call to m4 | +| calls.rb:476:1:476:33 | call to m5 | +| calls.rb:479:5:479:11 | call to [] | +| calls.rb:479:5:483:7 | call to each | +| calls.rb:485:5:489:15 | call to bar | +| calls.rb:491:5:491:11 | call to [] | +| calls.rb:491:5:495:7 | call to each | +| calls.rb:492:9:494:11 | call to define_method | +| calls.rb:498:1:498:31 | call to foo | +| calls.rb:499:1:499:31 | call to bar | +| calls.rb:500:1:500:33 | call to baz_0 | +| calls.rb:501:1:501:33 | call to baz_1 | +| calls.rb:502:1:502:33 | call to baz_2 | +| calls.rb:506:9:506:46 | call to puts | +| calls.rb:509:5:509:15 | call to extend | +| calls.rb:515:5:515:32 | call to extend | +| calls.rb:523:1:523:51 | call to extend | +| calls.rb:528:1:528:13 | call to singleton | +| calls.rb:529:1:529:32 | call to extend | | calls.rb:534:5:536:7 | call to protected | -| calls.rb:546:1:546:24 | call to foo | -| calls.rb:547:1:547:24 | call to bar | -| calls.rb:557:1:557:27 | call to foo | -| calls.rb:558:1:558:27 | call to bar | -| calls.rb:561:1:561:7 | call to [] | -| calls.rb:561:1:561:26 | call to each | -| calls.rb:562:1:562:13 | call to [] | -| calls.rb:562:1:562:39 | call to each | -| calls.rb:570:5:570:14 | call to singleton2 | -| calls.rb:643:9:643:21 | call to allocate | +| calls.rb:535:9:535:42 | call to puts | +| calls.rb:542:5:544:7 | call to protected | +| calls.rb:554:1:554:24 | call to foo | +| calls.rb:555:1:555:24 | call to bar | +| calls.rb:565:1:565:27 | call to foo | +| calls.rb:566:1:566:27 | call to bar | +| calls.rb:569:1:569:7 | call to [] | +| calls.rb:569:1:569:26 | call to each | +| calls.rb:570:1:570:13 | call to [] | +| calls.rb:570:1:570:39 | call to each | +| calls.rb:578:5:578:14 | call to singleton2 | +| calls.rb:651:9:651:21 | call to allocate | +| calls.rb:662:5:662:11 | call to [] | +| calls.rb:662:5:664:7 | call to each | +| calls.rb:667:1:667:35 | call to instance | | hello.rb:20:16:20:26 | ... + ... | | hello.rb:20:16:20:34 | ... + ... | | hello.rb:20:16:20:40 | ... + ... | @@ -397,10 +411,11 @@ privateMethod | calls.rb:158:1:160:3 | indirect | | calls.rb:185:1:186:3 | private_on_main | | calls.rb:278:1:286:3 | create | -| calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:367:1:371:3 | add_singleton | -| calls.rb:472:9:474:11 | foo | -| calls.rb:478:9:480:11 | bar | +| calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:374:1:378:3 | add_singleton | +| calls.rb:480:9:482:11 | foo | +| calls.rb:486:9:488:11 | bar | +| calls.rb:661:1:665:3 | capture_parameter | | private.rb:2:11:3:5 | private1 | | private.rb:8:3:9:5 | private2 | | private.rb:14:3:15:5 | private3 | @@ -459,42 +474,43 @@ publicMethod | calls.rb:311:5:314:7 | instance | | calls.rb:316:5:318:7 | singleton | | calls.rb:326:5:328:7 | instance | -| calls.rb:332:5:334:7 | instance | -| calls.rb:338:5:340:7 | instance | -| calls.rb:368:5:370:7 | instance | -| calls.rb:379:9:381:11 | singleton1 | -| calls.rb:383:9:385:11 | call_singleton1 | -| calls.rb:387:9:389:11 | factory | -| calls.rb:392:5:394:7 | singleton2 | -| calls.rb:396:5:398:7 | call_singleton2 | -| calls.rb:402:5:404:7 | instance1 | -| calls.rb:414:9:416:11 | singleton1 | -| calls.rb:419:5:421:7 | singleton2 | -| calls.rb:423:5:425:7 | instance1 | -| calls.rb:435:9:437:11 | m1 | -| calls.rb:440:5:452:7 | m2 | -| calls.rb:443:9:449:11 | m3 | -| calls.rb:446:13:448:15 | m4 | -| calls.rb:456:13:458:15 | m5 | -| calls.rb:497:5:499:7 | singleton | -| calls.rb:538:5:543:7 | baz | -| calls.rb:551:5:554:7 | baz | -| calls.rb:565:5:566:7 | singleton | -| calls.rb:571:5:574:7 | mid_method | -| calls.rb:577:5:578:7 | singleton2 | -| calls.rb:584:5:585:7 | singleton1 | -| calls.rb:587:5:589:7 | call_singleton1 | -| calls.rb:591:5:593:7 | call_call_singleton1 | -| calls.rb:597:5:598:7 | singleton1 | -| calls.rb:600:5:602:7 | call_singleton1 | -| calls.rb:606:5:607:7 | singleton1 | -| calls.rb:609:5:611:7 | call_singleton1 | -| calls.rb:619:5:621:7 | foo | -| calls.rb:622:5:623:7 | bar | -| calls.rb:628:5:630:7 | bar | -| calls.rb:634:5:636:7 | new | +| calls.rb:330:5:332:7 | return_self | +| calls.rb:336:5:338:7 | instance | +| calls.rb:342:5:344:7 | instance | +| calls.rb:375:5:377:7 | instance | +| calls.rb:387:9:389:11 | singleton1 | +| calls.rb:391:9:393:11 | call_singleton1 | +| calls.rb:395:9:397:11 | factory | +| calls.rb:400:5:402:7 | singleton2 | +| calls.rb:404:5:406:7 | call_singleton2 | +| calls.rb:410:5:412:7 | instance1 | +| calls.rb:422:9:424:11 | singleton1 | +| calls.rb:427:5:429:7 | singleton2 | +| calls.rb:431:5:433:7 | instance1 | +| calls.rb:443:9:445:11 | m1 | +| calls.rb:448:5:460:7 | m2 | +| calls.rb:451:9:457:11 | m3 | +| calls.rb:454:13:456:15 | m4 | +| calls.rb:464:13:466:15 | m5 | +| calls.rb:505:5:507:7 | singleton | +| calls.rb:546:5:551:7 | baz | +| calls.rb:559:5:562:7 | baz | +| calls.rb:573:5:574:7 | singleton | +| calls.rb:579:5:582:7 | mid_method | +| calls.rb:585:5:586:7 | singleton2 | +| calls.rb:592:5:593:7 | singleton1 | +| calls.rb:595:5:597:7 | call_singleton1 | +| calls.rb:599:5:601:7 | call_call_singleton1 | +| calls.rb:605:5:606:7 | singleton1 | +| calls.rb:608:5:610:7 | call_singleton1 | +| calls.rb:614:5:615:7 | singleton1 | +| calls.rb:617:5:619:7 | call_singleton1 | +| calls.rb:627:5:629:7 | foo | +| calls.rb:630:5:631:7 | bar | +| calls.rb:636:5:638:7 | bar | | calls.rb:642:5:644:7 | new | -| calls.rb:646:5:648:7 | instance | +| calls.rb:650:5:652:7 | new | +| calls.rb:654:5:656:7 | instance | | hello.rb:2:5:4:7 | hello | | hello.rb:5:5:7:7 | world | | hello.rb:13:5:15:7 | message | @@ -522,7 +538,7 @@ publicMethod | toplevel_self_singleton.rb:26:9:27:11 | call_me | | toplevel_self_singleton.rb:29:9:32:11 | call_you | protectedMethod -| calls.rb:526:15:528:7 | foo | -| calls.rb:534:15:536:7 | bar | +| calls.rb:534:15:536:7 | foo | +| calls.rb:542:15:544:7 | bar | | private.rb:32:3:33:5 | protected1 | | private.rb:35:3:36:5 | protected2 | diff --git a/ruby/ql/test/library-tests/modules/calls.rb b/ruby/ql/test/library-tests/modules/calls.rb index 27d90f84e93..ed0ee9528d6 100644 --- a/ruby/ql/test/library-tests/modules/calls.rb +++ b/ruby/ql/test/library-tests/modules/calls.rb @@ -326,6 +326,10 @@ class C1 def instance puts "C1#instance" end + + def return_self + self + end end class C2 < C1 @@ -360,10 +364,13 @@ end c1 = C1.new c1.instance + pattern_dispatch (C1.new) pattern_dispatch (C2.new) pattern_dispatch (C3.new) +C3.new.return_self.instance + def add_singleton x def x.instance puts "instance_on x" @@ -373,6 +380,7 @@ end c3 = C1.new add_singleton c3 c3.instance +c3.return_self.instance class SingletonOverride1 class << self @@ -649,3 +657,11 @@ class CustomNew2 end CustomNew2.new.instance + +def capture_parameter x + [0,1,2].each do + x + end +end + +(capture_parameter C1.new).instance # NoMethodError diff --git a/ruby/ql/test/library-tests/modules/methods.expected b/ruby/ql/test/library-tests/modules/methods.expected index cb936f30778..19d39d0ed6a 100644 --- a/ruby/ql/test/library-tests/modules/methods.expected +++ b/ruby/ql/test/library-tests/modules/methods.expected @@ -10,9 +10,10 @@ getMethod | calls.rb:105:1:113:3 | Module | module_eval | calls.rb:107:5:107:24 | module_eval | | calls.rb:105:1:113:3 | Module | prepend | calls.rb:111:5:111:20 | prepend | | calls.rb:105:1:113:3 | Module | private | calls.rb:112:5:112:20 | private | -| calls.rb:115:1:118:3 | Object | add_singleton | calls.rb:367:1:371:3 | add_singleton | +| calls.rb:115:1:118:3 | Object | add_singleton | calls.rb:374:1:378:3 | add_singleton | | calls.rb:115:1:118:3 | Object | call_block | calls.rb:81:1:83:3 | call_block | | calls.rb:115:1:118:3 | Object | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:115:1:118:3 | Object | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | | calls.rb:115:1:118:3 | Object | create | calls.rb:278:1:286:3 | create | | calls.rb:115:1:118:3 | Object | foo | calls.rb:1:1:3:3 | foo | | calls.rb:115:1:118:3 | Object | foo | calls.rb:85:1:89:3 | foo | @@ -20,7 +21,7 @@ getMethod | calls.rb:115:1:118:3 | Object | indirect | calls.rb:158:1:160:3 | indirect | | calls.rb:115:1:118:3 | Object | new | calls.rb:117:5:117:16 | new | | calls.rb:115:1:118:3 | Object | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:115:1:118:3 | Object | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | +| calls.rb:115:1:118:3 | Object | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | | calls.rb:115:1:118:3 | Object | private_on_main | calls.rb:185:1:186:3 | private_on_main | | calls.rb:115:1:118:3 | Object | private_on_main | private.rb:51:1:52:3 | private_on_main | | calls.rb:120:1:123:3 | Hash | [] | calls.rb:122:5:122:31 | [] | @@ -33,22 +34,23 @@ getMethod | calls.rb:190:1:226:3 | Singletons | call_singleton_g | calls.rb:223:5:225:7 | call_singleton_g | | calls.rb:190:1:226:3 | Singletons | instance | calls.rb:210:5:215:7 | instance | | calls.rb:310:1:321:3 | SelfNew | instance | calls.rb:311:5:314:7 | instance | -| calls.rb:325:1:329:3 | C1 | instance | calls.rb:326:5:328:7 | instance | -| calls.rb:331:1:335:3 | C2 | instance | calls.rb:332:5:334:7 | instance | -| calls.rb:337:1:341:3 | C3 | instance | calls.rb:338:5:340:7 | instance | -| calls.rb:377:1:405:3 | SingletonOverride1 | instance1 | calls.rb:402:5:404:7 | instance1 | -| calls.rb:412:1:426:3 | SingletonOverride2 | instance1 | calls.rb:423:5:425:7 | instance1 | -| calls.rb:433:1:461:3 | ConditionalInstanceMethods | m1 | calls.rb:435:9:437:11 | m1 | -| calls.rb:433:1:461:3 | ConditionalInstanceMethods | m2 | calls.rb:440:5:452:7 | m2 | -| calls.rb:496:1:502:3 | ExtendSingletonMethod | singleton | calls.rb:497:5:499:7 | singleton | -| calls.rb:525:1:529:3 | ProtectedMethodInModule | foo | calls.rb:526:15:528:7 | foo | -| calls.rb:531:1:544:3 | ProtectedMethods | bar | calls.rb:534:15:536:7 | bar | -| calls.rb:531:1:544:3 | ProtectedMethods | baz | calls.rb:538:5:543:7 | baz | -| calls.rb:550:1:555:3 | ProtectedMethodsSub | baz | calls.rb:551:5:554:7 | baz | -| calls.rb:618:1:624:3 | Included | bar | calls.rb:622:5:623:7 | bar | -| calls.rb:618:1:624:3 | Included | foo | calls.rb:619:5:621:7 | foo | -| calls.rb:626:1:631:3 | IncludesIncluded | bar | calls.rb:628:5:630:7 | bar | -| calls.rb:641:1:649:3 | CustomNew2 | instance | calls.rb:646:5:648:7 | instance | +| calls.rb:325:1:333:3 | C1 | instance | calls.rb:326:5:328:7 | instance | +| calls.rb:325:1:333:3 | C1 | return_self | calls.rb:330:5:332:7 | return_self | +| calls.rb:335:1:339:3 | C2 | instance | calls.rb:336:5:338:7 | instance | +| calls.rb:341:1:345:3 | C3 | instance | calls.rb:342:5:344:7 | instance | +| calls.rb:385:1:413:3 | SingletonOverride1 | instance1 | calls.rb:410:5:412:7 | instance1 | +| calls.rb:420:1:434:3 | SingletonOverride2 | instance1 | calls.rb:431:5:433:7 | instance1 | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | m1 | calls.rb:443:9:445:11 | m1 | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | m2 | calls.rb:448:5:460:7 | m2 | +| calls.rb:504:1:510:3 | ExtendSingletonMethod | singleton | calls.rb:505:5:507:7 | singleton | +| calls.rb:533:1:537:3 | ProtectedMethodInModule | foo | calls.rb:534:15:536:7 | foo | +| calls.rb:539:1:552:3 | ProtectedMethods | bar | calls.rb:542:15:544:7 | bar | +| calls.rb:539:1:552:3 | ProtectedMethods | baz | calls.rb:546:5:551:7 | baz | +| calls.rb:558:1:563:3 | ProtectedMethodsSub | baz | calls.rb:559:5:562:7 | baz | +| calls.rb:626:1:632:3 | Included | bar | calls.rb:630:5:631:7 | bar | +| calls.rb:626:1:632:3 | Included | foo | calls.rb:627:5:629:7 | foo | +| calls.rb:634:1:639:3 | IncludesIncluded | bar | calls.rb:636:5:638:7 | bar | +| calls.rb:649:1:657:3 | CustomNew2 | instance | calls.rb:654:5:656:7 | instance | | hello.rb:1:1:8:3 | EnglishWords | hello | hello.rb:2:5:4:7 | hello | | hello.rb:1:1:8:3 | EnglishWords | world | hello.rb:5:5:7:7 | world | | hello.rb:11:1:16:3 | Greeting | message | hello.rb:13:5:15:7 | message | @@ -81,10 +83,11 @@ getMethod | private.rb:96:1:102:3 | PrivateOverride2 | m1 | private.rb:97:11:101:5 | m1 | lookupMethod | calls.rb:21:1:34:3 | M | instance_m | calls.rb:22:5:24:7 | instance_m | -| calls.rb:43:1:58:3 | C | add_singleton | calls.rb:367:1:371:3 | add_singleton | +| calls.rb:43:1:58:3 | C | add_singleton | calls.rb:374:1:378:3 | add_singleton | | calls.rb:43:1:58:3 | C | baz | calls.rb:51:5:57:7 | baz | | calls.rb:43:1:58:3 | C | call_block | calls.rb:81:1:83:3 | call_block | | calls.rb:43:1:58:3 | C | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:43:1:58:3 | C | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | | calls.rb:43:1:58:3 | C | create | calls.rb:278:1:286:3 | create | | calls.rb:43:1:58:3 | C | foo | calls.rb:1:1:3:3 | foo | | calls.rb:43:1:58:3 | C | foo | calls.rb:85:1:89:3 | foo | @@ -93,14 +96,15 @@ lookupMethod | calls.rb:43:1:58:3 | C | instance_m | calls.rb:22:5:24:7 | instance_m | | calls.rb:43:1:58:3 | C | new | calls.rb:117:5:117:16 | new | | calls.rb:43:1:58:3 | C | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:43:1:58:3 | C | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | +| calls.rb:43:1:58:3 | C | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | | calls.rb:43:1:58:3 | C | private_on_main | calls.rb:185:1:186:3 | private_on_main | | calls.rb:43:1:58:3 | C | puts | calls.rb:102:5:102:30 | puts | | calls.rb:43:1:58:3 | C | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:65:1:69:3 | D | add_singleton | calls.rb:367:1:371:3 | add_singleton | +| calls.rb:65:1:69:3 | D | add_singleton | calls.rb:374:1:378:3 | add_singleton | | calls.rb:65:1:69:3 | D | baz | calls.rb:66:5:68:7 | baz | | calls.rb:65:1:69:3 | D | call_block | calls.rb:81:1:83:3 | call_block | | calls.rb:65:1:69:3 | D | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:65:1:69:3 | D | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | | calls.rb:65:1:69:3 | D | create | calls.rb:278:1:286:3 | create | | calls.rb:65:1:69:3 | D | foo | calls.rb:1:1:3:3 | foo | | calls.rb:65:1:69:3 | D | foo | calls.rb:85:1:89:3 | foo | @@ -109,7 +113,7 @@ lookupMethod | calls.rb:65:1:69:3 | D | instance_m | calls.rb:22:5:24:7 | instance_m | | calls.rb:65:1:69:3 | D | new | calls.rb:117:5:117:16 | new | | calls.rb:65:1:69:3 | D | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:65:1:69:3 | D | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | +| calls.rb:65:1:69:3 | D | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | | calls.rb:65:1:69:3 | D | private_on_main | calls.rb:185:1:186:3 | private_on_main | | calls.rb:65:1:69:3 | D | puts | calls.rb:102:5:102:30 | puts | | calls.rb:65:1:69:3 | D | to_s | calls.rb:172:5:173:7 | to_s | @@ -118,10 +122,11 @@ lookupMethod | calls.rb:91:1:94:3 | Integer | new | calls.rb:117:5:117:16 | new | | calls.rb:91:1:94:3 | Integer | puts | calls.rb:102:5:102:30 | puts | | calls.rb:91:1:94:3 | Integer | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:96:1:98:3 | String | add_singleton | calls.rb:367:1:371:3 | add_singleton | +| calls.rb:96:1:98:3 | String | add_singleton | calls.rb:374:1:378:3 | add_singleton | | calls.rb:96:1:98:3 | String | call_block | calls.rb:81:1:83:3 | call_block | | calls.rb:96:1:98:3 | String | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | | calls.rb:96:1:98:3 | String | capitalize | calls.rb:97:5:97:23 | capitalize | +| calls.rb:96:1:98:3 | String | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | | calls.rb:96:1:98:3 | String | create | calls.rb:278:1:286:3 | create | | calls.rb:96:1:98:3 | String | foo | calls.rb:1:1:3:3 | foo | | calls.rb:96:1:98:3 | String | foo | calls.rb:85:1:89:3 | foo | @@ -129,14 +134,15 @@ lookupMethod | calls.rb:96:1:98:3 | String | indirect | calls.rb:158:1:160:3 | indirect | | calls.rb:96:1:98:3 | String | new | calls.rb:117:5:117:16 | new | | calls.rb:96:1:98:3 | String | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:96:1:98:3 | String | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | +| calls.rb:96:1:98:3 | String | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | | calls.rb:96:1:98:3 | String | private_on_main | calls.rb:185:1:186:3 | private_on_main | | calls.rb:96:1:98:3 | String | puts | calls.rb:102:5:102:30 | puts | | calls.rb:96:1:98:3 | String | to_s | calls.rb:172:5:173:7 | to_s | | calls.rb:100:1:103:3 | Kernel | puts | calls.rb:102:5:102:30 | puts | -| calls.rb:105:1:113:3 | Module | add_singleton | calls.rb:367:1:371:3 | add_singleton | +| calls.rb:105:1:113:3 | Module | add_singleton | calls.rb:374:1:378:3 | add_singleton | | calls.rb:105:1:113:3 | Module | call_block | calls.rb:81:1:83:3 | call_block | | calls.rb:105:1:113:3 | Module | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:105:1:113:3 | Module | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | | calls.rb:105:1:113:3 | Module | create | calls.rb:278:1:286:3 | create | | calls.rb:105:1:113:3 | Module | foo | calls.rb:1:1:3:3 | foo | | calls.rb:105:1:113:3 | Module | foo | calls.rb:85:1:89:3 | foo | @@ -146,15 +152,16 @@ lookupMethod | calls.rb:105:1:113:3 | Module | module_eval | calls.rb:107:5:107:24 | module_eval | | calls.rb:105:1:113:3 | Module | new | calls.rb:117:5:117:16 | new | | calls.rb:105:1:113:3 | Module | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:105:1:113:3 | Module | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | +| calls.rb:105:1:113:3 | Module | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | | calls.rb:105:1:113:3 | Module | prepend | calls.rb:111:5:111:20 | prepend | | calls.rb:105:1:113:3 | Module | private | calls.rb:112:5:112:20 | private | | calls.rb:105:1:113:3 | Module | private_on_main | calls.rb:185:1:186:3 | private_on_main | | calls.rb:105:1:113:3 | Module | puts | calls.rb:102:5:102:30 | puts | | calls.rb:105:1:113:3 | Module | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:115:1:118:3 | Object | add_singleton | calls.rb:367:1:371:3 | add_singleton | +| calls.rb:115:1:118:3 | Object | add_singleton | calls.rb:374:1:378:3 | add_singleton | | calls.rb:115:1:118:3 | Object | call_block | calls.rb:81:1:83:3 | call_block | | calls.rb:115:1:118:3 | Object | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:115:1:118:3 | Object | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | | calls.rb:115:1:118:3 | Object | create | calls.rb:278:1:286:3 | create | | calls.rb:115:1:118:3 | Object | foo | calls.rb:1:1:3:3 | foo | | calls.rb:115:1:118:3 | Object | foo | calls.rb:85:1:89:3 | foo | @@ -162,15 +169,16 @@ lookupMethod | calls.rb:115:1:118:3 | Object | indirect | calls.rb:158:1:160:3 | indirect | | calls.rb:115:1:118:3 | Object | new | calls.rb:117:5:117:16 | new | | calls.rb:115:1:118:3 | Object | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:115:1:118:3 | Object | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | +| calls.rb:115:1:118:3 | Object | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | | calls.rb:115:1:118:3 | Object | private_on_main | calls.rb:185:1:186:3 | private_on_main | | calls.rb:115:1:118:3 | Object | private_on_main | private.rb:51:1:52:3 | private_on_main | | calls.rb:115:1:118:3 | Object | puts | calls.rb:102:5:102:30 | puts | | calls.rb:115:1:118:3 | Object | to_s | calls.rb:172:5:173:7 | to_s | | calls.rb:120:1:123:3 | Hash | [] | calls.rb:122:5:122:31 | [] | -| calls.rb:120:1:123:3 | Hash | add_singleton | calls.rb:367:1:371:3 | add_singleton | +| calls.rb:120:1:123:3 | Hash | add_singleton | calls.rb:374:1:378:3 | add_singleton | | calls.rb:120:1:123:3 | Hash | call_block | calls.rb:81:1:83:3 | call_block | | calls.rb:120:1:123:3 | Hash | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:120:1:123:3 | Hash | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | | calls.rb:120:1:123:3 | Hash | create | calls.rb:278:1:286:3 | create | | calls.rb:120:1:123:3 | Hash | foo | calls.rb:1:1:3:3 | foo | | calls.rb:120:1:123:3 | Hash | foo | calls.rb:85:1:89:3 | foo | @@ -178,14 +186,15 @@ lookupMethod | calls.rb:120:1:123:3 | Hash | indirect | calls.rb:158:1:160:3 | indirect | | calls.rb:120:1:123:3 | Hash | new | calls.rb:117:5:117:16 | new | | calls.rb:120:1:123:3 | Hash | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:120:1:123:3 | Hash | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | +| calls.rb:120:1:123:3 | Hash | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | | calls.rb:120:1:123:3 | Hash | private_on_main | calls.rb:185:1:186:3 | private_on_main | | calls.rb:120:1:123:3 | Hash | puts | calls.rb:102:5:102:30 | puts | | calls.rb:120:1:123:3 | Hash | to_s | calls.rb:172:5:173:7 | to_s | | calls.rb:125:1:138:3 | Array | [] | calls.rb:127:3:127:29 | [] | -| calls.rb:125:1:138:3 | Array | add_singleton | calls.rb:367:1:371:3 | add_singleton | +| calls.rb:125:1:138:3 | Array | add_singleton | calls.rb:374:1:378:3 | add_singleton | | calls.rb:125:1:138:3 | Array | call_block | calls.rb:81:1:83:3 | call_block | | calls.rb:125:1:138:3 | Array | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:125:1:138:3 | Array | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | | calls.rb:125:1:138:3 | Array | create | calls.rb:278:1:286:3 | create | | calls.rb:125:1:138:3 | Array | foo | calls.rb:1:1:3:3 | foo | | calls.rb:125:1:138:3 | Array | foo | calls.rb:85:1:89:3 | foo | @@ -195,13 +204,14 @@ lookupMethod | calls.rb:125:1:138:3 | Array | length | calls.rb:129:3:129:17 | length | | calls.rb:125:1:138:3 | Array | new | calls.rb:117:5:117:16 | new | | calls.rb:125:1:138:3 | Array | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:125:1:138:3 | Array | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | +| calls.rb:125:1:138:3 | Array | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | | calls.rb:125:1:138:3 | Array | private_on_main | calls.rb:185:1:186:3 | private_on_main | | calls.rb:125:1:138:3 | Array | puts | calls.rb:102:5:102:30 | puts | | calls.rb:125:1:138:3 | Array | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:165:1:169:3 | S | add_singleton | calls.rb:367:1:371:3 | add_singleton | +| calls.rb:165:1:169:3 | S | add_singleton | calls.rb:374:1:378:3 | add_singleton | | calls.rb:165:1:169:3 | S | call_block | calls.rb:81:1:83:3 | call_block | | calls.rb:165:1:169:3 | S | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:165:1:169:3 | S | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | | calls.rb:165:1:169:3 | S | create | calls.rb:278:1:286:3 | create | | calls.rb:165:1:169:3 | S | foo | calls.rb:1:1:3:3 | foo | | calls.rb:165:1:169:3 | S | foo | calls.rb:85:1:89:3 | foo | @@ -209,14 +219,15 @@ lookupMethod | calls.rb:165:1:169:3 | S | indirect | calls.rb:158:1:160:3 | indirect | | calls.rb:165:1:169:3 | S | new | calls.rb:117:5:117:16 | new | | calls.rb:165:1:169:3 | S | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:165:1:169:3 | S | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | +| calls.rb:165:1:169:3 | S | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | | calls.rb:165:1:169:3 | S | private_on_main | calls.rb:185:1:186:3 | private_on_main | | calls.rb:165:1:169:3 | S | puts | calls.rb:102:5:102:30 | puts | | calls.rb:165:1:169:3 | S | s_method | calls.rb:166:5:168:7 | s_method | | calls.rb:165:1:169:3 | S | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:171:1:174:3 | A | add_singleton | calls.rb:367:1:371:3 | add_singleton | +| calls.rb:171:1:174:3 | A | add_singleton | calls.rb:374:1:378:3 | add_singleton | | calls.rb:171:1:174:3 | A | call_block | calls.rb:81:1:83:3 | call_block | | calls.rb:171:1:174:3 | A | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:171:1:174:3 | A | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | | calls.rb:171:1:174:3 | A | create | calls.rb:278:1:286:3 | create | | calls.rb:171:1:174:3 | A | foo | calls.rb:1:1:3:3 | foo | | calls.rb:171:1:174:3 | A | foo | calls.rb:85:1:89:3 | foo | @@ -224,14 +235,15 @@ lookupMethod | calls.rb:171:1:174:3 | A | indirect | calls.rb:158:1:160:3 | indirect | | calls.rb:171:1:174:3 | A | new | calls.rb:117:5:117:16 | new | | calls.rb:171:1:174:3 | A | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:171:1:174:3 | A | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | +| calls.rb:171:1:174:3 | A | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | | calls.rb:171:1:174:3 | A | private_on_main | calls.rb:185:1:186:3 | private_on_main | | calls.rb:171:1:174:3 | A | puts | calls.rb:102:5:102:30 | puts | | calls.rb:171:1:174:3 | A | s_method | calls.rb:166:5:168:7 | s_method | | calls.rb:171:1:174:3 | A | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:176:1:179:3 | B | add_singleton | calls.rb:367:1:371:3 | add_singleton | +| calls.rb:176:1:179:3 | B | add_singleton | calls.rb:374:1:378:3 | add_singleton | | calls.rb:176:1:179:3 | B | call_block | calls.rb:81:1:83:3 | call_block | | calls.rb:176:1:179:3 | B | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:176:1:179:3 | B | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | | calls.rb:176:1:179:3 | B | create | calls.rb:278:1:286:3 | create | | calls.rb:176:1:179:3 | B | foo | calls.rb:1:1:3:3 | foo | | calls.rb:176:1:179:3 | B | foo | calls.rb:85:1:89:3 | foo | @@ -239,15 +251,16 @@ lookupMethod | calls.rb:176:1:179:3 | B | indirect | calls.rb:158:1:160:3 | indirect | | calls.rb:176:1:179:3 | B | new | calls.rb:117:5:117:16 | new | | calls.rb:176:1:179:3 | B | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:176:1:179:3 | B | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | +| calls.rb:176:1:179:3 | B | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | | calls.rb:176:1:179:3 | B | private_on_main | calls.rb:185:1:186:3 | private_on_main | | calls.rb:176:1:179:3 | B | puts | calls.rb:102:5:102:30 | puts | | calls.rb:176:1:179:3 | B | s_method | calls.rb:166:5:168:7 | s_method | | calls.rb:176:1:179:3 | B | to_s | calls.rb:177:5:178:7 | to_s | -| calls.rb:190:1:226:3 | Singletons | add_singleton | calls.rb:367:1:371:3 | add_singleton | +| calls.rb:190:1:226:3 | Singletons | add_singleton | calls.rb:374:1:378:3 | add_singleton | | calls.rb:190:1:226:3 | Singletons | call_block | calls.rb:81:1:83:3 | call_block | | calls.rb:190:1:226:3 | Singletons | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | | calls.rb:190:1:226:3 | Singletons | call_singleton_g | calls.rb:223:5:225:7 | call_singleton_g | +| calls.rb:190:1:226:3 | Singletons | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | | calls.rb:190:1:226:3 | Singletons | create | calls.rb:278:1:286:3 | create | | calls.rb:190:1:226:3 | Singletons | foo | calls.rb:1:1:3:3 | foo | | calls.rb:190:1:226:3 | Singletons | foo | calls.rb:85:1:89:3 | foo | @@ -256,13 +269,14 @@ lookupMethod | calls.rb:190:1:226:3 | Singletons | instance | calls.rb:210:5:215:7 | instance | | calls.rb:190:1:226:3 | Singletons | new | calls.rb:117:5:117:16 | new | | calls.rb:190:1:226:3 | Singletons | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:190:1:226:3 | Singletons | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | +| calls.rb:190:1:226:3 | Singletons | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | | calls.rb:190:1:226:3 | Singletons | private_on_main | calls.rb:185:1:186:3 | private_on_main | | calls.rb:190:1:226:3 | Singletons | puts | calls.rb:102:5:102:30 | puts | | calls.rb:190:1:226:3 | Singletons | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:310:1:321:3 | SelfNew | add_singleton | calls.rb:367:1:371:3 | add_singleton | +| calls.rb:310:1:321:3 | SelfNew | add_singleton | calls.rb:374:1:378:3 | add_singleton | | calls.rb:310:1:321:3 | SelfNew | call_block | calls.rb:81:1:83:3 | call_block | | calls.rb:310:1:321:3 | SelfNew | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:310:1:321:3 | SelfNew | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | | calls.rb:310:1:321:3 | SelfNew | create | calls.rb:278:1:286:3 | create | | calls.rb:310:1:321:3 | SelfNew | foo | calls.rb:1:1:3:3 | foo | | calls.rb:310:1:321:3 | SelfNew | foo | calls.rb:85:1:89:3 | foo | @@ -271,262 +285,282 @@ lookupMethod | calls.rb:310:1:321:3 | SelfNew | instance | calls.rb:311:5:314:7 | instance | | calls.rb:310:1:321:3 | SelfNew | new | calls.rb:117:5:117:16 | new | | calls.rb:310:1:321:3 | SelfNew | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:310:1:321:3 | SelfNew | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | +| calls.rb:310:1:321:3 | SelfNew | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | | calls.rb:310:1:321:3 | SelfNew | private_on_main | calls.rb:185:1:186:3 | private_on_main | | calls.rb:310:1:321:3 | SelfNew | puts | calls.rb:102:5:102:30 | puts | | calls.rb:310:1:321:3 | SelfNew | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:325:1:329:3 | C1 | add_singleton | calls.rb:367:1:371:3 | add_singleton | -| calls.rb:325:1:329:3 | C1 | call_block | calls.rb:81:1:83:3 | call_block | -| calls.rb:325:1:329:3 | C1 | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | -| calls.rb:325:1:329:3 | C1 | create | calls.rb:278:1:286:3 | create | -| calls.rb:325:1:329:3 | C1 | foo | calls.rb:1:1:3:3 | foo | -| calls.rb:325:1:329:3 | C1 | foo | calls.rb:85:1:89:3 | foo | -| calls.rb:325:1:329:3 | C1 | funny | calls.rb:140:1:142:3 | funny | -| calls.rb:325:1:329:3 | C1 | indirect | calls.rb:158:1:160:3 | indirect | -| calls.rb:325:1:329:3 | C1 | instance | calls.rb:326:5:328:7 | instance | -| calls.rb:325:1:329:3 | C1 | new | calls.rb:117:5:117:16 | new | -| calls.rb:325:1:329:3 | C1 | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:325:1:329:3 | C1 | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:325:1:329:3 | C1 | private_on_main | calls.rb:185:1:186:3 | private_on_main | -| calls.rb:325:1:329:3 | C1 | puts | calls.rb:102:5:102:30 | puts | -| calls.rb:325:1:329:3 | C1 | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:331:1:335:3 | C2 | add_singleton | calls.rb:367:1:371:3 | add_singleton | -| calls.rb:331:1:335:3 | C2 | call_block | calls.rb:81:1:83:3 | call_block | -| calls.rb:331:1:335:3 | C2 | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | -| calls.rb:331:1:335:3 | C2 | create | calls.rb:278:1:286:3 | create | -| calls.rb:331:1:335:3 | C2 | foo | calls.rb:1:1:3:3 | foo | -| calls.rb:331:1:335:3 | C2 | foo | calls.rb:85:1:89:3 | foo | -| calls.rb:331:1:335:3 | C2 | funny | calls.rb:140:1:142:3 | funny | -| calls.rb:331:1:335:3 | C2 | indirect | calls.rb:158:1:160:3 | indirect | -| calls.rb:331:1:335:3 | C2 | instance | calls.rb:332:5:334:7 | instance | -| calls.rb:331:1:335:3 | C2 | new | calls.rb:117:5:117:16 | new | -| calls.rb:331:1:335:3 | C2 | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:331:1:335:3 | C2 | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:331:1:335:3 | C2 | private_on_main | calls.rb:185:1:186:3 | private_on_main | -| calls.rb:331:1:335:3 | C2 | puts | calls.rb:102:5:102:30 | puts | -| calls.rb:331:1:335:3 | C2 | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:337:1:341:3 | C3 | add_singleton | calls.rb:367:1:371:3 | add_singleton | -| calls.rb:337:1:341:3 | C3 | call_block | calls.rb:81:1:83:3 | call_block | -| calls.rb:337:1:341:3 | C3 | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | -| calls.rb:337:1:341:3 | C3 | create | calls.rb:278:1:286:3 | create | -| calls.rb:337:1:341:3 | C3 | foo | calls.rb:1:1:3:3 | foo | -| calls.rb:337:1:341:3 | C3 | foo | calls.rb:85:1:89:3 | foo | -| calls.rb:337:1:341:3 | C3 | funny | calls.rb:140:1:142:3 | funny | -| calls.rb:337:1:341:3 | C3 | indirect | calls.rb:158:1:160:3 | indirect | -| calls.rb:337:1:341:3 | C3 | instance | calls.rb:338:5:340:7 | instance | -| calls.rb:337:1:341:3 | C3 | new | calls.rb:117:5:117:16 | new | -| calls.rb:337:1:341:3 | C3 | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:337:1:341:3 | C3 | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:337:1:341:3 | C3 | private_on_main | calls.rb:185:1:186:3 | private_on_main | -| calls.rb:337:1:341:3 | C3 | puts | calls.rb:102:5:102:30 | puts | -| calls.rb:337:1:341:3 | C3 | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:377:1:405:3 | SingletonOverride1 | add_singleton | calls.rb:367:1:371:3 | add_singleton | -| calls.rb:377:1:405:3 | SingletonOverride1 | call_block | calls.rb:81:1:83:3 | call_block | -| calls.rb:377:1:405:3 | SingletonOverride1 | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | -| calls.rb:377:1:405:3 | SingletonOverride1 | create | calls.rb:278:1:286:3 | create | -| calls.rb:377:1:405:3 | SingletonOverride1 | foo | calls.rb:1:1:3:3 | foo | -| calls.rb:377:1:405:3 | SingletonOverride1 | foo | calls.rb:85:1:89:3 | foo | -| calls.rb:377:1:405:3 | SingletonOverride1 | funny | calls.rb:140:1:142:3 | funny | -| calls.rb:377:1:405:3 | SingletonOverride1 | indirect | calls.rb:158:1:160:3 | indirect | -| calls.rb:377:1:405:3 | SingletonOverride1 | instance1 | calls.rb:402:5:404:7 | instance1 | -| calls.rb:377:1:405:3 | SingletonOverride1 | new | calls.rb:117:5:117:16 | new | -| calls.rb:377:1:405:3 | SingletonOverride1 | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:377:1:405:3 | SingletonOverride1 | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:377:1:405:3 | SingletonOverride1 | private_on_main | calls.rb:185:1:186:3 | private_on_main | -| calls.rb:377:1:405:3 | SingletonOverride1 | puts | calls.rb:102:5:102:30 | puts | -| calls.rb:377:1:405:3 | SingletonOverride1 | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:412:1:426:3 | SingletonOverride2 | add_singleton | calls.rb:367:1:371:3 | add_singleton | -| calls.rb:412:1:426:3 | SingletonOverride2 | call_block | calls.rb:81:1:83:3 | call_block | -| calls.rb:412:1:426:3 | SingletonOverride2 | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | -| calls.rb:412:1:426:3 | SingletonOverride2 | create | calls.rb:278:1:286:3 | create | -| calls.rb:412:1:426:3 | SingletonOverride2 | foo | calls.rb:1:1:3:3 | foo | -| calls.rb:412:1:426:3 | SingletonOverride2 | foo | calls.rb:85:1:89:3 | foo | -| calls.rb:412:1:426:3 | SingletonOverride2 | funny | calls.rb:140:1:142:3 | funny | -| calls.rb:412:1:426:3 | SingletonOverride2 | indirect | calls.rb:158:1:160:3 | indirect | -| calls.rb:412:1:426:3 | SingletonOverride2 | instance1 | calls.rb:423:5:425:7 | instance1 | -| calls.rb:412:1:426:3 | SingletonOverride2 | new | calls.rb:117:5:117:16 | new | -| calls.rb:412:1:426:3 | SingletonOverride2 | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:412:1:426:3 | SingletonOverride2 | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:412:1:426:3 | SingletonOverride2 | private_on_main | calls.rb:185:1:186:3 | private_on_main | -| calls.rb:412:1:426:3 | SingletonOverride2 | puts | calls.rb:102:5:102:30 | puts | -| calls.rb:412:1:426:3 | SingletonOverride2 | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:433:1:461:3 | ConditionalInstanceMethods | add_singleton | calls.rb:367:1:371:3 | add_singleton | -| calls.rb:433:1:461:3 | ConditionalInstanceMethods | call_block | calls.rb:81:1:83:3 | call_block | -| calls.rb:433:1:461:3 | ConditionalInstanceMethods | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | -| calls.rb:433:1:461:3 | ConditionalInstanceMethods | create | calls.rb:278:1:286:3 | create | -| calls.rb:433:1:461:3 | ConditionalInstanceMethods | foo | calls.rb:1:1:3:3 | foo | -| calls.rb:433:1:461:3 | ConditionalInstanceMethods | foo | calls.rb:85:1:89:3 | foo | -| calls.rb:433:1:461:3 | ConditionalInstanceMethods | funny | calls.rb:140:1:142:3 | funny | -| calls.rb:433:1:461:3 | ConditionalInstanceMethods | indirect | calls.rb:158:1:160:3 | indirect | -| calls.rb:433:1:461:3 | ConditionalInstanceMethods | m1 | calls.rb:435:9:437:11 | m1 | -| calls.rb:433:1:461:3 | ConditionalInstanceMethods | m2 | calls.rb:440:5:452:7 | m2 | -| calls.rb:433:1:461:3 | ConditionalInstanceMethods | new | calls.rb:117:5:117:16 | new | -| calls.rb:433:1:461:3 | ConditionalInstanceMethods | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:433:1:461:3 | ConditionalInstanceMethods | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:433:1:461:3 | ConditionalInstanceMethods | private_on_main | calls.rb:185:1:186:3 | private_on_main | -| calls.rb:433:1:461:3 | ConditionalInstanceMethods | puts | calls.rb:102:5:102:30 | puts | -| calls.rb:433:1:461:3 | ConditionalInstanceMethods | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:496:1:502:3 | ExtendSingletonMethod | singleton | calls.rb:497:5:499:7 | singleton | -| calls.rb:525:1:529:3 | ProtectedMethodInModule | foo | calls.rb:526:15:528:7 | foo | -| calls.rb:531:1:544:3 | ProtectedMethods | add_singleton | calls.rb:367:1:371:3 | add_singleton | -| calls.rb:531:1:544:3 | ProtectedMethods | bar | calls.rb:534:15:536:7 | bar | -| calls.rb:531:1:544:3 | ProtectedMethods | baz | calls.rb:538:5:543:7 | baz | -| calls.rb:531:1:544:3 | ProtectedMethods | call_block | calls.rb:81:1:83:3 | call_block | -| calls.rb:531:1:544:3 | ProtectedMethods | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | -| calls.rb:531:1:544:3 | ProtectedMethods | create | calls.rb:278:1:286:3 | create | -| calls.rb:531:1:544:3 | ProtectedMethods | foo | calls.rb:526:15:528:7 | foo | -| calls.rb:531:1:544:3 | ProtectedMethods | funny | calls.rb:140:1:142:3 | funny | -| calls.rb:531:1:544:3 | ProtectedMethods | indirect | calls.rb:158:1:160:3 | indirect | -| calls.rb:531:1:544:3 | ProtectedMethods | new | calls.rb:117:5:117:16 | new | -| calls.rb:531:1:544:3 | ProtectedMethods | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:531:1:544:3 | ProtectedMethods | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:531:1:544:3 | ProtectedMethods | private_on_main | calls.rb:185:1:186:3 | private_on_main | -| calls.rb:531:1:544:3 | ProtectedMethods | puts | calls.rb:102:5:102:30 | puts | -| calls.rb:531:1:544:3 | ProtectedMethods | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:550:1:555:3 | ProtectedMethodsSub | add_singleton | calls.rb:367:1:371:3 | add_singleton | -| calls.rb:550:1:555:3 | ProtectedMethodsSub | bar | calls.rb:534:15:536:7 | bar | -| calls.rb:550:1:555:3 | ProtectedMethodsSub | baz | calls.rb:551:5:554:7 | baz | -| calls.rb:550:1:555:3 | ProtectedMethodsSub | call_block | calls.rb:81:1:83:3 | call_block | -| calls.rb:550:1:555:3 | ProtectedMethodsSub | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | -| calls.rb:550:1:555:3 | ProtectedMethodsSub | create | calls.rb:278:1:286:3 | create | -| calls.rb:550:1:555:3 | ProtectedMethodsSub | foo | calls.rb:526:15:528:7 | foo | -| calls.rb:550:1:555:3 | ProtectedMethodsSub | funny | calls.rb:140:1:142:3 | funny | -| calls.rb:550:1:555:3 | ProtectedMethodsSub | indirect | calls.rb:158:1:160:3 | indirect | -| calls.rb:550:1:555:3 | ProtectedMethodsSub | new | calls.rb:117:5:117:16 | new | -| calls.rb:550:1:555:3 | ProtectedMethodsSub | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:550:1:555:3 | ProtectedMethodsSub | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:550:1:555:3 | ProtectedMethodsSub | private_on_main | calls.rb:185:1:186:3 | private_on_main | -| calls.rb:550:1:555:3 | ProtectedMethodsSub | puts | calls.rb:102:5:102:30 | puts | -| calls.rb:550:1:555:3 | ProtectedMethodsSub | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:564:1:567:3 | SingletonUpCall_Base | add_singleton | calls.rb:367:1:371:3 | add_singleton | -| calls.rb:564:1:567:3 | SingletonUpCall_Base | call_block | calls.rb:81:1:83:3 | call_block | -| calls.rb:564:1:567:3 | SingletonUpCall_Base | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | -| calls.rb:564:1:567:3 | SingletonUpCall_Base | create | calls.rb:278:1:286:3 | create | -| calls.rb:564:1:567:3 | SingletonUpCall_Base | foo | calls.rb:1:1:3:3 | foo | -| calls.rb:564:1:567:3 | SingletonUpCall_Base | foo | calls.rb:85:1:89:3 | foo | -| calls.rb:564:1:567:3 | SingletonUpCall_Base | funny | calls.rb:140:1:142:3 | funny | -| calls.rb:564:1:567:3 | SingletonUpCall_Base | indirect | calls.rb:158:1:160:3 | indirect | -| calls.rb:564:1:567:3 | SingletonUpCall_Base | new | calls.rb:117:5:117:16 | new | -| calls.rb:564:1:567:3 | SingletonUpCall_Base | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:564:1:567:3 | SingletonUpCall_Base | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:564:1:567:3 | SingletonUpCall_Base | private_on_main | calls.rb:185:1:186:3 | private_on_main | -| calls.rb:564:1:567:3 | SingletonUpCall_Base | puts | calls.rb:102:5:102:30 | puts | -| calls.rb:564:1:567:3 | SingletonUpCall_Base | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:568:1:575:3 | SingletonUpCall_Sub | add_singleton | calls.rb:367:1:371:3 | add_singleton | -| calls.rb:568:1:575:3 | SingletonUpCall_Sub | call_block | calls.rb:81:1:83:3 | call_block | -| calls.rb:568:1:575:3 | SingletonUpCall_Sub | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | -| calls.rb:568:1:575:3 | SingletonUpCall_Sub | create | calls.rb:278:1:286:3 | create | -| calls.rb:568:1:575:3 | SingletonUpCall_Sub | foo | calls.rb:1:1:3:3 | foo | -| calls.rb:568:1:575:3 | SingletonUpCall_Sub | foo | calls.rb:85:1:89:3 | foo | -| calls.rb:568:1:575:3 | SingletonUpCall_Sub | funny | calls.rb:140:1:142:3 | funny | -| calls.rb:568:1:575:3 | SingletonUpCall_Sub | indirect | calls.rb:158:1:160:3 | indirect | -| calls.rb:568:1:575:3 | SingletonUpCall_Sub | new | calls.rb:117:5:117:16 | new | -| calls.rb:568:1:575:3 | SingletonUpCall_Sub | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:568:1:575:3 | SingletonUpCall_Sub | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:568:1:575:3 | SingletonUpCall_Sub | private_on_main | calls.rb:185:1:186:3 | private_on_main | -| calls.rb:568:1:575:3 | SingletonUpCall_Sub | puts | calls.rb:102:5:102:30 | puts | -| calls.rb:568:1:575:3 | SingletonUpCall_Sub | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | add_singleton | calls.rb:367:1:371:3 | add_singleton | -| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | call_block | calls.rb:81:1:83:3 | call_block | -| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | -| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | create | calls.rb:278:1:286:3 | create | -| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | foo | calls.rb:1:1:3:3 | foo | -| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | foo | calls.rb:85:1:89:3 | foo | -| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | funny | calls.rb:140:1:142:3 | funny | -| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | indirect | calls.rb:158:1:160:3 | indirect | -| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | new | calls.rb:117:5:117:16 | new | -| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | private_on_main | calls.rb:185:1:186:3 | private_on_main | -| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | puts | calls.rb:102:5:102:30 | puts | -| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:583:1:594:3 | SingletonA | add_singleton | calls.rb:367:1:371:3 | add_singleton | -| calls.rb:583:1:594:3 | SingletonA | call_block | calls.rb:81:1:83:3 | call_block | -| calls.rb:583:1:594:3 | SingletonA | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | -| calls.rb:583:1:594:3 | SingletonA | create | calls.rb:278:1:286:3 | create | -| calls.rb:583:1:594:3 | SingletonA | foo | calls.rb:1:1:3:3 | foo | -| calls.rb:583:1:594:3 | SingletonA | foo | calls.rb:85:1:89:3 | foo | -| calls.rb:583:1:594:3 | SingletonA | funny | calls.rb:140:1:142:3 | funny | -| calls.rb:583:1:594:3 | SingletonA | indirect | calls.rb:158:1:160:3 | indirect | -| calls.rb:583:1:594:3 | SingletonA | new | calls.rb:117:5:117:16 | new | -| calls.rb:583:1:594:3 | SingletonA | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:583:1:594:3 | SingletonA | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:583:1:594:3 | SingletonA | private_on_main | calls.rb:185:1:186:3 | private_on_main | -| calls.rb:583:1:594:3 | SingletonA | puts | calls.rb:102:5:102:30 | puts | -| calls.rb:583:1:594:3 | SingletonA | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:596:1:603:3 | SingletonB | add_singleton | calls.rb:367:1:371:3 | add_singleton | -| calls.rb:596:1:603:3 | SingletonB | call_block | calls.rb:81:1:83:3 | call_block | -| calls.rb:596:1:603:3 | SingletonB | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | -| calls.rb:596:1:603:3 | SingletonB | create | calls.rb:278:1:286:3 | create | -| calls.rb:596:1:603:3 | SingletonB | foo | calls.rb:1:1:3:3 | foo | -| calls.rb:596:1:603:3 | SingletonB | foo | calls.rb:85:1:89:3 | foo | -| calls.rb:596:1:603:3 | SingletonB | funny | calls.rb:140:1:142:3 | funny | -| calls.rb:596:1:603:3 | SingletonB | indirect | calls.rb:158:1:160:3 | indirect | -| calls.rb:596:1:603:3 | SingletonB | new | calls.rb:117:5:117:16 | new | -| calls.rb:596:1:603:3 | SingletonB | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:596:1:603:3 | SingletonB | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:596:1:603:3 | SingletonB | private_on_main | calls.rb:185:1:186:3 | private_on_main | -| calls.rb:596:1:603:3 | SingletonB | puts | calls.rb:102:5:102:30 | puts | -| calls.rb:596:1:603:3 | SingletonB | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:605:1:612:3 | SingletonC | add_singleton | calls.rb:367:1:371:3 | add_singleton | -| calls.rb:605:1:612:3 | SingletonC | call_block | calls.rb:81:1:83:3 | call_block | -| calls.rb:605:1:612:3 | SingletonC | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | -| calls.rb:605:1:612:3 | SingletonC | create | calls.rb:278:1:286:3 | create | -| calls.rb:605:1:612:3 | SingletonC | foo | calls.rb:1:1:3:3 | foo | -| calls.rb:605:1:612:3 | SingletonC | foo | calls.rb:85:1:89:3 | foo | -| calls.rb:605:1:612:3 | SingletonC | funny | calls.rb:140:1:142:3 | funny | -| calls.rb:605:1:612:3 | SingletonC | indirect | calls.rb:158:1:160:3 | indirect | -| calls.rb:605:1:612:3 | SingletonC | new | calls.rb:117:5:117:16 | new | -| calls.rb:605:1:612:3 | SingletonC | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:605:1:612:3 | SingletonC | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:605:1:612:3 | SingletonC | private_on_main | calls.rb:185:1:186:3 | private_on_main | -| calls.rb:605:1:612:3 | SingletonC | puts | calls.rb:102:5:102:30 | puts | -| calls.rb:605:1:612:3 | SingletonC | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:618:1:624:3 | Included | bar | calls.rb:622:5:623:7 | bar | -| calls.rb:618:1:624:3 | Included | foo | calls.rb:619:5:621:7 | foo | -| calls.rb:626:1:631:3 | IncludesIncluded | add_singleton | calls.rb:367:1:371:3 | add_singleton | -| calls.rb:626:1:631:3 | IncludesIncluded | bar | calls.rb:628:5:630:7 | bar | -| calls.rb:626:1:631:3 | IncludesIncluded | call_block | calls.rb:81:1:83:3 | call_block | -| calls.rb:626:1:631:3 | IncludesIncluded | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | -| calls.rb:626:1:631:3 | IncludesIncluded | create | calls.rb:278:1:286:3 | create | -| calls.rb:626:1:631:3 | IncludesIncluded | foo | calls.rb:619:5:621:7 | foo | -| calls.rb:626:1:631:3 | IncludesIncluded | funny | calls.rb:140:1:142:3 | funny | -| calls.rb:626:1:631:3 | IncludesIncluded | indirect | calls.rb:158:1:160:3 | indirect | -| calls.rb:626:1:631:3 | IncludesIncluded | new | calls.rb:117:5:117:16 | new | -| calls.rb:626:1:631:3 | IncludesIncluded | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:626:1:631:3 | IncludesIncluded | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:626:1:631:3 | IncludesIncluded | private_on_main | calls.rb:185:1:186:3 | private_on_main | -| calls.rb:626:1:631:3 | IncludesIncluded | puts | calls.rb:102:5:102:30 | puts | -| calls.rb:626:1:631:3 | IncludesIncluded | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:633:1:637:3 | CustomNew1 | add_singleton | calls.rb:367:1:371:3 | add_singleton | -| calls.rb:633:1:637:3 | CustomNew1 | call_block | calls.rb:81:1:83:3 | call_block | -| calls.rb:633:1:637:3 | CustomNew1 | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | -| calls.rb:633:1:637:3 | CustomNew1 | create | calls.rb:278:1:286:3 | create | -| calls.rb:633:1:637:3 | CustomNew1 | foo | calls.rb:1:1:3:3 | foo | -| calls.rb:633:1:637:3 | CustomNew1 | foo | calls.rb:85:1:89:3 | foo | -| calls.rb:633:1:637:3 | CustomNew1 | funny | calls.rb:140:1:142:3 | funny | -| calls.rb:633:1:637:3 | CustomNew1 | indirect | calls.rb:158:1:160:3 | indirect | -| calls.rb:633:1:637:3 | CustomNew1 | new | calls.rb:117:5:117:16 | new | -| calls.rb:633:1:637:3 | CustomNew1 | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:633:1:637:3 | CustomNew1 | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:633:1:637:3 | CustomNew1 | private_on_main | calls.rb:185:1:186:3 | private_on_main | -| calls.rb:633:1:637:3 | CustomNew1 | puts | calls.rb:102:5:102:30 | puts | -| calls.rb:633:1:637:3 | CustomNew1 | to_s | calls.rb:172:5:173:7 | to_s | -| calls.rb:641:1:649:3 | CustomNew2 | add_singleton | calls.rb:367:1:371:3 | add_singleton | -| calls.rb:641:1:649:3 | CustomNew2 | call_block | calls.rb:81:1:83:3 | call_block | -| calls.rb:641:1:649:3 | CustomNew2 | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | -| calls.rb:641:1:649:3 | CustomNew2 | create | calls.rb:278:1:286:3 | create | -| calls.rb:641:1:649:3 | CustomNew2 | foo | calls.rb:1:1:3:3 | foo | -| calls.rb:641:1:649:3 | CustomNew2 | foo | calls.rb:85:1:89:3 | foo | -| calls.rb:641:1:649:3 | CustomNew2 | funny | calls.rb:140:1:142:3 | funny | -| calls.rb:641:1:649:3 | CustomNew2 | indirect | calls.rb:158:1:160:3 | indirect | -| calls.rb:641:1:649:3 | CustomNew2 | instance | calls.rb:646:5:648:7 | instance | -| calls.rb:641:1:649:3 | CustomNew2 | new | calls.rb:117:5:117:16 | new | -| calls.rb:641:1:649:3 | CustomNew2 | optional_arg | calls.rb:76:1:79:3 | optional_arg | -| calls.rb:641:1:649:3 | CustomNew2 | pattern_dispatch | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:641:1:649:3 | CustomNew2 | private_on_main | calls.rb:185:1:186:3 | private_on_main | -| calls.rb:641:1:649:3 | CustomNew2 | puts | calls.rb:102:5:102:30 | puts | -| calls.rb:641:1:649:3 | CustomNew2 | to_s | calls.rb:172:5:173:7 | to_s | +| calls.rb:325:1:333:3 | C1 | add_singleton | calls.rb:374:1:378:3 | add_singleton | +| calls.rb:325:1:333:3 | C1 | call_block | calls.rb:81:1:83:3 | call_block | +| calls.rb:325:1:333:3 | C1 | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:325:1:333:3 | C1 | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:325:1:333:3 | C1 | create | calls.rb:278:1:286:3 | create | +| calls.rb:325:1:333:3 | C1 | foo | calls.rb:1:1:3:3 | foo | +| calls.rb:325:1:333:3 | C1 | foo | calls.rb:85:1:89:3 | foo | +| calls.rb:325:1:333:3 | C1 | funny | calls.rb:140:1:142:3 | funny | +| calls.rb:325:1:333:3 | C1 | indirect | calls.rb:158:1:160:3 | indirect | +| calls.rb:325:1:333:3 | C1 | instance | calls.rb:326:5:328:7 | instance | +| calls.rb:325:1:333:3 | C1 | new | calls.rb:117:5:117:16 | new | +| calls.rb:325:1:333:3 | C1 | optional_arg | calls.rb:76:1:79:3 | optional_arg | +| calls.rb:325:1:333:3 | C1 | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:325:1:333:3 | C1 | private_on_main | calls.rb:185:1:186:3 | private_on_main | +| calls.rb:325:1:333:3 | C1 | puts | calls.rb:102:5:102:30 | puts | +| calls.rb:325:1:333:3 | C1 | return_self | calls.rb:330:5:332:7 | return_self | +| calls.rb:325:1:333:3 | C1 | to_s | calls.rb:172:5:173:7 | to_s | +| calls.rb:335:1:339:3 | C2 | add_singleton | calls.rb:374:1:378:3 | add_singleton | +| calls.rb:335:1:339:3 | C2 | call_block | calls.rb:81:1:83:3 | call_block | +| calls.rb:335:1:339:3 | C2 | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:335:1:339:3 | C2 | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:335:1:339:3 | C2 | create | calls.rb:278:1:286:3 | create | +| calls.rb:335:1:339:3 | C2 | foo | calls.rb:1:1:3:3 | foo | +| calls.rb:335:1:339:3 | C2 | foo | calls.rb:85:1:89:3 | foo | +| calls.rb:335:1:339:3 | C2 | funny | calls.rb:140:1:142:3 | funny | +| calls.rb:335:1:339:3 | C2 | indirect | calls.rb:158:1:160:3 | indirect | +| calls.rb:335:1:339:3 | C2 | instance | calls.rb:336:5:338:7 | instance | +| calls.rb:335:1:339:3 | C2 | new | calls.rb:117:5:117:16 | new | +| calls.rb:335:1:339:3 | C2 | optional_arg | calls.rb:76:1:79:3 | optional_arg | +| calls.rb:335:1:339:3 | C2 | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:335:1:339:3 | C2 | private_on_main | calls.rb:185:1:186:3 | private_on_main | +| calls.rb:335:1:339:3 | C2 | puts | calls.rb:102:5:102:30 | puts | +| calls.rb:335:1:339:3 | C2 | return_self | calls.rb:330:5:332:7 | return_self | +| calls.rb:335:1:339:3 | C2 | to_s | calls.rb:172:5:173:7 | to_s | +| calls.rb:341:1:345:3 | C3 | add_singleton | calls.rb:374:1:378:3 | add_singleton | +| calls.rb:341:1:345:3 | C3 | call_block | calls.rb:81:1:83:3 | call_block | +| calls.rb:341:1:345:3 | C3 | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:341:1:345:3 | C3 | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:341:1:345:3 | C3 | create | calls.rb:278:1:286:3 | create | +| calls.rb:341:1:345:3 | C3 | foo | calls.rb:1:1:3:3 | foo | +| calls.rb:341:1:345:3 | C3 | foo | calls.rb:85:1:89:3 | foo | +| calls.rb:341:1:345:3 | C3 | funny | calls.rb:140:1:142:3 | funny | +| calls.rb:341:1:345:3 | C3 | indirect | calls.rb:158:1:160:3 | indirect | +| calls.rb:341:1:345:3 | C3 | instance | calls.rb:342:5:344:7 | instance | +| calls.rb:341:1:345:3 | C3 | new | calls.rb:117:5:117:16 | new | +| calls.rb:341:1:345:3 | C3 | optional_arg | calls.rb:76:1:79:3 | optional_arg | +| calls.rb:341:1:345:3 | C3 | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:341:1:345:3 | C3 | private_on_main | calls.rb:185:1:186:3 | private_on_main | +| calls.rb:341:1:345:3 | C3 | puts | calls.rb:102:5:102:30 | puts | +| calls.rb:341:1:345:3 | C3 | return_self | calls.rb:330:5:332:7 | return_self | +| calls.rb:341:1:345:3 | C3 | to_s | calls.rb:172:5:173:7 | to_s | +| calls.rb:385:1:413:3 | SingletonOverride1 | add_singleton | calls.rb:374:1:378:3 | add_singleton | +| calls.rb:385:1:413:3 | SingletonOverride1 | call_block | calls.rb:81:1:83:3 | call_block | +| calls.rb:385:1:413:3 | SingletonOverride1 | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:385:1:413:3 | SingletonOverride1 | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:385:1:413:3 | SingletonOverride1 | create | calls.rb:278:1:286:3 | create | +| calls.rb:385:1:413:3 | SingletonOverride1 | foo | calls.rb:1:1:3:3 | foo | +| calls.rb:385:1:413:3 | SingletonOverride1 | foo | calls.rb:85:1:89:3 | foo | +| calls.rb:385:1:413:3 | SingletonOverride1 | funny | calls.rb:140:1:142:3 | funny | +| calls.rb:385:1:413:3 | SingletonOverride1 | indirect | calls.rb:158:1:160:3 | indirect | +| calls.rb:385:1:413:3 | SingletonOverride1 | instance1 | calls.rb:410:5:412:7 | instance1 | +| calls.rb:385:1:413:3 | SingletonOverride1 | new | calls.rb:117:5:117:16 | new | +| calls.rb:385:1:413:3 | SingletonOverride1 | optional_arg | calls.rb:76:1:79:3 | optional_arg | +| calls.rb:385:1:413:3 | SingletonOverride1 | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:385:1:413:3 | SingletonOverride1 | private_on_main | calls.rb:185:1:186:3 | private_on_main | +| calls.rb:385:1:413:3 | SingletonOverride1 | puts | calls.rb:102:5:102:30 | puts | +| calls.rb:385:1:413:3 | SingletonOverride1 | to_s | calls.rb:172:5:173:7 | to_s | +| calls.rb:420:1:434:3 | SingletonOverride2 | add_singleton | calls.rb:374:1:378:3 | add_singleton | +| calls.rb:420:1:434:3 | SingletonOverride2 | call_block | calls.rb:81:1:83:3 | call_block | +| calls.rb:420:1:434:3 | SingletonOverride2 | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:420:1:434:3 | SingletonOverride2 | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:420:1:434:3 | SingletonOverride2 | create | calls.rb:278:1:286:3 | create | +| calls.rb:420:1:434:3 | SingletonOverride2 | foo | calls.rb:1:1:3:3 | foo | +| calls.rb:420:1:434:3 | SingletonOverride2 | foo | calls.rb:85:1:89:3 | foo | +| calls.rb:420:1:434:3 | SingletonOverride2 | funny | calls.rb:140:1:142:3 | funny | +| calls.rb:420:1:434:3 | SingletonOverride2 | indirect | calls.rb:158:1:160:3 | indirect | +| calls.rb:420:1:434:3 | SingletonOverride2 | instance1 | calls.rb:431:5:433:7 | instance1 | +| calls.rb:420:1:434:3 | SingletonOverride2 | new | calls.rb:117:5:117:16 | new | +| calls.rb:420:1:434:3 | SingletonOverride2 | optional_arg | calls.rb:76:1:79:3 | optional_arg | +| calls.rb:420:1:434:3 | SingletonOverride2 | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:420:1:434:3 | SingletonOverride2 | private_on_main | calls.rb:185:1:186:3 | private_on_main | +| calls.rb:420:1:434:3 | SingletonOverride2 | puts | calls.rb:102:5:102:30 | puts | +| calls.rb:420:1:434:3 | SingletonOverride2 | to_s | calls.rb:172:5:173:7 | to_s | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | add_singleton | calls.rb:374:1:378:3 | add_singleton | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | call_block | calls.rb:81:1:83:3 | call_block | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | create | calls.rb:278:1:286:3 | create | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | foo | calls.rb:1:1:3:3 | foo | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | foo | calls.rb:85:1:89:3 | foo | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | funny | calls.rb:140:1:142:3 | funny | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | indirect | calls.rb:158:1:160:3 | indirect | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | m1 | calls.rb:443:9:445:11 | m1 | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | m2 | calls.rb:448:5:460:7 | m2 | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | new | calls.rb:117:5:117:16 | new | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | optional_arg | calls.rb:76:1:79:3 | optional_arg | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | private_on_main | calls.rb:185:1:186:3 | private_on_main | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | puts | calls.rb:102:5:102:30 | puts | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | to_s | calls.rb:172:5:173:7 | to_s | +| calls.rb:504:1:510:3 | ExtendSingletonMethod | singleton | calls.rb:505:5:507:7 | singleton | +| calls.rb:533:1:537:3 | ProtectedMethodInModule | foo | calls.rb:534:15:536:7 | foo | +| calls.rb:539:1:552:3 | ProtectedMethods | add_singleton | calls.rb:374:1:378:3 | add_singleton | +| calls.rb:539:1:552:3 | ProtectedMethods | bar | calls.rb:542:15:544:7 | bar | +| calls.rb:539:1:552:3 | ProtectedMethods | baz | calls.rb:546:5:551:7 | baz | +| calls.rb:539:1:552:3 | ProtectedMethods | call_block | calls.rb:81:1:83:3 | call_block | +| calls.rb:539:1:552:3 | ProtectedMethods | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:539:1:552:3 | ProtectedMethods | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:539:1:552:3 | ProtectedMethods | create | calls.rb:278:1:286:3 | create | +| calls.rb:539:1:552:3 | ProtectedMethods | foo | calls.rb:534:15:536:7 | foo | +| calls.rb:539:1:552:3 | ProtectedMethods | funny | calls.rb:140:1:142:3 | funny | +| calls.rb:539:1:552:3 | ProtectedMethods | indirect | calls.rb:158:1:160:3 | indirect | +| calls.rb:539:1:552:3 | ProtectedMethods | new | calls.rb:117:5:117:16 | new | +| calls.rb:539:1:552:3 | ProtectedMethods | optional_arg | calls.rb:76:1:79:3 | optional_arg | +| calls.rb:539:1:552:3 | ProtectedMethods | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:539:1:552:3 | ProtectedMethods | private_on_main | calls.rb:185:1:186:3 | private_on_main | +| calls.rb:539:1:552:3 | ProtectedMethods | puts | calls.rb:102:5:102:30 | puts | +| calls.rb:539:1:552:3 | ProtectedMethods | to_s | calls.rb:172:5:173:7 | to_s | +| calls.rb:558:1:563:3 | ProtectedMethodsSub | add_singleton | calls.rb:374:1:378:3 | add_singleton | +| calls.rb:558:1:563:3 | ProtectedMethodsSub | bar | calls.rb:542:15:544:7 | bar | +| calls.rb:558:1:563:3 | ProtectedMethodsSub | baz | calls.rb:559:5:562:7 | baz | +| calls.rb:558:1:563:3 | ProtectedMethodsSub | call_block | calls.rb:81:1:83:3 | call_block | +| calls.rb:558:1:563:3 | ProtectedMethodsSub | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:558:1:563:3 | ProtectedMethodsSub | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:558:1:563:3 | ProtectedMethodsSub | create | calls.rb:278:1:286:3 | create | +| calls.rb:558:1:563:3 | ProtectedMethodsSub | foo | calls.rb:534:15:536:7 | foo | +| calls.rb:558:1:563:3 | ProtectedMethodsSub | funny | calls.rb:140:1:142:3 | funny | +| calls.rb:558:1:563:3 | ProtectedMethodsSub | indirect | calls.rb:158:1:160:3 | indirect | +| calls.rb:558:1:563:3 | ProtectedMethodsSub | new | calls.rb:117:5:117:16 | new | +| calls.rb:558:1:563:3 | ProtectedMethodsSub | optional_arg | calls.rb:76:1:79:3 | optional_arg | +| calls.rb:558:1:563:3 | ProtectedMethodsSub | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:558:1:563:3 | ProtectedMethodsSub | private_on_main | calls.rb:185:1:186:3 | private_on_main | +| calls.rb:558:1:563:3 | ProtectedMethodsSub | puts | calls.rb:102:5:102:30 | puts | +| calls.rb:558:1:563:3 | ProtectedMethodsSub | to_s | calls.rb:172:5:173:7 | to_s | +| calls.rb:572:1:575:3 | SingletonUpCall_Base | add_singleton | calls.rb:374:1:378:3 | add_singleton | +| calls.rb:572:1:575:3 | SingletonUpCall_Base | call_block | calls.rb:81:1:83:3 | call_block | +| calls.rb:572:1:575:3 | SingletonUpCall_Base | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:572:1:575:3 | SingletonUpCall_Base | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:572:1:575:3 | SingletonUpCall_Base | create | calls.rb:278:1:286:3 | create | +| calls.rb:572:1:575:3 | SingletonUpCall_Base | foo | calls.rb:1:1:3:3 | foo | +| calls.rb:572:1:575:3 | SingletonUpCall_Base | foo | calls.rb:85:1:89:3 | foo | +| calls.rb:572:1:575:3 | SingletonUpCall_Base | funny | calls.rb:140:1:142:3 | funny | +| calls.rb:572:1:575:3 | SingletonUpCall_Base | indirect | calls.rb:158:1:160:3 | indirect | +| calls.rb:572:1:575:3 | SingletonUpCall_Base | new | calls.rb:117:5:117:16 | new | +| calls.rb:572:1:575:3 | SingletonUpCall_Base | optional_arg | calls.rb:76:1:79:3 | optional_arg | +| calls.rb:572:1:575:3 | SingletonUpCall_Base | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:572:1:575:3 | SingletonUpCall_Base | private_on_main | calls.rb:185:1:186:3 | private_on_main | +| calls.rb:572:1:575:3 | SingletonUpCall_Base | puts | calls.rb:102:5:102:30 | puts | +| calls.rb:572:1:575:3 | SingletonUpCall_Base | to_s | calls.rb:172:5:173:7 | to_s | +| calls.rb:576:1:583:3 | SingletonUpCall_Sub | add_singleton | calls.rb:374:1:378:3 | add_singleton | +| calls.rb:576:1:583:3 | SingletonUpCall_Sub | call_block | calls.rb:81:1:83:3 | call_block | +| calls.rb:576:1:583:3 | SingletonUpCall_Sub | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:576:1:583:3 | SingletonUpCall_Sub | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:576:1:583:3 | SingletonUpCall_Sub | create | calls.rb:278:1:286:3 | create | +| calls.rb:576:1:583:3 | SingletonUpCall_Sub | foo | calls.rb:1:1:3:3 | foo | +| calls.rb:576:1:583:3 | SingletonUpCall_Sub | foo | calls.rb:85:1:89:3 | foo | +| calls.rb:576:1:583:3 | SingletonUpCall_Sub | funny | calls.rb:140:1:142:3 | funny | +| calls.rb:576:1:583:3 | SingletonUpCall_Sub | indirect | calls.rb:158:1:160:3 | indirect | +| calls.rb:576:1:583:3 | SingletonUpCall_Sub | new | calls.rb:117:5:117:16 | new | +| calls.rb:576:1:583:3 | SingletonUpCall_Sub | optional_arg | calls.rb:76:1:79:3 | optional_arg | +| calls.rb:576:1:583:3 | SingletonUpCall_Sub | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:576:1:583:3 | SingletonUpCall_Sub | private_on_main | calls.rb:185:1:186:3 | private_on_main | +| calls.rb:576:1:583:3 | SingletonUpCall_Sub | puts | calls.rb:102:5:102:30 | puts | +| calls.rb:576:1:583:3 | SingletonUpCall_Sub | to_s | calls.rb:172:5:173:7 | to_s | +| calls.rb:584:1:589:3 | SingletonUpCall_SubSub | add_singleton | calls.rb:374:1:378:3 | add_singleton | +| calls.rb:584:1:589:3 | SingletonUpCall_SubSub | call_block | calls.rb:81:1:83:3 | call_block | +| calls.rb:584:1:589:3 | SingletonUpCall_SubSub | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:584:1:589:3 | SingletonUpCall_SubSub | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:584:1:589:3 | SingletonUpCall_SubSub | create | calls.rb:278:1:286:3 | create | +| calls.rb:584:1:589:3 | SingletonUpCall_SubSub | foo | calls.rb:1:1:3:3 | foo | +| calls.rb:584:1:589:3 | SingletonUpCall_SubSub | foo | calls.rb:85:1:89:3 | foo | +| calls.rb:584:1:589:3 | SingletonUpCall_SubSub | funny | calls.rb:140:1:142:3 | funny | +| calls.rb:584:1:589:3 | SingletonUpCall_SubSub | indirect | calls.rb:158:1:160:3 | indirect | +| calls.rb:584:1:589:3 | SingletonUpCall_SubSub | new | calls.rb:117:5:117:16 | new | +| calls.rb:584:1:589:3 | SingletonUpCall_SubSub | optional_arg | calls.rb:76:1:79:3 | optional_arg | +| calls.rb:584:1:589:3 | SingletonUpCall_SubSub | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:584:1:589:3 | SingletonUpCall_SubSub | private_on_main | calls.rb:185:1:186:3 | private_on_main | +| calls.rb:584:1:589:3 | SingletonUpCall_SubSub | puts | calls.rb:102:5:102:30 | puts | +| calls.rb:584:1:589:3 | SingletonUpCall_SubSub | to_s | calls.rb:172:5:173:7 | to_s | +| calls.rb:591:1:602:3 | SingletonA | add_singleton | calls.rb:374:1:378:3 | add_singleton | +| calls.rb:591:1:602:3 | SingletonA | call_block | calls.rb:81:1:83:3 | call_block | +| calls.rb:591:1:602:3 | SingletonA | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:591:1:602:3 | SingletonA | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:591:1:602:3 | SingletonA | create | calls.rb:278:1:286:3 | create | +| calls.rb:591:1:602:3 | SingletonA | foo | calls.rb:1:1:3:3 | foo | +| calls.rb:591:1:602:3 | SingletonA | foo | calls.rb:85:1:89:3 | foo | +| calls.rb:591:1:602:3 | SingletonA | funny | calls.rb:140:1:142:3 | funny | +| calls.rb:591:1:602:3 | SingletonA | indirect | calls.rb:158:1:160:3 | indirect | +| calls.rb:591:1:602:3 | SingletonA | new | calls.rb:117:5:117:16 | new | +| calls.rb:591:1:602:3 | SingletonA | optional_arg | calls.rb:76:1:79:3 | optional_arg | +| calls.rb:591:1:602:3 | SingletonA | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:591:1:602:3 | SingletonA | private_on_main | calls.rb:185:1:186:3 | private_on_main | +| calls.rb:591:1:602:3 | SingletonA | puts | calls.rb:102:5:102:30 | puts | +| calls.rb:591:1:602:3 | SingletonA | to_s | calls.rb:172:5:173:7 | to_s | +| calls.rb:604:1:611:3 | SingletonB | add_singleton | calls.rb:374:1:378:3 | add_singleton | +| calls.rb:604:1:611:3 | SingletonB | call_block | calls.rb:81:1:83:3 | call_block | +| calls.rb:604:1:611:3 | SingletonB | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:604:1:611:3 | SingletonB | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:604:1:611:3 | SingletonB | create | calls.rb:278:1:286:3 | create | +| calls.rb:604:1:611:3 | SingletonB | foo | calls.rb:1:1:3:3 | foo | +| calls.rb:604:1:611:3 | SingletonB | foo | calls.rb:85:1:89:3 | foo | +| calls.rb:604:1:611:3 | SingletonB | funny | calls.rb:140:1:142:3 | funny | +| calls.rb:604:1:611:3 | SingletonB | indirect | calls.rb:158:1:160:3 | indirect | +| calls.rb:604:1:611:3 | SingletonB | new | calls.rb:117:5:117:16 | new | +| calls.rb:604:1:611:3 | SingletonB | optional_arg | calls.rb:76:1:79:3 | optional_arg | +| calls.rb:604:1:611:3 | SingletonB | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:604:1:611:3 | SingletonB | private_on_main | calls.rb:185:1:186:3 | private_on_main | +| calls.rb:604:1:611:3 | SingletonB | puts | calls.rb:102:5:102:30 | puts | +| calls.rb:604:1:611:3 | SingletonB | to_s | calls.rb:172:5:173:7 | to_s | +| calls.rb:613:1:620:3 | SingletonC | add_singleton | calls.rb:374:1:378:3 | add_singleton | +| calls.rb:613:1:620:3 | SingletonC | call_block | calls.rb:81:1:83:3 | call_block | +| calls.rb:613:1:620:3 | SingletonC | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:613:1:620:3 | SingletonC | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:613:1:620:3 | SingletonC | create | calls.rb:278:1:286:3 | create | +| calls.rb:613:1:620:3 | SingletonC | foo | calls.rb:1:1:3:3 | foo | +| calls.rb:613:1:620:3 | SingletonC | foo | calls.rb:85:1:89:3 | foo | +| calls.rb:613:1:620:3 | SingletonC | funny | calls.rb:140:1:142:3 | funny | +| calls.rb:613:1:620:3 | SingletonC | indirect | calls.rb:158:1:160:3 | indirect | +| calls.rb:613:1:620:3 | SingletonC | new | calls.rb:117:5:117:16 | new | +| calls.rb:613:1:620:3 | SingletonC | optional_arg | calls.rb:76:1:79:3 | optional_arg | +| calls.rb:613:1:620:3 | SingletonC | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:613:1:620:3 | SingletonC | private_on_main | calls.rb:185:1:186:3 | private_on_main | +| calls.rb:613:1:620:3 | SingletonC | puts | calls.rb:102:5:102:30 | puts | +| calls.rb:613:1:620:3 | SingletonC | to_s | calls.rb:172:5:173:7 | to_s | +| calls.rb:626:1:632:3 | Included | bar | calls.rb:630:5:631:7 | bar | +| calls.rb:626:1:632:3 | Included | foo | calls.rb:627:5:629:7 | foo | +| calls.rb:634:1:639:3 | IncludesIncluded | add_singleton | calls.rb:374:1:378:3 | add_singleton | +| calls.rb:634:1:639:3 | IncludesIncluded | bar | calls.rb:636:5:638:7 | bar | +| calls.rb:634:1:639:3 | IncludesIncluded | call_block | calls.rb:81:1:83:3 | call_block | +| calls.rb:634:1:639:3 | IncludesIncluded | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:634:1:639:3 | IncludesIncluded | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:634:1:639:3 | IncludesIncluded | create | calls.rb:278:1:286:3 | create | +| calls.rb:634:1:639:3 | IncludesIncluded | foo | calls.rb:627:5:629:7 | foo | +| calls.rb:634:1:639:3 | IncludesIncluded | funny | calls.rb:140:1:142:3 | funny | +| calls.rb:634:1:639:3 | IncludesIncluded | indirect | calls.rb:158:1:160:3 | indirect | +| calls.rb:634:1:639:3 | IncludesIncluded | new | calls.rb:117:5:117:16 | new | +| calls.rb:634:1:639:3 | IncludesIncluded | optional_arg | calls.rb:76:1:79:3 | optional_arg | +| calls.rb:634:1:639:3 | IncludesIncluded | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:634:1:639:3 | IncludesIncluded | private_on_main | calls.rb:185:1:186:3 | private_on_main | +| calls.rb:634:1:639:3 | IncludesIncluded | puts | calls.rb:102:5:102:30 | puts | +| calls.rb:634:1:639:3 | IncludesIncluded | to_s | calls.rb:172:5:173:7 | to_s | +| calls.rb:641:1:645:3 | CustomNew1 | add_singleton | calls.rb:374:1:378:3 | add_singleton | +| calls.rb:641:1:645:3 | CustomNew1 | call_block | calls.rb:81:1:83:3 | call_block | +| calls.rb:641:1:645:3 | CustomNew1 | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:641:1:645:3 | CustomNew1 | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:641:1:645:3 | CustomNew1 | create | calls.rb:278:1:286:3 | create | +| calls.rb:641:1:645:3 | CustomNew1 | foo | calls.rb:1:1:3:3 | foo | +| calls.rb:641:1:645:3 | CustomNew1 | foo | calls.rb:85:1:89:3 | foo | +| calls.rb:641:1:645:3 | CustomNew1 | funny | calls.rb:140:1:142:3 | funny | +| calls.rb:641:1:645:3 | CustomNew1 | indirect | calls.rb:158:1:160:3 | indirect | +| calls.rb:641:1:645:3 | CustomNew1 | new | calls.rb:117:5:117:16 | new | +| calls.rb:641:1:645:3 | CustomNew1 | optional_arg | calls.rb:76:1:79:3 | optional_arg | +| calls.rb:641:1:645:3 | CustomNew1 | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:641:1:645:3 | CustomNew1 | private_on_main | calls.rb:185:1:186:3 | private_on_main | +| calls.rb:641:1:645:3 | CustomNew1 | puts | calls.rb:102:5:102:30 | puts | +| calls.rb:641:1:645:3 | CustomNew1 | to_s | calls.rb:172:5:173:7 | to_s | +| calls.rb:649:1:657:3 | CustomNew2 | add_singleton | calls.rb:374:1:378:3 | add_singleton | +| calls.rb:649:1:657:3 | CustomNew2 | call_block | calls.rb:81:1:83:3 | call_block | +| calls.rb:649:1:657:3 | CustomNew2 | call_instance_m | calls.rb:39:1:41:3 | call_instance_m | +| calls.rb:649:1:657:3 | CustomNew2 | capture_parameter | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:649:1:657:3 | CustomNew2 | create | calls.rb:278:1:286:3 | create | +| calls.rb:649:1:657:3 | CustomNew2 | foo | calls.rb:1:1:3:3 | foo | +| calls.rb:649:1:657:3 | CustomNew2 | foo | calls.rb:85:1:89:3 | foo | +| calls.rb:649:1:657:3 | CustomNew2 | funny | calls.rb:140:1:142:3 | funny | +| calls.rb:649:1:657:3 | CustomNew2 | indirect | calls.rb:158:1:160:3 | indirect | +| calls.rb:649:1:657:3 | CustomNew2 | instance | calls.rb:654:5:656:7 | instance | +| calls.rb:649:1:657:3 | CustomNew2 | new | calls.rb:117:5:117:16 | new | +| calls.rb:649:1:657:3 | CustomNew2 | optional_arg | calls.rb:76:1:79:3 | optional_arg | +| calls.rb:649:1:657:3 | CustomNew2 | pattern_dispatch | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:649:1:657:3 | CustomNew2 | private_on_main | calls.rb:185:1:186:3 | private_on_main | +| calls.rb:649:1:657:3 | CustomNew2 | puts | calls.rb:102:5:102:30 | puts | +| calls.rb:649:1:657:3 | CustomNew2 | to_s | calls.rb:172:5:173:7 | to_s | | file://:0:0:0:0 | Class | include | calls.rb:108:5:110:7 | include | | file://:0:0:0:0 | Class | module_eval | calls.rb:107:5:107:24 | module_eval | | file://:0:0:0:0 | Class | new | calls.rb:117:5:117:16 | new | @@ -864,176 +898,188 @@ enclosingMethod | calls.rb:327:9:327:26 | self | calls.rb:326:5:328:7 | instance | | calls.rb:327:14:327:26 | "C1#instance" | calls.rb:326:5:328:7 | instance | | calls.rb:327:15:327:25 | C1#instance | calls.rb:326:5:328:7 | instance | -| calls.rb:333:9:333:26 | call to puts | calls.rb:332:5:334:7 | instance | -| calls.rb:333:9:333:26 | self | calls.rb:332:5:334:7 | instance | -| calls.rb:333:14:333:26 | "C2#instance" | calls.rb:332:5:334:7 | instance | -| calls.rb:333:15:333:25 | C2#instance | calls.rb:332:5:334:7 | instance | -| calls.rb:339:9:339:26 | call to puts | calls.rb:338:5:340:7 | instance | -| calls.rb:339:9:339:26 | self | calls.rb:338:5:340:7 | instance | -| calls.rb:339:14:339:26 | "C3#instance" | calls.rb:338:5:340:7 | instance | -| calls.rb:339:15:339:25 | C3#instance | calls.rb:338:5:340:7 | instance | -| calls.rb:343:22:343:22 | x | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:343:22:343:22 | x | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:344:5:352:7 | case ... | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:344:10:344:10 | x | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:345:5:346:18 | when ... | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:345:10:345:11 | C3 | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:345:12:346:18 | then ... | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:346:9:346:9 | x | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:346:9:346:18 | call to instance | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:347:5:348:18 | when ... | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:347:10:347:11 | C2 | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:347:12:348:18 | then ... | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:348:9:348:9 | x | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:348:9:348:18 | call to instance | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:349:5:350:18 | when ... | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:349:10:349:11 | C1 | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:349:12:350:18 | then ... | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:350:9:350:9 | x | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:350:9:350:18 | call to instance | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:351:5:351:8 | else ... | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:354:5:358:7 | case ... | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:354:10:354:10 | x | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:355:9:355:29 | in ... then ... | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:355:12:355:13 | C3 | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:355:15:355:29 | then ... | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:355:20:355:20 | x | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:355:20:355:29 | call to instance | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:356:9:356:36 | in ... then ... | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:356:12:356:13 | C2 | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:356:12:356:19 | ... => ... | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:356:18:356:19 | c2 | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:356:21:356:36 | then ... | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:356:26:356:27 | c2 | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:356:26:356:36 | call to instance | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:357:9:357:36 | in ... then ... | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:357:12:357:13 | C1 | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:357:12:357:19 | ... => ... | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:357:18:357:19 | c1 | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:357:21:357:36 | then ... | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:357:26:357:27 | c1 | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:357:26:357:36 | call to instance | calls.rb:343:1:359:3 | pattern_dispatch | -| calls.rb:367:19:367:19 | x | calls.rb:367:1:371:3 | add_singleton | -| calls.rb:367:19:367:19 | x | calls.rb:367:1:371:3 | add_singleton | -| calls.rb:368:5:370:7 | instance | calls.rb:367:1:371:3 | add_singleton | -| calls.rb:368:9:368:9 | x | calls.rb:367:1:371:3 | add_singleton | -| calls.rb:369:9:369:28 | call to puts | calls.rb:368:5:370:7 | instance | -| calls.rb:369:9:369:28 | self | calls.rb:368:5:370:7 | instance | -| calls.rb:369:14:369:28 | "instance_on x" | calls.rb:368:5:370:7 | instance | -| calls.rb:369:15:369:27 | instance_on x | calls.rb:368:5:370:7 | instance | -| calls.rb:380:13:380:48 | call to puts | calls.rb:379:9:381:11 | singleton1 | -| calls.rb:380:13:380:48 | self | calls.rb:379:9:381:11 | singleton1 | -| calls.rb:380:18:380:48 | "SingletonOverride1#singleton1" | calls.rb:379:9:381:11 | singleton1 | -| calls.rb:380:19:380:47 | SingletonOverride1#singleton1 | calls.rb:379:9:381:11 | singleton1 | -| calls.rb:384:13:384:22 | call to singleton1 | calls.rb:383:9:385:11 | call_singleton1 | -| calls.rb:384:13:384:22 | self | calls.rb:383:9:385:11 | call_singleton1 | -| calls.rb:388:13:388:16 | self | calls.rb:387:9:389:11 | factory | -| calls.rb:388:13:388:20 | call to new | calls.rb:387:9:389:11 | factory | -| calls.rb:388:13:388:30 | call to instance1 | calls.rb:387:9:389:11 | factory | -| calls.rb:393:9:393:44 | call to puts | calls.rb:392:5:394:7 | singleton2 | -| calls.rb:393:9:393:44 | self | calls.rb:392:5:394:7 | singleton2 | -| calls.rb:393:14:393:44 | "SingletonOverride1#singleton2" | calls.rb:392:5:394:7 | singleton2 | -| calls.rb:393:15:393:43 | SingletonOverride1#singleton2 | calls.rb:392:5:394:7 | singleton2 | -| calls.rb:397:9:397:18 | call to singleton2 | calls.rb:396:5:398:7 | call_singleton2 | -| calls.rb:397:9:397:18 | self | calls.rb:396:5:398:7 | call_singleton2 | -| calls.rb:403:9:403:43 | call to puts | calls.rb:402:5:404:7 | instance1 | -| calls.rb:403:9:403:43 | self | calls.rb:402:5:404:7 | instance1 | -| calls.rb:403:14:403:43 | "SingletonOverride1#instance1" | calls.rb:402:5:404:7 | instance1 | -| calls.rb:403:15:403:42 | SingletonOverride1#instance1 | calls.rb:402:5:404:7 | instance1 | -| calls.rb:415:13:415:48 | call to puts | calls.rb:414:9:416:11 | singleton1 | -| calls.rb:415:13:415:48 | self | calls.rb:414:9:416:11 | singleton1 | -| calls.rb:415:18:415:48 | "SingletonOverride2#singleton1" | calls.rb:414:9:416:11 | singleton1 | -| calls.rb:415:19:415:47 | SingletonOverride2#singleton1 | calls.rb:414:9:416:11 | singleton1 | -| calls.rb:420:9:420:44 | call to puts | calls.rb:419:5:421:7 | singleton2 | -| calls.rb:420:9:420:44 | self | calls.rb:419:5:421:7 | singleton2 | -| calls.rb:420:14:420:44 | "SingletonOverride2#singleton2" | calls.rb:419:5:421:7 | singleton2 | -| calls.rb:420:15:420:43 | SingletonOverride2#singleton2 | calls.rb:419:5:421:7 | singleton2 | -| calls.rb:424:9:424:43 | call to puts | calls.rb:423:5:425:7 | instance1 | -| calls.rb:424:9:424:43 | self | calls.rb:423:5:425:7 | instance1 | -| calls.rb:424:14:424:43 | "SingletonOverride2#instance1" | calls.rb:423:5:425:7 | instance1 | -| calls.rb:424:15:424:42 | SingletonOverride2#instance1 | calls.rb:423:5:425:7 | instance1 | -| calls.rb:436:13:436:48 | call to puts | calls.rb:435:9:437:11 | m1 | -| calls.rb:436:13:436:48 | self | calls.rb:435:9:437:11 | m1 | -| calls.rb:436:18:436:48 | "ConditionalInstanceMethods#m1" | calls.rb:435:9:437:11 | m1 | -| calls.rb:436:19:436:47 | ConditionalInstanceMethods#m1 | calls.rb:435:9:437:11 | m1 | -| calls.rb:441:9:441:44 | call to puts | calls.rb:440:5:452:7 | m2 | -| calls.rb:441:9:441:44 | self | calls.rb:440:5:452:7 | m2 | -| calls.rb:441:14:441:44 | "ConditionalInstanceMethods#m2" | calls.rb:440:5:452:7 | m2 | -| calls.rb:441:15:441:43 | ConditionalInstanceMethods#m2 | calls.rb:440:5:452:7 | m2 | -| calls.rb:443:9:449:11 | m3 | calls.rb:440:5:452:7 | m2 | -| calls.rb:444:13:444:48 | call to puts | calls.rb:443:9:449:11 | m3 | -| calls.rb:444:13:444:48 | self | calls.rb:443:9:449:11 | m3 | -| calls.rb:444:18:444:48 | "ConditionalInstanceMethods#m3" | calls.rb:443:9:449:11 | m3 | -| calls.rb:444:19:444:47 | ConditionalInstanceMethods#m3 | calls.rb:443:9:449:11 | m3 | -| calls.rb:446:13:448:15 | m4 | calls.rb:443:9:449:11 | m3 | -| calls.rb:447:17:447:52 | call to puts | calls.rb:446:13:448:15 | m4 | -| calls.rb:447:17:447:52 | self | calls.rb:446:13:448:15 | m4 | -| calls.rb:447:22:447:52 | "ConditionalInstanceMethods#m4" | calls.rb:446:13:448:15 | m4 | -| calls.rb:447:23:447:51 | ConditionalInstanceMethods#m4 | calls.rb:446:13:448:15 | m4 | -| calls.rb:451:9:451:10 | call to m3 | calls.rb:440:5:452:7 | m2 | -| calls.rb:451:9:451:10 | self | calls.rb:440:5:452:7 | m2 | -| calls.rb:457:17:457:40 | call to puts | calls.rb:456:13:458:15 | m5 | -| calls.rb:457:17:457:40 | self | calls.rb:456:13:458:15 | m5 | -| calls.rb:457:22:457:40 | "AnonymousClass#m5" | calls.rb:456:13:458:15 | m5 | -| calls.rb:457:23:457:39 | AnonymousClass#m5 | calls.rb:456:13:458:15 | m5 | -| calls.rb:473:13:473:22 | call to puts | calls.rb:472:9:474:11 | foo | -| calls.rb:473:13:473:22 | self | calls.rb:472:9:474:11 | foo | -| calls.rb:473:18:473:22 | "foo" | calls.rb:472:9:474:11 | foo | -| calls.rb:473:19:473:21 | foo | calls.rb:472:9:474:11 | foo | -| calls.rb:479:13:479:22 | call to puts | calls.rb:478:9:480:11 | bar | -| calls.rb:479:13:479:22 | self | calls.rb:478:9:480:11 | bar | -| calls.rb:479:18:479:22 | "bar" | calls.rb:478:9:480:11 | bar | -| calls.rb:479:19:479:21 | bar | calls.rb:478:9:480:11 | bar | -| calls.rb:498:9:498:46 | call to puts | calls.rb:497:5:499:7 | singleton | -| calls.rb:498:9:498:46 | self | calls.rb:497:5:499:7 | singleton | -| calls.rb:498:14:498:46 | "ExtendSingletonMethod#singleton" | calls.rb:497:5:499:7 | singleton | -| calls.rb:498:15:498:45 | ExtendSingletonMethod#singleton | calls.rb:497:5:499:7 | singleton | -| calls.rb:527:9:527:42 | call to puts | calls.rb:526:15:528:7 | foo | -| calls.rb:527:9:527:42 | self | calls.rb:526:15:528:7 | foo | -| calls.rb:527:14:527:42 | "ProtectedMethodInModule#foo" | calls.rb:526:15:528:7 | foo | -| calls.rb:527:15:527:41 | ProtectedMethodInModule#foo | calls.rb:526:15:528:7 | foo | -| calls.rb:535:9:535:35 | call to puts | calls.rb:534:15:536:7 | bar | -| calls.rb:535:9:535:35 | self | calls.rb:534:15:536:7 | bar | -| calls.rb:535:14:535:35 | "ProtectedMethods#bar" | calls.rb:534:15:536:7 | bar | -| calls.rb:535:15:535:34 | ProtectedMethods#bar | calls.rb:534:15:536:7 | bar | -| calls.rb:539:9:539:11 | call to foo | calls.rb:538:5:543:7 | baz | -| calls.rb:539:9:539:11 | self | calls.rb:538:5:543:7 | baz | -| calls.rb:540:9:540:11 | call to bar | calls.rb:538:5:543:7 | baz | -| calls.rb:540:9:540:11 | self | calls.rb:538:5:543:7 | baz | -| calls.rb:541:9:541:24 | ProtectedMethods | calls.rb:538:5:543:7 | baz | -| calls.rb:541:9:541:28 | call to new | calls.rb:538:5:543:7 | baz | -| calls.rb:541:9:541:32 | call to foo | calls.rb:538:5:543:7 | baz | -| calls.rb:542:9:542:24 | ProtectedMethods | calls.rb:538:5:543:7 | baz | -| calls.rb:542:9:542:28 | call to new | calls.rb:538:5:543:7 | baz | -| calls.rb:542:9:542:32 | call to bar | calls.rb:538:5:543:7 | baz | -| calls.rb:552:9:552:11 | call to foo | calls.rb:551:5:554:7 | baz | -| calls.rb:552:9:552:11 | self | calls.rb:551:5:554:7 | baz | -| calls.rb:553:9:553:27 | ProtectedMethodsSub | calls.rb:551:5:554:7 | baz | -| calls.rb:553:9:553:31 | call to new | calls.rb:551:5:554:7 | baz | -| calls.rb:553:9:553:35 | call to foo | calls.rb:551:5:554:7 | baz | -| calls.rb:572:9:572:17 | call to singleton | calls.rb:571:5:574:7 | mid_method | -| calls.rb:572:9:572:17 | self | calls.rb:571:5:574:7 | mid_method | -| calls.rb:573:9:573:18 | call to singleton2 | calls.rb:571:5:574:7 | mid_method | -| calls.rb:573:9:573:18 | self | calls.rb:571:5:574:7 | mid_method | -| calls.rb:588:9:588:18 | call to singleton1 | calls.rb:587:5:589:7 | call_singleton1 | -| calls.rb:588:9:588:18 | self | calls.rb:587:5:589:7 | call_singleton1 | -| calls.rb:592:9:592:23 | call to call_singleton1 | calls.rb:591:5:593:7 | call_call_singleton1 | -| calls.rb:592:9:592:23 | self | calls.rb:591:5:593:7 | call_call_singleton1 | -| calls.rb:601:9:601:18 | call to singleton1 | calls.rb:600:5:602:7 | call_singleton1 | -| calls.rb:601:9:601:18 | self | calls.rb:600:5:602:7 | call_singleton1 | -| calls.rb:610:9:610:18 | call to singleton1 | calls.rb:609:5:611:7 | call_singleton1 | -| calls.rb:610:9:610:18 | self | calls.rb:609:5:611:7 | call_singleton1 | -| calls.rb:620:9:620:12 | self | calls.rb:619:5:621:7 | foo | -| calls.rb:620:9:620:16 | call to bar | calls.rb:619:5:621:7 | foo | -| calls.rb:629:9:629:13 | super call to bar | calls.rb:628:5:630:7 | bar | -| calls.rb:635:9:635:10 | C1 | calls.rb:634:5:636:7 | new | -| calls.rb:635:9:635:14 | call to new | calls.rb:634:5:636:7 | new | -| calls.rb:643:9:643:12 | self | calls.rb:642:5:644:7 | new | -| calls.rb:643:9:643:21 | call to allocate | calls.rb:642:5:644:7 | new | -| calls.rb:647:9:647:34 | call to puts | calls.rb:646:5:648:7 | instance | -| calls.rb:647:9:647:34 | self | calls.rb:646:5:648:7 | instance | -| calls.rb:647:14:647:34 | "CustomNew2#instance" | calls.rb:646:5:648:7 | instance | -| calls.rb:647:15:647:33 | CustomNew2#instance | calls.rb:646:5:648:7 | instance | +| calls.rb:331:9:331:12 | self | calls.rb:330:5:332:7 | return_self | +| calls.rb:337:9:337:26 | call to puts | calls.rb:336:5:338:7 | instance | +| calls.rb:337:9:337:26 | self | calls.rb:336:5:338:7 | instance | +| calls.rb:337:14:337:26 | "C2#instance" | calls.rb:336:5:338:7 | instance | +| calls.rb:337:15:337:25 | C2#instance | calls.rb:336:5:338:7 | instance | +| calls.rb:343:9:343:26 | call to puts | calls.rb:342:5:344:7 | instance | +| calls.rb:343:9:343:26 | self | calls.rb:342:5:344:7 | instance | +| calls.rb:343:14:343:26 | "C3#instance" | calls.rb:342:5:344:7 | instance | +| calls.rb:343:15:343:25 | C3#instance | calls.rb:342:5:344:7 | instance | +| calls.rb:347:22:347:22 | x | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:347:22:347:22 | x | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:348:5:356:7 | case ... | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:348:10:348:10 | x | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:349:5:350:18 | when ... | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:349:10:349:11 | C3 | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:349:12:350:18 | then ... | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:350:9:350:9 | x | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:350:9:350:18 | call to instance | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:351:5:352:18 | when ... | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:351:10:351:11 | C2 | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:351:12:352:18 | then ... | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:352:9:352:9 | x | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:352:9:352:18 | call to instance | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:353:5:354:18 | when ... | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:353:10:353:11 | C1 | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:353:12:354:18 | then ... | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:354:9:354:9 | x | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:354:9:354:18 | call to instance | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:355:5:355:8 | else ... | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:358:5:362:7 | case ... | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:358:10:358:10 | x | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:359:9:359:29 | in ... then ... | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:359:12:359:13 | C3 | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:359:15:359:29 | then ... | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:359:20:359:20 | x | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:359:20:359:29 | call to instance | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:360:9:360:36 | in ... then ... | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:360:12:360:13 | C2 | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:360:12:360:19 | ... => ... | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:360:18:360:19 | c2 | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:360:21:360:36 | then ... | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:360:26:360:27 | c2 | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:360:26:360:36 | call to instance | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:361:9:361:36 | in ... then ... | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:361:12:361:13 | C1 | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:361:12:361:19 | ... => ... | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:361:18:361:19 | c1 | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:361:21:361:36 | then ... | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:361:26:361:27 | c1 | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:361:26:361:36 | call to instance | calls.rb:347:1:363:3 | pattern_dispatch | +| calls.rb:374:19:374:19 | x | calls.rb:374:1:378:3 | add_singleton | +| calls.rb:374:19:374:19 | x | calls.rb:374:1:378:3 | add_singleton | +| calls.rb:375:5:377:7 | instance | calls.rb:374:1:378:3 | add_singleton | +| calls.rb:375:9:375:9 | x | calls.rb:374:1:378:3 | add_singleton | +| calls.rb:376:9:376:28 | call to puts | calls.rb:375:5:377:7 | instance | +| calls.rb:376:9:376:28 | self | calls.rb:375:5:377:7 | instance | +| calls.rb:376:14:376:28 | "instance_on x" | calls.rb:375:5:377:7 | instance | +| calls.rb:376:15:376:27 | instance_on x | calls.rb:375:5:377:7 | instance | +| calls.rb:388:13:388:48 | call to puts | calls.rb:387:9:389:11 | singleton1 | +| calls.rb:388:13:388:48 | self | calls.rb:387:9:389:11 | singleton1 | +| calls.rb:388:18:388:48 | "SingletonOverride1#singleton1" | calls.rb:387:9:389:11 | singleton1 | +| calls.rb:388:19:388:47 | SingletonOverride1#singleton1 | calls.rb:387:9:389:11 | singleton1 | +| calls.rb:392:13:392:22 | call to singleton1 | calls.rb:391:9:393:11 | call_singleton1 | +| calls.rb:392:13:392:22 | self | calls.rb:391:9:393:11 | call_singleton1 | +| calls.rb:396:13:396:16 | self | calls.rb:395:9:397:11 | factory | +| calls.rb:396:13:396:20 | call to new | calls.rb:395:9:397:11 | factory | +| calls.rb:396:13:396:30 | call to instance1 | calls.rb:395:9:397:11 | factory | +| calls.rb:401:9:401:44 | call to puts | calls.rb:400:5:402:7 | singleton2 | +| calls.rb:401:9:401:44 | self | calls.rb:400:5:402:7 | singleton2 | +| calls.rb:401:14:401:44 | "SingletonOverride1#singleton2" | calls.rb:400:5:402:7 | singleton2 | +| calls.rb:401:15:401:43 | SingletonOverride1#singleton2 | calls.rb:400:5:402:7 | singleton2 | +| calls.rb:405:9:405:18 | call to singleton2 | calls.rb:404:5:406:7 | call_singleton2 | +| calls.rb:405:9:405:18 | self | calls.rb:404:5:406:7 | call_singleton2 | +| calls.rb:411:9:411:43 | call to puts | calls.rb:410:5:412:7 | instance1 | +| calls.rb:411:9:411:43 | self | calls.rb:410:5:412:7 | instance1 | +| calls.rb:411:14:411:43 | "SingletonOverride1#instance1" | calls.rb:410:5:412:7 | instance1 | +| calls.rb:411:15:411:42 | SingletonOverride1#instance1 | calls.rb:410:5:412:7 | instance1 | +| calls.rb:423:13:423:48 | call to puts | calls.rb:422:9:424:11 | singleton1 | +| calls.rb:423:13:423:48 | self | calls.rb:422:9:424:11 | singleton1 | +| calls.rb:423:18:423:48 | "SingletonOverride2#singleton1" | calls.rb:422:9:424:11 | singleton1 | +| calls.rb:423:19:423:47 | SingletonOverride2#singleton1 | calls.rb:422:9:424:11 | singleton1 | +| calls.rb:428:9:428:44 | call to puts | calls.rb:427:5:429:7 | singleton2 | +| calls.rb:428:9:428:44 | self | calls.rb:427:5:429:7 | singleton2 | +| calls.rb:428:14:428:44 | "SingletonOverride2#singleton2" | calls.rb:427:5:429:7 | singleton2 | +| calls.rb:428:15:428:43 | SingletonOverride2#singleton2 | calls.rb:427:5:429:7 | singleton2 | +| calls.rb:432:9:432:43 | call to puts | calls.rb:431:5:433:7 | instance1 | +| calls.rb:432:9:432:43 | self | calls.rb:431:5:433:7 | instance1 | +| calls.rb:432:14:432:43 | "SingletonOverride2#instance1" | calls.rb:431:5:433:7 | instance1 | +| calls.rb:432:15:432:42 | SingletonOverride2#instance1 | calls.rb:431:5:433:7 | instance1 | +| calls.rb:444:13:444:48 | call to puts | calls.rb:443:9:445:11 | m1 | +| calls.rb:444:13:444:48 | self | calls.rb:443:9:445:11 | m1 | +| calls.rb:444:18:444:48 | "ConditionalInstanceMethods#m1" | calls.rb:443:9:445:11 | m1 | +| calls.rb:444:19:444:47 | ConditionalInstanceMethods#m1 | calls.rb:443:9:445:11 | m1 | +| calls.rb:449:9:449:44 | call to puts | calls.rb:448:5:460:7 | m2 | +| calls.rb:449:9:449:44 | self | calls.rb:448:5:460:7 | m2 | +| calls.rb:449:14:449:44 | "ConditionalInstanceMethods#m2" | calls.rb:448:5:460:7 | m2 | +| calls.rb:449:15:449:43 | ConditionalInstanceMethods#m2 | calls.rb:448:5:460:7 | m2 | +| calls.rb:451:9:457:11 | m3 | calls.rb:448:5:460:7 | m2 | +| calls.rb:452:13:452:48 | call to puts | calls.rb:451:9:457:11 | m3 | +| calls.rb:452:13:452:48 | self | calls.rb:451:9:457:11 | m3 | +| calls.rb:452:18:452:48 | "ConditionalInstanceMethods#m3" | calls.rb:451:9:457:11 | m3 | +| calls.rb:452:19:452:47 | ConditionalInstanceMethods#m3 | calls.rb:451:9:457:11 | m3 | +| calls.rb:454:13:456:15 | m4 | calls.rb:451:9:457:11 | m3 | +| calls.rb:455:17:455:52 | call to puts | calls.rb:454:13:456:15 | m4 | +| calls.rb:455:17:455:52 | self | calls.rb:454:13:456:15 | m4 | +| calls.rb:455:22:455:52 | "ConditionalInstanceMethods#m4" | calls.rb:454:13:456:15 | m4 | +| calls.rb:455:23:455:51 | ConditionalInstanceMethods#m4 | calls.rb:454:13:456:15 | m4 | +| calls.rb:459:9:459:10 | call to m3 | calls.rb:448:5:460:7 | m2 | +| calls.rb:459:9:459:10 | self | calls.rb:448:5:460:7 | m2 | +| calls.rb:465:17:465:40 | call to puts | calls.rb:464:13:466:15 | m5 | +| calls.rb:465:17:465:40 | self | calls.rb:464:13:466:15 | m5 | +| calls.rb:465:22:465:40 | "AnonymousClass#m5" | calls.rb:464:13:466:15 | m5 | +| calls.rb:465:23:465:39 | AnonymousClass#m5 | calls.rb:464:13:466:15 | m5 | +| calls.rb:481:13:481:22 | call to puts | calls.rb:480:9:482:11 | foo | +| calls.rb:481:13:481:22 | self | calls.rb:480:9:482:11 | foo | +| calls.rb:481:18:481:22 | "foo" | calls.rb:480:9:482:11 | foo | +| calls.rb:481:19:481:21 | foo | calls.rb:480:9:482:11 | foo | +| calls.rb:487:13:487:22 | call to puts | calls.rb:486:9:488:11 | bar | +| calls.rb:487:13:487:22 | self | calls.rb:486:9:488:11 | bar | +| calls.rb:487:18:487:22 | "bar" | calls.rb:486:9:488:11 | bar | +| calls.rb:487:19:487:21 | bar | calls.rb:486:9:488:11 | bar | +| calls.rb:506:9:506:46 | call to puts | calls.rb:505:5:507:7 | singleton | +| calls.rb:506:9:506:46 | self | calls.rb:505:5:507:7 | singleton | +| calls.rb:506:14:506:46 | "ExtendSingletonMethod#singleton" | calls.rb:505:5:507:7 | singleton | +| calls.rb:506:15:506:45 | ExtendSingletonMethod#singleton | calls.rb:505:5:507:7 | singleton | +| calls.rb:535:9:535:42 | call to puts | calls.rb:534:15:536:7 | foo | +| calls.rb:535:9:535:42 | self | calls.rb:534:15:536:7 | foo | +| calls.rb:535:14:535:42 | "ProtectedMethodInModule#foo" | calls.rb:534:15:536:7 | foo | +| calls.rb:535:15:535:41 | ProtectedMethodInModule#foo | calls.rb:534:15:536:7 | foo | +| calls.rb:543:9:543:35 | call to puts | calls.rb:542:15:544:7 | bar | +| calls.rb:543:9:543:35 | self | calls.rb:542:15:544:7 | bar | +| calls.rb:543:14:543:35 | "ProtectedMethods#bar" | calls.rb:542:15:544:7 | bar | +| calls.rb:543:15:543:34 | ProtectedMethods#bar | calls.rb:542:15:544:7 | bar | +| calls.rb:547:9:547:11 | call to foo | calls.rb:546:5:551:7 | baz | +| calls.rb:547:9:547:11 | self | calls.rb:546:5:551:7 | baz | +| calls.rb:548:9:548:11 | call to bar | calls.rb:546:5:551:7 | baz | +| calls.rb:548:9:548:11 | self | calls.rb:546:5:551:7 | baz | +| calls.rb:549:9:549:24 | ProtectedMethods | calls.rb:546:5:551:7 | baz | +| calls.rb:549:9:549:28 | call to new | calls.rb:546:5:551:7 | baz | +| calls.rb:549:9:549:32 | call to foo | calls.rb:546:5:551:7 | baz | +| calls.rb:550:9:550:24 | ProtectedMethods | calls.rb:546:5:551:7 | baz | +| calls.rb:550:9:550:28 | call to new | calls.rb:546:5:551:7 | baz | +| calls.rb:550:9:550:32 | call to bar | calls.rb:546:5:551:7 | baz | +| calls.rb:560:9:560:11 | call to foo | calls.rb:559:5:562:7 | baz | +| calls.rb:560:9:560:11 | self | calls.rb:559:5:562:7 | baz | +| calls.rb:561:9:561:27 | ProtectedMethodsSub | calls.rb:559:5:562:7 | baz | +| calls.rb:561:9:561:31 | call to new | calls.rb:559:5:562:7 | baz | +| calls.rb:561:9:561:35 | call to foo | calls.rb:559:5:562:7 | baz | +| calls.rb:580:9:580:17 | call to singleton | calls.rb:579:5:582:7 | mid_method | +| calls.rb:580:9:580:17 | self | calls.rb:579:5:582:7 | mid_method | +| calls.rb:581:9:581:18 | call to singleton2 | calls.rb:579:5:582:7 | mid_method | +| calls.rb:581:9:581:18 | self | calls.rb:579:5:582:7 | mid_method | +| calls.rb:596:9:596:18 | call to singleton1 | calls.rb:595:5:597:7 | call_singleton1 | +| calls.rb:596:9:596:18 | self | calls.rb:595:5:597:7 | call_singleton1 | +| calls.rb:600:9:600:23 | call to call_singleton1 | calls.rb:599:5:601:7 | call_call_singleton1 | +| calls.rb:600:9:600:23 | self | calls.rb:599:5:601:7 | call_call_singleton1 | +| calls.rb:609:9:609:18 | call to singleton1 | calls.rb:608:5:610:7 | call_singleton1 | +| calls.rb:609:9:609:18 | self | calls.rb:608:5:610:7 | call_singleton1 | +| calls.rb:618:9:618:18 | call to singleton1 | calls.rb:617:5:619:7 | call_singleton1 | +| calls.rb:618:9:618:18 | self | calls.rb:617:5:619:7 | call_singleton1 | +| calls.rb:628:9:628:12 | self | calls.rb:627:5:629:7 | foo | +| calls.rb:628:9:628:16 | call to bar | calls.rb:627:5:629:7 | foo | +| calls.rb:637:9:637:13 | super call to bar | calls.rb:636:5:638:7 | bar | +| calls.rb:643:9:643:10 | C1 | calls.rb:642:5:644:7 | new | +| calls.rb:643:9:643:14 | call to new | calls.rb:642:5:644:7 | new | +| calls.rb:651:9:651:12 | self | calls.rb:650:5:652:7 | new | +| calls.rb:651:9:651:21 | call to allocate | calls.rb:650:5:652:7 | new | +| calls.rb:655:9:655:34 | call to puts | calls.rb:654:5:656:7 | instance | +| calls.rb:655:9:655:34 | self | calls.rb:654:5:656:7 | instance | +| calls.rb:655:14:655:34 | "CustomNew2#instance" | calls.rb:654:5:656:7 | instance | +| calls.rb:655:15:655:33 | CustomNew2#instance | calls.rb:654:5:656:7 | instance | +| calls.rb:661:23:661:23 | x | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:661:23:661:23 | x | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:662:5:662:11 | Array | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:662:5:662:11 | [...] | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:662:5:662:11 | call to [] | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:662:5:664:7 | call to each | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:662:6:662:6 | 0 | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:662:8:662:8 | 1 | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:662:10:662:10 | 2 | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:662:18:664:7 | do ... end | calls.rb:661:1:665:3 | capture_parameter | +| calls.rb:663:9:663:9 | x | calls.rb:661:1:665:3 | capture_parameter | | hello.rb:3:9:3:22 | return | hello.rb:2:5:4:7 | hello | | hello.rb:3:16:3:22 | "hello" | hello.rb:2:5:4:7 | hello | | hello.rb:3:17:3:21 | hello | hello.rb:2:5:4:7 | hello | diff --git a/ruby/ql/test/library-tests/modules/modules.expected b/ruby/ql/test/library-tests/modules/modules.expected index e138f5ce4c3..0b98c128eb0 100644 --- a/ruby/ql/test/library-tests/modules/modules.expected +++ b/ruby/ql/test/library-tests/modules/modules.expected @@ -14,28 +14,28 @@ getModule | calls.rb:176:1:179:3 | B | | calls.rb:190:1:226:3 | Singletons | | calls.rb:310:1:321:3 | SelfNew | -| calls.rb:325:1:329:3 | C1 | -| calls.rb:331:1:335:3 | C2 | -| calls.rb:337:1:341:3 | C3 | -| calls.rb:377:1:405:3 | SingletonOverride1 | -| calls.rb:412:1:426:3 | SingletonOverride2 | -| calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:496:1:502:3 | ExtendSingletonMethod | -| calls.rb:506:1:508:3 | ExtendSingletonMethod2 | -| calls.rb:512:1:513:3 | ExtendSingletonMethod3 | -| calls.rb:525:1:529:3 | ProtectedMethodInModule | -| calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:550:1:555:3 | ProtectedMethodsSub | -| calls.rb:564:1:567:3 | SingletonUpCall_Base | -| calls.rb:568:1:575:3 | SingletonUpCall_Sub | -| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | -| calls.rb:583:1:594:3 | SingletonA | -| calls.rb:596:1:603:3 | SingletonB | -| calls.rb:605:1:612:3 | SingletonC | -| calls.rb:618:1:624:3 | Included | -| calls.rb:626:1:631:3 | IncludesIncluded | -| calls.rb:633:1:637:3 | CustomNew1 | -| calls.rb:641:1:649:3 | CustomNew2 | +| calls.rb:325:1:333:3 | C1 | +| calls.rb:335:1:339:3 | C2 | +| calls.rb:341:1:345:3 | C3 | +| calls.rb:385:1:413:3 | SingletonOverride1 | +| calls.rb:420:1:434:3 | SingletonOverride2 | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:504:1:510:3 | ExtendSingletonMethod | +| calls.rb:514:1:516:3 | ExtendSingletonMethod2 | +| calls.rb:520:1:521:3 | ExtendSingletonMethod3 | +| calls.rb:533:1:537:3 | ProtectedMethodInModule | +| calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:558:1:563:3 | ProtectedMethodsSub | +| calls.rb:572:1:575:3 | SingletonUpCall_Base | +| calls.rb:576:1:583:3 | SingletonUpCall_Sub | +| calls.rb:584:1:589:3 | SingletonUpCall_SubSub | +| calls.rb:591:1:602:3 | SingletonA | +| calls.rb:604:1:611:3 | SingletonB | +| calls.rb:613:1:620:3 | SingletonC | +| calls.rb:626:1:632:3 | Included | +| calls.rb:634:1:639:3 | IncludesIncluded | +| calls.rb:641:1:645:3 | CustomNew1 | +| calls.rb:649:1:657:3 | CustomNew2 | | file://:0:0:0:0 | BasicObject | | file://:0:0:0:0 | Class | | file://:0:0:0:0 | Complex | @@ -111,7 +111,7 @@ getADeclaration | calls.rb:96:1:98:3 | String | calls.rb:96:1:98:3 | String | | calls.rb:100:1:103:3 | Kernel | calls.rb:100:1:103:3 | Kernel | | calls.rb:105:1:113:3 | Module | calls.rb:105:1:113:3 | Module | -| calls.rb:115:1:118:3 | Object | calls.rb:1:1:651:24 | calls.rb | +| calls.rb:115:1:118:3 | Object | calls.rb:1:1:667:52 | calls.rb | | calls.rb:115:1:118:3 | Object | calls.rb:115:1:118:3 | Object | | calls.rb:115:1:118:3 | Object | hello.rb:1:1:22:3 | hello.rb | | calls.rb:115:1:118:3 | Object | instance_fields.rb:1:1:29:4 | instance_fields.rb | @@ -131,28 +131,28 @@ getADeclaration | calls.rb:176:1:179:3 | B | instance_fields.rb:16:1:25:3 | B | | calls.rb:190:1:226:3 | Singletons | calls.rb:190:1:226:3 | Singletons | | calls.rb:310:1:321:3 | SelfNew | calls.rb:310:1:321:3 | SelfNew | -| calls.rb:325:1:329:3 | C1 | calls.rb:325:1:329:3 | C1 | -| calls.rb:331:1:335:3 | C2 | calls.rb:331:1:335:3 | C2 | -| calls.rb:337:1:341:3 | C3 | calls.rb:337:1:341:3 | C3 | -| calls.rb:377:1:405:3 | SingletonOverride1 | calls.rb:377:1:405:3 | SingletonOverride1 | -| calls.rb:412:1:426:3 | SingletonOverride2 | calls.rb:412:1:426:3 | SingletonOverride2 | -| calls.rb:433:1:461:3 | ConditionalInstanceMethods | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:496:1:502:3 | ExtendSingletonMethod | calls.rb:496:1:502:3 | ExtendSingletonMethod | -| calls.rb:506:1:508:3 | ExtendSingletonMethod2 | calls.rb:506:1:508:3 | ExtendSingletonMethod2 | -| calls.rb:512:1:513:3 | ExtendSingletonMethod3 | calls.rb:512:1:513:3 | ExtendSingletonMethod3 | -| calls.rb:525:1:529:3 | ProtectedMethodInModule | calls.rb:525:1:529:3 | ProtectedMethodInModule | -| calls.rb:531:1:544:3 | ProtectedMethods | calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:550:1:555:3 | ProtectedMethodsSub | calls.rb:550:1:555:3 | ProtectedMethodsSub | -| calls.rb:564:1:567:3 | SingletonUpCall_Base | calls.rb:564:1:567:3 | SingletonUpCall_Base | -| calls.rb:568:1:575:3 | SingletonUpCall_Sub | calls.rb:568:1:575:3 | SingletonUpCall_Sub | -| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | calls.rb:576:1:581:3 | SingletonUpCall_SubSub | -| calls.rb:583:1:594:3 | SingletonA | calls.rb:583:1:594:3 | SingletonA | -| calls.rb:596:1:603:3 | SingletonB | calls.rb:596:1:603:3 | SingletonB | -| calls.rb:605:1:612:3 | SingletonC | calls.rb:605:1:612:3 | SingletonC | -| calls.rb:618:1:624:3 | Included | calls.rb:618:1:624:3 | Included | -| calls.rb:626:1:631:3 | IncludesIncluded | calls.rb:626:1:631:3 | IncludesIncluded | -| calls.rb:633:1:637:3 | CustomNew1 | calls.rb:633:1:637:3 | CustomNew1 | -| calls.rb:641:1:649:3 | CustomNew2 | calls.rb:641:1:649:3 | CustomNew2 | +| calls.rb:325:1:333:3 | C1 | calls.rb:325:1:333:3 | C1 | +| calls.rb:335:1:339:3 | C2 | calls.rb:335:1:339:3 | C2 | +| calls.rb:341:1:345:3 | C3 | calls.rb:341:1:345:3 | C3 | +| calls.rb:385:1:413:3 | SingletonOverride1 | calls.rb:385:1:413:3 | SingletonOverride1 | +| calls.rb:420:1:434:3 | SingletonOverride2 | calls.rb:420:1:434:3 | SingletonOverride2 | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:504:1:510:3 | ExtendSingletonMethod | calls.rb:504:1:510:3 | ExtendSingletonMethod | +| calls.rb:514:1:516:3 | ExtendSingletonMethod2 | calls.rb:514:1:516:3 | ExtendSingletonMethod2 | +| calls.rb:520:1:521:3 | ExtendSingletonMethod3 | calls.rb:520:1:521:3 | ExtendSingletonMethod3 | +| calls.rb:533:1:537:3 | ProtectedMethodInModule | calls.rb:533:1:537:3 | ProtectedMethodInModule | +| calls.rb:539:1:552:3 | ProtectedMethods | calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:558:1:563:3 | ProtectedMethodsSub | calls.rb:558:1:563:3 | ProtectedMethodsSub | +| calls.rb:572:1:575:3 | SingletonUpCall_Base | calls.rb:572:1:575:3 | SingletonUpCall_Base | +| calls.rb:576:1:583:3 | SingletonUpCall_Sub | calls.rb:576:1:583:3 | SingletonUpCall_Sub | +| calls.rb:584:1:589:3 | SingletonUpCall_SubSub | calls.rb:584:1:589:3 | SingletonUpCall_SubSub | +| calls.rb:591:1:602:3 | SingletonA | calls.rb:591:1:602:3 | SingletonA | +| calls.rb:604:1:611:3 | SingletonB | calls.rb:604:1:611:3 | SingletonB | +| calls.rb:613:1:620:3 | SingletonC | calls.rb:613:1:620:3 | SingletonC | +| calls.rb:626:1:632:3 | Included | calls.rb:626:1:632:3 | Included | +| calls.rb:634:1:639:3 | IncludesIncluded | calls.rb:634:1:639:3 | IncludesIncluded | +| calls.rb:641:1:645:3 | CustomNew1 | calls.rb:641:1:645:3 | CustomNew1 | +| calls.rb:649:1:657:3 | CustomNew2 | calls.rb:649:1:657:3 | CustomNew2 | | hello.rb:1:1:8:3 | EnglishWords | hello.rb:1:1:8:3 | EnglishWords | | hello.rb:11:1:16:3 | Greeting | hello.rb:11:1:16:3 | Greeting | | hello.rb:18:1:22:3 | HelloWorld | hello.rb:18:1:22:3 | HelloWorld | @@ -221,23 +221,23 @@ getSuperClass | calls.rb:176:1:179:3 | B | calls.rb:165:1:169:3 | S | | calls.rb:190:1:226:3 | Singletons | calls.rb:115:1:118:3 | Object | | calls.rb:310:1:321:3 | SelfNew | calls.rb:115:1:118:3 | Object | -| calls.rb:325:1:329:3 | C1 | calls.rb:115:1:118:3 | Object | -| calls.rb:331:1:335:3 | C2 | calls.rb:325:1:329:3 | C1 | -| calls.rb:337:1:341:3 | C3 | calls.rb:331:1:335:3 | C2 | -| calls.rb:377:1:405:3 | SingletonOverride1 | calls.rb:115:1:118:3 | Object | -| calls.rb:412:1:426:3 | SingletonOverride2 | calls.rb:377:1:405:3 | SingletonOverride1 | -| calls.rb:433:1:461:3 | ConditionalInstanceMethods | calls.rb:115:1:118:3 | Object | -| calls.rb:531:1:544:3 | ProtectedMethods | calls.rb:115:1:118:3 | Object | -| calls.rb:550:1:555:3 | ProtectedMethodsSub | calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:564:1:567:3 | SingletonUpCall_Base | calls.rb:115:1:118:3 | Object | -| calls.rb:568:1:575:3 | SingletonUpCall_Sub | calls.rb:564:1:567:3 | SingletonUpCall_Base | -| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | calls.rb:568:1:575:3 | SingletonUpCall_Sub | -| calls.rb:583:1:594:3 | SingletonA | calls.rb:115:1:118:3 | Object | -| calls.rb:596:1:603:3 | SingletonB | calls.rb:583:1:594:3 | SingletonA | -| calls.rb:605:1:612:3 | SingletonC | calls.rb:583:1:594:3 | SingletonA | -| calls.rb:626:1:631:3 | IncludesIncluded | calls.rb:115:1:118:3 | Object | -| calls.rb:633:1:637:3 | CustomNew1 | calls.rb:115:1:118:3 | Object | -| calls.rb:641:1:649:3 | CustomNew2 | calls.rb:115:1:118:3 | Object | +| calls.rb:325:1:333:3 | C1 | calls.rb:115:1:118:3 | Object | +| calls.rb:335:1:339:3 | C2 | calls.rb:325:1:333:3 | C1 | +| calls.rb:341:1:345:3 | C3 | calls.rb:335:1:339:3 | C2 | +| calls.rb:385:1:413:3 | SingletonOverride1 | calls.rb:115:1:118:3 | Object | +| calls.rb:420:1:434:3 | SingletonOverride2 | calls.rb:385:1:413:3 | SingletonOverride1 | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | calls.rb:115:1:118:3 | Object | +| calls.rb:539:1:552:3 | ProtectedMethods | calls.rb:115:1:118:3 | Object | +| calls.rb:558:1:563:3 | ProtectedMethodsSub | calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:572:1:575:3 | SingletonUpCall_Base | calls.rb:115:1:118:3 | Object | +| calls.rb:576:1:583:3 | SingletonUpCall_Sub | calls.rb:572:1:575:3 | SingletonUpCall_Base | +| calls.rb:584:1:589:3 | SingletonUpCall_SubSub | calls.rb:576:1:583:3 | SingletonUpCall_Sub | +| calls.rb:591:1:602:3 | SingletonA | calls.rb:115:1:118:3 | Object | +| calls.rb:604:1:611:3 | SingletonB | calls.rb:591:1:602:3 | SingletonA | +| calls.rb:613:1:620:3 | SingletonC | calls.rb:591:1:602:3 | SingletonA | +| calls.rb:634:1:639:3 | IncludesIncluded | calls.rb:115:1:118:3 | Object | +| calls.rb:641:1:645:3 | CustomNew1 | calls.rb:115:1:118:3 | Object | +| calls.rb:649:1:657:3 | CustomNew2 | calls.rb:115:1:118:3 | Object | | file://:0:0:0:0 | Class | calls.rb:105:1:113:3 | Module | | file://:0:0:0:0 | Complex | file://:0:0:0:0 | Numeric | | file://:0:0:0:0 | FalseClass | calls.rb:115:1:118:3 | Object | @@ -278,8 +278,8 @@ getAPrependedModule getAnIncludedModule | calls.rb:43:1:58:3 | C | calls.rb:21:1:34:3 | M | | calls.rb:115:1:118:3 | Object | calls.rb:100:1:103:3 | Kernel | -| calls.rb:531:1:544:3 | ProtectedMethods | calls.rb:525:1:529:3 | ProtectedMethodInModule | -| calls.rb:626:1:631:3 | IncludesIncluded | calls.rb:618:1:624:3 | Included | +| calls.rb:539:1:552:3 | ProtectedMethods | calls.rb:533:1:537:3 | ProtectedMethodInModule | +| calls.rb:634:1:639:3 | IncludesIncluded | calls.rb:626:1:632:3 | Included | | hello.rb:11:1:16:3 | Greeting | hello.rb:1:1:8:3 | EnglishWords | | modules.rb:88:1:93:3 | IncludeTest | modules.rb:63:1:81:3 | Test | | modules.rb:95:1:99:3 | IncludeTest2 | modules.rb:63:1:81:3 | Test | @@ -316,76 +316,79 @@ resolveConstantReadAccess | calls.rb:302:10:302:19 | Singletons | Singletons | | calls.rb:308:1:308:10 | Singletons | Singletons | | calls.rb:323:1:323:7 | SelfNew | SelfNew | -| calls.rb:331:12:331:13 | C1 | C1 | -| calls.rb:337:12:337:13 | C2 | C2 | -| calls.rb:345:10:345:11 | C3 | C3 | -| calls.rb:347:10:347:11 | C2 | C2 | -| calls.rb:349:10:349:11 | C1 | C1 | -| calls.rb:355:12:355:13 | C3 | C3 | -| calls.rb:356:12:356:13 | C2 | C2 | -| calls.rb:357:12:357:13 | C1 | C1 | -| calls.rb:361:6:361:7 | C1 | C1 | -| calls.rb:363:19:363:20 | C1 | C1 | -| calls.rb:364:19:364:20 | C2 | C2 | -| calls.rb:365:19:365:20 | C3 | C3 | -| calls.rb:373:6:373:7 | C1 | C1 | -| calls.rb:407:1:407:18 | SingletonOverride1 | SingletonOverride1 | -| calls.rb:408:1:408:18 | SingletonOverride1 | SingletonOverride1 | -| calls.rb:409:1:409:18 | SingletonOverride1 | SingletonOverride1 | -| calls.rb:410:1:410:18 | SingletonOverride1 | SingletonOverride1 | -| calls.rb:412:28:412:45 | SingletonOverride1 | SingletonOverride1 | -| calls.rb:428:1:428:18 | SingletonOverride2 | SingletonOverride2 | -| calls.rb:429:1:429:18 | SingletonOverride2 | SingletonOverride2 | -| calls.rb:430:1:430:18 | SingletonOverride2 | SingletonOverride2 | -| calls.rb:431:1:431:18 | SingletonOverride2 | SingletonOverride2 | -| calls.rb:455:9:455:13 | Class | Class | -| calls.rb:463:1:463:26 | ConditionalInstanceMethods | ConditionalInstanceMethods | -| calls.rb:464:1:464:26 | ConditionalInstanceMethods | ConditionalInstanceMethods | -| calls.rb:465:1:465:26 | ConditionalInstanceMethods | ConditionalInstanceMethods | -| calls.rb:466:1:466:26 | ConditionalInstanceMethods | ConditionalInstanceMethods | -| calls.rb:467:1:467:26 | ConditionalInstanceMethods | ConditionalInstanceMethods | -| calls.rb:468:1:468:26 | ConditionalInstanceMethods | ConditionalInstanceMethods | -| calls.rb:470:27:470:31 | Class | Class | -| calls.rb:471:5:471:11 | Array | Array | -| calls.rb:477:5:477:9 | Class | Class | -| calls.rb:483:5:483:11 | Array | Array | -| calls.rb:490:1:490:23 | EsotericInstanceMethods | EsotericInstanceMethods | -| calls.rb:491:1:491:23 | EsotericInstanceMethods | EsotericInstanceMethods | -| calls.rb:492:1:492:23 | EsotericInstanceMethods | EsotericInstanceMethods | -| calls.rb:493:1:493:23 | EsotericInstanceMethods | EsotericInstanceMethods | -| calls.rb:494:1:494:23 | EsotericInstanceMethods | EsotericInstanceMethods | -| calls.rb:504:1:504:21 | ExtendSingletonMethod | ExtendSingletonMethod | -| calls.rb:507:12:507:32 | ExtendSingletonMethod | ExtendSingletonMethod | -| calls.rb:510:1:510:22 | ExtendSingletonMethod2 | ExtendSingletonMethod2 | -| calls.rb:515:1:515:22 | ExtendSingletonMethod3 | ExtendSingletonMethod3 | -| calls.rb:515:31:515:51 | ExtendSingletonMethod | ExtendSingletonMethod | -| calls.rb:517:1:517:22 | ExtendSingletonMethod3 | ExtendSingletonMethod3 | -| calls.rb:521:12:521:32 | ExtendSingletonMethod | ExtendSingletonMethod | -| calls.rb:532:13:532:35 | ProtectedMethodInModule | ProtectedMethodInModule | -| calls.rb:541:9:541:24 | ProtectedMethods | ProtectedMethods | -| calls.rb:542:9:542:24 | ProtectedMethods | ProtectedMethods | -| calls.rb:546:1:546:16 | ProtectedMethods | ProtectedMethods | -| calls.rb:547:1:547:16 | ProtectedMethods | ProtectedMethods | -| calls.rb:548:1:548:16 | ProtectedMethods | ProtectedMethods | -| calls.rb:550:29:550:44 | ProtectedMethods | ProtectedMethods | -| calls.rb:553:9:553:27 | ProtectedMethodsSub | ProtectedMethodsSub | -| calls.rb:557:1:557:19 | ProtectedMethodsSub | ProtectedMethodsSub | -| calls.rb:558:1:558:19 | ProtectedMethodsSub | ProtectedMethodsSub | -| calls.rb:559:1:559:19 | ProtectedMethodsSub | ProtectedMethodsSub | -| calls.rb:561:1:561:7 | Array | Array | -| calls.rb:561:2:561:2 | C | C | -| calls.rb:562:1:562:13 | Array | Array | -| calls.rb:568:29:568:48 | SingletonUpCall_Base | SingletonUpCall_Base | -| calls.rb:576:32:576:50 | SingletonUpCall_Sub | SingletonUpCall_Sub | -| calls.rb:596:20:596:29 | SingletonA | SingletonA | -| calls.rb:605:20:605:29 | SingletonA | SingletonA | -| calls.rb:614:1:614:10 | SingletonA | SingletonA | -| calls.rb:615:1:615:10 | SingletonB | SingletonB | -| calls.rb:616:1:616:10 | SingletonC | SingletonC | -| calls.rb:627:13:627:20 | Included | Included | -| calls.rb:635:9:635:10 | C1 | C1 | -| calls.rb:639:1:639:10 | CustomNew1 | CustomNew1 | -| calls.rb:651:1:651:10 | CustomNew2 | CustomNew2 | +| calls.rb:335:12:335:13 | C1 | C1 | +| calls.rb:341:12:341:13 | C2 | C2 | +| calls.rb:349:10:349:11 | C3 | C3 | +| calls.rb:351:10:351:11 | C2 | C2 | +| calls.rb:353:10:353:11 | C1 | C1 | +| calls.rb:359:12:359:13 | C3 | C3 | +| calls.rb:360:12:360:13 | C2 | C2 | +| calls.rb:361:12:361:13 | C1 | C1 | +| calls.rb:365:6:365:7 | C1 | C1 | +| calls.rb:368:19:368:20 | C1 | C1 | +| calls.rb:369:19:369:20 | C2 | C2 | +| calls.rb:370:19:370:20 | C3 | C3 | +| calls.rb:372:1:372:2 | C3 | C3 | +| calls.rb:380:6:380:7 | C1 | C1 | +| calls.rb:415:1:415:18 | SingletonOverride1 | SingletonOverride1 | +| calls.rb:416:1:416:18 | SingletonOverride1 | SingletonOverride1 | +| calls.rb:417:1:417:18 | SingletonOverride1 | SingletonOverride1 | +| calls.rb:418:1:418:18 | SingletonOverride1 | SingletonOverride1 | +| calls.rb:420:28:420:45 | SingletonOverride1 | SingletonOverride1 | +| calls.rb:436:1:436:18 | SingletonOverride2 | SingletonOverride2 | +| calls.rb:437:1:437:18 | SingletonOverride2 | SingletonOverride2 | +| calls.rb:438:1:438:18 | SingletonOverride2 | SingletonOverride2 | +| calls.rb:439:1:439:18 | SingletonOverride2 | SingletonOverride2 | +| calls.rb:463:9:463:13 | Class | Class | +| calls.rb:471:1:471:26 | ConditionalInstanceMethods | ConditionalInstanceMethods | +| calls.rb:472:1:472:26 | ConditionalInstanceMethods | ConditionalInstanceMethods | +| calls.rb:473:1:473:26 | ConditionalInstanceMethods | ConditionalInstanceMethods | +| calls.rb:474:1:474:26 | ConditionalInstanceMethods | ConditionalInstanceMethods | +| calls.rb:475:1:475:26 | ConditionalInstanceMethods | ConditionalInstanceMethods | +| calls.rb:476:1:476:26 | ConditionalInstanceMethods | ConditionalInstanceMethods | +| calls.rb:478:27:478:31 | Class | Class | +| calls.rb:479:5:479:11 | Array | Array | +| calls.rb:485:5:485:9 | Class | Class | +| calls.rb:491:5:491:11 | Array | Array | +| calls.rb:498:1:498:23 | EsotericInstanceMethods | EsotericInstanceMethods | +| calls.rb:499:1:499:23 | EsotericInstanceMethods | EsotericInstanceMethods | +| calls.rb:500:1:500:23 | EsotericInstanceMethods | EsotericInstanceMethods | +| calls.rb:501:1:501:23 | EsotericInstanceMethods | EsotericInstanceMethods | +| calls.rb:502:1:502:23 | EsotericInstanceMethods | EsotericInstanceMethods | +| calls.rb:512:1:512:21 | ExtendSingletonMethod | ExtendSingletonMethod | +| calls.rb:515:12:515:32 | ExtendSingletonMethod | ExtendSingletonMethod | +| calls.rb:518:1:518:22 | ExtendSingletonMethod2 | ExtendSingletonMethod2 | +| calls.rb:523:1:523:22 | ExtendSingletonMethod3 | ExtendSingletonMethod3 | +| calls.rb:523:31:523:51 | ExtendSingletonMethod | ExtendSingletonMethod | +| calls.rb:525:1:525:22 | ExtendSingletonMethod3 | ExtendSingletonMethod3 | +| calls.rb:529:12:529:32 | ExtendSingletonMethod | ExtendSingletonMethod | +| calls.rb:540:13:540:35 | ProtectedMethodInModule | ProtectedMethodInModule | +| calls.rb:549:9:549:24 | ProtectedMethods | ProtectedMethods | +| calls.rb:550:9:550:24 | ProtectedMethods | ProtectedMethods | +| calls.rb:554:1:554:16 | ProtectedMethods | ProtectedMethods | +| calls.rb:555:1:555:16 | ProtectedMethods | ProtectedMethods | +| calls.rb:556:1:556:16 | ProtectedMethods | ProtectedMethods | +| calls.rb:558:29:558:44 | ProtectedMethods | ProtectedMethods | +| calls.rb:561:9:561:27 | ProtectedMethodsSub | ProtectedMethodsSub | +| calls.rb:565:1:565:19 | ProtectedMethodsSub | ProtectedMethodsSub | +| calls.rb:566:1:566:19 | ProtectedMethodsSub | ProtectedMethodsSub | +| calls.rb:567:1:567:19 | ProtectedMethodsSub | ProtectedMethodsSub | +| calls.rb:569:1:569:7 | Array | Array | +| calls.rb:569:2:569:2 | C | C | +| calls.rb:570:1:570:13 | Array | Array | +| calls.rb:576:29:576:48 | SingletonUpCall_Base | SingletonUpCall_Base | +| calls.rb:584:32:584:50 | SingletonUpCall_Sub | SingletonUpCall_Sub | +| calls.rb:604:20:604:29 | SingletonA | SingletonA | +| calls.rb:613:20:613:29 | SingletonA | SingletonA | +| calls.rb:622:1:622:10 | SingletonA | SingletonA | +| calls.rb:623:1:623:10 | SingletonB | SingletonB | +| calls.rb:624:1:624:10 | SingletonC | SingletonC | +| calls.rb:635:13:635:20 | Included | Included | +| calls.rb:643:9:643:10 | C1 | C1 | +| calls.rb:647:1:647:10 | CustomNew1 | CustomNew1 | +| calls.rb:659:1:659:10 | CustomNew2 | CustomNew2 | +| calls.rb:662:5:662:11 | Array | Array | +| calls.rb:667:20:667:21 | C1 | C1 | | hello.rb:12:13:12:24 | EnglishWords | EnglishWords | | hello.rb:18:20:18:27 | Greeting | Greeting | | instance_fields.rb:4:22:4:31 | A_target | A_target | @@ -469,29 +472,29 @@ resolveConstantWriteAccess | calls.rb:176:1:179:3 | B | B | | calls.rb:190:1:226:3 | Singletons | Singletons | | calls.rb:310:1:321:3 | SelfNew | SelfNew | -| calls.rb:325:1:329:3 | C1 | C1 | -| calls.rb:331:1:335:3 | C2 | C2 | -| calls.rb:337:1:341:3 | C3 | C3 | -| calls.rb:377:1:405:3 | SingletonOverride1 | SingletonOverride1 | -| calls.rb:412:1:426:3 | SingletonOverride2 | SingletonOverride2 | -| calls.rb:433:1:461:3 | ConditionalInstanceMethods | ConditionalInstanceMethods | -| calls.rb:470:1:470:23 | EsotericInstanceMethods | EsotericInstanceMethods | -| calls.rb:496:1:502:3 | ExtendSingletonMethod | ExtendSingletonMethod | -| calls.rb:506:1:508:3 | ExtendSingletonMethod2 | ExtendSingletonMethod2 | -| calls.rb:512:1:513:3 | ExtendSingletonMethod3 | ExtendSingletonMethod3 | -| calls.rb:525:1:529:3 | ProtectedMethodInModule | ProtectedMethodInModule | -| calls.rb:531:1:544:3 | ProtectedMethods | ProtectedMethods | -| calls.rb:550:1:555:3 | ProtectedMethodsSub | ProtectedMethodsSub | -| calls.rb:564:1:567:3 | SingletonUpCall_Base | SingletonUpCall_Base | -| calls.rb:568:1:575:3 | SingletonUpCall_Sub | SingletonUpCall_Sub | -| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | SingletonUpCall_SubSub | -| calls.rb:583:1:594:3 | SingletonA | SingletonA | -| calls.rb:596:1:603:3 | SingletonB | SingletonB | -| calls.rb:605:1:612:3 | SingletonC | SingletonC | -| calls.rb:618:1:624:3 | Included | Included | -| calls.rb:626:1:631:3 | IncludesIncluded | IncludesIncluded | -| calls.rb:633:1:637:3 | CustomNew1 | CustomNew1 | -| calls.rb:641:1:649:3 | CustomNew2 | CustomNew2 | +| calls.rb:325:1:333:3 | C1 | C1 | +| calls.rb:335:1:339:3 | C2 | C2 | +| calls.rb:341:1:345:3 | C3 | C3 | +| calls.rb:385:1:413:3 | SingletonOverride1 | SingletonOverride1 | +| calls.rb:420:1:434:3 | SingletonOverride2 | SingletonOverride2 | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | ConditionalInstanceMethods | +| calls.rb:478:1:478:23 | EsotericInstanceMethods | EsotericInstanceMethods | +| calls.rb:504:1:510:3 | ExtendSingletonMethod | ExtendSingletonMethod | +| calls.rb:514:1:516:3 | ExtendSingletonMethod2 | ExtendSingletonMethod2 | +| calls.rb:520:1:521:3 | ExtendSingletonMethod3 | ExtendSingletonMethod3 | +| calls.rb:533:1:537:3 | ProtectedMethodInModule | ProtectedMethodInModule | +| calls.rb:539:1:552:3 | ProtectedMethods | ProtectedMethods | +| calls.rb:558:1:563:3 | ProtectedMethodsSub | ProtectedMethodsSub | +| calls.rb:572:1:575:3 | SingletonUpCall_Base | SingletonUpCall_Base | +| calls.rb:576:1:583:3 | SingletonUpCall_Sub | SingletonUpCall_Sub | +| calls.rb:584:1:589:3 | SingletonUpCall_SubSub | SingletonUpCall_SubSub | +| calls.rb:591:1:602:3 | SingletonA | SingletonA | +| calls.rb:604:1:611:3 | SingletonB | SingletonB | +| calls.rb:613:1:620:3 | SingletonC | SingletonC | +| calls.rb:626:1:632:3 | Included | Included | +| calls.rb:634:1:639:3 | IncludesIncluded | IncludesIncluded | +| calls.rb:641:1:645:3 | CustomNew1 | CustomNew1 | +| calls.rb:649:1:657:3 | CustomNew2 | CustomNew2 | | hello.rb:1:1:8:3 | EnglishWords | EnglishWords | | hello.rb:11:1:16:3 | Greeting | Greeting | | hello.rb:18:1:22:3 | HelloWorld | HelloWorld | @@ -561,32 +564,32 @@ resolveConstantWriteAccess | unresolved_subclass.rb:17:1:18:3 | Subclass2 | UnresolvedNamespace::X1::X2::X3::Subclass2 | | unresolved_subclass.rb:21:1:22:3 | A | UnresolvedNamespace::X1::X2::X3::A | enclosingModule -| calls.rb:1:1:3:3 | foo | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:2:5:2:14 | call to puts | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:2:5:2:14 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:2:10:2:14 | "foo" | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:2:11:2:13 | foo | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:5:1:5:3 | call to foo | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:5:1:5:3 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:7:1:9:3 | bar | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:7:5:7:8 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:8:5:8:15 | call to puts | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:8:5:8:15 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:8:10:8:15 | "bar1" | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:8:11:8:14 | bar1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:11:1:11:4 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:11:1:11:8 | call to bar | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:13:1:15:3 | bar | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:13:5:13:8 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:14:5:14:15 | call to puts | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:14:5:14:15 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:14:10:14:15 | "bar2" | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:14:11:14:14 | bar2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:17:1:17:4 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:17:1:17:8 | call to bar | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:19:1:19:4 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:19:1:19:8 | call to foo | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:21:1:34:3 | M | calls.rb:1:1:651:24 | calls.rb | +| calls.rb:1:1:3:3 | foo | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:2:5:2:14 | call to puts | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:2:5:2:14 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:2:10:2:14 | "foo" | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:2:11:2:13 | foo | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:5:1:5:3 | call to foo | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:5:1:5:3 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:7:1:9:3 | bar | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:7:5:7:8 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:8:5:8:15 | call to puts | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:8:5:8:15 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:8:10:8:15 | "bar1" | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:8:11:8:14 | bar1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:11:1:11:4 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:11:1:11:8 | call to bar | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:13:1:15:3 | bar | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:13:5:13:8 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:14:5:14:15 | call to puts | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:14:5:14:15 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:14:10:14:15 | "bar2" | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:14:11:14:14 | bar2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:17:1:17:4 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:17:1:17:8 | call to bar | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:19:1:19:4 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:19:1:19:8 | call to foo | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:21:1:34:3 | M | calls.rb:1:1:667:52 | calls.rb | | calls.rb:22:5:24:7 | instance_m | calls.rb:21:1:34:3 | M | | calls.rb:23:9:23:19 | call to singleton_m | calls.rb:21:1:34:3 | M | | calls.rb:23:9:23:19 | self | calls.rb:21:1:34:3 | M | @@ -602,14 +605,14 @@ enclosingModule | calls.rb:32:5:32:15 | self | calls.rb:21:1:34:3 | M | | calls.rb:33:5:33:8 | self | calls.rb:21:1:34:3 | M | | calls.rb:33:5:33:20 | call to singleton_m | calls.rb:21:1:34:3 | M | -| calls.rb:36:1:36:1 | M | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:36:1:36:12 | call to instance_m | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:37:1:37:1 | M | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:37:1:37:13 | call to singleton_m | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:39:1:41:3 | call_instance_m | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:40:5:40:14 | call to instance_m | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:40:5:40:14 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:43:1:58:3 | C | calls.rb:1:1:651:24 | calls.rb | +| calls.rb:36:1:36:1 | M | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:36:1:36:12 | call to instance_m | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:37:1:37:1 | M | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:37:1:37:13 | call to singleton_m | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:39:1:41:3 | call_instance_m | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:40:5:40:14 | call to instance_m | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:40:5:40:14 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:43:1:58:3 | C | calls.rb:1:1:667:52 | calls.rb | | calls.rb:44:5:44:13 | call to include | calls.rb:43:1:58:3 | C | | calls.rb:44:5:44:13 | self | calls.rb:43:1:58:3 | C | | calls.rb:44:13:44:13 | M | calls.rb:43:1:58:3 | C | @@ -630,66 +633,66 @@ enclosingModule | calls.rb:55:9:55:19 | self | calls.rb:43:1:58:3 | C | | calls.rb:56:9:56:12 | self | calls.rb:43:1:58:3 | C | | calls.rb:56:9:56:24 | call to singleton_m | calls.rb:43:1:58:3 | C | -| calls.rb:60:1:60:1 | c | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:60:1:60:9 | ... = ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:60:5:60:5 | C | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:60:5:60:9 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:61:1:61:1 | c | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:61:1:61:5 | call to baz | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:62:1:62:1 | c | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:62:1:62:13 | call to singleton_m | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:63:1:63:1 | c | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:63:1:63:12 | call to instance_m | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:65:1:69:3 | D | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:65:11:65:11 | C | calls.rb:1:1:651:24 | calls.rb | +| calls.rb:60:1:60:1 | c | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:60:1:60:9 | ... = ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:60:5:60:5 | C | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:60:5:60:9 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:61:1:61:1 | c | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:61:1:61:5 | call to baz | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:62:1:62:1 | c | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:62:1:62:13 | call to singleton_m | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:63:1:63:1 | c | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:63:1:63:12 | call to instance_m | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:65:1:69:3 | D | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:65:11:65:11 | C | calls.rb:1:1:667:52 | calls.rb | | calls.rb:66:5:68:7 | baz | calls.rb:65:1:69:3 | D | | calls.rb:67:9:67:13 | super call to baz | calls.rb:65:1:69:3 | D | -| calls.rb:71:1:71:1 | d | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:71:1:71:9 | ... = ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:71:5:71:5 | D | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:71:5:71:9 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:72:1:72:1 | d | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:72:1:72:5 | call to baz | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:73:1:73:1 | d | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:73:1:73:13 | call to singleton_m | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:74:1:74:1 | d | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:74:1:74:12 | call to instance_m | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:76:1:79:3 | optional_arg | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:76:18:76:18 | a | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:76:18:76:18 | a | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:76:22:76:22 | 4 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:76:25:76:25 | b | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:76:25:76:25 | b | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:76:28:76:28 | 5 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:77:5:77:5 | a | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:77:5:77:16 | call to bit_length | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:78:5:78:5 | b | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:78:5:78:16 | call to bit_length | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:81:1:83:3 | call_block | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:82:5:82:11 | yield ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:82:11:82:11 | 1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:85:1:89:3 | foo | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:86:5:86:7 | var | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:86:5:86:18 | ... = ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:86:11:86:14 | Hash | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:86:11:86:18 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:87:5:87:7 | var | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:87:5:87:10 | ...[...] | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:87:9:87:9 | 1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:88:5:88:29 | call to call_block | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:88:5:88:29 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:88:16:88:29 | { ... } | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:88:19:88:19 | x | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:88:19:88:19 | x | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:88:22:88:24 | var | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:88:22:88:27 | ...[...] | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:88:26:88:26 | x | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:91:1:94:3 | Integer | calls.rb:1:1:651:24 | calls.rb | +| calls.rb:71:1:71:1 | d | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:71:1:71:9 | ... = ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:71:5:71:5 | D | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:71:5:71:9 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:72:1:72:1 | d | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:72:1:72:5 | call to baz | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:73:1:73:1 | d | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:73:1:73:13 | call to singleton_m | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:74:1:74:1 | d | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:74:1:74:12 | call to instance_m | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:76:1:79:3 | optional_arg | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:76:18:76:18 | a | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:76:18:76:18 | a | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:76:22:76:22 | 4 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:76:25:76:25 | b | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:76:25:76:25 | b | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:76:28:76:28 | 5 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:77:5:77:5 | a | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:77:5:77:16 | call to bit_length | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:78:5:78:5 | b | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:78:5:78:16 | call to bit_length | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:81:1:83:3 | call_block | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:82:5:82:11 | yield ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:82:11:82:11 | 1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:85:1:89:3 | foo | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:86:5:86:7 | var | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:86:5:86:18 | ... = ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:86:11:86:14 | Hash | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:86:11:86:18 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:87:5:87:7 | var | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:87:5:87:10 | ...[...] | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:87:9:87:9 | 1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:88:5:88:29 | call to call_block | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:88:5:88:29 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:88:16:88:29 | { ... } | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:88:19:88:19 | x | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:88:19:88:19 | x | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:88:22:88:24 | var | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:88:22:88:27 | ...[...] | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:88:26:88:26 | x | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:91:1:94:3 | Integer | calls.rb:1:1:667:52 | calls.rb | | calls.rb:92:5:92:23 | bit_length | calls.rb:91:1:94:3 | Integer | | calls.rb:93:5:93:16 | abs | calls.rb:91:1:94:3 | Integer | -| calls.rb:96:1:98:3 | String | calls.rb:1:1:651:24 | calls.rb | +| calls.rb:96:1:98:3 | String | calls.rb:1:1:667:52 | calls.rb | | calls.rb:97:5:97:23 | capitalize | calls.rb:96:1:98:3 | String | -| calls.rb:100:1:103:3 | Kernel | calls.rb:1:1:651:24 | calls.rb | +| calls.rb:100:1:103:3 | Kernel | calls.rb:1:1:667:52 | calls.rb | | calls.rb:101:5:101:25 | alias ... | calls.rb:100:1:103:3 | Kernel | | calls.rb:101:11:101:19 | :old_puts | calls.rb:100:1:103:3 | Kernel | | calls.rb:101:11:101:19 | old_puts | calls.rb:100:1:103:3 | Kernel | @@ -701,7 +704,7 @@ enclosingModule | calls.rb:102:17:102:26 | call to old_puts | calls.rb:100:1:103:3 | Kernel | | calls.rb:102:17:102:26 | self | calls.rb:100:1:103:3 | Kernel | | calls.rb:102:26:102:26 | x | calls.rb:100:1:103:3 | Kernel | -| calls.rb:105:1:113:3 | Module | calls.rb:1:1:651:24 | calls.rb | +| calls.rb:105:1:113:3 | Module | calls.rb:1:1:667:52 | calls.rb | | calls.rb:106:5:106:31 | alias ... | calls.rb:105:1:113:3 | Module | | calls.rb:106:11:106:22 | :old_include | calls.rb:105:1:113:3 | Module | | calls.rb:106:11:106:22 | old_include | calls.rb:105:1:113:3 | Module | @@ -716,13 +719,13 @@ enclosingModule | calls.rb:109:21:109:21 | x | calls.rb:105:1:113:3 | Module | | calls.rb:111:5:111:20 | prepend | calls.rb:105:1:113:3 | Module | | calls.rb:112:5:112:20 | private | calls.rb:105:1:113:3 | Module | -| calls.rb:115:1:118:3 | Object | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:115:16:115:21 | Module | calls.rb:1:1:651:24 | calls.rb | +| calls.rb:115:1:118:3 | Object | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:115:16:115:21 | Module | calls.rb:1:1:667:52 | calls.rb | | calls.rb:116:5:116:18 | call to include | calls.rb:115:1:118:3 | Object | | calls.rb:116:5:116:18 | self | calls.rb:115:1:118:3 | Object | | calls.rb:116:13:116:18 | Kernel | calls.rb:115:1:118:3 | Object | | calls.rb:117:5:117:16 | new | calls.rb:115:1:118:3 | Object | -| calls.rb:120:1:123:3 | Hash | calls.rb:1:1:651:24 | calls.rb | +| calls.rb:120:1:123:3 | Hash | calls.rb:1:1:667:52 | calls.rb | | calls.rb:121:5:121:25 | alias ... | calls.rb:120:1:123:3 | Hash | | calls.rb:121:11:121:21 | :old_lookup | calls.rb:120:1:123:3 | Hash | | calls.rb:121:11:121:21 | old_lookup | calls.rb:120:1:123:3 | Hash | @@ -734,7 +737,7 @@ enclosingModule | calls.rb:122:15:122:27 | call to old_lookup | calls.rb:120:1:123:3 | Hash | | calls.rb:122:15:122:27 | self | calls.rb:120:1:123:3 | Hash | | calls.rb:122:26:122:26 | x | calls.rb:120:1:123:3 | Hash | -| calls.rb:125:1:138:3 | Array | calls.rb:1:1:651:24 | calls.rb | +| calls.rb:125:1:138:3 | Array | calls.rb:1:1:667:52 | calls.rb | | calls.rb:126:3:126:23 | alias ... | calls.rb:125:1:138:3 | Array | | calls.rb:126:9:126:19 | :old_lookup | calls.rb:125:1:138:3 | Array | | calls.rb:126:9:126:19 | old_lookup | calls.rb:125:1:138:3 | Array | @@ -770,130 +773,130 @@ enclosingModule | calls.rb:135:9:135:14 | ... = ... | calls.rb:125:1:138:3 | Array | | calls.rb:135:11:135:12 | ... + ... | calls.rb:125:1:138:3 | Array | | calls.rb:135:14:135:14 | 1 | calls.rb:125:1:138:3 | Array | -| calls.rb:140:1:142:3 | funny | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:141:5:141:20 | yield ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:141:11:141:20 | "prefix: " | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:141:12:141:19 | prefix: | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:144:1:144:30 | call to funny | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:144:1:144:30 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:144:7:144:30 | { ... } | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:144:10:144:10 | i | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:144:10:144:10 | i | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:144:13:144:29 | call to puts | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:144:13:144:29 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:144:18:144:18 | i | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:144:18:144:29 | call to capitalize | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:146:1:146:3 | "a" | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:146:1:146:14 | call to capitalize | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:146:2:146:2 | a | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:147:1:147:1 | 1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:147:1:147:12 | call to bit_length | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:148:1:148:1 | 1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:148:1:148:5 | call to abs | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:1:150:13 | Array | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:1:150:13 | [...] | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:1:150:13 | call to [] | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:1:150:62 | call to foreach | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:2:150:4 | "a" | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:3:150:3 | a | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:6:150:8 | "b" | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:7:150:7 | b | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:10:150:12 | "c" | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:11:150:11 | c | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:23:150:62 | { ... } | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:26:150:26 | i | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:26:150:26 | i | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:29:150:29 | v | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:29:150:29 | v | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:32:150:61 | call to puts | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:32:150:61 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:37:150:61 | "#{...} -> #{...}" | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:38:150:41 | #{...} | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:40:150:40 | i | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:42:150:45 | -> | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:46:150:60 | #{...} | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:48:150:48 | v | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:150:48:150:59 | call to capitalize | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:152:1:152:7 | Array | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:152:1:152:7 | [...] | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:152:1:152:7 | call to [] | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:152:1:152:35 | call to foreach | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:152:2:152:2 | 1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:152:4:152:4 | 2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:152:6:152:6 | 3 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:152:17:152:35 | { ... } | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:152:20:152:20 | i | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:152:20:152:20 | i | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:152:23:152:23 | i | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:152:23:152:34 | call to bit_length | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:154:1:154:7 | Array | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:154:1:154:7 | [...] | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:154:1:154:7 | call to [] | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:154:1:154:40 | call to foreach | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:154:2:154:2 | 1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:154:4:154:4 | 2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:154:6:154:6 | 3 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:154:17:154:40 | { ... } | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:154:20:154:20 | i | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:154:20:154:20 | i | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:154:23:154:39 | call to puts | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:154:23:154:39 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:154:28:154:28 | i | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:154:28:154:39 | call to capitalize | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:156:1:156:8 | Array | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:156:1:156:8 | [...] | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:156:1:156:8 | call to [] | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:156:1:156:37 | call to foreach | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:156:2:156:2 | 1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:156:4:156:5 | - ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:156:5:156:5 | 2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:156:7:156:7 | 3 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:156:18:156:37 | { ... } | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:156:21:156:21 | _ | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:156:21:156:21 | _ | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:156:24:156:24 | v | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:156:24:156:24 | v | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:156:27:156:36 | call to puts | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:156:27:156:36 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:156:32:156:32 | v | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:156:32:156:36 | call to abs | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:158:1:160:3 | indirect | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:158:14:158:15 | &b | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:158:15:158:15 | b | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:159:5:159:17 | call to call_block | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:159:5:159:17 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:159:16:159:17 | &... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:159:17:159:17 | b | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:162:1:162:28 | call to indirect | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:162:1:162:28 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:162:10:162:28 | { ... } | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:162:13:162:13 | i | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:162:13:162:13 | i | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:162:16:162:16 | i | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:162:16:162:27 | call to bit_length | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:165:1:169:3 | S | calls.rb:1:1:651:24 | calls.rb | +| calls.rb:140:1:142:3 | funny | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:141:5:141:20 | yield ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:141:11:141:20 | "prefix: " | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:141:12:141:19 | prefix: | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:144:1:144:30 | call to funny | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:144:1:144:30 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:144:7:144:30 | { ... } | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:144:10:144:10 | i | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:144:10:144:10 | i | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:144:13:144:29 | call to puts | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:144:13:144:29 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:144:18:144:18 | i | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:144:18:144:29 | call to capitalize | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:146:1:146:3 | "a" | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:146:1:146:14 | call to capitalize | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:146:2:146:2 | a | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:147:1:147:1 | 1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:147:1:147:12 | call to bit_length | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:148:1:148:1 | 1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:148:1:148:5 | call to abs | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:1:150:13 | Array | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:1:150:13 | [...] | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:1:150:13 | call to [] | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:1:150:62 | call to foreach | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:2:150:4 | "a" | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:3:150:3 | a | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:6:150:8 | "b" | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:7:150:7 | b | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:10:150:12 | "c" | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:11:150:11 | c | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:23:150:62 | { ... } | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:26:150:26 | i | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:26:150:26 | i | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:29:150:29 | v | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:29:150:29 | v | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:32:150:61 | call to puts | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:32:150:61 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:37:150:61 | "#{...} -> #{...}" | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:38:150:41 | #{...} | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:40:150:40 | i | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:42:150:45 | -> | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:46:150:60 | #{...} | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:48:150:48 | v | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:150:48:150:59 | call to capitalize | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:152:1:152:7 | Array | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:152:1:152:7 | [...] | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:152:1:152:7 | call to [] | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:152:1:152:35 | call to foreach | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:152:2:152:2 | 1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:152:4:152:4 | 2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:152:6:152:6 | 3 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:152:17:152:35 | { ... } | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:152:20:152:20 | i | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:152:20:152:20 | i | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:152:23:152:23 | i | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:152:23:152:34 | call to bit_length | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:154:1:154:7 | Array | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:154:1:154:7 | [...] | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:154:1:154:7 | call to [] | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:154:1:154:40 | call to foreach | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:154:2:154:2 | 1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:154:4:154:4 | 2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:154:6:154:6 | 3 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:154:17:154:40 | { ... } | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:154:20:154:20 | i | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:154:20:154:20 | i | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:154:23:154:39 | call to puts | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:154:23:154:39 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:154:28:154:28 | i | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:154:28:154:39 | call to capitalize | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:156:1:156:8 | Array | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:156:1:156:8 | [...] | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:156:1:156:8 | call to [] | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:156:1:156:37 | call to foreach | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:156:2:156:2 | 1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:156:4:156:5 | - ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:156:5:156:5 | 2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:156:7:156:7 | 3 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:156:18:156:37 | { ... } | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:156:21:156:21 | _ | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:156:21:156:21 | _ | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:156:24:156:24 | v | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:156:24:156:24 | v | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:156:27:156:36 | call to puts | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:156:27:156:36 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:156:32:156:32 | v | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:156:32:156:36 | call to abs | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:158:1:160:3 | indirect | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:158:14:158:15 | &b | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:158:15:158:15 | b | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:159:5:159:17 | call to call_block | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:159:5:159:17 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:159:16:159:17 | &... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:159:17:159:17 | b | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:162:1:162:28 | call to indirect | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:162:1:162:28 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:162:10:162:28 | { ... } | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:162:13:162:13 | i | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:162:13:162:13 | i | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:162:16:162:16 | i | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:162:16:162:27 | call to bit_length | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:165:1:169:3 | S | calls.rb:1:1:667:52 | calls.rb | | calls.rb:166:5:168:7 | s_method | calls.rb:165:1:169:3 | S | | calls.rb:167:9:167:12 | self | calls.rb:165:1:169:3 | S | | calls.rb:167:9:167:17 | call to to_s | calls.rb:165:1:169:3 | S | -| calls.rb:171:1:174:3 | A | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:171:11:171:11 | S | calls.rb:1:1:651:24 | calls.rb | +| calls.rb:171:1:174:3 | A | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:171:11:171:11 | S | calls.rb:1:1:667:52 | calls.rb | | calls.rb:172:5:173:7 | to_s | calls.rb:171:1:174:3 | A | -| calls.rb:176:1:179:3 | B | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:176:11:176:11 | S | calls.rb:1:1:651:24 | calls.rb | +| calls.rb:176:1:179:3 | B | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:176:11:176:11 | S | calls.rb:1:1:667:52 | calls.rb | | calls.rb:177:5:178:7 | to_s | calls.rb:176:1:179:3 | B | -| calls.rb:181:1:181:1 | S | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:181:1:181:5 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:181:1:181:14 | call to s_method | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:182:1:182:1 | A | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:182:1:182:5 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:182:1:182:14 | call to s_method | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:183:1:183:1 | B | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:183:1:183:5 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:183:1:183:14 | call to s_method | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:185:1:186:3 | private_on_main | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:188:1:188:15 | call to private_on_main | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:188:1:188:15 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:190:1:226:3 | Singletons | calls.rb:1:1:651:24 | calls.rb | +| calls.rb:181:1:181:1 | S | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:181:1:181:5 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:181:1:181:14 | call to s_method | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:182:1:182:1 | A | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:182:1:182:5 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:182:1:182:14 | call to s_method | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:183:1:183:1 | B | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:183:1:183:5 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:183:1:183:14 | call to s_method | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:185:1:186:3 | private_on_main | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:188:1:188:15 | call to private_on_main | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:188:1:188:15 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:190:1:226:3 | Singletons | calls.rb:1:1:667:52 | calls.rb | | calls.rb:191:5:194:7 | singleton_a | calls.rb:190:1:226:3 | Singletons | | calls.rb:191:9:191:12 | self | calls.rb:190:1:226:3 | Singletons | | calls.rb:192:9:192:26 | call to puts | calls.rb:190:1:226:3 | Singletons | @@ -943,126 +946,126 @@ enclosingModule | calls.rb:223:5:225:7 | call_singleton_g | calls.rb:190:1:226:3 | Singletons | | calls.rb:224:9:224:12 | self | calls.rb:190:1:226:3 | Singletons | | calls.rb:224:9:224:24 | call to singleton_g | calls.rb:190:1:226:3 | Singletons | -| calls.rb:228:1:228:10 | Singletons | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:228:1:228:22 | call to singleton_a | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:229:1:229:10 | Singletons | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:229:1:229:22 | call to singleton_f | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:231:1:231:2 | c1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:231:1:231:19 | ... = ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:231:6:231:15 | Singletons | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:231:6:231:19 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:233:1:233:2 | c1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:233:1:233:11 | call to instance | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:234:1:234:2 | c1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:234:1:234:14 | call to singleton_e | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:236:1:238:3 | singleton_g | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:236:5:236:6 | c1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:237:5:237:24 | call to puts | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:237:5:237:24 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:237:10:237:24 | "singleton_g_1" | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:237:11:237:23 | singleton_g_1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:240:1:240:2 | c1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:240:1:240:14 | call to singleton_g | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:241:1:241:2 | c1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:241:1:241:19 | call to call_singleton_g | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:243:1:245:3 | singleton_g | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:243:5:243:6 | c1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:244:5:244:24 | call to puts | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:244:5:244:24 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:244:10:244:24 | "singleton_g_2" | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:244:11:244:23 | singleton_g_2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:247:1:247:2 | c1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:247:1:247:14 | call to singleton_g | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:248:1:248:2 | c1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:248:1:248:19 | call to call_singleton_g | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:250:1:254:3 | class << ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:250:10:250:11 | c1 | calls.rb:1:1:651:24 | calls.rb | +| calls.rb:228:1:228:10 | Singletons | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:228:1:228:22 | call to singleton_a | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:229:1:229:10 | Singletons | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:229:1:229:22 | call to singleton_f | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:231:1:231:2 | c1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:231:1:231:19 | ... = ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:231:6:231:15 | Singletons | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:231:6:231:19 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:233:1:233:2 | c1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:233:1:233:11 | call to instance | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:234:1:234:2 | c1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:234:1:234:14 | call to singleton_e | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:236:1:238:3 | singleton_g | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:236:5:236:6 | c1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:237:5:237:24 | call to puts | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:237:5:237:24 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:237:10:237:24 | "singleton_g_1" | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:237:11:237:23 | singleton_g_1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:240:1:240:2 | c1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:240:1:240:14 | call to singleton_g | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:241:1:241:2 | c1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:241:1:241:19 | call to call_singleton_g | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:243:1:245:3 | singleton_g | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:243:5:243:6 | c1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:244:5:244:24 | call to puts | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:244:5:244:24 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:244:10:244:24 | "singleton_g_2" | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:244:11:244:23 | singleton_g_2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:247:1:247:2 | c1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:247:1:247:14 | call to singleton_g | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:248:1:248:2 | c1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:248:1:248:19 | call to call_singleton_g | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:250:1:254:3 | class << ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:250:10:250:11 | c1 | calls.rb:1:1:667:52 | calls.rb | | calls.rb:251:5:253:7 | singleton_g | calls.rb:250:1:254:3 | class << ... | | calls.rb:252:9:252:28 | call to puts | calls.rb:250:1:254:3 | class << ... | | calls.rb:252:9:252:28 | self | calls.rb:250:1:254:3 | class << ... | | calls.rb:252:14:252:28 | "singleton_g_3" | calls.rb:250:1:254:3 | class << ... | | calls.rb:252:15:252:27 | singleton_g_3 | calls.rb:250:1:254:3 | class << ... | -| calls.rb:256:1:256:2 | c1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:256:1:256:14 | call to singleton_g | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:257:1:257:2 | c1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:257:1:257:19 | call to call_singleton_g | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:259:1:259:2 | c2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:259:1:259:19 | ... = ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:259:6:259:15 | Singletons | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:259:6:259:19 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:260:1:260:2 | c2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:260:1:260:14 | call to singleton_e | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:261:1:261:2 | c2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:261:1:261:14 | call to singleton_g | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:263:1:263:4 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:263:1:263:8 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:265:1:265:16 | call to puts | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:265:1:265:16 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:265:6:265:16 | "top-level" | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:265:7:265:15 | top-level | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:267:1:269:3 | singleton_g | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:267:5:267:14 | Singletons | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:268:5:268:22 | call to puts | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:268:5:268:22 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:268:10:268:22 | "singleton_g" | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:268:11:268:21 | singleton_g | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:271:1:271:10 | Singletons | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:271:1:271:22 | call to singleton_g | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:272:1:272:2 | c1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:272:1:272:14 | call to singleton_g | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:273:1:273:2 | c1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:273:1:273:19 | call to call_singleton_g | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:274:1:274:2 | c2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:274:1:274:14 | call to singleton_g | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:275:1:275:2 | c3 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:275:1:275:19 | ... = ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:275:6:275:15 | Singletons | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:275:6:275:19 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:276:1:276:2 | c3 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:276:1:276:14 | call to singleton_g | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:278:1:286:3 | create | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:278:12:278:15 | type | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:278:12:278:15 | type | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:279:5:279:8 | type | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:279:5:279:12 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:279:5:279:21 | call to instance | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:281:5:283:7 | singleton_h | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:281:9:281:12 | type | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:282:9:282:26 | call to puts | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:282:9:282:26 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:282:14:282:26 | "singleton_h" | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:282:15:282:25 | singleton_h | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:285:5:285:8 | type | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:285:5:285:20 | call to singleton_h | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:288:1:288:17 | call to create | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:288:1:288:17 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:288:8:288:17 | Singletons | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:289:1:289:10 | Singletons | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:289:1:289:22 | call to singleton_h | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:291:1:291:1 | x | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:291:1:291:14 | ... = ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:291:5:291:14 | Singletons | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:293:1:297:3 | class << ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:293:10:293:10 | x | calls.rb:1:1:651:24 | calls.rb | +| calls.rb:256:1:256:2 | c1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:256:1:256:14 | call to singleton_g | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:257:1:257:2 | c1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:257:1:257:19 | call to call_singleton_g | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:259:1:259:2 | c2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:259:1:259:19 | ... = ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:259:6:259:15 | Singletons | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:259:6:259:19 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:260:1:260:2 | c2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:260:1:260:14 | call to singleton_e | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:261:1:261:2 | c2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:261:1:261:14 | call to singleton_g | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:263:1:263:4 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:263:1:263:8 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:265:1:265:16 | call to puts | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:265:1:265:16 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:265:6:265:16 | "top-level" | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:265:7:265:15 | top-level | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:267:1:269:3 | singleton_g | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:267:5:267:14 | Singletons | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:268:5:268:22 | call to puts | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:268:5:268:22 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:268:10:268:22 | "singleton_g" | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:268:11:268:21 | singleton_g | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:271:1:271:10 | Singletons | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:271:1:271:22 | call to singleton_g | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:272:1:272:2 | c1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:272:1:272:14 | call to singleton_g | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:273:1:273:2 | c1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:273:1:273:19 | call to call_singleton_g | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:274:1:274:2 | c2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:274:1:274:14 | call to singleton_g | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:275:1:275:2 | c3 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:275:1:275:19 | ... = ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:275:6:275:15 | Singletons | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:275:6:275:19 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:276:1:276:2 | c3 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:276:1:276:14 | call to singleton_g | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:278:1:286:3 | create | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:278:12:278:15 | type | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:278:12:278:15 | type | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:279:5:279:8 | type | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:279:5:279:12 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:279:5:279:21 | call to instance | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:281:5:283:7 | singleton_h | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:281:9:281:12 | type | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:282:9:282:26 | call to puts | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:282:9:282:26 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:282:14:282:26 | "singleton_h" | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:282:15:282:25 | singleton_h | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:285:5:285:8 | type | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:285:5:285:20 | call to singleton_h | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:288:1:288:17 | call to create | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:288:1:288:17 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:288:8:288:17 | Singletons | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:289:1:289:10 | Singletons | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:289:1:289:22 | call to singleton_h | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:291:1:291:1 | x | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:291:1:291:14 | ... = ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:291:5:291:14 | Singletons | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:293:1:297:3 | class << ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:293:10:293:10 | x | calls.rb:1:1:667:52 | calls.rb | | calls.rb:294:5:296:7 | singleton_i | calls.rb:293:1:297:3 | class << ... | | calls.rb:295:9:295:26 | call to puts | calls.rb:293:1:297:3 | class << ... | | calls.rb:295:9:295:26 | self | calls.rb:293:1:297:3 | class << ... | | calls.rb:295:14:295:26 | "singleton_i" | calls.rb:293:1:297:3 | class << ... | | calls.rb:295:15:295:25 | singleton_i | calls.rb:293:1:297:3 | class << ... | -| calls.rb:299:1:299:1 | x | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:299:1:299:13 | call to singleton_i | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:300:1:300:10 | Singletons | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:300:1:300:22 | call to singleton_i | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:302:1:306:3 | class << ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:302:10:302:19 | Singletons | calls.rb:1:1:651:24 | calls.rb | +| calls.rb:299:1:299:1 | x | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:299:1:299:13 | call to singleton_i | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:300:1:300:10 | Singletons | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:300:1:300:22 | call to singleton_i | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:302:1:306:3 | class << ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:302:10:302:19 | Singletons | calls.rb:1:1:667:52 | calls.rb | | calls.rb:303:5:305:7 | singleton_j | calls.rb:302:1:306:3 | class << ... | | calls.rb:304:9:304:26 | call to puts | calls.rb:302:1:306:3 | class << ... | | calls.rb:304:9:304:26 | self | calls.rb:302:1:306:3 | class << ... | | calls.rb:304:14:304:26 | "singleton_j" | calls.rb:302:1:306:3 | class << ... | | calls.rb:304:15:304:25 | singleton_j | calls.rb:302:1:306:3 | class << ... | -| calls.rb:308:1:308:10 | Singletons | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:308:1:308:22 | call to singleton_j | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:310:1:321:3 | SelfNew | calls.rb:1:1:651:24 | calls.rb | +| calls.rb:308:1:308:10 | Singletons | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:308:1:308:22 | call to singleton_j | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:310:1:321:3 | SelfNew | calls.rb:1:1:667:52 | calls.rb | | calls.rb:311:5:314:7 | instance | calls.rb:310:1:321:3 | SelfNew | | calls.rb:312:9:312:31 | call to puts | calls.rb:310:1:321:3 | SelfNew | | calls.rb:312:9:312:31 | self | calls.rb:310:1:321:3 | SelfNew | @@ -1079,508 +1082,535 @@ enclosingModule | calls.rb:320:5:320:7 | call to new | calls.rb:310:1:321:3 | SelfNew | | calls.rb:320:5:320:7 | self | calls.rb:310:1:321:3 | SelfNew | | calls.rb:320:5:320:16 | call to instance | calls.rb:310:1:321:3 | SelfNew | -| calls.rb:323:1:323:7 | SelfNew | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:323:1:323:17 | call to singleton | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:325:1:329:3 | C1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:326:5:328:7 | instance | calls.rb:325:1:329:3 | C1 | -| calls.rb:327:9:327:26 | call to puts | calls.rb:325:1:329:3 | C1 | -| calls.rb:327:9:327:26 | self | calls.rb:325:1:329:3 | C1 | -| calls.rb:327:14:327:26 | "C1#instance" | calls.rb:325:1:329:3 | C1 | -| calls.rb:327:15:327:25 | C1#instance | calls.rb:325:1:329:3 | C1 | -| calls.rb:331:1:335:3 | C2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:331:12:331:13 | C1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:332:5:334:7 | instance | calls.rb:331:1:335:3 | C2 | -| calls.rb:333:9:333:26 | call to puts | calls.rb:331:1:335:3 | C2 | -| calls.rb:333:9:333:26 | self | calls.rb:331:1:335:3 | C2 | -| calls.rb:333:14:333:26 | "C2#instance" | calls.rb:331:1:335:3 | C2 | -| calls.rb:333:15:333:25 | C2#instance | calls.rb:331:1:335:3 | C2 | -| calls.rb:337:1:341:3 | C3 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:337:12:337:13 | C2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:338:5:340:7 | instance | calls.rb:337:1:341:3 | C3 | -| calls.rb:339:9:339:26 | call to puts | calls.rb:337:1:341:3 | C3 | -| calls.rb:339:9:339:26 | self | calls.rb:337:1:341:3 | C3 | -| calls.rb:339:14:339:26 | "C3#instance" | calls.rb:337:1:341:3 | C3 | -| calls.rb:339:15:339:25 | C3#instance | calls.rb:337:1:341:3 | C3 | -| calls.rb:343:1:359:3 | pattern_dispatch | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:343:22:343:22 | x | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:343:22:343:22 | x | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:344:5:352:7 | case ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:344:10:344:10 | x | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:345:5:346:18 | when ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:345:10:345:11 | C3 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:345:12:346:18 | then ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:346:9:346:9 | x | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:346:9:346:18 | call to instance | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:347:5:348:18 | when ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:347:10:347:11 | C2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:347:12:348:18 | then ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:348:9:348:9 | x | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:348:9:348:18 | call to instance | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:349:5:350:18 | when ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:349:10:349:11 | C1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:349:12:350:18 | then ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:350:9:350:9 | x | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:350:9:350:18 | call to instance | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:351:5:351:8 | else ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:354:5:358:7 | case ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:354:10:354:10 | x | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:355:9:355:29 | in ... then ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:355:12:355:13 | C3 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:355:15:355:29 | then ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:355:20:355:20 | x | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:355:20:355:29 | call to instance | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:356:9:356:36 | in ... then ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:356:12:356:13 | C2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:356:12:356:19 | ... => ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:356:18:356:19 | c2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:356:21:356:36 | then ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:356:26:356:27 | c2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:356:26:356:36 | call to instance | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:357:9:357:36 | in ... then ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:357:12:357:13 | C1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:357:12:357:19 | ... => ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:357:18:357:19 | c1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:357:21:357:36 | then ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:357:26:357:27 | c1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:357:26:357:36 | call to instance | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:361:1:361:2 | c1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:361:1:361:11 | ... = ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:361:6:361:7 | C1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:361:6:361:11 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:362:1:362:2 | c1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:362:1:362:11 | call to instance | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:363:1:363:25 | call to pattern_dispatch | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:363:1:363:25 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:363:18:363:25 | ( ... ) | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:363:19:363:20 | C1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:363:19:363:24 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:364:1:364:25 | call to pattern_dispatch | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:364:1:364:25 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:364:18:364:25 | ( ... ) | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:364:19:364:20 | C2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:364:19:364:24 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:365:1:365:25 | call to pattern_dispatch | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:365:1:365:25 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:365:18:365:25 | ( ... ) | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:365:19:365:20 | C3 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:365:19:365:24 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:367:1:371:3 | add_singleton | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:367:19:367:19 | x | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:367:19:367:19 | x | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:368:5:370:7 | instance | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:368:9:368:9 | x | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:369:9:369:28 | call to puts | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:369:9:369:28 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:369:14:369:28 | "instance_on x" | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:369:15:369:27 | instance_on x | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:373:1:373:2 | c3 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:373:1:373:11 | ... = ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:373:6:373:7 | C1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:373:6:373:11 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:374:1:374:16 | call to add_singleton | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:374:1:374:16 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:374:15:374:16 | c3 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:375:1:375:2 | c3 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:375:1:375:11 | call to instance | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:377:1:405:3 | SingletonOverride1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:378:5:390:7 | class << ... | calls.rb:377:1:405:3 | SingletonOverride1 | -| calls.rb:378:14:378:17 | self | calls.rb:377:1:405:3 | SingletonOverride1 | -| calls.rb:379:9:381:11 | singleton1 | calls.rb:378:5:390:7 | class << ... | -| calls.rb:380:13:380:48 | call to puts | calls.rb:378:5:390:7 | class << ... | -| calls.rb:380:13:380:48 | self | calls.rb:378:5:390:7 | class << ... | -| calls.rb:380:18:380:48 | "SingletonOverride1#singleton1" | calls.rb:378:5:390:7 | class << ... | -| calls.rb:380:19:380:47 | SingletonOverride1#singleton1 | calls.rb:378:5:390:7 | class << ... | -| calls.rb:383:9:385:11 | call_singleton1 | calls.rb:378:5:390:7 | class << ... | -| calls.rb:384:13:384:22 | call to singleton1 | calls.rb:378:5:390:7 | class << ... | -| calls.rb:384:13:384:22 | self | calls.rb:378:5:390:7 | class << ... | -| calls.rb:387:9:389:11 | factory | calls.rb:378:5:390:7 | class << ... | -| calls.rb:388:13:388:16 | self | calls.rb:378:5:390:7 | class << ... | -| calls.rb:388:13:388:20 | call to new | calls.rb:378:5:390:7 | class << ... | -| calls.rb:388:13:388:30 | call to instance1 | calls.rb:378:5:390:7 | class << ... | -| calls.rb:392:5:394:7 | singleton2 | calls.rb:377:1:405:3 | SingletonOverride1 | -| calls.rb:392:9:392:12 | self | calls.rb:377:1:405:3 | SingletonOverride1 | -| calls.rb:393:9:393:44 | call to puts | calls.rb:377:1:405:3 | SingletonOverride1 | -| calls.rb:393:9:393:44 | self | calls.rb:377:1:405:3 | SingletonOverride1 | -| calls.rb:393:14:393:44 | "SingletonOverride1#singleton2" | calls.rb:377:1:405:3 | SingletonOverride1 | -| calls.rb:393:15:393:43 | SingletonOverride1#singleton2 | calls.rb:377:1:405:3 | SingletonOverride1 | -| calls.rb:396:5:398:7 | call_singleton2 | calls.rb:377:1:405:3 | SingletonOverride1 | -| calls.rb:396:9:396:12 | self | calls.rb:377:1:405:3 | SingletonOverride1 | -| calls.rb:397:9:397:18 | call to singleton2 | calls.rb:377:1:405:3 | SingletonOverride1 | -| calls.rb:397:9:397:18 | self | calls.rb:377:1:405:3 | SingletonOverride1 | -| calls.rb:400:5:400:14 | call to singleton2 | calls.rb:377:1:405:3 | SingletonOverride1 | -| calls.rb:400:5:400:14 | self | calls.rb:377:1:405:3 | SingletonOverride1 | -| calls.rb:402:5:404:7 | instance1 | calls.rb:377:1:405:3 | SingletonOverride1 | -| calls.rb:403:9:403:43 | call to puts | calls.rb:377:1:405:3 | SingletonOverride1 | -| calls.rb:403:9:403:43 | self | calls.rb:377:1:405:3 | SingletonOverride1 | -| calls.rb:403:14:403:43 | "SingletonOverride1#instance1" | calls.rb:377:1:405:3 | SingletonOverride1 | -| calls.rb:403:15:403:42 | SingletonOverride1#instance1 | calls.rb:377:1:405:3 | SingletonOverride1 | -| calls.rb:407:1:407:18 | SingletonOverride1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:407:1:407:29 | call to singleton1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:408:1:408:18 | SingletonOverride1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:408:1:408:29 | call to singleton2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:409:1:409:18 | SingletonOverride1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:409:1:409:34 | call to call_singleton1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:410:1:410:18 | SingletonOverride1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:410:1:410:34 | call to call_singleton2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:412:1:426:3 | SingletonOverride2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:412:28:412:45 | SingletonOverride1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:413:5:417:7 | class << ... | calls.rb:412:1:426:3 | SingletonOverride2 | -| calls.rb:413:14:413:17 | self | calls.rb:412:1:426:3 | SingletonOverride2 | -| calls.rb:414:9:416:11 | singleton1 | calls.rb:413:5:417:7 | class << ... | -| calls.rb:415:13:415:48 | call to puts | calls.rb:413:5:417:7 | class << ... | -| calls.rb:415:13:415:48 | self | calls.rb:413:5:417:7 | class << ... | -| calls.rb:415:18:415:48 | "SingletonOverride2#singleton1" | calls.rb:413:5:417:7 | class << ... | -| calls.rb:415:19:415:47 | SingletonOverride2#singleton1 | calls.rb:413:5:417:7 | class << ... | -| calls.rb:419:5:421:7 | singleton2 | calls.rb:412:1:426:3 | SingletonOverride2 | -| calls.rb:419:9:419:12 | self | calls.rb:412:1:426:3 | SingletonOverride2 | -| calls.rb:420:9:420:44 | call to puts | calls.rb:412:1:426:3 | SingletonOverride2 | -| calls.rb:420:9:420:44 | self | calls.rb:412:1:426:3 | SingletonOverride2 | -| calls.rb:420:14:420:44 | "SingletonOverride2#singleton2" | calls.rb:412:1:426:3 | SingletonOverride2 | -| calls.rb:420:15:420:43 | SingletonOverride2#singleton2 | calls.rb:412:1:426:3 | SingletonOverride2 | -| calls.rb:423:5:425:7 | instance1 | calls.rb:412:1:426:3 | SingletonOverride2 | -| calls.rb:424:9:424:43 | call to puts | calls.rb:412:1:426:3 | SingletonOverride2 | -| calls.rb:424:9:424:43 | self | calls.rb:412:1:426:3 | SingletonOverride2 | -| calls.rb:424:14:424:43 | "SingletonOverride2#instance1" | calls.rb:412:1:426:3 | SingletonOverride2 | -| calls.rb:424:15:424:42 | SingletonOverride2#instance1 | calls.rb:412:1:426:3 | SingletonOverride2 | -| calls.rb:428:1:428:18 | SingletonOverride2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:428:1:428:29 | call to singleton1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:429:1:429:18 | SingletonOverride2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:429:1:429:29 | call to singleton2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:430:1:430:18 | SingletonOverride2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:430:1:430:34 | call to call_singleton1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:431:1:431:18 | SingletonOverride2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:431:1:431:34 | call to call_singleton2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:433:1:461:3 | ConditionalInstanceMethods | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:434:5:438:7 | if ... | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:434:8:434:13 | call to rand | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:434:8:434:13 | self | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:434:8:434:17 | ... > ... | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:434:17:434:17 | 0 | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:434:19:437:11 | then ... | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:435:9:437:11 | m1 | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:436:13:436:48 | call to puts | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:436:13:436:48 | self | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:436:18:436:48 | "ConditionalInstanceMethods#m1" | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:436:19:436:47 | ConditionalInstanceMethods#m1 | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:440:5:452:7 | m2 | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:441:9:441:44 | call to puts | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:441:9:441:44 | self | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:441:14:441:44 | "ConditionalInstanceMethods#m2" | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:441:15:441:43 | ConditionalInstanceMethods#m2 | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:443:9:449:11 | m3 | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:444:13:444:48 | call to puts | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:444:13:444:48 | self | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:444:18:444:48 | "ConditionalInstanceMethods#m3" | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:444:19:444:47 | ConditionalInstanceMethods#m3 | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:446:13:448:15 | m4 | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:447:17:447:52 | call to puts | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:447:17:447:52 | self | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:447:22:447:52 | "ConditionalInstanceMethods#m4" | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:447:23:447:51 | ConditionalInstanceMethods#m4 | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:451:9:451:10 | call to m3 | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:451:9:451:10 | self | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:454:5:460:7 | if ... | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:454:8:454:13 | call to rand | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:454:8:454:13 | self | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:454:8:454:17 | ... > ... | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:454:17:454:17 | 0 | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:454:19:459:18 | then ... | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:455:9:455:13 | Class | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:455:9:459:11 | call to new | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:455:9:459:15 | call to new | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:455:9:459:18 | call to m5 | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:455:19:459:11 | do ... end | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:456:13:458:15 | m5 | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:457:17:457:40 | call to puts | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:457:17:457:40 | self | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:457:22:457:40 | "AnonymousClass#m5" | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:457:23:457:39 | AnonymousClass#m5 | calls.rb:433:1:461:3 | ConditionalInstanceMethods | -| calls.rb:463:1:463:26 | ConditionalInstanceMethods | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:463:1:463:30 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:463:1:463:33 | call to m1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:464:1:464:26 | ConditionalInstanceMethods | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:464:1:464:30 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:464:1:464:33 | call to m3 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:465:1:465:26 | ConditionalInstanceMethods | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:465:1:465:30 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:465:1:465:33 | call to m2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:466:1:466:26 | ConditionalInstanceMethods | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:466:1:466:30 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:466:1:466:33 | call to m3 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:467:1:467:26 | ConditionalInstanceMethods | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:467:1:467:30 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:467:1:467:33 | call to m4 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:468:1:468:26 | ConditionalInstanceMethods | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:468:1:468:30 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:468:1:468:33 | call to m5 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:470:1:470:23 | EsotericInstanceMethods | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:470:1:488:3 | ... = ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:470:27:470:31 | Class | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:470:27:488:3 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:470:37:488:3 | do ... end | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:471:5:471:11 | Array | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:471:5:471:11 | [...] | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:471:5:471:11 | call to [] | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:471:5:475:7 | call to each | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:471:6:471:6 | 0 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:471:8:471:8 | 1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:471:10:471:10 | 2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:471:18:475:7 | do ... end | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:472:9:474:11 | foo | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:473:13:473:22 | call to puts | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:473:13:473:22 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:473:18:473:22 | "foo" | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:473:19:473:21 | foo | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:477:5:477:9 | Class | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:477:5:481:7 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:477:5:481:11 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:477:5:481:15 | call to bar | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:477:15:481:7 | do ... end | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:478:9:480:11 | bar | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:479:13:479:22 | call to puts | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:479:13:479:22 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:479:18:479:22 | "bar" | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:479:19:479:21 | bar | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:483:5:483:11 | Array | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:483:5:483:11 | [...] | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:483:5:483:11 | call to [] | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:483:5:487:7 | call to each | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:483:6:483:6 | 0 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:483:8:483:8 | 1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:483:10:483:10 | 2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:483:18:487:7 | do ... end | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:483:22:483:22 | i | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:483:22:483:22 | i | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:484:9:486:11 | call to define_method | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:484:9:486:11 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:484:23:484:32 | "baz_#{...}" | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:484:24:484:27 | baz_ | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:484:28:484:31 | #{...} | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:484:30:484:30 | i | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:484:35:486:11 | do ... end | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:485:13:485:27 | call to puts | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:485:13:485:27 | self | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:485:18:485:27 | "baz_#{...}" | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:485:19:485:22 | baz_ | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:485:23:485:26 | #{...} | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:485:25:485:25 | i | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:490:1:490:23 | EsotericInstanceMethods | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:490:1:490:27 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:490:1:490:31 | call to foo | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:491:1:491:23 | EsotericInstanceMethods | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:491:1:491:27 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:491:1:491:31 | call to bar | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:492:1:492:23 | EsotericInstanceMethods | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:492:1:492:27 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:492:1:492:33 | call to baz_0 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:493:1:493:23 | EsotericInstanceMethods | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:493:1:493:27 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:493:1:493:33 | call to baz_1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:494:1:494:23 | EsotericInstanceMethods | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:494:1:494:27 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:494:1:494:33 | call to baz_2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:496:1:502:3 | ExtendSingletonMethod | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:497:5:499:7 | singleton | calls.rb:496:1:502:3 | ExtendSingletonMethod | -| calls.rb:498:9:498:46 | call to puts | calls.rb:496:1:502:3 | ExtendSingletonMethod | -| calls.rb:498:9:498:46 | self | calls.rb:496:1:502:3 | ExtendSingletonMethod | -| calls.rb:498:14:498:46 | "ExtendSingletonMethod#singleton" | calls.rb:496:1:502:3 | ExtendSingletonMethod | -| calls.rb:498:15:498:45 | ExtendSingletonMethod#singleton | calls.rb:496:1:502:3 | ExtendSingletonMethod | -| calls.rb:501:5:501:15 | call to extend | calls.rb:496:1:502:3 | ExtendSingletonMethod | -| calls.rb:501:5:501:15 | self | calls.rb:496:1:502:3 | ExtendSingletonMethod | -| calls.rb:501:12:501:15 | self | calls.rb:496:1:502:3 | ExtendSingletonMethod | -| calls.rb:504:1:504:21 | ExtendSingletonMethod | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:504:1:504:31 | call to singleton | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:506:1:508:3 | ExtendSingletonMethod2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:507:5:507:32 | call to extend | calls.rb:506:1:508:3 | ExtendSingletonMethod2 | -| calls.rb:507:5:507:32 | self | calls.rb:506:1:508:3 | ExtendSingletonMethod2 | -| calls.rb:507:12:507:32 | ExtendSingletonMethod | calls.rb:506:1:508:3 | ExtendSingletonMethod2 | -| calls.rb:510:1:510:22 | ExtendSingletonMethod2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:510:1:510:32 | call to singleton | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:512:1:513:3 | ExtendSingletonMethod3 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:515:1:515:22 | ExtendSingletonMethod3 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:515:1:515:51 | call to extend | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:515:31:515:51 | ExtendSingletonMethod | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:517:1:517:22 | ExtendSingletonMethod3 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:517:1:517:32 | call to singleton | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:519:1:519:3 | foo | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:519:1:519:13 | ... = ... | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:519:7:519:13 | "hello" | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:519:8:519:12 | hello | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:520:1:520:3 | foo | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:520:1:520:13 | call to singleton | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:521:1:521:3 | foo | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:521:1:521:32 | call to extend | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:521:12:521:32 | ExtendSingletonMethod | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:523:1:523:3 | foo | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:523:1:523:13 | call to singleton | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:525:1:529:3 | ProtectedMethodInModule | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:526:5:528:7 | call to protected | calls.rb:525:1:529:3 | ProtectedMethodInModule | -| calls.rb:526:5:528:7 | self | calls.rb:525:1:529:3 | ProtectedMethodInModule | -| calls.rb:526:15:528:7 | foo | calls.rb:525:1:529:3 | ProtectedMethodInModule | -| calls.rb:527:9:527:42 | call to puts | calls.rb:525:1:529:3 | ProtectedMethodInModule | -| calls.rb:527:9:527:42 | self | calls.rb:525:1:529:3 | ProtectedMethodInModule | -| calls.rb:527:14:527:42 | "ProtectedMethodInModule#foo" | calls.rb:525:1:529:3 | ProtectedMethodInModule | -| calls.rb:527:15:527:41 | ProtectedMethodInModule#foo | calls.rb:525:1:529:3 | ProtectedMethodInModule | -| calls.rb:531:1:544:3 | ProtectedMethods | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:532:5:532:35 | call to include | calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:532:5:532:35 | self | calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:532:13:532:35 | ProtectedMethodInModule | calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:534:5:536:7 | call to protected | calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:534:5:536:7 | self | calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:534:15:536:7 | bar | calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:535:9:535:35 | call to puts | calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:535:9:535:35 | self | calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:535:14:535:35 | "ProtectedMethods#bar" | calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:535:15:535:34 | ProtectedMethods#bar | calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:538:5:543:7 | baz | calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:539:9:539:11 | call to foo | calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:539:9:539:11 | self | calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:540:9:540:11 | call to bar | calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:540:9:540:11 | self | calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:541:9:541:24 | ProtectedMethods | calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:541:9:541:28 | call to new | calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:541:9:541:32 | call to foo | calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:542:9:542:24 | ProtectedMethods | calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:542:9:542:28 | call to new | calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:542:9:542:32 | call to bar | calls.rb:531:1:544:3 | ProtectedMethods | -| calls.rb:546:1:546:16 | ProtectedMethods | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:546:1:546:20 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:546:1:546:24 | call to foo | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:547:1:547:16 | ProtectedMethods | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:547:1:547:20 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:547:1:547:24 | call to bar | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:548:1:548:16 | ProtectedMethods | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:548:1:548:20 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:548:1:548:24 | call to baz | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:550:1:555:3 | ProtectedMethodsSub | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:550:29:550:44 | ProtectedMethods | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:551:5:554:7 | baz | calls.rb:550:1:555:3 | ProtectedMethodsSub | -| calls.rb:552:9:552:11 | call to foo | calls.rb:550:1:555:3 | ProtectedMethodsSub | -| calls.rb:552:9:552:11 | self | calls.rb:550:1:555:3 | ProtectedMethodsSub | -| calls.rb:553:9:553:27 | ProtectedMethodsSub | calls.rb:550:1:555:3 | ProtectedMethodsSub | -| calls.rb:553:9:553:31 | call to new | calls.rb:550:1:555:3 | ProtectedMethodsSub | -| calls.rb:553:9:553:35 | call to foo | calls.rb:550:1:555:3 | ProtectedMethodsSub | -| calls.rb:557:1:557:19 | ProtectedMethodsSub | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:557:1:557:23 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:557:1:557:27 | call to foo | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:558:1:558:19 | ProtectedMethodsSub | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:558:1:558:23 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:558:1:558:27 | call to bar | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:559:1:559:19 | ProtectedMethodsSub | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:559:1:559:23 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:559:1:559:27 | call to baz | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:561:1:561:7 | Array | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:561:1:561:7 | [...] | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:561:1:561:7 | call to [] | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:561:1:561:26 | call to each | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:561:2:561:2 | C | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:561:2:561:6 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:561:14:561:26 | { ... } | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:561:17:561:17 | c | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:561:17:561:17 | c | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:561:20:561:20 | c | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:561:20:561:24 | call to baz | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:562:1:562:13 | Array | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:562:1:562:13 | [...] | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:562:1:562:13 | call to [] | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:562:1:562:39 | call to each | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:562:2:562:4 | "a" | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:562:3:562:3 | a | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:562:6:562:8 | "b" | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:562:7:562:7 | b | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:562:10:562:12 | "c" | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:562:11:562:11 | c | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:562:20:562:39 | { ... } | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:562:23:562:23 | s | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:562:23:562:23 | s | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:562:26:562:26 | s | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:562:26:562:37 | call to capitalize | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:564:1:567:3 | SingletonUpCall_Base | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:565:5:566:7 | singleton | calls.rb:564:1:567:3 | SingletonUpCall_Base | -| calls.rb:565:9:565:12 | self | calls.rb:564:1:567:3 | SingletonUpCall_Base | -| calls.rb:568:1:575:3 | SingletonUpCall_Sub | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:568:29:568:48 | SingletonUpCall_Base | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:569:5:569:13 | call to singleton | calls.rb:568:1:575:3 | SingletonUpCall_Sub | -| calls.rb:569:5:569:13 | self | calls.rb:568:1:575:3 | SingletonUpCall_Sub | -| calls.rb:570:5:570:14 | call to singleton2 | calls.rb:568:1:575:3 | SingletonUpCall_Sub | -| calls.rb:570:5:570:14 | self | calls.rb:568:1:575:3 | SingletonUpCall_Sub | -| calls.rb:571:5:574:7 | mid_method | calls.rb:568:1:575:3 | SingletonUpCall_Sub | -| calls.rb:571:9:571:12 | self | calls.rb:568:1:575:3 | SingletonUpCall_Sub | -| calls.rb:572:9:572:17 | call to singleton | calls.rb:568:1:575:3 | SingletonUpCall_Sub | -| calls.rb:572:9:572:17 | self | calls.rb:568:1:575:3 | SingletonUpCall_Sub | -| calls.rb:573:9:573:18 | call to singleton2 | calls.rb:568:1:575:3 | SingletonUpCall_Sub | -| calls.rb:573:9:573:18 | self | calls.rb:568:1:575:3 | SingletonUpCall_Sub | -| calls.rb:576:1:581:3 | SingletonUpCall_SubSub | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:576:32:576:50 | SingletonUpCall_Sub | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:577:5:578:7 | singleton2 | calls.rb:576:1:581:3 | SingletonUpCall_SubSub | -| calls.rb:577:9:577:12 | self | calls.rb:576:1:581:3 | SingletonUpCall_SubSub | -| calls.rb:580:5:580:14 | call to mid_method | calls.rb:576:1:581:3 | SingletonUpCall_SubSub | -| calls.rb:580:5:580:14 | self | calls.rb:576:1:581:3 | SingletonUpCall_SubSub | -| calls.rb:583:1:594:3 | SingletonA | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:584:5:585:7 | singleton1 | calls.rb:583:1:594:3 | SingletonA | -| calls.rb:584:9:584:12 | self | calls.rb:583:1:594:3 | SingletonA | -| calls.rb:587:5:589:7 | call_singleton1 | calls.rb:583:1:594:3 | SingletonA | -| calls.rb:587:9:587:12 | self | calls.rb:583:1:594:3 | SingletonA | -| calls.rb:588:9:588:18 | call to singleton1 | calls.rb:583:1:594:3 | SingletonA | -| calls.rb:588:9:588:18 | self | calls.rb:583:1:594:3 | SingletonA | -| calls.rb:591:5:593:7 | call_call_singleton1 | calls.rb:583:1:594:3 | SingletonA | -| calls.rb:591:9:591:12 | self | calls.rb:583:1:594:3 | SingletonA | -| calls.rb:592:9:592:23 | call to call_singleton1 | calls.rb:583:1:594:3 | SingletonA | -| calls.rb:592:9:592:23 | self | calls.rb:583:1:594:3 | SingletonA | -| calls.rb:596:1:603:3 | SingletonB | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:596:20:596:29 | SingletonA | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:597:5:598:7 | singleton1 | calls.rb:596:1:603:3 | SingletonB | -| calls.rb:597:9:597:12 | self | calls.rb:596:1:603:3 | SingletonB | -| calls.rb:600:5:602:7 | call_singleton1 | calls.rb:596:1:603:3 | SingletonB | -| calls.rb:600:9:600:12 | self | calls.rb:596:1:603:3 | SingletonB | -| calls.rb:601:9:601:18 | call to singleton1 | calls.rb:596:1:603:3 | SingletonB | -| calls.rb:601:9:601:18 | self | calls.rb:596:1:603:3 | SingletonB | -| calls.rb:605:1:612:3 | SingletonC | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:605:20:605:29 | SingletonA | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:606:5:607:7 | singleton1 | calls.rb:605:1:612:3 | SingletonC | -| calls.rb:606:9:606:12 | self | calls.rb:605:1:612:3 | SingletonC | -| calls.rb:609:5:611:7 | call_singleton1 | calls.rb:605:1:612:3 | SingletonC | -| calls.rb:609:9:609:12 | self | calls.rb:605:1:612:3 | SingletonC | -| calls.rb:610:9:610:18 | call to singleton1 | calls.rb:605:1:612:3 | SingletonC | -| calls.rb:610:9:610:18 | self | calls.rb:605:1:612:3 | SingletonC | -| calls.rb:614:1:614:10 | SingletonA | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:614:1:614:31 | call to call_call_singleton1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:615:1:615:10 | SingletonB | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:615:1:615:31 | call to call_call_singleton1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:616:1:616:10 | SingletonC | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:616:1:616:31 | call to call_call_singleton1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:618:1:624:3 | Included | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:619:5:621:7 | foo | calls.rb:618:1:624:3 | Included | -| calls.rb:620:9:620:12 | self | calls.rb:618:1:624:3 | Included | -| calls.rb:620:9:620:16 | call to bar | calls.rb:618:1:624:3 | Included | -| calls.rb:622:5:623:7 | bar | calls.rb:618:1:624:3 | Included | -| calls.rb:626:1:631:3 | IncludesIncluded | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:627:5:627:20 | call to include | calls.rb:626:1:631:3 | IncludesIncluded | -| calls.rb:627:5:627:20 | self | calls.rb:626:1:631:3 | IncludesIncluded | -| calls.rb:627:13:627:20 | Included | calls.rb:626:1:631:3 | IncludesIncluded | -| calls.rb:628:5:630:7 | bar | calls.rb:626:1:631:3 | IncludesIncluded | -| calls.rb:629:9:629:13 | super call to bar | calls.rb:626:1:631:3 | IncludesIncluded | -| calls.rb:633:1:637:3 | CustomNew1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:634:5:636:7 | new | calls.rb:633:1:637:3 | CustomNew1 | -| calls.rb:634:9:634:12 | self | calls.rb:633:1:637:3 | CustomNew1 | -| calls.rb:635:9:635:10 | C1 | calls.rb:633:1:637:3 | CustomNew1 | -| calls.rb:635:9:635:14 | call to new | calls.rb:633:1:637:3 | CustomNew1 | -| calls.rb:639:1:639:10 | CustomNew1 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:639:1:639:14 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:639:1:639:23 | call to instance | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:641:1:649:3 | CustomNew2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:642:5:644:7 | new | calls.rb:641:1:649:3 | CustomNew2 | -| calls.rb:642:9:642:12 | self | calls.rb:641:1:649:3 | CustomNew2 | -| calls.rb:643:9:643:12 | self | calls.rb:641:1:649:3 | CustomNew2 | -| calls.rb:643:9:643:21 | call to allocate | calls.rb:641:1:649:3 | CustomNew2 | -| calls.rb:646:5:648:7 | instance | calls.rb:641:1:649:3 | CustomNew2 | -| calls.rb:647:9:647:34 | call to puts | calls.rb:641:1:649:3 | CustomNew2 | -| calls.rb:647:9:647:34 | self | calls.rb:641:1:649:3 | CustomNew2 | -| calls.rb:647:14:647:34 | "CustomNew2#instance" | calls.rb:641:1:649:3 | CustomNew2 | -| calls.rb:647:15:647:33 | CustomNew2#instance | calls.rb:641:1:649:3 | CustomNew2 | -| calls.rb:651:1:651:10 | CustomNew2 | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:651:1:651:14 | call to new | calls.rb:1:1:651:24 | calls.rb | -| calls.rb:651:1:651:23 | call to instance | calls.rb:1:1:651:24 | calls.rb | +| calls.rb:323:1:323:7 | SelfNew | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:323:1:323:17 | call to singleton | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:325:1:333:3 | C1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:326:5:328:7 | instance | calls.rb:325:1:333:3 | C1 | +| calls.rb:327:9:327:26 | call to puts | calls.rb:325:1:333:3 | C1 | +| calls.rb:327:9:327:26 | self | calls.rb:325:1:333:3 | C1 | +| calls.rb:327:14:327:26 | "C1#instance" | calls.rb:325:1:333:3 | C1 | +| calls.rb:327:15:327:25 | C1#instance | calls.rb:325:1:333:3 | C1 | +| calls.rb:330:5:332:7 | return_self | calls.rb:325:1:333:3 | C1 | +| calls.rb:331:9:331:12 | self | calls.rb:325:1:333:3 | C1 | +| calls.rb:335:1:339:3 | C2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:335:12:335:13 | C1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:336:5:338:7 | instance | calls.rb:335:1:339:3 | C2 | +| calls.rb:337:9:337:26 | call to puts | calls.rb:335:1:339:3 | C2 | +| calls.rb:337:9:337:26 | self | calls.rb:335:1:339:3 | C2 | +| calls.rb:337:14:337:26 | "C2#instance" | calls.rb:335:1:339:3 | C2 | +| calls.rb:337:15:337:25 | C2#instance | calls.rb:335:1:339:3 | C2 | +| calls.rb:341:1:345:3 | C3 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:341:12:341:13 | C2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:342:5:344:7 | instance | calls.rb:341:1:345:3 | C3 | +| calls.rb:343:9:343:26 | call to puts | calls.rb:341:1:345:3 | C3 | +| calls.rb:343:9:343:26 | self | calls.rb:341:1:345:3 | C3 | +| calls.rb:343:14:343:26 | "C3#instance" | calls.rb:341:1:345:3 | C3 | +| calls.rb:343:15:343:25 | C3#instance | calls.rb:341:1:345:3 | C3 | +| calls.rb:347:1:363:3 | pattern_dispatch | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:347:22:347:22 | x | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:347:22:347:22 | x | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:348:5:356:7 | case ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:348:10:348:10 | x | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:349:5:350:18 | when ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:349:10:349:11 | C3 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:349:12:350:18 | then ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:350:9:350:9 | x | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:350:9:350:18 | call to instance | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:351:5:352:18 | when ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:351:10:351:11 | C2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:351:12:352:18 | then ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:352:9:352:9 | x | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:352:9:352:18 | call to instance | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:353:5:354:18 | when ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:353:10:353:11 | C1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:353:12:354:18 | then ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:354:9:354:9 | x | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:354:9:354:18 | call to instance | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:355:5:355:8 | else ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:358:5:362:7 | case ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:358:10:358:10 | x | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:359:9:359:29 | in ... then ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:359:12:359:13 | C3 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:359:15:359:29 | then ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:359:20:359:20 | x | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:359:20:359:29 | call to instance | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:360:9:360:36 | in ... then ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:360:12:360:13 | C2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:360:12:360:19 | ... => ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:360:18:360:19 | c2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:360:21:360:36 | then ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:360:26:360:27 | c2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:360:26:360:36 | call to instance | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:361:9:361:36 | in ... then ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:361:12:361:13 | C1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:361:12:361:19 | ... => ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:361:18:361:19 | c1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:361:21:361:36 | then ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:361:26:361:27 | c1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:361:26:361:36 | call to instance | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:365:1:365:2 | c1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:365:1:365:11 | ... = ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:365:6:365:7 | C1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:365:6:365:11 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:366:1:366:2 | c1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:366:1:366:11 | call to instance | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:368:1:368:25 | call to pattern_dispatch | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:368:1:368:25 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:368:18:368:25 | ( ... ) | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:368:19:368:20 | C1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:368:19:368:24 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:369:1:369:25 | call to pattern_dispatch | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:369:1:369:25 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:369:18:369:25 | ( ... ) | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:369:19:369:20 | C2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:369:19:369:24 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:370:1:370:25 | call to pattern_dispatch | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:370:1:370:25 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:370:18:370:25 | ( ... ) | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:370:19:370:20 | C3 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:370:19:370:24 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:372:1:372:2 | C3 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:372:1:372:6 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:372:1:372:18 | call to return_self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:372:1:372:27 | call to instance | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:374:1:378:3 | add_singleton | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:374:19:374:19 | x | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:374:19:374:19 | x | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:375:5:377:7 | instance | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:375:9:375:9 | x | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:376:9:376:28 | call to puts | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:376:9:376:28 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:376:14:376:28 | "instance_on x" | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:376:15:376:27 | instance_on x | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:380:1:380:2 | c3 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:380:1:380:11 | ... = ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:380:6:380:7 | C1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:380:6:380:11 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:381:1:381:16 | call to add_singleton | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:381:1:381:16 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:381:15:381:16 | c3 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:382:1:382:2 | c3 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:382:1:382:11 | call to instance | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:383:1:383:2 | c3 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:383:1:383:14 | call to return_self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:383:1:383:23 | call to instance | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:385:1:413:3 | SingletonOverride1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:386:5:398:7 | class << ... | calls.rb:385:1:413:3 | SingletonOverride1 | +| calls.rb:386:14:386:17 | self | calls.rb:385:1:413:3 | SingletonOverride1 | +| calls.rb:387:9:389:11 | singleton1 | calls.rb:386:5:398:7 | class << ... | +| calls.rb:388:13:388:48 | call to puts | calls.rb:386:5:398:7 | class << ... | +| calls.rb:388:13:388:48 | self | calls.rb:386:5:398:7 | class << ... | +| calls.rb:388:18:388:48 | "SingletonOverride1#singleton1" | calls.rb:386:5:398:7 | class << ... | +| calls.rb:388:19:388:47 | SingletonOverride1#singleton1 | calls.rb:386:5:398:7 | class << ... | +| calls.rb:391:9:393:11 | call_singleton1 | calls.rb:386:5:398:7 | class << ... | +| calls.rb:392:13:392:22 | call to singleton1 | calls.rb:386:5:398:7 | class << ... | +| calls.rb:392:13:392:22 | self | calls.rb:386:5:398:7 | class << ... | +| calls.rb:395:9:397:11 | factory | calls.rb:386:5:398:7 | class << ... | +| calls.rb:396:13:396:16 | self | calls.rb:386:5:398:7 | class << ... | +| calls.rb:396:13:396:20 | call to new | calls.rb:386:5:398:7 | class << ... | +| calls.rb:396:13:396:30 | call to instance1 | calls.rb:386:5:398:7 | class << ... | +| calls.rb:400:5:402:7 | singleton2 | calls.rb:385:1:413:3 | SingletonOverride1 | +| calls.rb:400:9:400:12 | self | calls.rb:385:1:413:3 | SingletonOverride1 | +| calls.rb:401:9:401:44 | call to puts | calls.rb:385:1:413:3 | SingletonOverride1 | +| calls.rb:401:9:401:44 | self | calls.rb:385:1:413:3 | SingletonOverride1 | +| calls.rb:401:14:401:44 | "SingletonOverride1#singleton2" | calls.rb:385:1:413:3 | SingletonOverride1 | +| calls.rb:401:15:401:43 | SingletonOverride1#singleton2 | calls.rb:385:1:413:3 | SingletonOverride1 | +| calls.rb:404:5:406:7 | call_singleton2 | calls.rb:385:1:413:3 | SingletonOverride1 | +| calls.rb:404:9:404:12 | self | calls.rb:385:1:413:3 | SingletonOverride1 | +| calls.rb:405:9:405:18 | call to singleton2 | calls.rb:385:1:413:3 | SingletonOverride1 | +| calls.rb:405:9:405:18 | self | calls.rb:385:1:413:3 | SingletonOverride1 | +| calls.rb:408:5:408:14 | call to singleton2 | calls.rb:385:1:413:3 | SingletonOverride1 | +| calls.rb:408:5:408:14 | self | calls.rb:385:1:413:3 | SingletonOverride1 | +| calls.rb:410:5:412:7 | instance1 | calls.rb:385:1:413:3 | SingletonOverride1 | +| calls.rb:411:9:411:43 | call to puts | calls.rb:385:1:413:3 | SingletonOverride1 | +| calls.rb:411:9:411:43 | self | calls.rb:385:1:413:3 | SingletonOverride1 | +| calls.rb:411:14:411:43 | "SingletonOverride1#instance1" | calls.rb:385:1:413:3 | SingletonOverride1 | +| calls.rb:411:15:411:42 | SingletonOverride1#instance1 | calls.rb:385:1:413:3 | SingletonOverride1 | +| calls.rb:415:1:415:18 | SingletonOverride1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:415:1:415:29 | call to singleton1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:416:1:416:18 | SingletonOverride1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:416:1:416:29 | call to singleton2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:417:1:417:18 | SingletonOverride1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:417:1:417:34 | call to call_singleton1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:418:1:418:18 | SingletonOverride1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:418:1:418:34 | call to call_singleton2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:420:1:434:3 | SingletonOverride2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:420:28:420:45 | SingletonOverride1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:421:5:425:7 | class << ... | calls.rb:420:1:434:3 | SingletonOverride2 | +| calls.rb:421:14:421:17 | self | calls.rb:420:1:434:3 | SingletonOverride2 | +| calls.rb:422:9:424:11 | singleton1 | calls.rb:421:5:425:7 | class << ... | +| calls.rb:423:13:423:48 | call to puts | calls.rb:421:5:425:7 | class << ... | +| calls.rb:423:13:423:48 | self | calls.rb:421:5:425:7 | class << ... | +| calls.rb:423:18:423:48 | "SingletonOverride2#singleton1" | calls.rb:421:5:425:7 | class << ... | +| calls.rb:423:19:423:47 | SingletonOverride2#singleton1 | calls.rb:421:5:425:7 | class << ... | +| calls.rb:427:5:429:7 | singleton2 | calls.rb:420:1:434:3 | SingletonOverride2 | +| calls.rb:427:9:427:12 | self | calls.rb:420:1:434:3 | SingletonOverride2 | +| calls.rb:428:9:428:44 | call to puts | calls.rb:420:1:434:3 | SingletonOverride2 | +| calls.rb:428:9:428:44 | self | calls.rb:420:1:434:3 | SingletonOverride2 | +| calls.rb:428:14:428:44 | "SingletonOverride2#singleton2" | calls.rb:420:1:434:3 | SingletonOverride2 | +| calls.rb:428:15:428:43 | SingletonOverride2#singleton2 | calls.rb:420:1:434:3 | SingletonOverride2 | +| calls.rb:431:5:433:7 | instance1 | calls.rb:420:1:434:3 | SingletonOverride2 | +| calls.rb:432:9:432:43 | call to puts | calls.rb:420:1:434:3 | SingletonOverride2 | +| calls.rb:432:9:432:43 | self | calls.rb:420:1:434:3 | SingletonOverride2 | +| calls.rb:432:14:432:43 | "SingletonOverride2#instance1" | calls.rb:420:1:434:3 | SingletonOverride2 | +| calls.rb:432:15:432:42 | SingletonOverride2#instance1 | calls.rb:420:1:434:3 | SingletonOverride2 | +| calls.rb:436:1:436:18 | SingletonOverride2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:436:1:436:29 | call to singleton1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:437:1:437:18 | SingletonOverride2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:437:1:437:29 | call to singleton2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:438:1:438:18 | SingletonOverride2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:438:1:438:34 | call to call_singleton1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:439:1:439:18 | SingletonOverride2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:439:1:439:34 | call to call_singleton2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:441:1:469:3 | ConditionalInstanceMethods | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:442:5:446:7 | if ... | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:442:8:442:13 | call to rand | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:442:8:442:13 | self | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:442:8:442:17 | ... > ... | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:442:17:442:17 | 0 | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:442:19:445:11 | then ... | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:443:9:445:11 | m1 | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:444:13:444:48 | call to puts | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:444:13:444:48 | self | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:444:18:444:48 | "ConditionalInstanceMethods#m1" | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:444:19:444:47 | ConditionalInstanceMethods#m1 | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:448:5:460:7 | m2 | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:449:9:449:44 | call to puts | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:449:9:449:44 | self | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:449:14:449:44 | "ConditionalInstanceMethods#m2" | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:449:15:449:43 | ConditionalInstanceMethods#m2 | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:451:9:457:11 | m3 | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:452:13:452:48 | call to puts | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:452:13:452:48 | self | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:452:18:452:48 | "ConditionalInstanceMethods#m3" | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:452:19:452:47 | ConditionalInstanceMethods#m3 | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:454:13:456:15 | m4 | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:455:17:455:52 | call to puts | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:455:17:455:52 | self | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:455:22:455:52 | "ConditionalInstanceMethods#m4" | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:455:23:455:51 | ConditionalInstanceMethods#m4 | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:459:9:459:10 | call to m3 | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:459:9:459:10 | self | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:462:5:468:7 | if ... | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:462:8:462:13 | call to rand | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:462:8:462:13 | self | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:462:8:462:17 | ... > ... | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:462:17:462:17 | 0 | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:462:19:467:18 | then ... | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:463:9:463:13 | Class | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:463:9:467:11 | call to new | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:463:9:467:15 | call to new | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:463:9:467:18 | call to m5 | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:463:19:467:11 | do ... end | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:464:13:466:15 | m5 | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:465:17:465:40 | call to puts | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:465:17:465:40 | self | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:465:22:465:40 | "AnonymousClass#m5" | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:465:23:465:39 | AnonymousClass#m5 | calls.rb:441:1:469:3 | ConditionalInstanceMethods | +| calls.rb:471:1:471:26 | ConditionalInstanceMethods | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:471:1:471:30 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:471:1:471:33 | call to m1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:472:1:472:26 | ConditionalInstanceMethods | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:472:1:472:30 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:472:1:472:33 | call to m3 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:473:1:473:26 | ConditionalInstanceMethods | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:473:1:473:30 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:473:1:473:33 | call to m2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:474:1:474:26 | ConditionalInstanceMethods | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:474:1:474:30 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:474:1:474:33 | call to m3 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:475:1:475:26 | ConditionalInstanceMethods | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:475:1:475:30 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:475:1:475:33 | call to m4 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:476:1:476:26 | ConditionalInstanceMethods | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:476:1:476:30 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:476:1:476:33 | call to m5 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:478:1:478:23 | EsotericInstanceMethods | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:478:1:496:3 | ... = ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:478:27:478:31 | Class | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:478:27:496:3 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:478:37:496:3 | do ... end | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:479:5:479:11 | Array | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:479:5:479:11 | [...] | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:479:5:479:11 | call to [] | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:479:5:483:7 | call to each | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:479:6:479:6 | 0 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:479:8:479:8 | 1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:479:10:479:10 | 2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:479:18:483:7 | do ... end | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:480:9:482:11 | foo | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:481:13:481:22 | call to puts | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:481:13:481:22 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:481:18:481:22 | "foo" | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:481:19:481:21 | foo | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:485:5:485:9 | Class | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:485:5:489:7 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:485:5:489:11 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:485:5:489:15 | call to bar | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:485:15:489:7 | do ... end | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:486:9:488:11 | bar | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:487:13:487:22 | call to puts | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:487:13:487:22 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:487:18:487:22 | "bar" | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:487:19:487:21 | bar | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:491:5:491:11 | Array | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:491:5:491:11 | [...] | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:491:5:491:11 | call to [] | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:491:5:495:7 | call to each | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:491:6:491:6 | 0 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:491:8:491:8 | 1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:491:10:491:10 | 2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:491:18:495:7 | do ... end | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:491:22:491:22 | i | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:491:22:491:22 | i | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:492:9:494:11 | call to define_method | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:492:9:494:11 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:492:23:492:32 | "baz_#{...}" | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:492:24:492:27 | baz_ | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:492:28:492:31 | #{...} | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:492:30:492:30 | i | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:492:35:494:11 | do ... end | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:493:13:493:27 | call to puts | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:493:13:493:27 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:493:18:493:27 | "baz_#{...}" | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:493:19:493:22 | baz_ | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:493:23:493:26 | #{...} | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:493:25:493:25 | i | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:498:1:498:23 | EsotericInstanceMethods | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:498:1:498:27 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:498:1:498:31 | call to foo | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:499:1:499:23 | EsotericInstanceMethods | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:499:1:499:27 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:499:1:499:31 | call to bar | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:500:1:500:23 | EsotericInstanceMethods | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:500:1:500:27 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:500:1:500:33 | call to baz_0 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:501:1:501:23 | EsotericInstanceMethods | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:501:1:501:27 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:501:1:501:33 | call to baz_1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:502:1:502:23 | EsotericInstanceMethods | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:502:1:502:27 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:502:1:502:33 | call to baz_2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:504:1:510:3 | ExtendSingletonMethod | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:505:5:507:7 | singleton | calls.rb:504:1:510:3 | ExtendSingletonMethod | +| calls.rb:506:9:506:46 | call to puts | calls.rb:504:1:510:3 | ExtendSingletonMethod | +| calls.rb:506:9:506:46 | self | calls.rb:504:1:510:3 | ExtendSingletonMethod | +| calls.rb:506:14:506:46 | "ExtendSingletonMethod#singleton" | calls.rb:504:1:510:3 | ExtendSingletonMethod | +| calls.rb:506:15:506:45 | ExtendSingletonMethod#singleton | calls.rb:504:1:510:3 | ExtendSingletonMethod | +| calls.rb:509:5:509:15 | call to extend | calls.rb:504:1:510:3 | ExtendSingletonMethod | +| calls.rb:509:5:509:15 | self | calls.rb:504:1:510:3 | ExtendSingletonMethod | +| calls.rb:509:12:509:15 | self | calls.rb:504:1:510:3 | ExtendSingletonMethod | +| calls.rb:512:1:512:21 | ExtendSingletonMethod | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:512:1:512:31 | call to singleton | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:514:1:516:3 | ExtendSingletonMethod2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:515:5:515:32 | call to extend | calls.rb:514:1:516:3 | ExtendSingletonMethod2 | +| calls.rb:515:5:515:32 | self | calls.rb:514:1:516:3 | ExtendSingletonMethod2 | +| calls.rb:515:12:515:32 | ExtendSingletonMethod | calls.rb:514:1:516:3 | ExtendSingletonMethod2 | +| calls.rb:518:1:518:22 | ExtendSingletonMethod2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:518:1:518:32 | call to singleton | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:520:1:521:3 | ExtendSingletonMethod3 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:523:1:523:22 | ExtendSingletonMethod3 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:523:1:523:51 | call to extend | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:523:31:523:51 | ExtendSingletonMethod | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:525:1:525:22 | ExtendSingletonMethod3 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:525:1:525:32 | call to singleton | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:527:1:527:3 | foo | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:527:1:527:13 | ... = ... | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:527:7:527:13 | "hello" | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:527:8:527:12 | hello | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:528:1:528:3 | foo | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:528:1:528:13 | call to singleton | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:529:1:529:3 | foo | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:529:1:529:32 | call to extend | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:529:12:529:32 | ExtendSingletonMethod | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:531:1:531:3 | foo | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:531:1:531:13 | call to singleton | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:533:1:537:3 | ProtectedMethodInModule | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:534:5:536:7 | call to protected | calls.rb:533:1:537:3 | ProtectedMethodInModule | +| calls.rb:534:5:536:7 | self | calls.rb:533:1:537:3 | ProtectedMethodInModule | +| calls.rb:534:15:536:7 | foo | calls.rb:533:1:537:3 | ProtectedMethodInModule | +| calls.rb:535:9:535:42 | call to puts | calls.rb:533:1:537:3 | ProtectedMethodInModule | +| calls.rb:535:9:535:42 | self | calls.rb:533:1:537:3 | ProtectedMethodInModule | +| calls.rb:535:14:535:42 | "ProtectedMethodInModule#foo" | calls.rb:533:1:537:3 | ProtectedMethodInModule | +| calls.rb:535:15:535:41 | ProtectedMethodInModule#foo | calls.rb:533:1:537:3 | ProtectedMethodInModule | +| calls.rb:539:1:552:3 | ProtectedMethods | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:540:5:540:35 | call to include | calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:540:5:540:35 | self | calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:540:13:540:35 | ProtectedMethodInModule | calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:542:5:544:7 | call to protected | calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:542:5:544:7 | self | calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:542:15:544:7 | bar | calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:543:9:543:35 | call to puts | calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:543:9:543:35 | self | calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:543:14:543:35 | "ProtectedMethods#bar" | calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:543:15:543:34 | ProtectedMethods#bar | calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:546:5:551:7 | baz | calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:547:9:547:11 | call to foo | calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:547:9:547:11 | self | calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:548:9:548:11 | call to bar | calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:548:9:548:11 | self | calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:549:9:549:24 | ProtectedMethods | calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:549:9:549:28 | call to new | calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:549:9:549:32 | call to foo | calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:550:9:550:24 | ProtectedMethods | calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:550:9:550:28 | call to new | calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:550:9:550:32 | call to bar | calls.rb:539:1:552:3 | ProtectedMethods | +| calls.rb:554:1:554:16 | ProtectedMethods | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:554:1:554:20 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:554:1:554:24 | call to foo | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:555:1:555:16 | ProtectedMethods | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:555:1:555:20 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:555:1:555:24 | call to bar | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:556:1:556:16 | ProtectedMethods | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:556:1:556:20 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:556:1:556:24 | call to baz | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:558:1:563:3 | ProtectedMethodsSub | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:558:29:558:44 | ProtectedMethods | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:559:5:562:7 | baz | calls.rb:558:1:563:3 | ProtectedMethodsSub | +| calls.rb:560:9:560:11 | call to foo | calls.rb:558:1:563:3 | ProtectedMethodsSub | +| calls.rb:560:9:560:11 | self | calls.rb:558:1:563:3 | ProtectedMethodsSub | +| calls.rb:561:9:561:27 | ProtectedMethodsSub | calls.rb:558:1:563:3 | ProtectedMethodsSub | +| calls.rb:561:9:561:31 | call to new | calls.rb:558:1:563:3 | ProtectedMethodsSub | +| calls.rb:561:9:561:35 | call to foo | calls.rb:558:1:563:3 | ProtectedMethodsSub | +| calls.rb:565:1:565:19 | ProtectedMethodsSub | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:565:1:565:23 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:565:1:565:27 | call to foo | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:566:1:566:19 | ProtectedMethodsSub | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:566:1:566:23 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:566:1:566:27 | call to bar | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:567:1:567:19 | ProtectedMethodsSub | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:567:1:567:23 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:567:1:567:27 | call to baz | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:569:1:569:7 | Array | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:569:1:569:7 | [...] | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:569:1:569:7 | call to [] | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:569:1:569:26 | call to each | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:569:2:569:2 | C | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:569:2:569:6 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:569:14:569:26 | { ... } | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:569:17:569:17 | c | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:569:17:569:17 | c | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:569:20:569:20 | c | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:569:20:569:24 | call to baz | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:570:1:570:13 | Array | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:570:1:570:13 | [...] | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:570:1:570:13 | call to [] | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:570:1:570:39 | call to each | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:570:2:570:4 | "a" | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:570:3:570:3 | a | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:570:6:570:8 | "b" | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:570:7:570:7 | b | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:570:10:570:12 | "c" | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:570:11:570:11 | c | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:570:20:570:39 | { ... } | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:570:23:570:23 | s | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:570:23:570:23 | s | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:570:26:570:26 | s | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:570:26:570:37 | call to capitalize | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:572:1:575:3 | SingletonUpCall_Base | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:573:5:574:7 | singleton | calls.rb:572:1:575:3 | SingletonUpCall_Base | +| calls.rb:573:9:573:12 | self | calls.rb:572:1:575:3 | SingletonUpCall_Base | +| calls.rb:576:1:583:3 | SingletonUpCall_Sub | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:576:29:576:48 | SingletonUpCall_Base | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:577:5:577:13 | call to singleton | calls.rb:576:1:583:3 | SingletonUpCall_Sub | +| calls.rb:577:5:577:13 | self | calls.rb:576:1:583:3 | SingletonUpCall_Sub | +| calls.rb:578:5:578:14 | call to singleton2 | calls.rb:576:1:583:3 | SingletonUpCall_Sub | +| calls.rb:578:5:578:14 | self | calls.rb:576:1:583:3 | SingletonUpCall_Sub | +| calls.rb:579:5:582:7 | mid_method | calls.rb:576:1:583:3 | SingletonUpCall_Sub | +| calls.rb:579:9:579:12 | self | calls.rb:576:1:583:3 | SingletonUpCall_Sub | +| calls.rb:580:9:580:17 | call to singleton | calls.rb:576:1:583:3 | SingletonUpCall_Sub | +| calls.rb:580:9:580:17 | self | calls.rb:576:1:583:3 | SingletonUpCall_Sub | +| calls.rb:581:9:581:18 | call to singleton2 | calls.rb:576:1:583:3 | SingletonUpCall_Sub | +| calls.rb:581:9:581:18 | self | calls.rb:576:1:583:3 | SingletonUpCall_Sub | +| calls.rb:584:1:589:3 | SingletonUpCall_SubSub | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:584:32:584:50 | SingletonUpCall_Sub | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:585:5:586:7 | singleton2 | calls.rb:584:1:589:3 | SingletonUpCall_SubSub | +| calls.rb:585:9:585:12 | self | calls.rb:584:1:589:3 | SingletonUpCall_SubSub | +| calls.rb:588:5:588:14 | call to mid_method | calls.rb:584:1:589:3 | SingletonUpCall_SubSub | +| calls.rb:588:5:588:14 | self | calls.rb:584:1:589:3 | SingletonUpCall_SubSub | +| calls.rb:591:1:602:3 | SingletonA | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:592:5:593:7 | singleton1 | calls.rb:591:1:602:3 | SingletonA | +| calls.rb:592:9:592:12 | self | calls.rb:591:1:602:3 | SingletonA | +| calls.rb:595:5:597:7 | call_singleton1 | calls.rb:591:1:602:3 | SingletonA | +| calls.rb:595:9:595:12 | self | calls.rb:591:1:602:3 | SingletonA | +| calls.rb:596:9:596:18 | call to singleton1 | calls.rb:591:1:602:3 | SingletonA | +| calls.rb:596:9:596:18 | self | calls.rb:591:1:602:3 | SingletonA | +| calls.rb:599:5:601:7 | call_call_singleton1 | calls.rb:591:1:602:3 | SingletonA | +| calls.rb:599:9:599:12 | self | calls.rb:591:1:602:3 | SingletonA | +| calls.rb:600:9:600:23 | call to call_singleton1 | calls.rb:591:1:602:3 | SingletonA | +| calls.rb:600:9:600:23 | self | calls.rb:591:1:602:3 | SingletonA | +| calls.rb:604:1:611:3 | SingletonB | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:604:20:604:29 | SingletonA | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:605:5:606:7 | singleton1 | calls.rb:604:1:611:3 | SingletonB | +| calls.rb:605:9:605:12 | self | calls.rb:604:1:611:3 | SingletonB | +| calls.rb:608:5:610:7 | call_singleton1 | calls.rb:604:1:611:3 | SingletonB | +| calls.rb:608:9:608:12 | self | calls.rb:604:1:611:3 | SingletonB | +| calls.rb:609:9:609:18 | call to singleton1 | calls.rb:604:1:611:3 | SingletonB | +| calls.rb:609:9:609:18 | self | calls.rb:604:1:611:3 | SingletonB | +| calls.rb:613:1:620:3 | SingletonC | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:613:20:613:29 | SingletonA | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:614:5:615:7 | singleton1 | calls.rb:613:1:620:3 | SingletonC | +| calls.rb:614:9:614:12 | self | calls.rb:613:1:620:3 | SingletonC | +| calls.rb:617:5:619:7 | call_singleton1 | calls.rb:613:1:620:3 | SingletonC | +| calls.rb:617:9:617:12 | self | calls.rb:613:1:620:3 | SingletonC | +| calls.rb:618:9:618:18 | call to singleton1 | calls.rb:613:1:620:3 | SingletonC | +| calls.rb:618:9:618:18 | self | calls.rb:613:1:620:3 | SingletonC | +| calls.rb:622:1:622:10 | SingletonA | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:622:1:622:31 | call to call_call_singleton1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:623:1:623:10 | SingletonB | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:623:1:623:31 | call to call_call_singleton1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:624:1:624:10 | SingletonC | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:624:1:624:31 | call to call_call_singleton1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:626:1:632:3 | Included | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:627:5:629:7 | foo | calls.rb:626:1:632:3 | Included | +| calls.rb:628:9:628:12 | self | calls.rb:626:1:632:3 | Included | +| calls.rb:628:9:628:16 | call to bar | calls.rb:626:1:632:3 | Included | +| calls.rb:630:5:631:7 | bar | calls.rb:626:1:632:3 | Included | +| calls.rb:634:1:639:3 | IncludesIncluded | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:635:5:635:20 | call to include | calls.rb:634:1:639:3 | IncludesIncluded | +| calls.rb:635:5:635:20 | self | calls.rb:634:1:639:3 | IncludesIncluded | +| calls.rb:635:13:635:20 | Included | calls.rb:634:1:639:3 | IncludesIncluded | +| calls.rb:636:5:638:7 | bar | calls.rb:634:1:639:3 | IncludesIncluded | +| calls.rb:637:9:637:13 | super call to bar | calls.rb:634:1:639:3 | IncludesIncluded | +| calls.rb:641:1:645:3 | CustomNew1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:642:5:644:7 | new | calls.rb:641:1:645:3 | CustomNew1 | +| calls.rb:642:9:642:12 | self | calls.rb:641:1:645:3 | CustomNew1 | +| calls.rb:643:9:643:10 | C1 | calls.rb:641:1:645:3 | CustomNew1 | +| calls.rb:643:9:643:14 | call to new | calls.rb:641:1:645:3 | CustomNew1 | +| calls.rb:647:1:647:10 | CustomNew1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:647:1:647:14 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:647:1:647:23 | call to instance | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:649:1:657:3 | CustomNew2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:650:5:652:7 | new | calls.rb:649:1:657:3 | CustomNew2 | +| calls.rb:650:9:650:12 | self | calls.rb:649:1:657:3 | CustomNew2 | +| calls.rb:651:9:651:12 | self | calls.rb:649:1:657:3 | CustomNew2 | +| calls.rb:651:9:651:21 | call to allocate | calls.rb:649:1:657:3 | CustomNew2 | +| calls.rb:654:5:656:7 | instance | calls.rb:649:1:657:3 | CustomNew2 | +| calls.rb:655:9:655:34 | call to puts | calls.rb:649:1:657:3 | CustomNew2 | +| calls.rb:655:9:655:34 | self | calls.rb:649:1:657:3 | CustomNew2 | +| calls.rb:655:14:655:34 | "CustomNew2#instance" | calls.rb:649:1:657:3 | CustomNew2 | +| calls.rb:655:15:655:33 | CustomNew2#instance | calls.rb:649:1:657:3 | CustomNew2 | +| calls.rb:659:1:659:10 | CustomNew2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:659:1:659:14 | call to new | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:659:1:659:23 | call to instance | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:661:1:665:3 | capture_parameter | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:661:23:661:23 | x | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:661:23:661:23 | x | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:662:5:662:11 | Array | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:662:5:662:11 | [...] | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:662:5:662:11 | call to [] | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:662:5:664:7 | call to each | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:662:6:662:6 | 0 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:662:8:662:8 | 1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:662:10:662:10 | 2 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:662:18:664:7 | do ... end | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:663:9:663:9 | x | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:667:1:667:26 | ( ... ) | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:667:1:667:35 | call to instance | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:667:2:667:25 | call to capture_parameter | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:667:2:667:25 | self | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:667:20:667:21 | C1 | calls.rb:1:1:667:52 | calls.rb | +| calls.rb:667:20:667:25 | call to new | calls.rb:1:1:667:52 | calls.rb | | hello.rb:1:1:8:3 | EnglishWords | hello.rb:1:1:22:3 | hello.rb | | hello.rb:2:5:4:7 | hello | hello.rb:1:1:8:3 | EnglishWords | | hello.rb:3:9:3:22 | return | hello.rb:1:1:8:3 | EnglishWords | diff --git a/ruby/ql/test/library-tests/modules/superclasses.expected b/ruby/ql/test/library-tests/modules/superclasses.expected index a2c3473098b..358fe7fb4e9 100644 --- a/ruby/ql/test/library-tests/modules/superclasses.expected +++ b/ruby/ql/test/library-tests/modules/superclasses.expected @@ -90,62 +90,62 @@ calls.rb: # 325| C1 #-----| -> Object -# 331| C2 +# 335| C2 #-----| -> C1 -# 337| C3 +# 341| C3 #-----| -> C2 -# 377| SingletonOverride1 +# 385| SingletonOverride1 #-----| -> Object -# 412| SingletonOverride2 +# 420| SingletonOverride2 #-----| -> SingletonOverride1 -# 433| ConditionalInstanceMethods +# 441| ConditionalInstanceMethods #-----| -> Object -# 496| ExtendSingletonMethod +# 504| ExtendSingletonMethod -# 506| ExtendSingletonMethod2 +# 514| ExtendSingletonMethod2 -# 512| ExtendSingletonMethod3 +# 520| ExtendSingletonMethod3 -# 525| ProtectedMethodInModule +# 533| ProtectedMethodInModule -# 531| ProtectedMethods +# 539| ProtectedMethods #-----| -> Object -# 550| ProtectedMethodsSub +# 558| ProtectedMethodsSub #-----| -> ProtectedMethods -# 564| SingletonUpCall_Base +# 572| SingletonUpCall_Base #-----| -> Object -# 568| SingletonUpCall_Sub +# 576| SingletonUpCall_Sub #-----| -> SingletonUpCall_Base -# 576| SingletonUpCall_SubSub +# 584| SingletonUpCall_SubSub #-----| -> SingletonUpCall_Sub -# 583| SingletonA +# 591| SingletonA #-----| -> Object -# 596| SingletonB +# 604| SingletonB #-----| -> SingletonA -# 605| SingletonC +# 613| SingletonC #-----| -> SingletonA -# 618| Included +# 626| Included -# 626| IncludesIncluded +# 634| IncludesIncluded #-----| -> Object -# 633| CustomNew1 +# 641| CustomNew1 #-----| -> Object -# 641| CustomNew2 +# 649| CustomNew2 #-----| -> Object hello.rb: From 826b6219a0bb35104d1ce644119b387e63eb7e34 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 8 May 2023 11:39:38 +0200 Subject: [PATCH 366/870] Ruby: Include `self` parameters in type tracking flow-through logic --- .../ruby/dataflow/internal/DataFlowPrivate.qll | 12 ++++++++---- .../codeql/ruby/typetracking/TypeTrackerSpecific.qll | 6 ++---- .../ql/test/library-tests/modules/callgraph.expected | 1 + 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll index 18abb552709..cbdb38d5803 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll @@ -940,6 +940,12 @@ private class NewCall extends DataFlowCall { abstract class ReturningNode extends Node { /** Gets the kind of this return node. */ abstract ReturnKind getKind(); + + pragma[nomagic] + predicate hasKind(ReturnKind kind, CfgScope scope) { + kind = this.getKind() and + scope = this.(NodeImpl).getCfgScope() + } } /** A data-flow node that represents a value returned by a callable. */ @@ -1060,10 +1066,8 @@ private module ReturnNodes { SynthReturnNode() { this = TSynthReturnNode(scope, kind) } /** Gets a syntactic return node that flows into this synthetic node. */ - ReturningNode getAnInput() { - result.(NodeImpl).getCfgScope() = scope and - result.getKind() = kind - } + pragma[nomagic] + ReturningNode getAnInput() { result.hasKind(kind, scope) } override ReturnKind getKind() { result = kind } diff --git a/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll b/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll index 69ac88c777e..7402b9ea18e 100644 --- a/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll +++ b/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll @@ -80,10 +80,8 @@ predicate jumpStep = DataFlowPrivate::jumpStep/2; pragma[nomagic] private predicate flowThrough(DataFlowPublic::ParameterNode param) { exists(DataFlowPrivate::ReturningNode returnNode, DataFlowDispatch::ReturnKind rk | - DataFlowPrivate::LocalFlow::getParameterDefNode(param.getParameter()) - .(TypeTrackingNode) - .flowsTo(returnNode) and - rk = returnNode.getKind() + param.flowsTo(returnNode) and + returnNode.hasKind(rk, param.(DataFlowPrivate::NodeImpl).getCfgScope()) | rk instanceof DataFlowDispatch::NormalReturnKind or diff --git a/ruby/ql/test/library-tests/modules/callgraph.expected b/ruby/ql/test/library-tests/modules/callgraph.expected index 01b57aab2f8..cadc31e6940 100644 --- a/ruby/ql/test/library-tests/modules/callgraph.expected +++ b/ruby/ql/test/library-tests/modules/callgraph.expected @@ -153,6 +153,7 @@ getTarget | calls.rb:383:1:383:23 | call to instance | calls.rb:326:5:328:7 | instance | | calls.rb:383:1:383:23 | call to instance | calls.rb:336:5:338:7 | instance | | calls.rb:383:1:383:23 | call to instance | calls.rb:342:5:344:7 | instance | +| calls.rb:383:1:383:23 | call to instance | calls.rb:375:5:377:7 | instance | | calls.rb:388:13:388:48 | call to puts | calls.rb:102:5:102:30 | puts | | calls.rb:392:13:392:22 | call to singleton1 | calls.rb:387:9:389:11 | singleton1 | | calls.rb:392:13:392:22 | call to singleton1 | calls.rb:422:9:424:11 | singleton1 | From 4781881a6a8111b5d3c079df2be8c4b41b88336e Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 15 May 2023 14:43:01 +0100 Subject: [PATCH 367/870] Swift: Improve mobile/phone number regexp. --- swift/ql/lib/codeql/swift/security/SensitiveExprs.qll | 2 +- .../query-tests/Security/CWE-311/CleartextTransmission.expected | 2 -- .../test/query-tests/Security/CWE-311/SensitiveExprs.expected | 1 - swift/ql/test/query-tests/Security/CWE-311/testSend.swift | 2 +- 4 files changed, 2 insertions(+), 5 deletions(-) diff --git a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll index c1bc5d0bd50..91f824aa5f2 100644 --- a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll +++ b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll @@ -48,7 +48,7 @@ class SensitivePrivateInfo extends SensitiveDataType, TPrivateInfo { // Contact information, such as home addresses "post.?code|zip.?code|home.?address|" + // and telephone numbers - "telephone|home.?phone|mobile|fax.?no|fax.?number|" + + "(mob(ile)?|home).?(num|no|tel|phone)|(tel|fax).?(num|no)|telephone|" + // Geographic location - where the user is (or was) "latitude|longitude|" + // Financial data - such as credit card numbers, salary, bank accounts, and debts diff --git a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected index 32a04544c2f..94272faf6d0 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected @@ -38,7 +38,6 @@ nodes | testSend.swift:61:27:61:27 | str3 | semmle.label | str3 | | testSend.swift:65:27:65:27 | license_key | semmle.label | license_key | | testSend.swift:66:27:66:30 | .mobileNumber | semmle.label | .mobileNumber | -| testSend.swift:68:27:68:30 | .mobilePlayer | semmle.label | .mobilePlayer | | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | | testURL.swift:13:54:13:54 | passwd | semmle.label | passwd | | testURL.swift:16:22:16:55 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | @@ -58,7 +57,6 @@ subpaths | testSend.swift:61:27:61:27 | str3 | testSend.swift:54:17:54:17 | password | testSend.swift:61:27:61:27 | str3 | This operation transmits 'str3', which may contain unencrypted sensitive data from $@. | testSend.swift:54:17:54:17 | password | password | | testSend.swift:65:27:65:27 | license_key | testSend.swift:65:27:65:27 | license_key | testSend.swift:65:27:65:27 | license_key | This operation transmits 'license_key', which may contain unencrypted sensitive data from $@. | testSend.swift:65:27:65:27 | license_key | license_key | | testSend.swift:66:27:66:30 | .mobileNumber | testSend.swift:66:27:66:30 | .mobileNumber | testSend.swift:66:27:66:30 | .mobileNumber | This operation transmits '.mobileNumber', which may contain unencrypted sensitive data from $@. | testSend.swift:66:27:66:30 | .mobileNumber | .mobileNumber | -| testSend.swift:68:27:68:30 | .mobilePlayer | testSend.swift:68:27:68:30 | .mobilePlayer | testSend.swift:68:27:68:30 | .mobilePlayer | This operation transmits '.mobilePlayer', which may contain unencrypted sensitive data from $@. | testSend.swift:68:27:68:30 | .mobilePlayer | .mobilePlayer | | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | testURL.swift:13:54:13:54 | passwd | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:13:54:13:54 | passwd | passwd | | testURL.swift:16:22:16:55 | ... .+(_:_:) ... | testURL.swift:16:55:16:55 | credit_card_no | testURL.swift:16:22:16:55 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:16:55:16:55 | credit_card_no | credit_card_no | | testURL.swift:20:22:20:22 | passwd | testURL.swift:20:22:20:22 | passwd | testURL.swift:20:22:20:22 | passwd | This operation transmits 'passwd', which may contain unencrypted sensitive data from $@. | testURL.swift:20:22:20:22 | passwd | passwd | diff --git a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected index ebda7360324..20e1757c132 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected @@ -128,7 +128,6 @@ | testSend.swift:57:27:57:27 | password | label:password, type:credential | | testSend.swift:65:27:65:27 | license_key | label:license_key, type:credential | | testSend.swift:66:27:66:30 | .mobileNumber | label:mobileNumber, type:private information | -| testSend.swift:68:27:68:30 | .mobilePlayer | label:mobilePlayer, type:private information | | testSend.swift:69:27:69:30 | .passwordFeatureEnabled | label:passwordFeatureEnabled, type:credential | | testURL.swift:13:54:13:54 | passwd | label:passwd, type:credential | | testURL.swift:16:55:16:55 | credit_card_no | label:credit_card_no, type:private information | diff --git a/swift/ql/test/query-tests/Security/CWE-311/testSend.swift b/swift/ql/test/query-tests/Security/CWE-311/testSend.swift index ee6bf6beaf5..e7021f6e99a 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/testSend.swift +++ b/swift/ql/test/query-tests/Security/CWE-311/testSend.swift @@ -65,6 +65,6 @@ func test2(password : String, license_key: String, ms: MyStruct, connection : NW connection.send(content: license_key, completion: .idempotent) // BAD connection.send(content: ms.mobileNumber, completion: .idempotent) // BAD connection.send(content: ms.mobileUrl, completion: .idempotent) // GOOD (not sensitive) - connection.send(content: ms.mobilePlayer, completion: .idempotent) // GOOD (not sensitive) [FALSE POSITIVE] + connection.send(content: ms.mobilePlayer, completion: .idempotent) // GOOD (not sensitive) connection.send(content: ms.passwordFeatureEnabled, completion: .idempotent) // GOOD (not sensitive) } From d9893596569d73046c75f34cec707a77f7efc1d2 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Mon, 15 May 2023 14:38:09 +0200 Subject: [PATCH 368/870] add another example to the qhelp in poly-redos, showing how to just limit the length of the input --- .../CWE/CWE-730/PolynomialReDoS.qhelp | 29 +++++++++++++++++++ .../ql/src/Performance/PolynomialReDoS.qhelp | 28 ++++++++++++++++++ .../Security/CWE-730/PolynomialReDoS.qhelp | 28 ++++++++++++++++++ .../security/cwe-1333/PolynomialReDoS.qhelp | 29 +++++++++++++++++++ 4 files changed, 114 insertions(+) diff --git a/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.qhelp b/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.qhelp index dbb1f4c37f5..bd91517ca80 100644 --- a/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.qhelp +++ b/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.qhelp @@ -103,6 +103,35 @@ + +

    + Sometimes it's unclear how a regular expression can be rewritten to + avoid the problem. In such cases, it often suffices to limit the + length of the input string. For instance, the following complicated + regular expression is used to match numbers, and on some non-number + inputs it can have quadratic time complexity: +

    + + + Pattern.matches("^(\\+|-)?(\\d+|(\\d*\\.\\d*))?(E|e)?([-+])?(\\d+)?$", str); + + +

    + It's not immediately obvious how to rewrite this regular expression + to avoid the problem. However, it might be fine to limit the length + to 1000 characters, which will always finish in a reasonable amount + of time. +

    + + + if (str.length() > 1000) { + throw new IllegalArgumentException("Input too long"); + } + + Pattern.matches("^(\\+|-)?(\\d+|(\\d*\\.\\d*))?(E|e)?([-+])?(\\d+)?$", str); + +     + diff --git a/javascript/ql/src/Performance/PolynomialReDoS.qhelp b/javascript/ql/src/Performance/PolynomialReDoS.qhelp index 210a4a8a84b..9378b78705e 100644 --- a/javascript/ql/src/Performance/PolynomialReDoS.qhelp +++ b/javascript/ql/src/Performance/PolynomialReDoS.qhelp @@ -103,6 +103,34 @@ + +

    + Sometimes it's unclear how a regular expression can be rewritten to + avoid the problem. In such cases, it often suffices to limit the + length of the input string. For instance, the following complicated + regular expression is used to match numbers, and on some non-number + inputs it can have quadratic time complexity: +

    + + + /^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.test(str) // BAD + + +

    + It's not immediately obvious how to rewrite this regular expression + to avoid the problem. However, it might be fine to limit the length + to 1000 characters, which will always finish in a reasonable amount + of time. +

    + + + if (str.length > 1000) { + throw new Error("Input too long"); + } + /^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.test(str) + +     + diff --git a/python/ql/src/Security/CWE-730/PolynomialReDoS.qhelp b/python/ql/src/Security/CWE-730/PolynomialReDoS.qhelp index fa8a3563d23..6f3e1d8c443 100644 --- a/python/ql/src/Security/CWE-730/PolynomialReDoS.qhelp +++ b/python/ql/src/Security/CWE-730/PolynomialReDoS.qhelp @@ -103,6 +103,34 @@ + +

    + Sometimes it's unclear how a regular expression can be rewritten to + avoid the problem. In such cases, it often suffices to limit the + length of the input string. For instance, the following complicated + regular expression is used to match numbers, and on some non-number + inputs it can have quadratic time complexity: +

    + + + match = re.search(r'^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$', str) + + +

    + It's not immediately obvious how to rewrite this regular expression + to avoid the problem. However, it might be fine to limit the length + to 1000 characters, which will always finish in a reasonable amount + of time. +

    + + + if len(str) > 1000: + raise ValueError("Input too long") + + match = re.search(r'^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$', str) + +     + diff --git a/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.qhelp b/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.qhelp index 0a93a3a245c..d9455a4e1bf 100644 --- a/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.qhelp +++ b/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.qhelp @@ -108,6 +108,35 @@ + +

    + Sometimes it's unclear how a regular expression can be rewritten to + avoid the problem. In such cases, it often suffices to limit the + length of the input string. For instance, the following complicated + regular expression is used to match numbers, and on some non-number + inputs it can have quadratic time complexity: +

    + + + is_matching = /^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.match?(str) + + +

    + It's not immediately obvious how to rewrite this regular expression + to avoid the problem. However, it might be fine to limit the length + to 1000 characters, which will always finish in a reasonable amount + of time. +

    + + + if str.length > 1000 + raise ArgumentError, "Input too long" + end + + is_matching = /^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.match?(str) + +     + From 83ca1495e095d10859299e4e5f55850637d34335 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Mon, 15 May 2023 14:45:57 +0200 Subject: [PATCH 369/870] trim the whitespace in the poly-redos examples --- .../Security/CWE/CWE-730/PolynomialReDoS.qhelp | 18 +++++++----------- .../ql/src/Performance/PolynomialReDoS.qhelp | 18 +++++++----------- .../src/Security/CWE-730/PolynomialReDoS.qhelp | 16 ++++++---------- .../security/cwe-1333/PolynomialReDoS.qhelp | 18 +++++++----------- 4 files changed, 27 insertions(+), 43 deletions(-) diff --git a/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.qhelp b/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.qhelp index bd91517ca80..5ace22a8fd8 100644 --- a/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.qhelp +++ b/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.qhelp @@ -15,8 +15,7 @@

    - Pattern.compile("^\\s+|\\s+$").matcher(text).replaceAll("") // BAD - +Pattern.compile("^\\s+|\\s+$").matcher(text).replaceAll("") // BAD

    @@ -71,8 +70,7 @@

    - "^0\\.\\d+E?\\d+$"" - +"^0\\.\\d+E?\\d+$""

    @@ -113,8 +111,7 @@

    - Pattern.matches("^(\\+|-)?(\\d+|(\\d*\\.\\d*))?(E|e)?([-+])?(\\d+)?$", str); - +Pattern.matches("^(\\+|-)?(\\d+|(\\d*\\.\\d*))?(E|e)?([-+])?(\\d+)?$", str);

    It's not immediately obvious how to rewrite this regular expression @@ -124,12 +121,11 @@

    - if (str.length() > 1000) { - throw new IllegalArgumentException("Input too long"); - } +if (str.length() > 1000) { + throw new IllegalArgumentException("Input too long"); +} - Pattern.matches("^(\\+|-)?(\\d+|(\\d*\\.\\d*))?(E|e)?([-+])?(\\d+)?$", str); - +Pattern.matches("^(\\+|-)?(\\d+|(\\d*\\.\\d*))?(E|e)?([-+])?(\\d+)?$", str); diff --git a/javascript/ql/src/Performance/PolynomialReDoS.qhelp b/javascript/ql/src/Performance/PolynomialReDoS.qhelp index 9378b78705e..4549d730324 100644 --- a/javascript/ql/src/Performance/PolynomialReDoS.qhelp +++ b/javascript/ql/src/Performance/PolynomialReDoS.qhelp @@ -15,8 +15,7 @@

    - text.replace(/^\s+|\s+$/g, ''); // BAD - +text.replace(/^\s+|\s+$/g, ''); // BAD

    @@ -71,8 +70,7 @@

    - /^0\.\d+E?\d+$/.test(str) // BAD - +/^0\.\d+E?\d+$/.test(str) // BAD

    @@ -113,8 +111,7 @@

    - /^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.test(str) // BAD - +/^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.test(str) // BAD

    It's not immediately obvious how to rewrite this regular expression @@ -124,11 +121,10 @@

    - if (str.length > 1000) { - throw new Error("Input too long"); - } - /^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.test(str) - +if (str.length > 1000) { + throw new Error("Input too long"); +} +/^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.test(str) diff --git a/python/ql/src/Security/CWE-730/PolynomialReDoS.qhelp b/python/ql/src/Security/CWE-730/PolynomialReDoS.qhelp index 6f3e1d8c443..201aadd1589 100644 --- a/python/ql/src/Security/CWE-730/PolynomialReDoS.qhelp +++ b/python/ql/src/Security/CWE-730/PolynomialReDoS.qhelp @@ -15,8 +15,7 @@

    - re.sub(r"^\s+|\s+$", "", text) # BAD - +re.sub(r"^\s+|\s+$", "", text) # BAD

    @@ -71,8 +70,7 @@

    - ^0\.\d+E?\d+$ # BAD - +^0\.\d+E?\d+$ # BAD

    @@ -113,8 +111,7 @@

    - match = re.search(r'^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$', str) - +match = re.search(r'^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$', str)

    It's not immediately obvious how to rewrite this regular expression @@ -124,11 +121,10 @@

    - if len(str) > 1000: - raise ValueError("Input too long") +if len(str) > 1000: + raise ValueError("Input too long") - match = re.search(r'^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$', str) - +match = re.search(r'^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$', str) diff --git a/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.qhelp b/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.qhelp index d9455a4e1bf..cded45f4171 100644 --- a/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.qhelp +++ b/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.qhelp @@ -15,8 +15,7 @@

    - text.gsub!(/^\s+|\s+$/, '') # BAD - +text.gsub!(/^\s+|\s+$/, '') # BAD

    @@ -74,8 +73,7 @@

    - /^0\.\d+E?\d+$/ # BAD - +/^0\.\d+E?\d+$/ # BAD

    @@ -118,8 +116,7 @@

    - is_matching = /^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.match?(str) - +is_matching = /^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.match?(str)

    It's not immediately obvious how to rewrite this regular expression @@ -129,12 +126,11 @@

    - if str.length > 1000 - raise ArgumentError, "Input too long" - end +if str.length > 1000 + raise ArgumentError, "Input too long" +end - is_matching = /^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.match?(str) - +is_matching = /^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.match?(str) From 7a338c408e6c0220eb16976de0e83926f2a64091 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Mon, 15 May 2023 17:23:40 +0200 Subject: [PATCH 370/870] fix typo, the variable in the example is called `items` --- .../Security/CWE-915/PrototypePollutingAssignment.inc.qhelp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.inc.qhelp b/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.inc.qhelp index b88457431bf..f4e972832c6 100644 --- a/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.inc.qhelp +++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.inc.qhelp @@ -35,8 +35,8 @@

    In the example below, the untrusted value req.params.id is used as the property name req.session.todos[id]. If a malicious user passes in the ID value __proto__, - the variable todo will then refer to Object.prototype. - Finally, the modification of todo then allows the attacker to inject arbitrary properties + the variable items will then refer to Object.prototype. + Finally, the modification of items then allows the attacker to inject arbitrary properties onto Object.prototype.

    From 2ebce99eae858989eebc331f841040e25f36e72f Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Mon, 15 May 2023 17:24:02 +0200 Subject: [PATCH 371/870] add another example of how to fix the prototype pollution issue --- .../PrototypePollutingAssignment.inc.qhelp | 6 ++++++ .../PrototypePollutingAssignmentFixed2.js | 16 ++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 javascript/ql/src/Security/CWE-915/examples/PrototypePollutingAssignmentFixed2.js diff --git a/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.inc.qhelp b/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.inc.qhelp index f4e972832c6..bb0cd344070 100644 --- a/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.inc.qhelp +++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.inc.qhelp @@ -48,6 +48,12 @@

    + +

    + Another way to fix it is to prevent the __proto__ property from being used as a key, as shown below: +

    + + diff --git a/javascript/ql/src/Security/CWE-915/examples/PrototypePollutingAssignmentFixed2.js b/javascript/ql/src/Security/CWE-915/examples/PrototypePollutingAssignmentFixed2.js new file mode 100644 index 00000000000..74bc9a18f24 --- /dev/null +++ b/javascript/ql/src/Security/CWE-915/examples/PrototypePollutingAssignmentFixed2.js @@ -0,0 +1,16 @@ +let express = require('express'); +let app = express() + +app.put('/todos/:id', (req, res) => { + let id = req.params.id; + if (id === '__proto__' || id === 'constructor' || id === 'prototype') { + res.end(403); + return; + } + let items = req.session.todos[id]; + if (!items) { + items = req.session.todos[id] = {}; + } + items[req.query.name] = req.query.text; + res.end(200); +}); From 7d79d87d48a8ae10d5f08db47a40d3c29de4291d Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Mon, 15 May 2023 17:39:35 +0200 Subject: [PATCH 372/870] Add XPath.evaluate as XXE sink --- .../semmle/code/java/security/XmlParsers.qll | 27 +++++++++++--- .../change-notes/2023-05-15-xpath-xxe-sink.md | 4 +++ .../CWE-611/XPathExpressionTests.java | 35 +++++++++++++------ .../query-tests/security/CWE-611/XXE.expected | 12 ++++--- 4 files changed, 59 insertions(+), 19 deletions(-) create mode 100644 java/ql/src/change-notes/2023-05-15-xpath-xxe-sink.md diff --git a/java/ql/lib/semmle/code/java/security/XmlParsers.qll b/java/ql/lib/semmle/code/java/security/XmlParsers.qll index dd28d8b0117..230b102bd5e 100644 --- a/java/ql/lib/semmle/code/java/security/XmlParsers.qll +++ b/java/ql/lib/semmle/code/java/security/XmlParsers.qll @@ -655,6 +655,11 @@ class XmlReader extends RefType { XmlReader() { this.hasQualifiedName("org.xml.sax", "XMLReader") } } +/** The class `org.xml.sax.InputSource`. */ +class InputSource extends Class { + InputSource() { this.hasQualifiedName("org.xml.sax", "InputSource") } +} + /** DEPRECATED: Alias for XmlReader */ deprecated class XMLReader = XmlReader; @@ -1164,22 +1169,34 @@ class XmlUnmarshal extends XmlParserCall { } /* XPathExpression: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#xpathexpression */ -/** The class `javax.xml.xpath.XPathExpression`. */ -class XPathExpression extends RefType { +/** The interface `javax.xml.xpath.XPathExpression`. */ +class XPathExpression extends Interface { XPathExpression() { this.hasQualifiedName("javax.xml.xpath", "XPathExpression") } } -/** A call to `XPathExpression.evaluate`. */ +/** The interface `java.xml.xpath.XPath`. */ +class XPath extends Interface { + XPath() { this.hasQualifiedName("javax.xml.xpath", "XPath") } +} + +/** A call to the method `evaluate` of the classes `XPathExpression` or `XPath`. */ class XPathEvaluate extends XmlParserCall { + Argument sink; + XPathEvaluate() { exists(Method m | this.getMethod() = m and - m.getDeclaringType() instanceof XPathExpression and m.hasName("evaluate") + | + m.getDeclaringType().getASourceSupertype*() instanceof XPathExpression and + sink = this.getArgument(0) + or + m.getDeclaringType().getASourceSupertype*() instanceof XPath and + sink = this.getArgument(1) ) } - override Expr getSink() { result = this.getArgument(0) } + override Expr getSink() { result = sink } override predicate isSafe() { none() } } diff --git a/java/ql/src/change-notes/2023-05-15-xpath-xxe-sink.md b/java/ql/src/change-notes/2023-05-15-xpath-xxe-sink.md new file mode 100644 index 00000000000..1696ffbd213 --- /dev/null +++ b/java/ql/src/change-notes/2023-05-15-xpath-xxe-sink.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The queries `java/xxe` and `java/xxe-local` now recognize the second argument of calls to `XPath.evaluate` as a sink. diff --git a/java/ql/test/query-tests/security/CWE-611/XPathExpressionTests.java b/java/ql/test/query-tests/security/CWE-611/XPathExpressionTests.java index 1d67b9a055f..e15c28e41e2 100644 --- a/java/ql/test/query-tests/security/CWE-611/XPathExpressionTests.java +++ b/java/ql/test/query-tests/security/CWE-611/XPathExpressionTests.java @@ -12,18 +12,33 @@ public class XPathExpressionTests { public void safeXPathExpression(Socket sock) throws Exception { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); - DocumentBuilder builder = factory.newDocumentBuilder(); - XPathFactory xFactory = XPathFactory.newInstance(); - XPath path = xFactory.newXPath(); - XPathExpression expr = path.compile(""); - expr.evaluate(builder.parse(sock.getInputStream())); //safe + factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + XPathFactory xFactory = XPathFactory.newInstance(); + XPath path = xFactory.newXPath(); + XPathExpression expr = path.compile(""); + expr.evaluate(builder.parse(sock.getInputStream())); // safe } public void unsafeExpressionTests(Socket sock) throws Exception { - XPathFactory xFactory = XPathFactory.newInstance(); - XPath path = xFactory.newXPath(); - XPathExpression expr = path.compile(""); - expr.evaluate(new InputSource(sock.getInputStream())); //unsafe + XPathFactory xFactory = XPathFactory.newInstance(); + XPath path = xFactory.newXPath(); + XPathExpression expr = path.compile(""); + expr.evaluate(new InputSource(sock.getInputStream())); // unsafe + } + + public void safeXPathEvaluateTest(Socket sock) throws Exception { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + XPathFactory xFactory = XPathFactory.newInstance(); + XPath path = xFactory.newXPath(); + path.evaluate("", builder.parse(sock.getInputStream())); + } + + public void unsafeXPathEvaluateTest(Socket sock) throws Exception { + XPathFactory xFactory = XPathFactory.newInstance(); + XPath path = xFactory.newXPath(); + path.evaluate("", new InputSource(sock.getInputStream())); // unsafe } } diff --git a/java/ql/test/query-tests/security/CWE-611/XXE.expected b/java/ql/test/query-tests/security/CWE-611/XXE.expected index 6304e3582a2..bfc1eca96c0 100644 --- a/java/ql/test/query-tests/security/CWE-611/XXE.expected +++ b/java/ql/test/query-tests/security/CWE-611/XXE.expected @@ -74,7 +74,8 @@ edges | XMLReaderTests.java:86:34:86:54 | getInputStream(...) : InputStream | XMLReaderTests.java:86:18:86:55 | new InputSource(...) | | XMLReaderTests.java:94:34:94:54 | getInputStream(...) : InputStream | XMLReaderTests.java:94:18:94:55 | new InputSource(...) | | XMLReaderTests.java:100:34:100:54 | getInputStream(...) : InputStream | XMLReaderTests.java:100:18:100:55 | new InputSource(...) | -| XPathExpressionTests.java:27:37:27:57 | getInputStream(...) : InputStream | XPathExpressionTests.java:27:21:27:58 | new InputSource(...) | +| XPathExpressionTests.java:27:35:27:55 | getInputStream(...) : InputStream | XPathExpressionTests.java:27:19:27:56 | new InputSource(...) | +| XPathExpressionTests.java:42:39:42:59 | getInputStream(...) : InputStream | XPathExpressionTests.java:42:23:42:60 | new InputSource(...) | nodes | DocumentBuilderTests.java:14:19:14:39 | getInputStream(...) | semmle.label | getInputStream(...) | | DocumentBuilderTests.java:28:19:28:39 | getInputStream(...) | semmle.label | getInputStream(...) | @@ -235,8 +236,10 @@ nodes | XMLReaderTests.java:94:34:94:54 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | | XMLReaderTests.java:100:18:100:55 | new InputSource(...) | semmle.label | new InputSource(...) | | XMLReaderTests.java:100:34:100:54 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | -| XPathExpressionTests.java:27:21:27:58 | new InputSource(...) | semmle.label | new InputSource(...) | -| XPathExpressionTests.java:27:37:27:57 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | +| XPathExpressionTests.java:27:19:27:56 | new InputSource(...) | semmle.label | new InputSource(...) | +| XPathExpressionTests.java:27:35:27:55 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | +| XPathExpressionTests.java:42:23:42:60 | new InputSource(...) | semmle.label | new InputSource(...) | +| XPathExpressionTests.java:42:39:42:59 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream | | XmlInputFactoryTests.java:9:35:9:55 | getInputStream(...) | semmle.label | getInputStream(...) | | XmlInputFactoryTests.java:10:34:10:54 | getInputStream(...) | semmle.label | getInputStream(...) | | XmlInputFactoryTests.java:24:35:24:55 | getInputStream(...) | semmle.label | getInputStream(...) | @@ -336,7 +339,8 @@ subpaths | XMLReaderTests.java:86:18:86:55 | new InputSource(...) | XMLReaderTests.java:86:34:86:54 | getInputStream(...) : InputStream | XMLReaderTests.java:86:18:86:55 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XMLReaderTests.java:86:34:86:54 | getInputStream(...) | user-provided value | | XMLReaderTests.java:94:18:94:55 | new InputSource(...) | XMLReaderTests.java:94:34:94:54 | getInputStream(...) : InputStream | XMLReaderTests.java:94:18:94:55 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XMLReaderTests.java:94:34:94:54 | getInputStream(...) | user-provided value | | XMLReaderTests.java:100:18:100:55 | new InputSource(...) | XMLReaderTests.java:100:34:100:54 | getInputStream(...) : InputStream | XMLReaderTests.java:100:18:100:55 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XMLReaderTests.java:100:34:100:54 | getInputStream(...) | user-provided value | -| XPathExpressionTests.java:27:21:27:58 | new InputSource(...) | XPathExpressionTests.java:27:37:27:57 | getInputStream(...) : InputStream | XPathExpressionTests.java:27:21:27:58 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XPathExpressionTests.java:27:37:27:57 | getInputStream(...) | user-provided value | +| XPathExpressionTests.java:27:19:27:56 | new InputSource(...) | XPathExpressionTests.java:27:35:27:55 | getInputStream(...) : InputStream | XPathExpressionTests.java:27:19:27:56 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XPathExpressionTests.java:27:35:27:55 | getInputStream(...) | user-provided value | +| XPathExpressionTests.java:42:23:42:60 | new InputSource(...) | XPathExpressionTests.java:42:39:42:59 | getInputStream(...) : InputStream | XPathExpressionTests.java:42:23:42:60 | new InputSource(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XPathExpressionTests.java:42:39:42:59 | getInputStream(...) | user-provided value | | XmlInputFactoryTests.java:9:35:9:55 | getInputStream(...) | XmlInputFactoryTests.java:9:35:9:55 | getInputStream(...) | XmlInputFactoryTests.java:9:35:9:55 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:9:35:9:55 | getInputStream(...) | user-provided value | | XmlInputFactoryTests.java:10:34:10:54 | getInputStream(...) | XmlInputFactoryTests.java:10:34:10:54 | getInputStream(...) | XmlInputFactoryTests.java:10:34:10:54 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:10:34:10:54 | getInputStream(...) | user-provided value | | XmlInputFactoryTests.java:24:35:24:55 | getInputStream(...) | XmlInputFactoryTests.java:24:35:24:55 | getInputStream(...) | XmlInputFactoryTests.java:24:35:24:55 | getInputStream(...) | XML parsing depends on a $@ without guarding against external entity expansion. | XmlInputFactoryTests.java:24:35:24:55 | getInputStream(...) | user-provided value | From cc72bfbbbb4e1738396350f8265cea0b0a4ba7c6 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 11 May 2023 13:52:54 +0100 Subject: [PATCH 373/870] Swift: Add the shared SensitiveDataHeuristics.qll to Swift. --- config/identical-files.json | 5 +- .../internal/SensitiveDataHeuristics.qll | 124 ++++++++++++++++++ 2 files changed, 127 insertions(+), 2 deletions(-) create mode 100644 swift/ql/lib/codeql/swift/security/internal/SensitiveDataHeuristics.qll diff --git a/config/identical-files.json b/config/identical-files.json index 3a9ef5173aa..4991f92d93c 100644 --- a/config/identical-files.json +++ b/config/identical-files.json @@ -512,7 +512,8 @@ "SensitiveDataHeuristics Python/JS": [ "javascript/ql/lib/semmle/javascript/security/internal/SensitiveDataHeuristics.qll", "python/ql/lib/semmle/python/security/internal/SensitiveDataHeuristics.qll", - "ruby/ql/lib/codeql/ruby/security/internal/SensitiveDataHeuristics.qll" + "ruby/ql/lib/codeql/ruby/security/internal/SensitiveDataHeuristics.qll", + "swift/ql/lib/codeql/swift/security/internal/SensitiveDataHeuristics.qll" ], "CFG": [ "csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll", @@ -599,4 +600,4 @@ "python/ql/lib/semmle/python/security/internal/EncryptionKeySizes.qll", "java/ql/lib/semmle/code/java/security/internal/EncryptionKeySizes.qll" ] -} \ No newline at end of file +} diff --git a/swift/ql/lib/codeql/swift/security/internal/SensitiveDataHeuristics.qll b/swift/ql/lib/codeql/swift/security/internal/SensitiveDataHeuristics.qll new file mode 100644 index 00000000000..7bc61ee2aee --- /dev/null +++ b/swift/ql/lib/codeql/swift/security/internal/SensitiveDataHeuristics.qll @@ -0,0 +1,124 @@ +/** + * INTERNAL: Do not use. + * + * Provides classes and predicates for identifying strings that may indicate the presence of sensitive data. + * Such that we can share this logic across our CodeQL analysis of different languages. + * + * 'Sensitive' data in general is anything that should not be sent around in unencrypted form. + */ + +/** + * A classification of different kinds of sensitive data: + * + * - secret: generic secret or trusted data; + * - id: a user name or other account information; + * - password: a password or authorization key; + * - certificate: a certificate. + * + * While classifications are represented as strings, this should not be relied upon. + * Instead, use the predicates in `SensitiveDataClassification::` to work with + * classifications. + */ +class SensitiveDataClassification extends string { + SensitiveDataClassification() { this in ["secret", "id", "password", "certificate"] } +} + +/** + * Provides predicates to select the different kinds of sensitive data we support. + */ +module SensitiveDataClassification { + /** Gets the classification for secret or trusted data. */ + SensitiveDataClassification secret() { result = "secret" } + + /** Gets the classification for user names or other account information. */ + SensitiveDataClassification id() { result = "id" } + + /** Gets the classification for passwords or authorization keys. */ + SensitiveDataClassification password() { result = "password" } + + /** Gets the classification for certificates. */ + SensitiveDataClassification certificate() { result = "certificate" } +} + +/** + * INTERNAL: Do not use. + * + * Provides heuristics for identifying names related to sensitive information. + */ +module HeuristicNames { + /** + * Gets a regular expression that identifies strings that may indicate the presence of secret + * or trusted data. + */ + string maybeSecret() { result = "(?is).*((? Date: Thu, 11 May 2023 16:50:58 +0100 Subject: [PATCH 374/870] Swift: Use SensitiveDataHeuristics.qll in regexpProbablySafe. --- .../codeql/swift/security/SensitiveExprs.qll | 3 ++- .../CWE-311/CleartextStorageDatabase.expected | 17 +++++++++++++---- .../Security/CWE-311/SensitiveExprs.expected | 5 +++-- .../CWE-312/CleartextLoggingTest.expected | 1 + .../CleartextStoragePreferences.expected | 8 -------- 5 files changed, 19 insertions(+), 15 deletions(-) diff --git a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll index 91f824aa5f2..8dd55d00259 100644 --- a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll +++ b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll @@ -5,6 +5,7 @@ */ import swift +import internal.SensitiveDataHeuristics private newtype TSensitiveDataType = TCredential() or @@ -69,7 +70,7 @@ class SensitivePrivateInfo extends SensitiveDataType, TPrivateInfo { * contain hashed or encrypted data, or are only a reference to data that is * actually stored elsewhere. */ -private string regexpProbablySafe() { result = ".*(hash|crypt|file|path|url|invalid).*" } +private string regexpProbablySafe() { result = HeuristicNames::notSensitiveRegexp() } /** * A `VarDecl` that might be used to contain sensitive data. diff --git a/swift/ql/test/query-tests/Security/CWE-311/CleartextStorageDatabase.expected b/swift/ql/test/query-tests/Security/CWE-311/CleartextStorageDatabase.expected index 320f4873d08..caad0df3190 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/CleartextStorageDatabase.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/CleartextStorageDatabase.expected @@ -110,11 +110,14 @@ edges | testCoreData.swift:18:19:18:26 | value | testCoreData.swift:19:12:19:12 | value | | testCoreData.swift:31:3:31:3 | newValue | testCoreData.swift:32:13:32:13 | newValue | | testCoreData.swift:61:25:61:25 | password | testCoreData.swift:18:19:18:26 | value | +| testCoreData.swift:62:25:62:25 | password_file | testCoreData.swift:18:19:18:26 | value | | testCoreData.swift:64:2:64:2 | [post] obj [myValue] | testCoreData.swift:64:2:64:2 | [post] obj | | testCoreData.swift:64:16:64:16 | password | testCoreData.swift:31:3:31:3 | newValue | | testCoreData.swift:64:16:64:16 | password | testCoreData.swift:64:2:64:2 | [post] obj [myValue] | +| testCoreData.swift:65:2:65:2 | [post] obj [myValue] | testCoreData.swift:65:2:65:2 | [post] obj | +| testCoreData.swift:65:16:65:16 | password_file | testCoreData.swift:31:3:31:3 | newValue | +| testCoreData.swift:65:16:65:16 | password_file | testCoreData.swift:65:2:65:2 | [post] obj [myValue] | | testCoreData.swift:77:24:77:24 | x | testCoreData.swift:78:15:78:15 | x | -| testCoreData.swift:80:10:80:22 | call to getPassword() | testCoreData.swift:81:15:81:15 | y | | testCoreData.swift:91:10:91:10 | passwd | testCoreData.swift:95:15:95:15 | x | | testCoreData.swift:92:10:92:10 | passwd | testCoreData.swift:96:15:96:15 | y | | testCoreData.swift:93:10:93:10 | passwd | testCoreData.swift:97:15:97:15 | z | @@ -311,14 +314,17 @@ nodes | testCoreData.swift:48:15:48:15 | password | semmle.label | password | | testCoreData.swift:51:24:51:24 | password | semmle.label | password | | testCoreData.swift:58:15:58:15 | password | semmle.label | password | +| testCoreData.swift:59:15:59:15 | password_file | semmle.label | password_file | | testCoreData.swift:61:25:61:25 | password | semmle.label | password | +| testCoreData.swift:62:25:62:25 | password_file | semmle.label | password_file | | testCoreData.swift:64:2:64:2 | [post] obj | semmle.label | [post] obj | | testCoreData.swift:64:2:64:2 | [post] obj [myValue] | semmle.label | [post] obj [myValue] | | testCoreData.swift:64:16:64:16 | password | semmle.label | password | +| testCoreData.swift:65:2:65:2 | [post] obj | semmle.label | [post] obj | +| testCoreData.swift:65:2:65:2 | [post] obj [myValue] | semmle.label | [post] obj [myValue] | +| testCoreData.swift:65:16:65:16 | password_file | semmle.label | password_file | | testCoreData.swift:77:24:77:24 | x | semmle.label | x | | testCoreData.swift:78:15:78:15 | x | semmle.label | x | -| testCoreData.swift:80:10:80:22 | call to getPassword() | semmle.label | call to getPassword() | -| testCoreData.swift:81:15:81:15 | y | semmle.label | y | | testCoreData.swift:85:15:85:17 | .password | semmle.label | .password | | testCoreData.swift:91:10:91:10 | passwd | semmle.label | passwd | | testCoreData.swift:92:10:92:10 | passwd | semmle.label | passwd | @@ -492,13 +498,16 @@ subpaths | testCoreData2.swift:104:2:104:2 | dbObj | testCoreData2.swift:101:10:101:10 | bankAccountNo | testCoreData2.swift:104:2:104:2 | [post] dbObj | This operation stores 'dbObj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:101:10:101:10 | bankAccountNo | bankAccountNo | | testCoreData2.swift:105:2:105:2 | dbObj | testCoreData2.swift:101:10:101:10 | bankAccountNo | testCoreData2.swift:105:2:105:2 | [post] dbObj | This operation stores 'dbObj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:101:10:101:10 | bankAccountNo | bankAccountNo | | testCoreData.swift:19:12:19:12 | value | testCoreData.swift:61:25:61:25 | password | testCoreData.swift:19:12:19:12 | value | This operation stores 'value' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:61:25:61:25 | password | password | +| testCoreData.swift:19:12:19:12 | value | testCoreData.swift:62:25:62:25 | password_file | testCoreData.swift:19:12:19:12 | value | This operation stores 'value' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:62:25:62:25 | password_file | password_file | | testCoreData.swift:32:13:32:13 | newValue | testCoreData.swift:64:16:64:16 | password | testCoreData.swift:32:13:32:13 | newValue | This operation stores 'newValue' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:64:16:64:16 | password | password | +| testCoreData.swift:32:13:32:13 | newValue | testCoreData.swift:65:16:65:16 | password_file | testCoreData.swift:32:13:32:13 | newValue | This operation stores 'newValue' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:65:16:65:16 | password_file | password_file | | testCoreData.swift:48:15:48:15 | password | testCoreData.swift:48:15:48:15 | password | testCoreData.swift:48:15:48:15 | password | This operation stores 'password' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:48:15:48:15 | password | password | | testCoreData.swift:51:24:51:24 | password | testCoreData.swift:51:24:51:24 | password | testCoreData.swift:51:24:51:24 | password | This operation stores 'password' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:51:24:51:24 | password | password | | testCoreData.swift:58:15:58:15 | password | testCoreData.swift:58:15:58:15 | password | testCoreData.swift:58:15:58:15 | password | This operation stores 'password' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:58:15:58:15 | password | password | +| testCoreData.swift:59:15:59:15 | password_file | testCoreData.swift:59:15:59:15 | password_file | testCoreData.swift:59:15:59:15 | password_file | This operation stores 'password_file' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:59:15:59:15 | password_file | password_file | | testCoreData.swift:64:2:64:2 | obj | testCoreData.swift:64:16:64:16 | password | testCoreData.swift:64:2:64:2 | [post] obj | This operation stores 'obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:64:16:64:16 | password | password | +| testCoreData.swift:65:2:65:2 | obj | testCoreData.swift:65:16:65:16 | password_file | testCoreData.swift:65:2:65:2 | [post] obj | This operation stores 'obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:65:16:65:16 | password_file | password_file | | testCoreData.swift:78:15:78:15 | x | testCoreData.swift:77:24:77:24 | x | testCoreData.swift:78:15:78:15 | x | This operation stores 'x' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:77:24:77:24 | x | x | -| testCoreData.swift:81:15:81:15 | y | testCoreData.swift:80:10:80:22 | call to getPassword() | testCoreData.swift:81:15:81:15 | y | This operation stores 'y' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:80:10:80:22 | call to getPassword() | call to getPassword() | | testCoreData.swift:85:15:85:17 | .password | testCoreData.swift:85:15:85:17 | .password | testCoreData.swift:85:15:85:17 | .password | This operation stores '.password' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:85:15:85:17 | .password | .password | | testCoreData.swift:95:15:95:15 | x | testCoreData.swift:91:10:91:10 | passwd | testCoreData.swift:95:15:95:15 | x | This operation stores 'x' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:91:10:91:10 | passwd | passwd | | testCoreData.swift:96:15:96:15 | y | testCoreData.swift:92:10:92:10 | passwd | testCoreData.swift:96:15:96:15 | y | This operation stores 'y' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:92:10:92:10 | passwd | passwd | diff --git a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected index 20e1757c132..0960d1983a1 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected @@ -51,11 +51,12 @@ | testCoreData.swift:48:15:48:15 | password | label:password, type:credential | | testCoreData.swift:51:24:51:24 | password | label:password, type:credential | | testCoreData.swift:58:15:58:15 | password | label:password, type:credential | +| testCoreData.swift:59:15:59:15 | password_file | label:password_file, type:credential | | testCoreData.swift:61:25:61:25 | password | label:password, type:credential | +| testCoreData.swift:62:25:62:25 | password_file | label:password_file, type:credential | | testCoreData.swift:64:16:64:16 | password | label:password, type:credential | -| testCoreData.swift:77:2:77:25 | call to doSomething(password:) | label:doSomething(password:), type:credential | +| testCoreData.swift:65:16:65:16 | password_file | label:password_file, type:credential | | testCoreData.swift:77:24:77:24 | x | label:password, type:credential | -| testCoreData.swift:80:10:80:22 | call to getPassword() | label:getPassword(), type:credential | | testCoreData.swift:85:15:85:17 | .password | label:password, type:credential | | testCoreData.swift:91:10:91:10 | passwd | label:passwd, type:credential | | testCoreData.swift:92:10:92:10 | passwd | label:passwd, type:credential | diff --git a/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.expected b/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.expected index e69de29bb2d..967f34d486e 100644 --- a/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.expected +++ b/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.expected @@ -0,0 +1 @@ +| cleartextLoggingTest.swift:153:11:154:1 | // $ hasCleartextLogging=152\n | Missing result:hasCleartextLogging=152 | diff --git a/swift/ql/test/query-tests/Security/CWE-312/CleartextStoragePreferences.expected b/swift/ql/test/query-tests/Security/CWE-312/CleartextStoragePreferences.expected index 823733bb3ab..72c382d2331 100644 --- a/swift/ql/test/query-tests/Security/CWE-312/CleartextStoragePreferences.expected +++ b/swift/ql/test/query-tests/Security/CWE-312/CleartextStoragePreferences.expected @@ -1,11 +1,9 @@ edges | testNSUbiquitousKeyValueStore.swift:41:24:41:24 | x | testNSUbiquitousKeyValueStore.swift:42:40:42:40 | x | -| testNSUbiquitousKeyValueStore.swift:44:10:44:22 | call to getPassword() | testNSUbiquitousKeyValueStore.swift:45:40:45:40 | y | | testNSUbiquitousKeyValueStore.swift:55:10:55:10 | passwd | testNSUbiquitousKeyValueStore.swift:59:40:59:40 | x | | testNSUbiquitousKeyValueStore.swift:56:10:56:10 | passwd | testNSUbiquitousKeyValueStore.swift:60:40:60:40 | y | | testNSUbiquitousKeyValueStore.swift:57:10:57:10 | passwd | testNSUbiquitousKeyValueStore.swift:61:40:61:40 | z | | testUserDefaults.swift:41:24:41:24 | x | testUserDefaults.swift:42:28:42:28 | x | -| testUserDefaults.swift:44:10:44:22 | call to getPassword() | testUserDefaults.swift:45:28:45:28 | y | | testUserDefaults.swift:55:10:55:10 | passwd | testUserDefaults.swift:59:28:59:28 | x | | testUserDefaults.swift:56:10:56:10 | passwd | testUserDefaults.swift:60:28:60:28 | y | | testUserDefaults.swift:57:10:57:10 | passwd | testUserDefaults.swift:61:28:61:28 | z | @@ -13,8 +11,6 @@ nodes | testNSUbiquitousKeyValueStore.swift:28:12:28:12 | password | semmle.label | password | | testNSUbiquitousKeyValueStore.swift:41:24:41:24 | x | semmle.label | x | | testNSUbiquitousKeyValueStore.swift:42:40:42:40 | x | semmle.label | x | -| testNSUbiquitousKeyValueStore.swift:44:10:44:22 | call to getPassword() | semmle.label | call to getPassword() | -| testNSUbiquitousKeyValueStore.swift:45:40:45:40 | y | semmle.label | y | | testNSUbiquitousKeyValueStore.swift:49:40:49:42 | .password | semmle.label | .password | | testNSUbiquitousKeyValueStore.swift:55:10:55:10 | passwd | semmle.label | passwd | | testNSUbiquitousKeyValueStore.swift:56:10:56:10 | passwd | semmle.label | passwd | @@ -25,8 +21,6 @@ nodes | testUserDefaults.swift:28:15:28:15 | password | semmle.label | password | | testUserDefaults.swift:41:24:41:24 | x | semmle.label | x | | testUserDefaults.swift:42:28:42:28 | x | semmle.label | x | -| testUserDefaults.swift:44:10:44:22 | call to getPassword() | semmle.label | call to getPassword() | -| testUserDefaults.swift:45:28:45:28 | y | semmle.label | y | | testUserDefaults.swift:49:28:49:30 | .password | semmle.label | .password | | testUserDefaults.swift:55:10:55:10 | passwd | semmle.label | passwd | | testUserDefaults.swift:56:10:56:10 | passwd | semmle.label | passwd | @@ -38,14 +32,12 @@ subpaths #select | testNSUbiquitousKeyValueStore.swift:28:12:28:12 | password | testNSUbiquitousKeyValueStore.swift:28:12:28:12 | password | testNSUbiquitousKeyValueStore.swift:28:12:28:12 | password | This operation stores 'password' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:28:12:28:12 | password | password | | testNSUbiquitousKeyValueStore.swift:42:40:42:40 | x | testNSUbiquitousKeyValueStore.swift:41:24:41:24 | x | testNSUbiquitousKeyValueStore.swift:42:40:42:40 | x | This operation stores 'x' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:41:24:41:24 | x | x | -| testNSUbiquitousKeyValueStore.swift:45:40:45:40 | y | testNSUbiquitousKeyValueStore.swift:44:10:44:22 | call to getPassword() | testNSUbiquitousKeyValueStore.swift:45:40:45:40 | y | This operation stores 'y' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:44:10:44:22 | call to getPassword() | call to getPassword() | | testNSUbiquitousKeyValueStore.swift:49:40:49:42 | .password | testNSUbiquitousKeyValueStore.swift:49:40:49:42 | .password | testNSUbiquitousKeyValueStore.swift:49:40:49:42 | .password | This operation stores '.password' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:49:40:49:42 | .password | .password | | testNSUbiquitousKeyValueStore.swift:59:40:59:40 | x | testNSUbiquitousKeyValueStore.swift:55:10:55:10 | passwd | testNSUbiquitousKeyValueStore.swift:59:40:59:40 | x | This operation stores 'x' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:55:10:55:10 | passwd | passwd | | testNSUbiquitousKeyValueStore.swift:60:40:60:40 | y | testNSUbiquitousKeyValueStore.swift:56:10:56:10 | passwd | testNSUbiquitousKeyValueStore.swift:60:40:60:40 | y | This operation stores 'y' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:56:10:56:10 | passwd | passwd | | testNSUbiquitousKeyValueStore.swift:61:40:61:40 | z | testNSUbiquitousKeyValueStore.swift:57:10:57:10 | passwd | testNSUbiquitousKeyValueStore.swift:61:40:61:40 | z | This operation stores 'z' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:57:10:57:10 | passwd | passwd | | testUserDefaults.swift:28:15:28:15 | password | testUserDefaults.swift:28:15:28:15 | password | testUserDefaults.swift:28:15:28:15 | password | This operation stores 'password' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:28:15:28:15 | password | password | | testUserDefaults.swift:42:28:42:28 | x | testUserDefaults.swift:41:24:41:24 | x | testUserDefaults.swift:42:28:42:28 | x | This operation stores 'x' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:41:24:41:24 | x | x | -| testUserDefaults.swift:45:28:45:28 | y | testUserDefaults.swift:44:10:44:22 | call to getPassword() | testUserDefaults.swift:45:28:45:28 | y | This operation stores 'y' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:44:10:44:22 | call to getPassword() | call to getPassword() | | testUserDefaults.swift:49:28:49:30 | .password | testUserDefaults.swift:49:28:49:30 | .password | testUserDefaults.swift:49:28:49:30 | .password | This operation stores '.password' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:49:28:49:30 | .password | .password | | testUserDefaults.swift:59:28:59:28 | x | testUserDefaults.swift:55:10:55:10 | passwd | testUserDefaults.swift:59:28:59:28 | x | This operation stores 'x' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:55:10:55:10 | passwd | passwd | | testUserDefaults.swift:60:28:60:28 | y | testUserDefaults.swift:56:10:56:10 | passwd | testUserDefaults.swift:60:28:60:28 | y | This operation stores 'y' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:56:10:56:10 | passwd | passwd | From e2080c5d007a7e285c6d3de6191cdec8178fb4c5 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 11 May 2023 17:52:47 +0100 Subject: [PATCH 375/870] Swift: SensitiveDataHeuristics.qll expects function names without an (argument:list:). --- swift/ql/lib/codeql/swift/security/SensitiveExprs.qll | 8 ++++++-- .../Security/CWE-311/CleartextStorageDatabase.expected | 4 ++++ .../query-tests/Security/CWE-311/SensitiveExprs.expected | 1 + .../Security/CWE-312/CleartextLoggingTest.expected | 1 - .../Security/CWE-312/CleartextStoragePreferences.expected | 8 ++++++++ 5 files changed, 19 insertions(+), 3 deletions(-) diff --git a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll index 8dd55d00259..ffb3796b9cf 100644 --- a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll +++ b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll @@ -91,11 +91,15 @@ private class SensitiveVarDecl extends VarDecl { */ private class SensitiveFunction extends Function { SensitiveDataType sensitiveType; + string name; // name of the function, not including the argument list. - SensitiveFunction() { this.getName().toLowerCase().regexpMatch(sensitiveType.getRegexp()) } + SensitiveFunction() { + name = this.getName().splitAt("(", 0) and + name.toLowerCase().regexpMatch(sensitiveType.getRegexp()) + } predicate hasInfo(string label, SensitiveDataType type) { - label = this.getName() and + label = name and sensitiveType = type } } diff --git a/swift/ql/test/query-tests/Security/CWE-311/CleartextStorageDatabase.expected b/swift/ql/test/query-tests/Security/CWE-311/CleartextStorageDatabase.expected index caad0df3190..9f0a34d5bb1 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/CleartextStorageDatabase.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/CleartextStorageDatabase.expected @@ -118,6 +118,7 @@ edges | testCoreData.swift:65:16:65:16 | password_file | testCoreData.swift:31:3:31:3 | newValue | | testCoreData.swift:65:16:65:16 | password_file | testCoreData.swift:65:2:65:2 | [post] obj [myValue] | | testCoreData.swift:77:24:77:24 | x | testCoreData.swift:78:15:78:15 | x | +| testCoreData.swift:80:10:80:22 | call to getPassword() | testCoreData.swift:81:15:81:15 | y | | testCoreData.swift:91:10:91:10 | passwd | testCoreData.swift:95:15:95:15 | x | | testCoreData.swift:92:10:92:10 | passwd | testCoreData.swift:96:15:96:15 | y | | testCoreData.swift:93:10:93:10 | passwd | testCoreData.swift:97:15:97:15 | z | @@ -325,6 +326,8 @@ nodes | testCoreData.swift:65:16:65:16 | password_file | semmle.label | password_file | | testCoreData.swift:77:24:77:24 | x | semmle.label | x | | testCoreData.swift:78:15:78:15 | x | semmle.label | x | +| testCoreData.swift:80:10:80:22 | call to getPassword() | semmle.label | call to getPassword() | +| testCoreData.swift:81:15:81:15 | y | semmle.label | y | | testCoreData.swift:85:15:85:17 | .password | semmle.label | .password | | testCoreData.swift:91:10:91:10 | passwd | semmle.label | passwd | | testCoreData.swift:92:10:92:10 | passwd | semmle.label | passwd | @@ -508,6 +511,7 @@ subpaths | testCoreData.swift:64:2:64:2 | obj | testCoreData.swift:64:16:64:16 | password | testCoreData.swift:64:2:64:2 | [post] obj | This operation stores 'obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:64:16:64:16 | password | password | | testCoreData.swift:65:2:65:2 | obj | testCoreData.swift:65:16:65:16 | password_file | testCoreData.swift:65:2:65:2 | [post] obj | This operation stores 'obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:65:16:65:16 | password_file | password_file | | testCoreData.swift:78:15:78:15 | x | testCoreData.swift:77:24:77:24 | x | testCoreData.swift:78:15:78:15 | x | This operation stores 'x' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:77:24:77:24 | x | x | +| testCoreData.swift:81:15:81:15 | y | testCoreData.swift:80:10:80:22 | call to getPassword() | testCoreData.swift:81:15:81:15 | y | This operation stores 'y' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:80:10:80:22 | call to getPassword() | call to getPassword() | | testCoreData.swift:85:15:85:17 | .password | testCoreData.swift:85:15:85:17 | .password | testCoreData.swift:85:15:85:17 | .password | This operation stores '.password' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:85:15:85:17 | .password | .password | | testCoreData.swift:95:15:95:15 | x | testCoreData.swift:91:10:91:10 | passwd | testCoreData.swift:95:15:95:15 | x | This operation stores 'x' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:91:10:91:10 | passwd | passwd | | testCoreData.swift:96:15:96:15 | y | testCoreData.swift:92:10:92:10 | passwd | testCoreData.swift:96:15:96:15 | y | This operation stores 'y' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:92:10:92:10 | passwd | passwd | diff --git a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected index 0960d1983a1..59bf4abeec3 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected @@ -57,6 +57,7 @@ | testCoreData.swift:64:16:64:16 | password | label:password, type:credential | | testCoreData.swift:65:16:65:16 | password_file | label:password_file, type:credential | | testCoreData.swift:77:24:77:24 | x | label:password, type:credential | +| testCoreData.swift:80:10:80:22 | call to getPassword() | label:getPassword, type:credential | | testCoreData.swift:85:15:85:17 | .password | label:password, type:credential | | testCoreData.swift:91:10:91:10 | passwd | label:passwd, type:credential | | testCoreData.swift:92:10:92:10 | passwd | label:passwd, type:credential | diff --git a/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.expected b/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.expected index 967f34d486e..e69de29bb2d 100644 --- a/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.expected +++ b/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.expected @@ -1 +0,0 @@ -| cleartextLoggingTest.swift:153:11:154:1 | // $ hasCleartextLogging=152\n | Missing result:hasCleartextLogging=152 | diff --git a/swift/ql/test/query-tests/Security/CWE-312/CleartextStoragePreferences.expected b/swift/ql/test/query-tests/Security/CWE-312/CleartextStoragePreferences.expected index 72c382d2331..823733bb3ab 100644 --- a/swift/ql/test/query-tests/Security/CWE-312/CleartextStoragePreferences.expected +++ b/swift/ql/test/query-tests/Security/CWE-312/CleartextStoragePreferences.expected @@ -1,9 +1,11 @@ edges | testNSUbiquitousKeyValueStore.swift:41:24:41:24 | x | testNSUbiquitousKeyValueStore.swift:42:40:42:40 | x | +| testNSUbiquitousKeyValueStore.swift:44:10:44:22 | call to getPassword() | testNSUbiquitousKeyValueStore.swift:45:40:45:40 | y | | testNSUbiquitousKeyValueStore.swift:55:10:55:10 | passwd | testNSUbiquitousKeyValueStore.swift:59:40:59:40 | x | | testNSUbiquitousKeyValueStore.swift:56:10:56:10 | passwd | testNSUbiquitousKeyValueStore.swift:60:40:60:40 | y | | testNSUbiquitousKeyValueStore.swift:57:10:57:10 | passwd | testNSUbiquitousKeyValueStore.swift:61:40:61:40 | z | | testUserDefaults.swift:41:24:41:24 | x | testUserDefaults.swift:42:28:42:28 | x | +| testUserDefaults.swift:44:10:44:22 | call to getPassword() | testUserDefaults.swift:45:28:45:28 | y | | testUserDefaults.swift:55:10:55:10 | passwd | testUserDefaults.swift:59:28:59:28 | x | | testUserDefaults.swift:56:10:56:10 | passwd | testUserDefaults.swift:60:28:60:28 | y | | testUserDefaults.swift:57:10:57:10 | passwd | testUserDefaults.swift:61:28:61:28 | z | @@ -11,6 +13,8 @@ nodes | testNSUbiquitousKeyValueStore.swift:28:12:28:12 | password | semmle.label | password | | testNSUbiquitousKeyValueStore.swift:41:24:41:24 | x | semmle.label | x | | testNSUbiquitousKeyValueStore.swift:42:40:42:40 | x | semmle.label | x | +| testNSUbiquitousKeyValueStore.swift:44:10:44:22 | call to getPassword() | semmle.label | call to getPassword() | +| testNSUbiquitousKeyValueStore.swift:45:40:45:40 | y | semmle.label | y | | testNSUbiquitousKeyValueStore.swift:49:40:49:42 | .password | semmle.label | .password | | testNSUbiquitousKeyValueStore.swift:55:10:55:10 | passwd | semmle.label | passwd | | testNSUbiquitousKeyValueStore.swift:56:10:56:10 | passwd | semmle.label | passwd | @@ -21,6 +25,8 @@ nodes | testUserDefaults.swift:28:15:28:15 | password | semmle.label | password | | testUserDefaults.swift:41:24:41:24 | x | semmle.label | x | | testUserDefaults.swift:42:28:42:28 | x | semmle.label | x | +| testUserDefaults.swift:44:10:44:22 | call to getPassword() | semmle.label | call to getPassword() | +| testUserDefaults.swift:45:28:45:28 | y | semmle.label | y | | testUserDefaults.swift:49:28:49:30 | .password | semmle.label | .password | | testUserDefaults.swift:55:10:55:10 | passwd | semmle.label | passwd | | testUserDefaults.swift:56:10:56:10 | passwd | semmle.label | passwd | @@ -32,12 +38,14 @@ subpaths #select | testNSUbiquitousKeyValueStore.swift:28:12:28:12 | password | testNSUbiquitousKeyValueStore.swift:28:12:28:12 | password | testNSUbiquitousKeyValueStore.swift:28:12:28:12 | password | This operation stores 'password' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:28:12:28:12 | password | password | | testNSUbiquitousKeyValueStore.swift:42:40:42:40 | x | testNSUbiquitousKeyValueStore.swift:41:24:41:24 | x | testNSUbiquitousKeyValueStore.swift:42:40:42:40 | x | This operation stores 'x' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:41:24:41:24 | x | x | +| testNSUbiquitousKeyValueStore.swift:45:40:45:40 | y | testNSUbiquitousKeyValueStore.swift:44:10:44:22 | call to getPassword() | testNSUbiquitousKeyValueStore.swift:45:40:45:40 | y | This operation stores 'y' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:44:10:44:22 | call to getPassword() | call to getPassword() | | testNSUbiquitousKeyValueStore.swift:49:40:49:42 | .password | testNSUbiquitousKeyValueStore.swift:49:40:49:42 | .password | testNSUbiquitousKeyValueStore.swift:49:40:49:42 | .password | This operation stores '.password' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:49:40:49:42 | .password | .password | | testNSUbiquitousKeyValueStore.swift:59:40:59:40 | x | testNSUbiquitousKeyValueStore.swift:55:10:55:10 | passwd | testNSUbiquitousKeyValueStore.swift:59:40:59:40 | x | This operation stores 'x' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:55:10:55:10 | passwd | passwd | | testNSUbiquitousKeyValueStore.swift:60:40:60:40 | y | testNSUbiquitousKeyValueStore.swift:56:10:56:10 | passwd | testNSUbiquitousKeyValueStore.swift:60:40:60:40 | y | This operation stores 'y' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:56:10:56:10 | passwd | passwd | | testNSUbiquitousKeyValueStore.swift:61:40:61:40 | z | testNSUbiquitousKeyValueStore.swift:57:10:57:10 | passwd | testNSUbiquitousKeyValueStore.swift:61:40:61:40 | z | This operation stores 'z' in iCloud. It may contain unencrypted sensitive data from $@. | testNSUbiquitousKeyValueStore.swift:57:10:57:10 | passwd | passwd | | testUserDefaults.swift:28:15:28:15 | password | testUserDefaults.swift:28:15:28:15 | password | testUserDefaults.swift:28:15:28:15 | password | This operation stores 'password' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:28:15:28:15 | password | password | | testUserDefaults.swift:42:28:42:28 | x | testUserDefaults.swift:41:24:41:24 | x | testUserDefaults.swift:42:28:42:28 | x | This operation stores 'x' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:41:24:41:24 | x | x | +| testUserDefaults.swift:45:28:45:28 | y | testUserDefaults.swift:44:10:44:22 | call to getPassword() | testUserDefaults.swift:45:28:45:28 | y | This operation stores 'y' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:44:10:44:22 | call to getPassword() | call to getPassword() | | testUserDefaults.swift:49:28:49:30 | .password | testUserDefaults.swift:49:28:49:30 | .password | testUserDefaults.swift:49:28:49:30 | .password | This operation stores '.password' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:49:28:49:30 | .password | .password | | testUserDefaults.swift:59:28:59:28 | x | testUserDefaults.swift:55:10:55:10 | passwd | testUserDefaults.swift:59:28:59:28 | x | This operation stores 'x' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:55:10:55:10 | passwd | passwd | | testUserDefaults.swift:60:28:60:28 | y | testUserDefaults.swift:56:10:56:10 | passwd | testUserDefaults.swift:60:28:60:28 | y | This operation stores 'y' in the user defaults database. It may contain unencrypted sensitive data from $@. | testUserDefaults.swift:56:10:56:10 | passwd | passwd | From a91c45049e9b8a68b57c37cd6d83b9b337a66eca Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 12 May 2023 12:02:22 +0100 Subject: [PATCH 376/870] Swift: Add some special cases to preserve (for now) result quality. --- .../ql/lib/codeql/swift/security/SensitiveExprs.qll | 5 ++++- .../CWE-311/CleartextStorageDatabase.expected | 13 ------------- .../Security/CWE-311/SensitiveExprs.expected | 3 --- 3 files changed, 4 insertions(+), 17 deletions(-) diff --git a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll index ffb3796b9cf..d644da9e776 100644 --- a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll +++ b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll @@ -70,7 +70,10 @@ class SensitivePrivateInfo extends SensitiveDataType, TPrivateInfo { * contain hashed or encrypted data, or are only a reference to data that is * actually stored elsewhere. */ -private string regexpProbablySafe() { result = HeuristicNames::notSensitiveRegexp() } +private string regexpProbablySafe() { + result = HeuristicNames::notSensitiveRegexp() or + result = "(?is).*(file|path|url|invalid).*" +} /** * A `VarDecl` that might be used to contain sensitive data. diff --git a/swift/ql/test/query-tests/Security/CWE-311/CleartextStorageDatabase.expected b/swift/ql/test/query-tests/Security/CWE-311/CleartextStorageDatabase.expected index 9f0a34d5bb1..320f4873d08 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/CleartextStorageDatabase.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/CleartextStorageDatabase.expected @@ -110,13 +110,9 @@ edges | testCoreData.swift:18:19:18:26 | value | testCoreData.swift:19:12:19:12 | value | | testCoreData.swift:31:3:31:3 | newValue | testCoreData.swift:32:13:32:13 | newValue | | testCoreData.swift:61:25:61:25 | password | testCoreData.swift:18:19:18:26 | value | -| testCoreData.swift:62:25:62:25 | password_file | testCoreData.swift:18:19:18:26 | value | | testCoreData.swift:64:2:64:2 | [post] obj [myValue] | testCoreData.swift:64:2:64:2 | [post] obj | | testCoreData.swift:64:16:64:16 | password | testCoreData.swift:31:3:31:3 | newValue | | testCoreData.swift:64:16:64:16 | password | testCoreData.swift:64:2:64:2 | [post] obj [myValue] | -| testCoreData.swift:65:2:65:2 | [post] obj [myValue] | testCoreData.swift:65:2:65:2 | [post] obj | -| testCoreData.swift:65:16:65:16 | password_file | testCoreData.swift:31:3:31:3 | newValue | -| testCoreData.swift:65:16:65:16 | password_file | testCoreData.swift:65:2:65:2 | [post] obj [myValue] | | testCoreData.swift:77:24:77:24 | x | testCoreData.swift:78:15:78:15 | x | | testCoreData.swift:80:10:80:22 | call to getPassword() | testCoreData.swift:81:15:81:15 | y | | testCoreData.swift:91:10:91:10 | passwd | testCoreData.swift:95:15:95:15 | x | @@ -315,15 +311,10 @@ nodes | testCoreData.swift:48:15:48:15 | password | semmle.label | password | | testCoreData.swift:51:24:51:24 | password | semmle.label | password | | testCoreData.swift:58:15:58:15 | password | semmle.label | password | -| testCoreData.swift:59:15:59:15 | password_file | semmle.label | password_file | | testCoreData.swift:61:25:61:25 | password | semmle.label | password | -| testCoreData.swift:62:25:62:25 | password_file | semmle.label | password_file | | testCoreData.swift:64:2:64:2 | [post] obj | semmle.label | [post] obj | | testCoreData.swift:64:2:64:2 | [post] obj [myValue] | semmle.label | [post] obj [myValue] | | testCoreData.swift:64:16:64:16 | password | semmle.label | password | -| testCoreData.swift:65:2:65:2 | [post] obj | semmle.label | [post] obj | -| testCoreData.swift:65:2:65:2 | [post] obj [myValue] | semmle.label | [post] obj [myValue] | -| testCoreData.swift:65:16:65:16 | password_file | semmle.label | password_file | | testCoreData.swift:77:24:77:24 | x | semmle.label | x | | testCoreData.swift:78:15:78:15 | x | semmle.label | x | | testCoreData.swift:80:10:80:22 | call to getPassword() | semmle.label | call to getPassword() | @@ -501,15 +492,11 @@ subpaths | testCoreData2.swift:104:2:104:2 | dbObj | testCoreData2.swift:101:10:101:10 | bankAccountNo | testCoreData2.swift:104:2:104:2 | [post] dbObj | This operation stores 'dbObj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:101:10:101:10 | bankAccountNo | bankAccountNo | | testCoreData2.swift:105:2:105:2 | dbObj | testCoreData2.swift:101:10:101:10 | bankAccountNo | testCoreData2.swift:105:2:105:2 | [post] dbObj | This operation stores 'dbObj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData2.swift:101:10:101:10 | bankAccountNo | bankAccountNo | | testCoreData.swift:19:12:19:12 | value | testCoreData.swift:61:25:61:25 | password | testCoreData.swift:19:12:19:12 | value | This operation stores 'value' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:61:25:61:25 | password | password | -| testCoreData.swift:19:12:19:12 | value | testCoreData.swift:62:25:62:25 | password_file | testCoreData.swift:19:12:19:12 | value | This operation stores 'value' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:62:25:62:25 | password_file | password_file | | testCoreData.swift:32:13:32:13 | newValue | testCoreData.swift:64:16:64:16 | password | testCoreData.swift:32:13:32:13 | newValue | This operation stores 'newValue' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:64:16:64:16 | password | password | -| testCoreData.swift:32:13:32:13 | newValue | testCoreData.swift:65:16:65:16 | password_file | testCoreData.swift:32:13:32:13 | newValue | This operation stores 'newValue' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:65:16:65:16 | password_file | password_file | | testCoreData.swift:48:15:48:15 | password | testCoreData.swift:48:15:48:15 | password | testCoreData.swift:48:15:48:15 | password | This operation stores 'password' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:48:15:48:15 | password | password | | testCoreData.swift:51:24:51:24 | password | testCoreData.swift:51:24:51:24 | password | testCoreData.swift:51:24:51:24 | password | This operation stores 'password' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:51:24:51:24 | password | password | | testCoreData.swift:58:15:58:15 | password | testCoreData.swift:58:15:58:15 | password | testCoreData.swift:58:15:58:15 | password | This operation stores 'password' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:58:15:58:15 | password | password | -| testCoreData.swift:59:15:59:15 | password_file | testCoreData.swift:59:15:59:15 | password_file | testCoreData.swift:59:15:59:15 | password_file | This operation stores 'password_file' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:59:15:59:15 | password_file | password_file | | testCoreData.swift:64:2:64:2 | obj | testCoreData.swift:64:16:64:16 | password | testCoreData.swift:64:2:64:2 | [post] obj | This operation stores 'obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:64:16:64:16 | password | password | -| testCoreData.swift:65:2:65:2 | obj | testCoreData.swift:65:16:65:16 | password_file | testCoreData.swift:65:2:65:2 | [post] obj | This operation stores 'obj' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:65:16:65:16 | password_file | password_file | | testCoreData.swift:78:15:78:15 | x | testCoreData.swift:77:24:77:24 | x | testCoreData.swift:78:15:78:15 | x | This operation stores 'x' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:77:24:77:24 | x | x | | testCoreData.swift:81:15:81:15 | y | testCoreData.swift:80:10:80:22 | call to getPassword() | testCoreData.swift:81:15:81:15 | y | This operation stores 'y' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:80:10:80:22 | call to getPassword() | call to getPassword() | | testCoreData.swift:85:15:85:17 | .password | testCoreData.swift:85:15:85:17 | .password | testCoreData.swift:85:15:85:17 | .password | This operation stores '.password' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:85:15:85:17 | .password | .password | diff --git a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected index 59bf4abeec3..89b8d36ccdf 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected @@ -51,11 +51,8 @@ | testCoreData.swift:48:15:48:15 | password | label:password, type:credential | | testCoreData.swift:51:24:51:24 | password | label:password, type:credential | | testCoreData.swift:58:15:58:15 | password | label:password, type:credential | -| testCoreData.swift:59:15:59:15 | password_file | label:password_file, type:credential | | testCoreData.swift:61:25:61:25 | password | label:password, type:credential | -| testCoreData.swift:62:25:62:25 | password_file | label:password_file, type:credential | | testCoreData.swift:64:16:64:16 | password | label:password, type:credential | -| testCoreData.swift:65:16:65:16 | password_file | label:password_file, type:credential | | testCoreData.swift:77:24:77:24 | x | label:password, type:credential | | testCoreData.swift:80:10:80:22 | call to getPassword() | label:getPassword, type:credential | | testCoreData.swift:85:15:85:17 | .password | label:password, type:credential | From 245e8fbc920155d0c3c45349b647eb0f578fbba4 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 11 May 2023 22:22:01 +0100 Subject: [PATCH 377/870] Swift: Use SensitiveDataHeuristics.qll in SensitiveCredential. --- .../codeql/swift/security/SensitiveExprs.qll | 4 +- .../CWE-311/CleartextTransmission.expected | 6 +- .../Security/CWE-311/SensitiveExprs.expected | 86 ++++++++++--------- .../CWE-328/WeakSensitiveDataHashing.expected | 24 ++++++ 4 files changed, 74 insertions(+), 46 deletions(-) diff --git a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll index d644da9e776..093caaaa0cf 100644 --- a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll +++ b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll @@ -29,9 +29,7 @@ abstract class SensitiveDataType extends TSensitiveDataType { class SensitiveCredential extends SensitiveDataType, TCredential { override string toString() { result = "credential" } - override string getRegexp() { - result = ".*(password|passwd|accountid|account.?key|accnt.?key|license.?key|trusted).*" - } + override string getRegexp() { result = HeuristicNames::maybeSensitiveRegexp(_) } } /** diff --git a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected index 94272faf6d0..816ef16e076 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected @@ -13,6 +13,7 @@ edges | testSend.swift:54:17:54:17 | password | testSend.swift:41:10:41:18 | data | | testSend.swift:54:17:54:17 | password | testSend.swift:54:13:54:25 | call to pad(_:) | | testURL.swift:13:54:13:54 | passwd | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | +| testURL.swift:15:55:15:55 | account_no | testURL.swift:15:22:15:55 | ... .+(_:_:) ... | | testURL.swift:16:55:16:55 | credit_card_no | testURL.swift:16:22:16:55 | ... .+(_:_:) ... | nodes | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) | semmle.label | [summary] to write: return (return) in Data.init(_:) | @@ -36,10 +37,11 @@ nodes | testSend.swift:59:27:59:27 | str1 | semmle.label | str1 | | testSend.swift:60:27:60:27 | str2 | semmle.label | str2 | | testSend.swift:61:27:61:27 | str3 | semmle.label | str3 | -| testSend.swift:65:27:65:27 | license_key | semmle.label | license_key | | testSend.swift:66:27:66:30 | .mobileNumber | semmle.label | .mobileNumber | | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | | testURL.swift:13:54:13:54 | passwd | semmle.label | passwd | +| testURL.swift:15:22:15:55 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | +| testURL.swift:15:55:15:55 | account_no | semmle.label | account_no | | testURL.swift:16:22:16:55 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | | testURL.swift:16:55:16:55 | credit_card_no | semmle.label | credit_card_no | | testURL.swift:20:22:20:22 | passwd | semmle.label | passwd | @@ -55,8 +57,8 @@ subpaths | testSend.swift:59:27:59:27 | str1 | testSend.swift:52:13:52:13 | password | testSend.swift:59:27:59:27 | str1 | This operation transmits 'str1', which may contain unencrypted sensitive data from $@. | testSend.swift:52:13:52:13 | password | password | | testSend.swift:60:27:60:27 | str2 | testSend.swift:53:13:53:13 | password | testSend.swift:60:27:60:27 | str2 | This operation transmits 'str2', which may contain unencrypted sensitive data from $@. | testSend.swift:53:13:53:13 | password | password | | testSend.swift:61:27:61:27 | str3 | testSend.swift:54:17:54:17 | password | testSend.swift:61:27:61:27 | str3 | This operation transmits 'str3', which may contain unencrypted sensitive data from $@. | testSend.swift:54:17:54:17 | password | password | -| testSend.swift:65:27:65:27 | license_key | testSend.swift:65:27:65:27 | license_key | testSend.swift:65:27:65:27 | license_key | This operation transmits 'license_key', which may contain unencrypted sensitive data from $@. | testSend.swift:65:27:65:27 | license_key | license_key | | testSend.swift:66:27:66:30 | .mobileNumber | testSend.swift:66:27:66:30 | .mobileNumber | testSend.swift:66:27:66:30 | .mobileNumber | This operation transmits '.mobileNumber', which may contain unencrypted sensitive data from $@. | testSend.swift:66:27:66:30 | .mobileNumber | .mobileNumber | | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | testURL.swift:13:54:13:54 | passwd | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:13:54:13:54 | passwd | passwd | +| testURL.swift:15:22:15:55 | ... .+(_:_:) ... | testURL.swift:15:55:15:55 | account_no | testURL.swift:15:22:15:55 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:15:55:15:55 | account_no | account_no | | testURL.swift:16:22:16:55 | ... .+(_:_:) ... | testURL.swift:16:55:16:55 | credit_card_no | testURL.swift:16:22:16:55 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:16:55:16:55 | credit_card_no | credit_card_no | | testURL.swift:20:22:20:22 | passwd | testURL.swift:20:22:20:22 | passwd | testURL.swift:20:22:20:22 | passwd | This operation transmits 'passwd', which may contain unencrypted sensitive data from $@. | testURL.swift:20:22:20:22 | passwd | passwd | diff --git a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected index 89b8d36ccdf..1c22f1e0bb9 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected @@ -4,50 +4,54 @@ | testAlamofire.swift:159:26:159:26 | email | label:email, type:private information | | testAlamofire.swift:171:35:171:35 | email | label:email, type:private information | | testAlamofire.swift:177:35:177:35 | email | label:email, type:private information | +| testAlamofire.swift:187:48:187:48 | username | label:username, type:credential | | testAlamofire.swift:187:65:187:65 | password | label:password, type:credential | +| testAlamofire.swift:195:47:195:47 | username | label:username, type:credential | | testAlamofire.swift:195:64:195:64 | password | label:password, type:credential | +| testAlamofire.swift:205:45:205:45 | username | label:username, type:credential | | testAlamofire.swift:205:62:205:62 | password | label:password, type:credential | +| testAlamofire.swift:213:48:213:48 | username | label:username, type:credential | | testAlamofire.swift:213:65:213:65 | password | label:password, type:credential | -| testCoreData2.swift:37:16:37:16 | bankAccountNo | label:bankAccountNo, type:private information | -| testCoreData2.swift:38:2:38:6 | .myBankAccountNumber | label:myBankAccountNumber, type:private information | -| testCoreData2.swift:39:2:39:6 | .myBankAccountNumber | label:myBankAccountNumber, type:private information | -| testCoreData2.swift:39:28:39:28 | bankAccountNo | label:bankAccountNo, type:private information | -| testCoreData2.swift:40:2:40:6 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:private information | -| testCoreData2.swift:41:2:41:6 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:private information | -| testCoreData2.swift:41:29:41:29 | bankAccountNo | label:bankAccountNo, type:private information | -| testCoreData2.swift:42:2:42:6 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:private information | -| testCoreData2.swift:43:2:43:6 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:private information | -| testCoreData2.swift:43:35:43:35 | bankAccountNo | label:bankAccountNo, type:private information | -| testCoreData2.swift:46:22:46:22 | bankAccountNo | label:bankAccountNo, type:private information | -| testCoreData2.swift:47:2:47:12 | .myBankAccountNumber | label:myBankAccountNumber, type:private information | -| testCoreData2.swift:48:2:48:12 | .myBankAccountNumber | label:myBankAccountNumber, type:private information | -| testCoreData2.swift:48:34:48:34 | bankAccountNo | label:bankAccountNo, type:private information | -| testCoreData2.swift:49:2:49:12 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:private information | -| testCoreData2.swift:50:2:50:12 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:private information | -| testCoreData2.swift:50:35:50:35 | bankAccountNo | label:bankAccountNo, type:private information | -| testCoreData2.swift:51:2:51:12 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:private information | -| testCoreData2.swift:52:2:52:12 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:private information | -| testCoreData2.swift:52:41:52:41 | bankAccountNo | label:bankAccountNo, type:private information | -| testCoreData2.swift:57:3:57:7 | .myBankAccountNumber | label:myBankAccountNumber, type:private information | -| testCoreData2.swift:57:29:57:29 | bankAccountNo | label:bankAccountNo, type:private information | -| testCoreData2.swift:60:4:60:8 | .myBankAccountNumber | label:myBankAccountNumber, type:private information | -| testCoreData2.swift:60:30:60:30 | bankAccountNo | label:bankAccountNo, type:private information | -| testCoreData2.swift:62:4:62:8 | .myBankAccountNumber | label:myBankAccountNumber, type:private information | -| testCoreData2.swift:62:30:62:30 | bankAccountNo | label:bankAccountNo, type:private information | -| testCoreData2.swift:65:3:65:7 | .myBankAccountNumber | label:myBankAccountNumber, type:private information | -| testCoreData2.swift:65:29:65:29 | bankAccountNo | label:bankAccountNo, type:private information | -| testCoreData2.swift:79:18:79:28 | .bankAccountNo | label:bankAccountNo, type:private information | -| testCoreData2.swift:80:18:80:28 | .bankAccountNo2 | label:bankAccountNo2, type:private information | -| testCoreData2.swift:82:18:82:18 | bankAccountNo | label:bankAccountNo, type:private information | -| testCoreData2.swift:83:18:83:18 | bankAccountNo | label:bankAccountNo, type:private information | -| testCoreData2.swift:84:18:84:18 | bankAccountNo2 | label:bankAccountNo2, type:private information | -| testCoreData2.swift:85:18:85:18 | bankAccountNo2 | label:bankAccountNo2, type:private information | -| testCoreData2.swift:87:22:87:32 | .bankAccountNo | label:bankAccountNo, type:private information | -| testCoreData2.swift:88:22:88:22 | bankAccountNo | label:bankAccountNo, type:private information | -| testCoreData2.swift:89:22:89:22 | bankAccountNo2 | label:bankAccountNo2, type:private information | -| testCoreData2.swift:91:10:91:10 | bankAccountNo | label:bankAccountNo, type:private information | -| testCoreData2.swift:95:10:95:10 | bankAccountNo | label:bankAccountNo, type:private information | -| testCoreData2.swift:101:10:101:10 | bankAccountNo | label:bankAccountNo, type:private information | +| testCoreData2.swift:37:16:37:16 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | +| testCoreData2.swift:38:2:38:6 | .myBankAccountNumber | label:myBankAccountNumber, type:credential, type:private information | +| testCoreData2.swift:39:2:39:6 | .myBankAccountNumber | label:myBankAccountNumber, type:credential, type:private information | +| testCoreData2.swift:39:28:39:28 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | +| testCoreData2.swift:40:2:40:6 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:credential, type:private information | +| testCoreData2.swift:41:2:41:6 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:credential, type:private information | +| testCoreData2.swift:41:29:41:29 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | +| testCoreData2.swift:42:2:42:6 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:credential, type:private information | +| testCoreData2.swift:43:2:43:6 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:credential, type:private information | +| testCoreData2.swift:43:35:43:35 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | +| testCoreData2.swift:46:22:46:22 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | +| testCoreData2.swift:47:2:47:12 | .myBankAccountNumber | label:myBankAccountNumber, type:credential, type:private information | +| testCoreData2.swift:48:2:48:12 | .myBankAccountNumber | label:myBankAccountNumber, type:credential, type:private information | +| testCoreData2.swift:48:34:48:34 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | +| testCoreData2.swift:49:2:49:12 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:credential, type:private information | +| testCoreData2.swift:50:2:50:12 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:credential, type:private information | +| testCoreData2.swift:50:35:50:35 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | +| testCoreData2.swift:51:2:51:12 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:credential, type:private information | +| testCoreData2.swift:52:2:52:12 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:credential, type:private information | +| testCoreData2.swift:52:41:52:41 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | +| testCoreData2.swift:57:3:57:7 | .myBankAccountNumber | label:myBankAccountNumber, type:credential, type:private information | +| testCoreData2.swift:57:29:57:29 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | +| testCoreData2.swift:60:4:60:8 | .myBankAccountNumber | label:myBankAccountNumber, type:credential, type:private information | +| testCoreData2.swift:60:30:60:30 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | +| testCoreData2.swift:62:4:62:8 | .myBankAccountNumber | label:myBankAccountNumber, type:credential, type:private information | +| testCoreData2.swift:62:30:62:30 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | +| testCoreData2.swift:65:3:65:7 | .myBankAccountNumber | label:myBankAccountNumber, type:credential, type:private information | +| testCoreData2.swift:65:29:65:29 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | +| testCoreData2.swift:79:18:79:28 | .bankAccountNo | label:bankAccountNo, type:credential, type:private information | +| testCoreData2.swift:80:18:80:28 | .bankAccountNo2 | label:bankAccountNo2, type:credential, type:private information | +| testCoreData2.swift:82:18:82:18 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | +| testCoreData2.swift:83:18:83:18 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | +| testCoreData2.swift:84:18:84:18 | bankAccountNo2 | label:bankAccountNo2, type:credential, type:private information | +| testCoreData2.swift:85:18:85:18 | bankAccountNo2 | label:bankAccountNo2, type:credential, type:private information | +| testCoreData2.swift:87:22:87:32 | .bankAccountNo | label:bankAccountNo, type:credential, type:private information | +| testCoreData2.swift:88:22:88:22 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | +| testCoreData2.swift:89:22:89:22 | bankAccountNo2 | label:bankAccountNo2, type:credential, type:private information | +| testCoreData2.swift:91:10:91:10 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | +| testCoreData2.swift:95:10:95:10 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | +| testCoreData2.swift:101:10:101:10 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | | testCoreData.swift:48:15:48:15 | password | label:password, type:credential | | testCoreData.swift:51:24:51:24 | password | label:password, type:credential | | testCoreData.swift:58:15:58:15 | password | label:password, type:credential | @@ -125,9 +129,9 @@ | testSend.swift:55:23:55:23 | password | label:password, type:credential | | testSend.swift:56:27:56:27 | password | label:password, type:credential | | testSend.swift:57:27:57:27 | password | label:password, type:credential | -| testSend.swift:65:27:65:27 | license_key | label:license_key, type:credential | | testSend.swift:66:27:66:30 | .mobileNumber | label:mobileNumber, type:private information | | testSend.swift:69:27:69:30 | .passwordFeatureEnabled | label:passwordFeatureEnabled, type:credential | | testURL.swift:13:54:13:54 | passwd | label:passwd, type:credential | +| testURL.swift:15:55:15:55 | account_no | label:account_no, type:credential | | testURL.swift:16:55:16:55 | credit_card_no | label:credit_card_no, type:private information | | testURL.swift:20:22:20:22 | passwd | label:passwd, type:credential | diff --git a/swift/ql/test/query-tests/Security/CWE-328/WeakSensitiveDataHashing.expected b/swift/ql/test/query-tests/Security/CWE-328/WeakSensitiveDataHashing.expected index 1a3d8a15f8a..16fc67d4a6f 100644 --- a/swift/ql/test/query-tests/Security/CWE-328/WeakSensitiveDataHashing.expected +++ b/swift/ql/test/query-tests/Security/CWE-328/WeakSensitiveDataHashing.expected @@ -1,17 +1,29 @@ edges nodes | testCryptoKit.swift:56:47:56:47 | passwd | semmle.label | passwd | +| testCryptoKit.swift:57:43:57:43 | cert | semmle.label | cert | +| testCryptoKit.swift:59:43:59:43 | account_no | semmle.label | account_no | | testCryptoKit.swift:60:43:60:43 | credit_card_no | semmle.label | credit_card_no | | testCryptoKit.swift:61:43:61:43 | credit_card_no | semmle.label | credit_card_no | | testCryptoKit.swift:63:44:63:44 | passwd | semmle.label | passwd | +| testCryptoKit.swift:64:44:64:44 | cert | semmle.label | cert | +| testCryptoKit.swift:66:44:66:44 | account_no | semmle.label | account_no | | testCryptoKit.swift:67:44:67:44 | credit_card_no | semmle.label | credit_card_no | | testCryptoKit.swift:90:23:90:23 | passwd | semmle.label | passwd | +| testCryptoKit.swift:91:23:91:23 | cert | semmle.label | cert | +| testCryptoKit.swift:93:23:93:23 | account_no | semmle.label | account_no | | testCryptoKit.swift:94:23:94:23 | credit_card_no | semmle.label | credit_card_no | | testCryptoKit.swift:99:23:99:23 | passwd | semmle.label | passwd | +| testCryptoKit.swift:100:23:100:23 | cert | semmle.label | cert | +| testCryptoKit.swift:102:23:102:23 | account_no | semmle.label | account_no | | testCryptoKit.swift:103:23:103:23 | credit_card_no | semmle.label | credit_card_no | | testCryptoKit.swift:132:32:132:32 | passwd | semmle.label | passwd | +| testCryptoKit.swift:133:32:133:32 | cert | semmle.label | cert | +| testCryptoKit.swift:135:32:135:32 | account_no | semmle.label | account_no | | testCryptoKit.swift:136:32:136:32 | credit_card_no | semmle.label | credit_card_no | | testCryptoKit.swift:141:32:141:32 | passwd | semmle.label | passwd | +| testCryptoKit.swift:142:32:142:32 | cert | semmle.label | cert | +| testCryptoKit.swift:144:32:144:32 | account_no | semmle.label | account_no | | testCryptoKit.swift:145:32:145:32 | credit_card_no | semmle.label | credit_card_no | | testCryptoSwift.swift:113:30:113:30 | passwdArray | semmle.label | passwdArray | | testCryptoSwift.swift:115:31:115:31 | passwdArray | semmle.label | passwdArray | @@ -26,17 +38,29 @@ nodes subpaths #select | testCryptoKit.swift:56:47:56:47 | passwd | testCryptoKit.swift:56:47:56:47 | passwd | testCryptoKit.swift:56:47:56:47 | passwd | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:56:47:56:47 | passwd | sensitive data (credential passwd) | +| testCryptoKit.swift:57:43:57:43 | cert | testCryptoKit.swift:57:43:57:43 | cert | testCryptoKit.swift:57:43:57:43 | cert | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:57:43:57:43 | cert | sensitive data (credential cert) | +| testCryptoKit.swift:59:43:59:43 | account_no | testCryptoKit.swift:59:43:59:43 | account_no | testCryptoKit.swift:59:43:59:43 | account_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:59:43:59:43 | account_no | sensitive data (credential account_no) | | testCryptoKit.swift:60:43:60:43 | credit_card_no | testCryptoKit.swift:60:43:60:43 | credit_card_no | testCryptoKit.swift:60:43:60:43 | credit_card_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:60:43:60:43 | credit_card_no | sensitive data (private information credit_card_no) | | testCryptoKit.swift:61:43:61:43 | credit_card_no | testCryptoKit.swift:61:43:61:43 | credit_card_no | testCryptoKit.swift:61:43:61:43 | credit_card_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:61:43:61:43 | credit_card_no | sensitive data (private information credit_card_no) | | testCryptoKit.swift:63:44:63:44 | passwd | testCryptoKit.swift:63:44:63:44 | passwd | testCryptoKit.swift:63:44:63:44 | passwd | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:63:44:63:44 | passwd | sensitive data (credential passwd) | +| testCryptoKit.swift:64:44:64:44 | cert | testCryptoKit.swift:64:44:64:44 | cert | testCryptoKit.swift:64:44:64:44 | cert | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:64:44:64:44 | cert | sensitive data (credential cert) | +| testCryptoKit.swift:66:44:66:44 | account_no | testCryptoKit.swift:66:44:66:44 | account_no | testCryptoKit.swift:66:44:66:44 | account_no | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:66:44:66:44 | account_no | sensitive data (credential account_no) | | testCryptoKit.swift:67:44:67:44 | credit_card_no | testCryptoKit.swift:67:44:67:44 | credit_card_no | testCryptoKit.swift:67:44:67:44 | credit_card_no | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:67:44:67:44 | credit_card_no | sensitive data (private information credit_card_no) | | testCryptoKit.swift:90:23:90:23 | passwd | testCryptoKit.swift:90:23:90:23 | passwd | testCryptoKit.swift:90:23:90:23 | passwd | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:90:23:90:23 | passwd | sensitive data (credential passwd) | +| testCryptoKit.swift:91:23:91:23 | cert | testCryptoKit.swift:91:23:91:23 | cert | testCryptoKit.swift:91:23:91:23 | cert | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:91:23:91:23 | cert | sensitive data (credential cert) | +| testCryptoKit.swift:93:23:93:23 | account_no | testCryptoKit.swift:93:23:93:23 | account_no | testCryptoKit.swift:93:23:93:23 | account_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:93:23:93:23 | account_no | sensitive data (credential account_no) | | testCryptoKit.swift:94:23:94:23 | credit_card_no | testCryptoKit.swift:94:23:94:23 | credit_card_no | testCryptoKit.swift:94:23:94:23 | credit_card_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:94:23:94:23 | credit_card_no | sensitive data (private information credit_card_no) | | testCryptoKit.swift:99:23:99:23 | passwd | testCryptoKit.swift:99:23:99:23 | passwd | testCryptoKit.swift:99:23:99:23 | passwd | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:99:23:99:23 | passwd | sensitive data (credential passwd) | +| testCryptoKit.swift:100:23:100:23 | cert | testCryptoKit.swift:100:23:100:23 | cert | testCryptoKit.swift:100:23:100:23 | cert | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:100:23:100:23 | cert | sensitive data (credential cert) | +| testCryptoKit.swift:102:23:102:23 | account_no | testCryptoKit.swift:102:23:102:23 | account_no | testCryptoKit.swift:102:23:102:23 | account_no | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:102:23:102:23 | account_no | sensitive data (credential account_no) | | testCryptoKit.swift:103:23:103:23 | credit_card_no | testCryptoKit.swift:103:23:103:23 | credit_card_no | testCryptoKit.swift:103:23:103:23 | credit_card_no | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:103:23:103:23 | credit_card_no | sensitive data (private information credit_card_no) | | testCryptoKit.swift:132:32:132:32 | passwd | testCryptoKit.swift:132:32:132:32 | passwd | testCryptoKit.swift:132:32:132:32 | passwd | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:132:32:132:32 | passwd | sensitive data (credential passwd) | +| testCryptoKit.swift:133:32:133:32 | cert | testCryptoKit.swift:133:32:133:32 | cert | testCryptoKit.swift:133:32:133:32 | cert | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:133:32:133:32 | cert | sensitive data (credential cert) | +| testCryptoKit.swift:135:32:135:32 | account_no | testCryptoKit.swift:135:32:135:32 | account_no | testCryptoKit.swift:135:32:135:32 | account_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:135:32:135:32 | account_no | sensitive data (credential account_no) | | testCryptoKit.swift:136:32:136:32 | credit_card_no | testCryptoKit.swift:136:32:136:32 | credit_card_no | testCryptoKit.swift:136:32:136:32 | credit_card_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:136:32:136:32 | credit_card_no | sensitive data (private information credit_card_no) | | testCryptoKit.swift:141:32:141:32 | passwd | testCryptoKit.swift:141:32:141:32 | passwd | testCryptoKit.swift:141:32:141:32 | passwd | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:141:32:141:32 | passwd | sensitive data (credential passwd) | +| testCryptoKit.swift:142:32:142:32 | cert | testCryptoKit.swift:142:32:142:32 | cert | testCryptoKit.swift:142:32:142:32 | cert | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:142:32:142:32 | cert | sensitive data (credential cert) | +| testCryptoKit.swift:144:32:144:32 | account_no | testCryptoKit.swift:144:32:144:32 | account_no | testCryptoKit.swift:144:32:144:32 | account_no | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:144:32:144:32 | account_no | sensitive data (credential account_no) | | testCryptoKit.swift:145:32:145:32 | credit_card_no | testCryptoKit.swift:145:32:145:32 | credit_card_no | testCryptoKit.swift:145:32:145:32 | credit_card_no | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:145:32:145:32 | credit_card_no | sensitive data (private information credit_card_no) | | testCryptoSwift.swift:113:30:113:30 | passwdArray | testCryptoSwift.swift:113:30:113:30 | passwdArray | testCryptoSwift.swift:113:30:113:30 | passwdArray | Insecure hashing algorithm (MD5) depends on $@. | testCryptoSwift.swift:113:30:113:30 | passwdArray | sensitive data (credential passwdArray) | | testCryptoSwift.swift:115:31:115:31 | passwdArray | testCryptoSwift.swift:115:31:115:31 | passwdArray | testCryptoSwift.swift:115:31:115:31 | passwdArray | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoSwift.swift:115:31:115:31 | passwdArray | sensitive data (credential passwdArray) | From 252b72b5731be19f3c5c5ea97f3e9b8182622240 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 12 May 2023 12:18:32 +0100 Subject: [PATCH 378/870] Swift: Add some special cases to preserve (for now) result quality. --- swift/ql/lib/codeql/swift/security/SensitiveExprs.qll | 5 ++++- .../Security/CWE-311/CleartextTransmission.expected | 2 ++ .../query-tests/Security/CWE-311/SensitiveExprs.expected | 1 + 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll index 093caaaa0cf..a742974710d 100644 --- a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll +++ b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll @@ -29,7 +29,10 @@ abstract class SensitiveDataType extends TSensitiveDataType { class SensitiveCredential extends SensitiveDataType, TCredential { override string toString() { result = "credential" } - override string getRegexp() { result = HeuristicNames::maybeSensitiveRegexp(_) } + override string getRegexp() { + result = HeuristicNames::maybeSensitiveRegexp(_) or + result = "(?is).*(license.?key).*" + } } /** diff --git a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected index 816ef16e076..c832cf51a15 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected @@ -37,6 +37,7 @@ nodes | testSend.swift:59:27:59:27 | str1 | semmle.label | str1 | | testSend.swift:60:27:60:27 | str2 | semmle.label | str2 | | testSend.swift:61:27:61:27 | str3 | semmle.label | str3 | +| testSend.swift:65:27:65:27 | license_key | semmle.label | license_key | | testSend.swift:66:27:66:30 | .mobileNumber | semmle.label | .mobileNumber | | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | | testURL.swift:13:54:13:54 | passwd | semmle.label | passwd | @@ -57,6 +58,7 @@ subpaths | testSend.swift:59:27:59:27 | str1 | testSend.swift:52:13:52:13 | password | testSend.swift:59:27:59:27 | str1 | This operation transmits 'str1', which may contain unencrypted sensitive data from $@. | testSend.swift:52:13:52:13 | password | password | | testSend.swift:60:27:60:27 | str2 | testSend.swift:53:13:53:13 | password | testSend.swift:60:27:60:27 | str2 | This operation transmits 'str2', which may contain unencrypted sensitive data from $@. | testSend.swift:53:13:53:13 | password | password | | testSend.swift:61:27:61:27 | str3 | testSend.swift:54:17:54:17 | password | testSend.swift:61:27:61:27 | str3 | This operation transmits 'str3', which may contain unencrypted sensitive data from $@. | testSend.swift:54:17:54:17 | password | password | +| testSend.swift:65:27:65:27 | license_key | testSend.swift:65:27:65:27 | license_key | testSend.swift:65:27:65:27 | license_key | This operation transmits 'license_key', which may contain unencrypted sensitive data from $@. | testSend.swift:65:27:65:27 | license_key | license_key | | testSend.swift:66:27:66:30 | .mobileNumber | testSend.swift:66:27:66:30 | .mobileNumber | testSend.swift:66:27:66:30 | .mobileNumber | This operation transmits '.mobileNumber', which may contain unencrypted sensitive data from $@. | testSend.swift:66:27:66:30 | .mobileNumber | .mobileNumber | | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | testURL.swift:13:54:13:54 | passwd | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:13:54:13:54 | passwd | passwd | | testURL.swift:15:22:15:55 | ... .+(_:_:) ... | testURL.swift:15:55:15:55 | account_no | testURL.swift:15:22:15:55 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:15:55:15:55 | account_no | account_no | diff --git a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected index 1c22f1e0bb9..812581cfb87 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected @@ -129,6 +129,7 @@ | testSend.swift:55:23:55:23 | password | label:password, type:credential | | testSend.swift:56:27:56:27 | password | label:password, type:credential | | testSend.swift:57:27:57:27 | password | label:password, type:credential | +| testSend.swift:65:27:65:27 | license_key | label:license_key, type:credential | | testSend.swift:66:27:66:30 | .mobileNumber | label:mobileNumber, type:private information | | testSend.swift:69:27:69:30 | .passwordFeatureEnabled | label:passwordFeatureEnabled, type:credential | | testURL.swift:13:54:13:54 | passwd | label:passwd, type:credential | From 047494dc95b61d085583559e93a09c87d0c782cd Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 12 May 2023 15:38:17 +0100 Subject: [PATCH 379/870] Swift: Bank account numbers are a credential now, I guess they don't need to be private data as well. --- .../codeql/swift/security/SensitiveExprs.qll | 2 +- .../Security/CWE-311/SensitiveExprs.expected | 80 +++++++++---------- 2 files changed, 41 insertions(+), 41 deletions(-) diff --git a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll index a742974710d..3de43524294 100644 --- a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll +++ b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll @@ -54,7 +54,7 @@ class SensitivePrivateInfo extends SensitiveDataType, TPrivateInfo { // Geographic location - where the user is (or was) "latitude|longitude|" + // Financial data - such as credit card numbers, salary, bank accounts, and debts - "credit.?card|debit.?card|salary|bank.?account|" + + "credit.?card|debit.?card|salary|" + // Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc. "email|" + // Health - medical conditions, insurance status, prescription records diff --git a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected index 812581cfb87..708d68a05e9 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected @@ -12,46 +12,46 @@ | testAlamofire.swift:205:62:205:62 | password | label:password, type:credential | | testAlamofire.swift:213:48:213:48 | username | label:username, type:credential | | testAlamofire.swift:213:65:213:65 | password | label:password, type:credential | -| testCoreData2.swift:37:16:37:16 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | -| testCoreData2.swift:38:2:38:6 | .myBankAccountNumber | label:myBankAccountNumber, type:credential, type:private information | -| testCoreData2.swift:39:2:39:6 | .myBankAccountNumber | label:myBankAccountNumber, type:credential, type:private information | -| testCoreData2.swift:39:28:39:28 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | -| testCoreData2.swift:40:2:40:6 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:credential, type:private information | -| testCoreData2.swift:41:2:41:6 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:credential, type:private information | -| testCoreData2.swift:41:29:41:29 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | -| testCoreData2.swift:42:2:42:6 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:credential, type:private information | -| testCoreData2.swift:43:2:43:6 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:credential, type:private information | -| testCoreData2.swift:43:35:43:35 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | -| testCoreData2.swift:46:22:46:22 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | -| testCoreData2.swift:47:2:47:12 | .myBankAccountNumber | label:myBankAccountNumber, type:credential, type:private information | -| testCoreData2.swift:48:2:48:12 | .myBankAccountNumber | label:myBankAccountNumber, type:credential, type:private information | -| testCoreData2.swift:48:34:48:34 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | -| testCoreData2.swift:49:2:49:12 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:credential, type:private information | -| testCoreData2.swift:50:2:50:12 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:credential, type:private information | -| testCoreData2.swift:50:35:50:35 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | -| testCoreData2.swift:51:2:51:12 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:credential, type:private information | -| testCoreData2.swift:52:2:52:12 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:credential, type:private information | -| testCoreData2.swift:52:41:52:41 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | -| testCoreData2.swift:57:3:57:7 | .myBankAccountNumber | label:myBankAccountNumber, type:credential, type:private information | -| testCoreData2.swift:57:29:57:29 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | -| testCoreData2.swift:60:4:60:8 | .myBankAccountNumber | label:myBankAccountNumber, type:credential, type:private information | -| testCoreData2.swift:60:30:60:30 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | -| testCoreData2.swift:62:4:62:8 | .myBankAccountNumber | label:myBankAccountNumber, type:credential, type:private information | -| testCoreData2.swift:62:30:62:30 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | -| testCoreData2.swift:65:3:65:7 | .myBankAccountNumber | label:myBankAccountNumber, type:credential, type:private information | -| testCoreData2.swift:65:29:65:29 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | -| testCoreData2.swift:79:18:79:28 | .bankAccountNo | label:bankAccountNo, type:credential, type:private information | -| testCoreData2.swift:80:18:80:28 | .bankAccountNo2 | label:bankAccountNo2, type:credential, type:private information | -| testCoreData2.swift:82:18:82:18 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | -| testCoreData2.swift:83:18:83:18 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | -| testCoreData2.swift:84:18:84:18 | bankAccountNo2 | label:bankAccountNo2, type:credential, type:private information | -| testCoreData2.swift:85:18:85:18 | bankAccountNo2 | label:bankAccountNo2, type:credential, type:private information | -| testCoreData2.swift:87:22:87:32 | .bankAccountNo | label:bankAccountNo, type:credential, type:private information | -| testCoreData2.swift:88:22:88:22 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | -| testCoreData2.swift:89:22:89:22 | bankAccountNo2 | label:bankAccountNo2, type:credential, type:private information | -| testCoreData2.swift:91:10:91:10 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | -| testCoreData2.swift:95:10:95:10 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | -| testCoreData2.swift:101:10:101:10 | bankAccountNo | label:bankAccountNo, type:credential, type:private information | +| testCoreData2.swift:37:16:37:16 | bankAccountNo | label:bankAccountNo, type:credential | +| testCoreData2.swift:38:2:38:6 | .myBankAccountNumber | label:myBankAccountNumber, type:credential | +| testCoreData2.swift:39:2:39:6 | .myBankAccountNumber | label:myBankAccountNumber, type:credential | +| testCoreData2.swift:39:28:39:28 | bankAccountNo | label:bankAccountNo, type:credential | +| testCoreData2.swift:40:2:40:6 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:credential | +| testCoreData2.swift:41:2:41:6 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:credential | +| testCoreData2.swift:41:29:41:29 | bankAccountNo | label:bankAccountNo, type:credential | +| testCoreData2.swift:42:2:42:6 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:credential | +| testCoreData2.swift:43:2:43:6 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:credential | +| testCoreData2.swift:43:35:43:35 | bankAccountNo | label:bankAccountNo, type:credential | +| testCoreData2.swift:46:22:46:22 | bankAccountNo | label:bankAccountNo, type:credential | +| testCoreData2.swift:47:2:47:12 | .myBankAccountNumber | label:myBankAccountNumber, type:credential | +| testCoreData2.swift:48:2:48:12 | .myBankAccountNumber | label:myBankAccountNumber, type:credential | +| testCoreData2.swift:48:34:48:34 | bankAccountNo | label:bankAccountNo, type:credential | +| testCoreData2.swift:49:2:49:12 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:credential | +| testCoreData2.swift:50:2:50:12 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:credential | +| testCoreData2.swift:50:35:50:35 | bankAccountNo | label:bankAccountNo, type:credential | +| testCoreData2.swift:51:2:51:12 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:credential | +| testCoreData2.swift:52:2:52:12 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:credential | +| testCoreData2.swift:52:41:52:41 | bankAccountNo | label:bankAccountNo, type:credential | +| testCoreData2.swift:57:3:57:7 | .myBankAccountNumber | label:myBankAccountNumber, type:credential | +| testCoreData2.swift:57:29:57:29 | bankAccountNo | label:bankAccountNo, type:credential | +| testCoreData2.swift:60:4:60:8 | .myBankAccountNumber | label:myBankAccountNumber, type:credential | +| testCoreData2.swift:60:30:60:30 | bankAccountNo | label:bankAccountNo, type:credential | +| testCoreData2.swift:62:4:62:8 | .myBankAccountNumber | label:myBankAccountNumber, type:credential | +| testCoreData2.swift:62:30:62:30 | bankAccountNo | label:bankAccountNo, type:credential | +| testCoreData2.swift:65:3:65:7 | .myBankAccountNumber | label:myBankAccountNumber, type:credential | +| testCoreData2.swift:65:29:65:29 | bankAccountNo | label:bankAccountNo, type:credential | +| testCoreData2.swift:79:18:79:28 | .bankAccountNo | label:bankAccountNo, type:credential | +| testCoreData2.swift:80:18:80:28 | .bankAccountNo2 | label:bankAccountNo2, type:credential | +| testCoreData2.swift:82:18:82:18 | bankAccountNo | label:bankAccountNo, type:credential | +| testCoreData2.swift:83:18:83:18 | bankAccountNo | label:bankAccountNo, type:credential | +| testCoreData2.swift:84:18:84:18 | bankAccountNo2 | label:bankAccountNo2, type:credential | +| testCoreData2.swift:85:18:85:18 | bankAccountNo2 | label:bankAccountNo2, type:credential | +| testCoreData2.swift:87:22:87:32 | .bankAccountNo | label:bankAccountNo, type:credential | +| testCoreData2.swift:88:22:88:22 | bankAccountNo | label:bankAccountNo, type:credential | +| testCoreData2.swift:89:22:89:22 | bankAccountNo2 | label:bankAccountNo2, type:credential | +| testCoreData2.swift:91:10:91:10 | bankAccountNo | label:bankAccountNo, type:credential | +| testCoreData2.swift:95:10:95:10 | bankAccountNo | label:bankAccountNo, type:credential | +| testCoreData2.swift:101:10:101:10 | bankAccountNo | label:bankAccountNo, type:credential | | testCoreData.swift:48:15:48:15 | password | label:password, type:credential | | testCoreData.swift:51:24:51:24 | password | label:password, type:credential | | testCoreData.swift:58:15:58:15 | password | label:password, type:credential | From 3f206cce003095b4135d6f6601e1ca2ea78a926a Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 12 May 2023 09:50:38 +0100 Subject: [PATCH 380/870] Swift: Simplify out toLowerCase(). --- .../ql/lib/codeql/swift/security/SensitiveExprs.qll | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll index 3de43524294..c3432fa58e4 100644 --- a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll +++ b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll @@ -43,7 +43,7 @@ class SensitivePrivateInfo extends SensitiveDataType, TPrivateInfo { override string getRegexp() { result = - ".*(" + + "(?is).*(" + // Inspired by the list on https://cwe.mitre.org/data/definitions/359.html // Government identifiers, such as Social Security Numbers "social.?security|national.?insurance|" + @@ -82,7 +82,7 @@ private string regexpProbablySafe() { private class SensitiveVarDecl extends VarDecl { SensitiveDataType sensitiveType; - SensitiveVarDecl() { this.getName().toLowerCase().regexpMatch(sensitiveType.getRegexp()) } + SensitiveVarDecl() { this.getName().regexpMatch(sensitiveType.getRegexp()) } predicate hasInfo(string label, SensitiveDataType type) { label = this.getName() and @@ -99,7 +99,7 @@ private class SensitiveFunction extends Function { SensitiveFunction() { name = this.getName().splitAt("(", 0) and - name.toLowerCase().regexpMatch(sensitiveType.getRegexp()) + name.regexpMatch(sensitiveType.getRegexp()) } predicate hasInfo(string label, SensitiveDataType type) { @@ -114,7 +114,7 @@ private class SensitiveFunction extends Function { private class SensitiveArgument extends Argument { SensitiveDataType sensitiveType; - SensitiveArgument() { this.getLabel().toLowerCase().regexpMatch(sensitiveType.getRegexp()) } + SensitiveArgument() { this.getLabel().regexpMatch(sensitiveType.getRegexp()) } predicate hasInfo(string label, SensitiveDataType type) { label = this.getLabel() and @@ -147,7 +147,7 @@ class SensitiveExpr extends Expr { ) ) and // do not mark as sensitive it if it is probably safe - not label.toLowerCase().regexpMatch(regexpProbablySafe()) + not label.regexpMatch(regexpProbablySafe()) } /** @@ -165,7 +165,7 @@ class SensitiveExpr extends Expr { * A function that is likely used to encrypt or hash data. */ private class EncryptionFunction extends Function { - EncryptionFunction() { this.getName().regexpMatch(".*(crypt|hash|encode|protect).*") } + EncryptionFunction() { this.getName().regexpMatch("(?is).*(crypt|hash|encode|protect).*") } } /** From 5019d3befa7963b9854b0be325849d95d2e1b0b8 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 12 May 2023 15:30:14 +0100 Subject: [PATCH 381/870] Swift: Update test annotations. --- .../Security/CWE-311/testURL.swift | 2 +- .../Security/CWE-328/testCryptoKit.swift | 24 +++++++++---------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/swift/ql/test/query-tests/Security/CWE-311/testURL.swift b/swift/ql/test/query-tests/Security/CWE-311/testURL.swift index 48ae815232f..7f9b64ff4f6 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/testURL.swift +++ b/swift/ql/test/query-tests/Security/CWE-311/testURL.swift @@ -12,7 +12,7 @@ struct URL func test1(passwd : String, encrypted_passwd : String, account_no : String, credit_card_no : String) { let a = URL(string: "http://example.com/login?p=" + passwd); // BAD let b = URL(string: "http://example.com/login?p=" + encrypted_passwd); // GOOD (not sensitive) - let c = URL(string: "http://example.com/login?ac=" + account_no); // BAD [NOT DETECTED] + let c = URL(string: "http://example.com/login?ac=" + account_no); // BAD let d = URL(string: "http://example.com/login?cc=" + credit_card_no); // BAD let base = URL(string: "http://example.com/"); // GOOD (not sensitive) diff --git a/swift/ql/test/query-tests/Security/CWE-328/testCryptoKit.swift b/swift/ql/test/query-tests/Security/CWE-328/testCryptoKit.swift index a97eab7501d..55fb9284fa6 100644 --- a/swift/ql/test/query-tests/Security/CWE-328/testCryptoKit.swift +++ b/swift/ql/test/query-tests/Security/CWE-328/testCryptoKit.swift @@ -54,16 +54,16 @@ enum Insecure { func testHashMethods(passwd : UnsafeRawBufferPointer, cert: String, encrypted_passwd : String, account_no : String, credit_card_no : String) { var hash = Crypto.Insecure.MD5.hash(data: passwd) // BAD - hash = Crypto.Insecure.MD5.hash(data: cert) // BAD [NOT DETECTED] + hash = Crypto.Insecure.MD5.hash(data: cert) // BAD hash = Crypto.Insecure.MD5.hash(data: encrypted_passwd) // GOOD (not sensitive) - hash = Crypto.Insecure.MD5.hash(data: account_no) // BAD [NOT DETECTED] + hash = Crypto.Insecure.MD5.hash(data: account_no) // BAD hash = Crypto.Insecure.MD5.hash(data: credit_card_no) // BAD hash = Crypto.Insecure.MD5.hash(data: credit_card_no) // BAD hash = Crypto.Insecure.SHA1.hash(data: passwd) // BAD - hash = Crypto.Insecure.SHA1.hash(data: cert) // BAD [NOT DETECTED] + hash = Crypto.Insecure.SHA1.hash(data: cert) // BAD hash = Crypto.Insecure.SHA1.hash(data: encrypted_passwd) // GOOD (not sensitive) - hash = Crypto.Insecure.SHA1.hash(data: account_no) // BAD [NOT DETECTED] + hash = Crypto.Insecure.SHA1.hash(data: account_no) // BAD hash = Crypto.Insecure.SHA1.hash(data: credit_card_no) // BAD hash = Crypto.SHA256.hash(data: passwd) // BAD [NOT DETECTED] not a computationally expensive hash @@ -88,18 +88,18 @@ func testHashMethods(passwd : UnsafeRawBufferPointer, cert: String, encrypted_pa func testMD5UpdateWithData(passwd : String, cert: String, encrypted_passwd : String, account_no : String, credit_card_no : String) { var hash = Crypto.Insecure.MD5() hash.update(data: passwd) // BAD - hash.update(data: cert) // BAD [NOT DETECTED] + hash.update(data: cert) // BAD hash.update(data: encrypted_passwd) // GOOD (not sensitive) - hash.update(data: account_no) // BAD [NOT DETECTED] + hash.update(data: account_no) // BAD hash.update(data: credit_card_no) // BAD } func testSHA1UpdateWithData(passwd : String, cert: String, encrypted_passwd : String, account_no : String, credit_card_no : String) { var hash = Crypto.Insecure.SHA1() hash.update(data: passwd) // BAD - hash.update(data: cert) // BAD [NOT DETECTED] + hash.update(data: cert) // BAD hash.update(data: encrypted_passwd) // GOOD (not sensitive) - hash.update(data: account_no) // BAD [NOT DETECTED] + hash.update(data: account_no) // BAD hash.update(data: credit_card_no) // BAD } @@ -130,18 +130,18 @@ func testSHA512UpdateWithData(passwd : String, cert: String, encrypted_passwd : func testMD5UpdateWithUnsafeRawBufferPointer(passwd : UnsafeRawBufferPointer, cert: UnsafeRawBufferPointer, encrypted_passwd : UnsafeRawBufferPointer, account_no : UnsafeRawBufferPointer, credit_card_no : UnsafeRawBufferPointer) { var hash = Crypto.Insecure.MD5() hash.update(bufferPointer: passwd) // BAD - hash.update(bufferPointer: cert) // BAD [NOT DETECTED] + hash.update(bufferPointer: cert) // BAD hash.update(bufferPointer: encrypted_passwd) // GOOD (not sensitive) - hash.update(bufferPointer: account_no) // BAD [NOT DETECTED] + hash.update(bufferPointer: account_no) // BAD hash.update(bufferPointer: credit_card_no) // BAD } func testSHA1UpdateWithUnsafeRawBufferPointer(passwd : UnsafeRawBufferPointer, cert: UnsafeRawBufferPointer, encrypted_passwd : UnsafeRawBufferPointer, account_no : UnsafeRawBufferPointer, credit_card_no : UnsafeRawBufferPointer) { var hash = Crypto.Insecure.SHA1() hash.update(bufferPointer: passwd) // BAD - hash.update(bufferPointer: cert) // BAD [NOT DETECTED] + hash.update(bufferPointer: cert) // BAD hash.update(bufferPointer: encrypted_passwd) // GOOD (not sensitive) - hash.update(bufferPointer: account_no) // BAD [NOT DETECTED] + hash.update(bufferPointer: account_no) // BAD hash.update(bufferPointer: credit_card_no) // BAD } From 8db945a11e177e8ccf6cc5409996beec31a166ee Mon Sep 17 00:00:00 2001 From: Alexandre Boulgakov Date: Mon, 15 May 2023 20:51:31 +0100 Subject: [PATCH 382/870] Swift: Use `...` to find and run all Bazel tests instead of having to list them. --- swift/actions/build-and-test/action.yml | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/swift/actions/build-and-test/action.yml b/swift/actions/build-and-test/action.yml index 2e084e9a97b..f800bd3ffc2 100644 --- a/swift/actions/build-and-test/action.yml +++ b/swift/actions/build-and-test/action.yml @@ -53,21 +53,16 @@ runs: shell: bash run: | bazel run //swift:create-extractor-pack - - name: Run xcode-autobuilder tests - if : ${{ github.event_name == 'pull_request' && runner.os == 'macOS' }} - shell: bash - run: | - bazel test //swift/xcode-autobuilder/tests - name: Run codegen tests if : ${{ github.event_name == 'pull_request' }} shell: bash run: | - bazel test //misc/codegen/test - - name: Run qltest tests - if : ${{ github.event_name == 'pull_request' }} + bazel test //misc/codegen/... + - name: Run Swift tests + if: ${{ github.event_name == 'pull_request' }} shell: bash run: | - bazel test //swift/tools/test/qltest + bazel test //swift/... - name: Evict bazel cache if: ${{ github.event_name != 'pull_request' }} shell: bash From bfb098c3d6bf618ca28149313882b42455964776 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Tue, 16 May 2023 08:45:52 +0200 Subject: [PATCH 383/870] Enable implicit this warnings for shared packs --- shared/regex/qlpack.yml | 1 + shared/ssa/qlpack.yml | 1 + shared/tutorial/qlpack.yml | 1 + shared/typetracking/qlpack.yml | 1 + shared/typos/qlpack.yml | 1 + shared/util/qlpack.yml | 1 + shared/yaml/qlpack.yml | 1 + 7 files changed, 7 insertions(+) diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index bd61542e004..ef9519ead25 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -3,3 +3,4 @@ version: 0.0.13-dev groups: shared library: true dependencies: +warnOnImplicitThis: true diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 6c1e42e1950..4bb3d04e800 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -2,3 +2,4 @@ name: codeql/ssa version: 0.0.17-dev groups: shared library: true +warnOnImplicitThis: true diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 4ac2f206cba..37c2fca38b4 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -3,3 +3,4 @@ description: Library for the CodeQL detective tutorials, helping new users learn version: 0.0.10-dev groups: shared library: true +warnOnImplicitThis: true diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 239091ead67..499f5cc4d34 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -4,3 +4,4 @@ groups: shared library: true dependencies: codeql/util: ${workspace} +warnOnImplicitThis: true diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 7f7a802dd0b..6d0b76e1ce5 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -2,3 +2,4 @@ name: codeql/typos version: 0.0.17-dev groups: shared library: true +warnOnImplicitThis: true diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index f3f03fded40..8ff9a0efdb6 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -3,3 +3,4 @@ version: 0.0.10-dev groups: shared library: true dependencies: +warnOnImplicitThis: true diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index f08abe18bfc..75a796f2ba3 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -2,3 +2,4 @@ name: codeql/yaml version: 0.0.2-dev groups: shared library: true +warnOnImplicitThis: true From 145eaf3947f8cd49be3ccf502ee0d270b3cf4c79 Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Fri, 12 May 2023 13:29:27 +0200 Subject: [PATCH 384/870] python: remove steps for container constructors --- .../new/internal/TaintTrackingPrivate.qll | 7 ------- .../test_collections.py | 20 +++++++++---------- .../frameworks/aiohttp/taint_test.py | 2 +- .../frameworks/flask/taint_test.py | 2 +- .../frameworks/multidict/taint_test.py | 4 ++-- 5 files changed, 14 insertions(+), 21 deletions(-) diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll index f7b5fc45f09..b19ed79928b 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll @@ -181,13 +181,6 @@ predicate containerStep(DataFlow::CfgNode nodeFrom, DataFlow::Node nodeTo) { // don't provide that right now. DataFlowPrivate::comprehensionStoreStep(nodeFrom, _, nodeTo) or - // constructor call - exists(DataFlow::CallCfgNode call | call = nodeTo | - call = API::builtin(["list", "set", "frozenset", "dict", "tuple"]).getACall() and - call.getArg(0) = nodeFrom - // TODO: Properly handle defaultdict/namedtuple - ) - or // functions operating on collections exists(DataFlow::CallCfgNode call | call = nodeTo | call = API::builtin(["sorted", "reversed", "iter", "next"]).getACall() and diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py index df30a75c3e3..96804ebe3d3 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py +++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py @@ -28,19 +28,19 @@ def test_construction(): ) ensure_tainted( - list(tainted_list), # $ tainted - list(tainted_tuple), # $ tainted - list(tainted_set), # $ tainted - list(tainted_dict.values()), # $ tainted - list(tainted_dict.items()), # $ tainted + list(tainted_list), # $ MISSING: tainted + list(tainted_tuple), # $ MISSING: tainted + list(tainted_set), # $ MISSING: tainted + list(tainted_dict.values()), # $ MISSING: tainted + list(tainted_dict.items()), # $ MISSING: tainted - tuple(tainted_list), # $ tainted - set(tainted_list), # $ tainted - frozenset(tainted_list), # $ tainted - dict(tainted_dict), # $ tainted + tuple(tainted_list), # $ MISSING: tainted + set(tainted_list), # $ MISSING: tainted + frozenset(tainted_list), # $ MISSING: tainted + dict(tainted_dict), # $ MISSING: tainted dict(k = tainted_string)["k"], # $ MISSING: tainted dict(dict(k = tainted_string))["k"], # $ MISSING: tainted - dict(["k", tainted_string]), # $ tainted + dict(["k", tainted_string]), # $ MISSING: tainted ) ensure_not_tainted( diff --git a/python/ql/test/library-tests/frameworks/aiohttp/taint_test.py b/python/ql/test/library-tests/frameworks/aiohttp/taint_test.py index ec475a592ab..0dcbbef1ffa 100644 --- a/python/ql/test/library-tests/frameworks/aiohttp/taint_test.py +++ b/python/ql/test/library-tests/frameworks/aiohttp/taint_test.py @@ -42,7 +42,7 @@ async def test_taint(request: web.Request): # $ requestHandler request.cookies.keys(), # $ MISSING: tainted request.cookies.values(), # $ tainted request.cookies.items(), # $ tainted - list(request.cookies), # $ tainted + list(request.cookies), # $ MISSING: tainted iter(request.cookies), # $ tainted diff --git a/python/ql/test/library-tests/frameworks/flask/taint_test.py b/python/ql/test/library-tests/frameworks/flask/taint_test.py index dcca8ff6681..510a6d30550 100644 --- a/python/ql/test/library-tests/frameworks/flask/taint_test.py +++ b/python/ql/test/library-tests/frameworks/flask/taint_test.py @@ -112,7 +112,7 @@ def test_taint(name = "World!", number="0", foo="foo"): # $requestHandler route request.headers.popitem()[0], # $ tainted request.headers.popitem()[1], # $ tainted # two ways to get (k, v) lists - list(request.headers), # $ tainted + list(request.headers), # $ MISSING: tainted request.headers.to_wsgi_list(), # $ tainted request.json, # $ tainted diff --git a/python/ql/test/library-tests/frameworks/multidict/taint_test.py b/python/ql/test/library-tests/frameworks/multidict/taint_test.py index 8fbac79888f..5e346a5df4b 100644 --- a/python/ql/test/library-tests/frameworks/multidict/taint_test.py +++ b/python/ql/test/library-tests/frameworks/multidict/taint_test.py @@ -16,7 +16,7 @@ ensure_tainted( mdp.values(), # $ tainted mdp.items(), # $ tainted mdp.copy(), # $ tainted - list(mdp), # $ tainted + list(mdp), # $ MISSING: tainted iter(mdp), # $ tainted ) @@ -36,6 +36,6 @@ ensure_tainted( ci_mdp.values(), # $ tainted ci_mdp.items(), # $ tainted ci_mdp.copy(), # $ tainted - list(ci_mdp), # $ tainted + list(ci_mdp), # $ MISSING: tainted iter(ci_mdp), # $ tainted ) From 03ef18b286fd8db4444a78b00a9cd124bef7d255 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 16 May 2023 11:55:07 +0100 Subject: [PATCH 385/870] Swift: Recommend a proper source of randomness in 'swift/hardcoded-key'. --- .../CWE-321/HardcodedEncryptionKey.swift | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.swift b/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.swift index 82ffaf3a94a..b3f0af7395e 100644 --- a/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.swift +++ b/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.swift @@ -13,13 +13,16 @@ func encrypt(padding : Padding) { // GOOD: Using randomly generated keys for encryption - let key = (0..<10).map({ _ in UInt8.random(in: 0...UInt8.max) }) - let keyString = String(cString: key) - let ivString = getRandomIV() - _ = try AES(key: key, blockMode: CBC(), padding: padding) - _ = try AES(key: keyString, iv: ivString) - _ = try Blowfish(key: key, blockMode: CBC(), padding: padding) - _ = try Blowfish(key: keyString, iv: ivString) + var key = [Int8](repeating: 0, count: 10) + let status = SecRandomCopyBytes(kSecRandomDefault, key.count, &key) + if status == errSecSuccess { + let keyString = String(cString: key) + let ivString = getRandomIV() + _ = try AES(key: key, blockMode: CBC(), padding: padding) + _ = try AES(key: keyString, iv: ivString) + _ = try Blowfish(key: key, blockMode: CBC(), padding: padding) + _ = try Blowfish(key: keyString, iv: ivString) + } // ... } From 5b4f98d6c422a085abe8a17e9183a8024f7baca8 Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Mon, 15 May 2023 11:00:43 +0200 Subject: [PATCH 386/870] python: Add summaries for container constructors Also: - turn on flow summaries for taint - do not restrict node type (as now we need summary nodes) --- .../new/internal/TaintTrackingPrivate.qll | 5 +- .../lib/semmle/python/frameworks/Stdlib.qll | 132 ++++++++++++++++++ .../dataflow/basic/callGraphSinks.expected | 5 + .../dataflow/basic/callGraphSources.expected | 5 + .../dataflow/basic/global.expected | 10 ++ .../dataflow/basic/globalStep.expected | 10 ++ .../dataflow/basic/local.expected | 34 +++++ .../dataflow/basic/localStep.expected | 10 ++ .../dataflow/basic/sinks.expected | 24 ++++ .../dataflow/basic/sources.expected | 24 ++++ .../dataflow/coverage/test_builtins.py | 26 ++-- .../basic/LocalTaintStep.expected | 15 ++ .../test_collections.py | 24 ++-- .../frameworks/aiohttp/taint_test.py | 2 +- .../frameworks/flask/taint_test.py | 2 +- .../frameworks/multidict/taint_test.py | 4 +- 16 files changed, 302 insertions(+), 30 deletions(-) diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll index b19ed79928b..3b32d95ae0b 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll @@ -1,6 +1,7 @@ private import python private import semmle.python.dataflow.new.DataFlow private import semmle.python.dataflow.new.internal.DataFlowPrivate as DataFlowPrivate +private import FlowSummaryImpl as FlowSummaryImpl private import semmle.python.dataflow.new.internal.TaintTrackingPublic private import semmle.python.ApiGraphs @@ -55,6 +56,8 @@ private module Cached { awaitStep(nodeFrom, nodeTo) or asyncWithStep(nodeFrom, nodeTo) + or + FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom, nodeTo, false) } } @@ -159,7 +162,7 @@ predicate stringManipulation(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeT * is currently very imprecise, as an example, since we model `dict.get`, we treat any * `.get()` will be tainted, whether it's true or not. */ -predicate containerStep(DataFlow::CfgNode nodeFrom, DataFlow::Node nodeTo) { +predicate containerStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { // construction by literal // // TODO: once we have proper flow-summary modeling, we might not need this step any diff --git a/python/ql/lib/semmle/python/frameworks/Stdlib.qll b/python/ql/lib/semmle/python/frameworks/Stdlib.qll index 7e62a5b033e..cd5ec31945e 100644 --- a/python/ql/lib/semmle/python/frameworks/Stdlib.qll +++ b/python/ql/lib/semmle/python/frameworks/Stdlib.qll @@ -3790,6 +3790,138 @@ private module StdlibPrivate { override DataFlow::Node getAPathArgument() { result = this.getAnInput() } } + // --------------------------------------------------------------------------- + // Flow summaries for functions contructing containers + // --------------------------------------------------------------------------- + /** A flow summary for `dict`. */ + class DictSummary extends SummarizedCallable { + DictSummary() { this = "builtins.dict" } + + override DataFlow::CallCfgNode getACall() { result = API::builtin("dict").getACall() } + + override DataFlow::ArgumentNode getACallback() { + result = API::builtin("dict").getAValueReachableFromSource() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + exists(DataFlow::DictionaryElementContent dc, string key | key = dc.getKey() | + input = "Argument[0].DictionaryElement[" + key + "]" and + output = "ReturnValue.DictionaryElement[" + key + "]" and + preservesValue = true + ) + or + exists(DataFlow::DictionaryElementContent dc, string key | key = dc.getKey() | + input = "Argument[" + key + ":]" and + output = "ReturnValue.DictionaryElement[" + key + "]" and + preservesValue = true + ) + or + input = "Argument[0]" and + output = "ReturnValue" and + preservesValue = false + } + } + + /** A flow summary for `list`. */ + class ListSummary extends SummarizedCallable { + ListSummary() { this = "builtins.list" } + + override DataFlow::CallCfgNode getACall() { result = API::builtin("list").getACall() } + + override DataFlow::ArgumentNode getACallback() { + result = API::builtin("list").getAValueReachableFromSource() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + input = "Argument[0].ListElement" + or + input = "Argument[0].SetElement" + or + exists(DataFlow::TupleElementContent tc, int i | i = tc.getIndex() | + input = "Argument[0].TupleElement[" + i.toString() + "]" + ) + // TODO: Once we have DictKeyContent, we need to transform that into ListElementContent + ) and + output = "ReturnValue.ListElement" and + preservesValue = true + or + input = "Argument[0]" and + output = "ReturnValue" and + preservesValue = false + } + } + + /** A flow summary for tuple */ + class TupleSummary extends SummarizedCallable { + TupleSummary() { this = "builtins.tuple" } + + override DataFlow::CallCfgNode getACall() { result = API::builtin("tuple").getACall() } + + override DataFlow::ArgumentNode getACallback() { + result = API::builtin("tuple").getAValueReachableFromSource() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + exists(DataFlow::TupleElementContent tc, int i | i = tc.getIndex() | + input = "Argument[0].TupleElement[" + i.toString() + "]" and + output = "ReturnValue.TupleElement[" + i.toString() + "]" and + preservesValue = true + ) + or + // TODO: We need to also translate iterable content such as list element + // but we currently lack TupleElementAny + input = "Argument[0]" and + output = "ReturnValue" and + preservesValue = false + } + } + + /** A flow summary for set */ + class SetSummary extends SummarizedCallable { + SetSummary() { this = "builtins.set" } + + override DataFlow::CallCfgNode getACall() { result = API::builtin("set").getACall() } + + override DataFlow::ArgumentNode getACallback() { + result = API::builtin("set").getAValueReachableFromSource() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + ( + input = "Argument[0].ListElement" + or + input = "Argument[0].SetElement" + or + exists(DataFlow::TupleElementContent tc, int i | i = tc.getIndex() | + input = "Argument[0].TupleElement[" + i.toString() + "]" + ) + // TODO: Once we have DictKeyContent, we need to transform that into ListElementContent + ) and + output = "ReturnValue.SetElement" and + preservesValue = true + or + input = "Argument[0]" and + output = "ReturnValue" and + preservesValue = false + } + } + + /** A flow summary for frozenset */ + class FrozensetSummary extends SummarizedCallable { + FrozensetSummary() { this = "builtins.frozenset" } + + override DataFlow::CallCfgNode getACall() { result = API::builtin("frozenset").getACall() } + + override DataFlow::ArgumentNode getACallback() { + result = API::builtin("frozenset").getAValueReachableFromSource() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + any(SetSummary s).propagatesFlowExt(input, output, preservesValue) + } + } + /** A flow summary for `reversed`. */ class ReversedSummary extends SummarizedCallable { ReversedSummary() { this = "builtins.reversed" } diff --git a/python/ql/test/experimental/dataflow/basic/callGraphSinks.expected b/python/ql/test/experimental/dataflow/basic/callGraphSinks.expected index ef35d8f5039..02c43353fbd 100644 --- a/python/ql/test/experimental/dataflow/basic/callGraphSinks.expected +++ b/python/ql/test/experimental/dataflow/basic/callGraphSinks.expected @@ -1,4 +1,9 @@ +| file://:0:0:0:0 | parameter position 0 of builtins.dict | +| file://:0:0:0:0 | parameter position 0 of builtins.frozenset | +| file://:0:0:0:0 | parameter position 0 of builtins.list | | file://:0:0:0:0 | parameter position 0 of builtins.reversed | +| file://:0:0:0:0 | parameter position 0 of builtins.set | +| file://:0:0:0:0 | parameter position 0 of builtins.tuple | | file://:0:0:0:0 | parameter position 1 of dict.setdefault | | test.py:1:1:1:21 | SynthDictSplatParameterNode | | test.py:1:19:1:19 | ControlFlowNode for x | diff --git a/python/ql/test/experimental/dataflow/basic/callGraphSources.expected b/python/ql/test/experimental/dataflow/basic/callGraphSources.expected index 74d546c5f2b..5ef30fa5871 100644 --- a/python/ql/test/experimental/dataflow/basic/callGraphSources.expected +++ b/python/ql/test/experimental/dataflow/basic/callGraphSources.expected @@ -1,4 +1,9 @@ +| file://:0:0:0:0 | [summary] to write: return (return) in builtins.dict | +| file://:0:0:0:0 | [summary] to write: return (return) in builtins.frozenset | +| file://:0:0:0:0 | [summary] to write: return (return) in builtins.list | | file://:0:0:0:0 | [summary] to write: return (return) in builtins.reversed | +| file://:0:0:0:0 | [summary] to write: return (return) in builtins.set | +| file://:0:0:0:0 | [summary] to write: return (return) in builtins.tuple | | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault | | test.py:4:10:4:10 | ControlFlowNode for z | | test.py:7:19:7:19 | ControlFlowNode for a | diff --git a/python/ql/test/experimental/dataflow/basic/global.expected b/python/ql/test/experimental/dataflow/basic/global.expected index 11696c17335..60511486372 100644 --- a/python/ql/test/experimental/dataflow/basic/global.expected +++ b/python/ql/test/experimental/dataflow/basic/global.expected @@ -1,4 +1,14 @@ +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | | file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed | +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.tuple | file://:0:0:0:0 | [summary] to write: return (return).Tuple element at index 0 in builtins.tuple | | file://:0:0:0:0 | parameter position 1 of dict.setdefault | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault | | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id | | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | diff --git a/python/ql/test/experimental/dataflow/basic/globalStep.expected b/python/ql/test/experimental/dataflow/basic/globalStep.expected index b11ee6fe249..79924c7d55a 100644 --- a/python/ql/test/experimental/dataflow/basic/globalStep.expected +++ b/python/ql/test/experimental/dataflow/basic/globalStep.expected @@ -1,4 +1,14 @@ +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | | file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed | +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.tuple | file://:0:0:0:0 | [summary] to write: return (return).Tuple element at index 0 in builtins.tuple | | file://:0:0:0:0 | parameter position 1 of dict.setdefault | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault | | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id | | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id | diff --git a/python/ql/test/experimental/dataflow/basic/local.expected b/python/ql/test/experimental/dataflow/basic/local.expected index 18497a00a60..8f1455df883 100644 --- a/python/ql/test/experimental/dataflow/basic/local.expected +++ b/python/ql/test/experimental/dataflow/basic/local.expected @@ -1,9 +1,43 @@ +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.frozenset | file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.list | file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.list | +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | | file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | | file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed | +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.set | file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.frozenset | file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.list | file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.list | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.set | file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.frozenset | file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.list | file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.list | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.set | file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.tuple | file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.tuple | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.tuple | file://:0:0:0:0 | [summary] to write: return (return).Tuple element at index 0 in builtins.tuple | +| file://:0:0:0:0 | [summary] to write: return (return) in builtins.dict | file://:0:0:0:0 | [summary] to write: return (return) in builtins.dict | +| file://:0:0:0:0 | [summary] to write: return (return) in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return) in builtins.frozenset | +| file://:0:0:0:0 | [summary] to write: return (return) in builtins.list | file://:0:0:0:0 | [summary] to write: return (return) in builtins.list | | file://:0:0:0:0 | [summary] to write: return (return) in builtins.reversed | file://:0:0:0:0 | [summary] to write: return (return) in builtins.reversed | +| file://:0:0:0:0 | [summary] to write: return (return) in builtins.set | file://:0:0:0:0 | [summary] to write: return (return) in builtins.set | +| file://:0:0:0:0 | [summary] to write: return (return) in builtins.tuple | file://:0:0:0:0 | [summary] to write: return (return) in builtins.tuple | | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault | +| file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed | +| file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | +| file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | +| file://:0:0:0:0 | [summary] to write: return (return).Tuple element at index 0 in builtins.tuple | file://:0:0:0:0 | [summary] to write: return (return).Tuple element at index 0 in builtins.tuple | +| file://:0:0:0:0 | parameter position 0 of builtins.dict | file://:0:0:0:0 | parameter position 0 of builtins.dict | +| file://:0:0:0:0 | parameter position 0 of builtins.frozenset | file://:0:0:0:0 | parameter position 0 of builtins.frozenset | +| file://:0:0:0:0 | parameter position 0 of builtins.list | file://:0:0:0:0 | parameter position 0 of builtins.list | | file://:0:0:0:0 | parameter position 0 of builtins.reversed | file://:0:0:0:0 | parameter position 0 of builtins.reversed | +| file://:0:0:0:0 | parameter position 0 of builtins.set | file://:0:0:0:0 | parameter position 0 of builtins.set | +| file://:0:0:0:0 | parameter position 0 of builtins.tuple | file://:0:0:0:0 | parameter position 0 of builtins.tuple | | file://:0:0:0:0 | parameter position 1 of dict.setdefault | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault | | file://:0:0:0:0 | parameter position 1 of dict.setdefault | file://:0:0:0:0 | parameter position 1 of dict.setdefault | | test.py:0:0:0:0 | GSSA Variable __name__ | test.py:0:0:0:0 | GSSA Variable __name__ | diff --git a/python/ql/test/experimental/dataflow/basic/localStep.expected b/python/ql/test/experimental/dataflow/basic/localStep.expected index d05e8aa3a42..943ff65d1ea 100644 --- a/python/ql/test/experimental/dataflow/basic/localStep.expected +++ b/python/ql/test/experimental/dataflow/basic/localStep.expected @@ -1,4 +1,14 @@ +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | | file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed | +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.tuple | file://:0:0:0:0 | [summary] to write: return (return).Tuple element at index 0 in builtins.tuple | | file://:0:0:0:0 | parameter position 1 of dict.setdefault | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault | | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id | | test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | diff --git a/python/ql/test/experimental/dataflow/basic/sinks.expected b/python/ql/test/experimental/dataflow/basic/sinks.expected index 1e516e32336..18edca26f98 100644 --- a/python/ql/test/experimental/dataflow/basic/sinks.expected +++ b/python/ql/test/experimental/dataflow/basic/sinks.expected @@ -1,8 +1,32 @@ +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.list | | file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.list | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.list | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.tuple | +| file://:0:0:0:0 | [summary] to write: return (return) in builtins.dict | +| file://:0:0:0:0 | [summary] to write: return (return) in builtins.frozenset | +| file://:0:0:0:0 | [summary] to write: return (return) in builtins.list | | file://:0:0:0:0 | [summary] to write: return (return) in builtins.reversed | +| file://:0:0:0:0 | [summary] to write: return (return) in builtins.set | +| file://:0:0:0:0 | [summary] to write: return (return) in builtins.tuple | | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault | +| file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed | +| file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | +| file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | +| file://:0:0:0:0 | [summary] to write: return (return).Tuple element at index 0 in builtins.tuple | +| file://:0:0:0:0 | parameter position 0 of builtins.dict | +| file://:0:0:0:0 | parameter position 0 of builtins.frozenset | +| file://:0:0:0:0 | parameter position 0 of builtins.list | | file://:0:0:0:0 | parameter position 0 of builtins.reversed | +| file://:0:0:0:0 | parameter position 0 of builtins.set | +| file://:0:0:0:0 | parameter position 0 of builtins.tuple | | file://:0:0:0:0 | parameter position 1 of dict.setdefault | | test.py:0:0:0:0 | GSSA Variable __name__ | | test.py:0:0:0:0 | GSSA Variable __package__ | diff --git a/python/ql/test/experimental/dataflow/basic/sources.expected b/python/ql/test/experimental/dataflow/basic/sources.expected index 1e516e32336..18edca26f98 100644 --- a/python/ql/test/experimental/dataflow/basic/sources.expected +++ b/python/ql/test/experimental/dataflow/basic/sources.expected @@ -1,8 +1,32 @@ +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.list | | file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.list | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.list | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.tuple | +| file://:0:0:0:0 | [summary] to write: return (return) in builtins.dict | +| file://:0:0:0:0 | [summary] to write: return (return) in builtins.frozenset | +| file://:0:0:0:0 | [summary] to write: return (return) in builtins.list | | file://:0:0:0:0 | [summary] to write: return (return) in builtins.reversed | +| file://:0:0:0:0 | [summary] to write: return (return) in builtins.set | +| file://:0:0:0:0 | [summary] to write: return (return) in builtins.tuple | | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault | +| file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed | +| file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | +| file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | +| file://:0:0:0:0 | [summary] to write: return (return).Tuple element at index 0 in builtins.tuple | +| file://:0:0:0:0 | parameter position 0 of builtins.dict | +| file://:0:0:0:0 | parameter position 0 of builtins.frozenset | +| file://:0:0:0:0 | parameter position 0 of builtins.list | | file://:0:0:0:0 | parameter position 0 of builtins.reversed | +| file://:0:0:0:0 | parameter position 0 of builtins.set | +| file://:0:0:0:0 | parameter position 0 of builtins.tuple | | file://:0:0:0:0 | parameter position 1 of dict.setdefault | | test.py:0:0:0:0 | GSSA Variable __name__ | | test.py:0:0:0:0 | GSSA Variable __package__ | diff --git a/python/ql/test/experimental/dataflow/coverage/test_builtins.py b/python/ql/test/experimental/dataflow/coverage/test_builtins.py index 5d9d92ffcb8..4a3ee95fedf 100644 --- a/python/ql/test/experimental/dataflow/coverage/test_builtins.py +++ b/python/ql/test/experimental/dataflow/coverage/test_builtins.py @@ -41,8 +41,8 @@ def SINK_F(x): def test_list_from_list(): l1 = [SOURCE, NONSOURCE] l2 = list(l1) - SINK(l2[0]) #$ MISSING: flow="SOURCE, l:-2 -> l2[0]" - SINK_F(l2[1]) # expecting FP due to imprecise flow + SINK(l2[0]) #$ flow="SOURCE, l:-2 -> l2[0]" + SINK_F(l2[1]) #$ SPURIOUS: flow="SOURCE, l:-3 -> l2[1]" # -- skip list_from_string @@ -50,13 +50,13 @@ def test_list_from_list(): def test_list_from_tuple(): t = (SOURCE, NONSOURCE) l = list(t) - SINK(l[0]) #$ MISSING: flow="SOURCE, l:-2 -> l[0]" - SINK_F(l[1]) # expecting FP due to imprecise flow + SINK(l[0]) #$ flow="SOURCE, l:-2 -> l[0]" + SINK_F(l[1]) #$ SPURIOUS: flow="SOURCE, l:-3 -> l[1]" def test_list_from_set(): s = {SOURCE} l = list(s) - SINK(l[0]) #$ MISSING: flow="SOURCE, l:-2 -> l[0]" + SINK(l[0]) #$ flow="SOURCE, l:-2 -> l[0]" @expects(2) def test_list_from_dict(): @@ -78,7 +78,7 @@ def test_tuple_from_list(): def test_tuple_from_tuple(): t0 = (SOURCE, NONSOURCE) t = tuple(t0) - SINK(t[0]) #$ MISSING: flow="SOURCE, l:-2 -> t[0]" + SINK(t[0]) #$ flow="SOURCE, l:-2 -> t[0]" SINK_F(t[1]) def test_tuple_from_set(): @@ -100,19 +100,19 @@ def test_set_from_list(): l = [SOURCE] s = set(l) v = s.pop() - SINK(v) #$ MISSING: flow="SOURCE, l:-3 -> v" + SINK(v) #$ flow="SOURCE, l:-3 -> v" def test_set_from_tuple(): t = (SOURCE,) s = set(t) v = s.pop() - SINK(v) #$ MISSING: flow="SOURCE, l:-3 -> v" + SINK(v) #$ flow="SOURCE, l:-3 -> v" def test_set_from_set(): s0 = {SOURCE} s = set(s0) v = s.pop() - SINK(v) #$ MISSING: flow="SOURCE, l:-3 -> v" + SINK(v) #$ flow="SOURCE, l:-3 -> v" def test_set_from_dict(): d = {SOURCE: "val"} @@ -126,7 +126,7 @@ def test_set_from_dict(): @expects(2) def test_dict_from_keyword(): d = dict(k = SOURCE, k1 = NONSOURCE) - SINK(d["k"]) #$ MISSING: flow="SOURCE, l:-1 -> d[k]" + SINK(d["k"]) #$ flow="SOURCE, l:-1 -> d['k']" SINK_F(d["k1"]) @expects(2) @@ -139,7 +139,7 @@ def test_dict_from_list(): def test_dict_from_dict(): d1 = {'k': SOURCE, 'k1': NONSOURCE} d2 = dict(d1) - SINK(d2["k"]) #$ MISSING: flow="SOURCE, l:-2 -> d[k]" + SINK(d2["k"]) #$ flow="SOURCE, l:-2 -> d2['k']" SINK_F(d2["k1"]) ## Container methods @@ -278,8 +278,8 @@ def test_reversed_list(): l0 = [SOURCE, NONSOURCE] r = reversed(l0) l = list(r) - SINK_F(l[0]) - SINK(l[1]) #$ MISSING: flow="SOURCE, l:-4 -> l[1]" + SINK_F(l[0]) #$ SPURIOUS: flow="SOURCE, l:-3 -> l[0]" + SINK(l[1]) #$ flow="SOURCE, l:-4 -> l[1]" @expects(2) def test_reversed_tuple(): diff --git a/python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.expected b/python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.expected index ef6f6a2929b..51fd643577a 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.expected +++ b/python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.expected @@ -1,4 +1,19 @@ +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | | file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed | +| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | +| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | +| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.tuple | file://:0:0:0:0 | [summary] to write: return (return).Tuple element at index 0 in builtins.tuple | +| file://:0:0:0:0 | parameter position 0 of builtins.dict | file://:0:0:0:0 | [summary] to write: return (return) in builtins.dict | +| file://:0:0:0:0 | parameter position 0 of builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return) in builtins.frozenset | +| file://:0:0:0:0 | parameter position 0 of builtins.list | file://:0:0:0:0 | [summary] to write: return (return) in builtins.list | +| file://:0:0:0:0 | parameter position 0 of builtins.set | file://:0:0:0:0 | [summary] to write: return (return) in builtins.set | +| file://:0:0:0:0 | parameter position 0 of builtins.tuple | file://:0:0:0:0 | [summary] to write: return (return) in builtins.tuple | | file://:0:0:0:0 | parameter position 1 of dict.setdefault | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault | | test.py:3:1:3:7 | GSSA Variable tainted | test.py:4:6:4:12 | ControlFlowNode for tainted | | test.py:3:11:3:16 | ControlFlowNode for SOURCE | test.py:3:1:3:7 | GSSA Variable tainted | diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py index 96804ebe3d3..50f9a613f9b 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py +++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py @@ -28,19 +28,19 @@ def test_construction(): ) ensure_tainted( - list(tainted_list), # $ MISSING: tainted - list(tainted_tuple), # $ MISSING: tainted - list(tainted_set), # $ MISSING: tainted - list(tainted_dict.values()), # $ MISSING: tainted - list(tainted_dict.items()), # $ MISSING: tainted + list(tainted_list), # $ tainted + list(tainted_tuple), # $ tainted + list(tainted_set), # $ tainted + list(tainted_dict.values()), # $ tainted + list(tainted_dict.items()), # $ tainted - tuple(tainted_list), # $ MISSING: tainted - set(tainted_list), # $ MISSING: tainted - frozenset(tainted_list), # $ MISSING: tainted - dict(tainted_dict), # $ MISSING: tainted - dict(k = tainted_string)["k"], # $ MISSING: tainted - dict(dict(k = tainted_string))["k"], # $ MISSING: tainted - dict(["k", tainted_string]), # $ MISSING: tainted + tuple(tainted_list), # $ tainted + set(tainted_list), # $ tainted + frozenset(tainted_list), # $ tainted + dict(tainted_dict), # $ tainted + dict(k = tainted_string)["k"], # $ tainted + dict(dict(k = tainted_string))["k"], # $ tainted + dict(["k", tainted_string]), # $ tainted ) ensure_not_tainted( diff --git a/python/ql/test/library-tests/frameworks/aiohttp/taint_test.py b/python/ql/test/library-tests/frameworks/aiohttp/taint_test.py index 0dcbbef1ffa..ec475a592ab 100644 --- a/python/ql/test/library-tests/frameworks/aiohttp/taint_test.py +++ b/python/ql/test/library-tests/frameworks/aiohttp/taint_test.py @@ -42,7 +42,7 @@ async def test_taint(request: web.Request): # $ requestHandler request.cookies.keys(), # $ MISSING: tainted request.cookies.values(), # $ tainted request.cookies.items(), # $ tainted - list(request.cookies), # $ MISSING: tainted + list(request.cookies), # $ tainted iter(request.cookies), # $ tainted diff --git a/python/ql/test/library-tests/frameworks/flask/taint_test.py b/python/ql/test/library-tests/frameworks/flask/taint_test.py index 510a6d30550..dcca8ff6681 100644 --- a/python/ql/test/library-tests/frameworks/flask/taint_test.py +++ b/python/ql/test/library-tests/frameworks/flask/taint_test.py @@ -112,7 +112,7 @@ def test_taint(name = "World!", number="0", foo="foo"): # $requestHandler route request.headers.popitem()[0], # $ tainted request.headers.popitem()[1], # $ tainted # two ways to get (k, v) lists - list(request.headers), # $ MISSING: tainted + list(request.headers), # $ tainted request.headers.to_wsgi_list(), # $ tainted request.json, # $ tainted diff --git a/python/ql/test/library-tests/frameworks/multidict/taint_test.py b/python/ql/test/library-tests/frameworks/multidict/taint_test.py index 5e346a5df4b..8fbac79888f 100644 --- a/python/ql/test/library-tests/frameworks/multidict/taint_test.py +++ b/python/ql/test/library-tests/frameworks/multidict/taint_test.py @@ -16,7 +16,7 @@ ensure_tainted( mdp.values(), # $ tainted mdp.items(), # $ tainted mdp.copy(), # $ tainted - list(mdp), # $ MISSING: tainted + list(mdp), # $ tainted iter(mdp), # $ tainted ) @@ -36,6 +36,6 @@ ensure_tainted( ci_mdp.values(), # $ tainted ci_mdp.items(), # $ tainted ci_mdp.copy(), # $ tainted - list(ci_mdp), # $ MISSING: tainted + list(ci_mdp), # $ tainted iter(ci_mdp), # $ tainted ) From 5d68473d1281bedb220c9ef365a5828dfba795a9 Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen Date: Mon, 15 May 2023 21:18:51 +0200 Subject: [PATCH 387/870] python: elide nodes without location from basic --- .../experimental/dataflow/basic/callGraph.ql | 5 ++- .../dataflow/basic/callGraphSinks.expected | 7 ---- .../dataflow/basic/callGraphSinks.ql | 4 +- .../dataflow/basic/callGraphSources.expected | 7 ---- .../dataflow/basic/callGraphSources.ql | 4 +- .../dataflow/basic/global.expected | 12 ------ .../experimental/dataflow/basic/global.ql | 4 +- .../dataflow/basic/globalStep.expected | 12 ------ .../experimental/dataflow/basic/globalStep.ql | 5 ++- .../dataflow/basic/local.expected | 42 ------------------- .../test/experimental/dataflow/basic/local.ql | 5 ++- .../dataflow/basic/localStep.expected | 12 ------ .../experimental/dataflow/basic/localStep.ql | 5 ++- .../dataflow/basic/maximalFlows.expected | 1 - .../dataflow/basic/maximalFlows.ql | 4 +- .../dataflow/basic/sinks.expected | 30 ------------- .../test/experimental/dataflow/basic/sinks.ql | 4 +- .../dataflow/basic/sources.expected | 30 ------------- .../experimental/dataflow/basic/sources.ql | 4 +- .../basic/LocalTaintStep.expected | 17 -------- .../tainttracking/basic/LocalTaintStep.ql | 5 ++- 21 files changed, 38 insertions(+), 181 deletions(-) diff --git a/python/ql/test/experimental/dataflow/basic/callGraph.ql b/python/ql/test/experimental/dataflow/basic/callGraph.ql index 2e8d6956c70..d83da4c5c11 100644 --- a/python/ql/test/experimental/dataflow/basic/callGraph.ql +++ b/python/ql/test/experimental/dataflow/basic/callGraph.ql @@ -1,5 +1,8 @@ import experimental.dataflow.callGraphConfig from DataFlow::Node source, DataFlow::Node sink -where exists(CallGraphConfig cfg | cfg.hasFlow(source, sink)) +where + exists(CallGraphConfig cfg | cfg.hasFlow(source, sink)) and + exists(source.getLocation().getFile().getRelativePath()) and + exists(sink.getLocation().getFile().getRelativePath()) select source, sink diff --git a/python/ql/test/experimental/dataflow/basic/callGraphSinks.expected b/python/ql/test/experimental/dataflow/basic/callGraphSinks.expected index 02c43353fbd..e4b8f905530 100644 --- a/python/ql/test/experimental/dataflow/basic/callGraphSinks.expected +++ b/python/ql/test/experimental/dataflow/basic/callGraphSinks.expected @@ -1,10 +1,3 @@ -| file://:0:0:0:0 | parameter position 0 of builtins.dict | -| file://:0:0:0:0 | parameter position 0 of builtins.frozenset | -| file://:0:0:0:0 | parameter position 0 of builtins.list | -| file://:0:0:0:0 | parameter position 0 of builtins.reversed | -| file://:0:0:0:0 | parameter position 0 of builtins.set | -| file://:0:0:0:0 | parameter position 0 of builtins.tuple | -| file://:0:0:0:0 | parameter position 1 of dict.setdefault | | test.py:1:1:1:21 | SynthDictSplatParameterNode | | test.py:1:19:1:19 | ControlFlowNode for x | | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() | diff --git a/python/ql/test/experimental/dataflow/basic/callGraphSinks.ql b/python/ql/test/experimental/dataflow/basic/callGraphSinks.ql index 7d15b353274..8b9f57a0462 100644 --- a/python/ql/test/experimental/dataflow/basic/callGraphSinks.ql +++ b/python/ql/test/experimental/dataflow/basic/callGraphSinks.ql @@ -1,5 +1,7 @@ import experimental.dataflow.callGraphConfig from DataFlow::Node sink -where exists(CallGraphConfig cfg | cfg.isSink(sink)) +where + exists(CallGraphConfig cfg | cfg.isSink(sink)) and + exists(sink.getLocation().getFile().getRelativePath()) select sink diff --git a/python/ql/test/experimental/dataflow/basic/callGraphSources.expected b/python/ql/test/experimental/dataflow/basic/callGraphSources.expected index 5ef30fa5871..4023ba8f3ea 100644 --- a/python/ql/test/experimental/dataflow/basic/callGraphSources.expected +++ b/python/ql/test/experimental/dataflow/basic/callGraphSources.expected @@ -1,9 +1,2 @@ -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.dict | -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.frozenset | -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.list | -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.reversed | -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.set | -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.tuple | -| file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault | | test.py:4:10:4:10 | ControlFlowNode for z | | test.py:7:19:7:19 | ControlFlowNode for a | diff --git a/python/ql/test/experimental/dataflow/basic/callGraphSources.ql b/python/ql/test/experimental/dataflow/basic/callGraphSources.ql index 21c3a5a9ace..e482a07cf39 100644 --- a/python/ql/test/experimental/dataflow/basic/callGraphSources.ql +++ b/python/ql/test/experimental/dataflow/basic/callGraphSources.ql @@ -1,5 +1,7 @@ import experimental.dataflow.callGraphConfig from DataFlow::Node source -where exists(CallGraphConfig cfg | cfg.isSource(source)) +where + exists(CallGraphConfig cfg | cfg.isSource(source)) and + exists(source.getLocation().getFile().getRelativePath()) select source diff --git a/python/ql/test/experimental/dataflow/basic/global.expected b/python/ql/test/experimental/dataflow/basic/global.expected index 60511486372..8894bcc190a 100644 --- a/python/ql/test/experimental/dataflow/basic/global.expected +++ b/python/ql/test/experimental/dataflow/basic/global.expected @@ -1,15 +1,3 @@ -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.tuple | file://:0:0:0:0 | [summary] to write: return (return).Tuple element at index 0 in builtins.tuple | -| file://:0:0:0:0 | parameter position 1 of dict.setdefault | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault | | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id | | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | | test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | diff --git a/python/ql/test/experimental/dataflow/basic/global.ql b/python/ql/test/experimental/dataflow/basic/global.ql index ba9a302b05b..ecab29899e3 100644 --- a/python/ql/test/experimental/dataflow/basic/global.ql +++ b/python/ql/test/experimental/dataflow/basic/global.ql @@ -3,5 +3,7 @@ import allFlowsConfig from DataFlow::Node source, DataFlow::Node sink where source != sink and - exists(AllFlowsConfig cfg | cfg.hasFlow(source, sink)) + exists(AllFlowsConfig cfg | cfg.hasFlow(source, sink)) and + exists(source.getLocation().getFile().getRelativePath()) and + exists(sink.getLocation().getFile().getRelativePath()) select source, sink diff --git a/python/ql/test/experimental/dataflow/basic/globalStep.expected b/python/ql/test/experimental/dataflow/basic/globalStep.expected index 79924c7d55a..9f228998b9c 100644 --- a/python/ql/test/experimental/dataflow/basic/globalStep.expected +++ b/python/ql/test/experimental/dataflow/basic/globalStep.expected @@ -1,15 +1,3 @@ -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.tuple | file://:0:0:0:0 | [summary] to write: return (return).Tuple element at index 0 in builtins.tuple | -| file://:0:0:0:0 | parameter position 1 of dict.setdefault | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault | | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id | | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id | | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | diff --git a/python/ql/test/experimental/dataflow/basic/globalStep.ql b/python/ql/test/experimental/dataflow/basic/globalStep.ql index 18014b2cc5f..9b19749b2d8 100644 --- a/python/ql/test/experimental/dataflow/basic/globalStep.ql +++ b/python/ql/test/experimental/dataflow/basic/globalStep.ql @@ -1,5 +1,8 @@ import allFlowsConfig from DataFlow::PathNode fromNode, DataFlow::PathNode toNode -where toNode = fromNode.getASuccessor() +where + toNode = fromNode.getASuccessor() and + exists(fromNode.getNode().getLocation().getFile().getRelativePath()) and + exists(toNode.getNode().getLocation().getFile().getRelativePath()) select fromNode, toNode diff --git a/python/ql/test/experimental/dataflow/basic/local.expected b/python/ql/test/experimental/dataflow/basic/local.expected index 8f1455df883..cdf40018ed0 100644 --- a/python/ql/test/experimental/dataflow/basic/local.expected +++ b/python/ql/test/experimental/dataflow/basic/local.expected @@ -1,45 +1,3 @@ -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.frozenset | file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.list | file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.set | file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.frozenset | file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.list | file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.set | file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.frozenset | file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.list | file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.set | file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.tuple | file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.tuple | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.tuple | file://:0:0:0:0 | [summary] to write: return (return).Tuple element at index 0 in builtins.tuple | -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.dict | file://:0:0:0:0 | [summary] to write: return (return) in builtins.dict | -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return) in builtins.frozenset | -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.list | file://:0:0:0:0 | [summary] to write: return (return) in builtins.list | -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.reversed | file://:0:0:0:0 | [summary] to write: return (return) in builtins.reversed | -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.set | file://:0:0:0:0 | [summary] to write: return (return) in builtins.set | -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.tuple | file://:0:0:0:0 | [summary] to write: return (return) in builtins.tuple | -| file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault | -| file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | -| file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed | -| file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | -| file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | -| file://:0:0:0:0 | [summary] to write: return (return).Tuple element at index 0 in builtins.tuple | file://:0:0:0:0 | [summary] to write: return (return).Tuple element at index 0 in builtins.tuple | -| file://:0:0:0:0 | parameter position 0 of builtins.dict | file://:0:0:0:0 | parameter position 0 of builtins.dict | -| file://:0:0:0:0 | parameter position 0 of builtins.frozenset | file://:0:0:0:0 | parameter position 0 of builtins.frozenset | -| file://:0:0:0:0 | parameter position 0 of builtins.list | file://:0:0:0:0 | parameter position 0 of builtins.list | -| file://:0:0:0:0 | parameter position 0 of builtins.reversed | file://:0:0:0:0 | parameter position 0 of builtins.reversed | -| file://:0:0:0:0 | parameter position 0 of builtins.set | file://:0:0:0:0 | parameter position 0 of builtins.set | -| file://:0:0:0:0 | parameter position 0 of builtins.tuple | file://:0:0:0:0 | parameter position 0 of builtins.tuple | -| file://:0:0:0:0 | parameter position 1 of dict.setdefault | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault | -| file://:0:0:0:0 | parameter position 1 of dict.setdefault | file://:0:0:0:0 | parameter position 1 of dict.setdefault | | test.py:0:0:0:0 | GSSA Variable __name__ | test.py:0:0:0:0 | GSSA Variable __name__ | | test.py:0:0:0:0 | GSSA Variable __package__ | test.py:0:0:0:0 | GSSA Variable __package__ | | test.py:0:0:0:0 | GSSA Variable b | test.py:0:0:0:0 | GSSA Variable b | diff --git a/python/ql/test/experimental/dataflow/basic/local.ql b/python/ql/test/experimental/dataflow/basic/local.ql index 5541cea33dc..e13013d2210 100644 --- a/python/ql/test/experimental/dataflow/basic/local.ql +++ b/python/ql/test/experimental/dataflow/basic/local.ql @@ -1,5 +1,8 @@ import semmle.python.dataflow.new.DataFlow from DataFlow::Node fromNode, DataFlow::Node toNode -where DataFlow::localFlow(fromNode, toNode) +where + DataFlow::localFlow(fromNode, toNode) and + exists(fromNode.getLocation().getFile().getRelativePath()) and + exists(toNode.getLocation().getFile().getRelativePath()) select fromNode, toNode diff --git a/python/ql/test/experimental/dataflow/basic/localStep.expected b/python/ql/test/experimental/dataflow/basic/localStep.expected index 943ff65d1ea..e147bb9f4fc 100644 --- a/python/ql/test/experimental/dataflow/basic/localStep.expected +++ b/python/ql/test/experimental/dataflow/basic/localStep.expected @@ -1,15 +1,3 @@ -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.tuple | file://:0:0:0:0 | [summary] to write: return (return).Tuple element at index 0 in builtins.tuple | -| file://:0:0:0:0 | parameter position 1 of dict.setdefault | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault | | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id | | test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id | | test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | SSA variable x | diff --git a/python/ql/test/experimental/dataflow/basic/localStep.ql b/python/ql/test/experimental/dataflow/basic/localStep.ql index 4e32450f496..37b6bd1a7af 100644 --- a/python/ql/test/experimental/dataflow/basic/localStep.ql +++ b/python/ql/test/experimental/dataflow/basic/localStep.ql @@ -1,5 +1,8 @@ import semmle.python.dataflow.new.DataFlow from DataFlow::Node fromNode, DataFlow::Node toNode -where DataFlow::localFlowStep(fromNode, toNode) +where + DataFlow::localFlowStep(fromNode, toNode) and + exists(fromNode.getLocation().getFile().getRelativePath()) and + exists(toNode.getLocation().getFile().getRelativePath()) select fromNode, toNode diff --git a/python/ql/test/experimental/dataflow/basic/maximalFlows.expected b/python/ql/test/experimental/dataflow/basic/maximalFlows.expected index b65b4b4d30a..b6f8a1730f1 100644 --- a/python/ql/test/experimental/dataflow/basic/maximalFlows.expected +++ b/python/ql/test/experimental/dataflow/basic/maximalFlows.expected @@ -1,4 +1,3 @@ -| file://:0:0:0:0 | parameter position 1 of dict.setdefault | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault | | test.py:1:19:1:19 | ControlFlowNode for x | test.py:4:10:4:10 | ControlFlowNode for z | | test.py:1:19:1:19 | ControlFlowNode for x | test.py:7:1:7:1 | GSSA Variable b | | test.py:1:19:1:19 | SSA variable x | test.py:4:10:4:10 | ControlFlowNode for z | diff --git a/python/ql/test/experimental/dataflow/basic/maximalFlows.ql b/python/ql/test/experimental/dataflow/basic/maximalFlows.ql index ddd673954b9..a314cfca612 100644 --- a/python/ql/test/experimental/dataflow/basic/maximalFlows.ql +++ b/python/ql/test/experimental/dataflow/basic/maximalFlows.ql @@ -3,5 +3,7 @@ import maximalFlowsConfig from DataFlow::Node source, DataFlow::Node sink where source != sink and - exists(MaximalFlowsConfig cfg | cfg.hasFlow(source, sink)) + exists(MaximalFlowsConfig cfg | cfg.hasFlow(source, sink)) and + exists(source.getLocation().getFile().getRelativePath()) and + exists(sink.getLocation().getFile().getRelativePath()) select source, sink diff --git a/python/ql/test/experimental/dataflow/basic/sinks.expected b/python/ql/test/experimental/dataflow/basic/sinks.expected index 18edca26f98..944f8190aa5 100644 --- a/python/ql/test/experimental/dataflow/basic/sinks.expected +++ b/python/ql/test/experimental/dataflow/basic/sinks.expected @@ -1,33 +1,3 @@ -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.tuple | -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.dict | -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.frozenset | -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.list | -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.reversed | -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.set | -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.tuple | -| file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault | -| file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | -| file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed | -| file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | -| file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | -| file://:0:0:0:0 | [summary] to write: return (return).Tuple element at index 0 in builtins.tuple | -| file://:0:0:0:0 | parameter position 0 of builtins.dict | -| file://:0:0:0:0 | parameter position 0 of builtins.frozenset | -| file://:0:0:0:0 | parameter position 0 of builtins.list | -| file://:0:0:0:0 | parameter position 0 of builtins.reversed | -| file://:0:0:0:0 | parameter position 0 of builtins.set | -| file://:0:0:0:0 | parameter position 0 of builtins.tuple | -| file://:0:0:0:0 | parameter position 1 of dict.setdefault | | test.py:0:0:0:0 | GSSA Variable __name__ | | test.py:0:0:0:0 | GSSA Variable __package__ | | test.py:0:0:0:0 | GSSA Variable b | diff --git a/python/ql/test/experimental/dataflow/basic/sinks.ql b/python/ql/test/experimental/dataflow/basic/sinks.ql index 8560bb99d3d..f17ea9b9b1b 100644 --- a/python/ql/test/experimental/dataflow/basic/sinks.ql +++ b/python/ql/test/experimental/dataflow/basic/sinks.ql @@ -1,5 +1,7 @@ import allFlowsConfig from DataFlow::Node sink -where exists(AllFlowsConfig cfg | cfg.isSink(sink)) +where + exists(AllFlowsConfig cfg | cfg.isSink(sink)) and + exists(sink.getLocation().getFile().getRelativePath()) select sink diff --git a/python/ql/test/experimental/dataflow/basic/sources.expected b/python/ql/test/experimental/dataflow/basic/sources.expected index 18edca26f98..944f8190aa5 100644 --- a/python/ql/test/experimental/dataflow/basic/sources.expected +++ b/python/ql/test/experimental/dataflow/basic/sources.expected @@ -1,33 +1,3 @@ -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.tuple | -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.dict | -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.frozenset | -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.list | -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.reversed | -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.set | -| file://:0:0:0:0 | [summary] to write: return (return) in builtins.tuple | -| file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault | -| file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | -| file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed | -| file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | -| file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | -| file://:0:0:0:0 | [summary] to write: return (return).Tuple element at index 0 in builtins.tuple | -| file://:0:0:0:0 | parameter position 0 of builtins.dict | -| file://:0:0:0:0 | parameter position 0 of builtins.frozenset | -| file://:0:0:0:0 | parameter position 0 of builtins.list | -| file://:0:0:0:0 | parameter position 0 of builtins.reversed | -| file://:0:0:0:0 | parameter position 0 of builtins.set | -| file://:0:0:0:0 | parameter position 0 of builtins.tuple | -| file://:0:0:0:0 | parameter position 1 of dict.setdefault | | test.py:0:0:0:0 | GSSA Variable __name__ | | test.py:0:0:0:0 | GSSA Variable __package__ | | test.py:0:0:0:0 | GSSA Variable b | diff --git a/python/ql/test/experimental/dataflow/basic/sources.ql b/python/ql/test/experimental/dataflow/basic/sources.ql index d079d4db596..198882ceee6 100644 --- a/python/ql/test/experimental/dataflow/basic/sources.ql +++ b/python/ql/test/experimental/dataflow/basic/sources.ql @@ -1,5 +1,7 @@ import allFlowsConfig from DataFlow::Node source -where exists(AllFlowsConfig cfg | cfg.isSource(source)) +where + exists(AllFlowsConfig cfg | cfg.isSource(source)) and + exists(source.getLocation().getFile().getRelativePath()) select source diff --git a/python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.expected b/python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.expected index 51fd643577a..3b3f18c5b9e 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.expected +++ b/python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.expected @@ -1,20 +1,3 @@ -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed | -| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.Set element in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.frozenset | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.list | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.list | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.set | file://:0:0:0:0 | [summary] to write: return (return).Set element in builtins.set | -| file://:0:0:0:0 | [summary] read: argument position 0.Tuple element at index 0 in builtins.tuple | file://:0:0:0:0 | [summary] to write: return (return).Tuple element at index 0 in builtins.tuple | -| file://:0:0:0:0 | parameter position 0 of builtins.dict | file://:0:0:0:0 | [summary] to write: return (return) in builtins.dict | -| file://:0:0:0:0 | parameter position 0 of builtins.frozenset | file://:0:0:0:0 | [summary] to write: return (return) in builtins.frozenset | -| file://:0:0:0:0 | parameter position 0 of builtins.list | file://:0:0:0:0 | [summary] to write: return (return) in builtins.list | -| file://:0:0:0:0 | parameter position 0 of builtins.set | file://:0:0:0:0 | [summary] to write: return (return) in builtins.set | -| file://:0:0:0:0 | parameter position 0 of builtins.tuple | file://:0:0:0:0 | [summary] to write: return (return) in builtins.tuple | -| file://:0:0:0:0 | parameter position 1 of dict.setdefault | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault | | test.py:3:1:3:7 | GSSA Variable tainted | test.py:4:6:4:12 | ControlFlowNode for tainted | | test.py:3:11:3:16 | ControlFlowNode for SOURCE | test.py:3:1:3:7 | GSSA Variable tainted | | test.py:6:1:6:11 | ControlFlowNode for FunctionExpr | test.py:6:5:6:8 | GSSA Variable func | diff --git a/python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.ql b/python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.ql index efafa7fec9f..acbb2bea137 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.ql +++ b/python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.ql @@ -3,5 +3,8 @@ import semmle.python.dataflow.new.TaintTracking import semmle.python.dataflow.new.DataFlow from DataFlow::Node nodeFrom, DataFlow::Node nodeTo -where TaintTracking::localTaintStep(nodeFrom, nodeTo) +where + TaintTracking::localTaintStep(nodeFrom, nodeTo) and + exists(nodeFrom.getLocation().getFile().getRelativePath()) and + exists(nodeTo.getLocation().getFile().getRelativePath()) select nodeFrom, nodeTo From d17199a9e10f36817bdb9426b128c12b91aea299 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alvaro=20Mu=C3=B1oz?= Date: Tue, 16 May 2023 15:00:26 +0200 Subject: [PATCH 388/870] add gson models --- java/ql/lib/ext/com.google.gson.model.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 java/ql/lib/ext/com.google.gson.model.yml diff --git a/java/ql/lib/ext/com.google.gson.model.yml b/java/ql/lib/ext/com.google.gson.model.yml new file mode 100644 index 00000000000..a35ff0f117e --- /dev/null +++ b/java/ql/lib/ext/com.google.gson.model.yml @@ -0,0 +1,13 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + - ["com.google.gson", "Gson", False, "toJson", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "Gson", False, "toJsonTree", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "Gson", False, "toString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "Gson", False, "fromJson", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "Gson", False, "newJsonReader", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "Gson", False, "newJsonWriter", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["com.google.gson.stream", "JsonReader", False, "nextName", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["com.google.gson.stream", "JsonReader", False, "nextString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] From 94b4ebe38b0628e957599e7daea8cfea919c0df2 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 16 May 2023 14:16:30 +0100 Subject: [PATCH 389/870] Update swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql Co-authored-by: Mathias Vorreiter Pedersen --- swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql b/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql index 764a4af3d94..69601b3d931 100644 --- a/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql +++ b/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql @@ -20,7 +20,7 @@ import CleartextLoggingFlow::PathGraph from CleartextLoggingFlow::PathNode source, CleartextLoggingFlow::PathNode sink where CleartextLoggingFlow::flowPath(source, sink) -select sink, source, sink, +select sink.getNode(), source, sink, "This operation writes '" + sink.toString() + "' to a log file. It may contain unencrypted sensitive data from $@.", source, source.getNode().toString() From 8291b2229a7f87f174ff5d6954d7142888f8e58e Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 16 May 2023 15:11:48 +0200 Subject: [PATCH 390/870] Swift: turn internal error into a TSP warning --- swift/logging/SwiftDiagnostics.cpp | 18 +++++- swift/logging/SwiftDiagnostics.h | 57 ++++++++++++------- .../IncompatibleOs.cpp | 7 ++- swift/xcode-autobuilder/XcodeBuildRunner.cpp | 5 +- swift/xcode-autobuilder/xcode-autobuilder.cpp | 12 ++-- 5 files changed, 65 insertions(+), 34 deletions(-) diff --git a/swift/logging/SwiftDiagnostics.cpp b/swift/logging/SwiftDiagnostics.cpp index 690d03cbbaf..06c86f7f58a 100644 --- a/swift/logging/SwiftDiagnostics.cpp +++ b/swift/logging/SwiftDiagnostics.cpp @@ -8,6 +8,22 @@ namespace codeql { +namespace { +std::string_view severityToString(SwiftDiagnostic::Severity severity) { + using S = SwiftDiagnostic::Severity; + switch (severity) { + case S::note: + return "note"; + case S::warning: + return "warning"; + case S::error: + return "error"; + default: + return "unknown"; + } +} +} // namespace + nlohmann::json SwiftDiagnostic::json(const std::chrono::system_clock::time_point& timestamp, std::string_view message) const { nlohmann::json ret{ @@ -23,7 +39,7 @@ nlohmann::json SwiftDiagnostic::json(const std::chrono::system_clock::time_point {"cliSummaryTable", has(Visibility::cliSummaryTable)}, {"telemetry", has(Visibility::telemetry)}, }}, - {"severity", "error"}, + {"severity", severityToString(severity)}, {"helpLinks", std::vector(absl::StrSplit(helpLinks, ' '))}, {format == Format::markdown ? "markdownMessage" : "plaintextMessage", absl::StrCat(message, ".\n\n", action)}, diff --git a/swift/logging/SwiftDiagnostics.h b/swift/logging/SwiftDiagnostics.h index ab227aae873..05dcfe1a8dc 100644 --- a/swift/logging/SwiftDiagnostics.h +++ b/swift/logging/SwiftDiagnostics.h @@ -46,34 +46,43 @@ struct SwiftDiagnostic { all = 0b111, }; + // Notice that Tool Status Page severity is not necessarily the same as log severity, as the + // scope is different: TSP's scope is the whole analysis, log's scope is a single run + enum class Severity { + note, + warning, + error, + }; + + static constexpr std::string_view extractorName = "swift"; + std::string_view id; std::string_view name; - static constexpr std::string_view extractorName = "swift"; - Format format; std::string_view action; + + Format format{Format::markdown}; + Visibility visibility{Visibility::all}; + Severity severity{Severity::error}; + // space separated if more than 1. Not a vector to allow constexpr // TODO(C++20) with vector going constexpr this can be turned to `std::vector` - std::string_view helpLinks; - // for the moment, we only output errors, so no need to store the severity - - Visibility visibility{Visibility::all}; + std::string_view helpLinks{""}; std::optional location{}; // notice help links are really required only for plaintext messages, otherwise they should be // directly embedded in the markdown message + // optional arguments can be any of + // * std::string_view for setting helpLinks + // * Severity, Visibility or Format to set the corresponding field + template constexpr SwiftDiagnostic(std::string_view id, std::string_view name, - Format format, - std::string_view action = "", - std::string_view helpLinks = "", - Visibility visibility = Visibility::all) - : id{id}, - name{name}, - format{format}, - action{action}, - helpLinks{helpLinks}, - visibility{visibility} {} + std::string_view action, + OptionalArgs... optionalArgs) + : id{id}, name{name}, action{action} { + (setOptionalArg(optionalArgs), ...); + } // create a JSON diagnostics for this source with the given `timestamp` and `message` // Depending on format, either a plaintextMessage or markdownMessage is used that includes both @@ -97,6 +106,11 @@ struct SwiftDiagnostic { private: bool has(Visibility v) const; + + constexpr void setOptionalArg(std::string_view h) { helpLinks = h; } + constexpr void setOptionalArg(Format f) { format = f; } + constexpr void setOptionalArg(Visibility v) { visibility = v; } + constexpr void setOptionalArg(Severity s) { severity = s; } }; inline constexpr SwiftDiagnostic::Visibility operator|(SwiftDiagnostic::Visibility lhs, @@ -114,9 +128,12 @@ inline constexpr SwiftDiagnostic::Visibility operator&(SwiftDiagnostic::Visibili constexpr SwiftDiagnostic internalError{ "internal-error", "Internal error", - SwiftDiagnostic::Format::plaintext, - /* action=*/"", - /* helpLinks=*/"", - SwiftDiagnostic::Visibility::telemetry, + "Some or all of the Swift analysis may have failed.\n" + "\n" + "If the error persists, contact support, quoting the error message and describing what " + "happened, or [open an issue in our open source repository][1].\n" + "\n" + "[1]: https://github.com/github/codeql/issues/new?labels=bug&template=ql---general.md", + SwiftDiagnostic::Severity::warning, }; } // namespace codeql diff --git a/swift/tools/autobuilder-diagnostics/IncompatibleOs.cpp b/swift/tools/autobuilder-diagnostics/IncompatibleOs.cpp index c949c360c26..d19479eae7d 100644 --- a/swift/tools/autobuilder-diagnostics/IncompatibleOs.cpp +++ b/swift/tools/autobuilder-diagnostics/IncompatibleOs.cpp @@ -9,8 +9,8 @@ const std::string_view codeql::programName = "autobuilder"; constexpr codeql::SwiftDiagnostic incompatibleOs{ - "incompatible-os", "Incompatible operating system (expected macOS)", - codeql::SwiftDiagnostic::Format::markdown, + "incompatible-os", + "Incompatible operating system (expected macOS)", "[Change the Actions runner][1] to run on macOS.\n" "\n" "You may be able to run analysis on Linux by setting up a [manual build command][2].\n" @@ -22,7 +22,8 @@ constexpr codeql::SwiftDiagnostic incompatibleOs{ "https://docs.github.com/en/enterprise-server/code-security/code-scanning/" "automatically-scanning-your-code-for-vulnerabilities-and-errors/" "configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-" - "language"}; + "language", +}; static codeql::Logger& logger() { static codeql::Logger ret{"main"}; diff --git a/swift/xcode-autobuilder/XcodeBuildRunner.cpp b/swift/xcode-autobuilder/XcodeBuildRunner.cpp index aedd1ada0b7..b209caa3df9 100644 --- a/swift/xcode-autobuilder/XcodeBuildRunner.cpp +++ b/swift/xcode-autobuilder/XcodeBuildRunner.cpp @@ -9,9 +9,8 @@ #include "swift/xcode-autobuilder/CustomizingBuildDiagnostics.h" constexpr codeql::SwiftDiagnostic buildCommandFailed{ - "build-command-failed", "Detected build command failed", - codeql::SwiftDiagnostic::Format::plaintext, codeql::customizingBuildAction, - codeql::customizingBuildHelpLinks}; + "build-command-failed", "Detected build command failed", codeql::customizingBuildAction, + codeql::SwiftDiagnostic::Format::plaintext, codeql::customizingBuildHelpLinks}; static codeql::Logger& logger() { static codeql::Logger ret{"build"}; diff --git a/swift/xcode-autobuilder/xcode-autobuilder.cpp b/swift/xcode-autobuilder/xcode-autobuilder.cpp index 54973fe0114..067c4d24139 100644 --- a/swift/xcode-autobuilder/xcode-autobuilder.cpp +++ b/swift/xcode-autobuilder/xcode-autobuilder.cpp @@ -13,18 +13,16 @@ static const char* unitTest = "com.apple.product-type.bundle.unit-test"; const std::string_view codeql::programName = "autobuilder"; constexpr codeql::SwiftDiagnostic noProjectFound{ - "no-project-found", "No Xcode project or workspace detected", - codeql::SwiftDiagnostic::Format::plaintext, codeql::customizingBuildAction, - codeql::customizingBuildHelpLinks}; + "no-project-found", "No Xcode project or workspace detected", codeql::customizingBuildAction, + codeql::SwiftDiagnostic::Format::plaintext, codeql::customizingBuildHelpLinks}; constexpr codeql::SwiftDiagnostic noSwiftTarget{ - "no-swift-target", "No Swift compilation target found", - codeql::SwiftDiagnostic::Format::plaintext, codeql::customizingBuildAction, - codeql::customizingBuildHelpLinks}; + "no-swift-target", "No Swift compilation target found", codeql::customizingBuildAction, + codeql::SwiftDiagnostic::Format::plaintext, codeql::customizingBuildHelpLinks}; constexpr codeql::SwiftDiagnostic spmNotSupported{ "spm-not-supported", "Swift Package Manager build unsupported by autobuild", - codeql::SwiftDiagnostic::Format::plaintext, codeql::customizingBuildAction, + codeql::customizingBuildAction, codeql::SwiftDiagnostic::Format::plaintext, codeql::customizingBuildHelpLinks}; static codeql::Logger& logger() { From 9660b47879c5e59bd5c97106213825dcf0870ae2 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Tue, 16 May 2023 14:14:18 +0100 Subject: [PATCH 391/870] Hide GHA variables in `java-version-too-old` test --- .../java/diagnostics/java-version-too-old/test.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/java/ql/integration-tests/all-platforms/java/diagnostics/java-version-too-old/test.py b/java/ql/integration-tests/all-platforms/java/diagnostics/java-version-too-old/test.py index 9def03947b3..e40201a8b68 100644 --- a/java/ql/integration-tests/all-platforms/java/diagnostics/java-version-too-old/test.py +++ b/java/ql/integration-tests/all-platforms/java/diagnostics/java-version-too-old/test.py @@ -8,6 +8,11 @@ if "JAVA_HOME_8_X64" in os.environ: sep = ";" if platform.system() == "Windows" else ":" os.environ["PATH"] = "".join([os.path.join(os.environ["JAVA_HOME"], "bin"), sep, os.environ["PATH"]]) +# Ensure the autobuilder *doesn't* see Java 11 or 17, which it could switch to in order to build the project: +for k in ["JAVA_HOME_11_X64", "JAVA_HOME_17_X64"]: + if k in os.environ: + del os.environ[k] + run_codeql_database_create([], lang="java", runFunction = runUnsuccessfully, db = None) check_diagnostics() From 35b35ec377f312e63c41527a1376603102c15a13 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 16 May 2023 14:24:59 +0100 Subject: [PATCH 392/870] Swift: Mirror changes made in the docs. --- .../ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll index 74779ea3b37..a52ddb6f8bd 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPublic.qll @@ -33,7 +33,7 @@ class Node extends TNode { } /** - * Gets this node's underlying expression, if any. + * Gets the expression that corresponds to this node, if any. */ Expr asExpr() { none() } @@ -43,7 +43,7 @@ class Node extends TNode { Pattern asPattern() { none() } /** - * Gets this data flow node's corresponding control flow node. + * Gets the control flow node that corresponds to this data flow node. */ ControlFlowNode getCfgNode() { none() } From 3027ed2ca821536feadbe3e879408079257cb74d Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 16 May 2023 16:02:29 +0200 Subject: [PATCH 393/870] C#: Include arguments to `ILogger` extension method calls in `LogMessageSink` --- .../flowsinks/ExternalLocationSink.qll | 9 ++++++- .../Security Features/CWE-117/LogForging.cs | 5 ++++ .../CWE-117/LogForging.expected | 26 +++++++++++-------- 3 files changed, 28 insertions(+), 12 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/ExternalLocationSink.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/ExternalLocationSink.qll index 26b75f06269..d19b0006eb7 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/ExternalLocationSink.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/ExternalLocationSink.qll @@ -26,7 +26,14 @@ private class ExternalModelSink extends ExternalLocationSink { * An argument to a call to a method on a logger class. */ class LogMessageSink extends ExternalLocationSink { - LogMessageSink() { this.getExpr() = any(LoggerType i).getAMethod().getACall().getAnArgument() } + LogMessageSink() { + this.getExpr() = any(LoggerType i).getAMethod().getACall().getAnArgument() + or + this.getExpr() = + any(ExtensionMethodCall call | + call.getTarget().(ExtensionMethod).getExtendedType() instanceof LoggerType + ).getArgument(any(int i | i > 0)) + } } /** diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.cs b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.cs index aac9ce65523..d3253f4a440 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.cs @@ -3,6 +3,7 @@ using System.Diagnostics; using System.IO; using System.Net; using System.Web; +using Microsoft.Extensions.Logging; class ILogger { @@ -24,6 +25,10 @@ public class LogForgingHandler : IHttpHandler logger.Warn(WebUtility.HtmlEncode(username) + " logged in"); // BAD: Logged as-is to TraceSource new TraceSource("Test").TraceInformation(username + " logged in"); + + Microsoft.Extensions.Logging.ILogger logger2 = null; + // BAD: Logged as-is + logger2.LogError(username); } public bool IsReusable diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected index cfae0ac589e..5724f73d55b 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected @@ -1,19 +1,23 @@ edges -| LogForging.cs:17:27:17:49 | access to property QueryString : NameValueCollection | LogForging.cs:17:27:17:61 | access to indexer : String | -| LogForging.cs:17:27:17:49 | access to property QueryString : NameValueCollection | LogForging.cs:20:21:20:43 | ... + ... | -| LogForging.cs:17:27:17:49 | access to property QueryString : NameValueCollection | LogForging.cs:26:50:26:72 | ... + ... | -| LogForging.cs:17:27:17:61 | access to indexer : String | LogForging.cs:20:21:20:43 | ... + ... | -| LogForging.cs:17:27:17:61 | access to indexer : String | LogForging.cs:26:50:26:72 | ... + ... | +| LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:18:27:18:61 | access to indexer : String | +| LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:21:21:21:43 | ... + ... | +| LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:27:50:27:72 | ... + ... | +| LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:31:26:31:33 | access to local variable username | +| LogForging.cs:18:27:18:61 | access to indexer : String | LogForging.cs:21:21:21:43 | ... + ... | +| LogForging.cs:18:27:18:61 | access to indexer : String | LogForging.cs:27:50:27:72 | ... + ... | +| LogForging.cs:18:27:18:61 | access to indexer : String | LogForging.cs:31:26:31:33 | access to local variable username | | LogForgingAsp.cs:8:32:8:39 | username : String | LogForgingAsp.cs:12:21:12:43 | ... + ... | nodes -| LogForging.cs:17:27:17:49 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | -| LogForging.cs:17:27:17:61 | access to indexer : String | semmle.label | access to indexer : String | -| LogForging.cs:20:21:20:43 | ... + ... | semmle.label | ... + ... | -| LogForging.cs:26:50:26:72 | ... + ... | semmle.label | ... + ... | +| LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | +| LogForging.cs:18:27:18:61 | access to indexer : String | semmle.label | access to indexer : String | +| LogForging.cs:21:21:21:43 | ... + ... | semmle.label | ... + ... | +| LogForging.cs:27:50:27:72 | ... + ... | semmle.label | ... + ... | +| LogForging.cs:31:26:31:33 | access to local variable username | semmle.label | access to local variable username | | LogForgingAsp.cs:8:32:8:39 | username : String | semmle.label | username : String | | LogForgingAsp.cs:12:21:12:43 | ... + ... | semmle.label | ... + ... | subpaths #select -| LogForging.cs:20:21:20:43 | ... + ... | LogForging.cs:17:27:17:49 | access to property QueryString : NameValueCollection | LogForging.cs:20:21:20:43 | ... + ... | This log entry depends on a $@. | LogForging.cs:17:27:17:49 | access to property QueryString | user-provided value | -| LogForging.cs:26:50:26:72 | ... + ... | LogForging.cs:17:27:17:49 | access to property QueryString : NameValueCollection | LogForging.cs:26:50:26:72 | ... + ... | This log entry depends on a $@. | LogForging.cs:17:27:17:49 | access to property QueryString | user-provided value | +| LogForging.cs:21:21:21:43 | ... + ... | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:21:21:21:43 | ... + ... | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value | +| LogForging.cs:27:50:27:72 | ... + ... | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:27:50:27:72 | ... + ... | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value | +| LogForging.cs:31:26:31:33 | access to local variable username | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:31:26:31:33 | access to local variable username | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value | | LogForgingAsp.cs:12:21:12:43 | ... + ... | LogForgingAsp.cs:8:32:8:39 | username : String | LogForgingAsp.cs:12:21:12:43 | ... + ... | This log entry depends on a $@. | LogForgingAsp.cs:8:32:8:39 | username | user-provided value | From 7e61e99e4a9dbd8261d3bd9babc104632a26f264 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 16 May 2023 16:52:22 +0200 Subject: [PATCH 394/870] Swift: make help links optional argument more explicit --- swift/logging/SwiftDiagnostics.h | 17 +++++++++++++---- .../CustomizingBuildDiagnostics.h | 5 +++-- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/swift/logging/SwiftDiagnostics.h b/swift/logging/SwiftDiagnostics.h index 05dcfe1a8dc..5a0f5617076 100644 --- a/swift/logging/SwiftDiagnostics.h +++ b/swift/logging/SwiftDiagnostics.h @@ -54,6 +54,11 @@ struct SwiftDiagnostic { error, }; + // wrapper for passing optional help links to constructor + struct HelpLinks { + std::string_view value; + }; + static constexpr std::string_view extractorName = "swift"; std::string_view id; @@ -72,9 +77,9 @@ struct SwiftDiagnostic { // notice help links are really required only for plaintext messages, otherwise they should be // directly embedded in the markdown message - // optional arguments can be any of - // * std::string_view for setting helpLinks - // * Severity, Visibility or Format to set the corresponding field + // optional arguments can be any of HelpLinks, Severity, Visibility or Format to set the + // corresponding field + // TODO(C++20) this constructor won't really be necessary anymore with designated initializers template constexpr SwiftDiagnostic(std::string_view id, std::string_view name, @@ -107,10 +112,14 @@ struct SwiftDiagnostic { private: bool has(Visibility v) const; - constexpr void setOptionalArg(std::string_view h) { helpLinks = h; } + constexpr void setOptionalArg(HelpLinks h) { helpLinks = h.value; } constexpr void setOptionalArg(Format f) { format = f; } constexpr void setOptionalArg(Visibility v) { visibility = v; } constexpr void setOptionalArg(Severity s) { severity = s; } + + // intentionally left undefined + template + constexpr void setOptionalArg(T); }; inline constexpr SwiftDiagnostic::Visibility operator|(SwiftDiagnostic::Visibility lhs, diff --git a/swift/xcode-autobuilder/CustomizingBuildDiagnostics.h b/swift/xcode-autobuilder/CustomizingBuildDiagnostics.h index c1d7809054c..453fa70c13f 100644 --- a/swift/xcode-autobuilder/CustomizingBuildDiagnostics.h +++ b/swift/xcode-autobuilder/CustomizingBuildDiagnostics.h @@ -1,12 +1,13 @@ #include +#include "swift/logging/SwiftDiagnostics.h" namespace codeql { constexpr std::string_view customizingBuildAction = "Set up a manual build command."; -constexpr std::string_view customizingBuildHelpLinks = +constexpr SwiftDiagnostic::HelpLinks customizingBuildHelpLinks{ "https://docs.github.com/en/enterprise-server/code-security/code-scanning/" "automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning " "https://docs.github.com/en/enterprise-server/code-security/code-scanning/" "automatically-scanning-your-code-for-vulnerabilities-and-errors/" "configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-" - "language"; + "language"}; } // namespace codeql From c412bfde684c536fee6b3a8dfcfc4d7e2292aff1 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 16 May 2023 16:54:59 +0200 Subject: [PATCH 395/870] Add change note --- .../lib/change-notes/2023-05-16-ilogger-extension-methods.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 csharp/ql/lib/change-notes/2023-05-16-ilogger-extension-methods.md diff --git a/csharp/ql/lib/change-notes/2023-05-16-ilogger-extension-methods.md b/csharp/ql/lib/change-notes/2023-05-16-ilogger-extension-methods.md new file mode 100644 index 00000000000..fdbbb92de6b --- /dev/null +++ b/csharp/ql/lib/change-notes/2023-05-16-ilogger-extension-methods.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Arguments in calls to `ILogger` extension methods have been added to `LogMessageSink`, used by the queries `cs/log-forging`, `cs/cleartext-storage`, and `cs/exposure-of-sensitive-information`. From 7225ef09ba9ca10a50f449517fabdbae1f8c6f46 Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Thu, 20 Apr 2023 15:00:58 +0200 Subject: [PATCH 396/870] Script for detecting out-of-sync dbscheme fragments --- .github/workflows/sync-files.yml | 2 + config/dbscheme-fragments.json | 6 +++ config/sync-dbscheme-fragments.py | 76 +++++++++++++++++++++++++++++++ 3 files changed, 84 insertions(+) create mode 100644 config/dbscheme-fragments.json create mode 100755 config/sync-dbscheme-fragments.py diff --git a/.github/workflows/sync-files.yml b/.github/workflows/sync-files.yml index afa1e78edfa..8f4678f1788 100644 --- a/.github/workflows/sync-files.yml +++ b/.github/workflows/sync-files.yml @@ -17,4 +17,6 @@ jobs: - uses: actions/checkout@v3 - name: Check synchronized files run: python config/sync-files.py + - name: Check dbscheme fragments + run: python config/sync-dbscheme-fragments.py diff --git a/config/dbscheme-fragments.json b/config/dbscheme-fragments.json new file mode 100644 index 00000000000..fdcadb53049 --- /dev/null +++ b/config/dbscheme-fragments.json @@ -0,0 +1,6 @@ +{ + "files": [ + ], + "fragments": [ + ] +} diff --git a/config/sync-dbscheme-fragments.py b/config/sync-dbscheme-fragments.py new file mode 100755 index 00000000000..5ada01537e9 --- /dev/null +++ b/config/sync-dbscheme-fragments.py @@ -0,0 +1,76 @@ +#!/usr/bin/env python3 + +import json +import os +import re + + +def make_groups(blocks): + groups = {} + for block in blocks: + groups.setdefault("".join(block["lines"]), []).append(block) + return list(groups.values()) + + +def validate_fragments(fragments): + ok = True + for header, blocks in fragments.items(): + groups = make_groups(blocks) + if len(groups) > 1: + ok = False + print("Warning: dbscheme fragments with header '{}' are different for {}".format(header, ["{}:{}:{}".format( + group[0]["file"], group[0]["start"], group[0]["end"]) for group in groups])) + return ok + + +def main(): + script_dir = os.path.dirname(os.path.realpath(__file__)) + + with open(os.path.join(script_dir, "dbscheme-fragments.json"), "r") as f: + config = json.load(f) + + fragment_headers = set(config["fragments"]) + fragments = {} + ok = True + for file in config["files"]: + with open(os.path.join(os.path.dirname(script_dir), file), "r") as dbscheme: + header = None + line_number = 1 + block = {"file": file, "start": line_number, + "end": None, "lines": []} + + def end_block(): + block["end"] = line_number - 1 + if len(block["lines"]) > 0: + if header is None: + if re.match(r'(?m)\A(\s|//.*$|/\*(\**[^\*])*\*+/)*\Z', "".join(block["lines"])): + # Ignore comments at the beginning of the file + pass + else: + ok = False + print("Warning: dbscheme fragment without header: {}:{}:{}".format( + block["file"], block["start"], block["end"])) + else: + fragments.setdefault(header, []).append(block) + for line in dbscheme: + m = re.match(r"^\/\*-.*-\*\/$", line) + if m: + end_block() + header = line.strip() + if header not in fragment_headers: + ok = False + print("Warning: unknown header for dbscheme fragment: '{}': {}:{}".format( + header, file, line_number)) + block = {"file": file, "start": line_number, + "end": None, "lines": []} + block["lines"].append(line) + line_number += 1 + block["lines"].append('\n') + line_number += 1 + end_block() + if not ok or not validate_fragments(fragments): + exit(1) + + +if __name__ == "__main__": + main() From fef0e1f1c84f8e74d2c2244471c8d754d1f70bf3 Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Thu, 20 Apr 2023 16:07:42 +0200 Subject: [PATCH 397/870] JS: sync shared dbscheme fragments --- config/dbscheme-fragments.json | 9 + .../ql/lib/semmlecode.javascript.dbscheme | 238 ++++++++++-------- 2 files changed, 142 insertions(+), 105 deletions(-) diff --git a/config/dbscheme-fragments.json b/config/dbscheme-fragments.json index fdcadb53049..8e66d2df008 100644 --- a/config/dbscheme-fragments.json +++ b/config/dbscheme-fragments.json @@ -1,6 +1,15 @@ { "files": [ + "javascript/ql/lib/semmlecode.javascript.dbscheme", ], "fragments": [ + "/*- External data -*/", + "/*- Files and folders -*/", + "/*- Source location prefix -*/", + "/*- Lines of code -*/", + "/*- Configuration files with key value pairs -*/", + "/*- YAML -*/", + "/*- XML Files -*/", + "/*- JavaScript-specific part -*/" ] } diff --git a/javascript/ql/lib/semmlecode.javascript.dbscheme b/javascript/ql/lib/semmlecode.javascript.dbscheme index 4d00210ca57..7cffc1a6564 100644 --- a/javascript/ql/lib/semmlecode.javascript.dbscheme +++ b/javascript/ql/lib/semmlecode.javascript.dbscheme @@ -1,51 +1,64 @@ /*** Standard fragments ***/ -/** Files and folders **/ +/*- Files and folders -*/ -@location = @location_default; +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); -locations_default(unique int id: @location_default, - int file: @file ref, - int beginLine: int ref, - int beginColumn: int ref, - int endLine: int ref, - int endColumn: int ref - ); +files( + unique int id: @file, + string name: string ref +); -@sourceline = @locatable; +folders( + unique int id: @folder, + string name: string ref +); -numlines(int element_id: @sourceline ref, - int num_lines: int ref, - int num_code: int ref, - int num_comment: int ref - ); +@container = @file | @folder -files(unique int id: @file, - varchar(900) name: string ref); +containerparent( + int parent: @container ref, + unique int child: @container ref +); -folders(unique int id: @folder, - varchar(900) name: string ref); +/*- Lines of code -*/ +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); -@container = @folder | @file ; - - -containerparent(int parent: @container ref, - unique int child: @container ref); - -/** Duplicate code **/ +/*- Duplicate code -*/ duplicateCode( unique int id : @duplication, - varchar(900) relativePath : string ref, - int equivClass : int ref); + string relativePath : string ref, + int equivClass : int ref +); similarCode( unique int id : @similarity, - varchar(900) relativePath : string ref, - int equivClass : int ref); + string relativePath : string ref, + int equivClass : int ref +); -@duplication_or_similarity = @duplication | @similarity; +@duplication_or_similarity = @duplication | @similarity tokens( int id : @duplication_or_similarity ref, @@ -53,51 +66,67 @@ tokens( int beginLine : int ref, int beginColumn : int ref, int endLine : int ref, - int endColumn : int ref); + int endColumn : int ref +); -/** External data **/ +/*- External data -*/ +/** + * External data, loaded from CSV files during snapshot creation. See + * [Tutorial: Incorporating external data](https://help.semmle.com/wiki/display/SD/Tutorial%3A+Incorporating+external+data) + * for more information. + */ externalData( int id : @externalDataElement, - varchar(900) path : string ref, + string path : string ref, int column: int ref, - varchar(900) value : string ref + string value : string ref ); +/*- Snapshot date -*/ + snapshotDate(unique date snapshotDate : date ref); -sourceLocationPrefix(varchar(900) prefix : string ref); +/*- Source location prefix -*/ -/** Version control data **/ +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- Version control data -*/ svnentries( - int id : @svnentry, - varchar(500) revision : string ref, - varchar(500) author : string ref, + unique int id : @svnentry, + string revision : string ref, + string author : string ref, date revisionDate : date ref, int changeSize : int ref -); +) svnaffectedfiles( int id : @svnentry ref, int file : @file ref, - varchar(500) action : string ref -); + string action : string ref +) svnentrymsg( - int id : @svnentry ref, - varchar(500) message : string ref -); + unique int id : @svnentry ref, + string message : string ref +) svnchurn( int commit : @svnentry ref, int file : @file ref, int addedLines : int ref, int deletedLines : int ref -); +) +/*- JavaScript-specific part -*/ -/*** JavaScript-specific part ***/ +@location = @location_default + +@sourceline = @locatable; filetype( int file: @file ref, @@ -1046,14 +1075,50 @@ jsdoc_has_new_parameter (int fn: @jsdoc_function_type_expr ref); jsdoc_errors (unique int id: @jsdoc_error, int tag: @jsdoc_tag ref, varchar(900) message: string ref, varchar(900) tostring: string ref); -// YAML +@dataflownode = @expr | @function_decl_stmt | @class_decl_stmt | @namespace_declaration | @enum_declaration | @property; + +@optionalchainable = @call_expr | @propaccess; + +isOptionalChaining(int id: @optionalchainable ref); + +/** + * The time taken for the extraction of a file. + * This table contains non-deterministic content. + * + * The sum of the `time` column for each (`file`, `timerKind`) pair + * is the total time taken for extraction of `file`. The `extractionPhase` + * column provides a granular view of the extraction time of the file. + */ +extraction_time( + int file : @file ref, + // see `com.semmle.js.extractor.ExtractionMetrics.ExtractionPhase`. + int extractionPhase: int ref, + // 0 for the elapsed CPU time in nanoseconds, 1 for the elapsed wallclock time in nanoseconds + int timerKind: int ref, + float time: float ref +) + +/** +* Non-timing related data for the extraction of a single file. +* This table contains non-deterministic content. +*/ +extraction_data( + int file : @file ref, + // the absolute path to the cache file + varchar(900) cacheFile: string ref, + boolean fromCache: boolean ref, + int length: int ref +) + +/*- YAML -*/ + #keyset[parent, idx] yaml (unique int id: @yaml_node, int kind: int ref, int parent: @yaml_node_parent ref, int idx: int ref, - varchar(900) tag: string ref, - varchar(900) tostring: string ref); + string tag: string ref, + string tostring: string ref); case @yaml_node.kind of 0 = @yaml_scalar_node @@ -1067,41 +1132,41 @@ case @yaml_node.kind of @yaml_node_parent = @yaml_collection_node | @file; yaml_anchors (unique int node: @yaml_node ref, - varchar(900) anchor: string ref); + string anchor: string ref); yaml_aliases (unique int alias: @yaml_alias_node ref, - varchar(900) target: string ref); + string target: string ref); yaml_scalars (unique int scalar: @yaml_scalar_node ref, int style: int ref, - varchar(900) value: string ref); + string value: string ref); yaml_errors (unique int id: @yaml_error, - varchar(900) message: string ref); + string message: string ref); yaml_locations(unique int locatable: @yaml_locatable ref, int location: @location_default ref); @yaml_locatable = @yaml_node | @yaml_error; -/* XML Files */ +/*- XML Files -*/ xmlEncoding( unique int id: @file ref, - varchar(900) encoding: string ref + string encoding: string ref ); xmlDTDs( unique int id: @xmldtd, - varchar(900) root: string ref, - varchar(900) publicId: string ref, - varchar(900) systemId: string ref, + string root: string ref, + string publicId: string ref, + string systemId: string ref, int fileid: @file ref ); xmlElements( unique int id: @xmlelement, - varchar(900) name: string ref, + string name: string ref, int parentid: @xmlparent ref, int idx: int ref, int fileid: @file ref @@ -1110,16 +1175,16 @@ xmlElements( xmlAttrs( unique int id: @xmlattribute, int elementid: @xmlelement ref, - varchar(900) name: string ref, - varchar(3600) value: string ref, + string name: string ref, + string value: string ref, int idx: int ref, int fileid: @file ref ); xmlNs( int id: @xmlnamespace, - varchar(900) prefixName: string ref, - varchar(900) URI: string ref, + string prefixName: string ref, + string URI: string ref, int fileid: @file ref ); @@ -1131,14 +1196,14 @@ xmlHasNs( xmlComments( unique int id: @xmlcomment, - varchar(3600) text: string ref, + string text: string ref, int parentid: @xmlparent ref, int fileid: @file ref ); xmlChars( unique int id: @xmlcharacters, - varchar(3600) text: string ref, + string text: string ref, int parentid: @xmlparent ref, int idx: int ref, int isCDATA: int ref, @@ -1155,15 +1220,7 @@ xmllocations( @xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; -@dataflownode = @expr | @function_decl_stmt | @class_decl_stmt | @namespace_declaration | @enum_declaration | @property; - -@optionalchainable = @call_expr | @propaccess; - -isOptionalChaining(int id: @optionalchainable ref); - -/* - * configuration files with key value pairs - */ +/*- Configuration files with key value pairs -*/ configs( unique int id: @config @@ -1187,32 +1244,3 @@ configLocations( ); @configLocatable = @config | @configName | @configValue; - -/** - * The time taken for the extraction of a file. - * This table contains non-deterministic content. - * - * The sum of the `time` column for each (`file`, `timerKind`) pair - * is the total time taken for extraction of `file`. The `extractionPhase` - * column provides a granular view of the extraction time of the file. - */ -extraction_time( - int file : @file ref, - // see `com.semmle.js.extractor.ExtractionMetrics.ExtractionPhase`. - int extractionPhase: int ref, - // 0 for the elapsed CPU time in nanoseconds, 1 for the elapsed wallclock time in nanoseconds - int timerKind: int ref, - float time: float ref -) - -/** - * Non-timing related data for the extraction of a single file. - * This table contains non-deterministic content. - */ -extraction_data( - int file : @file ref, - // the absolute path to the cache file - varchar(900) cacheFile: string ref, - boolean fromCache: boolean ref, - int length: int ref -) From 2911a6cc30af3f2c6031e36263fda2be09a9ef85 Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Fri, 21 Apr 2023 10:20:46 +0200 Subject: [PATCH 398/870] JS: remove unused tables --- .../ql/lib/semmlecode.javascript.dbscheme | 57 - .../lib/semmlecode.javascript.dbscheme.stats | 3268 ----------------- 2 files changed, 3325 deletions(-) diff --git a/javascript/ql/lib/semmlecode.javascript.dbscheme b/javascript/ql/lib/semmlecode.javascript.dbscheme index 7cffc1a6564..8accf0f930b 100644 --- a/javascript/ql/lib/semmlecode.javascript.dbscheme +++ b/javascript/ql/lib/semmlecode.javascript.dbscheme @@ -44,31 +44,6 @@ numlines( int num_comment: int ref ); -/*- Duplicate code -*/ - -duplicateCode( - unique int id : @duplication, - string relativePath : string ref, - int equivClass : int ref -); - -similarCode( - unique int id : @similarity, - string relativePath : string ref, - int equivClass : int ref -); - -@duplication_or_similarity = @duplication | @similarity - -tokens( - int id : @duplication_or_similarity ref, - int offset : int ref, - int beginLine : int ref, - int beginColumn : int ref, - int endLine : int ref, - int endColumn : int ref -); - /*- External data -*/ /** @@ -83,10 +58,6 @@ externalData( string value : string ref ); -/*- Snapshot date -*/ - -snapshotDate(unique date snapshotDate : date ref); - /*- Source location prefix -*/ /** @@ -94,34 +65,6 @@ snapshotDate(unique date snapshotDate : date ref); */ sourceLocationPrefix(string prefix : string ref); -/*- Version control data -*/ - -svnentries( - unique int id : @svnentry, - string revision : string ref, - string author : string ref, - date revisionDate : date ref, - int changeSize : int ref -) - -svnaffectedfiles( - int id : @svnentry ref, - int file : @file ref, - string action : string ref -) - -svnentrymsg( - unique int id : @svnentry ref, - string message : string ref -) - -svnchurn( - int commit : @svnentry ref, - int file : @file ref, - int addedLines : int ref, - int deletedLines : int ref -) - /*- JavaScript-specific part -*/ @location = @location_default diff --git a/javascript/ql/lib/semmlecode.javascript.dbscheme.stats b/javascript/ql/lib/semmlecode.javascript.dbscheme.stats index 7e0b98ea867..c198daf9e67 100644 --- a/javascript/ql/lib/semmlecode.javascript.dbscheme.stats +++ b/javascript/ql/lib/semmlecode.javascript.dbscheme.stats @@ -1,9 +1,5 @@ - -@svnentry -575525 - @location_default @@ -18,14 +14,6 @@ 1590 -@duplication -6210 - - -@similarity -21595 - - @externalDataElement 950 @@ -1507,1214 +1495,6 @@ - -svnentries -575525 - - -id -575525 - - -revision -575525 - - -author -19539 - - -revisionDate -547759 - - -changeSize -1 - - - - -id -revision - - -12 - - -1 -2 -575525 - - - - - - -id -author - - -12 - - -1 -2 -575525 - - - - - - -id -revisionDate - - -12 - - -1 -2 -575525 - - - - - - -id -changeSize - - -12 - - -1 -2 -575525 - - - - - - -revision -id - - -12 - - -1 -2 -575525 - - - - - - -revision -author - - -12 - - -1 -2 -575525 - - - - - - -revision -revisionDate - - -12 - - -1 -2 -575525 - - - - - - -revision -changeSize - - -12 - - -1 -2 -575525 - - - - - - -author -id - - -12 - - -1 -2 -7913 - - -2 -3 -2531 - - -3 -4 -1388 - - -4 -6 -1523 - - -6 -10 -1529 - - -10 -20 -1509 - - -20 -52 -1488 - - -52 -568 -1466 - - -569 -16582 -192 - - - - - - -author -revision - - -12 - - -1 -2 -7913 - - -2 -3 -2531 - - -3 -4 -1388 - - -4 -6 -1523 - - -6 -10 -1529 - - -10 -20 -1509 - - -20 -52 -1488 - - -52 -568 -1466 - - -569 -16582 -192 - - - - - - -author -revisionDate - - -12 - - -1 -2 -7996 - - -2 -3 -2509 - - -3 -4 -1379 - - -4 -6 -1520 - - -6 -10 -1529 - - -10 -20 -1507 - - -20 -52 -1474 - - -52 -662 -1466 - - -663 -16573 -159 - - - - - - -author -changeSize - - -12 - - -1 -2 -19539 - - - - - - -revisionDate -id - - -12 - - -1 -2 -531878 - - -2 -100 -15881 - - - - - - -revisionDate -revision - - -12 - - -1 -2 -531878 - - -2 -100 -15881 - - - - - - -revisionDate -author - - -12 - - -1 -2 -542505 - - -2 -17 -5254 - - - - - - -revisionDate -changeSize - - -12 - - -1 -2 -547759 - - - - - - -changeSize -id - - -12 - - -575525 -575526 -1 - - - - - - -changeSize -revision - - -12 - - -575525 -575526 -1 - - - - - - -changeSize -author - - -12 - - -19539 -19540 -1 - - - - - - -changeSize -revisionDate - - -12 - - -547759 -547760 -1 - - - - - - - - -svnaffectedfiles -1314068 - - -id -531628 - - -file -90924 - - -action -1 - - - - -id -file - - -12 - - -1 -2 -337698 - - -2 -3 -77525 - - -3 -4 -43024 - - -4 -7 -46689 - - -7 -16635 -26692 - - - - - - -id -action - - -12 - - -1 -2 -531628 - - - - - - -file -id - - -12 - - -1 -2 -11819 - - -2 -3 -18230 - - -3 -4 -9501 - - -4 -5 -6656 - - -5 -6 -5012 - - -6 -8 -7103 - - -8 -11 -6788 - - -11 -16 -6996 - - -16 -26 -7180 - - -26 -54 -6824 - - -54 -3572 -4815 - - - - - - -file -action - - -12 - - -1 -2 -90924 - - - - - - -action -id - - -12 - - -531628 -531629 -1 - - - - - - -action -file - - -12 - - -90924 -90925 -1 - - - - - - - - -svnentrymsg -575525 - - -id -575525 - - -message -568305 - - - - -id -message - - -12 - - -1 -2 -575525 - - - - - - -message -id - - -12 - - -1 -2 -565381 - - -2 -142 -2924 - - - - - - - - -svnchurn -46790 - - -commit -22361 - - -file -16124 - - -addedLines -910 - - -deletedLines -787 - - - - -commit -file - - -12 - - -1 -2 -15208 - - -2 -3 -3101 - - -3 -4 -1746 - - -4 -8 -1774 - - -8 -246 -532 - - - - - - -commit -addedLines - - -12 - - -1 -2 -16074 - - -2 -3 -3323 - - -3 -4 -1561 - - -4 -118 -1403 - - - - - - -commit -deletedLines - - -12 - - -1 -2 -16799 - - -2 -3 -3286 - - -3 -5 -1763 - - -5 -113 -513 - - - - - - -file -commit - - -12 - - -1 -2 -8618 - - -2 -3 -2956 - - -3 -4 -1426 - - -4 -6 -1364 - - -6 -12 -1210 - - -12 -448 -550 - - - - - - -file -addedLines - - -12 - - -1 -2 -9240 - - -2 -3 -3129 - - -3 -4 -1393 - - -4 -6 -1239 - - -6 -59 -1123 - - - - - - -file -deletedLines - - -12 - - -1 -2 -9525 - - -2 -3 -3192 - - -3 -4 -1401 - - -4 -7 -1387 - - -7 -70 -619 - - - - - - -addedLines -commit - - -12 - - -1 -2 -446 - - -2 -3 -133 - - -3 -4 -70 - - -4 -6 -68 - - -6 -12 -70 - - -12 -57 -69 - - -57 -6874 -54 - - - - - - -addedLines -file - - -12 - - -1 -2 -445 - - -2 -3 -132 - - -3 -4 -69 - - -4 -6 -68 - - -6 -12 -73 - - -12 -58 -69 - - -58 -6663 -54 - - - - - - -addedLines -deletedLines - - -12 - - -1 -2 -621 - - -2 -3 -96 - - -3 -7 -81 - - -7 -34 -70 - - -34 -727 -42 - - - - - - -deletedLines -commit - - -12 - - -1 -2 -439 - - -2 -3 -116 - - -3 -4 -48 - - -4 -8 -67 - - -8 -28 -60 - - -28 -6794 -57 - - - - - - -deletedLines -file - - -12 - - -1 -2 -437 - - -2 -3 -113 - - -3 -4 -49 - - -4 -7 -61 - - -7 -19 -60 - - -19 -770 -60 - - -985 -7318 -7 - - - - - - -deletedLines -addedLines - - -12 - - -1 -2 -545 - - -2 -3 -72 - - -3 -7 -69 - - -7 -30 -60 - - -30 -871 -41 - - - - - - - locations_default @@ -5018,2042 +3798,6 @@ -duplicateCode -id -6210 - - -id -6210 - - -relativePath -932 - - -equivClass -2355 - - - - -id -relativePath - - -12 - - -1 -2 -6210 - - - - - - -id -equivClass - - -12 - - -1 -2 -6210 - - - - - - -relativePath -id - - -12 - - -1 -2 -377 - - -2 -3 -182 - - -3 -4 -92 - - -4 -5 -78 - - -5 -9 -84 - - -9 -18 -70 - - -18 -914 -49 - - - - - - -relativePath -equivClass - - -12 - - -1 -2 -439 - - -2 -3 -147 - - -3 -4 -105 - - -4 -6 -85 - - -6 -10 -75 - - -10 -60 -70 - - -63 -355 -11 - - - - - - -equivClass -id - - -12 - - -1 -2 -6 - - -2 -3 -1669 - - -3 -4 -311 - - -4 -5 -166 - - -5 -9 -183 - - -9 -11 -20 - - - - - - -equivClass -relativePath - - -12 - - -1 -2 -825 - - -2 -3 -1111 - - -3 -4 -202 - - -4 -7 -177 - - -7 -11 -40 - - - - - - - - -similarCode -id -21595 - - -id -21595 - - -relativePath -1742 - - -equivClass -7221 - - - - -id -relativePath - - -12 - - -1 -2 -21595 - - - - - - -id -equivClass - - -12 - - -1 -2 -21595 - - - - - - -relativePath -id - - -12 - - -1 -2 -454 - - -2 -3 -351 - - -3 -4 -143 - - -4 -5 -141 - - -5 -6 -115 - - -6 -8 -126 - - -8 -12 -147 - - -12 -23 -139 - - -23 -5898 -126 - - - - - - -relativePath -equivClass - - -12 - - -1 -2 -632 - - -2 -3 -276 - - -3 -4 -200 - - -4 -5 -144 - - -5 -6 -94 - - -6 -9 -158 - - -9 -15 -139 - - -15 -1799 -99 - - - - - - -equivClass -id - - -12 - - -1 -2 -54 - - -2 -3 -4290 - - -3 -4 -1200 - - -4 -5 -662 - - -5 -7 -583 - - -7 -11 -432 - - - - - - -equivClass -relativePath - - -12 - - -1 -2 -4536 - - -2 -3 -1858 - - -3 -5 -611 - - -5 -11 -216 - - - - - - - - -tokens -5806732 - - -id -27805 - - -offset -56799 - - -beginLine -167308 - - -beginColumn -1853 - - -endLine -167308 - - -endColumn -1875 - - - - -id -offset - - -12 - - -100 -101 -2031 - - -101 -102 -1683 - - -102 -103 -1387 - - -103 -105 -2060 - - -105 -108 -2278 - - -108 -111 -2079 - - -111 -116 -2106 - - -116 -124 -2280 - - -124 -135 -2235 - - -135 -152 -2091 - - -152 -180 -2104 - - -180 -221 -2095 - - -221 -380 -2088 - - -381 -56800 -1288 - - - - - - -id -beginLine - - -12 - - -2 -10 -2063 - - -10 -12 -1754 - - -12 -14 -2423 - - -14 -15 -1299 - - -15 -16 -1542 - - -16 -17 -1745 - - -17 -18 -1470 - - -18 -19 -1471 - - -19 -21 -2512 - - -21 -23 -2101 - - -23 -26 -2365 - - -26 -30 -2157 - - -30 -39 -2231 - - -39 -102 -2089 - - -102 -11362 -583 - - - - - - -id -beginColumn - - -12 - - -4 -20 -2045 - - -20 -23 -2118 - - -23 -27 -2074 - - -27 -32 -2493 - - -32 -37 -2166 - - -37 -42 -2474 - - -42 -46 -2394 - - -46 -49 -2000 - - -49 -52 -2047 - - -52 -56 -2169 - - -56 -62 -2317 - - -62 -73 -2113 - - -73 -528 -1395 - - - - - - -id -endLine - - -12 - - -2 -10 -2059 - - -10 -12 -1756 - - -12 -14 -2425 - - -14 -15 -1299 - - -15 -16 -1519 - - -16 -17 -1758 - - -17 -18 -1476 - - -18 -19 -1472 - - -19 -21 -2515 - - -21 -23 -2101 - - -23 -26 -2362 - - -26 -30 -2158 - - -30 -39 -2225 - - -39 -101 -2089 - - -101 -11362 -591 - - - - - - -id -endColumn - - -12 - - -4 -21 -2155 - - -21 -24 -2138 - - -24 -30 -2470 - - -30 -35 -2169 - - -35 -41 -2390 - - -41 -45 -2025 - - -45 -49 -2451 - - -49 -52 -2070 - - -52 -55 -2094 - - -55 -59 -2200 - - -59 -65 -2223 - - -65 -76 -2124 - - -76 -528 -1296 - - - - - - -offset -id - - -12 - - -4 -13 -2042 - - -16 -17 -37935 - - -18 -19 -3184 - - -20 -21 -3634 - - -22 -31 -4534 - - -32 -276 -4265 - - -277 -27806 -1205 - - - - - - -offset -beginLine - - -12 - - -4 -5 -2040 - - -8 -9 -37937 - - -10 -11 -3184 - - -12 -13 -3634 - - -13 -18 -4342 - - -18 -131 -4269 - - -131 -10163 -1393 - - - - - - -offset -beginColumn - - -12 - - -1 -2 -40044 - - -2 -3 -4434 - - -3 -4 -3310 - - -4 -11 -4641 - - -11 -152 -4260 - - -152 -317 -110 - - - - - - -offset -endLine - - -12 - - -4 -5 -2040 - - -8 -9 -37937 - - -10 -11 -3184 - - -12 -13 -3634 - - -13 -18 -4342 - - -18 -131 -4269 - - -131 -10163 -1393 - - - - - - -offset -endColumn - - -12 - - -1 -2 -40085 - - -2 -3 -3591 - - -3 -4 -3628 - - -4 -9 -4339 - - -9 -62 -4261 - - -62 -326 -895 - - - - - - -beginLine -id - - -12 - - -1 -2 -15579 - - -2 -3 -110688 - - -3 -4 -8065 - - -4 -6 -13975 - - -6 -13 -12842 - - -13 -1717 -6159 - - - - - - -beginLine -offset - - -12 - - -1 -5 -9257 - - -5 -6 -90442 - - -6 -9 -13474 - - -9 -12 -11463 - - -12 -19 -13584 - - -19 -33 -13154 - - -33 -89 -12558 - - -89 -646 -3376 - - - - - - -beginLine -beginColumn - - -12 - - -1 -4 -12049 - - -4 -5 -4348 - - -5 -6 -101350 - - -6 -9 -13619 - - -9 -11 -8078 - - -11 -15 -13132 - - -15 -50 -12597 - - -50 -581 -2135 - - - - - - -beginLine -endLine - - -12 - - -1 -2 -167235 - - -2 -5 -73 - - - - - - -beginLine -endColumn - - -12 - - -1 -4 -12051 - - -4 -5 -4298 - - -5 -6 -101396 - - -6 -9 -13614 - - -9 -11 -8126 - - -11 -15 -13109 - - -15 -51 -12592 - - -51 -589 -2122 - - - - - - -beginColumn -id - - -12 - - -1 -2 -588 - - -2 -3 -318 - - -3 -6 -151 - - -6 -12 -143 - - -12 -24 -145 - - -24 -36 -142 - - -36 -86 -139 - - -87 -1324 -139 - - -1373 -23504 -88 - - - - - - -beginColumn -offset - - -12 - - -1 -2 -590 - - -2 -3 -319 - - -3 -5 -144 - - -5 -9 -139 - - -9 -13 -155 - - -13 -21 -145 - - -21 -59 -142 - - -59 -458 -139 - - -546 -15972 -80 - - - - - - -beginColumn -beginLine - - -12 - - -1 -2 -1018 - - -2 -3 -119 - - -3 -6 -157 - - -6 -13 -146 - - -13 -24 -139 - - -24 -141 -140 - - -145 -127333 -134 - - - - - - -beginColumn -endLine - - -12 - - -1 -2 -1018 - - -2 -3 -119 - - -3 -6 -157 - - -6 -13 -146 - - -13 -24 -139 - - -24 -141 -140 - - -145 -127333 -134 - - - - - - -beginColumn -endColumn - - -12 - - -1 -2 -1101 - - -2 -3 -190 - - -3 -4 -146 - - -4 -7 -164 - - -7 -19 -151 - - -19 -169 -101 - - - - - - -endLine -id - - -12 - - -1 -2 -15579 - - -2 -3 -110688 - - -3 -4 -8065 - - -4 -6 -13975 - - -6 -13 -12842 - - -13 -1717 -6159 - - - - - - -endLine -offset - - -12 - - -1 -5 -9257 - - -5 -6 -90442 - - -6 -9 -13474 - - -9 -12 -11463 - - -12 -19 -13584 - - -19 -33 -13154 - - -33 -89 -12558 - - -89 -646 -3376 - - - - - - -endLine -beginLine - - -12 - - -1 -2 -167235 - - -2 -5 -73 - - - - - - -endLine -beginColumn - - -12 - - -1 -4 -12049 - - -4 -5 -4348 - - -5 -6 -101350 - - -6 -9 -13619 - - -9 -11 -8078 - - -11 -15 -13132 - - -15 -50 -12597 - - -50 -581 -2135 - - - - - - -endLine -endColumn - - -12 - - -1 -4 -12051 - - -4 -5 -4298 - - -5 -6 -101396 - - -6 -9 -13614 - - -9 -11 -8126 - - -11 -15 -13111 - - -15 -51 -12590 - - -51 -589 -2122 - - - - - - -endColumn -id - - -12 - - -1 -2 -594 - - -2 -3 -327 - - -3 -6 -150 - - -6 -12 -141 - - -12 -23 -144 - - -23 -36 -142 - - -36 -81 -142 - - -83 -1013 -141 - - -1068 -22526 -94 - - - - - - -endColumn -offset - - -12 - - -1 -2 -594 - - -2 -3 -331 - - -3 -5 -148 - - -5 -9 -147 - - -9 -14 -161 - - -14 -23 -151 - - -23 -72 -143 - - -72 -1221 -141 - - -1224 -16225 -59 - - - - - - -endColumn -beginLine - - -12 - - -1 -2 -1020 - - -2 -3 -140 - - -3 -6 -151 - - -6 -13 -146 - - -13 -25 -143 - - -25 -158 -142 - - -160 -129820 -133 - - - - - - -endColumn -beginColumn - - -12 - - -1 -2 -1097 - - -2 -3 -214 - - -3 -4 -119 - - -4 -6 -146 - - -6 -14 -141 - - -14 -56 -141 - - -57 -66 -17 - - - - - - -endColumn -endLine - - -12 - - -1 -2 -1020 - - -2 -3 -140 - - -3 -6 -151 - - -6 -13 -146 - - -13 -25 -143 - - -25 -158 -142 - - -160 -129820 -133 - - - - - - - - externalData 5684 @@ -7370,18 +4114,6 @@ -snapshotDate -snapshotDate -1 - - -snapshotDate -1 - - - - - sourceLocationPrefix 1 From 984588745251eb8db38ae41c0a51e3363d15b066 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Tue, 16 May 2023 15:07:14 +0000 Subject: [PATCH 399/870] automodel java fix: export method name as 'name' metadata parameter; export parameter name as 'parameterName' parameter --- .../Telemetry/AutomodelFrameworkModeCharacteristics.qll | 7 ++++--- .../Telemetry/AutomodelFrameworkModeExtractCandidates.ql | 7 ++++--- .../AutomodelFrameworkModeExtractNegativeExamples.ql | 7 ++++--- .../AutomodelFrameworkModeExtractPositiveExamples.ql | 7 ++++--- 4 files changed, 16 insertions(+), 12 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll index c2d119e8f29..2d71aeecfd6 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll @@ -27,7 +27,7 @@ abstract class MetadataExtractor extends string { abstract predicate hasMetadata( DataFlow::ParameterNode e, string package, string type, boolean subtypes, string name, - string signature, int input + string signature, int input, string parameterName ); } @@ -167,14 +167,15 @@ class FrameworkModeMetadataExtractor extends MetadataExtractor { override predicate hasMetadata( Endpoint e, string package, string type, boolean subtypes, string name, string signature, - int input + int input, string parameterName ) { exists(Callable callable | e.asParameter() = callable.getParameter(input) and package = callable.getDeclaringType().getPackage().getName() and type = callable.getDeclaringType().getErasure().(RefType).nestedName() and subtypes = this.considerSubtypes(callable) and - name = e.toString() and + name = callable.getName() and + parameterName = e.toString() and signature = ExternalFlow::paramsString(callable) ) } diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql index fb0a947379d..5e22050a06a 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql @@ -17,7 +17,7 @@ private import AutomodelSharedUtil from Endpoint endpoint, string message, MetadataExtractor meta, string package, string type, - boolean subtypes, string name, string signature, int input + boolean subtypes, string name, string signature, int input, string parameterName where not exists(CharacteristicsImpl::UninterestingToModelCharacteristic u | u.appliesToEndpoint(endpoint) @@ -28,7 +28,7 @@ where // overlap between our detected sinks and the pre-existing modeling. We assume that, if a sink has already been // modeled in a MaD model, then it doesn't belong to any additional sink types, and we don't need to reexamine it. not CharacteristicsImpl::isSink(endpoint, _) and - meta.hasMetadata(endpoint, package, type, subtypes, name, signature, input) and + meta.hasMetadata(endpoint, package, type, subtypes, name, signature, input, parameterName) and // The message is the concatenation of all sink types for which this endpoint is known neither to be a sink nor to be // a non-sink, and we surface only endpoints that have at least one such sink type. message = @@ -47,4 +47,5 @@ select endpoint, subtypes.toString().(DollarAtString), "subtypes", // name.(DollarAtString), "name", // signature.(DollarAtString), "signature", // - input.toString().(DollarAtString), "input" // + input.toString().(DollarAtString), "input", // + parameterName.(DollarAtString), "parameterName" // diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractNegativeExamples.ql b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractNegativeExamples.ql index 368a373ffe8..d2e34f2c9b8 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractNegativeExamples.ql +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractNegativeExamples.ql @@ -15,7 +15,7 @@ private import AutomodelSharedUtil from Endpoint endpoint, EndpointCharacteristic characteristic, float confidence, string message, MetadataExtractor meta, string package, string type, boolean subtypes, string name, - string signature, int input + string signature, int input, string parameterName where characteristic.appliesToEndpoint(endpoint) and confidence >= SharedCharacteristics::highConfidence() and @@ -23,7 +23,7 @@ where // Exclude endpoints that have contradictory endpoint characteristics, because we only want examples we're highly // certain about in the prompt. not erroneousEndpoints(endpoint, _, _, _, _, false) and - meta.hasMetadata(endpoint, package, type, subtypes, name, signature, input) and + meta.hasMetadata(endpoint, package, type, subtypes, name, signature, input, parameterName) and // It's valid for a node to satisfy the logic for both `isSink` and `isSanitizer`, but in that case it will be // treated by the actual query as a sanitizer, since the final logic is something like // `isSink(n) and not isSanitizer(n)`. We don't want to include such nodes as negative examples in the prompt, because @@ -44,4 +44,5 @@ select endpoint, subtypes.toString().(DollarAtString), "subtypes", // name.(DollarAtString), "name", // signature.(DollarAtString), "signature", // - input.toString().(DollarAtString), "input" // + input.toString().(DollarAtString), "input", // + parameterName.(DollarAtString), "parameterName" // diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractPositiveExamples.ql b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractPositiveExamples.ql index df4d94ce235..b1174a82919 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractPositiveExamples.ql +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractPositiveExamples.ql @@ -14,12 +14,12 @@ private import AutomodelSharedUtil from Endpoint endpoint, SinkType sinkType, MetadataExtractor meta, string package, string type, - boolean subtypes, string name, string signature, int input + boolean subtypes, string name, string signature, int input, string parameterName where // Exclude endpoints that have contradictory endpoint characteristics, because we only want examples we're highly // certain about in the prompt. not erroneousEndpoints(endpoint, _, _, _, _, false) and - meta.hasMetadata(endpoint, package, type, subtypes, name, signature, input) and + meta.hasMetadata(endpoint, package, type, subtypes, name, signature, input, parameterName) and // Extract positive examples of sinks belonging to the existing ATM query configurations. CharacteristicsImpl::isKnownSink(endpoint, sinkType) select endpoint, @@ -31,4 +31,5 @@ select endpoint, subtypes.toString().(DollarAtString), "subtypes", // name.(DollarAtString), "name", // signature.(DollarAtString), "signature", // - input.toString().(DollarAtString), "input" // + input.toString().(DollarAtString), "input", // + parameterName.(DollarAtString), "parameterName" // From 406acbe6a4b83e27da3d27f9a5801057a676b780 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 16 May 2023 17:13:21 +0200 Subject: [PATCH 400/870] Update csharp/ql/lib/change-notes/2023-05-16-ilogger-extension-methods.md Co-authored-by: Michael B. Gale --- .../ql/lib/change-notes/2023-05-16-ilogger-extension-methods.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/csharp/ql/lib/change-notes/2023-05-16-ilogger-extension-methods.md b/csharp/ql/lib/change-notes/2023-05-16-ilogger-extension-methods.md index fdbbb92de6b..4d4f0767238 100644 --- a/csharp/ql/lib/change-notes/2023-05-16-ilogger-extension-methods.md +++ b/csharp/ql/lib/change-notes/2023-05-16-ilogger-extension-methods.md @@ -1,4 +1,4 @@ --- category: minorAnalysis --- -* Arguments in calls to `ILogger` extension methods have been added to `LogMessageSink`, used by the queries `cs/log-forging`, `cs/cleartext-storage`, and `cs/exposure-of-sensitive-information`. +* The `cs/log-forging`, `cs/cleartext-storage`, and `cs/exposure-of-sensitive-information` queries now correctly handle unsanitized arguments to `ILogger` extension methods. From 2cd8a879a588618907e3e90d58e8867b7b13aab9 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Tue, 16 May 2023 17:28:02 +0200 Subject: [PATCH 401/870] use `asParameter().getName()` instead of `toString()` Co-authored-by: Taus --- java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll index 2d71aeecfd6..57bd397f7a8 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeCharacteristics.qll @@ -175,7 +175,7 @@ class FrameworkModeMetadataExtractor extends MetadataExtractor { type = callable.getDeclaringType().getErasure().(RefType).nestedName() and subtypes = this.considerSubtypes(callable) and name = callable.getName() and - parameterName = e.toString() and + parameterName = e.asParameter().getName() and signature = ExternalFlow::paramsString(callable) ) } From c45032844e36f39181a19174288c3a4bacbc5459 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 16 May 2023 16:34:20 +0100 Subject: [PATCH 402/870] C++: Add example with conflation in dataflow. --- .../dataflow-tests/dataflow-consistency.expected | 2 ++ .../library-tests/dataflow/dataflow-tests/test.cpp | 13 +++++++++++++ 2 files changed, 15 insertions(+) diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected index 26b2bd0351d..4922e0641fd 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected @@ -125,6 +125,8 @@ postWithInFlow | test.cpp:681:3:681:3 | s [post update] | PostUpdateNode should not be the target of local flow. | | test.cpp:689:3:689:3 | s [post update] | PostUpdateNode should not be the target of local flow. | | test.cpp:690:3:690:3 | s [post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:694:4:694:6 | buf [inner post update] | PostUpdateNode should not be the target of local flow. | +| test.cpp:704:23:704:25 | buf [inner post update] | PostUpdateNode should not be the target of local flow. | viableImplInCallContextTooLarge uniqueParameterNodeAtPosition uniqueParameterNodePosition diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp index 5fae604f4d9..bb7919f5a68 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp @@ -690,3 +690,16 @@ void test_static_local_9() { s = 0; } +void increment_buf(int** buf) { // $ ast-def=buf ir-def=*buf ir-def=**buf + *buf += 10; + sink(buf); // $ SPURIOUS: ast,ir // should only be flow to the indirect argument, but there's also flow to the non-indirect argument +} + +void call_increment_buf(int** buf) { // $ ast-def=buf + increment_buf(buf); +} + +void test_conflation_regression(int* source) { // $ ast-def=source + int* buf = source; + call_increment_buf(&buf); +} \ No newline at end of file From 42d40900d39721b98b437c6a0f8ce425286c7bd8 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 16 May 2023 17:52:02 +0200 Subject: [PATCH 403/870] Swift: reword TSP diagnostics after doc team review --- .../autobuilder/failure/diagnostics.expected | 5 ++-- .../no-build-system/diagnostics.expected | 7 ++--- .../no-swift-with-spm/diagnostics.expected | 7 ++--- .../autobuilder/no-swift/diagnostics.expected | 5 ++-- .../no-xcode-with-spm/diagnostics.expected | 7 ++--- .../only-tests-with-spm/diagnostics.expected | 7 ++--- .../only-tests/diagnostics.expected | 5 ++-- swift/logging/SwiftDiagnostics.cpp | 2 +- swift/logging/SwiftDiagnostics.h | 4 +-- .../IncompatibleOs.cpp | 2 +- .../CustomizingBuildDiagnostics.h | 13 --------- .../xcode-autobuilder/CustomizingBuildLink.h | 12 ++++++++ swift/xcode-autobuilder/XcodeBuildRunner.cpp | 10 ++++--- swift/xcode-autobuilder/xcode-autobuilder.cpp | 28 ++++++++++--------- 14 files changed, 55 insertions(+), 59 deletions(-) delete mode 100644 swift/xcode-autobuilder/CustomizingBuildDiagnostics.h create mode 100644 swift/xcode-autobuilder/CustomizingBuildLink.h diff --git a/swift/integration-tests/osx-only/autobuilder/failure/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/failure/diagnostics.expected index fdb36dc401b..75f6271f6fc 100644 --- a/swift/integration-tests/osx-only/autobuilder/failure/diagnostics.expected +++ b/swift/integration-tests/osx-only/autobuilder/failure/diagnostics.expected @@ -1,9 +1,8 @@ { "helpLinks": [ - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning", - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language" + "" ], - "plaintextMessage": "The detected build command failed (tried /usr/bin/xcodebuild build -project /hello-failure.xcodeproj -target hello-failure CODE_SIGNING_REQUIRED=NO CODE_SIGNING_ALLOWED=NO).\n\nSet up a manual build command.", + "markdownMessage": "`autobuild` failed to run the detected build command:\n```\n/usr/bin/xcodebuild build -project /hello-failure.xcodeproj -target hello-failure CODE_SIGNING_REQUIRED=NO CODE_SIGNING_ALLOWED=NO\n```\n\nSet up a [manual build command][1] or [check the logs of the autobuild step][2].\n\n[1]: https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language\n[2]: https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/using-workflow-run-logs", "severity": "error", "source": { "extractorName": "swift", diff --git a/swift/integration-tests/osx-only/autobuilder/no-build-system/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/no-build-system/diagnostics.expected index 1e988936c9a..62f2f210443 100644 --- a/swift/integration-tests/osx-only/autobuilder/no-build-system/diagnostics.expected +++ b/swift/integration-tests/osx-only/autobuilder/no-build-system/diagnostics.expected @@ -1,14 +1,13 @@ { "helpLinks": [ - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning", - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language" + "" ], - "plaintextMessage": "No Xcode project or workspace was found.\n\nSet up a manual build command.", + "markdownMessage": "`autobuild` could not detect an Xcode project or workspace.\n\nSet up a [manual build command][1].\n\n[1]: https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language", "severity": "error", "source": { "extractorName": "swift", "id": "swift/autobuilder/no-project-found", - "name": "No Xcode project or workspace detected" + "name": "No Xcode project or workspace found" }, "visibility": { "cliSummaryTable": true, diff --git a/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/diagnostics.expected index 54201f6d979..7e06920c57b 100644 --- a/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/diagnostics.expected +++ b/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/diagnostics.expected @@ -1,14 +1,13 @@ { "helpLinks": [ - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning", - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language" + "" ], - "plaintextMessage": "No viable Swift Xcode target was found but a Swift package was detected. Swift Package Manager builds are not yet supported by the autobuilder.\n\nSet up a manual build command.", + "markdownMessage": "A Swift package was detected, but no viable Xcode target was found.\n\nSwift Package Manager builds are not currently supported by `autobuild`. Set up a [manual build command][1].\n\n[1]: https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language", "severity": "error", "source": { "extractorName": "swift", "id": "swift/autobuilder/spm-not-supported", - "name": "Swift Package Manager build unsupported by autobuild" + "name": "Swift Package Manager is not supported" }, "visibility": { "cliSummaryTable": true, diff --git a/swift/integration-tests/osx-only/autobuilder/no-swift/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/no-swift/diagnostics.expected index ea112182376..1dd2c9eeb4c 100644 --- a/swift/integration-tests/osx-only/autobuilder/no-swift/diagnostics.expected +++ b/swift/integration-tests/osx-only/autobuilder/no-swift/diagnostics.expected @@ -1,9 +1,8 @@ { "helpLinks": [ - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning", - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language" + "" ], - "plaintextMessage": "All targets found within Xcode projects or workspaces either have no Swift sources or are tests.\n\nSet up a manual build command.", + "markdownMessage": "All targets found within Xcode projects or workspaces either have no Swift sources or are tests.\n\nTo analyze a custom set of source files, set up a [manual build command][1].\n\n[1]: https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language", "severity": "error", "source": { "extractorName": "swift", diff --git a/swift/integration-tests/osx-only/autobuilder/no-xcode-with-spm/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/no-xcode-with-spm/diagnostics.expected index 54201f6d979..7e06920c57b 100644 --- a/swift/integration-tests/osx-only/autobuilder/no-xcode-with-spm/diagnostics.expected +++ b/swift/integration-tests/osx-only/autobuilder/no-xcode-with-spm/diagnostics.expected @@ -1,14 +1,13 @@ { "helpLinks": [ - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning", - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language" + "" ], - "plaintextMessage": "No viable Swift Xcode target was found but a Swift package was detected. Swift Package Manager builds are not yet supported by the autobuilder.\n\nSet up a manual build command.", + "markdownMessage": "A Swift package was detected, but no viable Xcode target was found.\n\nSwift Package Manager builds are not currently supported by `autobuild`. Set up a [manual build command][1].\n\n[1]: https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language", "severity": "error", "source": { "extractorName": "swift", "id": "swift/autobuilder/spm-not-supported", - "name": "Swift Package Manager build unsupported by autobuild" + "name": "Swift Package Manager is not supported" }, "visibility": { "cliSummaryTable": true, diff --git a/swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/diagnostics.expected index 54201f6d979..7e06920c57b 100644 --- a/swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/diagnostics.expected +++ b/swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/diagnostics.expected @@ -1,14 +1,13 @@ { "helpLinks": [ - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning", - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language" + "" ], - "plaintextMessage": "No viable Swift Xcode target was found but a Swift package was detected. Swift Package Manager builds are not yet supported by the autobuilder.\n\nSet up a manual build command.", + "markdownMessage": "A Swift package was detected, but no viable Xcode target was found.\n\nSwift Package Manager builds are not currently supported by `autobuild`. Set up a [manual build command][1].\n\n[1]: https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language", "severity": "error", "source": { "extractorName": "swift", "id": "swift/autobuilder/spm-not-supported", - "name": "Swift Package Manager build unsupported by autobuild" + "name": "Swift Package Manager is not supported" }, "visibility": { "cliSummaryTable": true, diff --git a/swift/integration-tests/osx-only/autobuilder/only-tests/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/only-tests/diagnostics.expected index ea112182376..1dd2c9eeb4c 100644 --- a/swift/integration-tests/osx-only/autobuilder/only-tests/diagnostics.expected +++ b/swift/integration-tests/osx-only/autobuilder/only-tests/diagnostics.expected @@ -1,9 +1,8 @@ { "helpLinks": [ - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning", - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language" + "" ], - "plaintextMessage": "All targets found within Xcode projects or workspaces either have no Swift sources or are tests.\n\nSet up a manual build command.", + "markdownMessage": "All targets found within Xcode projects or workspaces either have no Swift sources or are tests.\n\nTo analyze a custom set of source files, set up a [manual build command][1].\n\n[1]: https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language", "severity": "error", "source": { "extractorName": "swift", diff --git a/swift/logging/SwiftDiagnostics.cpp b/swift/logging/SwiftDiagnostics.cpp index 06c86f7f58a..ac6e42c74e7 100644 --- a/swift/logging/SwiftDiagnostics.cpp +++ b/swift/logging/SwiftDiagnostics.cpp @@ -42,7 +42,7 @@ nlohmann::json SwiftDiagnostic::json(const std::chrono::system_clock::time_point {"severity", severityToString(severity)}, {"helpLinks", std::vector(absl::StrSplit(helpLinks, ' '))}, {format == Format::markdown ? "markdownMessage" : "plaintextMessage", - absl::StrCat(message, ".\n\n", action)}, + absl::StrCat(message, "\n\n", action)}, {"timestamp", fmt::format("{:%FT%T%z}", timestamp)}, }; if (location) { diff --git a/swift/logging/SwiftDiagnostics.h b/swift/logging/SwiftDiagnostics.h index 5a0f5617076..64cb9e2bdd5 100644 --- a/swift/logging/SwiftDiagnostics.h +++ b/swift/logging/SwiftDiagnostics.h @@ -91,8 +91,8 @@ struct SwiftDiagnostic { // create a JSON diagnostics for this source with the given `timestamp` and `message` // Depending on format, either a plaintextMessage or markdownMessage is used that includes both - // the message and the action to take. A dot '.' is appended to `message`. The id is used to - // construct the source id in the form `swift//` + // the message and the action to take. The id is used to construct the source id in the form + // `swift//` nlohmann::json json(const std::chrono::system_clock::time_point& timestamp, std::string_view message) const; diff --git a/swift/tools/autobuilder-diagnostics/IncompatibleOs.cpp b/swift/tools/autobuilder-diagnostics/IncompatibleOs.cpp index d19479eae7d..2920a00f955 100644 --- a/swift/tools/autobuilder-diagnostics/IncompatibleOs.cpp +++ b/swift/tools/autobuilder-diagnostics/IncompatibleOs.cpp @@ -32,6 +32,6 @@ static codeql::Logger& logger() { int main() { DIAGNOSE_ERROR(incompatibleOs, - "Currently, `autobuild` for Swift analysis is only supported on macOS"); + "Currently, `autobuild` for Swift analysis is only supported on macOS."); return 1; } diff --git a/swift/xcode-autobuilder/CustomizingBuildDiagnostics.h b/swift/xcode-autobuilder/CustomizingBuildDiagnostics.h deleted file mode 100644 index 453fa70c13f..00000000000 --- a/swift/xcode-autobuilder/CustomizingBuildDiagnostics.h +++ /dev/null @@ -1,13 +0,0 @@ -#include -#include "swift/logging/SwiftDiagnostics.h" - -namespace codeql { -constexpr std::string_view customizingBuildAction = "Set up a manual build command."; -constexpr SwiftDiagnostic::HelpLinks customizingBuildHelpLinks{ - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/" - "automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning " - "https://docs.github.com/en/enterprise-server/code-security/code-scanning/" - "automatically-scanning-your-code-for-vulnerabilities-and-errors/" - "configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-" - "language"}; -} // namespace codeql diff --git a/swift/xcode-autobuilder/CustomizingBuildLink.h b/swift/xcode-autobuilder/CustomizingBuildLink.h new file mode 100644 index 00000000000..3bc1f3f521f --- /dev/null +++ b/swift/xcode-autobuilder/CustomizingBuildLink.h @@ -0,0 +1,12 @@ +#include +#include "swift/logging/SwiftDiagnostics.h" + +#define MANUAL_BUILD_COMMAND_HELP_LINK \ + "https://docs.github.com/en/enterprise-server/code-security/code-scanning/" \ + "automatically-scanning-your-code-for-vulnerabilities-and-errors/" \ + "configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-" \ + "language" + +#define CHECK_LOGS_HELP_LINK \ + "https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/" \ + "using-workflow-run-logs" diff --git a/swift/xcode-autobuilder/XcodeBuildRunner.cpp b/swift/xcode-autobuilder/XcodeBuildRunner.cpp index b209caa3df9..d63ab27d853 100644 --- a/swift/xcode-autobuilder/XcodeBuildRunner.cpp +++ b/swift/xcode-autobuilder/XcodeBuildRunner.cpp @@ -6,11 +6,12 @@ #include "absl/strings/str_join.h" #include "swift/logging/SwiftLogging.h" -#include "swift/xcode-autobuilder/CustomizingBuildDiagnostics.h" +#include "swift/xcode-autobuilder/CustomizingBuildLink.h" constexpr codeql::SwiftDiagnostic buildCommandFailed{ - "build-command-failed", "Detected build command failed", codeql::customizingBuildAction, - codeql::SwiftDiagnostic::Format::plaintext, codeql::customizingBuildHelpLinks}; + "build-command-failed", "Detected build command failed", + "Set up a [manual build command][1] or [check the logs of the autobuild step][2].\n" + "\n[1]: " MANUAL_BUILD_COMMAND_HELP_LINK "\n[2]: " CHECK_LOGS_HELP_LINK}; static codeql::Logger& logger() { static codeql::Logger ret{"build"}; @@ -68,7 +69,8 @@ void buildTarget(Target& target, bool dryRun) { std::cout << absl::StrJoin(argv, " ") << "\n"; } else { if (!exec(argv)) { - DIAGNOSE_ERROR(buildCommandFailed, "The detected build command failed (tried {})", + DIAGNOSE_ERROR(buildCommandFailed, + "`autobuild` failed to run the detected build command:\n```\n{}\n```", absl::StrJoin(argv, " ")); codeql::Log::flush(); exit(1); diff --git a/swift/xcode-autobuilder/xcode-autobuilder.cpp b/swift/xcode-autobuilder/xcode-autobuilder.cpp index 067c4d24139..1278d716325 100644 --- a/swift/xcode-autobuilder/xcode-autobuilder.cpp +++ b/swift/xcode-autobuilder/xcode-autobuilder.cpp @@ -5,25 +5,28 @@ #include "swift/xcode-autobuilder/XcodeBuildRunner.h" #include "swift/xcode-autobuilder/XcodeProjectParser.h" #include "swift/logging/SwiftLogging.h" -#include "swift/xcode-autobuilder/CustomizingBuildDiagnostics.h" +#include "swift/xcode-autobuilder/CustomizingBuildLink.h" static const char* uiTest = "com.apple.product-type.bundle.ui-testing"; static const char* unitTest = "com.apple.product-type.bundle.unit-test"; const std::string_view codeql::programName = "autobuilder"; -constexpr codeql::SwiftDiagnostic noProjectFound{ - "no-project-found", "No Xcode project or workspace detected", codeql::customizingBuildAction, - codeql::SwiftDiagnostic::Format::plaintext, codeql::customizingBuildHelpLinks}; +constexpr codeql::SwiftDiagnostic noProjectFound{"no-project-found", + "No Xcode project or workspace found", + "Set up a [manual build command][1].\n" + "\n[1]: " MANUAL_BUILD_COMMAND_HELP_LINK}; constexpr codeql::SwiftDiagnostic noSwiftTarget{ - "no-swift-target", "No Swift compilation target found", codeql::customizingBuildAction, - codeql::SwiftDiagnostic::Format::plaintext, codeql::customizingBuildHelpLinks}; + "no-swift-target", "No Swift compilation target found", + "To analyze a custom set of source files, set up a [manual build command][1].\n" + "\n[1]: " MANUAL_BUILD_COMMAND_HELP_LINK}; constexpr codeql::SwiftDiagnostic spmNotSupported{ - "spm-not-supported", "Swift Package Manager build unsupported by autobuild", - codeql::customizingBuildAction, codeql::SwiftDiagnostic::Format::plaintext, - codeql::customizingBuildHelpLinks}; + "spm-not-supported", "Swift Package Manager is not supported", + "Swift Package Manager builds are not currently supported by `autobuild`. Set up a [manual " + "build command][1].\n" + "\n[1]: " MANUAL_BUILD_COMMAND_HELP_LINK}; static codeql::Logger& logger() { static codeql::Logger ret{"main"}; @@ -53,13 +56,12 @@ static void autobuild(const CLIArgs& args) { [](Target& lhs, Target& rhs) { return lhs.fileCount > rhs.fileCount; }); if ((!collected.xcodeEncountered || targets.empty()) && collected.swiftPackageEncountered) { DIAGNOSE_ERROR(spmNotSupported, - "No viable Swift Xcode target was found but a Swift package was detected. Swift " - "Package Manager builds are not yet supported by the autobuilder"); + "A Swift package was detected, but no viable Xcode target was found."); } else if (!collected.xcodeEncountered) { - DIAGNOSE_ERROR(noProjectFound, "No Xcode project or workspace was found"); + DIAGNOSE_ERROR(noProjectFound, "`autobuild` could not detect an Xcode project or workspace."); } else if (targets.empty()) { DIAGNOSE_ERROR(noSwiftTarget, "All targets found within Xcode projects or workspaces either " - "have no Swift sources or are tests"); + "have no Swift sources or are tests."); } else { LOG_INFO("Selected {}", targets.front()); buildTarget(targets.front(), args.dryRun); From 2d8030210857e3742655338a171be2d5d349ab74 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Tue, 16 May 2023 16:54:19 +0100 Subject: [PATCH 404/870] Use empty toolchains.xml for java-version-too-old --- .../java/diagnostics/java-version-too-old/test.py | 8 +++++++- .../java/diagnostics/java-version-too-old/toolchains.xml | 5 +++++ 2 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 java/ql/integration-tests/all-platforms/java/diagnostics/java-version-too-old/toolchains.xml diff --git a/java/ql/integration-tests/all-platforms/java/diagnostics/java-version-too-old/test.py b/java/ql/integration-tests/all-platforms/java/diagnostics/java-version-too-old/test.py index e40201a8b68..1cb00f89f55 100644 --- a/java/ql/integration-tests/all-platforms/java/diagnostics/java-version-too-old/test.py +++ b/java/ql/integration-tests/all-platforms/java/diagnostics/java-version-too-old/test.py @@ -13,6 +13,12 @@ for k in ["JAVA_HOME_11_X64", "JAVA_HOME_17_X64"]: if k in os.environ: del os.environ[k] -run_codeql_database_create([], lang="java", runFunction = runUnsuccessfully, db = None) +# Use a custom, empty toolchains.xml file so the autobuilder doesn't see any Java versions that may be +# in a system-level toolchains file +toolchains_path = os.path.join(os.getcwd(), 'toolchains.xml') + +run_codeql_database_create([], lang="java", runFunction = runUnsuccessfully, db = None, extra_env={ + 'LGTM_INDEX_MAVEN_TOOLCHAINS_FILE': toolchains_path +}) check_diagnostics() diff --git a/java/ql/integration-tests/all-platforms/java/diagnostics/java-version-too-old/toolchains.xml b/java/ql/integration-tests/all-platforms/java/diagnostics/java-version-too-old/toolchains.xml new file mode 100644 index 00000000000..51f20003fa9 --- /dev/null +++ b/java/ql/integration-tests/all-platforms/java/diagnostics/java-version-too-old/toolchains.xml @@ -0,0 +1,5 @@ + + + From 35e91bafa721daa6d7bb824193f3a4f89c8c58a7 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 16 May 2023 17:23:11 +0100 Subject: [PATCH 405/870] C++: Introduce 'indirect_sink' in dataflow tests. --- .../test/library-tests/dataflow/dataflow-tests/clang.cpp | 8 +++++--- .../dataflow-tests/dataflow-consistency.expected | 7 ++++--- .../test/library-tests/dataflow/dataflow-tests/test.cpp | 6 +++--- .../test/library-tests/dataflow/dataflow-tests/test.ql | 9 ++++++--- 4 files changed, 18 insertions(+), 12 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/clang.cpp b/cpp/ql/test/library-tests/dataflow/dataflow-tests/clang.cpp index 71e752720de..499e8b8a62b 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/clang.cpp +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/clang.cpp @@ -1,7 +1,7 @@ // semmle-extractor-options: --edg --clang int source(); -void sink(int); void sink(const int *); void sink(int **); +void sink(int); void sink(const int *); void sink(int **); void indirect_sink(...); struct twoIntFields { int m1, m2; @@ -19,7 +19,8 @@ void following_pointers( // $ ast-def=sourceStruct1_ptr sink(sourceArray1[0]); // no flow sink(*sourceArray1); // no flow - sink(&sourceArray1); // $ ast,ir // [should probably be taint only] + sink(&sourceArray1); // $ ast // [should probably be taint only] + indirect_sink(&sourceArray1); // $ ast,ir sink(sourceStruct1.m1); // no flow sink(sourceStruct1_ptr->m1); // no flow @@ -48,5 +49,6 @@ void following_pointers( // $ ast-def=sourceStruct1_ptr int stackArray[2] = { source(), source() }; stackArray[0] = source(); - sink(stackArray); // $ ast ir ir=49:25 ir=49:35 ir=50:19 + sink(stackArray); // $ ast,ir + indirect_sink(stackArray); // $ ast ir=50:25 ir=50:35 ir=51:19 } diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected index 4922e0641fd..acf233ed2ee 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected @@ -28,9 +28,10 @@ postWithInFlow | BarrierGuard.cpp:49:6:49:6 | x [post update] | PostUpdateNode should not be the target of local flow. | | BarrierGuard.cpp:60:7:60:7 | x [post update] | PostUpdateNode should not be the target of local flow. | | clang.cpp:22:9:22:20 | sourceArray1 [inner post update] | PostUpdateNode should not be the target of local flow. | -| clang.cpp:28:22:28:23 | m1 [post update] | PostUpdateNode should not be the target of local flow. | -| clang.cpp:50:3:50:12 | stackArray [inner post update] | PostUpdateNode should not be the target of local flow. | -| clang.cpp:50:3:50:15 | access to array [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:23:18:23:29 | sourceArray1 [inner post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:29:22:29:23 | m1 [post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:51:3:51:12 | stackArray [inner post update] | PostUpdateNode should not be the target of local flow. | +| clang.cpp:51:3:51:15 | access to array [post update] | PostUpdateNode should not be the target of local flow. | | dispatch.cpp:60:3:60:14 | globalBottom [post update] | PostUpdateNode should not be the target of local flow. | | dispatch.cpp:61:3:61:14 | globalMiddle [post update] | PostUpdateNode should not be the target of local flow. | | dispatch.cpp:78:24:78:37 | call to allocateBottom [inner post update] | PostUpdateNode should not be the target of local flow. | diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp index bb7919f5a68..d078ca6195e 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp @@ -1,5 +1,5 @@ int source(); -void sink(int); void sink(const int *); void sink(int **); +void sink(int); void sink(const int *); void sink(int **); void indirect_sink(...); void intraprocedural_with_local_flow() { int t2; @@ -626,7 +626,7 @@ void test_def_via_phi_read(bool b) use(buffer); } intPointerSource(buffer); - sink(buffer); // $ ast,ir + indirect_sink(buffer); // $ ast,ir } void test_static_local_1() { @@ -692,7 +692,7 @@ void test_static_local_9() { void increment_buf(int** buf) { // $ ast-def=buf ir-def=*buf ir-def=**buf *buf += 10; - sink(buf); // $ SPURIOUS: ast,ir // should only be flow to the indirect argument, but there's also flow to the non-indirect argument + sink(buf); // $ SPURIOUS: ast,ir } void call_increment_buf(int** buf) { // $ ast-def=buf diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.ql b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.ql index 49c23907c1d..3847e27e2a0 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.ql +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.ql @@ -34,7 +34,7 @@ module AstTest { override predicate isSink(DataFlow::Node sink) { exists(FunctionCall call | - call.getTarget().getName() = "sink" and + call.getTarget().getName() = ["sink", "indirect_sink"] and sink.asExpr() = call.getAnArgument() ) } @@ -83,9 +83,12 @@ module IRTest { } override predicate isSink(DataFlow::Node sink) { - exists(FunctionCall call | + exists(FunctionCall call, Expr e | e = call.getAnArgument() | call.getTarget().getName() = "sink" and - call.getAnArgument() in [sink.asExpr(), sink.asIndirectExpr()] + sink.asExpr() = e + or + call.getTarget().getName() = "indirect_sink" and + sink.asIndirectExpr() = e ) } From 150d4f341af87eafa54639b5489499882ecbf236 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 16 May 2023 17:00:56 +0100 Subject: [PATCH 406/870] C++: Fix looping flow that goes from the output argument node and back into the function argument. --- .../cpp/ir/dataflow/internal/SsaInternals.qll | 33 +++++++++---------- 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll index 54b86153f10..551653c3aca 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll @@ -657,24 +657,16 @@ private predicate indirectConversionFlowStep(Node nFrom, Node nTo) { * So this predicate recurses back along conversions and `PointerArithmeticInstruction`s to find the * first use that has provides use-use flow, and uses that target as the target of the `nodeFrom`. */ -private predicate adjustForPointerArith( - DefOrUse defOrUse, Node nodeFrom, UseOrPhi use, boolean uncertain -) { - nodeFrom = any(PostUpdateNode pun).getPreUpdateNode() and - exists(Node adjusted | - indirectConversionFlowStep*(adjusted, nodeFrom) and - nodeToDefOrUse(adjusted, defOrUse, uncertain) and +private predicate adjustForPointerArith(PostUpdateNode pun, UseOrPhi use) { + exists(DefOrUse defOrUse, Node adjusted | + indirectConversionFlowStep*(adjusted, pun.getPreUpdateNode()) and + nodeToDefOrUse(adjusted, defOrUse, _) and adjacentDefRead(defOrUse, use) ) } private predicate ssaFlowImpl(SsaDefOrUse defOrUse, Node nodeFrom, Node nodeTo, boolean uncertain) { - // `nodeFrom = any(PostUpdateNode pun).getPreUpdateNode()` is implied by adjustedForPointerArith. exists(UseOrPhi use | - adjustForPointerArith(defOrUse, nodeFrom, use, uncertain) and - useToNode(use, nodeTo) - or - not nodeFrom = any(PostUpdateNode pun).getPreUpdateNode() and nodeToDefOrUse(nodeFrom, defOrUse, uncertain) and adjacentDefRead(defOrUse, use) and useToNode(use, nodeTo) and @@ -719,14 +711,19 @@ predicate ssaFlow(Node nodeFrom, Node nodeTo) { ) } +private predicate isArgumentOfCallable(DataFlowCall call, ArgumentNode arg) { + arg.argumentOf(call, _) +} + +/** Holds if there is def-use or use-use flow from `pun` to `nodeTo`. */ predicate postUpdateFlow(PostUpdateNode pun, Node nodeTo) { - exists(Node preUpdate, Node nFrom, boolean uncertain, SsaDefOrUse defOrUse | + exists(UseOrPhi use, Node preUpdate | + adjustForPointerArith(pun, use) and + useToNode(use, nodeTo) and preUpdate = pun.getPreUpdateNode() and - ssaFlowImpl(defOrUse, nFrom, nodeTo, uncertain) - | - if uncertain = true - then preUpdate = [nFrom, getAPriorDefinition(defOrUse)] - else preUpdate = nFrom + not exists(DataFlowCall call | + isArgumentOfCallable(call, preUpdate) and isArgumentOfCallable(call, nodeTo) + ) ) } From c93a05124312d306e0418a0002e6371a8ecf12d8 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 16 May 2023 17:37:20 +0100 Subject: [PATCH 407/870] C++: Accept test changes. --- cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp index d078ca6195e..915a8421475 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp @@ -692,7 +692,7 @@ void test_static_local_9() { void increment_buf(int** buf) { // $ ast-def=buf ir-def=*buf ir-def=**buf *buf += 10; - sink(buf); // $ SPURIOUS: ast,ir + sink(buf); // $ SPURIOUS: ast } void call_increment_buf(int** buf) { // $ ast-def=buf From 9def3dd4405883d70b80e97a289747c3033286d5 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 16 May 2023 17:42:34 +0100 Subject: [PATCH 408/870] Update swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.swift Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com> --- .../src/queries/Security/CWE-321/HardcodedEncryptionKey.swift | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.swift b/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.swift index b3f0af7395e..dcc273b7771 100644 --- a/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.swift +++ b/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.swift @@ -14,7 +14,7 @@ func encrypt(padding : Padding) { // GOOD: Using randomly generated keys for encryption var key = [Int8](repeating: 0, count: 10) - let status = SecRandomCopyBytes(kSecRandomDefault, key.count, &key) + let status = SecRandomCopyBytes(kSecRandomDefault, key.count - 1, &key) if status == errSecSuccess { let keyString = String(cString: key) let ivString = getRandomIV() From 7ada125299013979bf8ffdccd3898e9b5b117ded Mon Sep 17 00:00:00 2001 From: Alexandre Boulgakov Date: Mon, 15 May 2023 21:14:17 +0100 Subject: [PATCH 409/870] Swift: Support fmtlib for assertions/expectations. Specifically, this adds custom formatters using `path::operator string()` and `error_code::message()` and dereferences a (non-empty) optional. `fmtlib` provides formatters for these standard library types in `fmt/std.h`, but that file also requires RTTI (which we disable) for `std::exception` so we can't use it without either patching `fmtlib` (which they're open to: https://github.com/fmtlib/fmt/issues/3170) or enabling RTTI (which will require some consideration). --- .../extractor/translators/DeclTranslator.cpp | 2 +- swift/logging/Formatters.h | 20 +++++++++++++++++++ swift/logging/SwiftDiagnostics.h | 2 ++ 3 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 swift/logging/Formatters.h diff --git a/swift/extractor/translators/DeclTranslator.cpp b/swift/extractor/translators/DeclTranslator.cpp index 06bc086bec1..2abfa820534 100644 --- a/swift/extractor/translators/DeclTranslator.cpp +++ b/swift/extractor/translators/DeclTranslator.cpp @@ -253,7 +253,7 @@ void DeclTranslator::fillFunction(const swift::AbstractFunctionDecl& decl, entry.name = !decl.hasName() ? "(unnamed function decl)" : constructName(decl.getName()); entry.body = dispatcher.fetchOptionalLabel(decl.getBody()); CODEQL_EXPECT_OR(return, decl.hasParameterList(), "Function {} has no parameter list", - entry.name); + *entry.name); entry.params = dispatcher.fetchRepeatedLabels(*decl.getParameters()); auto self = const_cast(decl.getImplicitSelfDecl()); entry.self_param = dispatcher.fetchOptionalLabel(self); diff --git a/swift/logging/Formatters.h b/swift/logging/Formatters.h new file mode 100644 index 00000000000..9dc003b9ffe --- /dev/null +++ b/swift/logging/Formatters.h @@ -0,0 +1,20 @@ +#pragma once + +// Provides formatters for standard library types to be used with fmtlib. +// TODO: Patch fmtlib to support using `fmt/std.h` without RTTI +// (https://github.com/fmtlib/fmt/issues/3170). + +#include +#include +#include + +namespace fmt { +FMT_FORMAT_AS(std::filesystem::path, std::string); +} + +template <> +struct fmt::formatter : fmt::formatter { + auto format(const std::error_code& e, format_context& ctx) const { + return fmt::formatter::format(e.message(), ctx); + } +}; diff --git a/swift/logging/SwiftDiagnostics.h b/swift/logging/SwiftDiagnostics.h index 5a0f5617076..e930a93e2b2 100644 --- a/swift/logging/SwiftDiagnostics.h +++ b/swift/logging/SwiftDiagnostics.h @@ -14,6 +14,8 @@ #include #include +#include "swift/logging/Formatters.h" + namespace codeql { extern const std::string_view programName; From 402212bab96f5f0abe1df973cde80bfb16c1d245 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 16 May 2023 18:35:05 +0100 Subject: [PATCH 410/870] C++: Accept query test changes. --- .../CWE-078/SAMATE/ExecTainted/ExecTainted.expected | 13 ------------- .../CWE-078/semmle/ExecTainted/ExecTainted.expected | 2 -- 2 files changed, 15 deletions(-) diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected index 3bcfdb6e4ae..de7089cab07 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected @@ -1,29 +1,16 @@ edges | tests.cpp:26:15:26:23 | badSource indirection | tests.cpp:51:12:51:20 | call to badSource indirection | -| tests.cpp:26:32:26:35 | data indirection | tests.cpp:26:15:26:23 | badSource indirection | -| tests.cpp:26:32:26:35 | data indirection | tests.cpp:38:25:38:36 | strncat output argument | | tests.cpp:33:34:33:39 | call to getenv indirection | tests.cpp:38:39:38:49 | environment indirection | | tests.cpp:38:25:38:36 | strncat output argument | tests.cpp:26:15:26:23 | badSource indirection | -| tests.cpp:38:25:38:36 | strncat output argument | tests.cpp:26:15:26:23 | badSource indirection | -| tests.cpp:38:25:38:36 | strncat output argument | tests.cpp:51:22:51:25 | badSource output argument | | tests.cpp:38:39:38:49 | environment indirection | tests.cpp:38:25:38:36 | strncat output argument | | tests.cpp:51:12:51:20 | call to badSource indirection | tests.cpp:53:16:53:19 | data indirection | -| tests.cpp:51:22:51:25 | badSource output argument | tests.cpp:51:22:51:25 | data indirection | -| tests.cpp:51:22:51:25 | data indirection | tests.cpp:26:32:26:35 | data indirection | -| tests.cpp:51:22:51:25 | data indirection | tests.cpp:51:12:51:20 | call to badSource indirection | nodes | tests.cpp:26:15:26:23 | badSource indirection | semmle.label | badSource indirection | -| tests.cpp:26:15:26:23 | badSource indirection | semmle.label | badSource indirection | -| tests.cpp:26:32:26:35 | data indirection | semmle.label | data indirection | | tests.cpp:33:34:33:39 | call to getenv indirection | semmle.label | call to getenv indirection | | tests.cpp:38:25:38:36 | strncat output argument | semmle.label | strncat output argument | -| tests.cpp:38:25:38:36 | strncat output argument | semmle.label | strncat output argument | | tests.cpp:38:39:38:49 | environment indirection | semmle.label | environment indirection | | tests.cpp:51:12:51:20 | call to badSource indirection | semmle.label | call to badSource indirection | -| tests.cpp:51:22:51:25 | badSource output argument | semmle.label | badSource output argument | -| tests.cpp:51:22:51:25 | data indirection | semmle.label | data indirection | | tests.cpp:53:16:53:19 | data indirection | semmle.label | data indirection | subpaths -| tests.cpp:51:22:51:25 | data indirection | tests.cpp:26:32:26:35 | data indirection | tests.cpp:26:15:26:23 | badSource indirection | tests.cpp:51:12:51:20 | call to badSource indirection | #select | tests.cpp:53:16:53:19 | data | tests.cpp:33:34:33:39 | call to getenv indirection | tests.cpp:53:16:53:19 | data indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | tests.cpp:33:34:33:39 | call to getenv indirection | user input (an environment variable) | tests.cpp:38:25:38:36 | strncat output argument | strncat output argument | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected index f038f287bfc..24b2320c83f 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected @@ -45,8 +45,6 @@ edges | test.cpp:186:47:186:54 | filename indirection | test.cpp:188:20:188:24 | flags indirection | | test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:11:188:17 | strncat output argument | | test.cpp:187:18:187:25 | filename indirection | test.cpp:187:11:187:15 | strncat output argument | -| test.cpp:188:11:188:17 | strncat output argument | test.cpp:188:11:188:17 | strncat output argument | -| test.cpp:188:11:188:17 | strncat output argument | test.cpp:188:11:188:17 | strncat output argument | | test.cpp:188:20:188:24 | flags indirection | test.cpp:188:11:188:17 | strncat output argument | | test.cpp:194:9:194:16 | fread output argument | test.cpp:196:26:196:33 | filename indirection | | test.cpp:196:10:196:16 | concat output argument | test.cpp:198:32:198:38 | command indirection | From 613077c7a9fede81cbd090b20c02da4cf9aab8cf Mon Sep 17 00:00:00 2001 From: Jami Cogswell Date: Fri, 12 May 2023 15:28:29 -0400 Subject: [PATCH 411/870] C#: update 'code' sink kind to 'code-injection' --- .../ql/lib/ext/ServiceStack.Redis.model.yml | 54 +++++++++---------- .../code/csharp/dataflow/ExternalFlow.qll | 2 +- .../security/dataflow/CodeInjectionQuery.qll | 2 +- .../dataflow/external-models/sinks.ext.yml | 2 +- 4 files changed, 30 insertions(+), 30 deletions(-) diff --git a/csharp/ql/lib/ext/ServiceStack.Redis.model.yml b/csharp/ql/lib/ext/ServiceStack.Redis.model.yml index 46415828318..9016c393077 100644 --- a/csharp/ql/lib/ext/ServiceStack.Redis.model.yml +++ b/csharp/ql/lib/ext/ServiceStack.Redis.model.yml @@ -3,30 +3,30 @@ extensions: pack: codeql/csharp-all extensible: sinkModel data: - - ["ServiceStack.Redis", "IRedisClient", True, "Custom", "(System.Object[])", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClient", True, "ExecCachedLua", "(System.String,System.Func)", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClient", True, "ExecLua", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClient", True, "ExecLua", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsInt", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsInt", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsList", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsList", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsString", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsString", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClient", True, "LoadLuaScript", "(System.String)", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClientAsync", True, "CustomAsync", "(System.Object[])", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClientAsync", True, "CustomAsync", "(System.Object[],System.Threading.CancellationToken)", "", "Argument[0].Element", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecCachedLuaAsync", "(System.String,System.Func>,System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsIntAsync", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsIntAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsIntAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsListAsync", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsListAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsListAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsStringAsync", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsStringAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsStringAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsync", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"] - - ["ServiceStack.Redis", "IRedisClientAsync", True, "LoadLuaScriptAsync", "(System.String,System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"] + - ["ServiceStack.Redis", "IRedisClient", True, "Custom", "(System.Object[])", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClient", True, "ExecCachedLua", "(System.String,System.Func)", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClient", True, "ExecLua", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClient", True, "ExecLua", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsInt", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsInt", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsList", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsList", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsString", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsString", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClient", True, "LoadLuaScript", "(System.String)", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClientAsync", True, "CustomAsync", "(System.Object[])", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClientAsync", True, "CustomAsync", "(System.Object[],System.Threading.CancellationToken)", "", "Argument[0].Element", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecCachedLuaAsync", "(System.String,System.Func>,System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsIntAsync", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsIntAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsIntAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsListAsync", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsListAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsListAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsStringAsync", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsStringAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsStringAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsync", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"] + - ["ServiceStack.Redis", "IRedisClientAsync", True, "LoadLuaScriptAsync", "(System.String,System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"] diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll index 1f57626840b..3241a8b690c 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll @@ -211,7 +211,7 @@ module ModelValidation { ) or exists(string kind | sinkModel(_, _, _, _, _, _, _, kind, _) | - not kind = ["code", "sql", "xss", "remote", "html"] and + not kind = ["code-injection", "sql", "xss", "remote", "html"] and not kind.matches("encryption-%") and result = "Invalid kind \"" + kind + "\" in sink model." ) diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll index 76a9a495637..cd035de9414 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll @@ -97,5 +97,5 @@ class RoslynCSharpScriptSink extends Sink { /** Code injection sinks defined through CSV models. */ private class ExternalCodeInjectionExprSink extends Sink { - ExternalCodeInjectionExprSink() { sinkNode(this, "code") } + ExternalCodeInjectionExprSink() { sinkNode(this, "code-injection") } } diff --git a/csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml b/csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml index 3198057f42c..85590cecc39 100644 --- a/csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml +++ b/csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml @@ -4,7 +4,7 @@ extensions: extensible: sinkModel data: # "namespace", "type", "overrides", "name", "signature", "ext", "spec", "kind", "provenance" - - ["My.Qltest", "B", false, "Sink1", "(System.Object)", "", "Argument[0]", "code", "manual"] + - ["My.Qltest", "B", false, "Sink1", "(System.Object)", "", "Argument[0]", "code-injection", "manual"] - ["My.Qltest", "B", false, "SinkMethod", "()", "", "ReturnValue", "xss", "manual"] - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "ReturnValue", "html", "manual"] - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "Argument", "remote", "manual"] From b6d011b1873b82c0831b6369cba9292144e7fffc Mon Sep 17 00:00:00 2001 From: Jami Cogswell Date: Fri, 12 May 2023 15:41:47 -0400 Subject: [PATCH 412/870] C#: update 'sql' sink kind to 'sql-injection' --- csharp/ql/lib/ext/Dapper.model.yml | 110 +++++------ ...Microsoft.ApplicationBlocks.Data.model.yml | 56 +++--- .../Microsoft.EntityFrameworkCore.model.yml | 12 +- .../lib/ext/MySql.Data.MySqlClient.model.yml | 96 ++++----- .../ql/lib/ext/ServiceStack.OrmLite.model.yml | 184 +++++++++--------- .../ql/lib/ext/System.Data.Entity.model.yml | 18 +- .../ext/System.Data.EntityClient.model.yml | 6 +- csharp/ql/lib/ext/System.Data.Odbc.model.yml | 6 +- csharp/ql/lib/ext/System.Data.OleDb.model.yml | 6 +- .../ql/lib/ext/System.Data.SQLite.model.yml | 14 +- .../lib/ext/System.Data.SqlClient.model.yml | 12 +- .../ext/generated/dotnet_runtime.model.yml | 9 +- .../code/csharp/dataflow/ExternalFlow.qll | 2 +- .../security/dataflow/SqlInjectionQuery.qll | 2 +- .../dataflow/external-models/sinks.ext.yml | 2 +- .../EntityFramework/FlowSummaries.expected | 12 +- .../test/library-tests/frameworks/sql/Sql1.ql | 2 +- 17 files changed, 273 insertions(+), 276 deletions(-) diff --git a/csharp/ql/lib/ext/Dapper.model.yml b/csharp/ql/lib/ext/Dapper.model.yml index e72f3b076a6..78e92bbf191 100644 --- a/csharp/ql/lib/ext/Dapper.model.yml +++ b/csharp/ql/lib/ext/Dapper.model.yml @@ -3,58 +3,58 @@ extensions: pack: codeql/csharp-all extensible: sinkModel data: - - ["Dapper", "SqlMapper", False, "Execute", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "ExecuteAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "ExecuteReader", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "ExecuteReaderAsync", "(System.Data.DbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "ExecuteReaderAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "ExecuteScalar", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "ExecuteScalar<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "ExecuteScalarAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "ExecuteScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "Query", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "Query", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable,System.Nullable)", "", "Argument[2]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "Query<,,,,,,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "Query<,,,,,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "Query<,,,,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "Query<,,,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "Query<,,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "Query<,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "Query<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "Query<>", "(System.Data.IDbConnection,System.String,System.Type[],System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable,System.Nullable)", "", "Argument[2]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryAsync<,,,,,,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryAsync<,,,,,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryAsync<,,,,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryAsync<,,,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryAsync<,,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryAsync<,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryAsync<>", "(System.Data.IDbConnection,System.String,System.Type[],System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryFirst", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryFirst", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[2]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryFirst<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryFirstAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryFirstAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[2]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryFirstAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryFirstOrDefault", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryFirstOrDefault", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[2]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryFirstOrDefault<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryFirstOrDefaultAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryFirstOrDefaultAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[2]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryFirstOrDefaultAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryMultiple", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QueryMultipleAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QuerySingle", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QuerySingle", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[2]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QuerySingle<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QuerySingleAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QuerySingleAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[2]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QuerySingleAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QuerySingleOrDefault", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QuerySingleOrDefault", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[2]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QuerySingleOrDefault<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QuerySingleOrDefaultAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QuerySingleOrDefaultAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[2]", "sql", "manual"] - - ["Dapper", "SqlMapper", False, "QuerySingleOrDefaultAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql", "manual"] + - ["Dapper", "SqlMapper", False, "Execute", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "ExecuteAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "ExecuteReader", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "ExecuteReaderAsync", "(System.Data.DbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "ExecuteReaderAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "ExecuteScalar", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "ExecuteScalar<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "ExecuteScalarAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "ExecuteScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "Query", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "Query", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable,System.Nullable)", "", "Argument[2]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "Query<,,,,,,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "Query<,,,,,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "Query<,,,,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "Query<,,,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "Query<,,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "Query<,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "Query<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "Query<>", "(System.Data.IDbConnection,System.String,System.Type[],System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable,System.Nullable)", "", "Argument[2]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryAsync<,,,,,,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryAsync<,,,,,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryAsync<,,,,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryAsync<,,,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryAsync<,,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryAsync<,,>", "(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryAsync<>", "(System.Data.IDbConnection,System.String,System.Type[],System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryFirst", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryFirst", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[2]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryFirst<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryFirstAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryFirstAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[2]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryFirstAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryFirstOrDefault", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryFirstOrDefault", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[2]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryFirstOrDefault<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryFirstOrDefaultAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryFirstOrDefaultAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[2]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryFirstOrDefaultAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryMultiple", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QueryMultipleAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QuerySingle", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QuerySingle", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[2]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QuerySingle<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QuerySingleAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QuerySingleAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[2]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QuerySingleAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QuerySingleOrDefault", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QuerySingleOrDefault", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[2]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QuerySingleOrDefault<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QuerySingleOrDefaultAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QuerySingleOrDefaultAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[2]", "sql-injection", "manual"] + - ["Dapper", "SqlMapper", False, "QuerySingleOrDefaultAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable)", "", "Argument[1]", "sql-injection", "manual"] diff --git a/csharp/ql/lib/ext/Microsoft.ApplicationBlocks.Data.model.yml b/csharp/ql/lib/ext/Microsoft.ApplicationBlocks.Data.model.yml index 5b5e2657bfd..0bb437b5b44 100644 --- a/csharp/ql/lib/ext/Microsoft.ApplicationBlocks.Data.model.yml +++ b/csharp/ql/lib/ext/Microsoft.ApplicationBlocks.Data.model.yml @@ -3,31 +3,31 @@ extensions: pack: codeql/csharp-all extensible: sinkModel data: - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.String,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.String,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.String,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.String,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.String,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.String,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.String,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.String,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteXmlReader", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteXmlReader", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteXmlReader", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"] - - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteXmlReader", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.String,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.String,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.String,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.String,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.String,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.String,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.String,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.String,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteXmlReader", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteXmlReader", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteXmlReader", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"] + - ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteXmlReader", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"] diff --git a/csharp/ql/lib/ext/Microsoft.EntityFrameworkCore.model.yml b/csharp/ql/lib/ext/Microsoft.EntityFrameworkCore.model.yml index 3928adf0624..61c1b20790c 100644 --- a/csharp/ql/lib/ext/Microsoft.EntityFrameworkCore.model.yml +++ b/csharp/ql/lib/ext/Microsoft.EntityFrameworkCore.model.yml @@ -3,9 +3,9 @@ extensions: pack: codeql/csharp-all extensible: sinkModel data: - - ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRaw", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql", "manual"] - - ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRaw", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Object[])", "", "Argument[1]", "sql", "manual"] - - ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRawAsync", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRawAsync", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Object[])", "", "Argument[1]", "sql", "manual"] - - ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRawAsync", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["Microsoft.EntityFrameworkCore", "RelationalQueryableExtensions", False, "FromSqlRaw<>", "(Microsoft.EntityFrameworkCore.DbSet,System.String,System.Object[])", "", "Argument[1]", "sql", "manual"] + - ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRaw", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql-injection", "manual"] + - ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRaw", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Object[])", "", "Argument[1]", "sql-injection", "manual"] + - ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRawAsync", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRawAsync", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Object[])", "", "Argument[1]", "sql-injection", "manual"] + - ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRawAsync", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["Microsoft.EntityFrameworkCore", "RelationalQueryableExtensions", False, "FromSqlRaw<>", "(Microsoft.EntityFrameworkCore.DbSet,System.String,System.Object[])", "", "Argument[1]", "sql-injection", "manual"] diff --git a/csharp/ql/lib/ext/MySql.Data.MySqlClient.model.yml b/csharp/ql/lib/ext/MySql.Data.MySqlClient.model.yml index 70d849e122a..2e1c75b0873 100644 --- a/csharp/ql/lib/ext/MySql.Data.MySqlClient.model.yml +++ b/csharp/ql/lib/ext/MySql.Data.MySqlClient.model.yml @@ -3,51 +3,51 @@ extensions: pack: codeql/csharp-all extensible: sinkModel data: - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataRow", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataRowAsync", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataRowAsync", "(System.String,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataset", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataset", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataset", "(System.String,System.String)", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataset", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(System.String,System.String)", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(System.String,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(System.String,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQuery", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQuery", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQueryAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQueryAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQueryAsync", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQueryAsync", "(System.String,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReader", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReader", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReader", "(System.String,System.String)", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReader", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(System.String,System.String)", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(System.String,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(System.String,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalar", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalar", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalar", "(System.String,System.String)", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalar", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(System.String,System.String)", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(System.String,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(System.String,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "UpdateDataset", "(System.String,System.String,System.Data.DataSet,System.String)", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "UpdateDatasetAsync", "(System.String,System.String,System.Data.DataSet,System.String)", "", "Argument[1]", "sql", "manual"] - - ["MySql.Data.MySqlClient", "MySqlHelper", False, "UpdateDatasetAsync", "(System.String,System.String,System.Data.DataSet,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataRow", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataRowAsync", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataRowAsync", "(System.String,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataset", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataset", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataset", "(System.String,System.String)", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataset", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(System.String,System.String)", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(System.String,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(System.String,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQuery", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQuery", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQueryAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQueryAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQueryAsync", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQueryAsync", "(System.String,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReader", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReader", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReader", "(System.String,System.String)", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReader", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(System.String,System.String)", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(System.String,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(System.String,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalar", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalar", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalar", "(System.String,System.String)", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalar", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(System.String,System.String)", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(System.String,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(System.String,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "UpdateDataset", "(System.String,System.String,System.Data.DataSet,System.String)", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "UpdateDatasetAsync", "(System.String,System.String,System.Data.DataSet,System.String)", "", "Argument[1]", "sql-injection", "manual"] + - ["MySql.Data.MySqlClient", "MySqlHelper", False, "UpdateDatasetAsync", "(System.String,System.String,System.Data.DataSet,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] diff --git a/csharp/ql/lib/ext/ServiceStack.OrmLite.model.yml b/csharp/ql/lib/ext/ServiceStack.OrmLite.model.yml index ea7634bc244..3d6148c330f 100644 --- a/csharp/ql/lib/ext/ServiceStack.OrmLite.model.yml +++ b/csharp/ql/lib/ext/ServiceStack.OrmLite.model.yml @@ -3,95 +3,95 @@ extensions: pack: codeql/csharp-all extensible: sinkModel data: - - ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeAnd", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"] - - ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeFrom", "(System.String)", "", "Argument[0]", "sql", "manual"] - - ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeOr", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"] - - ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeSelect", "(System.String)", "", "Argument[0]", "sql", "manual"] - - ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeWhere", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Column<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Column<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnDistinct<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnDistinct<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnLazy<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnLazy<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Dictionary<,>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ExecuteNonQuery", "(System.Data.IDbConnection,System.String)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ExecuteNonQuery", "(System.Data.IDbConnection,System.String,System.Action)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ExecuteNonQuery", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ExecuteNonQuery", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Exists<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "KeyValuePairs", "(System.Data.IDbConnection,System.String,System.System.Object)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Lookup<,>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Lookup<,>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Scalar<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Scalar<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.String)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.Type,System.String,System.Object)", "", "Argument[2]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SelectLazy<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SelectNonDefaults<>", "(System.Data.IDbConnection,System.String,T)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Single<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Single<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlColumn<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlColumn<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlColumn<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<>", "(System.Data.IDbConnection,System.String,System.Action)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlScalar<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlScalar<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlScalar<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnDistinctAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnDistinctAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "DictionaryAsync<,>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ExecuteNonQueryAsync", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ExecuteNonQueryAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ExecuteNonQueryAsync", "(System.Data.IDbConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ExistsAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "KeyValuePairsAsync<,>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "KeyValuePairsAsync<,>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "LookupAsync<,>", "(System.Data.IDbCommand,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "LookupAsync<,>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "LookupAsync<,>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[2]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectNonDefaultsAsync<>", "(System.Data.IDbConnection,System.String,T,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SingleAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SingleAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<>", "(System.Data.IDbConnection,System.String,System.Action,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadExpressionsApi", False, "RowCount", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadExpressionsApi", False, "RowCount", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteReadExpressionsApiAsync", False, "RowCountAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteWriteApi", False, "ExecuteSql", "(System.Data.IDbConnection,System.String)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteWriteApi", False, "ExecuteSql", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteWriteApi", False, "ExecuteSql", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteWriteApiAsync", False, "ExecuteSqlAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "OrmLiteWriteApiAsync", False, "ExecuteSqlAsync", "(System.Data.IDbConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"] - - ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeAnd", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"] - - ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeFrom", "(System.String)", "", "Argument[0]", "sql", "manual"] - - ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeGroupBy", "(System.String)", "", "Argument[0]", "sql", "manual"] - - ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeHaving", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"] - - ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeOr", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"] - - ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeOrderBy", "(System.String)", "", "Argument[0]", "sql", "manual"] - - ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeSelect", "(System.String)", "", "Argument[0]", "sql", "manual"] - - ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeSelect", "(System.String,System.Boolean)", "", "Argument[0]", "sql", "manual"] - - ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeWhere", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"] + - ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeAnd", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeFrom", "(System.String)", "", "Argument[0]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeOr", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeSelect", "(System.String)", "", "Argument[0]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeWhere", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Column<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Column<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnDistinct<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnDistinct<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnLazy<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnLazy<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Dictionary<,>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ExecuteNonQuery", "(System.Data.IDbConnection,System.String)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ExecuteNonQuery", "(System.Data.IDbConnection,System.String,System.Action)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ExecuteNonQuery", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ExecuteNonQuery", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Exists<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "KeyValuePairs", "(System.Data.IDbConnection,System.String,System.System.Object)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Lookup<,>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Lookup<,>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Scalar<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Scalar<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.String)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.Type,System.String,System.Object)", "", "Argument[2]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SelectLazy<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SelectNonDefaults<>", "(System.Data.IDbConnection,System.String,T)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Single<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Single<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlColumn<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlColumn<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlColumn<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<>", "(System.Data.IDbConnection,System.String,System.Action)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlScalar<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlScalar<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlScalar<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnDistinctAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnDistinctAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "DictionaryAsync<,>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ExecuteNonQueryAsync", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ExecuteNonQueryAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ExecuteNonQueryAsync", "(System.Data.IDbConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ExistsAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "KeyValuePairsAsync<,>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "KeyValuePairsAsync<,>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "LookupAsync<,>", "(System.Data.IDbCommand,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "LookupAsync<,>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "LookupAsync<,>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[2]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectNonDefaultsAsync<>", "(System.Data.IDbConnection,System.String,T,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SingleAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SingleAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<>", "(System.Data.IDbConnection,System.String,System.Action,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadExpressionsApi", False, "RowCount", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadExpressionsApi", False, "RowCount", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteReadExpressionsApiAsync", False, "RowCountAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteWriteApi", False, "ExecuteSql", "(System.Data.IDbConnection,System.String)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteWriteApi", False, "ExecuteSql", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteWriteApi", False, "ExecuteSql", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteWriteApiAsync", False, "ExecuteSqlAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "OrmLiteWriteApiAsync", False, "ExecuteSqlAsync", "(System.Data.IDbConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeAnd", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeFrom", "(System.String)", "", "Argument[0]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeGroupBy", "(System.String)", "", "Argument[0]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeHaving", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeOr", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeOrderBy", "(System.String)", "", "Argument[0]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeSelect", "(System.String)", "", "Argument[0]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeSelect", "(System.String,System.Boolean)", "", "Argument[0]", "sql-injection", "manual"] + - ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeWhere", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"] diff --git a/csharp/ql/lib/ext/System.Data.Entity.model.yml b/csharp/ql/lib/ext/System.Data.Entity.model.yml index 36eccd9b38d..3ce725b5e1f 100644 --- a/csharp/ql/lib/ext/System.Data.Entity.model.yml +++ b/csharp/ql/lib/ext/System.Data.Entity.model.yml @@ -3,12 +3,12 @@ extensions: pack: codeql/csharp-all extensible: sinkModel data: - - ["System.Data.Entity", "Database", False, "ExecuteSqlCommand", "(System.Data.Entity.TransactionalBehavior,System.String,System.Object[])", "", "Argument[1]", "sql", "manual"] - - ["System.Data.Entity", "Database", False, "ExecuteSqlCommand", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"] - - ["System.Data.Entity", "Database", False, "ExecuteSqlCommandAsync", "(System.Data.Entity.TransactionalBehavior,System.String,System.Object[])", "", "Argument[1]", "sql", "manual"] - - ["System.Data.Entity", "Database", False, "ExecuteSqlCommandAsync", "(System.Data.Entity.TransactionalBehavior,System.String,System.Threading.CancellationToken,System.Object[])", "", "Argument[1]", "sql", "manual"] - - ["System.Data.Entity", "Database", False, "ExecuteSqlCommandAsync", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"] - - ["System.Data.Entity", "Database", False, "ExecuteSqlCommandAsync", "(System.String,System.Threading.CancellationToken,System.Object[])", "", "Argument[0]", "sql", "manual"] - - ["System.Data.Entity", "Database", False, "SqlQuery", "(System.Type,System.String,System.Object[])", "", "Argument[1]", "sql", "manual"] - - ["System.Data.Entity", "Database", False, "SqlQuery<>", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"] - - ["System.Data.Entity", "DbSet", False, "SqlQuery", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"] + - ["System.Data.Entity", "Database", False, "ExecuteSqlCommand", "(System.Data.Entity.TransactionalBehavior,System.String,System.Object[])", "", "Argument[1]", "sql-injection", "manual"] + - ["System.Data.Entity", "Database", False, "ExecuteSqlCommand", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"] + - ["System.Data.Entity", "Database", False, "ExecuteSqlCommandAsync", "(System.Data.Entity.TransactionalBehavior,System.String,System.Object[])", "", "Argument[1]", "sql-injection", "manual"] + - ["System.Data.Entity", "Database", False, "ExecuteSqlCommandAsync", "(System.Data.Entity.TransactionalBehavior,System.String,System.Threading.CancellationToken,System.Object[])", "", "Argument[1]", "sql-injection", "manual"] + - ["System.Data.Entity", "Database", False, "ExecuteSqlCommandAsync", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"] + - ["System.Data.Entity", "Database", False, "ExecuteSqlCommandAsync", "(System.String,System.Threading.CancellationToken,System.Object[])", "", "Argument[0]", "sql-injection", "manual"] + - ["System.Data.Entity", "Database", False, "SqlQuery", "(System.Type,System.String,System.Object[])", "", "Argument[1]", "sql-injection", "manual"] + - ["System.Data.Entity", "Database", False, "SqlQuery<>", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"] + - ["System.Data.Entity", "DbSet", False, "SqlQuery", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"] diff --git a/csharp/ql/lib/ext/System.Data.EntityClient.model.yml b/csharp/ql/lib/ext/System.Data.EntityClient.model.yml index 16a24580647..39f3e35094c 100644 --- a/csharp/ql/lib/ext/System.Data.EntityClient.model.yml +++ b/csharp/ql/lib/ext/System.Data.EntityClient.model.yml @@ -3,6 +3,6 @@ extensions: pack: codeql/csharp-all extensible: sinkModel data: - - ["System.Data.EntityClient", "EntityCommand", False, "EntityCommand", "(System.String)", "", "Argument[0]", "sql", "manual"] - - ["System.Data.EntityClient", "EntityCommand", False, "EntityCommand", "(System.String,System.Data.EntityClient.EntityConnection)", "", "Argument[0]", "sql", "manual"] - - ["System.Data.EntityClient", "EntityCommand", False, "EntityCommand", "(System.String,System.Data.EntityClient.EntityConnection,System.Data.EntityClient.EntityTransaction)", "", "Argument[0]", "sql", "manual"] + - ["System.Data.EntityClient", "EntityCommand", False, "EntityCommand", "(System.String)", "", "Argument[0]", "sql-injection", "manual"] + - ["System.Data.EntityClient", "EntityCommand", False, "EntityCommand", "(System.String,System.Data.EntityClient.EntityConnection)", "", "Argument[0]", "sql-injection", "manual"] + - ["System.Data.EntityClient", "EntityCommand", False, "EntityCommand", "(System.String,System.Data.EntityClient.EntityConnection,System.Data.EntityClient.EntityTransaction)", "", "Argument[0]", "sql-injection", "manual"] diff --git a/csharp/ql/lib/ext/System.Data.Odbc.model.yml b/csharp/ql/lib/ext/System.Data.Odbc.model.yml index d1f6a24d5fc..0648bb0bbd0 100644 --- a/csharp/ql/lib/ext/System.Data.Odbc.model.yml +++ b/csharp/ql/lib/ext/System.Data.Odbc.model.yml @@ -3,6 +3,6 @@ extensions: pack: codeql/csharp-all extensible: sinkModel data: - - ["System.Data.Odbc", "OdbcCommand", False, "OdbcCommand", "(System.String)", "", "Argument[0]", "sql", "manual"] - - ["System.Data.Odbc", "OdbcCommand", False, "OdbcCommand", "(System.String,System.Data.Odbc.OdbcConnection)", "", "Argument[0]", "sql", "manual"] - - ["System.Data.Odbc", "OdbcCommand", False, "OdbcCommand", "(System.String,System.Data.Odbc.OdbcConnection,System.Data.Odbc.OdbcTransaction)", "", "Argument[0]", "sql", "manual"] + - ["System.Data.Odbc", "OdbcCommand", False, "OdbcCommand", "(System.String)", "", "Argument[0]", "sql-injection", "manual"] + - ["System.Data.Odbc", "OdbcCommand", False, "OdbcCommand", "(System.String,System.Data.Odbc.OdbcConnection)", "", "Argument[0]", "sql-injection", "manual"] + - ["System.Data.Odbc", "OdbcCommand", False, "OdbcCommand", "(System.String,System.Data.Odbc.OdbcConnection,System.Data.Odbc.OdbcTransaction)", "", "Argument[0]", "sql-injection", "manual"] diff --git a/csharp/ql/lib/ext/System.Data.OleDb.model.yml b/csharp/ql/lib/ext/System.Data.OleDb.model.yml index ebe3cc8b157..41e686537b8 100644 --- a/csharp/ql/lib/ext/System.Data.OleDb.model.yml +++ b/csharp/ql/lib/ext/System.Data.OleDb.model.yml @@ -3,6 +3,6 @@ extensions: pack: codeql/csharp-all extensible: sinkModel data: - - ["System.Data.OleDb", "OleDbCommand", False, "OleDbCommand", "(System.String)", "", "Argument[0]", "sql", "manual"] - - ["System.Data.OleDb", "OleDbCommand", False, "OleDbCommand", "(System.String,System.Data.OleDb.OleDbConnection)", "", "Argument[0]", "sql", "manual"] - - ["System.Data.OleDb", "OleDbCommand", False, "OleDbCommand", "(System.String,System.Data.OleDb.OleDbConnection,System.Data.OleDb.OleDbTransaction)", "", "Argument[0]", "sql", "manual"] + - ["System.Data.OleDb", "OleDbCommand", False, "OleDbCommand", "(System.String)", "", "Argument[0]", "sql-injection", "manual"] + - ["System.Data.OleDb", "OleDbCommand", False, "OleDbCommand", "(System.String,System.Data.OleDb.OleDbConnection)", "", "Argument[0]", "sql-injection", "manual"] + - ["System.Data.OleDb", "OleDbCommand", False, "OleDbCommand", "(System.String,System.Data.OleDb.OleDbConnection,System.Data.OleDb.OleDbTransaction)", "", "Argument[0]", "sql-injection", "manual"] diff --git a/csharp/ql/lib/ext/System.Data.SQLite.model.yml b/csharp/ql/lib/ext/System.Data.SQLite.model.yml index d6d1d70e608..e1cdb6a1a84 100644 --- a/csharp/ql/lib/ext/System.Data.SQLite.model.yml +++ b/csharp/ql/lib/ext/System.Data.SQLite.model.yml @@ -3,13 +3,13 @@ extensions: pack: codeql/csharp-all extensible: sinkModel data: - - ["System.Data.SQLite", "SQLiteCommand", False, "SQLiteCommand", "(System.String)", "", "Argument[0]", "sql", "manual"] - - ["System.Data.SQLite", "SQLiteCommand", False, "SQLiteCommand", "(System.String,System.Data.SQLite.SQLiteConnection)", "", "Argument[0]", "sql", "manual"] - - ["System.Data.SQLite", "SQLiteCommand", False, "SQLiteCommand", "(System.String,System.Data.SQLite.SQLiteConnection,System.Data.SQLite.SQLiteTransaction)", "", "Argument[0]", "sql", "manual"] - - ["System.Data.SQLite", "SQLiteDataAdapter", False, "SQLiteDataAdapter", "(System.Data.SQLite.SQLiteCommand)", "", "Argument[0]", "sql", "manual"] - - ["System.Data.SQLite", "SQLiteDataAdapter", False, "SQLiteDataAdapter", "(System.String,System.Data.SQLite.SQLiteConnection)", "", "Argument[0]", "sql", "manual"] - - ["System.Data.SQLite", "SQLiteDataAdapter", False, "SQLiteDataAdapter", "(System.String,System.String)", "", "Argument[0]", "sql", "manual"] - - ["System.Data.SQLite", "SQLiteDataAdapter", False, "SQLiteDataAdapter", "(System.String,System.String,System.Boolean)", "", "Argument[0]", "sql", "manual"] + - ["System.Data.SQLite", "SQLiteCommand", False, "SQLiteCommand", "(System.String)", "", "Argument[0]", "sql-injection", "manual"] + - ["System.Data.SQLite", "SQLiteCommand", False, "SQLiteCommand", "(System.String,System.Data.SQLite.SQLiteConnection)", "", "Argument[0]", "sql-injection", "manual"] + - ["System.Data.SQLite", "SQLiteCommand", False, "SQLiteCommand", "(System.String,System.Data.SQLite.SQLiteConnection,System.Data.SQLite.SQLiteTransaction)", "", "Argument[0]", "sql-injection", "manual"] + - ["System.Data.SQLite", "SQLiteDataAdapter", False, "SQLiteDataAdapter", "(System.Data.SQLite.SQLiteCommand)", "", "Argument[0]", "sql-injection", "manual"] + - ["System.Data.SQLite", "SQLiteDataAdapter", False, "SQLiteDataAdapter", "(System.String,System.Data.SQLite.SQLiteConnection)", "", "Argument[0]", "sql-injection", "manual"] + - ["System.Data.SQLite", "SQLiteDataAdapter", False, "SQLiteDataAdapter", "(System.String,System.String)", "", "Argument[0]", "sql-injection", "manual"] + - ["System.Data.SQLite", "SQLiteDataAdapter", False, "SQLiteDataAdapter", "(System.String,System.String,System.Boolean)", "", "Argument[0]", "sql-injection", "manual"] - addsTo: pack: codeql/csharp-all extensible: summaryModel diff --git a/csharp/ql/lib/ext/System.Data.SqlClient.model.yml b/csharp/ql/lib/ext/System.Data.SqlClient.model.yml index 2040e0f9798..211fe1faa84 100644 --- a/csharp/ql/lib/ext/System.Data.SqlClient.model.yml +++ b/csharp/ql/lib/ext/System.Data.SqlClient.model.yml @@ -3,12 +3,12 @@ extensions: pack: codeql/csharp-all extensible: sinkModel data: - - ["System.Data.SqlClient", "SqlCommand", False, "SqlCommand", "(System.String)", "", "Argument[0]", "sql", "manual"] - - ["System.Data.SqlClient", "SqlCommand", False, "SqlCommand", "(System.String,System.Data.SqlClient.SqlConnection)", "", "Argument[0]", "sql", "manual"] - - ["System.Data.SqlClient", "SqlCommand", False, "SqlCommand", "(System.String,System.Data.SqlClient.SqlConnection,System.Data.SqlClient.SqlTransaction)", "", "Argument[0]", "sql", "manual"] - - ["System.Data.SqlClient", "SqlDataAdapter", False, "SqlDataAdapter", "(System.Data.SqlClient.SqlCommand)", "", "Argument[0]", "sql", "manual"] - - ["System.Data.SqlClient", "SqlDataAdapter", False, "SqlDataAdapter", "(System.String,System.Data.SqlClient.SqlConnection)", "", "Argument[0]", "sql", "manual"] - - ["System.Data.SqlClient", "SqlDataAdapter", False, "SqlDataAdapter", "(System.String,System.String)", "", "Argument[0]", "sql", "manual"] + - ["System.Data.SqlClient", "SqlCommand", False, "SqlCommand", "(System.String)", "", "Argument[0]", "sql-injection", "manual"] + - ["System.Data.SqlClient", "SqlCommand", False, "SqlCommand", "(System.String,System.Data.SqlClient.SqlConnection)", "", "Argument[0]", "sql-injection", "manual"] + - ["System.Data.SqlClient", "SqlCommand", False, "SqlCommand", "(System.String,System.Data.SqlClient.SqlConnection,System.Data.SqlClient.SqlTransaction)", "", "Argument[0]", "sql-injection", "manual"] + - ["System.Data.SqlClient", "SqlDataAdapter", False, "SqlDataAdapter", "(System.Data.SqlClient.SqlCommand)", "", "Argument[0]", "sql-injection", "manual"] + - ["System.Data.SqlClient", "SqlDataAdapter", False, "SqlDataAdapter", "(System.String,System.Data.SqlClient.SqlConnection)", "", "Argument[0]", "sql-injection", "manual"] + - ["System.Data.SqlClient", "SqlDataAdapter", False, "SqlDataAdapter", "(System.String,System.String)", "", "Argument[0]", "sql-injection", "manual"] - addsTo: pack: codeql/csharp-all extensible: summaryModel diff --git a/csharp/ql/lib/ext/generated/dotnet_runtime.model.yml b/csharp/ql/lib/ext/generated/dotnet_runtime.model.yml index 6ec7a3cb93a..380c0df3391 100644 --- a/csharp/ql/lib/ext/generated/dotnet_runtime.model.yml +++ b/csharp/ql/lib/ext/generated/dotnet_runtime.model.yml @@ -7,8 +7,8 @@ extensions: pack: codeql/csharp-all extensible: sinkModel data: - - ["System.Data.Odbc", "OdbcDataAdapter", false, "OdbcDataAdapter", "(System.String,System.Data.Odbc.OdbcConnection)", "", "Argument[0]", "sql", "df-generated"] - - ["System.Data.Odbc", "OdbcDataAdapter", false, "OdbcDataAdapter", "(System.String,System.String)", "", "Argument[0]", "sql", "df-generated"] + - ["System.Data.Odbc", "OdbcDataAdapter", false, "OdbcDataAdapter", "(System.String,System.Data.Odbc.OdbcConnection)", "", "Argument[0]", "sql-injection", "df-generated"] + - ["System.Data.Odbc", "OdbcDataAdapter", false, "OdbcDataAdapter", "(System.String,System.String)", "", "Argument[0]", "sql-injection", "df-generated"] - ["System.Net.Http", "StringContent", false, "StringContent", "(System.String)", "", "Argument[0]", "xss", "df-generated"] - ["System.Net.Http", "StringContent", false, "StringContent", "(System.String,System.Text.Encoding)", "", "Argument[0]", "xss", "df-generated"] - ["System.Security.Cryptography", "AesCryptoServiceProvider", false, "CreateDecryptor", "(System.Byte[],System.Byte[])", "", "Argument[0]", "encryption-decryptor", "df-generated"] @@ -34,7 +34,7 @@ extensions: - ["System.Security.Cryptography", "TripleDESCryptoServiceProvider", false, "CreateEncryptor", "(System.Byte[],System.Byte[])", "", "Argument[0]", "encryption-encryptor", "df-generated"] - ["System.Security.Cryptography", "TripleDESCryptoServiceProvider", false, "set_Key", "(System.Byte[])", "", "Argument[0]", "encryption-keyprop", "df-generated"] - + - addsTo: @@ -51946,6 +51946,3 @@ extensions: - ["System", "WeakReference<>", "TryGetTarget", "(T)", "summary", "df-generated"] - ["System", "WeakReference<>", "WeakReference", "(T)", "summary", "df-generated"] - ["System", "WeakReference<>", "WeakReference", "(T,System.Boolean)", "summary", "df-generated"] - - - \ No newline at end of file diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll index 3241a8b690c..1583ba09c69 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll @@ -211,7 +211,7 @@ module ModelValidation { ) or exists(string kind | sinkModel(_, _, _, _, _, _, _, kind, _) | - not kind = ["code-injection", "sql", "xss", "remote", "html"] and + not kind = ["code-injection", "sql-injection", "xss", "remote", "html"] and not kind.matches("encryption-%") and result = "Invalid kind \"" + kind + "\" in sink model." ) diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll index 3cac542cb36..61b2491753a 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll @@ -78,7 +78,7 @@ class SqlInjectionExprSink extends Sink { /** SQL sinks defined through CSV models. */ private class ExternalSqlInjectionExprSink extends Sink { - ExternalSqlInjectionExprSink() { sinkNode(this, "sql") } + ExternalSqlInjectionExprSink() { sinkNode(this, "sql-injection") } } private class SimpleTypeSanitizer extends Sanitizer, SimpleTypeSanitizedExpr { } diff --git a/csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml b/csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml index 85590cecc39..d151edd25b9 100644 --- a/csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml +++ b/csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml @@ -8,4 +8,4 @@ extensions: - ["My.Qltest", "B", false, "SinkMethod", "()", "", "ReturnValue", "xss", "manual"] - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "ReturnValue", "html", "manual"] - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "Argument", "remote", "manual"] - - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "", "sql", "manual"] + - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "", "sql-injection", "manual"] diff --git a/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.expected b/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.expected index 2d5a35839fb..dca27b3075a 100644 --- a/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.expected +++ b/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.expected @@ -134,9 +134,9 @@ summary neutral sourceNode sinkNode -| EntityFrameworkCore.cs:72:36:72:40 | "sql" | sql | -| EntityFrameworkCore.cs:73:40:73:44 | "sql" | sql | -| EntityFrameworkCore.cs:74:40:74:44 | "sql" | sql | -| EntityFrameworkCore.cs:75:51:75:55 | "sql" | sql | -| EntityFrameworkCore.cs:76:51:76:55 | "sql" | sql | -| EntityFrameworkCore.cs:77:51:77:55 | "sql" | sql | +| EntityFrameworkCore.cs:72:36:72:40 | "sql-injection" | sql | +| EntityFrameworkCore.cs:73:40:73:44 | "sql-injection" | sql | +| EntityFrameworkCore.cs:74:40:74:44 | "sql-injection" | sql | +| EntityFrameworkCore.cs:75:51:75:55 | "sql-injection" | sql | +| EntityFrameworkCore.cs:76:51:76:55 | "sql-injection" | sql | +| EntityFrameworkCore.cs:77:51:77:55 | "sql-injection" | sql | diff --git a/csharp/ql/test/library-tests/frameworks/sql/Sql1.ql b/csharp/ql/test/library-tests/frameworks/sql/Sql1.ql index 9f25014662f..944d4180992 100644 --- a/csharp/ql/test/library-tests/frameworks/sql/Sql1.ql +++ b/csharp/ql/test/library-tests/frameworks/sql/Sql1.ql @@ -7,7 +7,7 @@ query predicate sqlExpressions(SqlExpr se, Expr e) { se.getSql() = e } query predicate sqlCsvSinks(Element p, Expr e) { p = e.getParent() and exists(Node n | - sinkNode(n, "sql") and + sinkNode(n, "sql-injection") and n.asExpr() = e ) } From f76563d6e9fdc448cb0ed7cff2ab3409069a670d Mon Sep 17 00:00:00 2001 From: Jami Cogswell Date: Tue, 16 May 2023 13:17:54 -0400 Subject: [PATCH 413/870] C#: update some test cases --- .../dataflow/external-models/sinks.expected | 4 ++-- .../EntityFramework/FlowSummaries.expected | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/csharp/ql/test/library-tests/dataflow/external-models/sinks.expected b/csharp/ql/test/library-tests/dataflow/external-models/sinks.expected index c9b9406a10a..870989a8711 100644 --- a/csharp/ql/test/library-tests/dataflow/external-models/sinks.expected +++ b/csharp/ql/test/library-tests/dataflow/external-models/sinks.expected @@ -1,8 +1,8 @@ invalidModelRow #select -| Sinks.cs:8:19:8:22 | access to local variable arg1 | code | +| Sinks.cs:8:19:8:22 | access to local variable arg1 | code-injection | | Sinks.cs:11:13:11:41 | this access | remote | | Sinks.cs:11:30:11:40 | access to local variable argToTagged | remote | -| Sinks.cs:14:27:14:36 | access to local variable fieldWrite | sql | +| Sinks.cs:14:27:14:36 | access to local variable fieldWrite | sql-injection | | Sinks.cs:20:20:20:22 | access to local variable res | xss | | Sinks.cs:27:20:27:25 | access to local variable resTag | html | diff --git a/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.expected b/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.expected index dca27b3075a..0e5784afa19 100644 --- a/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.expected +++ b/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.expected @@ -134,9 +134,9 @@ summary neutral sourceNode sinkNode -| EntityFrameworkCore.cs:72:36:72:40 | "sql-injection" | sql | -| EntityFrameworkCore.cs:73:40:73:44 | "sql-injection" | sql | -| EntityFrameworkCore.cs:74:40:74:44 | "sql-injection" | sql | -| EntityFrameworkCore.cs:75:51:75:55 | "sql-injection" | sql | -| EntityFrameworkCore.cs:76:51:76:55 | "sql-injection" | sql | -| EntityFrameworkCore.cs:77:51:77:55 | "sql-injection" | sql | +| EntityFrameworkCore.cs:72:36:72:40 | "sql" | sql-injection | +| EntityFrameworkCore.cs:73:40:73:44 | "sql" | sql-injection | +| EntityFrameworkCore.cs:74:40:74:44 | "sql" | sql-injection | +| EntityFrameworkCore.cs:75:51:75:55 | "sql" | sql-injection | +| EntityFrameworkCore.cs:76:51:76:55 | "sql" | sql-injection | +| EntityFrameworkCore.cs:77:51:77:55 | "sql" | sql-injection | From a0b502fa441fea7490c308d281470fbe87796451 Mon Sep 17 00:00:00 2001 From: Jami Cogswell Date: Tue, 16 May 2023 13:22:49 -0400 Subject: [PATCH 414/870] C#: update 'html' sink kind to 'html-injection' --- csharp/ql/lib/ext/System.Web.model.yml | 8 ++++---- .../ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll | 2 +- .../code/csharp/security/dataflow/flowsinks/Html.qll | 2 +- .../library-tests/dataflow/external-models/sinks.expected | 2 +- .../library-tests/dataflow/external-models/sinks.ext.yml | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/csharp/ql/lib/ext/System.Web.model.yml b/csharp/ql/lib/ext/System.Web.model.yml index 5cf065ec6dd..a2a7470ef8e 100644 --- a/csharp/ql/lib/ext/System.Web.model.yml +++ b/csharp/ql/lib/ext/System.Web.model.yml @@ -3,10 +3,10 @@ extensions: pack: codeql/csharp-all extensible: sinkModel data: - - ["System.Web", "HttpResponse", False, "BinaryWrite", "", "", "Argument[0]", "html", "manual"] - - ["System.Web", "HttpResponse", False, "TransmitFile", "", "", "Argument[0]", "html", "manual"] - - ["System.Web", "HttpResponse", False, "Write", "", "", "Argument[0]", "html", "manual"] - - ["System.Web", "HttpResponse", False, "WriteFile", "", "", "Argument[0]", "html", "manual"] + - ["System.Web", "HttpResponse", False, "BinaryWrite", "", "", "Argument[0]", "html-injection", "manual"] + - ["System.Web", "HttpResponse", False, "TransmitFile", "", "", "Argument[0]", "html-injection", "manual"] + - ["System.Web", "HttpResponse", False, "Write", "", "", "Argument[0]", "html-injection", "manual"] + - ["System.Web", "HttpResponse", False, "WriteFile", "", "", "Argument[0]", "html-injection", "manual"] - addsTo: pack: codeql/csharp-all extensible: summaryModel diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll index 1583ba09c69..f7a8743a195 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll @@ -211,7 +211,7 @@ module ModelValidation { ) or exists(string kind | sinkModel(_, _, _, _, _, _, _, kind, _) | - not kind = ["code-injection", "sql-injection", "xss", "remote", "html"] and + not kind = ["code-injection", "sql-injection", "xss", "remote", "html-injection"] and not kind.matches("encryption-%") and result = "Invalid kind \"" + kind + "\" in sink model." ) diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/Html.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/Html.qll index 8e83122e2bf..318e298ae1f 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/Html.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/Html.qll @@ -23,7 +23,7 @@ private import semmle.code.asp.AspNet abstract class HtmlSink extends DataFlow::ExprNode, RemoteFlowSink { } private class ExternalHtmlSink extends HtmlSink { - ExternalHtmlSink() { sinkNode(this, "html") } + ExternalHtmlSink() { sinkNode(this, "html-injection") } } /** diff --git a/csharp/ql/test/library-tests/dataflow/external-models/sinks.expected b/csharp/ql/test/library-tests/dataflow/external-models/sinks.expected index 870989a8711..693ef5c4b03 100644 --- a/csharp/ql/test/library-tests/dataflow/external-models/sinks.expected +++ b/csharp/ql/test/library-tests/dataflow/external-models/sinks.expected @@ -5,4 +5,4 @@ invalidModelRow | Sinks.cs:11:30:11:40 | access to local variable argToTagged | remote | | Sinks.cs:14:27:14:36 | access to local variable fieldWrite | sql-injection | | Sinks.cs:20:20:20:22 | access to local variable res | xss | -| Sinks.cs:27:20:27:25 | access to local variable resTag | html | +| Sinks.cs:27:20:27:25 | access to local variable resTag | html-injection | diff --git a/csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml b/csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml index d151edd25b9..eff3d52670a 100644 --- a/csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml +++ b/csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml @@ -6,6 +6,6 @@ extensions: # "namespace", "type", "overrides", "name", "signature", "ext", "spec", "kind", "provenance" - ["My.Qltest", "B", false, "Sink1", "(System.Object)", "", "Argument[0]", "code-injection", "manual"] - ["My.Qltest", "B", false, "SinkMethod", "()", "", "ReturnValue", "xss", "manual"] - - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "ReturnValue", "html", "manual"] + - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "ReturnValue", "html-injection", "manual"] - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "Argument", "remote", "manual"] - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "", "sql-injection", "manual"] From 74cd2407fbcdd510111ea89f80b0dbfc7fd02670 Mon Sep 17 00:00:00 2001 From: Jami Cogswell Date: Tue, 16 May 2023 13:32:29 -0400 Subject: [PATCH 415/870] C#: update 'xss' sink kind to 'js-injection' --- csharp/ql/lib/ext/System.Net.Http.model.yml | 2 +- csharp/ql/lib/ext/generated/dotnet_runtime.model.yml | 4 ++-- csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll | 2 +- .../ql/lib/semmle/code/csharp/security/dataflow/XSSSinks.qll | 2 +- .../library-tests/dataflow/external-models/sinks.expected | 2 +- .../test/library-tests/dataflow/external-models/sinks.ext.yml | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/csharp/ql/lib/ext/System.Net.Http.model.yml b/csharp/ql/lib/ext/System.Net.Http.model.yml index 0eafc30988a..4b5f4d193e7 100644 --- a/csharp/ql/lib/ext/System.Net.Http.model.yml +++ b/csharp/ql/lib/ext/System.Net.Http.model.yml @@ -3,7 +3,7 @@ extensions: pack: codeql/csharp-all extensible: sinkModel data: - - ["System.Net.Http", "StringContent", False, "StringContent", "", "", "Argument[0]", "xss", "manual"] + - ["System.Net.Http", "StringContent", False, "StringContent", "", "", "Argument[0]", "js-injection", "manual"] - addsTo: pack: codeql/csharp-all extensible: summaryModel diff --git a/csharp/ql/lib/ext/generated/dotnet_runtime.model.yml b/csharp/ql/lib/ext/generated/dotnet_runtime.model.yml index 380c0df3391..a5dc7699795 100644 --- a/csharp/ql/lib/ext/generated/dotnet_runtime.model.yml +++ b/csharp/ql/lib/ext/generated/dotnet_runtime.model.yml @@ -9,8 +9,8 @@ extensions: data: - ["System.Data.Odbc", "OdbcDataAdapter", false, "OdbcDataAdapter", "(System.String,System.Data.Odbc.OdbcConnection)", "", "Argument[0]", "sql-injection", "df-generated"] - ["System.Data.Odbc", "OdbcDataAdapter", false, "OdbcDataAdapter", "(System.String,System.String)", "", "Argument[0]", "sql-injection", "df-generated"] - - ["System.Net.Http", "StringContent", false, "StringContent", "(System.String)", "", "Argument[0]", "xss", "df-generated"] - - ["System.Net.Http", "StringContent", false, "StringContent", "(System.String,System.Text.Encoding)", "", "Argument[0]", "xss", "df-generated"] + - ["System.Net.Http", "StringContent", false, "StringContent", "(System.String)", "", "Argument[0]", "js-injection", "df-generated"] + - ["System.Net.Http", "StringContent", false, "StringContent", "(System.String,System.Text.Encoding)", "", "Argument[0]", "js-injection", "df-generated"] - ["System.Security.Cryptography", "AesCryptoServiceProvider", false, "CreateDecryptor", "(System.Byte[],System.Byte[])", "", "Argument[0]", "encryption-decryptor", "df-generated"] - ["System.Security.Cryptography", "AesCryptoServiceProvider", false, "CreateEncryptor", "(System.Byte[],System.Byte[])", "", "Argument[0]", "encryption-encryptor", "df-generated"] - ["System.Security.Cryptography", "AesCryptoServiceProvider", false, "set_Key", "(System.Byte[])", "", "Argument[0]", "encryption-keyprop", "df-generated"] diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll index f7a8743a195..a3d507ac69a 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll @@ -211,7 +211,7 @@ module ModelValidation { ) or exists(string kind | sinkModel(_, _, _, _, _, _, _, kind, _) | - not kind = ["code-injection", "sql-injection", "xss", "remote", "html-injection"] and + not kind = ["code-injection", "sql-injection", "js-injection", "remote", "html-injection"] and not kind.matches("encryption-%") and result = "Invalid kind \"" + kind + "\" in sink model." ) diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSSinks.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSSinks.qll index 0232d9462e2..65ac1687714 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSSinks.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSSinks.qll @@ -24,7 +24,7 @@ abstract class Sink extends DataFlow::ExprNode, RemoteFlowSink { } private class ExternalXssSink extends Sink { - ExternalXssSink() { sinkNode(this, "xss") } + ExternalXssSink() { sinkNode(this, "js-injection") } } private class HtmlSinkSink extends Sink instanceof HtmlSink { diff --git a/csharp/ql/test/library-tests/dataflow/external-models/sinks.expected b/csharp/ql/test/library-tests/dataflow/external-models/sinks.expected index 693ef5c4b03..ffafcaa9738 100644 --- a/csharp/ql/test/library-tests/dataflow/external-models/sinks.expected +++ b/csharp/ql/test/library-tests/dataflow/external-models/sinks.expected @@ -4,5 +4,5 @@ invalidModelRow | Sinks.cs:11:13:11:41 | this access | remote | | Sinks.cs:11:30:11:40 | access to local variable argToTagged | remote | | Sinks.cs:14:27:14:36 | access to local variable fieldWrite | sql-injection | -| Sinks.cs:20:20:20:22 | access to local variable res | xss | +| Sinks.cs:20:20:20:22 | access to local variable res | js-injection | | Sinks.cs:27:20:27:25 | access to local variable resTag | html-injection | diff --git a/csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml b/csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml index eff3d52670a..f266d02c945 100644 --- a/csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml +++ b/csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml @@ -5,7 +5,7 @@ extensions: data: # "namespace", "type", "overrides", "name", "signature", "ext", "spec", "kind", "provenance" - ["My.Qltest", "B", false, "Sink1", "(System.Object)", "", "Argument[0]", "code-injection", "manual"] - - ["My.Qltest", "B", false, "SinkMethod", "()", "", "ReturnValue", "xss", "manual"] + - ["My.Qltest", "B", false, "SinkMethod", "()", "", "ReturnValue", "js-injection", "manual"] - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "ReturnValue", "html-injection", "manual"] - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "Argument", "remote", "manual"] - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "", "sql-injection", "manual"] From d3da5a7b28e7017affcc6947eb57e191f0fb30dd Mon Sep 17 00:00:00 2001 From: Jami Cogswell Date: Tue, 16 May 2023 13:34:06 -0400 Subject: [PATCH 416/870] C#: update cwe-sink.csv file --- csharp/documentation/library-coverage/cwe-sink.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/csharp/documentation/library-coverage/cwe-sink.csv b/csharp/documentation/library-coverage/cwe-sink.csv index e71e194a2ed..70f0034ecd3 100644 --- a/csharp/documentation/library-coverage/cwe-sink.csv +++ b/csharp/documentation/library-coverage/cwe-sink.csv @@ -1,2 +1,2 @@ CWE,Sink identifier,Label -CWE-079,html xss,Cross-site scripting \ No newline at end of file +CWE-079,html-injection js-injection,Cross-site scripting From 06a28f6221aa669cdbc4066c9e81daf8f37a403a Mon Sep 17 00:00:00 2001 From: Jami Cogswell Date: Tue, 16 May 2023 14:03:19 -0400 Subject: [PATCH 417/870] C#: update 'remote' sink kind to 'file-content-store' --- csharp/ql/lib/ext/ServiceStack.model.yml | 150 +++++++++--------- .../code/csharp/dataflow/ExternalFlow.qll | 3 +- .../flowsinks/ExternalLocationSink.qll | 2 +- .../dataflow/external-models/sinks.expected | 4 +- .../dataflow/external-models/sinks.ext.yml | 2 +- 5 files changed, 81 insertions(+), 80 deletions(-) diff --git a/csharp/ql/lib/ext/ServiceStack.model.yml b/csharp/ql/lib/ext/ServiceStack.model.yml index 988c7f3b8f9..19188e5eeb5 100644 --- a/csharp/ql/lib/ext/ServiceStack.model.yml +++ b/csharp/ql/lib/ext/ServiceStack.model.yml @@ -3,81 +3,81 @@ extensions: pack: codeql/csharp-all extensible: sinkModel data: - - ["ServiceStack", "IOneWayClient", True, "SendAllOneWay", "(System.Collections.Generic.IEnumerable)", "", "Argument[1].Element", "remote", "manual"] - - ["ServiceStack", "IOneWayClient", True, "SendOneWay", "(System.Object)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IOneWayClient", True, "SendOneWay", "(System.String,System.Object)", "", "Argument[1]", "remote", "manual"] - - ["ServiceStack", "IRestClient", True, "Patch<>", "(System.String,System.Object)", "", "Argument[1]", "remote", "manual"] - - ["ServiceStack", "IRestClient", True, "Post<>", "(System.String,System.Object)", "", "Argument[1]", "remote", "manual"] - - ["ServiceStack", "IRestClient", True, "Put<>", "(System.String,System.Object)", "", "Argument[1]", "remote", "manual"] - - ["ServiceStack", "IRestClient", True, "Send<>", "(System.String,System.String,System.Object)", "", "Argument[2]", "remote", "manual"] - - ["ServiceStack", "IRestClientAsync", True, "CustomMethodAsync", "(System.String,ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[1]", "remote", "manual"] - - ["ServiceStack", "IRestClientAsync", True, "CustomMethodAsync<>", "(System.String,ServiceStack.IReturn,System.Threading.CancellationToken)", "", "Argument[1]", "remote", "manual"] - - ["ServiceStack", "IRestClientAsync", True, "CustomMethodAsync<>", "(System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "remote", "manual"] - - ["ServiceStack", "IRestClientAsync", True, "DeleteAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientAsync", True, "DeleteAsync<>", "(ServiceStack.IReturn,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientAsync", True, "DeleteAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientAsync", True, "GetAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientAsync", True, "GetAsync<>", "(ServiceStack.IReturn,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientAsync", True, "GetAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientAsync", True, "PatchAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientAsync", True, "PatchAsync<>", "(ServiceStack.IReturn,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientAsync", True, "PatchAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientAsync", True, "PostAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientAsync", True, "PostAsync<>", "(ServiceStack.IReturn,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientAsync", True, "PostAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientAsync", True, "PutAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientAsync", True, "PutAsync<>", "(ServiceStack.IReturn,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientAsync", True, "PutAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientSync", True, "CustomMethod", "(System.String,ServiceStack.IReturnVoid)", "", "Argument[1]", "remote", "manual"] - - ["ServiceStack", "IRestClientSync", True, "CustomMethod<>", "(System.String,ServiceStack.IReturn)", "", "Argument[1]", "remote", "manual"] - - ["ServiceStack", "IRestClientSync", True, "CustomMethod<>", "(System.String,System.Object)", "", "Argument[1]", "remote", "manual"] - - ["ServiceStack", "IRestClientSync", True, "Delete", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientSync", True, "Delete<>", "(ServiceStack.IReturn)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientSync", True, "Delete<>", "(System.Object)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientSync", True, "Get", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientSync", True, "Get<>", "(ServiceStack.IReturn)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientSync", True, "Get<>", "(System.Object)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientSync", True, "Patch", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientSync", True, "Patch<>", "(ServiceStack.IReturn)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientSync", True, "Patch<>", "(System.Object)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientSync", True, "Post", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientSync", True, "Post<>", "(ServiceStack.IReturn)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientSync", True, "Post<>", "(System.Object)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientSync", True, "Put", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientSync", True, "Put<>", "(ServiceStack.IReturn)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestClientSync", True, "Put<>", "(System.Object)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestGateway", True, "Delete<>", "(ServiceStack.IReturn)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestGateway", True, "Get<>", "(ServiceStack.IReturn)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestGateway", True, "Post<>", "(ServiceStack.IReturn)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestGateway", True, "Put<>", "(ServiceStack.IReturn)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestGateway", True, "Send<>", "(ServiceStack.IReturn)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestGatewayAsync", True, "DeleteAsync<>", "(ServiceStack.IReturn,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestGatewayAsync", True, "GetAsync<>", "(ServiceStack.IReturn,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestGatewayAsync", True, "PostAsync<>", "(ServiceStack.IReturn,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestGatewayAsync", True, "PutAsync<>", "(ServiceStack.IReturn,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IRestGatewayAsync", True, "SendAsync<>", "(ServiceStack.IReturn,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IServiceGateway", True, "Publish", "(System.Object)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IServiceGateway", True, "PublishAll", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "remote", "manual"] - - ["ServiceStack", "IServiceGateway", True, "Send<>", "(System.Object)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IServiceGateway", True, "SendAll<>", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "remote", "manual"] - - ["ServiceStack", "IServiceGatewayAsync", True, "PublishAllAsync", "(System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[0].Element", "remote", "manual"] - - ["ServiceStack", "IServiceGatewayAsync", True, "PublishAsync", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "IServiceGatewayAsync", True, "SendAllAsync<>", "(System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[0].Element", "remote", "manual"] - - ["ServiceStack", "IServiceGatewayAsync", True, "SendAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "ServiceClientBase", True, "CustomMethod", "(System.String,System.String,System.Object)", "", "Argument[2]", "remote", "manual"] - - ["ServiceStack", "ServiceClientBase", True, "CustomMethod<>", "(System.String,System.String,System.Object)", "", "Argument[2]", "remote", "manual"] - - ["ServiceStack", "ServiceClientBase", True, "CustomMethodAsync<>", "(System.String,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[2]", "remote", "manual"] - - ["ServiceStack", "ServiceClientBase", True, "Delete", "(System.Object)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "ServiceClientBase", True, "DownloadBytes", "(System.String,System.String,System.Object)", "", "Argument[2]", "remote", "manual"] - - ["ServiceStack", "ServiceClientBase", True, "DownloadBytesAsync", "(System.String,System.String,System.Object)", "", "Argument[2]", "remote", "manual"] - - ["ServiceStack", "ServiceClientBase", True, "Get", "(System.Object)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "ServiceClientBase", True, "Head", "(ServiceStack.IReturn)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "ServiceClientBase", True, "Head", "(System.Object)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "ServiceClientBase", True, "Patch", "(System.Object)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "ServiceClientBase", True, "Post", "(System.Object)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "ServiceClientBase", True, "Publish<>", "(ServiceStack.Messaging.IMessage)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "ServiceClientBase", True, "Publish<>", "(T)", "", "Argument[0]", "remote", "manual"] - - ["ServiceStack", "ServiceClientBase", True, "Put", "(System.Object)", "", "Argument[0]", "remote", "manual"] + - ["ServiceStack", "IOneWayClient", True, "SendAllOneWay", "(System.Collections.Generic.IEnumerable)", "", "Argument[1].Element", "file-content-store", "manual"] + - ["ServiceStack", "IOneWayClient", True, "SendOneWay", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IOneWayClient", True, "SendOneWay", "(System.String,System.Object)", "", "Argument[1]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClient", True, "Patch<>", "(System.String,System.Object)", "", "Argument[1]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClient", True, "Post<>", "(System.String,System.Object)", "", "Argument[1]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClient", True, "Put<>", "(System.String,System.Object)", "", "Argument[1]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClient", True, "Send<>", "(System.String,System.String,System.Object)", "", "Argument[2]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientAsync", True, "CustomMethodAsync", "(System.String,ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[1]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientAsync", True, "CustomMethodAsync<>", "(System.String,ServiceStack.IReturn,System.Threading.CancellationToken)", "", "Argument[1]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientAsync", True, "CustomMethodAsync<>", "(System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientAsync", True, "DeleteAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientAsync", True, "DeleteAsync<>", "(ServiceStack.IReturn,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientAsync", True, "DeleteAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientAsync", True, "GetAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientAsync", True, "GetAsync<>", "(ServiceStack.IReturn,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientAsync", True, "GetAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientAsync", True, "PatchAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientAsync", True, "PatchAsync<>", "(ServiceStack.IReturn,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientAsync", True, "PatchAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientAsync", True, "PostAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientAsync", True, "PostAsync<>", "(ServiceStack.IReturn,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientAsync", True, "PostAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientAsync", True, "PutAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientAsync", True, "PutAsync<>", "(ServiceStack.IReturn,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientAsync", True, "PutAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientSync", True, "CustomMethod", "(System.String,ServiceStack.IReturnVoid)", "", "Argument[1]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientSync", True, "CustomMethod<>", "(System.String,ServiceStack.IReturn)", "", "Argument[1]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientSync", True, "CustomMethod<>", "(System.String,System.Object)", "", "Argument[1]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientSync", True, "Delete", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientSync", True, "Delete<>", "(ServiceStack.IReturn)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientSync", True, "Delete<>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientSync", True, "Get", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientSync", True, "Get<>", "(ServiceStack.IReturn)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientSync", True, "Get<>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientSync", True, "Patch", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientSync", True, "Patch<>", "(ServiceStack.IReturn)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientSync", True, "Patch<>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientSync", True, "Post", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientSync", True, "Post<>", "(ServiceStack.IReturn)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientSync", True, "Post<>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientSync", True, "Put", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientSync", True, "Put<>", "(ServiceStack.IReturn)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestClientSync", True, "Put<>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestGateway", True, "Delete<>", "(ServiceStack.IReturn)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestGateway", True, "Get<>", "(ServiceStack.IReturn)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestGateway", True, "Post<>", "(ServiceStack.IReturn)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestGateway", True, "Put<>", "(ServiceStack.IReturn)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestGateway", True, "Send<>", "(ServiceStack.IReturn)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestGatewayAsync", True, "DeleteAsync<>", "(ServiceStack.IReturn,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestGatewayAsync", True, "GetAsync<>", "(ServiceStack.IReturn,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestGatewayAsync", True, "PostAsync<>", "(ServiceStack.IReturn,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestGatewayAsync", True, "PutAsync<>", "(ServiceStack.IReturn,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IRestGatewayAsync", True, "SendAsync<>", "(ServiceStack.IReturn,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IServiceGateway", True, "Publish", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IServiceGateway", True, "PublishAll", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "file-content-store", "manual"] + - ["ServiceStack", "IServiceGateway", True, "Send<>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IServiceGateway", True, "SendAll<>", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "file-content-store", "manual"] + - ["ServiceStack", "IServiceGatewayAsync", True, "PublishAllAsync", "(System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[0].Element", "file-content-store", "manual"] + - ["ServiceStack", "IServiceGatewayAsync", True, "PublishAsync", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "IServiceGatewayAsync", True, "SendAllAsync<>", "(System.Collections.Generic.IEnumerable,System.Threading.CancellationToken)", "", "Argument[0].Element", "file-content-store", "manual"] + - ["ServiceStack", "IServiceGatewayAsync", True, "SendAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "ServiceClientBase", True, "CustomMethod", "(System.String,System.String,System.Object)", "", "Argument[2]", "file-content-store", "manual"] + - ["ServiceStack", "ServiceClientBase", True, "CustomMethod<>", "(System.String,System.String,System.Object)", "", "Argument[2]", "file-content-store", "manual"] + - ["ServiceStack", "ServiceClientBase", True, "CustomMethodAsync<>", "(System.String,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[2]", "file-content-store", "manual"] + - ["ServiceStack", "ServiceClientBase", True, "Delete", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "ServiceClientBase", True, "DownloadBytes", "(System.String,System.String,System.Object)", "", "Argument[2]", "file-content-store", "manual"] + - ["ServiceStack", "ServiceClientBase", True, "DownloadBytesAsync", "(System.String,System.String,System.Object)", "", "Argument[2]", "file-content-store", "manual"] + - ["ServiceStack", "ServiceClientBase", True, "Get", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "ServiceClientBase", True, "Head", "(ServiceStack.IReturn)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "ServiceClientBase", True, "Head", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "ServiceClientBase", True, "Patch", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "ServiceClientBase", True, "Post", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "ServiceClientBase", True, "Publish<>", "(ServiceStack.Messaging.IMessage)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "ServiceClientBase", True, "Publish<>", "(T)", "", "Argument[0]", "file-content-store", "manual"] + - ["ServiceStack", "ServiceClientBase", True, "Put", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"] - addsTo: pack: codeql/csharp-all extensible: summaryModel diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll index a3d507ac69a..46a19828a81 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll @@ -211,7 +211,8 @@ module ModelValidation { ) or exists(string kind | sinkModel(_, _, _, _, _, _, _, kind, _) | - not kind = ["code-injection", "sql-injection", "js-injection", "remote", "html-injection"] and + not kind = + ["code-injection", "sql-injection", "js-injection", "html-injection", "file-content-store"] and not kind.matches("encryption-%") and result = "Invalid kind \"" + kind + "\" in sink model." ) diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/ExternalLocationSink.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/ExternalLocationSink.qll index 26b75f06269..df77a905281 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/ExternalLocationSink.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/ExternalLocationSink.qll @@ -19,7 +19,7 @@ private import semmle.code.csharp.dataflow.ExternalFlow abstract class ExternalLocationSink extends DataFlow::ExprNode { } private class ExternalModelSink extends ExternalLocationSink { - ExternalModelSink() { sinkNode(this, "remote") } + ExternalModelSink() { sinkNode(this, "file-content-store") } } /** diff --git a/csharp/ql/test/library-tests/dataflow/external-models/sinks.expected b/csharp/ql/test/library-tests/dataflow/external-models/sinks.expected index ffafcaa9738..3a4489dcb91 100644 --- a/csharp/ql/test/library-tests/dataflow/external-models/sinks.expected +++ b/csharp/ql/test/library-tests/dataflow/external-models/sinks.expected @@ -1,8 +1,8 @@ invalidModelRow #select | Sinks.cs:8:19:8:22 | access to local variable arg1 | code-injection | -| Sinks.cs:11:13:11:41 | this access | remote | -| Sinks.cs:11:30:11:40 | access to local variable argToTagged | remote | +| Sinks.cs:11:13:11:41 | this access | file-content-store | +| Sinks.cs:11:30:11:40 | access to local variable argToTagged | file-content-store | | Sinks.cs:14:27:14:36 | access to local variable fieldWrite | sql-injection | | Sinks.cs:20:20:20:22 | access to local variable res | js-injection | | Sinks.cs:27:20:27:25 | access to local variable resTag | html-injection | diff --git a/csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml b/csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml index f266d02c945..c44c1b4fd36 100644 --- a/csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml +++ b/csharp/ql/test/library-tests/dataflow/external-models/sinks.ext.yml @@ -7,5 +7,5 @@ extensions: - ["My.Qltest", "B", false, "Sink1", "(System.Object)", "", "Argument[0]", "code-injection", "manual"] - ["My.Qltest", "B", false, "SinkMethod", "()", "", "ReturnValue", "js-injection", "manual"] - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "ReturnValue", "html-injection", "manual"] - - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "Argument", "remote", "manual"] + - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "Argument", "file-content-store", "manual"] - ["My.Qltest", "SinkAttribute", false, "", "", "Attribute", "", "sql-injection", "manual"] From 588a62c3a4215a683721be7caf83c6ecb81cfeb8 Mon Sep 17 00:00:00 2001 From: Jami Cogswell Date: Tue, 16 May 2023 14:05:33 -0400 Subject: [PATCH 418/870] C#: update CaptureSinkModels test case --- .../modelgenerator/dataflow/CaptureSinkModels.expected | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/csharp/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.expected b/csharp/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.expected index e65a2ae7d4a..4a11cff39af 100644 --- a/csharp/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.expected +++ b/csharp/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.expected @@ -1,4 +1,4 @@ -| Sinks;NewSinks;false;WrapFieldResponseWriteFile;();;Argument[this];html;df-generated | -| Sinks;NewSinks;false;WrapPropResponseWriteFile;();;Argument[this];html;df-generated | -| Sinks;NewSinks;false;WrapResponseWrite;(System.Object);;Argument[0];html;df-generated | -| Sinks;NewSinks;false;WrapResponseWriteFile;(System.String);;Argument[0];html;df-generated | +| Sinks;NewSinks;false;WrapFieldResponseWriteFile;();;Argument[this];html-injection;df-generated | +| Sinks;NewSinks;false;WrapPropResponseWriteFile;();;Argument[this];html-injection;df-generated | +| Sinks;NewSinks;false;WrapResponseWrite;(System.Object);;Argument[0];html-injection;df-generated | +| Sinks;NewSinks;false;WrapResponseWriteFile;(System.String);;Argument[0];html-injection;df-generated | From 060a48571ae03a76bccd058f623d9fd7b83f2ce3 Mon Sep 17 00:00:00 2001 From: Alexandre Boulgakov Date: Tue, 16 May 2023 18:32:41 +0100 Subject: [PATCH 419/870] Swift: Emit diagnostics on assertion/expectation violations. --- swift/integration-tests/BUILD.bazel | 8 +++++ .../diagnostics_test_utils.py | 15 ++++---- swift/logging/SwiftAssert.h | 34 ++++++++++--------- .../assertion-diagnostics/AssertFalse.cpp | 12 +++++++ .../tests/assertion-diagnostics/BUILD.bazel | 25 ++++++++++++++ .../diagnostics.expected | 17 ++++++++++ .../tests/assertion-diagnostics/test.py | 15 ++++++++ 7 files changed, 104 insertions(+), 22 deletions(-) create mode 100644 swift/integration-tests/BUILD.bazel create mode 100644 swift/logging/tests/assertion-diagnostics/AssertFalse.cpp create mode 100644 swift/logging/tests/assertion-diagnostics/BUILD.bazel create mode 100644 swift/logging/tests/assertion-diagnostics/diagnostics.expected create mode 100644 swift/logging/tests/assertion-diagnostics/test.py diff --git a/swift/integration-tests/BUILD.bazel b/swift/integration-tests/BUILD.bazel new file mode 100644 index 00000000000..2fe1553da0e --- /dev/null +++ b/swift/integration-tests/BUILD.bazel @@ -0,0 +1,8 @@ +py_library( + name = "integration_tests", + srcs = [ + "create_database_utils.py", + "diagnostics_test_utils.py", + ], + visibility = ["//swift:__subpackages__"], +) diff --git a/swift/integration-tests/diagnostics_test_utils.py b/swift/integration-tests/diagnostics_test_utils.py index f89cc42b118..d3887e33b32 100644 --- a/swift/integration-tests/diagnostics_test_utils.py +++ b/swift/integration-tests/diagnostics_test_utils.py @@ -10,11 +10,12 @@ import os import difflib import sys - -def _normalize_actual(test_dir, database_dir): - proc = subprocess.run(['codeql', 'database', 'export-diagnostics', '--format', 'raw', '--', database_dir], +def _get_actual(database_dir): + return subprocess.run(['codeql', 'database', 'export-diagnostics', '--format', 'raw', '--', database_dir], stdout=subprocess.PIPE, universal_newlines=True, check=True, text=True) - data = proc.stdout.replace(str(test_dir.absolute()), "") + +def _normalize_actual(test_dir, data): + data = data.replace(str(test_dir.absolute()), "") data = json.loads(data) data[:] = [e for e in data if not e["source"]["id"].startswith("cli/")] for e in data: @@ -49,10 +50,12 @@ def _normalize_json(data): return "\n".join(entries) -def check_diagnostics(test_dir=".", test_db="db"): +def check_diagnostics(test_dir=".", test_db="db", actual = None): test_dir = pathlib.Path(test_dir) test_db = pathlib.Path(test_db) - actual = _normalize_actual(test_dir, test_db) + if actual is None: + actual = _get_actual(test_db).stdout + actual = _normalize_actual(test_dir, actual) if os.environ.get("CODEQL_INTEGRATION_TEST_LEARN") == "true": with open(test_dir / "diagnostics.expected", "w") as expected: expected.write(actual) diff --git a/swift/logging/SwiftAssert.h b/swift/logging/SwiftAssert.h index 9ffb3c5f860..c84294f40e2 100644 --- a/swift/logging/SwiftAssert.h +++ b/swift/logging/SwiftAssert.h @@ -4,26 +4,28 @@ #include "swift/logging/SwiftLogging.h" -// assert CONDITION, which is always evaluated (once) regardless of the build type. If -// CONDITION is not satisfied, emit a critical log optionally using provided format and arguments, -// abort the program +// Assert CONDITION, which is always evaluated (once) regardless of the build type. If +// CONDITION is not satisfied, emit a critical log and diagnostic optionally using provided format +// and arguments, and then abort the program. #define CODEQL_ASSERT(CONDITION, ...) \ - CODEQL_ASSERT_IMPL(CRITICAL, std::abort(), CONDITION, __VA_ARGS__) + CODEQL_ASSERT_IMPL(critical, std::abort(), CONDITION, __VA_ARGS__) -// If CONDITION is not satisfied, emit an error log optionally using provided format and arguments, -// but continue execution +// If CONDITION is not satisfied, emit an error log and diagnostic optionally using provided format +// and arguments, but continue execution #define CODEQL_EXPECT(CONDITION, ...) CODEQL_EXPECT_OR(void(), CONDITION, __VA_ARGS__) -// If CONDITION is not satisfied, emit an error log optionally using provided format and arguments, -// and execute ACTION (for example return) +// If CONDITION is not satisfied, emit an error log and diagnostic optionally using provided format +// and arguments, and execute ACTION (for example return) #define CODEQL_EXPECT_OR(ACTION, CONDITION, ...) \ - CODEQL_ASSERT_IMPL(ERROR, ACTION, CONDITION, __VA_ARGS__) + CODEQL_ASSERT_IMPL(error, ACTION, CONDITION, __VA_ARGS__) -#define CODEQL_ASSERT_IMPL(LEVEL, ACTION, CONDITION, ...) \ - do { \ - if (!(CONDITION)) { \ - [[unlikely]] LOG_##LEVEL("assertion failed on " #CONDITION ". " __VA_ARGS__); \ - codeql::Log::flush(); \ - ACTION; \ - } \ +#define CODEQL_ASSERT_IMPL(LEVEL, ACTION, CONDITION, ...) \ + do { \ + if (!(CONDITION)) { \ + [[unlikely]] DIAGNOSE_WITH_LEVEL(LEVEL, codeql::internalError, \ + "CodeQL encountered an unexpected internal error with the " \ + "following message:\n> Assertion failed: `" #CONDITION \ + "`. " __VA_ARGS__); \ + ACTION; \ + } \ } while (false) diff --git a/swift/logging/tests/assertion-diagnostics/AssertFalse.cpp b/swift/logging/tests/assertion-diagnostics/AssertFalse.cpp new file mode 100644 index 00000000000..fd82a4b4df1 --- /dev/null +++ b/swift/logging/tests/assertion-diagnostics/AssertFalse.cpp @@ -0,0 +1,12 @@ +#include "swift/logging/SwiftAssert.h" + +const std::string_view codeql::programName = "test"; + +static codeql::Logger& logger() { + static codeql::Logger ret{"main"}; + return ret; +} + +int main() { + CODEQL_ASSERT(false, "Format the int {} and string {} if this assertion fails", 1234, "myString"); +} diff --git a/swift/logging/tests/assertion-diagnostics/BUILD.bazel b/swift/logging/tests/assertion-diagnostics/BUILD.bazel new file mode 100644 index 00000000000..52c3125a567 --- /dev/null +++ b/swift/logging/tests/assertion-diagnostics/BUILD.bazel @@ -0,0 +1,25 @@ +load("//swift:rules.bzl", "swift_cc_binary") +load("//misc/bazel/cmake:cmake.bzl", "generate_cmake") + +swift_cc_binary( + name = "assert-false", + srcs = ["AssertFalse.cpp"], + visibility = ["//visibility:private"], + deps = [ + "//swift/logging", + ], +) + +py_test( + name = "test", + size = "small", + srcs = ["test.py"], + deps = ["//swift/integration-tests:integration_tests"], + data = [":assert-false", "diagnostics.expected"], +) + +generate_cmake( + name = "cmake", + targets = [":assert-false"], + visibility = ["//visibility:public"], +) diff --git a/swift/logging/tests/assertion-diagnostics/diagnostics.expected b/swift/logging/tests/assertion-diagnostics/diagnostics.expected new file mode 100644 index 00000000000..5762f9b3a8f --- /dev/null +++ b/swift/logging/tests/assertion-diagnostics/diagnostics.expected @@ -0,0 +1,17 @@ +{ + "helpLinks": [ + "" + ], + "markdownMessage": "CodeQL encountered an unexpected internal error with the following message:\n> Assertion failed: `false`. Format the int 1234 and string myString if this assertion fails.\n\nSome or all of the Swift analysis may have failed.\n\nIf the error persists, contact support, quoting the error message and describing what happened, or [open an issue in our open source repository][1].\n\n[1]: https://github.com/github/codeql/issues/new?labels=bug&template=ql---general.md", + "severity": "warning", + "source": { + "extractorName": "swift", + "id": "swift/test/internal-error", + "name": "Internal error" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": true, + "telemetry": true + } +} diff --git a/swift/logging/tests/assertion-diagnostics/test.py b/swift/logging/tests/assertion-diagnostics/test.py new file mode 100644 index 00000000000..d18cfe7dff9 --- /dev/null +++ b/swift/logging/tests/assertion-diagnostics/test.py @@ -0,0 +1,15 @@ +import importlib +import os +import subprocess +# We have to use importlib due to the '-' in the path +diagnostics_test_utils = importlib.import_module("swift.integration-tests.diagnostics_test_utils") + +test_dir = "swift/logging/tests/assertion-diagnostics" + +os.environ["CODEQL_EXTRACTOR_SWIFT_DIAGNOSTIC_DIR"] = "." +subprocess.run(os.path.join(test_dir, "assert-false")) + +with open(os.path.join("test", os.listdir("test")[0]), "r") as actual: + diagnostics_test_utils.check_diagnostics(test_dir=test_dir, + # Put the diagnostic in a JSON array + actual='[' + actual.read() + ']') From 7880e9e92c204137540560002bf74e5ee57b3627 Mon Sep 17 00:00:00 2001 From: Jami Cogswell Date: Fri, 12 May 2023 14:52:13 -0400 Subject: [PATCH 420/870] JS: update 'command-line-injection' sink kind to 'command-injection' --- .../customizing-library-models-for-javascript.rst | 6 +++--- .../security/dataflow/CommandInjectionCustomizations.qll | 2 +- .../ql/test/library-tests/DataExtensions/execa.model.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst b/docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst index d8a9e15faf5..d5cf4e0338e 100644 --- a/docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst +++ b/docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst @@ -53,7 +53,7 @@ Note that this sink is already recognized by the CodeQL JS analysis, but for thi pack: codeql/javascript-all extensible: sinkModel data: - - ["execa", "Member[shell].Argument[0]", "command-line-injection"] + - ["execa", "Member[shell].Argument[0]", "command-injection"] - Since we're adding a new sink, we add a tuple to the **sinkModel** extensible predicate. @@ -64,7 +64,7 @@ Note that this sink is already recognized by the CodeQL JS analysis, but for thi - **Member[shell]** selects accesses to the **shell** member of the **execa** package. - **Argument[0]** selects the first argument to calls to that member. -- **command-line-injection** indicates that this is considered a sink for the command injection query. +- **command-injection** indicates that this is considered a sink for the command injection query. Example: Taint sources from window 'message' events --------------------------------------------------- @@ -463,7 +463,7 @@ Sink kinds Unlike sources, sinks tend to be highly query-specific, rarely affecting more than one or two queries. Not every query supports customizable sinks. If the following sinks are not suitable for your use case, you should add a new query. - **code-injection**: A sink that can be used to inject code, such as in calls to **eval**. -- **command-line-injection**: A sink that can be used to inject shell commands, such as in calls to **child_process.spawn**. +- **command-injection**: A sink that can be used to inject shell commands, such as in calls to **child_process.spawn**. - **path-injection**: A sink that can be used for path injection in a file system access, such as in calls to **fs.readFile**. - **sql-injection**: A sink that can be used for SQL injection, such as in a MySQL **query** call. - **nosql-injection**: A sink that can be used for NoSQL injection, such as in a MongoDB **findOne** call. diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionCustomizations.qll index fee201c1d05..8581a5b0cb0 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionCustomizations.qll @@ -49,6 +49,6 @@ module CommandInjection { } private class SinkFromModel extends Sink { - SinkFromModel() { this = ModelOutput::getASinkNode("command-line-injection").asSink() } + SinkFromModel() { this = ModelOutput::getASinkNode("command-injection").asSink() } } } diff --git a/javascript/ql/test/library-tests/DataExtensions/execa.model.yml b/javascript/ql/test/library-tests/DataExtensions/execa.model.yml index 2516e1a7be8..f7e0f70c0bc 100644 --- a/javascript/ql/test/library-tests/DataExtensions/execa.model.yml +++ b/javascript/ql/test/library-tests/DataExtensions/execa.model.yml @@ -6,5 +6,5 @@ extensions: - [ "@example/execa", "Member[shell].Argument[0]", - "command-line-injection", + "command-injection", ] From 359f6ffd1ef86dea9f2354dd4204bae470596900 Mon Sep 17 00:00:00 2001 From: Jami Cogswell Date: Fri, 12 May 2023 15:12:53 -0400 Subject: [PATCH 421/870] JS: update 'credentials[%]' sink kind to 'credentials-%' --- .../semmle/javascript/frameworks/Credentials.qll | 2 +- .../javascript/frameworks/sequelize/model.json | 8 ++++---- .../javascript/frameworks/sequelize/model.yml | 16 ++++++++-------- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Credentials.qll b/javascript/ql/lib/semmle/javascript/frameworks/Credentials.qll index 21ecbc6d001..c1685f11cf4 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Credentials.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Credentials.qll @@ -46,7 +46,7 @@ module CredentialsExpr { private class CredentialsFromModel extends CredentialsNode { string kind; - CredentialsFromModel() { this = ModelOutput::getASinkNode("credentials[" + kind + "]").asSink() } + CredentialsFromModel() { this = ModelOutput::getASinkNode("credentials-" + kind).asSink() } override string getCredentialsKind() { result = CredentialsExpr::normalizeKind(kind) } } diff --git a/javascript/ql/lib/semmle/javascript/frameworks/sequelize/model.json b/javascript/ql/lib/semmle/javascript/frameworks/sequelize/model.json index 88568283605..62ad94b9ea0 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/sequelize/model.json +++ b/javascript/ql/lib/semmle/javascript/frameworks/sequelize/model.json @@ -19,10 +19,10 @@ "sequelize.Sequelize;Member[query].Argument[0].Member[query];sql-injection", "sequelize.Sequelize;Member[query].Argument[0];sql-injection", "sequelize.SequelizeStaticAndInstance;Member[asIs,literal].Argument[0];sql-injection", - "sequelize;Argument[0..].Member[password];credentials[password]", - "sequelize;Argument[0..].Member[username];credentials[username]", - "sequelize;Argument[1];credentials[username]", - "sequelize;Argument[2];credentials[password]" + "sequelize;Argument[0..].Member[password];credentials-password", + "sequelize;Argument[0..].Member[username];credentials-username", + "sequelize;Argument[1];credentials-username", + "sequelize;Argument[2];credentials-password" ], "typeDefinitions": [ "sequelize.Sequelize;sequelize-typescript.Sequelize;" diff --git a/javascript/ql/lib/semmle/javascript/frameworks/sequelize/model.yml b/javascript/ql/lib/semmle/javascript/frameworks/sequelize/model.yml index 41a97e63a76..b25152b3764 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/sequelize/model.yml +++ b/javascript/ql/lib/semmle/javascript/frameworks/sequelize/model.yml @@ -1,17 +1,17 @@ extensions: - - addsTo: + - addsTo: pack: codeql/javascript-all extensible: sinkModel data: - [sequelize.Sequelize, "Member[query].Argument[0].Member[query]", "sql-injection"] - [sequelize.Sequelize, "Member[query].Argument[0]", "sql-injection"] - [sequelize.SequelizeStaticAndInstance, "Member[asIs,literal].Argument[0]", "sql-injection"] - - [sequelize, "Argument[0..].Member[password]", "credentials[password]"] - - [sequelize, "Argument[0..].Member[username]", "credentials[username]"] - - [sequelize, "Argument[1]", "credentials[username]"] - - [sequelize, "Argument[2]", "credentials[password]"] + - [sequelize, "Argument[0..].Member[password]", "credentials-password"] + - [sequelize, "Argument[0..].Member[username]", "credentials-username"] + - [sequelize, "Argument[1]", "credentials-username"] + - [sequelize, "Argument[2]", "credentials-password"] - - addsTo: + - addsTo: pack: codeql/javascript-all extensible: typeModel data: @@ -264,7 +264,7 @@ extensions: - [sequelize.ThroughOptions, sequelize.AssociationOptionsBelongsToMany, "Member[through]"] - [sequelize.Utils, sequelize.SequelizeStaticAndInstance, "Member[Utils]"] - - addsTo: + - addsTo: pack: codeql/javascript-all extensible: summaryModel data: @@ -274,7 +274,7 @@ extensions: - [sequelize.Model, "", "", "Member[schema,scope,unscoped].ReturnValue", type] - [sequelize.Model, "", "", "Member[sync].ReturnValue.Awaited", type] - - addsTo: + - addsTo: pack: codeql/javascript-all extensible: typeVariableModel data: From 003bb2f6f50651cc5f8e8da28274b7a1310b3026 Mon Sep 17 00:00:00 2001 From: Jami Cogswell Date: Fri, 12 May 2023 15:20:03 -0400 Subject: [PATCH 422/870] JS: add change note --- .../ql/lib/change-notes/2023-05-12-update-js-sink-kinds.md | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 javascript/ql/lib/change-notes/2023-05-12-update-js-sink-kinds.md diff --git a/javascript/ql/lib/change-notes/2023-05-12-update-js-sink-kinds.md b/javascript/ql/lib/change-notes/2023-05-12-update-js-sink-kinds.md new file mode 100644 index 00000000000..9d215924623 --- /dev/null +++ b/javascript/ql/lib/change-notes/2023-05-12-update-js-sink-kinds.md @@ -0,0 +1,6 @@ +--- +category: minorAnalysis +--- +* Updated the following JavaScript sink kind names. Any custom data extensions that use these sink kinds will need to be updated accordingly in order to continue working. + * `command-line-injection` to `command-injection` + * `credentials[kind]` to `credentials-kind` From c599460a5257df5f61401f27fdcf7d51fcc7f8fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Tue, 16 May 2023 18:27:44 +0200 Subject: [PATCH 423/870] Change regexp to include released change-notes pattern --- .github/workflows/check-change-note.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/check-change-note.yml b/.github/workflows/check-change-note.yml index aa255d4cf5a..eab506fd52c 100644 --- a/.github/workflows/check-change-note.yml +++ b/.github/workflows/check-change-note.yml @@ -27,9 +27,9 @@ jobs: run: | gh api 'repos/${{github.repository}}/pulls/${{github.event.number}}/files' --paginate --jq 'any(.[].filename ; test("/change-notes/.*[.]md$"))' | grep true -c - - name: Fail if the change note filename doesn't match the expected format. The file name must be of the form 'YYYY-MM-DD.md' or 'YYYY-MM-DD-{title}.md', where '{title}' is arbitrary text. + - name: Fail if the change note filename doesn't match the expected format. The file name must be of the form 'YYYY-MM-DD.md', 'YYYY-MM-DD-{title}.md', where '{title}' is arbitrary text, or released/x.y.z.md for released change-notes env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - gh api 'repos/${{github.repository}}/pulls/${{github.event.number}}/files' --paginate --jq '[.[].filename | select(test("/change-notes/.*[.]md$"))] | all(test("/change-notes/[0-9]{4}-[0-9]{2}-[0-9]{2}.*[.]md$"))' | - grep true -c + gh api 'repos/${{github.repository}}/pulls/${{github.event.number}}/files' --paginate --jq '[.[].filename | select(test("/change-notes/.*[.]md$") or test("/change-notes/released/.*[.]md$"))] | all(test("/change-notes/[0-9]{4}-[0-9]{2}-[0-9]{2}.*[.]md$") or test("/change-notes/released/[0-9]*[.][0-9]*[.][0-9]*[.]md$"))' | + grep true -c From 480e71fd6912b089e5e0189c3c4650a32c397faa Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Wed, 17 May 2023 08:42:45 +0200 Subject: [PATCH 424/870] avoid contractions --- java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.qhelp | 4 ++-- javascript/ql/src/Performance/PolynomialReDoS.qhelp | 4 ++-- python/ql/src/Security/CWE-730/PolynomialReDoS.qhelp | 4 ++-- ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.qhelp | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.qhelp b/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.qhelp index 5ace22a8fd8..e0b8ea6108f 100644 --- a/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.qhelp +++ b/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.qhelp @@ -103,7 +103,7 @@ Pattern.compile("^\\s+|\\s+$").matcher(text).replaceAll("") // BAD

    - Sometimes it's unclear how a regular expression can be rewritten to + Sometimes it is unclear how a regular expression can be rewritten to avoid the problem. In such cases, it often suffices to limit the length of the input string. For instance, the following complicated regular expression is used to match numbers, and on some non-number @@ -114,7 +114,7 @@ Pattern.compile("^\\s+|\\s+$").matcher(text).replaceAll("") // BAD Pattern.matches("^(\\+|-)?(\\d+|(\\d*\\.\\d*))?(E|e)?([-+])?(\\d+)?$", str);

    - It's not immediately obvious how to rewrite this regular expression + It is not immediately obvious how to rewrite this regular expression to avoid the problem. However, it might be fine to limit the length to 1000 characters, which will always finish in a reasonable amount of time. diff --git a/javascript/ql/src/Performance/PolynomialReDoS.qhelp b/javascript/ql/src/Performance/PolynomialReDoS.qhelp index 4549d730324..b8c82c90ecb 100644 --- a/javascript/ql/src/Performance/PolynomialReDoS.qhelp +++ b/javascript/ql/src/Performance/PolynomialReDoS.qhelp @@ -103,7 +103,7 @@ text.replace(/^\s+|\s+$/g, ''); // BAD

    - Sometimes it's unclear how a regular expression can be rewritten to + Sometimes it is unclear how a regular expression can be rewritten to avoid the problem. In such cases, it often suffices to limit the length of the input string. For instance, the following complicated regular expression is used to match numbers, and on some non-number @@ -114,7 +114,7 @@ text.replace(/^\s+|\s+$/g, ''); // BAD /^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.test(str) // BAD

    - It's not immediately obvious how to rewrite this regular expression + It is not immediately obvious how to rewrite this regular expression to avoid the problem. However, it might be fine to limit the length to 1000 characters, which will always finish in a reasonable amount of time. diff --git a/python/ql/src/Security/CWE-730/PolynomialReDoS.qhelp b/python/ql/src/Security/CWE-730/PolynomialReDoS.qhelp index 201aadd1589..13ae7a1f3d3 100644 --- a/python/ql/src/Security/CWE-730/PolynomialReDoS.qhelp +++ b/python/ql/src/Security/CWE-730/PolynomialReDoS.qhelp @@ -103,7 +103,7 @@ re.sub(r"^\s+|\s+$", "", text) # BAD

    - Sometimes it's unclear how a regular expression can be rewritten to + Sometimes it is unclear how a regular expression can be rewritten to avoid the problem. In such cases, it often suffices to limit the length of the input string. For instance, the following complicated regular expression is used to match numbers, and on some non-number @@ -114,7 +114,7 @@ re.sub(r"^\s+|\s+$", "", text) # BAD match = re.search(r'^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$', str)

    - It's not immediately obvious how to rewrite this regular expression + It is not immediately obvious how to rewrite this regular expression to avoid the problem. However, it might be fine to limit the length to 1000 characters, which will always finish in a reasonable amount of time. diff --git a/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.qhelp b/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.qhelp index cded45f4171..86f96445a2a 100644 --- a/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.qhelp +++ b/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.qhelp @@ -108,7 +108,7 @@ text.gsub!(/^\s+|\s+$/, '') # BAD

    - Sometimes it's unclear how a regular expression can be rewritten to + Sometimes it is unclear how a regular expression can be rewritten to avoid the problem. In such cases, it often suffices to limit the length of the input string. For instance, the following complicated regular expression is used to match numbers, and on some non-number @@ -119,7 +119,7 @@ text.gsub!(/^\s+|\s+$/, '') # BAD is_matching = /^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.match?(str)

    - It's not immediately obvious how to rewrite this regular expression + It is not immediately obvious how to rewrite this regular expression to avoid the problem. However, it might be fine to limit the length to 1000 characters, which will always finish in a reasonable amount of time. From f94fdc63480561de7197e4e81d3a89e7b8fa0ddf Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 17 May 2023 10:37:12 +0200 Subject: [PATCH 425/870] JS: Remove mention of TrackedNode in docs --- .../codeql-library-for-javascript.rst | 35 ++++--------------- .../query17.qll | 7 ++-- .../tests.expected | 2 ++ .../tst.js | 6 +++- 4 files changed, 15 insertions(+), 35 deletions(-) diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-javascript.rst b/docs/codeql/codeql-language-guides/codeql-library-for-javascript.rst index 8c9c6d8cffa..e529d99b449 100644 --- a/docs/codeql/codeql-language-guides/codeql-library-for-javascript.rst +++ b/docs/codeql/codeql-language-guides/codeql-library-for-javascript.rst @@ -700,28 +700,7 @@ The data flow graph-based analyses described so far are all intraprocedural: the We distinguish here between data flow proper, and *taint tracking*: the latter not only considers value-preserving flow (such as from variable definitions to uses), but also cases where one value influences ("taints") another without determining it entirely. For example, in the assignment ``s2 = s1.substring(i)``, the value of ``s1`` influences the value of ``s2``, because ``s2`` is assigned a substring of ``s1``. In general, ``s2`` will not be assigned ``s1`` itself, so there is no data flow from ``s1`` to ``s2``, but ``s1`` still taints ``s2``. -The simplest way of implementing an interprocedural data flow analysis is to extend either class ``DataFlow::TrackedNode`` or ``DataFlow::TrackedExpr``. The former is a subclass of ``DataFlow::Node``, the latter of ``Expr``, and extending them ensures that the newly added values are tracked interprocedurally. You can use the predicate ``flowsTo`` to find out which nodes/expressions the tracked value flows to. - -For example, suppose that we are developing an analysis to find hard-coded passwords. We might start by writing a simple query that looks for string constants flowing into variables named ``"password"``. To do this, we can extend ``TrackedExpr`` to track all constant strings, ``flowsTo`` to find cases where such a string flows into a (SSA) definition of a password variable: - -.. code-block:: ql - - import javascript - - class TrackedStringLiteral extends DataFlow::TrackedNode { - TrackedStringLiteral() { - this.asExpr() instanceof ConstantString - } - } - - from TrackedStringLiteral source, DataFlow::Node sink, SsaExplicitDefinition def - where source.flowsTo(sink) and sink = DataFlow::ssaDefinitionNode(def) and - def.getSourceVariable().getName().toLowerCase() = "password" - select sink - -Note that ``TrackedNode`` and ``TrackedExpr`` do not restrict the set of "sinks" for the inter-procedural flow analysis, tracking flow into any expression that they might flow to. This can be expensive for large code bases, and is often unnecessary, since usually you are only interested in flow to a particular set of sinks. For example, the above query only looks for flow into assignments to password variables. - -This is a particular instance of a general pattern, whereby we want to specify a data flow or taint analysis in terms of its *sources* (where flow starts), *sinks* (where it should be tracked), and *barriers* or *sanitizers* (where flow is interrupted). The example does not include any sanitizers, but they are very common in security analyses: for example, an analysis that tracks the flow of untrusted user input into, say, a SQL query has to keep track of code that validates the input, thereby making it safe to use. Such a validation step is an example of a sanitizer. +It is a common pattern that we wish to specify data flow or taint analysis in terms of its *sources* (where flow starts), *sinks* (where it should be tracked), and *barriers* or *sanitizers* (where flow is interrupted). Sanitizers they are very common in security analyses: for example, an analysis that tracks the flow of untrusted user input into, say, a SQL query has to keep track of code that validates the input, thereby making it safe to use. Such a validation step is an example of a sanitizer. The classes ``DataFlow::Configuration`` and ``TaintTracking::Configuration`` allow specifying a data flow or taint analysis, respectively, by overriding the following predicates: @@ -735,10 +714,12 @@ Since for technical reasons both ``Configuration`` classes are subtypes of ``str The predicate ``Configuration.hasFlow`` performs the actual flow tracking, starting at a source and looking for flow to a sink that does not pass through a barrier node or edge. -To continue with our above example, we can phrase it as a data flow configuration as follows: +For example, suppose that we are developing an analysis to find hard-coded passwords. We might write a simple query that looks for string constants flowing into variables named ``"password"``. .. code-block:: ql + import javascript + class PasswordTracker extends DataFlow::Configuration { PasswordTracker() { // unique identifier for this configuration @@ -754,11 +735,8 @@ To continue with our above example, we can phrase it as a data flow configuratio } predicate passwordVarAssign(Variable v, DataFlow::Node nd) { - exists (SsaExplicitDefinition def | - nd = DataFlow::ssaDefinitionNode(def) and - def.getSourceVariable() = v and - v.getName().toLowerCase() = "password" - ) + v.getAnAssignedExpr() = nd.asExpr() and + v.getName().toLowerCase() = "password" } } @@ -770,7 +748,6 @@ Now we can rephrase our query to use ``Configuration.hasFlow``: where pt.hasFlow(source, sink) and pt.passwordVarAssign(v, sink) select sink, "Password variable " + v + " is assigned a constant string." -Note that while analyses implemented in this way are inter-procedural in that they track flow and taint across function calls and returns, flow through global variables is not tracked. Flow through object properties is only tracked in limited cases, for example through properties of object literals or CommonJS ``module`` and ``exports`` objects. Syntax errors ~~~~~~~~~~~~~ diff --git a/javascript/ql/test/tutorials/Introducing the JavaScript libraries/query17.qll b/javascript/ql/test/tutorials/Introducing the JavaScript libraries/query17.qll index 0b21d872ad6..1de380f710b 100644 --- a/javascript/ql/test/tutorials/Introducing the JavaScript libraries/query17.qll +++ b/javascript/ql/test/tutorials/Introducing the JavaScript libraries/query17.qll @@ -11,11 +11,8 @@ class PasswordTracker extends DataFlow::Configuration { override predicate isSink(DataFlow::Node nd) { this.passwordVarAssign(_, nd) } predicate passwordVarAssign(Variable v, DataFlow::Node nd) { - exists(SsaExplicitDefinition def | - nd = DataFlow::ssaDefinitionNode(def) and - def.getSourceVariable() = v and - v.getName().toLowerCase() = "password" - ) + v.getAnAssignedExpr() = nd.asExpr() and + v.getName().toLowerCase() = "password" } } diff --git a/javascript/ql/test/tutorials/Introducing the JavaScript libraries/tests.expected b/javascript/ql/test/tutorials/Introducing the JavaScript libraries/tests.expected index 57bfd73841f..bbec34be602 100644 --- a/javascript/ql/test/tutorials/Introducing the JavaScript libraries/tests.expected +++ b/javascript/ql/test/tutorials/Introducing the JavaScript libraries/tests.expected @@ -9,6 +9,7 @@ test_query4 | tst.js:29:1:29:5 | 1 + 2 | This expression should be bracketed to clarify precedence rules. | test_query19 test_query17 +| tst.js:38:18:38:23 | "blah" | Password variable password is assigned a constant string. | test_query18 | m.js:1:1:3:0 | | 0 | test_query8 @@ -18,6 +19,7 @@ test_query11 | tst.js:31:12:31:12 | x | Dead store of local variable. | | tst.js:31:15:31:15 | y | Dead store of local variable. | | tst.js:31:18:31:18 | x | Dead store of local variable. | +| tst.js:38:7:38:23 | password = "blah" | Dead store of local variable. | test_query12 test_query20 test_query3 diff --git a/javascript/ql/test/tutorials/Introducing the JavaScript libraries/tst.js b/javascript/ql/test/tutorials/Introducing the JavaScript libraries/tst.js index 804012a2673..0714ee8101a 100644 --- a/javascript/ql/test/tutorials/Introducing the JavaScript libraries/tst.js +++ b/javascript/ql/test/tutorials/Introducing the JavaScript libraries/tst.js @@ -32,4 +32,8 @@ function l(x, y, x) { for (i=0;i<10;++i); } -var j, j; \ No newline at end of file +var j, j; + +function foo() { + var password = "blah"; +} From a5ef738bb007588c1557e1ed4073533cad723c46 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Wed, 17 May 2023 08:37:18 +0000 Subject: [PATCH 426/870] add extra parameters in query-messages --- .../ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql | 2 +- .../Telemetry/AutomodelFrameworkModeExtractNegativeExamples.ql | 2 +- .../Telemetry/AutomodelFrameworkModeExtractPositiveExamples.ql | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql index 5e22050a06a..a64327422a0 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractCandidates.ql @@ -39,7 +39,7 @@ where sinkType, ", " ) select endpoint, - message + "\nrelated locations: $@, $@." + "\nmetadata: $@, $@, $@, $@, $@, $@.", // + message + "\nrelated locations: $@, $@." + "\nmetadata: $@, $@, $@, $@, $@, $@, $@.", // CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, MethodDoc()), "MethodDoc", // CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, ClassDoc()), "ClassDoc", // package.(DollarAtString), "package", // diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractNegativeExamples.ql b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractNegativeExamples.ql index d2e34f2c9b8..f1ba8ee4119 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractNegativeExamples.ql +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractNegativeExamples.ql @@ -36,7 +36,7 @@ where ) and message = characteristic select endpoint, - message + "\nrelated locations: $@, $@." + "\nmetadata: $@, $@, $@, $@, $@, $@.", // + message + "\nrelated locations: $@, $@." + "\nmetadata: $@, $@, $@, $@, $@, $@, $@.", // CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, MethodDoc()), "MethodDoc", // CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, ClassDoc()), "ClassDoc", // package.(DollarAtString), "package", // diff --git a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractPositiveExamples.ql b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractPositiveExamples.ql index b1174a82919..e216c292538 100644 --- a/java/ql/src/Telemetry/AutomodelFrameworkModeExtractPositiveExamples.ql +++ b/java/ql/src/Telemetry/AutomodelFrameworkModeExtractPositiveExamples.ql @@ -23,7 +23,7 @@ where // Extract positive examples of sinks belonging to the existing ATM query configurations. CharacteristicsImpl::isKnownSink(endpoint, sinkType) select endpoint, - sinkType + "\nrelated locations: $@, $@." + "\nmetadata: $@, $@, $@, $@, $@, $@.", // + sinkType + "\nrelated locations: $@, $@." + "\nmetadata: $@, $@, $@, $@, $@, $@, $@.", // CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, MethodDoc()), "MethodDoc", // CharacteristicsImpl::getRelatedLocationOrCandidate(endpoint, ClassDoc()), "ClassDoc", // package.(DollarAtString), "package", // From f47acfb0838f5bb1941bffed98b4a1586120ee96 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 17 May 2023 10:37:19 +0200 Subject: [PATCH 427/870] JS: Trim whitespace --- .../codeql-language-guides/codeql-library-for-javascript.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-javascript.rst b/docs/codeql/codeql-language-guides/codeql-library-for-javascript.rst index e529d99b449..6742dfa8e76 100644 --- a/docs/codeql/codeql-language-guides/codeql-library-for-javascript.rst +++ b/docs/codeql/codeql-language-guides/codeql-library-for-javascript.rst @@ -193,7 +193,7 @@ The class `ASTNode `__, the standard Node.js ``http`` and ``https`` modules, `Connect `__, `Koa `__, `Hapi `__ and `Restify `__. From 9ec6c7daea8b267f5371ef1b3f5dc465d9f2e417 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 17 May 2023 10:47:25 +0200 Subject: [PATCH 428/870] JS: Avoid using global vars in documentation examples --- ...-labels-for-precise-data-flow-analysis.rst | 28 +++++++++++-------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst b/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst index 597ce491463..8625d637366 100644 --- a/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst +++ b/docs/codeql/codeql-language-guides/using-flow-labels-for-precise-data-flow-analysis.rst @@ -70,18 +70,22 @@ For example, we would like to flag this code: .. code-block:: javascript - var data = JSON.parse(str); - if (data.length > 0) { // problematic: `data` may be `null` - ... + function test(str) { + var data = JSON.parse(str); + if (data.length > 0) { // problematic: `data` may be `null` + ... + } } This code, on the other hand, should not be flagged: .. code-block:: javascript - var data = JSON.parse(str); - if (data && data.length > 0) { // unproblematic: `data` is first checked for nullness - ... + function test(str) { + var data = JSON.parse(str); + if (data && data.length > 0) { // unproblematic: `data` is first checked for nullness + ... + } } We will first try to write a query to find this kind of problem without flow labels, and use the @@ -168,11 +172,13 @@ checked for null-guardedness: .. code-block:: javascript - var root = JSON.parse(str); - if (root) { - var payload = root.data; // unproblematic: `root` cannot be `null` here - if (payload.length > 0) { // problematic: `payload` may be `null` here - ... + function test(str) { + var root = JSON.parse(str); + if (root) { + var payload = root.data; // unproblematic: `root` cannot be `null` here + if (payload.length > 0) { // problematic: `payload` may be `null` here + ... + } } } From 3293a55e8f5a1332dbdbce5028e43266574e350f Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Wed, 17 May 2023 11:05:29 +0200 Subject: [PATCH 429/870] require arguments to be shell interpreted to be flagged by indirect-command-injection --- .../dataflow/IndirectCommandInjectionCustomizations.qll | 8 ++++++-- .../command-line-parameter-command-injection.js | 2 ++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll index 511b8c2ae70..b2b94fcca8d 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionCustomizations.qll @@ -199,9 +199,13 @@ module IndirectCommandInjection { } /** - * A command argument to a function that initiates an operating system command. + * A command argument to a function that initiates an operating system command as a shell invocation. */ private class SystemCommandExecutionSink extends Sink, DataFlow::ValueNode { - SystemCommandExecutionSink() { this = any(SystemCommandExecution sys).getACommandArgument() } + SystemCommandExecutionSink() { + exists(SystemCommandExecution sys | + sys.isShellInterpreted(this) and this = sys.getACommandArgument() + ) + } } } diff --git a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/command-line-parameter-command-injection.js b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/command-line-parameter-command-injection.js index 62aacbfb77a..17b8b6c9c25 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/command-line-parameter-command-injection.js +++ b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/command-line-parameter-command-injection.js @@ -144,4 +144,6 @@ cp.exec("cmd.sh " + require("optimist").argv.foo); // NOT OK cp.exec("cmd.sh " + program.opts().pizzaType); // NOT OK cp.exec("cmd.sh " + program.pizzaType); // NOT OK + + cp.execFile(program.opts().pizzaType, ["foo", "bar"]); // OK }); \ No newline at end of file From cbd7601a412586858635adb30b6e3ed06919e426 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Wed, 17 May 2023 11:05:45 +0200 Subject: [PATCH 430/870] implement `isShellInterpreted` on `ExecActionsCall` --- .../ql/lib/semmle/javascript/frameworks/ActionsLib.qll | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll b/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll index 09733d783f1..b0b26560ff2 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/ActionsLib.qll @@ -78,5 +78,10 @@ private class ExecActionsCall extends SystemCommandExecution, DataFlow::CallNode override DataFlow::Node getOptionsArg() { result = this.getArgument(2) } + override predicate isShellInterpreted(DataFlow::Node arg) { + arg = this.getACommandArgument() and + not this.getArgumentList().getALocalSource() instanceof DataFlow::ArrayCreationNode + } + override predicate isSync() { none() } } From b1c1513a10337c2117761fc57117c42fe36aa241 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Wed, 17 May 2023 11:21:09 +0200 Subject: [PATCH 431/870] C++: Add forgotten test annotation in for `cpp/invalid-pointer-deref` test --- .../query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp index 4536e2bd2e6..e18b630c26f 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp @@ -304,7 +304,7 @@ void test21() { void** xs = new void*[n]; for (int i = 0; i < n; i += 2) { - xs[i] = test21_get(i); - xs[i+1] = test21_get(i+1); + xs[i] = test21_get(i); // GOOD + xs[i+1] = test21_get(i+1); // GOOD [FALSE POSITIVE] } } From 883ec7a0e9a9880d3f38ea6da3899304ca7a9f20 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Wed, 17 May 2023 11:24:46 +0200 Subject: [PATCH 432/870] C++: Add forgotten `private` specifiers in product flow --- .../experimental/semmle/code/cpp/dataflow/ProductFlow.qll | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll b/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll index c2c27158434..be7aadd76cf 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll @@ -290,9 +290,9 @@ module ProductFlow { predicate isBarrierIn(DataFlow::Node node) { Config::isBarrierIn1(node) } } - module Flow1 = DataFlow::GlobalWithState; + private module Flow1 = DataFlow::GlobalWithState; - module Config2 implements DataFlow::StateConfigSig { + private module Config2 implements DataFlow::StateConfigSig { class FlowState = FlowState2; predicate isSource(DataFlow::Node source, FlowState state) { @@ -322,7 +322,7 @@ module ProductFlow { predicate isBarrierIn(DataFlow::Node node) { Config::isBarrierIn2(node) } } - module Flow2 = DataFlow::GlobalWithState; + private module Flow2 = DataFlow::GlobalWithState; pragma[nomagic] private predicate reachableInterprocEntry( From 31ae513f8cb1e5ea9a80c21d13bd48df5152c18f Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Wed, 17 May 2023 11:27:37 +0200 Subject: [PATCH 433/870] C++: Implement the `subpaths` query predicate for `cpp/invalid-pointer-deref` --- .../Security/CWE/CWE-193/InvalidPointerDeref.ql | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql index 1c81092ab3d..fc8b964596a 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql @@ -345,6 +345,16 @@ query predicate edges(MergedPathNode node1, MergedPathNode node2) { joinOn2(node1.asPathNode3(), node2.asSinkNode(), _) } +query predicate subpaths( + MergedPathNode arg, MergedPathNode par, MergedPathNode ret, MergedPathNode out +) { + AllocToInvalidPointerFlow::PathGraph1::subpaths(arg.asPathNode1(), par.asPathNode1(), + ret.asPathNode1(), out.asPathNode1()) + or + InvalidPointerToDerefFlow::PathGraph::subpaths(arg.asPathNode3(), par.asPathNode3(), + ret.asPathNode3(), out.asPathNode3()) +} + /** * Holds if `p1` is a sink of `AllocToInvalidPointerConf` and `p2` is a source * of `InvalidPointerToDerefConf`, and they are connected through `pai`. From 7e153863766956ebfaa8d2bfc28db88461dc5ee2 Mon Sep 17 00:00:00 2001 From: Alex Denisov Date: Wed, 17 May 2023 11:27:22 +0200 Subject: [PATCH 434/870] Swift: bump all versions to 0.1.0 --- swift/codeql-extractor.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/swift/codeql-extractor.yml b/swift/codeql-extractor.yml index 94a63897697..0439f0ea3e0 100644 --- a/swift/codeql-extractor.yml +++ b/swift/codeql-extractor.yml @@ -1,6 +1,6 @@ name: "swift" display_name: "Swift" -version: 0.0.1 +version: 0.1.0 column_kind: "utf8" legacy_qltest_extraction: true github_api_languages: diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 3cb8840e0eb..f45d347bad3 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 0.0.0 +version: 0.1.0 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 7e473775c1c..2a0bee06578 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 0.0.0 +version: 0.1.0 groups: - swift - queries From b83aaf9594df88544ea357d7179f9a234fb15375 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Wed, 17 May 2023 11:39:41 +0200 Subject: [PATCH 435/870] C++: Use range analysis-based `hasSize` predicate in `cpp/invalid-pointer-deref` This is copied from `cpp/overrun-write`. --- .../CWE/CWE-193/InvalidPointerDeref.ql | 43 +++++-------------- 1 file changed, 11 insertions(+), 32 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql index 1c81092ab3d..a42249aeafa 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql @@ -48,44 +48,23 @@ bindingset[b] pragma[inline_late] predicate bounded2(Instruction i, Instruction b, int delta) { boundedImpl(i, b, delta) } -/** - * Holds if the combination of `n` and `state` represents an appropriate - * source for the expression `e` suitable for use-use flow. - */ -private predicate hasSizeImpl(Expr e, DataFlow::Node n, int state) { - // The simple case: If the size is a variable access with no qualifier we can just use the - // dataflow node for that expression and no state. - exists(VariableAccess va | - va = e and - not va instanceof FieldAccess and - n.asConvertedExpr() = va.getFullyConverted() and - state = 0 - ) - or - // If the size is a choice between two expressions we allow both to be nodes representing the size. - exists(ConditionalExpr cond | cond = e | hasSizeImpl([cond.getThen(), cond.getElse()], n, state)) - or - // If the size is an expression plus a constant, we pick the dataflow node of the expression and - // remember the constant in the state. - exists(Expr const, Expr nonconst | - e.(AddExpr).hasOperands(const, nonconst) and - state = const.getValue().toInt() and - hasSizeImpl(nonconst, n, _) - ) - or - exists(Expr const, Expr nonconst | - e.(SubExpr).hasOperands(const, nonconst) and - state = -const.getValue().toInt() and - hasSizeImpl(nonconst, n, _) - ) -} +VariableAccess getAVariableAccess(Expr e) { e.getAChild*() = result } /** * Holds if `(n, state)` pair represents the source of flow for the size * expression associated with `alloc`. */ predicate hasSize(HeuristicAllocationExpr alloc, DataFlow::Node n, int state) { - hasSizeImpl(alloc.getSizeExpr(), n, state) + exists(VariableAccess va, Expr size, int delta | + size = alloc.getSizeExpr() and + // Get the unique variable in a size expression like `x` in `malloc(x + 1)`. + va = unique( | | getAVariableAccess(size)) and + // Compute `delta` as the constant difference between `x` and `x + 1`. + bounded1(any(Instruction instr | instr.getUnconvertedResultExpression() = size), + any(LoadInstruction load | load.getUnconvertedResultExpression() = va), delta) and + n.asConvertedExpr() = va.getFullyConverted() and + state = delta + ) } /** From 5a824547108dcd6bb4a08b067dc634026b4ea698 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Wed, 17 May 2023 12:02:21 +0200 Subject: [PATCH 436/870] add change-note --- javascript/ql/src/change-notes/2023-05-17-indirect-shell.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 javascript/ql/src/change-notes/2023-05-17-indirect-shell.md diff --git a/javascript/ql/src/change-notes/2023-05-17-indirect-shell.md b/javascript/ql/src/change-notes/2023-05-17-indirect-shell.md new file mode 100644 index 00000000000..8ccbe9ed032 --- /dev/null +++ b/javascript/ql/src/change-notes/2023-05-17-indirect-shell.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The `js/indirect-command-line-injection` query no command arguments that cannot be interpreted as a shell string. From 014eb255bb6a4c323ef66b619a382ad2590969c9 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Wed, 17 May 2023 12:09:22 +0200 Subject: [PATCH 437/870] C++: Update expected test results --- .../CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected | 1 + 1 file changed, 1 insertion(+) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected index 011b1f8e161..59d89316088 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected @@ -653,6 +653,7 @@ edges | test.cpp:304:15:304:26 | new[] | test.cpp:308:5:308:6 | xs | | test.cpp:308:5:308:6 | xs | test.cpp:308:5:308:11 | access to array | | test.cpp:308:5:308:11 | access to array | test.cpp:308:5:308:29 | Store: ... = ... | +subpaths #select | test.cpp:6:14:6:15 | Load: * ... | test.cpp:4:15:4:20 | call to malloc | test.cpp:6:14:6:15 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:4:15:4:20 | call to malloc | call to malloc | test.cpp:5:19:5:22 | size | size | | test.cpp:8:14:8:21 | Load: * ... | test.cpp:4:15:4:20 | call to malloc | test.cpp:8:14:8:21 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:4:15:4:20 | call to malloc | call to malloc | test.cpp:5:19:5:22 | size | size | From c2ec1b0a810fcc79a3524f5933e67cbede16f4f0 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 17 May 2023 13:11:32 +0200 Subject: [PATCH 438/870] C#: Add extension method testcase for Models as Data. --- .../dataflow/external-models/ExternalFlow.cs | 21 +++++++++++++++++++ .../external-models/ExternalFlow.expected | 8 +++++++ .../external-models/ExternalFlow.ext.yml | 1 + 3 files changed, 30 insertions(+) diff --git a/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.cs b/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.cs index 7f307e390ea..05772dfb29a 100644 --- a/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.cs +++ b/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.cs @@ -214,4 +214,25 @@ namespace My.Qltest static void Sink(object o) { } } + + public interface HI { } + + public class HC : HI { } + + public static class HE + { + public static object ExtensionMethod(this HI h) => throw null; + } + + public class H + { + void M1() + { + var h = new HC(); + var o = h.ExtensionMethod(); + Sink(o); + } + + static void Sink(object o) { } + } } \ No newline at end of file diff --git a/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected b/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected index 25267c71e87..09ce9945cdf 100644 --- a/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected +++ b/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected @@ -70,6 +70,9 @@ edges | ExternalFlow.cs:197:42:197:43 | access to local variable o2 : Object | ExternalFlow.cs:197:18:197:44 | call to method GeneratedFlowArgs | | ExternalFlow.cs:205:22:205:33 | object creation of type Object : Object | ExternalFlow.cs:206:38:206:39 | access to local variable o2 : Object | | ExternalFlow.cs:206:38:206:39 | access to local variable o2 : Object | ExternalFlow.cs:206:18:206:40 | call to method MixedFlowArgs | +| ExternalFlow.cs:231:21:231:28 | object creation of type HC : HC | ExternalFlow.cs:232:21:232:21 | access to local variable h : HC | +| ExternalFlow.cs:232:21:232:21 | access to local variable h : HC | ExternalFlow.cs:232:21:232:39 | call to method ExtensionMethod : HC | +| ExternalFlow.cs:232:21:232:39 | call to method ExtensionMethod : HC | ExternalFlow.cs:233:18:233:18 | access to local variable o | nodes | ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | semmle.label | object creation of type Object : Object | | ExternalFlow.cs:10:18:10:33 | call to method StepArgRes | semmle.label | call to method StepArgRes | @@ -162,6 +165,10 @@ nodes | ExternalFlow.cs:205:22:205:33 | object creation of type Object : Object | semmle.label | object creation of type Object : Object | | ExternalFlow.cs:206:18:206:40 | call to method MixedFlowArgs | semmle.label | call to method MixedFlowArgs | | ExternalFlow.cs:206:38:206:39 | access to local variable o2 : Object | semmle.label | access to local variable o2 : Object | +| ExternalFlow.cs:231:21:231:28 | object creation of type HC : HC | semmle.label | object creation of type HC : HC | +| ExternalFlow.cs:232:21:232:21 | access to local variable h : HC | semmle.label | access to local variable h : HC | +| ExternalFlow.cs:232:21:232:39 | call to method ExtensionMethod : HC | semmle.label | call to method ExtensionMethod : HC | +| ExternalFlow.cs:233:18:233:18 | access to local variable o | semmle.label | access to local variable o | subpaths #select | ExternalFlow.cs:10:18:10:33 | call to method StepArgRes | ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | ExternalFlow.cs:10:18:10:33 | call to method StepArgRes | $@ | ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | object creation of type Object : Object | @@ -188,3 +195,4 @@ subpaths | ExternalFlow.cs:194:18:194:44 | call to method GeneratedFlowArgs | ExternalFlow.cs:193:22:193:33 | object creation of type Object : Object | ExternalFlow.cs:194:18:194:44 | call to method GeneratedFlowArgs | $@ | ExternalFlow.cs:193:22:193:33 | object creation of type Object : Object | object creation of type Object : Object | | ExternalFlow.cs:197:18:197:44 | call to method GeneratedFlowArgs | ExternalFlow.cs:196:22:196:33 | object creation of type Object : Object | ExternalFlow.cs:197:18:197:44 | call to method GeneratedFlowArgs | $@ | ExternalFlow.cs:196:22:196:33 | object creation of type Object : Object | object creation of type Object : Object | | ExternalFlow.cs:206:18:206:40 | call to method MixedFlowArgs | ExternalFlow.cs:205:22:205:33 | object creation of type Object : Object | ExternalFlow.cs:206:18:206:40 | call to method MixedFlowArgs | $@ | ExternalFlow.cs:205:22:205:33 | object creation of type Object : Object | object creation of type Object : Object | +| ExternalFlow.cs:233:18:233:18 | access to local variable o | ExternalFlow.cs:231:21:231:28 | object creation of type HC : HC | ExternalFlow.cs:233:18:233:18 | access to local variable o | $@ | ExternalFlow.cs:231:21:231:28 | object creation of type HC : HC | object creation of type HC : HC | diff --git a/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.ext.yml b/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.ext.yml index 99d387e5ebe..f626949e6f4 100644 --- a/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.ext.yml +++ b/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.ext.yml @@ -29,3 +29,4 @@ extensions: - ["My.Qltest", "G", false, "GeneratedFlowArgs", "(System.Object,System.Object)", "", "Argument[1]", "ReturnValue", "value", "df-generated"] - ["My.Qltest", "G", false, "MixedFlowArgs", "(System.Object,System.Object)", "", "Argument[0]", "ReturnValue", "value", "df-generated"] - ["My.Qltest", "G", false, "MixedFlowArgs", "(System.Object,System.Object)", "", "Argument[1]", "ReturnValue", "value", "manual"] + - ["My.Qltest", "HE", false, "ExtensionMethod", "(My.Qltest.HI)", "", "Argument[0]", "ReturnValue", "value", "manual"] From 0f93f3a5ad134cc612a02df70db8e6ce14d09a73 Mon Sep 17 00:00:00 2001 From: Charis Kyriakou Date: Wed, 17 May 2023 12:34:47 +0100 Subject: [PATCH 439/870] Remove GITHUB_TOKEN permissions note since it's no longer required --- .../running-codeql-queries-at-scale-with-mrva.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva.rst b/docs/codeql/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva.rst index 656aec444de..83dc32edf76 100644 --- a/docs/codeql/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva.rst +++ b/docs/codeql/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva.rst @@ -23,7 +23,7 @@ If you want to run variant analysis on your repositories, you need to enable cod Setting a controller repository for variant analysis ---------------------------------------------------- -When you run variant analysis, the analysis is run entirely using GitHub Actions. You don't need to create any workflows, but you must specify which GitHub repository the CodeQL extension should use as the "controller repository." Controller repositories can be empty, but they must have at least one commit. The ``GITHUB_TOKEN`` must also have "Read and write permissions" to run workflows in that repository. For more information, see "`Managing GitHub Actions settings for a repository `__." +When you run variant analysis, the analysis is run entirely using GitHub Actions. You don't need to create any workflows, but you must specify which GitHub repository the CodeQL extension should use as the "controller repository." Controller repositories can be empty, but they must have at least one commit. .. pull-quote:: From 3b2c3f6f40ebb3aa7c8859f38a027c7c52688b56 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 17 May 2023 13:46:51 +0100 Subject: [PATCH 440/870] C++: Use an 'EquivalenceRelation' instead of the 'shortestDistances' HOP in 'getInstruction'. This reduces the memory pressure when generating the CFG for Wireshark. --- .../ir/implementation/aliased_ssa/IRBlock.qll | 21 +++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll index 78008a6c69b..34a7abf7b5e 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll @@ -255,14 +255,27 @@ private module Cached { cached newtype TIRBlock = MkIRBlock(Instruction firstInstr) { startsBasicBlock(firstInstr) } - /** Holds if `i` is the `index`th instruction the block starting with `first`. */ - private Instruction getInstructionFromFirst(Instruction first, int index) = - shortestDistances(startsBasicBlock/1, adjacentInBlock/2)(first, result, index) + /** Gets the index of `i` in its `IRBlock`. */ + private int getMemberIndex(Instruction i) { + startsBasicBlock(i) and + result = 0 + or + exists(Instruction iPrev | + adjacentInBlock(iPrev, i) and + result = getMemberIndex(iPrev) + 1 + ) + } + + private module BlockAdjacency = QlBuiltins::EquivalenceRelation; /** Holds if `i` is the `index`th instruction in `block`. */ cached Instruction getInstruction(TIRBlock block, int index) { - result = getInstructionFromFirst(getFirstInstruction(block), index) + exists(Instruction first | + block = MkIRBlock(first) and + index = getMemberIndex(result) and + BlockAdjacency::getEquivalenceClass(first) = BlockAdjacency::getEquivalenceClass(result) + ) } cached From 771abf4f97c8c681ebf823ef2f717892901092ab Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 17 May 2023 13:47:01 +0100 Subject: [PATCH 441/870] C++/C#: Sync identical files. --- .../cpp/ir/implementation/raw/IRBlock.qll | 21 +++++++++++++++---- .../implementation/unaliased_ssa/IRBlock.qll | 21 +++++++++++++++---- .../ir/implementation/raw/IRBlock.qll | 21 +++++++++++++++---- .../implementation/unaliased_ssa/IRBlock.qll | 21 +++++++++++++++---- 4 files changed, 68 insertions(+), 16 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll index 78008a6c69b..34a7abf7b5e 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll @@ -255,14 +255,27 @@ private module Cached { cached newtype TIRBlock = MkIRBlock(Instruction firstInstr) { startsBasicBlock(firstInstr) } - /** Holds if `i` is the `index`th instruction the block starting with `first`. */ - private Instruction getInstructionFromFirst(Instruction first, int index) = - shortestDistances(startsBasicBlock/1, adjacentInBlock/2)(first, result, index) + /** Gets the index of `i` in its `IRBlock`. */ + private int getMemberIndex(Instruction i) { + startsBasicBlock(i) and + result = 0 + or + exists(Instruction iPrev | + adjacentInBlock(iPrev, i) and + result = getMemberIndex(iPrev) + 1 + ) + } + + private module BlockAdjacency = QlBuiltins::EquivalenceRelation; /** Holds if `i` is the `index`th instruction in `block`. */ cached Instruction getInstruction(TIRBlock block, int index) { - result = getInstructionFromFirst(getFirstInstruction(block), index) + exists(Instruction first | + block = MkIRBlock(first) and + index = getMemberIndex(result) and + BlockAdjacency::getEquivalenceClass(first) = BlockAdjacency::getEquivalenceClass(result) + ) } cached diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll index 78008a6c69b..34a7abf7b5e 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll @@ -255,14 +255,27 @@ private module Cached { cached newtype TIRBlock = MkIRBlock(Instruction firstInstr) { startsBasicBlock(firstInstr) } - /** Holds if `i` is the `index`th instruction the block starting with `first`. */ - private Instruction getInstructionFromFirst(Instruction first, int index) = - shortestDistances(startsBasicBlock/1, adjacentInBlock/2)(first, result, index) + /** Gets the index of `i` in its `IRBlock`. */ + private int getMemberIndex(Instruction i) { + startsBasicBlock(i) and + result = 0 + or + exists(Instruction iPrev | + adjacentInBlock(iPrev, i) and + result = getMemberIndex(iPrev) + 1 + ) + } + + private module BlockAdjacency = QlBuiltins::EquivalenceRelation; /** Holds if `i` is the `index`th instruction in `block`. */ cached Instruction getInstruction(TIRBlock block, int index) { - result = getInstructionFromFirst(getFirstInstruction(block), index) + exists(Instruction first | + block = MkIRBlock(first) and + index = getMemberIndex(result) and + BlockAdjacency::getEquivalenceClass(first) = BlockAdjacency::getEquivalenceClass(result) + ) } cached diff --git a/csharp/ql/src/experimental/ir/implementation/raw/IRBlock.qll b/csharp/ql/src/experimental/ir/implementation/raw/IRBlock.qll index 78008a6c69b..34a7abf7b5e 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/IRBlock.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/IRBlock.qll @@ -255,14 +255,27 @@ private module Cached { cached newtype TIRBlock = MkIRBlock(Instruction firstInstr) { startsBasicBlock(firstInstr) } - /** Holds if `i` is the `index`th instruction the block starting with `first`. */ - private Instruction getInstructionFromFirst(Instruction first, int index) = - shortestDistances(startsBasicBlock/1, adjacentInBlock/2)(first, result, index) + /** Gets the index of `i` in its `IRBlock`. */ + private int getMemberIndex(Instruction i) { + startsBasicBlock(i) and + result = 0 + or + exists(Instruction iPrev | + adjacentInBlock(iPrev, i) and + result = getMemberIndex(iPrev) + 1 + ) + } + + private module BlockAdjacency = QlBuiltins::EquivalenceRelation; /** Holds if `i` is the `index`th instruction in `block`. */ cached Instruction getInstruction(TIRBlock block, int index) { - result = getInstructionFromFirst(getFirstInstruction(block), index) + exists(Instruction first | + block = MkIRBlock(first) and + index = getMemberIndex(result) and + BlockAdjacency::getEquivalenceClass(first) = BlockAdjacency::getEquivalenceClass(result) + ) } cached diff --git a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRBlock.qll b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRBlock.qll index 78008a6c69b..34a7abf7b5e 100644 --- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRBlock.qll +++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRBlock.qll @@ -255,14 +255,27 @@ private module Cached { cached newtype TIRBlock = MkIRBlock(Instruction firstInstr) { startsBasicBlock(firstInstr) } - /** Holds if `i` is the `index`th instruction the block starting with `first`. */ - private Instruction getInstructionFromFirst(Instruction first, int index) = - shortestDistances(startsBasicBlock/1, adjacentInBlock/2)(first, result, index) + /** Gets the index of `i` in its `IRBlock`. */ + private int getMemberIndex(Instruction i) { + startsBasicBlock(i) and + result = 0 + or + exists(Instruction iPrev | + adjacentInBlock(iPrev, i) and + result = getMemberIndex(iPrev) + 1 + ) + } + + private module BlockAdjacency = QlBuiltins::EquivalenceRelation; /** Holds if `i` is the `index`th instruction in `block`. */ cached Instruction getInstruction(TIRBlock block, int index) { - result = getInstructionFromFirst(getFirstInstruction(block), index) + exists(Instruction first | + block = MkIRBlock(first) and + index = getMemberIndex(result) and + BlockAdjacency::getEquivalenceClass(first) = BlockAdjacency::getEquivalenceClass(result) + ) } cached From baddfc4357fff93b64624cf0d311918097c576a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Wed, 17 May 2023 14:47:28 +0200 Subject: [PATCH 442/870] Suggestion from CR --- .github/workflows/check-change-note.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/check-change-note.yml b/.github/workflows/check-change-note.yml index eab506fd52c..137d1b30c80 100644 --- a/.github/workflows/check-change-note.yml +++ b/.github/workflows/check-change-note.yml @@ -2,7 +2,7 @@ name: Check change note on: pull_request_target: - types: [labeled, unlabeled, opened, synchronize, reopened, ready_for_review] + types: [labeled, unlabeled, opened, synchronize, reopened, ready_for_review]q paths: - "*/ql/src/**/*.ql" - "*/ql/src/**/*.qll" @@ -31,5 +31,5 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - gh api 'repos/${{github.repository}}/pulls/${{github.event.number}}/files' --paginate --jq '[.[].filename | select(test("/change-notes/.*[.]md$") or test("/change-notes/released/.*[.]md$"))] | all(test("/change-notes/[0-9]{4}-[0-9]{2}-[0-9]{2}.*[.]md$") or test("/change-notes/released/[0-9]*[.][0-9]*[.][0-9]*[.]md$"))' | + gh api 'repos/${{github.repository}}/pulls/${{github.event.number}}/files' --paginate --jq '[.[].filename | select(test("/change-notes/.*[.]md$"))] | all(test("/change-notes/[0-9]{4}-[0-9]{2}-[0-9]{2}.*[.]md$") or test("/change-notes/released/[0-9]*[.][0-9]*[.][0-9]*[.]md$"))' | grep true -c From 239234c5d2702e6bf7e667cc5257bfa1d7dae4dc Mon Sep 17 00:00:00 2001 From: Erik Krogh Kristensen Date: Wed, 17 May 2023 14:47:32 +0200 Subject: [PATCH 443/870] fix bad change-note Co-authored-by: Asger F --- javascript/ql/src/change-notes/2023-05-17-indirect-shell.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/src/change-notes/2023-05-17-indirect-shell.md b/javascript/ql/src/change-notes/2023-05-17-indirect-shell.md index 8ccbe9ed032..556e9976152 100644 --- a/javascript/ql/src/change-notes/2023-05-17-indirect-shell.md +++ b/javascript/ql/src/change-notes/2023-05-17-indirect-shell.md @@ -1,4 +1,4 @@ --- category: minorAnalysis --- -* The `js/indirect-command-line-injection` query no command arguments that cannot be interpreted as a shell string. +* The `js/indirect-command-line-injection` query no longer flags command arguments that cannot be interpreted as a shell string. From 8cd85a5676abbd64e1d3f5dafee9647d63e2a90b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alvaro=20Mu=C3=B1oz?= Date: Wed, 17 May 2023 16:16:30 +0200 Subject: [PATCH 444/870] add flow support for unmarshaled object fields --- .../lib/semmle/code/java/Serializability.qll | 1 + .../frameworks/google/GsonSerializability.qll | 71 +++++++++++++++++++ 2 files changed, 72 insertions(+) create mode 100644 java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll diff --git a/java/ql/lib/semmle/code/java/Serializability.qll b/java/ql/lib/semmle/code/java/Serializability.qll index fc8a19040f0..72490118020 100644 --- a/java/ql/lib/semmle/code/java/Serializability.qll +++ b/java/ql/lib/semmle/code/java/Serializability.qll @@ -4,6 +4,7 @@ import java private import frameworks.jackson.JacksonSerializability +private import frameworks.google.GsonSerializability private import frameworks.google.GoogleHttpClientApi /** diff --git a/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll b/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll new file mode 100644 index 00000000000..1f887b2d44e --- /dev/null +++ b/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll @@ -0,0 +1,71 @@ +/** + * Provides classes and predicates for working with Java Serialization in the context of + * the `com.google.gson` JSON processing framework. + */ + +import java +import semmle.code.java.Serializability +import semmle.code.java.dataflow.DataFlow +import semmle.code.java.dataflow.FlowSteps + +/** + * A method used for deserializing objects using Gson. The first parameter is the object to be + * deserialized. + */ +private class GsonReadValueMethod extends Method { + GsonReadValueMethod() { + this.getDeclaringType().hasQualifiedName("com.google.gson", "Gson") and + this.getName().matches("fromJson") + } +} + +/** A type whose values may be deserialized by the Gson JSON framework. */ +abstract class GsonDeserializableType extends Type { } + +/** A type whose values are explicitly deserialized in a call to a Gson method. */ +private class ExplicitlyReadGsonDeserializableType extends GsonDeserializableType { + ExplicitlyReadGsonDeserializableType() { + exists(MethodAccess ma | + // A call to a Gson read method... + ma.getMethod() instanceof GsonReadValueMethod and + // ...where `this` is used in the final argument, indicating that this type will be deserialized. + // TODO: find a way to get the type represented by java.lang.reflect.Type and com.google.gson.reflect.TypeToken + // fromJson​(String json, TypeToken typeOfT) + // fromJson​(String json, Type typeOfT) + usesType(ma.getArgument(1).getType(), this) and + not this instanceof TypeClass and + not this instanceof TypeObject + ) + } +} + +predicate test(MethodAccess ma) { + ma.getMethod() instanceof GsonReadValueMethod +} + +/** A type used in a `GsonDeserializableField` declaration. */ +private class FieldReferencedGsonDeserializableType extends GsonDeserializableType { + FieldReferencedGsonDeserializableType() { + exists(GsonDeserializableField f | usesType(f.getType(), this)) + } +} + +/** A field that may be deserialized using the Gson JSON framework. */ +class GsonDeserializableField extends DeserializableField { + pragma[assume_small_delta] + GsonDeserializableField() { + exists(GsonDeserializableType superType | + superType = this.getDeclaringType().getAnAncestor() and + not superType instanceof TypeObject and + // TODO: if we have the source, can we just track the flow through the backing fields? + //superType.fromSource() + not superType.(RefType).getPackage().getName().matches("java%") + ) + } +} + +private class GsonInheritTaint extends DataFlow::FieldContent, TaintInheritingContent { + GsonInheritTaint() { + this.getField() instanceof GsonDeserializableField + } +} From 7baf244ac69f27855cc5fc48b72c5171d925410f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alvaro=20Mu=C3=B1oz?= Date: Wed, 17 May 2023 16:18:46 +0200 Subject: [PATCH 445/870] remove test predicate --- .../java/frameworks/google/GsonSerializability.qll | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll b/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll index 1f887b2d44e..cec369b14c2 100644 --- a/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll +++ b/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll @@ -39,10 +39,6 @@ private class ExplicitlyReadGsonDeserializableType extends GsonDeserializableTyp } } -predicate test(MethodAccess ma) { - ma.getMethod() instanceof GsonReadValueMethod -} - /** A type used in a `GsonDeserializableField` declaration. */ private class FieldReferencedGsonDeserializableType extends GsonDeserializableType { FieldReferencedGsonDeserializableType() { @@ -56,7 +52,7 @@ class GsonDeserializableField extends DeserializableField { GsonDeserializableField() { exists(GsonDeserializableType superType | superType = this.getDeclaringType().getAnAncestor() and - not superType instanceof TypeObject and + not superType instanceof TypeObject and // TODO: if we have the source, can we just track the flow through the backing fields? //superType.fromSource() not superType.(RefType).getPackage().getName().matches("java%") @@ -65,7 +61,5 @@ class GsonDeserializableField extends DeserializableField { } private class GsonInheritTaint extends DataFlow::FieldContent, TaintInheritingContent { - GsonInheritTaint() { - this.getField() instanceof GsonDeserializableField - } + GsonInheritTaint() { this.getField() instanceof GsonDeserializableField } } From b235b1cbb9e5d69e3b9fb9038c46bf830873623e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alvaro=20Mu=C3=B1oz?= Date: Wed, 17 May 2023 16:40:28 +0200 Subject: [PATCH 446/870] improve yaml models --- java/ql/lib/ext/com.google.gson.model.yml | 33 +++++++++++++++++-- .../frameworks/google/GsonSerializability.qll | 1 - 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/java/ql/lib/ext/com.google.gson.model.yml b/java/ql/lib/ext/com.google.gson.model.yml index a35ff0f117e..b867997c8df 100644 --- a/java/ql/lib/ext/com.google.gson.model.yml +++ b/java/ql/lib/ext/com.google.gson.model.yml @@ -3,11 +3,38 @@ extensions: pack: codeql/java-all extensible: summaryModel data: - - ["com.google.gson", "Gson", False, "toJson", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["com.google.gson", "Gson", False, "toJsonTree", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["com.google.gson", "Gson", False, "toString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["com.google.gson", "Gson", False, "fromJson", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "Gson", False, "toJson", "(JsonElement)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "Gson", False, "toJson", "(JsonElement,JsonWriter)", "", "Argument[0]", "Argument[1]", "taint", "manual"] + - ["com.google.gson", "Gson", False, "toJson", "(JsonElement,Appendable)", "", "Argument[0]", "Argument[1]", "taint", "manual"] + - ["com.google.gson", "Gson", False, "toJson", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "Gson", False, "toJson", "(Object,Appendable)", "", "Argument[0]", "Argument[1]", "taint", "manual"] + - ["com.google.gson", "Gson", False, "toJson", "(Object,Type)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "Gson", False, "toJson", "(Object,Type,Appendable)", "", "Argument[0]", "Argument[2]", "taint", "manual"] + - ["com.google.gson", "Gson", False, "toJson", "(Object,Type,JsonWriter)", "", "Argument[0]", "Argument[2]", "taint", "manual"] + - ["com.google.gson", "Gson", False, "toJsonTree", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "Gson", False, "toJsonTree", "(Object,Type)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "Gson", False, "toString", "()", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["com.google.gson", "Gson", False, "newJsonReader", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["com.google.gson", "Gson", False, "newJsonWriter", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["com.google.gson.stream", "JsonReader", False, "nextName", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["com.google.gson.stream", "JsonReader", False, "nextString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "JsonElement", True, "getAsByte", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "JsonElement", True, "getAsCharacter", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "JsonElement", True, "getAsJsonArray", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "JsonElement", True, "getAsJsonObject", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "JsonElement", True, "getAsJsonPrimitive", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "JsonElement", True, "getAsString", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "JsonElement", True, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "JsonArray", True, "add", "", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["com.google.gson", "JsonArray", True, "asList", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "JsonArray", True, "get", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "JsonArray", True, "set", "", "", "Argument[1]", "Argument[this]", "taint", "manual"] + - ["com.google.gson", "JsonObject", True, "add", "", "", "Argument[1]", "Argument[this]", "taint", "manual"] + - ["com.google.gson", "JsonObject", True, "addProperty", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "manual"] + - ["com.google.gson", "JsonObject", True, "asMap", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "JsonObject", True, "entrySet", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "JsonObject", True, "get", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "JsonObject", True, "keySet", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "JsonPrimitive", True, "JsonPrimitive", "(Character)", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["com.google.gson", "JsonPrimitive", True, "JsonPrimitive", "(String)", "", "Argument[0]", "Argument[this]", "taint", "manual"] diff --git a/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll b/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll index cec369b14c2..ec1dea15497 100644 --- a/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll +++ b/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll @@ -53,7 +53,6 @@ class GsonDeserializableField extends DeserializableField { exists(GsonDeserializableType superType | superType = this.getDeclaringType().getAnAncestor() and not superType instanceof TypeObject and - // TODO: if we have the source, can we just track the flow through the backing fields? //superType.fromSource() not superType.(RefType).getPackage().getName().matches("java%") ) From 57cc316ecdfd569a6f33cf1e90533dafe1fdb78d Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 17 May 2023 15:42:38 +0100 Subject: [PATCH 447/870] C++: Fix bug for single-instruction basic blocks. --- .../code/cpp/ir/implementation/aliased_ssa/IRBlock.qll | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll index 34a7abf7b5e..4de4279b54c 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll @@ -271,8 +271,9 @@ private module Cached { /** Holds if `i` is the `index`th instruction in `block`. */ cached Instruction getInstruction(TIRBlock block, int index) { - exists(Instruction first | - block = MkIRBlock(first) and + exists(Instruction first | block = MkIRBlock(first) | + first = result and index = 0 + or index = getMemberIndex(result) and BlockAdjacency::getEquivalenceClass(first) = BlockAdjacency::getEquivalenceClass(result) ) From 9e05569121c7654f46f08c3f3ef53ea71613488b Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 17 May 2023 15:42:44 +0100 Subject: [PATCH 448/870] C++/C#: Sync identical files. --- cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll | 5 +++-- .../code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll | 5 +++-- csharp/ql/src/experimental/ir/implementation/raw/IRBlock.qll | 5 +++-- .../experimental/ir/implementation/unaliased_ssa/IRBlock.qll | 5 +++-- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll index 34a7abf7b5e..4de4279b54c 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll @@ -271,8 +271,9 @@ private module Cached { /** Holds if `i` is the `index`th instruction in `block`. */ cached Instruction getInstruction(TIRBlock block, int index) { - exists(Instruction first | - block = MkIRBlock(first) and + exists(Instruction first | block = MkIRBlock(first) | + first = result and index = 0 + or index = getMemberIndex(result) and BlockAdjacency::getEquivalenceClass(first) = BlockAdjacency::getEquivalenceClass(result) ) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll index 34a7abf7b5e..4de4279b54c 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll @@ -271,8 +271,9 @@ private module Cached { /** Holds if `i` is the `index`th instruction in `block`. */ cached Instruction getInstruction(TIRBlock block, int index) { - exists(Instruction first | - block = MkIRBlock(first) and + exists(Instruction first | block = MkIRBlock(first) | + first = result and index = 0 + or index = getMemberIndex(result) and BlockAdjacency::getEquivalenceClass(first) = BlockAdjacency::getEquivalenceClass(result) ) diff --git a/csharp/ql/src/experimental/ir/implementation/raw/IRBlock.qll b/csharp/ql/src/experimental/ir/implementation/raw/IRBlock.qll index 34a7abf7b5e..4de4279b54c 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/IRBlock.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/IRBlock.qll @@ -271,8 +271,9 @@ private module Cached { /** Holds if `i` is the `index`th instruction in `block`. */ cached Instruction getInstruction(TIRBlock block, int index) { - exists(Instruction first | - block = MkIRBlock(first) and + exists(Instruction first | block = MkIRBlock(first) | + first = result and index = 0 + or index = getMemberIndex(result) and BlockAdjacency::getEquivalenceClass(first) = BlockAdjacency::getEquivalenceClass(result) ) diff --git a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRBlock.qll b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRBlock.qll index 34a7abf7b5e..4de4279b54c 100644 --- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRBlock.qll +++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRBlock.qll @@ -271,8 +271,9 @@ private module Cached { /** Holds if `i` is the `index`th instruction in `block`. */ cached Instruction getInstruction(TIRBlock block, int index) { - exists(Instruction first | - block = MkIRBlock(first) and + exists(Instruction first | block = MkIRBlock(first) | + first = result and index = 0 + or index = getMemberIndex(result) and BlockAdjacency::getEquivalenceClass(first) = BlockAdjacency::getEquivalenceClass(result) ) From be84fc2eacb80bfca97e40c7641e43eb599b8b00 Mon Sep 17 00:00:00 2001 From: Jami Cogswell Date: Wed, 17 May 2023 10:52:16 -0400 Subject: [PATCH 449/870] C#: add change note --- .../change-notes/2023-05-17-update-csharp-sink-kinds.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 csharp/ql/lib/change-notes/2023-05-17-update-csharp-sink-kinds.md diff --git a/csharp/ql/lib/change-notes/2023-05-17-update-csharp-sink-kinds.md b/csharp/ql/lib/change-notes/2023-05-17-update-csharp-sink-kinds.md new file mode 100644 index 00000000000..ce6d618af5e --- /dev/null +++ b/csharp/ql/lib/change-notes/2023-05-17-update-csharp-sink-kinds.md @@ -0,0 +1,9 @@ +--- +category: minorAnalysis +--- +* Updated the following C# sink kind names. Any custom data extensions that use these sink kinds will need to be updated accordingly in order to continue working. + * `code` to `code-injection` + * `sql` to `sql-injection` + * `html` to `html-injection` + * `xss` to `js-injection` + * `remote` to `file-content-store` From f72afd07278babadbae09bca1b5d4b3bd8cd9e65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Wed, 17 May 2023 17:08:37 +0200 Subject: [PATCH 450/870] fixing typo --- .github/workflows/check-change-note.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check-change-note.yml b/.github/workflows/check-change-note.yml index 137d1b30c80..51dd61a3f73 100644 --- a/.github/workflows/check-change-note.yml +++ b/.github/workflows/check-change-note.yml @@ -2,7 +2,7 @@ name: Check change note on: pull_request_target: - types: [labeled, unlabeled, opened, synchronize, reopened, ready_for_review]q + types: [labeled, unlabeled, opened, synchronize, reopened, ready_for_review] paths: - "*/ql/src/**/*.ql" - "*/ql/src/**/*.qll" From 66b13e2294bb5baea9ec3d7d58aded8a1e4135ec Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 17 May 2023 17:08:14 +0100 Subject: [PATCH 451/870] Swift: Add a test of enum decls. --- .../elements/decl/enumdecl/enumdecl.expected | 27 +++++++++++++++++++ .../elements/decl/enumdecl/enumdecl.ql | 25 +++++++++++++++++ .../elements/decl/enumdecl/enumdecl.swift | 20 ++++++++++++++ 3 files changed, 72 insertions(+) create mode 100644 swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected create mode 100644 swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql create mode 100644 swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.swift diff --git a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected new file mode 100644 index 00000000000..0f20f1f20f4 --- /dev/null +++ b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected @@ -0,0 +1,27 @@ +| enumdecl.swift:2:1:6:1 | MyColours | (EnumDecl), .getMember(0) = case ..., .getMember(1) = red, .getMember(10) = hashValue, .getMember(2) = case ..., .getMember(3) = green, .getMember(4) = yellow, .getMember(5) = case ..., .getMember(6) = blue, .getMember(7) = __derived_enum_equals(_:_:), .getMember(8) = var ... = ..., .getMember(9) = hash(into:), .getType = MyColours | +| enumdecl.swift:3:2:3:7 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyColours, .getElement(0) = red | +| enumdecl.swift:3:7:3:7 | red | (EnumElementDecl), .getDeclaringDecl = MyColours | +| enumdecl.swift:4:2:4:14 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyColours, .getElement(0) = green, .getElement(1) = yellow | +| enumdecl.swift:4:7:4:7 | green | (EnumElementDecl), .getDeclaringDecl = MyColours | +| enumdecl.swift:4:14:4:14 | yellow | (EnumElementDecl), .getDeclaringDecl = MyColours | +| enumdecl.swift:5:2:5:7 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyColours, .getElement(0) = blue | +| enumdecl.swift:5:7:5:7 | blue | (EnumElementDecl), .getDeclaringDecl = MyColours | +| enumdecl.swift:8:1:11:1 | MyContainer | (EnumDecl), .getMember(0) = case ..., .getMember(1) = str, .getMember(2) = case ..., .getMember(3) = pair, .getType = MyContainer | +| enumdecl.swift:9:2:9:17 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyContainer, .getElement(0) = str | +| enumdecl.swift:9:7:9:17 | str | (EnumElementDecl), .getDeclaringDecl = MyContainer, .getParam(0) = _ | +| enumdecl.swift:10:2:10:26 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyContainer, .getElement(0) = pair | +| enumdecl.swift:10:7:10:26 | pair | (EnumElementDecl), .getDeclaringDecl = MyContainer, .getParam(0) = x, .getParam(1) = y | +| enumdecl.swift:13:1:16:1 | MyNumbers | (EnumDecl), .getMember(0) = case ..., .getMember(1) = one, .getMember(2) = two, .getMember(3) = case ..., .getMember(4) = three, .getMember(5) = four, .getMember(6) = MyNumbers.init(rawValue:), .getMember(7) = var ... = ..., .getMember(8) = RawValue, .getMember(9) = rawValue, .getType = MyNumbers | +| enumdecl.swift:14:2:14:16 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyNumbers, .getElement(0) = one, .getElement(1) = two | +| enumdecl.swift:14:7:14:13 | one | (EnumElementDecl), .getDeclaringDecl = MyNumbers | +| enumdecl.swift:14:16:14:16 | two | (EnumElementDecl), .getDeclaringDecl = MyNumbers | +| enumdecl.swift:15:2:15:14 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyNumbers, .getElement(0) = three, .getElement(1) = four | +| enumdecl.swift:15:7:15:7 | three | (EnumElementDecl), .getDeclaringDecl = MyNumbers | +| enumdecl.swift:15:14:15:14 | four | (EnumElementDecl), .getDeclaringDecl = MyNumbers | +| enumdecl.swift:18:1:20:1 | MyGreek | (EnumDecl), .getMember(0) = case ..., .getMember(1) = alpha, .getMember(2) = beta, .getMember(3) = gamma, .getMember(4) = delta, .getMember(5) = epsilon, .getMember(6) = __derived_enum_equals(_:_:), .getMember(7) = var ... = ..., .getMember(8) = hash(into:), .getMember(9) = hashValue, .getType = MyGreek | +| enumdecl.swift:19:2:19:34 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyGreek, .getElement(0) = alpha, .getElement(1) = beta, .getElement(2) = gamma, .getElement(3) = delta, .getElement(4) = epsilon | +| enumdecl.swift:19:7:19:7 | alpha | (EnumElementDecl), .getDeclaringDecl = MyGreek | +| enumdecl.swift:19:14:19:14 | beta | (EnumElementDecl), .getDeclaringDecl = MyGreek | +| enumdecl.swift:19:20:19:20 | gamma | (EnumElementDecl), .getDeclaringDecl = MyGreek | +| enumdecl.swift:19:27:19:27 | delta | (EnumElementDecl), .getDeclaringDecl = MyGreek | +| enumdecl.swift:19:34:19:34 | epsilon | (EnumElementDecl), .getDeclaringDecl = MyGreek | diff --git a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql new file mode 100644 index 00000000000..18d07936f21 --- /dev/null +++ b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql @@ -0,0 +1,25 @@ +import swift + +string describe(Decl d) { + (d instanceof EnumDecl and result = "(EnumDecl)") + or + (d instanceof EnumCaseDecl and result = "(EnumCaseDecl)") + or + (d instanceof EnumElementDecl and result = "(EnumElementDecl)") + or + result = ".getType = " + d.(EnumDecl).getType().toString() + or + result = ".getDeclaringDecl = " + d.getDeclaringDecl().toString() + or + exists(int i | + result = ".getMember(" + i.toString() + ") = " + d.getMember(i).toString() + or + result = ".getElement(" + i.toString() + ") = " + d.(EnumCaseDecl).getElement(i).toString() + or + result = ".getParam(" + i.toString() + ") = " + d.(EnumElementDecl).getParam(i).toString() + ) +} + +from Decl d +where d.getLocation().getFile().getName() != "" +select d, strictconcat(describe(d), ", ") diff --git a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.swift b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.swift new file mode 100644 index 00000000000..7a8b06b7d94 --- /dev/null +++ b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.swift @@ -0,0 +1,20 @@ + +enum MyColours { + case red + case green, yellow + case blue +} + +enum MyContainer { + case str(String) + case pair(x: Int, y: Int) +} + +enum MyNumbers: Int { + case one = 1, two + case three, four +} + +enum MyGreek { + case alpha, beta, gamma, delta, epsilon +} From 95caaecd7158064f114dd8c0ce4e55b1a2775ab7 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 17 May 2023 18:40:01 +0100 Subject: [PATCH 452/870] Swift: Add EnumDecl.getEnumElement(_). --- .../codeql/swift/elements/decl/EnumDecl.qll | 51 ++++++++++++++++++- .../elements/decl/enumdecl/enumdecl.expected | 8 +-- .../elements/decl/enumdecl/enumdecl.ql | 2 + 3 files changed, 55 insertions(+), 6 deletions(-) diff --git a/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll index f7c42dc9a2f..b1100cc9abe 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll @@ -1,4 +1,51 @@ -// generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.EnumDecl +private import codeql.swift.elements.decl.EnumCaseDecl +private import codeql.swift.elements.decl.EnumElementDecl +private import codeql.swift.elements.decl.Decl -class EnumDecl extends Generated::EnumDecl { } +/** + * An enumeration declaration, for example: + * ``` + * enum MyColours { + * case red + * case green + * case blue + * } + * ``` + */ +class EnumDecl extends Generated::EnumDecl { + /** + * Gets the number of `EnumElementDecl`s in this enumeration before the `index`th member. Some + * of the members of an `EnumDecl` are `EnumCaseDecls` (representing the `case` lines), each of + * which holds one or more `EnumElementDecl`s. + */ + private int countEnumElementsTo(int memberIndex) { + memberIndex = 0 and result = 0 + or + exists(Decl prev | prev = this.getMember(memberIndex - 1) | + result = this.countEnumElementsTo(memberIndex - 1) + prev.(EnumCaseDecl).getNumberOfElements() + or + not prev instanceof EnumCaseDecl and + result = this.countEnumElementsTo(memberIndex - 1) + ) + } + + /** + * Gets the `index`th enumeration element of this enumeration (0-based). + */ + final EnumElementDecl getEnumElement(int index) { + exists(int memberIndex | + result = + this.getMember(memberIndex) + .(EnumCaseDecl) + .getElement(index - this.countEnumElementsTo(memberIndex)) + ) + } + + /** + * Gets an enumeration element of this enumeration. + */ + final EnumElementDecl getAnEnumElement() { + result = this.getMember(_).(EnumCaseDecl).getElement(_) + } +} diff --git a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected index 0f20f1f20f4..0494f6a9da8 100644 --- a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected +++ b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected @@ -1,4 +1,4 @@ -| enumdecl.swift:2:1:6:1 | MyColours | (EnumDecl), .getMember(0) = case ..., .getMember(1) = red, .getMember(10) = hashValue, .getMember(2) = case ..., .getMember(3) = green, .getMember(4) = yellow, .getMember(5) = case ..., .getMember(6) = blue, .getMember(7) = __derived_enum_equals(_:_:), .getMember(8) = var ... = ..., .getMember(9) = hash(into:), .getType = MyColours | +| enumdecl.swift:2:1:6:1 | MyColours | (EnumDecl), .getEnumElement(0) = red, .getEnumElement(1) = green, .getEnumElement(2) = yellow, .getEnumElement(3) = blue, .getMember(0) = case ..., .getMember(1) = red, .getMember(10) = hashValue, .getMember(2) = case ..., .getMember(3) = green, .getMember(4) = yellow, .getMember(5) = case ..., .getMember(6) = blue, .getMember(7) = __derived_enum_equals(_:_:), .getMember(8) = var ... = ..., .getMember(9) = hash(into:), .getType = MyColours | | enumdecl.swift:3:2:3:7 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyColours, .getElement(0) = red | | enumdecl.swift:3:7:3:7 | red | (EnumElementDecl), .getDeclaringDecl = MyColours | | enumdecl.swift:4:2:4:14 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyColours, .getElement(0) = green, .getElement(1) = yellow | @@ -6,19 +6,19 @@ | enumdecl.swift:4:14:4:14 | yellow | (EnumElementDecl), .getDeclaringDecl = MyColours | | enumdecl.swift:5:2:5:7 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyColours, .getElement(0) = blue | | enumdecl.swift:5:7:5:7 | blue | (EnumElementDecl), .getDeclaringDecl = MyColours | -| enumdecl.swift:8:1:11:1 | MyContainer | (EnumDecl), .getMember(0) = case ..., .getMember(1) = str, .getMember(2) = case ..., .getMember(3) = pair, .getType = MyContainer | +| enumdecl.swift:8:1:11:1 | MyContainer | (EnumDecl), .getEnumElement(0) = str, .getEnumElement(1) = pair, .getMember(0) = case ..., .getMember(1) = str, .getMember(2) = case ..., .getMember(3) = pair, .getType = MyContainer | | enumdecl.swift:9:2:9:17 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyContainer, .getElement(0) = str | | enumdecl.swift:9:7:9:17 | str | (EnumElementDecl), .getDeclaringDecl = MyContainer, .getParam(0) = _ | | enumdecl.swift:10:2:10:26 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyContainer, .getElement(0) = pair | | enumdecl.swift:10:7:10:26 | pair | (EnumElementDecl), .getDeclaringDecl = MyContainer, .getParam(0) = x, .getParam(1) = y | -| enumdecl.swift:13:1:16:1 | MyNumbers | (EnumDecl), .getMember(0) = case ..., .getMember(1) = one, .getMember(2) = two, .getMember(3) = case ..., .getMember(4) = three, .getMember(5) = four, .getMember(6) = MyNumbers.init(rawValue:), .getMember(7) = var ... = ..., .getMember(8) = RawValue, .getMember(9) = rawValue, .getType = MyNumbers | +| enumdecl.swift:13:1:16:1 | MyNumbers | (EnumDecl), .getEnumElement(0) = one, .getEnumElement(1) = two, .getEnumElement(2) = three, .getEnumElement(3) = four, .getMember(0) = case ..., .getMember(1) = one, .getMember(2) = two, .getMember(3) = case ..., .getMember(4) = three, .getMember(5) = four, .getMember(6) = MyNumbers.init(rawValue:), .getMember(7) = var ... = ..., .getMember(8) = RawValue, .getMember(9) = rawValue, .getType = MyNumbers | | enumdecl.swift:14:2:14:16 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyNumbers, .getElement(0) = one, .getElement(1) = two | | enumdecl.swift:14:7:14:13 | one | (EnumElementDecl), .getDeclaringDecl = MyNumbers | | enumdecl.swift:14:16:14:16 | two | (EnumElementDecl), .getDeclaringDecl = MyNumbers | | enumdecl.swift:15:2:15:14 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyNumbers, .getElement(0) = three, .getElement(1) = four | | enumdecl.swift:15:7:15:7 | three | (EnumElementDecl), .getDeclaringDecl = MyNumbers | | enumdecl.swift:15:14:15:14 | four | (EnumElementDecl), .getDeclaringDecl = MyNumbers | -| enumdecl.swift:18:1:20:1 | MyGreek | (EnumDecl), .getMember(0) = case ..., .getMember(1) = alpha, .getMember(2) = beta, .getMember(3) = gamma, .getMember(4) = delta, .getMember(5) = epsilon, .getMember(6) = __derived_enum_equals(_:_:), .getMember(7) = var ... = ..., .getMember(8) = hash(into:), .getMember(9) = hashValue, .getType = MyGreek | +| enumdecl.swift:18:1:20:1 | MyGreek | (EnumDecl), .getEnumElement(0) = alpha, .getEnumElement(1) = beta, .getEnumElement(2) = gamma, .getEnumElement(3) = delta, .getEnumElement(4) = epsilon, .getMember(0) = case ..., .getMember(1) = alpha, .getMember(2) = beta, .getMember(3) = gamma, .getMember(4) = delta, .getMember(5) = epsilon, .getMember(6) = __derived_enum_equals(_:_:), .getMember(7) = var ... = ..., .getMember(8) = hash(into:), .getMember(9) = hashValue, .getType = MyGreek | | enumdecl.swift:19:2:19:34 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyGreek, .getElement(0) = alpha, .getElement(1) = beta, .getElement(2) = gamma, .getElement(3) = delta, .getElement(4) = epsilon | | enumdecl.swift:19:7:19:7 | alpha | (EnumElementDecl), .getDeclaringDecl = MyGreek | | enumdecl.swift:19:14:19:14 | beta | (EnumElementDecl), .getDeclaringDecl = MyGreek | diff --git a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql index 18d07936f21..a8e9b2e1f9f 100644 --- a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql +++ b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql @@ -17,6 +17,8 @@ string describe(Decl d) { result = ".getElement(" + i.toString() + ") = " + d.(EnumCaseDecl).getElement(i).toString() or result = ".getParam(" + i.toString() + ") = " + d.(EnumElementDecl).getParam(i).toString() + or + result = ".getEnumElement(" + i.toString() + ") = " + d.(EnumDecl).getEnumElement(i).toString() ) } From 6c35bbf5c2c3f0145603b7c6514e19c733d37b2e Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 17 May 2023 18:45:19 +0100 Subject: [PATCH 453/870] Swift: Simplify / focus the test. --- .../elements/decl/enumdecl/enumdecl.expected | 8 ++++---- .../test/library-tests/elements/decl/enumdecl/enumdecl.ql | 2 -- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected index 0494f6a9da8..5e0222c484c 100644 --- a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected +++ b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected @@ -1,4 +1,4 @@ -| enumdecl.swift:2:1:6:1 | MyColours | (EnumDecl), .getEnumElement(0) = red, .getEnumElement(1) = green, .getEnumElement(2) = yellow, .getEnumElement(3) = blue, .getMember(0) = case ..., .getMember(1) = red, .getMember(10) = hashValue, .getMember(2) = case ..., .getMember(3) = green, .getMember(4) = yellow, .getMember(5) = case ..., .getMember(6) = blue, .getMember(7) = __derived_enum_equals(_:_:), .getMember(8) = var ... = ..., .getMember(9) = hash(into:), .getType = MyColours | +| enumdecl.swift:2:1:6:1 | MyColours | (EnumDecl), .getEnumElement(0) = red, .getEnumElement(1) = green, .getEnumElement(2) = yellow, .getEnumElement(3) = blue, .getType = MyColours | | enumdecl.swift:3:2:3:7 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyColours, .getElement(0) = red | | enumdecl.swift:3:7:3:7 | red | (EnumElementDecl), .getDeclaringDecl = MyColours | | enumdecl.swift:4:2:4:14 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyColours, .getElement(0) = green, .getElement(1) = yellow | @@ -6,19 +6,19 @@ | enumdecl.swift:4:14:4:14 | yellow | (EnumElementDecl), .getDeclaringDecl = MyColours | | enumdecl.swift:5:2:5:7 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyColours, .getElement(0) = blue | | enumdecl.swift:5:7:5:7 | blue | (EnumElementDecl), .getDeclaringDecl = MyColours | -| enumdecl.swift:8:1:11:1 | MyContainer | (EnumDecl), .getEnumElement(0) = str, .getEnumElement(1) = pair, .getMember(0) = case ..., .getMember(1) = str, .getMember(2) = case ..., .getMember(3) = pair, .getType = MyContainer | +| enumdecl.swift:8:1:11:1 | MyContainer | (EnumDecl), .getEnumElement(0) = str, .getEnumElement(1) = pair, .getType = MyContainer | | enumdecl.swift:9:2:9:17 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyContainer, .getElement(0) = str | | enumdecl.swift:9:7:9:17 | str | (EnumElementDecl), .getDeclaringDecl = MyContainer, .getParam(0) = _ | | enumdecl.swift:10:2:10:26 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyContainer, .getElement(0) = pair | | enumdecl.swift:10:7:10:26 | pair | (EnumElementDecl), .getDeclaringDecl = MyContainer, .getParam(0) = x, .getParam(1) = y | -| enumdecl.swift:13:1:16:1 | MyNumbers | (EnumDecl), .getEnumElement(0) = one, .getEnumElement(1) = two, .getEnumElement(2) = three, .getEnumElement(3) = four, .getMember(0) = case ..., .getMember(1) = one, .getMember(2) = two, .getMember(3) = case ..., .getMember(4) = three, .getMember(5) = four, .getMember(6) = MyNumbers.init(rawValue:), .getMember(7) = var ... = ..., .getMember(8) = RawValue, .getMember(9) = rawValue, .getType = MyNumbers | +| enumdecl.swift:13:1:16:1 | MyNumbers | (EnumDecl), .getEnumElement(0) = one, .getEnumElement(1) = two, .getEnumElement(2) = three, .getEnumElement(3) = four, .getType = MyNumbers | | enumdecl.swift:14:2:14:16 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyNumbers, .getElement(0) = one, .getElement(1) = two | | enumdecl.swift:14:7:14:13 | one | (EnumElementDecl), .getDeclaringDecl = MyNumbers | | enumdecl.swift:14:16:14:16 | two | (EnumElementDecl), .getDeclaringDecl = MyNumbers | | enumdecl.swift:15:2:15:14 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyNumbers, .getElement(0) = three, .getElement(1) = four | | enumdecl.swift:15:7:15:7 | three | (EnumElementDecl), .getDeclaringDecl = MyNumbers | | enumdecl.swift:15:14:15:14 | four | (EnumElementDecl), .getDeclaringDecl = MyNumbers | -| enumdecl.swift:18:1:20:1 | MyGreek | (EnumDecl), .getEnumElement(0) = alpha, .getEnumElement(1) = beta, .getEnumElement(2) = gamma, .getEnumElement(3) = delta, .getEnumElement(4) = epsilon, .getMember(0) = case ..., .getMember(1) = alpha, .getMember(2) = beta, .getMember(3) = gamma, .getMember(4) = delta, .getMember(5) = epsilon, .getMember(6) = __derived_enum_equals(_:_:), .getMember(7) = var ... = ..., .getMember(8) = hash(into:), .getMember(9) = hashValue, .getType = MyGreek | +| enumdecl.swift:18:1:20:1 | MyGreek | (EnumDecl), .getEnumElement(0) = alpha, .getEnumElement(1) = beta, .getEnumElement(2) = gamma, .getEnumElement(3) = delta, .getEnumElement(4) = epsilon, .getType = MyGreek | | enumdecl.swift:19:2:19:34 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyGreek, .getElement(0) = alpha, .getElement(1) = beta, .getElement(2) = gamma, .getElement(3) = delta, .getElement(4) = epsilon | | enumdecl.swift:19:7:19:7 | alpha | (EnumElementDecl), .getDeclaringDecl = MyGreek | | enumdecl.swift:19:14:19:14 | beta | (EnumElementDecl), .getDeclaringDecl = MyGreek | diff --git a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql index a8e9b2e1f9f..e2756b77a49 100644 --- a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql +++ b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql @@ -12,8 +12,6 @@ string describe(Decl d) { result = ".getDeclaringDecl = " + d.getDeclaringDecl().toString() or exists(int i | - result = ".getMember(" + i.toString() + ") = " + d.getMember(i).toString() - or result = ".getElement(" + i.toString() + ") = " + d.(EnumCaseDecl).getElement(i).toString() or result = ".getParam(" + i.toString() + ") = " + d.(EnumElementDecl).getParam(i).toString() From 3539e55bb2651a7b9b8b4b87d7e5059e843a191d Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 17 May 2023 19:21:41 +0100 Subject: [PATCH 454/870] Swift: Autoformat. --- .../test/library-tests/elements/decl/enumdecl/enumdecl.ql | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql index e2756b77a49..dba88e6009d 100644 --- a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql +++ b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql @@ -1,11 +1,11 @@ import swift string describe(Decl d) { - (d instanceof EnumDecl and result = "(EnumDecl)") + d instanceof EnumDecl and result = "(EnumDecl)" or - (d instanceof EnumCaseDecl and result = "(EnumCaseDecl)") + d instanceof EnumCaseDecl and result = "(EnumCaseDecl)" or - (d instanceof EnumElementDecl and result = "(EnumElementDecl)") + d instanceof EnumElementDecl and result = "(EnumElementDecl)" or result = ".getType = " + d.(EnumDecl).getType().toString() or From 5c6fc2ff019a8da08d0b08afccb085ab19cc2851 Mon Sep 17 00:00:00 2001 From: Nicky Mouha Date: Wed, 17 May 2023 15:18:52 -0400 Subject: [PATCH 455/870] Update IfStatementAdditionOverflow.ql --- .../CWE-190/IfStatementAdditionOverflow.ql | 42 +++++++++---------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql b/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql index a45ba737bab..3667f068a25 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql @@ -1,12 +1,8 @@ /** * @name Integer addition may overflow inside if statement - * @description Detects "if (a+b>c) a=c-b", which incorrectly implements - * a = min(a,c-b) if a+b overflows. Should be replaced by - * "if (a>c-b) a=c-b". Also detects "if (b+a>c) a=c-b" - * (swapped terms in addition), if (a+b>c) { a=c-b }" - * (assignment inside block), "c=", "<", "<=" instead of ">" (all operators). This - * integer overflow is the root cause of the buffer overflow + * @description Writing 'if (a+b>c) a=c-b' incorrectly implements + * 'a = min(a,c-b)' if 'a+b' overflows. This integer + * overflow is the root cause of the buffer overflow * in the SHA-3 reference implementation (CVE-2022-37454). * @kind problem * @problem.severity warning @@ -21,22 +17,26 @@ import cpp import semmle.code.cpp.valuenumbering.GlobalValueNumbering import semmle.code.cpp.valuenumbering.HashCons import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis -import semmle.code.cpp.commons.Exclusions +import semmle.code.cpp.controlflow.Guards -from IfStmt ifstmt, RelationalOperation relop, ExprStmt exprstmt, BlockStmt blockstmt, AssignExpr assignexpr, AddExpr addexpr, SubExpr subexpr -where ifstmt.getCondition() = relop and - relop.getAnOperand() = addexpr and +from + GuardCondition guard, Expr expr, ExprStmt exprstmt, BasicBlock block, AssignExpr assignexpr, + AddExpr addexpr, SubExpr subexpr +where + (guard.ensuresLt(expr, addexpr, 0, block, _) or guard.ensuresLt(addexpr, expr, 0, block, _)) and addexpr.getUnspecifiedType() instanceof IntegralType and - not isFromMacroDefinition(relop) and exprMightOverflowPositively(addexpr) and - (ifstmt.getThen() = exprstmt or - (ifstmt.getThen() = blockstmt and - blockstmt.getAStmt() = exprstmt)) and + block.getANode() = exprstmt and exprstmt.getExpr() = assignexpr and assignexpr.getRValue() = subexpr and - ((hashCons(addexpr.getLeftOperand()) = hashCons(assignexpr.getLValue()) and - globalValueNumber(addexpr.getRightOperand()) = globalValueNumber(subexpr.getRightOperand())) or - (hashCons(addexpr.getRightOperand()) = hashCons(assignexpr.getLValue()) and - globalValueNumber(addexpr.getLeftOperand()) = globalValueNumber(subexpr.getRightOperand()))) and - globalValueNumber(relop.getAnOperand()) = globalValueNumber(subexpr.getLeftOperand()) -select ifstmt, "\"if (a+b>c) a=c-b\" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as \"if (a>c-b) a=c-b\" which avoids the overflow.", addexpr, "addition" + ( + hashCons(addexpr.getLeftOperand()) = hashCons(assignexpr.getLValue()) and + globalValueNumber(addexpr.getRightOperand()) = globalValueNumber(subexpr.getRightOperand()) + or + hashCons(addexpr.getRightOperand()) = hashCons(assignexpr.getLValue()) and + globalValueNumber(addexpr.getLeftOperand()) = globalValueNumber(subexpr.getRightOperand()) + ) and + globalValueNumber(expr) = globalValueNumber(subexpr.getLeftOperand()) +select guard, + "\"if (a+b>c) a=c-b\" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as \"if (a>c-b) a=c-b\" which avoids the overflow.", + addexpr, "addition" From ef578617892e241545db4e0298c3b148d1558e74 Mon Sep 17 00:00:00 2001 From: Nicky Mouha Date: Wed, 17 May 2023 15:19:52 -0400 Subject: [PATCH 456/870] Update IfStatementAdditionOverflow.expected --- .../IfStatementAdditionOverflow.expected | 68 ++++++++++--------- 1 file changed, 35 insertions(+), 33 deletions(-) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/IfStatementAdditionOverflow.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/IfStatementAdditionOverflow.expected index 12dbde04790..2e31f173faa 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/IfStatementAdditionOverflow.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/IfStatementAdditionOverflow.expected @@ -1,33 +1,35 @@ -| test.cpp:18:2:18:20 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:18:6:18:8 | ... + ... | addition | -| test.cpp:19:2:19:24 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:19:6:19:8 | ... + ... | addition | -| test.cpp:20:2:20:20 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:20:6:20:8 | ... + ... | addition | -| test.cpp:21:2:21:24 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:21:6:21:8 | ... + ... | addition | -| test.cpp:22:2:22:20 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:22:8:22:10 | ... + ... | addition | -| test.cpp:23:2:23:24 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:23:8:23:10 | ... + ... | addition | -| test.cpp:24:2:24:20 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:24:8:24:10 | ... + ... | addition | -| test.cpp:25:2:25:24 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:25:8:25:10 | ... + ... | addition | -| test.cpp:27:2:27:21 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:27:6:27:8 | ... + ... | addition | -| test.cpp:28:2:28:25 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:28:6:28:8 | ... + ... | addition | -| test.cpp:29:2:29:21 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:29:6:29:8 | ... + ... | addition | -| test.cpp:30:2:30:25 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:30:6:30:8 | ... + ... | addition | -| test.cpp:31:2:31:21 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:31:9:31:11 | ... + ... | addition | -| test.cpp:32:2:32:25 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:32:9:32:11 | ... + ... | addition | -| test.cpp:33:2:33:21 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:33:9:33:11 | ... + ... | addition | -| test.cpp:34:2:34:25 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:34:9:34:11 | ... + ... | addition | -| test.cpp:36:2:36:20 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:36:6:36:8 | ... + ... | addition | -| test.cpp:37:2:37:24 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:37:6:37:8 | ... + ... | addition | -| test.cpp:38:2:38:20 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:38:6:38:8 | ... + ... | addition | -| test.cpp:39:2:39:24 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:39:6:39:8 | ... + ... | addition | -| test.cpp:40:2:40:20 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:40:8:40:10 | ... + ... | addition | -| test.cpp:41:2:41:24 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:41:8:41:10 | ... + ... | addition | -| test.cpp:42:2:42:20 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:42:8:42:10 | ... + ... | addition | -| test.cpp:43:2:43:24 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:43:8:43:10 | ... + ... | addition | -| test.cpp:45:2:45:21 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:45:6:45:8 | ... + ... | addition | -| test.cpp:46:2:46:25 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:46:6:46:8 | ... + ... | addition | -| test.cpp:47:2:47:21 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:47:6:47:8 | ... + ... | addition | -| test.cpp:48:2:48:25 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:48:6:48:8 | ... + ... | addition | -| test.cpp:49:2:49:21 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:49:9:49:11 | ... + ... | addition | -| test.cpp:50:2:50:25 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:50:9:50:11 | ... + ... | addition | -| test.cpp:51:2:51:21 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:51:9:51:11 | ... + ... | addition | -| test.cpp:52:2:52:25 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:52:9:52:11 | ... + ... | addition | -| test.cpp:54:2:54:20 | if (...) ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:54:6:54:8 | ... + ... | addition | +| test.cpp:18:6:18:10 | ... > ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:18:6:18:8 | ... + ... | addition | +| test.cpp:19:6:19:10 | ... > ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:19:6:19:8 | ... + ... | addition | +| test.cpp:20:6:20:10 | ... > ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:20:6:20:8 | ... + ... | addition | +| test.cpp:21:6:21:10 | ... > ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:21:6:21:8 | ... + ... | addition | +| test.cpp:22:6:22:10 | ... > ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:22:8:22:10 | ... + ... | addition | +| test.cpp:23:6:23:10 | ... > ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:23:8:23:10 | ... + ... | addition | +| test.cpp:24:6:24:10 | ... > ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:24:8:24:10 | ... + ... | addition | +| test.cpp:25:6:25:10 | ... > ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:25:8:25:10 | ... + ... | addition | +| test.cpp:27:6:27:11 | ... >= ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:27:6:27:8 | ... + ... | addition | +| test.cpp:28:6:28:11 | ... >= ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:28:6:28:8 | ... + ... | addition | +| test.cpp:29:6:29:11 | ... >= ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:29:6:29:8 | ... + ... | addition | +| test.cpp:30:6:30:11 | ... >= ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:30:6:30:8 | ... + ... | addition | +| test.cpp:31:6:31:11 | ... >= ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:31:9:31:11 | ... + ... | addition | +| test.cpp:32:6:32:11 | ... >= ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:32:9:32:11 | ... + ... | addition | +| test.cpp:33:6:33:11 | ... >= ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:33:9:33:11 | ... + ... | addition | +| test.cpp:34:6:34:11 | ... >= ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:34:9:34:11 | ... + ... | addition | +| test.cpp:36:6:36:10 | ... < ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:36:6:36:8 | ... + ... | addition | +| test.cpp:37:6:37:10 | ... < ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:37:6:37:8 | ... + ... | addition | +| test.cpp:38:6:38:10 | ... < ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:38:6:38:8 | ... + ... | addition | +| test.cpp:39:6:39:10 | ... < ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:39:6:39:8 | ... + ... | addition | +| test.cpp:40:6:40:10 | ... < ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:40:8:40:10 | ... + ... | addition | +| test.cpp:41:6:41:10 | ... < ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:41:8:41:10 | ... + ... | addition | +| test.cpp:42:6:42:10 | ... < ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:42:8:42:10 | ... + ... | addition | +| test.cpp:43:6:43:10 | ... < ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:43:8:43:10 | ... + ... | addition | +| test.cpp:45:6:45:11 | ... <= ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:45:6:45:8 | ... + ... | addition | +| test.cpp:46:6:46:11 | ... <= ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:46:6:46:8 | ... + ... | addition | +| test.cpp:47:6:47:11 | ... <= ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:47:6:47:8 | ... + ... | addition | +| test.cpp:48:6:48:11 | ... <= ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:48:6:48:8 | ... + ... | addition | +| test.cpp:49:6:49:11 | ... <= ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:49:9:49:11 | ... + ... | addition | +| test.cpp:50:6:50:11 | ... <= ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:50:9:50:11 | ... + ... | addition | +| test.cpp:51:6:51:11 | ... <= ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:51:9:51:11 | ... + ... | addition | +| test.cpp:52:6:52:11 | ... <= ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:52:9:52:11 | ... + ... | addition | +| test.cpp:54:6:54:10 | ... > ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:54:6:54:8 | ... + ... | addition | +| test.cpp:61:6:61:11 | ... <= ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:61:6:61:8 | ... + ... | addition | +| test.cpp:62:6:62:11 | ... <= ... | "if (a+b>c) a=c-b" was detected where the $@ may potentially overflow/wraparound. The code can be rewritten as "if (a>c-b) a=c-b" which avoids the overflow. | test.cpp:62:6:62:8 | ... + ... | addition | From 187299fcaf283f06e664d894f10cddea039483fe Mon Sep 17 00:00:00 2001 From: Nicky Mouha Date: Wed, 17 May 2023 15:20:54 -0400 Subject: [PATCH 457/870] Update test.cpp --- .../Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp index f1aac83122b..7c5ab91832e 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/test.cpp @@ -57,4 +57,7 @@ void test() if (a+b>c) { b++; a = c-b; } // GOOD if (a+d>c) a = c-d; // GOOD if (a1+b1>c1) a1 = c1-b1; // GOOD + + if (a+b<=c) { /* ... */ } else { a = c-b; } // BAD + if (a+b<=c) { return; } a = c-b; // BAD } From 27519ce3ea4e4917e14ee5b917696400ab9370b8 Mon Sep 17 00:00:00 2001 From: Nicky Mouha Date: Wed, 17 May 2023 15:27:19 -0400 Subject: [PATCH 458/870] Create IfStatementAdditionOverflow.qhelp --- .../CWE-190/IfStatementAdditionOverflow.qhelp | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.qhelp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.qhelp b/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.qhelp new file mode 100644 index 00000000000..72491838fd2 --- /dev/null +++ b/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.qhelp @@ -0,0 +1,33 @@ + + + + +

    +Detects if (a+b>c) a=c-b, which incorrectly implements +a = min(a,c-b) if a+b overflows. +

    +

    +Also detects variants such as if (b+a>c) a=c-b (swapped +terms in addition), if (a+b>c) { a=c-b } (assignment +inside block), c<a+b (swapped operands), and +>=, <, <= instead of +> (all operators). +

    +

    +This integer overflow is the root cause of the buffer overflow in +the SHA-3 reference implementation (CVE-2022-37454). +

    + + +

    +Replace by if (a>c-b) a=c-b. This avoids the overflow +and makes it easy to see that a = min(a,c-b). +

    +     + +
  • CVE-2022-37454: The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
    • +
  • GitHub Advisory Database: CVE-2022-37454: Buffer overflow in sponge queue functions
    • +     + From 2c5499649965fda7a1268b46a1dc55a8b3d8d299 Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Thu, 18 May 2023 08:51:19 +0200 Subject: [PATCH 459/870] Apply @jcogs33's suggestions from code review --- .../lib/ext/org.springframework.jdbc.core.namedparam.model.yml | 1 - .../security/CWE-089/semmle/examples/SpringJdbc.java | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/java/ql/lib/ext/org.springframework.jdbc.core.namedparam.model.yml b/java/ql/lib/ext/org.springframework.jdbc.core.namedparam.model.yml index a3dd5738d27..9ecd0973558 100644 --- a/java/ql/lib/ext/org.springframework.jdbc.core.namedparam.model.yml +++ b/java/ql/lib/ext/org.springframework.jdbc.core.namedparam.model.yml @@ -4,7 +4,6 @@ extensions: extensible: sinkModel data: - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "batchUpdate", "", "", "Argument[0]", "sql", "manual"] - - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "batchUpdate", "(String[])", "", "Argument[0]", "sql", "manual"] - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "execute", "", "", "Argument[0]", "sql", "manual"] - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "query", "", "", "Argument[0]", "sql", "manual"] - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "queryForList", "", "", "Argument[0]", "sql", "manual"] diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/SpringJdbc.java b/java/ql/test/query-tests/security/CWE-089/semmle/examples/SpringJdbc.java index 9aaaf1bc9fc..2772ce95536 100644 --- a/java/ql/test/query-tests/security/CWE-089/semmle/examples/SpringJdbc.java +++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/SpringJdbc.java @@ -62,6 +62,8 @@ public class SpringJdbc { namedParamTemplate.query(source(), (RowCallbackHandler) null); // $ sqlInjection namedParamTemplate.queryForList(source(), (Map) null); // $ sqlInjection namedParamTemplate.queryForList(source(), (Map) null, (Class) null); // $ sqlInjection + namedParamTemplate.queryForList(source(), (SqlParameterSource) null); // $ sqlInjection + namedParamTemplate.queryForList(source(), (SqlParameterSource) null, (Class) null); // $ sqlInjection namedParamTemplate.queryForMap(source(), (Map) null); // $ sqlInjection namedParamTemplate.queryForMap(source(), (SqlParameterSource) null); // $ sqlInjection namedParamTemplate.queryForObject(source(), (Map) null, (Class) null); // $ sqlInjection From f3b6b470f491daa1b81dd3597ccef3dd00217634 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 18 May 2023 09:32:31 +0100 Subject: [PATCH 460/870] C++: Update documentation for 'TypeMention'. --- cpp/ql/lib/semmle/code/cpp/Type.qll | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/cpp/ql/lib/semmle/code/cpp/Type.qll b/cpp/ql/lib/semmle/code/cpp/Type.qll index 438c697f27d..f21d8c1615d 100644 --- a/cpp/ql/lib/semmle/code/cpp/Type.qll +++ b/cpp/ql/lib/semmle/code/cpp/Type.qll @@ -1699,7 +1699,28 @@ class AutoType extends TemplateParameter { private predicate suppressUnusedThis(Type t) { any() } -/** A source code location referring to a type */ +/** + * A source code location referring to a user-defined type. + * + * Note that only _user-defined_ types have `TypeMention`s. In particular, + * built-in types, and derived types with build-in types as their base don't + * have any `TypeMention`s. For example, given + * ```cpp + * struct S { ... }; + * void f(S s1, int i1) { + * S s2; + * S* s3; + * S& s4 = s2; + * decltype(s2) s5; + * + * int i2; + * int* i3; + * int i4[10]; + * } + * ``` + * there will be a `TypeMention` for the mention of `S` at `S s1`, `S s2`, and `S& s4 = s2`, + * but not at `decltype(s2) s5`. Additionally, there will be no `TypeMention`s for `int`. + */ class TypeMention extends Locatable, @type_mention { override string toString() { result = "type mention" } From a475efbe39da89fcd480d1d2a182277e3b8753b1 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 18 May 2023 09:37:20 +0100 Subject: [PATCH 461/870] Update cpp/ql/lib/semmle/code/cpp/Type.qll --- cpp/ql/lib/semmle/code/cpp/Type.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/lib/semmle/code/cpp/Type.qll b/cpp/ql/lib/semmle/code/cpp/Type.qll index f21d8c1615d..91354ef2e08 100644 --- a/cpp/ql/lib/semmle/code/cpp/Type.qll +++ b/cpp/ql/lib/semmle/code/cpp/Type.qll @@ -1703,7 +1703,7 @@ private predicate suppressUnusedThis(Type t) { any() } * A source code location referring to a user-defined type. * * Note that only _user-defined_ types have `TypeMention`s. In particular, - * built-in types, and derived types with build-in types as their base don't + * built-in types, and derived types with built-in types as their base don't * have any `TypeMention`s. For example, given * ```cpp * struct S { ... }; From f0ce5b09c6b9e9d345d94376ff174502166ce90d Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 18 May 2023 09:39:42 +0100 Subject: [PATCH 462/870] Swift: Address QL-for-QL warning. --- swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll index b1100cc9abe..6fb24f21ea0 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll @@ -15,7 +15,7 @@ private import codeql.swift.elements.decl.Decl */ class EnumDecl extends Generated::EnumDecl { /** - * Gets the number of `EnumElementDecl`s in this enumeration before the `index`th member. Some + * Gets the number of `EnumElementDecl`s in this enumeration before the `memberIndex`th member. Some * of the members of an `EnumDecl` are `EnumCaseDecls` (representing the `case` lines), each of * which holds one or more `EnumElementDecl`s. */ From d26a86185faec1057eca98940bc81e719715518f Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 18 May 2023 09:42:32 +0100 Subject: [PATCH 463/870] Swift: Codegen. --- swift/ql/.generated.list | 1 - swift/ql/.gitattributes | 1 - 2 files changed, 2 deletions(-) diff --git a/swift/ql/.generated.list b/swift/ql/.generated.list index 2a56c1ba2ae..c3c0bfb69ec 100644 --- a/swift/ql/.generated.list +++ b/swift/ql/.generated.list @@ -24,7 +24,6 @@ lib/codeql/swift/elements/decl/ConcreteVarDecl.qll 94bcbdd91f461295c5b6b49fa597b lib/codeql/swift/elements/decl/ConcreteVarDeclConstructor.qll 4b6a9f458db5437f9351b14464b3809a78194029554ea818b3e18272c17afba3 a60d695b0d0ffa917ad01908bec2beaa663e644eddb00fb370fbc906623775d4 lib/codeql/swift/elements/decl/DeinitializerConstructor.qll 85f29a68ee5c0f2606c51e7a859f5f45fbc5f373e11b5e9c0762c9ba5cff51c4 6b28f69b8125d0393607dbad8e7a8aaa6469b9c671f67e8e825cc63964ed2f5d lib/codeql/swift/elements/decl/EnumCaseDeclConstructor.qll 8c907544170671f713a8665d294eeefdbe78a607c2f16e2c630ea9c33f484baf eec83efc930683628185dbdad8f73311aad510074d168a53d85ea09d13f1f7e1 -lib/codeql/swift/elements/decl/EnumDecl.qll 29f9d8cbfb19c174af9a666162fd918af7f962fa5d97756105e78d5eec38cb9e 779940ebdbd510eb651972c57eb84b04af39c44ef59a8c307a44549ab730febb lib/codeql/swift/elements/decl/EnumDeclConstructor.qll 642bbfb71e917d84695622f3b2c7b36bf5be4e185358609810267ab1fc4e221b f6e06d79e7ff65fbabf72c553508b67406fb59c577215d28cc47971d34b6af05 lib/codeql/swift/elements/decl/EnumElementDeclConstructor.qll 736074246a795c14a30a8ec7bb8da595a729983187887294e485487309919dc6 4614fb380fad7af1b5fb8afce920f3e7350378254ece60d19722046046672fbb lib/codeql/swift/elements/decl/ExtensionDeclConstructor.qll 4f811e3332720327d2b9019edbb2fa70fb24322e72881afc040e7927452409d6 554f9832311dfc30762507e0bd4b25c5b6fdb9d0c4e8252cc5a1ef1033fafacb diff --git a/swift/ql/.gitattributes b/swift/ql/.gitattributes index 71cc5c58ecf..a1bd08a0b69 100644 --- a/swift/ql/.gitattributes +++ b/swift/ql/.gitattributes @@ -26,7 +26,6 @@ /lib/codeql/swift/elements/decl/ConcreteVarDeclConstructor.qll linguist-generated /lib/codeql/swift/elements/decl/DeinitializerConstructor.qll linguist-generated /lib/codeql/swift/elements/decl/EnumCaseDeclConstructor.qll linguist-generated -/lib/codeql/swift/elements/decl/EnumDecl.qll linguist-generated /lib/codeql/swift/elements/decl/EnumDeclConstructor.qll linguist-generated /lib/codeql/swift/elements/decl/EnumElementDeclConstructor.qll linguist-generated /lib/codeql/swift/elements/decl/ExtensionDeclConstructor.qll linguist-generated From bf3fb09dfd330665d1f38b3c1437d5c4e63ac28b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alvaro=20Mu=C3=B1oz?= Date: Thu, 18 May 2023 12:39:41 +0200 Subject: [PATCH 464/870] Apply suggestions from code review Co-authored-by: Tony Torralba --- .../semmle/code/java/frameworks/google/GsonSerializability.qll | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll b/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll index ec1dea15497..34a333c8b11 100644 --- a/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll +++ b/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll @@ -14,8 +14,7 @@ import semmle.code.java.dataflow.FlowSteps */ private class GsonReadValueMethod extends Method { GsonReadValueMethod() { - this.getDeclaringType().hasQualifiedName("com.google.gson", "Gson") and - this.getName().matches("fromJson") + this.hasQualifiedName("com.google.gson", "Gson", "fromJson") } } From a77c62473e11813ecf7a8e6995f24da8eb034e22 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 18 May 2023 13:23:15 +0100 Subject: [PATCH 465/870] C++: Reduce code-duplication in 'cpp/overrun-write'. --- .../Likely Bugs/OverrunWriteProductFlow.ql | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql b/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql index 39f91389ab9..81d7f68a46f 100644 --- a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql +++ b/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql @@ -122,13 +122,9 @@ module ValidState { predicate isAdditionalFlowStep( DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 ) { - exists(AddInstruction add, Operand op, int delta | - add.hasOperands(node1.asOperand(), op) and - semBounded(getSemanticExpr(op.getDef()), any(SemZeroBound zero), delta, true, _) and - node2.asInstruction() = add and - state1 = [false, true] and - state2 = state1.booleanNot() - ) + isAdditionalFlowStep2(node1, node2, _) and + state1 = [false, true] and + state2 = state1.booleanNot() } predicate includeHiddenNodes() { any() } From 70b08a093cf585f89620e8ff45935267c95b2194 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 18 May 2023 15:55:21 +0100 Subject: [PATCH 466/870] C++: Replace 'C18' with 'C17'. --- docs/codeql/reusables/supported-versions-compilers.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/reusables/supported-versions-compilers.rst b/docs/codeql/reusables/supported-versions-compilers.rst index 4e43433ced7..93b826a94dd 100644 --- a/docs/codeql/reusables/supported-versions-compilers.rst +++ b/docs/codeql/reusables/supported-versions-compilers.rst @@ -4,7 +4,7 @@ :stub-columns: 1 Language,Variants,Compilers,Extensions - C/C++,"C89, C99, C11, C18, C++98, C++03, C++11, C++14, C++17, C++20 [1]_","Clang (and clang-cl [2]_) extensions (up to Clang 12.0), + C/C++,"C89, C99, C11, C17, C++98, C++03, C++11, C++14, C++17, C++20 [1]_","Clang (and clang-cl [2]_) extensions (up to Clang 12.0), GNU extensions (up to GCC 11.1), From 371bcc55faf3e2faf81aac4b70cb67a9611e96d3 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 18 May 2023 14:25:04 +0100 Subject: [PATCH 467/870] Swift: Consolidate and extend tests of taint flow through FilePath. --- .../dataflow/taint/libraries/files.swift | 201 ++++++++++++++++++ .../dataflow/taint/libraries/string.swift | 97 ++------- 2 files changed, 224 insertions(+), 74 deletions(-) create mode 100644 swift/ql/test/library-tests/dataflow/taint/libraries/files.swift diff --git a/swift/ql/test/library-tests/dataflow/taint/libraries/files.swift b/swift/ql/test/library-tests/dataflow/taint/libraries/files.swift new file mode 100644 index 00000000000..43f60655fd8 --- /dev/null +++ b/swift/ql/test/library-tests/dataflow/taint/libraries/files.swift @@ -0,0 +1,201 @@ +// --- stubs --- + +struct URL { + init?(string: String) {} +} + +enum CInterop { + typealias Char = CChar + typealias PlatformChar = CInterop.Char +} + +struct FilePath { + struct Component { + init?(_ string: String) { } + + var string: String { get { return "" } } + } + + struct Root { + init?(_ string: String) { } + + var string: String { get { return "" } } + } + + struct ComponentView { + } + + init(_ string: String) { } + init?(_ url: URL) { } + init(cString: [CChar]) { } + init(cString: UnsafePointer) { } + init(from decoder: Decoder) { } + init(root: FilePath.Root?, _ components: C) where C : Collection, C.Element == FilePath.Component { } + + func encode(to encoder: Encoder) throws { } + + mutating func append(_ other: String) { } + func appending(_ other: String) -> FilePath { return FilePath("") } + func lexicallyResolving(_ subpath: FilePath) -> FilePath? { return nil } + + func withCString(_ body: (UnsafePointer) throws -> Result) rethrows -> Result { + return 0 as! Result + } + func withPlatformString(_ body: (UnsafePointer) throws -> Result) rethrows -> Result { + return 0 as! Result + } + + var description: String { get { return "" } } + var debugDescription: String { get { return "" } } + var `extension`: String? { get { return "" } set { } } + var stem: String? { get { return "" } } + var string: String { get { return "" } } + + var components: FilePath.ComponentView { get { return FilePath.ComponentView() } set { } } + var lastComponent: FilePath.Component? { get { return nil} } + var root: FilePath.Root? { get { return nil } set { } } +} + +extension FilePath.ComponentView: BidirectionalCollection { + typealias Element = FilePath.Component + + struct Index: Comparable { + static func < (lhs: Self, rhs: Self) -> Bool { + return false + } + } + + var startIndex: Index { Index() } + var endIndex: Index { Index() } + + func index(after i: Index) -> Index { + return Index() + } + + func index(before i: Index) -> Index { + return Index() + } + + subscript(position: Index) -> FilePath.Component { + return FilePath.Component("")! + } +} + +extension String { + init(decoding path: FilePath) { self.init() } + init?(validating path: FilePath) { self.init() } + init(platformString: UnsafePointer) { self.init() } + init?(validatingPlatformString platformStrinbg: UnsafePointer) { self.init() } +} + +// --- tests --- + +func sourceString() -> String { return "" } +func sourceCCharArray() -> [CChar] { return [] } +func sourceCString() -> UnsafePointer { return (nil as UnsafePointer?)! } +func sourceDecoder() -> Decoder { return (nil as Decoder?)! } + +func sink(filePath: FilePath) { } +func sink(string: String) { } +func sink(component: FilePath.Component) { } +func sink(root: FilePath.Root) { } +func sink(componentView: FilePath.ComponentView) { } +func sink(encoder: Encoder) { } +func sink(ptr: UnsafePointer) { } + +func test_files(e1: Encoder) { + // --- FilePath.Root, FilePath.Component --- + + sink(string: FilePath.Root("/")!.string) + sink(string: FilePath.Root(sourceString())!.string) // $ MISSING: tainted= + sink(string: FilePath.Component("path")!.string) + sink(string: FilePath.Component(sourceString())!.string) // $ MISSING: tainted= + + // --- FilePath constructors --- + + let cleanUrl = URL(string: "https://example.com")! + let taintedUrl = URL(string: sourceString())! + + sink(filePath: FilePath("my/path")) + sink(filePath: FilePath(sourceString())) // $ MISSING: tainted= + sink(filePath: FilePath(cleanUrl)!) + sink(filePath: FilePath(taintedUrl)!) // $ MISSING: tainted= + sink(filePath: FilePath(from: sourceDecoder())) // $ MISSING: tainted= + sink(filePath: FilePath(cString: sourceCCharArray())) // $ MISSING: tainted= + sink(filePath: FilePath(cString: sourceCString())) // $ MISSING: tainted= + sink(filePath: FilePath(root: FilePath.Root("/"), [FilePath.Component("my")!, FilePath.Component("path")!])) + sink(filePath: FilePath(root: FilePath.Root(sourceString()), [FilePath.Component("my")!, FilePath.Component("path")!])) // $ MISSING: tainted= + sink(filePath: FilePath(root: FilePath.Root("/"), [FilePath.Component("my")!, FilePath.Component(sourceString())!])) // $ MISSING: tainted= + + // --- FilePath methods --- + + let clean = FilePath("") + let tainted = FilePath(sourceString()) + + sink(filePath: clean) + sink(filePath: tainted) // $ MISSING: tainted= + + sink(encoder: e1) + try! clean.encode(to: e1) + sink(encoder: e1) + try! tainted.encode(to: e1) + sink(encoder: e1) // $ MISSING: tainted= + + sink(string: String(decoding: tainted)) // $ MISSING: tainted= + sink(string: String(validating: tainted)!) // $ MISSING: tainted= + + sink(filePath: clean.lexicallyResolving(clean)!) + sink(filePath: tainted.lexicallyResolving(clean)!) // $ MISSING: tainted= + sink(filePath: clean.lexicallyResolving(tainted)!) // $ MISSING: tainted= + + let _ = clean.withCString({ + ptr in + sink(ptr: ptr) + }) + let _ = tainted.withCString({ + ptr in + sink(ptr: ptr) // $ MISSING: tainted= + }) + + let _ = clean.withPlatformString({ + ptr in + sink(ptr: ptr) + sink(string: String(platformString: ptr)) + sink(string: String(validatingPlatformString: ptr)!) + }) + let _ = tainted.withPlatformString({ + ptr in + sink(ptr: ptr) // $ MISSING: tainted= + sink(string: String(platformString: ptr)) // $ MISSING: tainted= + sink(string: String(validatingPlatformString: ptr)!) // $ MISSING: tainted= + }) + + var fp1 = FilePath("") + sink(filePath: fp1) + fp1.append(sourceString()) + sink(filePath: fp1) // $ MISSING: tainted= + fp1.append("") + sink(filePath: fp1) // $ MISSING: tainted= + + sink(filePath: clean.appending("")) + sink(filePath: clean.appending(sourceString())) // $ MISSING: tainted= + sink(filePath: tainted.appending("")) // $ MISSING: tainted= + sink(filePath: tainted.appending(sourceString())) // $ MISSING: tainted= + + // --- FilePath member variables --- + + sink(string: tainted.description) // $ MISSING: tainted= + sink(string: tainted.debugDescription) // $ MISSING: tainted= + sink(string: tainted.extension!) // $ MISSING: tainted= + sink(string: tainted.stem!) // $ MISSING: tainted= + sink(string: tainted.string) // $ MISSING: tainted= + + sink(component: tainted.lastComponent!) // $ MISSING: tainted= + sink(string: tainted.lastComponent!.string) // $ MISSING: tainted= + sink(root: tainted.root!) // $ MISSING: tainted= + sink(string: tainted.root!.string) // $ MISSING: tainted= + + let taintedComponents = tainted.components + sink(componentView: taintedComponents) // $ MISSING: tainted= + sink(string: taintedComponents[taintedComponents.startIndex].string) // $ MISSING: tainted= +} diff --git a/swift/ql/test/library-tests/dataflow/taint/libraries/string.swift b/swift/ql/test/library-tests/dataflow/taint/libraries/string.swift index 374e1185a04..0781c7af58a 100644 --- a/swift/ql/test/library-tests/dataflow/taint/libraries/string.swift +++ b/swift/ql/test/library-tests/dataflow/taint/libraries/string.swift @@ -6,25 +6,25 @@ typealias unichar = UInt16 struct Locale { } -struct FilePath { - init(_ string: String) {} - var `extension`: String? { get { "" } set {} } - var stem: String? { get { "" } } - var string: String { get { "" } } - var description: String { get { "" } } - var debugDescription: String { get { "" } } - mutating func append(_ other: String) {} - func appending(_ other: String) -> FilePath { return FilePath("") } - func withCString(_ body: (UnsafePointer) throws -> Result) rethrows -> Result { - return 0 as! Result - } - func withPlatformString(_ body: (UnsafePointer) throws -> Result) rethrows -> Result { - return 0 as! Result - } -} + + + + + + + + + + + + + + + + enum CInterop { typealias Char = CChar @@ -59,7 +59,7 @@ extension String : CVarArg { init?(data: Data, encoding: Encoding) { self.init() } - init(decoding path: FilePath) { self.init() } + init(format: String, _ arguments: CVarArg...) { self.init() } init(format: String, arguments: [CVarArg]) { self.init() } @@ -78,10 +78,10 @@ extension String : CVarArg { init(utf16CodeUnitsNoCopy: UnsafePointer, count: Int, freeWhenDone flag: Bool) { self.init() } init(platformString: UnsafePointer) { self.init() } - init?(validatingPlatformString platformStrinbg: UnsafePointer) { self.init() } + func withPlatformString(_ body: (UnsafePointer) throws -> Result) rethrows -> Result { return 0 as! Result } - init?(validating path: FilePath) { self.init() } + mutating func replaceSubrange(_ subrange: Range, with newElements: C) where C : Collection, C.Element == Character {} @@ -580,67 +580,16 @@ func taintThroughSubstring() { sink(arg: String(sub6)) // $ tainted=554 } -func taintedThroughFilePath() { - let clean = FilePath("") - let tainted = FilePath(source2()) - - sink(arg: clean) - sink(arg: tainted) // $ MISSING: tainted=585 - - sink(arg: tainted.extension!) // $ MISSING: tainted=585 - sink(arg: tainted.stem!) // $ MISSING: tainted=585 - sink(arg: tainted.string) // $ MISSING: tainted=585 - sink(arg: tainted.description) // $ MISSING: tainted=585 - sink(arg: tainted.debugDescription) // $ MISSING: tainted=585 - - sink(arg: String(decoding: tainted)) // $ MISSING: tainted=585 - sink(arg: String(validating: tainted)!) // $ MISSING: tainted=585 - - let _ = clean.withCString({ - ptr in - sink(arg: ptr) - }) - let _ = tainted.withCString({ - ptr in - sink(arg: ptr) // $ MISSING: tainted=585 - }) - - let _ = clean.withPlatformString({ - ptr in - sink(arg: ptr) - sink(arg: String(platformString: ptr)) - sink(arg: String(validatingPlatformString: ptr)!) - }) - let _ = tainted.withPlatformString({ - ptr in - sink(arg: ptr) // $ MISSING: tainted=585 - sink(arg: String(platformString: ptr)) // $ MISSING: tainted=585 - sink(arg: String(validatingPlatformString: ptr)!) // $ MISSING: tainted=585 - }) - - var fp1 = FilePath("") - sink(arg: fp1) - fp1.append(source2()) - sink(arg: fp1) // $ MISSING: tainted=623 - fp1.append("") - sink(arg: fp1) // $ MISSING: tainted=623 - - sink(arg: clean.appending("")) - sink(arg: clean.appending(source2())) // $ MISSING: tainted=629 - sink(arg: tainted.appending("")) // $ MISSING: tainted=585 - sink(arg: tainted.appending(source2())) // $ MISSING: tainted=585,631 -} - func taintedThroughConversion() { sink(arg: String(0)) - sink(arg: String(source())) // $ tainted=636 + sink(arg: String(source())) // $ tainted=585 sink(arg: Int(0).description) - sink(arg: source().description) // $ MISSING: tainted=638 + sink(arg: source().description) // $ MISSING: tainted=587 sink(arg: String(describing: 0)) - sink(arg: String(describing: source())) // $ tainted=640 + sink(arg: String(describing: source())) // $ tainted=589 sink(arg: Int("123")!) - sink(arg: Int(source2())!) // $ MISSING: tainted=643 + sink(arg: Int(source2())!) // $ MISSING: tainted=592 } func untaintedFields() { From 6dfad799728c12ad48367c2bd22436124084d027 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 18 May 2023 17:24:17 +0100 Subject: [PATCH 468/870] Swift: Model FilePath. --- .../frameworks/StandardLibrary/FilePath.qll | 80 ++++++++++++++++++- .../dataflow/taint/libraries/files.swift | 66 +++++++-------- 2 files changed, 111 insertions(+), 35 deletions(-) diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll index f0b14a4832a..df3bb3e4b31 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll @@ -3,9 +3,13 @@ */ import swift +private import codeql.swift.dataflow.DataFlow private import codeql.swift.dataflow.ExternalFlow +private import codeql.swift.dataflow.FlowSteps -/** The struct `FilePath`. */ +/** + * The struct `FilePath`. + */ class FilePath extends StructDecl { FilePath() { this.getFullName() = "FilePath" } } @@ -15,6 +19,78 @@ class FilePath extends StructDecl { */ private class FilePathSummaries extends SummaryModelCsv { override predicate row(string row) { - row = ";FilePath;true;init(stringLiteral:);(String);;Argument[0];ReturnValue;taint" + row = + [ + ";FilePath;true;init(stringLiteral:);(String);;Argument[0];ReturnValue;taint", + ";FilePath;true;init(extendedGraphemeClusterLiteral:);;;Argument[0];ReturnValue;taint", + ";FilePath;true;init(unicodeScalarLiteral:);;;Argument[0];ReturnValue;taint", + ";FilePath;true;init(from:);;;Argument[0];ReturnValue;taint", + ";FilePath;true;init(_:);;;Argument[0];ReturnValue;taint", + ";FilePath;true;init(cString:);;;Argument[0];ReturnValue;taint", + ";FilePath;true;init(platformString:);;;Argument[0];ReturnValue;taint", + ";FilePath;true;init(root:_:);;;Argument[0..1];ReturnValue;taint", + ";FilePath;true;init(root:components:);;;Argument[0..1];ReturnValue;taint", + ";FilePath;true;init();;;Argument[0];ReturnValue;taint", + ";FilePath;true;init();;;Argument[0];ReturnValue;taint", + ";FilePath;true;encode(to:);;;Argument[-1];Argument[0];taint", + ";FilePath;true;withCString(_:);;;Argument[-1];Argument[0].Parameter[0];taint", + ";FilePath;true;withPlatformString(_:);;;Argument[-1];Argument[0].Parameter[0];taint", + ";FilePath;true;append(_:);;;Argument[0];Argument[-1];taint", + ";FilePath;true;appending(_:);;;Argument[-1..0];ReturnValue;taint", + ";FilePath;true;lexicallyNormalized();;;Argument[-1];ReturnValue;taint", + ";FilePath;true;lexicallyResolving(_:);;;Argument[-1..0];ReturnValue;taint", + ";FilePath;true;push(_:);;;Argument[0];Argument[-1];taint", + ";FilePath;true;pushing(_:);;;Argument[-1..0];ReturnValue;taint", + ";FilePath;true;removingLastComponent();;;Argument[-1];ReturnValue;taint", + ";FilePath;true;removingRoot();;;Argument[-1];ReturnValue;taint", + ";FilePath.Component;true;init(_:);;;Argument[0];ReturnValue;taint", + ";FilePath.Component;true;init(platformString:);;;Argument[0];ReturnValue;taint", + ";FilePath.Component;true;withPlatformString(_:);;;Argument[-1];Argument[0].Parameter[0];taint", + ";FilePath.Root;true;init(_:);;;Argument[0];ReturnValue;taint", + ";FilePath.Root;true;init(platformString:);;;Argument[0];ReturnValue;taint", + ";FilePath.Root;true;withPlatformString(_:);;;Argument[-1];Argument[0].Parameter[0];taint" + ] + } +} + +/** + * A content implying that, if a `FilePath` is tainted, certain fields are also + * tainted. + */ +private class FilePathFieldsInheritTaint extends TaintInheritingContent, + DataFlow::Content::FieldContent +{ + FilePathFieldsInheritTaint() { + exists(FieldDecl f | this.getField() = f | + ( + f.getEnclosingDecl().(NominalTypeDecl) instanceof FilePath or + f.getEnclosingDecl().(ExtensionDecl).getExtendedTypeDecl() instanceof FilePath + ) and + f.getName() = + [ + "description", "debugDescription", "components", "extension", "lastComponent", "root", + "stem", "string" + ] + ) + } +} + +/** + * A content implying that, if a `FilePath.Component` or `FilePath.Root` is tainted, certain fields + * are also tainted. + */ +private class FilePathComponentFieldsInheritTaint extends TaintInheritingContent, + DataFlow::Content::FieldContent +{ + FilePathComponentFieldsInheritTaint() { + exists(FieldDecl f | this.getField() = f | + ( + f.getEnclosingDecl().(NominalTypeDecl).getFullName() = + ["FilePath.Component", "FilePath.Root"] or + f.getEnclosingDecl().(ExtensionDecl).getExtendedTypeDecl().getName() = + ["FilePath.Component", "FilePath.Root"] + ) and + f.getName() = ["extension", "stem", "string"] + ) } } diff --git a/swift/ql/test/library-tests/dataflow/taint/libraries/files.swift b/swift/ql/test/library-tests/dataflow/taint/libraries/files.swift index 43f60655fd8..c8f79677c60 100644 --- a/swift/ql/test/library-tests/dataflow/taint/libraries/files.swift +++ b/swift/ql/test/library-tests/dataflow/taint/libraries/files.swift @@ -107,9 +107,9 @@ func test_files(e1: Encoder) { // --- FilePath.Root, FilePath.Component --- sink(string: FilePath.Root("/")!.string) - sink(string: FilePath.Root(sourceString())!.string) // $ MISSING: tainted= + sink(string: FilePath.Root(sourceString())!.string) // $ tainted=110 sink(string: FilePath.Component("path")!.string) - sink(string: FilePath.Component(sourceString())!.string) // $ MISSING: tainted= + sink(string: FilePath.Component(sourceString())!.string) // $ tainted=112 // --- FilePath constructors --- @@ -117,14 +117,14 @@ func test_files(e1: Encoder) { let taintedUrl = URL(string: sourceString())! sink(filePath: FilePath("my/path")) - sink(filePath: FilePath(sourceString())) // $ MISSING: tainted= + sink(filePath: FilePath(sourceString())) // $ tainted=120 sink(filePath: FilePath(cleanUrl)!) - sink(filePath: FilePath(taintedUrl)!) // $ MISSING: tainted= - sink(filePath: FilePath(from: sourceDecoder())) // $ MISSING: tainted= - sink(filePath: FilePath(cString: sourceCCharArray())) // $ MISSING: tainted= - sink(filePath: FilePath(cString: sourceCString())) // $ MISSING: tainted= + sink(filePath: FilePath(taintedUrl)!) // $ tainted=117 + sink(filePath: FilePath(from: sourceDecoder())) // $ tainted=123 + sink(filePath: FilePath(cString: sourceCCharArray())) // $ tainted=124 + sink(filePath: FilePath(cString: sourceCString())) // $ tainted=125 sink(filePath: FilePath(root: FilePath.Root("/"), [FilePath.Component("my")!, FilePath.Component("path")!])) - sink(filePath: FilePath(root: FilePath.Root(sourceString()), [FilePath.Component("my")!, FilePath.Component("path")!])) // $ MISSING: tainted= + sink(filePath: FilePath(root: FilePath.Root(sourceString()), [FilePath.Component("my")!, FilePath.Component("path")!])) // $ tainted=127 sink(filePath: FilePath(root: FilePath.Root("/"), [FilePath.Component("my")!, FilePath.Component(sourceString())!])) // $ MISSING: tainted= // --- FilePath methods --- @@ -133,7 +133,7 @@ func test_files(e1: Encoder) { let tainted = FilePath(sourceString()) sink(filePath: clean) - sink(filePath: tainted) // $ MISSING: tainted= + sink(filePath: tainted) // $ tainted=133 sink(encoder: e1) try! clean.encode(to: e1) @@ -141,12 +141,12 @@ func test_files(e1: Encoder) { try! tainted.encode(to: e1) sink(encoder: e1) // $ MISSING: tainted= - sink(string: String(decoding: tainted)) // $ MISSING: tainted= - sink(string: String(validating: tainted)!) // $ MISSING: tainted= + sink(string: String(decoding: tainted)) // $ tainted=133 + sink(string: String(validating: tainted)!) // $ tainted=133 sink(filePath: clean.lexicallyResolving(clean)!) - sink(filePath: tainted.lexicallyResolving(clean)!) // $ MISSING: tainted= - sink(filePath: clean.lexicallyResolving(tainted)!) // $ MISSING: tainted= + sink(filePath: tainted.lexicallyResolving(clean)!) // $ tainted=133 + sink(filePath: clean.lexicallyResolving(tainted)!) // $ tainted=133 let _ = clean.withCString({ ptr in @@ -154,7 +154,7 @@ func test_files(e1: Encoder) { }) let _ = tainted.withCString({ ptr in - sink(ptr: ptr) // $ MISSING: tainted= + sink(ptr: ptr) // $ tainted=133 }) let _ = clean.withPlatformString({ @@ -165,37 +165,37 @@ func test_files(e1: Encoder) { }) let _ = tainted.withPlatformString({ ptr in - sink(ptr: ptr) // $ MISSING: tainted= - sink(string: String(platformString: ptr)) // $ MISSING: tainted= - sink(string: String(validatingPlatformString: ptr)!) // $ MISSING: tainted= + sink(ptr: ptr) // $ tainted=133 + sink(string: String(platformString: ptr)) // $ tainted=133 + sink(string: String(validatingPlatformString: ptr)!) // $ tainted=133 }) var fp1 = FilePath("") sink(filePath: fp1) fp1.append(sourceString()) - sink(filePath: fp1) // $ MISSING: tainted= + sink(filePath: fp1) // $ tainted=175 fp1.append("") - sink(filePath: fp1) // $ MISSING: tainted= + sink(filePath: fp1) // $ tainted=175 sink(filePath: clean.appending("")) - sink(filePath: clean.appending(sourceString())) // $ MISSING: tainted= - sink(filePath: tainted.appending("")) // $ MISSING: tainted= - sink(filePath: tainted.appending(sourceString())) // $ MISSING: tainted= + sink(filePath: clean.appending(sourceString())) // $ tainted=181 + sink(filePath: tainted.appending("")) // $ tainted=133 + sink(filePath: tainted.appending(sourceString())) // $ tainted=133 tainted=183 // --- FilePath member variables --- - sink(string: tainted.description) // $ MISSING: tainted= - sink(string: tainted.debugDescription) // $ MISSING: tainted= - sink(string: tainted.extension!) // $ MISSING: tainted= - sink(string: tainted.stem!) // $ MISSING: tainted= - sink(string: tainted.string) // $ MISSING: tainted= + sink(string: tainted.description) // $ tainted=133 + sink(string: tainted.debugDescription) // $ tainted=133 + sink(string: tainted.extension!) // $ tainted=133 + sink(string: tainted.stem!) // $ tainted=133 + sink(string: tainted.string) // $ tainted=133 - sink(component: tainted.lastComponent!) // $ MISSING: tainted= - sink(string: tainted.lastComponent!.string) // $ MISSING: tainted= - sink(root: tainted.root!) // $ MISSING: tainted= - sink(string: tainted.root!.string) // $ MISSING: tainted= + sink(component: tainted.lastComponent!) // $ tainted=133 + sink(string: tainted.lastComponent!.string) // $ tainted=133 + sink(root: tainted.root!) // $ tainted=133 + sink(string: tainted.root!.string) // $ tainted=133 let taintedComponents = tainted.components - sink(componentView: taintedComponents) // $ MISSING: tainted= - sink(string: taintedComponents[taintedComponents.startIndex].string) // $ MISSING: tainted= + sink(componentView: taintedComponents) // $ tainted=133 + sink(string: taintedComponents[taintedComponents.startIndex].string) // $ tainted=133 } From 66f2579437802754afab944e0d5917f556178848 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 19 May 2023 00:15:25 +0000 Subject: [PATCH 469/870] Add changed framework coverage reports --- java/documentation/library-coverage/coverage.csv | 2 +- java/documentation/library-coverage/coverage.rst | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/java/documentation/library-coverage/coverage.csv b/java/documentation/library-coverage/coverage.csv index 743830ac5d2..227bbaa65c3 100644 --- a/java/documentation/library-coverage/coverage.csv +++ b/java/documentation/library-coverage/coverage.csv @@ -134,7 +134,7 @@ org.springframework.cache,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13 org.springframework.context,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3, org.springframework.data.repository,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1 org.springframework.http,14,,71,,,,,,,,,,,,,,,14,,,,,,,,,,,,,,,,,,,,,,61,10 -org.springframework.jdbc.core,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,,,,,,,,,,,, +org.springframework.jdbc.core,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,,,,, org.springframework.jdbc.datasource,4,,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, org.springframework.jdbc.object,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,,,, org.springframework.jndi,1,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,, diff --git a/java/documentation/library-coverage/coverage.rst b/java/documentation/library-coverage/coverage.rst index f02c43ccc34..2aa38591d6f 100644 --- a/java/documentation/library-coverage/coverage.rst +++ b/java/documentation/library-coverage/coverage.rst @@ -21,7 +21,7 @@ Java framework & library support Java Standard Library,``java.*``,3,679,168,39,,9,,,13 Java extensions,"``javax.*``, ``jakarta.*``",63,611,34,1,4,,1,1,2 Kotlin Standard Library,``kotlin*``,,1843,16,11,,,,,2 - `Spring `_,``org.springframework.*``,29,483,104,2,,19,14,,29 + `Spring `_,``org.springframework.*``,29,483,113,2,,28,14,,29 Others,"``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.hubspot.jinjava``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.thoughtworks.xstream``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jodd.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.geogebra.web.full.main``, ``org.hibernate``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",89,827,515,26,,18,18,,181 - Totals,,246,9119,1957,174,10,113,33,1,361 + Totals,,246,9119,1966,174,10,122,33,1,361 From 13755ad5f54eac2256ec7a19889619aa8604468b Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 19 May 2023 11:41:57 +0100 Subject: [PATCH 470/870] Swift: Remove placeholder lines I had left in. --- .../ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll | 2 -- 1 file changed, 2 deletions(-) diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll index df3bb3e4b31..1745a81d702 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll @@ -30,8 +30,6 @@ private class FilePathSummaries extends SummaryModelCsv { ";FilePath;true;init(platformString:);;;Argument[0];ReturnValue;taint", ";FilePath;true;init(root:_:);;;Argument[0..1];ReturnValue;taint", ";FilePath;true;init(root:components:);;;Argument[0..1];ReturnValue;taint", - ";FilePath;true;init();;;Argument[0];ReturnValue;taint", - ";FilePath;true;init();;;Argument[0];ReturnValue;taint", ";FilePath;true;encode(to:);;;Argument[-1];Argument[0];taint", ";FilePath;true;withCString(_:);;;Argument[-1];Argument[0].Parameter[0];taint", ";FilePath;true;withPlatformString(_:);;;Argument[-1];Argument[0].Parameter[0];taint", From c8dfc87dae2a80d0a8c35c3e892b3527e601acfb Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 19 May 2023 12:18:17 +0100 Subject: [PATCH 471/870] Swift: getName -> getFullName. --- .../ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll index 1745a81d702..494f4c8d83a 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll @@ -85,7 +85,7 @@ private class FilePathComponentFieldsInheritTaint extends TaintInheritingContent ( f.getEnclosingDecl().(NominalTypeDecl).getFullName() = ["FilePath.Component", "FilePath.Root"] or - f.getEnclosingDecl().(ExtensionDecl).getExtendedTypeDecl().getName() = + f.getEnclosingDecl().(ExtensionDecl).getExtendedTypeDecl().getFullName() = ["FilePath.Component", "FilePath.Root"] ) and f.getName() = ["extension", "stem", "string"] From ccbd04187525dcd7050b8709480e37f1717b7fe6 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 19 May 2023 11:33:52 +0100 Subject: [PATCH 472/870] Swift: Use asNominalTypeDecl() to simplify models. --- .../swift/frameworks/StandardLibrary/Collection.qll | 6 +----- .../swift/frameworks/StandardLibrary/FilePath.qll | 13 +++---------- .../swift/frameworks/StandardLibrary/NsString.qll | 5 +---- .../swift/frameworks/StandardLibrary/Sequence.qll | 5 +---- .../swift/frameworks/StandardLibrary/String.qll | 6 +----- .../ql/lib/codeql/swift/security/XXEExtensions.qll | 9 ++------- 6 files changed, 9 insertions(+), 35 deletions(-) diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll index 75b0e55f342..fcbd418f6b9 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll @@ -48,11 +48,7 @@ private class CollectionFieldsInheritTaint extends TaintInheritingContent, { CollectionFieldsInheritTaint() { exists(FieldDecl f | this.getField() = f | - ( - f.getEnclosingDecl().(NominalTypeDecl).getName() = ["Collection", "BidirectionalCollection"] or - f.getEnclosingDecl().(ExtensionDecl).getExtendedTypeDecl().getName() = - ["Collection", "BidirectionalCollection"] - ) and + f.getEnclosingDecl().asNominalTypeDecl().getName() = ["Collection", "BidirectionalCollection"] and f.getName() = ["first", "last"] ) } diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll index 494f4c8d83a..61223cf647a 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/FilePath.qll @@ -60,10 +60,7 @@ private class FilePathFieldsInheritTaint extends TaintInheritingContent, { FilePathFieldsInheritTaint() { exists(FieldDecl f | this.getField() = f | - ( - f.getEnclosingDecl().(NominalTypeDecl) instanceof FilePath or - f.getEnclosingDecl().(ExtensionDecl).getExtendedTypeDecl() instanceof FilePath - ) and + f.getEnclosingDecl().asNominalTypeDecl() instanceof FilePath and f.getName() = [ "description", "debugDescription", "components", "extension", "lastComponent", "root", @@ -82,12 +79,8 @@ private class FilePathComponentFieldsInheritTaint extends TaintInheritingContent { FilePathComponentFieldsInheritTaint() { exists(FieldDecl f | this.getField() = f | - ( - f.getEnclosingDecl().(NominalTypeDecl).getFullName() = - ["FilePath.Component", "FilePath.Root"] or - f.getEnclosingDecl().(ExtensionDecl).getExtendedTypeDecl().getFullName() = - ["FilePath.Component", "FilePath.Root"] - ) and + f.getEnclosingDecl().asNominalTypeDecl().getFullName() = + ["FilePath.Component", "FilePath.Root"] and f.getName() = ["extension", "stem", "string"] ) } diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll index 5fed3b21a4a..ce8b959fffe 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll @@ -133,10 +133,7 @@ private class NsStringFieldsInheritTaint extends TaintInheritingContent, { NsStringFieldsInheritTaint() { exists(FieldDecl f | this.getField() = f | - ( - f.getEnclosingDecl().(NominalTypeDecl).getName() = "NSString" or - f.getEnclosingDecl().(ExtensionDecl).getExtendedTypeDecl().getName() = "NSString" - ) and + f.getEnclosingDecl().asNominalTypeDecl().getName() = "NSString" and f.getName() = [ "utf8String", "lowercased", "localizedLowedCase", "uppercased", "localizedUppercase", diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll index 31a44f150ce..8d4eb9eb39d 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll @@ -38,10 +38,7 @@ private class SequenceFieldsInheritTaint extends TaintInheritingContent, { SequenceFieldsInheritTaint() { exists(FieldDecl f | this.getField() = f | - ( - f.getEnclosingDecl().(NominalTypeDecl).getName() = "Sequence" or - f.getEnclosingDecl().(ExtensionDecl).getExtendedTypeDecl().getName() = "Sequence" - ) and + f.getEnclosingDecl().asNominalTypeDecl().getName() = "Sequence" and f.getName() = "lazy" ) } diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll index 8127fcee08e..2df33a0f0f4 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll @@ -125,11 +125,7 @@ private class StringFieldsInheritTaint extends TaintInheritingContent, { StringFieldsInheritTaint() { exists(FieldDecl f | this.getField() = f | - ( - f.getEnclosingDecl().(NominalTypeDecl).getName() = ["String", "StringProtocol"] or - f.getEnclosingDecl().(ExtensionDecl).getExtendedTypeDecl().getName() = - ["String", "StringProtocol"] - ) and + f.getEnclosingDecl().asNominalTypeDecl().getName() = ["String", "StringProtocol"] and f.getName() = [ "unicodeScalars", "utf8", "utf16", "lazy", "utf8CString", "description", diff --git a/swift/ql/lib/codeql/swift/security/XXEExtensions.qll b/swift/ql/lib/codeql/swift/security/XXEExtensions.qll index 157089aa9bb..71a99554257 100644 --- a/swift/ql/lib/codeql/swift/security/XXEExtensions.qll +++ b/swift/ql/lib/codeql/swift/security/XXEExtensions.qll @@ -190,13 +190,8 @@ private predicate lib2xmlOptionLocalTaintStep(DataFlow::Node source, DataFlow::N ) or exists(ApplyExpr int32Init | - int32Init - .getStaticTarget() - .(Initializer) - .getEnclosingDecl() - .(ExtensionDecl) - .getExtendedTypeDecl() - .getName() = "SignedInteger" + int32Init.getStaticTarget().(Initializer).getEnclosingDecl().asNominalTypeDecl().getName() = + "SignedInteger" | source.asExpr() = int32Init.getAnArgument().getExpr() and sink.asExpr() = int32Init ) From 0d8aa825d9234b88bf19e7e4ac4af3dd72deae82 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 19 May 2023 14:19:32 +0100 Subject: [PATCH 473/870] Swift: Use asNominalType() more widely to include things declared in extensions. --- .../frameworks/StandardLibrary/CustomUrlSchemes.qll | 10 +++++----- .../swift/frameworks/StandardLibrary/NsData.qll | 4 ++-- .../codeql/swift/frameworks/StandardLibrary/Url.qll | 6 ++++-- .../swift/frameworks/StandardLibrary/WebView.qll | 12 ++++++------ swift/ql/lib/codeql/swift/frameworks/Xml/AEXML.qll | 10 ++++++---- .../swift/security/CleartextLoggingExtensions.qll | 2 +- .../swift/security/PathInjectionExtensions.qll | 4 ++-- swift/ql/lib/codeql/swift/security/XXEExtensions.qll | 4 ++-- 8 files changed, 28 insertions(+), 24 deletions(-) diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/CustomUrlSchemes.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/CustomUrlSchemes.qll index dafcba01c37..e217de4478d 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/CustomUrlSchemes.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/CustomUrlSchemes.qll @@ -49,14 +49,14 @@ private class UrlLaunchOptionsRemoteFlowSource extends RemoteFlowSource { private class ApplicationWithLaunchOptionsFunc extends Function { ApplicationWithLaunchOptionsFunc() { this.getName() = "application(_:" + ["did", "will"] + "FinishLaunchingWithOptions:)" and - this.getEnclosingDecl().(ClassOrStructDecl).getABaseTypeDecl*().(ProtocolDecl).getName() = + this.getEnclosingDecl().asNominalTypeDecl().getABaseTypeDecl*().(ProtocolDecl).getName() = "UIApplicationDelegate" } } private class LaunchOptionsUrlVarDecl extends VarDecl { LaunchOptionsUrlVarDecl() { - this.getEnclosingDecl().(StructDecl).getFullName() = "UIApplication.LaunchOptionsKey" and + this.getEnclosingDecl().asNominalTypeDecl().getFullName() = "UIApplication.LaunchOptionsKey" and this.getName() = "url" } } @@ -68,7 +68,7 @@ private class UiOpenUrlContextUrlInheritTaint extends TaintInheritingContent, DataFlow::Content::FieldContent { UiOpenUrlContextUrlInheritTaint() { - this.getField().getEnclosingDecl().(NominalTypeDecl).getName() = "UIOpenURLContext" and + this.getField().getEnclosingDecl().asNominalTypeDecl().getName() = "UIOpenURLContext" and this.getField().getName() = "url" } } @@ -80,7 +80,7 @@ private class UserActivityUrlInheritTaint extends TaintInheritingContent, DataFlow::Content::FieldContent { UserActivityUrlInheritTaint() { - this.getField().getEnclosingDecl().(NominalTypeDecl).getName() = "NSUserActivity" and + this.getField().getEnclosingDecl().asNominalTypeDecl().getName() = "NSUserActivity" and this.getField().getName() = "webpageURL" } } @@ -93,7 +93,7 @@ private class ConnectionOptionsFieldsInheritTaint extends TaintInheritingContent DataFlow::Content::FieldContent { ConnectionOptionsFieldsInheritTaint() { - this.getField().getEnclosingDecl().(NominalTypeDecl).getName() = "ConnectionOptions" and + this.getField().getEnclosingDecl().asNominalTypeDecl().getName() = "ConnectionOptions" and this.getField().getName() = ["userActivities", "urlContexts"] } } diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsData.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsData.qll index 724db6faa68..dd11cb5a1fd 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsData.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsData.qll @@ -75,7 +75,7 @@ private class NsMutableDataSummaries extends SummaryModelCsv { private class NsDataTaintedFields extends TaintInheritingContent, DataFlow::Content::FieldContent { NsDataTaintedFields() { exists(FieldDecl f | this.getField() = f | - f.getEnclosingDecl() instanceof NsData and + f.getEnclosingDecl().asNominalTypeDecl() instanceof NsData and f.getName() = ["bytes", "description"] ) } @@ -87,7 +87,7 @@ private class NsMutableDataTaintedFields extends TaintInheritingContent, { NsMutableDataTaintedFields() { exists(FieldDecl f | this.getField() = f | - f.getEnclosingDecl() instanceof NsMutableData and + f.getEnclosingDecl().asNominalTypeDecl() instanceof NsMutableData and f.getName() = "mutableBytes" ) } diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Url.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Url.qll index 8bd94e2fafb..60141e4d31f 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Url.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Url.qll @@ -16,7 +16,9 @@ class UrlDecl extends StructDecl { * A content implying that, if a `URL` is tainted, then all its fields are tainted. */ private class UriFieldsInheritTaint extends TaintInheritingContent, DataFlow::Content::FieldContent { - UriFieldsInheritTaint() { this.getField().getEnclosingDecl() instanceof UrlDecl } + UriFieldsInheritTaint() { + this.getField().getEnclosingDecl().asNominalTypeDecl() instanceof UrlDecl + } } /** @@ -27,7 +29,7 @@ private class UrlRequestFieldsInheritTaint extends TaintInheritingContent, DataFlow::Content::FieldContent { UrlRequestFieldsInheritTaint() { - this.getField().getEnclosingDecl().(NominalTypeDecl).getName() = "URLRequest" and + this.getField().getEnclosingDecl().asNominalTypeDecl().getName() = "URLRequest" and this.getField().getName() = ["url", "httpBody", "httpBodyStream", "mainDocument", "allHTTPHeaderFields"] } diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/WebView.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/WebView.qll index 829d70873d2..6dd8321388a 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/WebView.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/WebView.qll @@ -32,7 +32,7 @@ private class WKScriptMessageBodyInheritsTaint extends TaintInheritingContent, { WKScriptMessageBodyInheritsTaint() { exists(FieldDecl f | this.getField() = f | - f.getEnclosingDecl() instanceof WKScriptMessageDecl and + f.getEnclosingDecl().asNominalTypeDecl() instanceof WKScriptMessageDecl and f.getName() = "body" ) } @@ -170,16 +170,16 @@ private class JsExportedType extends ClassOrStructDecl { private class JsExportedSource extends RemoteFlowSource { JsExportedSource() { exists(Method adopter, Method base | - base.getEnclosingDecl() instanceof JsExportedProto and - adopter.getEnclosingDecl() instanceof JsExportedType + base.getEnclosingDecl().asNominalTypeDecl() instanceof JsExportedProto and + adopter.getEnclosingDecl().asNominalTypeDecl() instanceof JsExportedType | this.(DataFlow::ParameterNode).getParameter().getDeclaringFunction() = adopter and pragma[only_bind_out](adopter.getName()) = pragma[only_bind_out](base.getName()) ) or exists(FieldDecl adopter, FieldDecl base | - base.getEnclosingDecl() instanceof JsExportedProto and - adopter.getEnclosingDecl() instanceof JsExportedType + base.getEnclosingDecl().asNominalTypeDecl() instanceof JsExportedProto and + adopter.getEnclosingDecl().asNominalTypeDecl() instanceof JsExportedType | this.asExpr().(MemberRefExpr).getMember() = adopter and pragma[only_bind_out](adopter.getName()) = pragma[only_bind_out](base.getName()) @@ -210,7 +210,7 @@ private class WKUserScriptInheritsTaint extends TaintInheritingContent, { WKUserScriptInheritsTaint() { exists(FieldDecl f | this.getField() = f | - f.getEnclosingDecl().(ClassOrStructDecl).getName() = "WKUserScript" and + f.getEnclosingDecl().asNominalTypeDecl().getName() = "WKUserScript" and f.getName() = "source" ) } diff --git a/swift/ql/lib/codeql/swift/frameworks/Xml/AEXML.qll b/swift/ql/lib/codeql/swift/frameworks/Xml/AEXML.qll index a2479286709..15edc77e9ac 100644 --- a/swift/ql/lib/codeql/swift/frameworks/Xml/AEXML.qll +++ b/swift/ql/lib/codeql/swift/frameworks/Xml/AEXML.qll @@ -7,14 +7,16 @@ import swift /** The creation of an `AEXMLParser`. */ class AexmlParser extends ApplyExpr { AexmlParser() { - this.getStaticTarget().(Initializer).getEnclosingDecl() instanceof AexmlParserDecl + this.getStaticTarget().(Initializer).getEnclosingDecl().asNominalTypeDecl() instanceof + AexmlParserDecl } } /** The creation of an `AEXMLDocument`. */ class AexmlDocument extends ApplyExpr { AexmlDocument() { - this.getStaticTarget().(Initializer).getEnclosingDecl() instanceof AexmlDocumentDecl + this.getStaticTarget().(Initializer).getEnclosingDecl().asNominalTypeDecl() instanceof + AexmlDocumentDecl } } @@ -24,7 +26,7 @@ class AexmlDocumentLoadXml extends MethodApplyExpr { exists(Method f | this.getStaticTarget() = f and f.hasName("loadXML(_:)") and - f.getEnclosingDecl() instanceof AexmlDocumentDecl + f.getEnclosingDecl().asNominalTypeDecl() instanceof AexmlDocumentDecl ) } } @@ -44,7 +46,7 @@ class AexmlShouldResolveExternalEntities extends MemberRefExpr { AexmlShouldResolveExternalEntities() { exists(FieldDecl f | this.getMember() = f | f.getName() = "shouldResolveExternalEntities" and - f.getEnclosingDecl().(NominalTypeDecl).getType() instanceof AexmlOptionsParserSettingsType + f.getEnclosingDecl().asNominalTypeDecl().getType() instanceof AexmlOptionsParserSettingsType ) } } diff --git a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll index 1adc157fb6f..427c28ef002 100644 --- a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll +++ b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll @@ -64,7 +64,7 @@ private class OsLogPrivacyRef extends MemberRefExpr { OsLogPrivacyRef() { exists(FieldDecl f | this.getMember() = f | - f.getEnclosingDecl().(NominalTypeDecl).getName() = "OSLogPrivacy" and + f.getEnclosingDecl().asNominalTypeDecl().getName() = "OSLogPrivacy" and optionName = f.getName() ) } diff --git a/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll b/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll index f2277325276..7b3b477a889 100644 --- a/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll +++ b/swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll @@ -38,9 +38,9 @@ private class DefaultPathInjectionBarrier extends PathInjectionBarrier { // This is a simplified implementation. exists(CallExpr starts, CallExpr normalize, DataFlow::Node validated | starts.getStaticTarget().getName() = "starts(with:)" and - starts.getStaticTarget().getEnclosingDecl() instanceof FilePath and + starts.getStaticTarget().getEnclosingDecl().asNominalTypeDecl() instanceof FilePath and normalize.getStaticTarget().getName() = "lexicallyNormalized()" and - normalize.getStaticTarget().getEnclosingDecl() instanceof FilePath + normalize.getStaticTarget().getEnclosingDecl().asNominalTypeDecl() instanceof FilePath | TaintTracking::localTaint(validated, DataFlow::exprNode(normalize.getQualifier())) and DataFlow::localExprFlow(normalize, starts.getQualifier()) and diff --git a/swift/ql/lib/codeql/swift/security/XXEExtensions.qll b/swift/ql/lib/codeql/swift/security/XXEExtensions.qll index 71a99554257..a1f7780a3b1 100644 --- a/swift/ql/lib/codeql/swift/security/XXEExtensions.qll +++ b/swift/ql/lib/codeql/swift/security/XXEExtensions.qll @@ -80,7 +80,7 @@ private class XmlDocumentXxeSink extends XxeSink { /** An `XMLDocument` that sets `nodeLoadExternalEntitiesAlways` in its options. */ private class VulnerableXmlDocument extends ApplyExpr { VulnerableXmlDocument() { - this.getStaticTarget().(Initializer).getEnclosingDecl().(NominalTypeDecl).getFullName() = + this.getStaticTarget().(Initializer).getEnclosingDecl().asNominalTypeDecl().getFullName() = "XMLDocument" and this.getArgument(1).getExpr().(ArrayExpr).getAnElement().(MemberRefExpr).getMember() instanceof NodeLoadExternalEntitiesAlways @@ -91,7 +91,7 @@ private class VulnerableXmlDocument extends ApplyExpr { private class NodeLoadExternalEntitiesAlways extends VarDecl { NodeLoadExternalEntitiesAlways() { this.getName() = "nodeLoadExternalEntitiesAlways" and - this.getEnclosingDecl().(StructDecl).getFullName() = "XMLNode.Options" + this.getEnclosingDecl().asNominalTypeDecl().(StructDecl).getFullName() = "XMLNode.Options" } } From 68bdd51dd318fbef2a1862ec10b499231521066c Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 19 May 2023 14:27:33 +0100 Subject: [PATCH 474/870] Swift: Add QLDoc encouraging this pattern. --- swift/ql/lib/codeql/swift/elements/AstNode.qll | 3 +++ 1 file changed, 3 insertions(+) diff --git a/swift/ql/lib/codeql/swift/elements/AstNode.qll b/swift/ql/lib/codeql/swift/elements/AstNode.qll index ff45803871d..24cb90b2a30 100644 --- a/swift/ql/lib/codeql/swift/elements/AstNode.qll +++ b/swift/ql/lib/codeql/swift/elements/AstNode.qll @@ -57,6 +57,9 @@ class AstNode extends Generated::AstNode { /** * Gets the nearest declaration that contains this AST node, if any. + * + * Note that the nearest declaration may be an extension of a type declaration. If you always + * want the type declaration and not the extension, use `getEnclosingDecl().asNominalTypeDecl()`. */ final Decl getEnclosingDecl() { result = Cached::getEnclosingDecl(this) } From 8a15af5614f26ca76bc1a36c778037dbae491d38 Mon Sep 17 00:00:00 2001 From: Alexandre Boulgakov Date: Fri, 19 May 2023 14:36:04 +0100 Subject: [PATCH 475/870] Swift: TSP message wording changes. Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> --- .../osx-only/autobuilder/failure/diagnostics.expected | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/swift/integration-tests/osx-only/autobuilder/failure/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/failure/diagnostics.expected index 75f6271f6fc..35df5642fa2 100644 --- a/swift/integration-tests/osx-only/autobuilder/failure/diagnostics.expected +++ b/swift/integration-tests/osx-only/autobuilder/failure/diagnostics.expected @@ -2,7 +2,7 @@ "helpLinks": [ "" ], - "markdownMessage": "`autobuild` failed to run the detected build command:\n```\n/usr/bin/xcodebuild build -project /hello-failure.xcodeproj -target hello-failure CODE_SIGNING_REQUIRED=NO CODE_SIGNING_ALLOWED=NO\n```\n\nSet up a [manual build command][1] or [check the logs of the autobuild step][2].\n\n[1]: https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language\n[2]: https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/using-workflow-run-logs", + "markdownMessage": "`autobuild` failed to run the detected build command:\n\n```\n/usr/bin/xcodebuild build -project /hello-failure.xcodeproj -target hello-failure CODE_SIGNING_REQUIRED=NO CODE_SIGNING_ALLOWED=NO\n```\n\nSet up a [manual build command][1] or [check the logs of the autobuild step][2].\n\n[1]: https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language\n[2]: https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/using-workflow-run-logs", "severity": "error", "source": { "extractorName": "swift", From ddcac20a94b8f4d713666099cd4267fe5025e0d7 Mon Sep 17 00:00:00 2001 From: Alexandre Boulgakov Date: Fri, 19 May 2023 14:36:14 +0100 Subject: [PATCH 476/870] Swift: TSP message wording changes. Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> --- .../osx-only/autobuilder/no-swift/diagnostics.expected | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/swift/integration-tests/osx-only/autobuilder/no-swift/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/no-swift/diagnostics.expected index 1dd2c9eeb4c..95a23a2dc9f 100644 --- a/swift/integration-tests/osx-only/autobuilder/no-swift/diagnostics.expected +++ b/swift/integration-tests/osx-only/autobuilder/no-swift/diagnostics.expected @@ -2,7 +2,7 @@ "helpLinks": [ "" ], - "markdownMessage": "All targets found within Xcode projects or workspaces either have no Swift sources or are tests.\n\nTo analyze a custom set of source files, set up a [manual build command][1].\n\n[1]: https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language", + "markdownMessage": "All targets found within Xcode projects or workspaces either contain no Swift source files, or are tests.\n\nTo analyze a custom set of source files, set up a [manual build command][1].\n\n[1]: https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language", "severity": "error", "source": { "extractorName": "swift", From 137b4a99efe9a04184bc5d803cb8be29b3e54b1d Mon Sep 17 00:00:00 2001 From: Alexandre Boulgakov Date: Fri, 19 May 2023 14:36:24 +0100 Subject: [PATCH 477/870] Swift: TSP message wording changes. Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> --- swift/xcode-autobuilder/xcode-autobuilder.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/swift/xcode-autobuilder/xcode-autobuilder.cpp b/swift/xcode-autobuilder/xcode-autobuilder.cpp index 1278d716325..9dfdb074e75 100644 --- a/swift/xcode-autobuilder/xcode-autobuilder.cpp +++ b/swift/xcode-autobuilder/xcode-autobuilder.cpp @@ -61,7 +61,7 @@ static void autobuild(const CLIArgs& args) { DIAGNOSE_ERROR(noProjectFound, "`autobuild` could not detect an Xcode project or workspace."); } else if (targets.empty()) { DIAGNOSE_ERROR(noSwiftTarget, "All targets found within Xcode projects or workspaces either " - "have no Swift sources or are tests."); + "contain no Swift source files, or are tests."); } else { LOG_INFO("Selected {}", targets.front()); buildTarget(targets.front(), args.dryRun); From 5bb2eb415538f92583641a48ee27bf1f1484412f Mon Sep 17 00:00:00 2001 From: Alexandre Boulgakov Date: Fri, 19 May 2023 14:37:18 +0100 Subject: [PATCH 478/870] Swift: TSP message wording changes. Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> --- .../osx-only/autobuilder/only-tests/diagnostics.expected | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/swift/integration-tests/osx-only/autobuilder/only-tests/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/only-tests/diagnostics.expected index 1dd2c9eeb4c..95a23a2dc9f 100644 --- a/swift/integration-tests/osx-only/autobuilder/only-tests/diagnostics.expected +++ b/swift/integration-tests/osx-only/autobuilder/only-tests/diagnostics.expected @@ -2,7 +2,7 @@ "helpLinks": [ "" ], - "markdownMessage": "All targets found within Xcode projects or workspaces either have no Swift sources or are tests.\n\nTo analyze a custom set of source files, set up a [manual build command][1].\n\n[1]: https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language", + "markdownMessage": "All targets found within Xcode projects or workspaces either contain no Swift source files, or are tests.\n\nTo analyze a custom set of source files, set up a [manual build command][1].\n\n[1]: https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language", "severity": "error", "source": { "extractorName": "swift", From 8f7279ee0576e981f27cb96eb3b160c264f55057 Mon Sep 17 00:00:00 2001 From: Alexandre Boulgakov Date: Fri, 19 May 2023 14:39:14 +0100 Subject: [PATCH 479/870] Swift: TSP message wording changes. --- swift/xcode-autobuilder/XcodeBuildRunner.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/swift/xcode-autobuilder/XcodeBuildRunner.cpp b/swift/xcode-autobuilder/XcodeBuildRunner.cpp index d63ab27d853..eaf5e7c0355 100644 --- a/swift/xcode-autobuilder/XcodeBuildRunner.cpp +++ b/swift/xcode-autobuilder/XcodeBuildRunner.cpp @@ -70,7 +70,7 @@ void buildTarget(Target& target, bool dryRun) { } else { if (!exec(argv)) { DIAGNOSE_ERROR(buildCommandFailed, - "`autobuild` failed to run the detected build command:\n```\n{}\n```", + "`autobuild` failed to run the detected build command:\n\n```\n{}\n```", absl::StrJoin(argv, " ")); codeql::Log::flush(); exit(1); From 69578577735272c700035db9391b58b2f7d5b58f Mon Sep 17 00:00:00 2001 From: Philip Ginsbach Date: Fri, 19 May 2023 09:31:55 +0100 Subject: [PATCH 480/870] add syntax for signature declarations to QL specification --- .../ql-language-specification.rst | 52 ++++++++++++++++++- 1 file changed, 51 insertions(+), 1 deletion(-) diff --git a/docs/codeql/ql-language-reference/ql-language-specification.rst b/docs/codeql/ql-language-reference/ql-language-specification.rst index 744a21ceaf1..932af759340 100644 --- a/docs/codeql/ql-language-reference/ql-language-specification.rst +++ b/docs/codeql/ql-language-reference/ql-language-specification.rst @@ -182,7 +182,7 @@ A QL module definition has the following syntax: implements ::= "implements" moduleSignatureExpr ("," moduleSignatureExpr)* - moduleBody ::= (import | predicate | class | module | alias | select)* + moduleBody ::= (import | predicate | class | module | signature | alias | select)* A module definition extends the current module's declared module environment with a mapping from the module name to the module definition. @@ -334,6 +334,40 @@ Active types In a QL program, the *active* types are those defined in active modules. In the remainder of this specification, any reference to the types in the program refers only to the active types. + +Signatures +---------- + +Signature definitions +~~~~~~~~~~~~~~~~~~~~~ + +A QL signature definition has the following syntax: + +:: + + signature ::= predicateSignature | typeSignature | moduleSignature + + predicateSignature ::= qldoc? annotations "signature" head ";" + + typeSignature ::= qldoc? annotations "signature" "class" upperId ("extends" type ("," type)*)? (";" | "{" signaturePredicate* "}") + + moduleSignature ::= qldoc? annotation* "signature" "module" upperId parameters? "{" moduleSignatureBody "}" + + moduleSignatureBody ::= (signaturePredicate | defaultPredicate | signatureType)* + + signaturePredicate ::= qldoc? annotations head ";" + + defaultPredicate ::= qldoc? annotations "default" head "{" formula "}" + + signatureType ::= qldoc? annotations "class" upperId ("extends" type ("," type)*)? "{" signaturePredicate* "}" + + +A predicate signature definition extends the current module's declared predicate signature environment with a mapping from the predicate signature name and arity to the predicate signature definition. + +A type signature definition extends the current module's declared type signature environment with a mapping from the type signature name to the type signature definition. + +A module signature definition extends the current module's declared module signature environment with a mapping from the module signature name to the module signature definition. + Values ------ @@ -2089,6 +2123,22 @@ The complete grammar for QL is as follows: argument ::= moduleExpr | type | predicateRef "/" int + signature ::= predicateSignature | typeSignature | moduleSignature + + predicateSignature ::= qldoc? annotations "signature" head ";" + + typeSignature ::= qldoc? annotations "signature" "class" upperId ("extends" type ("," type)*)? (";" | "{" signaturePredicate* "}") + + moduleSignature ::= qldoc? annotation* "signature" "module" upperId parameters? "{" moduleSignatureBody "}" + + moduleSignatureBody ::= (signaturePredicate | defaultPredicate | signatureType)* + + signaturePredicate ::= qldoc? annotations head ";" + + defaultPredicate ::= qldoc? annotations "default" head "{" formula "}" + + signatureType ::= qldoc? annotations "class" upperId ("extends" type ("," type)*)? "{" signaturePredicate* "}" + select ::= ("from" var_decls)? ("where" formula)? "select" as_exprs ("order" "by" orderbys)? as_exprs ::= as_expr ("," as_expr)* From 110b766770e93370b5a8a483137020c53da7406a Mon Sep 17 00:00:00 2001 From: Alexandre Boulgakov Date: Fri, 19 May 2023 14:46:12 +0100 Subject: [PATCH 481/870] Swift: Add a `.` to a test message to match the logging API change in this PR. --- swift/logging/tests/assertion-diagnostics/AssertFalse.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/swift/logging/tests/assertion-diagnostics/AssertFalse.cpp b/swift/logging/tests/assertion-diagnostics/AssertFalse.cpp index fd82a4b4df1..88851019666 100644 --- a/swift/logging/tests/assertion-diagnostics/AssertFalse.cpp +++ b/swift/logging/tests/assertion-diagnostics/AssertFalse.cpp @@ -8,5 +8,6 @@ static codeql::Logger& logger() { } int main() { - CODEQL_ASSERT(false, "Format the int {} and string {} if this assertion fails", 1234, "myString"); + CODEQL_ASSERT(false, "Format the int {} and string {} if this assertion fails.", 1234, + "myString"); } From 5ffde7a7628cc8793ce279f3e64fcabeb40cb234 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 19 May 2023 14:55:39 +0100 Subject: [PATCH 482/870] Update swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll Co-authored-by: Mathias Vorreiter Pedersen --- .../codeql/swift/elements/decl/EnumDecl.qll | 29 +++++-------------- 1 file changed, 7 insertions(+), 22 deletions(-) diff --git a/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll index 6fb24f21ea0..91f597c8d38 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll @@ -14,32 +14,17 @@ private import codeql.swift.elements.decl.Decl * ``` */ class EnumDecl extends Generated::EnumDecl { - /** - * Gets the number of `EnumElementDecl`s in this enumeration before the `memberIndex`th member. Some - * of the members of an `EnumDecl` are `EnumCaseDecls` (representing the `case` lines), each of - * which holds one or more `EnumElementDecl`s. - */ - private int countEnumElementsTo(int memberIndex) { - memberIndex = 0 and result = 0 - or - exists(Decl prev | prev = this.getMember(memberIndex - 1) | - result = this.countEnumElementsTo(memberIndex - 1) + prev.(EnumCaseDecl).getNumberOfElements() - or - not prev instanceof EnumCaseDecl and - result = this.countEnumElementsTo(memberIndex - 1) - ) - } - /** * Gets the `index`th enumeration element of this enumeration (0-based). */ final EnumElementDecl getEnumElement(int index) { - exists(int memberIndex | - result = - this.getMember(memberIndex) - .(EnumCaseDecl) - .getElement(index - this.countEnumElementsTo(memberIndex)) - ) + result = + rank[index + 1](int memberIndex, Decl d | + d = this.getMember(memberIndex) and + d instanceof EnumElementDecl + | + d order by memberIndex + ) } /** From b3e76d60524545329cd55ad957cb2bf446b26bbc Mon Sep 17 00:00:00 2001 From: Alexandre Boulgakov Date: Fri, 19 May 2023 14:54:17 +0100 Subject: [PATCH 483/870] Swift: Drop support for plaintext diagnostics (and `helpLinks`). The recommended option is Markdown diagnostics, and we have already migrated everything to emit them. The empty help link we're currently emitting everywhere is a bug. --- .../unsupported-os/diagnostics.expected | 3 -- .../autobuilder/failure/diagnostics.expected | 3 -- .../no-build-system/diagnostics.expected | 3 -- .../no-swift-with-spm/diagnostics.expected | 3 -- .../autobuilder/no-swift/diagnostics.expected | 3 -- .../no-xcode-with-spm/diagnostics.expected | 3 -- .../only-tests-with-spm/diagnostics.expected | 3 -- .../only-tests/diagnostics.expected | 3 -- swift/logging/SwiftDiagnostics.cpp | 4 +-- swift/logging/SwiftDiagnostics.h | 29 +++---------------- .../diagnostics.expected | 3 -- 11 files changed, 5 insertions(+), 55 deletions(-) diff --git a/swift/integration-tests/linux-only/autobuilder/unsupported-os/diagnostics.expected b/swift/integration-tests/linux-only/autobuilder/unsupported-os/diagnostics.expected index 2d3c70daab3..72b2d9f081f 100644 --- a/swift/integration-tests/linux-only/autobuilder/unsupported-os/diagnostics.expected +++ b/swift/integration-tests/linux-only/autobuilder/unsupported-os/diagnostics.expected @@ -1,7 +1,4 @@ { - "helpLinks": [ - "" - ], "markdownMessage": "Currently, `autobuild` for Swift analysis is only supported on macOS.\n\n[Change the Actions runner][1] to run on macOS.\n\nYou may be able to run analysis on Linux by setting up a [manual build command][2].\n\n[1]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idruns-on\n[2]: https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language", "severity": "error", "source": { diff --git a/swift/integration-tests/osx-only/autobuilder/failure/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/failure/diagnostics.expected index 35df5642fa2..23c3e9a2896 100644 --- a/swift/integration-tests/osx-only/autobuilder/failure/diagnostics.expected +++ b/swift/integration-tests/osx-only/autobuilder/failure/diagnostics.expected @@ -1,7 +1,4 @@ { - "helpLinks": [ - "" - ], "markdownMessage": "`autobuild` failed to run the detected build command:\n\n```\n/usr/bin/xcodebuild build -project /hello-failure.xcodeproj -target hello-failure CODE_SIGNING_REQUIRED=NO CODE_SIGNING_ALLOWED=NO\n```\n\nSet up a [manual build command][1] or [check the logs of the autobuild step][2].\n\n[1]: https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language\n[2]: https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/using-workflow-run-logs", "severity": "error", "source": { diff --git a/swift/integration-tests/osx-only/autobuilder/no-build-system/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/no-build-system/diagnostics.expected index 62f2f210443..0fcecd9974d 100644 --- a/swift/integration-tests/osx-only/autobuilder/no-build-system/diagnostics.expected +++ b/swift/integration-tests/osx-only/autobuilder/no-build-system/diagnostics.expected @@ -1,7 +1,4 @@ { - "helpLinks": [ - "" - ], "markdownMessage": "`autobuild` could not detect an Xcode project or workspace.\n\nSet up a [manual build command][1].\n\n[1]: https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language", "severity": "error", "source": { diff --git a/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/diagnostics.expected index 7e06920c57b..d48491e0563 100644 --- a/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/diagnostics.expected +++ b/swift/integration-tests/osx-only/autobuilder/no-swift-with-spm/diagnostics.expected @@ -1,7 +1,4 @@ { - "helpLinks": [ - "" - ], "markdownMessage": "A Swift package was detected, but no viable Xcode target was found.\n\nSwift Package Manager builds are not currently supported by `autobuild`. Set up a [manual build command][1].\n\n[1]: https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language", "severity": "error", "source": { diff --git a/swift/integration-tests/osx-only/autobuilder/no-swift/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/no-swift/diagnostics.expected index 95a23a2dc9f..4bbcfb75e81 100644 --- a/swift/integration-tests/osx-only/autobuilder/no-swift/diagnostics.expected +++ b/swift/integration-tests/osx-only/autobuilder/no-swift/diagnostics.expected @@ -1,7 +1,4 @@ { - "helpLinks": [ - "" - ], "markdownMessage": "All targets found within Xcode projects or workspaces either contain no Swift source files, or are tests.\n\nTo analyze a custom set of source files, set up a [manual build command][1].\n\n[1]: https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language", "severity": "error", "source": { diff --git a/swift/integration-tests/osx-only/autobuilder/no-xcode-with-spm/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/no-xcode-with-spm/diagnostics.expected index 7e06920c57b..d48491e0563 100644 --- a/swift/integration-tests/osx-only/autobuilder/no-xcode-with-spm/diagnostics.expected +++ b/swift/integration-tests/osx-only/autobuilder/no-xcode-with-spm/diagnostics.expected @@ -1,7 +1,4 @@ { - "helpLinks": [ - "" - ], "markdownMessage": "A Swift package was detected, but no viable Xcode target was found.\n\nSwift Package Manager builds are not currently supported by `autobuild`. Set up a [manual build command][1].\n\n[1]: https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language", "severity": "error", "source": { diff --git a/swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/diagnostics.expected index 7e06920c57b..d48491e0563 100644 --- a/swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/diagnostics.expected +++ b/swift/integration-tests/osx-only/autobuilder/only-tests-with-spm/diagnostics.expected @@ -1,7 +1,4 @@ { - "helpLinks": [ - "" - ], "markdownMessage": "A Swift package was detected, but no viable Xcode target was found.\n\nSwift Package Manager builds are not currently supported by `autobuild`. Set up a [manual build command][1].\n\n[1]: https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language", "severity": "error", "source": { diff --git a/swift/integration-tests/osx-only/autobuilder/only-tests/diagnostics.expected b/swift/integration-tests/osx-only/autobuilder/only-tests/diagnostics.expected index 95a23a2dc9f..4bbcfb75e81 100644 --- a/swift/integration-tests/osx-only/autobuilder/only-tests/diagnostics.expected +++ b/swift/integration-tests/osx-only/autobuilder/only-tests/diagnostics.expected @@ -1,7 +1,4 @@ { - "helpLinks": [ - "" - ], "markdownMessage": "All targets found within Xcode projects or workspaces either contain no Swift source files, or are tests.\n\nTo analyze a custom set of source files, set up a [manual build command][1].\n\n[1]: https://docs.github.com/en/enterprise-server/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language", "severity": "error", "source": { diff --git a/swift/logging/SwiftDiagnostics.cpp b/swift/logging/SwiftDiagnostics.cpp index ac6e42c74e7..e1a199e546e 100644 --- a/swift/logging/SwiftDiagnostics.cpp +++ b/swift/logging/SwiftDiagnostics.cpp @@ -40,9 +40,7 @@ nlohmann::json SwiftDiagnostic::json(const std::chrono::system_clock::time_point {"telemetry", has(Visibility::telemetry)}, }}, {"severity", severityToString(severity)}, - {"helpLinks", std::vector(absl::StrSplit(helpLinks, ' '))}, - {format == Format::markdown ? "markdownMessage" : "plaintextMessage", - absl::StrCat(message, "\n\n", action)}, + {"markdownMessage", absl::StrCat(message, "\n\n", action)}, {"timestamp", fmt::format("{:%FT%T%z}", timestamp)}, }; if (location) { diff --git a/swift/logging/SwiftDiagnostics.h b/swift/logging/SwiftDiagnostics.h index 6df5de90a71..eb54421fd2b 100644 --- a/swift/logging/SwiftDiagnostics.h +++ b/swift/logging/SwiftDiagnostics.h @@ -35,11 +35,6 @@ struct SwiftDiagnosticsLocation { // These are internally stored into a map on id's. A specific error log can use binlog's category // as id, which will then be used to recover the diagnostic source while dumping. struct SwiftDiagnostic { - enum class Format { - plaintext, - markdown, - }; - enum class Visibility : unsigned char { none = 0b000, statusPage = 0b001, @@ -56,31 +51,18 @@ struct SwiftDiagnostic { error, }; - // wrapper for passing optional help links to constructor - struct HelpLinks { - std::string_view value; - }; - static constexpr std::string_view extractorName = "swift"; std::string_view id; std::string_view name; std::string_view action; - Format format{Format::markdown}; Visibility visibility{Visibility::all}; Severity severity{Severity::error}; - // space separated if more than 1. Not a vector to allow constexpr - // TODO(C++20) with vector going constexpr this can be turned to `std::vector` - std::string_view helpLinks{""}; - std::optional location{}; - // notice help links are really required only for plaintext messages, otherwise they should be - // directly embedded in the markdown message - // optional arguments can be any of HelpLinks, Severity, Visibility or Format to set the - // corresponding field + // optional arguments can be either Severity or Visibility to set the corresponding field. // TODO(C++20) this constructor won't really be necessary anymore with designated initializers template constexpr SwiftDiagnostic(std::string_view id, @@ -91,10 +73,9 @@ struct SwiftDiagnostic { (setOptionalArg(optionalArgs), ...); } - // create a JSON diagnostics for this source with the given `timestamp` and `message` - // Depending on format, either a plaintextMessage or markdownMessage is used that includes both - // the message and the action to take. The id is used to construct the source id in the form - // `swift//` + // create a JSON diagnostics for this source with the given `timestamp` and Markdown `message` + // A markdownMessage is emitted that includes both the message and the action to take. The id is + // used to construct the source id in the form `swift//` nlohmann::json json(const std::chrono::system_clock::time_point& timestamp, std::string_view message) const; @@ -114,8 +95,6 @@ struct SwiftDiagnostic { private: bool has(Visibility v) const; - constexpr void setOptionalArg(HelpLinks h) { helpLinks = h.value; } - constexpr void setOptionalArg(Format f) { format = f; } constexpr void setOptionalArg(Visibility v) { visibility = v; } constexpr void setOptionalArg(Severity s) { severity = s; } diff --git a/swift/logging/tests/assertion-diagnostics/diagnostics.expected b/swift/logging/tests/assertion-diagnostics/diagnostics.expected index 5762f9b3a8f..8e302445753 100644 --- a/swift/logging/tests/assertion-diagnostics/diagnostics.expected +++ b/swift/logging/tests/assertion-diagnostics/diagnostics.expected @@ -1,7 +1,4 @@ { - "helpLinks": [ - "" - ], "markdownMessage": "CodeQL encountered an unexpected internal error with the following message:\n> Assertion failed: `false`. Format the int 1234 and string myString if this assertion fails.\n\nSome or all of the Swift analysis may have failed.\n\nIf the error persists, contact support, quoting the error message and describing what happened, or [open an issue in our open source repository][1].\n\n[1]: https://github.com/github/codeql/issues/new?labels=bug&template=ql---general.md", "severity": "warning", "source": { From 881134a6f5776a7ef13017f52e8fc6ed7160e51b Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 19 May 2023 15:29:49 +0100 Subject: [PATCH 484/870] Swift: Add warning note to Decl.getMember. --- swift/ql/.generated.list | 4 ++-- swift/ql/lib/codeql/swift/generated/Raw.qll | 4 ++++ swift/ql/lib/codeql/swift/generated/decl/Decl.qll | 4 ++++ swift/schema.py | 6 +++++- 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/swift/ql/.generated.list b/swift/ql/.generated.list index c3c0bfb69ec..dcc8cd2a698 100644 --- a/swift/ql/.generated.list +++ b/swift/ql/.generated.list @@ -383,7 +383,7 @@ lib/codeql/swift/generated/OtherAvailabilitySpec.qll 0e26a203b26ff0581b7396b0c6d lib/codeql/swift/generated/ParentChild.qll 7db14da89a0dc22ab41e654750f59d03085de8726ac358c458fccb0e0b75e193 e16991b33eb0ddea18c0699d7ea31710460ff8ada1f51d8e94f1100f6e18d1c8 lib/codeql/swift/generated/PlatformVersionAvailabilitySpec.qll f82d9ca416fe8bd59b5531b65b1c74c9f317b3297a6101544a11339a1cffce38 7f5c6d3309e66c134107afe55bae76dfc9a72cb7cdd6d4c3706b6b34cee09fa0 lib/codeql/swift/generated/PureSynthConstructors.qll 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 -lib/codeql/swift/generated/Raw.qll 8d4880e5ee1fdd120adeb7bf0dfa1399e7b1a53b2cc7598aed8e15cbf996d1c0 da0d446347d29f5cd05281c17c24e87610f31c32adb7e05ab8f3a26bed55bd90 +lib/codeql/swift/generated/Raw.qll cc504ec0771dbb461367944a5c95186047bad59a087a9bda74ef346c7b89b0d3 0b5973d56edd8099b645ea1f7be2a4934e62d5fa165261c63299ac2cf634437d lib/codeql/swift/generated/Synth.qll 551fdf7e4b53f9ee1314d1bb42c2638cf82f45bfa1f40a635dfa7b6072e4418c 9ab178464700a19951fc5285acacda4913addee81515d8e072b3d7055935a814 lib/codeql/swift/generated/SynthConstructors.qll 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 lib/codeql/swift/generated/UnknownFile.qll 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 @@ -397,7 +397,7 @@ lib/codeql/swift/generated/decl/AssociatedTypeDecl.qll 4169d083104f9c089223ed3c5 lib/codeql/swift/generated/decl/CapturedDecl.qll cbc416f48471f978d21f5f9ec02eb912692f9678ed154cb0b6d30df9de48e628 d9534cdf290ad48e285d27a520c0b1692afed14bbdd907430bcd46e7de2fbb31 lib/codeql/swift/generated/decl/ClassDecl.qll a60e8af2fdbcd20cfa2049660c8bcbbc00508fbd3dde72b4778317dfc23c5ae4 a60e8af2fdbcd20cfa2049660c8bcbbc00508fbd3dde72b4778317dfc23c5ae4 lib/codeql/swift/generated/decl/ConcreteVarDecl.qll 4801ccc477480c4bc4fc117976fbab152e081064e064c97fbb0f37199cb1d0a8 4d7cfbf5b39b307dd673781adc220fdef04213f2e3d080004fa658ba6d3acb8d -lib/codeql/swift/generated/decl/Decl.qll 2cc8ad7e3a3b658d7b1b06d20bdaf7604de387045c33b0d64191b5ef998708c2 7ed3194e89f7ae37cf9c691e4666449e4f406f6c3ee6d35bbbda4e66cdd3ca5a +lib/codeql/swift/generated/decl/Decl.qll 4bb00d3c64f88f3c8e1bdc7aa9de93d2bef6477adf756d6f7e3897d2c5685726 36d805a6f2b0c2dd8bdfbd10de6978bd9344a025e71c938e58d0c3c0f9672247 lib/codeql/swift/generated/decl/Deinitializer.qll 816ecd92552915d06952517606a6e4c67bc53d7e7d9f5c09b7276e70612627fe 816ecd92552915d06952517606a6e4c67bc53d7e7d9f5c09b7276e70612627fe lib/codeql/swift/generated/decl/EnumCaseDecl.qll 7942eb77f91680c3553becb313f21723e0b437eadebc117f0690e5364705bef1 40eec2e74c514cecdfcdf6d7d5c8a033c717f69a38cfca834934fe3859c4e1ef lib/codeql/swift/generated/decl/EnumDecl.qll fa4490d511ee537751a4fab2478e65250ff3deba43c74db5341184c9ba25b534 fa4490d511ee537751a4fab2478e65250ff3deba43c74db5341184c9ba25b534 diff --git a/swift/ql/lib/codeql/swift/generated/Raw.qll b/swift/ql/lib/codeql/swift/generated/Raw.qll index dc5ddeed979..8989bc83905 100644 --- a/swift/ql/lib/codeql/swift/generated/Raw.qll +++ b/swift/ql/lib/codeql/swift/generated/Raw.qll @@ -310,6 +310,10 @@ module Raw { /** * Gets the `index`th member of this declaration (0-based). + * + * Prefer to use more specific methods (such as `EnumDecl.getEnumElement`) rather than relying + * on the order of members given by `getMember`. In some cases the order of members may not + * align with expectations, and could change in future releases. */ Decl getMember(int index) { decl_members(this, index, result) } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/Decl.qll b/swift/ql/lib/codeql/swift/generated/decl/Decl.qll index 673de2cffee..136d28ea852 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/Decl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/Decl.qll @@ -34,6 +34,10 @@ module Generated { /** * Gets the `index`th member of this declaration (0-based). + * + * Prefer to use more specific methods (such as `EnumDecl.getEnumElement`) rather than relying + * on the order of members given by `getMember`. In some cases the order of members may not + * align with expectations, and could change in future releases. */ final Decl getMember(int index) { result = this.getImmediateMember(index).resolve() } diff --git a/swift/schema.py b/swift/schema.py index 8fc0941e171..ccb538769af 100644 --- a/swift/schema.py +++ b/swift/schema.py @@ -80,7 +80,11 @@ class Type(Element): @group("decl") class Decl(AstNode): module: "ModuleDecl" - members: list["Decl"] | child + members: list["Decl"] | child | desc(""" + Prefer to use more specific methods (such as `EnumDecl.getEnumElement`) rather than relying + on the order of members given by `getMember`. In some cases the order of members may not + align with expectations, and could change in future releases. + """) @group("expr") class Expr(AstNode): From c15ebf83ee246cf330a27cd28686f3b8259715bf Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 19 May 2023 16:38:18 +0100 Subject: [PATCH 485/870] C++: Add testcase with FP (and also fix an incorrect test annotation). --- .../CWE/CWE-119/OverrunWriteProductFlow.expected | 6 ++++++ .../query-tests/Security/CWE/CWE-119/test.cpp | 10 +++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected index f0fb883bffd..528d164b888 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected @@ -84,6 +84,8 @@ edges | test.cpp:243:16:243:21 | string indirection | test.cpp:243:12:243:21 | string | | test.cpp:249:20:249:27 | call to my_alloc | test.cpp:250:12:250:12 | p | | test.cpp:256:17:256:22 | call to malloc | test.cpp:257:12:257:12 | p | +| test.cpp:262:22:262:27 | call to malloc | test.cpp:266:12:266:12 | p | +| test.cpp:264:20:264:25 | call to malloc | test.cpp:266:12:266:12 | p | nodes | test.cpp:16:11:16:21 | mk_string_t indirection [string] | semmle.label | mk_string_t indirection [string] | | test.cpp:18:5:18:30 | ... = ... | semmle.label | ... = ... | @@ -162,6 +164,9 @@ nodes | test.cpp:250:12:250:12 | p | semmle.label | p | | test.cpp:256:17:256:22 | call to malloc | semmle.label | call to malloc | | test.cpp:257:12:257:12 | p | semmle.label | p | +| test.cpp:262:22:262:27 | call to malloc | semmle.label | call to malloc | +| test.cpp:264:20:264:25 | call to malloc | semmle.label | call to malloc | +| test.cpp:266:12:266:12 | p | semmle.label | p | subpaths | test.cpp:242:22:242:27 | buffer | test.cpp:235:40:235:45 | buffer | test.cpp:236:12:236:17 | p_str indirection [post update] [string] | test.cpp:242:16:242:19 | set_string output argument [string] | #select @@ -182,3 +187,4 @@ subpaths | test.cpp:207:9:207:15 | call to strncpy | test.cpp:147:19:147:24 | call to malloc | test.cpp:207:22:207:27 | string | This write may overflow $@ by 3 elements. | test.cpp:207:22:207:27 | string | string | | test.cpp:243:5:243:10 | call to memset | test.cpp:241:27:241:32 | call to malloc | test.cpp:243:12:243:21 | string | This write may overflow $@ by 1 element. | test.cpp:243:16:243:21 | string | string | | test.cpp:250:5:250:10 | call to memset | test.cpp:249:20:249:27 | call to my_alloc | test.cpp:250:12:250:12 | p | This write may overflow $@ by 1 element. | test.cpp:250:12:250:12 | p | p | +| test.cpp:266:5:266:10 | call to memset | test.cpp:262:22:262:27 | call to malloc | test.cpp:266:12:266:12 | p | This write may overflow $@ by 1 element. | test.cpp:266:12:266:12 | p | p | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp index 7c73a357c55..253ac4fe292 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp @@ -213,7 +213,7 @@ void *memset(void *, int, unsigned); void call_memset(void *p, unsigned size) { - memset(p, 0, size); // GOOD [FALSE POSITIVE] + memset(p, 0, size); // GOOD } void test_missing_call_context(unsigned char *unrelated_buffer, unsigned size) { @@ -256,4 +256,12 @@ void test6(unsigned long n, char *p) { p = (char *)malloc(n); memset(p, 0, n); // GOOD } +} + +void test7(unsigned n) { + char* p = (char*)malloc(n); + if(!p) { + p = (char*)malloc(++n); + } + memset(p, 0, n); // GOOD [FALSE POSITIVE] } \ No newline at end of file From b58eb3a92c07b4b2feee7e4b52f0e2356e64c195 Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Fri, 19 May 2023 17:45:47 +0200 Subject: [PATCH 486/870] Java: Add TemplateEngine.createTemplate as a groovy injection sink --- java/ql/lib/ext/groovy.lang.model.yml | 1 + .../2023-05-19-groovy-injection-sink.md | 4 +++ .../security/CWE-094/TemplateEngineTest.java | 30 +++++++++++++++++++ .../groovy/lang/Writable.java | 10 +++++++ .../groovy/text/Template.java | 12 ++++++++ .../groovy/text/TemplateEngine.java | 17 +++++++++++ 6 files changed, 74 insertions(+) create mode 100644 java/ql/src/change-notes/2023-05-19-groovy-injection-sink.md create mode 100644 java/ql/test/query-tests/security/CWE-094/TemplateEngineTest.java create mode 100644 java/ql/test/stubs/groovy-all-3.0.7/groovy/lang/Writable.java create mode 100644 java/ql/test/stubs/groovy-all-3.0.7/groovy/text/Template.java create mode 100644 java/ql/test/stubs/groovy-all-3.0.7/groovy/text/TemplateEngine.java diff --git a/java/ql/lib/ext/groovy.lang.model.yml b/java/ql/lib/ext/groovy.lang.model.yml index 1c775bdd2e5..815beb99041 100644 --- a/java/ql/lib/ext/groovy.lang.model.yml +++ b/java/ql/lib/ext/groovy.lang.model.yml @@ -29,3 +29,4 @@ extensions: - ["groovy.lang", "GroovyShell", False, "run", "(String,String,String[])", "", "Argument[0]", "groovy", "manual"] - ["groovy.lang", "GroovyShell", False, "run", "(URI,List)", "", "Argument[0]", "groovy", "manual"] - ["groovy.lang", "GroovyShell", False, "run", "(URI,String[])", "", "Argument[0]", "groovy", "manual"] + - ["groovy.text", "TemplateEngine", True, "createTemplate", "", "", "Argument[0]", "groovy", "manual"] diff --git a/java/ql/src/change-notes/2023-05-19-groovy-injection-sink.md b/java/ql/src/change-notes/2023-05-19-groovy-injection-sink.md new file mode 100644 index 00000000000..7f668dd1b28 --- /dev/null +++ b/java/ql/src/change-notes/2023-05-19-groovy-injection-sink.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The query `java/groovy-injection` now recognizes `groovy.text.TemplateEngine.createTemplate` as a sink. diff --git a/java/ql/test/query-tests/security/CWE-094/TemplateEngineTest.java b/java/ql/test/query-tests/security/CWE-094/TemplateEngineTest.java new file mode 100644 index 00000000000..dbf32494e10 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-094/TemplateEngineTest.java @@ -0,0 +1,30 @@ +import java.io.File; +import java.io.IOException; +import java.io.Reader; +import java.net.URL; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import groovy.text.TemplateEngine; + +public class TemplateEngineTest extends HttpServlet { + + private Object source(HttpServletRequest request) { + return request.getParameter("script"); + } + + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + try { + Object script = source(request); + TemplateEngine engine = null; + engine.createTemplate(request.getParameter("script")); // $ hasGroovyInjection + engine.createTemplate((File) script); // $ hasGroovyInjection + engine.createTemplate((Reader) script); // $ hasGroovyInjection + engine.createTemplate((URL) script); // $ hasGroovyInjection + } catch (Exception e) { + } + + } +} diff --git a/java/ql/test/stubs/groovy-all-3.0.7/groovy/lang/Writable.java b/java/ql/test/stubs/groovy-all-3.0.7/groovy/lang/Writable.java new file mode 100644 index 00000000000..bd66e0da4fd --- /dev/null +++ b/java/ql/test/stubs/groovy-all-3.0.7/groovy/lang/Writable.java @@ -0,0 +1,10 @@ +// Generated automatically from groovy.lang.Writable for testing purposes + +package groovy.lang; + +import java.io.Writer; + +public interface Writable +{ + Writer writeTo(Writer p0); +} diff --git a/java/ql/test/stubs/groovy-all-3.0.7/groovy/text/Template.java b/java/ql/test/stubs/groovy-all-3.0.7/groovy/text/Template.java new file mode 100644 index 00000000000..e48446274a6 --- /dev/null +++ b/java/ql/test/stubs/groovy-all-3.0.7/groovy/text/Template.java @@ -0,0 +1,12 @@ +// Generated automatically from groovy.text.Template for testing purposes + +package groovy.text; + +import groovy.lang.Writable; +import java.util.Map; + +public interface Template +{ + Writable make(); + Writable make(Map p0); +} diff --git a/java/ql/test/stubs/groovy-all-3.0.7/groovy/text/TemplateEngine.java b/java/ql/test/stubs/groovy-all-3.0.7/groovy/text/TemplateEngine.java new file mode 100644 index 00000000000..a42814b4db1 --- /dev/null +++ b/java/ql/test/stubs/groovy-all-3.0.7/groovy/text/TemplateEngine.java @@ -0,0 +1,17 @@ +// Generated automatically from groovy.text.TemplateEngine for testing purposes + +package groovy.text; + +import groovy.text.Template; +import java.io.File; +import java.io.Reader; +import java.net.URL; + +abstract public class TemplateEngine +{ + public Template createTemplate(File p0){ return null; } + public Template createTemplate(String p0){ return null; } + public Template createTemplate(URL p0){ return null; } + public TemplateEngine(){} + public abstract Template createTemplate(Reader p0); +} From 19080333b9c5b3165ef4233f5593557991816305 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 19 May 2023 16:50:49 +0100 Subject: [PATCH 487/870] Swift: Add a few test cases. --- .../CWE-135/StringLengthConflation.expected | 56 +++++++++++++++++++ .../CWE-135/StringLengthConflation.swift | 19 +++++++ 2 files changed, 75 insertions(+) diff --git a/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.expected b/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.expected index b0154ec15af..ffae88451e2 100644 --- a/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.expected +++ b/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.expected @@ -18,6 +18,18 @@ edges | StringLengthConflation.swift:137:34:137:36 | .count | StringLengthConflation.swift:137:34:137:44 | ... .-(_:_:) ... | | StringLengthConflation.swift:138:36:138:38 | .count | StringLengthConflation.swift:138:36:138:46 | ... .-(_:_:) ... | | StringLengthConflation.swift:144:28:144:30 | .count | StringLengthConflation.swift:144:28:144:38 | ... .-(_:_:) ... | +| StringLengthConflation.swift:168:29:168:36 | .count | StringLengthConflation.swift:168:29:168:44 | ... .-(_:_:) ... | +| StringLengthConflation.swift:169:29:169:37 | .count | StringLengthConflation.swift:169:29:169:45 | ... .-(_:_:) ... | +| StringLengthConflation.swift:170:29:170:46 | .count | StringLengthConflation.swift:170:29:170:54 | ... .-(_:_:) ... | +| StringLengthConflation.swift:171:29:171:32 | .length | StringLengthConflation.swift:171:29:171:41 | ... .-(_:_:) ... | +| StringLengthConflation.swift:172:29:172:33 | .length | StringLengthConflation.swift:172:29:172:42 | ... .-(_:_:) ... | +| StringLengthConflation.swift:174:35:174:42 | .count | StringLengthConflation.swift:174:35:174:50 | ... .-(_:_:) ... | +| StringLengthConflation.swift:175:35:175:43 | .count | StringLengthConflation.swift:175:35:175:51 | ... .-(_:_:) ... | +| StringLengthConflation.swift:176:35:176:52 | .count | StringLengthConflation.swift:176:35:176:60 | ... .-(_:_:) ... | +| StringLengthConflation.swift:177:35:177:38 | .length | StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | +| StringLengthConflation.swift:178:35:178:39 | .length | StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | +| StringLengthConflation.swift:180:37:180:44 | .count | StringLengthConflation.swift:180:37:180:52 | ... .-(_:_:) ... | +| StringLengthConflation.swift:182:37:182:45 | .count | StringLengthConflation.swift:182:37:182:53 | ... .-(_:_:) ... | | file://:0:0:0:0 | .length | StringLengthConflation.swift:53:43:53:46 | .length | | file://:0:0:0:0 | .length | StringLengthConflation.swift:60:47:60:50 | .length | | file://:0:0:0:0 | .length | StringLengthConflation.swift:66:33:66:36 | .length | @@ -27,6 +39,10 @@ edges | file://:0:0:0:0 | .length | StringLengthConflation.swift:108:25:108:28 | .length | | file://:0:0:0:0 | .length | StringLengthConflation.swift:114:23:114:26 | .length | | file://:0:0:0:0 | .length | StringLengthConflation.swift:120:22:120:25 | .length | +| file://:0:0:0:0 | .length | StringLengthConflation.swift:171:29:171:32 | .length | +| file://:0:0:0:0 | .length | StringLengthConflation.swift:172:29:172:33 | .length | +| file://:0:0:0:0 | .length | StringLengthConflation.swift:177:35:177:38 | .length | +| file://:0:0:0:0 | .length | StringLengthConflation.swift:178:35:178:39 | .length | nodes | StringLengthConflation2.swift:35:36:35:38 | .count | semmle.label | .count | | StringLengthConflation2.swift:35:36:35:46 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | @@ -76,6 +92,30 @@ nodes | StringLengthConflation.swift:151:45:151:53 | .count | semmle.label | .count | | StringLengthConflation.swift:156:45:156:52 | .count | semmle.label | .count | | StringLengthConflation.swift:161:45:161:53 | .count | semmle.label | .count | +| StringLengthConflation.swift:168:29:168:36 | .count | semmle.label | .count | +| StringLengthConflation.swift:168:29:168:44 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | +| StringLengthConflation.swift:169:29:169:37 | .count | semmle.label | .count | +| StringLengthConflation.swift:169:29:169:45 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | +| StringLengthConflation.swift:170:29:170:46 | .count | semmle.label | .count | +| StringLengthConflation.swift:170:29:170:54 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | +| StringLengthConflation.swift:171:29:171:32 | .length | semmle.label | .length | +| StringLengthConflation.swift:171:29:171:41 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | +| StringLengthConflation.swift:172:29:172:33 | .length | semmle.label | .length | +| StringLengthConflation.swift:172:29:172:42 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | +| StringLengthConflation.swift:174:35:174:42 | .count | semmle.label | .count | +| StringLengthConflation.swift:174:35:174:50 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | +| StringLengthConflation.swift:175:35:175:43 | .count | semmle.label | .count | +| StringLengthConflation.swift:175:35:175:51 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | +| StringLengthConflation.swift:176:35:176:52 | .count | semmle.label | .count | +| StringLengthConflation.swift:176:35:176:60 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | +| StringLengthConflation.swift:177:35:177:38 | .length | semmle.label | .length | +| StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | +| StringLengthConflation.swift:178:35:178:39 | .length | semmle.label | .length | +| StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | +| StringLengthConflation.swift:180:37:180:44 | .count | semmle.label | .count | +| StringLengthConflation.swift:180:37:180:52 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | +| StringLengthConflation.swift:182:37:182:45 | .count | semmle.label | .count | +| StringLengthConflation.swift:182:37:182:53 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | | file://:0:0:0:0 | .length | semmle.label | .length | subpaths #select @@ -117,3 +157,19 @@ subpaths | StringLengthConflation.swift:151:45:151:53 | .count | StringLengthConflation.swift:151:45:151:53 | .count | StringLengthConflation.swift:151:45:151:53 | .count | This String.unicodeScalars length is used in a String, but it may not be equivalent. | | StringLengthConflation.swift:156:45:156:52 | .count | StringLengthConflation.swift:156:45:156:52 | .count | StringLengthConflation.swift:156:45:156:52 | .count | This String.utf8 length is used in a String, but it may not be equivalent. | | StringLengthConflation.swift:161:45:161:53 | .count | StringLengthConflation.swift:161:45:161:53 | .count | StringLengthConflation.swift:161:45:161:53 | .count | This String.utf16 length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:168:29:168:44 | ... .-(_:_:) ... | StringLengthConflation.swift:168:29:168:36 | .count | StringLengthConflation.swift:168:29:168:44 | ... .-(_:_:) ... | This String.utf8 length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:169:29:169:45 | ... .-(_:_:) ... | StringLengthConflation.swift:169:29:169:37 | .count | StringLengthConflation.swift:169:29:169:45 | ... .-(_:_:) ... | This String.utf16 length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:170:29:170:54 | ... .-(_:_:) ... | StringLengthConflation.swift:170:29:170:46 | .count | StringLengthConflation.swift:170:29:170:54 | ... .-(_:_:) ... | This String.unicodeScalars length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:171:29:171:41 | ... .-(_:_:) ... | StringLengthConflation.swift:171:29:171:32 | .length | StringLengthConflation.swift:171:29:171:41 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:171:29:171:41 | ... .-(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:171:29:171:41 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:172:29:172:42 | ... .-(_:_:) ... | StringLengthConflation.swift:172:29:172:33 | .length | StringLengthConflation.swift:172:29:172:42 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:172:29:172:42 | ... .-(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:172:29:172:42 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:174:35:174:50 | ... .-(_:_:) ... | StringLengthConflation.swift:174:35:174:42 | .count | StringLengthConflation.swift:174:35:174:50 | ... .-(_:_:) ... | This String.utf8 length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:175:35:175:51 | ... .-(_:_:) ... | StringLengthConflation.swift:175:35:175:43 | .count | StringLengthConflation.swift:175:35:175:51 | ... .-(_:_:) ... | This String.utf16 length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:176:35:176:60 | ... .-(_:_:) ... | StringLengthConflation.swift:176:35:176:52 | .count | StringLengthConflation.swift:176:35:176:60 | ... .-(_:_:) ... | This String.unicodeScalars length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | StringLengthConflation.swift:177:35:177:38 | .length | StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | StringLengthConflation.swift:178:35:178:39 | .length | StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:180:37:180:52 | ... .-(_:_:) ... | StringLengthConflation.swift:180:37:180:44 | .count | StringLengthConflation.swift:180:37:180:52 | ... .-(_:_:) ... | This String.utf8 length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:182:37:182:53 | ... .-(_:_:) ... | StringLengthConflation.swift:182:37:182:45 | .count | StringLengthConflation.swift:182:37:182:53 | ... .-(_:_:) ... | This String.utf16 length is used in a String, but it may not be equivalent. | diff --git a/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.swift b/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.swift index 67b8feb657f..4d858ee669f 100644 --- a/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.swift +++ b/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.swift @@ -161,6 +161,25 @@ func test(s: String) { let _ = s.index(s.startIndex, offsetBy: s_utf16.count) // BAD let _ = s_utf16.index(s_utf16.startIndex, offsetBy: scalars.count) // GOOD let _ = s_utf16.index(s_utf16.startIndex, offsetBy: s.count) // BAD [NOT DETECTED] + + // --- methods provided by Sequence, Collection etc --- + + let _ = String(s.prefix(s.count - 10)) // GOOD + let _ = String(s.prefix(s.utf8.count - 10)) // BAD + let _ = String(s.prefix(s.utf16.count - 10)) // BAD + let _ = String(s.prefix(s.unicodeScalars.count - 10)) // BAD + let _ = String(s.prefix(ns.length - 10)) // BAD + let _ = String(s.prefix(nms.length - 10)) // BAD + let _ = String(scalars.prefix(s.count - 10)) // BAD [NOT DETECTED] + let _ = String(scalars.prefix(s.utf8.count - 10)) // BAD + let _ = String(scalars.prefix(s.utf16.count - 10)) // BAD + let _ = String(scalars.prefix(s.unicodeScalars.count - 10)) // GOOD [FALSE POSITIVE] + let _ = String(scalars.prefix(ns.length - 10)) // BAD + let _ = String(scalars.prefix(nms.length - 10)) // BAD + let _ = String(s.utf8.dropFirst(s.count - 10)) // BAD [NOT DETECTED] + let _ = String(s.utf8.dropFirst(s.utf8.count - 10)) // GOOD [FALSE POSITIVE] + let _ = String(s.utf16.dropLast(s.count - 10)) // BAD [NOT DETECTED] + let _ = String(s.utf16.dropLast(s.utf16.count - 10)) // GOOD [FALSE POSITIVE] } // `begin :thumbsup: end`, with thumbs up emoji and skin tone modifier From 2028b5ef958cba55eafc831c1e4d54ca8f3c53e7 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 19 May 2023 17:24:50 +0100 Subject: [PATCH 488/870] Swift: Fix imprecise sinks. --- .../StringLengthConflationExtensions.qll | 57 ++++++++++++++++--- .../CWE-135/StringLengthConflation.expected | 36 ++++++------ .../CWE-135/StringLengthConflation.swift | 12 ++-- 3 files changed, 73 insertions(+), 32 deletions(-) diff --git a/swift/ql/lib/codeql/swift/security/StringLengthConflationExtensions.qll b/swift/ql/lib/codeql/swift/security/StringLengthConflationExtensions.qll index 560a332fc76..59fbe38a867 100644 --- a/swift/ql/lib/codeql/swift/security/StringLengthConflationExtensions.qll +++ b/swift/ql/lib/codeql/swift/security/StringLengthConflationExtensions.qll @@ -180,14 +180,6 @@ private class StringLengthConflationSinks extends SinkModelCsv { override predicate row(string row) { row = [ - ";Sequence;true;dropFirst(_:);;;Argument[0];string-length", - ";Sequence;true;dropLast(_:);;;Argument[0];string-length", - ";Sequence;true;prefix(_:);;;Argument[0];string-length", - ";Sequence;true;suffix(_:);;;Argument[0];string-length", - ";Collection;true;formIndex(_:offsetBy:);;;Argument[0..1];string-length", - ";Collection;true;formIndex(_:offsetBy:limitBy:);;;Argument[0..1];string-length", - ";Collection;true;removeFirst(_:);;;Argument[0];string-length", - ";RangeReplaceableCollection;true;removeLast(_:);;;Argument[0];string-length", ";String;true;index(_:offsetBy:);;;Argument[0..1];string-length", ";String;true;index(_:offsetBy:limitBy:);;;Argument[0..1];string-length", ";String.Index;true;init(encodedOffset:);;;Argument[0];string-length", @@ -203,3 +195,52 @@ private class StringLengthConflationSinks extends SinkModelCsv { ] } } + +/** + * An extra sink that don't fit into the CSV scheme (because we care about the actual + * type the method is being called on, not just the type it's declared on). + */ +private class ExtraStringLengthConflationSink extends StringLengthConflationSink { + StringType stringType; + + ExtraStringLengthConflationSink() { + exists(CallExpr call, string typeName | + ( + // `String` + typeName = "String" and + stringType = TString() + or + // `String.utf8` + typeName = "String.UTF8View" and + stringType = TStringUtf8() + or + // `String.utf16` + typeName = "String.UTF16View" and + stringType = TStringUtf16() + or + // `String.unicodeScalars` + typeName = "String.UnicodeScalarView" and + stringType = TStringUnicodeScalars() + ) and + // sink is a length or offset argument to [type].[method] + ( + call.getQualifier().getType().(NominalType).getName() = typeName or + call.getQualifier().getType().(InOutType).getObjectType().(NominalType).getName() = typeName + ) and + ( + call.getStaticTarget().getName() = + [ + "dropFirst(_:)", "dropLast(_:)", "prefix(_:)", "suffix(_:)", "removeFirst(_:)", + "removeLast(_:)" + ] and + this.asExpr() = call.getArgument(0).getExpr() + or + call.getStaticTarget().getName() = + ["formIndex(_:offsetBy:)", "formIndex(_:offsetBy:limitBy:)"] and + this.asExpr() = call.getArgument([0, 1]).getExpr() + ) + ) + } + + override StringType getCorrectStringType() { result = stringType } +} diff --git a/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.expected b/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.expected index ffae88451e2..69e72385ddb 100644 --- a/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.expected +++ b/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.expected @@ -23,13 +23,13 @@ edges | StringLengthConflation.swift:170:29:170:46 | .count | StringLengthConflation.swift:170:29:170:54 | ... .-(_:_:) ... | | StringLengthConflation.swift:171:29:171:32 | .length | StringLengthConflation.swift:171:29:171:41 | ... .-(_:_:) ... | | StringLengthConflation.swift:172:29:172:33 | .length | StringLengthConflation.swift:172:29:172:42 | ... .-(_:_:) ... | +| StringLengthConflation.swift:173:35:173:37 | .count | StringLengthConflation.swift:173:35:173:45 | ... .-(_:_:) ... | | StringLengthConflation.swift:174:35:174:42 | .count | StringLengthConflation.swift:174:35:174:50 | ... .-(_:_:) ... | | StringLengthConflation.swift:175:35:175:43 | .count | StringLengthConflation.swift:175:35:175:51 | ... .-(_:_:) ... | -| StringLengthConflation.swift:176:35:176:52 | .count | StringLengthConflation.swift:176:35:176:60 | ... .-(_:_:) ... | | StringLengthConflation.swift:177:35:177:38 | .length | StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | | StringLengthConflation.swift:178:35:178:39 | .length | StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | -| StringLengthConflation.swift:180:37:180:44 | .count | StringLengthConflation.swift:180:37:180:52 | ... .-(_:_:) ... | -| StringLengthConflation.swift:182:37:182:45 | .count | StringLengthConflation.swift:182:37:182:53 | ... .-(_:_:) ... | +| StringLengthConflation.swift:179:37:179:39 | .count | StringLengthConflation.swift:179:37:179:47 | ... .-(_:_:) ... | +| StringLengthConflation.swift:181:37:181:39 | .count | StringLengthConflation.swift:181:37:181:47 | ... .-(_:_:) ... | | file://:0:0:0:0 | .length | StringLengthConflation.swift:53:43:53:46 | .length | | file://:0:0:0:0 | .length | StringLengthConflation.swift:60:47:60:50 | .length | | file://:0:0:0:0 | .length | StringLengthConflation.swift:66:33:66:36 | .length | @@ -102,20 +102,20 @@ nodes | StringLengthConflation.swift:171:29:171:41 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | | StringLengthConflation.swift:172:29:172:33 | .length | semmle.label | .length | | StringLengthConflation.swift:172:29:172:42 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | +| StringLengthConflation.swift:173:35:173:37 | .count | semmle.label | .count | +| StringLengthConflation.swift:173:35:173:45 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | | StringLengthConflation.swift:174:35:174:42 | .count | semmle.label | .count | | StringLengthConflation.swift:174:35:174:50 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | | StringLengthConflation.swift:175:35:175:43 | .count | semmle.label | .count | | StringLengthConflation.swift:175:35:175:51 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | -| StringLengthConflation.swift:176:35:176:52 | .count | semmle.label | .count | -| StringLengthConflation.swift:176:35:176:60 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | | StringLengthConflation.swift:177:35:177:38 | .length | semmle.label | .length | | StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | | StringLengthConflation.swift:178:35:178:39 | .length | semmle.label | .length | | StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | -| StringLengthConflation.swift:180:37:180:44 | .count | semmle.label | .count | -| StringLengthConflation.swift:180:37:180:52 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | -| StringLengthConflation.swift:182:37:182:45 | .count | semmle.label | .count | -| StringLengthConflation.swift:182:37:182:53 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | +| StringLengthConflation.swift:179:37:179:39 | .count | semmle.label | .count | +| StringLengthConflation.swift:179:37:179:47 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | +| StringLengthConflation.swift:181:37:181:39 | .count | semmle.label | .count | +| StringLengthConflation.swift:181:37:181:47 | ... .-(_:_:) ... | semmle.label | ... .-(_:_:) ... | | file://:0:0:0:0 | .length | semmle.label | .length | subpaths #select @@ -164,12 +164,12 @@ subpaths | StringLengthConflation.swift:171:29:171:41 | ... .-(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:171:29:171:41 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | | StringLengthConflation.swift:172:29:172:42 | ... .-(_:_:) ... | StringLengthConflation.swift:172:29:172:33 | .length | StringLengthConflation.swift:172:29:172:42 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | | StringLengthConflation.swift:172:29:172:42 | ... .-(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:172:29:172:42 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | -| StringLengthConflation.swift:174:35:174:50 | ... .-(_:_:) ... | StringLengthConflation.swift:174:35:174:42 | .count | StringLengthConflation.swift:174:35:174:50 | ... .-(_:_:) ... | This String.utf8 length is used in a String, but it may not be equivalent. | -| StringLengthConflation.swift:175:35:175:51 | ... .-(_:_:) ... | StringLengthConflation.swift:175:35:175:43 | .count | StringLengthConflation.swift:175:35:175:51 | ... .-(_:_:) ... | This String.utf16 length is used in a String, but it may not be equivalent. | -| StringLengthConflation.swift:176:35:176:60 | ... .-(_:_:) ... | StringLengthConflation.swift:176:35:176:52 | .count | StringLengthConflation.swift:176:35:176:60 | ... .-(_:_:) ... | This String.unicodeScalars length is used in a String, but it may not be equivalent. | -| StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | StringLengthConflation.swift:177:35:177:38 | .length | StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | -| StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | -| StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | StringLengthConflation.swift:178:35:178:39 | .length | StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | -| StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | -| StringLengthConflation.swift:180:37:180:52 | ... .-(_:_:) ... | StringLengthConflation.swift:180:37:180:44 | .count | StringLengthConflation.swift:180:37:180:52 | ... .-(_:_:) ... | This String.utf8 length is used in a String, but it may not be equivalent. | -| StringLengthConflation.swift:182:37:182:53 | ... .-(_:_:) ... | StringLengthConflation.swift:182:37:182:45 | .count | StringLengthConflation.swift:182:37:182:53 | ... .-(_:_:) ... | This String.utf16 length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:173:35:173:45 | ... .-(_:_:) ... | StringLengthConflation.swift:173:35:173:37 | .count | StringLengthConflation.swift:173:35:173:45 | ... .-(_:_:) ... | This String length is used in a String.unicodeScalars, but it may not be equivalent. | +| StringLengthConflation.swift:174:35:174:50 | ... .-(_:_:) ... | StringLengthConflation.swift:174:35:174:42 | .count | StringLengthConflation.swift:174:35:174:50 | ... .-(_:_:) ... | This String.utf8 length is used in a String.unicodeScalars, but it may not be equivalent. | +| StringLengthConflation.swift:175:35:175:51 | ... .-(_:_:) ... | StringLengthConflation.swift:175:35:175:43 | .count | StringLengthConflation.swift:175:35:175:51 | ... .-(_:_:) ... | This String.utf16 length is used in a String.unicodeScalars, but it may not be equivalent. | +| StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | StringLengthConflation.swift:177:35:177:38 | .length | StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | This NSString length is used in a String.unicodeScalars, but it may not be equivalent. | +| StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | This NSString length is used in a String.unicodeScalars, but it may not be equivalent. | +| StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | StringLengthConflation.swift:178:35:178:39 | .length | StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | This NSString length is used in a String.unicodeScalars, but it may not be equivalent. | +| StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | This NSString length is used in a String.unicodeScalars, but it may not be equivalent. | +| StringLengthConflation.swift:179:37:179:47 | ... .-(_:_:) ... | StringLengthConflation.swift:179:37:179:39 | .count | StringLengthConflation.swift:179:37:179:47 | ... .-(_:_:) ... | This String length is used in a String.utf8, but it may not be equivalent. | +| StringLengthConflation.swift:181:37:181:47 | ... .-(_:_:) ... | StringLengthConflation.swift:181:37:181:39 | .count | StringLengthConflation.swift:181:37:181:47 | ... .-(_:_:) ... | This String length is used in a String.utf16, but it may not be equivalent. | diff --git a/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.swift b/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.swift index 4d858ee669f..c707b81fe35 100644 --- a/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.swift +++ b/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.swift @@ -170,16 +170,16 @@ func test(s: String) { let _ = String(s.prefix(s.unicodeScalars.count - 10)) // BAD let _ = String(s.prefix(ns.length - 10)) // BAD let _ = String(s.prefix(nms.length - 10)) // BAD - let _ = String(scalars.prefix(s.count - 10)) // BAD [NOT DETECTED] + let _ = String(scalars.prefix(s.count - 10)) // BAD let _ = String(scalars.prefix(s.utf8.count - 10)) // BAD let _ = String(scalars.prefix(s.utf16.count - 10)) // BAD - let _ = String(scalars.prefix(s.unicodeScalars.count - 10)) // GOOD [FALSE POSITIVE] + let _ = String(scalars.prefix(s.unicodeScalars.count - 10)) // GOOD let _ = String(scalars.prefix(ns.length - 10)) // BAD let _ = String(scalars.prefix(nms.length - 10)) // BAD - let _ = String(s.utf8.dropFirst(s.count - 10)) // BAD [NOT DETECTED] - let _ = String(s.utf8.dropFirst(s.utf8.count - 10)) // GOOD [FALSE POSITIVE] - let _ = String(s.utf16.dropLast(s.count - 10)) // BAD [NOT DETECTED] - let _ = String(s.utf16.dropLast(s.utf16.count - 10)) // GOOD [FALSE POSITIVE] + let _ = String(s.utf8.dropFirst(s.count - 10)) // BAD + let _ = String(s.utf8.dropFirst(s.utf8.count - 10)) // GOOD + let _ = String(s.utf16.dropLast(s.count - 10)) // BAD + let _ = String(s.utf16.dropLast(s.utf16.count - 10)) // GOOD } // `begin :thumbsup: end`, with thumbs up emoji and skin tone modifier From b6122d01fcd8c770e7a924d08177ecdc6176f878 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 19 May 2023 22:30:38 +0100 Subject: [PATCH 489/870] Swift: Clean up the query somewhat. --- .../StringLengthConflationExtensions.qll | 49 +++++++++---------- .../CWE-135/StringLengthConflation.expected | 40 +++++++-------- 2 files changed, 42 insertions(+), 47 deletions(-) diff --git a/swift/ql/lib/codeql/swift/security/StringLengthConflationExtensions.qll b/swift/ql/lib/codeql/swift/security/StringLengthConflationExtensions.qll index 59fbe38a867..efc8eeefe35 100644 --- a/swift/ql/lib/codeql/swift/security/StringLengthConflationExtensions.qll +++ b/swift/ql/lib/codeql/swift/security/StringLengthConflationExtensions.qll @@ -38,27 +38,34 @@ class StringType extends TStringType { csvLabel = "nsstring-length" or this = TStringUtf8() and - name = "String.utf8" and - singular = "a String.utf8" and + name = "String.UTF8View" and + singular = "a String.UTF8View" and equivClass = this and csvLabel = "string-utf8-length" or this = TStringUtf16() and - name = "String.utf16" and - singular = "a String.utf16" and + name = "String.UTF16View" and + singular = "a String.UTF16View" and equivClass = TNsString() and csvLabel = "string-utf16-length" or this = TStringUnicodeScalars() and - name = "String.unicodeScalars" and - singular = "a String.unicodeScalars" and + name = "String.UnicodeScalarView" and + singular = "a String.UnicodeScalarView" and equivClass = this and csvLabel = "string-unicodescalars-length" } - /** Gets a textual representation of this string type. */ + /** + * Gets a textual representation of this string type. + */ string toString() { result = name } + /** + * Gets the name of this string type. + */ + string getName() { result = name } + /** * Gets the equivalence class for this string type. If these are equal, * they should be treated as equivalent. @@ -142,21 +149,16 @@ private class ExtraStringLengthConflationSource extends StringLengthConflationSo StringType stringType; ExtraStringLengthConflationSource() { - exists(MemberRefExpr memberRef, string typeName | + // source is the result of a call to `[stringType].count`. + exists(MemberRefExpr memberRef | ( - // result of a call to `String.utf8.count` - typeName = "String.UTF8View" and stringType = TStringUtf8() or - // result of a call to `String.utf16.count` - typeName = "String.UTF16View" and stringType = TStringUtf16() or - // result of a call to `String.unicodeScalars.count` - typeName = "String.UnicodeScalarView" and stringType = TStringUnicodeScalars() ) and - memberRef.getBase().getType().(NominalType).getName() = typeName and + memberRef.getBase().getType().(NominalType).getName() = stringType.getName() and memberRef.getMember().(VarDecl).getName() = "count" and this.asExpr() = memberRef ) @@ -204,28 +206,21 @@ private class ExtraStringLengthConflationSink extends StringLengthConflationSink StringType stringType; ExtraStringLengthConflationSink() { - exists(CallExpr call, string typeName | + // sink is a length or offset argument of a call to `[stringType].[method]`. + exists(CallExpr call | ( - // `String` - typeName = "String" and stringType = TString() or - // `String.utf8` - typeName = "String.UTF8View" and stringType = TStringUtf8() or - // `String.utf16` - typeName = "String.UTF16View" and stringType = TStringUtf16() or - // `String.unicodeScalars` - typeName = "String.UnicodeScalarView" and stringType = TStringUnicodeScalars() ) and - // sink is a length or offset argument to [type].[method] ( - call.getQualifier().getType().(NominalType).getName() = typeName or - call.getQualifier().getType().(InOutType).getObjectType().(NominalType).getName() = typeName + call.getQualifier().getType().(NominalType).getName() = stringType.getName() or + call.getQualifier().getType().(InOutType).getObjectType().(NominalType).getName() = + stringType.getName() ) and ( call.getStaticTarget().getName() = diff --git a/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.expected b/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.expected index 69e72385ddb..909c6233ba5 100644 --- a/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.expected +++ b/swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.expected @@ -124,17 +124,17 @@ subpaths | StringLengthConflation.swift:36:93:36:93 | len | StringLengthConflation.swift:72:33:72:35 | .count | StringLengthConflation.swift:36:93:36:93 | len | This String length is used in an NSString, but it may not be equivalent. | | StringLengthConflation.swift:53:43:53:46 | .length | StringLengthConflation.swift:53:43:53:46 | .length | StringLengthConflation.swift:53:43:53:46 | .length | This NSString length is used in a String, but it may not be equivalent. | | StringLengthConflation.swift:53:43:53:46 | .length | file://:0:0:0:0 | .length | StringLengthConflation.swift:53:43:53:46 | .length | This NSString length is used in a String, but it may not be equivalent. | -| StringLengthConflation.swift:54:43:54:50 | .count | StringLengthConflation.swift:54:43:54:50 | .count | StringLengthConflation.swift:54:43:54:50 | .count | This String.utf8 length is used in a String, but it may not be equivalent. | -| StringLengthConflation.swift:55:43:55:51 | .count | StringLengthConflation.swift:55:43:55:51 | .count | StringLengthConflation.swift:55:43:55:51 | .count | This String.utf16 length is used in a String, but it may not be equivalent. | -| StringLengthConflation.swift:56:43:56:60 | .count | StringLengthConflation.swift:56:43:56:60 | .count | StringLengthConflation.swift:56:43:56:60 | .count | This String.unicodeScalars length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:54:43:54:50 | .count | StringLengthConflation.swift:54:43:54:50 | .count | StringLengthConflation.swift:54:43:54:50 | .count | This String.UTF8View length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:55:43:55:51 | .count | StringLengthConflation.swift:55:43:55:51 | .count | StringLengthConflation.swift:55:43:55:51 | .count | This String.UTF16View length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:56:43:56:60 | .count | StringLengthConflation.swift:56:43:56:60 | .count | StringLengthConflation.swift:56:43:56:60 | .count | This String.UnicodeScalarView length is used in a String, but it may not be equivalent. | | StringLengthConflation.swift:60:47:60:59 | ... ./(_:_:) ... | StringLengthConflation.swift:60:47:60:50 | .length | StringLengthConflation.swift:60:47:60:59 | ... ./(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | | StringLengthConflation.swift:60:47:60:59 | ... ./(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:60:47:60:59 | ... ./(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | | StringLengthConflation.swift:66:33:66:45 | ... ./(_:_:) ... | StringLengthConflation.swift:66:33:66:36 | .length | StringLengthConflation.swift:66:33:66:45 | ... ./(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | | StringLengthConflation.swift:66:33:66:45 | ... ./(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:66:33:66:45 | ... ./(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | | StringLengthConflation.swift:72:33:72:35 | .count | StringLengthConflation.swift:72:33:72:35 | .count | StringLengthConflation.swift:72:33:72:35 | .count | This String length is used in an NSString, but it may not be equivalent. | | StringLengthConflation.swift:78:47:78:49 | .count | StringLengthConflation.swift:78:47:78:49 | .count | StringLengthConflation.swift:78:47:78:49 | .count | This String length is used in an NSString, but it may not be equivalent. | -| StringLengthConflation.swift:79:47:79:54 | .count | StringLengthConflation.swift:79:47:79:54 | .count | StringLengthConflation.swift:79:47:79:54 | .count | This String.utf8 length is used in an NSString, but it may not be equivalent. | -| StringLengthConflation.swift:81:47:81:64 | .count | StringLengthConflation.swift:81:47:81:64 | .count | StringLengthConflation.swift:81:47:81:64 | .count | This String.unicodeScalars length is used in an NSString, but it may not be equivalent. | +| StringLengthConflation.swift:79:47:79:54 | .count | StringLengthConflation.swift:79:47:79:54 | .count | StringLengthConflation.swift:79:47:79:54 | .count | This String.UTF8View length is used in an NSString, but it may not be equivalent. | +| StringLengthConflation.swift:81:47:81:64 | .count | StringLengthConflation.swift:81:47:81:64 | .count | StringLengthConflation.swift:81:47:81:64 | .count | This String.UnicodeScalarView length is used in an NSString, but it may not be equivalent. | | StringLengthConflation.swift:96:28:96:40 | ... .-(_:_:) ... | StringLengthConflation.swift:96:28:96:31 | .length | StringLengthConflation.swift:96:28:96:40 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | | StringLengthConflation.swift:96:28:96:40 | ... .-(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:96:28:96:40 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | | StringLengthConflation.swift:100:27:100:39 | ... .-(_:_:) ... | StringLengthConflation.swift:100:27:100:30 | .length | StringLengthConflation.swift:100:27:100:39 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | @@ -154,22 +154,22 @@ subpaths | StringLengthConflation.swift:137:34:137:44 | ... .-(_:_:) ... | StringLengthConflation.swift:137:34:137:36 | .count | StringLengthConflation.swift:137:34:137:44 | ... .-(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. | | StringLengthConflation.swift:138:36:138:46 | ... .-(_:_:) ... | StringLengthConflation.swift:138:36:138:38 | .count | StringLengthConflation.swift:138:36:138:46 | ... .-(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. | | StringLengthConflation.swift:144:28:144:38 | ... .-(_:_:) ... | StringLengthConflation.swift:144:28:144:30 | .count | StringLengthConflation.swift:144:28:144:38 | ... .-(_:_:) ... | This String length is used in an NSString, but it may not be equivalent. | -| StringLengthConflation.swift:151:45:151:53 | .count | StringLengthConflation.swift:151:45:151:53 | .count | StringLengthConflation.swift:151:45:151:53 | .count | This String.unicodeScalars length is used in a String, but it may not be equivalent. | -| StringLengthConflation.swift:156:45:156:52 | .count | StringLengthConflation.swift:156:45:156:52 | .count | StringLengthConflation.swift:156:45:156:52 | .count | This String.utf8 length is used in a String, but it may not be equivalent. | -| StringLengthConflation.swift:161:45:161:53 | .count | StringLengthConflation.swift:161:45:161:53 | .count | StringLengthConflation.swift:161:45:161:53 | .count | This String.utf16 length is used in a String, but it may not be equivalent. | -| StringLengthConflation.swift:168:29:168:44 | ... .-(_:_:) ... | StringLengthConflation.swift:168:29:168:36 | .count | StringLengthConflation.swift:168:29:168:44 | ... .-(_:_:) ... | This String.utf8 length is used in a String, but it may not be equivalent. | -| StringLengthConflation.swift:169:29:169:45 | ... .-(_:_:) ... | StringLengthConflation.swift:169:29:169:37 | .count | StringLengthConflation.swift:169:29:169:45 | ... .-(_:_:) ... | This String.utf16 length is used in a String, but it may not be equivalent. | -| StringLengthConflation.swift:170:29:170:54 | ... .-(_:_:) ... | StringLengthConflation.swift:170:29:170:46 | .count | StringLengthConflation.swift:170:29:170:54 | ... .-(_:_:) ... | This String.unicodeScalars length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:151:45:151:53 | .count | StringLengthConflation.swift:151:45:151:53 | .count | StringLengthConflation.swift:151:45:151:53 | .count | This String.UnicodeScalarView length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:156:45:156:52 | .count | StringLengthConflation.swift:156:45:156:52 | .count | StringLengthConflation.swift:156:45:156:52 | .count | This String.UTF8View length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:161:45:161:53 | .count | StringLengthConflation.swift:161:45:161:53 | .count | StringLengthConflation.swift:161:45:161:53 | .count | This String.UTF16View length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:168:29:168:44 | ... .-(_:_:) ... | StringLengthConflation.swift:168:29:168:36 | .count | StringLengthConflation.swift:168:29:168:44 | ... .-(_:_:) ... | This String.UTF8View length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:169:29:169:45 | ... .-(_:_:) ... | StringLengthConflation.swift:169:29:169:37 | .count | StringLengthConflation.swift:169:29:169:45 | ... .-(_:_:) ... | This String.UTF16View length is used in a String, but it may not be equivalent. | +| StringLengthConflation.swift:170:29:170:54 | ... .-(_:_:) ... | StringLengthConflation.swift:170:29:170:46 | .count | StringLengthConflation.swift:170:29:170:54 | ... .-(_:_:) ... | This String.UnicodeScalarView length is used in a String, but it may not be equivalent. | | StringLengthConflation.swift:171:29:171:41 | ... .-(_:_:) ... | StringLengthConflation.swift:171:29:171:32 | .length | StringLengthConflation.swift:171:29:171:41 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | | StringLengthConflation.swift:171:29:171:41 | ... .-(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:171:29:171:41 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | | StringLengthConflation.swift:172:29:172:42 | ... .-(_:_:) ... | StringLengthConflation.swift:172:29:172:33 | .length | StringLengthConflation.swift:172:29:172:42 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | | StringLengthConflation.swift:172:29:172:42 | ... .-(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:172:29:172:42 | ... .-(_:_:) ... | This NSString length is used in a String, but it may not be equivalent. | -| StringLengthConflation.swift:173:35:173:45 | ... .-(_:_:) ... | StringLengthConflation.swift:173:35:173:37 | .count | StringLengthConflation.swift:173:35:173:45 | ... .-(_:_:) ... | This String length is used in a String.unicodeScalars, but it may not be equivalent. | -| StringLengthConflation.swift:174:35:174:50 | ... .-(_:_:) ... | StringLengthConflation.swift:174:35:174:42 | .count | StringLengthConflation.swift:174:35:174:50 | ... .-(_:_:) ... | This String.utf8 length is used in a String.unicodeScalars, but it may not be equivalent. | -| StringLengthConflation.swift:175:35:175:51 | ... .-(_:_:) ... | StringLengthConflation.swift:175:35:175:43 | .count | StringLengthConflation.swift:175:35:175:51 | ... .-(_:_:) ... | This String.utf16 length is used in a String.unicodeScalars, but it may not be equivalent. | -| StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | StringLengthConflation.swift:177:35:177:38 | .length | StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | This NSString length is used in a String.unicodeScalars, but it may not be equivalent. | -| StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | This NSString length is used in a String.unicodeScalars, but it may not be equivalent. | -| StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | StringLengthConflation.swift:178:35:178:39 | .length | StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | This NSString length is used in a String.unicodeScalars, but it may not be equivalent. | -| StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | This NSString length is used in a String.unicodeScalars, but it may not be equivalent. | -| StringLengthConflation.swift:179:37:179:47 | ... .-(_:_:) ... | StringLengthConflation.swift:179:37:179:39 | .count | StringLengthConflation.swift:179:37:179:47 | ... .-(_:_:) ... | This String length is used in a String.utf8, but it may not be equivalent. | -| StringLengthConflation.swift:181:37:181:47 | ... .-(_:_:) ... | StringLengthConflation.swift:181:37:181:39 | .count | StringLengthConflation.swift:181:37:181:47 | ... .-(_:_:) ... | This String length is used in a String.utf16, but it may not be equivalent. | +| StringLengthConflation.swift:173:35:173:45 | ... .-(_:_:) ... | StringLengthConflation.swift:173:35:173:37 | .count | StringLengthConflation.swift:173:35:173:45 | ... .-(_:_:) ... | This String length is used in a String.UnicodeScalarView, but it may not be equivalent. | +| StringLengthConflation.swift:174:35:174:50 | ... .-(_:_:) ... | StringLengthConflation.swift:174:35:174:42 | .count | StringLengthConflation.swift:174:35:174:50 | ... .-(_:_:) ... | This String.UTF8View length is used in a String.UnicodeScalarView, but it may not be equivalent. | +| StringLengthConflation.swift:175:35:175:51 | ... .-(_:_:) ... | StringLengthConflation.swift:175:35:175:43 | .count | StringLengthConflation.swift:175:35:175:51 | ... .-(_:_:) ... | This String.UTF16View length is used in a String.UnicodeScalarView, but it may not be equivalent. | +| StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | StringLengthConflation.swift:177:35:177:38 | .length | StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | This NSString length is used in a String.UnicodeScalarView, but it may not be equivalent. | +| StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:177:35:177:47 | ... .-(_:_:) ... | This NSString length is used in a String.UnicodeScalarView, but it may not be equivalent. | +| StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | StringLengthConflation.swift:178:35:178:39 | .length | StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | This NSString length is used in a String.UnicodeScalarView, but it may not be equivalent. | +| StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | file://:0:0:0:0 | .length | StringLengthConflation.swift:178:35:178:48 | ... .-(_:_:) ... | This NSString length is used in a String.UnicodeScalarView, but it may not be equivalent. | +| StringLengthConflation.swift:179:37:179:47 | ... .-(_:_:) ... | StringLengthConflation.swift:179:37:179:39 | .count | StringLengthConflation.swift:179:37:179:47 | ... .-(_:_:) ... | This String length is used in a String.UTF8View, but it may not be equivalent. | +| StringLengthConflation.swift:181:37:181:47 | ... .-(_:_:) ... | StringLengthConflation.swift:181:37:181:39 | .count | StringLengthConflation.swift:181:37:181:47 | ... .-(_:_:) ... | This String length is used in a String.UTF16View, but it may not be equivalent. | From bf07b0f97b196c635629b749191949657246b4c0 Mon Sep 17 00:00:00 2001 From: Robert Marsh Date: Fri, 19 May 2023 18:32:09 -0400 Subject: [PATCH 490/870] C++: fix cxartesian product in constant off-by-one query --- .../CWE/CWE-193/ConstantSizeArrayOffByOne.ql | 19 +++- .../ConstantSizeArrayOffByOne.expected | 90 +++++-------------- 2 files changed, 38 insertions(+), 71 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql index 943faf6d75c..da227e65f92 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql @@ -87,6 +87,18 @@ predicate pointerArithOverflow( delta = bound - size } +module PointerArithmeticToDerefConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + pointerArithOverflow(source.asInstruction(), _, _, _, _) + } + + predicate isSink(DataFlow::Node sink) { + isInvalidPointerDerefSink1(sink, _, _) + } +} + +module PointerArithmeticToDerefFlow = DataFlow::Global; + module FieldAddressToDerefConfig implements DataFlow::StateConfigSig { newtype FlowState = additional TArray(Field f) { pointerArithOverflow(_, f, _, _, _) } or @@ -101,9 +113,12 @@ module FieldAddressToDerefConfig implements DataFlow::StateConfigSig { ) } + pragma[inline] predicate isSink(DataFlow::Node sink, FlowState state) { - isInvalidPointerDerefSink1(sink, _, _) and - state instanceof TOverflowArithmetic + exists(DataFlow::Node pai | + state = TOverflowArithmetic(pai.asInstruction()) and + PointerArithmeticToDerefFlow::flow(pai, sink) + ) } predicate isBarrier(DataFlow::Node node, FlowState state) { none() } diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected index 0b688810262..6ff343ea369 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected @@ -1,72 +1,33 @@ edges -| test.cpp:26:10:26:12 | buf | test.cpp:26:5:26:12 | buf | -| test.cpp:30:10:30:12 | buf | test.cpp:30:5:30:12 | buf | -| test.cpp:34:10:34:12 | buf | test.cpp:34:5:34:12 | buf | -| test.cpp:35:5:35:12 | buf | test.cpp:35:5:35:22 | access to array | -| test.cpp:35:10:35:12 | buf | test.cpp:35:5:35:12 | buf | -| test.cpp:36:5:36:12 | buf | test.cpp:36:5:36:24 | access to array | -| test.cpp:36:10:36:12 | buf | test.cpp:36:5:36:12 | buf | -| test.cpp:39:14:39:16 | buf | test.cpp:39:9:39:16 | buf | -| test.cpp:43:9:43:16 | buf | test.cpp:43:9:43:19 | access to array | -| test.cpp:43:14:43:16 | buf | test.cpp:43:9:43:16 | buf | -| test.cpp:48:10:48:12 | buf | test.cpp:48:5:48:12 | buf | -| test.cpp:49:5:49:12 | buf | test.cpp:49:5:49:22 | access to array | -| test.cpp:49:10:49:12 | buf | test.cpp:49:5:49:12 | buf | -| test.cpp:50:5:50:12 | buf | test.cpp:50:5:50:24 | access to array | -| test.cpp:50:10:50:12 | buf | test.cpp:50:5:50:12 | buf | -| test.cpp:53:14:53:16 | buf | test.cpp:53:9:53:16 | buf | -| test.cpp:57:9:57:16 | buf | test.cpp:57:9:57:19 | access to array | -| test.cpp:57:14:57:16 | buf | test.cpp:57:9:57:16 | buf | -| test.cpp:61:9:61:16 | buf | test.cpp:61:9:61:19 | access to array | -| test.cpp:61:14:61:16 | buf | test.cpp:61:9:61:16 | buf | +| test.cpp:35:10:35:12 | buf | test.cpp:35:5:35:22 | access to array | +| test.cpp:36:10:36:12 | buf | test.cpp:36:5:36:24 | access to array | +| test.cpp:43:14:43:16 | buf | test.cpp:43:9:43:19 | access to array | +| test.cpp:49:10:49:12 | buf | test.cpp:49:5:49:22 | access to array | +| test.cpp:50:10:50:12 | buf | test.cpp:50:5:50:24 | access to array | +| test.cpp:57:14:57:16 | buf | test.cpp:57:9:57:19 | access to array | +| test.cpp:61:14:61:16 | buf | test.cpp:61:9:61:19 | access to array | | test.cpp:66:32:66:32 | p | test.cpp:66:32:66:32 | p | | test.cpp:66:32:66:32 | p | test.cpp:67:5:67:6 | * ... | | test.cpp:66:32:66:32 | p | test.cpp:67:6:67:6 | p | -| test.cpp:70:33:70:33 | p | test.cpp:71:5:71:5 | p | -| test.cpp:70:33:70:33 | p | test.cpp:72:5:72:5 | p | -| test.cpp:72:5:72:5 | p | test.cpp:72:5:72:15 | access to array | -| test.cpp:76:32:76:34 | buf | test.cpp:76:27:76:34 | buf | +| test.cpp:70:33:70:33 | p | test.cpp:72:5:72:15 | access to array | | test.cpp:77:26:77:44 | & ... | test.cpp:66:32:66:32 | p | | test.cpp:77:26:77:44 | & ... | test.cpp:66:32:66:32 | p | -| test.cpp:77:27:77:34 | buf | test.cpp:77:27:77:44 | access to array | -| test.cpp:77:27:77:44 | access to array | test.cpp:77:26:77:44 | & ... | -| test.cpp:77:32:77:34 | buf | test.cpp:77:27:77:34 | buf | +| test.cpp:77:32:77:34 | buf | test.cpp:77:26:77:44 | & ... | | test.cpp:79:27:79:34 | buf | test.cpp:70:33:70:33 | p | | test.cpp:79:32:79:34 | buf | test.cpp:79:27:79:34 | buf | -| test.cpp:85:34:85:36 | buf | test.cpp:87:5:87:11 | charBuf | -| test.cpp:85:34:85:36 | buf | test.cpp:88:5:88:11 | charBuf | nodes -| test.cpp:26:5:26:12 | buf | semmle.label | buf | -| test.cpp:26:10:26:12 | buf | semmle.label | buf | -| test.cpp:30:5:30:12 | buf | semmle.label | buf | -| test.cpp:30:10:30:12 | buf | semmle.label | buf | -| test.cpp:34:5:34:12 | buf | semmle.label | buf | -| test.cpp:34:10:34:12 | buf | semmle.label | buf | -| test.cpp:35:5:35:12 | buf | semmle.label | buf | | test.cpp:35:5:35:22 | access to array | semmle.label | access to array | | test.cpp:35:10:35:12 | buf | semmle.label | buf | -| test.cpp:36:5:36:12 | buf | semmle.label | buf | | test.cpp:36:5:36:24 | access to array | semmle.label | access to array | | test.cpp:36:10:36:12 | buf | semmle.label | buf | -| test.cpp:39:9:39:16 | buf | semmle.label | buf | -| test.cpp:39:14:39:16 | buf | semmle.label | buf | -| test.cpp:43:9:43:16 | buf | semmle.label | buf | | test.cpp:43:9:43:19 | access to array | semmle.label | access to array | | test.cpp:43:14:43:16 | buf | semmle.label | buf | -| test.cpp:48:5:48:12 | buf | semmle.label | buf | -| test.cpp:48:10:48:12 | buf | semmle.label | buf | -| test.cpp:49:5:49:12 | buf | semmle.label | buf | | test.cpp:49:5:49:22 | access to array | semmle.label | access to array | | test.cpp:49:10:49:12 | buf | semmle.label | buf | -| test.cpp:50:5:50:12 | buf | semmle.label | buf | | test.cpp:50:5:50:24 | access to array | semmle.label | access to array | | test.cpp:50:10:50:12 | buf | semmle.label | buf | -| test.cpp:53:9:53:16 | buf | semmle.label | buf | -| test.cpp:53:14:53:16 | buf | semmle.label | buf | -| test.cpp:57:9:57:16 | buf | semmle.label | buf | | test.cpp:57:9:57:19 | access to array | semmle.label | access to array | | test.cpp:57:14:57:16 | buf | semmle.label | buf | -| test.cpp:61:9:61:16 | buf | semmle.label | buf | | test.cpp:61:9:61:19 | access to array | semmle.label | access to array | | test.cpp:61:14:61:16 | buf | semmle.label | buf | | test.cpp:66:32:66:32 | p | semmle.label | p | @@ -75,31 +36,22 @@ nodes | test.cpp:67:5:67:6 | * ... | semmle.label | * ... | | test.cpp:67:6:67:6 | p | semmle.label | p | | test.cpp:70:33:70:33 | p | semmle.label | p | -| test.cpp:71:5:71:5 | p | semmle.label | p | -| test.cpp:72:5:72:5 | p | semmle.label | p | | test.cpp:72:5:72:15 | access to array | semmle.label | access to array | -| test.cpp:76:27:76:34 | buf | semmle.label | buf | -| test.cpp:76:32:76:34 | buf | semmle.label | buf | | test.cpp:77:26:77:44 | & ... | semmle.label | & ... | -| test.cpp:77:27:77:34 | buf | semmle.label | buf | -| test.cpp:77:27:77:44 | access to array | semmle.label | access to array | | test.cpp:77:32:77:34 | buf | semmle.label | buf | | test.cpp:79:27:79:34 | buf | semmle.label | buf | | test.cpp:79:32:79:34 | buf | semmle.label | buf | -| test.cpp:85:34:85:36 | buf | semmle.label | buf | -| test.cpp:87:5:87:11 | charBuf | semmle.label | charBuf | -| test.cpp:88:5:88:11 | charBuf | semmle.label | charBuf | subpaths #select -| test.cpp:35:5:35:22 | access to array | test.cpp:35:10:35:12 | buf | test.cpp:35:5:35:22 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:35:5:35:26 | Store: ... = ... | write | -| test.cpp:36:5:36:24 | access to array | test.cpp:36:10:36:12 | buf | test.cpp:36:5:36:24 | access to array | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:36:5:36:28 | Store: ... = ... | write | -| test.cpp:43:9:43:19 | access to array | test.cpp:43:14:43:16 | buf | test.cpp:43:9:43:19 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:43:9:43:23 | Store: ... = ... | write | -| test.cpp:49:5:49:22 | access to array | test.cpp:49:10:49:12 | buf | test.cpp:49:5:49:22 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:49:5:49:26 | Store: ... = ... | write | -| test.cpp:50:5:50:24 | access to array | test.cpp:50:10:50:12 | buf | test.cpp:50:5:50:24 | access to array | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:50:5:50:28 | Store: ... = ... | write | -| test.cpp:57:9:57:19 | access to array | test.cpp:57:14:57:16 | buf | test.cpp:57:9:57:19 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:57:9:57:23 | Store: ... = ... | write | -| test.cpp:61:9:61:19 | access to array | test.cpp:61:14:61:16 | buf | test.cpp:61:9:61:19 | access to array | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:61:9:61:23 | Store: ... = ... | write | -| test.cpp:72:5:72:15 | access to array | test.cpp:79:32:79:34 | buf | test.cpp:72:5:72:15 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:72:5:72:19 | Store: ... = ... | write | -| test.cpp:77:27:77:44 | access to array | test.cpp:77:32:77:34 | buf | test.cpp:66:32:66:32 | p | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | -| test.cpp:77:27:77:44 | access to array | test.cpp:77:32:77:34 | buf | test.cpp:66:32:66:32 | p | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | -| test.cpp:77:27:77:44 | access to array | test.cpp:77:32:77:34 | buf | test.cpp:67:5:67:6 | * ... | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | -| test.cpp:77:27:77:44 | access to array | test.cpp:77:32:77:34 | buf | test.cpp:67:6:67:6 | p | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | +| test.cpp:35:5:35:22 | PointerAdd: access to array | test.cpp:35:10:35:12 | buf | test.cpp:35:5:35:22 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:35:5:35:26 | Store: ... = ... | write | +| test.cpp:36:5:36:24 | PointerAdd: access to array | test.cpp:36:10:36:12 | buf | test.cpp:36:5:36:24 | access to array | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:36:5:36:28 | Store: ... = ... | write | +| test.cpp:43:9:43:19 | PointerAdd: access to array | test.cpp:43:14:43:16 | buf | test.cpp:43:9:43:19 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:43:9:43:23 | Store: ... = ... | write | +| test.cpp:49:5:49:22 | PointerAdd: access to array | test.cpp:49:10:49:12 | buf | test.cpp:49:5:49:22 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:49:5:49:26 | Store: ... = ... | write | +| test.cpp:50:5:50:24 | PointerAdd: access to array | test.cpp:50:10:50:12 | buf | test.cpp:50:5:50:24 | access to array | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:50:5:50:28 | Store: ... = ... | write | +| test.cpp:57:9:57:19 | PointerAdd: access to array | test.cpp:57:14:57:16 | buf | test.cpp:57:9:57:19 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:57:9:57:23 | Store: ... = ... | write | +| test.cpp:61:9:61:19 | PointerAdd: access to array | test.cpp:61:14:61:16 | buf | test.cpp:61:9:61:19 | access to array | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:61:9:61:23 | Store: ... = ... | write | +| test.cpp:72:5:72:15 | PointerAdd: access to array | test.cpp:79:32:79:34 | buf | test.cpp:72:5:72:15 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:72:5:72:19 | Store: ... = ... | write | +| test.cpp:77:27:77:44 | PointerAdd: access to array | test.cpp:77:32:77:34 | buf | test.cpp:66:32:66:32 | p | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | +| test.cpp:77:27:77:44 | PointerAdd: access to array | test.cpp:77:32:77:34 | buf | test.cpp:66:32:66:32 | p | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | +| test.cpp:77:27:77:44 | PointerAdd: access to array | test.cpp:77:32:77:34 | buf | test.cpp:67:5:67:6 | * ... | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | +| test.cpp:77:27:77:44 | PointerAdd: access to array | test.cpp:77:32:77:34 | buf | test.cpp:67:6:67:6 | p | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | From 58be109a707b9dc70e45202c1c793ea084105825 Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Sat, 20 May 2023 10:08:56 +0100 Subject: [PATCH 491/870] Moved UnicodeBypassValidation Customizations & Query.qll to src/experimental --- .../experimental/Security/CWE-176/UnicodeBypassValidation.ql | 2 +- .../Security/CWE-176}/UnicodeBypassValidationCustomizations.qll | 0 .../Security/CWE-176}/UnicodeBypassValidationQuery.qll | 0 3 files changed, 1 insertion(+), 1 deletion(-) rename python/ql/{lib/semmle/python/security/dataflow => src/experimental/Security/CWE-176}/UnicodeBypassValidationCustomizations.qll (100%) rename python/ql/{lib/semmle/python/security/dataflow => src/experimental/Security/CWE-176}/UnicodeBypassValidationQuery.qll (100%) diff --git a/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.ql b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.ql index f0232b59034..67c61653763 100644 --- a/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.ql +++ b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.ql @@ -13,7 +13,7 @@ */ import python -import semmle.python.security.dataflow.UnicodeBypassValidationQuery +import UnicodeBypassValidationQuery import DataFlow::PathGraph from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink diff --git a/python/ql/lib/semmle/python/security/dataflow/UnicodeBypassValidationCustomizations.qll b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationCustomizations.qll similarity index 100% rename from python/ql/lib/semmle/python/security/dataflow/UnicodeBypassValidationCustomizations.qll rename to python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationCustomizations.qll diff --git a/python/ql/lib/semmle/python/security/dataflow/UnicodeBypassValidationQuery.qll b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationQuery.qll similarity index 100% rename from python/ql/lib/semmle/python/security/dataflow/UnicodeBypassValidationQuery.qll rename to python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationQuery.qll From 2a8645c447df9849b7510d1832a00ab111388640 Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Sat, 20 May 2023 10:11:26 +0100 Subject: [PATCH 492/870] Fix 'Singleton set literal' warning --- .../Security/CWE-176/UnicodeBypassValidationQuery.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationQuery.qll b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationQuery.qll index b15e8829345..336834be2bf 100644 --- a/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationQuery.qll +++ b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationQuery.qll @@ -62,10 +62,10 @@ class Configuration extends TaintTracking::Configuration { cn = API::moduleImport("pyunormalize").getMember(["NFC", "NFD", "NFKC", "NFKD"]).getACall() and sink = cn.getArg(0) or - cn = API::moduleImport("pyunormalize").getMember(["normalize"]).getACall() and + cn = API::moduleImport("pyunormalize").getMember("normalize").getACall() and sink = cn.getArg(1) or - cn = API::moduleImport("textnorm").getMember(["normalize_unicode"]).getACall() and + cn = API::moduleImport("textnorm").getMember("normalize_unicode").getACall() and sink = cn.getArg(0) ) and state instanceof PostValidation From 8462b14b544b0eac076173182d64e17a3ffd5016 Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Sat, 20 May 2023 10:12:55 +0100 Subject: [PATCH 493/870] Update python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp Co-authored-by: Rasmus Wriedt Larsen --- .../experimental/Security/CWE-176/UnicodeBypassValidation.qhelp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp index 89b843e237c..a034b4877c8 100644 --- a/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp +++ b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp @@ -12,7 +12,7 @@ Security checks bypassed -

    Perform a Unicode normalization before the logical validation.

    +

    Perform Unicode normalization before the logical validation.

    From 16ce0244299a07ffcc2e8c2be3c895ad12f032f7 Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Sat, 20 May 2023 10:13:23 +0100 Subject: [PATCH 494/870] Update python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp Co-authored-by: Rasmus Wriedt Larsen --- .../Security/CWE-176/UnicodeBypassValidation.qhelp | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp index a034b4877c8..5717f2b5c96 100644 --- a/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp +++ b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp @@ -3,11 +3,8 @@

    Security checks bypass due to a Unicode transformation

    - If ever a unicode tranformation is performed after some security checks or logical - validation, the - latter could be bypassed due to a potential Unicode characters collision. - The validation of concern are any character escaping, any regex validation or any string - verification. + If security checks or logical validation is performed before unicode normalization, the security checks or logical validation could be bypassed due to a potential Unicode character collision. + The validation we consider are: any character escaping, any regex validation, or any string manipulation (such as str.split).

    Security checks bypassed     From b8969707c515d7313d99710b3c395194ad4581d3 Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Sat, 20 May 2023 10:21:38 +0100 Subject: [PATCH 495/870] Delete the vulnerability flow image from the QHelp file. --- .../CWE-176/UnicodeBypassValidation.qhelp | 9 ++++----- .../Security/CWE-176/vulnerability-flow.png | Bin 37706 -> 0 bytes 2 files changed, 4 insertions(+), 5 deletions(-) delete mode 100644 python/ql/src/experimental/Security/CWE-176/vulnerability-flow.png diff --git a/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp index 5717f2b5c96..5d9944bf88f 100644 --- a/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp +++ b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp @@ -2,11 +2,10 @@

    Security checks bypass due to a Unicode transformation

    -

    - If security checks or logical validation is performed before unicode normalization, the security checks or logical validation could be bypassed due to a potential Unicode character collision. - The validation we consider are: any character escaping, any regex validation, or any string manipulation (such as str.split). -

    - Security checks bypassed +

    If security checks or logical validation is performed before unicode normalization, the + security checks or logical validation could be bypassed due to a potential Unicode + character collision. The validation we consider are: any character escaping, any regex + validation, or any string manipulation (such as str.split).

    Perform Unicode normalization before the logical validation.

    diff --git a/python/ql/src/experimental/Security/CWE-176/vulnerability-flow.png b/python/ql/src/experimental/Security/CWE-176/vulnerability-flow.png deleted file mode 100644 index e1a354717ef1273043075e966df13a19e4402e1c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 37706 zcmeFZcTkkivo9>LE0K*+Ulf4j6_$iTp`s! zspwz1fX`OS;8Tb(@xfNQS&`PIcOGiHsE+*$PeY2M)T?eI3 zWOL4ZypKEvUH7XFeE+P~%lnpp^n9m05gG$S1^t&-9z~Dpc8i1(HW%_AubHqbogr6m z`GxB>5h{_`_<_ToTp&k$0xabQuw|M7b5 zHN*JN&)|7WB?!|>%_Fb!50W7A0HH{1EY1ptGqR&i_+~gs+E1zbR6Uf~-Y!dty8?85 z2~9uw3FDD=RIj~ITJ=tMxZ*8gc>NdmJf2Dl!MGZRo6_wa2Gxs zzO|xYJP;2eO4#x0N~dzei%JD50v@c$2#blVD)5f~4vUI_9()dB$QmL|A|TU(!fYM5tqL^B}h=p5?8_!JcabVc63=mfnK*VEZ5#wi@_sfw$zQ z0goWim7S+B^3cTQ*9Kp9l6K4{AR7pEWjkK+op1(Q0EP*Qrljn_JCJ5@5Lgs~v{pzs z?ASEqQm~Y%L}Vm2kcu;ovlkb|Gw|g$&zEx)JPmO0+}3j-1H9Mbq2Lza9oxo9I~C@F z1{{$ETi5)b&1OaWOlQ>9)FQ16)JMA?1#T-ti3))MM@!Rz3pM?(7ODp2laAgu^7tNX ze6$o}wl;xOL$k_7pNrxp;O~x#A5e!V@U;4?%B;?1=UYp#euahN5hhAx{^akP^L|l@HtTymfP02Y;gA3_w(gidman!Sj%0n@ADZR46{MuA!LN73;I( zze$Wg%KEk_Ijw$HTBjfPWXaS_j(x}CYB&UHtlDh2`fFRUZ6g|4*Ox)l)}C z3NQ{1rwb7m1r8X8{`K}XE{hxBX{6@&u#Oye81dBjGUr{^b|J1fOGU-|@s&cSo^W0AUf zD%DmAD%ldbN_dxBt<_+n(yQ*YEB`JYBFW_QB6%Up9bCqn+1C|R9zYmq@aoP@l z{^+;cFIjo#y}uhUI(5~l2dRS@aT9nNj{oK8Gm@B+Eqrml7@KroRb;uwnbv{f{NQ} zvevoMSXHs+WYg15g6GW@<1(e?S#{Q4@x5yjkDL$gd-g^@&grM%0;~QqKUVtI{^s=H z9^d;Y9>PIASuQMTa}8{MB(N2@(Jk!pNDg2txDq|qH{ZOIAg`J9tD+7@%D64ZpYHUD zRNC}29vQ8{l{l#ka=g`cN{0Q5i#SO>2c~c2lz8=&4g$R=m}!5zT=_EquZ<1 z49(b|PE;op-!+3z%sRfjX6VtiJ>@ywyO3%w{Pb^q(%(AkzSPG)WU8~4cPIS{+c1hO zY_H_Nj#>Xet9}cZQ(*LTGS;JDf^g)vMR0+c=^-OMRn8}*zP zieZvWQO6@q{84784zthhi#$ycGA;0rAoF10oyjlsA~?jJ*~8HUvZ*Lq>Ik_74jae5 z9KW63AtiefyRmmdWg`#S3Swn8f|1AHQU&HZs}H_%>OdB5cj^AhFT>GtQ{I@r^ZBDbJCrcgvdmWvoyC&T zw;ds+-d@_AMDLr9?TS8(${m>T=VENW=cx|7xW%^|0Jf3!PBOpxS3+CEdXGQ1p0+!= zsRMI1lL!Bg(`oGrWGA1_8NM~rn`zmctQ*$QAWB^f@uhcS!;xS6-B^Ev9gT&4uAw8( z53G_$7nkz{RVbdeost$-WZGc4fx6G$GP~>2z{|%uzQS`qcNY3&x*ItvXH{j>hEtr( zakTG>sh2A`&1CUaZcG+N%{++INa7*XPm(T;SIi2xP196o8Kd@*9;TARql+mPD%@w3 z$j|qxXxC=u{>K51at6Dc-x1F8`{USywGoLKD^41kaWyw+ajaK z`H-lzUyj_g=BXd+_9C>N8ny6AFzRY@uUgAGI z0~%i7a$xYJWgCV^K6FtQ-`(pmFxyGt)nVvAr4>X{zN*JFoIlE$9LNdD&gXgBJX zdEV%IAbp?=FMN`f-7)WocA9)wqiXo=368Kw`=9TFwlsPBQcH-MJDw{OcLUCkmP#;K z{v19|g^@Iq*8%O5CtDaz5vffN$;s_sl(HWeB=xDhzk zo?P*(U`G8ZC1y6laYbNk{#O~7QhjaN9Xs?oz<*_=uFBQGb7iQ|8WT!bxtAYjHBzGI z?EgpZV3N~tnRIrF%?o+cagyF(dV86(=&J82RcDC0u3t24C>k)D!H_)69{dD$ijLq= zjqIr|HE8$n-kMQ7I@xSqh+qp$_WT|2%elqDj`rHUKv;0dL*cMqm10 zoL{?USRQ#|7Q(~2b@Hp$*)mVjib~lkH=<2 z3wpNQ`p?8iG4C%l3g)|e4&OT3>)cmSajbIl+V|Ihq1ox^8C0er4|uX|Ood_t3%_Ei zIS>kyr9`XBI-Jhpul#QG9Y1G><0%}MF#E25h~+#V)=}_gRIg-fON)~~UPhwv2^y6n z$O!XPODA_q39^nRU3W%JpIP&>KFZPo^Oe{978o=4Wa(5E5b=qPfeC`6%OdwX!iuVg zEZ8dwKYC$6W-}T1pFJHKN%L8rzkBH)%(jIsgfltDPb_6}Lf&bh1PkO4?o2$#t^D#b z1@bah#&bhR7^Lq+(q7}~&$#(AvG5il2kWKz@MD=$ZOrv{m0BrCvg#hl+L^^?>me3t zO6z4G$Wdq(|FQYNZ8l85=r+Srm3iRV-QWJ3a+gjLGF8O63Sq7(vp0(?7t`MQ zPlMHwcR~l%Pp^SJs9w~a?X#n?)V!T;yTtd3$M8NkZOLNY{a0_|HOkqGN8e2bwuNf-L#zV z-<@RN!0)P8d+!=P;J5BeabFMfJCl0ffQjy%5^k8m=HHPkBMj`(h^XgOi2i=&vvWLbvMvsjy z9%nm;&ktn%nw2;?T3S%LAM(JS^>i=T(;_DSLQG)t1KFpizj!oLg}hp=#AwpH$)d%-u}odiiQYMeg=Ti?5z#9w!D~9H|T3eZxiZfCAO% zbKsHbUrqSMqd9=>?CHWQCb>Htm|9W__T+UR-Pv5F!NSDY!BC0dWx{> ziI0|s5wyK}_F1Fp;@r18{Dho2{>|eoZVFZfJ5rL+Nasi0u?(C?Bdt@pj~1gO?B{m} z6;iR)S-5MKeFaM5eXYL1jT?PF&Jm2=3nst{cCSF?lbe2WNYHw9(^`s6!E&2}_4F;) z+rsak7d2A^SE2#WO-W+iEKBI{oWS#=i&5j`=eEuMlf|mje?KlWMQ<&|GggNai4oj; zn=5MBEzQ%lN$lV@0nWqa@A=k)zZ+vMB3|!Ls8#sd@mzJ9^&Rw(Bt8mFCA8Y=%m6HFi*K;tim+o&|Ky9!J_7u zI65K1eT)ga?N1N8oK2bZ=tc&{FvhZZl{&!%ZSkuY7daJIgL1_+RQZkwK=Z~D$Cw*-xyb<06ZMhdgSY)o^ z6|9nunGW}YhqQ37o-++9R>;2oB+7v`2(0&0mwt({o@(1+W-RngwQiS0qCDd&8!1YX z;p^%uoOET4Jj|c2Mvk+MEf2qX)|Afwlz+(YG`2I!YpV*6LbPocefl+9PR7!a!W|VA z@;ZhG+F*P*L-=~S@_rrY+cvm0M6?1u_XXxJj@Lw%s^kUu*ej6_1d%VSS;%2s3WDN&Bi z^7FJWso!O};|K3wQ9TQx)0TyHN>4yX2*a)gt@*fW>|f8%RgN6+VF@9d z^V6gB>>KJi0i`!dS^B0JC7jje;pn2}dZ#x-`KwRzRjJ4m7Uw(#A9RG|NPIIKyGcf} z{5Fr4lFBpWM%5TQ!^du9ihP) zxhK3k3D=S|DO^#@C6(E#cU$^3;%*^`(s+JfME-qxL>R3oM(59nsL z)eh*uIYyix&SmWh7l^QXvOX;RlP8P` z_34`3lM2eQvWFR-aO>VI8@glR-OLw^VF6@{uaBf%x>-D}r0AM4?2}+SaRX-S@px7; zLi*dv>pU_NJy!}-)xg}x$ZDH{qHF9E;yU^A=!x8SxcFEzo|K+eKuf?DTFudmjCi}e zb%P3J4!Jb;rUTKiHY#+g7ji><$U2fvXtjXs>F)-qIe$dC&1WL40@~bgc9WgB zPLC&E_2A?&qdi`SMdCMG#)=oe?P$N@s=Q2|(edZ`2>gk+BM1Gkh0)SmN!N7WrX;o&V0^&@Q7ll3jY$xROe2n*xaM zUkhujN~%i`=bn|-qx^)e==GU#`B-b`vyD-WwHV>1Lre*#^%)xt`S*Zdhf;*FIIyT& z4g(DMnaG9?oa@jf(i^FhWW2kOD&{oPa@&em;j9`?3e&b)=2vhUn#64bGj)9@s&S2F zu~>)IM|rf5${y0Y7Fb)Y(ocMRwn=04D*U<2h%J1GN<%j7vDPu!>h0_iOG6P5D5^7b zolquz(Z4&h-UJh*+qSS{%^ntQVx-b|o~1dX!Y9)KFz>{}00zepxLCkTxRuVg` z6^(}fz}pQPj?VKMc8bHvd~E+yY7N%2iZmCwVyZK|!8a;dlonQ_x-0ntr-^7umn!UAgG zLPyN)nVsmFe2t#toHb+Y9?eV*Y$N1FsD4Ll(~NQ$Pcj7=B+po2(zL6+(D-{HNm+I) zE0VSNSjAUc72g+olFu}peVY@HkUOt+t>*3^-H2@w%?s#aw$;ik4SS1Vq?7sX#P{73 zTr3vMrW(~Bx+%)N`4qD;nV-%GTOXNwhm+YEHyLnUAkXuWg?z0WNq?qbs1Jb(+{6CE zVW|L`f)MFLzj5yn+_TYlWoLYO3UNR3QE<>d^Oq|nI*^@F;ftmu?f!rJ(Dl_vw(TG^jedQ6cU)!w0o{nd6?gb)^uG?;>kpDX<3CtS#$V-G zwLhlVXlc>7jWChW&muB9Ucvb&V^o78Rvvkr^MD{?E;_30wXb2A%qaE7QcD(3?Qknv z>XZbZ5#CSomnz^G92>=fXHr+G(B$CSdFW&%!ev1UT~BVG^2nXx^0xS$Zg-0*>BxzZ z#!`ByItSBwd^&jJdKyA^iXpq=`M@7+$jtj@aQs$XM#cCyZ!MOc`R?-MC_qv zTRPoq&9Up3yV7^X7T=P@%J9yNaKzxpN_4b}3vsDg!LH7K9Ad;1FL?Dj1#3__l;!U0 zpt#~kqaHz&65^Q-#JZ|wK5nyEL$^HBC(I&3KR_D(M&Q;MP-K2DmU{8=|{f?H@= zW|AP^>+lC(N@JWZh&IB5=>LM_XDt(Vc=WVtFgOuu24O3-yfU1@BfK-}vIXZ32qh|b zuoZMZ(|I?g!V;nQVcqGG2Nep!azZ(mh&A9sPza;YSc;zt4Wf$d0vz&4>=jk;)VSXJ zGagw91&yO*r!}#Axj|UQ?A%X=kPC`Dv?c6@amA-V?$XfPOd3KJ&`d!~$p#PJgCL^^ z`|}PcxG`u>RL$Px4xWcV4B^10EEp9O)|l-%Qldg>f|J75_MUbmEDtoJBhlpXNFRt? z5nq>^T=9aSxtC+`AQ9;Tg@RKRrnRvNq2Q3yydOJZ0XN{GTKpQXDz+YIR#EN1N5LBb zxdo|mQcP4RI?!yDu;i-&uY;)Q%X!8d90~c_1>q}|J-dxu@n#Se3xhRD$To-yW+`(Nwk-sE3H5)`NI>2J&3csESX3wx z@U&vBGY}3-gyd&DfAoL~B@C#T-&y*l0iOkfQ^jVAa0OR`>v(*M%|ZbRE&!TK(1%wD z3$B8vy-ME4%GkY-`~-LWLr3;Er$)lFn+wDMwoOzAn&7>DWCP*HC=G0;n-1}E zzWb=w=eUJRVMP2=YGjd@fHhnSQquOUXWRg14o-&lT4m8}3xr(5SD+?GY_dxjTp!X* zyPqNX>`=!$kgnVsoiV!Xhzn_d5G4Y3Ih!6(8Gbu@vM6YR|5Qnc5P#5A`iwIcV8}r* zDrn#5)frH(H%Z4?*%B5Q==$ z@stkw01E~TQ@s5ul?X-;A_wEiTWsq=H2fz_4T<6j7~%5%3{4Ad+SZS9kF_B<{vqJP z=^+>jyi|a|T0SaXqV(}EAov{iuOxs@oUwo90tE4b-)3LmX1|<*3rmd^+tx!n1Cjs- zFds9kU}o^Ln1}Fgh^-cC;2P+p9a3CUn|OtjJXlbboR~zZwT&-&UJ7=k-fjRsl)4q=@+PLWHhCvEj#JWNFY4RFGgFmK4bk@Lov&9IiBFLqq7t04m-Xht6H<-w22u$4h^j zL0xv_hV(C#0YLx_540WVpDo?L6#Tz#1b5I>>c}1&cS#f!vui5T^QX< zqA0=4REp`F5XV?DU>V14C1Wp_!UYNn$L3mhLmXSkffZQO>bYD=q#x+lk;?1K331{E z30He`-t3Y*c;nxduWKNL9-%zK``eK~XdD2(14Wxwm<0(FWP0!=^Lx{6r<0X0GvSg?lfJaa*p z3_OI^Fg!!#GKWS6j5q#}H#QMk_(Xs#urrJtX+u9kJp_aEJ1~=7=KCZu9?}u4C@{Q{l_1&6OKpURqD(%z6nO;*w1#AP%#~b{@eUSn_Sf)d zlfQ3={Iz>;`EZG7&}%Y387@~j$R7;3Ud5n(8(L;(UT`_YGHwoNT%T^fKsW6!^zptF zxSI&_H9F54*DviZszn%Z;_)*o|I+3&b5>aQ(f$1N)U@cFo&HveAiwpO~3zrY%3l_{{B&-PzAOntuV zvNRwRLB^6eRH%7lHJ)O}kMRGkH(DN`(l_&)WsYcA{dQvje4?|nG$?ZS%^i*9`hT4t@Zb^1c1-NgE~DVTV584|ak}0+<-jLr{pw-9 z4yT93zYG2Qe1to@f`;T(w`Gcv$k>>aoWuWigw zwFY(Rz4DA?;rk|#QeK>%yg&WqT{Sl|Q1jIzYomVf!|6D0c8?L(B_JqW{Icv`r~h5# zm78~*JvZu>Zq>Og6zJwERoagU|J*;>tn@o_@jjUH%(}Q4gPFZ}1+2nGUjj=a@)o3^ z8dXlZToek}A0qJ)w_XLF^fRC~%B~yOBZyr`o47-uTb})9=kU(ej8|0AMFm>&SlpFcor465wdhBbfx9yCiO@9z`|7U9mzGm3YLKY3_x>eN~TkstU^8cRs zbvsGM)3NTorFyC1`|Ph7a;A%4)02jZlsl}ZoBY+IDeavWLC)sNgKZje^mUS933CAK zc|UE%PM5I1S9B0!K3t@=@QF@n{(bX#qIQ-{-*n)G*7it&TG*|pBr1mq;3u7i|Y zh9h_c_=wv<3~k<@!J=B99&Yb!_-<aWkGkx9|Fr|pO<|$UT4lSD5_a5Jd6R&ng{$3qo-(@$E+aal z&ePu->M}ukkbbSx!^a0Fn$hM}i>+Pr`Ei-$G)SV8zWC#K^}btznft;^{Z9_YM~1@@04?Wpec;{s z@aaS}!wsuc>7OijDr$c@ceC)$b;tBoKloh287sdz>XQI6%w+8CiljG*M_zc2$)n$;wmI~O&w zQG4dmn&IcTc$@dwf`dF~*(dwv(~N4nAGZcZJ}l>@uq6{`6W=cmSdSL31^`^Iu}+u- z_D=n~<~W6Oqs4(&sR`2bwsP!$-<+Hs^kqocGk=If<&J%vt~20Oe{%ej3xojnnZ68a zz~z8;6hyE{5mTX2@ZXr+_eIx!jL^^{dKH*G_HuN;>*lEt+D;YqQ?6X+(GMOZvX$-+ zC8V}$EE;a93pCEMLzFsoIX3^f*H+3|50&M zz}c~OC~n}4Qu~WCgZh2SM}!!xmHRRh{kTWl<^e~A$-3R-o9c{|h&1Lir-9$L#aTQ! zY<}M;Nut~gSxB^HXJK_pOBo=gU}d=GS(h0ngYR-YyUS{6@vRFiocXo)&HJaOSoqZL zFbY*C@!dBB(&|e_21`U(Sh-Io{*K+}t$Bk`JRaWBk*7o~kuu$MTa;Frezv%*F6;IU z<2=I9P#k;W{CT(emOTSJ1I{;v!NPv$ktH2VA12pA=#DT_aPs(&ZDW6@bLx#fS5dQ? z)#6}|$nf27Dt1XD0oAjUIM7f4xIq+E=B55@0f!IONy1EZpuDHu}Np(T)K!)9)ugK6ERnhD{e zK!B4e_=XfOvp8fnGhr}w0#Y)LoyN75jjh7e2dgww+Bx!aI14`*8Cqi3x#Sp@0E#nk z=*{oG$NR>p<=qK7finyH!Kox;=0ik8QLA?-wUp zc@FW6Nn9&GPWpWjgPtggg#mG)CTmecU;kkvT)ybda10GOjb(&A>RB5bqHLVsgDvjG z)b8$pjEG%E*w|8ABO3=%d3jMYas<8;jKa?V$eI4*_@WTAV^fI*V!e3X$K+vOQA;M3 zRxfV5z7V?+j&*iI%-r_t&TG|c`rXnEheoPqPgJlUEhxoIAo-q- ziHmr)ztBSbS;qY+=@5(7VTysvmD?gwk6k3uT!{2(|AVYuO9f0TqF1NXLRGwVssW8J z8|TJe@K#RjN&MSUzAKCze1lK){)!0L`5bJpcxcT=@QJHa-h@rG$H`J{*EzA#Z&%#S zfAr^0ZS5~rMs{Qe@gw@Y@%LGx9&Zosc}~47HE*ESBl~I(@}<*9sfVyA7nEp7+FDh% zzbSf*HeKbTA%DQP%|KO=11=h8H|I%Ea80l~A`B&p*^2+B-BZ~u*O6c0;$;lV`ucFy zfqiVM`b1)C861F~9*!SEqQbH7ps}l%96H(`Uo(^@(|+=*@MzZ8t$5hqu#J1QU{1%l z93S~6v7Y^|RlIc6lad$63_K6bS-!yBz^xkRjsAlM`G_Ua-%JvA!OOTFQwj3(jucWn zIV_mmw4&6|GRf;KJ>Abe{4K>aCF}wuR*-v@U;hqI1J<{!oejK369qb-T}0tF()@O|qGe zBYGB1W45gb=2qQpr{p3Z_)Gq3xvdr){i~g2$C5C^60hqQG0Caq@`vy|e@clU0|w0y z<)2FSv@Koz{VKP0>6!TDaO;2dWNns6z)A1O`jnP}oUmF>DVx{_ojBQS1$rTojLyM_ zDsSj^_VvW0mDb;Ga4Vkmlf)c4eE%CJ&Z{6)mT#im8Nw!$KY+#m$iCVG51-2F$L(gL z9HaM7fQL~nI3k_*dt%Tt>}@)7`WEHSGEq~9-)LA0 zmf&|`GV^?I8y8YcGlxCmi$YTH3- znKNKLlu~(()q;B522-G+9fPH9ti-5uub4MoDth!u*v}7=_*kK@*!0J)V)4(uNA0#Ov7Q_D1LVhlodoD-hJQ9`CyE*GsIBeFBY~A zE>{*cX9ypFkidC6aI}$1M6gK9sR6=Rr%t_h{0+3uX}EZ z4B$e4lxHngCQqg$3mL0GR57LAqlS4jDm=#O(d46N1t;hZ%3~l$kkF7|AVJwQ!U*+%bYLyvE}Lk%FEla za>M9VGXH^w)bdqNtk>7C%CtLnj}%znzF}$z}eEyTj@ij%_PmAUaFKIzP&(gweil_a2+b zT@Y3CoaL*nW=VaJllXV|I4lpgqJ{WDKx)}Vc9vz*v#!msnme#w=hJ5J7L(iXd*!;B z4ug++zPJVJ#KtHFqvk_JISTKh^%+#*3ZP(}iEs}aZiS0a6+f8WwSQNq<~YPiuQK%Y z^bC#P@GCA$FO#g5&ZO$$hKb@ToBoyda^7g#ZnkD{erj`dt!)yF$}{SiVlGNSG~wT4 z+qT-^!WVRZx&K|%j|$=#@rbHDY!O5n=MU#r(S+Q7=FJzGu4v+ecg2+CXkm*3CR=HQ zC|;^x>ug9B-qJAQ>7pC`$hDd3A~BOa;>Sdi#M6b^{LF{^$IXUoj@uxEe3RM!MV4je zr;xU_M8?Jz7MQBr602(Qc*0G7vG3XKgtAV1GtqO2pZpm`kz~HkQ-A#piP7K57s;1M zEZbLfC}h1@Iq>SIoCKY(iMp&h^C;|$alXKJJy+mhdcWrUp3kE*3x6>iA6?+|yrrM5 zeyPO1<(<^;i+nY){SubzfoOU(waRt)J|Q;Gz=?626=73iYr@ERe7ao1r=i z?$#Aur#H@Z%p2awsZgmEg0MxWYG?0>HJ=2g$bOM~+s~tRDGFOWW4`SseG1jws^E+} z4H(HoR@AN;$NPlRaEUid+HxL;{f)}Z2$eA+WwR(;bR}kJsOtS`!C{x zhdF~CKt6U4o@~HNm;)SgsIr*!^=3+1TRXx`6PS%%+q7!M**RHt=}97XZcZ_jmyiif zn8?ks;SMhr@SKvwatOo9in`-i%Q3hE*FE+Vp2eMd_~EHv?VO??dubvVL&HpC&sI2S z*|1h^KG|hIRJPTSy0jI5s6!dFZYXq6FwdrERECVI@Am5ah?<%aoMXjXA3rZ_!-|y} zICx*A&BVN*<@16ikN;v==IZUf)o@#to4PvB>y*)OA>0GAw7#vpaw$Y{?Ty?>)-0mO z^x87Q1R?aTMwG#XTERq(4;jC6sW3X(GHnrWQXNfaCp{Lmot?fCnGJcVukI3HJr z(f9|>89)8mnsu-pvC&j;qP@BYPKULT1fM!6E&7!)M!Q;E@wb7$(OWR+3BrQ}T>7#W z>a^Z-s8X*xBH_eOK?v@;SBv?>*d+I>Rrt&rZACiU@z+QEC<(cs5FHz!&#-1(ib}xEPUV4Lsm~~u_Mc{ALQew<4rU4p-$wTJ3O)wc;&~Fo z{ae_j5RUUhunhzkGYPqrWC8w1*dMm<=3Jpaq zqh}5!s4AfHTA>sSLZihIFz)dyE}s|cJqUR>Bw}2-Eck&3p-I~PFe%6yd?$E=K0*^) z6vFf=nVZ$HKS2cuo%+nYgyW#nr`7Sqd5>!b2;yJot006cmd+v^s44)c6Jm`w=cEBw z1Cxk8pBqE9(1E8%;cFd?WAnofc_LJKmD zKv0*06A=&tbASpmq6!h(R285^H)LvmZds!R;8XbT3l5nHjUW>A+nvX`EEvFdeI#A8 ziO6U$$s<_z`-C7N@Z|7;rdtEs1BC1=eg!bg5qbd$&%C6`0hJtSkLv}T z{HYO~c5B7GimG{c-+Hy$w$h^YIU?rPd?{~^+wte(r@w0d_QvJ`-9QhZb>flIU~i)E zuep$M#p43)UGAHMidws37&QQ1RR99(i69hwS!Gk46PN-5M9i~WSNZi-7$qGAp}IEz zlYLcx#lNd+@7HAhJs03dAt+*t4QT*{1SNyNc94i|ClI*S1nF$nP>Cq02x7iU-k%|n z1cF6hinLyd{r<7ibdq@?xBr6IK{1_fuD}aLe8Yw69|g~l6CVHZj8Xi_j0!FsTmEd% z;K+T~MyevPxkXg|VA6FV4U{=}ikn>5%f~CqGA)kXTmG)R;qc=YNP4tB!0zo@ZhwKV zFl8;dqg$fOo-XSDnS@E+EJeh8W9f(AO?=3-Ub*7|3Q!^Afg97to`94En?x z6=C<|O>fZo89%GORj{6H0h%2_Le&G|oKhrdQ%T55X#7ttAUr8DC;kz)R3(mtk!HUY zWT_Kmo7Q`jL+SovmR%(LcPcE39&bMRsSnC_WNke+8^sPkbk9cvkgiX-*{liFz%WR= zm4udgBe^UOHl}vsBa>2&&oU(JdcLc({UJ!J+g(|hZ4hmFHU267k zr9)C)Tdz-#*WN=2L2p|aah7*}x>REkzYP?jo^(F>^St_Ib&SF(9KcI&{VvW9de1*< z_Z}F?78DpG_^8k_K)-7_ts}VNO@NW)_?7=UGRW4T_=|al&q%qcWVc4lsBW{jcTFQFOfkb||na)gM}pyvFPtLeM{GLX7dK&ZoVd zAJ~AuYkc0z``j&G^COzsUzw(kxQNM)(HMZd^WYBamgzZ?oqWwu`#Qet^q=z+7EuFG zvc2?pdFiF0xqF_{+Sq%~RY4`%RHG9RJ1WSwGqvC9d8}S)Nwl zPCbwbPbs>cEoeW&Q|R`4cX2S4?T$FJ=cKa>sOOgYd;O2QpQ5&5RP_MJzByZK{cq8G zu$R_4LB%a`-3CB+>ZP-ye!MU%Boog3_I4=dcyB`p`~kw3Y+5mf(gza_ zDy(11<`m5AshZA@?Y*65kdM3BNC!@y$mJ5^t~zc9@!htL@gn(-jxqf@yVNi4GV|^k z@`IaZmgkdxWkBBP^}%lwFJ%Q9;9ubI&k9>X4wJQ_%CZ*GAj$eA02-~Y*RFIiEvTK{ zuvs7Hu|GG8sE44KGS9DZPs`iWWlzLLP;$m8sU{tUH|`@=bH5?ifoDv~^t@4-gNV|H;W!UaBS)yMm+{Wla#w;eXz{MBo8iOI zWPTMbILTDMiu41oZB=i*3;Ofs)14@{)k&%0s;;iVH*!uxbfz}I;+awYH-P+iOq|)p zjX{L6b~oEpOqYgcPgvmEpPH<;Re(JWt_WV+-U4<0ed|j(gL^|LOm1}cvfHjujg`-6 zCVVe!@lauJtDRv$aFrKN_Hc$WDgB)%*StQyOj!?3lNGbM=jsqJo+1bKpGV!wv(hdm z>>2zm8x9Tj=aaJTaC<6S*?gNlrVvSp@D;zmN~9&?Qv5LeoaAba7t+7uBO~FPGT!^S zH?brbHuf_|;YK6RaSM;bZ4^sE8CVNN3Np=uobercc61*zY@}-*_B* z5Jnr%%g>7a=!y1?EnsA@n_&d-DPZS2Y#y$A<&^TPluL*Ou>{l%XS@XEFwqgxy&IYs z3Q@k&`XeF7dLhm2E5V|QB9BgP6Bppy3n@KedVj!AqnALfCEG$6sD?}7G2&}GK|6ty z@y5V(IKe4Bqb_NdPUwr{?}j=9`m^vNzT75EOEAv!q+(sk8AI9EWUx}*Gkg*!{nSa) z@1eq<>o@7hQJmNZ+?uIh^v|kXm$Z3*lztw)Hj`Xt1k(72HEsP-yG)LV=WMI|YEMjl z5Xlu??fjz#f{=oXnl$9b7s7h79sAEnn^mztK@NBSBW4l8L*Tm3P#g8kb$NH&D*IRO zUlB^c%#K^ez3k1{saot4v3@;D5_+?MWuf<#670@Rt0J#VP@`+%U?!PiCtr%_M4U_>O^`4NrB(RbakphuROr+XEw zo2!mRH(Q>~V|6a`-O723`|H_iLJ6p?2%{uNe0bwptgTLyP#>lvh{=6Lm%{n z=jzg{XFl-wXsqAE20ilgAY0(+?CIALnhu$#g#HS7AITp-VZqbBUlNvkk9?Q@$S#~kC!1}-Is>Wf>3 z;Qev;v&0}R=yFm?*L@3H6u6ye5>j>dwo(=06Yy^lbIe+wLH-kOcXL`1@sDpZEEP=6 z;Gb(4O6m@4U9a>rGeyb}J0&lHKTu%7r;(YIVrTs-T8ffrTd<}OM5nz@tE-Krwv4&A zYrzKr(!#@29$&Yq8+D&H6mitOl1eA=6bw>lXq>*{DLdmeTEACc;*Z=uw2RRWnpP?A zMtcn6z_3EGgeTg$9c!ntWzL!Q<~hv>@b&PV!#_v!l3f*=+X(Mp{W_QTdAGX4_wD(q zA}w333{L8gV7ZOSmhBI<4S#T0L{un;>H$)+7?E6M;xj4K73mY6zo#AJW8#XXw_i!8 zFgVKbL>ycZ&l7UJ&@7D28rXEuHS*gNW--D;aOmP|RM9qCmhuU=#e%ba2Qdef5 z`CVVzS|M+MEDz+Dz5py1$y+UEY*0X{nPb-h2MS1@9ho?Va#rmL>E8cZL}T zS~jkKPaQod>07%Gt9{B?Y7q6?M-#YLi<5HB>8$RNBU!9+J_ywThkwR(FkowP#Y#-8 zU~536(5yQL^4nd3{-me15mw?nUg%C<>wX+|^?{Q%;UmsqD=0j4bmmu2uPi=_TK-!_w&5x{qlZ!&vmZHPt(Qv%{Av-W6e3n z9QS=s6Zi)30uzN*$Q2PRw3)uo2D@()5|5oTuL;03RzE*?H0$D@QlOUA}W6Y)X; zjW+of2@VuYhGRdm{eOP!t^04@8aTWtc`~GaSv7$JRB1Xd_I3!4v%NKP%cbPf)kJ9A zg9V0H0ZZa&>&(FKY|{|LV3~l=s2EorIm6s>?%PtNBo?x^)38M@U_Iyh8?luiu)lPI z=e^j`o+oi;VC1=X`*1cwqSxcn-0|-FyM^4y+<{Gap=}xP1ypx(wdEM-Z?u&M&2$J( z#uV0^>V0`K$xScn90Lws8$jzFoJ{_u>JYP)WH;O1BZZaW2+B+sX%t;^i+1Z~aG-Y}< zjeez)GrY6MhdbYEJdYZF_2=K?w|v%0Ppr?Y?nIj}=*Z}~+XLHyXs`i@*5-kYpMeH% zj*=H6ND@OBVUbvG{U;tp!oA*wBzHd5C8b}Sz;IQsBqx+cSo@c?+wGs+hI7DP|9WtWO=Z9|Ug7+Df5O|i z#d1xu?B-&W!W@DJbzb}N9fWrH#a{gt5U=*_Kj?fHGIYpL$kigY<=>txVO%qGeG&q( za7QnN?{CQURCx7&CK*r8+vYrzRK8Ufhg&4+DH}#3kWnNb=r#F8P5ku0G&V0+4W!OG z7PE9eK5!WSJfsXe1N2@NfLDmFO10F=Nte88TvK(9@g`SarQqqNpVP*~Nw9rfkov%G z7QkhU-Y;I8$mtsXZ2i_Fx74*3c#+^Z)|%}G#N^@Zt*CqlsSDU9QIauaZCw^R?e8x| zvd%oU$Hk_lDFQEpQtl<}5FtFA6uqP!V&u!sZ)q@wcQ5LgabW41Tl@8J8TXkN?B5RXDdxo17(W0A@f#)yiiyz3 z+c0bSV$W26I6c2S5KNfHok9Wrh+p}J*=+PZ@4KzlPYV6#`*T5D=-1-(FBh3!e?+Fvo&e+HS_5UOlWe|Jdbt}pw#!3Csot^bupszl$IXzuZxY-IgxM( z6cmK>>&|<;1#L4r5m(KLo*6s5x~n(jR#@nH7DPZ?uI`xD^s@36sZg|I13Chy*KBkg ztw-kG&#o4^q6>)Vh+zNygza|z&IaDjJ+5)#WPWq?tmbW>bpsil-PHjVMD*cnG<$?< z^S;CUt0RDY+UxX8RT1B+_euPHKG};CbW@&sO(;8V7HS7M)%lTp8(OA}5B#ZMm62Mf zrJ(e~eWODWb9pQ`dRB6OdHlx<^%C20JxztpNRd8Lfhd|Z+FSkiPo)yALkGqyEZ8vB zxtnmY!jlghzADs`@~}EptveOjsXr?#$(#i>F1#(f2$8wFIWpq1!k+J|R2w~*n*uE< z(K|(02#QAHcxobrX-2LS?IeOAUNNYmsa{d$Pj>HoQB`Km&=BSrO28)@R$(EF+dQ5n z#r5m1+;^vLRr_E zZV0V_(o2U!7?;<+VQk73`K(hkX^iI$Ttg zy3u#Le@8lgR?ny`M)a2gT^CcM=rdkv!E^}Tokr~&k6^5PAZeIX;|l}VBo17{gE-uT zSAFt3OZF6ewzAHGvV^1pK7RCT+d}=sDS=ami03tLFBna1+WRK*t%T?34fFj`4Rw?{ zTE%UbzG;qhBQy*&>A>FtAZrdY{)aBS z#Pk;!lIJ`D@*OMg<RoNi?B=dmD~6IBs!qO_X&s%l*O{6Eaw~Zy{DSL+Bzh>~?PkbXE(^WLDa~q^efhGC z3aj_=l%2-yp5j}qMDJ*=_%+k-$0Z*w_`B8#FlHNw&>3%ABivWfx}54O(s@ znY^VTHlLxp*0amiuQB$4jLN0MANm^OT6e8q zNY3h&$gb!D0j&2_crMFa=YJWe#@|}qAf5aLQ)Wgx={TRZsmBuo@{0y5v@q)imY0-6zBO-HMig7>Lvu&QoI&Z zgXk2fb4A$lzqo0M(j@J{ZDOeT<%EbiN%*Dw2tzHczq8A?$0Q!1TU z@l!(rGoES%^>A8ub>xJ5kLFtGon$GeDcA;ZUY54YzdAfsW+404js)9E-{hy=%(UvY zhCt1+54nbA`6N^|uLp8S!UvkG>BVlV#!=pUiTg6hqSg_SmWqY%PDKB$BkLav@X0G7 zx~&)V))}c&6PP94v~Q!7{S+~6pUT@-9R*sV+@q5UZW+_x6{=mJ%%1=L_IqE&N)pPk#Mp5iO#xov=&d9P7tPRdZmK{Q+cE`9uw zO?Y&(i&o^hdh*e#PQmOZ%oaZk$KXqNCDPw4;*$bD+l=r%d%8Xrnr0EYQ?XKTRI8sT zkZGAWAzgit=#mhfUU!ZKPeNgf9}AP)+d3PAjB4v~pSgX6jL??P{;YPzf}Zhnog4YM z8Ly{ru2Ow|(`4$CL|y$-V@%JB*iO+5Y9KOFFZanS%<7%9%D(>$5Lg< z#;`LC>lFFe3vm97LWQ50WL!(kav`3=dEipNGwwD$@;dI>)ffkl6AO%Vys}@^J zKPdr6ffz`tC3qY{vS$2BOv^Zl`!3t%o8*7QI!m_qJ0q}8BhdQZl#wekb-<4^%6)~! z$Q8-Jc&|LbBlg2`KxjEEAZlNVl6;B8pJXz2 z7ug~kp-~POc`Mof6=UN49e5&x0kl0NB)7CRQIEjVM);{OFFtPsUKNt9YxEfr!)HT8 zri-tUPVQ?Y2x-CY4Lg9#okhZ(^o!q?IlGAP;s zyT)v9d7wrFq~Y>1A*$m83egB?`4w(tEjKP*W&q;BWl)NV0e3W$b34=?5_45Age1v> zA!Q#_W@5(97FmG>m_oa+BX5npV&}0Yy?)Xo0=u`Uq-nyqbWj;R{WE;8oybXmUh;~% zFZ(-0fk@D4KOG&N2x&w%!(VC`xiT=KPi^X>A|=B~+X`HDH-E42Jzegnqox(z(?H_B zM=vNzo^8)XfkXNgNEauxy^Vsf+jbfA_kKjBYa6KM0l%)R5${+`dTT0zD)}B2 zmET@rJzE{Wnryk;3N#ah)AOz01vHwma+&A9zornnT}J);RyFnSd11#n*hlJo0m`g<^fUd-7qus*n2U^yKJan7n9t{!kPkfpy=vu>kU~>Yj3Jm#4~A zo~1o%7zck_h`KOW6Q~HOq12*-hj_mp_vb|Q*B(3wQUZNt{_%zrXrH`c529~~D8wPW zoq!O^sL9to5UW8tyCb^V%Jc>+!}?H6C1@@h(yWN8yymSLrgUHk)k;o5^Mj<&X1p`?Y!n$!0d0EzU-Khfz*QPR!q^ zK?D+a+W9l>rW+8N+2M9xVZz}FM61-3E4}5P44iu897+evdv=q=rEg@jLfPU&nIABmY~5+KKgl zuwocJOLjHc2{)vyhk?u&0;?-Q;vzkrnNWl+E?t*9 z8Hv$IAO(qF&O1Lp;yW8l2m5&kerr=cAdM9f{>i2(lyS=>;rGMky25*(16_U4#Mb(6(WB#h zwEMUnAn9?tdDxNPyrs$OIYINu=uncFyBX|;Z0~4D2uoA#v3S`mHjBTbZ2}^T!3>^a ze$U>@kmv?RsV|B6B3_^zXWQAqEQ#=zKgAruNurP93PSza!17|OI}kge7gd*|wTdn> zsy$j4?W)Z)I(w1%7rN;m?2r~dV9a6=t<1bz#|ZDOa(x{~;e7Z(2EaPJP>*&k*!gT|Ik)gBHK zZQ0Am*OQ~t<-aO$s;biNH&Jv}>5nHW@Um1(zsp5JzeB8 z8bGb@+f5ymi9v9Nq>xy5xzc@fwa$TR{LPLRB`JqwBwbc97!8F#PWH{?SkuH2 z$U^Ag9vU-sF7?)R*;pn%GaB{8=em9u{W$o$9wUOOA7;RPXQ9b`2Vt~&Nu#XtaWSLl zqfiO~UtZ_z?ZdU!JkPqUO!-gJ)(nAplC7gFqo4CW4XXJG(Y*ISGWXAPumx#Y>`9qP z88LP2Bu!Ee4-LaCVj@ZY18@5qJO*+vBj-tajEbb`g@w2*6f-Y==-eLtY(39Bj_;iP zqwGjnsTrM)V^umxq#cCp1f9#rJ8KWU!1uxOo?2Ab{>do1=f~*YemESAyNYA_c6gi= zf3YAuZ{*p{E9%h#4nl6aizd~(3f?vHDq|fP7Waonc|k@m z^xbn;-Uru5M;*LRLkVPut6#qqaq%Nk7uk|Ml*1;`ei`a2X+_4uzW&QUOY=3?z21*X z8E?)XU9Y&jSp2B4M6my)i7E+etmU`Pc0-@hSrKry_=)yap~lG zzG&m@6}58dn1&mLwRv7PvRhL@7m_cbyCbWYwP<((DBZ$>80)gxWI)$E_ zXQ@0qEtgn-ciH9vd;c0oys1f4`1QWm(&U!XW#7@fBTd60Z>yi#8cj@dqwO#XSVAl~ z*;WLEy+)BqH1h9?_*E@!V1cFjbNG=FHhkYq&^1Jih3AknzRLoGQL=l zBz<5wg;mJoWXN>Ft|!xP5_e%Oy)!eSxa~c)IXLf%#*Tuk!=^;zIhOab4(~r{!mN4X zym|6#wpAST&xcrJeoVL*?uc5rp7U5_W;X;5%yEJIr?4Z(m$(uo2VD5Wpr250^uvCR zZR&-jbF<$hWPn7+ByWX9ni|OwrfOXbq1U8zV|k5F{KD`Q-}h!t+8QFanHUK#h@C z%8jsvY}C#s$M#G#U>ZgSGbu<&+6mKAStyW_=sDUINeE*4Rr@iU7cg;&+a0RSo{nng zxNd%Dm`RDI^O+rL=I2MKg=IY`H`>`ALyk&Qlw~q8T5AYw#Hc-omcQoJ;^n3 z6^vgC;HSzBu8$ z#&@2Fb>HK8Ru&AwbgwO^HS?}X2c|+rtHo0cP@W&ROTh6@o72@pH8uXhrL>~y_|zrF z?)bUx$GFJ2OR_*rmKSV?kZ>I-h_v2B@XJ4%OCcZ@~$`aM{v zsJP5@nW=ZZFYe+leL-v+=F2jzqQu)ftPID+5p1A63LU-ANYX;o7eN(#asP<^HnHjx!REwMO-MH(bdUVNx6U~Kw{fEi3-_G<8+fIV>z!#^h}vB zKk65yUcZg{9RhZSh5bs_p5t03O=vxB6BvRwjdhLEz4EcI2oCG&n1|J1{uNJw zYK~W~b`sWfW*M)TGr6>7Ixq>MwXV*nQ;Q%6c3_C&C zKjc$b?dTobug8X?|Kem|IVt#E{w!gpzE9%of7|RqJQ*uI+upGgI8MWi?!2YEIS_4# z8;JRvFxN2`3o3IKa&E6GlJrJL*cn)@fZ(afixD@o70}#YSXGV3$)*oTRg`m}+Kh`K z_8`e-ET?CrBh*iKd-}79I%96CtqTB&!j%(=C1`^uHi%5U67%nmuH|!Lp}JO;0HgNt&CjAxVXe!(P>mw0Ak}6Fs!e zJ$76?3DctbpTFshO~`0iiIl1*p4;-tAtCr?tUZ0fZ79e-QcEZTw(654nhWe&RJR9%!Zhq^a-dNj)P(Z7L#|(DW9Ff7K0Wp1$~`kmOR?Ybj~0j zr_hw_3}nmuEdw0GREF+YJ7JXX+Wo$3{gFpK(>I+URa=4n9^D#E9RCw_s?qlf!7Lab z^&_fLx4XJ)Gw#bM6fw!+P}R(5xN>B-S~pNP2_+J??@9}WmX?WZZ*blc@)mkdNi4ds zA%}8(NV}edOV|3+^q!XK^CL>qdpTJK_Ga9&R0K~t!oG2A2kIWnrpp$tsLgTg*60S@ zMOV8k(^I8H*4Smg%H`h@#Mxr!(9bNEb>S>b+EwVAP{0)$kkso5!tkVH*GJz+S@ff4 zKM-?rHGs*?_!qFpCcUagTj>-+;}S@mPR>%iO^M>&8Aub|3?t-P$m+`)>&HM%vPhL) zgN?z<>u&lfpf@1m{R4sh4~U)gHB8nr{ZxyXsjZ)9ZZ7hd2z_}c;$|mqZ$;)T^U-uw z{0k)+&T5eiZwefp!2B|8JX?^t8Nae{;D(i*lP|`0dX}}Mfl2H6T*ZTP>Xf#Va`aeD zn9kWBt-U@cMSE8f(7^Eow8>g`N!_e(Xy@8hI$~F+V@Tsxu9qpG?JJu--9RgAV%_%f znzER6xVcJa>S5Q?aYZM1Sh8D^bXw7X2aY*#yHC3mXqka-n7PLkygGNM)jMx=gY~?Z z(88eSF}Ia=oUwPcqpyMeHMWUd7Bso4GA@!mvh{S=`wEmkLk%6XZfTUGjBYDC*&=r- z=iQYe>bI&$xjx^x_CE4gsoJf=O=1Ha3;!U-t*N)3Y+F;MjD^3X*oX!1$>_)!)aK0e z${O1Bb9%Wj$<|$%p1FhI*bx~vyB7W$>j6YSe z|5oGrXH7Lh6uRQ`n?JsiT!rWSiADKG?tc(=YlCuAP`X>g>=Z37rR?SEUKk*e2JZ>X5M3)My_$ zqz!x*f|M~v5M>!6*JDonVK}&_9_Olk=)X3_eW;+CKl#nD3+30`GTW_G$AYwhIz;Bu zf8jyFIQYF5lK&SGx(=aG@WdRP!`DUB%^u9!FS41CA#Dh4PJJbL6FOyv$xy3|aTCU- zs9u?l6@M5uR_eWI9dOwGISq~rVQ+ri5^^Fh`deCzi55Cgj2>Zp37r-(E0as%QUCLr z|NnZ;zGp)d)phy;3*K~RPt`NO?f;LFM%^^eIhi0wsN0Ko`hC-#(m&E;i8llplc!ecAAvUNq=U&W9Ng53Qpc|V9 zoEY4Aqznd&HHPEaR20jd|S7b~mw)7@*QafF!)NY4^9z6)!Kr9fVO{OU0vl)rQ zU@TXM4Q(JaOq0hNqk_Ip%EoHQYqQGj+vow z6xf?)^z?^HrZ^VqzZ&5yVEp9m&r=t_)$z)q0EgTj3|}CWC`n2A>f~rjZEtUL^a94$$mxzAbm5jGhc5EAI04Bl43acy+xyvp?{de0*G>9~*k#e31J?;X0rE*Kp*1 z2^ci5-6$<4xPJs*l$p$HPZlWuJvvan2k+F3`rSAylndau1}hi$kb8Qdoc3u!5viX7 z>SrI7je@eII@BqA|7Qwvy&A5&yURR8t`|Vt%Gc3a70}SJxG0!Vx`U+Oq>wT>l>5&q zBV`+C!*DmY6*LWN6}mq>LiJu6$_|$$UE8R|aOI(#4=+=9l7&DP%4z4BP_io>JxE{P z!gINwhUk$&AMv0}#^i_x15~F4R*)W+ZUbc|eR%ygUyF^A>wlX)v`rq`Mm=w4j5DL2pZA}&M#|^lS=TN2WRUh~gI#8%HJc-C zaE0-i8F(Tef`)+?b4AjXBRZG_8Rw7C=B6)u=jhO}NICBLY}Up4!W~SSacI-Nj+k&! zG9?&_6c|Vm{wxf?!DEVyfluYiWpRJ_Pm{KfD9J|~Q9oojlwmmRoRNz0?0)(>!WHP} z74!xfZB-9E_)l;qnhV2&5oesR|8mDuxMTT|2lBj4J*dv8^ld$2HI~ro-kI6&$Vhm@ zNSwKS3r0pl6|VDL`s#&@vBg)3$V2ZTR)hZ95U~hu_@)fj89pPHG6KCc8+u!f zlsnzu<4#*T^VxL!ITCKi?tOo8fv$yo@DsJsd__*cL4a zu^Jn&n&CmRWyDfeVWfxq2sx2*KD0r%2j?YXHThsQx+51}{$VxjU^R(i3dk_oz%UI@ zFfYqMnFTCb_FU&Q(wD!d4d^2Wv_Xr*@f`BD)!=Q%d!}0ecu)iVhLLv`D9+Zj2zAb06oIz*tBq`k7O0R!>x6Rbi@V;uy5K7BRQxE zjSQgOX~VvK2J)V7(8Zdt%5B8CK;lfBj zK#-xHC^GhR>iCb}a)8y^@%`};QxYtW2LV>;1rF}GUWo;B#e(l&6@UfUG5mQCnQpnm z!y-GqY)(iTlhglEKUUe!A9KYB)o{_%Y*h6D;fOiI-q(e2AMrQ=51l;mg4Z4NzNo&! z^);Hd`vN2m*%q8~Xz1DSyD6PYjtl6eScA5s%zYO=ye)mC_UgIk(HLiv6`7rC%JXM2 z>-azSqLS!o6w^g+)8!>OkV)2^hcDr3VwyS@9VK34V~MZ%*9oyodOGw=tW)8VUd_r5 zOJY3a3}cqmuUV!tV2%CyMe7EJEqoedixjtiGfTQ|rbmQgp#Olu{o)e*`|qWETo@{L zyq0c)l>nn6G;;H$d>s*7qV-Hu{(HSLse~GT5o&p1$keeHK_52sH`WR5Es-~2E&m6HI~28;>A!WfVs_vR*rQF9Hja%aji^7xLM+N z8wY8Tq0gp?dr%I^-+ovkOkhGod<61!O7QsT$LSVWWAKo&9`^UU;I&LCFj8Y!%4;?>j?Bb^@cMyX|j@Z~f#bu=Q zDulD&dJByu;M~&y;VD8exXj75ufS5|}*mVe%}N*EefT6m@wcewniU-F2Cyc!9hozc1Ha z7@cVPa33xAf>IyHr4P@#EmadiQIUIX91;XB*gW^=%un2S>Q21%QTr*J4RKoTB;YGmdGO>Ni3#|<)66buvY8)DSY zj@AMuKbQ@wt0v#PrmN92G?vJ51=U|@Y%Cu^a|sgD(bIsH2ULdV^gh4|xGG2zxnHXm zy^!yyO^4NMI^ZZE2vA&Y7LKi~h0*~`LN2ZIYYG;ha~h2S6M+?c zFz{qy&Ip!{HDw~b1ut`*wy-|6@ddlG#wR?z4aIYe;wU^ETmllmCso&71!eiB?^l*r zl1(hR9!v+#1317zV)5M_sK9cT`X&Y$e3C3UKke|ElwcyzDBb(2-++9=l*OF&XV zES-I0$^EibJUc%Twa5)!m--9U&`&qV@L)+gm=o<+MNH+HSfCNVQm?*yiUT{kuNs#J zqTzrwoCx`AmMh3fg%^1xjXZ#rIM<`V@BDK*^=tIQ^|A6^IACnbkQ`BJ9OHG}^xBAP ztHDx$)q@yTA4+g$IAVlxFs{RTBHMS6Diau7(|SL=JUE%};Wsah8}E&(E5@vh7+jjj z6xtG9#xGUW3Ey&IXxL0)T^sxmZ{X1*S6}f`i9}pi$TjH;WydqW36tQF^awdpV$E>FgN~@{4#?WlV4yuo zrfUd3iL(V$-JD~s{!uhkwfGngg6-lwck!FuM}2Xf{0 zD9@$5Fj{;PvP2yJpx_kYa~Rjb)S8a5Ob+nOZo!i62b;dbFBYv5UR9YMUE`s zR^p4|$}u^^SPp+quw)p)MMEQ>R+5#{L1!gRgw}~zhx;S`JU9kvFvH8HwqGX=&V@f@ zg_#cv!>2OmpXkRzDhflks@Lg57Od{GNt!62ApMuauLbL5n&!eqye1v^LthL3Y64tw zXy}w83r6a9zGhyBCksnnaAzDVnCuiCOn-m-uMar?v_a>;W3eWr{>nG}CRk}OQ^=Zk zL_w?mpZ3sHvUN_B9eR~eY{5m4sRukZ~Gih{_IL-JnXg+ zN_Oh@4{FozLMMaJWSaTSWAko2S=LA^S0O<8%oQhz&A$Mp*TMXInHPi~wO_QH$dBEv zS>_ypGi$&39j-m`z6uWAE99(7Ky2JP^}1XGUUKb&txdbtkF770M0u(;u6(yT}Hxo4cgV^F)6~L)ygLU*U7vXwhr;ox>r7w&21?E*(hEYc!y+D%m0b1>0Ku+s=g5QSzXU_zXkW_>tb zF+O{x!d;^qck?k#u-ESq^KC$Qdv6f`_~a5JOHcYRpKM7Z@}{8>=NHk z@Yt-!m8~o0CD*-2D94dyi_fotD}5NJP2HgeHsb`&AX2_*TIQq zqG4KP0+zk96|uQCddXfcLj{K0J@0RCm)4%B-HAQxzm}l=wyclpbc-ZbEV1DRhBm&)d0wD8fw}oQMuQijc?2$ z8p|5uhq4oVRMo!|0r-0xIsFwhLarsup0-MyYE>B9Ns-E5co*_}98ONjGd`BS;fmLa?T4~<#KU!B2L0P2qVQ)2;f{TM| z{qRvd;r7yH&E+g~yY|H%siJtGw~*=*-~6dL#BKPT@St9B;$r^?--UxOkNrq9_Bz0G zL*zdW0rsnmO4j~Z-NltuXx7kshobXMd`<2CguC{9ieE<1(!J=Guz6=k;!B_2_-)or zwm^^<0B?=pVYsiPDs~z%$v2eEf!*O^dIUi;kIV>3pu9o+LEJE5_HtcuU)s+>|T@K ziT$$h+_9-G3iQ;s8{(XNKTOac)*A!|Y3TQME&WXPSk9eFld!M6-<`swW5KIb<)?jI zvTV}OxOW+~$n%@#4LG%02T@TAch}M*#4GHgp1n8iAv7Rj&rJoI(5$#hVw#3^dI_To*YtD_5?^>9s+b&3wy0){Eg1$%JqoQLeKsbxPf0y! zxIpYXL0wjLx3EF<{KN5Q97|`m3bA$0KR%S=>{&A5VJ6|c>0Gc>a|^PxY+$h<5|#DS^M+A6&s><`ZV@r5564MF|Yf-GhJAB@wI=mk_>61-47{%T^i)$6O{~Yd!j{F_T4g__~9V zrJ6&1%*pMIx}|cJ?%-yoOYrWHb2UWZ6L=Wv5I7o4mtgJ(lL{t0;^1v%@a$ z_15f-7v0`Y^g-&kmB&iDMxTtoA|jdpIAEzY?!L?6unJ4tcc)L{@*8?f<9Yut_LD)w z(0P-p^lf~|*i4_`%MFkG!%Jncv6T!)9)VOvFKWqyCY3IucKLVKL}Qn(iacDJJUeyC z9X}`G5>oz2(}V1@mlDrzd)J^8Q+J3|b@xzned)OK53i&CT+y?=zT^vmxYbMr)(fL6 zg=3jw^@>znD|+F*UwBb5PUab|u8I%2+)zX$xM$|?wPvjHhRcf&&q!Zh^_^;2)9I`x#Qk8nP5?fy*lo39*JV#nGmT6)pkkIotyPf4+& zsX8b#!ybtRO1zbaaWo!V75VK`+Lmyz-rt zkbuI9-^+X(s6`f2LpIupXWbz`ljE}~U+*`&=&5o}Gr#_5CW`V88KB616Hq2%xH43G z`n0^kZ{lltAD8o_m0Q}a_b(;zRj4wor}~VHWzEqjRd?A}r%}cahsdlU`HZeTcSr#3(h0`oFlyT=q1<&Spi#uzu+*th zrfeZKLr_1tyCAV&_+V;E36&k2&9gM>TPuFzw0W_sX^nTs;&yd>ipDo2I<2pI=E?43 z6lwG*=^&;oVDB>byP8g}o8n(lStS`J+L_9)>!gP?=qyw&p%#A!nYF%J+w5*NC|jur zoCz5p&`jpdbg|d2-bv9gr~rhg>`|J_OLD57puma(sqBaVF_jXr0o1QAh4-9{{(KdF zYTof$gcx}K@G?5Fk*yBN_tR2@J?t|exWMW9AgU&r+1{%x4= zIpB^^y<0AMYZ@VTQ+M@!h*6^&WBmKtFYJLqvmLBTLGK{SlApP}Q{6PR%kF6JiO^_M zXl?P5PK-z2D7z{?a1wu`XV)zy z24%NXg!k{#?5w}E>#Lb`*y*TGOliX24C^qx)f(ISy^~)IgYQ@vplS zqVj0}BnnA|iX@*k_!*Tg&0g8-dHq`)-Sb!$7 z0g{SjyXE$u3n$nB#6M?rn#E(?w~tyB@!u3a`Ym+FlPj+?YRKiHMYm8(6`nfdVXoue z6aLRZRHu4{fy|y<76(Q?Zx#}9-S%aF?pRxtH~EL#5e{K^KzzOZ{#mK->2^WHxsw6= z)~|VmHJtmgqO`c9+W7ELot9S}n<+fqeU(@u^C}yQt9(WkcQU`=TNl2Qn{f-0og_?6 zRb|Z9yW`qjmsPJexpKYH-*3jHXg8{eu%q&Z6Jf{R{PT(pnT|@SUG;v-9dc1a@AP^( zV~f)EF|A%B39Hk}g4XWO)HIxX?w6_s*(kpF{wXcQx;LEz;z&1TQ&7`VK?PLn z=COieD>13Rftmeqry>9G!dB+hjw9M#OW|g!tJ&^9ndb(nLY8Qg_BsP6Zg=mCqfEIU z?Jdc^h&ReuiO<=4Yw0=iLw={YNbX4$^QV{9`1fklT_`&RdEQu?B+Y&5L&e=rPT(Iv zWj*yNkM3!&>M2ubpm2U!dtYy(VzF?BupRq-jebhLplUV^LrD#M6)-SQEeiLVtwcH$ z8)s%NsSse!@b0*dWIgh&!V&W1ce*#t?4e_2c_!GaFulxTHNJbj;P*_asp?dYRaVdk zfoXd<8>N1f%FsI1JBxW;ox;}X`bqiEBwDVS!N)IhwI*vdM`^SAK3_t)Zc{NgO4jki zrjR+&Lm|9jHqD7mlfH{N*ywk$Ty^sP*e@P~^h?>e#CwH0E4Xi9Emf!sc3hJLVy2l) zAVjY3ZPC1dAr9fL2TWjg5H?LIXXj9$m%>2X?nf+>73o1F_0*lC^Y6##LcCj4ay=#h z&d&44WvpnsXaFI0S?`r)*}BK@j2|cIZdm#7Slw}kmpiIZ<2@N_VvIMicgywo+(YIm zKX_~qHy_SjXh?z6OA#_VeYnZ_EQbL-4<37`G-w6|akJ~7W}u%>COkuhR^}ew0W8~_ zsUe~De{Y5VPuKo0erx{I)0JV#A(WH{ylgEl^Vpv63hItT9Z;twT_mvDjEK)l# z&MBuO4hHl}?3(e93U9o(636AV>0zlXvDKA1%~O`^l5e(yOyUJF%xj6DUiD}C2+0F+ p!9JAk1k*PpN%_~+|ATHj@b-(xig(X!mO_JnN^ Date: Sat, 20 May 2023 10:23:04 +0100 Subject: [PATCH 496/870] Fix a redundant import --- .../Security/CWE-176/UnicodeBypassValidationQuery.qll | 1 - 1 file changed, 1 deletion(-) diff --git a/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationQuery.qll b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationQuery.qll index 336834be2bf..ecfde3f26c0 100644 --- a/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationQuery.qll +++ b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationQuery.qll @@ -5,7 +5,6 @@ private import python import semmle.python.ApiGraphs import semmle.python.Concepts -import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.internal.DataFlowPublic import semmle.python.dataflow.new.TaintTracking import semmle.python.dataflow.new.internal.TaintTrackingPrivate From d939f192d5c60566a6bf6bef0b66373e6d164a82 Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Sat, 20 May 2023 11:46:18 +0100 Subject: [PATCH 497/870] Deleted the UBV query change note. --- .../2013-05-02-post-unicode-normalization-query.md | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 python/ql/src/change-notes/2013-05-02-post-unicode-normalization-query.md diff --git a/python/ql/src/change-notes/2013-05-02-post-unicode-normalization-query.md b/python/ql/src/change-notes/2013-05-02-post-unicode-normalization-query.md deleted file mode 100644 index 59af358047e..00000000000 --- a/python/ql/src/change-notes/2013-05-02-post-unicode-normalization-query.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* Added a new query, `py/post-unicode-normalization`, to detect a post-use of unicode normalization that leads to security problems. From be3f59afab9725ecc6bbf900989108fd2fdc1a27 Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Sat, 20 May 2023 12:17:33 +0100 Subject: [PATCH 498/870] Replaced StringMethod() with a restrained String method calls --- .../CWE-176/UnicodeBypassValidationQuery.qll | 30 ++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationQuery.qll b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationQuery.qll index ecfde3f26c0..2549bd796b2 100644 --- a/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationQuery.qll +++ b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationQuery.qll @@ -43,7 +43,35 @@ class Configuration extends TaintTracking::Configuration { or exists(RegexExecution re | nodeFrom = re.getString() and nodeTo = re) or - stringManipulation(nodeFrom, nodeTo) + // String methods + exists(MethodCallNode call, string method_name | + nodeTo = call and call.getMethodName() = method_name + | + call.calls(nodeFrom, method_name) and + method_name in [ + "capitalize", "casefold", "center", "expandtabs", "format", "format_map", "join", + "ljust", "lstrip", "lower", "replace", "rjust", "rstrip", "strip", "swapcase", "title", + "upper", "zfill", "encode", "decode" + ] + or + method_name = "replace" and + nodeFrom = call.getArg(1) + or + method_name = "format" and + nodeFrom = call.getArg(_) + or + // str -> List[str] + call.calls(nodeFrom, method_name) and + method_name in ["partition", "rpartition", "rsplit", "split", "splitlines"] + or + // Iterable[str] -> str + method_name = "join" and + nodeFrom = call.getArg(0) + or + // Mapping[str, Any] -> str + method_name = "format_map" and + nodeFrom = call.getArg(0) + ) ) and stateFrom instanceof PreValidation and stateTo instanceof PostValidation From 69ca49f168e13afb3d7cc07befbdb7db9bf411a3 Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Sat, 20 May 2023 12:39:54 +0100 Subject: [PATCH 499/870] Deleted the UBV query change note. --- .../2013-05-02-post-unicode-normalization-query.md | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 ruby/ql/src/change-notes/2013-05-02-post-unicode-normalization-query.md diff --git a/ruby/ql/src/change-notes/2013-05-02-post-unicode-normalization-query.md b/ruby/ql/src/change-notes/2013-05-02-post-unicode-normalization-query.md deleted file mode 100644 index b24e408ff4b..00000000000 --- a/ruby/ql/src/change-notes/2013-05-02-post-unicode-normalization-query.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* Added a new query, `ruby/post-unicode-normalization`, to detect a misuse of a post-unicode normalization. From eb7e1de65b58db76075a21848d648344465f9c07 Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Sat, 20 May 2023 12:43:05 +0100 Subject: [PATCH 500/870] Update ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll Co-authored-by: Arthur Baars --- .../codeql/ruby/experimental/UnicodeBypassValidationQuery.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll b/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll index 3b353d5b339..c6683b08900 100644 --- a/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll +++ b/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll @@ -50,7 +50,7 @@ class Configuration extends TaintTracking::Configuration { override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) { exists(DataFlow::CallNode cn | cn.getMethodName() = "unicode_normalize" and - cn.getArgument(0).toString() = [":nfkc", ":nfc"] and + cn.getArgument(0).getConstantValue().getSymbol() = [":nfkc", ":nfc"] and sink = cn.getReceiver() ) and state instanceof PostValidation From 8dcf139b454e69feecf64f7d1b9d32b7bdbec544 Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Sat, 20 May 2023 12:46:54 +0100 Subject: [PATCH 501/870] Update ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp Co-authored-by: Arthur Baars --- ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp | 1 - 1 file changed, 1 deletion(-) diff --git a/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp b/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp index ddcdc3b31b2..cbdb7216e1e 100644 --- a/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp +++ b/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp @@ -9,7 +9,6 @@ The validation of concern are any character escaping, any regex validation or any string verification.

    - Security checks bypassed

    Perform a Unicode normalization before the logical validation.

    From c3c65ca7129a43c6ee18e4dfa3e14846d769909a Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Sat, 20 May 2023 12:48:26 +0100 Subject: [PATCH 502/870] Qhelp formatting --- .../src/experimental/cwe-176/UnicodeBypassValidation.qhelp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp b/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp index cbdb7216e1e..3916813c734 100644 --- a/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp +++ b/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp @@ -28,7 +28,10 @@
  • Research study: Unicode vulnerabilities that could bYte you - and +
    • +
  • + Unicode pentest cheatsheet.
    • From c9c7179a0bcc8ee0ddd5b65ef996edba50d7a443 Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Sat, 20 May 2023 12:49:46 +0100 Subject: [PATCH 503/870] Deleted the ugly flowchart. --- .../experimental/cwe-176/vulnerability-flow.png | Bin 37706 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 ruby/ql/src/experimental/cwe-176/vulnerability-flow.png diff --git a/ruby/ql/src/experimental/cwe-176/vulnerability-flow.png b/ruby/ql/src/experimental/cwe-176/vulnerability-flow.png deleted file mode 100644 index e1a354717ef1273043075e966df13a19e4402e1c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 37706 zcmeFZcTkkivo9>LE0K*+Ulf4j6_$iTp`s! zspwz1fX`OS;8Tb(@xfNQS&`PIcOGiHsE+*$PeY2M)T?eI3 zWOL4ZypKEvUH7XFeE+P~%lnpp^n9m05gG$S1^t&-9z~Dpc8i1(HW%_AubHqbogr6m z`GxB>5h{_`_<_ToTp&k$0xabQuw|M7b5 zHN*JN&)|7WB?!|>%_Fb!50W7A0HH{1EY1ptGqR&i_+~gs+E1zbR6Uf~-Y!dty8?85 z2~9uw3FDD=RIj~ITJ=tMxZ*8gc>NdmJf2Dl!MGZRo6_wa2Gxs zzO|xYJP;2eO4#x0N~dzei%JD50v@c$2#blVD)5f~4vUI_9()dB$QmL|A|TU(!fYM5tqL^B}h=p5?8_!JcabVc63=mfnK*VEZ5#wi@_sfw$zQ z0goWim7S+B^3cTQ*9Kp9l6K4{AR7pEWjkK+op1(Q0EP*Qrljn_JCJ5@5Lgs~v{pzs z?ASEqQm~Y%L}Vm2kcu;ovlkb|Gw|g$&zEx)JPmO0+}3j-1H9Mbq2Lza9oxo9I~C@F z1{{$ETi5)b&1OaWOlQ>9)FQ16)JMA?1#T-ti3))MM@!Rz3pM?(7ODp2laAgu^7tNX ze6$o}wl;xOL$k_7pNrxp;O~x#A5e!V@U;4?%B;?1=UYp#euahN5hhAx{^akP^L|l@HtTymfP02Y;gA3_w(gidman!Sj%0n@ADZR46{MuA!LN73;I( zze$Wg%KEk_Ijw$HTBjfPWXaS_j(x}CYB&UHtlDh2`fFRUZ6g|4*Ox)l)}C z3NQ{1rwb7m1r8X8{`K}XE{hxBX{6@&u#Oye81dBjGUr{^b|J1fOGU-|@s&cSo^W0AUf zD%DmAD%ldbN_dxBt<_+n(yQ*YEB`JYBFW_QB6%Up9bCqn+1C|R9zYmq@aoP@l z{^+;cFIjo#y}uhUI(5~l2dRS@aT9nNj{oK8Gm@B+Eqrml7@KroRb;uwnbv{f{NQ} zvevoMSXHs+WYg15g6GW@<1(e?S#{Q4@x5yjkDL$gd-g^@&grM%0;~QqKUVtI{^s=H z9^d;Y9>PIASuQMTa}8{MB(N2@(Jk!pNDg2txDq|qH{ZOIAg`J9tD+7@%D64ZpYHUD zRNC}29vQ8{l{l#ka=g`cN{0Q5i#SO>2c~c2lz8=&4g$R=m}!5zT=_EquZ<1 z49(b|PE;op-!+3z%sRfjX6VtiJ>@ywyO3%w{Pb^q(%(AkzSPG)WU8~4cPIS{+c1hO zY_H_Nj#>Xet9}cZQ(*LTGS;JDf^g)vMR0+c=^-OMRn8}*zP zieZvWQO6@q{84784zthhi#$ycGA;0rAoF10oyjlsA~?jJ*~8HUvZ*Lq>Ik_74jae5 z9KW63AtiefyRmmdWg`#S3Swn8f|1AHQU&HZs}H_%>OdB5cj^AhFT>GtQ{I@r^ZBDbJCrcgvdmWvoyC&T zw;ds+-d@_AMDLr9?TS8(${m>T=VENW=cx|7xW%^|0Jf3!PBOpxS3+CEdXGQ1p0+!= zsRMI1lL!Bg(`oGrWGA1_8NM~rn`zmctQ*$QAWB^f@uhcS!;xS6-B^Ev9gT&4uAw8( z53G_$7nkz{RVbdeost$-WZGc4fx6G$GP~>2z{|%uzQS`qcNY3&x*ItvXH{j>hEtr( zakTG>sh2A`&1CUaZcG+N%{++INa7*XPm(T;SIi2xP196o8Kd@*9;TARql+mPD%@w3 z$j|qxXxC=u{>K51at6Dc-x1F8`{USywGoLKD^41kaWyw+ajaK z`H-lzUyj_g=BXd+_9C>N8ny6AFzRY@uUgAGI z0~%i7a$xYJWgCV^K6FtQ-`(pmFxyGt)nVvAr4>X{zN*JFoIlE$9LNdD&gXgBJX zdEV%IAbp?=FMN`f-7)WocA9)wqiXo=368Kw`=9TFwlsPBQcH-MJDw{OcLUCkmP#;K z{v19|g^@Iq*8%O5CtDaz5vffN$;s_sl(HWeB=xDhzk zo?P*(U`G8ZC1y6laYbNk{#O~7QhjaN9Xs?oz<*_=uFBQGb7iQ|8WT!bxtAYjHBzGI z?EgpZV3N~tnRIrF%?o+cagyF(dV86(=&J82RcDC0u3t24C>k)D!H_)69{dD$ijLq= zjqIr|HE8$n-kMQ7I@xSqh+qp$_WT|2%elqDj`rHUKv;0dL*cMqm10 zoL{?USRQ#|7Q(~2b@Hp$*)mVjib~lkH=<2 z3wpNQ`p?8iG4C%l3g)|e4&OT3>)cmSajbIl+V|Ihq1ox^8C0er4|uX|Ood_t3%_Ei zIS>kyr9`XBI-Jhpul#QG9Y1G><0%}MF#E25h~+#V)=}_gRIg-fON)~~UPhwv2^y6n z$O!XPODA_q39^nRU3W%JpIP&>KFZPo^Oe{978o=4Wa(5E5b=qPfeC`6%OdwX!iuVg zEZ8dwKYC$6W-}T1pFJHKN%L8rzkBH)%(jIsgfltDPb_6}Lf&bh1PkO4?o2$#t^D#b z1@bah#&bhR7^Lq+(q7}~&$#(AvG5il2kWKz@MD=$ZOrv{m0BrCvg#hl+L^^?>me3t zO6z4G$Wdq(|FQYNZ8l85=r+Srm3iRV-QWJ3a+gjLGF8O63Sq7(vp0(?7t`MQ zPlMHwcR~l%Pp^SJs9w~a?X#n?)V!T;yTtd3$M8NkZOLNY{a0_|HOkqGN8e2bwuNf-L#zV z-<@RN!0)P8d+!=P;J5BeabFMfJCl0ffQjy%5^k8m=HHPkBMj`(h^XgOi2i=&vvWLbvMvsjy z9%nm;&ktn%nw2;?T3S%LAM(JS^>i=T(;_DSLQG)t1KFpizj!oLg}hp=#AwpH$)d%-u}odiiQYMeg=Ti?5z#9w!D~9H|T3eZxiZfCAO% zbKsHbUrqSMqd9=>?CHWQCb>Htm|9W__T+UR-Pv5F!NSDY!BC0dWx{> ziI0|s5wyK}_F1Fp;@r18{Dho2{>|eoZVFZfJ5rL+Nasi0u?(C?Bdt@pj~1gO?B{m} z6;iR)S-5MKeFaM5eXYL1jT?PF&Jm2=3nst{cCSF?lbe2WNYHw9(^`s6!E&2}_4F;) z+rsak7d2A^SE2#WO-W+iEKBI{oWS#=i&5j`=eEuMlf|mje?KlWMQ<&|GggNai4oj; zn=5MBEzQ%lN$lV@0nWqa@A=k)zZ+vMB3|!Ls8#sd@mzJ9^&Rw(Bt8mFCA8Y=%m6HFi*K;tim+o&|Ky9!J_7u zI65K1eT)ga?N1N8oK2bZ=tc&{FvhZZl{&!%ZSkuY7daJIgL1_+RQZkwK=Z~D$Cw*-xyb<06ZMhdgSY)o^ z6|9nunGW}YhqQ37o-++9R>;2oB+7v`2(0&0mwt({o@(1+W-RngwQiS0qCDd&8!1YX z;p^%uoOET4Jj|c2Mvk+MEf2qX)|Afwlz+(YG`2I!YpV*6LbPocefl+9PR7!a!W|VA z@;ZhG+F*P*L-=~S@_rrY+cvm0M6?1u_XXxJj@Lw%s^kUu*ej6_1d%VSS;%2s3WDN&Bi z^7FJWso!O};|K3wQ9TQx)0TyHN>4yX2*a)gt@*fW>|f8%RgN6+VF@9d z^V6gB>>KJi0i`!dS^B0JC7jje;pn2}dZ#x-`KwRzRjJ4m7Uw(#A9RG|NPIIKyGcf} z{5Fr4lFBpWM%5TQ!^du9ihP) zxhK3k3D=S|DO^#@C6(E#cU$^3;%*^`(s+JfME-qxL>R3oM(59nsL z)eh*uIYyix&SmWh7l^QXvOX;RlP8P` z_34`3lM2eQvWFR-aO>VI8@glR-OLw^VF6@{uaBf%x>-D}r0AM4?2}+SaRX-S@px7; zLi*dv>pU_NJy!}-)xg}x$ZDH{qHF9E;yU^A=!x8SxcFEzo|K+eKuf?DTFudmjCi}e zb%P3J4!Jb;rUTKiHY#+g7ji><$U2fvXtjXs>F)-qIe$dC&1WL40@~bgc9WgB zPLC&E_2A?&qdi`SMdCMG#)=oe?P$N@s=Q2|(edZ`2>gk+BM1Gkh0)SmN!N7WrX;o&V0^&@Q7ll3jY$xROe2n*xaM zUkhujN~%i`=bn|-qx^)e==GU#`B-b`vyD-WwHV>1Lre*#^%)xt`S*Zdhf;*FIIyT& z4g(DMnaG9?oa@jf(i^FhWW2kOD&{oPa@&em;j9`?3e&b)=2vhUn#64bGj)9@s&S2F zu~>)IM|rf5${y0Y7Fb)Y(ocMRwn=04D*U<2h%J1GN<%j7vDPu!>h0_iOG6P5D5^7b zolquz(Z4&h-UJh*+qSS{%^ntQVx-b|o~1dX!Y9)KFz>{}00zepxLCkTxRuVg` z6^(}fz}pQPj?VKMc8bHvd~E+yY7N%2iZmCwVyZK|!8a;dlonQ_x-0ntr-^7umn!UAgG zLPyN)nVsmFe2t#toHb+Y9?eV*Y$N1FsD4Ll(~NQ$Pcj7=B+po2(zL6+(D-{HNm+I) zE0VSNSjAUc72g+olFu}peVY@HkUOt+t>*3^-H2@w%?s#aw$;ik4SS1Vq?7sX#P{73 zTr3vMrW(~Bx+%)N`4qD;nV-%GTOXNwhm+YEHyLnUAkXuWg?z0WNq?qbs1Jb(+{6CE zVW|L`f)MFLzj5yn+_TYlWoLYO3UNR3QE<>d^Oq|nI*^@F;ftmu?f!rJ(Dl_vw(TG^jedQ6cU)!w0o{nd6?gb)^uG?;>kpDX<3CtS#$V-G zwLhlVXlc>7jWChW&muB9Ucvb&V^o78Rvvkr^MD{?E;_30wXb2A%qaE7QcD(3?Qknv z>XZbZ5#CSomnz^G92>=fXHr+G(B$CSdFW&%!ev1UT~BVG^2nXx^0xS$Zg-0*>BxzZ z#!`ByItSBwd^&jJdKyA^iXpq=`M@7+$jtj@aQs$XM#cCyZ!MOc`R?-MC_qv zTRPoq&9Up3yV7^X7T=P@%J9yNaKzxpN_4b}3vsDg!LH7K9Ad;1FL?Dj1#3__l;!U0 zpt#~kqaHz&65^Q-#JZ|wK5nyEL$^HBC(I&3KR_D(M&Q;MP-K2DmU{8=|{f?H@= zW|AP^>+lC(N@JWZh&IB5=>LM_XDt(Vc=WVtFgOuu24O3-yfU1@BfK-}vIXZ32qh|b zuoZMZ(|I?g!V;nQVcqGG2Nep!azZ(mh&A9sPza;YSc;zt4Wf$d0vz&4>=jk;)VSXJ zGagw91&yO*r!}#Axj|UQ?A%X=kPC`Dv?c6@amA-V?$XfPOd3KJ&`d!~$p#PJgCL^^ z`|}PcxG`u>RL$Px4xWcV4B^10EEp9O)|l-%Qldg>f|J75_MUbmEDtoJBhlpXNFRt? z5nq>^T=9aSxtC+`AQ9;Tg@RKRrnRvNq2Q3yydOJZ0XN{GTKpQXDz+YIR#EN1N5LBb zxdo|mQcP4RI?!yDu;i-&uY;)Q%X!8d90~c_1>q}|J-dxu@n#Se3xhRD$To-yW+`(Nwk-sE3H5)`NI>2J&3csESX3wx z@U&vBGY}3-gyd&DfAoL~B@C#T-&y*l0iOkfQ^jVAa0OR`>v(*M%|ZbRE&!TK(1%wD z3$B8vy-ME4%GkY-`~-LWLr3;Er$)lFn+wDMwoOzAn&7>DWCP*HC=G0;n-1}E zzWb=w=eUJRVMP2=YGjd@fHhnSQquOUXWRg14o-&lT4m8}3xr(5SD+?GY_dxjTp!X* zyPqNX>`=!$kgnVsoiV!Xhzn_d5G4Y3Ih!6(8Gbu@vM6YR|5Qnc5P#5A`iwIcV8}r* zDrn#5)frH(H%Z4?*%B5Q==$ z@stkw01E~TQ@s5ul?X-;A_wEiTWsq=H2fz_4T<6j7~%5%3{4Ad+SZS9kF_B<{vqJP z=^+>jyi|a|T0SaXqV(}EAov{iuOxs@oUwo90tE4b-)3LmX1|<*3rmd^+tx!n1Cjs- zFds9kU}o^Ln1}Fgh^-cC;2P+p9a3CUn|OtjJXlbboR~zZwT&-&UJ7=k-fjRsl)4q=@+PLWHhCvEj#JWNFY4RFGgFmK4bk@Lov&9IiBFLqq7t04m-Xht6H<-w22u$4h^j zL0xv_hV(C#0YLx_540WVpDo?L6#Tz#1b5I>>c}1&cS#f!vui5T^QX< zqA0=4REp`F5XV?DU>V14C1Wp_!UYNn$L3mhLmXSkffZQO>bYD=q#x+lk;?1K331{E z30He`-t3Y*c;nxduWKNL9-%zK``eK~XdD2(14Wxwm<0(FWP0!=^Lx{6r<0X0GvSg?lfJaa*p z3_OI^Fg!!#GKWS6j5q#}H#QMk_(Xs#urrJtX+u9kJp_aEJ1~=7=KCZu9?}u4C@{Q{l_1&6OKpURqD(%z6nO;*w1#AP%#~b{@eUSn_Sf)d zlfQ3={Iz>;`EZG7&}%Y387@~j$R7;3Ud5n(8(L;(UT`_YGHwoNT%T^fKsW6!^zptF zxSI&_H9F54*DviZszn%Z;_)*o|I+3&b5>aQ(f$1N)U@cFo&HveAiwpO~3zrY%3l_{{B&-PzAOntuV zvNRwRLB^6eRH%7lHJ)O}kMRGkH(DN`(l_&)WsYcA{dQvje4?|nG$?ZS%^i*9`hT4t@Zb^1c1-NgE~DVTV584|ak}0+<-jLr{pw-9 z4yT93zYG2Qe1to@f`;T(w`Gcv$k>>aoWuWigw zwFY(Rz4DA?;rk|#QeK>%yg&WqT{Sl|Q1jIzYomVf!|6D0c8?L(B_JqW{Icv`r~h5# zm78~*JvZu>Zq>Og6zJwERoagU|J*;>tn@o_@jjUH%(}Q4gPFZ}1+2nGUjj=a@)o3^ z8dXlZToek}A0qJ)w_XLF^fRC~%B~yOBZyr`o47-uTb})9=kU(ej8|0AMFm>&SlpFcor465wdhBbfx9yCiO@9z`|7U9mzGm3YLKY3_x>eN~TkstU^8cRs zbvsGM)3NTorFyC1`|Ph7a;A%4)02jZlsl}ZoBY+IDeavWLC)sNgKZje^mUS933CAK zc|UE%PM5I1S9B0!K3t@=@QF@n{(bX#qIQ-{-*n)G*7it&TG*|pBr1mq;3u7i|Y zh9h_c_=wv<3~k<@!J=B99&Yb!_-<aWkGkx9|Fr|pO<|$UT4lSD5_a5Jd6R&ng{$3qo-(@$E+aal z&ePu->M}ukkbbSx!^a0Fn$hM}i>+Pr`Ei-$G)SV8zWC#K^}btznft;^{Z9_YM~1@@04?Wpec;{s z@aaS}!wsuc>7OijDr$c@ceC)$b;tBoKloh287sdz>XQI6%w+8CiljG*M_zc2$)n$;wmI~O&w zQG4dmn&IcTc$@dwf`dF~*(dwv(~N4nAGZcZJ}l>@uq6{`6W=cmSdSL31^`^Iu}+u- z_D=n~<~W6Oqs4(&sR`2bwsP!$-<+Hs^kqocGk=If<&J%vt~20Oe{%ej3xojnnZ68a zz~z8;6hyE{5mTX2@ZXr+_eIx!jL^^{dKH*G_HuN;>*lEt+D;YqQ?6X+(GMOZvX$-+ zC8V}$EE;a93pCEMLzFsoIX3^f*H+3|50&M zz}c~OC~n}4Qu~WCgZh2SM}!!xmHRRh{kTWl<^e~A$-3R-o9c{|h&1Lir-9$L#aTQ! zY<}M;Nut~gSxB^HXJK_pOBo=gU}d=GS(h0ngYR-YyUS{6@vRFiocXo)&HJaOSoqZL zFbY*C@!dBB(&|e_21`U(Sh-Io{*K+}t$Bk`JRaWBk*7o~kuu$MTa;Frezv%*F6;IU z<2=I9P#k;W{CT(emOTSJ1I{;v!NPv$ktH2VA12pA=#DT_aPs(&ZDW6@bLx#fS5dQ? z)#6}|$nf27Dt1XD0oAjUIM7f4xIq+E=B55@0f!IONy1EZpuDHu}Np(T)K!)9)ugK6ERnhD{e zK!B4e_=XfOvp8fnGhr}w0#Y)LoyN75jjh7e2dgww+Bx!aI14`*8Cqi3x#Sp@0E#nk z=*{oG$NR>p<=qK7finyH!Kox;=0ik8QLA?-wUp zc@FW6Nn9&GPWpWjgPtggg#mG)CTmecU;kkvT)ybda10GOjb(&A>RB5bqHLVsgDvjG z)b8$pjEG%E*w|8ABO3=%d3jMYas<8;jKa?V$eI4*_@WTAV^fI*V!e3X$K+vOQA;M3 zRxfV5z7V?+j&*iI%-r_t&TG|c`rXnEheoPqPgJlUEhxoIAo-q- ziHmr)ztBSbS;qY+=@5(7VTysvmD?gwk6k3uT!{2(|AVYuO9f0TqF1NXLRGwVssW8J z8|TJe@K#RjN&MSUzAKCze1lK){)!0L`5bJpcxcT=@QJHa-h@rG$H`J{*EzA#Z&%#S zfAr^0ZS5~rMs{Qe@gw@Y@%LGx9&Zosc}~47HE*ESBl~I(@}<*9sfVyA7nEp7+FDh% zzbSf*HeKbTA%DQP%|KO=11=h8H|I%Ea80l~A`B&p*^2+B-BZ~u*O6c0;$;lV`ucFy zfqiVM`b1)C861F~9*!SEqQbH7ps}l%96H(`Uo(^@(|+=*@MzZ8t$5hqu#J1QU{1%l z93S~6v7Y^|RlIc6lad$63_K6bS-!yBz^xkRjsAlM`G_Ua-%JvA!OOTFQwj3(jucWn zIV_mmw4&6|GRf;KJ>Abe{4K>aCF}wuR*-v@U;hqI1J<{!oejK369qb-T}0tF()@O|qGe zBYGB1W45gb=2qQpr{p3Z_)Gq3xvdr){i~g2$C5C^60hqQG0Caq@`vy|e@clU0|w0y z<)2FSv@Koz{VKP0>6!TDaO;2dWNns6z)A1O`jnP}oUmF>DVx{_ojBQS1$rTojLyM_ zDsSj^_VvW0mDb;Ga4Vkmlf)c4eE%CJ&Z{6)mT#im8Nw!$KY+#m$iCVG51-2F$L(gL z9HaM7fQL~nI3k_*dt%Tt>}@)7`WEHSGEq~9-)LA0 zmf&|`GV^?I8y8YcGlxCmi$YTH3- znKNKLlu~(()q;B522-G+9fPH9ti-5uub4MoDth!u*v}7=_*kK@*!0J)V)4(uNA0#Ov7Q_D1LVhlodoD-hJQ9`CyE*GsIBeFBY~A zE>{*cX9ypFkidC6aI}$1M6gK9sR6=Rr%t_h{0+3uX}EZ z4B$e4lxHngCQqg$3mL0GR57LAqlS4jDm=#O(d46N1t;hZ%3~l$kkF7|AVJwQ!U*+%bYLyvE}Lk%FEla za>M9VGXH^w)bdqNtk>7C%CtLnj}%znzF}$z}eEyTj@ij%_PmAUaFKIzP&(gweil_a2+b zT@Y3CoaL*nW=VaJllXV|I4lpgqJ{WDKx)}Vc9vz*v#!msnme#w=hJ5J7L(iXd*!;B z4ug++zPJVJ#KtHFqvk_JISTKh^%+#*3ZP(}iEs}aZiS0a6+f8WwSQNq<~YPiuQK%Y z^bC#P@GCA$FO#g5&ZO$$hKb@ToBoyda^7g#ZnkD{erj`dt!)yF$}{SiVlGNSG~wT4 z+qT-^!WVRZx&K|%j|$=#@rbHDY!O5n=MU#r(S+Q7=FJzGu4v+ecg2+CXkm*3CR=HQ zC|;^x>ug9B-qJAQ>7pC`$hDd3A~BOa;>Sdi#M6b^{LF{^$IXUoj@uxEe3RM!MV4je zr;xU_M8?Jz7MQBr602(Qc*0G7vG3XKgtAV1GtqO2pZpm`kz~HkQ-A#piP7K57s;1M zEZbLfC}h1@Iq>SIoCKY(iMp&h^C;|$alXKJJy+mhdcWrUp3kE*3x6>iA6?+|yrrM5 zeyPO1<(<^;i+nY){SubzfoOU(waRt)J|Q;Gz=?626=73iYr@ERe7ao1r=i z?$#Aur#H@Z%p2awsZgmEg0MxWYG?0>HJ=2g$bOM~+s~tRDGFOWW4`SseG1jws^E+} z4H(HoR@AN;$NPlRaEUid+HxL;{f)}Z2$eA+WwR(;bR}kJsOtS`!C{x zhdF~CKt6U4o@~HNm;)SgsIr*!^=3+1TRXx`6PS%%+q7!M**RHt=}97XZcZ_jmyiif zn8?ks;SMhr@SKvwatOo9in`-i%Q3hE*FE+Vp2eMd_~EHv?VO??dubvVL&HpC&sI2S z*|1h^KG|hIRJPTSy0jI5s6!dFZYXq6FwdrERECVI@Am5ah?<%aoMXjXA3rZ_!-|y} zICx*A&BVN*<@16ikN;v==IZUf)o@#to4PvB>y*)OA>0GAw7#vpaw$Y{?Ty?>)-0mO z^x87Q1R?aTMwG#XTERq(4;jC6sW3X(GHnrWQXNfaCp{Lmot?fCnGJcVukI3HJr z(f9|>89)8mnsu-pvC&j;qP@BYPKULT1fM!6E&7!)M!Q;E@wb7$(OWR+3BrQ}T>7#W z>a^Z-s8X*xBH_eOK?v@;SBv?>*d+I>Rrt&rZACiU@z+QEC<(cs5FHz!&#-1(ib}xEPUV4Lsm~~u_Mc{ALQew<4rU4p-$wTJ3O)wc;&~Fo z{ae_j5RUUhunhzkGYPqrWC8w1*dMm<=3Jpaq zqh}5!s4AfHTA>sSLZihIFz)dyE}s|cJqUR>Bw}2-Eck&3p-I~PFe%6yd?$E=K0*^) z6vFf=nVZ$HKS2cuo%+nYgyW#nr`7Sqd5>!b2;yJot006cmd+v^s44)c6Jm`w=cEBw z1Cxk8pBqE9(1E8%;cFd?WAnofc_LJKmD zKv0*06A=&tbASpmq6!h(R285^H)LvmZds!R;8XbT3l5nHjUW>A+nvX`EEvFdeI#A8 ziO6U$$s<_z`-C7N@Z|7;rdtEs1BC1=eg!bg5qbd$&%C6`0hJtSkLv}T z{HYO~c5B7GimG{c-+Hy$w$h^YIU?rPd?{~^+wte(r@w0d_QvJ`-9QhZb>flIU~i)E zuep$M#p43)UGAHMidws37&QQ1RR99(i69hwS!Gk46PN-5M9i~WSNZi-7$qGAp}IEz zlYLcx#lNd+@7HAhJs03dAt+*t4QT*{1SNyNc94i|ClI*S1nF$nP>Cq02x7iU-k%|n z1cF6hinLyd{r<7ibdq@?xBr6IK{1_fuD}aLe8Yw69|g~l6CVHZj8Xi_j0!FsTmEd% z;K+T~MyevPxkXg|VA6FV4U{=}ikn>5%f~CqGA)kXTmG)R;qc=YNP4tB!0zo@ZhwKV zFl8;dqg$fOo-XSDnS@E+EJeh8W9f(AO?=3-Ub*7|3Q!^Afg97to`94En?x z6=C<|O>fZo89%GORj{6H0h%2_Le&G|oKhrdQ%T55X#7ttAUr8DC;kz)R3(mtk!HUY zWT_Kmo7Q`jL+SovmR%(LcPcE39&bMRsSnC_WNke+8^sPkbk9cvkgiX-*{liFz%WR= zm4udgBe^UOHl}vsBa>2&&oU(JdcLc({UJ!J+g(|hZ4hmFHU267k zr9)C)Tdz-#*WN=2L2p|aah7*}x>REkzYP?jo^(F>^St_Ib&SF(9KcI&{VvW9de1*< z_Z}F?78DpG_^8k_K)-7_ts}VNO@NW)_?7=UGRW4T_=|al&q%qcWVc4lsBW{jcTFQFOfkb||na)gM}pyvFPtLeM{GLX7dK&ZoVd zAJ~AuYkc0z``j&G^COzsUzw(kxQNM)(HMZd^WYBamgzZ?oqWwu`#Qet^q=z+7EuFG zvc2?pdFiF0xqF_{+Sq%~RY4`%RHG9RJ1WSwGqvC9d8}S)Nwl zPCbwbPbs>cEoeW&Q|R`4cX2S4?T$FJ=cKa>sOOgYd;O2QpQ5&5RP_MJzByZK{cq8G zu$R_4LB%a`-3CB+>ZP-ye!MU%Boog3_I4=dcyB`p`~kw3Y+5mf(gza_ zDy(11<`m5AshZA@?Y*65kdM3BNC!@y$mJ5^t~zc9@!htL@gn(-jxqf@yVNi4GV|^k z@`IaZmgkdxWkBBP^}%lwFJ%Q9;9ubI&k9>X4wJQ_%CZ*GAj$eA02-~Y*RFIiEvTK{ zuvs7Hu|GG8sE44KGS9DZPs`iWWlzLLP;$m8sU{tUH|`@=bH5?ifoDv~^t@4-gNV|H;W!UaBS)yMm+{Wla#w;eXz{MBo8iOI zWPTMbILTDMiu41oZB=i*3;Ofs)14@{)k&%0s;;iVH*!uxbfz}I;+awYH-P+iOq|)p zjX{L6b~oEpOqYgcPgvmEpPH<;Re(JWt_WV+-U4<0ed|j(gL^|LOm1}cvfHjujg`-6 zCVVe!@lauJtDRv$aFrKN_Hc$WDgB)%*StQyOj!?3lNGbM=jsqJo+1bKpGV!wv(hdm z>>2zm8x9Tj=aaJTaC<6S*?gNlrVvSp@D;zmN~9&?Qv5LeoaAba7t+7uBO~FPGT!^S zH?brbHuf_|;YK6RaSM;bZ4^sE8CVNN3Np=uobercc61*zY@}-*_B* z5Jnr%%g>7a=!y1?EnsA@n_&d-DPZS2Y#y$A<&^TPluL*Ou>{l%XS@XEFwqgxy&IYs z3Q@k&`XeF7dLhm2E5V|QB9BgP6Bppy3n@KedVj!AqnALfCEG$6sD?}7G2&}GK|6ty z@y5V(IKe4Bqb_NdPUwr{?}j=9`m^vNzT75EOEAv!q+(sk8AI9EWUx}*Gkg*!{nSa) z@1eq<>o@7hQJmNZ+?uIh^v|kXm$Z3*lztw)Hj`Xt1k(72HEsP-yG)LV=WMI|YEMjl z5Xlu??fjz#f{=oXnl$9b7s7h79sAEnn^mztK@NBSBW4l8L*Tm3P#g8kb$NH&D*IRO zUlB^c%#K^ez3k1{saot4v3@;D5_+?MWuf<#670@Rt0J#VP@`+%U?!PiCtr%_M4U_>O^`4NrB(RbakphuROr+XEw zo2!mRH(Q>~V|6a`-O723`|H_iLJ6p?2%{uNe0bwptgTLyP#>lvh{=6Lm%{n z=jzg{XFl-wXsqAE20ilgAY0(+?CIALnhu$#g#HS7AITp-VZqbBUlNvkk9?Q@$S#~kC!1}-Is>Wf>3 z;Qev;v&0}R=yFm?*L@3H6u6ye5>j>dwo(=06Yy^lbIe+wLH-kOcXL`1@sDpZEEP=6 z;Gb(4O6m@4U9a>rGeyb}J0&lHKTu%7r;(YIVrTs-T8ffrTd<}OM5nz@tE-Krwv4&A zYrzKr(!#@29$&Yq8+D&H6mitOl1eA=6bw>lXq>*{DLdmeTEACc;*Z=uw2RRWnpP?A zMtcn6z_3EGgeTg$9c!ntWzL!Q<~hv>@b&PV!#_v!l3f*=+X(Mp{W_QTdAGX4_wD(q zA}w333{L8gV7ZOSmhBI<4S#T0L{un;>H$)+7?E6M;xj4K73mY6zo#AJW8#XXw_i!8 zFgVKbL>ycZ&l7UJ&@7D28rXEuHS*gNW--D;aOmP|RM9qCmhuU=#e%ba2Qdef5 z`CVVzS|M+MEDz+Dz5py1$y+UEY*0X{nPb-h2MS1@9ho?Va#rmL>E8cZL}T zS~jkKPaQod>07%Gt9{B?Y7q6?M-#YLi<5HB>8$RNBU!9+J_ywThkwR(FkowP#Y#-8 zU~536(5yQL^4nd3{-me15mw?nUg%C<>wX+|^?{Q%;UmsqD=0j4bmmu2uPi=_TK-!_w&5x{qlZ!&vmZHPt(Qv%{Av-W6e3n z9QS=s6Zi)30uzN*$Q2PRw3)uo2D@()5|5oTuL;03RzE*?H0$D@QlOUA}W6Y)X; zjW+of2@VuYhGRdm{eOP!t^04@8aTWtc`~GaSv7$JRB1Xd_I3!4v%NKP%cbPf)kJ9A zg9V0H0ZZa&>&(FKY|{|LV3~l=s2EorIm6s>?%PtNBo?x^)38M@U_Iyh8?luiu)lPI z=e^j`o+oi;VC1=X`*1cwqSxcn-0|-FyM^4y+<{Gap=}xP1ypx(wdEM-Z?u&M&2$J( z#uV0^>V0`K$xScn90Lws8$jzFoJ{_u>JYP)WH;O1BZZaW2+B+sX%t;^i+1Z~aG-Y}< zjeez)GrY6MhdbYEJdYZF_2=K?w|v%0Ppr?Y?nIj}=*Z}~+XLHyXs`i@*5-kYpMeH% zj*=H6ND@OBVUbvG{U;tp!oA*wBzHd5C8b}Sz;IQsBqx+cSo@c?+wGs+hI7DP|9WtWO=Z9|Ug7+Df5O|i z#d1xu?B-&W!W@DJbzb}N9fWrH#a{gt5U=*_Kj?fHGIYpL$kigY<=>txVO%qGeG&q( za7QnN?{CQURCx7&CK*r8+vYrzRK8Ufhg&4+DH}#3kWnNb=r#F8P5ku0G&V0+4W!OG z7PE9eK5!WSJfsXe1N2@NfLDmFO10F=Nte88TvK(9@g`SarQqqNpVP*~Nw9rfkov%G z7QkhU-Y;I8$mtsXZ2i_Fx74*3c#+^Z)|%}G#N^@Zt*CqlsSDU9QIauaZCw^R?e8x| zvd%oU$Hk_lDFQEpQtl<}5FtFA6uqP!V&u!sZ)q@wcQ5LgabW41Tl@8J8TXkN?B5RXDdxo17(W0A@f#)yiiyz3 z+c0bSV$W26I6c2S5KNfHok9Wrh+p}J*=+PZ@4KzlPYV6#`*T5D=-1-(FBh3!e?+Fvo&e+HS_5UOlWe|Jdbt}pw#!3Csot^bupszl$IXzuZxY-IgxM( z6cmK>>&|<;1#L4r5m(KLo*6s5x~n(jR#@nH7DPZ?uI`xD^s@36sZg|I13Chy*KBkg ztw-kG&#o4^q6>)Vh+zNygza|z&IaDjJ+5)#WPWq?tmbW>bpsil-PHjVMD*cnG<$?< z^S;CUt0RDY+UxX8RT1B+_euPHKG};CbW@&sO(;8V7HS7M)%lTp8(OA}5B#ZMm62Mf zrJ(e~eWODWb9pQ`dRB6OdHlx<^%C20JxztpNRd8Lfhd|Z+FSkiPo)yALkGqyEZ8vB zxtnmY!jlghzADs`@~}EptveOjsXr?#$(#i>F1#(f2$8wFIWpq1!k+J|R2w~*n*uE< z(K|(02#QAHcxobrX-2LS?IeOAUNNYmsa{d$Pj>HoQB`Km&=BSrO28)@R$(EF+dQ5n z#r5m1+;^vLRr_E zZV0V_(o2U!7?;<+VQk73`K(hkX^iI$Ttg zy3u#Le@8lgR?ny`M)a2gT^CcM=rdkv!E^}Tokr~&k6^5PAZeIX;|l}VBo17{gE-uT zSAFt3OZF6ewzAHGvV^1pK7RCT+d}=sDS=ami03tLFBna1+WRK*t%T?34fFj`4Rw?{ zTE%UbzG;qhBQy*&>A>FtAZrdY{)aBS z#Pk;!lIJ`D@*OMg<RoNi?B=dmD~6IBs!qO_X&s%l*O{6Eaw~Zy{DSL+Bzh>~?PkbXE(^WLDa~q^efhGC z3aj_=l%2-yp5j}qMDJ*=_%+k-$0Z*w_`B8#FlHNw&>3%ABivWfx}54O(s@ znY^VTHlLxp*0amiuQB$4jLN0MANm^OT6e8q zNY3h&$gb!D0j&2_crMFa=YJWe#@|}qAf5aLQ)Wgx={TRZsmBuo@{0y5v@q)imY0-6zBO-HMig7>Lvu&QoI&Z zgXk2fb4A$lzqo0M(j@J{ZDOeT<%EbiN%*Dw2tzHczq8A?$0Q!1TU z@l!(rGoES%^>A8ub>xJ5kLFtGon$GeDcA;ZUY54YzdAfsW+404js)9E-{hy=%(UvY zhCt1+54nbA`6N^|uLp8S!UvkG>BVlV#!=pUiTg6hqSg_SmWqY%PDKB$BkLav@X0G7 zx~&)V))}c&6PP94v~Q!7{S+~6pUT@-9R*sV+@q5UZW+_x6{=mJ%%1=L_IqE&N)pPk#Mp5iO#xov=&d9P7tPRdZmK{Q+cE`9uw zO?Y&(i&o^hdh*e#PQmOZ%oaZk$KXqNCDPw4;*$bD+l=r%d%8Xrnr0EYQ?XKTRI8sT zkZGAWAzgit=#mhfUU!ZKPeNgf9}AP)+d3PAjB4v~pSgX6jL??P{;YPzf}Zhnog4YM z8Ly{ru2Ow|(`4$CL|y$-V@%JB*iO+5Y9KOFFZanS%<7%9%D(>$5Lg< z#;`LC>lFFe3vm97LWQ50WL!(kav`3=dEipNGwwD$@;dI>)ffkl6AO%Vys}@^J zKPdr6ffz`tC3qY{vS$2BOv^Zl`!3t%o8*7QI!m_qJ0q}8BhdQZl#wekb-<4^%6)~! z$Q8-Jc&|LbBlg2`KxjEEAZlNVl6;B8pJXz2 z7ug~kp-~POc`Mof6=UN49e5&x0kl0NB)7CRQIEjVM);{OFFtPsUKNt9YxEfr!)HT8 zri-tUPVQ?Y2x-CY4Lg9#okhZ(^o!q?IlGAP;s zyT)v9d7wrFq~Y>1A*$m83egB?`4w(tEjKP*W&q;BWl)NV0e3W$b34=?5_45Age1v> zA!Q#_W@5(97FmG>m_oa+BX5npV&}0Yy?)Xo0=u`Uq-nyqbWj;R{WE;8oybXmUh;~% zFZ(-0fk@D4KOG&N2x&w%!(VC`xiT=KPi^X>A|=B~+X`HDH-E42Jzegnqox(z(?H_B zM=vNzo^8)XfkXNgNEauxy^Vsf+jbfA_kKjBYa6KM0l%)R5${+`dTT0zD)}B2 zmET@rJzE{Wnryk;3N#ah)AOz01vHwma+&A9zornnT}J);RyFnSd11#n*hlJo0m`g<^fUd-7qus*n2U^yKJan7n9t{!kPkfpy=vu>kU~>Yj3Jm#4~A zo~1o%7zck_h`KOW6Q~HOq12*-hj_mp_vb|Q*B(3wQUZNt{_%zrXrH`c529~~D8wPW zoq!O^sL9to5UW8tyCb^V%Jc>+!}?H6C1@@h(yWN8yymSLrgUHk)k;o5^Mj<&X1p`?Y!n$!0d0EzU-Khfz*QPR!q^ zK?D+a+W9l>rW+8N+2M9xVZz}FM61-3E4}5P44iu897+evdv=q=rEg@jLfPU&nIABmY~5+KKgl zuwocJOLjHc2{)vyhk?u&0;?-Q;vzkrnNWl+E?t*9 z8Hv$IAO(qF&O1Lp;yW8l2m5&kerr=cAdM9f{>i2(lyS=>;rGMky25*(16_U4#Mb(6(WB#h zwEMUnAn9?tdDxNPyrs$OIYINu=uncFyBX|;Z0~4D2uoA#v3S`mHjBTbZ2}^T!3>^a ze$U>@kmv?RsV|B6B3_^zXWQAqEQ#=zKgAruNurP93PSza!17|OI}kge7gd*|wTdn> zsy$j4?W)Z)I(w1%7rN;m?2r~dV9a6=t<1bz#|ZDOa(x{~;e7Z(2EaPJP>*&k*!gT|Ik)gBHK zZQ0Am*OQ~t<-aO$s;biNH&Jv}>5nHW@Um1(zsp5JzeB8 z8bGb@+f5ymi9v9Nq>xy5xzc@fwa$TR{LPLRB`JqwBwbc97!8F#PWH{?SkuH2 z$U^Ag9vU-sF7?)R*;pn%GaB{8=em9u{W$o$9wUOOA7;RPXQ9b`2Vt~&Nu#XtaWSLl zqfiO~UtZ_z?ZdU!JkPqUO!-gJ)(nAplC7gFqo4CW4XXJG(Y*ISGWXAPumx#Y>`9qP z88LP2Bu!Ee4-LaCVj@ZY18@5qJO*+vBj-tajEbb`g@w2*6f-Y==-eLtY(39Bj_;iP zqwGjnsTrM)V^umxq#cCp1f9#rJ8KWU!1uxOo?2Ab{>do1=f~*YemESAyNYA_c6gi= zf3YAuZ{*p{E9%h#4nl6aizd~(3f?vHDq|fP7Waonc|k@m z^xbn;-Uru5M;*LRLkVPut6#qqaq%Nk7uk|Ml*1;`ei`a2X+_4uzW&QUOY=3?z21*X z8E?)XU9Y&jSp2B4M6my)i7E+etmU`Pc0-@hSrKry_=)yap~lG zzG&m@6}58dn1&mLwRv7PvRhL@7m_cbyCbWYwP<((DBZ$>80)gxWI)$E_ zXQ@0qEtgn-ciH9vd;c0oys1f4`1QWm(&U!XW#7@fBTd60Z>yi#8cj@dqwO#XSVAl~ z*;WLEy+)BqH1h9?_*E@!V1cFjbNG=FHhkYq&^1Jih3AknzRLoGQL=l zBz<5wg;mJoWXN>Ft|!xP5_e%Oy)!eSxa~c)IXLf%#*Tuk!=^;zIhOab4(~r{!mN4X zym|6#wpAST&xcrJeoVL*?uc5rp7U5_W;X;5%yEJIr?4Z(m$(uo2VD5Wpr250^uvCR zZR&-jbF<$hWPn7+ByWX9ni|OwrfOXbq1U8zV|k5F{KD`Q-}h!t+8QFanHUK#h@C z%8jsvY}C#s$M#G#U>ZgSGbu<&+6mKAStyW_=sDUINeE*4Rr@iU7cg;&+a0RSo{nng zxNd%Dm`RDI^O+rL=I2MKg=IY`H`>`ALyk&Qlw~q8T5AYw#Hc-omcQoJ;^n3 z6^vgC;HSzBu8$ z#&@2Fb>HK8Ru&AwbgwO^HS?}X2c|+rtHo0cP@W&ROTh6@o72@pH8uXhrL>~y_|zrF z?)bUx$GFJ2OR_*rmKSV?kZ>I-h_v2B@XJ4%OCcZ@~$`aM{v zsJP5@nW=ZZFYe+leL-v+=F2jzqQu)ftPID+5p1A63LU-ANYX;o7eN(#asP<^HnHjx!REwMO-MH(bdUVNx6U~Kw{fEi3-_G<8+fIV>z!#^h}vB zKk65yUcZg{9RhZSh5bs_p5t03O=vxB6BvRwjdhLEz4EcI2oCG&n1|J1{uNJw zYK~W~b`sWfW*M)TGr6>7Ixq>MwXV*nQ;Q%6c3_C&C zKjc$b?dTobug8X?|Kem|IVt#E{w!gpzE9%of7|RqJQ*uI+upGgI8MWi?!2YEIS_4# z8;JRvFxN2`3o3IKa&E6GlJrJL*cn)@fZ(afixD@o70}#YSXGV3$)*oTRg`m}+Kh`K z_8`e-ET?CrBh*iKd-}79I%96CtqTB&!j%(=C1`^uHi%5U67%nmuH|!Lp}JO;0HgNt&CjAxVXe!(P>mw0Ak}6Fs!e zJ$76?3DctbpTFshO~`0iiIl1*p4;-tAtCr?tUZ0fZ79e-QcEZTw(654nhWe&RJR9%!Zhq^a-dNj)P(Z7L#|(DW9Ff7K0Wp1$~`kmOR?Ybj~0j zr_hw_3}nmuEdw0GREF+YJ7JXX+Wo$3{gFpK(>I+URa=4n9^D#E9RCw_s?qlf!7Lab z^&_fLx4XJ)Gw#bM6fw!+P}R(5xN>B-S~pNP2_+J??@9}WmX?WZZ*blc@)mkdNi4ds zA%}8(NV}edOV|3+^q!XK^CL>qdpTJK_Ga9&R0K~t!oG2A2kIWnrpp$tsLgTg*60S@ zMOV8k(^I8H*4Smg%H`h@#Mxr!(9bNEb>S>b+EwVAP{0)$kkso5!tkVH*GJz+S@ff4 zKM-?rHGs*?_!qFpCcUagTj>-+;}S@mPR>%iO^M>&8Aub|3?t-P$m+`)>&HM%vPhL) zgN?z<>u&lfpf@1m{R4sh4~U)gHB8nr{ZxyXsjZ)9ZZ7hd2z_}c;$|mqZ$;)T^U-uw z{0k)+&T5eiZwefp!2B|8JX?^t8Nae{;D(i*lP|`0dX}}Mfl2H6T*ZTP>Xf#Va`aeD zn9kWBt-U@cMSE8f(7^Eow8>g`N!_e(Xy@8hI$~F+V@Tsxu9qpG?JJu--9RgAV%_%f znzER6xVcJa>S5Q?aYZM1Sh8D^bXw7X2aY*#yHC3mXqka-n7PLkygGNM)jMx=gY~?Z z(88eSF}Ia=oUwPcqpyMeHMWUd7Bso4GA@!mvh{S=`wEmkLk%6XZfTUGjBYDC*&=r- z=iQYe>bI&$xjx^x_CE4gsoJf=O=1Ha3;!U-t*N)3Y+F;MjD^3X*oX!1$>_)!)aK0e z${O1Bb9%Wj$<|$%p1FhI*bx~vyB7W$>j6YSe z|5oGrXH7Lh6uRQ`n?JsiT!rWSiADKG?tc(=YlCuAP`X>g>=Z37rR?SEUKk*e2JZ>X5M3)My_$ zqz!x*f|M~v5M>!6*JDonVK}&_9_Olk=)X3_eW;+CKl#nD3+30`GTW_G$AYwhIz;Bu zf8jyFIQYF5lK&SGx(=aG@WdRP!`DUB%^u9!FS41CA#Dh4PJJbL6FOyv$xy3|aTCU- zs9u?l6@M5uR_eWI9dOwGISq~rVQ+ri5^^Fh`deCzi55Cgj2>Zp37r-(E0as%QUCLr z|NnZ;zGp)d)phy;3*K~RPt`NO?f;LFM%^^eIhi0wsN0Ko`hC-#(m&E;i8llplc!ecAAvUNq=U&W9Ng53Qpc|V9 zoEY4Aqznd&HHPEaR20jd|S7b~mw)7@*QafF!)NY4^9z6)!Kr9fVO{OU0vl)rQ zU@TXM4Q(JaOq0hNqk_Ip%EoHQYqQGj+vow z6xf?)^z?^HrZ^VqzZ&5yVEp9m&r=t_)$z)q0EgTj3|}CWC`n2A>f~rjZEtUL^a94$$mxzAbm5jGhc5EAI04Bl43acy+xyvp?{de0*G>9~*k#e31J?;X0rE*Kp*1 z2^ci5-6$<4xPJs*l$p$HPZlWuJvvan2k+F3`rSAylndau1}hi$kb8Qdoc3u!5viX7 z>SrI7je@eII@BqA|7Qwvy&A5&yURR8t`|Vt%Gc3a70}SJxG0!Vx`U+Oq>wT>l>5&q zBV`+C!*DmY6*LWN6}mq>LiJu6$_|$$UE8R|aOI(#4=+=9l7&DP%4z4BP_io>JxE{P z!gINwhUk$&AMv0}#^i_x15~F4R*)W+ZUbc|eR%ygUyF^A>wlX)v`rq`Mm=w4j5DL2pZA}&M#|^lS=TN2WRUh~gI#8%HJc-C zaE0-i8F(Tef`)+?b4AjXBRZG_8Rw7C=B6)u=jhO}NICBLY}Up4!W~SSacI-Nj+k&! zG9?&_6c|Vm{wxf?!DEVyfluYiWpRJ_Pm{KfD9J|~Q9oojlwmmRoRNz0?0)(>!WHP} z74!xfZB-9E_)l;qnhV2&5oesR|8mDuxMTT|2lBj4J*dv8^ld$2HI~ro-kI6&$Vhm@ zNSwKS3r0pl6|VDL`s#&@vBg)3$V2ZTR)hZ95U~hu_@)fj89pPHG6KCc8+u!f zlsnzu<4#*T^VxL!ITCKi?tOo8fv$yo@DsJsd__*cL4a zu^Jn&n&CmRWyDfeVWfxq2sx2*KD0r%2j?YXHThsQx+51}{$VxjU^R(i3dk_oz%UI@ zFfYqMnFTCb_FU&Q(wD!d4d^2Wv_Xr*@f`BD)!=Q%d!}0ecu)iVhLLv`D9+Zj2zAb06oIz*tBq`k7O0R!>x6Rbi@V;uy5K7BRQxE zjSQgOX~VvK2J)V7(8Zdt%5B8CK;lfBj zK#-xHC^GhR>iCb}a)8y^@%`};QxYtW2LV>;1rF}GUWo;B#e(l&6@UfUG5mQCnQpnm z!y-GqY)(iTlhglEKUUe!A9KYB)o{_%Y*h6D;fOiI-q(e2AMrQ=51l;mg4Z4NzNo&! z^);Hd`vN2m*%q8~Xz1DSyD6PYjtl6eScA5s%zYO=ye)mC_UgIk(HLiv6`7rC%JXM2 z>-azSqLS!o6w^g+)8!>OkV)2^hcDr3VwyS@9VK34V~MZ%*9oyodOGw=tW)8VUd_r5 zOJY3a3}cqmuUV!tV2%CyMe7EJEqoedixjtiGfTQ|rbmQgp#Olu{o)e*`|qWETo@{L zyq0c)l>nn6G;;H$d>s*7qV-Hu{(HSLse~GT5o&p1$keeHK_52sH`WR5Es-~2E&m6HI~28;>A!WfVs_vR*rQF9Hja%aji^7xLM+N z8wY8Tq0gp?dr%I^-+ovkOkhGod<61!O7QsT$LSVWWAKo&9`^UU;I&LCFj8Y!%4;?>j?Bb^@cMyX|j@Z~f#bu=Q zDulD&dJByu;M~&y;VD8exXj75ufS5|}*mVe%}N*EefT6m@wcewniU-F2Cyc!9hozc1Ha z7@cVPa33xAf>IyHr4P@#EmadiQIUIX91;XB*gW^=%un2S>Q21%QTr*J4RKoTB;YGmdGO>Ni3#|<)66buvY8)DSY zj@AMuKbQ@wt0v#PrmN92G?vJ51=U|@Y%Cu^a|sgD(bIsH2ULdV^gh4|xGG2zxnHXm zy^!yyO^4NMI^ZZE2vA&Y7LKi~h0*~`LN2ZIYYG;ha~h2S6M+?c zFz{qy&Ip!{HDw~b1ut`*wy-|6@ddlG#wR?z4aIYe;wU^ETmllmCso&71!eiB?^l*r zl1(hR9!v+#1317zV)5M_sK9cT`X&Y$e3C3UKke|ElwcyzDBb(2-++9=l*OF&XV zES-I0$^EibJUc%Twa5)!m--9U&`&qV@L)+gm=o<+MNH+HSfCNVQm?*yiUT{kuNs#J zqTzrwoCx`AmMh3fg%^1xjXZ#rIM<`V@BDK*^=tIQ^|A6^IACnbkQ`BJ9OHG}^xBAP ztHDx$)q@yTA4+g$IAVlxFs{RTBHMS6Diau7(|SL=JUE%};Wsah8}E&(E5@vh7+jjj z6xtG9#xGUW3Ey&IXxL0)T^sxmZ{X1*S6}f`i9}pi$TjH;WydqW36tQF^awdpV$E>FgN~@{4#?WlV4yuo zrfUd3iL(V$-JD~s{!uhkwfGngg6-lwck!FuM}2Xf{0 zD9@$5Fj{;PvP2yJpx_kYa~Rjb)S8a5Ob+nOZo!i62b;dbFBYv5UR9YMUE`s zR^p4|$}u^^SPp+quw)p)MMEQ>R+5#{L1!gRgw}~zhx;S`JU9kvFvH8HwqGX=&V@f@ zg_#cv!>2OmpXkRzDhflks@Lg57Od{GNt!62ApMuauLbL5n&!eqye1v^LthL3Y64tw zXy}w83r6a9zGhyBCksnnaAzDVnCuiCOn-m-uMar?v_a>;W3eWr{>nG}CRk}OQ^=Zk zL_w?mpZ3sHvUN_B9eR~eY{5m4sRukZ~Gih{_IL-JnXg+ zN_Oh@4{FozLMMaJWSaTSWAko2S=LA^S0O<8%oQhz&A$Mp*TMXInHPi~wO_QH$dBEv zS>_ypGi$&39j-m`z6uWAE99(7Ky2JP^}1XGUUKb&txdbtkF770M0u(;u6(yT}Hxo4cgV^F)6~L)ygLU*U7vXwhr;ox>r7w&21?E*(hEYc!y+D%m0b1>0Ku+s=g5QSzXU_zXkW_>tb zF+O{x!d;^qck?k#u-ESq^KC$Qdv6f`_~a5JOHcYRpKM7Z@}{8>=NHk z@Yt-!m8~o0CD*-2D94dyi_fotD}5NJP2HgeHsb`&AX2_*TIQq zqG4KP0+zk96|uQCddXfcLj{K0J@0RCm)4%B-HAQxzm}l=wyclpbc-ZbEV1DRhBm&)d0wD8fw}oQMuQijc?2$ z8p|5uhq4oVRMo!|0r-0xIsFwhLarsup0-MyYE>B9Ns-E5co*_}98ONjGd`BS;fmLa?T4~<#KU!B2L0P2qVQ)2;f{TM| z{qRvd;r7yH&E+g~yY|H%siJtGw~*=*-~6dL#BKPT@St9B;$r^?--UxOkNrq9_Bz0G zL*zdW0rsnmO4j~Z-NltuXx7kshobXMd`<2CguC{9ieE<1(!J=Guz6=k;!B_2_-)or zwm^^<0B?=pVYsiPDs~z%$v2eEf!*O^dIUi;kIV>3pu9o+LEJE5_HtcuU)s+>|T@K ziT$$h+_9-G3iQ;s8{(XNKTOac)*A!|Y3TQME&WXPSk9eFld!M6-<`swW5KIb<)?jI zvTV}OxOW+~$n%@#4LG%02T@TAch}M*#4GHgp1n8iAv7Rj&rJoI(5$#hVw#3^dI_To*YtD_5?^>9s+b&3wy0){Eg1$%JqoQLeKsbxPf0y! zxIpYXL0wjLx3EF<{KN5Q97|`m3bA$0KR%S=>{&A5VJ6|c>0Gc>a|^PxY+$h<5|#DS^M+A6&s><`ZV@r5564MF|Yf-GhJAB@wI=mk_>61-47{%T^i)$6O{~Yd!j{F_T4g__~9V zrJ6&1%*pMIx}|cJ?%-yoOYrWHb2UWZ6L=Wv5I7o4mtgJ(lL{t0;^1v%@a$ z_15f-7v0`Y^g-&kmB&iDMxTtoA|jdpIAEzY?!L?6unJ4tcc)L{@*8?f<9Yut_LD)w z(0P-p^lf~|*i4_`%MFkG!%Jncv6T!)9)VOvFKWqyCY3IucKLVKL}Qn(iacDJJUeyC z9X}`G5>oz2(}V1@mlDrzd)J^8Q+J3|b@xzned)OK53i&CT+y?=zT^vmxYbMr)(fL6 zg=3jw^@>znD|+F*UwBb5PUab|u8I%2+)zX$xM$|?wPvjHhRcf&&q!Zh^_^;2)9I`x#Qk8nP5?fy*lo39*JV#nGmT6)pkkIotyPf4+& zsX8b#!ybtRO1zbaaWo!V75VK`+Lmyz-rt zkbuI9-^+X(s6`f2LpIupXWbz`ljE}~U+*`&=&5o}Gr#_5CW`V88KB616Hq2%xH43G z`n0^kZ{lltAD8o_m0Q}a_b(;zRj4wor}~VHWzEqjRd?A}r%}cahsdlU`HZeTcSr#3(h0`oFlyT=q1<&Spi#uzu+*th zrfeZKLr_1tyCAV&_+V;E36&k2&9gM>TPuFzw0W_sX^nTs;&yd>ipDo2I<2pI=E?43 z6lwG*=^&;oVDB>byP8g}o8n(lStS`J+L_9)>!gP?=qyw&p%#A!nYF%J+w5*NC|jur zoCz5p&`jpdbg|d2-bv9gr~rhg>`|J_OLD57puma(sqBaVF_jXr0o1QAh4-9{{(KdF zYTof$gcx}K@G?5Fk*yBN_tR2@J?t|exWMW9AgU&r+1{%x4= zIpB^^y<0AMYZ@VTQ+M@!h*6^&WBmKtFYJLqvmLBTLGK{SlApP}Q{6PR%kF6JiO^_M zXl?P5PK-z2D7z{?a1wu`XV)zy z24%NXg!k{#?5w}E>#Lb`*y*TGOliX24C^qx)f(ISy^~)IgYQ@vplS zqVj0}BnnA|iX@*k_!*Tg&0g8-dHq`)-Sb!$7 z0g{SjyXE$u3n$nB#6M?rn#E(?w~tyB@!u3a`Ym+FlPj+?YRKiHMYm8(6`nfdVXoue z6aLRZRHu4{fy|y<76(Q?Zx#}9-S%aF?pRxtH~EL#5e{K^KzzOZ{#mK->2^WHxsw6= z)~|VmHJtmgqO`c9+W7ELot9S}n<+fqeU(@u^C}yQt9(WkcQU`=TNl2Qn{f-0og_?6 zRb|Z9yW`qjmsPJexpKYH-*3jHXg8{eu%q&Z6Jf{R{PT(pnT|@SUG;v-9dc1a@AP^( zV~f)EF|A%B39Hk}g4XWO)HIxX?w6_s*(kpF{wXcQx;LEz;z&1TQ&7`VK?PLn z=COieD>13Rftmeqry>9G!dB+hjw9M#OW|g!tJ&^9ndb(nLY8Qg_BsP6Zg=mCqfEIU z?Jdc^h&ReuiO<=4Yw0=iLw={YNbX4$^QV{9`1fklT_`&RdEQu?B+Y&5L&e=rPT(Iv zWj*yNkM3!&>M2ubpm2U!dtYy(VzF?BupRq-jebhLplUV^LrD#M6)-SQEeiLVtwcH$ z8)s%NsSse!@b0*dWIgh&!V&W1ce*#t?4e_2c_!GaFulxTHNJbj;P*_asp?dYRaVdk zfoXd<8>N1f%FsI1JBxW;ox;}X`bqiEBwDVS!N)IhwI*vdM`^SAK3_t)Zc{NgO4jki zrjR+&Lm|9jHqD7mlfH{N*ywk$Ty^sP*e@P~^h?>e#CwH0E4Xi9Emf!sc3hJLVy2l) zAVjY3ZPC1dAr9fL2TWjg5H?LIXXj9$m%>2X?nf+>73o1F_0*lC^Y6##LcCj4ay=#h z&d&44WvpnsXaFI0S?`r)*}BK@j2|cIZdm#7Slw}kmpiIZ<2@N_VvIMicgywo+(YIm zKX_~qHy_SjXh?z6OA#_VeYnZ_EQbL-4<37`G-w6|akJ~7W}u%>COkuhR^}ew0W8~_ zsUe~De{Y5VPuKo0erx{I)0JV#A(WH{ylgEl^Vpv63hItT9Z;twT_mvDjEK)l# z&MBuO4hHl}?3(e93U9o(636AV>0zlXvDKA1%~O`^l5e(yOyUJF%xj6DUiD}C2+0F+ p!9JAk1k*PpN%_~+|ATHj@b-(xig(X!mO_JnN^ Date: Sat, 20 May 2023 12:51:24 +0100 Subject: [PATCH 504/870] nfd and nfkd are considered --- .../codeql/ruby/experimental/UnicodeBypassValidationQuery.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll b/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll index c6683b08900..032fef5ec2a 100644 --- a/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll +++ b/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll @@ -50,7 +50,7 @@ class Configuration extends TaintTracking::Configuration { override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) { exists(DataFlow::CallNode cn | cn.getMethodName() = "unicode_normalize" and - cn.getArgument(0).getConstantValue().getSymbol() = [":nfkc", ":nfc"] and + cn.getArgument(0).getConstantValue().getSymbol() = [":nfkc", ":nfc", ":nfkd", ":nfd"] and sink = cn.getReceiver() ) and state instanceof PostValidation From 7cd1fd4bbf31e3d779c7e3fccace01bcb359c42b Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Sat, 20 May 2023 12:51:45 +0100 Subject: [PATCH 505/870] CWE-179 and CWE-180 are included in metadata --- ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.ql | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.ql b/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.ql index 64ea34779a2..92c60f0b681 100644 --- a/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.ql +++ b/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.ql @@ -8,6 +8,8 @@ * @tags security * experimental * external/cwe/cwe-176 + * external/cwe/cwe-179 + * external/cwe/cwe-180 */ import ruby From e345d7dca488d305203c963a6af5d884ad1e0100 Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Sat, 20 May 2023 12:54:03 +0100 Subject: [PATCH 506/870] Update ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb Co-authored-by: Arthur Baars --- .../src/experimental/cwe-176/examples/unicode_normalization.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb b/ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb index f22cd101486..6bf49406362 100644 --- a/ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb +++ b/ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb @@ -1,7 +1,7 @@ class UnicodeNormalizationHtMLSafeController < ActionController::Base def unicodeNormalize unicode_input = params[:unicode_input] - unicode_html_safe = unicode_input.html_safe + unicode_html_safe = CGI.escapeHTML(unicode_input).html_safe normalized_nfkc = unicode_html_safe.unicode_normalize(:nfkc) # $result=BAD normalized_nfc = unicode_html_safe.unicode_normalize(:nfc) # $result=BAD end From d11cb9195cf66869320f1305f2067a8dc83c1147 Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Sat, 20 May 2023 12:57:50 +0100 Subject: [PATCH 507/870] Use of CGI.escapeHTML() in test samples --- .../query-tests/experimental/cwe-176/unicode_normalization.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ruby/ql/test/query-tests/experimental/cwe-176/unicode_normalization.rb b/ruby/ql/test/query-tests/experimental/cwe-176/unicode_normalization.rb index 0526c0e197f..da3d33a3a8d 100644 --- a/ruby/ql/test/query-tests/experimental/cwe-176/unicode_normalization.rb +++ b/ruby/ql/test/query-tests/experimental/cwe-176/unicode_normalization.rb @@ -18,7 +18,7 @@ end class UnicodeNormalizationHtMLSafeController < ActionController::Base def unicodeNormalize unicode_input = params[:unicode_input] - unicode_html_safe = unicode_input.html_safe + unicode_html_safe = CGI.escapeHTML(unicode_input).html_safe normalized_nfkc = unicode_html_safe.unicode_normalize(:nfkc) # $result=BAD normalized_nfc = unicode_html_safe.unicode_normalize(:nfc) # $result=BAD end From f5ff50880c05009e4f0d2749fec736cc79657fd2 Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Sat, 20 May 2023 17:58:24 +0100 Subject: [PATCH 508/870] Updated qhelp for the use of html_escape() --- .../experimental/cwe-176/UnicodeBypassValidation.qhelp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp b/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp index 3916813c734..90751fd81c6 100644 --- a/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp +++ b/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp @@ -16,10 +16,10 @@

    The following example showcases the bypass of all checks performed by - flask.escape() due to a post-unicode normalization.

    -

    For instance: the character U+FE64 (﹤) is not filtered-out by the flask - escape function. But due to the Unicode normalization, the character is transformed and - would become U+003C ( < ).

    + html_escape() due to a post-unicode normalization.

    +

    For instance: the character U+FE64 (﹤) is not filtered-out by the + html_escape() function. But due to the Unicode normalization, the character is + transformed and would become U+003C ( < ).

    From ad754f138586e27715c64b5e280269e1db5f6651 Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Sat, 20 May 2023 17:59:08 +0100 Subject: [PATCH 509/870] use of all normalization forms without the ":" prefix --- .../codeql/ruby/experimental/UnicodeBypassValidationQuery.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll b/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll index 032fef5ec2a..5b715f03d38 100644 --- a/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll +++ b/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll @@ -50,7 +50,7 @@ class Configuration extends TaintTracking::Configuration { override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) { exists(DataFlow::CallNode cn | cn.getMethodName() = "unicode_normalize" and - cn.getArgument(0).getConstantValue().getSymbol() = [":nfkc", ":nfc", ":nfkd", ":nfd"] and + cn.getArgument(0).getConstantValue().getSymbol() = ["nfkc", "nfc", "nfkd", "nfd"] and sink = cn.getReceiver() ) and state instanceof PostValidation From 0a0a6dde40c7828bcf7ba6b97f6a14850462725e Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Sat, 20 May 2023 17:59:39 +0100 Subject: [PATCH 510/870] Replaced CGI.escapeHTML() with the html_escape() --- .../experimental/cwe-176/examples/unicode_normalization.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb b/ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb index 6bf49406362..099c2cfa051 100644 --- a/ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb +++ b/ruby/ql/src/experimental/cwe-176/examples/unicode_normalization.rb @@ -1,7 +1,9 @@ +require "erb" + class UnicodeNormalizationHtMLSafeController < ActionController::Base def unicodeNormalize unicode_input = params[:unicode_input] - unicode_html_safe = CGI.escapeHTML(unicode_input).html_safe + unicode_html_safe = ERB::Util.html_escape(unicode_input) normalized_nfkc = unicode_html_safe.unicode_normalize(:nfkc) # $result=BAD normalized_nfc = unicode_html_safe.unicode_normalize(:nfc) # $result=BAD end From f7f0564e369a24aecc82efdab02e0b681b4a6d97 Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Sat, 20 May 2023 18:00:27 +0100 Subject: [PATCH 511/870] added one more test --- .../cwe-176/unicode_normalization.rb | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/ruby/ql/test/query-tests/experimental/cwe-176/unicode_normalization.rb b/ruby/ql/test/query-tests/experimental/cwe-176/unicode_normalization.rb index da3d33a3a8d..848be4b081c 100644 --- a/ruby/ql/test/query-tests/experimental/cwe-176/unicode_normalization.rb +++ b/ruby/ql/test/query-tests/experimental/cwe-176/unicode_normalization.rb @@ -1,3 +1,7 @@ +require "erb" +include ERB::Util +require 'cgi' + class UnicodeNormalizationOKController < ActionController::Base def unicodeNormalize unicode_input = params[:unicode_input] @@ -15,11 +19,20 @@ class UnicodeNormalizationStrManipulationController < ActionController::Base end end -class UnicodeNormalizationHtMLSafeController < ActionController::Base +class UnicodeNormalizationHtMLEscapeController < ActionController::Base def unicodeNormalize unicode_input = params[:unicode_input] - unicode_html_safe = CGI.escapeHTML(unicode_input).html_safe + unicode_html_safe = html_escape(unicode_input) normalized_nfkc = unicode_html_safe.unicode_normalize(:nfkc) # $result=BAD normalized_nfc = unicode_html_safe.unicode_normalize(:nfc) # $result=BAD end end + +class UnicodeNormalizationCGIHtMLEscapeController < ActionController::Base + def unicodeNormalize + unicode_input = params[:unicode_input] + unicode_html_safe = CGI.escapeHTML(unicode_input).html_safe + normalized_nfkc = unicode_html_safe.unicode_normalize(:nfkd) # $result=BAD + normalized_nfc = unicode_html_safe.unicode_normalize(:nfd) # $result=BAD + end +end From 97e8e0bd8edd9788ded6f000b3b94d071c7af89f Mon Sep 17 00:00:00 2001 From: Sim4n6 Date: Sun, 21 May 2023 11:52:29 +0100 Subject: [PATCH 512/870] Add String Manipulation Method Calls & CGI.escapeHTML() support --- .../UnicodeBypassValidationQuery.qll | 37 ++++++++++++++++++- 1 file changed, 35 insertions(+), 2 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll b/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll index 5b715f03d38..a642438c1b2 100644 --- a/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll +++ b/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll @@ -6,6 +6,7 @@ private import ruby private import codeql.ruby.dataflow.RemoteFlowSources private import codeql.ruby.Concepts private import codeql.ruby.TaintTracking +private import codeql.ruby.ApiGraphs import UnicodeBypassValidationCustomizations::UnicodeBypassValidation /** A state signifying that a logical validation has not been performed. */ @@ -39,8 +40,40 @@ class Configuration extends TaintTracking::Configuration { exists(Escaping escaping | nodeFrom = escaping.getAnInput() and nodeTo = escaping.getOutput()) or exists(RegexExecution re | nodeFrom = re.getString() and nodeTo = re) - // or - // stringManipulation(nodeFrom, nodeTo) + or + // String Manipulation Method Calls + // https://ruby-doc.org/core-2.7.0/String.html + exists(DataFlow::CallNode cn | + cn.getMethodName() = + [ + [ + "ljust", "lstrip", "succ", "next", "rjust", "capitalize", "chomp", "gsub", "chop", + "downcase", "swapcase", "uprcase", "scrub", "slice", "squeeze", "strip", "sub", + "tr", "tr_s", "reverse" + ] + ["", "!"], "concat", "dump", "each_line", "replace", "insert", "inspect", "lines", + "partition", "prepend", "replace", "rpartition", "scan", "split", "undump", + "unpack" + ["", "1"] + ] and + nodeFrom = cn.getReceiver() and + nodeTo = cn + ) + or + exists(DataFlow::CallNode cn | + cn.getMethodName() = + [ + "casecmp" + ["", "?"], "center", "count", "each_char", "index", "rindex", "sum", + ["delete", "delete_prefix", "delete_suffix"] + ["", "!"], + ["start_with", "end_with" + "eql", "include"] + ["?", "!"], "match" + ["", "?"], + ] and + nodeFrom = cn.getReceiver() and + nodeTo = nodeFrom + ) + or + exists(DataFlow::CallNode cn | + cn = API::getTopLevelMember("CGI").getAMethodCall("escapeHTML") and + nodeFrom = cn.getArgument(0) and + nodeTo = cn + ) ) and stateFrom instanceof PreValidation and stateTo instanceof PostValidation From 128168a7e784cf34b5d241a6aa6bcd2035d13738 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Sun, 21 May 2023 20:51:07 +0200 Subject: [PATCH 513/870] Ruby: Allow for flow through callbacks to summarized methods in type tracking --- .../codeql/ruby/typetracking/TypeTrackerSpecific.qll | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll b/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll index 7402b9ea18e..31eb7814632 100644 --- a/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll +++ b/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll @@ -598,10 +598,17 @@ private DataFlow::Node evaluateSummaryComponentStackLocal( pragma[only_bind_out](tail)) and stack = SCS::push(pragma[only_bind_out](head), pragma[only_bind_out](tail)) | - exists(DataFlowDispatch::ArgumentPosition apos, DataFlowDispatch::ParameterPosition ppos | + exists( + DataFlowDispatch::ArgumentPosition apos, DataFlowDispatch::ParameterPosition ppos, + DataFlowPrivate::ParameterNodeImpl p + | head = SummaryComponent::parameter(apos) and DataFlowDispatch::parameterMatch(ppos, apos) and - result.(DataFlowPrivate::ParameterNodeImpl).isSourceParameterOf(prev.asExpr().getExpr(), ppos) + p.isSourceParameterOf(prev.asExpr().getExpr(), ppos) and + // We need to include both `p` and the SSA definition for `p`, since in type-tracking + // the step from `p` to the SSA definition is considered a call step. + result = + [p.(DataFlow::Node), DataFlowPrivate::LocalFlow::getParameterDefNode(p.getParameter())] ) or head = SummaryComponent::return() and From 710b3091424c64adc455cfde8a60ad884e5e3a15 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Sun, 21 May 2023 22:18:48 +0200 Subject: [PATCH 514/870] apply suggestions from doc review --- java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.qhelp | 4 ++-- javascript/ql/src/Performance/PolynomialReDoS.qhelp | 5 +++-- python/ql/src/Security/CWE-730/PolynomialReDoS.qhelp | 4 ++-- ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.qhelp | 4 ++-- 4 files changed, 9 insertions(+), 8 deletions(-) diff --git a/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.qhelp b/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.qhelp index e0b8ea6108f..5a56343420a 100644 --- a/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.qhelp +++ b/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.qhelp @@ -105,7 +105,7 @@ Pattern.compile("^\\s+|\\s+$").matcher(text).replaceAll("") // BAD

    Sometimes it is unclear how a regular expression can be rewritten to avoid the problem. In such cases, it often suffices to limit the - length of the input string. For instance, the following complicated + length of the input string. For instance, the following regular expression is used to match numbers, and on some non-number inputs it can have quadratic time complexity:

    @@ -115,7 +115,7 @@ Pattern.matches("^(\\+|-)?(\\d+|(\\d*\\.\\d*))?(E|e)?([-+])?(\\d+)?$", str);     It is not immediately obvious how to rewrite this regular expression - to avoid the problem. However, it might be fine to limit the length + to avoid the problem. However, you can mitigate performance issues by limiting the length to 1000 characters, which will always finish in a reasonable amount of time.

    diff --git a/javascript/ql/src/Performance/PolynomialReDoS.qhelp b/javascript/ql/src/Performance/PolynomialReDoS.qhelp index b8c82c90ecb..2a96c60edd8 100644 --- a/javascript/ql/src/Performance/PolynomialReDoS.qhelp +++ b/javascript/ql/src/Performance/PolynomialReDoS.qhelp @@ -105,7 +105,7 @@ text.replace(/^\s+|\s+$/g, ''); // BAD

    Sometimes it is unclear how a regular expression can be rewritten to avoid the problem. In such cases, it often suffices to limit the - length of the input string. For instance, the following complicated + length of the input string. For instance, the following regular expression is used to match numbers, and on some non-number inputs it can have quadratic time complexity:

    @@ -115,7 +115,7 @@ text.replace(/^\s+|\s+$/g, ''); // BAD

    It is not immediately obvious how to rewrite this regular expression - to avoid the problem. However, it might be fine to limit the length + to avoid the problem. However, you can mitigate performance issues by limiting the length to 1000 characters, which will always finish in a reasonable amount of time.

    @@ -124,6 +124,7 @@ text.replace(/^\s+|\s+$/g, ''); // BAD if (str.length > 1000) { throw new Error("Input too long"); } + /^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.test(str) diff --git a/python/ql/src/Security/CWE-730/PolynomialReDoS.qhelp b/python/ql/src/Security/CWE-730/PolynomialReDoS.qhelp index 13ae7a1f3d3..9157fc442eb 100644 --- a/python/ql/src/Security/CWE-730/PolynomialReDoS.qhelp +++ b/python/ql/src/Security/CWE-730/PolynomialReDoS.qhelp @@ -105,7 +105,7 @@ re.sub(r"^\s+|\s+$", "", text) # BAD

    Sometimes it is unclear how a regular expression can be rewritten to avoid the problem. In such cases, it often suffices to limit the - length of the input string. For instance, the following complicated + length of the input string. For instance, the following regular expression is used to match numbers, and on some non-number inputs it can have quadratic time complexity:

    @@ -115,7 +115,7 @@ match = re.search(r'^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$', str) It is not immediately obvious how to rewrite this regular expression - to avoid the problem. However, it might be fine to limit the length + to avoid the problem. However, you can mitigate performance issues by limiting the length to 1000 characters, which will always finish in a reasonable amount of time.

    diff --git a/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.qhelp b/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.qhelp index 86f96445a2a..f66fd40b792 100644 --- a/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.qhelp +++ b/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.qhelp @@ -110,7 +110,7 @@ text.gsub!(/^\s+|\s+$/, '') # BAD

    Sometimes it is unclear how a regular expression can be rewritten to avoid the problem. In such cases, it often suffices to limit the - length of the input string. For instance, the following complicated + length of the input string. For instance, the following regular expression is used to match numbers, and on some non-number inputs it can have quadratic time complexity:

    @@ -120,7 +120,7 @@ is_matching = /^(\+|-)?(\d+|(\d*\.\d*))?(E|e)?([-+])?(\d+)?$/.match?(str) It is not immediately obvious how to rewrite this regular expression - to avoid the problem. However, it might be fine to limit the length + to avoid the problem. However, you can mitigate performance issues by limiting the length to 1000 characters, which will always finish in a reasonable amount of time.

    From de03bdc23558945632a2ed916af76015a0aff1bc Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Mon, 22 May 2023 09:57:48 +0200 Subject: [PATCH 515/870] Swift: fix hidden AST getters For consistency with the C/C++ QL library, getters of AST elements within the hidden AST should not themselves skip other hidden AST elements. --- misc/codegen/templates/ql_class.mustache | 3 +- misc/codegen/templates/ql_parent.mustache | 2 +- swift/ql/.generated.list | 260 +++++++++--------- .../swift/generated/AvailabilityInfo.qll | 7 +- .../lib/codeql/swift/generated/Callable.qll | 28 +- .../swift/generated/KeyPathComponent.qll | 19 +- .../lib/codeql/swift/generated/Locatable.qll | 7 +- .../lib/codeql/swift/generated/Location.qll | 7 +- .../codeql/swift/generated/ParentChild.qll | 2 +- .../swift/generated/UnspecifiedElement.qll | 7 +- .../generated/decl/AbstractStorageDecl.qll | 7 +- .../swift/generated/decl/CapturedDecl.qll | 7 +- .../lib/codeql/swift/generated/decl/Decl.qll | 14 +- .../swift/generated/decl/EnumCaseDecl.qll | 5 +- .../swift/generated/decl/EnumElementDecl.qll | 7 +- .../swift/generated/decl/ExtensionDecl.qll | 10 +- .../swift/generated/decl/GenericContext.qll | 5 +- .../swift/generated/decl/IfConfigDecl.qll | 5 +- .../swift/generated/decl/ImportDecl.qll | 12 +- .../generated/decl/InfixOperatorDecl.qll | 5 +- .../swift/generated/decl/ModuleDecl.qll | 10 +- .../swift/generated/decl/NominalTypeDecl.qll | 7 +- .../swift/generated/decl/OpaqueTypeDecl.qll | 10 +- .../codeql/swift/generated/decl/ParamDecl.qll | 10 +- .../generated/decl/PatternBindingDecl.qll | 14 +- .../generated/decl/PoundDiagnosticDecl.qll | 7 +- .../swift/generated/decl/SubscriptDecl.qll | 14 +- .../swift/generated/decl/TopLevelCodeDecl.qll | 7 +- .../swift/generated/decl/TypeAliasDecl.qll | 7 +- .../codeql/swift/generated/decl/TypeDecl.qll | 7 +- .../codeql/swift/generated/decl/ValueDecl.qll | 7 +- .../codeql/swift/generated/decl/VarDecl.qll | 46 +++- .../swift/generated/expr/AnyTryExpr.qll | 7 +- .../expr/AppliedPropertyWrapperExpr.qll | 14 +- .../codeql/swift/generated/expr/ApplyExpr.qll | 14 +- .../codeql/swift/generated/expr/Argument.qll | 7 +- .../codeql/swift/generated/expr/ArrayExpr.qll | 7 +- .../swift/generated/expr/AssignExpr.qll | 14 +- .../swift/generated/expr/BindOptionalExpr.qll | 7 +- .../swift/generated/expr/CaptureListExpr.qll | 12 +- .../swift/generated/expr/DeclRefExpr.qll | 12 +- .../generated/expr/DefaultArgumentExpr.qll | 14 +- .../swift/generated/expr/DictionaryExpr.qll | 7 +- .../expr/DotSyntaxBaseIgnoredExpr.qll | 14 +- .../swift/generated/expr/DynamicTypeExpr.qll | 7 +- .../swift/generated/expr/EnumIsCaseExpr.qll | 14 +- .../swift/generated/expr/ExplicitCastExpr.qll | 7 +- .../lib/codeql/swift/generated/expr/Expr.qll | 7 +- .../swift/generated/expr/ForceValueExpr.qll | 7 +- .../swift/generated/expr/IdentityExpr.qll | 7 +- .../codeql/swift/generated/expr/IfExpr.qll | 21 +- .../generated/expr/ImplicitConversionExpr.qll | 7 +- .../codeql/swift/generated/expr/InOutExpr.qll | 7 +- .../expr/InterpolatedStringLiteralExpr.qll | 22 +- .../generated/expr/KeyPathApplicationExpr.qll | 14 +- .../swift/generated/expr/KeyPathExpr.qll | 12 +- .../generated/expr/LazyInitializationExpr.qll | 7 +- .../swift/generated/expr/LookupExpr.qll | 14 +- .../expr/MakeTemporarilyEscapableExpr.qll | 19 +- .../swift/generated/expr/MethodLookupExpr.qll | 7 +- .../swift/generated/expr/ObjCSelectorExpr.qll | 14 +- .../generated/expr/ObjectLiteralExpr.qll | 7 +- .../swift/generated/expr/OneWayExpr.qll | 7 +- .../generated/expr/OpenExistentialExpr.qll | 21 +- .../generated/expr/OptionalEvaluationExpr.qll | 7 +- .../expr/OtherInitializerRefExpr.qll | 7 +- .../generated/expr/OverloadedDeclRefExpr.qll | 5 +- .../PropertyWrapperValuePlaceholderExpr.qll | 14 +- .../expr/RebindSelfInInitializerExpr.qll | 14 +- .../swift/generated/expr/SelfApplyExpr.qll | 7 +- .../swift/generated/expr/SequenceExpr.qll | 7 +- .../swift/generated/expr/SubscriptExpr.qll | 7 +- .../swift/generated/expr/SuperRefExpr.qll | 7 +- .../codeql/swift/generated/expr/TapExpr.qll | 21 +- .../swift/generated/expr/TupleElementExpr.qll | 7 +- .../codeql/swift/generated/expr/TupleExpr.qll | 7 +- .../codeql/swift/generated/expr/TypeExpr.qll | 7 +- .../generated/expr/UnresolvedDotExpr.qll | 7 +- .../generated/expr/UnresolvedPatternExpr.qll | 7 +- .../expr/UnresolvedSpecializeExpr.qll | 7 +- .../generated/expr/VarargExpansionExpr.qll | 7 +- .../generated/pattern/BindingPattern.qll | 7 +- .../generated/pattern/EnumElementPattern.qll | 14 +- .../swift/generated/pattern/ExprPattern.qll | 7 +- .../swift/generated/pattern/IsPattern.qll | 14 +- .../generated/pattern/OptionalSomePattern.qll | 7 +- .../swift/generated/pattern/ParenPattern.qll | 7 +- .../swift/generated/pattern/TuplePattern.qll | 7 +- .../swift/generated/pattern/TypedPattern.qll | 14 +- .../codeql/swift/generated/stmt/BraceStmt.qll | 7 +- .../codeql/swift/generated/stmt/BreakStmt.qll | 7 +- .../swift/generated/stmt/CaseLabelItem.qll | 14 +- .../codeql/swift/generated/stmt/CaseStmt.qll | 21 +- .../swift/generated/stmt/ConditionElement.qll | 28 +- .../swift/generated/stmt/ContinueStmt.qll | 7 +- .../codeql/swift/generated/stmt/DeferStmt.qll | 7 +- .../swift/generated/stmt/DoCatchStmt.qll | 14 +- .../codeql/swift/generated/stmt/DoStmt.qll | 7 +- .../swift/generated/stmt/FallthroughStmt.qll | 12 +- .../swift/generated/stmt/ForEachStmt.qll | 28 +- .../codeql/swift/generated/stmt/GuardStmt.qll | 7 +- .../codeql/swift/generated/stmt/IfStmt.qll | 14 +- .../generated/stmt/LabeledConditionalStmt.qll | 7 +- .../swift/generated/stmt/PoundAssertStmt.qll | 7 +- .../swift/generated/stmt/RepeatWhileStmt.qll | 14 +- .../swift/generated/stmt/ReturnStmt.qll | 7 +- .../swift/generated/stmt/StmtCondition.qll | 5 +- .../swift/generated/stmt/SwitchStmt.qll | 14 +- .../codeql/swift/generated/stmt/ThrowStmt.qll | 7 +- .../codeql/swift/generated/stmt/WhileStmt.qll | 7 +- .../codeql/swift/generated/stmt/YieldStmt.qll | 7 +- .../swift/generated/type/AnyFunctionType.qll | 14 +- .../swift/generated/type/AnyGenericType.qll | 14 +- .../swift/generated/type/ArchetypeType.qll | 19 +- .../swift/generated/type/BoundGenericType.qll | 7 +- .../generated/type/DependentMemberType.qll | 12 +- .../swift/generated/type/DictionaryType.qll | 14 +- .../swift/generated/type/DynamicSelfType.qll | 7 +- .../swift/generated/type/ExistentialType.qll | 7 +- .../generated/type/GenericFunctionType.qll | 5 +- .../codeql/swift/generated/type/InOutType.qll | 7 +- .../swift/generated/type/LValueType.qll | 7 +- .../swift/generated/type/ModuleType.qll | 7 +- .../type/OpaqueTypeArchetypeType.qll | 7 +- .../type/ParameterizedProtocolType.qll | 14 +- .../codeql/swift/generated/type/ParenType.qll | 7 +- .../type/ProtocolCompositionType.qll | 7 +- .../generated/type/ReferenceStorageType.qll | 7 +- .../codeql/swift/generated/type/TupleType.qll | 7 +- .../lib/codeql/swift/generated/type/Type.qll | 7 +- .../swift/generated/type/TypeAliasType.qll | 7 +- .../codeql/swift/generated/type/TypeRepr.qll | 7 +- .../generated/type/UnarySyntaxSugarType.qll | 7 +- .../decl/CapturedDecl/PrintAst.expected | 4 +- .../test/library-tests/ast/PrintAst.expected | 36 +-- .../hidden-ast/Conversions.expected | 3 + .../library-tests/hidden-ast/Conversions.ql | 5 + .../hidden-ast/PrintAst.expected | 11 + .../library-tests/hidden-ast/PrintAst.qlref | 1 + .../hidden-ast/chained_conversion.swift | 3 + 140 files changed, 1301 insertions(+), 351 deletions(-) create mode 100644 swift/ql/test/library-tests/hidden-ast/Conversions.expected create mode 100644 swift/ql/test/library-tests/hidden-ast/Conversions.ql create mode 100644 swift/ql/test/library-tests/hidden-ast/PrintAst.expected create mode 100644 swift/ql/test/library-tests/hidden-ast/PrintAst.qlref create mode 100644 swift/ql/test/library-tests/hidden-ast/chained_conversion.swift diff --git a/misc/codegen/templates/ql_class.mustache b/misc/codegen/templates/ql_class.mustache index d0045d0598d..9f72caef392 100644 --- a/misc/codegen/templates/ql_class.mustache +++ b/misc/codegen/templates/ql_class.mustache @@ -84,7 +84,8 @@ module Generated { {{/has_description}} */ final {{type}} {{getter}}({{#is_indexed}}int index{{/is_indexed}}) { - result = this.get{{#is_unordered}}An{{/is_unordered}}Immediate{{singular}}({{#is_indexed}}index{{/is_indexed}}).resolve() + exists({{type}} immediate | immediate = this.get{{#is_unordered}}An{{/is_unordered}}Immediate{{singular}}({{#is_indexed}}index{{/is_indexed}}) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve()) } {{/type_is_class}} diff --git a/misc/codegen/templates/ql_parent.mustache b/misc/codegen/templates/ql_parent.mustache index 6777d366ddf..2c8d7dfc258 100644 --- a/misc/codegen/templates/ql_parent.mustache +++ b/misc/codegen/templates/ql_parent.mustache @@ -80,7 +80,7 @@ result = unique(Element x | e = Impl::getImmediateChild(x, _, _) | x) * Gets the immediate child indexed at `index`. Indexes are not guaranteed to be contiguous, but are guaranteed to be distinct. `accessor` is bound the member predicate call resulting in the given child. */ Element getImmediateChildAndAccessor(Element e, int index, string accessor) { -exists(string partialAccessor | result = Impl::getImmediateChild(e, index, partialAccessor) and accessor = "getImmediate" + partialAccessor) +exists(string partialAccessor | result = Impl::getImmediateChild(e, index, partialAccessor) and accessor = "get" + partialAccessor) } /** diff --git a/swift/ql/.generated.list b/swift/ql/.generated.list index 2a56c1ba2ae..a28e6ba533b 100644 --- a/swift/ql/.generated.list +++ b/swift/ql/.generated.list @@ -367,9 +367,9 @@ lib/codeql/swift/elements/type/WeakStorageType.qll 7c07739cfc1459f068f24fef74838 lib/codeql/swift/elements/type/WeakStorageTypeConstructor.qll d88b031ef44d6de14b3ddcff2eb47b53dbd11550c37250ff2edb42e5d21ec3e9 26d855c33492cf7a118e439f7baeed0e5425cfaf058b1dcc007eca7ed765c897 lib/codeql/swift/elements.qll 3df0060edd2b2030f4e4d7d5518afe0073d798474d9b1d6185d833bec63ca8bd 3df0060edd2b2030f4e4d7d5518afe0073d798474d9b1d6185d833bec63ca8bd lib/codeql/swift/generated/AstNode.qll 02ca56d82801f942ae6265c6079d92ccafdf6b532f6bcebd98a04029ddf696e4 6216fda240e45bd4302fa0cf0f08f5f945418b144659264cdda84622b0420aa2 -lib/codeql/swift/generated/AvailabilityInfo.qll a5c04628de722f92d1e4bb94c7d04281e070fc82a196f85775a149b27df0fb71 c5c992218ba4e44ee37397738ab53f206140fac75284e0544dd0d5dd5dcdf453 +lib/codeql/swift/generated/AvailabilityInfo.qll c648a66cf45414c85cf9cc69aa05b765a49d0c18cd9c101c34f99a9adc38a1ee 54ba7b07b4177d35e85d19363aa7adcda29cda185a5818e5fcb7c678c093e0ba lib/codeql/swift/generated/AvailabilitySpec.qll fb1255f91bb5e41ad4e9c675a2efbc50d0fb366ea2de68ab7eebd177b0795309 144e0c2e7d6c62ecee43325f7f26dcf437881edf0b75cc1bc898c6c4b61fdeaf -lib/codeql/swift/generated/Callable.qll 32d631f6c882cf8dc7f95b1e748c2b8ed80ad0ba04ea940c801aec14411dc754 b30e46ca1b5a9fd7b421d9c9dd567aa1788f3ac25af5ccc2d28b201881cf82e1 +lib/codeql/swift/generated/Callable.qll 9dcf09a2f227dd6f569f007a07fb368d6b928ffd002535bb97118361430d948c 5c203f5f6b4f8b6748e61e09bb46c55442a2fb36f2d1fa950e6f81bdda562709 lib/codeql/swift/generated/Comment.qll f58b49f6e68c21f87c51e2ff84c8a64b09286d733e86f70d67d3a98fe6260bd6 975bbb599a2a7adc35179f6ae06d9cbc56ea8a03b972ef2ee87604834bc6deb1 lib/codeql/swift/generated/DbFile.qll a49b2a2cb2788cb49c861ebcd458b8daead7b15adb19c3a9f4db3bf39a0051fc a49b2a2cb2788cb49c861ebcd458b8daead7b15adb19c3a9f4db3bf39a0051fc lib/codeql/swift/generated/DbLocation.qll b9baea963d9fa82068986512c0649d1050897654eee3df51dba17cf6b1170873 b9baea963d9fa82068986512c0649d1050897654eee3df51dba17cf6b1170873 @@ -377,11 +377,11 @@ lib/codeql/swift/generated/Diagnostics.qll d2ee2db55e932dcaee95fcc1164a51ffbe1a7 lib/codeql/swift/generated/Element.qll 81a01c1965cf8154596c753b20536ef8630b30567d8c077660ab2d11143f060b 74f5c76db5ec82a9c1675ec0282acd44f1a86ef447d1961c47aea3eed50f79cb lib/codeql/swift/generated/ErrorElement.qll 4b032abe8ffb71376a29c63e470a52943ace2527bf7b433c97a8bf716f9ad102 4f2b1be162a5c275e3264dbc51bf98bce8846d251be8490a0d4b16cbc85f630f lib/codeql/swift/generated/File.qll f88c485883dd9b2b4a366080e098372912e03fb3177e5cae58aa4449c2b03399 0333c49e3a11c48e6146a7f492ee31ac022d80150fc3f8bfafc3c8f94d66ff76 -lib/codeql/swift/generated/KeyPathComponent.qll ca26ccb81276f6191a94af38757b218a808bda74375e6971287269474b615882 3cad039517c28afb9e250ec91c8962e3bbcacf63ad081c6152a061409a52b626 -lib/codeql/swift/generated/Locatable.qll 6cb2f23f21283ae667321d88a955a4d18304bdbbd3f2f9e86aa3ed7a080d7114 731cd57bcb3308c66bbaf37d78c553712dd4b9ccc333a47661336f4a7b0fc845 -lib/codeql/swift/generated/Location.qll e0ea9fd485de1788e2a0d658654735dd8561e815ebfc18eda6eff10af0d59bac 8410bcb1867c531db336d3d1e2e3a2926545170070e56997d8f77ac2face69a0 +lib/codeql/swift/generated/KeyPathComponent.qll 00b1e586b8532f0193b3f61111e70d4e595f3d45c7a25ff68114be1051882491 c556e85b21fc5a5aae12fb5599a96442431ef44ae92350eb7da9efe6a22efd53 +lib/codeql/swift/generated/Locatable.qll bfdf2dafae2829cac8d1e863a93676228d131b5a7f3df87c40d2f3b1839962b8 af243098af0955a40862387edf7526826fde62a64e5e6ca28de9e9603a8622bf +lib/codeql/swift/generated/Location.qll 921922352d39449067d9f2788309b5f3490091097ffe35e6aa98f9368626ce2c 0795c63565c4308e745400bc70ea73675160201590a95bb418de4e2ebca32764 lib/codeql/swift/generated/OtherAvailabilitySpec.qll 0e26a203b26ff0581b7396b0c6d1606feec5cc32477f676585cdec4911af91c5 0e26a203b26ff0581b7396b0c6d1606feec5cc32477f676585cdec4911af91c5 -lib/codeql/swift/generated/ParentChild.qll 7db14da89a0dc22ab41e654750f59d03085de8726ac358c458fccb0e0b75e193 e16991b33eb0ddea18c0699d7ea31710460ff8ada1f51d8e94f1100f6e18d1c8 +lib/codeql/swift/generated/ParentChild.qll f490202e849b9cbd550ee9d758644b85d43e60d81413e6c28df2850fb1e9a2d6 6b95aeab6b53a880b230ad0c96b6deb519a7368898c844632ae96090de59df99 lib/codeql/swift/generated/PlatformVersionAvailabilitySpec.qll f82d9ca416fe8bd59b5531b65b1c74c9f317b3297a6101544a11339a1cffce38 7f5c6d3309e66c134107afe55bae76dfc9a72cb7cdd6d4c3706b6b34cee09fa0 lib/codeql/swift/generated/PureSynthConstructors.qll 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 lib/codeql/swift/generated/Raw.qll 8d4880e5ee1fdd120adeb7bf0dfa1399e7b1a53b2cc7598aed8e15cbf996d1c0 da0d446347d29f5cd05281c17c24e87610f31c32adb7e05ab8f3a26bed55bd90 @@ -389,69 +389,69 @@ lib/codeql/swift/generated/Synth.qll 551fdf7e4b53f9ee1314d1bb42c2638cf82f45bfa1f lib/codeql/swift/generated/SynthConstructors.qll 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 lib/codeql/swift/generated/UnknownFile.qll 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 lib/codeql/swift/generated/UnknownLocation.qll e50efefa02a0ec1ff635a00951b5924602fc8cab57e5756e4a039382c69d3882 e50efefa02a0ec1ff635a00951b5924602fc8cab57e5756e4a039382c69d3882 -lib/codeql/swift/generated/UnspecifiedElement.qll 13625c651b880dbbd75555d55bd8464222c947c7bb9abfa2d28d5de8cce95081 15c57a3acf95a098e0c7b27ab120b2d86704e7917af888f478ecb013d86bd5a6 -lib/codeql/swift/generated/decl/AbstractStorageDecl.qll f14798085cca6c681495b442c96fce9e540e8106b63a746016d5e9f0455fd08b 588c7463e808348efdc01f00cdc9121c1cd4e06206fe412abfa478a53283c51e +lib/codeql/swift/generated/UnspecifiedElement.qll e121c84a2990fe314ab0756832776fe98fbc41f295d532b6e154aca1c5513b13 ee70eedad752175dbeee83c07fdb2ae7f4fa080fec7ba2be408469dfa11a0b4a +lib/codeql/swift/generated/decl/AbstractStorageDecl.qll 8ed642e35b066cc65b3d8ad16cf6c726cf0b3802330b0c3d3ba87b34451005d1 3474ad1468f09bf63f3582468ed97e9ed3b3ee61db90a4d31966cc97d9ca1b18 lib/codeql/swift/generated/decl/AbstractTypeParamDecl.qll 1e268b00d0f2dbbd85aa70ac206c5e4a4612f06ba0091e5253483635f486ccf9 5479e13e99f68f1f347283535f8098964f7fd4a34326ff36ad5711b2de1ab0d0 lib/codeql/swift/generated/decl/Accessor.qll c93cdf7dbb87e6c9b09b5fcf469b952041f753914a892addeb24bb46eaa51d29 1e8104da2da146d3e4d8f5f96b87872e63162e53b46f9c7038c75db51a676599 lib/codeql/swift/generated/decl/AccessorOrNamedFunction.qll b78aaef06cdaa172dce3e1dcd6394566b10ce445906e3cf67f6bef951b1662a4 a30d9c2ff79a313c7d0209d72080fdc0fabf10379f8caed5ff2d72dc518f8ad3 lib/codeql/swift/generated/decl/AssociatedTypeDecl.qll 4169d083104f9c089223ed3c5968f757b8cd6c726887bbb6fbaf21f5ed7ee144 4169d083104f9c089223ed3c5968f757b8cd6c726887bbb6fbaf21f5ed7ee144 -lib/codeql/swift/generated/decl/CapturedDecl.qll cbc416f48471f978d21f5f9ec02eb912692f9678ed154cb0b6d30df9de48e628 d9534cdf290ad48e285d27a520c0b1692afed14bbdd907430bcd46e7de2fbb31 +lib/codeql/swift/generated/decl/CapturedDecl.qll f8b69887acb35cc8de572984fef83eb08649845b49179b68d3afef36b526bddb 94ab461ef9ab5983dece5e2b1865b6056e381e5c06f2a3ec4dfde634a9368e59 lib/codeql/swift/generated/decl/ClassDecl.qll a60e8af2fdbcd20cfa2049660c8bcbbc00508fbd3dde72b4778317dfc23c5ae4 a60e8af2fdbcd20cfa2049660c8bcbbc00508fbd3dde72b4778317dfc23c5ae4 lib/codeql/swift/generated/decl/ConcreteVarDecl.qll 4801ccc477480c4bc4fc117976fbab152e081064e064c97fbb0f37199cb1d0a8 4d7cfbf5b39b307dd673781adc220fdef04213f2e3d080004fa658ba6d3acb8d -lib/codeql/swift/generated/decl/Decl.qll 2cc8ad7e3a3b658d7b1b06d20bdaf7604de387045c33b0d64191b5ef998708c2 7ed3194e89f7ae37cf9c691e4666449e4f406f6c3ee6d35bbbda4e66cdd3ca5a +lib/codeql/swift/generated/decl/Decl.qll 1d620c8e43df3cb46e5446dc9f6592205040c4d2b03c2ce1e491d7628f8904d0 b02514d7548a5a1dca39a148974a1b4dfeb681ebf81ad80f78d53ea48bab6133 lib/codeql/swift/generated/decl/Deinitializer.qll 816ecd92552915d06952517606a6e4c67bc53d7e7d9f5c09b7276e70612627fe 816ecd92552915d06952517606a6e4c67bc53d7e7d9f5c09b7276e70612627fe -lib/codeql/swift/generated/decl/EnumCaseDecl.qll 7942eb77f91680c3553becb313f21723e0b437eadebc117f0690e5364705bef1 40eec2e74c514cecdfcdf6d7d5c8a033c717f69a38cfca834934fe3859c4e1ef +lib/codeql/swift/generated/decl/EnumCaseDecl.qll 564718862a9fd5b99427591a83921bf57aac2074041b5b335577599e8eefda16 90899d7d7a9c695576ae4b24d19deb05e45e0e85c954ab41de154d5cc521019e lib/codeql/swift/generated/decl/EnumDecl.qll fa4490d511ee537751a4fab2478e65250ff3deba43c74db5341184c9ba25b534 fa4490d511ee537751a4fab2478e65250ff3deba43c74db5341184c9ba25b534 -lib/codeql/swift/generated/decl/EnumElementDecl.qll 7dbcd0dd5a5b96195250ae1ac4afd0901f418fba7de2e5d41a4335d387e33a69 bdc371b60a61369fa286005f67aa846876956048b99e4c9763fc3ea3bbdcbb5e -lib/codeql/swift/generated/decl/ExtensionDecl.qll 503bdac9ca6fefcaae3c798dc364bd225c50d507a1639f1bd2f055f8dae57ac3 1e6142d2d3d894da5dac18d14310967353d76acc7c629c59f8f62ec27baf8566 +lib/codeql/swift/generated/decl/EnumElementDecl.qll 41cad9be29b7afd56ba312ce00650ed89bffec2e2aaeed7bf26cd3dc0edb502e 33ac9ee5b205d32e5cf6a31f3f4bfd0f60b49fb0265200fd9e4dbbd5426fff02 +lib/codeql/swift/generated/decl/ExtensionDecl.qll 5472aa7cea119b68571065143fb4b2e335df003184efe8b8f28a98fd3ca3691e f65c8b078d1c34047cc66f5eb75dae8243e7aa42a7f3f2c21ea1ccf76eb9e7b9 lib/codeql/swift/generated/decl/Function.qll 92d1fbceb9e96afd00a1dfbfd15cec0063b3cba32be1c593702887acc00a388a 0cbae132d593b0313a2d75a4e428c7f1f07a88c1f0491a4b6fa237bb0da71df3 -lib/codeql/swift/generated/decl/GenericContext.qll 133bffffd61ee2c5b053e260a01cb09edf5ec2b7eaf782a063b53ffb7f004cfa 8256046cb997168332a2f55b3637c76b0bd6070ccb3a1bd097a8bf70ccbb7a78 +lib/codeql/swift/generated/decl/GenericContext.qll 5bbed6687f985dc8e812e48ae6ac17ec98d6cfccc6a72bee82afde58ccad07f7 ef7a2fa2646dd619af8f49ed1a12ce880a345dfc36b44e67868d733fc3b309e6 lib/codeql/swift/generated/decl/GenericTypeDecl.qll 71f5c9c6078567dda0a3ac17e2d2d590454776b2459267e31fed975724f84aec 669c5dbd8fad8daf007598e719ac0b2dbcb4f9fad698bffb6f1d0bcd2cee9102 lib/codeql/swift/generated/decl/GenericTypeParamDecl.qll bc41a9d854e65b1e0da86350870a8fe050eb1dc031cd17ded11c15b5ad8ad183 bc41a9d854e65b1e0da86350870a8fe050eb1dc031cd17ded11c15b5ad8ad183 -lib/codeql/swift/generated/decl/IfConfigDecl.qll 95ddabb5b3425197515f1f48740907aa06c82ece2acc84334969c6c4bf1c8819 036da5ac8c28b31f5a25e1beceea90548be3e02d03951dbfd94d8f8beca9ca43 -lib/codeql/swift/generated/decl/ImportDecl.qll 315e046861ed65dcc4fe821877488ff8bb2edfc1929f2b2865bbf61f611bd9cd e74e2bb4a051a8bc9a9fbe1787ce8df6c27347717201245381d5515c2793f77a -lib/codeql/swift/generated/decl/InfixOperatorDecl.qll d72240e27e1dc051be779015180ecaeaaf7a1067e21c2d277688881a24ce36aa ecce84b34c303a66135e815c4d656557952a85653701fca36213416560ef6bab +lib/codeql/swift/generated/decl/IfConfigDecl.qll 07ae599c23c75d4a1fc7f188dce70cf1ded749368274f071b5b9639b5e54f69a ef8dc3f91edf40b9f8e84672060cea0de1a9c6545fd7aadb80225d3ca8f883e9 +lib/codeql/swift/generated/decl/ImportDecl.qll 1adafa6660d0b3968d1ee8cbcb4632d3b3baaa8a72874d3c9c0f6185eac4bc3e 8e68a538da2bac088001427cbdf6234cfe33071f82193aa52dc99cb9be893f2d +lib/codeql/swift/generated/decl/InfixOperatorDecl.qll 3d94018c33422b6fbe18348d0d47c0747358777501155d49abd3c8f5012c8a5d 855b73306f510828ad30555d6bba98cd9eab918de9e78696921ccac584828fd6 lib/codeql/swift/generated/decl/Initializer.qll a72005f0abebd31b7b91f496ddae8dff49a027ba01b5a827e9b8870ecf34de17 a72005f0abebd31b7b91f496ddae8dff49a027ba01b5a827e9b8870ecf34de17 lib/codeql/swift/generated/decl/MissingMemberDecl.qll eaf8989eda461ec886a2e25c1e5e80fc4a409f079c8d28671e6e2127e3167479 d74b31b5dfa54ca5411cd5d41c58f1f76cfccc1e12b4f1fdeed398b4faae5355 -lib/codeql/swift/generated/decl/ModuleDecl.qll de504a719d1085e65889eb17707c1380f446d21d4fc05a0a3bb669c689319dc6 2d69d1a7c30a81989dd6a942366777be28b1436f0d48da4be7fe264fadc4c2aa +lib/codeql/swift/generated/decl/ModuleDecl.qll dd7bef7f19a5d2f57f0168eda80796ed8a74c7a136b3dc0cb289c3f750ef9a25 652d44d1ac5e31e4ccf4c5d29f2c5b985c68c4254458c3bfce09c2a821631f8f lib/codeql/swift/generated/decl/NamedFunction.qll e8c23d8344768fb7ffe31a6146952fb45f66e25c2dd32c91a6161aaa612e602f e8c23d8344768fb7ffe31a6146952fb45f66e25c2dd32c91a6161aaa612e602f -lib/codeql/swift/generated/decl/NominalTypeDecl.qll 39fb0ed0c68089fed89a003f631587b46212c8098c72881ccee0c558f60c52cb 376bf0bd0950e209ce9e66719fd513af08ae95a83a759844246bd052de4c29a8 -lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll eaef6c7da5c287ba9e281a11ef9e9a9ef3a89f44a0c4e332d53cdaff806c976a ad2d3470725c11e42b169b4ed40d5371d700e4077c517eb00f0b5c36e7a61d3b +lib/codeql/swift/generated/decl/NominalTypeDecl.qll 64914282b062364d81b013922069404d49b8c8830cc23944281d023779a9925c 72d45c5b6073cb32e6df6b62c2c919be50314d9380b955035cfadf500b3dbccf +lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll 4dc0fc09fe314cdc6788adb4a93e87a7c8121e3fecaada19a436321d248d377a 4e20e1820ddf7b23268707a2b98bbafc400219533f357189a267f8e35b89226e lib/codeql/swift/generated/decl/OperatorDecl.qll 3ffdc7ab780ee94a975f0ce3ae4252b52762ca8dbea6f0eb95f951e404c36a5b 25e39ccd868fa2d1fbce0eb7cbf8e9c2aca67d6fd42f76e247fb0fa74a51b230 -lib/codeql/swift/generated/decl/ParamDecl.qll 27aa11a413317288699ecec317f8c34ba3adb5d8015b562be7a8b2880dc4f12f 8b5cad8c1c835074c3e6ba8ec645f81684983785d299ce5f4afbe5fe0486e7f5 -lib/codeql/swift/generated/decl/PatternBindingDecl.qll 84538ba051adbc66534fd7e0e144db7c640054a7387f9a79270150cd8a756f4f c961c115d8f846bc26134774ec655d95f29917822d441d8a8ee9cfec1b12aa9b +lib/codeql/swift/generated/decl/ParamDecl.qll f5d2c9e40aa8a1a77793a6d66fc6b55ded11295ee996b883117ffd6ee2523441 e0137535d7eac959ed10b06ad769b8225c0fadeea03030c7b30191884234e9b9 +lib/codeql/swift/generated/decl/PatternBindingDecl.qll e598dc0ed9373b4ca9646cc7c408f65db6b40d4281c8cfcecd09524df81bfac8 2ff3fe7fd32004649a0d41a0bf6857ac48d3a7b2dd87f5c1ffd9d5eea0673551 lib/codeql/swift/generated/decl/PostfixOperatorDecl.qll 5aa85fa325020b39769fdb18ef97ef63bd28e0d46f26c1383138221a63065083 5aa85fa325020b39769fdb18ef97ef63bd28e0d46f26c1383138221a63065083 -lib/codeql/swift/generated/decl/PoundDiagnosticDecl.qll 6400ec7640a8157ecce9dc0b170aaa081492ab07d94a1f237dde89b255113932 8c87118ee3d4c26d3499ec10b2589a8a9d1b0827564a0722bd4c605e99412d3a +lib/codeql/swift/generated/decl/PoundDiagnosticDecl.qll dc867f12579cec4f9fe95b59dfc31ef0df60cccccaf41abc171a86b7fafaf3f2 4474a913c4bf4e8d60f100bf5a0d57cc042c1362b09dd3c9493cc23a75c32e84 lib/codeql/swift/generated/decl/PrecedenceGroupDecl.qll d0918f238484052a0af902624b671c04eb8d018ee71ef4931c2fdbb74fa5c5d4 d0918f238484052a0af902624b671c04eb8d018ee71ef4931c2fdbb74fa5c5d4 lib/codeql/swift/generated/decl/PrefixOperatorDecl.qll 18f2a1f83ea880775344fbc57ed332e17edba97a56594da64580baeb45e95a5d 18f2a1f83ea880775344fbc57ed332e17edba97a56594da64580baeb45e95a5d lib/codeql/swift/generated/decl/ProtocolDecl.qll 4b03e3c2a7af66e66e8abc40bd2ea35e71959f471669e551f4c42af7f0fd4566 4b03e3c2a7af66e66e8abc40bd2ea35e71959f471669e551f4c42af7f0fd4566 lib/codeql/swift/generated/decl/StructDecl.qll 9343b001dfeec83a6b41e88dc1ec75744d39c397e8e48441aa4d01493f10026a 9343b001dfeec83a6b41e88dc1ec75744d39c397e8e48441aa4d01493f10026a -lib/codeql/swift/generated/decl/SubscriptDecl.qll ac3365ab51037691ac9bf3d69e39e1e585afa0e95c0000f1a0bc4f2cfa749439 d55bb27c4cb62dd0cbb8f045fb39c3f6108733384050c246b340daa5f486e6f6 -lib/codeql/swift/generated/decl/TopLevelCodeDecl.qll e92f14044c0017737b16e6e9e6c9495052db98013526f6a15046bce02fe7f8b0 ddd13baa81e359973307b473ef99be23e587c2565d9d0893b968d9c5df1c5f55 -lib/codeql/swift/generated/decl/TypeAliasDecl.qll a0f5da4179a888940768633a5c73e27e375fb84242cb17079b334809cee2d02c c110aa4c2c68573c2bf590655c697d48b0e1670a06e92fc734afb63e7886356a -lib/codeql/swift/generated/decl/TypeDecl.qll 4caf24ac14543feb8ab37674a768c080395029e786f7bf918d74c80cca634ccc cc370f5f456a81d177deec60b5055d117585fc74eb469f3c613fa6e475491df3 -lib/codeql/swift/generated/decl/ValueDecl.qll a63d293de8a44010c4ca90b641b66d1db743ba30e09714013f632aba5b4c6d5b 5913e5ee1e9a177585a4dcce1d0652d938b4a8df1c91ec153b75f69f69e98c19 -lib/codeql/swift/generated/decl/VarDecl.qll 528676e29b39b7013b3cf8a7d92d108959ba69c926f945034171eb81717e2181 edd746103df2559014119467361f5ead3395f13f51ce308482d14f008597ae8e +lib/codeql/swift/generated/decl/SubscriptDecl.qll d08d46ddff0816541b28e231ba83c41cb51b40d7ccf2e0e7465e62e17078c000 0a1f1741bea4d2a7ebde7cbaf1cd0f7730a9845a8fd45d3457dc1b2b63eab900 +lib/codeql/swift/generated/decl/TopLevelCodeDecl.qll e90cc73d62ad6037f1ec200bf8356292fa48b6890762b68e3fba6a129c888fcd d9152cbdfbc8cfb66695ed10a5729abca1b58275616d16d19aae27fb745bf3aa +lib/codeql/swift/generated/decl/TypeAliasDecl.qll 2058a0699ddffabd7d1d554615bd7e9ce26810ef1c6c68601df46e071eb9a10c 94ba93ef3cc1028a3018831e336316e566b6028eee1d81bf4d754dbdbd401ea8 +lib/codeql/swift/generated/decl/TypeDecl.qll cc40d3a105654461a60f982b6bdb21c7e689e695d314eead245bfeeda92a4572 03d89aa4c77dacdc57cd867b4869b26cdb55a06e2ba6faf3dbb9fce8f881786b +lib/codeql/swift/generated/decl/ValueDecl.qll 7b297ed98f5e985b93c9de6be000d67f71796892599ae8274048d8ad6b6183b9 462c983d4163011b2232b684c9a6c3f01114096c4bb7f862d950380f527e3926 +lib/codeql/swift/generated/decl/VarDecl.qll c648a5432d63a547cd381646f9586b4fc72edb2cff8462533449761b1ec57a56 7f2c157975bc1de7a8b6ff980bed790d864a08f1d6c0de39c106d84d2b49b883 lib/codeql/swift/generated/expr/AbiSafeConversionExpr.qll f4c913df3f1c139a0533f9a3a2f2e07aee96ab723c957fc7153d68564e4fdd6d f4c913df3f1c139a0533f9a3a2f2e07aee96ab723c957fc7153d68564e4fdd6d lib/codeql/swift/generated/expr/AnyHashableErasureExpr.qll f450ac8e316def1cd64dcb61411bae191144079df7f313a5973e59dc89fe367f f450ac8e316def1cd64dcb61411bae191144079df7f313a5973e59dc89fe367f -lib/codeql/swift/generated/expr/AnyTryExpr.qll e3541dbea5fe3be849ee5a3c6adec2d48654f80f866d2f893af437e5f5edcae1 4d7f62e3e154cef2c9b11ab3ef2e23708ae9f03b29c94cef8941516e41597fbd -lib/codeql/swift/generated/expr/AppliedPropertyWrapperExpr.qll 818b557130a3bda227fb34dbcef2895fe1b95390fb37bc583d8a8f63cac9dcc7 c023082f24b2ee61420434eb90d94f25a57c1b6cc7306b0e461232303f794f3b -lib/codeql/swift/generated/expr/ApplyExpr.qll bf4aacc7c967bafd633c52b0107b00c0253e8eff4b63123565d27bb6bc15e9a5 06d25eec923a812f156cc52f9e37d95fb8bf301c2b3cc7dcec59220747923651 +lib/codeql/swift/generated/expr/AnyTryExpr.qll e4759465411c215262909d10d729642779340698165aff0a66986c7dfc822832 83ec7fb0f11e2ffe15f3a0c97318121443936733f1adef17e5baa020bca2de29 +lib/codeql/swift/generated/expr/AppliedPropertyWrapperExpr.qll de01c3b68c2a37e9f5dee0729838923cc615d436092e78b608b6f6c23e1b4965 612f72046aa2e49b9d494cad590bfae133bd5c00908ed4c8df82730294d21fb8 +lib/codeql/swift/generated/expr/ApplyExpr.qll 798b999f3da5d6b917ff57a0dc1fde149b906ffd72c6df5bc511f6e2d20a7e8b 8bce7f52c4bce1aad5c0b8a195dd1ab6f1d82289e5eb56fca4b7543be7943d15 lib/codeql/swift/generated/expr/ArchetypeToSuperExpr.qll e0b665b7389e5d0cb736426b9fd56abfec3b52f57178a12d55073f0776d8e5b7 e0b665b7389e5d0cb736426b9fd56abfec3b52f57178a12d55073f0776d8e5b7 -lib/codeql/swift/generated/expr/Argument.qll a61e1539419937f089c2dd427bb12c272d19bf17722f8bc65bcd33e032a07b7b 4ad5cb90c303cb64c3155c9933ad687db526da8312cb12fc8636f1d254ed5b76 -lib/codeql/swift/generated/expr/ArrayExpr.qll 151bbe8c9d40d38e2f33a2e08ce3f8929e9e9772a64ddf2d4d009491bcebb713 535e9338be482a589324b9adbdfdf56d532b097dfeae47a0b3e6ec5478ecb34f +lib/codeql/swift/generated/expr/Argument.qll 97991761563d806ff0199e69f4c9eda93e324bb40bd41ddec98388c2146cbd6b c231f4e0320700fe64ce43123027516088b877fddde3be18565e01890f6b10ce +lib/codeql/swift/generated/expr/ArrayExpr.qll 9894f7838b23c84c4c0ba442b790ada0231c2dc3508fd30735577397a87d9683 90ed566a71551f3549106bd60b972aca0ba52e8a2b787b58a3161634e26e773e lib/codeql/swift/generated/expr/ArrayToPointerExpr.qll afa9d62eb0f2044d8b2f5768c728558fe7d8f7be26de48261086752f57c70539 afa9d62eb0f2044d8b2f5768c728558fe7d8f7be26de48261086752f57c70539 -lib/codeql/swift/generated/expr/AssignExpr.qll e99bf7bc29303f91148661bf16126e84ca7edc2063604d2a4b4835957c81c95f 25253e9ae7b0292f569078b0558b787e755905d1d8e5ca564a2c2f0cfeb7525c +lib/codeql/swift/generated/expr/AssignExpr.qll 97d41626dfe4e474c5e80aaee433641847a91f5c483f6da6cfc016b454545802 4ca02b4a878f0783f7d7788c85ffbb89c8ed6027c7e6d391ea9892256215358a lib/codeql/swift/generated/expr/AutoClosureExpr.qll 5263d04d6d85ab7a61982cde5da1a3a6b92c0fa1fb1ddf5c651b90ad2fad59b9 5263d04d6d85ab7a61982cde5da1a3a6b92c0fa1fb1ddf5c651b90ad2fad59b9 lib/codeql/swift/generated/expr/AwaitExpr.qll e17b87b23bd71308ba957b6fe320047b76c261e65d8f9377430e392f831ce2f1 e17b87b23bd71308ba957b6fe320047b76c261e65d8f9377430e392f831ce2f1 lib/codeql/swift/generated/expr/BinaryExpr.qll 5ace1961cd6d6cf67960e1db97db177240acb6c6c4eba0a99e4a4e0cc2dae2e3 5ace1961cd6d6cf67960e1db97db177240acb6c6c4eba0a99e4a4e0cc2dae2e3 -lib/codeql/swift/generated/expr/BindOptionalExpr.qll 9e63807d7b3210c158745eb580b675135b5db0568f0bca6bb46ad4849937e3b2 92a81743845539572f5fea8e21914ffb38c7e55992a89d8c646d079655c2c5d6 +lib/codeql/swift/generated/expr/BindOptionalExpr.qll af5242a02f919905e673c0700497f2e0ecdf8f1043543f698239718bfd9cd6bb a792c3e9d9a17a716577a1580a62870f6927a2c37ebe88855fb10db59e037869 lib/codeql/swift/generated/expr/BooleanLiteralExpr.qll 8e13cdeb8bc2da9ef5d0c19e3904ac891dc126f4aa695bfe14a55f6e3b567ccb 4960b899c265547f7e9a935880cb3e12a25de2bc980aa128fbd90042dab63aff lib/codeql/swift/generated/expr/BridgeFromObjCExpr.qll b9a6520d01613dfb8c7606177e2d23759e2d8ce54bd255a4b76a817971061a6b b9a6520d01613dfb8c7606177e2d23759e2d8ce54bd255a4b76a817971061a6b lib/codeql/swift/generated/expr/BridgeToObjCExpr.qll 31ca13762aee9a6a17746f40ec4e1e929811c81fdadb27c48e0e7ce6a3a6222d 31ca13762aee9a6a17746f40ec4e1e929811c81fdadb27c48e0e7ce6a3a6222d lib/codeql/swift/generated/expr/BuiltinLiteralExpr.qll 052f8d0e9109a0d4496da1ae2b461417951614c88dbc9d80220908734b3f70c6 536fa290bb75deae0517d53528237eab74664958bf7fdbf8041283415dda2142 lib/codeql/swift/generated/expr/CallExpr.qll c7dc105fcb6c0956e20d40f736db35bd7f38f41c3d872858972c2ca120110d36 c7dc105fcb6c0956e20d40f736db35bd7f38f41c3d872858972c2ca120110d36 -lib/codeql/swift/generated/expr/CaptureListExpr.qll 63607dd5dc68a3a5cc736dd2ff74b64cf914883c7813ea795e39996238e68928 81e795f62bd38517eef4a2b05ba75c0e3d247d03c8d48a6539d97b14e080e6bc +lib/codeql/swift/generated/expr/CaptureListExpr.qll 4e94c2c66020f95af615d98756d7c1843c2744b3c1d83f73f24f6153d9d0592b e35e8190904415e2a1fe12857127c90cfaecde4f6f173d16399f45c0264d207c lib/codeql/swift/generated/expr/CheckedCastExpr.qll 146c24e72cda519676321d3bdb89d1953dfe1810d2710f04cfdc4210ace24c40 91093e0ba88ec3621b538d98454573b5eea6d43075a2ab0a08f80f9b9be336d3 lib/codeql/swift/generated/expr/ClassMetatypeToObjectExpr.qll 076c0f7369af3fffc8860429bd8e290962bf7fc8cf53bbba061de534e99cc8bf 076c0f7369af3fffc8860429bd8e290962bf7fc8cf53bbba061de534e99cc8bf lib/codeql/swift/generated/expr/ClosureExpr.qll f194fc8c5f67fcf0219e8e2de93ee2b820c27a609b2986b68d57a54445f66b61 3cae87f6c6eefb32195f06bc4c95ff6634446ecf346d3a3c94dc05c1539f3de2 @@ -462,146 +462,146 @@ lib/codeql/swift/generated/expr/ConditionalBridgeFromObjCExpr.qll 4a21e63cc54702 lib/codeql/swift/generated/expr/ConditionalCheckedCastExpr.qll 92a999dd1dcc1f498ed2e28b4d65ac697788960a66452a66b5281c287596d42b 92a999dd1dcc1f498ed2e28b4d65ac697788960a66452a66b5281c287596d42b lib/codeql/swift/generated/expr/CovariantFunctionConversionExpr.qll b749118590163eafbd538e71e4c903668451f52ae0dabbb13e504e7b1fefa9e1 abaf3f10d35bab1cf6ab44cb2e2eb1768938985ce00af4877d6043560a6b48ec lib/codeql/swift/generated/expr/CovariantReturnConversionExpr.qll f1b409f0bf54b149deb1a40fbe337579a0f6eb2498ef176ef5f64bc53e94e2fe 532d6cb2ebbb1e6da4b26df439214a5a64ec1eb8a222917ba2913f4ee8d73bd8 -lib/codeql/swift/generated/expr/DeclRefExpr.qll 3da24deb23c577e166ba613c05cb1446a84cc8e1fc926979e1d5c2982aacc3fa 60c8462cbf34ea775bf3e298ad9610b3ff5f5711b150a645869ebee197a8c40e -lib/codeql/swift/generated/expr/DefaultArgumentExpr.qll 3ae13423447d2dc9bbafb2f3cb7f268ffe2ce4e66e12657328da48d6adb57b7d ec9782ca53bc44ccd0e5389b5a5722970fc4a1617076a1ca235fe26970a1bfac +lib/codeql/swift/generated/expr/DeclRefExpr.qll dda3034aba0170fb91ae62e5c8b02af27f3ac682c856af6eba2f8c57c186befe 338e7cfbea450e555191518dfa6b7b43cef3a0a029c4c0adb5101a2471c24c5e +lib/codeql/swift/generated/expr/DefaultArgumentExpr.qll ca9f228742acf990a81308f68a66dc55b35c75f23d5f0cabfdff30a1b99064d7 a97de64329149db8ca6d25635bdda63df0a2bdb600cfe0c71017e2eb3fdecb15 lib/codeql/swift/generated/expr/DerivedToBaseExpr.qll 5f371b5b82262efb416af1a54073079dcf857f7a744010294f79a631c76c0e68 5f371b5b82262efb416af1a54073079dcf857f7a744010294f79a631c76c0e68 lib/codeql/swift/generated/expr/DestructureTupleExpr.qll 1214d25d0fa6a7c2f183d9b12c97c679e9b92420ca1970d802ea1fe84b42ccc8 1214d25d0fa6a7c2f183d9b12c97c679e9b92420ca1970d802ea1fe84b42ccc8 -lib/codeql/swift/generated/expr/DictionaryExpr.qll bcafddc686c115a971a382d6e9eae448533a2b0414b1c39654b4fd0f687fe4ee 1baabf702d37403f18a4422e00237ac8cc4101bd6b2d7a9112c1d844eaf43602 +lib/codeql/swift/generated/expr/DictionaryExpr.qll f8bab2bdf683f4974be102faea2f8ff48ede5937a9112a1fa149180143052b0a 152ae4811c5282c68b9f2eb7b123631fbe461af7a7947434abf7e523b35b27e2 lib/codeql/swift/generated/expr/DifferentiableFunctionExpr.qll 9143e12dfe0b3b4cc2d1fe27d893498f5bd6725c31bee217ab9fa1ca5efeca7b a28c05a5c249c1f0a59ab08bf50643ef4d13ba6f54437e8fa41700d44567ec71 lib/codeql/swift/generated/expr/DifferentiableFunctionExtractOriginalExpr.qll d90266387d6eecf2bacb2d0f5f05a2132a018f1ccf723664e314dcfd8972772d 44fe931ed622373f07fc89b1ea7c69af3f1cf3b9c5715d48d15dd2d0e49cc9dc lib/codeql/swift/generated/expr/DiscardAssignmentExpr.qll f2cb4a5295855bcfe47a223e0ab9b915c22081fe7dddda801b360aa365604efd f2cb4a5295855bcfe47a223e0ab9b915c22081fe7dddda801b360aa365604efd lib/codeql/swift/generated/expr/DotSelfExpr.qll af32541b2a03d91c4b4184b8ebca50e2fe61307c2b438f50f46cd90592147425 af32541b2a03d91c4b4184b8ebca50e2fe61307c2b438f50f46cd90592147425 -lib/codeql/swift/generated/expr/DotSyntaxBaseIgnoredExpr.qll 82a84703f7aa0c1383aa92d0d755eca8cd4aa0edcaa21363899722c3925a3a0f 795e5f27c604c17b896b182646c33825965e4178bc07ee7d6620ed988375c50f +lib/codeql/swift/generated/expr/DotSyntaxBaseIgnoredExpr.qll d0fc8b6e09dd76a5b7fcc7ad632520c704d8629546f42c7cf6b3fc936d1ba38d f1364fb26d3515594489485a1f3d0ab0520fb129c87ffed0d3920b754ddc7dbd lib/codeql/swift/generated/expr/DotSyntaxCallExpr.qll 1eedcaafbf5e83b5e535f608ba29e25f0e0de7dbc484e14001362bad132c45d0 1eedcaafbf5e83b5e535f608ba29e25f0e0de7dbc484e14001362bad132c45d0 lib/codeql/swift/generated/expr/DynamicLookupExpr.qll 0f0d745085364bca3b67f67e3445d530cbd3733d857c76acab2bccedabb5446e f252dd4b1ba1580fc9a32f42ab1b5be49b85120ec10c278083761494d1ee4c5d lib/codeql/swift/generated/expr/DynamicMemberRefExpr.qll 2eab0e58a191624a9bf81a25f5ddad841f04001b7e9412a91e49b9d015259bbe 2eab0e58a191624a9bf81a25f5ddad841f04001b7e9412a91e49b9d015259bbe lib/codeql/swift/generated/expr/DynamicSubscriptExpr.qll f9d7d2fc89f1b724cab837be23188604cefa2c368fa07e942c7a408c9e824f3d f9d7d2fc89f1b724cab837be23188604cefa2c368fa07e942c7a408c9e824f3d -lib/codeql/swift/generated/expr/DynamicTypeExpr.qll eb77056ec3682edf4a0adab47bf24b5afc19f66fe5bc56cf77b7a1a0c389ec29 e7cd0e71974ad84f67992468ecfc319fa9ee4f749718778d7718576ff06a8a05 -lib/codeql/swift/generated/expr/EnumIsCaseExpr.qll 2a4a42843d9bbd24584c5ff4f60458df72737c3603aa2a22d57d466e53e4cb44 d03b7608a65fc2ccb39cc71167fc4350a7e29c86c782e0e734a21c99bb4e3f5a +lib/codeql/swift/generated/expr/DynamicTypeExpr.qll c29baea6ec5b0b7186b675e3322cd1cee9db8d647e16ac0f716990c22df17074 de9118fdb3778ef76de284992791d3f0f9978876f5799eda39da92c1242e603e +lib/codeql/swift/generated/expr/EnumIsCaseExpr.qll edea1f464dc24ad8d300c547698699704cf7d9232782c2b6a536af6e058d440c 7d860abba668ac5fb078ac7b72d455824331d753751bbfbe7044a85a8365b6a7 lib/codeql/swift/generated/expr/ErasureExpr.qll c232bc7b612429b97dbd4bb2383c2601c7d12f63312f2c49e695c7a8a87fa72a c232bc7b612429b97dbd4bb2383c2601c7d12f63312f2c49e695c7a8a87fa72a lib/codeql/swift/generated/expr/ErrorExpr.qll 8e354eed5655e7261d939f3831eb6fa2961cdd2cebe41e3e3e7f54475e8a6083 8e354eed5655e7261d939f3831eb6fa2961cdd2cebe41e3e3e7f54475e8a6083 lib/codeql/swift/generated/expr/ExistentialMetatypeToObjectExpr.qll eb0d42aac3f6331011a0e26cf5581c5e0a1b5523d2da94672abdebe70000d65b efe2bc0424e551454acc919abe4dac7fd246b84f1ae0e5d2e31a49cbcf84ce40 -lib/codeql/swift/generated/expr/ExplicitCastExpr.qll 7c2a0ae4287b69f1e6baa66de9dd2c84881b7a975be9936eeb0feaba4fef740d 239dbe3f52d1d4d040fc3a579591126fddd2562905e439b24cadad39f63c7f5f +lib/codeql/swift/generated/expr/ExplicitCastExpr.qll 162f94461d41cf10a81567e13d5141d7aca417cc92d4ef55de97c7909681882e c8e7d1f569265a9bc2ae6a82e33783ec3ac077c3ae6e582edcb49a4eb816f7b5 lib/codeql/swift/generated/expr/ExplicitClosureExpr.qll c5291fb91e04a99133d1b4caf25f8bd6e7f2e7b9d5d99558143899f4dc9a7861 c5291fb91e04a99133d1b4caf25f8bd6e7f2e7b9d5d99558143899f4dc9a7861 -lib/codeql/swift/generated/expr/Expr.qll a8fd735004b6e60d09111292f4005399c63749d7b0a0c4c25f012e496237ebcd f51397fddb39469ca64701eb94a5fb520bf64a035b2274b96276efb3013c6456 +lib/codeql/swift/generated/expr/Expr.qll b09ddd296693ad78a2b0e7dc17d2b746357ae88645b046a026861eafeba616cb 498c628f904fbf48be10f32b146168b71f8f7d9f829614e422020701ccc0f8e4 lib/codeql/swift/generated/expr/FloatLiteralExpr.qll ae851773886b3d33ab5535572a4d6f771d4b11d6c93e802f01348edb2d80c454 35f103436fc2d1b2cec67b5fbae07b28c054c9687d57cbd3245c38c55d8bde0b lib/codeql/swift/generated/expr/ForceTryExpr.qll 062997b5e9a9e993de703856ae6af60fe1950951cf77cdab11b972fb0a5a4ed3 062997b5e9a9e993de703856ae6af60fe1950951cf77cdab11b972fb0a5a4ed3 -lib/codeql/swift/generated/expr/ForceValueExpr.qll 031918fbc027cbdaaa5fb24348c1b87e0de872ead052a0087afc7aa9a2a46146 b10988554b049b4c07ba394b028e2402b422581402cc82702d3a340f170aaee5 +lib/codeql/swift/generated/expr/ForceValueExpr.qll cd7ee5fa4a6f7094c7fbb9c5831f60d5ce18b123fe7beea3dcb26ca78e387118 7cdef6e9b501f9e9cb0d48828e68b349b25e4e5f312e5bcee91868ae8b196e7d lib/codeql/swift/generated/expr/ForcedCheckedCastExpr.qll cf4792bd4a2c5ce264de141bdbc2ec10f59f1a79a5def8c052737f67807bb8c1 cf4792bd4a2c5ce264de141bdbc2ec10f59f1a79a5def8c052737f67807bb8c1 lib/codeql/swift/generated/expr/ForeignObjectConversionExpr.qll 243a4e14037546fcbb0afc1c3ba9e93d386780e83518b0f03383a721c68998d6 8ea334750c8797f7334f01c177382088f60ef831902abf4ff8a62c43b8be4ca5 lib/codeql/swift/generated/expr/FunctionConversionExpr.qll 8f6c927adaf036358b276ad1d9069620f932fa9e0e15f77e46e5ed19318349ab 8f6c927adaf036358b276ad1d9069620f932fa9e0e15f77e46e5ed19318349ab -lib/codeql/swift/generated/expr/IdentityExpr.qll 2f65d65b46e0b0e9681e641bc543da38b5d1865bdd470c17ffe3286b2a9f72a6 b6b907f1bd7669fb494d3b0f1a6c4e65889becc2349d0d272a00ca09f258e5da -lib/codeql/swift/generated/expr/IfExpr.qll e1cc10ec12eea72143f922fd100a889e3391b0ea37f084be4466407d2a74717e c248b798feff101d04bdc0d24c383f4caf3f0fbcb26d1b747cf14bd42322081a -lib/codeql/swift/generated/expr/ImplicitConversionExpr.qll 534ad4adc1fab3c12587dc300434afbad4a9c05d8ae35bfb832badb2db818245 3a382d7e3c1e4f5248a66bcd18cc1f295df6a3a8a3dca21c893533d0ef052cc7 -lib/codeql/swift/generated/expr/InOutExpr.qll 19401ce62967483efe219cd23512efbe782a0f0cd8352e71c0623671104335bc 9dc0076a2975bfe42f301e6b4f1da47a3aceb98807ded70d8d2a77529cfb10c7 +lib/codeql/swift/generated/expr/IdentityExpr.qll c897dca30406cf3b7bdee32050e61d30bd3c4a6929dd085864528ed988bcd517 7a3f4eb1f59a649caf06c988e0280f41bd18e80ea4fcc803e70f60acccde27b1 +lib/codeql/swift/generated/expr/IfExpr.qll e9e69fa787640a2f510aed7a263b480cded12cb9b308a24577c742d9aa75b08a 842cef9df1510fbd21dbd10a902a820770c4bd6682035ba473776b35c2f5728d +lib/codeql/swift/generated/expr/ImplicitConversionExpr.qll d3244866ca16b30b82b27c88d71ac5d1eb88872daf789e849ee32f13329f776c 442ef5d940eaf9c34eff32638cb7c50853f321f3774cd32fe567d4982129a4e4 +lib/codeql/swift/generated/expr/InOutExpr.qll 92893f3db8c47e89deeaaee42ef70d5af3acbbfb4c2eca3c501097fbf13e475e f6f50562bcfe42554a457acdefeb02c0dca59eb7e36542b2c4e0589b64e7ce31 lib/codeql/swift/generated/expr/InOutToPointerExpr.qll 4b9ceffe43f192fac0c428d66e6d91c3a6e2136b6d4e3c98cdab83b2e6a77719 4b9ceffe43f192fac0c428d66e6d91c3a6e2136b6d4e3c98cdab83b2e6a77719 lib/codeql/swift/generated/expr/InitializerRefCallExpr.qll 4556d49d78566ad70a5e784a6db4897dc78ef1f30e67f0052dbb070eca8350f0 4556d49d78566ad70a5e784a6db4897dc78ef1f30e67f0052dbb070eca8350f0 lib/codeql/swift/generated/expr/InjectIntoOptionalExpr.qll b6fafb589901d73e94eb9bb0f5e87b54378d06ccc04c51a9f4c8003d1f23ead6 b6fafb589901d73e94eb9bb0f5e87b54378d06ccc04c51a9f4c8003d1f23ead6 lib/codeql/swift/generated/expr/IntegerLiteralExpr.qll aa54660c47169a35e396ea44430c3c4ec4353e33df1a00bd82aff7119f5af71b 7ba90cf17dd34080a9923253986b0f2680b44c4a4ba6e0fbad8b39d3b20c44b9 -lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll 76afd9b052d191efb55adc9d02da5cf538822df2b6d1e2f6138b0680b5580c5b cd8d11cd4d13d49971961a8ba872257e79eed813711dd442e7300b241ca9a7d8 +lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll e2c1aadf140c808a615bdc8732a154f6c1f8b79168779e1ba48753506fbd9516 5e9f20ee16b133269de6874c6776611b6f4eaec202a0e6a955a572c2a082ac40 lib/codeql/swift/generated/expr/IsExpr.qll b5ca50490cae8ac590b68a1a51b7039a54280d606b42c444808a04fa26c7e1b6 b5ca50490cae8ac590b68a1a51b7039a54280d606b42c444808a04fa26c7e1b6 -lib/codeql/swift/generated/expr/KeyPathApplicationExpr.qll 9256a74d0cbce2390ac5af8a96d16d50837cc8bac5cbe150f1a6f9bc2783369c e91bde8513bfeb287f13e6bf4fe9344822e3f28ef18554d1b68d4411b965d119 +lib/codeql/swift/generated/expr/KeyPathApplicationExpr.qll 157a9c2fcf229b76d104abfa49f74337e20ac4d1fa1be2eaed1290cbd9bd1232 70ec0e7ee2e2c716ba510916fdf6d1d6dd6fd93b740a46c909ddb9e877427fe1 lib/codeql/swift/generated/expr/KeyPathDotExpr.qll ea73a462801fbe5e27b2f47bca4b39f6936d326d15d6de3f18b7afa6ace35878 ea73a462801fbe5e27b2f47bca4b39f6936d326d15d6de3f18b7afa6ace35878 -lib/codeql/swift/generated/expr/KeyPathExpr.qll 320299a42630a6190b98bf27a6e4acb280573dc5bff8fc7d5fc734107984629b 51823892909330c12fb53f27d35cc686b03793b66c62b6423b25f96e07a0946d -lib/codeql/swift/generated/expr/LazyInitializationExpr.qll a32e19a88296c499c8a934d0be5400ceb310e7f73996518c4ddc5dd06e922bd4 ecfcc601f01581993b2c5adbd0c00c741e4731422c85d75359c27f80d5d4be17 +lib/codeql/swift/generated/expr/KeyPathExpr.qll 654b32a92ff8015cb4b8d64c83abed601a884f4181613a7d428e975a945afff5 4c82c7b9d9232e84dd898cb7d3d79c1365481cd9d37444318a776ae509eb023a +lib/codeql/swift/generated/expr/LazyInitializationExpr.qll b81b831893b0f1c2bcbf48a708267cd54a86dfc6af6dde8b8b57a03e045abff2 b28cf1f4017edee09278a23f403932f91fb1a21ea83778cccf7683b5a57f6480 lib/codeql/swift/generated/expr/LinearFunctionExpr.qll cd4c31bed9d0beb09fdfc57069d28adb3a661c064d9c6f52bb250011d8e212a7 cd4c31bed9d0beb09fdfc57069d28adb3a661c064d9c6f52bb250011d8e212a7 lib/codeql/swift/generated/expr/LinearFunctionExtractOriginalExpr.qll ee7d3e025815b5af392ffc006ec91e3150130f2bd708ab92dbe80f2efa9e6792 bcf9ed64cca2dcf5bb544f6347de3d6faa059a1900042a36555e11dfbe0a6013 lib/codeql/swift/generated/expr/LinearToDifferentiableFunctionExpr.qll f7aa178bff083d8e2822fda63de201d9d7f56f7f59f797ec92826001fca98143 c3ef32483f6da294c066c66b1d40159bc51366d817cf64a364f375f5e5dfa8b0 lib/codeql/swift/generated/expr/LiteralExpr.qll b501f426fa4e638b24d772c2ce4a4e0d40fce25b083a3eee361a66983683ee9d 068208879c86fbd5bed8290ce5962868af6c294a53ad1548cf89cf5a7f8e1781 lib/codeql/swift/generated/expr/LoadExpr.qll 90b9ba4c96c26c476c3692b1200c31071aa10199d3e21ef386ff48b9f0b6d33a 90b9ba4c96c26c476c3692b1200c31071aa10199d3e21ef386ff48b9f0b6d33a -lib/codeql/swift/generated/expr/LookupExpr.qll b779a332de7d4e2713e46f0755d199af67bc1982777307603b6da93f089ce736 984f030417fb890262404e8da98133f8352289058463c6f049d3083a7b25201a +lib/codeql/swift/generated/expr/LookupExpr.qll 12844a93ff8244c9a9c7091b32c56e80a1196dee5fbdd67dafa5329e8d424ed9 da9ba34043930d541751ba3bc828cfcf86cc0fcf3b58bf2a2a0b8d9ad7d73153 lib/codeql/swift/generated/expr/MagicIdentifierLiteralExpr.qll 16f0050128caf916506b1f7372dc225a12809a60b5b00f108705fcdfce3344a8 c064778526a5854bdf8cdbf4b64ad680b60df9fe71ec7a2d9aa6c36a7c4e5b31 -lib/codeql/swift/generated/expr/MakeTemporarilyEscapableExpr.qll bdb121f1e355ab5556288eaab7fd6e9bc811d6178d5bc923f70495674f124ac1 132002ab50d8ddb6192969c7ae723652c3a043170f122e7e1e6f69a3ded2dec9 +lib/codeql/swift/generated/expr/MakeTemporarilyEscapableExpr.qll c63cd023a5c2662e2beee8dba5f9cb0012103424a245df5fde0d4a08a13a87ea 78729409bc0e387ad2ed7cd84b074dbf190f378a6c8794f4a6596ddfa1b1ad85 lib/codeql/swift/generated/expr/MemberRefExpr.qll e7db805b904d9b5d1e2bc2c171656e9da58f02a585127c45f52f7f8e691dc2e5 b44b5208e0b72060527a6fdb24b17b208f2263d78690d13548fba937fe0db3cd lib/codeql/swift/generated/expr/MetatypeConversionExpr.qll 714ecbc8ac51fdaaa4075388f20fe5063ead9264ca20c4ab8864c48364ef4b42 714ecbc8ac51fdaaa4075388f20fe5063ead9264ca20c4ab8864c48364ef4b42 -lib/codeql/swift/generated/expr/MethodLookupExpr.qll c046f7a05fa7a7a6cdbd77814d4695298132d5b8d7fc77b069760bd99ca2dcd5 b645d0b979916293b61a7dbb363d47478e3abf3e5f08fcdbfc466a46109b84f1 +lib/codeql/swift/generated/expr/MethodLookupExpr.qll 526c9001c311a890db2409a46180a7fedbb11b6dcd8ee23dda4d4644e65bed3a 4b287235a19b85880136ac3485a85742aad7217021c9f6729bf2a39be5ebd1a1 lib/codeql/swift/generated/expr/NilLiteralExpr.qll 6f44106bc5396c87681676fc3e1239fe052d1a481d0a854afa8b66369668b058 6f44106bc5396c87681676fc3e1239fe052d1a481d0a854afa8b66369668b058 lib/codeql/swift/generated/expr/NumberLiteralExpr.qll 8acc7df8fe83b7d36d66b2feed0b8859bfde873c6a88dd676c9ebed32f39bd04 4bbafc8996b2e95522d8167417668b536b2651817f732554de3083c4857af96a -lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll 6d662aeaa104bb590fca8c0b18c47c6a7b841eb118b2e40783d4e1410dc6b188 64adf0a0b32de64189cea427741d9d8c559b5a606b6a9de77b76aa67c3926487 -lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll 16fde05a4a997f5fab3b7abc20215062dc7b110e5291bda061b59ba673b639af a8fdb788d1caeae3954f37ccc4c688248ee6bc7548086832f9646d99b12bcb6d -lib/codeql/swift/generated/expr/OneWayExpr.qll e4e4f44eaaf8bba954fbbd2f33ab3b6b000a8adca8889eb07fe1b230f2e9d86a 60c86fb20399c60cd8c95a91f2a76f82f5b370bd52d25694139b23215af64d5e +lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll efc72580627467dce30ab784bfb963bd21297440bd6287600d0b3f2c5836c340 29a7974a65bde8f434de159e9a6ea0f6f48609d4d3332a216261f3c64cf3a070 +lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll 199b3a5196bff35681ba2e4bdb546cfbe0a2e265f535d05cfdb89af9c382c1a6 7c6b962565841a634c850d088fd404a3e6f3045e05ff555e1cde0ec02ba8dc8d +lib/codeql/swift/generated/expr/OneWayExpr.qll 8464649694b671a8462476fcd3827b07f8448069c7caa9e9efce44d7ce87aee0 c3e143ecd28238342a1d911a468087cc58a751106385f01cbe5a44e19c862d0e lib/codeql/swift/generated/expr/OpaqueValueExpr.qll 354f23d00d5ea2e734fd192130620d26c76c14d5bb7b0a1aa69f17ffb5289793 354f23d00d5ea2e734fd192130620d26c76c14d5bb7b0a1aa69f17ffb5289793 -lib/codeql/swift/generated/expr/OpenExistentialExpr.qll 3c703aeb60d582ef2b3ec279549e6d5e587053192ebb52791f8ed7309da5de88 ab22ef76436bfd3cac13d02b0da81063dcc38d5c3a08fc6501db940a7b8660c7 -lib/codeql/swift/generated/expr/OptionalEvaluationExpr.qll 30580135a909742ce63edcf412640aad1aae9f8a4dcbb9814e579fa9ae046c25 f6f7159379605cc985032ca9795cb5c711db9d318d45c90c91618f0dd144636b +lib/codeql/swift/generated/expr/OpenExistentialExpr.qll 55ff1b4fdf23b787538f8b8cdc5f382d874221cec230f8fa35189ebf6de09b58 8235fe3387753a0ac389e297bf67b416991117587a98a566620ac9b328887dd6 +lib/codeql/swift/generated/expr/OptionalEvaluationExpr.qll 76a3a789b3a4f17dd494f973f099766aa1db97c38cbbd93542e664a7cd7e1680 f56ce693b59cee6713a7cfdb2937a8a4e791d6e80c241ecd333ab197482a2d1b lib/codeql/swift/generated/expr/OptionalTryExpr.qll f0c8dff90faee4fbf07772efda53afe1acc1fd148c16ee4d85a1502a36178e71 f0c8dff90faee4fbf07772efda53afe1acc1fd148c16ee4d85a1502a36178e71 -lib/codeql/swift/generated/expr/OtherInitializerRefExpr.qll 2a3aea57c598fac2c7b2972983cc735acb38eac65e65903f6e76e2166ca58a78 a99d418f26b3e867c42633d93769e49a06f3863fc2068f16cb6bc7f331ad3f56 -lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll 382fec573d036c6b75692d42d64b3e3ed3088c73b905318cb4cc5a743e009578 9feb7a67656d1e6380e2be1a4484980dc8b40844aebdd032a2862af834d2da2e +lib/codeql/swift/generated/expr/OtherInitializerRefExpr.qll 9e695cca00e162beadad513d6833f117cee0f364da6f16c7ed3809573c1fbfe2 ff29f1f265e22eefc9166f77fa8adca7f89d3f769591149e21c58c0789577a88 +lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll fee0ef58103e48b9238f1dd94d530a54e8ffaea95924cdbb38057701360a849d 2e851c3aee89aa3cbc3b67846a723b98708233e74e872641988c3200476d2da2 lib/codeql/swift/generated/expr/ParenExpr.qll f3fb35017423ee7360cab737249c01623cafc5affe8845f3898697d3bd2ef9d7 f3fb35017423ee7360cab737249c01623cafc5affe8845f3898697d3bd2ef9d7 lib/codeql/swift/generated/expr/PointerToPointerExpr.qll 7d6fa806bba09804705f9cef5be66e09cbbbbda9a4c5eae75d4380f1527bb1bd 7d6fa806bba09804705f9cef5be66e09cbbbbda9a4c5eae75d4380f1527bb1bd lib/codeql/swift/generated/expr/PostfixUnaryExpr.qll d1094c42aa03158bf89bace09b0a92b3056d560ebf69ddbf286accce7940d3ab d1094c42aa03158bf89bace09b0a92b3056d560ebf69ddbf286accce7940d3ab lib/codeql/swift/generated/expr/PrefixUnaryExpr.qll f66dee3c70ed257914de4dd4e8501bb49c9fe6c156ddad86cdcc636cf49b5f62 f66dee3c70ed257914de4dd4e8501bb49c9fe6c156ddad86cdcc636cf49b5f62 -lib/codeql/swift/generated/expr/PropertyWrapperValuePlaceholderExpr.qll be709fb5ca2b4d85eb26fdaf50a60d87252c64a84400acec1d739197da2cfff8 9fa64c4904efc96bc3566c14f38592f1f41ace65d669fdda57cba858bbd52c6f +lib/codeql/swift/generated/expr/PropertyWrapperValuePlaceholderExpr.qll 0d604764ca2e77a51b7e7062a1f57c6f46dd007717bdebf765eb7b737ef5062d cff734718467dfd4abc12dcf7e72c5745fe4e917204cdd22e42973f30eb06df7 lib/codeql/swift/generated/expr/ProtocolMetatypeToObjectExpr.qll b692be6e5b249c095b77f4adcad5760f48bc07f6f53767ee3d236025ee4a2a51 efa47435cde494f3477164c540ac1ce0b036cb9c60f5f8ec7bfca82a88e208fb -lib/codeql/swift/generated/expr/RebindSelfInInitializerExpr.qll 0339797449a2dcb08d874f800035e444a86a112f3ba2327a49c82dae6ab4cec9 6fc8cdd932ced95ef0548d81731b71e55b0b1ccffbce579d80370bd9523f722d +lib/codeql/swift/generated/expr/RebindSelfInInitializerExpr.qll 87984796ee7bb5f8f474563d03e667b09ff36ccba5e084504e24ab3d9e90d4f2 b4885cb5a72edad07011e3e576ff3ce08ef6399320786ce1cf9d7a0a6350eb6f lib/codeql/swift/generated/expr/RegexLiteralExpr.qll a11eb6f6ce7cebb35ab9ff51eae85f272980140814d7e6bded454069457a1312 bdb4bb65c9f4e187cf743ed13c0213bb7e55db9cc3adeae2169df5e32b003940 -lib/codeql/swift/generated/expr/SelfApplyExpr.qll 7890ce785dffa87daa086498d300a1926b75d3ed32fee9bb227cd65e6833c7cc 0ef9389478c0de2d43b360525216f7dd097323b957f8fe36ec18013183e63689 -lib/codeql/swift/generated/expr/SequenceExpr.qll 7467f86f7ce67bf6b50585eed32c026700c800300156179b09858fee8fafa96c 861d827db780611557a87d5b36f173d470b4701729ac773dd0091b195619fa24 +lib/codeql/swift/generated/expr/SelfApplyExpr.qll c0815a4d6d4f08bd0c7bc170fa817ebcb2328c937c8ef16391fb0da71aff17ae 0979f035e8d4b54e93f17163a4df3c2aa65f23d56c491fa72376887e3e5c10ac +lib/codeql/swift/generated/expr/SequenceExpr.qll 62301b2e4c76de4820c6deef0ee95c8b328ed14ba8eac70aa10cc8fb0f3c5ace feb960c796ea517abc9587bd76f7ae9aabfd9a6b0984fe2d8380e803b002eede lib/codeql/swift/generated/expr/StringLiteralExpr.qll f420c5cd51a223b6f98177147967266e0094a5718ba2d57ae2d3acbb64bbb4b6 30d6dab2a93fd95e652a700902c4d106fecfce13880c2ece565de29f2504bedf lib/codeql/swift/generated/expr/StringToPointerExpr.qll ef69b570aa90697d438f5787a86797955b4b2f985960b5859a7bd13b9ecb9cd3 ef69b570aa90697d438f5787a86797955b4b2f985960b5859a7bd13b9ecb9cd3 -lib/codeql/swift/generated/expr/SubscriptExpr.qll 814310819247d459fa650e02022083d49f2103d1dd79169ac9980fbfecd8ba45 c33270ae90e950af8affd8ef99208d092bcbe2994511c1c3f15aad72dcde5eb2 -lib/codeql/swift/generated/expr/SuperRefExpr.qll ae3563dd5dc3a820f627f8ca06e6b13876f7ff1125ba679773fdbb67fc47a693 de24bebae85e543e6d5b2bc2b3236aefe46d0511668838cacd60023d09318647 -lib/codeql/swift/generated/expr/TapExpr.qll ee07e14ed0bffeb28c7cd8068ed1010202319d456a7c378b70de6d733f18f12d d1fdec2425d6a3e774c279d2b9b2291d40816e8bf4da4a46704d31b7037161dd +lib/codeql/swift/generated/expr/SubscriptExpr.qll 70ca2812ac4018c062fcb099e20433c7960325e68cfc544599d1860793b1464f d01d4b4ed833cb0390c3e96e75ef51150721245b0277946d75daca32d4085d9b +lib/codeql/swift/generated/expr/SuperRefExpr.qll f550961b912bdcaf159d4729b0a3f6911e97365e6d429717d4a9770a2a83a184 e5735644d755ac2ee56f6c3ab13ca6657c21cd00a366665ea858d405d32cb112 +lib/codeql/swift/generated/expr/TapExpr.qll 8556465559ed243c16396a1b426b666362c1bab1535a12faf9c1050e1b06c668 ea1c30b90d3620e580294d7d7010a720be688e10a9469405cd58b3da55070dc6 lib/codeql/swift/generated/expr/TryExpr.qll e6619905d9b2e06708c3bf41dace8c4e6332903f7111b3a59609d2bb7a6483ee e6619905d9b2e06708c3bf41dace8c4e6332903f7111b3a59609d2bb7a6483ee -lib/codeql/swift/generated/expr/TupleElementExpr.qll f729d1120bdb850ec0add490f0997d1c6af9356f5634a2ac11bde14304f91cc3 9031560267c3327f1a63777dd4fe4158093313ea11998efa9bb7bd7df8dcdc79 -lib/codeql/swift/generated/expr/TupleExpr.qll c3a0123f15bd584c8c27703a92df20c003ccea55665dab9fd5119d9b5c0ae93b e65362b0cb86b07a50e384534612eea84b44635ae55a61927d0d558ea44c3aa3 -lib/codeql/swift/generated/expr/TypeExpr.qll e2103b8d717e0390baffce2f35d2b01d3084f873a47fe7e70ba452368c640bd3 e311df2c9b77503bc776a6c3266d3fcd17a368d0f5cf7a5dbb7df00123b284f1 +lib/codeql/swift/generated/expr/TupleElementExpr.qll e0050f30b31c58bcfbaaa61137484f9463aab435cbe1fd0dddd7a4b9d3a8ae46 0192eb79f1b1bff6185dddbc8ed37865cb669a670ffb9f5b63c34c1bf53a73c2 +lib/codeql/swift/generated/expr/TupleExpr.qll b834c6347ec355f1135274f65bd7ca3768be42ea173225227a6b543c2fb2243b fddb421e1cdc8ae24afb6b72c0636b3341c5b039a4277fc99f00bbb077645cf8 +lib/codeql/swift/generated/expr/TypeExpr.qll accffc2dbe4a1f1ebdaeb4ca6a130faf139288a7470740213d5379ddc94dad18 e4595beff0e7b7cd698e2bb708ea10586cc2f2de5d6f9dcf3da3c3d9b43d33eb lib/codeql/swift/generated/expr/UnderlyingToOpaqueExpr.qll 13d6c7a16ec0c4c92d12e052437dfa84274394ee8a4ca9b2c9e59514564dc683 13d6c7a16ec0c4c92d12e052437dfa84274394ee8a4ca9b2c9e59514564dc683 lib/codeql/swift/generated/expr/UnevaluatedInstanceExpr.qll 21dedc617838eed25a8d3a011296fda78f99aee0e8ae2c06789484da6886cfea 21dedc617838eed25a8d3a011296fda78f99aee0e8ae2c06789484da6886cfea lib/codeql/swift/generated/expr/UnresolvedDeclRefExpr.qll 17e83f6418f39cfd3b7768ba694dafce2807f97239d3ac0939fc0c3761ae3571 910e9440cae403b13b6dd501a3dbbda564a1d7d61a532e99a1825590c2d9a4ab -lib/codeql/swift/generated/expr/UnresolvedDotExpr.qll 49fbcf07c345b6db06cfcb09e6f03b45b34fa7e520a3c205d47558d779e4c962 1dd710c2ffd9a0fa8b3f4a117ccc1d85d9c940e5387403472360b6732c2cbffb +lib/codeql/swift/generated/expr/UnresolvedDotExpr.qll 069ae7d5cf10c910b329252f553483a12b91fa9abee8622c096e2f7f95520c12 9a319e6da340b064042efd0ad5c4d0d55af9835053c881b1f7b43ceafd1fbb53 lib/codeql/swift/generated/expr/UnresolvedMemberChainResultExpr.qll ce900badb9484eb2202c4df5ab11de7a3765e8e5eefaa9639779500942790ef1 c626ff29598af71151dd4395086134008951d9790aa44bcd3d4b2d91d6ca017a lib/codeql/swift/generated/expr/UnresolvedMemberExpr.qll 6604f7eea32c151322c446c58e91ff68f3cfbf0fc040ccee046669bcc59fb42d c7738e6b909cb621ac109235ba13ede67a10b32894fd1a5114b16d48d6e9b606 -lib/codeql/swift/generated/expr/UnresolvedPatternExpr.qll 0c41a4752c618e38c5dcb0892afe5bf112a2a7197270338673f7d676ed40bdc5 0187956c9c5cd49b6de82db12c157115015031a4fce7998cd5380d19cfd78ab9 -lib/codeql/swift/generated/expr/UnresolvedSpecializeExpr.qll 6235187fc15e1b041d1b9058fa239b1f23f638d8ebc09f1bc424ece99a26ebd5 96e3eafe9adfe7736f6090fa9f2c93573697a69d5ad529852abf3b5e4a4e72ca +lib/codeql/swift/generated/expr/UnresolvedPatternExpr.qll 74424b4477fae99de30141cd4f343f20d22b6420d06cd3fc3d8291b25d741dc0 840d8269b09396c7d280f2e81b87898e463fce2f585d1a147863dd27eae9905b +lib/codeql/swift/generated/expr/UnresolvedSpecializeExpr.qll 3e5104b7539b4652d39b40e92f1e813314f9c0dc101f07568aa316a099a01de0 8f96d5b4f7407c116f990c9313534d4bcc06d3bad72269823fbad82a3a09c188 lib/codeql/swift/generated/expr/UnresolvedTypeConversionExpr.qll a38b74b695b9a21b2f1202d4d39017c3ac401e468079477b6d4901c118ae26b6 a79fb5b50b2a50cb2508360374640817848044a203e6b2ce93d6f441a208b84d -lib/codeql/swift/generated/expr/VarargExpansionExpr.qll f376431600530b233e0c2cab8544e1ecaf6d8dd13e885a0f643f13b4d98b910a 924daf0733b31937a4dc15d665530204103c9a2b1c0f3abdbbd658f189b77d82 +lib/codeql/swift/generated/expr/VarargExpansionExpr.qll ac50264811fc0303220f7825222577c24f0752d5d7bfcb614211ca166269858d 7f11ef495d7550747afe9ddaef94d5c2b127bced88331796dc9b6a331a2db407 lib/codeql/swift/generated/pattern/AnyPattern.qll ce091e368da281381539d17e3bac59497ad51bb9c167d8991b661db11c482775 ce091e368da281381539d17e3bac59497ad51bb9c167d8991b661db11c482775 -lib/codeql/swift/generated/pattern/BindingPattern.qll 0a6f32d66be8fc32daa2843660e4f460b85df79ff18f424aee1fc4c280885f1c eac5a045c08fe828871931f335105ee5e9eeb2fd313d14886631fd5701254721 +lib/codeql/swift/generated/pattern/BindingPattern.qll 61ae8b380b43c80710cf7d33c718c45b06cfa3680990e38e4191b3732236595c 1ff0450958cce5a5bfd00942d4846e3b2652499c738bd2790255632c883af0dd lib/codeql/swift/generated/pattern/BoolPattern.qll 118300aa665defa688a7c28f82deb73fa76adce1429d19aa082c71cfcbeb0903 0cd6db87e925e89f8ad6d464762d01d63ddfd34b05a31d5e80eb41aec37480b4 -lib/codeql/swift/generated/pattern/EnumElementPattern.qll 7c5a75523f851aa3e67c8c4e8274516715ebf61876931956169a9af03e1e1544 6631cff61b4b27ff8ba9eceb1bff25905159086154093c6200d157273ac10c42 -lib/codeql/swift/generated/pattern/ExprPattern.qll 68e211bc265d80eb77c3227fe804d54fcd199693dba3a6a1bdc74ac190c2c53d df5df794ef24c91d0414995dbdf57ca2009ccc55f70fd3298d6c77572c1d5e7e -lib/codeql/swift/generated/pattern/IsPattern.qll 1428413d7edc1daae1b9369184d2bfe93e83ed91b782ef8217ecdf231f6d858b e1a21f58b2b511bfbd47df08af95750c9731f647a28583220bfcc89aecfeeb18 +lib/codeql/swift/generated/pattern/EnumElementPattern.qll 4aad6e1db45b8d39f61827e44335b2d7c1b9346538933bea82e4cec4b0993e3a 645edf97eb83f077f82c5f08cec912b845c826c2067f38f050b6e78031fe3a2e +lib/codeql/swift/generated/pattern/ExprPattern.qll 169cef487e499a21d0d2cc4eda7268eb29cb6b1081fa6a0bc4e8571677f063f3 b7f3160f0812cf565873b607a247e184f17cc0289758f9a46748e90e783abd4f +lib/codeql/swift/generated/pattern/IsPattern.qll 864c38251026a523f91f0c097899cbc0c281f29d5c11142d5434cd182e8d70b8 be03f3a3aacbd44dc8e6a03f88d241d1247a3686c0d7d8eb4b50fa57c675aac9 lib/codeql/swift/generated/pattern/NamedPattern.qll 5d25e51eb83e86363b95a6531ffb164e5a6070b4a577f3900140edbef0e83c71 9e88b2b2b90a547b402d4782e8d494bc555d4200763c094dd985fe3b7ebc1ec8 -lib/codeql/swift/generated/pattern/OptionalSomePattern.qll 93e3b0d2f6ebc042ebc9ff139f4df5d80e715e1a2cfa4c5ded7548a5f3897fc8 aa0bb0ae4c82472911fa9d434080f6c4fd1d8a316ed97d9aae8bde0a81a41da3 -lib/codeql/swift/generated/pattern/ParenPattern.qll 2b86219dec05da6e953f4c1cb038d98c3566ab278279d8af723817926ae88eec 23e586a6180635e81136d768b3b99755f08ef0e1c8bb46048f6dd31cf8a30879 +lib/codeql/swift/generated/pattern/OptionalSomePattern.qll 5b9c7032584619d4921d1a1324e3ce4bd7207f0d4daa703e1e059f983bf1b132 e6d44514cd123a7ad27f657a2b83d46277a961a849139380ece886430a862920 +lib/codeql/swift/generated/pattern/ParenPattern.qll 337cb03dcb7384f7ef13e35d843b3498c0ae391374f5e870d1e52c2d1baacd95 cba288ee99726f5bbf15cf61971e000a835cf6e8b7507dcf6f6c6dea91ec287a lib/codeql/swift/generated/pattern/Pattern.qll 0e96528a8dd87185f4fb23ba33ea418932762127e99739d7e56e5c8988e024d1 ba1e010c9f7f891048fb8c4ff8ea5a6c664c09e43d74b860d559f6459f82554a -lib/codeql/swift/generated/pattern/TuplePattern.qll d82f3fc807251263209d0cf27f19a48707e0368f3e93192c82d9ade66baca52d 68f1375cb150bcc280ecc065cdac85e7b05ecfd630993ebe944e9f34482818a6 -lib/codeql/swift/generated/pattern/TypedPattern.qll 4d9dec2bad3deccd7881ea8a0d6ff5807fae998febf2b4e6f0dd98341a0bbbdc 57309d44718c48e93622911957fc0a81dabf28d0a1f488c834f052d79bc7e93e -lib/codeql/swift/generated/stmt/BraceStmt.qll 1bbe5c2c4d88885e5345423ca03af269f881fc32a02154072acafd111a6c18b7 6a815892a8372bdfd12c270790d2ef7242310b54703fed8292b8d4ab5ee9d7e1 -lib/codeql/swift/generated/stmt/BreakStmt.qll ec8d423c7139f6fc8470d039549d9a6cb53834645cf0e940bceaee1aed560788 45c2b269aabd209e811d99fd0ae457fff9ed5332df854a7bf86c1f436ea549cb -lib/codeql/swift/generated/stmt/CaseLabelItem.qll a2eb4027d8cdacd95134f1ac40b4dd96c1fbc85ddcc92f3aef876cd41764eb5a 6b583bfacaea6033fd803abc1e7e9b64d760aa66200bd2a1d18561bc0c999234 -lib/codeql/swift/generated/stmt/CaseStmt.qll 31b7912e3e85b25864249c3474791fbe821745fbd81f8065b8092383a6005d64 34b873825d1dbcc30dbb551afc0ca0d66c2f5ee8f67b6256b9b74aa03e5fc83d -lib/codeql/swift/generated/stmt/ConditionElement.qll dc1d2180b779d7e2700e46fcc30dfe20caa45371d254c561e57b762a0ee847b0 ab5aea9669bc3cf2e4e20cda87d8ee403896c3749441389dc86f3dd8b2335027 -lib/codeql/swift/generated/stmt/ContinueStmt.qll c29f2fb3913ac561eb9949c9a74aab4e57a00bb80ae2976944f7276c38a2993f 948b6a69841e45bb16066d022616b8854d9a3ece233d8931d5c5e077d59b8679 -lib/codeql/swift/generated/stmt/DeferStmt.qll fd218f179d7139ccfa466bc59ec815d611bc80503f55c224d302060db956fa9e 9b153ed53e84e468ea8887c4866458f32c1b006c1bd51a872997d55f46628bc6 -lib/codeql/swift/generated/stmt/DoCatchStmt.qll 2d9c6235000936da027a89d356d7004ddd8491e4b7533b0ff797e3374abb469b f63ca4196f432333b9ffd1edd781737affb973f76d49394aac23143b8b9b2e72 -lib/codeql/swift/generated/stmt/DoStmt.qll dbce454f0e9e7cbafd610eb00f68d6ce839e111bcfe3a7e9bac315f29e3f6a23 7275838e3fad229de57115afaadaa455efd5c6ed95e469505d0eeb9adb101a30 +lib/codeql/swift/generated/pattern/TuplePattern.qll b3a138b0942f7e3eecb52ad2f095584a6cd5f555e9487c6eaad6a5527ae99f0c d6ff67ecc7395571acef4b82da514cb737c72d97ea557d89da534469feda340c +lib/codeql/swift/generated/pattern/TypedPattern.qll 95185ae7acddb74ac68f2d2e31d83e64e3bac3fdbd7a8301a6dc8bb1d89d7918 5d6edf73b4ac2f81843fda26894f5dbf8aa2a7c129af5e1a3256370683fa619c +lib/codeql/swift/generated/stmt/BraceStmt.qll 15461198f638b8995687ad8a20ef47c8fac24445a8c28ea5113bbaabe43e4be3 72fa14dbb9cd31032a5f35754991beb6183c2ef37f942707dbfc8911687d8c6e +lib/codeql/swift/generated/stmt/BreakStmt.qll 7dca1ed723117cc245636c7ec5f31a69dbbb228eae2f6423ffa1f327f964d1c8 43052e648b31c6edf88c28fc8aa0ec440601c06776d5a32e7ef1efbb59f64cf2 +lib/codeql/swift/generated/stmt/CaseLabelItem.qll d04772471f1651c0f3c15cb7fa003431b2a51bbffa945a14ae85bb3e58015249 406b2d411a1aa3a513f93e9602ce34138bd47d84a8c5b9fc226ed3e0c972ae08 +lib/codeql/swift/generated/stmt/CaseStmt.qll 01b7cb7fe5839c02fec5af4ddc9d6c7646583305e17543f1e5a6993b8467c3cd 62ab05c856c1a567aa7aaa04390fee9cd65d44ad3e244a1f781e97710b89653d +lib/codeql/swift/generated/stmt/ConditionElement.qll 2f60c9326681613939b411d9c5e53e0e0e5cf756b551af4e150b8be964d8e05d 4155edf57ccc61b87f5d51684e57c06cd0bc6733579275f089de51975546eab1 +lib/codeql/swift/generated/stmt/ContinueStmt.qll 572747312c2a7c4e6ad1c82c58f8ac55ce05d5e1f828160fe139c3d2c100eb61 a54d57cc434f7d04412bf130391e9c571f8f11f90be501d736e96f341b0c1de9 +lib/codeql/swift/generated/stmt/DeferStmt.qll 099b98183d770608f63ee09b290e71042e4cbbbc6a83b0f0fa10614af418c712 d5504347c08ab2b4764d5cb03a3b590a97144240d68f626db0778697ef9638c1 +lib/codeql/swift/generated/stmt/DoCatchStmt.qll 4a05ba358b289c052f1e7d6b86dae206e91a8033687c3fabddac1556173a8140 8743746aeb98f28e7786233db4a9eacfcf73aea3f602be9e1f8c0d956d22aeb1 +lib/codeql/swift/generated/stmt/DoStmt.qll b22efabd7431e703ae33dd1df69a9e3ceb49f512ab2c46be9c7eba2d53a1e37f 8d7796e2b4676da59aa8425014a16b82ef47d4ac22af60a10c5076a691af17d1 lib/codeql/swift/generated/stmt/FailStmt.qll d8f5816c51c5027fd6dacc8d9f5ddd21f691c138dfc80c6c79e250402a1fe165 d8f5816c51c5027fd6dacc8d9f5ddd21f691c138dfc80c6c79e250402a1fe165 -lib/codeql/swift/generated/stmt/FallthroughStmt.qll 1bcf5fe7a3709a9893896668da1ee4209e1ec3bf73f861241dc586cc6d43a334 ffd433d93fbfd3b82c3c46f22bed57da4493b72b4194db9b55c1142f51bdaab2 -lib/codeql/swift/generated/stmt/ForEachStmt.qll 1e08c898b8421577679fcaf6518947c6db270e90ee1cc8b80390b4c0f0d73f13 59e02adf04c9c92d07e220372ba60da4bc031dd39f98252d2693c406434a56c6 -lib/codeql/swift/generated/stmt/GuardStmt.qll 216d6f7ee2fbc32771c77251ea8c13f5bc80d372115285b35cac14a413fee543 ba0c7911a26f5c06f0a0f7004d40e1e7a218ac73a8861188502f048913fe3102 -lib/codeql/swift/generated/stmt/IfStmt.qll 0e4d8aaf6d2c05f34b1c2b048024d1708b64e8fa8e638b89e48a0bee7a143d92 bcc6a0dc5f49e631d7983bb438981a63f48231f8226fd66f2e4818c5462ec494 -lib/codeql/swift/generated/stmt/LabeledConditionalStmt.qll 1c492adc4a997c029b587c06fc312ddd799e2bc589fa617b985fd3a716d7d120 8792991987453ff8f96df92d4e137fdbb8f3ca446cacb63b6f0bb035094e20de +lib/codeql/swift/generated/stmt/FallthroughStmt.qll 0f5caceabd3f683914cd598c60e78f0c225a06b017784182e9bf1525ebf4eff8 fe328559e580ebcd38aac3b6402f1a40cd1c922e92b52456b18e79e6e241d7b4 +lib/codeql/swift/generated/stmt/ForEachStmt.qll 105f4905d2c9b832b01dabfc87a90294886ed867be119c83b1af779b61cca8c3 8aeae81570d9444f16e0335ac2d1b8645dc37e2b6b30ccdfeeda77b0d3c8af14 +lib/codeql/swift/generated/stmt/GuardStmt.qll 135faa385310d9398db6630c799ee57da6e5546e8ae09190b0aab8397c330c57 eb98434209466449d82dd75049850aa3d550f2c0d2b6e0a70f2ee8d2dae4d830 +lib/codeql/swift/generated/stmt/IfStmt.qll a01212a13060f36b0c5ff29a18aa64a450662b284d37d8cff10ce648507684b2 05e9617901b871d59fa9f08f3397aac7ebe7026ae482e316e591c2622ba64a2f +lib/codeql/swift/generated/stmt/LabeledConditionalStmt.qll 2865e39a960ec4f610cccc6cb93ecf2b3ef457fb4c3acb961ffcf84ed9c1f33e cb8b7f16520ead1299d898ccd22efb89a74e9b3d658fdb613af0797b60d80bb7 lib/codeql/swift/generated/stmt/LabeledStmt.qll 734f0bb5b40d72c3c949a08af15c01b3ae3a3e315f3196f75da27e03a2635d63 f1fbea28c7eef71135e60e144714b1027d71f07ccfabbb65d6a98aa89523720e -lib/codeql/swift/generated/stmt/PoundAssertStmt.qll 72b60c1425b8b0be7542a4384c57d01d5299df53374bd69687958a7e01f5d6ad ed12106bc03ea1bb87d7c85fd8af7fddbac132258ac1c309e66120948e50fa46 -lib/codeql/swift/generated/stmt/RepeatWhileStmt.qll 0812bbb3290d3ab86f9f4c628beee5e7a2487bf04f2b643191de40a3cf921a7e 8d36e0121fe856c48dd60c89c9cab695eee6deeca0ed1abd116d437363ca59b2 -lib/codeql/swift/generated/stmt/ReturnStmt.qll 998454a234ac299de03567e40c46db9606d141ca67a49ebdaf7a8fa2048c5963 a739f1281771ed038e4db6ea5864a722daee53cf6747bf820a11811dc3a775b2 +lib/codeql/swift/generated/stmt/PoundAssertStmt.qll d672d599679838fb9fcc7e9e3b4641a7d514ee35d94f9eaa9d56f1e893d57863 7ca6f2571015c105887b4c045c2305a05ad86813cf5fcf28b577efcc3d483717 +lib/codeql/swift/generated/stmt/RepeatWhileStmt.qll e9a4ac23dafb18a2bc23a045eb7ed8a96193600071d46351474ae899f7e24f7d 8bdfd1e1c75b95ba156dc0c90b5fcc185b0bee84feb144c7dc1b5f159703c79a +lib/codeql/swift/generated/stmt/ReturnStmt.qll c27a59f427f39d6eaebc96c6d975480be535945572e5a88ab961c34ef166df1a 269912d84e69f97348ea2cf46ab38d08cf92b7fc6bf6255e649a64580bf171ad lib/codeql/swift/generated/stmt/Stmt.qll b2a4f3712e3575321a4bc65d31b9eb8ddcd2d20af9863f3b9240e78e4b32ccff e0fc13b3af867aa53b21f58a5be1b7d1333b3e8543a4d214a346468f783dbf40 -lib/codeql/swift/generated/stmt/StmtCondition.qll bb09bfc45e09406f952e690822435a9fef34468b7c43d768e7da3332a0e68f0e 7db513d3f8122d853876fc9eb6ff29131cc4a8109a63c6e775f1eb393fdb79ec -lib/codeql/swift/generated/stmt/SwitchStmt.qll 0161e9939c72c0b5356b237b342742d3069d3bdeb94324ee428b86d6f2a86161 557c727ee44d5869b4575b6c6016a2992e8495de02e62aca0b4662ee64f89858 -lib/codeql/swift/generated/stmt/ThrowStmt.qll 595094c0acd0edea5296d792eeb4740ccd76e14a8b2b0863bb5156419a33884a be467040909e89efb663b2337a89c42d7cb23a37ae1f010eeef14b83fcb5bc49 -lib/codeql/swift/generated/stmt/WhileStmt.qll f52eabcf852685bee2d8eb8cf742418a2b8c2d77f2e1a15f00619667dd05f31a 74d8b48f0a41340cea5d0a183924df85743cce1ff9490705903800d66ab45ed2 -lib/codeql/swift/generated/stmt/YieldStmt.qll 5c413b0ca17b4ce725f25198f9185cd8f991c0b05dd09c0c4f6a2eb1e8da5b7d e1175d882552eadf368525480945e43ec09f85cb92505fa98bb62b62b275a277 +lib/codeql/swift/generated/stmt/StmtCondition.qll 3a9b82fc0776c1693c620fd96b3dbf94052ca0a2134ea4c9c83e51a1df6accad d2f809dd6820aa05c1630cd09ca12f22f94698155661aecd5d3837e340354ff2 +lib/codeql/swift/generated/stmt/SwitchStmt.qll 2e43f3eb536bb8924311d2fe84b2b21f712875caeaa8c4b13047b782c06ae453 ff72f4a01c3d7d227a28481d5a95b0858c15619067dd159332693af05fd0f146 +lib/codeql/swift/generated/stmt/ThrowStmt.qll c6f419f7d7021061a913fd70e64e43d55efe4350f73a21921cbd0654fabfa928 b76d221ad122710050651a62efb92b318d48109ec5326971c66cf9876dde9e14 +lib/codeql/swift/generated/stmt/WhileStmt.qll 550fef68aa3e81fcc615a296fabeacacef7648fe8e0316daef8a2767654f3020 5a60c959f042ebd9142b26432ad905cc2079664568d1b0bdf22085d4a24a92b9 +lib/codeql/swift/generated/stmt/YieldStmt.qll 5b0a6e0a656f9db4095d128c3e7d6bf1265ff218045ad91bd0699097c6c3cce7 45f54dbd94af7c2ab7e53858a7c3389636726d3d5fb45b876b5daad1896d1305 lib/codeql/swift/generated/type/AnyBuiltinIntegerType.qll a263451163e027c4c4223ec288e090b7e0d399cc46eb962013342bfeac5f6b86 d850ec1ee1902945b172ddd0ecd8884e399e963f939c04bc8bfaadacebdf55a9 -lib/codeql/swift/generated/type/AnyFunctionType.qll 2d600cb27bc3c5d0f5c912b526c5b0d25364c35e5bdcfdf7d6ef78b9920197f1 4635de4c1dd484355e78adf4c939730814357e4d42e2cb34ceab1f31ad9926f8 -lib/codeql/swift/generated/type/AnyGenericType.qll 1f1036efc8622f18498315269a9be10a4f317ea95b89f7d0c00f4ddfb6a24db0 6a89e625a12aefde2720adea7bd583e958cde94a8935310e9f4d3c86b1b32bab +lib/codeql/swift/generated/type/AnyFunctionType.qll ecd701702fc4f5a2205208faad7598f3083028914e72aacdaa6311f522468352 342e2265f0593c3f388a7f293b589f332c977d7863d697901445d68f0b93a222 +lib/codeql/swift/generated/type/AnyGenericType.qll a6da9ae1024bdafa244f3f5843fe16efe06f5d8e7305c5712f6b9ff409347427 11694abc90753c3f1a27e4745919f851334e0b79eb576831403c7866014b64aa lib/codeql/swift/generated/type/AnyMetatypeType.qll 6805a6895e748e02502105d844b66fab5111dbb0d727534d305a0396dacc9465 58e0794b8d6dccd9809f5b83bf64b162e69f3f84b5f3161b88aed10f16a8ede8 -lib/codeql/swift/generated/type/ArchetypeType.qll 7ffb3764ff5a36224eada35c0acb812b479d05ef607fe5aa70f909a0e803b162 b6e252370190590d62b622d36a02485c2113fb142573e4de6b28db73c535f4a0 +lib/codeql/swift/generated/type/ArchetypeType.qll 2642f841dac57a4c2447ceb5c3a42bf9e59bdb426556307dae863bd4009950e0 e7136d1929951d7dc928d0ebab99aca84eee8bf71aad86f480c4820da26adec0 lib/codeql/swift/generated/type/ArraySliceType.qll 72d0409e2704e89ebca364ae28d55c874152f55dd1deaac6c954617f6566f3c2 72d0409e2704e89ebca364ae28d55c874152f55dd1deaac6c954617f6566f3c2 lib/codeql/swift/generated/type/BoundGenericClassType.qll c82971dcd306a4cbc6bb885ae300556717eb2d068066b7752a36480e5eb14b5f c82971dcd306a4cbc6bb885ae300556717eb2d068066b7752a36480e5eb14b5f lib/codeql/swift/generated/type/BoundGenericEnumType.qll 89fcee52adbe6c9b130eae45cf43b2a2c302e8812f8519ea885e5d41dec3ec56 89fcee52adbe6c9b130eae45cf43b2a2c302e8812f8519ea885e5d41dec3ec56 lib/codeql/swift/generated/type/BoundGenericStructType.qll ff24933889dcc9579fe9a52bd5992b6ecd7b7a7b59c4b1005734e5cd367c8ed6 ff24933889dcc9579fe9a52bd5992b6ecd7b7a7b59c4b1005734e5cd367c8ed6 -lib/codeql/swift/generated/type/BoundGenericType.qll 5ae2dc86a61329b4145293d9c4f2f2aa4e8d85c5a07b16d1c6500a8154642666 e0eacd682988e8074e036cd50b2ad92fc974bb01aac9155d9d1da2f97966dee5 +lib/codeql/swift/generated/type/BoundGenericType.qll 56e7b3679ebf4c862ff5357e5ae7015893a1c68841239e1afa27904e6f585edd 78ff80f3c3f0fb79c6bd644b1504bd17a607a898853a93fa079d2ae6145914a4 lib/codeql/swift/generated/type/BuiltinBridgeObjectType.qll 848291382ac6bd7cf5dd6707418d4881ec9750ca8e345f7eff9e358715c11264 848291382ac6bd7cf5dd6707418d4881ec9750ca8e345f7eff9e358715c11264 lib/codeql/swift/generated/type/BuiltinDefaultActorStorageType.qll 54e981860527a18660c9c76da60b14fa6dd3dae0441490ed7eb47d36f1190d8b 54e981860527a18660c9c76da60b14fa6dd3dae0441490ed7eb47d36f1190d8b lib/codeql/swift/generated/type/BuiltinExecutorType.qll 149642b70b123bcffb0a235ca0fca21a667939fe17cdae62fee09a54dca3e6be 149642b70b123bcffb0a235ca0fca21a667939fe17cdae62fee09a54dca3e6be @@ -616,40 +616,40 @@ lib/codeql/swift/generated/type/BuiltinType.qll 0f90f2fd18b67edf20712ff51484afd5 lib/codeql/swift/generated/type/BuiltinUnsafeValueBufferType.qll d569e7c255de5e87bb0eb68ae5e7fea011121e01b2868007485af91da7417cd6 d569e7c255de5e87bb0eb68ae5e7fea011121e01b2868007485af91da7417cd6 lib/codeql/swift/generated/type/BuiltinVectorType.qll f51ce577abec2a1de3ae77a5cd9719aa4a1a6f3f5ec492c7444e410fb1de802a f51ce577abec2a1de3ae77a5cd9719aa4a1a6f3f5ec492c7444e410fb1de802a lib/codeql/swift/generated/type/ClassType.qll b52f0383d3dcbf7cf56d0b143cbb63783cb5fa319bcbfc4754e362d935e0fb53 b52f0383d3dcbf7cf56d0b143cbb63783cb5fa319bcbfc4754e362d935e0fb53 -lib/codeql/swift/generated/type/DependentMemberType.qll 8c431d869db76224a7ad9e23a4c1ce472929d12d1efb3bd2dacab5fc067540c1 7df0ee16d1f1ffe0a146b20d58ed62d4275a75e238b5c19f9d3d213552485a99 -lib/codeql/swift/generated/type/DictionaryType.qll 238c55ea5833fe5b13770cd8dc622f530b6c3e464168a3d8c456becb2f6db094 d16f05962d94085a8adbeb6a0b6287009c99bd9b4042b22e4d0488bb0b6c5d3d -lib/codeql/swift/generated/type/DynamicSelfType.qll ced4642aeb0f9f2a18284aa342a9d69b7b430db4ad307d55c6bbc864bbc3a029 db6569add6655e066ccef10a9df6394f91aec04924c907c156664aabe8188f8f +lib/codeql/swift/generated/type/DependentMemberType.qll 0596086099ef55db0647b436e4d4ad6482496e8d491b6497e31b6f4ecdafe5d0 2de600fd4ac4739afdf4cd84822da467d195c7cc6d7099fe7ac446eae147979d +lib/codeql/swift/generated/type/DictionaryType.qll 1a30cd9815e9162cbf07d193a35d834837f8b8aa8ab936ea8c4400ea66181937 d4100b99422db8b81632cd86144c316ed8504616df742223cb6cde1211704d14 +lib/codeql/swift/generated/type/DynamicSelfType.qll 331e731ce6ebf8e4b152efcbfbebe35d506c03633dab75483ae660f967259c58 4066ab0cd3c768fe25aba0d2ddaa4e394070f97dbe77b375c6fd39447eef8fd9 lib/codeql/swift/generated/type/EnumType.qll dcf653c7ee2e76882d9f415fbbc208905b8d8ed68cc32e36c0439a9205e65b35 dcf653c7ee2e76882d9f415fbbc208905b8d8ed68cc32e36c0439a9205e65b35 lib/codeql/swift/generated/type/ErrorType.qll cbc17f4d9977268b2ff0f8a517ca898978af869d97310b6c88519ff8d07efff3 cbc17f4d9977268b2ff0f8a517ca898978af869d97310b6c88519ff8d07efff3 lib/codeql/swift/generated/type/ExistentialMetatypeType.qll 3a7fd0829381fe4d3768d4c6b0b1257f8386be6c59a73458f68387f66ea23e05 3a7fd0829381fe4d3768d4c6b0b1257f8386be6c59a73458f68387f66ea23e05 -lib/codeql/swift/generated/type/ExistentialType.qll c8ef7c7a14629a437865d80a38c2286421d801c4b22cd7d5ca8459cf17611035 ac0cfd3de4da401f7077b6e6b5ab40dd8715cbe442078d7a1d071ae21ab992cf +lib/codeql/swift/generated/type/ExistentialType.qll 1a5ba5e970d7ca5d83fe11839fcf0b4e7b62b2ccd993430d9ac269d811ff8c66 70bfbbe99df209bf1a2d1d7c02b322fbd1f5372d6f7bfd41983f6564a159e5c6 lib/codeql/swift/generated/type/FunctionType.qll 36e1de86e127d2fb1b0a3a7abce68422bdf55a3ab207e2df03ea0a861ab5ccb4 36e1de86e127d2fb1b0a3a7abce68422bdf55a3ab207e2df03ea0a861ab5ccb4 -lib/codeql/swift/generated/type/GenericFunctionType.qll ed1fe0390a798daf1032fc3b8777120b81f899aeac50d8b7cdbbb7a1b604e0a6 ec43604910433f24f6dbd2e00d183c24d75eab1d2e6b280991410a403eea05b7 +lib/codeql/swift/generated/type/GenericFunctionType.qll 2a7f0f1d14bb81d2383ebf78cdaa2c3623bb030705697d3b9bae2bf919ca679c a63ce85b97ce47c5dda3ab34541f5e8e7402b345e75059af9afcfd1dd639ace6 lib/codeql/swift/generated/type/GenericTypeParamType.qll f515debe8b21f3ea6551e4f8513cda14c3a5ed0cebd4cbfd3b533ff6f0e8b0bf f515debe8b21f3ea6551e4f8513cda14c3a5ed0cebd4cbfd3b533ff6f0e8b0bf -lib/codeql/swift/generated/type/InOutType.qll 8573d9daaaea7db4ef5faa82a92556226ef533a0c96dac6edf620ab2d6984007 81804eb58118c43251f0b3e19502e58a92f1ef46960178d47b764688659b36d1 -lib/codeql/swift/generated/type/LValueType.qll 05fa3d818ecaf3451751de5cf8af5b059b161d554bc2e2d05ca1922acfbb6290 e0836743c36c8db9eb3dd513ca41247284ce0bf1cbd9fb0d974e9ca32de8c0c3 +lib/codeql/swift/generated/type/InOutType.qll 93906f54e2e109a8e83bf10665a9cfb518b96c6f8d8ea50e8d994a2802082e61 1cdf37ee0a2785e1a3298022f0d9aa8e9bce38e8d7268d631bb6544bdf07e636 +lib/codeql/swift/generated/type/LValueType.qll ed2c9347139582c311b6ae58a26fd4462cdcd4ec1f1d0ea3c9967d0bec54683c d027432cc73850731f33b1aaf7e2aa57d97ed7e3171de3dc53902e6ed7e38b46 lib/codeql/swift/generated/type/MetatypeType.qll cd752f81257820f74c1f5c016e19bdc9b0f8ff8ddcc231daa68061a85c4b38e2 cd752f81257820f74c1f5c016e19bdc9b0f8ff8ddcc231daa68061a85c4b38e2 -lib/codeql/swift/generated/type/ModuleType.qll be1174e3338243da3dd88d6795a6c1ed26634e86a6b11c26d9ce2f1b18f010f5 691a1449e2b0c3a4130e867f003f996b8c089718c69d14cf08d843fb8a2b0dfd +lib/codeql/swift/generated/type/ModuleType.qll 46178692ceeda03ded0af1ab96af9e3ef4ba426e7345a0e2abfc6b35eebd9fc1 135549ca669d27c737159cc8327963879c11e32177a3b72d2076decb0927c475 lib/codeql/swift/generated/type/NominalOrBoundGenericNominalType.qll 27d87dc4792b7f46fa1b708aadecef742ab2a78b23d4eb28ce392da49766122f 380b827d026202cbfcd825e975ebbdf8f53784a0426ce5454cb1b43cc42dfe16 lib/codeql/swift/generated/type/NominalType.qll f7e85d544eaaa259c727b8b4ba691578861d15612a134d19936a20943270b629 87472017a129921d2af9d380f69c293f4deba788e7660b0fe085a455e76562e8 -lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll 333a669f84d5ac7ff276ecb931badae1291336aff6516cbd15adbe5843128696 4151581915e3b4baae926c1c9e70df28db2f8374383c5c9c550cd6b24ec1cf62 +lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll 2126dd1e66b3b8fb4a2ac1808674f1c502cabe7cce11ecde407e78bbb1a1546e e78d3b63cc551a0dd284969c8ba6294466b1ddbcd17a0fdb745237a3793313ac lib/codeql/swift/generated/type/OpenedArchetypeType.qll ed97d3fb8810424643953a0d5ebd93e58d1b2e397ea01ccde0dcd8e68c41adb2 ed97d3fb8810424643953a0d5ebd93e58d1b2e397ea01ccde0dcd8e68c41adb2 lib/codeql/swift/generated/type/OptionalType.qll d99dd5ec5636cc6c3e0e52bf27d0d8bf8dfcff25739cd7e1b845f5d96b1a5ac9 d99dd5ec5636cc6c3e0e52bf27d0d8bf8dfcff25739cd7e1b845f5d96b1a5ac9 -lib/codeql/swift/generated/type/ParameterizedProtocolType.qll a2f76537bc90031afa3a05dfc7604f0ed95df0f30528fbbff958f401329bed02 04db40554b3017dce767bb66baacff0b94207d042074e9a3169a459c54ee949d -lib/codeql/swift/generated/type/ParenType.qll feb5db83beefda6bcc73c9189f55da245fff9865dd57bf2024ed84c53ebdeaf2 0fe92c0e93dc154f8b29c065d72bd4f3b816ecf72b7f2b2967a30ea5b911955a +lib/codeql/swift/generated/type/ParameterizedProtocolType.qll 5ec7f5d9412f071099a75e920dce686e3a3b3697d94f2b03d4456858060d31d1 9d8f3ae67ebe290102f6c3fc4bda14d66865b13a782fe9e80e3e2464da14f18e +lib/codeql/swift/generated/type/ParenType.qll 014c95c3b051e1b7717416602a77ca34d686ae3b58fc588070bf6c3ea3a46641 43b7d33bfa383d8ba0693fb9af69101161b7d7a94e5dd1f8ed5293803ee21d98 lib/codeql/swift/generated/type/PrimaryArchetypeType.qll 87279ab9a04415fcbcf825af0145b4fc7f118fc8ce57727b840cb18f7d203b59 87279ab9a04415fcbcf825af0145b4fc7f118fc8ce57727b840cb18f7d203b59 -lib/codeql/swift/generated/type/ProtocolCompositionType.qll 3c998689c48168854c242bfa4970eda63077887bfbbdc34445d26a8d034673e6 a23cd63570903fbc08eff90773fd00d6d979dc001038f118bb288c8b08d42d74 +lib/codeql/swift/generated/type/ProtocolCompositionType.qll 32426cb2d51c5cf63035afc499bccd1a18ac8a8bac254b4596c97d4006203cd0 5233766c0b00bcc8d64e1dd2d7cab87a26fb8c5e16d4310275ad67ff3b70f287 lib/codeql/swift/generated/type/ProtocolType.qll 07eb08216ca978c9565a7907ab3a932aa915041b6e7520bc421450b32070dbcf 07eb08216ca978c9565a7907ab3a932aa915041b6e7520bc421450b32070dbcf -lib/codeql/swift/generated/type/ReferenceStorageType.qll a2b02a158baaf30dce3e0884e18198f462bd3514d682405c436230c693b5b63c 9e76bc2338ce088237ab2dd784094133dc43a8e6c0f48eced9ae4b042e72666f +lib/codeql/swift/generated/type/ReferenceStorageType.qll 9924cd5694afe7c77692322edbd74d5b9c5635ecfc61b2a90f243b6616090cae ab17d08561524f74ac5f69696811012322c1b2595f60ae72357bba8102b78b89 lib/codeql/swift/generated/type/StructType.qll 5681060ec1cb83be082c4d5d521cdfc1c48a4095b56415efc03de7f960d1fa04 5681060ec1cb83be082c4d5d521cdfc1c48a4095b56415efc03de7f960d1fa04 lib/codeql/swift/generated/type/SubstitutableType.qll 9e74ec2d281cd3dedbc5791d66a820a56e0387260f7b2d30a5875dc3f5883389 619f0e4d509bdd9e8cfc061e5627762e9cbae8779bec998564556894a475f9d8 lib/codeql/swift/generated/type/SugarType.qll 4ea82201ae20e769c0c3e6e158bae86493e1b16bbd3ef6495e2a3760baa1fc6b 6c78df86db6f9c70398484819a9b9ecc8ee337b0a4ac2d84e17294951a6fd788 lib/codeql/swift/generated/type/SyntaxSugarType.qll 253e036452e0ba8ae3bb60d6ed22f4efb8436f4ef19f158f1114a6f9a14df42c 743fe4dede40ca173b19d5757d14e0f606fe36f51119445503e8eea7cf6df3b0 -lib/codeql/swift/generated/type/TupleType.qll 2fe4b458d59ff834342d07f05340ca549b5da1a167979efbc38a16027efec1de a138e943a431cebf259391dbe5ea196c1f9fcc9ace8f498ad84adfc442526890 -lib/codeql/swift/generated/type/Type.qll 5f87d805a35cffdd48e5b5357d52aeb664962f6e011ee1c22c598cfa8073a6b4 2f33629856f0a8771ed8400031041fbc12d47db26d43e9929720069671b0d024 -lib/codeql/swift/generated/type/TypeAliasType.qll 30053601cbbd7dff041770b947af9c45309d081ff9afc1dec8e0eeb099e190c0 a15258e88ec9ab06b58626f53cfa0ce2a75207b8c27c830f08a738c56e5b7d71 -lib/codeql/swift/generated/type/TypeRepr.qll 517eee0844c01aea497a0c9933cbd8930a915456cd7084b9e09aefd5a109942a 60b98da8fd689ce38aed88b88d98a536cc662b09420f130fa93d1b76cb4717ea -lib/codeql/swift/generated/type/UnarySyntaxSugarType.qll a31bf4cd364a3015ab21d47447a6f111633284e64eeaa6d6a51c38e15cc569ae 0bfcfb6397c608c908c6df34bfd32f678f95dbe16bc9dab266bbac924dbde9e1 +lib/codeql/swift/generated/type/TupleType.qll af224031c3bea6dfca6138903cca940a4f00ba6494ad7b591b9f017d69ee9a6c f59ad1bb4994196ec49836ae169e550a70dbb25a359ff889ed6456882fe2d9a0 +lib/codeql/swift/generated/type/Type.qll c08acc943c9b52662a465d77fcd39d12f869c42b24a3755225b3bddbb1cf72f5 6d82c5bddded75fd5598bb559ecfa07360ad802d5e9541af2c334dc9d0159335 +lib/codeql/swift/generated/type/TypeAliasType.qll 1c7b7d66f277907d04462712ff5271b84987656351da8e486d718b8d138ef545 2dc20e1fd98bee6a8e5b35cf7a048716b2b6d2e5ba6610ecc4f7f667da930885 +lib/codeql/swift/generated/type/TypeRepr.qll bb78cc2265734d8ecbd32ca85e38c853e9f35569aaf4dc8353d20471b3559c3d c2abc1d161590cbdc4cac7e147e114f8a28ba5f6405dba7ead51abe85991505d +lib/codeql/swift/generated/type/UnarySyntaxSugarType.qll 6f3822691d04531cc1dd6a78fb184f3e18d42ee324123dc4338fdd368fbd0bd6 d489aac77955de0d71fd5c271fddccd40050db4ef8ce8d817320ca9554057c3a lib/codeql/swift/generated/type/UnboundGenericType.qll 43549cbdaaa05c3c6e3d6757aca7c549b67f3c1f7d7f0a987121de0c80567a78 43549cbdaaa05c3c6e3d6757aca7c549b67f3c1f7d7f0a987121de0c80567a78 lib/codeql/swift/generated/type/UnmanagedStorageType.qll 198727a7c9557a0a92c6d833768086f0a0a18c546b4bfd486d7ff7ad5677a6aa 198727a7c9557a0a92c6d833768086f0a0a18c546b4bfd486d7ff7ad5677a6aa lib/codeql/swift/generated/type/UnownedStorageType.qll 062fd6e902ecbde78a7b8a6d80029731ffb7b4ca741fdc1573c19dd373b6df8e 062fd6e902ecbde78a7b8a6d80029731ffb7b4ca741fdc1573c19dd373b6df8e diff --git a/swift/ql/lib/codeql/swift/generated/AvailabilityInfo.qll b/swift/ql/lib/codeql/swift/generated/AvailabilityInfo.qll index 81272633cf3..c0c7ec1ad00 100644 --- a/swift/ql/lib/codeql/swift/generated/AvailabilityInfo.qll +++ b/swift/ql/lib/codeql/swift/generated/AvailabilityInfo.qll @@ -46,7 +46,12 @@ module Generated { /** * Gets the `index`th spec of this availability info (0-based). */ - final AvailabilitySpec getSpec(int index) { result = this.getImmediateSpec(index).resolve() } + final AvailabilitySpec getSpec(int index) { + exists(AvailabilitySpec immediate | + immediate = this.getImmediateSpec(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the specs of this availability info. diff --git a/swift/ql/lib/codeql/swift/generated/Callable.qll b/swift/ql/lib/codeql/swift/generated/Callable.qll index a4630527102..db03af1dbd0 100644 --- a/swift/ql/lib/codeql/swift/generated/Callable.qll +++ b/swift/ql/lib/codeql/swift/generated/Callable.qll @@ -34,7 +34,12 @@ module Generated { /** * Gets the self parameter of this callable, if it exists. */ - final ParamDecl getSelfParam() { result = this.getImmediateSelfParam().resolve() } + final ParamDecl getSelfParam() { + exists(ParamDecl immediate | + immediate = this.getImmediateSelfParam() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getSelfParam()` exists. @@ -57,7 +62,12 @@ module Generated { /** * Gets the `index`th parameter of this callable (0-based). */ - final ParamDecl getParam(int index) { result = this.getImmediateParam(index).resolve() } + final ParamDecl getParam(int index) { + exists(ParamDecl immediate | + immediate = this.getImmediateParam(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the parameters of this callable. @@ -85,7 +95,12 @@ module Generated { * * The body is absent within protocol declarations. */ - final BraceStmt getBody() { result = this.getImmediateBody().resolve() } + final BraceStmt getBody() { + exists(BraceStmt immediate | + immediate = this.getImmediateBody() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getBody()` exists. @@ -108,7 +123,12 @@ module Generated { /** * Gets the `index`th capture of this callable (0-based). */ - final CapturedDecl getCapture(int index) { result = this.getImmediateCapture(index).resolve() } + final CapturedDecl getCapture(int index) { + exists(CapturedDecl immediate | + immediate = this.getImmediateCapture(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the captures of this callable. diff --git a/swift/ql/lib/codeql/swift/generated/KeyPathComponent.qll b/swift/ql/lib/codeql/swift/generated/KeyPathComponent.qll index 2f900dd5b0d..a6b48cc2e0c 100644 --- a/swift/ql/lib/codeql/swift/generated/KeyPathComponent.qll +++ b/swift/ql/lib/codeql/swift/generated/KeyPathComponent.qll @@ -47,7 +47,10 @@ module Generated { * Gets the `index`th argument to an array or dictionary subscript expression (0-based). */ final Argument getSubscriptArgument(int index) { - result = this.getImmediateSubscriptArgument(index).resolve() + exists(Argument immediate | + immediate = this.getImmediateSubscriptArgument(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** @@ -90,7 +93,12 @@ module Generated { /** * Gets the property or subscript operator, if it exists. */ - final ValueDecl getDeclRef() { result = this.getImmediateDeclRef().resolve() } + final ValueDecl getDeclRef() { + exists(ValueDecl immediate | + immediate = this.getImmediateDeclRef() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getDeclRef()` exists. @@ -117,6 +125,11 @@ module Generated { * path; an optional-wrapping component is inserted if required to produce an optional type * as the final output. */ - final Type getComponentType() { result = this.getImmediateComponentType().resolve() } + final Type getComponentType() { + exists(Type immediate | + immediate = this.getImmediateComponentType() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/Locatable.qll b/swift/ql/lib/codeql/swift/generated/Locatable.qll index 71844b62f32..bb8b832a6af 100644 --- a/swift/ql/lib/codeql/swift/generated/Locatable.qll +++ b/swift/ql/lib/codeql/swift/generated/Locatable.qll @@ -22,7 +22,12 @@ module Generated { /** * Gets the location associated with this element in the code, if it exists. */ - final Location getLocation() { result = this.getImmediateLocation().resolve() } + final Location getLocation() { + exists(Location immediate | + immediate = this.getImmediateLocation() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getLocation()` exists. diff --git a/swift/ql/lib/codeql/swift/generated/Location.qll b/swift/ql/lib/codeql/swift/generated/Location.qll index 795342f0dbd..9cdbd95fe8d 100644 --- a/swift/ql/lib/codeql/swift/generated/Location.qll +++ b/swift/ql/lib/codeql/swift/generated/Location.qll @@ -20,7 +20,12 @@ module Generated { /** * Gets the file of this location. */ - final File getFile() { result = this.getImmediateFile().resolve() } + final File getFile() { + exists(File immediate | + immediate = this.getImmediateFile() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the start line of this location. diff --git a/swift/ql/lib/codeql/swift/generated/ParentChild.qll b/swift/ql/lib/codeql/swift/generated/ParentChild.qll index 270a7398843..09c48606353 100644 --- a/swift/ql/lib/codeql/swift/generated/ParentChild.qll +++ b/swift/ql/lib/codeql/swift/generated/ParentChild.qll @@ -5317,7 +5317,7 @@ Element getImmediateParent(Element e) { Element getImmediateChildAndAccessor(Element e, int index, string accessor) { exists(string partialAccessor | result = Impl::getImmediateChild(e, index, partialAccessor) and - accessor = "getImmediate" + partialAccessor + accessor = "get" + partialAccessor ) } diff --git a/swift/ql/lib/codeql/swift/generated/UnspecifiedElement.qll b/swift/ql/lib/codeql/swift/generated/UnspecifiedElement.qll index 5a073db5f6f..f2f78d9cafc 100644 --- a/swift/ql/lib/codeql/swift/generated/UnspecifiedElement.qll +++ b/swift/ql/lib/codeql/swift/generated/UnspecifiedElement.qll @@ -24,7 +24,12 @@ module Generated { /** * Gets the parent of this unspecified element, if it exists. */ - final Element getParent() { result = this.getImmediateParent().resolve() } + final Element getParent() { + exists(Element immediate | + immediate = this.getImmediateParent() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getParent()` exists. diff --git a/swift/ql/lib/codeql/swift/generated/decl/AbstractStorageDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/AbstractStorageDecl.qll index 6414b9c0e13..0ecb0836313 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/AbstractStorageDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/AbstractStorageDecl.qll @@ -22,7 +22,12 @@ module Generated { /** * Gets the `index`th accessor of this abstract storage declaration (0-based). */ - final Accessor getAccessor(int index) { result = this.getImmediateAccessor(index).resolve() } + final Accessor getAccessor(int index) { + exists(Accessor immediate | + immediate = this.getImmediateAccessor(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the accessors of this abstract storage declaration. diff --git a/swift/ql/lib/codeql/swift/generated/decl/CapturedDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/CapturedDecl.qll index 30c61e82e95..9749202fec3 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/CapturedDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/CapturedDecl.qll @@ -24,7 +24,12 @@ module Generated { /** * Gets the the declaration captured by the parent closure. */ - final ValueDecl getDecl() { result = this.getImmediateDecl().resolve() } + final ValueDecl getDecl() { + exists(ValueDecl immediate | + immediate = this.getImmediateDecl() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if this captured declaration is direct. diff --git a/swift/ql/lib/codeql/swift/generated/decl/Decl.qll b/swift/ql/lib/codeql/swift/generated/decl/Decl.qll index 673de2cffee..33cb4ec46ca 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/Decl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/Decl.qll @@ -20,7 +20,12 @@ module Generated { /** * Gets the module of this declaration. */ - final ModuleDecl getModule() { result = this.getImmediateModule().resolve() } + final ModuleDecl getModule() { + exists(ModuleDecl immediate | + immediate = this.getImmediateModule() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the `index`th member of this declaration (0-based). @@ -35,7 +40,12 @@ module Generated { /** * Gets the `index`th member of this declaration (0-based). */ - final Decl getMember(int index) { result = this.getImmediateMember(index).resolve() } + final Decl getMember(int index) { + exists(Decl immediate | + immediate = this.getImmediateMember(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the members of this declaration. diff --git a/swift/ql/lib/codeql/swift/generated/decl/EnumCaseDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/EnumCaseDecl.qll index 8c9a925d66b..59834181269 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/EnumCaseDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/EnumCaseDecl.qll @@ -25,7 +25,10 @@ module Generated { * Gets the `index`th element of this enum case declaration (0-based). */ final EnumElementDecl getElement(int index) { - result = this.getImmediateElement(index).resolve() + exists(EnumElementDecl immediate | + immediate = this.getImmediateElement(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** diff --git a/swift/ql/lib/codeql/swift/generated/decl/EnumElementDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/EnumElementDecl.qll index 0ce7784ab4f..148124d0f8f 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/EnumElementDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/EnumElementDecl.qll @@ -31,7 +31,12 @@ module Generated { /** * Gets the `index`th parameter of this enum element declaration (0-based). */ - final ParamDecl getParam(int index) { result = this.getImmediateParam(index).resolve() } + final ParamDecl getParam(int index) { + exists(ParamDecl immediate | + immediate = this.getImmediateParam(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the parameters of this enum element declaration. diff --git a/swift/ql/lib/codeql/swift/generated/decl/ExtensionDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ExtensionDecl.qll index 3a22aa27440..2863c3aca52 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ExtensionDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ExtensionDecl.qll @@ -27,7 +27,10 @@ module Generated { * Gets the extended type declaration of this extension declaration. */ final NominalTypeDecl getExtendedTypeDecl() { - result = this.getImmediateExtendedTypeDecl().resolve() + exists(NominalTypeDecl immediate | + immediate = this.getImmediateExtendedTypeDecl() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** @@ -47,7 +50,10 @@ module Generated { * Gets the `index`th protocol of this extension declaration (0-based). */ final ProtocolDecl getProtocol(int index) { - result = this.getImmediateProtocol(index).resolve() + exists(ProtocolDecl immediate | + immediate = this.getImmediateProtocol(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** diff --git a/swift/ql/lib/codeql/swift/generated/decl/GenericContext.qll b/swift/ql/lib/codeql/swift/generated/decl/GenericContext.qll index bf5b32e554e..4855a60fa10 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/GenericContext.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/GenericContext.qll @@ -23,7 +23,10 @@ module Generated { * Gets the `index`th generic type parameter of this generic context (0-based). */ final GenericTypeParamDecl getGenericTypeParam(int index) { - result = this.getImmediateGenericTypeParam(index).resolve() + exists(GenericTypeParamDecl immediate | + immediate = this.getImmediateGenericTypeParam(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** diff --git a/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll index a81b9a82b21..23c42ea9c6c 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll @@ -25,7 +25,10 @@ module Generated { * Gets the `index`th active element of this if config declaration (0-based). */ final AstNode getActiveElement(int index) { - result = this.getImmediateActiveElement(index).resolve() + exists(AstNode immediate | + immediate = this.getImmediateActiveElement(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** diff --git a/swift/ql/lib/codeql/swift/generated/decl/ImportDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ImportDecl.qll index 8e5e0354797..df928494a73 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ImportDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ImportDecl.qll @@ -30,7 +30,12 @@ module Generated { /** * Gets the imported module of this import declaration, if it exists. */ - final ModuleDecl getImportedModule() { result = this.getImmediateImportedModule().resolve() } + final ModuleDecl getImportedModule() { + exists(ModuleDecl immediate | + immediate = this.getImmediateImportedModule() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getImportedModule()` exists. @@ -54,7 +59,10 @@ module Generated { * Gets the `index`th declaration of this import declaration (0-based). */ final ValueDecl getDeclaration(int index) { - result = this.getImmediateDeclaration(index).resolve() + exists(ValueDecl immediate | + immediate = this.getImmediateDeclaration(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** diff --git a/swift/ql/lib/codeql/swift/generated/decl/InfixOperatorDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/InfixOperatorDecl.qll index 643ab3e3002..e9749c13355 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/InfixOperatorDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/InfixOperatorDecl.qll @@ -25,7 +25,10 @@ module Generated { * Gets the precedence group of this infix operator declaration, if it exists. */ final PrecedenceGroupDecl getPrecedenceGroup() { - result = this.getImmediatePrecedenceGroup().resolve() + exists(PrecedenceGroupDecl immediate | + immediate = this.getImmediatePrecedenceGroup() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** diff --git a/swift/ql/lib/codeql/swift/generated/decl/ModuleDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ModuleDecl.qll index d01a14cb3e1..3fc71350932 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ModuleDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ModuleDecl.qll @@ -40,7 +40,10 @@ module Generated { *Gets any of the imported modules of this module declaration. */ final ModuleDecl getAnImportedModule() { - result = this.getAnImmediateImportedModule().resolve() + exists(ModuleDecl immediate | + immediate = this.getAnImmediateImportedModule() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** @@ -67,7 +70,10 @@ module Generated { *Gets any of the exported modules of this module declaration. */ final ModuleDecl getAnExportedModule() { - result = this.getAnImmediateExportedModule().resolve() + exists(ModuleDecl immediate | + immediate = this.getAnImmediateExportedModule() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** diff --git a/swift/ql/lib/codeql/swift/generated/decl/NominalTypeDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/NominalTypeDecl.qll index 56a21146f8c..b007e2b1b52 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/NominalTypeDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/NominalTypeDecl.qll @@ -22,6 +22,11 @@ module Generated { /** * Gets the type of this nominal type declaration. */ - final Type getType() { result = this.getImmediateType().resolve() } + final Type getType() { + exists(Type immediate | + immediate = this.getImmediateType() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll index cccc2625b4c..33eaec9bc2e 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll @@ -37,7 +37,10 @@ module Generated { * Gets the naming declaration of this opaque type declaration. */ final ValueDecl getNamingDeclaration() { - result = this.getImmediateNamingDeclaration().resolve() + exists(ValueDecl immediate | + immediate = this.getImmediateNamingDeclaration() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** @@ -57,7 +60,10 @@ module Generated { * Gets the `index`th opaque generic parameter of this opaque type declaration (0-based). */ final GenericTypeParamType getOpaqueGenericParam(int index) { - result = this.getImmediateOpaqueGenericParam(index).resolve() + exists(GenericTypeParamType immediate | + immediate = this.getImmediateOpaqueGenericParam(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** diff --git a/swift/ql/lib/codeql/swift/generated/decl/ParamDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ParamDecl.qll index 1844337b349..99f80d18772 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ParamDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ParamDecl.qll @@ -33,7 +33,10 @@ module Generated { * variable for this variable, if any. */ final PatternBindingDecl getPropertyWrapperLocalWrappedVarBinding() { - result = this.getImmediatePropertyWrapperLocalWrappedVarBinding().resolve() + exists(PatternBindingDecl immediate | + immediate = this.getImmediatePropertyWrapperLocalWrappedVarBinding() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** @@ -63,7 +66,10 @@ module Generated { * has a property wrapper. */ final VarDecl getPropertyWrapperLocalWrappedVar() { - result = this.getImmediatePropertyWrapperLocalWrappedVar().resolve() + exists(VarDecl immediate | + immediate = this.getImmediatePropertyWrapperLocalWrappedVar() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** diff --git a/swift/ql/lib/codeql/swift/generated/decl/PatternBindingDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/PatternBindingDecl.qll index 61d9ba4ff24..00ca18b1185 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/PatternBindingDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/PatternBindingDecl.qll @@ -25,7 +25,12 @@ module Generated { /** * Gets the `index`th init of this pattern binding declaration (0-based), if it exists. */ - final Expr getInit(int index) { result = this.getImmediateInit(index).resolve() } + final Expr getInit(int index) { + exists(Expr immediate | + immediate = this.getImmediateInit(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getInit(index)` exists. @@ -53,7 +58,12 @@ module Generated { /** * Gets the `index`th pattern of this pattern binding declaration (0-based). */ - final Pattern getPattern(int index) { result = this.getImmediatePattern(index).resolve() } + final Pattern getPattern(int index) { + exists(Pattern immediate | + immediate = this.getImmediatePattern(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the patterns of this pattern binding declaration. diff --git a/swift/ql/lib/codeql/swift/generated/decl/PoundDiagnosticDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/PoundDiagnosticDecl.qll index 2fe8a6ad421..fe7cfaf701f 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/PoundDiagnosticDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/PoundDiagnosticDecl.qll @@ -36,6 +36,11 @@ module Generated { /** * Gets the message of this pound diagnostic declaration. */ - final StringLiteralExpr getMessage() { result = this.getImmediateMessage().resolve() } + final StringLiteralExpr getMessage() { + exists(StringLiteralExpr immediate | + immediate = this.getImmediateMessage() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/SubscriptDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/SubscriptDecl.qll index 090693928be..a6fe783be42 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/SubscriptDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/SubscriptDecl.qll @@ -26,7 +26,12 @@ module Generated { /** * Gets the `index`th parameter of this subscript declaration (0-based). */ - final ParamDecl getParam(int index) { result = this.getImmediateParam(index).resolve() } + final ParamDecl getParam(int index) { + exists(ParamDecl immediate | + immediate = this.getImmediateParam(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the parameters of this subscript declaration. @@ -54,6 +59,11 @@ module Generated { /** * Gets the element type of this subscript declaration. */ - final Type getElementType() { result = this.getImmediateElementType().resolve() } + final Type getElementType() { + exists(Type immediate | + immediate = this.getImmediateElementType() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/TopLevelCodeDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/TopLevelCodeDecl.qll index 055c9c76f31..d53c5ec5e3f 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/TopLevelCodeDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/TopLevelCodeDecl.qll @@ -24,6 +24,11 @@ module Generated { /** * Gets the body of this top level code declaration. */ - final BraceStmt getBody() { result = this.getImmediateBody().resolve() } + final BraceStmt getBody() { + exists(BraceStmt immediate | + immediate = this.getImmediateBody() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/TypeAliasDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/TypeAliasDecl.qll index 6f5bd013803..d0e7fa1164d 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/TypeAliasDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/TypeAliasDecl.qll @@ -35,6 +35,11 @@ module Generated { * typealias MyInt = Int * ``` */ - final Type getAliasedType() { result = this.getImmediateAliasedType().resolve() } + final Type getAliasedType() { + exists(Type immediate | + immediate = this.getImmediateAliasedType() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/TypeDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/TypeDecl.qll index 3a16effd78f..7a70183bac1 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/TypeDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/TypeDecl.qll @@ -27,7 +27,12 @@ module Generated { /** * Gets the `index`th base type of this type declaration (0-based). */ - final Type getBaseType(int index) { result = this.getImmediateBaseType(index).resolve() } + final Type getBaseType(int index) { + exists(Type immediate | + immediate = this.getImmediateBaseType(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the base types of this type declaration. diff --git a/swift/ql/lib/codeql/swift/generated/decl/ValueDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ValueDecl.qll index 8d1678a7a72..237d668eade 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ValueDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ValueDecl.qll @@ -22,6 +22,11 @@ module Generated { /** * Gets the interface type of this value declaration. */ - final Type getInterfaceType() { result = this.getImmediateInterfaceType().resolve() } + final Type getInterfaceType() { + exists(Type immediate | + immediate = this.getImmediateInterfaceType() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/VarDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/VarDecl.qll index f0d6cc143c7..86f91c9d128 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/VarDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/VarDecl.qll @@ -45,7 +45,12 @@ module Generated { /** * Gets the type of this variable declaration. */ - final Type getType() { result = this.getImmediateType().resolve() } + final Type getType() { + exists(Type immediate | + immediate = this.getImmediateType() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the attached property wrapper type of this variable declaration, if it exists. @@ -64,7 +69,10 @@ module Generated { * Gets the attached property wrapper type of this variable declaration, if it exists. */ final Type getAttachedPropertyWrapperType() { - result = this.getImmediateAttachedPropertyWrapperType().resolve() + exists(Type immediate | + immediate = this.getImmediateAttachedPropertyWrapperType() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** @@ -90,7 +98,12 @@ module Generated { /** * Gets the parent pattern of this variable declaration, if it exists. */ - final Pattern getParentPattern() { result = this.getImmediateParentPattern().resolve() } + final Pattern getParentPattern() { + exists(Pattern immediate | + immediate = this.getImmediateParentPattern() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getParentPattern()` exists. @@ -113,7 +126,12 @@ module Generated { /** * Gets the parent initializer of this variable declaration, if it exists. */ - final Expr getParentInitializer() { result = this.getImmediateParentInitializer().resolve() } + final Expr getParentInitializer() { + exists(Expr immediate | + immediate = this.getImmediateParentInitializer() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getParentInitializer()` exists. @@ -140,7 +158,10 @@ module Generated { * variable, if any. See `getPropertyWrapperBackingVar`. */ final PatternBindingDecl getPropertyWrapperBackingVarBinding() { - result = this.getImmediatePropertyWrapperBackingVarBinding().resolve() + exists(PatternBindingDecl immediate | + immediate = this.getImmediatePropertyWrapperBackingVarBinding() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** @@ -183,7 +204,10 @@ module Generated { * This predicate returns such variable declaration. */ final VarDecl getPropertyWrapperBackingVar() { - result = this.getImmediatePropertyWrapperBackingVar().resolve() + exists(VarDecl immediate | + immediate = this.getImmediatePropertyWrapperBackingVar() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** @@ -211,7 +235,10 @@ module Generated { * variable, if any. See `getPropertyWrapperProjectionVar`. */ final PatternBindingDecl getPropertyWrapperProjectionVarBinding() { - result = this.getImmediatePropertyWrapperProjectionVarBinding().resolve() + exists(PatternBindingDecl immediate | + immediate = this.getImmediatePropertyWrapperProjectionVarBinding() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** @@ -260,7 +287,10 @@ module Generated { * This predicate returns such variable declaration. */ final VarDecl getPropertyWrapperProjectionVar() { - result = this.getImmediatePropertyWrapperProjectionVar().resolve() + exists(VarDecl immediate | + immediate = this.getImmediatePropertyWrapperProjectionVar() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** diff --git a/swift/ql/lib/codeql/swift/generated/expr/AnyTryExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/AnyTryExpr.qll index 663ee79c515..29895af873e 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/AnyTryExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/AnyTryExpr.qll @@ -19,6 +19,11 @@ module Generated { /** * Gets the sub expression of this any try expression. */ - final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } + final Expr getSubExpr() { + exists(Expr immediate | + immediate = this.getImmediateSubExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/AppliedPropertyWrapperExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/AppliedPropertyWrapperExpr.qll index e57788e5f52..3ee26f38f89 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/AppliedPropertyWrapperExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/AppliedPropertyWrapperExpr.qll @@ -41,7 +41,12 @@ module Generated { * * The value on which the wrapper is applied. */ - final Expr getValue() { result = this.getImmediateValue().resolve() } + final Expr getValue() { + exists(Expr immediate | + immediate = this.getImmediateValue() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the parameter declaration owning this wrapper application. @@ -59,6 +64,11 @@ module Generated { /** * Gets the parameter declaration owning this wrapper application. */ - final ParamDecl getParam() { result = this.getImmediateParam().resolve() } + final ParamDecl getParam() { + exists(ParamDecl immediate | + immediate = this.getImmediateParam() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ApplyExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ApplyExpr.qll index 08b2e204550..6529ca4882a 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ApplyExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ApplyExpr.qll @@ -20,7 +20,12 @@ module Generated { /** * Gets the function being applied. */ - final Expr getFunction() { result = this.getImmediateFunction().resolve() } + final Expr getFunction() { + exists(Expr immediate | + immediate = this.getImmediateFunction() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the `index`th argument passed to the applied function (0-based). @@ -38,7 +43,12 @@ module Generated { /** * Gets the `index`th argument passed to the applied function (0-based). */ - final Argument getArgument(int index) { result = this.getImmediateArgument(index).resolve() } + final Argument getArgument(int index) { + exists(Argument immediate | + immediate = this.getImmediateArgument(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the arguments passed to the applied function. diff --git a/swift/ql/lib/codeql/swift/generated/expr/Argument.qll b/swift/ql/lib/codeql/swift/generated/expr/Argument.qll index e3043e07420..3040a549ec9 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/Argument.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/Argument.qll @@ -27,6 +27,11 @@ module Generated { /** * Gets the expression of this argument. */ - final Expr getExpr() { result = this.getImmediateExpr().resolve() } + final Expr getExpr() { + exists(Expr immediate | + immediate = this.getImmediateExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ArrayExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ArrayExpr.qll index 5a74d70b841..a2e674ee2cf 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ArrayExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ArrayExpr.qll @@ -24,7 +24,12 @@ module Generated { /** * Gets the `index`th element of this array expression (0-based). */ - final Expr getElement(int index) { result = this.getImmediateElement(index).resolve() } + final Expr getElement(int index) { + exists(Expr immediate | + immediate = this.getImmediateElement(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the elements of this array expression. diff --git a/swift/ql/lib/codeql/swift/generated/expr/AssignExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/AssignExpr.qll index 26a8f5dc936..3d9f1f55081 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/AssignExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/AssignExpr.qll @@ -21,7 +21,12 @@ module Generated { /** * Gets the dest of this assign expression. */ - final Expr getDest() { result = this.getImmediateDest().resolve() } + final Expr getDest() { + exists(Expr immediate | + immediate = this.getImmediateDest() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the source of this assign expression. @@ -37,6 +42,11 @@ module Generated { /** * Gets the source of this assign expression. */ - final Expr getSource() { result = this.getImmediateSource().resolve() } + final Expr getSource() { + exists(Expr immediate | + immediate = this.getImmediateSource() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/BindOptionalExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/BindOptionalExpr.qll index d827276d0b6..2b10e27595b 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/BindOptionalExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/BindOptionalExpr.qll @@ -23,6 +23,11 @@ module Generated { /** * Gets the sub expression of this bind optional expression. */ - final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } + final Expr getSubExpr() { + exists(Expr immediate | + immediate = this.getImmediateSubExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/CaptureListExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/CaptureListExpr.qll index 0e751537558..b3a6653ce77 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/CaptureListExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/CaptureListExpr.qll @@ -26,7 +26,10 @@ module Generated { * Gets the `index`th binding declaration of this capture list expression (0-based). */ final PatternBindingDecl getBindingDecl(int index) { - result = this.getImmediateBindingDecl(index).resolve() + exists(PatternBindingDecl immediate | + immediate = this.getImmediateBindingDecl(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** @@ -55,6 +58,11 @@ module Generated { /** * Gets the closure body of this capture list expression. */ - final ExplicitClosureExpr getClosureBody() { result = this.getImmediateClosureBody().resolve() } + final ExplicitClosureExpr getClosureBody() { + exists(ExplicitClosureExpr immediate | + immediate = this.getImmediateClosureBody() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/DeclRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DeclRefExpr.qll index 89a9858bafd..6aa2c0522f5 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DeclRefExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DeclRefExpr.qll @@ -23,7 +23,12 @@ module Generated { /** * Gets the declaration of this declaration reference expression. */ - final Decl getDecl() { result = this.getImmediateDecl().resolve() } + final Decl getDecl() { + exists(Decl immediate | + immediate = this.getImmediateDecl() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the `index`th replacement type of this declaration reference expression (0-based). @@ -42,7 +47,10 @@ module Generated { * Gets the `index`th replacement type of this declaration reference expression (0-based). */ final Type getReplacementType(int index) { - result = this.getImmediateReplacementType(index).resolve() + exists(Type immediate | + immediate = this.getImmediateReplacementType(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** diff --git a/swift/ql/lib/codeql/swift/generated/expr/DefaultArgumentExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DefaultArgumentExpr.qll index 9fa6034bd64..e457353ada4 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DefaultArgumentExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DefaultArgumentExpr.qll @@ -24,7 +24,12 @@ module Generated { /** * Gets the parameter declaration of this default argument expression. */ - final ParamDecl getParamDecl() { result = this.getImmediateParamDecl().resolve() } + final ParamDecl getParamDecl() { + exists(ParamDecl immediate | + immediate = this.getImmediateParamDecl() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the parameter index of this default argument expression. @@ -50,7 +55,12 @@ module Generated { /** * Gets the caller side default of this default argument expression, if it exists. */ - final Expr getCallerSideDefault() { result = this.getImmediateCallerSideDefault().resolve() } + final Expr getCallerSideDefault() { + exists(Expr immediate | + immediate = this.getImmediateCallerSideDefault() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getCallerSideDefault()` exists. diff --git a/swift/ql/lib/codeql/swift/generated/expr/DictionaryExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DictionaryExpr.qll index a210c392fe8..5c444c0fea5 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DictionaryExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DictionaryExpr.qll @@ -24,7 +24,12 @@ module Generated { /** * Gets the `index`th element of this dictionary expression (0-based). */ - final Expr getElement(int index) { result = this.getImmediateElement(index).resolve() } + final Expr getElement(int index) { + exists(Expr immediate | + immediate = this.getImmediateElement(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the elements of this dictionary expression. diff --git a/swift/ql/lib/codeql/swift/generated/expr/DotSyntaxBaseIgnoredExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DotSyntaxBaseIgnoredExpr.qll index 746f9dcc9de..a5a25e0affc 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DotSyntaxBaseIgnoredExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DotSyntaxBaseIgnoredExpr.qll @@ -23,7 +23,12 @@ module Generated { /** * Gets the qualifier of this dot syntax base ignored expression. */ - final Expr getQualifier() { result = this.getImmediateQualifier().resolve() } + final Expr getQualifier() { + exists(Expr immediate | + immediate = this.getImmediateQualifier() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the sub expression of this dot syntax base ignored expression. @@ -41,6 +46,11 @@ module Generated { /** * Gets the sub expression of this dot syntax base ignored expression. */ - final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } + final Expr getSubExpr() { + exists(Expr immediate | + immediate = this.getImmediateSubExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/DynamicTypeExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DynamicTypeExpr.qll index c2bd3768675..55cd226a189 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DynamicTypeExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DynamicTypeExpr.qll @@ -23,6 +23,11 @@ module Generated { /** * Gets the base of this dynamic type expression. */ - final Expr getBase() { result = this.getImmediateBase().resolve() } + final Expr getBase() { + exists(Expr immediate | + immediate = this.getImmediateBase() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/EnumIsCaseExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/EnumIsCaseExpr.qll index b29c5cb98e1..0ec0a3275dd 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/EnumIsCaseExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/EnumIsCaseExpr.qll @@ -24,7 +24,12 @@ module Generated { /** * Gets the sub expression of this enum is case expression. */ - final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } + final Expr getSubExpr() { + exists(Expr immediate | + immediate = this.getImmediateSubExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the element of this enum is case expression. @@ -42,6 +47,11 @@ module Generated { /** * Gets the element of this enum is case expression. */ - final EnumElementDecl getElement() { result = this.getImmediateElement().resolve() } + final EnumElementDecl getElement() { + exists(EnumElementDecl immediate | + immediate = this.getImmediateElement() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ExplicitCastExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ExplicitCastExpr.qll index 10bcbc5b447..afbbabe89f0 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ExplicitCastExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ExplicitCastExpr.qll @@ -21,6 +21,11 @@ module Generated { /** * Gets the sub expression of this explicit cast expression. */ - final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } + final Expr getSubExpr() { + exists(Expr immediate | + immediate = this.getImmediateSubExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/Expr.qll b/swift/ql/lib/codeql/swift/generated/expr/Expr.qll index c496b07c4fc..dad004bc2bd 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/Expr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/Expr.qll @@ -22,7 +22,12 @@ module Generated { /** * Gets the type of this expression, if it exists. */ - final Type getType() { result = this.getImmediateType().resolve() } + final Type getType() { + exists(Type immediate | + immediate = this.getImmediateType() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getType()` exists. diff --git a/swift/ql/lib/codeql/swift/generated/expr/ForceValueExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ForceValueExpr.qll index 2a4a08e1af7..b0f9c8638ef 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ForceValueExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ForceValueExpr.qll @@ -23,6 +23,11 @@ module Generated { /** * Gets the sub expression of this force value expression. */ - final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } + final Expr getSubExpr() { + exists(Expr immediate | + immediate = this.getImmediateSubExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/IdentityExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/IdentityExpr.qll index bdff6219fe3..9ea8b8e0de6 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/IdentityExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/IdentityExpr.qll @@ -21,6 +21,11 @@ module Generated { /** * Gets the sub expression of this identity expression. */ - final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } + final Expr getSubExpr() { + exists(Expr immediate | + immediate = this.getImmediateSubExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/IfExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/IfExpr.qll index 8a837f1ad17..255140a1d6c 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/IfExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/IfExpr.qll @@ -21,7 +21,12 @@ module Generated { /** * Gets the condition of this if expression. */ - final Expr getCondition() { result = this.getImmediateCondition().resolve() } + final Expr getCondition() { + exists(Expr immediate | + immediate = this.getImmediateCondition() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the then expression of this if expression. @@ -37,7 +42,12 @@ module Generated { /** * Gets the then expression of this if expression. */ - final Expr getThenExpr() { result = this.getImmediateThenExpr().resolve() } + final Expr getThenExpr() { + exists(Expr immediate | + immediate = this.getImmediateThenExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the else expression of this if expression. @@ -53,6 +63,11 @@ module Generated { /** * Gets the else expression of this if expression. */ - final Expr getElseExpr() { result = this.getImmediateElseExpr().resolve() } + final Expr getElseExpr() { + exists(Expr immediate | + immediate = this.getImmediateElseExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ImplicitConversionExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ImplicitConversionExpr.qll index fdc249c0723..f9ea79025ad 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ImplicitConversionExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ImplicitConversionExpr.qll @@ -21,6 +21,11 @@ module Generated { /** * Gets the sub expression of this implicit conversion expression. */ - final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } + final Expr getSubExpr() { + exists(Expr immediate | + immediate = this.getImmediateSubExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/InOutExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/InOutExpr.qll index 6cac0fd23ab..0519e728bd2 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/InOutExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/InOutExpr.qll @@ -21,6 +21,11 @@ module Generated { /** * Gets the sub expression of this in out expression. */ - final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } + final Expr getSubExpr() { + exists(Expr immediate | + immediate = this.getImmediateSubExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll index db25abe3906..c7f67891199 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll @@ -27,7 +27,10 @@ module Generated { * Gets the interpolation expression of this interpolated string literal expression, if it exists. */ final OpaqueValueExpr getInterpolationExpr() { - result = this.getImmediateInterpolationExpr().resolve() + exists(OpaqueValueExpr immediate | + immediate = this.getImmediateInterpolationExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** @@ -52,7 +55,10 @@ module Generated { * Gets the interpolation count expression of this interpolated string literal expression, if it exists. */ final Expr getInterpolationCountExpr() { - result = this.getImmediateInterpolationCountExpr().resolve() + exists(Expr immediate | + immediate = this.getImmediateInterpolationCountExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** @@ -77,7 +83,10 @@ module Generated { * Gets the literal capacity expression of this interpolated string literal expression, if it exists. */ final Expr getLiteralCapacityExpr() { - result = this.getImmediateLiteralCapacityExpr().resolve() + exists(Expr immediate | + immediate = this.getImmediateLiteralCapacityExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** @@ -101,7 +110,12 @@ module Generated { /** * Gets the appending expression of this interpolated string literal expression, if it exists. */ - final TapExpr getAppendingExpr() { result = this.getImmediateAppendingExpr().resolve() } + final TapExpr getAppendingExpr() { + exists(TapExpr immediate | + immediate = this.getImmediateAppendingExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getAppendingExpr()` exists. diff --git a/swift/ql/lib/codeql/swift/generated/expr/KeyPathApplicationExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/KeyPathApplicationExpr.qll index 0cd675fc44d..c2cd7d9f896 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/KeyPathApplicationExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/KeyPathApplicationExpr.qll @@ -23,7 +23,12 @@ module Generated { /** * Gets the base of this key path application expression. */ - final Expr getBase() { result = this.getImmediateBase().resolve() } + final Expr getBase() { + exists(Expr immediate | + immediate = this.getImmediateBase() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the key path of this key path application expression. @@ -41,6 +46,11 @@ module Generated { /** * Gets the key path of this key path application expression. */ - final Expr getKeyPath() { result = this.getImmediateKeyPath().resolve() } + final Expr getKeyPath() { + exists(Expr immediate | + immediate = this.getImmediateKeyPath() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/KeyPathExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/KeyPathExpr.qll index a7ec4bab8bf..a74a289cf83 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/KeyPathExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/KeyPathExpr.qll @@ -28,7 +28,12 @@ module Generated { /** * Gets the root of this key path expression, if it exists. */ - final TypeRepr getRoot() { result = this.getImmediateRoot().resolve() } + final TypeRepr getRoot() { + exists(TypeRepr immediate | + immediate = this.getImmediateRoot() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getRoot()` exists. @@ -52,7 +57,10 @@ module Generated { * Gets the `index`th component of this key path expression (0-based). */ final KeyPathComponent getComponent(int index) { - result = this.getImmediateComponent(index).resolve() + exists(KeyPathComponent immediate | + immediate = this.getImmediateComponent(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** diff --git a/swift/ql/lib/codeql/swift/generated/expr/LazyInitializationExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/LazyInitializationExpr.qll index ee690ad5229..ccb21a42e70 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/LazyInitializationExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/LazyInitializationExpr.qll @@ -23,6 +23,11 @@ module Generated { /** * Gets the sub expression of this lazy initialization expression. */ - final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } + final Expr getSubExpr() { + exists(Expr immediate | + immediate = this.getImmediateSubExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/LookupExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/LookupExpr.qll index d6a81964675..a2d5edccbff 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/LookupExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/LookupExpr.qll @@ -20,7 +20,12 @@ module Generated { /** * Gets the base of this lookup expression. */ - final Expr getBase() { result = this.getImmediateBase().resolve() } + final Expr getBase() { + exists(Expr immediate | + immediate = this.getImmediateBase() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the member of this lookup expression, if it exists. @@ -36,7 +41,12 @@ module Generated { /** * Gets the member of this lookup expression, if it exists. */ - final Decl getMember() { result = this.getImmediateMember().resolve() } + final Decl getMember() { + exists(Decl immediate | + immediate = this.getImmediateMember() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getMember()` exists. diff --git a/swift/ql/lib/codeql/swift/generated/expr/MakeTemporarilyEscapableExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/MakeTemporarilyEscapableExpr.qll index 18bb6cf93ae..7dea45b0ffd 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/MakeTemporarilyEscapableExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/MakeTemporarilyEscapableExpr.qll @@ -25,7 +25,10 @@ module Generated { * Gets the escaping closure of this make temporarily escapable expression. */ final OpaqueValueExpr getEscapingClosure() { - result = this.getImmediateEscapingClosure().resolve() + exists(OpaqueValueExpr immediate | + immediate = this.getImmediateEscapingClosure() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** @@ -44,7 +47,12 @@ module Generated { /** * Gets the nonescaping closure of this make temporarily escapable expression. */ - final Expr getNonescapingClosure() { result = this.getImmediateNonescapingClosure().resolve() } + final Expr getNonescapingClosure() { + exists(Expr immediate | + immediate = this.getImmediateNonescapingClosure() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the sub expression of this make temporarily escapable expression. @@ -62,6 +70,11 @@ module Generated { /** * Gets the sub expression of this make temporarily escapable expression. */ - final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } + final Expr getSubExpr() { + exists(Expr immediate | + immediate = this.getImmediateSubExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/MethodLookupExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/MethodLookupExpr.qll index 2fe7cfb174b..8525b1d28c9 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/MethodLookupExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/MethodLookupExpr.qll @@ -19,6 +19,11 @@ module Generated { /** * Gets the the underlying method declaration reference expression. */ - final Expr getMethodRef() { result = this.getImmediateMethodRef().resolve() } + final Expr getMethodRef() { + exists(Expr immediate | + immediate = this.getImmediateMethodRef() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll index f12d4cbd960..1a19498c020 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll @@ -24,7 +24,12 @@ module Generated { /** * Gets the sub expression of this obj c selector expression. */ - final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } + final Expr getSubExpr() { + exists(Expr immediate | + immediate = this.getImmediateSubExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the method of this obj c selector expression. @@ -42,6 +47,11 @@ module Generated { /** * Gets the method of this obj c selector expression. */ - final Function getMethod() { result = this.getImmediateMethod().resolve() } + final Function getMethod() { + exists(Function immediate | + immediate = this.getImmediateMethod() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll index 4ce11bcca0f..adbc4cb3f34 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll @@ -36,7 +36,12 @@ module Generated { /** * Gets the `index`th argument of this object literal expression (0-based). */ - final Argument getArgument(int index) { result = this.getImmediateArgument(index).resolve() } + final Argument getArgument(int index) { + exists(Argument immediate | + immediate = this.getImmediateArgument(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the arguments of this object literal expression. diff --git a/swift/ql/lib/codeql/swift/generated/expr/OneWayExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/OneWayExpr.qll index f8313e157e8..00599708cc2 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/OneWayExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/OneWayExpr.qll @@ -21,6 +21,11 @@ module Generated { /** * Gets the sub expression of this one way expression. */ - final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } + final Expr getSubExpr() { + exists(Expr immediate | + immediate = this.getImmediateSubExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/OpenExistentialExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/OpenExistentialExpr.qll index ad2f3551b26..72d7f0c6361 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/OpenExistentialExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/OpenExistentialExpr.qll @@ -24,7 +24,12 @@ module Generated { /** * Gets the sub expression of this open existential expression. */ - final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } + final Expr getSubExpr() { + exists(Expr immediate | + immediate = this.getImmediateSubExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the existential of this open existential expression. @@ -42,7 +47,12 @@ module Generated { /** * Gets the existential of this open existential expression. */ - final Expr getExistential() { result = this.getImmediateExistential().resolve() } + final Expr getExistential() { + exists(Expr immediate | + immediate = this.getImmediateExistential() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the opaque expression of this open existential expression. @@ -60,6 +70,11 @@ module Generated { /** * Gets the opaque expression of this open existential expression. */ - final OpaqueValueExpr getOpaqueExpr() { result = this.getImmediateOpaqueExpr().resolve() } + final OpaqueValueExpr getOpaqueExpr() { + exists(OpaqueValueExpr immediate | + immediate = this.getImmediateOpaqueExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/OptionalEvaluationExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/OptionalEvaluationExpr.qll index f23fd024cf9..cc96496a668 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/OptionalEvaluationExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/OptionalEvaluationExpr.qll @@ -23,6 +23,11 @@ module Generated { /** * Gets the sub expression of this optional evaluation expression. */ - final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } + final Expr getSubExpr() { + exists(Expr immediate | + immediate = this.getImmediateSubExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/OtherInitializerRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/OtherInitializerRefExpr.qll index dbd4ba6ecdb..cf66c7d3c79 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/OtherInitializerRefExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/OtherInitializerRefExpr.qll @@ -24,6 +24,11 @@ module Generated { /** * Gets the initializer of this other initializer reference expression. */ - final Initializer getInitializer() { result = this.getImmediateInitializer().resolve() } + final Initializer getInitializer() { + exists(Initializer immediate | + immediate = this.getImmediateInitializer() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll index 7a7478197b7..8a923e918f7 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll @@ -30,7 +30,10 @@ module Generated { * Gets the `index`th possible declaration of this overloaded declaration reference expression (0-based). */ final ValueDecl getPossibleDeclaration(int index) { - result = this.getImmediatePossibleDeclaration(index).resolve() + exists(ValueDecl immediate | + immediate = this.getImmediatePossibleDeclaration(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** diff --git a/swift/ql/lib/codeql/swift/generated/expr/PropertyWrapperValuePlaceholderExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/PropertyWrapperValuePlaceholderExpr.qll index 80e258ec54c..0d6c65467fe 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/PropertyWrapperValuePlaceholderExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/PropertyWrapperValuePlaceholderExpr.qll @@ -30,7 +30,12 @@ module Generated { /** * Gets the wrapped value of this property wrapper value placeholder expression, if it exists. */ - final Expr getWrappedValue() { result = this.getImmediateWrappedValue().resolve() } + final Expr getWrappedValue() { + exists(Expr immediate | + immediate = this.getImmediateWrappedValue() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getWrappedValue()` exists. @@ -53,6 +58,11 @@ module Generated { /** * Gets the placeholder of this property wrapper value placeholder expression. */ - final OpaqueValueExpr getPlaceholder() { result = this.getImmediatePlaceholder().resolve() } + final OpaqueValueExpr getPlaceholder() { + exists(OpaqueValueExpr immediate | + immediate = this.getImmediatePlaceholder() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/RebindSelfInInitializerExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/RebindSelfInInitializerExpr.qll index e8edcbe2b70..6a2c298e360 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/RebindSelfInInitializerExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/RebindSelfInInitializerExpr.qll @@ -24,7 +24,12 @@ module Generated { /** * Gets the sub expression of this rebind self in initializer expression. */ - final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } + final Expr getSubExpr() { + exists(Expr immediate | + immediate = this.getImmediateSubExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the self of this rebind self in initializer expression. @@ -42,6 +47,11 @@ module Generated { /** * Gets the self of this rebind self in initializer expression. */ - final VarDecl getSelf() { result = this.getImmediateSelf().resolve() } + final VarDecl getSelf() { + exists(VarDecl immediate | + immediate = this.getImmediateSelf() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/SelfApplyExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/SelfApplyExpr.qll index d7e14456b43..a05d2fd41f6 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/SelfApplyExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/SelfApplyExpr.qll @@ -27,6 +27,11 @@ module Generated { /** * Gets the base of this self apply expression. */ - final Expr getBase() { result = this.getImmediateBase().resolve() } + final Expr getBase() { + exists(Expr immediate | + immediate = this.getImmediateBase() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/SequenceExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/SequenceExpr.qll index 26d5d803c40..c29a54b7150 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/SequenceExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/SequenceExpr.qll @@ -23,7 +23,12 @@ module Generated { /** * Gets the `index`th element of this sequence expression (0-based). */ - final Expr getElement(int index) { result = this.getImmediateElement(index).resolve() } + final Expr getElement(int index) { + exists(Expr immediate | + immediate = this.getImmediateElement(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the elements of this sequence expression. diff --git a/swift/ql/lib/codeql/swift/generated/expr/SubscriptExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/SubscriptExpr.qll index 6f998636ba3..8e9734917b7 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/SubscriptExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/SubscriptExpr.qll @@ -24,7 +24,12 @@ module Generated { /** * Gets the `index`th argument of this subscript expression (0-based). */ - final Argument getArgument(int index) { result = this.getImmediateArgument(index).resolve() } + final Argument getArgument(int index) { + exists(Argument immediate | + immediate = this.getImmediateArgument(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the arguments of this subscript expression. diff --git a/swift/ql/lib/codeql/swift/generated/expr/SuperRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/SuperRefExpr.qll index 7718629410d..5058db3f175 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/SuperRefExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/SuperRefExpr.qll @@ -24,6 +24,11 @@ module Generated { /** * Gets the self of this super reference expression. */ - final VarDecl getSelf() { result = this.getImmediateSelf().resolve() } + final VarDecl getSelf() { + exists(VarDecl immediate | + immediate = this.getImmediateSelf() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/TapExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/TapExpr.qll index f4f0aa07121..0132d9363f3 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/TapExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/TapExpr.qll @@ -23,7 +23,12 @@ module Generated { /** * Gets the sub expression of this tap expression, if it exists. */ - final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } + final Expr getSubExpr() { + exists(Expr immediate | + immediate = this.getImmediateSubExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getSubExpr()` exists. @@ -44,7 +49,12 @@ module Generated { /** * Gets the body of this tap expression. */ - final BraceStmt getBody() { result = this.getImmediateBody().resolve() } + final BraceStmt getBody() { + exists(BraceStmt immediate | + immediate = this.getImmediateBody() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the variable of this tap expression. @@ -60,6 +70,11 @@ module Generated { /** * Gets the variable of this tap expression. */ - final VarDecl getVar() { result = this.getImmediateVar().resolve() } + final VarDecl getVar() { + exists(VarDecl immediate | + immediate = this.getImmediateVar() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/TupleElementExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/TupleElementExpr.qll index ed8c67650f0..b1755eb7d0c 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/TupleElementExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/TupleElementExpr.qll @@ -23,7 +23,12 @@ module Generated { /** * Gets the sub expression of this tuple element expression. */ - final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } + final Expr getSubExpr() { + exists(Expr immediate | + immediate = this.getImmediateSubExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the index of this tuple element expression. diff --git a/swift/ql/lib/codeql/swift/generated/expr/TupleExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/TupleExpr.qll index 3435ddc8916..d2a5b5be705 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/TupleExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/TupleExpr.qll @@ -23,7 +23,12 @@ module Generated { /** * Gets the `index`th element of this tuple expression (0-based). */ - final Expr getElement(int index) { result = this.getImmediateElement(index).resolve() } + final Expr getElement(int index) { + exists(Expr immediate | + immediate = this.getImmediateElement(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the elements of this tuple expression. diff --git a/swift/ql/lib/codeql/swift/generated/expr/TypeExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/TypeExpr.qll index d8e729fc250..96fb7141531 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/TypeExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/TypeExpr.qll @@ -24,7 +24,12 @@ module Generated { /** * Gets the type representation of this type expression, if it exists. */ - final TypeRepr getTypeRepr() { result = this.getImmediateTypeRepr().resolve() } + final TypeRepr getTypeRepr() { + exists(TypeRepr immediate | + immediate = this.getImmediateTypeRepr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getTypeRepr()` exists. diff --git a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDotExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDotExpr.qll index d9130d4885e..bd4e902d6b8 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDotExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedDotExpr.qll @@ -24,7 +24,12 @@ module Generated { /** * Gets the base of this unresolved dot expression. */ - final Expr getBase() { result = this.getImmediateBase().resolve() } + final Expr getBase() { + exists(Expr immediate | + immediate = this.getImmediateBase() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the name of this unresolved dot expression. diff --git a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedPatternExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedPatternExpr.qll index 93e5dde32a0..db2639f8695 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedPatternExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedPatternExpr.qll @@ -25,6 +25,11 @@ module Generated { /** * Gets the sub pattern of this unresolved pattern expression. */ - final Pattern getSubPattern() { result = this.getImmediateSubPattern().resolve() } + final Pattern getSubPattern() { + exists(Pattern immediate | + immediate = this.getImmediateSubPattern() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedSpecializeExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedSpecializeExpr.qll index 31dc8f10023..b5b650b58bb 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/UnresolvedSpecializeExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/UnresolvedSpecializeExpr.qll @@ -24,6 +24,11 @@ module Generated { /** * Gets the sub expression of this unresolved specialize expression. */ - final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } + final Expr getSubExpr() { + exists(Expr immediate | + immediate = this.getImmediateSubExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/VarargExpansionExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/VarargExpansionExpr.qll index b4a208b1947..38f38243f3e 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/VarargExpansionExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/VarargExpansionExpr.qll @@ -23,6 +23,11 @@ module Generated { /** * Gets the sub expression of this vararg expansion expression. */ - final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } + final Expr getSubExpr() { + exists(Expr immediate | + immediate = this.getImmediateSubExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/BindingPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/BindingPattern.qll index 1165e0f7d66..16fa03e3bd8 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/BindingPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/BindingPattern.qll @@ -23,6 +23,11 @@ module Generated { /** * Gets the sub pattern of this binding pattern. */ - final Pattern getSubPattern() { result = this.getImmediateSubPattern().resolve() } + final Pattern getSubPattern() { + exists(Pattern immediate | + immediate = this.getImmediateSubPattern() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/EnumElementPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/EnumElementPattern.qll index 0ff39e60753..bbed4615ce1 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/EnumElementPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/EnumElementPattern.qll @@ -24,7 +24,12 @@ module Generated { /** * Gets the element of this enum element pattern. */ - final EnumElementDecl getElement() { result = this.getImmediateElement().resolve() } + final EnumElementDecl getElement() { + exists(EnumElementDecl immediate | + immediate = this.getImmediateElement() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the sub pattern of this enum element pattern, if it exists. @@ -42,7 +47,12 @@ module Generated { /** * Gets the sub pattern of this enum element pattern, if it exists. */ - final Pattern getSubPattern() { result = this.getImmediateSubPattern().resolve() } + final Pattern getSubPattern() { + exists(Pattern immediate | + immediate = this.getImmediateSubPattern() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getSubPattern()` exists. diff --git a/swift/ql/lib/codeql/swift/generated/pattern/ExprPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/ExprPattern.qll index d2140ec8156..0fdb76ad695 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/ExprPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/ExprPattern.qll @@ -24,6 +24,11 @@ module Generated { /** * Gets the sub expression of this expression pattern. */ - final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } + final Expr getSubExpr() { + exists(Expr immediate | + immediate = this.getImmediateSubExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/IsPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/IsPattern.qll index aa4a6f7a5fc..7864297866c 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/IsPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/IsPattern.qll @@ -24,7 +24,12 @@ module Generated { /** * Gets the cast type representation of this is pattern, if it exists. */ - final TypeRepr getCastTypeRepr() { result = this.getImmediateCastTypeRepr().resolve() } + final TypeRepr getCastTypeRepr() { + exists(TypeRepr immediate | + immediate = this.getImmediateCastTypeRepr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getCastTypeRepr()` exists. @@ -47,7 +52,12 @@ module Generated { /** * Gets the sub pattern of this is pattern, if it exists. */ - final Pattern getSubPattern() { result = this.getImmediateSubPattern().resolve() } + final Pattern getSubPattern() { + exists(Pattern immediate | + immediate = this.getImmediateSubPattern() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getSubPattern()` exists. diff --git a/swift/ql/lib/codeql/swift/generated/pattern/OptionalSomePattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/OptionalSomePattern.qll index 0e3d97b5a08..f6431fe50fa 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/OptionalSomePattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/OptionalSomePattern.qll @@ -23,6 +23,11 @@ module Generated { /** * Gets the sub pattern of this optional some pattern. */ - final Pattern getSubPattern() { result = this.getImmediateSubPattern().resolve() } + final Pattern getSubPattern() { + exists(Pattern immediate | + immediate = this.getImmediateSubPattern() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/ParenPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/ParenPattern.qll index 4590b7506d8..285abb88d02 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/ParenPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/ParenPattern.qll @@ -23,6 +23,11 @@ module Generated { /** * Gets the sub pattern of this paren pattern. */ - final Pattern getSubPattern() { result = this.getImmediateSubPattern().resolve() } + final Pattern getSubPattern() { + exists(Pattern immediate | + immediate = this.getImmediateSubPattern() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/TuplePattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/TuplePattern.qll index 150bb6b6008..dc6dcc36ba3 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/TuplePattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/TuplePattern.qll @@ -23,7 +23,12 @@ module Generated { /** * Gets the `index`th element of this tuple pattern (0-based). */ - final Pattern getElement(int index) { result = this.getImmediateElement(index).resolve() } + final Pattern getElement(int index) { + exists(Pattern immediate | + immediate = this.getImmediateElement(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the elements of this tuple pattern. diff --git a/swift/ql/lib/codeql/swift/generated/pattern/TypedPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/TypedPattern.qll index 3aa4fd30638..2570eca03f8 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/TypedPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/TypedPattern.qll @@ -24,7 +24,12 @@ module Generated { /** * Gets the sub pattern of this typed pattern. */ - final Pattern getSubPattern() { result = this.getImmediateSubPattern().resolve() } + final Pattern getSubPattern() { + exists(Pattern immediate | + immediate = this.getImmediateSubPattern() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the type representation of this typed pattern, if it exists. @@ -42,7 +47,12 @@ module Generated { /** * Gets the type representation of this typed pattern, if it exists. */ - final TypeRepr getTypeRepr() { result = this.getImmediateTypeRepr().resolve() } + final TypeRepr getTypeRepr() { + exists(TypeRepr immediate | + immediate = this.getImmediateTypeRepr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getTypeRepr()` exists. diff --git a/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll index 1686d584dc5..08cc9c6ce2b 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll @@ -24,7 +24,12 @@ module Generated { /** * Gets the `index`th element of this brace statement (0-based). */ - final AstNode getElement(int index) { result = this.getImmediateElement(index).resolve() } + final AstNode getElement(int index) { + exists(AstNode immediate | + immediate = this.getImmediateElement(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the elements of this brace statement. diff --git a/swift/ql/lib/codeql/swift/generated/stmt/BreakStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/BreakStmt.qll index 7491d9a21a3..f9adaeb9ddb 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/BreakStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/BreakStmt.qll @@ -33,7 +33,12 @@ module Generated { /** * Gets the target of this break statement, if it exists. */ - final Stmt getTarget() { result = this.getImmediateTarget().resolve() } + final Stmt getTarget() { + exists(Stmt immediate | + immediate = this.getImmediateTarget() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getTarget()` exists. diff --git a/swift/ql/lib/codeql/swift/generated/stmt/CaseLabelItem.qll b/swift/ql/lib/codeql/swift/generated/stmt/CaseLabelItem.qll index bdc582997ea..b69e392cc1e 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/CaseLabelItem.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/CaseLabelItem.qll @@ -25,7 +25,12 @@ module Generated { /** * Gets the pattern of this case label item. */ - final Pattern getPattern() { result = this.getImmediatePattern().resolve() } + final Pattern getPattern() { + exists(Pattern immediate | + immediate = this.getImmediatePattern() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the guard of this case label item, if it exists. @@ -43,7 +48,12 @@ module Generated { /** * Gets the guard of this case label item, if it exists. */ - final Expr getGuard() { result = this.getImmediateGuard().resolve() } + final Expr getGuard() { + exists(Expr immediate | + immediate = this.getImmediateGuard() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getGuard()` exists. diff --git a/swift/ql/lib/codeql/swift/generated/stmt/CaseStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/CaseStmt.qll index 1a3b6854b47..e39ba24d48c 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/CaseStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/CaseStmt.qll @@ -23,7 +23,12 @@ module Generated { /** * Gets the body of this case statement. */ - final Stmt getBody() { result = this.getImmediateBody().resolve() } + final Stmt getBody() { + exists(Stmt immediate | + immediate = this.getImmediateBody() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the `index`th label of this case statement (0-based). @@ -41,7 +46,12 @@ module Generated { /** * Gets the `index`th label of this case statement (0-based). */ - final CaseLabelItem getLabel(int index) { result = this.getImmediateLabel(index).resolve() } + final CaseLabelItem getLabel(int index) { + exists(CaseLabelItem immediate | + immediate = this.getImmediateLabel(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the labels of this case statement. @@ -69,7 +79,12 @@ module Generated { /** * Gets the `index`th variable of this case statement (0-based). */ - final VarDecl getVariable(int index) { result = this.getImmediateVariable(index).resolve() } + final VarDecl getVariable(int index) { + exists(VarDecl immediate | + immediate = this.getImmediateVariable(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the variables of this case statement. diff --git a/swift/ql/lib/codeql/swift/generated/stmt/ConditionElement.qll b/swift/ql/lib/codeql/swift/generated/stmt/ConditionElement.qll index bc58ac9eadf..2eddaa245e7 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/ConditionElement.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/ConditionElement.qll @@ -26,7 +26,12 @@ module Generated { /** * Gets the boolean of this condition element, if it exists. */ - final Expr getBoolean() { result = this.getImmediateBoolean().resolve() } + final Expr getBoolean() { + exists(Expr immediate | + immediate = this.getImmediateBoolean() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getBoolean()` exists. @@ -49,7 +54,12 @@ module Generated { /** * Gets the pattern of this condition element, if it exists. */ - final Pattern getPattern() { result = this.getImmediatePattern().resolve() } + final Pattern getPattern() { + exists(Pattern immediate | + immediate = this.getImmediatePattern() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getPattern()` exists. @@ -72,7 +82,12 @@ module Generated { /** * Gets the initializer of this condition element, if it exists. */ - final Expr getInitializer() { result = this.getImmediateInitializer().resolve() } + final Expr getInitializer() { + exists(Expr immediate | + immediate = this.getImmediateInitializer() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getInitializer()` exists. @@ -95,7 +110,12 @@ module Generated { /** * Gets the availability of this condition element, if it exists. */ - final AvailabilityInfo getAvailability() { result = this.getImmediateAvailability().resolve() } + final AvailabilityInfo getAvailability() { + exists(AvailabilityInfo immediate | + immediate = this.getImmediateAvailability() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getAvailability()` exists. diff --git a/swift/ql/lib/codeql/swift/generated/stmt/ContinueStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/ContinueStmt.qll index 0bb169de636..d247f507d9a 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/ContinueStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/ContinueStmt.qll @@ -35,7 +35,12 @@ module Generated { /** * Gets the target of this continue statement, if it exists. */ - final Stmt getTarget() { result = this.getImmediateTarget().resolve() } + final Stmt getTarget() { + exists(Stmt immediate | + immediate = this.getImmediateTarget() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getTarget()` exists. diff --git a/swift/ql/lib/codeql/swift/generated/stmt/DeferStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/DeferStmt.qll index 28b65e85fe0..21da3aa706c 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/DeferStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/DeferStmt.qll @@ -22,6 +22,11 @@ module Generated { /** * Gets the body of this defer statement. */ - final BraceStmt getBody() { result = this.getImmediateBody().resolve() } + final BraceStmt getBody() { + exists(BraceStmt immediate | + immediate = this.getImmediateBody() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/DoCatchStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/DoCatchStmt.qll index 7618c71d158..180c4103841 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/DoCatchStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/DoCatchStmt.qll @@ -23,7 +23,12 @@ module Generated { /** * Gets the body of this do catch statement. */ - final Stmt getBody() { result = this.getImmediateBody().resolve() } + final Stmt getBody() { + exists(Stmt immediate | + immediate = this.getImmediateBody() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the `index`th catch of this do catch statement (0-based). @@ -41,7 +46,12 @@ module Generated { /** * Gets the `index`th catch of this do catch statement (0-based). */ - final CaseStmt getCatch(int index) { result = this.getImmediateCatch(index).resolve() } + final CaseStmt getCatch(int index) { + exists(CaseStmt immediate | + immediate = this.getImmediateCatch(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the catches of this do catch statement. diff --git a/swift/ql/lib/codeql/swift/generated/stmt/DoStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/DoStmt.qll index 9a88046e2b4..b4661b21d8e 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/DoStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/DoStmt.qll @@ -22,6 +22,11 @@ module Generated { /** * Gets the body of this do statement. */ - final BraceStmt getBody() { result = this.getImmediateBody().resolve() } + final BraceStmt getBody() { + exists(BraceStmt immediate | + immediate = this.getImmediateBody() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/FallthroughStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/FallthroughStmt.qll index 9031a241f95..20fadcc91f3 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/FallthroughStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/FallthroughStmt.qll @@ -25,7 +25,10 @@ module Generated { * Gets the fallthrough source of this fallthrough statement. */ final CaseStmt getFallthroughSource() { - result = this.getImmediateFallthroughSource().resolve() + exists(CaseStmt immediate | + immediate = this.getImmediateFallthroughSource() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** @@ -44,6 +47,11 @@ module Generated { /** * Gets the fallthrough dest of this fallthrough statement. */ - final CaseStmt getFallthroughDest() { result = this.getImmediateFallthroughDest().resolve() } + final CaseStmt getFallthroughDest() { + exists(CaseStmt immediate | + immediate = this.getImmediateFallthroughDest() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/ForEachStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/ForEachStmt.qll index 64511ad5a20..fccf5f3ed3b 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/ForEachStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/ForEachStmt.qll @@ -26,7 +26,12 @@ module Generated { /** * Gets the pattern of this for each statement. */ - final Pattern getPattern() { result = this.getImmediatePattern().resolve() } + final Pattern getPattern() { + exists(Pattern immediate | + immediate = this.getImmediatePattern() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the sequence of this for each statement. @@ -44,7 +49,12 @@ module Generated { /** * Gets the sequence of this for each statement. */ - final Expr getSequence() { result = this.getImmediateSequence().resolve() } + final Expr getSequence() { + exists(Expr immediate | + immediate = this.getImmediateSequence() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the where of this for each statement, if it exists. @@ -60,7 +70,12 @@ module Generated { /** * Gets the where of this for each statement, if it exists. */ - final Expr getWhere() { result = this.getImmediateWhere().resolve() } + final Expr getWhere() { + exists(Expr immediate | + immediate = this.getImmediateWhere() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getWhere()` exists. @@ -83,6 +98,11 @@ module Generated { /** * Gets the body of this for each statement. */ - final BraceStmt getBody() { result = this.getImmediateBody().resolve() } + final BraceStmt getBody() { + exists(BraceStmt immediate | + immediate = this.getImmediateBody() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/GuardStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/GuardStmt.qll index c3fec287475..53d1a8a54aa 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/GuardStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/GuardStmt.qll @@ -22,6 +22,11 @@ module Generated { /** * Gets the body of this guard statement. */ - final BraceStmt getBody() { result = this.getImmediateBody().resolve() } + final BraceStmt getBody() { + exists(BraceStmt immediate | + immediate = this.getImmediateBody() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/IfStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/IfStmt.qll index af40d44ce7a..1f0ad8717cd 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/IfStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/IfStmt.qll @@ -21,7 +21,12 @@ module Generated { /** * Gets the then of this if statement. */ - final Stmt getThen() { result = this.getImmediateThen().resolve() } + final Stmt getThen() { + exists(Stmt immediate | + immediate = this.getImmediateThen() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the else of this if statement, if it exists. @@ -36,7 +41,12 @@ module Generated { /** * Gets the else of this if statement, if it exists. */ - final Stmt getElse() { result = this.getImmediateElse().resolve() } + final Stmt getElse() { + exists(Stmt immediate | + immediate = this.getImmediateElse() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getElse()` exists. diff --git a/swift/ql/lib/codeql/swift/generated/stmt/LabeledConditionalStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/LabeledConditionalStmt.qll index cf8818b5d84..41f728962bd 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/LabeledConditionalStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/LabeledConditionalStmt.qll @@ -22,6 +22,11 @@ module Generated { /** * Gets the condition of this labeled conditional statement. */ - final StmtCondition getCondition() { result = this.getImmediateCondition().resolve() } + final StmtCondition getCondition() { + exists(StmtCondition immediate | + immediate = this.getImmediateCondition() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/PoundAssertStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/PoundAssertStmt.qll index 85fe6487362..b2f9624447e 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/PoundAssertStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/PoundAssertStmt.qll @@ -24,7 +24,12 @@ module Generated { /** * Gets the condition of this pound assert statement. */ - final Expr getCondition() { result = this.getImmediateCondition().resolve() } + final Expr getCondition() { + exists(Expr immediate | + immediate = this.getImmediateCondition() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the message of this pound assert statement. diff --git a/swift/ql/lib/codeql/swift/generated/stmt/RepeatWhileStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/RepeatWhileStmt.qll index 31206b08752..2f4ada62ccf 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/RepeatWhileStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/RepeatWhileStmt.qll @@ -25,7 +25,12 @@ module Generated { /** * Gets the condition of this repeat while statement. */ - final Expr getCondition() { result = this.getImmediateCondition().resolve() } + final Expr getCondition() { + exists(Expr immediate | + immediate = this.getImmediateCondition() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the body of this repeat while statement. @@ -43,6 +48,11 @@ module Generated { /** * Gets the body of this repeat while statement. */ - final Stmt getBody() { result = this.getImmediateBody().resolve() } + final Stmt getBody() { + exists(Stmt immediate | + immediate = this.getImmediateBody() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/ReturnStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/ReturnStmt.qll index 465464611c1..c37671aba34 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/ReturnStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/ReturnStmt.qll @@ -22,7 +22,12 @@ module Generated { /** * Gets the result of this return statement, if it exists. */ - final Expr getResult() { result = this.getImmediateResult().resolve() } + final Expr getResult() { + exists(Expr immediate | + immediate = this.getImmediateResult() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getResult()` exists. diff --git a/swift/ql/lib/codeql/swift/generated/stmt/StmtCondition.qll b/swift/ql/lib/codeql/swift/generated/stmt/StmtCondition.qll index e8a9e38dff1..1be4eaf361a 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/StmtCondition.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/StmtCondition.qll @@ -25,7 +25,10 @@ module Generated { * Gets the `index`th element of this statement condition (0-based). */ final ConditionElement getElement(int index) { - result = this.getImmediateElement(index).resolve() + exists(ConditionElement immediate | + immediate = this.getImmediateElement(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** diff --git a/swift/ql/lib/codeql/swift/generated/stmt/SwitchStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/SwitchStmt.qll index 6c1d73790a6..819be668d5c 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/SwitchStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/SwitchStmt.qll @@ -23,7 +23,12 @@ module Generated { /** * Gets the expression of this switch statement. */ - final Expr getExpr() { result = this.getImmediateExpr().resolve() } + final Expr getExpr() { + exists(Expr immediate | + immediate = this.getImmediateExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the `index`th case of this switch statement (0-based). @@ -41,7 +46,12 @@ module Generated { /** * Gets the `index`th case of this switch statement (0-based). */ - final CaseStmt getCase(int index) { result = this.getImmediateCase(index).resolve() } + final CaseStmt getCase(int index) { + exists(CaseStmt immediate | + immediate = this.getImmediateCase(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the cases of this switch statement. diff --git a/swift/ql/lib/codeql/swift/generated/stmt/ThrowStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/ThrowStmt.qll index 9ef7edabeff..fd6c6920b00 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/ThrowStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/ThrowStmt.qll @@ -22,6 +22,11 @@ module Generated { /** * Gets the sub expression of this throw statement. */ - final Expr getSubExpr() { result = this.getImmediateSubExpr().resolve() } + final Expr getSubExpr() { + exists(Expr immediate | + immediate = this.getImmediateSubExpr() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/WhileStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/WhileStmt.qll index fb117dd9350..0482887cc57 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/WhileStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/WhileStmt.qll @@ -22,6 +22,11 @@ module Generated { /** * Gets the body of this while statement. */ - final Stmt getBody() { result = this.getImmediateBody().resolve() } + final Stmt getBody() { + exists(Stmt immediate | + immediate = this.getImmediateBody() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/YieldStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/YieldStmt.qll index f040c892347..df8b51cb2c4 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/YieldStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/YieldStmt.qll @@ -24,7 +24,12 @@ module Generated { /** * Gets the `index`th result of this yield statement (0-based). */ - final Expr getResult(int index) { result = this.getImmediateResult(index).resolve() } + final Expr getResult(int index) { + exists(Expr immediate | + immediate = this.getImmediateResult(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the results of this yield statement. diff --git a/swift/ql/lib/codeql/swift/generated/type/AnyFunctionType.qll b/swift/ql/lib/codeql/swift/generated/type/AnyFunctionType.qll index 3778893e461..334bc84a08e 100644 --- a/swift/ql/lib/codeql/swift/generated/type/AnyFunctionType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/AnyFunctionType.qll @@ -21,7 +21,12 @@ module Generated { /** * Gets the result of this function type. */ - final Type getResult() { result = this.getImmediateResult().resolve() } + final Type getResult() { + exists(Type immediate | + immediate = this.getImmediateResult() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the `index`th parameter type of this function type (0-based). @@ -39,7 +44,12 @@ module Generated { /** * Gets the `index`th parameter type of this function type (0-based). */ - final Type getParamType(int index) { result = this.getImmediateParamType(index).resolve() } + final Type getParamType(int index) { + exists(Type immediate | + immediate = this.getImmediateParamType(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the parameter types of this function type. diff --git a/swift/ql/lib/codeql/swift/generated/type/AnyGenericType.qll b/swift/ql/lib/codeql/swift/generated/type/AnyGenericType.qll index d6639d7e9a6..3cb6fe2786c 100644 --- a/swift/ql/lib/codeql/swift/generated/type/AnyGenericType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/AnyGenericType.qll @@ -22,7 +22,12 @@ module Generated { /** * Gets the parent of this any generic type, if it exists. */ - final Type getParent() { result = this.getImmediateParent().resolve() } + final Type getParent() { + exists(Type immediate | + immediate = this.getImmediateParent() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getParent()` exists. @@ -45,6 +50,11 @@ module Generated { /** * Gets the declaration of this any generic type. */ - final GenericTypeDecl getDeclaration() { result = this.getImmediateDeclaration().resolve() } + final GenericTypeDecl getDeclaration() { + exists(GenericTypeDecl immediate | + immediate = this.getImmediateDeclaration() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ArchetypeType.qll b/swift/ql/lib/codeql/swift/generated/type/ArchetypeType.qll index 9b5ef7266a9..7d907166dcf 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ArchetypeType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ArchetypeType.qll @@ -23,7 +23,12 @@ module Generated { /** * Gets the interface type of this archetype type. */ - final Type getInterfaceType() { result = this.getImmediateInterfaceType().resolve() } + final Type getInterfaceType() { + exists(Type immediate | + immediate = this.getImmediateInterfaceType() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the superclass of this archetype type, if it exists. @@ -41,7 +46,12 @@ module Generated { /** * Gets the superclass of this archetype type, if it exists. */ - final Type getSuperclass() { result = this.getImmediateSuperclass().resolve() } + final Type getSuperclass() { + exists(Type immediate | + immediate = this.getImmediateSuperclass() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Holds if `getSuperclass()` exists. @@ -65,7 +75,10 @@ module Generated { * Gets the `index`th protocol of this archetype type (0-based). */ final ProtocolDecl getProtocol(int index) { - result = this.getImmediateProtocol(index).resolve() + exists(ProtocolDecl immediate | + immediate = this.getImmediateProtocol(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** diff --git a/swift/ql/lib/codeql/swift/generated/type/BoundGenericType.qll b/swift/ql/lib/codeql/swift/generated/type/BoundGenericType.qll index cc8afe7b2dc..c6b93bc8858 100644 --- a/swift/ql/lib/codeql/swift/generated/type/BoundGenericType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/BoundGenericType.qll @@ -22,7 +22,12 @@ module Generated { /** * Gets the `index`th argument type of this bound generic type (0-based). */ - final Type getArgType(int index) { result = this.getImmediateArgType(index).resolve() } + final Type getArgType(int index) { + exists(Type immediate | + immediate = this.getImmediateArgType(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the argument types of this bound generic type. diff --git a/swift/ql/lib/codeql/swift/generated/type/DependentMemberType.qll b/swift/ql/lib/codeql/swift/generated/type/DependentMemberType.qll index 6f229dd0c40..007748ae2c4 100644 --- a/swift/ql/lib/codeql/swift/generated/type/DependentMemberType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/DependentMemberType.qll @@ -24,7 +24,12 @@ module Generated { /** * Gets the base type of this dependent member type. */ - final Type getBaseType() { result = this.getImmediateBaseType().resolve() } + final Type getBaseType() { + exists(Type immediate | + immediate = this.getImmediateBaseType() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the associated type declaration of this dependent member type. @@ -43,7 +48,10 @@ module Generated { * Gets the associated type declaration of this dependent member type. */ final AssociatedTypeDecl getAssociatedTypeDecl() { - result = this.getImmediateAssociatedTypeDecl().resolve() + exists(AssociatedTypeDecl immediate | + immediate = this.getImmediateAssociatedTypeDecl() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/DictionaryType.qll b/swift/ql/lib/codeql/swift/generated/type/DictionaryType.qll index 328cbaf5cab..fa5c2b97d47 100644 --- a/swift/ql/lib/codeql/swift/generated/type/DictionaryType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/DictionaryType.qll @@ -24,7 +24,12 @@ module Generated { /** * Gets the key type of this dictionary type. */ - final Type getKeyType() { result = this.getImmediateKeyType().resolve() } + final Type getKeyType() { + exists(Type immediate | + immediate = this.getImmediateKeyType() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the value type of this dictionary type. @@ -42,6 +47,11 @@ module Generated { /** * Gets the value type of this dictionary type. */ - final Type getValueType() { result = this.getImmediateValueType().resolve() } + final Type getValueType() { + exists(Type immediate | + immediate = this.getImmediateValueType() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/DynamicSelfType.qll b/swift/ql/lib/codeql/swift/generated/type/DynamicSelfType.qll index 167d3b3336e..e23702fcd25 100644 --- a/swift/ql/lib/codeql/swift/generated/type/DynamicSelfType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/DynamicSelfType.qll @@ -23,6 +23,11 @@ module Generated { /** * Gets the static self type of this dynamic self type. */ - final Type getStaticSelfType() { result = this.getImmediateStaticSelfType().resolve() } + final Type getStaticSelfType() { + exists(Type immediate | + immediate = this.getImmediateStaticSelfType() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ExistentialType.qll b/swift/ql/lib/codeql/swift/generated/type/ExistentialType.qll index 8aa75be5329..a9fe57dd6a5 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ExistentialType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ExistentialType.qll @@ -23,6 +23,11 @@ module Generated { /** * Gets the constraint of this existential type. */ - final Type getConstraint() { result = this.getImmediateConstraint().resolve() } + final Type getConstraint() { + exists(Type immediate | + immediate = this.getImmediateConstraint() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/GenericFunctionType.qll b/swift/ql/lib/codeql/swift/generated/type/GenericFunctionType.qll index 26e12c7efe5..986f661db14 100644 --- a/swift/ql/lib/codeql/swift/generated/type/GenericFunctionType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/GenericFunctionType.qll @@ -28,7 +28,10 @@ module Generated { * Gets the `index`th type parameter of this generic type (0-based). */ final GenericTypeParamType getGenericParam(int index) { - result = this.getImmediateGenericParam(index).resolve() + exists(GenericTypeParamType immediate | + immediate = this.getImmediateGenericParam(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) } /** diff --git a/swift/ql/lib/codeql/swift/generated/type/InOutType.qll b/swift/ql/lib/codeql/swift/generated/type/InOutType.qll index 8ca778d928b..f7de62a4055 100644 --- a/swift/ql/lib/codeql/swift/generated/type/InOutType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/InOutType.qll @@ -23,6 +23,11 @@ module Generated { /** * Gets the object type of this in out type. */ - final Type getObjectType() { result = this.getImmediateObjectType().resolve() } + final Type getObjectType() { + exists(Type immediate | + immediate = this.getImmediateObjectType() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/LValueType.qll b/swift/ql/lib/codeql/swift/generated/type/LValueType.qll index abae89b74b3..c05688a0b73 100644 --- a/swift/ql/lib/codeql/swift/generated/type/LValueType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/LValueType.qll @@ -23,6 +23,11 @@ module Generated { /** * Gets the object type of this l value type. */ - final Type getObjectType() { result = this.getImmediateObjectType().resolve() } + final Type getObjectType() { + exists(Type immediate | + immediate = this.getImmediateObjectType() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ModuleType.qll b/swift/ql/lib/codeql/swift/generated/type/ModuleType.qll index 5b3ea917abd..e43a1107533 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ModuleType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ModuleType.qll @@ -24,6 +24,11 @@ module Generated { /** * Gets the module of this module type. */ - final ModuleDecl getModule() { result = this.getImmediateModule().resolve() } + final ModuleDecl getModule() { + exists(ModuleDecl immediate | + immediate = this.getImmediateModule() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll b/swift/ql/lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll index ae8f60310ba..b503969d8ab 100644 --- a/swift/ql/lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll @@ -29,6 +29,11 @@ module Generated { /** * Gets the declaration of this opaque type archetype type. */ - final OpaqueTypeDecl getDeclaration() { result = this.getImmediateDeclaration().resolve() } + final OpaqueTypeDecl getDeclaration() { + exists(OpaqueTypeDecl immediate | + immediate = this.getImmediateDeclaration() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ParameterizedProtocolType.qll b/swift/ql/lib/codeql/swift/generated/type/ParameterizedProtocolType.qll index bec28eb4746..0218fb91ade 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ParameterizedProtocolType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ParameterizedProtocolType.qll @@ -29,7 +29,12 @@ module Generated { /** * Gets the base of this parameterized protocol type. */ - final ProtocolType getBase() { result = this.getImmediateBase().resolve() } + final ProtocolType getBase() { + exists(ProtocolType immediate | + immediate = this.getImmediateBase() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets the `index`th argument of this parameterized protocol type (0-based). @@ -47,7 +52,12 @@ module Generated { /** * Gets the `index`th argument of this parameterized protocol type (0-based). */ - final Type getArg(int index) { result = this.getImmediateArg(index).resolve() } + final Type getArg(int index) { + exists(Type immediate | + immediate = this.getImmediateArg(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the arguments of this parameterized protocol type. diff --git a/swift/ql/lib/codeql/swift/generated/type/ParenType.qll b/swift/ql/lib/codeql/swift/generated/type/ParenType.qll index b19af82c7e7..c955d1e1dcd 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ParenType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ParenType.qll @@ -22,6 +22,11 @@ module Generated { /** * Gets the type of this paren type. */ - final Type getType() { result = this.getImmediateType().resolve() } + final Type getType() { + exists(Type immediate | + immediate = this.getImmediateType() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ProtocolCompositionType.qll b/swift/ql/lib/codeql/swift/generated/type/ProtocolCompositionType.qll index fbde68aed07..6a6991770da 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ProtocolCompositionType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ProtocolCompositionType.qll @@ -23,7 +23,12 @@ module Generated { /** * Gets the `index`th member of this protocol composition type (0-based). */ - final Type getMember(int index) { result = this.getImmediateMember(index).resolve() } + final Type getMember(int index) { + exists(Type immediate | + immediate = this.getImmediateMember(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the members of this protocol composition type. diff --git a/swift/ql/lib/codeql/swift/generated/type/ReferenceStorageType.qll b/swift/ql/lib/codeql/swift/generated/type/ReferenceStorageType.qll index f34a2d21a39..ff6999d780c 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ReferenceStorageType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ReferenceStorageType.qll @@ -21,6 +21,11 @@ module Generated { /** * Gets the referent type of this reference storage type. */ - final Type getReferentType() { result = this.getImmediateReferentType().resolve() } + final Type getReferentType() { + exists(Type immediate | + immediate = this.getImmediateReferentType() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/TupleType.qll b/swift/ql/lib/codeql/swift/generated/type/TupleType.qll index 3a08e3bd593..662e21ef76f 100644 --- a/swift/ql/lib/codeql/swift/generated/type/TupleType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/TupleType.qll @@ -21,7 +21,12 @@ module Generated { /** * Gets the `index`th type of this tuple type (0-based). */ - final Type getType(int index) { result = this.getImmediateType(index).resolve() } + final Type getType(int index) { + exists(Type immediate | + immediate = this.getImmediateType(index) and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } /** * Gets any of the types of this tuple type. diff --git a/swift/ql/lib/codeql/swift/generated/type/Type.qll b/swift/ql/lib/codeql/swift/generated/type/Type.qll index 17f51174ad3..a3074fdd4d3 100644 --- a/swift/ql/lib/codeql/swift/generated/type/Type.qll +++ b/swift/ql/lib/codeql/swift/generated/type/Type.qll @@ -24,6 +24,11 @@ module Generated { /** * Gets the canonical type of this type. */ - final Type getCanonicalType() { result = this.getImmediateCanonicalType().resolve() } + final Type getCanonicalType() { + exists(Type immediate | + immediate = this.getImmediateCanonicalType() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/TypeAliasType.qll b/swift/ql/lib/codeql/swift/generated/type/TypeAliasType.qll index 976df4ee108..fa6ea238996 100644 --- a/swift/ql/lib/codeql/swift/generated/type/TypeAliasType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/TypeAliasType.qll @@ -24,6 +24,11 @@ module Generated { /** * Gets the declaration of this type alias type. */ - final TypeAliasDecl getDecl() { result = this.getImmediateDecl().resolve() } + final TypeAliasDecl getDecl() { + exists(TypeAliasDecl immediate | + immediate = this.getImmediateDecl() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/TypeRepr.qll b/swift/ql/lib/codeql/swift/generated/type/TypeRepr.qll index 8913869af20..4a3d11bd074 100644 --- a/swift/ql/lib/codeql/swift/generated/type/TypeRepr.qll +++ b/swift/ql/lib/codeql/swift/generated/type/TypeRepr.qll @@ -22,6 +22,11 @@ module Generated { /** * Gets the type of this type representation. */ - final Type getType() { result = this.getImmediateType().resolve() } + final Type getType() { + exists(Type immediate | + immediate = this.getImmediateType() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/UnarySyntaxSugarType.qll b/swift/ql/lib/codeql/swift/generated/type/UnarySyntaxSugarType.qll index 4a02243be68..bf662ae4136 100644 --- a/swift/ql/lib/codeql/swift/generated/type/UnarySyntaxSugarType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/UnarySyntaxSugarType.qll @@ -22,6 +22,11 @@ module Generated { /** * Gets the base type of this unary syntax sugar type. */ - final Type getBaseType() { result = this.getImmediateBaseType().resolve() } + final Type getBaseType() { + exists(Type immediate | + immediate = this.getImmediateBaseType() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } } } diff --git a/swift/ql/test/extractor-tests/generated/decl/CapturedDecl/PrintAst.expected b/swift/ql/test/extractor-tests/generated/decl/CapturedDecl/PrintAst.expected index d7746863677..7e7f62e9471 100644 --- a/swift/ql/test/extractor-tests/generated/decl/CapturedDecl/PrintAst.expected +++ b/swift/ql/test/extractor-tests/generated/decl/CapturedDecl/PrintAst.expected @@ -84,7 +84,7 @@ closures.swift: # 18| getSubExpr(): [ArrayExpr] [...] # 18| getElement(0): [DeclRefExpr] x # 18| getElement(0).getFullyConverted(): [ErasureExpr] (Any) ... -# 18| getImmediateSubExpr(): [LoadExpr] (Int) ... +# 18| getSubExpr(): [LoadExpr] (Int) ... # 18| getArgument(1): [Argument] separator: default separator # 18| getExpr(): [DefaultArgumentExpr] default separator # 18| getArgument(2): [Argument] terminator: default terminator @@ -245,7 +245,7 @@ closures.swift: # 42| getArgument(0): [Argument] : 40 # 42| getExpr(): [IntegerLiteralExpr] 40 # 42| getElement(1).getFullyConverted(): [ErasureExpr] (Any) ... -# 42| getImmediateSubExpr(): [AwaitExpr] await ... +# 42| getSubExpr(): [AwaitExpr] await ... # 42| getArgument(1): [Argument] separator: default separator # 42| getExpr(): [DefaultArgumentExpr] default separator # 42| getArgument(2): [Argument] terminator: default terminator diff --git a/swift/ql/test/library-tests/ast/PrintAst.expected b/swift/ql/test/library-tests/ast/PrintAst.expected index f1d3c7dba9b..b4665b644e8 100644 --- a/swift/ql/test/library-tests/ast/PrintAst.expected +++ b/swift/ql/test/library-tests/ast/PrintAst.expected @@ -595,7 +595,7 @@ cfg.swift: # 122| getInit(0): [MemberRefExpr] .myInt # 122| getBase(): [DeclRefExpr] inoutParam # 122| getBase().getFullyConverted(): [LoadExpr] (C) ... -# 122| getImmediateSubExpr(): [DotSelfExpr] .self +# 122| getSubExpr(): [DotSelfExpr] .self # 122| getPattern(0): [NamedPattern] n10 # 122| getElement(21): [ConcreteVarDecl] n10 # 122| Type = Int @@ -613,7 +613,7 @@ cfg.swift: # 124| getFunction(): [MethodLookupExpr] .getMyInt() # 124| getBase(): [DeclRefExpr] inoutParam # 124| getBase().getFullyConverted(): [LoadExpr] (C) ... -# 124| getImmediateSubExpr(): [DotSelfExpr] .self +# 124| getSubExpr(): [DotSelfExpr] .self # 124| getMethodRef(): [DeclRefExpr] getMyInt() # 124| getPattern(0): [NamedPattern] n12 # 124| getElement(25): [ConcreteVarDecl] n12 @@ -787,7 +787,7 @@ cfg.swift: # 151| getElement(0): [ConditionElement] obj # 151| getBoolean(): [DeclRefExpr] obj # 151| getBoolean().getFullyConverted(): [IsExpr] ... is ... -# 151| getImmediateSubExpr(): [LoadExpr] (AnyObject) ... +# 151| getSubExpr(): [LoadExpr] (AnyObject) ... # 151| getThen(): [BraceStmt] { ... } # 152| getElement(0): [ReturnStmt] return ... # 152| getResult(): [BooleanLiteralExpr] true @@ -805,7 +805,7 @@ cfg.swift: # 156| getPattern(): [EnumElementPattern] .some(...) # 156| getSubPattern(): [NamedPattern] x # 156| getSubPattern().getFullyUnresolved(): [ParenPattern] (...) -# 156| getImmediateSubPattern(): [BindingPattern] let ... +# 156| getSubPattern(): [BindingPattern] let ... # 156| getInitializer(): [DeclRefExpr] xOptional # 156| getThen(): [BraceStmt] { ... } # 157| getElement(0): [ReturnStmt] return ... @@ -2048,7 +2048,7 @@ cfg.swift: # 301| getSubExpr(): [ArrayExpr] [...] # 301| getElement(0): [DeclRefExpr] x # 301| getElement(0).getFullyConverted(): [ErasureExpr] (Any) ... -# 301| getImmediateSubExpr(): [LoadExpr] (Int) ... +# 301| getSubExpr(): [LoadExpr] (Int) ... # 301| getArgument(1): [Argument] separator: default separator # 301| getExpr(): [DefaultArgumentExpr] default separator # 301| getArgument(2): [Argument] terminator: default terminator @@ -2089,7 +2089,7 @@ cfg.swift: # 308| getSubExpr(): [ArrayExpr] [...] # 308| getElement(0): [DeclRefExpr] x # 308| getElement(0).getFullyConverted(): [ErasureExpr] (Any) ... -# 308| getImmediateSubExpr(): [LoadExpr] (Int) ... +# 308| getSubExpr(): [LoadExpr] (Int) ... # 308| getArgument(1): [Argument] separator: default separator # 308| getExpr(): [DefaultArgumentExpr] default separator # 308| getArgument(2): [Argument] terminator: default terminator @@ -2196,7 +2196,7 @@ cfg.swift: # 324| getSubExpr(): [ArrayExpr] [...] # 324| getElement(0): [DeclRefExpr] x # 324| getElement(0).getFullyConverted(): [ErasureExpr] (Any) ... -# 324| getImmediateSubExpr(): [LoadExpr] (Int) ... +# 324| getSubExpr(): [LoadExpr] (Int) ... # 324| getArgument(1): [Argument] separator: default separator # 324| getExpr(): [DefaultArgumentExpr] default separator # 324| getArgument(2): [Argument] terminator: default terminator @@ -2287,7 +2287,7 @@ cfg.swift: # 340| getSubExpr(): [ArrayExpr] [...] # 340| getElement(0): [DeclRefExpr] x # 340| getElement(0).getFullyConverted(): [ErasureExpr] (Any) ... -# 340| getImmediateSubExpr(): [LoadExpr] (Int) ... +# 340| getSubExpr(): [LoadExpr] (Int) ... # 340| getArgument(1): [Argument] separator: default separator # 340| getExpr(): [DefaultArgumentExpr] default separator # 340| getArgument(2): [Argument] terminator: default terminator @@ -4214,8 +4214,8 @@ declarations.swift: # 155| getTypeRepr(): [TypeRepr] Derived # 155| getMethodRef(): [DeclRefExpr] Derived.init() # 155| getInit(0).getFullyConverted(): [InjectIntoOptionalExpr] (Baz?) ... -# 155| getImmediateSubExpr(): [CoerceExpr] (Baz) ... -# 155| getImmediateSubExpr(): [DerivedToBaseExpr] (Baz) ... +# 155| getSubExpr(): [CoerceExpr] (Baz) ... +# 155| getSubExpr(): [DerivedToBaseExpr] (Baz) ... # 155| getPattern(0): [TypedPattern] ... as ... # 155| getSubPattern(): [NamedPattern] d # 155| getTypeRepr(): [TypeRepr] Baz? @@ -5912,7 +5912,7 @@ patterns.swift: # 83| getPattern(): [EnumElementPattern] .mySingle(...) # 83| getSubPattern(): [NamedPattern] a # 83| getSubPattern().getFullyUnresolved(): [ParenPattern] (...) -# 83| getImmediateSubPattern(): [BindingPattern] let ... +# 83| getSubPattern(): [BindingPattern] let ... # 85| getCase(2): [CaseStmt] case ... # 86| getBody(): [BraceStmt] { ... } # 86| getElement(0): [CallExpr] call to sink(arg:) @@ -5948,7 +5948,7 @@ patterns.swift: # 92| getPattern(): [EnumElementPattern] .mySingle(...) # 92| getSubPattern(): [NamedPattern] x # 92| getSubPattern().getFullyUnresolved(): [ParenPattern] (...) -# 92| getImmediateSubPattern(): [BindingPattern] let ... +# 92| getSubPattern(): [BindingPattern] let ... # 92| getInitializer(): [DeclRefExpr] a # 92| getInitializer().getFullyConverted(): [LoadExpr] (MyEnum) ... # 92| getThen(): [BraceStmt] { ... } @@ -6004,7 +6004,7 @@ patterns.swift: # 105| getPattern(): [EnumElementPattern] .mySingle(...) # 105| getSubPattern(): [NamedPattern] a # 105| getSubPattern().getFullyUnresolved(): [ParenPattern] (...) -# 105| getImmediateSubPattern(): [BindingPattern] let ... +# 105| getSubPattern(): [BindingPattern] let ... # 107| getCase(2): [CaseStmt] case ... # 108| getBody(): [BraceStmt] { ... } # 108| getElement(0): [CallExpr] call to sink(arg:) @@ -6040,7 +6040,7 @@ patterns.swift: # 114| getPattern(): [EnumElementPattern] .mySingle(...) # 114| getSubPattern(): [NamedPattern] x # 114| getSubPattern().getFullyUnresolved(): [ParenPattern] (...) -# 114| getImmediateSubPattern(): [BindingPattern] let ... +# 114| getSubPattern(): [BindingPattern] let ... # 114| getInitializer(): [DeclRefExpr] a # 114| getInitializer().getFullyConverted(): [LoadExpr] (MyEnum) ... # 114| getThen(): [BraceStmt] { ... } @@ -6098,7 +6098,7 @@ patterns.swift: # 127| getPattern(): [EnumElementPattern] .mySingle(...) # 127| getSubPattern(): [NamedPattern] a # 127| getSubPattern().getFullyUnresolved(): [ParenPattern] (...) -# 127| getImmediateSubPattern(): [BindingPattern] let ... +# 127| getSubPattern(): [BindingPattern] let ... # 129| getCase(2): [CaseStmt] case ... # 130| getBody(): [BraceStmt] { ... } # 130| getElement(0): [CallExpr] call to sink(arg:) @@ -6134,7 +6134,7 @@ patterns.swift: # 136| getPattern(): [EnumElementPattern] .mySingle(...) # 136| getSubPattern(): [NamedPattern] x # 136| getSubPattern().getFullyUnresolved(): [ParenPattern] (...) -# 136| getImmediateSubPattern(): [BindingPattern] let ... +# 136| getSubPattern(): [BindingPattern] let ... # 136| getInitializer(): [DeclRefExpr] a # 136| getInitializer().getFullyConverted(): [LoadExpr] (MyEnum) ... # 136| getThen(): [BraceStmt] { ... } @@ -6195,7 +6195,7 @@ patterns.swift: # 149| getPattern(): [EnumElementPattern] .mySingle(...) # 149| getSubPattern(): [NamedPattern] a # 149| getSubPattern().getFullyUnresolved(): [ParenPattern] (...) -# 149| getImmediateSubPattern(): [BindingPattern] let ... +# 149| getSubPattern(): [BindingPattern] let ... # 151| getCase(2): [CaseStmt] case ... # 152| getBody(): [BraceStmt] { ... } # 152| getElement(0): [CallExpr] call to sink(arg:) @@ -6254,7 +6254,7 @@ patterns.swift: # 162| getPattern(): [EnumElementPattern] .mySingle(...) # 162| getSubPattern(): [NamedPattern] x # 162| getSubPattern().getFullyUnresolved(): [ParenPattern] (...) -# 162| getImmediateSubPattern(): [BindingPattern] let ... +# 162| getSubPattern(): [BindingPattern] let ... # 162| getInitializer(): [CallExpr] call to ... # 162| getFunction(): [MethodLookupExpr] .myPair # 162| getBase(): [TypeExpr] MyEnum.Type diff --git a/swift/ql/test/library-tests/hidden-ast/Conversions.expected b/swift/ql/test/library-tests/hidden-ast/Conversions.expected new file mode 100644 index 00000000000..2355bb0878a --- /dev/null +++ b/swift/ql/test/library-tests/hidden-ast/Conversions.expected @@ -0,0 +1,3 @@ +| chained_conversion.swift:2:12:2:14 | (Int) ... | LoadExpr | chained_conversion.swift:2:12:2:14 | .self | DotSelfExpr | +| chained_conversion.swift:2:12:2:14 | (Int?) ... | InjectIntoOptionalExpr | chained_conversion.swift:2:12:2:14 | (Int) ... | LoadExpr | +| chained_conversion.swift:2:12:2:14 | .self | DotSelfExpr | chained_conversion.swift:2:12:2:12 | x | DeclRefExpr | diff --git a/swift/ql/test/library-tests/hidden-ast/Conversions.ql b/swift/ql/test/library-tests/hidden-ast/Conversions.ql new file mode 100644 index 00000000000..ea9a56b768a --- /dev/null +++ b/swift/ql/test/library-tests/hidden-ast/Conversions.ql @@ -0,0 +1,5 @@ +import swift + +from Expr e, Expr subexpr +where subexpr = [e.(IdentityExpr).getSubExpr(), e.(ImplicitConversionExpr).getSubExpr()] +select e, e.getPrimaryQlClasses(), subexpr, subexpr.getPrimaryQlClasses() diff --git a/swift/ql/test/library-tests/hidden-ast/PrintAst.expected b/swift/ql/test/library-tests/hidden-ast/PrintAst.expected new file mode 100644 index 00000000000..510908e79dc --- /dev/null +++ b/swift/ql/test/library-tests/hidden-ast/PrintAst.expected @@ -0,0 +1,11 @@ +chained_conversion.swift: +# 1| [NamedFunction] foo(x:) +# 1| InterfaceType = (inout Int) -> Int? +# 1| getParam(0): [ParamDecl] x +# 1| Type = Int +# 1| getBody(): [BraceStmt] { ... } +# 2| getElement(0): [ReturnStmt] return ... +# 2| getResult(): [DeclRefExpr] x +# 2| getResult().getFullyConverted(): [InjectIntoOptionalExpr] (Int?) ... +# 2| getSubExpr(): [LoadExpr] (Int) ... +# 2| getSubExpr(): [DotSelfExpr] .self diff --git a/swift/ql/test/library-tests/hidden-ast/PrintAst.qlref b/swift/ql/test/library-tests/hidden-ast/PrintAst.qlref new file mode 100644 index 00000000000..f7d7d0c4fcb --- /dev/null +++ b/swift/ql/test/library-tests/hidden-ast/PrintAst.qlref @@ -0,0 +1 @@ +library-tests/ast/PrintAst.ql diff --git a/swift/ql/test/library-tests/hidden-ast/chained_conversion.swift b/swift/ql/test/library-tests/hidden-ast/chained_conversion.swift new file mode 100644 index 00000000000..4f9ec59853a --- /dev/null +++ b/swift/ql/test/library-tests/hidden-ast/chained_conversion.swift @@ -0,0 +1,3 @@ +func foo(x: inout Int) -> Int? { + return x.self +} From 708a99528fcf41c2e4743b2e4fcbdc3f25c2308e Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Mon, 22 May 2023 10:11:32 +0200 Subject: [PATCH 516/870] initial implementation of TS 5.1 --- docs/codeql/reusables/supported-versions-compilers.rst | 2 +- javascript/extractor/lib/typescript/package.json | 2 +- javascript/extractor/lib/typescript/src/main.ts | 1 - javascript/extractor/lib/typescript/yarn.lock | 8 ++++---- .../extractor/src/com/semmle/js/extractor/Main.java | 2 +- .../ql/lib/change-notes/2023-04-19-typescript-5-1.md | 4 ++++ 6 files changed, 11 insertions(+), 8 deletions(-) create mode 100644 javascript/ql/lib/change-notes/2023-04-19-typescript-5-1.md diff --git a/docs/codeql/reusables/supported-versions-compilers.rst b/docs/codeql/reusables/supported-versions-compilers.rst index 93b826a94dd..1ac892c01c2 100644 --- a/docs/codeql/reusables/supported-versions-compilers.rst +++ b/docs/codeql/reusables/supported-versions-compilers.rst @@ -25,7 +25,7 @@ Python [8]_,"2.7, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, 3.11",Not applicable,``.py`` Ruby [9]_,"up to 3.2",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``" Swift [10]_,"Swift 5.4-5.7","Swift compiler","``.swift``" - TypeScript [11]_,"2.6-5.0",Standard TypeScript compiler,"``.ts``, ``.tsx``, ``.mts``, ``.cts``" + TypeScript [11]_,"2.6-5.1",Standard TypeScript compiler,"``.ts``, ``.tsx``, ``.mts``, ``.cts``" .. container:: footnote-group diff --git a/javascript/extractor/lib/typescript/package.json b/javascript/extractor/lib/typescript/package.json index 0c8de4f1bbc..cb053bb0e6f 100644 --- a/javascript/extractor/lib/typescript/package.json +++ b/javascript/extractor/lib/typescript/package.json @@ -2,7 +2,7 @@ "name": "typescript-parser-wrapper", "private": true, "dependencies": { - "typescript": "5.0.2" + "typescript": "5.1.1-rc" }, "scripts": { "build": "tsc --project tsconfig.json", diff --git a/javascript/extractor/lib/typescript/src/main.ts b/javascript/extractor/lib/typescript/src/main.ts index 2e9f26b6953..2594f4e35f5 100644 --- a/javascript/extractor/lib/typescript/src/main.ts +++ b/javascript/extractor/lib/typescript/src/main.ts @@ -579,7 +579,6 @@ function handleOpenProjectCommand(command: OpenProjectCommand) { // inverse mapping, nor a way to enumerate all known module names. So we discover all // modules on the type roots (usually "node_modules/@types" but this is configurable). let typeRoots = ts.getEffectiveTypeRoots(config.options, { - directoryExists: (path) => ts.sys.directoryExists(path), getCurrentDirectory: () => basePath, }); diff --git a/javascript/extractor/lib/typescript/yarn.lock b/javascript/extractor/lib/typescript/yarn.lock index 88d32ae6b3a..3b0a9476df6 100644 --- a/javascript/extractor/lib/typescript/yarn.lock +++ b/javascript/extractor/lib/typescript/yarn.lock @@ -7,7 +7,7 @@ resolved "https://registry.yarnpkg.com/@types/node/-/node-18.15.3.tgz#f0b991c32cfc6a4e7f3399d6cb4b8cf9a0315014" integrity sha512-p6ua9zBxz5otCmbpb5D3U4B5Nanw6Pk3PPyX05xnxbB/fRv71N7CPmORg7uAD5P70T0xmx1pzAx/FUfa5X+3cw== -typescript@5.0.2: - version "5.0.2" - resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.0.2.tgz#891e1a90c5189d8506af64b9ef929fca99ba1ee5" - integrity sha512-wVORMBGO/FAs/++blGNeAVdbNKtIh1rbBL2EyQ1+J9lClJ93KiiKe8PmFIVdXhHcyv44SL9oglmfeSsndo0jRw== +typescript@5.1.1-rc: + version "5.1.1-rc" + resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.1.1-rc.tgz#7be6e85bb4ad36e07e0125e501eb08ed3a6e3769" + integrity sha512-+yHTPe5QCxw5cgN+B81z+k65xTHcwNCRwJN7OGVUe3srPULTZHF7J9QCgrptL7F8mrO7gmsert7XrMksAjutRw== diff --git a/javascript/extractor/src/com/semmle/js/extractor/Main.java b/javascript/extractor/src/com/semmle/js/extractor/Main.java index 4f8bb2c1ced..2a188676924 100644 --- a/javascript/extractor/src/com/semmle/js/extractor/Main.java +++ b/javascript/extractor/src/com/semmle/js/extractor/Main.java @@ -41,7 +41,7 @@ public class Main { * A version identifier that should be updated every time the extractor changes in such a way that * it may produce different tuples for the same file under the same {@link ExtractorConfig}. */ - public static final String EXTRACTOR_VERSION = "2023-03-16"; + public static final String EXTRACTOR_VERSION = "2023-04-19"; public static final Pattern NEWLINE = Pattern.compile("\n"); diff --git a/javascript/ql/lib/change-notes/2023-04-19-typescript-5-1.md b/javascript/ql/lib/change-notes/2023-04-19-typescript-5-1.md new file mode 100644 index 00000000000..7260bd3d389 --- /dev/null +++ b/javascript/ql/lib/change-notes/2023-04-19-typescript-5-1.md @@ -0,0 +1,4 @@ +--- +category: majorAnalysis +--- +* Added support for TypeScript 5.1. \ No newline at end of file From 20893bdef5954cb4bfa826a2a5fd51511dd5c85e Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Mon, 22 May 2023 10:14:29 +0200 Subject: [PATCH 517/870] Swift: accept test changes after hidden AST fix --- .../generated/expr/IdentityExpr/IdentityExpr.expected | 2 +- .../generated/expr/IdentityExpr/IdentityExpr_getType.expected | 2 +- .../expr/ImplicitConversionExpr/ImplicitConversionExpr.expected | 2 +- .../ImplicitConversionExpr_getType.expected | 2 +- .../generated/type/DynamicSelfType/DynamicSelfType.expected | 1 + 5 files changed, 5 insertions(+), 4 deletions(-) diff --git a/swift/ql/test/extractor-tests/generated/expr/IdentityExpr/IdentityExpr.expected b/swift/ql/test/extractor-tests/generated/expr/IdentityExpr/IdentityExpr.expected index 05634e5ab1b..845dde278e1 100644 --- a/swift/ql/test/extractor-tests/generated/expr/IdentityExpr/IdentityExpr.expected +++ b/swift/ql/test/extractor-tests/generated/expr/IdentityExpr/IdentityExpr.expected @@ -2,7 +2,7 @@ | identity_expressions.swift:4:9:4:21 | .self | DotSelfExpr | hasType: | yes | getSubExpr: | identity_expressions.swift:4:9:4:19 | .x | | identity_expressions.swift:4:28:4:31 | (...) | ParenExpr | hasType: | yes | getSubExpr: | identity_expressions.swift:4:29:4:29 | 42 | | identity_expressions.swift:8:5:8:9 | (...) | ParenExpr | hasType: | yes | getSubExpr: | identity_expressions.swift:8:6:8:8 | call to A.init() | -| identity_expressions.swift:11:28:11:43 | (...) | ParenExpr | hasType: | yes | getSubExpr: | identity_expressions.swift:11:35:11:42 | call to create() | +| identity_expressions.swift:11:28:11:43 | (...) | ParenExpr | hasType: | yes | getSubExpr: | identity_expressions.swift:11:29:11:42 | await ... | | identity_expressions.swift:11:29:11:42 | await ... | AwaitExpr | hasType: | yes | getSubExpr: | identity_expressions.swift:11:35:11:42 | call to create() | | identity_expressions.swift:14:5:14:21 | await ... | AwaitExpr | hasType: | yes | getSubExpr: | identity_expressions.swift:14:11:14:21 | call to process() | | identity_expressions.swift:14:11:14:19 | (...) | ParenExpr | hasType: | yes | getSubExpr: | identity_expressions.swift:14:12:14:12 | process() | diff --git a/swift/ql/test/extractor-tests/generated/expr/IdentityExpr/IdentityExpr_getType.expected b/swift/ql/test/extractor-tests/generated/expr/IdentityExpr/IdentityExpr_getType.expected index 029023374ce..025db5e1932 100644 --- a/swift/ql/test/extractor-tests/generated/expr/IdentityExpr/IdentityExpr_getType.expected +++ b/swift/ql/test/extractor-tests/generated/expr/IdentityExpr/IdentityExpr_getType.expected @@ -1,5 +1,5 @@ | identity_expressions.swift:4:9:4:14 | .self | A | -| identity_expressions.swift:4:9:4:21 | .self | Int | +| identity_expressions.swift:4:9:4:21 | .self | @lvalue Int | | identity_expressions.swift:4:28:4:31 | (...) | (Int) | | identity_expressions.swift:8:5:8:9 | (...) | (A) | | identity_expressions.swift:11:28:11:43 | (...) | (A) | diff --git a/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr.expected b/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr.expected index 14fa9eb88b1..90e2af39d30 100644 --- a/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr.expected +++ b/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr.expected @@ -1,5 +1,5 @@ | implicit_conversions.swift:2:3:2:3 | (UnsafePointer) ... | StringToPointerExpr | hasType: | yes | getSubExpr: | implicit_conversions.swift:2:3:2:3 | Hello | | implicit_conversions.swift:4:16:4:16 | (Int?) ... | InjectIntoOptionalExpr | hasType: | yes | getSubExpr: | implicit_conversions.swift:4:16:4:16 | 42 | | implicit_conversions.swift:5:25:5:25 | (Equatable) ... | ErasureExpr | hasType: | yes | getSubExpr: | implicit_conversions.swift:5:25:5:25 | 42 | -| implicit_conversions.swift:12:3:12:5 | ((() -> Void)?) ... | AbiSafeConversionExpr | hasType: | yes | getSubExpr: | implicit_conversions.swift:12:3:12:5 | .b | +| implicit_conversions.swift:12:3:12:5 | (@lvalue (() -> Void)?) ... | AbiSafeConversionExpr | hasType: | yes | getSubExpr: | implicit_conversions.swift:12:3:12:5 | .b | | implicit_conversions.swift:12:9:12:10 | ((() -> Void)?) ... | InjectIntoOptionalExpr | hasType: | yes | getSubExpr: | implicit_conversions.swift:12:9:12:10 | { ... } | diff --git a/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr_getType.expected b/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr_getType.expected index a7f1b65dcbe..d8dfc2cd957 100644 --- a/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr_getType.expected +++ b/swift/ql/test/extractor-tests/generated/expr/ImplicitConversionExpr/ImplicitConversionExpr_getType.expected @@ -1,5 +1,5 @@ | implicit_conversions.swift:2:3:2:3 | (UnsafePointer) ... | UnsafePointer | | implicit_conversions.swift:4:16:4:16 | (Int?) ... | Int? | | implicit_conversions.swift:5:25:5:25 | (Equatable) ... | Equatable | -| implicit_conversions.swift:12:3:12:5 | ((() -> Void)?) ... | (() -> Void)? | +| implicit_conversions.swift:12:3:12:5 | (@lvalue (() -> Void)?) ... | @lvalue (() -> Void)? | | implicit_conversions.swift:12:9:12:10 | ((() -> Void)?) ... | (() -> Void)? | diff --git a/swift/ql/test/extractor-tests/generated/type/DynamicSelfType/DynamicSelfType.expected b/swift/ql/test/extractor-tests/generated/type/DynamicSelfType/DynamicSelfType.expected index e69de29bb2d..6e36cc0e55f 100644 --- a/swift/ql/test/extractor-tests/generated/type/DynamicSelfType/DynamicSelfType.expected +++ b/swift/ql/test/extractor-tests/generated/type/DynamicSelfType/DynamicSelfType.expected @@ -0,0 +1 @@ +| Self | getName: | Self | getCanonicalType: | Self | getStaticSelfType: | X | From 33be52f0b7818dc64ae7f75aaf51096fb978ab1f Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 22 May 2023 10:58:05 +0200 Subject: [PATCH 518/870] Ruby: Allow for flow out of callbacks passed to summarized methods in type tracking --- .../lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll b/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll index 31eb7814632..344bf588642 100644 --- a/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll +++ b/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll @@ -611,8 +611,13 @@ private DataFlow::Node evaluateSummaryComponentStackLocal( [p.(DataFlow::Node), DataFlowPrivate::LocalFlow::getParameterDefNode(p.getParameter())] ) or - head = SummaryComponent::return() and - result.(DataFlowPrivate::SynthReturnNode).getCfgScope() = prev.asExpr().getExpr() + exists(DataFlowPrivate::SynthReturnNode ret | + head = SummaryComponent::return() and + ret.getCfgScope() = prev.asExpr().getExpr() and + // We need to include both `ret` and `ret.getAnInput()`, since in type-tracking + // the step from `ret.getAnInput()` to `ret` is considered a call step. + result = [ret.(DataFlow::Node), ret.getAnInput()] + ) or exists(DataFlow::ContentSet content | head = SummaryComponent::withoutContent(content) and From f46183d0ba5486d7a9b797d55d3b8721be60afa2 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 22 May 2023 11:41:49 +0200 Subject: [PATCH 519/870] C++: Include inline namespaces in `StdNamespace` --- cpp/ql/lib/semmle/code/cpp/Namespace.qll | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/Namespace.qll b/cpp/ql/lib/semmle/code/cpp/Namespace.qll index 129e1449c32..065e28c8429 100644 --- a/cpp/ql/lib/semmle/code/cpp/Namespace.qll +++ b/cpp/ql/lib/semmle/code/cpp/Namespace.qll @@ -230,8 +230,12 @@ class GlobalNamespace extends Namespace { } /** - * The C++ `std::` namespace. + * The C++ `std::` namespace and its inline namespaces. */ class StdNamespace extends Namespace { - StdNamespace() { this.hasName("std") and this.getParentNamespace() instanceof GlobalNamespace } + StdNamespace() { + this.hasName("std") and this.getParentNamespace() instanceof GlobalNamespace + or + this.isInline() and this.getParentNamespace() instanceof StdNamespace + } } From a057365b7e7c72cbefb9942d775da6b9951c79f9 Mon Sep 17 00:00:00 2001 From: Rasmus Wriedt Larsen Date: Mon, 22 May 2023 11:54:50 +0200 Subject: [PATCH 520/870] Python: Accept `.expected` changes --- .../Security/CWE-176/UnicodeBypassValidation.expected | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/python/ql/test/experimental/query-tests/Security/CWE-176/UnicodeBypassValidation.expected b/python/ql/test/experimental/query-tests/Security/CWE-176/UnicodeBypassValidation.expected index d5bae8b6436..14d067ec98c 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-176/UnicodeBypassValidation.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-176/UnicodeBypassValidation.expected @@ -1,8 +1,7 @@ edges -| samples.py:0:0:0:0 | ModuleVariableNode for samples.request | samples.py:9:25:9:31 | ControlFlowNode for request | -| samples.py:0:0:0:0 | ModuleVariableNode for samples.request | samples.py:16:25:16:31 | ControlFlowNode for request | | samples.py:2:26:2:32 | ControlFlowNode for ImportMember | samples.py:2:26:2:32 | GSSA Variable request | -| samples.py:2:26:2:32 | GSSA Variable request | samples.py:0:0:0:0 | ModuleVariableNode for samples.request | +| samples.py:2:26:2:32 | GSSA Variable request | samples.py:9:25:9:31 | ControlFlowNode for request | +| samples.py:2:26:2:32 | GSSA Variable request | samples.py:16:25:16:31 | ControlFlowNode for request | | samples.py:9:18:9:47 | ControlFlowNode for escape() | samples.py:10:59:10:68 | ControlFlowNode for user_input | | samples.py:9:25:9:31 | ControlFlowNode for request | samples.py:9:25:9:36 | ControlFlowNode for Attribute | | samples.py:9:25:9:36 | ControlFlowNode for Attribute | samples.py:9:25:9:46 | ControlFlowNode for Attribute() | @@ -12,7 +11,6 @@ edges | samples.py:16:25:16:36 | ControlFlowNode for Attribute | samples.py:16:25:16:46 | ControlFlowNode for Attribute() | | samples.py:16:25:16:46 | ControlFlowNode for Attribute() | samples.py:16:18:16:47 | ControlFlowNode for escape() | nodes -| samples.py:0:0:0:0 | ModuleVariableNode for samples.request | semmle.label | ModuleVariableNode for samples.request | | samples.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember | | samples.py:2:26:2:32 | GSSA Variable request | semmle.label | GSSA Variable request | | samples.py:9:18:9:47 | ControlFlowNode for escape() | semmle.label | ControlFlowNode for escape() | From c1b90c8f0551547a6f4ea98fb469a352838c9806 Mon Sep 17 00:00:00 2001 From: Rasmus Wriedt Larsen Date: Mon, 22 May 2023 11:58:32 +0200 Subject: [PATCH 521/870] Python: Apply suggested change --- .../CWE-176/UnicodeBypassValidationQuery.qll | 31 ++----------------- 1 file changed, 2 insertions(+), 29 deletions(-) diff --git a/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationQuery.qll b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationQuery.qll index 2549bd796b2..702a69a7095 100644 --- a/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationQuery.qll +++ b/python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidationQuery.qll @@ -43,35 +43,8 @@ class Configuration extends TaintTracking::Configuration { or exists(RegexExecution re | nodeFrom = re.getString() and nodeTo = re) or - // String methods - exists(MethodCallNode call, string method_name | - nodeTo = call and call.getMethodName() = method_name - | - call.calls(nodeFrom, method_name) and - method_name in [ - "capitalize", "casefold", "center", "expandtabs", "format", "format_map", "join", - "ljust", "lstrip", "lower", "replace", "rjust", "rstrip", "strip", "swapcase", "title", - "upper", "zfill", "encode", "decode" - ] - or - method_name = "replace" and - nodeFrom = call.getArg(1) - or - method_name = "format" and - nodeFrom = call.getArg(_) - or - // str -> List[str] - call.calls(nodeFrom, method_name) and - method_name in ["partition", "rpartition", "rsplit", "split", "splitlines"] - or - // Iterable[str] -> str - method_name = "join" and - nodeFrom = call.getArg(0) - or - // Mapping[str, Any] -> str - method_name = "format_map" and - nodeFrom = call.getArg(0) - ) + stringManipulation(nodeFrom, nodeTo) and + not nodeTo.(DataFlow::MethodCallNode).getMethodName() in ["encode", "decode"] ) and stateFrom instanceof PreValidation and stateTo instanceof PostValidation From d4ab1c9643d1958f9e05ca9b147065a93ff359d5 Mon Sep 17 00:00:00 2001 From: Philip Ginsbach Date: Mon, 22 May 2023 11:22:47 +0100 Subject: [PATCH 522/870] such identifiers do not actually exist in QL --- docs/codeql/ql-language-reference/ql-language-specification.rst | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/codeql/ql-language-reference/ql-language-specification.rst b/docs/codeql/ql-language-reference/ql-language-specification.rst index 932af759340..f1d452624fb 100644 --- a/docs/codeql/ql-language-reference/ql-language-specification.rst +++ b/docs/codeql/ql-language-reference/ql-language-specification.rst @@ -628,8 +628,6 @@ There are several kinds of identifiers: - ``atLowerId``: an identifier that starts with an "@" sign and then a lower-case letter. -- ``atUpperId``: an identifier that starts with an "@" sign and then an upper-case letter. - Identifiers are used in following syntactic constructs: :: From 20efe81f1006d21eb4d73734ef6ba571be396b4a Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 22 May 2023 12:43:05 +0200 Subject: [PATCH 523/870] Update ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll Co-authored-by: Asger F --- ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll b/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll index 344bf588642..7283ffedf09 100644 --- a/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll +++ b/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll @@ -615,7 +615,7 @@ private DataFlow::Node evaluateSummaryComponentStackLocal( head = SummaryComponent::return() and ret.getCfgScope() = prev.asExpr().getExpr() and // We need to include both `ret` and `ret.getAnInput()`, since in type-tracking - // the step from `ret.getAnInput()` to `ret` is considered a call step. + // the step from `ret.getAnInput()` to `ret` is considered a return step. result = [ret.(DataFlow::Node), ret.getAnInput()] ) or From 7ace4cd43e464b141af0f9cb2c32a57ce122d64b Mon Sep 17 00:00:00 2001 From: Philip Ginsbach Date: Mon, 22 May 2023 11:25:25 +0100 Subject: [PATCH 524/870] add rule for module signature names (differing from module names) --- .../ql-language-specification.rst | 25 +++++++++++-------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/docs/codeql/ql-language-reference/ql-language-specification.rst b/docs/codeql/ql-language-reference/ql-language-specification.rst index f1d452624fb..2a1fbde097e 100644 --- a/docs/codeql/ql-language-reference/ql-language-specification.rst +++ b/docs/codeql/ql-language-reference/ql-language-specification.rst @@ -351,7 +351,7 @@ A QL signature definition has the following syntax: typeSignature ::= qldoc? annotations "signature" "class" upperId ("extends" type ("," type)*)? (";" | "{" signaturePredicate* "}") - moduleSignature ::= qldoc? annotation* "signature" "module" upperId parameters? "{" moduleSignatureBody "}" + moduleSignature ::= qldoc? annotation* "signature" "module" moduleSignatureName parameters? "{" moduleSignatureBody "}" moduleSignatureBody ::= (signaturePredicate | defaultPredicate | signatureType)* @@ -632,14 +632,15 @@ Identifiers are used in following syntactic constructs: :: - simpleId ::= lowerId | upperId - modulename ::= simpleId - classname ::= upperId - dbasetype ::= atLowerId - predicateRef ::= (moduleExpr "::")? literalId - predicateName ::= lowerId - varname ::= lowerId - literalId ::= lowerId | atLowerId + simpleId ::= lowerId | upperId + modulename ::= simpleId + moduleSignatureName ::= upperId + classname ::= upperId + dbasetype ::= atLowerId + predicateRef ::= (moduleExpr "::")? literalId + predicateName ::= lowerId + varname ::= lowerId + literalId ::= lowerId | atLowerId Integer literals (int) ~~~~~~~~~~~~~~~~~~~~~~ @@ -2127,7 +2128,7 @@ The complete grammar for QL is as follows: typeSignature ::= qldoc? annotations "signature" "class" upperId ("extends" type ("," type)*)? (";" | "{" signaturePredicate* "}") - moduleSignature ::= qldoc? annotation* "signature" "module" upperId parameters? "{" moduleSignatureBody "}" + moduleSignature ::= qldoc? annotation* "signature" "module" moduleSignatureName parameters? "{" moduleSignatureBody "}" moduleSignatureBody ::= (signaturePredicate | defaultPredicate | signatureType)* @@ -2184,7 +2185,7 @@ The complete grammar for QL is as follows: moduleExpr ::= simpleId arguments? | moduleExpr "::" simpleId arguments? - moduleSignatureExpr ::= (moduleExpr "::")? upperId arguments? + moduleSignatureExpr ::= (moduleExpr "::")? moduleSignatureName arguments? signatureExpr : (moduleExpr "::")? simpleId ("/" Integer | arguments)?; @@ -2311,6 +2312,8 @@ The complete grammar for QL is as follows: modulename ::= simpleId + moduleSignatureName ::= upperId + classname ::= upperId dbasetype ::= atLowerId From b707815370acd056215466c060d730556f1f8a55 Mon Sep 17 00:00:00 2001 From: Philip Ginsbach Date: Mon, 22 May 2023 11:28:14 +0100 Subject: [PATCH 525/870] do not use simpleId directly in module expression rules --- .../ql-language-reference/ql-language-specification.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/codeql/ql-language-reference/ql-language-specification.rst b/docs/codeql/ql-language-reference/ql-language-specification.rst index 2a1fbde097e..2d8a76ec727 100644 --- a/docs/codeql/ql-language-reference/ql-language-specification.rst +++ b/docs/codeql/ql-language-reference/ql-language-specification.rst @@ -216,7 +216,7 @@ An import directive refers to a module identifier: qualId ::= simpleId | qualId "." simpleId - importModuleExpr ::= qualId | importModuleExpr "::" simpleId arguments? + importModuleExpr ::= qualId | importModuleExpr "::" modulename arguments? arguments ::= "<" argument ("," argument)* ">" @@ -289,7 +289,7 @@ With the exception of class domain types and character types (which cannot be re type ::= (moduleExpr "::")? classname | dbasetype | "boolean" | "date" | "float" | "int" | "string" - moduleExpr ::= simpleId arguments? | moduleExpr "::" simpleId arguments? + moduleExpr ::= modulename arguments? | moduleExpr "::" modulename arguments? A type reference is resolved to a type as follows: @@ -2116,7 +2116,7 @@ The complete grammar for QL is as follows: qualId ::= simpleId | qualId "." simpleId - importModuleExpr ::= qualId | importModuleExpr "::" simpleId arguments? + importModuleExpr ::= qualId | importModuleExpr "::" modulename arguments? arguments ::= "<" argument ("," argument)* ">" @@ -2183,7 +2183,7 @@ The complete grammar for QL is as follows: field ::= qldoc? annotations var_decl ";" - moduleExpr ::= simpleId arguments? | moduleExpr "::" simpleId arguments? + moduleExpr ::= modulename arguments? | moduleExpr "::" modulename arguments? moduleSignatureExpr ::= (moduleExpr "::")? moduleSignatureName arguments? From d98fcdd6aa7679b8c28fbd2a6ffb354d54f5bd70 Mon Sep 17 00:00:00 2001 From: Philip Ginsbach Date: Mon, 22 May 2023 11:40:56 +0100 Subject: [PATCH 526/870] do not use upperId directly in type signature rules --- .../ql-language-reference/ql-language-specification.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/codeql/ql-language-reference/ql-language-specification.rst b/docs/codeql/ql-language-reference/ql-language-specification.rst index 2d8a76ec727..c93ec0191d4 100644 --- a/docs/codeql/ql-language-reference/ql-language-specification.rst +++ b/docs/codeql/ql-language-reference/ql-language-specification.rst @@ -349,7 +349,7 @@ A QL signature definition has the following syntax: predicateSignature ::= qldoc? annotations "signature" head ";" - typeSignature ::= qldoc? annotations "signature" "class" upperId ("extends" type ("," type)*)? (";" | "{" signaturePredicate* "}") + typeSignature ::= qldoc? annotations "signature" "class" classname ("extends" type ("," type)*)? (";" | "{" signaturePredicate* "}") moduleSignature ::= qldoc? annotation* "signature" "module" moduleSignatureName parameters? "{" moduleSignatureBody "}" @@ -359,7 +359,7 @@ A QL signature definition has the following syntax: defaultPredicate ::= qldoc? annotations "default" head "{" formula "}" - signatureType ::= qldoc? annotations "class" upperId ("extends" type ("," type)*)? "{" signaturePredicate* "}" + signatureType ::= qldoc? annotations "class" classname ("extends" type ("," type)*)? "{" signaturePredicate* "}" A predicate signature definition extends the current module's declared predicate signature environment with a mapping from the predicate signature name and arity to the predicate signature definition. @@ -2126,7 +2126,7 @@ The complete grammar for QL is as follows: predicateSignature ::= qldoc? annotations "signature" head ";" - typeSignature ::= qldoc? annotations "signature" "class" upperId ("extends" type ("," type)*)? (";" | "{" signaturePredicate* "}") + typeSignature ::= qldoc? annotations "signature" "class" classname ("extends" type ("," type)*)? (";" | "{" signaturePredicate* "}") moduleSignature ::= qldoc? annotation* "signature" "module" moduleSignatureName parameters? "{" moduleSignatureBody "}" @@ -2136,7 +2136,7 @@ The complete grammar for QL is as follows: defaultPredicate ::= qldoc? annotations "default" head "{" formula "}" - signatureType ::= qldoc? annotations "class" upperId ("extends" type ("," type)*)? "{" signaturePredicate* "}" + signatureType ::= qldoc? annotations "class" classname ("extends" type ("," type)*)? "{" signaturePredicate* "}" select ::= ("from" var_decls)? ("where" formula)? "select" as_exprs ("order" "by" orderbys)? From 42e81015d0e3183e3a325d7b07a80a580711209d Mon Sep 17 00:00:00 2001 From: Philip Ginsbach Date: Mon, 22 May 2023 11:31:48 +0100 Subject: [PATCH 527/870] mention signatureExpr in section on use of identifier rules --- docs/codeql/ql-language-reference/ql-language-specification.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/codeql/ql-language-reference/ql-language-specification.rst b/docs/codeql/ql-language-reference/ql-language-specification.rst index c93ec0191d4..757d225886c 100644 --- a/docs/codeql/ql-language-reference/ql-language-specification.rst +++ b/docs/codeql/ql-language-reference/ql-language-specification.rst @@ -638,6 +638,7 @@ Identifiers are used in following syntactic constructs: classname ::= upperId dbasetype ::= atLowerId predicateRef ::= (moduleExpr "::")? literalId + signatureExpr ::= (moduleExpr "::")? simpleId ("/" Integer | arguments)?; predicateName ::= lowerId varname ::= lowerId literalId ::= lowerId | atLowerId From 35114d5ac4d91a4c7a341f5c592b03ca8033a55a Mon Sep 17 00:00:00 2001 From: Philip Ginsbach Date: Mon, 22 May 2023 11:37:23 +0100 Subject: [PATCH 528/870] introduce parameterName rule --- .../ql-language-reference/ql-language-specification.rst | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/codeql/ql-language-reference/ql-language-specification.rst b/docs/codeql/ql-language-reference/ql-language-specification.rst index 757d225886c..c1575b3d6e5 100644 --- a/docs/codeql/ql-language-reference/ql-language-specification.rst +++ b/docs/codeql/ql-language-reference/ql-language-specification.rst @@ -178,7 +178,7 @@ A QL module definition has the following syntax: module ::= annotation* "module" modulename parameters? implements? "{" moduleBody "}" - parameters ::= "<" signatureExpr simpleId ("," signatureExpr simpleId)* ">" + parameters ::= "<" signatureExpr parameterName ("," signatureExpr parameterName)* ">" implements ::= "implements" moduleSignatureExpr ("," moduleSignatureExpr)* @@ -640,6 +640,7 @@ Identifiers are used in following syntactic constructs: predicateRef ::= (moduleExpr "::")? literalId signatureExpr ::= (moduleExpr "::")? simpleId ("/" Integer | arguments)?; predicateName ::= lowerId + parameterName ::= simpleId varname ::= lowerId literalId ::= lowerId | atLowerId @@ -2107,7 +2108,7 @@ The complete grammar for QL is as follows: module ::= annotation* "module" modulename parameters? implements? "{" moduleBody "}" - parameters ::= "<" signatureExpr simpleId ("," signatureExpr simpleId)* ">" + parameters ::= "<" signatureExpr parameterName ("," signatureExpr parameterName)* ">" implements ::= "implements" moduleSignatureExpr ("," moduleSignatureExpr)* @@ -2323,6 +2324,8 @@ The complete grammar for QL is as follows: predicateName ::= lowerId + parameterName ::= simpleId + varname ::= lowerId literalId ::= lowerId | atLowerId | "any" | "none" From 2ca543e21734c85ac6bea5b9ea18fb983a56461d Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 17 May 2023 11:05:08 +0200 Subject: [PATCH 529/870] C#: Synthetic DateTime object creation for DateTime defaults via attributes. --- .../Entities/Expression.cs | 5 ++ .../ObjectCreation/DateTimeObjectCreation.cs | 70 +++++++++++++++++++ 2 files changed, 75 insertions(+) create mode 100644 csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ObjectCreation/DateTimeObjectCreation.cs diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs index 3984e7c00cf..698be2e2c35 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs @@ -211,6 +211,11 @@ namespace Semmle.Extraction.CSharp.Entities return Default.CreateGenerated(cx, parent, childIndex, location, ValueAsString(null)); } + if (type.SpecialType is SpecialType.System_DateTime) + { + return DateTimeObjectCreation.CreateGenerated(cx, parent, childIndex, type, defaultValue, location); + } + // const literal: return Literal.CreateGenerated(cx, parent, childIndex, type, defaultValue, location); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ObjectCreation/DateTimeObjectCreation.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ObjectCreation/DateTimeObjectCreation.cs new file mode 100644 index 00000000000..52fcb3629f3 --- /dev/null +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ObjectCreation/DateTimeObjectCreation.cs @@ -0,0 +1,70 @@ +using Microsoft.CodeAnalysis; +using System.Linq; +using System.IO; +using Semmle.Extraction.Kinds; + +namespace Semmle.Extraction.CSharp.Entities.Expressions +{ + internal class DateTimeObjectCreation : Expression + { + private readonly IMethodSymbol constructorSymbol; + + private DateTimeObjectCreation(IMethodSymbol constructorSymbol, ExpressionInfo info) : base(info) + { + this.constructorSymbol = constructorSymbol; + } + + // Gets the value of a System.DateTime object as a string containing the ticks. + private static long ValueAsLong(object? value) => + value is System.DateTime d ? d.Ticks : 0; + + // Gets the System.DateTime(long) constructor from the `type` symbol. + private static IMethodSymbol? GetDateTimeConstructor(ITypeSymbol? type) + { + return type?.GetMembers() + .Where(m => + m is IMethodSymbol c && + c.GetName() == "ctor" && + c.Parameters.Length == 1 && + c.Parameters[0].Type.SpecialType == SpecialType.System_Int64) + .Cast() + .FirstOrDefault(); + } + + + protected void PopulateExpression(TextWriter trapFile) + { + var constructor = Constructor.Create(Context, constructorSymbol); + trapFile.expr_call(this, constructor); + } + + protected new Expression TryPopulate() + { + Context.Try(null, null, () => PopulateExpression(Context.TrapWriter.Writer)); + return this; + } + + // Gets an expression that represents a System.DateTime object creation. + // The `type` symbol must be a System.DateTime type and the value must be a System.DateTime object. + // The expression that is being created is a call to the System.DateTime(long) constructor, where + // the number of ticks from the `value` object is used as the argument to the constructor call. + public static Expression CreateGenerated(Context cx, IExpressionParentEntity parent, int childIndex, ITypeSymbol type, object? value, Extraction.Entities.Location location) + { + var constructorSymbol = GetDateTimeConstructor(type) ?? throw new InternalError("Could not find symbol for System.DateTime(long)"); + var expr = new DateTimeObjectCreation(constructorSymbol, new ExpressionInfo( + cx, + AnnotatedTypeSymbol.CreateNotAnnotated(type), + location, + ExprKind.OBJECT_CREATION, + parent, + childIndex, + true, + null)); + + var longTypeSymbol = constructorSymbol.Parameters[0].Type; + Literal.CreateGenerated(cx, expr, 0, longTypeSymbol, ValueAsLong(value), location); + + return expr.TryPopulate(); + } + } +} \ No newline at end of file From 5a57d47b6c850a07ae3920cbe102fb4fe16cc4ee Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 17 May 2023 11:34:08 +0200 Subject: [PATCH 530/870] C#: Add more testcases, a new test, update the compiled test code and updated expected results. --- .../library-tests/parameters/Parameters.cs | 11 +++ .../library-tests/parameters/Parameters.cs_ | 11 +++ .../library-tests/parameters/Parameters.dll | Bin 4608 -> 5632 bytes .../parameters/Parameters.expected | 69 ++++++++++++------ .../library-tests/parameters/Parameters.ql | 11 +++ 5 files changed, 78 insertions(+), 24 deletions(-) diff --git a/csharp/ql/test/library-tests/parameters/Parameters.cs b/csharp/ql/test/library-tests/parameters/Parameters.cs index b7cc3b001a9..2cbcd89f9e4 100644 --- a/csharp/ql/test/library-tests/parameters/Parameters.cs +++ b/csharp/ql/test/library-tests/parameters/Parameters.cs @@ -1,3 +1,7 @@ +using System; +using System.Runtime.InteropServices; +using System.Runtime.CompilerServices; + public class Parameters { public void M1(int a, object b, string c) => throw null; @@ -12,6 +16,13 @@ public class Parameters public void M9(T t = default) where T : struct => throw null; public void M10(T t = default) where T : class => throw null; + public void M11(int arg1 = 3) => throw null; + public void M12(DateTime arg2 = default) => throw null; + public void M13(DateTime? arg3 = null) => throw null; + public void M14([Optional, DateTimeConstant(14L)] DateTime arg4) => throw null; + public void M15([Optional, DateTimeConstant(10001L)] DateTime? arg5) => throw null; + public void M16([Optional, DefaultParameterValue(6L)] long arg6) => throw null; + public struct MyStruct { } public enum MyEnum { A = 1, B = 2 } } \ No newline at end of file diff --git a/csharp/ql/test/library-tests/parameters/Parameters.cs_ b/csharp/ql/test/library-tests/parameters/Parameters.cs_ index 062c4b98b18..262cd57a755 100644 --- a/csharp/ql/test/library-tests/parameters/Parameters.cs_ +++ b/csharp/ql/test/library-tests/parameters/Parameters.cs_ @@ -1,3 +1,7 @@ +using System; +using System.Runtime.InteropServices; +using System.Runtime.CompilerServices; + public class ParametersDll { public void M1(int a, object b, string c) => throw null; @@ -12,6 +16,13 @@ public class ParametersDll public void M9(T t = default) where T : struct => throw null; public void M10(T t = default) where T : class => throw null; + public void M11(int arg1 = 3) => throw null; + public void M12(DateTime arg2 = default) => throw null; + public void M13(DateTime? arg3 = null) => throw null; + public void M14([Optional, DateTimeConstant(14L)] DateTime arg4) => throw null; + public void M15([Optional, DateTimeConstant(10001L)] DateTime? arg5) => throw null; + public void M16([Optional, DefaultParameterValue(6L)] long arg6) => throw null; + public struct MyStruct { } public enum MyEnum { A = 1, B = 2 } } \ No newline at end of file diff --git a/csharp/ql/test/library-tests/parameters/Parameters.dll b/csharp/ql/test/library-tests/parameters/Parameters.dll index cd48ebef015977599fcad91d31e3a24f0a115a57..41cf1188ca869b375b971ea69d561d210bff1d4b 100644 GIT binary patch literal 5632 zcmeHLYit}>75-*-y;(bPn(ZrT^P0qI(u8L1jqNl^o5s(i4%x)@+75wIXLfyUPcr++ z%xsbkqD@m%RX|Zmqasldq6G;FsV!1zqlkz|6_r3lm5`8y0I3KeBoKukNR<$2_|Dzg zM{F7%KloGbdcL{eIp^Mc&bfE)+;QrY&mjyT!t45V;3Dr*dNke~&QiT}?WLu7z4_|8 zi^hSg>qcj6&n&uyY1hh`Su39}_-00#ZYgitd2`@U+RPOuRid@EWkb;Q@E~x&2;=e0 zyT7Q8_Ab_&i;WI;PD!*PJ-3y2lUENfV41FmDt?PV{MY3yk#Z?v9Q~Y_%3u8+P!X}T zv)@Bf=>b+rBIcK)z!J(j?gK{W>u$zPAl9Idkw4tP6TUj_lRwi+piajc_)VsZ2^>wh zo|`4pzV)yof$Dg84@wWcPq@k{&`^BEQC`y5?YtUF575^@bu}w_Wf9*(Xu_{d#<>_U zMEGBn^`Uz?Yc1H42`ZuG&)&)I?zuDkwa>EC$d-qyitqwXpKs7}J|bIMZa?!M{n3M4 zv9g7hS}Ppe{Dm zi+$+lQ8@5YsB(|us_~al6eA(QYxs5O7A&K;QS36#P_i@hBjO8&U|M5QX~7$jQ`3HA-@#x&cAwc!)kh*GFTyc{}>X!IGJ z#`xKD_zZEDIBbePPp_C`90rcm*b`)Kjm?sst1;1?uQ7?`r3yncK2P@TfNdm;;5z}^ zLAD6r4cLBsnQQ!&fE^)Qg6{=v24CUB{CdEO_$K0bGhiNGl>;gY&mdRwb4le%rc?rpi2Y}S$oh!LcSO?Z@OARC^KcWe25 z8Xw{cF)*xgLQ9TwX6Cp!;>0MkG8byWX5um=HSW~dt8qx#MbV9py`L57%Ujypxt&wPjM*yEX3C*sJA3 z8dDk{VT%}BKE_r@w9ThAT3V}+rQFt%9I=Hy&R`R^zz8L<7;n>;+wcx?CEg>p;eF!A z&}}4W-A{Y~2Z{ao6!GI)o+gTqEg?!ddOv&J%yFci4eD7q##37Il$Jb2&GW{~TJo}% zyiCa@<1MVmZ-}>I%J?noQ%2YjyrOY7d>p?wzD4}2YzCb5MTnfO)JTG&_-rq#65dUG zL$gJE_G5ZK1fzSJvK7p?+#_5~PjhYZSOBDw9lVmfaIoY!R>o0BlTb-m?sO8KD7GQB z4QiW6w!tGyb|TdY)hUurcx1^gq`IKGM8aya8>w!nZlSCuwb&2N)DEO};=xp5 zvgD|TxJ&i%t$)&TN@`*P7BbAtfaR-EJExE?d%nsgMoM{K=(t#omWv95xr~~eRFl0v z-zAxnuh3t}6>Uek`&3@JY~P@&8I5_?w5l--s7z^kT0*YNs!6CzdOc6&GERBa_8SdH z8ISV!@)V{{72M+s?f24~apih;A-_;Ll%FcNIm@Tgaz50mzmT7@r%MdyhE7J*RN9(S zetCo$^y-~gQlO1Tlw+ONwFZ4Pl3|y*&-(R-)qHb2&$sdonrb?zk<(PYNwqH-)5@3Y zieRp^+_y8fWBU!-zA~q3uVYQmo7zN>1D*>oY)Mjmrf$G-Uo( zZow-|`D{0-dO34t&-PG@y|N@c9LgM{AM}z39pK|FOfpUwHQFflYt> z;)95oh7k*!Fq&A2$AvD{)typpiM_UG;)(drTXscc4~X#X%}1DJ)g%Mz=17{(fC2Zx&3?v8lMh!4dKZZ}fa$oqaYbmw8$DjqE42Tx~JQ6^<{ z#x0!k4B9P{II!Emip0Ue(f)#~dW*&Tg4x`C^8Q2zJ6L*q?b#Zzy`p244{}w+q=iX~ zRt{HP8a#>`XwpwJPv`7E$wMfA6}cuni|Ro)8kjvUFXquuYp>%JPNhnYZxx&mwcPSnAzpiR9@-0; zW9@nx+VjfiB-J#D;$#NthkLhmZ%5$9`@am_V5obZ@BZq0Un+O(-LPa!_;B#KB<`P( zx+%4VrTSS_(M)g|al1%ab{;t|%QdC+j-j>J?_nqNQ?jtf|A|CS=lZ+k?2W_eH3F{L z1#+>IZ^uvc09S(bA+jr>F5)=Sm>>>fgtZ}lX&)pXBJQnxb>nj6&mUAy4Km|WD)&7V zqBoOM_cU$Rbm^e~V*!tmkO&1m8@%berlJ1Jrsv zOUQ;;yur7B*0zJ2mr;v!oNZmUuE&$)xv-;l0lUyjd&!8eZS(ZaY4C9V7zs>LFJHsJ zy?n^Izp&l3ZY5C`8H0E_&GV^G8cVkZ`*W`^^thbR|euN4qQ~ozHyZa*)^Z!Gw GW#Av7(N0DH delta 1796 zcmZuyT})g>7(H`$S=b+T?_DT`^5epmcB{BQz->h=0Vyrjtc7gBlD26Vx%3YxVYkG_ z#KlV0SYsq(Of-#{K5AdENndJwFeb+I!8AdAATcyC`ld;viTa?P8E!)#n49m+ch2|S zZ|2U-&Mveq?0oO7mhSXpcj2~mw8VlU4Fo9oHpG7uOP`L0Zzg~vO6UdBo~7oh&}kq< zzPcMYDw~ZqIVN@oynaeCT0p)nn!;%h-CmlP7LvEcZehxwL`&T|%c(XG((vJL#LsKQwaq z0Q*kzgpfU+U5#N&DG)$;lrfH8Qd2URC7=tKExvR ztoWArClr3J@jH#3TEC+Gq;ZGQ2`Kzp+|h-f($xjjW8!0K8SMvz3EMykHfab317Fd) zH1qim;TT32`f!}sPaKM=I&W~nPBA0rvM`w!qb}P{R*o^3#W2auJmIokWFee#SsSJh z#yD9?6-{9t792O&jz!eqtjlb&?YQ7FK~{^I4OY9x@2ms&P9G2h!}LAKxr%8j#Wa;- znkr`trQ{}UhE=(sPOa82H|lZ~TCudUgXl$^ScW}BfoF_I(T_E5szp@OTN43ht#P?C z8oM<1X*`UQ3Jhy9rZG?Sp@L5nEyQ7>*oFj`s}4_6X`~)SvsPO19F;xvql_i!XS8o? z+^?}u>xVUFH4f{_BV3gz#!5Qrq{cik$#1_#tit=mdfXz$@dfb-JRo-Pq$JUeN@72D z5TDn2j;K~nZGd-S!y|E9oCmq=Az{A_Bbs?IZ14av%4T7JSj(YR?`6^eBen`#&%v9D#5D^G$&PwJhTf5w;ym|E0 zeTeLkTEUaF1aG&5x_Ut8zbNzigq&nNGv%!F^=3|U%R~*ZvD)| z`kZF|qlxi_SN^;4;?wt*sybKQTbSeGH|58cnrn>pgdB?`c-hn zd03TW=CbINf17c`G-Q)i-uGG9RDY|8yTc1Ur75>=9e-^rKS=GObrF8lK D(n~WX diff --git a/csharp/ql/test/library-tests/parameters/Parameters.expected b/csharp/ql/test/library-tests/parameters/Parameters.expected index 0ffc1feb4a7..30b3a32c669 100644 --- a/csharp/ql/test/library-tests/parameters/Parameters.expected +++ b/csharp/ql/test/library-tests/parameters/Parameters.expected @@ -1,35 +1,45 @@ noDefaultValue -| Parameters.cs:3:17:3:18 | M1 | Parameters.cs:3:24:3:24 | a | 0 | -| Parameters.cs:3:17:3:18 | M1 | Parameters.cs:3:34:3:34 | b | 1 | -| Parameters.cs:3:17:3:18 | M1 | Parameters.cs:3:44:3:44 | c | 2 | -| Parameters.cs:4:17:4:18 | M2 | Parameters.cs:4:24:4:24 | a | 0 | -| Parameters.cs:8:17:8:18 | M6 | Parameters.cs:8:29:8:30 | s1 | 0 | -| Parameters.cs:9:17:9:18 | M7 | Parameters.cs:9:27:9:28 | e1 | 0 | +| Parameters.cs:7:17:7:18 | M1 | Parameters.cs:7:24:7:24 | a | 0 | +| Parameters.cs:7:17:7:18 | M1 | Parameters.cs:7:34:7:34 | b | 1 | +| Parameters.cs:7:17:7:18 | M1 | Parameters.cs:7:44:7:44 | c | 2 | +| Parameters.cs:8:17:8:18 | M2 | Parameters.cs:8:24:8:24 | a | 0 | +| Parameters.cs:12:17:12:18 | M6 | Parameters.cs:12:29:12:30 | s1 | 0 | +| Parameters.cs:13:17:13:18 | M7 | Parameters.cs:13:27:13:28 | e1 | 0 | | Parameters.dll:0:0:0:0 | M1 | Parameters.dll:0:0:0:0 | a | 0 | | Parameters.dll:0:0:0:0 | M1 | Parameters.dll:0:0:0:0 | b | 1 | | Parameters.dll:0:0:0:0 | M1 | Parameters.dll:0:0:0:0 | c | 2 | | Parameters.dll:0:0:0:0 | M2 | Parameters.dll:0:0:0:0 | a | 0 | | Parameters.dll:0:0:0:0 | M6 | Parameters.dll:0:0:0:0 | s1 | 0 | | Parameters.dll:0:0:0:0 | M7 | Parameters.dll:0:0:0:0 | e1 | 0 | +| Parameters.dll:0:0:0:0 | NullableAttribute | Parameters.dll:0:0:0:0 | value | 0 | +| Parameters.dll:0:0:0:0 | NullableAttribute | Parameters.dll:0:0:0:0 | value | 0 | +| Parameters.dll:0:0:0:0 | NullableContextAttribute | Parameters.dll:0:0:0:0 | value | 0 | +| Parameters.dll:0:0:0:0 | RefSafetyRulesAttribute | Parameters.dll:0:0:0:0 | value | 0 | withDefaultValue -| Parameters.cs:4:17:4:18 | M2 | Parameters.cs:4:34:4:34 | b | 1 | Parameters.cs:4:38:4:41 | null | null | -| Parameters.cs:4:17:4:18 | M2 | Parameters.cs:4:51:4:51 | c | 2 | Parameters.cs:4:55:4:70 | "default string" | default string | -| Parameters.cs:5:17:5:18 | M3 | Parameters.cs:5:24:5:24 | a | 0 | Parameters.cs:5:28:5:28 | 1 | 1 | -| Parameters.cs:5:17:5:18 | M3 | Parameters.cs:5:38:5:38 | b | 1 | Parameters.cs:5:42:5:45 | null | null | -| Parameters.cs:5:17:5:18 | M3 | Parameters.cs:5:55:5:55 | c | 2 | Parameters.cs:5:59:5:64 | "null" | null | -| Parameters.cs:6:17:6:18 | M4 | Parameters.cs:6:24:6:24 | a | 0 | Parameters.cs:6:28:6:34 | (...) ... | 0 | -| Parameters.cs:6:17:6:18 | M4 | Parameters.cs:6:44:6:44 | b | 1 | Parameters.cs:6:48:6:54 | default | null | -| Parameters.cs:7:17:7:18 | M5 | Parameters.cs:7:24:7:24 | a | 0 | Parameters.cs:7:28:7:36 | object creation of type Int32 | 0 | -| Parameters.cs:7:17:7:18 | M5 | Parameters.cs:7:46:7:46 | b | 1 | Parameters.cs:7:50:7:56 | default | null | -| Parameters.cs:8:17:8:18 | M6 | Parameters.cs:8:42:8:43 | s2 | 1 | Parameters.cs:8:47:8:63 | default(...) | - | -| Parameters.cs:8:17:8:18 | M6 | Parameters.cs:8:75:8:76 | s3 | 2 | Parameters.cs:8:80:8:93 | object creation of type MyStruct | - | -| Parameters.cs:9:17:9:18 | M7 | Parameters.cs:9:38:9:39 | e2 | 1 | Parameters.cs:9:43:9:57 | default(...) | 0 | -| Parameters.cs:9:17:9:18 | M7 | Parameters.cs:9:67:9:68 | e3 | 2 | Parameters.cs:9:72:9:83 | object creation of type MyEnum | 0 | -| Parameters.cs:9:17:9:18 | M7 | Parameters.cs:9:93:9:94 | e4 | 3 | Parameters.cs:9:98:9:105 | access to constant A | 1 | -| Parameters.cs:9:17:9:18 | M7 | Parameters.cs:9:115:9:116 | e5 | 4 | Parameters.cs:9:120:9:128 | (...) ... | 5 | -| Parameters.cs:11:17:11:21 | M8<> | Parameters.cs:11:25:11:25 | t | 0 | Parameters.cs:11:29:11:35 | (...) ... | - | -| Parameters.cs:12:17:12:21 | M9<> | Parameters.cs:12:25:12:25 | t | 0 | Parameters.cs:12:29:12:35 | (...) ... | - | -| Parameters.cs:13:17:13:22 | M10<> | Parameters.cs:13:26:13:26 | t | 0 | Parameters.cs:13:30:13:36 | (...) ... | null | +| Parameters.cs:8:17:8:18 | M2 | Parameters.cs:8:34:8:34 | b | 1 | Parameters.cs:8:38:8:41 | null | null | +| Parameters.cs:8:17:8:18 | M2 | Parameters.cs:8:51:8:51 | c | 2 | Parameters.cs:8:55:8:70 | "default string" | default string | +| Parameters.cs:9:17:9:18 | M3 | Parameters.cs:9:24:9:24 | a | 0 | Parameters.cs:9:28:9:28 | 1 | 1 | +| Parameters.cs:9:17:9:18 | M3 | Parameters.cs:9:38:9:38 | b | 1 | Parameters.cs:9:42:9:45 | null | null | +| Parameters.cs:9:17:9:18 | M3 | Parameters.cs:9:55:9:55 | c | 2 | Parameters.cs:9:59:9:64 | "null" | null | +| Parameters.cs:10:17:10:18 | M4 | Parameters.cs:10:24:10:24 | a | 0 | Parameters.cs:10:28:10:34 | (...) ... | 0 | +| Parameters.cs:10:17:10:18 | M4 | Parameters.cs:10:44:10:44 | b | 1 | Parameters.cs:10:48:10:54 | default | null | +| Parameters.cs:11:17:11:18 | M5 | Parameters.cs:11:24:11:24 | a | 0 | Parameters.cs:11:28:11:36 | object creation of type Int32 | 0 | +| Parameters.cs:11:17:11:18 | M5 | Parameters.cs:11:46:11:46 | b | 1 | Parameters.cs:11:50:11:56 | default | null | +| Parameters.cs:12:17:12:18 | M6 | Parameters.cs:12:42:12:43 | s2 | 1 | Parameters.cs:12:47:12:63 | default(...) | - | +| Parameters.cs:12:17:12:18 | M6 | Parameters.cs:12:75:12:76 | s3 | 2 | Parameters.cs:12:80:12:93 | object creation of type MyStruct | - | +| Parameters.cs:13:17:13:18 | M7 | Parameters.cs:13:38:13:39 | e2 | 1 | Parameters.cs:13:43:13:57 | default(...) | 0 | +| Parameters.cs:13:17:13:18 | M7 | Parameters.cs:13:67:13:68 | e3 | 2 | Parameters.cs:13:72:13:83 | object creation of type MyEnum | 0 | +| Parameters.cs:13:17:13:18 | M7 | Parameters.cs:13:93:13:94 | e4 | 3 | Parameters.cs:13:98:13:105 | access to constant A | 1 | +| Parameters.cs:13:17:13:18 | M7 | Parameters.cs:13:115:13:116 | e5 | 4 | Parameters.cs:13:120:13:128 | (...) ... | 5 | +| Parameters.cs:15:17:15:21 | M8<> | Parameters.cs:15:25:15:25 | t | 0 | Parameters.cs:15:29:15:35 | (...) ... | - | +| Parameters.cs:16:17:16:21 | M9<> | Parameters.cs:16:25:16:25 | t | 0 | Parameters.cs:16:29:16:35 | (...) ... | - | +| Parameters.cs:17:17:17:22 | M10<> | Parameters.cs:17:26:17:26 | t | 0 | Parameters.cs:17:30:17:36 | (...) ... | null | +| Parameters.cs:19:17:19:19 | M11 | Parameters.cs:19:25:19:28 | arg1 | 0 | Parameters.cs:19:32:19:32 | 3 | 3 | +| Parameters.cs:20:17:20:19 | M12 | Parameters.cs:20:30:20:33 | arg2 | 0 | Parameters.cs:20:37:20:43 | (...) ... | - | +| Parameters.cs:21:17:21:19 | M13 | Parameters.cs:21:31:21:34 | arg3 | 0 | Parameters.cs:21:38:21:41 | null | null | +| Parameters.cs:22:17:22:19 | M14 | Parameters.cs:22:64:22:67 | arg4 | 0 | Parameters.cs:22:21:22:67 | object creation of type DateTime | - | +| Parameters.cs:23:17:23:19 | M15 | Parameters.cs:23:68:23:71 | arg5 | 0 | Parameters.cs:23:21:23:71 | object creation of type DateTime | - | +| Parameters.cs:24:17:24:19 | M16 | Parameters.cs:24:64:24:67 | arg6 | 0 | Parameters.cs:24:21:24:67 | 6 | 6 | | Parameters.dll:0:0:0:0 | M2 | Parameters.dll:0:0:0:0 | b | 1 | Parameters.dll:0:0:0:0 | default | null | | Parameters.dll:0:0:0:0 | M2 | Parameters.dll:0:0:0:0 | c | 2 | Parameters.dll:0:0:0:0 | "default string" | default string | | Parameters.dll:0:0:0:0 | M3 | Parameters.dll:0:0:0:0 | a | 0 | Parameters.dll:0:0:0:0 | 1 | 1 | @@ -48,3 +58,14 @@ withDefaultValue | Parameters.dll:0:0:0:0 | M8<> | Parameters.dll:0:0:0:0 | t | 0 | Parameters.dll:0:0:0:0 | default | - | | Parameters.dll:0:0:0:0 | M9<> | Parameters.dll:0:0:0:0 | t | 0 | Parameters.dll:0:0:0:0 | default | - | | Parameters.dll:0:0:0:0 | M10<> | Parameters.dll:0:0:0:0 | t | 0 | Parameters.dll:0:0:0:0 | default | null | +| Parameters.dll:0:0:0:0 | M11 | Parameters.dll:0:0:0:0 | arg1 | 0 | Parameters.dll:0:0:0:0 | 3 | 3 | +| Parameters.dll:0:0:0:0 | M12 | Parameters.dll:0:0:0:0 | arg2 | 0 | Parameters.dll:0:0:0:0 | default | - | +| Parameters.dll:0:0:0:0 | M13 | Parameters.dll:0:0:0:0 | arg3 | 0 | Parameters.dll:0:0:0:0 | default | - | +| Parameters.dll:0:0:0:0 | M14 | Parameters.dll:0:0:0:0 | arg4 | 0 | Parameters.dll:0:0:0:0 | object creation of type DateTime | - | +| Parameters.dll:0:0:0:0 | M15 | Parameters.dll:0:0:0:0 | arg5 | 0 | Parameters.dll:0:0:0:0 | object creation of type DateTime | - | +| Parameters.dll:0:0:0:0 | M16 | Parameters.dll:0:0:0:0 | arg6 | 0 | Parameters.dll:0:0:0:0 | 6 | 6 | +dateTimeDefaults +| Parameters.cs:22:17:22:19 | M14 | Parameters.cs:22:64:22:67 | arg4 | Parameters.cs:22:21:22:67 | object creation of type DateTime | DateTime(long) | 14 | +| Parameters.cs:23:17:23:19 | M15 | Parameters.cs:23:68:23:71 | arg5 | Parameters.cs:23:21:23:71 | object creation of type DateTime | DateTime(long) | 10001 | +| Parameters.dll:0:0:0:0 | M14 | Parameters.dll:0:0:0:0 | arg4 | Parameters.dll:0:0:0:0 | object creation of type DateTime | DateTime(long) | 14 | +| Parameters.dll:0:0:0:0 | M15 | Parameters.dll:0:0:0:0 | arg5 | Parameters.dll:0:0:0:0 | object creation of type DateTime | DateTime(long) | 10001 | diff --git a/csharp/ql/test/library-tests/parameters/Parameters.ql b/csharp/ql/test/library-tests/parameters/Parameters.ql index dca5c2d9006..feb8cd9e90f 100644 --- a/csharp/ql/test/library-tests/parameters/Parameters.ql +++ b/csharp/ql/test/library-tests/parameters/Parameters.ql @@ -17,3 +17,14 @@ query predicate withDefaultValue(Parameterizable container, Parameter p, int i, p.getDefaultValue() = e and if exists(e.getValue()) then value = e.getValue() else value = "-" } + +query predicate dateTimeDefaults( + Parameterizable container, Parameter p, ObjectCreation o, string constructor, string value +) { + fromTestLocation(container) and + p.hasDefaultValue() and + container.getAParameter() = p and + p.getDefaultValue() = o and + o.getTarget().toStringWithTypes() = constructor and + o.getAnArgument().getValue() = value +} From 6cb2ce5a38fdd0c4d04e8f7ca8321c717f86d0ce Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 17 May 2023 15:11:26 +0200 Subject: [PATCH 531/870] C#: Update tests to exclude autogenerated parameterizables in attributes as these appears to give OS dependent results. --- .../library-tests/parameters/Parameters.expected | 4 ---- .../ql/test/library-tests/parameters/Parameters.ql | 14 +++++++++++--- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/csharp/ql/test/library-tests/parameters/Parameters.expected b/csharp/ql/test/library-tests/parameters/Parameters.expected index 30b3a32c669..9ef92a0dac0 100644 --- a/csharp/ql/test/library-tests/parameters/Parameters.expected +++ b/csharp/ql/test/library-tests/parameters/Parameters.expected @@ -11,10 +11,6 @@ noDefaultValue | Parameters.dll:0:0:0:0 | M2 | Parameters.dll:0:0:0:0 | a | 0 | | Parameters.dll:0:0:0:0 | M6 | Parameters.dll:0:0:0:0 | s1 | 0 | | Parameters.dll:0:0:0:0 | M7 | Parameters.dll:0:0:0:0 | e1 | 0 | -| Parameters.dll:0:0:0:0 | NullableAttribute | Parameters.dll:0:0:0:0 | value | 0 | -| Parameters.dll:0:0:0:0 | NullableAttribute | Parameters.dll:0:0:0:0 | value | 0 | -| Parameters.dll:0:0:0:0 | NullableContextAttribute | Parameters.dll:0:0:0:0 | value | 0 | -| Parameters.dll:0:0:0:0 | RefSafetyRulesAttribute | Parameters.dll:0:0:0:0 | value | 0 | withDefaultValue | Parameters.cs:8:17:8:18 | M2 | Parameters.cs:8:34:8:34 | b | 1 | Parameters.cs:8:38:8:41 | null | null | | Parameters.cs:8:17:8:18 | M2 | Parameters.cs:8:51:8:51 | c | 2 | Parameters.cs:8:55:8:70 | "default string" | default string | diff --git a/csharp/ql/test/library-tests/parameters/Parameters.ql b/csharp/ql/test/library-tests/parameters/Parameters.ql index feb8cd9e90f..09eadc693f0 100644 --- a/csharp/ql/test/library-tests/parameters/Parameters.ql +++ b/csharp/ql/test/library-tests/parameters/Parameters.ql @@ -4,10 +4,16 @@ private predicate fromTestLocation(Element e) { e.fromSource() or e.getFile().getStem() = "Parameters" } +private predicate compilerGeneratedAttribute(Parameterizable container) { + container.getDeclaringType().getAnAttribute().getType().toStringWithTypes() = + "CompilerGeneratedAttribute" +} + query predicate noDefaultValue(Parameterizable container, Parameter p, int i) { fromTestLocation(container) and not p.hasDefaultValue() and - container.getParameter(i) = p + container.getParameter(i) = p and + not compilerGeneratedAttribute(container) } query predicate withDefaultValue(Parameterizable container, Parameter p, int i, Expr e, string value) { @@ -15,7 +21,8 @@ query predicate withDefaultValue(Parameterizable container, Parameter p, int i, p.hasDefaultValue() and container.getParameter(i) = p and p.getDefaultValue() = e and - if exists(e.getValue()) then value = e.getValue() else value = "-" + (if exists(e.getValue()) then value = e.getValue() else value = "-") and + not compilerGeneratedAttribute(container) } query predicate dateTimeDefaults( @@ -26,5 +33,6 @@ query predicate dateTimeDefaults( container.getAParameter() = p and p.getDefaultValue() = o and o.getTarget().toStringWithTypes() = constructor and - o.getAnArgument().getValue() = value + o.getAnArgument().getValue() = value and + not compilerGeneratedAttribute(container) } From 2c37cb7ac565de59886afa388bdaf8ee897e060c Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 22 May 2023 14:24:46 +0200 Subject: [PATCH 532/870] C#: Add more default parameter test-cases. --- .../library-tests/parameters/Parameters.cs | 3 +++ .../library-tests/parameters/Parameters.cs_ | 3 +++ .../library-tests/parameters/Parameters.dll | Bin 5632 -> 6144 bytes .../parameters/Parameters.expected | 6 ++++++ 4 files changed, 12 insertions(+) diff --git a/csharp/ql/test/library-tests/parameters/Parameters.cs b/csharp/ql/test/library-tests/parameters/Parameters.cs index 2cbcd89f9e4..ebe17322bad 100644 --- a/csharp/ql/test/library-tests/parameters/Parameters.cs +++ b/csharp/ql/test/library-tests/parameters/Parameters.cs @@ -22,6 +22,9 @@ public class Parameters public void M14([Optional, DateTimeConstant(14L)] DateTime arg4) => throw null; public void M15([Optional, DateTimeConstant(10001L)] DateTime? arg5) => throw null; public void M16([Optional, DefaultParameterValue(6L)] long arg6) => throw null; + public void M17([Optional, DefaultParameterValue(null)] object arg7) => throw null; + public void M18([Optional, DefaultParameterValue(3)] int? arg8) => throw null; + public void M19([Optional, DecimalConstant(1, 0, 0, 0, 103)] decimal arg9) => throw null; public struct MyStruct { } public enum MyEnum { A = 1, B = 2 } diff --git a/csharp/ql/test/library-tests/parameters/Parameters.cs_ b/csharp/ql/test/library-tests/parameters/Parameters.cs_ index 262cd57a755..8fce6f198c3 100644 --- a/csharp/ql/test/library-tests/parameters/Parameters.cs_ +++ b/csharp/ql/test/library-tests/parameters/Parameters.cs_ @@ -22,6 +22,9 @@ public class ParametersDll public void M14([Optional, DateTimeConstant(14L)] DateTime arg4) => throw null; public void M15([Optional, DateTimeConstant(10001L)] DateTime? arg5) => throw null; public void M16([Optional, DefaultParameterValue(6L)] long arg6) => throw null; + public void M17([Optional, DefaultParameterValue(null)] object arg7) => throw null; + public void M18([Optional, DefaultParameterValue(3)] int? arg8) => throw null; + public void M19([Optional, DecimalConstant(1, 0, 0, 0, 103)] decimal arg9) => throw null; public struct MyStruct { } public enum MyEnum { A = 1, B = 2 } diff --git a/csharp/ql/test/library-tests/parameters/Parameters.dll b/csharp/ql/test/library-tests/parameters/Parameters.dll index 41cf1188ca869b375b971ea69d561d210bff1d4b..b40c91369cbf75bb1c1296e3a7652ad3a7abc331 100644 GIT binary patch delta 1903 zcmZ{ldu$X{7{$+>>29anWjlRP`h?vUTKlvGYg_-88Av^P!xI|_R;dQ+431tB2wggqEMvEYa%bRnj@&=el`Ox{N!gPM-Xx-sd{;y zaYqv1LGhzbV9Yw0!Q{Mj^W{B)mnmK}oiP8Sjp@96$yg}Q8wm*Z}+Z@?%=7z2roFxx8Zi!OUjR8Y3Lu8ssSjlU;(JIauZuA<0{#l{8Me|urOZ$s- zd=u*2qsA|+51Wb*ibFcS2o;~z^lEbVLp-5QU-EN(+V7etNHwV!6d?G6u<;do%&M3w z<#d%|A#-avMipaj3DtzonY>$q%bj4!VrJa%Fn5HDT1J%xwerwyCf93OfOY0B6yT(> zm;BS{hub}Zezb*O!9Mahxyr95G?05oXDGws-cRcWN`CUAIC>@SiWfO2vk<1xf&gP-RvuC&|ITp_La40u2pd~ zHQ}U)U)t5#)7!CGj(P@S@tui3*kfyY4@55PZyewFNe@BX{#*oWi08n1r;v^?V5K7ZQ0;+PzI#){~%LpSek xcxdJ68|zA(&zTx}nTq{Gfpnv~Tn3Zgjr!9{Mbu~iWg6{^qRDB$iJ^-4e*u&`FI@lt delta 1689 zcmZXVeM}rh7{;I3h2=PoV-H$5puhnIEamW;_5^Iv5-61_+Da)BwJAM|MNw%BN^9Cf zxDc$?ln%kfniz|XpP?~W+B7yLQJZLNni!Ld@go>DCK|DSXquQ{d}dfKM)xwmeV^x@ znSFO=cW)>(RCRK!C<&yA5a6X@Et$i?@ppE4Zw&(XDPuFR${a7w^6UXT z)S)V1rz|$AWT&WbkEPQJuzBTiu~yh}R#b=;@;gzI8{rJYD~mtE6b zV%)-Ox>32;35=W**-VyYo39=fKvLx$%L(&;+E~uZNn?|nQ)TF>Ab&Jg*Y8XQN{<0^ zJolN5+xidoJo)G$RZA$9BY7@uZ^H)0wu-m5w>0tGq_o^(Rur%fxY*Q!sJM`gSAbu| z@_Dl$dd6UhJSZoSSVii7jR6BD8xbCP&*sl;@EGfM@MNk`ek~DCNG%?{gwyhkS57Y#y z`uxlB|Hn$CGbhw_S57EMK*+vp=LZ)WLKxLZ!&MfOh3jNA9}7H{ z;wHHkVNuQQjpRn$OE%&`@^0<7k*Y|yL6?_r&BmKSG9_wg$;l#CjDt>)& zll<6IEEhayXWmTTDCD2stnAZ&|8fPQb-VhE#8l(=J?52#8QIA$e!*R`E~C_bDzK+_ z(Q{$z>D}>;fkoeKvNz+IYRA0!wPSLoJ7xHlg_jP8npb-&%?{@efRo}tQ2OjVBNCKB W`}~YI^Dong)zA2{e;4DSlz#wfO&*K@ diff --git a/csharp/ql/test/library-tests/parameters/Parameters.expected b/csharp/ql/test/library-tests/parameters/Parameters.expected index 9ef92a0dac0..4ac08438d3a 100644 --- a/csharp/ql/test/library-tests/parameters/Parameters.expected +++ b/csharp/ql/test/library-tests/parameters/Parameters.expected @@ -36,6 +36,9 @@ withDefaultValue | Parameters.cs:22:17:22:19 | M14 | Parameters.cs:22:64:22:67 | arg4 | 0 | Parameters.cs:22:21:22:67 | object creation of type DateTime | - | | Parameters.cs:23:17:23:19 | M15 | Parameters.cs:23:68:23:71 | arg5 | 0 | Parameters.cs:23:21:23:71 | object creation of type DateTime | - | | Parameters.cs:24:17:24:19 | M16 | Parameters.cs:24:64:24:67 | arg6 | 0 | Parameters.cs:24:21:24:67 | 6 | 6 | +| Parameters.cs:25:17:25:19 | M17 | Parameters.cs:25:68:25:71 | arg7 | 0 | Parameters.cs:25:21:25:71 | default | null | +| Parameters.cs:26:17:26:19 | M18 | Parameters.cs:26:63:26:66 | arg8 | 0 | Parameters.cs:26:21:26:66 | 3 | 3 | +| Parameters.cs:27:17:27:19 | M19 | Parameters.cs:27:74:27:77 | arg9 | 0 | Parameters.cs:27:21:27:77 | 10.3 | 10.3 | | Parameters.dll:0:0:0:0 | M2 | Parameters.dll:0:0:0:0 | b | 1 | Parameters.dll:0:0:0:0 | default | null | | Parameters.dll:0:0:0:0 | M2 | Parameters.dll:0:0:0:0 | c | 2 | Parameters.dll:0:0:0:0 | "default string" | default string | | Parameters.dll:0:0:0:0 | M3 | Parameters.dll:0:0:0:0 | a | 0 | Parameters.dll:0:0:0:0 | 1 | 1 | @@ -60,6 +63,9 @@ withDefaultValue | Parameters.dll:0:0:0:0 | M14 | Parameters.dll:0:0:0:0 | arg4 | 0 | Parameters.dll:0:0:0:0 | object creation of type DateTime | - | | Parameters.dll:0:0:0:0 | M15 | Parameters.dll:0:0:0:0 | arg5 | 0 | Parameters.dll:0:0:0:0 | object creation of type DateTime | - | | Parameters.dll:0:0:0:0 | M16 | Parameters.dll:0:0:0:0 | arg6 | 0 | Parameters.dll:0:0:0:0 | 6 | 6 | +| Parameters.dll:0:0:0:0 | M17 | Parameters.dll:0:0:0:0 | arg7 | 0 | Parameters.dll:0:0:0:0 | default | null | +| Parameters.dll:0:0:0:0 | M18 | Parameters.dll:0:0:0:0 | arg8 | 0 | Parameters.dll:0:0:0:0 | 3 | 3 | +| Parameters.dll:0:0:0:0 | M19 | Parameters.dll:0:0:0:0 | arg9 | 0 | Parameters.dll:0:0:0:0 | 10.3 | 10.3 | dateTimeDefaults | Parameters.cs:22:17:22:19 | M14 | Parameters.cs:22:64:22:67 | arg4 | Parameters.cs:22:21:22:67 | object creation of type DateTime | DateTime(long) | 14 | | Parameters.cs:23:17:23:19 | M15 | Parameters.cs:23:68:23:71 | arg5 | Parameters.cs:23:21:23:71 | object creation of type DateTime | DateTime(long) | 10001 | From 3f289b1c99560d3bfabd2f8d712ef53bf0bf6525 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 22 May 2023 14:34:59 +0200 Subject: [PATCH 533/870] C++: Add `cpp/invalid-pointer-deref` false positives --- .../InvalidPointerDeref.expected | 29 +++++++++++++++++++ .../CWE/CWE-193/pointer-deref/test.cpp | 14 +++++++++ 2 files changed, 43 insertions(+) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected index 59d89316088..4ef8b163372 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected @@ -653,6 +653,31 @@ edges | test.cpp:304:15:304:26 | new[] | test.cpp:308:5:308:6 | xs | | test.cpp:308:5:308:6 | xs | test.cpp:308:5:308:11 | access to array | | test.cpp:308:5:308:11 | access to array | test.cpp:308:5:308:29 | Store: ... = ... | +| test.cpp:313:16:313:29 | new[] | test.cpp:314:17:314:18 | xs | +| test.cpp:314:17:314:18 | xs | test.cpp:314:17:314:25 | ... + ... | +| test.cpp:314:17:314:18 | xs | test.cpp:314:17:314:25 | ... + ... | +| test.cpp:314:17:314:18 | xs | test.cpp:318:13:318:20 | * ... | +| test.cpp:314:17:314:25 | ... + ... | test.cpp:318:14:318:20 | current | +| test.cpp:314:17:314:25 | ... + ... | test.cpp:318:14:318:20 | current | +| test.cpp:314:17:314:25 | ... + ... | test.cpp:320:13:320:20 | * ... | +| test.cpp:314:17:314:25 | ... + ... | test.cpp:320:13:320:20 | * ... | +| test.cpp:314:17:314:25 | ... + ... | test.cpp:320:14:320:20 | current | +| test.cpp:314:17:314:25 | ... + ... | test.cpp:320:14:320:20 | current | +| test.cpp:318:13:318:20 | * ... | test.cpp:318:14:318:20 | current | +| test.cpp:318:13:318:20 | * ... | test.cpp:320:13:320:20 | * ... | +| test.cpp:318:13:318:20 | * ... | test.cpp:320:14:320:20 | current | +| test.cpp:318:14:318:20 | current | test.cpp:314:17:314:25 | Store: ... + ... | +| test.cpp:318:14:318:20 | current | test.cpp:318:13:318:20 | Load: * ... | +| test.cpp:318:14:318:20 | current | test.cpp:320:10:320:21 | Store: -- ... | +| test.cpp:318:14:318:20 | current | test.cpp:320:12:320:21 | Load: (...) | +| test.cpp:320:13:320:20 | * ... | test.cpp:314:17:314:25 | Store: ... + ... | +| test.cpp:320:13:320:20 | * ... | test.cpp:318:13:318:20 | Load: * ... | +| test.cpp:320:13:320:20 | * ... | test.cpp:320:10:320:21 | Store: -- ... | +| test.cpp:320:13:320:20 | * ... | test.cpp:320:12:320:21 | Load: (...) | +| test.cpp:320:14:320:20 | current | test.cpp:314:17:314:25 | Store: ... + ... | +| test.cpp:320:14:320:20 | current | test.cpp:318:13:318:20 | Load: * ... | +| test.cpp:320:14:320:20 | current | test.cpp:320:10:320:21 | Store: -- ... | +| test.cpp:320:14:320:20 | current | test.cpp:320:12:320:21 | Load: (...) | subpaths #select | test.cpp:6:14:6:15 | Load: * ... | test.cpp:4:15:4:20 | call to malloc | test.cpp:6:14:6:15 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:4:15:4:20 | call to malloc | call to malloc | test.cpp:5:19:5:22 | size | size | @@ -678,3 +703,7 @@ subpaths | test.cpp:264:13:264:14 | Load: * ... | test.cpp:260:13:260:24 | new[] | test.cpp:264:13:264:14 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:260:13:260:24 | new[] | new[] | test.cpp:261:19:261:21 | len | len | | test.cpp:274:5:274:10 | Store: ... = ... | test.cpp:270:13:270:24 | new[] | test.cpp:274:5:274:10 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:270:13:270:24 | new[] | new[] | test.cpp:271:19:271:21 | len | len | | test.cpp:308:5:308:29 | Store: ... = ... | test.cpp:304:15:304:26 | new[] | test.cpp:308:5:308:29 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:304:15:304:26 | new[] | new[] | test.cpp:308:8:308:10 | ... + ... | ... + ... | +| test.cpp:314:17:314:25 | Store: ... + ... | test.cpp:313:16:313:29 | new[] | test.cpp:314:17:314:25 | Store: ... + ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:313:16:313:29 | new[] | new[] | test.cpp:314:22:314:25 | size | size | +| test.cpp:318:13:318:20 | Load: * ... | test.cpp:313:16:313:29 | new[] | test.cpp:318:13:318:20 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:313:16:313:29 | new[] | new[] | test.cpp:314:22:314:25 | size | size | +| test.cpp:320:10:320:21 | Store: -- ... | test.cpp:313:16:313:29 | new[] | test.cpp:320:10:320:21 | Store: -- ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:313:16:313:29 | new[] | new[] | test.cpp:314:22:314:25 | size | size | +| test.cpp:320:12:320:21 | Load: (...) | test.cpp:313:16:313:29 | new[] | test.cpp:320:12:320:21 | Load: (...) | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:313:16:313:29 | new[] | new[] | test.cpp:314:22:314:25 | size | size | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp index e18b630c26f..05ae4a2ac57 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp @@ -308,3 +308,17 @@ void test21() { xs[i+1] = test21_get(i+1); // GOOD [FALSE POSITIVE] } } + +void test22(unsigned size, int val) { + char *xs = new char[size]; + char *end = xs + size; // GOOD [FALSE POSITIVE] + char **current = &end; + do + { + if( *current - xs < 1 ) // GOOD [FALSE POSITIVE] + return; + *--(*current) = 0; // GOOD [FALSE POSITIVE] + val >>= 8; + } + while( val > 0 ); +} From 183915410d71ddf36201ea12b8f7023d627140af Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Mon, 22 May 2023 15:01:25 +0200 Subject: [PATCH 534/870] Add change note --- .../change-notes/2023-05-22-inputstreamwrapper-transitive.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 java/ql/lib/change-notes/2023-05-22-inputstreamwrapper-transitive.md diff --git a/java/ql/lib/change-notes/2023-05-22-inputstreamwrapper-transitive.md b/java/ql/lib/change-notes/2023-05-22-inputstreamwrapper-transitive.md new file mode 100644 index 00000000000..bba77d98d89 --- /dev/null +++ b/java/ql/lib/change-notes/2023-05-22-inputstreamwrapper-transitive.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Dataflow analysis has a new flow step through constructors of transitive subtypes of `java.io.InputStream` that wrap an underlying data source. Previously, the step only existed for direct subtypes of `java.io.InputStream`. From 9a0f87434e30473d3d669833fc910c957d42db09 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Mon, 22 May 2023 15:10:51 +0200 Subject: [PATCH 535/870] Swift: remove unneeded properties from `InterpolatedStringLiteralExpr` These properties were unused in the QL library (hence the full upgrade/downgrade compatibility). --- .../old.dbscheme | 2618 ++++++++++++++++ .../swift.dbscheme | 2630 +++++++++++++++++ .../upgrade.properties | 2 + .../extractor/translators/ExprTranslator.cpp | 4 - swift/ql/.generated.list | 6 +- .../codeql/swift/generated/ParentChild.qll | 17 +- swift/ql/lib/codeql/swift/generated/Raw.qll | 14 - .../expr/InterpolatedStringLiteralExpr.qll | 57 - swift/ql/lib/swift.dbscheme | 12 - .../integer_literal_exprs.ql | 13 + .../old.dbscheme | 2630 +++++++++++++++++ .../swift.dbscheme | 2618 ++++++++++++++++ .../upgrade.properties | 5 + .../test/library-tests/ast/PrintAst.expected | 6 - swift/schema.py | 2 - 15 files changed, 10521 insertions(+), 113 deletions(-) create mode 100644 swift/downgrades/44e36e15e90bc1535964d9b86b3cd06a8b0d26e3/old.dbscheme create mode 100644 swift/downgrades/44e36e15e90bc1535964d9b86b3cd06a8b0d26e3/swift.dbscheme create mode 100644 swift/downgrades/44e36e15e90bc1535964d9b86b3cd06a8b0d26e3/upgrade.properties create mode 100644 swift/ql/lib/upgrades/ba4171b90d0665b40e9e203bac9e3d4a0b2d03ec/integer_literal_exprs.ql create mode 100644 swift/ql/lib/upgrades/ba4171b90d0665b40e9e203bac9e3d4a0b2d03ec/old.dbscheme create mode 100644 swift/ql/lib/upgrades/ba4171b90d0665b40e9e203bac9e3d4a0b2d03ec/swift.dbscheme create mode 100644 swift/ql/lib/upgrades/ba4171b90d0665b40e9e203bac9e3d4a0b2d03ec/upgrade.properties diff --git a/swift/downgrades/44e36e15e90bc1535964d9b86b3cd06a8b0d26e3/old.dbscheme b/swift/downgrades/44e36e15e90bc1535964d9b86b3cd06a8b0d26e3/old.dbscheme new file mode 100644 index 00000000000..44e36e15e90 --- /dev/null +++ b/swift/downgrades/44e36e15e90bc1535964d9b86b3cd06a8b0d26e3/old.dbscheme @@ -0,0 +1,2618 @@ +// generated by codegen/codegen.py + +// from prefix.dbscheme +/** + * The source location of the snapshot. + */ +sourceLocationPrefix( + string prefix: string ref +); + + +// from schema.py + +@element = + @callable +| @file +| @generic_context +| @locatable +| @location +| @type +; + +#keyset[id] +element_is_unknown( + int id: @element ref +); + +@callable = + @closure_expr +| @function +; + +#keyset[id] +callable_names( + int id: @callable ref, + string name: string ref +); + +#keyset[id] +callable_self_params( + int id: @callable ref, + int self_param: @param_decl_or_none ref +); + +#keyset[id, index] +callable_params( + int id: @callable ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +#keyset[id] +callable_bodies( + int id: @callable ref, + int body: @brace_stmt_or_none ref +); + +#keyset[id, index] +callable_captures( + int id: @callable ref, + int index: int ref, + int capture: @captured_decl_or_none ref +); + +@file = + @db_file +; + +#keyset[id] +files( + int id: @file ref, + string name: string ref +); + +#keyset[id] +file_is_successfully_extracted( + int id: @file ref +); + +@locatable = + @argument +| @ast_node +| @comment +| @diagnostics +| @error_element +; + +#keyset[id] +locatable_locations( + int id: @locatable ref, + int location: @location_or_none ref +); + +@location = + @db_location +; + +#keyset[id] +locations( + int id: @location ref, + int file: @file_or_none ref, + int start_line: int ref, + int start_column: int ref, + int end_line: int ref, + int end_column: int ref +); + +@ast_node = + @availability_info +| @availability_spec +| @case_label_item +| @condition_element +| @decl +| @expr +| @key_path_component +| @pattern +| @stmt +| @stmt_condition +| @type_repr +; + +comments( + unique int id: @comment, + string text: string ref +); + +db_files( + unique int id: @db_file +); + +db_locations( + unique int id: @db_location +); + +diagnostics( + unique int id: @diagnostics, + string text: string ref, + int kind: int ref +); + +@error_element = + @error_expr +| @error_type +| @overloaded_decl_ref_expr +| @unresolved_decl_ref_expr +| @unresolved_dot_expr +| @unresolved_member_chain_result_expr +| @unresolved_member_expr +| @unresolved_pattern_expr +| @unresolved_specialize_expr +| @unresolved_type +| @unresolved_type_conversion_expr +| @unspecified_element +; + +availability_infos( + unique int id: @availability_info +); + +#keyset[id] +availability_info_is_unavailable( + int id: @availability_info ref +); + +#keyset[id, index] +availability_info_specs( + int id: @availability_info ref, + int index: int ref, + int spec: @availability_spec_or_none ref +); + +@availability_spec = + @other_availability_spec +| @platform_version_availability_spec +; + +key_path_components( + unique int id: @key_path_component, + int kind: int ref, + int component_type: @type_or_none ref +); + +#keyset[id, index] +key_path_component_subscript_arguments( + int id: @key_path_component ref, + int index: int ref, + int subscript_argument: @argument_or_none ref +); + +#keyset[id] +key_path_component_tuple_indices( + int id: @key_path_component ref, + int tuple_index: int ref +); + +#keyset[id] +key_path_component_decl_refs( + int id: @key_path_component ref, + int decl_ref: @value_decl_or_none ref +); + +unspecified_elements( + unique int id: @unspecified_element, + string property: string ref, + string error: string ref +); + +#keyset[id] +unspecified_element_parents( + int id: @unspecified_element ref, + int parent: @element ref +); + +#keyset[id] +unspecified_element_indices( + int id: @unspecified_element ref, + int index: int ref +); + +other_availability_specs( + unique int id: @other_availability_spec +); + +platform_version_availability_specs( + unique int id: @platform_version_availability_spec, + string platform: string ref, + string version: string ref +); + +@decl = + @captured_decl +| @enum_case_decl +| @extension_decl +| @if_config_decl +| @import_decl +| @missing_member_decl +| @operator_decl +| @pattern_binding_decl +| @pound_diagnostic_decl +| @precedence_group_decl +| @top_level_code_decl +| @value_decl +; + +#keyset[id] +decls( //dir=decl + int id: @decl ref, + int module: @module_decl_or_none ref +); + +#keyset[id, index] +decl_members( //dir=decl + int id: @decl ref, + int index: int ref, + int member: @decl_or_none ref +); + +@generic_context = + @extension_decl +| @function +| @generic_type_decl +| @subscript_decl +; + +#keyset[id, index] +generic_context_generic_type_params( //dir=decl + int id: @generic_context ref, + int index: int ref, + int generic_type_param: @generic_type_param_decl_or_none ref +); + +captured_decls( //dir=decl + unique int id: @captured_decl, + int decl: @value_decl_or_none ref +); + +#keyset[id] +captured_decl_is_direct( //dir=decl + int id: @captured_decl ref +); + +#keyset[id] +captured_decl_is_escaping( //dir=decl + int id: @captured_decl ref +); + +enum_case_decls( //dir=decl + unique int id: @enum_case_decl +); + +#keyset[id, index] +enum_case_decl_elements( //dir=decl + int id: @enum_case_decl ref, + int index: int ref, + int element: @enum_element_decl_or_none ref +); + +extension_decls( //dir=decl + unique int id: @extension_decl, + int extended_type_decl: @nominal_type_decl_or_none ref +); + +#keyset[id, index] +extension_decl_protocols( //dir=decl + int id: @extension_decl ref, + int index: int ref, + int protocol: @protocol_decl_or_none ref +); + +if_config_decls( //dir=decl + unique int id: @if_config_decl +); + +#keyset[id, index] +if_config_decl_active_elements( //dir=decl + int id: @if_config_decl ref, + int index: int ref, + int active_element: @ast_node_or_none ref +); + +import_decls( //dir=decl + unique int id: @import_decl +); + +#keyset[id] +import_decl_is_exported( //dir=decl + int id: @import_decl ref +); + +#keyset[id] +import_decl_imported_modules( //dir=decl + int id: @import_decl ref, + int imported_module: @module_decl_or_none ref +); + +#keyset[id, index] +import_decl_declarations( //dir=decl + int id: @import_decl ref, + int index: int ref, + int declaration: @value_decl_or_none ref +); + +missing_member_decls( //dir=decl + unique int id: @missing_member_decl, + string name: string ref +); + +@operator_decl = + @infix_operator_decl +| @postfix_operator_decl +| @prefix_operator_decl +; + +#keyset[id] +operator_decls( //dir=decl + int id: @operator_decl ref, + string name: string ref +); + +pattern_binding_decls( //dir=decl + unique int id: @pattern_binding_decl +); + +#keyset[id, index] +pattern_binding_decl_inits( //dir=decl + int id: @pattern_binding_decl ref, + int index: int ref, + int init: @expr_or_none ref +); + +#keyset[id, index] +pattern_binding_decl_patterns( //dir=decl + int id: @pattern_binding_decl ref, + int index: int ref, + int pattern: @pattern_or_none ref +); + +pound_diagnostic_decls( //dir=decl + unique int id: @pound_diagnostic_decl, + int kind: int ref, + int message: @string_literal_expr_or_none ref +); + +precedence_group_decls( //dir=decl + unique int id: @precedence_group_decl +); + +top_level_code_decls( //dir=decl + unique int id: @top_level_code_decl, + int body: @brace_stmt_or_none ref +); + +@value_decl = + @abstract_storage_decl +| @enum_element_decl +| @function +| @type_decl +; + +#keyset[id] +value_decls( //dir=decl + int id: @value_decl ref, + int interface_type: @type_or_none ref +); + +@abstract_storage_decl = + @subscript_decl +| @var_decl +; + +#keyset[id, index] +abstract_storage_decl_accessors( //dir=decl + int id: @abstract_storage_decl ref, + int index: int ref, + int accessor: @accessor_or_none ref +); + +enum_element_decls( //dir=decl + unique int id: @enum_element_decl, + string name: string ref +); + +#keyset[id, index] +enum_element_decl_params( //dir=decl + int id: @enum_element_decl ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +@function = + @accessor_or_named_function +| @deinitializer +| @initializer +; + +infix_operator_decls( //dir=decl + unique int id: @infix_operator_decl +); + +#keyset[id] +infix_operator_decl_precedence_groups( //dir=decl + int id: @infix_operator_decl ref, + int precedence_group: @precedence_group_decl_or_none ref +); + +postfix_operator_decls( //dir=decl + unique int id: @postfix_operator_decl +); + +prefix_operator_decls( //dir=decl + unique int id: @prefix_operator_decl +); + +@type_decl = + @abstract_type_param_decl +| @generic_type_decl +| @module_decl +; + +#keyset[id] +type_decls( //dir=decl + int id: @type_decl ref, + string name: string ref +); + +#keyset[id, index] +type_decl_base_types( //dir=decl + int id: @type_decl ref, + int index: int ref, + int base_type: @type_or_none ref +); + +@abstract_type_param_decl = + @associated_type_decl +| @generic_type_param_decl +; + +@accessor_or_named_function = + @accessor +| @named_function +; + +deinitializers( //dir=decl + unique int id: @deinitializer +); + +@generic_type_decl = + @nominal_type_decl +| @opaque_type_decl +| @type_alias_decl +; + +initializers( //dir=decl + unique int id: @initializer +); + +module_decls( //dir=decl + unique int id: @module_decl +); + +#keyset[id] +module_decl_is_builtin_module( //dir=decl + int id: @module_decl ref +); + +#keyset[id] +module_decl_is_system_module( //dir=decl + int id: @module_decl ref +); + +module_decl_imported_modules( //dir=decl + int id: @module_decl ref, + int imported_module: @module_decl_or_none ref +); + +module_decl_exported_modules( //dir=decl + int id: @module_decl ref, + int exported_module: @module_decl_or_none ref +); + +subscript_decls( //dir=decl + unique int id: @subscript_decl, + int element_type: @type_or_none ref +); + +#keyset[id, index] +subscript_decl_params( //dir=decl + int id: @subscript_decl ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +@var_decl = + @concrete_var_decl +| @param_decl +; + +#keyset[id] +var_decls( //dir=decl + int id: @var_decl ref, + string name: string ref, + int type_: @type_or_none ref +); + +#keyset[id] +var_decl_attached_property_wrapper_types( //dir=decl + int id: @var_decl ref, + int attached_property_wrapper_type: @type_or_none ref +); + +#keyset[id] +var_decl_parent_patterns( //dir=decl + int id: @var_decl ref, + int parent_pattern: @pattern_or_none ref +); + +#keyset[id] +var_decl_parent_initializers( //dir=decl + int id: @var_decl ref, + int parent_initializer: @expr_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_backing_var_bindings( //dir=decl + int id: @var_decl ref, + int property_wrapper_backing_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_backing_vars( //dir=decl + int id: @var_decl ref, + int property_wrapper_backing_var: @var_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_projection_var_bindings( //dir=decl + int id: @var_decl ref, + int property_wrapper_projection_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_projection_vars( //dir=decl + int id: @var_decl ref, + int property_wrapper_projection_var: @var_decl_or_none ref +); + +accessors( //dir=decl + unique int id: @accessor +); + +#keyset[id] +accessor_is_getter( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_setter( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_will_set( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_did_set( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_read( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_modify( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_unsafe_address( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_unsafe_mutable_address( //dir=decl + int id: @accessor ref +); + +associated_type_decls( //dir=decl + unique int id: @associated_type_decl +); + +concrete_var_decls( //dir=decl + unique int id: @concrete_var_decl, + int introducer_int: int ref +); + +generic_type_param_decls( //dir=decl + unique int id: @generic_type_param_decl +); + +named_functions( //dir=decl + unique int id: @named_function +); + +@nominal_type_decl = + @class_decl +| @enum_decl +| @protocol_decl +| @struct_decl +; + +#keyset[id] +nominal_type_decls( //dir=decl + int id: @nominal_type_decl ref, + int type_: @type_or_none ref +); + +opaque_type_decls( //dir=decl + unique int id: @opaque_type_decl, + int naming_declaration: @value_decl_or_none ref +); + +#keyset[id, index] +opaque_type_decl_opaque_generic_params( //dir=decl + int id: @opaque_type_decl ref, + int index: int ref, + int opaque_generic_param: @generic_type_param_type_or_none ref +); + +param_decls( //dir=decl + unique int id: @param_decl +); + +#keyset[id] +param_decl_is_inout( //dir=decl + int id: @param_decl ref +); + +#keyset[id] +param_decl_property_wrapper_local_wrapped_var_bindings( //dir=decl + int id: @param_decl ref, + int property_wrapper_local_wrapped_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +param_decl_property_wrapper_local_wrapped_vars( //dir=decl + int id: @param_decl ref, + int property_wrapper_local_wrapped_var: @var_decl_or_none ref +); + +type_alias_decls( //dir=decl + unique int id: @type_alias_decl, + int aliased_type: @type_or_none ref +); + +class_decls( //dir=decl + unique int id: @class_decl +); + +enum_decls( //dir=decl + unique int id: @enum_decl +); + +protocol_decls( //dir=decl + unique int id: @protocol_decl +); + +struct_decls( //dir=decl + unique int id: @struct_decl +); + +arguments( //dir=expr + unique int id: @argument, + string label: string ref, + int expr: @expr_or_none ref +); + +@expr = + @any_try_expr +| @applied_property_wrapper_expr +| @apply_expr +| @assign_expr +| @bind_optional_expr +| @capture_list_expr +| @closure_expr +| @collection_expr +| @decl_ref_expr +| @default_argument_expr +| @discard_assignment_expr +| @dot_syntax_base_ignored_expr +| @dynamic_type_expr +| @enum_is_case_expr +| @error_expr +| @explicit_cast_expr +| @force_value_expr +| @identity_expr +| @if_expr +| @implicit_conversion_expr +| @in_out_expr +| @key_path_application_expr +| @key_path_dot_expr +| @key_path_expr +| @lazy_initialization_expr +| @literal_expr +| @lookup_expr +| @make_temporarily_escapable_expr +| @obj_c_selector_expr +| @one_way_expr +| @opaque_value_expr +| @open_existential_expr +| @optional_evaluation_expr +| @other_initializer_ref_expr +| @overloaded_decl_ref_expr +| @property_wrapper_value_placeholder_expr +| @rebind_self_in_initializer_expr +| @sequence_expr +| @super_ref_expr +| @tap_expr +| @tuple_element_expr +| @tuple_expr +| @type_expr +| @unresolved_decl_ref_expr +| @unresolved_dot_expr +| @unresolved_member_expr +| @unresolved_pattern_expr +| @unresolved_specialize_expr +| @vararg_expansion_expr +; + +#keyset[id] +expr_types( //dir=expr + int id: @expr ref, + int type_: @type_or_none ref +); + +@any_try_expr = + @force_try_expr +| @optional_try_expr +| @try_expr +; + +#keyset[id] +any_try_exprs( //dir=expr + int id: @any_try_expr ref, + int sub_expr: @expr_or_none ref +); + +applied_property_wrapper_exprs( //dir=expr + unique int id: @applied_property_wrapper_expr, + int kind: int ref, + int value: @expr_or_none ref, + int param: @param_decl_or_none ref +); + +@apply_expr = + @binary_expr +| @call_expr +| @postfix_unary_expr +| @prefix_unary_expr +| @self_apply_expr +; + +#keyset[id] +apply_exprs( //dir=expr + int id: @apply_expr ref, + int function: @expr_or_none ref +); + +#keyset[id, index] +apply_expr_arguments( //dir=expr + int id: @apply_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +assign_exprs( //dir=expr + unique int id: @assign_expr, + int dest: @expr_or_none ref, + int source: @expr_or_none ref +); + +bind_optional_exprs( //dir=expr + unique int id: @bind_optional_expr, + int sub_expr: @expr_or_none ref +); + +capture_list_exprs( //dir=expr + unique int id: @capture_list_expr, + int closure_body: @explicit_closure_expr_or_none ref +); + +#keyset[id, index] +capture_list_expr_binding_decls( //dir=expr + int id: @capture_list_expr ref, + int index: int ref, + int binding_decl: @pattern_binding_decl_or_none ref +); + +@closure_expr = + @auto_closure_expr +| @explicit_closure_expr +; + +@collection_expr = + @array_expr +| @dictionary_expr +; + +decl_ref_exprs( //dir=expr + unique int id: @decl_ref_expr, + int decl: @decl_or_none ref +); + +#keyset[id, index] +decl_ref_expr_replacement_types( //dir=expr + int id: @decl_ref_expr ref, + int index: int ref, + int replacement_type: @type_or_none ref +); + +#keyset[id] +decl_ref_expr_has_direct_to_storage_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_ordinary_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_distributed_thunk_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +default_argument_exprs( //dir=expr + unique int id: @default_argument_expr, + int param_decl: @param_decl_or_none ref, + int param_index: int ref +); + +#keyset[id] +default_argument_expr_caller_side_defaults( //dir=expr + int id: @default_argument_expr ref, + int caller_side_default: @expr_or_none ref +); + +discard_assignment_exprs( //dir=expr + unique int id: @discard_assignment_expr +); + +dot_syntax_base_ignored_exprs( //dir=expr + unique int id: @dot_syntax_base_ignored_expr, + int qualifier: @expr_or_none ref, + int sub_expr: @expr_or_none ref +); + +dynamic_type_exprs( //dir=expr + unique int id: @dynamic_type_expr, + int base: @expr_or_none ref +); + +enum_is_case_exprs( //dir=expr + unique int id: @enum_is_case_expr, + int sub_expr: @expr_or_none ref, + int element: @enum_element_decl_or_none ref +); + +error_exprs( //dir=expr + unique int id: @error_expr +); + +@explicit_cast_expr = + @checked_cast_expr +| @coerce_expr +; + +#keyset[id] +explicit_cast_exprs( //dir=expr + int id: @explicit_cast_expr ref, + int sub_expr: @expr_or_none ref +); + +force_value_exprs( //dir=expr + unique int id: @force_value_expr, + int sub_expr: @expr_or_none ref +); + +@identity_expr = + @await_expr +| @dot_self_expr +| @paren_expr +| @unresolved_member_chain_result_expr +; + +#keyset[id] +identity_exprs( //dir=expr + int id: @identity_expr ref, + int sub_expr: @expr_or_none ref +); + +if_exprs( //dir=expr + unique int id: @if_expr, + int condition: @expr_or_none ref, + int then_expr: @expr_or_none ref, + int else_expr: @expr_or_none ref +); + +@implicit_conversion_expr = + @abi_safe_conversion_expr +| @any_hashable_erasure_expr +| @archetype_to_super_expr +| @array_to_pointer_expr +| @bridge_from_obj_c_expr +| @bridge_to_obj_c_expr +| @class_metatype_to_object_expr +| @collection_upcast_conversion_expr +| @conditional_bridge_from_obj_c_expr +| @covariant_function_conversion_expr +| @covariant_return_conversion_expr +| @derived_to_base_expr +| @destructure_tuple_expr +| @differentiable_function_expr +| @differentiable_function_extract_original_expr +| @erasure_expr +| @existential_metatype_to_object_expr +| @foreign_object_conversion_expr +| @function_conversion_expr +| @in_out_to_pointer_expr +| @inject_into_optional_expr +| @linear_function_expr +| @linear_function_extract_original_expr +| @linear_to_differentiable_function_expr +| @load_expr +| @metatype_conversion_expr +| @pointer_to_pointer_expr +| @protocol_metatype_to_object_expr +| @string_to_pointer_expr +| @underlying_to_opaque_expr +| @unevaluated_instance_expr +| @unresolved_type_conversion_expr +; + +#keyset[id] +implicit_conversion_exprs( //dir=expr + int id: @implicit_conversion_expr ref, + int sub_expr: @expr_or_none ref +); + +in_out_exprs( //dir=expr + unique int id: @in_out_expr, + int sub_expr: @expr_or_none ref +); + +key_path_application_exprs( //dir=expr + unique int id: @key_path_application_expr, + int base: @expr_or_none ref, + int key_path: @expr_or_none ref +); + +key_path_dot_exprs( //dir=expr + unique int id: @key_path_dot_expr +); + +key_path_exprs( //dir=expr + unique int id: @key_path_expr +); + +#keyset[id] +key_path_expr_roots( //dir=expr + int id: @key_path_expr ref, + int root: @type_repr_or_none ref +); + +#keyset[id, index] +key_path_expr_components( //dir=expr + int id: @key_path_expr ref, + int index: int ref, + int component: @key_path_component_or_none ref +); + +lazy_initialization_exprs( //dir=expr + unique int id: @lazy_initialization_expr, + int sub_expr: @expr_or_none ref +); + +@literal_expr = + @builtin_literal_expr +| @interpolated_string_literal_expr +| @nil_literal_expr +| @object_literal_expr +| @regex_literal_expr +; + +@lookup_expr = + @dynamic_lookup_expr +| @member_ref_expr +| @subscript_expr +; + +#keyset[id] +lookup_exprs( //dir=expr + int id: @lookup_expr ref, + int base: @expr_or_none ref +); + +#keyset[id] +lookup_expr_members( //dir=expr + int id: @lookup_expr ref, + int member: @decl_or_none ref +); + +make_temporarily_escapable_exprs( //dir=expr + unique int id: @make_temporarily_escapable_expr, + int escaping_closure: @opaque_value_expr_or_none ref, + int nonescaping_closure: @expr_or_none ref, + int sub_expr: @expr_or_none ref +); + +obj_c_selector_exprs( //dir=expr + unique int id: @obj_c_selector_expr, + int sub_expr: @expr_or_none ref, + int method: @function_or_none ref +); + +one_way_exprs( //dir=expr + unique int id: @one_way_expr, + int sub_expr: @expr_or_none ref +); + +opaque_value_exprs( //dir=expr + unique int id: @opaque_value_expr +); + +open_existential_exprs( //dir=expr + unique int id: @open_existential_expr, + int sub_expr: @expr_or_none ref, + int existential: @expr_or_none ref, + int opaque_expr: @opaque_value_expr_or_none ref +); + +optional_evaluation_exprs( //dir=expr + unique int id: @optional_evaluation_expr, + int sub_expr: @expr_or_none ref +); + +other_initializer_ref_exprs( //dir=expr + unique int id: @other_initializer_ref_expr, + int initializer: @initializer_or_none ref +); + +overloaded_decl_ref_exprs( //dir=expr + unique int id: @overloaded_decl_ref_expr +); + +#keyset[id, index] +overloaded_decl_ref_expr_possible_declarations( //dir=expr + int id: @overloaded_decl_ref_expr ref, + int index: int ref, + int possible_declaration: @value_decl_or_none ref +); + +property_wrapper_value_placeholder_exprs( //dir=expr + unique int id: @property_wrapper_value_placeholder_expr, + int placeholder: @opaque_value_expr_or_none ref +); + +#keyset[id] +property_wrapper_value_placeholder_expr_wrapped_values( //dir=expr + int id: @property_wrapper_value_placeholder_expr ref, + int wrapped_value: @expr_or_none ref +); + +rebind_self_in_initializer_exprs( //dir=expr + unique int id: @rebind_self_in_initializer_expr, + int sub_expr: @expr_or_none ref, + int self: @var_decl_or_none ref +); + +sequence_exprs( //dir=expr + unique int id: @sequence_expr +); + +#keyset[id, index] +sequence_expr_elements( //dir=expr + int id: @sequence_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +super_ref_exprs( //dir=expr + unique int id: @super_ref_expr, + int self: @var_decl_or_none ref +); + +tap_exprs( //dir=expr + unique int id: @tap_expr, + int body: @brace_stmt_or_none ref, + int var: @var_decl_or_none ref +); + +#keyset[id] +tap_expr_sub_exprs( //dir=expr + int id: @tap_expr ref, + int sub_expr: @expr_or_none ref +); + +tuple_element_exprs( //dir=expr + unique int id: @tuple_element_expr, + int sub_expr: @expr_or_none ref, + int index: int ref +); + +tuple_exprs( //dir=expr + unique int id: @tuple_expr +); + +#keyset[id, index] +tuple_expr_elements( //dir=expr + int id: @tuple_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +type_exprs( //dir=expr + unique int id: @type_expr +); + +#keyset[id] +type_expr_type_reprs( //dir=expr + int id: @type_expr ref, + int type_repr: @type_repr_or_none ref +); + +unresolved_decl_ref_exprs( //dir=expr + unique int id: @unresolved_decl_ref_expr +); + +#keyset[id] +unresolved_decl_ref_expr_names( //dir=expr + int id: @unresolved_decl_ref_expr ref, + string name: string ref +); + +unresolved_dot_exprs( //dir=expr + unique int id: @unresolved_dot_expr, + int base: @expr_or_none ref, + string name: string ref +); + +unresolved_member_exprs( //dir=expr + unique int id: @unresolved_member_expr, + string name: string ref +); + +unresolved_pattern_exprs( //dir=expr + unique int id: @unresolved_pattern_expr, + int sub_pattern: @pattern_or_none ref +); + +unresolved_specialize_exprs( //dir=expr + unique int id: @unresolved_specialize_expr, + int sub_expr: @expr_or_none ref +); + +vararg_expansion_exprs( //dir=expr + unique int id: @vararg_expansion_expr, + int sub_expr: @expr_or_none ref +); + +abi_safe_conversion_exprs( //dir=expr + unique int id: @abi_safe_conversion_expr +); + +any_hashable_erasure_exprs( //dir=expr + unique int id: @any_hashable_erasure_expr +); + +archetype_to_super_exprs( //dir=expr + unique int id: @archetype_to_super_expr +); + +array_exprs( //dir=expr + unique int id: @array_expr +); + +#keyset[id, index] +array_expr_elements( //dir=expr + int id: @array_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +array_to_pointer_exprs( //dir=expr + unique int id: @array_to_pointer_expr +); + +auto_closure_exprs( //dir=expr + unique int id: @auto_closure_expr +); + +await_exprs( //dir=expr + unique int id: @await_expr +); + +binary_exprs( //dir=expr + unique int id: @binary_expr +); + +bridge_from_obj_c_exprs( //dir=expr + unique int id: @bridge_from_obj_c_expr +); + +bridge_to_obj_c_exprs( //dir=expr + unique int id: @bridge_to_obj_c_expr +); + +@builtin_literal_expr = + @boolean_literal_expr +| @magic_identifier_literal_expr +| @number_literal_expr +| @string_literal_expr +; + +call_exprs( //dir=expr + unique int id: @call_expr +); + +@checked_cast_expr = + @conditional_checked_cast_expr +| @forced_checked_cast_expr +| @is_expr +; + +class_metatype_to_object_exprs( //dir=expr + unique int id: @class_metatype_to_object_expr +); + +coerce_exprs( //dir=expr + unique int id: @coerce_expr +); + +collection_upcast_conversion_exprs( //dir=expr + unique int id: @collection_upcast_conversion_expr +); + +conditional_bridge_from_obj_c_exprs( //dir=expr + unique int id: @conditional_bridge_from_obj_c_expr +); + +covariant_function_conversion_exprs( //dir=expr + unique int id: @covariant_function_conversion_expr +); + +covariant_return_conversion_exprs( //dir=expr + unique int id: @covariant_return_conversion_expr +); + +derived_to_base_exprs( //dir=expr + unique int id: @derived_to_base_expr +); + +destructure_tuple_exprs( //dir=expr + unique int id: @destructure_tuple_expr +); + +dictionary_exprs( //dir=expr + unique int id: @dictionary_expr +); + +#keyset[id, index] +dictionary_expr_elements( //dir=expr + int id: @dictionary_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +differentiable_function_exprs( //dir=expr + unique int id: @differentiable_function_expr +); + +differentiable_function_extract_original_exprs( //dir=expr + unique int id: @differentiable_function_extract_original_expr +); + +dot_self_exprs( //dir=expr + unique int id: @dot_self_expr +); + +@dynamic_lookup_expr = + @dynamic_member_ref_expr +| @dynamic_subscript_expr +; + +erasure_exprs( //dir=expr + unique int id: @erasure_expr +); + +existential_metatype_to_object_exprs( //dir=expr + unique int id: @existential_metatype_to_object_expr +); + +explicit_closure_exprs( //dir=expr + unique int id: @explicit_closure_expr +); + +force_try_exprs( //dir=expr + unique int id: @force_try_expr +); + +foreign_object_conversion_exprs( //dir=expr + unique int id: @foreign_object_conversion_expr +); + +function_conversion_exprs( //dir=expr + unique int id: @function_conversion_expr +); + +in_out_to_pointer_exprs( //dir=expr + unique int id: @in_out_to_pointer_expr +); + +inject_into_optional_exprs( //dir=expr + unique int id: @inject_into_optional_expr +); + +interpolated_string_literal_exprs( //dir=expr + unique int id: @interpolated_string_literal_expr +); + +#keyset[id] +interpolated_string_literal_expr_interpolation_exprs( //dir=expr + int id: @interpolated_string_literal_expr ref, + int interpolation_expr: @opaque_value_expr_or_none ref +); + +#keyset[id] +interpolated_string_literal_expr_appending_exprs( //dir=expr + int id: @interpolated_string_literal_expr ref, + int appending_expr: @tap_expr_or_none ref +); + +linear_function_exprs( //dir=expr + unique int id: @linear_function_expr +); + +linear_function_extract_original_exprs( //dir=expr + unique int id: @linear_function_extract_original_expr +); + +linear_to_differentiable_function_exprs( //dir=expr + unique int id: @linear_to_differentiable_function_expr +); + +load_exprs( //dir=expr + unique int id: @load_expr +); + +member_ref_exprs( //dir=expr + unique int id: @member_ref_expr +); + +#keyset[id] +member_ref_expr_has_direct_to_storage_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_ordinary_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_distributed_thunk_semantics( //dir=expr + int id: @member_ref_expr ref +); + +metatype_conversion_exprs( //dir=expr + unique int id: @metatype_conversion_expr +); + +nil_literal_exprs( //dir=expr + unique int id: @nil_literal_expr +); + +object_literal_exprs( //dir=expr + unique int id: @object_literal_expr, + int kind: int ref +); + +#keyset[id, index] +object_literal_expr_arguments( //dir=expr + int id: @object_literal_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +optional_try_exprs( //dir=expr + unique int id: @optional_try_expr +); + +paren_exprs( //dir=expr + unique int id: @paren_expr +); + +pointer_to_pointer_exprs( //dir=expr + unique int id: @pointer_to_pointer_expr +); + +postfix_unary_exprs( //dir=expr + unique int id: @postfix_unary_expr +); + +prefix_unary_exprs( //dir=expr + unique int id: @prefix_unary_expr +); + +protocol_metatype_to_object_exprs( //dir=expr + unique int id: @protocol_metatype_to_object_expr +); + +regex_literal_exprs( //dir=expr + unique int id: @regex_literal_expr, + string pattern: string ref, + int version: int ref +); + +@self_apply_expr = + @dot_syntax_call_expr +| @initializer_ref_call_expr +; + +#keyset[id] +self_apply_exprs( //dir=expr + int id: @self_apply_expr ref, + int base: @expr_or_none ref +); + +string_to_pointer_exprs( //dir=expr + unique int id: @string_to_pointer_expr +); + +subscript_exprs( //dir=expr + unique int id: @subscript_expr +); + +#keyset[id, index] +subscript_expr_arguments( //dir=expr + int id: @subscript_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +#keyset[id] +subscript_expr_has_direct_to_storage_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_ordinary_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_distributed_thunk_semantics( //dir=expr + int id: @subscript_expr ref +); + +try_exprs( //dir=expr + unique int id: @try_expr +); + +underlying_to_opaque_exprs( //dir=expr + unique int id: @underlying_to_opaque_expr +); + +unevaluated_instance_exprs( //dir=expr + unique int id: @unevaluated_instance_expr +); + +unresolved_member_chain_result_exprs( //dir=expr + unique int id: @unresolved_member_chain_result_expr +); + +unresolved_type_conversion_exprs( //dir=expr + unique int id: @unresolved_type_conversion_expr +); + +boolean_literal_exprs( //dir=expr + unique int id: @boolean_literal_expr, + boolean value: boolean ref +); + +conditional_checked_cast_exprs( //dir=expr + unique int id: @conditional_checked_cast_expr +); + +dot_syntax_call_exprs( //dir=expr + unique int id: @dot_syntax_call_expr +); + +dynamic_member_ref_exprs( //dir=expr + unique int id: @dynamic_member_ref_expr +); + +dynamic_subscript_exprs( //dir=expr + unique int id: @dynamic_subscript_expr +); + +forced_checked_cast_exprs( //dir=expr + unique int id: @forced_checked_cast_expr +); + +initializer_ref_call_exprs( //dir=expr + unique int id: @initializer_ref_call_expr +); + +is_exprs( //dir=expr + unique int id: @is_expr +); + +magic_identifier_literal_exprs( //dir=expr + unique int id: @magic_identifier_literal_expr, + string kind: string ref +); + +@number_literal_expr = + @float_literal_expr +| @integer_literal_expr +; + +string_literal_exprs( //dir=expr + unique int id: @string_literal_expr, + string value: string ref +); + +float_literal_exprs( //dir=expr + unique int id: @float_literal_expr, + string string_value: string ref +); + +integer_literal_exprs( //dir=expr + unique int id: @integer_literal_expr, + string string_value: string ref +); + +@pattern = + @any_pattern +| @binding_pattern +| @bool_pattern +| @enum_element_pattern +| @expr_pattern +| @is_pattern +| @named_pattern +| @optional_some_pattern +| @paren_pattern +| @tuple_pattern +| @typed_pattern +; + +any_patterns( //dir=pattern + unique int id: @any_pattern +); + +binding_patterns( //dir=pattern + unique int id: @binding_pattern, + int sub_pattern: @pattern_or_none ref +); + +bool_patterns( //dir=pattern + unique int id: @bool_pattern, + boolean value: boolean ref +); + +enum_element_patterns( //dir=pattern + unique int id: @enum_element_pattern, + int element: @enum_element_decl_or_none ref +); + +#keyset[id] +enum_element_pattern_sub_patterns( //dir=pattern + int id: @enum_element_pattern ref, + int sub_pattern: @pattern_or_none ref +); + +expr_patterns( //dir=pattern + unique int id: @expr_pattern, + int sub_expr: @expr_or_none ref +); + +is_patterns( //dir=pattern + unique int id: @is_pattern +); + +#keyset[id] +is_pattern_cast_type_reprs( //dir=pattern + int id: @is_pattern ref, + int cast_type_repr: @type_repr_or_none ref +); + +#keyset[id] +is_pattern_sub_patterns( //dir=pattern + int id: @is_pattern ref, + int sub_pattern: @pattern_or_none ref +); + +named_patterns( //dir=pattern + unique int id: @named_pattern, + string name: string ref +); + +optional_some_patterns( //dir=pattern + unique int id: @optional_some_pattern, + int sub_pattern: @pattern_or_none ref +); + +paren_patterns( //dir=pattern + unique int id: @paren_pattern, + int sub_pattern: @pattern_or_none ref +); + +tuple_patterns( //dir=pattern + unique int id: @tuple_pattern +); + +#keyset[id, index] +tuple_pattern_elements( //dir=pattern + int id: @tuple_pattern ref, + int index: int ref, + int element: @pattern_or_none ref +); + +typed_patterns( //dir=pattern + unique int id: @typed_pattern, + int sub_pattern: @pattern_or_none ref +); + +#keyset[id] +typed_pattern_type_reprs( //dir=pattern + int id: @typed_pattern ref, + int type_repr: @type_repr_or_none ref +); + +case_label_items( //dir=stmt + unique int id: @case_label_item, + int pattern: @pattern_or_none ref +); + +#keyset[id] +case_label_item_guards( //dir=stmt + int id: @case_label_item ref, + int guard: @expr_or_none ref +); + +condition_elements( //dir=stmt + unique int id: @condition_element +); + +#keyset[id] +condition_element_booleans( //dir=stmt + int id: @condition_element ref, + int boolean_: @expr_or_none ref +); + +#keyset[id] +condition_element_patterns( //dir=stmt + int id: @condition_element ref, + int pattern: @pattern_or_none ref +); + +#keyset[id] +condition_element_initializers( //dir=stmt + int id: @condition_element ref, + int initializer: @expr_or_none ref +); + +#keyset[id] +condition_element_availabilities( //dir=stmt + int id: @condition_element ref, + int availability: @availability_info_or_none ref +); + +@stmt = + @brace_stmt +| @break_stmt +| @case_stmt +| @continue_stmt +| @defer_stmt +| @fail_stmt +| @fallthrough_stmt +| @labeled_stmt +| @pound_assert_stmt +| @return_stmt +| @throw_stmt +| @yield_stmt +; + +stmt_conditions( //dir=stmt + unique int id: @stmt_condition +); + +#keyset[id, index] +stmt_condition_elements( //dir=stmt + int id: @stmt_condition ref, + int index: int ref, + int element: @condition_element_or_none ref +); + +brace_stmts( //dir=stmt + unique int id: @brace_stmt +); + +#keyset[id, index] +brace_stmt_elements( //dir=stmt + int id: @brace_stmt ref, + int index: int ref, + int element: @ast_node_or_none ref +); + +break_stmts( //dir=stmt + unique int id: @break_stmt +); + +#keyset[id] +break_stmt_target_names( //dir=stmt + int id: @break_stmt ref, + string target_name: string ref +); + +#keyset[id] +break_stmt_targets( //dir=stmt + int id: @break_stmt ref, + int target: @stmt_or_none ref +); + +case_stmts( //dir=stmt + unique int id: @case_stmt, + int body: @stmt_or_none ref +); + +#keyset[id, index] +case_stmt_labels( //dir=stmt + int id: @case_stmt ref, + int index: int ref, + int label: @case_label_item_or_none ref +); + +#keyset[id, index] +case_stmt_variables( //dir=stmt + int id: @case_stmt ref, + int index: int ref, + int variable: @var_decl_or_none ref +); + +continue_stmts( //dir=stmt + unique int id: @continue_stmt +); + +#keyset[id] +continue_stmt_target_names( //dir=stmt + int id: @continue_stmt ref, + string target_name: string ref +); + +#keyset[id] +continue_stmt_targets( //dir=stmt + int id: @continue_stmt ref, + int target: @stmt_or_none ref +); + +defer_stmts( //dir=stmt + unique int id: @defer_stmt, + int body: @brace_stmt_or_none ref +); + +fail_stmts( //dir=stmt + unique int id: @fail_stmt +); + +fallthrough_stmts( //dir=stmt + unique int id: @fallthrough_stmt, + int fallthrough_source: @case_stmt_or_none ref, + int fallthrough_dest: @case_stmt_or_none ref +); + +@labeled_stmt = + @do_catch_stmt +| @do_stmt +| @for_each_stmt +| @labeled_conditional_stmt +| @repeat_while_stmt +| @switch_stmt +; + +#keyset[id] +labeled_stmt_labels( //dir=stmt + int id: @labeled_stmt ref, + string label: string ref +); + +pound_assert_stmts( //dir=stmt + unique int id: @pound_assert_stmt, + int condition: @expr_or_none ref, + string message: string ref +); + +return_stmts( //dir=stmt + unique int id: @return_stmt +); + +#keyset[id] +return_stmt_results( //dir=stmt + int id: @return_stmt ref, + int result: @expr_or_none ref +); + +throw_stmts( //dir=stmt + unique int id: @throw_stmt, + int sub_expr: @expr_or_none ref +); + +yield_stmts( //dir=stmt + unique int id: @yield_stmt +); + +#keyset[id, index] +yield_stmt_results( //dir=stmt + int id: @yield_stmt ref, + int index: int ref, + int result: @expr_or_none ref +); + +do_catch_stmts( //dir=stmt + unique int id: @do_catch_stmt, + int body: @stmt_or_none ref +); + +#keyset[id, index] +do_catch_stmt_catches( //dir=stmt + int id: @do_catch_stmt ref, + int index: int ref, + int catch: @case_stmt_or_none ref +); + +do_stmts( //dir=stmt + unique int id: @do_stmt, + int body: @brace_stmt_or_none ref +); + +for_each_stmts( //dir=stmt + unique int id: @for_each_stmt, + int pattern: @pattern_or_none ref, + int sequence: @expr_or_none ref, + int body: @brace_stmt_or_none ref +); + +#keyset[id] +for_each_stmt_wheres( //dir=stmt + int id: @for_each_stmt ref, + int where: @expr_or_none ref +); + +@labeled_conditional_stmt = + @guard_stmt +| @if_stmt +| @while_stmt +; + +#keyset[id] +labeled_conditional_stmts( //dir=stmt + int id: @labeled_conditional_stmt ref, + int condition: @stmt_condition_or_none ref +); + +repeat_while_stmts( //dir=stmt + unique int id: @repeat_while_stmt, + int condition: @expr_or_none ref, + int body: @stmt_or_none ref +); + +switch_stmts( //dir=stmt + unique int id: @switch_stmt, + int expr: @expr_or_none ref +); + +#keyset[id, index] +switch_stmt_cases( //dir=stmt + int id: @switch_stmt ref, + int index: int ref, + int case_: @case_stmt_or_none ref +); + +guard_stmts( //dir=stmt + unique int id: @guard_stmt, + int body: @brace_stmt_or_none ref +); + +if_stmts( //dir=stmt + unique int id: @if_stmt, + int then: @stmt_or_none ref +); + +#keyset[id] +if_stmt_elses( //dir=stmt + int id: @if_stmt ref, + int else: @stmt_or_none ref +); + +while_stmts( //dir=stmt + unique int id: @while_stmt, + int body: @stmt_or_none ref +); + +@type = + @any_function_type +| @any_generic_type +| @any_metatype_type +| @builtin_type +| @dependent_member_type +| @dynamic_self_type +| @error_type +| @existential_type +| @in_out_type +| @l_value_type +| @module_type +| @parameterized_protocol_type +| @protocol_composition_type +| @reference_storage_type +| @substitutable_type +| @sugar_type +| @tuple_type +| @unresolved_type +; + +#keyset[id] +types( //dir=type + int id: @type ref, + string name: string ref, + int canonical_type: @type_or_none ref +); + +type_reprs( //dir=type + unique int id: @type_repr, + int type_: @type_or_none ref +); + +@any_function_type = + @function_type +| @generic_function_type +; + +#keyset[id] +any_function_types( //dir=type + int id: @any_function_type ref, + int result: @type_or_none ref +); + +#keyset[id, index] +any_function_type_param_types( //dir=type + int id: @any_function_type ref, + int index: int ref, + int param_type: @type_or_none ref +); + +#keyset[id] +any_function_type_is_throwing( //dir=type + int id: @any_function_type ref +); + +#keyset[id] +any_function_type_is_async( //dir=type + int id: @any_function_type ref +); + +@any_generic_type = + @nominal_or_bound_generic_nominal_type +| @unbound_generic_type +; + +#keyset[id] +any_generic_types( //dir=type + int id: @any_generic_type ref, + int declaration: @generic_type_decl_or_none ref +); + +#keyset[id] +any_generic_type_parents( //dir=type + int id: @any_generic_type ref, + int parent: @type_or_none ref +); + +@any_metatype_type = + @existential_metatype_type +| @metatype_type +; + +@builtin_type = + @any_builtin_integer_type +| @builtin_bridge_object_type +| @builtin_default_actor_storage_type +| @builtin_executor_type +| @builtin_float_type +| @builtin_job_type +| @builtin_native_object_type +| @builtin_raw_pointer_type +| @builtin_raw_unsafe_continuation_type +| @builtin_unsafe_value_buffer_type +| @builtin_vector_type +; + +dependent_member_types( //dir=type + unique int id: @dependent_member_type, + int base_type: @type_or_none ref, + int associated_type_decl: @associated_type_decl_or_none ref +); + +dynamic_self_types( //dir=type + unique int id: @dynamic_self_type, + int static_self_type: @type_or_none ref +); + +error_types( //dir=type + unique int id: @error_type +); + +existential_types( //dir=type + unique int id: @existential_type, + int constraint: @type_or_none ref +); + +in_out_types( //dir=type + unique int id: @in_out_type, + int object_type: @type_or_none ref +); + +l_value_types( //dir=type + unique int id: @l_value_type, + int object_type: @type_or_none ref +); + +module_types( //dir=type + unique int id: @module_type, + int module: @module_decl_or_none ref +); + +parameterized_protocol_types( //dir=type + unique int id: @parameterized_protocol_type, + int base: @protocol_type_or_none ref +); + +#keyset[id, index] +parameterized_protocol_type_args( //dir=type + int id: @parameterized_protocol_type ref, + int index: int ref, + int arg: @type_or_none ref +); + +protocol_composition_types( //dir=type + unique int id: @protocol_composition_type +); + +#keyset[id, index] +protocol_composition_type_members( //dir=type + int id: @protocol_composition_type ref, + int index: int ref, + int member: @type_or_none ref +); + +@reference_storage_type = + @unmanaged_storage_type +| @unowned_storage_type +| @weak_storage_type +; + +#keyset[id] +reference_storage_types( //dir=type + int id: @reference_storage_type ref, + int referent_type: @type_or_none ref +); + +@substitutable_type = + @archetype_type +| @generic_type_param_type +; + +@sugar_type = + @paren_type +| @syntax_sugar_type +| @type_alias_type +; + +tuple_types( //dir=type + unique int id: @tuple_type +); + +#keyset[id, index] +tuple_type_types( //dir=type + int id: @tuple_type ref, + int index: int ref, + int type_: @type_or_none ref +); + +#keyset[id, index] +tuple_type_names( //dir=type + int id: @tuple_type ref, + int index: int ref, + string name: string ref +); + +unresolved_types( //dir=type + unique int id: @unresolved_type +); + +@any_builtin_integer_type = + @builtin_integer_literal_type +| @builtin_integer_type +; + +@archetype_type = + @opaque_type_archetype_type +| @opened_archetype_type +| @primary_archetype_type +; + +#keyset[id] +archetype_types( //dir=type + int id: @archetype_type ref, + int interface_type: @type_or_none ref +); + +#keyset[id] +archetype_type_superclasses( //dir=type + int id: @archetype_type ref, + int superclass: @type_or_none ref +); + +#keyset[id, index] +archetype_type_protocols( //dir=type + int id: @archetype_type ref, + int index: int ref, + int protocol: @protocol_decl_or_none ref +); + +builtin_bridge_object_types( //dir=type + unique int id: @builtin_bridge_object_type +); + +builtin_default_actor_storage_types( //dir=type + unique int id: @builtin_default_actor_storage_type +); + +builtin_executor_types( //dir=type + unique int id: @builtin_executor_type +); + +builtin_float_types( //dir=type + unique int id: @builtin_float_type +); + +builtin_job_types( //dir=type + unique int id: @builtin_job_type +); + +builtin_native_object_types( //dir=type + unique int id: @builtin_native_object_type +); + +builtin_raw_pointer_types( //dir=type + unique int id: @builtin_raw_pointer_type +); + +builtin_raw_unsafe_continuation_types( //dir=type + unique int id: @builtin_raw_unsafe_continuation_type +); + +builtin_unsafe_value_buffer_types( //dir=type + unique int id: @builtin_unsafe_value_buffer_type +); + +builtin_vector_types( //dir=type + unique int id: @builtin_vector_type +); + +existential_metatype_types( //dir=type + unique int id: @existential_metatype_type +); + +function_types( //dir=type + unique int id: @function_type +); + +generic_function_types( //dir=type + unique int id: @generic_function_type +); + +#keyset[id, index] +generic_function_type_generic_params( //dir=type + int id: @generic_function_type ref, + int index: int ref, + int generic_param: @generic_type_param_type_or_none ref +); + +generic_type_param_types( //dir=type + unique int id: @generic_type_param_type +); + +metatype_types( //dir=type + unique int id: @metatype_type +); + +@nominal_or_bound_generic_nominal_type = + @bound_generic_type +| @nominal_type +; + +paren_types( //dir=type + unique int id: @paren_type, + int type_: @type_or_none ref +); + +@syntax_sugar_type = + @dictionary_type +| @unary_syntax_sugar_type +; + +type_alias_types( //dir=type + unique int id: @type_alias_type, + int decl: @type_alias_decl_or_none ref +); + +unbound_generic_types( //dir=type + unique int id: @unbound_generic_type +); + +unmanaged_storage_types( //dir=type + unique int id: @unmanaged_storage_type +); + +unowned_storage_types( //dir=type + unique int id: @unowned_storage_type +); + +weak_storage_types( //dir=type + unique int id: @weak_storage_type +); + +@bound_generic_type = + @bound_generic_class_type +| @bound_generic_enum_type +| @bound_generic_struct_type +; + +#keyset[id, index] +bound_generic_type_arg_types( //dir=type + int id: @bound_generic_type ref, + int index: int ref, + int arg_type: @type_or_none ref +); + +builtin_integer_literal_types( //dir=type + unique int id: @builtin_integer_literal_type +); + +builtin_integer_types( //dir=type + unique int id: @builtin_integer_type +); + +#keyset[id] +builtin_integer_type_widths( //dir=type + int id: @builtin_integer_type ref, + int width: int ref +); + +dictionary_types( //dir=type + unique int id: @dictionary_type, + int key_type: @type_or_none ref, + int value_type: @type_or_none ref +); + +@nominal_type = + @class_type +| @enum_type +| @protocol_type +| @struct_type +; + +opaque_type_archetype_types( //dir=type + unique int id: @opaque_type_archetype_type, + int declaration: @opaque_type_decl_or_none ref +); + +opened_archetype_types( //dir=type + unique int id: @opened_archetype_type +); + +primary_archetype_types( //dir=type + unique int id: @primary_archetype_type +); + +@unary_syntax_sugar_type = + @array_slice_type +| @optional_type +| @variadic_sequence_type +; + +#keyset[id] +unary_syntax_sugar_types( //dir=type + int id: @unary_syntax_sugar_type ref, + int base_type: @type_or_none ref +); + +array_slice_types( //dir=type + unique int id: @array_slice_type +); + +bound_generic_class_types( //dir=type + unique int id: @bound_generic_class_type +); + +bound_generic_enum_types( //dir=type + unique int id: @bound_generic_enum_type +); + +bound_generic_struct_types( //dir=type + unique int id: @bound_generic_struct_type +); + +class_types( //dir=type + unique int id: @class_type +); + +enum_types( //dir=type + unique int id: @enum_type +); + +optional_types( //dir=type + unique int id: @optional_type +); + +protocol_types( //dir=type + unique int id: @protocol_type +); + +struct_types( //dir=type + unique int id: @struct_type +); + +variadic_sequence_types( //dir=type + unique int id: @variadic_sequence_type +); + +@accessor_or_none = + @accessor +| @unspecified_element +; + +@argument_or_none = + @argument +| @unspecified_element +; + +@associated_type_decl_or_none = + @associated_type_decl +| @unspecified_element +; + +@ast_node_or_none = + @ast_node +| @unspecified_element +; + +@availability_info_or_none = + @availability_info +| @unspecified_element +; + +@availability_spec_or_none = + @availability_spec +| @unspecified_element +; + +@brace_stmt_or_none = + @brace_stmt +| @unspecified_element +; + +@captured_decl_or_none = + @captured_decl +| @unspecified_element +; + +@case_label_item_or_none = + @case_label_item +| @unspecified_element +; + +@case_stmt_or_none = + @case_stmt +| @unspecified_element +; + +@condition_element_or_none = + @condition_element +| @unspecified_element +; + +@decl_or_none = + @decl +| @unspecified_element +; + +@enum_element_decl_or_none = + @enum_element_decl +| @unspecified_element +; + +@explicit_closure_expr_or_none = + @explicit_closure_expr +| @unspecified_element +; + +@expr_or_none = + @expr +| @unspecified_element +; + +@file_or_none = + @file +| @unspecified_element +; + +@function_or_none = + @function +| @unspecified_element +; + +@generic_type_decl_or_none = + @generic_type_decl +| @unspecified_element +; + +@generic_type_param_decl_or_none = + @generic_type_param_decl +| @unspecified_element +; + +@generic_type_param_type_or_none = + @generic_type_param_type +| @unspecified_element +; + +@initializer_or_none = + @initializer +| @unspecified_element +; + +@key_path_component_or_none = + @key_path_component +| @unspecified_element +; + +@location_or_none = + @location +| @unspecified_element +; + +@module_decl_or_none = + @module_decl +| @unspecified_element +; + +@nominal_type_decl_or_none = + @nominal_type_decl +| @unspecified_element +; + +@opaque_type_decl_or_none = + @opaque_type_decl +| @unspecified_element +; + +@opaque_value_expr_or_none = + @opaque_value_expr +| @unspecified_element +; + +@param_decl_or_none = + @param_decl +| @unspecified_element +; + +@pattern_or_none = + @pattern +| @unspecified_element +; + +@pattern_binding_decl_or_none = + @pattern_binding_decl +| @unspecified_element +; + +@precedence_group_decl_or_none = + @precedence_group_decl +| @unspecified_element +; + +@protocol_decl_or_none = + @protocol_decl +| @unspecified_element +; + +@protocol_type_or_none = + @protocol_type +| @unspecified_element +; + +@stmt_or_none = + @stmt +| @unspecified_element +; + +@stmt_condition_or_none = + @stmt_condition +| @unspecified_element +; + +@string_literal_expr_or_none = + @string_literal_expr +| @unspecified_element +; + +@tap_expr_or_none = + @tap_expr +| @unspecified_element +; + +@type_or_none = + @type +| @unspecified_element +; + +@type_alias_decl_or_none = + @type_alias_decl +| @unspecified_element +; + +@type_repr_or_none = + @type_repr +| @unspecified_element +; + +@value_decl_or_none = + @unspecified_element +| @value_decl +; + +@var_decl_or_none = + @unspecified_element +| @var_decl +; diff --git a/swift/downgrades/44e36e15e90bc1535964d9b86b3cd06a8b0d26e3/swift.dbscheme b/swift/downgrades/44e36e15e90bc1535964d9b86b3cd06a8b0d26e3/swift.dbscheme new file mode 100644 index 00000000000..ba4171b90d0 --- /dev/null +++ b/swift/downgrades/44e36e15e90bc1535964d9b86b3cd06a8b0d26e3/swift.dbscheme @@ -0,0 +1,2630 @@ +// generated by codegen/codegen.py + +// from prefix.dbscheme +/** + * The source location of the snapshot. + */ +sourceLocationPrefix( + string prefix: string ref +); + + +// from schema.py + +@element = + @callable +| @file +| @generic_context +| @locatable +| @location +| @type +; + +#keyset[id] +element_is_unknown( + int id: @element ref +); + +@callable = + @closure_expr +| @function +; + +#keyset[id] +callable_names( + int id: @callable ref, + string name: string ref +); + +#keyset[id] +callable_self_params( + int id: @callable ref, + int self_param: @param_decl_or_none ref +); + +#keyset[id, index] +callable_params( + int id: @callable ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +#keyset[id] +callable_bodies( + int id: @callable ref, + int body: @brace_stmt_or_none ref +); + +#keyset[id, index] +callable_captures( + int id: @callable ref, + int index: int ref, + int capture: @captured_decl_or_none ref +); + +@file = + @db_file +; + +#keyset[id] +files( + int id: @file ref, + string name: string ref +); + +#keyset[id] +file_is_successfully_extracted( + int id: @file ref +); + +@locatable = + @argument +| @ast_node +| @comment +| @diagnostics +| @error_element +; + +#keyset[id] +locatable_locations( + int id: @locatable ref, + int location: @location_or_none ref +); + +@location = + @db_location +; + +#keyset[id] +locations( + int id: @location ref, + int file: @file_or_none ref, + int start_line: int ref, + int start_column: int ref, + int end_line: int ref, + int end_column: int ref +); + +@ast_node = + @availability_info +| @availability_spec +| @case_label_item +| @condition_element +| @decl +| @expr +| @key_path_component +| @pattern +| @stmt +| @stmt_condition +| @type_repr +; + +comments( + unique int id: @comment, + string text: string ref +); + +db_files( + unique int id: @db_file +); + +db_locations( + unique int id: @db_location +); + +diagnostics( + unique int id: @diagnostics, + string text: string ref, + int kind: int ref +); + +@error_element = + @error_expr +| @error_type +| @overloaded_decl_ref_expr +| @unresolved_decl_ref_expr +| @unresolved_dot_expr +| @unresolved_member_chain_result_expr +| @unresolved_member_expr +| @unresolved_pattern_expr +| @unresolved_specialize_expr +| @unresolved_type +| @unresolved_type_conversion_expr +| @unspecified_element +; + +availability_infos( + unique int id: @availability_info +); + +#keyset[id] +availability_info_is_unavailable( + int id: @availability_info ref +); + +#keyset[id, index] +availability_info_specs( + int id: @availability_info ref, + int index: int ref, + int spec: @availability_spec_or_none ref +); + +@availability_spec = + @other_availability_spec +| @platform_version_availability_spec +; + +key_path_components( + unique int id: @key_path_component, + int kind: int ref, + int component_type: @type_or_none ref +); + +#keyset[id, index] +key_path_component_subscript_arguments( + int id: @key_path_component ref, + int index: int ref, + int subscript_argument: @argument_or_none ref +); + +#keyset[id] +key_path_component_tuple_indices( + int id: @key_path_component ref, + int tuple_index: int ref +); + +#keyset[id] +key_path_component_decl_refs( + int id: @key_path_component ref, + int decl_ref: @value_decl_or_none ref +); + +unspecified_elements( + unique int id: @unspecified_element, + string property: string ref, + string error: string ref +); + +#keyset[id] +unspecified_element_parents( + int id: @unspecified_element ref, + int parent: @element ref +); + +#keyset[id] +unspecified_element_indices( + int id: @unspecified_element ref, + int index: int ref +); + +other_availability_specs( + unique int id: @other_availability_spec +); + +platform_version_availability_specs( + unique int id: @platform_version_availability_spec, + string platform: string ref, + string version: string ref +); + +@decl = + @captured_decl +| @enum_case_decl +| @extension_decl +| @if_config_decl +| @import_decl +| @missing_member_decl +| @operator_decl +| @pattern_binding_decl +| @pound_diagnostic_decl +| @precedence_group_decl +| @top_level_code_decl +| @value_decl +; + +#keyset[id] +decls( //dir=decl + int id: @decl ref, + int module: @module_decl_or_none ref +); + +#keyset[id, index] +decl_members( //dir=decl + int id: @decl ref, + int index: int ref, + int member: @decl_or_none ref +); + +@generic_context = + @extension_decl +| @function +| @generic_type_decl +| @subscript_decl +; + +#keyset[id, index] +generic_context_generic_type_params( //dir=decl + int id: @generic_context ref, + int index: int ref, + int generic_type_param: @generic_type_param_decl_or_none ref +); + +captured_decls( //dir=decl + unique int id: @captured_decl, + int decl: @value_decl_or_none ref +); + +#keyset[id] +captured_decl_is_direct( //dir=decl + int id: @captured_decl ref +); + +#keyset[id] +captured_decl_is_escaping( //dir=decl + int id: @captured_decl ref +); + +enum_case_decls( //dir=decl + unique int id: @enum_case_decl +); + +#keyset[id, index] +enum_case_decl_elements( //dir=decl + int id: @enum_case_decl ref, + int index: int ref, + int element: @enum_element_decl_or_none ref +); + +extension_decls( //dir=decl + unique int id: @extension_decl, + int extended_type_decl: @nominal_type_decl_or_none ref +); + +#keyset[id, index] +extension_decl_protocols( //dir=decl + int id: @extension_decl ref, + int index: int ref, + int protocol: @protocol_decl_or_none ref +); + +if_config_decls( //dir=decl + unique int id: @if_config_decl +); + +#keyset[id, index] +if_config_decl_active_elements( //dir=decl + int id: @if_config_decl ref, + int index: int ref, + int active_element: @ast_node_or_none ref +); + +import_decls( //dir=decl + unique int id: @import_decl +); + +#keyset[id] +import_decl_is_exported( //dir=decl + int id: @import_decl ref +); + +#keyset[id] +import_decl_imported_modules( //dir=decl + int id: @import_decl ref, + int imported_module: @module_decl_or_none ref +); + +#keyset[id, index] +import_decl_declarations( //dir=decl + int id: @import_decl ref, + int index: int ref, + int declaration: @value_decl_or_none ref +); + +missing_member_decls( //dir=decl + unique int id: @missing_member_decl, + string name: string ref +); + +@operator_decl = + @infix_operator_decl +| @postfix_operator_decl +| @prefix_operator_decl +; + +#keyset[id] +operator_decls( //dir=decl + int id: @operator_decl ref, + string name: string ref +); + +pattern_binding_decls( //dir=decl + unique int id: @pattern_binding_decl +); + +#keyset[id, index] +pattern_binding_decl_inits( //dir=decl + int id: @pattern_binding_decl ref, + int index: int ref, + int init: @expr_or_none ref +); + +#keyset[id, index] +pattern_binding_decl_patterns( //dir=decl + int id: @pattern_binding_decl ref, + int index: int ref, + int pattern: @pattern_or_none ref +); + +pound_diagnostic_decls( //dir=decl + unique int id: @pound_diagnostic_decl, + int kind: int ref, + int message: @string_literal_expr_or_none ref +); + +precedence_group_decls( //dir=decl + unique int id: @precedence_group_decl +); + +top_level_code_decls( //dir=decl + unique int id: @top_level_code_decl, + int body: @brace_stmt_or_none ref +); + +@value_decl = + @abstract_storage_decl +| @enum_element_decl +| @function +| @type_decl +; + +#keyset[id] +value_decls( //dir=decl + int id: @value_decl ref, + int interface_type: @type_or_none ref +); + +@abstract_storage_decl = + @subscript_decl +| @var_decl +; + +#keyset[id, index] +abstract_storage_decl_accessors( //dir=decl + int id: @abstract_storage_decl ref, + int index: int ref, + int accessor: @accessor_or_none ref +); + +enum_element_decls( //dir=decl + unique int id: @enum_element_decl, + string name: string ref +); + +#keyset[id, index] +enum_element_decl_params( //dir=decl + int id: @enum_element_decl ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +@function = + @accessor_or_named_function +| @deinitializer +| @initializer +; + +infix_operator_decls( //dir=decl + unique int id: @infix_operator_decl +); + +#keyset[id] +infix_operator_decl_precedence_groups( //dir=decl + int id: @infix_operator_decl ref, + int precedence_group: @precedence_group_decl_or_none ref +); + +postfix_operator_decls( //dir=decl + unique int id: @postfix_operator_decl +); + +prefix_operator_decls( //dir=decl + unique int id: @prefix_operator_decl +); + +@type_decl = + @abstract_type_param_decl +| @generic_type_decl +| @module_decl +; + +#keyset[id] +type_decls( //dir=decl + int id: @type_decl ref, + string name: string ref +); + +#keyset[id, index] +type_decl_base_types( //dir=decl + int id: @type_decl ref, + int index: int ref, + int base_type: @type_or_none ref +); + +@abstract_type_param_decl = + @associated_type_decl +| @generic_type_param_decl +; + +@accessor_or_named_function = + @accessor +| @named_function +; + +deinitializers( //dir=decl + unique int id: @deinitializer +); + +@generic_type_decl = + @nominal_type_decl +| @opaque_type_decl +| @type_alias_decl +; + +initializers( //dir=decl + unique int id: @initializer +); + +module_decls( //dir=decl + unique int id: @module_decl +); + +#keyset[id] +module_decl_is_builtin_module( //dir=decl + int id: @module_decl ref +); + +#keyset[id] +module_decl_is_system_module( //dir=decl + int id: @module_decl ref +); + +module_decl_imported_modules( //dir=decl + int id: @module_decl ref, + int imported_module: @module_decl_or_none ref +); + +module_decl_exported_modules( //dir=decl + int id: @module_decl ref, + int exported_module: @module_decl_or_none ref +); + +subscript_decls( //dir=decl + unique int id: @subscript_decl, + int element_type: @type_or_none ref +); + +#keyset[id, index] +subscript_decl_params( //dir=decl + int id: @subscript_decl ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +@var_decl = + @concrete_var_decl +| @param_decl +; + +#keyset[id] +var_decls( //dir=decl + int id: @var_decl ref, + string name: string ref, + int type_: @type_or_none ref +); + +#keyset[id] +var_decl_attached_property_wrapper_types( //dir=decl + int id: @var_decl ref, + int attached_property_wrapper_type: @type_or_none ref +); + +#keyset[id] +var_decl_parent_patterns( //dir=decl + int id: @var_decl ref, + int parent_pattern: @pattern_or_none ref +); + +#keyset[id] +var_decl_parent_initializers( //dir=decl + int id: @var_decl ref, + int parent_initializer: @expr_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_backing_var_bindings( //dir=decl + int id: @var_decl ref, + int property_wrapper_backing_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_backing_vars( //dir=decl + int id: @var_decl ref, + int property_wrapper_backing_var: @var_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_projection_var_bindings( //dir=decl + int id: @var_decl ref, + int property_wrapper_projection_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_projection_vars( //dir=decl + int id: @var_decl ref, + int property_wrapper_projection_var: @var_decl_or_none ref +); + +accessors( //dir=decl + unique int id: @accessor +); + +#keyset[id] +accessor_is_getter( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_setter( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_will_set( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_did_set( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_read( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_modify( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_unsafe_address( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_unsafe_mutable_address( //dir=decl + int id: @accessor ref +); + +associated_type_decls( //dir=decl + unique int id: @associated_type_decl +); + +concrete_var_decls( //dir=decl + unique int id: @concrete_var_decl, + int introducer_int: int ref +); + +generic_type_param_decls( //dir=decl + unique int id: @generic_type_param_decl +); + +named_functions( //dir=decl + unique int id: @named_function +); + +@nominal_type_decl = + @class_decl +| @enum_decl +| @protocol_decl +| @struct_decl +; + +#keyset[id] +nominal_type_decls( //dir=decl + int id: @nominal_type_decl ref, + int type_: @type_or_none ref +); + +opaque_type_decls( //dir=decl + unique int id: @opaque_type_decl, + int naming_declaration: @value_decl_or_none ref +); + +#keyset[id, index] +opaque_type_decl_opaque_generic_params( //dir=decl + int id: @opaque_type_decl ref, + int index: int ref, + int opaque_generic_param: @generic_type_param_type_or_none ref +); + +param_decls( //dir=decl + unique int id: @param_decl +); + +#keyset[id] +param_decl_is_inout( //dir=decl + int id: @param_decl ref +); + +#keyset[id] +param_decl_property_wrapper_local_wrapped_var_bindings( //dir=decl + int id: @param_decl ref, + int property_wrapper_local_wrapped_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +param_decl_property_wrapper_local_wrapped_vars( //dir=decl + int id: @param_decl ref, + int property_wrapper_local_wrapped_var: @var_decl_or_none ref +); + +type_alias_decls( //dir=decl + unique int id: @type_alias_decl, + int aliased_type: @type_or_none ref +); + +class_decls( //dir=decl + unique int id: @class_decl +); + +enum_decls( //dir=decl + unique int id: @enum_decl +); + +protocol_decls( //dir=decl + unique int id: @protocol_decl +); + +struct_decls( //dir=decl + unique int id: @struct_decl +); + +arguments( //dir=expr + unique int id: @argument, + string label: string ref, + int expr: @expr_or_none ref +); + +@expr = + @any_try_expr +| @applied_property_wrapper_expr +| @apply_expr +| @assign_expr +| @bind_optional_expr +| @capture_list_expr +| @closure_expr +| @collection_expr +| @decl_ref_expr +| @default_argument_expr +| @discard_assignment_expr +| @dot_syntax_base_ignored_expr +| @dynamic_type_expr +| @enum_is_case_expr +| @error_expr +| @explicit_cast_expr +| @force_value_expr +| @identity_expr +| @if_expr +| @implicit_conversion_expr +| @in_out_expr +| @key_path_application_expr +| @key_path_dot_expr +| @key_path_expr +| @lazy_initialization_expr +| @literal_expr +| @lookup_expr +| @make_temporarily_escapable_expr +| @obj_c_selector_expr +| @one_way_expr +| @opaque_value_expr +| @open_existential_expr +| @optional_evaluation_expr +| @other_initializer_ref_expr +| @overloaded_decl_ref_expr +| @property_wrapper_value_placeholder_expr +| @rebind_self_in_initializer_expr +| @sequence_expr +| @super_ref_expr +| @tap_expr +| @tuple_element_expr +| @tuple_expr +| @type_expr +| @unresolved_decl_ref_expr +| @unresolved_dot_expr +| @unresolved_member_expr +| @unresolved_pattern_expr +| @unresolved_specialize_expr +| @vararg_expansion_expr +; + +#keyset[id] +expr_types( //dir=expr + int id: @expr ref, + int type_: @type_or_none ref +); + +@any_try_expr = + @force_try_expr +| @optional_try_expr +| @try_expr +; + +#keyset[id] +any_try_exprs( //dir=expr + int id: @any_try_expr ref, + int sub_expr: @expr_or_none ref +); + +applied_property_wrapper_exprs( //dir=expr + unique int id: @applied_property_wrapper_expr, + int kind: int ref, + int value: @expr_or_none ref, + int param: @param_decl_or_none ref +); + +@apply_expr = + @binary_expr +| @call_expr +| @postfix_unary_expr +| @prefix_unary_expr +| @self_apply_expr +; + +#keyset[id] +apply_exprs( //dir=expr + int id: @apply_expr ref, + int function: @expr_or_none ref +); + +#keyset[id, index] +apply_expr_arguments( //dir=expr + int id: @apply_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +assign_exprs( //dir=expr + unique int id: @assign_expr, + int dest: @expr_or_none ref, + int source: @expr_or_none ref +); + +bind_optional_exprs( //dir=expr + unique int id: @bind_optional_expr, + int sub_expr: @expr_or_none ref +); + +capture_list_exprs( //dir=expr + unique int id: @capture_list_expr, + int closure_body: @explicit_closure_expr_or_none ref +); + +#keyset[id, index] +capture_list_expr_binding_decls( //dir=expr + int id: @capture_list_expr ref, + int index: int ref, + int binding_decl: @pattern_binding_decl_or_none ref +); + +@closure_expr = + @auto_closure_expr +| @explicit_closure_expr +; + +@collection_expr = + @array_expr +| @dictionary_expr +; + +decl_ref_exprs( //dir=expr + unique int id: @decl_ref_expr, + int decl: @decl_or_none ref +); + +#keyset[id, index] +decl_ref_expr_replacement_types( //dir=expr + int id: @decl_ref_expr ref, + int index: int ref, + int replacement_type: @type_or_none ref +); + +#keyset[id] +decl_ref_expr_has_direct_to_storage_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_ordinary_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_distributed_thunk_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +default_argument_exprs( //dir=expr + unique int id: @default_argument_expr, + int param_decl: @param_decl_or_none ref, + int param_index: int ref +); + +#keyset[id] +default_argument_expr_caller_side_defaults( //dir=expr + int id: @default_argument_expr ref, + int caller_side_default: @expr_or_none ref +); + +discard_assignment_exprs( //dir=expr + unique int id: @discard_assignment_expr +); + +dot_syntax_base_ignored_exprs( //dir=expr + unique int id: @dot_syntax_base_ignored_expr, + int qualifier: @expr_or_none ref, + int sub_expr: @expr_or_none ref +); + +dynamic_type_exprs( //dir=expr + unique int id: @dynamic_type_expr, + int base: @expr_or_none ref +); + +enum_is_case_exprs( //dir=expr + unique int id: @enum_is_case_expr, + int sub_expr: @expr_or_none ref, + int element: @enum_element_decl_or_none ref +); + +error_exprs( //dir=expr + unique int id: @error_expr +); + +@explicit_cast_expr = + @checked_cast_expr +| @coerce_expr +; + +#keyset[id] +explicit_cast_exprs( //dir=expr + int id: @explicit_cast_expr ref, + int sub_expr: @expr_or_none ref +); + +force_value_exprs( //dir=expr + unique int id: @force_value_expr, + int sub_expr: @expr_or_none ref +); + +@identity_expr = + @await_expr +| @dot_self_expr +| @paren_expr +| @unresolved_member_chain_result_expr +; + +#keyset[id] +identity_exprs( //dir=expr + int id: @identity_expr ref, + int sub_expr: @expr_or_none ref +); + +if_exprs( //dir=expr + unique int id: @if_expr, + int condition: @expr_or_none ref, + int then_expr: @expr_or_none ref, + int else_expr: @expr_or_none ref +); + +@implicit_conversion_expr = + @abi_safe_conversion_expr +| @any_hashable_erasure_expr +| @archetype_to_super_expr +| @array_to_pointer_expr +| @bridge_from_obj_c_expr +| @bridge_to_obj_c_expr +| @class_metatype_to_object_expr +| @collection_upcast_conversion_expr +| @conditional_bridge_from_obj_c_expr +| @covariant_function_conversion_expr +| @covariant_return_conversion_expr +| @derived_to_base_expr +| @destructure_tuple_expr +| @differentiable_function_expr +| @differentiable_function_extract_original_expr +| @erasure_expr +| @existential_metatype_to_object_expr +| @foreign_object_conversion_expr +| @function_conversion_expr +| @in_out_to_pointer_expr +| @inject_into_optional_expr +| @linear_function_expr +| @linear_function_extract_original_expr +| @linear_to_differentiable_function_expr +| @load_expr +| @metatype_conversion_expr +| @pointer_to_pointer_expr +| @protocol_metatype_to_object_expr +| @string_to_pointer_expr +| @underlying_to_opaque_expr +| @unevaluated_instance_expr +| @unresolved_type_conversion_expr +; + +#keyset[id] +implicit_conversion_exprs( //dir=expr + int id: @implicit_conversion_expr ref, + int sub_expr: @expr_or_none ref +); + +in_out_exprs( //dir=expr + unique int id: @in_out_expr, + int sub_expr: @expr_or_none ref +); + +key_path_application_exprs( //dir=expr + unique int id: @key_path_application_expr, + int base: @expr_or_none ref, + int key_path: @expr_or_none ref +); + +key_path_dot_exprs( //dir=expr + unique int id: @key_path_dot_expr +); + +key_path_exprs( //dir=expr + unique int id: @key_path_expr +); + +#keyset[id] +key_path_expr_roots( //dir=expr + int id: @key_path_expr ref, + int root: @type_repr_or_none ref +); + +#keyset[id, index] +key_path_expr_components( //dir=expr + int id: @key_path_expr ref, + int index: int ref, + int component: @key_path_component_or_none ref +); + +lazy_initialization_exprs( //dir=expr + unique int id: @lazy_initialization_expr, + int sub_expr: @expr_or_none ref +); + +@literal_expr = + @builtin_literal_expr +| @interpolated_string_literal_expr +| @nil_literal_expr +| @object_literal_expr +| @regex_literal_expr +; + +@lookup_expr = + @dynamic_lookup_expr +| @member_ref_expr +| @subscript_expr +; + +#keyset[id] +lookup_exprs( //dir=expr + int id: @lookup_expr ref, + int base: @expr_or_none ref +); + +#keyset[id] +lookup_expr_members( //dir=expr + int id: @lookup_expr ref, + int member: @decl_or_none ref +); + +make_temporarily_escapable_exprs( //dir=expr + unique int id: @make_temporarily_escapable_expr, + int escaping_closure: @opaque_value_expr_or_none ref, + int nonescaping_closure: @expr_or_none ref, + int sub_expr: @expr_or_none ref +); + +obj_c_selector_exprs( //dir=expr + unique int id: @obj_c_selector_expr, + int sub_expr: @expr_or_none ref, + int method: @function_or_none ref +); + +one_way_exprs( //dir=expr + unique int id: @one_way_expr, + int sub_expr: @expr_or_none ref +); + +opaque_value_exprs( //dir=expr + unique int id: @opaque_value_expr +); + +open_existential_exprs( //dir=expr + unique int id: @open_existential_expr, + int sub_expr: @expr_or_none ref, + int existential: @expr_or_none ref, + int opaque_expr: @opaque_value_expr_or_none ref +); + +optional_evaluation_exprs( //dir=expr + unique int id: @optional_evaluation_expr, + int sub_expr: @expr_or_none ref +); + +other_initializer_ref_exprs( //dir=expr + unique int id: @other_initializer_ref_expr, + int initializer: @initializer_or_none ref +); + +overloaded_decl_ref_exprs( //dir=expr + unique int id: @overloaded_decl_ref_expr +); + +#keyset[id, index] +overloaded_decl_ref_expr_possible_declarations( //dir=expr + int id: @overloaded_decl_ref_expr ref, + int index: int ref, + int possible_declaration: @value_decl_or_none ref +); + +property_wrapper_value_placeholder_exprs( //dir=expr + unique int id: @property_wrapper_value_placeholder_expr, + int placeholder: @opaque_value_expr_or_none ref +); + +#keyset[id] +property_wrapper_value_placeholder_expr_wrapped_values( //dir=expr + int id: @property_wrapper_value_placeholder_expr ref, + int wrapped_value: @expr_or_none ref +); + +rebind_self_in_initializer_exprs( //dir=expr + unique int id: @rebind_self_in_initializer_expr, + int sub_expr: @expr_or_none ref, + int self: @var_decl_or_none ref +); + +sequence_exprs( //dir=expr + unique int id: @sequence_expr +); + +#keyset[id, index] +sequence_expr_elements( //dir=expr + int id: @sequence_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +super_ref_exprs( //dir=expr + unique int id: @super_ref_expr, + int self: @var_decl_or_none ref +); + +tap_exprs( //dir=expr + unique int id: @tap_expr, + int body: @brace_stmt_or_none ref, + int var: @var_decl_or_none ref +); + +#keyset[id] +tap_expr_sub_exprs( //dir=expr + int id: @tap_expr ref, + int sub_expr: @expr_or_none ref +); + +tuple_element_exprs( //dir=expr + unique int id: @tuple_element_expr, + int sub_expr: @expr_or_none ref, + int index: int ref +); + +tuple_exprs( //dir=expr + unique int id: @tuple_expr +); + +#keyset[id, index] +tuple_expr_elements( //dir=expr + int id: @tuple_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +type_exprs( //dir=expr + unique int id: @type_expr +); + +#keyset[id] +type_expr_type_reprs( //dir=expr + int id: @type_expr ref, + int type_repr: @type_repr_or_none ref +); + +unresolved_decl_ref_exprs( //dir=expr + unique int id: @unresolved_decl_ref_expr +); + +#keyset[id] +unresolved_decl_ref_expr_names( //dir=expr + int id: @unresolved_decl_ref_expr ref, + string name: string ref +); + +unresolved_dot_exprs( //dir=expr + unique int id: @unresolved_dot_expr, + int base: @expr_or_none ref, + string name: string ref +); + +unresolved_member_exprs( //dir=expr + unique int id: @unresolved_member_expr, + string name: string ref +); + +unresolved_pattern_exprs( //dir=expr + unique int id: @unresolved_pattern_expr, + int sub_pattern: @pattern_or_none ref +); + +unresolved_specialize_exprs( //dir=expr + unique int id: @unresolved_specialize_expr, + int sub_expr: @expr_or_none ref +); + +vararg_expansion_exprs( //dir=expr + unique int id: @vararg_expansion_expr, + int sub_expr: @expr_or_none ref +); + +abi_safe_conversion_exprs( //dir=expr + unique int id: @abi_safe_conversion_expr +); + +any_hashable_erasure_exprs( //dir=expr + unique int id: @any_hashable_erasure_expr +); + +archetype_to_super_exprs( //dir=expr + unique int id: @archetype_to_super_expr +); + +array_exprs( //dir=expr + unique int id: @array_expr +); + +#keyset[id, index] +array_expr_elements( //dir=expr + int id: @array_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +array_to_pointer_exprs( //dir=expr + unique int id: @array_to_pointer_expr +); + +auto_closure_exprs( //dir=expr + unique int id: @auto_closure_expr +); + +await_exprs( //dir=expr + unique int id: @await_expr +); + +binary_exprs( //dir=expr + unique int id: @binary_expr +); + +bridge_from_obj_c_exprs( //dir=expr + unique int id: @bridge_from_obj_c_expr +); + +bridge_to_obj_c_exprs( //dir=expr + unique int id: @bridge_to_obj_c_expr +); + +@builtin_literal_expr = + @boolean_literal_expr +| @magic_identifier_literal_expr +| @number_literal_expr +| @string_literal_expr +; + +call_exprs( //dir=expr + unique int id: @call_expr +); + +@checked_cast_expr = + @conditional_checked_cast_expr +| @forced_checked_cast_expr +| @is_expr +; + +class_metatype_to_object_exprs( //dir=expr + unique int id: @class_metatype_to_object_expr +); + +coerce_exprs( //dir=expr + unique int id: @coerce_expr +); + +collection_upcast_conversion_exprs( //dir=expr + unique int id: @collection_upcast_conversion_expr +); + +conditional_bridge_from_obj_c_exprs( //dir=expr + unique int id: @conditional_bridge_from_obj_c_expr +); + +covariant_function_conversion_exprs( //dir=expr + unique int id: @covariant_function_conversion_expr +); + +covariant_return_conversion_exprs( //dir=expr + unique int id: @covariant_return_conversion_expr +); + +derived_to_base_exprs( //dir=expr + unique int id: @derived_to_base_expr +); + +destructure_tuple_exprs( //dir=expr + unique int id: @destructure_tuple_expr +); + +dictionary_exprs( //dir=expr + unique int id: @dictionary_expr +); + +#keyset[id, index] +dictionary_expr_elements( //dir=expr + int id: @dictionary_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +differentiable_function_exprs( //dir=expr + unique int id: @differentiable_function_expr +); + +differentiable_function_extract_original_exprs( //dir=expr + unique int id: @differentiable_function_extract_original_expr +); + +dot_self_exprs( //dir=expr + unique int id: @dot_self_expr +); + +@dynamic_lookup_expr = + @dynamic_member_ref_expr +| @dynamic_subscript_expr +; + +erasure_exprs( //dir=expr + unique int id: @erasure_expr +); + +existential_metatype_to_object_exprs( //dir=expr + unique int id: @existential_metatype_to_object_expr +); + +explicit_closure_exprs( //dir=expr + unique int id: @explicit_closure_expr +); + +force_try_exprs( //dir=expr + unique int id: @force_try_expr +); + +foreign_object_conversion_exprs( //dir=expr + unique int id: @foreign_object_conversion_expr +); + +function_conversion_exprs( //dir=expr + unique int id: @function_conversion_expr +); + +in_out_to_pointer_exprs( //dir=expr + unique int id: @in_out_to_pointer_expr +); + +inject_into_optional_exprs( //dir=expr + unique int id: @inject_into_optional_expr +); + +interpolated_string_literal_exprs( //dir=expr + unique int id: @interpolated_string_literal_expr +); + +#keyset[id] +interpolated_string_literal_expr_interpolation_exprs( //dir=expr + int id: @interpolated_string_literal_expr ref, + int interpolation_expr: @opaque_value_expr_or_none ref +); + +#keyset[id] +interpolated_string_literal_expr_interpolation_count_exprs( //dir=expr + int id: @interpolated_string_literal_expr ref, + int interpolation_count_expr: @expr_or_none ref +); + +#keyset[id] +interpolated_string_literal_expr_literal_capacity_exprs( //dir=expr + int id: @interpolated_string_literal_expr ref, + int literal_capacity_expr: @expr_or_none ref +); + +#keyset[id] +interpolated_string_literal_expr_appending_exprs( //dir=expr + int id: @interpolated_string_literal_expr ref, + int appending_expr: @tap_expr_or_none ref +); + +linear_function_exprs( //dir=expr + unique int id: @linear_function_expr +); + +linear_function_extract_original_exprs( //dir=expr + unique int id: @linear_function_extract_original_expr +); + +linear_to_differentiable_function_exprs( //dir=expr + unique int id: @linear_to_differentiable_function_expr +); + +load_exprs( //dir=expr + unique int id: @load_expr +); + +member_ref_exprs( //dir=expr + unique int id: @member_ref_expr +); + +#keyset[id] +member_ref_expr_has_direct_to_storage_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_ordinary_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_distributed_thunk_semantics( //dir=expr + int id: @member_ref_expr ref +); + +metatype_conversion_exprs( //dir=expr + unique int id: @metatype_conversion_expr +); + +nil_literal_exprs( //dir=expr + unique int id: @nil_literal_expr +); + +object_literal_exprs( //dir=expr + unique int id: @object_literal_expr, + int kind: int ref +); + +#keyset[id, index] +object_literal_expr_arguments( //dir=expr + int id: @object_literal_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +optional_try_exprs( //dir=expr + unique int id: @optional_try_expr +); + +paren_exprs( //dir=expr + unique int id: @paren_expr +); + +pointer_to_pointer_exprs( //dir=expr + unique int id: @pointer_to_pointer_expr +); + +postfix_unary_exprs( //dir=expr + unique int id: @postfix_unary_expr +); + +prefix_unary_exprs( //dir=expr + unique int id: @prefix_unary_expr +); + +protocol_metatype_to_object_exprs( //dir=expr + unique int id: @protocol_metatype_to_object_expr +); + +regex_literal_exprs( //dir=expr + unique int id: @regex_literal_expr, + string pattern: string ref, + int version: int ref +); + +@self_apply_expr = + @dot_syntax_call_expr +| @initializer_ref_call_expr +; + +#keyset[id] +self_apply_exprs( //dir=expr + int id: @self_apply_expr ref, + int base: @expr_or_none ref +); + +string_to_pointer_exprs( //dir=expr + unique int id: @string_to_pointer_expr +); + +subscript_exprs( //dir=expr + unique int id: @subscript_expr +); + +#keyset[id, index] +subscript_expr_arguments( //dir=expr + int id: @subscript_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +#keyset[id] +subscript_expr_has_direct_to_storage_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_ordinary_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_distributed_thunk_semantics( //dir=expr + int id: @subscript_expr ref +); + +try_exprs( //dir=expr + unique int id: @try_expr +); + +underlying_to_opaque_exprs( //dir=expr + unique int id: @underlying_to_opaque_expr +); + +unevaluated_instance_exprs( //dir=expr + unique int id: @unevaluated_instance_expr +); + +unresolved_member_chain_result_exprs( //dir=expr + unique int id: @unresolved_member_chain_result_expr +); + +unresolved_type_conversion_exprs( //dir=expr + unique int id: @unresolved_type_conversion_expr +); + +boolean_literal_exprs( //dir=expr + unique int id: @boolean_literal_expr, + boolean value: boolean ref +); + +conditional_checked_cast_exprs( //dir=expr + unique int id: @conditional_checked_cast_expr +); + +dot_syntax_call_exprs( //dir=expr + unique int id: @dot_syntax_call_expr +); + +dynamic_member_ref_exprs( //dir=expr + unique int id: @dynamic_member_ref_expr +); + +dynamic_subscript_exprs( //dir=expr + unique int id: @dynamic_subscript_expr +); + +forced_checked_cast_exprs( //dir=expr + unique int id: @forced_checked_cast_expr +); + +initializer_ref_call_exprs( //dir=expr + unique int id: @initializer_ref_call_expr +); + +is_exprs( //dir=expr + unique int id: @is_expr +); + +magic_identifier_literal_exprs( //dir=expr + unique int id: @magic_identifier_literal_expr, + string kind: string ref +); + +@number_literal_expr = + @float_literal_expr +| @integer_literal_expr +; + +string_literal_exprs( //dir=expr + unique int id: @string_literal_expr, + string value: string ref +); + +float_literal_exprs( //dir=expr + unique int id: @float_literal_expr, + string string_value: string ref +); + +integer_literal_exprs( //dir=expr + unique int id: @integer_literal_expr, + string string_value: string ref +); + +@pattern = + @any_pattern +| @binding_pattern +| @bool_pattern +| @enum_element_pattern +| @expr_pattern +| @is_pattern +| @named_pattern +| @optional_some_pattern +| @paren_pattern +| @tuple_pattern +| @typed_pattern +; + +any_patterns( //dir=pattern + unique int id: @any_pattern +); + +binding_patterns( //dir=pattern + unique int id: @binding_pattern, + int sub_pattern: @pattern_or_none ref +); + +bool_patterns( //dir=pattern + unique int id: @bool_pattern, + boolean value: boolean ref +); + +enum_element_patterns( //dir=pattern + unique int id: @enum_element_pattern, + int element: @enum_element_decl_or_none ref +); + +#keyset[id] +enum_element_pattern_sub_patterns( //dir=pattern + int id: @enum_element_pattern ref, + int sub_pattern: @pattern_or_none ref +); + +expr_patterns( //dir=pattern + unique int id: @expr_pattern, + int sub_expr: @expr_or_none ref +); + +is_patterns( //dir=pattern + unique int id: @is_pattern +); + +#keyset[id] +is_pattern_cast_type_reprs( //dir=pattern + int id: @is_pattern ref, + int cast_type_repr: @type_repr_or_none ref +); + +#keyset[id] +is_pattern_sub_patterns( //dir=pattern + int id: @is_pattern ref, + int sub_pattern: @pattern_or_none ref +); + +named_patterns( //dir=pattern + unique int id: @named_pattern, + string name: string ref +); + +optional_some_patterns( //dir=pattern + unique int id: @optional_some_pattern, + int sub_pattern: @pattern_or_none ref +); + +paren_patterns( //dir=pattern + unique int id: @paren_pattern, + int sub_pattern: @pattern_or_none ref +); + +tuple_patterns( //dir=pattern + unique int id: @tuple_pattern +); + +#keyset[id, index] +tuple_pattern_elements( //dir=pattern + int id: @tuple_pattern ref, + int index: int ref, + int element: @pattern_or_none ref +); + +typed_patterns( //dir=pattern + unique int id: @typed_pattern, + int sub_pattern: @pattern_or_none ref +); + +#keyset[id] +typed_pattern_type_reprs( //dir=pattern + int id: @typed_pattern ref, + int type_repr: @type_repr_or_none ref +); + +case_label_items( //dir=stmt + unique int id: @case_label_item, + int pattern: @pattern_or_none ref +); + +#keyset[id] +case_label_item_guards( //dir=stmt + int id: @case_label_item ref, + int guard: @expr_or_none ref +); + +condition_elements( //dir=stmt + unique int id: @condition_element +); + +#keyset[id] +condition_element_booleans( //dir=stmt + int id: @condition_element ref, + int boolean_: @expr_or_none ref +); + +#keyset[id] +condition_element_patterns( //dir=stmt + int id: @condition_element ref, + int pattern: @pattern_or_none ref +); + +#keyset[id] +condition_element_initializers( //dir=stmt + int id: @condition_element ref, + int initializer: @expr_or_none ref +); + +#keyset[id] +condition_element_availabilities( //dir=stmt + int id: @condition_element ref, + int availability: @availability_info_or_none ref +); + +@stmt = + @brace_stmt +| @break_stmt +| @case_stmt +| @continue_stmt +| @defer_stmt +| @fail_stmt +| @fallthrough_stmt +| @labeled_stmt +| @pound_assert_stmt +| @return_stmt +| @throw_stmt +| @yield_stmt +; + +stmt_conditions( //dir=stmt + unique int id: @stmt_condition +); + +#keyset[id, index] +stmt_condition_elements( //dir=stmt + int id: @stmt_condition ref, + int index: int ref, + int element: @condition_element_or_none ref +); + +brace_stmts( //dir=stmt + unique int id: @brace_stmt +); + +#keyset[id, index] +brace_stmt_elements( //dir=stmt + int id: @brace_stmt ref, + int index: int ref, + int element: @ast_node_or_none ref +); + +break_stmts( //dir=stmt + unique int id: @break_stmt +); + +#keyset[id] +break_stmt_target_names( //dir=stmt + int id: @break_stmt ref, + string target_name: string ref +); + +#keyset[id] +break_stmt_targets( //dir=stmt + int id: @break_stmt ref, + int target: @stmt_or_none ref +); + +case_stmts( //dir=stmt + unique int id: @case_stmt, + int body: @stmt_or_none ref +); + +#keyset[id, index] +case_stmt_labels( //dir=stmt + int id: @case_stmt ref, + int index: int ref, + int label: @case_label_item_or_none ref +); + +#keyset[id, index] +case_stmt_variables( //dir=stmt + int id: @case_stmt ref, + int index: int ref, + int variable: @var_decl_or_none ref +); + +continue_stmts( //dir=stmt + unique int id: @continue_stmt +); + +#keyset[id] +continue_stmt_target_names( //dir=stmt + int id: @continue_stmt ref, + string target_name: string ref +); + +#keyset[id] +continue_stmt_targets( //dir=stmt + int id: @continue_stmt ref, + int target: @stmt_or_none ref +); + +defer_stmts( //dir=stmt + unique int id: @defer_stmt, + int body: @brace_stmt_or_none ref +); + +fail_stmts( //dir=stmt + unique int id: @fail_stmt +); + +fallthrough_stmts( //dir=stmt + unique int id: @fallthrough_stmt, + int fallthrough_source: @case_stmt_or_none ref, + int fallthrough_dest: @case_stmt_or_none ref +); + +@labeled_stmt = + @do_catch_stmt +| @do_stmt +| @for_each_stmt +| @labeled_conditional_stmt +| @repeat_while_stmt +| @switch_stmt +; + +#keyset[id] +labeled_stmt_labels( //dir=stmt + int id: @labeled_stmt ref, + string label: string ref +); + +pound_assert_stmts( //dir=stmt + unique int id: @pound_assert_stmt, + int condition: @expr_or_none ref, + string message: string ref +); + +return_stmts( //dir=stmt + unique int id: @return_stmt +); + +#keyset[id] +return_stmt_results( //dir=stmt + int id: @return_stmt ref, + int result: @expr_or_none ref +); + +throw_stmts( //dir=stmt + unique int id: @throw_stmt, + int sub_expr: @expr_or_none ref +); + +yield_stmts( //dir=stmt + unique int id: @yield_stmt +); + +#keyset[id, index] +yield_stmt_results( //dir=stmt + int id: @yield_stmt ref, + int index: int ref, + int result: @expr_or_none ref +); + +do_catch_stmts( //dir=stmt + unique int id: @do_catch_stmt, + int body: @stmt_or_none ref +); + +#keyset[id, index] +do_catch_stmt_catches( //dir=stmt + int id: @do_catch_stmt ref, + int index: int ref, + int catch: @case_stmt_or_none ref +); + +do_stmts( //dir=stmt + unique int id: @do_stmt, + int body: @brace_stmt_or_none ref +); + +for_each_stmts( //dir=stmt + unique int id: @for_each_stmt, + int pattern: @pattern_or_none ref, + int sequence: @expr_or_none ref, + int body: @brace_stmt_or_none ref +); + +#keyset[id] +for_each_stmt_wheres( //dir=stmt + int id: @for_each_stmt ref, + int where: @expr_or_none ref +); + +@labeled_conditional_stmt = + @guard_stmt +| @if_stmt +| @while_stmt +; + +#keyset[id] +labeled_conditional_stmts( //dir=stmt + int id: @labeled_conditional_stmt ref, + int condition: @stmt_condition_or_none ref +); + +repeat_while_stmts( //dir=stmt + unique int id: @repeat_while_stmt, + int condition: @expr_or_none ref, + int body: @stmt_or_none ref +); + +switch_stmts( //dir=stmt + unique int id: @switch_stmt, + int expr: @expr_or_none ref +); + +#keyset[id, index] +switch_stmt_cases( //dir=stmt + int id: @switch_stmt ref, + int index: int ref, + int case_: @case_stmt_or_none ref +); + +guard_stmts( //dir=stmt + unique int id: @guard_stmt, + int body: @brace_stmt_or_none ref +); + +if_stmts( //dir=stmt + unique int id: @if_stmt, + int then: @stmt_or_none ref +); + +#keyset[id] +if_stmt_elses( //dir=stmt + int id: @if_stmt ref, + int else: @stmt_or_none ref +); + +while_stmts( //dir=stmt + unique int id: @while_stmt, + int body: @stmt_or_none ref +); + +@type = + @any_function_type +| @any_generic_type +| @any_metatype_type +| @builtin_type +| @dependent_member_type +| @dynamic_self_type +| @error_type +| @existential_type +| @in_out_type +| @l_value_type +| @module_type +| @parameterized_protocol_type +| @protocol_composition_type +| @reference_storage_type +| @substitutable_type +| @sugar_type +| @tuple_type +| @unresolved_type +; + +#keyset[id] +types( //dir=type + int id: @type ref, + string name: string ref, + int canonical_type: @type_or_none ref +); + +type_reprs( //dir=type + unique int id: @type_repr, + int type_: @type_or_none ref +); + +@any_function_type = + @function_type +| @generic_function_type +; + +#keyset[id] +any_function_types( //dir=type + int id: @any_function_type ref, + int result: @type_or_none ref +); + +#keyset[id, index] +any_function_type_param_types( //dir=type + int id: @any_function_type ref, + int index: int ref, + int param_type: @type_or_none ref +); + +#keyset[id] +any_function_type_is_throwing( //dir=type + int id: @any_function_type ref +); + +#keyset[id] +any_function_type_is_async( //dir=type + int id: @any_function_type ref +); + +@any_generic_type = + @nominal_or_bound_generic_nominal_type +| @unbound_generic_type +; + +#keyset[id] +any_generic_types( //dir=type + int id: @any_generic_type ref, + int declaration: @generic_type_decl_or_none ref +); + +#keyset[id] +any_generic_type_parents( //dir=type + int id: @any_generic_type ref, + int parent: @type_or_none ref +); + +@any_metatype_type = + @existential_metatype_type +| @metatype_type +; + +@builtin_type = + @any_builtin_integer_type +| @builtin_bridge_object_type +| @builtin_default_actor_storage_type +| @builtin_executor_type +| @builtin_float_type +| @builtin_job_type +| @builtin_native_object_type +| @builtin_raw_pointer_type +| @builtin_raw_unsafe_continuation_type +| @builtin_unsafe_value_buffer_type +| @builtin_vector_type +; + +dependent_member_types( //dir=type + unique int id: @dependent_member_type, + int base_type: @type_or_none ref, + int associated_type_decl: @associated_type_decl_or_none ref +); + +dynamic_self_types( //dir=type + unique int id: @dynamic_self_type, + int static_self_type: @type_or_none ref +); + +error_types( //dir=type + unique int id: @error_type +); + +existential_types( //dir=type + unique int id: @existential_type, + int constraint: @type_or_none ref +); + +in_out_types( //dir=type + unique int id: @in_out_type, + int object_type: @type_or_none ref +); + +l_value_types( //dir=type + unique int id: @l_value_type, + int object_type: @type_or_none ref +); + +module_types( //dir=type + unique int id: @module_type, + int module: @module_decl_or_none ref +); + +parameterized_protocol_types( //dir=type + unique int id: @parameterized_protocol_type, + int base: @protocol_type_or_none ref +); + +#keyset[id, index] +parameterized_protocol_type_args( //dir=type + int id: @parameterized_protocol_type ref, + int index: int ref, + int arg: @type_or_none ref +); + +protocol_composition_types( //dir=type + unique int id: @protocol_composition_type +); + +#keyset[id, index] +protocol_composition_type_members( //dir=type + int id: @protocol_composition_type ref, + int index: int ref, + int member: @type_or_none ref +); + +@reference_storage_type = + @unmanaged_storage_type +| @unowned_storage_type +| @weak_storage_type +; + +#keyset[id] +reference_storage_types( //dir=type + int id: @reference_storage_type ref, + int referent_type: @type_or_none ref +); + +@substitutable_type = + @archetype_type +| @generic_type_param_type +; + +@sugar_type = + @paren_type +| @syntax_sugar_type +| @type_alias_type +; + +tuple_types( //dir=type + unique int id: @tuple_type +); + +#keyset[id, index] +tuple_type_types( //dir=type + int id: @tuple_type ref, + int index: int ref, + int type_: @type_or_none ref +); + +#keyset[id, index] +tuple_type_names( //dir=type + int id: @tuple_type ref, + int index: int ref, + string name: string ref +); + +unresolved_types( //dir=type + unique int id: @unresolved_type +); + +@any_builtin_integer_type = + @builtin_integer_literal_type +| @builtin_integer_type +; + +@archetype_type = + @opaque_type_archetype_type +| @opened_archetype_type +| @primary_archetype_type +; + +#keyset[id] +archetype_types( //dir=type + int id: @archetype_type ref, + int interface_type: @type_or_none ref +); + +#keyset[id] +archetype_type_superclasses( //dir=type + int id: @archetype_type ref, + int superclass: @type_or_none ref +); + +#keyset[id, index] +archetype_type_protocols( //dir=type + int id: @archetype_type ref, + int index: int ref, + int protocol: @protocol_decl_or_none ref +); + +builtin_bridge_object_types( //dir=type + unique int id: @builtin_bridge_object_type +); + +builtin_default_actor_storage_types( //dir=type + unique int id: @builtin_default_actor_storage_type +); + +builtin_executor_types( //dir=type + unique int id: @builtin_executor_type +); + +builtin_float_types( //dir=type + unique int id: @builtin_float_type +); + +builtin_job_types( //dir=type + unique int id: @builtin_job_type +); + +builtin_native_object_types( //dir=type + unique int id: @builtin_native_object_type +); + +builtin_raw_pointer_types( //dir=type + unique int id: @builtin_raw_pointer_type +); + +builtin_raw_unsafe_continuation_types( //dir=type + unique int id: @builtin_raw_unsafe_continuation_type +); + +builtin_unsafe_value_buffer_types( //dir=type + unique int id: @builtin_unsafe_value_buffer_type +); + +builtin_vector_types( //dir=type + unique int id: @builtin_vector_type +); + +existential_metatype_types( //dir=type + unique int id: @existential_metatype_type +); + +function_types( //dir=type + unique int id: @function_type +); + +generic_function_types( //dir=type + unique int id: @generic_function_type +); + +#keyset[id, index] +generic_function_type_generic_params( //dir=type + int id: @generic_function_type ref, + int index: int ref, + int generic_param: @generic_type_param_type_or_none ref +); + +generic_type_param_types( //dir=type + unique int id: @generic_type_param_type +); + +metatype_types( //dir=type + unique int id: @metatype_type +); + +@nominal_or_bound_generic_nominal_type = + @bound_generic_type +| @nominal_type +; + +paren_types( //dir=type + unique int id: @paren_type, + int type_: @type_or_none ref +); + +@syntax_sugar_type = + @dictionary_type +| @unary_syntax_sugar_type +; + +type_alias_types( //dir=type + unique int id: @type_alias_type, + int decl: @type_alias_decl_or_none ref +); + +unbound_generic_types( //dir=type + unique int id: @unbound_generic_type +); + +unmanaged_storage_types( //dir=type + unique int id: @unmanaged_storage_type +); + +unowned_storage_types( //dir=type + unique int id: @unowned_storage_type +); + +weak_storage_types( //dir=type + unique int id: @weak_storage_type +); + +@bound_generic_type = + @bound_generic_class_type +| @bound_generic_enum_type +| @bound_generic_struct_type +; + +#keyset[id, index] +bound_generic_type_arg_types( //dir=type + int id: @bound_generic_type ref, + int index: int ref, + int arg_type: @type_or_none ref +); + +builtin_integer_literal_types( //dir=type + unique int id: @builtin_integer_literal_type +); + +builtin_integer_types( //dir=type + unique int id: @builtin_integer_type +); + +#keyset[id] +builtin_integer_type_widths( //dir=type + int id: @builtin_integer_type ref, + int width: int ref +); + +dictionary_types( //dir=type + unique int id: @dictionary_type, + int key_type: @type_or_none ref, + int value_type: @type_or_none ref +); + +@nominal_type = + @class_type +| @enum_type +| @protocol_type +| @struct_type +; + +opaque_type_archetype_types( //dir=type + unique int id: @opaque_type_archetype_type, + int declaration: @opaque_type_decl_or_none ref +); + +opened_archetype_types( //dir=type + unique int id: @opened_archetype_type +); + +primary_archetype_types( //dir=type + unique int id: @primary_archetype_type +); + +@unary_syntax_sugar_type = + @array_slice_type +| @optional_type +| @variadic_sequence_type +; + +#keyset[id] +unary_syntax_sugar_types( //dir=type + int id: @unary_syntax_sugar_type ref, + int base_type: @type_or_none ref +); + +array_slice_types( //dir=type + unique int id: @array_slice_type +); + +bound_generic_class_types( //dir=type + unique int id: @bound_generic_class_type +); + +bound_generic_enum_types( //dir=type + unique int id: @bound_generic_enum_type +); + +bound_generic_struct_types( //dir=type + unique int id: @bound_generic_struct_type +); + +class_types( //dir=type + unique int id: @class_type +); + +enum_types( //dir=type + unique int id: @enum_type +); + +optional_types( //dir=type + unique int id: @optional_type +); + +protocol_types( //dir=type + unique int id: @protocol_type +); + +struct_types( //dir=type + unique int id: @struct_type +); + +variadic_sequence_types( //dir=type + unique int id: @variadic_sequence_type +); + +@accessor_or_none = + @accessor +| @unspecified_element +; + +@argument_or_none = + @argument +| @unspecified_element +; + +@associated_type_decl_or_none = + @associated_type_decl +| @unspecified_element +; + +@ast_node_or_none = + @ast_node +| @unspecified_element +; + +@availability_info_or_none = + @availability_info +| @unspecified_element +; + +@availability_spec_or_none = + @availability_spec +| @unspecified_element +; + +@brace_stmt_or_none = + @brace_stmt +| @unspecified_element +; + +@captured_decl_or_none = + @captured_decl +| @unspecified_element +; + +@case_label_item_or_none = + @case_label_item +| @unspecified_element +; + +@case_stmt_or_none = + @case_stmt +| @unspecified_element +; + +@condition_element_or_none = + @condition_element +| @unspecified_element +; + +@decl_or_none = + @decl +| @unspecified_element +; + +@enum_element_decl_or_none = + @enum_element_decl +| @unspecified_element +; + +@explicit_closure_expr_or_none = + @explicit_closure_expr +| @unspecified_element +; + +@expr_or_none = + @expr +| @unspecified_element +; + +@file_or_none = + @file +| @unspecified_element +; + +@function_or_none = + @function +| @unspecified_element +; + +@generic_type_decl_or_none = + @generic_type_decl +| @unspecified_element +; + +@generic_type_param_decl_or_none = + @generic_type_param_decl +| @unspecified_element +; + +@generic_type_param_type_or_none = + @generic_type_param_type +| @unspecified_element +; + +@initializer_or_none = + @initializer +| @unspecified_element +; + +@key_path_component_or_none = + @key_path_component +| @unspecified_element +; + +@location_or_none = + @location +| @unspecified_element +; + +@module_decl_or_none = + @module_decl +| @unspecified_element +; + +@nominal_type_decl_or_none = + @nominal_type_decl +| @unspecified_element +; + +@opaque_type_decl_or_none = + @opaque_type_decl +| @unspecified_element +; + +@opaque_value_expr_or_none = + @opaque_value_expr +| @unspecified_element +; + +@param_decl_or_none = + @param_decl +| @unspecified_element +; + +@pattern_or_none = + @pattern +| @unspecified_element +; + +@pattern_binding_decl_or_none = + @pattern_binding_decl +| @unspecified_element +; + +@precedence_group_decl_or_none = + @precedence_group_decl +| @unspecified_element +; + +@protocol_decl_or_none = + @protocol_decl +| @unspecified_element +; + +@protocol_type_or_none = + @protocol_type +| @unspecified_element +; + +@stmt_or_none = + @stmt +| @unspecified_element +; + +@stmt_condition_or_none = + @stmt_condition +| @unspecified_element +; + +@string_literal_expr_or_none = + @string_literal_expr +| @unspecified_element +; + +@tap_expr_or_none = + @tap_expr +| @unspecified_element +; + +@type_or_none = + @type +| @unspecified_element +; + +@type_alias_decl_or_none = + @type_alias_decl +| @unspecified_element +; + +@type_repr_or_none = + @type_repr +| @unspecified_element +; + +@value_decl_or_none = + @unspecified_element +| @value_decl +; + +@var_decl_or_none = + @unspecified_element +| @var_decl +; diff --git a/swift/downgrades/44e36e15e90bc1535964d9b86b3cd06a8b0d26e3/upgrade.properties b/swift/downgrades/44e36e15e90bc1535964d9b86b3cd06a8b0d26e3/upgrade.properties new file mode 100644 index 00000000000..2a0d022be0c --- /dev/null +++ b/swift/downgrades/44e36e15e90bc1535964d9b86b3cd06a8b0d26e3/upgrade.properties @@ -0,0 +1,2 @@ +description: Revert removing `getInterpolationCountExpr` and `getLiteralCapacityExpr` from `InterpolatedStringLiteralExpr` +compatibility: full diff --git a/swift/extractor/translators/ExprTranslator.cpp b/swift/extractor/translators/ExprTranslator.cpp index 9c24dfb823b..6939415913b 100644 --- a/swift/extractor/translators/ExprTranslator.cpp +++ b/swift/extractor/translators/ExprTranslator.cpp @@ -61,10 +61,6 @@ codeql::InterpolatedStringLiteralExpr ExprTranslator::translateInterpolatedStrin const swift::InterpolatedStringLiteralExpr& expr) { auto entry = createExprEntry(expr); entry.interpolation_expr = dispatcher.fetchOptionalLabel(expr.getInterpolationExpr()); - // TODO we should be extracting getInterpolationCount and getLiteralCapacity directly to ints - // these expressions here are just an internal thing, the ints are actually directly available - entry.interpolation_count_expr = dispatcher.fetchOptionalLabel(expr.getInterpolationCountExpr()); - entry.literal_capacity_expr = dispatcher.fetchOptionalLabel(expr.getLiteralCapacityExpr()); entry.appending_expr = dispatcher.fetchOptionalLabel(expr.getAppendingExpr()); return entry; } diff --git a/swift/ql/.generated.list b/swift/ql/.generated.list index a28e6ba533b..d43696f7c23 100644 --- a/swift/ql/.generated.list +++ b/swift/ql/.generated.list @@ -381,10 +381,10 @@ lib/codeql/swift/generated/KeyPathComponent.qll 00b1e586b8532f0193b3f61111e70d4e lib/codeql/swift/generated/Locatable.qll bfdf2dafae2829cac8d1e863a93676228d131b5a7f3df87c40d2f3b1839962b8 af243098af0955a40862387edf7526826fde62a64e5e6ca28de9e9603a8622bf lib/codeql/swift/generated/Location.qll 921922352d39449067d9f2788309b5f3490091097ffe35e6aa98f9368626ce2c 0795c63565c4308e745400bc70ea73675160201590a95bb418de4e2ebca32764 lib/codeql/swift/generated/OtherAvailabilitySpec.qll 0e26a203b26ff0581b7396b0c6d1606feec5cc32477f676585cdec4911af91c5 0e26a203b26ff0581b7396b0c6d1606feec5cc32477f676585cdec4911af91c5 -lib/codeql/swift/generated/ParentChild.qll f490202e849b9cbd550ee9d758644b85d43e60d81413e6c28df2850fb1e9a2d6 6b95aeab6b53a880b230ad0c96b6deb519a7368898c844632ae96090de59df99 +lib/codeql/swift/generated/ParentChild.qll 3808a52565a4abb8ce878fb4aad09e8fb0e860d6379bb86897d0e0282389919c 408c7e6332dccfc98398f04ecbd54af8e0754d466ad7ca4d404b029c7f5bde49 lib/codeql/swift/generated/PlatformVersionAvailabilitySpec.qll f82d9ca416fe8bd59b5531b65b1c74c9f317b3297a6101544a11339a1cffce38 7f5c6d3309e66c134107afe55bae76dfc9a72cb7cdd6d4c3706b6b34cee09fa0 lib/codeql/swift/generated/PureSynthConstructors.qll 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 -lib/codeql/swift/generated/Raw.qll 8d4880e5ee1fdd120adeb7bf0dfa1399e7b1a53b2cc7598aed8e15cbf996d1c0 da0d446347d29f5cd05281c17c24e87610f31c32adb7e05ab8f3a26bed55bd90 +lib/codeql/swift/generated/Raw.qll 062d062fada3e3f1b6af04cda724f8204de6b66bbca53d233e9b4d96df7a5c99 3c1e70b5ec4c576c92979b04d6d3ee59159b050c16c47f93463cba28f40ca906 lib/codeql/swift/generated/Synth.qll 551fdf7e4b53f9ee1314d1bb42c2638cf82f45bfa1f40a635dfa7b6072e4418c 9ab178464700a19951fc5285acacda4913addee81515d8e072b3d7055935a814 lib/codeql/swift/generated/SynthConstructors.qll 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 lib/codeql/swift/generated/UnknownFile.qll 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 @@ -498,7 +498,7 @@ lib/codeql/swift/generated/expr/InOutToPointerExpr.qll 4b9ceffe43f192fac0c428d66 lib/codeql/swift/generated/expr/InitializerRefCallExpr.qll 4556d49d78566ad70a5e784a6db4897dc78ef1f30e67f0052dbb070eca8350f0 4556d49d78566ad70a5e784a6db4897dc78ef1f30e67f0052dbb070eca8350f0 lib/codeql/swift/generated/expr/InjectIntoOptionalExpr.qll b6fafb589901d73e94eb9bb0f5e87b54378d06ccc04c51a9f4c8003d1f23ead6 b6fafb589901d73e94eb9bb0f5e87b54378d06ccc04c51a9f4c8003d1f23ead6 lib/codeql/swift/generated/expr/IntegerLiteralExpr.qll aa54660c47169a35e396ea44430c3c4ec4353e33df1a00bd82aff7119f5af71b 7ba90cf17dd34080a9923253986b0f2680b44c4a4ba6e0fbad8b39d3b20c44b9 -lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll e2c1aadf140c808a615bdc8732a154f6c1f8b79168779e1ba48753506fbd9516 5e9f20ee16b133269de6874c6776611b6f4eaec202a0e6a955a572c2a082ac40 +lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll 8090616e43d79e03c2250352da722f577c4b6531befe40f2d2910db0db3895bc ba09ffbbe3557e6fc6a3219d656e5ce886d70117eea15334cf910825f2250e6e lib/codeql/swift/generated/expr/IsExpr.qll b5ca50490cae8ac590b68a1a51b7039a54280d606b42c444808a04fa26c7e1b6 b5ca50490cae8ac590b68a1a51b7039a54280d606b42c444808a04fa26c7e1b6 lib/codeql/swift/generated/expr/KeyPathApplicationExpr.qll 157a9c2fcf229b76d104abfa49f74337e20ac4d1fa1be2eaed1290cbd9bd1232 70ec0e7ee2e2c716ba510916fdf6d1d6dd6fd93b740a46c909ddb9e877427fe1 lib/codeql/swift/generated/expr/KeyPathDotExpr.qll ea73a462801fbe5e27b2f47bca4b39f6936d326d15d6de3f18b7afa6ace35878 ea73a462801fbe5e27b2f47bca4b39f6936d326d15d6de3f18b7afa6ace35878 diff --git a/swift/ql/lib/codeql/swift/generated/ParentChild.qll b/swift/ql/lib/codeql/swift/generated/ParentChild.qll index 09c48606353..7b8c9313e56 100644 --- a/swift/ql/lib/codeql/swift/generated/ParentChild.qll +++ b/swift/ql/lib/codeql/swift/generated/ParentChild.qll @@ -2515,31 +2515,18 @@ private module Impl { private Element getImmediateChildOfInterpolatedStringLiteralExpr( InterpolatedStringLiteralExpr e, int index, string partialPredicateCall ) { - exists( - int b, int bLiteralExpr, int n, int nInterpolationCountExpr, int nLiteralCapacityExpr, - int nAppendingExpr - | + exists(int b, int bLiteralExpr, int n, int nAppendingExpr | b = 0 and bLiteralExpr = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfLiteralExpr(e, i, _)) | i) and n = bLiteralExpr and - nInterpolationCountExpr = n + 1 and - nLiteralCapacityExpr = nInterpolationCountExpr + 1 and - nAppendingExpr = nLiteralCapacityExpr + 1 and + nAppendingExpr = n + 1 and ( none() or result = getImmediateChildOfLiteralExpr(e, index - b, partialPredicateCall) or index = n and - result = e.getImmediateInterpolationCountExpr() and - partialPredicateCall = "InterpolationCountExpr()" - or - index = nInterpolationCountExpr and - result = e.getImmediateLiteralCapacityExpr() and - partialPredicateCall = "LiteralCapacityExpr()" - or - index = nLiteralCapacityExpr and result = e.getImmediateAppendingExpr() and partialPredicateCall = "AppendingExpr()" ) diff --git a/swift/ql/lib/codeql/swift/generated/Raw.qll b/swift/ql/lib/codeql/swift/generated/Raw.qll index dc5ddeed979..f9a967867aa 100644 --- a/swift/ql/lib/codeql/swift/generated/Raw.qll +++ b/swift/ql/lib/codeql/swift/generated/Raw.qll @@ -1961,20 +1961,6 @@ module Raw { interpolated_string_literal_expr_interpolation_exprs(this, result) } - /** - * Gets the interpolation count expression of this interpolated string literal expression, if it exists. - */ - Expr getInterpolationCountExpr() { - interpolated_string_literal_expr_interpolation_count_exprs(this, result) - } - - /** - * Gets the literal capacity expression of this interpolated string literal expression, if it exists. - */ - Expr getLiteralCapacityExpr() { - interpolated_string_literal_expr_literal_capacity_exprs(this, result) - } - /** * Gets the appending expression of this interpolated string literal expression, if it exists. */ diff --git a/swift/ql/lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll index c7f67891199..abdcf4a1850 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll @@ -1,7 +1,6 @@ // generated by codegen/codegen.py private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw -import codeql.swift.elements.expr.Expr import codeql.swift.elements.expr.LiteralExpr import codeql.swift.elements.expr.OpaqueValueExpr import codeql.swift.elements.expr.TapExpr @@ -38,62 +37,6 @@ module Generated { */ final predicate hasInterpolationExpr() { exists(this.getInterpolationExpr()) } - /** - * Gets the interpolation count expression of this interpolated string literal expression, if it exists. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. - */ - Expr getImmediateInterpolationCountExpr() { - result = - Synth::convertExprFromRaw(Synth::convertInterpolatedStringLiteralExprToRaw(this) - .(Raw::InterpolatedStringLiteralExpr) - .getInterpolationCountExpr()) - } - - /** - * Gets the interpolation count expression of this interpolated string literal expression, if it exists. - */ - final Expr getInterpolationCountExpr() { - exists(Expr immediate | - immediate = this.getImmediateInterpolationCountExpr() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - - /** - * Holds if `getInterpolationCountExpr()` exists. - */ - final predicate hasInterpolationCountExpr() { exists(this.getInterpolationCountExpr()) } - - /** - * Gets the literal capacity expression of this interpolated string literal expression, if it exists. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. - */ - Expr getImmediateLiteralCapacityExpr() { - result = - Synth::convertExprFromRaw(Synth::convertInterpolatedStringLiteralExprToRaw(this) - .(Raw::InterpolatedStringLiteralExpr) - .getLiteralCapacityExpr()) - } - - /** - * Gets the literal capacity expression of this interpolated string literal expression, if it exists. - */ - final Expr getLiteralCapacityExpr() { - exists(Expr immediate | - immediate = this.getImmediateLiteralCapacityExpr() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - - /** - * Holds if `getLiteralCapacityExpr()` exists. - */ - final predicate hasLiteralCapacityExpr() { exists(this.getLiteralCapacityExpr()) } - /** * Gets the appending expression of this interpolated string literal expression, if it exists. * diff --git a/swift/ql/lib/swift.dbscheme b/swift/ql/lib/swift.dbscheme index ba4171b90d0..44e36e15e90 100644 --- a/swift/ql/lib/swift.dbscheme +++ b/swift/ql/lib/swift.dbscheme @@ -1382,18 +1382,6 @@ interpolated_string_literal_expr_interpolation_exprs( //dir=expr int interpolation_expr: @opaque_value_expr_or_none ref ); -#keyset[id] -interpolated_string_literal_expr_interpolation_count_exprs( //dir=expr - int id: @interpolated_string_literal_expr ref, - int interpolation_count_expr: @expr_or_none ref -); - -#keyset[id] -interpolated_string_literal_expr_literal_capacity_exprs( //dir=expr - int id: @interpolated_string_literal_expr ref, - int literal_capacity_expr: @expr_or_none ref -); - #keyset[id] interpolated_string_literal_expr_appending_exprs( //dir=expr int id: @interpolated_string_literal_expr ref, diff --git a/swift/ql/lib/upgrades/ba4171b90d0665b40e9e203bac9e3d4a0b2d03ec/integer_literal_exprs.ql b/swift/ql/lib/upgrades/ba4171b90d0665b40e9e203bac9e3d4a0b2d03ec/integer_literal_exprs.ql new file mode 100644 index 00000000000..fc9d93c02b6 --- /dev/null +++ b/swift/ql/lib/upgrades/ba4171b90d0665b40e9e203bac9e3d4a0b2d03ec/integer_literal_exprs.ql @@ -0,0 +1,13 @@ +class Element extends @element { + string toString() { none() } +} + +from Element i, string value +where + integer_literal_exprs(i, value) and + not exists(Element interpolated | + interpolated_string_literal_expr_interpolation_count_exprs(interpolated, i) + or + interpolated_string_literal_expr_literal_capacity_exprs(interpolated, i) + ) +select i, value diff --git a/swift/ql/lib/upgrades/ba4171b90d0665b40e9e203bac9e3d4a0b2d03ec/old.dbscheme b/swift/ql/lib/upgrades/ba4171b90d0665b40e9e203bac9e3d4a0b2d03ec/old.dbscheme new file mode 100644 index 00000000000..ba4171b90d0 --- /dev/null +++ b/swift/ql/lib/upgrades/ba4171b90d0665b40e9e203bac9e3d4a0b2d03ec/old.dbscheme @@ -0,0 +1,2630 @@ +// generated by codegen/codegen.py + +// from prefix.dbscheme +/** + * The source location of the snapshot. + */ +sourceLocationPrefix( + string prefix: string ref +); + + +// from schema.py + +@element = + @callable +| @file +| @generic_context +| @locatable +| @location +| @type +; + +#keyset[id] +element_is_unknown( + int id: @element ref +); + +@callable = + @closure_expr +| @function +; + +#keyset[id] +callable_names( + int id: @callable ref, + string name: string ref +); + +#keyset[id] +callable_self_params( + int id: @callable ref, + int self_param: @param_decl_or_none ref +); + +#keyset[id, index] +callable_params( + int id: @callable ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +#keyset[id] +callable_bodies( + int id: @callable ref, + int body: @brace_stmt_or_none ref +); + +#keyset[id, index] +callable_captures( + int id: @callable ref, + int index: int ref, + int capture: @captured_decl_or_none ref +); + +@file = + @db_file +; + +#keyset[id] +files( + int id: @file ref, + string name: string ref +); + +#keyset[id] +file_is_successfully_extracted( + int id: @file ref +); + +@locatable = + @argument +| @ast_node +| @comment +| @diagnostics +| @error_element +; + +#keyset[id] +locatable_locations( + int id: @locatable ref, + int location: @location_or_none ref +); + +@location = + @db_location +; + +#keyset[id] +locations( + int id: @location ref, + int file: @file_or_none ref, + int start_line: int ref, + int start_column: int ref, + int end_line: int ref, + int end_column: int ref +); + +@ast_node = + @availability_info +| @availability_spec +| @case_label_item +| @condition_element +| @decl +| @expr +| @key_path_component +| @pattern +| @stmt +| @stmt_condition +| @type_repr +; + +comments( + unique int id: @comment, + string text: string ref +); + +db_files( + unique int id: @db_file +); + +db_locations( + unique int id: @db_location +); + +diagnostics( + unique int id: @diagnostics, + string text: string ref, + int kind: int ref +); + +@error_element = + @error_expr +| @error_type +| @overloaded_decl_ref_expr +| @unresolved_decl_ref_expr +| @unresolved_dot_expr +| @unresolved_member_chain_result_expr +| @unresolved_member_expr +| @unresolved_pattern_expr +| @unresolved_specialize_expr +| @unresolved_type +| @unresolved_type_conversion_expr +| @unspecified_element +; + +availability_infos( + unique int id: @availability_info +); + +#keyset[id] +availability_info_is_unavailable( + int id: @availability_info ref +); + +#keyset[id, index] +availability_info_specs( + int id: @availability_info ref, + int index: int ref, + int spec: @availability_spec_or_none ref +); + +@availability_spec = + @other_availability_spec +| @platform_version_availability_spec +; + +key_path_components( + unique int id: @key_path_component, + int kind: int ref, + int component_type: @type_or_none ref +); + +#keyset[id, index] +key_path_component_subscript_arguments( + int id: @key_path_component ref, + int index: int ref, + int subscript_argument: @argument_or_none ref +); + +#keyset[id] +key_path_component_tuple_indices( + int id: @key_path_component ref, + int tuple_index: int ref +); + +#keyset[id] +key_path_component_decl_refs( + int id: @key_path_component ref, + int decl_ref: @value_decl_or_none ref +); + +unspecified_elements( + unique int id: @unspecified_element, + string property: string ref, + string error: string ref +); + +#keyset[id] +unspecified_element_parents( + int id: @unspecified_element ref, + int parent: @element ref +); + +#keyset[id] +unspecified_element_indices( + int id: @unspecified_element ref, + int index: int ref +); + +other_availability_specs( + unique int id: @other_availability_spec +); + +platform_version_availability_specs( + unique int id: @platform_version_availability_spec, + string platform: string ref, + string version: string ref +); + +@decl = + @captured_decl +| @enum_case_decl +| @extension_decl +| @if_config_decl +| @import_decl +| @missing_member_decl +| @operator_decl +| @pattern_binding_decl +| @pound_diagnostic_decl +| @precedence_group_decl +| @top_level_code_decl +| @value_decl +; + +#keyset[id] +decls( //dir=decl + int id: @decl ref, + int module: @module_decl_or_none ref +); + +#keyset[id, index] +decl_members( //dir=decl + int id: @decl ref, + int index: int ref, + int member: @decl_or_none ref +); + +@generic_context = + @extension_decl +| @function +| @generic_type_decl +| @subscript_decl +; + +#keyset[id, index] +generic_context_generic_type_params( //dir=decl + int id: @generic_context ref, + int index: int ref, + int generic_type_param: @generic_type_param_decl_or_none ref +); + +captured_decls( //dir=decl + unique int id: @captured_decl, + int decl: @value_decl_or_none ref +); + +#keyset[id] +captured_decl_is_direct( //dir=decl + int id: @captured_decl ref +); + +#keyset[id] +captured_decl_is_escaping( //dir=decl + int id: @captured_decl ref +); + +enum_case_decls( //dir=decl + unique int id: @enum_case_decl +); + +#keyset[id, index] +enum_case_decl_elements( //dir=decl + int id: @enum_case_decl ref, + int index: int ref, + int element: @enum_element_decl_or_none ref +); + +extension_decls( //dir=decl + unique int id: @extension_decl, + int extended_type_decl: @nominal_type_decl_or_none ref +); + +#keyset[id, index] +extension_decl_protocols( //dir=decl + int id: @extension_decl ref, + int index: int ref, + int protocol: @protocol_decl_or_none ref +); + +if_config_decls( //dir=decl + unique int id: @if_config_decl +); + +#keyset[id, index] +if_config_decl_active_elements( //dir=decl + int id: @if_config_decl ref, + int index: int ref, + int active_element: @ast_node_or_none ref +); + +import_decls( //dir=decl + unique int id: @import_decl +); + +#keyset[id] +import_decl_is_exported( //dir=decl + int id: @import_decl ref +); + +#keyset[id] +import_decl_imported_modules( //dir=decl + int id: @import_decl ref, + int imported_module: @module_decl_or_none ref +); + +#keyset[id, index] +import_decl_declarations( //dir=decl + int id: @import_decl ref, + int index: int ref, + int declaration: @value_decl_or_none ref +); + +missing_member_decls( //dir=decl + unique int id: @missing_member_decl, + string name: string ref +); + +@operator_decl = + @infix_operator_decl +| @postfix_operator_decl +| @prefix_operator_decl +; + +#keyset[id] +operator_decls( //dir=decl + int id: @operator_decl ref, + string name: string ref +); + +pattern_binding_decls( //dir=decl + unique int id: @pattern_binding_decl +); + +#keyset[id, index] +pattern_binding_decl_inits( //dir=decl + int id: @pattern_binding_decl ref, + int index: int ref, + int init: @expr_or_none ref +); + +#keyset[id, index] +pattern_binding_decl_patterns( //dir=decl + int id: @pattern_binding_decl ref, + int index: int ref, + int pattern: @pattern_or_none ref +); + +pound_diagnostic_decls( //dir=decl + unique int id: @pound_diagnostic_decl, + int kind: int ref, + int message: @string_literal_expr_or_none ref +); + +precedence_group_decls( //dir=decl + unique int id: @precedence_group_decl +); + +top_level_code_decls( //dir=decl + unique int id: @top_level_code_decl, + int body: @brace_stmt_or_none ref +); + +@value_decl = + @abstract_storage_decl +| @enum_element_decl +| @function +| @type_decl +; + +#keyset[id] +value_decls( //dir=decl + int id: @value_decl ref, + int interface_type: @type_or_none ref +); + +@abstract_storage_decl = + @subscript_decl +| @var_decl +; + +#keyset[id, index] +abstract_storage_decl_accessors( //dir=decl + int id: @abstract_storage_decl ref, + int index: int ref, + int accessor: @accessor_or_none ref +); + +enum_element_decls( //dir=decl + unique int id: @enum_element_decl, + string name: string ref +); + +#keyset[id, index] +enum_element_decl_params( //dir=decl + int id: @enum_element_decl ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +@function = + @accessor_or_named_function +| @deinitializer +| @initializer +; + +infix_operator_decls( //dir=decl + unique int id: @infix_operator_decl +); + +#keyset[id] +infix_operator_decl_precedence_groups( //dir=decl + int id: @infix_operator_decl ref, + int precedence_group: @precedence_group_decl_or_none ref +); + +postfix_operator_decls( //dir=decl + unique int id: @postfix_operator_decl +); + +prefix_operator_decls( //dir=decl + unique int id: @prefix_operator_decl +); + +@type_decl = + @abstract_type_param_decl +| @generic_type_decl +| @module_decl +; + +#keyset[id] +type_decls( //dir=decl + int id: @type_decl ref, + string name: string ref +); + +#keyset[id, index] +type_decl_base_types( //dir=decl + int id: @type_decl ref, + int index: int ref, + int base_type: @type_or_none ref +); + +@abstract_type_param_decl = + @associated_type_decl +| @generic_type_param_decl +; + +@accessor_or_named_function = + @accessor +| @named_function +; + +deinitializers( //dir=decl + unique int id: @deinitializer +); + +@generic_type_decl = + @nominal_type_decl +| @opaque_type_decl +| @type_alias_decl +; + +initializers( //dir=decl + unique int id: @initializer +); + +module_decls( //dir=decl + unique int id: @module_decl +); + +#keyset[id] +module_decl_is_builtin_module( //dir=decl + int id: @module_decl ref +); + +#keyset[id] +module_decl_is_system_module( //dir=decl + int id: @module_decl ref +); + +module_decl_imported_modules( //dir=decl + int id: @module_decl ref, + int imported_module: @module_decl_or_none ref +); + +module_decl_exported_modules( //dir=decl + int id: @module_decl ref, + int exported_module: @module_decl_or_none ref +); + +subscript_decls( //dir=decl + unique int id: @subscript_decl, + int element_type: @type_or_none ref +); + +#keyset[id, index] +subscript_decl_params( //dir=decl + int id: @subscript_decl ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +@var_decl = + @concrete_var_decl +| @param_decl +; + +#keyset[id] +var_decls( //dir=decl + int id: @var_decl ref, + string name: string ref, + int type_: @type_or_none ref +); + +#keyset[id] +var_decl_attached_property_wrapper_types( //dir=decl + int id: @var_decl ref, + int attached_property_wrapper_type: @type_or_none ref +); + +#keyset[id] +var_decl_parent_patterns( //dir=decl + int id: @var_decl ref, + int parent_pattern: @pattern_or_none ref +); + +#keyset[id] +var_decl_parent_initializers( //dir=decl + int id: @var_decl ref, + int parent_initializer: @expr_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_backing_var_bindings( //dir=decl + int id: @var_decl ref, + int property_wrapper_backing_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_backing_vars( //dir=decl + int id: @var_decl ref, + int property_wrapper_backing_var: @var_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_projection_var_bindings( //dir=decl + int id: @var_decl ref, + int property_wrapper_projection_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_projection_vars( //dir=decl + int id: @var_decl ref, + int property_wrapper_projection_var: @var_decl_or_none ref +); + +accessors( //dir=decl + unique int id: @accessor +); + +#keyset[id] +accessor_is_getter( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_setter( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_will_set( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_did_set( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_read( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_modify( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_unsafe_address( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_unsafe_mutable_address( //dir=decl + int id: @accessor ref +); + +associated_type_decls( //dir=decl + unique int id: @associated_type_decl +); + +concrete_var_decls( //dir=decl + unique int id: @concrete_var_decl, + int introducer_int: int ref +); + +generic_type_param_decls( //dir=decl + unique int id: @generic_type_param_decl +); + +named_functions( //dir=decl + unique int id: @named_function +); + +@nominal_type_decl = + @class_decl +| @enum_decl +| @protocol_decl +| @struct_decl +; + +#keyset[id] +nominal_type_decls( //dir=decl + int id: @nominal_type_decl ref, + int type_: @type_or_none ref +); + +opaque_type_decls( //dir=decl + unique int id: @opaque_type_decl, + int naming_declaration: @value_decl_or_none ref +); + +#keyset[id, index] +opaque_type_decl_opaque_generic_params( //dir=decl + int id: @opaque_type_decl ref, + int index: int ref, + int opaque_generic_param: @generic_type_param_type_or_none ref +); + +param_decls( //dir=decl + unique int id: @param_decl +); + +#keyset[id] +param_decl_is_inout( //dir=decl + int id: @param_decl ref +); + +#keyset[id] +param_decl_property_wrapper_local_wrapped_var_bindings( //dir=decl + int id: @param_decl ref, + int property_wrapper_local_wrapped_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +param_decl_property_wrapper_local_wrapped_vars( //dir=decl + int id: @param_decl ref, + int property_wrapper_local_wrapped_var: @var_decl_or_none ref +); + +type_alias_decls( //dir=decl + unique int id: @type_alias_decl, + int aliased_type: @type_or_none ref +); + +class_decls( //dir=decl + unique int id: @class_decl +); + +enum_decls( //dir=decl + unique int id: @enum_decl +); + +protocol_decls( //dir=decl + unique int id: @protocol_decl +); + +struct_decls( //dir=decl + unique int id: @struct_decl +); + +arguments( //dir=expr + unique int id: @argument, + string label: string ref, + int expr: @expr_or_none ref +); + +@expr = + @any_try_expr +| @applied_property_wrapper_expr +| @apply_expr +| @assign_expr +| @bind_optional_expr +| @capture_list_expr +| @closure_expr +| @collection_expr +| @decl_ref_expr +| @default_argument_expr +| @discard_assignment_expr +| @dot_syntax_base_ignored_expr +| @dynamic_type_expr +| @enum_is_case_expr +| @error_expr +| @explicit_cast_expr +| @force_value_expr +| @identity_expr +| @if_expr +| @implicit_conversion_expr +| @in_out_expr +| @key_path_application_expr +| @key_path_dot_expr +| @key_path_expr +| @lazy_initialization_expr +| @literal_expr +| @lookup_expr +| @make_temporarily_escapable_expr +| @obj_c_selector_expr +| @one_way_expr +| @opaque_value_expr +| @open_existential_expr +| @optional_evaluation_expr +| @other_initializer_ref_expr +| @overloaded_decl_ref_expr +| @property_wrapper_value_placeholder_expr +| @rebind_self_in_initializer_expr +| @sequence_expr +| @super_ref_expr +| @tap_expr +| @tuple_element_expr +| @tuple_expr +| @type_expr +| @unresolved_decl_ref_expr +| @unresolved_dot_expr +| @unresolved_member_expr +| @unresolved_pattern_expr +| @unresolved_specialize_expr +| @vararg_expansion_expr +; + +#keyset[id] +expr_types( //dir=expr + int id: @expr ref, + int type_: @type_or_none ref +); + +@any_try_expr = + @force_try_expr +| @optional_try_expr +| @try_expr +; + +#keyset[id] +any_try_exprs( //dir=expr + int id: @any_try_expr ref, + int sub_expr: @expr_or_none ref +); + +applied_property_wrapper_exprs( //dir=expr + unique int id: @applied_property_wrapper_expr, + int kind: int ref, + int value: @expr_or_none ref, + int param: @param_decl_or_none ref +); + +@apply_expr = + @binary_expr +| @call_expr +| @postfix_unary_expr +| @prefix_unary_expr +| @self_apply_expr +; + +#keyset[id] +apply_exprs( //dir=expr + int id: @apply_expr ref, + int function: @expr_or_none ref +); + +#keyset[id, index] +apply_expr_arguments( //dir=expr + int id: @apply_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +assign_exprs( //dir=expr + unique int id: @assign_expr, + int dest: @expr_or_none ref, + int source: @expr_or_none ref +); + +bind_optional_exprs( //dir=expr + unique int id: @bind_optional_expr, + int sub_expr: @expr_or_none ref +); + +capture_list_exprs( //dir=expr + unique int id: @capture_list_expr, + int closure_body: @explicit_closure_expr_or_none ref +); + +#keyset[id, index] +capture_list_expr_binding_decls( //dir=expr + int id: @capture_list_expr ref, + int index: int ref, + int binding_decl: @pattern_binding_decl_or_none ref +); + +@closure_expr = + @auto_closure_expr +| @explicit_closure_expr +; + +@collection_expr = + @array_expr +| @dictionary_expr +; + +decl_ref_exprs( //dir=expr + unique int id: @decl_ref_expr, + int decl: @decl_or_none ref +); + +#keyset[id, index] +decl_ref_expr_replacement_types( //dir=expr + int id: @decl_ref_expr ref, + int index: int ref, + int replacement_type: @type_or_none ref +); + +#keyset[id] +decl_ref_expr_has_direct_to_storage_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_ordinary_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_distributed_thunk_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +default_argument_exprs( //dir=expr + unique int id: @default_argument_expr, + int param_decl: @param_decl_or_none ref, + int param_index: int ref +); + +#keyset[id] +default_argument_expr_caller_side_defaults( //dir=expr + int id: @default_argument_expr ref, + int caller_side_default: @expr_or_none ref +); + +discard_assignment_exprs( //dir=expr + unique int id: @discard_assignment_expr +); + +dot_syntax_base_ignored_exprs( //dir=expr + unique int id: @dot_syntax_base_ignored_expr, + int qualifier: @expr_or_none ref, + int sub_expr: @expr_or_none ref +); + +dynamic_type_exprs( //dir=expr + unique int id: @dynamic_type_expr, + int base: @expr_or_none ref +); + +enum_is_case_exprs( //dir=expr + unique int id: @enum_is_case_expr, + int sub_expr: @expr_or_none ref, + int element: @enum_element_decl_or_none ref +); + +error_exprs( //dir=expr + unique int id: @error_expr +); + +@explicit_cast_expr = + @checked_cast_expr +| @coerce_expr +; + +#keyset[id] +explicit_cast_exprs( //dir=expr + int id: @explicit_cast_expr ref, + int sub_expr: @expr_or_none ref +); + +force_value_exprs( //dir=expr + unique int id: @force_value_expr, + int sub_expr: @expr_or_none ref +); + +@identity_expr = + @await_expr +| @dot_self_expr +| @paren_expr +| @unresolved_member_chain_result_expr +; + +#keyset[id] +identity_exprs( //dir=expr + int id: @identity_expr ref, + int sub_expr: @expr_or_none ref +); + +if_exprs( //dir=expr + unique int id: @if_expr, + int condition: @expr_or_none ref, + int then_expr: @expr_or_none ref, + int else_expr: @expr_or_none ref +); + +@implicit_conversion_expr = + @abi_safe_conversion_expr +| @any_hashable_erasure_expr +| @archetype_to_super_expr +| @array_to_pointer_expr +| @bridge_from_obj_c_expr +| @bridge_to_obj_c_expr +| @class_metatype_to_object_expr +| @collection_upcast_conversion_expr +| @conditional_bridge_from_obj_c_expr +| @covariant_function_conversion_expr +| @covariant_return_conversion_expr +| @derived_to_base_expr +| @destructure_tuple_expr +| @differentiable_function_expr +| @differentiable_function_extract_original_expr +| @erasure_expr +| @existential_metatype_to_object_expr +| @foreign_object_conversion_expr +| @function_conversion_expr +| @in_out_to_pointer_expr +| @inject_into_optional_expr +| @linear_function_expr +| @linear_function_extract_original_expr +| @linear_to_differentiable_function_expr +| @load_expr +| @metatype_conversion_expr +| @pointer_to_pointer_expr +| @protocol_metatype_to_object_expr +| @string_to_pointer_expr +| @underlying_to_opaque_expr +| @unevaluated_instance_expr +| @unresolved_type_conversion_expr +; + +#keyset[id] +implicit_conversion_exprs( //dir=expr + int id: @implicit_conversion_expr ref, + int sub_expr: @expr_or_none ref +); + +in_out_exprs( //dir=expr + unique int id: @in_out_expr, + int sub_expr: @expr_or_none ref +); + +key_path_application_exprs( //dir=expr + unique int id: @key_path_application_expr, + int base: @expr_or_none ref, + int key_path: @expr_or_none ref +); + +key_path_dot_exprs( //dir=expr + unique int id: @key_path_dot_expr +); + +key_path_exprs( //dir=expr + unique int id: @key_path_expr +); + +#keyset[id] +key_path_expr_roots( //dir=expr + int id: @key_path_expr ref, + int root: @type_repr_or_none ref +); + +#keyset[id, index] +key_path_expr_components( //dir=expr + int id: @key_path_expr ref, + int index: int ref, + int component: @key_path_component_or_none ref +); + +lazy_initialization_exprs( //dir=expr + unique int id: @lazy_initialization_expr, + int sub_expr: @expr_or_none ref +); + +@literal_expr = + @builtin_literal_expr +| @interpolated_string_literal_expr +| @nil_literal_expr +| @object_literal_expr +| @regex_literal_expr +; + +@lookup_expr = + @dynamic_lookup_expr +| @member_ref_expr +| @subscript_expr +; + +#keyset[id] +lookup_exprs( //dir=expr + int id: @lookup_expr ref, + int base: @expr_or_none ref +); + +#keyset[id] +lookup_expr_members( //dir=expr + int id: @lookup_expr ref, + int member: @decl_or_none ref +); + +make_temporarily_escapable_exprs( //dir=expr + unique int id: @make_temporarily_escapable_expr, + int escaping_closure: @opaque_value_expr_or_none ref, + int nonescaping_closure: @expr_or_none ref, + int sub_expr: @expr_or_none ref +); + +obj_c_selector_exprs( //dir=expr + unique int id: @obj_c_selector_expr, + int sub_expr: @expr_or_none ref, + int method: @function_or_none ref +); + +one_way_exprs( //dir=expr + unique int id: @one_way_expr, + int sub_expr: @expr_or_none ref +); + +opaque_value_exprs( //dir=expr + unique int id: @opaque_value_expr +); + +open_existential_exprs( //dir=expr + unique int id: @open_existential_expr, + int sub_expr: @expr_or_none ref, + int existential: @expr_or_none ref, + int opaque_expr: @opaque_value_expr_or_none ref +); + +optional_evaluation_exprs( //dir=expr + unique int id: @optional_evaluation_expr, + int sub_expr: @expr_or_none ref +); + +other_initializer_ref_exprs( //dir=expr + unique int id: @other_initializer_ref_expr, + int initializer: @initializer_or_none ref +); + +overloaded_decl_ref_exprs( //dir=expr + unique int id: @overloaded_decl_ref_expr +); + +#keyset[id, index] +overloaded_decl_ref_expr_possible_declarations( //dir=expr + int id: @overloaded_decl_ref_expr ref, + int index: int ref, + int possible_declaration: @value_decl_or_none ref +); + +property_wrapper_value_placeholder_exprs( //dir=expr + unique int id: @property_wrapper_value_placeholder_expr, + int placeholder: @opaque_value_expr_or_none ref +); + +#keyset[id] +property_wrapper_value_placeholder_expr_wrapped_values( //dir=expr + int id: @property_wrapper_value_placeholder_expr ref, + int wrapped_value: @expr_or_none ref +); + +rebind_self_in_initializer_exprs( //dir=expr + unique int id: @rebind_self_in_initializer_expr, + int sub_expr: @expr_or_none ref, + int self: @var_decl_or_none ref +); + +sequence_exprs( //dir=expr + unique int id: @sequence_expr +); + +#keyset[id, index] +sequence_expr_elements( //dir=expr + int id: @sequence_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +super_ref_exprs( //dir=expr + unique int id: @super_ref_expr, + int self: @var_decl_or_none ref +); + +tap_exprs( //dir=expr + unique int id: @tap_expr, + int body: @brace_stmt_or_none ref, + int var: @var_decl_or_none ref +); + +#keyset[id] +tap_expr_sub_exprs( //dir=expr + int id: @tap_expr ref, + int sub_expr: @expr_or_none ref +); + +tuple_element_exprs( //dir=expr + unique int id: @tuple_element_expr, + int sub_expr: @expr_or_none ref, + int index: int ref +); + +tuple_exprs( //dir=expr + unique int id: @tuple_expr +); + +#keyset[id, index] +tuple_expr_elements( //dir=expr + int id: @tuple_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +type_exprs( //dir=expr + unique int id: @type_expr +); + +#keyset[id] +type_expr_type_reprs( //dir=expr + int id: @type_expr ref, + int type_repr: @type_repr_or_none ref +); + +unresolved_decl_ref_exprs( //dir=expr + unique int id: @unresolved_decl_ref_expr +); + +#keyset[id] +unresolved_decl_ref_expr_names( //dir=expr + int id: @unresolved_decl_ref_expr ref, + string name: string ref +); + +unresolved_dot_exprs( //dir=expr + unique int id: @unresolved_dot_expr, + int base: @expr_or_none ref, + string name: string ref +); + +unresolved_member_exprs( //dir=expr + unique int id: @unresolved_member_expr, + string name: string ref +); + +unresolved_pattern_exprs( //dir=expr + unique int id: @unresolved_pattern_expr, + int sub_pattern: @pattern_or_none ref +); + +unresolved_specialize_exprs( //dir=expr + unique int id: @unresolved_specialize_expr, + int sub_expr: @expr_or_none ref +); + +vararg_expansion_exprs( //dir=expr + unique int id: @vararg_expansion_expr, + int sub_expr: @expr_or_none ref +); + +abi_safe_conversion_exprs( //dir=expr + unique int id: @abi_safe_conversion_expr +); + +any_hashable_erasure_exprs( //dir=expr + unique int id: @any_hashable_erasure_expr +); + +archetype_to_super_exprs( //dir=expr + unique int id: @archetype_to_super_expr +); + +array_exprs( //dir=expr + unique int id: @array_expr +); + +#keyset[id, index] +array_expr_elements( //dir=expr + int id: @array_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +array_to_pointer_exprs( //dir=expr + unique int id: @array_to_pointer_expr +); + +auto_closure_exprs( //dir=expr + unique int id: @auto_closure_expr +); + +await_exprs( //dir=expr + unique int id: @await_expr +); + +binary_exprs( //dir=expr + unique int id: @binary_expr +); + +bridge_from_obj_c_exprs( //dir=expr + unique int id: @bridge_from_obj_c_expr +); + +bridge_to_obj_c_exprs( //dir=expr + unique int id: @bridge_to_obj_c_expr +); + +@builtin_literal_expr = + @boolean_literal_expr +| @magic_identifier_literal_expr +| @number_literal_expr +| @string_literal_expr +; + +call_exprs( //dir=expr + unique int id: @call_expr +); + +@checked_cast_expr = + @conditional_checked_cast_expr +| @forced_checked_cast_expr +| @is_expr +; + +class_metatype_to_object_exprs( //dir=expr + unique int id: @class_metatype_to_object_expr +); + +coerce_exprs( //dir=expr + unique int id: @coerce_expr +); + +collection_upcast_conversion_exprs( //dir=expr + unique int id: @collection_upcast_conversion_expr +); + +conditional_bridge_from_obj_c_exprs( //dir=expr + unique int id: @conditional_bridge_from_obj_c_expr +); + +covariant_function_conversion_exprs( //dir=expr + unique int id: @covariant_function_conversion_expr +); + +covariant_return_conversion_exprs( //dir=expr + unique int id: @covariant_return_conversion_expr +); + +derived_to_base_exprs( //dir=expr + unique int id: @derived_to_base_expr +); + +destructure_tuple_exprs( //dir=expr + unique int id: @destructure_tuple_expr +); + +dictionary_exprs( //dir=expr + unique int id: @dictionary_expr +); + +#keyset[id, index] +dictionary_expr_elements( //dir=expr + int id: @dictionary_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +differentiable_function_exprs( //dir=expr + unique int id: @differentiable_function_expr +); + +differentiable_function_extract_original_exprs( //dir=expr + unique int id: @differentiable_function_extract_original_expr +); + +dot_self_exprs( //dir=expr + unique int id: @dot_self_expr +); + +@dynamic_lookup_expr = + @dynamic_member_ref_expr +| @dynamic_subscript_expr +; + +erasure_exprs( //dir=expr + unique int id: @erasure_expr +); + +existential_metatype_to_object_exprs( //dir=expr + unique int id: @existential_metatype_to_object_expr +); + +explicit_closure_exprs( //dir=expr + unique int id: @explicit_closure_expr +); + +force_try_exprs( //dir=expr + unique int id: @force_try_expr +); + +foreign_object_conversion_exprs( //dir=expr + unique int id: @foreign_object_conversion_expr +); + +function_conversion_exprs( //dir=expr + unique int id: @function_conversion_expr +); + +in_out_to_pointer_exprs( //dir=expr + unique int id: @in_out_to_pointer_expr +); + +inject_into_optional_exprs( //dir=expr + unique int id: @inject_into_optional_expr +); + +interpolated_string_literal_exprs( //dir=expr + unique int id: @interpolated_string_literal_expr +); + +#keyset[id] +interpolated_string_literal_expr_interpolation_exprs( //dir=expr + int id: @interpolated_string_literal_expr ref, + int interpolation_expr: @opaque_value_expr_or_none ref +); + +#keyset[id] +interpolated_string_literal_expr_interpolation_count_exprs( //dir=expr + int id: @interpolated_string_literal_expr ref, + int interpolation_count_expr: @expr_or_none ref +); + +#keyset[id] +interpolated_string_literal_expr_literal_capacity_exprs( //dir=expr + int id: @interpolated_string_literal_expr ref, + int literal_capacity_expr: @expr_or_none ref +); + +#keyset[id] +interpolated_string_literal_expr_appending_exprs( //dir=expr + int id: @interpolated_string_literal_expr ref, + int appending_expr: @tap_expr_or_none ref +); + +linear_function_exprs( //dir=expr + unique int id: @linear_function_expr +); + +linear_function_extract_original_exprs( //dir=expr + unique int id: @linear_function_extract_original_expr +); + +linear_to_differentiable_function_exprs( //dir=expr + unique int id: @linear_to_differentiable_function_expr +); + +load_exprs( //dir=expr + unique int id: @load_expr +); + +member_ref_exprs( //dir=expr + unique int id: @member_ref_expr +); + +#keyset[id] +member_ref_expr_has_direct_to_storage_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_ordinary_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_distributed_thunk_semantics( //dir=expr + int id: @member_ref_expr ref +); + +metatype_conversion_exprs( //dir=expr + unique int id: @metatype_conversion_expr +); + +nil_literal_exprs( //dir=expr + unique int id: @nil_literal_expr +); + +object_literal_exprs( //dir=expr + unique int id: @object_literal_expr, + int kind: int ref +); + +#keyset[id, index] +object_literal_expr_arguments( //dir=expr + int id: @object_literal_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +optional_try_exprs( //dir=expr + unique int id: @optional_try_expr +); + +paren_exprs( //dir=expr + unique int id: @paren_expr +); + +pointer_to_pointer_exprs( //dir=expr + unique int id: @pointer_to_pointer_expr +); + +postfix_unary_exprs( //dir=expr + unique int id: @postfix_unary_expr +); + +prefix_unary_exprs( //dir=expr + unique int id: @prefix_unary_expr +); + +protocol_metatype_to_object_exprs( //dir=expr + unique int id: @protocol_metatype_to_object_expr +); + +regex_literal_exprs( //dir=expr + unique int id: @regex_literal_expr, + string pattern: string ref, + int version: int ref +); + +@self_apply_expr = + @dot_syntax_call_expr +| @initializer_ref_call_expr +; + +#keyset[id] +self_apply_exprs( //dir=expr + int id: @self_apply_expr ref, + int base: @expr_or_none ref +); + +string_to_pointer_exprs( //dir=expr + unique int id: @string_to_pointer_expr +); + +subscript_exprs( //dir=expr + unique int id: @subscript_expr +); + +#keyset[id, index] +subscript_expr_arguments( //dir=expr + int id: @subscript_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +#keyset[id] +subscript_expr_has_direct_to_storage_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_ordinary_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_distributed_thunk_semantics( //dir=expr + int id: @subscript_expr ref +); + +try_exprs( //dir=expr + unique int id: @try_expr +); + +underlying_to_opaque_exprs( //dir=expr + unique int id: @underlying_to_opaque_expr +); + +unevaluated_instance_exprs( //dir=expr + unique int id: @unevaluated_instance_expr +); + +unresolved_member_chain_result_exprs( //dir=expr + unique int id: @unresolved_member_chain_result_expr +); + +unresolved_type_conversion_exprs( //dir=expr + unique int id: @unresolved_type_conversion_expr +); + +boolean_literal_exprs( //dir=expr + unique int id: @boolean_literal_expr, + boolean value: boolean ref +); + +conditional_checked_cast_exprs( //dir=expr + unique int id: @conditional_checked_cast_expr +); + +dot_syntax_call_exprs( //dir=expr + unique int id: @dot_syntax_call_expr +); + +dynamic_member_ref_exprs( //dir=expr + unique int id: @dynamic_member_ref_expr +); + +dynamic_subscript_exprs( //dir=expr + unique int id: @dynamic_subscript_expr +); + +forced_checked_cast_exprs( //dir=expr + unique int id: @forced_checked_cast_expr +); + +initializer_ref_call_exprs( //dir=expr + unique int id: @initializer_ref_call_expr +); + +is_exprs( //dir=expr + unique int id: @is_expr +); + +magic_identifier_literal_exprs( //dir=expr + unique int id: @magic_identifier_literal_expr, + string kind: string ref +); + +@number_literal_expr = + @float_literal_expr +| @integer_literal_expr +; + +string_literal_exprs( //dir=expr + unique int id: @string_literal_expr, + string value: string ref +); + +float_literal_exprs( //dir=expr + unique int id: @float_literal_expr, + string string_value: string ref +); + +integer_literal_exprs( //dir=expr + unique int id: @integer_literal_expr, + string string_value: string ref +); + +@pattern = + @any_pattern +| @binding_pattern +| @bool_pattern +| @enum_element_pattern +| @expr_pattern +| @is_pattern +| @named_pattern +| @optional_some_pattern +| @paren_pattern +| @tuple_pattern +| @typed_pattern +; + +any_patterns( //dir=pattern + unique int id: @any_pattern +); + +binding_patterns( //dir=pattern + unique int id: @binding_pattern, + int sub_pattern: @pattern_or_none ref +); + +bool_patterns( //dir=pattern + unique int id: @bool_pattern, + boolean value: boolean ref +); + +enum_element_patterns( //dir=pattern + unique int id: @enum_element_pattern, + int element: @enum_element_decl_or_none ref +); + +#keyset[id] +enum_element_pattern_sub_patterns( //dir=pattern + int id: @enum_element_pattern ref, + int sub_pattern: @pattern_or_none ref +); + +expr_patterns( //dir=pattern + unique int id: @expr_pattern, + int sub_expr: @expr_or_none ref +); + +is_patterns( //dir=pattern + unique int id: @is_pattern +); + +#keyset[id] +is_pattern_cast_type_reprs( //dir=pattern + int id: @is_pattern ref, + int cast_type_repr: @type_repr_or_none ref +); + +#keyset[id] +is_pattern_sub_patterns( //dir=pattern + int id: @is_pattern ref, + int sub_pattern: @pattern_or_none ref +); + +named_patterns( //dir=pattern + unique int id: @named_pattern, + string name: string ref +); + +optional_some_patterns( //dir=pattern + unique int id: @optional_some_pattern, + int sub_pattern: @pattern_or_none ref +); + +paren_patterns( //dir=pattern + unique int id: @paren_pattern, + int sub_pattern: @pattern_or_none ref +); + +tuple_patterns( //dir=pattern + unique int id: @tuple_pattern +); + +#keyset[id, index] +tuple_pattern_elements( //dir=pattern + int id: @tuple_pattern ref, + int index: int ref, + int element: @pattern_or_none ref +); + +typed_patterns( //dir=pattern + unique int id: @typed_pattern, + int sub_pattern: @pattern_or_none ref +); + +#keyset[id] +typed_pattern_type_reprs( //dir=pattern + int id: @typed_pattern ref, + int type_repr: @type_repr_or_none ref +); + +case_label_items( //dir=stmt + unique int id: @case_label_item, + int pattern: @pattern_or_none ref +); + +#keyset[id] +case_label_item_guards( //dir=stmt + int id: @case_label_item ref, + int guard: @expr_or_none ref +); + +condition_elements( //dir=stmt + unique int id: @condition_element +); + +#keyset[id] +condition_element_booleans( //dir=stmt + int id: @condition_element ref, + int boolean_: @expr_or_none ref +); + +#keyset[id] +condition_element_patterns( //dir=stmt + int id: @condition_element ref, + int pattern: @pattern_or_none ref +); + +#keyset[id] +condition_element_initializers( //dir=stmt + int id: @condition_element ref, + int initializer: @expr_or_none ref +); + +#keyset[id] +condition_element_availabilities( //dir=stmt + int id: @condition_element ref, + int availability: @availability_info_or_none ref +); + +@stmt = + @brace_stmt +| @break_stmt +| @case_stmt +| @continue_stmt +| @defer_stmt +| @fail_stmt +| @fallthrough_stmt +| @labeled_stmt +| @pound_assert_stmt +| @return_stmt +| @throw_stmt +| @yield_stmt +; + +stmt_conditions( //dir=stmt + unique int id: @stmt_condition +); + +#keyset[id, index] +stmt_condition_elements( //dir=stmt + int id: @stmt_condition ref, + int index: int ref, + int element: @condition_element_or_none ref +); + +brace_stmts( //dir=stmt + unique int id: @brace_stmt +); + +#keyset[id, index] +brace_stmt_elements( //dir=stmt + int id: @brace_stmt ref, + int index: int ref, + int element: @ast_node_or_none ref +); + +break_stmts( //dir=stmt + unique int id: @break_stmt +); + +#keyset[id] +break_stmt_target_names( //dir=stmt + int id: @break_stmt ref, + string target_name: string ref +); + +#keyset[id] +break_stmt_targets( //dir=stmt + int id: @break_stmt ref, + int target: @stmt_or_none ref +); + +case_stmts( //dir=stmt + unique int id: @case_stmt, + int body: @stmt_or_none ref +); + +#keyset[id, index] +case_stmt_labels( //dir=stmt + int id: @case_stmt ref, + int index: int ref, + int label: @case_label_item_or_none ref +); + +#keyset[id, index] +case_stmt_variables( //dir=stmt + int id: @case_stmt ref, + int index: int ref, + int variable: @var_decl_or_none ref +); + +continue_stmts( //dir=stmt + unique int id: @continue_stmt +); + +#keyset[id] +continue_stmt_target_names( //dir=stmt + int id: @continue_stmt ref, + string target_name: string ref +); + +#keyset[id] +continue_stmt_targets( //dir=stmt + int id: @continue_stmt ref, + int target: @stmt_or_none ref +); + +defer_stmts( //dir=stmt + unique int id: @defer_stmt, + int body: @brace_stmt_or_none ref +); + +fail_stmts( //dir=stmt + unique int id: @fail_stmt +); + +fallthrough_stmts( //dir=stmt + unique int id: @fallthrough_stmt, + int fallthrough_source: @case_stmt_or_none ref, + int fallthrough_dest: @case_stmt_or_none ref +); + +@labeled_stmt = + @do_catch_stmt +| @do_stmt +| @for_each_stmt +| @labeled_conditional_stmt +| @repeat_while_stmt +| @switch_stmt +; + +#keyset[id] +labeled_stmt_labels( //dir=stmt + int id: @labeled_stmt ref, + string label: string ref +); + +pound_assert_stmts( //dir=stmt + unique int id: @pound_assert_stmt, + int condition: @expr_or_none ref, + string message: string ref +); + +return_stmts( //dir=stmt + unique int id: @return_stmt +); + +#keyset[id] +return_stmt_results( //dir=stmt + int id: @return_stmt ref, + int result: @expr_or_none ref +); + +throw_stmts( //dir=stmt + unique int id: @throw_stmt, + int sub_expr: @expr_or_none ref +); + +yield_stmts( //dir=stmt + unique int id: @yield_stmt +); + +#keyset[id, index] +yield_stmt_results( //dir=stmt + int id: @yield_stmt ref, + int index: int ref, + int result: @expr_or_none ref +); + +do_catch_stmts( //dir=stmt + unique int id: @do_catch_stmt, + int body: @stmt_or_none ref +); + +#keyset[id, index] +do_catch_stmt_catches( //dir=stmt + int id: @do_catch_stmt ref, + int index: int ref, + int catch: @case_stmt_or_none ref +); + +do_stmts( //dir=stmt + unique int id: @do_stmt, + int body: @brace_stmt_or_none ref +); + +for_each_stmts( //dir=stmt + unique int id: @for_each_stmt, + int pattern: @pattern_or_none ref, + int sequence: @expr_or_none ref, + int body: @brace_stmt_or_none ref +); + +#keyset[id] +for_each_stmt_wheres( //dir=stmt + int id: @for_each_stmt ref, + int where: @expr_or_none ref +); + +@labeled_conditional_stmt = + @guard_stmt +| @if_stmt +| @while_stmt +; + +#keyset[id] +labeled_conditional_stmts( //dir=stmt + int id: @labeled_conditional_stmt ref, + int condition: @stmt_condition_or_none ref +); + +repeat_while_stmts( //dir=stmt + unique int id: @repeat_while_stmt, + int condition: @expr_or_none ref, + int body: @stmt_or_none ref +); + +switch_stmts( //dir=stmt + unique int id: @switch_stmt, + int expr: @expr_or_none ref +); + +#keyset[id, index] +switch_stmt_cases( //dir=stmt + int id: @switch_stmt ref, + int index: int ref, + int case_: @case_stmt_or_none ref +); + +guard_stmts( //dir=stmt + unique int id: @guard_stmt, + int body: @brace_stmt_or_none ref +); + +if_stmts( //dir=stmt + unique int id: @if_stmt, + int then: @stmt_or_none ref +); + +#keyset[id] +if_stmt_elses( //dir=stmt + int id: @if_stmt ref, + int else: @stmt_or_none ref +); + +while_stmts( //dir=stmt + unique int id: @while_stmt, + int body: @stmt_or_none ref +); + +@type = + @any_function_type +| @any_generic_type +| @any_metatype_type +| @builtin_type +| @dependent_member_type +| @dynamic_self_type +| @error_type +| @existential_type +| @in_out_type +| @l_value_type +| @module_type +| @parameterized_protocol_type +| @protocol_composition_type +| @reference_storage_type +| @substitutable_type +| @sugar_type +| @tuple_type +| @unresolved_type +; + +#keyset[id] +types( //dir=type + int id: @type ref, + string name: string ref, + int canonical_type: @type_or_none ref +); + +type_reprs( //dir=type + unique int id: @type_repr, + int type_: @type_or_none ref +); + +@any_function_type = + @function_type +| @generic_function_type +; + +#keyset[id] +any_function_types( //dir=type + int id: @any_function_type ref, + int result: @type_or_none ref +); + +#keyset[id, index] +any_function_type_param_types( //dir=type + int id: @any_function_type ref, + int index: int ref, + int param_type: @type_or_none ref +); + +#keyset[id] +any_function_type_is_throwing( //dir=type + int id: @any_function_type ref +); + +#keyset[id] +any_function_type_is_async( //dir=type + int id: @any_function_type ref +); + +@any_generic_type = + @nominal_or_bound_generic_nominal_type +| @unbound_generic_type +; + +#keyset[id] +any_generic_types( //dir=type + int id: @any_generic_type ref, + int declaration: @generic_type_decl_or_none ref +); + +#keyset[id] +any_generic_type_parents( //dir=type + int id: @any_generic_type ref, + int parent: @type_or_none ref +); + +@any_metatype_type = + @existential_metatype_type +| @metatype_type +; + +@builtin_type = + @any_builtin_integer_type +| @builtin_bridge_object_type +| @builtin_default_actor_storage_type +| @builtin_executor_type +| @builtin_float_type +| @builtin_job_type +| @builtin_native_object_type +| @builtin_raw_pointer_type +| @builtin_raw_unsafe_continuation_type +| @builtin_unsafe_value_buffer_type +| @builtin_vector_type +; + +dependent_member_types( //dir=type + unique int id: @dependent_member_type, + int base_type: @type_or_none ref, + int associated_type_decl: @associated_type_decl_or_none ref +); + +dynamic_self_types( //dir=type + unique int id: @dynamic_self_type, + int static_self_type: @type_or_none ref +); + +error_types( //dir=type + unique int id: @error_type +); + +existential_types( //dir=type + unique int id: @existential_type, + int constraint: @type_or_none ref +); + +in_out_types( //dir=type + unique int id: @in_out_type, + int object_type: @type_or_none ref +); + +l_value_types( //dir=type + unique int id: @l_value_type, + int object_type: @type_or_none ref +); + +module_types( //dir=type + unique int id: @module_type, + int module: @module_decl_or_none ref +); + +parameterized_protocol_types( //dir=type + unique int id: @parameterized_protocol_type, + int base: @protocol_type_or_none ref +); + +#keyset[id, index] +parameterized_protocol_type_args( //dir=type + int id: @parameterized_protocol_type ref, + int index: int ref, + int arg: @type_or_none ref +); + +protocol_composition_types( //dir=type + unique int id: @protocol_composition_type +); + +#keyset[id, index] +protocol_composition_type_members( //dir=type + int id: @protocol_composition_type ref, + int index: int ref, + int member: @type_or_none ref +); + +@reference_storage_type = + @unmanaged_storage_type +| @unowned_storage_type +| @weak_storage_type +; + +#keyset[id] +reference_storage_types( //dir=type + int id: @reference_storage_type ref, + int referent_type: @type_or_none ref +); + +@substitutable_type = + @archetype_type +| @generic_type_param_type +; + +@sugar_type = + @paren_type +| @syntax_sugar_type +| @type_alias_type +; + +tuple_types( //dir=type + unique int id: @tuple_type +); + +#keyset[id, index] +tuple_type_types( //dir=type + int id: @tuple_type ref, + int index: int ref, + int type_: @type_or_none ref +); + +#keyset[id, index] +tuple_type_names( //dir=type + int id: @tuple_type ref, + int index: int ref, + string name: string ref +); + +unresolved_types( //dir=type + unique int id: @unresolved_type +); + +@any_builtin_integer_type = + @builtin_integer_literal_type +| @builtin_integer_type +; + +@archetype_type = + @opaque_type_archetype_type +| @opened_archetype_type +| @primary_archetype_type +; + +#keyset[id] +archetype_types( //dir=type + int id: @archetype_type ref, + int interface_type: @type_or_none ref +); + +#keyset[id] +archetype_type_superclasses( //dir=type + int id: @archetype_type ref, + int superclass: @type_or_none ref +); + +#keyset[id, index] +archetype_type_protocols( //dir=type + int id: @archetype_type ref, + int index: int ref, + int protocol: @protocol_decl_or_none ref +); + +builtin_bridge_object_types( //dir=type + unique int id: @builtin_bridge_object_type +); + +builtin_default_actor_storage_types( //dir=type + unique int id: @builtin_default_actor_storage_type +); + +builtin_executor_types( //dir=type + unique int id: @builtin_executor_type +); + +builtin_float_types( //dir=type + unique int id: @builtin_float_type +); + +builtin_job_types( //dir=type + unique int id: @builtin_job_type +); + +builtin_native_object_types( //dir=type + unique int id: @builtin_native_object_type +); + +builtin_raw_pointer_types( //dir=type + unique int id: @builtin_raw_pointer_type +); + +builtin_raw_unsafe_continuation_types( //dir=type + unique int id: @builtin_raw_unsafe_continuation_type +); + +builtin_unsafe_value_buffer_types( //dir=type + unique int id: @builtin_unsafe_value_buffer_type +); + +builtin_vector_types( //dir=type + unique int id: @builtin_vector_type +); + +existential_metatype_types( //dir=type + unique int id: @existential_metatype_type +); + +function_types( //dir=type + unique int id: @function_type +); + +generic_function_types( //dir=type + unique int id: @generic_function_type +); + +#keyset[id, index] +generic_function_type_generic_params( //dir=type + int id: @generic_function_type ref, + int index: int ref, + int generic_param: @generic_type_param_type_or_none ref +); + +generic_type_param_types( //dir=type + unique int id: @generic_type_param_type +); + +metatype_types( //dir=type + unique int id: @metatype_type +); + +@nominal_or_bound_generic_nominal_type = + @bound_generic_type +| @nominal_type +; + +paren_types( //dir=type + unique int id: @paren_type, + int type_: @type_or_none ref +); + +@syntax_sugar_type = + @dictionary_type +| @unary_syntax_sugar_type +; + +type_alias_types( //dir=type + unique int id: @type_alias_type, + int decl: @type_alias_decl_or_none ref +); + +unbound_generic_types( //dir=type + unique int id: @unbound_generic_type +); + +unmanaged_storage_types( //dir=type + unique int id: @unmanaged_storage_type +); + +unowned_storage_types( //dir=type + unique int id: @unowned_storage_type +); + +weak_storage_types( //dir=type + unique int id: @weak_storage_type +); + +@bound_generic_type = + @bound_generic_class_type +| @bound_generic_enum_type +| @bound_generic_struct_type +; + +#keyset[id, index] +bound_generic_type_arg_types( //dir=type + int id: @bound_generic_type ref, + int index: int ref, + int arg_type: @type_or_none ref +); + +builtin_integer_literal_types( //dir=type + unique int id: @builtin_integer_literal_type +); + +builtin_integer_types( //dir=type + unique int id: @builtin_integer_type +); + +#keyset[id] +builtin_integer_type_widths( //dir=type + int id: @builtin_integer_type ref, + int width: int ref +); + +dictionary_types( //dir=type + unique int id: @dictionary_type, + int key_type: @type_or_none ref, + int value_type: @type_or_none ref +); + +@nominal_type = + @class_type +| @enum_type +| @protocol_type +| @struct_type +; + +opaque_type_archetype_types( //dir=type + unique int id: @opaque_type_archetype_type, + int declaration: @opaque_type_decl_or_none ref +); + +opened_archetype_types( //dir=type + unique int id: @opened_archetype_type +); + +primary_archetype_types( //dir=type + unique int id: @primary_archetype_type +); + +@unary_syntax_sugar_type = + @array_slice_type +| @optional_type +| @variadic_sequence_type +; + +#keyset[id] +unary_syntax_sugar_types( //dir=type + int id: @unary_syntax_sugar_type ref, + int base_type: @type_or_none ref +); + +array_slice_types( //dir=type + unique int id: @array_slice_type +); + +bound_generic_class_types( //dir=type + unique int id: @bound_generic_class_type +); + +bound_generic_enum_types( //dir=type + unique int id: @bound_generic_enum_type +); + +bound_generic_struct_types( //dir=type + unique int id: @bound_generic_struct_type +); + +class_types( //dir=type + unique int id: @class_type +); + +enum_types( //dir=type + unique int id: @enum_type +); + +optional_types( //dir=type + unique int id: @optional_type +); + +protocol_types( //dir=type + unique int id: @protocol_type +); + +struct_types( //dir=type + unique int id: @struct_type +); + +variadic_sequence_types( //dir=type + unique int id: @variadic_sequence_type +); + +@accessor_or_none = + @accessor +| @unspecified_element +; + +@argument_or_none = + @argument +| @unspecified_element +; + +@associated_type_decl_or_none = + @associated_type_decl +| @unspecified_element +; + +@ast_node_or_none = + @ast_node +| @unspecified_element +; + +@availability_info_or_none = + @availability_info +| @unspecified_element +; + +@availability_spec_or_none = + @availability_spec +| @unspecified_element +; + +@brace_stmt_or_none = + @brace_stmt +| @unspecified_element +; + +@captured_decl_or_none = + @captured_decl +| @unspecified_element +; + +@case_label_item_or_none = + @case_label_item +| @unspecified_element +; + +@case_stmt_or_none = + @case_stmt +| @unspecified_element +; + +@condition_element_or_none = + @condition_element +| @unspecified_element +; + +@decl_or_none = + @decl +| @unspecified_element +; + +@enum_element_decl_or_none = + @enum_element_decl +| @unspecified_element +; + +@explicit_closure_expr_or_none = + @explicit_closure_expr +| @unspecified_element +; + +@expr_or_none = + @expr +| @unspecified_element +; + +@file_or_none = + @file +| @unspecified_element +; + +@function_or_none = + @function +| @unspecified_element +; + +@generic_type_decl_or_none = + @generic_type_decl +| @unspecified_element +; + +@generic_type_param_decl_or_none = + @generic_type_param_decl +| @unspecified_element +; + +@generic_type_param_type_or_none = + @generic_type_param_type +| @unspecified_element +; + +@initializer_or_none = + @initializer +| @unspecified_element +; + +@key_path_component_or_none = + @key_path_component +| @unspecified_element +; + +@location_or_none = + @location +| @unspecified_element +; + +@module_decl_or_none = + @module_decl +| @unspecified_element +; + +@nominal_type_decl_or_none = + @nominal_type_decl +| @unspecified_element +; + +@opaque_type_decl_or_none = + @opaque_type_decl +| @unspecified_element +; + +@opaque_value_expr_or_none = + @opaque_value_expr +| @unspecified_element +; + +@param_decl_or_none = + @param_decl +| @unspecified_element +; + +@pattern_or_none = + @pattern +| @unspecified_element +; + +@pattern_binding_decl_or_none = + @pattern_binding_decl +| @unspecified_element +; + +@precedence_group_decl_or_none = + @precedence_group_decl +| @unspecified_element +; + +@protocol_decl_or_none = + @protocol_decl +| @unspecified_element +; + +@protocol_type_or_none = + @protocol_type +| @unspecified_element +; + +@stmt_or_none = + @stmt +| @unspecified_element +; + +@stmt_condition_or_none = + @stmt_condition +| @unspecified_element +; + +@string_literal_expr_or_none = + @string_literal_expr +| @unspecified_element +; + +@tap_expr_or_none = + @tap_expr +| @unspecified_element +; + +@type_or_none = + @type +| @unspecified_element +; + +@type_alias_decl_or_none = + @type_alias_decl +| @unspecified_element +; + +@type_repr_or_none = + @type_repr +| @unspecified_element +; + +@value_decl_or_none = + @unspecified_element +| @value_decl +; + +@var_decl_or_none = + @unspecified_element +| @var_decl +; diff --git a/swift/ql/lib/upgrades/ba4171b90d0665b40e9e203bac9e3d4a0b2d03ec/swift.dbscheme b/swift/ql/lib/upgrades/ba4171b90d0665b40e9e203bac9e3d4a0b2d03ec/swift.dbscheme new file mode 100644 index 00000000000..44e36e15e90 --- /dev/null +++ b/swift/ql/lib/upgrades/ba4171b90d0665b40e9e203bac9e3d4a0b2d03ec/swift.dbscheme @@ -0,0 +1,2618 @@ +// generated by codegen/codegen.py + +// from prefix.dbscheme +/** + * The source location of the snapshot. + */ +sourceLocationPrefix( + string prefix: string ref +); + + +// from schema.py + +@element = + @callable +| @file +| @generic_context +| @locatable +| @location +| @type +; + +#keyset[id] +element_is_unknown( + int id: @element ref +); + +@callable = + @closure_expr +| @function +; + +#keyset[id] +callable_names( + int id: @callable ref, + string name: string ref +); + +#keyset[id] +callable_self_params( + int id: @callable ref, + int self_param: @param_decl_or_none ref +); + +#keyset[id, index] +callable_params( + int id: @callable ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +#keyset[id] +callable_bodies( + int id: @callable ref, + int body: @brace_stmt_or_none ref +); + +#keyset[id, index] +callable_captures( + int id: @callable ref, + int index: int ref, + int capture: @captured_decl_or_none ref +); + +@file = + @db_file +; + +#keyset[id] +files( + int id: @file ref, + string name: string ref +); + +#keyset[id] +file_is_successfully_extracted( + int id: @file ref +); + +@locatable = + @argument +| @ast_node +| @comment +| @diagnostics +| @error_element +; + +#keyset[id] +locatable_locations( + int id: @locatable ref, + int location: @location_or_none ref +); + +@location = + @db_location +; + +#keyset[id] +locations( + int id: @location ref, + int file: @file_or_none ref, + int start_line: int ref, + int start_column: int ref, + int end_line: int ref, + int end_column: int ref +); + +@ast_node = + @availability_info +| @availability_spec +| @case_label_item +| @condition_element +| @decl +| @expr +| @key_path_component +| @pattern +| @stmt +| @stmt_condition +| @type_repr +; + +comments( + unique int id: @comment, + string text: string ref +); + +db_files( + unique int id: @db_file +); + +db_locations( + unique int id: @db_location +); + +diagnostics( + unique int id: @diagnostics, + string text: string ref, + int kind: int ref +); + +@error_element = + @error_expr +| @error_type +| @overloaded_decl_ref_expr +| @unresolved_decl_ref_expr +| @unresolved_dot_expr +| @unresolved_member_chain_result_expr +| @unresolved_member_expr +| @unresolved_pattern_expr +| @unresolved_specialize_expr +| @unresolved_type +| @unresolved_type_conversion_expr +| @unspecified_element +; + +availability_infos( + unique int id: @availability_info +); + +#keyset[id] +availability_info_is_unavailable( + int id: @availability_info ref +); + +#keyset[id, index] +availability_info_specs( + int id: @availability_info ref, + int index: int ref, + int spec: @availability_spec_or_none ref +); + +@availability_spec = + @other_availability_spec +| @platform_version_availability_spec +; + +key_path_components( + unique int id: @key_path_component, + int kind: int ref, + int component_type: @type_or_none ref +); + +#keyset[id, index] +key_path_component_subscript_arguments( + int id: @key_path_component ref, + int index: int ref, + int subscript_argument: @argument_or_none ref +); + +#keyset[id] +key_path_component_tuple_indices( + int id: @key_path_component ref, + int tuple_index: int ref +); + +#keyset[id] +key_path_component_decl_refs( + int id: @key_path_component ref, + int decl_ref: @value_decl_or_none ref +); + +unspecified_elements( + unique int id: @unspecified_element, + string property: string ref, + string error: string ref +); + +#keyset[id] +unspecified_element_parents( + int id: @unspecified_element ref, + int parent: @element ref +); + +#keyset[id] +unspecified_element_indices( + int id: @unspecified_element ref, + int index: int ref +); + +other_availability_specs( + unique int id: @other_availability_spec +); + +platform_version_availability_specs( + unique int id: @platform_version_availability_spec, + string platform: string ref, + string version: string ref +); + +@decl = + @captured_decl +| @enum_case_decl +| @extension_decl +| @if_config_decl +| @import_decl +| @missing_member_decl +| @operator_decl +| @pattern_binding_decl +| @pound_diagnostic_decl +| @precedence_group_decl +| @top_level_code_decl +| @value_decl +; + +#keyset[id] +decls( //dir=decl + int id: @decl ref, + int module: @module_decl_or_none ref +); + +#keyset[id, index] +decl_members( //dir=decl + int id: @decl ref, + int index: int ref, + int member: @decl_or_none ref +); + +@generic_context = + @extension_decl +| @function +| @generic_type_decl +| @subscript_decl +; + +#keyset[id, index] +generic_context_generic_type_params( //dir=decl + int id: @generic_context ref, + int index: int ref, + int generic_type_param: @generic_type_param_decl_or_none ref +); + +captured_decls( //dir=decl + unique int id: @captured_decl, + int decl: @value_decl_or_none ref +); + +#keyset[id] +captured_decl_is_direct( //dir=decl + int id: @captured_decl ref +); + +#keyset[id] +captured_decl_is_escaping( //dir=decl + int id: @captured_decl ref +); + +enum_case_decls( //dir=decl + unique int id: @enum_case_decl +); + +#keyset[id, index] +enum_case_decl_elements( //dir=decl + int id: @enum_case_decl ref, + int index: int ref, + int element: @enum_element_decl_or_none ref +); + +extension_decls( //dir=decl + unique int id: @extension_decl, + int extended_type_decl: @nominal_type_decl_or_none ref +); + +#keyset[id, index] +extension_decl_protocols( //dir=decl + int id: @extension_decl ref, + int index: int ref, + int protocol: @protocol_decl_or_none ref +); + +if_config_decls( //dir=decl + unique int id: @if_config_decl +); + +#keyset[id, index] +if_config_decl_active_elements( //dir=decl + int id: @if_config_decl ref, + int index: int ref, + int active_element: @ast_node_or_none ref +); + +import_decls( //dir=decl + unique int id: @import_decl +); + +#keyset[id] +import_decl_is_exported( //dir=decl + int id: @import_decl ref +); + +#keyset[id] +import_decl_imported_modules( //dir=decl + int id: @import_decl ref, + int imported_module: @module_decl_or_none ref +); + +#keyset[id, index] +import_decl_declarations( //dir=decl + int id: @import_decl ref, + int index: int ref, + int declaration: @value_decl_or_none ref +); + +missing_member_decls( //dir=decl + unique int id: @missing_member_decl, + string name: string ref +); + +@operator_decl = + @infix_operator_decl +| @postfix_operator_decl +| @prefix_operator_decl +; + +#keyset[id] +operator_decls( //dir=decl + int id: @operator_decl ref, + string name: string ref +); + +pattern_binding_decls( //dir=decl + unique int id: @pattern_binding_decl +); + +#keyset[id, index] +pattern_binding_decl_inits( //dir=decl + int id: @pattern_binding_decl ref, + int index: int ref, + int init: @expr_or_none ref +); + +#keyset[id, index] +pattern_binding_decl_patterns( //dir=decl + int id: @pattern_binding_decl ref, + int index: int ref, + int pattern: @pattern_or_none ref +); + +pound_diagnostic_decls( //dir=decl + unique int id: @pound_diagnostic_decl, + int kind: int ref, + int message: @string_literal_expr_or_none ref +); + +precedence_group_decls( //dir=decl + unique int id: @precedence_group_decl +); + +top_level_code_decls( //dir=decl + unique int id: @top_level_code_decl, + int body: @brace_stmt_or_none ref +); + +@value_decl = + @abstract_storage_decl +| @enum_element_decl +| @function +| @type_decl +; + +#keyset[id] +value_decls( //dir=decl + int id: @value_decl ref, + int interface_type: @type_or_none ref +); + +@abstract_storage_decl = + @subscript_decl +| @var_decl +; + +#keyset[id, index] +abstract_storage_decl_accessors( //dir=decl + int id: @abstract_storage_decl ref, + int index: int ref, + int accessor: @accessor_or_none ref +); + +enum_element_decls( //dir=decl + unique int id: @enum_element_decl, + string name: string ref +); + +#keyset[id, index] +enum_element_decl_params( //dir=decl + int id: @enum_element_decl ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +@function = + @accessor_or_named_function +| @deinitializer +| @initializer +; + +infix_operator_decls( //dir=decl + unique int id: @infix_operator_decl +); + +#keyset[id] +infix_operator_decl_precedence_groups( //dir=decl + int id: @infix_operator_decl ref, + int precedence_group: @precedence_group_decl_or_none ref +); + +postfix_operator_decls( //dir=decl + unique int id: @postfix_operator_decl +); + +prefix_operator_decls( //dir=decl + unique int id: @prefix_operator_decl +); + +@type_decl = + @abstract_type_param_decl +| @generic_type_decl +| @module_decl +; + +#keyset[id] +type_decls( //dir=decl + int id: @type_decl ref, + string name: string ref +); + +#keyset[id, index] +type_decl_base_types( //dir=decl + int id: @type_decl ref, + int index: int ref, + int base_type: @type_or_none ref +); + +@abstract_type_param_decl = + @associated_type_decl +| @generic_type_param_decl +; + +@accessor_or_named_function = + @accessor +| @named_function +; + +deinitializers( //dir=decl + unique int id: @deinitializer +); + +@generic_type_decl = + @nominal_type_decl +| @opaque_type_decl +| @type_alias_decl +; + +initializers( //dir=decl + unique int id: @initializer +); + +module_decls( //dir=decl + unique int id: @module_decl +); + +#keyset[id] +module_decl_is_builtin_module( //dir=decl + int id: @module_decl ref +); + +#keyset[id] +module_decl_is_system_module( //dir=decl + int id: @module_decl ref +); + +module_decl_imported_modules( //dir=decl + int id: @module_decl ref, + int imported_module: @module_decl_or_none ref +); + +module_decl_exported_modules( //dir=decl + int id: @module_decl ref, + int exported_module: @module_decl_or_none ref +); + +subscript_decls( //dir=decl + unique int id: @subscript_decl, + int element_type: @type_or_none ref +); + +#keyset[id, index] +subscript_decl_params( //dir=decl + int id: @subscript_decl ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +@var_decl = + @concrete_var_decl +| @param_decl +; + +#keyset[id] +var_decls( //dir=decl + int id: @var_decl ref, + string name: string ref, + int type_: @type_or_none ref +); + +#keyset[id] +var_decl_attached_property_wrapper_types( //dir=decl + int id: @var_decl ref, + int attached_property_wrapper_type: @type_or_none ref +); + +#keyset[id] +var_decl_parent_patterns( //dir=decl + int id: @var_decl ref, + int parent_pattern: @pattern_or_none ref +); + +#keyset[id] +var_decl_parent_initializers( //dir=decl + int id: @var_decl ref, + int parent_initializer: @expr_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_backing_var_bindings( //dir=decl + int id: @var_decl ref, + int property_wrapper_backing_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_backing_vars( //dir=decl + int id: @var_decl ref, + int property_wrapper_backing_var: @var_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_projection_var_bindings( //dir=decl + int id: @var_decl ref, + int property_wrapper_projection_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_projection_vars( //dir=decl + int id: @var_decl ref, + int property_wrapper_projection_var: @var_decl_or_none ref +); + +accessors( //dir=decl + unique int id: @accessor +); + +#keyset[id] +accessor_is_getter( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_setter( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_will_set( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_did_set( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_read( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_modify( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_unsafe_address( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_unsafe_mutable_address( //dir=decl + int id: @accessor ref +); + +associated_type_decls( //dir=decl + unique int id: @associated_type_decl +); + +concrete_var_decls( //dir=decl + unique int id: @concrete_var_decl, + int introducer_int: int ref +); + +generic_type_param_decls( //dir=decl + unique int id: @generic_type_param_decl +); + +named_functions( //dir=decl + unique int id: @named_function +); + +@nominal_type_decl = + @class_decl +| @enum_decl +| @protocol_decl +| @struct_decl +; + +#keyset[id] +nominal_type_decls( //dir=decl + int id: @nominal_type_decl ref, + int type_: @type_or_none ref +); + +opaque_type_decls( //dir=decl + unique int id: @opaque_type_decl, + int naming_declaration: @value_decl_or_none ref +); + +#keyset[id, index] +opaque_type_decl_opaque_generic_params( //dir=decl + int id: @opaque_type_decl ref, + int index: int ref, + int opaque_generic_param: @generic_type_param_type_or_none ref +); + +param_decls( //dir=decl + unique int id: @param_decl +); + +#keyset[id] +param_decl_is_inout( //dir=decl + int id: @param_decl ref +); + +#keyset[id] +param_decl_property_wrapper_local_wrapped_var_bindings( //dir=decl + int id: @param_decl ref, + int property_wrapper_local_wrapped_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +param_decl_property_wrapper_local_wrapped_vars( //dir=decl + int id: @param_decl ref, + int property_wrapper_local_wrapped_var: @var_decl_or_none ref +); + +type_alias_decls( //dir=decl + unique int id: @type_alias_decl, + int aliased_type: @type_or_none ref +); + +class_decls( //dir=decl + unique int id: @class_decl +); + +enum_decls( //dir=decl + unique int id: @enum_decl +); + +protocol_decls( //dir=decl + unique int id: @protocol_decl +); + +struct_decls( //dir=decl + unique int id: @struct_decl +); + +arguments( //dir=expr + unique int id: @argument, + string label: string ref, + int expr: @expr_or_none ref +); + +@expr = + @any_try_expr +| @applied_property_wrapper_expr +| @apply_expr +| @assign_expr +| @bind_optional_expr +| @capture_list_expr +| @closure_expr +| @collection_expr +| @decl_ref_expr +| @default_argument_expr +| @discard_assignment_expr +| @dot_syntax_base_ignored_expr +| @dynamic_type_expr +| @enum_is_case_expr +| @error_expr +| @explicit_cast_expr +| @force_value_expr +| @identity_expr +| @if_expr +| @implicit_conversion_expr +| @in_out_expr +| @key_path_application_expr +| @key_path_dot_expr +| @key_path_expr +| @lazy_initialization_expr +| @literal_expr +| @lookup_expr +| @make_temporarily_escapable_expr +| @obj_c_selector_expr +| @one_way_expr +| @opaque_value_expr +| @open_existential_expr +| @optional_evaluation_expr +| @other_initializer_ref_expr +| @overloaded_decl_ref_expr +| @property_wrapper_value_placeholder_expr +| @rebind_self_in_initializer_expr +| @sequence_expr +| @super_ref_expr +| @tap_expr +| @tuple_element_expr +| @tuple_expr +| @type_expr +| @unresolved_decl_ref_expr +| @unresolved_dot_expr +| @unresolved_member_expr +| @unresolved_pattern_expr +| @unresolved_specialize_expr +| @vararg_expansion_expr +; + +#keyset[id] +expr_types( //dir=expr + int id: @expr ref, + int type_: @type_or_none ref +); + +@any_try_expr = + @force_try_expr +| @optional_try_expr +| @try_expr +; + +#keyset[id] +any_try_exprs( //dir=expr + int id: @any_try_expr ref, + int sub_expr: @expr_or_none ref +); + +applied_property_wrapper_exprs( //dir=expr + unique int id: @applied_property_wrapper_expr, + int kind: int ref, + int value: @expr_or_none ref, + int param: @param_decl_or_none ref +); + +@apply_expr = + @binary_expr +| @call_expr +| @postfix_unary_expr +| @prefix_unary_expr +| @self_apply_expr +; + +#keyset[id] +apply_exprs( //dir=expr + int id: @apply_expr ref, + int function: @expr_or_none ref +); + +#keyset[id, index] +apply_expr_arguments( //dir=expr + int id: @apply_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +assign_exprs( //dir=expr + unique int id: @assign_expr, + int dest: @expr_or_none ref, + int source: @expr_or_none ref +); + +bind_optional_exprs( //dir=expr + unique int id: @bind_optional_expr, + int sub_expr: @expr_or_none ref +); + +capture_list_exprs( //dir=expr + unique int id: @capture_list_expr, + int closure_body: @explicit_closure_expr_or_none ref +); + +#keyset[id, index] +capture_list_expr_binding_decls( //dir=expr + int id: @capture_list_expr ref, + int index: int ref, + int binding_decl: @pattern_binding_decl_or_none ref +); + +@closure_expr = + @auto_closure_expr +| @explicit_closure_expr +; + +@collection_expr = + @array_expr +| @dictionary_expr +; + +decl_ref_exprs( //dir=expr + unique int id: @decl_ref_expr, + int decl: @decl_or_none ref +); + +#keyset[id, index] +decl_ref_expr_replacement_types( //dir=expr + int id: @decl_ref_expr ref, + int index: int ref, + int replacement_type: @type_or_none ref +); + +#keyset[id] +decl_ref_expr_has_direct_to_storage_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_ordinary_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_distributed_thunk_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +default_argument_exprs( //dir=expr + unique int id: @default_argument_expr, + int param_decl: @param_decl_or_none ref, + int param_index: int ref +); + +#keyset[id] +default_argument_expr_caller_side_defaults( //dir=expr + int id: @default_argument_expr ref, + int caller_side_default: @expr_or_none ref +); + +discard_assignment_exprs( //dir=expr + unique int id: @discard_assignment_expr +); + +dot_syntax_base_ignored_exprs( //dir=expr + unique int id: @dot_syntax_base_ignored_expr, + int qualifier: @expr_or_none ref, + int sub_expr: @expr_or_none ref +); + +dynamic_type_exprs( //dir=expr + unique int id: @dynamic_type_expr, + int base: @expr_or_none ref +); + +enum_is_case_exprs( //dir=expr + unique int id: @enum_is_case_expr, + int sub_expr: @expr_or_none ref, + int element: @enum_element_decl_or_none ref +); + +error_exprs( //dir=expr + unique int id: @error_expr +); + +@explicit_cast_expr = + @checked_cast_expr +| @coerce_expr +; + +#keyset[id] +explicit_cast_exprs( //dir=expr + int id: @explicit_cast_expr ref, + int sub_expr: @expr_or_none ref +); + +force_value_exprs( //dir=expr + unique int id: @force_value_expr, + int sub_expr: @expr_or_none ref +); + +@identity_expr = + @await_expr +| @dot_self_expr +| @paren_expr +| @unresolved_member_chain_result_expr +; + +#keyset[id] +identity_exprs( //dir=expr + int id: @identity_expr ref, + int sub_expr: @expr_or_none ref +); + +if_exprs( //dir=expr + unique int id: @if_expr, + int condition: @expr_or_none ref, + int then_expr: @expr_or_none ref, + int else_expr: @expr_or_none ref +); + +@implicit_conversion_expr = + @abi_safe_conversion_expr +| @any_hashable_erasure_expr +| @archetype_to_super_expr +| @array_to_pointer_expr +| @bridge_from_obj_c_expr +| @bridge_to_obj_c_expr +| @class_metatype_to_object_expr +| @collection_upcast_conversion_expr +| @conditional_bridge_from_obj_c_expr +| @covariant_function_conversion_expr +| @covariant_return_conversion_expr +| @derived_to_base_expr +| @destructure_tuple_expr +| @differentiable_function_expr +| @differentiable_function_extract_original_expr +| @erasure_expr +| @existential_metatype_to_object_expr +| @foreign_object_conversion_expr +| @function_conversion_expr +| @in_out_to_pointer_expr +| @inject_into_optional_expr +| @linear_function_expr +| @linear_function_extract_original_expr +| @linear_to_differentiable_function_expr +| @load_expr +| @metatype_conversion_expr +| @pointer_to_pointer_expr +| @protocol_metatype_to_object_expr +| @string_to_pointer_expr +| @underlying_to_opaque_expr +| @unevaluated_instance_expr +| @unresolved_type_conversion_expr +; + +#keyset[id] +implicit_conversion_exprs( //dir=expr + int id: @implicit_conversion_expr ref, + int sub_expr: @expr_or_none ref +); + +in_out_exprs( //dir=expr + unique int id: @in_out_expr, + int sub_expr: @expr_or_none ref +); + +key_path_application_exprs( //dir=expr + unique int id: @key_path_application_expr, + int base: @expr_or_none ref, + int key_path: @expr_or_none ref +); + +key_path_dot_exprs( //dir=expr + unique int id: @key_path_dot_expr +); + +key_path_exprs( //dir=expr + unique int id: @key_path_expr +); + +#keyset[id] +key_path_expr_roots( //dir=expr + int id: @key_path_expr ref, + int root: @type_repr_or_none ref +); + +#keyset[id, index] +key_path_expr_components( //dir=expr + int id: @key_path_expr ref, + int index: int ref, + int component: @key_path_component_or_none ref +); + +lazy_initialization_exprs( //dir=expr + unique int id: @lazy_initialization_expr, + int sub_expr: @expr_or_none ref +); + +@literal_expr = + @builtin_literal_expr +| @interpolated_string_literal_expr +| @nil_literal_expr +| @object_literal_expr +| @regex_literal_expr +; + +@lookup_expr = + @dynamic_lookup_expr +| @member_ref_expr +| @subscript_expr +; + +#keyset[id] +lookup_exprs( //dir=expr + int id: @lookup_expr ref, + int base: @expr_or_none ref +); + +#keyset[id] +lookup_expr_members( //dir=expr + int id: @lookup_expr ref, + int member: @decl_or_none ref +); + +make_temporarily_escapable_exprs( //dir=expr + unique int id: @make_temporarily_escapable_expr, + int escaping_closure: @opaque_value_expr_or_none ref, + int nonescaping_closure: @expr_or_none ref, + int sub_expr: @expr_or_none ref +); + +obj_c_selector_exprs( //dir=expr + unique int id: @obj_c_selector_expr, + int sub_expr: @expr_or_none ref, + int method: @function_or_none ref +); + +one_way_exprs( //dir=expr + unique int id: @one_way_expr, + int sub_expr: @expr_or_none ref +); + +opaque_value_exprs( //dir=expr + unique int id: @opaque_value_expr +); + +open_existential_exprs( //dir=expr + unique int id: @open_existential_expr, + int sub_expr: @expr_or_none ref, + int existential: @expr_or_none ref, + int opaque_expr: @opaque_value_expr_or_none ref +); + +optional_evaluation_exprs( //dir=expr + unique int id: @optional_evaluation_expr, + int sub_expr: @expr_or_none ref +); + +other_initializer_ref_exprs( //dir=expr + unique int id: @other_initializer_ref_expr, + int initializer: @initializer_or_none ref +); + +overloaded_decl_ref_exprs( //dir=expr + unique int id: @overloaded_decl_ref_expr +); + +#keyset[id, index] +overloaded_decl_ref_expr_possible_declarations( //dir=expr + int id: @overloaded_decl_ref_expr ref, + int index: int ref, + int possible_declaration: @value_decl_or_none ref +); + +property_wrapper_value_placeholder_exprs( //dir=expr + unique int id: @property_wrapper_value_placeholder_expr, + int placeholder: @opaque_value_expr_or_none ref +); + +#keyset[id] +property_wrapper_value_placeholder_expr_wrapped_values( //dir=expr + int id: @property_wrapper_value_placeholder_expr ref, + int wrapped_value: @expr_or_none ref +); + +rebind_self_in_initializer_exprs( //dir=expr + unique int id: @rebind_self_in_initializer_expr, + int sub_expr: @expr_or_none ref, + int self: @var_decl_or_none ref +); + +sequence_exprs( //dir=expr + unique int id: @sequence_expr +); + +#keyset[id, index] +sequence_expr_elements( //dir=expr + int id: @sequence_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +super_ref_exprs( //dir=expr + unique int id: @super_ref_expr, + int self: @var_decl_or_none ref +); + +tap_exprs( //dir=expr + unique int id: @tap_expr, + int body: @brace_stmt_or_none ref, + int var: @var_decl_or_none ref +); + +#keyset[id] +tap_expr_sub_exprs( //dir=expr + int id: @tap_expr ref, + int sub_expr: @expr_or_none ref +); + +tuple_element_exprs( //dir=expr + unique int id: @tuple_element_expr, + int sub_expr: @expr_or_none ref, + int index: int ref +); + +tuple_exprs( //dir=expr + unique int id: @tuple_expr +); + +#keyset[id, index] +tuple_expr_elements( //dir=expr + int id: @tuple_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +type_exprs( //dir=expr + unique int id: @type_expr +); + +#keyset[id] +type_expr_type_reprs( //dir=expr + int id: @type_expr ref, + int type_repr: @type_repr_or_none ref +); + +unresolved_decl_ref_exprs( //dir=expr + unique int id: @unresolved_decl_ref_expr +); + +#keyset[id] +unresolved_decl_ref_expr_names( //dir=expr + int id: @unresolved_decl_ref_expr ref, + string name: string ref +); + +unresolved_dot_exprs( //dir=expr + unique int id: @unresolved_dot_expr, + int base: @expr_or_none ref, + string name: string ref +); + +unresolved_member_exprs( //dir=expr + unique int id: @unresolved_member_expr, + string name: string ref +); + +unresolved_pattern_exprs( //dir=expr + unique int id: @unresolved_pattern_expr, + int sub_pattern: @pattern_or_none ref +); + +unresolved_specialize_exprs( //dir=expr + unique int id: @unresolved_specialize_expr, + int sub_expr: @expr_or_none ref +); + +vararg_expansion_exprs( //dir=expr + unique int id: @vararg_expansion_expr, + int sub_expr: @expr_or_none ref +); + +abi_safe_conversion_exprs( //dir=expr + unique int id: @abi_safe_conversion_expr +); + +any_hashable_erasure_exprs( //dir=expr + unique int id: @any_hashable_erasure_expr +); + +archetype_to_super_exprs( //dir=expr + unique int id: @archetype_to_super_expr +); + +array_exprs( //dir=expr + unique int id: @array_expr +); + +#keyset[id, index] +array_expr_elements( //dir=expr + int id: @array_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +array_to_pointer_exprs( //dir=expr + unique int id: @array_to_pointer_expr +); + +auto_closure_exprs( //dir=expr + unique int id: @auto_closure_expr +); + +await_exprs( //dir=expr + unique int id: @await_expr +); + +binary_exprs( //dir=expr + unique int id: @binary_expr +); + +bridge_from_obj_c_exprs( //dir=expr + unique int id: @bridge_from_obj_c_expr +); + +bridge_to_obj_c_exprs( //dir=expr + unique int id: @bridge_to_obj_c_expr +); + +@builtin_literal_expr = + @boolean_literal_expr +| @magic_identifier_literal_expr +| @number_literal_expr +| @string_literal_expr +; + +call_exprs( //dir=expr + unique int id: @call_expr +); + +@checked_cast_expr = + @conditional_checked_cast_expr +| @forced_checked_cast_expr +| @is_expr +; + +class_metatype_to_object_exprs( //dir=expr + unique int id: @class_metatype_to_object_expr +); + +coerce_exprs( //dir=expr + unique int id: @coerce_expr +); + +collection_upcast_conversion_exprs( //dir=expr + unique int id: @collection_upcast_conversion_expr +); + +conditional_bridge_from_obj_c_exprs( //dir=expr + unique int id: @conditional_bridge_from_obj_c_expr +); + +covariant_function_conversion_exprs( //dir=expr + unique int id: @covariant_function_conversion_expr +); + +covariant_return_conversion_exprs( //dir=expr + unique int id: @covariant_return_conversion_expr +); + +derived_to_base_exprs( //dir=expr + unique int id: @derived_to_base_expr +); + +destructure_tuple_exprs( //dir=expr + unique int id: @destructure_tuple_expr +); + +dictionary_exprs( //dir=expr + unique int id: @dictionary_expr +); + +#keyset[id, index] +dictionary_expr_elements( //dir=expr + int id: @dictionary_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +differentiable_function_exprs( //dir=expr + unique int id: @differentiable_function_expr +); + +differentiable_function_extract_original_exprs( //dir=expr + unique int id: @differentiable_function_extract_original_expr +); + +dot_self_exprs( //dir=expr + unique int id: @dot_self_expr +); + +@dynamic_lookup_expr = + @dynamic_member_ref_expr +| @dynamic_subscript_expr +; + +erasure_exprs( //dir=expr + unique int id: @erasure_expr +); + +existential_metatype_to_object_exprs( //dir=expr + unique int id: @existential_metatype_to_object_expr +); + +explicit_closure_exprs( //dir=expr + unique int id: @explicit_closure_expr +); + +force_try_exprs( //dir=expr + unique int id: @force_try_expr +); + +foreign_object_conversion_exprs( //dir=expr + unique int id: @foreign_object_conversion_expr +); + +function_conversion_exprs( //dir=expr + unique int id: @function_conversion_expr +); + +in_out_to_pointer_exprs( //dir=expr + unique int id: @in_out_to_pointer_expr +); + +inject_into_optional_exprs( //dir=expr + unique int id: @inject_into_optional_expr +); + +interpolated_string_literal_exprs( //dir=expr + unique int id: @interpolated_string_literal_expr +); + +#keyset[id] +interpolated_string_literal_expr_interpolation_exprs( //dir=expr + int id: @interpolated_string_literal_expr ref, + int interpolation_expr: @opaque_value_expr_or_none ref +); + +#keyset[id] +interpolated_string_literal_expr_appending_exprs( //dir=expr + int id: @interpolated_string_literal_expr ref, + int appending_expr: @tap_expr_or_none ref +); + +linear_function_exprs( //dir=expr + unique int id: @linear_function_expr +); + +linear_function_extract_original_exprs( //dir=expr + unique int id: @linear_function_extract_original_expr +); + +linear_to_differentiable_function_exprs( //dir=expr + unique int id: @linear_to_differentiable_function_expr +); + +load_exprs( //dir=expr + unique int id: @load_expr +); + +member_ref_exprs( //dir=expr + unique int id: @member_ref_expr +); + +#keyset[id] +member_ref_expr_has_direct_to_storage_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_ordinary_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_distributed_thunk_semantics( //dir=expr + int id: @member_ref_expr ref +); + +metatype_conversion_exprs( //dir=expr + unique int id: @metatype_conversion_expr +); + +nil_literal_exprs( //dir=expr + unique int id: @nil_literal_expr +); + +object_literal_exprs( //dir=expr + unique int id: @object_literal_expr, + int kind: int ref +); + +#keyset[id, index] +object_literal_expr_arguments( //dir=expr + int id: @object_literal_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +optional_try_exprs( //dir=expr + unique int id: @optional_try_expr +); + +paren_exprs( //dir=expr + unique int id: @paren_expr +); + +pointer_to_pointer_exprs( //dir=expr + unique int id: @pointer_to_pointer_expr +); + +postfix_unary_exprs( //dir=expr + unique int id: @postfix_unary_expr +); + +prefix_unary_exprs( //dir=expr + unique int id: @prefix_unary_expr +); + +protocol_metatype_to_object_exprs( //dir=expr + unique int id: @protocol_metatype_to_object_expr +); + +regex_literal_exprs( //dir=expr + unique int id: @regex_literal_expr, + string pattern: string ref, + int version: int ref +); + +@self_apply_expr = + @dot_syntax_call_expr +| @initializer_ref_call_expr +; + +#keyset[id] +self_apply_exprs( //dir=expr + int id: @self_apply_expr ref, + int base: @expr_or_none ref +); + +string_to_pointer_exprs( //dir=expr + unique int id: @string_to_pointer_expr +); + +subscript_exprs( //dir=expr + unique int id: @subscript_expr +); + +#keyset[id, index] +subscript_expr_arguments( //dir=expr + int id: @subscript_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +#keyset[id] +subscript_expr_has_direct_to_storage_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_ordinary_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_distributed_thunk_semantics( //dir=expr + int id: @subscript_expr ref +); + +try_exprs( //dir=expr + unique int id: @try_expr +); + +underlying_to_opaque_exprs( //dir=expr + unique int id: @underlying_to_opaque_expr +); + +unevaluated_instance_exprs( //dir=expr + unique int id: @unevaluated_instance_expr +); + +unresolved_member_chain_result_exprs( //dir=expr + unique int id: @unresolved_member_chain_result_expr +); + +unresolved_type_conversion_exprs( //dir=expr + unique int id: @unresolved_type_conversion_expr +); + +boolean_literal_exprs( //dir=expr + unique int id: @boolean_literal_expr, + boolean value: boolean ref +); + +conditional_checked_cast_exprs( //dir=expr + unique int id: @conditional_checked_cast_expr +); + +dot_syntax_call_exprs( //dir=expr + unique int id: @dot_syntax_call_expr +); + +dynamic_member_ref_exprs( //dir=expr + unique int id: @dynamic_member_ref_expr +); + +dynamic_subscript_exprs( //dir=expr + unique int id: @dynamic_subscript_expr +); + +forced_checked_cast_exprs( //dir=expr + unique int id: @forced_checked_cast_expr +); + +initializer_ref_call_exprs( //dir=expr + unique int id: @initializer_ref_call_expr +); + +is_exprs( //dir=expr + unique int id: @is_expr +); + +magic_identifier_literal_exprs( //dir=expr + unique int id: @magic_identifier_literal_expr, + string kind: string ref +); + +@number_literal_expr = + @float_literal_expr +| @integer_literal_expr +; + +string_literal_exprs( //dir=expr + unique int id: @string_literal_expr, + string value: string ref +); + +float_literal_exprs( //dir=expr + unique int id: @float_literal_expr, + string string_value: string ref +); + +integer_literal_exprs( //dir=expr + unique int id: @integer_literal_expr, + string string_value: string ref +); + +@pattern = + @any_pattern +| @binding_pattern +| @bool_pattern +| @enum_element_pattern +| @expr_pattern +| @is_pattern +| @named_pattern +| @optional_some_pattern +| @paren_pattern +| @tuple_pattern +| @typed_pattern +; + +any_patterns( //dir=pattern + unique int id: @any_pattern +); + +binding_patterns( //dir=pattern + unique int id: @binding_pattern, + int sub_pattern: @pattern_or_none ref +); + +bool_patterns( //dir=pattern + unique int id: @bool_pattern, + boolean value: boolean ref +); + +enum_element_patterns( //dir=pattern + unique int id: @enum_element_pattern, + int element: @enum_element_decl_or_none ref +); + +#keyset[id] +enum_element_pattern_sub_patterns( //dir=pattern + int id: @enum_element_pattern ref, + int sub_pattern: @pattern_or_none ref +); + +expr_patterns( //dir=pattern + unique int id: @expr_pattern, + int sub_expr: @expr_or_none ref +); + +is_patterns( //dir=pattern + unique int id: @is_pattern +); + +#keyset[id] +is_pattern_cast_type_reprs( //dir=pattern + int id: @is_pattern ref, + int cast_type_repr: @type_repr_or_none ref +); + +#keyset[id] +is_pattern_sub_patterns( //dir=pattern + int id: @is_pattern ref, + int sub_pattern: @pattern_or_none ref +); + +named_patterns( //dir=pattern + unique int id: @named_pattern, + string name: string ref +); + +optional_some_patterns( //dir=pattern + unique int id: @optional_some_pattern, + int sub_pattern: @pattern_or_none ref +); + +paren_patterns( //dir=pattern + unique int id: @paren_pattern, + int sub_pattern: @pattern_or_none ref +); + +tuple_patterns( //dir=pattern + unique int id: @tuple_pattern +); + +#keyset[id, index] +tuple_pattern_elements( //dir=pattern + int id: @tuple_pattern ref, + int index: int ref, + int element: @pattern_or_none ref +); + +typed_patterns( //dir=pattern + unique int id: @typed_pattern, + int sub_pattern: @pattern_or_none ref +); + +#keyset[id] +typed_pattern_type_reprs( //dir=pattern + int id: @typed_pattern ref, + int type_repr: @type_repr_or_none ref +); + +case_label_items( //dir=stmt + unique int id: @case_label_item, + int pattern: @pattern_or_none ref +); + +#keyset[id] +case_label_item_guards( //dir=stmt + int id: @case_label_item ref, + int guard: @expr_or_none ref +); + +condition_elements( //dir=stmt + unique int id: @condition_element +); + +#keyset[id] +condition_element_booleans( //dir=stmt + int id: @condition_element ref, + int boolean_: @expr_or_none ref +); + +#keyset[id] +condition_element_patterns( //dir=stmt + int id: @condition_element ref, + int pattern: @pattern_or_none ref +); + +#keyset[id] +condition_element_initializers( //dir=stmt + int id: @condition_element ref, + int initializer: @expr_or_none ref +); + +#keyset[id] +condition_element_availabilities( //dir=stmt + int id: @condition_element ref, + int availability: @availability_info_or_none ref +); + +@stmt = + @brace_stmt +| @break_stmt +| @case_stmt +| @continue_stmt +| @defer_stmt +| @fail_stmt +| @fallthrough_stmt +| @labeled_stmt +| @pound_assert_stmt +| @return_stmt +| @throw_stmt +| @yield_stmt +; + +stmt_conditions( //dir=stmt + unique int id: @stmt_condition +); + +#keyset[id, index] +stmt_condition_elements( //dir=stmt + int id: @stmt_condition ref, + int index: int ref, + int element: @condition_element_or_none ref +); + +brace_stmts( //dir=stmt + unique int id: @brace_stmt +); + +#keyset[id, index] +brace_stmt_elements( //dir=stmt + int id: @brace_stmt ref, + int index: int ref, + int element: @ast_node_or_none ref +); + +break_stmts( //dir=stmt + unique int id: @break_stmt +); + +#keyset[id] +break_stmt_target_names( //dir=stmt + int id: @break_stmt ref, + string target_name: string ref +); + +#keyset[id] +break_stmt_targets( //dir=stmt + int id: @break_stmt ref, + int target: @stmt_or_none ref +); + +case_stmts( //dir=stmt + unique int id: @case_stmt, + int body: @stmt_or_none ref +); + +#keyset[id, index] +case_stmt_labels( //dir=stmt + int id: @case_stmt ref, + int index: int ref, + int label: @case_label_item_or_none ref +); + +#keyset[id, index] +case_stmt_variables( //dir=stmt + int id: @case_stmt ref, + int index: int ref, + int variable: @var_decl_or_none ref +); + +continue_stmts( //dir=stmt + unique int id: @continue_stmt +); + +#keyset[id] +continue_stmt_target_names( //dir=stmt + int id: @continue_stmt ref, + string target_name: string ref +); + +#keyset[id] +continue_stmt_targets( //dir=stmt + int id: @continue_stmt ref, + int target: @stmt_or_none ref +); + +defer_stmts( //dir=stmt + unique int id: @defer_stmt, + int body: @brace_stmt_or_none ref +); + +fail_stmts( //dir=stmt + unique int id: @fail_stmt +); + +fallthrough_stmts( //dir=stmt + unique int id: @fallthrough_stmt, + int fallthrough_source: @case_stmt_or_none ref, + int fallthrough_dest: @case_stmt_or_none ref +); + +@labeled_stmt = + @do_catch_stmt +| @do_stmt +| @for_each_stmt +| @labeled_conditional_stmt +| @repeat_while_stmt +| @switch_stmt +; + +#keyset[id] +labeled_stmt_labels( //dir=stmt + int id: @labeled_stmt ref, + string label: string ref +); + +pound_assert_stmts( //dir=stmt + unique int id: @pound_assert_stmt, + int condition: @expr_or_none ref, + string message: string ref +); + +return_stmts( //dir=stmt + unique int id: @return_stmt +); + +#keyset[id] +return_stmt_results( //dir=stmt + int id: @return_stmt ref, + int result: @expr_or_none ref +); + +throw_stmts( //dir=stmt + unique int id: @throw_stmt, + int sub_expr: @expr_or_none ref +); + +yield_stmts( //dir=stmt + unique int id: @yield_stmt +); + +#keyset[id, index] +yield_stmt_results( //dir=stmt + int id: @yield_stmt ref, + int index: int ref, + int result: @expr_or_none ref +); + +do_catch_stmts( //dir=stmt + unique int id: @do_catch_stmt, + int body: @stmt_or_none ref +); + +#keyset[id, index] +do_catch_stmt_catches( //dir=stmt + int id: @do_catch_stmt ref, + int index: int ref, + int catch: @case_stmt_or_none ref +); + +do_stmts( //dir=stmt + unique int id: @do_stmt, + int body: @brace_stmt_or_none ref +); + +for_each_stmts( //dir=stmt + unique int id: @for_each_stmt, + int pattern: @pattern_or_none ref, + int sequence: @expr_or_none ref, + int body: @brace_stmt_or_none ref +); + +#keyset[id] +for_each_stmt_wheres( //dir=stmt + int id: @for_each_stmt ref, + int where: @expr_or_none ref +); + +@labeled_conditional_stmt = + @guard_stmt +| @if_stmt +| @while_stmt +; + +#keyset[id] +labeled_conditional_stmts( //dir=stmt + int id: @labeled_conditional_stmt ref, + int condition: @stmt_condition_or_none ref +); + +repeat_while_stmts( //dir=stmt + unique int id: @repeat_while_stmt, + int condition: @expr_or_none ref, + int body: @stmt_or_none ref +); + +switch_stmts( //dir=stmt + unique int id: @switch_stmt, + int expr: @expr_or_none ref +); + +#keyset[id, index] +switch_stmt_cases( //dir=stmt + int id: @switch_stmt ref, + int index: int ref, + int case_: @case_stmt_or_none ref +); + +guard_stmts( //dir=stmt + unique int id: @guard_stmt, + int body: @brace_stmt_or_none ref +); + +if_stmts( //dir=stmt + unique int id: @if_stmt, + int then: @stmt_or_none ref +); + +#keyset[id] +if_stmt_elses( //dir=stmt + int id: @if_stmt ref, + int else: @stmt_or_none ref +); + +while_stmts( //dir=stmt + unique int id: @while_stmt, + int body: @stmt_or_none ref +); + +@type = + @any_function_type +| @any_generic_type +| @any_metatype_type +| @builtin_type +| @dependent_member_type +| @dynamic_self_type +| @error_type +| @existential_type +| @in_out_type +| @l_value_type +| @module_type +| @parameterized_protocol_type +| @protocol_composition_type +| @reference_storage_type +| @substitutable_type +| @sugar_type +| @tuple_type +| @unresolved_type +; + +#keyset[id] +types( //dir=type + int id: @type ref, + string name: string ref, + int canonical_type: @type_or_none ref +); + +type_reprs( //dir=type + unique int id: @type_repr, + int type_: @type_or_none ref +); + +@any_function_type = + @function_type +| @generic_function_type +; + +#keyset[id] +any_function_types( //dir=type + int id: @any_function_type ref, + int result: @type_or_none ref +); + +#keyset[id, index] +any_function_type_param_types( //dir=type + int id: @any_function_type ref, + int index: int ref, + int param_type: @type_or_none ref +); + +#keyset[id] +any_function_type_is_throwing( //dir=type + int id: @any_function_type ref +); + +#keyset[id] +any_function_type_is_async( //dir=type + int id: @any_function_type ref +); + +@any_generic_type = + @nominal_or_bound_generic_nominal_type +| @unbound_generic_type +; + +#keyset[id] +any_generic_types( //dir=type + int id: @any_generic_type ref, + int declaration: @generic_type_decl_or_none ref +); + +#keyset[id] +any_generic_type_parents( //dir=type + int id: @any_generic_type ref, + int parent: @type_or_none ref +); + +@any_metatype_type = + @existential_metatype_type +| @metatype_type +; + +@builtin_type = + @any_builtin_integer_type +| @builtin_bridge_object_type +| @builtin_default_actor_storage_type +| @builtin_executor_type +| @builtin_float_type +| @builtin_job_type +| @builtin_native_object_type +| @builtin_raw_pointer_type +| @builtin_raw_unsafe_continuation_type +| @builtin_unsafe_value_buffer_type +| @builtin_vector_type +; + +dependent_member_types( //dir=type + unique int id: @dependent_member_type, + int base_type: @type_or_none ref, + int associated_type_decl: @associated_type_decl_or_none ref +); + +dynamic_self_types( //dir=type + unique int id: @dynamic_self_type, + int static_self_type: @type_or_none ref +); + +error_types( //dir=type + unique int id: @error_type +); + +existential_types( //dir=type + unique int id: @existential_type, + int constraint: @type_or_none ref +); + +in_out_types( //dir=type + unique int id: @in_out_type, + int object_type: @type_or_none ref +); + +l_value_types( //dir=type + unique int id: @l_value_type, + int object_type: @type_or_none ref +); + +module_types( //dir=type + unique int id: @module_type, + int module: @module_decl_or_none ref +); + +parameterized_protocol_types( //dir=type + unique int id: @parameterized_protocol_type, + int base: @protocol_type_or_none ref +); + +#keyset[id, index] +parameterized_protocol_type_args( //dir=type + int id: @parameterized_protocol_type ref, + int index: int ref, + int arg: @type_or_none ref +); + +protocol_composition_types( //dir=type + unique int id: @protocol_composition_type +); + +#keyset[id, index] +protocol_composition_type_members( //dir=type + int id: @protocol_composition_type ref, + int index: int ref, + int member: @type_or_none ref +); + +@reference_storage_type = + @unmanaged_storage_type +| @unowned_storage_type +| @weak_storage_type +; + +#keyset[id] +reference_storage_types( //dir=type + int id: @reference_storage_type ref, + int referent_type: @type_or_none ref +); + +@substitutable_type = + @archetype_type +| @generic_type_param_type +; + +@sugar_type = + @paren_type +| @syntax_sugar_type +| @type_alias_type +; + +tuple_types( //dir=type + unique int id: @tuple_type +); + +#keyset[id, index] +tuple_type_types( //dir=type + int id: @tuple_type ref, + int index: int ref, + int type_: @type_or_none ref +); + +#keyset[id, index] +tuple_type_names( //dir=type + int id: @tuple_type ref, + int index: int ref, + string name: string ref +); + +unresolved_types( //dir=type + unique int id: @unresolved_type +); + +@any_builtin_integer_type = + @builtin_integer_literal_type +| @builtin_integer_type +; + +@archetype_type = + @opaque_type_archetype_type +| @opened_archetype_type +| @primary_archetype_type +; + +#keyset[id] +archetype_types( //dir=type + int id: @archetype_type ref, + int interface_type: @type_or_none ref +); + +#keyset[id] +archetype_type_superclasses( //dir=type + int id: @archetype_type ref, + int superclass: @type_or_none ref +); + +#keyset[id, index] +archetype_type_protocols( //dir=type + int id: @archetype_type ref, + int index: int ref, + int protocol: @protocol_decl_or_none ref +); + +builtin_bridge_object_types( //dir=type + unique int id: @builtin_bridge_object_type +); + +builtin_default_actor_storage_types( //dir=type + unique int id: @builtin_default_actor_storage_type +); + +builtin_executor_types( //dir=type + unique int id: @builtin_executor_type +); + +builtin_float_types( //dir=type + unique int id: @builtin_float_type +); + +builtin_job_types( //dir=type + unique int id: @builtin_job_type +); + +builtin_native_object_types( //dir=type + unique int id: @builtin_native_object_type +); + +builtin_raw_pointer_types( //dir=type + unique int id: @builtin_raw_pointer_type +); + +builtin_raw_unsafe_continuation_types( //dir=type + unique int id: @builtin_raw_unsafe_continuation_type +); + +builtin_unsafe_value_buffer_types( //dir=type + unique int id: @builtin_unsafe_value_buffer_type +); + +builtin_vector_types( //dir=type + unique int id: @builtin_vector_type +); + +existential_metatype_types( //dir=type + unique int id: @existential_metatype_type +); + +function_types( //dir=type + unique int id: @function_type +); + +generic_function_types( //dir=type + unique int id: @generic_function_type +); + +#keyset[id, index] +generic_function_type_generic_params( //dir=type + int id: @generic_function_type ref, + int index: int ref, + int generic_param: @generic_type_param_type_or_none ref +); + +generic_type_param_types( //dir=type + unique int id: @generic_type_param_type +); + +metatype_types( //dir=type + unique int id: @metatype_type +); + +@nominal_or_bound_generic_nominal_type = + @bound_generic_type +| @nominal_type +; + +paren_types( //dir=type + unique int id: @paren_type, + int type_: @type_or_none ref +); + +@syntax_sugar_type = + @dictionary_type +| @unary_syntax_sugar_type +; + +type_alias_types( //dir=type + unique int id: @type_alias_type, + int decl: @type_alias_decl_or_none ref +); + +unbound_generic_types( //dir=type + unique int id: @unbound_generic_type +); + +unmanaged_storage_types( //dir=type + unique int id: @unmanaged_storage_type +); + +unowned_storage_types( //dir=type + unique int id: @unowned_storage_type +); + +weak_storage_types( //dir=type + unique int id: @weak_storage_type +); + +@bound_generic_type = + @bound_generic_class_type +| @bound_generic_enum_type +| @bound_generic_struct_type +; + +#keyset[id, index] +bound_generic_type_arg_types( //dir=type + int id: @bound_generic_type ref, + int index: int ref, + int arg_type: @type_or_none ref +); + +builtin_integer_literal_types( //dir=type + unique int id: @builtin_integer_literal_type +); + +builtin_integer_types( //dir=type + unique int id: @builtin_integer_type +); + +#keyset[id] +builtin_integer_type_widths( //dir=type + int id: @builtin_integer_type ref, + int width: int ref +); + +dictionary_types( //dir=type + unique int id: @dictionary_type, + int key_type: @type_or_none ref, + int value_type: @type_or_none ref +); + +@nominal_type = + @class_type +| @enum_type +| @protocol_type +| @struct_type +; + +opaque_type_archetype_types( //dir=type + unique int id: @opaque_type_archetype_type, + int declaration: @opaque_type_decl_or_none ref +); + +opened_archetype_types( //dir=type + unique int id: @opened_archetype_type +); + +primary_archetype_types( //dir=type + unique int id: @primary_archetype_type +); + +@unary_syntax_sugar_type = + @array_slice_type +| @optional_type +| @variadic_sequence_type +; + +#keyset[id] +unary_syntax_sugar_types( //dir=type + int id: @unary_syntax_sugar_type ref, + int base_type: @type_or_none ref +); + +array_slice_types( //dir=type + unique int id: @array_slice_type +); + +bound_generic_class_types( //dir=type + unique int id: @bound_generic_class_type +); + +bound_generic_enum_types( //dir=type + unique int id: @bound_generic_enum_type +); + +bound_generic_struct_types( //dir=type + unique int id: @bound_generic_struct_type +); + +class_types( //dir=type + unique int id: @class_type +); + +enum_types( //dir=type + unique int id: @enum_type +); + +optional_types( //dir=type + unique int id: @optional_type +); + +protocol_types( //dir=type + unique int id: @protocol_type +); + +struct_types( //dir=type + unique int id: @struct_type +); + +variadic_sequence_types( //dir=type + unique int id: @variadic_sequence_type +); + +@accessor_or_none = + @accessor +| @unspecified_element +; + +@argument_or_none = + @argument +| @unspecified_element +; + +@associated_type_decl_or_none = + @associated_type_decl +| @unspecified_element +; + +@ast_node_or_none = + @ast_node +| @unspecified_element +; + +@availability_info_or_none = + @availability_info +| @unspecified_element +; + +@availability_spec_or_none = + @availability_spec +| @unspecified_element +; + +@brace_stmt_or_none = + @brace_stmt +| @unspecified_element +; + +@captured_decl_or_none = + @captured_decl +| @unspecified_element +; + +@case_label_item_or_none = + @case_label_item +| @unspecified_element +; + +@case_stmt_or_none = + @case_stmt +| @unspecified_element +; + +@condition_element_or_none = + @condition_element +| @unspecified_element +; + +@decl_or_none = + @decl +| @unspecified_element +; + +@enum_element_decl_or_none = + @enum_element_decl +| @unspecified_element +; + +@explicit_closure_expr_or_none = + @explicit_closure_expr +| @unspecified_element +; + +@expr_or_none = + @expr +| @unspecified_element +; + +@file_or_none = + @file +| @unspecified_element +; + +@function_or_none = + @function +| @unspecified_element +; + +@generic_type_decl_or_none = + @generic_type_decl +| @unspecified_element +; + +@generic_type_param_decl_or_none = + @generic_type_param_decl +| @unspecified_element +; + +@generic_type_param_type_or_none = + @generic_type_param_type +| @unspecified_element +; + +@initializer_or_none = + @initializer +| @unspecified_element +; + +@key_path_component_or_none = + @key_path_component +| @unspecified_element +; + +@location_or_none = + @location +| @unspecified_element +; + +@module_decl_or_none = + @module_decl +| @unspecified_element +; + +@nominal_type_decl_or_none = + @nominal_type_decl +| @unspecified_element +; + +@opaque_type_decl_or_none = + @opaque_type_decl +| @unspecified_element +; + +@opaque_value_expr_or_none = + @opaque_value_expr +| @unspecified_element +; + +@param_decl_or_none = + @param_decl +| @unspecified_element +; + +@pattern_or_none = + @pattern +| @unspecified_element +; + +@pattern_binding_decl_or_none = + @pattern_binding_decl +| @unspecified_element +; + +@precedence_group_decl_or_none = + @precedence_group_decl +| @unspecified_element +; + +@protocol_decl_or_none = + @protocol_decl +| @unspecified_element +; + +@protocol_type_or_none = + @protocol_type +| @unspecified_element +; + +@stmt_or_none = + @stmt +| @unspecified_element +; + +@stmt_condition_or_none = + @stmt_condition +| @unspecified_element +; + +@string_literal_expr_or_none = + @string_literal_expr +| @unspecified_element +; + +@tap_expr_or_none = + @tap_expr +| @unspecified_element +; + +@type_or_none = + @type +| @unspecified_element +; + +@type_alias_decl_or_none = + @type_alias_decl +| @unspecified_element +; + +@type_repr_or_none = + @type_repr +| @unspecified_element +; + +@value_decl_or_none = + @unspecified_element +| @value_decl +; + +@var_decl_or_none = + @unspecified_element +| @var_decl +; diff --git a/swift/ql/lib/upgrades/ba4171b90d0665b40e9e203bac9e3d4a0b2d03ec/upgrade.properties b/swift/ql/lib/upgrades/ba4171b90d0665b40e9e203bac9e3d4a0b2d03ec/upgrade.properties new file mode 100644 index 00000000000..fa6dbe30ef6 --- /dev/null +++ b/swift/ql/lib/upgrades/ba4171b90d0665b40e9e203bac9e3d4a0b2d03ec/upgrade.properties @@ -0,0 +1,5 @@ +description: Remove `getInterpolationCountExpr` and `getLiteralCapacityExpr` from `InterpolatedStringLiteralExpr` +compatibility: full +interpolated_string_literal_expr_interpolation_count_exprs.rel: delete +interpolated_string_literal_expr_literal_capacity_exprs.rel: delete +integer_literal_exprs.rel: run integer_literal_exprs.ql diff --git a/swift/ql/test/library-tests/ast/PrintAst.expected b/swift/ql/test/library-tests/ast/PrintAst.expected index b4665b644e8..f1fbb4f1544 100644 --- a/swift/ql/test/library-tests/ast/PrintAst.expected +++ b/swift/ql/test/library-tests/ast/PrintAst.expected @@ -206,8 +206,6 @@ cfg.swift: # 40| getExpr(): [VarargExpansionExpr] [...] # 40| getSubExpr(): [ArrayExpr] [...] # 40| getElement(0): [InterpolatedStringLiteralExpr] "..." -#-----| getInterpolationCountExpr(): [IntegerLiteralExpr] 1 -#-----| getLiteralCapacityExpr(): [IntegerLiteralExpr] 14 # 40| getAppendingExpr(): [TapExpr] TapExpr # 40| getSubExpr(): [OpaqueValueExpr] OpaqueValueExpr # 40| getBody(): [BraceStmt] { ... } @@ -1422,8 +1420,6 @@ cfg.swift: # 262| getBody(): [BraceStmt] { ... } # 263| getElement(0): [ReturnStmt] return ... # 263| getResult(): [InterpolatedStringLiteralExpr] "..." -#-----| getInterpolationCountExpr(): [IntegerLiteralExpr] 4 -#-----| getLiteralCapacityExpr(): [IntegerLiteralExpr] 37 # 263| getAppendingExpr(): [TapExpr] TapExpr # 263| getSubExpr(): [OpaqueValueExpr] OpaqueValueExpr # 263| getBody(): [BraceStmt] { ... } @@ -4293,8 +4289,6 @@ expressions.swift: # 7| getBody(): [BraceStmt] { ... } # 7| getElement(0): [PatternBindingDecl] var ... = ... # 7| getInit(0): [InterpolatedStringLiteralExpr] "..." -#-----| getInterpolationCountExpr(): [IntegerLiteralExpr] 1 -#-----| getLiteralCapacityExpr(): [IntegerLiteralExpr] 6 # 7| getAppendingExpr(): [TapExpr] TapExpr # 7| getSubExpr(): [OpaqueValueExpr] OpaqueValueExpr # 7| getBody(): [BraceStmt] { ... } diff --git a/swift/schema.py b/swift/schema.py index 8fc0941e171..c17cae57452 100644 --- a/swift/schema.py +++ b/swift/schema.py @@ -679,8 +679,6 @@ class InjectIntoOptionalExpr(ImplicitConversionExpr): class InterpolatedStringLiteralExpr(LiteralExpr): interpolation_expr: optional[OpaqueValueExpr] - interpolation_count_expr: optional[Expr] | child - literal_capacity_expr: optional[Expr] | child appending_expr: optional[TapExpr] | child class LinearFunctionExpr(ImplicitConversionExpr): From 604affdeb06c13611b470803479381078562ae4b Mon Sep 17 00:00:00 2001 From: Robert Marsh Date: Mon, 22 May 2023 09:31:39 -0400 Subject: [PATCH 536/870] C++: autoformat --- .../Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql index da227e65f92..f7bbbbb75d9 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql @@ -92,9 +92,7 @@ module PointerArithmeticToDerefConfig implements DataFlow::ConfigSig { pointerArithOverflow(source.asInstruction(), _, _, _, _) } - predicate isSink(DataFlow::Node sink) { - isInvalidPointerDerefSink1(sink, _, _) - } + predicate isSink(DataFlow::Node sink) { isInvalidPointerDerefSink1(sink, _, _) } } module PointerArithmeticToDerefFlow = DataFlow::Global; From f31ab3a7e76d8f5f47aa15dc4c3f80b1de14f556 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 22 May 2023 16:00:12 +0200 Subject: [PATCH 537/870] C++: Add change note --- cpp/ql/lib/change-notes/2023-05-22-inline-in-std-namespace.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 cpp/ql/lib/change-notes/2023-05-22-inline-in-std-namespace.md diff --git a/cpp/ql/lib/change-notes/2023-05-22-inline-in-std-namespace.md b/cpp/ql/lib/change-notes/2023-05-22-inline-in-std-namespace.md new file mode 100644 index 00000000000..8b562bd8357 --- /dev/null +++ b/cpp/ql/lib/change-notes/2023-05-22-inline-in-std-namespace.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The `StdNamespace` class now also includes all inline namespaces that are children of `std` namespace. From 4ed7450689b1f9d355d2041fdf243438bea59849 Mon Sep 17 00:00:00 2001 From: Robert Marsh Date: Mon, 22 May 2023 11:09:44 -0400 Subject: [PATCH 538/870] C++: remove unneeded pragma --- .../Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql | 1 - 1 file changed, 1 deletion(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql index f7bbbbb75d9..fb664a0c364 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql @@ -111,7 +111,6 @@ module FieldAddressToDerefConfig implements DataFlow::StateConfigSig { ) } - pragma[inline] predicate isSink(DataFlow::Node sink, FlowState state) { exists(DataFlow::Node pai | state = TOverflowArithmetic(pai.asInstruction()) and From 6a997aba3b8ae73ed602ae4985d93aebf2ffb5b9 Mon Sep 17 00:00:00 2001 From: Robert Marsh Date: Mon, 22 May 2023 11:11:51 -0400 Subject: [PATCH 539/870] C++: fix equality refinement in new range analysis --- .../semantic/analysis/RangeAnalysisStage.qll | 2 +- .../CWE/CWE-193/constant-size/test.cpp | 33 +++++++++++++++++++ 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisStage.qll b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisStage.qll index de93b7bdff3..40183df5bfa 100644 --- a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisStage.qll +++ b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisStage.qll @@ -729,7 +729,7 @@ module RangeStage< ) { exists(SemExpr e, D::Delta d1, D::Delta d2 | unequalFlowStepIntegralSsa(v, pos, e, d1, reason) and - boundedUpper(e, b, d1) and + boundedUpper(e, b, d2) and boundedLower(e, b, d2) and delta = D::fromFloat(D::toFloat(d1) + D::toFloat(d2)) ) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/test.cpp index df4cd7b4491..2a30caec94d 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/test.cpp @@ -78,3 +78,36 @@ void testInterproc(BigArray *arr) { addToPointerAndAssign(arr->buf); } + +void testEqRefinement() { + int arr[MAX_SIZE]; + + for(int i = 0; i <= MAX_SIZE; i++) { + if(i != MAX_SIZE) { + arr[i] = 0; + } + } +} + +void testEqRefinement2() { + int arr[MAX_SIZE]; + + int n = 0; + + for(int i = 0; i <= MAX_SIZE; i++) { + if(n == 0) { + if(i == MAX_SIZE) { + break; + } + n = arr[i]; + continue; + } + + if (i == MAX_SIZE || n != arr[i]) { + if (i == MAX_SIZE) { + break; + } + n = arr[i]; + } + } +} From 3bcaff605914083b4f1f8cc550a41c025b3b61e1 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 22 May 2023 16:37:03 +0100 Subject: [PATCH 540/870] Swift: re-run codegen. --- swift/ql/.generated.list | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/swift/ql/.generated.list b/swift/ql/.generated.list index a28e6ba533b..e8993c8570d 100644 --- a/swift/ql/.generated.list +++ b/swift/ql/.generated.list @@ -24,7 +24,6 @@ lib/codeql/swift/elements/decl/ConcreteVarDecl.qll 94bcbdd91f461295c5b6b49fa597b lib/codeql/swift/elements/decl/ConcreteVarDeclConstructor.qll 4b6a9f458db5437f9351b14464b3809a78194029554ea818b3e18272c17afba3 a60d695b0d0ffa917ad01908bec2beaa663e644eddb00fb370fbc906623775d4 lib/codeql/swift/elements/decl/DeinitializerConstructor.qll 85f29a68ee5c0f2606c51e7a859f5f45fbc5f373e11b5e9c0762c9ba5cff51c4 6b28f69b8125d0393607dbad8e7a8aaa6469b9c671f67e8e825cc63964ed2f5d lib/codeql/swift/elements/decl/EnumCaseDeclConstructor.qll 8c907544170671f713a8665d294eeefdbe78a607c2f16e2c630ea9c33f484baf eec83efc930683628185dbdad8f73311aad510074d168a53d85ea09d13f1f7e1 -lib/codeql/swift/elements/decl/EnumDecl.qll 29f9d8cbfb19c174af9a666162fd918af7f962fa5d97756105e78d5eec38cb9e 779940ebdbd510eb651972c57eb84b04af39c44ef59a8c307a44549ab730febb lib/codeql/swift/elements/decl/EnumDeclConstructor.qll 642bbfb71e917d84695622f3b2c7b36bf5be4e185358609810267ab1fc4e221b f6e06d79e7ff65fbabf72c553508b67406fb59c577215d28cc47971d34b6af05 lib/codeql/swift/elements/decl/EnumElementDeclConstructor.qll 736074246a795c14a30a8ec7bb8da595a729983187887294e485487309919dc6 4614fb380fad7af1b5fb8afce920f3e7350378254ece60d19722046046672fbb lib/codeql/swift/elements/decl/ExtensionDeclConstructor.qll 4f811e3332720327d2b9019edbb2fa70fb24322e72881afc040e7927452409d6 554f9832311dfc30762507e0bd4b25c5b6fdb9d0c4e8252cc5a1ef1033fafacb @@ -384,7 +383,7 @@ lib/codeql/swift/generated/OtherAvailabilitySpec.qll 0e26a203b26ff0581b7396b0c6d lib/codeql/swift/generated/ParentChild.qll f490202e849b9cbd550ee9d758644b85d43e60d81413e6c28df2850fb1e9a2d6 6b95aeab6b53a880b230ad0c96b6deb519a7368898c844632ae96090de59df99 lib/codeql/swift/generated/PlatformVersionAvailabilitySpec.qll f82d9ca416fe8bd59b5531b65b1c74c9f317b3297a6101544a11339a1cffce38 7f5c6d3309e66c134107afe55bae76dfc9a72cb7cdd6d4c3706b6b34cee09fa0 lib/codeql/swift/generated/PureSynthConstructors.qll 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 -lib/codeql/swift/generated/Raw.qll 8d4880e5ee1fdd120adeb7bf0dfa1399e7b1a53b2cc7598aed8e15cbf996d1c0 da0d446347d29f5cd05281c17c24e87610f31c32adb7e05ab8f3a26bed55bd90 +lib/codeql/swift/generated/Raw.qll cc504ec0771dbb461367944a5c95186047bad59a087a9bda74ef346c7b89b0d3 0b5973d56edd8099b645ea1f7be2a4934e62d5fa165261c63299ac2cf634437d lib/codeql/swift/generated/Synth.qll 551fdf7e4b53f9ee1314d1bb42c2638cf82f45bfa1f40a635dfa7b6072e4418c 9ab178464700a19951fc5285acacda4913addee81515d8e072b3d7055935a814 lib/codeql/swift/generated/SynthConstructors.qll 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 lib/codeql/swift/generated/UnknownFile.qll 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 @@ -398,7 +397,7 @@ lib/codeql/swift/generated/decl/AssociatedTypeDecl.qll 4169d083104f9c089223ed3c5 lib/codeql/swift/generated/decl/CapturedDecl.qll f8b69887acb35cc8de572984fef83eb08649845b49179b68d3afef36b526bddb 94ab461ef9ab5983dece5e2b1865b6056e381e5c06f2a3ec4dfde634a9368e59 lib/codeql/swift/generated/decl/ClassDecl.qll a60e8af2fdbcd20cfa2049660c8bcbbc00508fbd3dde72b4778317dfc23c5ae4 a60e8af2fdbcd20cfa2049660c8bcbbc00508fbd3dde72b4778317dfc23c5ae4 lib/codeql/swift/generated/decl/ConcreteVarDecl.qll 4801ccc477480c4bc4fc117976fbab152e081064e064c97fbb0f37199cb1d0a8 4d7cfbf5b39b307dd673781adc220fdef04213f2e3d080004fa658ba6d3acb8d -lib/codeql/swift/generated/decl/Decl.qll 1d620c8e43df3cb46e5446dc9f6592205040c4d2b03c2ce1e491d7628f8904d0 b02514d7548a5a1dca39a148974a1b4dfeb681ebf81ad80f78d53ea48bab6133 +lib/codeql/swift/generated/decl/Decl.qll e9a27347096be6b0d1f9e555ba98867b4e3f1629bc4c24ed4c737921e416ef8c 5b9d839d3cce81a282fda869d83a33138c9587c76c1547692811aed05c44aa46 lib/codeql/swift/generated/decl/Deinitializer.qll 816ecd92552915d06952517606a6e4c67bc53d7e7d9f5c09b7276e70612627fe 816ecd92552915d06952517606a6e4c67bc53d7e7d9f5c09b7276e70612627fe lib/codeql/swift/generated/decl/EnumCaseDecl.qll 564718862a9fd5b99427591a83921bf57aac2074041b5b335577599e8eefda16 90899d7d7a9c695576ae4b24d19deb05e45e0e85c954ab41de154d5cc521019e lib/codeql/swift/generated/decl/EnumDecl.qll fa4490d511ee537751a4fab2478e65250ff3deba43c74db5341184c9ba25b534 fa4490d511ee537751a4fab2478e65250ff3deba43c74db5341184c9ba25b534 From 681cc4c755bb3420bcfb8e11c0eb1182f99adffc Mon Sep 17 00:00:00 2001 From: Robert Marsh Date: Mon, 22 May 2023 11:49:37 -0400 Subject: [PATCH 541/870] C++: add neq refinement test for range analysis --- cpp/ql/test/library-tests/ir/range-analysis/test.cpp | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/cpp/ql/test/library-tests/ir/range-analysis/test.cpp b/cpp/ql/test/library-tests/ir/range-analysis/test.cpp index 682b74d2e78..849ae25e458 100644 --- a/cpp/ql/test/library-tests/ir/range-analysis/test.cpp +++ b/cpp/ql/test/library-tests/ir/range-analysis/test.cpp @@ -49,3 +49,13 @@ return 0; } +int f3(int x) { + for (int i = 0; i <= 100; i++) { + range(i); // $ range=<=100 range=>=0 + if(i == 100) { + range(i); // $ range===100 + } else { + range(i); // $ range=<=99 range=>=0 + } + } +} \ No newline at end of file From 9f83dd5c7a1fc652614022238b3ff36280f11b2d Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Thu, 20 Apr 2023 20:00:20 +0200 Subject: [PATCH 542/870] Tree-sitter extractor: extract shared dbscheme fragments into 'prefix.dbscheme' --- config/dbscheme-fragments.json | 13 +- ql/ql/src/codeql/Locations.qll | 2 +- ql/ql/src/ql.dbscheme | 47 ++-- ql/ql/src/ql.dbscheme.stats | 88 +++---- .../queries/style/OmittableExists/Test.qll | 4 +- ruby/ql/lib/codeql/Locations.qll | 2 +- ruby/ql/lib/ruby.dbscheme | 38 ++- ruby/ql/lib/ruby.dbscheme.stats | 88 +++---- .../src/generator/mod.rs | 229 +----------------- .../src/generator/prefix.dbscheme | 61 +++++ 10 files changed, 226 insertions(+), 346 deletions(-) create mode 100644 shared/tree-sitter-extractor/src/generator/prefix.dbscheme diff --git a/config/dbscheme-fragments.json b/config/dbscheme-fragments.json index 8e66d2df008..c97213e3162 100644 --- a/config/dbscheme-fragments.json +++ b/config/dbscheme-fragments.json @@ -1,15 +1,26 @@ { "files": [ "javascript/ql/lib/semmlecode.javascript.dbscheme", + "ruby/ql/lib/ruby.dbscheme", + "ql/ql/src/ql.dbscheme" ], "fragments": [ "/*- External data -*/", "/*- Files and folders -*/", + "/*- Diagnostic messages -*/", + "/*- Diagnostic messages: severity -*/", "/*- Source location prefix -*/", "/*- Lines of code -*/", "/*- Configuration files with key value pairs -*/", "/*- YAML -*/", "/*- XML Files -*/", - "/*- JavaScript-specific part -*/" + "/*- JavaScript-specific part -*/", + "/*- Ruby dbscheme -*/", + "/*- Erb dbscheme -*/", + "/*- QL dbscheme -*/", + "/*- Dbscheme dbscheme -*/", + "/*- Yaml dbscheme -*/", + "/*- Blame dbscheme -*/", + "/*- JSON dbscheme -*/" ] } diff --git a/ql/ql/src/codeql/Locations.qll b/ql/ql/src/codeql/Locations.qll index 1cfb8a8d41a..ae8058c916d 100644 --- a/ql/ql/src/codeql/Locations.qll +++ b/ql/ql/src/codeql/Locations.qll @@ -8,7 +8,7 @@ import files.FileSystem * * For more information about locations see [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). */ -class Location extends @location { +class Location extends @location_default { /** Gets the file for this location. */ File getFile() { locations_default(this, result, _, _, _, _) } diff --git a/ql/ql/src/ql.dbscheme b/ql/ql/src/ql.dbscheme index 2f4f6f7d26f..2f98ed2d92d 100644 --- a/ql/ql/src/ql.dbscheme +++ b/ql/ql/src/ql.dbscheme @@ -1,15 +1,22 @@ // CodeQL database schema for QL // Automatically generated from the tree-sitter grammar; do not edit -@location = @location_default +/*- Files and folders -*/ +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ locations_default( unique int id: @location_default, int file: @file ref, - int start_line: int ref, - int start_column: int ref, - int end_line: int ref, - int end_column: int ref + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref ); files( @@ -29,9 +36,14 @@ containerparent( unique int child: @container ref ); -sourceLocationPrefix( - string prefix: string ref -); +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- Diagnostic messages -*/ diagnostics( unique int id: @diagnostic, @@ -42,14 +54,15 @@ diagnostics( int location: @location_default ref ); +/*- Diagnostic messages: severity -*/ + case @diagnostic.severity of 10 = @diagnostic_debug | 20 = @diagnostic_info | 30 = @diagnostic_warning | 40 = @diagnostic_error ; - - +/*- QL dbscheme -*/ @ql_add_expr_left_type = @ql_add_expr | @ql_aggregate | @ql_call_or_unqual_agg_expr | @ql_comp_term | @ql_conjunction | @ql_disjunction | @ql_expr_annotation | @ql_if_term | @ql_implication | @ql_in_expr | @ql_instance_of | @ql_literal | @ql_mul_expr | @ql_negation | @ql_par_expr | @ql_prefix_cast | @ql_qualified_expr | @ql_quantified | @ql_range | @ql_set_literal | @ql_special_call | @ql_super_ref | @ql_unary_expr | @ql_variable @ql_add_expr_right_type = @ql_add_expr | @ql_aggregate | @ql_call_or_unqual_agg_expr | @ql_comp_term | @ql_conjunction | @ql_disjunction | @ql_expr_annotation | @ql_if_term | @ql_implication | @ql_in_expr | @ql_instance_of | @ql_literal | @ql_mul_expr | @ql_negation | @ql_par_expr | @ql_prefix_cast | @ql_qualified_expr | @ql_quantified | @ql_range | @ql_set_literal | @ql_special_call | @ql_super_ref | @ql_unary_expr | @ql_variable @@ -926,9 +939,10 @@ ql_ast_node_info( unique int node: @ql_ast_node ref, int parent: @ql_ast_node_parent ref, int parent_index: int ref, - int loc: @location ref + int loc: @location_default ref ); +/*- Dbscheme dbscheme -*/ dbscheme_annotation_args_annotation( unique int dbscheme_annotation: @dbscheme_annotation ref, unique int args_annotation: @dbscheme_args_annotation ref @@ -1112,9 +1126,10 @@ dbscheme_ast_node_info( unique int node: @dbscheme_ast_node ref, int parent: @dbscheme_ast_node_parent ref, int parent_index: int ref, - int loc: @location ref + int loc: @location_default ref ); +/*- Yaml dbscheme -*/ yaml_comment_def( unique int id: @yaml_comment, int child: @yaml_token_value ref @@ -1184,9 +1199,10 @@ yaml_ast_node_info( unique int node: @yaml_ast_node ref, int parent: @yaml_ast_node_parent ref, int parent_index: int ref, - int loc: @location ref + int loc: @location_default ref ); +/*- Blame dbscheme -*/ #keyset[blame_blame_entry, index] blame_blame_entry_line( int blame_blame_entry: @blame_blame_entry ref, @@ -1246,9 +1262,10 @@ blame_ast_node_info( unique int node: @blame_ast_node ref, int parent: @blame_ast_node_parent ref, int parent_index: int ref, - int loc: @location ref + int loc: @location_default ref ); +/*- JSON dbscheme -*/ #keyset[json_array, index] json_array_child( int json_array: @json_array ref, @@ -1327,6 +1344,6 @@ json_ast_node_info( unique int node: @json_ast_node ref, int parent: @json_ast_node_parent ref, int parent_index: int ref, - int loc: @location ref + int loc: @location_default ref ); diff --git a/ql/ql/src/ql.dbscheme.stats b/ql/ql/src/ql.dbscheme.stats index d6e8abb350c..85072c39df5 100644 --- a/ql/ql/src/ql.dbscheme.stats +++ b/ql/ql/src/ql.dbscheme.stats @@ -1060,19 +1060,19 @@ 8553 - start_line + startLine 74697 - start_column + startColumn 2236 - end_line + endLine 74730 - end_column + endColumn 2415 @@ -1095,7 +1095,7 @@ id - start_line + startLine 12 @@ -1111,7 +1111,7 @@ id - start_column + startColumn 12 @@ -1127,7 +1127,7 @@ id - end_line + endLine 12 @@ -1143,7 +1143,7 @@ id - end_column + endColumn 12 @@ -1235,7 +1235,7 @@ file - start_line + startLine 12 @@ -1316,7 +1316,7 @@ file - start_column + startColumn 12 @@ -1392,7 +1392,7 @@ file - end_line + endLine 12 @@ -1473,7 +1473,7 @@ file - end_column + endColumn 12 @@ -1548,7 +1548,7 @@ - start_line + startLine id @@ -1624,7 +1624,7 @@ - start_line + startLine file @@ -1675,8 +1675,8 @@ - start_line - start_column + startLine + startColumn 12 @@ -1751,8 +1751,8 @@ - start_line - end_line + startLine + endLine 12 @@ -1797,8 +1797,8 @@ - start_line - end_column + startLine + endColumn 12 @@ -1873,7 +1873,7 @@ - start_column + startColumn id @@ -1949,7 +1949,7 @@ - start_column + startColumn file @@ -2025,8 +2025,8 @@ - start_column - start_line + startColumn + startLine 12 @@ -2101,8 +2101,8 @@ - start_column - end_line + startColumn + endLine 12 @@ -2177,8 +2177,8 @@ - start_column - end_column + startColumn + endColumn 12 @@ -2248,7 +2248,7 @@ - end_line + endLine id @@ -2324,7 +2324,7 @@ - end_line + endLine file @@ -2375,8 +2375,8 @@ - end_line - start_line + endLine + startLine 12 @@ -2421,8 +2421,8 @@ - end_line - start_column + endLine + startColumn 12 @@ -2497,8 +2497,8 @@ - end_line - end_column + endLine + endColumn 12 @@ -2573,7 +2573,7 @@ - end_column + endColumn id @@ -2649,7 +2649,7 @@ - end_column + endColumn file @@ -2725,8 +2725,8 @@ - end_column - start_line + endColumn + startLine 12 @@ -2801,8 +2801,8 @@ - end_column - start_column + endColumn + startColumn 12 @@ -2872,8 +2872,8 @@ - end_column - end_line + endColumn + endLine 12 diff --git a/ql/ql/test/queries/style/OmittableExists/Test.qll b/ql/ql/test/queries/style/OmittableExists/Test.qll index fc020742b85..517758a9dab 100644 --- a/ql/ql/test/queries/style/OmittableExists/Test.qll +++ b/ql/ql/test/queries/style/OmittableExists/Test.qll @@ -4,7 +4,7 @@ predicate anotherPredicate(int i) { none() } predicate yetAnotherPredicate(int i, int y) { none() } -predicate dbTypePredicate(@location l) { none() } +predicate dbTypePredicate(@location_default l) { none() } string predicateWithResult(int i) { none() } @@ -12,7 +12,7 @@ class SmallInt extends int { SmallInt() { this = [0 .. 10] } } -class Location extends @location { +class Location extends @location_default { string toString() { result = "" } } diff --git a/ruby/ql/lib/codeql/Locations.qll b/ruby/ql/lib/codeql/Locations.qll index 94536357003..3a16bdec40d 100644 --- a/ruby/ql/lib/codeql/Locations.qll +++ b/ruby/ql/lib/codeql/Locations.qll @@ -17,7 +17,7 @@ private string locationToString(Location loc) { * * For more information about locations see [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). */ -class Location extends @location { +class Location extends @location_default { /** Gets the file for this location. */ File getFile() { locations_default(this, result, _, _, _, _) } diff --git a/ruby/ql/lib/ruby.dbscheme b/ruby/ql/lib/ruby.dbscheme index ff289788b15..a9b02f60315 100644 --- a/ruby/ql/lib/ruby.dbscheme +++ b/ruby/ql/lib/ruby.dbscheme @@ -1,15 +1,22 @@ // CodeQL database schema for Ruby // Automatically generated from the tree-sitter grammar; do not edit -@location = @location_default +/*- Files and folders -*/ +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ locations_default( unique int id: @location_default, int file: @file ref, - int start_line: int ref, - int start_column: int ref, - int end_line: int ref, - int end_column: int ref + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref ); files( @@ -29,9 +36,14 @@ containerparent( unique int child: @container ref ); -sourceLocationPrefix( - string prefix: string ref -); +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- Diagnostic messages -*/ diagnostics( unique int id: @diagnostic, @@ -42,14 +54,15 @@ diagnostics( int location: @location_default ref ); +/*- Diagnostic messages: severity -*/ + case @diagnostic.severity of 10 = @diagnostic_debug | 20 = @diagnostic_info | 30 = @diagnostic_warning | 40 = @diagnostic_error ; - - +/*- Ruby dbscheme -*/ @ruby_underscore_arg = @ruby_assignment | @ruby_binary | @ruby_conditional | @ruby_operator_assignment | @ruby_range | @ruby_unary | @ruby_underscore_primary @ruby_underscore_call_operator = @ruby_reserved_word @@ -1375,9 +1388,10 @@ ruby_ast_node_info( unique int node: @ruby_ast_node ref, int parent: @ruby_ast_node_parent ref, int parent_index: int ref, - int loc: @location ref + int loc: @location_default ref ); +/*- Erb dbscheme -*/ erb_comment_directive_child( unique int erb_comment_directive: @erb_comment_directive ref, unique int child: @erb_token_comment ref @@ -1450,6 +1464,6 @@ erb_ast_node_info( unique int node: @erb_ast_node ref, int parent: @erb_ast_node_parent ref, int parent_index: int ref, - int loc: @location ref + int loc: @location_default ref ); diff --git a/ruby/ql/lib/ruby.dbscheme.stats b/ruby/ql/lib/ruby.dbscheme.stats index ef1eb901127..5bd381c4691 100644 --- a/ruby/ql/lib/ruby.dbscheme.stats +++ b/ruby/ql/lib/ruby.dbscheme.stats @@ -2636,19 +2636,19 @@ 17807 - start_line + startLine 30866 - start_column + startColumn 5140 - end_line + endLine 30866 - end_column + endColumn 5244 @@ -2671,7 +2671,7 @@ id - start_line + startLine 12 @@ -2687,7 +2687,7 @@ id - start_column + startColumn 12 @@ -2703,7 +2703,7 @@ id - end_line + endLine 12 @@ -2719,7 +2719,7 @@ id - end_column + endColumn 12 @@ -2811,7 +2811,7 @@ file - start_line + startLine 12 @@ -2887,7 +2887,7 @@ file - start_column + startColumn 12 @@ -2963,7 +2963,7 @@ file - end_line + endLine 12 @@ -3039,7 +3039,7 @@ file - end_column + endColumn 12 @@ -3114,7 +3114,7 @@ - start_line + startLine id @@ -3195,7 +3195,7 @@ - start_line + startLine file @@ -3251,8 +3251,8 @@ - start_line - start_column + startLine + startColumn 12 @@ -3332,8 +3332,8 @@ - start_line - end_line + startLine + endLine 12 @@ -3383,8 +3383,8 @@ - start_line - end_column + startLine + endColumn 12 @@ -3464,7 +3464,7 @@ - start_column + startColumn id @@ -3545,7 +3545,7 @@ - start_column + startColumn file @@ -3606,8 +3606,8 @@ - start_column - start_line + startColumn + startLine 12 @@ -3677,8 +3677,8 @@ - start_column - end_line + startColumn + endLine 12 @@ -3748,8 +3748,8 @@ - start_column - end_column + startColumn + endColumn 12 @@ -3809,7 +3809,7 @@ - end_line + endLine id @@ -3890,7 +3890,7 @@ - end_line + endLine file @@ -3946,8 +3946,8 @@ - end_line - start_line + endLine + startLine 12 @@ -3997,8 +3997,8 @@ - end_line - start_column + endLine + startColumn 12 @@ -4073,8 +4073,8 @@ - end_line - end_column + endLine + endColumn 12 @@ -4154,7 +4154,7 @@ - end_column + endColumn id @@ -4235,7 +4235,7 @@ - end_column + endColumn file @@ -4296,8 +4296,8 @@ - end_column - start_line + endColumn + startLine 12 @@ -4367,8 +4367,8 @@ - end_column - start_column + endColumn + startColumn 12 @@ -4438,8 +4438,8 @@ - end_column - end_line + endColumn + endLine 12 diff --git a/shared/tree-sitter-extractor/src/generator/mod.rs b/shared/tree-sitter-extractor/src/generator/mod.rs index 9b1b972d0d2..d8737f789cc 100644 --- a/shared/tree-sitter-extractor/src/generator/mod.rs +++ b/shared/tree-sitter-extractor/src/generator/mod.rs @@ -30,21 +30,7 @@ pub fn generate( languages[0].name )?; - let (diagnostics_case, diagnostics_table) = create_diagnostics(); - dbscheme::write( - &mut dbscheme_writer, - &[ - create_location_union(), - create_locations_default_table(), - create_files_table(), - create_folders_table(), - create_container_union(), - create_containerparent_table(), - create_source_location_prefix_table(), - dbscheme::Entry::Table(diagnostics_table), - dbscheme::Entry::Case(diagnostics_case), - ], - )?; + write!(dbscheme_writer, include_str!("prefix.dbscheme"))?; let mut ql_writer = LineWriter::new(File::create(ql_library_path)?); write!( @@ -74,6 +60,7 @@ pub fn generate( let nodes = node_types::read_node_types_str(&prefix, language.node_types)?; let (dbscheme_entries, mut ast_node_members, token_kinds) = convert_nodes(&nodes); ast_node_members.insert(&token_name); + write!(&mut dbscheme_writer, "/*- {} dbscheme -*/\n", language.name)?; dbscheme::write(&mut dbscheme_writer, &dbscheme_entries)?; let token_case = create_token_case(&token_name, token_kinds); dbscheme::write( @@ -388,7 +375,7 @@ fn create_ast_node_info_table<'a>( unique: false, db_type: dbscheme::DbColumnType::Int, name: "loc", - ql_type: ql::Type::At("location"), + ql_type: ql::Type::At("location_default"), ql_type_is_ref: true, }, ], @@ -437,213 +424,3 @@ fn create_token_case<'a>(name: &'a str, token_kinds: Map<&'a str, usize>) -> dbs branches, } } - -fn create_location_union<'a>() -> dbscheme::Entry<'a> { - dbscheme::Entry::Union(dbscheme::Union { - name: "location", - members: vec!["location_default"].into_iter().collect(), - }) -} - -fn create_files_table<'a>() -> dbscheme::Entry<'a> { - dbscheme::Entry::Table(dbscheme::Table { - name: "files", - keysets: None, - columns: vec![ - dbscheme::Column { - unique: true, - db_type: dbscheme::DbColumnType::Int, - name: "id", - ql_type: ql::Type::At("file"), - ql_type_is_ref: false, - }, - dbscheme::Column { - db_type: dbscheme::DbColumnType::String, - name: "name", - unique: false, - ql_type: ql::Type::String, - ql_type_is_ref: true, - }, - ], - }) -} -fn create_folders_table<'a>() -> dbscheme::Entry<'a> { - dbscheme::Entry::Table(dbscheme::Table { - name: "folders", - keysets: None, - columns: vec![ - dbscheme::Column { - unique: true, - db_type: dbscheme::DbColumnType::Int, - name: "id", - ql_type: ql::Type::At("folder"), - ql_type_is_ref: false, - }, - dbscheme::Column { - db_type: dbscheme::DbColumnType::String, - name: "name", - unique: false, - ql_type: ql::Type::String, - ql_type_is_ref: true, - }, - ], - }) -} - -fn create_locations_default_table<'a>() -> dbscheme::Entry<'a> { - dbscheme::Entry::Table(dbscheme::Table { - name: "locations_default", - keysets: None, - columns: vec![ - dbscheme::Column { - unique: true, - db_type: dbscheme::DbColumnType::Int, - name: "id", - ql_type: ql::Type::At("location_default"), - ql_type_is_ref: false, - }, - dbscheme::Column { - unique: false, - db_type: dbscheme::DbColumnType::Int, - name: "file", - ql_type: ql::Type::At("file"), - ql_type_is_ref: true, - }, - dbscheme::Column { - unique: false, - db_type: dbscheme::DbColumnType::Int, - name: "start_line", - ql_type: ql::Type::Int, - ql_type_is_ref: true, - }, - dbscheme::Column { - unique: false, - db_type: dbscheme::DbColumnType::Int, - name: "start_column", - ql_type: ql::Type::Int, - ql_type_is_ref: true, - }, - dbscheme::Column { - unique: false, - db_type: dbscheme::DbColumnType::Int, - name: "end_line", - ql_type: ql::Type::Int, - ql_type_is_ref: true, - }, - dbscheme::Column { - unique: false, - db_type: dbscheme::DbColumnType::Int, - name: "end_column", - ql_type: ql::Type::Int, - ql_type_is_ref: true, - }, - ], - }) -} - -fn create_container_union<'a>() -> dbscheme::Entry<'a> { - dbscheme::Entry::Union(dbscheme::Union { - name: "container", - members: vec!["folder", "file"].into_iter().collect(), - }) -} - -fn create_containerparent_table<'a>() -> dbscheme::Entry<'a> { - dbscheme::Entry::Table(dbscheme::Table { - name: "containerparent", - columns: vec![ - dbscheme::Column { - unique: false, - db_type: dbscheme::DbColumnType::Int, - name: "parent", - ql_type: ql::Type::At("container"), - ql_type_is_ref: true, - }, - dbscheme::Column { - unique: true, - db_type: dbscheme::DbColumnType::Int, - name: "child", - ql_type: ql::Type::At("container"), - ql_type_is_ref: true, - }, - ], - keysets: None, - }) -} - -fn create_source_location_prefix_table<'a>() -> dbscheme::Entry<'a> { - dbscheme::Entry::Table(dbscheme::Table { - name: "sourceLocationPrefix", - keysets: None, - columns: vec![dbscheme::Column { - unique: false, - db_type: dbscheme::DbColumnType::String, - name: "prefix", - ql_type: ql::Type::String, - ql_type_is_ref: true, - }], - }) -} - -fn create_diagnostics<'a>() -> (dbscheme::Case<'a>, dbscheme::Table<'a>) { - let table = dbscheme::Table { - name: "diagnostics", - keysets: None, - columns: vec![ - dbscheme::Column { - unique: true, - db_type: dbscheme::DbColumnType::Int, - name: "id", - ql_type: ql::Type::At("diagnostic"), - ql_type_is_ref: false, - }, - dbscheme::Column { - unique: false, - db_type: dbscheme::DbColumnType::Int, - name: "severity", - ql_type: ql::Type::Int, - ql_type_is_ref: true, - }, - dbscheme::Column { - unique: false, - db_type: dbscheme::DbColumnType::String, - name: "error_tag", - ql_type: ql::Type::String, - ql_type_is_ref: true, - }, - dbscheme::Column { - unique: false, - db_type: dbscheme::DbColumnType::String, - name: "error_message", - ql_type: ql::Type::String, - ql_type_is_ref: true, - }, - dbscheme::Column { - unique: false, - db_type: dbscheme::DbColumnType::String, - name: "full_error_message", - ql_type: ql::Type::String, - ql_type_is_ref: true, - }, - dbscheme::Column { - unique: false, - db_type: dbscheme::DbColumnType::Int, - name: "location", - ql_type: ql::Type::At("location_default"), - ql_type_is_ref: true, - }, - ], - }; - let severities: Vec<(usize, &str)> = vec![ - (10, "diagnostic_debug"), - (20, "diagnostic_info"), - (30, "diagnostic_warning"), - (40, "diagnostic_error"), - ]; - let case = dbscheme::Case { - name: "diagnostic", - column: "severity", - branches: severities, - }; - (case, table) -} diff --git a/shared/tree-sitter-extractor/src/generator/prefix.dbscheme b/shared/tree-sitter-extractor/src/generator/prefix.dbscheme new file mode 100644 index 00000000000..f371901ca6f --- /dev/null +++ b/shared/tree-sitter-extractor/src/generator/prefix.dbscheme @@ -0,0 +1,61 @@ +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- Diagnostic messages -*/ + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +/*- Diagnostic messages: severity -*/ + +case @diagnostic.severity of + 10 = @diagnostic_debug +| 20 = @diagnostic_info +| 30 = @diagnostic_warning +| 40 = @diagnostic_error +; From 7978c65467572a662c10b3d3f195b35f2c13b10a Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Fri, 21 Apr 2023 13:29:09 +0200 Subject: [PATCH 543/870] JS: add upgrade/downgrade scripts --- .../old.dbscheme | 1189 ++++++++++++++++ .../semmlecode.javascript.dbscheme | 1218 +++++++++++++++++ .../upgrade.properties | 2 + .../old.dbscheme | 1218 +++++++++++++++++ .../semmlecode.javascript.dbscheme | 1189 ++++++++++++++++ .../upgrade.properties | 11 + 6 files changed, 4827 insertions(+) create mode 100644 javascript/downgrades/8accf0f930bcb8b42d69fd7ef7b4372604f551ed/old.dbscheme create mode 100644 javascript/downgrades/8accf0f930bcb8b42d69fd7ef7b4372604f551ed/semmlecode.javascript.dbscheme create mode 100644 javascript/downgrades/8accf0f930bcb8b42d69fd7ef7b4372604f551ed/upgrade.properties create mode 100644 javascript/ql/lib/upgrades/4d00210ca570d55c4833af11d3372b774dbc63f2/old.dbscheme create mode 100644 javascript/ql/lib/upgrades/4d00210ca570d55c4833af11d3372b774dbc63f2/semmlecode.javascript.dbscheme create mode 100644 javascript/ql/lib/upgrades/4d00210ca570d55c4833af11d3372b774dbc63f2/upgrade.properties diff --git a/javascript/downgrades/8accf0f930bcb8b42d69fd7ef7b4372604f551ed/old.dbscheme b/javascript/downgrades/8accf0f930bcb8b42d69fd7ef7b4372604f551ed/old.dbscheme new file mode 100644 index 00000000000..8accf0f930b --- /dev/null +++ b/javascript/downgrades/8accf0f930bcb8b42d69fd7ef7b4372604f551ed/old.dbscheme @@ -0,0 +1,1189 @@ +/*** Standard fragments ***/ + +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- Lines of code -*/ + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +/*- External data -*/ + +/** + * External data, loaded from CSV files during snapshot creation. See + * [Tutorial: Incorporating external data](https://help.semmle.com/wiki/display/SD/Tutorial%3A+Incorporating+external+data) + * for more information. + */ +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- JavaScript-specific part -*/ + +@location = @location_default + +@sourceline = @locatable; + +filetype( + int file: @file ref, + string filetype: string ref +) + +// top-level code fragments +toplevels (unique int id: @toplevel, + int kind: int ref); + +is_externs (int toplevel: @toplevel ref); + +case @toplevel.kind of + 0 = @script +| 1 = @inline_script +| 2 = @event_handler +| 3 = @javascript_url +| 4 = @template_toplevel; + +is_module (int tl: @toplevel ref); +is_nodejs (int tl: @toplevel ref); +is_es2015_module (int tl: @toplevel ref); +is_closure_module (int tl: @toplevel ref); + +@xml_node_with_code = @xmlelement | @xmlattribute | @template_placeholder_tag; +toplevel_parent_xml_node( + unique int toplevel: @toplevel ref, + int xmlnode: @xml_node_with_code ref); + +xml_element_parent_expression( + unique int xmlnode: @xmlelement ref, + int expression: @expr ref, + int index: int ref); + +// statements +#keyset[parent, idx] +stmts (unique int id: @stmt, + int kind: int ref, + int parent: @stmt_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +stmt_containers (unique int stmt: @stmt ref, + int container: @stmt_container ref); + +jump_targets (unique int jump: @stmt ref, + int target: @stmt ref); + +@stmt_parent = @stmt | @toplevel | @function_expr | @arrow_function_expr | @static_initializer; +@stmt_container = @toplevel | @function | @namespace_declaration | @external_module_declaration | @global_augmentation_declaration; + +case @stmt.kind of + 0 = @empty_stmt +| 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @labeled_stmt +| 5 = @break_stmt +| 6 = @continue_stmt +| 7 = @with_stmt +| 8 = @switch_stmt +| 9 = @return_stmt +| 10 = @throw_stmt +| 11 = @try_stmt +| 12 = @while_stmt +| 13 = @do_while_stmt +| 14 = @for_stmt +| 15 = @for_in_stmt +| 16 = @debugger_stmt +| 17 = @function_decl_stmt +| 18 = @var_decl_stmt +| 19 = @case +| 20 = @catch_clause +| 21 = @for_of_stmt +| 22 = @const_decl_stmt +| 23 = @let_stmt +| 24 = @legacy_let_stmt +| 25 = @for_each_stmt +| 26 = @class_decl_stmt +| 27 = @import_declaration +| 28 = @export_all_declaration +| 29 = @export_default_declaration +| 30 = @export_named_declaration +| 31 = @namespace_declaration +| 32 = @import_equals_declaration +| 33 = @export_assign_declaration +| 34 = @interface_declaration +| 35 = @type_alias_declaration +| 36 = @enum_declaration +| 37 = @external_module_declaration +| 38 = @export_as_namespace_declaration +| 39 = @global_augmentation_declaration +; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @let_stmt | @legacy_let_stmt; + +@export_declaration = @export_all_declaration | @export_default_declaration | @export_named_declaration; + +@namespace_definition = @namespace_declaration | @enum_declaration; +@type_definition = @class_definition | @interface_declaration | @enum_declaration | @type_alias_declaration | @enum_member; + +is_instantiated(unique int decl: @namespace_declaration ref); + +@declarable_node = @decl_stmt | @namespace_declaration | @class_decl_stmt | @function_decl_stmt | @enum_declaration | @external_module_declaration | @global_augmentation_declaration | @field; +has_declare_keyword(unique int stmt: @declarable_node ref); + +is_for_await_of(unique int forof: @for_of_stmt ref); + +// expressions +#keyset[parent, idx] +exprs (unique int id: @expr, + int kind: int ref, + int parent: @expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @expr_or_type ref); + +enclosing_stmt (unique int expr: @expr_or_type ref, + int stmt: @stmt ref); + +expr_containers (unique int expr: @expr_or_type ref, + int container: @stmt_container ref); + +array_size (unique int ae: @arraylike ref, + int sz: int ref); + +is_delegating (int yield: @yield_expr ref); + +@expr_or_stmt = @expr | @stmt; +@expr_or_type = @expr | @typeexpr; +@expr_parent = @expr_or_stmt | @property | @function_typeexpr; +@arraylike = @array_expr | @array_pattern; +@type_annotation = @typeexpr | @jsdoc_type_expr; +@node_in_stmt_container = @cfg_node | @type_annotation | @toplevel; + +case @expr.kind of + 0 = @label +| 1 = @null_literal +| 2 = @boolean_literal +| 3 = @number_literal +| 4 = @string_literal +| 5 = @regexp_literal +| 6 = @this_expr +| 7 = @array_expr +| 8 = @obj_expr +| 9 = @function_expr +| 10 = @seq_expr +| 11 = @conditional_expr +| 12 = @new_expr +| 13 = @call_expr +| 14 = @dot_expr +| 15 = @index_expr +| 16 = @neg_expr +| 17 = @plus_expr +| 18 = @log_not_expr +| 19 = @bit_not_expr +| 20 = @typeof_expr +| 21 = @void_expr +| 22 = @delete_expr +| 23 = @eq_expr +| 24 = @neq_expr +| 25 = @eqq_expr +| 26 = @neqq_expr +| 27 = @lt_expr +| 28 = @le_expr +| 29 = @gt_expr +| 30 = @ge_expr +| 31 = @lshift_expr +| 32 = @rshift_expr +| 33 = @urshift_expr +| 34 = @add_expr +| 35 = @sub_expr +| 36 = @mul_expr +| 37 = @div_expr +| 38 = @mod_expr +| 39 = @bitor_expr +| 40 = @xor_expr +| 41 = @bitand_expr +| 42 = @in_expr +| 43 = @instanceof_expr +| 44 = @logand_expr +| 45 = @logor_expr +| 47 = @assign_expr +| 48 = @assign_add_expr +| 49 = @assign_sub_expr +| 50 = @assign_mul_expr +| 51 = @assign_div_expr +| 52 = @assign_mod_expr +| 53 = @assign_lshift_expr +| 54 = @assign_rshift_expr +| 55 = @assign_urshift_expr +| 56 = @assign_or_expr +| 57 = @assign_xor_expr +| 58 = @assign_and_expr +| 59 = @preinc_expr +| 60 = @postinc_expr +| 61 = @predec_expr +| 62 = @postdec_expr +| 63 = @par_expr +| 64 = @var_declarator +| 65 = @arrow_function_expr +| 66 = @spread_element +| 67 = @array_pattern +| 68 = @object_pattern +| 69 = @yield_expr +| 70 = @tagged_template_expr +| 71 = @template_literal +| 72 = @template_element +| 73 = @array_comprehension_expr +| 74 = @generator_expr +| 75 = @for_in_comprehension_block +| 76 = @for_of_comprehension_block +| 77 = @legacy_letexpr +| 78 = @var_decl +| 79 = @proper_varaccess +| 80 = @class_expr +| 81 = @super_expr +| 82 = @newtarget_expr +| 83 = @named_import_specifier +| 84 = @import_default_specifier +| 85 = @import_namespace_specifier +| 86 = @named_export_specifier +| 87 = @exp_expr +| 88 = @assign_exp_expr +| 89 = @jsx_element +| 90 = @jsx_qualified_name +| 91 = @jsx_empty_expr +| 92 = @await_expr +| 93 = @function_sent_expr +| 94 = @decorator +| 95 = @export_default_specifier +| 96 = @export_namespace_specifier +| 97 = @bind_expr +| 98 = @external_module_reference +| 99 = @dynamic_import +| 100 = @expression_with_type_arguments +| 101 = @prefix_type_assertion +| 102 = @as_type_assertion +| 103 = @export_varaccess +| 104 = @decorator_list +| 105 = @non_null_assertion +| 106 = @bigint_literal +| 107 = @nullishcoalescing_expr +| 108 = @e4x_xml_anyname +| 109 = @e4x_xml_static_attribute_selector +| 110 = @e4x_xml_dynamic_attribute_selector +| 111 = @e4x_xml_filter_expression +| 112 = @e4x_xml_static_qualident +| 113 = @e4x_xml_dynamic_qualident +| 114 = @e4x_xml_dotdotexpr +| 115 = @import_meta_expr +| 116 = @assignlogandexpr +| 117 = @assignlogorexpr +| 118 = @assignnullishcoalescingexpr +| 119 = @template_pipe_ref +| 120 = @generated_code_expr +| 121 = @satisfies_expr +; + +@varaccess = @proper_varaccess | @export_varaccess; +@varref = @var_decl | @varaccess; + +@identifier = @label | @varref | @type_identifier; + +@literal = @null_literal | @boolean_literal | @number_literal | @string_literal | @regexp_literal | @bigint_literal; + +@propaccess = @dot_expr | @index_expr; + +@invokeexpr = @new_expr | @call_expr; + +@unaryexpr = @neg_expr | @plus_expr | @log_not_expr | @bit_not_expr | @typeof_expr | @void_expr | @delete_expr | @spread_element; + +@equality_test = @eq_expr | @neq_expr | @eqq_expr | @neqq_expr; + +@comparison = @equality_test | @lt_expr | @le_expr | @gt_expr | @ge_expr; + +@binaryexpr = @comparison | @lshift_expr | @rshift_expr | @urshift_expr | @add_expr | @sub_expr | @mul_expr | @div_expr | @mod_expr | @exp_expr | @bitor_expr | @xor_expr | @bitand_expr | @in_expr | @instanceof_expr | @logand_expr | @logor_expr | @nullishcoalescing_expr; + +@assignment = @assign_expr | @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr | @assign_mod_expr | @assign_exp_expr | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr | @assign_or_expr | @assign_xor_expr | @assign_and_expr | @assignlogandexpr | @assignlogorexpr | @assignnullishcoalescingexpr; + +@updateexpr = @preinc_expr | @postinc_expr | @predec_expr | @postdec_expr; + +@pattern = @varref | @array_pattern | @object_pattern; + +@comprehension_expr = @array_comprehension_expr | @generator_expr; + +@comprehension_block = @for_in_comprehension_block | @for_of_comprehension_block; + +@import_specifier = @named_import_specifier | @import_default_specifier | @import_namespace_specifier; + +@exportspecifier = @named_export_specifier | @export_default_specifier | @export_namespace_specifier; + +@type_keyword_operand = @import_declaration | @export_declaration | @import_specifier; + +@type_assertion = @as_type_assertion | @prefix_type_assertion; + +@class_definition = @class_decl_stmt | @class_expr; +@interface_definition = @interface_declaration | @interface_typeexpr; +@class_or_interface = @class_definition | @interface_definition; + +@lexical_decl = @var_decl | @type_decl; +@lexical_access = @varaccess | @local_type_access | @local_var_type_access | @local_namespace_access; +@lexical_ref = @lexical_decl | @lexical_access; + +@e4x_xml_attribute_selector = @e4x_xml_static_attribute_selector | @e4x_xml_dynamic_attribute_selector; +@e4x_xml_qualident = @e4x_xml_static_qualident | @e4x_xml_dynamic_qualident; + +expr_contains_template_tag_location( + int expr: @expr ref, + int location: @location ref +); + +@template_placeholder_tag_parent = @xmlelement | @xmlattribute | @file; + +template_placeholder_tag_info( + unique int node: @template_placeholder_tag, + int parentNode: @template_placeholder_tag_parent ref, + varchar(900) raw: string ref +); + +// scopes +scopes (unique int id: @scope, + int kind: int ref); + +case @scope.kind of + 0 = @global_scope +| 1 = @function_scope +| 2 = @catch_scope +| 3 = @module_scope +| 4 = @block_scope +| 5 = @for_scope +| 6 = @for_in_scope // for-of scopes work the same as for-in scopes +| 7 = @comprehension_block_scope +| 8 = @class_expr_scope +| 9 = @namespace_scope +| 10 = @class_decl_scope +| 11 = @interface_scope +| 12 = @type_alias_scope +| 13 = @mapped_type_scope +| 14 = @enum_scope +| 15 = @external_module_scope +| 16 = @conditional_type_scope; + +scopenodes (unique int node: @ast_node ref, + int scope: @scope ref); + +scopenesting (unique int inner: @scope ref, + int outer: @scope ref); + +// functions +@function = @function_decl_stmt | @function_expr | @arrow_function_expr; + +@parameterized = @function | @catch_clause; +@type_parameterized = @function | @class_or_interface | @type_alias_declaration | @mapped_typeexpr | @infer_typeexpr; + +is_generator (int fun: @function ref); +has_rest_parameter (int fun: @function ref); +is_async (int fun: @function ref); + +// variables and lexically scoped type names +#keyset[scope, name] +variables (unique int id: @variable, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_type_names (unique int id: @local_type_name, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_namespace_names (unique int id: @local_namespace_name, + varchar(900) name: string ref, + int scope: @scope ref); + +is_arguments_object (int id: @variable ref); + +@lexical_name = @variable | @local_type_name | @local_namespace_name; + +@bind_id = @varaccess | @local_var_type_access; +bind (unique int id: @bind_id ref, + int decl: @variable ref); + +decl (unique int id: @var_decl ref, + int decl: @variable ref); + +@typebind_id = @local_type_access | @export_varaccess; +typebind (unique int id: @typebind_id ref, + int decl: @local_type_name ref); + +@typedecl_id = @type_decl | @var_decl; +typedecl (unique int id: @typedecl_id ref, + int decl: @local_type_name ref); + +namespacedecl (unique int id: @var_decl ref, + int decl: @local_namespace_name ref); + +@namespacebind_id = @local_namespace_access | @export_varaccess; +namespacebind (unique int id: @namespacebind_id ref, + int decl: @local_namespace_name ref); + + +// properties in object literals, property patterns in object patterns, and method declarations in classes +#keyset[parent, index] +properties (unique int id: @property, + int parent: @property_parent ref, + int index: int ref, + int kind: int ref, + varchar(900) tostring: string ref); + +case @property.kind of + 0 = @value_property +| 1 = @property_getter +| 2 = @property_setter +| 3 = @jsx_attribute +| 4 = @function_call_signature +| 5 = @constructor_call_signature +| 6 = @index_signature +| 7 = @enum_member +| 8 = @proper_field +| 9 = @parameter_field +| 10 = @static_initializer +; + +@property_parent = @obj_expr | @object_pattern | @class_definition | @jsx_element | @interface_definition | @enum_declaration; +@property_accessor = @property_getter | @property_setter; +@call_signature = @function_call_signature | @constructor_call_signature; +@field = @proper_field | @parameter_field; +@field_or_vardeclarator = @field | @var_declarator; + +is_computed (int id: @property ref); +is_method (int id: @property ref); +is_static (int id: @property ref); +is_abstract_member (int id: @property ref); +is_const_enum (int id: @enum_declaration ref); +is_abstract_class (int id: @class_decl_stmt ref); + +has_public_keyword (int id: @property ref); +has_private_keyword (int id: @property ref); +has_protected_keyword (int id: @property ref); +has_readonly_keyword (int id: @property ref); +has_type_keyword (int id: @type_keyword_operand ref); +is_optional_member (int id: @property ref); +has_definite_assignment_assertion (int id: @field_or_vardeclarator ref); +is_optional_parameter_declaration (unique int parameter: @pattern ref); + +#keyset[constructor, param_index] +parameter_fields( + unique int field: @parameter_field ref, + int constructor: @function_expr ref, + int param_index: int ref +); + +// types +#keyset[parent, idx] +typeexprs ( + unique int id: @typeexpr, + int kind: int ref, + int parent: @typeexpr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref +); + +case @typeexpr.kind of + 0 = @local_type_access +| 1 = @type_decl +| 2 = @keyword_typeexpr +| 3 = @string_literal_typeexpr +| 4 = @number_literal_typeexpr +| 5 = @boolean_literal_typeexpr +| 6 = @array_typeexpr +| 7 = @union_typeexpr +| 8 = @indexed_access_typeexpr +| 9 = @intersection_typeexpr +| 10 = @parenthesized_typeexpr +| 11 = @tuple_typeexpr +| 12 = @keyof_typeexpr +| 13 = @qualified_type_access +| 14 = @generic_typeexpr +| 15 = @type_label +| 16 = @typeof_typeexpr +| 17 = @local_var_type_access +| 18 = @qualified_var_type_access +| 19 = @this_var_type_access +| 20 = @predicate_typeexpr +| 21 = @interface_typeexpr +| 22 = @type_parameter +| 23 = @plain_function_typeexpr +| 24 = @constructor_typeexpr +| 25 = @local_namespace_access +| 26 = @qualified_namespace_access +| 27 = @mapped_typeexpr +| 28 = @conditional_typeexpr +| 29 = @infer_typeexpr +| 30 = @import_type_access +| 31 = @import_namespace_access +| 32 = @import_var_type_access +| 33 = @optional_typeexpr +| 34 = @rest_typeexpr +| 35 = @bigint_literal_typeexpr +| 36 = @readonly_typeexpr +| 37 = @template_literal_typeexpr +; + +@typeref = @typeaccess | @type_decl; +@type_identifier = @type_decl | @local_type_access | @type_label | @local_var_type_access | @local_namespace_access; +@typeexpr_parent = @expr | @stmt | @property | @typeexpr; +@literal_typeexpr = @string_literal_typeexpr | @number_literal_typeexpr | @boolean_literal_typeexpr | @bigint_literal_typeexpr; +@typeaccess = @local_type_access | @qualified_type_access | @import_type_access; +@vartypeaccess = @local_var_type_access | @qualified_var_type_access | @this_var_type_access | @import_var_type_access; +@namespace_access = @local_namespace_access | @qualified_namespace_access | @import_namespace_access; +@import_typeexpr = @import_type_access | @import_namespace_access | @import_var_type_access; + +@function_typeexpr = @plain_function_typeexpr | @constructor_typeexpr; + +// types +types ( + unique int id: @type, + int kind: int ref, + varchar(900) tostring: string ref +); + +#keyset[parent, idx] +type_child ( + int child: @type ref, + int parent: @type ref, + int idx: int ref +); + +case @type.kind of + 0 = @any_type +| 1 = @string_type +| 2 = @number_type +| 3 = @union_type +| 4 = @true_type +| 5 = @false_type +| 6 = @type_reference +| 7 = @object_type +| 8 = @canonical_type_variable_type +| 9 = @typeof_type +| 10 = @void_type +| 11 = @undefined_type +| 12 = @null_type +| 13 = @never_type +| 14 = @plain_symbol_type +| 15 = @unique_symbol_type +| 16 = @objectkeyword_type +| 17 = @intersection_type +| 18 = @tuple_type +| 19 = @lexical_type_variable_type +| 20 = @this_type +| 21 = @number_literal_type +| 22 = @string_literal_type +| 23 = @unknown_type +| 24 = @bigint_type +| 25 = @bigint_literal_type +; + +@boolean_literal_type = @true_type | @false_type; +@symbol_type = @plain_symbol_type | @unique_symbol_type; +@union_or_intersection_type = @union_type | @intersection_type; +@typevariable_type = @canonical_type_variable_type | @lexical_type_variable_type; + +has_asserts_keyword(int node: @predicate_typeexpr ref); + +@typed_ast_node = @expr | @typeexpr | @function; +ast_node_type( + unique int node: @typed_ast_node ref, + int typ: @type ref); + +declared_function_signature( + unique int node: @function ref, + int sig: @signature_type ref +); + +invoke_expr_signature( + unique int node: @invokeexpr ref, + int sig: @signature_type ref +); + +invoke_expr_overload_index( + unique int node: @invokeexpr ref, + int index: int ref +); + +symbols ( + unique int id: @symbol, + int kind: int ref, + varchar(900) name: string ref +); + +symbol_parent ( + unique int symbol: @symbol ref, + int parent: @symbol ref +); + +symbol_module ( + int symbol: @symbol ref, + varchar(900) moduleName: string ref +); + +symbol_global ( + int symbol: @symbol ref, + varchar(900) globalName: string ref +); + +case @symbol.kind of + 0 = @root_symbol +| 1 = @member_symbol +| 2 = @other_symbol +; + +@type_with_symbol = @type_reference | @typevariable_type | @typeof_type | @unique_symbol_type; +@ast_node_with_symbol = @type_definition | @namespace_definition | @toplevel | @typeaccess | @namespace_access | @var_decl | @function | @invokeexpr | @import_declaration | @external_module_reference | @external_module_declaration; + +ast_node_symbol( + unique int node: @ast_node_with_symbol ref, + int symbol: @symbol ref); + +type_symbol( + unique int typ: @type_with_symbol ref, + int symbol: @symbol ref); + +#keyset[typ, name] +type_property( + int typ: @type ref, + varchar(900) name: string ref, + int propertyType: @type ref); + +type_alias( + unique int aliasType: @type ref, + int underlyingType: @type ref); + +@literal_type = @string_literal_type | @number_literal_type | @boolean_literal_type | @bigint_literal_type; +@type_with_literal_value = @string_literal_type | @number_literal_type | @bigint_literal_type; +type_literal_value( + unique int typ: @type_with_literal_value ref, + varchar(900) value: string ref); + +signature_types ( + unique int id: @signature_type, + int kind: int ref, + varchar(900) tostring: string ref, + int type_parameters: int ref, + int required_params: int ref +); + +is_abstract_signature( + unique int sig: @signature_type ref +); + +signature_rest_parameter( + unique int sig: @signature_type ref, + int rest_param_arra_type: @type ref +); + +case @signature_type.kind of + 0 = @function_signature_type +| 1 = @constructor_signature_type +; + +#keyset[typ, kind, index] +type_contains_signature ( + int typ: @type ref, + int kind: int ref, // constructor/call/index + int index: int ref, // ordering of overloaded signatures + int sig: @signature_type ref +); + +#keyset[parent, index] +signature_contains_type ( + int child: @type ref, + int parent: @signature_type ref, + int index: int ref +); + +#keyset[sig, index] +signature_parameter_name ( + int sig: @signature_type ref, + int index: int ref, + varchar(900) name: string ref +); + +number_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +string_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +base_type_names( + int typeName: @symbol ref, + int baseTypeName: @symbol ref +); + +self_types( + int typeName: @symbol ref, + int selfType: @type_reference ref +); + +tuple_type_min_length( + unique int typ: @type ref, + int minLength: int ref +); + +tuple_type_rest_index( + unique int typ: @type ref, + int index: int ref +); + +// comments +comments (unique int id: @comment, + int kind: int ref, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(900) tostring: string ref); + +case @comment.kind of + 0 = @slashslash_comment +| 1 = @slashstar_comment +| 2 = @doc_comment +| 3 = @html_comment_start +| 4 = @htmlcommentend; + +@html_comment = @html_comment_start | @htmlcommentend; +@line_comment = @slashslash_comment | @html_comment; +@block_comment = @slashstar_comment | @doc_comment; + +// source lines +lines (unique int id: @line, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(2) terminator: string ref); +indentation (int file: @file ref, + int lineno: int ref, + varchar(1) indentChar: string ref, + int indentDepth: int ref); + +// JavaScript parse errors +js_parse_errors (unique int id: @js_parse_error, + int toplevel: @toplevel ref, + varchar(900) message: string ref, + varchar(900) line: string ref); + +// regular expressions +#keyset[parent, idx] +regexpterm (unique int id: @regexpterm, + int kind: int ref, + int parent: @regexpparent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +@regexpparent = @regexpterm | @regexp_literal | @string_literal | @add_expr; + +case @regexpterm.kind of + 0 = @regexp_alt +| 1 = @regexp_seq +| 2 = @regexp_caret +| 3 = @regexp_dollar +| 4 = @regexp_wordboundary +| 5 = @regexp_nonwordboundary +| 6 = @regexp_positive_lookahead +| 7 = @regexp_negative_lookahead +| 8 = @regexp_star +| 9 = @regexp_plus +| 10 = @regexp_opt +| 11 = @regexp_range +| 12 = @regexp_dot +| 13 = @regexp_group +| 14 = @regexp_normal_constant +| 15 = @regexp_hex_escape +| 16 = @regexp_unicode_escape +| 17 = @regexp_dec_escape +| 18 = @regexp_oct_escape +| 19 = @regexp_ctrl_escape +| 20 = @regexp_char_class_escape +| 21 = @regexp_id_escape +| 22 = @regexp_backref +| 23 = @regexp_char_class +| 24 = @regexp_char_range +| 25 = @regexp_positive_lookbehind +| 26 = @regexp_negative_lookbehind +| 27 = @regexp_unicode_property_escape; + +regexp_parse_errors (unique int id: @regexp_parse_error, + int regexp: @regexpterm ref, + varchar(900) message: string ref); + +@regexp_quantifier = @regexp_star | @regexp_plus | @regexp_opt | @regexp_range; +@regexp_escape = @regexp_char_escape | @regexp_char_class_escape | @regexp_unicode_property_escape; +@regexp_char_escape = @regexp_hex_escape | @regexp_unicode_escape | @regexp_dec_escape | @regexp_oct_escape | @regexp_ctrl_escape | @regexp_id_escape; +@regexp_constant = @regexp_normal_constant | @regexp_char_escape; +@regexp_lookahead = @regexp_positive_lookahead | @regexp_negative_lookahead; +@regexp_lookbehind = @regexp_positive_lookbehind | @regexp_negative_lookbehind; +@regexp_subpattern = @regexp_lookahead | @regexp_lookbehind; +@regexp_anchor = @regexp_dollar | @regexp_caret; + +is_greedy (int id: @regexp_quantifier ref); +range_quantifier_lower_bound (unique int id: @regexp_range ref, int lo: int ref); +range_quantifier_upper_bound (unique int id: @regexp_range ref, int hi: int ref); +is_capture (unique int id: @regexp_group ref, int number: int ref); +is_named_capture (unique int id: @regexp_group ref, string name: string ref); +is_inverted (int id: @regexp_char_class ref); +regexp_const_value (unique int id: @regexp_constant ref, varchar(1) value: string ref); +char_class_escape (unique int id: @regexp_char_class_escape ref, varchar(1) value: string ref); +backref (unique int id: @regexp_backref ref, int value: int ref); +named_backref (unique int id: @regexp_backref ref, string name: string ref); +unicode_property_escapename (unique int id: @regexp_unicode_property_escape ref, string name: string ref); +unicode_property_escapevalue (unique int id: @regexp_unicode_property_escape ref, string value: string ref); + +// tokens +#keyset[toplevel, idx] +tokeninfo (unique int id: @token, + int kind: int ref, + int toplevel: @toplevel ref, + int idx: int ref, + varchar(900) value: string ref); + +case @token.kind of + 0 = @token_eof +| 1 = @token_null_literal +| 2 = @token_boolean_literal +| 3 = @token_numeric_literal +| 4 = @token_string_literal +| 5 = @token_regular_expression +| 6 = @token_identifier +| 7 = @token_keyword +| 8 = @token_punctuator; + +// associate comments with the token immediately following them (which may be EOF) +next_token (int comment: @comment ref, int token: @token ref); + +// JSON +#keyset[parent, idx] +json (unique int id: @json_value, + int kind: int ref, + int parent: @json_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +json_literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @json_value ref); + +json_properties (int obj: @json_object ref, + varchar(900) property: string ref, + int value: @json_value ref); + +json_errors (unique int id: @json_parse_error, + varchar(900) message: string ref); + +json_locations(unique int locatable: @json_locatable ref, + int location: @location_default ref); + +case @json_value.kind of + 0 = @json_null +| 1 = @json_boolean +| 2 = @json_number +| 3 = @json_string +| 4 = @json_array +| 5 = @json_object; + +@json_parent = @json_object | @json_array | @file; + +@json_locatable = @json_value | @json_parse_error; + +// locations +@ast_node = @toplevel | @stmt | @expr | @property | @typeexpr; + +@locatable = @file + | @ast_node + | @comment + | @line + | @js_parse_error | @regexp_parse_error + | @regexpterm + | @json_locatable + | @token + | @cfg_node + | @jsdoc | @jsdoc_type_expr | @jsdoc_tag + | @yaml_locatable + | @xmllocatable + | @configLocatable + | @template_placeholder_tag; + +hasLocation (unique int locatable: @locatable ref, + int location: @location ref); + +// CFG +entry_cfg_node (unique int id: @entry_node, int container: @stmt_container ref); +exit_cfg_node (unique int id: @exit_node, int container: @stmt_container ref); +guard_node (unique int id: @guard_node, int kind: int ref, int test: @expr ref); +case @guard_node.kind of + 0 = @falsy_guard +| 1 = @truthy_guard; +@condition_guard = @falsy_guard | @truthy_guard; + +@synthetic_cfg_node = @entry_node | @exit_node | @guard_node; +@cfg_node = @synthetic_cfg_node | @expr_parent; + +successor (int pred: @cfg_node ref, int succ: @cfg_node ref); + +// JSDoc comments +jsdoc (unique int id: @jsdoc, varchar(900) description: string ref, int comment: @comment ref); +#keyset[parent, idx] +jsdoc_tags (unique int id: @jsdoc_tag, varchar(900) title: string ref, + int parent: @jsdoc ref, int idx: int ref, varchar(900) tostring: string ref); +jsdoc_tag_descriptions (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); +jsdoc_tag_names (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); + +#keyset[parent, idx] +jsdoc_type_exprs (unique int id: @jsdoc_type_expr, + int kind: int ref, + int parent: @jsdoc_type_expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); +case @jsdoc_type_expr.kind of + 0 = @jsdoc_any_type_expr +| 1 = @jsdoc_null_type_expr +| 2 = @jsdoc_undefined_type_expr +| 3 = @jsdoc_unknown_type_expr +| 4 = @jsdoc_void_type_expr +| 5 = @jsdoc_named_type_expr +| 6 = @jsdoc_applied_type_expr +| 7 = @jsdoc_nullable_type_expr +| 8 = @jsdoc_non_nullable_type_expr +| 9 = @jsdoc_record_type_expr +| 10 = @jsdoc_array_type_expr +| 11 = @jsdoc_union_type_expr +| 12 = @jsdoc_function_type_expr +| 13 = @jsdoc_optional_type_expr +| 14 = @jsdoc_rest_type_expr +; + +#keyset[id, idx] +jsdoc_record_field_name (int id: @jsdoc_record_type_expr ref, int idx: int ref, varchar(900) name: string ref); +jsdoc_prefix_qualifier (int id: @jsdoc_type_expr ref); +jsdoc_has_new_parameter (int fn: @jsdoc_function_type_expr ref); + +@jsdoc_type_expr_parent = @jsdoc_type_expr | @jsdoc_tag; + +jsdoc_errors (unique int id: @jsdoc_error, int tag: @jsdoc_tag ref, varchar(900) message: string ref, varchar(900) tostring: string ref); + +@dataflownode = @expr | @function_decl_stmt | @class_decl_stmt | @namespace_declaration | @enum_declaration | @property; + +@optionalchainable = @call_expr | @propaccess; + +isOptionalChaining(int id: @optionalchainable ref); + +/** + * The time taken for the extraction of a file. + * This table contains non-deterministic content. + * + * The sum of the `time` column for each (`file`, `timerKind`) pair + * is the total time taken for extraction of `file`. The `extractionPhase` + * column provides a granular view of the extraction time of the file. + */ +extraction_time( + int file : @file ref, + // see `com.semmle.js.extractor.ExtractionMetrics.ExtractionPhase`. + int extractionPhase: int ref, + // 0 for the elapsed CPU time in nanoseconds, 1 for the elapsed wallclock time in nanoseconds + int timerKind: int ref, + float time: float ref +) + +/** +* Non-timing related data for the extraction of a single file. +* This table contains non-deterministic content. +*/ +extraction_data( + int file : @file ref, + // the absolute path to the cache file + varchar(900) cacheFile: string ref, + boolean fromCache: boolean ref, + int length: int ref +) + +/*- YAML -*/ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + string tag: string ref, + string tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + string anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + string target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + string value: string ref); + +yaml_errors (unique int id: @yaml_error, + string message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + +/*- XML Files -*/ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/*- Configuration files with key value pairs -*/ + +configs( + unique int id: @config +); + +configNames( + unique int id: @configName, + int config: @config ref, + string name: string ref +); + +configValues( + unique int id: @configValue, + int config: @config ref, + string value: string ref +); + +configLocations( + int locatable: @configLocatable ref, + int location: @location_default ref +); + +@configLocatable = @config | @configName | @configValue; diff --git a/javascript/downgrades/8accf0f930bcb8b42d69fd7ef7b4372604f551ed/semmlecode.javascript.dbscheme b/javascript/downgrades/8accf0f930bcb8b42d69fd7ef7b4372604f551ed/semmlecode.javascript.dbscheme new file mode 100644 index 00000000000..4d00210ca57 --- /dev/null +++ b/javascript/downgrades/8accf0f930bcb8b42d69fd7ef7b4372604f551ed/semmlecode.javascript.dbscheme @@ -0,0 +1,1218 @@ +/*** Standard fragments ***/ + +/** Files and folders **/ + +@location = @location_default; + +locations_default(unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref + ); + +@sourceline = @locatable; + +numlines(int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref + ); + +files(unique int id: @file, + varchar(900) name: string ref); + +folders(unique int id: @folder, + varchar(900) name: string ref); + + +@container = @folder | @file ; + + +containerparent(int parent: @container ref, + unique int child: @container ref); + +/** Duplicate code **/ + +duplicateCode( + unique int id : @duplication, + varchar(900) relativePath : string ref, + int equivClass : int ref); + +similarCode( + unique int id : @similarity, + varchar(900) relativePath : string ref, + int equivClass : int ref); + +@duplication_or_similarity = @duplication | @similarity; + +tokens( + int id : @duplication_or_similarity ref, + int offset : int ref, + int beginLine : int ref, + int beginColumn : int ref, + int endLine : int ref, + int endColumn : int ref); + +/** External data **/ + +externalData( + int id : @externalDataElement, + varchar(900) path : string ref, + int column: int ref, + varchar(900) value : string ref +); + +snapshotDate(unique date snapshotDate : date ref); + +sourceLocationPrefix(varchar(900) prefix : string ref); + +/** Version control data **/ + +svnentries( + int id : @svnentry, + varchar(500) revision : string ref, + varchar(500) author : string ref, + date revisionDate : date ref, + int changeSize : int ref +); + +svnaffectedfiles( + int id : @svnentry ref, + int file : @file ref, + varchar(500) action : string ref +); + +svnentrymsg( + int id : @svnentry ref, + varchar(500) message : string ref +); + +svnchurn( + int commit : @svnentry ref, + int file : @file ref, + int addedLines : int ref, + int deletedLines : int ref +); + + +/*** JavaScript-specific part ***/ + +filetype( + int file: @file ref, + string filetype: string ref +) + +// top-level code fragments +toplevels (unique int id: @toplevel, + int kind: int ref); + +is_externs (int toplevel: @toplevel ref); + +case @toplevel.kind of + 0 = @script +| 1 = @inline_script +| 2 = @event_handler +| 3 = @javascript_url +| 4 = @template_toplevel; + +is_module (int tl: @toplevel ref); +is_nodejs (int tl: @toplevel ref); +is_es2015_module (int tl: @toplevel ref); +is_closure_module (int tl: @toplevel ref); + +@xml_node_with_code = @xmlelement | @xmlattribute | @template_placeholder_tag; +toplevel_parent_xml_node( + unique int toplevel: @toplevel ref, + int xmlnode: @xml_node_with_code ref); + +xml_element_parent_expression( + unique int xmlnode: @xmlelement ref, + int expression: @expr ref, + int index: int ref); + +// statements +#keyset[parent, idx] +stmts (unique int id: @stmt, + int kind: int ref, + int parent: @stmt_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +stmt_containers (unique int stmt: @stmt ref, + int container: @stmt_container ref); + +jump_targets (unique int jump: @stmt ref, + int target: @stmt ref); + +@stmt_parent = @stmt | @toplevel | @function_expr | @arrow_function_expr | @static_initializer; +@stmt_container = @toplevel | @function | @namespace_declaration | @external_module_declaration | @global_augmentation_declaration; + +case @stmt.kind of + 0 = @empty_stmt +| 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @labeled_stmt +| 5 = @break_stmt +| 6 = @continue_stmt +| 7 = @with_stmt +| 8 = @switch_stmt +| 9 = @return_stmt +| 10 = @throw_stmt +| 11 = @try_stmt +| 12 = @while_stmt +| 13 = @do_while_stmt +| 14 = @for_stmt +| 15 = @for_in_stmt +| 16 = @debugger_stmt +| 17 = @function_decl_stmt +| 18 = @var_decl_stmt +| 19 = @case +| 20 = @catch_clause +| 21 = @for_of_stmt +| 22 = @const_decl_stmt +| 23 = @let_stmt +| 24 = @legacy_let_stmt +| 25 = @for_each_stmt +| 26 = @class_decl_stmt +| 27 = @import_declaration +| 28 = @export_all_declaration +| 29 = @export_default_declaration +| 30 = @export_named_declaration +| 31 = @namespace_declaration +| 32 = @import_equals_declaration +| 33 = @export_assign_declaration +| 34 = @interface_declaration +| 35 = @type_alias_declaration +| 36 = @enum_declaration +| 37 = @external_module_declaration +| 38 = @export_as_namespace_declaration +| 39 = @global_augmentation_declaration +; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @let_stmt | @legacy_let_stmt; + +@export_declaration = @export_all_declaration | @export_default_declaration | @export_named_declaration; + +@namespace_definition = @namespace_declaration | @enum_declaration; +@type_definition = @class_definition | @interface_declaration | @enum_declaration | @type_alias_declaration | @enum_member; + +is_instantiated(unique int decl: @namespace_declaration ref); + +@declarable_node = @decl_stmt | @namespace_declaration | @class_decl_stmt | @function_decl_stmt | @enum_declaration | @external_module_declaration | @global_augmentation_declaration | @field; +has_declare_keyword(unique int stmt: @declarable_node ref); + +is_for_await_of(unique int forof: @for_of_stmt ref); + +// expressions +#keyset[parent, idx] +exprs (unique int id: @expr, + int kind: int ref, + int parent: @expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @expr_or_type ref); + +enclosing_stmt (unique int expr: @expr_or_type ref, + int stmt: @stmt ref); + +expr_containers (unique int expr: @expr_or_type ref, + int container: @stmt_container ref); + +array_size (unique int ae: @arraylike ref, + int sz: int ref); + +is_delegating (int yield: @yield_expr ref); + +@expr_or_stmt = @expr | @stmt; +@expr_or_type = @expr | @typeexpr; +@expr_parent = @expr_or_stmt | @property | @function_typeexpr; +@arraylike = @array_expr | @array_pattern; +@type_annotation = @typeexpr | @jsdoc_type_expr; +@node_in_stmt_container = @cfg_node | @type_annotation | @toplevel; + +case @expr.kind of + 0 = @label +| 1 = @null_literal +| 2 = @boolean_literal +| 3 = @number_literal +| 4 = @string_literal +| 5 = @regexp_literal +| 6 = @this_expr +| 7 = @array_expr +| 8 = @obj_expr +| 9 = @function_expr +| 10 = @seq_expr +| 11 = @conditional_expr +| 12 = @new_expr +| 13 = @call_expr +| 14 = @dot_expr +| 15 = @index_expr +| 16 = @neg_expr +| 17 = @plus_expr +| 18 = @log_not_expr +| 19 = @bit_not_expr +| 20 = @typeof_expr +| 21 = @void_expr +| 22 = @delete_expr +| 23 = @eq_expr +| 24 = @neq_expr +| 25 = @eqq_expr +| 26 = @neqq_expr +| 27 = @lt_expr +| 28 = @le_expr +| 29 = @gt_expr +| 30 = @ge_expr +| 31 = @lshift_expr +| 32 = @rshift_expr +| 33 = @urshift_expr +| 34 = @add_expr +| 35 = @sub_expr +| 36 = @mul_expr +| 37 = @div_expr +| 38 = @mod_expr +| 39 = @bitor_expr +| 40 = @xor_expr +| 41 = @bitand_expr +| 42 = @in_expr +| 43 = @instanceof_expr +| 44 = @logand_expr +| 45 = @logor_expr +| 47 = @assign_expr +| 48 = @assign_add_expr +| 49 = @assign_sub_expr +| 50 = @assign_mul_expr +| 51 = @assign_div_expr +| 52 = @assign_mod_expr +| 53 = @assign_lshift_expr +| 54 = @assign_rshift_expr +| 55 = @assign_urshift_expr +| 56 = @assign_or_expr +| 57 = @assign_xor_expr +| 58 = @assign_and_expr +| 59 = @preinc_expr +| 60 = @postinc_expr +| 61 = @predec_expr +| 62 = @postdec_expr +| 63 = @par_expr +| 64 = @var_declarator +| 65 = @arrow_function_expr +| 66 = @spread_element +| 67 = @array_pattern +| 68 = @object_pattern +| 69 = @yield_expr +| 70 = @tagged_template_expr +| 71 = @template_literal +| 72 = @template_element +| 73 = @array_comprehension_expr +| 74 = @generator_expr +| 75 = @for_in_comprehension_block +| 76 = @for_of_comprehension_block +| 77 = @legacy_letexpr +| 78 = @var_decl +| 79 = @proper_varaccess +| 80 = @class_expr +| 81 = @super_expr +| 82 = @newtarget_expr +| 83 = @named_import_specifier +| 84 = @import_default_specifier +| 85 = @import_namespace_specifier +| 86 = @named_export_specifier +| 87 = @exp_expr +| 88 = @assign_exp_expr +| 89 = @jsx_element +| 90 = @jsx_qualified_name +| 91 = @jsx_empty_expr +| 92 = @await_expr +| 93 = @function_sent_expr +| 94 = @decorator +| 95 = @export_default_specifier +| 96 = @export_namespace_specifier +| 97 = @bind_expr +| 98 = @external_module_reference +| 99 = @dynamic_import +| 100 = @expression_with_type_arguments +| 101 = @prefix_type_assertion +| 102 = @as_type_assertion +| 103 = @export_varaccess +| 104 = @decorator_list +| 105 = @non_null_assertion +| 106 = @bigint_literal +| 107 = @nullishcoalescing_expr +| 108 = @e4x_xml_anyname +| 109 = @e4x_xml_static_attribute_selector +| 110 = @e4x_xml_dynamic_attribute_selector +| 111 = @e4x_xml_filter_expression +| 112 = @e4x_xml_static_qualident +| 113 = @e4x_xml_dynamic_qualident +| 114 = @e4x_xml_dotdotexpr +| 115 = @import_meta_expr +| 116 = @assignlogandexpr +| 117 = @assignlogorexpr +| 118 = @assignnullishcoalescingexpr +| 119 = @template_pipe_ref +| 120 = @generated_code_expr +| 121 = @satisfies_expr +; + +@varaccess = @proper_varaccess | @export_varaccess; +@varref = @var_decl | @varaccess; + +@identifier = @label | @varref | @type_identifier; + +@literal = @null_literal | @boolean_literal | @number_literal | @string_literal | @regexp_literal | @bigint_literal; + +@propaccess = @dot_expr | @index_expr; + +@invokeexpr = @new_expr | @call_expr; + +@unaryexpr = @neg_expr | @plus_expr | @log_not_expr | @bit_not_expr | @typeof_expr | @void_expr | @delete_expr | @spread_element; + +@equality_test = @eq_expr | @neq_expr | @eqq_expr | @neqq_expr; + +@comparison = @equality_test | @lt_expr | @le_expr | @gt_expr | @ge_expr; + +@binaryexpr = @comparison | @lshift_expr | @rshift_expr | @urshift_expr | @add_expr | @sub_expr | @mul_expr | @div_expr | @mod_expr | @exp_expr | @bitor_expr | @xor_expr | @bitand_expr | @in_expr | @instanceof_expr | @logand_expr | @logor_expr | @nullishcoalescing_expr; + +@assignment = @assign_expr | @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr | @assign_mod_expr | @assign_exp_expr | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr | @assign_or_expr | @assign_xor_expr | @assign_and_expr | @assignlogandexpr | @assignlogorexpr | @assignnullishcoalescingexpr; + +@updateexpr = @preinc_expr | @postinc_expr | @predec_expr | @postdec_expr; + +@pattern = @varref | @array_pattern | @object_pattern; + +@comprehension_expr = @array_comprehension_expr | @generator_expr; + +@comprehension_block = @for_in_comprehension_block | @for_of_comprehension_block; + +@import_specifier = @named_import_specifier | @import_default_specifier | @import_namespace_specifier; + +@exportspecifier = @named_export_specifier | @export_default_specifier | @export_namespace_specifier; + +@type_keyword_operand = @import_declaration | @export_declaration | @import_specifier; + +@type_assertion = @as_type_assertion | @prefix_type_assertion; + +@class_definition = @class_decl_stmt | @class_expr; +@interface_definition = @interface_declaration | @interface_typeexpr; +@class_or_interface = @class_definition | @interface_definition; + +@lexical_decl = @var_decl | @type_decl; +@lexical_access = @varaccess | @local_type_access | @local_var_type_access | @local_namespace_access; +@lexical_ref = @lexical_decl | @lexical_access; + +@e4x_xml_attribute_selector = @e4x_xml_static_attribute_selector | @e4x_xml_dynamic_attribute_selector; +@e4x_xml_qualident = @e4x_xml_static_qualident | @e4x_xml_dynamic_qualident; + +expr_contains_template_tag_location( + int expr: @expr ref, + int location: @location ref +); + +@template_placeholder_tag_parent = @xmlelement | @xmlattribute | @file; + +template_placeholder_tag_info( + unique int node: @template_placeholder_tag, + int parentNode: @template_placeholder_tag_parent ref, + varchar(900) raw: string ref +); + +// scopes +scopes (unique int id: @scope, + int kind: int ref); + +case @scope.kind of + 0 = @global_scope +| 1 = @function_scope +| 2 = @catch_scope +| 3 = @module_scope +| 4 = @block_scope +| 5 = @for_scope +| 6 = @for_in_scope // for-of scopes work the same as for-in scopes +| 7 = @comprehension_block_scope +| 8 = @class_expr_scope +| 9 = @namespace_scope +| 10 = @class_decl_scope +| 11 = @interface_scope +| 12 = @type_alias_scope +| 13 = @mapped_type_scope +| 14 = @enum_scope +| 15 = @external_module_scope +| 16 = @conditional_type_scope; + +scopenodes (unique int node: @ast_node ref, + int scope: @scope ref); + +scopenesting (unique int inner: @scope ref, + int outer: @scope ref); + +// functions +@function = @function_decl_stmt | @function_expr | @arrow_function_expr; + +@parameterized = @function | @catch_clause; +@type_parameterized = @function | @class_or_interface | @type_alias_declaration | @mapped_typeexpr | @infer_typeexpr; + +is_generator (int fun: @function ref); +has_rest_parameter (int fun: @function ref); +is_async (int fun: @function ref); + +// variables and lexically scoped type names +#keyset[scope, name] +variables (unique int id: @variable, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_type_names (unique int id: @local_type_name, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_namespace_names (unique int id: @local_namespace_name, + varchar(900) name: string ref, + int scope: @scope ref); + +is_arguments_object (int id: @variable ref); + +@lexical_name = @variable | @local_type_name | @local_namespace_name; + +@bind_id = @varaccess | @local_var_type_access; +bind (unique int id: @bind_id ref, + int decl: @variable ref); + +decl (unique int id: @var_decl ref, + int decl: @variable ref); + +@typebind_id = @local_type_access | @export_varaccess; +typebind (unique int id: @typebind_id ref, + int decl: @local_type_name ref); + +@typedecl_id = @type_decl | @var_decl; +typedecl (unique int id: @typedecl_id ref, + int decl: @local_type_name ref); + +namespacedecl (unique int id: @var_decl ref, + int decl: @local_namespace_name ref); + +@namespacebind_id = @local_namespace_access | @export_varaccess; +namespacebind (unique int id: @namespacebind_id ref, + int decl: @local_namespace_name ref); + + +// properties in object literals, property patterns in object patterns, and method declarations in classes +#keyset[parent, index] +properties (unique int id: @property, + int parent: @property_parent ref, + int index: int ref, + int kind: int ref, + varchar(900) tostring: string ref); + +case @property.kind of + 0 = @value_property +| 1 = @property_getter +| 2 = @property_setter +| 3 = @jsx_attribute +| 4 = @function_call_signature +| 5 = @constructor_call_signature +| 6 = @index_signature +| 7 = @enum_member +| 8 = @proper_field +| 9 = @parameter_field +| 10 = @static_initializer +; + +@property_parent = @obj_expr | @object_pattern | @class_definition | @jsx_element | @interface_definition | @enum_declaration; +@property_accessor = @property_getter | @property_setter; +@call_signature = @function_call_signature | @constructor_call_signature; +@field = @proper_field | @parameter_field; +@field_or_vardeclarator = @field | @var_declarator; + +is_computed (int id: @property ref); +is_method (int id: @property ref); +is_static (int id: @property ref); +is_abstract_member (int id: @property ref); +is_const_enum (int id: @enum_declaration ref); +is_abstract_class (int id: @class_decl_stmt ref); + +has_public_keyword (int id: @property ref); +has_private_keyword (int id: @property ref); +has_protected_keyword (int id: @property ref); +has_readonly_keyword (int id: @property ref); +has_type_keyword (int id: @type_keyword_operand ref); +is_optional_member (int id: @property ref); +has_definite_assignment_assertion (int id: @field_or_vardeclarator ref); +is_optional_parameter_declaration (unique int parameter: @pattern ref); + +#keyset[constructor, param_index] +parameter_fields( + unique int field: @parameter_field ref, + int constructor: @function_expr ref, + int param_index: int ref +); + +// types +#keyset[parent, idx] +typeexprs ( + unique int id: @typeexpr, + int kind: int ref, + int parent: @typeexpr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref +); + +case @typeexpr.kind of + 0 = @local_type_access +| 1 = @type_decl +| 2 = @keyword_typeexpr +| 3 = @string_literal_typeexpr +| 4 = @number_literal_typeexpr +| 5 = @boolean_literal_typeexpr +| 6 = @array_typeexpr +| 7 = @union_typeexpr +| 8 = @indexed_access_typeexpr +| 9 = @intersection_typeexpr +| 10 = @parenthesized_typeexpr +| 11 = @tuple_typeexpr +| 12 = @keyof_typeexpr +| 13 = @qualified_type_access +| 14 = @generic_typeexpr +| 15 = @type_label +| 16 = @typeof_typeexpr +| 17 = @local_var_type_access +| 18 = @qualified_var_type_access +| 19 = @this_var_type_access +| 20 = @predicate_typeexpr +| 21 = @interface_typeexpr +| 22 = @type_parameter +| 23 = @plain_function_typeexpr +| 24 = @constructor_typeexpr +| 25 = @local_namespace_access +| 26 = @qualified_namespace_access +| 27 = @mapped_typeexpr +| 28 = @conditional_typeexpr +| 29 = @infer_typeexpr +| 30 = @import_type_access +| 31 = @import_namespace_access +| 32 = @import_var_type_access +| 33 = @optional_typeexpr +| 34 = @rest_typeexpr +| 35 = @bigint_literal_typeexpr +| 36 = @readonly_typeexpr +| 37 = @template_literal_typeexpr +; + +@typeref = @typeaccess | @type_decl; +@type_identifier = @type_decl | @local_type_access | @type_label | @local_var_type_access | @local_namespace_access; +@typeexpr_parent = @expr | @stmt | @property | @typeexpr; +@literal_typeexpr = @string_literal_typeexpr | @number_literal_typeexpr | @boolean_literal_typeexpr | @bigint_literal_typeexpr; +@typeaccess = @local_type_access | @qualified_type_access | @import_type_access; +@vartypeaccess = @local_var_type_access | @qualified_var_type_access | @this_var_type_access | @import_var_type_access; +@namespace_access = @local_namespace_access | @qualified_namespace_access | @import_namespace_access; +@import_typeexpr = @import_type_access | @import_namespace_access | @import_var_type_access; + +@function_typeexpr = @plain_function_typeexpr | @constructor_typeexpr; + +// types +types ( + unique int id: @type, + int kind: int ref, + varchar(900) tostring: string ref +); + +#keyset[parent, idx] +type_child ( + int child: @type ref, + int parent: @type ref, + int idx: int ref +); + +case @type.kind of + 0 = @any_type +| 1 = @string_type +| 2 = @number_type +| 3 = @union_type +| 4 = @true_type +| 5 = @false_type +| 6 = @type_reference +| 7 = @object_type +| 8 = @canonical_type_variable_type +| 9 = @typeof_type +| 10 = @void_type +| 11 = @undefined_type +| 12 = @null_type +| 13 = @never_type +| 14 = @plain_symbol_type +| 15 = @unique_symbol_type +| 16 = @objectkeyword_type +| 17 = @intersection_type +| 18 = @tuple_type +| 19 = @lexical_type_variable_type +| 20 = @this_type +| 21 = @number_literal_type +| 22 = @string_literal_type +| 23 = @unknown_type +| 24 = @bigint_type +| 25 = @bigint_literal_type +; + +@boolean_literal_type = @true_type | @false_type; +@symbol_type = @plain_symbol_type | @unique_symbol_type; +@union_or_intersection_type = @union_type | @intersection_type; +@typevariable_type = @canonical_type_variable_type | @lexical_type_variable_type; + +has_asserts_keyword(int node: @predicate_typeexpr ref); + +@typed_ast_node = @expr | @typeexpr | @function; +ast_node_type( + unique int node: @typed_ast_node ref, + int typ: @type ref); + +declared_function_signature( + unique int node: @function ref, + int sig: @signature_type ref +); + +invoke_expr_signature( + unique int node: @invokeexpr ref, + int sig: @signature_type ref +); + +invoke_expr_overload_index( + unique int node: @invokeexpr ref, + int index: int ref +); + +symbols ( + unique int id: @symbol, + int kind: int ref, + varchar(900) name: string ref +); + +symbol_parent ( + unique int symbol: @symbol ref, + int parent: @symbol ref +); + +symbol_module ( + int symbol: @symbol ref, + varchar(900) moduleName: string ref +); + +symbol_global ( + int symbol: @symbol ref, + varchar(900) globalName: string ref +); + +case @symbol.kind of + 0 = @root_symbol +| 1 = @member_symbol +| 2 = @other_symbol +; + +@type_with_symbol = @type_reference | @typevariable_type | @typeof_type | @unique_symbol_type; +@ast_node_with_symbol = @type_definition | @namespace_definition | @toplevel | @typeaccess | @namespace_access | @var_decl | @function | @invokeexpr | @import_declaration | @external_module_reference | @external_module_declaration; + +ast_node_symbol( + unique int node: @ast_node_with_symbol ref, + int symbol: @symbol ref); + +type_symbol( + unique int typ: @type_with_symbol ref, + int symbol: @symbol ref); + +#keyset[typ, name] +type_property( + int typ: @type ref, + varchar(900) name: string ref, + int propertyType: @type ref); + +type_alias( + unique int aliasType: @type ref, + int underlyingType: @type ref); + +@literal_type = @string_literal_type | @number_literal_type | @boolean_literal_type | @bigint_literal_type; +@type_with_literal_value = @string_literal_type | @number_literal_type | @bigint_literal_type; +type_literal_value( + unique int typ: @type_with_literal_value ref, + varchar(900) value: string ref); + +signature_types ( + unique int id: @signature_type, + int kind: int ref, + varchar(900) tostring: string ref, + int type_parameters: int ref, + int required_params: int ref +); + +is_abstract_signature( + unique int sig: @signature_type ref +); + +signature_rest_parameter( + unique int sig: @signature_type ref, + int rest_param_arra_type: @type ref +); + +case @signature_type.kind of + 0 = @function_signature_type +| 1 = @constructor_signature_type +; + +#keyset[typ, kind, index] +type_contains_signature ( + int typ: @type ref, + int kind: int ref, // constructor/call/index + int index: int ref, // ordering of overloaded signatures + int sig: @signature_type ref +); + +#keyset[parent, index] +signature_contains_type ( + int child: @type ref, + int parent: @signature_type ref, + int index: int ref +); + +#keyset[sig, index] +signature_parameter_name ( + int sig: @signature_type ref, + int index: int ref, + varchar(900) name: string ref +); + +number_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +string_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +base_type_names( + int typeName: @symbol ref, + int baseTypeName: @symbol ref +); + +self_types( + int typeName: @symbol ref, + int selfType: @type_reference ref +); + +tuple_type_min_length( + unique int typ: @type ref, + int minLength: int ref +); + +tuple_type_rest_index( + unique int typ: @type ref, + int index: int ref +); + +// comments +comments (unique int id: @comment, + int kind: int ref, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(900) tostring: string ref); + +case @comment.kind of + 0 = @slashslash_comment +| 1 = @slashstar_comment +| 2 = @doc_comment +| 3 = @html_comment_start +| 4 = @htmlcommentend; + +@html_comment = @html_comment_start | @htmlcommentend; +@line_comment = @slashslash_comment | @html_comment; +@block_comment = @slashstar_comment | @doc_comment; + +// source lines +lines (unique int id: @line, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(2) terminator: string ref); +indentation (int file: @file ref, + int lineno: int ref, + varchar(1) indentChar: string ref, + int indentDepth: int ref); + +// JavaScript parse errors +js_parse_errors (unique int id: @js_parse_error, + int toplevel: @toplevel ref, + varchar(900) message: string ref, + varchar(900) line: string ref); + +// regular expressions +#keyset[parent, idx] +regexpterm (unique int id: @regexpterm, + int kind: int ref, + int parent: @regexpparent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +@regexpparent = @regexpterm | @regexp_literal | @string_literal | @add_expr; + +case @regexpterm.kind of + 0 = @regexp_alt +| 1 = @regexp_seq +| 2 = @regexp_caret +| 3 = @regexp_dollar +| 4 = @regexp_wordboundary +| 5 = @regexp_nonwordboundary +| 6 = @regexp_positive_lookahead +| 7 = @regexp_negative_lookahead +| 8 = @regexp_star +| 9 = @regexp_plus +| 10 = @regexp_opt +| 11 = @regexp_range +| 12 = @regexp_dot +| 13 = @regexp_group +| 14 = @regexp_normal_constant +| 15 = @regexp_hex_escape +| 16 = @regexp_unicode_escape +| 17 = @regexp_dec_escape +| 18 = @regexp_oct_escape +| 19 = @regexp_ctrl_escape +| 20 = @regexp_char_class_escape +| 21 = @regexp_id_escape +| 22 = @regexp_backref +| 23 = @regexp_char_class +| 24 = @regexp_char_range +| 25 = @regexp_positive_lookbehind +| 26 = @regexp_negative_lookbehind +| 27 = @regexp_unicode_property_escape; + +regexp_parse_errors (unique int id: @regexp_parse_error, + int regexp: @regexpterm ref, + varchar(900) message: string ref); + +@regexp_quantifier = @regexp_star | @regexp_plus | @regexp_opt | @regexp_range; +@regexp_escape = @regexp_char_escape | @regexp_char_class_escape | @regexp_unicode_property_escape; +@regexp_char_escape = @regexp_hex_escape | @regexp_unicode_escape | @regexp_dec_escape | @regexp_oct_escape | @regexp_ctrl_escape | @regexp_id_escape; +@regexp_constant = @regexp_normal_constant | @regexp_char_escape; +@regexp_lookahead = @regexp_positive_lookahead | @regexp_negative_lookahead; +@regexp_lookbehind = @regexp_positive_lookbehind | @regexp_negative_lookbehind; +@regexp_subpattern = @regexp_lookahead | @regexp_lookbehind; +@regexp_anchor = @regexp_dollar | @regexp_caret; + +is_greedy (int id: @regexp_quantifier ref); +range_quantifier_lower_bound (unique int id: @regexp_range ref, int lo: int ref); +range_quantifier_upper_bound (unique int id: @regexp_range ref, int hi: int ref); +is_capture (unique int id: @regexp_group ref, int number: int ref); +is_named_capture (unique int id: @regexp_group ref, string name: string ref); +is_inverted (int id: @regexp_char_class ref); +regexp_const_value (unique int id: @regexp_constant ref, varchar(1) value: string ref); +char_class_escape (unique int id: @regexp_char_class_escape ref, varchar(1) value: string ref); +backref (unique int id: @regexp_backref ref, int value: int ref); +named_backref (unique int id: @regexp_backref ref, string name: string ref); +unicode_property_escapename (unique int id: @regexp_unicode_property_escape ref, string name: string ref); +unicode_property_escapevalue (unique int id: @regexp_unicode_property_escape ref, string value: string ref); + +// tokens +#keyset[toplevel, idx] +tokeninfo (unique int id: @token, + int kind: int ref, + int toplevel: @toplevel ref, + int idx: int ref, + varchar(900) value: string ref); + +case @token.kind of + 0 = @token_eof +| 1 = @token_null_literal +| 2 = @token_boolean_literal +| 3 = @token_numeric_literal +| 4 = @token_string_literal +| 5 = @token_regular_expression +| 6 = @token_identifier +| 7 = @token_keyword +| 8 = @token_punctuator; + +// associate comments with the token immediately following them (which may be EOF) +next_token (int comment: @comment ref, int token: @token ref); + +// JSON +#keyset[parent, idx] +json (unique int id: @json_value, + int kind: int ref, + int parent: @json_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +json_literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @json_value ref); + +json_properties (int obj: @json_object ref, + varchar(900) property: string ref, + int value: @json_value ref); + +json_errors (unique int id: @json_parse_error, + varchar(900) message: string ref); + +json_locations(unique int locatable: @json_locatable ref, + int location: @location_default ref); + +case @json_value.kind of + 0 = @json_null +| 1 = @json_boolean +| 2 = @json_number +| 3 = @json_string +| 4 = @json_array +| 5 = @json_object; + +@json_parent = @json_object | @json_array | @file; + +@json_locatable = @json_value | @json_parse_error; + +// locations +@ast_node = @toplevel | @stmt | @expr | @property | @typeexpr; + +@locatable = @file + | @ast_node + | @comment + | @line + | @js_parse_error | @regexp_parse_error + | @regexpterm + | @json_locatable + | @token + | @cfg_node + | @jsdoc | @jsdoc_type_expr | @jsdoc_tag + | @yaml_locatable + | @xmllocatable + | @configLocatable + | @template_placeholder_tag; + +hasLocation (unique int locatable: @locatable ref, + int location: @location ref); + +// CFG +entry_cfg_node (unique int id: @entry_node, int container: @stmt_container ref); +exit_cfg_node (unique int id: @exit_node, int container: @stmt_container ref); +guard_node (unique int id: @guard_node, int kind: int ref, int test: @expr ref); +case @guard_node.kind of + 0 = @falsy_guard +| 1 = @truthy_guard; +@condition_guard = @falsy_guard | @truthy_guard; + +@synthetic_cfg_node = @entry_node | @exit_node | @guard_node; +@cfg_node = @synthetic_cfg_node | @expr_parent; + +successor (int pred: @cfg_node ref, int succ: @cfg_node ref); + +// JSDoc comments +jsdoc (unique int id: @jsdoc, varchar(900) description: string ref, int comment: @comment ref); +#keyset[parent, idx] +jsdoc_tags (unique int id: @jsdoc_tag, varchar(900) title: string ref, + int parent: @jsdoc ref, int idx: int ref, varchar(900) tostring: string ref); +jsdoc_tag_descriptions (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); +jsdoc_tag_names (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); + +#keyset[parent, idx] +jsdoc_type_exprs (unique int id: @jsdoc_type_expr, + int kind: int ref, + int parent: @jsdoc_type_expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); +case @jsdoc_type_expr.kind of + 0 = @jsdoc_any_type_expr +| 1 = @jsdoc_null_type_expr +| 2 = @jsdoc_undefined_type_expr +| 3 = @jsdoc_unknown_type_expr +| 4 = @jsdoc_void_type_expr +| 5 = @jsdoc_named_type_expr +| 6 = @jsdoc_applied_type_expr +| 7 = @jsdoc_nullable_type_expr +| 8 = @jsdoc_non_nullable_type_expr +| 9 = @jsdoc_record_type_expr +| 10 = @jsdoc_array_type_expr +| 11 = @jsdoc_union_type_expr +| 12 = @jsdoc_function_type_expr +| 13 = @jsdoc_optional_type_expr +| 14 = @jsdoc_rest_type_expr +; + +#keyset[id, idx] +jsdoc_record_field_name (int id: @jsdoc_record_type_expr ref, int idx: int ref, varchar(900) name: string ref); +jsdoc_prefix_qualifier (int id: @jsdoc_type_expr ref); +jsdoc_has_new_parameter (int fn: @jsdoc_function_type_expr ref); + +@jsdoc_type_expr_parent = @jsdoc_type_expr | @jsdoc_tag; + +jsdoc_errors (unique int id: @jsdoc_error, int tag: @jsdoc_tag ref, varchar(900) message: string ref, varchar(900) tostring: string ref); + +// YAML +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + varchar(900) tag: string ref, + varchar(900) tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + varchar(900) anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + varchar(900) target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + varchar(900) value: string ref); + +yaml_errors (unique int id: @yaml_error, + varchar(900) message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + +/* XML Files */ + +xmlEncoding( + unique int id: @file ref, + varchar(900) encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + varchar(900) root: string ref, + varchar(900) publicId: string ref, + varchar(900) systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + varchar(900) name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + varchar(900) name: string ref, + varchar(3600) value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + varchar(900) prefixName: string ref, + varchar(900) URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + varchar(3600) text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + varchar(3600) text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +@dataflownode = @expr | @function_decl_stmt | @class_decl_stmt | @namespace_declaration | @enum_declaration | @property; + +@optionalchainable = @call_expr | @propaccess; + +isOptionalChaining(int id: @optionalchainable ref); + +/* + * configuration files with key value pairs + */ + +configs( + unique int id: @config +); + +configNames( + unique int id: @configName, + int config: @config ref, + string name: string ref +); + +configValues( + unique int id: @configValue, + int config: @config ref, + string value: string ref +); + +configLocations( + int locatable: @configLocatable ref, + int location: @location_default ref +); + +@configLocatable = @config | @configName | @configValue; + +/** + * The time taken for the extraction of a file. + * This table contains non-deterministic content. + * + * The sum of the `time` column for each (`file`, `timerKind`) pair + * is the total time taken for extraction of `file`. The `extractionPhase` + * column provides a granular view of the extraction time of the file. + */ +extraction_time( + int file : @file ref, + // see `com.semmle.js.extractor.ExtractionMetrics.ExtractionPhase`. + int extractionPhase: int ref, + // 0 for the elapsed CPU time in nanoseconds, 1 for the elapsed wallclock time in nanoseconds + int timerKind: int ref, + float time: float ref +) + +/** + * Non-timing related data for the extraction of a single file. + * This table contains non-deterministic content. + */ +extraction_data( + int file : @file ref, + // the absolute path to the cache file + varchar(900) cacheFile: string ref, + boolean fromCache: boolean ref, + int length: int ref +) diff --git a/javascript/downgrades/8accf0f930bcb8b42d69fd7ef7b4372604f551ed/upgrade.properties b/javascript/downgrades/8accf0f930bcb8b42d69fd7ef7b4372604f551ed/upgrade.properties new file mode 100644 index 00000000000..7b75d5de56a --- /dev/null +++ b/javascript/downgrades/8accf0f930bcb8b42d69fd7ef7b4372604f551ed/upgrade.properties @@ -0,0 +1,2 @@ +description: Sync dbscheme fragments +compatibility: full diff --git a/javascript/ql/lib/upgrades/4d00210ca570d55c4833af11d3372b774dbc63f2/old.dbscheme b/javascript/ql/lib/upgrades/4d00210ca570d55c4833af11d3372b774dbc63f2/old.dbscheme new file mode 100644 index 00000000000..4d00210ca57 --- /dev/null +++ b/javascript/ql/lib/upgrades/4d00210ca570d55c4833af11d3372b774dbc63f2/old.dbscheme @@ -0,0 +1,1218 @@ +/*** Standard fragments ***/ + +/** Files and folders **/ + +@location = @location_default; + +locations_default(unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref + ); + +@sourceline = @locatable; + +numlines(int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref + ); + +files(unique int id: @file, + varchar(900) name: string ref); + +folders(unique int id: @folder, + varchar(900) name: string ref); + + +@container = @folder | @file ; + + +containerparent(int parent: @container ref, + unique int child: @container ref); + +/** Duplicate code **/ + +duplicateCode( + unique int id : @duplication, + varchar(900) relativePath : string ref, + int equivClass : int ref); + +similarCode( + unique int id : @similarity, + varchar(900) relativePath : string ref, + int equivClass : int ref); + +@duplication_or_similarity = @duplication | @similarity; + +tokens( + int id : @duplication_or_similarity ref, + int offset : int ref, + int beginLine : int ref, + int beginColumn : int ref, + int endLine : int ref, + int endColumn : int ref); + +/** External data **/ + +externalData( + int id : @externalDataElement, + varchar(900) path : string ref, + int column: int ref, + varchar(900) value : string ref +); + +snapshotDate(unique date snapshotDate : date ref); + +sourceLocationPrefix(varchar(900) prefix : string ref); + +/** Version control data **/ + +svnentries( + int id : @svnentry, + varchar(500) revision : string ref, + varchar(500) author : string ref, + date revisionDate : date ref, + int changeSize : int ref +); + +svnaffectedfiles( + int id : @svnentry ref, + int file : @file ref, + varchar(500) action : string ref +); + +svnentrymsg( + int id : @svnentry ref, + varchar(500) message : string ref +); + +svnchurn( + int commit : @svnentry ref, + int file : @file ref, + int addedLines : int ref, + int deletedLines : int ref +); + + +/*** JavaScript-specific part ***/ + +filetype( + int file: @file ref, + string filetype: string ref +) + +// top-level code fragments +toplevels (unique int id: @toplevel, + int kind: int ref); + +is_externs (int toplevel: @toplevel ref); + +case @toplevel.kind of + 0 = @script +| 1 = @inline_script +| 2 = @event_handler +| 3 = @javascript_url +| 4 = @template_toplevel; + +is_module (int tl: @toplevel ref); +is_nodejs (int tl: @toplevel ref); +is_es2015_module (int tl: @toplevel ref); +is_closure_module (int tl: @toplevel ref); + +@xml_node_with_code = @xmlelement | @xmlattribute | @template_placeholder_tag; +toplevel_parent_xml_node( + unique int toplevel: @toplevel ref, + int xmlnode: @xml_node_with_code ref); + +xml_element_parent_expression( + unique int xmlnode: @xmlelement ref, + int expression: @expr ref, + int index: int ref); + +// statements +#keyset[parent, idx] +stmts (unique int id: @stmt, + int kind: int ref, + int parent: @stmt_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +stmt_containers (unique int stmt: @stmt ref, + int container: @stmt_container ref); + +jump_targets (unique int jump: @stmt ref, + int target: @stmt ref); + +@stmt_parent = @stmt | @toplevel | @function_expr | @arrow_function_expr | @static_initializer; +@stmt_container = @toplevel | @function | @namespace_declaration | @external_module_declaration | @global_augmentation_declaration; + +case @stmt.kind of + 0 = @empty_stmt +| 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @labeled_stmt +| 5 = @break_stmt +| 6 = @continue_stmt +| 7 = @with_stmt +| 8 = @switch_stmt +| 9 = @return_stmt +| 10 = @throw_stmt +| 11 = @try_stmt +| 12 = @while_stmt +| 13 = @do_while_stmt +| 14 = @for_stmt +| 15 = @for_in_stmt +| 16 = @debugger_stmt +| 17 = @function_decl_stmt +| 18 = @var_decl_stmt +| 19 = @case +| 20 = @catch_clause +| 21 = @for_of_stmt +| 22 = @const_decl_stmt +| 23 = @let_stmt +| 24 = @legacy_let_stmt +| 25 = @for_each_stmt +| 26 = @class_decl_stmt +| 27 = @import_declaration +| 28 = @export_all_declaration +| 29 = @export_default_declaration +| 30 = @export_named_declaration +| 31 = @namespace_declaration +| 32 = @import_equals_declaration +| 33 = @export_assign_declaration +| 34 = @interface_declaration +| 35 = @type_alias_declaration +| 36 = @enum_declaration +| 37 = @external_module_declaration +| 38 = @export_as_namespace_declaration +| 39 = @global_augmentation_declaration +; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @let_stmt | @legacy_let_stmt; + +@export_declaration = @export_all_declaration | @export_default_declaration | @export_named_declaration; + +@namespace_definition = @namespace_declaration | @enum_declaration; +@type_definition = @class_definition | @interface_declaration | @enum_declaration | @type_alias_declaration | @enum_member; + +is_instantiated(unique int decl: @namespace_declaration ref); + +@declarable_node = @decl_stmt | @namespace_declaration | @class_decl_stmt | @function_decl_stmt | @enum_declaration | @external_module_declaration | @global_augmentation_declaration | @field; +has_declare_keyword(unique int stmt: @declarable_node ref); + +is_for_await_of(unique int forof: @for_of_stmt ref); + +// expressions +#keyset[parent, idx] +exprs (unique int id: @expr, + int kind: int ref, + int parent: @expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @expr_or_type ref); + +enclosing_stmt (unique int expr: @expr_or_type ref, + int stmt: @stmt ref); + +expr_containers (unique int expr: @expr_or_type ref, + int container: @stmt_container ref); + +array_size (unique int ae: @arraylike ref, + int sz: int ref); + +is_delegating (int yield: @yield_expr ref); + +@expr_or_stmt = @expr | @stmt; +@expr_or_type = @expr | @typeexpr; +@expr_parent = @expr_or_stmt | @property | @function_typeexpr; +@arraylike = @array_expr | @array_pattern; +@type_annotation = @typeexpr | @jsdoc_type_expr; +@node_in_stmt_container = @cfg_node | @type_annotation | @toplevel; + +case @expr.kind of + 0 = @label +| 1 = @null_literal +| 2 = @boolean_literal +| 3 = @number_literal +| 4 = @string_literal +| 5 = @regexp_literal +| 6 = @this_expr +| 7 = @array_expr +| 8 = @obj_expr +| 9 = @function_expr +| 10 = @seq_expr +| 11 = @conditional_expr +| 12 = @new_expr +| 13 = @call_expr +| 14 = @dot_expr +| 15 = @index_expr +| 16 = @neg_expr +| 17 = @plus_expr +| 18 = @log_not_expr +| 19 = @bit_not_expr +| 20 = @typeof_expr +| 21 = @void_expr +| 22 = @delete_expr +| 23 = @eq_expr +| 24 = @neq_expr +| 25 = @eqq_expr +| 26 = @neqq_expr +| 27 = @lt_expr +| 28 = @le_expr +| 29 = @gt_expr +| 30 = @ge_expr +| 31 = @lshift_expr +| 32 = @rshift_expr +| 33 = @urshift_expr +| 34 = @add_expr +| 35 = @sub_expr +| 36 = @mul_expr +| 37 = @div_expr +| 38 = @mod_expr +| 39 = @bitor_expr +| 40 = @xor_expr +| 41 = @bitand_expr +| 42 = @in_expr +| 43 = @instanceof_expr +| 44 = @logand_expr +| 45 = @logor_expr +| 47 = @assign_expr +| 48 = @assign_add_expr +| 49 = @assign_sub_expr +| 50 = @assign_mul_expr +| 51 = @assign_div_expr +| 52 = @assign_mod_expr +| 53 = @assign_lshift_expr +| 54 = @assign_rshift_expr +| 55 = @assign_urshift_expr +| 56 = @assign_or_expr +| 57 = @assign_xor_expr +| 58 = @assign_and_expr +| 59 = @preinc_expr +| 60 = @postinc_expr +| 61 = @predec_expr +| 62 = @postdec_expr +| 63 = @par_expr +| 64 = @var_declarator +| 65 = @arrow_function_expr +| 66 = @spread_element +| 67 = @array_pattern +| 68 = @object_pattern +| 69 = @yield_expr +| 70 = @tagged_template_expr +| 71 = @template_literal +| 72 = @template_element +| 73 = @array_comprehension_expr +| 74 = @generator_expr +| 75 = @for_in_comprehension_block +| 76 = @for_of_comprehension_block +| 77 = @legacy_letexpr +| 78 = @var_decl +| 79 = @proper_varaccess +| 80 = @class_expr +| 81 = @super_expr +| 82 = @newtarget_expr +| 83 = @named_import_specifier +| 84 = @import_default_specifier +| 85 = @import_namespace_specifier +| 86 = @named_export_specifier +| 87 = @exp_expr +| 88 = @assign_exp_expr +| 89 = @jsx_element +| 90 = @jsx_qualified_name +| 91 = @jsx_empty_expr +| 92 = @await_expr +| 93 = @function_sent_expr +| 94 = @decorator +| 95 = @export_default_specifier +| 96 = @export_namespace_specifier +| 97 = @bind_expr +| 98 = @external_module_reference +| 99 = @dynamic_import +| 100 = @expression_with_type_arguments +| 101 = @prefix_type_assertion +| 102 = @as_type_assertion +| 103 = @export_varaccess +| 104 = @decorator_list +| 105 = @non_null_assertion +| 106 = @bigint_literal +| 107 = @nullishcoalescing_expr +| 108 = @e4x_xml_anyname +| 109 = @e4x_xml_static_attribute_selector +| 110 = @e4x_xml_dynamic_attribute_selector +| 111 = @e4x_xml_filter_expression +| 112 = @e4x_xml_static_qualident +| 113 = @e4x_xml_dynamic_qualident +| 114 = @e4x_xml_dotdotexpr +| 115 = @import_meta_expr +| 116 = @assignlogandexpr +| 117 = @assignlogorexpr +| 118 = @assignnullishcoalescingexpr +| 119 = @template_pipe_ref +| 120 = @generated_code_expr +| 121 = @satisfies_expr +; + +@varaccess = @proper_varaccess | @export_varaccess; +@varref = @var_decl | @varaccess; + +@identifier = @label | @varref | @type_identifier; + +@literal = @null_literal | @boolean_literal | @number_literal | @string_literal | @regexp_literal | @bigint_literal; + +@propaccess = @dot_expr | @index_expr; + +@invokeexpr = @new_expr | @call_expr; + +@unaryexpr = @neg_expr | @plus_expr | @log_not_expr | @bit_not_expr | @typeof_expr | @void_expr | @delete_expr | @spread_element; + +@equality_test = @eq_expr | @neq_expr | @eqq_expr | @neqq_expr; + +@comparison = @equality_test | @lt_expr | @le_expr | @gt_expr | @ge_expr; + +@binaryexpr = @comparison | @lshift_expr | @rshift_expr | @urshift_expr | @add_expr | @sub_expr | @mul_expr | @div_expr | @mod_expr | @exp_expr | @bitor_expr | @xor_expr | @bitand_expr | @in_expr | @instanceof_expr | @logand_expr | @logor_expr | @nullishcoalescing_expr; + +@assignment = @assign_expr | @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr | @assign_mod_expr | @assign_exp_expr | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr | @assign_or_expr | @assign_xor_expr | @assign_and_expr | @assignlogandexpr | @assignlogorexpr | @assignnullishcoalescingexpr; + +@updateexpr = @preinc_expr | @postinc_expr | @predec_expr | @postdec_expr; + +@pattern = @varref | @array_pattern | @object_pattern; + +@comprehension_expr = @array_comprehension_expr | @generator_expr; + +@comprehension_block = @for_in_comprehension_block | @for_of_comprehension_block; + +@import_specifier = @named_import_specifier | @import_default_specifier | @import_namespace_specifier; + +@exportspecifier = @named_export_specifier | @export_default_specifier | @export_namespace_specifier; + +@type_keyword_operand = @import_declaration | @export_declaration | @import_specifier; + +@type_assertion = @as_type_assertion | @prefix_type_assertion; + +@class_definition = @class_decl_stmt | @class_expr; +@interface_definition = @interface_declaration | @interface_typeexpr; +@class_or_interface = @class_definition | @interface_definition; + +@lexical_decl = @var_decl | @type_decl; +@lexical_access = @varaccess | @local_type_access | @local_var_type_access | @local_namespace_access; +@lexical_ref = @lexical_decl | @lexical_access; + +@e4x_xml_attribute_selector = @e4x_xml_static_attribute_selector | @e4x_xml_dynamic_attribute_selector; +@e4x_xml_qualident = @e4x_xml_static_qualident | @e4x_xml_dynamic_qualident; + +expr_contains_template_tag_location( + int expr: @expr ref, + int location: @location ref +); + +@template_placeholder_tag_parent = @xmlelement | @xmlattribute | @file; + +template_placeholder_tag_info( + unique int node: @template_placeholder_tag, + int parentNode: @template_placeholder_tag_parent ref, + varchar(900) raw: string ref +); + +// scopes +scopes (unique int id: @scope, + int kind: int ref); + +case @scope.kind of + 0 = @global_scope +| 1 = @function_scope +| 2 = @catch_scope +| 3 = @module_scope +| 4 = @block_scope +| 5 = @for_scope +| 6 = @for_in_scope // for-of scopes work the same as for-in scopes +| 7 = @comprehension_block_scope +| 8 = @class_expr_scope +| 9 = @namespace_scope +| 10 = @class_decl_scope +| 11 = @interface_scope +| 12 = @type_alias_scope +| 13 = @mapped_type_scope +| 14 = @enum_scope +| 15 = @external_module_scope +| 16 = @conditional_type_scope; + +scopenodes (unique int node: @ast_node ref, + int scope: @scope ref); + +scopenesting (unique int inner: @scope ref, + int outer: @scope ref); + +// functions +@function = @function_decl_stmt | @function_expr | @arrow_function_expr; + +@parameterized = @function | @catch_clause; +@type_parameterized = @function | @class_or_interface | @type_alias_declaration | @mapped_typeexpr | @infer_typeexpr; + +is_generator (int fun: @function ref); +has_rest_parameter (int fun: @function ref); +is_async (int fun: @function ref); + +// variables and lexically scoped type names +#keyset[scope, name] +variables (unique int id: @variable, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_type_names (unique int id: @local_type_name, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_namespace_names (unique int id: @local_namespace_name, + varchar(900) name: string ref, + int scope: @scope ref); + +is_arguments_object (int id: @variable ref); + +@lexical_name = @variable | @local_type_name | @local_namespace_name; + +@bind_id = @varaccess | @local_var_type_access; +bind (unique int id: @bind_id ref, + int decl: @variable ref); + +decl (unique int id: @var_decl ref, + int decl: @variable ref); + +@typebind_id = @local_type_access | @export_varaccess; +typebind (unique int id: @typebind_id ref, + int decl: @local_type_name ref); + +@typedecl_id = @type_decl | @var_decl; +typedecl (unique int id: @typedecl_id ref, + int decl: @local_type_name ref); + +namespacedecl (unique int id: @var_decl ref, + int decl: @local_namespace_name ref); + +@namespacebind_id = @local_namespace_access | @export_varaccess; +namespacebind (unique int id: @namespacebind_id ref, + int decl: @local_namespace_name ref); + + +// properties in object literals, property patterns in object patterns, and method declarations in classes +#keyset[parent, index] +properties (unique int id: @property, + int parent: @property_parent ref, + int index: int ref, + int kind: int ref, + varchar(900) tostring: string ref); + +case @property.kind of + 0 = @value_property +| 1 = @property_getter +| 2 = @property_setter +| 3 = @jsx_attribute +| 4 = @function_call_signature +| 5 = @constructor_call_signature +| 6 = @index_signature +| 7 = @enum_member +| 8 = @proper_field +| 9 = @parameter_field +| 10 = @static_initializer +; + +@property_parent = @obj_expr | @object_pattern | @class_definition | @jsx_element | @interface_definition | @enum_declaration; +@property_accessor = @property_getter | @property_setter; +@call_signature = @function_call_signature | @constructor_call_signature; +@field = @proper_field | @parameter_field; +@field_or_vardeclarator = @field | @var_declarator; + +is_computed (int id: @property ref); +is_method (int id: @property ref); +is_static (int id: @property ref); +is_abstract_member (int id: @property ref); +is_const_enum (int id: @enum_declaration ref); +is_abstract_class (int id: @class_decl_stmt ref); + +has_public_keyword (int id: @property ref); +has_private_keyword (int id: @property ref); +has_protected_keyword (int id: @property ref); +has_readonly_keyword (int id: @property ref); +has_type_keyword (int id: @type_keyword_operand ref); +is_optional_member (int id: @property ref); +has_definite_assignment_assertion (int id: @field_or_vardeclarator ref); +is_optional_parameter_declaration (unique int parameter: @pattern ref); + +#keyset[constructor, param_index] +parameter_fields( + unique int field: @parameter_field ref, + int constructor: @function_expr ref, + int param_index: int ref +); + +// types +#keyset[parent, idx] +typeexprs ( + unique int id: @typeexpr, + int kind: int ref, + int parent: @typeexpr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref +); + +case @typeexpr.kind of + 0 = @local_type_access +| 1 = @type_decl +| 2 = @keyword_typeexpr +| 3 = @string_literal_typeexpr +| 4 = @number_literal_typeexpr +| 5 = @boolean_literal_typeexpr +| 6 = @array_typeexpr +| 7 = @union_typeexpr +| 8 = @indexed_access_typeexpr +| 9 = @intersection_typeexpr +| 10 = @parenthesized_typeexpr +| 11 = @tuple_typeexpr +| 12 = @keyof_typeexpr +| 13 = @qualified_type_access +| 14 = @generic_typeexpr +| 15 = @type_label +| 16 = @typeof_typeexpr +| 17 = @local_var_type_access +| 18 = @qualified_var_type_access +| 19 = @this_var_type_access +| 20 = @predicate_typeexpr +| 21 = @interface_typeexpr +| 22 = @type_parameter +| 23 = @plain_function_typeexpr +| 24 = @constructor_typeexpr +| 25 = @local_namespace_access +| 26 = @qualified_namespace_access +| 27 = @mapped_typeexpr +| 28 = @conditional_typeexpr +| 29 = @infer_typeexpr +| 30 = @import_type_access +| 31 = @import_namespace_access +| 32 = @import_var_type_access +| 33 = @optional_typeexpr +| 34 = @rest_typeexpr +| 35 = @bigint_literal_typeexpr +| 36 = @readonly_typeexpr +| 37 = @template_literal_typeexpr +; + +@typeref = @typeaccess | @type_decl; +@type_identifier = @type_decl | @local_type_access | @type_label | @local_var_type_access | @local_namespace_access; +@typeexpr_parent = @expr | @stmt | @property | @typeexpr; +@literal_typeexpr = @string_literal_typeexpr | @number_literal_typeexpr | @boolean_literal_typeexpr | @bigint_literal_typeexpr; +@typeaccess = @local_type_access | @qualified_type_access | @import_type_access; +@vartypeaccess = @local_var_type_access | @qualified_var_type_access | @this_var_type_access | @import_var_type_access; +@namespace_access = @local_namespace_access | @qualified_namespace_access | @import_namespace_access; +@import_typeexpr = @import_type_access | @import_namespace_access | @import_var_type_access; + +@function_typeexpr = @plain_function_typeexpr | @constructor_typeexpr; + +// types +types ( + unique int id: @type, + int kind: int ref, + varchar(900) tostring: string ref +); + +#keyset[parent, idx] +type_child ( + int child: @type ref, + int parent: @type ref, + int idx: int ref +); + +case @type.kind of + 0 = @any_type +| 1 = @string_type +| 2 = @number_type +| 3 = @union_type +| 4 = @true_type +| 5 = @false_type +| 6 = @type_reference +| 7 = @object_type +| 8 = @canonical_type_variable_type +| 9 = @typeof_type +| 10 = @void_type +| 11 = @undefined_type +| 12 = @null_type +| 13 = @never_type +| 14 = @plain_symbol_type +| 15 = @unique_symbol_type +| 16 = @objectkeyword_type +| 17 = @intersection_type +| 18 = @tuple_type +| 19 = @lexical_type_variable_type +| 20 = @this_type +| 21 = @number_literal_type +| 22 = @string_literal_type +| 23 = @unknown_type +| 24 = @bigint_type +| 25 = @bigint_literal_type +; + +@boolean_literal_type = @true_type | @false_type; +@symbol_type = @plain_symbol_type | @unique_symbol_type; +@union_or_intersection_type = @union_type | @intersection_type; +@typevariable_type = @canonical_type_variable_type | @lexical_type_variable_type; + +has_asserts_keyword(int node: @predicate_typeexpr ref); + +@typed_ast_node = @expr | @typeexpr | @function; +ast_node_type( + unique int node: @typed_ast_node ref, + int typ: @type ref); + +declared_function_signature( + unique int node: @function ref, + int sig: @signature_type ref +); + +invoke_expr_signature( + unique int node: @invokeexpr ref, + int sig: @signature_type ref +); + +invoke_expr_overload_index( + unique int node: @invokeexpr ref, + int index: int ref +); + +symbols ( + unique int id: @symbol, + int kind: int ref, + varchar(900) name: string ref +); + +symbol_parent ( + unique int symbol: @symbol ref, + int parent: @symbol ref +); + +symbol_module ( + int symbol: @symbol ref, + varchar(900) moduleName: string ref +); + +symbol_global ( + int symbol: @symbol ref, + varchar(900) globalName: string ref +); + +case @symbol.kind of + 0 = @root_symbol +| 1 = @member_symbol +| 2 = @other_symbol +; + +@type_with_symbol = @type_reference | @typevariable_type | @typeof_type | @unique_symbol_type; +@ast_node_with_symbol = @type_definition | @namespace_definition | @toplevel | @typeaccess | @namespace_access | @var_decl | @function | @invokeexpr | @import_declaration | @external_module_reference | @external_module_declaration; + +ast_node_symbol( + unique int node: @ast_node_with_symbol ref, + int symbol: @symbol ref); + +type_symbol( + unique int typ: @type_with_symbol ref, + int symbol: @symbol ref); + +#keyset[typ, name] +type_property( + int typ: @type ref, + varchar(900) name: string ref, + int propertyType: @type ref); + +type_alias( + unique int aliasType: @type ref, + int underlyingType: @type ref); + +@literal_type = @string_literal_type | @number_literal_type | @boolean_literal_type | @bigint_literal_type; +@type_with_literal_value = @string_literal_type | @number_literal_type | @bigint_literal_type; +type_literal_value( + unique int typ: @type_with_literal_value ref, + varchar(900) value: string ref); + +signature_types ( + unique int id: @signature_type, + int kind: int ref, + varchar(900) tostring: string ref, + int type_parameters: int ref, + int required_params: int ref +); + +is_abstract_signature( + unique int sig: @signature_type ref +); + +signature_rest_parameter( + unique int sig: @signature_type ref, + int rest_param_arra_type: @type ref +); + +case @signature_type.kind of + 0 = @function_signature_type +| 1 = @constructor_signature_type +; + +#keyset[typ, kind, index] +type_contains_signature ( + int typ: @type ref, + int kind: int ref, // constructor/call/index + int index: int ref, // ordering of overloaded signatures + int sig: @signature_type ref +); + +#keyset[parent, index] +signature_contains_type ( + int child: @type ref, + int parent: @signature_type ref, + int index: int ref +); + +#keyset[sig, index] +signature_parameter_name ( + int sig: @signature_type ref, + int index: int ref, + varchar(900) name: string ref +); + +number_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +string_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +base_type_names( + int typeName: @symbol ref, + int baseTypeName: @symbol ref +); + +self_types( + int typeName: @symbol ref, + int selfType: @type_reference ref +); + +tuple_type_min_length( + unique int typ: @type ref, + int minLength: int ref +); + +tuple_type_rest_index( + unique int typ: @type ref, + int index: int ref +); + +// comments +comments (unique int id: @comment, + int kind: int ref, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(900) tostring: string ref); + +case @comment.kind of + 0 = @slashslash_comment +| 1 = @slashstar_comment +| 2 = @doc_comment +| 3 = @html_comment_start +| 4 = @htmlcommentend; + +@html_comment = @html_comment_start | @htmlcommentend; +@line_comment = @slashslash_comment | @html_comment; +@block_comment = @slashstar_comment | @doc_comment; + +// source lines +lines (unique int id: @line, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(2) terminator: string ref); +indentation (int file: @file ref, + int lineno: int ref, + varchar(1) indentChar: string ref, + int indentDepth: int ref); + +// JavaScript parse errors +js_parse_errors (unique int id: @js_parse_error, + int toplevel: @toplevel ref, + varchar(900) message: string ref, + varchar(900) line: string ref); + +// regular expressions +#keyset[parent, idx] +regexpterm (unique int id: @regexpterm, + int kind: int ref, + int parent: @regexpparent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +@regexpparent = @regexpterm | @regexp_literal | @string_literal | @add_expr; + +case @regexpterm.kind of + 0 = @regexp_alt +| 1 = @regexp_seq +| 2 = @regexp_caret +| 3 = @regexp_dollar +| 4 = @regexp_wordboundary +| 5 = @regexp_nonwordboundary +| 6 = @regexp_positive_lookahead +| 7 = @regexp_negative_lookahead +| 8 = @regexp_star +| 9 = @regexp_plus +| 10 = @regexp_opt +| 11 = @regexp_range +| 12 = @regexp_dot +| 13 = @regexp_group +| 14 = @regexp_normal_constant +| 15 = @regexp_hex_escape +| 16 = @regexp_unicode_escape +| 17 = @regexp_dec_escape +| 18 = @regexp_oct_escape +| 19 = @regexp_ctrl_escape +| 20 = @regexp_char_class_escape +| 21 = @regexp_id_escape +| 22 = @regexp_backref +| 23 = @regexp_char_class +| 24 = @regexp_char_range +| 25 = @regexp_positive_lookbehind +| 26 = @regexp_negative_lookbehind +| 27 = @regexp_unicode_property_escape; + +regexp_parse_errors (unique int id: @regexp_parse_error, + int regexp: @regexpterm ref, + varchar(900) message: string ref); + +@regexp_quantifier = @regexp_star | @regexp_plus | @regexp_opt | @regexp_range; +@regexp_escape = @regexp_char_escape | @regexp_char_class_escape | @regexp_unicode_property_escape; +@regexp_char_escape = @regexp_hex_escape | @regexp_unicode_escape | @regexp_dec_escape | @regexp_oct_escape | @regexp_ctrl_escape | @regexp_id_escape; +@regexp_constant = @regexp_normal_constant | @regexp_char_escape; +@regexp_lookahead = @regexp_positive_lookahead | @regexp_negative_lookahead; +@regexp_lookbehind = @regexp_positive_lookbehind | @regexp_negative_lookbehind; +@regexp_subpattern = @regexp_lookahead | @regexp_lookbehind; +@regexp_anchor = @regexp_dollar | @regexp_caret; + +is_greedy (int id: @regexp_quantifier ref); +range_quantifier_lower_bound (unique int id: @regexp_range ref, int lo: int ref); +range_quantifier_upper_bound (unique int id: @regexp_range ref, int hi: int ref); +is_capture (unique int id: @regexp_group ref, int number: int ref); +is_named_capture (unique int id: @regexp_group ref, string name: string ref); +is_inverted (int id: @regexp_char_class ref); +regexp_const_value (unique int id: @regexp_constant ref, varchar(1) value: string ref); +char_class_escape (unique int id: @regexp_char_class_escape ref, varchar(1) value: string ref); +backref (unique int id: @regexp_backref ref, int value: int ref); +named_backref (unique int id: @regexp_backref ref, string name: string ref); +unicode_property_escapename (unique int id: @regexp_unicode_property_escape ref, string name: string ref); +unicode_property_escapevalue (unique int id: @regexp_unicode_property_escape ref, string value: string ref); + +// tokens +#keyset[toplevel, idx] +tokeninfo (unique int id: @token, + int kind: int ref, + int toplevel: @toplevel ref, + int idx: int ref, + varchar(900) value: string ref); + +case @token.kind of + 0 = @token_eof +| 1 = @token_null_literal +| 2 = @token_boolean_literal +| 3 = @token_numeric_literal +| 4 = @token_string_literal +| 5 = @token_regular_expression +| 6 = @token_identifier +| 7 = @token_keyword +| 8 = @token_punctuator; + +// associate comments with the token immediately following them (which may be EOF) +next_token (int comment: @comment ref, int token: @token ref); + +// JSON +#keyset[parent, idx] +json (unique int id: @json_value, + int kind: int ref, + int parent: @json_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +json_literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @json_value ref); + +json_properties (int obj: @json_object ref, + varchar(900) property: string ref, + int value: @json_value ref); + +json_errors (unique int id: @json_parse_error, + varchar(900) message: string ref); + +json_locations(unique int locatable: @json_locatable ref, + int location: @location_default ref); + +case @json_value.kind of + 0 = @json_null +| 1 = @json_boolean +| 2 = @json_number +| 3 = @json_string +| 4 = @json_array +| 5 = @json_object; + +@json_parent = @json_object | @json_array | @file; + +@json_locatable = @json_value | @json_parse_error; + +// locations +@ast_node = @toplevel | @stmt | @expr | @property | @typeexpr; + +@locatable = @file + | @ast_node + | @comment + | @line + | @js_parse_error | @regexp_parse_error + | @regexpterm + | @json_locatable + | @token + | @cfg_node + | @jsdoc | @jsdoc_type_expr | @jsdoc_tag + | @yaml_locatable + | @xmllocatable + | @configLocatable + | @template_placeholder_tag; + +hasLocation (unique int locatable: @locatable ref, + int location: @location ref); + +// CFG +entry_cfg_node (unique int id: @entry_node, int container: @stmt_container ref); +exit_cfg_node (unique int id: @exit_node, int container: @stmt_container ref); +guard_node (unique int id: @guard_node, int kind: int ref, int test: @expr ref); +case @guard_node.kind of + 0 = @falsy_guard +| 1 = @truthy_guard; +@condition_guard = @falsy_guard | @truthy_guard; + +@synthetic_cfg_node = @entry_node | @exit_node | @guard_node; +@cfg_node = @synthetic_cfg_node | @expr_parent; + +successor (int pred: @cfg_node ref, int succ: @cfg_node ref); + +// JSDoc comments +jsdoc (unique int id: @jsdoc, varchar(900) description: string ref, int comment: @comment ref); +#keyset[parent, idx] +jsdoc_tags (unique int id: @jsdoc_tag, varchar(900) title: string ref, + int parent: @jsdoc ref, int idx: int ref, varchar(900) tostring: string ref); +jsdoc_tag_descriptions (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); +jsdoc_tag_names (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); + +#keyset[parent, idx] +jsdoc_type_exprs (unique int id: @jsdoc_type_expr, + int kind: int ref, + int parent: @jsdoc_type_expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); +case @jsdoc_type_expr.kind of + 0 = @jsdoc_any_type_expr +| 1 = @jsdoc_null_type_expr +| 2 = @jsdoc_undefined_type_expr +| 3 = @jsdoc_unknown_type_expr +| 4 = @jsdoc_void_type_expr +| 5 = @jsdoc_named_type_expr +| 6 = @jsdoc_applied_type_expr +| 7 = @jsdoc_nullable_type_expr +| 8 = @jsdoc_non_nullable_type_expr +| 9 = @jsdoc_record_type_expr +| 10 = @jsdoc_array_type_expr +| 11 = @jsdoc_union_type_expr +| 12 = @jsdoc_function_type_expr +| 13 = @jsdoc_optional_type_expr +| 14 = @jsdoc_rest_type_expr +; + +#keyset[id, idx] +jsdoc_record_field_name (int id: @jsdoc_record_type_expr ref, int idx: int ref, varchar(900) name: string ref); +jsdoc_prefix_qualifier (int id: @jsdoc_type_expr ref); +jsdoc_has_new_parameter (int fn: @jsdoc_function_type_expr ref); + +@jsdoc_type_expr_parent = @jsdoc_type_expr | @jsdoc_tag; + +jsdoc_errors (unique int id: @jsdoc_error, int tag: @jsdoc_tag ref, varchar(900) message: string ref, varchar(900) tostring: string ref); + +// YAML +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + varchar(900) tag: string ref, + varchar(900) tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + varchar(900) anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + varchar(900) target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + varchar(900) value: string ref); + +yaml_errors (unique int id: @yaml_error, + varchar(900) message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + +/* XML Files */ + +xmlEncoding( + unique int id: @file ref, + varchar(900) encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + varchar(900) root: string ref, + varchar(900) publicId: string ref, + varchar(900) systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + varchar(900) name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + varchar(900) name: string ref, + varchar(3600) value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + varchar(900) prefixName: string ref, + varchar(900) URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + varchar(3600) text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + varchar(3600) text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +@dataflownode = @expr | @function_decl_stmt | @class_decl_stmt | @namespace_declaration | @enum_declaration | @property; + +@optionalchainable = @call_expr | @propaccess; + +isOptionalChaining(int id: @optionalchainable ref); + +/* + * configuration files with key value pairs + */ + +configs( + unique int id: @config +); + +configNames( + unique int id: @configName, + int config: @config ref, + string name: string ref +); + +configValues( + unique int id: @configValue, + int config: @config ref, + string value: string ref +); + +configLocations( + int locatable: @configLocatable ref, + int location: @location_default ref +); + +@configLocatable = @config | @configName | @configValue; + +/** + * The time taken for the extraction of a file. + * This table contains non-deterministic content. + * + * The sum of the `time` column for each (`file`, `timerKind`) pair + * is the total time taken for extraction of `file`. The `extractionPhase` + * column provides a granular view of the extraction time of the file. + */ +extraction_time( + int file : @file ref, + // see `com.semmle.js.extractor.ExtractionMetrics.ExtractionPhase`. + int extractionPhase: int ref, + // 0 for the elapsed CPU time in nanoseconds, 1 for the elapsed wallclock time in nanoseconds + int timerKind: int ref, + float time: float ref +) + +/** + * Non-timing related data for the extraction of a single file. + * This table contains non-deterministic content. + */ +extraction_data( + int file : @file ref, + // the absolute path to the cache file + varchar(900) cacheFile: string ref, + boolean fromCache: boolean ref, + int length: int ref +) diff --git a/javascript/ql/lib/upgrades/4d00210ca570d55c4833af11d3372b774dbc63f2/semmlecode.javascript.dbscheme b/javascript/ql/lib/upgrades/4d00210ca570d55c4833af11d3372b774dbc63f2/semmlecode.javascript.dbscheme new file mode 100644 index 00000000000..8accf0f930b --- /dev/null +++ b/javascript/ql/lib/upgrades/4d00210ca570d55c4833af11d3372b774dbc63f2/semmlecode.javascript.dbscheme @@ -0,0 +1,1189 @@ +/*** Standard fragments ***/ + +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- Lines of code -*/ + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +/*- External data -*/ + +/** + * External data, loaded from CSV files during snapshot creation. See + * [Tutorial: Incorporating external data](https://help.semmle.com/wiki/display/SD/Tutorial%3A+Incorporating+external+data) + * for more information. + */ +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- JavaScript-specific part -*/ + +@location = @location_default + +@sourceline = @locatable; + +filetype( + int file: @file ref, + string filetype: string ref +) + +// top-level code fragments +toplevels (unique int id: @toplevel, + int kind: int ref); + +is_externs (int toplevel: @toplevel ref); + +case @toplevel.kind of + 0 = @script +| 1 = @inline_script +| 2 = @event_handler +| 3 = @javascript_url +| 4 = @template_toplevel; + +is_module (int tl: @toplevel ref); +is_nodejs (int tl: @toplevel ref); +is_es2015_module (int tl: @toplevel ref); +is_closure_module (int tl: @toplevel ref); + +@xml_node_with_code = @xmlelement | @xmlattribute | @template_placeholder_tag; +toplevel_parent_xml_node( + unique int toplevel: @toplevel ref, + int xmlnode: @xml_node_with_code ref); + +xml_element_parent_expression( + unique int xmlnode: @xmlelement ref, + int expression: @expr ref, + int index: int ref); + +// statements +#keyset[parent, idx] +stmts (unique int id: @stmt, + int kind: int ref, + int parent: @stmt_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +stmt_containers (unique int stmt: @stmt ref, + int container: @stmt_container ref); + +jump_targets (unique int jump: @stmt ref, + int target: @stmt ref); + +@stmt_parent = @stmt | @toplevel | @function_expr | @arrow_function_expr | @static_initializer; +@stmt_container = @toplevel | @function | @namespace_declaration | @external_module_declaration | @global_augmentation_declaration; + +case @stmt.kind of + 0 = @empty_stmt +| 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @labeled_stmt +| 5 = @break_stmt +| 6 = @continue_stmt +| 7 = @with_stmt +| 8 = @switch_stmt +| 9 = @return_stmt +| 10 = @throw_stmt +| 11 = @try_stmt +| 12 = @while_stmt +| 13 = @do_while_stmt +| 14 = @for_stmt +| 15 = @for_in_stmt +| 16 = @debugger_stmt +| 17 = @function_decl_stmt +| 18 = @var_decl_stmt +| 19 = @case +| 20 = @catch_clause +| 21 = @for_of_stmt +| 22 = @const_decl_stmt +| 23 = @let_stmt +| 24 = @legacy_let_stmt +| 25 = @for_each_stmt +| 26 = @class_decl_stmt +| 27 = @import_declaration +| 28 = @export_all_declaration +| 29 = @export_default_declaration +| 30 = @export_named_declaration +| 31 = @namespace_declaration +| 32 = @import_equals_declaration +| 33 = @export_assign_declaration +| 34 = @interface_declaration +| 35 = @type_alias_declaration +| 36 = @enum_declaration +| 37 = @external_module_declaration +| 38 = @export_as_namespace_declaration +| 39 = @global_augmentation_declaration +; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @let_stmt | @legacy_let_stmt; + +@export_declaration = @export_all_declaration | @export_default_declaration | @export_named_declaration; + +@namespace_definition = @namespace_declaration | @enum_declaration; +@type_definition = @class_definition | @interface_declaration | @enum_declaration | @type_alias_declaration | @enum_member; + +is_instantiated(unique int decl: @namespace_declaration ref); + +@declarable_node = @decl_stmt | @namespace_declaration | @class_decl_stmt | @function_decl_stmt | @enum_declaration | @external_module_declaration | @global_augmentation_declaration | @field; +has_declare_keyword(unique int stmt: @declarable_node ref); + +is_for_await_of(unique int forof: @for_of_stmt ref); + +// expressions +#keyset[parent, idx] +exprs (unique int id: @expr, + int kind: int ref, + int parent: @expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @expr_or_type ref); + +enclosing_stmt (unique int expr: @expr_or_type ref, + int stmt: @stmt ref); + +expr_containers (unique int expr: @expr_or_type ref, + int container: @stmt_container ref); + +array_size (unique int ae: @arraylike ref, + int sz: int ref); + +is_delegating (int yield: @yield_expr ref); + +@expr_or_stmt = @expr | @stmt; +@expr_or_type = @expr | @typeexpr; +@expr_parent = @expr_or_stmt | @property | @function_typeexpr; +@arraylike = @array_expr | @array_pattern; +@type_annotation = @typeexpr | @jsdoc_type_expr; +@node_in_stmt_container = @cfg_node | @type_annotation | @toplevel; + +case @expr.kind of + 0 = @label +| 1 = @null_literal +| 2 = @boolean_literal +| 3 = @number_literal +| 4 = @string_literal +| 5 = @regexp_literal +| 6 = @this_expr +| 7 = @array_expr +| 8 = @obj_expr +| 9 = @function_expr +| 10 = @seq_expr +| 11 = @conditional_expr +| 12 = @new_expr +| 13 = @call_expr +| 14 = @dot_expr +| 15 = @index_expr +| 16 = @neg_expr +| 17 = @plus_expr +| 18 = @log_not_expr +| 19 = @bit_not_expr +| 20 = @typeof_expr +| 21 = @void_expr +| 22 = @delete_expr +| 23 = @eq_expr +| 24 = @neq_expr +| 25 = @eqq_expr +| 26 = @neqq_expr +| 27 = @lt_expr +| 28 = @le_expr +| 29 = @gt_expr +| 30 = @ge_expr +| 31 = @lshift_expr +| 32 = @rshift_expr +| 33 = @urshift_expr +| 34 = @add_expr +| 35 = @sub_expr +| 36 = @mul_expr +| 37 = @div_expr +| 38 = @mod_expr +| 39 = @bitor_expr +| 40 = @xor_expr +| 41 = @bitand_expr +| 42 = @in_expr +| 43 = @instanceof_expr +| 44 = @logand_expr +| 45 = @logor_expr +| 47 = @assign_expr +| 48 = @assign_add_expr +| 49 = @assign_sub_expr +| 50 = @assign_mul_expr +| 51 = @assign_div_expr +| 52 = @assign_mod_expr +| 53 = @assign_lshift_expr +| 54 = @assign_rshift_expr +| 55 = @assign_urshift_expr +| 56 = @assign_or_expr +| 57 = @assign_xor_expr +| 58 = @assign_and_expr +| 59 = @preinc_expr +| 60 = @postinc_expr +| 61 = @predec_expr +| 62 = @postdec_expr +| 63 = @par_expr +| 64 = @var_declarator +| 65 = @arrow_function_expr +| 66 = @spread_element +| 67 = @array_pattern +| 68 = @object_pattern +| 69 = @yield_expr +| 70 = @tagged_template_expr +| 71 = @template_literal +| 72 = @template_element +| 73 = @array_comprehension_expr +| 74 = @generator_expr +| 75 = @for_in_comprehension_block +| 76 = @for_of_comprehension_block +| 77 = @legacy_letexpr +| 78 = @var_decl +| 79 = @proper_varaccess +| 80 = @class_expr +| 81 = @super_expr +| 82 = @newtarget_expr +| 83 = @named_import_specifier +| 84 = @import_default_specifier +| 85 = @import_namespace_specifier +| 86 = @named_export_specifier +| 87 = @exp_expr +| 88 = @assign_exp_expr +| 89 = @jsx_element +| 90 = @jsx_qualified_name +| 91 = @jsx_empty_expr +| 92 = @await_expr +| 93 = @function_sent_expr +| 94 = @decorator +| 95 = @export_default_specifier +| 96 = @export_namespace_specifier +| 97 = @bind_expr +| 98 = @external_module_reference +| 99 = @dynamic_import +| 100 = @expression_with_type_arguments +| 101 = @prefix_type_assertion +| 102 = @as_type_assertion +| 103 = @export_varaccess +| 104 = @decorator_list +| 105 = @non_null_assertion +| 106 = @bigint_literal +| 107 = @nullishcoalescing_expr +| 108 = @e4x_xml_anyname +| 109 = @e4x_xml_static_attribute_selector +| 110 = @e4x_xml_dynamic_attribute_selector +| 111 = @e4x_xml_filter_expression +| 112 = @e4x_xml_static_qualident +| 113 = @e4x_xml_dynamic_qualident +| 114 = @e4x_xml_dotdotexpr +| 115 = @import_meta_expr +| 116 = @assignlogandexpr +| 117 = @assignlogorexpr +| 118 = @assignnullishcoalescingexpr +| 119 = @template_pipe_ref +| 120 = @generated_code_expr +| 121 = @satisfies_expr +; + +@varaccess = @proper_varaccess | @export_varaccess; +@varref = @var_decl | @varaccess; + +@identifier = @label | @varref | @type_identifier; + +@literal = @null_literal | @boolean_literal | @number_literal | @string_literal | @regexp_literal | @bigint_literal; + +@propaccess = @dot_expr | @index_expr; + +@invokeexpr = @new_expr | @call_expr; + +@unaryexpr = @neg_expr | @plus_expr | @log_not_expr | @bit_not_expr | @typeof_expr | @void_expr | @delete_expr | @spread_element; + +@equality_test = @eq_expr | @neq_expr | @eqq_expr | @neqq_expr; + +@comparison = @equality_test | @lt_expr | @le_expr | @gt_expr | @ge_expr; + +@binaryexpr = @comparison | @lshift_expr | @rshift_expr | @urshift_expr | @add_expr | @sub_expr | @mul_expr | @div_expr | @mod_expr | @exp_expr | @bitor_expr | @xor_expr | @bitand_expr | @in_expr | @instanceof_expr | @logand_expr | @logor_expr | @nullishcoalescing_expr; + +@assignment = @assign_expr | @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr | @assign_mod_expr | @assign_exp_expr | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr | @assign_or_expr | @assign_xor_expr | @assign_and_expr | @assignlogandexpr | @assignlogorexpr | @assignnullishcoalescingexpr; + +@updateexpr = @preinc_expr | @postinc_expr | @predec_expr | @postdec_expr; + +@pattern = @varref | @array_pattern | @object_pattern; + +@comprehension_expr = @array_comprehension_expr | @generator_expr; + +@comprehension_block = @for_in_comprehension_block | @for_of_comprehension_block; + +@import_specifier = @named_import_specifier | @import_default_specifier | @import_namespace_specifier; + +@exportspecifier = @named_export_specifier | @export_default_specifier | @export_namespace_specifier; + +@type_keyword_operand = @import_declaration | @export_declaration | @import_specifier; + +@type_assertion = @as_type_assertion | @prefix_type_assertion; + +@class_definition = @class_decl_stmt | @class_expr; +@interface_definition = @interface_declaration | @interface_typeexpr; +@class_or_interface = @class_definition | @interface_definition; + +@lexical_decl = @var_decl | @type_decl; +@lexical_access = @varaccess | @local_type_access | @local_var_type_access | @local_namespace_access; +@lexical_ref = @lexical_decl | @lexical_access; + +@e4x_xml_attribute_selector = @e4x_xml_static_attribute_selector | @e4x_xml_dynamic_attribute_selector; +@e4x_xml_qualident = @e4x_xml_static_qualident | @e4x_xml_dynamic_qualident; + +expr_contains_template_tag_location( + int expr: @expr ref, + int location: @location ref +); + +@template_placeholder_tag_parent = @xmlelement | @xmlattribute | @file; + +template_placeholder_tag_info( + unique int node: @template_placeholder_tag, + int parentNode: @template_placeholder_tag_parent ref, + varchar(900) raw: string ref +); + +// scopes +scopes (unique int id: @scope, + int kind: int ref); + +case @scope.kind of + 0 = @global_scope +| 1 = @function_scope +| 2 = @catch_scope +| 3 = @module_scope +| 4 = @block_scope +| 5 = @for_scope +| 6 = @for_in_scope // for-of scopes work the same as for-in scopes +| 7 = @comprehension_block_scope +| 8 = @class_expr_scope +| 9 = @namespace_scope +| 10 = @class_decl_scope +| 11 = @interface_scope +| 12 = @type_alias_scope +| 13 = @mapped_type_scope +| 14 = @enum_scope +| 15 = @external_module_scope +| 16 = @conditional_type_scope; + +scopenodes (unique int node: @ast_node ref, + int scope: @scope ref); + +scopenesting (unique int inner: @scope ref, + int outer: @scope ref); + +// functions +@function = @function_decl_stmt | @function_expr | @arrow_function_expr; + +@parameterized = @function | @catch_clause; +@type_parameterized = @function | @class_or_interface | @type_alias_declaration | @mapped_typeexpr | @infer_typeexpr; + +is_generator (int fun: @function ref); +has_rest_parameter (int fun: @function ref); +is_async (int fun: @function ref); + +// variables and lexically scoped type names +#keyset[scope, name] +variables (unique int id: @variable, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_type_names (unique int id: @local_type_name, + varchar(900) name: string ref, + int scope: @scope ref); + +#keyset[scope, name] +local_namespace_names (unique int id: @local_namespace_name, + varchar(900) name: string ref, + int scope: @scope ref); + +is_arguments_object (int id: @variable ref); + +@lexical_name = @variable | @local_type_name | @local_namespace_name; + +@bind_id = @varaccess | @local_var_type_access; +bind (unique int id: @bind_id ref, + int decl: @variable ref); + +decl (unique int id: @var_decl ref, + int decl: @variable ref); + +@typebind_id = @local_type_access | @export_varaccess; +typebind (unique int id: @typebind_id ref, + int decl: @local_type_name ref); + +@typedecl_id = @type_decl | @var_decl; +typedecl (unique int id: @typedecl_id ref, + int decl: @local_type_name ref); + +namespacedecl (unique int id: @var_decl ref, + int decl: @local_namespace_name ref); + +@namespacebind_id = @local_namespace_access | @export_varaccess; +namespacebind (unique int id: @namespacebind_id ref, + int decl: @local_namespace_name ref); + + +// properties in object literals, property patterns in object patterns, and method declarations in classes +#keyset[parent, index] +properties (unique int id: @property, + int parent: @property_parent ref, + int index: int ref, + int kind: int ref, + varchar(900) tostring: string ref); + +case @property.kind of + 0 = @value_property +| 1 = @property_getter +| 2 = @property_setter +| 3 = @jsx_attribute +| 4 = @function_call_signature +| 5 = @constructor_call_signature +| 6 = @index_signature +| 7 = @enum_member +| 8 = @proper_field +| 9 = @parameter_field +| 10 = @static_initializer +; + +@property_parent = @obj_expr | @object_pattern | @class_definition | @jsx_element | @interface_definition | @enum_declaration; +@property_accessor = @property_getter | @property_setter; +@call_signature = @function_call_signature | @constructor_call_signature; +@field = @proper_field | @parameter_field; +@field_or_vardeclarator = @field | @var_declarator; + +is_computed (int id: @property ref); +is_method (int id: @property ref); +is_static (int id: @property ref); +is_abstract_member (int id: @property ref); +is_const_enum (int id: @enum_declaration ref); +is_abstract_class (int id: @class_decl_stmt ref); + +has_public_keyword (int id: @property ref); +has_private_keyword (int id: @property ref); +has_protected_keyword (int id: @property ref); +has_readonly_keyword (int id: @property ref); +has_type_keyword (int id: @type_keyword_operand ref); +is_optional_member (int id: @property ref); +has_definite_assignment_assertion (int id: @field_or_vardeclarator ref); +is_optional_parameter_declaration (unique int parameter: @pattern ref); + +#keyset[constructor, param_index] +parameter_fields( + unique int field: @parameter_field ref, + int constructor: @function_expr ref, + int param_index: int ref +); + +// types +#keyset[parent, idx] +typeexprs ( + unique int id: @typeexpr, + int kind: int ref, + int parent: @typeexpr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref +); + +case @typeexpr.kind of + 0 = @local_type_access +| 1 = @type_decl +| 2 = @keyword_typeexpr +| 3 = @string_literal_typeexpr +| 4 = @number_literal_typeexpr +| 5 = @boolean_literal_typeexpr +| 6 = @array_typeexpr +| 7 = @union_typeexpr +| 8 = @indexed_access_typeexpr +| 9 = @intersection_typeexpr +| 10 = @parenthesized_typeexpr +| 11 = @tuple_typeexpr +| 12 = @keyof_typeexpr +| 13 = @qualified_type_access +| 14 = @generic_typeexpr +| 15 = @type_label +| 16 = @typeof_typeexpr +| 17 = @local_var_type_access +| 18 = @qualified_var_type_access +| 19 = @this_var_type_access +| 20 = @predicate_typeexpr +| 21 = @interface_typeexpr +| 22 = @type_parameter +| 23 = @plain_function_typeexpr +| 24 = @constructor_typeexpr +| 25 = @local_namespace_access +| 26 = @qualified_namespace_access +| 27 = @mapped_typeexpr +| 28 = @conditional_typeexpr +| 29 = @infer_typeexpr +| 30 = @import_type_access +| 31 = @import_namespace_access +| 32 = @import_var_type_access +| 33 = @optional_typeexpr +| 34 = @rest_typeexpr +| 35 = @bigint_literal_typeexpr +| 36 = @readonly_typeexpr +| 37 = @template_literal_typeexpr +; + +@typeref = @typeaccess | @type_decl; +@type_identifier = @type_decl | @local_type_access | @type_label | @local_var_type_access | @local_namespace_access; +@typeexpr_parent = @expr | @stmt | @property | @typeexpr; +@literal_typeexpr = @string_literal_typeexpr | @number_literal_typeexpr | @boolean_literal_typeexpr | @bigint_literal_typeexpr; +@typeaccess = @local_type_access | @qualified_type_access | @import_type_access; +@vartypeaccess = @local_var_type_access | @qualified_var_type_access | @this_var_type_access | @import_var_type_access; +@namespace_access = @local_namespace_access | @qualified_namespace_access | @import_namespace_access; +@import_typeexpr = @import_type_access | @import_namespace_access | @import_var_type_access; + +@function_typeexpr = @plain_function_typeexpr | @constructor_typeexpr; + +// types +types ( + unique int id: @type, + int kind: int ref, + varchar(900) tostring: string ref +); + +#keyset[parent, idx] +type_child ( + int child: @type ref, + int parent: @type ref, + int idx: int ref +); + +case @type.kind of + 0 = @any_type +| 1 = @string_type +| 2 = @number_type +| 3 = @union_type +| 4 = @true_type +| 5 = @false_type +| 6 = @type_reference +| 7 = @object_type +| 8 = @canonical_type_variable_type +| 9 = @typeof_type +| 10 = @void_type +| 11 = @undefined_type +| 12 = @null_type +| 13 = @never_type +| 14 = @plain_symbol_type +| 15 = @unique_symbol_type +| 16 = @objectkeyword_type +| 17 = @intersection_type +| 18 = @tuple_type +| 19 = @lexical_type_variable_type +| 20 = @this_type +| 21 = @number_literal_type +| 22 = @string_literal_type +| 23 = @unknown_type +| 24 = @bigint_type +| 25 = @bigint_literal_type +; + +@boolean_literal_type = @true_type | @false_type; +@symbol_type = @plain_symbol_type | @unique_symbol_type; +@union_or_intersection_type = @union_type | @intersection_type; +@typevariable_type = @canonical_type_variable_type | @lexical_type_variable_type; + +has_asserts_keyword(int node: @predicate_typeexpr ref); + +@typed_ast_node = @expr | @typeexpr | @function; +ast_node_type( + unique int node: @typed_ast_node ref, + int typ: @type ref); + +declared_function_signature( + unique int node: @function ref, + int sig: @signature_type ref +); + +invoke_expr_signature( + unique int node: @invokeexpr ref, + int sig: @signature_type ref +); + +invoke_expr_overload_index( + unique int node: @invokeexpr ref, + int index: int ref +); + +symbols ( + unique int id: @symbol, + int kind: int ref, + varchar(900) name: string ref +); + +symbol_parent ( + unique int symbol: @symbol ref, + int parent: @symbol ref +); + +symbol_module ( + int symbol: @symbol ref, + varchar(900) moduleName: string ref +); + +symbol_global ( + int symbol: @symbol ref, + varchar(900) globalName: string ref +); + +case @symbol.kind of + 0 = @root_symbol +| 1 = @member_symbol +| 2 = @other_symbol +; + +@type_with_symbol = @type_reference | @typevariable_type | @typeof_type | @unique_symbol_type; +@ast_node_with_symbol = @type_definition | @namespace_definition | @toplevel | @typeaccess | @namespace_access | @var_decl | @function | @invokeexpr | @import_declaration | @external_module_reference | @external_module_declaration; + +ast_node_symbol( + unique int node: @ast_node_with_symbol ref, + int symbol: @symbol ref); + +type_symbol( + unique int typ: @type_with_symbol ref, + int symbol: @symbol ref); + +#keyset[typ, name] +type_property( + int typ: @type ref, + varchar(900) name: string ref, + int propertyType: @type ref); + +type_alias( + unique int aliasType: @type ref, + int underlyingType: @type ref); + +@literal_type = @string_literal_type | @number_literal_type | @boolean_literal_type | @bigint_literal_type; +@type_with_literal_value = @string_literal_type | @number_literal_type | @bigint_literal_type; +type_literal_value( + unique int typ: @type_with_literal_value ref, + varchar(900) value: string ref); + +signature_types ( + unique int id: @signature_type, + int kind: int ref, + varchar(900) tostring: string ref, + int type_parameters: int ref, + int required_params: int ref +); + +is_abstract_signature( + unique int sig: @signature_type ref +); + +signature_rest_parameter( + unique int sig: @signature_type ref, + int rest_param_arra_type: @type ref +); + +case @signature_type.kind of + 0 = @function_signature_type +| 1 = @constructor_signature_type +; + +#keyset[typ, kind, index] +type_contains_signature ( + int typ: @type ref, + int kind: int ref, // constructor/call/index + int index: int ref, // ordering of overloaded signatures + int sig: @signature_type ref +); + +#keyset[parent, index] +signature_contains_type ( + int child: @type ref, + int parent: @signature_type ref, + int index: int ref +); + +#keyset[sig, index] +signature_parameter_name ( + int sig: @signature_type ref, + int index: int ref, + varchar(900) name: string ref +); + +number_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +string_index_type ( + unique int baseType: @type ref, + int propertyType: @type ref +); + +base_type_names( + int typeName: @symbol ref, + int baseTypeName: @symbol ref +); + +self_types( + int typeName: @symbol ref, + int selfType: @type_reference ref +); + +tuple_type_min_length( + unique int typ: @type ref, + int minLength: int ref +); + +tuple_type_rest_index( + unique int typ: @type ref, + int index: int ref +); + +// comments +comments (unique int id: @comment, + int kind: int ref, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(900) tostring: string ref); + +case @comment.kind of + 0 = @slashslash_comment +| 1 = @slashstar_comment +| 2 = @doc_comment +| 3 = @html_comment_start +| 4 = @htmlcommentend; + +@html_comment = @html_comment_start | @htmlcommentend; +@line_comment = @slashslash_comment | @html_comment; +@block_comment = @slashstar_comment | @doc_comment; + +// source lines +lines (unique int id: @line, + int toplevel: @toplevel ref, + varchar(900) text: string ref, + varchar(2) terminator: string ref); +indentation (int file: @file ref, + int lineno: int ref, + varchar(1) indentChar: string ref, + int indentDepth: int ref); + +// JavaScript parse errors +js_parse_errors (unique int id: @js_parse_error, + int toplevel: @toplevel ref, + varchar(900) message: string ref, + varchar(900) line: string ref); + +// regular expressions +#keyset[parent, idx] +regexpterm (unique int id: @regexpterm, + int kind: int ref, + int parent: @regexpparent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +@regexpparent = @regexpterm | @regexp_literal | @string_literal | @add_expr; + +case @regexpterm.kind of + 0 = @regexp_alt +| 1 = @regexp_seq +| 2 = @regexp_caret +| 3 = @regexp_dollar +| 4 = @regexp_wordboundary +| 5 = @regexp_nonwordboundary +| 6 = @regexp_positive_lookahead +| 7 = @regexp_negative_lookahead +| 8 = @regexp_star +| 9 = @regexp_plus +| 10 = @regexp_opt +| 11 = @regexp_range +| 12 = @regexp_dot +| 13 = @regexp_group +| 14 = @regexp_normal_constant +| 15 = @regexp_hex_escape +| 16 = @regexp_unicode_escape +| 17 = @regexp_dec_escape +| 18 = @regexp_oct_escape +| 19 = @regexp_ctrl_escape +| 20 = @regexp_char_class_escape +| 21 = @regexp_id_escape +| 22 = @regexp_backref +| 23 = @regexp_char_class +| 24 = @regexp_char_range +| 25 = @regexp_positive_lookbehind +| 26 = @regexp_negative_lookbehind +| 27 = @regexp_unicode_property_escape; + +regexp_parse_errors (unique int id: @regexp_parse_error, + int regexp: @regexpterm ref, + varchar(900) message: string ref); + +@regexp_quantifier = @regexp_star | @regexp_plus | @regexp_opt | @regexp_range; +@regexp_escape = @regexp_char_escape | @regexp_char_class_escape | @regexp_unicode_property_escape; +@regexp_char_escape = @regexp_hex_escape | @regexp_unicode_escape | @regexp_dec_escape | @regexp_oct_escape | @regexp_ctrl_escape | @regexp_id_escape; +@regexp_constant = @regexp_normal_constant | @regexp_char_escape; +@regexp_lookahead = @regexp_positive_lookahead | @regexp_negative_lookahead; +@regexp_lookbehind = @regexp_positive_lookbehind | @regexp_negative_lookbehind; +@regexp_subpattern = @regexp_lookahead | @regexp_lookbehind; +@regexp_anchor = @regexp_dollar | @regexp_caret; + +is_greedy (int id: @regexp_quantifier ref); +range_quantifier_lower_bound (unique int id: @regexp_range ref, int lo: int ref); +range_quantifier_upper_bound (unique int id: @regexp_range ref, int hi: int ref); +is_capture (unique int id: @regexp_group ref, int number: int ref); +is_named_capture (unique int id: @regexp_group ref, string name: string ref); +is_inverted (int id: @regexp_char_class ref); +regexp_const_value (unique int id: @regexp_constant ref, varchar(1) value: string ref); +char_class_escape (unique int id: @regexp_char_class_escape ref, varchar(1) value: string ref); +backref (unique int id: @regexp_backref ref, int value: int ref); +named_backref (unique int id: @regexp_backref ref, string name: string ref); +unicode_property_escapename (unique int id: @regexp_unicode_property_escape ref, string name: string ref); +unicode_property_escapevalue (unique int id: @regexp_unicode_property_escape ref, string value: string ref); + +// tokens +#keyset[toplevel, idx] +tokeninfo (unique int id: @token, + int kind: int ref, + int toplevel: @toplevel ref, + int idx: int ref, + varchar(900) value: string ref); + +case @token.kind of + 0 = @token_eof +| 1 = @token_null_literal +| 2 = @token_boolean_literal +| 3 = @token_numeric_literal +| 4 = @token_string_literal +| 5 = @token_regular_expression +| 6 = @token_identifier +| 7 = @token_keyword +| 8 = @token_punctuator; + +// associate comments with the token immediately following them (which may be EOF) +next_token (int comment: @comment ref, int token: @token ref); + +// JSON +#keyset[parent, idx] +json (unique int id: @json_value, + int kind: int ref, + int parent: @json_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); + +json_literals (varchar(900) value: string ref, + varchar(900) raw: string ref, + unique int expr: @json_value ref); + +json_properties (int obj: @json_object ref, + varchar(900) property: string ref, + int value: @json_value ref); + +json_errors (unique int id: @json_parse_error, + varchar(900) message: string ref); + +json_locations(unique int locatable: @json_locatable ref, + int location: @location_default ref); + +case @json_value.kind of + 0 = @json_null +| 1 = @json_boolean +| 2 = @json_number +| 3 = @json_string +| 4 = @json_array +| 5 = @json_object; + +@json_parent = @json_object | @json_array | @file; + +@json_locatable = @json_value | @json_parse_error; + +// locations +@ast_node = @toplevel | @stmt | @expr | @property | @typeexpr; + +@locatable = @file + | @ast_node + | @comment + | @line + | @js_parse_error | @regexp_parse_error + | @regexpterm + | @json_locatable + | @token + | @cfg_node + | @jsdoc | @jsdoc_type_expr | @jsdoc_tag + | @yaml_locatable + | @xmllocatable + | @configLocatable + | @template_placeholder_tag; + +hasLocation (unique int locatable: @locatable ref, + int location: @location ref); + +// CFG +entry_cfg_node (unique int id: @entry_node, int container: @stmt_container ref); +exit_cfg_node (unique int id: @exit_node, int container: @stmt_container ref); +guard_node (unique int id: @guard_node, int kind: int ref, int test: @expr ref); +case @guard_node.kind of + 0 = @falsy_guard +| 1 = @truthy_guard; +@condition_guard = @falsy_guard | @truthy_guard; + +@synthetic_cfg_node = @entry_node | @exit_node | @guard_node; +@cfg_node = @synthetic_cfg_node | @expr_parent; + +successor (int pred: @cfg_node ref, int succ: @cfg_node ref); + +// JSDoc comments +jsdoc (unique int id: @jsdoc, varchar(900) description: string ref, int comment: @comment ref); +#keyset[parent, idx] +jsdoc_tags (unique int id: @jsdoc_tag, varchar(900) title: string ref, + int parent: @jsdoc ref, int idx: int ref, varchar(900) tostring: string ref); +jsdoc_tag_descriptions (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); +jsdoc_tag_names (unique int tag: @jsdoc_tag ref, varchar(900) text: string ref); + +#keyset[parent, idx] +jsdoc_type_exprs (unique int id: @jsdoc_type_expr, + int kind: int ref, + int parent: @jsdoc_type_expr_parent ref, + int idx: int ref, + varchar(900) tostring: string ref); +case @jsdoc_type_expr.kind of + 0 = @jsdoc_any_type_expr +| 1 = @jsdoc_null_type_expr +| 2 = @jsdoc_undefined_type_expr +| 3 = @jsdoc_unknown_type_expr +| 4 = @jsdoc_void_type_expr +| 5 = @jsdoc_named_type_expr +| 6 = @jsdoc_applied_type_expr +| 7 = @jsdoc_nullable_type_expr +| 8 = @jsdoc_non_nullable_type_expr +| 9 = @jsdoc_record_type_expr +| 10 = @jsdoc_array_type_expr +| 11 = @jsdoc_union_type_expr +| 12 = @jsdoc_function_type_expr +| 13 = @jsdoc_optional_type_expr +| 14 = @jsdoc_rest_type_expr +; + +#keyset[id, idx] +jsdoc_record_field_name (int id: @jsdoc_record_type_expr ref, int idx: int ref, varchar(900) name: string ref); +jsdoc_prefix_qualifier (int id: @jsdoc_type_expr ref); +jsdoc_has_new_parameter (int fn: @jsdoc_function_type_expr ref); + +@jsdoc_type_expr_parent = @jsdoc_type_expr | @jsdoc_tag; + +jsdoc_errors (unique int id: @jsdoc_error, int tag: @jsdoc_tag ref, varchar(900) message: string ref, varchar(900) tostring: string ref); + +@dataflownode = @expr | @function_decl_stmt | @class_decl_stmt | @namespace_declaration | @enum_declaration | @property; + +@optionalchainable = @call_expr | @propaccess; + +isOptionalChaining(int id: @optionalchainable ref); + +/** + * The time taken for the extraction of a file. + * This table contains non-deterministic content. + * + * The sum of the `time` column for each (`file`, `timerKind`) pair + * is the total time taken for extraction of `file`. The `extractionPhase` + * column provides a granular view of the extraction time of the file. + */ +extraction_time( + int file : @file ref, + // see `com.semmle.js.extractor.ExtractionMetrics.ExtractionPhase`. + int extractionPhase: int ref, + // 0 for the elapsed CPU time in nanoseconds, 1 for the elapsed wallclock time in nanoseconds + int timerKind: int ref, + float time: float ref +) + +/** +* Non-timing related data for the extraction of a single file. +* This table contains non-deterministic content. +*/ +extraction_data( + int file : @file ref, + // the absolute path to the cache file + varchar(900) cacheFile: string ref, + boolean fromCache: boolean ref, + int length: int ref +) + +/*- YAML -*/ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + string tag: string ref, + string tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + string anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + string target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + string value: string ref); + +yaml_errors (unique int id: @yaml_error, + string message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + +/*- XML Files -*/ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/*- Configuration files with key value pairs -*/ + +configs( + unique int id: @config +); + +configNames( + unique int id: @configName, + int config: @config ref, + string name: string ref +); + +configValues( + unique int id: @configValue, + int config: @config ref, + string value: string ref +); + +configLocations( + int locatable: @configLocatable ref, + int location: @location_default ref +); + +@configLocatable = @config | @configName | @configValue; diff --git a/javascript/ql/lib/upgrades/4d00210ca570d55c4833af11d3372b774dbc63f2/upgrade.properties b/javascript/ql/lib/upgrades/4d00210ca570d55c4833af11d3372b774dbc63f2/upgrade.properties new file mode 100644 index 00000000000..7e07865bedc --- /dev/null +++ b/javascript/ql/lib/upgrades/4d00210ca570d55c4833af11d3372b774dbc63f2/upgrade.properties @@ -0,0 +1,11 @@ +description: Sync dbscheme fragments +compatibility: full + +duplicateCode.rel: delete +similarCode.rel: delete +tokens.rel: delete +snapshotDate.rel: delete +svnentries.rel: delete +svnaffectedfiles.rel: delete +svnentrymsg.rel: delete +svnchurn.rel: delete From 6d7e95a14205549186ca2630ccb00c0654fca83f Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Fri, 21 Apr 2023 15:15:37 +0200 Subject: [PATCH 544/870] QL/Ruby: included shared extractor code in cache key --- .github/workflows/ql-for-ql-build.yml | 2 +- .github/workflows/ruby-build.yml | 2 +- ruby/actions/create-extractor-pack/action.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ql-for-ql-build.yml b/.github/workflows/ql-for-ql-build.yml index 49d73d60fc5..10086d78d78 100644 --- a/.github/workflows/ql-for-ql-build.yml +++ b/.github/workflows/ql-for-ql-build.yml @@ -32,7 +32,7 @@ jobs: path: | ql/extractor-pack/ ql/target/release/buramu - key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-extractor-${{ hashFiles('ql/**/Cargo.lock') }}-${{ hashFiles('ql/**/*.rs') }} + key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-extractor-${{ hashFiles('ql/**/Cargo.lock') }}-${{ hashFiles('shared/tree-sitter-extractor') }}-${{ hashFiles('ql/**/*.rs') }} - name: Cache cargo if: steps.cache-extractor.outputs.cache-hit != 'true' uses: actions/cache@v3 diff --git a/.github/workflows/ruby-build.yml b/.github/workflows/ruby-build.yml index 51d1fea9697..935d9da642b 100644 --- a/.github/workflows/ruby-build.yml +++ b/.github/workflows/ruby-build.yml @@ -61,7 +61,7 @@ jobs: ruby/extractor/target/release/codeql-extractor-ruby ruby/extractor/target/release/codeql-extractor-ruby.exe ruby/extractor/ql/lib/codeql/ruby/ast/internal/TreeSitter.qll - key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-ruby-extractor-${{ hashFiles('ruby/extractor/rust-toolchain.toml', 'ruby/extractor/Cargo.lock') }}--${{ hashFiles('ruby/extractor/**/*.rs') }} + key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-ruby-extractor-${{ hashFiles('ruby/extractor/rust-toolchain.toml', 'ruby/extractor/Cargo.lock') }}-${{ hashFiles('shared/tree-sitter-extractor') }}-${{ hashFiles('ruby/extractor/**/*.rs') }} - uses: actions/cache@v3 if: steps.cache-extractor.outputs.cache-hit != 'true' with: diff --git a/ruby/actions/create-extractor-pack/action.yml b/ruby/actions/create-extractor-pack/action.yml index 7f18dea5902..84f67b812af 100644 --- a/ruby/actions/create-extractor-pack/action.yml +++ b/ruby/actions/create-extractor-pack/action.yml @@ -10,7 +10,7 @@ runs: uses: actions/cache@v3 with: path: ruby/extractor-pack - key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-extractor-${{ hashFiles('ruby/extractor/rust-toolchain.toml', 'ruby/scripts/create-extractor-pack.sh', 'ruby/extractor/**/Cargo.lock', 'ruby/actions/create-extractor-pack/action.yml') }}-${{ hashFiles('ruby/extractor/**/*.rs') }}-${{ hashFiles('ruby/codeql-extractor.yml', 'ruby/downgrades', 'ruby/tools', 'ruby/ql/lib/ruby.dbscheme', 'ruby/ql/lib/ruby.dbscheme.stats') }} + key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-extractor-${{ hashFiles('ruby/extractor/rust-toolchain.toml', 'ruby/scripts/create-extractor-pack.sh', 'ruby/extractor/**/Cargo.lock', 'ruby/actions/create-extractor-pack/action.yml') }}-${{ hashFiles('shared/tree-sitter-extractor') }}-${{ hashFiles('ruby/extractor/**/*.rs') }}-${{ hashFiles('ruby/codeql-extractor.yml', 'ruby/downgrades', 'ruby/tools', 'ruby/ql/lib/ruby.dbscheme', 'ruby/ql/lib/ruby.dbscheme.stats') }} - name: Cache cargo uses: actions/cache@v3 if: steps.cache-extractor.outputs.cache-hit != 'true' From d2bc66e393bb01bb72354cb8f2a311769fa41df0 Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Fri, 21 Apr 2023 16:23:35 +0200 Subject: [PATCH 545/870] QL: switch to shared YAML extractor --- ql/Cargo.lock | Bin 31985 -> 31708 bytes ql/extractor/Cargo.toml | 1 - ql/extractor/src/autobuilder.rs | 2 +- ql/extractor/src/extractor.rs | 6 - ql/extractor/src/generator.rs | 4 - ql/ql/src/codeql_ql/ast/Ast.qll | 174 ++++-------------- ql/ql/src/codeql_ql/ast/internal/AstNodes.qll | 18 -- .../src/codeql_ql/ast/internal/TreeSitter.qll | 133 ------------- ql/ql/src/ql.dbscheme | 113 ++++-------- ql/ql/src/qlpack.yml | 1 + ql/tools/pre-finalize.cmd | 10 + ql/tools/pre-finalize.sh | 10 + ql/tools/qltest.cmd | 11 ++ ql/tools/qltest.sh | 11 +- ruby/ql/lib/ruby.dbscheme | 40 ++++ .../src/generator/prefix.dbscheme | 40 ++++ 16 files changed, 200 insertions(+), 374 deletions(-) create mode 100644 ql/tools/pre-finalize.cmd create mode 100755 ql/tools/pre-finalize.sh diff --git a/ql/Cargo.lock b/ql/Cargo.lock index 8a6de476fd948a4ea112788a5b0fb05e15c739c9..27e5cc4ebdc757137e92f695c8c6f9062d9f7f66 100644 GIT binary patch delta 23 fcmezPlkv`X#tlqDlfMW^Z#ETL;Jx`$oV*+WiO&i< delta 162 zcmccfo$=#O#tlqDq6$hSMX9N}#hE1~sYSYlIl7gJxjB std::io::Result<()> { autobuilder::Autobuilder::new("ql", PathBuf::from(database)) .include_extensions(&[".ql", ".qll", ".dbscheme", ".json", ".jsonc", ".jsonl"]) - .include_globs(&["**/qlpack.yml", "deprecated.blame"]) + .include_globs(&["deprecated.blame"]) .size_limit("10m") .run() } diff --git a/ql/extractor/src/extractor.rs b/ql/extractor/src/extractor.rs index 6728f5ae877..fddacf229f4 100644 --- a/ql/extractor/src/extractor.rs +++ b/ql/extractor/src/extractor.rs @@ -42,12 +42,6 @@ pub fn run(options: Options) -> std::io::Result<()> { node_types: tree_sitter_ql_dbscheme::NODE_TYPES, file_extensions: vec!["dbscheme".into()], }, - simple::LanguageSpec { - prefix: "yaml", - ts_language: tree_sitter_ql_yaml::language(), - node_types: tree_sitter_ql_yaml::NODE_TYPES, - file_extensions: vec!["yml".into()], - }, simple::LanguageSpec { prefix: "json", ts_language: tree_sitter_json::language(), diff --git a/ql/extractor/src/generator.rs b/ql/extractor/src/generator.rs index cdfdd17df4d..ce5fcf1b12c 100644 --- a/ql/extractor/src/generator.rs +++ b/ql/extractor/src/generator.rs @@ -31,10 +31,6 @@ pub fn run(options: Options) -> std::io::Result<()> { name: "Dbscheme".to_owned(), node_types: tree_sitter_ql_dbscheme::NODE_TYPES, }, - Language { - name: "Yaml".to_owned(), - node_types: tree_sitter_ql_yaml::NODE_TYPES, - }, Language { name: "Blame".to_owned(), node_types: tree_sitter_blame::NODE_TYPES, diff --git a/ql/ql/src/codeql_ql/ast/Ast.qll b/ql/ql/src/codeql_ql/ast/Ast.qll index 630b07bd680..616438da756 100644 --- a/ql/ql/src/codeql_ql/ast/Ast.qll +++ b/ql/ql/src/codeql_ql/ast/Ast.qll @@ -38,8 +38,6 @@ class AstNode extends TAstNode { result = node.getLocation() ) or - result = toGenerateYaml(this).getLocation() - or result = toDbscheme(this).getLocation() } @@ -2573,126 +2571,49 @@ class BindingSet extends Annotation { * Classes modeling YAML AST nodes. */ module YAML { - /** A node in a YAML file */ - class YamlNode extends TYamlNode, AstNode { - /** Holds if the predicate is a root node (has no parent) */ - predicate isRoot() { not exists(this.getParent()) } + private import codeql.yaml.Yaml as LibYaml - override AstNode getParent() { toGenerateYaml(result) = toGenerateYaml(this).getParent() } - } + private module YamlSig implements LibYaml::InputSig { + import codeql.Locations - /** DEPRECATED: Alias for YamlNode */ - deprecated class YAMLNode = YamlNode; + class LocatableBase extends @yaml_locatable { + Location getLocation() { yaml_locations(this, result) } - /** A YAML comment. */ - class YamlComment extends TYamlComment, YamlNode { - Yaml::Comment yamlcomment; - - YamlComment() { this = TYamlComment(yamlcomment) } - - override string getAPrimaryQlClass() { result = "YamlComment" } - } - - /** DEPRECATED: Alias for YamlComment */ - deprecated class YAMLComment = YamlComment; - - /** A YAML entry. */ - class YamlEntry extends TYamlEntry, YamlNode { - Yaml::Entry yamle; - - YamlEntry() { this = TYamlEntry(yamle) } - - /** Gets the key of this YAML entry. */ - YamlKey getKey() { - exists(Yaml::Keyvaluepair pair | - pair.getParent() = yamle and - result = TYamlKey(pair.getKey()) - ) + string toString() { none() } } - YamlListItem getListItem() { toGenerateYaml(result).getParent() = yamle } + class NodeBase extends LocatableBase, @yaml_node { + NodeBase getChildNode(int i) { yaml(result, _, this, i, _, _) } - /** Gets the value of this YAML entry. */ - YamlValue getValue() { - exists(Yaml::Keyvaluepair pair | - pair.getParent() = yamle and - result = TYamlValue(pair.getValue()) - ) + string getTag() { yaml(this, _, _, _, result, _) } + + string getAnchor() { yaml_anchors(this, result) } + + override string toString() { yaml(this, _, _, _, _, result) } } - override string getAPrimaryQlClass() { result = "YamlEntry" } - } + class ScalarNodeBase extends NodeBase, @yaml_scalar_node { + int getStyle() { yaml_scalars(this, result, _) } - /** DEPRECATED: Alias for YamlEntry */ - deprecated class YAMLEntry = YamlEntry; - - /** A YAML key. */ - class YamlKey extends TYamlKey, YamlNode { - Yaml::Key yamlkey; - - YamlKey() { this = TYamlKey(yamlkey) } - - /** - * Gets the value of this YAML key. - */ - YamlValue getValue() { - exists(Yaml::Keyvaluepair pair | - pair.getKey() = yamlkey and result = TYamlValue(pair.getValue()) - ) + string getValue() { yaml_scalars(this, _, result) } } - override string getAPrimaryQlClass() { result = "YamlKey" } + class CollectionNodeBase extends NodeBase, @yaml_collection_node { } - /** Gets the value of this YAML value. */ - string getNamePart(int i) { - i = 0 and result = yamlkey.getChild(0).(Yaml::SimpleId).getValue() - or - exists(YamlKey child | - child = TYamlKey(yamlkey.getChild(1)) and - result = child.getNamePart(i - 1) - ) + class MappingNodeBase extends CollectionNodeBase, @yaml_mapping_node { } + + class SequenceNodeBase extends CollectionNodeBase, @yaml_sequence_node { } + + class AliasNodeBase extends NodeBase, @yaml_alias_node { + string getTarget() { yaml_aliases(this, result) } } - /** - * Gets all the name parts of this YAML key concatenated with `/`. - * Dashes are replaced with `/` (because we don't have that information in the generated AST). - */ - string getQualifiedName() { - result = concat(string part, int i | part = this.getNamePart(i) | part, "/" order by i) + class ParseErrorBase extends LocatableBase, @yaml_error { + string getMessage() { yaml_errors(this, result) } } } - /** DEPRECATED: Alias for YamlKey */ - deprecated class YAMLKey = YamlKey; - - /** A YAML list item. */ - class YamlListItem extends TYamlListitem, YamlNode { - Yaml::Listitem yamllistitem; - - YamlListItem() { this = TYamlListitem(yamllistitem) } - - /** - * Gets the value of this YAML list item. - */ - YamlValue getValue() { result = TYamlValue(yamllistitem.getChild()) } - - override string getAPrimaryQlClass() { result = "YamlListItem" } - } - - /** DEPRECATED: Alias for YamlListItem */ - deprecated class YAMLListItem = YamlListItem; - - /** A YAML value. */ - class YamlValue extends TYamlValue, YamlNode { - Yaml::Value yamlvalue; - - YamlValue() { this = TYamlValue(yamlvalue) } - - override string getAPrimaryQlClass() { result = "YamlValue" } - - /** Gets the value of this YAML value. */ - string getValue() { result = yamlvalue.getValue() } - } + import LibYaml::Make // to not expose the entire `File` API on `QlPack`. private newtype TQLPack = MKQlPack(File file) { file.getBaseName() = "qlpack.yml" } @@ -2705,15 +2626,16 @@ module YAML { QLPack() { this = MKQlPack(file) } - private string getProperty(string name) { - exists(YamlEntry entry | - entry.isRoot() and - entry.getKey().getQualifiedName() = name and - result = entry.getValue().getValue().trim() and - entry.getLocation().getFile() = file + private YamlValue get(string name) { + exists(YamlMapping m | + m instanceof YamlDocument and + m.getFile() = file and + result = m.lookup(name) ) } + private string getProperty(string name) { result = this.get(name).(YamlScalar).getValue() } + /** Gets the name of this qlpack */ string getName() { result = this.getProperty("name") } @@ -2728,32 +2650,12 @@ module YAML { /** Gets the file that this `QLPack` represents. */ File getFile() { result = file } - private predicate isADependency(YamlEntry entry) { - exists(YamlEntry deps | - deps.getLocation().getFile() = file and entry.getLocation().getFile() = file - | - deps.isRoot() and - deps.getKey().getQualifiedName() = ["dependencies", "libraryPathDependencies"] and - entry.getLocation().getStartLine() = 1 + deps.getLocation().getStartLine() and - entry.getLocation().getStartColumn() > deps.getLocation().getStartColumn() - ) - or - exists(YamlEntry prev | this.isADependency(prev) | - prev.getLocation().getFile() = file and - entry.getLocation().getFile() = file and - entry.getLocation().getStartLine() = 1 + prev.getLocation().getStartLine() and - entry.getLocation().getStartColumn() = prev.getLocation().getStartColumn() - ) - } - predicate hasDependency(string name, string version) { - exists(YamlEntry entry | this.isADependency(entry) | - entry.getKey().getQualifiedName().trim() = name and - entry.getValue().getValue() = version - or - name = entry.getListItem().getValue().getValue().trim() and - version = "\"*\"" - ) + version = this.get("dependencies").(YamlMapping).lookup(name).(YamlScalar).getValue() + or + name = + this.get("libraryPathDependencies").(YamlCollection).getAChild().(YamlScalar).getValue() and + version = "\"*\"" or name = this.getProperty("libraryPathDependencies") and version = "\"*\"" diff --git a/ql/ql/src/codeql_ql/ast/internal/AstNodes.qll b/ql/ql/src/codeql_ql/ast/internal/AstNodes.qll index 33410830ae2..533d268127a 100644 --- a/ql/ql/src/codeql_ql/ast/internal/AstNodes.qll +++ b/ql/ql/src/codeql_ql/ast/internal/AstNodes.qll @@ -61,11 +61,6 @@ newtype TAstNode = TPredicateExpr(QL::PredicateExpr pe) or TAnnotation(QL::Annotation annot) or TAnnotationArg(QL::AnnotArg arg) or - TYamlComment(Yaml::Comment yc) or - TYamlEntry(Yaml::Entry ye) or - TYamlKey(Yaml::Key yk) or - TYamlListitem(Yaml::Listitem yli) or - TYamlValue(Yaml::Value yv) or TBuiltinClassless(string ret, string name, string args) { isBuiltinClassless(ret, name, args) } or TBuiltinMember(string qual, string ret, string name, string args) { isBuiltinMember(qual, ret, name, args) @@ -87,15 +82,10 @@ class TCall = TPredicateCall or TMemberCall or TNoneCall or TAnyCall; class TTypeRef = TImport or TModuleExpr or TType; -class TYamlNode = TYamlComment or TYamlEntry or TYamlKey or TYamlListitem or TYamlValue; - class TSignatureExpr = TPredicateExpr or TType or TModuleExpr; class TComment = TQLDoc or TBlockComment or TLineComment; -/** DEPRECATED: Alias for TYamlNode */ -deprecated class TYAMLNode = TYamlNode; - private QL::AstNode toQLFormula(AST::AstNode n) { n = TConjunction(result) or n = TDisjunction(result) or @@ -125,14 +115,6 @@ private QL::AstNode toQLExpr(AST::AstNode n) { n = TDontCare(result) } -Yaml::AstNode toGenerateYaml(AST::AstNode n) { - n = TYamlComment(result) or - n = TYamlEntry(result) or - n = TYamlKey(result) or - n = TYamlListitem(result) or - n = TYamlValue(result) -} - Dbscheme::AstNode toDbscheme(AST::AstNode n) { n = TDBRelation(result) } /** diff --git a/ql/ql/src/codeql_ql/ast/internal/TreeSitter.qll b/ql/ql/src/codeql_ql/ast/internal/TreeSitter.qll index d15da37b4f2..76e96979cfd 100644 --- a/ql/ql/src/codeql_ql/ast/internal/TreeSitter.qll +++ b/ql/ql/src/codeql_ql/ast/internal/TreeSitter.qll @@ -1611,139 +1611,6 @@ module Dbscheme { } } -module Yaml { - /** The base class for all AST nodes */ - class AstNode extends @yaml_ast_node { - /** Gets a string representation of this element. */ - string toString() { result = this.getAPrimaryQlClass() } - - /** Gets the location of this element. */ - final L::Location getLocation() { yaml_ast_node_info(this, _, _, result) } - - /** Gets the parent of this element. */ - final AstNode getParent() { yaml_ast_node_info(this, result, _, _) } - - /** Gets the index of this node among the children of its parent. */ - final int getParentIndex() { yaml_ast_node_info(this, _, result, _) } - - /** Gets a field or child node of this node. */ - AstNode getAFieldOrChild() { none() } - - /** Gets the name of the primary QL class for this element. */ - string getAPrimaryQlClass() { result = "???" } - - /** Gets a comma-separated list of the names of the primary CodeQL classes to which this element belongs. */ - string getPrimaryQlClasses() { result = concat(this.getAPrimaryQlClass(), ",") } - } - - /** A token. */ - class Token extends @yaml_token, AstNode { - /** Gets the value of this token. */ - final string getValue() { yaml_tokeninfo(this, _, result) } - - /** Gets a string representation of this element. */ - final override string toString() { result = this.getValue() } - - /** Gets the name of the primary QL class for this element. */ - override string getAPrimaryQlClass() { result = "Token" } - } - - /** A reserved word. */ - class ReservedWord extends @yaml_reserved_word, Token { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "ReservedWord" } - } - - /** A class representing `comment` nodes. */ - class Comment extends @yaml_comment, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "Comment" } - - /** Gets the child of this node. */ - final Value getChild() { yaml_comment_def(this, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { yaml_comment_def(this, result) } - } - - /** A class representing `entry` nodes. */ - class Entry extends @yaml_entry, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "Entry" } - - /** Gets the child of this node. */ - final AstNode getChild() { yaml_entry_def(this, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { yaml_entry_def(this, result) } - } - - /** A class representing `key` nodes. */ - class Key extends @yaml_key__, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "Key" } - - /** Gets the `i`th child of this node. */ - final AstNode getChild(int i) { yaml_key_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { yaml_key_child(this, _, result) } - } - - /** A class representing `keyvaluepair` nodes. */ - class Keyvaluepair extends @yaml_keyvaluepair, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "Keyvaluepair" } - - /** Gets the node corresponding to the field `key`. */ - final Key getKey() { yaml_keyvaluepair_def(this, result, _) } - - /** Gets the node corresponding to the field `value`. */ - final Value getValue() { yaml_keyvaluepair_def(this, _, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { - yaml_keyvaluepair_def(this, result, _) or yaml_keyvaluepair_def(this, _, result) - } - } - - /** A class representing `listitem` nodes. */ - class Listitem extends @yaml_listitem, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "Listitem" } - - /** Gets the child of this node. */ - final Value getChild() { yaml_listitem_def(this, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { yaml_listitem_def(this, result) } - } - - /** A class representing `simpleId` tokens. */ - class SimpleId extends @yaml_token_simple_id, Token { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "SimpleId" } - } - - /** A class representing `value` tokens. */ - class Value extends @yaml_token_value, Token { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "Value" } - } - - /** A class representing `yaml` nodes. */ - class Yaml extends @yaml_yaml, AstNode { - /** Gets the name of the primary QL class for this element. */ - final override string getAPrimaryQlClass() { result = "Yaml" } - - /** Gets the `i`th child of this node. */ - final Entry getChild(int i) { yaml_yaml_child(this, i, result) } - - /** Gets a field or child node of this node. */ - final override AstNode getAFieldOrChild() { yaml_yaml_child(this, _, result) } - } -} - module Blame { /** The base class for all AST nodes */ class AstNode extends @blame_ast_node { diff --git a/ql/ql/src/ql.dbscheme b/ql/ql/src/ql.dbscheme index 2f98ed2d92d..97aa35b9ef5 100644 --- a/ql/ql/src/ql.dbscheme +++ b/ql/ql/src/ql.dbscheme @@ -62,6 +62,46 @@ case @diagnostic.severity of | 30 = @diagnostic_warning | 40 = @diagnostic_error ; + +/*- YAML -*/ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + string tag: string ref, + string tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + string anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + string target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + string value: string ref); + +yaml_errors (unique int id: @yaml_error, + string message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + /*- QL dbscheme -*/ @ql_add_expr_left_type = @ql_add_expr | @ql_aggregate | @ql_call_or_unqual_agg_expr | @ql_comp_term | @ql_conjunction | @ql_disjunction | @ql_expr_annotation | @ql_if_term | @ql_implication | @ql_in_expr | @ql_instance_of | @ql_literal | @ql_mul_expr | @ql_negation | @ql_par_expr | @ql_prefix_cast | @ql_qualified_expr | @ql_quantified | @ql_range | @ql_set_literal | @ql_special_call | @ql_super_ref | @ql_unary_expr | @ql_variable @@ -1129,79 +1169,6 @@ dbscheme_ast_node_info( int loc: @location_default ref ); -/*- Yaml dbscheme -*/ -yaml_comment_def( - unique int id: @yaml_comment, - int child: @yaml_token_value ref -); - -@yaml_entry_child_type = @yaml_comment | @yaml_keyvaluepair | @yaml_listitem - -yaml_entry_def( - unique int id: @yaml_entry, - int child: @yaml_entry_child_type ref -); - -@yaml_key_child_type = @yaml_key__ | @yaml_token_simple_id - -#keyset[yaml_key__, index] -yaml_key_child( - int yaml_key__: @yaml_key__ ref, - int index: int ref, - unique int child: @yaml_key_child_type ref -); - -yaml_key_def( - unique int id: @yaml_key__ -); - -yaml_keyvaluepair_def( - unique int id: @yaml_keyvaluepair, - int key__: @yaml_key__ ref, - int value: @yaml_token_value ref -); - -yaml_listitem_def( - unique int id: @yaml_listitem, - int child: @yaml_token_value ref -); - -#keyset[yaml_yaml, index] -yaml_yaml_child( - int yaml_yaml: @yaml_yaml ref, - int index: int ref, - unique int child: @yaml_entry ref -); - -yaml_yaml_def( - unique int id: @yaml_yaml -); - -yaml_tokeninfo( - unique int id: @yaml_token, - int kind: int ref, - string value: string ref -); - -case @yaml_token.kind of - 0 = @yaml_reserved_word -| 1 = @yaml_token_simple_id -| 2 = @yaml_token_value -; - - -@yaml_ast_node = @yaml_comment | @yaml_entry | @yaml_key__ | @yaml_keyvaluepair | @yaml_listitem | @yaml_token | @yaml_yaml - -@yaml_ast_node_parent = @file | @yaml_ast_node - -#keyset[parent, parent_index] -yaml_ast_node_info( - unique int node: @yaml_ast_node ref, - int parent: @yaml_ast_node_parent ref, - int parent_index: int ref, - int loc: @location_default ref -); - /*- Blame dbscheme -*/ #keyset[blame_blame_entry, index] blame_blame_entry_line( diff --git a/ql/ql/src/qlpack.yml b/ql/ql/src/qlpack.yml index 46eb43ff429..68991ef1c20 100644 --- a/ql/ql/src/qlpack.yml +++ b/ql/ql/src/qlpack.yml @@ -8,4 +8,5 @@ extractor: ql dependencies: codeql/typos: ${workspace} codeql/util: ${workspace} + codeql/yaml: ${workspace} warnOnImplicitThis: true diff --git a/ql/tools/pre-finalize.cmd b/ql/tools/pre-finalize.cmd new file mode 100644 index 00000000000..516084941c9 --- /dev/null +++ b/ql/tools/pre-finalize.cmd @@ -0,0 +1,10 @@ +@echo off + +type NUL && "%CODEQL_DIST%\codeql" database index-files ^ + --include=**/qlpack.yml ^ + --size-limit=5m ^ + --language yaml ^ + -- ^ + "%CODEQL_EXTRACTOR_QL_WIP_DATABASE%" + +exit /b %ERRORLEVEL% diff --git a/ql/tools/pre-finalize.sh b/ql/tools/pre-finalize.sh new file mode 100755 index 00000000000..81fc6d58278 --- /dev/null +++ b/ql/tools/pre-finalize.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +set -eu + +"$CODEQL_DIST/codeql" database index-files \ + "--include=**/qlpack.yml" \ + --size-limit=5m \ + --language yaml \ + -- \ + "$CODEQL_EXTRACTOR_QL_WIP_DATABASE" diff --git a/ql/tools/qltest.cmd b/ql/tools/qltest.cmd index 15b42c8af35..d4429052645 100644 --- a/ql/tools/qltest.cmd +++ b/ql/tools/qltest.cmd @@ -11,4 +11,15 @@ type NUL && "%CODEQL_DIST%\codeql.exe" database index-files ^ --working-dir=. ^ "%CODEQL_EXTRACTOR_QL_WIP_DATABASE%" +IF %ERRORLEVEL% NEQ 0 exit /b %ERRORLEVEL% + +type NUL && "%CODEQL_DIST%\codeql.exe" database index-files ^ + --prune=**/*.testproj ^ + --include-extension=.yml ^ + --size-limit=5m ^ + --language=yaml ^ + --working-dir=. ^ + "%CODEQL_EXTRACTOR_QL_WIP_DATABASE%" + exit /b %ERRORLEVEL% + diff --git a/ql/tools/qltest.sh b/ql/tools/qltest.sh index 3712b2a5a10..d6b9e0ff5ee 100755 --- a/ql/tools/qltest.sh +++ b/ql/tools/qltest.sh @@ -2,13 +2,20 @@ set -eu -exec "${CODEQL_DIST}/codeql" database index-files \ +"${CODEQL_DIST}/codeql" database index-files \ --prune="**/*.testproj" \ --include-extension=.ql \ --include-extension=.qll \ --include-extension=.dbscheme \ - --include-extension=.yml \ --size-limit=5m \ --language=ql \ --working-dir=.\ "$CODEQL_EXTRACTOR_QL_WIP_DATABASE" + +exec "${CODEQL_DIST}/codeql" database index-files \ + --prune="**/*.testproj" \ + --include-extension=.yml \ + --size-limit=5m \ + --language=yaml \ + --working-dir=.\ + "$CODEQL_EXTRACTOR_QL_WIP_DATABASE" diff --git a/ruby/ql/lib/ruby.dbscheme b/ruby/ql/lib/ruby.dbscheme index a9b02f60315..f9f0f4023e4 100644 --- a/ruby/ql/lib/ruby.dbscheme +++ b/ruby/ql/lib/ruby.dbscheme @@ -62,6 +62,46 @@ case @diagnostic.severity of | 30 = @diagnostic_warning | 40 = @diagnostic_error ; + +/*- YAML -*/ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + string tag: string ref, + string tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + string anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + string target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + string value: string ref); + +yaml_errors (unique int id: @yaml_error, + string message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + /*- Ruby dbscheme -*/ @ruby_underscore_arg = @ruby_assignment | @ruby_binary | @ruby_conditional | @ruby_operator_assignment | @ruby_range | @ruby_unary | @ruby_underscore_primary diff --git a/shared/tree-sitter-extractor/src/generator/prefix.dbscheme b/shared/tree-sitter-extractor/src/generator/prefix.dbscheme index f371901ca6f..4bbfc8a0931 100644 --- a/shared/tree-sitter-extractor/src/generator/prefix.dbscheme +++ b/shared/tree-sitter-extractor/src/generator/prefix.dbscheme @@ -59,3 +59,43 @@ case @diagnostic.severity of | 30 = @diagnostic_warning | 40 = @diagnostic_error ; + +/*- YAML -*/ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + string tag: string ref, + string tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + string anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + string target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + string value: string ref); + +yaml_errors (unique int id: @yaml_error, + string message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + From 294cc930e66f37f7125288f5682fe81edc3fe570 Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Fri, 12 May 2023 13:30:39 +0200 Subject: [PATCH 546/870] Ruby: add upgrade/downgrade scripts --- .../old.dbscheme | 1509 +++++++++++++++++ .../ruby.dbscheme | 1455 ++++++++++++++++ .../upgrade.properties | 2 + .../old.dbscheme | 1455 ++++++++++++++++ .../ruby.dbscheme | 1509 +++++++++++++++++ .../upgrade.properties | 2 + 6 files changed, 5932 insertions(+) create mode 100644 ruby/downgrades/f9f0f4023e433184fda76f595247bf448b782135/old.dbscheme create mode 100644 ruby/downgrades/f9f0f4023e433184fda76f595247bf448b782135/ruby.dbscheme create mode 100644 ruby/downgrades/f9f0f4023e433184fda76f595247bf448b782135/upgrade.properties create mode 100644 ruby/ql/lib/upgrades/ff289788b1552e32078788baa27152cc95b68f77/old.dbscheme create mode 100644 ruby/ql/lib/upgrades/ff289788b1552e32078788baa27152cc95b68f77/ruby.dbscheme create mode 100644 ruby/ql/lib/upgrades/ff289788b1552e32078788baa27152cc95b68f77/upgrade.properties diff --git a/ruby/downgrades/f9f0f4023e433184fda76f595247bf448b782135/old.dbscheme b/ruby/downgrades/f9f0f4023e433184fda76f595247bf448b782135/old.dbscheme new file mode 100644 index 00000000000..f9f0f4023e4 --- /dev/null +++ b/ruby/downgrades/f9f0f4023e433184fda76f595247bf448b782135/old.dbscheme @@ -0,0 +1,1509 @@ +// CodeQL database schema for Ruby +// Automatically generated from the tree-sitter grammar; do not edit + +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- Diagnostic messages -*/ + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +/*- Diagnostic messages: severity -*/ + +case @diagnostic.severity of + 10 = @diagnostic_debug +| 20 = @diagnostic_info +| 30 = @diagnostic_warning +| 40 = @diagnostic_error +; + +/*- YAML -*/ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + string tag: string ref, + string tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + string anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + string target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + string value: string ref); + +yaml_errors (unique int id: @yaml_error, + string message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + +/*- Ruby dbscheme -*/ +@ruby_underscore_arg = @ruby_assignment | @ruby_binary | @ruby_conditional | @ruby_operator_assignment | @ruby_range | @ruby_unary | @ruby_underscore_primary + +@ruby_underscore_call_operator = @ruby_reserved_word + +@ruby_underscore_expression = @ruby_assignment | @ruby_binary | @ruby_break | @ruby_call | @ruby_match_pattern | @ruby_next | @ruby_operator_assignment | @ruby_return | @ruby_test_pattern | @ruby_unary | @ruby_underscore_arg | @ruby_yield + +@ruby_underscore_lhs = @ruby_call | @ruby_element_reference | @ruby_scope_resolution | @ruby_token_false | @ruby_token_nil | @ruby_token_true | @ruby_underscore_variable + +@ruby_underscore_method_name = @ruby_delimited_symbol | @ruby_setter | @ruby_token_constant | @ruby_token_identifier | @ruby_token_operator | @ruby_token_simple_symbol | @ruby_underscore_nonlocal_variable + +@ruby_underscore_nonlocal_variable = @ruby_token_class_variable | @ruby_token_global_variable | @ruby_token_instance_variable + +@ruby_underscore_pattern_constant = @ruby_scope_resolution | @ruby_token_constant + +@ruby_underscore_pattern_expr = @ruby_alternative_pattern | @ruby_as_pattern | @ruby_underscore_pattern_expr_basic + +@ruby_underscore_pattern_expr_basic = @ruby_array_pattern | @ruby_expression_reference_pattern | @ruby_find_pattern | @ruby_hash_pattern | @ruby_parenthesized_pattern | @ruby_range | @ruby_token_identifier | @ruby_underscore_pattern_constant | @ruby_underscore_pattern_primitive | @ruby_variable_reference_pattern + +@ruby_underscore_pattern_primitive = @ruby_delimited_symbol | @ruby_lambda | @ruby_regex | @ruby_string__ | @ruby_string_array | @ruby_subshell | @ruby_symbol_array | @ruby_token_encoding | @ruby_token_false | @ruby_token_file | @ruby_token_heredoc_beginning | @ruby_token_line | @ruby_token_nil | @ruby_token_self | @ruby_token_simple_symbol | @ruby_token_true | @ruby_unary | @ruby_underscore_simple_numeric + +@ruby_underscore_pattern_top_expr_body = @ruby_array_pattern | @ruby_find_pattern | @ruby_hash_pattern | @ruby_underscore_pattern_expr + +@ruby_underscore_primary = @ruby_array | @ruby_begin | @ruby_break | @ruby_call | @ruby_case__ | @ruby_case_match | @ruby_chained_string | @ruby_class | @ruby_delimited_symbol | @ruby_for | @ruby_hash | @ruby_if | @ruby_lambda | @ruby_method | @ruby_module | @ruby_next | @ruby_parenthesized_statements | @ruby_redo | @ruby_regex | @ruby_retry | @ruby_return | @ruby_singleton_class | @ruby_singleton_method | @ruby_string__ | @ruby_string_array | @ruby_subshell | @ruby_symbol_array | @ruby_token_character | @ruby_token_heredoc_beginning | @ruby_token_simple_symbol | @ruby_unary | @ruby_underscore_lhs | @ruby_underscore_simple_numeric | @ruby_unless | @ruby_until | @ruby_while | @ruby_yield + +@ruby_underscore_simple_numeric = @ruby_complex | @ruby_rational | @ruby_token_float | @ruby_token_integer + +@ruby_underscore_statement = @ruby_alias | @ruby_begin_block | @ruby_end_block | @ruby_if_modifier | @ruby_rescue_modifier | @ruby_undef | @ruby_underscore_expression | @ruby_unless_modifier | @ruby_until_modifier | @ruby_while_modifier + +@ruby_underscore_variable = @ruby_token_constant | @ruby_token_identifier | @ruby_token_self | @ruby_token_super | @ruby_underscore_nonlocal_variable + +ruby_alias_def( + unique int id: @ruby_alias, + int alias: @ruby_underscore_method_name ref, + int name: @ruby_underscore_method_name ref +); + +#keyset[ruby_alternative_pattern, index] +ruby_alternative_pattern_alternatives( + int ruby_alternative_pattern: @ruby_alternative_pattern ref, + int index: int ref, + unique int alternatives: @ruby_underscore_pattern_expr_basic ref +); + +ruby_alternative_pattern_def( + unique int id: @ruby_alternative_pattern +); + +@ruby_argument_list_child_type = @ruby_block_argument | @ruby_hash_splat_argument | @ruby_pair | @ruby_splat_argument | @ruby_token_forward_argument | @ruby_underscore_expression + +#keyset[ruby_argument_list, index] +ruby_argument_list_child( + int ruby_argument_list: @ruby_argument_list ref, + int index: int ref, + unique int child: @ruby_argument_list_child_type ref +); + +ruby_argument_list_def( + unique int id: @ruby_argument_list +); + +@ruby_array_child_type = @ruby_block_argument | @ruby_hash_splat_argument | @ruby_pair | @ruby_splat_argument | @ruby_token_forward_argument | @ruby_underscore_expression + +#keyset[ruby_array, index] +ruby_array_child( + int ruby_array: @ruby_array ref, + int index: int ref, + unique int child: @ruby_array_child_type ref +); + +ruby_array_def( + unique int id: @ruby_array +); + +ruby_array_pattern_class( + unique int ruby_array_pattern: @ruby_array_pattern ref, + unique int class: @ruby_underscore_pattern_constant ref +); + +@ruby_array_pattern_child_type = @ruby_splat_parameter | @ruby_underscore_pattern_expr + +#keyset[ruby_array_pattern, index] +ruby_array_pattern_child( + int ruby_array_pattern: @ruby_array_pattern ref, + int index: int ref, + unique int child: @ruby_array_pattern_child_type ref +); + +ruby_array_pattern_def( + unique int id: @ruby_array_pattern +); + +ruby_as_pattern_def( + unique int id: @ruby_as_pattern, + int name: @ruby_token_identifier ref, + int value: @ruby_underscore_pattern_expr ref +); + +@ruby_assignment_left_type = @ruby_left_assignment_list | @ruby_underscore_lhs + +@ruby_assignment_right_type = @ruby_rescue_modifier | @ruby_right_assignment_list | @ruby_splat_argument | @ruby_underscore_expression + +ruby_assignment_def( + unique int id: @ruby_assignment, + int left: @ruby_assignment_left_type ref, + int right: @ruby_assignment_right_type ref +); + +@ruby_bare_string_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_bare_string, index] +ruby_bare_string_child( + int ruby_bare_string: @ruby_bare_string ref, + int index: int ref, + unique int child: @ruby_bare_string_child_type ref +); + +ruby_bare_string_def( + unique int id: @ruby_bare_string +); + +@ruby_bare_symbol_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_bare_symbol, index] +ruby_bare_symbol_child( + int ruby_bare_symbol: @ruby_bare_symbol ref, + int index: int ref, + unique int child: @ruby_bare_symbol_child_type ref +); + +ruby_bare_symbol_def( + unique int id: @ruby_bare_symbol +); + +@ruby_begin_child_type = @ruby_else | @ruby_ensure | @ruby_rescue | @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_begin, index] +ruby_begin_child( + int ruby_begin: @ruby_begin ref, + int index: int ref, + unique int child: @ruby_begin_child_type ref +); + +ruby_begin_def( + unique int id: @ruby_begin +); + +@ruby_begin_block_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_begin_block, index] +ruby_begin_block_child( + int ruby_begin_block: @ruby_begin_block ref, + int index: int ref, + unique int child: @ruby_begin_block_child_type ref +); + +ruby_begin_block_def( + unique int id: @ruby_begin_block +); + +@ruby_binary_left_type = @ruby_underscore_expression | @ruby_underscore_simple_numeric + +case @ruby_binary.operator of + 0 = @ruby_binary_bangequal +| 1 = @ruby_binary_bangtilde +| 2 = @ruby_binary_percent +| 3 = @ruby_binary_ampersand +| 4 = @ruby_binary_ampersandampersand +| 5 = @ruby_binary_star +| 6 = @ruby_binary_starstar +| 7 = @ruby_binary_plus +| 8 = @ruby_binary_minus +| 9 = @ruby_binary_slash +| 10 = @ruby_binary_langle +| 11 = @ruby_binary_langlelangle +| 12 = @ruby_binary_langleequal +| 13 = @ruby_binary_langleequalrangle +| 14 = @ruby_binary_equalequal +| 15 = @ruby_binary_equalequalequal +| 16 = @ruby_binary_equaltilde +| 17 = @ruby_binary_rangle +| 18 = @ruby_binary_rangleequal +| 19 = @ruby_binary_ranglerangle +| 20 = @ruby_binary_caret +| 21 = @ruby_binary_and +| 22 = @ruby_binary_or +| 23 = @ruby_binary_pipe +| 24 = @ruby_binary_pipepipe +; + + +ruby_binary_def( + unique int id: @ruby_binary, + int left: @ruby_binary_left_type ref, + int operator: int ref, + int right: @ruby_underscore_expression ref +); + +ruby_block_body( + unique int ruby_block: @ruby_block ref, + unique int body: @ruby_block_body ref +); + +ruby_block_parameters( + unique int ruby_block: @ruby_block ref, + unique int parameters: @ruby_block_parameters ref +); + +ruby_block_def( + unique int id: @ruby_block +); + +ruby_block_argument_child( + unique int ruby_block_argument: @ruby_block_argument ref, + unique int child: @ruby_underscore_arg ref +); + +ruby_block_argument_def( + unique int id: @ruby_block_argument +); + +@ruby_block_body_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_block_body, index] +ruby_block_body_child( + int ruby_block_body: @ruby_block_body ref, + int index: int ref, + unique int child: @ruby_block_body_child_type ref +); + +ruby_block_body_def( + unique int id: @ruby_block_body +); + +ruby_block_parameter_name( + unique int ruby_block_parameter: @ruby_block_parameter ref, + unique int name: @ruby_token_identifier ref +); + +ruby_block_parameter_def( + unique int id: @ruby_block_parameter +); + +#keyset[ruby_block_parameters, index] +ruby_block_parameters_locals( + int ruby_block_parameters: @ruby_block_parameters ref, + int index: int ref, + unique int locals: @ruby_token_identifier ref +); + +@ruby_block_parameters_child_type = @ruby_block_parameter | @ruby_destructured_parameter | @ruby_hash_splat_parameter | @ruby_keyword_parameter | @ruby_optional_parameter | @ruby_splat_parameter | @ruby_token_forward_parameter | @ruby_token_hash_splat_nil | @ruby_token_identifier + +#keyset[ruby_block_parameters, index] +ruby_block_parameters_child( + int ruby_block_parameters: @ruby_block_parameters ref, + int index: int ref, + unique int child: @ruby_block_parameters_child_type ref +); + +ruby_block_parameters_def( + unique int id: @ruby_block_parameters +); + +@ruby_body_statement_child_type = @ruby_else | @ruby_ensure | @ruby_rescue | @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_body_statement, index] +ruby_body_statement_child( + int ruby_body_statement: @ruby_body_statement ref, + int index: int ref, + unique int child: @ruby_body_statement_child_type ref +); + +ruby_body_statement_def( + unique int id: @ruby_body_statement +); + +ruby_break_child( + unique int ruby_break: @ruby_break ref, + unique int child: @ruby_argument_list ref +); + +ruby_break_def( + unique int id: @ruby_break +); + +ruby_call_arguments( + unique int ruby_call: @ruby_call ref, + unique int arguments: @ruby_argument_list ref +); + +@ruby_call_block_type = @ruby_block | @ruby_do_block + +ruby_call_block( + unique int ruby_call: @ruby_call ref, + unique int block: @ruby_call_block_type ref +); + +@ruby_call_method_type = @ruby_token_operator | @ruby_underscore_variable + +ruby_call_method( + unique int ruby_call: @ruby_call ref, + unique int method: @ruby_call_method_type ref +); + +ruby_call_operator( + unique int ruby_call: @ruby_call ref, + unique int operator: @ruby_underscore_call_operator ref +); + +ruby_call_receiver( + unique int ruby_call: @ruby_call ref, + unique int receiver: @ruby_underscore_primary ref +); + +ruby_call_def( + unique int id: @ruby_call +); + +ruby_case_value( + unique int ruby_case__: @ruby_case__ ref, + unique int value: @ruby_underscore_statement ref +); + +@ruby_case_child_type = @ruby_else | @ruby_when + +#keyset[ruby_case__, index] +ruby_case_child( + int ruby_case__: @ruby_case__ ref, + int index: int ref, + unique int child: @ruby_case_child_type ref +); + +ruby_case_def( + unique int id: @ruby_case__ +); + +#keyset[ruby_case_match, index] +ruby_case_match_clauses( + int ruby_case_match: @ruby_case_match ref, + int index: int ref, + unique int clauses: @ruby_in_clause ref +); + +ruby_case_match_else( + unique int ruby_case_match: @ruby_case_match ref, + unique int else: @ruby_else ref +); + +ruby_case_match_def( + unique int id: @ruby_case_match, + int value: @ruby_underscore_statement ref +); + +#keyset[ruby_chained_string, index] +ruby_chained_string_child( + int ruby_chained_string: @ruby_chained_string ref, + int index: int ref, + unique int child: @ruby_string__ ref +); + +ruby_chained_string_def( + unique int id: @ruby_chained_string +); + +ruby_class_body( + unique int ruby_class: @ruby_class ref, + unique int body: @ruby_body_statement ref +); + +@ruby_class_name_type = @ruby_scope_resolution | @ruby_token_constant + +ruby_class_superclass( + unique int ruby_class: @ruby_class ref, + unique int superclass: @ruby_superclass ref +); + +ruby_class_def( + unique int id: @ruby_class, + int name: @ruby_class_name_type ref +); + +@ruby_complex_child_type = @ruby_rational | @ruby_token_float | @ruby_token_integer + +ruby_complex_def( + unique int id: @ruby_complex, + int child: @ruby_complex_child_type ref +); + +ruby_conditional_def( + unique int id: @ruby_conditional, + int alternative: @ruby_underscore_arg ref, + int condition: @ruby_underscore_arg ref, + int consequence: @ruby_underscore_arg ref +); + +@ruby_delimited_symbol_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_delimited_symbol, index] +ruby_delimited_symbol_child( + int ruby_delimited_symbol: @ruby_delimited_symbol ref, + int index: int ref, + unique int child: @ruby_delimited_symbol_child_type ref +); + +ruby_delimited_symbol_def( + unique int id: @ruby_delimited_symbol +); + +@ruby_destructured_left_assignment_child_type = @ruby_destructured_left_assignment | @ruby_rest_assignment | @ruby_underscore_lhs + +#keyset[ruby_destructured_left_assignment, index] +ruby_destructured_left_assignment_child( + int ruby_destructured_left_assignment: @ruby_destructured_left_assignment ref, + int index: int ref, + unique int child: @ruby_destructured_left_assignment_child_type ref +); + +ruby_destructured_left_assignment_def( + unique int id: @ruby_destructured_left_assignment +); + +@ruby_destructured_parameter_child_type = @ruby_block_parameter | @ruby_destructured_parameter | @ruby_hash_splat_parameter | @ruby_keyword_parameter | @ruby_optional_parameter | @ruby_splat_parameter | @ruby_token_forward_parameter | @ruby_token_hash_splat_nil | @ruby_token_identifier + +#keyset[ruby_destructured_parameter, index] +ruby_destructured_parameter_child( + int ruby_destructured_parameter: @ruby_destructured_parameter ref, + int index: int ref, + unique int child: @ruby_destructured_parameter_child_type ref +); + +ruby_destructured_parameter_def( + unique int id: @ruby_destructured_parameter +); + +@ruby_do_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_do, index] +ruby_do_child( + int ruby_do: @ruby_do ref, + int index: int ref, + unique int child: @ruby_do_child_type ref +); + +ruby_do_def( + unique int id: @ruby_do +); + +ruby_do_block_body( + unique int ruby_do_block: @ruby_do_block ref, + unique int body: @ruby_body_statement ref +); + +ruby_do_block_parameters( + unique int ruby_do_block: @ruby_do_block ref, + unique int parameters: @ruby_block_parameters ref +); + +ruby_do_block_def( + unique int id: @ruby_do_block +); + +@ruby_element_reference_child_type = @ruby_block_argument | @ruby_hash_splat_argument | @ruby_pair | @ruby_splat_argument | @ruby_token_forward_argument | @ruby_underscore_expression + +#keyset[ruby_element_reference, index] +ruby_element_reference_child( + int ruby_element_reference: @ruby_element_reference ref, + int index: int ref, + unique int child: @ruby_element_reference_child_type ref +); + +ruby_element_reference_def( + unique int id: @ruby_element_reference, + int object: @ruby_underscore_primary ref +); + +@ruby_else_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_else, index] +ruby_else_child( + int ruby_else: @ruby_else ref, + int index: int ref, + unique int child: @ruby_else_child_type ref +); + +ruby_else_def( + unique int id: @ruby_else +); + +@ruby_elsif_alternative_type = @ruby_else | @ruby_elsif + +ruby_elsif_alternative( + unique int ruby_elsif: @ruby_elsif ref, + unique int alternative: @ruby_elsif_alternative_type ref +); + +ruby_elsif_consequence( + unique int ruby_elsif: @ruby_elsif ref, + unique int consequence: @ruby_then ref +); + +ruby_elsif_def( + unique int id: @ruby_elsif, + int condition: @ruby_underscore_statement ref +); + +@ruby_end_block_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_end_block, index] +ruby_end_block_child( + int ruby_end_block: @ruby_end_block ref, + int index: int ref, + unique int child: @ruby_end_block_child_type ref +); + +ruby_end_block_def( + unique int id: @ruby_end_block +); + +@ruby_ensure_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_ensure, index] +ruby_ensure_child( + int ruby_ensure: @ruby_ensure ref, + int index: int ref, + unique int child: @ruby_ensure_child_type ref +); + +ruby_ensure_def( + unique int id: @ruby_ensure +); + +ruby_exception_variable_def( + unique int id: @ruby_exception_variable, + int child: @ruby_underscore_lhs ref +); + +@ruby_exceptions_child_type = @ruby_splat_argument | @ruby_underscore_arg + +#keyset[ruby_exceptions, index] +ruby_exceptions_child( + int ruby_exceptions: @ruby_exceptions ref, + int index: int ref, + unique int child: @ruby_exceptions_child_type ref +); + +ruby_exceptions_def( + unique int id: @ruby_exceptions +); + +ruby_expression_reference_pattern_def( + unique int id: @ruby_expression_reference_pattern, + int value: @ruby_underscore_expression ref +); + +ruby_find_pattern_class( + unique int ruby_find_pattern: @ruby_find_pattern ref, + unique int class: @ruby_underscore_pattern_constant ref +); + +@ruby_find_pattern_child_type = @ruby_splat_parameter | @ruby_underscore_pattern_expr + +#keyset[ruby_find_pattern, index] +ruby_find_pattern_child( + int ruby_find_pattern: @ruby_find_pattern ref, + int index: int ref, + unique int child: @ruby_find_pattern_child_type ref +); + +ruby_find_pattern_def( + unique int id: @ruby_find_pattern +); + +@ruby_for_pattern_type = @ruby_left_assignment_list | @ruby_underscore_lhs + +ruby_for_def( + unique int id: @ruby_for, + int body: @ruby_do ref, + int pattern: @ruby_for_pattern_type ref, + int value: @ruby_in ref +); + +@ruby_hash_child_type = @ruby_hash_splat_argument | @ruby_pair + +#keyset[ruby_hash, index] +ruby_hash_child( + int ruby_hash: @ruby_hash ref, + int index: int ref, + unique int child: @ruby_hash_child_type ref +); + +ruby_hash_def( + unique int id: @ruby_hash +); + +ruby_hash_pattern_class( + unique int ruby_hash_pattern: @ruby_hash_pattern ref, + unique int class: @ruby_underscore_pattern_constant ref +); + +@ruby_hash_pattern_child_type = @ruby_hash_splat_parameter | @ruby_keyword_pattern | @ruby_token_hash_splat_nil + +#keyset[ruby_hash_pattern, index] +ruby_hash_pattern_child( + int ruby_hash_pattern: @ruby_hash_pattern ref, + int index: int ref, + unique int child: @ruby_hash_pattern_child_type ref +); + +ruby_hash_pattern_def( + unique int id: @ruby_hash_pattern +); + +ruby_hash_splat_argument_child( + unique int ruby_hash_splat_argument: @ruby_hash_splat_argument ref, + unique int child: @ruby_underscore_arg ref +); + +ruby_hash_splat_argument_def( + unique int id: @ruby_hash_splat_argument +); + +ruby_hash_splat_parameter_name( + unique int ruby_hash_splat_parameter: @ruby_hash_splat_parameter ref, + unique int name: @ruby_token_identifier ref +); + +ruby_hash_splat_parameter_def( + unique int id: @ruby_hash_splat_parameter +); + +@ruby_heredoc_body_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_heredoc_content | @ruby_token_heredoc_end + +#keyset[ruby_heredoc_body, index] +ruby_heredoc_body_child( + int ruby_heredoc_body: @ruby_heredoc_body ref, + int index: int ref, + unique int child: @ruby_heredoc_body_child_type ref +); + +ruby_heredoc_body_def( + unique int id: @ruby_heredoc_body +); + +@ruby_if_alternative_type = @ruby_else | @ruby_elsif + +ruby_if_alternative( + unique int ruby_if: @ruby_if ref, + unique int alternative: @ruby_if_alternative_type ref +); + +ruby_if_consequence( + unique int ruby_if: @ruby_if ref, + unique int consequence: @ruby_then ref +); + +ruby_if_def( + unique int id: @ruby_if, + int condition: @ruby_underscore_statement ref +); + +ruby_if_guard_def( + unique int id: @ruby_if_guard, + int condition: @ruby_underscore_expression ref +); + +ruby_if_modifier_def( + unique int id: @ruby_if_modifier, + int body: @ruby_underscore_statement ref, + int condition: @ruby_underscore_expression ref +); + +ruby_in_def( + unique int id: @ruby_in, + int child: @ruby_underscore_arg ref +); + +ruby_in_clause_body( + unique int ruby_in_clause: @ruby_in_clause ref, + unique int body: @ruby_then ref +); + +@ruby_in_clause_guard_type = @ruby_if_guard | @ruby_unless_guard + +ruby_in_clause_guard( + unique int ruby_in_clause: @ruby_in_clause ref, + unique int guard: @ruby_in_clause_guard_type ref +); + +ruby_in_clause_def( + unique int id: @ruby_in_clause, + int pattern: @ruby_underscore_pattern_top_expr_body ref +); + +@ruby_interpolation_child_type = @ruby_token_empty_statement | @ruby_underscore_nonlocal_variable | @ruby_underscore_statement + +#keyset[ruby_interpolation, index] +ruby_interpolation_child( + int ruby_interpolation: @ruby_interpolation ref, + int index: int ref, + unique int child: @ruby_interpolation_child_type ref +); + +ruby_interpolation_def( + unique int id: @ruby_interpolation +); + +ruby_keyword_parameter_value( + unique int ruby_keyword_parameter: @ruby_keyword_parameter ref, + unique int value: @ruby_underscore_arg ref +); + +ruby_keyword_parameter_def( + unique int id: @ruby_keyword_parameter, + int name: @ruby_token_identifier ref +); + +@ruby_keyword_pattern_key_type = @ruby_string__ | @ruby_token_hash_key_symbol + +ruby_keyword_pattern_value( + unique int ruby_keyword_pattern: @ruby_keyword_pattern ref, + unique int value: @ruby_underscore_pattern_expr ref +); + +ruby_keyword_pattern_def( + unique int id: @ruby_keyword_pattern, + int key__: @ruby_keyword_pattern_key_type ref +); + +@ruby_lambda_body_type = @ruby_block | @ruby_do_block + +ruby_lambda_parameters( + unique int ruby_lambda: @ruby_lambda ref, + unique int parameters: @ruby_lambda_parameters ref +); + +ruby_lambda_def( + unique int id: @ruby_lambda, + int body: @ruby_lambda_body_type ref +); + +@ruby_lambda_parameters_child_type = @ruby_block_parameter | @ruby_destructured_parameter | @ruby_hash_splat_parameter | @ruby_keyword_parameter | @ruby_optional_parameter | @ruby_splat_parameter | @ruby_token_forward_parameter | @ruby_token_hash_splat_nil | @ruby_token_identifier + +#keyset[ruby_lambda_parameters, index] +ruby_lambda_parameters_child( + int ruby_lambda_parameters: @ruby_lambda_parameters ref, + int index: int ref, + unique int child: @ruby_lambda_parameters_child_type ref +); + +ruby_lambda_parameters_def( + unique int id: @ruby_lambda_parameters +); + +@ruby_left_assignment_list_child_type = @ruby_destructured_left_assignment | @ruby_rest_assignment | @ruby_underscore_lhs + +#keyset[ruby_left_assignment_list, index] +ruby_left_assignment_list_child( + int ruby_left_assignment_list: @ruby_left_assignment_list ref, + int index: int ref, + unique int child: @ruby_left_assignment_list_child_type ref +); + +ruby_left_assignment_list_def( + unique int id: @ruby_left_assignment_list +); + +ruby_match_pattern_def( + unique int id: @ruby_match_pattern, + int pattern: @ruby_underscore_pattern_top_expr_body ref, + int value: @ruby_underscore_arg ref +); + +@ruby_method_body_type = @ruby_body_statement | @ruby_rescue_modifier | @ruby_underscore_arg + +ruby_method_body( + unique int ruby_method: @ruby_method ref, + unique int body: @ruby_method_body_type ref +); + +ruby_method_parameters( + unique int ruby_method: @ruby_method ref, + unique int parameters: @ruby_method_parameters ref +); + +ruby_method_def( + unique int id: @ruby_method, + int name: @ruby_underscore_method_name ref +); + +@ruby_method_parameters_child_type = @ruby_block_parameter | @ruby_destructured_parameter | @ruby_hash_splat_parameter | @ruby_keyword_parameter | @ruby_optional_parameter | @ruby_splat_parameter | @ruby_token_forward_parameter | @ruby_token_hash_splat_nil | @ruby_token_identifier + +#keyset[ruby_method_parameters, index] +ruby_method_parameters_child( + int ruby_method_parameters: @ruby_method_parameters ref, + int index: int ref, + unique int child: @ruby_method_parameters_child_type ref +); + +ruby_method_parameters_def( + unique int id: @ruby_method_parameters +); + +ruby_module_body( + unique int ruby_module: @ruby_module ref, + unique int body: @ruby_body_statement ref +); + +@ruby_module_name_type = @ruby_scope_resolution | @ruby_token_constant + +ruby_module_def( + unique int id: @ruby_module, + int name: @ruby_module_name_type ref +); + +ruby_next_child( + unique int ruby_next: @ruby_next ref, + unique int child: @ruby_argument_list ref +); + +ruby_next_def( + unique int id: @ruby_next +); + +case @ruby_operator_assignment.operator of + 0 = @ruby_operator_assignment_percentequal +| 1 = @ruby_operator_assignment_ampersandampersandequal +| 2 = @ruby_operator_assignment_ampersandequal +| 3 = @ruby_operator_assignment_starstarequal +| 4 = @ruby_operator_assignment_starequal +| 5 = @ruby_operator_assignment_plusequal +| 6 = @ruby_operator_assignment_minusequal +| 7 = @ruby_operator_assignment_slashequal +| 8 = @ruby_operator_assignment_langlelangleequal +| 9 = @ruby_operator_assignment_ranglerangleequal +| 10 = @ruby_operator_assignment_caretequal +| 11 = @ruby_operator_assignment_pipeequal +| 12 = @ruby_operator_assignment_pipepipeequal +; + + +@ruby_operator_assignment_right_type = @ruby_rescue_modifier | @ruby_underscore_expression + +ruby_operator_assignment_def( + unique int id: @ruby_operator_assignment, + int left: @ruby_underscore_lhs ref, + int operator: int ref, + int right: @ruby_operator_assignment_right_type ref +); + +ruby_optional_parameter_def( + unique int id: @ruby_optional_parameter, + int name: @ruby_token_identifier ref, + int value: @ruby_underscore_arg ref +); + +@ruby_pair_key_type = @ruby_string__ | @ruby_token_hash_key_symbol | @ruby_underscore_arg + +ruby_pair_value( + unique int ruby_pair: @ruby_pair ref, + unique int value: @ruby_underscore_arg ref +); + +ruby_pair_def( + unique int id: @ruby_pair, + int key__: @ruby_pair_key_type ref +); + +ruby_parenthesized_pattern_def( + unique int id: @ruby_parenthesized_pattern, + int child: @ruby_underscore_pattern_expr ref +); + +@ruby_parenthesized_statements_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_parenthesized_statements, index] +ruby_parenthesized_statements_child( + int ruby_parenthesized_statements: @ruby_parenthesized_statements ref, + int index: int ref, + unique int child: @ruby_parenthesized_statements_child_type ref +); + +ruby_parenthesized_statements_def( + unique int id: @ruby_parenthesized_statements +); + +@ruby_pattern_child_type = @ruby_splat_argument | @ruby_underscore_arg + +ruby_pattern_def( + unique int id: @ruby_pattern, + int child: @ruby_pattern_child_type ref +); + +@ruby_program_child_type = @ruby_token_empty_statement | @ruby_token_uninterpreted | @ruby_underscore_statement + +#keyset[ruby_program, index] +ruby_program_child( + int ruby_program: @ruby_program ref, + int index: int ref, + unique int child: @ruby_program_child_type ref +); + +ruby_program_def( + unique int id: @ruby_program +); + +@ruby_range_begin_type = @ruby_underscore_arg | @ruby_underscore_pattern_primitive + +ruby_range_begin( + unique int ruby_range: @ruby_range ref, + unique int begin: @ruby_range_begin_type ref +); + +@ruby_range_end_type = @ruby_underscore_arg | @ruby_underscore_pattern_primitive + +ruby_range_end( + unique int ruby_range: @ruby_range ref, + unique int end: @ruby_range_end_type ref +); + +case @ruby_range.operator of + 0 = @ruby_range_dotdot +| 1 = @ruby_range_dotdotdot +; + + +ruby_range_def( + unique int id: @ruby_range, + int operator: int ref +); + +@ruby_rational_child_type = @ruby_token_float | @ruby_token_integer + +ruby_rational_def( + unique int id: @ruby_rational, + int child: @ruby_rational_child_type ref +); + +ruby_redo_child( + unique int ruby_redo: @ruby_redo ref, + unique int child: @ruby_argument_list ref +); + +ruby_redo_def( + unique int id: @ruby_redo +); + +@ruby_regex_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_regex, index] +ruby_regex_child( + int ruby_regex: @ruby_regex ref, + int index: int ref, + unique int child: @ruby_regex_child_type ref +); + +ruby_regex_def( + unique int id: @ruby_regex +); + +ruby_rescue_body( + unique int ruby_rescue: @ruby_rescue ref, + unique int body: @ruby_then ref +); + +ruby_rescue_exceptions( + unique int ruby_rescue: @ruby_rescue ref, + unique int exceptions: @ruby_exceptions ref +); + +ruby_rescue_variable( + unique int ruby_rescue: @ruby_rescue ref, + unique int variable: @ruby_exception_variable ref +); + +ruby_rescue_def( + unique int id: @ruby_rescue +); + +@ruby_rescue_modifier_body_type = @ruby_underscore_arg | @ruby_underscore_statement + +ruby_rescue_modifier_def( + unique int id: @ruby_rescue_modifier, + int body: @ruby_rescue_modifier_body_type ref, + int handler: @ruby_underscore_expression ref +); + +ruby_rest_assignment_child( + unique int ruby_rest_assignment: @ruby_rest_assignment ref, + unique int child: @ruby_underscore_lhs ref +); + +ruby_rest_assignment_def( + unique int id: @ruby_rest_assignment +); + +ruby_retry_child( + unique int ruby_retry: @ruby_retry ref, + unique int child: @ruby_argument_list ref +); + +ruby_retry_def( + unique int id: @ruby_retry +); + +ruby_return_child( + unique int ruby_return: @ruby_return ref, + unique int child: @ruby_argument_list ref +); + +ruby_return_def( + unique int id: @ruby_return +); + +@ruby_right_assignment_list_child_type = @ruby_splat_argument | @ruby_underscore_arg + +#keyset[ruby_right_assignment_list, index] +ruby_right_assignment_list_child( + int ruby_right_assignment_list: @ruby_right_assignment_list ref, + int index: int ref, + unique int child: @ruby_right_assignment_list_child_type ref +); + +ruby_right_assignment_list_def( + unique int id: @ruby_right_assignment_list +); + +@ruby_scope_resolution_scope_type = @ruby_underscore_pattern_constant | @ruby_underscore_primary + +ruby_scope_resolution_scope( + unique int ruby_scope_resolution: @ruby_scope_resolution ref, + unique int scope: @ruby_scope_resolution_scope_type ref +); + +ruby_scope_resolution_def( + unique int id: @ruby_scope_resolution, + int name: @ruby_token_constant ref +); + +ruby_setter_def( + unique int id: @ruby_setter, + int name: @ruby_token_identifier ref +); + +ruby_singleton_class_body( + unique int ruby_singleton_class: @ruby_singleton_class ref, + unique int body: @ruby_body_statement ref +); + +ruby_singleton_class_def( + unique int id: @ruby_singleton_class, + int value: @ruby_underscore_arg ref +); + +@ruby_singleton_method_body_type = @ruby_body_statement | @ruby_rescue_modifier | @ruby_underscore_arg + +ruby_singleton_method_body( + unique int ruby_singleton_method: @ruby_singleton_method ref, + unique int body: @ruby_singleton_method_body_type ref +); + +@ruby_singleton_method_object_type = @ruby_underscore_arg | @ruby_underscore_variable + +ruby_singleton_method_parameters( + unique int ruby_singleton_method: @ruby_singleton_method ref, + unique int parameters: @ruby_method_parameters ref +); + +ruby_singleton_method_def( + unique int id: @ruby_singleton_method, + int name: @ruby_underscore_method_name ref, + int object: @ruby_singleton_method_object_type ref +); + +ruby_splat_argument_child( + unique int ruby_splat_argument: @ruby_splat_argument ref, + unique int child: @ruby_underscore_arg ref +); + +ruby_splat_argument_def( + unique int id: @ruby_splat_argument +); + +ruby_splat_parameter_name( + unique int ruby_splat_parameter: @ruby_splat_parameter ref, + unique int name: @ruby_token_identifier ref +); + +ruby_splat_parameter_def( + unique int id: @ruby_splat_parameter +); + +@ruby_string_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_string__, index] +ruby_string_child( + int ruby_string__: @ruby_string__ ref, + int index: int ref, + unique int child: @ruby_string_child_type ref +); + +ruby_string_def( + unique int id: @ruby_string__ +); + +#keyset[ruby_string_array, index] +ruby_string_array_child( + int ruby_string_array: @ruby_string_array ref, + int index: int ref, + unique int child: @ruby_bare_string ref +); + +ruby_string_array_def( + unique int id: @ruby_string_array +); + +@ruby_subshell_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_subshell, index] +ruby_subshell_child( + int ruby_subshell: @ruby_subshell ref, + int index: int ref, + unique int child: @ruby_subshell_child_type ref +); + +ruby_subshell_def( + unique int id: @ruby_subshell +); + +ruby_superclass_def( + unique int id: @ruby_superclass, + int child: @ruby_underscore_expression ref +); + +#keyset[ruby_symbol_array, index] +ruby_symbol_array_child( + int ruby_symbol_array: @ruby_symbol_array ref, + int index: int ref, + unique int child: @ruby_bare_symbol ref +); + +ruby_symbol_array_def( + unique int id: @ruby_symbol_array +); + +ruby_test_pattern_def( + unique int id: @ruby_test_pattern, + int pattern: @ruby_underscore_pattern_top_expr_body ref, + int value: @ruby_underscore_arg ref +); + +@ruby_then_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_then, index] +ruby_then_child( + int ruby_then: @ruby_then ref, + int index: int ref, + unique int child: @ruby_then_child_type ref +); + +ruby_then_def( + unique int id: @ruby_then +); + +@ruby_unary_operand_type = @ruby_parenthesized_statements | @ruby_underscore_expression | @ruby_underscore_simple_numeric + +case @ruby_unary.operator of + 0 = @ruby_unary_bang +| 1 = @ruby_unary_plus +| 2 = @ruby_unary_minus +| 3 = @ruby_unary_definedquestion +| 4 = @ruby_unary_not +| 5 = @ruby_unary_tilde +; + + +ruby_unary_def( + unique int id: @ruby_unary, + int operand: @ruby_unary_operand_type ref, + int operator: int ref +); + +#keyset[ruby_undef, index] +ruby_undef_child( + int ruby_undef: @ruby_undef ref, + int index: int ref, + unique int child: @ruby_underscore_method_name ref +); + +ruby_undef_def( + unique int id: @ruby_undef +); + +@ruby_unless_alternative_type = @ruby_else | @ruby_elsif + +ruby_unless_alternative( + unique int ruby_unless: @ruby_unless ref, + unique int alternative: @ruby_unless_alternative_type ref +); + +ruby_unless_consequence( + unique int ruby_unless: @ruby_unless ref, + unique int consequence: @ruby_then ref +); + +ruby_unless_def( + unique int id: @ruby_unless, + int condition: @ruby_underscore_statement ref +); + +ruby_unless_guard_def( + unique int id: @ruby_unless_guard, + int condition: @ruby_underscore_expression ref +); + +ruby_unless_modifier_def( + unique int id: @ruby_unless_modifier, + int body: @ruby_underscore_statement ref, + int condition: @ruby_underscore_expression ref +); + +ruby_until_def( + unique int id: @ruby_until, + int body: @ruby_do ref, + int condition: @ruby_underscore_statement ref +); + +ruby_until_modifier_def( + unique int id: @ruby_until_modifier, + int body: @ruby_underscore_statement ref, + int condition: @ruby_underscore_expression ref +); + +@ruby_variable_reference_pattern_name_type = @ruby_token_identifier | @ruby_underscore_nonlocal_variable + +ruby_variable_reference_pattern_def( + unique int id: @ruby_variable_reference_pattern, + int name: @ruby_variable_reference_pattern_name_type ref +); + +ruby_when_body( + unique int ruby_when: @ruby_when ref, + unique int body: @ruby_then ref +); + +#keyset[ruby_when, index] +ruby_when_pattern( + int ruby_when: @ruby_when ref, + int index: int ref, + unique int pattern: @ruby_pattern ref +); + +ruby_when_def( + unique int id: @ruby_when +); + +ruby_while_def( + unique int id: @ruby_while, + int body: @ruby_do ref, + int condition: @ruby_underscore_statement ref +); + +ruby_while_modifier_def( + unique int id: @ruby_while_modifier, + int body: @ruby_underscore_statement ref, + int condition: @ruby_underscore_expression ref +); + +ruby_yield_child( + unique int ruby_yield: @ruby_yield ref, + unique int child: @ruby_argument_list ref +); + +ruby_yield_def( + unique int id: @ruby_yield +); + +ruby_tokeninfo( + unique int id: @ruby_token, + int kind: int ref, + string value: string ref +); + +case @ruby_token.kind of + 0 = @ruby_reserved_word +| 1 = @ruby_token_character +| 2 = @ruby_token_class_variable +| 3 = @ruby_token_comment +| 4 = @ruby_token_constant +| 5 = @ruby_token_empty_statement +| 6 = @ruby_token_encoding +| 7 = @ruby_token_escape_sequence +| 8 = @ruby_token_false +| 9 = @ruby_token_file +| 10 = @ruby_token_float +| 11 = @ruby_token_forward_argument +| 12 = @ruby_token_forward_parameter +| 13 = @ruby_token_global_variable +| 14 = @ruby_token_hash_key_symbol +| 15 = @ruby_token_hash_splat_nil +| 16 = @ruby_token_heredoc_beginning +| 17 = @ruby_token_heredoc_content +| 18 = @ruby_token_heredoc_end +| 19 = @ruby_token_identifier +| 20 = @ruby_token_instance_variable +| 21 = @ruby_token_integer +| 22 = @ruby_token_line +| 23 = @ruby_token_nil +| 24 = @ruby_token_operator +| 25 = @ruby_token_self +| 26 = @ruby_token_simple_symbol +| 27 = @ruby_token_string_content +| 28 = @ruby_token_super +| 29 = @ruby_token_true +| 30 = @ruby_token_uninterpreted +; + + +@ruby_ast_node = @ruby_alias | @ruby_alternative_pattern | @ruby_argument_list | @ruby_array | @ruby_array_pattern | @ruby_as_pattern | @ruby_assignment | @ruby_bare_string | @ruby_bare_symbol | @ruby_begin | @ruby_begin_block | @ruby_binary | @ruby_block | @ruby_block_argument | @ruby_block_body | @ruby_block_parameter | @ruby_block_parameters | @ruby_body_statement | @ruby_break | @ruby_call | @ruby_case__ | @ruby_case_match | @ruby_chained_string | @ruby_class | @ruby_complex | @ruby_conditional | @ruby_delimited_symbol | @ruby_destructured_left_assignment | @ruby_destructured_parameter | @ruby_do | @ruby_do_block | @ruby_element_reference | @ruby_else | @ruby_elsif | @ruby_end_block | @ruby_ensure | @ruby_exception_variable | @ruby_exceptions | @ruby_expression_reference_pattern | @ruby_find_pattern | @ruby_for | @ruby_hash | @ruby_hash_pattern | @ruby_hash_splat_argument | @ruby_hash_splat_parameter | @ruby_heredoc_body | @ruby_if | @ruby_if_guard | @ruby_if_modifier | @ruby_in | @ruby_in_clause | @ruby_interpolation | @ruby_keyword_parameter | @ruby_keyword_pattern | @ruby_lambda | @ruby_lambda_parameters | @ruby_left_assignment_list | @ruby_match_pattern | @ruby_method | @ruby_method_parameters | @ruby_module | @ruby_next | @ruby_operator_assignment | @ruby_optional_parameter | @ruby_pair | @ruby_parenthesized_pattern | @ruby_parenthesized_statements | @ruby_pattern | @ruby_program | @ruby_range | @ruby_rational | @ruby_redo | @ruby_regex | @ruby_rescue | @ruby_rescue_modifier | @ruby_rest_assignment | @ruby_retry | @ruby_return | @ruby_right_assignment_list | @ruby_scope_resolution | @ruby_setter | @ruby_singleton_class | @ruby_singleton_method | @ruby_splat_argument | @ruby_splat_parameter | @ruby_string__ | @ruby_string_array | @ruby_subshell | @ruby_superclass | @ruby_symbol_array | @ruby_test_pattern | @ruby_then | @ruby_token | @ruby_unary | @ruby_undef | @ruby_unless | @ruby_unless_guard | @ruby_unless_modifier | @ruby_until | @ruby_until_modifier | @ruby_variable_reference_pattern | @ruby_when | @ruby_while | @ruby_while_modifier | @ruby_yield + +@ruby_ast_node_parent = @file | @ruby_ast_node + +#keyset[parent, parent_index] +ruby_ast_node_info( + unique int node: @ruby_ast_node ref, + int parent: @ruby_ast_node_parent ref, + int parent_index: int ref, + int loc: @location_default ref +); + +/*- Erb dbscheme -*/ +erb_comment_directive_child( + unique int erb_comment_directive: @erb_comment_directive ref, + unique int child: @erb_token_comment ref +); + +erb_comment_directive_def( + unique int id: @erb_comment_directive +); + +erb_directive_child( + unique int erb_directive: @erb_directive ref, + unique int child: @erb_token_code ref +); + +erb_directive_def( + unique int id: @erb_directive +); + +erb_graphql_directive_child( + unique int erb_graphql_directive: @erb_graphql_directive ref, + unique int child: @erb_token_code ref +); + +erb_graphql_directive_def( + unique int id: @erb_graphql_directive +); + +erb_output_directive_child( + unique int erb_output_directive: @erb_output_directive ref, + unique int child: @erb_token_code ref +); + +erb_output_directive_def( + unique int id: @erb_output_directive +); + +@erb_template_child_type = @erb_comment_directive | @erb_directive | @erb_graphql_directive | @erb_output_directive | @erb_token_content + +#keyset[erb_template, index] +erb_template_child( + int erb_template: @erb_template ref, + int index: int ref, + unique int child: @erb_template_child_type ref +); + +erb_template_def( + unique int id: @erb_template +); + +erb_tokeninfo( + unique int id: @erb_token, + int kind: int ref, + string value: string ref +); + +case @erb_token.kind of + 0 = @erb_reserved_word +| 1 = @erb_token_code +| 2 = @erb_token_comment +| 3 = @erb_token_content +; + + +@erb_ast_node = @erb_comment_directive | @erb_directive | @erb_graphql_directive | @erb_output_directive | @erb_template | @erb_token + +@erb_ast_node_parent = @erb_ast_node | @file + +#keyset[parent, parent_index] +erb_ast_node_info( + unique int node: @erb_ast_node ref, + int parent: @erb_ast_node_parent ref, + int parent_index: int ref, + int loc: @location_default ref +); + diff --git a/ruby/downgrades/f9f0f4023e433184fda76f595247bf448b782135/ruby.dbscheme b/ruby/downgrades/f9f0f4023e433184fda76f595247bf448b782135/ruby.dbscheme new file mode 100644 index 00000000000..ff289788b15 --- /dev/null +++ b/ruby/downgrades/f9f0f4023e433184fda76f595247bf448b782135/ruby.dbscheme @@ -0,0 +1,1455 @@ +// CodeQL database schema for Ruby +// Automatically generated from the tree-sitter grammar; do not edit + +@location = @location_default + +locations_default( + unique int id: @location_default, + int file: @file ref, + int start_line: int ref, + int start_column: int ref, + int end_line: int ref, + int end_column: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +sourceLocationPrefix( + string prefix: string ref +); + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +case @diagnostic.severity of + 10 = @diagnostic_debug +| 20 = @diagnostic_info +| 30 = @diagnostic_warning +| 40 = @diagnostic_error +; + + +@ruby_underscore_arg = @ruby_assignment | @ruby_binary | @ruby_conditional | @ruby_operator_assignment | @ruby_range | @ruby_unary | @ruby_underscore_primary + +@ruby_underscore_call_operator = @ruby_reserved_word + +@ruby_underscore_expression = @ruby_assignment | @ruby_binary | @ruby_break | @ruby_call | @ruby_match_pattern | @ruby_next | @ruby_operator_assignment | @ruby_return | @ruby_test_pattern | @ruby_unary | @ruby_underscore_arg | @ruby_yield + +@ruby_underscore_lhs = @ruby_call | @ruby_element_reference | @ruby_scope_resolution | @ruby_token_false | @ruby_token_nil | @ruby_token_true | @ruby_underscore_variable + +@ruby_underscore_method_name = @ruby_delimited_symbol | @ruby_setter | @ruby_token_constant | @ruby_token_identifier | @ruby_token_operator | @ruby_token_simple_symbol | @ruby_underscore_nonlocal_variable + +@ruby_underscore_nonlocal_variable = @ruby_token_class_variable | @ruby_token_global_variable | @ruby_token_instance_variable + +@ruby_underscore_pattern_constant = @ruby_scope_resolution | @ruby_token_constant + +@ruby_underscore_pattern_expr = @ruby_alternative_pattern | @ruby_as_pattern | @ruby_underscore_pattern_expr_basic + +@ruby_underscore_pattern_expr_basic = @ruby_array_pattern | @ruby_expression_reference_pattern | @ruby_find_pattern | @ruby_hash_pattern | @ruby_parenthesized_pattern | @ruby_range | @ruby_token_identifier | @ruby_underscore_pattern_constant | @ruby_underscore_pattern_primitive | @ruby_variable_reference_pattern + +@ruby_underscore_pattern_primitive = @ruby_delimited_symbol | @ruby_lambda | @ruby_regex | @ruby_string__ | @ruby_string_array | @ruby_subshell | @ruby_symbol_array | @ruby_token_encoding | @ruby_token_false | @ruby_token_file | @ruby_token_heredoc_beginning | @ruby_token_line | @ruby_token_nil | @ruby_token_self | @ruby_token_simple_symbol | @ruby_token_true | @ruby_unary | @ruby_underscore_simple_numeric + +@ruby_underscore_pattern_top_expr_body = @ruby_array_pattern | @ruby_find_pattern | @ruby_hash_pattern | @ruby_underscore_pattern_expr + +@ruby_underscore_primary = @ruby_array | @ruby_begin | @ruby_break | @ruby_call | @ruby_case__ | @ruby_case_match | @ruby_chained_string | @ruby_class | @ruby_delimited_symbol | @ruby_for | @ruby_hash | @ruby_if | @ruby_lambda | @ruby_method | @ruby_module | @ruby_next | @ruby_parenthesized_statements | @ruby_redo | @ruby_regex | @ruby_retry | @ruby_return | @ruby_singleton_class | @ruby_singleton_method | @ruby_string__ | @ruby_string_array | @ruby_subshell | @ruby_symbol_array | @ruby_token_character | @ruby_token_heredoc_beginning | @ruby_token_simple_symbol | @ruby_unary | @ruby_underscore_lhs | @ruby_underscore_simple_numeric | @ruby_unless | @ruby_until | @ruby_while | @ruby_yield + +@ruby_underscore_simple_numeric = @ruby_complex | @ruby_rational | @ruby_token_float | @ruby_token_integer + +@ruby_underscore_statement = @ruby_alias | @ruby_begin_block | @ruby_end_block | @ruby_if_modifier | @ruby_rescue_modifier | @ruby_undef | @ruby_underscore_expression | @ruby_unless_modifier | @ruby_until_modifier | @ruby_while_modifier + +@ruby_underscore_variable = @ruby_token_constant | @ruby_token_identifier | @ruby_token_self | @ruby_token_super | @ruby_underscore_nonlocal_variable + +ruby_alias_def( + unique int id: @ruby_alias, + int alias: @ruby_underscore_method_name ref, + int name: @ruby_underscore_method_name ref +); + +#keyset[ruby_alternative_pattern, index] +ruby_alternative_pattern_alternatives( + int ruby_alternative_pattern: @ruby_alternative_pattern ref, + int index: int ref, + unique int alternatives: @ruby_underscore_pattern_expr_basic ref +); + +ruby_alternative_pattern_def( + unique int id: @ruby_alternative_pattern +); + +@ruby_argument_list_child_type = @ruby_block_argument | @ruby_hash_splat_argument | @ruby_pair | @ruby_splat_argument | @ruby_token_forward_argument | @ruby_underscore_expression + +#keyset[ruby_argument_list, index] +ruby_argument_list_child( + int ruby_argument_list: @ruby_argument_list ref, + int index: int ref, + unique int child: @ruby_argument_list_child_type ref +); + +ruby_argument_list_def( + unique int id: @ruby_argument_list +); + +@ruby_array_child_type = @ruby_block_argument | @ruby_hash_splat_argument | @ruby_pair | @ruby_splat_argument | @ruby_token_forward_argument | @ruby_underscore_expression + +#keyset[ruby_array, index] +ruby_array_child( + int ruby_array: @ruby_array ref, + int index: int ref, + unique int child: @ruby_array_child_type ref +); + +ruby_array_def( + unique int id: @ruby_array +); + +ruby_array_pattern_class( + unique int ruby_array_pattern: @ruby_array_pattern ref, + unique int class: @ruby_underscore_pattern_constant ref +); + +@ruby_array_pattern_child_type = @ruby_splat_parameter | @ruby_underscore_pattern_expr + +#keyset[ruby_array_pattern, index] +ruby_array_pattern_child( + int ruby_array_pattern: @ruby_array_pattern ref, + int index: int ref, + unique int child: @ruby_array_pattern_child_type ref +); + +ruby_array_pattern_def( + unique int id: @ruby_array_pattern +); + +ruby_as_pattern_def( + unique int id: @ruby_as_pattern, + int name: @ruby_token_identifier ref, + int value: @ruby_underscore_pattern_expr ref +); + +@ruby_assignment_left_type = @ruby_left_assignment_list | @ruby_underscore_lhs + +@ruby_assignment_right_type = @ruby_rescue_modifier | @ruby_right_assignment_list | @ruby_splat_argument | @ruby_underscore_expression + +ruby_assignment_def( + unique int id: @ruby_assignment, + int left: @ruby_assignment_left_type ref, + int right: @ruby_assignment_right_type ref +); + +@ruby_bare_string_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_bare_string, index] +ruby_bare_string_child( + int ruby_bare_string: @ruby_bare_string ref, + int index: int ref, + unique int child: @ruby_bare_string_child_type ref +); + +ruby_bare_string_def( + unique int id: @ruby_bare_string +); + +@ruby_bare_symbol_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_bare_symbol, index] +ruby_bare_symbol_child( + int ruby_bare_symbol: @ruby_bare_symbol ref, + int index: int ref, + unique int child: @ruby_bare_symbol_child_type ref +); + +ruby_bare_symbol_def( + unique int id: @ruby_bare_symbol +); + +@ruby_begin_child_type = @ruby_else | @ruby_ensure | @ruby_rescue | @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_begin, index] +ruby_begin_child( + int ruby_begin: @ruby_begin ref, + int index: int ref, + unique int child: @ruby_begin_child_type ref +); + +ruby_begin_def( + unique int id: @ruby_begin +); + +@ruby_begin_block_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_begin_block, index] +ruby_begin_block_child( + int ruby_begin_block: @ruby_begin_block ref, + int index: int ref, + unique int child: @ruby_begin_block_child_type ref +); + +ruby_begin_block_def( + unique int id: @ruby_begin_block +); + +@ruby_binary_left_type = @ruby_underscore_expression | @ruby_underscore_simple_numeric + +case @ruby_binary.operator of + 0 = @ruby_binary_bangequal +| 1 = @ruby_binary_bangtilde +| 2 = @ruby_binary_percent +| 3 = @ruby_binary_ampersand +| 4 = @ruby_binary_ampersandampersand +| 5 = @ruby_binary_star +| 6 = @ruby_binary_starstar +| 7 = @ruby_binary_plus +| 8 = @ruby_binary_minus +| 9 = @ruby_binary_slash +| 10 = @ruby_binary_langle +| 11 = @ruby_binary_langlelangle +| 12 = @ruby_binary_langleequal +| 13 = @ruby_binary_langleequalrangle +| 14 = @ruby_binary_equalequal +| 15 = @ruby_binary_equalequalequal +| 16 = @ruby_binary_equaltilde +| 17 = @ruby_binary_rangle +| 18 = @ruby_binary_rangleequal +| 19 = @ruby_binary_ranglerangle +| 20 = @ruby_binary_caret +| 21 = @ruby_binary_and +| 22 = @ruby_binary_or +| 23 = @ruby_binary_pipe +| 24 = @ruby_binary_pipepipe +; + + +ruby_binary_def( + unique int id: @ruby_binary, + int left: @ruby_binary_left_type ref, + int operator: int ref, + int right: @ruby_underscore_expression ref +); + +ruby_block_body( + unique int ruby_block: @ruby_block ref, + unique int body: @ruby_block_body ref +); + +ruby_block_parameters( + unique int ruby_block: @ruby_block ref, + unique int parameters: @ruby_block_parameters ref +); + +ruby_block_def( + unique int id: @ruby_block +); + +ruby_block_argument_child( + unique int ruby_block_argument: @ruby_block_argument ref, + unique int child: @ruby_underscore_arg ref +); + +ruby_block_argument_def( + unique int id: @ruby_block_argument +); + +@ruby_block_body_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_block_body, index] +ruby_block_body_child( + int ruby_block_body: @ruby_block_body ref, + int index: int ref, + unique int child: @ruby_block_body_child_type ref +); + +ruby_block_body_def( + unique int id: @ruby_block_body +); + +ruby_block_parameter_name( + unique int ruby_block_parameter: @ruby_block_parameter ref, + unique int name: @ruby_token_identifier ref +); + +ruby_block_parameter_def( + unique int id: @ruby_block_parameter +); + +#keyset[ruby_block_parameters, index] +ruby_block_parameters_locals( + int ruby_block_parameters: @ruby_block_parameters ref, + int index: int ref, + unique int locals: @ruby_token_identifier ref +); + +@ruby_block_parameters_child_type = @ruby_block_parameter | @ruby_destructured_parameter | @ruby_hash_splat_parameter | @ruby_keyword_parameter | @ruby_optional_parameter | @ruby_splat_parameter | @ruby_token_forward_parameter | @ruby_token_hash_splat_nil | @ruby_token_identifier + +#keyset[ruby_block_parameters, index] +ruby_block_parameters_child( + int ruby_block_parameters: @ruby_block_parameters ref, + int index: int ref, + unique int child: @ruby_block_parameters_child_type ref +); + +ruby_block_parameters_def( + unique int id: @ruby_block_parameters +); + +@ruby_body_statement_child_type = @ruby_else | @ruby_ensure | @ruby_rescue | @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_body_statement, index] +ruby_body_statement_child( + int ruby_body_statement: @ruby_body_statement ref, + int index: int ref, + unique int child: @ruby_body_statement_child_type ref +); + +ruby_body_statement_def( + unique int id: @ruby_body_statement +); + +ruby_break_child( + unique int ruby_break: @ruby_break ref, + unique int child: @ruby_argument_list ref +); + +ruby_break_def( + unique int id: @ruby_break +); + +ruby_call_arguments( + unique int ruby_call: @ruby_call ref, + unique int arguments: @ruby_argument_list ref +); + +@ruby_call_block_type = @ruby_block | @ruby_do_block + +ruby_call_block( + unique int ruby_call: @ruby_call ref, + unique int block: @ruby_call_block_type ref +); + +@ruby_call_method_type = @ruby_token_operator | @ruby_underscore_variable + +ruby_call_method( + unique int ruby_call: @ruby_call ref, + unique int method: @ruby_call_method_type ref +); + +ruby_call_operator( + unique int ruby_call: @ruby_call ref, + unique int operator: @ruby_underscore_call_operator ref +); + +ruby_call_receiver( + unique int ruby_call: @ruby_call ref, + unique int receiver: @ruby_underscore_primary ref +); + +ruby_call_def( + unique int id: @ruby_call +); + +ruby_case_value( + unique int ruby_case__: @ruby_case__ ref, + unique int value: @ruby_underscore_statement ref +); + +@ruby_case_child_type = @ruby_else | @ruby_when + +#keyset[ruby_case__, index] +ruby_case_child( + int ruby_case__: @ruby_case__ ref, + int index: int ref, + unique int child: @ruby_case_child_type ref +); + +ruby_case_def( + unique int id: @ruby_case__ +); + +#keyset[ruby_case_match, index] +ruby_case_match_clauses( + int ruby_case_match: @ruby_case_match ref, + int index: int ref, + unique int clauses: @ruby_in_clause ref +); + +ruby_case_match_else( + unique int ruby_case_match: @ruby_case_match ref, + unique int else: @ruby_else ref +); + +ruby_case_match_def( + unique int id: @ruby_case_match, + int value: @ruby_underscore_statement ref +); + +#keyset[ruby_chained_string, index] +ruby_chained_string_child( + int ruby_chained_string: @ruby_chained_string ref, + int index: int ref, + unique int child: @ruby_string__ ref +); + +ruby_chained_string_def( + unique int id: @ruby_chained_string +); + +ruby_class_body( + unique int ruby_class: @ruby_class ref, + unique int body: @ruby_body_statement ref +); + +@ruby_class_name_type = @ruby_scope_resolution | @ruby_token_constant + +ruby_class_superclass( + unique int ruby_class: @ruby_class ref, + unique int superclass: @ruby_superclass ref +); + +ruby_class_def( + unique int id: @ruby_class, + int name: @ruby_class_name_type ref +); + +@ruby_complex_child_type = @ruby_rational | @ruby_token_float | @ruby_token_integer + +ruby_complex_def( + unique int id: @ruby_complex, + int child: @ruby_complex_child_type ref +); + +ruby_conditional_def( + unique int id: @ruby_conditional, + int alternative: @ruby_underscore_arg ref, + int condition: @ruby_underscore_arg ref, + int consequence: @ruby_underscore_arg ref +); + +@ruby_delimited_symbol_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_delimited_symbol, index] +ruby_delimited_symbol_child( + int ruby_delimited_symbol: @ruby_delimited_symbol ref, + int index: int ref, + unique int child: @ruby_delimited_symbol_child_type ref +); + +ruby_delimited_symbol_def( + unique int id: @ruby_delimited_symbol +); + +@ruby_destructured_left_assignment_child_type = @ruby_destructured_left_assignment | @ruby_rest_assignment | @ruby_underscore_lhs + +#keyset[ruby_destructured_left_assignment, index] +ruby_destructured_left_assignment_child( + int ruby_destructured_left_assignment: @ruby_destructured_left_assignment ref, + int index: int ref, + unique int child: @ruby_destructured_left_assignment_child_type ref +); + +ruby_destructured_left_assignment_def( + unique int id: @ruby_destructured_left_assignment +); + +@ruby_destructured_parameter_child_type = @ruby_block_parameter | @ruby_destructured_parameter | @ruby_hash_splat_parameter | @ruby_keyword_parameter | @ruby_optional_parameter | @ruby_splat_parameter | @ruby_token_forward_parameter | @ruby_token_hash_splat_nil | @ruby_token_identifier + +#keyset[ruby_destructured_parameter, index] +ruby_destructured_parameter_child( + int ruby_destructured_parameter: @ruby_destructured_parameter ref, + int index: int ref, + unique int child: @ruby_destructured_parameter_child_type ref +); + +ruby_destructured_parameter_def( + unique int id: @ruby_destructured_parameter +); + +@ruby_do_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_do, index] +ruby_do_child( + int ruby_do: @ruby_do ref, + int index: int ref, + unique int child: @ruby_do_child_type ref +); + +ruby_do_def( + unique int id: @ruby_do +); + +ruby_do_block_body( + unique int ruby_do_block: @ruby_do_block ref, + unique int body: @ruby_body_statement ref +); + +ruby_do_block_parameters( + unique int ruby_do_block: @ruby_do_block ref, + unique int parameters: @ruby_block_parameters ref +); + +ruby_do_block_def( + unique int id: @ruby_do_block +); + +@ruby_element_reference_child_type = @ruby_block_argument | @ruby_hash_splat_argument | @ruby_pair | @ruby_splat_argument | @ruby_token_forward_argument | @ruby_underscore_expression + +#keyset[ruby_element_reference, index] +ruby_element_reference_child( + int ruby_element_reference: @ruby_element_reference ref, + int index: int ref, + unique int child: @ruby_element_reference_child_type ref +); + +ruby_element_reference_def( + unique int id: @ruby_element_reference, + int object: @ruby_underscore_primary ref +); + +@ruby_else_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_else, index] +ruby_else_child( + int ruby_else: @ruby_else ref, + int index: int ref, + unique int child: @ruby_else_child_type ref +); + +ruby_else_def( + unique int id: @ruby_else +); + +@ruby_elsif_alternative_type = @ruby_else | @ruby_elsif + +ruby_elsif_alternative( + unique int ruby_elsif: @ruby_elsif ref, + unique int alternative: @ruby_elsif_alternative_type ref +); + +ruby_elsif_consequence( + unique int ruby_elsif: @ruby_elsif ref, + unique int consequence: @ruby_then ref +); + +ruby_elsif_def( + unique int id: @ruby_elsif, + int condition: @ruby_underscore_statement ref +); + +@ruby_end_block_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_end_block, index] +ruby_end_block_child( + int ruby_end_block: @ruby_end_block ref, + int index: int ref, + unique int child: @ruby_end_block_child_type ref +); + +ruby_end_block_def( + unique int id: @ruby_end_block +); + +@ruby_ensure_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_ensure, index] +ruby_ensure_child( + int ruby_ensure: @ruby_ensure ref, + int index: int ref, + unique int child: @ruby_ensure_child_type ref +); + +ruby_ensure_def( + unique int id: @ruby_ensure +); + +ruby_exception_variable_def( + unique int id: @ruby_exception_variable, + int child: @ruby_underscore_lhs ref +); + +@ruby_exceptions_child_type = @ruby_splat_argument | @ruby_underscore_arg + +#keyset[ruby_exceptions, index] +ruby_exceptions_child( + int ruby_exceptions: @ruby_exceptions ref, + int index: int ref, + unique int child: @ruby_exceptions_child_type ref +); + +ruby_exceptions_def( + unique int id: @ruby_exceptions +); + +ruby_expression_reference_pattern_def( + unique int id: @ruby_expression_reference_pattern, + int value: @ruby_underscore_expression ref +); + +ruby_find_pattern_class( + unique int ruby_find_pattern: @ruby_find_pattern ref, + unique int class: @ruby_underscore_pattern_constant ref +); + +@ruby_find_pattern_child_type = @ruby_splat_parameter | @ruby_underscore_pattern_expr + +#keyset[ruby_find_pattern, index] +ruby_find_pattern_child( + int ruby_find_pattern: @ruby_find_pattern ref, + int index: int ref, + unique int child: @ruby_find_pattern_child_type ref +); + +ruby_find_pattern_def( + unique int id: @ruby_find_pattern +); + +@ruby_for_pattern_type = @ruby_left_assignment_list | @ruby_underscore_lhs + +ruby_for_def( + unique int id: @ruby_for, + int body: @ruby_do ref, + int pattern: @ruby_for_pattern_type ref, + int value: @ruby_in ref +); + +@ruby_hash_child_type = @ruby_hash_splat_argument | @ruby_pair + +#keyset[ruby_hash, index] +ruby_hash_child( + int ruby_hash: @ruby_hash ref, + int index: int ref, + unique int child: @ruby_hash_child_type ref +); + +ruby_hash_def( + unique int id: @ruby_hash +); + +ruby_hash_pattern_class( + unique int ruby_hash_pattern: @ruby_hash_pattern ref, + unique int class: @ruby_underscore_pattern_constant ref +); + +@ruby_hash_pattern_child_type = @ruby_hash_splat_parameter | @ruby_keyword_pattern | @ruby_token_hash_splat_nil + +#keyset[ruby_hash_pattern, index] +ruby_hash_pattern_child( + int ruby_hash_pattern: @ruby_hash_pattern ref, + int index: int ref, + unique int child: @ruby_hash_pattern_child_type ref +); + +ruby_hash_pattern_def( + unique int id: @ruby_hash_pattern +); + +ruby_hash_splat_argument_child( + unique int ruby_hash_splat_argument: @ruby_hash_splat_argument ref, + unique int child: @ruby_underscore_arg ref +); + +ruby_hash_splat_argument_def( + unique int id: @ruby_hash_splat_argument +); + +ruby_hash_splat_parameter_name( + unique int ruby_hash_splat_parameter: @ruby_hash_splat_parameter ref, + unique int name: @ruby_token_identifier ref +); + +ruby_hash_splat_parameter_def( + unique int id: @ruby_hash_splat_parameter +); + +@ruby_heredoc_body_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_heredoc_content | @ruby_token_heredoc_end + +#keyset[ruby_heredoc_body, index] +ruby_heredoc_body_child( + int ruby_heredoc_body: @ruby_heredoc_body ref, + int index: int ref, + unique int child: @ruby_heredoc_body_child_type ref +); + +ruby_heredoc_body_def( + unique int id: @ruby_heredoc_body +); + +@ruby_if_alternative_type = @ruby_else | @ruby_elsif + +ruby_if_alternative( + unique int ruby_if: @ruby_if ref, + unique int alternative: @ruby_if_alternative_type ref +); + +ruby_if_consequence( + unique int ruby_if: @ruby_if ref, + unique int consequence: @ruby_then ref +); + +ruby_if_def( + unique int id: @ruby_if, + int condition: @ruby_underscore_statement ref +); + +ruby_if_guard_def( + unique int id: @ruby_if_guard, + int condition: @ruby_underscore_expression ref +); + +ruby_if_modifier_def( + unique int id: @ruby_if_modifier, + int body: @ruby_underscore_statement ref, + int condition: @ruby_underscore_expression ref +); + +ruby_in_def( + unique int id: @ruby_in, + int child: @ruby_underscore_arg ref +); + +ruby_in_clause_body( + unique int ruby_in_clause: @ruby_in_clause ref, + unique int body: @ruby_then ref +); + +@ruby_in_clause_guard_type = @ruby_if_guard | @ruby_unless_guard + +ruby_in_clause_guard( + unique int ruby_in_clause: @ruby_in_clause ref, + unique int guard: @ruby_in_clause_guard_type ref +); + +ruby_in_clause_def( + unique int id: @ruby_in_clause, + int pattern: @ruby_underscore_pattern_top_expr_body ref +); + +@ruby_interpolation_child_type = @ruby_token_empty_statement | @ruby_underscore_nonlocal_variable | @ruby_underscore_statement + +#keyset[ruby_interpolation, index] +ruby_interpolation_child( + int ruby_interpolation: @ruby_interpolation ref, + int index: int ref, + unique int child: @ruby_interpolation_child_type ref +); + +ruby_interpolation_def( + unique int id: @ruby_interpolation +); + +ruby_keyword_parameter_value( + unique int ruby_keyword_parameter: @ruby_keyword_parameter ref, + unique int value: @ruby_underscore_arg ref +); + +ruby_keyword_parameter_def( + unique int id: @ruby_keyword_parameter, + int name: @ruby_token_identifier ref +); + +@ruby_keyword_pattern_key_type = @ruby_string__ | @ruby_token_hash_key_symbol + +ruby_keyword_pattern_value( + unique int ruby_keyword_pattern: @ruby_keyword_pattern ref, + unique int value: @ruby_underscore_pattern_expr ref +); + +ruby_keyword_pattern_def( + unique int id: @ruby_keyword_pattern, + int key__: @ruby_keyword_pattern_key_type ref +); + +@ruby_lambda_body_type = @ruby_block | @ruby_do_block + +ruby_lambda_parameters( + unique int ruby_lambda: @ruby_lambda ref, + unique int parameters: @ruby_lambda_parameters ref +); + +ruby_lambda_def( + unique int id: @ruby_lambda, + int body: @ruby_lambda_body_type ref +); + +@ruby_lambda_parameters_child_type = @ruby_block_parameter | @ruby_destructured_parameter | @ruby_hash_splat_parameter | @ruby_keyword_parameter | @ruby_optional_parameter | @ruby_splat_parameter | @ruby_token_forward_parameter | @ruby_token_hash_splat_nil | @ruby_token_identifier + +#keyset[ruby_lambda_parameters, index] +ruby_lambda_parameters_child( + int ruby_lambda_parameters: @ruby_lambda_parameters ref, + int index: int ref, + unique int child: @ruby_lambda_parameters_child_type ref +); + +ruby_lambda_parameters_def( + unique int id: @ruby_lambda_parameters +); + +@ruby_left_assignment_list_child_type = @ruby_destructured_left_assignment | @ruby_rest_assignment | @ruby_underscore_lhs + +#keyset[ruby_left_assignment_list, index] +ruby_left_assignment_list_child( + int ruby_left_assignment_list: @ruby_left_assignment_list ref, + int index: int ref, + unique int child: @ruby_left_assignment_list_child_type ref +); + +ruby_left_assignment_list_def( + unique int id: @ruby_left_assignment_list +); + +ruby_match_pattern_def( + unique int id: @ruby_match_pattern, + int pattern: @ruby_underscore_pattern_top_expr_body ref, + int value: @ruby_underscore_arg ref +); + +@ruby_method_body_type = @ruby_body_statement | @ruby_rescue_modifier | @ruby_underscore_arg + +ruby_method_body( + unique int ruby_method: @ruby_method ref, + unique int body: @ruby_method_body_type ref +); + +ruby_method_parameters( + unique int ruby_method: @ruby_method ref, + unique int parameters: @ruby_method_parameters ref +); + +ruby_method_def( + unique int id: @ruby_method, + int name: @ruby_underscore_method_name ref +); + +@ruby_method_parameters_child_type = @ruby_block_parameter | @ruby_destructured_parameter | @ruby_hash_splat_parameter | @ruby_keyword_parameter | @ruby_optional_parameter | @ruby_splat_parameter | @ruby_token_forward_parameter | @ruby_token_hash_splat_nil | @ruby_token_identifier + +#keyset[ruby_method_parameters, index] +ruby_method_parameters_child( + int ruby_method_parameters: @ruby_method_parameters ref, + int index: int ref, + unique int child: @ruby_method_parameters_child_type ref +); + +ruby_method_parameters_def( + unique int id: @ruby_method_parameters +); + +ruby_module_body( + unique int ruby_module: @ruby_module ref, + unique int body: @ruby_body_statement ref +); + +@ruby_module_name_type = @ruby_scope_resolution | @ruby_token_constant + +ruby_module_def( + unique int id: @ruby_module, + int name: @ruby_module_name_type ref +); + +ruby_next_child( + unique int ruby_next: @ruby_next ref, + unique int child: @ruby_argument_list ref +); + +ruby_next_def( + unique int id: @ruby_next +); + +case @ruby_operator_assignment.operator of + 0 = @ruby_operator_assignment_percentequal +| 1 = @ruby_operator_assignment_ampersandampersandequal +| 2 = @ruby_operator_assignment_ampersandequal +| 3 = @ruby_operator_assignment_starstarequal +| 4 = @ruby_operator_assignment_starequal +| 5 = @ruby_operator_assignment_plusequal +| 6 = @ruby_operator_assignment_minusequal +| 7 = @ruby_operator_assignment_slashequal +| 8 = @ruby_operator_assignment_langlelangleequal +| 9 = @ruby_operator_assignment_ranglerangleequal +| 10 = @ruby_operator_assignment_caretequal +| 11 = @ruby_operator_assignment_pipeequal +| 12 = @ruby_operator_assignment_pipepipeequal +; + + +@ruby_operator_assignment_right_type = @ruby_rescue_modifier | @ruby_underscore_expression + +ruby_operator_assignment_def( + unique int id: @ruby_operator_assignment, + int left: @ruby_underscore_lhs ref, + int operator: int ref, + int right: @ruby_operator_assignment_right_type ref +); + +ruby_optional_parameter_def( + unique int id: @ruby_optional_parameter, + int name: @ruby_token_identifier ref, + int value: @ruby_underscore_arg ref +); + +@ruby_pair_key_type = @ruby_string__ | @ruby_token_hash_key_symbol | @ruby_underscore_arg + +ruby_pair_value( + unique int ruby_pair: @ruby_pair ref, + unique int value: @ruby_underscore_arg ref +); + +ruby_pair_def( + unique int id: @ruby_pair, + int key__: @ruby_pair_key_type ref +); + +ruby_parenthesized_pattern_def( + unique int id: @ruby_parenthesized_pattern, + int child: @ruby_underscore_pattern_expr ref +); + +@ruby_parenthesized_statements_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_parenthesized_statements, index] +ruby_parenthesized_statements_child( + int ruby_parenthesized_statements: @ruby_parenthesized_statements ref, + int index: int ref, + unique int child: @ruby_parenthesized_statements_child_type ref +); + +ruby_parenthesized_statements_def( + unique int id: @ruby_parenthesized_statements +); + +@ruby_pattern_child_type = @ruby_splat_argument | @ruby_underscore_arg + +ruby_pattern_def( + unique int id: @ruby_pattern, + int child: @ruby_pattern_child_type ref +); + +@ruby_program_child_type = @ruby_token_empty_statement | @ruby_token_uninterpreted | @ruby_underscore_statement + +#keyset[ruby_program, index] +ruby_program_child( + int ruby_program: @ruby_program ref, + int index: int ref, + unique int child: @ruby_program_child_type ref +); + +ruby_program_def( + unique int id: @ruby_program +); + +@ruby_range_begin_type = @ruby_underscore_arg | @ruby_underscore_pattern_primitive + +ruby_range_begin( + unique int ruby_range: @ruby_range ref, + unique int begin: @ruby_range_begin_type ref +); + +@ruby_range_end_type = @ruby_underscore_arg | @ruby_underscore_pattern_primitive + +ruby_range_end( + unique int ruby_range: @ruby_range ref, + unique int end: @ruby_range_end_type ref +); + +case @ruby_range.operator of + 0 = @ruby_range_dotdot +| 1 = @ruby_range_dotdotdot +; + + +ruby_range_def( + unique int id: @ruby_range, + int operator: int ref +); + +@ruby_rational_child_type = @ruby_token_float | @ruby_token_integer + +ruby_rational_def( + unique int id: @ruby_rational, + int child: @ruby_rational_child_type ref +); + +ruby_redo_child( + unique int ruby_redo: @ruby_redo ref, + unique int child: @ruby_argument_list ref +); + +ruby_redo_def( + unique int id: @ruby_redo +); + +@ruby_regex_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_regex, index] +ruby_regex_child( + int ruby_regex: @ruby_regex ref, + int index: int ref, + unique int child: @ruby_regex_child_type ref +); + +ruby_regex_def( + unique int id: @ruby_regex +); + +ruby_rescue_body( + unique int ruby_rescue: @ruby_rescue ref, + unique int body: @ruby_then ref +); + +ruby_rescue_exceptions( + unique int ruby_rescue: @ruby_rescue ref, + unique int exceptions: @ruby_exceptions ref +); + +ruby_rescue_variable( + unique int ruby_rescue: @ruby_rescue ref, + unique int variable: @ruby_exception_variable ref +); + +ruby_rescue_def( + unique int id: @ruby_rescue +); + +@ruby_rescue_modifier_body_type = @ruby_underscore_arg | @ruby_underscore_statement + +ruby_rescue_modifier_def( + unique int id: @ruby_rescue_modifier, + int body: @ruby_rescue_modifier_body_type ref, + int handler: @ruby_underscore_expression ref +); + +ruby_rest_assignment_child( + unique int ruby_rest_assignment: @ruby_rest_assignment ref, + unique int child: @ruby_underscore_lhs ref +); + +ruby_rest_assignment_def( + unique int id: @ruby_rest_assignment +); + +ruby_retry_child( + unique int ruby_retry: @ruby_retry ref, + unique int child: @ruby_argument_list ref +); + +ruby_retry_def( + unique int id: @ruby_retry +); + +ruby_return_child( + unique int ruby_return: @ruby_return ref, + unique int child: @ruby_argument_list ref +); + +ruby_return_def( + unique int id: @ruby_return +); + +@ruby_right_assignment_list_child_type = @ruby_splat_argument | @ruby_underscore_arg + +#keyset[ruby_right_assignment_list, index] +ruby_right_assignment_list_child( + int ruby_right_assignment_list: @ruby_right_assignment_list ref, + int index: int ref, + unique int child: @ruby_right_assignment_list_child_type ref +); + +ruby_right_assignment_list_def( + unique int id: @ruby_right_assignment_list +); + +@ruby_scope_resolution_scope_type = @ruby_underscore_pattern_constant | @ruby_underscore_primary + +ruby_scope_resolution_scope( + unique int ruby_scope_resolution: @ruby_scope_resolution ref, + unique int scope: @ruby_scope_resolution_scope_type ref +); + +ruby_scope_resolution_def( + unique int id: @ruby_scope_resolution, + int name: @ruby_token_constant ref +); + +ruby_setter_def( + unique int id: @ruby_setter, + int name: @ruby_token_identifier ref +); + +ruby_singleton_class_body( + unique int ruby_singleton_class: @ruby_singleton_class ref, + unique int body: @ruby_body_statement ref +); + +ruby_singleton_class_def( + unique int id: @ruby_singleton_class, + int value: @ruby_underscore_arg ref +); + +@ruby_singleton_method_body_type = @ruby_body_statement | @ruby_rescue_modifier | @ruby_underscore_arg + +ruby_singleton_method_body( + unique int ruby_singleton_method: @ruby_singleton_method ref, + unique int body: @ruby_singleton_method_body_type ref +); + +@ruby_singleton_method_object_type = @ruby_underscore_arg | @ruby_underscore_variable + +ruby_singleton_method_parameters( + unique int ruby_singleton_method: @ruby_singleton_method ref, + unique int parameters: @ruby_method_parameters ref +); + +ruby_singleton_method_def( + unique int id: @ruby_singleton_method, + int name: @ruby_underscore_method_name ref, + int object: @ruby_singleton_method_object_type ref +); + +ruby_splat_argument_child( + unique int ruby_splat_argument: @ruby_splat_argument ref, + unique int child: @ruby_underscore_arg ref +); + +ruby_splat_argument_def( + unique int id: @ruby_splat_argument +); + +ruby_splat_parameter_name( + unique int ruby_splat_parameter: @ruby_splat_parameter ref, + unique int name: @ruby_token_identifier ref +); + +ruby_splat_parameter_def( + unique int id: @ruby_splat_parameter +); + +@ruby_string_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_string__, index] +ruby_string_child( + int ruby_string__: @ruby_string__ ref, + int index: int ref, + unique int child: @ruby_string_child_type ref +); + +ruby_string_def( + unique int id: @ruby_string__ +); + +#keyset[ruby_string_array, index] +ruby_string_array_child( + int ruby_string_array: @ruby_string_array ref, + int index: int ref, + unique int child: @ruby_bare_string ref +); + +ruby_string_array_def( + unique int id: @ruby_string_array +); + +@ruby_subshell_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_subshell, index] +ruby_subshell_child( + int ruby_subshell: @ruby_subshell ref, + int index: int ref, + unique int child: @ruby_subshell_child_type ref +); + +ruby_subshell_def( + unique int id: @ruby_subshell +); + +ruby_superclass_def( + unique int id: @ruby_superclass, + int child: @ruby_underscore_expression ref +); + +#keyset[ruby_symbol_array, index] +ruby_symbol_array_child( + int ruby_symbol_array: @ruby_symbol_array ref, + int index: int ref, + unique int child: @ruby_bare_symbol ref +); + +ruby_symbol_array_def( + unique int id: @ruby_symbol_array +); + +ruby_test_pattern_def( + unique int id: @ruby_test_pattern, + int pattern: @ruby_underscore_pattern_top_expr_body ref, + int value: @ruby_underscore_arg ref +); + +@ruby_then_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_then, index] +ruby_then_child( + int ruby_then: @ruby_then ref, + int index: int ref, + unique int child: @ruby_then_child_type ref +); + +ruby_then_def( + unique int id: @ruby_then +); + +@ruby_unary_operand_type = @ruby_parenthesized_statements | @ruby_underscore_expression | @ruby_underscore_simple_numeric + +case @ruby_unary.operator of + 0 = @ruby_unary_bang +| 1 = @ruby_unary_plus +| 2 = @ruby_unary_minus +| 3 = @ruby_unary_definedquestion +| 4 = @ruby_unary_not +| 5 = @ruby_unary_tilde +; + + +ruby_unary_def( + unique int id: @ruby_unary, + int operand: @ruby_unary_operand_type ref, + int operator: int ref +); + +#keyset[ruby_undef, index] +ruby_undef_child( + int ruby_undef: @ruby_undef ref, + int index: int ref, + unique int child: @ruby_underscore_method_name ref +); + +ruby_undef_def( + unique int id: @ruby_undef +); + +@ruby_unless_alternative_type = @ruby_else | @ruby_elsif + +ruby_unless_alternative( + unique int ruby_unless: @ruby_unless ref, + unique int alternative: @ruby_unless_alternative_type ref +); + +ruby_unless_consequence( + unique int ruby_unless: @ruby_unless ref, + unique int consequence: @ruby_then ref +); + +ruby_unless_def( + unique int id: @ruby_unless, + int condition: @ruby_underscore_statement ref +); + +ruby_unless_guard_def( + unique int id: @ruby_unless_guard, + int condition: @ruby_underscore_expression ref +); + +ruby_unless_modifier_def( + unique int id: @ruby_unless_modifier, + int body: @ruby_underscore_statement ref, + int condition: @ruby_underscore_expression ref +); + +ruby_until_def( + unique int id: @ruby_until, + int body: @ruby_do ref, + int condition: @ruby_underscore_statement ref +); + +ruby_until_modifier_def( + unique int id: @ruby_until_modifier, + int body: @ruby_underscore_statement ref, + int condition: @ruby_underscore_expression ref +); + +@ruby_variable_reference_pattern_name_type = @ruby_token_identifier | @ruby_underscore_nonlocal_variable + +ruby_variable_reference_pattern_def( + unique int id: @ruby_variable_reference_pattern, + int name: @ruby_variable_reference_pattern_name_type ref +); + +ruby_when_body( + unique int ruby_when: @ruby_when ref, + unique int body: @ruby_then ref +); + +#keyset[ruby_when, index] +ruby_when_pattern( + int ruby_when: @ruby_when ref, + int index: int ref, + unique int pattern: @ruby_pattern ref +); + +ruby_when_def( + unique int id: @ruby_when +); + +ruby_while_def( + unique int id: @ruby_while, + int body: @ruby_do ref, + int condition: @ruby_underscore_statement ref +); + +ruby_while_modifier_def( + unique int id: @ruby_while_modifier, + int body: @ruby_underscore_statement ref, + int condition: @ruby_underscore_expression ref +); + +ruby_yield_child( + unique int ruby_yield: @ruby_yield ref, + unique int child: @ruby_argument_list ref +); + +ruby_yield_def( + unique int id: @ruby_yield +); + +ruby_tokeninfo( + unique int id: @ruby_token, + int kind: int ref, + string value: string ref +); + +case @ruby_token.kind of + 0 = @ruby_reserved_word +| 1 = @ruby_token_character +| 2 = @ruby_token_class_variable +| 3 = @ruby_token_comment +| 4 = @ruby_token_constant +| 5 = @ruby_token_empty_statement +| 6 = @ruby_token_encoding +| 7 = @ruby_token_escape_sequence +| 8 = @ruby_token_false +| 9 = @ruby_token_file +| 10 = @ruby_token_float +| 11 = @ruby_token_forward_argument +| 12 = @ruby_token_forward_parameter +| 13 = @ruby_token_global_variable +| 14 = @ruby_token_hash_key_symbol +| 15 = @ruby_token_hash_splat_nil +| 16 = @ruby_token_heredoc_beginning +| 17 = @ruby_token_heredoc_content +| 18 = @ruby_token_heredoc_end +| 19 = @ruby_token_identifier +| 20 = @ruby_token_instance_variable +| 21 = @ruby_token_integer +| 22 = @ruby_token_line +| 23 = @ruby_token_nil +| 24 = @ruby_token_operator +| 25 = @ruby_token_self +| 26 = @ruby_token_simple_symbol +| 27 = @ruby_token_string_content +| 28 = @ruby_token_super +| 29 = @ruby_token_true +| 30 = @ruby_token_uninterpreted +; + + +@ruby_ast_node = @ruby_alias | @ruby_alternative_pattern | @ruby_argument_list | @ruby_array | @ruby_array_pattern | @ruby_as_pattern | @ruby_assignment | @ruby_bare_string | @ruby_bare_symbol | @ruby_begin | @ruby_begin_block | @ruby_binary | @ruby_block | @ruby_block_argument | @ruby_block_body | @ruby_block_parameter | @ruby_block_parameters | @ruby_body_statement | @ruby_break | @ruby_call | @ruby_case__ | @ruby_case_match | @ruby_chained_string | @ruby_class | @ruby_complex | @ruby_conditional | @ruby_delimited_symbol | @ruby_destructured_left_assignment | @ruby_destructured_parameter | @ruby_do | @ruby_do_block | @ruby_element_reference | @ruby_else | @ruby_elsif | @ruby_end_block | @ruby_ensure | @ruby_exception_variable | @ruby_exceptions | @ruby_expression_reference_pattern | @ruby_find_pattern | @ruby_for | @ruby_hash | @ruby_hash_pattern | @ruby_hash_splat_argument | @ruby_hash_splat_parameter | @ruby_heredoc_body | @ruby_if | @ruby_if_guard | @ruby_if_modifier | @ruby_in | @ruby_in_clause | @ruby_interpolation | @ruby_keyword_parameter | @ruby_keyword_pattern | @ruby_lambda | @ruby_lambda_parameters | @ruby_left_assignment_list | @ruby_match_pattern | @ruby_method | @ruby_method_parameters | @ruby_module | @ruby_next | @ruby_operator_assignment | @ruby_optional_parameter | @ruby_pair | @ruby_parenthesized_pattern | @ruby_parenthesized_statements | @ruby_pattern | @ruby_program | @ruby_range | @ruby_rational | @ruby_redo | @ruby_regex | @ruby_rescue | @ruby_rescue_modifier | @ruby_rest_assignment | @ruby_retry | @ruby_return | @ruby_right_assignment_list | @ruby_scope_resolution | @ruby_setter | @ruby_singleton_class | @ruby_singleton_method | @ruby_splat_argument | @ruby_splat_parameter | @ruby_string__ | @ruby_string_array | @ruby_subshell | @ruby_superclass | @ruby_symbol_array | @ruby_test_pattern | @ruby_then | @ruby_token | @ruby_unary | @ruby_undef | @ruby_unless | @ruby_unless_guard | @ruby_unless_modifier | @ruby_until | @ruby_until_modifier | @ruby_variable_reference_pattern | @ruby_when | @ruby_while | @ruby_while_modifier | @ruby_yield + +@ruby_ast_node_parent = @file | @ruby_ast_node + +#keyset[parent, parent_index] +ruby_ast_node_info( + unique int node: @ruby_ast_node ref, + int parent: @ruby_ast_node_parent ref, + int parent_index: int ref, + int loc: @location ref +); + +erb_comment_directive_child( + unique int erb_comment_directive: @erb_comment_directive ref, + unique int child: @erb_token_comment ref +); + +erb_comment_directive_def( + unique int id: @erb_comment_directive +); + +erb_directive_child( + unique int erb_directive: @erb_directive ref, + unique int child: @erb_token_code ref +); + +erb_directive_def( + unique int id: @erb_directive +); + +erb_graphql_directive_child( + unique int erb_graphql_directive: @erb_graphql_directive ref, + unique int child: @erb_token_code ref +); + +erb_graphql_directive_def( + unique int id: @erb_graphql_directive +); + +erb_output_directive_child( + unique int erb_output_directive: @erb_output_directive ref, + unique int child: @erb_token_code ref +); + +erb_output_directive_def( + unique int id: @erb_output_directive +); + +@erb_template_child_type = @erb_comment_directive | @erb_directive | @erb_graphql_directive | @erb_output_directive | @erb_token_content + +#keyset[erb_template, index] +erb_template_child( + int erb_template: @erb_template ref, + int index: int ref, + unique int child: @erb_template_child_type ref +); + +erb_template_def( + unique int id: @erb_template +); + +erb_tokeninfo( + unique int id: @erb_token, + int kind: int ref, + string value: string ref +); + +case @erb_token.kind of + 0 = @erb_reserved_word +| 1 = @erb_token_code +| 2 = @erb_token_comment +| 3 = @erb_token_content +; + + +@erb_ast_node = @erb_comment_directive | @erb_directive | @erb_graphql_directive | @erb_output_directive | @erb_template | @erb_token + +@erb_ast_node_parent = @erb_ast_node | @file + +#keyset[parent, parent_index] +erb_ast_node_info( + unique int node: @erb_ast_node ref, + int parent: @erb_ast_node_parent ref, + int parent_index: int ref, + int loc: @location ref +); + diff --git a/ruby/downgrades/f9f0f4023e433184fda76f595247bf448b782135/upgrade.properties b/ruby/downgrades/f9f0f4023e433184fda76f595247bf448b782135/upgrade.properties new file mode 100644 index 00000000000..7b75d5de56a --- /dev/null +++ b/ruby/downgrades/f9f0f4023e433184fda76f595247bf448b782135/upgrade.properties @@ -0,0 +1,2 @@ +description: Sync dbscheme fragments +compatibility: full diff --git a/ruby/ql/lib/upgrades/ff289788b1552e32078788baa27152cc95b68f77/old.dbscheme b/ruby/ql/lib/upgrades/ff289788b1552e32078788baa27152cc95b68f77/old.dbscheme new file mode 100644 index 00000000000..ff289788b15 --- /dev/null +++ b/ruby/ql/lib/upgrades/ff289788b1552e32078788baa27152cc95b68f77/old.dbscheme @@ -0,0 +1,1455 @@ +// CodeQL database schema for Ruby +// Automatically generated from the tree-sitter grammar; do not edit + +@location = @location_default + +locations_default( + unique int id: @location_default, + int file: @file ref, + int start_line: int ref, + int start_column: int ref, + int end_line: int ref, + int end_column: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +sourceLocationPrefix( + string prefix: string ref +); + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +case @diagnostic.severity of + 10 = @diagnostic_debug +| 20 = @diagnostic_info +| 30 = @diagnostic_warning +| 40 = @diagnostic_error +; + + +@ruby_underscore_arg = @ruby_assignment | @ruby_binary | @ruby_conditional | @ruby_operator_assignment | @ruby_range | @ruby_unary | @ruby_underscore_primary + +@ruby_underscore_call_operator = @ruby_reserved_word + +@ruby_underscore_expression = @ruby_assignment | @ruby_binary | @ruby_break | @ruby_call | @ruby_match_pattern | @ruby_next | @ruby_operator_assignment | @ruby_return | @ruby_test_pattern | @ruby_unary | @ruby_underscore_arg | @ruby_yield + +@ruby_underscore_lhs = @ruby_call | @ruby_element_reference | @ruby_scope_resolution | @ruby_token_false | @ruby_token_nil | @ruby_token_true | @ruby_underscore_variable + +@ruby_underscore_method_name = @ruby_delimited_symbol | @ruby_setter | @ruby_token_constant | @ruby_token_identifier | @ruby_token_operator | @ruby_token_simple_symbol | @ruby_underscore_nonlocal_variable + +@ruby_underscore_nonlocal_variable = @ruby_token_class_variable | @ruby_token_global_variable | @ruby_token_instance_variable + +@ruby_underscore_pattern_constant = @ruby_scope_resolution | @ruby_token_constant + +@ruby_underscore_pattern_expr = @ruby_alternative_pattern | @ruby_as_pattern | @ruby_underscore_pattern_expr_basic + +@ruby_underscore_pattern_expr_basic = @ruby_array_pattern | @ruby_expression_reference_pattern | @ruby_find_pattern | @ruby_hash_pattern | @ruby_parenthesized_pattern | @ruby_range | @ruby_token_identifier | @ruby_underscore_pattern_constant | @ruby_underscore_pattern_primitive | @ruby_variable_reference_pattern + +@ruby_underscore_pattern_primitive = @ruby_delimited_symbol | @ruby_lambda | @ruby_regex | @ruby_string__ | @ruby_string_array | @ruby_subshell | @ruby_symbol_array | @ruby_token_encoding | @ruby_token_false | @ruby_token_file | @ruby_token_heredoc_beginning | @ruby_token_line | @ruby_token_nil | @ruby_token_self | @ruby_token_simple_symbol | @ruby_token_true | @ruby_unary | @ruby_underscore_simple_numeric + +@ruby_underscore_pattern_top_expr_body = @ruby_array_pattern | @ruby_find_pattern | @ruby_hash_pattern | @ruby_underscore_pattern_expr + +@ruby_underscore_primary = @ruby_array | @ruby_begin | @ruby_break | @ruby_call | @ruby_case__ | @ruby_case_match | @ruby_chained_string | @ruby_class | @ruby_delimited_symbol | @ruby_for | @ruby_hash | @ruby_if | @ruby_lambda | @ruby_method | @ruby_module | @ruby_next | @ruby_parenthesized_statements | @ruby_redo | @ruby_regex | @ruby_retry | @ruby_return | @ruby_singleton_class | @ruby_singleton_method | @ruby_string__ | @ruby_string_array | @ruby_subshell | @ruby_symbol_array | @ruby_token_character | @ruby_token_heredoc_beginning | @ruby_token_simple_symbol | @ruby_unary | @ruby_underscore_lhs | @ruby_underscore_simple_numeric | @ruby_unless | @ruby_until | @ruby_while | @ruby_yield + +@ruby_underscore_simple_numeric = @ruby_complex | @ruby_rational | @ruby_token_float | @ruby_token_integer + +@ruby_underscore_statement = @ruby_alias | @ruby_begin_block | @ruby_end_block | @ruby_if_modifier | @ruby_rescue_modifier | @ruby_undef | @ruby_underscore_expression | @ruby_unless_modifier | @ruby_until_modifier | @ruby_while_modifier + +@ruby_underscore_variable = @ruby_token_constant | @ruby_token_identifier | @ruby_token_self | @ruby_token_super | @ruby_underscore_nonlocal_variable + +ruby_alias_def( + unique int id: @ruby_alias, + int alias: @ruby_underscore_method_name ref, + int name: @ruby_underscore_method_name ref +); + +#keyset[ruby_alternative_pattern, index] +ruby_alternative_pattern_alternatives( + int ruby_alternative_pattern: @ruby_alternative_pattern ref, + int index: int ref, + unique int alternatives: @ruby_underscore_pattern_expr_basic ref +); + +ruby_alternative_pattern_def( + unique int id: @ruby_alternative_pattern +); + +@ruby_argument_list_child_type = @ruby_block_argument | @ruby_hash_splat_argument | @ruby_pair | @ruby_splat_argument | @ruby_token_forward_argument | @ruby_underscore_expression + +#keyset[ruby_argument_list, index] +ruby_argument_list_child( + int ruby_argument_list: @ruby_argument_list ref, + int index: int ref, + unique int child: @ruby_argument_list_child_type ref +); + +ruby_argument_list_def( + unique int id: @ruby_argument_list +); + +@ruby_array_child_type = @ruby_block_argument | @ruby_hash_splat_argument | @ruby_pair | @ruby_splat_argument | @ruby_token_forward_argument | @ruby_underscore_expression + +#keyset[ruby_array, index] +ruby_array_child( + int ruby_array: @ruby_array ref, + int index: int ref, + unique int child: @ruby_array_child_type ref +); + +ruby_array_def( + unique int id: @ruby_array +); + +ruby_array_pattern_class( + unique int ruby_array_pattern: @ruby_array_pattern ref, + unique int class: @ruby_underscore_pattern_constant ref +); + +@ruby_array_pattern_child_type = @ruby_splat_parameter | @ruby_underscore_pattern_expr + +#keyset[ruby_array_pattern, index] +ruby_array_pattern_child( + int ruby_array_pattern: @ruby_array_pattern ref, + int index: int ref, + unique int child: @ruby_array_pattern_child_type ref +); + +ruby_array_pattern_def( + unique int id: @ruby_array_pattern +); + +ruby_as_pattern_def( + unique int id: @ruby_as_pattern, + int name: @ruby_token_identifier ref, + int value: @ruby_underscore_pattern_expr ref +); + +@ruby_assignment_left_type = @ruby_left_assignment_list | @ruby_underscore_lhs + +@ruby_assignment_right_type = @ruby_rescue_modifier | @ruby_right_assignment_list | @ruby_splat_argument | @ruby_underscore_expression + +ruby_assignment_def( + unique int id: @ruby_assignment, + int left: @ruby_assignment_left_type ref, + int right: @ruby_assignment_right_type ref +); + +@ruby_bare_string_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_bare_string, index] +ruby_bare_string_child( + int ruby_bare_string: @ruby_bare_string ref, + int index: int ref, + unique int child: @ruby_bare_string_child_type ref +); + +ruby_bare_string_def( + unique int id: @ruby_bare_string +); + +@ruby_bare_symbol_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_bare_symbol, index] +ruby_bare_symbol_child( + int ruby_bare_symbol: @ruby_bare_symbol ref, + int index: int ref, + unique int child: @ruby_bare_symbol_child_type ref +); + +ruby_bare_symbol_def( + unique int id: @ruby_bare_symbol +); + +@ruby_begin_child_type = @ruby_else | @ruby_ensure | @ruby_rescue | @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_begin, index] +ruby_begin_child( + int ruby_begin: @ruby_begin ref, + int index: int ref, + unique int child: @ruby_begin_child_type ref +); + +ruby_begin_def( + unique int id: @ruby_begin +); + +@ruby_begin_block_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_begin_block, index] +ruby_begin_block_child( + int ruby_begin_block: @ruby_begin_block ref, + int index: int ref, + unique int child: @ruby_begin_block_child_type ref +); + +ruby_begin_block_def( + unique int id: @ruby_begin_block +); + +@ruby_binary_left_type = @ruby_underscore_expression | @ruby_underscore_simple_numeric + +case @ruby_binary.operator of + 0 = @ruby_binary_bangequal +| 1 = @ruby_binary_bangtilde +| 2 = @ruby_binary_percent +| 3 = @ruby_binary_ampersand +| 4 = @ruby_binary_ampersandampersand +| 5 = @ruby_binary_star +| 6 = @ruby_binary_starstar +| 7 = @ruby_binary_plus +| 8 = @ruby_binary_minus +| 9 = @ruby_binary_slash +| 10 = @ruby_binary_langle +| 11 = @ruby_binary_langlelangle +| 12 = @ruby_binary_langleequal +| 13 = @ruby_binary_langleequalrangle +| 14 = @ruby_binary_equalequal +| 15 = @ruby_binary_equalequalequal +| 16 = @ruby_binary_equaltilde +| 17 = @ruby_binary_rangle +| 18 = @ruby_binary_rangleequal +| 19 = @ruby_binary_ranglerangle +| 20 = @ruby_binary_caret +| 21 = @ruby_binary_and +| 22 = @ruby_binary_or +| 23 = @ruby_binary_pipe +| 24 = @ruby_binary_pipepipe +; + + +ruby_binary_def( + unique int id: @ruby_binary, + int left: @ruby_binary_left_type ref, + int operator: int ref, + int right: @ruby_underscore_expression ref +); + +ruby_block_body( + unique int ruby_block: @ruby_block ref, + unique int body: @ruby_block_body ref +); + +ruby_block_parameters( + unique int ruby_block: @ruby_block ref, + unique int parameters: @ruby_block_parameters ref +); + +ruby_block_def( + unique int id: @ruby_block +); + +ruby_block_argument_child( + unique int ruby_block_argument: @ruby_block_argument ref, + unique int child: @ruby_underscore_arg ref +); + +ruby_block_argument_def( + unique int id: @ruby_block_argument +); + +@ruby_block_body_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_block_body, index] +ruby_block_body_child( + int ruby_block_body: @ruby_block_body ref, + int index: int ref, + unique int child: @ruby_block_body_child_type ref +); + +ruby_block_body_def( + unique int id: @ruby_block_body +); + +ruby_block_parameter_name( + unique int ruby_block_parameter: @ruby_block_parameter ref, + unique int name: @ruby_token_identifier ref +); + +ruby_block_parameter_def( + unique int id: @ruby_block_parameter +); + +#keyset[ruby_block_parameters, index] +ruby_block_parameters_locals( + int ruby_block_parameters: @ruby_block_parameters ref, + int index: int ref, + unique int locals: @ruby_token_identifier ref +); + +@ruby_block_parameters_child_type = @ruby_block_parameter | @ruby_destructured_parameter | @ruby_hash_splat_parameter | @ruby_keyword_parameter | @ruby_optional_parameter | @ruby_splat_parameter | @ruby_token_forward_parameter | @ruby_token_hash_splat_nil | @ruby_token_identifier + +#keyset[ruby_block_parameters, index] +ruby_block_parameters_child( + int ruby_block_parameters: @ruby_block_parameters ref, + int index: int ref, + unique int child: @ruby_block_parameters_child_type ref +); + +ruby_block_parameters_def( + unique int id: @ruby_block_parameters +); + +@ruby_body_statement_child_type = @ruby_else | @ruby_ensure | @ruby_rescue | @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_body_statement, index] +ruby_body_statement_child( + int ruby_body_statement: @ruby_body_statement ref, + int index: int ref, + unique int child: @ruby_body_statement_child_type ref +); + +ruby_body_statement_def( + unique int id: @ruby_body_statement +); + +ruby_break_child( + unique int ruby_break: @ruby_break ref, + unique int child: @ruby_argument_list ref +); + +ruby_break_def( + unique int id: @ruby_break +); + +ruby_call_arguments( + unique int ruby_call: @ruby_call ref, + unique int arguments: @ruby_argument_list ref +); + +@ruby_call_block_type = @ruby_block | @ruby_do_block + +ruby_call_block( + unique int ruby_call: @ruby_call ref, + unique int block: @ruby_call_block_type ref +); + +@ruby_call_method_type = @ruby_token_operator | @ruby_underscore_variable + +ruby_call_method( + unique int ruby_call: @ruby_call ref, + unique int method: @ruby_call_method_type ref +); + +ruby_call_operator( + unique int ruby_call: @ruby_call ref, + unique int operator: @ruby_underscore_call_operator ref +); + +ruby_call_receiver( + unique int ruby_call: @ruby_call ref, + unique int receiver: @ruby_underscore_primary ref +); + +ruby_call_def( + unique int id: @ruby_call +); + +ruby_case_value( + unique int ruby_case__: @ruby_case__ ref, + unique int value: @ruby_underscore_statement ref +); + +@ruby_case_child_type = @ruby_else | @ruby_when + +#keyset[ruby_case__, index] +ruby_case_child( + int ruby_case__: @ruby_case__ ref, + int index: int ref, + unique int child: @ruby_case_child_type ref +); + +ruby_case_def( + unique int id: @ruby_case__ +); + +#keyset[ruby_case_match, index] +ruby_case_match_clauses( + int ruby_case_match: @ruby_case_match ref, + int index: int ref, + unique int clauses: @ruby_in_clause ref +); + +ruby_case_match_else( + unique int ruby_case_match: @ruby_case_match ref, + unique int else: @ruby_else ref +); + +ruby_case_match_def( + unique int id: @ruby_case_match, + int value: @ruby_underscore_statement ref +); + +#keyset[ruby_chained_string, index] +ruby_chained_string_child( + int ruby_chained_string: @ruby_chained_string ref, + int index: int ref, + unique int child: @ruby_string__ ref +); + +ruby_chained_string_def( + unique int id: @ruby_chained_string +); + +ruby_class_body( + unique int ruby_class: @ruby_class ref, + unique int body: @ruby_body_statement ref +); + +@ruby_class_name_type = @ruby_scope_resolution | @ruby_token_constant + +ruby_class_superclass( + unique int ruby_class: @ruby_class ref, + unique int superclass: @ruby_superclass ref +); + +ruby_class_def( + unique int id: @ruby_class, + int name: @ruby_class_name_type ref +); + +@ruby_complex_child_type = @ruby_rational | @ruby_token_float | @ruby_token_integer + +ruby_complex_def( + unique int id: @ruby_complex, + int child: @ruby_complex_child_type ref +); + +ruby_conditional_def( + unique int id: @ruby_conditional, + int alternative: @ruby_underscore_arg ref, + int condition: @ruby_underscore_arg ref, + int consequence: @ruby_underscore_arg ref +); + +@ruby_delimited_symbol_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_delimited_symbol, index] +ruby_delimited_symbol_child( + int ruby_delimited_symbol: @ruby_delimited_symbol ref, + int index: int ref, + unique int child: @ruby_delimited_symbol_child_type ref +); + +ruby_delimited_symbol_def( + unique int id: @ruby_delimited_symbol +); + +@ruby_destructured_left_assignment_child_type = @ruby_destructured_left_assignment | @ruby_rest_assignment | @ruby_underscore_lhs + +#keyset[ruby_destructured_left_assignment, index] +ruby_destructured_left_assignment_child( + int ruby_destructured_left_assignment: @ruby_destructured_left_assignment ref, + int index: int ref, + unique int child: @ruby_destructured_left_assignment_child_type ref +); + +ruby_destructured_left_assignment_def( + unique int id: @ruby_destructured_left_assignment +); + +@ruby_destructured_parameter_child_type = @ruby_block_parameter | @ruby_destructured_parameter | @ruby_hash_splat_parameter | @ruby_keyword_parameter | @ruby_optional_parameter | @ruby_splat_parameter | @ruby_token_forward_parameter | @ruby_token_hash_splat_nil | @ruby_token_identifier + +#keyset[ruby_destructured_parameter, index] +ruby_destructured_parameter_child( + int ruby_destructured_parameter: @ruby_destructured_parameter ref, + int index: int ref, + unique int child: @ruby_destructured_parameter_child_type ref +); + +ruby_destructured_parameter_def( + unique int id: @ruby_destructured_parameter +); + +@ruby_do_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_do, index] +ruby_do_child( + int ruby_do: @ruby_do ref, + int index: int ref, + unique int child: @ruby_do_child_type ref +); + +ruby_do_def( + unique int id: @ruby_do +); + +ruby_do_block_body( + unique int ruby_do_block: @ruby_do_block ref, + unique int body: @ruby_body_statement ref +); + +ruby_do_block_parameters( + unique int ruby_do_block: @ruby_do_block ref, + unique int parameters: @ruby_block_parameters ref +); + +ruby_do_block_def( + unique int id: @ruby_do_block +); + +@ruby_element_reference_child_type = @ruby_block_argument | @ruby_hash_splat_argument | @ruby_pair | @ruby_splat_argument | @ruby_token_forward_argument | @ruby_underscore_expression + +#keyset[ruby_element_reference, index] +ruby_element_reference_child( + int ruby_element_reference: @ruby_element_reference ref, + int index: int ref, + unique int child: @ruby_element_reference_child_type ref +); + +ruby_element_reference_def( + unique int id: @ruby_element_reference, + int object: @ruby_underscore_primary ref +); + +@ruby_else_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_else, index] +ruby_else_child( + int ruby_else: @ruby_else ref, + int index: int ref, + unique int child: @ruby_else_child_type ref +); + +ruby_else_def( + unique int id: @ruby_else +); + +@ruby_elsif_alternative_type = @ruby_else | @ruby_elsif + +ruby_elsif_alternative( + unique int ruby_elsif: @ruby_elsif ref, + unique int alternative: @ruby_elsif_alternative_type ref +); + +ruby_elsif_consequence( + unique int ruby_elsif: @ruby_elsif ref, + unique int consequence: @ruby_then ref +); + +ruby_elsif_def( + unique int id: @ruby_elsif, + int condition: @ruby_underscore_statement ref +); + +@ruby_end_block_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_end_block, index] +ruby_end_block_child( + int ruby_end_block: @ruby_end_block ref, + int index: int ref, + unique int child: @ruby_end_block_child_type ref +); + +ruby_end_block_def( + unique int id: @ruby_end_block +); + +@ruby_ensure_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_ensure, index] +ruby_ensure_child( + int ruby_ensure: @ruby_ensure ref, + int index: int ref, + unique int child: @ruby_ensure_child_type ref +); + +ruby_ensure_def( + unique int id: @ruby_ensure +); + +ruby_exception_variable_def( + unique int id: @ruby_exception_variable, + int child: @ruby_underscore_lhs ref +); + +@ruby_exceptions_child_type = @ruby_splat_argument | @ruby_underscore_arg + +#keyset[ruby_exceptions, index] +ruby_exceptions_child( + int ruby_exceptions: @ruby_exceptions ref, + int index: int ref, + unique int child: @ruby_exceptions_child_type ref +); + +ruby_exceptions_def( + unique int id: @ruby_exceptions +); + +ruby_expression_reference_pattern_def( + unique int id: @ruby_expression_reference_pattern, + int value: @ruby_underscore_expression ref +); + +ruby_find_pattern_class( + unique int ruby_find_pattern: @ruby_find_pattern ref, + unique int class: @ruby_underscore_pattern_constant ref +); + +@ruby_find_pattern_child_type = @ruby_splat_parameter | @ruby_underscore_pattern_expr + +#keyset[ruby_find_pattern, index] +ruby_find_pattern_child( + int ruby_find_pattern: @ruby_find_pattern ref, + int index: int ref, + unique int child: @ruby_find_pattern_child_type ref +); + +ruby_find_pattern_def( + unique int id: @ruby_find_pattern +); + +@ruby_for_pattern_type = @ruby_left_assignment_list | @ruby_underscore_lhs + +ruby_for_def( + unique int id: @ruby_for, + int body: @ruby_do ref, + int pattern: @ruby_for_pattern_type ref, + int value: @ruby_in ref +); + +@ruby_hash_child_type = @ruby_hash_splat_argument | @ruby_pair + +#keyset[ruby_hash, index] +ruby_hash_child( + int ruby_hash: @ruby_hash ref, + int index: int ref, + unique int child: @ruby_hash_child_type ref +); + +ruby_hash_def( + unique int id: @ruby_hash +); + +ruby_hash_pattern_class( + unique int ruby_hash_pattern: @ruby_hash_pattern ref, + unique int class: @ruby_underscore_pattern_constant ref +); + +@ruby_hash_pattern_child_type = @ruby_hash_splat_parameter | @ruby_keyword_pattern | @ruby_token_hash_splat_nil + +#keyset[ruby_hash_pattern, index] +ruby_hash_pattern_child( + int ruby_hash_pattern: @ruby_hash_pattern ref, + int index: int ref, + unique int child: @ruby_hash_pattern_child_type ref +); + +ruby_hash_pattern_def( + unique int id: @ruby_hash_pattern +); + +ruby_hash_splat_argument_child( + unique int ruby_hash_splat_argument: @ruby_hash_splat_argument ref, + unique int child: @ruby_underscore_arg ref +); + +ruby_hash_splat_argument_def( + unique int id: @ruby_hash_splat_argument +); + +ruby_hash_splat_parameter_name( + unique int ruby_hash_splat_parameter: @ruby_hash_splat_parameter ref, + unique int name: @ruby_token_identifier ref +); + +ruby_hash_splat_parameter_def( + unique int id: @ruby_hash_splat_parameter +); + +@ruby_heredoc_body_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_heredoc_content | @ruby_token_heredoc_end + +#keyset[ruby_heredoc_body, index] +ruby_heredoc_body_child( + int ruby_heredoc_body: @ruby_heredoc_body ref, + int index: int ref, + unique int child: @ruby_heredoc_body_child_type ref +); + +ruby_heredoc_body_def( + unique int id: @ruby_heredoc_body +); + +@ruby_if_alternative_type = @ruby_else | @ruby_elsif + +ruby_if_alternative( + unique int ruby_if: @ruby_if ref, + unique int alternative: @ruby_if_alternative_type ref +); + +ruby_if_consequence( + unique int ruby_if: @ruby_if ref, + unique int consequence: @ruby_then ref +); + +ruby_if_def( + unique int id: @ruby_if, + int condition: @ruby_underscore_statement ref +); + +ruby_if_guard_def( + unique int id: @ruby_if_guard, + int condition: @ruby_underscore_expression ref +); + +ruby_if_modifier_def( + unique int id: @ruby_if_modifier, + int body: @ruby_underscore_statement ref, + int condition: @ruby_underscore_expression ref +); + +ruby_in_def( + unique int id: @ruby_in, + int child: @ruby_underscore_arg ref +); + +ruby_in_clause_body( + unique int ruby_in_clause: @ruby_in_clause ref, + unique int body: @ruby_then ref +); + +@ruby_in_clause_guard_type = @ruby_if_guard | @ruby_unless_guard + +ruby_in_clause_guard( + unique int ruby_in_clause: @ruby_in_clause ref, + unique int guard: @ruby_in_clause_guard_type ref +); + +ruby_in_clause_def( + unique int id: @ruby_in_clause, + int pattern: @ruby_underscore_pattern_top_expr_body ref +); + +@ruby_interpolation_child_type = @ruby_token_empty_statement | @ruby_underscore_nonlocal_variable | @ruby_underscore_statement + +#keyset[ruby_interpolation, index] +ruby_interpolation_child( + int ruby_interpolation: @ruby_interpolation ref, + int index: int ref, + unique int child: @ruby_interpolation_child_type ref +); + +ruby_interpolation_def( + unique int id: @ruby_interpolation +); + +ruby_keyword_parameter_value( + unique int ruby_keyword_parameter: @ruby_keyword_parameter ref, + unique int value: @ruby_underscore_arg ref +); + +ruby_keyword_parameter_def( + unique int id: @ruby_keyword_parameter, + int name: @ruby_token_identifier ref +); + +@ruby_keyword_pattern_key_type = @ruby_string__ | @ruby_token_hash_key_symbol + +ruby_keyword_pattern_value( + unique int ruby_keyword_pattern: @ruby_keyword_pattern ref, + unique int value: @ruby_underscore_pattern_expr ref +); + +ruby_keyword_pattern_def( + unique int id: @ruby_keyword_pattern, + int key__: @ruby_keyword_pattern_key_type ref +); + +@ruby_lambda_body_type = @ruby_block | @ruby_do_block + +ruby_lambda_parameters( + unique int ruby_lambda: @ruby_lambda ref, + unique int parameters: @ruby_lambda_parameters ref +); + +ruby_lambda_def( + unique int id: @ruby_lambda, + int body: @ruby_lambda_body_type ref +); + +@ruby_lambda_parameters_child_type = @ruby_block_parameter | @ruby_destructured_parameter | @ruby_hash_splat_parameter | @ruby_keyword_parameter | @ruby_optional_parameter | @ruby_splat_parameter | @ruby_token_forward_parameter | @ruby_token_hash_splat_nil | @ruby_token_identifier + +#keyset[ruby_lambda_parameters, index] +ruby_lambda_parameters_child( + int ruby_lambda_parameters: @ruby_lambda_parameters ref, + int index: int ref, + unique int child: @ruby_lambda_parameters_child_type ref +); + +ruby_lambda_parameters_def( + unique int id: @ruby_lambda_parameters +); + +@ruby_left_assignment_list_child_type = @ruby_destructured_left_assignment | @ruby_rest_assignment | @ruby_underscore_lhs + +#keyset[ruby_left_assignment_list, index] +ruby_left_assignment_list_child( + int ruby_left_assignment_list: @ruby_left_assignment_list ref, + int index: int ref, + unique int child: @ruby_left_assignment_list_child_type ref +); + +ruby_left_assignment_list_def( + unique int id: @ruby_left_assignment_list +); + +ruby_match_pattern_def( + unique int id: @ruby_match_pattern, + int pattern: @ruby_underscore_pattern_top_expr_body ref, + int value: @ruby_underscore_arg ref +); + +@ruby_method_body_type = @ruby_body_statement | @ruby_rescue_modifier | @ruby_underscore_arg + +ruby_method_body( + unique int ruby_method: @ruby_method ref, + unique int body: @ruby_method_body_type ref +); + +ruby_method_parameters( + unique int ruby_method: @ruby_method ref, + unique int parameters: @ruby_method_parameters ref +); + +ruby_method_def( + unique int id: @ruby_method, + int name: @ruby_underscore_method_name ref +); + +@ruby_method_parameters_child_type = @ruby_block_parameter | @ruby_destructured_parameter | @ruby_hash_splat_parameter | @ruby_keyword_parameter | @ruby_optional_parameter | @ruby_splat_parameter | @ruby_token_forward_parameter | @ruby_token_hash_splat_nil | @ruby_token_identifier + +#keyset[ruby_method_parameters, index] +ruby_method_parameters_child( + int ruby_method_parameters: @ruby_method_parameters ref, + int index: int ref, + unique int child: @ruby_method_parameters_child_type ref +); + +ruby_method_parameters_def( + unique int id: @ruby_method_parameters +); + +ruby_module_body( + unique int ruby_module: @ruby_module ref, + unique int body: @ruby_body_statement ref +); + +@ruby_module_name_type = @ruby_scope_resolution | @ruby_token_constant + +ruby_module_def( + unique int id: @ruby_module, + int name: @ruby_module_name_type ref +); + +ruby_next_child( + unique int ruby_next: @ruby_next ref, + unique int child: @ruby_argument_list ref +); + +ruby_next_def( + unique int id: @ruby_next +); + +case @ruby_operator_assignment.operator of + 0 = @ruby_operator_assignment_percentequal +| 1 = @ruby_operator_assignment_ampersandampersandequal +| 2 = @ruby_operator_assignment_ampersandequal +| 3 = @ruby_operator_assignment_starstarequal +| 4 = @ruby_operator_assignment_starequal +| 5 = @ruby_operator_assignment_plusequal +| 6 = @ruby_operator_assignment_minusequal +| 7 = @ruby_operator_assignment_slashequal +| 8 = @ruby_operator_assignment_langlelangleequal +| 9 = @ruby_operator_assignment_ranglerangleequal +| 10 = @ruby_operator_assignment_caretequal +| 11 = @ruby_operator_assignment_pipeequal +| 12 = @ruby_operator_assignment_pipepipeequal +; + + +@ruby_operator_assignment_right_type = @ruby_rescue_modifier | @ruby_underscore_expression + +ruby_operator_assignment_def( + unique int id: @ruby_operator_assignment, + int left: @ruby_underscore_lhs ref, + int operator: int ref, + int right: @ruby_operator_assignment_right_type ref +); + +ruby_optional_parameter_def( + unique int id: @ruby_optional_parameter, + int name: @ruby_token_identifier ref, + int value: @ruby_underscore_arg ref +); + +@ruby_pair_key_type = @ruby_string__ | @ruby_token_hash_key_symbol | @ruby_underscore_arg + +ruby_pair_value( + unique int ruby_pair: @ruby_pair ref, + unique int value: @ruby_underscore_arg ref +); + +ruby_pair_def( + unique int id: @ruby_pair, + int key__: @ruby_pair_key_type ref +); + +ruby_parenthesized_pattern_def( + unique int id: @ruby_parenthesized_pattern, + int child: @ruby_underscore_pattern_expr ref +); + +@ruby_parenthesized_statements_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_parenthesized_statements, index] +ruby_parenthesized_statements_child( + int ruby_parenthesized_statements: @ruby_parenthesized_statements ref, + int index: int ref, + unique int child: @ruby_parenthesized_statements_child_type ref +); + +ruby_parenthesized_statements_def( + unique int id: @ruby_parenthesized_statements +); + +@ruby_pattern_child_type = @ruby_splat_argument | @ruby_underscore_arg + +ruby_pattern_def( + unique int id: @ruby_pattern, + int child: @ruby_pattern_child_type ref +); + +@ruby_program_child_type = @ruby_token_empty_statement | @ruby_token_uninterpreted | @ruby_underscore_statement + +#keyset[ruby_program, index] +ruby_program_child( + int ruby_program: @ruby_program ref, + int index: int ref, + unique int child: @ruby_program_child_type ref +); + +ruby_program_def( + unique int id: @ruby_program +); + +@ruby_range_begin_type = @ruby_underscore_arg | @ruby_underscore_pattern_primitive + +ruby_range_begin( + unique int ruby_range: @ruby_range ref, + unique int begin: @ruby_range_begin_type ref +); + +@ruby_range_end_type = @ruby_underscore_arg | @ruby_underscore_pattern_primitive + +ruby_range_end( + unique int ruby_range: @ruby_range ref, + unique int end: @ruby_range_end_type ref +); + +case @ruby_range.operator of + 0 = @ruby_range_dotdot +| 1 = @ruby_range_dotdotdot +; + + +ruby_range_def( + unique int id: @ruby_range, + int operator: int ref +); + +@ruby_rational_child_type = @ruby_token_float | @ruby_token_integer + +ruby_rational_def( + unique int id: @ruby_rational, + int child: @ruby_rational_child_type ref +); + +ruby_redo_child( + unique int ruby_redo: @ruby_redo ref, + unique int child: @ruby_argument_list ref +); + +ruby_redo_def( + unique int id: @ruby_redo +); + +@ruby_regex_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_regex, index] +ruby_regex_child( + int ruby_regex: @ruby_regex ref, + int index: int ref, + unique int child: @ruby_regex_child_type ref +); + +ruby_regex_def( + unique int id: @ruby_regex +); + +ruby_rescue_body( + unique int ruby_rescue: @ruby_rescue ref, + unique int body: @ruby_then ref +); + +ruby_rescue_exceptions( + unique int ruby_rescue: @ruby_rescue ref, + unique int exceptions: @ruby_exceptions ref +); + +ruby_rescue_variable( + unique int ruby_rescue: @ruby_rescue ref, + unique int variable: @ruby_exception_variable ref +); + +ruby_rescue_def( + unique int id: @ruby_rescue +); + +@ruby_rescue_modifier_body_type = @ruby_underscore_arg | @ruby_underscore_statement + +ruby_rescue_modifier_def( + unique int id: @ruby_rescue_modifier, + int body: @ruby_rescue_modifier_body_type ref, + int handler: @ruby_underscore_expression ref +); + +ruby_rest_assignment_child( + unique int ruby_rest_assignment: @ruby_rest_assignment ref, + unique int child: @ruby_underscore_lhs ref +); + +ruby_rest_assignment_def( + unique int id: @ruby_rest_assignment +); + +ruby_retry_child( + unique int ruby_retry: @ruby_retry ref, + unique int child: @ruby_argument_list ref +); + +ruby_retry_def( + unique int id: @ruby_retry +); + +ruby_return_child( + unique int ruby_return: @ruby_return ref, + unique int child: @ruby_argument_list ref +); + +ruby_return_def( + unique int id: @ruby_return +); + +@ruby_right_assignment_list_child_type = @ruby_splat_argument | @ruby_underscore_arg + +#keyset[ruby_right_assignment_list, index] +ruby_right_assignment_list_child( + int ruby_right_assignment_list: @ruby_right_assignment_list ref, + int index: int ref, + unique int child: @ruby_right_assignment_list_child_type ref +); + +ruby_right_assignment_list_def( + unique int id: @ruby_right_assignment_list +); + +@ruby_scope_resolution_scope_type = @ruby_underscore_pattern_constant | @ruby_underscore_primary + +ruby_scope_resolution_scope( + unique int ruby_scope_resolution: @ruby_scope_resolution ref, + unique int scope: @ruby_scope_resolution_scope_type ref +); + +ruby_scope_resolution_def( + unique int id: @ruby_scope_resolution, + int name: @ruby_token_constant ref +); + +ruby_setter_def( + unique int id: @ruby_setter, + int name: @ruby_token_identifier ref +); + +ruby_singleton_class_body( + unique int ruby_singleton_class: @ruby_singleton_class ref, + unique int body: @ruby_body_statement ref +); + +ruby_singleton_class_def( + unique int id: @ruby_singleton_class, + int value: @ruby_underscore_arg ref +); + +@ruby_singleton_method_body_type = @ruby_body_statement | @ruby_rescue_modifier | @ruby_underscore_arg + +ruby_singleton_method_body( + unique int ruby_singleton_method: @ruby_singleton_method ref, + unique int body: @ruby_singleton_method_body_type ref +); + +@ruby_singleton_method_object_type = @ruby_underscore_arg | @ruby_underscore_variable + +ruby_singleton_method_parameters( + unique int ruby_singleton_method: @ruby_singleton_method ref, + unique int parameters: @ruby_method_parameters ref +); + +ruby_singleton_method_def( + unique int id: @ruby_singleton_method, + int name: @ruby_underscore_method_name ref, + int object: @ruby_singleton_method_object_type ref +); + +ruby_splat_argument_child( + unique int ruby_splat_argument: @ruby_splat_argument ref, + unique int child: @ruby_underscore_arg ref +); + +ruby_splat_argument_def( + unique int id: @ruby_splat_argument +); + +ruby_splat_parameter_name( + unique int ruby_splat_parameter: @ruby_splat_parameter ref, + unique int name: @ruby_token_identifier ref +); + +ruby_splat_parameter_def( + unique int id: @ruby_splat_parameter +); + +@ruby_string_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_string__, index] +ruby_string_child( + int ruby_string__: @ruby_string__ ref, + int index: int ref, + unique int child: @ruby_string_child_type ref +); + +ruby_string_def( + unique int id: @ruby_string__ +); + +#keyset[ruby_string_array, index] +ruby_string_array_child( + int ruby_string_array: @ruby_string_array ref, + int index: int ref, + unique int child: @ruby_bare_string ref +); + +ruby_string_array_def( + unique int id: @ruby_string_array +); + +@ruby_subshell_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_subshell, index] +ruby_subshell_child( + int ruby_subshell: @ruby_subshell ref, + int index: int ref, + unique int child: @ruby_subshell_child_type ref +); + +ruby_subshell_def( + unique int id: @ruby_subshell +); + +ruby_superclass_def( + unique int id: @ruby_superclass, + int child: @ruby_underscore_expression ref +); + +#keyset[ruby_symbol_array, index] +ruby_symbol_array_child( + int ruby_symbol_array: @ruby_symbol_array ref, + int index: int ref, + unique int child: @ruby_bare_symbol ref +); + +ruby_symbol_array_def( + unique int id: @ruby_symbol_array +); + +ruby_test_pattern_def( + unique int id: @ruby_test_pattern, + int pattern: @ruby_underscore_pattern_top_expr_body ref, + int value: @ruby_underscore_arg ref +); + +@ruby_then_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_then, index] +ruby_then_child( + int ruby_then: @ruby_then ref, + int index: int ref, + unique int child: @ruby_then_child_type ref +); + +ruby_then_def( + unique int id: @ruby_then +); + +@ruby_unary_operand_type = @ruby_parenthesized_statements | @ruby_underscore_expression | @ruby_underscore_simple_numeric + +case @ruby_unary.operator of + 0 = @ruby_unary_bang +| 1 = @ruby_unary_plus +| 2 = @ruby_unary_minus +| 3 = @ruby_unary_definedquestion +| 4 = @ruby_unary_not +| 5 = @ruby_unary_tilde +; + + +ruby_unary_def( + unique int id: @ruby_unary, + int operand: @ruby_unary_operand_type ref, + int operator: int ref +); + +#keyset[ruby_undef, index] +ruby_undef_child( + int ruby_undef: @ruby_undef ref, + int index: int ref, + unique int child: @ruby_underscore_method_name ref +); + +ruby_undef_def( + unique int id: @ruby_undef +); + +@ruby_unless_alternative_type = @ruby_else | @ruby_elsif + +ruby_unless_alternative( + unique int ruby_unless: @ruby_unless ref, + unique int alternative: @ruby_unless_alternative_type ref +); + +ruby_unless_consequence( + unique int ruby_unless: @ruby_unless ref, + unique int consequence: @ruby_then ref +); + +ruby_unless_def( + unique int id: @ruby_unless, + int condition: @ruby_underscore_statement ref +); + +ruby_unless_guard_def( + unique int id: @ruby_unless_guard, + int condition: @ruby_underscore_expression ref +); + +ruby_unless_modifier_def( + unique int id: @ruby_unless_modifier, + int body: @ruby_underscore_statement ref, + int condition: @ruby_underscore_expression ref +); + +ruby_until_def( + unique int id: @ruby_until, + int body: @ruby_do ref, + int condition: @ruby_underscore_statement ref +); + +ruby_until_modifier_def( + unique int id: @ruby_until_modifier, + int body: @ruby_underscore_statement ref, + int condition: @ruby_underscore_expression ref +); + +@ruby_variable_reference_pattern_name_type = @ruby_token_identifier | @ruby_underscore_nonlocal_variable + +ruby_variable_reference_pattern_def( + unique int id: @ruby_variable_reference_pattern, + int name: @ruby_variable_reference_pattern_name_type ref +); + +ruby_when_body( + unique int ruby_when: @ruby_when ref, + unique int body: @ruby_then ref +); + +#keyset[ruby_when, index] +ruby_when_pattern( + int ruby_when: @ruby_when ref, + int index: int ref, + unique int pattern: @ruby_pattern ref +); + +ruby_when_def( + unique int id: @ruby_when +); + +ruby_while_def( + unique int id: @ruby_while, + int body: @ruby_do ref, + int condition: @ruby_underscore_statement ref +); + +ruby_while_modifier_def( + unique int id: @ruby_while_modifier, + int body: @ruby_underscore_statement ref, + int condition: @ruby_underscore_expression ref +); + +ruby_yield_child( + unique int ruby_yield: @ruby_yield ref, + unique int child: @ruby_argument_list ref +); + +ruby_yield_def( + unique int id: @ruby_yield +); + +ruby_tokeninfo( + unique int id: @ruby_token, + int kind: int ref, + string value: string ref +); + +case @ruby_token.kind of + 0 = @ruby_reserved_word +| 1 = @ruby_token_character +| 2 = @ruby_token_class_variable +| 3 = @ruby_token_comment +| 4 = @ruby_token_constant +| 5 = @ruby_token_empty_statement +| 6 = @ruby_token_encoding +| 7 = @ruby_token_escape_sequence +| 8 = @ruby_token_false +| 9 = @ruby_token_file +| 10 = @ruby_token_float +| 11 = @ruby_token_forward_argument +| 12 = @ruby_token_forward_parameter +| 13 = @ruby_token_global_variable +| 14 = @ruby_token_hash_key_symbol +| 15 = @ruby_token_hash_splat_nil +| 16 = @ruby_token_heredoc_beginning +| 17 = @ruby_token_heredoc_content +| 18 = @ruby_token_heredoc_end +| 19 = @ruby_token_identifier +| 20 = @ruby_token_instance_variable +| 21 = @ruby_token_integer +| 22 = @ruby_token_line +| 23 = @ruby_token_nil +| 24 = @ruby_token_operator +| 25 = @ruby_token_self +| 26 = @ruby_token_simple_symbol +| 27 = @ruby_token_string_content +| 28 = @ruby_token_super +| 29 = @ruby_token_true +| 30 = @ruby_token_uninterpreted +; + + +@ruby_ast_node = @ruby_alias | @ruby_alternative_pattern | @ruby_argument_list | @ruby_array | @ruby_array_pattern | @ruby_as_pattern | @ruby_assignment | @ruby_bare_string | @ruby_bare_symbol | @ruby_begin | @ruby_begin_block | @ruby_binary | @ruby_block | @ruby_block_argument | @ruby_block_body | @ruby_block_parameter | @ruby_block_parameters | @ruby_body_statement | @ruby_break | @ruby_call | @ruby_case__ | @ruby_case_match | @ruby_chained_string | @ruby_class | @ruby_complex | @ruby_conditional | @ruby_delimited_symbol | @ruby_destructured_left_assignment | @ruby_destructured_parameter | @ruby_do | @ruby_do_block | @ruby_element_reference | @ruby_else | @ruby_elsif | @ruby_end_block | @ruby_ensure | @ruby_exception_variable | @ruby_exceptions | @ruby_expression_reference_pattern | @ruby_find_pattern | @ruby_for | @ruby_hash | @ruby_hash_pattern | @ruby_hash_splat_argument | @ruby_hash_splat_parameter | @ruby_heredoc_body | @ruby_if | @ruby_if_guard | @ruby_if_modifier | @ruby_in | @ruby_in_clause | @ruby_interpolation | @ruby_keyword_parameter | @ruby_keyword_pattern | @ruby_lambda | @ruby_lambda_parameters | @ruby_left_assignment_list | @ruby_match_pattern | @ruby_method | @ruby_method_parameters | @ruby_module | @ruby_next | @ruby_operator_assignment | @ruby_optional_parameter | @ruby_pair | @ruby_parenthesized_pattern | @ruby_parenthesized_statements | @ruby_pattern | @ruby_program | @ruby_range | @ruby_rational | @ruby_redo | @ruby_regex | @ruby_rescue | @ruby_rescue_modifier | @ruby_rest_assignment | @ruby_retry | @ruby_return | @ruby_right_assignment_list | @ruby_scope_resolution | @ruby_setter | @ruby_singleton_class | @ruby_singleton_method | @ruby_splat_argument | @ruby_splat_parameter | @ruby_string__ | @ruby_string_array | @ruby_subshell | @ruby_superclass | @ruby_symbol_array | @ruby_test_pattern | @ruby_then | @ruby_token | @ruby_unary | @ruby_undef | @ruby_unless | @ruby_unless_guard | @ruby_unless_modifier | @ruby_until | @ruby_until_modifier | @ruby_variable_reference_pattern | @ruby_when | @ruby_while | @ruby_while_modifier | @ruby_yield + +@ruby_ast_node_parent = @file | @ruby_ast_node + +#keyset[parent, parent_index] +ruby_ast_node_info( + unique int node: @ruby_ast_node ref, + int parent: @ruby_ast_node_parent ref, + int parent_index: int ref, + int loc: @location ref +); + +erb_comment_directive_child( + unique int erb_comment_directive: @erb_comment_directive ref, + unique int child: @erb_token_comment ref +); + +erb_comment_directive_def( + unique int id: @erb_comment_directive +); + +erb_directive_child( + unique int erb_directive: @erb_directive ref, + unique int child: @erb_token_code ref +); + +erb_directive_def( + unique int id: @erb_directive +); + +erb_graphql_directive_child( + unique int erb_graphql_directive: @erb_graphql_directive ref, + unique int child: @erb_token_code ref +); + +erb_graphql_directive_def( + unique int id: @erb_graphql_directive +); + +erb_output_directive_child( + unique int erb_output_directive: @erb_output_directive ref, + unique int child: @erb_token_code ref +); + +erb_output_directive_def( + unique int id: @erb_output_directive +); + +@erb_template_child_type = @erb_comment_directive | @erb_directive | @erb_graphql_directive | @erb_output_directive | @erb_token_content + +#keyset[erb_template, index] +erb_template_child( + int erb_template: @erb_template ref, + int index: int ref, + unique int child: @erb_template_child_type ref +); + +erb_template_def( + unique int id: @erb_template +); + +erb_tokeninfo( + unique int id: @erb_token, + int kind: int ref, + string value: string ref +); + +case @erb_token.kind of + 0 = @erb_reserved_word +| 1 = @erb_token_code +| 2 = @erb_token_comment +| 3 = @erb_token_content +; + + +@erb_ast_node = @erb_comment_directive | @erb_directive | @erb_graphql_directive | @erb_output_directive | @erb_template | @erb_token + +@erb_ast_node_parent = @erb_ast_node | @file + +#keyset[parent, parent_index] +erb_ast_node_info( + unique int node: @erb_ast_node ref, + int parent: @erb_ast_node_parent ref, + int parent_index: int ref, + int loc: @location ref +); + diff --git a/ruby/ql/lib/upgrades/ff289788b1552e32078788baa27152cc95b68f77/ruby.dbscheme b/ruby/ql/lib/upgrades/ff289788b1552e32078788baa27152cc95b68f77/ruby.dbscheme new file mode 100644 index 00000000000..f9f0f4023e4 --- /dev/null +++ b/ruby/ql/lib/upgrades/ff289788b1552e32078788baa27152cc95b68f77/ruby.dbscheme @@ -0,0 +1,1509 @@ +// CodeQL database schema for Ruby +// Automatically generated from the tree-sitter grammar; do not edit + +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- Diagnostic messages -*/ + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +/*- Diagnostic messages: severity -*/ + +case @diagnostic.severity of + 10 = @diagnostic_debug +| 20 = @diagnostic_info +| 30 = @diagnostic_warning +| 40 = @diagnostic_error +; + +/*- YAML -*/ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + string tag: string ref, + string tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + string anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + string target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + string value: string ref); + +yaml_errors (unique int id: @yaml_error, + string message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + +/*- Ruby dbscheme -*/ +@ruby_underscore_arg = @ruby_assignment | @ruby_binary | @ruby_conditional | @ruby_operator_assignment | @ruby_range | @ruby_unary | @ruby_underscore_primary + +@ruby_underscore_call_operator = @ruby_reserved_word + +@ruby_underscore_expression = @ruby_assignment | @ruby_binary | @ruby_break | @ruby_call | @ruby_match_pattern | @ruby_next | @ruby_operator_assignment | @ruby_return | @ruby_test_pattern | @ruby_unary | @ruby_underscore_arg | @ruby_yield + +@ruby_underscore_lhs = @ruby_call | @ruby_element_reference | @ruby_scope_resolution | @ruby_token_false | @ruby_token_nil | @ruby_token_true | @ruby_underscore_variable + +@ruby_underscore_method_name = @ruby_delimited_symbol | @ruby_setter | @ruby_token_constant | @ruby_token_identifier | @ruby_token_operator | @ruby_token_simple_symbol | @ruby_underscore_nonlocal_variable + +@ruby_underscore_nonlocal_variable = @ruby_token_class_variable | @ruby_token_global_variable | @ruby_token_instance_variable + +@ruby_underscore_pattern_constant = @ruby_scope_resolution | @ruby_token_constant + +@ruby_underscore_pattern_expr = @ruby_alternative_pattern | @ruby_as_pattern | @ruby_underscore_pattern_expr_basic + +@ruby_underscore_pattern_expr_basic = @ruby_array_pattern | @ruby_expression_reference_pattern | @ruby_find_pattern | @ruby_hash_pattern | @ruby_parenthesized_pattern | @ruby_range | @ruby_token_identifier | @ruby_underscore_pattern_constant | @ruby_underscore_pattern_primitive | @ruby_variable_reference_pattern + +@ruby_underscore_pattern_primitive = @ruby_delimited_symbol | @ruby_lambda | @ruby_regex | @ruby_string__ | @ruby_string_array | @ruby_subshell | @ruby_symbol_array | @ruby_token_encoding | @ruby_token_false | @ruby_token_file | @ruby_token_heredoc_beginning | @ruby_token_line | @ruby_token_nil | @ruby_token_self | @ruby_token_simple_symbol | @ruby_token_true | @ruby_unary | @ruby_underscore_simple_numeric + +@ruby_underscore_pattern_top_expr_body = @ruby_array_pattern | @ruby_find_pattern | @ruby_hash_pattern | @ruby_underscore_pattern_expr + +@ruby_underscore_primary = @ruby_array | @ruby_begin | @ruby_break | @ruby_call | @ruby_case__ | @ruby_case_match | @ruby_chained_string | @ruby_class | @ruby_delimited_symbol | @ruby_for | @ruby_hash | @ruby_if | @ruby_lambda | @ruby_method | @ruby_module | @ruby_next | @ruby_parenthesized_statements | @ruby_redo | @ruby_regex | @ruby_retry | @ruby_return | @ruby_singleton_class | @ruby_singleton_method | @ruby_string__ | @ruby_string_array | @ruby_subshell | @ruby_symbol_array | @ruby_token_character | @ruby_token_heredoc_beginning | @ruby_token_simple_symbol | @ruby_unary | @ruby_underscore_lhs | @ruby_underscore_simple_numeric | @ruby_unless | @ruby_until | @ruby_while | @ruby_yield + +@ruby_underscore_simple_numeric = @ruby_complex | @ruby_rational | @ruby_token_float | @ruby_token_integer + +@ruby_underscore_statement = @ruby_alias | @ruby_begin_block | @ruby_end_block | @ruby_if_modifier | @ruby_rescue_modifier | @ruby_undef | @ruby_underscore_expression | @ruby_unless_modifier | @ruby_until_modifier | @ruby_while_modifier + +@ruby_underscore_variable = @ruby_token_constant | @ruby_token_identifier | @ruby_token_self | @ruby_token_super | @ruby_underscore_nonlocal_variable + +ruby_alias_def( + unique int id: @ruby_alias, + int alias: @ruby_underscore_method_name ref, + int name: @ruby_underscore_method_name ref +); + +#keyset[ruby_alternative_pattern, index] +ruby_alternative_pattern_alternatives( + int ruby_alternative_pattern: @ruby_alternative_pattern ref, + int index: int ref, + unique int alternatives: @ruby_underscore_pattern_expr_basic ref +); + +ruby_alternative_pattern_def( + unique int id: @ruby_alternative_pattern +); + +@ruby_argument_list_child_type = @ruby_block_argument | @ruby_hash_splat_argument | @ruby_pair | @ruby_splat_argument | @ruby_token_forward_argument | @ruby_underscore_expression + +#keyset[ruby_argument_list, index] +ruby_argument_list_child( + int ruby_argument_list: @ruby_argument_list ref, + int index: int ref, + unique int child: @ruby_argument_list_child_type ref +); + +ruby_argument_list_def( + unique int id: @ruby_argument_list +); + +@ruby_array_child_type = @ruby_block_argument | @ruby_hash_splat_argument | @ruby_pair | @ruby_splat_argument | @ruby_token_forward_argument | @ruby_underscore_expression + +#keyset[ruby_array, index] +ruby_array_child( + int ruby_array: @ruby_array ref, + int index: int ref, + unique int child: @ruby_array_child_type ref +); + +ruby_array_def( + unique int id: @ruby_array +); + +ruby_array_pattern_class( + unique int ruby_array_pattern: @ruby_array_pattern ref, + unique int class: @ruby_underscore_pattern_constant ref +); + +@ruby_array_pattern_child_type = @ruby_splat_parameter | @ruby_underscore_pattern_expr + +#keyset[ruby_array_pattern, index] +ruby_array_pattern_child( + int ruby_array_pattern: @ruby_array_pattern ref, + int index: int ref, + unique int child: @ruby_array_pattern_child_type ref +); + +ruby_array_pattern_def( + unique int id: @ruby_array_pattern +); + +ruby_as_pattern_def( + unique int id: @ruby_as_pattern, + int name: @ruby_token_identifier ref, + int value: @ruby_underscore_pattern_expr ref +); + +@ruby_assignment_left_type = @ruby_left_assignment_list | @ruby_underscore_lhs + +@ruby_assignment_right_type = @ruby_rescue_modifier | @ruby_right_assignment_list | @ruby_splat_argument | @ruby_underscore_expression + +ruby_assignment_def( + unique int id: @ruby_assignment, + int left: @ruby_assignment_left_type ref, + int right: @ruby_assignment_right_type ref +); + +@ruby_bare_string_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_bare_string, index] +ruby_bare_string_child( + int ruby_bare_string: @ruby_bare_string ref, + int index: int ref, + unique int child: @ruby_bare_string_child_type ref +); + +ruby_bare_string_def( + unique int id: @ruby_bare_string +); + +@ruby_bare_symbol_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_bare_symbol, index] +ruby_bare_symbol_child( + int ruby_bare_symbol: @ruby_bare_symbol ref, + int index: int ref, + unique int child: @ruby_bare_symbol_child_type ref +); + +ruby_bare_symbol_def( + unique int id: @ruby_bare_symbol +); + +@ruby_begin_child_type = @ruby_else | @ruby_ensure | @ruby_rescue | @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_begin, index] +ruby_begin_child( + int ruby_begin: @ruby_begin ref, + int index: int ref, + unique int child: @ruby_begin_child_type ref +); + +ruby_begin_def( + unique int id: @ruby_begin +); + +@ruby_begin_block_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_begin_block, index] +ruby_begin_block_child( + int ruby_begin_block: @ruby_begin_block ref, + int index: int ref, + unique int child: @ruby_begin_block_child_type ref +); + +ruby_begin_block_def( + unique int id: @ruby_begin_block +); + +@ruby_binary_left_type = @ruby_underscore_expression | @ruby_underscore_simple_numeric + +case @ruby_binary.operator of + 0 = @ruby_binary_bangequal +| 1 = @ruby_binary_bangtilde +| 2 = @ruby_binary_percent +| 3 = @ruby_binary_ampersand +| 4 = @ruby_binary_ampersandampersand +| 5 = @ruby_binary_star +| 6 = @ruby_binary_starstar +| 7 = @ruby_binary_plus +| 8 = @ruby_binary_minus +| 9 = @ruby_binary_slash +| 10 = @ruby_binary_langle +| 11 = @ruby_binary_langlelangle +| 12 = @ruby_binary_langleequal +| 13 = @ruby_binary_langleequalrangle +| 14 = @ruby_binary_equalequal +| 15 = @ruby_binary_equalequalequal +| 16 = @ruby_binary_equaltilde +| 17 = @ruby_binary_rangle +| 18 = @ruby_binary_rangleequal +| 19 = @ruby_binary_ranglerangle +| 20 = @ruby_binary_caret +| 21 = @ruby_binary_and +| 22 = @ruby_binary_or +| 23 = @ruby_binary_pipe +| 24 = @ruby_binary_pipepipe +; + + +ruby_binary_def( + unique int id: @ruby_binary, + int left: @ruby_binary_left_type ref, + int operator: int ref, + int right: @ruby_underscore_expression ref +); + +ruby_block_body( + unique int ruby_block: @ruby_block ref, + unique int body: @ruby_block_body ref +); + +ruby_block_parameters( + unique int ruby_block: @ruby_block ref, + unique int parameters: @ruby_block_parameters ref +); + +ruby_block_def( + unique int id: @ruby_block +); + +ruby_block_argument_child( + unique int ruby_block_argument: @ruby_block_argument ref, + unique int child: @ruby_underscore_arg ref +); + +ruby_block_argument_def( + unique int id: @ruby_block_argument +); + +@ruby_block_body_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_block_body, index] +ruby_block_body_child( + int ruby_block_body: @ruby_block_body ref, + int index: int ref, + unique int child: @ruby_block_body_child_type ref +); + +ruby_block_body_def( + unique int id: @ruby_block_body +); + +ruby_block_parameter_name( + unique int ruby_block_parameter: @ruby_block_parameter ref, + unique int name: @ruby_token_identifier ref +); + +ruby_block_parameter_def( + unique int id: @ruby_block_parameter +); + +#keyset[ruby_block_parameters, index] +ruby_block_parameters_locals( + int ruby_block_parameters: @ruby_block_parameters ref, + int index: int ref, + unique int locals: @ruby_token_identifier ref +); + +@ruby_block_parameters_child_type = @ruby_block_parameter | @ruby_destructured_parameter | @ruby_hash_splat_parameter | @ruby_keyword_parameter | @ruby_optional_parameter | @ruby_splat_parameter | @ruby_token_forward_parameter | @ruby_token_hash_splat_nil | @ruby_token_identifier + +#keyset[ruby_block_parameters, index] +ruby_block_parameters_child( + int ruby_block_parameters: @ruby_block_parameters ref, + int index: int ref, + unique int child: @ruby_block_parameters_child_type ref +); + +ruby_block_parameters_def( + unique int id: @ruby_block_parameters +); + +@ruby_body_statement_child_type = @ruby_else | @ruby_ensure | @ruby_rescue | @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_body_statement, index] +ruby_body_statement_child( + int ruby_body_statement: @ruby_body_statement ref, + int index: int ref, + unique int child: @ruby_body_statement_child_type ref +); + +ruby_body_statement_def( + unique int id: @ruby_body_statement +); + +ruby_break_child( + unique int ruby_break: @ruby_break ref, + unique int child: @ruby_argument_list ref +); + +ruby_break_def( + unique int id: @ruby_break +); + +ruby_call_arguments( + unique int ruby_call: @ruby_call ref, + unique int arguments: @ruby_argument_list ref +); + +@ruby_call_block_type = @ruby_block | @ruby_do_block + +ruby_call_block( + unique int ruby_call: @ruby_call ref, + unique int block: @ruby_call_block_type ref +); + +@ruby_call_method_type = @ruby_token_operator | @ruby_underscore_variable + +ruby_call_method( + unique int ruby_call: @ruby_call ref, + unique int method: @ruby_call_method_type ref +); + +ruby_call_operator( + unique int ruby_call: @ruby_call ref, + unique int operator: @ruby_underscore_call_operator ref +); + +ruby_call_receiver( + unique int ruby_call: @ruby_call ref, + unique int receiver: @ruby_underscore_primary ref +); + +ruby_call_def( + unique int id: @ruby_call +); + +ruby_case_value( + unique int ruby_case__: @ruby_case__ ref, + unique int value: @ruby_underscore_statement ref +); + +@ruby_case_child_type = @ruby_else | @ruby_when + +#keyset[ruby_case__, index] +ruby_case_child( + int ruby_case__: @ruby_case__ ref, + int index: int ref, + unique int child: @ruby_case_child_type ref +); + +ruby_case_def( + unique int id: @ruby_case__ +); + +#keyset[ruby_case_match, index] +ruby_case_match_clauses( + int ruby_case_match: @ruby_case_match ref, + int index: int ref, + unique int clauses: @ruby_in_clause ref +); + +ruby_case_match_else( + unique int ruby_case_match: @ruby_case_match ref, + unique int else: @ruby_else ref +); + +ruby_case_match_def( + unique int id: @ruby_case_match, + int value: @ruby_underscore_statement ref +); + +#keyset[ruby_chained_string, index] +ruby_chained_string_child( + int ruby_chained_string: @ruby_chained_string ref, + int index: int ref, + unique int child: @ruby_string__ ref +); + +ruby_chained_string_def( + unique int id: @ruby_chained_string +); + +ruby_class_body( + unique int ruby_class: @ruby_class ref, + unique int body: @ruby_body_statement ref +); + +@ruby_class_name_type = @ruby_scope_resolution | @ruby_token_constant + +ruby_class_superclass( + unique int ruby_class: @ruby_class ref, + unique int superclass: @ruby_superclass ref +); + +ruby_class_def( + unique int id: @ruby_class, + int name: @ruby_class_name_type ref +); + +@ruby_complex_child_type = @ruby_rational | @ruby_token_float | @ruby_token_integer + +ruby_complex_def( + unique int id: @ruby_complex, + int child: @ruby_complex_child_type ref +); + +ruby_conditional_def( + unique int id: @ruby_conditional, + int alternative: @ruby_underscore_arg ref, + int condition: @ruby_underscore_arg ref, + int consequence: @ruby_underscore_arg ref +); + +@ruby_delimited_symbol_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_delimited_symbol, index] +ruby_delimited_symbol_child( + int ruby_delimited_symbol: @ruby_delimited_symbol ref, + int index: int ref, + unique int child: @ruby_delimited_symbol_child_type ref +); + +ruby_delimited_symbol_def( + unique int id: @ruby_delimited_symbol +); + +@ruby_destructured_left_assignment_child_type = @ruby_destructured_left_assignment | @ruby_rest_assignment | @ruby_underscore_lhs + +#keyset[ruby_destructured_left_assignment, index] +ruby_destructured_left_assignment_child( + int ruby_destructured_left_assignment: @ruby_destructured_left_assignment ref, + int index: int ref, + unique int child: @ruby_destructured_left_assignment_child_type ref +); + +ruby_destructured_left_assignment_def( + unique int id: @ruby_destructured_left_assignment +); + +@ruby_destructured_parameter_child_type = @ruby_block_parameter | @ruby_destructured_parameter | @ruby_hash_splat_parameter | @ruby_keyword_parameter | @ruby_optional_parameter | @ruby_splat_parameter | @ruby_token_forward_parameter | @ruby_token_hash_splat_nil | @ruby_token_identifier + +#keyset[ruby_destructured_parameter, index] +ruby_destructured_parameter_child( + int ruby_destructured_parameter: @ruby_destructured_parameter ref, + int index: int ref, + unique int child: @ruby_destructured_parameter_child_type ref +); + +ruby_destructured_parameter_def( + unique int id: @ruby_destructured_parameter +); + +@ruby_do_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_do, index] +ruby_do_child( + int ruby_do: @ruby_do ref, + int index: int ref, + unique int child: @ruby_do_child_type ref +); + +ruby_do_def( + unique int id: @ruby_do +); + +ruby_do_block_body( + unique int ruby_do_block: @ruby_do_block ref, + unique int body: @ruby_body_statement ref +); + +ruby_do_block_parameters( + unique int ruby_do_block: @ruby_do_block ref, + unique int parameters: @ruby_block_parameters ref +); + +ruby_do_block_def( + unique int id: @ruby_do_block +); + +@ruby_element_reference_child_type = @ruby_block_argument | @ruby_hash_splat_argument | @ruby_pair | @ruby_splat_argument | @ruby_token_forward_argument | @ruby_underscore_expression + +#keyset[ruby_element_reference, index] +ruby_element_reference_child( + int ruby_element_reference: @ruby_element_reference ref, + int index: int ref, + unique int child: @ruby_element_reference_child_type ref +); + +ruby_element_reference_def( + unique int id: @ruby_element_reference, + int object: @ruby_underscore_primary ref +); + +@ruby_else_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_else, index] +ruby_else_child( + int ruby_else: @ruby_else ref, + int index: int ref, + unique int child: @ruby_else_child_type ref +); + +ruby_else_def( + unique int id: @ruby_else +); + +@ruby_elsif_alternative_type = @ruby_else | @ruby_elsif + +ruby_elsif_alternative( + unique int ruby_elsif: @ruby_elsif ref, + unique int alternative: @ruby_elsif_alternative_type ref +); + +ruby_elsif_consequence( + unique int ruby_elsif: @ruby_elsif ref, + unique int consequence: @ruby_then ref +); + +ruby_elsif_def( + unique int id: @ruby_elsif, + int condition: @ruby_underscore_statement ref +); + +@ruby_end_block_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_end_block, index] +ruby_end_block_child( + int ruby_end_block: @ruby_end_block ref, + int index: int ref, + unique int child: @ruby_end_block_child_type ref +); + +ruby_end_block_def( + unique int id: @ruby_end_block +); + +@ruby_ensure_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_ensure, index] +ruby_ensure_child( + int ruby_ensure: @ruby_ensure ref, + int index: int ref, + unique int child: @ruby_ensure_child_type ref +); + +ruby_ensure_def( + unique int id: @ruby_ensure +); + +ruby_exception_variable_def( + unique int id: @ruby_exception_variable, + int child: @ruby_underscore_lhs ref +); + +@ruby_exceptions_child_type = @ruby_splat_argument | @ruby_underscore_arg + +#keyset[ruby_exceptions, index] +ruby_exceptions_child( + int ruby_exceptions: @ruby_exceptions ref, + int index: int ref, + unique int child: @ruby_exceptions_child_type ref +); + +ruby_exceptions_def( + unique int id: @ruby_exceptions +); + +ruby_expression_reference_pattern_def( + unique int id: @ruby_expression_reference_pattern, + int value: @ruby_underscore_expression ref +); + +ruby_find_pattern_class( + unique int ruby_find_pattern: @ruby_find_pattern ref, + unique int class: @ruby_underscore_pattern_constant ref +); + +@ruby_find_pattern_child_type = @ruby_splat_parameter | @ruby_underscore_pattern_expr + +#keyset[ruby_find_pattern, index] +ruby_find_pattern_child( + int ruby_find_pattern: @ruby_find_pattern ref, + int index: int ref, + unique int child: @ruby_find_pattern_child_type ref +); + +ruby_find_pattern_def( + unique int id: @ruby_find_pattern +); + +@ruby_for_pattern_type = @ruby_left_assignment_list | @ruby_underscore_lhs + +ruby_for_def( + unique int id: @ruby_for, + int body: @ruby_do ref, + int pattern: @ruby_for_pattern_type ref, + int value: @ruby_in ref +); + +@ruby_hash_child_type = @ruby_hash_splat_argument | @ruby_pair + +#keyset[ruby_hash, index] +ruby_hash_child( + int ruby_hash: @ruby_hash ref, + int index: int ref, + unique int child: @ruby_hash_child_type ref +); + +ruby_hash_def( + unique int id: @ruby_hash +); + +ruby_hash_pattern_class( + unique int ruby_hash_pattern: @ruby_hash_pattern ref, + unique int class: @ruby_underscore_pattern_constant ref +); + +@ruby_hash_pattern_child_type = @ruby_hash_splat_parameter | @ruby_keyword_pattern | @ruby_token_hash_splat_nil + +#keyset[ruby_hash_pattern, index] +ruby_hash_pattern_child( + int ruby_hash_pattern: @ruby_hash_pattern ref, + int index: int ref, + unique int child: @ruby_hash_pattern_child_type ref +); + +ruby_hash_pattern_def( + unique int id: @ruby_hash_pattern +); + +ruby_hash_splat_argument_child( + unique int ruby_hash_splat_argument: @ruby_hash_splat_argument ref, + unique int child: @ruby_underscore_arg ref +); + +ruby_hash_splat_argument_def( + unique int id: @ruby_hash_splat_argument +); + +ruby_hash_splat_parameter_name( + unique int ruby_hash_splat_parameter: @ruby_hash_splat_parameter ref, + unique int name: @ruby_token_identifier ref +); + +ruby_hash_splat_parameter_def( + unique int id: @ruby_hash_splat_parameter +); + +@ruby_heredoc_body_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_heredoc_content | @ruby_token_heredoc_end + +#keyset[ruby_heredoc_body, index] +ruby_heredoc_body_child( + int ruby_heredoc_body: @ruby_heredoc_body ref, + int index: int ref, + unique int child: @ruby_heredoc_body_child_type ref +); + +ruby_heredoc_body_def( + unique int id: @ruby_heredoc_body +); + +@ruby_if_alternative_type = @ruby_else | @ruby_elsif + +ruby_if_alternative( + unique int ruby_if: @ruby_if ref, + unique int alternative: @ruby_if_alternative_type ref +); + +ruby_if_consequence( + unique int ruby_if: @ruby_if ref, + unique int consequence: @ruby_then ref +); + +ruby_if_def( + unique int id: @ruby_if, + int condition: @ruby_underscore_statement ref +); + +ruby_if_guard_def( + unique int id: @ruby_if_guard, + int condition: @ruby_underscore_expression ref +); + +ruby_if_modifier_def( + unique int id: @ruby_if_modifier, + int body: @ruby_underscore_statement ref, + int condition: @ruby_underscore_expression ref +); + +ruby_in_def( + unique int id: @ruby_in, + int child: @ruby_underscore_arg ref +); + +ruby_in_clause_body( + unique int ruby_in_clause: @ruby_in_clause ref, + unique int body: @ruby_then ref +); + +@ruby_in_clause_guard_type = @ruby_if_guard | @ruby_unless_guard + +ruby_in_clause_guard( + unique int ruby_in_clause: @ruby_in_clause ref, + unique int guard: @ruby_in_clause_guard_type ref +); + +ruby_in_clause_def( + unique int id: @ruby_in_clause, + int pattern: @ruby_underscore_pattern_top_expr_body ref +); + +@ruby_interpolation_child_type = @ruby_token_empty_statement | @ruby_underscore_nonlocal_variable | @ruby_underscore_statement + +#keyset[ruby_interpolation, index] +ruby_interpolation_child( + int ruby_interpolation: @ruby_interpolation ref, + int index: int ref, + unique int child: @ruby_interpolation_child_type ref +); + +ruby_interpolation_def( + unique int id: @ruby_interpolation +); + +ruby_keyword_parameter_value( + unique int ruby_keyword_parameter: @ruby_keyword_parameter ref, + unique int value: @ruby_underscore_arg ref +); + +ruby_keyword_parameter_def( + unique int id: @ruby_keyword_parameter, + int name: @ruby_token_identifier ref +); + +@ruby_keyword_pattern_key_type = @ruby_string__ | @ruby_token_hash_key_symbol + +ruby_keyword_pattern_value( + unique int ruby_keyword_pattern: @ruby_keyword_pattern ref, + unique int value: @ruby_underscore_pattern_expr ref +); + +ruby_keyword_pattern_def( + unique int id: @ruby_keyword_pattern, + int key__: @ruby_keyword_pattern_key_type ref +); + +@ruby_lambda_body_type = @ruby_block | @ruby_do_block + +ruby_lambda_parameters( + unique int ruby_lambda: @ruby_lambda ref, + unique int parameters: @ruby_lambda_parameters ref +); + +ruby_lambda_def( + unique int id: @ruby_lambda, + int body: @ruby_lambda_body_type ref +); + +@ruby_lambda_parameters_child_type = @ruby_block_parameter | @ruby_destructured_parameter | @ruby_hash_splat_parameter | @ruby_keyword_parameter | @ruby_optional_parameter | @ruby_splat_parameter | @ruby_token_forward_parameter | @ruby_token_hash_splat_nil | @ruby_token_identifier + +#keyset[ruby_lambda_parameters, index] +ruby_lambda_parameters_child( + int ruby_lambda_parameters: @ruby_lambda_parameters ref, + int index: int ref, + unique int child: @ruby_lambda_parameters_child_type ref +); + +ruby_lambda_parameters_def( + unique int id: @ruby_lambda_parameters +); + +@ruby_left_assignment_list_child_type = @ruby_destructured_left_assignment | @ruby_rest_assignment | @ruby_underscore_lhs + +#keyset[ruby_left_assignment_list, index] +ruby_left_assignment_list_child( + int ruby_left_assignment_list: @ruby_left_assignment_list ref, + int index: int ref, + unique int child: @ruby_left_assignment_list_child_type ref +); + +ruby_left_assignment_list_def( + unique int id: @ruby_left_assignment_list +); + +ruby_match_pattern_def( + unique int id: @ruby_match_pattern, + int pattern: @ruby_underscore_pattern_top_expr_body ref, + int value: @ruby_underscore_arg ref +); + +@ruby_method_body_type = @ruby_body_statement | @ruby_rescue_modifier | @ruby_underscore_arg + +ruby_method_body( + unique int ruby_method: @ruby_method ref, + unique int body: @ruby_method_body_type ref +); + +ruby_method_parameters( + unique int ruby_method: @ruby_method ref, + unique int parameters: @ruby_method_parameters ref +); + +ruby_method_def( + unique int id: @ruby_method, + int name: @ruby_underscore_method_name ref +); + +@ruby_method_parameters_child_type = @ruby_block_parameter | @ruby_destructured_parameter | @ruby_hash_splat_parameter | @ruby_keyword_parameter | @ruby_optional_parameter | @ruby_splat_parameter | @ruby_token_forward_parameter | @ruby_token_hash_splat_nil | @ruby_token_identifier + +#keyset[ruby_method_parameters, index] +ruby_method_parameters_child( + int ruby_method_parameters: @ruby_method_parameters ref, + int index: int ref, + unique int child: @ruby_method_parameters_child_type ref +); + +ruby_method_parameters_def( + unique int id: @ruby_method_parameters +); + +ruby_module_body( + unique int ruby_module: @ruby_module ref, + unique int body: @ruby_body_statement ref +); + +@ruby_module_name_type = @ruby_scope_resolution | @ruby_token_constant + +ruby_module_def( + unique int id: @ruby_module, + int name: @ruby_module_name_type ref +); + +ruby_next_child( + unique int ruby_next: @ruby_next ref, + unique int child: @ruby_argument_list ref +); + +ruby_next_def( + unique int id: @ruby_next +); + +case @ruby_operator_assignment.operator of + 0 = @ruby_operator_assignment_percentequal +| 1 = @ruby_operator_assignment_ampersandampersandequal +| 2 = @ruby_operator_assignment_ampersandequal +| 3 = @ruby_operator_assignment_starstarequal +| 4 = @ruby_operator_assignment_starequal +| 5 = @ruby_operator_assignment_plusequal +| 6 = @ruby_operator_assignment_minusequal +| 7 = @ruby_operator_assignment_slashequal +| 8 = @ruby_operator_assignment_langlelangleequal +| 9 = @ruby_operator_assignment_ranglerangleequal +| 10 = @ruby_operator_assignment_caretequal +| 11 = @ruby_operator_assignment_pipeequal +| 12 = @ruby_operator_assignment_pipepipeequal +; + + +@ruby_operator_assignment_right_type = @ruby_rescue_modifier | @ruby_underscore_expression + +ruby_operator_assignment_def( + unique int id: @ruby_operator_assignment, + int left: @ruby_underscore_lhs ref, + int operator: int ref, + int right: @ruby_operator_assignment_right_type ref +); + +ruby_optional_parameter_def( + unique int id: @ruby_optional_parameter, + int name: @ruby_token_identifier ref, + int value: @ruby_underscore_arg ref +); + +@ruby_pair_key_type = @ruby_string__ | @ruby_token_hash_key_symbol | @ruby_underscore_arg + +ruby_pair_value( + unique int ruby_pair: @ruby_pair ref, + unique int value: @ruby_underscore_arg ref +); + +ruby_pair_def( + unique int id: @ruby_pair, + int key__: @ruby_pair_key_type ref +); + +ruby_parenthesized_pattern_def( + unique int id: @ruby_parenthesized_pattern, + int child: @ruby_underscore_pattern_expr ref +); + +@ruby_parenthesized_statements_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_parenthesized_statements, index] +ruby_parenthesized_statements_child( + int ruby_parenthesized_statements: @ruby_parenthesized_statements ref, + int index: int ref, + unique int child: @ruby_parenthesized_statements_child_type ref +); + +ruby_parenthesized_statements_def( + unique int id: @ruby_parenthesized_statements +); + +@ruby_pattern_child_type = @ruby_splat_argument | @ruby_underscore_arg + +ruby_pattern_def( + unique int id: @ruby_pattern, + int child: @ruby_pattern_child_type ref +); + +@ruby_program_child_type = @ruby_token_empty_statement | @ruby_token_uninterpreted | @ruby_underscore_statement + +#keyset[ruby_program, index] +ruby_program_child( + int ruby_program: @ruby_program ref, + int index: int ref, + unique int child: @ruby_program_child_type ref +); + +ruby_program_def( + unique int id: @ruby_program +); + +@ruby_range_begin_type = @ruby_underscore_arg | @ruby_underscore_pattern_primitive + +ruby_range_begin( + unique int ruby_range: @ruby_range ref, + unique int begin: @ruby_range_begin_type ref +); + +@ruby_range_end_type = @ruby_underscore_arg | @ruby_underscore_pattern_primitive + +ruby_range_end( + unique int ruby_range: @ruby_range ref, + unique int end: @ruby_range_end_type ref +); + +case @ruby_range.operator of + 0 = @ruby_range_dotdot +| 1 = @ruby_range_dotdotdot +; + + +ruby_range_def( + unique int id: @ruby_range, + int operator: int ref +); + +@ruby_rational_child_type = @ruby_token_float | @ruby_token_integer + +ruby_rational_def( + unique int id: @ruby_rational, + int child: @ruby_rational_child_type ref +); + +ruby_redo_child( + unique int ruby_redo: @ruby_redo ref, + unique int child: @ruby_argument_list ref +); + +ruby_redo_def( + unique int id: @ruby_redo +); + +@ruby_regex_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_regex, index] +ruby_regex_child( + int ruby_regex: @ruby_regex ref, + int index: int ref, + unique int child: @ruby_regex_child_type ref +); + +ruby_regex_def( + unique int id: @ruby_regex +); + +ruby_rescue_body( + unique int ruby_rescue: @ruby_rescue ref, + unique int body: @ruby_then ref +); + +ruby_rescue_exceptions( + unique int ruby_rescue: @ruby_rescue ref, + unique int exceptions: @ruby_exceptions ref +); + +ruby_rescue_variable( + unique int ruby_rescue: @ruby_rescue ref, + unique int variable: @ruby_exception_variable ref +); + +ruby_rescue_def( + unique int id: @ruby_rescue +); + +@ruby_rescue_modifier_body_type = @ruby_underscore_arg | @ruby_underscore_statement + +ruby_rescue_modifier_def( + unique int id: @ruby_rescue_modifier, + int body: @ruby_rescue_modifier_body_type ref, + int handler: @ruby_underscore_expression ref +); + +ruby_rest_assignment_child( + unique int ruby_rest_assignment: @ruby_rest_assignment ref, + unique int child: @ruby_underscore_lhs ref +); + +ruby_rest_assignment_def( + unique int id: @ruby_rest_assignment +); + +ruby_retry_child( + unique int ruby_retry: @ruby_retry ref, + unique int child: @ruby_argument_list ref +); + +ruby_retry_def( + unique int id: @ruby_retry +); + +ruby_return_child( + unique int ruby_return: @ruby_return ref, + unique int child: @ruby_argument_list ref +); + +ruby_return_def( + unique int id: @ruby_return +); + +@ruby_right_assignment_list_child_type = @ruby_splat_argument | @ruby_underscore_arg + +#keyset[ruby_right_assignment_list, index] +ruby_right_assignment_list_child( + int ruby_right_assignment_list: @ruby_right_assignment_list ref, + int index: int ref, + unique int child: @ruby_right_assignment_list_child_type ref +); + +ruby_right_assignment_list_def( + unique int id: @ruby_right_assignment_list +); + +@ruby_scope_resolution_scope_type = @ruby_underscore_pattern_constant | @ruby_underscore_primary + +ruby_scope_resolution_scope( + unique int ruby_scope_resolution: @ruby_scope_resolution ref, + unique int scope: @ruby_scope_resolution_scope_type ref +); + +ruby_scope_resolution_def( + unique int id: @ruby_scope_resolution, + int name: @ruby_token_constant ref +); + +ruby_setter_def( + unique int id: @ruby_setter, + int name: @ruby_token_identifier ref +); + +ruby_singleton_class_body( + unique int ruby_singleton_class: @ruby_singleton_class ref, + unique int body: @ruby_body_statement ref +); + +ruby_singleton_class_def( + unique int id: @ruby_singleton_class, + int value: @ruby_underscore_arg ref +); + +@ruby_singleton_method_body_type = @ruby_body_statement | @ruby_rescue_modifier | @ruby_underscore_arg + +ruby_singleton_method_body( + unique int ruby_singleton_method: @ruby_singleton_method ref, + unique int body: @ruby_singleton_method_body_type ref +); + +@ruby_singleton_method_object_type = @ruby_underscore_arg | @ruby_underscore_variable + +ruby_singleton_method_parameters( + unique int ruby_singleton_method: @ruby_singleton_method ref, + unique int parameters: @ruby_method_parameters ref +); + +ruby_singleton_method_def( + unique int id: @ruby_singleton_method, + int name: @ruby_underscore_method_name ref, + int object: @ruby_singleton_method_object_type ref +); + +ruby_splat_argument_child( + unique int ruby_splat_argument: @ruby_splat_argument ref, + unique int child: @ruby_underscore_arg ref +); + +ruby_splat_argument_def( + unique int id: @ruby_splat_argument +); + +ruby_splat_parameter_name( + unique int ruby_splat_parameter: @ruby_splat_parameter ref, + unique int name: @ruby_token_identifier ref +); + +ruby_splat_parameter_def( + unique int id: @ruby_splat_parameter +); + +@ruby_string_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_string__, index] +ruby_string_child( + int ruby_string__: @ruby_string__ ref, + int index: int ref, + unique int child: @ruby_string_child_type ref +); + +ruby_string_def( + unique int id: @ruby_string__ +); + +#keyset[ruby_string_array, index] +ruby_string_array_child( + int ruby_string_array: @ruby_string_array ref, + int index: int ref, + unique int child: @ruby_bare_string ref +); + +ruby_string_array_def( + unique int id: @ruby_string_array +); + +@ruby_subshell_child_type = @ruby_interpolation | @ruby_token_escape_sequence | @ruby_token_string_content + +#keyset[ruby_subshell, index] +ruby_subshell_child( + int ruby_subshell: @ruby_subshell ref, + int index: int ref, + unique int child: @ruby_subshell_child_type ref +); + +ruby_subshell_def( + unique int id: @ruby_subshell +); + +ruby_superclass_def( + unique int id: @ruby_superclass, + int child: @ruby_underscore_expression ref +); + +#keyset[ruby_symbol_array, index] +ruby_symbol_array_child( + int ruby_symbol_array: @ruby_symbol_array ref, + int index: int ref, + unique int child: @ruby_bare_symbol ref +); + +ruby_symbol_array_def( + unique int id: @ruby_symbol_array +); + +ruby_test_pattern_def( + unique int id: @ruby_test_pattern, + int pattern: @ruby_underscore_pattern_top_expr_body ref, + int value: @ruby_underscore_arg ref +); + +@ruby_then_child_type = @ruby_token_empty_statement | @ruby_underscore_statement + +#keyset[ruby_then, index] +ruby_then_child( + int ruby_then: @ruby_then ref, + int index: int ref, + unique int child: @ruby_then_child_type ref +); + +ruby_then_def( + unique int id: @ruby_then +); + +@ruby_unary_operand_type = @ruby_parenthesized_statements | @ruby_underscore_expression | @ruby_underscore_simple_numeric + +case @ruby_unary.operator of + 0 = @ruby_unary_bang +| 1 = @ruby_unary_plus +| 2 = @ruby_unary_minus +| 3 = @ruby_unary_definedquestion +| 4 = @ruby_unary_not +| 5 = @ruby_unary_tilde +; + + +ruby_unary_def( + unique int id: @ruby_unary, + int operand: @ruby_unary_operand_type ref, + int operator: int ref +); + +#keyset[ruby_undef, index] +ruby_undef_child( + int ruby_undef: @ruby_undef ref, + int index: int ref, + unique int child: @ruby_underscore_method_name ref +); + +ruby_undef_def( + unique int id: @ruby_undef +); + +@ruby_unless_alternative_type = @ruby_else | @ruby_elsif + +ruby_unless_alternative( + unique int ruby_unless: @ruby_unless ref, + unique int alternative: @ruby_unless_alternative_type ref +); + +ruby_unless_consequence( + unique int ruby_unless: @ruby_unless ref, + unique int consequence: @ruby_then ref +); + +ruby_unless_def( + unique int id: @ruby_unless, + int condition: @ruby_underscore_statement ref +); + +ruby_unless_guard_def( + unique int id: @ruby_unless_guard, + int condition: @ruby_underscore_expression ref +); + +ruby_unless_modifier_def( + unique int id: @ruby_unless_modifier, + int body: @ruby_underscore_statement ref, + int condition: @ruby_underscore_expression ref +); + +ruby_until_def( + unique int id: @ruby_until, + int body: @ruby_do ref, + int condition: @ruby_underscore_statement ref +); + +ruby_until_modifier_def( + unique int id: @ruby_until_modifier, + int body: @ruby_underscore_statement ref, + int condition: @ruby_underscore_expression ref +); + +@ruby_variable_reference_pattern_name_type = @ruby_token_identifier | @ruby_underscore_nonlocal_variable + +ruby_variable_reference_pattern_def( + unique int id: @ruby_variable_reference_pattern, + int name: @ruby_variable_reference_pattern_name_type ref +); + +ruby_when_body( + unique int ruby_when: @ruby_when ref, + unique int body: @ruby_then ref +); + +#keyset[ruby_when, index] +ruby_when_pattern( + int ruby_when: @ruby_when ref, + int index: int ref, + unique int pattern: @ruby_pattern ref +); + +ruby_when_def( + unique int id: @ruby_when +); + +ruby_while_def( + unique int id: @ruby_while, + int body: @ruby_do ref, + int condition: @ruby_underscore_statement ref +); + +ruby_while_modifier_def( + unique int id: @ruby_while_modifier, + int body: @ruby_underscore_statement ref, + int condition: @ruby_underscore_expression ref +); + +ruby_yield_child( + unique int ruby_yield: @ruby_yield ref, + unique int child: @ruby_argument_list ref +); + +ruby_yield_def( + unique int id: @ruby_yield +); + +ruby_tokeninfo( + unique int id: @ruby_token, + int kind: int ref, + string value: string ref +); + +case @ruby_token.kind of + 0 = @ruby_reserved_word +| 1 = @ruby_token_character +| 2 = @ruby_token_class_variable +| 3 = @ruby_token_comment +| 4 = @ruby_token_constant +| 5 = @ruby_token_empty_statement +| 6 = @ruby_token_encoding +| 7 = @ruby_token_escape_sequence +| 8 = @ruby_token_false +| 9 = @ruby_token_file +| 10 = @ruby_token_float +| 11 = @ruby_token_forward_argument +| 12 = @ruby_token_forward_parameter +| 13 = @ruby_token_global_variable +| 14 = @ruby_token_hash_key_symbol +| 15 = @ruby_token_hash_splat_nil +| 16 = @ruby_token_heredoc_beginning +| 17 = @ruby_token_heredoc_content +| 18 = @ruby_token_heredoc_end +| 19 = @ruby_token_identifier +| 20 = @ruby_token_instance_variable +| 21 = @ruby_token_integer +| 22 = @ruby_token_line +| 23 = @ruby_token_nil +| 24 = @ruby_token_operator +| 25 = @ruby_token_self +| 26 = @ruby_token_simple_symbol +| 27 = @ruby_token_string_content +| 28 = @ruby_token_super +| 29 = @ruby_token_true +| 30 = @ruby_token_uninterpreted +; + + +@ruby_ast_node = @ruby_alias | @ruby_alternative_pattern | @ruby_argument_list | @ruby_array | @ruby_array_pattern | @ruby_as_pattern | @ruby_assignment | @ruby_bare_string | @ruby_bare_symbol | @ruby_begin | @ruby_begin_block | @ruby_binary | @ruby_block | @ruby_block_argument | @ruby_block_body | @ruby_block_parameter | @ruby_block_parameters | @ruby_body_statement | @ruby_break | @ruby_call | @ruby_case__ | @ruby_case_match | @ruby_chained_string | @ruby_class | @ruby_complex | @ruby_conditional | @ruby_delimited_symbol | @ruby_destructured_left_assignment | @ruby_destructured_parameter | @ruby_do | @ruby_do_block | @ruby_element_reference | @ruby_else | @ruby_elsif | @ruby_end_block | @ruby_ensure | @ruby_exception_variable | @ruby_exceptions | @ruby_expression_reference_pattern | @ruby_find_pattern | @ruby_for | @ruby_hash | @ruby_hash_pattern | @ruby_hash_splat_argument | @ruby_hash_splat_parameter | @ruby_heredoc_body | @ruby_if | @ruby_if_guard | @ruby_if_modifier | @ruby_in | @ruby_in_clause | @ruby_interpolation | @ruby_keyword_parameter | @ruby_keyword_pattern | @ruby_lambda | @ruby_lambda_parameters | @ruby_left_assignment_list | @ruby_match_pattern | @ruby_method | @ruby_method_parameters | @ruby_module | @ruby_next | @ruby_operator_assignment | @ruby_optional_parameter | @ruby_pair | @ruby_parenthesized_pattern | @ruby_parenthesized_statements | @ruby_pattern | @ruby_program | @ruby_range | @ruby_rational | @ruby_redo | @ruby_regex | @ruby_rescue | @ruby_rescue_modifier | @ruby_rest_assignment | @ruby_retry | @ruby_return | @ruby_right_assignment_list | @ruby_scope_resolution | @ruby_setter | @ruby_singleton_class | @ruby_singleton_method | @ruby_splat_argument | @ruby_splat_parameter | @ruby_string__ | @ruby_string_array | @ruby_subshell | @ruby_superclass | @ruby_symbol_array | @ruby_test_pattern | @ruby_then | @ruby_token | @ruby_unary | @ruby_undef | @ruby_unless | @ruby_unless_guard | @ruby_unless_modifier | @ruby_until | @ruby_until_modifier | @ruby_variable_reference_pattern | @ruby_when | @ruby_while | @ruby_while_modifier | @ruby_yield + +@ruby_ast_node_parent = @file | @ruby_ast_node + +#keyset[parent, parent_index] +ruby_ast_node_info( + unique int node: @ruby_ast_node ref, + int parent: @ruby_ast_node_parent ref, + int parent_index: int ref, + int loc: @location_default ref +); + +/*- Erb dbscheme -*/ +erb_comment_directive_child( + unique int erb_comment_directive: @erb_comment_directive ref, + unique int child: @erb_token_comment ref +); + +erb_comment_directive_def( + unique int id: @erb_comment_directive +); + +erb_directive_child( + unique int erb_directive: @erb_directive ref, + unique int child: @erb_token_code ref +); + +erb_directive_def( + unique int id: @erb_directive +); + +erb_graphql_directive_child( + unique int erb_graphql_directive: @erb_graphql_directive ref, + unique int child: @erb_token_code ref +); + +erb_graphql_directive_def( + unique int id: @erb_graphql_directive +); + +erb_output_directive_child( + unique int erb_output_directive: @erb_output_directive ref, + unique int child: @erb_token_code ref +); + +erb_output_directive_def( + unique int id: @erb_output_directive +); + +@erb_template_child_type = @erb_comment_directive | @erb_directive | @erb_graphql_directive | @erb_output_directive | @erb_token_content + +#keyset[erb_template, index] +erb_template_child( + int erb_template: @erb_template ref, + int index: int ref, + unique int child: @erb_template_child_type ref +); + +erb_template_def( + unique int id: @erb_template +); + +erb_tokeninfo( + unique int id: @erb_token, + int kind: int ref, + string value: string ref +); + +case @erb_token.kind of + 0 = @erb_reserved_word +| 1 = @erb_token_code +| 2 = @erb_token_comment +| 3 = @erb_token_content +; + + +@erb_ast_node = @erb_comment_directive | @erb_directive | @erb_graphql_directive | @erb_output_directive | @erb_template | @erb_token + +@erb_ast_node_parent = @erb_ast_node | @file + +#keyset[parent, parent_index] +erb_ast_node_info( + unique int node: @erb_ast_node ref, + int parent: @erb_ast_node_parent ref, + int parent_index: int ref, + int loc: @location_default ref +); + diff --git a/ruby/ql/lib/upgrades/ff289788b1552e32078788baa27152cc95b68f77/upgrade.properties b/ruby/ql/lib/upgrades/ff289788b1552e32078788baa27152cc95b68f77/upgrade.properties new file mode 100644 index 00000000000..7b75d5de56a --- /dev/null +++ b/ruby/ql/lib/upgrades/ff289788b1552e32078788baa27152cc95b68f77/upgrade.properties @@ -0,0 +1,2 @@ +description: Sync dbscheme fragments +compatibility: full From ef3005ea9e380625404ca813f4cd5ef60df7dc8b Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Fri, 21 Apr 2023 13:36:12 +0200 Subject: [PATCH 547/870] Python: sync shared dbscheme fragments --- config/dbscheme-fragments.json | 10 +- python/ql/lib/semmlecode.python.dbscheme | 371 ++++++++++-------- .../ql/lib/semmlecode.python.dbscheme.stats | 28 +- 3 files changed, 232 insertions(+), 177 deletions(-) diff --git a/config/dbscheme-fragments.json b/config/dbscheme-fragments.json index c97213e3162..0e8c6859fff 100644 --- a/config/dbscheme-fragments.json +++ b/config/dbscheme-fragments.json @@ -1,6 +1,7 @@ { "files": [ "javascript/ql/lib/semmlecode.javascript.dbscheme", + "python/ql/lib/semmlecode.python.dbscheme", "ruby/ql/lib/ruby.dbscheme", "ql/ql/src/ql.dbscheme" ], @@ -14,6 +15,10 @@ "/*- Configuration files with key value pairs -*/", "/*- YAML -*/", "/*- XML Files -*/", + "/*- DEPRECATED: External defects and metrics -*/", + "/*- DEPRECATED: Snapshot date -*/", + "/*- DEPRECATED: Duplicate code -*/", + "/*- DEPRECATED: Version control data -*/", "/*- JavaScript-specific part -*/", "/*- Ruby dbscheme -*/", "/*- Erb dbscheme -*/", @@ -21,6 +26,7 @@ "/*- Dbscheme dbscheme -*/", "/*- Yaml dbscheme -*/", "/*- Blame dbscheme -*/", - "/*- JSON dbscheme -*/" + "/*- JSON dbscheme -*/", + "/*- Python dbscheme -*/" ] -} +} \ No newline at end of file diff --git a/python/ql/lib/semmlecode.python.dbscheme b/python/ql/lib/semmlecode.python.dbscheme index 0355ecf0ac5..0565f746643 100644 --- a/python/ql/lib/semmlecode.python.dbscheme +++ b/python/ql/lib/semmlecode.python.dbscheme @@ -16,9 +16,7 @@ * mechanism not work properly. */ - /* - * External artifacts - */ +/*- DEPRECATED: External defects and metrics -*/ externalDefects( unique int id : @externalDefect, @@ -35,31 +33,44 @@ externalMetrics( float value : float ref ); +/*- External data -*/ + +/** + * External data, loaded from CSV files during snapshot creation. See + * [Tutorial: Incorporating external data](https://help.semmle.com/wiki/display/SD/Tutorial%3A+Incorporating+external+data) + * for more information. + */ externalData( int id : @externalDataElement, - varchar(900) queryPath : string ref, + string path : string ref, int column: int ref, - varchar(900) data : string ref + string value : string ref ); +/*- DEPRECATED: Snapshot date -*/ + snapshotDate(unique date snapshotDate : date ref); -sourceLocationPrefix(varchar(900) prefix : string ref); +/*- Source location prefix -*/ - -/* - * Duplicate code +/** + * The source location of the snapshot. */ +sourceLocationPrefix(string prefix : string ref); + +/*- DEPRECATED: Duplicate code -*/ duplicateCode( unique int id : @duplication, - varchar(900) relativePath : string ref, - int equivClass : int ref); + string relativePath : string ref, + int equivClass : int ref +); similarCode( unique int id : @similarity, - varchar(900) relativePath : string ref, - int equivClass : int ref); + string relativePath : string ref, + int equivClass : int ref +); @duplication_or_similarity = @duplication | @similarity @@ -69,7 +80,192 @@ tokens( int beginLine : int ref, int beginColumn : int ref, int endLine : int ref, - int endColumn : int ref); + int endColumn : int ref +); + +/*- DEPRECATED: Version control data -*/ + +svnentries( + unique int id : @svnentry, + string revision : string ref, + string author : string ref, + date revisionDate : date ref, + int changeSize : int ref +) + +svnaffectedfiles( + int id : @svnentry ref, + int file : @file ref, + string action : string ref +) + +svnentrymsg( + unique int id : @svnentry ref, + string message : string ref +) + +svnchurn( + int commit : @svnentry ref, + int file : @file ref, + int addedLines : int ref, + int deletedLines : int ref +) + +/*- Lines of code -*/ + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- XML Files -*/ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/*- YAML -*/ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + string tag: string ref, + string tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + string anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + string target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + string value: string ref); + +yaml_errors (unique int id: @yaml_error, + string message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + +/*- Python dbscheme -*/ /* * Line metrics @@ -86,68 +282,14 @@ py_docstringlines(int id : @py_scope ref, py_alllines(int id : @py_scope ref, int count : int ref); -/* - * Version history - */ - -svnentries( - int id : @svnentry, - varchar(500) revision : string ref, - varchar(500) author : string ref, - date revisionDate : date ref, - int changeSize : int ref -) - -svnaffectedfiles( - int id : @svnentry ref, - int file : @file ref, - varchar(500) action : string ref -) - -svnentrymsg( - int id : @svnentry ref, - varchar(500) message : string ref -) - -svnchurn( - int commit : @svnentry ref, - int file : @file ref, - int addedLines : int ref, - int deletedLines : int ref -) - /**************************** Python dbscheme ****************************/ -files(unique int id: @file, - varchar(900) name: string ref); - -folders(unique int id: @folder, - varchar(900) name: string ref); - -@container = @folder | @file; - -containerparent(int parent: @container ref, - unique int child: @container ref); - @sourceline = @file | @py_Module | @xmllocatable; -numlines(int element_id: @sourceline ref, - int num_lines: int ref, - int num_code: int ref, - int num_comment: int ref - ); - @location = @location_ast | @location_default ; -locations_default(unique int id: @location_default, - int file: @file ref, - int beginLine: int ref, - int beginColumn: int ref, - int endLine: int ref, - int endColumn: int ref); - locations_ast(unique int id: @location_ast, int module: @py_Module ref, int beginLine: int ref, @@ -1052,96 +1194,3 @@ py_decorated_object(int object : @py_object ref, @py_object = @py_cobject | @py_flow_node; @py_source_element = @py_ast_node | @container; - -/* XML Files */ - -xmlEncoding (unique int id: @file ref, varchar(900) encoding: string ref); - -xmlDTDs (unique int id: @xmldtd, - varchar(900) root: string ref, - varchar(900) publicId: string ref, - varchar(900) systemId: string ref, - int fileid: @file ref); - -xmlElements (unique int id: @xmlelement, - varchar(900) name: string ref, - int parentid: @xmlparent ref, - int idx: int ref, - int fileid: @file ref); - -xmlAttrs (unique int id: @xmlattribute, - int elementid: @xmlelement ref, - varchar(900) name: string ref, - varchar(3600) value: string ref, - int idx: int ref, - int fileid: @file ref); - -xmlNs (int id: @xmlnamespace, - varchar(900) prefixName: string ref, - varchar(900) URI: string ref, - int fileid: @file ref); - -xmlHasNs (int elementId: @xmlnamespaceable ref, - int nsId: @xmlnamespace ref, - int fileid: @file ref); - -xmlComments (unique int id: @xmlcomment, - varchar(3600) text: string ref, - int parentid: @xmlparent ref, - int fileid: @file ref); - -xmlChars (unique int id: @xmlcharacters, - varchar(3600) text: string ref, - int parentid: @xmlparent ref, - int idx: int ref, - int isCDATA: int ref, - int fileid: @file ref); - -@xmlparent = @file | @xmlelement; -@xmlnamespaceable = @xmlelement | @xmlattribute; - -xmllocations(int xmlElement: @xmllocatable ref, - int location: @location_default ref); - -@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; - -/** - * YAML - */ - -#keyset[parent, idx] -yaml (unique int id: @yaml_node, - int kind: int ref, - int parent: @yaml_node_parent ref, - int idx: int ref, - varchar(900) tag: string ref, - varchar(900) tostring: string ref); - -case @yaml_node.kind of - 0 = @yaml_scalar_node -| 1 = @yaml_mapping_node -| 2 = @yaml_sequence_node -| 3 = @yaml_alias_node -; - -@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; - -@yaml_node_parent = @yaml_collection_node | @file; - -yaml_anchors (unique int node: @yaml_node ref, - varchar(900) anchor: string ref); - -yaml_aliases (unique int alias: @yaml_alias_node ref, - varchar(900) target: string ref); - -yaml_scalars (unique int scalar: @yaml_scalar_node ref, - int style: int ref, - varchar(900) value: string ref); - -yaml_errors (unique int id: @yaml_error, - varchar(900) message: string ref); - -yaml_locations(unique int locatable: @yaml_locatable ref, - int location: @location_default ref); - -@yaml_locatable = @yaml_node | @yaml_error; diff --git a/python/ql/lib/semmlecode.python.dbscheme.stats b/python/ql/lib/semmlecode.python.dbscheme.stats index 1e6999b8a44..0424528c8db 100644 --- a/python/ql/lib/semmlecode.python.dbscheme.stats +++ b/python/ql/lib/semmlecode.python.dbscheme.stats @@ -1056,7 +1056,7 @@ 20 -queryPath +path 2 @@ -1064,14 +1064,14 @@ 5 -data +value 41 id -queryPath +path 12 @@ -1103,7 +1103,7 @@ id -data +value 12 @@ -1118,7 +1118,7 @@ -queryPath +path id @@ -1134,7 +1134,7 @@ -queryPath +path column @@ -1150,8 +1150,8 @@ -queryPath -data +path +value 12 @@ -1183,7 +1183,7 @@ column -queryPath +path 12 @@ -1199,7 +1199,7 @@ column -data +value 12 @@ -1214,7 +1214,7 @@ -data +value id @@ -1230,8 +1230,8 @@ -data -queryPath +value +path 12 @@ -1246,7 +1246,7 @@ -data +value column From 5e279f28988ce9cd13a45b44aa808d660e5668fa Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Fri, 12 May 2023 12:31:39 +0200 Subject: [PATCH 548/870] Python: add upgrade/downgrade scripts --- .../old.dbscheme | 1196 +++++++++++++++++ .../semmlecode.python.dbscheme | 1147 ++++++++++++++++ .../upgrade.properties | 2 + .../old.dbscheme | 1147 ++++++++++++++++ .../semmlecode.python.dbscheme | 1196 +++++++++++++++++ .../upgrade.properties | 2 + 6 files changed, 4690 insertions(+) create mode 100644 python/downgrades/0565f7466437d52e1dc64a3b930926ab2f60cd64/old.dbscheme create mode 100644 python/downgrades/0565f7466437d52e1dc64a3b930926ab2f60cd64/semmlecode.python.dbscheme create mode 100644 python/downgrades/0565f7466437d52e1dc64a3b930926ab2f60cd64/upgrade.properties create mode 100644 python/ql/lib/upgrades/0355ecf0ac589e66467a378e0e9d60f41ee4a757/old.dbscheme create mode 100644 python/ql/lib/upgrades/0355ecf0ac589e66467a378e0e9d60f41ee4a757/semmlecode.python.dbscheme create mode 100644 python/ql/lib/upgrades/0355ecf0ac589e66467a378e0e9d60f41ee4a757/upgrade.properties diff --git a/python/downgrades/0565f7466437d52e1dc64a3b930926ab2f60cd64/old.dbscheme b/python/downgrades/0565f7466437d52e1dc64a3b930926ab2f60cd64/old.dbscheme new file mode 100644 index 00000000000..0565f746643 --- /dev/null +++ b/python/downgrades/0565f7466437d52e1dc64a3b930926ab2f60cd64/old.dbscheme @@ -0,0 +1,1196 @@ +/* + * This dbscheme is auto-generated by 'semmle/dbscheme_gen.py'. + * WARNING: Any modifications to this file will be lost. + * Relations can be changed by modifying master.py or + * by adding rules to dbscheme.template + */ + +/* This is a dummy line to alter the dbscheme, so we can make a database upgrade + * without actually changing any of the dbscheme predicates. It contains a date + * to allow for such updates in the future as well. + * + * 2020-07-02 + * + * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a + * previously seen state (matching a previously seen SHA), which would make the upgrade + * mechanism not work properly. + */ + +/*- DEPRECATED: External defects and metrics -*/ + +externalDefects( + unique int id : @externalDefect, + varchar(900) queryPath : string ref, + int location : @location ref, + varchar(900) message : string ref, + float severity : float ref +); + +externalMetrics( + unique int id : @externalMetric, + varchar(900) queryPath : string ref, + int location : @location ref, + float value : float ref +); + +/*- External data -*/ + +/** + * External data, loaded from CSV files during snapshot creation. See + * [Tutorial: Incorporating external data](https://help.semmle.com/wiki/display/SD/Tutorial%3A+Incorporating+external+data) + * for more information. + */ +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +/*- DEPRECATED: Snapshot date -*/ + +snapshotDate(unique date snapshotDate : date ref); + +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- DEPRECATED: Duplicate code -*/ + +duplicateCode( + unique int id : @duplication, + string relativePath : string ref, + int equivClass : int ref +); + +similarCode( + unique int id : @similarity, + string relativePath : string ref, + int equivClass : int ref +); + +@duplication_or_similarity = @duplication | @similarity + +tokens( + int id : @duplication_or_similarity ref, + int offset : int ref, + int beginLine : int ref, + int beginColumn : int ref, + int endLine : int ref, + int endColumn : int ref +); + +/*- DEPRECATED: Version control data -*/ + +svnentries( + unique int id : @svnentry, + string revision : string ref, + string author : string ref, + date revisionDate : date ref, + int changeSize : int ref +) + +svnaffectedfiles( + int id : @svnentry ref, + int file : @file ref, + string action : string ref +) + +svnentrymsg( + unique int id : @svnentry ref, + string message : string ref +) + +svnchurn( + int commit : @svnentry ref, + int file : @file ref, + int addedLines : int ref, + int deletedLines : int ref +) + +/*- Lines of code -*/ + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- XML Files -*/ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/*- YAML -*/ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + string tag: string ref, + string tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + string anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + string target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + string value: string ref); + +yaml_errors (unique int id: @yaml_error, + string message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + +/*- Python dbscheme -*/ + +/* + * Line metrics + */ +py_codelines(int id : @py_scope ref, + int count : int ref); + +py_commentlines(int id : @py_scope ref, + int count : int ref); + +py_docstringlines(int id : @py_scope ref, + int count : int ref); + +py_alllines(int id : @py_scope ref, + int count : int ref); + +/**************************** + Python dbscheme +****************************/ + +@sourceline = @file | @py_Module | @xmllocatable; + +@location = @location_ast | @location_default ; + +locations_ast(unique int id: @location_ast, + int module: @py_Module ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +file_contents(unique int file: @file ref, string contents: string ref); + +py_module_path(int module: @py_Module ref, int file: @container ref); + +variable(unique int id : @py_variable, + int scope : @py_scope ref, + varchar(1) name : string ref); + +py_line_lengths(unique int id : @py_line, + int file: @py_Module ref, + int line : int ref, + int length : int ref); + +py_extracted_version(int module : @py_Module ref, + varchar(1) version : string ref); + +/* AUTO GENERATED PART STARTS HERE */ + + +/* AnnAssign.location = 0, location */ +/* AnnAssign.value = 1, expr */ +/* AnnAssign.annotation = 2, expr */ +/* AnnAssign.target = 3, expr */ + +/* Assert.location = 0, location */ +/* Assert.test = 1, expr */ +/* Assert.msg = 2, expr */ + +/* Assign.location = 0, location */ +/* Assign.value = 1, expr */ +/* Assign.targets = 2, expr_list */ + +/* AssignExpr.location = 0, location */ +/* AssignExpr.parenthesised = 1, bool */ +/* AssignExpr.value = 2, expr */ +/* AssignExpr.target = 3, expr */ + +/* Attribute.location = 0, location */ +/* Attribute.parenthesised = 1, bool */ +/* Attribute.value = 2, expr */ +/* Attribute.attr = 3, str */ +/* Attribute.ctx = 4, expr_context */ + +/* AugAssign.location = 0, location */ +/* AugAssign.operation = 1, BinOp */ + +/* Await.location = 0, location */ +/* Await.parenthesised = 1, bool */ +/* Await.value = 2, expr */ + +/* BinaryExpr.location = 0, location */ +/* BinaryExpr.parenthesised = 1, bool */ +/* BinaryExpr.left = 2, expr */ +/* BinaryExpr.op = 3, operator */ +/* BinaryExpr.right = 4, expr */ +/* BinaryExpr = AugAssign */ + +/* BoolExpr.location = 0, location */ +/* BoolExpr.parenthesised = 1, bool */ +/* BoolExpr.op = 2, boolop */ +/* BoolExpr.values = 3, expr_list */ + +/* Break.location = 0, location */ + +/* Bytes.location = 0, location */ +/* Bytes.parenthesised = 1, bool */ +/* Bytes.s = 2, bytes */ +/* Bytes.prefix = 3, bytes */ +/* Bytes.implicitly_concatenated_parts = 4, StringPart_list */ + +/* Call.location = 0, location */ +/* Call.parenthesised = 1, bool */ +/* Call.func = 2, expr */ +/* Call.positional_args = 3, expr_list */ +/* Call.named_args = 4, dict_item_list */ + +/* Case.location = 0, location */ +/* Case.pattern = 1, pattern */ +/* Case.guard = 2, expr */ +/* Case.body = 3, stmt_list */ + +/* Class.name = 0, str */ +/* Class.body = 1, stmt_list */ +/* Class = ClassExpr */ + +/* ClassExpr.location = 0, location */ +/* ClassExpr.parenthesised = 1, bool */ +/* ClassExpr.name = 2, str */ +/* ClassExpr.bases = 3, expr_list */ +/* ClassExpr.keywords = 4, dict_item_list */ +/* ClassExpr.inner_scope = 5, Class */ + +/* Compare.location = 0, location */ +/* Compare.parenthesised = 1, bool */ +/* Compare.left = 2, expr */ +/* Compare.ops = 3, cmpop_list */ +/* Compare.comparators = 4, expr_list */ + +/* Continue.location = 0, location */ + +/* Delete.location = 0, location */ +/* Delete.targets = 1, expr_list */ + +/* Dict.location = 0, location */ +/* Dict.parenthesised = 1, bool */ +/* Dict.items = 2, dict_item_list */ + +/* DictComp.location = 0, location */ +/* DictComp.parenthesised = 1, bool */ +/* DictComp.function = 2, Function */ +/* DictComp.iterable = 3, expr */ + +/* DictUnpacking.location = 0, location */ +/* DictUnpacking.value = 1, expr */ + +/* Ellipsis.location = 0, location */ +/* Ellipsis.parenthesised = 1, bool */ + +/* ExceptGroupStmt.location = 0, location */ +/* ExceptGroupStmt.type = 1, expr */ +/* ExceptGroupStmt.name = 2, expr */ +/* ExceptGroupStmt.body = 3, stmt_list */ + +/* ExceptStmt.location = 0, location */ +/* ExceptStmt.type = 1, expr */ +/* ExceptStmt.name = 2, expr */ +/* ExceptStmt.body = 3, stmt_list */ + +/* Exec.location = 0, location */ +/* Exec.body = 1, expr */ +/* Exec.globals = 2, expr */ +/* Exec.locals = 3, expr */ + +/* ExprStmt.location = 0, location */ +/* ExprStmt.value = 1, expr */ + +/* Filter.location = 0, location */ +/* Filter.parenthesised = 1, bool */ +/* Filter.value = 2, expr */ +/* Filter.filter = 3, expr */ + +/* For.location = 0, location */ +/* For.target = 1, expr */ +/* For.iter = 2, expr */ +/* For.body = 3, stmt_list */ +/* For.orelse = 4, stmt_list */ +/* For.is_async = 5, bool */ + +/* FormattedValue.location = 0, location */ +/* FormattedValue.parenthesised = 1, bool */ +/* FormattedValue.value = 2, expr */ +/* FormattedValue.conversion = 3, str */ +/* FormattedValue.format_spec = 4, JoinedStr */ + +/* Function.name = 0, str */ +/* Function.args = 1, parameter_list */ +/* Function.vararg = 2, expr */ +/* Function.kwonlyargs = 3, expr_list */ +/* Function.kwarg = 4, expr */ +/* Function.body = 5, stmt_list */ +/* Function.is_async = 6, bool */ +/* Function = FunctionParent */ + +/* FunctionExpr.location = 0, location */ +/* FunctionExpr.parenthesised = 1, bool */ +/* FunctionExpr.name = 2, str */ +/* FunctionExpr.args = 3, arguments */ +/* FunctionExpr.returns = 4, expr */ +/* FunctionExpr.inner_scope = 5, Function */ + +/* GeneratorExp.location = 0, location */ +/* GeneratorExp.parenthesised = 1, bool */ +/* GeneratorExp.function = 2, Function */ +/* GeneratorExp.iterable = 3, expr */ + +/* Global.location = 0, location */ +/* Global.names = 1, str_list */ + +/* Guard.location = 0, location */ +/* Guard.parenthesised = 1, bool */ +/* Guard.test = 2, expr */ + +/* If.location = 0, location */ +/* If.test = 1, expr */ +/* If.body = 2, stmt_list */ +/* If.orelse = 3, stmt_list */ + +/* IfExp.location = 0, location */ +/* IfExp.parenthesised = 1, bool */ +/* IfExp.test = 2, expr */ +/* IfExp.body = 3, expr */ +/* IfExp.orelse = 4, expr */ + +/* Import.location = 0, location */ +/* Import.names = 1, alias_list */ + +/* ImportExpr.location = 0, location */ +/* ImportExpr.parenthesised = 1, bool */ +/* ImportExpr.level = 2, int */ +/* ImportExpr.name = 3, str */ +/* ImportExpr.top = 4, bool */ + +/* ImportStar.location = 0, location */ +/* ImportStar.module = 1, expr */ + +/* ImportMember.location = 0, location */ +/* ImportMember.parenthesised = 1, bool */ +/* ImportMember.module = 2, expr */ +/* ImportMember.name = 3, str */ + +/* Fstring.location = 0, location */ +/* Fstring.parenthesised = 1, bool */ +/* Fstring.values = 2, expr_list */ +/* Fstring = FormattedValue */ + +/* KeyValuePair.location = 0, location */ +/* KeyValuePair.value = 1, expr */ +/* KeyValuePair.key = 2, expr */ + +/* Lambda.location = 0, location */ +/* Lambda.parenthesised = 1, bool */ +/* Lambda.args = 2, arguments */ +/* Lambda.inner_scope = 3, Function */ + +/* List.location = 0, location */ +/* List.parenthesised = 1, bool */ +/* List.elts = 2, expr_list */ +/* List.ctx = 3, expr_context */ + +/* ListComp.location = 0, location */ +/* ListComp.parenthesised = 1, bool */ +/* ListComp.function = 2, Function */ +/* ListComp.iterable = 3, expr */ +/* ListComp.generators = 4, comprehension_list */ +/* ListComp.elt = 5, expr */ + +/* MatchStmt.location = 0, location */ +/* MatchStmt.subject = 1, expr */ +/* MatchStmt.cases = 2, stmt_list */ + +/* MatchAsPattern.location = 0, location */ +/* MatchAsPattern.parenthesised = 1, bool */ +/* MatchAsPattern.pattern = 2, pattern */ +/* MatchAsPattern.alias = 3, expr */ + +/* MatchCapturePattern.location = 0, location */ +/* MatchCapturePattern.parenthesised = 1, bool */ +/* MatchCapturePattern.variable = 2, expr */ + +/* MatchClassPattern.location = 0, location */ +/* MatchClassPattern.parenthesised = 1, bool */ +/* MatchClassPattern.class = 2, expr */ +/* MatchClassPattern.class_name = 3, expr */ +/* MatchClassPattern.positional = 4, pattern_list */ +/* MatchClassPattern.keyword = 5, pattern_list */ + +/* MatchDoubleStarPattern.location = 0, location */ +/* MatchDoubleStarPattern.parenthesised = 1, bool */ +/* MatchDoubleStarPattern.target = 2, pattern */ + +/* MatchKeyValuePattern.location = 0, location */ +/* MatchKeyValuePattern.parenthesised = 1, bool */ +/* MatchKeyValuePattern.key = 2, pattern */ +/* MatchKeyValuePattern.value = 3, pattern */ + +/* MatchKeywordPattern.location = 0, location */ +/* MatchKeywordPattern.parenthesised = 1, bool */ +/* MatchKeywordPattern.attribute = 2, expr */ +/* MatchKeywordPattern.value = 3, pattern */ + +/* MatchLiteralPattern.location = 0, location */ +/* MatchLiteralPattern.parenthesised = 1, bool */ +/* MatchLiteralPattern.literal = 2, expr */ + +/* MatchMappingPattern.location = 0, location */ +/* MatchMappingPattern.parenthesised = 1, bool */ +/* MatchMappingPattern.mappings = 2, pattern_list */ + +/* MatchOrPattern.location = 0, location */ +/* MatchOrPattern.parenthesised = 1, bool */ +/* MatchOrPattern.patterns = 2, pattern_list */ + +/* MatchSequencePattern.location = 0, location */ +/* MatchSequencePattern.parenthesised = 1, bool */ +/* MatchSequencePattern.patterns = 2, pattern_list */ + +/* MatchStarPattern.location = 0, location */ +/* MatchStarPattern.parenthesised = 1, bool */ +/* MatchStarPattern.target = 2, pattern */ + +/* MatchValuePattern.location = 0, location */ +/* MatchValuePattern.parenthesised = 1, bool */ +/* MatchValuePattern.value = 2, expr */ + +/* MatchWildcardPattern.location = 0, location */ +/* MatchWildcardPattern.parenthesised = 1, bool */ + +/* Module.name = 0, str */ +/* Module.hash = 1, str */ +/* Module.body = 2, stmt_list */ +/* Module.kind = 3, str */ + +/* Name.location = 0, location */ +/* Name.parenthesised = 1, bool */ +/* Name.variable = 2, variable */ +/* Name.ctx = 3, expr_context */ +/* Name = ParameterList */ + +/* Nonlocal.location = 0, location */ +/* Nonlocal.names = 1, str_list */ + +/* Num.location = 0, location */ +/* Num.parenthesised = 1, bool */ +/* Num.n = 2, number */ +/* Num.text = 3, number */ + +/* Pass.location = 0, location */ + +/* PlaceHolder.location = 0, location */ +/* PlaceHolder.parenthesised = 1, bool */ +/* PlaceHolder.variable = 2, variable */ +/* PlaceHolder.ctx = 3, expr_context */ + +/* Print.location = 0, location */ +/* Print.dest = 1, expr */ +/* Print.values = 2, expr_list */ +/* Print.nl = 3, bool */ + +/* Raise.location = 0, location */ +/* Raise.exc = 1, expr */ +/* Raise.cause = 2, expr */ +/* Raise.type = 3, expr */ +/* Raise.inst = 4, expr */ +/* Raise.tback = 5, expr */ + +/* Repr.location = 0, location */ +/* Repr.parenthesised = 1, bool */ +/* Repr.value = 2, expr */ + +/* Return.location = 0, location */ +/* Return.value = 1, expr */ + +/* Set.location = 0, location */ +/* Set.parenthesised = 1, bool */ +/* Set.elts = 2, expr_list */ + +/* SetComp.location = 0, location */ +/* SetComp.parenthesised = 1, bool */ +/* SetComp.function = 2, Function */ +/* SetComp.iterable = 3, expr */ + +/* Slice.location = 0, location */ +/* Slice.parenthesised = 1, bool */ +/* Slice.start = 2, expr */ +/* Slice.stop = 3, expr */ +/* Slice.step = 4, expr */ + +/* SpecialOperation.location = 0, location */ +/* SpecialOperation.parenthesised = 1, bool */ +/* SpecialOperation.name = 2, str */ +/* SpecialOperation.arguments = 3, expr_list */ + +/* Starred.location = 0, location */ +/* Starred.parenthesised = 1, bool */ +/* Starred.value = 2, expr */ +/* Starred.ctx = 3, expr_context */ + +/* Str.location = 0, location */ +/* Str.parenthesised = 1, bool */ +/* Str.s = 2, str */ +/* Str.prefix = 3, str */ +/* Str.implicitly_concatenated_parts = 4, StringPart_list */ + +/* StringPart.text = 0, str */ +/* StringPart.location = 1, location */ +/* StringPart = StringPartList */ +/* StringPartList = BytesOrStr */ + +/* Subscript.location = 0, location */ +/* Subscript.parenthesised = 1, bool */ +/* Subscript.value = 2, expr */ +/* Subscript.index = 3, expr */ +/* Subscript.ctx = 4, expr_context */ + +/* TemplateDottedNotation.location = 0, location */ +/* TemplateDottedNotation.parenthesised = 1, bool */ +/* TemplateDottedNotation.value = 2, expr */ +/* TemplateDottedNotation.attr = 3, str */ +/* TemplateDottedNotation.ctx = 4, expr_context */ + +/* TemplateWrite.location = 0, location */ +/* TemplateWrite.value = 1, expr */ + +/* Try.location = 0, location */ +/* Try.body = 1, stmt_list */ +/* Try.orelse = 2, stmt_list */ +/* Try.handlers = 3, stmt_list */ +/* Try.finalbody = 4, stmt_list */ + +/* Tuple.location = 0, location */ +/* Tuple.parenthesised = 1, bool */ +/* Tuple.elts = 2, expr_list */ +/* Tuple.ctx = 3, expr_context */ +/* Tuple = ParameterList */ + +/* UnaryExpr.location = 0, location */ +/* UnaryExpr.parenthesised = 1, bool */ +/* UnaryExpr.op = 2, unaryop */ +/* UnaryExpr.operand = 3, expr */ + +/* While.location = 0, location */ +/* While.test = 1, expr */ +/* While.body = 2, stmt_list */ +/* While.orelse = 3, stmt_list */ + +/* With.location = 0, location */ +/* With.context_expr = 1, expr */ +/* With.optional_vars = 2, expr */ +/* With.body = 3, stmt_list */ +/* With.is_async = 4, bool */ + +/* Yield.location = 0, location */ +/* Yield.parenthesised = 1, bool */ +/* Yield.value = 2, expr */ + +/* YieldFrom.location = 0, location */ +/* YieldFrom.parenthesised = 1, bool */ +/* YieldFrom.value = 2, expr */ + +/* Alias.value = 0, expr */ +/* Alias.asname = 1, expr */ +/* Alias = AliasList */ +/* AliasList = Import */ + +/* Arguments.kw_defaults = 0, expr_list */ +/* Arguments.defaults = 1, expr_list */ +/* Arguments.annotations = 2, expr_list */ +/* Arguments.varargannotation = 3, expr */ +/* Arguments.kwargannotation = 4, expr */ +/* Arguments.kw_annotations = 5, expr_list */ +/* Arguments = ArgumentsParent */ +/* boolean = BoolParent */ +/* Boolop = BoolExpr */ +/* string = Bytes */ +/* Cmpop = CmpopList */ +/* CmpopList = Compare */ + +/* Comprehension.location = 0, location */ +/* Comprehension.iter = 1, expr */ +/* Comprehension.target = 2, expr */ +/* Comprehension.ifs = 3, expr_list */ +/* Comprehension = ComprehensionList */ +/* ComprehensionList = ListComp */ +/* DictItem = DictItemList */ +/* DictItemList = DictItemListParent */ + +/* Expr.location = 0, location */ +/* Expr.parenthesised = 1, bool */ +/* Expr = ExprParent */ +/* ExprContext = ExprContextParent */ +/* ExprList = ExprListParent */ +/* int = ImportExpr */ + +/* Keyword.location = 0, location */ +/* Keyword.value = 1, expr */ +/* Keyword.arg = 2, str */ +/* Location = LocationParent */ +/* string = Num */ +/* Operator = BinaryExpr */ +/* ParameterList = Function */ + +/* Pattern.location = 0, location */ +/* Pattern.parenthesised = 1, bool */ +/* Pattern = PatternParent */ +/* PatternList = PatternListParent */ + +/* Stmt.location = 0, location */ +/* Stmt = StmtList */ +/* StmtList = StmtListParent */ +/* string = StrParent */ +/* StringList = StrListParent */ +/* Unaryop = UnaryExpr */ +/* Variable = VariableParent */ +py_Classes(unique int id : @py_Class, + unique int parent : @py_ClassExpr ref); + +py_Functions(unique int id : @py_Function, + unique int parent : @py_Function_parent ref); + +py_Modules(unique int id : @py_Module); + +py_StringParts(unique int id : @py_StringPart, + int parent : @py_StringPart_list ref, + int idx : int ref); + +py_StringPart_lists(unique int id : @py_StringPart_list, + unique int parent : @py_Bytes_or_Str ref); + +py_aliases(unique int id : @py_alias, + int parent : @py_alias_list ref, + int idx : int ref); + +py_alias_lists(unique int id : @py_alias_list, + unique int parent : @py_Import ref); + +py_arguments(unique int id : @py_arguments, + unique int parent : @py_arguments_parent ref); + +py_bools(int parent : @py_bool_parent ref, + int idx : int ref); + +py_boolops(unique int id : @py_boolop, + int kind: int ref, + unique int parent : @py_BoolExpr ref); + +py_bytes(varchar(1) id : string ref, + int parent : @py_Bytes ref, + int idx : int ref); + +py_cmpops(unique int id : @py_cmpop, + int kind: int ref, + int parent : @py_cmpop_list ref, + int idx : int ref); + +py_cmpop_lists(unique int id : @py_cmpop_list, + unique int parent : @py_Compare ref); + +py_comprehensions(unique int id : @py_comprehension, + int parent : @py_comprehension_list ref, + int idx : int ref); + +py_comprehension_lists(unique int id : @py_comprehension_list, + unique int parent : @py_ListComp ref); + +py_dict_items(unique int id : @py_dict_item, + int kind: int ref, + int parent : @py_dict_item_list ref, + int idx : int ref); + +py_dict_item_lists(unique int id : @py_dict_item_list, + unique int parent : @py_dict_item_list_parent ref); + +py_exprs(unique int id : @py_expr, + int kind: int ref, + int parent : @py_expr_parent ref, + int idx : int ref); + +py_expr_contexts(unique int id : @py_expr_context, + int kind: int ref, + unique int parent : @py_expr_context_parent ref); + +py_expr_lists(unique int id : @py_expr_list, + int parent : @py_expr_list_parent ref, + int idx : int ref); + +py_ints(int id : int ref, + unique int parent : @py_ImportExpr ref); + +py_locations(unique int id : @location ref, + unique int parent : @py_location_parent ref); + +py_numbers(varchar(1) id : string ref, + int parent : @py_Num ref, + int idx : int ref); + +py_operators(unique int id : @py_operator, + int kind: int ref, + unique int parent : @py_BinaryExpr ref); + +py_parameter_lists(unique int id : @py_parameter_list, + unique int parent : @py_Function ref); + +py_patterns(unique int id : @py_pattern, + int kind: int ref, + int parent : @py_pattern_parent ref, + int idx : int ref); + +py_pattern_lists(unique int id : @py_pattern_list, + int parent : @py_pattern_list_parent ref, + int idx : int ref); + +py_stmts(unique int id : @py_stmt, + int kind: int ref, + int parent : @py_stmt_list ref, + int idx : int ref); + +py_stmt_lists(unique int id : @py_stmt_list, + int parent : @py_stmt_list_parent ref, + int idx : int ref); + +py_strs(varchar(1) id : string ref, + int parent : @py_str_parent ref, + int idx : int ref); + +py_str_lists(unique int id : @py_str_list, + unique int parent : @py_str_list_parent ref); + +py_unaryops(unique int id : @py_unaryop, + int kind: int ref, + unique int parent : @py_UnaryExpr ref); + +py_variables(int id : @py_variable ref, + unique int parent : @py_variable_parent ref); + +case @py_boolop.kind of + 0 = @py_And +| 1 = @py_Or; + +case @py_cmpop.kind of + 0 = @py_Eq +| 1 = @py_Gt +| 2 = @py_GtE +| 3 = @py_In +| 4 = @py_Is +| 5 = @py_IsNot +| 6 = @py_Lt +| 7 = @py_LtE +| 8 = @py_NotEq +| 9 = @py_NotIn; + +case @py_dict_item.kind of + 0 = @py_DictUnpacking +| 1 = @py_KeyValuePair +| 2 = @py_keyword; + +case @py_expr.kind of + 0 = @py_Attribute +| 1 = @py_BinaryExpr +| 2 = @py_BoolExpr +| 3 = @py_Bytes +| 4 = @py_Call +| 5 = @py_ClassExpr +| 6 = @py_Compare +| 7 = @py_Dict +| 8 = @py_DictComp +| 9 = @py_Ellipsis +| 10 = @py_FunctionExpr +| 11 = @py_GeneratorExp +| 12 = @py_IfExp +| 13 = @py_ImportExpr +| 14 = @py_ImportMember +| 15 = @py_Lambda +| 16 = @py_List +| 17 = @py_ListComp +| 18 = @py_Guard +| 19 = @py_Name +| 20 = @py_Num +| 21 = @py_Repr +| 22 = @py_Set +| 23 = @py_SetComp +| 24 = @py_Slice +| 25 = @py_Starred +| 26 = @py_Str +| 27 = @py_Subscript +| 28 = @py_Tuple +| 29 = @py_UnaryExpr +| 30 = @py_Yield +| 31 = @py_YieldFrom +| 32 = @py_TemplateDottedNotation +| 33 = @py_Filter +| 34 = @py_PlaceHolder +| 35 = @py_Await +| 36 = @py_Fstring +| 37 = @py_FormattedValue +| 38 = @py_AssignExpr +| 39 = @py_SpecialOperation; + +case @py_expr_context.kind of + 0 = @py_AugLoad +| 1 = @py_AugStore +| 2 = @py_Del +| 3 = @py_Load +| 4 = @py_Param +| 5 = @py_Store; + +case @py_operator.kind of + 0 = @py_Add +| 1 = @py_BitAnd +| 2 = @py_BitOr +| 3 = @py_BitXor +| 4 = @py_Div +| 5 = @py_FloorDiv +| 6 = @py_LShift +| 7 = @py_Mod +| 8 = @py_Mult +| 9 = @py_Pow +| 10 = @py_RShift +| 11 = @py_Sub +| 12 = @py_MatMult; + +case @py_pattern.kind of + 0 = @py_MatchAsPattern +| 1 = @py_MatchOrPattern +| 2 = @py_MatchLiteralPattern +| 3 = @py_MatchCapturePattern +| 4 = @py_MatchWildcardPattern +| 5 = @py_MatchValuePattern +| 6 = @py_MatchSequencePattern +| 7 = @py_MatchStarPattern +| 8 = @py_MatchMappingPattern +| 9 = @py_MatchDoubleStarPattern +| 10 = @py_MatchKeyValuePattern +| 11 = @py_MatchClassPattern +| 12 = @py_MatchKeywordPattern; + +case @py_stmt.kind of + 0 = @py_Assert +| 1 = @py_Assign +| 2 = @py_AugAssign +| 3 = @py_Break +| 4 = @py_Continue +| 5 = @py_Delete +| 6 = @py_ExceptStmt +| 7 = @py_ExceptGroupStmt +| 8 = @py_Exec +| 9 = @py_Expr_stmt +| 10 = @py_For +| 11 = @py_Global +| 12 = @py_If +| 13 = @py_Import +| 14 = @py_ImportStar +| 15 = @py_MatchStmt +| 16 = @py_Case +| 17 = @py_Nonlocal +| 18 = @py_Pass +| 19 = @py_Print +| 20 = @py_Raise +| 21 = @py_Return +| 22 = @py_Try +| 23 = @py_While +| 24 = @py_With +| 25 = @py_TemplateWrite +| 26 = @py_AnnAssign; + +case @py_unaryop.kind of + 0 = @py_Invert +| 1 = @py_Not +| 2 = @py_UAdd +| 3 = @py_USub; + +@py_Bytes_or_Str = @py_Bytes | @py_Str; + +@py_Function_parent = @py_DictComp | @py_FunctionExpr | @py_GeneratorExp | @py_Lambda | @py_ListComp | @py_SetComp; + +@py_arguments_parent = @py_FunctionExpr | @py_Lambda; + +@py_ast_node = @py_Class | @py_Function | @py_Module | @py_StringPart | @py_comprehension | @py_dict_item | @py_expr | @py_pattern | @py_stmt; + +@py_bool_parent = @py_For | @py_Function | @py_Print | @py_With | @py_expr | @py_pattern; + +@py_dict_item_list_parent = @py_Call | @py_ClassExpr | @py_Dict; + +@py_expr_context_parent = @py_Attribute | @py_List | @py_Name | @py_PlaceHolder | @py_Starred | @py_Subscript | @py_TemplateDottedNotation | @py_Tuple; + +@py_expr_list_parent = @py_Assign | @py_BoolExpr | @py_Call | @py_ClassExpr | @py_Compare | @py_Delete | @py_Fstring | @py_Function | @py_List | @py_Print | @py_Set | @py_SpecialOperation | @py_Tuple | @py_arguments | @py_comprehension; + +@py_expr_or_stmt = @py_expr | @py_stmt; + +@py_expr_parent = @py_AnnAssign | @py_Assert | @py_Assign | @py_AssignExpr | @py_Attribute | @py_AugAssign | @py_Await | @py_BinaryExpr | @py_Call | @py_Case | @py_Compare | @py_DictComp | @py_DictUnpacking | @py_ExceptGroupStmt | @py_ExceptStmt | @py_Exec | @py_Expr_stmt | @py_Filter | @py_For | @py_FormattedValue | @py_Function | @py_FunctionExpr | @py_GeneratorExp | @py_Guard | @py_If | @py_IfExp | @py_ImportMember | @py_ImportStar | @py_KeyValuePair | @py_ListComp | @py_MatchAsPattern | @py_MatchCapturePattern | @py_MatchClassPattern | @py_MatchKeywordPattern | @py_MatchLiteralPattern | @py_MatchStmt | @py_MatchValuePattern | @py_Print | @py_Raise | @py_Repr | @py_Return | @py_SetComp | @py_Slice | @py_Starred | @py_Subscript | @py_TemplateDottedNotation | @py_TemplateWrite | @py_UnaryExpr | @py_While | @py_With | @py_Yield | @py_YieldFrom | @py_alias | @py_arguments | @py_comprehension | @py_expr_list | @py_keyword | @py_parameter_list; + +@py_location_parent = @py_DictUnpacking | @py_KeyValuePair | @py_StringPart | @py_comprehension | @py_expr | @py_keyword | @py_pattern | @py_stmt; + +@py_parameter = @py_Name | @py_Tuple; + +@py_pattern_list_parent = @py_MatchClassPattern | @py_MatchMappingPattern | @py_MatchOrPattern | @py_MatchSequencePattern; + +@py_pattern_parent = @py_Case | @py_MatchAsPattern | @py_MatchDoubleStarPattern | @py_MatchKeyValuePattern | @py_MatchKeywordPattern | @py_MatchStarPattern | @py_pattern_list; + +@py_scope = @py_Class | @py_Function | @py_Module; + +@py_stmt_list_parent = @py_Case | @py_Class | @py_ExceptGroupStmt | @py_ExceptStmt | @py_For | @py_Function | @py_If | @py_MatchStmt | @py_Module | @py_Try | @py_While | @py_With; + +@py_str_list_parent = @py_Global | @py_Nonlocal; + +@py_str_parent = @py_Attribute | @py_Class | @py_ClassExpr | @py_FormattedValue | @py_Function | @py_FunctionExpr | @py_ImportExpr | @py_ImportMember | @py_Module | @py_SpecialOperation | @py_Str | @py_StringPart | @py_TemplateDottedNotation | @py_keyword | @py_str_list; + +@py_variable_parent = @py_Name | @py_PlaceHolder; + + +/* + * End of auto-generated part + */ + + + +/* Map relative names to absolute names for imports */ +py_absolute_names(int module : @py_Module ref, + varchar(1) relname : string ref, + varchar(1) absname : string ref); + +py_exports(int id : @py_Module ref, + varchar(1) name : string ref); + +/* Successor information */ +py_successors(int predecessor : @py_flow_node ref, + int successor : @py_flow_node ref); + +py_true_successors(int predecessor : @py_flow_node ref, + int successor : @py_flow_node ref); + +py_exception_successors(int predecessor : @py_flow_node ref, + int successor : @py_flow_node ref); + +py_false_successors(int predecessor : @py_flow_node ref, + int successor : @py_flow_node ref); + +py_flow_bb_node(unique int flownode : @py_flow_node, + int realnode : @py_ast_node ref, + int basicblock : @py_flow_node ref, + int index : int ref); + +py_scope_flow(int flow : @py_flow_node ref, + int scope : @py_scope ref, + int kind : int ref); + +py_idoms(unique int node : @py_flow_node ref, + int immediate_dominator : @py_flow_node ref); + +py_ssa_phi(int phi : @py_ssa_var ref, + int arg: @py_ssa_var ref); + +py_ssa_var(unique int id : @py_ssa_var, + int var : @py_variable ref); + +py_ssa_use(int node: @py_flow_node ref, + int var : @py_ssa_var ref); + +py_ssa_defn(unique int id : @py_ssa_var ref, + int node: @py_flow_node ref); + +@py_base_var = @py_variable | @py_ssa_var; + +py_scopes(unique int node : @py_expr_or_stmt ref, + int scope : @py_scope ref); + +py_scope_location(unique int id : @location ref, + unique int scope : @py_scope ref); + +py_flags_versioned(varchar(1) name : string ref, + varchar(1) value : string ref, + varchar(1) version : string ref); + +py_syntax_error_versioned(unique int id : @location ref, + varchar(1) message : string ref, + varchar(1) version : string ref); + +py_comments(unique int id : @py_comment, + varchar(1) text : string ref, + unique int location : @location ref); + +/* Type information support */ + +py_cobjects(unique int obj : @py_cobject); + +py_cobjecttypes(unique int obj : @py_cobject ref, + int typeof : @py_cobject ref); + +py_cobjectnames(unique int obj : @py_cobject ref, + varchar(1) name : string ref); + +/* Kind should be 0 for introspection, > 0 from source, as follows: + 1 from C extension source + */ +py_cobject_sources(int obj : @py_cobject ref, + int kind : int ref); + +py_cmembers_versioned(int object : @py_cobject ref, + varchar(1) name : string ref, + int member : @py_cobject ref, + varchar(1) version : string ref); + +py_citems(int object : @py_cobject ref, + int index : int ref, + int member : @py_cobject ref); + +ext_argtype(int funcid : @py_object ref, + int arg : int ref, + int typeid : @py_object ref); + +ext_rettype(int funcid : @py_object ref, + int typeid : @py_object ref); + +ext_proptype(int propid : @py_object ref, + int typeid : @py_object ref); + +ext_argreturn(int funcid : @py_object ref, + int arg : int ref); + +py_special_objects(unique int obj : @py_cobject ref, + unique varchar(1) name : string ref); + +py_decorated_object(int object : @py_object ref, + int level: int ref); + +@py_object = @py_cobject | @py_flow_node; + +@py_source_element = @py_ast_node | @container; diff --git a/python/downgrades/0565f7466437d52e1dc64a3b930926ab2f60cd64/semmlecode.python.dbscheme b/python/downgrades/0565f7466437d52e1dc64a3b930926ab2f60cd64/semmlecode.python.dbscheme new file mode 100644 index 00000000000..0355ecf0ac5 --- /dev/null +++ b/python/downgrades/0565f7466437d52e1dc64a3b930926ab2f60cd64/semmlecode.python.dbscheme @@ -0,0 +1,1147 @@ +/* + * This dbscheme is auto-generated by 'semmle/dbscheme_gen.py'. + * WARNING: Any modifications to this file will be lost. + * Relations can be changed by modifying master.py or + * by adding rules to dbscheme.template + */ + +/* This is a dummy line to alter the dbscheme, so we can make a database upgrade + * without actually changing any of the dbscheme predicates. It contains a date + * to allow for such updates in the future as well. + * + * 2020-07-02 + * + * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a + * previously seen state (matching a previously seen SHA), which would make the upgrade + * mechanism not work properly. + */ + + /* + * External artifacts + */ + +externalDefects( + unique int id : @externalDefect, + varchar(900) queryPath : string ref, + int location : @location ref, + varchar(900) message : string ref, + float severity : float ref +); + +externalMetrics( + unique int id : @externalMetric, + varchar(900) queryPath : string ref, + int location : @location ref, + float value : float ref +); + +externalData( + int id : @externalDataElement, + varchar(900) queryPath : string ref, + int column: int ref, + varchar(900) data : string ref +); + +snapshotDate(unique date snapshotDate : date ref); + +sourceLocationPrefix(varchar(900) prefix : string ref); + + +/* + * Duplicate code + */ + +duplicateCode( + unique int id : @duplication, + varchar(900) relativePath : string ref, + int equivClass : int ref); + +similarCode( + unique int id : @similarity, + varchar(900) relativePath : string ref, + int equivClass : int ref); + +@duplication_or_similarity = @duplication | @similarity + +tokens( + int id : @duplication_or_similarity ref, + int offset : int ref, + int beginLine : int ref, + int beginColumn : int ref, + int endLine : int ref, + int endColumn : int ref); + +/* + * Line metrics + */ +py_codelines(int id : @py_scope ref, + int count : int ref); + +py_commentlines(int id : @py_scope ref, + int count : int ref); + +py_docstringlines(int id : @py_scope ref, + int count : int ref); + +py_alllines(int id : @py_scope ref, + int count : int ref); + +/* + * Version history + */ + +svnentries( + int id : @svnentry, + varchar(500) revision : string ref, + varchar(500) author : string ref, + date revisionDate : date ref, + int changeSize : int ref +) + +svnaffectedfiles( + int id : @svnentry ref, + int file : @file ref, + varchar(500) action : string ref +) + +svnentrymsg( + int id : @svnentry ref, + varchar(500) message : string ref +) + +svnchurn( + int commit : @svnentry ref, + int file : @file ref, + int addedLines : int ref, + int deletedLines : int ref +) + +/**************************** + Python dbscheme +****************************/ + +files(unique int id: @file, + varchar(900) name: string ref); + +folders(unique int id: @folder, + varchar(900) name: string ref); + +@container = @folder | @file; + +containerparent(int parent: @container ref, + unique int child: @container ref); + +@sourceline = @file | @py_Module | @xmllocatable; + +numlines(int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref + ); + +@location = @location_ast | @location_default ; + +locations_default(unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +locations_ast(unique int id: @location_ast, + int module: @py_Module ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +file_contents(unique int file: @file ref, string contents: string ref); + +py_module_path(int module: @py_Module ref, int file: @container ref); + +variable(unique int id : @py_variable, + int scope : @py_scope ref, + varchar(1) name : string ref); + +py_line_lengths(unique int id : @py_line, + int file: @py_Module ref, + int line : int ref, + int length : int ref); + +py_extracted_version(int module : @py_Module ref, + varchar(1) version : string ref); + +/* AUTO GENERATED PART STARTS HERE */ + + +/* AnnAssign.location = 0, location */ +/* AnnAssign.value = 1, expr */ +/* AnnAssign.annotation = 2, expr */ +/* AnnAssign.target = 3, expr */ + +/* Assert.location = 0, location */ +/* Assert.test = 1, expr */ +/* Assert.msg = 2, expr */ + +/* Assign.location = 0, location */ +/* Assign.value = 1, expr */ +/* Assign.targets = 2, expr_list */ + +/* AssignExpr.location = 0, location */ +/* AssignExpr.parenthesised = 1, bool */ +/* AssignExpr.value = 2, expr */ +/* AssignExpr.target = 3, expr */ + +/* Attribute.location = 0, location */ +/* Attribute.parenthesised = 1, bool */ +/* Attribute.value = 2, expr */ +/* Attribute.attr = 3, str */ +/* Attribute.ctx = 4, expr_context */ + +/* AugAssign.location = 0, location */ +/* AugAssign.operation = 1, BinOp */ + +/* Await.location = 0, location */ +/* Await.parenthesised = 1, bool */ +/* Await.value = 2, expr */ + +/* BinaryExpr.location = 0, location */ +/* BinaryExpr.parenthesised = 1, bool */ +/* BinaryExpr.left = 2, expr */ +/* BinaryExpr.op = 3, operator */ +/* BinaryExpr.right = 4, expr */ +/* BinaryExpr = AugAssign */ + +/* BoolExpr.location = 0, location */ +/* BoolExpr.parenthesised = 1, bool */ +/* BoolExpr.op = 2, boolop */ +/* BoolExpr.values = 3, expr_list */ + +/* Break.location = 0, location */ + +/* Bytes.location = 0, location */ +/* Bytes.parenthesised = 1, bool */ +/* Bytes.s = 2, bytes */ +/* Bytes.prefix = 3, bytes */ +/* Bytes.implicitly_concatenated_parts = 4, StringPart_list */ + +/* Call.location = 0, location */ +/* Call.parenthesised = 1, bool */ +/* Call.func = 2, expr */ +/* Call.positional_args = 3, expr_list */ +/* Call.named_args = 4, dict_item_list */ + +/* Case.location = 0, location */ +/* Case.pattern = 1, pattern */ +/* Case.guard = 2, expr */ +/* Case.body = 3, stmt_list */ + +/* Class.name = 0, str */ +/* Class.body = 1, stmt_list */ +/* Class = ClassExpr */ + +/* ClassExpr.location = 0, location */ +/* ClassExpr.parenthesised = 1, bool */ +/* ClassExpr.name = 2, str */ +/* ClassExpr.bases = 3, expr_list */ +/* ClassExpr.keywords = 4, dict_item_list */ +/* ClassExpr.inner_scope = 5, Class */ + +/* Compare.location = 0, location */ +/* Compare.parenthesised = 1, bool */ +/* Compare.left = 2, expr */ +/* Compare.ops = 3, cmpop_list */ +/* Compare.comparators = 4, expr_list */ + +/* Continue.location = 0, location */ + +/* Delete.location = 0, location */ +/* Delete.targets = 1, expr_list */ + +/* Dict.location = 0, location */ +/* Dict.parenthesised = 1, bool */ +/* Dict.items = 2, dict_item_list */ + +/* DictComp.location = 0, location */ +/* DictComp.parenthesised = 1, bool */ +/* DictComp.function = 2, Function */ +/* DictComp.iterable = 3, expr */ + +/* DictUnpacking.location = 0, location */ +/* DictUnpacking.value = 1, expr */ + +/* Ellipsis.location = 0, location */ +/* Ellipsis.parenthesised = 1, bool */ + +/* ExceptGroupStmt.location = 0, location */ +/* ExceptGroupStmt.type = 1, expr */ +/* ExceptGroupStmt.name = 2, expr */ +/* ExceptGroupStmt.body = 3, stmt_list */ + +/* ExceptStmt.location = 0, location */ +/* ExceptStmt.type = 1, expr */ +/* ExceptStmt.name = 2, expr */ +/* ExceptStmt.body = 3, stmt_list */ + +/* Exec.location = 0, location */ +/* Exec.body = 1, expr */ +/* Exec.globals = 2, expr */ +/* Exec.locals = 3, expr */ + +/* ExprStmt.location = 0, location */ +/* ExprStmt.value = 1, expr */ + +/* Filter.location = 0, location */ +/* Filter.parenthesised = 1, bool */ +/* Filter.value = 2, expr */ +/* Filter.filter = 3, expr */ + +/* For.location = 0, location */ +/* For.target = 1, expr */ +/* For.iter = 2, expr */ +/* For.body = 3, stmt_list */ +/* For.orelse = 4, stmt_list */ +/* For.is_async = 5, bool */ + +/* FormattedValue.location = 0, location */ +/* FormattedValue.parenthesised = 1, bool */ +/* FormattedValue.value = 2, expr */ +/* FormattedValue.conversion = 3, str */ +/* FormattedValue.format_spec = 4, JoinedStr */ + +/* Function.name = 0, str */ +/* Function.args = 1, parameter_list */ +/* Function.vararg = 2, expr */ +/* Function.kwonlyargs = 3, expr_list */ +/* Function.kwarg = 4, expr */ +/* Function.body = 5, stmt_list */ +/* Function.is_async = 6, bool */ +/* Function = FunctionParent */ + +/* FunctionExpr.location = 0, location */ +/* FunctionExpr.parenthesised = 1, bool */ +/* FunctionExpr.name = 2, str */ +/* FunctionExpr.args = 3, arguments */ +/* FunctionExpr.returns = 4, expr */ +/* FunctionExpr.inner_scope = 5, Function */ + +/* GeneratorExp.location = 0, location */ +/* GeneratorExp.parenthesised = 1, bool */ +/* GeneratorExp.function = 2, Function */ +/* GeneratorExp.iterable = 3, expr */ + +/* Global.location = 0, location */ +/* Global.names = 1, str_list */ + +/* Guard.location = 0, location */ +/* Guard.parenthesised = 1, bool */ +/* Guard.test = 2, expr */ + +/* If.location = 0, location */ +/* If.test = 1, expr */ +/* If.body = 2, stmt_list */ +/* If.orelse = 3, stmt_list */ + +/* IfExp.location = 0, location */ +/* IfExp.parenthesised = 1, bool */ +/* IfExp.test = 2, expr */ +/* IfExp.body = 3, expr */ +/* IfExp.orelse = 4, expr */ + +/* Import.location = 0, location */ +/* Import.names = 1, alias_list */ + +/* ImportExpr.location = 0, location */ +/* ImportExpr.parenthesised = 1, bool */ +/* ImportExpr.level = 2, int */ +/* ImportExpr.name = 3, str */ +/* ImportExpr.top = 4, bool */ + +/* ImportStar.location = 0, location */ +/* ImportStar.module = 1, expr */ + +/* ImportMember.location = 0, location */ +/* ImportMember.parenthesised = 1, bool */ +/* ImportMember.module = 2, expr */ +/* ImportMember.name = 3, str */ + +/* Fstring.location = 0, location */ +/* Fstring.parenthesised = 1, bool */ +/* Fstring.values = 2, expr_list */ +/* Fstring = FormattedValue */ + +/* KeyValuePair.location = 0, location */ +/* KeyValuePair.value = 1, expr */ +/* KeyValuePair.key = 2, expr */ + +/* Lambda.location = 0, location */ +/* Lambda.parenthesised = 1, bool */ +/* Lambda.args = 2, arguments */ +/* Lambda.inner_scope = 3, Function */ + +/* List.location = 0, location */ +/* List.parenthesised = 1, bool */ +/* List.elts = 2, expr_list */ +/* List.ctx = 3, expr_context */ + +/* ListComp.location = 0, location */ +/* ListComp.parenthesised = 1, bool */ +/* ListComp.function = 2, Function */ +/* ListComp.iterable = 3, expr */ +/* ListComp.generators = 4, comprehension_list */ +/* ListComp.elt = 5, expr */ + +/* MatchStmt.location = 0, location */ +/* MatchStmt.subject = 1, expr */ +/* MatchStmt.cases = 2, stmt_list */ + +/* MatchAsPattern.location = 0, location */ +/* MatchAsPattern.parenthesised = 1, bool */ +/* MatchAsPattern.pattern = 2, pattern */ +/* MatchAsPattern.alias = 3, expr */ + +/* MatchCapturePattern.location = 0, location */ +/* MatchCapturePattern.parenthesised = 1, bool */ +/* MatchCapturePattern.variable = 2, expr */ + +/* MatchClassPattern.location = 0, location */ +/* MatchClassPattern.parenthesised = 1, bool */ +/* MatchClassPattern.class = 2, expr */ +/* MatchClassPattern.class_name = 3, expr */ +/* MatchClassPattern.positional = 4, pattern_list */ +/* MatchClassPattern.keyword = 5, pattern_list */ + +/* MatchDoubleStarPattern.location = 0, location */ +/* MatchDoubleStarPattern.parenthesised = 1, bool */ +/* MatchDoubleStarPattern.target = 2, pattern */ + +/* MatchKeyValuePattern.location = 0, location */ +/* MatchKeyValuePattern.parenthesised = 1, bool */ +/* MatchKeyValuePattern.key = 2, pattern */ +/* MatchKeyValuePattern.value = 3, pattern */ + +/* MatchKeywordPattern.location = 0, location */ +/* MatchKeywordPattern.parenthesised = 1, bool */ +/* MatchKeywordPattern.attribute = 2, expr */ +/* MatchKeywordPattern.value = 3, pattern */ + +/* MatchLiteralPattern.location = 0, location */ +/* MatchLiteralPattern.parenthesised = 1, bool */ +/* MatchLiteralPattern.literal = 2, expr */ + +/* MatchMappingPattern.location = 0, location */ +/* MatchMappingPattern.parenthesised = 1, bool */ +/* MatchMappingPattern.mappings = 2, pattern_list */ + +/* MatchOrPattern.location = 0, location */ +/* MatchOrPattern.parenthesised = 1, bool */ +/* MatchOrPattern.patterns = 2, pattern_list */ + +/* MatchSequencePattern.location = 0, location */ +/* MatchSequencePattern.parenthesised = 1, bool */ +/* MatchSequencePattern.patterns = 2, pattern_list */ + +/* MatchStarPattern.location = 0, location */ +/* MatchStarPattern.parenthesised = 1, bool */ +/* MatchStarPattern.target = 2, pattern */ + +/* MatchValuePattern.location = 0, location */ +/* MatchValuePattern.parenthesised = 1, bool */ +/* MatchValuePattern.value = 2, expr */ + +/* MatchWildcardPattern.location = 0, location */ +/* MatchWildcardPattern.parenthesised = 1, bool */ + +/* Module.name = 0, str */ +/* Module.hash = 1, str */ +/* Module.body = 2, stmt_list */ +/* Module.kind = 3, str */ + +/* Name.location = 0, location */ +/* Name.parenthesised = 1, bool */ +/* Name.variable = 2, variable */ +/* Name.ctx = 3, expr_context */ +/* Name = ParameterList */ + +/* Nonlocal.location = 0, location */ +/* Nonlocal.names = 1, str_list */ + +/* Num.location = 0, location */ +/* Num.parenthesised = 1, bool */ +/* Num.n = 2, number */ +/* Num.text = 3, number */ + +/* Pass.location = 0, location */ + +/* PlaceHolder.location = 0, location */ +/* PlaceHolder.parenthesised = 1, bool */ +/* PlaceHolder.variable = 2, variable */ +/* PlaceHolder.ctx = 3, expr_context */ + +/* Print.location = 0, location */ +/* Print.dest = 1, expr */ +/* Print.values = 2, expr_list */ +/* Print.nl = 3, bool */ + +/* Raise.location = 0, location */ +/* Raise.exc = 1, expr */ +/* Raise.cause = 2, expr */ +/* Raise.type = 3, expr */ +/* Raise.inst = 4, expr */ +/* Raise.tback = 5, expr */ + +/* Repr.location = 0, location */ +/* Repr.parenthesised = 1, bool */ +/* Repr.value = 2, expr */ + +/* Return.location = 0, location */ +/* Return.value = 1, expr */ + +/* Set.location = 0, location */ +/* Set.parenthesised = 1, bool */ +/* Set.elts = 2, expr_list */ + +/* SetComp.location = 0, location */ +/* SetComp.parenthesised = 1, bool */ +/* SetComp.function = 2, Function */ +/* SetComp.iterable = 3, expr */ + +/* Slice.location = 0, location */ +/* Slice.parenthesised = 1, bool */ +/* Slice.start = 2, expr */ +/* Slice.stop = 3, expr */ +/* Slice.step = 4, expr */ + +/* SpecialOperation.location = 0, location */ +/* SpecialOperation.parenthesised = 1, bool */ +/* SpecialOperation.name = 2, str */ +/* SpecialOperation.arguments = 3, expr_list */ + +/* Starred.location = 0, location */ +/* Starred.parenthesised = 1, bool */ +/* Starred.value = 2, expr */ +/* Starred.ctx = 3, expr_context */ + +/* Str.location = 0, location */ +/* Str.parenthesised = 1, bool */ +/* Str.s = 2, str */ +/* Str.prefix = 3, str */ +/* Str.implicitly_concatenated_parts = 4, StringPart_list */ + +/* StringPart.text = 0, str */ +/* StringPart.location = 1, location */ +/* StringPart = StringPartList */ +/* StringPartList = BytesOrStr */ + +/* Subscript.location = 0, location */ +/* Subscript.parenthesised = 1, bool */ +/* Subscript.value = 2, expr */ +/* Subscript.index = 3, expr */ +/* Subscript.ctx = 4, expr_context */ + +/* TemplateDottedNotation.location = 0, location */ +/* TemplateDottedNotation.parenthesised = 1, bool */ +/* TemplateDottedNotation.value = 2, expr */ +/* TemplateDottedNotation.attr = 3, str */ +/* TemplateDottedNotation.ctx = 4, expr_context */ + +/* TemplateWrite.location = 0, location */ +/* TemplateWrite.value = 1, expr */ + +/* Try.location = 0, location */ +/* Try.body = 1, stmt_list */ +/* Try.orelse = 2, stmt_list */ +/* Try.handlers = 3, stmt_list */ +/* Try.finalbody = 4, stmt_list */ + +/* Tuple.location = 0, location */ +/* Tuple.parenthesised = 1, bool */ +/* Tuple.elts = 2, expr_list */ +/* Tuple.ctx = 3, expr_context */ +/* Tuple = ParameterList */ + +/* UnaryExpr.location = 0, location */ +/* UnaryExpr.parenthesised = 1, bool */ +/* UnaryExpr.op = 2, unaryop */ +/* UnaryExpr.operand = 3, expr */ + +/* While.location = 0, location */ +/* While.test = 1, expr */ +/* While.body = 2, stmt_list */ +/* While.orelse = 3, stmt_list */ + +/* With.location = 0, location */ +/* With.context_expr = 1, expr */ +/* With.optional_vars = 2, expr */ +/* With.body = 3, stmt_list */ +/* With.is_async = 4, bool */ + +/* Yield.location = 0, location */ +/* Yield.parenthesised = 1, bool */ +/* Yield.value = 2, expr */ + +/* YieldFrom.location = 0, location */ +/* YieldFrom.parenthesised = 1, bool */ +/* YieldFrom.value = 2, expr */ + +/* Alias.value = 0, expr */ +/* Alias.asname = 1, expr */ +/* Alias = AliasList */ +/* AliasList = Import */ + +/* Arguments.kw_defaults = 0, expr_list */ +/* Arguments.defaults = 1, expr_list */ +/* Arguments.annotations = 2, expr_list */ +/* Arguments.varargannotation = 3, expr */ +/* Arguments.kwargannotation = 4, expr */ +/* Arguments.kw_annotations = 5, expr_list */ +/* Arguments = ArgumentsParent */ +/* boolean = BoolParent */ +/* Boolop = BoolExpr */ +/* string = Bytes */ +/* Cmpop = CmpopList */ +/* CmpopList = Compare */ + +/* Comprehension.location = 0, location */ +/* Comprehension.iter = 1, expr */ +/* Comprehension.target = 2, expr */ +/* Comprehension.ifs = 3, expr_list */ +/* Comprehension = ComprehensionList */ +/* ComprehensionList = ListComp */ +/* DictItem = DictItemList */ +/* DictItemList = DictItemListParent */ + +/* Expr.location = 0, location */ +/* Expr.parenthesised = 1, bool */ +/* Expr = ExprParent */ +/* ExprContext = ExprContextParent */ +/* ExprList = ExprListParent */ +/* int = ImportExpr */ + +/* Keyword.location = 0, location */ +/* Keyword.value = 1, expr */ +/* Keyword.arg = 2, str */ +/* Location = LocationParent */ +/* string = Num */ +/* Operator = BinaryExpr */ +/* ParameterList = Function */ + +/* Pattern.location = 0, location */ +/* Pattern.parenthesised = 1, bool */ +/* Pattern = PatternParent */ +/* PatternList = PatternListParent */ + +/* Stmt.location = 0, location */ +/* Stmt = StmtList */ +/* StmtList = StmtListParent */ +/* string = StrParent */ +/* StringList = StrListParent */ +/* Unaryop = UnaryExpr */ +/* Variable = VariableParent */ +py_Classes(unique int id : @py_Class, + unique int parent : @py_ClassExpr ref); + +py_Functions(unique int id : @py_Function, + unique int parent : @py_Function_parent ref); + +py_Modules(unique int id : @py_Module); + +py_StringParts(unique int id : @py_StringPart, + int parent : @py_StringPart_list ref, + int idx : int ref); + +py_StringPart_lists(unique int id : @py_StringPart_list, + unique int parent : @py_Bytes_or_Str ref); + +py_aliases(unique int id : @py_alias, + int parent : @py_alias_list ref, + int idx : int ref); + +py_alias_lists(unique int id : @py_alias_list, + unique int parent : @py_Import ref); + +py_arguments(unique int id : @py_arguments, + unique int parent : @py_arguments_parent ref); + +py_bools(int parent : @py_bool_parent ref, + int idx : int ref); + +py_boolops(unique int id : @py_boolop, + int kind: int ref, + unique int parent : @py_BoolExpr ref); + +py_bytes(varchar(1) id : string ref, + int parent : @py_Bytes ref, + int idx : int ref); + +py_cmpops(unique int id : @py_cmpop, + int kind: int ref, + int parent : @py_cmpop_list ref, + int idx : int ref); + +py_cmpop_lists(unique int id : @py_cmpop_list, + unique int parent : @py_Compare ref); + +py_comprehensions(unique int id : @py_comprehension, + int parent : @py_comprehension_list ref, + int idx : int ref); + +py_comprehension_lists(unique int id : @py_comprehension_list, + unique int parent : @py_ListComp ref); + +py_dict_items(unique int id : @py_dict_item, + int kind: int ref, + int parent : @py_dict_item_list ref, + int idx : int ref); + +py_dict_item_lists(unique int id : @py_dict_item_list, + unique int parent : @py_dict_item_list_parent ref); + +py_exprs(unique int id : @py_expr, + int kind: int ref, + int parent : @py_expr_parent ref, + int idx : int ref); + +py_expr_contexts(unique int id : @py_expr_context, + int kind: int ref, + unique int parent : @py_expr_context_parent ref); + +py_expr_lists(unique int id : @py_expr_list, + int parent : @py_expr_list_parent ref, + int idx : int ref); + +py_ints(int id : int ref, + unique int parent : @py_ImportExpr ref); + +py_locations(unique int id : @location ref, + unique int parent : @py_location_parent ref); + +py_numbers(varchar(1) id : string ref, + int parent : @py_Num ref, + int idx : int ref); + +py_operators(unique int id : @py_operator, + int kind: int ref, + unique int parent : @py_BinaryExpr ref); + +py_parameter_lists(unique int id : @py_parameter_list, + unique int parent : @py_Function ref); + +py_patterns(unique int id : @py_pattern, + int kind: int ref, + int parent : @py_pattern_parent ref, + int idx : int ref); + +py_pattern_lists(unique int id : @py_pattern_list, + int parent : @py_pattern_list_parent ref, + int idx : int ref); + +py_stmts(unique int id : @py_stmt, + int kind: int ref, + int parent : @py_stmt_list ref, + int idx : int ref); + +py_stmt_lists(unique int id : @py_stmt_list, + int parent : @py_stmt_list_parent ref, + int idx : int ref); + +py_strs(varchar(1) id : string ref, + int parent : @py_str_parent ref, + int idx : int ref); + +py_str_lists(unique int id : @py_str_list, + unique int parent : @py_str_list_parent ref); + +py_unaryops(unique int id : @py_unaryop, + int kind: int ref, + unique int parent : @py_UnaryExpr ref); + +py_variables(int id : @py_variable ref, + unique int parent : @py_variable_parent ref); + +case @py_boolop.kind of + 0 = @py_And +| 1 = @py_Or; + +case @py_cmpop.kind of + 0 = @py_Eq +| 1 = @py_Gt +| 2 = @py_GtE +| 3 = @py_In +| 4 = @py_Is +| 5 = @py_IsNot +| 6 = @py_Lt +| 7 = @py_LtE +| 8 = @py_NotEq +| 9 = @py_NotIn; + +case @py_dict_item.kind of + 0 = @py_DictUnpacking +| 1 = @py_KeyValuePair +| 2 = @py_keyword; + +case @py_expr.kind of + 0 = @py_Attribute +| 1 = @py_BinaryExpr +| 2 = @py_BoolExpr +| 3 = @py_Bytes +| 4 = @py_Call +| 5 = @py_ClassExpr +| 6 = @py_Compare +| 7 = @py_Dict +| 8 = @py_DictComp +| 9 = @py_Ellipsis +| 10 = @py_FunctionExpr +| 11 = @py_GeneratorExp +| 12 = @py_IfExp +| 13 = @py_ImportExpr +| 14 = @py_ImportMember +| 15 = @py_Lambda +| 16 = @py_List +| 17 = @py_ListComp +| 18 = @py_Guard +| 19 = @py_Name +| 20 = @py_Num +| 21 = @py_Repr +| 22 = @py_Set +| 23 = @py_SetComp +| 24 = @py_Slice +| 25 = @py_Starred +| 26 = @py_Str +| 27 = @py_Subscript +| 28 = @py_Tuple +| 29 = @py_UnaryExpr +| 30 = @py_Yield +| 31 = @py_YieldFrom +| 32 = @py_TemplateDottedNotation +| 33 = @py_Filter +| 34 = @py_PlaceHolder +| 35 = @py_Await +| 36 = @py_Fstring +| 37 = @py_FormattedValue +| 38 = @py_AssignExpr +| 39 = @py_SpecialOperation; + +case @py_expr_context.kind of + 0 = @py_AugLoad +| 1 = @py_AugStore +| 2 = @py_Del +| 3 = @py_Load +| 4 = @py_Param +| 5 = @py_Store; + +case @py_operator.kind of + 0 = @py_Add +| 1 = @py_BitAnd +| 2 = @py_BitOr +| 3 = @py_BitXor +| 4 = @py_Div +| 5 = @py_FloorDiv +| 6 = @py_LShift +| 7 = @py_Mod +| 8 = @py_Mult +| 9 = @py_Pow +| 10 = @py_RShift +| 11 = @py_Sub +| 12 = @py_MatMult; + +case @py_pattern.kind of + 0 = @py_MatchAsPattern +| 1 = @py_MatchOrPattern +| 2 = @py_MatchLiteralPattern +| 3 = @py_MatchCapturePattern +| 4 = @py_MatchWildcardPattern +| 5 = @py_MatchValuePattern +| 6 = @py_MatchSequencePattern +| 7 = @py_MatchStarPattern +| 8 = @py_MatchMappingPattern +| 9 = @py_MatchDoubleStarPattern +| 10 = @py_MatchKeyValuePattern +| 11 = @py_MatchClassPattern +| 12 = @py_MatchKeywordPattern; + +case @py_stmt.kind of + 0 = @py_Assert +| 1 = @py_Assign +| 2 = @py_AugAssign +| 3 = @py_Break +| 4 = @py_Continue +| 5 = @py_Delete +| 6 = @py_ExceptStmt +| 7 = @py_ExceptGroupStmt +| 8 = @py_Exec +| 9 = @py_Expr_stmt +| 10 = @py_For +| 11 = @py_Global +| 12 = @py_If +| 13 = @py_Import +| 14 = @py_ImportStar +| 15 = @py_MatchStmt +| 16 = @py_Case +| 17 = @py_Nonlocal +| 18 = @py_Pass +| 19 = @py_Print +| 20 = @py_Raise +| 21 = @py_Return +| 22 = @py_Try +| 23 = @py_While +| 24 = @py_With +| 25 = @py_TemplateWrite +| 26 = @py_AnnAssign; + +case @py_unaryop.kind of + 0 = @py_Invert +| 1 = @py_Not +| 2 = @py_UAdd +| 3 = @py_USub; + +@py_Bytes_or_Str = @py_Bytes | @py_Str; + +@py_Function_parent = @py_DictComp | @py_FunctionExpr | @py_GeneratorExp | @py_Lambda | @py_ListComp | @py_SetComp; + +@py_arguments_parent = @py_FunctionExpr | @py_Lambda; + +@py_ast_node = @py_Class | @py_Function | @py_Module | @py_StringPart | @py_comprehension | @py_dict_item | @py_expr | @py_pattern | @py_stmt; + +@py_bool_parent = @py_For | @py_Function | @py_Print | @py_With | @py_expr | @py_pattern; + +@py_dict_item_list_parent = @py_Call | @py_ClassExpr | @py_Dict; + +@py_expr_context_parent = @py_Attribute | @py_List | @py_Name | @py_PlaceHolder | @py_Starred | @py_Subscript | @py_TemplateDottedNotation | @py_Tuple; + +@py_expr_list_parent = @py_Assign | @py_BoolExpr | @py_Call | @py_ClassExpr | @py_Compare | @py_Delete | @py_Fstring | @py_Function | @py_List | @py_Print | @py_Set | @py_SpecialOperation | @py_Tuple | @py_arguments | @py_comprehension; + +@py_expr_or_stmt = @py_expr | @py_stmt; + +@py_expr_parent = @py_AnnAssign | @py_Assert | @py_Assign | @py_AssignExpr | @py_Attribute | @py_AugAssign | @py_Await | @py_BinaryExpr | @py_Call | @py_Case | @py_Compare | @py_DictComp | @py_DictUnpacking | @py_ExceptGroupStmt | @py_ExceptStmt | @py_Exec | @py_Expr_stmt | @py_Filter | @py_For | @py_FormattedValue | @py_Function | @py_FunctionExpr | @py_GeneratorExp | @py_Guard | @py_If | @py_IfExp | @py_ImportMember | @py_ImportStar | @py_KeyValuePair | @py_ListComp | @py_MatchAsPattern | @py_MatchCapturePattern | @py_MatchClassPattern | @py_MatchKeywordPattern | @py_MatchLiteralPattern | @py_MatchStmt | @py_MatchValuePattern | @py_Print | @py_Raise | @py_Repr | @py_Return | @py_SetComp | @py_Slice | @py_Starred | @py_Subscript | @py_TemplateDottedNotation | @py_TemplateWrite | @py_UnaryExpr | @py_While | @py_With | @py_Yield | @py_YieldFrom | @py_alias | @py_arguments | @py_comprehension | @py_expr_list | @py_keyword | @py_parameter_list; + +@py_location_parent = @py_DictUnpacking | @py_KeyValuePair | @py_StringPart | @py_comprehension | @py_expr | @py_keyword | @py_pattern | @py_stmt; + +@py_parameter = @py_Name | @py_Tuple; + +@py_pattern_list_parent = @py_MatchClassPattern | @py_MatchMappingPattern | @py_MatchOrPattern | @py_MatchSequencePattern; + +@py_pattern_parent = @py_Case | @py_MatchAsPattern | @py_MatchDoubleStarPattern | @py_MatchKeyValuePattern | @py_MatchKeywordPattern | @py_MatchStarPattern | @py_pattern_list; + +@py_scope = @py_Class | @py_Function | @py_Module; + +@py_stmt_list_parent = @py_Case | @py_Class | @py_ExceptGroupStmt | @py_ExceptStmt | @py_For | @py_Function | @py_If | @py_MatchStmt | @py_Module | @py_Try | @py_While | @py_With; + +@py_str_list_parent = @py_Global | @py_Nonlocal; + +@py_str_parent = @py_Attribute | @py_Class | @py_ClassExpr | @py_FormattedValue | @py_Function | @py_FunctionExpr | @py_ImportExpr | @py_ImportMember | @py_Module | @py_SpecialOperation | @py_Str | @py_StringPart | @py_TemplateDottedNotation | @py_keyword | @py_str_list; + +@py_variable_parent = @py_Name | @py_PlaceHolder; + + +/* + * End of auto-generated part + */ + + + +/* Map relative names to absolute names for imports */ +py_absolute_names(int module : @py_Module ref, + varchar(1) relname : string ref, + varchar(1) absname : string ref); + +py_exports(int id : @py_Module ref, + varchar(1) name : string ref); + +/* Successor information */ +py_successors(int predecessor : @py_flow_node ref, + int successor : @py_flow_node ref); + +py_true_successors(int predecessor : @py_flow_node ref, + int successor : @py_flow_node ref); + +py_exception_successors(int predecessor : @py_flow_node ref, + int successor : @py_flow_node ref); + +py_false_successors(int predecessor : @py_flow_node ref, + int successor : @py_flow_node ref); + +py_flow_bb_node(unique int flownode : @py_flow_node, + int realnode : @py_ast_node ref, + int basicblock : @py_flow_node ref, + int index : int ref); + +py_scope_flow(int flow : @py_flow_node ref, + int scope : @py_scope ref, + int kind : int ref); + +py_idoms(unique int node : @py_flow_node ref, + int immediate_dominator : @py_flow_node ref); + +py_ssa_phi(int phi : @py_ssa_var ref, + int arg: @py_ssa_var ref); + +py_ssa_var(unique int id : @py_ssa_var, + int var : @py_variable ref); + +py_ssa_use(int node: @py_flow_node ref, + int var : @py_ssa_var ref); + +py_ssa_defn(unique int id : @py_ssa_var ref, + int node: @py_flow_node ref); + +@py_base_var = @py_variable | @py_ssa_var; + +py_scopes(unique int node : @py_expr_or_stmt ref, + int scope : @py_scope ref); + +py_scope_location(unique int id : @location ref, + unique int scope : @py_scope ref); + +py_flags_versioned(varchar(1) name : string ref, + varchar(1) value : string ref, + varchar(1) version : string ref); + +py_syntax_error_versioned(unique int id : @location ref, + varchar(1) message : string ref, + varchar(1) version : string ref); + +py_comments(unique int id : @py_comment, + varchar(1) text : string ref, + unique int location : @location ref); + +/* Type information support */ + +py_cobjects(unique int obj : @py_cobject); + +py_cobjecttypes(unique int obj : @py_cobject ref, + int typeof : @py_cobject ref); + +py_cobjectnames(unique int obj : @py_cobject ref, + varchar(1) name : string ref); + +/* Kind should be 0 for introspection, > 0 from source, as follows: + 1 from C extension source + */ +py_cobject_sources(int obj : @py_cobject ref, + int kind : int ref); + +py_cmembers_versioned(int object : @py_cobject ref, + varchar(1) name : string ref, + int member : @py_cobject ref, + varchar(1) version : string ref); + +py_citems(int object : @py_cobject ref, + int index : int ref, + int member : @py_cobject ref); + +ext_argtype(int funcid : @py_object ref, + int arg : int ref, + int typeid : @py_object ref); + +ext_rettype(int funcid : @py_object ref, + int typeid : @py_object ref); + +ext_proptype(int propid : @py_object ref, + int typeid : @py_object ref); + +ext_argreturn(int funcid : @py_object ref, + int arg : int ref); + +py_special_objects(unique int obj : @py_cobject ref, + unique varchar(1) name : string ref); + +py_decorated_object(int object : @py_object ref, + int level: int ref); + +@py_object = @py_cobject | @py_flow_node; + +@py_source_element = @py_ast_node | @container; + +/* XML Files */ + +xmlEncoding (unique int id: @file ref, varchar(900) encoding: string ref); + +xmlDTDs (unique int id: @xmldtd, + varchar(900) root: string ref, + varchar(900) publicId: string ref, + varchar(900) systemId: string ref, + int fileid: @file ref); + +xmlElements (unique int id: @xmlelement, + varchar(900) name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref); + +xmlAttrs (unique int id: @xmlattribute, + int elementid: @xmlelement ref, + varchar(900) name: string ref, + varchar(3600) value: string ref, + int idx: int ref, + int fileid: @file ref); + +xmlNs (int id: @xmlnamespace, + varchar(900) prefixName: string ref, + varchar(900) URI: string ref, + int fileid: @file ref); + +xmlHasNs (int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref); + +xmlComments (unique int id: @xmlcomment, + varchar(3600) text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref); + +xmlChars (unique int id: @xmlcharacters, + varchar(3600) text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations(int xmlElement: @xmllocatable ref, + int location: @location_default ref); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/** + * YAML + */ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + varchar(900) tag: string ref, + varchar(900) tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + varchar(900) anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + varchar(900) target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + varchar(900) value: string ref); + +yaml_errors (unique int id: @yaml_error, + varchar(900) message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; diff --git a/python/downgrades/0565f7466437d52e1dc64a3b930926ab2f60cd64/upgrade.properties b/python/downgrades/0565f7466437d52e1dc64a3b930926ab2f60cd64/upgrade.properties new file mode 100644 index 00000000000..7b75d5de56a --- /dev/null +++ b/python/downgrades/0565f7466437d52e1dc64a3b930926ab2f60cd64/upgrade.properties @@ -0,0 +1,2 @@ +description: Sync dbscheme fragments +compatibility: full diff --git a/python/ql/lib/upgrades/0355ecf0ac589e66467a378e0e9d60f41ee4a757/old.dbscheme b/python/ql/lib/upgrades/0355ecf0ac589e66467a378e0e9d60f41ee4a757/old.dbscheme new file mode 100644 index 00000000000..0355ecf0ac5 --- /dev/null +++ b/python/ql/lib/upgrades/0355ecf0ac589e66467a378e0e9d60f41ee4a757/old.dbscheme @@ -0,0 +1,1147 @@ +/* + * This dbscheme is auto-generated by 'semmle/dbscheme_gen.py'. + * WARNING: Any modifications to this file will be lost. + * Relations can be changed by modifying master.py or + * by adding rules to dbscheme.template + */ + +/* This is a dummy line to alter the dbscheme, so we can make a database upgrade + * without actually changing any of the dbscheme predicates. It contains a date + * to allow for such updates in the future as well. + * + * 2020-07-02 + * + * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a + * previously seen state (matching a previously seen SHA), which would make the upgrade + * mechanism not work properly. + */ + + /* + * External artifacts + */ + +externalDefects( + unique int id : @externalDefect, + varchar(900) queryPath : string ref, + int location : @location ref, + varchar(900) message : string ref, + float severity : float ref +); + +externalMetrics( + unique int id : @externalMetric, + varchar(900) queryPath : string ref, + int location : @location ref, + float value : float ref +); + +externalData( + int id : @externalDataElement, + varchar(900) queryPath : string ref, + int column: int ref, + varchar(900) data : string ref +); + +snapshotDate(unique date snapshotDate : date ref); + +sourceLocationPrefix(varchar(900) prefix : string ref); + + +/* + * Duplicate code + */ + +duplicateCode( + unique int id : @duplication, + varchar(900) relativePath : string ref, + int equivClass : int ref); + +similarCode( + unique int id : @similarity, + varchar(900) relativePath : string ref, + int equivClass : int ref); + +@duplication_or_similarity = @duplication | @similarity + +tokens( + int id : @duplication_or_similarity ref, + int offset : int ref, + int beginLine : int ref, + int beginColumn : int ref, + int endLine : int ref, + int endColumn : int ref); + +/* + * Line metrics + */ +py_codelines(int id : @py_scope ref, + int count : int ref); + +py_commentlines(int id : @py_scope ref, + int count : int ref); + +py_docstringlines(int id : @py_scope ref, + int count : int ref); + +py_alllines(int id : @py_scope ref, + int count : int ref); + +/* + * Version history + */ + +svnentries( + int id : @svnentry, + varchar(500) revision : string ref, + varchar(500) author : string ref, + date revisionDate : date ref, + int changeSize : int ref +) + +svnaffectedfiles( + int id : @svnentry ref, + int file : @file ref, + varchar(500) action : string ref +) + +svnentrymsg( + int id : @svnentry ref, + varchar(500) message : string ref +) + +svnchurn( + int commit : @svnentry ref, + int file : @file ref, + int addedLines : int ref, + int deletedLines : int ref +) + +/**************************** + Python dbscheme +****************************/ + +files(unique int id: @file, + varchar(900) name: string ref); + +folders(unique int id: @folder, + varchar(900) name: string ref); + +@container = @folder | @file; + +containerparent(int parent: @container ref, + unique int child: @container ref); + +@sourceline = @file | @py_Module | @xmllocatable; + +numlines(int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref + ); + +@location = @location_ast | @location_default ; + +locations_default(unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +locations_ast(unique int id: @location_ast, + int module: @py_Module ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +file_contents(unique int file: @file ref, string contents: string ref); + +py_module_path(int module: @py_Module ref, int file: @container ref); + +variable(unique int id : @py_variable, + int scope : @py_scope ref, + varchar(1) name : string ref); + +py_line_lengths(unique int id : @py_line, + int file: @py_Module ref, + int line : int ref, + int length : int ref); + +py_extracted_version(int module : @py_Module ref, + varchar(1) version : string ref); + +/* AUTO GENERATED PART STARTS HERE */ + + +/* AnnAssign.location = 0, location */ +/* AnnAssign.value = 1, expr */ +/* AnnAssign.annotation = 2, expr */ +/* AnnAssign.target = 3, expr */ + +/* Assert.location = 0, location */ +/* Assert.test = 1, expr */ +/* Assert.msg = 2, expr */ + +/* Assign.location = 0, location */ +/* Assign.value = 1, expr */ +/* Assign.targets = 2, expr_list */ + +/* AssignExpr.location = 0, location */ +/* AssignExpr.parenthesised = 1, bool */ +/* AssignExpr.value = 2, expr */ +/* AssignExpr.target = 3, expr */ + +/* Attribute.location = 0, location */ +/* Attribute.parenthesised = 1, bool */ +/* Attribute.value = 2, expr */ +/* Attribute.attr = 3, str */ +/* Attribute.ctx = 4, expr_context */ + +/* AugAssign.location = 0, location */ +/* AugAssign.operation = 1, BinOp */ + +/* Await.location = 0, location */ +/* Await.parenthesised = 1, bool */ +/* Await.value = 2, expr */ + +/* BinaryExpr.location = 0, location */ +/* BinaryExpr.parenthesised = 1, bool */ +/* BinaryExpr.left = 2, expr */ +/* BinaryExpr.op = 3, operator */ +/* BinaryExpr.right = 4, expr */ +/* BinaryExpr = AugAssign */ + +/* BoolExpr.location = 0, location */ +/* BoolExpr.parenthesised = 1, bool */ +/* BoolExpr.op = 2, boolop */ +/* BoolExpr.values = 3, expr_list */ + +/* Break.location = 0, location */ + +/* Bytes.location = 0, location */ +/* Bytes.parenthesised = 1, bool */ +/* Bytes.s = 2, bytes */ +/* Bytes.prefix = 3, bytes */ +/* Bytes.implicitly_concatenated_parts = 4, StringPart_list */ + +/* Call.location = 0, location */ +/* Call.parenthesised = 1, bool */ +/* Call.func = 2, expr */ +/* Call.positional_args = 3, expr_list */ +/* Call.named_args = 4, dict_item_list */ + +/* Case.location = 0, location */ +/* Case.pattern = 1, pattern */ +/* Case.guard = 2, expr */ +/* Case.body = 3, stmt_list */ + +/* Class.name = 0, str */ +/* Class.body = 1, stmt_list */ +/* Class = ClassExpr */ + +/* ClassExpr.location = 0, location */ +/* ClassExpr.parenthesised = 1, bool */ +/* ClassExpr.name = 2, str */ +/* ClassExpr.bases = 3, expr_list */ +/* ClassExpr.keywords = 4, dict_item_list */ +/* ClassExpr.inner_scope = 5, Class */ + +/* Compare.location = 0, location */ +/* Compare.parenthesised = 1, bool */ +/* Compare.left = 2, expr */ +/* Compare.ops = 3, cmpop_list */ +/* Compare.comparators = 4, expr_list */ + +/* Continue.location = 0, location */ + +/* Delete.location = 0, location */ +/* Delete.targets = 1, expr_list */ + +/* Dict.location = 0, location */ +/* Dict.parenthesised = 1, bool */ +/* Dict.items = 2, dict_item_list */ + +/* DictComp.location = 0, location */ +/* DictComp.parenthesised = 1, bool */ +/* DictComp.function = 2, Function */ +/* DictComp.iterable = 3, expr */ + +/* DictUnpacking.location = 0, location */ +/* DictUnpacking.value = 1, expr */ + +/* Ellipsis.location = 0, location */ +/* Ellipsis.parenthesised = 1, bool */ + +/* ExceptGroupStmt.location = 0, location */ +/* ExceptGroupStmt.type = 1, expr */ +/* ExceptGroupStmt.name = 2, expr */ +/* ExceptGroupStmt.body = 3, stmt_list */ + +/* ExceptStmt.location = 0, location */ +/* ExceptStmt.type = 1, expr */ +/* ExceptStmt.name = 2, expr */ +/* ExceptStmt.body = 3, stmt_list */ + +/* Exec.location = 0, location */ +/* Exec.body = 1, expr */ +/* Exec.globals = 2, expr */ +/* Exec.locals = 3, expr */ + +/* ExprStmt.location = 0, location */ +/* ExprStmt.value = 1, expr */ + +/* Filter.location = 0, location */ +/* Filter.parenthesised = 1, bool */ +/* Filter.value = 2, expr */ +/* Filter.filter = 3, expr */ + +/* For.location = 0, location */ +/* For.target = 1, expr */ +/* For.iter = 2, expr */ +/* For.body = 3, stmt_list */ +/* For.orelse = 4, stmt_list */ +/* For.is_async = 5, bool */ + +/* FormattedValue.location = 0, location */ +/* FormattedValue.parenthesised = 1, bool */ +/* FormattedValue.value = 2, expr */ +/* FormattedValue.conversion = 3, str */ +/* FormattedValue.format_spec = 4, JoinedStr */ + +/* Function.name = 0, str */ +/* Function.args = 1, parameter_list */ +/* Function.vararg = 2, expr */ +/* Function.kwonlyargs = 3, expr_list */ +/* Function.kwarg = 4, expr */ +/* Function.body = 5, stmt_list */ +/* Function.is_async = 6, bool */ +/* Function = FunctionParent */ + +/* FunctionExpr.location = 0, location */ +/* FunctionExpr.parenthesised = 1, bool */ +/* FunctionExpr.name = 2, str */ +/* FunctionExpr.args = 3, arguments */ +/* FunctionExpr.returns = 4, expr */ +/* FunctionExpr.inner_scope = 5, Function */ + +/* GeneratorExp.location = 0, location */ +/* GeneratorExp.parenthesised = 1, bool */ +/* GeneratorExp.function = 2, Function */ +/* GeneratorExp.iterable = 3, expr */ + +/* Global.location = 0, location */ +/* Global.names = 1, str_list */ + +/* Guard.location = 0, location */ +/* Guard.parenthesised = 1, bool */ +/* Guard.test = 2, expr */ + +/* If.location = 0, location */ +/* If.test = 1, expr */ +/* If.body = 2, stmt_list */ +/* If.orelse = 3, stmt_list */ + +/* IfExp.location = 0, location */ +/* IfExp.parenthesised = 1, bool */ +/* IfExp.test = 2, expr */ +/* IfExp.body = 3, expr */ +/* IfExp.orelse = 4, expr */ + +/* Import.location = 0, location */ +/* Import.names = 1, alias_list */ + +/* ImportExpr.location = 0, location */ +/* ImportExpr.parenthesised = 1, bool */ +/* ImportExpr.level = 2, int */ +/* ImportExpr.name = 3, str */ +/* ImportExpr.top = 4, bool */ + +/* ImportStar.location = 0, location */ +/* ImportStar.module = 1, expr */ + +/* ImportMember.location = 0, location */ +/* ImportMember.parenthesised = 1, bool */ +/* ImportMember.module = 2, expr */ +/* ImportMember.name = 3, str */ + +/* Fstring.location = 0, location */ +/* Fstring.parenthesised = 1, bool */ +/* Fstring.values = 2, expr_list */ +/* Fstring = FormattedValue */ + +/* KeyValuePair.location = 0, location */ +/* KeyValuePair.value = 1, expr */ +/* KeyValuePair.key = 2, expr */ + +/* Lambda.location = 0, location */ +/* Lambda.parenthesised = 1, bool */ +/* Lambda.args = 2, arguments */ +/* Lambda.inner_scope = 3, Function */ + +/* List.location = 0, location */ +/* List.parenthesised = 1, bool */ +/* List.elts = 2, expr_list */ +/* List.ctx = 3, expr_context */ + +/* ListComp.location = 0, location */ +/* ListComp.parenthesised = 1, bool */ +/* ListComp.function = 2, Function */ +/* ListComp.iterable = 3, expr */ +/* ListComp.generators = 4, comprehension_list */ +/* ListComp.elt = 5, expr */ + +/* MatchStmt.location = 0, location */ +/* MatchStmt.subject = 1, expr */ +/* MatchStmt.cases = 2, stmt_list */ + +/* MatchAsPattern.location = 0, location */ +/* MatchAsPattern.parenthesised = 1, bool */ +/* MatchAsPattern.pattern = 2, pattern */ +/* MatchAsPattern.alias = 3, expr */ + +/* MatchCapturePattern.location = 0, location */ +/* MatchCapturePattern.parenthesised = 1, bool */ +/* MatchCapturePattern.variable = 2, expr */ + +/* MatchClassPattern.location = 0, location */ +/* MatchClassPattern.parenthesised = 1, bool */ +/* MatchClassPattern.class = 2, expr */ +/* MatchClassPattern.class_name = 3, expr */ +/* MatchClassPattern.positional = 4, pattern_list */ +/* MatchClassPattern.keyword = 5, pattern_list */ + +/* MatchDoubleStarPattern.location = 0, location */ +/* MatchDoubleStarPattern.parenthesised = 1, bool */ +/* MatchDoubleStarPattern.target = 2, pattern */ + +/* MatchKeyValuePattern.location = 0, location */ +/* MatchKeyValuePattern.parenthesised = 1, bool */ +/* MatchKeyValuePattern.key = 2, pattern */ +/* MatchKeyValuePattern.value = 3, pattern */ + +/* MatchKeywordPattern.location = 0, location */ +/* MatchKeywordPattern.parenthesised = 1, bool */ +/* MatchKeywordPattern.attribute = 2, expr */ +/* MatchKeywordPattern.value = 3, pattern */ + +/* MatchLiteralPattern.location = 0, location */ +/* MatchLiteralPattern.parenthesised = 1, bool */ +/* MatchLiteralPattern.literal = 2, expr */ + +/* MatchMappingPattern.location = 0, location */ +/* MatchMappingPattern.parenthesised = 1, bool */ +/* MatchMappingPattern.mappings = 2, pattern_list */ + +/* MatchOrPattern.location = 0, location */ +/* MatchOrPattern.parenthesised = 1, bool */ +/* MatchOrPattern.patterns = 2, pattern_list */ + +/* MatchSequencePattern.location = 0, location */ +/* MatchSequencePattern.parenthesised = 1, bool */ +/* MatchSequencePattern.patterns = 2, pattern_list */ + +/* MatchStarPattern.location = 0, location */ +/* MatchStarPattern.parenthesised = 1, bool */ +/* MatchStarPattern.target = 2, pattern */ + +/* MatchValuePattern.location = 0, location */ +/* MatchValuePattern.parenthesised = 1, bool */ +/* MatchValuePattern.value = 2, expr */ + +/* MatchWildcardPattern.location = 0, location */ +/* MatchWildcardPattern.parenthesised = 1, bool */ + +/* Module.name = 0, str */ +/* Module.hash = 1, str */ +/* Module.body = 2, stmt_list */ +/* Module.kind = 3, str */ + +/* Name.location = 0, location */ +/* Name.parenthesised = 1, bool */ +/* Name.variable = 2, variable */ +/* Name.ctx = 3, expr_context */ +/* Name = ParameterList */ + +/* Nonlocal.location = 0, location */ +/* Nonlocal.names = 1, str_list */ + +/* Num.location = 0, location */ +/* Num.parenthesised = 1, bool */ +/* Num.n = 2, number */ +/* Num.text = 3, number */ + +/* Pass.location = 0, location */ + +/* PlaceHolder.location = 0, location */ +/* PlaceHolder.parenthesised = 1, bool */ +/* PlaceHolder.variable = 2, variable */ +/* PlaceHolder.ctx = 3, expr_context */ + +/* Print.location = 0, location */ +/* Print.dest = 1, expr */ +/* Print.values = 2, expr_list */ +/* Print.nl = 3, bool */ + +/* Raise.location = 0, location */ +/* Raise.exc = 1, expr */ +/* Raise.cause = 2, expr */ +/* Raise.type = 3, expr */ +/* Raise.inst = 4, expr */ +/* Raise.tback = 5, expr */ + +/* Repr.location = 0, location */ +/* Repr.parenthesised = 1, bool */ +/* Repr.value = 2, expr */ + +/* Return.location = 0, location */ +/* Return.value = 1, expr */ + +/* Set.location = 0, location */ +/* Set.parenthesised = 1, bool */ +/* Set.elts = 2, expr_list */ + +/* SetComp.location = 0, location */ +/* SetComp.parenthesised = 1, bool */ +/* SetComp.function = 2, Function */ +/* SetComp.iterable = 3, expr */ + +/* Slice.location = 0, location */ +/* Slice.parenthesised = 1, bool */ +/* Slice.start = 2, expr */ +/* Slice.stop = 3, expr */ +/* Slice.step = 4, expr */ + +/* SpecialOperation.location = 0, location */ +/* SpecialOperation.parenthesised = 1, bool */ +/* SpecialOperation.name = 2, str */ +/* SpecialOperation.arguments = 3, expr_list */ + +/* Starred.location = 0, location */ +/* Starred.parenthesised = 1, bool */ +/* Starred.value = 2, expr */ +/* Starred.ctx = 3, expr_context */ + +/* Str.location = 0, location */ +/* Str.parenthesised = 1, bool */ +/* Str.s = 2, str */ +/* Str.prefix = 3, str */ +/* Str.implicitly_concatenated_parts = 4, StringPart_list */ + +/* StringPart.text = 0, str */ +/* StringPart.location = 1, location */ +/* StringPart = StringPartList */ +/* StringPartList = BytesOrStr */ + +/* Subscript.location = 0, location */ +/* Subscript.parenthesised = 1, bool */ +/* Subscript.value = 2, expr */ +/* Subscript.index = 3, expr */ +/* Subscript.ctx = 4, expr_context */ + +/* TemplateDottedNotation.location = 0, location */ +/* TemplateDottedNotation.parenthesised = 1, bool */ +/* TemplateDottedNotation.value = 2, expr */ +/* TemplateDottedNotation.attr = 3, str */ +/* TemplateDottedNotation.ctx = 4, expr_context */ + +/* TemplateWrite.location = 0, location */ +/* TemplateWrite.value = 1, expr */ + +/* Try.location = 0, location */ +/* Try.body = 1, stmt_list */ +/* Try.orelse = 2, stmt_list */ +/* Try.handlers = 3, stmt_list */ +/* Try.finalbody = 4, stmt_list */ + +/* Tuple.location = 0, location */ +/* Tuple.parenthesised = 1, bool */ +/* Tuple.elts = 2, expr_list */ +/* Tuple.ctx = 3, expr_context */ +/* Tuple = ParameterList */ + +/* UnaryExpr.location = 0, location */ +/* UnaryExpr.parenthesised = 1, bool */ +/* UnaryExpr.op = 2, unaryop */ +/* UnaryExpr.operand = 3, expr */ + +/* While.location = 0, location */ +/* While.test = 1, expr */ +/* While.body = 2, stmt_list */ +/* While.orelse = 3, stmt_list */ + +/* With.location = 0, location */ +/* With.context_expr = 1, expr */ +/* With.optional_vars = 2, expr */ +/* With.body = 3, stmt_list */ +/* With.is_async = 4, bool */ + +/* Yield.location = 0, location */ +/* Yield.parenthesised = 1, bool */ +/* Yield.value = 2, expr */ + +/* YieldFrom.location = 0, location */ +/* YieldFrom.parenthesised = 1, bool */ +/* YieldFrom.value = 2, expr */ + +/* Alias.value = 0, expr */ +/* Alias.asname = 1, expr */ +/* Alias = AliasList */ +/* AliasList = Import */ + +/* Arguments.kw_defaults = 0, expr_list */ +/* Arguments.defaults = 1, expr_list */ +/* Arguments.annotations = 2, expr_list */ +/* Arguments.varargannotation = 3, expr */ +/* Arguments.kwargannotation = 4, expr */ +/* Arguments.kw_annotations = 5, expr_list */ +/* Arguments = ArgumentsParent */ +/* boolean = BoolParent */ +/* Boolop = BoolExpr */ +/* string = Bytes */ +/* Cmpop = CmpopList */ +/* CmpopList = Compare */ + +/* Comprehension.location = 0, location */ +/* Comprehension.iter = 1, expr */ +/* Comprehension.target = 2, expr */ +/* Comprehension.ifs = 3, expr_list */ +/* Comprehension = ComprehensionList */ +/* ComprehensionList = ListComp */ +/* DictItem = DictItemList */ +/* DictItemList = DictItemListParent */ + +/* Expr.location = 0, location */ +/* Expr.parenthesised = 1, bool */ +/* Expr = ExprParent */ +/* ExprContext = ExprContextParent */ +/* ExprList = ExprListParent */ +/* int = ImportExpr */ + +/* Keyword.location = 0, location */ +/* Keyword.value = 1, expr */ +/* Keyword.arg = 2, str */ +/* Location = LocationParent */ +/* string = Num */ +/* Operator = BinaryExpr */ +/* ParameterList = Function */ + +/* Pattern.location = 0, location */ +/* Pattern.parenthesised = 1, bool */ +/* Pattern = PatternParent */ +/* PatternList = PatternListParent */ + +/* Stmt.location = 0, location */ +/* Stmt = StmtList */ +/* StmtList = StmtListParent */ +/* string = StrParent */ +/* StringList = StrListParent */ +/* Unaryop = UnaryExpr */ +/* Variable = VariableParent */ +py_Classes(unique int id : @py_Class, + unique int parent : @py_ClassExpr ref); + +py_Functions(unique int id : @py_Function, + unique int parent : @py_Function_parent ref); + +py_Modules(unique int id : @py_Module); + +py_StringParts(unique int id : @py_StringPart, + int parent : @py_StringPart_list ref, + int idx : int ref); + +py_StringPart_lists(unique int id : @py_StringPart_list, + unique int parent : @py_Bytes_or_Str ref); + +py_aliases(unique int id : @py_alias, + int parent : @py_alias_list ref, + int idx : int ref); + +py_alias_lists(unique int id : @py_alias_list, + unique int parent : @py_Import ref); + +py_arguments(unique int id : @py_arguments, + unique int parent : @py_arguments_parent ref); + +py_bools(int parent : @py_bool_parent ref, + int idx : int ref); + +py_boolops(unique int id : @py_boolop, + int kind: int ref, + unique int parent : @py_BoolExpr ref); + +py_bytes(varchar(1) id : string ref, + int parent : @py_Bytes ref, + int idx : int ref); + +py_cmpops(unique int id : @py_cmpop, + int kind: int ref, + int parent : @py_cmpop_list ref, + int idx : int ref); + +py_cmpop_lists(unique int id : @py_cmpop_list, + unique int parent : @py_Compare ref); + +py_comprehensions(unique int id : @py_comprehension, + int parent : @py_comprehension_list ref, + int idx : int ref); + +py_comprehension_lists(unique int id : @py_comprehension_list, + unique int parent : @py_ListComp ref); + +py_dict_items(unique int id : @py_dict_item, + int kind: int ref, + int parent : @py_dict_item_list ref, + int idx : int ref); + +py_dict_item_lists(unique int id : @py_dict_item_list, + unique int parent : @py_dict_item_list_parent ref); + +py_exprs(unique int id : @py_expr, + int kind: int ref, + int parent : @py_expr_parent ref, + int idx : int ref); + +py_expr_contexts(unique int id : @py_expr_context, + int kind: int ref, + unique int parent : @py_expr_context_parent ref); + +py_expr_lists(unique int id : @py_expr_list, + int parent : @py_expr_list_parent ref, + int idx : int ref); + +py_ints(int id : int ref, + unique int parent : @py_ImportExpr ref); + +py_locations(unique int id : @location ref, + unique int parent : @py_location_parent ref); + +py_numbers(varchar(1) id : string ref, + int parent : @py_Num ref, + int idx : int ref); + +py_operators(unique int id : @py_operator, + int kind: int ref, + unique int parent : @py_BinaryExpr ref); + +py_parameter_lists(unique int id : @py_parameter_list, + unique int parent : @py_Function ref); + +py_patterns(unique int id : @py_pattern, + int kind: int ref, + int parent : @py_pattern_parent ref, + int idx : int ref); + +py_pattern_lists(unique int id : @py_pattern_list, + int parent : @py_pattern_list_parent ref, + int idx : int ref); + +py_stmts(unique int id : @py_stmt, + int kind: int ref, + int parent : @py_stmt_list ref, + int idx : int ref); + +py_stmt_lists(unique int id : @py_stmt_list, + int parent : @py_stmt_list_parent ref, + int idx : int ref); + +py_strs(varchar(1) id : string ref, + int parent : @py_str_parent ref, + int idx : int ref); + +py_str_lists(unique int id : @py_str_list, + unique int parent : @py_str_list_parent ref); + +py_unaryops(unique int id : @py_unaryop, + int kind: int ref, + unique int parent : @py_UnaryExpr ref); + +py_variables(int id : @py_variable ref, + unique int parent : @py_variable_parent ref); + +case @py_boolop.kind of + 0 = @py_And +| 1 = @py_Or; + +case @py_cmpop.kind of + 0 = @py_Eq +| 1 = @py_Gt +| 2 = @py_GtE +| 3 = @py_In +| 4 = @py_Is +| 5 = @py_IsNot +| 6 = @py_Lt +| 7 = @py_LtE +| 8 = @py_NotEq +| 9 = @py_NotIn; + +case @py_dict_item.kind of + 0 = @py_DictUnpacking +| 1 = @py_KeyValuePair +| 2 = @py_keyword; + +case @py_expr.kind of + 0 = @py_Attribute +| 1 = @py_BinaryExpr +| 2 = @py_BoolExpr +| 3 = @py_Bytes +| 4 = @py_Call +| 5 = @py_ClassExpr +| 6 = @py_Compare +| 7 = @py_Dict +| 8 = @py_DictComp +| 9 = @py_Ellipsis +| 10 = @py_FunctionExpr +| 11 = @py_GeneratorExp +| 12 = @py_IfExp +| 13 = @py_ImportExpr +| 14 = @py_ImportMember +| 15 = @py_Lambda +| 16 = @py_List +| 17 = @py_ListComp +| 18 = @py_Guard +| 19 = @py_Name +| 20 = @py_Num +| 21 = @py_Repr +| 22 = @py_Set +| 23 = @py_SetComp +| 24 = @py_Slice +| 25 = @py_Starred +| 26 = @py_Str +| 27 = @py_Subscript +| 28 = @py_Tuple +| 29 = @py_UnaryExpr +| 30 = @py_Yield +| 31 = @py_YieldFrom +| 32 = @py_TemplateDottedNotation +| 33 = @py_Filter +| 34 = @py_PlaceHolder +| 35 = @py_Await +| 36 = @py_Fstring +| 37 = @py_FormattedValue +| 38 = @py_AssignExpr +| 39 = @py_SpecialOperation; + +case @py_expr_context.kind of + 0 = @py_AugLoad +| 1 = @py_AugStore +| 2 = @py_Del +| 3 = @py_Load +| 4 = @py_Param +| 5 = @py_Store; + +case @py_operator.kind of + 0 = @py_Add +| 1 = @py_BitAnd +| 2 = @py_BitOr +| 3 = @py_BitXor +| 4 = @py_Div +| 5 = @py_FloorDiv +| 6 = @py_LShift +| 7 = @py_Mod +| 8 = @py_Mult +| 9 = @py_Pow +| 10 = @py_RShift +| 11 = @py_Sub +| 12 = @py_MatMult; + +case @py_pattern.kind of + 0 = @py_MatchAsPattern +| 1 = @py_MatchOrPattern +| 2 = @py_MatchLiteralPattern +| 3 = @py_MatchCapturePattern +| 4 = @py_MatchWildcardPattern +| 5 = @py_MatchValuePattern +| 6 = @py_MatchSequencePattern +| 7 = @py_MatchStarPattern +| 8 = @py_MatchMappingPattern +| 9 = @py_MatchDoubleStarPattern +| 10 = @py_MatchKeyValuePattern +| 11 = @py_MatchClassPattern +| 12 = @py_MatchKeywordPattern; + +case @py_stmt.kind of + 0 = @py_Assert +| 1 = @py_Assign +| 2 = @py_AugAssign +| 3 = @py_Break +| 4 = @py_Continue +| 5 = @py_Delete +| 6 = @py_ExceptStmt +| 7 = @py_ExceptGroupStmt +| 8 = @py_Exec +| 9 = @py_Expr_stmt +| 10 = @py_For +| 11 = @py_Global +| 12 = @py_If +| 13 = @py_Import +| 14 = @py_ImportStar +| 15 = @py_MatchStmt +| 16 = @py_Case +| 17 = @py_Nonlocal +| 18 = @py_Pass +| 19 = @py_Print +| 20 = @py_Raise +| 21 = @py_Return +| 22 = @py_Try +| 23 = @py_While +| 24 = @py_With +| 25 = @py_TemplateWrite +| 26 = @py_AnnAssign; + +case @py_unaryop.kind of + 0 = @py_Invert +| 1 = @py_Not +| 2 = @py_UAdd +| 3 = @py_USub; + +@py_Bytes_or_Str = @py_Bytes | @py_Str; + +@py_Function_parent = @py_DictComp | @py_FunctionExpr | @py_GeneratorExp | @py_Lambda | @py_ListComp | @py_SetComp; + +@py_arguments_parent = @py_FunctionExpr | @py_Lambda; + +@py_ast_node = @py_Class | @py_Function | @py_Module | @py_StringPart | @py_comprehension | @py_dict_item | @py_expr | @py_pattern | @py_stmt; + +@py_bool_parent = @py_For | @py_Function | @py_Print | @py_With | @py_expr | @py_pattern; + +@py_dict_item_list_parent = @py_Call | @py_ClassExpr | @py_Dict; + +@py_expr_context_parent = @py_Attribute | @py_List | @py_Name | @py_PlaceHolder | @py_Starred | @py_Subscript | @py_TemplateDottedNotation | @py_Tuple; + +@py_expr_list_parent = @py_Assign | @py_BoolExpr | @py_Call | @py_ClassExpr | @py_Compare | @py_Delete | @py_Fstring | @py_Function | @py_List | @py_Print | @py_Set | @py_SpecialOperation | @py_Tuple | @py_arguments | @py_comprehension; + +@py_expr_or_stmt = @py_expr | @py_stmt; + +@py_expr_parent = @py_AnnAssign | @py_Assert | @py_Assign | @py_AssignExpr | @py_Attribute | @py_AugAssign | @py_Await | @py_BinaryExpr | @py_Call | @py_Case | @py_Compare | @py_DictComp | @py_DictUnpacking | @py_ExceptGroupStmt | @py_ExceptStmt | @py_Exec | @py_Expr_stmt | @py_Filter | @py_For | @py_FormattedValue | @py_Function | @py_FunctionExpr | @py_GeneratorExp | @py_Guard | @py_If | @py_IfExp | @py_ImportMember | @py_ImportStar | @py_KeyValuePair | @py_ListComp | @py_MatchAsPattern | @py_MatchCapturePattern | @py_MatchClassPattern | @py_MatchKeywordPattern | @py_MatchLiteralPattern | @py_MatchStmt | @py_MatchValuePattern | @py_Print | @py_Raise | @py_Repr | @py_Return | @py_SetComp | @py_Slice | @py_Starred | @py_Subscript | @py_TemplateDottedNotation | @py_TemplateWrite | @py_UnaryExpr | @py_While | @py_With | @py_Yield | @py_YieldFrom | @py_alias | @py_arguments | @py_comprehension | @py_expr_list | @py_keyword | @py_parameter_list; + +@py_location_parent = @py_DictUnpacking | @py_KeyValuePair | @py_StringPart | @py_comprehension | @py_expr | @py_keyword | @py_pattern | @py_stmt; + +@py_parameter = @py_Name | @py_Tuple; + +@py_pattern_list_parent = @py_MatchClassPattern | @py_MatchMappingPattern | @py_MatchOrPattern | @py_MatchSequencePattern; + +@py_pattern_parent = @py_Case | @py_MatchAsPattern | @py_MatchDoubleStarPattern | @py_MatchKeyValuePattern | @py_MatchKeywordPattern | @py_MatchStarPattern | @py_pattern_list; + +@py_scope = @py_Class | @py_Function | @py_Module; + +@py_stmt_list_parent = @py_Case | @py_Class | @py_ExceptGroupStmt | @py_ExceptStmt | @py_For | @py_Function | @py_If | @py_MatchStmt | @py_Module | @py_Try | @py_While | @py_With; + +@py_str_list_parent = @py_Global | @py_Nonlocal; + +@py_str_parent = @py_Attribute | @py_Class | @py_ClassExpr | @py_FormattedValue | @py_Function | @py_FunctionExpr | @py_ImportExpr | @py_ImportMember | @py_Module | @py_SpecialOperation | @py_Str | @py_StringPart | @py_TemplateDottedNotation | @py_keyword | @py_str_list; + +@py_variable_parent = @py_Name | @py_PlaceHolder; + + +/* + * End of auto-generated part + */ + + + +/* Map relative names to absolute names for imports */ +py_absolute_names(int module : @py_Module ref, + varchar(1) relname : string ref, + varchar(1) absname : string ref); + +py_exports(int id : @py_Module ref, + varchar(1) name : string ref); + +/* Successor information */ +py_successors(int predecessor : @py_flow_node ref, + int successor : @py_flow_node ref); + +py_true_successors(int predecessor : @py_flow_node ref, + int successor : @py_flow_node ref); + +py_exception_successors(int predecessor : @py_flow_node ref, + int successor : @py_flow_node ref); + +py_false_successors(int predecessor : @py_flow_node ref, + int successor : @py_flow_node ref); + +py_flow_bb_node(unique int flownode : @py_flow_node, + int realnode : @py_ast_node ref, + int basicblock : @py_flow_node ref, + int index : int ref); + +py_scope_flow(int flow : @py_flow_node ref, + int scope : @py_scope ref, + int kind : int ref); + +py_idoms(unique int node : @py_flow_node ref, + int immediate_dominator : @py_flow_node ref); + +py_ssa_phi(int phi : @py_ssa_var ref, + int arg: @py_ssa_var ref); + +py_ssa_var(unique int id : @py_ssa_var, + int var : @py_variable ref); + +py_ssa_use(int node: @py_flow_node ref, + int var : @py_ssa_var ref); + +py_ssa_defn(unique int id : @py_ssa_var ref, + int node: @py_flow_node ref); + +@py_base_var = @py_variable | @py_ssa_var; + +py_scopes(unique int node : @py_expr_or_stmt ref, + int scope : @py_scope ref); + +py_scope_location(unique int id : @location ref, + unique int scope : @py_scope ref); + +py_flags_versioned(varchar(1) name : string ref, + varchar(1) value : string ref, + varchar(1) version : string ref); + +py_syntax_error_versioned(unique int id : @location ref, + varchar(1) message : string ref, + varchar(1) version : string ref); + +py_comments(unique int id : @py_comment, + varchar(1) text : string ref, + unique int location : @location ref); + +/* Type information support */ + +py_cobjects(unique int obj : @py_cobject); + +py_cobjecttypes(unique int obj : @py_cobject ref, + int typeof : @py_cobject ref); + +py_cobjectnames(unique int obj : @py_cobject ref, + varchar(1) name : string ref); + +/* Kind should be 0 for introspection, > 0 from source, as follows: + 1 from C extension source + */ +py_cobject_sources(int obj : @py_cobject ref, + int kind : int ref); + +py_cmembers_versioned(int object : @py_cobject ref, + varchar(1) name : string ref, + int member : @py_cobject ref, + varchar(1) version : string ref); + +py_citems(int object : @py_cobject ref, + int index : int ref, + int member : @py_cobject ref); + +ext_argtype(int funcid : @py_object ref, + int arg : int ref, + int typeid : @py_object ref); + +ext_rettype(int funcid : @py_object ref, + int typeid : @py_object ref); + +ext_proptype(int propid : @py_object ref, + int typeid : @py_object ref); + +ext_argreturn(int funcid : @py_object ref, + int arg : int ref); + +py_special_objects(unique int obj : @py_cobject ref, + unique varchar(1) name : string ref); + +py_decorated_object(int object : @py_object ref, + int level: int ref); + +@py_object = @py_cobject | @py_flow_node; + +@py_source_element = @py_ast_node | @container; + +/* XML Files */ + +xmlEncoding (unique int id: @file ref, varchar(900) encoding: string ref); + +xmlDTDs (unique int id: @xmldtd, + varchar(900) root: string ref, + varchar(900) publicId: string ref, + varchar(900) systemId: string ref, + int fileid: @file ref); + +xmlElements (unique int id: @xmlelement, + varchar(900) name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref); + +xmlAttrs (unique int id: @xmlattribute, + int elementid: @xmlelement ref, + varchar(900) name: string ref, + varchar(3600) value: string ref, + int idx: int ref, + int fileid: @file ref); + +xmlNs (int id: @xmlnamespace, + varchar(900) prefixName: string ref, + varchar(900) URI: string ref, + int fileid: @file ref); + +xmlHasNs (int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref); + +xmlComments (unique int id: @xmlcomment, + varchar(3600) text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref); + +xmlChars (unique int id: @xmlcharacters, + varchar(3600) text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations(int xmlElement: @xmllocatable ref, + int location: @location_default ref); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/** + * YAML + */ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + varchar(900) tag: string ref, + varchar(900) tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + varchar(900) anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + varchar(900) target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + varchar(900) value: string ref); + +yaml_errors (unique int id: @yaml_error, + varchar(900) message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; diff --git a/python/ql/lib/upgrades/0355ecf0ac589e66467a378e0e9d60f41ee4a757/semmlecode.python.dbscheme b/python/ql/lib/upgrades/0355ecf0ac589e66467a378e0e9d60f41ee4a757/semmlecode.python.dbscheme new file mode 100644 index 00000000000..0565f746643 --- /dev/null +++ b/python/ql/lib/upgrades/0355ecf0ac589e66467a378e0e9d60f41ee4a757/semmlecode.python.dbscheme @@ -0,0 +1,1196 @@ +/* + * This dbscheme is auto-generated by 'semmle/dbscheme_gen.py'. + * WARNING: Any modifications to this file will be lost. + * Relations can be changed by modifying master.py or + * by adding rules to dbscheme.template + */ + +/* This is a dummy line to alter the dbscheme, so we can make a database upgrade + * without actually changing any of the dbscheme predicates. It contains a date + * to allow for such updates in the future as well. + * + * 2020-07-02 + * + * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a + * previously seen state (matching a previously seen SHA), which would make the upgrade + * mechanism not work properly. + */ + +/*- DEPRECATED: External defects and metrics -*/ + +externalDefects( + unique int id : @externalDefect, + varchar(900) queryPath : string ref, + int location : @location ref, + varchar(900) message : string ref, + float severity : float ref +); + +externalMetrics( + unique int id : @externalMetric, + varchar(900) queryPath : string ref, + int location : @location ref, + float value : float ref +); + +/*- External data -*/ + +/** + * External data, loaded from CSV files during snapshot creation. See + * [Tutorial: Incorporating external data](https://help.semmle.com/wiki/display/SD/Tutorial%3A+Incorporating+external+data) + * for more information. + */ +externalData( + int id : @externalDataElement, + string path : string ref, + int column: int ref, + string value : string ref +); + +/*- DEPRECATED: Snapshot date -*/ + +snapshotDate(unique date snapshotDate : date ref); + +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- DEPRECATED: Duplicate code -*/ + +duplicateCode( + unique int id : @duplication, + string relativePath : string ref, + int equivClass : int ref +); + +similarCode( + unique int id : @similarity, + string relativePath : string ref, + int equivClass : int ref +); + +@duplication_or_similarity = @duplication | @similarity + +tokens( + int id : @duplication_or_similarity ref, + int offset : int ref, + int beginLine : int ref, + int beginColumn : int ref, + int endLine : int ref, + int endColumn : int ref +); + +/*- DEPRECATED: Version control data -*/ + +svnentries( + unique int id : @svnentry, + string revision : string ref, + string author : string ref, + date revisionDate : date ref, + int changeSize : int ref +) + +svnaffectedfiles( + int id : @svnentry ref, + int file : @file ref, + string action : string ref +) + +svnentrymsg( + unique int id : @svnentry ref, + string message : string ref +) + +svnchurn( + int commit : @svnentry ref, + int file : @file ref, + int addedLines : int ref, + int deletedLines : int ref +) + +/*- Lines of code -*/ + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref +); + +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- XML Files -*/ + +xmlEncoding( + unique int id: @file ref, + string encoding: string ref +); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref +); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref +); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref +); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref +); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref +); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref +); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref +); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref +); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/*- YAML -*/ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + string tag: string ref, + string tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + string anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + string target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + string value: string ref); + +yaml_errors (unique int id: @yaml_error, + string message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + +/*- Python dbscheme -*/ + +/* + * Line metrics + */ +py_codelines(int id : @py_scope ref, + int count : int ref); + +py_commentlines(int id : @py_scope ref, + int count : int ref); + +py_docstringlines(int id : @py_scope ref, + int count : int ref); + +py_alllines(int id : @py_scope ref, + int count : int ref); + +/**************************** + Python dbscheme +****************************/ + +@sourceline = @file | @py_Module | @xmllocatable; + +@location = @location_ast | @location_default ; + +locations_ast(unique int id: @location_ast, + int module: @py_Module ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +file_contents(unique int file: @file ref, string contents: string ref); + +py_module_path(int module: @py_Module ref, int file: @container ref); + +variable(unique int id : @py_variable, + int scope : @py_scope ref, + varchar(1) name : string ref); + +py_line_lengths(unique int id : @py_line, + int file: @py_Module ref, + int line : int ref, + int length : int ref); + +py_extracted_version(int module : @py_Module ref, + varchar(1) version : string ref); + +/* AUTO GENERATED PART STARTS HERE */ + + +/* AnnAssign.location = 0, location */ +/* AnnAssign.value = 1, expr */ +/* AnnAssign.annotation = 2, expr */ +/* AnnAssign.target = 3, expr */ + +/* Assert.location = 0, location */ +/* Assert.test = 1, expr */ +/* Assert.msg = 2, expr */ + +/* Assign.location = 0, location */ +/* Assign.value = 1, expr */ +/* Assign.targets = 2, expr_list */ + +/* AssignExpr.location = 0, location */ +/* AssignExpr.parenthesised = 1, bool */ +/* AssignExpr.value = 2, expr */ +/* AssignExpr.target = 3, expr */ + +/* Attribute.location = 0, location */ +/* Attribute.parenthesised = 1, bool */ +/* Attribute.value = 2, expr */ +/* Attribute.attr = 3, str */ +/* Attribute.ctx = 4, expr_context */ + +/* AugAssign.location = 0, location */ +/* AugAssign.operation = 1, BinOp */ + +/* Await.location = 0, location */ +/* Await.parenthesised = 1, bool */ +/* Await.value = 2, expr */ + +/* BinaryExpr.location = 0, location */ +/* BinaryExpr.parenthesised = 1, bool */ +/* BinaryExpr.left = 2, expr */ +/* BinaryExpr.op = 3, operator */ +/* BinaryExpr.right = 4, expr */ +/* BinaryExpr = AugAssign */ + +/* BoolExpr.location = 0, location */ +/* BoolExpr.parenthesised = 1, bool */ +/* BoolExpr.op = 2, boolop */ +/* BoolExpr.values = 3, expr_list */ + +/* Break.location = 0, location */ + +/* Bytes.location = 0, location */ +/* Bytes.parenthesised = 1, bool */ +/* Bytes.s = 2, bytes */ +/* Bytes.prefix = 3, bytes */ +/* Bytes.implicitly_concatenated_parts = 4, StringPart_list */ + +/* Call.location = 0, location */ +/* Call.parenthesised = 1, bool */ +/* Call.func = 2, expr */ +/* Call.positional_args = 3, expr_list */ +/* Call.named_args = 4, dict_item_list */ + +/* Case.location = 0, location */ +/* Case.pattern = 1, pattern */ +/* Case.guard = 2, expr */ +/* Case.body = 3, stmt_list */ + +/* Class.name = 0, str */ +/* Class.body = 1, stmt_list */ +/* Class = ClassExpr */ + +/* ClassExpr.location = 0, location */ +/* ClassExpr.parenthesised = 1, bool */ +/* ClassExpr.name = 2, str */ +/* ClassExpr.bases = 3, expr_list */ +/* ClassExpr.keywords = 4, dict_item_list */ +/* ClassExpr.inner_scope = 5, Class */ + +/* Compare.location = 0, location */ +/* Compare.parenthesised = 1, bool */ +/* Compare.left = 2, expr */ +/* Compare.ops = 3, cmpop_list */ +/* Compare.comparators = 4, expr_list */ + +/* Continue.location = 0, location */ + +/* Delete.location = 0, location */ +/* Delete.targets = 1, expr_list */ + +/* Dict.location = 0, location */ +/* Dict.parenthesised = 1, bool */ +/* Dict.items = 2, dict_item_list */ + +/* DictComp.location = 0, location */ +/* DictComp.parenthesised = 1, bool */ +/* DictComp.function = 2, Function */ +/* DictComp.iterable = 3, expr */ + +/* DictUnpacking.location = 0, location */ +/* DictUnpacking.value = 1, expr */ + +/* Ellipsis.location = 0, location */ +/* Ellipsis.parenthesised = 1, bool */ + +/* ExceptGroupStmt.location = 0, location */ +/* ExceptGroupStmt.type = 1, expr */ +/* ExceptGroupStmt.name = 2, expr */ +/* ExceptGroupStmt.body = 3, stmt_list */ + +/* ExceptStmt.location = 0, location */ +/* ExceptStmt.type = 1, expr */ +/* ExceptStmt.name = 2, expr */ +/* ExceptStmt.body = 3, stmt_list */ + +/* Exec.location = 0, location */ +/* Exec.body = 1, expr */ +/* Exec.globals = 2, expr */ +/* Exec.locals = 3, expr */ + +/* ExprStmt.location = 0, location */ +/* ExprStmt.value = 1, expr */ + +/* Filter.location = 0, location */ +/* Filter.parenthesised = 1, bool */ +/* Filter.value = 2, expr */ +/* Filter.filter = 3, expr */ + +/* For.location = 0, location */ +/* For.target = 1, expr */ +/* For.iter = 2, expr */ +/* For.body = 3, stmt_list */ +/* For.orelse = 4, stmt_list */ +/* For.is_async = 5, bool */ + +/* FormattedValue.location = 0, location */ +/* FormattedValue.parenthesised = 1, bool */ +/* FormattedValue.value = 2, expr */ +/* FormattedValue.conversion = 3, str */ +/* FormattedValue.format_spec = 4, JoinedStr */ + +/* Function.name = 0, str */ +/* Function.args = 1, parameter_list */ +/* Function.vararg = 2, expr */ +/* Function.kwonlyargs = 3, expr_list */ +/* Function.kwarg = 4, expr */ +/* Function.body = 5, stmt_list */ +/* Function.is_async = 6, bool */ +/* Function = FunctionParent */ + +/* FunctionExpr.location = 0, location */ +/* FunctionExpr.parenthesised = 1, bool */ +/* FunctionExpr.name = 2, str */ +/* FunctionExpr.args = 3, arguments */ +/* FunctionExpr.returns = 4, expr */ +/* FunctionExpr.inner_scope = 5, Function */ + +/* GeneratorExp.location = 0, location */ +/* GeneratorExp.parenthesised = 1, bool */ +/* GeneratorExp.function = 2, Function */ +/* GeneratorExp.iterable = 3, expr */ + +/* Global.location = 0, location */ +/* Global.names = 1, str_list */ + +/* Guard.location = 0, location */ +/* Guard.parenthesised = 1, bool */ +/* Guard.test = 2, expr */ + +/* If.location = 0, location */ +/* If.test = 1, expr */ +/* If.body = 2, stmt_list */ +/* If.orelse = 3, stmt_list */ + +/* IfExp.location = 0, location */ +/* IfExp.parenthesised = 1, bool */ +/* IfExp.test = 2, expr */ +/* IfExp.body = 3, expr */ +/* IfExp.orelse = 4, expr */ + +/* Import.location = 0, location */ +/* Import.names = 1, alias_list */ + +/* ImportExpr.location = 0, location */ +/* ImportExpr.parenthesised = 1, bool */ +/* ImportExpr.level = 2, int */ +/* ImportExpr.name = 3, str */ +/* ImportExpr.top = 4, bool */ + +/* ImportStar.location = 0, location */ +/* ImportStar.module = 1, expr */ + +/* ImportMember.location = 0, location */ +/* ImportMember.parenthesised = 1, bool */ +/* ImportMember.module = 2, expr */ +/* ImportMember.name = 3, str */ + +/* Fstring.location = 0, location */ +/* Fstring.parenthesised = 1, bool */ +/* Fstring.values = 2, expr_list */ +/* Fstring = FormattedValue */ + +/* KeyValuePair.location = 0, location */ +/* KeyValuePair.value = 1, expr */ +/* KeyValuePair.key = 2, expr */ + +/* Lambda.location = 0, location */ +/* Lambda.parenthesised = 1, bool */ +/* Lambda.args = 2, arguments */ +/* Lambda.inner_scope = 3, Function */ + +/* List.location = 0, location */ +/* List.parenthesised = 1, bool */ +/* List.elts = 2, expr_list */ +/* List.ctx = 3, expr_context */ + +/* ListComp.location = 0, location */ +/* ListComp.parenthesised = 1, bool */ +/* ListComp.function = 2, Function */ +/* ListComp.iterable = 3, expr */ +/* ListComp.generators = 4, comprehension_list */ +/* ListComp.elt = 5, expr */ + +/* MatchStmt.location = 0, location */ +/* MatchStmt.subject = 1, expr */ +/* MatchStmt.cases = 2, stmt_list */ + +/* MatchAsPattern.location = 0, location */ +/* MatchAsPattern.parenthesised = 1, bool */ +/* MatchAsPattern.pattern = 2, pattern */ +/* MatchAsPattern.alias = 3, expr */ + +/* MatchCapturePattern.location = 0, location */ +/* MatchCapturePattern.parenthesised = 1, bool */ +/* MatchCapturePattern.variable = 2, expr */ + +/* MatchClassPattern.location = 0, location */ +/* MatchClassPattern.parenthesised = 1, bool */ +/* MatchClassPattern.class = 2, expr */ +/* MatchClassPattern.class_name = 3, expr */ +/* MatchClassPattern.positional = 4, pattern_list */ +/* MatchClassPattern.keyword = 5, pattern_list */ + +/* MatchDoubleStarPattern.location = 0, location */ +/* MatchDoubleStarPattern.parenthesised = 1, bool */ +/* MatchDoubleStarPattern.target = 2, pattern */ + +/* MatchKeyValuePattern.location = 0, location */ +/* MatchKeyValuePattern.parenthesised = 1, bool */ +/* MatchKeyValuePattern.key = 2, pattern */ +/* MatchKeyValuePattern.value = 3, pattern */ + +/* MatchKeywordPattern.location = 0, location */ +/* MatchKeywordPattern.parenthesised = 1, bool */ +/* MatchKeywordPattern.attribute = 2, expr */ +/* MatchKeywordPattern.value = 3, pattern */ + +/* MatchLiteralPattern.location = 0, location */ +/* MatchLiteralPattern.parenthesised = 1, bool */ +/* MatchLiteralPattern.literal = 2, expr */ + +/* MatchMappingPattern.location = 0, location */ +/* MatchMappingPattern.parenthesised = 1, bool */ +/* MatchMappingPattern.mappings = 2, pattern_list */ + +/* MatchOrPattern.location = 0, location */ +/* MatchOrPattern.parenthesised = 1, bool */ +/* MatchOrPattern.patterns = 2, pattern_list */ + +/* MatchSequencePattern.location = 0, location */ +/* MatchSequencePattern.parenthesised = 1, bool */ +/* MatchSequencePattern.patterns = 2, pattern_list */ + +/* MatchStarPattern.location = 0, location */ +/* MatchStarPattern.parenthesised = 1, bool */ +/* MatchStarPattern.target = 2, pattern */ + +/* MatchValuePattern.location = 0, location */ +/* MatchValuePattern.parenthesised = 1, bool */ +/* MatchValuePattern.value = 2, expr */ + +/* MatchWildcardPattern.location = 0, location */ +/* MatchWildcardPattern.parenthesised = 1, bool */ + +/* Module.name = 0, str */ +/* Module.hash = 1, str */ +/* Module.body = 2, stmt_list */ +/* Module.kind = 3, str */ + +/* Name.location = 0, location */ +/* Name.parenthesised = 1, bool */ +/* Name.variable = 2, variable */ +/* Name.ctx = 3, expr_context */ +/* Name = ParameterList */ + +/* Nonlocal.location = 0, location */ +/* Nonlocal.names = 1, str_list */ + +/* Num.location = 0, location */ +/* Num.parenthesised = 1, bool */ +/* Num.n = 2, number */ +/* Num.text = 3, number */ + +/* Pass.location = 0, location */ + +/* PlaceHolder.location = 0, location */ +/* PlaceHolder.parenthesised = 1, bool */ +/* PlaceHolder.variable = 2, variable */ +/* PlaceHolder.ctx = 3, expr_context */ + +/* Print.location = 0, location */ +/* Print.dest = 1, expr */ +/* Print.values = 2, expr_list */ +/* Print.nl = 3, bool */ + +/* Raise.location = 0, location */ +/* Raise.exc = 1, expr */ +/* Raise.cause = 2, expr */ +/* Raise.type = 3, expr */ +/* Raise.inst = 4, expr */ +/* Raise.tback = 5, expr */ + +/* Repr.location = 0, location */ +/* Repr.parenthesised = 1, bool */ +/* Repr.value = 2, expr */ + +/* Return.location = 0, location */ +/* Return.value = 1, expr */ + +/* Set.location = 0, location */ +/* Set.parenthesised = 1, bool */ +/* Set.elts = 2, expr_list */ + +/* SetComp.location = 0, location */ +/* SetComp.parenthesised = 1, bool */ +/* SetComp.function = 2, Function */ +/* SetComp.iterable = 3, expr */ + +/* Slice.location = 0, location */ +/* Slice.parenthesised = 1, bool */ +/* Slice.start = 2, expr */ +/* Slice.stop = 3, expr */ +/* Slice.step = 4, expr */ + +/* SpecialOperation.location = 0, location */ +/* SpecialOperation.parenthesised = 1, bool */ +/* SpecialOperation.name = 2, str */ +/* SpecialOperation.arguments = 3, expr_list */ + +/* Starred.location = 0, location */ +/* Starred.parenthesised = 1, bool */ +/* Starred.value = 2, expr */ +/* Starred.ctx = 3, expr_context */ + +/* Str.location = 0, location */ +/* Str.parenthesised = 1, bool */ +/* Str.s = 2, str */ +/* Str.prefix = 3, str */ +/* Str.implicitly_concatenated_parts = 4, StringPart_list */ + +/* StringPart.text = 0, str */ +/* StringPart.location = 1, location */ +/* StringPart = StringPartList */ +/* StringPartList = BytesOrStr */ + +/* Subscript.location = 0, location */ +/* Subscript.parenthesised = 1, bool */ +/* Subscript.value = 2, expr */ +/* Subscript.index = 3, expr */ +/* Subscript.ctx = 4, expr_context */ + +/* TemplateDottedNotation.location = 0, location */ +/* TemplateDottedNotation.parenthesised = 1, bool */ +/* TemplateDottedNotation.value = 2, expr */ +/* TemplateDottedNotation.attr = 3, str */ +/* TemplateDottedNotation.ctx = 4, expr_context */ + +/* TemplateWrite.location = 0, location */ +/* TemplateWrite.value = 1, expr */ + +/* Try.location = 0, location */ +/* Try.body = 1, stmt_list */ +/* Try.orelse = 2, stmt_list */ +/* Try.handlers = 3, stmt_list */ +/* Try.finalbody = 4, stmt_list */ + +/* Tuple.location = 0, location */ +/* Tuple.parenthesised = 1, bool */ +/* Tuple.elts = 2, expr_list */ +/* Tuple.ctx = 3, expr_context */ +/* Tuple = ParameterList */ + +/* UnaryExpr.location = 0, location */ +/* UnaryExpr.parenthesised = 1, bool */ +/* UnaryExpr.op = 2, unaryop */ +/* UnaryExpr.operand = 3, expr */ + +/* While.location = 0, location */ +/* While.test = 1, expr */ +/* While.body = 2, stmt_list */ +/* While.orelse = 3, stmt_list */ + +/* With.location = 0, location */ +/* With.context_expr = 1, expr */ +/* With.optional_vars = 2, expr */ +/* With.body = 3, stmt_list */ +/* With.is_async = 4, bool */ + +/* Yield.location = 0, location */ +/* Yield.parenthesised = 1, bool */ +/* Yield.value = 2, expr */ + +/* YieldFrom.location = 0, location */ +/* YieldFrom.parenthesised = 1, bool */ +/* YieldFrom.value = 2, expr */ + +/* Alias.value = 0, expr */ +/* Alias.asname = 1, expr */ +/* Alias = AliasList */ +/* AliasList = Import */ + +/* Arguments.kw_defaults = 0, expr_list */ +/* Arguments.defaults = 1, expr_list */ +/* Arguments.annotations = 2, expr_list */ +/* Arguments.varargannotation = 3, expr */ +/* Arguments.kwargannotation = 4, expr */ +/* Arguments.kw_annotations = 5, expr_list */ +/* Arguments = ArgumentsParent */ +/* boolean = BoolParent */ +/* Boolop = BoolExpr */ +/* string = Bytes */ +/* Cmpop = CmpopList */ +/* CmpopList = Compare */ + +/* Comprehension.location = 0, location */ +/* Comprehension.iter = 1, expr */ +/* Comprehension.target = 2, expr */ +/* Comprehension.ifs = 3, expr_list */ +/* Comprehension = ComprehensionList */ +/* ComprehensionList = ListComp */ +/* DictItem = DictItemList */ +/* DictItemList = DictItemListParent */ + +/* Expr.location = 0, location */ +/* Expr.parenthesised = 1, bool */ +/* Expr = ExprParent */ +/* ExprContext = ExprContextParent */ +/* ExprList = ExprListParent */ +/* int = ImportExpr */ + +/* Keyword.location = 0, location */ +/* Keyword.value = 1, expr */ +/* Keyword.arg = 2, str */ +/* Location = LocationParent */ +/* string = Num */ +/* Operator = BinaryExpr */ +/* ParameterList = Function */ + +/* Pattern.location = 0, location */ +/* Pattern.parenthesised = 1, bool */ +/* Pattern = PatternParent */ +/* PatternList = PatternListParent */ + +/* Stmt.location = 0, location */ +/* Stmt = StmtList */ +/* StmtList = StmtListParent */ +/* string = StrParent */ +/* StringList = StrListParent */ +/* Unaryop = UnaryExpr */ +/* Variable = VariableParent */ +py_Classes(unique int id : @py_Class, + unique int parent : @py_ClassExpr ref); + +py_Functions(unique int id : @py_Function, + unique int parent : @py_Function_parent ref); + +py_Modules(unique int id : @py_Module); + +py_StringParts(unique int id : @py_StringPart, + int parent : @py_StringPart_list ref, + int idx : int ref); + +py_StringPart_lists(unique int id : @py_StringPart_list, + unique int parent : @py_Bytes_or_Str ref); + +py_aliases(unique int id : @py_alias, + int parent : @py_alias_list ref, + int idx : int ref); + +py_alias_lists(unique int id : @py_alias_list, + unique int parent : @py_Import ref); + +py_arguments(unique int id : @py_arguments, + unique int parent : @py_arguments_parent ref); + +py_bools(int parent : @py_bool_parent ref, + int idx : int ref); + +py_boolops(unique int id : @py_boolop, + int kind: int ref, + unique int parent : @py_BoolExpr ref); + +py_bytes(varchar(1) id : string ref, + int parent : @py_Bytes ref, + int idx : int ref); + +py_cmpops(unique int id : @py_cmpop, + int kind: int ref, + int parent : @py_cmpop_list ref, + int idx : int ref); + +py_cmpop_lists(unique int id : @py_cmpop_list, + unique int parent : @py_Compare ref); + +py_comprehensions(unique int id : @py_comprehension, + int parent : @py_comprehension_list ref, + int idx : int ref); + +py_comprehension_lists(unique int id : @py_comprehension_list, + unique int parent : @py_ListComp ref); + +py_dict_items(unique int id : @py_dict_item, + int kind: int ref, + int parent : @py_dict_item_list ref, + int idx : int ref); + +py_dict_item_lists(unique int id : @py_dict_item_list, + unique int parent : @py_dict_item_list_parent ref); + +py_exprs(unique int id : @py_expr, + int kind: int ref, + int parent : @py_expr_parent ref, + int idx : int ref); + +py_expr_contexts(unique int id : @py_expr_context, + int kind: int ref, + unique int parent : @py_expr_context_parent ref); + +py_expr_lists(unique int id : @py_expr_list, + int parent : @py_expr_list_parent ref, + int idx : int ref); + +py_ints(int id : int ref, + unique int parent : @py_ImportExpr ref); + +py_locations(unique int id : @location ref, + unique int parent : @py_location_parent ref); + +py_numbers(varchar(1) id : string ref, + int parent : @py_Num ref, + int idx : int ref); + +py_operators(unique int id : @py_operator, + int kind: int ref, + unique int parent : @py_BinaryExpr ref); + +py_parameter_lists(unique int id : @py_parameter_list, + unique int parent : @py_Function ref); + +py_patterns(unique int id : @py_pattern, + int kind: int ref, + int parent : @py_pattern_parent ref, + int idx : int ref); + +py_pattern_lists(unique int id : @py_pattern_list, + int parent : @py_pattern_list_parent ref, + int idx : int ref); + +py_stmts(unique int id : @py_stmt, + int kind: int ref, + int parent : @py_stmt_list ref, + int idx : int ref); + +py_stmt_lists(unique int id : @py_stmt_list, + int parent : @py_stmt_list_parent ref, + int idx : int ref); + +py_strs(varchar(1) id : string ref, + int parent : @py_str_parent ref, + int idx : int ref); + +py_str_lists(unique int id : @py_str_list, + unique int parent : @py_str_list_parent ref); + +py_unaryops(unique int id : @py_unaryop, + int kind: int ref, + unique int parent : @py_UnaryExpr ref); + +py_variables(int id : @py_variable ref, + unique int parent : @py_variable_parent ref); + +case @py_boolop.kind of + 0 = @py_And +| 1 = @py_Or; + +case @py_cmpop.kind of + 0 = @py_Eq +| 1 = @py_Gt +| 2 = @py_GtE +| 3 = @py_In +| 4 = @py_Is +| 5 = @py_IsNot +| 6 = @py_Lt +| 7 = @py_LtE +| 8 = @py_NotEq +| 9 = @py_NotIn; + +case @py_dict_item.kind of + 0 = @py_DictUnpacking +| 1 = @py_KeyValuePair +| 2 = @py_keyword; + +case @py_expr.kind of + 0 = @py_Attribute +| 1 = @py_BinaryExpr +| 2 = @py_BoolExpr +| 3 = @py_Bytes +| 4 = @py_Call +| 5 = @py_ClassExpr +| 6 = @py_Compare +| 7 = @py_Dict +| 8 = @py_DictComp +| 9 = @py_Ellipsis +| 10 = @py_FunctionExpr +| 11 = @py_GeneratorExp +| 12 = @py_IfExp +| 13 = @py_ImportExpr +| 14 = @py_ImportMember +| 15 = @py_Lambda +| 16 = @py_List +| 17 = @py_ListComp +| 18 = @py_Guard +| 19 = @py_Name +| 20 = @py_Num +| 21 = @py_Repr +| 22 = @py_Set +| 23 = @py_SetComp +| 24 = @py_Slice +| 25 = @py_Starred +| 26 = @py_Str +| 27 = @py_Subscript +| 28 = @py_Tuple +| 29 = @py_UnaryExpr +| 30 = @py_Yield +| 31 = @py_YieldFrom +| 32 = @py_TemplateDottedNotation +| 33 = @py_Filter +| 34 = @py_PlaceHolder +| 35 = @py_Await +| 36 = @py_Fstring +| 37 = @py_FormattedValue +| 38 = @py_AssignExpr +| 39 = @py_SpecialOperation; + +case @py_expr_context.kind of + 0 = @py_AugLoad +| 1 = @py_AugStore +| 2 = @py_Del +| 3 = @py_Load +| 4 = @py_Param +| 5 = @py_Store; + +case @py_operator.kind of + 0 = @py_Add +| 1 = @py_BitAnd +| 2 = @py_BitOr +| 3 = @py_BitXor +| 4 = @py_Div +| 5 = @py_FloorDiv +| 6 = @py_LShift +| 7 = @py_Mod +| 8 = @py_Mult +| 9 = @py_Pow +| 10 = @py_RShift +| 11 = @py_Sub +| 12 = @py_MatMult; + +case @py_pattern.kind of + 0 = @py_MatchAsPattern +| 1 = @py_MatchOrPattern +| 2 = @py_MatchLiteralPattern +| 3 = @py_MatchCapturePattern +| 4 = @py_MatchWildcardPattern +| 5 = @py_MatchValuePattern +| 6 = @py_MatchSequencePattern +| 7 = @py_MatchStarPattern +| 8 = @py_MatchMappingPattern +| 9 = @py_MatchDoubleStarPattern +| 10 = @py_MatchKeyValuePattern +| 11 = @py_MatchClassPattern +| 12 = @py_MatchKeywordPattern; + +case @py_stmt.kind of + 0 = @py_Assert +| 1 = @py_Assign +| 2 = @py_AugAssign +| 3 = @py_Break +| 4 = @py_Continue +| 5 = @py_Delete +| 6 = @py_ExceptStmt +| 7 = @py_ExceptGroupStmt +| 8 = @py_Exec +| 9 = @py_Expr_stmt +| 10 = @py_For +| 11 = @py_Global +| 12 = @py_If +| 13 = @py_Import +| 14 = @py_ImportStar +| 15 = @py_MatchStmt +| 16 = @py_Case +| 17 = @py_Nonlocal +| 18 = @py_Pass +| 19 = @py_Print +| 20 = @py_Raise +| 21 = @py_Return +| 22 = @py_Try +| 23 = @py_While +| 24 = @py_With +| 25 = @py_TemplateWrite +| 26 = @py_AnnAssign; + +case @py_unaryop.kind of + 0 = @py_Invert +| 1 = @py_Not +| 2 = @py_UAdd +| 3 = @py_USub; + +@py_Bytes_or_Str = @py_Bytes | @py_Str; + +@py_Function_parent = @py_DictComp | @py_FunctionExpr | @py_GeneratorExp | @py_Lambda | @py_ListComp | @py_SetComp; + +@py_arguments_parent = @py_FunctionExpr | @py_Lambda; + +@py_ast_node = @py_Class | @py_Function | @py_Module | @py_StringPart | @py_comprehension | @py_dict_item | @py_expr | @py_pattern | @py_stmt; + +@py_bool_parent = @py_For | @py_Function | @py_Print | @py_With | @py_expr | @py_pattern; + +@py_dict_item_list_parent = @py_Call | @py_ClassExpr | @py_Dict; + +@py_expr_context_parent = @py_Attribute | @py_List | @py_Name | @py_PlaceHolder | @py_Starred | @py_Subscript | @py_TemplateDottedNotation | @py_Tuple; + +@py_expr_list_parent = @py_Assign | @py_BoolExpr | @py_Call | @py_ClassExpr | @py_Compare | @py_Delete | @py_Fstring | @py_Function | @py_List | @py_Print | @py_Set | @py_SpecialOperation | @py_Tuple | @py_arguments | @py_comprehension; + +@py_expr_or_stmt = @py_expr | @py_stmt; + +@py_expr_parent = @py_AnnAssign | @py_Assert | @py_Assign | @py_AssignExpr | @py_Attribute | @py_AugAssign | @py_Await | @py_BinaryExpr | @py_Call | @py_Case | @py_Compare | @py_DictComp | @py_DictUnpacking | @py_ExceptGroupStmt | @py_ExceptStmt | @py_Exec | @py_Expr_stmt | @py_Filter | @py_For | @py_FormattedValue | @py_Function | @py_FunctionExpr | @py_GeneratorExp | @py_Guard | @py_If | @py_IfExp | @py_ImportMember | @py_ImportStar | @py_KeyValuePair | @py_ListComp | @py_MatchAsPattern | @py_MatchCapturePattern | @py_MatchClassPattern | @py_MatchKeywordPattern | @py_MatchLiteralPattern | @py_MatchStmt | @py_MatchValuePattern | @py_Print | @py_Raise | @py_Repr | @py_Return | @py_SetComp | @py_Slice | @py_Starred | @py_Subscript | @py_TemplateDottedNotation | @py_TemplateWrite | @py_UnaryExpr | @py_While | @py_With | @py_Yield | @py_YieldFrom | @py_alias | @py_arguments | @py_comprehension | @py_expr_list | @py_keyword | @py_parameter_list; + +@py_location_parent = @py_DictUnpacking | @py_KeyValuePair | @py_StringPart | @py_comprehension | @py_expr | @py_keyword | @py_pattern | @py_stmt; + +@py_parameter = @py_Name | @py_Tuple; + +@py_pattern_list_parent = @py_MatchClassPattern | @py_MatchMappingPattern | @py_MatchOrPattern | @py_MatchSequencePattern; + +@py_pattern_parent = @py_Case | @py_MatchAsPattern | @py_MatchDoubleStarPattern | @py_MatchKeyValuePattern | @py_MatchKeywordPattern | @py_MatchStarPattern | @py_pattern_list; + +@py_scope = @py_Class | @py_Function | @py_Module; + +@py_stmt_list_parent = @py_Case | @py_Class | @py_ExceptGroupStmt | @py_ExceptStmt | @py_For | @py_Function | @py_If | @py_MatchStmt | @py_Module | @py_Try | @py_While | @py_With; + +@py_str_list_parent = @py_Global | @py_Nonlocal; + +@py_str_parent = @py_Attribute | @py_Class | @py_ClassExpr | @py_FormattedValue | @py_Function | @py_FunctionExpr | @py_ImportExpr | @py_ImportMember | @py_Module | @py_SpecialOperation | @py_Str | @py_StringPart | @py_TemplateDottedNotation | @py_keyword | @py_str_list; + +@py_variable_parent = @py_Name | @py_PlaceHolder; + + +/* + * End of auto-generated part + */ + + + +/* Map relative names to absolute names for imports */ +py_absolute_names(int module : @py_Module ref, + varchar(1) relname : string ref, + varchar(1) absname : string ref); + +py_exports(int id : @py_Module ref, + varchar(1) name : string ref); + +/* Successor information */ +py_successors(int predecessor : @py_flow_node ref, + int successor : @py_flow_node ref); + +py_true_successors(int predecessor : @py_flow_node ref, + int successor : @py_flow_node ref); + +py_exception_successors(int predecessor : @py_flow_node ref, + int successor : @py_flow_node ref); + +py_false_successors(int predecessor : @py_flow_node ref, + int successor : @py_flow_node ref); + +py_flow_bb_node(unique int flownode : @py_flow_node, + int realnode : @py_ast_node ref, + int basicblock : @py_flow_node ref, + int index : int ref); + +py_scope_flow(int flow : @py_flow_node ref, + int scope : @py_scope ref, + int kind : int ref); + +py_idoms(unique int node : @py_flow_node ref, + int immediate_dominator : @py_flow_node ref); + +py_ssa_phi(int phi : @py_ssa_var ref, + int arg: @py_ssa_var ref); + +py_ssa_var(unique int id : @py_ssa_var, + int var : @py_variable ref); + +py_ssa_use(int node: @py_flow_node ref, + int var : @py_ssa_var ref); + +py_ssa_defn(unique int id : @py_ssa_var ref, + int node: @py_flow_node ref); + +@py_base_var = @py_variable | @py_ssa_var; + +py_scopes(unique int node : @py_expr_or_stmt ref, + int scope : @py_scope ref); + +py_scope_location(unique int id : @location ref, + unique int scope : @py_scope ref); + +py_flags_versioned(varchar(1) name : string ref, + varchar(1) value : string ref, + varchar(1) version : string ref); + +py_syntax_error_versioned(unique int id : @location ref, + varchar(1) message : string ref, + varchar(1) version : string ref); + +py_comments(unique int id : @py_comment, + varchar(1) text : string ref, + unique int location : @location ref); + +/* Type information support */ + +py_cobjects(unique int obj : @py_cobject); + +py_cobjecttypes(unique int obj : @py_cobject ref, + int typeof : @py_cobject ref); + +py_cobjectnames(unique int obj : @py_cobject ref, + varchar(1) name : string ref); + +/* Kind should be 0 for introspection, > 0 from source, as follows: + 1 from C extension source + */ +py_cobject_sources(int obj : @py_cobject ref, + int kind : int ref); + +py_cmembers_versioned(int object : @py_cobject ref, + varchar(1) name : string ref, + int member : @py_cobject ref, + varchar(1) version : string ref); + +py_citems(int object : @py_cobject ref, + int index : int ref, + int member : @py_cobject ref); + +ext_argtype(int funcid : @py_object ref, + int arg : int ref, + int typeid : @py_object ref); + +ext_rettype(int funcid : @py_object ref, + int typeid : @py_object ref); + +ext_proptype(int propid : @py_object ref, + int typeid : @py_object ref); + +ext_argreturn(int funcid : @py_object ref, + int arg : int ref); + +py_special_objects(unique int obj : @py_cobject ref, + unique varchar(1) name : string ref); + +py_decorated_object(int object : @py_object ref, + int level: int ref); + +@py_object = @py_cobject | @py_flow_node; + +@py_source_element = @py_ast_node | @container; diff --git a/python/ql/lib/upgrades/0355ecf0ac589e66467a378e0e9d60f41ee4a757/upgrade.properties b/python/ql/lib/upgrades/0355ecf0ac589e66467a378e0e9d60f41ee4a757/upgrade.properties new file mode 100644 index 00000000000..7b75d5de56a --- /dev/null +++ b/python/ql/lib/upgrades/0355ecf0ac589e66467a378e0e9d60f41ee4a757/upgrade.properties @@ -0,0 +1,2 @@ +description: Sync dbscheme fragments +compatibility: full From 24165684893bdf1dda9e49b4229a09e2e47fcdfc Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Sun, 14 May 2023 19:52:27 +0200 Subject: [PATCH 549/870] Tree-sitter-xtractor: fix clippy warnings --- shared/tree-sitter-extractor/src/autobuilder.rs | 8 ++++---- shared/tree-sitter-extractor/src/generator/mod.rs | 12 ++++++------ .../src/generator/prefix.dbscheme | 1 - 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/shared/tree-sitter-extractor/src/autobuilder.rs b/shared/tree-sitter-extractor/src/autobuilder.rs index a6d4a6852e2..97ea5a9b32c 100644 --- a/shared/tree-sitter-extractor/src/autobuilder.rs +++ b/shared/tree-sitter-extractor/src/autobuilder.rs @@ -15,7 +15,7 @@ impl Autobuilder { pub fn new(language: &str, database: PathBuf) -> Self { Self { language: language.to_string(), - database: database, + database, include_extensions: vec![], include_globs: vec![], exclude_globs: vec![], @@ -24,17 +24,17 @@ impl Autobuilder { } pub fn include_extensions(&mut self, exts: &[&str]) -> &mut Self { - self.include_extensions = exts.into_iter().map(|s| String::from(*s)).collect(); + self.include_extensions = exts.iter().map(|s| String::from(*s)).collect(); self } pub fn include_globs(&mut self, globs: &[&str]) -> &mut Self { - self.include_globs = globs.into_iter().map(|s| String::from(*s)).collect(); + self.include_globs = globs.iter().map(|s| String::from(*s)).collect(); self } pub fn exclude_globs(&mut self, globs: &[&str]) -> &mut Self { - self.exclude_globs = globs.into_iter().map(|s| String::from(*s)).collect(); + self.exclude_globs = globs.iter().map(|s| String::from(*s)).collect(); self } diff --git a/shared/tree-sitter-extractor/src/generator/mod.rs b/shared/tree-sitter-extractor/src/generator/mod.rs index d8737f789cc..0d01deae57f 100644 --- a/shared/tree-sitter-extractor/src/generator/mod.rs +++ b/shared/tree-sitter-extractor/src/generator/mod.rs @@ -23,22 +23,22 @@ pub fn generate( e })?; let mut dbscheme_writer = LineWriter::new(dbscheme_file); - write!( + writeln!( dbscheme_writer, "// CodeQL database schema for {}\n\ - // Automatically generated from the tree-sitter grammar; do not edit\n\n", + // Automatically generated from the tree-sitter grammar; do not edit\n", languages[0].name )?; - write!(dbscheme_writer, include_str!("prefix.dbscheme"))?; + writeln!(dbscheme_writer, include_str!("prefix.dbscheme"))?; let mut ql_writer = LineWriter::new(File::create(ql_library_path)?); - write!( + writeln!( ql_writer, "/**\n\ * CodeQL library for {} * Automatically generated from the tree-sitter grammar; do not edit\n\ - */\n\n", + */\n", languages[0].name )?; ql::write( @@ -60,7 +60,7 @@ pub fn generate( let nodes = node_types::read_node_types_str(&prefix, language.node_types)?; let (dbscheme_entries, mut ast_node_members, token_kinds) = convert_nodes(&nodes); ast_node_members.insert(&token_name); - write!(&mut dbscheme_writer, "/*- {} dbscheme -*/\n", language.name)?; + writeln!(&mut dbscheme_writer, "/*- {} dbscheme -*/", language.name)?; dbscheme::write(&mut dbscheme_writer, &dbscheme_entries)?; let token_case = create_token_case(&token_name, token_kinds); dbscheme::write( diff --git a/shared/tree-sitter-extractor/src/generator/prefix.dbscheme b/shared/tree-sitter-extractor/src/generator/prefix.dbscheme index 4bbfc8a0931..fbfee072524 100644 --- a/shared/tree-sitter-extractor/src/generator/prefix.dbscheme +++ b/shared/tree-sitter-extractor/src/generator/prefix.dbscheme @@ -98,4 +98,3 @@ yaml_locations(unique int locatable: @yaml_locatable ref, int location: @location_default ref); @yaml_locatable = @yaml_node | @yaml_error; - From e6d29af5a4c0c83e2a9d45a608a541ce1ec71ef4 Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Tue, 16 May 2023 16:55:33 +0200 Subject: [PATCH 550/870] sync-dbscheme-fragments: add files argument --- config/dbscheme-fragments.json | 1 + config/sync-dbscheme-fragments.py | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/config/dbscheme-fragments.json b/config/dbscheme-fragments.json index 0e8c6859fff..2a56ed57bae 100644 --- a/config/dbscheme-fragments.json +++ b/config/dbscheme-fragments.json @@ -15,6 +15,7 @@ "/*- Configuration files with key value pairs -*/", "/*- YAML -*/", "/*- XML Files -*/", + "/*- XML: sourceline -*/", "/*- DEPRECATED: External defects and metrics -*/", "/*- DEPRECATED: Snapshot date -*/", "/*- DEPRECATED: Duplicate code -*/", diff --git a/config/sync-dbscheme-fragments.py b/config/sync-dbscheme-fragments.py index 5ada01537e9..266a504691e 100755 --- a/config/sync-dbscheme-fragments.py +++ b/config/sync-dbscheme-fragments.py @@ -1,7 +1,9 @@ #!/usr/bin/env python3 +import argparse import json import os +import pathlib import re @@ -24,7 +26,15 @@ def validate_fragments(fragments): def main(): - script_dir = os.path.dirname(os.path.realpath(__file__)) + script_path = os.path.realpath(__file__) + script_dir = os.path.dirname(script_path) + parser = argparse.ArgumentParser( + prog=os.path.basename(script_path), + description='Sync dbscheme fragments across files.' + ) + parser.add_argument('files', metavar='dbscheme_file', type=pathlib.Path, nargs='*', default=[], + help='dbscheme files to check') + args = parser.parse_args() with open(os.path.join(script_dir, "dbscheme-fragments.json"), "r") as f: config = json.load(f) @@ -32,7 +42,7 @@ def main(): fragment_headers = set(config["fragments"]) fragments = {} ok = True - for file in config["files"]: + for file in args.files + config["files"]: with open(os.path.join(os.path.dirname(script_dir), file), "r") as dbscheme: header = None line_number = 1 From bec2b7fef9d8ec2d97f8a9510fa56591eb47814c Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Wed, 17 May 2023 16:19:52 +0200 Subject: [PATCH 551/870] QL/Ruby: update dbscheme stats --- ql/ql/src/ql.dbscheme.stats | 24077 ++++++++++++++++++------------ ruby/ql/lib/ruby.dbscheme.stats | 6671 +++++---- 2 files changed, 18409 insertions(+), 12339 deletions(-) diff --git a/ql/ql/src/ql.dbscheme.stats b/ql/ql/src/ql.dbscheme.stats index 85072c39df5..61923351ee9 100644 --- a/ql/ql/src/ql.dbscheme.stats +++ b/ql/ql/src/ql.dbscheme.stats @@ -1,5 +1,145 @@ + @blame_blame_entry + 0 + + + @blame_blame_info + 0 + + + @blame_file_entry + 0 + + + @blame_reserved_word + 0 + + + @blame_token_date + 0 + + + @blame_token_filename + 0 + + + @blame_token_number + 0 + + + @dbscheme_annotation + 20670 + + + @dbscheme_args_annotation + 20661 + + + @dbscheme_branch + 116911 + + + @dbscheme_case_decl + 4372 + + + @dbscheme_col_type + 252564 + + + @dbscheme_column + 252564 + + + @dbscheme_dbscheme + 532 + + + @dbscheme_entry + 169630 + + + @dbscheme_repr_type + 252564 + + + @dbscheme_reserved_word + 1309648 + + + @dbscheme_table + 105934 + + + @dbscheme_table_name + 105934 + + + @dbscheme_token_annot_name + 20670 + + + @dbscheme_token_block_comment + 17513 + + + @dbscheme_token_boolean + 1440 + + + @dbscheme_token_date + 1042 + + + @dbscheme_token_dbtype + 565153 + + + @dbscheme_token_float + 2354 + + + @dbscheme_token_int + 258872 + + + @dbscheme_token_integer + 124608 + + + @dbscheme_token_line_comment + 37863 + + + @dbscheme_token_qldoc + 8004 + + + @dbscheme_token_ref + 210468 + + + @dbscheme_token_simple_id + 397838 + + + @dbscheme_token_string + 51435 + + + @dbscheme_token_unique + 75701 + + + @dbscheme_token_varchar + 7697 + + + @dbscheme_union_decl + 51790 + + @diagnostic_debug 0 @@ -13,171 +153,175 @@ @diagnostic_warning - 0 + 5 @file - 8553 + 11682 @folder - 3085 + 3982 + @json_array + 481 + + + @json_document + 272 + + + @json_object + 787 + + + @json_pair + 2223 + + + @json_reserved_word + 19369 + + + @json_string__ + 5469 + + + @json_token_comment + 18 + + + @json_token_false + 259 + + + @json_token_null + 106 + + + @json_token_number + 27 + + + @json_token_string_content + 5465 + + + @json_token_true + 246 + + @location_default - 6606610 + 8479546 @ql_add_expr - 14495 + 14857 @ql_aggregate - 10545 + 9694 @ql_annot_arg - 9954 + 6094 @ql_annotation - 74436 + 72771 @ql_arityless_predicate_expr - 91397 + 67354 @ql_as_expr - 15231 + 19448 @ql_as_exprs - 6565 + 8242 @ql_body - 76901 + 70726 @ql_bool - 7868 + 5039 @ql_call_body - 90923 + 66692 @ql_call_or_unqual_agg_expr - 90923 + 66692 @ql_charpred - 15834 + 12588 @ql_class_member - 100701 + 84646 @ql_classless_predicate - 23448 + 24640 @ql_comp_term - 150457 + 138784 @ql_conjunction - 109320 + 80925 @ql_dataclass - 26656 + 23834 @ql_datatype - 1240 + 809 @ql_datatype_branch - 3623 + 3437 @ql_datatype_branches - 1240 - - - @ql_db_annotation - 6111 - - - @ql_db_args_annotation - 6111 - - - @ql_db_branch - 71250 - - - @ql_db_case_decl - 3721 - - - @ql_db_col_type - 119744 - - - @ql_db_column - 119744 - - - @ql_db_entry - 80467 - - - @ql_db_repr_type - 119744 - - - @ql_db_table - 45893 - - - @ql_db_table_name - 45893 - - - @ql_db_union_decl - 27769 + 809 @ql_disjunction - 53444 + 40259 @ql_expr_aggregate_body - 1240 + 1293 @ql_expr_annotation - 5776 + 1328 @ql_field - 10186 + 4149 @ql_full_aggregate_body - 7035 + 6714 @ql_higher_order_term - 163 + 105 @ql_if_term - 3981 + 3226 @ql_implication @@ -185,75 +329,83 @@ @ql_import_directive - 17290 + 24818 @ql_import_module_expr - 17290 + 24818 @ql_in_expr - 1207 + 1003 @ql_instance_of - 16504 + 17128 @ql_literal - 153183 + 98847 @ql_member_predicate - 55011 + 47549 @ql_module - 4064 + 3916 @ql_module_alias_body - 158 + 725 @ql_module_expr - 55044 + 72503 + + + @ql_module_instantiation + 1043 @ql_module_member - 111687 + 119591 @ql_module_name - 4276 + 6324 + + + @ql_module_param + 299 @ql_mul_expr - 630 + 631 @ql_negation - 11271 + 12010 @ql_order_by - 959 + 1098 @ql_order_bys - 550 + 674 @ql_par_expr - 15458 + 6038 @ql_predicate_alias_body - 218 + 329 @ql_predicate_expr - 491 + 662 @ql_prefix_cast @@ -261,223 +413,183 @@ @ql_ql - 8537 - - - @ql_qual_module_expr - 17290 + 10785 @ql_qualified_expr - 165066 + 168511 @ql_qualified_rhs - 165066 + 168511 @ql_quantified - 29578 + 26111 @ql_range - 652 + 417 @ql_reserved_word - 2769865 + 1966059 @ql_select - 4611 + 5640 @ql_set_literal - 4211 + 3557 + + + @ql_signature_expr + 2248 @ql_special_call - 3769 + 4863 @ql_super_ref - 1256 + 2444 @ql_token_addop - 14495 + 14857 @ql_token_agg_id - 10545 + 9694 @ql_token_annot_name - 89079 + 75427 @ql_token_block_comment - 10483 + 1061 @ql_token_class_name - 254946 + 224655 @ql_token_closure - 2110 + 2123 @ql_token_compop - 150457 - - - @ql_token_db_boolean - 606 - - - @ql_token_db_case - 3721 - - - @ql_token_db_date - 816 - - - @ql_token_db_float - 1326 - - - @ql_token_db_int - 121533 - - - @ql_token_db_ref - 104832 - - - @ql_token_db_string - 26923 - - - @ql_token_db_unique - 33083 - - - @ql_token_db_varchar - 6025 + 138784 @ql_token_dbtype - 296367 + 3604 @ql_token_direction - 183 + 200 @ql_token_empty - 2562 + 2683 @ql_token_false - 4456 + 2391 @ql_token_float - 1665 + 296 @ql_token_integer - 99640 + 20738 @ql_token_line_comment - 26885 + 20706 @ql_token_literal_id - 91560 + 67459 @ql_token_mulop - 630 + 631 @ql_token_predicate - 33561 + 28901 @ql_token_predicate_name - 234769 + 229368 @ql_token_primitive_type - 60120 + 49384 @ql_token_qldoc - 59680 + 56786 @ql_token_quantifier - 29578 + 26111 @ql_token_result - 59353 + 55181 @ql_token_simple_id - 742949 + 542286 @ql_token_special_id - 3769 + 4863 @ql_token_string - 108112 + 73436 @ql_token_super - 1256 + 2444 @ql_token_this - 60186 + 53091 @ql_token_true - 3411 + 2648 @ql_token_underscore - 35292 + 20351 @ql_token_unop - 930 - - - @ql_token_yaml_value - 636 + 1171 @ql_type_alias_body - 1338 + 1245 @ql_type_expr - 271873 + 236975 @ql_type_union_body - 168 + 249 @ql_unary_expr - 930 + 1171 @ql_unqual_agg_body @@ -485,94 +597,61 @@ @ql_var_decl - 167140 + 129441 @ql_var_name - 530835 + 415356 @ql_variable - 482680 + 393587 - @ql_yaml_comment - 1 + @yaml_alias_node + 0 - @ql_yaml_entry - 636 + @yaml_error + 0 - @ql_yaml_key - 734 + @yaml_mapping_node + 160 - @ql_yaml_keyvaluepair - 538 + @yaml_scalar_node + 1136 - @ql_yaml_listitem - 97 + @yaml_sequence_node + 52 - containerparent - 11606 + blame_ast_node_info + 0 - parent - 3085 + node + 0 - child - 11606 + parent + 0 + + + parent_index + 0 + + + loc + 0 - parent - child - - - 12 - - - 1 - 2 - 1550 - - - 2 - 3 - 636 - - - 3 - 4 - 277 - - - 4 - 7 - 261 - - - 7 - 20 - 244 - - - 21 - 63 - 114 - - - - - - - child + node parent @@ -581,16 +660,138 @@ 1 2 - 11606 + 1 + + node + parent_index + + + 12 + + + 1 + 2 + 1 + + + + + + + node + loc + + + 12 + + + 1 + 2 + 1 + + + + + + + parent + node + + + 12 + + + + + + parent + parent_index + + + 12 + + + + + + parent + loc + + + 12 + + + + + + parent_index + node + + + 12 + + + + + + parent_index + parent + + + 12 + + + + + + parent_index + loc + + + 12 + + + + + + loc + node + + + 12 + + + + + + loc + parent + + + 12 + + + + + + loc + parent_index + + + 12 + + + + - diagnostics + blame_blame_entry_def 0 @@ -598,30 +799,14 @@ 0 - severity - 0 - - - error_tag - 0 - - - error_message - 0 - - - full_error_message - 0 - - - location + date__ 0 id - severity + date__ 12 @@ -629,78 +814,14 @@ 1 2 - 16 + 1 - id - error_tag - - - 12 - - - 1 - 2 - 16 - - - - - - - id - error_message - - - 12 - - - 1 - 2 - 16 - - - - - - - id - full_error_message - - - 12 - - - 1 - 2 - 16 - - - - - - - id - location - - - 12 - - - 1 - 2 - 16 - - - - - - - severity + date__ id @@ -709,2477 +830,84 @@ - - severity - error_tag - - - 12 - - - - - - severity - error_message - - - 12 - - - - - - severity - full_error_message - - - 12 - - - - - - severity - location - - - 12 - - - - - - error_tag - id - - - 12 - - - - - - error_tag - severity - - - 12 - - - - - - error_tag - error_message - - - 12 - - - - - - error_tag - full_error_message - - - 12 - - - - - - error_tag - location - - - 12 - - - - - - error_message - id - - - 12 - - - - - - error_message - severity - - - 12 - - - - - - error_message - error_tag - - - 12 - - - - - - error_message - full_error_message - - - 12 - - - - - - error_message - location - - - 12 - - - - - - full_error_message - id - - - 12 - - - - - - full_error_message - severity - - - 12 - - - - - - full_error_message - error_tag - - - 12 - - - - - - full_error_message - error_message - - - 12 - - - - - - full_error_message - location - - - 12 - - - - - - location - id - - - 12 - - - - - - location - severity - - - 12 - - - - - - location - error_tag - - - 12 - - - - - - location - error_message - - - 12 - - - - - - location - full_error_message - - - 12 - - - - - files - 8553 + blame_blame_entry_line + 0 - id - 8553 - - - name - 8553 - - - - - id - name - - - 12 - - - 1 - 2 - 8553 - - - - - - - name - id - - - 12 - - - 1 - 2 - 8553 - - - - - - - - - folders - 3085 - - - id - 3085 - - - name - 3085 - - - - - id - name - - - 12 - - - 1 - 2 - 3085 - - - - - - - name - id - - - 12 - - - 1 - 2 - 3085 - - - - - - - - - locations_default - 6606610 - - - id - 6606610 - - - file - 8553 - - - startLine - 74697 - - - startColumn - 2236 - - - endLine - 74730 - - - endColumn - 2415 - - - - - id - file - - - 12 - - - 1 - 2 - 6606610 - - - - - - - id - startLine - - - 12 - - - 1 - 2 - 6606610 - - - - - - - id - startColumn - - - 12 - - - 1 - 2 - 6606610 - - - - - - - id - endLine - - - 12 - - - 1 - 2 - 6606610 - - - - - - - id - endColumn - - - 12 - - - 1 - 2 - 6606610 - - - - - - - file - id - - - 12 - - - 1 - 24 - 750 - - - 24 - 36 - 701 - - - 36 - 53 - 685 - - - 53 - 78 - 701 - - - 78 - 118 - 652 - - - 118 - 160 - 652 - - - 160 - 240 - 652 - - - 243 - 332 - 652 - - - 334 - 466 - 652 - - - 474 - 734 - 652 - - - 748 - 1308 - 652 - - - 1329 - 2733 - 652 - - - 2744 - 36957 - 489 - - - - - - - file - startLine - - - 12 - - - 1 - 3 - 130 - - - 3 - 4 - 848 - - - 4 - 5 - 750 - - - 5 - 8 - 767 - - - 8 - 12 - 685 - - - 12 - 19 - 669 - - - 19 - 25 - 669 - - - 25 - 34 - 652 - - - 34 - 49 - 652 - - - 49 - 76 - 652 - - - 76 - 129 - 652 - - - 130 - 286 - 652 - - - 287 - 849 - 652 - - - 903 - 3739 - 114 - - - - - - - file - startColumn - - - 12 - - - 1 - 12 - 734 - - - 12 - 18 - 685 - - - 18 - 26 - 669 - - - 26 - 37 - 669 - - - 37 - 45 - 652 - - - 45 - 53 - 767 - - - 53 - 60 - 652 - - - 60 - 70 - 701 - - - 70 - 77 - 587 - - - 77 - 83 - 652 - - - 83 - 92 - 718 - - - 92 - 103 - 669 - - - 123 - 133 - 391 - - - - - - - file - endLine - - - 12 - - - 1 - 3 - 130 - - - 3 - 4 - 848 - - - 4 - 5 - 750 - - - 5 - 8 - 767 - - - 8 - 12 - 685 - - - 12 - 19 - 669 - - - 19 - 25 - 669 - - - 25 - 34 - 652 - - - 34 - 49 - 652 - - - 49 - 76 - 652 - - - 76 - 129 - 652 - - - 130 - 286 - 652 - - - 287 - 849 - 652 - - - 903 - 3739 - 114 - - - - - - - file - endColumn - - - 12 - - - 1 - 15 - 718 - - - 15 - 20 - 652 - - - 20 - 28 - 652 - - - 28 - 39 - 669 - - - 39 - 50 - 669 - - - 50 - 59 - 669 - - - 59 - 66 - 669 - - - 66 - 74 - 734 - - - 74 - 82 - 685 - - - 82 - 89 - 652 - - - 89 - 97 - 767 - - - 97 - 107 - 620 - - - 127 - 136 - 391 - - - - - - - startLine - id - - - 12 - - - 1 - 4 - 6088 - - - 4 - 9 - 6121 - - - 9 - 13 - 6790 - - - 13 - 18 - 6904 - - - 18 - 22 - 5892 - - - 22 - 27 - 6137 - - - 27 - 32 - 5745 - - - 32 - 39 - 5648 - - - 39 - 50 - 5631 - - - 50 - 70 - 5778 - - - 70 - 129 - 5615 - - - 129 - 581 - 5615 - - - 582 - 2656 - 2726 - - - - - - - startLine - file - - - 12 - - - 1 - 2 - 12291 - - - 2 - 3 - 30378 - - - 3 - 4 - 5778 - - - 4 - 5 - 5403 - - - 5 - 8 - 6513 - - - 8 - 14 - 5762 - - - 14 - 64 - 5664 - - - 64 - 524 - 2905 - - - - - - - startLine - startColumn - - - 12 - - - 1 - 3 - 6529 - - - 3 - 6 - 5272 - - - 6 - 9 - 6480 - - - 9 - 12 - 6904 - - - 12 - 15 - 6284 - - - 15 - 18 - 6039 - - - 18 - 21 - 5484 - - - 21 - 25 - 6219 - - - 25 - 31 - 6301 - - - 31 - 38 - 5843 - - - 38 - 53 - 5778 - - - 53 - 86 - 5713 - - - 86 - 107 - 1844 - - - - - - - startLine - endLine - - - 12 - - - 1 - 2 - 23424 - - - 2 - 3 - 21221 - - - 3 - 4 - 10447 - - - 4 - 5 - 5827 - - - 5 - 7 - 6039 - - - 7 - 14 - 5876 - - - 14 - 180 - 1860 - - - - - - - startLine - endColumn - - - 12 - - - 1 - 3 - 6186 - - - 3 - 7 - 6137 - - - 7 - 10 - 6725 - - - 10 - 13 - 5974 - - - 13 - 16 - 6170 - - - 16 - 19 - 5958 - - - 19 - 23 - 6839 - - - 23 - 27 - 5697 - - - 27 - 33 - 5843 - - - 33 - 41 - 6105 - - - 41 - 58 - 5713 - - - 58 - 92 - 5762 - - - 92 - 107 - 1583 - - - - - - - startColumn - id - - - 12 - - - 1 - 9 - 179 - - - 12 - 45 - 179 - - - 48 - 101 - 179 - - - 106 - 330 - 179 - - - 356 - 661 - 179 - - - 665 - 1303 - 179 - - - 1310 - 2006 - 179 - - - 2083 - 3125 - 179 - - - 3302 - 4232 - 179 - - - 4376 - 5274 - 179 - - - 5304 - 5670 - 179 - - - 5760 - 9625 - 179 - - - 10614 - 27728 - 81 - - - - - - - startColumn - file - - - 12 - - - 1 - 9 - 179 - - - 9 - 20 - 65 - - - 24 - 25 - 228 - - - 25 - 76 - 179 - - - 77 - 133 - 179 - - - 141 - 191 - 179 - - - 196 - 247 - 179 - - - 251 - 281 - 179 - - - 282 - 326 - 179 - - - 327 - 347 - 179 - - - 347 - 374 - 179 - - - 380 - 400 - 179 - - - 400 - 524 - 146 - - - - - - - startColumn - startLine - - - 12 - - - 1 - 3 - 179 - - - 3 - 8 - 179 - - - 9 - 23 - 179 - - - 23 - 196 - 179 - - - 226 - 339 - 179 - - - 359 - 585 - 179 - - - 597 - 784 - 179 - - - 819 - 1023 - 179 - - - 1115 - 1363 - 179 - - - 1379 - 1559 - 179 - - - 1564 - 1703 - 179 - - - 1711 - 1895 - 179 - - - 1963 - 3125 - 81 - - - - - - - startColumn - endLine - - - 12 - - - 1 - 3 - 179 - - - 3 - 8 - 179 - - - 9 - 23 - 179 - - - 23 - 222 - 179 - - - 231 - 356 - 179 - - - 372 - 600 - 179 - - - 603 - 787 - 179 - - - 823 - 1029 - 179 - - - 1127 - 1372 - 179 - - - 1393 - 1564 - 179 - - - 1566 - 1713 - 179 - - - 1718 - 2016 - 179 - - - 2085 - 3230 - 81 - - - - - - - startColumn - endColumn - - - 12 - - - 1 - 2 - 277 - - - 2 - 3 - 179 - - - 3 - 8 - 195 - - - 8 - 17 - 179 - - - 18 - 26 - 195 - - - 26 - 37 - 179 - - - 39 - 47 - 163 - - - 47 - 54 - 179 - - - 54 - 66 - 179 - - - 66 - 72 - 179 - - - 73 - 90 - 195 - - - 91 - 122 - 130 - - - - - - - endLine - id - - - 12 - - - 1 - 5 - 5925 - - - 5 - 9 - 6431 - - - 9 - 14 - 6904 - - - 14 - 18 - 6480 - - - 18 - 22 - 6284 - - - 22 - 27 - 6529 - - - 27 - 33 - 6186 - - - 33 - 41 - 5925 - - - 41 - 54 - 5827 - - - 54 - 78 - 5811 - - - 78 - 206 - 5631 - - - 206 - 1041 - 5615 - - - 1068 - 2716 - 1175 - - - - - - - endLine - file - - - 12 - - - 1 - 2 - 12389 - - - 2 - 3 - 30280 - - - 3 - 4 - 5925 - - - 4 - 5 - 5142 - - - 5 - 8 - 6660 - - - 8 - 14 - 5729 - - - 14 - 62 - 5631 - - - 62 - 292 - 2970 - - - - - - - endLine - startLine - - - 12 - - - 1 - 2 - 20845 - - - 2 - 3 - 20274 - - - 3 - 4 - 11230 - - - 4 - 5 - 7345 - - - 5 - 6 - 4276 - - - 6 - 10 - 6529 - - - 10 - 28 - 4227 - - - - - - - endLine - startColumn - - - 12 - - - 1 - 4 - 6807 - - - 4 - 7 - 6660 - - - 7 - 10 - 6807 - - - 10 - 13 - 6333 - - - 13 - 16 - 6513 - - - 16 - 19 - 5762 - - - 19 - 22 - 5207 - - - 22 - 26 - 6170 - - - 26 - 32 - 6023 - - - 32 - 40 - 6105 - - - 40 - 57 - 5615 - - - 57 - 91 - 5697 - - - 91 - 108 - 1028 - - - - - - - endLine - endColumn - - - 12 - - - 1 - 3 - 6333 - - - 3 - 6 - 5011 - - - 6 - 9 - 6398 - - - 9 - 12 - 6839 - - - 12 - 15 - 6088 - - - 15 - 18 - 6186 - - - 18 - 21 - 5566 - - - 21 - 25 - 6088 - - - 25 - 31 - 6170 - - - 31 - 38 - 5745 - - - 38 - 52 - 5811 - - - 52 - 85 - 5631 - - - 85 - 107 - 2856 - - - - - - - endColumn - id - - - 12 - - - 1 - 3 - 195 - - - 3 - 37 - 195 - - - 46 - 76 - 195 - - - 76 - 283 - 195 - - - 366 - 1059 - 195 - - - 1066 - 1727 - 195 - - - 1887 - 2654 - 195 - - - 2776 - 4038 - 195 - - - 4044 - 5193 - 195 - - - 5280 - 5758 - 195 - - - 5803 - 6246 - 195 - - - 6318 - 7402 - 195 - - - 7554 - 10052 - 65 - - - - - - - endColumn - file - - - 12 - - - 1 - 3 - 212 - - - 8 - 25 - 195 - - - 25 - 28 - 146 - - - 28 - 42 - 195 - - - 77 - 147 - 195 - - - 149 - 222 - 195 - - - 222 - 273 - 212 - - - 273 - 303 - 195 - - - 309 - 338 - 195 - - - 341 - 364 - 195 - - - 371 - 395 - 195 - - - 397 - 435 - 195 - - - 438 - 522 - 81 - - - - - - - endColumn - startLine - - - 12 - - - 1 - 2 - 244 - - - 2 - 9 - 195 - - - 12 - 22 - 195 - - - 22 - 157 - 195 - - - 219 - 416 - 195 - - - 416 - 651 - 195 - - - 679 - 903 - 195 - - - 960 - 1197 - 195 - - - 1233 - 1464 - 195 - - - 1464 - 1685 - 195 - - - 1690 - 1798 - 195 - - - 1822 - 2149 - 195 - - - 2222 - 2223 - 16 - - - - - - - endColumn - startColumn - - - 12 - - - 1 - 2 - 212 - - - 2 - 4 - 195 - - - 4 - 6 - 212 - - - 6 - 10 - 212 - - - 11 - 19 - 212 - - - 19 - 32 - 195 - - - 32 - 42 - 195 - - - 42 - 52 - 195 - - - 53 - 62 - 195 - - - 62 - 72 - 195 - - - 72 - 77 - 195 - - - 77 - 95 - 195 - - - - - - - endColumn - endLine - - - 12 - - - 1 - 2 - 261 - - - 2 - 13 - 195 - - - 13 - 23 - 195 - - - 23 - 201 - 195 - - - 227 - 410 - 195 - - - 415 - 640 - 195 - - - 668 - 892 - 195 - - - 929 - 1218 - 195 - - - 1240 - 1461 - 195 - - - 1461 - 1640 - 195 - - - 1656 - 1763 - 195 - - - 1778 - 2145 - 195 - - - - - - - - - ql_add_expr_def - 14495 - - - id - 14495 - - - left - 14495 - - - right - 14495 - - - child - 14495 - - - - - id - left - - - 12 - - - 1 - 2 - 14495 - - - - - - - id - right - - - 12 - - - 1 - 2 - 14495 - - - - - - - id - child - - - 12 - - - 1 - 2 - 14495 - - - - - - - left - id - - - 12 - - - 1 - 2 - 14495 - - - - - - - left - right - - - 12 - - - 1 - 2 - 14495 - - - - - - - left - child - - - 12 - - - 1 - 2 - 14495 - - - - - - - right - id - - - 12 - - - 1 - 2 - 14495 - - - - - - - right - left - - - 12 - - - 1 - 2 - 14495 - - - - - - - right - child - - - 12 - - - 1 - 2 - 14495 - - - - - - - child - id - - - 12 - - - 1 - 2 - 14495 - - - - - - - child - left - - - 12 - - - 1 - 2 - 14495 - - - - - - - child - right - - - 12 - - - 1 - 2 - 14495 - - - - - - - - - ql_aggregate_child - 19082 - - - ql_aggregate - 10545 + blame_blame_entry + 0 index - 48 + 0 - child - 19082 + line + 0 - ql_aggregate + blame_blame_entry + index + + + 12 + + + + + + blame_blame_entry + line + + + 12 + + + + + + index + blame_blame_entry + + + 12 + + + + + + index + line + + + 12 + + + + + + line + blame_blame_entry + + + 12 + + + 1 + 2 + 1 + + + + + + + line index @@ -3188,127 +916,7 @@ 1 2 - 2269 - - - 2 - 3 - 8015 - - - 3 - 4 - 261 - - - - - - - ql_aggregate - child - - - 12 - - - 1 - 2 - 2269 - - - 2 - 3 - 8015 - - - 3 - 4 - 261 - - - - - - - index - ql_aggregate - - - 12 - - - 16 - 17 - 16 - - - 507 - 508 - 16 - - - 646 - 647 - 16 - - - - - - - index - child - - - 12 - - - 16 - 17 - 16 - - - 507 - 508 - 16 - - - 646 - 647 - 16 - - - - - - - child - ql_aggregate - - - 12 - - - 1 - 2 - 19082 - - - - - - - child - index - - - 12 - - - 1 - 2 - 19082 + 1 @@ -3317,33 +925,22 @@ - ql_aggregate_def - 10545 + blame_blame_info_def + 0 id - 10545 - - - - - - ql_annot_arg_def - 9954 - - - id - 9954 + 0 - child - 9954 + today + 0 id - child + today 12 @@ -3351,50 +948,100 @@ 1 2 - 9954 + 1 - child + today id 12 - - - 1 - 2 - 9954 - - + - ql_annotation_args - 11593 + blame_blame_info_file_entry + 0 - ql_annotation - 8315 + blame_blame_info + 0 index - 7 + 0 - args - 11593 + file_entry + 0 - ql_annotation + blame_blame_info + index + + + 12 + + + + + + blame_blame_info + file_entry + + + 12 + + + + + + index + blame_blame_info + + + 12 + + + + + + index + file_entry + + + 12 + + + + + + file_entry + blame_blame_info + + + 12 + + + 1 + 2 + 1 + + + + + + + file_entry index @@ -3403,161 +1050,123 @@ 1 2 - 7294 - - - 3 - 4 - 493 - - - 5 - 8 - 528 - - - - - - - ql_annotation - args - - - 12 - - - 1 - 2 - 7294 - - - 3 - 4 - 493 - - - 5 - 8 - 528 - - - - - - - index - ql_annotation - - - 12 - - - 90 - 91 - 2 - - - 528 - 529 - 2 - - - 1021 - 1022 - 2 - - - 8315 - 8316 1 - - index - args - - - 12 - - - 90 - 91 - 2 - - - 528 - 529 - 2 - - - 1021 - 1022 - 2 - - - 8315 - 8316 - 1 - - - - - - - args - ql_annotation - - - 12 - - - 1 - 2 - 11593 - - - - - - - args - index - - - 12 - - - 1 - 2 - 11593 - - - - - - ql_annotation_def - 74436 + blame_file_entry_blame_entry + 0 + + + blame_file_entry + 0 + + + index + 0 + + + blame_entry + 0 + + + + + blame_file_entry + index + + + 12 + + + + + + blame_file_entry + blame_entry + + + 12 + + + + + + index + blame_file_entry + + + 12 + + + + + + index + blame_entry + + + 12 + + + + + + blame_entry + blame_file_entry + + + 12 + + + 1 + 2 + 1 + + + + + + + blame_entry + index + + + 12 + + + 1 + 2 + 1 + + + + + + + + + blame_file_entry_def + 0 id - 74436 + 0 - name - 74436 + file_name + 0 id - name + file_name 12 @@ -3565,95 +1174,45 @@ 1 2 - 74436 + 1 - name + file_name id 12 - - - 1 - 2 - 74436 - - + - ql_arityless_predicate_expr_child - 8329 - - - ql_arityless_predicate_expr - 8329 - - - child - 8329 - - - - - ql_arityless_predicate_expr - child - - - 12 - - - 1 - 2 - 8329 - - - - - - - child - ql_arityless_predicate_expr - - - 12 - - - 1 - 2 - 8329 - - - - - - - - - ql_arityless_predicate_expr_def - 91397 + blame_tokeninfo + 0 id - 91397 + 0 - name - 91397 + kind + 0 + + + value + 0 id - name + kind 12 @@ -3661,508 +1220,127 @@ 1 2 - 91397 + 1 - name + id + value + + + 12 + + + 1 + 2 + 1 + + + + + + + kind id 12 - - - 1 - 2 - 91397 - - + + + + + + kind + value + + + 12 + + + + + + value + id + + + 12 + + + + + + value + kind + + + 12 + - ql_as_expr_child - 15427 + containerparent + 15662 - - ql_as_expr - 15231 - - - index - 2 - - - child - 15427 - - - - - ql_as_expr - index - - - 12 - - - 1 - 2 - 15035 - - - 2 - 3 - 196 - - - - - - - ql_as_expr - child - - - 12 - - - 1 - 2 - 15035 - - - 2 - 3 - 196 - - - - - - - index - ql_as_expr - - - 12 - - - 196 - 197 - 1 - - - 15231 - 15232 - 1 - - - - - - - index - child - - - 12 - - - 196 - 197 - 1 - - - 15231 - 15232 - 1 - - - - - - - child - ql_as_expr - - - 12 - - - 1 - 2 - 15427 - - - - - - - child - index - - - 12 - - - 1 - 2 - 15427 - - - - - - - - - ql_as_expr_def - 15231 - - - id - 15231 - - - - - - ql_as_exprs_child - 15231 - - - ql_as_exprs - 6565 - - - index - 14 - - - child - 15231 - - - - - ql_as_exprs - index - - - 12 - - - 1 - 2 - 2312 - - - 2 - 3 - 2509 - - - 3 - 4 - 510 - - - 4 - 5 - 609 - - - 5 - 7 - 495 - - - 7 - 15 - 130 - - - - - - - ql_as_exprs - child - - - 12 - - - 1 - 2 - 2312 - - - 2 - 3 - 2509 - - - 3 - 4 - 510 - - - 4 - 5 - 609 - - - 5 - 7 - 495 - - - 7 - 15 - 130 - - - - - - - index - ql_as_exprs - - - 12 - - - 1 - 2 - 1 - - - 9 - 10 - 1 - - - 14 - 15 - 1 - - - 15 - 16 - 1 - - - 28 - 29 - 1 - - - 35 - 36 - 1 - - - 82 - 83 - 1 - - - 130 - 131 - 1 - - - 496 - 497 - 1 - - - 625 - 626 - 1 - - - 1234 - 1235 - 1 - - - 1744 - 1745 - 1 - - - 4253 - 4254 - 1 - - - 6565 - 6566 - 1 - - - - - - - index - child - - - 12 - - - 1 - 2 - 1 - - - 9 - 10 - 1 - - - 14 - 15 - 1 - - - 15 - 16 - 1 - - - 28 - 29 - 1 - - - 35 - 36 - 1 - - - 82 - 83 - 1 - - - 130 - 131 - 1 - - - 496 - 497 - 1 - - - 625 - 626 - 1 - - - 1234 - 1235 - 1 - - - 1744 - 1745 - 1 - - - 4253 - 4254 - 1 - - - 6565 - 6566 - 1 - - - - - - - child - ql_as_exprs - - - 12 - - - 1 - 2 - 15231 - - - - - - - child - index - - - 12 - - - 1 - 2 - 15231 - - - - - - - - - ql_as_exprs_def - 6565 - - - id - 6565 - - - - - - ql_ast_node_info - 8986335 - - - node - 8986335 - parent - 4063336 + 3982 - parent_index - 4195 - - - loc - 6606593 + child + 15662 - node + parent + child + + + 12 + + + 1 + 2 + 1880 + + + 2 + 3 + 882 + + + 3 + 4 + 354 + + + 4 + 6 + 334 + + + 6 + 14 + 312 + + + 14 + 240 + 220 + + + + + + + child parent @@ -4171,461 +1349,7 @@ 1 2 - 8986335 - - - - - - - node - parent_index - - - 12 - - - 1 - 2 - 8986335 - - - - - - - node - loc - - - 12 - - - 1 - 2 - 8986335 - - - - - - - parent - node - - - 12 - - - 1 - 2 - 2385079 - - - 2 - 3 - 368854 - - - 3 - 4 - 873800 - - - 4 - 8 - 307149 - - - 8 - 258 - 128452 - - - - - - - parent - parent_index - - - 12 - - - 1 - 2 - 2385079 - - - 2 - 3 - 368854 - - - 3 - 4 - 873800 - - - 4 - 8 - 307149 - - - 8 - 258 - 128452 - - - - - - - parent - loc - - - 12 - - - 1 - 2 - 2385079 - - - 2 - 3 - 368854 - - - 3 - 4 - 873800 - - - 4 - 8 - 307149 - - - 8 - 258 - 128452 - - - - - - - parent_index - node - - - 12 - - - 1 - 2 - 799 - - - 2 - 3 - 848 - - - 4 - 13 - 359 - - - 13 - 26 - 326 - - - 28 - 55 - 261 - - - 55 - 106 - 375 - - - 107 - 132 - 342 - - - 133 - 171 - 326 - - - 172 - 1134 - 326 - - - 1600 - 248921 - 228 - - - - - - - parent_index - parent - - - 12 - - - 1 - 2 - 799 - - - 2 - 3 - 848 - - - 4 - 13 - 359 - - - 13 - 26 - 326 - - - 28 - 55 - 261 - - - 55 - 106 - 375 - - - 107 - 132 - 342 - - - 133 - 171 - 326 - - - 172 - 1134 - 326 - - - 1600 - 248921 - 228 - - - - - - - parent_index - loc - - - 12 - - - 1 - 2 - 799 - - - 2 - 3 - 848 - - - 4 - 13 - 359 - - - 13 - 26 - 326 - - - 28 - 55 - 261 - - - 55 - 106 - 375 - - - 107 - 132 - 342 - - - 133 - 171 - 326 - - - 172 - 1134 - 326 - - - 1600 - 166926 - 228 - - - - - - - loc - node - - - 12 - - - 1 - 2 - 4768069 - - - 2 - 3 - 1306627 - - - 3 - 4 - 523326 - - - 4 - 6 - 8570 - - - - - - - loc - parent - - - 12 - - - 1 - 2 - 4768069 - - - 2 - 3 - 1306627 - - - 3 - 4 - 523326 - - - 4 - 6 - 8570 - - - - - - - loc - parent_index - - - 12 - - - 1 - 2 - 5565327 - - - 2 - 3 - 1041266 - - - - - - - - - ql_body_def - 76901 - - - id - 76901 - - - child - 76901 - - - - - id - child - - - 12 - - - 1 - 2 - 76901 - - - - - - - child - id - - - 12 - - - 1 - 2 - 76901 + 15662 @@ -4634,2703 +1358,21 @@ - ql_bool_def - 7868 + dbscheme_annotation_args_annotation + 20661 - id - 7868 - - - child - 7868 - - - - - id - child - - - 12 - - - 1 - 2 - 7868 - - - - - - - child - id - - - 12 - - - 1 - 2 - 7868 - - - - - - - - - ql_call_body_child - 201158 - - - ql_call_body - 77570 - - - index - 163 - - - child - 201158 - - - - - ql_call_body - index - - - 12 - - - 1 - 2 - 23212 - - - 2 - 3 - 23294 - - - 3 - 4 - 14120 - - - 4 - 5 - 4195 - - - 5 - 6 - 7737 - - - 6 - 11 - 5011 - - - - - - - ql_call_body - child - - - 12 - - - 1 - 2 - 23212 - - - 2 - 3 - 23294 - - - 3 - 4 - 14120 - - - 4 - 5 - 4195 - - - 5 - 6 - 7737 - - - 6 - 11 - 5011 - - - - - - - index - ql_call_body - - - 12 - - - 1 - 2 - 16 - - - 35 - 36 - 16 - - - 47 - 48 - 16 - - - 129 - 130 - 16 - - - 307 - 308 - 16 - - - 781 - 782 - 16 - - - 1038 - 1039 - 16 - - - 1903 - 1904 - 16 - - - 3330 - 3331 - 16 - - - 4752 - 4753 - 16 - - - - - - - index - child - - - 12 - - - 1 - 2 - 16 - - - 35 - 36 - 16 - - - 47 - 48 - 16 - - - 129 - 130 - 16 - - - 307 - 308 - 16 - - - 781 - 782 - 16 - - - 1038 - 1039 - 16 - - - 1903 - 1904 - 16 - - - 3330 - 3331 - 16 - - - 4752 - 4753 - 16 - - - - - - - child - ql_call_body - - - 12 - - - 1 - 2 - 201158 - - - - - - - child - index - - - 12 - - - 1 - 2 - 201158 - - - - - - - - - ql_call_body_def - 90923 - - - id - 90923 - - - - - - ql_call_or_unqual_agg_expr_child - 182304 - - - ql_call_or_unqual_agg_expr - 90923 - - - index - 48 - - - child - 182304 - - - - - ql_call_or_unqual_agg_expr - index - - - 12 - - - 2 - 3 - 90466 - - - 3 - 4 - 457 - - - - - - - ql_call_or_unqual_agg_expr - child - - - 12 - - - 2 - 3 - 90466 - - - 3 - 4 - 457 - - - - - - - index - ql_call_or_unqual_agg_expr - - - 12 - - - 28 - 29 - 16 - - - 5570 - 5571 - 32 - - - - - - - index - child - - - 12 - - - 28 - 29 - 16 - - - 5570 - 5571 - 32 - - - - - - - child - ql_call_or_unqual_agg_expr - - - 12 - - - 1 - 2 - 182304 - - - - - - - child - index - - - 12 - - - 1 - 2 - 182304 - - - - - - - - - ql_call_or_unqual_agg_expr_def - 90923 - - - id - 90923 - - - - - - ql_charpred_def - 15834 - - - id - 15834 - - - body - 15834 - - - child - 15834 - - - - - id - body - - - 12 - - - 1 - 2 - 15834 - - - - - - - id - child - - - 12 - - - 1 - 2 - 15834 - - - - - - - body - id - - - 12 - - - 1 - 2 - 15834 - - - - - - - body - child - - - 12 - - - 1 - 2 - 15834 - - - - - - - child - id - - - 12 - - - 1 - 2 - 15834 - - - - - - - child - body - - - 12 - - - 1 - 2 - 15834 - - - - - - - - - ql_class_member_child - 138752 - - - ql_class_member - 100701 - - - index - 48 - - - child - 138752 - - - - - ql_class_member - index - - - 12 - - - 1 - 2 - 63238 - - - 2 - 3 - 36875 - - - 3 - 4 - 587 - - - - - - - ql_class_member - child - - - 12 - - - 1 - 2 - 63238 - - - 2 - 3 - 36875 - - - 3 - 4 - 587 - - - - - - - index - ql_class_member - - - 12 - - - 36 - 37 - 16 - - - 2295 - 2296 - 16 - - - 6169 - 6170 - 16 - - - - - - - index - child - - - 12 - - - 36 - 37 - 16 - - - 2295 - 2296 - 16 - - - 6169 - 6170 - 16 - - - - - - - child - ql_class_member - - - 12 - - - 1 - 2 - 138752 - - - - - - - child - index - - - 12 - - - 1 - 2 - 138752 - - - - - - - - - ql_class_member_def - 100701 - - - id - 100701 - - - - - - ql_classless_predicate_child - 85961 - - - ql_classless_predicate - 23448 - - - index - 12 - - - child - 85961 - - - - - ql_classless_predicate - index - - - 12 - - - 1 - 2 - 1949 - - - 2 - 3 - 6196 - - - 3 - 4 - 5601 - - - 4 - 5 - 3288 - - - 5 - 6 - 2304 - - - 6 - 7 - 1225 - - - 7 - 9 - 1958 - - - 9 - 13 - 927 - - - - - - - ql_classless_predicate - child - - - 12 - - - 1 - 2 - 1949 - - - 2 - 3 - 6196 - - - 3 - 4 - 5601 - - - 4 - 5 - 3288 - - - 5 - 6 - 2304 - - - 6 - 7 - 1225 - - - 7 - 9 - 1958 - - - 9 - 13 - 927 - - - - - - - index - ql_classless_predicate - - - 12 - - - 28 - 29 - 1 - - - 114 - 115 - 1 - - - 177 - 178 - 1 - - - 927 - 928 - 1 - - - 1354 - 1355 - 1 - - - 2885 - 2886 - 1 - - - 4110 - 4111 - 1 - - - 6414 - 6415 - 1 - - - 9702 - 9703 - 1 - - - 15303 - 15304 - 1 - - - 21499 - 21500 - 1 - - - 23448 - 23449 - 1 - - - - - - - index - child - - - 12 - - - 28 - 29 - 1 - - - 114 - 115 - 1 - - - 177 - 178 - 1 - - - 927 - 928 - 1 - - - 1354 - 1355 - 1 - - - 2885 - 2886 - 1 - - - 4110 - 4111 - 1 - - - 6414 - 6415 - 1 - - - 9702 - 9703 - 1 - - - 15303 - 15304 - 1 - - - 21499 - 21500 - 1 - - - 23448 - 23449 - 1 - - - - - - - child - ql_classless_predicate - - - 12 - - - 1 - 2 - 85961 - - - - - - - child - index - - - 12 - - - 1 - 2 - 85961 - - - - - - - - - ql_classless_predicate_def - 23448 - - - id - 23448 - - - name - 23448 - - - return_type - 23448 - - - - - id - name - - - 12 - - - 1 - 2 - 23448 - - - - - - - id - return_type - - - 12 - - - 1 - 2 - 23448 - - - - - - - name - id - - - 12 - - - 1 - 2 - 23448 - - - - - - - name - return_type - - - 12 - - - 1 - 2 - 23448 - - - - - - - return_type - id - - - 12 - - - 1 - 2 - 23448 - - - - - - - return_type - name - - - 12 - - - 1 - 2 - 23448 - - - - - - - - - ql_comp_term_def - 150457 - - - id - 150457 - - - left - 150457 - - - right - 150457 - - - child - 150457 - - - - - id - left - - - 12 - - - 1 - 2 - 150457 - - - - - - - id - right - - - 12 - - - 1 - 2 - 150457 - - - - - - - id - child - - - 12 - - - 1 - 2 - 150457 - - - - - - - left - id - - - 12 - - - 1 - 2 - 150457 - - - - - - - left - right - - - 12 - - - 1 - 2 - 150457 - - - - - - - left - child - - - 12 - - - 1 - 2 - 150457 - - - - - - - right - id - - - 12 - - - 1 - 2 - 150457 - - - - - - - right - left - - - 12 - - - 1 - 2 - 150457 - - - - - - - right - child - - - 12 - - - 1 - 2 - 150457 - - - - - - - child - id - - - 12 - - - 1 - 2 - 150457 - - - - - - - child - left - - - 12 - - - 1 - 2 - 150457 - - - - - - - child - right - - - 12 - - - 1 - 2 - 150457 - - - - - - - - - ql_conjunction_def - 109320 - - - id - 109320 - - - left - 109320 - - - right - 109320 - - - - - id - left - - - 12 - - - 1 - 2 - 109320 - - - - - - - id - right - - - 12 - - - 1 - 2 - 109320 - - - - - - - left - id - - - 12 - - - 1 - 2 - 109320 - - - - - - - left - right - - - 12 - - - 1 - 2 - 109320 - - - - - - - right - id - - - 12 - - - 1 - 2 - 109320 - - - - - - - right - left - - - 12 - - - 1 - 2 - 109320 - - - - - - - - - ql_dataclass_child - 102040 - - - ql_dataclass - 24289 - - - index - 881 - - - child - 102040 - - - - - ql_dataclass - index - - - 12 - - - 1 - 2 - 6284 - - - 2 - 3 - 4129 - - - 3 - 4 - 3101 - - - 4 - 5 - 3934 - - - 5 - 6 - 1877 - - - 6 - 8 - 1877 - - - 8 - 13 - 1926 - - - 13 - 55 - 1158 - - - - - - - ql_dataclass - child - - - 12 - - - 1 - 2 - 6284 - - - 2 - 3 - 4129 - - - 3 - 4 - 3101 - - - 4 - 5 - 3934 - - - 5 - 6 - 1877 - - - 6 - 8 - 1877 - - - 8 - 13 - 1926 - - - 13 - 55 - 1158 - - - - - - - index - ql_dataclass - - - 12 - - - 1 - 2 - 277 - - - 2 - 5 - 81 - - - 6 - 11 - 81 - - - 11 - 21 - 81 - - - 22 - 33 - 81 - - - 33 - 72 - 81 - - - 78 - 190 - 81 - - - 240 - 851 - 81 - - - 1103 - 1489 - 32 - - - - - - - index - child - - - 12 - - - 1 - 2 - 277 - - - 2 - 5 - 81 - - - 6 - 11 - 81 - - - 11 - 21 - 81 - - - 22 - 33 - 81 - - - 33 - 72 - 81 - - - 78 - 190 - 81 - - - 240 - 851 - 81 - - - 1103 - 1489 - 32 - - - - - - - child - ql_dataclass - - - 12 - - - 1 - 2 - 102040 - - - - - - - child - index - - - 12 - - - 1 - 2 - 102040 - - - - - - - - - ql_dataclass_def - 26656 - - - id - 26656 - - - name - 26656 - - - - - id - name - - - 12 - - - 1 - 2 - 26656 - - - - - - - name - id - - - 12 - - - 1 - 2 - 26656 - - - - - - - - - ql_dataclass_extends - 73065 - - - ql_dataclass - 25318 - - - index - 228 - - - extends - 73065 - - - - - ql_dataclass - index - - - 12 - - - 2 - 3 - 15115 - - - 4 - 5 - 9320 - - - 6 - 15 - 881 - - - - - - - ql_dataclass - extends - - - 12 - - - 2 - 3 - 15115 - - - 4 - 5 - 9320 - - - 6 - 15 - 881 - - - - - - - index - ql_dataclass - - - 12 - - - 1 - 2 - 97 - - - 5 - 6 - 32 - - - 54 - 55 - 32 - - - 625 - 626 - 32 - - - 1551 - 1552 - 32 - - - - - - - index - extends - - - 12 - - - 1 - 2 - 97 - - - 5 - 6 - 32 - - - 54 - 55 - 32 - - - 625 - 626 - 32 - - - 1551 - 1552 - 32 - - - - - - - extends - ql_dataclass - - - 12 - - - 1 - 2 - 73065 - - - - - - - extends - index - - - 12 - - - 1 - 2 - 73065 - - - - - - - - - ql_dataclass_instanceof - 326 - - - ql_dataclass - 163 - - - index - 32 - - - instanceof - 326 - - - - - ql_dataclass - index - - - 12 - - - 2 - 3 - 163 - - - - - - - ql_dataclass - instanceof - - - 12 - - - 2 - 3 - 163 - - - - - - - index - ql_dataclass - - - 12 - - - 10 - 11 - 32 - - - - - - - index - instanceof - - - 12 - - - 10 - 11 - 32 - - - - - - - instanceof - ql_dataclass - - - 12 - - - 1 - 2 - 326 - - - - - - - instanceof - index - - - 12 - - - 1 - 2 - 326 - - - - - - - - - ql_datatype_branch_child - 7590 - - - ql_datatype_branch - 2938 - - - index - 114 - - - child - 7590 - - - - - ql_datatype_branch - index - - - 12 - - - 1 - 2 - 750 - - - 2 - 3 - 701 - - - 3 - 4 - 914 - - - 4 - 5 - 326 - - - 5 - 8 - 244 - - - - - - - ql_datatype_branch - child - - - 12 - - - 1 - 2 - 750 - - - 2 - 3 - 701 - - - 3 - 4 - 914 - - - 4 - 5 - 326 - - - 5 - 8 - 244 - - - - - - - index - ql_datatype_branch - - - 12 - - - 2 - 3 - 16 - - - 8 - 9 - 16 - - - 15 - 16 - 16 - - - 35 - 36 - 16 - - - 91 - 92 - 16 - - - 134 - 135 - 16 - - - 180 - 181 - 16 - - - - - - - index - child - - - 12 - - - 2 - 3 - 16 - - - 8 - 9 - 16 - - - 15 - 16 - 16 - - - 35 - 36 - 16 - - - 91 - 92 - 16 - - - 134 - 135 - 16 - - - 180 - 181 - 16 - - - - - - - child - ql_datatype_branch - - - 12 - - - 1 - 2 - 7590 - - - - - - - child - index - - - 12 - - - 1 - 2 - 7590 - - - - - - - - - ql_datatype_branch_def - 3623 - - - id - 3623 - - - name - 3623 - - - - - id - name - - - 12 - - - 1 - 2 - 3623 - - - - - - - name - id - - - 12 - - - 1 - 2 - 3623 - - - - - - - - - ql_datatype_branches_child - 3623 - - - ql_datatype_branches - 1240 - - - index - 538 - - - child - 3623 - - - - - ql_datatype_branches - index - - - 12 - - - 1 - 2 - 179 - - - 2 - 3 - 685 - - - 3 - 4 - 179 - - - 4 - 5 - 114 - - - 5 - 34 - 81 - - - - - - - ql_datatype_branches - child - - - 12 - - - 1 - 2 - 179 - - - 2 - 3 - 685 - - - 3 - 4 - 179 - - - 4 - 5 - 114 - - - 5 - 34 - 81 - - - - - - - index - ql_datatype_branches - - - 12 - - - 1 - 2 - 310 - - - 2 - 3 - 114 - - - 4 - 6 - 48 - - - 12 - 66 - 48 - - - 76 - 77 - 16 - - - - - - - index - child - - - 12 - - - 1 - 2 - 310 - - - 2 - 3 - 114 - - - 4 - 6 - 48 - - - 12 - 66 - 48 - - - 76 - 77 - 16 - - - - - - - child - ql_datatype_branches - - - 12 - - - 1 - 2 - 3623 - - - - - - - child - index - - - 12 - - - 1 - 2 - 3623 - - - - - - - - - ql_datatype_branches_def - 1240 - - - id - 1240 - - - - - - ql_datatype_def - 1240 - - - id - 1240 - - - name - 1240 - - - child - 1240 - - - - - id - name - - - 12 - - - 1 - 2 - 1240 - - - - - - - id - child - - - 12 - - - 1 - 2 - 1240 - - - - - - - name - id - - - 12 - - - 1 - 2 - 1240 - - - - - - - name - child - - - 12 - - - 1 - 2 - 1240 - - - - - - - child - id - - - 12 - - - 1 - 2 - 1240 - - - - - - - child - name - - - 12 - - - 1 - 2 - 1240 - - - - - - - - - ql_db_annotation_args_annotation - 6111 - - - ql_db_annotation - 6111 + dbscheme_annotation + 20661 args_annotation - 6111 + 20661 - ql_db_annotation + dbscheme_annotation args_annotation @@ -7339,7 +1381,7 @@ 1 2 - 6111 + 20661 @@ -7347,7 +1389,7 @@ args_annotation - ql_db_annotation + dbscheme_annotation 12 @@ -7355,7 +1397,7 @@ 1 2 - 6111 + 20661 @@ -7364,32 +1406,32 @@ - ql_db_annotation_def - 6111 + dbscheme_annotation_def + 20670 id - 6111 + 20670 - ql_db_annotation_simple_annotation - 0 + dbscheme_annotation_simple_annotation + 9 - ql_db_annotation - 0 + dbscheme_annotation + 9 simple_annotation - 0 + 9 - ql_db_annotation + dbscheme_annotation simple_annotation @@ -7398,7 +1440,7 @@ 1 2 - 16 + 9 @@ -7406,7 +1448,7 @@ simple_annotation - ql_db_annotation + dbscheme_annotation 12 @@ -7414,7 +1456,7 @@ 1 2 - 16 + 9 @@ -7423,12 +1465,12 @@ - ql_db_args_annotation_child - 12501 + dbscheme_args_annotation_child + 34968 - ql_db_args_annotation - 6111 + dbscheme_args_annotation + 20661 index @@ -7436,12 +1478,12 @@ child - 12501 + 34968 - ql_db_args_annotation + dbscheme_args_annotation index @@ -7450,24 +1492,24 @@ 1 2 - 150 + 7137 2 3 - 5532 + 12741 3 4 - 429 + 783 - ql_db_args_annotation + dbscheme_args_annotation child @@ -7476,17 +1518,17 @@ 1 2 - 150 + 7137 2 3 - 5532 + 12741 3 4 - 429 + 783 @@ -7494,24 +1536,24 @@ index - ql_db_args_annotation + dbscheme_args_annotation 12 - 429 - 430 + 783 + 784 1 - 5961 - 5962 + 13524 + 13525 1 - 6111 - 6112 + 20661 + 20662 1 @@ -7526,18 +1568,18 @@ 12 - 429 - 430 + 783 + 784 1 - 5961 - 5962 + 13524 + 13525 1 - 6111 - 6112 + 20661 + 20662 1 @@ -7546,7 +1588,7 @@ child - ql_db_args_annotation + dbscheme_args_annotation 12 @@ -7554,7 +1596,7 @@ 1 2 - 12501 + 34968 @@ -7570,7 +1612,7 @@ 1 2 - 12501 + 34968 @@ -7579,16 +1621,16 @@ - ql_db_args_annotation_def - 6111 + dbscheme_args_annotation_def + 20661 id - 6111 + 20661 name - 6111 + 20661 @@ -7602,7 +1644,7 @@ 1 2 - 6111 + 20661 @@ -7618,7 +1660,7 @@ 1 2 - 6111 + 20661 @@ -7627,12 +1669,498 @@ - ql_db_branch_child - 142500 + dbscheme_ast_node_info + 4444432 - ql_db_branch - 71250 + node + 4444432 + + + parent + 1354658 + + + parent_index + 476 + + + loc + 3650776 + + + + + node + parent + + + 12 + + + 1 + 2 + 4444432 + + + + + + + node + parent_index + + + 12 + + + 1 + 2 + 4444432 + + + + + + + node + loc + + + 12 + + + 1 + 2 + 4444432 + + + + + + + parent + node + + + 12 + + + 1 + 2 + 793673 + + + 2 + 4 + 117079 + + + 4 + 5 + 11481 + + + 5 + 6 + 247420 + + + 6 + 8 + 112901 + + + 8 + 477 + 72104 + + + + + + + parent + parent_index + + + 12 + + + 1 + 2 + 793673 + + + 2 + 4 + 117079 + + + 4 + 5 + 11481 + + + 5 + 6 + 247420 + + + 6 + 8 + 112901 + + + 8 + 477 + 72104 + + + + + + + parent + loc + + + 12 + + + 1 + 2 + 793673 + + + 2 + 4 + 117079 + + + 4 + 5 + 11481 + + + 5 + 6 + 247420 + + + 6 + 8 + 112901 + + + 8 + 477 + 72104 + + + + + + + parent_index + node + + + 12 + + + 7 + 257 + 39 + + + 258 + 307 + 38 + + + 321 + 338 + 42 + + + 345 + 508 + 37 + + + 508 + 652 + 37 + + + 661 + 763 + 36 + + + 769 + 930 + 36 + + + 936 + 1034 + 36 + + + 1047 + 1122 + 36 + + + 1122 + 1375 + 36 + + + 1381 + 1960 + 36 + + + 2174 + 3839 + 36 + + + 3932 + 1354659 + 31 + + + + + + + parent_index + parent + + + 12 + + + 7 + 257 + 39 + + + 258 + 307 + 38 + + + 321 + 338 + 42 + + + 345 + 508 + 37 + + + 508 + 652 + 37 + + + 661 + 763 + 36 + + + 769 + 930 + 36 + + + 936 + 1034 + 36 + + + 1047 + 1122 + 36 + + + 1122 + 1375 + 36 + + + 1381 + 1960 + 36 + + + 2174 + 3839 + 36 + + + 3932 + 1354659 + 31 + + + + + + + parent_index + loc + + + 12 + + + 7 + 257 + 39 + + + 258 + 307 + 38 + + + 321 + 338 + 42 + + + 345 + 508 + 37 + + + 508 + 652 + 37 + + + 661 + 763 + 36 + + + 769 + 930 + 36 + + + 936 + 1034 + 36 + + + 1047 + 1122 + 36 + + + 1122 + 1375 + 36 + + + 1381 + 1960 + 36 + + + 2174 + 3839 + 36 + + + 3932 + 1079008 + 31 + + + + + + + loc + node + + + 12 + + + 1 + 2 + 2857120 + + + 2 + 3 + 793656 + + + + + + + loc + parent + + + 12 + + + 1 + 2 + 2857120 + + + 2 + 3 + 793656 + + + + + + + loc + parent_index + + + 12 + + + 1 + 2 + 3132771 + + + 2 + 3 + 518005 + + + + + + + + + dbscheme_branch_child + 233822 + + + dbscheme_branch + 116911 index @@ -7640,12 +2168,12 @@ child - 142500 + 233822 - ql_db_branch + dbscheme_branch index @@ -7654,14 +2182,14 @@ 2 3 - 71250 + 116911 - ql_db_branch + dbscheme_branch child @@ -7670,7 +2198,7 @@ 2 3 - 71250 + 116911 @@ -7678,14 +2206,14 @@ index - ql_db_branch + dbscheme_branch 12 - 71250 - 71251 + 116911 + 116912 2 @@ -7700,8 +2228,8 @@ 12 - 71250 - 71251 + 116911 + 116912 2 @@ -7710,7 +2238,7 @@ child - ql_db_branch + dbscheme_branch 12 @@ -7718,7 +2246,7 @@ 1 2 - 142500 + 233822 @@ -7734,7 +2262,7 @@ 1 2 - 142500 + 233822 @@ -7743,22 +2271,22 @@ - ql_db_branch_def - 71250 + dbscheme_branch_def + 116911 id - 71250 + 116911 - ql_db_branch_qldoc + dbscheme_branch_qldoc 0 - ql_db_branch + dbscheme_branch 0 @@ -7768,7 +2296,7 @@ - ql_db_branch + dbscheme_branch qldoc @@ -7777,7 +2305,7 @@ 1 2 - 16 + 1 @@ -7785,7 +2313,7 @@ qldoc - ql_db_branch + dbscheme_branch 12 @@ -7793,7 +2321,7 @@ 1 2 - 16 + 1 @@ -7802,260 +2330,26 @@ - ql_db_case_decl_child - 73865 + dbscheme_case_decl_child + 116911 - ql_db_case_decl - 2615 + dbscheme_case_decl + 4372 index - 219 + 218 child - 73865 + 116911 - ql_db_case_decl + dbscheme_case_decl index - - - 12 - - - 3 - 4 - 412 - - - 4 - 5 - 310 - - - 5 - 6 - 354 - - - 6 - 7 - 163 - - - 7 - 11 - 242 - - - 11 - 17 - 225 - - - 18 - 28 - 237 - - - 29 - 33 - 231 - - - 33 - 112 - 210 - - - 112 - 220 - 231 - - - - - - - ql_db_case_decl - child - - - 12 - - - 3 - 4 - 412 - - - 4 - 5 - 310 - - - 5 - 6 - 354 - - - 6 - 7 - 163 - - - 7 - 11 - 242 - - - 11 - 17 - 225 - - - 18 - 28 - 237 - - - 29 - 33 - 231 - - - 33 - 112 - 210 - - - 112 - 220 - 231 - - - - - - - index - ql_db_case_decl - - - 12 - - - 85 - 86 - 54 - - - 93 - 122 - 5 - - - 138 - 139 - 39 - - - 177 - 279 - 20 - - - 282 - 283 - 27 - - - 297 - 298 - 32 - - - 298 - 781 - 17 - - - 845 - 1279 - 18 - - - 1376 - 2616 - 7 - - - - - - - index - child - - - 12 - - - 85 - 86 - 54 - - - 93 - 122 - 5 - - - 138 - 139 - 39 - - - 177 - 279 - 20 - - - 282 - 283 - 27 - - - 297 - 298 - 32 - - - 298 - 781 - 17 - - - 845 - 1279 - 18 - - - 1376 - 2616 - 7 - - - - - - - child - ql_db_case_decl 12 @@ -8063,7 +2357,291 @@ 1 2 - 73865 + 1 + + + 2 + 3 + 661 + + + 3 + 4 + 486 + + + 4 + 5 + 595 + + + 5 + 6 + 335 + + + 6 + 8 + 187 + + + 9 + 12 + 335 + + + 12 + 18 + 347 + + + 21 + 29 + 395 + + + 29 + 38 + 360 + + + 38 + 116 + 335 + + + 116 + 219 + 335 + + + + + + + dbscheme_case_decl + child + + + 12 + + + 1 + 2 + 1 + + + 2 + 3 + 661 + + + 3 + 4 + 486 + + + 4 + 5 + 595 + + + 5 + 6 + 335 + + + 6 + 8 + 187 + + + 9 + 12 + 335 + + + 12 + 18 + 347 + + + 21 + 29 + 395 + + + 29 + 38 + 360 + + + 38 + 116 + 335 + + + 116 + 219 + 335 + + + + + + + index + dbscheme_case_decl + + + 12 + + + 120 + 121 + 21 + + + 135 + 136 + 27 + + + 143 + 210 + 11 + + + 227 + 228 + 34 + + + 238 + 404 + 17 + + + 405 + 421 + 20 + + + 449 + 452 + 15 + + + 466 + 469 + 17 + + + 472 + 607 + 17 + + + 614 + 1424 + 17 + + + 1424 + 2295 + 17 + + + 2629 + 4373 + 5 + + + + + + + index + child + + + 12 + + + 120 + 121 + 21 + + + 135 + 136 + 27 + + + 143 + 210 + 11 + + + 227 + 228 + 34 + + + 238 + 404 + 17 + + + 405 + 421 + 20 + + + 449 + 452 + 15 + + + 466 + 469 + 17 + + + 472 + 607 + 17 + + + 614 + 1424 + 17 + + + 1424 + 2295 + 17 + + + 2629 + 4373 + 5 + + + + + + + child + dbscheme_case_decl + + + 12 + + + 1 + 2 + 116911 @@ -8079,7 +2657,7 @@ 1 2 - 73865 + 116911 @@ -8088,20 +2666,20 @@ - ql_db_case_decl_def - 3721 + dbscheme_case_decl_def + 4372 id - 3721 + 4372 base - 3721 + 4372 discriminator - 3721 + 4372 @@ -8115,7 +2693,7 @@ 1 2 - 3721 + 4372 @@ -8131,7 +2709,7 @@ 1 2 - 3721 + 4372 @@ -8147,7 +2725,7 @@ 1 2 - 3721 + 4372 @@ -8163,7 +2741,7 @@ 1 2 - 3721 + 4372 @@ -8179,7 +2757,7 @@ 1 2 - 3721 + 4372 @@ -8195,7 +2773,7 @@ 1 2 - 3721 + 4372 @@ -8204,16 +2782,16 @@ - ql_db_col_type_def - 119744 + dbscheme_col_type_def + 252564 id - 119744 + 252564 child - 119744 + 252564 @@ -8227,7 +2805,7 @@ 1 2 - 119744 + 252564 @@ -8243,7 +2821,7 @@ 1 2 - 119744 + 252564 @@ -8252,24 +2830,24 @@ - ql_db_column_def - 119744 + dbscheme_column_def + 252564 id - 119744 + 252564 col_name - 119744 + 252564 col_type - 119744 + 252564 repr_type - 119744 + 252564 @@ -8283,7 +2861,7 @@ 1 2 - 119744 + 252564 @@ -8299,7 +2877,7 @@ 1 2 - 119744 + 252564 @@ -8315,7 +2893,7 @@ 1 2 - 119744 + 252564 @@ -8331,7 +2909,7 @@ 1 2 - 119744 + 252564 @@ -8347,7 +2925,7 @@ 1 2 - 119744 + 252564 @@ -8363,7 +2941,7 @@ 1 2 - 119744 + 252564 @@ -8379,7 +2957,7 @@ 1 2 - 119744 + 252564 @@ -8395,7 +2973,7 @@ 1 2 - 119744 + 252564 @@ -8411,7 +2989,7 @@ 1 2 - 119744 + 252564 @@ -8427,7 +3005,7 @@ 1 2 - 119744 + 252564 @@ -8443,7 +3021,7 @@ 1 2 - 119744 + 252564 @@ -8459,7 +3037,7 @@ 1 2 - 119744 + 252564 @@ -8468,21 +3046,21 @@ - ql_db_column_is_ref - 104832 + dbscheme_column_is_ref + 210468 - ql_db_column - 104832 + dbscheme_column + 210468 is_ref - 104832 + 210468 - ql_db_column + dbscheme_column is_ref @@ -8491,7 +3069,7 @@ 1 2 - 104832 + 210468 @@ -8499,7 +3077,7 @@ is_ref - ql_db_column + dbscheme_column 12 @@ -8507,7 +3085,7 @@ 1 2 - 104832 + 210468 @@ -8516,21 +3094,21 @@ - ql_db_column_is_unique - 33083 + dbscheme_column_is_unique + 75701 - ql_db_column - 33083 + dbscheme_column + 75701 is_unique - 33083 + 75701 - ql_db_column + dbscheme_column is_unique @@ -8539,7 +3117,7 @@ 1 2 - 33083 + 75701 @@ -8547,7 +3125,7 @@ is_unique - ql_db_column + dbscheme_column 12 @@ -8555,7 +3133,7 @@ 1 2 - 33083 + 75701 @@ -8564,21 +3142,21 @@ - ql_db_column_qldoc - 227 + dbscheme_column_qldoc + 470 - ql_db_column - 227 + dbscheme_column + 470 qldoc - 227 + 470 - ql_db_column + dbscheme_column qldoc @@ -8587,7 +3165,7 @@ 1 2 - 227 + 470 @@ -8595,7 +3173,7 @@ qldoc - ql_db_column + dbscheme_column 12 @@ -8603,7 +3181,7 @@ 1 2 - 227 + 470 @@ -8612,16 +3190,363 @@ - ql_db_entry_def - 80467 + dbscheme_dbscheme_child + 169630 - id - 80467 + dbscheme_dbscheme + 532 + + + index + 476 child - 80467 + 169630 + + + + + dbscheme_dbscheme + index + + + 12 + + + 2 + 142 + 43 + + + 142 + 200 + 40 + + + 200 + 259 + 41 + + + 260 + 278 + 41 + + + 278 + 288 + 38 + + + 290 + 305 + 46 + + + 305 + 310 + 42 + + + 310 + 315 + 40 + + + 316 + 418 + 43 + + + 418 + 457 + 46 + + + 457 + 462 + 28 + + + 462 + 466 + 45 + + + 466 + 477 + 39 + + + + + + + dbscheme_dbscheme + child + + + 12 + + + 2 + 142 + 43 + + + 142 + 200 + 40 + + + 200 + 259 + 41 + + + 260 + 278 + 41 + + + 278 + 288 + 38 + + + 290 + 305 + 46 + + + 305 + 310 + 42 + + + 310 + 315 + 40 + + + 316 + 418 + 43 + + + 418 + 457 + 46 + + + 457 + 462 + 28 + + + 462 + 466 + 45 + + + 466 + 477 + 39 + + + + + + + index + dbscheme_dbscheme + + + 12 + + + 7 + 137 + 39 + + + 138 + 187 + 43 + + + 187 + 188 + 70 + + + 190 + 330 + 37 + + + 331 + 418 + 36 + + + 419 + 422 + 42 + + + 422 + 452 + 40 + + + 452 + 502 + 36 + + + 510 + 529 + 32 + + + 529 + 530 + 76 + + + 530 + 533 + 25 + + + + + + + index + child + + + 12 + + + 7 + 137 + 39 + + + 138 + 187 + 43 + + + 187 + 188 + 70 + + + 190 + 330 + 37 + + + 331 + 418 + 36 + + + 419 + 422 + 42 + + + 422 + 452 + 40 + + + 452 + 502 + 36 + + + 510 + 529 + 32 + + + 529 + 530 + 76 + + + 530 + 533 + 25 + + + + + + + child + dbscheme_dbscheme + + + 12 + + + 1 + 2 + 169630 + + + + + + + child + index + + + 12 + + + 1 + 2 + 169630 + + + + + + + + + dbscheme_dbscheme_def + 532 + + + id + 532 + + + + + + dbscheme_entry_def + 169630 + + + id + 169630 + + + child + 169630 @@ -8635,7 +3560,7 @@ 1 2 - 80467 + 169630 @@ -8651,7 +3576,7 @@ 1 2 - 80467 + 169630 @@ -8660,12 +3585,12 @@ - ql_db_repr_type_child - 125769 + dbscheme_repr_type_child + 260261 - ql_db_repr_type - 119744 + dbscheme_repr_type + 252564 index @@ -8673,12 +3598,12 @@ child - 125769 + 260261 - ql_db_repr_type + dbscheme_repr_type index @@ -8687,19 +3612,19 @@ 1 2 - 113719 + 244867 2 3 - 6025 + 7697 - ql_db_repr_type + dbscheme_repr_type child @@ -8708,12 +3633,12 @@ 1 2 - 113719 + 244867 2 3 - 6025 + 7697 @@ -8721,19 +3646,19 @@ index - ql_db_repr_type + dbscheme_repr_type 12 - 6025 - 6026 + 7697 + 7698 1 - 119744 - 119745 + 252564 + 252565 1 @@ -8748,13 +3673,13 @@ 12 - 6025 - 6026 + 7697 + 7698 1 - 119744 - 119745 + 252564 + 252565 1 @@ -8763,7 +3688,7 @@ child - ql_db_repr_type + dbscheme_repr_type 12 @@ -8771,7 +3696,7 @@ 1 2 - 125769 + 260261 @@ -8787,7 +3712,7 @@ 1 2 - 125769 + 260261 @@ -8796,36 +3721,36 @@ - ql_db_repr_type_def - 119744 + dbscheme_repr_type_def + 252564 id - 119744 + 252564 - ql_db_table_child - 125855 + dbscheme_table_child + 273234 - ql_db_table - 45893 + dbscheme_table + 105934 index - 9 + 10 child - 125855 + 273234 - ql_db_table + dbscheme_table index @@ -8834,39 +3759,39 @@ 1 2 - 7029 + 22414 2 3 - 19813 + 41141 3 4 - 6064 + 16585 4 5 - 7309 + 16007 5 - 6 - 2976 + 7 + 9023 - 6 - 10 - 2702 + 7 + 11 + 764 - ql_db_table + dbscheme_table child @@ -8875,32 +3800,32 @@ 1 2 - 7029 + 22414 2 3 - 19813 + 41141 3 4 - 6064 + 16585 4 5 - 7309 + 16007 5 - 6 - 2976 + 7 + 9023 - 6 - 10 - 2702 + 7 + 11 + 764 @@ -8908,54 +3833,59 @@ index - ql_db_table + dbscheme_table 12 - 85 - 86 + 25 + 26 1 - 170 - 171 + 145 + 146 1 - 425 - 426 + 265 + 266 1 - 2702 - 2703 + 764 + 765 1 - 5678 - 5679 + 4621 + 4622 1 - 12987 - 12988 + 9787 + 9788 1 - 19051 - 19052 + 25794 + 25795 1 - 38864 - 38865 + 42379 + 42380 1 - 45893 - 45894 + 83520 + 83521 + 1 + + + 105934 + 105935 1 @@ -8970,48 +3900,53 @@ 12 - 85 - 86 + 25 + 26 1 - 170 - 171 + 145 + 146 1 - 425 - 426 + 265 + 266 1 - 2702 - 2703 + 764 + 765 1 - 5678 - 5679 + 4621 + 4622 1 - 12987 - 12988 + 9787 + 9788 1 - 19051 - 19052 + 25794 + 25795 1 - 38864 - 38865 + 42379 + 42380 1 - 45893 - 45894 + 83520 + 83521 + 1 + + + 105934 + 105935 1 @@ -9020,7 +3955,7 @@ child - ql_db_table + dbscheme_table 12 @@ -9028,7 +3963,7 @@ 1 2 - 125855 + 273234 @@ -9044,7 +3979,7 @@ 1 2 - 125855 + 273234 @@ -9053,16 +3988,16 @@ - ql_db_table_def - 45893 + dbscheme_table_def + 105934 id - 45893 + 105934 table_name - 45893 + 105934 @@ -9076,7 +4011,7 @@ 1 2 - 45893 + 105934 @@ -9092,7 +4027,7 @@ 1 2 - 45893 + 105934 @@ -9101,16 +4036,16 @@ - ql_db_table_name_def - 45893 + dbscheme_table_name_def + 105934 id - 45893 + 105934 child - 45893 + 105934 @@ -9124,7 +4059,7 @@ 1 2 - 45893 + 105934 @@ -9140,7 +4075,7 @@ 1 2 - 45893 + 105934 @@ -9149,26 +4084,26 @@ - ql_db_union_decl_child - 109617 + dbscheme_tokeninfo + 3090306 - ql_db_union_decl - 27769 + id + 3090306 - index - 100 + kind + 16 - child - 109617 + value + 7109 - ql_db_union_decl - index + id + kind 12 @@ -9176,233 +4111,259 @@ 1 2 - 1154 + 3090306 + + + + + + + id + value + + + 12 + + + 1 + 2 + 3090306 + + + + + + + kind + id + + + 12 + + + 1042 + 1043 + 1 + + + 1440 + 1441 + 1 + + + 2354 + 2355 + 1 + + + 7697 + 7698 + 1 + + + 8004 + 8005 + 1 + + + 17513 + 17514 + 1 + + + 20670 + 20671 + 1 + + + 37863 + 37864 + 1 + + + 51435 + 51436 + 1 + + + 75701 + 75702 + 1 + + + 124608 + 124609 + 1 + + + 210468 + 210469 + 1 + + + 258872 + 258873 + 1 + + + 397838 + 397839 + 1 + + + 565153 + 565154 + 1 + + + 1309648 + 1309649 + 1 + + + + + + + kind + value + + + 12 + + + 1 + 2 + 8 2 3 - 13154 + 1 - 3 - 4 - 4277 + 13 + 14 + 1 - 4 - 5 - 2688 + 99 + 100 + 1 - 5 - 6 - 2027 + 197 + 198 + 1 - 6 - 9 - 2546 + 302 + 303 + 1 - 9 - 101 - 1923 + 595 + 596 + 1 + + + 2601 + 2602 + 1 + + + 3292 + 3293 + 1 - ql_db_union_decl - child + value + id 12 1 - 2 - 1154 - - - 2 3 - 13154 + 619 3 - 4 - 4277 - - - 4 - 5 - 2688 - - - 5 - 6 - 2027 - - - 6 9 - 2546 + 534 9 - 101 - 1923 + 25 + 543 + + + 25 + 32 + 544 + + + 32 + 51 + 471 + + + 51 + 67 + 534 + + + 67 + 73 + 567 + + + 73 + 107 + 611 + + + 107 + 121 + 590 + + + 121 + 157 + 534 + + + 158 + 235 + 412 + + + 240 + 322 + 544 + + + 324 + 1897 + 534 + + + 2000 + 270542 + 72 - index - ql_db_union_decl - - - 12 - - - 7 - 12 - 2 - - - 13 - 14 - 11 - - - 27 - 28 - 5 - - - 28 - 29 - 25 - - - 31 - 54 - 9 - - - 62 - 63 - 10 - - - 76 - 90 - 3 - - - 174 - 175 - 8 - - - 177 - 367 - 8 - - - 410 - 1111 - 8 - - - 1364 - 9185 - 8 - - - 13461 - 27770 - 3 - - - - - - - index - child - - - 12 - - - 7 - 12 - 2 - - - 13 - 14 - 11 - - - 27 - 28 - 5 - - - 28 - 29 - 25 - - - 31 - 54 - 9 - - - 62 - 63 - 10 - - - 76 - 90 - 3 - - - 174 - 175 - 8 - - - 177 - 367 - 8 - - - 410 - 1111 - 8 - - - 1364 - 9185 - 8 - - - 13461 - 27770 - 3 - - - - - - - child - ql_db_union_decl + value + kind 12 @@ -9410,23 +4371,7 @@ 1 2 - 109617 - - - - - - - child - index - - - 12 - - - 1 - 2 - 109617 + 7109 @@ -9435,16 +4380,302 @@ - ql_db_union_decl_def - 27769 + dbscheme_union_decl_child + 209792 + + + dbscheme_union_decl + 51790 + + + index + 105 + + + child + 209792 + + + + + dbscheme_union_decl + index + + + 12 + + + 1 + 2 + 2156 + + + 2 + 3 + 25065 + + + 3 + 4 + 7795 + + + 4 + 5 + 4896 + + + 5 + 6 + 3506 + + + 6 + 9 + 4492 + + + 9 + 106 + 3880 + + + + + + + dbscheme_union_decl + child + + + 12 + + + 1 + 2 + 2156 + + + 2 + 3 + 25065 + + + 3 + 4 + 7795 + + + 4 + 5 + 4896 + + + 5 + 6 + 3506 + + + 6 + 9 + 4492 + + + 9 + 106 + 3880 + + + + + + + index + dbscheme_union_decl + + + 12 + + + 7 + 40 + 7 + + + 41 + 42 + 11 + + + 55 + 56 + 2 + + + 70 + 71 + 17 + + + 71 + 72 + 10 + + + 98 + 147 + 9 + + + 213 + 223 + 9 + + + 223 + 399 + 8 + + + 453 + 477 + 8 + + + 505 + 1059 + 8 + + + 1142 + 3881 + 8 + + + 4790 + 51791 + 8 + + + + + + + index + child + + + 12 + + + 7 + 40 + 7 + + + 41 + 42 + 11 + + + 55 + 56 + 2 + + + 70 + 71 + 17 + + + 71 + 72 + 10 + + + 98 + 147 + 9 + + + 213 + 223 + 9 + + + 223 + 399 + 8 + + + 453 + 477 + 8 + + + 505 + 1059 + 8 + + + 1142 + 3881 + 8 + + + 4790 + 51791 + 8 + + + + + + + child + dbscheme_union_decl + + + 12 + + + 1 + 2 + 209792 + + + + + + + child + index + + + 12 + + + 1 + 2 + 209792 + + + + + + + + + dbscheme_union_decl_def + 51790 id - 27769 + 51790 base - 27769 + 51790 @@ -9458,7 +4689,7 @@ 1 2 - 27769 + 51790 @@ -9474,7 +4705,7 @@ 1 2 - 27769 + 51790 @@ -9483,20 +4714,3732 @@ - ql_disjunction_def - 53444 + diagnostics + 5 id - 53444 + 5 + + + severity + 1 + + + error_tag + 1 + + + error_message + 2 + + + full_error_message + 5 + + + location + 5 + + + + + id + severity + + + 12 + + + 1 + 2 + 5 + + + + + + + id + error_tag + + + 12 + + + 1 + 2 + 5 + + + + + + + id + error_message + + + 12 + + + 1 + 2 + 5 + + + + + + + id + full_error_message + + + 12 + + + 1 + 2 + 5 + + + + + + + id + location + + + 12 + + + 1 + 2 + 5 + + + + + + + severity + id + + + 12 + + + 5 + 6 + 1 + + + + + + + severity + error_tag + + + 12 + + + 1 + 2 + 1 + + + + + + + severity + error_message + + + 12 + + + 2 + 3 + 1 + + + + + + + severity + full_error_message + + + 12 + + + 5 + 6 + 1 + + + + + + + severity + location + + + 12 + + + 5 + 6 + 1 + + + + + + + error_tag + id + + + 12 + + + 5 + 6 + 1 + + + + + + + error_tag + severity + + + 12 + + + 1 + 2 + 1 + + + + + + + error_tag + error_message + + + 12 + + + 2 + 3 + 1 + + + + + + + error_tag + full_error_message + + + 12 + + + 5 + 6 + 1 + + + + + + + error_tag + location + + + 12 + + + 5 + 6 + 1 + + + + + + + error_message + id + + + 12 + + + 1 + 2 + 1 + + + 4 + 5 + 1 + + + + + + + error_message + severity + + + 12 + + + 1 + 2 + 2 + + + + + + + error_message + error_tag + + + 12 + + + 1 + 2 + 2 + + + + + + + error_message + full_error_message + + + 12 + + + 1 + 2 + 1 + + + 4 + 5 + 1 + + + + + + + error_message + location + + + 12 + + + 1 + 2 + 1 + + + 4 + 5 + 1 + + + + + + + full_error_message + id + + + 12 + + + 1 + 2 + 5 + + + + + + + full_error_message + severity + + + 12 + + + 1 + 2 + 5 + + + + + + + full_error_message + error_tag + + + 12 + + + 1 + 2 + 5 + + + + + + + full_error_message + error_message + + + 12 + + + 1 + 2 + 5 + + + + + + + full_error_message + location + + + 12 + + + 1 + 2 + 5 + + + + + + + location + id + + + 12 + + + 1 + 2 + 5 + + + + + + + location + severity + + + 12 + + + 1 + 2 + 5 + + + + + + + location + error_tag + + + 12 + + + 1 + 2 + 5 + + + + + + + location + error_message + + + 12 + + + 1 + 2 + 5 + + + + + + + location + full_error_message + + + 12 + + + 1 + 2 + 5 + + + + + + + + + files + 11682 + + + id + 11682 + + + name + 11682 + + + + + id + name + + + 12 + + + 1 + 2 + 11682 + + + + + + + name + id + + + 12 + + + 1 + 2 + 11682 + + + + + + + + + folders + 3982 + + + id + 3982 + + + name + 3982 + + + + + id + name + + + 12 + + + 1 + 2 + 3982 + + + + + + + name + id + + + 12 + + + 1 + 2 + 3982 + + + + + + + + + json_array_child + 2660 + + + json_array + 450 + + + index + 611 + + + child + 2660 + + + + + json_array + index + + + 12 + + + 1 + 2 + 129 + + + 2 + 3 + 136 + + + 3 + 4 + 78 + + + 4 + 5 + 37 + + + 5 + 7 + 41 + + + 7 + 612 + 29 + + + + + + + json_array + child + + + 12 + + + 1 + 2 + 129 + + + 2 + 3 + 136 + + + 3 + 4 + 78 + + + 4 + 5 + 37 + + + 5 + 7 + 41 + + + 7 + 612 + 29 + + + + + + + index + json_array + + + 12 + + + 1 + 2 + 364 + + + 2 + 3 + 84 + + + 3 + 4 + 61 + + + 4 + 7 + 48 + + + 7 + 22 + 46 + + + 26 + 451 + 8 + + + + + + + index + child + + + 12 + + + 1 + 2 + 364 + + + 2 + 3 + 84 + + + 3 + 4 + 61 + + + 4 + 7 + 48 + + + 7 + 22 + 46 + + + 26 + 451 + 8 + + + + + + + child + json_array + + + 12 + + + 1 + 2 + 2660 + + + + + + + child + index + + + 12 + + + 1 + 2 + 2660 + + + + + + + + + json_array_def + 481 + + + id + 481 + + + + + + json_ast_node_info + 34722 + + + node + 34722 + + + parent + 9501 + + + parent_index + 1223 + + + loc + 34603 + + + + + node + parent + + + 12 + + + 1 + 2 + 34722 + + + + + + + node + parent_index + + + 12 + + + 1 + 2 + 34722 + + + + + + + node + loc + + + 12 + + + 1 + 2 + 34722 + + + + + + + parent + node + + + 12 + + + 1 + 3 + 597 + + + 3 + 4 + 8027 + + + 4 + 12 + 718 + + + 13 + 1224 + 159 + + + + + + + parent + parent_index + + + 12 + + + 1 + 3 + 597 + + + 3 + 4 + 8027 + + + 4 + 12 + 718 + + + 13 + 1224 + 159 + + + + + + + parent + loc + + + 12 + + + 1 + 3 + 597 + + + 3 + 4 + 8027 + + + 4 + 12 + 718 + + + 13 + 1224 + 159 + + + + + + + parent_index + node + + + 12 + + + 1 + 2 + 728 + + + 2 + 3 + 168 + + + 3 + 4 + 106 + + + 4 + 7 + 96 + + + 7 + 22 + 94 + + + 22 + 9502 + 31 + + + + + + + parent_index + parent + + + 12 + + + 1 + 2 + 728 + + + 2 + 3 + 168 + + + 3 + 4 + 106 + + + 4 + 7 + 96 + + + 7 + 22 + 94 + + + 22 + 9502 + 31 + + + + + + + parent_index + loc + + + 12 + + + 1 + 2 + 728 + + + 2 + 3 + 168 + + + 3 + 4 + 106 + + + 4 + 7 + 96 + + + 7 + 22 + 94 + + + 22 + 9385 + 31 + + + + + + + loc + node + + + 12 + + + 1 + 2 + 34484 + + + 2 + 3 + 119 + + + + + + + loc + parent + + + 12 + + + 1 + 2 + 34484 + + + 2 + 3 + 119 + + + + + + + loc + parent_index + + + 12 + + + 1 + 2 + 34601 + + + 2 + 3 + 2 + + + + + + + + + json_document_child + 269 + + + json_document + 269 + + + index + 1 + + + child + 269 + + + + + json_document + index + + + 12 + + + 1 + 2 + 269 + + + + + + + json_document + child + + + 12 + + + 1 + 2 + 269 + + + + + + + index + json_document + + + 12 + + + 269 + 270 + 1 + + + + + + + index + child + + + 12 + + + 269 + 270 + 1 + + + + + + + child + json_document + + + 12 + + + 1 + 2 + 269 + + + + + + + child + index + + + 12 + + + 1 + 2 + 269 + + + + + + + + + json_document_def + 272 + + + id + 272 + + + + + + json_object_child + 2223 + + + json_object + 763 + + + index + 110 + + + child + 2223 + + + + + json_object + index + + + 12 + + + 1 + 2 + 211 + + + 2 + 3 + 322 + + + 3 + 4 + 65 + + + 4 + 6 + 44 + + + 6 + 7 + 102 + + + 7 + 111 + 19 + + + + + + + json_object + child + + + 12 + + + 1 + 2 + 211 + + + 2 + 3 + 322 + + + 3 + 4 + 65 + + + 4 + 6 + 44 + + + 6 + 7 + 102 + + + 7 + 111 + 19 + + + + + + + index + json_object + + + 12 + + + 1 + 2 + 61 + + + 2 + 3 + 11 + + + 3 + 4 + 10 + + + 4 + 5 + 2 + + + 5 + 6 + 14 + + + 7 + 166 + 9 + + + 230 + 764 + 3 + + + + + + + index + child + + + 12 + + + 1 + 2 + 61 + + + 2 + 3 + 11 + + + 3 + 4 + 10 + + + 4 + 5 + 2 + + + 5 + 6 + 14 + + + 7 + 166 + 9 + + + 230 + 764 + 3 + + + + + + + child + json_object + + + 12 + + + 1 + 2 + 2223 + + + + + + + child + index + + + 12 + + + 1 + 2 + 2223 + + + + + + + + + json_object_def + 787 + + + id + 787 + + + + + + json_pair_def + 2223 + + + id + 2223 + + + key__ + 2223 + + + value + 2223 + + + + + id + key__ + + + 12 + + + 1 + 2 + 2223 + + + + + + + id + value + + + 12 + + + 1 + 2 + 2223 + + + + + + + key__ + id + + + 12 + + + 1 + 2 + 2223 + + + + + + + key__ + value + + + 12 + + + 1 + 2 + 2223 + + + + + + + value + id + + + 12 + + + 1 + 2 + 2223 + + + + + + + value + key__ + + + 12 + + + 1 + 2 + 2223 + + + + + + + + + json_string_child + 5465 + + + json_string__ + 5465 + + + child + 5465 + + + + + json_string__ + child + + + 12 + + + 1 + 2 + 5465 + + + + + + + child + json_string__ + + + 12 + + + 1 + 2 + 5465 + + + + + + + + + json_string_def + 5469 + + + id + 5469 + + + + + + json_tokeninfo + 25490 + + + id + 25490 + + + kind + 7 + + + value + 3153 + + + + + id + kind + + + 12 + + + 1 + 2 + 25490 + + + + + + + id + value + + + 12 + + + 1 + 2 + 25490 + + + + + + + kind + id + + + 12 + + + 18 + 19 + 1 + + + 27 + 28 + 1 + + + 106 + 107 + 1 + + + 246 + 247 + 1 + + + 259 + 260 + 1 + + + 5465 + 5466 + 1 + + + 19369 + 19370 + 1 + + + + + + + kind + value + + + 12 + + + 1 + 2 + 3 + + + 7 + 8 + 1 + + + 14 + 15 + 1 + + + 18 + 19 + 1 + + + 3111 + 3112 + 1 + + + + + + + value + id + + + 12 + + + 1 + 2 + 2832 + + + 2 + 7 + 246 + + + 7 + 10939 + 75 + + + + + + + value + kind + + + 12 + + + 1 + 2 + 3153 + + + + + + + + + locations_default + 8479546 + + + id + 8479546 + + + file + 11682 + + + beginLine + 9036 + + + beginColumn + 1371 + + + endLine + 9036 + + + endColumn + 1376 + + + + + id + file + + + 12 + + + 1 + 2 + 8479546 + + + + + + + id + beginLine + + + 12 + + + 1 + 2 + 8479546 + + + + + + + id + beginColumn + + + 12 + + + 1 + 2 + 8479546 + + + + + + + id + endLine + + + 12 + + + 1 + 2 + 8479546 + + + + + + + id + endColumn + + + 12 + + + 1 + 2 + 8479546 + + + + + + + file + id + + + 12 + + + 1 + 21 + 906 + + + 21 + 32 + 909 + + + 32 + 40 + 959 + + + 40 + 54 + 882 + + + 54 + 70 + 903 + + + 70 + 88 + 878 + + + 88 + 117 + 880 + + + 117 + 160 + 879 + + + 160 + 236 + 880 + + + 236 + 377 + 877 + + + 377 + 709 + 878 + + + 709 + 2101 + 877 + + + 2102 + 9785 + 880 + + + 9805 + 54160 + 94 + + + + + + + file + beginLine + + + 12 + + + 1 + 3 + 511 + + + 3 + 4 + 1068 + + + 4 + 5 + 961 + + + 5 + 6 + 680 + + + 6 + 7 + 632 + + + 7 + 9 + 946 + + + 9 + 11 + 969 + + + 11 + 16 + 1044 + + + 16 + 23 + 907 + + + 23 + 36 + 906 + + + 36 + 65 + 885 + + + 65 + 158 + 879 + + + 158 + 1002 + 877 + + + 1002 + 9027 + 417 + + + + + + + file + beginColumn + + + 12 + + + 1 + 11 + 997 + + + 11 + 17 + 858 + + + 17 + 21 + 876 + + + 21 + 26 + 967 + + + 26 + 32 + 939 + + + 32 + 39 + 976 + + + 39 + 47 + 938 + + + 47 + 56 + 928 + + + 56 + 66 + 908 + + + 66 + 77 + 925 + + + 77 + 87 + 897 + + + 87 + 98 + 929 + + + 98 + 512 + 544 + + + + + + + file + endLine + + + 12 + + + 1 + 3 + 510 + + + 3 + 4 + 1068 + + + 4 + 5 + 962 + + + 5 + 6 + 680 + + + 6 + 7 + 632 + + + 7 + 9 + 946 + + + 9 + 11 + 969 + + + 11 + 16 + 1044 + + + 16 + 23 + 907 + + + 23 + 36 + 906 + + + 36 + 65 + 885 + + + 65 + 158 + 879 + + + 158 + 1002 + 877 + + + 1002 + 9027 + 417 + + + + + + + file + endColumn + + + 12 + + + 1 + 14 + 962 + + + 14 + 20 + 888 + + + 20 + 24 + 908 + + + 24 + 29 + 942 + + + 29 + 36 + 942 + + + 36 + 43 + 953 + + + 43 + 51 + 914 + + + 51 + 61 + 930 + + + 61 + 72 + 954 + + + 72 + 82 + 911 + + + 82 + 92 + 914 + + + 92 + 102 + 933 + + + 102 + 523 + 531 + + + + + + + beginLine + id + + + 12 + + + 1 + 2 + 1328 + + + 2 + 10 + 621 + + + 10 + 11 + 1424 + + + 11 + 20 + 819 + + + 20 + 38 + 679 + + + 38 + 92 + 685 + + + 92 + 170 + 680 + + + 170 + 595 + 678 + + + 596 + 1692 + 679 + + + 1692 + 3137 + 679 + + + 3137 + 12009 + 678 + + + 12114 + 51821 + 86 + + + + + + + beginLine + file + + + 12 + + + 1 + 2 + 2644 + + + 2 + 3 + 1456 + + + 3 + 10 + 685 + + + 10 + 11 + 354 + + + 11 + 12 + 565 + + + 12 + 18 + 691 + + + 18 + 206 + 680 + + + 206 + 332 + 684 + + + 332 + 542 + 679 + + + 542 + 11511 + 598 + + + + + + + beginLine + beginColumn + + + 12 + + + 1 + 2 + 1516 + + + 2 + 7 + 524 + + + 7 + 8 + 1697 + + + 8 + 13 + 674 + + + 13 + 18 + 834 + + + 18 + 28 + 695 + + + 28 + 46 + 696 + + + 46 + 76 + 685 + + + 76 + 92 + 692 + + + 92 + 105 + 687 + + + 105 + 387 + 336 + + + + + + + beginLine + endLine + + + 12 + + + 1 + 2 + 4164 + + + 2 + 3 + 1304 + + + 3 + 4 + 500 + + + 4 + 6 + 624 + + + 6 + 9 + 648 + + + 9 + 14 + 756 + + + 14 + 26 + 678 + + + 26 + 4558 + 362 + + + + + + + beginLine + endColumn + + + 12 + + + 1 + 2 + 1328 + + + 2 + 7 + 666 + + + 7 + 8 + 1472 + + + 8 + 13 + 824 + + + 13 + 18 + 712 + + + 18 + 26 + 679 + + + 26 + 42 + 690 + + + 42 + 73 + 701 + + + 73 + 91 + 697 + + + 91 + 105 + 721 + + + 105 + 391 + 546 + + + + + + + beginColumn + id + + + 12 + + + 1 + 4 + 92 + + + 4 + 5 + 121 + + + 5 + 8 + 122 + + + 8 + 9 + 123 + + + 9 + 11 + 117 + + + 11 + 12 + 40 + + + 12 + 13 + 109 + + + 13 + 17 + 118 + + + 17 + 22 + 108 + + + 22 + 33 + 106 + + + 33 + 75 + 103 + + + 75 + 739 + 103 + + + 740 + 195640 + 103 + + + 213807 + 865889 + 6 + + + + + + + beginColumn + file + + + 12 + + + 1 + 3 + 120 + + + 4 + 5 + 120 + + + 5 + 7 + 71 + + + 7 + 8 + 62 + + + 8 + 9 + 119 + + + 9 + 11 + 109 + + + 11 + 12 + 40 + + + 12 + 13 + 112 + + + 13 + 17 + 125 + + + 17 + 23 + 105 + + + 23 + 34 + 106 + + + 34 + 79 + 103 + + + 80 + 3436 + 103 + + + 3468 + 11682 + 76 + + + + + + + beginColumn + beginLine + + + 12 + + + 1 + 2 + 215 + + + 2 + 3 + 318 + + + 3 + 4 + 126 + + + 4 + 5 + 141 + + + 5 + 6 + 75 + + + 6 + 8 + 103 + + + 8 + 13 + 117 + + + 13 + 32 + 104 + + + 32 + 2080 + 103 + + + 2093 + 9035 + 69 + + + + + + + beginColumn + endLine + + + 12 + + + 1 + 2 + 215 + + + 2 + 3 + 318 + + + 3 + 4 + 126 + + + 4 + 5 + 141 + + + 5 + 6 + 75 + + + 6 + 8 + 103 + + + 8 + 13 + 117 + + + 13 + 32 + 104 + + + 32 + 2112 + 103 + + + 2123 + 9035 + 69 + + + + + + + beginColumn + endColumn + + + 12 + + + 1 + 2 + 693 + + + 2 + 3 + 314 + + + 3 + 4 + 112 + + + 4 + 7 + 114 + + + 7 + 84 + 103 + + + 84 + 263 + 35 + + + + + + + endLine + id + + + 12 + + + 1 + 2 + 1323 + + + 2 + 11 + 675 + + + 11 + 12 + 1420 + + + 12 + 22 + 806 + + + 22 + 44 + 680 + + + 44 + 95 + 683 + + + 95 + 173 + 685 + + + 173 + 808 + 678 + + + 823 + 1711 + 678 + + + 1711 + 3189 + 678 + + + 3189 + 16909 + 678 + + + 17178 + 52390 + 52 + + + + + + + endLine + file + + + 12 + + + 1 + 2 + 2641 + + + 2 + 3 + 1465 + + + 3 + 10 + 673 + + + 10 + 11 + 361 + + + 11 + 12 + 555 + + + 12 + 18 + 699 + + + 18 + 206 + 680 + + + 206 + 330 + 682 + + + 330 + 541 + 680 + + + 541 + 6341 + 600 + + + + + + + endLine + beginLine + + + 12 + + + 1 + 2 + 2018 + + + 2 + 3 + 2354 + + + 3 + 4 + 1144 + + + 4 + 5 + 627 + + + 5 + 8 + 797 + + + 8 + 12 + 693 + + + 12 + 20 + 679 + + + 20 + 50 + 682 + + + 50 + 64 + 42 + + + + + + + endLine + beginColumn + + + 12 + + + 1 + 2 + 1468 + + + 2 + 7 + 555 + + + 7 + 8 + 1644 + + + 8 + 13 + 721 + + + 13 + 18 + 825 + + + 18 + 28 + 709 + + + 28 + 45 + 682 + + + 45 + 76 + 699 + + + 76 + 92 + 694 + + + 92 + 105 + 695 + + + 105 + 388 + 344 + + + + + + + endLine + endColumn + + + 12 + + + 1 + 2 + 1323 + + + 2 + 7 + 691 + + + 7 + 8 + 1491 + + + 8 + 12 + 718 + + + 12 + 17 + 669 + + + 17 + 24 + 732 + + + 24 + 40 + 707 + + + 40 + 70 + 691 + + + 70 + 90 + 732 + + + 90 + 104 + 704 + + + 104 + 391 + 578 + + + + + + + endColumn + id + + + 12 + + + 1 + 4 + 87 + + + 4 + 5 + 120 + + + 5 + 8 + 120 + + + 8 + 9 + 123 + + + 9 + 11 + 110 + + + 11 + 12 + 41 + + + 12 + 13 + 108 + + + 13 + 17 + 121 + + + 17 + 22 + 105 + + + 22 + 33 + 107 + + + 33 + 73 + 104 + + + 73 + 547 + 104 + + + 571 + 148376 + 104 + + + 149850 + 309769 + 22 + + + + + + + endColumn + file + + + 12 + + + 1 + 3 + 113 + + + 3 + 5 + 122 + + + 5 + 7 + 70 + + + 7 + 8 + 63 + + + 8 + 9 + 117 + + + 9 + 11 + 108 + + + 11 + 12 + 38 + + + 12 + 13 + 112 + + + 13 + 17 + 124 + + + 17 + 23 + 105 + + + 23 + 33 + 106 + + + 33 + 71 + 104 + + + 71 + 2586 + 104 + + + 2841 + 10750 + 90 + + + + + + + endColumn + beginLine + + + 12 + + + 1 + 2 + 213 + + + 2 + 3 + 316 + + + 3 + 4 + 126 + + + 4 + 5 + 141 + + + 5 + 6 + 71 + + + 6 + 8 + 102 + + + 8 + 12 + 106 + + + 12 + 28 + 106 + + + 28 + 1632 + 104 + + + 1663 + 6417 + 91 + + + + + + + endColumn + beginColumn + + + 12 + + + 1 + 2 + 683 + + + 2 + 3 + 268 + + + 3 + 4 + 116 + + + 4 + 7 + 109 + + + 7 + 34 + 104 + + + 34 + 102 + 96 + + + + + + + endColumn + endLine + + + 12 + + + 1 + 2 + 213 + + + 2 + 3 + 316 + + + 3 + 4 + 126 + + + 4 + 5 + 141 + + + 5 + 6 + 71 + + + 6 + 8 + 102 + + + 8 + 12 + 107 + + + 12 + 28 + 107 + + + 28 + 1640 + 104 + + + 1670 + 6384 + 89 + + + + + + + + + ql_add_expr_def + 14857 + + + id + 14857 left - 53444 + 14857 right - 53444 + 14857 + + + child + 14857 @@ -9510,7 +8453,7 @@ 1 2 - 53444 + 14857 @@ -9526,7 +8469,23 @@ 1 2 - 53444 + 14857 + + + + + + + id + child + + + 12 + + + 1 + 2 + 14857 @@ -9542,7 +8501,7 @@ 1 2 - 53444 + 14857 @@ -9558,7 +8517,23 @@ 1 2 - 53444 + 14857 + + + + + + + left + child + + + 12 + + + 1 + 2 + 14857 @@ -9574,7 +8549,7 @@ 1 2 - 53444 + 14857 @@ -9590,7 +8565,4477 @@ 1 2 - 53444 + 14857 + + + + + + + right + child + + + 12 + + + 1 + 2 + 14857 + + + + + + + child + id + + + 12 + + + 1 + 2 + 14857 + + + + + + + child + left + + + 12 + + + 1 + 2 + 14857 + + + + + + + child + right + + + 12 + + + 1 + 2 + 14857 + + + + + + + + + ql_aggregate_child + 17934 + + + ql_aggregate + 9694 + + + index + 3 + + + child + 17934 + + + + + ql_aggregate + index + + + 12 + + + 1 + 2 + 1687 + + + 2 + 3 + 7774 + + + 3 + 4 + 233 + + + + + + + ql_aggregate + child + + + 12 + + + 1 + 2 + 1687 + + + 2 + 3 + 7774 + + + 3 + 4 + 233 + + + + + + + index + ql_aggregate + + + 12 + + + 233 + 234 + 1 + + + 8007 + 8008 + 1 + + + 9694 + 9695 + 1 + + + + + + + index + child + + + 12 + + + 233 + 234 + 1 + + + 8007 + 8008 + 1 + + + 9694 + 9695 + 1 + + + + + + + child + ql_aggregate + + + 12 + + + 1 + 2 + 17934 + + + + + + + child + index + + + 12 + + + 1 + 2 + 17934 + + + + + + + + + ql_aggregate_def + 9694 + + + id + 9694 + + + + + + ql_annot_arg_def + 6094 + + + id + 6094 + + + child + 6094 + + + + + id + child + + + 12 + + + 1 + 2 + 6094 + + + + + + + child + id + + + 12 + + + 1 + 2 + 6094 + + + + + + + + + ql_annotation_args + 6862 + + + ql_annotation + 5326 + + + index + 9 + + + args + 6862 + + + + + ql_annotation + index + + + 12 + + + 1 + 2 + 4776 + + + 3 + 4 + 382 + + + 5 + 10 + 168 + + + + + + + ql_annotation + args + + + 12 + + + 1 + 2 + 4776 + + + 3 + 4 + 382 + + + 5 + 10 + 168 + + + + + + + index + ql_annotation + + + 12 + + + 2 + 3 + 2 + + + 48 + 49 + 2 + + + 168 + 169 + 2 + + + 550 + 551 + 2 + + + 5326 + 5327 + 1 + + + + + + + index + args + + + 12 + + + 2 + 3 + 2 + + + 48 + 49 + 2 + + + 168 + 169 + 2 + + + 550 + 551 + 2 + + + 5326 + 5327 + 1 + + + + + + + args + ql_annotation + + + 12 + + + 1 + 2 + 6862 + + + + + + + args + index + + + 12 + + + 1 + 2 + 6862 + + + + + + + + + ql_annotation_def + 72771 + + + id + 72771 + + + name + 72771 + + + + + id + name + + + 12 + + + 1 + 2 + 72771 + + + + + + + name + id + + + 12 + + + 1 + 2 + 72771 + + + + + + + + + ql_arityless_predicate_expr_def + 67354 + + + id + 67354 + + + name + 67354 + + + + + id + name + + + 12 + + + 1 + 2 + 67354 + + + + + + + name + id + + + 12 + + + 1 + 2 + 67354 + + + + + + + + + ql_arityless_predicate_expr_qualifier + 10179 + + + ql_arityless_predicate_expr + 10179 + + + qualifier + 10179 + + + + + ql_arityless_predicate_expr + qualifier + + + 12 + + + 1 + 2 + 10179 + + + + + + + qualifier + ql_arityless_predicate_expr + + + 12 + + + 1 + 2 + 10179 + + + + + + + + + ql_as_expr_child + 19682 + + + ql_as_expr + 19448 + + + index + 2 + + + child + 19682 + + + + + ql_as_expr + index + + + 12 + + + 1 + 2 + 19214 + + + 2 + 3 + 234 + + + + + + + ql_as_expr + child + + + 12 + + + 1 + 2 + 19214 + + + 2 + 3 + 234 + + + + + + + index + ql_as_expr + + + 12 + + + 234 + 235 + 1 + + + 19448 + 19449 + 1 + + + + + + + index + child + + + 12 + + + 234 + 235 + 1 + + + 19448 + 19449 + 1 + + + + + + + child + ql_as_expr + + + 12 + + + 1 + 2 + 19682 + + + + + + + child + index + + + 12 + + + 1 + 2 + 19682 + + + + + + + + + ql_as_expr_def + 19448 + + + id + 19448 + + + + + + ql_as_exprs_child + 19448 + + + ql_as_exprs + 8242 + + + index + 35 + + + child + 19448 + + + + + ql_as_exprs + index + + + 12 + + + 1 + 2 + 3031 + + + 2 + 3 + 2962 + + + 3 + 4 + 672 + + + 4 + 5 + 702 + + + 5 + 7 + 678 + + + 7 + 36 + 197 + + + + + + + ql_as_exprs + child + + + 12 + + + 1 + 2 + 3031 + + + 2 + 3 + 2962 + + + 3 + 4 + 672 + + + 4 + 5 + 702 + + + 5 + 7 + 678 + + + 7 + 36 + 197 + + + + + + + index + ql_as_exprs + + + 12 + + + 1 + 2 + 2 + + + 2 + 3 + 4 + + + 3 + 4 + 4 + + + 4 + 5 + 6 + + + 6 + 10 + 2 + + + 10 + 13 + 3 + + + 13 + 19 + 3 + + + 26 + 55 + 3 + + + 123 + 720 + 3 + + + 875 + 2250 + 3 + + + 5211 + 8243 + 2 + + + + + + + index + child + + + 12 + + + 1 + 2 + 2 + + + 2 + 3 + 4 + + + 3 + 4 + 4 + + + 4 + 5 + 6 + + + 6 + 10 + 2 + + + 10 + 13 + 3 + + + 13 + 19 + 3 + + + 26 + 55 + 3 + + + 123 + 720 + 3 + + + 875 + 2250 + 3 + + + 5211 + 8243 + 2 + + + + + + + child + ql_as_exprs + + + 12 + + + 1 + 2 + 19448 + + + + + + + child + index + + + 12 + + + 1 + 2 + 19448 + + + + + + + + + ql_as_exprs_def + 8242 + + + id + 8242 + + + + + + ql_ast_node_info + 6543748 + + + node + 6543748 + + + parent + 3102776 + + + parent_index + 2057 + + + loc + 4792814 + + + + + node + parent + + + 12 + + + 1 + 2 + 6543748 + + + + + + + node + parent_index + + + 12 + + + 1 + 2 + 6543748 + + + + + + + node + loc + + + 12 + + + 1 + 2 + 6543748 + + + + + + + parent + node + + + 12 + + + 1 + 2 + 1758472 + + + 2 + 3 + 308336 + + + 3 + 4 + 770593 + + + 4 + 11 + 240390 + + + 11 + 2058 + 24985 + + + + + + + parent + parent_index + + + 12 + + + 1 + 2 + 1758472 + + + 2 + 3 + 308336 + + + 3 + 4 + 770593 + + + 4 + 11 + 240390 + + + 11 + 2058 + 24985 + + + + + + + parent + loc + + + 12 + + + 1 + 2 + 1758472 + + + 2 + 3 + 308336 + + + 3 + 4 + 770593 + + + 4 + 11 + 240390 + + + 11 + 2058 + 24985 + + + + + + + parent_index + node + + + 12 + + + 1 + 2 + 805 + + + 2 + 3 + 251 + + + 3 + 4 + 388 + + + 4 + 9 + 188 + + + 9 + 24 + 161 + + + 24 + 119 + 155 + + + 120 + 3102777 + 109 + + + + + + + parent_index + parent + + + 12 + + + 1 + 2 + 805 + + + 2 + 3 + 251 + + + 3 + 4 + 388 + + + 4 + 9 + 188 + + + 9 + 24 + 161 + + + 24 + 119 + 155 + + + 120 + 3102777 + 109 + + + + + + + parent_index + loc + + + 12 + + + 1 + 2 + 805 + + + 2 + 3 + 251 + + + 3 + 4 + 388 + + + 4 + 9 + 188 + + + 9 + 24 + 161 + + + 24 + 119 + 155 + + + 120 + 2116191 + 109 + + + + + + + loc + node + + + 12 + + + 1 + 2 + 3411160 + + + 2 + 3 + 1025095 + + + 3 + 6 + 356559 + + + + + + + loc + parent + + + 12 + + + 1 + 2 + 3411160 + + + 2 + 3 + 1025095 + + + 3 + 6 + 356559 + + + + + + + loc + parent_index + + + 12 + + + 1 + 2 + 4028466 + + + 2 + 3 + 764348 + + + + + + + + + ql_body_def + 70726 + + + id + 70726 + + + child + 70726 + + + + + id + child + + + 12 + + + 1 + 2 + 70726 + + + + + + + child + id + + + 12 + + + 1 + 2 + 70726 + + + + + + + + + ql_bool_def + 5039 + + + id + 5039 + + + child + 5039 + + + + + id + child + + + 12 + + + 1 + 2 + 5039 + + + + + + + child + id + + + 12 + + + 1 + 2 + 5039 + + + + + + + + + ql_call_body_child + 122556 + + + ql_call_body + 57429 + + + index + 15 + + + child + 122556 + + + + + ql_call_body + index + + + 12 + + + 1 + 2 + 25731 + + + 2 + 3 + 15265 + + + 3 + 4 + 8568 + + + 4 + 5 + 3857 + + + 5 + 16 + 4008 + + + + + + + ql_call_body + child + + + 12 + + + 1 + 2 + 25731 + + + 2 + 3 + 15265 + + + 3 + 4 + 8568 + + + 4 + 5 + 3857 + + + 5 + 16 + 4008 + + + + + + + index + ql_call_body + + + 12 + + + 16 + 17 + 2 + + + 18 + 19 + 1 + + + 42 + 43 + 1 + + + 91 + 92 + 1 + + + 184 + 185 + 1 + + + 450 + 451 + 1 + + + 760 + 761 + 1 + + + 1254 + 1255 + 1 + + + 2292 + 2293 + 1 + + + 4008 + 4009 + 1 + + + 7865 + 7866 + 1 + + + 16433 + 16434 + 1 + + + 31698 + 31699 + 1 + + + 57429 + 57430 + 1 + + + + + + + index + child + + + 12 + + + 16 + 17 + 2 + + + 18 + 19 + 1 + + + 42 + 43 + 1 + + + 91 + 92 + 1 + + + 184 + 185 + 1 + + + 450 + 451 + 1 + + + 760 + 761 + 1 + + + 1254 + 1255 + 1 + + + 2292 + 2293 + 1 + + + 4008 + 4009 + 1 + + + 7865 + 7866 + 1 + + + 16433 + 16434 + 1 + + + 31698 + 31699 + 1 + + + 57429 + 57430 + 1 + + + + + + + child + ql_call_body + + + 12 + + + 1 + 2 + 122556 + + + + + + + child + index + + + 12 + + + 1 + 2 + 122556 + + + + + + + + + ql_call_body_def + 66692 + + + id + 66692 + + + + + + ql_call_or_unqual_agg_expr_child + 133679 + + + ql_call_or_unqual_agg_expr + 66692 + + + index + 3 + + + child + 133679 + + + + + ql_call_or_unqual_agg_expr + index + + + 12 + + + 2 + 3 + 66397 + + + 3 + 4 + 295 + + + + + + + ql_call_or_unqual_agg_expr + child + + + 12 + + + 2 + 3 + 66397 + + + 3 + 4 + 295 + + + + + + + index + ql_call_or_unqual_agg_expr + + + 12 + + + 295 + 296 + 1 + + + 66692 + 66693 + 2 + + + + + + + index + child + + + 12 + + + 295 + 296 + 1 + + + 66692 + 66693 + 2 + + + + + + + child + ql_call_or_unqual_agg_expr + + + 12 + + + 1 + 2 + 133679 + + + + + + + child + index + + + 12 + + + 1 + 2 + 133679 + + + + + + + + + ql_call_or_unqual_agg_expr_def + 66692 + + + id + 66692 + + + + + + ql_charpred_def + 12588 + + + id + 12588 + + + body + 12588 + + + child + 12588 + + + + + id + body + + + 12 + + + 1 + 2 + 12588 + + + + + + + id + child + + + 12 + + + 1 + 2 + 12588 + + + + + + + body + id + + + 12 + + + 1 + 2 + 12588 + + + + + + + body + child + + + 12 + + + 1 + 2 + 12588 + + + + + + + child + id + + + 12 + + + 1 + 2 + 12588 + + + + + + + child + body + + + 12 + + + 1 + 2 + 12588 + + + + + + + + + ql_class_member_child + 121852 + + + ql_class_member + 84646 + + + index + 4 + + + child + 121852 + + + + + ql_class_member + index + + + 12 + + + 1 + 2 + 51616 + + + 2 + 3 + 28924 + + + 3 + 5 + 4106 + + + + + + + ql_class_member + child + + + 12 + + + 1 + 2 + 51616 + + + 2 + 3 + 28924 + + + 3 + 5 + 4106 + + + + + + + index + ql_class_member + + + 12 + + + 70 + 71 + 1 + + + 4106 + 4107 + 1 + + + 33030 + 33031 + 1 + + + 84646 + 84647 + 1 + + + + + + + index + child + + + 12 + + + 70 + 71 + 1 + + + 4106 + 4107 + 1 + + + 33030 + 33031 + 1 + + + 84646 + 84647 + 1 + + + + + + + child + ql_class_member + + + 12 + + + 1 + 2 + 121852 + + + + + + + child + index + + + 12 + + + 1 + 2 + 121852 + + + + + + + + + ql_class_member_def + 84646 + + + id + 84646 + + + + + + ql_classless_predicate_child + 72035 + + + ql_classless_predicate + 24640 + + + index + 16 + + + child + 72035 + + + + + ql_classless_predicate + index + + + 12 + + + 1 + 2 + 2612 + + + 2 + 3 + 9441 + + + 3 + 4 + 6254 + + + 4 + 5 + 3291 + + + 5 + 7 + 2183 + + + 7 + 17 + 859 + + + + + + + ql_classless_predicate + child + + + 12 + + + 1 + 2 + 2612 + + + 2 + 3 + 9441 + + + 3 + 4 + 6254 + + + 4 + 5 + 3291 + + + 5 + 7 + 2183 + + + 7 + 17 + 859 + + + + + + + index + ql_classless_predicate + + + 12 + + + 8 + 9 + 2 + + + 9 + 10 + 1 + + + 25 + 26 + 1 + + + 43 + 44 + 1 + + + 83 + 84 + 1 + + + 164 + 165 + 1 + + + 269 + 270 + 1 + + + 491 + 492 + 1 + + + 859 + 860 + 1 + + + 1446 + 1447 + 1 + + + 3042 + 3043 + 1 + + + 6333 + 6334 + 1 + + + 12587 + 12588 + 1 + + + 22028 + 22029 + 1 + + + 24640 + 24641 + 1 + + + + + + + index + child + + + 12 + + + 8 + 9 + 2 + + + 9 + 10 + 1 + + + 25 + 26 + 1 + + + 43 + 44 + 1 + + + 83 + 84 + 1 + + + 164 + 165 + 1 + + + 269 + 270 + 1 + + + 491 + 492 + 1 + + + 859 + 860 + 1 + + + 1446 + 1447 + 1 + + + 3042 + 3043 + 1 + + + 6333 + 6334 + 1 + + + 12587 + 12588 + 1 + + + 22028 + 22029 + 1 + + + 24640 + 24641 + 1 + + + + + + + child + ql_classless_predicate + + + 12 + + + 1 + 2 + 72035 + + + + + + + child + index + + + 12 + + + 1 + 2 + 72035 + + + + + + + + + ql_classless_predicate_def + 24640 + + + id + 24640 + + + name + 24640 + + + return_type + 24640 + + + + + id + name + + + 12 + + + 1 + 2 + 24640 + + + + + + + id + return_type + + + 12 + + + 1 + 2 + 24640 + + + + + + + name + id + + + 12 + + + 1 + 2 + 24640 + + + + + + + name + return_type + + + 12 + + + 1 + 2 + 24640 + + + + + + + return_type + id + + + 12 + + + 1 + 2 + 24640 + + + + + + + return_type + name + + + 12 + + + 1 + 2 + 24640 + + + + + + + + + ql_comp_term_def + 138784 + + + id + 138784 + + + left + 138784 + + + right + 138784 + + + child + 138784 + + + + + id + left + + + 12 + + + 1 + 2 + 138784 + + + + + + + id + right + + + 12 + + + 1 + 2 + 138784 + + + + + + + id + child + + + 12 + + + 1 + 2 + 138784 + + + + + + + left + id + + + 12 + + + 1 + 2 + 138784 + + + + + + + left + right + + + 12 + + + 1 + 2 + 138784 + + + + + + + left + child + + + 12 + + + 1 + 2 + 138784 + + + + + + + right + id + + + 12 + + + 1 + 2 + 138784 + + + + + + + right + left + + + 12 + + + 1 + 2 + 138784 + + + + + + + right + child + + + 12 + + + 1 + 2 + 138784 + + + + + + + child + id + + + 12 + + + 1 + 2 + 138784 + + + + + + + child + left + + + 12 + + + 1 + 2 + 138784 + + + + + + + child + right + + + 12 + + + 1 + 2 + 138784 + + + + + + + + + ql_conjunction_def + 80925 + + + id + 80925 + + + left + 80925 + + + right + 80925 + + + + + id + left + + + 12 + + + 1 + 2 + 80925 + + + + + + + id + right + + + 12 + + + 1 + 2 + 80925 + + + + + + + left + id + + + 12 + + + 1 + 2 + 80925 + + + + + + + left + right + + + 12 + + + 1 + 2 + 80925 + + + + + + + right + id + + + 12 + + + 1 + 2 + 80925 + + + + + + + right + left + + + 12 + + + 1 + 2 + 80925 + + + + + + + + + ql_dataclass_child + 86140 + + + ql_dataclass + 21914 + + + index + 148 + + + child + 86140 + + + + + ql_dataclass + index + + + 12 + + + 1 + 2 + 8719 + + + 2 + 3 + 3611 + + + 3 + 4 + 2551 + + + 4 + 5 + 1653 + + + 5 + 6 + 1289 + + + 6 + 9 + 1952 + + + 9 + 20 + 1644 + + + 20 + 149 + 495 + + + + + + + ql_dataclass + child + + + 12 + + + 1 + 2 + 8719 + + + 2 + 3 + 3611 + + + 3 + 4 + 2551 + + + 4 + 5 + 1653 + + + 5 + 6 + 1289 + + + 6 + 9 + 1952 + + + 9 + 20 + 1644 + + + 20 + 149 + 495 + + + + + + + index + ql_dataclass + + + 12 + + + 1 + 4 + 8 + + + 4 + 5 + 14 + + + 5 + 7 + 8 + + + 7 + 8 + 21 + + + 8 + 12 + 7 + + + 12 + 18 + 12 + + + 19 + 25 + 12 + + + 25 + 36 + 12 + + + 37 + 96 + 12 + + + 101 + 188 + 12 + + + 198 + 538 + 12 + + + 592 + 3240 + 12 + + + 4091 + 21915 + 6 + + + + + + + index + child + + + 12 + + + 1 + 4 + 8 + + + 4 + 5 + 14 + + + 5 + 7 + 8 + + + 7 + 8 + 21 + + + 8 + 12 + 7 + + + 12 + 18 + 12 + + + 19 + 25 + 12 + + + 25 + 36 + 12 + + + 37 + 96 + 12 + + + 101 + 188 + 12 + + + 198 + 538 + 12 + + + 592 + 3240 + 12 + + + 4091 + 21915 + 6 + + + + + + + child + ql_dataclass + + + 12 + + + 1 + 2 + 86140 + + + + + + + child + index + + + 12 + + + 1 + 2 + 86140 + + + + + + + + + ql_dataclass_def + 23834 + + + id + 23834 + + + name + 23834 + + + + + id + name + + + 12 + + + 1 + 2 + 23834 + + + + + + + name + id + + + 12 + + + 1 + 2 + 23834 + + + + + + + + + ql_dataclass_extends + 59928 + + + ql_dataclass + 22062 + + + index + 16 + + + extends + 59928 + + + + + ql_dataclass + index + + + 12 + + + 2 + 3 + 14722 + + + 4 + 5 + 6891 + + + 6 + 17 + 449 + + + + + + + ql_dataclass + extends + + + 12 + + + 2 + 3 + 14722 + + + 4 + 5 + 6891 + + + 6 + 17 + 449 + + + + + + + index + ql_dataclass + + + 12 + + + 1 + 2 + 2 + + + 4 + 5 + 2 + + + 9 + 10 + 2 + + + 19 + 20 + 2 + + + 80 + 81 + 2 + + + 449 + 450 + 2 + + + 7340 + 7341 + 2 + + + 22062 + 22063 + 2 + + + + + + + index + extends + + + 12 + + + 1 + 2 + 2 + + + 4 + 5 + 2 + + + 9 + 10 + 2 + + + 19 + 20 + 2 + + + 80 + 81 + 2 + + + 449 + 450 + 2 + + + 7340 + 7341 + 2 + + + 22062 + 22063 + 2 + + + + + + + extends + ql_dataclass + + + 12 + + + 1 + 2 + 59928 + + + + + + + extends + index + + + 12 + + + 1 + 2 + 59928 + + + + + + + + + ql_dataclass_instanceof + 1584 + + + ql_dataclass + 791 + + + index + 4 + + + instanceof + 1584 + + + + + ql_dataclass + index + + + 12 + + + 2 + 3 + 790 + + + 4 + 5 + 1 + + + + + + + ql_dataclass + instanceof + + + 12 + + + 2 + 3 + 790 + + + 4 + 5 + 1 + + + + + + + index + ql_dataclass + + + 12 + + + 1 + 2 + 2 + + + 791 + 792 + 2 + + + + + + + index + instanceof + + + 12 + + + 1 + 2 + 2 + + + 791 + 792 + 2 + + + + + + + instanceof + ql_dataclass + + + 12 + + + 1 + 2 + 1584 + + + + + + + instanceof + index + + + 12 + + + 1 + 2 + 1584 + + + + + + + + + ql_datatype_branch_child + 5604 + + + ql_datatype_branch + 2323 + + + index + 10 + + + child + 5604 + + + + + ql_datatype_branch + index + + + 12 + + + 1 + 2 + 629 + + + 2 + 3 + 706 + + + 3 + 4 + 664 + + + 4 + 5 + 161 + + + 5 + 11 + 163 + + + + + + + ql_datatype_branch + child + + + 12 + + + 1 + 2 + 629 + + + 2 + 3 + 706 + + + 3 + 4 + 664 + + + 4 + 5 + 161 + + + 5 + 11 + 163 + + + + + + + index + ql_datatype_branch + + + 12 + + + 8 + 9 + 2 + + + 16 + 17 + 1 + + + 30 + 31 + 1 + + + 50 + 51 + 1 + + + 163 + 164 + 1 + + + 324 + 325 + 1 + + + 988 + 989 + 1 + + + 1694 + 1695 + 1 + + + 2323 + 2324 + 1 + + + + + + + index + child + + + 12 + + + 8 + 9 + 2 + + + 16 + 17 + 1 + + + 30 + 31 + 1 + + + 50 + 51 + 1 + + + 163 + 164 + 1 + + + 324 + 325 + 1 + + + 988 + 989 + 1 + + + 1694 + 1695 + 1 + + + 2323 + 2324 + 1 + + + + + + + child + ql_datatype_branch + + + 12 + + + 1 + 2 + 5604 + + + + + + + child + index + + + 12 + + + 1 + 2 + 5604 + + + + + + + + + ql_datatype_branch_def + 3437 + + + id + 3437 + + + name + 3437 + + + + + id + name + + + 12 + + + 1 + 2 + 3437 + + + + + + + name + id + + + 12 + + + 1 + 2 + 3437 + + + + + + + + + ql_datatype_branches_child + 3437 + + + ql_datatype_branches + 809 + + + index + 231 + + + child + 3437 + + + + + ql_datatype_branches + index + + + 12 + + + 1 + 2 + 163 + + + 2 + 3 + 348 + + + 3 + 4 + 104 + + + 4 + 5 + 63 + + + 5 + 9 + 65 + + + 9 + 61 + 61 + + + 82 + 232 + 5 + + + + + + + ql_datatype_branches + child + + + 12 + + + 1 + 2 + 163 + + + 2 + 3 + 348 + + + 3 + 4 + 104 + + + 4 + 5 + 63 + + + 5 + 9 + 65 + + + 9 + 61 + 61 + + + 82 + 232 + 5 + + + + + + + index + ql_datatype_branches + + + 12 + + + 1 + 2 + 38 + + + 2 + 3 + 110 + + + 4 + 5 + 1 + + + 5 + 6 + 22 + + + 6 + 8 + 21 + + + 8 + 14 + 15 + + + 14 + 91 + 18 + + + 109 + 810 + 6 + + + + + + + index + child + + + 12 + + + 1 + 2 + 38 + + + 2 + 3 + 110 + + + 4 + 5 + 1 + + + 5 + 6 + 22 + + + 6 + 8 + 21 + + + 8 + 14 + 15 + + + 14 + 91 + 18 + + + 109 + 810 + 6 + + + + + + + child + ql_datatype_branches + + + 12 + + + 1 + 2 + 3437 + + + + + + + child + index + + + 12 + + + 1 + 2 + 3437 + + + + + + + + + ql_datatype_branches_def + 809 + + + id + 809 + + + + + + ql_datatype_def + 809 + + + id + 809 + + + name + 809 + + + child + 809 + + + + + id + name + + + 12 + + + 1 + 2 + 809 + + + + + + + id + child + + + 12 + + + 1 + 2 + 809 + + + + + + + name + id + + + 12 + + + 1 + 2 + 809 + + + + + + + name + child + + + 12 + + + 1 + 2 + 809 + + + + + + + child + id + + + 12 + + + 1 + 2 + 809 + + + + + + + child + name + + + 12 + + + 1 + 2 + 809 + + + + + + + + + ql_disjunction_def + 40259 + + + id + 40259 + + + left + 40259 + + + right + 40259 + + + + + id + left + + + 12 + + + 1 + 2 + 40259 + + + + + + + id + right + + + 12 + + + 1 + 2 + 40259 + + + + + + + left + id + + + 12 + + + 1 + 2 + 40259 + + + + + + + left + right + + + 12 + + + 1 + 2 + 40259 + + + + + + + right + id + + + 12 + + + 1 + 2 + 40259 + + + + + + + right + left + + + 12 + + + 1 + 2 + 40259 @@ -9600,15 +13045,15 @@ ql_expr_aggregate_body_def - 1240 + 1293 id - 1240 + 1293 as_exprs - 1240 + 1293 @@ -9622,7 +13067,7 @@ 1 2 - 1240 + 1293 @@ -9638,7 +13083,7 @@ 1 2 - 1240 + 1293 @@ -9696,23 +13141,23 @@ ql_expr_annotation_def - 5776 + 1328 id - 5776 + 1328 annot_arg - 5776 + 1328 name - 5776 + 1328 child - 5776 + 1328 @@ -9726,7 +13171,7 @@ 1 2 - 5776 + 1328 @@ -9742,7 +13187,7 @@ 1 2 - 5776 + 1328 @@ -9758,7 +13203,7 @@ 1 2 - 5776 + 1328 @@ -9774,7 +13219,7 @@ 1 2 - 5776 + 1328 @@ -9790,7 +13235,7 @@ 1 2 - 5776 + 1328 @@ -9806,7 +13251,7 @@ 1 2 - 5776 + 1328 @@ -9822,7 +13267,7 @@ 1 2 - 5776 + 1328 @@ -9838,7 +13283,7 @@ 1 2 - 5776 + 1328 @@ -9854,7 +13299,7 @@ 1 2 - 5776 + 1328 @@ -9870,7 +13315,7 @@ 1 2 - 5776 + 1328 @@ -9886,7 +13331,7 @@ 1 2 - 5776 + 1328 @@ -9902,7 +13347,7 @@ 1 2 - 5776 + 1328 @@ -9912,15 +13357,15 @@ ql_field_def - 10186 + 4149 id - 10186 + 4149 child - 10186 + 4149 @@ -9934,7 +13379,7 @@ 1 2 - 10186 + 4149 @@ -9950,7 +13395,7 @@ 1 2 - 10186 + 4149 @@ -9960,15 +13405,15 @@ ql_full_aggregate_body_as_exprs - 757 + 1309 ql_full_aggregate_body - 757 + 1309 as_exprs - 757 + 1309 @@ -9982,7 +13427,7 @@ 1 2 - 757 + 1309 @@ -9998,7 +13443,7 @@ 1 2 - 757 + 1309 @@ -10008,19 +13453,19 @@ ql_full_aggregate_body_child - 8733 + 7577 ql_full_aggregate_body - 7035 + 6655 index - 130 + 9 child - 8733 + 7577 @@ -10034,17 +13479,17 @@ 1 2 - 6170 + 6061 2 4 - 587 + 527 4 - 9 - 277 + 10 + 67 @@ -10060,17 +13505,17 @@ 1 2 - 6170 + 6061 2 4 - 587 + 527 4 - 9 - 277 + 10 + 67 @@ -10084,39 +13529,44 @@ 12 - 1 - 2 - 16 + 4 + 5 + 1 - 3 - 4 - 32 - - - 5 - 6 - 16 - - - 17 - 18 - 16 + 20 + 21 + 2 22 23 - 16 + 1 - 53 - 54 - 16 + 48 + 49 + 1 - 431 - 432 - 16 + 67 + 68 + 1 + + + 147 + 148 + 1 + + + 594 + 595 + 1 + + + 6655 + 6656 + 1 @@ -10130,39 +13580,44 @@ 12 - 1 - 2 - 16 + 4 + 5 + 1 - 3 - 4 - 32 - - - 5 - 6 - 16 - - - 17 - 18 - 16 + 20 + 21 + 2 22 23 - 16 + 1 - 53 - 54 - 16 + 48 + 49 + 1 - 431 - 432 - 16 + 67 + 68 + 1 + + + 147 + 148 + 1 + + + 594 + 595 + 1 + + + 6655 + 6656 + 1 @@ -10178,7 +13633,7 @@ 1 2 - 8733 + 7577 @@ -10194,7 +13649,7 @@ 1 2 - 8733 + 7577 @@ -10204,26 +13659,26 @@ ql_full_aggregate_body_def - 7035 + 6714 id - 7035 + 6714 ql_full_aggregate_body_guard - 4124 + 3739 ql_full_aggregate_body - 4124 + 3739 guard - 4124 + 3739 @@ -10237,7 +13692,7 @@ 1 2 - 4124 + 3739 @@ -10253,7 +13708,7 @@ 1 2 - 4124 + 3739 @@ -10263,15 +13718,15 @@ ql_full_aggregate_body_order_bys - 359 + 449 ql_full_aggregate_body - 359 + 449 order_bys - 359 + 449 @@ -10285,7 +13740,7 @@ 1 2 - 359 + 449 @@ -10301,7 +13756,7 @@ 1 2 - 359 + 449 @@ -10311,19 +13766,19 @@ ql_higher_order_term_child - 750 + 469 ql_higher_order_term - 163 + 105 index - 81 + 8 child - 750 + 469 @@ -10337,12 +13792,17 @@ 3 4 - 32 + 31 5 6 - 130 + 72 + + + 8 + 9 + 2 @@ -10358,12 +13818,17 @@ 3 4 - 32 + 31 5 6 - 130 + 72 + + + 8 + 9 + 2 @@ -10377,14 +13842,19 @@ 12 - 8 - 9 - 32 + 2 + 3 + 3 - 10 - 11 - 48 + 74 + 75 + 2 + + + 105 + 106 + 3 @@ -10398,14 +13868,19 @@ 12 - 8 - 9 - 32 + 2 + 3 + 3 - 10 - 11 - 48 + 74 + 75 + 2 + + + 105 + 106 + 3 @@ -10421,7 +13896,7 @@ 1 2 - 750 + 469 @@ -10437,7 +13912,7 @@ 1 2 - 750 + 469 @@ -10447,15 +13922,15 @@ ql_higher_order_term_def - 163 + 105 id - 163 + 105 name - 163 + 105 @@ -10469,7 +13944,7 @@ 1 2 - 163 + 105 @@ -10485,7 +13960,7 @@ 1 2 - 163 + 105 @@ -10495,23 +13970,23 @@ ql_if_term_def - 3981 + 3226 id - 3981 + 3226 cond - 3981 + 3226 first - 3981 + 3226 second - 3981 + 3226 @@ -10525,7 +14000,7 @@ 1 2 - 3981 + 3226 @@ -10541,7 +14016,7 @@ 1 2 - 3981 + 3226 @@ -10557,7 +14032,7 @@ 1 2 - 3981 + 3226 @@ -10573,7 +14048,7 @@ 1 2 - 3981 + 3226 @@ -10589,7 +14064,7 @@ 1 2 - 3981 + 3226 @@ -10605,7 +14080,7 @@ 1 2 - 3981 + 3226 @@ -10621,7 +14096,7 @@ 1 2 - 3981 + 3226 @@ -10637,7 +14112,7 @@ 1 2 - 3981 + 3226 @@ -10653,7 +14128,7 @@ 1 2 - 3981 + 3226 @@ -10669,7 +14144,7 @@ 1 2 - 3981 + 3226 @@ -10685,7 +14160,7 @@ 1 2 - 3981 + 3226 @@ -10701,7 +14176,7 @@ 1 2 - 3981 + 3226 @@ -10827,11 +14302,11 @@ ql_import_directive_child - 18136 + 26183 ql_import_directive - 17290 + 24818 index @@ -10839,7 +14314,7 @@ child - 18136 + 26183 @@ -10853,12 +14328,12 @@ 1 2 - 16444 + 23453 2 3 - 846 + 1365 @@ -10874,12 +14349,12 @@ 1 2 - 16444 + 23453 2 3 - 846 + 1365 @@ -10893,13 +14368,13 @@ 12 - 846 - 847 + 1365 + 1366 1 - 17290 - 17291 + 24818 + 24819 1 @@ -10914,13 +14389,13 @@ 12 - 846 - 847 + 1365 + 1366 1 - 17290 - 17291 + 24818 + 24819 1 @@ -10937,7 +14412,7 @@ 1 2 - 18136 + 26183 @@ -10953,7 +14428,7 @@ 1 2 - 18136 + 26183 @@ -10963,26 +14438,26 @@ ql_import_directive_def - 17290 + 24818 id - 17290 + 24818 ql_import_module_expr_def - 17290 + 24818 id - 17290 + 24818 child - 17290 + 24818 @@ -10996,7 +14471,7 @@ 1 2 - 17290 + 24818 @@ -11012,7 +14487,7 @@ 1 2 - 17290 + 24818 @@ -11021,20 +14496,20 @@ - ql_import_module_expr_name - 1616 + ql_import_module_expr_qual_name + 43119 ql_import_module_expr - 1567 + 12715 index - 32 + 8 - name - 1616 + qual_name + 43119 @@ -11048,12 +14523,32 @@ 1 2 - 1518 + 969 2 3 - 48 + 1837 + + + 3 + 4 + 3420 + + + 4 + 5 + 4818 + + + 5 + 6 + 1222 + + + 6 + 9 + 449 @@ -11061,7 +14556,7 @@ ql_import_module_expr - name + qual_name 12 @@ -11069,12 +14564,32 @@ 1 2 - 1518 + 969 2 3 - 48 + 1837 + + + 3 + 4 + 3420 + + + 4 + 5 + 4818 + + + 5 + 6 + 1222 + + + 6 + 9 + 449 @@ -11088,14 +14603,44 @@ 12 - 3 - 4 - 16 + 30 + 31 + 1 - 96 - 97 - 16 + 110 + 111 + 1 + + + 449 + 450 + 1 + + + 1671 + 1672 + 1 + + + 6489 + 6490 + 1 + + + 9909 + 9910 + 1 + + + 11746 + 11747 + 1 + + + 12715 + 12716 + 1 @@ -11103,27 +14648,57 @@ index - name + qual_name 12 - 3 - 4 - 16 + 30 + 31 + 1 - 96 - 97 - 16 + 110 + 111 + 1 + + + 449 + 450 + 1 + + + 1671 + 1672 + 1 + + + 6489 + 6490 + 1 + + + 9909 + 9910 + 1 + + + 11746 + 11747 + 1 + + + 12715 + 12716 + 1 - name + qual_name ql_import_module_expr @@ -11132,14 +14707,14 @@ 1 2 - 1616 + 43119 - name + qual_name index @@ -11148,7 +14723,7 @@ 1 2 - 1616 + 43119 @@ -11158,19 +14733,19 @@ ql_in_expr_def - 1207 + 1003 id - 1207 + 1003 left - 1207 + 1003 right - 1207 + 1003 @@ -11184,7 +14759,7 @@ 1 2 - 1207 + 1003 @@ -11200,7 +14775,7 @@ 1 2 - 1207 + 1003 @@ -11216,7 +14791,7 @@ 1 2 - 1207 + 1003 @@ -11232,7 +14807,7 @@ 1 2 - 1207 + 1003 @@ -11248,7 +14823,7 @@ 1 2 - 1207 + 1003 @@ -11264,7 +14839,7 @@ 1 2 - 1207 + 1003 @@ -11274,11 +14849,11 @@ ql_instance_of_child - 33008 + 34256 ql_instance_of - 16504 + 17128 index @@ -11286,7 +14861,7 @@ child - 33008 + 34256 @@ -11300,7 +14875,7 @@ 2 3 - 16504 + 17128 @@ -11316,7 +14891,7 @@ 2 3 - 16504 + 17128 @@ -11330,8 +14905,8 @@ 12 - 16504 - 16505 + 17128 + 17129 2 @@ -11346,8 +14921,8 @@ 12 - 16504 - 16505 + 17128 + 17129 2 @@ -11364,7 +14939,7 @@ 1 2 - 33008 + 34256 @@ -11380,7 +14955,7 @@ 1 2 - 33008 + 34256 @@ -11390,26 +14965,26 @@ ql_instance_of_def - 16504 + 17128 id - 16504 + 17128 ql_literal_def - 153183 + 98847 id - 153183 + 98847 child - 153183 + 98847 @@ -11423,7 +14998,7 @@ 1 2 - 153183 + 98847 @@ -11439,7 +15014,7 @@ 1 2 - 153183 + 98847 @@ -11449,19 +15024,19 @@ ql_member_predicate_child - 90385 + 70661 ql_member_predicate - 55011 + 47549 index - 130 + 11 child - 90385 + 70661 @@ -11475,22 +15050,22 @@ 1 2 - 36434 + 34294 2 3 - 9010 + 7406 3 4 - 6741 + 3503 4 - 9 - 2824 + 12 + 2346 @@ -11506,22 +15081,22 @@ 1 2 - 36434 + 34294 2 3 - 9010 + 7406 3 4 - 6741 + 3503 4 - 9 - 2824 + 12 + 2346 @@ -11537,37 +15112,57 @@ 1 2 - 32 + 1 - 128 - 129 - 16 + 3 + 4 + 1 - 140 - 141 - 16 + 4 + 5 + 1 - 173 - 174 - 16 + 9 + 10 + 1 - 586 - 587 - 16 + 40 + 41 + 1 - 1138 - 1139 - 16 + 588 + 589 + 1 - 3370 - 3371 - 16 + 1017 + 1018 + 1 + + + 2346 + 2347 + 1 + + + 5849 + 5850 + 1 + + + 13255 + 13256 + 1 + + + 47549 + 47550 + 1 @@ -11583,37 +15178,57 @@ 1 2 - 32 + 1 - 128 - 129 - 16 + 3 + 4 + 1 - 140 - 141 - 16 + 4 + 5 + 1 - 173 - 174 - 16 + 9 + 10 + 1 - 586 - 587 - 16 + 40 + 41 + 1 - 1138 - 1139 - 16 + 588 + 589 + 1 - 3370 - 3371 - 16 + 1017 + 1018 + 1 + + + 2346 + 2347 + 1 + + + 5849 + 5850 + 1 + + + 13255 + 13256 + 1 + + + 47549 + 47550 + 1 @@ -11629,7 +15244,7 @@ 1 2 - 90385 + 70661 @@ -11645,7 +15260,7 @@ 1 2 - 90385 + 70661 @@ -11655,19 +15270,19 @@ ql_member_predicate_def - 55011 + 47549 id - 55011 + 47549 name - 55011 + 47549 return_type - 55011 + 47549 @@ -11681,7 +15296,7 @@ 1 2 - 55011 + 47549 @@ -11697,7 +15312,7 @@ 1 2 - 55011 + 47549 @@ -11713,7 +15328,7 @@ 1 2 - 55011 + 47549 @@ -11729,7 +15344,7 @@ 1 2 - 55011 + 47549 @@ -11745,7 +15360,7 @@ 1 2 - 55011 + 47549 @@ -11761,7 +15376,7 @@ 1 2 - 55011 + 47549 @@ -11771,15 +15386,15 @@ ql_module_alias_body_def - 158 + 725 id - 158 + 725 child - 158 + 725 @@ -11793,7 +15408,7 @@ 1 2 - 158 + 725 @@ -11809,7 +15424,7 @@ 1 2 - 158 + 725 @@ -11819,19 +15434,19 @@ ql_module_child - 45184 + 35070 ql_module - 4048 + 3910 index - 2122 + 1248 child - 45184 + 35070 @@ -11845,52 +15460,47 @@ 1 2 - 538 + 1257 2 3 - 1061 + 624 3 4 - 261 + 294 4 - 6 - 326 + 5 + 294 - 6 - 7 - 261 + 5 + 8 + 324 - 7 - 10 - 342 + 8 + 12 + 311 - 10 - 13 - 326 + 12 + 17 + 322 - 14 - 19 - 310 + 17 + 34 + 295 - 20 - 39 - 342 - - - 41 - 131 - 277 + 34 + 1249 + 189 @@ -11906,52 +15516,47 @@ 1 2 - 538 + 1257 2 3 - 1061 + 624 3 4 - 261 + 294 4 - 6 - 326 + 5 + 294 - 6 - 7 - 261 + 5 + 8 + 324 - 7 - 10 - 342 + 8 + 12 + 311 - 10 - 13 - 326 + 12 + 17 + 322 - 14 - 19 - 310 + 17 + 34 + 295 - 20 - 39 - 342 - - - 41 - 131 - 277 + 34 + 1249 + 189 @@ -11967,47 +15572,32 @@ 1 2 - 816 + 684 2 3 - 146 + 144 3 - 6 - 97 + 4 + 131 - 10 - 13 - 195 + 4 + 8 + 109 - 13 - 16 - 195 + 15 + 30 + 94 - 17 - 25 - 163 - - - 26 - 36 - 179 - - - 38 - 71 - 163 - - - 77 - 249 - 163 + 31 + 3911 + 86 @@ -12023,47 +15613,32 @@ 1 2 - 816 + 684 2 3 - 146 + 144 3 - 6 - 97 + 4 + 131 - 10 - 13 - 195 + 4 + 8 + 109 - 13 - 16 - 195 + 15 + 30 + 94 - 17 - 25 - 163 - - - 26 - 36 - 179 - - - 38 - 71 - 163 - - - 77 - 249 - 163 + 31 + 3911 + 86 @@ -12079,7 +15654,7 @@ 1 2 - 45184 + 35070 @@ -12095,7 +15670,7 @@ 1 2 - 45184 + 35070 @@ -12105,15 +15680,15 @@ ql_module_def - 4064 + 3916 id - 4064 + 3916 name - 4064 + 3916 @@ -12127,7 +15702,7 @@ 1 2 - 4064 + 3916 @@ -12143,7 +15718,7 @@ 1 2 - 4064 + 3916 @@ -12153,15 +15728,15 @@ ql_module_expr_def - 55044 + 72503 id - 55044 + 72503 child - 55044 + 72503 @@ -12175,7 +15750,7 @@ 1 2 - 55044 + 72503 @@ -12191,7 +15766,7 @@ 1 2 - 55044 + 72503 @@ -12201,15 +15776,15 @@ ql_module_expr_name - 1681 + 4091 ql_module_expr - 1681 + 4091 name - 1681 + 4091 @@ -12223,7 +15798,7 @@ 1 2 - 1681 + 4091 @@ -12239,7 +15814,347 @@ 1 2 - 1681 + 4091 + + + + + + + + + ql_module_implements + 759 + + + ql_module + 759 + + + index + 1 + + + implements + 759 + + + + + ql_module + index + + + 12 + + + 1 + 2 + 759 + + + + + + + ql_module + implements + + + 12 + + + 1 + 2 + 759 + + + + + + + index + ql_module + + + 12 + + + 759 + 760 + 1 + + + + + + + index + implements + + + 12 + + + 759 + 760 + 1 + + + + + + + implements + ql_module + + + 12 + + + 1 + 2 + 759 + + + + + + + implements + index + + + 12 + + + 1 + 2 + 759 + + + + + + + + + ql_module_instantiation_child + 1190 + + + ql_module_instantiation + 1043 + + + index + 6 + + + child + 1190 + + + + + ql_module_instantiation + index + + + 12 + + + 1 + 2 + 966 + + + 2 + 7 + 77 + + + + + + + ql_module_instantiation + child + + + 12 + + + 1 + 2 + 966 + + + 2 + 7 + 77 + + + + + + + index + ql_module_instantiation + + + 12 + + + 3 + 4 + 1 + + + 5 + 6 + 1 + + + 26 + 27 + 1 + + + 36 + 37 + 1 + + + 77 + 78 + 1 + + + 1043 + 1044 + 1 + + + + + + + index + child + + + 12 + + + 3 + 4 + 1 + + + 5 + 6 + 1 + + + 26 + 27 + 1 + + + 36 + 37 + 1 + + + 77 + 78 + 1 + + + 1043 + 1044 + 1 + + + + + + + child + ql_module_instantiation + + + 12 + + + 1 + 2 + 1190 + + + + + + + child + index + + + 12 + + + 1 + 2 + 1190 + + + + + + + + + ql_module_instantiation_def + 1043 + + + id + 1043 + + + name + 1043 + + + + + id + name + + + 12 + + + 1 + 2 + 1043 + + + + + + + name + id + + + 12 + + + 1 + 2 + 1043 @@ -12249,19 +16164,19 @@ ql_module_member_child - 148073 + 155140 ql_module_member - 111687 + 119591 index - 48 + 5 child - 148073 + 155140 @@ -12275,17 +16190,17 @@ 1 2 - 81602 + 87424 2 3 - 23783 + 28864 3 - 4 - 6301 + 6 + 3303 @@ -12301,17 +16216,17 @@ 1 2 - 81602 + 87424 2 3 - 23783 + 28864 3 - 4 - 6301 + 6 + 3303 @@ -12325,19 +16240,29 @@ 12 - 386 - 387 - 16 + 4 + 5 + 1 - 1843 - 1844 - 16 + 75 + 76 + 1 - 6842 - 6843 - 16 + 3303 + 3304 + 1 + + + 32167 + 32168 + 1 + + + 119591 + 119592 + 1 @@ -12351,19 +16276,29 @@ 12 - 386 - 387 - 16 + 4 + 5 + 1 - 1843 - 1844 - 16 + 75 + 76 + 1 - 6842 - 6843 - 16 + 3303 + 3304 + 1 + + + 32167 + 32168 + 1 + + + 119591 + 119592 + 1 @@ -12379,7 +16314,7 @@ 1 2 - 148073 + 155140 @@ -12395,7 +16330,7 @@ 1 2 - 148073 + 155140 @@ -12405,26 +16340,26 @@ ql_module_member_def - 111687 + 119591 id - 111687 + 119591 ql_module_name_def - 4276 + 6324 id - 4276 + 6324 child - 4276 + 6324 @@ -12438,7 +16373,7 @@ 1 2 - 4276 + 6324 @@ -12454,7 +16389,309 @@ 1 2 - 4276 + 6324 + + + + + + + + + ql_module_param_def + 299 + + + id + 299 + + + parameter + 299 + + + signature + 299 + + + + + id + parameter + + + 12 + + + 1 + 2 + 299 + + + + + + + id + signature + + + 12 + + + 1 + 2 + 299 + + + + + + + parameter + id + + + 12 + + + 1 + 2 + 299 + + + + + + + parameter + signature + + + 12 + + + 1 + 2 + 299 + + + + + + + signature + id + + + 12 + + + 1 + 2 + 299 + + + + + + + signature + parameter + + + 12 + + + 1 + 2 + 299 + + + + + + + + + ql_module_parameter + 299 + + + ql_module + 214 + + + index + 6 + + + parameter + 299 + + + + + ql_module + index + + + 12 + + + 1 + 2 + 183 + + + 2 + 4 + 14 + + + 4 + 7 + 17 + + + + + + + ql_module + parameter + + + 12 + + + 1 + 2 + 183 + + + 2 + 4 + 14 + + + 4 + 7 + 17 + + + + + + + index + ql_module + + + 12 + + + 8 + 9 + 1 + + + 9 + 10 + 1 + + + 17 + 18 + 1 + + + 20 + 21 + 1 + + + 31 + 32 + 1 + + + 214 + 215 + 1 + + + + + + + index + parameter + + + 12 + + + 8 + 9 + 1 + + + 9 + 10 + 1 + + + 17 + 18 + 1 + + + 20 + 21 + 1 + + + 31 + 32 + 1 + + + 214 + 215 + 1 + + + + + + + parameter + ql_module + + + 12 + + + 1 + 2 + 299 + + + + + + + parameter + index + + + 12 + + + 1 + 2 + 299 @@ -12464,23 +16701,23 @@ ql_mul_expr_def - 630 + 631 id - 630 + 631 left - 630 + 631 right - 630 + 631 child - 630 + 631 @@ -12494,7 +16731,7 @@ 1 2 - 630 + 631 @@ -12510,7 +16747,7 @@ 1 2 - 630 + 631 @@ -12526,7 +16763,7 @@ 1 2 - 630 + 631 @@ -12542,7 +16779,7 @@ 1 2 - 630 + 631 @@ -12558,7 +16795,7 @@ 1 2 - 630 + 631 @@ -12574,7 +16811,7 @@ 1 2 - 630 + 631 @@ -12590,7 +16827,7 @@ 1 2 - 630 + 631 @@ -12606,7 +16843,7 @@ 1 2 - 630 + 631 @@ -12622,7 +16859,7 @@ 1 2 - 630 + 631 @@ -12638,7 +16875,7 @@ 1 2 - 630 + 631 @@ -12654,7 +16891,7 @@ 1 2 - 630 + 631 @@ -12670,7 +16907,7 @@ 1 2 - 630 + 631 @@ -12680,15 +16917,15 @@ ql_negation_def - 11271 + 12010 id - 11271 + 12010 child - 11271 + 12010 @@ -12702,7 +16939,7 @@ 1 2 - 11271 + 12010 @@ -12718,7 +16955,7 @@ 1 2 - 11271 + 12010 @@ -12728,11 +16965,11 @@ ql_order_by_child - 1142 + 1298 ql_order_by - 959 + 1098 index @@ -12740,7 +16977,7 @@ child - 1142 + 1298 @@ -12754,12 +16991,12 @@ 1 2 - 776 + 898 2 3 - 183 + 200 @@ -12775,12 +17012,12 @@ 1 2 - 776 + 898 2 3 - 183 + 200 @@ -12794,13 +17031,13 @@ 12 - 183 - 184 + 200 + 201 1 - 959 - 960 + 1098 + 1099 1 @@ -12815,13 +17052,13 @@ 12 - 183 - 184 + 200 + 201 1 - 959 - 960 + 1098 + 1099 1 @@ -12838,7 +17075,7 @@ 1 2 - 1142 + 1298 @@ -12854,7 +17091,7 @@ 1 2 - 1142 + 1298 @@ -12864,30 +17101,30 @@ ql_order_by_def - 959 + 1098 id - 959 + 1098 ql_order_bys_child - 959 + 1098 ql_order_bys - 550 + 674 index - 11 + 9 child - 959 + 1098 @@ -12901,22 +17138,22 @@ 1 2 - 375 + 488 2 3 - 90 + 100 3 5 - 49 + 43 5 - 12 - 36 + 10 + 43 @@ -12932,22 +17169,22 @@ 1 2 - 375 + 488 2 3 - 90 + 100 3 5 - 49 + 43 5 - 12 - 36 + 10 + 43 @@ -12961,43 +17198,48 @@ 12 - 8 - 9 - 4 - - - 12 - 13 + 3 + 4 1 - 14 - 15 + 6 + 7 1 - 36 - 37 + 15 + 16 1 - 55 - 56 + 22 + 23 1 - 85 - 86 + 43 + 44 1 - 175 - 176 + 63 + 64 1 - 550 - 551 + 86 + 87 + 1 + + + 186 + 187 + 1 + + + 674 + 675 1 @@ -13012,43 +17254,48 @@ 12 - 8 - 9 - 4 - - - 12 - 13 + 3 + 4 1 - 14 - 15 + 6 + 7 1 - 36 - 37 + 15 + 16 1 - 55 - 56 + 22 + 23 1 - 85 - 86 + 43 + 44 1 - 175 - 176 + 63 + 64 1 - 550 - 551 + 86 + 87 + 1 + + + 186 + 187 + 1 + + + 674 + 675 1 @@ -13065,7 +17312,7 @@ 1 2 - 959 + 1098 @@ -13081,7 +17328,7 @@ 1 2 - 959 + 1098 @@ -13091,26 +17338,26 @@ ql_order_bys_def - 550 + 674 id - 550 + 674 ql_par_expr_def - 15458 + 6038 id - 15458 + 6038 child - 15458 + 6038 @@ -13124,7 +17371,7 @@ 1 2 - 15458 + 6038 @@ -13140,7 +17387,7 @@ 1 2 - 15458 + 6038 @@ -13150,15 +17397,15 @@ ql_predicate_alias_body_def - 218 + 329 id - 218 + 329 child - 218 + 329 @@ -13172,7 +17419,7 @@ 1 2 - 218 + 329 @@ -13188,7 +17435,7 @@ 1 2 - 218 + 329 @@ -13198,11 +17445,11 @@ ql_predicate_expr_child - 982 + 1324 ql_predicate_expr - 491 + 662 index @@ -13210,7 +17457,7 @@ child - 982 + 1324 @@ -13224,7 +17471,7 @@ 2 3 - 491 + 662 @@ -13240,7 +17487,7 @@ 2 3 - 491 + 662 @@ -13254,8 +17501,8 @@ 12 - 491 - 492 + 662 + 663 2 @@ -13270,8 +17517,8 @@ 12 - 491 - 492 + 662 + 663 2 @@ -13288,7 +17535,7 @@ 1 2 - 982 + 1324 @@ -13304,7 +17551,7 @@ 1 2 - 982 + 1324 @@ -13314,11 +17561,11 @@ ql_predicate_expr_def - 491 + 662 id - 491 + 662 @@ -13391,7 +17638,7 @@ 1 2 - 16 + 1 @@ -13407,7 +17654,7 @@ 1 2 - 16 + 1 @@ -13428,19 +17675,19 @@ ql_ql_child - 150429 + 85246 ql_ql - 8272 + 10779 index - 468 + 326 child - 150429 + 85246 @@ -13454,52 +17701,47 @@ 1 2 - 136 + 134 2 3 - 1676 + 2560 3 4 - 1899 + 2291 4 5 - 928 + 1380 5 6 - 713 + 1013 6 8 - 737 + 949 8 12 - 714 + 954 12 - 23 - 638 + 24 + 827 - 23 - 261 - 621 - - - 261 - 469 - 210 + 24 + 327 + 671 @@ -13515,52 +17757,47 @@ 1 2 - 136 + 134 2 3 - 1676 + 2560 3 4 - 1899 + 2291 4 5 - 928 + 1380 5 6 - 713 + 1013 6 8 - 737 + 949 8 12 - 714 + 954 12 - 23 - 638 + 24 + 827 - 23 - 261 - 621 - - - 261 - 469 - 210 + 24 + 327 + 671 @@ -13574,64 +17811,69 @@ 12 - 4 - 38 - 38 + 1 + 2 + 45 - 39 - 84 - 36 + 2 + 5 + 17 - 85 - 86 - 70 + 5 + 11 + 26 - 86 - 138 - 37 + 11 + 13 + 24 - 139 - 224 - 36 + 13 + 15 + 30 - 225 - 234 - 41 + 15 + 23 + 26 - 234 - 237 - 43 + 23 + 30 + 27 - 237 - 304 - 37 + 30 + 47 + 28 - 304 - 321 - 37 + 48 + 94 + 25 - 323 - 422 - 36 + 96 + 185 + 25 - 424 - 856 - 36 + 187 + 519 + 25 - 899 - 8273 - 21 + 548 + 5795 + 25 + + + 8085 + 10780 + 3 @@ -13645,64 +17887,69 @@ 12 - 4 - 38 - 38 + 1 + 2 + 45 - 39 - 84 - 36 + 2 + 5 + 17 - 85 - 86 - 70 + 5 + 11 + 26 - 86 - 138 - 37 + 11 + 13 + 24 - 139 - 224 - 36 + 13 + 15 + 30 - 225 - 234 - 41 + 15 + 23 + 26 - 234 - 237 - 43 + 23 + 30 + 27 - 237 - 304 - 37 + 30 + 47 + 28 - 304 - 321 - 37 + 48 + 94 + 25 - 323 - 422 - 36 + 96 + 185 + 25 - 424 - 856 - 36 + 187 + 519 + 25 - 899 - 8273 - 21 + 548 + 5795 + 25 + + + 8085 + 10780 + 3 @@ -13718,7 +17965,7 @@ 1 2 - 150429 + 85246 @@ -13734,7 +17981,7 @@ 1 2 - 150429 + 85246 @@ -13744,287 +17991,30 @@ ql_ql_def - 8537 + 10785 id - 8537 + 10785 - - ql_qual_module_expr_def - 17290 - - - id - 17290 - - - - - - ql_qual_module_expr_name - 44230 - - - ql_qual_module_expr - 17290 - - - index - 9 - - - name - 44230 - - - - - ql_qual_module_expr - index - - - 12 - - - 1 - 2 - 9616 - - - 2 - 4 - 1578 - - - 4 - 5 - 1714 - - - 5 - 6 - 2970 - - - 6 - 8 - 1368 - - - 8 - 10 - 44 - - - - - - - ql_qual_module_expr - name - - - 12 - - - 1 - 2 - 9616 - - - 2 - 4 - 1578 - - - 4 - 5 - 1714 - - - 5 - 6 - 2970 - - - 6 - 8 - 1368 - - - 8 - 10 - 44 - - - - - - - index - ql_qual_module_expr - - - 12 - - - 5 - 6 - 1 - - - 44 - 45 - 1 - - - 351 - 352 - 1 - - - 1412 - 1413 - 1 - - - 4382 - 4383 - 1 - - - 6096 - 6097 - 1 - - - 6976 - 6977 - 1 - - - 7674 - 7675 - 1 - - - 17290 - 17291 - 1 - - - - - - - index - name - - - 12 - - - 5 - 6 - 1 - - - 44 - 45 - 1 - - - 351 - 352 - 1 - - - 1412 - 1413 - 1 - - - 4382 - 4383 - 1 - - - 6096 - 6097 - 1 - - - 6976 - 6977 - 1 - - - 7674 - 7675 - 1 - - - 17290 - 17291 - 1 - - - - - - - name - ql_qual_module_expr - - - 12 - - - 1 - 2 - 44230 - - - - - - - name - index - - - 12 - - - 1 - 2 - 44230 - - - - - - - ql_qualified_expr_child - 330133 + 337022 ql_qualified_expr - 165066 + 168511 index - 32 + 2 child - 330133 + 337022 @@ -14038,7 +18028,7 @@ 2 3 - 165066 + 168511 @@ -14054,7 +18044,7 @@ 2 3 - 165066 + 168511 @@ -14068,9 +18058,9 @@ 12 - 10112 - 10113 - 32 + 168511 + 168512 + 2 @@ -14084,9 +18074,9 @@ 12 - 10112 - 10113 - 32 + 168511 + 168512 + 2 @@ -14102,7 +18092,7 @@ 1 2 - 330133 + 337022 @@ -14118,7 +18108,7 @@ 1 2 - 330133 + 337022 @@ -14128,30 +18118,30 @@ ql_qualified_expr_def - 165066 + 168511 id - 165066 + 168511 ql_qualified_rhs_child - 108227 + 68675 ql_qualified_rhs - 67580 + 52287 index - 114 + 10 child - 108227 + 68675 @@ -14165,22 +18155,17 @@ 1 2 - 43911 + 41503 2 3 - 12585 + 7598 3 - 4 - 7884 - - - 4 - 8 - 3199 + 11 + 3186 @@ -14196,22 +18181,17 @@ 1 2 - 43911 + 41503 2 3 - 12585 + 7598 3 - 4 - 7884 - - - 4 - 8 - 3199 + 11 + 3186 @@ -14227,32 +18207,52 @@ 1 2 - 32 + 1 - 163 - 164 - 16 + 3 + 4 + 1 - 196 - 197 - 16 + 12 + 13 + 1 - 679 - 680 - 16 + 20 + 21 + 1 - 1450 - 1451 - 16 + 60 + 61 + 1 - 4140 - 4141 - 16 + 905 + 906 + 1 + + + 1417 + 1418 + 1 + + + 3186 + 3187 + 1 + + + 10784 + 10785 + 1 + + + 52287 + 52288 + 1 @@ -14268,32 +18268,52 @@ 1 2 - 32 + 1 - 163 - 164 - 16 + 3 + 4 + 1 - 196 - 197 - 16 + 12 + 13 + 1 - 679 - 680 - 16 + 20 + 21 + 1 - 1450 - 1451 - 16 + 60 + 61 + 1 - 4140 - 4141 - 16 + 905 + 906 + 1 + + + 1417 + 1418 + 1 + + + 3186 + 3187 + 1 + + + 10784 + 10785 + 1 + + + 52287 + 52288 + 1 @@ -14309,7 +18329,7 @@ 1 2 - 108227 + 68675 @@ -14325,7 +18345,7 @@ 1 2 - 108227 + 68675 @@ -14335,26 +18355,26 @@ ql_qualified_rhs_def - 165066 + 168511 id - 165066 + 168511 ql_qualified_rhs_name - 156856 + 157179 ql_qualified_rhs - 156856 + 157179 name - 156856 + 157179 @@ -14368,7 +18388,7 @@ 1 2 - 156856 + 157179 @@ -14384,7 +18404,7 @@ 1 2 - 156856 + 157179 @@ -14394,19 +18414,19 @@ ql_quantified_child - 71890 + 57793 ql_quantified - 29578 + 26111 index - 146 + 22 child - 71890 + 57793 @@ -14420,27 +18440,27 @@ 1 2 - 3525 + 4431 2 3 - 15491 + 15291 3 4 - 7068 + 4044 4 - 5 - 2073 + 6 + 2065 - 5 - 10 - 1420 + 6 + 23 + 280 @@ -14456,27 +18476,27 @@ 1 2 - 3525 + 4431 2 3 - 15491 + 15291 3 4 - 7068 + 4044 4 - 5 - 2073 + 6 + 2065 - 5 - 10 - 1420 + 6 + 23 + 280 @@ -14492,47 +18512,37 @@ 1 2 - 16 + 11 - 2 - 3 - 16 + 4 + 12 + 2 - 8 - 9 - 16 + 22 + 47 + 2 - 37 - 38 - 16 + 110 + 281 + 2 - 87 - 88 - 16 + 784 + 2346 + 2 - 214 - 215 - 16 + 6389 + 21681 + 2 - 647 - 648 - 16 - - - 1596 - 1597 - 16 - - - 1812 - 1813 - 16 + 26111 + 26112 + 1 @@ -14548,47 +18558,37 @@ 1 2 - 16 + 11 - 2 - 3 - 16 + 4 + 12 + 2 - 8 - 9 - 16 + 22 + 47 + 2 - 37 - 38 - 16 + 110 + 281 + 2 - 87 - 88 - 16 + 784 + 2346 + 2 - 214 - 215 - 16 + 6389 + 21681 + 2 - 647 - 648 - 16 - - - 1596 - 1597 - 16 - - - 1812 - 1813 - 16 + 26111 + 26112 + 1 @@ -14604,7 +18604,7 @@ 1 2 - 71890 + 57793 @@ -14620,7 +18620,7 @@ 1 2 - 71890 + 57793 @@ -14630,26 +18630,26 @@ ql_quantified_def - 29578 + 26111 id - 29578 + 26111 ql_quantified_expr - 3581 + 4431 ql_quantified - 3581 + 4431 expr - 3581 + 4431 @@ -14663,7 +18663,7 @@ 1 2 - 3581 + 4431 @@ -14679,7 +18679,7 @@ 1 2 - 3581 + 4431 @@ -14689,15 +18689,15 @@ ql_quantified_formula - 10822 + 7682 ql_quantified - 10822 + 7682 formula - 10822 + 7682 @@ -14711,7 +18711,7 @@ 1 2 - 10822 + 7682 @@ -14727,7 +18727,7 @@ 1 2 - 10822 + 7682 @@ -14737,15 +18737,15 @@ ql_quantified_range - 26052 + 21641 ql_quantified - 26052 + 21641 range - 26052 + 21641 @@ -14759,7 +18759,7 @@ 1 2 - 26052 + 21641 @@ -14775,7 +18775,7 @@ 1 2 - 26052 + 21641 @@ -14785,19 +18785,19 @@ ql_range_def - 652 + 417 id - 652 + 417 lower - 652 + 417 upper - 652 + 417 @@ -14811,7 +18811,7 @@ 1 2 - 652 + 417 @@ -14827,7 +18827,7 @@ 1 2 - 652 + 417 @@ -14843,7 +18843,7 @@ 1 2 - 652 + 417 @@ -14859,7 +18859,7 @@ 1 2 - 652 + 417 @@ -14875,7 +18875,7 @@ 1 2 - 652 + 417 @@ -14891,7 +18891,7 @@ 1 2 - 652 + 417 @@ -14901,19 +18901,19 @@ ql_select_child - 18548 + 22594 ql_select - 4611 + 5640 index - 17 + 20 child - 18548 + 22594 @@ -14927,37 +18927,37 @@ 1 2 - 117 + 137 2 3 - 658 + 787 3 4 - 988 + 1249 4 5 - 1229 + 1613 5 6 - 1020 + 1087 6 7 - 346 + 453 7 - 18 - 253 + 21 + 314 @@ -14973,37 +18973,37 @@ 1 2 - 117 + 137 2 3 - 658 + 787 3 4 - 988 + 1249 4 5 - 1229 + 1613 5 6 - 1020 + 1087 6 7 - 346 + 453 7 - 18 - 253 + 21 + 314 @@ -15017,78 +19017,88 @@ 12 - 8 - 9 + 1 + 2 + 1 + + + 2 + 3 2 - 14 - 15 + 3 + 4 2 - 15 - 16 + 7 + 8 + 2 + + + 12 + 13 1 - 17 - 18 + 20 + 21 1 - 18 - 19 + 25 + 26 1 - 27 - 28 + 37 + 38 1 - 47 - 48 + 64 + 65 1 - 120 - 121 + 150 + 151 1 - 253 - 254 + 314 + 315 1 - 599 - 600 + 767 + 768 1 - 1619 - 1620 + 1854 + 1855 1 - 2848 - 2849 + 3467 + 3468 1 - 3836 - 3837 + 4716 + 4717 1 - 4494 - 4495 + 5503 + 5504 1 - 4611 - 4612 + 5640 + 5641 1 @@ -15103,78 +19113,88 @@ 12 - 8 - 9 + 1 + 2 + 1 + + + 2 + 3 2 - 14 - 15 + 3 + 4 2 - 15 - 16 + 7 + 8 + 2 + + + 12 + 13 1 - 17 - 18 + 20 + 21 1 - 18 - 19 + 25 + 26 1 - 27 - 28 + 37 + 38 1 - 47 - 48 + 64 + 65 1 - 120 - 121 + 150 + 151 1 - 253 - 254 + 314 + 315 1 - 599 - 600 + 767 + 768 1 - 1619 - 1620 + 1854 + 1855 1 - 2848 - 2849 + 3467 + 3468 1 - 3836 - 3837 + 4716 + 4717 1 - 4494 - 4495 + 5503 + 5504 1 - 4611 - 4612 + 5640 + 5641 1 @@ -15191,7 +19211,7 @@ 1 2 - 18548 + 22594 @@ -15207,7 +19227,7 @@ 1 2 - 18548 + 22594 @@ -15217,22 +19237,22 @@ ql_select_def - 4611 + 5640 id - 4611 + 5640 ql_set_literal_child - 22393 + 18133 ql_set_literal - 2651 + 3557 index @@ -15240,7 +19260,7 @@ child - 22393 + 18133 @@ -15254,42 +19274,37 @@ 1 2 - 3 + 5 2 3 - 1452 + 2131 3 4 - 294 + 426 4 5 - 223 + 309 5 7 - 200 + 258 7 - 11 - 202 + 14 + 276 - 11 - 49 - 201 - - - 49 + 14 1029 - 76 + 152 @@ -15305,42 +19320,37 @@ 1 2 - 3 + 5 2 3 - 1452 + 2131 3 4 - 294 + 426 4 5 - 223 + 309 5 7 - 200 + 258 7 - 11 - 202 + 14 + 276 - 11 - 49 - 201 - - - 49 + 14 1029 - 76 + 152 @@ -15356,47 +19366,32 @@ 1 2 - 467 + 528 2 3 - 7 + 194 3 - 4 - 130 + 6 + 94 - 4 - 5 - 97 + 6 + 11 + 84 - 5 - 10 - 80 - - - 10 - 17 + 11 + 31 79 - 17 - 40 - 78 - - - 40 - 248 - 78 - - - 264 - 2652 - 12 + 31 + 3558 + 49 @@ -15412,47 +19407,32 @@ 1 2 - 467 + 528 2 3 - 7 + 194 3 - 4 - 130 + 6 + 94 - 4 - 5 - 97 + 6 + 11 + 84 - 5 - 10 - 80 - - - 10 - 17 + 11 + 31 79 - 17 - 40 - 78 - - - 40 - 248 - 78 - - - 264 - 2652 - 12 + 31 + 3558 + 49 @@ -15468,7 +19448,7 @@ 1 2 - 22393 + 18133 @@ -15484,7 +19464,7 @@ 1 2 - 22393 + 18133 @@ -15494,26 +19474,181 @@ ql_set_literal_def - 4211 + 3557 id - 4211 + 3557 - ql_special_call_def - 3769 + ql_signature_expr_def + 2248 id - 3769 + 2248 + + + + + + ql_signature_expr_mod_expr + 92 + + + ql_signature_expr + 92 + + + mod_expr + 92 + + + + + ql_signature_expr + mod_expr + + + 12 + + + 1 + 2 + 92 + + + + + + + mod_expr + ql_signature_expr + + + 12 + + + 1 + 2 + 92 + + + + + + + + + ql_signature_expr_predicate + 149 + + + ql_signature_expr + 149 + + + predicate + 149 + + + + + ql_signature_expr + predicate + + + 12 + + + 1 + 2 + 149 + + + + + + + predicate + ql_signature_expr + + + 12 + + + 1 + 2 + 149 + + + + + + + + + ql_signature_expr_type_expr + 2007 + + + ql_signature_expr + 2007 + + + type_expr + 2007 + + + + + ql_signature_expr + type_expr + + + 12 + + + 1 + 2 + 2007 + + + + + + + type_expr + ql_signature_expr + + + 12 + + + 1 + 2 + 2007 + + + + + + + + + ql_special_call_def + 4863 + + + id + 4863 child - 3769 + 4863 @@ -15527,7 +19662,7 @@ 1 2 - 3769 + 4863 @@ -15543,7 +19678,7 @@ 1 2 - 3769 + 4863 @@ -15553,19 +19688,19 @@ ql_super_ref_child - 1811 + 3070 ql_super_ref - 1256 + 2444 index - 32 + 2 child - 1811 + 3070 @@ -15579,12 +19714,12 @@ 1 2 - 701 + 1818 2 3 - 555 + 626 @@ -15600,12 +19735,12 @@ 1 2 - 701 + 1818 2 3 - 555 + 626 @@ -15619,14 +19754,14 @@ 12 - 34 - 35 - 16 + 626 + 627 + 1 - 77 - 78 - 16 + 2444 + 2445 + 1 @@ -15640,14 +19775,14 @@ 12 - 34 - 35 - 16 + 626 + 627 + 1 - 77 - 78 - 16 + 2444 + 2445 + 1 @@ -15663,7 +19798,7 @@ 1 2 - 1811 + 3070 @@ -15679,7 +19814,7 @@ 1 2 - 1811 + 3070 @@ -15689,30 +19824,30 @@ ql_super_ref_def - 1256 + 2444 id - 1256 + 2444 ql_tokeninfo - 5306741 + 3697389 id - 5306741 + 3697389 kind - 652 + 31 value - 201256 + 145712 @@ -15726,7 +19861,7 @@ 1 2 - 5306741 + 3697389 @@ -15742,7 +19877,7 @@ 1 2 - 5306741 + 3697389 @@ -15756,74 +19891,84 @@ 12 - 3 - 40 - 48 + 200 + 297 + 2 - 42 - 51 - 48 + 631 + 1062 + 2 - 57 - 102 - 48 + 1171 + 2124 + 2 - 102 - 158 - 48 + 2391 + 2445 + 2 - 205 - 229 - 48 + 2648 + 2684 + 2 - 273 - 889 - 48 + 3604 + 4864 + 2 - 991 - 1648 - 48 + 9694 + 14858 + 2 - 1812 - 2163 - 48 + 20351 + 20707 + 2 - 3269 - 3657 - 48 + 20738 + 26112 + 2 - 3683 - 4015 - 48 + 28901 + 49385 + 2 - 5457 - 6105 - 48 + 53091 + 55182 + 2 - 6623 - 12889 - 48 + 56786 + 67460 + 2 - 14382 - 44336 - 48 + 73436 + 75428 + 2 - 169682 - 169683 - 16 + 138784 + 224656 + 2 + + + 229368 + 542287 + 2 + + + 1966059 + 1966060 + 1 @@ -15839,42 +19984,57 @@ 1 2 - 310 + 11 2 3 - 48 + 2 3 + 4 + 2 + + + 5 7 - 48 + 2 - 11 - 24 - 48 + 12 + 19 + 2 - 26 - 88 - 48 + 65 + 141 + 2 - 92 - 1144 - 48 + 173 + 883 + 2 - 1302 - 1451 - 48 + 2434 + 11721 + 2 - 1544 - 3245 - 48 + 14851 + 14868 + 2 + + + 18243 + 20539 + 2 + + + 35688 + 41928 + 2 @@ -15890,37 +20050,32 @@ 1 2 - 110332 + 85140 2 3 - 28093 + 21743 3 4 - 11883 + 10555 4 7 - 17923 + 13169 7 - 18 - 15213 + 27 + 11024 - 18 - 140 - 15099 - - - 142 - 26998 - 2709 + 27 + 371333 + 4081 @@ -15936,17 +20091,17 @@ 1 2 - 180998 + 130386 2 3 - 19735 + 14775 3 5 - 522 + 551 @@ -15956,15 +20111,15 @@ ql_type_alias_body_def - 1338 + 1245 id - 1338 + 1245 child - 1338 + 1245 @@ -15978,7 +20133,7 @@ 1 2 - 1338 + 1245 @@ -15994,7 +20149,7 @@ 1 2 - 1338 + 1245 @@ -16004,15 +20159,15 @@ ql_type_expr_child - 110169 + 52988 ql_type_expr - 110169 + 52988 child - 110169 + 52988 @@ -16026,7 +20181,7 @@ 1 2 - 110169 + 52988 @@ -16042,7 +20197,7 @@ 1 2 - 110169 + 52988 @@ -16052,26 +20207,26 @@ ql_type_expr_def - 271873 + 236975 id - 271873 + 236975 ql_type_expr_name - 207590 + 183987 ql_type_expr - 207590 + 183987 name - 207590 + 183987 @@ -16085,7 +20240,7 @@ 1 2 - 207590 + 183987 @@ -16101,7 +20256,55 @@ 1 2 - 207590 + 183987 + + + + + + + + + ql_type_expr_qualifier + 32598 + + + ql_type_expr + 32598 + + + qualifier + 32598 + + + + + ql_type_expr + qualifier + + + 12 + + + 1 + 2 + 32598 + + + + + + + qualifier + ql_type_expr + + + 12 + + + 1 + 2 + 32598 @@ -16111,19 +20314,19 @@ ql_type_union_body_child - 779 + 1152 ql_type_union_body - 168 + 249 index - 152 + 153 child - 779 + 1152 @@ -16137,37 +20340,32 @@ 2 3 - 78 + 117 3 4 - 24 + 45 4 5 - 28 + 35 5 6 - 11 + 14 6 - 7 - 13 + 9 + 19 - 7 - 28 - 13 - - - 152 - 153 - 1 + 9 + 154 + 19 @@ -16183,37 +20381,32 @@ 2 3 - 78 + 117 3 4 - 24 + 45 4 5 - 28 + 35 5 6 - 11 + 14 6 - 7 - 13 + 9 + 19 - 7 - 28 - 13 - - - 152 - 153 - 1 + 9 + 154 + 19 @@ -16229,22 +20422,32 @@ 1 2 - 125 + 104 2 + 3 + 15 + + + 3 4 - 12 + 2 4 - 67 + 5 + 13 + + + 5 + 21 12 - 90 - 169 - 3 + 23 + 250 + 7 @@ -16260,22 +20463,32 @@ 1 2 - 125 + 104 2 + 3 + 15 + + + 3 4 - 12 + 2 4 - 67 + 5 + 13 + + + 5 + 21 12 - 90 - 169 - 3 + 23 + 250 + 7 @@ -16291,7 +20504,7 @@ 1 2 - 779 + 1152 @@ -16307,7 +20520,7 @@ 1 2 - 779 + 1152 @@ -16317,30 +20530,30 @@ ql_type_union_body_def - 168 + 249 id - 168 + 249 ql_unary_expr_child - 1860 + 2342 ql_unary_expr - 930 + 1171 index - 32 + 2 child - 1860 + 2342 @@ -16354,7 +20567,7 @@ 2 3 - 930 + 1171 @@ -16370,7 +20583,7 @@ 2 3 - 930 + 1171 @@ -16384,9 +20597,9 @@ 12 - 57 - 58 - 32 + 1171 + 1172 + 2 @@ -16400,9 +20613,9 @@ 12 - 57 - 58 - 32 + 1171 + 1172 + 2 @@ -16418,7 +20631,7 @@ 1 2 - 1860 + 2342 @@ -16434,7 +20647,7 @@ 1 2 - 1860 + 2342 @@ -16444,11 +20657,11 @@ ql_unary_expr_def - 930 + 1171 id - 930 + 1171 @@ -16521,7 +20734,7 @@ 1 2 - 16 + 1 @@ -16537,7 +20750,7 @@ 1 2 - 16 + 1 @@ -16613,7 +20826,7 @@ 1 2 - 16 + 1 @@ -16629,7 +20842,7 @@ 1 2 - 16 + 1 @@ -16672,7 +20885,7 @@ 1 2 - 16 + 1 @@ -16688,7 +20901,7 @@ 1 2 - 16 + 1 @@ -16698,19 +20911,19 @@ ql_var_decl_child - 334280 + 258882 ql_var_decl - 167140 + 129441 index - 32 + 2 child - 334280 + 258882 @@ -16724,7 +20937,7 @@ 2 3 - 167140 + 129441 @@ -16740,7 +20953,7 @@ 2 3 - 167140 + 129441 @@ -16754,9 +20967,9 @@ 12 - 10239 - 10240 - 32 + 129441 + 129442 + 2 @@ -16770,9 +20983,9 @@ 12 - 10239 - 10240 - 32 + 129441 + 129442 + 2 @@ -16788,7 +21001,7 @@ 1 2 - 334280 + 258882 @@ -16804,7 +21017,7 @@ 1 2 - 334280 + 258882 @@ -16814,26 +21027,26 @@ ql_var_decl_def - 167140 + 129441 id - 167140 + 129441 ql_var_name_def - 530835 + 415356 id - 530835 + 415356 child - 530835 + 415356 @@ -16847,7 +21060,7 @@ 1 2 - 530835 + 415356 @@ -16863,7 +21076,7 @@ 1 2 - 530835 + 415356 @@ -16873,15 +21086,15 @@ ql_variable_def - 482680 + 393587 id - 482680 + 393587 child - 482680 + 393587 @@ -16895,7 +21108,7 @@ 1 2 - 482680 + 393587 @@ -16911,414 +21124,7 @@ 1 2 - 482680 - - - - - - - - - ql_yaml_comment_def - 1 - - - id - 1 - - - child - 1 - - - - - id - child - - - 12 - - - 1 - 2 - 1 - - - - - - - child - id - - - 12 - - - 1 - 2 - 1 - - - - - - - - - ql_yaml_entry_def - 636 - - - id - 636 - - - child - 636 - - - - - id - child - - - 12 - - - 1 - 2 - 636 - - - - - - - child - id - - - 12 - - - 1 - 2 - 636 - - - - - - - - - ql_yaml_key_child - 930 - - - ql_yaml_key - 734 - - - index - 32 - - - child - 930 - - - - - ql_yaml_key - index - - - 12 - - - 1 - 2 - 538 - - - 2 - 3 - 195 - - - - - - - ql_yaml_key - child - - - 12 - - - 1 - 2 - 538 - - - 2 - 3 - 195 - - - - - - - index - ql_yaml_key - - - 12 - - - 12 - 13 - 16 - - - 45 - 46 - 16 - - - - - - - index - child - - - 12 - - - 12 - 13 - 16 - - - 45 - 46 - 16 - - - - - - - child - ql_yaml_key - - - 12 - - - 1 - 2 - 930 - - - - - - - child - index - - - 12 - - - 1 - 2 - 930 - - - - - - - - - ql_yaml_key_def - 734 - - - id - 734 - - - - - - ql_yaml_keyvaluepair_def - 538 - - - id - 538 - - - key__ - 538 - - - value - 538 - - - - - id - key__ - - - 12 - - - 1 - 2 - 538 - - - - - - - id - value - - - 12 - - - 1 - 2 - 538 - - - - - - - key__ - id - - - 12 - - - 1 - 2 - 538 - - - - - - - key__ - value - - - 12 - - - 1 - 2 - 538 - - - - - - - value - id - - - 12 - - - 1 - 2 - 538 - - - - - - - value - key__ - - - 12 - - - 1 - 2 - 538 - - - - - - - - - ql_yaml_listitem_def - 97 - - - id - 97 - - - child - 97 - - - - - id - child - - - 12 - - - 1 - 2 - 97 - - - - - - - child - id - - - 12 - - - 1 - 2 - 97 + 393587 @@ -17328,14 +21134,1421 @@ sourceLocationPrefix - 16 + 1 prefix - 16 + 1 + + yaml + 1348 + + + id + 1348 + + + kind + 3 + + + parent + 304 + + + idx + 21 + + + tag + 5 + + + tostring + 236 + + + + + id + kind + + + 12 + + + 1 + 2 + 1348 + + + + + + + id + parent + + + 12 + + + 1 + 2 + 1348 + + + + + + + id + idx + + + 12 + + + 1 + 2 + 1348 + + + + + + + id + tag + + + 12 + + + 1 + 2 + 1348 + + + + + + + id + tostring + + + 12 + + + 1 + 2 + 1348 + + + + + + + kind + id + + + 12 + + + 52 + 53 + 1 + + + 160 + 161 + 1 + + + 1136 + 1137 + 1 + + + + + + + kind + parent + + + 12 + + + 49 + 50 + 1 + + + 160 + 161 + 1 + + + 212 + 213 + 1 + + + + + + + kind + idx + + + 12 + + + 8 + 9 + 1 + + + 9 + 10 + 1 + + + 21 + 22 + 1 + + + + + + + kind + tag + + + 12 + + + 1 + 2 + 2 + + + 3 + 4 + 1 + + + + + + + kind + tostring + + + 12 + + + 32 + 33 + 1 + + + 59 + 60 + 1 + + + 145 + 146 + 1 + + + + + + + parent + id + + + 12 + + + 1 + 2 + 104 + + + 2 + 3 + 68 + + + 3 + 5 + 25 + + + 6 + 7 + 47 + + + 8 + 9 + 18 + + + 10 + 15 + 25 + + + 16 + 21 + 17 + + + + + + + parent + kind + + + 12 + + + 1 + 2 + 230 + + + 2 + 3 + 31 + + + 3 + 4 + 43 + + + + + + + parent + idx + + + 12 + + + 1 + 2 + 104 + + + 2 + 3 + 68 + + + 3 + 5 + 25 + + + 6 + 7 + 47 + + + 8 + 9 + 18 + + + 10 + 15 + 25 + + + 16 + 21 + 17 + + + + + + + parent + tag + + + 12 + + + 1 + 2 + 215 + + + 2 + 3 + 40 + + + 3 + 4 + 24 + + + 4 + 5 + 25 + + + + + + + parent + tostring + + + 12 + + + 1 + 2 + 104 + + + 2 + 3 + 68 + + + 3 + 4 + 19 + + + 4 + 5 + 29 + + + 5 + 6 + 5 + + + 6 + 7 + 25 + + + 8 + 11 + 23 + + + 11 + 17 + 23 + + + 17 + 19 + 8 + + + + + + + idx + id + + + 12 + + + 6 + 7 + 2 + + + 10 + 11 + 2 + + + 17 + 18 + 2 + + + 20 + 21 + 2 + + + 31 + 32 + 2 + + + 42 + 43 + 2 + + + 60 + 61 + 2 + + + 107 + 108 + 2 + + + 126 + 127 + 1 + + + 132 + 133 + 1 + + + 144 + 145 + 1 + + + 160 + 161 + 1 + + + 200 + 201 + 1 + + + + + + + idx + kind + + + 12 + + + 1 + 2 + 11 + + + 2 + 3 + 3 + + + 3 + 4 + 7 + + + + + + + idx + parent + + + 12 + + + 6 + 7 + 2 + + + 10 + 11 + 2 + + + 17 + 18 + 2 + + + 20 + 21 + 2 + + + 31 + 32 + 2 + + + 42 + 43 + 2 + + + 60 + 61 + 2 + + + 107 + 108 + 2 + + + 126 + 127 + 1 + + + 132 + 133 + 1 + + + 144 + 145 + 1 + + + 160 + 161 + 1 + + + 200 + 201 + 1 + + + + + + + idx + tag + + + 12 + + + 1 + 2 + 11 + + + 2 + 3 + 3 + + + 3 + 4 + 2 + + + 4 + 5 + 4 + + + 5 + 6 + 1 + + + + + + + idx + tostring + + + 12 + + + 1 + 2 + 2 + + + 2 + 3 + 1 + + + 3 + 4 + 2 + + + 4 + 5 + 1 + + + 6 + 7 + 1 + + + 7 + 8 + 1 + + + 8 + 9 + 2 + + + 10 + 11 + 1 + + + 12 + 13 + 1 + + + 17 + 18 + 1 + + + 19 + 20 + 1 + + + 24 + 25 + 2 + + + 28 + 29 + 1 + + + 37 + 38 + 1 + + + 49 + 50 + 1 + + + 71 + 72 + 1 + + + 72 + 73 + 1 + + + + + + + tag + id + + + 12 + + + 2 + 3 + 1 + + + 52 + 53 + 1 + + + 59 + 60 + 1 + + + 160 + 161 + 1 + + + 1075 + 1076 + 1 + + + + + + + tag + kind + + + 12 + + + 1 + 2 + 5 + + + + + + + tag + parent + + + 12 + + + 2 + 3 + 1 + + + 44 + 45 + 1 + + + 49 + 50 + 1 + + + 160 + 161 + 1 + + + 212 + 213 + 1 + + + + + + + tag + idx + + + 12 + + + 1 + 2 + 1 + + + 8 + 9 + 2 + + + 9 + 10 + 1 + + + 18 + 19 + 1 + + + + + + + tag + tostring + + + 12 + + + 1 + 2 + 1 + + + 2 + 3 + 1 + + + 32 + 33 + 1 + + + 59 + 60 + 1 + + + 142 + 143 + 1 + + + + + + + tostring + id + + + 12 + + + 1 + 2 + 123 + + + 2 + 3 + 29 + + + 3 + 5 + 21 + + + 5 + 8 + 15 + + + 8 + 10 + 15 + + + 10 + 17 + 20 + + + 18 + 104 + 13 + + + + + + + tostring + kind + + + 12 + + + 1 + 2 + 236 + + + + + + + tostring + parent + + + 12 + + + 1 + 2 + 123 + + + 2 + 3 + 29 + + + 3 + 5 + 21 + + + 5 + 8 + 19 + + + 8 + 11 + 21 + + + 11 + 45 + 18 + + + 49 + 84 + 5 + + + + + + + tostring + idx + + + 12 + + + 1 + 2 + 159 + + + 2 + 3 + 35 + + + 3 + 4 + 20 + + + 4 + 7 + 20 + + + 8 + 9 + 2 + + + + + + + tostring + tag + + + 12 + + + 1 + 2 + 236 + + + + + + + + + yaml_aliases + 0 + + + alias + 0 + + + target + 0 + + + + + alias + target + + + 12 + + + 1 + 2 + 1 + + + + + + + target + alias + + + 12 + + + + + + + + yaml_anchors + 0 + + + node + 0 + + + anchor + 0 + + + + + node + anchor + + + 12 + + + 1 + 2 + 1 + + + + + + + anchor + node + + + 12 + + + + + + + + yaml_errors + 0 + + + id + 0 + + + message + 0 + + + + + id + message + + + 12 + + + 1 + 2 + 1 + + + + + + + message + id + + + 12 + + + + + + + + yaml_locations + 1348 + + + locatable + 1348 + + + location + 1348 + + + + + locatable + location + + + 12 + + + 1 + 2 + 1348 + + + + + + + location + locatable + + + 12 + + + 1 + 2 + 1348 + + + + + + + + + yaml_scalars + 1136 + + + scalar + 1136 + + + style + 3 + + + value + 176 + + + + + scalar + style + + + 12 + + + 1 + 2 + 1136 + + + + + + + scalar + value + + + 12 + + + 1 + 2 + 1136 + + + + + + + style + scalar + + + 12 + + + 3 + 4 + 1 + + + 40 + 41 + 1 + + + 1093 + 1094 + 1 + + + + + + + style + value + + + 12 + + + 1 + 2 + 1 + + + 2 + 3 + 1 + + + 173 + 174 + 1 + + + + + + + value + scalar + + + 12 + + + 1 + 2 + 89 + + + 2 + 3 + 17 + + + 3 + 4 + 13 + + + 4 + 7 + 15 + + + 7 + 10 + 14 + + + 10 + 17 + 16 + + + 18 + 104 + 12 + + + + + + + value + style + + + 12 + + + 1 + 2 + 176 + + + + + + + diff --git a/ruby/ql/lib/ruby.dbscheme.stats b/ruby/ql/lib/ruby.dbscheme.stats index 5bd381c4691..e7d7f5e27eb 100644 --- a/ruby/ql/lib/ruby.dbscheme.stats +++ b/ruby/ql/lib/ruby.dbscheme.stats @@ -21,7 +21,7 @@ @erb_directive - 1256 + 1225 @erb_graphql_directive @@ -29,79 +29,79 @@ @erb_output_directive - 3611 + 3555 @erb_reserved_word - 9736 + 9567 @erb_template - 1530 + 1531 @erb_token_code - 4868 + 4781 @erb_token_comment - 40 + 27 @erb_token_content - 5067 + 4977 @file - 17807 + 18245 @folder - 4918 + 5002 @location_default - 8869712 + 9022418 @ruby_alias - 1296 + 1307 @ruby_alternative_pattern - 4 + 9 @ruby_argument_list - 680897 + 691738 @ruby_array - 247397 + 248289 @ruby_array_pattern - 92 + 178 @ruby_as_pattern - 11 + 153 @ruby_assignment - 135169 + 137583 @ruby_bare_string - 12040 + 12799 @ruby_bare_symbol - 8209 + 7967 @ruby_begin - 2581 + 2590 @ruby_begin_block @@ -109,23 +109,23 @@ @ruby_binary_ampersand - 499 + 570 @ruby_binary_ampersandampersand - 8259 + 8179 @ruby_binary_and - 1227 + 1233 @ruby_binary_bangequal - 1474 + 1459 @ruby_binary_bangtilde - 176 + 168 @ruby_binary_caret @@ -133,127 +133,127 @@ @ruby_binary_equalequal - 32420 + 32934 @ruby_binary_equalequalequal - 654 + 656 @ruby_binary_equaltilde - 1805 + 1800 @ruby_binary_langle - 1211 + 1181 @ruby_binary_langleequal - 387 + 407 @ruby_binary_langleequalrangle - 775 + 778 @ruby_binary_langlelangle - 10557 + 10731 @ruby_binary_minus - 2462 + 2691 @ruby_binary_or - 631 + 635 @ruby_binary_percent - 1034 + 979 @ruby_binary_pipe - 988 + 1000 @ruby_binary_pipepipe - 7543 + 7430 @ruby_binary_plus - 6317 + 6453 @ruby_binary_rangle - 2226 + 2129 @ruby_binary_rangleequal - 581 + 595 @ruby_binary_ranglerangle - 233 + 234 @ruby_binary_slash - 1256 + 1269 @ruby_binary_star - 3448 + 3560 @ruby_binary_starstar - 1346 + 1358 @ruby_block - 99265 + 101695 @ruby_block_argument - 6302 + 6477 @ruby_block_body - 98952 + 101379 @ruby_block_parameter - 2506 + 2569 @ruby_block_parameters - 24306 + 24941 @ruby_body_statement - 205353 + 208998 @ruby_break - 3367 + 3434 @ruby_call - 991099 + 1006605 @ruby_case__ - 1243 + 1289 @ruby_case_match - 160 + 234 @ruby_chained_string - 871 + 884 @ruby_class - 17080 + 17258 @ruby_complex @@ -261,11 +261,11 @@ @ruby_conditional - 2961 + 2954 @ruby_delimited_symbol - 1265 + 1258 @ruby_destructured_left_assignment @@ -277,39 +277,39 @@ @ruby_do - 1658 + 1681 @ruby_do_block - 140072 + 142452 @ruby_element_reference - 81756 + 80778 @ruby_else - 7308 + 7505 @ruby_elsif - 1523 + 1510 @ruby_end_block - 11 + 13 @ruby_ensure - 3943 + 3981 @ruby_exception_variable - 938 + 924 @ruby_exceptions - 1977 + 1938 @ruby_expression_reference_pattern @@ -321,11 +321,11 @@ @ruby_for - 159 + 158 @ruby_hash - 40259 + 40888 @ruby_hash_pattern @@ -333,43 +333,43 @@ @ruby_hash_splat_argument - 1897 + 1902 @ruby_hash_splat_parameter - 1490 + 1596 @ruby_heredoc_body - 6201 + 6178 @ruby_if - 16550 + 16391 @ruby_if_guard - 7 + 9 @ruby_if_modifier - 14604 + 14611 @ruby_in - 159 + 158 @ruby_in_clause - 183 + 385 @ruby_interpolation - 38083 + 38305 @ruby_keyword_parameter - 4076 + 4144 @ruby_keyword_pattern @@ -377,35 +377,35 @@ @ruby_lambda - 7714 + 7948 @ruby_lambda_parameters - 1670 + 1762 @ruby_left_assignment_list - 2998 + 2994 @ruby_match_pattern - 29 + 31 @ruby_method - 100844 + 102124 @ruby_method_parameters - 30153 + 30832 @ruby_module - 22073 + 22353 @ruby_next - 1938 + 1902 @ruby_operator_assignment_ampersandampersandequal @@ -413,7 +413,7 @@ @ruby_operator_assignment_ampersandequal - 17 + 18 @ruby_operator_assignment_caretequal @@ -425,7 +425,7 @@ @ruby_operator_assignment_minusequal - 293 + 300 @ruby_operator_assignment_percentequal @@ -433,19 +433,19 @@ @ruby_operator_assignment_pipeequal - 153 + 156 @ruby_operator_assignment_pipepipeequal - 4275 + 4190 @ruby_operator_assignment_plusequal - 1631 + 1647 @ruby_operator_assignment_ranglerangleequal - 8 + 10 @ruby_operator_assignment_slashequal @@ -453,7 +453,7 @@ @ruby_operator_assignment_starequal - 51 + 52 @ruby_operator_assignment_starstarequal @@ -461,39 +461,39 @@ @ruby_optional_parameter - 6637 + 6636 @ruby_pair - 242507 + 248347 @ruby_parenthesized_pattern - 3 + 8 @ruby_parenthesized_statements - 10740 + 10912 @ruby_pattern - 3965 + 4153 @ruby_program - 17781 + 18219 @ruby_range_dotdot - 3093 + 3136 @ruby_range_dotdotdot - 1589 + 1634 @ruby_rational - 137 + 138 @ruby_redo @@ -501,79 +501,79 @@ @ruby_regex - 13183 + 13350 @ruby_rescue - 2397 + 2346 @ruby_rescue_modifier - 449 + 448 @ruby_reserved_word - 3764432 + 3820965 @ruby_rest_assignment - 400 + 401 @ruby_retry - 59 + 60 @ruby_return - 8235 + 8197 @ruby_right_assignment_list - 1219 + 1224 @ruby_scope_resolution - 83088 + 84884 @ruby_setter - 637 + 653 @ruby_singleton_class - 646 + 663 @ruby_singleton_method - 6499 + 6459 @ruby_splat_argument - 3197 + 3454 @ruby_splat_parameter - 3081 + 3192 @ruby_string__ - 482129 + 485218 @ruby_string_array - 4039 + 4213 @ruby_subshell - 391 + 365 @ruby_superclass - 13478 + 13666 @ruby_symbol_array - 2253 + 2170 @ruby_test_pattern @@ -581,23 +581,23 @@ @ruby_then - 22700 + 22451 @ruby_token_character - 434 + 432 @ruby_token_class_variable - 861 + 868 @ruby_token_comment - 185741 + 190672 @ruby_token_constant - 289729 + 294731 @ruby_token_empty_statement @@ -609,11 +609,11 @@ @ruby_token_escape_sequence - 77588 + 77855 @ruby_token_false - 17355 + 17433 @ruby_token_file @@ -621,51 +621,51 @@ @ruby_token_float - 8231 + 8491 @ruby_token_forward_argument - 73 + 79 @ruby_token_forward_parameter - 135 + 144 @ruby_token_global_variable - 7280 + 7342 @ruby_token_hash_key_symbol - 235789 + 241330 @ruby_token_hash_splat_nil - 10 + 11 @ruby_token_heredoc_beginning - 6200 + 6177 @ruby_token_heredoc_content - 13061 + 12929 @ruby_token_heredoc_end - 6201 + 6178 @ruby_token_identifier - 1525530 + 1551542 @ruby_token_instance_variable - 86226 + 87122 @ruby_token_integer - 304026 + 306586 @ruby_token_line @@ -673,31 +673,31 @@ @ruby_token_nil - 18433 + 18636 @ruby_token_operator - 841 + 849 @ruby_token_self - 13537 + 13755 @ruby_token_simple_symbol - 258332 + 261524 @ruby_token_string_content - 498065 + 502063 @ruby_token_super - 5249 + 5313 @ruby_token_true - 23930 + 24277 @ruby_token_uninterpreted @@ -705,35 +705,35 @@ @ruby_unary_bang - 5812 + 5952 @ruby_unary_definedquestion - 1335 + 1301 @ruby_unary_minus - 9549 + 9633 @ruby_unary_not - 189 + 190 @ruby_unary_plus - 1425 + 1427 @ruby_unary_tilde - 89 + 98 @ruby_undef - 181 + 182 @ruby_unless - 2631 + 2663 @ruby_unless_guard @@ -741,7 +741,7 @@ @ruby_unless_modifier - 3682 + 3505 @ruby_until @@ -749,7 +749,7 @@ @ruby_until_modifier - 226 + 234 @ruby_variable_reference_pattern @@ -757,32 +757,52 @@ @ruby_when - 3312 + 3392 @ruby_while - 1376 + 1400 @ruby_while_modifier - 193 + 194 @ruby_yield - 2450 + 2477 + + + @yaml_alias_node + 0 + + + @yaml_error + 0 + + + @yaml_mapping_node + 0 + + + @yaml_scalar_node + 0 + + + @yaml_sequence_node + 0 containerparent - 22699 + 23222 parent - 4918 + 5002 child - 22699 + 23222 @@ -796,37 +816,37 @@ 1 2 - 2230 + 2290 2 3 - 939 + 934 3 4 - 417 + 421 4 5 - 300 + 315 5 7 - 404 + 408 7 - 13 - 378 + 14 + 408 - 13 - 125 - 247 + 14 + 126 + 223 @@ -842,7 +862,7 @@ 1 2 - 22699 + 23222 @@ -852,11 +872,11 @@ diagnostics - 156 + 157 id - 156 + 157 severity @@ -872,11 +892,11 @@ full_error_message - 117 + 118 location - 156 + 157 @@ -890,7 +910,7 @@ 1 2 - 156 + 157 @@ -906,7 +926,7 @@ 1 2 - 156 + 157 @@ -922,7 +942,7 @@ 1 2 - 156 + 157 @@ -938,7 +958,7 @@ 1 2 - 156 + 157 @@ -954,7 +974,7 @@ 1 2 - 156 + 157 @@ -1246,7 +1266,7 @@ 1 2 - 117 + 118 @@ -1262,7 +1282,7 @@ 1 2 - 117 + 118 @@ -1278,7 +1298,7 @@ 1 2 - 117 + 118 @@ -1315,7 +1335,7 @@ 1 2 - 156 + 157 @@ -1331,7 +1351,7 @@ 1 2 - 156 + 157 @@ -1347,7 +1367,7 @@ 1 2 - 156 + 157 @@ -1363,7 +1383,7 @@ 1 2 - 156 + 157 @@ -1379,7 +1399,7 @@ 1 2 - 156 + 157 @@ -1389,23 +1409,23 @@ erb_ast_node_info - 24922 + 24486 node - 24922 + 24486 parent - 5633 + 5532 parent_index - 616 + 608 loc - 24919 + 24484 @@ -1419,7 +1439,7 @@ 1 2 - 24922 + 24486 @@ -1435,7 +1455,7 @@ 1 2 - 24922 + 24486 @@ -1451,7 +1471,7 @@ 1 2 - 24922 + 24486 @@ -1467,17 +1487,17 @@ 1 3 - 393 + 384 3 4 - 4996 + 4908 4 - 236 - 243 + 240 + 239 @@ -1493,17 +1513,17 @@ 1 3 - 393 + 384 3 4 - 4996 + 4908 4 - 236 - 243 + 240 + 239 @@ -1519,17 +1539,17 @@ 1 3 - 393 + 384 3 4 - 4996 + 4908 4 - 236 - 243 + 240 + 239 @@ -1545,62 +1565,62 @@ 1 2 - 23 + 33 2 3 - 99 + 84 3 4 - 2 + 12 4 5 - 102 + 101 5 6 - 55 + 53 6 7 - 52 + 50 7 8 - 44 + 43 8 14 - 52 + 50 14 23 - 55 + 53 - 23 - 38 - 47 + 24 + 39 + 45 - 39 + 41 62 - 47 + 45 65 - 2149 - 34 + 2173 + 33 @@ -1616,62 +1636,62 @@ 1 2 - 23 + 33 2 3 - 99 + 84 3 4 - 2 + 12 4 5 - 102 + 101 5 6 - 55 + 53 6 7 - 52 + 50 7 8 - 44 + 43 8 14 - 52 + 50 14 23 - 55 + 53 - 23 - 38 - 47 + 24 + 39 + 45 - 39 + 41 62 - 47 + 45 65 - 2149 - 34 + 2173 + 33 @@ -1687,62 +1707,62 @@ 1 2 - 23 + 33 2 3 - 99 + 84 3 4 - 2 + 12 4 5 - 102 + 101 5 6 - 55 + 53 6 7 - 52 + 50 7 8 - 44 + 43 8 14 - 52 + 50 14 23 - 55 + 53 - 23 - 38 - 47 + 24 + 39 + 45 - 39 + 41 62 - 47 + 45 65 - 2148 - 34 + 2172 + 33 @@ -1758,7 +1778,7 @@ 1 2 - 24917 + 24481 2 @@ -1779,7 +1799,7 @@ 1 2 - 24917 + 24481 2 @@ -1800,7 +1820,7 @@ 1 2 - 24919 + 24484 @@ -1810,15 +1830,15 @@ erb_comment_directive_child - 40 + 27 erb_comment_directive - 40 + 27 child - 40 + 27 @@ -1832,7 +1852,7 @@ 1 2 - 40 + 27 @@ -1848,7 +1868,7 @@ 1 2 - 40 + 27 @@ -1858,26 +1878,26 @@ erb_comment_directive_def - 40 + 27 id - 40 + 27 erb_directive_child - 1256 + 1225 erb_directive - 1256 + 1225 child - 1256 + 1225 @@ -1891,7 +1911,7 @@ 1 2 - 1256 + 1225 @@ -1907,7 +1927,7 @@ 1 2 - 1256 + 1225 @@ -1917,11 +1937,11 @@ erb_directive_def - 1256 + 1225 id - 1256 + 1225 @@ -1987,15 +2007,15 @@ erb_output_directive_child - 3611 + 3555 erb_output_directive - 3611 + 3555 child - 3611 + 3555 @@ -2009,7 +2029,7 @@ 1 2 - 3611 + 3555 @@ -2025,7 +2045,7 @@ 1 2 - 3611 + 3555 @@ -2035,30 +2055,30 @@ erb_output_directive_def - 3611 + 3555 id - 3611 + 3555 erb_template_child - 9935 + 9761 erb_template - 382 + 374 index - 616 + 608 child - 9935 + 9761 @@ -2077,52 +2097,47 @@ 3 4 - 128 + 124 4 7 - 23 + 25 7 - 10 - 28 + 11 + 30 - 10 - 14 - 31 + 11 + 15 + 33 - 14 - 23 - 28 + 15 + 26 + 30 - 23 - 30 - 28 + 27 + 35 + 30 - 31 - 38 - 28 + 35 + 50 + 33 - 39 - 59 - 28 + 53 + 78 + 30 - 63 - 108 - 28 - - - 127 - 236 - 15 + 82 + 240 + 25 @@ -2143,52 +2158,47 @@ 3 4 - 128 + 124 4 7 - 23 + 25 7 - 10 - 28 + 11 + 30 - 10 - 14 - 31 + 11 + 15 + 33 - 14 - 23 - 28 + 15 + 26 + 30 - 23 - 30 - 28 + 27 + 35 + 30 - 31 - 38 - 28 + 35 + 50 + 33 - 39 - 59 - 28 + 53 + 78 + 30 - 63 - 108 - 28 - - - 127 - 236 - 15 + 82 + 240 + 25 @@ -2204,62 +2214,62 @@ 1 2 - 23 + 33 2 3 - 99 + 84 3 4 - 2 + 12 4 5 - 102 + 101 5 6 - 55 + 53 6 7 - 52 + 50 7 8 - 44 + 43 8 14 - 52 + 50 14 23 - 55 + 53 - 23 - 38 - 47 + 24 + 39 + 45 - 39 + 41 62 - 47 + 45 65 - 147 - 34 + 148 + 33 @@ -2275,62 +2285,62 @@ 1 2 - 23 + 33 2 3 - 99 + 84 3 4 - 2 + 12 4 5 - 102 + 101 5 6 - 55 + 53 6 7 - 52 + 50 7 8 - 44 + 43 8 14 - 52 + 50 14 23 - 55 + 53 - 23 - 38 - 47 + 24 + 39 + 45 - 39 + 41 62 - 47 + 45 65 - 147 - 34 + 148 + 33 @@ -2346,7 +2356,7 @@ 1 2 - 9935 + 9761 @@ -2362,7 +2372,7 @@ 1 2 - 9935 + 9761 @@ -2372,30 +2382,30 @@ erb_template_def - 1530 + 1531 id - 1530 + 1531 erb_tokeninfo - 19671 + 19328 id - 19671 + 19328 kind - 7 + 10 value - 5376 + 5305 @@ -2409,7 +2419,7 @@ 1 2 - 19671 + 19328 @@ -2425,7 +2435,7 @@ 1 2 - 19671 + 19328 @@ -2439,18 +2449,23 @@ 12 - 1856 - 1857 + 1 + 2 2 - 1932 - 1933 + 1877 + 1878 2 - 3712 - 3713 + 1954 + 1955 + 2 + + + 3756 + 3757 2 @@ -2465,18 +2480,23 @@ 12 - 5 - 6 + 1 + 2 2 - 970 - 971 + 6 + 7 2 - 1075 - 1076 + 992 + 993 + 2 + + + 1084 + 1085 2 @@ -2493,17 +2513,17 @@ 1 2 - 4351 + 4289 2 3 - 637 + 636 3 - 1789 - 388 + 1811 + 379 @@ -2519,7 +2539,7 @@ 1 2 - 5376 + 5305 @@ -2529,15 +2549,15 @@ files - 17807 + 18245 id - 17807 + 18245 name - 17807 + 18245 @@ -2551,7 +2571,7 @@ 1 2 - 17807 + 18245 @@ -2567,7 +2587,7 @@ 1 2 - 17807 + 18245 @@ -2577,15 +2597,15 @@ folders - 4918 + 5002 id - 4918 + 5002 name - 4918 + 5002 @@ -2599,7 +2619,7 @@ 1 2 - 4918 + 5002 @@ -2615,7 +2635,7 @@ 1 2 - 4918 + 5002 @@ -2625,31 +2645,31 @@ locations_default - 8869712 + 9022418 id - 8869712 + 9022418 file - 17807 + 18245 - startLine - 30866 + beginLine + 31147 - startColumn - 5140 + beginColumn + 5186 endLine - 30866 + 31147 endColumn - 5244 + 5292 @@ -2663,7 +2683,7 @@ 1 2 - 8869712 + 9022418 @@ -2671,7 +2691,7 @@ id - startLine + beginLine 12 @@ -2679,7 +2699,7 @@ 1 2 - 8869712 + 9022418 @@ -2687,7 +2707,7 @@ id - startColumn + beginColumn 12 @@ -2695,7 +2715,7 @@ 1 2 - 8869712 + 9022418 @@ -2711,7 +2731,7 @@ 1 2 - 8869712 + 9022418 @@ -2727,7 +2747,7 @@ 1 2 - 8869712 + 9022418 @@ -2743,67 +2763,72 @@ 1 32 - 1382 + 1434 32 - 49 - 1369 - - - 49 - 72 - 1395 - - - 72 - 95 - 1565 - - - 95 - 126 - 1356 - - - 127 - 168 + 47 1382 - 168 - 218 - 1421 + 47 + 70 + 1369 - 218 - 276 - 1343 + 70 + 91 + 1369 - 276 - 357 - 1343 + 91 + 117 + 1369 - 358 - 501 - 1343 + 117 + 159 + 1395 - 505 - 742 - 1343 + 159 + 208 + 1408 - 752 - 1510 - 1343 + 208 + 256 + 1369 - 1510 + 256 + 326 + 1408 + + + 327 + 444 + 1382 + + + 444 + 671 + 1369 + + + 671 + 1185 + 1369 + + + 1186 + 4592 + 1369 + + + 4636 22841 - 1213 + 250 @@ -2811,7 +2836,7 @@ file - startLine + beginLine 12 @@ -2819,67 +2844,67 @@ 1 7 - 1226 + 1342 7 10 - 1578 + 1632 10 13 - 1461 + 1434 13 16 - 1552 + 1592 16 20 - 1591 + 1579 20 - 25 - 1474 - - - 25 - 31 - 1487 - - - 31 - 38 + 24 1369 - 38 - 49 - 1461 + 24 + 30 + 1448 - 49 - 69 + 30 + 37 + 1487 + + + 37 + 47 1395 - 69 - 117 - 1343 + 47 + 64 + 1382 - 118 - 262 - 1343 + 64 + 99 + 1382 - 264 + 100 + 207 + 1382 + + + 207 2339 - 521 + 816 @@ -2887,7 +2912,7 @@ file - startColumn + beginColumn 12 @@ -2895,32 +2920,32 @@ 1 16 - 1448 + 1487 16 - 24 - 1369 - - - 24 - 31 - 1343 - - - 31 - 40 - 1500 - - - 40 - 46 + 23 1395 - 46 + 23 + 30 + 1382 + + + 30 + 39 + 1369 + + + 39 + 45 + 1527 + + + 45 52 - 1408 + 1566 52 @@ -2929,33 +2954,33 @@ 59 - 66 - 1369 + 67 + 1566 - 66 - 72 - 1356 + 67 + 73 + 1448 - 72 - 81 + 73 + 82 + 1408 + + + 82 + 94 + 1448 + + + 94 + 114 1395 - 81 - 93 - 1474 - - - 93 - 112 - 1343 - - - 112 + 114 357 - 1030 + 882 @@ -2971,67 +2996,67 @@ 1 7 - 1213 + 1342 7 10 - 1552 + 1592 10 13 - 1487 + 1461 13 16 - 1526 + 1566 16 20 - 1604 + 1592 20 - 25 - 1487 + 24 + 1382 - 25 - 31 - 1500 - - - 31 - 38 - 1369 - - - 38 - 49 + 24 + 30 1461 - 49 - 69 + 30 + 37 + 1487 + + + 37 + 47 1395 - 69 - 117 - 1343 + 47 + 64 + 1382 - 118 - 262 - 1343 + 64 + 99 + 1382 - 264 + 100 + 207 + 1382 + + + 207 2339 - 521 + 816 @@ -3047,32 +3072,32 @@ 1 20 - 1539 + 1632 20 - 29 - 1421 + 28 + 1395 - 29 + 28 36 - 1382 + 1513 36 45 - 1435 + 1434 45 51 - 1474 + 1487 51 58 - 1474 + 1513 58 @@ -3082,39 +3107,39 @@ 66 73 - 1474 + 1500 73 80 - 1382 + 1448 80 - 90 - 1408 + 89 + 1421 - 90 + 89 102 - 1408 + 1474 102 - 127 - 1356 + 128 + 1369 - 127 + 128 367 - 547 + 552 - startLine + beginLine id @@ -3123,79 +3148,79 @@ 1 2 - 1552 + 1566 2 5 - 1604 + 1592 5 6 - 3378 + 3409 6 10 - 2609 + 2646 10 17 - 2791 + 2804 17 24 - 2361 + 2409 24 - 40 - 2361 + 43 + 2382 - 40 - 77 - 2322 + 43 + 78 + 2369 - 77 - 117 - 2361 + 78 + 118 + 2395 - 117 - 170 - 2335 + 118 + 174 + 2343 - 170 - 265 - 2322 + 174 + 268 + 2356 - 266 - 724 - 2322 + 271 + 751 + 2343 - 729 - 6336 - 2322 + 757 + 7072 + 2343 - 6613 - 10642 - 221 + 7434 + 10856 + 184 - startLine + beginLine file @@ -3204,55 +3229,55 @@ 1 2 - 9993 + 10083 2 3 - 5557 + 5555 3 6 - 2361 + 2343 6 9 - 2400 + 2330 9 14 - 2387 + 2501 14 - 22 - 2570 + 21 + 2356 - 22 - 52 - 2335 + 21 + 44 + 2356 - 52 - 247 - 2322 + 44 + 179 + 2356 - 249 - 1365 - 939 + 180 + 1386 + 1263 - startLine - startColumn + beginLine + beginColumn 12 @@ -3260,79 +3285,79 @@ 1 2 - 1552 + 1566 2 3 - 1500 + 1474 3 4 - 2322 + 2356 4 6 - 2570 + 2606 6 8 - 1748 + 1777 8 13 - 2687 + 2711 13 18 - 2556 + 2474 18 29 - 2491 + 2540 29 - 43 - 2413 + 44 + 2343 - 43 - 57 - 2374 + 44 + 56 + 2422 - 57 - 70 - 2504 + 56 + 68 + 2409 - 70 - 88 - 2413 + 68 + 85 + 2448 - 88 - 115 - 2361 + 85 + 112 + 2369 - 115 + 112 205 - 1369 + 1645 - startLine + beginLine endLine @@ -3341,49 +3366,49 @@ 1 2 - 10984 + 11123 2 3 - 6418 + 6411 3 4 - 2243 + 2369 4 5 - 1735 + 1685 5 7 - 2530 + 2553 7 - 10 - 2452 + 11 + 2856 - 10 - 17 - 2361 + 11 + 19 + 2488 - 17 - 240 - 2139 + 19 + 242 + 1658 - startLine + beginLine endColumn @@ -3392,79 +3417,79 @@ 1 2 - 1552 + 1566 2 4 - 1604 + 1592 4 5 - 3431 + 3462 5 7 - 2074 + 2119 7 11 - 2687 + 2698 11 15 - 2400 + 2409 15 24 - 2517 + 2395 24 - 38 - 2322 + 39 + 2369 - 38 + 39 52 - 2439 + 2409 52 - 68 - 2439 + 65 + 2369 - 68 - 80 - 2322 + 65 + 79 + 2474 - 80 - 103 - 2452 + 79 + 101 + 2395 - 103 - 141 - 2348 + 101 + 135 + 2356 - 142 + 135 208 - 273 + 526 - startColumn + beginColumn id @@ -3473,71 +3498,71 @@ 1 2 - 469 + 473 2 3 - 587 + 592 3 4 - 247 + 250 4 5 - 273 + 276 5 6 - 313 + 315 6 9 - 456 + 460 9 16 - 404 + 408 16 44 - 391 + 394 45 - 176 - 391 + 177 + 394 - 177 - 780 - 391 + 180 + 796 + 394 - 796 - 2977 - 391 + 816 + 3017 + 394 - 2979 - 8059 - 391 + 3017 + 8160 + 394 - 8297 - 25331 - 391 + 8349 + 25541 + 394 - 28175 - 38665 + 28440 + 38986 39 @@ -3545,7 +3570,7 @@ - startColumn + beginColumn file @@ -3554,60 +3579,60 @@ 1 2 - 1421 + 1434 2 3 - 600 + 605 3 4 - 469 + 473 4 9 - 391 + 394 9 - 36 - 391 + 37 + 394 37 - 115 - 391 + 120 + 394 - 125 - 376 - 391 + 126 + 378 + 394 - 377 - 718 - 391 + 379 + 730 + 394 - 744 - 976 - 391 + 755 + 982 + 394 - 983 - 1365 - 300 + 992 + 1386 + 302 - startColumn - startLine + beginColumn + beginLine 12 @@ -3615,69 +3640,69 @@ 1 2 - 534 + 539 2 3 - 691 + 697 3 4 - 313 + 315 4 5 - 365 + 368 5 8 - 469 + 473 8 15 - 417 + 421 15 - 43 - 391 + 45 + 394 - 46 - 127 - 391 + 45 + 125 + 394 - 127 - 335 - 391 + 132 + 341 + 394 - 341 - 665 - 391 + 342 + 667 + 394 - 678 - 996 - 391 + 682 + 1002 + 394 - 996 - 1406 - 391 + 1003 + 1403 + 394 - startColumn + beginColumn endLine @@ -3686,69 +3711,69 @@ 1 2 - 534 + 539 2 3 - 691 + 697 3 4 - 313 + 315 4 5 - 365 + 368 5 8 - 469 + 473 8 15 - 417 + 421 15 - 43 - 391 + 45 + 394 48 - 128 - 391 + 125 + 394 - 128 - 339 - 391 + 133 + 345 + 394 - 345 - 683 - 391 + 346 + 687 + 394 - 690 - 1016 - 391 + 694 + 1029 + 408 - 1020 - 1413 - 391 + 1029 + 1409 + 381 - startColumn + beginColumn endColumn @@ -3757,52 +3782,52 @@ 1 2 - 1278 + 1290 2 3 - 691 + 697 3 4 - 508 + 513 4 6 - 430 + 434 6 - 16 - 417 + 15 + 394 - 17 - 38 - 404 + 15 + 37 + 394 - 38 - 69 - 404 + 37 + 66 + 394 - 69 - 105 - 391 + 66 + 98 + 394 - 105 - 129 - 404 + 100 + 126 + 394 - 129 - 179 - 208 + 126 + 180 + 276 @@ -3818,72 +3843,72 @@ 1 3 - 313 + 315 3 4 - 3404 + 3435 4 6 - 2465 + 2474 6 9 - 2322 + 2356 9 13 - 2426 + 2448 13 20 - 2400 + 2395 20 32 - 2400 + 2369 32 - 60 - 2322 + 61 + 2356 - 60 - 100 - 2374 + 61 + 102 + 2356 - 100 - 149 - 2322 + 102 + 145 + 2395 - 149 - 225 - 2322 + 145 + 219 + 2356 - 225 - 434 - 2322 + 219 + 436 + 2343 - 436 - 1796 - 2322 + 443 + 1758 + 2343 - 1804 - 10135 - 1148 + 1798 + 10208 + 1197 @@ -3899,47 +3924,47 @@ 1 2 - 9993 + 10083 2 3 - 5557 + 5555 3 6 - 2361 + 2343 6 9 - 2400 + 2330 9 14 - 2387 + 2501 14 - 22 - 2570 + 21 + 2343 - 22 - 52 - 2335 + 21 + 44 + 2369 - 52 - 247 - 2322 + 44 + 179 + 2356 - 249 - 1349 - 939 + 180 + 1370 + 1263 @@ -3947,7 +3972,7 @@ endLine - startLine + beginLine 12 @@ -3955,42 +3980,42 @@ 1 2 - 11180 + 11202 2 3 - 5701 + 5871 3 4 - 2570 + 2553 4 - 6 - 2843 + 5 + 1658 - 6 - 8 - 2113 + 5 + 7 + 2527 - 8 - 12 - 2491 + 7 + 11 + 2830 - 12 - 24 - 2400 + 11 + 20 + 2422 - 24 - 42 - 1565 + 20 + 43 + 2079 @@ -3998,7 +4023,7 @@ endLine - startColumn + beginColumn 12 @@ -4006,67 +4031,67 @@ 1 3 - 1565 + 1579 3 4 - 3404 + 3422 4 6 - 2739 + 2764 6 8 - 1656 + 1671 8 12 - 2426 + 2488 12 - 16 - 2322 + 17 + 2711 - 16 - 25 - 2413 + 17 + 28 + 2448 - 25 - 39 - 2400 + 28 + 43 + 2435 - 39 - 53 - 2543 + 43 + 55 + 2409 - 53 + 55 67 - 2322 + 2343 67 - 81 - 2439 + 82 + 2382 - 81 - 104 - 2387 + 82 + 107 + 2409 - 104 + 107 204 - 2243 + 2079 @@ -4082,72 +4107,72 @@ 1 2 - 1539 + 1553 2 3 - 1500 + 1474 3 4 - 2348 + 2382 4 6 - 2570 + 2606 6 8 - 1708 + 1737 8 13 - 2791 + 2777 13 18 - 2374 + 2435 18 - 29 - 2478 + 30 + 2514 - 29 - 44 - 2478 + 30 + 46 + 2567 - 44 + 46 59 - 2400 + 2409 59 - 73 - 2452 + 72 + 2369 - 73 - 90 - 2322 + 72 + 89 + 2409 - 90 - 116 - 2348 + 89 + 117 + 2435 - 116 + 117 208 - 1552 + 1474 @@ -4163,71 +4188,71 @@ 1 2 - 404 + 408 2 3 - 469 + 473 3 5 - 443 + 447 5 6 - 169 + 171 6 8 - 456 + 460 8 12 - 404 + 408 12 24 - 404 + 408 24 - 69 - 404 + 72 + 408 - 74 - 271 - 404 + 76 + 275 + 408 - 281 - 1173 - 404 + 277 + 1197 + 408 - 1201 - 3874 - 404 + 1227 + 3883 + 408 - 3947 - 8554 - 404 + 3987 + 8621 + 408 - 8939 - 11130 - 404 + 9003 + 11196 + 408 - 11421 - 19581 + 11489 + 19733 65 @@ -4244,52 +4269,52 @@ 1 2 - 1435 + 1448 2 3 - 560 + 566 3 4 - 547 + 552 4 9 - 430 + 447 9 - 44 - 404 + 46 + 408 - 44 - 148 - 404 + 46 + 152 + 408 - 150 - 433 - 404 + 159 + 442 + 408 - 434 - 824 - 404 + 454 + 851 + 408 - 834 - 1042 - 417 + 868 + 1055 + 408 - 1042 - 1332 - 234 + 1055 + 1353 + 236 @@ -4297,7 +4322,7 @@ endColumn - startLine + beginLine 12 @@ -4305,62 +4330,62 @@ 1 2 - 574 + 579 2 3 - 626 + 631 3 4 - 326 + 329 4 6 - 456 + 460 6 9 - 469 + 473 9 17 - 404 + 421 17 - 44 - 404 + 45 + 408 - 44 - 142 - 404 + 49 + 149 + 408 - 147 - 370 - 404 + 150 + 385 + 421 - 381 - 698 - 404 + 389 + 729 + 408 - 699 - 1049 - 404 + 736 + 1057 + 408 - 1052 - 1395 - 365 + 1060 + 1397 + 342 @@ -4368,7 +4393,7 @@ endColumn - startColumn + beginColumn 12 @@ -4376,62 +4401,62 @@ 1 2 - 900 + 908 2 3 - 378 + 381 3 4 - 482 + 487 4 5 - 352 + 355 5 - 8 - 482 + 7 + 368 - 8 - 21 - 404 + 7 + 14 + 434 - 21 - 35 - 404 + 15 + 33 + 447 - 35 - 51 - 404 + 33 + 49 + 408 - 51 - 66 - 430 + 49 + 64 + 434 - 66 - 84 - 404 + 64 + 82 + 421 - 84 - 98 - 443 + 83 + 96 + 421 - 98 + 97 108 - 156 + 223 @@ -4447,62 +4472,62 @@ 1 2 - 574 + 579 2 3 - 639 + 645 3 4 - 326 + 329 4 6 - 443 + 447 6 9 - 469 + 473 9 17 - 430 + 447 17 - 51 - 404 + 55 + 408 - 53 - 157 - 404 + 55 + 162 + 408 - 158 - 379 - 404 + 171 + 382 + 408 - 380 - 721 - 404 + 396 + 729 + 408 - 730 - 1041 - 404 + 767 + 1048 + 408 - 1044 - 1388 - 339 + 1056 + 1390 + 329 @@ -4512,19 +4537,19 @@ ruby_alias_def - 1296 + 1307 id - 1296 + 1307 alias - 1296 + 1307 name - 1296 + 1307 @@ -4538,7 +4563,7 @@ 1 2 - 1296 + 1307 @@ -4554,7 +4579,7 @@ 1 2 - 1296 + 1307 @@ -4570,7 +4595,7 @@ 1 2 - 1296 + 1307 @@ -4586,7 +4611,7 @@ 1 2 - 1296 + 1307 @@ -4602,7 +4627,7 @@ 1 2 - 1296 + 1307 @@ -4618,7 +4643,7 @@ 1 2 - 1296 + 1307 @@ -4628,19 +4653,19 @@ ruby_alternative_pattern_alternatives - 8 + 23 ruby_alternative_pattern - 4 + 9 index - 2 + 4 alternatives - 8 + 23 @@ -4654,7 +4679,17 @@ 2 3 - 4 + 6 + + + 3 + 4 + 1 + + + 4 + 5 + 2 @@ -4670,7 +4705,17 @@ 2 3 - 4 + 6 + + + 3 + 4 + 1 + + + 4 + 5 + 2 @@ -4684,8 +4729,18 @@ 12 - 4 - 5 + 2 + 3 + 1 + + + 3 + 4 + 1 + + + 9 + 10 2 @@ -4700,8 +4755,18 @@ 12 - 4 - 5 + 2 + 3 + 1 + + + 3 + 4 + 1 + + + 9 + 10 2 @@ -4718,7 +4783,7 @@ 1 2 - 8 + 23 @@ -4734,7 +4799,7 @@ 1 2 - 8 + 23 @@ -4744,30 +4809,30 @@ ruby_alternative_pattern_def - 4 + 9 id - 4 + 9 ruby_argument_list_child - 846670 + 861033 ruby_argument_list - 680636 + 691475 index - 430 + 434 child - 846670 + 861033 @@ -4781,17 +4846,17 @@ 1 2 - 575722 + 584369 2 3 - 65946 + 67125 3 34 - 38967 + 39980 @@ -4807,17 +4872,17 @@ 1 2 - 575722 + 584369 2 3 - 65946 + 67125 3 34 - 38967 + 39980 @@ -4833,7 +4898,7 @@ 1 2 - 143 + 144 2 @@ -4862,17 +4927,17 @@ 56 - 385 + 386 39 - 953 - 8043 + 960 + 8137 39 - 52173 - 52174 + 52526 + 52527 13 @@ -4889,7 +4954,7 @@ 1 2 - 143 + 144 2 @@ -4918,17 +4983,17 @@ 56 - 385 + 386 39 - 953 - 8043 + 960 + 8137 39 - 52173 - 52174 + 52526 + 52527 13 @@ -4945,7 +5010,7 @@ 1 2 - 846670 + 861033 @@ -4961,7 +5026,7 @@ 1 2 - 846670 + 861033 @@ -4971,22 +5036,22 @@ ruby_argument_list_def - 680897 + 691738 id - 680897 + 691738 ruby_array_child - 702997 + 704712 ruby_array - 238943 + 239714 index @@ -4994,7 +5059,7 @@ child - 702997 + 704712 @@ -5008,17 +5073,17 @@ 1 2 - 12369 + 12460 2 3 - 212803 + 213368 3 63361 - 13771 + 13886 @@ -5034,17 +5099,17 @@ 1 2 - 12369 + 12460 2 3 - 212803 + 213368 3 63361 - 13771 + 13886 @@ -5084,7 +5149,7 @@ 11 - 238944 + 239715 1294 @@ -5125,7 +5190,7 @@ 11 - 238944 + 239715 1294 @@ -5142,7 +5207,7 @@ 1 2 - 702997 + 704712 @@ -5158,7 +5223,7 @@ 1 2 - 702997 + 704712 @@ -5168,22 +5233,22 @@ ruby_array_def - 247397 + 248289 id - 247397 + 248289 ruby_array_pattern_child - 179 + 334 ruby_array_pattern - 81 + 167 index @@ -5191,7 +5256,7 @@ child - 179 + 334 @@ -5205,12 +5270,12 @@ 1 2 - 34 + 51 2 3 - 27 + 96 3 @@ -5236,12 +5301,12 @@ 1 2 - 34 + 51 2 3 - 27 + 96 3 @@ -5290,13 +5355,13 @@ 1 - 47 - 48 + 116 + 117 1 - 81 - 82 + 167 + 168 1 @@ -5336,13 +5401,13 @@ 1 - 47 - 48 + 116 + 117 1 - 81 - 82 + 167 + 168 1 @@ -5359,7 +5424,7 @@ 1 2 - 179 + 334 @@ -5375,7 +5440,7 @@ 1 2 - 179 + 334 @@ -5385,15 +5450,15 @@ ruby_array_pattern_class - 12 + 50 ruby_array_pattern - 12 + 50 class - 12 + 50 @@ -5407,7 +5472,7 @@ 1 2 - 12 + 50 @@ -5423,7 +5488,7 @@ 1 2 - 12 + 50 @@ -5433,30 +5498,30 @@ ruby_array_pattern_def - 92 + 178 id - 92 + 178 ruby_as_pattern_def - 11 + 153 id - 11 + 153 name - 11 + 153 value - 11 + 153 @@ -5470,7 +5535,7 @@ 1 2 - 11 + 153 @@ -5486,7 +5551,7 @@ 1 2 - 11 + 153 @@ -5502,7 +5567,7 @@ 1 2 - 11 + 153 @@ -5518,7 +5583,7 @@ 1 2 - 11 + 153 @@ -5534,7 +5599,7 @@ 1 2 - 11 + 153 @@ -5550,7 +5615,7 @@ 1 2 - 11 + 153 @@ -5560,19 +5625,19 @@ ruby_assignment_def - 135169 + 137583 id - 135169 + 137583 left - 135169 + 137583 right - 135169 + 137583 @@ -5586,7 +5651,7 @@ 1 2 - 135169 + 137583 @@ -5602,7 +5667,7 @@ 1 2 - 135169 + 137583 @@ -5618,7 +5683,7 @@ 1 2 - 135169 + 137583 @@ -5634,7 +5699,7 @@ 1 2 - 135169 + 137583 @@ -5650,7 +5715,7 @@ 1 2 - 135169 + 137583 @@ -5666,7 +5731,7 @@ 1 2 - 135169 + 137583 @@ -5676,23 +5741,23 @@ ruby_ast_node_info - 9350162 + 9511543 node - 9350162 + 9511543 parent - 3268721 + 3325876 parent_index - 2804 + 2830 loc - 8856288 + 9008872 @@ -5706,7 +5771,7 @@ 1 2 - 9350162 + 9511543 @@ -5722,7 +5787,7 @@ 1 2 - 9350162 + 9511543 @@ -5738,7 +5803,7 @@ 1 2 - 9350162 + 9511543 @@ -5754,27 +5819,27 @@ 1 2 - 525914 + 535595 2 3 - 449374 + 457056 3 4 - 1763135 + 1793325 4 5 - 346652 + 352556 5 216 - 183645 + 187343 @@ -5790,27 +5855,27 @@ 1 2 - 525914 + 535595 2 3 - 449374 + 457056 3 4 - 1763135 + 1793325 4 5 - 346652 + 352556 5 216 - 183645 + 187343 @@ -5826,27 +5891,27 @@ 1 2 - 525914 + 535595 2 3 - 449374 + 457056 3 4 - 1763135 + 1793325 4 5 - 346652 + 352556 5 216 - 183645 + 187343 @@ -5862,57 +5927,57 @@ 1 2 - 456 + 460 2 3 - 195 + 236 3 4 - 391 + 355 4 - 5 - 104 + 6 + 157 6 7 - 365 + 315 7 - 10 - 208 + 11 + 250 - 10 + 11 21 - 234 + 197 21 - 43 - 221 + 42 + 223 - 45 - 96 - 221 + 43 + 94 + 223 - 100 - 496 - 221 + 98 + 498 + 223 - 532 - 250559 - 182 + 533 + 252642 + 184 @@ -5928,57 +5993,57 @@ 1 2 - 456 + 460 2 3 - 195 + 236 3 4 - 391 + 355 4 - 5 - 104 + 6 + 157 6 7 - 365 + 315 7 - 10 - 208 + 11 + 250 - 10 + 11 21 - 234 + 197 21 - 43 - 221 + 42 + 223 - 45 - 96 - 221 + 43 + 94 + 223 - 100 - 496 - 221 + 98 + 498 + 223 - 532 - 250559 - 182 + 533 + 252642 + 184 @@ -5994,57 +6059,57 @@ 1 2 - 456 + 460 2 3 - 195 + 236 3 4 - 391 + 355 4 - 5 - 104 + 6 + 157 6 7 - 365 + 315 7 - 10 - 208 + 11 + 250 - 10 + 11 21 - 234 + 197 21 - 43 - 221 + 42 + 223 - 45 - 96 - 221 + 43 + 94 + 223 - 100 - 496 - 221 + 98 + 498 + 223 - 532 - 250190 - 182 + 533 + 252273 + 184 @@ -6060,12 +6125,12 @@ 1 2 - 8364045 + 8507847 2 4 - 492242 + 501025 @@ -6081,12 +6146,12 @@ 1 2 - 8364045 + 8507847 2 4 - 492242 + 501025 @@ -6102,12 +6167,12 @@ 1 2 - 8367229 + 8511059 2 3 - 489059 + 497813 @@ -6117,11 +6182,11 @@ ruby_bare_string_child - 15605 + 16385 ruby_bare_string - 12040 + 12799 index @@ -6129,7 +6194,7 @@ child - 15605 + 16385 @@ -6143,12 +6208,12 @@ 1 2 - 11691 + 12434 2 2310 - 349 + 365 @@ -6164,12 +6229,12 @@ 1 2 - 11691 + 12434 2 2310 - 349 + 365 @@ -6199,7 +6264,7 @@     4 - 12041 + 12800 19 @@ -6230,7 +6295,7 @@     4 - 12041 + 12800 19 @@ -6247,7 +6312,7 @@ 1 2 - 15605 + 16385 @@ -6263,7 +6328,7 @@ 1 2 - 15605 + 16385 @@ -6273,22 +6338,22 @@ ruby_bare_string_def - 12040 + 12799 id - 12040 + 12799 ruby_bare_symbol_child - 8209 + 7967 ruby_bare_symbol - 8209 + 7967 index @@ -6296,7 +6361,7 @@ child - 8209 + 7967 @@ -6310,7 +6375,7 @@ 1 2 - 8209 + 7967 @@ -6326,7 +6391,7 @@ 1 2 - 8209 + 7967 @@ -6340,8 +6405,8 @@ 12 - 3130 - 3131 + 3128 + 3129 2 @@ -6356,8 +6421,8 @@ 12 - 3130 - 3131 + 3128 + 3129 2 @@ -6374,7 +6439,7 @@ 1 2 - 8209 + 7967 @@ -6390,7 +6455,7 @@ 1 2 - 8209 + 7967 @@ -6400,11 +6465,11 @@ ruby_bare_symbol_def - 8209 + 7967 id - 8209 + 7967 @@ -6618,19 +6683,19 @@ ruby_begin_child - 7688 + 7613 ruby_begin - 2581 + 2590 index - 40 + 39 child - 7688 + 7613 @@ -6644,32 +6709,32 @@ 1 2 - 164 + 163 2 3 - 1354 + 1398 3 4 - 534 + 512 4 5 - 213 + 211 5 8 - 231 + 226 8 - 41 - 85 + 40 + 80 @@ -6685,32 +6750,32 @@ 1 2 - 164 + 163 2 3 - 1354 + 1398 3 4 - 534 + 512 4 5 - 213 + 211 5 8 - 231 + 226 8 - 41 - 85 + 40 + 80 @@ -6726,7 +6791,7 @@ 1 2 - 3 + 2 2 @@ -6750,32 +6815,32 @@ 15 - 18 + 17 3 - 25 - 36 + 23 + 33 3 - 42 - 65 + 39 + 62 3 - 85 - 184 + 80 + 175 3 - 316 - 1064 + 306 + 1030 3 - 2417 - 2582 + 2427 + 2591 2 @@ -6792,7 +6857,7 @@ 1 2 - 3 + 2 2 @@ -6816,32 +6881,32 @@ 15 - 18 + 17 3 - 25 - 36 + 23 + 33 3 - 42 - 65 + 39 + 62 3 - 85 - 184 + 80 + 175 3 - 316 - 1064 + 306 + 1030 3 - 2417 - 2582 + 2427 + 2591 2 @@ -6858,7 +6923,7 @@ 1 2 - 7688 + 7613 @@ -6874,7 +6939,7 @@ 1 2 - 7688 + 7613 @@ -6884,26 +6949,26 @@ ruby_begin_def - 2581 + 2590 id - 2581 + 2590 ruby_binary_def - 70485 + 71864 id - 70485 + 71864 left - 70485 + 71864 operator @@ -6911,7 +6976,7 @@ right - 70485 + 71864 @@ -6925,7 +6990,7 @@ 1 2 - 70485 + 71864 @@ -6941,7 +7006,7 @@ 1 2 - 70485 + 71864 @@ -6957,7 +7022,7 @@ 1 2 - 70485 + 71864 @@ -6973,7 +7038,7 @@ 1 2 - 70485 + 71864 @@ -6989,7 +7054,7 @@ 1 2 - 70485 + 71864 @@ -7005,7 +7070,7 @@ 1 2 - 70485 + 71864 @@ -7020,67 +7085,67 @@ 160 - 177 + 169 2 - 233 - 388 + 234 + 408 2 - 499 - 582 + 570 + 596 2 - 631 - 655 + 635 + 657 2 - 775 - 862 + 778 + 974 2 - 988 - 992 + 979 + 1001 2 - 1034 - 1048 + 1014 + 1071 2 - 1227 - 1257 + 1233 + 1270 2 - 1346 - 1806 + 1358 + 1801 2 - 1819 - 2252 + 1837 + 2322 2 - 2462 - 3449 + 2691 + 3561 2 - 6317 - 7118 + 6453 + 7170 2 - 32420 - 32421 + 32934 + 32935 1 @@ -7096,67 +7161,67 @@ 160 - 177 + 169 2 - 233 - 388 + 234 + 408 2 - 499 - 582 + 570 + 596 2 - 631 - 655 + 635 + 657 2 - 775 - 862 + 778 + 974 2 - 988 - 992 + 979 + 1001 2 - 1034 - 1048 + 1014 + 1071 2 - 1227 - 1257 + 1233 + 1270 2 - 1346 - 1806 + 1358 + 1801 2 - 1819 - 2252 + 1837 + 2322 2 - 2462 - 3449 + 2691 + 3561 2 - 6317 - 7118 + 6453 + 7170 2 - 32420 - 32421 + 32934 + 32935 1 @@ -7172,67 +7237,67 @@ 160 - 177 + 169 2 - 233 - 388 + 234 + 408 2 - 499 - 582 + 570 + 596 2 - 631 - 655 + 635 + 657 2 - 775 - 862 + 778 + 974 2 - 988 - 992 + 979 + 1001 2 - 1034 - 1048 + 1014 + 1071 2 - 1227 - 1257 + 1233 + 1270 2 - 1346 - 1806 + 1358 + 1801 2 - 1819 - 2252 + 1837 + 2322 2 - 2462 - 3449 + 2691 + 3561 2 - 6317 - 7118 + 6453 + 7170 2 - 32420 - 32421 + 32934 + 32935 1 @@ -7249,7 +7314,7 @@ 1 2 - 70485 + 71864 @@ -7265,7 +7330,7 @@ 1 2 - 70485 + 71864 @@ -7281,7 +7346,7 @@ 1 2 - 70485 + 71864 @@ -7291,15 +7356,15 @@ ruby_block_argument_child - 6302 + 6477 ruby_block_argument - 6302 + 6477 child - 6302 + 6477 @@ -7313,7 +7378,7 @@ 1 2 - 6302 + 6477 @@ -7329,7 +7394,7 @@ 1 2 - 6302 + 6477 @@ -7339,26 +7404,26 @@ ruby_block_argument_def - 6302 + 6477 id - 6302 + 6477 ruby_block_body - 98952 + 101379 ruby_block - 98952 + 101379 body - 98952 + 101379 @@ -7372,7 +7437,7 @@ 1 2 - 98952 + 101379 @@ -7388,7 +7453,7 @@ 1 2 - 98952 + 101379 @@ -7398,11 +7463,11 @@ ruby_block_body_child - 99121 + 101550 ruby_block_body - 98952 + 101379 index @@ -7410,7 +7475,7 @@ child - 99121 + 101550 @@ -7424,12 +7489,12 @@ 1 2 - 98834 + 101260 2 5 - 117 + 118 @@ -7445,12 +7510,12 @@ 1 2 - 98834 + 101260 2 5 - 117 + 118 @@ -7474,8 +7539,8 @@ 13     - 7585 - 7586 + 7701 + 7702 13 @@ -7500,8 +7565,8 @@ 13 - 7585 - 7586 + 7701 + 7702 13 @@ -7518,7 +7583,7 @@ 1 2 - 99121 + 101550 @@ -7534,7 +7599,7 @@ 1 2 - 99121 + 101550 @@ -7544,48 +7609,48 @@ ruby_block_body_def - 98952 + 101379 id - 98952 + 101379 ruby_block_def - 99265 + 101695 id - 99265 + 101695 ruby_block_parameter_def - 2506 + 2569 id - 2506 + 2569 ruby_block_parameter_name - 2506 + 2569 ruby_block_parameter - 2506 + 2569 name - 2506 + 2569 @@ -7599,7 +7664,7 @@ 1 2 - 2506 + 2569 @@ -7615,7 +7680,7 @@ 1 2 - 2506 + 2569 @@ -7625,15 +7690,15 @@ ruby_block_parameters - 10616 + 10585 ruby_block - 10616 + 10585 parameters - 10616 + 10585 @@ -7647,7 +7712,7 @@ 1 2 - 10616 + 10585 @@ -7663,7 +7728,7 @@ 1 2 - 10616 + 10585 @@ -7673,11 +7738,11 @@ ruby_block_parameters_child - 28170 + 28929 ruby_block_parameters - 24306 + 24941 index @@ -7685,7 +7750,7 @@ child - 28170 + 28929 @@ -7699,17 +7764,17 @@ 1 2 - 20833 + 21362 2 3 - 3164 + 3263 3 6 - 307 + 316 @@ -7725,17 +7790,17 @@ 1 2 - 20833 + 21362 2 3 - 3164 + 3263 3 6 - 307 + 316 @@ -7754,23 +7819,23 @@ 3 - 16 - 17 + 19 + 20 3 - 100 - 101 + 103 + 104 3 - 1128 - 1129 + 1166 + 1167 3 - 7895 - 7896 + 8125 + 8126 3 @@ -7790,23 +7855,23 @@ 3 - 16 - 17 + 19 + 20 3 - 100 - 101 + 103 + 104 3 - 1128 - 1129 + 1166 + 1167 3 - 7895 - 7896 + 8125 + 8126 3 @@ -7823,7 +7888,7 @@ 1 2 - 28170 + 28929 @@ -7839,7 +7904,7 @@ 1 2 - 28170 + 28929 @@ -7849,11 +7914,11 @@ ruby_block_parameters_def - 24306 + 24941 id - 24306 + 24941 @@ -7996,19 +8061,19 @@ ruby_body_statement_child - 617105 + 627527 ruby_body_statement - 199346 + 202481 index - 1163 + 1135 child - 617105 + 627527 @@ -8022,37 +8087,37 @@ 1 2 - 91722 + 93050 2 3 - 36483 + 37058 3 4 - 23681 + 24051 4 5 - 15076 + 15391 5 7 - 15646 + 15925 7 23 - 15018 + 15269 23 - 379 - 1717 + 371 + 1734 @@ -8068,37 +8133,37 @@ 1 2 - 91722 + 93050 2 3 - 36483 + 37058 3 4 - 23681 + 24051 4 5 - 15076 + 15391 5 7 - 15646 + 15925 7 23 - 15018 + 15269 23 - 379 - 1717 + 371 + 1734 @@ -8114,32 +8179,32 @@ 1 2 - 110 + 79 2 3 - 120 + 119 3 4 - 73 + 76 4 5 - 98 + 85 5 - 8 - 98 + 7 + 79 - 8 + 7 10 - 73 + 98 10 @@ -8148,33 +8213,33 @@ 14 - 24 - 92 + 23 + 89 24 - 42 - 95 + 39 + 85 - 43 - 81 + 39 + 69 89 - 82 - 194 - 89 + 69 + 144 + 85 - 201 - 1397 - 89 + 144 + 566 + 85 - 1629 - 64750 - 40 + 623 + 65961 + 67 @@ -8190,32 +8255,32 @@ 1 2 - 110 + 79 2 3 - 120 + 119 3 4 - 73 + 76 4 5 - 98 + 85 5 - 8 - 98 + 7 + 79 - 8 + 7 10 - 73 + 98 10 @@ -8224,33 +8289,33 @@ 14 - 24 - 92 + 23 + 89 24 - 42 - 95 + 39 + 85 - 43 - 81 + 39 + 69 89 - 82 - 194 - 89 + 69 + 144 + 85 - 201 - 1397 - 89 + 144 + 566 + 85 - 1629 - 64750 - 40 + 623 + 65961 + 67 @@ -8266,7 +8331,7 @@ 1 2 - 617105 + 627527 @@ -8282,7 +8347,7 @@ 1 2 - 617105 + 627527 @@ -8292,26 +8357,26 @@ ruby_body_statement_def - 205353 + 208998 id - 205353 + 208998 ruby_break_child - 358 + 399 ruby_break - 358 + 399 child - 358 + 399 @@ -8325,7 +8390,7 @@ 1 2 - 358 + 399 @@ -8341,7 +8406,7 @@ 1 2 - 358 + 399 @@ -8351,26 +8416,26 @@ ruby_break_def - 3367 + 3434 id - 3367 + 3434 ruby_call_arguments - 677740 + 688552 ruby_call - 677740 + 688552 arguments - 677740 + 688552 @@ -8384,7 +8449,7 @@ 1 2 - 677740 + 688552 @@ -8400,7 +8465,7 @@ 1 2 - 677740 + 688552 @@ -8410,15 +8475,15 @@ ruby_call_block - 236806 + 240751 ruby_call - 236806 + 240751 block - 236806 + 240751 @@ -8432,7 +8497,7 @@ 1 2 - 236806 + 240751 @@ -8448,7 +8513,7 @@ 1 2 - 236806 + 240751 @@ -8458,26 +8523,26 @@ ruby_call_def - 991099 + 1006605 id - 991099 + 1006605 ruby_call_method - 991099 + 1006605 ruby_call - 991099 + 1006605 method - 991099 + 1006605 @@ -8491,7 +8556,7 @@ 1 2 - 991099 + 1006605 @@ -8507,7 +8572,7 @@ 1 2 - 991099 + 1006605 @@ -8517,15 +8582,15 @@ ruby_call_operator - 554595 + 562262 ruby_call - 554595 + 562262 operator - 554595 + 562262 @@ -8539,7 +8604,7 @@ 1 2 - 554595 + 562262 @@ -8555,7 +8620,7 @@ 1 2 - 554595 + 562262 @@ -8565,15 +8630,15 @@ ruby_call_receiver - 554595 + 562262 ruby_call - 554595 + 562262 receiver - 554595 + 562262 @@ -8587,7 +8652,7 @@ 1 2 - 554595 + 562262 @@ -8603,7 +8668,7 @@ 1 2 - 554595 + 562262 @@ -8613,11 +8678,11 @@ ruby_case_child - 4227 + 4349 ruby_case__ - 1243 + 1289 index @@ -8625,7 +8690,7 @@ child - 4227 + 4349 @@ -8644,27 +8709,27 @@ 2 3 - 314 + 328 3 4 - 529 + 546 4 5 - 187 + 202 5 7 - 107 + 110 7 23 - 67 + 64 @@ -8685,27 +8750,27 @@ 2 3 - 314 + 328 3 4 - 529 + 546 4 5 - 187 + 202 5 7 - 107 + 110 7 23 - 67 + 64 @@ -8730,32 +8795,32 @@ 4 - 5 + 6 6 - 9 - 12 + 8 + 11 6 - 15 - 23 + 14 + 22 6 - 34 + 33 58 6 - 118 - 291 + 123 + 302 6 - 392 - 405 + 408 + 421 6 @@ -8781,32 +8846,32 @@ 4 - 5 + 6 6 - 9 - 12 + 8 + 11 6 - 15 - 23 + 14 + 22 6 - 34 + 33 58 6 - 118 - 291 + 123 + 302 6 - 392 - 405 + 408 + 421 6 @@ -8823,7 +8888,7 @@ 1 2 - 4227 + 4349 @@ -8839,7 +8904,7 @@ 1 2 - 4227 + 4349 @@ -8849,30 +8914,30 @@ ruby_case_def - 1243 + 1289 id - 1243 + 1289 ruby_case_match_clauses - 183 + 385 ruby_case_match - 160 + 234 index - 4 + 12 clauses - 183 + 385 @@ -8886,17 +8951,22 @@ 1 2 - 142 + 161 2 3 - 14 + 41 3 - 5 - 4 + 4 + 17 + + + 4 + 13 + 15 @@ -8912,17 +8982,22 @@ 1 2 - 142 + 161 2 3 - 14 + 41 3 - 5 - 4 + 4 + 17 + + + 4 + 13 + 15 @@ -8938,6 +9013,11 @@ 1 2 + 3 + + + 2 + 3 1 @@ -8946,13 +9026,38 @@ 1 - 18 - 19 + 5 + 6 1 - 160 - 161 + 8 + 9 + 1 + + + 9 + 10 + 1 + + + 15 + 16 + 1 + + + 32 + 33 + 1 + + + 73 + 74 + 1 + + + 234 + 235 1 @@ -8969,6 +9074,11 @@ 1 2 + 3 + + + 2 + 3 1 @@ -8977,13 +9087,38 @@ 1 - 18 - 19 + 5 + 6 1 - 160 - 161 + 8 + 9 + 1 + + + 9 + 10 + 1 + + + 15 + 16 + 1 + + + 32 + 33 + 1 + + + 73 + 74 + 1 + + + 234 + 235 1 @@ -9000,7 +9135,7 @@ 1 2 - 183 + 385 @@ -9016,7 +9151,7 @@ 1 2 - 183 + 385 @@ -9026,15 +9161,15 @@ ruby_case_match_def - 160 + 234 id - 160 + 234 value - 160 + 234 @@ -9048,7 +9183,7 @@ 1 2 - 160 + 234 @@ -9064,7 +9199,7 @@ 1 2 - 160 + 234 @@ -9074,15 +9209,15 @@ ruby_case_match_else - 32 + 45 ruby_case_match - 32 + 45 else - 32 + 45 @@ -9096,7 +9231,7 @@ 1 2 - 32 + 45 @@ -9112,7 +9247,7 @@ 1 2 - 32 + 45 @@ -9122,15 +9257,15 @@ ruby_case_value - 1203 + 1246 ruby_case__ - 1203 + 1246 value - 1203 + 1246 @@ -9144,7 +9279,7 @@ 1 2 - 1203 + 1246 @@ -9160,7 +9295,7 @@ 1 2 - 1203 + 1246 @@ -9170,11 +9305,11 @@ ruby_chained_string_child - 3325 + 3346 ruby_chained_string - 871 + 884 index @@ -9182,7 +9317,7 @@ child - 3325 + 3346 @@ -9196,22 +9331,22 @@ 2 3 - 283 + 297 3 4 - 203 + 202 4 5 - 132 + 131 5 6 - 123 + 122 6 @@ -9237,22 +9372,22 @@ 2 3 - 283 + 297 3 4 - 203 + 202 4 5 - 132 + 131 5 6 - 123 + 122 6 @@ -9326,8 +9461,8 @@ 3 - 283 - 284 + 288 + 289 6 @@ -9392,8 +9527,8 @@ 3 - 283 - 284 + 288 + 289 6 @@ -9410,7 +9545,7 @@ 1 2 - 3325 + 3346 @@ -9426,7 +9561,7 @@ 1 2 - 3325 + 3346 @@ -9436,26 +9571,26 @@ ruby_chained_string_def - 871 + 884 id - 871 + 884 ruby_class_body - 15439 + 15560 ruby_class - 15439 + 15560 body - 15439 + 15560 @@ -9469,7 +9604,7 @@ 1 2 - 15439 + 15560 @@ -9485,7 +9620,7 @@ 1 2 - 15439 + 15560 @@ -9495,15 +9630,15 @@ ruby_class_def - 17080 + 17258 id - 17080 + 17258 name - 17080 + 17258 @@ -9517,7 +9652,7 @@ 1 2 - 17080 + 17258 @@ -9533,7 +9668,7 @@ 1 2 - 17080 + 17258 @@ -9543,15 +9678,15 @@ ruby_class_superclass - 13478 + 13666 ruby_class - 13478 + 13666 superclass - 13478 + 13666 @@ -9565,7 +9700,7 @@ 1 2 - 13478 + 13666 @@ -9581,7 +9716,7 @@ 1 2 - 13478 + 13666 @@ -9639,23 +9774,23 @@ ruby_conditional_def - 2961 + 2954 id - 2961 + 2954 alternative - 2961 + 2954 condition - 2961 + 2954 consequence - 2961 + 2954 @@ -9669,7 +9804,7 @@ 1 2 - 2961 + 2954 @@ -9685,7 +9820,7 @@ 1 2 - 2961 + 2954 @@ -9701,7 +9836,7 @@ 1 2 - 2961 + 2954 @@ -9717,7 +9852,7 @@ 1 2 - 2961 + 2954 @@ -9733,7 +9868,7 @@ 1 2 - 2961 + 2954 @@ -9749,7 +9884,7 @@ 1 2 - 2961 + 2954 @@ -9765,7 +9900,7 @@ 1 2 - 2961 + 2954 @@ -9781,7 +9916,7 @@ 1 2 - 2961 + 2954 @@ -9797,7 +9932,7 @@ 1 2 - 2961 + 2954 @@ -9813,7 +9948,7 @@ 1 2 - 2961 + 2954 @@ -9829,7 +9964,7 @@ 1 2 - 2961 + 2954 @@ -9845,7 +9980,7 @@ 1 2 - 2961 + 2954 @@ -9855,11 +9990,11 @@ ruby_delimited_symbol_child - 1757 + 1749 ruby_delimited_symbol - 1265 + 1258 index @@ -9867,7 +10002,7 @@ child - 1757 + 1749 @@ -9881,12 +10016,12 @@ 1 2 - 935 + 930 2 3 - 255 + 254 3 @@ -9907,12 +10042,12 @@ 1 2 - 935 + 930 2 3 - 255 + 254 3 @@ -9966,8 +10101,8 @@ 3 - 411 - 412 + 410 + 411 3 @@ -10017,8 +10152,8 @@ 3 - 411 - 412 + 410 + 411 3 @@ -10035,7 +10170,7 @@ 1 2 - 1757 + 1749 @@ -10051,7 +10186,7 @@ 1 2 - 1757 + 1749 @@ -10061,11 +10196,11 @@ ruby_delimited_symbol_def - 1265 + 1258 id - 1265 + 1258 @@ -10476,15 +10611,15 @@ ruby_do_block_body - 139915 + 142294 ruby_do_block - 139915 + 142294 body - 139915 + 142294 @@ -10498,7 +10633,7 @@ 1 2 - 139915 + 142294 @@ -10514,7 +10649,7 @@ 1 2 - 139915 + 142294 @@ -10524,26 +10659,26 @@ ruby_do_block_def - 140072 + 142452 id - 140072 + 142452 ruby_do_block_parameters - 15658 + 16036 ruby_do_block - 15658 + 16036 parameters - 15658 + 16036 @@ -10557,7 +10692,7 @@ 1 2 - 15658 + 16036 @@ -10573,7 +10708,7 @@ 1 2 - 15658 + 16036 @@ -10583,11 +10718,11 @@ ruby_do_child - 9312 + 9374 ruby_do - 1632 + 1655 index @@ -10595,7 +10730,7 @@ child - 9312 + 9374 @@ -10609,17 +10744,17 @@ 1 2 - 341 + 350 2 3 - 287 + 296 3 4 - 199 + 200 4 @@ -10634,12 +10769,12 @@ 7 8 - 138 + 140 8 9 - 205 + 206 9 @@ -10649,7 +10784,7 @@ 14 18 - 124 + 125 18 @@ -10670,17 +10805,17 @@ 1 2 - 341 + 350 2 3 - 287 + 296 3 4 - 199 + 200 4 @@ -10695,12 +10830,12 @@ 7 8 - 138 + 140 8 9 - 205 + 206 9 @@ -10710,7 +10845,7 @@ 14 18 - 124 + 125 18 @@ -10755,7 +10890,7 @@ 116 - 1633 + 1656 15 @@ -10796,7 +10931,7 @@ 116 - 1633 + 1656 15 @@ -10813,7 +10948,7 @@ 1 2 - 9312 + 9374 @@ -10829,7 +10964,7 @@ 1 2 - 9312 + 9374 @@ -10839,22 +10974,22 @@ ruby_do_def - 1658 + 1681 id - 1658 + 1681 ruby_element_reference_child - 81914 + 80931 ruby_element_reference - 81751 + 80773 index @@ -10862,7 +10997,7 @@ child - 81914 + 80931 @@ -10876,12 +11011,12 @@ 1 2 - 81588 + 80615 2 3 - 162 + 157 @@ -10897,12 +11032,12 @@ 1 2 - 81588 + 80615 2 3 - 162 + 157 @@ -10921,8 +11056,8 @@ 2 - 31169 - 31170 + 31710 + 31711 2 @@ -10942,8 +11077,8 @@ 2 - 31169 - 31170 + 31710 + 31711 2 @@ -10960,7 +11095,7 @@ 1 2 - 81914 + 80931 @@ -10976,7 +11111,7 @@ 1 2 - 81914 + 80931 @@ -10986,15 +11121,15 @@ ruby_element_reference_def - 81756 + 80778 id - 81756 + 80778 object - 81756 + 80778 @@ -11008,7 +11143,7 @@ 1 2 - 81756 + 80778 @@ -11024,7 +11159,7 @@ 1 2 - 81756 + 80778 @@ -11034,11 +11169,11 @@ ruby_else_child - 9285 + 9507 ruby_else - 7296 + 7493 index @@ -11046,7 +11181,7 @@ child - 9285 + 9507 @@ -11060,17 +11195,17 @@ 1 2 - 6126 + 6305 2 3 - 735 + 742 3 12 - 434 + 445 @@ -11086,17 +11221,17 @@ 1 2 - 6126 + 6305 2 3 - 735 + 742 3 12 - 434 + 445 @@ -11135,33 +11270,33 @@ 3 - 16 - 17 + 15 + 16 3 - 27 - 28 + 26 + 27 3 - 60 - 61 + 61 + 62 3 - 141 - 142 + 145 + 146 3 - 380 - 381 + 387 + 388 3 - 2370 - 2371 + 2441 + 2442 3 @@ -11201,33 +11336,33 @@ 3 - 16 - 17 + 15 + 16 3 - 27 - 28 + 26 + 27 3 - 60 - 61 + 61 + 62 3 - 141 - 142 + 145 + 146 3 - 380 - 381 + 387 + 388 3 - 2370 - 2371 + 2441 + 2442 3 @@ -11244,7 +11379,7 @@ 1 2 - 9285 + 9507 @@ -11260,7 +11395,7 @@ 1 2 - 9285 + 9507 @@ -11270,26 +11405,26 @@ ruby_else_def - 7308 + 7505 id - 7308 + 7505 ruby_elsif_alternative - 966 + 982 ruby_elsif - 966 + 982 alternative - 966 + 982 @@ -11303,7 +11438,7 @@ 1 2 - 966 + 982 @@ -11319,7 +11454,7 @@ 1 2 - 966 + 982 @@ -11329,15 +11464,15 @@ ruby_elsif_consequence - 1518 + 1505 ruby_elsif - 1518 + 1505 consequence - 1518 + 1505 @@ -11351,7 +11486,7 @@ 1 2 - 1518 + 1505 @@ -11367,7 +11502,7 @@ 1 2 - 1518 + 1505 @@ -11377,15 +11512,15 @@ ruby_elsif_def - 1523 + 1510 id - 1523 + 1510 condition - 1523 + 1510 @@ -11399,7 +11534,7 @@ 1 2 - 1523 + 1510 @@ -11415,7 +11550,7 @@ 1 2 - 1523 + 1510 @@ -11425,11 +11560,11 @@ ruby_end_block_child - 25 + 27 ruby_end_block - 11 + 13 index @@ -11437,7 +11572,7 @@ child - 25 + 27 @@ -11451,7 +11586,7 @@ 1 2 - 5 + 7 2 @@ -11482,7 +11617,7 @@ 1 2 - 5 + 7 2 @@ -11526,8 +11661,8 @@ 1 - 11 - 12 + 13 + 14 1 @@ -11557,8 +11692,8 @@ 1 - 11 - 12 + 13 + 14 1 @@ -11575,7 +11710,7 @@ 1 2 - 25 + 27 @@ -11591,7 +11726,7 @@ 1 2 - 25 + 27 @@ -11601,22 +11736,22 @@ ruby_end_block_def - 11 + 13 id - 11 + 13 ruby_ensure_child - 5073 + 5114 ruby_ensure - 3943 + 3981 index @@ -11624,7 +11759,7 @@ child - 5073 + 5114 @@ -11638,12 +11773,12 @@ 1 2 - 3161 + 3204 2 3 - 548 + 543 3 @@ -11664,12 +11799,12 @@ 1 2 - 3161 + 3204 2 3 - 548 + 543 3 @@ -11700,11 +11835,16 @@ 4 5 - 6 + 3 - 15 - 16 + 5 + 6 + 3 + + + 17 + 18 3 @@ -11713,13 +11853,13 @@ 3 - 254 - 255 + 253 + 254 3 - 1281 - 1282 + 1297 + 1298 3 @@ -11746,11 +11886,16 @@ 4 5 - 6 + 3 - 15 - 16 + 5 + 6 + 3 + + + 17 + 18 3 @@ -11759,13 +11904,13 @@ 3 - 254 - 255 + 253 + 254 3 - 1281 - 1282 + 1297 + 1298 3 @@ -11782,7 +11927,7 @@ 1 2 - 5073 + 5114 @@ -11798,7 +11943,7 @@ 1 2 - 5073 + 5114 @@ -11808,26 +11953,26 @@ ruby_ensure_def - 3943 + 3981 id - 3943 + 3981 ruby_exception_variable_def - 938 + 924 id - 938 + 924 child - 938 + 924 @@ -11841,7 +11986,7 @@ 1 2 - 938 + 924 @@ -11857,7 +12002,7 @@ 1 2 - 938 + 924 @@ -11867,11 +12012,11 @@ ruby_exceptions_child - 2221 + 2188 ruby_exceptions - 1977 + 1938 index @@ -11879,7 +12024,7 @@ child - 2221 + 2188 @@ -11893,12 +12038,12 @@ 1 2 - 1812 + 1770 2 4 - 149 + 152 4 @@ -11919,12 +12064,12 @@ 1 2 - 1812 + 1770 2 4 - 149 + 152 4 @@ -11958,18 +12103,18 @@ 2 - 19 - 20 + 21 + 22 2 - 63 - 64 + 66 + 67 2 - 754 - 755 + 761 + 762 2 @@ -11999,18 +12144,18 @@ 2 - 19 - 20 + 21 + 22 2 - 63 - 64 + 66 + 67 2 - 754 - 755 + 761 + 762 2 @@ -12027,7 +12172,7 @@ 1 2 - 2221 + 2188 @@ -12043,7 +12188,7 @@ 1 2 - 2221 + 2188 @@ -12053,11 +12198,11 @@ ruby_exceptions_def - 1977 + 1938 id - 1977 + 1938 @@ -12307,23 +12452,23 @@ ruby_for_def - 159 + 158 id - 159 + 158 body - 159 + 158 pattern - 159 + 158 value - 159 + 158 @@ -12337,7 +12482,7 @@ 1 2 - 159 + 158 @@ -12353,7 +12498,7 @@ 1 2 - 159 + 158 @@ -12369,7 +12514,7 @@ 1 2 - 159 + 158 @@ -12385,7 +12530,7 @@ 1 2 - 159 + 158 @@ -12401,7 +12546,7 @@ 1 2 - 159 + 158 @@ -12417,7 +12562,7 @@ 1 2 - 159 + 158 @@ -12433,7 +12578,7 @@ 1 2 - 159 + 158 @@ -12449,7 +12594,7 @@ 1 2 - 159 + 158 @@ -12465,7 +12610,7 @@ 1 2 - 159 + 158 @@ -12481,7 +12626,7 @@ 1 2 - 159 + 158 @@ -12497,7 +12642,7 @@ 1 2 - 159 + 158 @@ -12513,7 +12658,7 @@ 1 2 - 159 + 158 @@ -12523,19 +12668,19 @@ ruby_hash_child - 90733 + 93915 ruby_hash - 36423 + 37005 index - 1395 + 1408 child - 90733 + 93915 @@ -12549,32 +12694,32 @@ 1 2 - 15041 + 15244 2 3 - 10175 + 10347 3 4 - 4031 + 4146 4 5 - 4265 + 4291 5 20 - 2778 + 2817 20 108 - 130 + 157 @@ -12590,32 +12735,32 @@ 1 2 - 15041 + 15244 2 3 - 10175 + 10347 3 4 - 4031 + 4146 4 5 - 4265 + 4291 5 20 - 2778 + 2817 20 108 - 130 + 157 @@ -12631,31 +12776,41 @@ 1 2 - 926 + 355 + + + 2 + 3 + 250 3 4 - 104 + 329 5 - 11 - 117 + 6 + 105 - 14 - 53 - 117 + 7 + 13 + 118 - 57 - 1640 - 117 + 16 + 55 + 118 - 2792 - 2793 + 59 + 1654 + 118 + + + 2811 + 2812 13 @@ -12672,31 +12827,41 @@ 1 2 - 926 + 355 + + + 2 + 3 + 250 3 4 - 104 + 329 5 - 11 - 117 + 6 + 105 - 14 - 53 - 117 + 7 + 13 + 118 - 57 - 1640 - 117 + 16 + 55 + 118 - 2792 - 2793 + 59 + 1654 + 118 + + + 2811 + 2812 13 @@ -12713,7 +12878,7 @@ 1 2 - 90733 + 93915 @@ -12729,7 +12894,7 @@ 1 2 - 90733 + 93915 @@ -12739,11 +12904,11 @@ ruby_hash_def - 40259 + 40888 id - 40259 + 40888 @@ -12975,15 +13140,15 @@ ruby_hash_splat_argument_child - 1897 + 1902 ruby_hash_splat_argument - 1897 + 1902 child - 1897 + 1902 @@ -12997,7 +13162,7 @@ 1 2 - 1897 + 1902 @@ -13013,7 +13178,7 @@ 1 2 - 1897 + 1902 @@ -13023,37 +13188,37 @@ ruby_hash_splat_argument_def - 1897 + 1902 id - 1897 + 1902 ruby_hash_splat_parameter_def - 1490 + 1596 id - 1490 + 1596 ruby_hash_splat_parameter_name - 1262 + 1366 ruby_hash_splat_parameter - 1262 + 1366 name - 1262 + 1366 @@ -13067,7 +13232,7 @@ 1 2 - 1262 + 1366 @@ -13083,7 +13248,7 @@ 1 2 - 1262 + 1366 @@ -13093,19 +13258,19 @@ ruby_heredoc_body_child - 26435 + 26162 ruby_heredoc_body - 5500 + 5519 index - 569 + 552 child - 26435 + 26162 @@ -13119,12 +13284,12 @@ 2 3 - 3102 + 3156 4 5 - 684 + 692 5 @@ -13134,22 +13299,22 @@ 6 7 - 747 + 720 7 9 - 330 + 328 10 15 - 419 + 415 16 218 - 212 + 203 @@ -13165,12 +13330,12 @@ 2 3 - 3102 + 3156 4 5 - 684 + 692 5 @@ -13180,22 +13345,22 @@ 6 7 - 747 + 720 7 9 - 330 + 328 10 15 - 419 + 415 16 218 - 212 + 203 @@ -13211,32 +13376,32 @@ 1 2 - 335 + 326 2 3 - 44 + 43 3 5 - 52 + 50 5 11 - 44 + 43 11 46 - 44 + 43 - 58 - 2098 - 47 + 57 + 2168 + 45 @@ -13252,32 +13417,32 @@ 1 2 - 335 + 326 2 3 - 44 + 43 3 5 - 52 + 50 5 11 - 44 + 43 11 46 - 44 + 43 - 58 - 2098 - 47 + 57 + 2168 + 45 @@ -13293,7 +13458,7 @@ 1 2 - 26435 + 26162 @@ -13309,7 +13474,7 @@ 1 2 - 26435 + 26162 @@ -13319,26 +13484,26 @@ ruby_heredoc_body_def - 6201 + 6178 id - 6201 + 6178 ruby_if_alternative - 6853 + 7005 ruby_if - 6853 + 7005 alternative - 6853 + 7005 @@ -13352,7 +13517,7 @@ 1 2 - 6853 + 7005 @@ -13368,7 +13533,7 @@ 1 2 - 6853 + 7005 @@ -13378,15 +13543,15 @@ ruby_if_consequence - 16495 + 16338 ruby_if - 16495 + 16338 consequence - 16495 + 16338 @@ -13400,7 +13565,7 @@ 1 2 - 16495 + 16338 @@ -13416,7 +13581,7 @@ 1 2 - 16495 + 16338 @@ -13426,15 +13591,15 @@ ruby_if_def - 16550 + 16391 id - 16550 + 16391 condition - 16550 + 16391 @@ -13448,7 +13613,7 @@ 1 2 - 16550 + 16391 @@ -13464,7 +13629,7 @@ 1 2 - 16550 + 16391 @@ -13474,15 +13639,15 @@ ruby_if_guard_def - 7 + 9 id - 7 + 9 condition - 7 + 9 @@ -13496,7 +13661,7 @@ 1 2 - 7 + 9 @@ -13512,7 +13677,7 @@ 1 2 - 7 + 9 @@ -13522,19 +13687,19 @@ ruby_if_modifier_def - 14604 + 14611 id - 14604 + 14611 body - 14604 + 14611 condition - 14604 + 14611 @@ -13548,7 +13713,7 @@ 1 2 - 14604 + 14611 @@ -13564,7 +13729,7 @@ 1 2 - 14604 + 14611 @@ -13580,7 +13745,7 @@ 1 2 - 14604 + 14611 @@ -13596,7 +13761,7 @@ 1 2 - 14604 + 14611 @@ -13612,7 +13777,7 @@ 1 2 - 14604 + 14611 @@ -13628,7 +13793,7 @@ 1 2 - 14604 + 14611 @@ -13638,15 +13803,15 @@ ruby_in_clause_body - 150 + 345 ruby_in_clause - 150 + 345 body - 150 + 345 @@ -13660,7 +13825,7 @@ 1 2 - 150 + 345 @@ -13676,7 +13841,7 @@ 1 2 - 150 + 345 @@ -13686,15 +13851,15 @@ ruby_in_clause_def - 183 + 385 id - 183 + 385 pattern - 183 + 385 @@ -13708,7 +13873,7 @@ 1 2 - 183 + 385 @@ -13724,7 +13889,7 @@ 1 2 - 183 + 385 @@ -13734,15 +13899,15 @@ ruby_in_clause_guard - 11 + 13 ruby_in_clause - 11 + 13 guard - 11 + 13 @@ -13756,7 +13921,7 @@ 1 2 - 11 + 13 @@ -13772,7 +13937,7 @@ 1 2 - 11 + 13 @@ -13782,15 +13947,15 @@ ruby_in_def - 159 + 158 id - 159 + 158 child - 159 + 158 @@ -13804,7 +13969,7 @@ 1 2 - 159 + 158 @@ -13820,7 +13985,7 @@ 1 2 - 159 + 158 @@ -13830,11 +13995,11 @@ ruby_interpolation_child - 38083 + 38305 ruby_interpolation - 38083 + 38305 index @@ -13842,7 +14007,7 @@ child - 38083 + 38305 @@ -13856,7 +14021,7 @@ 1 2 - 38083 + 38305 @@ -13872,7 +14037,7 @@ 1 2 - 38083 + 38305 @@ -13886,8 +14051,8 @@ 12 - 14520 - 14521 + 15038 + 15039 2 @@ -13902,8 +14067,8 @@ 12 - 14520 - 14521 + 15038 + 15039 2 @@ -13920,7 +14085,7 @@ 1 2 - 38083 + 38305 @@ -13936,7 +14101,7 @@ 1 2 - 38083 + 38305 @@ -13946,26 +14111,26 @@ ruby_interpolation_def - 38083 + 38305 id - 38083 + 38305 ruby_keyword_parameter_def - 4076 + 4144 id - 4076 + 4144 name - 4076 + 4144 @@ -13979,7 +14144,7 @@ 1 2 - 4076 + 4144 @@ -13995,7 +14160,7 @@ 1 2 - 4076 + 4144 @@ -14005,15 +14170,15 @@ ruby_keyword_parameter_value - 3044 + 3100 ruby_keyword_parameter - 3044 + 3100 value - 3044 + 3100 @@ -14027,7 +14192,7 @@ 1 2 - 3044 + 3100 @@ -14043,7 +14208,7 @@ 1 2 - 3044 + 3100 @@ -14149,15 +14314,15 @@ ruby_lambda_def - 7714 + 7948 id - 7714 + 7948 body - 7714 + 7948 @@ -14171,7 +14336,7 @@ 1 2 - 7714 + 7948 @@ -14187,7 +14352,7 @@ 1 2 - 7714 + 7948 @@ -14197,15 +14362,15 @@ ruby_lambda_parameters - 1670 + 1762 ruby_lambda - 1670 + 1762 parameters - 1670 + 1762 @@ -14219,7 +14384,7 @@ 1 2 - 1670 + 1762 @@ -14235,7 +14400,7 @@ 1 2 - 1670 + 1762 @@ -14245,19 +14410,19 @@ ruby_lambda_parameters_child - 1914 + 2109 ruby_lambda_parameters - 1661 + 1752 index - 7 + 8 child - 1914 + 2109 @@ -14271,17 +14436,17 @@ 1 2 - 1476 + 1514 2 3 - 145 + 167 3 - 8 - 40 + 9 + 71 @@ -14297,17 +14462,17 @@ 1 2 - 1476 + 1514 2 3 - 145 + 167 3 - 8 - 40 + 9 + 71 @@ -14321,8 +14486,8 @@ 12 - 2 - 3 + 1 + 2 1 @@ -14331,28 +14496,33 @@ 1 - 7 - 8 + 4 + 5 1 - 16 - 17 + 11 + 12 1 - 40 - 41 + 29 + 30 1 - 185 - 186 + 71 + 72 1 - 1661 - 1662 + 238 + 239 + 1 + + + 1752 + 1753 1 @@ -14367,8 +14537,8 @@ 12 - 2 - 3 + 1 + 2 1 @@ -14377,28 +14547,33 @@ 1 - 7 - 8 + 4 + 5 1 - 16 - 17 + 11 + 12 1 - 40 - 41 + 29 + 30 1 - 185 - 186 + 71 + 72 1 - 1661 - 1662 + 238 + 239 + 1 + + + 1752 + 1753 1 @@ -14415,7 +14590,7 @@ 1 2 - 1914 + 2109 @@ -14431,7 +14606,7 @@ 1 2 - 1914 + 2109 @@ -14441,22 +14616,22 @@ ruby_lambda_parameters_def - 1670 + 1762 id - 1670 + 1762 ruby_left_assignment_list_child - 6621 + 6610 ruby_left_assignment_list - 2998 + 2994 index @@ -14464,7 +14639,7 @@ child - 6621 + 6610 @@ -14478,17 +14653,17 @@ 1 2 - 368 + 372 2 3 - 1960 + 1951 3 4 - 504 + 505 4 @@ -14509,17 +14684,17 @@ 1 2 - 368 + 372 2 3 - 1960 + 1951 3 4 - 504 + 505 4 @@ -14583,18 +14758,18 @@ 1 - 670 - 671 + 671 + 672 1 - 2630 - 2631 + 2622 + 2623 1 - 2998 - 2999 + 2994 + 2995 1 @@ -14654,18 +14829,18 @@ 1 - 670 - 671 + 671 + 672 1 - 2630 - 2631 + 2622 + 2623 1 - 2998 - 2999 + 2994 + 2995 1 @@ -14682,7 +14857,7 @@ 1 2 - 6621 + 6610 @@ -14698,7 +14873,7 @@ 1 2 - 6621 + 6610 @@ -14708,30 +14883,30 @@ ruby_left_assignment_list_def - 2998 + 2994 id - 2998 + 2994 ruby_match_pattern_def - 29 + 31 id - 29 + 31 pattern - 29 + 31 value - 29 + 31 @@ -14745,7 +14920,7 @@ 1 2 - 29 + 31 @@ -14761,7 +14936,7 @@ 1 2 - 29 + 31 @@ -14777,7 +14952,7 @@ 1 2 - 29 + 31 @@ -14793,7 +14968,7 @@ 1 2 - 29 + 31 @@ -14809,7 +14984,7 @@ 1 2 - 29 + 31 @@ -14825,7 +15000,7 @@ 1 2 - 29 + 31 @@ -14835,15 +15010,15 @@ ruby_method_body - 99754 + 101013 ruby_method - 99754 + 101013 body - 99754 + 101013 @@ -14857,7 +15032,7 @@ 1 2 - 99754 + 101013 @@ -14873,7 +15048,7 @@ 1 2 - 99754 + 101013 @@ -14883,15 +15058,15 @@ ruby_method_def - 100844 + 102124 id - 100844 + 102124 name - 100844 + 102124 @@ -14905,7 +15080,7 @@ 1 2 - 100844 + 102124 @@ -14921,7 +15096,7 @@ 1 2 - 100844 + 102124 @@ -14931,15 +15106,15 @@ ruby_method_parameters - 28484 + 29141 ruby_method - 28484 + 29141 parameters - 28484 + 29141 @@ -14953,7 +15128,7 @@ 1 2 - 28484 + 29141 @@ -14969,7 +15144,7 @@ 1 2 - 28484 + 29141 @@ -14979,19 +15154,19 @@ ruby_method_parameters_child - 49475 + 50543 ruby_method_parameters - 29940 + 30620 index - 36 + 39 child - 49475 + 50543 @@ -15005,22 +15180,22 @@ 1 2 - 18198 + 18615 2 3 - 7142 + 7339 3 4 - 2866 + 2903 4 - 13 - 1733 + 14 + 1762 @@ -15036,22 +15211,22 @@ 1 2 - 18198 + 18615 2 3 - 7142 + 7339 3 4 - 2866 + 2903 4 - 13 - 1733 + 14 + 1762 @@ -15067,11 +15242,11 @@ 1 2 - 3 + 6 - 3 - 4 + 4 + 5 3 @@ -15095,33 +15270,33 @@ 3 - 124 - 125 + 125 + 126 3 - 247 - 248 + 255 + 256 3 - 563 - 564 + 574 + 575 3 - 1494 - 1495 + 1520 + 1521 3 - 3814 - 3815 + 3911 + 3912 3 - 9725 - 9726 + 9975 + 9976 3 @@ -15138,11 +15313,11 @@ 1 2 - 3 + 6 - 3 - 4 + 4 + 5 3 @@ -15166,33 +15341,33 @@ 3 - 124 - 125 + 125 + 126 3 - 247 - 248 + 255 + 256 3 - 563 - 564 + 574 + 575 3 - 1494 - 1495 + 1520 + 1521 3 - 3814 - 3815 + 3911 + 3912 3 - 9725 - 9726 + 9975 + 9976 3 @@ -15209,7 +15384,7 @@ 1 2 - 49475 + 50543 @@ -15225,7 +15400,7 @@ 1 2 - 49475 + 50543 @@ -15235,26 +15410,26 @@ ruby_method_parameters_def - 30153 + 30832 id - 30153 + 30832 ruby_module_body - 21995 + 22274 ruby_module - 21995 + 22274 body - 21995 + 22274 @@ -15268,7 +15443,7 @@ 1 2 - 21995 + 22274 @@ -15284,7 +15459,7 @@ 1 2 - 21995 + 22274 @@ -15294,15 +15469,15 @@ ruby_module_def - 22073 + 22353 id - 22073 + 22353 name - 22073 + 22353 @@ -15316,7 +15491,7 @@ 1 2 - 22073 + 22353 @@ -15332,7 +15507,7 @@ 1 2 - 22073 + 22353 @@ -15342,15 +15517,15 @@ ruby_next_child - 240 + 241 ruby_next - 240 + 241 child - 240 + 241 @@ -15364,7 +15539,7 @@ 1 2 - 240 + 241 @@ -15380,7 +15555,7 @@ 1 2 - 240 + 241 @@ -15390,34 +15565,34 @@ ruby_next_def - 1938 + 1902 id - 1938 + 1902 ruby_operator_assignment_def - 6116 + 6006 id - 6116 + 6006 left - 6116 + 6006 operator - 18 + 17 right - 6116 + 6006 @@ -15431,7 +15606,7 @@ 1 2 - 6116 + 6006 @@ -15447,7 +15622,7 @@ 1 2 - 6116 + 6006 @@ -15463,7 +15638,7 @@ 1 2 - 6116 + 6006 @@ -15479,7 +15654,7 @@ 1 2 - 6116 + 6006 @@ -15495,7 +15670,7 @@ 1 2 - 6116 + 6006 @@ -15511,7 +15686,7 @@ 1 2 - 6116 + 6006 @@ -15535,8 +15710,8 @@ 2 - 5 - 6 + 8 + 9 2 @@ -15550,13 +15725,13 @@ 2 - 622 - 623 + 630 + 631 2 - 1630 - 1631 + 1645 + 1646 2 @@ -15581,8 +15756,8 @@ 2 - 5 - 6 + 8 + 9 2 @@ -15596,13 +15771,13 @@ 2 - 622 - 623 + 630 + 631 2 - 1630 - 1631 + 1645 + 1646 2 @@ -15627,8 +15802,8 @@ 2 - 5 - 6 + 8 + 9 2 @@ -15642,13 +15817,13 @@ 2 - 622 - 623 + 630 + 631 2 - 1630 - 1631 + 1645 + 1646 2 @@ -15665,7 +15840,7 @@ 1 2 - 6116 + 6006 @@ -15681,7 +15856,7 @@ 1 2 - 6116 + 6006 @@ -15697,7 +15872,7 @@ 1 2 - 6116 + 6006 @@ -15707,19 +15882,19 @@ ruby_optional_parameter_def - 6637 + 6636 id - 6637 + 6636 name - 6637 + 6636 value - 6637 + 6636 @@ -15733,7 +15908,7 @@ 1 2 - 6637 + 6636 @@ -15749,7 +15924,7 @@ 1 2 - 6637 + 6636 @@ -15765,7 +15940,7 @@ 1 2 - 6637 + 6636 @@ -15781,7 +15956,7 @@ 1 2 - 6637 + 6636 @@ -15797,7 +15972,7 @@ 1 2 - 6637 + 6636 @@ -15813,7 +15988,7 @@ 1 2 - 6637 + 6636 @@ -15823,15 +15998,15 @@ ruby_pair_def - 242507 + 248347 id - 242507 + 248347 key__ - 242507 + 248347 @@ -15845,7 +16020,7 @@ 1 2 - 242507 + 248347 @@ -15861,7 +16036,7 @@ 1 2 - 242507 + 248347 @@ -15871,15 +16046,15 @@ ruby_pair_value - 242507 + 248347 ruby_pair - 242507 + 248347 value - 242507 + 248347 @@ -15893,7 +16068,7 @@ 1 2 - 242507 + 248347 @@ -15909,7 +16084,7 @@ 1 2 - 242507 + 248347 @@ -15919,15 +16094,15 @@ ruby_parenthesized_pattern_def - 3 + 8 id - 3 + 8 child - 3 + 8 @@ -15941,7 +16116,7 @@ 1 2 - 3 + 8 @@ -15957,7 +16132,7 @@ 1 2 - 3 + 8 @@ -15967,11 +16142,11 @@ ruby_parenthesized_statements_child - 10775 + 10948 ruby_parenthesized_statements - 10701 + 10874 index @@ -15979,7 +16154,7 @@ child - 10775 + 10948 @@ -15993,7 +16168,7 @@ 1 2 - 10637 + 10810 2 @@ -16014,7 +16189,7 @@ 1 2 - 10637 + 10810 2 @@ -16048,8 +16223,8 @@ 1 - 10701 - 10702 + 10874 + 10875 1 @@ -16079,8 +16254,8 @@ 1 - 10701 - 10702 + 10874 + 10875 1 @@ -16097,7 +16272,7 @@ 1 2 - 10775 + 10948 @@ -16113,7 +16288,7 @@ 1 2 - 10775 + 10948 @@ -16123,26 +16298,26 @@ ruby_parenthesized_statements_def - 10740 + 10912 id - 10740 + 10912 ruby_pattern_def - 3965 + 4153 id - 3965 + 4153 child - 3965 + 4153 @@ -16156,7 +16331,7 @@ 1 2 - 3965 + 4153 @@ -16172,7 +16347,7 @@ 1 2 - 3965 + 4153 @@ -16182,19 +16357,19 @@ ruby_program_child - 33392 + 33982 ruby_program - 10510 + 10658 index - 233 + 239 child - 33392 + 33982 @@ -16208,32 +16383,32 @@ 1 2 - 3885 + 3932 2 3 - 2503 + 2514 3 4 - 1705 + 1758 4 5 - 791 + 801 5 8 - 902 + 917 8 - 77 - 723 + 79 + 733 @@ -16249,32 +16424,32 @@ 1 2 - 3885 + 3932 2 3 - 2503 + 2514 3 4 - 1705 + 1758 4 5 - 791 + 801 5 8 - 902 + 917 8 - 77 - 723 + 79 + 733 @@ -16290,7 +16465,7 @@ 1 2 - 43 + 46 2 @@ -16298,48 +16473,48 @@ 36 - 3 - 8 - 18 + 4 + 9 + 21 - 8 + 9 12 18 - 12 + 13 17 18 17 - 29 + 28 18 29 - 43 + 44 18 - 43 - 79 + 45 + 80 18 - 87 - 187 + 89 + 190 18 - 235 - 1340 + 239 + 1373 18 - 2152 - 3415 + 2191 + 3473 6 @@ -16356,7 +16531,7 @@ 1 2 - 43 + 46 2 @@ -16364,48 +16539,48 @@ 36 - 3 - 8 - 18 + 4 + 9 + 21 - 8 + 9 12 18 - 12 + 13 17 18 17 - 29 + 28 18 29 - 43 + 44 18 - 43 - 79 + 45 + 80 18 - 87 - 187 + 89 + 190 18 - 235 - 1340 + 239 + 1373 18 - 2152 - 3415 + 2191 + 3473 6 @@ -16422,7 +16597,7 @@ 1 2 - 33392 + 33982 @@ -16438,7 +16613,7 @@ 1 2 - 33392 + 33982 @@ -16448,26 +16623,26 @@ ruby_program_def - 17781 + 18219 id - 17781 + 18219 ruby_range_begin - 4403 + 4491 ruby_range - 4403 + 4491 begin - 4403 + 4491 @@ -16481,7 +16656,7 @@ 1 2 - 4403 + 4491 @@ -16497,7 +16672,7 @@ 1 2 - 4403 + 4491 @@ -16507,11 +16682,11 @@ ruby_range_def - 4682 + 4770 id - 4682 + 4770 operator @@ -16529,7 +16704,7 @@ 1 2 - 4682 + 4770 @@ -16543,13 +16718,13 @@ 12 - 1589 - 1590 + 1634 + 1635 1 - 3093 - 3094 + 3136 + 3137 1 @@ -16560,15 +16735,15 @@ ruby_range_end - 4494 + 4576 ruby_range - 4494 + 4576 end - 4494 + 4576 @@ -16582,7 +16757,7 @@ 1 2 - 4494 + 4576 @@ -16598,7 +16773,7 @@ 1 2 - 4494 + 4576 @@ -16608,15 +16783,15 @@ ruby_rational_def - 137 + 138 id - 137 + 138 child - 137 + 138 @@ -16630,7 +16805,7 @@ 1 2 - 137 + 138 @@ -16646,7 +16821,7 @@ 1 2 - 137 + 138 @@ -16715,11 +16890,11 @@ ruby_regex_child - 44327 + 44658 ruby_regex - 13167 + 13335 index @@ -16727,7 +16902,7 @@ child - 44327 + 44658 @@ -16741,42 +16916,42 @@ 1 2 - 6711 + 6808 2 3 - 735 + 752 3 4 - 1788 + 1826 4 5 - 495 + 506 5 6 - 1114 + 1108 6 8 - 1025 + 1034 8 16 - 1052 + 1055 16 50 - 243 + 242 @@ -16792,42 +16967,42 @@ 1 2 - 6711 + 6808 2 3 - 735 + 752 3 4 - 1788 + 1826 4 5 - 495 + 506 5 6 - 1114 + 1108 6 8 - 1025 + 1034 8 16 - 1052 + 1055 16 50 - 243 + 242 @@ -16887,22 +17062,22 @@ 103 - 174 + 175 12 - 238 - 422 + 239 + 424 12 - 668 - 1278 + 671 + 1287 12 - 1858 - 4278 + 1881 + 4345 9 @@ -16963,22 +17138,22 @@ 103 - 174 + 175 12 - 238 - 422 + 239 + 424 12 - 668 - 1278 + 671 + 1287 12 - 1858 - 4278 + 1881 + 4345 9 @@ -16995,7 +17170,7 @@ 1 2 - 44327 + 44658 @@ -17011,7 +17186,7 @@ 1 2 - 44327 + 44658 @@ -17021,26 +17196,26 @@ ruby_regex_def - 13183 + 13350 id - 13183 + 13350 ruby_rescue_body - 2132 + 2083 ruby_rescue - 2132 + 2083 body - 2132 + 2083 @@ -17054,7 +17229,7 @@ 1 2 - 2132 + 2083 @@ -17070,7 +17245,7 @@ 1 2 - 2132 + 2083 @@ -17080,26 +17255,26 @@ ruby_rescue_def - 2397 + 2346 id - 2397 + 2346 ruby_rescue_exceptions - 1977 + 1938 ruby_rescue - 1977 + 1938 exceptions - 1977 + 1938 @@ -17113,7 +17288,7 @@ 1 2 - 1977 + 1938 @@ -17129,7 +17304,7 @@ 1 2 - 1977 + 1938 @@ -17139,19 +17314,19 @@ ruby_rescue_modifier_def - 449 + 448 id - 449 + 448 body - 449 + 448 handler - 449 + 448 @@ -17165,7 +17340,7 @@ 1 2 - 449 + 448 @@ -17181,7 +17356,7 @@ 1 2 - 449 + 448 @@ -17197,7 +17372,7 @@ 1 2 - 449 + 448 @@ -17213,7 +17388,7 @@ 1 2 - 449 + 448 @@ -17229,7 +17404,7 @@ 1 2 - 449 + 448 @@ -17245,7 +17420,7 @@ 1 2 - 449 + 448 @@ -17255,15 +17430,15 @@ ruby_rescue_variable - 938 + 924 ruby_rescue - 938 + 924 variable - 938 + 924 @@ -17277,7 +17452,7 @@ 1 2 - 938 + 924 @@ -17293,7 +17468,7 @@ 1 2 - 938 + 924 @@ -17303,15 +17478,15 @@ ruby_rest_assignment_child - 382 + 383 ruby_rest_assignment - 382 + 383 child - 382 + 383 @@ -17325,7 +17500,7 @@ 1 2 - 382 + 383 @@ -17341,7 +17516,7 @@ 1 2 - 382 + 383 @@ -17351,11 +17526,11 @@ ruby_rest_assignment_def - 400 + 401 id - 400 + 401 @@ -17410,26 +17585,26 @@ ruby_retry_def - 59 + 60 id - 59 + 60 ruby_return_child - 5143 + 5084 ruby_return - 5143 + 5084 child - 5143 + 5084 @@ -17443,7 +17618,7 @@ 1 2 - 5143 + 5084 @@ -17459,7 +17634,7 @@ 1 2 - 5143 + 5084 @@ -17469,22 +17644,22 @@ ruby_return_def - 8235 + 8197 id - 8235 + 8197 ruby_right_assignment_list_child - 2589 + 2600 ruby_right_assignment_list - 1219 + 1224 index @@ -17492,7 +17667,7 @@ child - 2589 + 2600 @@ -17506,7 +17681,7 @@ 2 3 - 1092 + 1098 3 @@ -17532,7 +17707,7 @@ 2 3 - 1092 + 1098 3 @@ -17571,8 +17746,8 @@ 3 - 396 - 397 + 399 + 400 6 @@ -17602,8 +17777,8 @@ 3 - 396 - 397 + 399 + 400 6 @@ -17620,7 +17795,7 @@ 1 2 - 2589 + 2600 @@ -17636,7 +17811,7 @@ 1 2 - 2589 + 2600 @@ -17646,26 +17821,26 @@ ruby_right_assignment_list_def - 1219 + 1224 id - 1219 + 1224 ruby_scope_resolution_def - 83088 + 84884 id - 83088 + 84884 name - 83088 + 84884 @@ -17679,7 +17854,7 @@ 1 2 - 83088 + 84884 @@ -17695,7 +17870,7 @@ 1 2 - 83088 + 84884 @@ -17705,15 +17880,15 @@ ruby_scope_resolution_scope - 81249 + 83028 ruby_scope_resolution - 81249 + 83028 scope - 81249 + 83028 @@ -17727,7 +17902,7 @@ 1 2 - 81249 + 83028 @@ -17743,7 +17918,7 @@ 1 2 - 81249 + 83028 @@ -17753,15 +17928,15 @@ ruby_setter_def - 637 + 653 id - 637 + 653 name - 637 + 653 @@ -17775,7 +17950,7 @@ 1 2 - 637 + 653 @@ -17791,7 +17966,7 @@ 1 2 - 637 + 653 @@ -17801,15 +17976,15 @@ ruby_singleton_class_body - 646 + 663 ruby_singleton_class - 646 + 663 body - 646 + 663 @@ -17823,7 +17998,7 @@ 1 2 - 646 + 663 @@ -17839,7 +18014,7 @@ 1 2 - 646 + 663 @@ -17849,15 +18024,15 @@ ruby_singleton_class_def - 646 + 663 id - 646 + 663 value - 646 + 663 @@ -17871,7 +18046,7 @@ 1 2 - 646 + 663 @@ -17887,7 +18062,7 @@ 1 2 - 646 + 663 @@ -17897,15 +18072,15 @@ ruby_singleton_method_body - 6486 + 6447 ruby_singleton_method - 6486 + 6447 body - 6486 + 6447 @@ -17919,7 +18094,7 @@ 1 2 - 6486 + 6447 @@ -17935,7 +18110,7 @@ 1 2 - 6486 + 6447 @@ -17945,19 +18120,19 @@ ruby_singleton_method_def - 6499 + 6459 id - 6499 + 6459 name - 6499 + 6459 object - 6499 + 6459 @@ -17971,7 +18146,7 @@ 1 2 - 6499 + 6459 @@ -17987,7 +18162,7 @@ 1 2 - 6499 + 6459 @@ -18003,7 +18178,7 @@ 1 2 - 6499 + 6459 @@ -18019,7 +18194,7 @@ 1 2 - 6499 + 6459 @@ -18035,7 +18210,7 @@ 1 2 - 6499 + 6459 @@ -18051,7 +18226,7 @@ 1 2 - 6499 + 6459 @@ -18061,15 +18236,15 @@ ruby_singleton_method_parameters - 4086 + 4073 ruby_singleton_method - 4086 + 4073 parameters - 4086 + 4073 @@ -18083,7 +18258,7 @@ 1 2 - 4086 + 4073 @@ -18099,7 +18274,7 @@ 1 2 - 4086 + 4073 @@ -18109,15 +18284,15 @@ ruby_splat_argument_child - 3197 + 3454 ruby_splat_argument - 3197 + 3454 child - 3197 + 3454 @@ -18131,7 +18306,7 @@ 1 2 - 3197 + 3454 @@ -18147,7 +18322,7 @@ 1 2 - 3197 + 3454 @@ -18157,37 +18332,37 @@ ruby_splat_argument_def - 3197 + 3454 id - 3197 + 3454 ruby_splat_parameter_def - 3081 + 3192 id - 3081 + 3192 ruby_splat_parameter_name - 2456 + 2514 ruby_splat_parameter - 2456 + 2514 name - 2456 + 2514 @@ -18201,7 +18376,7 @@ 1 2 - 2456 + 2514 @@ -18217,7 +18392,7 @@ 1 2 - 2456 + 2514 @@ -18227,19 +18402,19 @@ ruby_string_array_child - 12040 + 12799 ruby_string_array - 3893 + 4062 index - 500 + 536 child - 12040 + 12799 @@ -18253,32 +18428,32 @@ 1 2 - 1256 + 1313 2 3 - 1280 + 1310 3 4 - 610 + 625 4 5 - 307 + 349 5 10 - 306 + 325 10 - 501 - 134 + 537 + 140 @@ -18294,32 +18469,32 @@ 1 2 - 1256 + 1313 2 3 - 1280 + 1310 3 4 - 610 + 625 4 5 - 307 + 349 5 10 - 306 + 325 10 - 501 - 134 + 537 + 140 @@ -18335,17 +18510,22 @@ 1 2 - 425 + 432 2 - 19 - 39 + 7 + 42 - 19 - 3894 - 36 + 7 + 47 + 41 + + + 49 + 4063 + 21 @@ -18361,17 +18541,22 @@ 1 2 - 425 + 432 2 - 19 - 39 + 7 + 42 - 19 - 3894 - 36 + 7 + 47 + 41 + + + 49 + 4063 + 21 @@ -18387,7 +18572,7 @@ 1 2 - 12040 + 12799 @@ -18403,7 +18588,7 @@ 1 2 - 12040 + 12799 @@ -18413,22 +18598,22 @@ ruby_string_array_def - 4039 + 4213 id - 4039 + 4213 ruby_string_child - 545480 + 549106 ruby_string__ - 474840 + 477859 index @@ -18436,7 +18621,7 @@ child - 545480 + 549106 @@ -18450,12 +18635,12 @@ 1 2 - 447105 + 449884 2 282 - 27735 + 27975 @@ -18471,12 +18656,12 @@ 1 2 - 447105 + 449884 2 282 - 27735 + 27975 @@ -18516,7 +18701,7 @@ 104 - 474841 + 477860 22 @@ -18557,7 +18742,7 @@ 104 - 474841 + 477860 22 @@ -18574,7 +18759,7 @@ 1 2 - 545480 + 549106 @@ -18590,7 +18775,7 @@ 1 2 - 545480 + 549106 @@ -18600,22 +18785,22 @@ ruby_string_def - 482129 + 485218 id - 482129 + 485218 ruby_subshell_child - 588 + 561 ruby_subshell - 391 + 365 index @@ -18623,7 +18808,7 @@ child - 588 + 561 @@ -18637,7 +18822,7 @@ 1 2 - 289 + 263 2 @@ -18668,7 +18853,7 @@ 1 2 - 289 + 263 2 @@ -18727,8 +18912,8 @@ 3 - 127 - 128 + 119 + 120 3 @@ -18773,8 +18958,8 @@ 3 - 127 - 128 + 119 + 120 3 @@ -18791,7 +18976,7 @@ 1 2 - 588 + 561 @@ -18807,7 +18992,7 @@ 1 2 - 588 + 561 @@ -18817,26 +19002,26 @@ ruby_subshell_def - 391 + 365 id - 391 + 365 ruby_superclass_def - 13478 + 13666 id - 13478 + 13666 child - 13478 + 13666 @@ -18850,7 +19035,7 @@ 1 2 - 13478 + 13666 @@ -18866,7 +19051,7 @@ 1 2 - 13478 + 13666 @@ -18876,19 +19061,19 @@ ruby_symbol_array_child - 8209 + 7967 ruby_symbol_array - 2253 + 2170 index - 249 + 241 child - 8209 + 7967 @@ -18902,32 +19087,37 @@ 1 2 - 175 + 178 2 3 - 1235 + 1161 3 4 - 361 + 354 4 - 6 - 207 + 5 + 127 - 6 - 12 - 175 + 5 + 8 + 183 - 12 + 8 + 94 + 163 + + + 95 96 - 97 + 2 @@ -18943,32 +19133,37 @@ 1 2 - 175 + 178 2 3 - 1235 + 1161 3 4 - 361 + 354 4 - 6 - 207 + 5 + 127 - 6 - 12 - 175 + 5 + 8 + 183 - 12 + 8 + 94 + 163 + + + 95 96 - 97 + 2 @@ -18984,12 +19179,12 @@ 1 2 - 15 + 5 2 3 - 146 + 152 4 @@ -19008,12 +19203,12 @@ 55 - 793 + 783 20 - 859 - 860 + 852 + 853 2 @@ -19030,12 +19225,12 @@ 1 2 - 15 + 5 2 3 - 146 + 152 4 @@ -19054,12 +19249,12 @@ 55 - 793 + 783 20 - 859 - 860 + 852 + 853 2 @@ -19076,7 +19271,7 @@ 1 2 - 8209 + 7967 @@ -19092,7 +19287,7 @@ 1 2 - 8209 + 7967 @@ -19102,11 +19297,11 @@ ruby_symbol_array_def - 2253 + 2170 id - 2253 + 2170 @@ -19229,19 +19424,19 @@ ruby_then_child - 38165 + 37566 ruby_then - 22700 + 22451 index - 94 + 91 child - 38165 + 37566 @@ -19255,22 +19450,22 @@ 1 2 - 14168 + 14093 2 3 - 5169 + 5076 3 4 - 1849 + 1811 4 37 - 1513 + 1469 @@ -19286,22 +19481,22 @@ 1 2 - 14168 + 14093 2 3 - 5169 + 5076 3 4 - 1849 + 1811 4 37 - 1513 + 1469 @@ -19317,12 +19512,12 @@ 1 2 - 31 + 35 - 2 + 3 4 - 7 + 2 4 @@ -19331,34 +19526,39 @@ 5 - 7 + 8 5 - 8 + 9 10 - 7 + 5 10 - 30 + 18 7 - 41 - 94 + 29 + 60 7 - 159 - 578 + 95 + 309 7 - 1282 - 8656 + 577 + 3282 7 + + 8814 + 8815 + 2 + @@ -19373,12 +19573,12 @@ 1 2 - 31 + 35 - 2 + 3 4 - 7 + 2 4 @@ -19387,34 +19587,39 @@ 5 - 7 + 8 5 - 8 + 9 10 - 7 + 5 10 - 30 + 18 7 - 41 - 94 + 29 + 60 7 - 159 - 578 + 95 + 309 7 - 1282 - 8656 + 577 + 3282 7 + + 8814 + 8815 + 2 + @@ -19429,7 +19634,7 @@ 1 2 - 38165 + 37566 @@ -19445,7 +19650,7 @@ 1 2 - 38165 + 37566 @@ -19455,30 +19660,30 @@ ruby_then_def - 22700 + 22451 id - 22700 + 22451 ruby_tokeninfo - 6107950 + 6212759 id - 6107950 + 6212759 kind - 57 + 56 value - 269326 + 272576 @@ -19492,7 +19697,7 @@ 1 2 - 6107950 + 6212759 @@ -19508,7 +19713,7 @@ 1 2 - 6107950 + 6212759 @@ -19522,63 +19727,63 @@ 12 - 39 - 166 + 42 + 160 5 - 245 + 262 428 5 - 1869 - 1870 + 1906 + 1907 2 - 2097 - 2098 + 2167 + 2168 5 - 4531 - 4763 + 4685 + 4919 5 - 4980 - 6618 + 5076 + 6845 5 - 9124 - 9889 + 9531 + 10121 5 - 14638 - 19718 + 14916 + 20953 5 - 28087 - 60990 + 28887 + 64458 5 - 65473 - 92663 + 69189 + 98135 5 - 113040 - 581633 + 117445 + 609106 5 - 1305671 - 1305672 + 1367617 + 1367618 2 @@ -19595,7 +19800,7 @@ 1 2 - 13 + 12 5 @@ -19603,43 +19808,43 @@ 5 - 28 - 38 + 30 + 41 5 - 72 - 123 + 70 + 122 5 - 134 - 159 + 135 + 172 5 - 1495 - 1909 + 1500 + 1951 5 - 3518 - 4194 + 3612 + 4307 5 - 5099 - 8236 + 5291 + 8590 5 - 11497 - 20945 + 12176 + 21807 5 - 51637 - 51638 + 53746 + 53747 2 @@ -19656,32 +19861,32 @@ 1 2 - 160350 + 162402 2 3 - 39389 + 39879 3 4 - 18944 + 19155 4 7 - 22490 + 22724 7 - 28 - 20258 + 29 + 20693 - 28 - 212912 - 7892 + 29 + 222217 + 7720 @@ -19697,12 +19902,12 @@ 1 2 - 255987 + 259340 2 5 - 13339 + 13235 @@ -19712,15 +19917,15 @@ ruby_unary_def - 13633 + 13726 id - 13633 + 13726 operand - 13633 + 13726 operator @@ -19738,7 +19943,7 @@ 1 2 - 13633 + 13726 @@ -19754,7 +19959,7 @@ 1 2 - 13633 + 13726 @@ -19770,7 +19975,7 @@ 1 2 - 13633 + 13726 @@ -19786,7 +19991,7 @@ 1 2 - 13633 + 13726 @@ -19800,33 +20005,33 @@ 12 - 89 - 90 + 98 + 99 1 - 189 - 190 + 190 + 191 1 - 571 - 572 + 566 + 567 1 - 1335 - 1336 + 1301 + 1302 1 - 1900 - 1901 + 1938 + 1939 1 - 9549 - 9550 + 9633 + 9634 1 @@ -19841,33 +20046,33 @@ 12 - 89 - 90 + 98 + 99 1 - 189 - 190 + 190 + 191 1 - 571 - 572 + 566 + 567 1 - 1335 - 1336 + 1301 + 1302 1 - 1900 - 1901 + 1938 + 1939 1 - 9549 - 9550 + 9633 + 9634 1 @@ -19878,11 +20083,11 @@ ruby_undef_child - 182 + 183 ruby_undef - 181 + 182 index @@ -19890,7 +20095,7 @@ child - 182 + 183 @@ -19904,7 +20109,7 @@ 1 2 - 180 + 181 2 @@ -19925,7 +20130,7 @@ 1 2 - 180 + 181 2 @@ -19949,8 +20154,8 @@ 1 - 181 - 182 + 182 + 183 1 @@ -19970,8 +20175,8 @@ 1 - 181 - 182 + 182 + 183 1 @@ -19988,7 +20193,7 @@ 1 2 - 182 + 183 @@ -20004,7 +20209,7 @@ 1 2 - 182 + 183 @@ -20014,26 +20219,26 @@ ruby_undef_def - 181 + 182 id - 181 + 182 ruby_unless_alternative - 49 + 42 ruby_unless - 49 + 42 alternative - 49 + 42 @@ -20047,7 +20252,7 @@ 1 2 - 49 + 42 @@ -20063,7 +20268,7 @@ 1 2 - 49 + 42 @@ -20073,15 +20278,15 @@ ruby_unless_consequence - 2630 + 2662 ruby_unless - 2630 + 2662 consequence - 2630 + 2662 @@ -20095,7 +20300,7 @@ 1 2 - 2630 + 2662 @@ -20111,7 +20316,7 @@ 1 2 - 2630 + 2662 @@ -20121,15 +20326,15 @@ ruby_unless_def - 2631 + 2663 id - 2631 + 2663 condition - 2631 + 2663 @@ -20143,7 +20348,7 @@ 1 2 - 2631 + 2663 @@ -20159,7 +20364,7 @@ 1 2 - 2631 + 2663 @@ -20217,19 +20422,19 @@ ruby_unless_modifier_def - 3682 + 3505 id - 3682 + 3505 body - 3682 + 3505 condition - 3682 + 3505 @@ -20243,7 +20448,7 @@ 1 2 - 3682 + 3505 @@ -20259,7 +20464,7 @@ 1 2 - 3682 + 3505 @@ -20275,7 +20480,7 @@ 1 2 - 3682 + 3505 @@ -20291,7 +20496,7 @@ 1 2 - 3682 + 3505 @@ -20307,7 +20512,7 @@ 1 2 - 3682 + 3505 @@ -20323,7 +20528,7 @@ 1 2 - 3682 + 3505 @@ -20449,19 +20654,19 @@ ruby_until_modifier_def - 226 + 234 id - 226 + 234 body - 226 + 234 condition - 226 + 234 @@ -20475,7 +20680,7 @@ 1 2 - 226 + 234 @@ -20491,7 +20696,7 @@ 1 2 - 226 + 234 @@ -20507,7 +20712,7 @@ 1 2 - 226 + 234 @@ -20523,7 +20728,7 @@ 1 2 - 226 + 234 @@ -20539,7 +20744,7 @@ 1 2 - 226 + 234 @@ -20555,7 +20760,7 @@ 1 2 - 226 + 234 @@ -20613,15 +20818,15 @@ ruby_when_body - 3278 + 3358 ruby_when - 3278 + 3358 body - 3278 + 3358 @@ -20635,7 +20840,7 @@ 1 2 - 3278 + 3358 @@ -20651,7 +20856,7 @@ 1 2 - 3278 + 3358 @@ -20661,30 +20866,30 @@ ruby_when_def - 3312 + 3392 id - 3312 + 3392 ruby_when_pattern - 3965 + 4153 ruby_when - 3312 + 3377 index - 43 + 15 pattern - 3965 + 4153 @@ -20698,17 +20903,17 @@ 1 2 - 2900 + 2934 2 3 - 304 + 293 3 - 15 - 107 + 16 + 150 @@ -20724,17 +20929,17 @@ 1 2 - 2900 + 2934 2 3 - 304 + 293 3 - 15 - 107 + 16 + 150 @@ -20748,44 +20953,59 @@ 12 - 2 - 3 - 12 + 1 + 2 + 2 3 4 - 12 + 4 - 5 - 6 - 3 + 4 + 5 + 1 6 7 - 3 + 1 - 12 - 13 - 3 + 14 + 15 + 1 + + + 25 + 26 + 1 35 36 - 3 + 1 - 134 - 135 - 3 + 85 + 86 + 1 - 1076 - 1077 - 3 + 150 + 151 + 1 + + + 443 + 444 + 1 + + + 3377 + 3378 + 1 @@ -20799,44 +21019,59 @@ 12 - 2 - 3 - 12 + 1 + 2 + 2 3 4 - 12 + 4 - 5 - 6 - 3 + 4 + 5 + 1 6 7 - 3 + 1 - 12 - 13 - 3 + 14 + 15 + 1 + + + 25 + 26 + 1 35 36 - 3 + 1 - 134 - 135 - 3 + 85 + 86 + 1 - 1076 - 1077 - 3 + 150 + 151 + 1 + + + 443 + 444 + 1 + + + 3377 + 3378 + 1 @@ -20852,7 +21087,7 @@ 1 2 - 3965 + 4153 @@ -20868,7 +21103,7 @@ 1 2 - 3965 + 4153 @@ -20878,19 +21113,19 @@ ruby_while_def - 1376 + 1400 id - 1376 + 1400 body - 1376 + 1400 condition - 1376 + 1400 @@ -20904,7 +21139,7 @@ 1 2 - 1376 + 1400 @@ -20920,7 +21155,7 @@ 1 2 - 1376 + 1400 @@ -20936,7 +21171,7 @@ 1 2 - 1376 + 1400 @@ -20952,7 +21187,7 @@ 1 2 - 1376 + 1400 @@ -20968,7 +21203,7 @@ 1 2 - 1376 + 1400 @@ -20984,7 +21219,7 @@ 1 2 - 1376 + 1400 @@ -20994,19 +21229,19 @@ ruby_while_modifier_def - 193 + 194 id - 193 + 194 body - 193 + 194 condition - 193 + 194 @@ -21020,7 +21255,7 @@ 1 2 - 193 + 194 @@ -21036,7 +21271,7 @@ 1 2 - 193 + 194 @@ -21052,7 +21287,7 @@ 1 2 - 193 + 194 @@ -21068,7 +21303,7 @@ 1 2 - 193 + 194 @@ -21084,7 +21319,7 @@ 1 2 - 193 + 194 @@ -21100,7 +21335,7 @@ 1 2 - 193 + 194 @@ -21110,15 +21345,15 @@ ruby_yield_child - 1120 + 1111 ruby_yield - 1120 + 1111 child - 1120 + 1111 @@ -21132,7 +21367,7 @@ 1 2 - 1120 + 1111 @@ -21148,7 +21383,7 @@ 1 2 - 1120 + 1111 @@ -21158,11 +21393,11 @@ ruby_yield_def - 2450 + 2477 id - 2450 + 2477 @@ -21178,5 +21413,627 @@ + + yaml + 0 + + + id + 0 + + + kind + 0 + + + parent + 0 + + + idx + 0 + + + tag + 0 + + + tostring + 0 + + + + + id + kind + + + 12 + + + 1 + 2 + 2 + + + + + + + id + parent + + + 12 + + + 1 + 2 + 2 + + + + + + + id + idx + + + 12 + + + 1 + 2 + 2 + + + + + + + id + tag + + + 12 + + + 1 + 2 + 2 + + + + + + + id + tostring + + + 12 + + + 1 + 2 + 2 + + + + + + + kind + id + + + 12 + + + + + + kind + parent + + + 12 + + + + + + kind + idx + + + 12 + + + + + + kind + tag + + + 12 + + + + + + kind + tostring + + + 12 + + + + + + parent + id + + + 12 + + + + + + parent + kind + + + 12 + + + + + + parent + idx + + + 12 + + + + + + parent + tag + + + 12 + + + + + + parent + tostring + + + 12 + + + + + + idx + id + + + 12 + + + + + + idx + kind + + + 12 + + + + + + idx + parent + + + 12 + + + + + + idx + tag + + + 12 + + + + + + idx + tostring + + + 12 + + + + + + tag + id + + + 12 + + + + + + tag + kind + + + 12 + + + + + + tag + parent + + + 12 + + + + + + tag + idx + + + 12 + + + + + + tag + tostring + + + 12 + + + + + + tostring + id + + + 12 + + + + + + tostring + kind + + + 12 + + + + + + tostring + parent + + + 12 + + + + + + tostring + idx + + + 12 + + + + + + tostring + tag + + + 12 + + + + + + + + yaml_aliases + 0 + + + alias + 0 + + + target + 0 + + + + + alias + target + + + 12 + + + 1 + 2 + 2 + + + + + + + target + alias + + + 12 + + + + + + + + yaml_anchors + 0 + + + node + 0 + + + anchor + 0 + + + + + node + anchor + + + 12 + + + 1 + 2 + 2 + + + + + + + anchor + node + + + 12 + + + + + + + + yaml_errors + 0 + + + id + 0 + + + message + 0 + + + + + id + message + + + 12 + + + 1 + 2 + 2 + + + + + + + message + id + + + 12 + + + + + + + + yaml_locations + 0 + + + locatable + 0 + + + location + 0 + + + + + locatable + location + + + 12 + + + 1 + 2 + 2 + + + + + + + location + locatable + + + 12 + + + + + + + + yaml_scalars + 0 + + + scalar + 0 + + + style + 0 + + + value + 0 + + + + + scalar + style + + + 12 + + + 1 + 2 + 2 + + + + + + + scalar + value + + + 12 + + + 1 + 2 + 2 + + + + + + + style + scalar + + + 12 + + + + + + style + value + + + 12 + + + + + + value + scalar + + + 12 + + + + + + value + style + + + 12 + + + + + + From 653cd86c13ffc0d96f35e0231192c105fad07417 Mon Sep 17 00:00:00 2001 From: Erik Krogh Kristensen Date: Mon, 22 May 2023 20:48:21 +0200 Subject: [PATCH 552/870] update qldoc --- javascript/ql/lib/semmle/javascript/NPM.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/NPM.qll b/javascript/ql/lib/semmle/javascript/NPM.qll index 147ed617745..e1059d94930 100644 --- a/javascript/ql/lib/semmle/javascript/NPM.qll +++ b/javascript/ql/lib/semmle/javascript/NPM.qll @@ -14,7 +14,7 @@ class PackageJson extends JsonObject { /** * Gets the name of this package. - * If the package is located under the package `pkg1` and its relative path is `foo/bar`, it can be `pkg1/foo/bar`. + * If the package is located under the package `pkg1` and its relative path is `foo/bar`, then the resulting package name will be `pkg1/foo/bar`. */ string getPackageName() { result = this.getPropStringValue("name") From 774baead603bda4a688afb64c81baf1689694c1c Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Tue, 9 May 2023 19:53:19 -0400 Subject: [PATCH 553/870] Add test case based on missing result --- .../test/query-tests/security/CWE-918/SanitizationTests.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/java/ql/test/query-tests/security/CWE-918/SanitizationTests.java b/java/ql/test/query-tests/security/CWE-918/SanitizationTests.java index 9a65374024c..6a99c619ff3 100644 --- a/java/ql/test/query-tests/security/CWE-918/SanitizationTests.java +++ b/java/ql/test/query-tests/security/CWE-918/SanitizationTests.java @@ -116,6 +116,9 @@ public class SanitizationTests extends HttpServlet { HttpRequest unsafer9 = HttpRequest.newBuilder(new URI(unsafeUri9)).build(); // $ SSRF client.send(unsafer9, null); + String unsafeUri10 = String.format("%s://%s:%s%s", "http", "myserver.com", "80", request.getParameter("baduri10")); + HttpRequest unsafer10 = HttpRequest.newBuilder(new URI(unsafeUri10)).build(); // $ SSRF + client.send(unsafer10, null); } catch (Exception e) { // TODO: handle exception } From 43966ebaeb050d7ff191d354b8686be6e6f7ecb6 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Tue, 9 May 2023 19:54:22 -0400 Subject: [PATCH 554/870] Change regex used in HostnameSanitizingPrefix --- java/ql/lib/semmle/code/java/security/RequestForgery.qll | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/java/ql/lib/semmle/code/java/security/RequestForgery.qll b/java/ql/lib/semmle/code/java/security/RequestForgery.qll index c454da5f035..f9b98490dfa 100644 --- a/java/ql/lib/semmle/code/java/security/RequestForgery.qll +++ b/java/ql/lib/semmle/code/java/security/RequestForgery.qll @@ -79,10 +79,7 @@ private class HostnameSanitizingPrefix extends InterestingPrefix { // the host or entity addressed: for example, anything containing `?` or `#`, or a slash that // doesn't appear to be a protocol specifier (e.g. `http://` is not sanitizing), or specifically // the string "/". - exists( - this.getStringValue() - .regexpFind(".*([?#]|[^?#:/\\\\][/\\\\]).*|[/\\\\][^/\\\\].*|^/$", 0, offset) - ) + exists(this.getStringValue().regexpFind("([?#]|[^?#:/\\\\][/\\\\])|^/$", 0, offset)) } override int getOffset() { result = offset } From 2d69f81d85df51a997686e7b053ae7b82e7d7f43 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Tue, 16 May 2023 15:38:45 -0400 Subject: [PATCH 555/870] Add change note --- .../2023-05-17-change-hostnamesanitizingprefix-regex.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 java/ql/lib/change-notes/2023-05-17-change-hostnamesanitizingprefix-regex.md diff --git a/java/ql/lib/change-notes/2023-05-17-change-hostnamesanitizingprefix-regex.md b/java/ql/lib/change-notes/2023-05-17-change-hostnamesanitizingprefix-regex.md new file mode 100644 index 00000000000..8d81c97d9e3 --- /dev/null +++ b/java/ql/lib/change-notes/2023-05-17-change-hostnamesanitizingprefix-regex.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +--- +* Updated the regular expression in the `HostnameSanitizer` sanitizer in the `semmle.code.java.security.RequestForgery` library to better detect strings prefixed with a hostname. + From 7aa23cf11db24341995b4252a64bc13d1b104bb2 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 22 May 2023 20:47:00 +0000 Subject: [PATCH 556/870] Release preparation for version 2.13.3 --- cpp/ql/lib/CHANGELOG.md | 16 ++++++++ .../2023-04-28-indirect-barrier-node.md | 4 -- .../2023-04-28-static-local-dataflow.md | 4 -- .../2023-05-02-ir-noreturn-calls.md | 4 -- .../2023-05-02-range-analysis-wrapper.md | 4 -- .../2023-05-22-inline-in-std-namespace.md | 4 -- cpp/ql/lib/change-notes/released/0.7.2.md | 15 +++++++ cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 4 ++ cpp/ql/src/change-notes/released/0.6.2.md | 3 ++ cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/lib/CHANGELOG.md | 4 ++ .../lib/change-notes/released/1.5.2.md | 3 ++ .../Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/src/CHANGELOG.md | 4 ++ .../src/change-notes/released/1.5.2.md | 3 ++ .../Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 7 ++++ .../2023-04-26-neutral-model-kinds.md | 4 -- .../0.6.2.md} | 8 ++-- csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 4 ++ csharp/ql/src/change-notes/released/0.6.2.md | 3 ++ csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/lib/CHANGELOG.md | 6 +++ .../0.5.2.md} | 9 ++-- go/ql/lib/codeql-pack.release.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/CHANGELOG.md | 4 ++ go/ql/src/change-notes/released/0.5.2.md | 3 ++ go/ql/src/codeql-pack.release.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 41 +++++++++++++++++++ ...-04-20-create-model-for-io-jsonwebtoken.md | 5 --- .../2023-04-26-neutral-model-kinds.md | 4 -- .../2023-05-02-apache-commons-net-models.md | 4 -- ...3-05-03-url-open-stream-as-experimental.md | 4 -- .../lib/change-notes/2023-05-11-new-models.md | 6 --- .../2023-05-12-spring-jdbc-sql-sinks.md | 4 -- .../0.6.2.md} | 17 ++++++-- java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 8 ++++ .../change-notes/2023-05-15-xpath-xxe-sink.md | 4 -- .../2023-05-19-groovy-injection-sink.md | 4 -- .../0.6.2.md} | 9 ++-- java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 6 +++ .../0.6.2.md} | 9 ++-- javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 20 +++++++++ .../2023-04-13-Forge-truncated-sha512-hash.md | 5 --- .../2023-04-26-unsafe-yaml-deserialization.md | 5 --- .../2023-04-28-json-with-comments.md | 5 --- .../2023-05-02-github-actions-sources.md | 5 --- .../change-notes/2023-05-17-indirect-shell.md | 4 -- .../ql/src/change-notes/released/0.6.2.md | 19 +++++++++ javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/CHANGELOG.md | 4 ++ .../change-notes/released/0.5.2.md | 3 ++ misc/suite-helpers/codeql-pack.release.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 7 ++++ ...16-typetracking-read-captured-variables.md | 4 -- .../0.9.2.md} | 8 ++-- python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 4 ++ python/ql/src/change-notes/released/0.7.2.md | 3 ++ python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 6 +++ .../0.6.2.md} | 7 ++-- ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 4 ++ ruby/ql/src/change-notes/released/0.6.2.md | 3 ++ ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- shared/regex/CHANGELOG.md | 4 ++ shared/regex/change-notes/released/0.0.13.md | 3 ++ shared/regex/codeql-pack.release.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/CHANGELOG.md | 4 ++ shared/ssa/change-notes/released/0.0.17.md | 3 ++ shared/ssa/codeql-pack.release.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/tutorial/CHANGELOG.md | 4 ++ .../tutorial/change-notes/released/0.0.10.md | 3 ++ shared/tutorial/codeql-pack.release.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typetracking/CHANGELOG.md | 4 ++ .../change-notes/released/0.0.10.md | 3 ++ shared/typetracking/codeql-pack.release.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/CHANGELOG.md | 4 ++ shared/typos/change-notes/released/0.0.17.md | 3 ++ shared/typos/codeql-pack.release.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/CHANGELOG.md | 4 ++ shared/util/change-notes/released/0.0.10.md | 3 ++ shared/util/codeql-pack.release.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/yaml/CHANGELOG.md | 4 ++ shared/yaml/change-notes/released/0.0.2.md | 3 ++ shared/yaml/codeql-pack.release.yml | 2 +- shared/yaml/qlpack.yml | 2 +- 116 files changed, 347 insertions(+), 159 deletions(-) delete mode 100644 cpp/ql/lib/change-notes/2023-04-28-indirect-barrier-node.md delete mode 100644 cpp/ql/lib/change-notes/2023-04-28-static-local-dataflow.md delete mode 100644 cpp/ql/lib/change-notes/2023-05-02-ir-noreturn-calls.md delete mode 100644 cpp/ql/lib/change-notes/2023-05-02-range-analysis-wrapper.md delete mode 100644 cpp/ql/lib/change-notes/2023-05-22-inline-in-std-namespace.md create mode 100644 cpp/ql/lib/change-notes/released/0.7.2.md create mode 100644 cpp/ql/src/change-notes/released/0.6.2.md create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.5.2.md create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.5.2.md delete mode 100644 csharp/ql/lib/change-notes/2023-04-26-neutral-model-kinds.md rename csharp/ql/lib/change-notes/{2023-05-16-ilogger-extension-methods.md => released/0.6.2.md} (58%) create mode 100644 csharp/ql/src/change-notes/released/0.6.2.md rename go/ql/lib/change-notes/{2023-04-25-data-flow-varargs-parameters.md => released/0.5.2.md} (85%) create mode 100644 go/ql/src/change-notes/released/0.5.2.md delete mode 100644 java/ql/lib/change-notes/2023-04-20-create-model-for-io-jsonwebtoken.md delete mode 100644 java/ql/lib/change-notes/2023-04-26-neutral-model-kinds.md delete mode 100644 java/ql/lib/change-notes/2023-05-02-apache-commons-net-models.md delete mode 100644 java/ql/lib/change-notes/2023-05-03-url-open-stream-as-experimental.md delete mode 100644 java/ql/lib/change-notes/2023-05-11-new-models.md delete mode 100644 java/ql/lib/change-notes/2023-05-12-spring-jdbc-sql-sinks.md rename java/ql/lib/change-notes/{2023-05-04-add-libraries-for-query-configurations.md => released/0.6.2.md} (87%) delete mode 100644 java/ql/src/change-notes/2023-05-15-xpath-xxe-sink.md delete mode 100644 java/ql/src/change-notes/2023-05-19-groovy-injection-sink.md rename java/ql/src/change-notes/{2023-04-26-xxe-sinks-promotion.md => released/0.6.2.md} (50%) rename javascript/ql/lib/change-notes/{2023-04-03-gh-injection.md => released/0.6.2.md} (85%) delete mode 100644 javascript/ql/src/change-notes/2023-04-13-Forge-truncated-sha512-hash.md delete mode 100644 javascript/ql/src/change-notes/2023-04-26-unsafe-yaml-deserialization.md delete mode 100644 javascript/ql/src/change-notes/2023-04-28-json-with-comments.md delete mode 100644 javascript/ql/src/change-notes/2023-05-02-github-actions-sources.md delete mode 100644 javascript/ql/src/change-notes/2023-05-17-indirect-shell.md create mode 100644 javascript/ql/src/change-notes/released/0.6.2.md create mode 100644 misc/suite-helpers/change-notes/released/0.5.2.md delete mode 100644 python/ql/lib/change-notes/2023-03-16-typetracking-read-captured-variables.md rename python/ql/lib/change-notes/{2022-11-15-dictionary-read-store-steps.md => released/0.9.2.md} (51%) create mode 100644 python/ql/src/change-notes/released/0.7.2.md rename ruby/ql/lib/change-notes/{2023-05-03-sqlite3.md => released/0.6.2.md} (80%) create mode 100644 ruby/ql/src/change-notes/released/0.6.2.md create mode 100644 shared/regex/change-notes/released/0.0.13.md create mode 100644 shared/ssa/change-notes/released/0.0.17.md create mode 100644 shared/tutorial/change-notes/released/0.0.10.md create mode 100644 shared/typetracking/change-notes/released/0.0.10.md create mode 100644 shared/typos/change-notes/released/0.0.17.md create mode 100644 shared/util/change-notes/released/0.0.10.md create mode 100644 shared/yaml/change-notes/released/0.0.2.md diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index f77a14c328f..e5d2ae643bc 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,19 @@ +## 0.7.2 + +### New Features + +* Added an AST-based interface (`semmle.code.cpp.rangeanalysis.new.RangeAnalysis`) for the relative range analysis library. +* A new predicate `BarrierGuard::getAnIndirectBarrierNode` has been added to the new dataflow library (`semmle.code.cpp.dataflow.new.DataFlow`) to mark indirect expressions as barrier nodes using the `BarrierGuard` API. + +### Major Analysis Improvements + +* In the intermediate representation, handling of control flow after non-returning calls has been improved. This should remove false positives in queries that use the intermedite representation or libraries based on it, including the new data flow library. + +### Minor Analysis Improvements + +* The `StdNamespace` class now also includes all inline namespaces that are children of `std` namespace. +* The new dataflow (`semmle.code.cpp.dataflow.new.DataFlow`) and taint-tracking libraries (`semmle.code.cpp.dataflow.new.TaintTracking`) now support tracking flow through static local variables. + ## 0.7.1 No user-facing changes. diff --git a/cpp/ql/lib/change-notes/2023-04-28-indirect-barrier-node.md b/cpp/ql/lib/change-notes/2023-04-28-indirect-barrier-node.md deleted file mode 100644 index 68421139e7d..00000000000 --- a/cpp/ql/lib/change-notes/2023-04-28-indirect-barrier-node.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* A new predicate `BarrierGuard::getAnIndirectBarrierNode` has been added to the new dataflow library (`semmle.code.cpp.dataflow.new.DataFlow`) to mark indirect expressions as barrier nodes using the `BarrierGuard` API. diff --git a/cpp/ql/lib/change-notes/2023-04-28-static-local-dataflow.md b/cpp/ql/lib/change-notes/2023-04-28-static-local-dataflow.md deleted file mode 100644 index be4c4e73ed0..00000000000 --- a/cpp/ql/lib/change-notes/2023-04-28-static-local-dataflow.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The new dataflow (`semmle.code.cpp.dataflow.new.DataFlow`) and taint-tracking libraries (`semmle.code.cpp.dataflow.new.TaintTracking`) now support tracking flow through static local variables. diff --git a/cpp/ql/lib/change-notes/2023-05-02-ir-noreturn-calls.md b/cpp/ql/lib/change-notes/2023-05-02-ir-noreturn-calls.md deleted file mode 100644 index 5688945dc80..00000000000 --- a/cpp/ql/lib/change-notes/2023-05-02-ir-noreturn-calls.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* In the intermediate representation, handling of control flow after non-returning calls has been improved. This should remove false positives in queries that use the intermedite representation or libraries based on it, including the new data flow library. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2023-05-02-range-analysis-wrapper.md b/cpp/ql/lib/change-notes/2023-05-02-range-analysis-wrapper.md deleted file mode 100644 index b28167dc52d..00000000000 --- a/cpp/ql/lib/change-notes/2023-05-02-range-analysis-wrapper.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Added an AST-based interface (`semmle.code.cpp.rangeanalysis.new.RangeAnalysis`) for the relative range analysis library. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2023-05-22-inline-in-std-namespace.md b/cpp/ql/lib/change-notes/2023-05-22-inline-in-std-namespace.md deleted file mode 100644 index 8b562bd8357..00000000000 --- a/cpp/ql/lib/change-notes/2023-05-22-inline-in-std-namespace.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `StdNamespace` class now also includes all inline namespaces that are children of `std` namespace. diff --git a/cpp/ql/lib/change-notes/released/0.7.2.md b/cpp/ql/lib/change-notes/released/0.7.2.md new file mode 100644 index 00000000000..4decad06ae8 --- /dev/null +++ b/cpp/ql/lib/change-notes/released/0.7.2.md @@ -0,0 +1,15 @@ +## 0.7.2 + +### New Features + +* Added an AST-based interface (`semmle.code.cpp.rangeanalysis.new.RangeAnalysis`) for the relative range analysis library. +* A new predicate `BarrierGuard::getAnIndirectBarrierNode` has been added to the new dataflow library (`semmle.code.cpp.dataflow.new.DataFlow`) to mark indirect expressions as barrier nodes using the `BarrierGuard` API. + +### Major Analysis Improvements + +* In the intermediate representation, handling of control flow after non-returning calls has been improved. This should remove false positives in queries that use the intermedite representation or libraries based on it, including the new data flow library. + +### Minor Analysis Improvements + +* The `StdNamespace` class now also includes all inline namespaces that are children of `std` namespace. +* The new dataflow (`semmle.code.cpp.dataflow.new.DataFlow`) and taint-tracking libraries (`semmle.code.cpp.dataflow.new.TaintTracking`) now support tracking flow through static local variables. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index e007a9aec3e..fee171e9685 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.1 +lastReleaseVersion: 0.7.2 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 3f6482c1ebe..2008adee602 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.7.2-dev +version: 0.7.2 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 1314e6d7553..4991b66538f 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.6.2 + +No user-facing changes. + ## 0.6.1 ### New Queries diff --git a/cpp/ql/src/change-notes/released/0.6.2.md b/cpp/ql/src/change-notes/released/0.6.2.md new file mode 100644 index 00000000000..43f80640fc5 --- /dev/null +++ b/cpp/ql/src/change-notes/released/0.6.2.md @@ -0,0 +1,3 @@ +## 0.6.2 + +No user-facing changes. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 80fb0899f64..5501a2a1cc5 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.1 +lastReleaseVersion: 0.6.2 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 4df58a2da69..8b2bb0ed100 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.6.2-dev +version: 0.6.2 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 56de88b8aa5..ad7a007007f 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.5.2 + +No user-facing changes. + ## 1.5.1 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.5.2.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.5.2.md new file mode 100644 index 00000000000..384c27833f1 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.5.2.md @@ -0,0 +1,3 @@ +## 1.5.2 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index c5775c46013..7eb901bae56 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.1 +lastReleaseVersion: 1.5.2 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index fb0859160cc..9c09d378a20 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.5.2-dev +version: 1.5.2 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 56de88b8aa5..ad7a007007f 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.5.2 + +No user-facing changes. + ## 1.5.1 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.5.2.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.5.2.md new file mode 100644 index 00000000000..384c27833f1 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.5.2.md @@ -0,0 +1,3 @@ +## 1.5.2 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index c5775c46013..7eb901bae56 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.1 +lastReleaseVersion: 1.5.2 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 4c9eeb60c87..241bb764b7c 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.5.2-dev +version: 1.5.2 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 4ebff5c86a7..435255a997a 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.6.2 + +### Minor Analysis Improvements + +* The `cs/log-forging`, `cs/cleartext-storage`, and `cs/exposure-of-sensitive-information` queries now correctly handle unsanitized arguments to `ILogger` extension methods. +* Updated the `neutralModel` extensible predicate to include a `kind` column. + ## 0.6.1 No user-facing changes. diff --git a/csharp/ql/lib/change-notes/2023-04-26-neutral-model-kinds.md b/csharp/ql/lib/change-notes/2023-04-26-neutral-model-kinds.md deleted file mode 100644 index ab19597224b..00000000000 --- a/csharp/ql/lib/change-notes/2023-04-26-neutral-model-kinds.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Updated the `neutralModel` extensible predicate to include a `kind` column. \ No newline at end of file diff --git a/csharp/ql/lib/change-notes/2023-05-16-ilogger-extension-methods.md b/csharp/ql/lib/change-notes/released/0.6.2.md similarity index 58% rename from csharp/ql/lib/change-notes/2023-05-16-ilogger-extension-methods.md rename to csharp/ql/lib/change-notes/released/0.6.2.md index 4d4f0767238..c3829f2df86 100644 --- a/csharp/ql/lib/change-notes/2023-05-16-ilogger-extension-methods.md +++ b/csharp/ql/lib/change-notes/released/0.6.2.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.6.2 + +### Minor Analysis Improvements + * The `cs/log-forging`, `cs/cleartext-storage`, and `cs/exposure-of-sensitive-information` queries now correctly handle unsanitized arguments to `ILogger` extension methods. +* Updated the `neutralModel` extensible predicate to include a `kind` column. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index 80fb0899f64..5501a2a1cc5 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.1 +lastReleaseVersion: 0.6.2 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index fdb710e9371..1e56c93103b 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.6.2-dev +version: 0.6.2 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index fb6006fc6f9..e214ec42a03 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.6.2 + +No user-facing changes. + ## 0.6.1 ### Minor Analysis Improvements diff --git a/csharp/ql/src/change-notes/released/0.6.2.md b/csharp/ql/src/change-notes/released/0.6.2.md new file mode 100644 index 00000000000..43f80640fc5 --- /dev/null +++ b/csharp/ql/src/change-notes/released/0.6.2.md @@ -0,0 +1,3 @@ +## 0.6.2 + +No user-facing changes. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index 80fb0899f64..5501a2a1cc5 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.1 +lastReleaseVersion: 0.6.2 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index d68e0a497c1..663ad9efee2 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.6.2-dev +version: 0.6.2 groups: - csharp - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index e144655e159..5f09272c19b 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.5.2 + +### Minor Analysis Improvements + +* Fixed data flow through variadic function parameters. The arguments corresponding to a variadic parameter are no longer returned by `CallNode.getArgument(int i)` and `CallNode.getAnArgument()`, and hence aren't `ArgumentNode`s. They now have one result, which is an `ImplicitVarargsSlice` node. For example, a call `f(a, b, c)` to a function `f(T...)` is treated like `f([]T{a, b, c})`. The old behaviour is preserved by `CallNode.getSyntacticArgument(int i)` and `CallNode.getASyntacticArgument()`. `CallExpr.getArgument(int i)` and `CallExpr.getAnArgument()` are unchanged, and will still have three results in the example given. + ## 0.5.1 ### Minor Analysis Improvements diff --git a/go/ql/lib/change-notes/2023-04-25-data-flow-varargs-parameters.md b/go/ql/lib/change-notes/released/0.5.2.md similarity index 85% rename from go/ql/lib/change-notes/2023-04-25-data-flow-varargs-parameters.md rename to go/ql/lib/change-notes/released/0.5.2.md index 881d570361e..ad1dea14924 100644 --- a/go/ql/lib/change-notes/2023-04-25-data-flow-varargs-parameters.md +++ b/go/ql/lib/change-notes/released/0.5.2.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- -* Fixed data flow through variadic function parameters. The arguments corresponding to a variadic parameter are no longer returned by `CallNode.getArgument(int i)` and `CallNode.getAnArgument()`, and hence aren't `ArgumentNode`s. They now have one result, which is an `ImplicitVarargsSlice` node. For example, a call `f(a, b, c)` to a function `f(T...)` is treated like `f([]T{a, b, c})`. The old behaviour is preserved by `CallNode.getSyntacticArgument(int i)` and `CallNode.getASyntacticArgument()`. `CallExpr.getArgument(int i)` and `CallExpr.getAnArgument()` are unchanged, and will still have three results in the example given. \ No newline at end of file +## 0.5.2 + +### Minor Analysis Improvements + +* Fixed data flow through variadic function parameters. The arguments corresponding to a variadic parameter are no longer returned by `CallNode.getArgument(int i)` and `CallNode.getAnArgument()`, and hence aren't `ArgumentNode`s. They now have one result, which is an `ImplicitVarargsSlice` node. For example, a call `f(a, b, c)` to a function `f(T...)` is treated like `f([]T{a, b, c})`. The old behaviour is preserved by `CallNode.getSyntacticArgument(int i)` and `CallNode.getASyntacticArgument()`. `CallExpr.getArgument(int i)` and `CallExpr.getAnArgument()` are unchanged, and will still have three results in the example given. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index 0bf7024c337..2d9d3f587f8 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.5.1 +lastReleaseVersion: 0.5.2 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 346dc087db4..4da3e4ac60c 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.5.2-dev +version: 0.5.2 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 81ce4f00d02..8a1b8bcfebc 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.5.2 + +No user-facing changes. + ## 0.5.1 No user-facing changes. diff --git a/go/ql/src/change-notes/released/0.5.2.md b/go/ql/src/change-notes/released/0.5.2.md new file mode 100644 index 00000000000..e94d1f4ad5b --- /dev/null +++ b/go/ql/src/change-notes/released/0.5.2.md @@ -0,0 +1,3 @@ +## 0.5.2 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 0bf7024c337..2d9d3f587f8 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.5.1 +lastReleaseVersion: 0.5.2 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 64be9928c63..81410e8a0bc 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.5.2-dev +version: 0.5.2 groups: - go - queries diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 03907f74b89..53fb1470bb9 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,44 @@ +## 0.6.2 + +### Minor Analysis Improvements + +* Added SQL injection sinks for Spring JDBC's `NamedParameterJdbcOperations`. +* Added models for the following packages: + + * org.apache.hadoop.fs +* Added the `ArithmeticCommon.qll` library to provide predicates for reasoning about arithmetic operations. +* Added the `ArithmeticTaintedLocalQuery.qll` library to provide the `ArithmeticTaintedLocalOverflowFlow` and `ArithmeticTaintedLocalUnderflowFlow` taint-tracking modules to reason about arithmetic with unvalidated user input. +* Added the `ArithmeticTaintedQuery.qll` library to provide the `RemoteUserInputOverflow` and `RemoteUserInputUnderflow` taint-tracking modules to reason about arithmetic with unvalidated user input. +* Added the `ArithmeticUncontrolledQuery.qll` library to provide the `ArithmeticUncontrolledOverflowFlow` and `ArithmeticUncontrolledUnderflowFlow` taint-tracking modules to reason about arithmetic with uncontrolled user input. +* Added the `ArithmeticWithExtremeValuesQuery.qll` library to provide the `MaxValueFlow` and `MinValueFlow` dataflow modules to reason about arithmetic with extreme values. +* Added the `BrokenCryptoAlgorithmQuery.qll` library to provide the `InsecureCryptoFlow` taint-tracking module to reason about broken cryptographic algorithm vulnerabilities. +* Added the `ExecTaintedLocalQuery.qll` library to provide the `LocalUserInputToArgumentToExecFlow` taint-tracking module to reason about command injection vulnerabilities caused by local data flow. +* Added the `ExternallyControlledFormatStringLocalQuery.qll` library to provide the `ExternallyControlledFormatStringLocalFlow` taint-tracking module to reason about format string vulnerabilities caused by local data flow. +* Added the `ImproperValidationOfArrayConstructionCodeSpecifiedQuery.qll` library to provide the `BoundedFlowSourceFlow` dataflow module to reason about improper validation of code-specified sizes used for array construction. +* Added the `ImproperValidationOfArrayConstructionLocalQuery.qll` library to provide the `ImproperValidationOfArrayConstructionLocalFlow` taint-tracking module to reason about improper validation of local user-provided sizes used for array construction caused by local data flow. +* Added the `ImproperValidationOfArrayConstructionQuery.qll` library to provide the `ImproperValidationOfArrayConstructionFlow` taint-tracking module to reason about improper validation of user-provided size used for array construction. +* Added the `ImproperValidationOfArrayIndexCodeSpecifiedQuery.qll` library to provide the `BoundedFlowSourceFlow` data flow module to reason about about improper validation of code-specified array index. +* Added the `ImproperValidationOfArrayIndexLocalQuery.qll` library to provide the `ImproperValidationOfArrayIndexLocalFlow` taint-tracking module to reason about improper validation of a local user-provided array index. +* Added the `ImproperValidationOfArrayIndexQuery.qll` library to provide the `ImproperValidationOfArrayIndexFlow` taint-tracking module to reason about improper validation of user-provided array index. +* Added the `InsecureCookieQuery.qll` library to provide the `SecureCookieFlow` taint-tracking module to reason about insecure cookie vulnerabilities. +* Added the `MaybeBrokenCryptoAlgorithmQuery.qll` library to provide the `InsecureCryptoFlow` taint-tracking module to reason about broken cryptographic algorithm vulnerabilities. +* Added the `NumericCastTaintedQuery.qll` library to provide the `NumericCastTaintedFlow` taint-tracking module to reason about numeric cast vulnerabilities. +* Added the `ResponseSplittingLocalQuery.qll` library to provide the `ResponseSplittingLocalFlow` taint-tracking module to reason about response splitting vulnerabilities caused by local data flow. +* Added the `SqlConcatenatedQuery.qll` library to provide the `UncontrolledStringBuilderSourceFlow` taint-tracking module to reason about SQL injection vulnerabilities caused by concatenating untrusted strings. +* Added the `SqlTaintedLocalQuery.qll` library to provide the `LocalUserInputToArgumentToSqlFlow` taint-tracking module to reason about SQL injection vulnerabilities caused by local data flow. +* Added the `StackTraceExposureQuery.qll` library to provide the `printsStackExternally`, `stringifiedStackFlowsExternally`, and `getMessageFlowsExternally` predicates to reason about stack trace exposure vulnerabilities. +* Added the `TaintedPermissionQuery.qll` library to provide the `TaintedPermissionFlow` taint-tracking module to reason about tainted permission vulnerabilities. +* Added the `TempDirLocalInformationDisclosureQuery.qll` library to provide the `TempDirSystemGetPropertyToCreate` taint-tracking module to reason about local information disclosure vulnerabilities caused by local data flow. +* Added the `UnsafeHostnameVerificationQuery.qll` library to provide the `TrustAllHostnameVerifierFlow` taint-tracking module to reason about insecure hostname verification vulnerabilities. +* Added the `UrlRedirectLocalQuery.qll` library to provide the `UrlRedirectLocalFlow` taint-tracking module to reason about URL redirection vulnerabilities caused by local data flow. +* Added the `UrlRedirectQuery.qll` library to provide the `UrlRedirectFlow` taint-tracking module to reason about URL redirection vulnerabilities. +* Added the `XPathInjectionQuery.qll` library to provide the `XPathInjectionFlow` taint-tracking module to reason about XPath injection vulnerabilities. +* Added the `XssLocalQuery.qll` library to provide the `XssLocalFlow` taint-tracking module to reason about XSS vulnerabilities caused by local data flow. +* Moved the `url-open-stream` sink models to experimental and removed `url-open-stream` as a sink option from the [Customizing Library Models for Java](https://github.com/github/codeql/blob/733a00039efdb39c3dd76ddffad5e6d6c85e6774/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst#customizing-library-models-for-java) documentation. +* Added models for the Apache Commons Net library. +* Updated the `neutralModel` extensible predicate to include a `kind` column. +* Added models for the `io.jsonwebtoken` library. + ## 0.6.1 ### Deprecated APIs diff --git a/java/ql/lib/change-notes/2023-04-20-create-model-for-io-jsonwebtoken.md b/java/ql/lib/change-notes/2023-04-20-create-model-for-io-jsonwebtoken.md deleted file mode 100644 index 3a037075967..00000000000 --- a/java/ql/lib/change-notes/2023-04-20-create-model-for-io-jsonwebtoken.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Added models for the `io.jsonwebtoken` library. - diff --git a/java/ql/lib/change-notes/2023-04-26-neutral-model-kinds.md b/java/ql/lib/change-notes/2023-04-26-neutral-model-kinds.md deleted file mode 100644 index ab19597224b..00000000000 --- a/java/ql/lib/change-notes/2023-04-26-neutral-model-kinds.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Updated the `neutralModel` extensible predicate to include a `kind` column. \ No newline at end of file diff --git a/java/ql/lib/change-notes/2023-05-02-apache-commons-net-models.md b/java/ql/lib/change-notes/2023-05-02-apache-commons-net-models.md deleted file mode 100644 index a669c74d3e8..00000000000 --- a/java/ql/lib/change-notes/2023-05-02-apache-commons-net-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added models for the Apache Commons Net library. diff --git a/java/ql/lib/change-notes/2023-05-03-url-open-stream-as-experimental.md b/java/ql/lib/change-notes/2023-05-03-url-open-stream-as-experimental.md deleted file mode 100644 index 1d57d64973c..00000000000 --- a/java/ql/lib/change-notes/2023-05-03-url-open-stream-as-experimental.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Moved the `url-open-stream` sink models to experimental and removed `url-open-stream` as a sink option from the [Customizing Library Models for Java](https://github.com/github/codeql/blob/733a00039efdb39c3dd76ddffad5e6d6c85e6774/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst#customizing-library-models-for-java) documentation. diff --git a/java/ql/lib/change-notes/2023-05-11-new-models.md b/java/ql/lib/change-notes/2023-05-11-new-models.md deleted file mode 100644 index 067105b4aca..00000000000 --- a/java/ql/lib/change-notes/2023-05-11-new-models.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -category: minorAnalysis ---- -* Added models for the following packages: - - * org.apache.hadoop.fs diff --git a/java/ql/lib/change-notes/2023-05-12-spring-jdbc-sql-sinks.md b/java/ql/lib/change-notes/2023-05-12-spring-jdbc-sql-sinks.md deleted file mode 100644 index 68d6c2b45fe..00000000000 --- a/java/ql/lib/change-notes/2023-05-12-spring-jdbc-sql-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added SQL injection sinks for Spring JDBC's `NamedParameterJdbcOperations`. \ No newline at end of file diff --git a/java/ql/lib/change-notes/2023-05-04-add-libraries-for-query-configurations.md b/java/ql/lib/change-notes/released/0.6.2.md similarity index 87% rename from java/ql/lib/change-notes/2023-05-04-add-libraries-for-query-configurations.md rename to java/ql/lib/change-notes/released/0.6.2.md index ead324ee5fb..f0bf9441a47 100644 --- a/java/ql/lib/change-notes/2023-05-04-add-libraries-for-query-configurations.md +++ b/java/ql/lib/change-notes/released/0.6.2.md @@ -1,6 +1,11 @@ ---- -category: minorAnalysis ---- +## 0.6.2 + +### Minor Analysis Improvements + +* Added SQL injection sinks for Spring JDBC's `NamedParameterJdbcOperations`. +* Added models for the following packages: + + * org.apache.hadoop.fs * Added the `ArithmeticCommon.qll` library to provide predicates for reasoning about arithmetic operations. * Added the `ArithmeticTaintedLocalQuery.qll` library to provide the `ArithmeticTaintedLocalOverflowFlow` and `ArithmeticTaintedLocalUnderflowFlow` taint-tracking modules to reason about arithmetic with unvalidated user input. * Added the `ArithmeticTaintedQuery.qll` library to provide the `RemoteUserInputOverflow` and `RemoteUserInputUnderflow` taint-tracking modules to reason about arithmetic with unvalidated user input. @@ -28,4 +33,8 @@ category: minorAnalysis * Added the `UrlRedirectLocalQuery.qll` library to provide the `UrlRedirectLocalFlow` taint-tracking module to reason about URL redirection vulnerabilities caused by local data flow. * Added the `UrlRedirectQuery.qll` library to provide the `UrlRedirectFlow` taint-tracking module to reason about URL redirection vulnerabilities. * Added the `XPathInjectionQuery.qll` library to provide the `XPathInjectionFlow` taint-tracking module to reason about XPath injection vulnerabilities. -* Added the `XssLocalQuery.qll` library to provide the `XssLocalFlow` taint-tracking module to reason about XSS vulnerabilities caused by local data flow. \ No newline at end of file +* Added the `XssLocalQuery.qll` library to provide the `XssLocalFlow` taint-tracking module to reason about XSS vulnerabilities caused by local data flow. +* Moved the `url-open-stream` sink models to experimental and removed `url-open-stream` as a sink option from the [Customizing Library Models for Java](https://github.com/github/codeql/blob/733a00039efdb39c3dd76ddffad5e6d6c85e6774/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst#customizing-library-models-for-java) documentation. +* Added models for the Apache Commons Net library. +* Updated the `neutralModel` extensible predicate to include a `kind` column. +* Added models for the `io.jsonwebtoken` library. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 80fb0899f64..5501a2a1cc5 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.1 +lastReleaseVersion: 0.6.2 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index c48db63b34d..94ec029ed07 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.6.2-dev +version: 0.6.2 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 744ac866083..1e7cebcfca1 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,11 @@ +## 0.6.2 + +### Minor Analysis Improvements + +* The query `java/groovy-injection` now recognizes `groovy.text.TemplateEngine.createTemplate` as a sink. +* The queries `java/xxe` and `java/xxe-local` now recognize the second argument of calls to `XPath.evaluate` as a sink. +* Experimental sinks for the query "Resolving XML external entity in user-controlled data" (`java/xxe`) have been promoted to the main query pack. These sinks were originally [submitted as part of an experimental query by @haby0](https://github.com/github/codeql/pull/6564). + ## 0.6.1 No user-facing changes. diff --git a/java/ql/src/change-notes/2023-05-15-xpath-xxe-sink.md b/java/ql/src/change-notes/2023-05-15-xpath-xxe-sink.md deleted file mode 100644 index 1696ffbd213..00000000000 --- a/java/ql/src/change-notes/2023-05-15-xpath-xxe-sink.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The queries `java/xxe` and `java/xxe-local` now recognize the second argument of calls to `XPath.evaluate` as a sink. diff --git a/java/ql/src/change-notes/2023-05-19-groovy-injection-sink.md b/java/ql/src/change-notes/2023-05-19-groovy-injection-sink.md deleted file mode 100644 index 7f668dd1b28..00000000000 --- a/java/ql/src/change-notes/2023-05-19-groovy-injection-sink.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The query `java/groovy-injection` now recognizes `groovy.text.TemplateEngine.createTemplate` as a sink. diff --git a/java/ql/src/change-notes/2023-04-26-xxe-sinks-promotion.md b/java/ql/src/change-notes/released/0.6.2.md similarity index 50% rename from java/ql/src/change-notes/2023-04-26-xxe-sinks-promotion.md rename to java/ql/src/change-notes/released/0.6.2.md index 01bbfe267bd..50a5ff81b8f 100644 --- a/java/ql/src/change-notes/2023-04-26-xxe-sinks-promotion.md +++ b/java/ql/src/change-notes/released/0.6.2.md @@ -1,4 +1,7 @@ ---- -category: minorAnalysis ---- +## 0.6.2 + +### Minor Analysis Improvements + +* The query `java/groovy-injection` now recognizes `groovy.text.TemplateEngine.createTemplate` as a sink. +* The queries `java/xxe` and `java/xxe-local` now recognize the second argument of calls to `XPath.evaluate` as a sink. * Experimental sinks for the query "Resolving XML external entity in user-controlled data" (`java/xxe`) have been promoted to the main query pack. These sinks were originally [submitted as part of an experimental query by @haby0](https://github.com/github/codeql/pull/6564). diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index 80fb0899f64..5501a2a1cc5 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.1 +lastReleaseVersion: 0.6.2 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 3e640f9376f..8936d5a4373 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.6.2-dev +version: 0.6.2 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 24e199a69d7..3ac3bc23481 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.6.2 + +### Minor Analysis Improvements + +* Improved the queries for injection vulnerabilities in GitHub Actions workflows (`js/actions/command-injection` and `js/actions/pull-request-target`) and the associated library `semmle.javascript.Actions`. These now support steps defined in composite actions, in addition to steps defined in Actions workflow files. It supports more potentially untrusted input values. Additionally to the shell injections it now also detects injections in `actions/github-script`. It also detects simple injections from user controlled `${{ env.name }}`. Additionally to the `yml` extension now it also supports workflows with the `yaml` extension. + ## 0.6.1 ### Major Analysis Improvements diff --git a/javascript/ql/lib/change-notes/2023-04-03-gh-injection.md b/javascript/ql/lib/change-notes/released/0.6.2.md similarity index 85% rename from javascript/ql/lib/change-notes/2023-04-03-gh-injection.md rename to javascript/ql/lib/change-notes/released/0.6.2.md index 63e913eb694..f97f6633c49 100644 --- a/javascript/ql/lib/change-notes/2023-04-03-gh-injection.md +++ b/javascript/ql/lib/change-notes/released/0.6.2.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- -* Improved the queries for injection vulnerabilities in GitHub Actions workflows (`js/actions/command-injection` and `js/actions/pull-request-target`) and the associated library `semmle.javascript.Actions`. These now support steps defined in composite actions, in addition to steps defined in Actions workflow files. It supports more potentially untrusted input values. Additionally to the shell injections it now also detects injections in `actions/github-script`. It also detects simple injections from user controlled `${{ env.name }}`. Additionally to the `yml` extension now it also supports workflows with the `yaml` extension. \ No newline at end of file +## 0.6.2 + +### Minor Analysis Improvements + +* Improved the queries for injection vulnerabilities in GitHub Actions workflows (`js/actions/command-injection` and `js/actions/pull-request-target`) and the associated library `semmle.javascript.Actions`. These now support steps defined in composite actions, in addition to steps defined in Actions workflow files. It supports more potentially untrusted input values. Additionally to the shell injections it now also detects injections in `actions/github-script`. It also detects simple injections from user controlled `${{ env.name }}`. Additionally to the `yml` extension now it also supports workflows with the `yaml` extension. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 80fb0899f64..5501a2a1cc5 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.1 +lastReleaseVersion: 0.6.2 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 4b0fa8d4ffb..c45ff2f4732 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.6.2-dev +version: 0.6.2 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index d0933ef06cf..eb914577876 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,23 @@ +## 0.6.2 + +### Major Analysis Improvements + +* Added taint sources from the `@actions/core` and `@actions/github` packages. +* Added command-injection sinks from the `@actions/exec` package. + +### Minor Analysis Improvements + +* The `js/indirect-command-line-injection` query no longer flags command arguments that cannot be interpreted as a shell string. +* The `js/unsafe-deserialization` query no longer flags deserialization through the `js-yaml` library, except + when it is used with an unsafe schema. +* The Forge module in `CryptoLibraries.qll` now correctly classifies SHA-512/224, + SHA-512/256, and SHA-512/384 hashes used in message digests as NonKeyCiphers. + +### Bug Fixes + +* Fixed a spurious diagnostic warning about comments in JSON files being illegal. + Comments in JSON files are in fact fully supported, and the diagnostic message was misleading. + ## 0.6.1 ### Minor Analysis Improvements diff --git a/javascript/ql/src/change-notes/2023-04-13-Forge-truncated-sha512-hash.md b/javascript/ql/src/change-notes/2023-04-13-Forge-truncated-sha512-hash.md deleted file mode 100644 index 1d2bfc9a8f9..00000000000 --- a/javascript/ql/src/change-notes/2023-04-13-Forge-truncated-sha512-hash.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* The Forge module in `CryptoLibraries.qll` now correctly classifies SHA-512/224, - SHA-512/256, and SHA-512/384 hashes used in message digests as NonKeyCiphers. \ No newline at end of file diff --git a/javascript/ql/src/change-notes/2023-04-26-unsafe-yaml-deserialization.md b/javascript/ql/src/change-notes/2023-04-26-unsafe-yaml-deserialization.md deleted file mode 100644 index 02b044ee47a..00000000000 --- a/javascript/ql/src/change-notes/2023-04-26-unsafe-yaml-deserialization.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* The `js/unsafe-deserialization` query no longer flags deserialization through the `js-yaml` library, except - when it is used with an unsafe schema. diff --git a/javascript/ql/src/change-notes/2023-04-28-json-with-comments.md b/javascript/ql/src/change-notes/2023-04-28-json-with-comments.md deleted file mode 100644 index 3ce9949a39a..00000000000 --- a/javascript/ql/src/change-notes/2023-04-28-json-with-comments.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: fix ---- -* Fixed a spurious diagnostic warning about comments in JSON files being illegal. - Comments in JSON files are in fact fully supported, and the diagnostic message was misleading. diff --git a/javascript/ql/src/change-notes/2023-05-02-github-actions-sources.md b/javascript/ql/src/change-notes/2023-05-02-github-actions-sources.md deleted file mode 100644 index a9cf1339421..00000000000 --- a/javascript/ql/src/change-notes/2023-05-02-github-actions-sources.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: majorAnalysis ---- -* Added taint sources from the `@actions/core` and `@actions/github` packages. -* Added command-injection sinks from the `@actions/exec` package. diff --git a/javascript/ql/src/change-notes/2023-05-17-indirect-shell.md b/javascript/ql/src/change-notes/2023-05-17-indirect-shell.md deleted file mode 100644 index 556e9976152..00000000000 --- a/javascript/ql/src/change-notes/2023-05-17-indirect-shell.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `js/indirect-command-line-injection` query no longer flags command arguments that cannot be interpreted as a shell string. diff --git a/javascript/ql/src/change-notes/released/0.6.2.md b/javascript/ql/src/change-notes/released/0.6.2.md new file mode 100644 index 00000000000..777dd69688e --- /dev/null +++ b/javascript/ql/src/change-notes/released/0.6.2.md @@ -0,0 +1,19 @@ +## 0.6.2 + +### Major Analysis Improvements + +* Added taint sources from the `@actions/core` and `@actions/github` packages. +* Added command-injection sinks from the `@actions/exec` package. + +### Minor Analysis Improvements + +* The `js/indirect-command-line-injection` query no longer flags command arguments that cannot be interpreted as a shell string. +* The `js/unsafe-deserialization` query no longer flags deserialization through the `js-yaml` library, except + when it is used with an unsafe schema. +* The Forge module in `CryptoLibraries.qll` now correctly classifies SHA-512/224, + SHA-512/256, and SHA-512/384 hashes used in message digests as NonKeyCiphers. + +### Bug Fixes + +* Fixed a spurious diagnostic warning about comments in JSON files being illegal. + Comments in JSON files are in fact fully supported, and the diagnostic message was misleading. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 80fb0899f64..5501a2a1cc5 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.1 +lastReleaseVersion: 0.6.2 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 2c62c9e75d5..f64917ed51f 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.6.2-dev +version: 0.6.2 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 9621c2fa167..46787616efa 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.5.2 + +No user-facing changes. + ## 0.5.1 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/0.5.2.md b/misc/suite-helpers/change-notes/released/0.5.2.md new file mode 100644 index 00000000000..e94d1f4ad5b --- /dev/null +++ b/misc/suite-helpers/change-notes/released/0.5.2.md @@ -0,0 +1,3 @@ +## 0.5.2 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index 0bf7024c337..2d9d3f587f8 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.5.1 +lastReleaseVersion: 0.5.2 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index c5cf2398633..a66a845730d 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,3 +1,3 @@ name: codeql/suite-helpers -version: 0.5.2-dev +version: 0.5.2 groups: shared diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index b00d10f98d9..91f53df486b 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.9.2 + +### Minor Analysis Improvements + +* Type tracking is now aware of reads of captured variables (variables defined in an outer scope). This leads to a richer API graph, and may lead to more results in some queries. +* Added more content-flow/field-flow for dictionaries, by adding support for reads through `mydict.get("key")` and `mydict.setdefault("key", value)`, and store steps through `dict["key"] = value` and `mydict.setdefault("key", value)`. + ## 0.9.1 ### Minor Analysis Improvements diff --git a/python/ql/lib/change-notes/2023-03-16-typetracking-read-captured-variables.md b/python/ql/lib/change-notes/2023-03-16-typetracking-read-captured-variables.md deleted file mode 100644 index 6905a03c8e8..00000000000 --- a/python/ql/lib/change-notes/2023-03-16-typetracking-read-captured-variables.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Type tracking is now aware of reads of captured variables (variables defined in an outer scope). This leads to a richer API graph, and may lead to more results in some queries. diff --git a/python/ql/lib/change-notes/2022-11-15-dictionary-read-store-steps.md b/python/ql/lib/change-notes/released/0.9.2.md similarity index 51% rename from python/ql/lib/change-notes/2022-11-15-dictionary-read-store-steps.md rename to python/ql/lib/change-notes/released/0.9.2.md index 45b225bbb26..06149b0aac9 100644 --- a/python/ql/lib/change-notes/2022-11-15-dictionary-read-store-steps.md +++ b/python/ql/lib/change-notes/released/0.9.2.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.9.2 + +### Minor Analysis Improvements + +* Type tracking is now aware of reads of captured variables (variables defined in an outer scope). This leads to a richer API graph, and may lead to more results in some queries. * Added more content-flow/field-flow for dictionaries, by adding support for reads through `mydict.get("key")` and `mydict.setdefault("key", value)`, and store steps through `dict["key"] = value` and `mydict.setdefault("key", value)`. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 6789dcd18b7..e1eda519435 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.1 +lastReleaseVersion: 0.9.2 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 9948ffa5d7f..be1ec0efa99 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.9.2-dev +version: 0.9.2 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 36f736322c9..712de670fdc 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.2 + +No user-facing changes. + ## 0.7.1 No user-facing changes. diff --git a/python/ql/src/change-notes/released/0.7.2.md b/python/ql/src/change-notes/released/0.7.2.md new file mode 100644 index 00000000000..8693d609ec7 --- /dev/null +++ b/python/ql/src/change-notes/released/0.7.2.md @@ -0,0 +1,3 @@ +## 0.7.2 + +No user-facing changes. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index e007a9aec3e..fee171e9685 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.1 +lastReleaseVersion: 0.7.2 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 0d2839ec410..d399ced2ccd 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.7.2-dev +version: 0.7.2 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 2071494bb54..65eba10cc10 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.6.2 + +### Minor Analysis Improvements + +* Support for the `sqlite3` gem has been added. Method calls that execute queries against an SQLite3 database that may be vulnerable to injection attacks will now be recognized. + ## 0.6.1 No user-facing changes. diff --git a/ruby/ql/lib/change-notes/2023-05-03-sqlite3.md b/ruby/ql/lib/change-notes/released/0.6.2.md similarity index 80% rename from ruby/ql/lib/change-notes/2023-05-03-sqlite3.md rename to ruby/ql/lib/change-notes/released/0.6.2.md index 16af7f859e9..a1214bd6e68 100644 --- a/ruby/ql/lib/change-notes/2023-05-03-sqlite3.md +++ b/ruby/ql/lib/change-notes/released/0.6.2.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.6.2 + +### Minor Analysis Improvements + * Support for the `sqlite3` gem has been added. Method calls that execute queries against an SQLite3 database that may be vulnerable to injection attacks will now be recognized. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index 80fb0899f64..5501a2a1cc5 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.1 +lastReleaseVersion: 0.6.2 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index f25ce14aa24..7d01fb676db 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.6.2-dev +version: 0.6.2 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 20ece6388aa..7e2e0df8b38 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.6.2 + +No user-facing changes. + ## 0.6.1 No user-facing changes. diff --git a/ruby/ql/src/change-notes/released/0.6.2.md b/ruby/ql/src/change-notes/released/0.6.2.md new file mode 100644 index 00000000000..43f80640fc5 --- /dev/null +++ b/ruby/ql/src/change-notes/released/0.6.2.md @@ -0,0 +1,3 @@ +## 0.6.2 + +No user-facing changes. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index 80fb0899f64..5501a2a1cc5 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.1 +lastReleaseVersion: 0.6.2 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index b85dc0f5e4f..2ba1f5ae58f 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.6.2-dev +version: 0.6.2 groups: - ruby - queries diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 64199d2b5ca..cc83ed1e68c 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.13 + +No user-facing changes. + ## 0.0.12 No user-facing changes. diff --git a/shared/regex/change-notes/released/0.0.13.md b/shared/regex/change-notes/released/0.0.13.md new file mode 100644 index 00000000000..f679eaf0313 --- /dev/null +++ b/shared/regex/change-notes/released/0.0.13.md @@ -0,0 +1,3 @@ +## 0.0.13 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 997fb8da83c..044e54e4f7e 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.12 +lastReleaseVersion: 0.0.13 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index ef9519ead25..deb3ab1029b 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.0.13-dev +version: 0.0.13 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 52bdc7e1442..5e42000c1d1 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.17 + +No user-facing changes. + ## 0.0.16 No user-facing changes. diff --git a/shared/ssa/change-notes/released/0.0.17.md b/shared/ssa/change-notes/released/0.0.17.md new file mode 100644 index 00000000000..62cc89030a6 --- /dev/null +++ b/shared/ssa/change-notes/released/0.0.17.md @@ -0,0 +1,3 @@ +## 0.0.17 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index a49f7be4cff..cbc3d3cd493 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.16 +lastReleaseVersion: 0.0.17 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 4bb3d04e800..2200a923da4 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.0.17-dev +version: 0.0.17 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 1e8bd30fccd..02876619527 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.10 + +No user-facing changes. + ## 0.0.9 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/0.0.10.md b/shared/tutorial/change-notes/released/0.0.10.md new file mode 100644 index 00000000000..22391080fd4 --- /dev/null +++ b/shared/tutorial/change-notes/released/0.0.10.md @@ -0,0 +1,3 @@ +## 0.0.10 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index ecdd64fbab8..b740014e5ae 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 37c2fca38b4..dafd176c023 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,6 +1,6 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.0.10-dev +version: 0.0.10 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index 77af08547b4..c8729dc39f8 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.10 + +No user-facing changes. + ## 0.0.9 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/0.0.10.md b/shared/typetracking/change-notes/released/0.0.10.md new file mode 100644 index 00000000000..22391080fd4 --- /dev/null +++ b/shared/typetracking/change-notes/released/0.0.10.md @@ -0,0 +1,3 @@ +## 0.0.10 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index ecdd64fbab8..b740014e5ae 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 499f5cc4d34..697964c9078 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.0.10-dev +version: 0.0.10 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 600b6f93329..472d0ef41a5 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.17 + +No user-facing changes. + ## 0.0.16 No user-facing changes. diff --git a/shared/typos/change-notes/released/0.0.17.md b/shared/typos/change-notes/released/0.0.17.md new file mode 100644 index 00000000000..62cc89030a6 --- /dev/null +++ b/shared/typos/change-notes/released/0.0.17.md @@ -0,0 +1,3 @@ +## 0.0.17 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index a49f7be4cff..cbc3d3cd493 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.16 +lastReleaseVersion: 0.0.17 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 6d0b76e1ce5..41595203b56 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.0.17-dev +version: 0.0.17 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index aad25b929dc..99aa576343d 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.10 + +No user-facing changes. + ## 0.0.9 No user-facing changes. diff --git a/shared/util/change-notes/released/0.0.10.md b/shared/util/change-notes/released/0.0.10.md new file mode 100644 index 00000000000..22391080fd4 --- /dev/null +++ b/shared/util/change-notes/released/0.0.10.md @@ -0,0 +1,3 @@ +## 0.0.10 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index ecdd64fbab8..b740014e5ae 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 8ff9a0efdb6..b6a5d413250 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 0.0.10-dev +version: 0.0.10 groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index 9e8194d5e01..9119d5fc839 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.2 + +No user-facing changes. + ## 0.0.1 ### Minor Analysis Improvements diff --git a/shared/yaml/change-notes/released/0.0.2.md b/shared/yaml/change-notes/released/0.0.2.md new file mode 100644 index 00000000000..5ab250998ed --- /dev/null +++ b/shared/yaml/change-notes/released/0.0.2.md @@ -0,0 +1,3 @@ +## 0.0.2 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index c6933410b71..55dc06fbd76 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.1 +lastReleaseVersion: 0.0.2 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 75a796f2ba3..5f61beb0f39 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.0.2-dev +version: 0.0.2 groups: shared library: true warnOnImplicitThis: true From abcece88f57c2069a92f5d75ba33d5734db7ce1f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 23 May 2023 00:16:20 +0000 Subject: [PATCH 557/870] Add changed framework coverage reports --- java/documentation/library-coverage/coverage.csv | 1 + java/documentation/library-coverage/coverage.rst | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/java/documentation/library-coverage/coverage.csv b/java/documentation/library-coverage/coverage.csv index 227bbaa65c3..4ccb2163679 100644 --- a/java/documentation/library-coverage/coverage.csv +++ b/java/documentation/library-coverage/coverage.csv @@ -32,6 +32,7 @@ flexjson,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1 freemarker.cache,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,, freemarker.template,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,,, groovy.lang,26,,,,,,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +groovy.text,1,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, groovy.util,5,,,,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, hudson,44,,16,,19,,,,,,,,,,,,,6,,17,,,,,,,,,,,,2,,,,,,,,16, io.jsonwebtoken,,2,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,4, diff --git a/java/documentation/library-coverage/coverage.rst b/java/documentation/library-coverage/coverage.rst index 2aa38591d6f..498476cbb97 100644 --- a/java/documentation/library-coverage/coverage.rst +++ b/java/documentation/library-coverage/coverage.rst @@ -22,6 +22,6 @@ Java framework & library support Java extensions,"``javax.*``, ``jakarta.*``",63,611,34,1,4,,1,1,2 Kotlin Standard Library,``kotlin*``,,1843,16,11,,,,,2 `Spring `_,``org.springframework.*``,29,483,113,2,,28,14,,29 - Others,"``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.hubspot.jinjava``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.thoughtworks.xstream``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jodd.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.geogebra.web.full.main``, ``org.hibernate``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",89,827,515,26,,18,18,,181 - Totals,,246,9119,1966,174,10,122,33,1,361 + Others,"``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.hubspot.jinjava``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.thoughtworks.xstream``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jodd.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.geogebra.web.full.main``, ``org.hibernate``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",89,827,516,26,,18,18,,181 + Totals,,246,9119,1967,174,10,122,33,1,361 From 36285ba2c5ef6e1667a69cffcd9da84f17da8f07 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 22 May 2023 17:39:43 -0700 Subject: [PATCH 558/870] C++: Fix pointer/pointee conflation. --- .../code/cpp/ir/dataflow/internal/DataFlowPrivate.qll | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index efd33b82a89..cc8d0cdbe94 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -210,8 +210,8 @@ class IndirectOperand extends Node { this.(RawIndirectOperand).getOperand() = operand and this.(RawIndirectOperand).getIndirectionIndex() = indirectionIndex or - this.(OperandNode).getOperand() = - Ssa::getIRRepresentationOfIndirectOperand(operand, indirectionIndex) + nodeHasOperand(this, Ssa::getIRRepresentationOfIndirectOperand(operand, indirectionIndex), + indirectionIndex - 1) } /** Gets the underlying operand. */ @@ -250,8 +250,8 @@ class IndirectInstruction extends Node { this.(RawIndirectInstruction).getInstruction() = instr and this.(RawIndirectInstruction).getIndirectionIndex() = indirectionIndex or - this.(InstructionNode).getInstruction() = - Ssa::getIRRepresentationOfIndirectInstruction(instr, indirectionIndex) + nodeHasInstruction(this, Ssa::getIRRepresentationOfIndirectInstruction(instr, indirectionIndex), + indirectionIndex - 1) } /** Gets the underlying instruction. */ From b32d55a21de144e0fe3840b159d68fd81754d5a3 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 22 May 2023 17:39:50 -0700 Subject: [PATCH 559/870] C++: Accept test changes. --- .../InvalidPointerDeref.expected | 28 ------------------- .../CWE/CWE-193/pointer-deref/test.cpp | 6 ++-- .../dataflow/taint-tests/localTaint.expected | 20 ++++++------- .../dataflow/taint-tests/vector.cpp | 15 +++------- .../MemoryFreed/UseAfterFree.expected | 5 ---- 5 files changed, 17 insertions(+), 57 deletions(-) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected index 4ef8b163372..6da1913cfa2 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected @@ -654,30 +654,6 @@ edges | test.cpp:308:5:308:6 | xs | test.cpp:308:5:308:11 | access to array | | test.cpp:308:5:308:11 | access to array | test.cpp:308:5:308:29 | Store: ... = ... | | test.cpp:313:16:313:29 | new[] | test.cpp:314:17:314:18 | xs | -| test.cpp:314:17:314:18 | xs | test.cpp:314:17:314:25 | ... + ... | -| test.cpp:314:17:314:18 | xs | test.cpp:314:17:314:25 | ... + ... | -| test.cpp:314:17:314:18 | xs | test.cpp:318:13:318:20 | * ... | -| test.cpp:314:17:314:25 | ... + ... | test.cpp:318:14:318:20 | current | -| test.cpp:314:17:314:25 | ... + ... | test.cpp:318:14:318:20 | current | -| test.cpp:314:17:314:25 | ... + ... | test.cpp:320:13:320:20 | * ... | -| test.cpp:314:17:314:25 | ... + ... | test.cpp:320:13:320:20 | * ... | -| test.cpp:314:17:314:25 | ... + ... | test.cpp:320:14:320:20 | current | -| test.cpp:314:17:314:25 | ... + ... | test.cpp:320:14:320:20 | current | -| test.cpp:318:13:318:20 | * ... | test.cpp:318:14:318:20 | current | -| test.cpp:318:13:318:20 | * ... | test.cpp:320:13:320:20 | * ... | -| test.cpp:318:13:318:20 | * ... | test.cpp:320:14:320:20 | current | -| test.cpp:318:14:318:20 | current | test.cpp:314:17:314:25 | Store: ... + ... | -| test.cpp:318:14:318:20 | current | test.cpp:318:13:318:20 | Load: * ... | -| test.cpp:318:14:318:20 | current | test.cpp:320:10:320:21 | Store: -- ... | -| test.cpp:318:14:318:20 | current | test.cpp:320:12:320:21 | Load: (...) | -| test.cpp:320:13:320:20 | * ... | test.cpp:314:17:314:25 | Store: ... + ... | -| test.cpp:320:13:320:20 | * ... | test.cpp:318:13:318:20 | Load: * ... | -| test.cpp:320:13:320:20 | * ... | test.cpp:320:10:320:21 | Store: -- ... | -| test.cpp:320:13:320:20 | * ... | test.cpp:320:12:320:21 | Load: (...) | -| test.cpp:320:14:320:20 | current | test.cpp:314:17:314:25 | Store: ... + ... | -| test.cpp:320:14:320:20 | current | test.cpp:318:13:318:20 | Load: * ... | -| test.cpp:320:14:320:20 | current | test.cpp:320:10:320:21 | Store: -- ... | -| test.cpp:320:14:320:20 | current | test.cpp:320:12:320:21 | Load: (...) | subpaths #select | test.cpp:6:14:6:15 | Load: * ... | test.cpp:4:15:4:20 | call to malloc | test.cpp:6:14:6:15 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:4:15:4:20 | call to malloc | call to malloc | test.cpp:5:19:5:22 | size | size | @@ -703,7 +679,3 @@ subpaths | test.cpp:264:13:264:14 | Load: * ... | test.cpp:260:13:260:24 | new[] | test.cpp:264:13:264:14 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:260:13:260:24 | new[] | new[] | test.cpp:261:19:261:21 | len | len | | test.cpp:274:5:274:10 | Store: ... = ... | test.cpp:270:13:270:24 | new[] | test.cpp:274:5:274:10 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:270:13:270:24 | new[] | new[] | test.cpp:271:19:271:21 | len | len | | test.cpp:308:5:308:29 | Store: ... = ... | test.cpp:304:15:304:26 | new[] | test.cpp:308:5:308:29 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:304:15:304:26 | new[] | new[] | test.cpp:308:8:308:10 | ... + ... | ... + ... | -| test.cpp:314:17:314:25 | Store: ... + ... | test.cpp:313:16:313:29 | new[] | test.cpp:314:17:314:25 | Store: ... + ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:313:16:313:29 | new[] | new[] | test.cpp:314:22:314:25 | size | size | -| test.cpp:318:13:318:20 | Load: * ... | test.cpp:313:16:313:29 | new[] | test.cpp:318:13:318:20 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:313:16:313:29 | new[] | new[] | test.cpp:314:22:314:25 | size | size | -| test.cpp:320:10:320:21 | Store: -- ... | test.cpp:313:16:313:29 | new[] | test.cpp:320:10:320:21 | Store: -- ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:313:16:313:29 | new[] | new[] | test.cpp:314:22:314:25 | size | size | -| test.cpp:320:12:320:21 | Load: (...) | test.cpp:313:16:313:29 | new[] | test.cpp:320:12:320:21 | Load: (...) | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:313:16:313:29 | new[] | new[] | test.cpp:314:22:314:25 | size | size | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp index 05ae4a2ac57..54fa131f232 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp @@ -311,13 +311,13 @@ void test21() { void test22(unsigned size, int val) { char *xs = new char[size]; - char *end = xs + size; // GOOD [FALSE POSITIVE] + char *end = xs + size; // GOOD char **current = &end; do { - if( *current - xs < 1 ) // GOOD [FALSE POSITIVE] + if( *current - xs < 1 ) // GOOD return; - *--(*current) = 0; // GOOD [FALSE POSITIVE] + *--(*current) = 0; // GOOD val >>= 8; } while( val > 0 ); diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected index 85fc3526dc7..907cccd197b 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected @@ -8090,20 +8090,20 @@ | vector.cpp:520:25:520:31 | call to vector | vector.cpp:523:8:523:9 | vs | | | vector.cpp:520:25:520:31 | call to vector | vector.cpp:524:8:524:9 | vs | | | vector.cpp:520:25:520:31 | call to vector | vector.cpp:526:8:526:9 | vs | | -| vector.cpp:520:25:520:31 | call to vector | vector.cpp:539:8:539:9 | vs | | -| vector.cpp:520:25:520:31 | call to vector | vector.cpp:540:2:540:2 | vs | | +| vector.cpp:520:25:520:31 | call to vector | vector.cpp:532:8:532:9 | vs | | +| vector.cpp:520:25:520:31 | call to vector | vector.cpp:533:2:533:2 | vs | | | vector.cpp:520:30:520:30 | 0 | vector.cpp:520:25:520:31 | call to vector | TAINT | | vector.cpp:523:8:523:9 | ref arg vs | vector.cpp:524:8:524:9 | vs | | | vector.cpp:523:8:523:9 | ref arg vs | vector.cpp:526:8:526:9 | vs | | -| vector.cpp:523:8:523:9 | ref arg vs | vector.cpp:539:8:539:9 | vs | | -| vector.cpp:523:8:523:9 | ref arg vs | vector.cpp:540:2:540:2 | vs | | +| vector.cpp:523:8:523:9 | ref arg vs | vector.cpp:532:8:532:9 | vs | | +| vector.cpp:523:8:523:9 | ref arg vs | vector.cpp:533:2:533:2 | vs | | | vector.cpp:523:8:523:9 | vs | vector.cpp:523:10:523:10 | call to operator[] | TAINT | | vector.cpp:524:8:524:9 | ref arg vs | vector.cpp:526:8:526:9 | vs | | -| vector.cpp:524:8:524:9 | ref arg vs | vector.cpp:539:8:539:9 | vs | | -| vector.cpp:524:8:524:9 | ref arg vs | vector.cpp:540:2:540:2 | vs | | +| vector.cpp:524:8:524:9 | ref arg vs | vector.cpp:532:8:532:9 | vs | | +| vector.cpp:524:8:524:9 | ref arg vs | vector.cpp:533:2:533:2 | vs | | | vector.cpp:524:8:524:9 | vs | vector.cpp:524:10:524:10 | call to operator[] | TAINT | -| vector.cpp:526:8:526:9 | ref arg vs | vector.cpp:539:8:539:9 | vs | | -| vector.cpp:526:8:526:9 | ref arg vs | vector.cpp:540:2:540:2 | vs | | +| vector.cpp:526:8:526:9 | ref arg vs | vector.cpp:532:8:532:9 | vs | | +| vector.cpp:526:8:526:9 | ref arg vs | vector.cpp:533:2:533:2 | vs | | | vector.cpp:526:8:526:9 | vs | vector.cpp:526:11:526:15 | call to begin | TAINT | | vector.cpp:526:11:526:15 | call to begin | vector.cpp:526:3:526:17 | ... = ... | | | vector.cpp:526:11:526:15 | call to begin | vector.cpp:527:9:527:10 | it | | @@ -8128,5 +8128,5 @@ | vector.cpp:530:3:530:4 | ref arg it | vector.cpp:531:9:531:10 | it | | | vector.cpp:530:9:530:14 | call to source | vector.cpp:530:3:530:4 | ref arg it | TAINT | | vector.cpp:531:9:531:10 | it | vector.cpp:531:8:531:8 | call to operator* | TAINT | -| vector.cpp:539:8:539:9 | ref arg vs | vector.cpp:540:2:540:2 | vs | | -| vector.cpp:539:8:539:9 | vs | vector.cpp:539:10:539:10 | call to operator[] | TAINT | +| vector.cpp:532:8:532:9 | ref arg vs | vector.cpp:533:2:533:2 | vs | | +| vector.cpp:532:8:532:9 | vs | vector.cpp:532:10:532:10 | call to operator[] | TAINT | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp index 19824641560..a26ac8f0513 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp @@ -523,19 +523,12 @@ void test_vector_iterator() { sink(vs[1]); sink(vs[source()]); // $ MISSING: ast,ir - it = vs.begin(); // (1) + it = vs.begin(); sink(*it); it += 1; sink(*it); - it += source(); // (2) - sink(*it); // $ ast,ir // (3) - // This FP happens because of the following flows: - // 1. There's a write to the iterator at (2) - // 2. This write propagates to `it` on the next line at (3) - // 3. There's a taint step from `it` to `*it` at (3) - // 4. The `*it` is seen as a use of `vs` because of (1). - // 5. There's use-use flow from `*it` at (3) (which is a use of `vs`) to `vs` at (4) - // 6. There's a taint step from vs to vs[1] - sink(vs[1]); // $ SPURIOUS: ir // (4) + it += source(); + sink(*it); // $ ast,ir + sink(vs[1]); // clean } } diff --git a/cpp/ql/test/query-tests/Critical/MemoryFreed/UseAfterFree.expected b/cpp/ql/test/query-tests/Critical/MemoryFreed/UseAfterFree.expected index 54bad8e6cbc..16e74b982c1 100644 --- a/cpp/ql/test/query-tests/Critical/MemoryFreed/UseAfterFree.expected +++ b/cpp/ql/test/query-tests/Critical/MemoryFreed/UseAfterFree.expected @@ -23,8 +23,6 @@ edges | test_free.cpp:239:14:239:15 | * ... | test_free.cpp:241:9:241:10 | * ... | | test_free.cpp:239:14:239:15 | * ... | test_free.cpp:241:9:241:10 | * ... | | test_free.cpp:239:14:239:15 | * ... | test_free.cpp:241:9:241:10 | * ... | -| test_free.cpp:239:14:239:15 | * ... | test_free.cpp:241:10:241:10 | b | -| test_free.cpp:239:14:239:15 | * ... | test_free.cpp:241:10:241:10 | b | | test_free.cpp:245:10:245:11 | * ... | test_free.cpp:246:9:246:10 | * ... | | test_free.cpp:245:10:245:11 | * ... | test_free.cpp:246:9:246:10 | * ... | | test_free.cpp:245:10:245:11 | * ... | test_free.cpp:246:9:246:10 | * ... | @@ -61,7 +59,6 @@ nodes | test_free.cpp:239:14:239:15 | * ... | semmle.label | * ... | | test_free.cpp:241:9:241:10 | * ... | semmle.label | * ... | | test_free.cpp:241:9:241:10 | * ... | semmle.label | * ... | -| test_free.cpp:241:10:241:10 | b | semmle.label | b | | test_free.cpp:245:10:245:11 | * ... | semmle.label | * ... | | test_free.cpp:245:10:245:11 | * ... | semmle.label | * ... | | test_free.cpp:246:9:246:10 | * ... | semmle.label | * ... | @@ -92,8 +89,6 @@ subpaths | test_free.cpp:241:9:241:10 | * ... | test_free.cpp:239:14:239:15 | * ... | test_free.cpp:241:9:241:10 | * ... | Memory may have been previously freed by $@. | test_free.cpp:239:9:239:12 | call to free | call to free | | test_free.cpp:241:9:241:10 | * ... | test_free.cpp:239:14:239:15 | * ... | test_free.cpp:241:9:241:10 | * ... | Memory may have been previously freed by $@. | test_free.cpp:239:9:239:12 | call to free | call to free | | test_free.cpp:241:9:241:10 | * ... | test_free.cpp:239:14:239:15 | * ... | test_free.cpp:241:9:241:10 | * ... | Memory may have been previously freed by $@. | test_free.cpp:239:9:239:12 | call to free | call to free | -| test_free.cpp:241:10:241:10 | b | test_free.cpp:239:14:239:15 | * ... | test_free.cpp:241:10:241:10 | b | Memory may have been previously freed by $@. | test_free.cpp:239:9:239:12 | call to free | call to free | -| test_free.cpp:241:10:241:10 | b | test_free.cpp:239:14:239:15 | * ... | test_free.cpp:241:10:241:10 | b | Memory may have been previously freed by $@. | test_free.cpp:239:9:239:12 | call to free | call to free | | test_free.cpp:246:9:246:10 | * ... | test_free.cpp:245:10:245:11 | * ... | test_free.cpp:246:9:246:10 | * ... | Memory may have been previously freed by $@. | test_free.cpp:245:5:245:8 | call to free | call to free | | test_free.cpp:246:9:246:10 | * ... | test_free.cpp:245:10:245:11 | * ... | test_free.cpp:246:9:246:10 | * ... | Memory may have been previously freed by $@. | test_free.cpp:245:5:245:8 | call to free | call to free | | test_free.cpp:246:9:246:10 | * ... | test_free.cpp:245:10:245:11 | * ... | test_free.cpp:246:9:246:10 | * ... | Memory may have been previously freed by $@. | test_free.cpp:245:5:245:8 | call to free | call to free | From 3a39e8badf4fce64fdefec85abd49cb0161a479c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 May 2023 04:14:09 +0000 Subject: [PATCH 560/870] Bump regex from 1.8.1 to 1.8.2 in /ql Bumps [regex](https://github.com/rust-lang/regex) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/rust-lang/regex/releases) - [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-lang/regex/compare/1.8.1...1.8.2) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- ql/Cargo.lock | Bin 31985 -> 31985 bytes ql/buramu/Cargo.toml | 2 +- ql/extractor/Cargo.toml | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ql/Cargo.lock b/ql/Cargo.lock index 8a6de476fd948a4ea112788a5b0fb05e15c739c9..63ec8ecbf507735379c75418e32714030efc516a 100644 GIT binary patch delta 174 zcmWNKyA8rH5I~iN9w9-&3?QE`KKs&u__eTt&%SgF16~9v1zWHKBSfM}hnrVDy*EzH zI5n^9@$tOvGDOGXa!~eJ6_J>v2TV?4h!PyOkc_cxZ7^?) G($OFJk~NwD delta 178 zcmWN`v5i783;<9C1PdU6M8O0I*>UXr(13uumb(%B<7A;M0-|6F*ntr!DCpp|@A-Dm zw>us8?Y8*aYVD{9#!7@aixzLnAy5|ZR+Ybxg)w^cmP`DxhhC%z=cIa(hf> Im+S9ZK9k`!ga7~l diff --git a/ql/buramu/Cargo.toml b/ql/buramu/Cargo.toml index 48fa148872c..5c6d79d7305 100644 --- a/ql/buramu/Cargo.toml +++ b/ql/buramu/Cargo.toml @@ -9,4 +9,4 @@ edition = "2018" lazy_static = "1.4.0" chrono = "0.4.24" rayon = "1.7.0" -regex = "1.8.1" +regex = "1.8.2" diff --git a/ql/extractor/Cargo.toml b/ql/extractor/Cargo.toml index 440b9434d34..dfcdaf5ecbf 100644 --- a/ql/extractor/Cargo.toml +++ b/ql/extractor/Cargo.toml @@ -17,5 +17,5 @@ clap = { version = "4.2", features = ["derive"] } tracing = "0.1" tracing-subscriber = { version = "0.3.17", features = ["env-filter"] } rayon = "1.7.0" -regex = "1.8.1" +regex = "1.8.2" codeql-extractor = { path = "../../shared/tree-sitter-extractor" } From c9c1f08de7601c00892ff865217fcca1a2729a61 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 23 May 2023 08:36:49 +0200 Subject: [PATCH 561/870] Swift: mark downgrade as backwards compatible --- .../44e36e15e90bc1535964d9b86b3cd06a8b0d26e3/upgrade.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/swift/downgrades/44e36e15e90bc1535964d9b86b3cd06a8b0d26e3/upgrade.properties b/swift/downgrades/44e36e15e90bc1535964d9b86b3cd06a8b0d26e3/upgrade.properties index 2a0d022be0c..24d1f9b8e02 100644 --- a/swift/downgrades/44e36e15e90bc1535964d9b86b3cd06a8b0d26e3/upgrade.properties +++ b/swift/downgrades/44e36e15e90bc1535964d9b86b3cd06a8b0d26e3/upgrade.properties @@ -1,2 +1,2 @@ description: Revert removing `getInterpolationCountExpr` and `getLiteralCapacityExpr` from `InterpolatedStringLiteralExpr` -compatibility: full +compatibility: backwards From 7a9820cc1bc00e12edfd44b21eb912e585278d5d Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 9 May 2023 14:41:56 +0200 Subject: [PATCH 562/870] C#: Convert Entity Framework summaries for DbSet into MaD models. --- .../Microsoft.EntityFrameworkCore.model.yml | 13 ++++++++++ .../ql/lib/ext/System.Data.Entity.model.yml | 13 ++++++++++ .../csharp/frameworks/EntityFramework.qll | 25 ------------------- 3 files changed, 26 insertions(+), 25 deletions(-) diff --git a/csharp/ql/lib/ext/Microsoft.EntityFrameworkCore.model.yml b/csharp/ql/lib/ext/Microsoft.EntityFrameworkCore.model.yml index 3928adf0624..24862dd962f 100644 --- a/csharp/ql/lib/ext/Microsoft.EntityFrameworkCore.model.yml +++ b/csharp/ql/lib/ext/Microsoft.EntityFrameworkCore.model.yml @@ -1,4 +1,17 @@ extensions: + - addsTo: + pack: codeql/csharp-all + extensible: summaryModel + data: + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "Add", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddAsync", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddRange", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"] + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddRangeAsync", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"] + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "Attach", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AttachRange", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"] + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "Update", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "UpdateRange", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"] + - addsTo: pack: codeql/csharp-all extensible: sinkModel diff --git a/csharp/ql/lib/ext/System.Data.Entity.model.yml b/csharp/ql/lib/ext/System.Data.Entity.model.yml index 36eccd9b38d..5b4af692526 100644 --- a/csharp/ql/lib/ext/System.Data.Entity.model.yml +++ b/csharp/ql/lib/ext/System.Data.Entity.model.yml @@ -1,4 +1,17 @@ extensions: + - addsTo: + pack: codeql/csharp-all + extensible: summaryModel + data: + - ["System.Data.Entity", "DbSet<>", False, "Add", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] + - ["System.Data.Entity", "DbSet<>", False, "AddAsync", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] + - ["System.Data.Entity", "DbSet<>", False, "AddRange", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"] + - ["System.Data.Entity", "DbSet<>", False, "AddRangeAsync", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"] + - ["System.Data.Entity", "DbSet<>", False, "Attach", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] + - ["System.Data.Entity", "DbSet<>", False, "AttachRange", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"] + - ["System.Data.Entity", "DbSet<>", False, "Update", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] + - ["System.Data.Entity", "DbSet<>", False, "UpdateRange", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"] + - addsTo: pack: codeql/csharp-all extensible: sinkModel diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/EntityFramework.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/EntityFramework.qll index 5f781a0407a..e0dfc0d542d 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/EntityFramework.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/EntityFramework.qll @@ -88,31 +88,6 @@ module EntityFramework { EFSummarizedCallable() { any() } } - private class DbSetAddOrUpdateRequiredSummaryComponentStack extends RequiredSummaryComponentStack { - override predicate required(SummaryComponent head, SummaryComponentStack tail) { - head = SummaryComponent::element() and - tail = SummaryComponentStack::argument([-1, 0]) - } - } - - private class DbSetAddOrUpdate extends EFSummarizedCallable { - private boolean range; - - DbSetAddOrUpdate() { this = any(DbSet c).getAnAddOrUpdateMethod(range) } - - override predicate propagatesFlow( - SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue - ) { - ( - if range = true - then input = SummaryComponentStack::elementOf(SummaryComponentStack::argument(0)) - else input = SummaryComponentStack::argument(0) - ) and - output = SummaryComponentStack::elementOf(SummaryComponentStack::qualifier()) and - preservesValue = true - } - } - /** The class `Microsoft.EntityFrameworkCore.DbQuery<>` or `System.Data.Entity.DbQuery<>`. */ class DbQuery extends EFClass, UnboundGenericClass { DbQuery() { this.hasName("DbQuery<>") } From 455e3e569ca745dabfa68459f863f2ea628435f2 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 9 May 2023 14:53:47 +0200 Subject: [PATCH 563/870] C#: Update expected test output (the summaries are no longer added via EFSummariedCallable). --- .../EntityFramework/FlowSummaries.expected | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.expected b/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.expected index 2d5a35839fb..17380ffad90 100644 --- a/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.expected +++ b/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.expected @@ -57,14 +57,6 @@ summary | Microsoft.EntityFrameworkCore;DbContext;false;SaveChangesAsync;();;Argument[this].Property[EFCoreTests.MyContext.Persons].Element.Property[EFCoreTests.Person.Id];ReturnValue[jump to get_Persons].Element.Property[EFCoreTests.Person.Id];value;manual | | Microsoft.EntityFrameworkCore;DbContext;false;SaveChangesAsync;();;Argument[this].Property[EFCoreTests.MyContext.Persons].Element.Property[EFCoreTests.Person.Name];ReturnValue[jump to get_PersonAddresses].Element.Property[EFCoreTests.PersonAddressMap.Person].Property[EFCoreTests.Person.Name];value;manual | | Microsoft.EntityFrameworkCore;DbContext;false;SaveChangesAsync;();;Argument[this].Property[EFCoreTests.MyContext.Persons].Element.Property[EFCoreTests.Person.Name];ReturnValue[jump to get_Persons].Element.Property[EFCoreTests.Person.Name];value;manual | -| Microsoft.EntityFrameworkCore;DbSet<>;false;Add;(T);;Argument[0];Argument[this].Element;value;manual | -| Microsoft.EntityFrameworkCore;DbSet<>;false;AddAsync;(T);;Argument[0];Argument[this].Element;value;manual | -| Microsoft.EntityFrameworkCore;DbSet<>;false;AddRange;(System.Collections.Generic.IEnumerable);;Argument[0].Element;Argument[this].Element;value;manual | -| Microsoft.EntityFrameworkCore;DbSet<>;false;AddRangeAsync;(System.Collections.Generic.IEnumerable);;Argument[0].Element;Argument[this].Element;value;manual | -| Microsoft.EntityFrameworkCore;DbSet<>;false;Attach;(T);;Argument[0];Argument[this].Element;value;manual | -| Microsoft.EntityFrameworkCore;DbSet<>;false;AttachRange;(System.Collections.Generic.IEnumerable);;Argument[0].Element;Argument[this].Element;value;manual | -| Microsoft.EntityFrameworkCore;DbSet<>;false;Update;(T);;Argument[0];Argument[this].Element;value;manual | -| Microsoft.EntityFrameworkCore;DbSet<>;false;UpdateRange;(System.Collections.Generic.IEnumerable);;Argument[0].Element;Argument[this].Element;value;manual | | System.Data.Entity;DbContext;false;SaveChanges;();;Argument[this].Property[EFTests.MyContext.Addresses].Element.Property[EFTests.Address.Id];ReturnValue[jump to get_Addresses].Element.Property[EFTests.Address.Id];value;manual | | System.Data.Entity;DbContext;false;SaveChanges;();;Argument[this].Property[EFTests.MyContext.Addresses].Element.Property[EFTests.Address.Id];ReturnValue[jump to get_PersonAddresses].Element.Property[EFTests.PersonAddressMap.Address].Property[EFTests.Address.Id];value;manual | | System.Data.Entity;DbContext;false;SaveChanges;();;Argument[this].Property[EFTests.MyContext.Addresses].Element.Property[EFTests.Address.Id];ReturnValue[jump to get_Persons].Element.Property[EFTests.Person.Addresses].Element.Property[EFTests.Address.Id];value;manual | @@ -123,14 +115,6 @@ summary | System.Data.Entity;DbContext;false;SaveChangesAsync;();;Argument[this].Property[EFTests.MyContext.Persons].Element.Property[EFTests.Person.Id];ReturnValue[jump to get_Persons].Element.Property[EFTests.Person.Id];value;manual | | System.Data.Entity;DbContext;false;SaveChangesAsync;();;Argument[this].Property[EFTests.MyContext.Persons].Element.Property[EFTests.Person.Name];ReturnValue[jump to get_PersonAddresses].Element.Property[EFTests.PersonAddressMap.Person].Property[EFTests.Person.Name];value;manual | | System.Data.Entity;DbContext;false;SaveChangesAsync;();;Argument[this].Property[EFTests.MyContext.Persons].Element.Property[EFTests.Person.Name];ReturnValue[jump to get_Persons].Element.Property[EFTests.Person.Name];value;manual | -| System.Data.Entity;DbSet<>;false;Add;(T);;Argument[0];Argument[this].Element;value;manual | -| System.Data.Entity;DbSet<>;false;AddAsync;(T);;Argument[0];Argument[this].Element;value;manual | -| System.Data.Entity;DbSet<>;false;AddRange;(System.Collections.Generic.IEnumerable);;Argument[0].Element;Argument[this].Element;value;manual | -| System.Data.Entity;DbSet<>;false;AddRangeAsync;(System.Collections.Generic.IEnumerable);;Argument[0].Element;Argument[this].Element;value;manual | -| System.Data.Entity;DbSet<>;false;Attach;(T);;Argument[0];Argument[this].Element;value;manual | -| System.Data.Entity;DbSet<>;false;AttachRange;(System.Collections.Generic.IEnumerable);;Argument[0].Element;Argument[this].Element;value;manual | -| System.Data.Entity;DbSet<>;false;Update;(T);;Argument[0];Argument[this].Element;value;manual | -| System.Data.Entity;DbSet<>;false;UpdateRange;(System.Collections.Generic.IEnumerable);;Argument[0].Element;Argument[this].Element;value;manual | neutral sourceNode sinkNode From b4481f25a90836a17f785b60aab0a93e5d81a868 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 17 May 2023 16:37:59 +0200 Subject: [PATCH 564/870] C#: Re-write some of the summaries to use .WithElement. --- csharp/ql/lib/ext/Microsoft.EntityFrameworkCore.model.yml | 8 ++++---- csharp/ql/lib/ext/System.Data.Entity.model.yml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/csharp/ql/lib/ext/Microsoft.EntityFrameworkCore.model.yml b/csharp/ql/lib/ext/Microsoft.EntityFrameworkCore.model.yml index 24862dd962f..4d6183ba25b 100644 --- a/csharp/ql/lib/ext/Microsoft.EntityFrameworkCore.model.yml +++ b/csharp/ql/lib/ext/Microsoft.EntityFrameworkCore.model.yml @@ -5,12 +5,12 @@ extensions: data: - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "Add", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddAsync", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddRange", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"] - - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddRangeAsync", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"] + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddRange", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddRangeAsync", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "Attach", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AttachRange", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"] + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AttachRange", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "Update", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "UpdateRange", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"] + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "UpdateRange", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] - addsTo: pack: codeql/csharp-all diff --git a/csharp/ql/lib/ext/System.Data.Entity.model.yml b/csharp/ql/lib/ext/System.Data.Entity.model.yml index 5b4af692526..6e7869658d7 100644 --- a/csharp/ql/lib/ext/System.Data.Entity.model.yml +++ b/csharp/ql/lib/ext/System.Data.Entity.model.yml @@ -5,12 +5,12 @@ extensions: data: - ["System.Data.Entity", "DbSet<>", False, "Add", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - ["System.Data.Entity", "DbSet<>", False, "AddAsync", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - - ["System.Data.Entity", "DbSet<>", False, "AddRange", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"] - - ["System.Data.Entity", "DbSet<>", False, "AddRangeAsync", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"] + - ["System.Data.Entity", "DbSet<>", False, "AddRange", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] + - ["System.Data.Entity", "DbSet<>", False, "AddRangeAsync", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] - ["System.Data.Entity", "DbSet<>", False, "Attach", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - - ["System.Data.Entity", "DbSet<>", False, "AttachRange", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"] + - ["System.Data.Entity", "DbSet<>", False, "AttachRange", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] - ["System.Data.Entity", "DbSet<>", False, "Update", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - - ["System.Data.Entity", "DbSet<>", False, "UpdateRange", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"] + - ["System.Data.Entity", "DbSet<>", False, "UpdateRange", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] - addsTo: pack: codeql/csharp-all From 36147e7afc27cf6cbfb72aa60a4fb62b90d036b8 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Thu, 11 May 2023 13:47:58 +0200 Subject: [PATCH 565/870] revert the better super-linear algorith, --- .../regex/nfa/SuperlinearBackTracking.qll | 407 +++++++----------- 1 file changed, 159 insertions(+), 248 deletions(-) diff --git a/shared/regex/codeql/regex/nfa/SuperlinearBackTracking.qll b/shared/regex/codeql/regex/nfa/SuperlinearBackTracking.qll index 3f16431e165..d06170502b4 100644 --- a/shared/regex/codeql/regex/nfa/SuperlinearBackTracking.qll +++ b/shared/regex/codeql/regex/nfa/SuperlinearBackTracking.qll @@ -9,16 +9,16 @@ * Theorem 3 from the paper describes the basic idea. * * The following explains the idea using variables and predicate names that are used in the implementation: - * We consider a pair of repetitions, which we will call `pivot` and `pumpEnd`. + * We consider a pair of repetitions, which we will call `pivot` and `succ`. * * We create a product automaton of 3-tuples of states (see `StateTuple`). * There exists a transition `(a,b,c) -> (d,e,f)` in the product automaton * iff there exists three transitions in the NFA `a->d, b->e, c->f` where those three * transitions all match a shared character `char`. (see `getAThreewayIntersect`) * - * We start a search in the product automaton at `(pivot, pivot, pumpEnd)`, + * We start a search in the product automaton at `(pivot, pivot, succ)`, * and search for a series of transitions (a `Trace`), such that we end - * at `(pivot, pumpEnd, pumpEnd)` (see `isReachableFromStartTuple`). + * at `(pivot, succ, succ)` (see `isReachableFromStartTuple`). * * For example, consider the regular expression `/^\d*5\w*$/`. * The search will start at the tuple `(\d*, \d*, \w*)` and search @@ -51,30 +51,20 @@ module Make { private State getRootState() { result = mkMatch(any(RegExpRoot r)) } private newtype TStateTuple = - /** - * A tuple of states `(q1, q2, q3)` in the product automaton that is reachable from `(pivot, pivot, pumpEnd)`. - */ - MkStateTuple(State pivot, State pumpEnd, State q1, State q2, State q3) { - // starts at (pivot, pivot, pumpEnd) - isStartLoops(q1, q3) and - q1 = q2 and - pivot = q1 and - pumpEnd = q3 + MkStateTuple(State q1, State q2, State q3) { + // starts at (pivot, pivot, succ) + isStartLoops(q1, q3) and q1 = q2 or - // recurse: any transition out where all 3 edges share a char (and the resulting tuple isn't obviously infeasible) - exists(StateTuple prev | - prev = MkStateTuple(pivot, pumpEnd, _, _, _) and - hasCommonStep(prev, _, _, _, q1, q2, q3) and - FeasibleTuple::isFeasibleTuple(pivot, pumpEnd, q1, q2, q3) - ) + step(_, _, _, _, q1, q2, q3) and FeasibleTuple::isFeasibleTuple(q1, q2, q3) } /** - * A state `(q1, q2, q3)` in the product automaton, that is reachable from `(pivot, pivot, pumpEnd)`. + * A state in the product automaton. + * The product automaton contains 3-tuples of states. * * We lazily only construct those states that we are actually * going to need. - * Either a start state `(pivot, pivot, pumpEnd)`, or a state + * Either a start state `(pivot, pivot, succ)`, or a state * where there exists a transition from an already existing state. * * The exponential variant of this query (`js/redos`) uses an optimization @@ -82,13 +72,11 @@ module Make { * of the elements matter. */ class StateTuple extends TStateTuple { - State pivot; - State pumpEnd; State q1; State q2; State q3; - StateTuple() { this = MkStateTuple(pivot, pumpEnd, q1, q2, q3) } + StateTuple() { this = MkStateTuple(q1, q2, q3) } /** * Gest a string representation of this tuple. @@ -100,39 +88,6 @@ module Make { */ pragma[noinline] predicate isTuple(State r1, State r2, State r3) { r1 = q1 and r2 = q2 and r3 = q3 } - - /** - * Gets the first state of the tuple. - */ - State getFirst() { result = q1 } - - /** - * Gets the second state of the tuple. - */ - State getSecond() { result = q2 } - - /** - * Gets the third state of the tuple. - */ - State getThird() { result = q3 } - - /** - * Gets the pivot state. - */ - State getPivot() { result = pivot } - - /** - * Gets the pumpEnd state. - */ - State getPumpEnd() { result = pumpEnd } - - /** - * Holds if the pivot state has the specified location. - * This location has been chosen arbitrarily, and is only useful for debugging. - */ - predicate hasLocationInfo(string file, int line, int column, int endLine, int endColumn) { - pivot.hasLocationInfo(file, line, column, endLine, endColumn) - } } /** @@ -142,36 +97,21 @@ module Make { */ private module FeasibleTuple { /** - * Holds if the tuple `(r1, r2, r3)` might be on path from a start-state `(pivot, pivot, pumpEnd)` to an end-state `(pivot, pumpEnd, pumpEnd)` in the product automaton. + * Holds if the tuple `(r1, r2, r3)` might be on path from a start-state to an end-state in the product automaton. */ - bindingset[pivot, pumpEnd, r1, r2, r3] - pragma[inline_late] - predicate isFeasibleTuple(State pivot, State pumpEnd, State r1, State r2, State r3) { - isStartLoops(pivot, pumpEnd) and - // r1 can reach the pivot state - reachesBeginning(r1, pivot) and - // r2 and r3 can reach the pumpEnd state - reachesEnd(r2, pumpEnd) and - reachesEnd(r3, pumpEnd) and + pragma[inline] + predicate isFeasibleTuple(State r1, State r2, State r3) { // The first element is either inside a repetition (or the start state itself) isRepetitionOrStart(r1) and // The last element is inside a repetition stateInsideRepetition(r3) and // The states are reachable in the NFA in the order r1 -> r2 -> r3 delta+(r1) = r2 and - delta+(r2) = r3 - } - - pragma[noinline] - private predicate reachesBeginning(State s, State pivot) { - isStartLoops(pivot, _) and - delta+(s) = pivot - } - - pragma[noinline] - private predicate reachesEnd(State s, State pumpEnd) { - isStartLoops(_, pumpEnd) and - delta+(s) = pumpEnd + delta+(r2) = r3 and + // The first element can reach a beginning (the "pivot" state in a `(pivot, succ)` pair). + canReachABeginning(r1) and + // The last element can reach a target (the "succ" state in a `(pivot, succ)` pair). + canReachATarget(r3) } /** @@ -189,18 +129,36 @@ module Make { private predicate stateInsideRepetition(State s) { s.getRepr().getParent*() instanceof InfiniteRepetitionQuantifier } + + /** + * Holds if there exists a path in the NFA from `s` to a "pivot" state + * (from a `(pivot, succ)` pair that starts the search). + */ + pragma[noinline] + private predicate canReachABeginning(State s) { + delta+(s) = any(State pivot | isStartLoops(pivot, _)) + } + + /** + * Holds if there exists a path in the NFA from `s` to a "succ" state + * (from a `(pivot, succ)` pair that starts the search). + */ + pragma[noinline] + private predicate canReachATarget(State s) { + delta+(s) = any(State succ | isStartLoops(_, succ)) + } } /** - * Holds if `pivot` and `pumpEnd` are a pair of loops that could be the beginning of a quadratic blowup. + * Holds if `pivot` and `succ` are a pair of loops that could be the beginning of a quadratic blowup. * - * There is a slight implementation difference compared to the paper: this predicate requires that `pivot != pumpEnd`. - * The case where `pivot = pumpEnd` causes exponential backtracking and is handled by the `js/redos` query. + * There is a slight implementation difference compared to the paper: this predicate requires that `pivot != succ`. + * The case where `pivot = succ` causes exponential backtracking and is handled by the `js/redos` query. */ - predicate isStartLoops(State pivot, State pumpEnd) { - pivot != pumpEnd and - pumpEnd.getRepr() instanceof InfiniteRepetitionQuantifier and - delta+(pivot) = pumpEnd and + predicate isStartLoops(State pivot, State succ) { + pivot != succ and + succ.getRepr() instanceof InfiniteRepetitionQuantifier and + delta+(pivot) = succ and ( pivot.getRepr() instanceof InfiniteRepetitionQuantifier or @@ -216,25 +174,62 @@ module Make { /** * Holds if there are transitions from the components of `q` to the corresponding * components of `r` labelled with `s1`, `s2`, and `s3`, respectively. - * Where the edges `s1`, `s2`, and `s3` all share at least one character. */ pragma[nomagic] - private predicate step(StateTuple q, InputSymbol s1, InputSymbol s2, InputSymbol s3, StateTuple r) { + private predicate stepHelper( + StateTuple q, InputSymbol s1, InputSymbol s2, InputSymbol s3, StateTuple r + ) { exists(State r1, State r2, State r3 | - hasCommonStep(q, s1, s2, s3, r1, r2, r3) and - r = - MkStateTuple(pragma[only_bind_out](q.getPivot()), pragma[only_bind_out](q.getPumpEnd()), - pragma[only_bind_out](r1), pragma[only_bind_out](r2), pragma[only_bind_out](r3)) + step(q, s1, s2, s3, r1, r2, r3) and r = MkStateTuple(r1, r2, r3) ) } + /** + * Holds if there are transitions from the components of `q` to the corresponding + * components of `r` labelled with `s1`, `s2`, and `s3`, respectively. + * + * Additionally, a heuristic is used to avoid blowups in the case of complex regexps. + * For regular expressions with more than 100 states, we only look at all the characters + * for the transitions out of `q` and only consider transitions that use the lexicographically + * smallest character. + */ + pragma[noinline] + predicate step(StateTuple q, InputSymbol s1, InputSymbol s2, InputSymbol s3, StateTuple r) { + stepHelper(q, s1, s2, s3, r) and + ( + countStates(any(State s | q.isTuple(s, _, _)).getRepr().getRootTerm()) < 100 + or + // arbitrarily pick an edge out of `q` for complex regexps. This is a heuristic to avoid potential blowups. + exists(string char | + char = + min(string str, InputSymbol x1, InputSymbol x2, InputSymbol x3 | + stepHelper(q, x1, x2, x3, _) and str = getAStepChar(x1, x2, x3) + | + str + ) and + char = getAStepChar(s1, s2, s3) + ) + ) + } + + // specialized version of `getAThreewayIntersect` to be used in `step` above. + pragma[noinline] + private string getAStepChar(InputSymbol s1, InputSymbol s2, InputSymbol s3) { + stepHelper(_, s1, s2, s3, _) and result = getAThreewayIntersect(s1, s2, s3) + } + + /** Gets the number of states in the NFA for `root`. This is used to determine a complexity metric used in the `step` predicate above. */ + private int countStates(RegExpTerm root) { + root.isRootTerm() and + result = count(State s | s.getRepr().getRootTerm() = root) + } + /** * Holds if there are transitions from the components of `q` to `r1`, `r2`, and `r3 * labelled with `s1`, `s2`, and `s3`, respectively. - * Where `s1`, `s2`, and `s3` all share at least one character. */ pragma[noopt] - predicate hasCommonStep( + predicate step( StateTuple q, InputSymbol s1, InputSymbol s2, InputSymbol s3, State r1, State r2, State r3 ) { exists(State q1, State q2, State q3 | q.isTuple(q1, q2, q3) | @@ -269,59 +264,41 @@ module Make { result = [min(intersect(a, b)), max(intersect(a, b))] } - /** Gets a tuple reachable in a forwards exploratory search from the start state `(pivot, pivot, pivot)`. */ - private StateTuple getReachableFromStartStateForwards(State pivot, State pumpEnd) { - // base case. - isStartLoops(pivot, pumpEnd) and - result = MkStateTuple(pivot, pumpEnd, pivot, pivot, pumpEnd) - or - // recursive case - exists(StateTuple p | - p = getReachableFromStartStateForwards(pivot, pumpEnd) and - step(p, _, _, _, result) - ) - } + private newtype TTrace = + Nil() or + Step(InputSymbol s1, InputSymbol s2, InputSymbol s3, TTrace t) { + isReachableFromStartTuple(_, _, t, s1, s2, s3, _, _) + } /** - * Gets a state tuple that can reach the end state `(pivot, pumpEnd, pumpEnd)`, found via a backwards exploratory search. - * Where the end state was reachable from a forwards search from the start state `(pivot, pivot, pumpEnd)`. - * The resulting tuples are exactly those that are on a path from the start state to the end state. + * A list of tuples of input symbols that describe a path in the product automaton + * starting from some start state. */ - private StateTuple getARelevantStateTuple(State pivot, State pumpEnd) { - // base case. - isStartLoops(pivot, pumpEnd) and - result = MkStateTuple(pivot, pumpEnd, pivot, pumpEnd, pumpEnd) and - result = getReachableFromStartStateForwards(pivot, pumpEnd) - or - // recursive case - exists(StateTuple p | - p = getARelevantStateTuple(pivot, pumpEnd) and - step(result, _, _, _, p) and - pragma[only_bind_out](result) = getReachableFromStartStateForwards(pivot, pumpEnd) // was reachable in the forwards pass. - ) + class Trace extends TTrace { + /** + * Gets a string representation of this Trace that can be used for debug purposes. + */ + string toString() { + this = Nil() and result = "Nil()" + or + exists(InputSymbol s1, InputSymbol s2, InputSymbol s3, Trace t | this = Step(s1, s2, s3, t) | + result = "Step(" + s1 + ", " + s2 + ", " + s3 + ", " + t + ")" + ) + } } /** - * Holds if there exists a transition from `src` to `dst` in the product automaton. - * Where `src` and `dst` are both on a path from a start state to an end state. + * Holds if there exists a transition from `r` to `q` in the product automaton. * Notice that the arguments are flipped, and thus the direction is backwards. */ pragma[noinline] - predicate tupleDeltaBackwards(StateTuple dst, StateTuple src) { - step(src, _, _, _, dst) and - // `step` ensures that `src` and `dst` have the same pivot and pumpEnd. - src = getARelevantStateTuple(_, _) and - dst = getARelevantStateTuple(_, _) - } + predicate tupleDeltaBackwards(StateTuple q, StateTuple r) { step(r, _, _, _, q) } /** - * Holds if `tuple` is an end state in our search, and `tuple` is on a path from a start state to an end state. - * That means there exists a pair of loops `(pivot, pumpEnd)` such that `tuple = (pivot, pumpEnd, pumpEnd)`. + * Holds if `tuple` is an end state in our search. + * That means there exists a pair of loops `(pivot, succ)` such that `tuple = (pivot, succ, succ)`. */ - predicate isEndTuple(StateTuple tuple) { - tuple = getEndTuple(_, _) and - tuple = getARelevantStateTuple(_, _) - } + predicate isEndTuple(StateTuple tuple) { tuple = getAnEndTuple(_, _) } /** * Gets the minimum length of a path from `r` to some an end state `end`. @@ -334,138 +311,72 @@ module Make { shortestDistances(isEndTuple/1, tupleDeltaBackwards/2)(end, r, result) /** - * Holds if there is a step from `q` to `r` in the product automaton labeled with `s1`, `s2`, and `s3`. - * Where the step is on a path from a start state to an end state. + * Holds if there exists a pair of repetitions `(pivot, succ)` in the regular expression such that: + * `tuple` is reachable from `(pivot, pivot, succ)` in the product automaton, + * and there is a distance of `dist` from `tuple` to the nearest end-tuple `(pivot, succ, succ)`, + * and a path from a start-state to `tuple` follows the transitions in `trace`. */ - private predicate isStepOnPath( - StateTuple q, InputSymbol s1, InputSymbol s2, InputSymbol s3, StateTuple r + private predicate isReachableFromStartTuple( + State pivot, State succ, StateTuple tuple, Trace trace, int dist ) { - step(q, s1, s2, s3, r) and - exists(State pivot, State pumpEnd, StateTuple end | - end = MkStateTuple(pivot, pumpEnd, pivot, pumpEnd, pumpEnd) and - pragma[only_bind_out](distBackFromEnd(q, end)) = - pragma[only_bind_out](distBackFromEnd(r, end)) + 1 + exists(InputSymbol s1, InputSymbol s2, InputSymbol s3, Trace v | + isReachableFromStartTuple(pivot, succ, v, s1, s2, s3, tuple, dist) and + trace = Step(s1, s2, s3, v) + ) + } + + private predicate isReachableFromStartTuple( + State pivot, State succ, Trace trace, InputSymbol s1, InputSymbol s2, InputSymbol s3, + StateTuple tuple, int dist + ) { + // base case. + isStartLoops(pivot, succ) and + step(MkStateTuple(pivot, pivot, succ), s1, s2, s3, tuple) and + tuple = MkStateTuple(_, _, _) and + trace = Nil() and + dist = distBackFromEnd(tuple, MkStateTuple(pivot, succ, succ)) + or + // recursive case + exists(StateTuple p | + isReachableFromStartTuple(pivot, succ, p, trace, dist + 1) and + dist = distBackFromEnd(tuple, MkStateTuple(pivot, succ, succ)) and + step(p, s1, s2, s3, tuple) ) } /** - * Gets a unique number for a `state`. - * Is used to create an ordering of states and tuples of states. + * Gets the tuple `(pivot, succ, succ)` from the product automaton. */ - private int rankState(State state) { - state = - rank[result](State s, int startLine, int endLine, int startColumn, int endColumn | - exists(StateTuple tuple | tuple = getARelevantStateTuple(_, _) | - s = [tuple.getFirst(), tuple.getSecond(), tuple.getThird()] and - s.getRepr().hasLocationInfo(_, startLine, startColumn, endLine, endColumn) - ) - | - s order by startLine, startColumn, endLine, endColumn - ) - } - - /** - * Holds if there is a step from `q` to `r` in the product automaton labeled with `s1`, `s2`, and `s3`. - * Where the step is on a path from a start state to an end state. - * And the step is a uniquely chosen step from out of `q`. - */ - pragma[nomagic] - private predicate isUniqueMinStepOnPath( - StateTuple q, InputSymbol s1, InputSymbol s2, InputSymbol s3, StateTuple r - ) { - isStepOnPath(q, s1, s2, s3, r) and - r = - min(StateTuple cand | - isStepOnPath(q, _, _, _, cand) - | - cand - order by - rankState(cand.getFirst()), rankState(cand.getSecond()), rankState(cand.getThird()) - ) - } - - private newtype TTrace = - Nil(State pivot, State pumpEnd) { - isStartLoops(pivot, pumpEnd) and - getStartTuple(pivot, pumpEnd) = getARelevantStateTuple(pivot, pumpEnd) - } or - Step(TTrace prev, StateTuple nextTuple) { - exists(StateTuple prevTuple | - exists(State pivot, State pumpEnd | - prev = Nil(pivot, pumpEnd) and - prevTuple = getStartTuple(pivot, pumpEnd) - ) - or - prev = Step(_, prevTuple) - | - isUniqueMinStepOnPath(prevTuple, _, _, _, nextTuple) - ) - } - - /** - * A list of tuples of input symbols that describe a path in the product automaton - * starting from a start state `(pivot, pivot, pumpEnd)`. - */ - class Trace extends TTrace { - /** - * Gets a string representation of this Trace that can be used for debug purposes. - */ - string toString() { result = "a trace" } - - /** Gets a trace where the head has been removed. */ - Trace getPrev() { this = Step(result, _) } - - /** Gets the tuple at the head of this trace. */ - StateTuple getTuple() { - this = Step(_, result) - or - exists(State prev, State pumpEnd | - this = Nil(prev, pumpEnd) and - result = getStartTuple(prev, pumpEnd) - ) - } - } - - /** - * Gets the tuple `(pivot, pumpEnd, pumpEnd)` from the product automaton. - */ - StateTuple getEndTuple(State pivot, State pumpEnd) { - isStartLoops(pivot, pumpEnd) and - result = MkStateTuple(pivot, pumpEnd, pivot, pumpEnd, pumpEnd) - } - - /** - * Gets the tuple `(pivot, pivot, pumpEnd)` from the product automaton. - */ - StateTuple getStartTuple(State pivot, State pumpEnd) { - isStartLoops(pivot, pumpEnd) and - result = MkStateTuple(pivot, pumpEnd, pivot, pivot, pumpEnd) + StateTuple getAnEndTuple(State pivot, State succ) { + isStartLoops(pivot, succ) and + result = MkStateTuple(pivot, succ, succ) } /** An implementation of a chain containing chars for use by `Concretizer`. */ private module CharTreeImpl implements CharTree { class CharNode = Trace; - CharNode getPrev(CharNode t) { result = t.getPrev() } + CharNode getPrev(CharNode t) { t = Step(_, _, _, result) } - predicate isARelevantEnd(CharNode n) { n.getTuple() = getEndTuple(_, _) } + /** Holds if `n` is used in `isPumpable`. */ + predicate isARelevantEnd(CharNode n) { + exists(State pivot, State succ | + isReachableFromStartTuple(pivot, succ, getAnEndTuple(pivot, succ), n, _) + ) + } string getChar(CharNode t) { - result = - min(string c, InputSymbol s1, InputSymbol s2, InputSymbol s3 | - isUniqueMinStepOnPath(t.getPrev().getTuple(), s1, s2, s3, t.getTuple()) and - c = getAThreewayIntersect(s1, s2, s3) - | - c - ) + exists(InputSymbol s1, InputSymbol s2, InputSymbol s3 | t = Step(s1, s2, s3, _) | + result = getAThreewayIntersect(s1, s2, s3) + ) } } /** * Holds if matching repetitions of `pump` can: * 1) Transition from `pivot` back to `pivot`. - * 2) Transition from `pivot` to `pumpEnd`. - * 3) Transition from `pumpEnd` to `pumpEnd`. + * 2) Transition from `pivot` to `succ`. + * 3) Transition from `succ` to `succ`. * * From theorem 3 in the paper linked in the top of this file we can therefore conclude that * the regular expression has polynomial backtracking - if a rejecting suffix exists. @@ -473,10 +384,10 @@ module Make { * This predicate is used by `SuperLinearReDoSConfiguration`, and the final results are * available in the `hasReDoSResult` predicate. */ - predicate isPumpable(State pivot, State pumpEnd, string pump) { + predicate isPumpable(State pivot, State succ, string pump) { exists(StateTuple q, Trace t | - q = getEndTuple(pivot, pumpEnd) and - q = t.getTuple() and + isReachableFromStartTuple(pivot, succ, q, t, _) and + q = getAnEndTuple(pivot, succ) and pump = Concretizer::concretize(t) ) } From efa53d21faaa54cb38217fe837826e79f467b4ba Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Thu, 11 May 2023 13:49:18 +0200 Subject: [PATCH 566/870] rename `succ` to `pumpEnd` --- .../regex/nfa/SuperlinearBackTracking.qll | 86 +++++++++---------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/shared/regex/codeql/regex/nfa/SuperlinearBackTracking.qll b/shared/regex/codeql/regex/nfa/SuperlinearBackTracking.qll index d06170502b4..43d8e8a73db 100644 --- a/shared/regex/codeql/regex/nfa/SuperlinearBackTracking.qll +++ b/shared/regex/codeql/regex/nfa/SuperlinearBackTracking.qll @@ -9,16 +9,16 @@ * Theorem 3 from the paper describes the basic idea. * * The following explains the idea using variables and predicate names that are used in the implementation: - * We consider a pair of repetitions, which we will call `pivot` and `succ`. + * We consider a pair of repetitions, which we will call `pivot` and `pumpEnd`. * * We create a product automaton of 3-tuples of states (see `StateTuple`). * There exists a transition `(a,b,c) -> (d,e,f)` in the product automaton * iff there exists three transitions in the NFA `a->d, b->e, c->f` where those three * transitions all match a shared character `char`. (see `getAThreewayIntersect`) * - * We start a search in the product automaton at `(pivot, pivot, succ)`, + * We start a search in the product automaton at `(pivot, pivot, pumpEnd)`, * and search for a series of transitions (a `Trace`), such that we end - * at `(pivot, succ, succ)` (see `isReachableFromStartTuple`). + * at `(pivot, pumpEnd, pumpEnd)` (see `isReachableFromStartTuple`). * * For example, consider the regular expression `/^\d*5\w*$/`. * The search will start at the tuple `(\d*, \d*, \w*)` and search @@ -52,7 +52,7 @@ module Make { private newtype TStateTuple = MkStateTuple(State q1, State q2, State q3) { - // starts at (pivot, pivot, succ) + // starts at (pivot, pivot, pumpEnd) isStartLoops(q1, q3) and q1 = q2 or step(_, _, _, _, q1, q2, q3) and FeasibleTuple::isFeasibleTuple(q1, q2, q3) @@ -64,7 +64,7 @@ module Make { * * We lazily only construct those states that we are actually * going to need. - * Either a start state `(pivot, pivot, succ)`, or a state + * Either a start state `(pivot, pivot, pumpEnd)`, or a state * where there exists a transition from an already existing state. * * The exponential variant of this query (`js/redos`) uses an optimization @@ -108,9 +108,9 @@ module Make { // The states are reachable in the NFA in the order r1 -> r2 -> r3 delta+(r1) = r2 and delta+(r2) = r3 and - // The first element can reach a beginning (the "pivot" state in a `(pivot, succ)` pair). + // The first element can reach a beginning (the "pivot" state in a `(pivot, pumpEnd)` pair). canReachABeginning(r1) and - // The last element can reach a target (the "succ" state in a `(pivot, succ)` pair). + // The last element can reach a target (the "pumpEnd" state in a `(pivot, pumpEnd)` pair). canReachATarget(r3) } @@ -132,7 +132,7 @@ module Make { /** * Holds if there exists a path in the NFA from `s` to a "pivot" state - * (from a `(pivot, succ)` pair that starts the search). + * (from a `(pivot, pumpEnd)` pair that starts the search). */ pragma[noinline] private predicate canReachABeginning(State s) { @@ -140,25 +140,25 @@ module Make { } /** - * Holds if there exists a path in the NFA from `s` to a "succ" state - * (from a `(pivot, succ)` pair that starts the search). + * Holds if there exists a path in the NFA from `s` to a "pumpEnd" state + * (from a `(pivot, pumpEnd)` pair that starts the search). */ pragma[noinline] private predicate canReachATarget(State s) { - delta+(s) = any(State succ | isStartLoops(_, succ)) + delta+(s) = any(State pumpEnd | isStartLoops(_, pumpEnd)) } } /** - * Holds if `pivot` and `succ` are a pair of loops that could be the beginning of a quadratic blowup. + * Holds if `pivot` and `pumpEnd` are a pair of loops that could be the beginning of a quadratic blowup. * - * There is a slight implementation difference compared to the paper: this predicate requires that `pivot != succ`. - * The case where `pivot = succ` causes exponential backtracking and is handled by the `js/redos` query. + * There is a slight implementation difference compared to the paper: this predicate requires that `pivot != pumpEnd`. + * The case where `pivot = pumpEnd` causes exponential backtracking and is handled by the `js/redos` query. */ - predicate isStartLoops(State pivot, State succ) { - pivot != succ and - succ.getRepr() instanceof InfiniteRepetitionQuantifier and - delta+(pivot) = succ and + predicate isStartLoops(State pivot, State pumpEnd) { + pivot != pumpEnd and + pumpEnd.getRepr() instanceof InfiniteRepetitionQuantifier and + delta+(pivot) = pumpEnd and ( pivot.getRepr() instanceof InfiniteRepetitionQuantifier or @@ -296,7 +296,7 @@ module Make { /** * Holds if `tuple` is an end state in our search. - * That means there exists a pair of loops `(pivot, succ)` such that `tuple = (pivot, succ, succ)`. + * That means there exists a pair of loops `(pivot, pumpEnd)` such that `tuple = (pivot, pumpEnd, pumpEnd)`. */ predicate isEndTuple(StateTuple tuple) { tuple = getAnEndTuple(_, _) } @@ -311,45 +311,45 @@ module Make { shortestDistances(isEndTuple/1, tupleDeltaBackwards/2)(end, r, result) /** - * Holds if there exists a pair of repetitions `(pivot, succ)` in the regular expression such that: - * `tuple` is reachable from `(pivot, pivot, succ)` in the product automaton, - * and there is a distance of `dist` from `tuple` to the nearest end-tuple `(pivot, succ, succ)`, + * Holds if there exists a pair of repetitions `(pivot, pumpEnd)` in the regular expression such that: + * `tuple` is reachable from `(pivot, pivot, pumpEnd)` in the product automaton, + * and there is a distance of `dist` from `tuple` to the nearest end-tuple `(pivot, pumpEnd, pumpEnd)`, * and a path from a start-state to `tuple` follows the transitions in `trace`. */ private predicate isReachableFromStartTuple( - State pivot, State succ, StateTuple tuple, Trace trace, int dist + State pivot, State pumpEnd, StateTuple tuple, Trace trace, int dist ) { exists(InputSymbol s1, InputSymbol s2, InputSymbol s3, Trace v | - isReachableFromStartTuple(pivot, succ, v, s1, s2, s3, tuple, dist) and + isReachableFromStartTuple(pivot, pumpEnd, v, s1, s2, s3, tuple, dist) and trace = Step(s1, s2, s3, v) ) } private predicate isReachableFromStartTuple( - State pivot, State succ, Trace trace, InputSymbol s1, InputSymbol s2, InputSymbol s3, + State pivot, State pumpEnd, Trace trace, InputSymbol s1, InputSymbol s2, InputSymbol s3, StateTuple tuple, int dist ) { // base case. - isStartLoops(pivot, succ) and - step(MkStateTuple(pivot, pivot, succ), s1, s2, s3, tuple) and + isStartLoops(pivot, pumpEnd) and + step(MkStateTuple(pivot, pivot, pumpEnd), s1, s2, s3, tuple) and tuple = MkStateTuple(_, _, _) and trace = Nil() and - dist = distBackFromEnd(tuple, MkStateTuple(pivot, succ, succ)) + dist = distBackFromEnd(tuple, MkStateTuple(pivot, pumpEnd, pumpEnd)) or // recursive case exists(StateTuple p | - isReachableFromStartTuple(pivot, succ, p, trace, dist + 1) and - dist = distBackFromEnd(tuple, MkStateTuple(pivot, succ, succ)) and + isReachableFromStartTuple(pivot, pumpEnd, p, trace, dist + 1) and + dist = distBackFromEnd(tuple, MkStateTuple(pivot, pumpEnd, pumpEnd)) and step(p, s1, s2, s3, tuple) ) } /** - * Gets the tuple `(pivot, succ, succ)` from the product automaton. + * Gets the tuple `(pivot, pumpEnd, pumpEnd)` from the product automaton. */ - StateTuple getAnEndTuple(State pivot, State succ) { - isStartLoops(pivot, succ) and - result = MkStateTuple(pivot, succ, succ) + StateTuple getAnEndTuple(State pivot, State pumpEnd) { + isStartLoops(pivot, pumpEnd) and + result = MkStateTuple(pivot, pumpEnd, pumpEnd) } /** An implementation of a chain containing chars for use by `Concretizer`. */ @@ -360,8 +360,8 @@ module Make { /** Holds if `n` is used in `isPumpable`. */ predicate isARelevantEnd(CharNode n) { - exists(State pivot, State succ | - isReachableFromStartTuple(pivot, succ, getAnEndTuple(pivot, succ), n, _) + exists(State pivot, State pumpEnd | + isReachableFromStartTuple(pivot, pumpEnd, getAnEndTuple(pivot, pumpEnd), n, _) ) } @@ -375,8 +375,8 @@ module Make { /** * Holds if matching repetitions of `pump` can: * 1) Transition from `pivot` back to `pivot`. - * 2) Transition from `pivot` to `succ`. - * 3) Transition from `succ` to `succ`. + * 2) Transition from `pivot` to `pumpEnd`. + * 3) Transition from `pumpEnd` to `pumpEnd`. * * From theorem 3 in the paper linked in the top of this file we can therefore conclude that * the regular expression has polynomial backtracking - if a rejecting suffix exists. @@ -384,10 +384,10 @@ module Make { * This predicate is used by `SuperLinearReDoSConfiguration`, and the final results are * available in the `hasReDoSResult` predicate. */ - predicate isPumpable(State pivot, State succ, string pump) { + predicate isPumpable(State pivot, State pumpEnd, string pump) { exists(StateTuple q, Trace t | - isReachableFromStartTuple(pivot, succ, q, t, _) and - q = getAnEndTuple(pivot, succ) and + isReachableFromStartTuple(pivot, pumpEnd, q, t, _) and + q = getAnEndTuple(pivot, pumpEnd) and pump = Concretizer::concretize(t) ) } @@ -439,8 +439,8 @@ module Make { * Holds if all non-empty successors to the polynomial backtracking term matches the end of the line. */ predicate isAtEndLine() { - forall(RegExpTerm succ | super.getSuccessor+() = succ and not matchesEpsilon(succ) | - succ instanceof RegExpDollar + forall(RegExpTerm pumpEnd | super.getSuccessor+() = pumpEnd and not matchesEpsilon(pumpEnd) | + pumpEnd instanceof RegExpDollar ) } From f85b3e13c2326fe515c71f9587bb38ff229f0ae4 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Thu, 11 May 2023 13:53:16 +0200 Subject: [PATCH 567/870] update expected output --- .../Security/CWE-400/ReDoS/PolynomialReDoS.expected | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected index 0ec4c40fd2c..4c534fffe13 100644 --- a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected +++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected @@ -163,6 +163,8 @@ nodes | polynomial-redos.js:65:24:65:30 | tainted | | polynomial-redos.js:66:19:66:25 | tainted | | polynomial-redos.js:66:19:66:25 | tainted | +| polynomial-redos.js:67:18:67:24 | tainted | +| polynomial-redos.js:67:18:67:24 | tainted | | polynomial-redos.js:68:18:68:24 | req.url | | polynomial-redos.js:68:18:68:24 | req.url | | polynomial-redos.js:68:18:68:24 | req.url | @@ -219,6 +221,8 @@ nodes | polynomial-redos.js:112:2:112:8 | tainted | | polynomial-redos.js:114:2:114:8 | tainted | | polynomial-redos.js:114:2:114:8 | tainted | +| polynomial-redos.js:116:2:116:8 | tainted | +| polynomial-redos.js:116:2:116:8 | tainted | | polynomial-redos.js:118:2:118:8 | tainted | | polynomial-redos.js:118:2:118:8 | tainted | | polynomial-redos.js:121:7:121:55 | replaced | @@ -403,6 +407,8 @@ edges | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:65:24:65:30 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:66:19:66:25 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:66:19:66:25 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:67:18:67:24 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:67:18:67:24 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:71:2:71:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:71:2:71:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:73:2:73:8 | tainted | @@ -453,6 +459,8 @@ edges | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:112:2:112:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:114:2:114:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:114:2:114:8 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:116:2:116:8 | tainted | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:116:2:116:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:118:2:118:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:118:2:118:8 | tainted | | polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:121:18:121:24 | tainted | @@ -547,6 +555,7 @@ edges | polynomial-redos.js:64:3:64:31 | /^foo(K ... ainted) | polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:64:24:64:30 | tainted | This $@ that depends on $@ may run slow on strings starting with 'fooY' and with many repetitions of 'Y'. | polynomial-redos.js:64:14:64:15 | Y* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value | | polynomial-redos.js:65:3:65:31 | /^foo(K ... ainted) | polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:65:24:65:30 | tainted | This $@ that depends on $@ may run slow on strings starting with 'fooY' and with many repetitions of 'K'. | polynomial-redos.js:65:14:65:15 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value | | polynomial-redos.js:66:3:66:26 | /(K\|Y). ... ainted) | polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:66:19:66:25 | tainted | This $@ that depends on $@ may run slow on strings starting with 'K' and with many repetitions of 'K'. | polynomial-redos.js:66:9:66:10 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value | +| polynomial-redos.js:67:3:67:25 | /[^Y].* ... ainted) | polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:67:18:67:24 | tainted | This $@ that depends on $@ may run slow on strings starting with 'X' and with many repetitions of 'Z'. | polynomial-redos.js:67:8:67:9 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value | | polynomial-redos.js:69:3:69:26 | /[^Y].* ... q.body) | polynomial-redos.js:69:18:69:25 | req.body | polynomial-redos.js:69:18:69:25 | req.body | This $@ that depends on $@ may run slow on strings starting with 'X' and with many repetitions of 'X'. | polynomial-redos.js:69:8:69:9 | .* | regular expression | polynomial-redos.js:69:18:69:25 | req.body | a user-provided value | | polynomial-redos.js:71:2:71:67 | tainted ... E]*)$/) | polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:71:2:71:8 | tainted | This $@ that depends on $@ may run slow on strings starting with ',-+' and with many repetitions of '++'. | polynomial-redos.js:71:51:71:63 | [?\\x21-\\x7E]* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value | | polynomial-redos.js:73:2:73:60 | tainted ... LWP7")) | polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:73:2:73:8 | tainted | This $@ that depends on $@ may run slow on strings starting with 'MSIE 0.0' and with many repetitions of '0'. | polynomial-redos.js:73:50:73:51 | .* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value | @@ -574,6 +583,7 @@ edges | polynomial-redos.js:111:2:111:22 | tainted ... /\\s*$/) | polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:111:2:111:8 | tainted | This $@ that depends on $@ may run slow on strings with many repetitions of '\\t'. | polynomial-redos.js:111:17:111:19 | \\s* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value | | polynomial-redos.js:112:2:112:22 | tainted ... /\\s+$/) | polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:112:2:112:8 | tainted | This $@ that depends on $@ may run slow on strings with many repetitions of '\\t'. | polynomial-redos.js:112:17:112:19 | \\s+ | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value | | polynomial-redos.js:114:2:114:27 | tainted ... 5\\w*$/) | polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:114:2:114:8 | tainted | This $@ that depends on $@ may run slow on strings starting with '5' and with many repetitions of '5'. | polynomial-redos.js:114:22:114:24 | \\w* | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value | +| polynomial-redos.js:116:2:116:35 | tainted ... \\*\\//g) | polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:116:2:116:8 | tainted | This $@ that depends on $@ may run slow on strings starting with '/*' and with many repetitions of 'a/*'. | polynomial-redos.js:116:21:116:28 | [\\d\\D]*? | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value | | polynomial-redos.js:118:2:118:25 | tainted ... \\d+)+/) | polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:118:2:118:8 | tainted | This $@ that depends on $@ may run slow on strings with many repetitions of '0'. | polynomial-redos.js:118:17:118:23 | (#\\d+)+ | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value | | polynomial-redos.js:124:12:124:43 | result. ... /g, '') | polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:124:12:124:17 | result | This $@ that depends on $@ may run slow on strings with many repetitions of '\\t'. | polynomial-redos.js:124:33:124:35 | \\s+ | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value | | polynomial-redos.js:130:2:130:31 | modifie ... g, "b") | polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:130:2:130:9 | modified | This $@ that depends on $@ may run slow on strings starting with 'c' and with many repetitions of 'c'. | polynomial-redos.js:130:21:130:22 | c+ | regular expression | polynomial-redos.js:5:16:5:32 | req.query.tainted | a user-provided value | From c7e21ee9aef8b90d723a1277df951775066f2c8e Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Thu, 11 May 2023 13:57:16 +0200 Subject: [PATCH 568/870] add really long regex as a test-case --- .../PolynomialReDoS.expected | 9 ++++++ .../PolynomialReDoS.rb | 28 +++++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.expected b/ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.expected index 97de9e92184..ec079020695 100644 --- a/ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.expected +++ b/ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.expected @@ -40,6 +40,9 @@ edges | PolynomialReDoS.rb:70:12:70:24 | ...[...] | PolynomialReDoS.rb:70:5:70:8 | name | | PolynomialReDoS.rb:73:32:73:35 | name | PolynomialReDoS.rb:76:35:76:39 | input | | PolynomialReDoS.rb:76:35:76:39 | input | PolynomialReDoS.rb:77:5:77:9 | input | +| PolynomialReDoS.rb:103:5:103:8 | name | PolynomialReDoS.rb:105:5:105:8 | name | +| PolynomialReDoS.rb:103:12:103:17 | call to params | PolynomialReDoS.rb:103:12:103:24 | ...[...] | +| PolynomialReDoS.rb:103:12:103:24 | ...[...] | PolynomialReDoS.rb:103:5:103:8 | name | | lib/index.rb:2:11:2:11 | x | lib/index.rb:4:13:4:13 | x | | lib/index.rb:8:13:8:13 | x | lib/index.rb:9:15:9:15 | x | | lib/index.rb:8:13:8:13 | x | lib/index.rb:11:16:11:16 | x | @@ -91,6 +94,10 @@ nodes | PolynomialReDoS.rb:73:32:73:35 | name | semmle.label | name | | PolynomialReDoS.rb:76:35:76:39 | input | semmle.label | input | | PolynomialReDoS.rb:77:5:77:9 | input | semmle.label | input | +| PolynomialReDoS.rb:103:5:103:8 | name | semmle.label | name | +| PolynomialReDoS.rb:103:12:103:17 | call to params | semmle.label | call to params | +| PolynomialReDoS.rb:103:12:103:24 | ...[...] | semmle.label | ...[...] | +| PolynomialReDoS.rb:105:5:105:8 | name | semmle.label | name | | lib/index.rb:2:11:2:11 | x | semmle.label | x | | lib/index.rb:4:13:4:13 | x | semmle.label | x | | lib/index.rb:8:13:8:13 | x | semmle.label | x | @@ -121,6 +128,8 @@ subpaths | PolynomialReDoS.rb:62:5:62:22 | call to gsub | PolynomialReDoS.rb:54:12:54:17 | call to params | PolynomialReDoS.rb:62:5:62:9 | input | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:56:31:56:33 | \\s+ | regular expression | PolynomialReDoS.rb:54:12:54:17 | call to params | user-provided value | | PolynomialReDoS.rb:66:5:66:34 | call to match? | PolynomialReDoS.rb:54:12:54:17 | call to params | PolynomialReDoS.rb:66:5:66:9 | input | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:58:30:58:32 | \\s+ | regular expression | PolynomialReDoS.rb:54:12:54:17 | call to params | user-provided value | | PolynomialReDoS.rb:77:5:77:22 | call to gsub | PolynomialReDoS.rb:70:12:70:17 | call to params | PolynomialReDoS.rb:77:5:77:9 | input | This $@ that depends on a $@ may run slow on strings with many repetitions of ' '. | PolynomialReDoS.rb:72:28:72:30 | \\s+ | regular expression | PolynomialReDoS.rb:70:12:70:17 | call to params | user-provided value | +| PolynomialReDoS.rb:105:5:105:23 | ... =~ ... | PolynomialReDoS.rb:103:12:103:17 | call to params | PolynomialReDoS.rb:105:5:105:8 | name | This $@ that depends on a $@ may run slow on strings starting with '''' and with many repetitions of ' '. | PolynomialReDoS.rb:100:397:100:399 | \\s* | regular expression | PolynomialReDoS.rb:103:12:103:17 | call to params | user-provided value | +| PolynomialReDoS.rb:105:5:105:23 | ... =~ ... | PolynomialReDoS.rb:103:12:103:17 | call to params | PolynomialReDoS.rb:105:5:105:8 | name | This $@ that depends on a $@ may run slow on strings starting with '''' and with many repetitions of ' '. | PolynomialReDoS.rb:100:405:100:407 | \\s* | regular expression | PolynomialReDoS.rb:103:12:103:17 | call to params | user-provided value | | lib/index.rb:4:13:4:26 | call to match | lib/index.rb:2:11:2:11 | x | lib/index.rb:4:13:4:13 | x | This $@ that depends on a $@ may run slow on strings with many repetitions of 'a'. | lib/index.rb:4:22:4:23 | a+ | regular expression | lib/index.rb:2:11:2:11 | x | library input | | lib/index.rb:9:15:9:28 | call to match | lib/index.rb:8:13:8:13 | x | lib/index.rb:9:15:9:15 | x | This $@ that depends on a $@ may run slow on strings with many repetitions of 'a'. | lib/index.rb:9:24:9:25 | a+ | regular expression | lib/index.rb:8:13:8:13 | x | library input | | lib/index.rb:11:16:11:276 | call to match | lib/index.rb:8:13:8:13 | x | lib/index.rb:11:16:11:16 | x | This $@ that depends on a $@ may run slow on strings starting with 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC' and with many repetitions of 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC'. | lib/index.rb:11:271:11:272 | .* | regular expression | lib/index.rb:8:13:8:13 | x | library input | diff --git a/ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.rb b/ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.rb index d97f7413f82..2f73209321f 100644 --- a/ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.rb +++ b/ruby/ql/test/query-tests/security/cwe-1333-polynomial-redos/PolynomialReDoS.rb @@ -76,4 +76,32 @@ class FooController < ActionController::Base def re_compile_indirect_2 (reg, input) input.gsub reg, '' # NOT GOOD end + + # See https://github.com/dependabot/dependabot-core/blob/37dc1767fde9b7184020763f4d0c1434f93d11d6/python/lib/dependabot/python/requirement_parser.rb#L6-L25 + NAME = /[a-zA-Z0-9](?:[a-zA-Z0-9\-_\.]*[a-zA-Z0-9])?/ + EXTRA = /[a-zA-Z0-9\-_\.]+/ + COMPARISON = /===|==|>=|<=|<|>|~=|!=/ + VERSION = /([1-9][0-9]*!)?[0-9]+[a-zA-Z0-9\-_.*]*(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?/ + + REQUIREMENT = /(?#{COMPARISON})\s*\\?\s*(?#{VERSION})/ + HASH = /--hash=(?.*?):(?.*?)(?=\s|\\|$)/ + REQUIREMENTS = /#{REQUIREMENT}(\s*,\s*\\?\s*#{REQUIREMENT})*/ + HASHES = /#{HASH}(\s*\\?\s*#{HASH})*/ + MARKER_OP = /\s*(#{COMPARISON}|(\s*in)|(\s*not\s*in))/ + PYTHON_STR_C = %r{[a-zA-Z0-9\s\(\)\.\{\}\-_\*#:;/\?\[\]!~`@\$%\^&=\+\|<>]} + PYTHON_STR = /('(#{PYTHON_STR_C}|")*'|"(#{PYTHON_STR_C}|')*")/ + ENV_VAR = + /python_version|python_full_version|os_name|sys_platform| + platform_release|platform_system|platform_version|platform_machine| + platform_python_implementation|implementation_name| + implementation_version/ + MARKER_VAR = /\s*(#{ENV_VAR}|#{PYTHON_STR})/ + MARKER_EXPR_ONE = /#{MARKER_VAR}#{MARKER_OP}#{MARKER_VAR}/ + MARKER_EXPR = /(#{MARKER_EXPR_ONE}|\(\s*|\s*\)|\s+and\s+|\s+or\s+)+/ + + def use_marker_expr + name = params[:name] # source + + name =~ MARKER_EXPR + end end From f7419c92501593bc187fe56319a54efc62f9f0e6 Mon Sep 17 00:00:00 2001 From: erik-krogh Date: Fri, 12 May 2023 09:26:03 +0200 Subject: [PATCH 569/870] add expected output --- .../ReDoS/PolynomialBackTracking.expected | 73 ++++++++----------- 1 file changed, 30 insertions(+), 43 deletions(-) diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialBackTracking.expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialBackTracking.expected index db29a305639..d8bac89a913 100644 --- a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialBackTracking.expected +++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialBackTracking.expected @@ -1,5 +1,5 @@ -| highlight.js:2:26:2:979 | ((traffic-flow\|traffic-generator\|firewall\|scheduler\|aaa\|accounting\|address-list\|address\|align\|area\|bandwidth-server\|bfd\|bgp\|bridge\|client\|clock\|community\|config\|connection\|console\|customer\|default\|dhcp-client\|dhcp-server\|discovery\|dns\|e-mail\|ethernet\|filter\|firewall\|firmware\|gps\|graphing\|group\|hardware\|health\|hotspot\|identity\|igmp-proxy\|incoming\|instance\|interface\|ip\|ipsec\|ipv6\|irq\|l2tp-server\|lcd\|ldp\|logging\|mac-server\|mac-winbox\|mangle\|manual\|mirror\|mme\|mpls\|nat\|nd\|neighbor\|network\|note\|ntp\|ospf\|ospf-v3\|ovpn-server\|page\|peer\|pim\|ping\|policy\|pool\|port\|ppp\|pppoe-client\|pptp-server\|prefix\|profile\|proposal\|proxy\|queue\|radius\|resource\|rip\|ripng\|route\|routing\|screen\|script\|security-profiles\|server\|service\|service-port\|settings\|shares\|smb\|sms\|sniffer\|snmp\|snooper\|socks\|sstp-server\|system\|tool\|tracking\|type\|upgrade\|upnp\|user-manager\|users\|user\|vlan\|secret\|vrrp\|watchdog\|web-access\|wireless\|pptp\|pppoe\|lan\|wan\|layer7-protocol\|lease\|simple\|raw);?\\s)+ | Strings starting with '/' and with many repetitions of 'ip\\t' can start matching anywhere after the start of the preceeding (\\.\\.\\/\|\\/\|\\s)((traffic-flow\|traffic-generator\|firewall\|scheduler\|aaa\|accounting\|address-list\|address\|align\|area\|bandwidth-server\|bfd\|bgp\|bridge\|client\|clock\|community\|config\|connection\|console\|customer\|default\|dhcp-client\|dhcp-server\|discovery\|dns\|e-mail\|ethernet\|filter\|firewall\|firmware\|gps\|graphing\|group\|hardware\|health\|hotspot\|identity\|igmp-proxy\|incoming\|instance\|interface\|ip\|ipsec\|ipv6\|irq\|l2tp-server\|lcd\|ldp\|logging\|mac-server\|mac-winbox\|mangle\|manual\|mirror\|mme\|mpls\|nat\|nd\|neighbor\|network\|note\|ntp\|ospf\|ospf-v3\|ovpn-server\|page\|peer\|pim\|ping\|policy\|pool\|port\|ppp\|pppoe-client\|pptp-server\|prefix\|profile\|proposal\|proxy\|queue\|radius\|resource\|rip\|ripng\|route\|routing\|screen\|script\|security-profiles\|server\|service\|service-port\|settings\|shares\|smb\|sms\|sniffer\|snmp\|snooper\|socks\|sstp-server\|system\|tool\|tracking\|type\|upgrade\|upnp\|user-manager\|users\|user\|vlan\|secret\|vrrp\|watchdog\|web-access\|wireless\|pptp\|pppoe\|lan\|wan\|layer7-protocol\|lease\|simple\|raw);?\\s)+X | -| highlight.js:3:27:3:971 | ((traffic-flow\|traffic-generator\|firewall\|scheduler\|aaa\|accounting\|address-list\|address\|align\|area\|bandwidth-server\|bfd\|bgp\|bridge\|client\|clock\|community\|config\|connection\|console\|customer\|default\|dhcp-client\|dhcp-server\|discovery\|dns\|e-mail\|ethernet\|filter\|firmware\|gps\|graphing\|group\|hardware\|health\|hotspot\|identity\|igmp-proxy\|incoming\|instance\|interface\|ip\|ipsec\|ipv6\|irq\|l2tp-server\|lcd\|ldp\|logging\|mac-server\|mac-winbox\|mangle\|manual\|mirror\|mme\|mpls\|nat\|nd\|neighbor\|network\|note\|ntp\|ospf\|ospf-v3\|ovpn-server\|page\|peer\|pim\|ping\|policy\|pool\|port\|ppp\|pppoe-client\|pptp-server\|prefix\|profile\|proposal\|proxy\|queue\|radius\|resource\|rip\|ripng\|route\|routing\|screen\|script\|security-profiles\|server\|service\|service-port\|settings\|shares\|smb\|sms\|sniffer\|snmp\|snooper\|socks\|sstp-server\|system\|tool\|tracking\|type\|upgrade\|upnp\|user-manager\|users\|user\|vlan\|secret\|vrrp\|watchdog\|web-access\|wireless\|pptp\|pppoe\|lan\|wan\|layer7-protocol\|lease\|simple\|raw);?\\s)+ | Strings starting with '/' and with many repetitions of 'ip\\t' can start matching anywhere after the start of the preceeding (\\.\\.\\/\|\\/\|\\s)((traffic-flow\|traffic-generator\|firewall\|scheduler\|aaa\|accounting\|address-list\|address\|align\|area\|bandwidth-server\|bfd\|bgp\|bridge\|client\|clock\|community\|config\|connection\|console\|customer\|default\|dhcp-client\|dhcp-server\|discovery\|dns\|e-mail\|ethernet\|filter\|firmware\|gps\|graphing\|group\|hardware\|health\|hotspot\|identity\|igmp-proxy\|incoming\|instance\|interface\|ip\|ipsec\|ipv6\|irq\|l2tp-server\|lcd\|ldp\|logging\|mac-server\|mac-winbox\|mangle\|manual\|mirror\|mme\|mpls\|nat\|nd\|neighbor\|network\|note\|ntp\|ospf\|ospf-v3\|ovpn-server\|page\|peer\|pim\|ping\|policy\|pool\|port\|ppp\|pppoe-client\|pptp-server\|prefix\|profile\|proposal\|proxy\|queue\|radius\|resource\|rip\|ripng\|route\|routing\|screen\|script\|security-profiles\|server\|service\|service-port\|settings\|shares\|smb\|sms\|sniffer\|snmp\|snooper\|socks\|sstp-server\|system\|tool\|tracking\|type\|upgrade\|upnp\|user-manager\|users\|user\|vlan\|secret\|vrrp\|watchdog\|web-access\|wireless\|pptp\|pppoe\|lan\|wan\|layer7-protocol\|lease\|simple\|raw);?\\s)+X | +| highlight.js:2:26:2:979 | ((traffic-flow\|traffic-generator\|firewall\|scheduler\|aaa\|accounting\|address-list\|address\|align\|area\|bandwidth-server\|bfd\|bgp\|bridge\|client\|clock\|community\|config\|connection\|console\|customer\|default\|dhcp-client\|dhcp-server\|discovery\|dns\|e-mail\|ethernet\|filter\|firewall\|firmware\|gps\|graphing\|group\|hardware\|health\|hotspot\|identity\|igmp-proxy\|incoming\|instance\|interface\|ip\|ipsec\|ipv6\|irq\|l2tp-server\|lcd\|ldp\|logging\|mac-server\|mac-winbox\|mangle\|manual\|mirror\|mme\|mpls\|nat\|nd\|neighbor\|network\|note\|ntp\|ospf\|ospf-v3\|ovpn-server\|page\|peer\|pim\|ping\|policy\|pool\|port\|ppp\|pppoe-client\|pptp-server\|prefix\|profile\|proposal\|proxy\|queue\|radius\|resource\|rip\|ripng\|route\|routing\|screen\|script\|security-profiles\|server\|service\|service-port\|settings\|shares\|smb\|sms\|sniffer\|snmp\|snooper\|socks\|sstp-server\|system\|tool\|tracking\|type\|upgrade\|upnp\|user-manager\|users\|user\|vlan\|secret\|vrrp\|watchdog\|web-access\|wireless\|pptp\|pppoe\|lan\|wan\|layer7-protocol\|lease\|simple\|raw);?\\s)+ | Strings starting with '/' and with many repetitions of 'aaa\\t' can start matching anywhere after the start of the preceeding (\\.\\.\\/\|\\/\|\\s)((traffic-flow\|traffic-generator\|firewall\|scheduler\|aaa\|accounting\|address-list\|address\|align\|area\|bandwidth-server\|bfd\|bgp\|bridge\|client\|clock\|community\|config\|connection\|console\|customer\|default\|dhcp-client\|dhcp-server\|discovery\|dns\|e-mail\|ethernet\|filter\|firewall\|firmware\|gps\|graphing\|group\|hardware\|health\|hotspot\|identity\|igmp-proxy\|incoming\|instance\|interface\|ip\|ipsec\|ipv6\|irq\|l2tp-server\|lcd\|ldp\|logging\|mac-server\|mac-winbox\|mangle\|manual\|mirror\|mme\|mpls\|nat\|nd\|neighbor\|network\|note\|ntp\|ospf\|ospf-v3\|ovpn-server\|page\|peer\|pim\|ping\|policy\|pool\|port\|ppp\|pppoe-client\|pptp-server\|prefix\|profile\|proposal\|proxy\|queue\|radius\|resource\|rip\|ripng\|route\|routing\|screen\|script\|security-profiles\|server\|service\|service-port\|settings\|shares\|smb\|sms\|sniffer\|snmp\|snooper\|socks\|sstp-server\|system\|tool\|tracking\|type\|upgrade\|upnp\|user-manager\|users\|user\|vlan\|secret\|vrrp\|watchdog\|web-access\|wireless\|pptp\|pppoe\|lan\|wan\|layer7-protocol\|lease\|simple\|raw);?\\s)+X | +| highlight.js:3:27:3:971 | ((traffic-flow\|traffic-generator\|firewall\|scheduler\|aaa\|accounting\|address-list\|address\|align\|area\|bandwidth-server\|bfd\|bgp\|bridge\|client\|clock\|community\|config\|connection\|console\|customer\|default\|dhcp-client\|dhcp-server\|discovery\|dns\|e-mail\|ethernet\|filter\|firmware\|gps\|graphing\|group\|hardware\|health\|hotspot\|identity\|igmp-proxy\|incoming\|instance\|interface\|ip\|ipsec\|ipv6\|irq\|l2tp-server\|lcd\|ldp\|logging\|mac-server\|mac-winbox\|mangle\|manual\|mirror\|mme\|mpls\|nat\|nd\|neighbor\|network\|note\|ntp\|ospf\|ospf-v3\|ovpn-server\|page\|peer\|pim\|ping\|policy\|pool\|port\|ppp\|pppoe-client\|pptp-server\|prefix\|profile\|proposal\|proxy\|queue\|radius\|resource\|rip\|ripng\|route\|routing\|screen\|script\|security-profiles\|server\|service\|service-port\|settings\|shares\|smb\|sms\|sniffer\|snmp\|snooper\|socks\|sstp-server\|system\|tool\|tracking\|type\|upgrade\|upnp\|user-manager\|users\|user\|vlan\|secret\|vrrp\|watchdog\|web-access\|wireless\|pptp\|pppoe\|lan\|wan\|layer7-protocol\|lease\|simple\|raw);?\\s)+ | Strings starting with '/' and with many repetitions of 'aaa\\t' can start matching anywhere after the start of the preceeding (\\.\\.\\/\|\\/\|\\s)((traffic-flow\|traffic-generator\|firewall\|scheduler\|aaa\|accounting\|address-list\|address\|align\|area\|bandwidth-server\|bfd\|bgp\|bridge\|client\|clock\|community\|config\|connection\|console\|customer\|default\|dhcp-client\|dhcp-server\|discovery\|dns\|e-mail\|ethernet\|filter\|firmware\|gps\|graphing\|group\|hardware\|health\|hotspot\|identity\|igmp-proxy\|incoming\|instance\|interface\|ip\|ipsec\|ipv6\|irq\|l2tp-server\|lcd\|ldp\|logging\|mac-server\|mac-winbox\|mangle\|manual\|mirror\|mme\|mpls\|nat\|nd\|neighbor\|network\|note\|ntp\|ospf\|ospf-v3\|ovpn-server\|page\|peer\|pim\|ping\|policy\|pool\|port\|ppp\|pppoe-client\|pptp-server\|prefix\|profile\|proposal\|proxy\|queue\|radius\|resource\|rip\|ripng\|route\|routing\|screen\|script\|security-profiles\|server\|service\|service-port\|settings\|shares\|smb\|sms\|sniffer\|snmp\|snooper\|socks\|sstp-server\|system\|tool\|tracking\|type\|upgrade\|upnp\|user-manager\|users\|user\|vlan\|secret\|vrrp\|watchdog\|web-access\|wireless\|pptp\|pppoe\|lan\|wan\|layer7-protocol\|lease\|simple\|raw);?\\s)+X | | highlight.js:6:12:6:695 | (Add\|Clear\|Close\|Copy\|Enter\|Exit\|Find\|Format\|Get\|Hide\|Join\|Lock\|Move\|New\|Open\|Optimize\|Pop\|Push\|Redo\|Remove\|Rename\|Reset\|Resize\|Search\|Select\|Set\|Show\|Skip\|Split\|Step\|Switch\|Undo\|Unlock\|Watch\|Backup\|Checkpoint\|Compare\|Compress\|Convert\|ConvertFrom\|ConvertTo\|Dismount\|Edit\|Expand\|Export\|Group\|Import\|Initialize\|Limit\|Merge\|New\|Out\|Publish\|Restore\|Save\|Sync\|Unpublish\|Update\|Approve\|Assert\|Complete\|Confirm\|Deny\|Disable\|Enable\|Install\|Invoke\|Register\|Request\|Restart\|Resume\|Start\|Stop\|Submit\|Suspend\|Uninstall\|Unregister\|Wait\|Debug\|Measure\|Ping\|Repair\|Resolve\|Test\|Trace\|Connect\|Disconnect\|Read\|Receive\|Send\|Write\|Block\|Grant\|Protect\|Revoke\|Unblock\|Unprotect\|Use\|ForEach\|Sort\|Tee\|Where)+ | Strings with many repetitions of 'Add' can start matching anywhere after the start of the preceeding (Add\|Clear\|Close\|Copy\|Enter\|Exit\|Find\|Format\|Get\|Hide\|Join\|Lock\|Move\|New\|Open\|Optimize\|Pop\|Push\|Redo\|Remove\|Rename\|Reset\|Resize\|Search\|Select\|Set\|Show\|Skip\|Split\|Step\|Switch\|Undo\|Unlock\|Watch\|Backup\|Checkpoint\|Compare\|Compress\|Convert\|ConvertFrom\|ConvertTo\|Dismount\|Edit\|Expand\|Export\|Group\|Import\|Initialize\|Limit\|Merge\|New\|Out\|Publish\|Restore\|Save\|Sync\|Unpublish\|Update\|Approve\|Assert\|Complete\|Confirm\|Deny\|Disable\|Enable\|Install\|Invoke\|Register\|Request\|Restart\|Resume\|Start\|Stop\|Submit\|Suspend\|Uninstall\|Unregister\|Wait\|Debug\|Measure\|Ping\|Repair\|Resolve\|Test\|Trace\|Connect\|Disconnect\|Read\|Receive\|Send\|Write\|Block\|Grant\|Protect\|Revoke\|Unblock\|Unprotect\|Use\|ForEach\|Sort\|Tee\|Where)+(-)[\\w\\d]+ | | highlight.js:7:13:7:692 | (Add\|Clear\|Close\|Copy\|Enter\|Exit\|Find\|Format\|Get\|Hide\|Join\|Lock\|Move\|New\|Open\|Optimize\|Pop\|Push\|Redo\|Remove\|Rename\|Reset\|Resize\|Search\|Select\|Set\|Show\|Skip\|Split\|Step\|Switch\|Undo\|Unlock\|Watch\|Backup\|Checkpoint\|Compare\|Compress\|Convert\|ConvertFrom\|ConvertTo\|Dismount\|Edit\|Expand\|Export\|Group\|Import\|Initialize\|Limit\|Merge\|Out\|Publish\|Restore\|Save\|Sync\|Unpublish\|Update\|Approve\|Assert\|Complete\|Confirm\|Deny\|Disable\|Enable\|Install\|Invoke\|Register\|Request\|Restart\|Resume\|Start\|Stop\|Submit\|Suspend\|Uninstall\|Unregister\|Wait\|Debug\|Measure\|Ping\|Repair\|Resolve\|Test\|Trace\|Connect\|Disconnect\|Read\|Receive\|Send\|Write\|Block\|Grant\|Protect\|Revoke\|Unblock\|Unprotect\|Use\|ForEach\|Sort\|Tee\|Where)+ | Strings with many repetitions of 'Add' can start matching anywhere after the start of the preceeding (Add\|Clear\|Close\|Copy\|Enter\|Exit\|Find\|Format\|Get\|Hide\|Join\|Lock\|Move\|New\|Open\|Optimize\|Pop\|Push\|Redo\|Remove\|Rename\|Reset\|Resize\|Search\|Select\|Set\|Show\|Skip\|Split\|Step\|Switch\|Undo\|Unlock\|Watch\|Backup\|Checkpoint\|Compare\|Compress\|Convert\|ConvertFrom\|ConvertTo\|Dismount\|Edit\|Expand\|Export\|Group\|Import\|Initialize\|Limit\|Merge\|Out\|Publish\|Restore\|Save\|Sync\|Unpublish\|Update\|Approve\|Assert\|Complete\|Confirm\|Deny\|Disable\|Enable\|Install\|Invoke\|Register\|Request\|Restart\|Resume\|Start\|Stop\|Submit\|Suspend\|Uninstall\|Unregister\|Wait\|Debug\|Measure\|Ping\|Repair\|Resolve\|Test\|Trace\|Connect\|Disconnect\|Read\|Receive\|Send\|Write\|Block\|Grant\|Protect\|Revoke\|Unblock\|Unprotect\|Use\|ForEach\|Sort\|Tee\|Where)+(-)[\\w\\d]+ | | highlight.js:14:17:14:52 | [a-z0-9&#*=?@\\\\><:,()$[\\]_.{}!+%^-]+ | Strings with many repetitions of '!' can start matching anywhere after the start of the preceeding ([ ]*[a-z0-9&#*=?@\\\\><:,()$[\\]_.{}!+%^-]+)+ | @@ -7,8 +7,7 @@ | highlight.js:18:20:18:22 | .*? | Strings starting with '"' and with many repetitions of '"' can start matching anywhere after the start of the preceeding .*? | | highlight.js:18:27:18:29 | .*? | Strings starting with '[' and with many repetitions of '[' can start matching anywhere after the start of the preceeding .*? | | highlight.js:18:33:18:69 | [^\\s!"#%&'()*+,.\\/;<=>@\\[\\\\\\]^`{\|}~]+ | Strings with many repetitions of '$' can start matching anywhere after the start of the preceeding .*? | -| highlight.js:19:56:19:61 | [^\\]]+ | Strings starting with '[' and with many repetitions of '[' can start matching anywhere after the start of the preceeding (\\.\|\\.\\/\|\\/)?(""\|"[^"]+"\|''\|'[^']+'\|\\[\\]\|\\[[^\\]]+\\]\|[^\\s!"#%&'()*+,.\\/;<=>@\\[\\\\\\]^`{\|}~]+)((\\.\|\\/)(""\|"[^"]+"\|''\|'[^']+'\|\\[\\]\|\\[[^\\]]+\\]\|[^\\s!"#%&'()*+,.\\/;<=>@\\[\\\\\\]^`{\|}~]+))* | -| highlight.js:19:141:19:146 | [^\\]]+ | Strings starting with '"".[' and with many repetitions of '$.[' can start matching anywhere after the start of the preceeding (\\.\|\\.\\/\|\\/)?(""\|"[^"]+"\|''\|'[^']+'\|\\[\\]\|\\[[^\\]]+\\]\|[^\\s!"#%&'()*+,.\\/;<=>@\\[\\\\\\]^`{\|}~]+)((\\.\|\\/)(""\|"[^"]+"\|''\|'[^']+'\|\\[\\]\|\\[[^\\]]+\\]\|[^\\s!"#%&'()*+,.\\/;<=>@\\[\\\\\\]^`{\|}~]+))* | +| highlight.js:19:56:19:61 | [^\\]]+ | Strings starting with '[' and with many repetitions of '.[' can start matching anywhere after the start of the preceeding (\\.\|\\.\\/\|\\/)?(""\|"[^"]+"\|''\|'[^']+'\|\\[\\]\|\\[[^\\]]+\\]\|[^\\s!"#%&'()*+,.\\/;<=>@\\[\\\\\\]^`{\|}~]+)((\\.\|\\/)(""\|"[^"]+"\|''\|'[^']+'\|\\[\\]\|\\[[^\\]]+\\]\|[^\\s!"#%&'()*+,.\\/;<=>@\\[\\\\\\]^`{\|}~]+))* | | highlight.js:22:12:22:82 | ((decltype\\(auto\\)\|(?:[a-zA-Z_]\\w*::)?[a-zA-Z_]\\w*(?:<.*?>)?)[\\*&\\s]+)+ | Strings with many repetitions of 'A\\t' can start matching anywhere after the start of the preceeding .*? | | highlight.js:22:43:22:45 | \\w* | Strings starting with 'A' and with many repetitions of 'A' can start matching anywhere after the start of the preceeding .*? | | highlight.js:22:66:22:68 | .*? | Strings starting with 'A<' and with many repetitions of 'A<' can start matching anywhere after the start of the preceeding \\w* | @@ -17,8 +16,8 @@ | highlight.js:23:42:23:44 | \\w* | Strings starting with 'A' and with many repetitions of 'A' can start matching anywhere after the start of the preceeding ((decltype\\(auto\\)\|([a-zA-Z_]\\w*::)?[a-zA-Z_]\\w*(<[^<>]+>)?)[\\*&\\s]+)+([a-zA-Z_]\\w*::)?[a-zA-Z]\\w*\\s*\\( | | highlight.js:23:63:23:68 | [^<>]+ | Strings starting with 'A<' and with many repetitions of ';>\\tA<' can start matching anywhere after the start of the preceeding ((decltype\\(auto\\)\|([a-zA-Z_]\\w*::)?[a-zA-Z_]\\w*(<[^<>]+>)?)[\\*&\\s]+)+([a-zA-Z_]\\w*::)?[a-zA-Z]\\w*\\s*\\( | | highlight.js:23:73:23:80 | [\\*&\\s]+ | Strings starting with 'A' and with many repetitions of '\\tA\\t' can start matching anywhere after the start of the preceeding ((decltype\\(auto\\)\|([a-zA-Z_]\\w*::)?[a-zA-Z_]\\w*(<[^<>]+>)?)[\\*&\\s]+)+([a-zA-Z_]\\w*::)?[a-zA-Z]\\w*\\s*\\( | -| highlight.js:26:14:26:34 | (([\\/.])[\\w\\-.\\/=]+)+ | Strings with many repetitions of '..' can start matching anywhere after the start of the preceeding [\\w\\-.\\/=]+ | -| highlight.js:26:22:26:32 | [\\w\\-.\\/=]+ | Strings with many repetitions of '..' can start matching anywhere after the start of the preceeding (([\\/.])[\\w\\-.\\/=]+)+ | +| highlight.js:26:14:26:34 | (([\\/.])[\\w\\-.\\/=]+)+ | Strings with many repetitions of '.-' can start matching anywhere after the start of the preceeding [\\w\\-.\\/=]+ | +| highlight.js:26:22:26:32 | [\\w\\-.\\/=]+ | Strings with many repetitions of '.-' can start matching anywhere after the start of the preceeding (([\\/.])[\\w\\-.\\/=]+)+ | | highlight.js:31:14:31:28 | (?:\\\\.\|[^`\\\\])+ | Strings starting with '`' and with many repetitions of '\\\\`' can start matching anywhere after the start of the preceeding `(?:\\\\.\|[^`\\\\])+` | | highlight.js:38:21:38:23 | \\w* | Strings starting with 'A' and with many repetitions of 'A' can start matching anywhere after the start of the preceeding [a-zA-Z_]\\w*\\([^()]*(\\([^()]*(\\([^()]*\\))*[^()]*\\))*[^()]*\\)\\s*\\{ | | highlight.js:38:54:38:59 | [^()]* | Strings starting with 'A((' and with many repetitions of ''' can start matching anywhere after the start of the preceeding [^()]* | @@ -94,6 +93,7 @@ | polynomial-redos.js:64:14:64:15 | Y* | Strings starting with 'fooY' and with many repetitions of 'Y' can start matching anywhere after the start of the preceeding (K\|Y)+ | | polynomial-redos.js:65:14:65:15 | .* | Strings starting with 'fooY' and with many repetitions of 'K' can start matching anywhere after the start of the preceeding (K\|Y)+ | | polynomial-redos.js:66:9:66:10 | .* | Strings starting with 'K' and with many repetitions of 'K' can start matching anywhere after the start of the preceeding (K\|Y).*X | +| polynomial-redos.js:67:8:67:9 | .* | Strings starting with 'X' and with many repetitions of 'Z' can start matching anywhere after the start of the preceeding [^Y].*X | | polynomial-redos.js:68:8:68:9 | .* | Strings starting with 'X' and with many repetitions of 'X' can start matching anywhere after the start of the preceeding [^Y].*$ | | polynomial-redos.js:69:8:69:9 | .* | Strings starting with 'X' and with many repetitions of 'X' can start matching anywhere after the start of the preceeding [^Y].*$ | | polynomial-redos.js:71:51:71:63 | [?\\x21-\\x7E]* | Strings starting with ',-+' and with many repetitions of '++' can start matching anywhere after the start of the preceeding [A-Za-z0-9+/]+ | @@ -123,6 +123,7 @@ | polynomial-redos.js:111:17:111:19 | \\s* | Strings with many repetitions of '\\t' can start matching anywhere after the start of the preceeding \\s*$ | | polynomial-redos.js:112:17:112:19 | \\s+ | Strings with many repetitions of '\\t' can start matching anywhere after the start of the preceeding \\s+$ | | polynomial-redos.js:114:22:114:24 | \\w* | Strings starting with '5' and with many repetitions of '5' can start matching anywhere after the start of the preceeding \\d* | +| polynomial-redos.js:116:21:116:28 | [\\d\\D]*? | Strings starting with '/*' and with many repetitions of 'a/*' can start matching anywhere after the start of the preceeding \\/\\*[\\d\\D]*?\\*\\/ | | polynomial-redos.js:118:17:118:23 | (#\\d+)+ | Strings with many repetitions of '0' can start matching anywhere after the start of the preceeding \\d+ | | polynomial-redos.js:124:33:124:35 | \\s+ | Strings with many repetitions of '\\t' can start matching anywhere after the start of the preceeding \\s+$ | | polynomial-redos.js:130:21:130:22 | c+ | Strings starting with 'c' and with many repetitions of 'c' can start matching anywhere after the start of the preceeding cc+D | @@ -134,26 +135,22 @@ | regexplib/address.js:27:93:27:95 | \\s* | Strings with many repetitions of '\\t' can start matching anywhere after the start of the preceeding (\\s*(7\|8)(\\d{7}\|\\d{3}(\\-\|\\s{1})\\d{4})\\s*) | | regexplib/address.js:38:39:38:45 | [ 0-9]* | Strings starting with 'po' and with many repetitions of ' ' can start matching anywhere after the start of the preceeding [ \|\\.]* | | regexplib/address.js:51:220:51:222 | \\w+ | Strings starting with 'C/O ' and with many repetitions of '0' can start matching anywhere after the start of the preceeding \\x20* | -| regexplib/address.js:51:331:51:344 | [a-zA-Z0-9\\-]+ | Strings starting with 'C/O 0#' and with many repetitions of 'FL0' can start matching anywhere after the start of the preceeding \\w+ | -| regexplib/address.js:51:399:51:401 | \\s+ | Strings starting with 'C/O 0' and with many repetitions of ' ' can start matching anywhere after the start of the preceeding \\x20* | +| regexplib/address.js:51:331:51:344 | [a-zA-Z0-9\\-]+ | Strings starting with 'C/O 0#' and with many repetitions of '0APT0' can start matching anywhere after the start of the preceeding \\w+ | | regexplib/address.js:51:415:51:419 | \\x20+ | Strings starting with 'C/O 0\\t0' and with many repetitions of ' 0 ' can start matching anywhere after the start of the preceeding \\x20* | -| regexplib/address.js:51:420:51:422 | \\w+ | Strings starting with 'C/O 0\\t0 ' and with many repetitions of '0 0 ' can start matching anywhere after the start of the preceeding \\w+ | | regexplib/address.js:51:616:51:618 | \\w+ | Strings starting with 'C/O 0\\tC/O ' and with many repetitions of '0' can start matching anywhere after the start of the preceeding \\x20* | -| regexplib/address.js:51:727:51:740 | [a-zA-Z0-9\\-]+ | Strings starting with 'C/O 0\\t0 0#' and with many repetitions of 'FL0' can start matching anywhere after the start of the preceeding \\w+ | -| regexplib/address.js:51:796:51:798 | \\s+ | Strings starting with 'C/O 0\\t' and with many repetitions of ' ' can start matching anywhere after the start of the preceeding \\s+ | +| regexplib/address.js:51:727:51:740 | [a-zA-Z0-9\\-]+ | Strings starting with 'C/O 0\\t0 0#' and with many repetitions of '0APT0' can start matching anywhere after the start of the preceeding \\w+ | +| regexplib/address.js:51:796:51:798 | \\s+ | Strings starting with 'C/O 0\\t' and with many repetitions of '\\t\\t' can start matching anywhere after the start of the preceeding \\s+ | | regexplib/address.js:51:803:51:811 | [A-Za-z]+ | Strings starting with 'C/O 0\\t\\t' and with many repetitions of 'A' can start matching anywhere after the start of the preceeding \\w+ | | regexplib/address.js:67:379:67:755 | [a-zA-Z0-9ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝßàáâãäåæçèéêëìíîïñòóôõöøùúûüýÿ\\.\\,\\-\\/\\' ]+ | Strings starting with '#' and with many repetitions of '#' can start matching anywhere after the start of the preceeding [a-zA-Z0-9ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝßàáâãäåæçèéêëìíîïñòóôõöøùúûüýÿ\\.\\,\\-\\/\\']+ | | regexplib/address.js:69:3:69:5 | \\s* | Strings with many repetitions of '\\t' can start matching anywhere after the start of the preceeding (\\s*\\(?0\\d{4}\\)?(\\s*\|-)\\d{3}(\\s*\|-)\\d{3}\\s*) | | regexplib/address.js:69:48:69:50 | \\s* | Strings with many repetitions of '\\t' can start matching anywhere after the start of the preceeding (\\s*\\(?0\\d{3}\\)?(\\s*\|-)\\d{3}(\\s*\|-)\\d{4}\\s*) | | regexplib/address.js:69:93:69:95 | \\s* | Strings with many repetitions of '\\t' can start matching anywhere after the start of the preceeding (\\s*(7\|8)(\\d{7}\|\\d{3}(\\-\|\\s{1})\\d{4})\\s*) | | regexplib/address.js:75:220:75:222 | \\w+ | Strings starting with 'C/O ' and with many repetitions of '0' can start matching anywhere after the start of the preceeding \\x20* | -| regexplib/address.js:75:331:75:344 | [a-zA-Z0-9\\-]+ | Strings starting with 'C/O 0#' and with many repetitions of 'FL0' can start matching anywhere after the start of the preceeding \\w+ | -| regexplib/address.js:75:399:75:401 | \\s+ | Strings starting with 'C/O 0' and with many repetitions of ' ' can start matching anywhere after the start of the preceeding \\x20* | +| regexplib/address.js:75:331:75:344 | [a-zA-Z0-9\\-]+ | Strings starting with 'C/O 0#' and with many repetitions of '0APT0' can start matching anywhere after the start of the preceeding \\w+ | | regexplib/address.js:75:415:75:419 | \\x20+ | Strings starting with 'C/O 0\\t0' and with many repetitions of ' 0 ' can start matching anywhere after the start of the preceeding \\x20* | -| regexplib/address.js:75:420:75:422 | \\w+ | Strings starting with 'C/O 0\\t0 ' and with many repetitions of '0 0 ' can start matching anywhere after the start of the preceeding \\w+ | | regexplib/address.js:75:616:75:618 | \\w+ | Strings starting with 'C/O 0\\tC/O ' and with many repetitions of '0' can start matching anywhere after the start of the preceeding \\x20* | -| regexplib/address.js:75:727:75:740 | [a-zA-Z0-9\\-]+ | Strings starting with 'C/O 0\\t0 0#' and with many repetitions of 'FL0' can start matching anywhere after the start of the preceeding \\w+ | -| regexplib/address.js:75:796:75:798 | \\s+ | Strings starting with 'C/O 0\\t' and with many repetitions of ' ' can start matching anywhere after the start of the preceeding \\s+ | +| regexplib/address.js:75:727:75:740 | [a-zA-Z0-9\\-]+ | Strings starting with 'C/O 0\\t0 0#' and with many repetitions of '0APT0' can start matching anywhere after the start of the preceeding \\w+ | +| regexplib/address.js:75:796:75:798 | \\s+ | Strings starting with 'C/O 0\\t' and with many repetitions of '\\t\\t' can start matching anywhere after the start of the preceeding \\s+ | | regexplib/address.js:75:803:75:811 | [A-Za-z]+ | Strings starting with 'C/O 0\\t\\t' and with many repetitions of 'A' can start matching anywhere after the start of the preceeding \\w+ | | regexplib/address.js:85:15:85:49 | ([0-9]\|[ ]\|[-]\|[\\(]\|[\\)]\|ext.\|[,])+ | Strings with many repetitions of ' ' can start matching anywhere after the start of the preceeding (?([0-9]\|[ ]\|[-]\|[\\(]\|[\\)]\|ext.\|[,])+)([ ]\|[:]\|\\t\|[-])*(?Home\|Office\|Work\|Away\|Fax\|FAX\|Phone) | | regexplib/address.js:85:51:85:67 | ([ ]\|[:]\|\\t\|[-])* | Strings starting with '0' and with many repetitions of ' ' can start matching anywhere after the start of the preceeding ([0-9]\|[ ]\|[-]\|[\\(]\|[\\)]\|ext.\|[,])+ | @@ -167,10 +164,8 @@ | regexplib/email.js:5:24:5:35 | [a-zA-Z0-9]+ | Strings starting with '0' and with many repetitions of '0' can start matching anywhere after the start of the preceeding ([_\\.\\-]?[a-zA-Z0-9]+)* | | regexplib/email.js:5:63:5:74 | [a-zA-Z0-9]+ | Strings starting with '0@0' and with many repetitions of '0' can start matching anywhere after the start of the preceeding [A-Za-z0-9]+ | | regexplib/email.js:8:16:8:49 | [^ \\t\\(\\)\\<\\>@,;\\:\\\\\\"\\.\\[\\]\\r\\n]+ | Strings with many repetitions of '!' can start matching anywhere after the start of the preceeding (?(?:(?:[^ \\t\\(\\)\\<\\>@,;\\:\\\\\\"\\.\\[\\]\\r\\n]+)\|(?:\\"(?:(?:[^\\"\\\\\\r\\n])\|(?:\\\\.))*\\"))(?:\\.(?:(?:[^ \\t\\(\\)\\<\\>@,;\\:\\\\\\"\\.\\[\\]\\r\\n]+)\|(?:\\"(?:(?:[^\\"\\\\\\r\\n])\|(?:\\\\.))*\\")))*)@(?(?:(?:[^ \\t\\(\\)\\<\\>@,;\\:\\\\\\"\\.\\[\\]\\r\\n]+)\|(?:\\[(?:(?:[^\\[\\]\\\\\\r\\n])\|(?:\\\\.))*\\]))(?:\\.(?:(?:[^ \\t\\(\\)\\<\\>@,;\\:\\\\\\"\\.\\[\\]\\r\\n]+)\|(?:\\[(?:(?:[^\\[\\]\\\\\\r\\n])\|(?:\\\\.))*\\])))*) | -| regexplib/email.js:8:57:8:84 | (?:(?:[^\\"\\\\\\r\\n])\|(?:\\\\.))* | Strings starting with '"' and with many repetitions of '\\\\"' can start matching anywhere after the start of the preceeding (?(?:(?:[^ \\t\\(\\)\\<\\>@,;\\:\\\\\\"\\.\\[\\]\\r\\n]+)\|(?:\\"(?:(?:[^\\"\\\\\\r\\n])\|(?:\\\\.))*\\"))(?:\\.(?:(?:[^ \\t\\(\\)\\<\\>@,;\\:\\\\\\"\\.\\[\\]\\r\\n]+)\|(?:\\"(?:(?:[^\\"\\\\\\r\\n])\|(?:\\\\.))*\\")))*)@(?(?:(?:[^ \\t\\(\\)\\<\\>@,;\\:\\\\\\"\\.\\[\\]\\r\\n]+)\|(?:\\[(?:(?:[^\\[\\]\\\\\\r\\n])\|(?:\\\\.))*\\]))(?:\\.(?:(?:[^ \\t\\(\\)\\<\\>@,;\\:\\\\\\"\\.\\[\\]\\r\\n]+)\|(?:\\[(?:(?:[^\\[\\]\\\\\\r\\n])\|(?:\\\\.))*\\])))*) | | regexplib/email.js:8:89:8:174 | (?:\\.(?:(?:[^ \\t\\(\\)\\<\\>@,;\\:\\\\\\"\\.\\[\\]\\r\\n]+)\|(?:\\"(?:(?:[^\\"\\\\\\r\\n])\|(?:\\\\.))*\\")))* | Strings starting with '!' and with many repetitions of '.!' can start matching anywhere after the start of the preceeding (?(?:(?:[^ \\t\\(\\)\\<\\>@,;\\:\\\\\\"\\.\\[\\]\\r\\n]+)\|(?:\\"(?:(?:[^\\"\\\\\\r\\n])\|(?:\\\\.))*\\"))(?:\\.(?:(?:[^ \\t\\(\\)\\<\\>@,;\\:\\\\\\"\\.\\[\\]\\r\\n]+)\|(?:\\"(?:(?:[^\\"\\\\\\r\\n])\|(?:\\\\.))*\\")))*)@(?(?:(?:[^ \\t\\(\\)\\<\\>@,;\\:\\\\\\"\\.\\[\\]\\r\\n]+)\|(?:\\[(?:(?:[^\\[\\]\\\\\\r\\n])\|(?:\\\\.))*\\]))(?:\\.(?:(?:[^ \\t\\(\\)\\<\\>@,;\\:\\\\\\"\\.\\[\\]\\r\\n]+)\|(?:\\[(?:(?:[^\\[\\]\\\\\\r\\n])\|(?:\\\\.))*\\])))*) | | regexplib/email.js:8:100:8:133 | [^ \\t\\(\\)\\<\\>@,;\\:\\\\\\"\\.\\[\\]\\r\\n]+ | Strings starting with '!.' and with many repetitions of '!.!' can start matching anywhere after the start of the preceeding (?(?:(?:[^ \\t\\(\\)\\<\\>@,;\\:\\\\\\"\\.\\[\\]\\r\\n]+)\|(?:\\"(?:(?:[^\\"\\\\\\r\\n])\|(?:\\\\.))*\\"))(?:\\.(?:(?:[^ \\t\\(\\)\\<\\>@,;\\:\\\\\\"\\.\\[\\]\\r\\n]+)\|(?:\\"(?:(?:[^\\"\\\\\\r\\n])\|(?:\\\\.))*\\")))*)@(?(?:(?:[^ \\t\\(\\)\\<\\>@,;\\:\\\\\\"\\.\\[\\]\\r\\n]+)\|(?:\\[(?:(?:[^\\[\\]\\\\\\r\\n])\|(?:\\\\.))*\\]))(?:\\.(?:(?:[^ \\t\\(\\)\\<\\>@,;\\:\\\\\\"\\.\\[\\]\\r\\n]+)\|(?:\\[(?:(?:[^\\[\\]\\\\\\r\\n])\|(?:\\\\.))*\\])))*) | -| regexplib/email.js:8:141:8:168 | (?:(?:[^\\"\\\\\\r\\n])\|(?:\\\\.))* | Strings starting with '!."' and with many repetitions of '".!."' can start matching anywhere after the start of the preceeding (?(?:(?:[^ \\t\\(\\)\\<\\>@,;\\:\\\\\\"\\.\\[\\]\\r\\n]+)\|(?:\\"(?:(?:[^\\"\\\\\\r\\n])\|(?:\\\\.))*\\"))(?:\\.(?:(?:[^ \\t\\(\\)\\<\\>@,;\\:\\\\\\"\\.\\[\\]\\r\\n]+)\|(?:\\"(?:(?:[^\\"\\\\\\r\\n])\|(?:\\\\.))*\\")))*)@(?(?:(?:[^ \\t\\(\\)\\<\\>@,;\\:\\\\\\"\\.\\[\\]\\r\\n]+)\|(?:\\[(?:(?:[^\\[\\]\\\\\\r\\n])\|(?:\\\\.))*\\]))(?:\\.(?:(?:[^ \\t\\(\\)\\<\\>@,;\\:\\\\\\"\\.\\[\\]\\r\\n]+)\|(?:\\[(?:(?:[^\\[\\]\\\\\\r\\n])\|(?:\\\\.))*\\])))*) | | regexplib/email.js:12:2:12:4 | \\w+ | Strings with many repetitions of '0' can start matching anywhere after the start of the preceeding \\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*([,;]\\s*\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*)* | | regexplib/email.js:12:5:12:15 | ([-+.]\\w+)* | Strings starting with '0' and with many repetitions of '+0' can start matching anywhere after the start of the preceeding \\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*([,;]\\s*\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*)* | | regexplib/email.js:12:11:12:13 | \\w+ | Strings starting with '0+' and with many repetitions of '0+' can start matching anywhere after the start of the preceeding \\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*([,;]\\s*\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*)* | @@ -201,16 +196,12 @@ | regexplib/markup.js:2:3:2:7 | [^>]* | Strings starting with '<' and with many repetitions of '<' can start matching anywhere after the start of the preceeding <[^>]*> | | regexplib/markup.js:3:440:3:456 | (\\s(?.+?))* | Strings starting with '.+?))* | -| regexplib/markup.js:5:1525:5:1527 | \\s* | Strings starting with '?'DateLiteral' ?# Per the VB Spec : DateLiteral ::= '#' DateOrTime '#' # ?'DateOrTime' DateValue ?# TimeValue ::= HourValue : MinuteValue 10 ?# Hour 01 - 24 : 60 ?# Minute 01 - 60 : ?# Optional Minute :01 - :60 ' and with many repetitions of ' ' can start matching anywhere after the start of the preceeding \\s* | -| regexplib/markup.js:6:11:6:25 | [\\w\\*\\)\\(\\,\\s]+ | Strings starting with 'SELECT\\t' and with many repetitions of 'SELECT\\t' can start matching anywhere after the start of the preceeding (SELECT\\s[\\w\\*\\)\\(\\,\\s]+\\sFROM\\s[\\w]+) | | regexplib/markup.js:6:99:6:113 | [\\s\\w\\d\\)\\(\\,]* | Strings starting with ' INSERT\\tINTO\\t0' and with many repetitions of '0' can start matching anywhere after the start of the preceeding [\\d\\w]+ | | regexplib/markup.js:7:8:7:23 | (?:\\\\.\|[^\\\\"]*)* | Strings starting with '"!' and with many repetitions of '\\\\"!\\\\a' can start matching anywhere after the start of the preceeding "([^"](?:\\\\.\|[^\\\\"]*)*)" | | regexplib/markup.js:9:6:9:13 | [\\s\\S]*? | Strings starting with ' | | regexplib/markup.js:12:40:12:42 | .*? | Strings starting with ') | | regexplib/markup.js:12:117:12:121 | [^>]* | Strings starting with ']*>) | -| regexplib/markup.js:12:149:12:153 | [^>]* | Strings starting with 'font-family:' and with many repetitions of 'font-family:' can start matching anywhere after the start of the preceeding (font-family:[^>]*[;']) | -| regexplib/markup.js:12:171:12:175 | [^>]* | Strings starting with 'font-size:' and with many repetitions of 'font-size:' can start matching anywhere after the start of the preceeding (font-size:[^>]*[;'])(?-s) | | regexplib/markup.js:13:6:13:12 | [^"']+? | Strings starting with '<' and with many repetitions of '!' can start matching anywhere after the start of the preceeding .*? | | regexplib/markup.js:13:14:13:16 | .+? | Strings starting with '<' and with many repetitions of '!' can start matching anywhere after the start of the preceeding .*? | | regexplib/markup.js:14:13:14:14 | .* | Strings starting with '<' and with many repetitions of 'a' can start matching anywhere after the start of the preceeding .* | @@ -226,8 +217,7 @@ | regexplib/markup.js:20:52:20:53 | .* | Strings with many repetitions of '=color' can start matching anywhere after the start of the preceeding [^>]+ | | regexplib/markup.js:20:155:20:156 | '+ | Strings with many repetitions of '''' can start matching anywhere after the start of the preceeding '+ | | regexplib/markup.js:20:197:20:198 | "+ | Strings with many repetitions of '""' can start matching anywhere after the start of the preceeding "+ | -| regexplib/markup.js:20:245:20:247 | .*? | Strings with many repetitions of 'color: # IF found THEN move ahead "" # single or double # or no quotes\\t' can start matching anywhere after the start of the preceeding .*? | -| regexplib/markup.js:20:274:20:276 | .*? | Strings starting with ']+color.*>) #IF\\/THEN lookahead color in tag (.*?color\\s*?[=\|:]\\s*?) # IF found THEN move ahead ('+\\#*?[\\w\\s]*'+ # CAPTURE ColorName\\/Hex \|"+\\#*?[\\w\\s]*"+ # single or double \|\\#*\\w*\\b) # or no quotes\t.*?> # & move to end of tag \|.*?> # ELSE move to end of Tag ) # Close the If\\/Then lookahead # Use Multiline and IgnoreCase # Replace the matches from RE with MatchEvaluator below: # if m.Groups(1).Value<>"" then # Return "" # else # Return "" # end if | +| regexplib/markup.js:20:274:20:276 | .*? | Strings starting with ']+color.*>) #IF\\/THEN lookahead color in tag (.*?color\\s*?[=\|:]\\s*?) # IF found THEN move ahead ('+\\#*?[\\w\\s]*'+ # CAPTURE ColorName\\/Hex \|"+\\#*?[\\w\\s]*"+ # single or double \|\\#*\\w*\\b) # or no quotes\t.*?> # & move to end of tag \|.*?> # ELSE move to end of Tag ) # Close the If\\/Then lookahead # Use Multiline and IgnoreCase # Replace the matches from RE with MatchEvaluator below: # if m.Groups(1).Value<>"" then # Return "" # else # Return "" # end if | | regexplib/markup.js:24:39:24:41 | \\s+ | Strings starting with '<A' and with many repetitions of '\\t-\\t!=\\t' can start matching anywhere after the start of the preceeding \\s* | | regexplib/markup.js:24:43:24:45 | \\S+ | Strings starting with '<A\\t' and with many repetitions of '-\\t!=' can start matching anywhere after the start of the preceeding \\s* | | regexplib/markup.js:24:48:24:50 | \\s* | Strings starting with '<A\\t!' and with many repetitions of '\\t=-\\t!\\t' can start matching anywhere after the start of the preceeding \\s+ | @@ -236,6 +226,7 @@ | regexplib/markup.js:25:45:25:49 | [^>]* | Strings starting with ']* | Strings starting with '<' and with many repetitions of '<' can start matching anywhere after the start of the preceeding <[^>]*name[\\s]*=[\\s]*"?[^\\w_]*"?[^>]*> | | regexplib/markup.js:27:34:27:38 | [^>]* | Strings starting with ']* | Strings starting with '<' and with many repetitions of ']*)(\\s[^<]*)> | | regexplib/markup.js:37:15:37:19 | [\\w]* | Strings starting with '[0' and with many repetitions of '0' can start matching anywhere after the start of the preceeding \\w+ | @@ -245,6 +236,7 @@ | regexplib/markup.js:43:45:43:49 | [^>]* | Strings starting with ']* | Strings starting with '<' and with many repetitions of '<' can start matching anywhere after the start of the preceeding <[^>]*name[\\s]*=[\\s]*"?[^\\w_]*"?[^>]*> | | regexplib/markup.js:44:34:44:38 | [^>]* | Strings starting with '' and with many repetitions of '' can start matching anywhere after the start of the preceeding [^']*? | | regexplib/markup.js:62:9:62:14 | [^>]*? | Strings starting with '' and with many repetitions of '>;' can start matching anywhere after the start of the preceeding .*? | | regexplib/markup.js:62:57:62:59 | .*? | Strings starting with '' and with many repetitions of '>a' can start matching anywhere after the start of the preceeding .*? | +| regexplib/markup.js:63:70:63:77 | [\\w\\W]*? | Strings with many repetitions of 'a/*' can start matching anywhere after the start of the preceeding (?((?m:^[\\t ]*\\/{2}[^\\n\\r\\v\\f]+[\\n\\r\\v\\f]*){2,})\|(\\/\\*[\\w\\W]*?\\*\\/)) | | regexplib/misc.js:4:36:4:44 | [a-zA-Z]* | Strings starting with 'A' and with many repetitions of 'AA' can start matching anywhere after the start of the preceeding [a-zA-Z]+ | | regexplib/misc.js:76:2:76:27 | (AUX\|PRN\|NUL\|COM\\d\|LPT\\d)+ | Strings with many repetitions of 'AUX' can start matching anywhere after the start of the preceeding (AUX\|PRN\|NUL\|COM\\d\|LPT\\d)+\\s*$ | | regexplib/misc.js:81:31:81:45 | [^a-z\\:\\,\\(\\)]* | Strings starting with '#' and with many repetitions of '#' can start matching anywhere after the start of the preceeding ([A-Zäöü0-9\\/][^a-z\\:\\,\\(\\)]*[A-Zäöü0-9])($\|[\\.\\:\\,\\;\\)\\-\\ \\+]\|s\\b) | @@ -279,7 +271,7 @@ | regexplib/misc.js:95:25:95:26 | .+ | Strings starting with 'at\\t' and with many repetitions of 'at\\ta' can start matching anywhere after the start of the preceeding (at\\s)(?.+)(\\.)(?[^\\.]*)(\\()(?[^\\)]*)(\\))((\\sin\\s)(?.+)(:line )(?[\\d]*))? | | regexplib/misc.js:95:71:95:76 | [^\\)]* | Strings starting with 'at\\ta.(' and with many repetitions of '((' can start matching anywhere after the start of the preceeding .+ | | regexplib/misc.js:95:103:95:104 | .+ | Strings starting with 'at\\ta.()\\tin\\t' and with many repetitions of '()\\tin\\t-' can start matching anywhere after the start of the preceeding .+ | -| regexplib/misc.js:101:52:101:70 | [a-z0-9\\/\\.\\?\\=\\&]* | Strings starting with '".htm' and with many repetitions of '.htm' can start matching anywhere after the start of the preceeding [a-z0-9\\/\\.\\?\\=\\&]* | +| regexplib/misc.js:101:52:101:70 | [a-z0-9\\/\\.\\?\\=\\&]* | Strings starting with '".htm' and with many repetitions of '.asp' can start matching anywhere after the start of the preceeding [a-z0-9\\/\\.\\?\\=\\&]* | | regexplib/misc.js:112:3:112:5 | \\s* | Strings with many repetitions of '\\t' can start matching anywhere after the start of the preceeding (\\s*\\(?0\\d{4}\\)?\\s*\\d{6}\\s*) | | regexplib/misc.js:112:32:112:34 | \\s* | Strings with many repetitions of '\\t' can start matching anywhere after the start of the preceeding (\\s*\\(?0\\d{3}\\)?\\s*\\d{3}\\s*\\d{4}\\s*) | | regexplib/misc.js:114:6:114:8 | \\\|+ | Strings starting with 'a' and with many repetitions of '\|' can start matching anywhere after the start of the preceeding .+ | @@ -290,7 +282,7 @@ | regexplib/misc.js:123:36:123:38 | .*? | Strings starting with '?se[A' and with many repetitions of '?se[Aa' can start matching anywhere after the start of the preceeding (?s)(?:\\e\\[(?:(\\d+);?)*([A-Za-z])(.*?))(?=\\e\\[\|\\z) | | regexplib/misc.js:126:15:126:20 | [a-z]+ | Strings starting with 'a' and with many repetitions of 'aa' can start matching anywhere after the start of the preceeding [a-z]+ | | regexplib/misc.js:141:15:141:19 | [^;]+ | Strings starting with '{\\\\f\\\\' and with many repetitions of '{\\\\f\\\\:' can start matching anywhere after the start of the preceeding (\\{\\\\f\\d*)\\\\([^;]+;) | -| regexplib/misc.js:144:52:144:70 | [a-z0-9\\/\\.\\?\\=\\&]* | Strings starting with '".htm' and with many repetitions of '.htm' can start matching anywhere after the start of the preceeding [a-z0-9\\/\\.\\?\\=\\&]* | +| regexplib/misc.js:144:52:144:70 | [a-z0-9\\/\\.\\?\\=\\&]* | Strings starting with '".htm' and with many repetitions of '.asp' can start matching anywhere after the start of the preceeding [a-z0-9\\/\\.\\?\\=\\&]* | | regexplib/misc.js:148:12:148:18 | [^\\s>]+ | Strings starting with '<' and with many repetitions of ']+(\\s+[^"'=]+(=("[^"]*")\|('[^\\']*')\|([^\\s"'>]*))?)*\\s*\\/?> | | regexplib/misc.js:148:20:148:22 | \\s+ | Strings starting with '' and with many repetitions of 'href="">;' can start matching anywhere after the start of the preceeding href\\s*=\\s*(?:(?:\\"(?[^\\"]*)\\")\|(?[^\\s*] ))>(?[^<]+)<\\/\\w> | +| regexplib/uri.js:29:2:29:45 | ((http\\:\\/\\/\|https\\:\\/\\/\|ftp\\:\\/\\/)\|(www.))+ | Strings with many repetitions of 'ftp://' can start matching anywhere after the start of the preceeding ((http\\:\\/\\/\|https\\:\\/\\/\|ftp\\:\\/\\/)\|(www.))+(([a-zA-Z0-9\\.-]+\\.[a-zA-Z]{2,4})\|([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}))(\\/[a-zA-Z0-9%:/-_\\?\\.'~]*)? | +| regexplib/uri.js:31:65:31:69 | [^<]+ | Strings starting with 'href=! >' and with many repetitions of 'href=! >;' can start matching anywhere after the start of the preceeding href\\s*=\\s*(?:(?:\\"(?<url>[^\\"]*)\\")\|(?<url>[^\\s*] ))>(?<title>[^<]+)<\\/\\w> | | regexplib/uri.js:34:3:34:9 | [^\\=&]+ | Strings with many repetitions of '%' can start matching anywhere after the start of the preceeding ([^\\=&]+)(?<!param1\|param2\|param3)\\=([^\\=&]+)(&)? | | regexplib/uri.js:36:40:36:42 | \\d* | Strings starting with '$1' and with many repetitions of '1' can start matching anywhere after the start of the preceeding [1-9]+ | | regexplib/uri.js:38:20:38:28 | [a-z0-9]+ | Strings starting with 'a' and with many repetitions of '0' can start matching anywhere after the start of the preceeding [a-z]+ | @@ -406,8 +394,7 @@ | regexplib/uri.js:55:20:55:28 | [a-z0-9]+ | Strings starting with 'a' and with many repetitions of '0' can start matching anywhere after the start of the preceeding [a-z]+ | | regexplib/uri.js:55:35:55:40 | [a-z]+ | Strings starting with 'a.' and with many repetitions of 'aa' can start matching anywhere after the start of the preceeding [a-z0-9]+ | | regexplib/uri.js:55:52:55:60 | [a-z0-9]+ | Strings starting with 'a.a' and with many repetitions of '0' can start matching anywhere after the start of the preceeding [a-z]+ | -| regexplib/uri.js:58:2:58:45 | ((http\\:\\/\\/\|https\\:\\/\\/\|ftp\\:\\/\\/)\|(www.))+ | Strings with many repetitions of 'wwwa' can start matching anywhere after the start of the preceeding ((http\\:\\/\\/\|https\\:\\/\\/\|ftp\\:\\/\\/)\|(www.))+(([a-zA-Z0-9\\.-]+\\.[a-zA-Z]{2,4})\|([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}))(\\/[a-zA-Z0-9%:/-_\\?\\.'~]*)? | -| regexplib/uri.js:58:48:58:62 | [a-zA-Z0-9\\.-]+ | Strings starting with 'wwwa' and with many repetitions of 'www--' can start matching anywhere after the start of the preceeding ((http\\:\\/\\/\|https\\:\\/\\/\|ftp\\:\\/\\/)\|(www.))+ | +| regexplib/uri.js:58:2:58:45 | ((http\\:\\/\\/\|https\\:\\/\\/\|ftp\\:\\/\\/)\|(www.))+ | Strings with many repetitions of 'ftp://' can start matching anywhere after the start of the preceeding ((http\\:\\/\\/\|https\\:\\/\\/\|ftp\\:\\/\\/)\|(www.))+(([a-zA-Z0-9\\.-]+\\.[a-zA-Z]{2,4})\|([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}))(\\/[a-zA-Z0-9%:/-_\\?\\.'~]*)? | | regexplib/uri.js:64:31:64:36 | [\\w-]+ | Strings with many repetitions of '-' can start matching anywhere after the start of the preceeding [\\w-\\s]* | | regexplib/uri.js:70:16:70:31 | [a-zA-Z0-9\\-\\.]+ | Strings starting with '0' and with many repetitions of '00' can start matching anywhere after the start of the preceeding [a-zA-Z0-9]+ | | regexplib/uri.js:71:75:71:89 | [^\\/\\\\:*?"<>\|]+ | Strings starting with 'A:\\\\!.' and with many repetitions of '!.' can start matching anywhere after the start of the preceeding [^\\/\\\\:*?"<>\|]+ | @@ -489,10 +476,10 @@ | tst.js:254:51:254:53 | \\w* | Strings starting with 'foobarbazfoobarbazfoobarbaz' and with many repetitions of 'foobarbaz' can start matching anywhere after the start of the preceeding \\d* | | tst.js:254:63:254:65 | \\s* | Strings starting with 'foobarbazfoobarbazfoobarbazfoobarbaz' and with many repetitions of 'foobarbazfoobarbazfoobarbazfoobarbazfoobarbazfoobarbaz' can start matching anywhere after the start of the preceeding \\d* | | tst.js:254:75:254:77 | \\d* | Strings starting with 'foobarbazfoobarbazfoobarbazfoobarbazfoobarbaz' and with many repetitions of 'foobarbazfoobarbazfoobarbazfoobarbazfoobarbazfoobarbaz' can start matching anywhere after the start of the preceeding \\s* | -| tst.js:257:14:257:116 | (.thisisagoddamnlongstringforstresstestingthequery\|\\sthisisagoddamnlongstringforstresstestingthequery)* | Strings with many repetitions of 'athisisagoddamnlongstringforstresstestingthequery' can start matching anywhere after the start of the preceeding (.thisisagoddamnlongstringforstresstestingthequery\|\\sthisisagoddamnlongstringforstresstestingthequery)*- | +| tst.js:257:14:257:116 | (.thisisagoddamnlongstringforstresstestingthequery\|\\sthisisagoddamnlongstringforstresstestingthequery)* | Strings with many repetitions of '\\tthisisagoddamnlongstringforstresstestingthequery' can start matching anywhere after the start of the preceeding (.thisisagoddamnlongstringforstresstestingthequery\|\\sthisisagoddamnlongstringforstresstestingthequery)*- | | tst.js:260:14:260:77 | (thisisagoddamnlongstringforstresstestingthequery\|this\\w+query)* | Strings with many repetitions of 'this0query' can start matching anywhere after the start of the preceeding \\w+ | | tst.js:260:68:260:70 | \\w+ | Strings starting with 'this' and with many repetitions of 'this' can start matching anywhere after the start of the preceeding (thisisagoddamnlongstringforstresstestingthequery\|this\\w+query)* | -| tst.js:263:15:263:117 | (thisisagoddamnlongstringforstresstestingthequery\|imanotherbutunrelatedstringcomparedtotheotherstring)* | Strings with many repetitions of 'thisisagoddamnlongstringforstresstestingthequery' can start matching anywhere after the start of the preceeding (thisisagoddamnlongstringforstresstestingthequery\|imanotherbutunrelatedstringcomparedtotheotherstring)*- | +| tst.js:263:15:263:117 | (thisisagoddamnlongstringforstresstestingthequery\|imanotherbutunrelatedstringcomparedtotheotherstring)* | Strings with many repetitions of 'imanotherbutunrelatedstringcomparedtotheotherstring' can start matching anywhere after the start of the preceeding (thisisagoddamnlongstringforstresstestingthequery\|imanotherbutunrelatedstringcomparedtotheotherstring)*- | | tst.js:272:21:272:22 | b+ | Strings with many repetitions of 'b' can start matching anywhere after the start of the preceeding (b+)+ | | tst.js:275:25:275:27 | \\s+ | Strings starting with '<0' and with many repetitions of '\\t0="\\t0="\\t' can start matching anywhere after the start of the preceeding [^"]* | | tst.js:275:28:275:30 | \\w+ | Strings starting with '<0\\t' and with many repetitions of '0="\\t0="\\t' can start matching anywhere after the start of the preceeding [^"]* | @@ -535,7 +522,7 @@ | tst.js:375:15:375:16 | x* | Strings with many repetitions of 'x' can start matching anywhere after the start of the preceeding (x*)+(?=$\|y) | | tst.js:378:16:378:22 | [\\s\\S]* | Strings with many repetitions of 'a' can start matching anywhere after the start of the preceeding ([\\s\\S]*)+(?=$) | | tst.js:379:16:379:22 | [\\s\\S]* | Strings with many repetitions of 'a' can start matching anywhere after the start of the preceeding ([\\s\\S]*)+(?=$\|y) | -| tst.js:381:15:381:24 | (foo\|FOO)* | Strings with many repetitions of 'foo' can start matching anywhere after the start of the preceeding (foo\|FOO)*bar | +| tst.js:381:15:381:24 | (foo\|FOO)* | Strings with many repetitions of 'FOO' can start matching anywhere after the start of the preceeding (foo\|FOO)*bar | | tst.js:382:14:382:23 | (foo\|FOO)* | Strings with many repetitions of 'foo' can start matching anywhere after the start of the preceeding (foo\|FOO)*bar | | tst.js:384:15:384:26 | ([AB]\|[ab])* | Strings with many repetitions of 'A' can start matching anywhere after the start of the preceeding ([AB]\|[ab])*C | | tst.js:385:14:385:25 | ([DE]\|[de])* | Strings with many repetitions of 'd' can start matching anywhere after the start of the preceeding ([DE]\|[de])*F | From 654bb00946cd9f3fc7ccf23d375514d00b94291e Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Tue, 23 May 2023 10:27:19 +0200 Subject: [PATCH 570/870] Java: Tweak java.nio.files.Files.copy models --- java/ql/lib/ext/java.nio.file.model.yml | 6 ++++-- .../CWE-022/semmle/tests/TaintedPath.expected | 20 +++++-------------- .../CWE-022/semmle/tests/mad/Test.java | 10 +++++----- 3 files changed, 14 insertions(+), 22 deletions(-) diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml index ae792106180..42ae8b9052b 100644 --- a/java/ql/lib/ext/java.nio.file.model.yml +++ b/java/ql/lib/ext/java.nio.file.model.yml @@ -3,9 +3,11 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["java.nio.file", "Files", False, "copy", "", "", "Argument[0]", "read-file", "manual"] + - ["java.nio.file", "Files", False, "copy", "(Path,OutputStream)", "", "Argument[0]", "read-file", "manual"] + - ["java.nio.file", "Files", False, "copy", "(Path,Path,CopyOption[])", "", "Argument[0]", "read-file", "manual"] + - ["java.nio.file", "Files", False, "copy", "(Path,Path,CopyOption[])", "", "Argument[1]", "create-file", "manual"] - ["java.nio.file", "Files", False, "copy", "(InputStream,Path,CopyOption[])", "", "Argument[0]", "write-file", "manual"] - - ["java.nio.file", "Files", False, "copy", "", "", "Argument[1]", "create-file", "manual"] + - ["java.nio.file", "Files", False, "copy", "(InputStream,Path,CopyOption[])", "", "Argument[1]", "create-file", "manual"] - ["java.nio.file", "Files", False, "createDirectories", "", "", "Argument[0]", "create-file", "manual"] - ["java.nio.file", "Files", False, "createDirectory", "", "", "Argument[0]", "create-file", "manual"] - ["java.nio.file", "Files", False, "createFile", "", "", "Argument[0]", "create-file", "manual"] diff --git a/java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.expected b/java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.expected index 95a492fcd12..86f20972e2e 100644 --- a/java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.expected +++ b/java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.expected @@ -23,10 +23,8 @@ edges | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:46:31:46:38 | source(...) : String | | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:48:33:48:40 | source(...) : String | | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:50:27:50:34 | source(...) : String | -| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:51:27:51:34 | source(...) : String | -| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:52:34:52:41 | source(...) : String | +| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:52:27:52:34 | source(...) : String | | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:54:40:54:47 | source(...) : String | -| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:55:48:55:55 | source(...) : String | | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:56:47:56:54 | source(...) : String | | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:58:40:58:47 | source(...) : String | | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:60:38:60:45 | source(...) : String | @@ -77,10 +75,8 @@ edges | mad/Test.java:46:31:46:38 | source(...) : String | mad/Test.java:46:24:46:38 | (...)... | | mad/Test.java:48:33:48:40 | source(...) : String | mad/Test.java:48:24:48:40 | (...)... | | mad/Test.java:50:27:50:34 | source(...) : String | mad/Test.java:50:20:50:34 | (...)... | -| mad/Test.java:51:27:51:34 | source(...) : String | mad/Test.java:51:20:51:34 | (...)... | -| mad/Test.java:52:34:52:41 | source(...) : String | mad/Test.java:52:20:52:41 | (...)... | +| mad/Test.java:52:27:52:34 | source(...) : String | mad/Test.java:52:20:52:34 | (...)... | | mad/Test.java:54:40:54:47 | source(...) : String | mad/Test.java:54:33:54:47 | (...)... | -| mad/Test.java:55:48:55:55 | source(...) : String | mad/Test.java:55:33:55:55 | (...)... | | mad/Test.java:56:47:56:54 | source(...) : String | mad/Test.java:56:40:56:54 | (...)... | | mad/Test.java:58:40:58:47 | source(...) : String | mad/Test.java:58:33:58:47 | (...)... | | mad/Test.java:60:38:60:45 | source(...) : String | mad/Test.java:60:31:60:45 | (...)... | @@ -161,14 +157,10 @@ nodes | mad/Test.java:48:33:48:40 | source(...) : String | semmle.label | source(...) : String | | mad/Test.java:50:20:50:34 | (...)... | semmle.label | (...)... | | mad/Test.java:50:27:50:34 | source(...) : String | semmle.label | source(...) : String | -| mad/Test.java:51:20:51:34 | (...)... | semmle.label | (...)... | -| mad/Test.java:51:27:51:34 | source(...) : String | semmle.label | source(...) : String | -| mad/Test.java:52:20:52:41 | (...)... | semmle.label | (...)... | -| mad/Test.java:52:34:52:41 | source(...) : String | semmle.label | source(...) : String | +| mad/Test.java:52:20:52:34 | (...)... | semmle.label | (...)... | +| mad/Test.java:52:27:52:34 | source(...) : String | semmle.label | source(...) : String | | mad/Test.java:54:33:54:47 | (...)... | semmle.label | (...)... | | mad/Test.java:54:40:54:47 | source(...) : String | semmle.label | source(...) : String | -| mad/Test.java:55:33:55:55 | (...)... | semmle.label | (...)... | -| mad/Test.java:55:48:55:55 | source(...) : String | semmle.label | source(...) : String | | mad/Test.java:56:40:56:54 | (...)... | semmle.label | (...)... | | mad/Test.java:56:47:56:54 | source(...) : String | semmle.label | source(...) : String | | mad/Test.java:58:33:58:47 | (...)... | semmle.label | (...)... | @@ -273,10 +265,8 @@ subpaths | mad/Test.java:46:24:46:38 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:46:24:46:38 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value | | mad/Test.java:48:9:48:41 | new FileReader(...) | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:48:24:48:40 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value | | mad/Test.java:50:20:50:34 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:50:20:50:34 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value | -| mad/Test.java:51:20:51:34 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:51:20:51:34 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value | -| mad/Test.java:52:20:52:41 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:52:20:52:41 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value | +| mad/Test.java:52:20:52:34 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:52:20:52:34 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value | | mad/Test.java:54:33:54:47 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:54:33:54:47 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value | -| mad/Test.java:55:33:55:55 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:55:33:55:55 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value | | mad/Test.java:56:40:56:54 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:56:40:56:54 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value | | mad/Test.java:58:33:58:47 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:58:33:58:47 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value | | mad/Test.java:60:31:60:45 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:60:31:60:45 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value | diff --git a/java/ql/test/query-tests/security/CWE-022/semmle/tests/mad/Test.java b/java/ql/test/query-tests/security/CWE-022/semmle/tests/mad/Test.java index daa82c43a04..d936309e7b8 100644 --- a/java/ql/test/query-tests/security/CWE-022/semmle/tests/mad/Test.java +++ b/java/ql/test/query-tests/security/CWE-022/semmle/tests/mad/Test.java @@ -46,13 +46,13 @@ public class Test { new FileReader((File) source()); // "java.io;FileReader;true;FileReader;(String);;Argument[0];read-file;ai-generated" new FileReader((String) source()); - // "java.nio.file;Files;false;copy;;;Argument[0];read-file;manual" - Files.copy((Path) source(), (Path) null); + // "java.nio.file;Files;false;copy;(Path,OutputStream);;Argument[0];read-file;manual" Files.copy((Path) source(), (OutputStream) null); - Files.copy((InputStream) source(), null); - // "java.nio.file;Files;false;copy;;;Argument[1];create-file;manual" + // "java.nio.file;Files;false;copy;(Path,Path,CopyOption[]);;Argument[0];read-file;manual" + Files.copy((Path) source(), (Path) null); + // "java.nio.file;Files;false;copy;(Path,Path,CopyOption[]);;Argument[1];create-file;manual" Files.copy((Path) null, (Path) source()); - Files.copy((Path) null, (OutputStream) source()); + // "java.nio.file;Files;false;copy;(InputStream,Path,CopyOption[]);;Argument[1];create-file;manual" Files.copy((InputStream) null, (Path) source()); // "java.nio.file;Files;false;createDirectories;;;Argument[0];create-file;manual" Files.createDirectories((Path) source()); From 5c5f910130b619ed12c0f909dd5ee5800f3641f5 Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Tue, 23 May 2023 10:31:28 +0200 Subject: [PATCH 571/870] Add change note --- .../2023-05-23-java-nio-file-files-copy-models-tweak.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 java/ql/lib/change-notes/2023-05-23-java-nio-file-files-copy-models-tweak.md diff --git a/java/ql/lib/change-notes/2023-05-23-java-nio-file-files-copy-models-tweak.md b/java/ql/lib/change-notes/2023-05-23-java-nio-file-files-copy-models-tweak.md new file mode 100644 index 00000000000..85fc9b89197 --- /dev/null +++ b/java/ql/lib/change-notes/2023-05-23-java-nio-file-files-copy-models-tweak.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +Modified the models related to `java.nio.file.Files.copy` so that generic `[Input|Output]Stream` arguments are not considered file-related sinks. From d5d56cde5aac76d13baae120d0d1a2ce169694f5 Mon Sep 17 00:00:00 2001 From: Chris Smowton <smowton@github.com> Date: Tue, 23 May 2023 10:51:21 +0100 Subject: [PATCH 572/870] Dead store of field: count passing to a vararg function as escaping --- go/ql/src/RedundantCode/DeadStoreOfField.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go/ql/src/RedundantCode/DeadStoreOfField.ql b/go/ql/src/RedundantCode/DeadStoreOfField.ql index 2060ac1f734..9dd2c4de65c 100644 --- a/go/ql/src/RedundantCode/DeadStoreOfField.ql +++ b/go/ql/src/RedundantCode/DeadStoreOfField.ql @@ -36,7 +36,7 @@ predicate escapes(DataFlow::Node nd) { exists(SendStmt s | nd.asExpr() = s.getValue()) or // if `nd` is passed to a function, then it escapes - nd instanceof DataFlow::ArgumentNode + nd = any(DataFlow::CallNode c).getASyntacticArgument() or // if `nd` has its address taken, then it escapes exists(AddressExpr ae | nd.asExpr() = ae.getOperand()) From 40aa9417d06be28ecf5fbd208f76877923fcee84 Mon Sep 17 00:00:00 2001 From: Max Schlueter <me@maxschlueter.com> Date: Tue, 16 May 2023 12:08:31 +0200 Subject: [PATCH 573/870] Fix query12 and add test case --- .../Introducing the JavaScript libraries/query12.qll | 2 +- .../Introducing the JavaScript libraries/tests.expected | 1 + .../tutorials/Introducing the JavaScript libraries/tst.js | 4 ++++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/javascript/ql/test/tutorials/Introducing the JavaScript libraries/query12.qll b/javascript/ql/test/tutorials/Introducing the JavaScript libraries/query12.qll index 7f99c4e3674..d39a812e5bb 100644 --- a/javascript/ql/test/tutorials/Introducing the JavaScript libraries/query12.qll +++ b/javascript/ql/test/tutorials/Introducing the JavaScript libraries/query12.qll @@ -4,7 +4,7 @@ query predicate test_query12(MethodCallExpr send) { exists(SimpleParameter res, DataFlow::Node resNode | res.getName() = "res" and resNode = DataFlow::parameterNode(res) and - resNode.getASuccessor() = DataFlow::valueNode(send.getReceiver()) and + resNode.getASuccessor+() = DataFlow::valueNode(send.getReceiver()) and send.getMethodName() = "send" | any() diff --git a/javascript/ql/test/tutorials/Introducing the JavaScript libraries/tests.expected b/javascript/ql/test/tutorials/Introducing the JavaScript libraries/tests.expected index bbec34be602..1eb7f5897cc 100644 --- a/javascript/ql/test/tutorials/Introducing the JavaScript libraries/tests.expected +++ b/javascript/ql/test/tutorials/Introducing the JavaScript libraries/tests.expected @@ -21,6 +21,7 @@ test_query11 | tst.js:31:18:31:18 | x | Dead store of local variable. | | tst.js:38:7:38:23 | password = "blah" | Dead store of local variable. | test_query12 +| tst.js:42:3:42:12 | res.send() | test_query20 test_query3 | tst.js:27:1:27:4 | <!-- | Do not use HTML comments. | diff --git a/javascript/ql/test/tutorials/Introducing the JavaScript libraries/tst.js b/javascript/ql/test/tutorials/Introducing the JavaScript libraries/tst.js index 0714ee8101a..ca79d238400 100644 --- a/javascript/ql/test/tutorials/Introducing the JavaScript libraries/tst.js +++ b/javascript/ql/test/tutorials/Introducing the JavaScript libraries/tst.js @@ -37,3 +37,7 @@ var j, j; function foo() { var password = "blah"; } + +function m(res) { + res.send() +} From 97a0e44d43d9a9995eaf4622a7d63413111c5e72 Mon Sep 17 00:00:00 2001 From: Michael Nebel <michaelnebel@github.com> Date: Tue, 23 May 2023 12:04:08 +0200 Subject: [PATCH 574/870] C#: Update the DbSet models to target the actual Microsoft implementation instead of the stub. --- .../Microsoft.EntityFrameworkCore.model.yml | 21 ++++++++++++------- .../ql/lib/ext/System.Data.Entity.model.yml | 11 +++------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/csharp/ql/lib/ext/Microsoft.EntityFrameworkCore.model.yml b/csharp/ql/lib/ext/Microsoft.EntityFrameworkCore.model.yml index 4d6183ba25b..795a5079ae5 100644 --- a/csharp/ql/lib/ext/Microsoft.EntityFrameworkCore.model.yml +++ b/csharp/ql/lib/ext/Microsoft.EntityFrameworkCore.model.yml @@ -3,14 +3,19 @@ extensions: pack: codeql/csharp-all extensible: summaryModel data: - - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "Add", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddAsync", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddRange", "(System.Collections.Generic.IEnumerable<T>)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] - - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddRangeAsync", "(System.Collections.Generic.IEnumerable<T>)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] - - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "Attach", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AttachRange", "(System.Collections.Generic.IEnumerable<T>)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] - - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "Update", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "UpdateRange", "(System.Collections.Generic.IEnumerable<T>)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "Add", "(TEntity)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddAsync", "(TEntity,System.Threading.CancellationToken)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddRange", "(System.Collections.Generic.IEnumerable<TEntity>)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddRange", "(TEntity[])", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddRangeAsync", "(System.Collections.Generic.IEnumerable<TEntity>,System.Threading.CancellationToken)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddRangeAsync", "(TEntity[])", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "Attach", "(TEntity)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AttachRange", "(System.Collections.Generic.IEnumerable<TEntity>)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AttachRange", "(TEntity[])", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "Update", "(TEntity)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "UpdateRange", "(System.Collections.Generic.IEnumerable<TEntity>)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] + - ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "UpdateRange", "(TEntity[])", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] + - addsTo: pack: codeql/csharp-all diff --git a/csharp/ql/lib/ext/System.Data.Entity.model.yml b/csharp/ql/lib/ext/System.Data.Entity.model.yml index 6e7869658d7..e9bf2238065 100644 --- a/csharp/ql/lib/ext/System.Data.Entity.model.yml +++ b/csharp/ql/lib/ext/System.Data.Entity.model.yml @@ -3,14 +3,9 @@ extensions: pack: codeql/csharp-all extensible: summaryModel data: - - ["System.Data.Entity", "DbSet<>", False, "Add", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - - ["System.Data.Entity", "DbSet<>", False, "AddAsync", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - - ["System.Data.Entity", "DbSet<>", False, "AddRange", "(System.Collections.Generic.IEnumerable<T>)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] - - ["System.Data.Entity", "DbSet<>", False, "AddRangeAsync", "(System.Collections.Generic.IEnumerable<T>)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] - - ["System.Data.Entity", "DbSet<>", False, "Attach", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - - ["System.Data.Entity", "DbSet<>", False, "AttachRange", "(System.Collections.Generic.IEnumerable<T>)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] - - ["System.Data.Entity", "DbSet<>", False, "Update", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - - ["System.Data.Entity", "DbSet<>", False, "UpdateRange", "(System.Collections.Generic.IEnumerable<T>)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] + - ["System.Data.Entity", "DbSet<>", False, "Add", "(TEntity)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] + - ["System.Data.Entity", "DbSet<>", False, "AddRange", "(System.Collections.Generic.IEnumerable<TEntity>)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"] + - ["System.Data.Entity", "DbSet<>", False, "Attach", "(TEntity)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - addsTo: pack: codeql/csharp-all From dea8f576ad6986d7a18846a498ebb8ce820d6a84 Mon Sep 17 00:00:00 2001 From: Michael Nebel <michaelnebel@github.com> Date: Tue, 23 May 2023 12:04:50 +0200 Subject: [PATCH 575/870] C#: Update the EntityFramework stubs to align with the real implementation. --- .../test/resources/stubs/EntityFramework.cs | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/csharp/ql/test/resources/stubs/EntityFramework.cs b/csharp/ql/test/resources/stubs/EntityFramework.cs index 4612349a923..dca9c1685cb 100644 --- a/csharp/ql/test/resources/stubs/EntityFramework.cs +++ b/csharp/ql/test/resources/stubs/EntityFramework.cs @@ -10,17 +10,12 @@ namespace System.Data.Entity { } - public class DbSet<T> : IEnumerable<T> + public class DbSet<TEntity> : IEnumerable<TEntity> { - public void Add(T t) { } - public System.Threading.Tasks.Task<int> AddAsync(T t) => null; - public void AddRange(IEnumerable<T> t) { } - public System.Threading.Tasks.Task<int> AddRangeAsync(IEnumerable<T> t) => null; - public void Attach(T t) { } - public void AttachRange(IEnumerable<T> t) { } - public void Update(T t) { } - public void UpdateRange(IEnumerable<T> t) { } - IEnumerator<T> IEnumerable<T>.GetEnumerator() => null; + public void Add(TEntity t) { } + public void AddRange(IEnumerable<TEntity> t) { } + public void Attach(TEntity t) { } + IEnumerator<TEntity> IEnumerable<TEntity>.GetEnumerator() => null; IEnumerator IEnumerable.GetEnumerator() => null; } @@ -59,17 +54,22 @@ namespace System.Data.Entity.Infrastructure namespace Microsoft.EntityFrameworkCore { - public class DbSet<T> : IEnumerable<T> + public class DbSet<TEntity> : IEnumerable<TEntity> { - public void Add(T t) { } - public System.Threading.Tasks.Task<int> AddAsync(T t) => null; - public void AddRange(IEnumerable<T> t) { } - public System.Threading.Tasks.Task<int> AddRangeAsync(IEnumerable<T> t) => null; - public void Attach(T t) { } - public void AttachRange(IEnumerable<T> t) { } - public void Update(T t) { } - public void UpdateRange(IEnumerable<T> t) { } - IEnumerator<T> IEnumerable<T>.GetEnumerator() => null; + public void Add(TEntity t) { } + public System.Threading.Tasks.Task<int> AddAsync(TEntity t, System.Threading.CancellationToken ct = default) => null; + public void AddRange(IEnumerable<TEntity> t) { } + public void AddRange(TEntity[] t) { } + public System.Threading.Tasks.Task<int> AddRangeAsync(IEnumerable<TEntity> t, System.Threading.CancellationToken ct = default) => null; + public System.Threading.Tasks.Task<int> AddRangeAsync(TEntity[] t) => null; + public void Attach(TEntity t) { } + public void AttachRange(IEnumerable<TEntity> t) { } + public void AttachRange(TEntity[] t) { } + public void Update(TEntity t) { } + public void UpdateRange(IEnumerable<TEntity> t) { } + public void UpdateRange(TEntity[] t) { } + + IEnumerator<TEntity> IEnumerable<TEntity>.GetEnumerator() => null; IEnumerator IEnumerable.GetEnumerator() => null; } From 2b8bbfe888962f6aa0b03e99181ddedc5c9d5f70 Mon Sep 17 00:00:00 2001 From: Michael Nebel <michaelnebel@github.com> Date: Tue, 23 May 2023 12:05:23 +0200 Subject: [PATCH 576/870] C#: Add the EntityFramework stub to the general flow summaries test. --- csharp/ql/test/library-tests/dataflow/library/options | 1 + 1 file changed, 1 insertion(+) diff --git a/csharp/ql/test/library-tests/dataflow/library/options b/csharp/ql/test/library-tests/dataflow/library/options index c5ce92614ab..db937e0e642 100644 --- a/csharp/ql/test/library-tests/dataflow/library/options +++ b/csharp/ql/test/library-tests/dataflow/library/options @@ -2,3 +2,4 @@ semmle-extractor-options: /nostdlib /noconfig semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/Newtonsoft.Json/13.0.1/Newtonsoft.Json.csproj semmle-extractor-options: --load-sources-from-project:../../../resources/stubs/_frameworks/Microsoft.AspNetCore.App/Microsoft.AspNetCore.App.csproj semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs +semmle-extractor-options: ${testdir}/../../../resources/stubs/EntityFramework.cs From d28316d3974dfb51d42853e1e57a4104ce2de7f7 Mon Sep 17 00:00:00 2001 From: Michael Nebel <michaelnebel@github.com> Date: Tue, 23 May 2023 12:07:08 +0200 Subject: [PATCH 577/870] C#: Update the flow summaries expected test output. --- .../dataflow/library/FlowSummaries.expected | 21 +++++++++++++++++++ .../library/FlowSummariesFiltered.expected | 15 +++++++++++++ 2 files changed, 36 insertions(+) diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected index 18a0db6fe43..46defadf531 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected @@ -209,6 +209,20 @@ summary | Microsoft.CSharp.RuntimeBinder;Binder;false;SetMember;(Microsoft.CSharp.RuntimeBinder.CSharpBinderFlags,System.String,System.Type,System.Collections.Generic.IEnumerable<Microsoft.CSharp.RuntimeBinder.CSharpArgumentInfo>);;Argument[3].Element;ReturnValue;taint;df-generated | | Microsoft.CSharp.RuntimeBinder;Binder;false;UnaryOperation;(Microsoft.CSharp.RuntimeBinder.CSharpBinderFlags,System.Linq.Expressions.ExpressionType,System.Type,System.Collections.Generic.IEnumerable<Microsoft.CSharp.RuntimeBinder.CSharpArgumentInfo>);;Argument[2];ReturnValue;taint;df-generated | | Microsoft.CSharp.RuntimeBinder;Binder;false;UnaryOperation;(Microsoft.CSharp.RuntimeBinder.CSharpBinderFlags,System.Linq.Expressions.ExpressionType,System.Type,System.Collections.Generic.IEnumerable<Microsoft.CSharp.RuntimeBinder.CSharpArgumentInfo>);;Argument[3].Element;ReturnValue;taint;df-generated | +| Microsoft.EntityFrameworkCore;DbSet<>;false;Add;(TEntity);;Argument[0];Argument[this].Element;value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;AddAsync;(TEntity,System.Threading.CancellationToken);;Argument[0];Argument[this].Element;value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;AddRange;(System.Collections.Generic.IEnumerable<TEntity>);;Argument[0].WithElement;Argument[this];value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;AddRange;(TEntity[]);;Argument[0].WithElement;Argument[this];value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;AddRangeAsync;(System.Collections.Generic.IEnumerable<TEntity>,System.Threading.CancellationToken);;Argument[0].WithElement;Argument[this];value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;AddRangeAsync;(TEntity[]);;Argument[0].WithElement;Argument[this];value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;Attach;(TEntity);;Argument[0];Argument[this].Element;value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;AttachRange;(System.Collections.Generic.IEnumerable<TEntity>);;Argument[0].WithElement;Argument[this];value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;AttachRange;(TEntity[]);;Argument[0].WithElement;Argument[this];value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;GetEnumerator;();;Argument[this].Element;ReturnValue.Property[System.Collections.Generic.IEnumerator<>.Current];value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;GetEnumerator;();;Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;Update;(TEntity);;Argument[0];Argument[this].Element;value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;UpdateRange;(System.Collections.Generic.IEnumerable<TEntity>);;Argument[0].WithElement;Argument[this];value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;UpdateRange;(TEntity[]);;Argument[0].WithElement;Argument[this];value;manual | | Microsoft.Extensions.Caching.Distributed;DistributedCacheEntryExtensions;false;SetAbsoluteExpiration;(Microsoft.Extensions.Caching.Distributed.DistributedCacheEntryOptions,System.DateTimeOffset);;Argument[0];ReturnValue;taint;df-generated | | Microsoft.Extensions.Caching.Distributed;DistributedCacheEntryExtensions;false;SetAbsoluteExpiration;(Microsoft.Extensions.Caching.Distributed.DistributedCacheEntryOptions,System.DateTimeOffset);;Argument[1];Argument[0];taint;df-generated | | Microsoft.Extensions.Caching.Distributed;DistributedCacheEntryExtensions;false;SetAbsoluteExpiration;(Microsoft.Extensions.Caching.Distributed.DistributedCacheEntryOptions,System.DateTimeOffset);;Argument[1];ReturnValue;taint;df-generated | @@ -2671,6 +2685,13 @@ summary | System.Data.Common;RowUpdatingEventArgs;false;set_BaseCommand;(System.Data.IDbCommand);;Argument[0];Argument[this];taint;df-generated | | System.Data.Common;RowUpdatingEventArgs;false;set_Command;(System.Data.IDbCommand);;Argument[0];Argument[this];taint;df-generated | | System.Data.Common;RowUpdatingEventArgs;false;set_Errors;(System.Exception);;Argument[0];Argument[this];taint;df-generated | +| System.Data.Entity.Infrastructure;DbRawSqlQuery<>;false;GetEnumerator;();;Argument[this].Element;ReturnValue.Property[System.Collections.Generic.IEnumerator<>.Current];value;manual | +| System.Data.Entity.Infrastructure;DbRawSqlQuery<>;false;GetEnumerator;();;Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | +| System.Data.Entity;DbSet<>;false;Add;(TEntity);;Argument[0];Argument[this].Element;value;manual | +| System.Data.Entity;DbSet<>;false;AddRange;(System.Collections.Generic.IEnumerable<TEntity>);;Argument[0].WithElement;Argument[this];value;manual | +| System.Data.Entity;DbSet<>;false;Attach;(TEntity);;Argument[0];Argument[this].Element;value;manual | +| System.Data.Entity;DbSet<>;false;GetEnumerator;();;Argument[this].Element;ReturnValue.Property[System.Collections.Generic.IEnumerator<>.Current];value;manual | +| System.Data.Entity;DbSet<>;false;GetEnumerator;();;Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Data.SqlTypes;SqlBinary;false;Add;(System.Data.SqlTypes.SqlBinary,System.Data.SqlTypes.SqlBinary);;Argument[0];ReturnValue;taint;df-generated | | System.Data.SqlTypes;SqlBinary;false;Add;(System.Data.SqlTypes.SqlBinary,System.Data.SqlTypes.SqlBinary);;Argument[1];ReturnValue;taint;df-generated | | System.Data.SqlTypes;SqlBinary;false;Concat;(System.Data.SqlTypes.SqlBinary,System.Data.SqlTypes.SqlBinary);;Argument[0];ReturnValue;taint;df-generated | diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected index 6f3c8e933d5..4ae26655169 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected @@ -18,6 +18,18 @@ summary | Microsoft.CSharp.RuntimeBinder;Binder;false;SetMember;(Microsoft.CSharp.RuntimeBinder.CSharpBinderFlags,System.String,System.Type,System.Collections.Generic.IEnumerable<Microsoft.CSharp.RuntimeBinder.CSharpArgumentInfo>);;Argument[3].Element;ReturnValue;taint;df-generated | | Microsoft.CSharp.RuntimeBinder;Binder;false;UnaryOperation;(Microsoft.CSharp.RuntimeBinder.CSharpBinderFlags,System.Linq.Expressions.ExpressionType,System.Type,System.Collections.Generic.IEnumerable<Microsoft.CSharp.RuntimeBinder.CSharpArgumentInfo>);;Argument[2];ReturnValue;taint;df-generated | | Microsoft.CSharp.RuntimeBinder;Binder;false;UnaryOperation;(Microsoft.CSharp.RuntimeBinder.CSharpBinderFlags,System.Linq.Expressions.ExpressionType,System.Type,System.Collections.Generic.IEnumerable<Microsoft.CSharp.RuntimeBinder.CSharpArgumentInfo>);;Argument[3].Element;ReturnValue;taint;df-generated | +| Microsoft.EntityFrameworkCore;DbSet<>;false;Add;(TEntity);;Argument[0];Argument[this].Element;value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;AddAsync;(TEntity,System.Threading.CancellationToken);;Argument[0];Argument[this].Element;value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;AddRange;(System.Collections.Generic.IEnumerable<TEntity>);;Argument[0].WithElement;Argument[this];value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;AddRange;(TEntity[]);;Argument[0].WithElement;Argument[this];value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;AddRangeAsync;(System.Collections.Generic.IEnumerable<TEntity>,System.Threading.CancellationToken);;Argument[0].WithElement;Argument[this];value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;AddRangeAsync;(TEntity[]);;Argument[0].WithElement;Argument[this];value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;Attach;(TEntity);;Argument[0];Argument[this].Element;value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;AttachRange;(System.Collections.Generic.IEnumerable<TEntity>);;Argument[0].WithElement;Argument[this];value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;AttachRange;(TEntity[]);;Argument[0].WithElement;Argument[this];value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;Update;(TEntity);;Argument[0];Argument[this].Element;value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;UpdateRange;(System.Collections.Generic.IEnumerable<TEntity>);;Argument[0].WithElement;Argument[this];value;manual | +| Microsoft.EntityFrameworkCore;DbSet<>;false;UpdateRange;(TEntity[]);;Argument[0].WithElement;Argument[this];value;manual | | Microsoft.Extensions.Caching.Distributed;DistributedCacheEntryExtensions;false;SetAbsoluteExpiration;(Microsoft.Extensions.Caching.Distributed.DistributedCacheEntryOptions,System.DateTimeOffset);;Argument[0];ReturnValue;taint;df-generated | | Microsoft.Extensions.Caching.Distributed;DistributedCacheEntryExtensions;false;SetAbsoluteExpiration;(Microsoft.Extensions.Caching.Distributed.DistributedCacheEntryOptions,System.DateTimeOffset);;Argument[1];Argument[0];taint;df-generated | | Microsoft.Extensions.Caching.Distributed;DistributedCacheEntryExtensions;false;SetAbsoluteExpiration;(Microsoft.Extensions.Caching.Distributed.DistributedCacheEntryOptions,System.DateTimeOffset);;Argument[1];ReturnValue;taint;df-generated | @@ -1858,6 +1870,9 @@ summary | System.Data.Common;RowUpdatingEventArgs;false;set_BaseCommand;(System.Data.IDbCommand);;Argument[0];Argument[this];taint;df-generated | | System.Data.Common;RowUpdatingEventArgs;false;set_Command;(System.Data.IDbCommand);;Argument[0];Argument[this];taint;df-generated | | System.Data.Common;RowUpdatingEventArgs;false;set_Errors;(System.Exception);;Argument[0];Argument[this];taint;df-generated | +| System.Data.Entity;DbSet<>;false;Add;(TEntity);;Argument[0];Argument[this].Element;value;manual | +| System.Data.Entity;DbSet<>;false;AddRange;(System.Collections.Generic.IEnumerable<TEntity>);;Argument[0].WithElement;Argument[this];value;manual | +| System.Data.Entity;DbSet<>;false;Attach;(TEntity);;Argument[0];Argument[this].Element;value;manual | | System.Data.SqlTypes;SqlBinary;false;Add;(System.Data.SqlTypes.SqlBinary,System.Data.SqlTypes.SqlBinary);;Argument[0];ReturnValue;taint;df-generated | | System.Data.SqlTypes;SqlBinary;false;Add;(System.Data.SqlTypes.SqlBinary,System.Data.SqlTypes.SqlBinary);;Argument[1];ReturnValue;taint;df-generated | | System.Data.SqlTypes;SqlBinary;false;Concat;(System.Data.SqlTypes.SqlBinary,System.Data.SqlTypes.SqlBinary);;Argument[0];ReturnValue;taint;df-generated | From 349de7747416c9054867289a79c1934cc49bc0d4 Mon Sep 17 00:00:00 2001 From: Tom Hvitved <hvitved@github.com> Date: Tue, 23 May 2023 12:27:32 +0200 Subject: [PATCH 578/870] Ruby: Include both `self` parameters and SSA definitions in call graph construction --- .../dataflow/internal/DataFlowDispatch.qll | 59 ++++++++++++------- 1 file changed, 38 insertions(+), 21 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll index 0a52c075dc2..2b4c030707b 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll @@ -9,6 +9,23 @@ private import FlowSummaryImplSpecific as FlowSummaryImplSpecific private import codeql.ruby.dataflow.FlowSummary private import codeql.ruby.dataflow.SSA +/** + * A `LocalSourceNode` for a `self` variable. This is either an implicit `self` + * parameter or an implicit SSA entry definition. + */ +private class SelfLocalSourceNode extends DataFlow::LocalSourceNode { + private SelfVariable self; + + SelfLocalSourceNode() { + self = this.(SelfParameterNode).getSelfVariable() + or + self = this.(SsaSelfDefinitionNode).getVariable() + } + + /** Gets the `self` variable. */ + SelfVariable getVariable() { result = self } +} + newtype TReturnKind = TNormalReturnKind() or TBreakReturnKind() or @@ -316,7 +333,7 @@ private predicate extendCall(DataFlow::ExprNode receiver, Module m) { exists(DataFlow::CallNode extendCall | extendCall.getMethodName() = "extend" and exists(DataFlow::LocalSourceNode sourceNode | sourceNode.flowsTo(extendCall.getArgument(_)) | - selfInModule(sourceNode.(SsaSelfDefinitionNode).getVariable(), m) or + selfInModule(sourceNode.(SelfLocalSourceNode).getVariable(), m) or m = resolveConstantReadAccess(sourceNode.asExpr().getExpr()) ) and receiver = extendCall.getReceiver() @@ -329,7 +346,7 @@ private predicate extendCallModule(Module m, Module n) { exists(DataFlow::LocalSourceNode receiver, DataFlow::ExprNode e | receiver.flowsTo(e) and extendCall(e, n) | - selfInModule(receiver.(SsaSelfDefinitionNode).getVariable(), m) or + selfInModule(receiver.(SelfLocalSourceNode).getVariable(), m) or m = resolveConstantReadAccess(receiver.asExpr().getExpr()) ) } @@ -502,12 +519,12 @@ private predicate isStandardNewCall(RelevantCall new, Module m, boolean exact) { exact = true or // `self.new` inside a module - selfInModule(sourceNode.(SsaSelfDefinitionNode).getVariable(), m) and + selfInModule(sourceNode.(SelfLocalSourceNode).getVariable(), m) and exact = true or // `self.new` inside a singleton method exists(MethodBase caller | - selfInMethod(sourceNode.(SsaSelfDefinitionNode).getVariable(), caller, m) and + selfInMethod(sourceNode.(SelfLocalSourceNode).getVariable(), caller, m) and singletonMethod(caller, _, _) and exact = false ) @@ -573,7 +590,7 @@ private predicate isInstance(DataFlow::Node n, Module tp, boolean exact) { // `self` reference in method or top-level (but not in module or singleton method, // where instance methods cannot be called; only singleton methods) n = - any(SsaSelfDefinitionNode self | + any(SelfLocalSourceNode self | exists(MethodBase m | selfInMethod(self.getVariable(), m, tp) and not m instanceof SingletonMethod and @@ -607,10 +624,10 @@ private DataFlow::Node trackInstance(Module tp, boolean exact, TypeTracker t) { m = resolveConstantReadAccess(result.asExpr().getExpr()) or // needed for e.g. `self.include` - selfInModule(result.(SsaSelfDefinitionNode).getVariable(), m) + selfInModule(result.(SelfLocalSourceNode).getVariable(), m) or // needed for e.g. `self.puts` - selfInMethod(result.(SsaSelfDefinitionNode).getVariable(), any(SingletonMethod sm), m) + selfInMethod(result.(SelfLocalSourceNode).getVariable(), any(SingletonMethod sm), m) ) ) or @@ -970,7 +987,7 @@ private DataFlow::Node trackSingletonMethodOnInstance(MethodBase method, string /** Holds if a `self` access may be the receiver of `call` directly inside module `m`. */ pragma[nomagic] private predicate selfInModuleFlowsToMethodCallReceiver(RelevantCall call, Module m, string method) { - exists(SsaSelfDefinitionNode self | + exists(SelfLocalSourceNode self | flowsToMethodCallReceiver(call, self, method) and selfInModule(self.getVariable(), m) ) @@ -984,7 +1001,7 @@ pragma[nomagic] private predicate selfInSingletonMethodFlowsToMethodCallReceiver( RelevantCall call, Module m, string method ) { - exists(SsaSelfDefinitionNode self, MethodBase caller | + exists(SelfLocalSourceNode self, MethodBase caller | flowsToMethodCallReceiver(call, self, method) and selfInMethod(self.getVariable(), caller, m) and singletonMethod(caller, _, _) @@ -1062,10 +1079,13 @@ private CfgScope getTargetSingleton(RelevantCall call, string method) { */ pragma[nomagic] private predicate argMustFlowToReceiver( - RelevantCall ctx, DataFlow::LocalSourceNode source, DataFlow::Node arg, - SsaDefinitionExtNode paramDef, RelevantCall call, Callable encl, string name + RelevantCall ctx, DataFlow::LocalSourceNode source, DataFlow::Node arg, RelevantCall call, + Callable encl, string name ) { - exists(ParameterNodeImpl p, ParameterPosition ppos, ArgumentPosition apos | + exists( + ParameterNodeImpl p, SsaDefinitionExtNode paramDef, ParameterPosition ppos, + ArgumentPosition apos + | // the receiver of `call` references `p` exists(DataFlow::Node receiver | LocalFlow::localFlowSsaParamInput(p, paramDef) and @@ -1106,7 +1126,7 @@ private predicate mayBenefitFromCallContextInitialize( RelevantCall ctx, RelevantCall new, DataFlow::Node arg, Callable encl, Module tp, string name ) { exists(DataFlow::LocalSourceNode source | - argMustFlowToReceiver(ctx, pragma[only_bind_into](source), arg, _, new, encl, "new") and + argMustFlowToReceiver(ctx, pragma[only_bind_into](source), arg, new, encl, "new") and source = trackModuleAccess(tp) and name = "initialize" and exists(lookupMethod(tp, name)) @@ -1127,7 +1147,7 @@ private predicate mayBenefitFromCallContextInstance( string name ) { exists(DataFlow::LocalSourceNode source | - argMustFlowToReceiver(ctx, pragma[only_bind_into](source), arg, _, call, encl, + argMustFlowToReceiver(ctx, pragma[only_bind_into](source), arg, call, encl, pragma[only_bind_into](name)) and source = trackInstance(tp, exact) and exists(lookupMethod(tp, pragma[only_bind_into](name))) @@ -1148,7 +1168,7 @@ private predicate mayBenefitFromCallContextSingleton( string name ) { exists(DataFlow::LocalSourceNode source | - argMustFlowToReceiver(ctx, pragma[only_bind_into](source), pragma[only_bind_into](arg), _, call, + argMustFlowToReceiver(ctx, pragma[only_bind_into](source), pragma[only_bind_into](arg), call, encl, pragma[only_bind_into](name)) and exists(lookupSingletonMethod(tp, pragma[only_bind_into](name), exact)) | @@ -1216,13 +1236,10 @@ DataFlowCallable viableImplInCallContext(DataFlowCall call, DataFlowCall ctx) { or // `ctx` cannot provide a type bound, and the receiver of the call is `self`; // in this case, still apply an open-world assumption - exists( - RelevantCall call0, RelevantCall ctx0, DataFlow::Node arg, SsaSelfDefinitionNode self, - string name - | + exists(RelevantCall call0, RelevantCall ctx0, DataFlow::Node arg, string name | call0 = call.asCall() and ctx0 = ctx.asCall() and - argMustFlowToReceiver(ctx0, _, arg, self, call0, _, name) and + argMustFlowToReceiver(ctx0, _, arg, call0, _, name) and not mayBenefitFromCallContextInitialize(ctx0, call0, arg, _, _, _) and not mayBenefitFromCallContextInstance(ctx0, call0, arg, _, _, _, name) and not mayBenefitFromCallContextSingleton(ctx0, call0, arg, _, _, _, name) and @@ -1230,7 +1247,7 @@ DataFlowCallable viableImplInCallContext(DataFlowCall call, DataFlowCall ctx) { ) or // library calls should always be able to resolve - argMustFlowToReceiver(ctx.asCall(), _, _, _, call.asCall(), _, _) and + argMustFlowToReceiver(ctx.asCall(), _, _, call.asCall(), _, _) and result = viableLibraryCallable(call) ) } From b96bfea590f4d506c65e0fcb882b7b7b53acb8c5 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Sat, 8 Apr 2023 19:28:39 +0200 Subject: [PATCH 579/870] Turn inline expectation test into a parameterized module --- .../util/test/InlineExpectationsTest.qll | 461 ++++++++++-------- 1 file changed, 246 insertions(+), 215 deletions(-) diff --git a/shared/util/codeql/util/test/InlineExpectationsTest.qll b/shared/util/codeql/util/test/InlineExpectationsTest.qll index c297e609a73..1966a851f32 100644 --- a/shared/util/codeql/util/test/InlineExpectationsTest.qll +++ b/shared/util/codeql/util/test/InlineExpectationsTest.qll @@ -7,7 +7,7 @@ * (usually called `InlineExpectationsTest.qll`) with: * - `private import codeql.util.test.InlineExpectationsTest` (this file) * - An implementation of the signature in `InlineExpectationsTestSig`. - * Usually this is done in a mdule called `Impl`. + * Usually this is done in a module called `Impl`. * `Impl` has to define a `Location` class, and an `ExpectationComment` class. * The `ExpectationComment` class must support a `getContents` method that returns * the contents of the given comment, _excluding_ the comment indicator itself. @@ -15,26 +15,24 @@ * - `import Make<Impl>` to expose the query predicates constructed in the `Make` module. * * To create a new inline expectations test: - * - Declare a class that extends `InlineExpectationsTest`. In the characteristic predicate of the - * new class, bind `this` to a unique string (usually the name of the test). - * - Override the `hasActualResult()` predicate to produce the actual results of the query. For each - * result, specify a `Location`, a text description of the element for which the result was - * reported, a short string to serve as the tag to identify expected results for this test, and the - * expected value of the result. - * - Override `getARelevantTag()` to return the set of tags that can be produced by - * `hasActualResult()`. Often this is just a single tag. + * - Declare a module that implements `TestSig`, say `TestImpl`. + * - Implement the `hasActualResult()` predicate to produce the actual results of the query. + * For each result, specify a `Location`, a text description of the element for which the + * result was reported, a short string to serve as the tag to identify expected results + * for this test, and the expected value of the result. + * - Implement `getARelevantTag()` to return the set of tags that can be produced by + * `hasActualResult()`. Often this is just a single tag. + * - `import MakeTest<TestImpl>` to ensure the test is evaluated. * * Example: * ```ql - * class ConstantValueTest extends InlineExpectationsTest { - * ConstantValueTest() { this = "ConstantValueTest" } - * - * override string getARelevantTag() { + * module ConstantValueTest implements TestSig { + * string getARelevantTag() { * // We only use one tag for this test. * result = "const" * } * - * override predicate hasActualResult( + * predicate hasActualResult( * Location location, string element, string tag, string value * ) { * exists(Expr e | @@ -45,10 +43,12 @@ * ) * } * } + * + * import MakeTest<ConstantValueTest> * ``` * * There is no need to write a `select` clause or query predicate. All of the differences between - * expected results and actual results will be reported in the `failures()` query predicate. + * expected results and actual results will be reported in the `testFailures()` query predicate. * * To annotate the test source code with an expected result, place a comment starting with a `$` on the * same line as the expected result, with text of the following format as the body of the comment: @@ -97,8 +97,7 @@ */ /** - * A signature specifying the required parts for - * constructing inline expectations. + * A signature specifying the required parts for constructing inline expectations. */ signature module InlineExpectationsTestSig { /** The location of an element in the source code. */ @@ -122,28 +121,20 @@ signature module InlineExpectationsTestSig { } /** - * Classes and predicates implementing inline expectations. + * Module implementing inline expectations. */ module Make<InlineExpectationsTestSig Impl> { - private import Impl - /** - * The base class for tests with inline expectations. The test extends this class to provide the actual - * results of the query, which are then compared with the expected results in comments to produce a - * list of failure messages that point out where the actual results differ from the expected - * results. + * A signature specifying the required parts of an inline expectation test. */ - abstract class InlineExpectationsTest extends string { - bindingset[this] - InlineExpectationsTest() { any() } - + signature module TestSig { /** * Returns all tags that can be generated by this test. Most tests will only ever produce a single * tag. Any expected result comments for a tag that is not returned by the `getARelevantTag()` * predicate for an active test will be ignored. This makes it possible to write multiple tests in * different `.ql` files that all query the same source code. */ - abstract string getARelevantTag(); + string getARelevantTag(); /** * Returns the actual results of the query that is being tested. Each result consist of the @@ -156,7 +147,7 @@ module Make<InlineExpectationsTestSig Impl> { * - `value` - The value of the result, which will be matched against the value associated with * `tag` in any expected result comment on that line. */ - abstract predicate hasActualResult(Location location, string element, string tag, string value); + predicate hasActualResult(Impl::Location location, string element, string tag, string value); /** * Holds if there is an optional result on the specified location. @@ -165,14 +156,19 @@ module Make<InlineExpectationsTestSig Impl> { * A failure will still arise if there is an annotation that does not match any results, but not vice versa. * Override this predicate to specify optional results. */ - predicate hasOptionalResult(Location location, string element, string tag, string value) { - none() - } + predicate hasOptionalResult(Impl::Location location, string element, string tag, string value); + } - final predicate hasFailureMessage(FailureLocatable element, string message) { + /** + * The module for tests with inline expectations. The test implements the signature to provide + * the actual results of the query, which are then compared with the expected results in comments + * to produce a list of failure messages that point out where the actual results differ from + * the expected results. + */ + module MakeTest<TestSig TestImpl> { + private predicate hasFailureMessage(FailureLocatable element, string message) { exists(ActualResult actualResult | - actualResult.getTest() = this and - actualResult.getTag() = this.getARelevantTag() and + actualResult.getTag() = TestImpl::getARelevantTag() and element = actualResult and ( exists(FalseNegativeExpectation falseNegative | @@ -187,8 +183,7 @@ module Make<InlineExpectationsTestSig Impl> { ) or exists(ActualResult actualResult | - actualResult.getTest() = this and - not actualResult.getTag() = this.getARelevantTag() and + not actualResult.getTag() = TestImpl::getARelevantTag() and element = actualResult and message = "Tag mismatch: Actual result with tag '" + actualResult.getTag() + @@ -197,7 +192,7 @@ module Make<InlineExpectationsTestSig Impl> { or exists(ValidExpectation expectation | not exists(ActualResult actualResult | expectation.matchesActualResult(actualResult)) and - expectation.getTag() = this.getARelevantTag() and + expectation.getTag() = TestImpl::getARelevantTag() and element = expectation and ( expectation instanceof GoodExpectation and @@ -213,45 +208,130 @@ module Make<InlineExpectationsTestSig Impl> { message = "Invalid expectation syntax: " + expectation.getExpectation() ) } - } - /** - * RegEx pattern to match a comment containing one or more expected results. The comment must have - * `$` as its first non-whitespace character. Any subsequent character - * is treated as part of the expected results, except that the comment may contain a `//` sequence - * to treat the remainder of the line as a regular (non-interpreted) comment. - */ - private string expectationCommentPattern() { result = "\\s*\\$((?:[^/]|/[^/])*)(?://.*)?" } + private newtype TFailureLocatable = + TActualResult( + Impl::Location location, string element, string tag, string value, boolean optional + ) { + TestImpl::hasActualResult(location, element, tag, value) and optional = false + or + TestImpl::hasOptionalResult(location, element, tag, value) and optional = true + } or + TValidExpectation( + Impl::ExpectationComment comment, string tag, string value, string knownFailure + ) { + exists(TColumn column, string tags | + getAnExpectation(comment, column, _, tags, value) and + tag = tags.splitAt(",") and + knownFailure = getColumnString(column) + ) + } or + TInvalidExpectation(Impl::ExpectationComment comment, string expectation) { + getAnExpectation(comment, _, expectation, _, _) and + not expectation.regexpMatch(expectationPattern()) + } - /** - * The possible columns in an expectation comment. The `TDefaultColumn` branch represents the first - * column in a comment. This column is not precedeeded by a name. `TNamedColumn(name)` represents a - * column containing expected results preceded by the string `name:`. - */ - private newtype TColumn = - TDefaultColumn() or - TNamedColumn(string name) { name = ["MISSING", "SPURIOUS"] } + class FailureLocatable extends TFailureLocatable { + string toString() { none() } - bindingset[start, content] - private int getEndOfColumnPosition(int start, string content) { - result = - min(string name, int cand | - exists(TNamedColumn(name)) and - cand = content.indexOf(name + ":") and - cand >= start - | - cand + Impl::Location getLocation() { none() } + + final string getExpectationText() { result = this.getTag() + "=" + this.getValue() } + + string getTag() { none() } + + string getValue() { none() } + } + + class ActualResult extends FailureLocatable, TActualResult { + Impl::Location location; + string element; + string tag; + string value; + boolean optional; + + ActualResult() { this = TActualResult(location, element, tag, value, optional) } + + override string toString() { result = element } + + override Impl::Location getLocation() { result = location } + + override string getTag() { result = tag } + + override string getValue() { result = value } + + predicate isOptional() { optional = true } + } + + abstract private class Expectation extends FailureLocatable { + Impl::ExpectationComment comment; + + override string toString() { result = comment.toString() } + + override Impl::Location getLocation() { result = comment.getLocation() } + } + + private predicate onSameLine(ValidExpectation a, ActualResult b) { + exists(string fname, int line, Impl::Location la, Impl::Location lb | + // Join order intent: + // Take the locations of ActualResults, + // join with locations in the same file / on the same line, + // then match those against ValidExpectations. + la = a.getLocation() and + pragma[only_bind_into](lb) = b.getLocation() and + pragma[only_bind_into](la).hasLocationInfo(fname, line, _, _, _) and + lb.hasLocationInfo(fname, _, _, line, _) ) - or - not exists(string name | - exists(TNamedColumn(name)) and - content.indexOf(name + ":") >= start - ) and - result = content.length() + } + + private class ValidExpectation extends Expectation, TValidExpectation { + string tag; + string value; + string knownFailure; + + ValidExpectation() { this = TValidExpectation(comment, tag, value, knownFailure) } + + override string getTag() { result = tag } + + override string getValue() { result = value } + + string getKnownFailure() { result = knownFailure } + + predicate matchesActualResult(ActualResult actualResult) { + onSameLine(pragma[only_bind_into](this), actualResult) and + this.getTag() = actualResult.getTag() and + this.getValue() = actualResult.getValue() + } + } + + // Note: These next three classes correspond to all the possible values of type `TColumn`. + class GoodExpectation extends ValidExpectation { + GoodExpectation() { this.getKnownFailure() = "" } + } + + class FalsePositiveExpectation extends ValidExpectation { + FalsePositiveExpectation() { this.getKnownFailure() = "SPURIOUS" } + } + + class FalseNegativeExpectation extends ValidExpectation { + FalseNegativeExpectation() { this.getKnownFailure() = "MISSING" } + } + + class InvalidExpectation extends Expectation, TInvalidExpectation { + string expectation; + + InvalidExpectation() { this = TInvalidExpectation(comment, expectation) } + + string getExpectation() { result = expectation } + } + + query predicate testFailures(FailureLocatable element, string message) { + hasFailureMessage(element, message) + } } private predicate getAnExpectation( - ExpectationComment comment, TColumn column, string expectation, string tags, string value + Impl::ExpectationComment comment, TColumn column, string expectation, string tags, string value ) { exists(string content | content = comment.getContents().regexpCapture(expectationCommentPattern(), 1) and @@ -276,160 +356,111 @@ module Make<InlineExpectationsTestSig Impl> { else value = "" } - private string getColumnString(TColumn column) { - column = TDefaultColumn() and result = "" - or - column = TNamedColumn(result) + private module LegacyImpl implements TestSig { + string getARelevantTag() { result = any(InlineExpectationsTest t).getARelevantTag() } + + predicate hasActualResult(Impl::Location location, string element, string tag, string value) { + any(InlineExpectationsTest t).hasActualResult(location, element, tag, value) + } + + predicate hasOptionalResult(Impl::Location location, string element, string tag, string value) { + any(InlineExpectationsTest t).hasOptionalResult(location, element, tag, value) + } } /** - * RegEx pattern to match a single expected result, not including the leading `$`. It consists of one or - * more comma-separated tags optionally followed by `=` and the expected value. + * DEPRECATED: Use the InlineExpectationsTest module. * - * Tags must be only letters, digits, `-` and `_` (note that the first character - * must not be a digit), but can contain anything enclosed in a single set of - * square brackets. - * - * Examples: - * - `tag` - * - `tag=value` - * - `tag,tag2=value` - * - `tag[foo bar]=value` - * - * Not allowed: - * - `tag[[[foo bar]` + * The base class for tests with inline expectations. The test extends this class to provide the actual + * results of the query, which are then compared with the expected results in comments to produce a + * list of failure messages that point out where the actual results differ from the expected + * results. */ - private string expectationPattern() { - exists(string tag, string tags, string value | - tag = "[A-Za-z-_](?:[A-Za-z-_0-9]|\\[[^\\]\\]]*\\])*" and - tags = "((?:" + tag + ")(?:\\s*,\\s*" + tag + ")*)" and - // In Python, we allow both `"` and `'` for strings, as well as the prefixes `bru`. - // For example, `b"foo"`. - value = "((?:[bru]*\"[^\"]*\"|[bru]*'[^']*'|\\S+)*)" and - result = tags + "(?:=" + value + ")?" - ) - } + abstract class InlineExpectationsTest extends string { + bindingset[this] + InlineExpectationsTest() { any() } - private newtype TFailureLocatable = - TActualResult( - InlineExpectationsTest test, Location location, string element, string tag, string value, - boolean optional - ) { - test.hasActualResult(location, element, tag, value) and - optional = false - or - test.hasOptionalResult(location, element, tag, value) and optional = true - } or - TValidExpectation(ExpectationComment comment, string tag, string value, string knownFailure) { - exists(TColumn column, string tags | - getAnExpectation(comment, column, _, tags, value) and - tag = tags.splitAt(",") and - knownFailure = getColumnString(column) - ) - } or - TInvalidExpectation(ExpectationComment comment, string expectation) { - getAnExpectation(comment, _, expectation, _, _) and - not expectation.regexpMatch(expectationPattern()) - } + abstract string getARelevantTag(); - class FailureLocatable extends TFailureLocatable { - string toString() { none() } + abstract predicate hasActualResult( + Impl::Location location, string element, string tag, string value + ); - Location getLocation() { none() } - - final string getExpectationText() { result = this.getTag() + "=" + this.getValue() } - - string getTag() { none() } - - string getValue() { none() } - } - - class ActualResult extends FailureLocatable, TActualResult { - InlineExpectationsTest test; - Location location; - string element; - string tag; - string value; - boolean optional; - - ActualResult() { this = TActualResult(test, location, element, tag, value, optional) } - - override string toString() { result = element } - - override Location getLocation() { result = location } - - InlineExpectationsTest getTest() { result = test } - - override string getTag() { result = tag } - - override string getValue() { result = value } - - predicate isOptional() { optional = true } - } - - abstract private class Expectation extends FailureLocatable { - ExpectationComment comment; - - override string toString() { result = comment.toString() } - - override Location getLocation() { result = comment.getLocation() } - } - - private predicate onSameLine(ValidExpectation a, ActualResult b) { - exists(string fname, int line, Location la, Location lb | - // Join order intent: - // Take the locations of ActualResults, - // join with locations in the same file / on the same line, - // then match those against ValidExpectations. - la = a.getLocation() and - pragma[only_bind_into](lb) = b.getLocation() and - pragma[only_bind_into](la).hasLocationInfo(fname, line, _, _, _) and - lb.hasLocationInfo(fname, _, _, line, _) - ) - } - - private class ValidExpectation extends Expectation, TValidExpectation { - string tag; - string value; - string knownFailure; - - ValidExpectation() { this = TValidExpectation(comment, tag, value, knownFailure) } - - override string getTag() { result = tag } - - override string getValue() { result = value } - - string getKnownFailure() { result = knownFailure } - - predicate matchesActualResult(ActualResult actualResult) { - onSameLine(pragma[only_bind_into](this), actualResult) and - this.getTag() = actualResult.getTag() and - this.getValue() = actualResult.getValue() + predicate hasOptionalResult(Impl::Location location, string element, string tag, string value) { + none() } } - // Note: These next three classes correspond to all the possible values of type `TColumn`. - class GoodExpectation extends ValidExpectation { - GoodExpectation() { this.getKnownFailure() = "" } - } + import MakeTest<LegacyImpl> as LegacyTest - class FalsePositiveExpectation extends ValidExpectation { - FalsePositiveExpectation() { this.getKnownFailure() = "SPURIOUS" } - } - - class FalseNegativeExpectation extends ValidExpectation { - FalseNegativeExpectation() { this.getKnownFailure() = "MISSING" } - } - - class InvalidExpectation extends Expectation, TInvalidExpectation { - string expectation; - - InvalidExpectation() { this = TInvalidExpectation(comment, expectation) } - - string getExpectation() { result = expectation } - } - - query predicate failures(FailureLocatable element, string message) { - exists(InlineExpectationsTest test | test.hasFailureMessage(element, message)) - } + query predicate failures = LegacyTest::testFailures/2; +} + +/** + * RegEx pattern to match a comment containing one or more expected results. The comment must have + * `$` as its first non-whitespace character. Any subsequent character + * is treated as part of the expected results, except that the comment may contain a `//` sequence + * to treat the remainder of the line as a regular (non-interpreted) comment. + */ +private string expectationCommentPattern() { result = "\\s*\\$((?:[^/]|/[^/])*)(?://.*)?" } + +/** + * The possible columns in an expectation comment. The `TDefaultColumn` branch represents the first + * column in a comment. This column is not preceded by a name. `TNamedColumn(name)` represents a + * column containing expected results preceded by the string `name:`. + */ +private newtype TColumn = + TDefaultColumn() or + TNamedColumn(string name) { name = ["MISSING", "SPURIOUS"] } + +bindingset[start, content] +private int getEndOfColumnPosition(int start, string content) { + result = + min(string name, int cand | + exists(TNamedColumn(name)) and + cand = content.indexOf(name + ":") and + cand >= start + | + cand + ) + or + not exists(string name | + exists(TNamedColumn(name)) and + content.indexOf(name + ":") >= start + ) and + result = content.length() +} + +private string getColumnString(TColumn column) { + column = TDefaultColumn() and result = "" + or + column = TNamedColumn(result) +} + +/** + * RegEx pattern to match a single expected result, not including the leading `$`. It consists of one or + * more comma-separated tags optionally followed by `=` and the expected value. + * + * Tags must be only letters, digits, `-` and `_` (note that the first character + * must not be a digit), but can contain anything enclosed in a single set of + * square brackets. + * + * Examples: + * - `tag` + * - `tag=value` + * - `tag,tag2=value` + * - `tag[foo bar]=value` + * + * Not allowed: + * - `tag[[[foo bar]` + */ +private string expectationPattern() { + exists(string tag, string tags, string value | + tag = "[A-Za-z-_](?:[A-Za-z-_0-9]|\\[[^\\]\\]]*\\])*" and + tags = "((?:" + tag + ")(?:\\s*,\\s*" + tag + ")*)" and + // In Python, we allow both `"` and `'` for strings, as well as the prefixes `bru`. + // For example, `b"foo"`. + value = "((?:[bru]*\"[^\"]*\"|[bru]*'[^']*'|\\S+)*)" and + result = tags + "(?:=" + value + ")?" + ) } From 9228e0deed773b96b7f63a3df418de0c7988e868 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Tue, 11 Apr 2023 16:21:57 +0200 Subject: [PATCH 580/870] C++: Rewrite local flow test to use `TestSig` --- .../dataflow/source-sink-tests/local-flow.expected | 2 ++ .../dataflow/source-sink-tests/local-flow.ql | 14 +++++++++----- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/local-flow.expected b/cpp/ql/test/library-tests/dataflow/source-sink-tests/local-flow.expected index e69de29bb2d..48de9172b36 100644 --- a/cpp/ql/test/library-tests/dataflow/source-sink-tests/local-flow.expected +++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/local-flow.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/local-flow.ql b/cpp/ql/test/library-tests/dataflow/source-sink-tests/local-flow.ql index cb687f1d3bf..73cb17b4494 100644 --- a/cpp/ql/test/library-tests/dataflow/source-sink-tests/local-flow.ql +++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/local-flow.ql @@ -4,12 +4,10 @@ import cpp import TestUtilities.InlineExpectationsTest import semmle.code.cpp.security.FlowSources -class LocalFlowSourceTest extends InlineExpectationsTest { - LocalFlowSourceTest() { this = "LocalFlowSourceTest" } +module LocalFlowSourceTest implements TestSig { + string getARelevantTag() { result = "local_source" } - override string getARelevantTag() { result = "local_source" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { tag = "local_source" and exists(LocalFlowSource node, int n | n = @@ -29,4 +27,10 @@ class LocalFlowSourceTest extends InlineExpectationsTest { element = node.toString() ) } + + predicate hasOptionalResult(Location location, string element, string tag, string value) { + none() + } } + +import MakeTest<LocalFlowSourceTest> From 04beeef777dbc12df383d80963e5c302625d1fc5 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Wed, 12 Apr 2023 09:41:01 +0200 Subject: [PATCH 581/870] Add convenience module that merges two inline expectation tests --- .../util/test/InlineExpectationsTest.qll | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/shared/util/codeql/util/test/InlineExpectationsTest.qll b/shared/util/codeql/util/test/InlineExpectationsTest.qll index 1966a851f32..03984c34505 100644 --- a/shared/util/codeql/util/test/InlineExpectationsTest.qll +++ b/shared/util/codeql/util/test/InlineExpectationsTest.qll @@ -356,6 +356,40 @@ module Make<InlineExpectationsTestSig Impl> { else value = "" } + /** + * A module that merges two test signatures. + * + * This module can be used when multiple inline expectation tests occur in a single file. For example: + * ```ql + * module Test1 implements TestSig { + * ... + * } + * + * module Test2 implements TestSig { + * ... + * } + * + * import MakeTest<MergeTests<Test1, Test2>> + * ``` + */ + module MergeTests<TestSig TestImpl1, TestSig TestImpl2> implements TestSig { + string getARelevantTag() { + result = TestImpl1::getARelevantTag() or result = TestImpl2::getARelevantTag() + } + + predicate hasActualResult(Impl::Location location, string element, string tag, string value) { + TestImpl1::hasActualResult(location, element, tag, value) + or + TestImpl2::hasActualResult(location, element, tag, value) + } + + predicate hasOptionalResult(Impl::Location location, string element, string tag, string value) { + TestImpl1::hasOptionalResult(location, element, tag, value) + or + TestImpl2::hasOptionalResult(location, element, tag, value) + } + } + private module LegacyImpl implements TestSig { string getARelevantTag() { result = any(InlineExpectationsTest t).getARelevantTag() } From adbf66a36598927d413fca1a4de16cee05da5859 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Wed, 12 Apr 2023 09:41:43 +0200 Subject: [PATCH 582/870] C++: Rewrite inline expectation test to demonstrate `MergeTests` --- .../has-parameter-flow-out.expected | 2 ++ .../dataflow-tests/has-parameter-flow-out.ql | 26 ++++++++++++------- 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/has-parameter-flow-out.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/has-parameter-flow-out.expected index e69de29bb2d..48de9172b36 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/has-parameter-flow-out.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/has-parameter-flow-out.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/has-parameter-flow-out.ql b/cpp/ql/test/library-tests/dataflow/dataflow-tests/has-parameter-flow-out.ql index bdeeccbc211..ca4f9d252db 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/has-parameter-flow-out.ql +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/has-parameter-flow-out.ql @@ -5,12 +5,10 @@ module AstTest { private import semmle.code.cpp.dataflow.DataFlow::DataFlow private import semmle.code.cpp.dataflow.internal.DataFlowPrivate - class AstParameterDefTest extends InlineExpectationsTest { - AstParameterDefTest() { this = "AstParameterDefTest" } + module AstParameterDefTest implements TestSig { + string getARelevantTag() { result = "ast-def" } - override string getARelevantTag() { result = "ast-def" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(Function f, Parameter p, RefParameterFinalValueNode n | p.isNamed() and n.getParameter() = p and @@ -21,6 +19,10 @@ module AstTest { value = p.getName() ) } + + predicate hasOptionalResult(Location location, string element, string tag, string value) { + none() + } } } @@ -33,12 +35,10 @@ module IRTest { (if k = 0 then result = "" else result = "*" + stars(k - 1)) } - class IRParameterDefTest extends InlineExpectationsTest { - IRParameterDefTest() { this = "IRParameterDefTest" } + module IRParameterDefTest implements TestSig { + string getARelevantTag() { result = "ir-def" } - override string getARelevantTag() { result = "ir-def" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(Function f, Parameter p, FinalParameterNode n | p.isNamed() and n.getParameter() = p and @@ -49,5 +49,11 @@ module IRTest { value = stars(n.getIndirectionIndex()) + p.getName() ) } + + predicate hasOptionalResult(Location location, string element, string tag, string value) { + none() + } } } + +import MakeTest<MergeTests<AstTest::AstParameterDefTest, IRTest::IRParameterDefTest>> From 3efc78ed492491cef2321911ff0211ac05639159 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Tue, 23 May 2023 12:32:11 +0200 Subject: [PATCH 583/870] Add default for `hasOptionalResult` --- .../dataflow/dataflow-tests/has-parameter-flow-out.ql | 8 -------- .../dataflow/source-sink-tests/local-flow.ql | 4 ---- shared/util/codeql/util/test/InlineExpectationsTest.qll | 6 +++++- 3 files changed, 5 insertions(+), 13 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/has-parameter-flow-out.ql b/cpp/ql/test/library-tests/dataflow/dataflow-tests/has-parameter-flow-out.ql index ca4f9d252db..4b637fda714 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/has-parameter-flow-out.ql +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/has-parameter-flow-out.ql @@ -19,10 +19,6 @@ module AstTest { value = p.getName() ) } - - predicate hasOptionalResult(Location location, string element, string tag, string value) { - none() - } } } @@ -49,10 +45,6 @@ module IRTest { value = stars(n.getIndirectionIndex()) + p.getName() ) } - - predicate hasOptionalResult(Location location, string element, string tag, string value) { - none() - } } } diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/local-flow.ql b/cpp/ql/test/library-tests/dataflow/source-sink-tests/local-flow.ql index 73cb17b4494..15f5f43576a 100644 --- a/cpp/ql/test/library-tests/dataflow/source-sink-tests/local-flow.ql +++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/local-flow.ql @@ -27,10 +27,6 @@ module LocalFlowSourceTest implements TestSig { element = node.toString() ) } - - predicate hasOptionalResult(Location location, string element, string tag, string value) { - none() - } } import MakeTest<LocalFlowSourceTest> diff --git a/shared/util/codeql/util/test/InlineExpectationsTest.qll b/shared/util/codeql/util/test/InlineExpectationsTest.qll index 03984c34505..15e3e12caa2 100644 --- a/shared/util/codeql/util/test/InlineExpectationsTest.qll +++ b/shared/util/codeql/util/test/InlineExpectationsTest.qll @@ -156,7 +156,11 @@ module Make<InlineExpectationsTestSig Impl> { * A failure will still arise if there is an annotation that does not match any results, but not vice versa. * Override this predicate to specify optional results. */ - predicate hasOptionalResult(Impl::Location location, string element, string tag, string value); + default predicate hasOptionalResult( + Impl::Location location, string element, string tag, string value + ) { + none() + } } /** From 0574f2784f2db7639bad37fba8871b71c99cb3d2 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Tue, 23 May 2023 12:32:28 +0200 Subject: [PATCH 584/870] Swift: trigger workflow on `codeql-cli-*` --- .github/workflows/swift.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/swift.yml b/.github/workflows/swift.yml index 806e04e6c68..075a5505f39 100644 --- a/.github/workflows/swift.yml +++ b/.github/workflows/swift.yml @@ -16,6 +16,7 @@ on: branches: - main - rc/* + - codeql-cli-* push: paths: - "swift/**" @@ -30,6 +31,7 @@ on: branches: - main - rc/* + - codeql-cli-* jobs: # not using a matrix as you cannot depend on a specific job in a matrix, and we want to start linux checks From 7dd18ff8010730866aedaec38ca3c1df24c412fd Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Tue, 23 May 2023 09:02:44 +0200 Subject: [PATCH 585/870] Swift: add `@ql.hideable` to schema loading --- misc/codegen/lib/schema.py | 2 ++ misc/codegen/lib/schemadefs.py | 1 + misc/codegen/loaders/schemaloader.py | 2 ++ misc/codegen/test/test_schemaloader.py | 17 +++++++++++++++++ 4 files changed, 22 insertions(+) diff --git a/misc/codegen/lib/schema.py b/misc/codegen/lib/schema.py index 64a4720093b..d72fa46adf4 100644 --- a/misc/codegen/lib/schema.py +++ b/misc/codegen/lib/schema.py @@ -91,6 +91,8 @@ class Class: """^^^ filled with `True` for non-final classes with only synthesized final descendants """ doc: List[str] = field(default_factory=list) default_doc_name: Optional[str] = None + hideable_root: bool = False + hideable: bool = False @property def final(self): diff --git a/misc/codegen/lib/schemadefs.py b/misc/codegen/lib/schemadefs.py index f3bfd9840dc..3235ace42e7 100644 --- a/misc/codegen/lib/schemadefs.py +++ b/misc/codegen/lib/schemadefs.py @@ -145,6 +145,7 @@ _Pragma("qltest_collapse_hierarchy") _Pragma("qltest_uncollapse_hierarchy") ql.default_doc_name = lambda doc: _annotate(doc_name=doc) +ql.hideable = _annotate(hideable=True) _Pragma("ql_internal") _Pragma("cpp_skip") diff --git a/misc/codegen/loaders/schemaloader.py b/misc/codegen/loaders/schemaloader.py index 5fd392b112d..0202c98f439 100644 --- a/misc/codegen/loaders/schemaloader.py +++ b/misc/codegen/loaders/schemaloader.py @@ -37,7 +37,9 @@ def _get_class(cls: type) -> schema.Class: derived={d.__name__ for d in cls.__subclasses__()}, # getattr to inherit from bases group=getattr(cls, "_group", ""), + hideable=getattr(cls, "_hideable", False), # in the following we don't use `getattr` to avoid inheriting + hideable_root=cls.__dict__.get("_hideable", False), pragmas=cls.__dict__.get("_pragmas", []), ipa=cls.__dict__.get("_ipa", None), properties=[ diff --git a/misc/codegen/test/test_schemaloader.py b/misc/codegen/test/test_schemaloader.py index 9c9750818ea..2479fc08500 100644 --- a/misc/codegen/test/test_schemaloader.py +++ b/misc/codegen/test/test_schemaloader.py @@ -688,5 +688,22 @@ def test_uppercase_acronyms_are_rejected(): pass +def test_hideable(): + @load + class data: + class Root: + pass + + @defs.ql.hideable + class A(Root): + pass + + class B(A): + pass + + assert data.classes["A"] == schema.Class("A", bases=["Root"], derived={"B"}, hideable_root=True, hideable=True) + assert data.classes["B"] == schema.Class("B", bases=["A"], hideable=True) + + if __name__ == '__main__': sys.exit(pytest.main([__file__] + sys.argv[1:])) From a087fef33575aa7df945e93aebf6cee7d566f721 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Tue, 23 May 2023 09:37:55 +0200 Subject: [PATCH 586/870] Swift: implement `@ql.hideable` --- misc/codegen/generators/qlgen.py | 15 +- misc/codegen/lib/ql.py | 3 + misc/codegen/templates/ql_class.mustache | 17 +-- misc/codegen/templates/ql_parent.mustache | 12 +- misc/codegen/test/test_qlgen.py | 128 ++++++++++-------- swift/ql/.generated.list | 4 +- .../codeql/swift/generated/ParentChild.qll | 6 +- swift/schema.py | 1 + 8 files changed, 112 insertions(+), 74 deletions(-) diff --git a/misc/codegen/generators/qlgen.py b/misc/codegen/generators/qlgen.py index 7affea51828..6e4017b81f6 100755 --- a/misc/codegen/generators/qlgen.py +++ b/misc/codegen/generators/qlgen.py @@ -102,7 +102,7 @@ def _get_doc(cls: schema.Class, prop: schema.Property, plural=None): return f"{prop_name} of this {class_name}" -def get_ql_property(cls: schema.Class, prop: schema.Property, prev_child: str = "") -> ql.Property: +def get_ql_property(cls: schema.Class, prop: schema.Property, lookup: typing.Dict[str, schema.Class], prev_child: str = "") -> ql.Property: args = dict( type=prop.type if not prop.is_predicate else "predicate", qltest_skip="qltest_skip" in prop.pragmas, @@ -110,7 +110,8 @@ def get_ql_property(cls: schema.Class, prop: schema.Property, prev_child: str = is_optional=prop.is_optional, is_predicate=prop.is_predicate, is_unordered=prop.is_unordered, - description=prop.description + description=prop.description, + type_is_hideable=lookup[prop.type].hideable if prop.type in lookup else False, ) if prop.is_single: args.update( @@ -147,12 +148,12 @@ def get_ql_property(cls: schema.Class, prop: schema.Property, prev_child: str = return ql.Property(**args) -def get_ql_class(cls: schema.Class) -> ql.Class: +def get_ql_class(cls: schema.Class, lookup: typing.Dict[str, schema.Class]) -> ql.Class: pragmas = {k: True for k in cls.pragmas if k.startswith("ql")} prev_child = "" properties = [] for p in cls.properties: - prop = get_ql_property(cls, p, prev_child) + prop = get_ql_property(cls, p, lookup, prev_child) if prop.is_child: prev_child = prop.singular properties.append(prop) @@ -164,6 +165,8 @@ def get_ql_class(cls: schema.Class) -> ql.Class: dir=pathlib.Path(cls.group or ""), ipa=bool(cls.ipa), doc=cls.doc, + hideable=cls.hideable, + hideable_root=cls.hideable_root, **pragmas, ) @@ -254,7 +257,7 @@ def _get_all_properties_to_be_tested(cls: schema.Class, lookup: typing.Dict[str, for c, p in _get_all_properties(cls, lookup): if not ("qltest_skip" in c.pragmas or "qltest_skip" in p.pragmas): # TODO here operations are duplicated, but should be better if we split ql and qltest generation - p = get_ql_property(c, p) + p = get_ql_property(c, p, lookup) yield ql.PropertyForTest(p.getter, is_total=p.is_single or p.is_predicate, type=p.type if not p.is_predicate else None, is_indexed=p.is_indexed) if p.is_repeated and not p.is_optional: @@ -329,7 +332,7 @@ def generate(opts, renderer): data = schemaloader.load_file(input) - classes = {name: get_ql_class(cls) for name, cls in data.classes.items()} + classes = {name: get_ql_class(cls, data.classes) for name, cls in data.classes.items()} if not classes: raise NoClasses root = next(iter(classes.values())) diff --git a/misc/codegen/lib/ql.py b/misc/codegen/lib/ql.py index 97165053fd0..508db816beb 100644 --- a/misc/codegen/lib/ql.py +++ b/misc/codegen/lib/ql.py @@ -42,6 +42,7 @@ class Property: description: List[str] = field(default_factory=list) doc: Optional[str] = None doc_plural: Optional[str] = None + type_is_hideable: bool = False def __post_init__(self): if self.tableparams: @@ -113,6 +114,8 @@ class Class: ql_internal: bool = False ipa: bool = False doc: List[str] = field(default_factory=list) + hideable_root: bool = False + hideable: bool = False def __post_init__(self): self.bases = [Base(str(b), str(prev)) for b, prev in zip(self.bases, itertools.chain([""], self.bases))] diff --git a/misc/codegen/templates/ql_class.mustache b/misc/codegen/templates/ql_class.mustache index 9f72caef392..63e4f0088fe 100644 --- a/misc/codegen/templates/ql_class.mustache +++ b/misc/codegen/templates/ql_class.mustache @@ -37,7 +37,8 @@ module Generated { * Gets a comma-separated list of the names of the primary CodeQL classes to which this element belongs. */ final string getPrimaryQlClasses() { result = concat(this.getAPrimaryQlClass(), ",") } - + {{/root}} + {{#hideable_root}} /** * Gets the most immediate element that should substitute this element in the explicit AST, if any. * Classes can override this to indicate this node should be in the "hidden" AST, mostly reserved @@ -54,13 +55,13 @@ module Generated { or result = this.getResolveStep().resolve() } - {{/root}} + {{/hideable_root}} {{#final}} override string getAPrimaryQlClass() { result = "{{name}}" } {{/final}} {{#properties}} - {{#type_is_class}} + {{#type_is_hideable}} /** * {{>ql_property_doc}} * * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the @@ -85,11 +86,11 @@ module Generated { */ final {{type}} {{getter}}({{#is_indexed}}int index{{/is_indexed}}) { exists({{type}} immediate | immediate = this.get{{#is_unordered}}An{{/is_unordered}}Immediate{{singular}}({{#is_indexed}}index{{/is_indexed}}) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve()) + {{#hideable}}if exists(this.getResolveStep()) then result = immediate else {{/hideable}}result = immediate.resolve()) } - {{/type_is_class}} - {{^type_is_class}} + {{/type_is_hideable}} + {{^type_is_hideable}} /** * {{>ql_property_doc}} * {{#has_description}} @@ -100,14 +101,14 @@ module Generated { */ {{type}} {{getter}}({{#is_indexed}}int index{{/is_indexed}}) { {{^ipa}} - {{^is_predicate}}result = {{/is_predicate}}Synth::convert{{name}}ToRaw(this){{^root}}.(Raw::{{name}}){{/root}}.{{getter}}({{#is_indexed}}index{{/is_indexed}}) + {{^is_predicate}}result = {{/is_predicate}}{{#type_is_class}}Synth::convert{{type}}FromRaw({{/type_is_class}}Synth::convert{{name}}ToRaw(this){{^root}}.(Raw::{{name}}){{/root}}.{{getter}}({{#is_indexed}}index{{/is_indexed}}){{#type_is_class}}){{/type_is_class}} {{/ipa}} {{#ipa}} none() {{/ipa}} } - {{/type_is_class}} + {{/type_is_hideable}} {{#is_optional}} /** * Holds if `{{getter}}({{#is_repeated}}index{{/is_repeated}})` exists. diff --git a/misc/codegen/templates/ql_parent.mustache b/misc/codegen/templates/ql_parent.mustache index 2c8d7dfc258..2dcac6c45dc 100644 --- a/misc/codegen/templates/ql_parent.mustache +++ b/misc/codegen/templates/ql_parent.mustache @@ -28,7 +28,7 @@ private module Impl { {{! for single and optional properties it adds 1 (regardless of whether the optional property exists) }} {{! for repeated it adds 1 + the maximum index (which works for repeated optional as well) }} and - n{{singular}} = n{{prev_child}} + 1{{#is_repeated}}+ max(int i | i = -1 or exists(e.getImmediate{{singular}}(i)) | i){{/is_repeated}} + n{{singular}} = n{{prev_child}} + 1{{#is_repeated}}+ max(int i | i = -1 or exists(e.get{{#type_is_hideable}}Immediate{{/type_is_hideable}}{{singular}}(i)) | i){{/is_repeated}} {{/is_child}} {{/properties}} and ( none() @@ -40,10 +40,10 @@ private module Impl { {{#is_child}} or {{#is_repeated}} - result = e.getImmediate{{singular}}(index - n{{prev_child}}) and partialPredicateCall = "{{singular}}(" + (index - n{{prev_child}}).toString() + ")" + result = e.get{{#type_is_hideable}}Immediate{{/type_is_hideable}}{{singular}}(index - n{{prev_child}}) and partialPredicateCall = "{{singular}}(" + (index - n{{prev_child}}).toString() + ")" {{/is_repeated}} {{^is_repeated}} - index = n{{prev_child}} and result = e.getImmediate{{singular}}() and partialPredicateCall = "{{singular}}()" + index = n{{prev_child}} and result = e.get{{#type_is_hideable}}Immediate{{/type_is_hideable}}{{singular}}() and partialPredicateCall = "{{singular}}()" {{/is_repeated}} {{/is_child}} {{/properties}} @@ -64,6 +64,10 @@ none() {{/final}} {{/classes}} } + +Element resolve(Element e) { + {{#classes}}{{#hideable_root}}if e instanceof {{name}} then result = e.({{name}}).resolve() else {{/hideable_root}}{{/classes}}result = e +} } /** @@ -87,5 +91,5 @@ exists(string partialAccessor | result = Impl::getImmediateChild(e, index, parti * Gets the child indexed at `index`. Indexes are not guaranteed to be contiguous, but are guaranteed to be distinct. `accessor` is bound the member predicate call resulting in the given child. */ Element getChildAndAccessor(Element e, int index, string accessor) { -exists(string partialAccessor | result = Impl::getImmediateChild(e, index, partialAccessor).resolve() and accessor = "get" + partialAccessor) +exists(string partialAccessor | result = Impl::resolve(Impl::getImmediateChild(e, index, partialAccessor)) and accessor = "get" + partialAccessor) } diff --git a/misc/codegen/test/test_qlgen.py b/misc/codegen/test/test_qlgen.py index 1cd85762315..32f65bbc851 100644 --- a/misc/codegen/test/test_qlgen.py +++ b/misc/codegen/test/test_qlgen.py @@ -139,15 +139,16 @@ def a_ql_class(**kwargs): return ql.Class(**kwargs, import_prefix=gen_import) -def a_ql_stub(**kwargs): - return ql.Stub(**kwargs, import_prefix=gen_import) +def a_ql_stub(*, name, import_prefix="", **kwargs): + return ql.Stub(name=name, **kwargs, import_prefix=gen_import, + base_import=f"{gen_import_prefix}{import_prefix}{name}") def test_one_empty_class(generate_classes): assert generate_classes([ schema.Class("A") ]) == { - "A.qll": (a_ql_stub(name="A", base_import=gen_import_prefix + "A"), + "A.qll": (a_ql_stub(name="A"), a_ql_class(name="A", final=True)), } @@ -159,15 +160,11 @@ def test_hierarchy(generate_classes): schema.Class("B", bases=["A"], derived={"D"}), schema.Class("A", derived={"B", "C"}), ]) == { - "A.qll": (a_ql_stub(name="A", base_import=gen_import_prefix + "A"), - a_ql_class(name="A")), - "B.qll": (a_ql_stub(name="B", base_import=gen_import_prefix + "B"), - a_ql_class(name="B", bases=["A"], imports=[stub_import_prefix + "A"])), - "C.qll": (a_ql_stub(name="C", base_import=gen_import_prefix + "C"), - a_ql_class(name="C", bases=["A"], imports=[stub_import_prefix + "A"])), - "D.qll": (a_ql_stub(name="D", base_import=gen_import_prefix + "D"), - a_ql_class(name="D", final=True, bases=["B", "C"], - imports=[stub_import_prefix + cls for cls in "BC"])), + "A.qll": (a_ql_stub(name="A"), a_ql_class(name="A")), + "B.qll": (a_ql_stub(name="B"), a_ql_class(name="B", bases=["A"], imports=[stub_import_prefix + "A"])), + "C.qll": (a_ql_stub(name="C"), a_ql_class(name="C", bases=["A"], imports=[stub_import_prefix + "A"])), + "D.qll": (a_ql_stub(name="D"), a_ql_class(name="D", final=True, bases=["B", "C"], + imports=[stub_import_prefix + cls for cls in "BC"])), } @@ -213,7 +210,7 @@ def test_single_property(generate_classes): schema.Class("MyObject", properties=[ schema.SingleProperty("foo", "bar")]), ]) == { - "MyObject.qll": (a_ql_stub(name="MyObject", base_import=gen_import_prefix + "MyObject"), + "MyObject.qll": (a_ql_stub(name="MyObject"), a_ql_class(name="MyObject", final=True, properties=[ ql.Property(singular="Foo", type="bar", tablename="my_objects", @@ -236,9 +233,8 @@ def test_children(generate_classes): schema.RepeatedOptionalProperty("child_4", "int", is_child=True), ]), ]) == { - "FakeRoot.qll": (a_ql_stub(name="FakeRoot", base_import=gen_import_prefix + "FakeRoot"), - a_ql_class(name="FakeRoot", final=True)), - "MyObject.qll": (a_ql_stub(name="MyObject", base_import=gen_import_prefix + "MyObject"), + "FakeRoot.qll": (a_ql_stub(name="FakeRoot"), a_ql_class(name="FakeRoot", final=True)), + "MyObject.qll": (a_ql_stub(name="MyObject"), a_ql_class(name="MyObject", final=True, properties=[ ql.Property(singular="A", type="int", tablename="my_objects", @@ -286,7 +282,7 @@ def test_single_properties(generate_classes): schema.SingleProperty("three", "z"), ]), ]) == { - "MyObject.qll": (a_ql_stub(name="MyObject", base_import=gen_import_prefix + "MyObject"), + "MyObject.qll": (a_ql_stub(name="MyObject"), a_ql_class(name="MyObject", final=True, properties=[ ql.Property(singular="One", type="x", tablename="my_objects", @@ -309,9 +305,8 @@ def test_optional_property(generate_classes, is_child, prev_child): schema.Class("MyObject", properties=[ schema.OptionalProperty("foo", "bar", is_child=is_child)]), ]) == { - "FakeRoot.qll": (a_ql_stub(name="FakeRoot", base_import=gen_import_prefix + "FakeRoot"), - a_ql_class(name="FakeRoot", final=True)), - "MyObject.qll": (a_ql_stub(name="MyObject", base_import=gen_import_prefix + "MyObject"), + "FakeRoot.qll": (a_ql_stub(name="FakeRoot"), a_ql_class(name="FakeRoot", final=True)), + "MyObject.qll": (a_ql_stub(name="MyObject"), a_ql_class(name="MyObject", final=True, properties=[ ql.Property(singular="Foo", type="bar", tablename="my_object_foos", tableparams=["this", "result"], @@ -327,9 +322,8 @@ def test_repeated_property(generate_classes, is_child, prev_child): schema.Class("MyObject", properties=[ schema.RepeatedProperty("foo", "bar", is_child=is_child)]), ]) == { - "FakeRoot.qll": (a_ql_stub(name="FakeRoot", base_import=gen_import_prefix + "FakeRoot"), - a_ql_class(name="FakeRoot", final=True)), - "MyObject.qll": (a_ql_stub(name="MyObject", base_import=gen_import_prefix + "MyObject"), + "FakeRoot.qll": (a_ql_stub(name="FakeRoot"), a_ql_class(name="FakeRoot", final=True)), + "MyObject.qll": (a_ql_stub(name="MyObject"), a_ql_class(name="MyObject", final=True, properties=[ ql.Property(singular="Foo", plural="Foos", type="bar", tablename="my_object_foos", tableparams=["this", "index", "result"], prev_child=prev_child, @@ -344,9 +338,8 @@ def test_repeated_unordered_property(generate_classes): schema.Class("MyObject", properties=[ schema.RepeatedUnorderedProperty("foo", "bar")]), ]) == { - "FakeRoot.qll": (a_ql_stub(name="FakeRoot", base_import=gen_import_prefix + "FakeRoot"), - a_ql_class(name="FakeRoot", final=True)), - "MyObject.qll": (a_ql_stub(name="MyObject", base_import=gen_import_prefix + "MyObject"), + "FakeRoot.qll": (a_ql_stub(name="FakeRoot"), a_ql_class(name="FakeRoot", final=True)), + "MyObject.qll": (a_ql_stub(name="MyObject"), a_ql_class(name="MyObject", final=True, properties=[ ql.Property(singular="Foo", plural="Foos", type="bar", tablename="my_object_foos", tableparams=["this", "result"], is_unordered=True, @@ -363,9 +356,8 @@ def test_repeated_optional_property(generate_classes, is_child, prev_child): schema.RepeatedOptionalProperty("foo", "bar", is_child=is_child)]), ]) == { - "FakeRoot.qll": (a_ql_stub(name="FakeRoot", base_import=gen_import_prefix + "FakeRoot"), - a_ql_class(name="FakeRoot", final=True)), - "MyObject.qll": (a_ql_stub(name="MyObject", base_import=gen_import_prefix + "MyObject"), + "FakeRoot.qll": (a_ql_stub(name="FakeRoot"), a_ql_class(name="FakeRoot", final=True)), + "MyObject.qll": (a_ql_stub(name="MyObject"), a_ql_class(name="MyObject", final=True, properties=[ ql.Property(singular="Foo", plural="Foos", type="bar", tablename="my_object_foos", tableparams=["this", "index", "result"], is_optional=True, @@ -380,7 +372,7 @@ def test_predicate_property(generate_classes): schema.Class("MyObject", properties=[ schema.PredicateProperty("is_foo")]), ]) == { - "MyObject.qll": (a_ql_stub(name="MyObject", base_import=gen_import_prefix + "MyObject"), + "MyObject.qll": (a_ql_stub(name="MyObject"), a_ql_class(name="MyObject", final=True, properties=[ ql.Property(singular="isFoo", type="predicate", tablename="my_object_is_foo", tableparams=["this"], is_predicate=True, doc="this my object is foo"), @@ -395,7 +387,7 @@ def test_single_class_property(generate_classes, is_child, prev_child): schema.Class("MyObject", properties=[ schema.SingleProperty("foo", "Bar", is_child=is_child)]), ]) == { - "MyObject.qll": (a_ql_stub(name="MyObject", base_import=gen_import_prefix + "MyObject"), + "MyObject.qll": (a_ql_stub(name="MyObject"), a_ql_class( name="MyObject", final=True, imports=[stub_import_prefix + "Bar"], properties=[ ql.Property(singular="Foo", type="Bar", tablename="my_objects", @@ -404,8 +396,7 @@ def test_single_class_property(generate_classes, is_child, prev_child): prev_child=prev_child, doc="foo of this my object"), ], )), - "Bar.qll": (a_ql_stub(name="Bar", base_import=gen_import_prefix + "Bar"), - a_ql_class(name="Bar", final=True)), + "Bar.qll": (a_ql_stub(name="Bar"), a_ql_class(name="Bar", final=True)), } @@ -414,8 +405,7 @@ def test_class_with_doc(generate_classes): assert generate_classes([ schema.Class("A", doc=doc), ]) == { - "A.qll": (a_ql_stub(name="A", base_import=gen_import_prefix + "A"), - a_ql_class(name="A", final=True, doc=doc)), + "A.qll": (a_ql_stub(name="A"), a_ql_class(name="A", final=True, doc=doc)), } @@ -425,9 +415,8 @@ def test_class_dir(generate_classes): schema.Class("A", derived={"B"}, group=dir), schema.Class("B", bases=["A"]), ]) == { - f"{dir}/A.qll": (a_ql_stub(name="A", base_import=gen_import_prefix + "another.rel.path.A"), - a_ql_class(name="A", dir=pathlib.Path(dir))), - "B.qll": (a_ql_stub(name="B", base_import=gen_import_prefix + "B"), + f"{dir}/A.qll": (a_ql_stub(name="A", import_prefix="another.rel.path."), a_ql_class(name="A", dir=pathlib.Path(dir))), + "B.qll": (a_ql_stub(name="B"), a_ql_class(name="B", final=True, bases=["A"], imports=[stub_import_prefix + "another.rel.path.A"])), } @@ -586,11 +575,11 @@ def test_test_partial_properties(opts, generate_tests): type="bool")), "B/B_getZ.ql": a_ql_property_tester(class_name="B", property=ql.PropertyForTest(getter="getZ", is_total=False, - is_indexed=True, - type="int")), + is_indexed=True, + type="int")), "B/B_getAW.ql": a_ql_property_tester(class_name="B", property=ql.PropertyForTest(getter="getAW", is_total=False, - type="string")), + type="string")), } @@ -611,7 +600,7 @@ def test_test_properties_deduplicated(opts, generate_tests): ]), "Final/Final_getY.ql": a_ql_property_tester(class_name="Final", property=ql.PropertyForTest(getter="getY", is_total=False, - is_indexed=True, + is_indexed=True, type="bool")), } @@ -706,7 +695,7 @@ def test_property_description(generate_classes): schema.SingleProperty("foo", "bar", description=description), ]), ]) == { - "MyObject.qll": (a_ql_stub(name="MyObject", base_import=gen_import_prefix + "MyObject"), + "MyObject.qll": (a_ql_stub(name="MyObject"), a_ql_class(name="MyObject", final=True, properties=[ ql.Property(singular="Foo", type="bar", tablename="my_objects", @@ -722,7 +711,7 @@ def test_property_doc_override(generate_classes): schema.Class("MyObject", properties=[ schema.SingleProperty("foo", "bar", doc="baz")]), ]) == { - "MyObject.qll": (a_ql_stub(name="MyObject", base_import=gen_import_prefix + "MyObject"), + "MyObject.qll": (a_ql_stub(name="MyObject"), a_ql_class(name="MyObject", final=True, properties=[ ql.Property(singular="Foo", type="bar", tablename="my_objects", @@ -737,7 +726,7 @@ def test_repeated_property_doc_override(generate_classes): schema.RepeatedProperty("x", "int", doc="children of this"), schema.RepeatedOptionalProperty("y", "int", doc="child of this")]), ]) == { - "MyObject.qll": (a_ql_stub(name="MyObject", base_import=gen_import_prefix + "MyObject"), + "MyObject.qll": (a_ql_stub(name="MyObject"), a_ql_class(name="MyObject", final=True, properties=[ ql.Property(singular="X", plural="Xes", type="int", @@ -759,7 +748,7 @@ def test_property_doc_abbreviations(generate_classes, abbr, expected): schema.Class("Object", properties=[ schema.SingleProperty(f"foo_{abbr}_bar", "baz")]), ]) == { - "Object.qll": (a_ql_stub(name="Object", base_import=gen_import_prefix + "Object"), + "Object.qll": (a_ql_stub(name="Object"), a_ql_class(name="Object", final=True, properties=[ ql.Property(singular=f"Foo{abbr.capitalize()}Bar", type="baz", @@ -776,7 +765,7 @@ def test_property_doc_abbreviations_ignored_if_within_word(generate_classes, abb schema.Class("Object", properties=[ schema.SingleProperty(f"foo_{abbr}acadabra_bar", "baz")]), ]) == { - "Object.qll": (a_ql_stub(name="Object", base_import=gen_import_prefix + "Object"), + "Object.qll": (a_ql_stub(name="Object"), a_ql_class(name="Object", final=True, properties=[ ql.Property(singular=f"Foo{abbr.capitalize()}acadabraBar", type="baz", @@ -792,7 +781,7 @@ def test_repeated_property_doc_override_with_format(generate_classes): schema.RepeatedProperty("x", "int", doc="special {children} of this"), schema.RepeatedOptionalProperty("y", "int", doc="special {child} of this")]), ]) == { - "MyObject.qll": (a_ql_stub(name="MyObject", base_import=gen_import_prefix + "MyObject"), + "MyObject.qll": (a_ql_stub(name="MyObject"), a_ql_class(name="MyObject", final=True, properties=[ ql.Property(singular="X", plural="Xes", type="int", @@ -815,7 +804,7 @@ def test_repeated_property_doc_override_with_multiple_formats(generate_classes): schema.RepeatedProperty("x", "int", doc="{cat} or {dog}"), schema.RepeatedOptionalProperty("y", "int", doc="{cats} or {dogs}")]), ]) == { - "MyObject.qll": (a_ql_stub(name="MyObject", base_import=gen_import_prefix + "MyObject"), + "MyObject.qll": (a_ql_stub(name="MyObject"), a_ql_class(name="MyObject", final=True, properties=[ ql.Property(singular="X", plural="Xes", type="int", @@ -835,7 +824,7 @@ def test_property_doc_override_with_format(generate_classes): schema.Class("MyObject", properties=[ schema.SingleProperty("foo", "bar", doc="special {baz} of this")]), ]) == { - "MyObject.qll": (a_ql_stub(name="MyObject", base_import=gen_import_prefix + "MyObject"), + "MyObject.qll": (a_ql_stub(name="MyObject"), a_ql_class(name="MyObject", final=True, properties=[ ql.Property(singular="Foo", type="bar", tablename="my_objects", @@ -850,7 +839,7 @@ def test_property_on_class_with_default_doc_name(generate_classes): schema.SingleProperty("foo", "bar")], default_doc_name="baz"), ]) == { - "MyObject.qll": (a_ql_stub(name="MyObject", base_import=gen_import_prefix + "MyObject"), + "MyObject.qll": (a_ql_stub(name="MyObject"), a_ql_class(name="MyObject", final=True, properties=[ ql.Property(singular="Foo", type="bar", tablename="my_objects", @@ -863,7 +852,7 @@ def test_stub_on_class_with_ipa_from_class(generate_classes): assert generate_classes([ schema.Class("MyObject", ipa=schema.IpaInfo(from_class="A")), ]) == { - "MyObject.qll": (a_ql_stub(name="MyObject", base_import=gen_import_prefix + "MyObject", ipa_accessors=[ + "MyObject.qll": (a_ql_stub(name="MyObject", ipa_accessors=[ ql.IpaUnderlyingAccessor(argument="Entity", type="Raw::A", constructorparams=["result"]), ]), a_ql_class(name="MyObject", final=True, ipa=True)), @@ -874,7 +863,7 @@ def test_stub_on_class_with_ipa_on_arguments(generate_classes): assert generate_classes([ schema.Class("MyObject", ipa=schema.IpaInfo(on_arguments={"base": "A", "index": "int", "label": "string"})), ]) == { - "MyObject.qll": (a_ql_stub(name="MyObject", base_import=gen_import_prefix + "MyObject", ipa_accessors=[ + "MyObject.qll": (a_ql_stub(name="MyObject", ipa_accessors=[ ql.IpaUnderlyingAccessor(argument="Base", type="Raw::A", constructorparams=["result", "_", "_"]), ql.IpaUnderlyingAccessor(argument="Index", type="int", constructorparams=["_", "result", "_"]), ql.IpaUnderlyingAccessor(argument="Label", type="string", constructorparams=["_", "_", "result"]), @@ -883,5 +872,38 @@ def test_stub_on_class_with_ipa_on_arguments(generate_classes): } +def test_hideable_class(generate_classes): + assert generate_classes([ + schema.Class("MyObject", hideable=True), + ]) == { + "MyObject.qll": (a_ql_stub(name="MyObject"), a_ql_class(name="MyObject", final=True, hideable=True)), + } + + +def test_hideable_root_class(generate_classes): + assert generate_classes([ + schema.Class("MyObject", hideable_root=True), + ]) == { + "MyObject.qll": (a_ql_stub(name="MyObject"), a_ql_class(name="MyObject", final=True, hideable_root=True)), + } + + +def test_hideable_property(generate_classes): + assert generate_classes([ + schema.Class("MyObject", hideable=True), + schema.Class("Other", properties=[ + schema.SingleProperty("x", "MyObject"), + ]), + ]) == { + "MyObject.qll": (a_ql_stub(name="MyObject"), a_ql_class(name="MyObject", final=True, hideable=True)), + "Other.qll": (a_ql_stub(name="Other"), + a_ql_class(name="Other", imports=[stub_import_prefix + "MyObject"], + final=True, properties=[ + ql.Property(singular="X", type="MyObject", tablename="others", type_is_hideable=True, + tableparams=["this", "result"], doc="x of this other"), + ])), + } + + if __name__ == '__main__': sys.exit(pytest.main([__file__] + sys.argv[1:])) diff --git a/swift/ql/.generated.list b/swift/ql/.generated.list index a28e6ba533b..c6b98069ef7 100644 --- a/swift/ql/.generated.list +++ b/swift/ql/.generated.list @@ -374,14 +374,14 @@ lib/codeql/swift/generated/Comment.qll f58b49f6e68c21f87c51e2ff84c8a64b09286d733 lib/codeql/swift/generated/DbFile.qll a49b2a2cb2788cb49c861ebcd458b8daead7b15adb19c3a9f4db3bf39a0051fc a49b2a2cb2788cb49c861ebcd458b8daead7b15adb19c3a9f4db3bf39a0051fc lib/codeql/swift/generated/DbLocation.qll b9baea963d9fa82068986512c0649d1050897654eee3df51dba17cf6b1170873 b9baea963d9fa82068986512c0649d1050897654eee3df51dba17cf6b1170873 lib/codeql/swift/generated/Diagnostics.qll d2ee2db55e932dcaee95fcc1164a51ffbe1a78d86ee0f50aabb299b458462afe 566d554d579cadde26dc4d1d6b1750ca800511201b737b629f15b6f873af3733 -lib/codeql/swift/generated/Element.qll 81a01c1965cf8154596c753b20536ef8630b30567d8c077660ab2d11143f060b 74f5c76db5ec82a9c1675ec0282acd44f1a86ef447d1961c47aea3eed50f79cb +lib/codeql/swift/generated/Element.qll 5293995513d2461a0358ca73c723eddbe1c55c140531ba75d52b03b5e3137016 74f5c76db5ec82a9c1675ec0282acd44f1a86ef447d1961c47aea3eed50f79cb lib/codeql/swift/generated/ErrorElement.qll 4b032abe8ffb71376a29c63e470a52943ace2527bf7b433c97a8bf716f9ad102 4f2b1be162a5c275e3264dbc51bf98bce8846d251be8490a0d4b16cbc85f630f lib/codeql/swift/generated/File.qll f88c485883dd9b2b4a366080e098372912e03fb3177e5cae58aa4449c2b03399 0333c49e3a11c48e6146a7f492ee31ac022d80150fc3f8bfafc3c8f94d66ff76 lib/codeql/swift/generated/KeyPathComponent.qll 00b1e586b8532f0193b3f61111e70d4e595f3d45c7a25ff68114be1051882491 c556e85b21fc5a5aae12fb5599a96442431ef44ae92350eb7da9efe6a22efd53 lib/codeql/swift/generated/Locatable.qll bfdf2dafae2829cac8d1e863a93676228d131b5a7f3df87c40d2f3b1839962b8 af243098af0955a40862387edf7526826fde62a64e5e6ca28de9e9603a8622bf lib/codeql/swift/generated/Location.qll 921922352d39449067d9f2788309b5f3490091097ffe35e6aa98f9368626ce2c 0795c63565c4308e745400bc70ea73675160201590a95bb418de4e2ebca32764 lib/codeql/swift/generated/OtherAvailabilitySpec.qll 0e26a203b26ff0581b7396b0c6d1606feec5cc32477f676585cdec4911af91c5 0e26a203b26ff0581b7396b0c6d1606feec5cc32477f676585cdec4911af91c5 -lib/codeql/swift/generated/ParentChild.qll f490202e849b9cbd550ee9d758644b85d43e60d81413e6c28df2850fb1e9a2d6 6b95aeab6b53a880b230ad0c96b6deb519a7368898c844632ae96090de59df99 +lib/codeql/swift/generated/ParentChild.qll 727205c3f85c042a9a33c6a33da3843493ec7273c5cc07b92e82b90b140828c7 2d34bb73116390a1386b47443f7fe8b7f013078398e1f3387dba1c8522000aaa lib/codeql/swift/generated/PlatformVersionAvailabilitySpec.qll f82d9ca416fe8bd59b5531b65b1c74c9f317b3297a6101544a11339a1cffce38 7f5c6d3309e66c134107afe55bae76dfc9a72cb7cdd6d4c3706b6b34cee09fa0 lib/codeql/swift/generated/PureSynthConstructors.qll 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 lib/codeql/swift/generated/Raw.qll 8d4880e5ee1fdd120adeb7bf0dfa1399e7b1a53b2cc7598aed8e15cbf996d1c0 da0d446347d29f5cd05281c17c24e87610f31c32adb7e05ab8f3a26bed55bd90 diff --git a/swift/ql/lib/codeql/swift/generated/ParentChild.qll b/swift/ql/lib/codeql/swift/generated/ParentChild.qll index 09c48606353..958f4ec60a3 100644 --- a/swift/ql/lib/codeql/swift/generated/ParentChild.qll +++ b/swift/ql/lib/codeql/swift/generated/ParentChild.qll @@ -5299,6 +5299,10 @@ private module Impl { or result = getImmediateChildOfVariadicSequenceType(e, index, partialAccessor) } + + Element resolve(Element e) { + if e instanceof Element then result = e.(Element).resolve() else result = e + } } /** @@ -5326,7 +5330,7 @@ Element getImmediateChildAndAccessor(Element e, int index, string accessor) { */ Element getChildAndAccessor(Element e, int index, string accessor) { exists(string partialAccessor | - result = Impl::getImmediateChild(e, index, partialAccessor).resolve() and + result = Impl::resolve(Impl::getImmediateChild(e, index, partialAccessor)) and accessor = "get" + partialAccessor ) } diff --git a/swift/schema.py b/swift/schema.py index 8fc0941e171..f2d1283974f 100644 --- a/swift/schema.py +++ b/swift/schema.py @@ -14,6 +14,7 @@ from misc.codegen.lib.schemadefs import * include("prefix.dbscheme") @qltest.skip +@ql.hideable class Element: is_unknown: predicate | cpp.skip From b19194bd06794da7655f2e5eba032c8a14947ab1 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Tue, 23 May 2023 10:30:09 +0200 Subject: [PATCH 587/870] Swift: make only `Expr`, `Pattern` and `Type` hideable --- swift/ql/.generated.list | 173 ++++++++--------- swift/ql/.gitattributes | 1 + .../swift/controlflow/internal/Completion.qll | 6 +- .../internal/ControlFlowGraphImpl.qll | 46 +++-- swift/ql/lib/codeql/swift/elements.qll | 1 + .../ql/lib/codeql/swift/elements/Element.qll | 11 -- .../codeql/swift/elements/HideableElement.qll | 14 ++ .../lib/codeql/swift/elements/Locatable.qll | 6 +- .../codeql/swift/elements/UnknownLocation.qll | 2 +- .../swift/elements/UnspecifiedElement.qll | 2 +- .../swift/elements/expr/MethodLookupExpr.qll | 2 +- .../swift/generated/AvailabilityInfo.qll | 15 +- .../lib/codeql/swift/generated/Callable.qll | 64 +------ .../ql/lib/codeql/swift/generated/Element.qll | 17 -- .../swift/generated/HideableElement.qll | 25 +++ .../swift/generated/KeyPathComponent.qll | 32 +--- .../lib/codeql/swift/generated/Locatable.qll | 15 +- .../lib/codeql/swift/generated/Location.qll | 15 +- .../codeql/swift/generated/ParentChild.qll | 178 ++++++++++-------- swift/ql/lib/codeql/swift/generated/Raw.qll | 11 +- swift/ql/lib/codeql/swift/generated/Synth.qll | 39 +++- .../swift/generated/UnspecifiedElement.qll | 15 +- .../generated/decl/AbstractStorageDecl.qll | 15 +- .../swift/generated/decl/CapturedDecl.qll | 15 +- .../lib/codeql/swift/generated/decl/Decl.qll | 30 +-- .../swift/generated/decl/EnumCaseDecl.qll | 15 +- .../swift/generated/decl/EnumElementDecl.qll | 15 +- .../swift/generated/decl/ExtensionDecl.qll | 30 +-- .../swift/generated/decl/GenericContext.qll | 15 +- .../swift/generated/decl/IfConfigDecl.qll | 15 +- .../swift/generated/decl/ImportDecl.qll | 30 +-- .../generated/decl/InfixOperatorDecl.qll | 15 +- .../swift/generated/decl/ModuleDecl.qll | 32 +--- .../swift/generated/decl/NominalTypeDecl.qll | 2 +- .../swift/generated/decl/OpaqueTypeDecl.qll | 17 +- .../codeql/swift/generated/decl/ParamDecl.qll | 38 +--- .../generated/decl/PatternBindingDecl.qll | 4 +- .../generated/decl/PoundDiagnosticDecl.qll | 2 +- .../swift/generated/decl/SubscriptDecl.qll | 17 +- .../swift/generated/decl/TopLevelCodeDecl.qll | 15 +- .../swift/generated/decl/TypeAliasDecl.qll | 2 +- .../codeql/swift/generated/decl/TypeDecl.qll | 2 +- .../codeql/swift/generated/decl/ValueDecl.qll | 2 +- .../codeql/swift/generated/decl/VarDecl.qll | 92 ++------- .../expr/AppliedPropertyWrapperExpr.qll | 15 +- .../codeql/swift/generated/expr/ApplyExpr.qll | 15 +- .../codeql/swift/generated/expr/Argument.qll | 2 +- .../swift/generated/expr/CaptureListExpr.qll | 15 +- .../swift/generated/expr/DeclRefExpr.qll | 15 +- .../generated/expr/DefaultArgumentExpr.qll | 15 +- .../swift/generated/expr/EnumIsCaseExpr.qll | 15 +- .../lib/codeql/swift/generated/expr/Expr.qll | 3 +- .../swift/generated/expr/KeyPathExpr.qll | 30 +-- .../swift/generated/expr/LookupExpr.qll | 15 +- .../swift/generated/expr/ObjCSelectorExpr.qll | 15 +- .../generated/expr/ObjectLiteralExpr.qll | 15 +- .../expr/OtherInitializerRefExpr.qll | 15 +- .../generated/expr/OverloadedDeclRefExpr.qll | 15 +- .../expr/RebindSelfInInitializerExpr.qll | 15 +- .../swift/generated/expr/SubscriptExpr.qll | 15 +- .../swift/generated/expr/SuperRefExpr.qll | 15 +- .../codeql/swift/generated/expr/TapExpr.qll | 30 +-- .../codeql/swift/generated/expr/TypeExpr.qll | 15 +- .../generated/pattern/EnumElementPattern.qll | 15 +- .../swift/generated/pattern/IsPattern.qll | 15 +- .../swift/generated/pattern/Pattern.qll | 3 +- .../swift/generated/pattern/TypedPattern.qll | 15 +- .../codeql/swift/generated/stmt/BraceStmt.qll | 15 +- .../codeql/swift/generated/stmt/BreakStmt.qll | 15 +- .../swift/generated/stmt/CaseLabelItem.qll | 4 +- .../codeql/swift/generated/stmt/CaseStmt.qll | 45 +---- .../swift/generated/stmt/ConditionElement.qll | 21 +-- .../swift/generated/stmt/ContinueStmt.qll | 15 +- .../codeql/swift/generated/stmt/DeferStmt.qll | 15 +- .../swift/generated/stmt/DoCatchStmt.qll | 30 +-- .../codeql/swift/generated/stmt/DoStmt.qll | 15 +- .../swift/generated/stmt/FallthroughStmt.qll | 30 +-- .../swift/generated/stmt/ForEachStmt.qll | 21 +-- .../codeql/swift/generated/stmt/GuardStmt.qll | 15 +- .../codeql/swift/generated/stmt/IfStmt.qll | 30 +-- .../generated/stmt/LabeledConditionalStmt.qll | 15 +- .../swift/generated/stmt/PoundAssertStmt.qll | 2 +- .../swift/generated/stmt/RepeatWhileStmt.qll | 17 +- .../swift/generated/stmt/ReturnStmt.qll | 2 +- .../swift/generated/stmt/StmtCondition.qll | 15 +- .../swift/generated/stmt/SwitchStmt.qll | 17 +- .../codeql/swift/generated/stmt/ThrowStmt.qll | 2 +- .../codeql/swift/generated/stmt/WhileStmt.qll | 15 +- .../codeql/swift/generated/stmt/YieldStmt.qll | 2 +- .../swift/generated/type/AnyGenericType.qll | 15 +- .../swift/generated/type/ArchetypeType.qll | 15 +- .../generated/type/DependentMemberType.qll | 15 +- .../swift/generated/type/ModuleType.qll | 15 +- .../type/OpaqueTypeArchetypeType.qll | 15 +- .../lib/codeql/swift/generated/type/Type.qll | 4 +- .../swift/generated/type/TypeAliasType.qll | 15 +- .../codeql/swift/generated/type/TypeRepr.qll | 2 +- .../codeql/swift/printast/PrintAstNode.qll | 4 +- swift/ql/lib/swift.dbscheme | 8 +- swift/schema.py | 11 +- 100 files changed, 454 insertions(+), 1471 deletions(-) create mode 100644 swift/ql/lib/codeql/swift/elements/HideableElement.qll create mode 100644 swift/ql/lib/codeql/swift/generated/HideableElement.qll diff --git a/swift/ql/.generated.list b/swift/ql/.generated.list index c6b98069ef7..3de24cd5c71 100644 --- a/swift/ql/.generated.list +++ b/swift/ql/.generated.list @@ -365,80 +365,81 @@ lib/codeql/swift/elements/type/VariadicSequenceType.qll 325e4c4481e9ac07acdc6aeb lib/codeql/swift/elements/type/VariadicSequenceTypeConstructor.qll 0d1d2328a3b5e503a883e7e6d7efd0ca5e7f2633abead9e4c94a9f98ed3cb223 69bff81c1b9413949eacb9298d2efb718ea808e68364569a1090c9878c4af856 lib/codeql/swift/elements/type/WeakStorageType.qll 7c07739cfc1459f068f24fef74838428128054adf611504d22532e4a156073e7 9c968414d7cc8d672f3754bced5d4f83f43a6d7872d0d263d79ff60483e1f996 lib/codeql/swift/elements/type/WeakStorageTypeConstructor.qll d88b031ef44d6de14b3ddcff2eb47b53dbd11550c37250ff2edb42e5d21ec3e9 26d855c33492cf7a118e439f7baeed0e5425cfaf058b1dcc007eca7ed765c897 -lib/codeql/swift/elements.qll 3df0060edd2b2030f4e4d7d5518afe0073d798474d9b1d6185d833bec63ca8bd 3df0060edd2b2030f4e4d7d5518afe0073d798474d9b1d6185d833bec63ca8bd +lib/codeql/swift/elements.qll cba02ae777269061af0713f6b003c97679434ddc8b2e871fc00c5d17c5265d2a cba02ae777269061af0713f6b003c97679434ddc8b2e871fc00c5d17c5265d2a lib/codeql/swift/generated/AstNode.qll 02ca56d82801f942ae6265c6079d92ccafdf6b532f6bcebd98a04029ddf696e4 6216fda240e45bd4302fa0cf0f08f5f945418b144659264cdda84622b0420aa2 -lib/codeql/swift/generated/AvailabilityInfo.qll c648a66cf45414c85cf9cc69aa05b765a49d0c18cd9c101c34f99a9adc38a1ee 54ba7b07b4177d35e85d19363aa7adcda29cda185a5818e5fcb7c678c093e0ba +lib/codeql/swift/generated/AvailabilityInfo.qll 1e38e7f52ccbcecd4dd088eae15c482d87911682dabb426332cc0e207fc6bf2f 7c6640530cdbece90d4172e8d6cfd119656860da08bb61ed4ef3a6757723994f lib/codeql/swift/generated/AvailabilitySpec.qll fb1255f91bb5e41ad4e9c675a2efbc50d0fb366ea2de68ab7eebd177b0795309 144e0c2e7d6c62ecee43325f7f26dcf437881edf0b75cc1bc898c6c4b61fdeaf -lib/codeql/swift/generated/Callable.qll 9dcf09a2f227dd6f569f007a07fb368d6b928ffd002535bb97118361430d948c 5c203f5f6b4f8b6748e61e09bb46c55442a2fb36f2d1fa950e6f81bdda562709 +lib/codeql/swift/generated/Callable.qll c1f214f5ea4da567d3cf2ac4915630ae1e19c939d2aa64cdd5ab06e76de059dc c43fd17a89d016a31584de10e4d4988f3ea10dc26d6b59b3151bb3196e9f0689 lib/codeql/swift/generated/Comment.qll f58b49f6e68c21f87c51e2ff84c8a64b09286d733e86f70d67d3a98fe6260bd6 975bbb599a2a7adc35179f6ae06d9cbc56ea8a03b972ef2ee87604834bc6deb1 lib/codeql/swift/generated/DbFile.qll a49b2a2cb2788cb49c861ebcd458b8daead7b15adb19c3a9f4db3bf39a0051fc a49b2a2cb2788cb49c861ebcd458b8daead7b15adb19c3a9f4db3bf39a0051fc lib/codeql/swift/generated/DbLocation.qll b9baea963d9fa82068986512c0649d1050897654eee3df51dba17cf6b1170873 b9baea963d9fa82068986512c0649d1050897654eee3df51dba17cf6b1170873 lib/codeql/swift/generated/Diagnostics.qll d2ee2db55e932dcaee95fcc1164a51ffbe1a78d86ee0f50aabb299b458462afe 566d554d579cadde26dc4d1d6b1750ca800511201b737b629f15b6f873af3733 -lib/codeql/swift/generated/Element.qll 5293995513d2461a0358ca73c723eddbe1c55c140531ba75d52b03b5e3137016 74f5c76db5ec82a9c1675ec0282acd44f1a86ef447d1961c47aea3eed50f79cb +lib/codeql/swift/generated/Element.qll 1c6a757f3c1218b02a98f075b2cfb5bd0cc31dff31bd1d04acdf4d4f040dee45 a3221cd9250706e6313a82450466326e5a1e6ffa5ae0b308e943d0979d03919e lib/codeql/swift/generated/ErrorElement.qll 4b032abe8ffb71376a29c63e470a52943ace2527bf7b433c97a8bf716f9ad102 4f2b1be162a5c275e3264dbc51bf98bce8846d251be8490a0d4b16cbc85f630f lib/codeql/swift/generated/File.qll f88c485883dd9b2b4a366080e098372912e03fb3177e5cae58aa4449c2b03399 0333c49e3a11c48e6146a7f492ee31ac022d80150fc3f8bfafc3c8f94d66ff76 -lib/codeql/swift/generated/KeyPathComponent.qll 00b1e586b8532f0193b3f61111e70d4e595f3d45c7a25ff68114be1051882491 c556e85b21fc5a5aae12fb5599a96442431ef44ae92350eb7da9efe6a22efd53 -lib/codeql/swift/generated/Locatable.qll bfdf2dafae2829cac8d1e863a93676228d131b5a7f3df87c40d2f3b1839962b8 af243098af0955a40862387edf7526826fde62a64e5e6ca28de9e9603a8622bf -lib/codeql/swift/generated/Location.qll 921922352d39449067d9f2788309b5f3490091097ffe35e6aa98f9368626ce2c 0795c63565c4308e745400bc70ea73675160201590a95bb418de4e2ebca32764 +lib/codeql/swift/generated/HideableElement.qll 0eb3bb2fd9fb2b5ba444f4cd1aa4f91c87926618dcfa0051b048cf9d63f9602e 0eb3bb2fd9fb2b5ba444f4cd1aa4f91c87926618dcfa0051b048cf9d63f9602e +lib/codeql/swift/generated/KeyPathComponent.qll c79c7bc04fc1426992ab472eedc1a20a7aa496ff3f43305400022f1a02ba44f4 a9935b68b511329d157bcd7a7d27aa4803d2163306db8b41808a2b736f80f4d8 +lib/codeql/swift/generated/Locatable.qll be20967d48a34cdba126fe298606e0adc11697831f097acba9c52a0b7ce9983e 8aa01bc376614abbc3209e25785c72f86c9b4e94bb5f471a4a0677fedaec4f61 +lib/codeql/swift/generated/Location.qll c5793987e77812059a28254dadee29bfe9b38153c0399fbb1bf6a2f5c237fdab 6e6d8802b021e36bbaad81845657769dd48a798ea33080ada05e9818a20b38f7 lib/codeql/swift/generated/OtherAvailabilitySpec.qll 0e26a203b26ff0581b7396b0c6d1606feec5cc32477f676585cdec4911af91c5 0e26a203b26ff0581b7396b0c6d1606feec5cc32477f676585cdec4911af91c5 -lib/codeql/swift/generated/ParentChild.qll 727205c3f85c042a9a33c6a33da3843493ec7273c5cc07b92e82b90b140828c7 2d34bb73116390a1386b47443f7fe8b7f013078398e1f3387dba1c8522000aaa +lib/codeql/swift/generated/ParentChild.qll ffec94e3ee076ff73dd7b4e6561c8d8c1f9a198547085baa40a1e5e28adc5827 a28adf13137431f55ce218ade6848bf5b853d3f27315765e9e6c45032c02ddd3 lib/codeql/swift/generated/PlatformVersionAvailabilitySpec.qll f82d9ca416fe8bd59b5531b65b1c74c9f317b3297a6101544a11339a1cffce38 7f5c6d3309e66c134107afe55bae76dfc9a72cb7cdd6d4c3706b6b34cee09fa0 lib/codeql/swift/generated/PureSynthConstructors.qll 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 -lib/codeql/swift/generated/Raw.qll 8d4880e5ee1fdd120adeb7bf0dfa1399e7b1a53b2cc7598aed8e15cbf996d1c0 da0d446347d29f5cd05281c17c24e87610f31c32adb7e05ab8f3a26bed55bd90 -lib/codeql/swift/generated/Synth.qll 551fdf7e4b53f9ee1314d1bb42c2638cf82f45bfa1f40a635dfa7b6072e4418c 9ab178464700a19951fc5285acacda4913addee81515d8e072b3d7055935a814 +lib/codeql/swift/generated/Raw.qll 56e12381886fe9eb6aef74968cb542e179116ad6722640a21bda37f1d9d26e77 ae93d0caebecf3ce593c95887b44cd1686b5c7e989d5cce4bb39d97312c3cb68 +lib/codeql/swift/generated/Synth.qll 14dbc93375bcde4d792c1ec6157ee9c825119dcc9de31bcfeea56b3636f32d27 e84970ed295aa0af59135ee09b9cddbd6a26dcbce3baaf0e2a958b0552aac6d1 lib/codeql/swift/generated/SynthConstructors.qll 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 lib/codeql/swift/generated/UnknownFile.qll 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 lib/codeql/swift/generated/UnknownLocation.qll e50efefa02a0ec1ff635a00951b5924602fc8cab57e5756e4a039382c69d3882 e50efefa02a0ec1ff635a00951b5924602fc8cab57e5756e4a039382c69d3882 -lib/codeql/swift/generated/UnspecifiedElement.qll e121c84a2990fe314ab0756832776fe98fbc41f295d532b6e154aca1c5513b13 ee70eedad752175dbeee83c07fdb2ae7f4fa080fec7ba2be408469dfa11a0b4a -lib/codeql/swift/generated/decl/AbstractStorageDecl.qll 8ed642e35b066cc65b3d8ad16cf6c726cf0b3802330b0c3d3ba87b34451005d1 3474ad1468f09bf63f3582468ed97e9ed3b3ee61db90a4d31966cc97d9ca1b18 +lib/codeql/swift/generated/UnspecifiedElement.qll 2b66070944ad36316476b6bf8a811131ca6d4232591353b2b23e881b547463cc c9bff46bcb6f6d106eb57ab8bb04584d9a0b2513abdc1be6e98c0bd227c5f1e0 +lib/codeql/swift/generated/decl/AbstractStorageDecl.qll 4e827d05b3b98c043f925a3bd9c00622da3dc6e3d3406f5a18b2c3a684e3774f 47e5767a6f9a87f848cccce651d8c40af8aa3e0e727fc147cbf4d5a2a3e483d9 lib/codeql/swift/generated/decl/AbstractTypeParamDecl.qll 1e268b00d0f2dbbd85aa70ac206c5e4a4612f06ba0091e5253483635f486ccf9 5479e13e99f68f1f347283535f8098964f7fd4a34326ff36ad5711b2de1ab0d0 lib/codeql/swift/generated/decl/Accessor.qll c93cdf7dbb87e6c9b09b5fcf469b952041f753914a892addeb24bb46eaa51d29 1e8104da2da146d3e4d8f5f96b87872e63162e53b46f9c7038c75db51a676599 lib/codeql/swift/generated/decl/AccessorOrNamedFunction.qll b78aaef06cdaa172dce3e1dcd6394566b10ce445906e3cf67f6bef951b1662a4 a30d9c2ff79a313c7d0209d72080fdc0fabf10379f8caed5ff2d72dc518f8ad3 lib/codeql/swift/generated/decl/AssociatedTypeDecl.qll 4169d083104f9c089223ed3c5968f757b8cd6c726887bbb6fbaf21f5ed7ee144 4169d083104f9c089223ed3c5968f757b8cd6c726887bbb6fbaf21f5ed7ee144 -lib/codeql/swift/generated/decl/CapturedDecl.qll f8b69887acb35cc8de572984fef83eb08649845b49179b68d3afef36b526bddb 94ab461ef9ab5983dece5e2b1865b6056e381e5c06f2a3ec4dfde634a9368e59 +lib/codeql/swift/generated/decl/CapturedDecl.qll bdc7479fd577a8830cf0672763656e0269f02681f40890c64ae3f413655589ef 4380339650dfbed9c4846691f0c4bc0aea51a8e11112add54e0add2222dff8a0 lib/codeql/swift/generated/decl/ClassDecl.qll a60e8af2fdbcd20cfa2049660c8bcbbc00508fbd3dde72b4778317dfc23c5ae4 a60e8af2fdbcd20cfa2049660c8bcbbc00508fbd3dde72b4778317dfc23c5ae4 lib/codeql/swift/generated/decl/ConcreteVarDecl.qll 4801ccc477480c4bc4fc117976fbab152e081064e064c97fbb0f37199cb1d0a8 4d7cfbf5b39b307dd673781adc220fdef04213f2e3d080004fa658ba6d3acb8d -lib/codeql/swift/generated/decl/Decl.qll 1d620c8e43df3cb46e5446dc9f6592205040c4d2b03c2ce1e491d7628f8904d0 b02514d7548a5a1dca39a148974a1b4dfeb681ebf81ad80f78d53ea48bab6133 +lib/codeql/swift/generated/decl/Decl.qll f3ab9f78b789ad2b47c473e0c8949507841d4f0e675af5f361ec274ad5230be6 fed6509f9267cc7663b5a5ceb0f27e368c662b98a0367b2efdac20eef80cbc0a lib/codeql/swift/generated/decl/Deinitializer.qll 816ecd92552915d06952517606a6e4c67bc53d7e7d9f5c09b7276e70612627fe 816ecd92552915d06952517606a6e4c67bc53d7e7d9f5c09b7276e70612627fe -lib/codeql/swift/generated/decl/EnumCaseDecl.qll 564718862a9fd5b99427591a83921bf57aac2074041b5b335577599e8eefda16 90899d7d7a9c695576ae4b24d19deb05e45e0e85c954ab41de154d5cc521019e +lib/codeql/swift/generated/decl/EnumCaseDecl.qll 7370ff068f6650c74f324fbcad8782067fa42ff12d57cc5f6320df6d55357c97 9044207eb9592c68c8d36af570e45b7dbb5af00e00ded65793d08cea3ee6410b lib/codeql/swift/generated/decl/EnumDecl.qll fa4490d511ee537751a4fab2478e65250ff3deba43c74db5341184c9ba25b534 fa4490d511ee537751a4fab2478e65250ff3deba43c74db5341184c9ba25b534 -lib/codeql/swift/generated/decl/EnumElementDecl.qll 41cad9be29b7afd56ba312ce00650ed89bffec2e2aaeed7bf26cd3dc0edb502e 33ac9ee5b205d32e5cf6a31f3f4bfd0f60b49fb0265200fd9e4dbbd5426fff02 -lib/codeql/swift/generated/decl/ExtensionDecl.qll 5472aa7cea119b68571065143fb4b2e335df003184efe8b8f28a98fd3ca3691e f65c8b078d1c34047cc66f5eb75dae8243e7aa42a7f3f2c21ea1ccf76eb9e7b9 +lib/codeql/swift/generated/decl/EnumElementDecl.qll 53074d5ae6249ca07c44879f4662b4d0478418cd8bd60c5511db52cf00942cc2 c38469c60df7c14d9d9c426600d1648dc1db177bd27ba1116649c48337b95358 +lib/codeql/swift/generated/decl/ExtensionDecl.qll 51cdf6227526fc769d4361b821d01e20a2b508ad8289af1002a0a947d8df295f 6a13f93179222f8d0e7e6b5a08dd8583fa0381644847b56509a85e6f008936e6 lib/codeql/swift/generated/decl/Function.qll 92d1fbceb9e96afd00a1dfbfd15cec0063b3cba32be1c593702887acc00a388a 0cbae132d593b0313a2d75a4e428c7f1f07a88c1f0491a4b6fa237bb0da71df3 -lib/codeql/swift/generated/decl/GenericContext.qll 5bbed6687f985dc8e812e48ae6ac17ec98d6cfccc6a72bee82afde58ccad07f7 ef7a2fa2646dd619af8f49ed1a12ce880a345dfc36b44e67868d733fc3b309e6 +lib/codeql/swift/generated/decl/GenericContext.qll 9f7e17d11bf898429a921ba7726b07aab382c97f8326bd186f2bded3d090852c 14d558b6e498d49b850f862d85091a11954dad13f16c60f700cf2c66fa37c473 lib/codeql/swift/generated/decl/GenericTypeDecl.qll 71f5c9c6078567dda0a3ac17e2d2d590454776b2459267e31fed975724f84aec 669c5dbd8fad8daf007598e719ac0b2dbcb4f9fad698bffb6f1d0bcd2cee9102 lib/codeql/swift/generated/decl/GenericTypeParamDecl.qll bc41a9d854e65b1e0da86350870a8fe050eb1dc031cd17ded11c15b5ad8ad183 bc41a9d854e65b1e0da86350870a8fe050eb1dc031cd17ded11c15b5ad8ad183 -lib/codeql/swift/generated/decl/IfConfigDecl.qll 07ae599c23c75d4a1fc7f188dce70cf1ded749368274f071b5b9639b5e54f69a ef8dc3f91edf40b9f8e84672060cea0de1a9c6545fd7aadb80225d3ca8f883e9 -lib/codeql/swift/generated/decl/ImportDecl.qll 1adafa6660d0b3968d1ee8cbcb4632d3b3baaa8a72874d3c9c0f6185eac4bc3e 8e68a538da2bac088001427cbdf6234cfe33071f82193aa52dc99cb9be893f2d -lib/codeql/swift/generated/decl/InfixOperatorDecl.qll 3d94018c33422b6fbe18348d0d47c0747358777501155d49abd3c8f5012c8a5d 855b73306f510828ad30555d6bba98cd9eab918de9e78696921ccac584828fd6 +lib/codeql/swift/generated/decl/IfConfigDecl.qll 085e2c70d3e158b7f3d3d3ade94593f1331d681d07da8a968c537830a67a62fe 19bb842314e8edb6a8dce4d78ec8043a527f13569da8be4ad03ba876a09998a5 +lib/codeql/swift/generated/decl/ImportDecl.qll 542405d7a75659d048d1ff8894a0cc0d357802c2936407ec39b7e4f69d2dd864 41ee9a9f1fc8068db587ac786145cf50f74f74161555ca94b502a57cca23288a +lib/codeql/swift/generated/decl/InfixOperatorDecl.qll 3da133c325380fbc10448b731d5826959056ca861d3a0661e7c37694e5ccb208 bb81c8e1597a1fb7e791e3c4c4ed28a73c442591bff2b12d13a7a327a7b6db08 lib/codeql/swift/generated/decl/Initializer.qll a72005f0abebd31b7b91f496ddae8dff49a027ba01b5a827e9b8870ecf34de17 a72005f0abebd31b7b91f496ddae8dff49a027ba01b5a827e9b8870ecf34de17 lib/codeql/swift/generated/decl/MissingMemberDecl.qll eaf8989eda461ec886a2e25c1e5e80fc4a409f079c8d28671e6e2127e3167479 d74b31b5dfa54ca5411cd5d41c58f1f76cfccc1e12b4f1fdeed398b4faae5355 -lib/codeql/swift/generated/decl/ModuleDecl.qll dd7bef7f19a5d2f57f0168eda80796ed8a74c7a136b3dc0cb289c3f750ef9a25 652d44d1ac5e31e4ccf4c5d29f2c5b985c68c4254458c3bfce09c2a821631f8f +lib/codeql/swift/generated/decl/ModuleDecl.qll b080281f68ef9943f6b0a808a151375fa8bc7539baaa55689abc16aa9024ff13 f948fd2545b9535335f857d7303a0b7c77ccf62ec49ed066726c6a77b273e5f8 lib/codeql/swift/generated/decl/NamedFunction.qll e8c23d8344768fb7ffe31a6146952fb45f66e25c2dd32c91a6161aaa612e602f e8c23d8344768fb7ffe31a6146952fb45f66e25c2dd32c91a6161aaa612e602f -lib/codeql/swift/generated/decl/NominalTypeDecl.qll 64914282b062364d81b013922069404d49b8c8830cc23944281d023779a9925c 72d45c5b6073cb32e6df6b62c2c919be50314d9380b955035cfadf500b3dbccf -lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll 4dc0fc09fe314cdc6788adb4a93e87a7c8121e3fecaada19a436321d248d377a 4e20e1820ddf7b23268707a2b98bbafc400219533f357189a267f8e35b89226e +lib/codeql/swift/generated/decl/NominalTypeDecl.qll 3c935fff267db6b6339cadfec9c28764db105a2f1391a28de3d95a3fd156b2ab 14cb4f115b4c09dcdb5d276be4b3b60406486e0acca9d11458d25d0f467ef0ed +lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll b07bcb944d6adff06dad06f8b77729044399e9a2747354e71e55605fb850c705 7e415f4d88f313e52fe6fb908cfac39066ec1302bcbb4ae07ad05b46a86d6b91 lib/codeql/swift/generated/decl/OperatorDecl.qll 3ffdc7ab780ee94a975f0ce3ae4252b52762ca8dbea6f0eb95f951e404c36a5b 25e39ccd868fa2d1fbce0eb7cbf8e9c2aca67d6fd42f76e247fb0fa74a51b230 -lib/codeql/swift/generated/decl/ParamDecl.qll f5d2c9e40aa8a1a77793a6d66fc6b55ded11295ee996b883117ffd6ee2523441 e0137535d7eac959ed10b06ad769b8225c0fadeea03030c7b30191884234e9b9 -lib/codeql/swift/generated/decl/PatternBindingDecl.qll e598dc0ed9373b4ca9646cc7c408f65db6b40d4281c8cfcecd09524df81bfac8 2ff3fe7fd32004649a0d41a0bf6857ac48d3a7b2dd87f5c1ffd9d5eea0673551 +lib/codeql/swift/generated/decl/ParamDecl.qll 21c8c035eaaa0fccc184ac073cea09fb39ee6f72b7d69a7119e38fc88f7ed997 486c55bd555569bae1fb4869745e83910a9635b2ad7d62652889562fcf98a42b +lib/codeql/swift/generated/decl/PatternBindingDecl.qll d59f2b05bfd78faefeabf0ab63e135f74e9731f22dec8c9dd65beabf9bc0956b e453d5033a788781320d60eca09d4b044f505720cb23f12ba2ade59203d24f81 lib/codeql/swift/generated/decl/PostfixOperatorDecl.qll 5aa85fa325020b39769fdb18ef97ef63bd28e0d46f26c1383138221a63065083 5aa85fa325020b39769fdb18ef97ef63bd28e0d46f26c1383138221a63065083 -lib/codeql/swift/generated/decl/PoundDiagnosticDecl.qll dc867f12579cec4f9fe95b59dfc31ef0df60cccccaf41abc171a86b7fafaf3f2 4474a913c4bf4e8d60f100bf5a0d57cc042c1362b09dd3c9493cc23a75c32e84 +lib/codeql/swift/generated/decl/PoundDiagnosticDecl.qll 2cd5dbd6707fd3920d5f402a3b169c4eac4189f4bebb33eb279de6e038e7329b 183f41a3b5ef928ad733d19225c7212633a3ac4752976c19bd8f821ec8553c0e lib/codeql/swift/generated/decl/PrecedenceGroupDecl.qll d0918f238484052a0af902624b671c04eb8d018ee71ef4931c2fdbb74fa5c5d4 d0918f238484052a0af902624b671c04eb8d018ee71ef4931c2fdbb74fa5c5d4 lib/codeql/swift/generated/decl/PrefixOperatorDecl.qll 18f2a1f83ea880775344fbc57ed332e17edba97a56594da64580baeb45e95a5d 18f2a1f83ea880775344fbc57ed332e17edba97a56594da64580baeb45e95a5d lib/codeql/swift/generated/decl/ProtocolDecl.qll 4b03e3c2a7af66e66e8abc40bd2ea35e71959f471669e551f4c42af7f0fd4566 4b03e3c2a7af66e66e8abc40bd2ea35e71959f471669e551f4c42af7f0fd4566 lib/codeql/swift/generated/decl/StructDecl.qll 9343b001dfeec83a6b41e88dc1ec75744d39c397e8e48441aa4d01493f10026a 9343b001dfeec83a6b41e88dc1ec75744d39c397e8e48441aa4d01493f10026a -lib/codeql/swift/generated/decl/SubscriptDecl.qll d08d46ddff0816541b28e231ba83c41cb51b40d7ccf2e0e7465e62e17078c000 0a1f1741bea4d2a7ebde7cbaf1cd0f7730a9845a8fd45d3457dc1b2b63eab900 -lib/codeql/swift/generated/decl/TopLevelCodeDecl.qll e90cc73d62ad6037f1ec200bf8356292fa48b6890762b68e3fba6a129c888fcd d9152cbdfbc8cfb66695ed10a5729abca1b58275616d16d19aae27fb745bf3aa -lib/codeql/swift/generated/decl/TypeAliasDecl.qll 2058a0699ddffabd7d1d554615bd7e9ce26810ef1c6c68601df46e071eb9a10c 94ba93ef3cc1028a3018831e336316e566b6028eee1d81bf4d754dbdbd401ea8 -lib/codeql/swift/generated/decl/TypeDecl.qll cc40d3a105654461a60f982b6bdb21c7e689e695d314eead245bfeeda92a4572 03d89aa4c77dacdc57cd867b4869b26cdb55a06e2ba6faf3dbb9fce8f881786b -lib/codeql/swift/generated/decl/ValueDecl.qll 7b297ed98f5e985b93c9de6be000d67f71796892599ae8274048d8ad6b6183b9 462c983d4163011b2232b684c9a6c3f01114096c4bb7f862d950380f527e3926 -lib/codeql/swift/generated/decl/VarDecl.qll c648a5432d63a547cd381646f9586b4fc72edb2cff8462533449761b1ec57a56 7f2c157975bc1de7a8b6ff980bed790d864a08f1d6c0de39c106d84d2b49b883 +lib/codeql/swift/generated/decl/SubscriptDecl.qll c0bb8fd0d9d363c253251ea4b6cdceebd316708ce61f49e321318f7ce80ea153 dda76edc25ce4b3c31bcd7cc707143e22c3f887658e8071c646668f445b9f601 +lib/codeql/swift/generated/decl/TopLevelCodeDecl.qll f9b4f8b413e5fd3c0d48910013fe2443143d2ee237084cf3e4eb668d5bc8f460 5c85641375f5b9e658c9467f5c4913e50d4228718aad950e94f55a28edbe28c7 +lib/codeql/swift/generated/decl/TypeAliasDecl.qll b9c4baf4a2eb67d21535da5cbb9894945d66b8aecf8bd91cb8aa8c964188c82f a69db19c25da7232a9139400578cb7eda8b56eb55c7c45d38aa50cc0c063947f +lib/codeql/swift/generated/decl/TypeDecl.qll 21d075b1fb55ce2e89ad73e62edbe1ad3ca429ea5a1c6096ca7aca7eaeea9772 c099f32a24d1be26b7b6e7478b481f8086c74f67cc840a843466715afc069784 +lib/codeql/swift/generated/decl/ValueDecl.qll f34e3414f8700150ccd221aed26e58f64ed43d708a3ccb3c50eff5c12f083303 c2926bebba6bfb997f8a610f7bfd13114b21e92ba0243247543984d6ea71a33e +lib/codeql/swift/generated/decl/VarDecl.qll d326cd9d4e892e6ad2f02847e476218d0f1f1ca012c1bfeca7d656af34c870b4 a2cac56e67fdc32d6f33eac180ca4831cd355343280e2d69cd5a8e17a77a89ce lib/codeql/swift/generated/expr/AbiSafeConversionExpr.qll f4c913df3f1c139a0533f9a3a2f2e07aee96ab723c957fc7153d68564e4fdd6d f4c913df3f1c139a0533f9a3a2f2e07aee96ab723c957fc7153d68564e4fdd6d lib/codeql/swift/generated/expr/AnyHashableErasureExpr.qll f450ac8e316def1cd64dcb61411bae191144079df7f313a5973e59dc89fe367f f450ac8e316def1cd64dcb61411bae191144079df7f313a5973e59dc89fe367f lib/codeql/swift/generated/expr/AnyTryExpr.qll e4759465411c215262909d10d729642779340698165aff0a66986c7dfc822832 83ec7fb0f11e2ffe15f3a0c97318121443936733f1adef17e5baa020bca2de29 -lib/codeql/swift/generated/expr/AppliedPropertyWrapperExpr.qll de01c3b68c2a37e9f5dee0729838923cc615d436092e78b608b6f6c23e1b4965 612f72046aa2e49b9d494cad590bfae133bd5c00908ed4c8df82730294d21fb8 -lib/codeql/swift/generated/expr/ApplyExpr.qll 798b999f3da5d6b917ff57a0dc1fde149b906ffd72c6df5bc511f6e2d20a7e8b 8bce7f52c4bce1aad5c0b8a195dd1ab6f1d82289e5eb56fca4b7543be7943d15 +lib/codeql/swift/generated/expr/AppliedPropertyWrapperExpr.qll b441c3cad6d462ae0736d5e65742d49b280b907e8e250badb0248f501e1e9144 34a691143585fb9b9d7e3ef0b8d3c7250a73da0d323de6ac632472652bc86a1a +lib/codeql/swift/generated/expr/ApplyExpr.qll d97bce0ce47c42feda140c677c204f9d1c92fe1889760034fe8f1cb330f411d3 f7956f6bff4164adacce06ce2134bc6bf2d0e0261c9b5f7b882e04c0df5c8e0c lib/codeql/swift/generated/expr/ArchetypeToSuperExpr.qll e0b665b7389e5d0cb736426b9fd56abfec3b52f57178a12d55073f0776d8e5b7 e0b665b7389e5d0cb736426b9fd56abfec3b52f57178a12d55073f0776d8e5b7 -lib/codeql/swift/generated/expr/Argument.qll 97991761563d806ff0199e69f4c9eda93e324bb40bd41ddec98388c2146cbd6b c231f4e0320700fe64ce43123027516088b877fddde3be18565e01890f6b10ce +lib/codeql/swift/generated/expr/Argument.qll 441daab359d20018113344d026c1ace38a0acff35e68155a69a887a6fdb90684 43106272cfc5d19d60ca07b9bc4e22ff97b2b2451b67ec8884909c574634a337 lib/codeql/swift/generated/expr/ArrayExpr.qll 9894f7838b23c84c4c0ba442b790ada0231c2dc3508fd30735577397a87d9683 90ed566a71551f3549106bd60b972aca0ba52e8a2b787b58a3161634e26e773e lib/codeql/swift/generated/expr/ArrayToPointerExpr.qll afa9d62eb0f2044d8b2f5768c728558fe7d8f7be26de48261086752f57c70539 afa9d62eb0f2044d8b2f5768c728558fe7d8f7be26de48261086752f57c70539 lib/codeql/swift/generated/expr/AssignExpr.qll 97d41626dfe4e474c5e80aaee433641847a91f5c483f6da6cfc016b454545802 4ca02b4a878f0783f7d7788c85ffbb89c8ed6027c7e6d391ea9892256215358a @@ -451,7 +452,7 @@ lib/codeql/swift/generated/expr/BridgeFromObjCExpr.qll b9a6520d01613dfb8c7606177 lib/codeql/swift/generated/expr/BridgeToObjCExpr.qll 31ca13762aee9a6a17746f40ec4e1e929811c81fdadb27c48e0e7ce6a3a6222d 31ca13762aee9a6a17746f40ec4e1e929811c81fdadb27c48e0e7ce6a3a6222d lib/codeql/swift/generated/expr/BuiltinLiteralExpr.qll 052f8d0e9109a0d4496da1ae2b461417951614c88dbc9d80220908734b3f70c6 536fa290bb75deae0517d53528237eab74664958bf7fdbf8041283415dda2142 lib/codeql/swift/generated/expr/CallExpr.qll c7dc105fcb6c0956e20d40f736db35bd7f38f41c3d872858972c2ca120110d36 c7dc105fcb6c0956e20d40f736db35bd7f38f41c3d872858972c2ca120110d36 -lib/codeql/swift/generated/expr/CaptureListExpr.qll 4e94c2c66020f95af615d98756d7c1843c2744b3c1d83f73f24f6153d9d0592b e35e8190904415e2a1fe12857127c90cfaecde4f6f173d16399f45c0264d207c +lib/codeql/swift/generated/expr/CaptureListExpr.qll 671234408ead93c0d6abc453f774a88f0888956e6ad08d5a1c22aec72b2eec46 601e23e0356341fd6287fb9775f0e86bca6a0de46383e0912854e045e501d42c lib/codeql/swift/generated/expr/CheckedCastExpr.qll 146c24e72cda519676321d3bdb89d1953dfe1810d2710f04cfdc4210ace24c40 91093e0ba88ec3621b538d98454573b5eea6d43075a2ab0a08f80f9b9be336d3 lib/codeql/swift/generated/expr/ClassMetatypeToObjectExpr.qll 076c0f7369af3fffc8860429bd8e290962bf7fc8cf53bbba061de534e99cc8bf 076c0f7369af3fffc8860429bd8e290962bf7fc8cf53bbba061de534e99cc8bf lib/codeql/swift/generated/expr/ClosureExpr.qll f194fc8c5f67fcf0219e8e2de93ee2b820c27a609b2986b68d57a54445f66b61 3cae87f6c6eefb32195f06bc4c95ff6634446ecf346d3a3c94dc05c1539f3de2 @@ -462,8 +463,8 @@ lib/codeql/swift/generated/expr/ConditionalBridgeFromObjCExpr.qll 4a21e63cc54702 lib/codeql/swift/generated/expr/ConditionalCheckedCastExpr.qll 92a999dd1dcc1f498ed2e28b4d65ac697788960a66452a66b5281c287596d42b 92a999dd1dcc1f498ed2e28b4d65ac697788960a66452a66b5281c287596d42b lib/codeql/swift/generated/expr/CovariantFunctionConversionExpr.qll b749118590163eafbd538e71e4c903668451f52ae0dabbb13e504e7b1fefa9e1 abaf3f10d35bab1cf6ab44cb2e2eb1768938985ce00af4877d6043560a6b48ec lib/codeql/swift/generated/expr/CovariantReturnConversionExpr.qll f1b409f0bf54b149deb1a40fbe337579a0f6eb2498ef176ef5f64bc53e94e2fe 532d6cb2ebbb1e6da4b26df439214a5a64ec1eb8a222917ba2913f4ee8d73bd8 -lib/codeql/swift/generated/expr/DeclRefExpr.qll dda3034aba0170fb91ae62e5c8b02af27f3ac682c856af6eba2f8c57c186befe 338e7cfbea450e555191518dfa6b7b43cef3a0a029c4c0adb5101a2471c24c5e -lib/codeql/swift/generated/expr/DefaultArgumentExpr.qll ca9f228742acf990a81308f68a66dc55b35c75f23d5f0cabfdff30a1b99064d7 a97de64329149db8ca6d25635bdda63df0a2bdb600cfe0c71017e2eb3fdecb15 +lib/codeql/swift/generated/expr/DeclRefExpr.qll 06149b37933848032fb6cc4692ff63ee54347cccb79e1fa150129a081afbf5d2 580392ea470c21a58021245f1d7fa08232a2f5314786ba8476282a5fbe403ffe +lib/codeql/swift/generated/expr/DefaultArgumentExpr.qll 77468697fd5cafb05ca166a77e94ce9998c28624e235b626b9afbe1da9a93d4e d813ea7d5973945355a2941ccd3ca72e01745ab6320da429f3694e2465af96d3 lib/codeql/swift/generated/expr/DerivedToBaseExpr.qll 5f371b5b82262efb416af1a54073079dcf857f7a744010294f79a631c76c0e68 5f371b5b82262efb416af1a54073079dcf857f7a744010294f79a631c76c0e68 lib/codeql/swift/generated/expr/DestructureTupleExpr.qll 1214d25d0fa6a7c2f183d9b12c97c679e9b92420ca1970d802ea1fe84b42ccc8 1214d25d0fa6a7c2f183d9b12c97c679e9b92420ca1970d802ea1fe84b42ccc8 lib/codeql/swift/generated/expr/DictionaryExpr.qll f8bab2bdf683f4974be102faea2f8ff48ede5937a9112a1fa149180143052b0a 152ae4811c5282c68b9f2eb7b123631fbe461af7a7947434abf7e523b35b27e2 @@ -477,13 +478,13 @@ lib/codeql/swift/generated/expr/DynamicLookupExpr.qll 0f0d745085364bca3b67f67e34 lib/codeql/swift/generated/expr/DynamicMemberRefExpr.qll 2eab0e58a191624a9bf81a25f5ddad841f04001b7e9412a91e49b9d015259bbe 2eab0e58a191624a9bf81a25f5ddad841f04001b7e9412a91e49b9d015259bbe lib/codeql/swift/generated/expr/DynamicSubscriptExpr.qll f9d7d2fc89f1b724cab837be23188604cefa2c368fa07e942c7a408c9e824f3d f9d7d2fc89f1b724cab837be23188604cefa2c368fa07e942c7a408c9e824f3d lib/codeql/swift/generated/expr/DynamicTypeExpr.qll c29baea6ec5b0b7186b675e3322cd1cee9db8d647e16ac0f716990c22df17074 de9118fdb3778ef76de284992791d3f0f9978876f5799eda39da92c1242e603e -lib/codeql/swift/generated/expr/EnumIsCaseExpr.qll edea1f464dc24ad8d300c547698699704cf7d9232782c2b6a536af6e058d440c 7d860abba668ac5fb078ac7b72d455824331d753751bbfbe7044a85a8365b6a7 +lib/codeql/swift/generated/expr/EnumIsCaseExpr.qll 8df7cf11dff39ec1a8498d4df4cda2ab0fb49a88aaca671c8e4fd6d53bbf2af9 e5b064938c60634eb1060d39b435913286591e1e8d506bbb19ee8faace7105c5 lib/codeql/swift/generated/expr/ErasureExpr.qll c232bc7b612429b97dbd4bb2383c2601c7d12f63312f2c49e695c7a8a87fa72a c232bc7b612429b97dbd4bb2383c2601c7d12f63312f2c49e695c7a8a87fa72a lib/codeql/swift/generated/expr/ErrorExpr.qll 8e354eed5655e7261d939f3831eb6fa2961cdd2cebe41e3e3e7f54475e8a6083 8e354eed5655e7261d939f3831eb6fa2961cdd2cebe41e3e3e7f54475e8a6083 lib/codeql/swift/generated/expr/ExistentialMetatypeToObjectExpr.qll eb0d42aac3f6331011a0e26cf5581c5e0a1b5523d2da94672abdebe70000d65b efe2bc0424e551454acc919abe4dac7fd246b84f1ae0e5d2e31a49cbcf84ce40 lib/codeql/swift/generated/expr/ExplicitCastExpr.qll 162f94461d41cf10a81567e13d5141d7aca417cc92d4ef55de97c7909681882e c8e7d1f569265a9bc2ae6a82e33783ec3ac077c3ae6e582edcb49a4eb816f7b5 lib/codeql/swift/generated/expr/ExplicitClosureExpr.qll c5291fb91e04a99133d1b4caf25f8bd6e7f2e7b9d5d99558143899f4dc9a7861 c5291fb91e04a99133d1b4caf25f8bd6e7f2e7b9d5d99558143899f4dc9a7861 -lib/codeql/swift/generated/expr/Expr.qll b09ddd296693ad78a2b0e7dc17d2b746357ae88645b046a026861eafeba616cb 498c628f904fbf48be10f32b146168b71f8f7d9f829614e422020701ccc0f8e4 +lib/codeql/swift/generated/expr/Expr.qll 91b45df8d77ece59147e330b1a93515ad791e1da84128a079be2160ee5f87796 4a57263c533d9d5a9e1cacc997d09434fe7ebbabff9ac1a49602b618b828839b lib/codeql/swift/generated/expr/FloatLiteralExpr.qll ae851773886b3d33ab5535572a4d6f771d4b11d6c93e802f01348edb2d80c454 35f103436fc2d1b2cec67b5fbae07b28c054c9687d57cbd3245c38c55d8bde0b lib/codeql/swift/generated/expr/ForceTryExpr.qll 062997b5e9a9e993de703856ae6af60fe1950951cf77cdab11b972fb0a5a4ed3 062997b5e9a9e993de703856ae6af60fe1950951cf77cdab11b972fb0a5a4ed3 lib/codeql/swift/generated/expr/ForceValueExpr.qll cd7ee5fa4a6f7094c7fbb9c5831f60d5ce18b123fe7beea3dcb26ca78e387118 7cdef6e9b501f9e9cb0d48828e68b349b25e4e5f312e5bcee91868ae8b196e7d @@ -502,14 +503,14 @@ lib/codeql/swift/generated/expr/InterpolatedStringLiteralExpr.qll e2c1aadf140c80 lib/codeql/swift/generated/expr/IsExpr.qll b5ca50490cae8ac590b68a1a51b7039a54280d606b42c444808a04fa26c7e1b6 b5ca50490cae8ac590b68a1a51b7039a54280d606b42c444808a04fa26c7e1b6 lib/codeql/swift/generated/expr/KeyPathApplicationExpr.qll 157a9c2fcf229b76d104abfa49f74337e20ac4d1fa1be2eaed1290cbd9bd1232 70ec0e7ee2e2c716ba510916fdf6d1d6dd6fd93b740a46c909ddb9e877427fe1 lib/codeql/swift/generated/expr/KeyPathDotExpr.qll ea73a462801fbe5e27b2f47bca4b39f6936d326d15d6de3f18b7afa6ace35878 ea73a462801fbe5e27b2f47bca4b39f6936d326d15d6de3f18b7afa6ace35878 -lib/codeql/swift/generated/expr/KeyPathExpr.qll 654b32a92ff8015cb4b8d64c83abed601a884f4181613a7d428e975a945afff5 4c82c7b9d9232e84dd898cb7d3d79c1365481cd9d37444318a776ae509eb023a +lib/codeql/swift/generated/expr/KeyPathExpr.qll 7d088ae6d74193f06b2c121dfde182a228d5ab1498a70fd3ad7bc5cab8e76dcd 5596774318c8eed672ab360c0a1515493176d9edae64f09917ec789514928355 lib/codeql/swift/generated/expr/LazyInitializationExpr.qll b81b831893b0f1c2bcbf48a708267cd54a86dfc6af6dde8b8b57a03e045abff2 b28cf1f4017edee09278a23f403932f91fb1a21ea83778cccf7683b5a57f6480 lib/codeql/swift/generated/expr/LinearFunctionExpr.qll cd4c31bed9d0beb09fdfc57069d28adb3a661c064d9c6f52bb250011d8e212a7 cd4c31bed9d0beb09fdfc57069d28adb3a661c064d9c6f52bb250011d8e212a7 lib/codeql/swift/generated/expr/LinearFunctionExtractOriginalExpr.qll ee7d3e025815b5af392ffc006ec91e3150130f2bd708ab92dbe80f2efa9e6792 bcf9ed64cca2dcf5bb544f6347de3d6faa059a1900042a36555e11dfbe0a6013 lib/codeql/swift/generated/expr/LinearToDifferentiableFunctionExpr.qll f7aa178bff083d8e2822fda63de201d9d7f56f7f59f797ec92826001fca98143 c3ef32483f6da294c066c66b1d40159bc51366d817cf64a364f375f5e5dfa8b0 lib/codeql/swift/generated/expr/LiteralExpr.qll b501f426fa4e638b24d772c2ce4a4e0d40fce25b083a3eee361a66983683ee9d 068208879c86fbd5bed8290ce5962868af6c294a53ad1548cf89cf5a7f8e1781 lib/codeql/swift/generated/expr/LoadExpr.qll 90b9ba4c96c26c476c3692b1200c31071aa10199d3e21ef386ff48b9f0b6d33a 90b9ba4c96c26c476c3692b1200c31071aa10199d3e21ef386ff48b9f0b6d33a -lib/codeql/swift/generated/expr/LookupExpr.qll 12844a93ff8244c9a9c7091b32c56e80a1196dee5fbdd67dafa5329e8d424ed9 da9ba34043930d541751ba3bc828cfcf86cc0fcf3b58bf2a2a0b8d9ad7d73153 +lib/codeql/swift/generated/expr/LookupExpr.qll 612265f7ca68f1f62ea8ceaa74e1a876195c6c3062807b310f834aa04acfaa80 160fbb1efe0c1fb48698d786bb7f76be70b4cd96568557f90c062773fb0dff6e lib/codeql/swift/generated/expr/MagicIdentifierLiteralExpr.qll 16f0050128caf916506b1f7372dc225a12809a60b5b00f108705fcdfce3344a8 c064778526a5854bdf8cdbf4b64ad680b60df9fe71ec7a2d9aa6c36a7c4e5b31 lib/codeql/swift/generated/expr/MakeTemporarilyEscapableExpr.qll c63cd023a5c2662e2beee8dba5f9cb0012103424a245df5fde0d4a08a13a87ea 78729409bc0e387ad2ed7cd84b074dbf190f378a6c8794f4a6596ddfa1b1ad85 lib/codeql/swift/generated/expr/MemberRefExpr.qll e7db805b904d9b5d1e2bc2c171656e9da58f02a585127c45f52f7f8e691dc2e5 b44b5208e0b72060527a6fdb24b17b208f2263d78690d13548fba937fe0db3cd @@ -517,34 +518,34 @@ lib/codeql/swift/generated/expr/MetatypeConversionExpr.qll 714ecbc8ac51fdaaa4075 lib/codeql/swift/generated/expr/MethodLookupExpr.qll 526c9001c311a890db2409a46180a7fedbb11b6dcd8ee23dda4d4644e65bed3a 4b287235a19b85880136ac3485a85742aad7217021c9f6729bf2a39be5ebd1a1 lib/codeql/swift/generated/expr/NilLiteralExpr.qll 6f44106bc5396c87681676fc3e1239fe052d1a481d0a854afa8b66369668b058 6f44106bc5396c87681676fc3e1239fe052d1a481d0a854afa8b66369668b058 lib/codeql/swift/generated/expr/NumberLiteralExpr.qll 8acc7df8fe83b7d36d66b2feed0b8859bfde873c6a88dd676c9ebed32f39bd04 4bbafc8996b2e95522d8167417668b536b2651817f732554de3083c4857af96a -lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll efc72580627467dce30ab784bfb963bd21297440bd6287600d0b3f2c5836c340 29a7974a65bde8f434de159e9a6ea0f6f48609d4d3332a216261f3c64cf3a070 -lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll 199b3a5196bff35681ba2e4bdb546cfbe0a2e265f535d05cfdb89af9c382c1a6 7c6b962565841a634c850d088fd404a3e6f3045e05ff555e1cde0ec02ba8dc8d +lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll 94a8344bff75033a3aae101c103419bd2201aa6992393d3450e4531ec33d4c83 78870c097692943f2eefb3ee86ccc86579411f35a4fa6e8753bf307009f85dba +lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll f609e898670d4fc7937e9f5024dbf9d82c98bdfcef140cee6e13998046fbe044 cd8647e0b186ce74d27ac0fcfe037972f7e12a326a0ef53c51305cb7db783a0c lib/codeql/swift/generated/expr/OneWayExpr.qll 8464649694b671a8462476fcd3827b07f8448069c7caa9e9efce44d7ce87aee0 c3e143ecd28238342a1d911a468087cc58a751106385f01cbe5a44e19c862d0e lib/codeql/swift/generated/expr/OpaqueValueExpr.qll 354f23d00d5ea2e734fd192130620d26c76c14d5bb7b0a1aa69f17ffb5289793 354f23d00d5ea2e734fd192130620d26c76c14d5bb7b0a1aa69f17ffb5289793 lib/codeql/swift/generated/expr/OpenExistentialExpr.qll 55ff1b4fdf23b787538f8b8cdc5f382d874221cec230f8fa35189ebf6de09b58 8235fe3387753a0ac389e297bf67b416991117587a98a566620ac9b328887dd6 lib/codeql/swift/generated/expr/OptionalEvaluationExpr.qll 76a3a789b3a4f17dd494f973f099766aa1db97c38cbbd93542e664a7cd7e1680 f56ce693b59cee6713a7cfdb2937a8a4e791d6e80c241ecd333ab197482a2d1b lib/codeql/swift/generated/expr/OptionalTryExpr.qll f0c8dff90faee4fbf07772efda53afe1acc1fd148c16ee4d85a1502a36178e71 f0c8dff90faee4fbf07772efda53afe1acc1fd148c16ee4d85a1502a36178e71 -lib/codeql/swift/generated/expr/OtherInitializerRefExpr.qll 9e695cca00e162beadad513d6833f117cee0f364da6f16c7ed3809573c1fbfe2 ff29f1f265e22eefc9166f77fa8adca7f89d3f769591149e21c58c0789577a88 -lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll fee0ef58103e48b9238f1dd94d530a54e8ffaea95924cdbb38057701360a849d 2e851c3aee89aa3cbc3b67846a723b98708233e74e872641988c3200476d2da2 +lib/codeql/swift/generated/expr/OtherInitializerRefExpr.qll 94b793be9a37626fe0b1b7c93ac37b2a00e4fb93ab96e4a230aaba66ef1721de 136ac6a349db23144fc71f3aa1383fb68370b13a8615eb6ad398b29a55f2cae3 +lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll f2ef6518501e4bf7c51d009cb996dc88d56374a4dc572ce8514993591896deba e8519550ec34428715452f6716160e580cbbc894c2b78dd34c33835e11728f19 lib/codeql/swift/generated/expr/ParenExpr.qll f3fb35017423ee7360cab737249c01623cafc5affe8845f3898697d3bd2ef9d7 f3fb35017423ee7360cab737249c01623cafc5affe8845f3898697d3bd2ef9d7 lib/codeql/swift/generated/expr/PointerToPointerExpr.qll 7d6fa806bba09804705f9cef5be66e09cbbbbda9a4c5eae75d4380f1527bb1bd 7d6fa806bba09804705f9cef5be66e09cbbbbda9a4c5eae75d4380f1527bb1bd lib/codeql/swift/generated/expr/PostfixUnaryExpr.qll d1094c42aa03158bf89bace09b0a92b3056d560ebf69ddbf286accce7940d3ab d1094c42aa03158bf89bace09b0a92b3056d560ebf69ddbf286accce7940d3ab lib/codeql/swift/generated/expr/PrefixUnaryExpr.qll f66dee3c70ed257914de4dd4e8501bb49c9fe6c156ddad86cdcc636cf49b5f62 f66dee3c70ed257914de4dd4e8501bb49c9fe6c156ddad86cdcc636cf49b5f62 lib/codeql/swift/generated/expr/PropertyWrapperValuePlaceholderExpr.qll 0d604764ca2e77a51b7e7062a1f57c6f46dd007717bdebf765eb7b737ef5062d cff734718467dfd4abc12dcf7e72c5745fe4e917204cdd22e42973f30eb06df7 lib/codeql/swift/generated/expr/ProtocolMetatypeToObjectExpr.qll b692be6e5b249c095b77f4adcad5760f48bc07f6f53767ee3d236025ee4a2a51 efa47435cde494f3477164c540ac1ce0b036cb9c60f5f8ec7bfca82a88e208fb -lib/codeql/swift/generated/expr/RebindSelfInInitializerExpr.qll 87984796ee7bb5f8f474563d03e667b09ff36ccba5e084504e24ab3d9e90d4f2 b4885cb5a72edad07011e3e576ff3ce08ef6399320786ce1cf9d7a0a6350eb6f +lib/codeql/swift/generated/expr/RebindSelfInInitializerExpr.qll 66d4cbf211cae63a443d85f83a2799cb6ac66c061e691d0531ff5edeec9af6f3 7be66e5be4c6671abcb03af92d00ce5f5ba46797941ffbb98675f6cd15db59c7 lib/codeql/swift/generated/expr/RegexLiteralExpr.qll a11eb6f6ce7cebb35ab9ff51eae85f272980140814d7e6bded454069457a1312 bdb4bb65c9f4e187cf743ed13c0213bb7e55db9cc3adeae2169df5e32b003940 lib/codeql/swift/generated/expr/SelfApplyExpr.qll c0815a4d6d4f08bd0c7bc170fa817ebcb2328c937c8ef16391fb0da71aff17ae 0979f035e8d4b54e93f17163a4df3c2aa65f23d56c491fa72376887e3e5c10ac lib/codeql/swift/generated/expr/SequenceExpr.qll 62301b2e4c76de4820c6deef0ee95c8b328ed14ba8eac70aa10cc8fb0f3c5ace feb960c796ea517abc9587bd76f7ae9aabfd9a6b0984fe2d8380e803b002eede lib/codeql/swift/generated/expr/StringLiteralExpr.qll f420c5cd51a223b6f98177147967266e0094a5718ba2d57ae2d3acbb64bbb4b6 30d6dab2a93fd95e652a700902c4d106fecfce13880c2ece565de29f2504bedf lib/codeql/swift/generated/expr/StringToPointerExpr.qll ef69b570aa90697d438f5787a86797955b4b2f985960b5859a7bd13b9ecb9cd3 ef69b570aa90697d438f5787a86797955b4b2f985960b5859a7bd13b9ecb9cd3 -lib/codeql/swift/generated/expr/SubscriptExpr.qll 70ca2812ac4018c062fcb099e20433c7960325e68cfc544599d1860793b1464f d01d4b4ed833cb0390c3e96e75ef51150721245b0277946d75daca32d4085d9b -lib/codeql/swift/generated/expr/SuperRefExpr.qll f550961b912bdcaf159d4729b0a3f6911e97365e6d429717d4a9770a2a83a184 e5735644d755ac2ee56f6c3ab13ca6657c21cd00a366665ea858d405d32cb112 -lib/codeql/swift/generated/expr/TapExpr.qll 8556465559ed243c16396a1b426b666362c1bab1535a12faf9c1050e1b06c668 ea1c30b90d3620e580294d7d7010a720be688e10a9469405cd58b3da55070dc6 +lib/codeql/swift/generated/expr/SubscriptExpr.qll 8a2bf1f0ded1888546791e0e59b969267f0352223e2abeb38e91dfa2144a38ae 009566ef61689d14844730235b0e0c31ee01e95e2002cf7272cbabc97539dce9 +lib/codeql/swift/generated/expr/SuperRefExpr.qll 4fe3e827cff256d304bc73f0d44b6091dbea68d8176ff3af36dec80ab349f7dc 7e1c3975515db1aacdd8f5c90ff38cfc568e2c9e79495bb7832d72f856add2e8 +lib/codeql/swift/generated/expr/TapExpr.qll 6583473139cc6c93838e802d8e229ad90d90a2ef960600d95db6d12831402ff3 a7478c0c9e9a9899c1840838150e127e3bd192bb340249642efede3dd51d260a lib/codeql/swift/generated/expr/TryExpr.qll e6619905d9b2e06708c3bf41dace8c4e6332903f7111b3a59609d2bb7a6483ee e6619905d9b2e06708c3bf41dace8c4e6332903f7111b3a59609d2bb7a6483ee lib/codeql/swift/generated/expr/TupleElementExpr.qll e0050f30b31c58bcfbaaa61137484f9463aab435cbe1fd0dddd7a4b9d3a8ae46 0192eb79f1b1bff6185dddbc8ed37865cb669a670ffb9f5b63c34c1bf53a73c2 lib/codeql/swift/generated/expr/TupleExpr.qll b834c6347ec355f1135274f65bd7ca3768be42ea173225227a6b543c2fb2243b fddb421e1cdc8ae24afb6b72c0636b3341c5b039a4277fc99f00bbb077645cf8 -lib/codeql/swift/generated/expr/TypeExpr.qll accffc2dbe4a1f1ebdaeb4ca6a130faf139288a7470740213d5379ddc94dad18 e4595beff0e7b7cd698e2bb708ea10586cc2f2de5d6f9dcf3da3c3d9b43d33eb +lib/codeql/swift/generated/expr/TypeExpr.qll 0ebb5040199b71ea2f8922848b6d7ad2d4ac585b763485195e4180a118839dfa fb991cb078cecdfd0ec0d19d896635e7b834481c30970bd83fdd4e9792548416 lib/codeql/swift/generated/expr/UnderlyingToOpaqueExpr.qll 13d6c7a16ec0c4c92d12e052437dfa84274394ee8a4ca9b2c9e59514564dc683 13d6c7a16ec0c4c92d12e052437dfa84274394ee8a4ca9b2c9e59514564dc683 lib/codeql/swift/generated/expr/UnevaluatedInstanceExpr.qll 21dedc617838eed25a8d3a011296fda78f99aee0e8ae2c06789484da6886cfea 21dedc617838eed25a8d3a011296fda78f99aee0e8ae2c06789484da6886cfea lib/codeql/swift/generated/expr/UnresolvedDeclRefExpr.qll 17e83f6418f39cfd3b7768ba694dafce2807f97239d3ac0939fc0c3761ae3571 910e9440cae403b13b6dd501a3dbbda564a1d7d61a532e99a1825590c2d9a4ab @@ -558,45 +559,45 @@ lib/codeql/swift/generated/expr/VarargExpansionExpr.qll ac50264811fc0303220f7825 lib/codeql/swift/generated/pattern/AnyPattern.qll ce091e368da281381539d17e3bac59497ad51bb9c167d8991b661db11c482775 ce091e368da281381539d17e3bac59497ad51bb9c167d8991b661db11c482775 lib/codeql/swift/generated/pattern/BindingPattern.qll 61ae8b380b43c80710cf7d33c718c45b06cfa3680990e38e4191b3732236595c 1ff0450958cce5a5bfd00942d4846e3b2652499c738bd2790255632c883af0dd lib/codeql/swift/generated/pattern/BoolPattern.qll 118300aa665defa688a7c28f82deb73fa76adce1429d19aa082c71cfcbeb0903 0cd6db87e925e89f8ad6d464762d01d63ddfd34b05a31d5e80eb41aec37480b4 -lib/codeql/swift/generated/pattern/EnumElementPattern.qll 4aad6e1db45b8d39f61827e44335b2d7c1b9346538933bea82e4cec4b0993e3a 645edf97eb83f077f82c5f08cec912b845c826c2067f38f050b6e78031fe3a2e +lib/codeql/swift/generated/pattern/EnumElementPattern.qll 2d92a861316d46190e11880b0c383651e4ea15ea8fb81f55c08c4ce733bee2c7 c5915d7a3b62f7c009daac2e7d87c7d435a81a128bdfcc1db9ad281600acfb67 lib/codeql/swift/generated/pattern/ExprPattern.qll 169cef487e499a21d0d2cc4eda7268eb29cb6b1081fa6a0bc4e8571677f063f3 b7f3160f0812cf565873b607a247e184f17cc0289758f9a46748e90e783abd4f -lib/codeql/swift/generated/pattern/IsPattern.qll 864c38251026a523f91f0c097899cbc0c281f29d5c11142d5434cd182e8d70b8 be03f3a3aacbd44dc8e6a03f88d241d1247a3686c0d7d8eb4b50fa57c675aac9 +lib/codeql/swift/generated/pattern/IsPattern.qll c809159dff26b86d44f560742d66e75b3cf143cdfc0f3933b959864412770248 7375cb8140da3c1531b55b084c4b6aa8009495dd40697a13f05b258d3f5677cc lib/codeql/swift/generated/pattern/NamedPattern.qll 5d25e51eb83e86363b95a6531ffb164e5a6070b4a577f3900140edbef0e83c71 9e88b2b2b90a547b402d4782e8d494bc555d4200763c094dd985fe3b7ebc1ec8 lib/codeql/swift/generated/pattern/OptionalSomePattern.qll 5b9c7032584619d4921d1a1324e3ce4bd7207f0d4daa703e1e059f983bf1b132 e6d44514cd123a7ad27f657a2b83d46277a961a849139380ece886430a862920 lib/codeql/swift/generated/pattern/ParenPattern.qll 337cb03dcb7384f7ef13e35d843b3498c0ae391374f5e870d1e52c2d1baacd95 cba288ee99726f5bbf15cf61971e000a835cf6e8b7507dcf6f6c6dea91ec287a -lib/codeql/swift/generated/pattern/Pattern.qll 0e96528a8dd87185f4fb23ba33ea418932762127e99739d7e56e5c8988e024d1 ba1e010c9f7f891048fb8c4ff8ea5a6c664c09e43d74b860d559f6459f82554a +lib/codeql/swift/generated/pattern/Pattern.qll abdb00ae9ee55061de85fa77ecff6f3df9ddf395f45a38dde94983ac423d861a 67ffece7bd83150bb0981b2fda86468c2df7c4d2015526b90ca40c71eec6b542 lib/codeql/swift/generated/pattern/TuplePattern.qll b3a138b0942f7e3eecb52ad2f095584a6cd5f555e9487c6eaad6a5527ae99f0c d6ff67ecc7395571acef4b82da514cb737c72d97ea557d89da534469feda340c -lib/codeql/swift/generated/pattern/TypedPattern.qll 95185ae7acddb74ac68f2d2e31d83e64e3bac3fdbd7a8301a6dc8bb1d89d7918 5d6edf73b4ac2f81843fda26894f5dbf8aa2a7c129af5e1a3256370683fa619c -lib/codeql/swift/generated/stmt/BraceStmt.qll 15461198f638b8995687ad8a20ef47c8fac24445a8c28ea5113bbaabe43e4be3 72fa14dbb9cd31032a5f35754991beb6183c2ef37f942707dbfc8911687d8c6e -lib/codeql/swift/generated/stmt/BreakStmt.qll 7dca1ed723117cc245636c7ec5f31a69dbbb228eae2f6423ffa1f327f964d1c8 43052e648b31c6edf88c28fc8aa0ec440601c06776d5a32e7ef1efbb59f64cf2 -lib/codeql/swift/generated/stmt/CaseLabelItem.qll d04772471f1651c0f3c15cb7fa003431b2a51bbffa945a14ae85bb3e58015249 406b2d411a1aa3a513f93e9602ce34138bd47d84a8c5b9fc226ed3e0c972ae08 -lib/codeql/swift/generated/stmt/CaseStmt.qll 01b7cb7fe5839c02fec5af4ddc9d6c7646583305e17543f1e5a6993b8467c3cd 62ab05c856c1a567aa7aaa04390fee9cd65d44ad3e244a1f781e97710b89653d -lib/codeql/swift/generated/stmt/ConditionElement.qll 2f60c9326681613939b411d9c5e53e0e0e5cf756b551af4e150b8be964d8e05d 4155edf57ccc61b87f5d51684e57c06cd0bc6733579275f089de51975546eab1 -lib/codeql/swift/generated/stmt/ContinueStmt.qll 572747312c2a7c4e6ad1c82c58f8ac55ce05d5e1f828160fe139c3d2c100eb61 a54d57cc434f7d04412bf130391e9c571f8f11f90be501d736e96f341b0c1de9 -lib/codeql/swift/generated/stmt/DeferStmt.qll 099b98183d770608f63ee09b290e71042e4cbbbc6a83b0f0fa10614af418c712 d5504347c08ab2b4764d5cb03a3b590a97144240d68f626db0778697ef9638c1 -lib/codeql/swift/generated/stmt/DoCatchStmt.qll 4a05ba358b289c052f1e7d6b86dae206e91a8033687c3fabddac1556173a8140 8743746aeb98f28e7786233db4a9eacfcf73aea3f602be9e1f8c0d956d22aeb1 -lib/codeql/swift/generated/stmt/DoStmt.qll b22efabd7431e703ae33dd1df69a9e3ceb49f512ab2c46be9c7eba2d53a1e37f 8d7796e2b4676da59aa8425014a16b82ef47d4ac22af60a10c5076a691af17d1 +lib/codeql/swift/generated/pattern/TypedPattern.qll 6a9fd2815755eddc6918d6be8221c7afb90e4fba4fcb8eb54ff42754269bb481 f198c3b09553a5f5f3d97f8088ef82c00552b9635560750c56d801b09dbd9e26 +lib/codeql/swift/generated/stmt/BraceStmt.qll 72557bdbde907042a936b55039e6032afd5eb92b21a6bb3d669437f3141a7e76 a2fb52f3d77444880edcafec6d107f27cf8c528c21241b1222823136fd4cfbb9 +lib/codeql/swift/generated/stmt/BreakStmt.qll 879cf66911cc7f53e7e8f4ae8244681018fb17d6501b269fb7cf9d8481f0b539 c78fc1b0e3e76321fc1653aa8b0aabaaacf082e01a003b78f693b106cc05faa0 +lib/codeql/swift/generated/stmt/CaseLabelItem.qll 9536d2909a274c3a969eec25f8e5966adfaa9b0d6451ea6319d9f7bb2fd6fe07 02e25f036db50e9a6e9a7ceab6002dd605b73afb55fa1dee6f22e7af33a40913 +lib/codeql/swift/generated/stmt/CaseStmt.qll c180478c6161439bc76bd39edfab343faba7450900ffedcadd3ccea12dc3a08c b537eb517db76113cfbc91c59e6bdfbf16ff83d639dfe6fd6892171f71a97090 +lib/codeql/swift/generated/stmt/ConditionElement.qll 29c1f9ab045cceac466836c8c6b9b158395351a76d4c4f8725d98663ea75b9de 09342a6d9632a1af973ef21fd03d30ca85b94ebb7d51991b4b573ce9096f97f4 +lib/codeql/swift/generated/stmt/ContinueStmt.qll bf300c9655f750db8e71eb530d8972eca1ac9bf022023c8d99e299de8f5b3a44 746a2432752743e18e2b5fa4b46407e5d4c0e6ee38635c6de0846452cbc5eec5 +lib/codeql/swift/generated/stmt/DeferStmt.qll 230f8c8f53c86afd3169b36214c03c54ac3e5240b1c1c1ade4446b45c4c3c32a d0d9e728be7506aa07904c53087eb1273a82762139866767abb0b851f3e559ee +lib/codeql/swift/generated/stmt/DoCatchStmt.qll b418fdb6d48c2c0d30d11c0b256692af879846113c89ccdd21a84cd27ccfddec 5aea94c795e300ee1d99119c86d201228537b24a1e281abb79a14b2edbb498af +lib/codeql/swift/generated/stmt/DoStmt.qll 582f56113ecc384ee80610ae80e2a040fbe58c56b72c76b6c7da3daaeee739bd 3778445dc2f6173d4182cbda47ca0d0e066d931379ed7da89bb3afd1fda1e81b lib/codeql/swift/generated/stmt/FailStmt.qll d8f5816c51c5027fd6dacc8d9f5ddd21f691c138dfc80c6c79e250402a1fe165 d8f5816c51c5027fd6dacc8d9f5ddd21f691c138dfc80c6c79e250402a1fe165 -lib/codeql/swift/generated/stmt/FallthroughStmt.qll 0f5caceabd3f683914cd598c60e78f0c225a06b017784182e9bf1525ebf4eff8 fe328559e580ebcd38aac3b6402f1a40cd1c922e92b52456b18e79e6e241d7b4 -lib/codeql/swift/generated/stmt/ForEachStmt.qll 105f4905d2c9b832b01dabfc87a90294886ed867be119c83b1af779b61cca8c3 8aeae81570d9444f16e0335ac2d1b8645dc37e2b6b30ccdfeeda77b0d3c8af14 -lib/codeql/swift/generated/stmt/GuardStmt.qll 135faa385310d9398db6630c799ee57da6e5546e8ae09190b0aab8397c330c57 eb98434209466449d82dd75049850aa3d550f2c0d2b6e0a70f2ee8d2dae4d830 -lib/codeql/swift/generated/stmt/IfStmt.qll a01212a13060f36b0c5ff29a18aa64a450662b284d37d8cff10ce648507684b2 05e9617901b871d59fa9f08f3397aac7ebe7026ae482e316e591c2622ba64a2f -lib/codeql/swift/generated/stmt/LabeledConditionalStmt.qll 2865e39a960ec4f610cccc6cb93ecf2b3ef457fb4c3acb961ffcf84ed9c1f33e cb8b7f16520ead1299d898ccd22efb89a74e9b3d658fdb613af0797b60d80bb7 +lib/codeql/swift/generated/stmt/FallthroughStmt.qll aa400a95593395d97b196a78462fb5ab7cad0497b395cdd98885e1593271614d 4df6bfa7d2f4e2b5e5155351e445bb6c710e7c20c82fa3321564b11ef60b086a +lib/codeql/swift/generated/stmt/ForEachStmt.qll 0c4b3c9540aaf89c135de6618dc7f07680a44bb6e874d8b12b2457ecad7d766d 52fbec89382d3b207f379e126654008393be560c8efe4a490fda1e2c48914235 +lib/codeql/swift/generated/stmt/GuardStmt.qll f31660bbe32231e310ff3d33dfece761ee7ec888fe74683359f86a3766e7c378 ce1f8279839e0b6311107ea9473871cbcfdc7c12d2368ac55b989f9bff2c5e7c +lib/codeql/swift/generated/stmt/IfStmt.qll 80f1caba3a477e589b6aa3543ec1787005ab1ffab91a77832512c79dffce48c7 2126cf386e917a230175ba7e07450e390b4bd65da6fce1af8395e5ffd3f79dca +lib/codeql/swift/generated/stmt/LabeledConditionalStmt.qll 057c6c556ecd836ca7f40d208c04e43039dde53e41eb27cc27f5f502a38a86fa 2ee979a35e0e9fa72253ab21d57c18b7268b7acc1edb4ec514b73b99b0aa2c6c lib/codeql/swift/generated/stmt/LabeledStmt.qll 734f0bb5b40d72c3c949a08af15c01b3ae3a3e315f3196f75da27e03a2635d63 f1fbea28c7eef71135e60e144714b1027d71f07ccfabbb65d6a98aa89523720e -lib/codeql/swift/generated/stmt/PoundAssertStmt.qll d672d599679838fb9fcc7e9e3b4641a7d514ee35d94f9eaa9d56f1e893d57863 7ca6f2571015c105887b4c045c2305a05ad86813cf5fcf28b577efcc3d483717 -lib/codeql/swift/generated/stmt/RepeatWhileStmt.qll e9a4ac23dafb18a2bc23a045eb7ed8a96193600071d46351474ae899f7e24f7d 8bdfd1e1c75b95ba156dc0c90b5fcc185b0bee84feb144c7dc1b5f159703c79a -lib/codeql/swift/generated/stmt/ReturnStmt.qll c27a59f427f39d6eaebc96c6d975480be535945572e5a88ab961c34ef166df1a 269912d84e69f97348ea2cf46ab38d08cf92b7fc6bf6255e649a64580bf171ad +lib/codeql/swift/generated/stmt/PoundAssertStmt.qll c7a2effdfde66cf6308815affa966d63a9a251ddc27d492320733f1b2398ecdb 83b886c58dbdd845e4be08309c2be1e8954cd0aa1a8ce079d429f96beaef02bf +lib/codeql/swift/generated/stmt/RepeatWhileStmt.qll 5edf21c6f6a9ec95f1f4ada10a47f46e38550c307cae8b74dad4c26275e24ace 6a2c1cdc99ef31c9a8f49cc4cb207b832bb90d55f69ef3196948105daeaf8d45 +lib/codeql/swift/generated/stmt/ReturnStmt.qll bed521194ae4f9a60d3ea0a9ea46dd7dbbc62799272d752871524a8eedbefc46 eb28b591ad77d842211a0df931fd693581c0e792b93421679b64a38de637d836 lib/codeql/swift/generated/stmt/Stmt.qll b2a4f3712e3575321a4bc65d31b9eb8ddcd2d20af9863f3b9240e78e4b32ccff e0fc13b3af867aa53b21f58a5be1b7d1333b3e8543a4d214a346468f783dbf40 -lib/codeql/swift/generated/stmt/StmtCondition.qll 3a9b82fc0776c1693c620fd96b3dbf94052ca0a2134ea4c9c83e51a1df6accad d2f809dd6820aa05c1630cd09ca12f22f94698155661aecd5d3837e340354ff2 -lib/codeql/swift/generated/stmt/SwitchStmt.qll 2e43f3eb536bb8924311d2fe84b2b21f712875caeaa8c4b13047b782c06ae453 ff72f4a01c3d7d227a28481d5a95b0858c15619067dd159332693af05fd0f146 -lib/codeql/swift/generated/stmt/ThrowStmt.qll c6f419f7d7021061a913fd70e64e43d55efe4350f73a21921cbd0654fabfa928 b76d221ad122710050651a62efb92b318d48109ec5326971c66cf9876dde9e14 -lib/codeql/swift/generated/stmt/WhileStmt.qll 550fef68aa3e81fcc615a296fabeacacef7648fe8e0316daef8a2767654f3020 5a60c959f042ebd9142b26432ad905cc2079664568d1b0bdf22085d4a24a92b9 -lib/codeql/swift/generated/stmt/YieldStmt.qll 5b0a6e0a656f9db4095d128c3e7d6bf1265ff218045ad91bd0699097c6c3cce7 45f54dbd94af7c2ab7e53858a7c3389636726d3d5fb45b876b5daad1896d1305 +lib/codeql/swift/generated/stmt/StmtCondition.qll b8dabf10de10f7c21abe0c7911084a41beb6e7125016a9bc2e15a6ace6d31837 d3ad8923495c273b83d80c4c9f64665798273c843f4cd1862b0300a93c2ac2d6 +lib/codeql/swift/generated/stmt/SwitchStmt.qll e303f93ba166044326071368b8c3ef74c2a87c1c586b1d05cf645150f8958b1a 4a8e919ba35423b49d4400d0d0730a0372d5f75a741f49776654bae773250561 +lib/codeql/swift/generated/stmt/ThrowStmt.qll d486c63f0f224e088cd67deb296d47266c8cfa2212853f950f6d0457941a0ca2 c4315440944ccb312af7ee8ee18b5eb2b98909ba9655e4729ea0e0d6a87ff014 +lib/codeql/swift/generated/stmt/WhileStmt.qll ee2661a76fdb516095bfcfb3210b4e24fc0f9619e985c9916fc0f5150736dbb1 b6c95a8e410f79c8d0a7bc994f92bf34b51400a2ba49b67af28a5256687855a9 +lib/codeql/swift/generated/stmt/YieldStmt.qll 81e2e31455da36b08f21f905d3e5b87e9f5c10ba50990fa5722a2d9488378da4 21d9e9523ba28bd291753b331379945c621241ccadb0cb444755ee5947cb24d1 lib/codeql/swift/generated/type/AnyBuiltinIntegerType.qll a263451163e027c4c4223ec288e090b7e0d399cc46eb962013342bfeac5f6b86 d850ec1ee1902945b172ddd0ecd8884e399e963f939c04bc8bfaadacebdf55a9 lib/codeql/swift/generated/type/AnyFunctionType.qll ecd701702fc4f5a2205208faad7598f3083028914e72aacdaa6311f522468352 342e2265f0593c3f388a7f293b589f332c977d7863d697901445d68f0b93a222 -lib/codeql/swift/generated/type/AnyGenericType.qll a6da9ae1024bdafa244f3f5843fe16efe06f5d8e7305c5712f6b9ff409347427 11694abc90753c3f1a27e4745919f851334e0b79eb576831403c7866014b64aa +lib/codeql/swift/generated/type/AnyGenericType.qll 8b64a517c57c6c7e46eca923a5611c28c626c920818b5b9060f1772c10d1a636 151ce25c5b86e51d4e0f4a11c058eb1555a8d3f286029b37732b47b3b23e3667 lib/codeql/swift/generated/type/AnyMetatypeType.qll 6805a6895e748e02502105d844b66fab5111dbb0d727534d305a0396dacc9465 58e0794b8d6dccd9809f5b83bf64b162e69f3f84b5f3161b88aed10f16a8ede8 -lib/codeql/swift/generated/type/ArchetypeType.qll 2642f841dac57a4c2447ceb5c3a42bf9e59bdb426556307dae863bd4009950e0 e7136d1929951d7dc928d0ebab99aca84eee8bf71aad86f480c4820da26adec0 +lib/codeql/swift/generated/type/ArchetypeType.qll 49560392daec2e41846dba8254a1ce420ca17a0e6d45c6a6b670f3f9e44e2c18 6865b7359c413602d7de11aec850811a012cad846a5839817c4d5644c6138d8a lib/codeql/swift/generated/type/ArraySliceType.qll 72d0409e2704e89ebca364ae28d55c874152f55dd1deaac6c954617f6566f3c2 72d0409e2704e89ebca364ae28d55c874152f55dd1deaac6c954617f6566f3c2 lib/codeql/swift/generated/type/BoundGenericClassType.qll c82971dcd306a4cbc6bb885ae300556717eb2d068066b7752a36480e5eb14b5f c82971dcd306a4cbc6bb885ae300556717eb2d068066b7752a36480e5eb14b5f lib/codeql/swift/generated/type/BoundGenericEnumType.qll 89fcee52adbe6c9b130eae45cf43b2a2c302e8812f8519ea885e5d41dec3ec56 89fcee52adbe6c9b130eae45cf43b2a2c302e8812f8519ea885e5d41dec3ec56 @@ -616,7 +617,7 @@ lib/codeql/swift/generated/type/BuiltinType.qll 0f90f2fd18b67edf20712ff51484afd5 lib/codeql/swift/generated/type/BuiltinUnsafeValueBufferType.qll d569e7c255de5e87bb0eb68ae5e7fea011121e01b2868007485af91da7417cd6 d569e7c255de5e87bb0eb68ae5e7fea011121e01b2868007485af91da7417cd6 lib/codeql/swift/generated/type/BuiltinVectorType.qll f51ce577abec2a1de3ae77a5cd9719aa4a1a6f3f5ec492c7444e410fb1de802a f51ce577abec2a1de3ae77a5cd9719aa4a1a6f3f5ec492c7444e410fb1de802a lib/codeql/swift/generated/type/ClassType.qll b52f0383d3dcbf7cf56d0b143cbb63783cb5fa319bcbfc4754e362d935e0fb53 b52f0383d3dcbf7cf56d0b143cbb63783cb5fa319bcbfc4754e362d935e0fb53 -lib/codeql/swift/generated/type/DependentMemberType.qll 0596086099ef55db0647b436e4d4ad6482496e8d491b6497e31b6f4ecdafe5d0 2de600fd4ac4739afdf4cd84822da467d195c7cc6d7099fe7ac446eae147979d +lib/codeql/swift/generated/type/DependentMemberType.qll 348f4b1eb1ed6e311212c1565716c814f9f4198ec4be7e748fbd10cef1f98ce4 a17c65acda68c87b7148047372a9779ce9eda53dbaa81208f0b9b57262001791 lib/codeql/swift/generated/type/DictionaryType.qll 1a30cd9815e9162cbf07d193a35d834837f8b8aa8ab936ea8c4400ea66181937 d4100b99422db8b81632cd86144c316ed8504616df742223cb6cde1211704d14 lib/codeql/swift/generated/type/DynamicSelfType.qll 331e731ce6ebf8e4b152efcbfbebe35d506c03633dab75483ae660f967259c58 4066ab0cd3c768fe25aba0d2ddaa4e394070f97dbe77b375c6fd39447eef8fd9 lib/codeql/swift/generated/type/EnumType.qll dcf653c7ee2e76882d9f415fbbc208905b8d8ed68cc32e36c0439a9205e65b35 dcf653c7ee2e76882d9f415fbbc208905b8d8ed68cc32e36c0439a9205e65b35 @@ -629,10 +630,10 @@ lib/codeql/swift/generated/type/GenericTypeParamType.qll f515debe8b21f3ea6551e4f lib/codeql/swift/generated/type/InOutType.qll 93906f54e2e109a8e83bf10665a9cfb518b96c6f8d8ea50e8d994a2802082e61 1cdf37ee0a2785e1a3298022f0d9aa8e9bce38e8d7268d631bb6544bdf07e636 lib/codeql/swift/generated/type/LValueType.qll ed2c9347139582c311b6ae58a26fd4462cdcd4ec1f1d0ea3c9967d0bec54683c d027432cc73850731f33b1aaf7e2aa57d97ed7e3171de3dc53902e6ed7e38b46 lib/codeql/swift/generated/type/MetatypeType.qll cd752f81257820f74c1f5c016e19bdc9b0f8ff8ddcc231daa68061a85c4b38e2 cd752f81257820f74c1f5c016e19bdc9b0f8ff8ddcc231daa68061a85c4b38e2 -lib/codeql/swift/generated/type/ModuleType.qll 46178692ceeda03ded0af1ab96af9e3ef4ba426e7345a0e2abfc6b35eebd9fc1 135549ca669d27c737159cc8327963879c11e32177a3b72d2076decb0927c475 +lib/codeql/swift/generated/type/ModuleType.qll 77fc9ea296b5be29aa8eded4cdfdbc7ca09a4c443f6720f31f9728a6e5bf115d c551af9fa41b1da433f52c89e3d126ac11caad8ab6a59baeda7bdbd7b11487cf lib/codeql/swift/generated/type/NominalOrBoundGenericNominalType.qll 27d87dc4792b7f46fa1b708aadecef742ab2a78b23d4eb28ce392da49766122f 380b827d026202cbfcd825e975ebbdf8f53784a0426ce5454cb1b43cc42dfe16 lib/codeql/swift/generated/type/NominalType.qll f7e85d544eaaa259c727b8b4ba691578861d15612a134d19936a20943270b629 87472017a129921d2af9d380f69c293f4deba788e7660b0fe085a455e76562e8 -lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll 2126dd1e66b3b8fb4a2ac1808674f1c502cabe7cce11ecde407e78bbb1a1546e e78d3b63cc551a0dd284969c8ba6294466b1ddbcd17a0fdb745237a3793313ac +lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll 54f267ce066c2bc3c1a4ef93154a2b99c1c6a7253c9d75f5d215a4e8fe036c1d f2d397bc48875d7c47e239d859a40ee191dad8340c7f2861d461c8a4f339fa49 lib/codeql/swift/generated/type/OpenedArchetypeType.qll ed97d3fb8810424643953a0d5ebd93e58d1b2e397ea01ccde0dcd8e68c41adb2 ed97d3fb8810424643953a0d5ebd93e58d1b2e397ea01ccde0dcd8e68c41adb2 lib/codeql/swift/generated/type/OptionalType.qll d99dd5ec5636cc6c3e0e52bf27d0d8bf8dfcff25739cd7e1b845f5d96b1a5ac9 d99dd5ec5636cc6c3e0e52bf27d0d8bf8dfcff25739cd7e1b845f5d96b1a5ac9 lib/codeql/swift/generated/type/ParameterizedProtocolType.qll 5ec7f5d9412f071099a75e920dce686e3a3b3697d94f2b03d4456858060d31d1 9d8f3ae67ebe290102f6c3fc4bda14d66865b13a782fe9e80e3e2464da14f18e @@ -646,9 +647,9 @@ lib/codeql/swift/generated/type/SubstitutableType.qll 9e74ec2d281cd3dedbc5791d66 lib/codeql/swift/generated/type/SugarType.qll 4ea82201ae20e769c0c3e6e158bae86493e1b16bbd3ef6495e2a3760baa1fc6b 6c78df86db6f9c70398484819a9b9ecc8ee337b0a4ac2d84e17294951a6fd788 lib/codeql/swift/generated/type/SyntaxSugarType.qll 253e036452e0ba8ae3bb60d6ed22f4efb8436f4ef19f158f1114a6f9a14df42c 743fe4dede40ca173b19d5757d14e0f606fe36f51119445503e8eea7cf6df3b0 lib/codeql/swift/generated/type/TupleType.qll af224031c3bea6dfca6138903cca940a4f00ba6494ad7b591b9f017d69ee9a6c f59ad1bb4994196ec49836ae169e550a70dbb25a359ff889ed6456882fe2d9a0 -lib/codeql/swift/generated/type/Type.qll c08acc943c9b52662a465d77fcd39d12f869c42b24a3755225b3bddbb1cf72f5 6d82c5bddded75fd5598bb559ecfa07360ad802d5e9541af2c334dc9d0159335 -lib/codeql/swift/generated/type/TypeAliasType.qll 1c7b7d66f277907d04462712ff5271b84987656351da8e486d718b8d138ef545 2dc20e1fd98bee6a8e5b35cf7a048716b2b6d2e5ba6610ecc4f7f667da930885 -lib/codeql/swift/generated/type/TypeRepr.qll bb78cc2265734d8ecbd32ca85e38c853e9f35569aaf4dc8353d20471b3559c3d c2abc1d161590cbdc4cac7e147e114f8a28ba5f6405dba7ead51abe85991505d +lib/codeql/swift/generated/type/Type.qll ada3973ed840643fa9f015d721d1f3c58994cda46b169e875b77473281d9122f 6a43dc43be0ac6f315b58ca4dc9b015769281eb5011220f28b5e9b6ed9436207 +lib/codeql/swift/generated/type/TypeAliasType.qll 7c1397c4a145d3265e8d1b4dac4ae6a58a2c4026145cfb2d8d28c01309b0ea26 0e3c3a2c166285f4ac1b417b8cc74a5095c8a8e1a102d7b5ca2829a06b61de23 +lib/codeql/swift/generated/type/TypeRepr.qll 25a412f029bf2d4b283ea07f0f0ff5713b1b4f369f8cb06991328fdee030e14a 2a39717f2e023c96015b797b59812b0e0bef1ea2780ee83869b68da549abbf2f lib/codeql/swift/generated/type/UnarySyntaxSugarType.qll 6f3822691d04531cc1dd6a78fb184f3e18d42ee324123dc4338fdd368fbd0bd6 d489aac77955de0d71fd5c271fddccd40050db4ef8ce8d817320ca9554057c3a lib/codeql/swift/generated/type/UnboundGenericType.qll 43549cbdaaa05c3c6e3d6757aca7c549b67f3c1f7d7f0a987121de0c80567a78 43549cbdaaa05c3c6e3d6757aca7c549b67f3c1f7d7f0a987121de0c80567a78 lib/codeql/swift/generated/type/UnmanagedStorageType.qll 198727a7c9557a0a92c6d833768086f0a0a18c546b4bfd486d7ff7ad5677a6aa 198727a7c9557a0a92c6d833768086f0a0a18c546b4bfd486d7ff7ad5677a6aa diff --git a/swift/ql/.gitattributes b/swift/ql/.gitattributes index 71cc5c58ecf..c1bcfc90e69 100644 --- a/swift/ql/.gitattributes +++ b/swift/ql/.gitattributes @@ -379,6 +379,7 @@ /lib/codeql/swift/generated/Element.qll linguist-generated /lib/codeql/swift/generated/ErrorElement.qll linguist-generated /lib/codeql/swift/generated/File.qll linguist-generated +/lib/codeql/swift/generated/HideableElement.qll linguist-generated /lib/codeql/swift/generated/KeyPathComponent.qll linguist-generated /lib/codeql/swift/generated/Locatable.qll linguist-generated /lib/codeql/swift/generated/Location.qll linguist-generated diff --git a/swift/ql/lib/codeql/swift/controlflow/internal/Completion.qll b/swift/ql/lib/codeql/swift/controlflow/internal/Completion.qll index 9e7975890e6..ad96fcb12de 100644 --- a/swift/ql/lib/codeql/swift/controlflow/internal/Completion.qll +++ b/swift/ql/lib/codeql/swift/controlflow/internal/Completion.qll @@ -98,7 +98,7 @@ private predicate isBooleanConstant(ControlFlowElement n, boolean value) { // Boolean constants hidden inside conversions are also // constants that resolve to the same value. exists(ControlFlowElement parent | - parent.asAstNode() = n.asAstNode().getResolveStep() and + parent.asAstNode() = n.asAstNode().(HideableElement).getResolveStep() and isBooleanConstant(parent, value) ) } @@ -122,9 +122,9 @@ private predicate inBooleanContext(ControlFlowElement n) { private predicate astInBooleanContext(AstNode n) { n = any(ConditionElement condElem).getBoolean().getFullyUnresolved() or - n = any(ConditionElement condElem).getAvailability().getFullyUnresolved() + n = any(ConditionElement condElem).getAvailability() or - n = any(StmtCondition stmtCond).getFullyUnresolved() + n = any(StmtCondition stmtCond) or exists(RepeatWhileStmt repeat | n = repeat.getCondition().getFullyConverted()) or diff --git a/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll b/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll index d3eb3aaa244..3efa0dd8bc3 100644 --- a/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll +++ b/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll @@ -264,7 +264,7 @@ module Stmts { or child.asAstNode() = ast.getAnElement().getBoolean().getFullyConverted() or - child.asAstNode() = ast.getAnElement().getAvailability().getFullyUnresolved() + child.asAstNode() = ast.getAnElement().getAvailability() } predicate firstElement(int i, ControlFlowElement first) { @@ -278,7 +278,7 @@ module Stmts { astFirst(ast.getElement(i).getBoolean().getFullyConverted(), first) or // ... or an availability check. - astFirst(ast.getElement(i).getAvailability().getFullyUnresolved(), first) + astFirst(ast.getElement(i).getAvailability(), first) ) } @@ -296,7 +296,7 @@ module Stmts { astLast(ast.getElement(i).getBoolean().getFullyConverted(), pred, c) or // ... or the availability check ... - astLast(ast.getElement(i).getAvailability().getFullyUnresolved(), pred, c) + astLast(ast.getElement(i).getAvailability(), pred, c) ) and // We evaluate the next element c instanceof NormalCompletion and @@ -313,7 +313,7 @@ module Stmts { not c.(MatchingCompletion).isMatch() or // Stop if an availability check failed - astLast(ast.getAnElement().getAvailability().getFullyUnresolved(), last, c) and + astLast(ast.getAnElement().getAvailability(), last, c) and c instanceof FalseCompletion or // Stop if we successfully evaluated all the conditionals @@ -322,7 +322,7 @@ module Stmts { or astLast(ast.getLastElement().getPattern().getFullyUnresolved(), last, c) or - astLast(ast.getLastElement().getAvailability().getFullyUnresolved(), last, c) + astLast(ast.getLastElement().getAvailability(), last, c) ) and c instanceof NormalCompletion } @@ -342,14 +342,14 @@ module Stmts { override IfStmt ast; final override predicate propagatesAbnormal(ControlFlowElement child) { - child.asAstNode() = ast.getCondition().getFullyUnresolved() or + child.asAstNode() = ast.getCondition() or child.asAstNode() = ast.getThen() or child.asAstNode() = ast.getElse() } final override predicate last(ControlFlowElement last, Completion c) { // Condition exits with a false completion and there is no `else` branch - astLast(ast.getCondition().getFullyUnresolved(), last, c) and + astLast(ast.getCondition(), last, c) and c instanceof FalseOrNonMatchCompletion and not exists(ast.getElse()) or @@ -360,10 +360,10 @@ module Stmts { final override predicate succ(ControlFlowElement pred, ControlFlowElement succ, Completion c) { // Pre-order: flow from statement itself to first element of condition pred.asAstNode() = ast and - astFirst(ast.getCondition().getFullyUnresolved(), succ) and + astFirst(ast.getCondition(), succ) and c instanceof SimpleCompletion or - astLast(ast.getCondition().getFullyUnresolved(), pred, c) and + astLast(ast.getCondition(), pred, c) and ( // Flow from last element of condition to first element of then branch c instanceof TrueOrMatchCompletion and @@ -380,7 +380,7 @@ module Stmts { override GuardStmt ast; final override predicate propagatesAbnormal(ControlFlowElement child) { - child.asAstNode() = ast.getCondition().getFullyUnresolved() or + child.asAstNode() = ast.getCondition() or child.asAstNode() = ast.getBody() } @@ -390,18 +390,18 @@ module Stmts { c instanceof NormalCompletion or // Exit when a condition is true - astLast(ast.getCondition().getFullyUnresolved(), last, c) and + astLast(ast.getCondition(), last, c) and c instanceof TrueOrMatchCompletion } final override predicate succ(ControlFlowElement pred, ControlFlowElement succ, Completion c) { // Pre-order: flow from statement itself to first element of condition pred.asAstNode() = ast and - astFirst(ast.getCondition().getFullyUnresolved(), succ) and + astFirst(ast.getCondition(), succ) and c instanceof SimpleCompletion or // Flow to the body when the condition is false - astLast(ast.getCondition().getFullyUnresolved(), pred, c) and + astLast(ast.getCondition(), pred, c) and c instanceof FalseOrNonMatchCompletion and astFirst(ast.getBody(), succ) } @@ -458,9 +458,7 @@ module Stmts { private class WhileTree extends LoopTree { override WhileStmt ast; - final override ControlFlowElement getCondition() { - result.asAstNode() = ast.getCondition().getFullyUnresolved() - } + final override ControlFlowElement getCondition() { result.asAstNode() = ast.getCondition() } final override ControlFlowElement getBody() { result.asAstNode() = ast.getBody() } @@ -674,7 +672,7 @@ module Stmts { final override predicate last(ControlFlowElement last, Completion c) { // Case pattern exits with a non-match - astLast(ast.getLastLabel().getFullyUnresolved(), last, c) and + astLast(ast.getLastLabel(), last, c) and not c.(MatchingCompletion).isMatch() or // Case body exits with any completion @@ -684,18 +682,18 @@ module Stmts { override predicate succ(ControlFlowElement pred, ControlFlowElement succ, Completion c) { // Pre-order: Flow from the case statement itself to the first label pred.asAstNode() = ast and - astFirst(ast.getFirstLabel().getFullyUnresolved(), succ) and + astFirst(ast.getFirstLabel(), succ) and c instanceof SimpleCompletion or // Left-to-right evaluation of labels until we find a match exists(int i | - astLast(ast.getLabel(i).getFullyUnresolved(), pred, c) and - astFirst(ast.getLabel(i + 1).getFullyUnresolved(), succ) and + astLast(ast.getLabel(i), pred, c) and + astFirst(ast.getLabel(i + 1), succ) and c.(MatchingCompletion).isNonMatch() ) or // Flow from last element of pattern to first element of body - astLast(ast.getALabel().getFullyUnresolved(), pred, c) and + astLast(ast.getALabel(), pred, c) and astFirst(ast.getBody(), succ) and c.(MatchingCompletion).isMatch() } @@ -1164,7 +1162,7 @@ module Exprs { override CaptureListExpr ast; final override ControlFlowElement getChildElement(int i) { - result.asAstNode() = ast.getBindingDecl(i).getFullyUnresolved() + result.asAstNode() = ast.getBindingDecl(i) or i = ast.getNumberOfBindingDecls() and result.asAstNode() = ast.getClosureBody().getFullyConverted() @@ -1796,9 +1794,7 @@ module AvailabilityInfo { private class AvailabilityInfoTree extends AstStandardPostOrderTree { override AvailabilityInfo ast; - final override ControlFlowElement getChildElement(int i) { - result.asAstNode() = ast.getSpec(i).getFullyUnresolved() - } + final override ControlFlowElement getChildElement(int i) { result.asAstNode() = ast.getSpec(i) } } private class AvailabilitySpecTree extends AstLeafTree { diff --git a/swift/ql/lib/codeql/swift/elements.qll b/swift/ql/lib/codeql/swift/elements.qll index 7c75c11c976..486b2aa6cd0 100644 --- a/swift/ql/lib/codeql/swift/elements.qll +++ b/swift/ql/lib/codeql/swift/elements.qll @@ -10,6 +10,7 @@ import codeql.swift.elements.Diagnostics import codeql.swift.elements.Element import codeql.swift.elements.ErrorElement import codeql.swift.elements.File +import codeql.swift.elements.HideableElement import codeql.swift.elements.KeyPathComponent import codeql.swift.elements.Locatable import codeql.swift.elements.Location diff --git a/swift/ql/lib/codeql/swift/elements/Element.qll b/swift/ql/lib/codeql/swift/elements/Element.qll index 394d1caab3b..b7bdd621eaf 100644 --- a/swift/ql/lib/codeql/swift/elements/Element.qll +++ b/swift/ql/lib/codeql/swift/elements/Element.qll @@ -1,18 +1,7 @@ private import codeql.swift.generated.Element class Element extends Generated::Element { - private predicate resolvesFrom(Element e) { e.getResolveStep() = this } - override string toString() { result = this.getPrimaryQlClasses() } - - Element getFullyUnresolved() { - not this.resolvesFrom(_) and result = this - or - exists(Element e | - this.resolvesFrom(e) and - result = e.getFullyUnresolved() - ) - } } class UnknownElement extends Element { diff --git a/swift/ql/lib/codeql/swift/elements/HideableElement.qll b/swift/ql/lib/codeql/swift/elements/HideableElement.qll new file mode 100644 index 00000000000..fdc392817dd --- /dev/null +++ b/swift/ql/lib/codeql/swift/elements/HideableElement.qll @@ -0,0 +1,14 @@ +private import codeql.swift.generated.HideableElement + +class HideableElement extends Generated::HideableElement { + private predicate resolvesFrom(HideableElement e) { e.getResolveStep() = this } + + HideableElement getFullyUnresolved() { + not this.resolvesFrom(_) and result = this + or + exists(HideableElement e | + this.resolvesFrom(e) and + result = e.getFullyUnresolved() + ) + } +} diff --git a/swift/ql/lib/codeql/swift/elements/Locatable.qll b/swift/ql/lib/codeql/swift/elements/Locatable.qll index 80afa75c1de..25877d7f074 100644 --- a/swift/ql/lib/codeql/swift/elements/Locatable.qll +++ b/swift/ql/lib/codeql/swift/elements/Locatable.qll @@ -4,10 +4,10 @@ private import codeql.swift.elements.UnknownLocation class Locatable extends Generated::Locatable { pragma[nomagic] - override Location getImmediateLocation() { - result = Generated::Locatable.super.getImmediateLocation() + override Location getLocation() { + result = Generated::Locatable.super.getLocation() or - not exists(Generated::Locatable.super.getImmediateLocation()) and + not exists(Generated::Locatable.super.getLocation()) and result instanceof UnknownLocation } diff --git a/swift/ql/lib/codeql/swift/elements/UnknownLocation.qll b/swift/ql/lib/codeql/swift/elements/UnknownLocation.qll index b97ef6e4e8f..df8823fe028 100644 --- a/swift/ql/lib/codeql/swift/elements/UnknownLocation.qll +++ b/swift/ql/lib/codeql/swift/elements/UnknownLocation.qll @@ -6,7 +6,7 @@ private import codeql.swift.elements.File * A `Location` that is given to something that is not associated with any position in the source code. */ class UnknownLocation extends Generated::UnknownLocation { - override File getImmediateFile() { result instanceof UnknownFile } + override File getFile() { result instanceof UnknownFile } override int getStartLine() { result = 0 } diff --git a/swift/ql/lib/codeql/swift/elements/UnspecifiedElement.qll b/swift/ql/lib/codeql/swift/elements/UnspecifiedElement.qll index cbafea24532..b062beeb197 100644 --- a/swift/ql/lib/codeql/swift/elements/UnspecifiedElement.qll +++ b/swift/ql/lib/codeql/swift/elements/UnspecifiedElement.qll @@ -19,5 +19,5 @@ class UnspecifiedElement extends Generated::UnspecifiedElement { ) } - override Location getImmediateLocation() { result = this.getParent().(Locatable).getLocation() } + override Location getLocation() { result = this.getParent().(Locatable).getLocation() } } diff --git a/swift/ql/lib/codeql/swift/elements/expr/MethodLookupExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/MethodLookupExpr.qll index 4dbdff505b4..ba036ddafcf 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/MethodLookupExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/MethodLookupExpr.qll @@ -14,7 +14,7 @@ class MethodLookupExpr extends Generated::MethodLookupExpr { result = Synth::convertExprFromRaw(this.getUnderlying().getBase()) } - override Decl getImmediateMember() { + override Decl getMember() { result = this.getMethodRef().(DeclRefExpr).getDecl() or result = this.getMethodRef().(OtherInitializerRefExpr).getInitializer() diff --git a/swift/ql/lib/codeql/swift/generated/AvailabilityInfo.qll b/swift/ql/lib/codeql/swift/generated/AvailabilityInfo.qll index c0c7ec1ad00..3659bf7f16f 100644 --- a/swift/ql/lib/codeql/swift/generated/AvailabilityInfo.qll +++ b/swift/ql/lib/codeql/swift/generated/AvailabilityInfo.qll @@ -32,27 +32,14 @@ module Generated { /** * Gets the `index`th spec of this availability info (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - AvailabilitySpec getImmediateSpec(int index) { + AvailabilitySpec getSpec(int index) { result = Synth::convertAvailabilitySpecFromRaw(Synth::convertAvailabilityInfoToRaw(this) .(Raw::AvailabilityInfo) .getSpec(index)) } - /** - * Gets the `index`th spec of this availability info (0-based). - */ - final AvailabilitySpec getSpec(int index) { - exists(AvailabilitySpec immediate | - immediate = this.getImmediateSpec(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the specs of this availability info. */ diff --git a/swift/ql/lib/codeql/swift/generated/Callable.qll b/swift/ql/lib/codeql/swift/generated/Callable.qll index db03af1dbd0..124828a8e0d 100644 --- a/swift/ql/lib/codeql/swift/generated/Callable.qll +++ b/swift/ql/lib/codeql/swift/generated/Callable.qll @@ -20,27 +20,14 @@ module Generated { /** * Gets the self parameter of this callable, if it exists. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - ParamDecl getImmediateSelfParam() { + ParamDecl getSelfParam() { result = Synth::convertParamDeclFromRaw(Synth::convertCallableToRaw(this) .(Raw::Callable) .getSelfParam()) } - /** - * Gets the self parameter of this callable, if it exists. - */ - final ParamDecl getSelfParam() { - exists(ParamDecl immediate | - immediate = this.getImmediateSelfParam() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Holds if `getSelfParam()` exists. */ @@ -48,27 +35,14 @@ module Generated { /** * Gets the `index`th parameter of this callable (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - ParamDecl getImmediateParam(int index) { + ParamDecl getParam(int index) { result = Synth::convertParamDeclFromRaw(Synth::convertCallableToRaw(this) .(Raw::Callable) .getParam(index)) } - /** - * Gets the `index`th parameter of this callable (0-based). - */ - final ParamDecl getParam(int index) { - exists(ParamDecl immediate | - immediate = this.getImmediateParam(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the parameters of this callable. */ @@ -79,27 +53,14 @@ module Generated { */ final int getNumberOfParams() { result = count(int i | exists(this.getParam(i))) } - /** - * Gets the body of this callable, if it exists. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. - */ - BraceStmt getImmediateBody() { - result = - Synth::convertBraceStmtFromRaw(Synth::convertCallableToRaw(this).(Raw::Callable).getBody()) - } - /** * Gets the body of this callable, if it exists. * * The body is absent within protocol declarations. */ - final BraceStmt getBody() { - exists(BraceStmt immediate | - immediate = this.getImmediateBody() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) + BraceStmt getBody() { + result = + Synth::convertBraceStmtFromRaw(Synth::convertCallableToRaw(this).(Raw::Callable).getBody()) } /** @@ -109,27 +70,14 @@ module Generated { /** * Gets the `index`th capture of this callable (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - CapturedDecl getImmediateCapture(int index) { + CapturedDecl getCapture(int index) { result = Synth::convertCapturedDeclFromRaw(Synth::convertCallableToRaw(this) .(Raw::Callable) .getCapture(index)) } - /** - * Gets the `index`th capture of this callable (0-based). - */ - final CapturedDecl getCapture(int index) { - exists(CapturedDecl immediate | - immediate = this.getImmediateCapture(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the captures of this callable. */ diff --git a/swift/ql/lib/codeql/swift/generated/Element.qll b/swift/ql/lib/codeql/swift/generated/Element.qll index 0fa588e0667..88e9b4cdd34 100644 --- a/swift/ql/lib/codeql/swift/generated/Element.qll +++ b/swift/ql/lib/codeql/swift/generated/Element.qll @@ -24,23 +24,6 @@ module Generated { */ final string getPrimaryQlClasses() { result = concat(this.getAPrimaryQlClass(), ",") } - /** - * Gets the most immediate element that should substitute this element in the explicit AST, if any. - * Classes can override this to indicate this node should be in the "hidden" AST, mostly reserved - * for conversions and syntactic sugar nodes like parentheses. - */ - Element getResolveStep() { none() } // overridden by subclasses - - /** - * Gets the element that should substitute this element in the explicit AST, applying `getResolveStep` - * transitively. - */ - final Element resolve() { - not exists(this.getResolveStep()) and result = this - or - result = this.getResolveStep().resolve() - } - /** * Holds if this element is unknown. */ diff --git a/swift/ql/lib/codeql/swift/generated/HideableElement.qll b/swift/ql/lib/codeql/swift/generated/HideableElement.qll new file mode 100644 index 00000000000..9d8b323313c --- /dev/null +++ b/swift/ql/lib/codeql/swift/generated/HideableElement.qll @@ -0,0 +1,25 @@ +// generated by codegen/codegen.py +private import codeql.swift.generated.Synth +private import codeql.swift.generated.Raw +import codeql.swift.elements.Element + +module Generated { + class HideableElement extends Synth::THideableElement, Element { + /** + * Gets the most immediate element that should substitute this element in the explicit AST, if any. + * Classes can override this to indicate this node should be in the "hidden" AST, mostly reserved + * for conversions and syntactic sugar nodes like parentheses. + */ + HideableElement getResolveStep() { none() } // overridden by subclasses + + /** + * Gets the element that should substitute this element in the explicit AST, applying `getResolveStep` + * transitively. + */ + final HideableElement resolve() { + not exists(this.getResolveStep()) and result = this + or + result = this.getResolveStep().resolve() + } + } +} diff --git a/swift/ql/lib/codeql/swift/generated/KeyPathComponent.qll b/swift/ql/lib/codeql/swift/generated/KeyPathComponent.qll index a6b48cc2e0c..564e0397357 100644 --- a/swift/ql/lib/codeql/swift/generated/KeyPathComponent.qll +++ b/swift/ql/lib/codeql/swift/generated/KeyPathComponent.qll @@ -32,27 +32,14 @@ module Generated { /** * Gets the `index`th argument to an array or dictionary subscript expression (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - Argument getImmediateSubscriptArgument(int index) { + Argument getSubscriptArgument(int index) { result = Synth::convertArgumentFromRaw(Synth::convertKeyPathComponentToRaw(this) .(Raw::KeyPathComponent) .getSubscriptArgument(index)) } - /** - * Gets the `index`th argument to an array or dictionary subscript expression (0-based). - */ - final Argument getSubscriptArgument(int index) { - exists(Argument immediate | - immediate = this.getImmediateSubscriptArgument(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the arguments to an array or dictionary subscript expression. */ @@ -79,27 +66,14 @@ module Generated { /** * Gets the property or subscript operator, if it exists. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - ValueDecl getImmediateDeclRef() { + ValueDecl getDeclRef() { result = Synth::convertValueDeclFromRaw(Synth::convertKeyPathComponentToRaw(this) .(Raw::KeyPathComponent) .getDeclRef()) } - /** - * Gets the property or subscript operator, if it exists. - */ - final ValueDecl getDeclRef() { - exists(ValueDecl immediate | - immediate = this.getImmediateDeclRef() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Holds if `getDeclRef()` exists. */ @@ -128,7 +102,7 @@ module Generated { final Type getComponentType() { exists(Type immediate | immediate = this.getImmediateComponentType() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } } diff --git a/swift/ql/lib/codeql/swift/generated/Locatable.qll b/swift/ql/lib/codeql/swift/generated/Locatable.qll index bb8b832a6af..9696d5d23ad 100644 --- a/swift/ql/lib/codeql/swift/generated/Locatable.qll +++ b/swift/ql/lib/codeql/swift/generated/Locatable.qll @@ -8,27 +8,14 @@ module Generated { class Locatable extends Synth::TLocatable, Element { /** * Gets the location associated with this element in the code, if it exists. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - Location getImmediateLocation() { + Location getLocation() { result = Synth::convertLocationFromRaw(Synth::convertLocatableToRaw(this) .(Raw::Locatable) .getLocation()) } - /** - * Gets the location associated with this element in the code, if it exists. - */ - final Location getLocation() { - exists(Location immediate | - immediate = this.getImmediateLocation() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Holds if `getLocation()` exists. */ diff --git a/swift/ql/lib/codeql/swift/generated/Location.qll b/swift/ql/lib/codeql/swift/generated/Location.qll index 9cdbd95fe8d..a95b34a9afa 100644 --- a/swift/ql/lib/codeql/swift/generated/Location.qll +++ b/swift/ql/lib/codeql/swift/generated/Location.qll @@ -8,25 +8,12 @@ module Generated { class Location extends Synth::TLocation, Element { /** * Gets the file of this location. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - File getImmediateFile() { + File getFile() { result = Synth::convertFileFromRaw(Synth::convertLocationToRaw(this).(Raw::Location).getFile()) } - /** - * Gets the file of this location. - */ - final File getFile() { - exists(File immediate | - immediate = this.getImmediateFile() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets the start line of this location. */ diff --git a/swift/ql/lib/codeql/swift/generated/ParentChild.qll b/swift/ql/lib/codeql/swift/generated/ParentChild.qll index 958f4ec60a3..61b61ab0459 100644 --- a/swift/ql/lib/codeql/swift/generated/ParentChild.qll +++ b/swift/ql/lib/codeql/swift/generated/ParentChild.qll @@ -16,22 +16,22 @@ private module Impl { bElement = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfElement(e, i, _)) | i) and n = bElement and nSelfParam = n + 1 and - nParam = nSelfParam + 1 + max(int i | i = -1 or exists(e.getImmediateParam(i)) | i) and + nParam = nSelfParam + 1 + max(int i | i = -1 or exists(e.getParam(i)) | i) and nBody = nParam + 1 and - nCapture = nBody + 1 + max(int i | i = -1 or exists(e.getImmediateCapture(i)) | i) and + nCapture = nBody + 1 + max(int i | i = -1 or exists(e.getCapture(i)) | i) and ( none() or result = getImmediateChildOfElement(e, index - b, partialPredicateCall) or - index = n and result = e.getImmediateSelfParam() and partialPredicateCall = "SelfParam()" + index = n and result = e.getSelfParam() and partialPredicateCall = "SelfParam()" or - result = e.getImmediateParam(index - nSelfParam) and + result = e.getParam(index - nSelfParam) and partialPredicateCall = "Param(" + (index - nSelfParam).toString() + ")" or - index = nParam and result = e.getImmediateBody() and partialPredicateCall = "Body()" + index = nParam and result = e.getBody() and partialPredicateCall = "Body()" or - result = e.getImmediateCapture(index - nBody) and + result = e.getCapture(index - nBody) and partialPredicateCall = "Capture(" + (index - nBody).toString() + ")" ) ) @@ -50,6 +50,21 @@ private module Impl { ) } + private Element getImmediateChildOfHideableElement( + HideableElement e, int index, string partialPredicateCall + ) { + exists(int b, int bElement, int n | + b = 0 and + bElement = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfElement(e, i, _)) | i) and + n = bElement and + ( + none() + or + result = getImmediateChildOfElement(e, index - b, partialPredicateCall) + ) + ) + } + private Element getImmediateChildOfLocatable(Locatable e, int index, string partialPredicateCall) { exists(int b, int bElement, int n | b = 0 and @@ -195,13 +210,13 @@ private module Impl { b = 0 and bAstNode = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfAstNode(e, i, _)) | i) and n = bAstNode and - nSpec = n + 1 + max(int i | i = -1 or exists(e.getImmediateSpec(i)) | i) and + nSpec = n + 1 + max(int i | i = -1 or exists(e.getSpec(i)) | i) and ( none() or result = getImmediateChildOfAstNode(e, index - b, partialPredicateCall) or - result = e.getImmediateSpec(index - n) and + result = e.getSpec(index - n) and partialPredicateCall = "Spec(" + (index - n).toString() + ")" ) ) @@ -229,14 +244,13 @@ private module Impl { b = 0 and bAstNode = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfAstNode(e, i, _)) | i) and n = bAstNode and - nSubscriptArgument = - n + 1 + max(int i | i = -1 or exists(e.getImmediateSubscriptArgument(i)) | i) and + nSubscriptArgument = n + 1 + max(int i | i = -1 or exists(e.getSubscriptArgument(i)) | i) and ( none() or result = getImmediateChildOfAstNode(e, index - b, partialPredicateCall) or - result = e.getImmediateSubscriptArgument(index - n) and + result = e.getSubscriptArgument(index - n) and partialPredicateCall = "SubscriptArgument(" + (index - n).toString() + ")" ) ) @@ -295,13 +309,13 @@ private module Impl { b = 0 and bAstNode = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfAstNode(e, i, _)) | i) and n = bAstNode and - nMember = n + 1 + max(int i | i = -1 or exists(e.getImmediateMember(i)) | i) and + nMember = n + 1 + max(int i | i = -1 or exists(e.getMember(i)) | i) and ( none() or result = getImmediateChildOfAstNode(e, index - b, partialPredicateCall) or - result = e.getImmediateMember(index - n) and + result = e.getMember(index - n) and partialPredicateCall = "Member(" + (index - n).toString() + ")" ) ) @@ -314,14 +328,13 @@ private module Impl { b = 0 and bElement = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfElement(e, i, _)) | i) and n = bElement and - nGenericTypeParam = - n + 1 + max(int i | i = -1 or exists(e.getImmediateGenericTypeParam(i)) | i) and + nGenericTypeParam = n + 1 + max(int i | i = -1 or exists(e.getGenericTypeParam(i)) | i) and ( none() or result = getImmediateChildOfElement(e, index - b, partialPredicateCall) or - result = e.getImmediateGenericTypeParam(index - n) and + result = e.getGenericTypeParam(index - n) and partialPredicateCall = "GenericTypeParam(" + (index - n).toString() + ")" ) ) @@ -504,7 +517,7 @@ private module Impl { or result = getImmediateChildOfDecl(e, index - b, partialPredicateCall) or - index = n and result = e.getImmediateBody() and partialPredicateCall = "Body()" + index = n and result = e.getBody() and partialPredicateCall = "Body()" ) ) } @@ -529,13 +542,13 @@ private module Impl { b = 0 and bValueDecl = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfValueDecl(e, i, _)) | i) and n = bValueDecl and - nAccessor = n + 1 + max(int i | i = -1 or exists(e.getImmediateAccessor(i)) | i) and + nAccessor = n + 1 + max(int i | i = -1 or exists(e.getAccessor(i)) | i) and ( none() or result = getImmediateChildOfValueDecl(e, index - b, partialPredicateCall) or - result = e.getImmediateAccessor(index - n) and + result = e.getAccessor(index - n) and partialPredicateCall = "Accessor(" + (index - n).toString() + ")" ) ) @@ -548,13 +561,13 @@ private module Impl { b = 0 and bValueDecl = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfValueDecl(e, i, _)) | i) and n = bValueDecl and - nParam = n + 1 + max(int i | i = -1 or exists(e.getImmediateParam(i)) | i) and + nParam = n + 1 + max(int i | i = -1 or exists(e.getParam(i)) | i) and ( none() or result = getImmediateChildOfValueDecl(e, index - b, partialPredicateCall) or - result = e.getImmediateParam(index - n) and + result = e.getParam(index - n) and partialPredicateCall = "Param(" + (index - n).toString() + ")" ) ) @@ -749,7 +762,7 @@ private module Impl { bAbstractStorageDecl + 1 + max(int i | i = -1 or exists(getImmediateChildOfGenericContext(e, i, _)) | i) and n = bGenericContext and - nParam = n + 1 + max(int i | i = -1 or exists(e.getImmediateParam(i)) | i) and + nParam = n + 1 + max(int i | i = -1 or exists(e.getParam(i)) | i) and ( none() or @@ -758,7 +771,7 @@ private module Impl { result = getImmediateChildOfGenericContext(e, index - bAbstractStorageDecl, partialPredicateCall) or - result = e.getImmediateParam(index - n) and + result = e.getParam(index - n) and partialPredicateCall = "Param(" + (index - n).toString() + ")" ) ) @@ -784,19 +797,19 @@ private module Impl { result = getImmediateChildOfAbstractStorageDecl(e, index - b, partialPredicateCall) or index = n and - result = e.getImmediatePropertyWrapperBackingVarBinding() and + result = e.getPropertyWrapperBackingVarBinding() and partialPredicateCall = "PropertyWrapperBackingVarBinding()" or index = nPropertyWrapperBackingVarBinding and - result = e.getImmediatePropertyWrapperBackingVar() and + result = e.getPropertyWrapperBackingVar() and partialPredicateCall = "PropertyWrapperBackingVar()" or index = nPropertyWrapperBackingVar and - result = e.getImmediatePropertyWrapperProjectionVarBinding() and + result = e.getPropertyWrapperProjectionVarBinding() and partialPredicateCall = "PropertyWrapperProjectionVarBinding()" or index = nPropertyWrapperProjectionVarBinding and - result = e.getImmediatePropertyWrapperProjectionVar() and + result = e.getPropertyWrapperProjectionVar() and partialPredicateCall = "PropertyWrapperProjectionVar()" ) ) @@ -929,11 +942,11 @@ private module Impl { result = getImmediateChildOfVarDecl(e, index - b, partialPredicateCall) or index = n and - result = e.getImmediatePropertyWrapperLocalWrappedVarBinding() and + result = e.getPropertyWrapperLocalWrappedVarBinding() and partialPredicateCall = "PropertyWrapperLocalWrappedVarBinding()" or index = nPropertyWrapperLocalWrappedVarBinding and - result = e.getImmediatePropertyWrapperLocalWrappedVar() and + result = e.getPropertyWrapperLocalWrappedVar() and partialPredicateCall = "PropertyWrapperLocalWrappedVar()" ) ) @@ -1030,14 +1043,19 @@ private module Impl { } private Element getImmediateChildOfExpr(Expr e, int index, string partialPredicateCall) { - exists(int b, int bAstNode, int n | + exists(int b, int bAstNode, int bHideableElement, int n | b = 0 and bAstNode = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfAstNode(e, i, _)) | i) and - n = bAstNode and + bHideableElement = + bAstNode + 1 + + max(int i | i = -1 or exists(getImmediateChildOfHideableElement(e, i, _)) | i) and + n = bHideableElement and ( none() or result = getImmediateChildOfAstNode(e, index - b, partialPredicateCall) + or + result = getImmediateChildOfHideableElement(e, index - bAstNode, partialPredicateCall) ) ) } @@ -1082,7 +1100,7 @@ private module Impl { bExpr = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfExpr(e, i, _)) | i) and n = bExpr and nFunction = n + 1 and - nArgument = nFunction + 1 + max(int i | i = -1 or exists(e.getImmediateArgument(i)) | i) and + nArgument = nFunction + 1 + max(int i | i = -1 or exists(e.getArgument(i)) | i) and ( none() or @@ -1090,7 +1108,7 @@ private module Impl { or index = n and result = e.getImmediateFunction() and partialPredicateCall = "Function()" or - result = e.getImmediateArgument(index - nFunction) and + result = e.getArgument(index - nFunction) and partialPredicateCall = "Argument(" + (index - nFunction).toString() + ")" ) ) @@ -1140,14 +1158,14 @@ private module Impl { b = 0 and bExpr = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfExpr(e, i, _)) | i) and n = bExpr and - nBindingDecl = n + 1 + max(int i | i = -1 or exists(e.getImmediateBindingDecl(i)) | i) and + nBindingDecl = n + 1 + max(int i | i = -1 or exists(e.getBindingDecl(i)) | i) and nClosureBody = nBindingDecl + 1 and ( none() or result = getImmediateChildOfExpr(e, index - b, partialPredicateCall) or - result = e.getImmediateBindingDecl(index - n) and + result = e.getBindingDecl(index - n) and partialPredicateCall = "BindingDecl(" + (index - n).toString() + ")" or index = nBindingDecl and @@ -1470,15 +1488,15 @@ private module Impl { bExpr = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfExpr(e, i, _)) | i) and n = bExpr and nRoot = n + 1 and - nComponent = nRoot + 1 + max(int i | i = -1 or exists(e.getImmediateComponent(i)) | i) and + nComponent = nRoot + 1 + max(int i | i = -1 or exists(e.getComponent(i)) | i) and ( none() or result = getImmediateChildOfExpr(e, index - b, partialPredicateCall) or - index = n and result = e.getImmediateRoot() and partialPredicateCall = "Root()" + index = n and result = e.getRoot() and partialPredicateCall = "Root()" or - result = e.getImmediateComponent(index - nRoot) and + result = e.getComponent(index - nRoot) and partialPredicateCall = "Component(" + (index - nRoot).toString() + ")" ) ) @@ -1773,7 +1791,7 @@ private module Impl { or index = n and result = e.getImmediateSubExpr() and partialPredicateCall = "SubExpr()" or - index = nSubExpr and result = e.getImmediateBody() and partialPredicateCall = "Body()" + index = nSubExpr and result = e.getBody() and partialPredicateCall = "Body()" ) ) } @@ -1824,7 +1842,7 @@ private module Impl { or result = getImmediateChildOfExpr(e, index - b, partialPredicateCall) or - index = n and result = e.getImmediateTypeRepr() and partialPredicateCall = "TypeRepr()" + index = n and result = e.getTypeRepr() and partialPredicateCall = "TypeRepr()" ) ) } @@ -2688,13 +2706,13 @@ private module Impl { bLiteralExpr = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfLiteralExpr(e, i, _)) | i) and n = bLiteralExpr and - nArgument = n + 1 + max(int i | i = -1 or exists(e.getImmediateArgument(i)) | i) and + nArgument = n + 1 + max(int i | i = -1 or exists(e.getArgument(i)) | i) and ( none() or result = getImmediateChildOfLiteralExpr(e, index - b, partialPredicateCall) or - result = e.getImmediateArgument(index - n) and + result = e.getArgument(index - n) and partialPredicateCall = "Argument(" + (index - n).toString() + ")" ) ) @@ -2850,13 +2868,13 @@ private module Impl { bLookupExpr = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfLookupExpr(e, i, _)) | i) and n = bLookupExpr and - nArgument = n + 1 + max(int i | i = -1 or exists(e.getImmediateArgument(i)) | i) and + nArgument = n + 1 + max(int i | i = -1 or exists(e.getArgument(i)) | i) and ( none() or result = getImmediateChildOfLookupExpr(e, index - b, partialPredicateCall) or - result = e.getImmediateArgument(index - n) and + result = e.getArgument(index - n) and partialPredicateCall = "Argument(" + (index - n).toString() + ")" ) ) @@ -3161,14 +3179,19 @@ private module Impl { } private Element getImmediateChildOfPattern(Pattern e, int index, string partialPredicateCall) { - exists(int b, int bAstNode, int n | + exists(int b, int bAstNode, int bHideableElement, int n | b = 0 and bAstNode = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfAstNode(e, i, _)) | i) and - n = bAstNode and + bHideableElement = + bAstNode + 1 + + max(int i | i = -1 or exists(getImmediateChildOfHideableElement(e, i, _)) | i) and + n = bHideableElement and ( none() or result = getImmediateChildOfAstNode(e, index - b, partialPredicateCall) + or + result = getImmediateChildOfHideableElement(e, index - bAstNode, partialPredicateCall) ) ) } @@ -3267,9 +3290,7 @@ private module Impl { or result = getImmediateChildOfPattern(e, index - b, partialPredicateCall) or - index = n and - result = e.getImmediateCastTypeRepr() and - partialPredicateCall = "CastTypeRepr()" + index = n and result = e.getCastTypeRepr() and partialPredicateCall = "CastTypeRepr()" or index = nCastTypeRepr and result = e.getImmediateSubPattern() and @@ -3364,9 +3385,7 @@ private module Impl { or index = n and result = e.getImmediateSubPattern() and partialPredicateCall = "SubPattern()" or - index = nSubPattern and - result = e.getImmediateTypeRepr() and - partialPredicateCall = "TypeRepr()" + index = nSubPattern and result = e.getTypeRepr() and partialPredicateCall = "TypeRepr()" ) ) } @@ -3419,7 +3438,7 @@ private module Impl { partialPredicateCall = "Initializer()" or index = nInitializer and - result = e.getImmediateAvailability() and + result = e.getAvailability() and partialPredicateCall = "Availability()" ) ) @@ -3445,13 +3464,13 @@ private module Impl { b = 0 and bAstNode = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfAstNode(e, i, _)) | i) and n = bAstNode and - nElement = n + 1 + max(int i | i = -1 or exists(e.getImmediateElement(i)) | i) and + nElement = n + 1 + max(int i | i = -1 or exists(e.getElement(i)) | i) and ( none() or result = getImmediateChildOfAstNode(e, index - b, partialPredicateCall) or - result = e.getImmediateElement(index - n) and + result = e.getElement(index - n) and partialPredicateCall = "Element(" + (index - n).toString() + ")" ) ) @@ -3462,13 +3481,13 @@ private module Impl { b = 0 and bStmt = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfStmt(e, i, _)) | i) and n = bStmt and - nElement = n + 1 + max(int i | i = -1 or exists(e.getImmediateElement(i)) | i) and + nElement = n + 1 + max(int i | i = -1 or exists(e.getElement(i)) | i) and ( none() or result = getImmediateChildOfStmt(e, index - b, partialPredicateCall) or - result = e.getImmediateElement(index - n) and + result = e.getElement(index - n) and partialPredicateCall = "Element(" + (index - n).toString() + ")" ) ) @@ -3493,15 +3512,15 @@ private module Impl { bStmt = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfStmt(e, i, _)) | i) and n = bStmt and nBody = n + 1 and - nLabel = nBody + 1 + max(int i | i = -1 or exists(e.getImmediateLabel(i)) | i) and + nLabel = nBody + 1 + max(int i | i = -1 or exists(e.getLabel(i)) | i) and ( none() or result = getImmediateChildOfStmt(e, index - b, partialPredicateCall) or - index = n and result = e.getImmediateBody() and partialPredicateCall = "Body()" + index = n and result = e.getBody() and partialPredicateCall = "Body()" or - result = e.getImmediateLabel(index - nBody) and + result = e.getLabel(index - nBody) and partialPredicateCall = "Label(" + (index - nBody).toString() + ")" ) ) @@ -3533,7 +3552,7 @@ private module Impl { or result = getImmediateChildOfStmt(e, index - b, partialPredicateCall) or - index = n and result = e.getImmediateBody() and partialPredicateCall = "Body()" + index = n and result = e.getBody() and partialPredicateCall = "Body()" ) ) } @@ -3654,15 +3673,15 @@ private module Impl { b + 1 + max(int i | i = -1 or exists(getImmediateChildOfLabeledStmt(e, i, _)) | i) and n = bLabeledStmt and nBody = n + 1 and - nCatch = nBody + 1 + max(int i | i = -1 or exists(e.getImmediateCatch(i)) | i) and + nCatch = nBody + 1 + max(int i | i = -1 or exists(e.getCatch(i)) | i) and ( none() or result = getImmediateChildOfLabeledStmt(e, index - b, partialPredicateCall) or - index = n and result = e.getImmediateBody() and partialPredicateCall = "Body()" + index = n and result = e.getBody() and partialPredicateCall = "Body()" or - result = e.getImmediateCatch(index - nBody) and + result = e.getCatch(index - nBody) and partialPredicateCall = "Catch(" + (index - nBody).toString() + ")" ) ) @@ -3680,7 +3699,7 @@ private module Impl { or result = getImmediateChildOfLabeledStmt(e, index - b, partialPredicateCall) or - index = n and result = e.getImmediateBody() and partialPredicateCall = "Body()" + index = n and result = e.getBody() and partialPredicateCall = "Body()" ) ) } @@ -3710,7 +3729,7 @@ private module Impl { or index = nSequence and result = e.getImmediateWhere() and partialPredicateCall = "Where()" or - index = nWhere and result = e.getImmediateBody() and partialPredicateCall = "Body()" + index = nWhere and result = e.getBody() and partialPredicateCall = "Body()" ) ) } @@ -3729,7 +3748,7 @@ private module Impl { or result = getImmediateChildOfLabeledStmt(e, index - b, partialPredicateCall) or - index = n and result = e.getImmediateCondition() and partialPredicateCall = "Condition()" + index = n and result = e.getCondition() and partialPredicateCall = "Condition()" ) ) } @@ -3751,7 +3770,7 @@ private module Impl { or index = n and result = e.getImmediateCondition() and partialPredicateCall = "Condition()" or - index = nCondition and result = e.getImmediateBody() and partialPredicateCall = "Body()" + index = nCondition and result = e.getBody() and partialPredicateCall = "Body()" ) ) } @@ -3763,7 +3782,7 @@ private module Impl { b + 1 + max(int i | i = -1 or exists(getImmediateChildOfLabeledStmt(e, i, _)) | i) and n = bLabeledStmt and nExpr = n + 1 and - nCase = nExpr + 1 + max(int i | i = -1 or exists(e.getImmediateCase(i)) | i) and + nCase = nExpr + 1 + max(int i | i = -1 or exists(e.getCase(i)) | i) and ( none() or @@ -3771,7 +3790,7 @@ private module Impl { or index = n and result = e.getImmediateExpr() and partialPredicateCall = "Expr()" or - result = e.getImmediateCase(index - nExpr) and + result = e.getCase(index - nExpr) and partialPredicateCall = "Case(" + (index - nExpr).toString() + ")" ) ) @@ -3790,7 +3809,7 @@ private module Impl { or result = getImmediateChildOfLabeledConditionalStmt(e, index - b, partialPredicateCall) or - index = n and result = e.getImmediateBody() and partialPredicateCall = "Body()" + index = n and result = e.getBody() and partialPredicateCall = "Body()" ) ) } @@ -3809,9 +3828,9 @@ private module Impl { or result = getImmediateChildOfLabeledConditionalStmt(e, index - b, partialPredicateCall) or - index = n and result = e.getImmediateThen() and partialPredicateCall = "Then()" + index = n and result = e.getThen() and partialPredicateCall = "Then()" or - index = nThen and result = e.getImmediateElse() and partialPredicateCall = "Else()" + index = nThen and result = e.getElse() and partialPredicateCall = "Else()" ) ) } @@ -3829,20 +3848,21 @@ private module Impl { or result = getImmediateChildOfLabeledConditionalStmt(e, index - b, partialPredicateCall) or - index = n and result = e.getImmediateBody() and partialPredicateCall = "Body()" + index = n and result = e.getBody() and partialPredicateCall = "Body()" ) ) } private Element getImmediateChildOfType(Type e, int index, string partialPredicateCall) { - exists(int b, int bElement, int n | + exists(int b, int bHideableElement, int n | b = 0 and - bElement = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfElement(e, i, _)) | i) and - n = bElement and + bHideableElement = + b + 1 + max(int i | i = -1 or exists(getImmediateChildOfHideableElement(e, i, _)) | i) and + n = bHideableElement and ( none() or - result = getImmediateChildOfElement(e, index - b, partialPredicateCall) + result = getImmediateChildOfHideableElement(e, index - b, partialPredicateCall) ) ) } @@ -5301,7 +5321,7 @@ private module Impl { } Element resolve(Element e) { - if e instanceof Element then result = e.(Element).resolve() else result = e + if e instanceof HideableElement then result = e.(HideableElement).resolve() else result = e } } diff --git a/swift/ql/lib/codeql/swift/generated/Raw.qll b/swift/ql/lib/codeql/swift/generated/Raw.qll index dc5ddeed979..f7c127818d7 100644 --- a/swift/ql/lib/codeql/swift/generated/Raw.qll +++ b/swift/ql/lib/codeql/swift/generated/Raw.qll @@ -62,6 +62,11 @@ module Raw { predicate isSuccessfullyExtracted() { file_is_successfully_extracted(this) } } + /** + * INTERNAL: Do not use. + */ + class HideableElement extends @hideable_element, Element { } + /** * INTERNAL: Do not use. */ @@ -986,7 +991,7 @@ module Raw { * INTERNAL: Do not use. * The base class for all expressions in Swift. */ - class Expr extends @expr, AstNode { + class Expr extends @expr, AstNode, HideableElement { /** * Gets the type of this expression, if it exists. */ @@ -2353,7 +2358,7 @@ module Raw { /** * INTERNAL: Do not use. */ - class Pattern extends @pattern, AstNode { } + class Pattern extends @pattern, AstNode, HideableElement { } /** * INTERNAL: Do not use. @@ -2869,7 +2874,7 @@ module Raw { /** * INTERNAL: Do not use. */ - class Type extends @type, Element { + class Type extends @type, HideableElement { /** * Gets the name of this type. */ diff --git a/swift/ql/lib/codeql/swift/generated/Synth.qll b/swift/ql/lib/codeql/swift/generated/Synth.qll index fdbadffcd33..f79d71f84a3 100644 --- a/swift/ql/lib/codeql/swift/generated/Synth.qll +++ b/swift/ql/lib/codeql/swift/generated/Synth.qll @@ -1043,6 +1043,11 @@ module Synth { */ class TFile = TDbFile or TUnknownFile; + /** + * INTERNAL: Do not use. + */ + class THideableElement = TExpr or TPattern or TType; + /** * INTERNAL: Do not use. */ @@ -3223,11 +3228,11 @@ module Synth { or result = convertGenericContextFromRaw(e) or + result = convertHideableElementFromRaw(e) + or result = convertLocatableFromRaw(e) or result = convertLocationFromRaw(e) - or - result = convertTypeFromRaw(e) } /** @@ -3272,6 +3277,19 @@ module Synth { result = convertUnknownFileFromRaw(e) } + /** + * INTERNAL: Do not use. + * Converts a raw DB element to a synthesized `THideableElement`, if possible. + */ + cached + THideableElement convertHideableElementFromRaw(Raw::Element e) { + result = convertExprFromRaw(e) + or + result = convertPatternFromRaw(e) + or + result = convertTypeFromRaw(e) + } + /** * INTERNAL: Do not use. * Converts a raw DB element to a synthesized `TLocatable`, if possible. @@ -6028,11 +6046,11 @@ module Synth { or result = convertGenericContextToRaw(e) or + result = convertHideableElementToRaw(e) + or result = convertLocatableToRaw(e) or result = convertLocationToRaw(e) - or - result = convertTypeToRaw(e) } /** @@ -6077,6 +6095,19 @@ module Synth { result = convertUnknownFileToRaw(e) } + /** + * INTERNAL: Do not use. + * Converts a synthesized `THideableElement` to a raw DB element, if possible. + */ + cached + Raw::Element convertHideableElementToRaw(THideableElement e) { + result = convertExprToRaw(e) + or + result = convertPatternToRaw(e) + or + result = convertTypeToRaw(e) + } + /** * INTERNAL: Do not use. * Converts a synthesized `TLocatable` to a raw DB element, if possible. diff --git a/swift/ql/lib/codeql/swift/generated/UnspecifiedElement.qll b/swift/ql/lib/codeql/swift/generated/UnspecifiedElement.qll index f2f78d9cafc..af422cbd10d 100644 --- a/swift/ql/lib/codeql/swift/generated/UnspecifiedElement.qll +++ b/swift/ql/lib/codeql/swift/generated/UnspecifiedElement.qll @@ -10,27 +10,14 @@ module Generated { /** * Gets the parent of this unspecified element, if it exists. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - Element getImmediateParent() { + Element getParent() { result = Synth::convertElementFromRaw(Synth::convertUnspecifiedElementToRaw(this) .(Raw::UnspecifiedElement) .getParent()) } - /** - * Gets the parent of this unspecified element, if it exists. - */ - final Element getParent() { - exists(Element immediate | - immediate = this.getImmediateParent() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Holds if `getParent()` exists. */ diff --git a/swift/ql/lib/codeql/swift/generated/decl/AbstractStorageDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/AbstractStorageDecl.qll index 0ecb0836313..b60203d43b4 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/AbstractStorageDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/AbstractStorageDecl.qll @@ -8,27 +8,14 @@ module Generated { class AbstractStorageDecl extends Synth::TAbstractStorageDecl, ValueDecl { /** * Gets the `index`th accessor of this abstract storage declaration (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - Accessor getImmediateAccessor(int index) { + Accessor getAccessor(int index) { result = Synth::convertAccessorFromRaw(Synth::convertAbstractStorageDeclToRaw(this) .(Raw::AbstractStorageDecl) .getAccessor(index)) } - /** - * Gets the `index`th accessor of this abstract storage declaration (0-based). - */ - final Accessor getAccessor(int index) { - exists(Accessor immediate | - immediate = this.getImmediateAccessor(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the accessors of this abstract storage declaration. */ diff --git a/swift/ql/lib/codeql/swift/generated/decl/CapturedDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/CapturedDecl.qll index 9749202fec3..d2c54edfde9 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/CapturedDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/CapturedDecl.qll @@ -10,27 +10,14 @@ module Generated { /** * Gets the the declaration captured by the parent closure. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - ValueDecl getImmediateDecl() { + ValueDecl getDecl() { result = Synth::convertValueDeclFromRaw(Synth::convertCapturedDeclToRaw(this) .(Raw::CapturedDecl) .getDecl()) } - /** - * Gets the the declaration captured by the parent closure. - */ - final ValueDecl getDecl() { - exists(ValueDecl immediate | - immediate = this.getImmediateDecl() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Holds if this captured declaration is direct. */ diff --git a/swift/ql/lib/codeql/swift/generated/decl/Decl.qll b/swift/ql/lib/codeql/swift/generated/decl/Decl.qll index 33cb4ec46ca..568f9297c99 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/Decl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/Decl.qll @@ -8,45 +8,19 @@ module Generated { class Decl extends Synth::TDecl, AstNode { /** * Gets the module of this declaration. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - ModuleDecl getImmediateModule() { + ModuleDecl getModule() { result = Synth::convertModuleDeclFromRaw(Synth::convertDeclToRaw(this).(Raw::Decl).getModule()) } - /** - * Gets the module of this declaration. - */ - final ModuleDecl getModule() { - exists(ModuleDecl immediate | - immediate = this.getImmediateModule() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets the `index`th member of this declaration (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - Decl getImmediateMember(int index) { + Decl getMember(int index) { result = Synth::convertDeclFromRaw(Synth::convertDeclToRaw(this).(Raw::Decl).getMember(index)) } - /** - * Gets the `index`th member of this declaration (0-based). - */ - final Decl getMember(int index) { - exists(Decl immediate | - immediate = this.getImmediateMember(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the members of this declaration. */ diff --git a/swift/ql/lib/codeql/swift/generated/decl/EnumCaseDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/EnumCaseDecl.qll index 59834181269..68966a3a7d3 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/EnumCaseDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/EnumCaseDecl.qll @@ -10,27 +10,14 @@ module Generated { /** * Gets the `index`th element of this enum case declaration (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - EnumElementDecl getImmediateElement(int index) { + EnumElementDecl getElement(int index) { result = Synth::convertEnumElementDeclFromRaw(Synth::convertEnumCaseDeclToRaw(this) .(Raw::EnumCaseDecl) .getElement(index)) } - /** - * Gets the `index`th element of this enum case declaration (0-based). - */ - final EnumElementDecl getElement(int index) { - exists(EnumElementDecl immediate | - immediate = this.getImmediateElement(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the elements of this enum case declaration. */ diff --git a/swift/ql/lib/codeql/swift/generated/decl/EnumElementDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/EnumElementDecl.qll index 148124d0f8f..e8c68320053 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/EnumElementDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/EnumElementDecl.qll @@ -17,27 +17,14 @@ module Generated { /** * Gets the `index`th parameter of this enum element declaration (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - ParamDecl getImmediateParam(int index) { + ParamDecl getParam(int index) { result = Synth::convertParamDeclFromRaw(Synth::convertEnumElementDeclToRaw(this) .(Raw::EnumElementDecl) .getParam(index)) } - /** - * Gets the `index`th parameter of this enum element declaration (0-based). - */ - final ParamDecl getParam(int index) { - exists(ParamDecl immediate | - immediate = this.getImmediateParam(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the parameters of this enum element declaration. */ diff --git a/swift/ql/lib/codeql/swift/generated/decl/ExtensionDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ExtensionDecl.qll index 2863c3aca52..5fa3dd2bc3a 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ExtensionDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ExtensionDecl.qll @@ -12,50 +12,24 @@ module Generated { /** * Gets the extended type declaration of this extension declaration. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - NominalTypeDecl getImmediateExtendedTypeDecl() { + NominalTypeDecl getExtendedTypeDecl() { result = Synth::convertNominalTypeDeclFromRaw(Synth::convertExtensionDeclToRaw(this) .(Raw::ExtensionDecl) .getExtendedTypeDecl()) } - /** - * Gets the extended type declaration of this extension declaration. - */ - final NominalTypeDecl getExtendedTypeDecl() { - exists(NominalTypeDecl immediate | - immediate = this.getImmediateExtendedTypeDecl() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets the `index`th protocol of this extension declaration (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - ProtocolDecl getImmediateProtocol(int index) { + ProtocolDecl getProtocol(int index) { result = Synth::convertProtocolDeclFromRaw(Synth::convertExtensionDeclToRaw(this) .(Raw::ExtensionDecl) .getProtocol(index)) } - /** - * Gets the `index`th protocol of this extension declaration (0-based). - */ - final ProtocolDecl getProtocol(int index) { - exists(ProtocolDecl immediate | - immediate = this.getImmediateProtocol(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the protocols of this extension declaration. */ diff --git a/swift/ql/lib/codeql/swift/generated/decl/GenericContext.qll b/swift/ql/lib/codeql/swift/generated/decl/GenericContext.qll index 4855a60fa10..ade061da641 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/GenericContext.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/GenericContext.qll @@ -8,27 +8,14 @@ module Generated { class GenericContext extends Synth::TGenericContext, Element { /** * Gets the `index`th generic type parameter of this generic context (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - GenericTypeParamDecl getImmediateGenericTypeParam(int index) { + GenericTypeParamDecl getGenericTypeParam(int index) { result = Synth::convertGenericTypeParamDeclFromRaw(Synth::convertGenericContextToRaw(this) .(Raw::GenericContext) .getGenericTypeParam(index)) } - /** - * Gets the `index`th generic type parameter of this generic context (0-based). - */ - final GenericTypeParamDecl getGenericTypeParam(int index) { - exists(GenericTypeParamDecl immediate | - immediate = this.getImmediateGenericTypeParam(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the generic type parameters of this generic context. */ diff --git a/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll index 23c42ea9c6c..9a93bce7540 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll @@ -10,27 +10,14 @@ module Generated { /** * Gets the `index`th active element of this if config declaration (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - AstNode getImmediateActiveElement(int index) { + AstNode getActiveElement(int index) { result = Synth::convertAstNodeFromRaw(Synth::convertIfConfigDeclToRaw(this) .(Raw::IfConfigDecl) .getActiveElement(index)) } - /** - * Gets the `index`th active element of this if config declaration (0-based). - */ - final AstNode getActiveElement(int index) { - exists(AstNode immediate | - immediate = this.getImmediateActiveElement(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the active elements of this if config declaration. */ diff --git a/swift/ql/lib/codeql/swift/generated/decl/ImportDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ImportDecl.qll index df928494a73..8686d55c405 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ImportDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ImportDecl.qll @@ -16,27 +16,14 @@ module Generated { /** * Gets the imported module of this import declaration, if it exists. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - ModuleDecl getImmediateImportedModule() { + ModuleDecl getImportedModule() { result = Synth::convertModuleDeclFromRaw(Synth::convertImportDeclToRaw(this) .(Raw::ImportDecl) .getImportedModule()) } - /** - * Gets the imported module of this import declaration, if it exists. - */ - final ModuleDecl getImportedModule() { - exists(ModuleDecl immediate | - immediate = this.getImmediateImportedModule() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Holds if `getImportedModule()` exists. */ @@ -44,27 +31,14 @@ module Generated { /** * Gets the `index`th declaration of this import declaration (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - ValueDecl getImmediateDeclaration(int index) { + ValueDecl getDeclaration(int index) { result = Synth::convertValueDeclFromRaw(Synth::convertImportDeclToRaw(this) .(Raw::ImportDecl) .getDeclaration(index)) } - /** - * Gets the `index`th declaration of this import declaration (0-based). - */ - final ValueDecl getDeclaration(int index) { - exists(ValueDecl immediate | - immediate = this.getImmediateDeclaration(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the declarations of this import declaration. */ diff --git a/swift/ql/lib/codeql/swift/generated/decl/InfixOperatorDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/InfixOperatorDecl.qll index e9749c13355..30649ed8ec6 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/InfixOperatorDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/InfixOperatorDecl.qll @@ -10,27 +10,14 @@ module Generated { /** * Gets the precedence group of this infix operator declaration, if it exists. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - PrecedenceGroupDecl getImmediatePrecedenceGroup() { + PrecedenceGroupDecl getPrecedenceGroup() { result = Synth::convertPrecedenceGroupDeclFromRaw(Synth::convertInfixOperatorDeclToRaw(this) .(Raw::InfixOperatorDecl) .getPrecedenceGroup()) } - /** - * Gets the precedence group of this infix operator declaration, if it exists. - */ - final PrecedenceGroupDecl getPrecedenceGroup() { - exists(PrecedenceGroupDecl immediate | - immediate = this.getImmediatePrecedenceGroup() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Holds if `getPrecedenceGroup()` exists. */ diff --git a/swift/ql/lib/codeql/swift/generated/decl/ModuleDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ModuleDecl.qll index 3fc71350932..6654dfd4e49 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ModuleDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ModuleDecl.qll @@ -24,28 +24,14 @@ module Generated { /** * Gets the `index`th imported module of this module declaration (0-based). *Gets any of the imported modules of this module declaration. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - ModuleDecl getAnImmediateImportedModule() { + ModuleDecl getAnImportedModule() { result = Synth::convertModuleDeclFromRaw(Synth::convertModuleDeclToRaw(this) .(Raw::ModuleDecl) .getAnImportedModule()) } - /** - * Gets the `index`th imported module of this module declaration (0-based). - *Gets any of the imported modules of this module declaration. - */ - final ModuleDecl getAnImportedModule() { - exists(ModuleDecl immediate | - immediate = this.getAnImmediateImportedModule() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets the number of imported modules of this module declaration. */ @@ -54,28 +40,14 @@ module Generated { /** * Gets the `index`th exported module of this module declaration (0-based). *Gets any of the exported modules of this module declaration. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - ModuleDecl getAnImmediateExportedModule() { + ModuleDecl getAnExportedModule() { result = Synth::convertModuleDeclFromRaw(Synth::convertModuleDeclToRaw(this) .(Raw::ModuleDecl) .getAnExportedModule()) } - /** - * Gets the `index`th exported module of this module declaration (0-based). - *Gets any of the exported modules of this module declaration. - */ - final ModuleDecl getAnExportedModule() { - exists(ModuleDecl immediate | - immediate = this.getAnImmediateExportedModule() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets the number of exported modules of this module declaration. */ diff --git a/swift/ql/lib/codeql/swift/generated/decl/NominalTypeDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/NominalTypeDecl.qll index b007e2b1b52..5f9543d3ab7 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/NominalTypeDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/NominalTypeDecl.qll @@ -25,7 +25,7 @@ module Generated { final Type getType() { exists(Type immediate | immediate = this.getImmediateType() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll index 33eaec9bc2e..e815fe5561a 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/OpaqueTypeDecl.qll @@ -22,27 +22,14 @@ module Generated { /** * Gets the naming declaration of this opaque type declaration. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - ValueDecl getImmediateNamingDeclaration() { + ValueDecl getNamingDeclaration() { result = Synth::convertValueDeclFromRaw(Synth::convertOpaqueTypeDeclToRaw(this) .(Raw::OpaqueTypeDecl) .getNamingDeclaration()) } - /** - * Gets the naming declaration of this opaque type declaration. - */ - final ValueDecl getNamingDeclaration() { - exists(ValueDecl immediate | - immediate = this.getImmediateNamingDeclaration() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets the `index`th opaque generic parameter of this opaque type declaration (0-based). * @@ -62,7 +49,7 @@ module Generated { final GenericTypeParamType getOpaqueGenericParam(int index) { exists(GenericTypeParamType immediate | immediate = this.getImmediateOpaqueGenericParam(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } diff --git a/swift/ql/lib/codeql/swift/generated/decl/ParamDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ParamDecl.qll index 99f80d18772..da45ffbeb2e 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ParamDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ParamDecl.qll @@ -16,29 +16,16 @@ module Generated { /** * Gets the property wrapper local wrapped variable binding of this parameter declaration, if it exists. * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. + * This is the synthesized binding introducing the property wrapper local wrapped projection + * variable for this variable, if any. */ - PatternBindingDecl getImmediatePropertyWrapperLocalWrappedVarBinding() { + PatternBindingDecl getPropertyWrapperLocalWrappedVarBinding() { result = Synth::convertPatternBindingDeclFromRaw(Synth::convertParamDeclToRaw(this) .(Raw::ParamDecl) .getPropertyWrapperLocalWrappedVarBinding()) } - /** - * Gets the property wrapper local wrapped variable binding of this parameter declaration, if it exists. - * - * This is the synthesized binding introducing the property wrapper local wrapped projection - * variable for this variable, if any. - */ - final PatternBindingDecl getPropertyWrapperLocalWrappedVarBinding() { - exists(PatternBindingDecl immediate | - immediate = this.getImmediatePropertyWrapperLocalWrappedVarBinding() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Holds if `getPropertyWrapperLocalWrappedVarBinding()` exists. */ @@ -49,29 +36,16 @@ module Generated { /** * Gets the property wrapper local wrapped variable of this parameter declaration, if it exists. * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. + * This is the synthesized local wrapped value, shadowing this parameter declaration in case it + * has a property wrapper. */ - VarDecl getImmediatePropertyWrapperLocalWrappedVar() { + VarDecl getPropertyWrapperLocalWrappedVar() { result = Synth::convertVarDeclFromRaw(Synth::convertParamDeclToRaw(this) .(Raw::ParamDecl) .getPropertyWrapperLocalWrappedVar()) } - /** - * Gets the property wrapper local wrapped variable of this parameter declaration, if it exists. - * - * This is the synthesized local wrapped value, shadowing this parameter declaration in case it - * has a property wrapper. - */ - final VarDecl getPropertyWrapperLocalWrappedVar() { - exists(VarDecl immediate | - immediate = this.getImmediatePropertyWrapperLocalWrappedVar() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Holds if `getPropertyWrapperLocalWrappedVar()` exists. */ diff --git a/swift/ql/lib/codeql/swift/generated/decl/PatternBindingDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/PatternBindingDecl.qll index 00ca18b1185..290803257bd 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/PatternBindingDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/PatternBindingDecl.qll @@ -28,7 +28,7 @@ module Generated { final Expr getInit(int index) { exists(Expr immediate | immediate = this.getImmediateInit(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } @@ -61,7 +61,7 @@ module Generated { final Pattern getPattern(int index) { exists(Pattern immediate | immediate = this.getImmediatePattern(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } diff --git a/swift/ql/lib/codeql/swift/generated/decl/PoundDiagnosticDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/PoundDiagnosticDecl.qll index fe7cfaf701f..3c5a663ce72 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/PoundDiagnosticDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/PoundDiagnosticDecl.qll @@ -39,7 +39,7 @@ module Generated { final StringLiteralExpr getMessage() { exists(StringLiteralExpr immediate | immediate = this.getImmediateMessage() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/SubscriptDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/SubscriptDecl.qll index a6fe783be42..b6e7f963d6d 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/SubscriptDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/SubscriptDecl.qll @@ -12,27 +12,14 @@ module Generated { /** * Gets the `index`th parameter of this subscript declaration (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - ParamDecl getImmediateParam(int index) { + ParamDecl getParam(int index) { result = Synth::convertParamDeclFromRaw(Synth::convertSubscriptDeclToRaw(this) .(Raw::SubscriptDecl) .getParam(index)) } - /** - * Gets the `index`th parameter of this subscript declaration (0-based). - */ - final ParamDecl getParam(int index) { - exists(ParamDecl immediate | - immediate = this.getImmediateParam(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the parameters of this subscript declaration. */ @@ -62,7 +49,7 @@ module Generated { final Type getElementType() { exists(Type immediate | immediate = this.getImmediateElementType() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/TopLevelCodeDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/TopLevelCodeDecl.qll index d53c5ec5e3f..9af4944bd3d 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/TopLevelCodeDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/TopLevelCodeDecl.qll @@ -10,25 +10,12 @@ module Generated { /** * Gets the body of this top level code declaration. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - BraceStmt getImmediateBody() { + BraceStmt getBody() { result = Synth::convertBraceStmtFromRaw(Synth::convertTopLevelCodeDeclToRaw(this) .(Raw::TopLevelCodeDecl) .getBody()) } - - /** - * Gets the body of this top level code declaration. - */ - final BraceStmt getBody() { - exists(BraceStmt immediate | - immediate = this.getImmediateBody() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/TypeAliasDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/TypeAliasDecl.qll index d0e7fa1164d..e35b6895874 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/TypeAliasDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/TypeAliasDecl.qll @@ -38,7 +38,7 @@ module Generated { final Type getAliasedType() { exists(Type immediate | immediate = this.getImmediateAliasedType() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/TypeDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/TypeDecl.qll index 7a70183bac1..bae701326d2 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/TypeDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/TypeDecl.qll @@ -30,7 +30,7 @@ module Generated { final Type getBaseType(int index) { exists(Type immediate | immediate = this.getImmediateBaseType(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } diff --git a/swift/ql/lib/codeql/swift/generated/decl/ValueDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/ValueDecl.qll index 237d668eade..026e410b569 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/ValueDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/ValueDecl.qll @@ -25,7 +25,7 @@ module Generated { final Type getInterfaceType() { exists(Type immediate | immediate = this.getImmediateInterfaceType() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/VarDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/VarDecl.qll index 86f91c9d128..6d72f5bd4ed 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/VarDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/VarDecl.qll @@ -48,7 +48,7 @@ module Generated { final Type getType() { exists(Type immediate | immediate = this.getImmediateType() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } @@ -71,7 +71,7 @@ module Generated { final Type getAttachedPropertyWrapperType() { exists(Type immediate | immediate = this.getImmediateAttachedPropertyWrapperType() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } @@ -101,7 +101,7 @@ module Generated { final Pattern getParentPattern() { exists(Pattern immediate | immediate = this.getImmediateParentPattern() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } @@ -129,7 +129,7 @@ module Generated { final Expr getParentInitializer() { exists(Expr immediate | immediate = this.getImmediateParentInitializer() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } @@ -141,29 +141,16 @@ module Generated { /** * Gets the property wrapper backing variable binding of this variable declaration, if it exists. * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. + * This is the synthesized binding introducing the property wrapper backing variable for this + * variable, if any. See `getPropertyWrapperBackingVar`. */ - PatternBindingDecl getImmediatePropertyWrapperBackingVarBinding() { + PatternBindingDecl getPropertyWrapperBackingVarBinding() { result = Synth::convertPatternBindingDeclFromRaw(Synth::convertVarDeclToRaw(this) .(Raw::VarDecl) .getPropertyWrapperBackingVarBinding()) } - /** - * Gets the property wrapper backing variable binding of this variable declaration, if it exists. - * - * This is the synthesized binding introducing the property wrapper backing variable for this - * variable, if any. See `getPropertyWrapperBackingVar`. - */ - final PatternBindingDecl getPropertyWrapperBackingVarBinding() { - exists(PatternBindingDecl immediate | - immediate = this.getImmediatePropertyWrapperBackingVarBinding() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Holds if `getPropertyWrapperBackingVarBinding()` exists. */ @@ -171,19 +158,6 @@ module Generated { exists(this.getPropertyWrapperBackingVarBinding()) } - /** - * Gets the property wrapper backing variable of this variable declaration, if it exists. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. - */ - VarDecl getImmediatePropertyWrapperBackingVar() { - result = - Synth::convertVarDeclFromRaw(Synth::convertVarDeclToRaw(this) - .(Raw::VarDecl) - .getPropertyWrapperBackingVar()) - } - /** * Gets the property wrapper backing variable of this variable declaration, if it exists. * @@ -203,11 +177,11 @@ module Generated { * ``` * This predicate returns such variable declaration. */ - final VarDecl getPropertyWrapperBackingVar() { - exists(VarDecl immediate | - immediate = this.getImmediatePropertyWrapperBackingVar() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) + VarDecl getPropertyWrapperBackingVar() { + result = + Synth::convertVarDeclFromRaw(Synth::convertVarDeclToRaw(this) + .(Raw::VarDecl) + .getPropertyWrapperBackingVar()) } /** @@ -218,29 +192,16 @@ module Generated { /** * Gets the property wrapper projection variable binding of this variable declaration, if it exists. * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. + * This is the synthesized binding introducing the property wrapper projection variable for this + * variable, if any. See `getPropertyWrapperProjectionVar`. */ - PatternBindingDecl getImmediatePropertyWrapperProjectionVarBinding() { + PatternBindingDecl getPropertyWrapperProjectionVarBinding() { result = Synth::convertPatternBindingDeclFromRaw(Synth::convertVarDeclToRaw(this) .(Raw::VarDecl) .getPropertyWrapperProjectionVarBinding()) } - /** - * Gets the property wrapper projection variable binding of this variable declaration, if it exists. - * - * This is the synthesized binding introducing the property wrapper projection variable for this - * variable, if any. See `getPropertyWrapperProjectionVar`. - */ - final PatternBindingDecl getPropertyWrapperProjectionVarBinding() { - exists(PatternBindingDecl immediate | - immediate = this.getImmediatePropertyWrapperProjectionVarBinding() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Holds if `getPropertyWrapperProjectionVarBinding()` exists. */ @@ -248,19 +209,6 @@ module Generated { exists(this.getPropertyWrapperProjectionVarBinding()) } - /** - * Gets the property wrapper projection variable of this variable declaration, if it exists. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. - */ - VarDecl getImmediatePropertyWrapperProjectionVar() { - result = - Synth::convertVarDeclFromRaw(Synth::convertVarDeclToRaw(this) - .(Raw::VarDecl) - .getPropertyWrapperProjectionVar()) - } - /** * Gets the property wrapper projection variable of this variable declaration, if it exists. * @@ -286,11 +234,11 @@ module Generated { * ``` * This predicate returns such variable declaration. */ - final VarDecl getPropertyWrapperProjectionVar() { - exists(VarDecl immediate | - immediate = this.getImmediatePropertyWrapperProjectionVar() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) + VarDecl getPropertyWrapperProjectionVar() { + result = + Synth::convertVarDeclFromRaw(Synth::convertVarDeclToRaw(this) + .(Raw::VarDecl) + .getPropertyWrapperProjectionVar()) } /** diff --git a/swift/ql/lib/codeql/swift/generated/expr/AppliedPropertyWrapperExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/AppliedPropertyWrapperExpr.qll index 3ee26f38f89..1710534e9a6 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/AppliedPropertyWrapperExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/AppliedPropertyWrapperExpr.qll @@ -50,25 +50,12 @@ module Generated { /** * Gets the parameter declaration owning this wrapper application. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - ParamDecl getImmediateParam() { + ParamDecl getParam() { result = Synth::convertParamDeclFromRaw(Synth::convertAppliedPropertyWrapperExprToRaw(this) .(Raw::AppliedPropertyWrapperExpr) .getParam()) } - - /** - * Gets the parameter declaration owning this wrapper application. - */ - final ParamDecl getParam() { - exists(ParamDecl immediate | - immediate = this.getImmediateParam() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ApplyExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ApplyExpr.qll index 6529ca4882a..01aabf3ef17 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ApplyExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ApplyExpr.qll @@ -29,27 +29,14 @@ module Generated { /** * Gets the `index`th argument passed to the applied function (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - Argument getImmediateArgument(int index) { + Argument getArgument(int index) { result = Synth::convertArgumentFromRaw(Synth::convertApplyExprToRaw(this) .(Raw::ApplyExpr) .getArgument(index)) } - /** - * Gets the `index`th argument passed to the applied function (0-based). - */ - final Argument getArgument(int index) { - exists(Argument immediate | - immediate = this.getImmediateArgument(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the arguments passed to the applied function. */ diff --git a/swift/ql/lib/codeql/swift/generated/expr/Argument.qll b/swift/ql/lib/codeql/swift/generated/expr/Argument.qll index 3040a549ec9..16b8da0887f 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/Argument.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/Argument.qll @@ -30,7 +30,7 @@ module Generated { final Expr getExpr() { exists(Expr immediate | immediate = this.getImmediateExpr() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/CaptureListExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/CaptureListExpr.qll index b3a6653ce77..521eb9f074d 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/CaptureListExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/CaptureListExpr.qll @@ -11,27 +11,14 @@ module Generated { /** * Gets the `index`th binding declaration of this capture list expression (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - PatternBindingDecl getImmediateBindingDecl(int index) { + PatternBindingDecl getBindingDecl(int index) { result = Synth::convertPatternBindingDeclFromRaw(Synth::convertCaptureListExprToRaw(this) .(Raw::CaptureListExpr) .getBindingDecl(index)) } - /** - * Gets the `index`th binding declaration of this capture list expression (0-based). - */ - final PatternBindingDecl getBindingDecl(int index) { - exists(PatternBindingDecl immediate | - immediate = this.getImmediateBindingDecl(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the binding declarations of this capture list expression. */ diff --git a/swift/ql/lib/codeql/swift/generated/expr/DeclRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DeclRefExpr.qll index 6aa2c0522f5..0f8bef8745a 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DeclRefExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DeclRefExpr.qll @@ -11,25 +11,12 @@ module Generated { /** * Gets the declaration of this declaration reference expression. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - Decl getImmediateDecl() { + Decl getDecl() { result = Synth::convertDeclFromRaw(Synth::convertDeclRefExprToRaw(this).(Raw::DeclRefExpr).getDecl()) } - /** - * Gets the declaration of this declaration reference expression. - */ - final Decl getDecl() { - exists(Decl immediate | - immediate = this.getImmediateDecl() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets the `index`th replacement type of this declaration reference expression (0-based). * diff --git a/swift/ql/lib/codeql/swift/generated/expr/DefaultArgumentExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/DefaultArgumentExpr.qll index e457353ada4..23f791afff8 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/DefaultArgumentExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/DefaultArgumentExpr.qll @@ -10,27 +10,14 @@ module Generated { /** * Gets the parameter declaration of this default argument expression. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - ParamDecl getImmediateParamDecl() { + ParamDecl getParamDecl() { result = Synth::convertParamDeclFromRaw(Synth::convertDefaultArgumentExprToRaw(this) .(Raw::DefaultArgumentExpr) .getParamDecl()) } - /** - * Gets the parameter declaration of this default argument expression. - */ - final ParamDecl getParamDecl() { - exists(ParamDecl immediate | - immediate = this.getImmediateParamDecl() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets the parameter index of this default argument expression. */ diff --git a/swift/ql/lib/codeql/swift/generated/expr/EnumIsCaseExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/EnumIsCaseExpr.qll index 0ec0a3275dd..146c769f2a1 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/EnumIsCaseExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/EnumIsCaseExpr.qll @@ -33,25 +33,12 @@ module Generated { /** * Gets the element of this enum is case expression. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - EnumElementDecl getImmediateElement() { + EnumElementDecl getElement() { result = Synth::convertEnumElementDeclFromRaw(Synth::convertEnumIsCaseExprToRaw(this) .(Raw::EnumIsCaseExpr) .getElement()) } - - /** - * Gets the element of this enum is case expression. - */ - final EnumElementDecl getElement() { - exists(EnumElementDecl immediate | - immediate = this.getImmediateElement() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/Expr.qll b/swift/ql/lib/codeql/swift/generated/expr/Expr.qll index dad004bc2bd..6f488acbe59 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/Expr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/Expr.qll @@ -2,13 +2,14 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.AstNode +import codeql.swift.elements.HideableElement import codeql.swift.elements.type.Type module Generated { /** * The base class for all expressions in Swift. */ - class Expr extends Synth::TExpr, AstNode { + class Expr extends Synth::TExpr, AstNode, HideableElement { /** * Gets the type of this expression, if it exists. * diff --git a/swift/ql/lib/codeql/swift/generated/expr/KeyPathExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/KeyPathExpr.qll index a74a289cf83..cd1d20d37aa 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/KeyPathExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/KeyPathExpr.qll @@ -14,27 +14,14 @@ module Generated { /** * Gets the root of this key path expression, if it exists. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - TypeRepr getImmediateRoot() { + TypeRepr getRoot() { result = Synth::convertTypeReprFromRaw(Synth::convertKeyPathExprToRaw(this) .(Raw::KeyPathExpr) .getRoot()) } - /** - * Gets the root of this key path expression, if it exists. - */ - final TypeRepr getRoot() { - exists(TypeRepr immediate | - immediate = this.getImmediateRoot() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Holds if `getRoot()` exists. */ @@ -42,27 +29,14 @@ module Generated { /** * Gets the `index`th component of this key path expression (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - KeyPathComponent getImmediateComponent(int index) { + KeyPathComponent getComponent(int index) { result = Synth::convertKeyPathComponentFromRaw(Synth::convertKeyPathExprToRaw(this) .(Raw::KeyPathExpr) .getComponent(index)) } - /** - * Gets the `index`th component of this key path expression (0-based). - */ - final KeyPathComponent getComponent(int index) { - exists(KeyPathComponent immediate | - immediate = this.getImmediateComponent(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the components of this key path expression. */ diff --git a/swift/ql/lib/codeql/swift/generated/expr/LookupExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/LookupExpr.qll index a2d5edccbff..496312312fc 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/LookupExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/LookupExpr.qll @@ -29,25 +29,12 @@ module Generated { /** * Gets the member of this lookup expression, if it exists. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - Decl getImmediateMember() { + Decl getMember() { result = Synth::convertDeclFromRaw(Synth::convertLookupExprToRaw(this).(Raw::LookupExpr).getMember()) } - /** - * Gets the member of this lookup expression, if it exists. - */ - final Decl getMember() { - exists(Decl immediate | - immediate = this.getImmediateMember() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Holds if `getMember()` exists. */ diff --git a/swift/ql/lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll index 1a19498c020..8445d13227e 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll @@ -33,25 +33,12 @@ module Generated { /** * Gets the method of this obj c selector expression. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - Function getImmediateMethod() { + Function getMethod() { result = Synth::convertFunctionFromRaw(Synth::convertObjCSelectorExprToRaw(this) .(Raw::ObjCSelectorExpr) .getMethod()) } - - /** - * Gets the method of this obj c selector expression. - */ - final Function getMethod() { - exists(Function immediate | - immediate = this.getImmediateMethod() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll index adbc4cb3f34..57aaae68bb5 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll @@ -22,27 +22,14 @@ module Generated { /** * Gets the `index`th argument of this object literal expression (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - Argument getImmediateArgument(int index) { + Argument getArgument(int index) { result = Synth::convertArgumentFromRaw(Synth::convertObjectLiteralExprToRaw(this) .(Raw::ObjectLiteralExpr) .getArgument(index)) } - /** - * Gets the `index`th argument of this object literal expression (0-based). - */ - final Argument getArgument(int index) { - exists(Argument immediate | - immediate = this.getImmediateArgument(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the arguments of this object literal expression. */ diff --git a/swift/ql/lib/codeql/swift/generated/expr/OtherInitializerRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/OtherInitializerRefExpr.qll index cf66c7d3c79..674f5a217e7 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/OtherInitializerRefExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/OtherInitializerRefExpr.qll @@ -10,25 +10,12 @@ module Generated { /** * Gets the initializer of this other initializer reference expression. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - Initializer getImmediateInitializer() { + Initializer getInitializer() { result = Synth::convertInitializerFromRaw(Synth::convertOtherInitializerRefExprToRaw(this) .(Raw::OtherInitializerRefExpr) .getInitializer()) } - - /** - * Gets the initializer of this other initializer reference expression. - */ - final Initializer getInitializer() { - exists(Initializer immediate | - immediate = this.getImmediateInitializer() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll index 8a923e918f7..c13924bba35 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/OverloadedDeclRefExpr.qll @@ -15,27 +15,14 @@ module Generated { /** * Gets the `index`th possible declaration of this overloaded declaration reference expression (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - ValueDecl getImmediatePossibleDeclaration(int index) { + ValueDecl getPossibleDeclaration(int index) { result = Synth::convertValueDeclFromRaw(Synth::convertOverloadedDeclRefExprToRaw(this) .(Raw::OverloadedDeclRefExpr) .getPossibleDeclaration(index)) } - /** - * Gets the `index`th possible declaration of this overloaded declaration reference expression (0-based). - */ - final ValueDecl getPossibleDeclaration(int index) { - exists(ValueDecl immediate | - immediate = this.getImmediatePossibleDeclaration(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the possible declarations of this overloaded declaration reference expression. */ diff --git a/swift/ql/lib/codeql/swift/generated/expr/RebindSelfInInitializerExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/RebindSelfInInitializerExpr.qll index 6a2c298e360..fa8bc92876e 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/RebindSelfInInitializerExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/RebindSelfInInitializerExpr.qll @@ -33,25 +33,12 @@ module Generated { /** * Gets the self of this rebind self in initializer expression. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - VarDecl getImmediateSelf() { + VarDecl getSelf() { result = Synth::convertVarDeclFromRaw(Synth::convertRebindSelfInInitializerExprToRaw(this) .(Raw::RebindSelfInInitializerExpr) .getSelf()) } - - /** - * Gets the self of this rebind self in initializer expression. - */ - final VarDecl getSelf() { - exists(VarDecl immediate | - immediate = this.getImmediateSelf() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/SubscriptExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/SubscriptExpr.qll index 8e9734917b7..561383ff57e 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/SubscriptExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/SubscriptExpr.qll @@ -10,27 +10,14 @@ module Generated { /** * Gets the `index`th argument of this subscript expression (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - Argument getImmediateArgument(int index) { + Argument getArgument(int index) { result = Synth::convertArgumentFromRaw(Synth::convertSubscriptExprToRaw(this) .(Raw::SubscriptExpr) .getArgument(index)) } - /** - * Gets the `index`th argument of this subscript expression (0-based). - */ - final Argument getArgument(int index) { - exists(Argument immediate | - immediate = this.getImmediateArgument(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the arguments of this subscript expression. */ diff --git a/swift/ql/lib/codeql/swift/generated/expr/SuperRefExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/SuperRefExpr.qll index 5058db3f175..9731b002eef 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/SuperRefExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/SuperRefExpr.qll @@ -10,25 +10,12 @@ module Generated { /** * Gets the self of this super reference expression. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - VarDecl getImmediateSelf() { + VarDecl getSelf() { result = Synth::convertVarDeclFromRaw(Synth::convertSuperRefExprToRaw(this) .(Raw::SuperRefExpr) .getSelf()) } - - /** - * Gets the self of this super reference expression. - */ - final VarDecl getSelf() { - exists(VarDecl immediate | - immediate = this.getImmediateSelf() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/TapExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/TapExpr.qll index 0132d9363f3..596a565115a 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/TapExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/TapExpr.qll @@ -37,44 +37,18 @@ module Generated { /** * Gets the body of this tap expression. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - BraceStmt getImmediateBody() { + BraceStmt getBody() { result = Synth::convertBraceStmtFromRaw(Synth::convertTapExprToRaw(this).(Raw::TapExpr).getBody()) } - /** - * Gets the body of this tap expression. - */ - final BraceStmt getBody() { - exists(BraceStmt immediate | - immediate = this.getImmediateBody() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets the variable of this tap expression. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - VarDecl getImmediateVar() { + VarDecl getVar() { result = Synth::convertVarDeclFromRaw(Synth::convertTapExprToRaw(this).(Raw::TapExpr).getVar()) } - - /** - * Gets the variable of this tap expression. - */ - final VarDecl getVar() { - exists(VarDecl immediate | - immediate = this.getImmediateVar() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/TypeExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/TypeExpr.qll index 96fb7141531..d070555e6a6 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/TypeExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/TypeExpr.qll @@ -10,27 +10,14 @@ module Generated { /** * Gets the type representation of this type expression, if it exists. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - TypeRepr getImmediateTypeRepr() { + TypeRepr getTypeRepr() { result = Synth::convertTypeReprFromRaw(Synth::convertTypeExprToRaw(this) .(Raw::TypeExpr) .getTypeRepr()) } - /** - * Gets the type representation of this type expression, if it exists. - */ - final TypeRepr getTypeRepr() { - exists(TypeRepr immediate | - immediate = this.getImmediateTypeRepr() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Holds if `getTypeRepr()` exists. */ diff --git a/swift/ql/lib/codeql/swift/generated/pattern/EnumElementPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/EnumElementPattern.qll index bbed4615ce1..b6ef3dd514e 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/EnumElementPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/EnumElementPattern.qll @@ -10,27 +10,14 @@ module Generated { /** * Gets the element of this enum element pattern. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - EnumElementDecl getImmediateElement() { + EnumElementDecl getElement() { result = Synth::convertEnumElementDeclFromRaw(Synth::convertEnumElementPatternToRaw(this) .(Raw::EnumElementPattern) .getElement()) } - /** - * Gets the element of this enum element pattern. - */ - final EnumElementDecl getElement() { - exists(EnumElementDecl immediate | - immediate = this.getImmediateElement() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets the sub pattern of this enum element pattern, if it exists. * diff --git a/swift/ql/lib/codeql/swift/generated/pattern/IsPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/IsPattern.qll index 7864297866c..a0fffd05155 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/IsPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/IsPattern.qll @@ -10,27 +10,14 @@ module Generated { /** * Gets the cast type representation of this is pattern, if it exists. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - TypeRepr getImmediateCastTypeRepr() { + TypeRepr getCastTypeRepr() { result = Synth::convertTypeReprFromRaw(Synth::convertIsPatternToRaw(this) .(Raw::IsPattern) .getCastTypeRepr()) } - /** - * Gets the cast type representation of this is pattern, if it exists. - */ - final TypeRepr getCastTypeRepr() { - exists(TypeRepr immediate | - immediate = this.getImmediateCastTypeRepr() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Holds if `getCastTypeRepr()` exists. */ diff --git a/swift/ql/lib/codeql/swift/generated/pattern/Pattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/Pattern.qll index 5c795e45107..5ba24c9fcda 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/Pattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/Pattern.qll @@ -2,7 +2,8 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.AstNode +import codeql.swift.elements.HideableElement module Generated { - class Pattern extends Synth::TPattern, AstNode { } + class Pattern extends Synth::TPattern, AstNode, HideableElement { } } diff --git a/swift/ql/lib/codeql/swift/generated/pattern/TypedPattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/TypedPattern.qll index 2570eca03f8..40a7884bd31 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/TypedPattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/TypedPattern.qll @@ -33,27 +33,14 @@ module Generated { /** * Gets the type representation of this typed pattern, if it exists. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - TypeRepr getImmediateTypeRepr() { + TypeRepr getTypeRepr() { result = Synth::convertTypeReprFromRaw(Synth::convertTypedPatternToRaw(this) .(Raw::TypedPattern) .getTypeRepr()) } - /** - * Gets the type representation of this typed pattern, if it exists. - */ - final TypeRepr getTypeRepr() { - exists(TypeRepr immediate | - immediate = this.getImmediateTypeRepr() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Holds if `getTypeRepr()` exists. */ diff --git a/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll index 08cc9c6ce2b..360366dcaa3 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll @@ -10,27 +10,14 @@ module Generated { /** * Gets the `index`th element of this brace statement (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - AstNode getImmediateElement(int index) { + AstNode getElement(int index) { result = Synth::convertAstNodeFromRaw(Synth::convertBraceStmtToRaw(this) .(Raw::BraceStmt) .getElement(index)) } - /** - * Gets the `index`th element of this brace statement (0-based). - */ - final AstNode getElement(int index) { - exists(AstNode immediate | - immediate = this.getImmediateElement(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the elements of this brace statement. */ diff --git a/swift/ql/lib/codeql/swift/generated/stmt/BreakStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/BreakStmt.qll index f9adaeb9ddb..2c8de492f08 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/BreakStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/BreakStmt.qll @@ -21,25 +21,12 @@ module Generated { /** * Gets the target of this break statement, if it exists. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - Stmt getImmediateTarget() { + Stmt getTarget() { result = Synth::convertStmtFromRaw(Synth::convertBreakStmtToRaw(this).(Raw::BreakStmt).getTarget()) } - /** - * Gets the target of this break statement, if it exists. - */ - final Stmt getTarget() { - exists(Stmt immediate | - immediate = this.getImmediateTarget() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Holds if `getTarget()` exists. */ diff --git a/swift/ql/lib/codeql/swift/generated/stmt/CaseLabelItem.qll b/swift/ql/lib/codeql/swift/generated/stmt/CaseLabelItem.qll index b69e392cc1e..c27e1ed893b 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/CaseLabelItem.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/CaseLabelItem.qll @@ -28,7 +28,7 @@ module Generated { final Pattern getPattern() { exists(Pattern immediate | immediate = this.getImmediatePattern() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } @@ -51,7 +51,7 @@ module Generated { final Expr getGuard() { exists(Expr immediate | immediate = this.getImmediateGuard() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/CaseStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/CaseStmt.qll index e39ba24d48c..d0c2db1d752 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/CaseStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/CaseStmt.qll @@ -11,48 +11,22 @@ module Generated { /** * Gets the body of this case statement. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - Stmt getImmediateBody() { + Stmt getBody() { result = Synth::convertStmtFromRaw(Synth::convertCaseStmtToRaw(this).(Raw::CaseStmt).getBody()) } - /** - * Gets the body of this case statement. - */ - final Stmt getBody() { - exists(Stmt immediate | - immediate = this.getImmediateBody() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets the `index`th label of this case statement (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - CaseLabelItem getImmediateLabel(int index) { + CaseLabelItem getLabel(int index) { result = Synth::convertCaseLabelItemFromRaw(Synth::convertCaseStmtToRaw(this) .(Raw::CaseStmt) .getLabel(index)) } - /** - * Gets the `index`th label of this case statement (0-based). - */ - final CaseLabelItem getLabel(int index) { - exists(CaseLabelItem immediate | - immediate = this.getImmediateLabel(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the labels of this case statement. */ @@ -65,27 +39,14 @@ module Generated { /** * Gets the `index`th variable of this case statement (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - VarDecl getImmediateVariable(int index) { + VarDecl getVariable(int index) { result = Synth::convertVarDeclFromRaw(Synth::convertCaseStmtToRaw(this) .(Raw::CaseStmt) .getVariable(index)) } - /** - * Gets the `index`th variable of this case statement (0-based). - */ - final VarDecl getVariable(int index) { - exists(VarDecl immediate | - immediate = this.getImmediateVariable(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the variables of this case statement. */ diff --git a/swift/ql/lib/codeql/swift/generated/stmt/ConditionElement.qll b/swift/ql/lib/codeql/swift/generated/stmt/ConditionElement.qll index 2eddaa245e7..6555c537e30 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/ConditionElement.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/ConditionElement.qll @@ -29,7 +29,7 @@ module Generated { final Expr getBoolean() { exists(Expr immediate | immediate = this.getImmediateBoolean() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } @@ -57,7 +57,7 @@ module Generated { final Pattern getPattern() { exists(Pattern immediate | immediate = this.getImmediatePattern() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } @@ -85,7 +85,7 @@ module Generated { final Expr getInitializer() { exists(Expr immediate | immediate = this.getImmediateInitializer() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } @@ -96,27 +96,14 @@ module Generated { /** * Gets the availability of this condition element, if it exists. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - AvailabilityInfo getImmediateAvailability() { + AvailabilityInfo getAvailability() { result = Synth::convertAvailabilityInfoFromRaw(Synth::convertConditionElementToRaw(this) .(Raw::ConditionElement) .getAvailability()) } - /** - * Gets the availability of this condition element, if it exists. - */ - final AvailabilityInfo getAvailability() { - exists(AvailabilityInfo immediate | - immediate = this.getImmediateAvailability() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Holds if `getAvailability()` exists. */ diff --git a/swift/ql/lib/codeql/swift/generated/stmt/ContinueStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/ContinueStmt.qll index d247f507d9a..617c903dc52 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/ContinueStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/ContinueStmt.qll @@ -21,27 +21,14 @@ module Generated { /** * Gets the target of this continue statement, if it exists. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - Stmt getImmediateTarget() { + Stmt getTarget() { result = Synth::convertStmtFromRaw(Synth::convertContinueStmtToRaw(this) .(Raw::ContinueStmt) .getTarget()) } - /** - * Gets the target of this continue statement, if it exists. - */ - final Stmt getTarget() { - exists(Stmt immediate | - immediate = this.getImmediateTarget() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Holds if `getTarget()` exists. */ diff --git a/swift/ql/lib/codeql/swift/generated/stmt/DeferStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/DeferStmt.qll index 21da3aa706c..17cf8f07db0 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/DeferStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/DeferStmt.qll @@ -10,23 +10,10 @@ module Generated { /** * Gets the body of this defer statement. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - BraceStmt getImmediateBody() { + BraceStmt getBody() { result = Synth::convertBraceStmtFromRaw(Synth::convertDeferStmtToRaw(this).(Raw::DeferStmt).getBody()) } - - /** - * Gets the body of this defer statement. - */ - final BraceStmt getBody() { - exists(BraceStmt immediate | - immediate = this.getImmediateBody() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/DoCatchStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/DoCatchStmt.qll index 180c4103841..51639d9289c 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/DoCatchStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/DoCatchStmt.qll @@ -11,48 +11,22 @@ module Generated { /** * Gets the body of this do catch statement. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - Stmt getImmediateBody() { + Stmt getBody() { result = Synth::convertStmtFromRaw(Synth::convertDoCatchStmtToRaw(this).(Raw::DoCatchStmt).getBody()) } - /** - * Gets the body of this do catch statement. - */ - final Stmt getBody() { - exists(Stmt immediate | - immediate = this.getImmediateBody() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets the `index`th catch of this do catch statement (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - CaseStmt getImmediateCatch(int index) { + CaseStmt getCatch(int index) { result = Synth::convertCaseStmtFromRaw(Synth::convertDoCatchStmtToRaw(this) .(Raw::DoCatchStmt) .getCatch(index)) } - /** - * Gets the `index`th catch of this do catch statement (0-based). - */ - final CaseStmt getCatch(int index) { - exists(CaseStmt immediate | - immediate = this.getImmediateCatch(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the catches of this do catch statement. */ diff --git a/swift/ql/lib/codeql/swift/generated/stmt/DoStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/DoStmt.qll index b4661b21d8e..b77a310de90 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/DoStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/DoStmt.qll @@ -10,23 +10,10 @@ module Generated { /** * Gets the body of this do statement. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - BraceStmt getImmediateBody() { + BraceStmt getBody() { result = Synth::convertBraceStmtFromRaw(Synth::convertDoStmtToRaw(this).(Raw::DoStmt).getBody()) } - - /** - * Gets the body of this do statement. - */ - final BraceStmt getBody() { - exists(BraceStmt immediate | - immediate = this.getImmediateBody() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/FallthroughStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/FallthroughStmt.qll index 20fadcc91f3..e9e05ea4c9a 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/FallthroughStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/FallthroughStmt.qll @@ -10,48 +10,22 @@ module Generated { /** * Gets the fallthrough source of this fallthrough statement. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - CaseStmt getImmediateFallthroughSource() { + CaseStmt getFallthroughSource() { result = Synth::convertCaseStmtFromRaw(Synth::convertFallthroughStmtToRaw(this) .(Raw::FallthroughStmt) .getFallthroughSource()) } - /** - * Gets the fallthrough source of this fallthrough statement. - */ - final CaseStmt getFallthroughSource() { - exists(CaseStmt immediate | - immediate = this.getImmediateFallthroughSource() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets the fallthrough dest of this fallthrough statement. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - CaseStmt getImmediateFallthroughDest() { + CaseStmt getFallthroughDest() { result = Synth::convertCaseStmtFromRaw(Synth::convertFallthroughStmtToRaw(this) .(Raw::FallthroughStmt) .getFallthroughDest()) } - - /** - * Gets the fallthrough dest of this fallthrough statement. - */ - final CaseStmt getFallthroughDest() { - exists(CaseStmt immediate | - immediate = this.getImmediateFallthroughDest() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/ForEachStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/ForEachStmt.qll index fccf5f3ed3b..ad5422a7ec0 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/ForEachStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/ForEachStmt.qll @@ -29,7 +29,7 @@ module Generated { final Pattern getPattern() { exists(Pattern immediate | immediate = this.getImmediatePattern() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } @@ -52,7 +52,7 @@ module Generated { final Expr getSequence() { exists(Expr immediate | immediate = this.getImmediateSequence() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } @@ -73,7 +73,7 @@ module Generated { final Expr getWhere() { exists(Expr immediate | immediate = this.getImmediateWhere() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } @@ -84,25 +84,12 @@ module Generated { /** * Gets the body of this for each statement. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - BraceStmt getImmediateBody() { + BraceStmt getBody() { result = Synth::convertBraceStmtFromRaw(Synth::convertForEachStmtToRaw(this) .(Raw::ForEachStmt) .getBody()) } - - /** - * Gets the body of this for each statement. - */ - final BraceStmt getBody() { - exists(BraceStmt immediate | - immediate = this.getImmediateBody() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/GuardStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/GuardStmt.qll index 53d1a8a54aa..01989e827df 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/GuardStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/GuardStmt.qll @@ -10,23 +10,10 @@ module Generated { /** * Gets the body of this guard statement. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - BraceStmt getImmediateBody() { + BraceStmt getBody() { result = Synth::convertBraceStmtFromRaw(Synth::convertGuardStmtToRaw(this).(Raw::GuardStmt).getBody()) } - - /** - * Gets the body of this guard statement. - */ - final BraceStmt getBody() { - exists(BraceStmt immediate | - immediate = this.getImmediateBody() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/IfStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/IfStmt.qll index 1f0ad8717cd..1c33e2383df 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/IfStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/IfStmt.qll @@ -10,44 +10,18 @@ module Generated { /** * Gets the then of this if statement. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - Stmt getImmediateThen() { + Stmt getThen() { result = Synth::convertStmtFromRaw(Synth::convertIfStmtToRaw(this).(Raw::IfStmt).getThen()) } - /** - * Gets the then of this if statement. - */ - final Stmt getThen() { - exists(Stmt immediate | - immediate = this.getImmediateThen() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets the else of this if statement, if it exists. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - Stmt getImmediateElse() { + Stmt getElse() { result = Synth::convertStmtFromRaw(Synth::convertIfStmtToRaw(this).(Raw::IfStmt).getElse()) } - /** - * Gets the else of this if statement, if it exists. - */ - final Stmt getElse() { - exists(Stmt immediate | - immediate = this.getImmediateElse() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Holds if `getElse()` exists. */ diff --git a/swift/ql/lib/codeql/swift/generated/stmt/LabeledConditionalStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/LabeledConditionalStmt.qll index 41f728962bd..e2796dffb82 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/LabeledConditionalStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/LabeledConditionalStmt.qll @@ -8,25 +8,12 @@ module Generated { class LabeledConditionalStmt extends Synth::TLabeledConditionalStmt, LabeledStmt { /** * Gets the condition of this labeled conditional statement. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - StmtCondition getImmediateCondition() { + StmtCondition getCondition() { result = Synth::convertStmtConditionFromRaw(Synth::convertLabeledConditionalStmtToRaw(this) .(Raw::LabeledConditionalStmt) .getCondition()) } - - /** - * Gets the condition of this labeled conditional statement. - */ - final StmtCondition getCondition() { - exists(StmtCondition immediate | - immediate = this.getImmediateCondition() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/PoundAssertStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/PoundAssertStmt.qll index b2f9624447e..a38be8e4b18 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/PoundAssertStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/PoundAssertStmt.qll @@ -27,7 +27,7 @@ module Generated { final Expr getCondition() { exists(Expr immediate | immediate = this.getImmediateCondition() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/RepeatWhileStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/RepeatWhileStmt.qll index 2f4ada62ccf..a9b9c606f0e 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/RepeatWhileStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/RepeatWhileStmt.qll @@ -28,31 +28,18 @@ module Generated { final Expr getCondition() { exists(Expr immediate | immediate = this.getImmediateCondition() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } /** * Gets the body of this repeat while statement. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - Stmt getImmediateBody() { + Stmt getBody() { result = Synth::convertStmtFromRaw(Synth::convertRepeatWhileStmtToRaw(this) .(Raw::RepeatWhileStmt) .getBody()) } - - /** - * Gets the body of this repeat while statement. - */ - final Stmt getBody() { - exists(Stmt immediate | - immediate = this.getImmediateBody() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/ReturnStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/ReturnStmt.qll index c37671aba34..8e9d421da46 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/ReturnStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/ReturnStmt.qll @@ -25,7 +25,7 @@ module Generated { final Expr getResult() { exists(Expr immediate | immediate = this.getImmediateResult() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/StmtCondition.qll b/swift/ql/lib/codeql/swift/generated/stmt/StmtCondition.qll index 1be4eaf361a..6ba5e85f0b4 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/StmtCondition.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/StmtCondition.qll @@ -10,27 +10,14 @@ module Generated { /** * Gets the `index`th element of this statement condition (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - ConditionElement getImmediateElement(int index) { + ConditionElement getElement(int index) { result = Synth::convertConditionElementFromRaw(Synth::convertStmtConditionToRaw(this) .(Raw::StmtCondition) .getElement(index)) } - /** - * Gets the `index`th element of this statement condition (0-based). - */ - final ConditionElement getElement(int index) { - exists(ConditionElement immediate | - immediate = this.getImmediateElement(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the elements of this statement condition. */ diff --git a/swift/ql/lib/codeql/swift/generated/stmt/SwitchStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/SwitchStmt.qll index 819be668d5c..9cfc7cfb2d2 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/SwitchStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/SwitchStmt.qll @@ -26,33 +26,20 @@ module Generated { final Expr getExpr() { exists(Expr immediate | immediate = this.getImmediateExpr() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } /** * Gets the `index`th case of this switch statement (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - CaseStmt getImmediateCase(int index) { + CaseStmt getCase(int index) { result = Synth::convertCaseStmtFromRaw(Synth::convertSwitchStmtToRaw(this) .(Raw::SwitchStmt) .getCase(index)) } - /** - * Gets the `index`th case of this switch statement (0-based). - */ - final CaseStmt getCase(int index) { - exists(CaseStmt immediate | - immediate = this.getImmediateCase(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the cases of this switch statement. */ diff --git a/swift/ql/lib/codeql/swift/generated/stmt/ThrowStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/ThrowStmt.qll index fd6c6920b00..294e7ed5bb8 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/ThrowStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/ThrowStmt.qll @@ -25,7 +25,7 @@ module Generated { final Expr getSubExpr() { exists(Expr immediate | immediate = this.getImmediateSubExpr() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/WhileStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/WhileStmt.qll index 0482887cc57..3ed59b4cc3c 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/WhileStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/WhileStmt.qll @@ -10,23 +10,10 @@ module Generated { /** * Gets the body of this while statement. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - Stmt getImmediateBody() { + Stmt getBody() { result = Synth::convertStmtFromRaw(Synth::convertWhileStmtToRaw(this).(Raw::WhileStmt).getBody()) } - - /** - * Gets the body of this while statement. - */ - final Stmt getBody() { - exists(Stmt immediate | - immediate = this.getImmediateBody() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/YieldStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/YieldStmt.qll index df8b51cb2c4..31a691ba91c 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/YieldStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/YieldStmt.qll @@ -27,7 +27,7 @@ module Generated { final Expr getResult(int index) { exists(Expr immediate | immediate = this.getImmediateResult(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } diff --git a/swift/ql/lib/codeql/swift/generated/type/AnyGenericType.qll b/swift/ql/lib/codeql/swift/generated/type/AnyGenericType.qll index 3cb6fe2786c..57a0ace8b58 100644 --- a/swift/ql/lib/codeql/swift/generated/type/AnyGenericType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/AnyGenericType.qll @@ -36,25 +36,12 @@ module Generated { /** * Gets the declaration of this any generic type. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - GenericTypeDecl getImmediateDeclaration() { + GenericTypeDecl getDeclaration() { result = Synth::convertGenericTypeDeclFromRaw(Synth::convertAnyGenericTypeToRaw(this) .(Raw::AnyGenericType) .getDeclaration()) } - - /** - * Gets the declaration of this any generic type. - */ - final GenericTypeDecl getDeclaration() { - exists(GenericTypeDecl immediate | - immediate = this.getImmediateDeclaration() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ArchetypeType.qll b/swift/ql/lib/codeql/swift/generated/type/ArchetypeType.qll index 7d907166dcf..2128967a8f8 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ArchetypeType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ArchetypeType.qll @@ -60,27 +60,14 @@ module Generated { /** * Gets the `index`th protocol of this archetype type (0-based). - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - ProtocolDecl getImmediateProtocol(int index) { + ProtocolDecl getProtocol(int index) { result = Synth::convertProtocolDeclFromRaw(Synth::convertArchetypeTypeToRaw(this) .(Raw::ArchetypeType) .getProtocol(index)) } - /** - * Gets the `index`th protocol of this archetype type (0-based). - */ - final ProtocolDecl getProtocol(int index) { - exists(ProtocolDecl immediate | - immediate = this.getImmediateProtocol(index) and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } - /** * Gets any of the protocols of this archetype type. */ diff --git a/swift/ql/lib/codeql/swift/generated/type/DependentMemberType.qll b/swift/ql/lib/codeql/swift/generated/type/DependentMemberType.qll index 007748ae2c4..8192ed17213 100644 --- a/swift/ql/lib/codeql/swift/generated/type/DependentMemberType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/DependentMemberType.qll @@ -33,25 +33,12 @@ module Generated { /** * Gets the associated type declaration of this dependent member type. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - AssociatedTypeDecl getImmediateAssociatedTypeDecl() { + AssociatedTypeDecl getAssociatedTypeDecl() { result = Synth::convertAssociatedTypeDeclFromRaw(Synth::convertDependentMemberTypeToRaw(this) .(Raw::DependentMemberType) .getAssociatedTypeDecl()) } - - /** - * Gets the associated type declaration of this dependent member type. - */ - final AssociatedTypeDecl getAssociatedTypeDecl() { - exists(AssociatedTypeDecl immediate | - immediate = this.getImmediateAssociatedTypeDecl() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/ModuleType.qll b/swift/ql/lib/codeql/swift/generated/type/ModuleType.qll index e43a1107533..6303b4df206 100644 --- a/swift/ql/lib/codeql/swift/generated/type/ModuleType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/ModuleType.qll @@ -10,25 +10,12 @@ module Generated { /** * Gets the module of this module type. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - ModuleDecl getImmediateModule() { + ModuleDecl getModule() { result = Synth::convertModuleDeclFromRaw(Synth::convertModuleTypeToRaw(this) .(Raw::ModuleType) .getModule()) } - - /** - * Gets the module of this module type. - */ - final ModuleDecl getModule() { - exists(ModuleDecl immediate | - immediate = this.getImmediateModule() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll b/swift/ql/lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll index b503969d8ab..520c7785287 100644 --- a/swift/ql/lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/OpaqueTypeArchetypeType.qll @@ -15,25 +15,12 @@ module Generated { /** * Gets the declaration of this opaque type archetype type. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - OpaqueTypeDecl getImmediateDeclaration() { + OpaqueTypeDecl getDeclaration() { result = Synth::convertOpaqueTypeDeclFromRaw(Synth::convertOpaqueTypeArchetypeTypeToRaw(this) .(Raw::OpaqueTypeArchetypeType) .getDeclaration()) } - - /** - * Gets the declaration of this opaque type archetype type. - */ - final OpaqueTypeDecl getDeclaration() { - exists(OpaqueTypeDecl immediate | - immediate = this.getImmediateDeclaration() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/Type.qll b/swift/ql/lib/codeql/swift/generated/type/Type.qll index a3074fdd4d3..7f09e7d7e94 100644 --- a/swift/ql/lib/codeql/swift/generated/type/Type.qll +++ b/swift/ql/lib/codeql/swift/generated/type/Type.qll @@ -1,10 +1,10 @@ // generated by codegen/codegen.py private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw -import codeql.swift.elements.Element +import codeql.swift.elements.HideableElement module Generated { - class Type extends Synth::TType, Element { + class Type extends Synth::TType, HideableElement { /** * Gets the name of this type. */ diff --git a/swift/ql/lib/codeql/swift/generated/type/TypeAliasType.qll b/swift/ql/lib/codeql/swift/generated/type/TypeAliasType.qll index fa6ea238996..6bb41db6655 100644 --- a/swift/ql/lib/codeql/swift/generated/type/TypeAliasType.qll +++ b/swift/ql/lib/codeql/swift/generated/type/TypeAliasType.qll @@ -10,25 +10,12 @@ module Generated { /** * Gets the declaration of this type alias type. - * - * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the - * behavior of both the `Immediate` and non-`Immediate` versions. */ - TypeAliasDecl getImmediateDecl() { + TypeAliasDecl getDecl() { result = Synth::convertTypeAliasDeclFromRaw(Synth::convertTypeAliasTypeToRaw(this) .(Raw::TypeAliasType) .getDecl()) } - - /** - * Gets the declaration of this type alias type. - */ - final TypeAliasDecl getDecl() { - exists(TypeAliasDecl immediate | - immediate = this.getImmediateDecl() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() - ) - } } } diff --git a/swift/ql/lib/codeql/swift/generated/type/TypeRepr.qll b/swift/ql/lib/codeql/swift/generated/type/TypeRepr.qll index 4a3d11bd074..4dc124e2bda 100644 --- a/swift/ql/lib/codeql/swift/generated/type/TypeRepr.qll +++ b/swift/ql/lib/codeql/swift/generated/type/TypeRepr.qll @@ -25,7 +25,7 @@ module Generated { final Type getType() { exists(Type immediate | immediate = this.getImmediateType() and - if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + result = immediate.resolve() ) } } diff --git a/swift/ql/lib/codeql/swift/printast/PrintAstNode.qll b/swift/ql/lib/codeql/swift/printast/PrintAstNode.qll index 57e68648636..dc6af553f43 100644 --- a/swift/ql/lib/codeql/swift/printast/PrintAstNode.qll +++ b/swift/ql/lib/codeql/swift/printast/PrintAstNode.qll @@ -66,7 +66,7 @@ private string prettyPrint(Locatable e) { result = "[" + concat(e.getPrimaryQlClasses(), ", ") + "] " + e } -private class Unresolved extends Locatable { +private class Unresolved extends HideableElement, Locatable { Unresolved() { this != this.resolve() } } @@ -89,7 +89,7 @@ class PrintLocatable extends PrintAstNode, TLocatable { // use even indexes for normal children, leaving odd slots for conversions if any child = TLocatable(c) and index = 2 * i and label = accessor or - child = TLocatable(c.getFullyUnresolved().(Unresolved)) and + child = TLocatable(c.(HideableElement).getFullyUnresolved().(Unresolved)) and index = 2 * i + 1 and ( if c instanceof Expr diff --git a/swift/ql/lib/swift.dbscheme b/swift/ql/lib/swift.dbscheme index ba4171b90d0..37e784cc154 100644 --- a/swift/ql/lib/swift.dbscheme +++ b/swift/ql/lib/swift.dbscheme @@ -15,9 +15,9 @@ sourceLocationPrefix( @callable | @file | @generic_context +| @hideable_element | @locatable | @location -| @type ; #keyset[id] @@ -77,6 +77,12 @@ file_is_successfully_extracted( int id: @file ref ); +@hideable_element = + @expr +| @pattern +| @type +; + @locatable = @argument | @ast_node diff --git a/swift/schema.py b/swift/schema.py index f2d1283974f..76ac53dcb5c 100644 --- a/swift/schema.py +++ b/swift/schema.py @@ -14,7 +14,6 @@ from misc.codegen.lib.schemadefs import * include("prefix.dbscheme") @qltest.skip -@ql.hideable class Element: is_unknown: predicate | cpp.skip @@ -73,8 +72,12 @@ class UnknownLocation(Location): class AstNode(Locatable): pass +@ql.hideable +class HideableElement(Element): + pass + @group("type") -class Type(Element): +class Type(HideableElement): name: string canonical_type: "Type" @@ -84,12 +87,12 @@ class Decl(AstNode): members: list["Decl"] | child @group("expr") -class Expr(AstNode): +class Expr(AstNode, HideableElement): """The base class for all expressions in Swift.""" type: optional[Type] @group("pattern") -class Pattern(AstNode): +class Pattern(AstNode, HideableElement): pass @group("stmt") From b4edc92079dfe4a1e15bf607c564ed9de729cda8 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Tue, 23 May 2023 12:17:03 +0200 Subject: [PATCH 588/870] Swift: make hideability spread upward in the hierarchy --- misc/codegen/generators/qlgen.py | 1 - misc/codegen/lib/ql.py | 1 - misc/codegen/lib/schema.py | 1 - misc/codegen/loaders/schemaloader.py | 14 ++++- misc/codegen/templates/ql_class.mustache | 5 +- misc/codegen/templates/ql_parent.mustache | 14 ++--- misc/codegen/test/test_qlgen.py | 8 --- misc/codegen/test/test_schemaloader.py | 17 ++++-- swift/ql/.generated.list | 23 ++++---- swift/ql/.gitattributes | 1 - .../swift/controlflow/internal/Completion.qll | 6 +-- .../internal/ControlFlowGraphImpl.qll | 46 ++++++++-------- swift/ql/lib/codeql/swift/elements.qll | 1 - .../ql/lib/codeql/swift/elements/Element.qll | 11 ++++ .../codeql/swift/elements/HideableElement.qll | 14 ----- .../ql/lib/codeql/swift/generated/Element.qll | 17 ++++++ .../swift/generated/HideableElement.qll | 25 --------- .../codeql/swift/generated/ParentChild.qll | 52 ++++--------------- swift/ql/lib/codeql/swift/generated/Raw.qll | 11 ++-- swift/ql/lib/codeql/swift/generated/Synth.qll | 39 ++------------ .../swift/generated/UnspecifiedElement.qll | 15 +++++- .../swift/generated/decl/IfConfigDecl.qll | 15 +++++- .../lib/codeql/swift/generated/expr/Expr.qll | 3 +- .../swift/generated/pattern/Pattern.qll | 3 +- .../codeql/swift/generated/stmt/BraceStmt.qll | 15 +++++- .../lib/codeql/swift/generated/type/Type.qll | 4 +- .../codeql/swift/printast/PrintAstNode.qll | 4 +- swift/ql/lib/swift.dbscheme | 8 +-- swift/schema.py | 13 +++-- 29 files changed, 174 insertions(+), 213 deletions(-) delete mode 100644 swift/ql/lib/codeql/swift/elements/HideableElement.qll delete mode 100644 swift/ql/lib/codeql/swift/generated/HideableElement.qll diff --git a/misc/codegen/generators/qlgen.py b/misc/codegen/generators/qlgen.py index 6e4017b81f6..891533383d3 100755 --- a/misc/codegen/generators/qlgen.py +++ b/misc/codegen/generators/qlgen.py @@ -166,7 +166,6 @@ def get_ql_class(cls: schema.Class, lookup: typing.Dict[str, schema.Class]) -> q ipa=bool(cls.ipa), doc=cls.doc, hideable=cls.hideable, - hideable_root=cls.hideable_root, **pragmas, ) diff --git a/misc/codegen/lib/ql.py b/misc/codegen/lib/ql.py index 508db816beb..57a74f1f9d3 100644 --- a/misc/codegen/lib/ql.py +++ b/misc/codegen/lib/ql.py @@ -114,7 +114,6 @@ class Class: ql_internal: bool = False ipa: bool = False doc: List[str] = field(default_factory=list) - hideable_root: bool = False hideable: bool = False def __post_init__(self): diff --git a/misc/codegen/lib/schema.py b/misc/codegen/lib/schema.py index d72fa46adf4..023891b6b2d 100644 --- a/misc/codegen/lib/schema.py +++ b/misc/codegen/lib/schema.py @@ -91,7 +91,6 @@ class Class: """^^^ filled with `True` for non-final classes with only synthesized final descendants """ doc: List[str] = field(default_factory=list) default_doc_name: Optional[str] = None - hideable_root: bool = False hideable: bool = False @property diff --git a/misc/codegen/loaders/schemaloader.py b/misc/codegen/loaders/schemaloader.py index 0202c98f439..64f4d03cb57 100644 --- a/misc/codegen/loaders/schemaloader.py +++ b/misc/codegen/loaders/schemaloader.py @@ -39,7 +39,6 @@ def _get_class(cls: type) -> schema.Class: group=getattr(cls, "_group", ""), hideable=getattr(cls, "_hideable", False), # in the following we don't use `getattr` to avoid inheriting - hideable_root=cls.__dict__.get("_hideable", False), pragmas=cls.__dict__.get("_pragmas", []), ipa=cls.__dict__.get("_ipa", None), properties=[ @@ -96,6 +95,18 @@ def _fill_ipa_information(classes: typing.Dict[str, schema.Class]): cls.ipa = True +def _fill_hideable_information(classes: typing.Dict[str, schema.Class]): + """ Update the class map propagating the `hideable` attribute upwards in the hierarchy """ + todo = [cls for cls in classes.values() if cls.hideable] + while todo: + cls = todo.pop() + for base in cls.bases: + supercls = classes[base] + if not supercls.hideable: + supercls.hideable = True + todo.append(supercls) + + def load(m: types.ModuleType) -> schema.Schema: includes = set() classes = {} @@ -124,6 +135,7 @@ def load(m: types.ModuleType) -> schema.Schema: cls.is_null_class = True _fill_ipa_information(classes) + _fill_hideable_information(classes) return schema.Schema(includes=includes, classes=_toposort_classes_by_group(classes), null=null) diff --git a/misc/codegen/templates/ql_class.mustache b/misc/codegen/templates/ql_class.mustache index 63e4f0088fe..a22639ee4b6 100644 --- a/misc/codegen/templates/ql_class.mustache +++ b/misc/codegen/templates/ql_class.mustache @@ -37,8 +37,7 @@ module Generated { * Gets a comma-separated list of the names of the primary CodeQL classes to which this element belongs. */ final string getPrimaryQlClasses() { result = concat(this.getAPrimaryQlClass(), ",") } - {{/root}} - {{#hideable_root}} + /** * Gets the most immediate element that should substitute this element in the explicit AST, if any. * Classes can override this to indicate this node should be in the "hidden" AST, mostly reserved @@ -55,7 +54,7 @@ module Generated { or result = this.getResolveStep().resolve() } - {{/hideable_root}} + {{/root}} {{#final}} override string getAPrimaryQlClass() { result = "{{name}}" } {{/final}} diff --git a/misc/codegen/templates/ql_parent.mustache b/misc/codegen/templates/ql_parent.mustache index 2dcac6c45dc..d310323e74f 100644 --- a/misc/codegen/templates/ql_parent.mustache +++ b/misc/codegen/templates/ql_parent.mustache @@ -64,10 +64,6 @@ none() {{/final}} {{/classes}} } - -Element resolve(Element e) { - {{#classes}}{{#hideable_root}}if e instanceof {{name}} then result = e.({{name}}).resolve() else {{/hideable_root}}{{/classes}}result = e -} } /** @@ -75,21 +71,21 @@ Element resolve(Element e) { * if `e` has conversions, `getImmediateParent(e)` will give the innermost conversion in the hidden AST. */ Element getImmediateParent(Element e) { -// `unique` is used here to tell the optimizer that there is in fact only one result -// this is tested by the `library-tests/parent/no_double_parents.ql` test -result = unique(Element x | e = Impl::getImmediateChild(x, _, _) | x) + // `unique` is used here to tell the optimizer that there is in fact only one result + // this is tested by the `library-tests/parent/no_double_parents.ql` test + result = unique(Element x | e = Impl::getImmediateChild(x, _, _) | x) } /** * Gets the immediate child indexed at `index`. Indexes are not guaranteed to be contiguous, but are guaranteed to be distinct. `accessor` is bound the member predicate call resulting in the given child. */ Element getImmediateChildAndAccessor(Element e, int index, string accessor) { -exists(string partialAccessor | result = Impl::getImmediateChild(e, index, partialAccessor) and accessor = "get" + partialAccessor) + exists(string partialAccessor | result = Impl::getImmediateChild(e, index, partialAccessor) and accessor = "get" + partialAccessor) } /** * Gets the child indexed at `index`. Indexes are not guaranteed to be contiguous, but are guaranteed to be distinct. `accessor` is bound the member predicate call resulting in the given child. */ Element getChildAndAccessor(Element e, int index, string accessor) { -exists(string partialAccessor | result = Impl::resolve(Impl::getImmediateChild(e, index, partialAccessor)) and accessor = "get" + partialAccessor) + exists(string partialAccessor | result = Impl::getImmediateChild(e, index, partialAccessor).resolve() and accessor = "get" + partialAccessor) } diff --git a/misc/codegen/test/test_qlgen.py b/misc/codegen/test/test_qlgen.py index 32f65bbc851..44c5e63f05d 100644 --- a/misc/codegen/test/test_qlgen.py +++ b/misc/codegen/test/test_qlgen.py @@ -880,14 +880,6 @@ def test_hideable_class(generate_classes): } -def test_hideable_root_class(generate_classes): - assert generate_classes([ - schema.Class("MyObject", hideable_root=True), - ]) == { - "MyObject.qll": (a_ql_stub(name="MyObject"), a_ql_class(name="MyObject", final=True, hideable_root=True)), - } - - def test_hideable_property(generate_classes): assert generate_classes([ schema.Class("MyObject", hideable=True), diff --git a/misc/codegen/test/test_schemaloader.py b/misc/codegen/test/test_schemaloader.py index 2479fc08500..25b4c43f161 100644 --- a/misc/codegen/test/test_schemaloader.py +++ b/misc/codegen/test/test_schemaloader.py @@ -698,11 +698,22 @@ def test_hideable(): class A(Root): pass - class B(A): + class IndirectlyHideable(Root): pass - assert data.classes["A"] == schema.Class("A", bases=["Root"], derived={"B"}, hideable_root=True, hideable=True) - assert data.classes["B"] == schema.Class("B", bases=["A"], hideable=True) + class B(A, IndirectlyHideable): + pass + + class NonHideable(Root): + pass + + assert data.classes == { + "Root": schema.Class("Root", derived={"A", "IndirectlyHideable", "NonHideable"}, hideable=True), + "A": schema.Class("A", bases=["Root"], derived={"B"}, hideable=True), + "IndirectlyHideable": schema.Class("IndirectlyHideable", bases=["Root"], derived={"B"}, hideable=True), + "B": schema.Class("B", bases=["A", "IndirectlyHideable"], hideable=True), + "NonHideable": schema.Class("NonHideable", bases=["Root"], hideable=False), + } if __name__ == '__main__': diff --git a/swift/ql/.generated.list b/swift/ql/.generated.list index 3de24cd5c71..530a9e62795 100644 --- a/swift/ql/.generated.list +++ b/swift/ql/.generated.list @@ -365,7 +365,7 @@ lib/codeql/swift/elements/type/VariadicSequenceType.qll 325e4c4481e9ac07acdc6aeb lib/codeql/swift/elements/type/VariadicSequenceTypeConstructor.qll 0d1d2328a3b5e503a883e7e6d7efd0ca5e7f2633abead9e4c94a9f98ed3cb223 69bff81c1b9413949eacb9298d2efb718ea808e68364569a1090c9878c4af856 lib/codeql/swift/elements/type/WeakStorageType.qll 7c07739cfc1459f068f24fef74838428128054adf611504d22532e4a156073e7 9c968414d7cc8d672f3754bced5d4f83f43a6d7872d0d263d79ff60483e1f996 lib/codeql/swift/elements/type/WeakStorageTypeConstructor.qll d88b031ef44d6de14b3ddcff2eb47b53dbd11550c37250ff2edb42e5d21ec3e9 26d855c33492cf7a118e439f7baeed0e5425cfaf058b1dcc007eca7ed765c897 -lib/codeql/swift/elements.qll cba02ae777269061af0713f6b003c97679434ddc8b2e871fc00c5d17c5265d2a cba02ae777269061af0713f6b003c97679434ddc8b2e871fc00c5d17c5265d2a +lib/codeql/swift/elements.qll 3df0060edd2b2030f4e4d7d5518afe0073d798474d9b1d6185d833bec63ca8bd 3df0060edd2b2030f4e4d7d5518afe0073d798474d9b1d6185d833bec63ca8bd lib/codeql/swift/generated/AstNode.qll 02ca56d82801f942ae6265c6079d92ccafdf6b532f6bcebd98a04029ddf696e4 6216fda240e45bd4302fa0cf0f08f5f945418b144659264cdda84622b0420aa2 lib/codeql/swift/generated/AvailabilityInfo.qll 1e38e7f52ccbcecd4dd088eae15c482d87911682dabb426332cc0e207fc6bf2f 7c6640530cdbece90d4172e8d6cfd119656860da08bb61ed4ef3a6757723994f lib/codeql/swift/generated/AvailabilitySpec.qll fb1255f91bb5e41ad4e9c675a2efbc50d0fb366ea2de68ab7eebd177b0795309 144e0c2e7d6c62ecee43325f7f26dcf437881edf0b75cc1bc898c6c4b61fdeaf @@ -374,23 +374,22 @@ lib/codeql/swift/generated/Comment.qll f58b49f6e68c21f87c51e2ff84c8a64b09286d733 lib/codeql/swift/generated/DbFile.qll a49b2a2cb2788cb49c861ebcd458b8daead7b15adb19c3a9f4db3bf39a0051fc a49b2a2cb2788cb49c861ebcd458b8daead7b15adb19c3a9f4db3bf39a0051fc lib/codeql/swift/generated/DbLocation.qll b9baea963d9fa82068986512c0649d1050897654eee3df51dba17cf6b1170873 b9baea963d9fa82068986512c0649d1050897654eee3df51dba17cf6b1170873 lib/codeql/swift/generated/Diagnostics.qll d2ee2db55e932dcaee95fcc1164a51ffbe1a78d86ee0f50aabb299b458462afe 566d554d579cadde26dc4d1d6b1750ca800511201b737b629f15b6f873af3733 -lib/codeql/swift/generated/Element.qll 1c6a757f3c1218b02a98f075b2cfb5bd0cc31dff31bd1d04acdf4d4f040dee45 a3221cd9250706e6313a82450466326e5a1e6ffa5ae0b308e943d0979d03919e +lib/codeql/swift/generated/Element.qll 81a01c1965cf8154596c753b20536ef8630b30567d8c077660ab2d11143f060b 74f5c76db5ec82a9c1675ec0282acd44f1a86ef447d1961c47aea3eed50f79cb lib/codeql/swift/generated/ErrorElement.qll 4b032abe8ffb71376a29c63e470a52943ace2527bf7b433c97a8bf716f9ad102 4f2b1be162a5c275e3264dbc51bf98bce8846d251be8490a0d4b16cbc85f630f lib/codeql/swift/generated/File.qll f88c485883dd9b2b4a366080e098372912e03fb3177e5cae58aa4449c2b03399 0333c49e3a11c48e6146a7f492ee31ac022d80150fc3f8bfafc3c8f94d66ff76 -lib/codeql/swift/generated/HideableElement.qll 0eb3bb2fd9fb2b5ba444f4cd1aa4f91c87926618dcfa0051b048cf9d63f9602e 0eb3bb2fd9fb2b5ba444f4cd1aa4f91c87926618dcfa0051b048cf9d63f9602e lib/codeql/swift/generated/KeyPathComponent.qll c79c7bc04fc1426992ab472eedc1a20a7aa496ff3f43305400022f1a02ba44f4 a9935b68b511329d157bcd7a7d27aa4803d2163306db8b41808a2b736f80f4d8 lib/codeql/swift/generated/Locatable.qll be20967d48a34cdba126fe298606e0adc11697831f097acba9c52a0b7ce9983e 8aa01bc376614abbc3209e25785c72f86c9b4e94bb5f471a4a0677fedaec4f61 lib/codeql/swift/generated/Location.qll c5793987e77812059a28254dadee29bfe9b38153c0399fbb1bf6a2f5c237fdab 6e6d8802b021e36bbaad81845657769dd48a798ea33080ada05e9818a20b38f7 lib/codeql/swift/generated/OtherAvailabilitySpec.qll 0e26a203b26ff0581b7396b0c6d1606feec5cc32477f676585cdec4911af91c5 0e26a203b26ff0581b7396b0c6d1606feec5cc32477f676585cdec4911af91c5 -lib/codeql/swift/generated/ParentChild.qll ffec94e3ee076ff73dd7b4e6561c8d8c1f9a198547085baa40a1e5e28adc5827 a28adf13137431f55ce218ade6848bf5b853d3f27315765e9e6c45032c02ddd3 +lib/codeql/swift/generated/ParentChild.qll 7d2d0628965c38d59877fed220b39bd3b02d3652990caf7eeabe966b73534c7d a5a9df21d0a6a00aed6ebb60f13fea3456bf97ca84a140ebca52610eb7c8ff8b lib/codeql/swift/generated/PlatformVersionAvailabilitySpec.qll f82d9ca416fe8bd59b5531b65b1c74c9f317b3297a6101544a11339a1cffce38 7f5c6d3309e66c134107afe55bae76dfc9a72cb7cdd6d4c3706b6b34cee09fa0 lib/codeql/swift/generated/PureSynthConstructors.qll 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 -lib/codeql/swift/generated/Raw.qll 56e12381886fe9eb6aef74968cb542e179116ad6722640a21bda37f1d9d26e77 ae93d0caebecf3ce593c95887b44cd1686b5c7e989d5cce4bb39d97312c3cb68 -lib/codeql/swift/generated/Synth.qll 14dbc93375bcde4d792c1ec6157ee9c825119dcc9de31bcfeea56b3636f32d27 e84970ed295aa0af59135ee09b9cddbd6a26dcbce3baaf0e2a958b0552aac6d1 +lib/codeql/swift/generated/Raw.qll 8d4880e5ee1fdd120adeb7bf0dfa1399e7b1a53b2cc7598aed8e15cbf996d1c0 da0d446347d29f5cd05281c17c24e87610f31c32adb7e05ab8f3a26bed55bd90 +lib/codeql/swift/generated/Synth.qll 551fdf7e4b53f9ee1314d1bb42c2638cf82f45bfa1f40a635dfa7b6072e4418c 9ab178464700a19951fc5285acacda4913addee81515d8e072b3d7055935a814 lib/codeql/swift/generated/SynthConstructors.qll 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 lib/codeql/swift/generated/UnknownFile.qll 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 lib/codeql/swift/generated/UnknownLocation.qll e50efefa02a0ec1ff635a00951b5924602fc8cab57e5756e4a039382c69d3882 e50efefa02a0ec1ff635a00951b5924602fc8cab57e5756e4a039382c69d3882 -lib/codeql/swift/generated/UnspecifiedElement.qll 2b66070944ad36316476b6bf8a811131ca6d4232591353b2b23e881b547463cc c9bff46bcb6f6d106eb57ab8bb04584d9a0b2513abdc1be6e98c0bd227c5f1e0 +lib/codeql/swift/generated/UnspecifiedElement.qll ad04c197266069baf505e529e62751ab3056b4bac5db378fe1f79bbdfa29e066 a5058c7e3e0ba7d52710161e349a71f3e963d4abe07ca581ad663395fc50e972 lib/codeql/swift/generated/decl/AbstractStorageDecl.qll 4e827d05b3b98c043f925a3bd9c00622da3dc6e3d3406f5a18b2c3a684e3774f 47e5767a6f9a87f848cccce651d8c40af8aa3e0e727fc147cbf4d5a2a3e483d9 lib/codeql/swift/generated/decl/AbstractTypeParamDecl.qll 1e268b00d0f2dbbd85aa70ac206c5e4a4612f06ba0091e5253483635f486ccf9 5479e13e99f68f1f347283535f8098964f7fd4a34326ff36ad5711b2de1ab0d0 lib/codeql/swift/generated/decl/Accessor.qll c93cdf7dbb87e6c9b09b5fcf469b952041f753914a892addeb24bb46eaa51d29 1e8104da2da146d3e4d8f5f96b87872e63162e53b46f9c7038c75db51a676599 @@ -409,7 +408,7 @@ lib/codeql/swift/generated/decl/Function.qll 92d1fbceb9e96afd00a1dfbfd15cec0063b lib/codeql/swift/generated/decl/GenericContext.qll 9f7e17d11bf898429a921ba7726b07aab382c97f8326bd186f2bded3d090852c 14d558b6e498d49b850f862d85091a11954dad13f16c60f700cf2c66fa37c473 lib/codeql/swift/generated/decl/GenericTypeDecl.qll 71f5c9c6078567dda0a3ac17e2d2d590454776b2459267e31fed975724f84aec 669c5dbd8fad8daf007598e719ac0b2dbcb4f9fad698bffb6f1d0bcd2cee9102 lib/codeql/swift/generated/decl/GenericTypeParamDecl.qll bc41a9d854e65b1e0da86350870a8fe050eb1dc031cd17ded11c15b5ad8ad183 bc41a9d854e65b1e0da86350870a8fe050eb1dc031cd17ded11c15b5ad8ad183 -lib/codeql/swift/generated/decl/IfConfigDecl.qll 085e2c70d3e158b7f3d3d3ade94593f1331d681d07da8a968c537830a67a62fe 19bb842314e8edb6a8dce4d78ec8043a527f13569da8be4ad03ba876a09998a5 +lib/codeql/swift/generated/decl/IfConfigDecl.qll f1decc68b28dfb43ec70070156d19d6ef0943d8cf375ea639adf13da19398586 75fe6359304693a002987d57865d52b9fca84023752432c98e2f0dbc2830da7e lib/codeql/swift/generated/decl/ImportDecl.qll 542405d7a75659d048d1ff8894a0cc0d357802c2936407ec39b7e4f69d2dd864 41ee9a9f1fc8068db587ac786145cf50f74f74161555ca94b502a57cca23288a lib/codeql/swift/generated/decl/InfixOperatorDecl.qll 3da133c325380fbc10448b731d5826959056ca861d3a0661e7c37694e5ccb208 bb81c8e1597a1fb7e791e3c4c4ed28a73c442591bff2b12d13a7a327a7b6db08 lib/codeql/swift/generated/decl/Initializer.qll a72005f0abebd31b7b91f496ddae8dff49a027ba01b5a827e9b8870ecf34de17 a72005f0abebd31b7b91f496ddae8dff49a027ba01b5a827e9b8870ecf34de17 @@ -484,7 +483,7 @@ lib/codeql/swift/generated/expr/ErrorExpr.qll 8e354eed5655e7261d939f3831eb6fa296 lib/codeql/swift/generated/expr/ExistentialMetatypeToObjectExpr.qll eb0d42aac3f6331011a0e26cf5581c5e0a1b5523d2da94672abdebe70000d65b efe2bc0424e551454acc919abe4dac7fd246b84f1ae0e5d2e31a49cbcf84ce40 lib/codeql/swift/generated/expr/ExplicitCastExpr.qll 162f94461d41cf10a81567e13d5141d7aca417cc92d4ef55de97c7909681882e c8e7d1f569265a9bc2ae6a82e33783ec3ac077c3ae6e582edcb49a4eb816f7b5 lib/codeql/swift/generated/expr/ExplicitClosureExpr.qll c5291fb91e04a99133d1b4caf25f8bd6e7f2e7b9d5d99558143899f4dc9a7861 c5291fb91e04a99133d1b4caf25f8bd6e7f2e7b9d5d99558143899f4dc9a7861 -lib/codeql/swift/generated/expr/Expr.qll 91b45df8d77ece59147e330b1a93515ad791e1da84128a079be2160ee5f87796 4a57263c533d9d5a9e1cacc997d09434fe7ebbabff9ac1a49602b618b828839b +lib/codeql/swift/generated/expr/Expr.qll b09ddd296693ad78a2b0e7dc17d2b746357ae88645b046a026861eafeba616cb 498c628f904fbf48be10f32b146168b71f8f7d9f829614e422020701ccc0f8e4 lib/codeql/swift/generated/expr/FloatLiteralExpr.qll ae851773886b3d33ab5535572a4d6f771d4b11d6c93e802f01348edb2d80c454 35f103436fc2d1b2cec67b5fbae07b28c054c9687d57cbd3245c38c55d8bde0b lib/codeql/swift/generated/expr/ForceTryExpr.qll 062997b5e9a9e993de703856ae6af60fe1950951cf77cdab11b972fb0a5a4ed3 062997b5e9a9e993de703856ae6af60fe1950951cf77cdab11b972fb0a5a4ed3 lib/codeql/swift/generated/expr/ForceValueExpr.qll cd7ee5fa4a6f7094c7fbb9c5831f60d5ce18b123fe7beea3dcb26ca78e387118 7cdef6e9b501f9e9cb0d48828e68b349b25e4e5f312e5bcee91868ae8b196e7d @@ -565,10 +564,10 @@ lib/codeql/swift/generated/pattern/IsPattern.qll c809159dff26b86d44f560742d66e75 lib/codeql/swift/generated/pattern/NamedPattern.qll 5d25e51eb83e86363b95a6531ffb164e5a6070b4a577f3900140edbef0e83c71 9e88b2b2b90a547b402d4782e8d494bc555d4200763c094dd985fe3b7ebc1ec8 lib/codeql/swift/generated/pattern/OptionalSomePattern.qll 5b9c7032584619d4921d1a1324e3ce4bd7207f0d4daa703e1e059f983bf1b132 e6d44514cd123a7ad27f657a2b83d46277a961a849139380ece886430a862920 lib/codeql/swift/generated/pattern/ParenPattern.qll 337cb03dcb7384f7ef13e35d843b3498c0ae391374f5e870d1e52c2d1baacd95 cba288ee99726f5bbf15cf61971e000a835cf6e8b7507dcf6f6c6dea91ec287a -lib/codeql/swift/generated/pattern/Pattern.qll abdb00ae9ee55061de85fa77ecff6f3df9ddf395f45a38dde94983ac423d861a 67ffece7bd83150bb0981b2fda86468c2df7c4d2015526b90ca40c71eec6b542 +lib/codeql/swift/generated/pattern/Pattern.qll 0e96528a8dd87185f4fb23ba33ea418932762127e99739d7e56e5c8988e024d1 ba1e010c9f7f891048fb8c4ff8ea5a6c664c09e43d74b860d559f6459f82554a lib/codeql/swift/generated/pattern/TuplePattern.qll b3a138b0942f7e3eecb52ad2f095584a6cd5f555e9487c6eaad6a5527ae99f0c d6ff67ecc7395571acef4b82da514cb737c72d97ea557d89da534469feda340c lib/codeql/swift/generated/pattern/TypedPattern.qll 6a9fd2815755eddc6918d6be8221c7afb90e4fba4fcb8eb54ff42754269bb481 f198c3b09553a5f5f3d97f8088ef82c00552b9635560750c56d801b09dbd9e26 -lib/codeql/swift/generated/stmt/BraceStmt.qll 72557bdbde907042a936b55039e6032afd5eb92b21a6bb3d669437f3141a7e76 a2fb52f3d77444880edcafec6d107f27cf8c528c21241b1222823136fd4cfbb9 +lib/codeql/swift/generated/stmt/BraceStmt.qll eea1a33767c14a3b96aea6bbe10f17c3ecd1d8ac263de07e475e23b46d85a20d a5ee6c19a38e968c245886c28c82513f39ca90a80a9ea11d0e3139a35f682046 lib/codeql/swift/generated/stmt/BreakStmt.qll 879cf66911cc7f53e7e8f4ae8244681018fb17d6501b269fb7cf9d8481f0b539 c78fc1b0e3e76321fc1653aa8b0aabaaacf082e01a003b78f693b106cc05faa0 lib/codeql/swift/generated/stmt/CaseLabelItem.qll 9536d2909a274c3a969eec25f8e5966adfaa9b0d6451ea6319d9f7bb2fd6fe07 02e25f036db50e9a6e9a7ceab6002dd605b73afb55fa1dee6f22e7af33a40913 lib/codeql/swift/generated/stmt/CaseStmt.qll c180478c6161439bc76bd39edfab343faba7450900ffedcadd3ccea12dc3a08c b537eb517db76113cfbc91c59e6bdfbf16ff83d639dfe6fd6892171f71a97090 @@ -647,7 +646,7 @@ lib/codeql/swift/generated/type/SubstitutableType.qll 9e74ec2d281cd3dedbc5791d66 lib/codeql/swift/generated/type/SugarType.qll 4ea82201ae20e769c0c3e6e158bae86493e1b16bbd3ef6495e2a3760baa1fc6b 6c78df86db6f9c70398484819a9b9ecc8ee337b0a4ac2d84e17294951a6fd788 lib/codeql/swift/generated/type/SyntaxSugarType.qll 253e036452e0ba8ae3bb60d6ed22f4efb8436f4ef19f158f1114a6f9a14df42c 743fe4dede40ca173b19d5757d14e0f606fe36f51119445503e8eea7cf6df3b0 lib/codeql/swift/generated/type/TupleType.qll af224031c3bea6dfca6138903cca940a4f00ba6494ad7b591b9f017d69ee9a6c f59ad1bb4994196ec49836ae169e550a70dbb25a359ff889ed6456882fe2d9a0 -lib/codeql/swift/generated/type/Type.qll ada3973ed840643fa9f015d721d1f3c58994cda46b169e875b77473281d9122f 6a43dc43be0ac6f315b58ca4dc9b015769281eb5011220f28b5e9b6ed9436207 +lib/codeql/swift/generated/type/Type.qll c08acc943c9b52662a465d77fcd39d12f869c42b24a3755225b3bddbb1cf72f5 6d82c5bddded75fd5598bb559ecfa07360ad802d5e9541af2c334dc9d0159335 lib/codeql/swift/generated/type/TypeAliasType.qll 7c1397c4a145d3265e8d1b4dac4ae6a58a2c4026145cfb2d8d28c01309b0ea26 0e3c3a2c166285f4ac1b417b8cc74a5095c8a8e1a102d7b5ca2829a06b61de23 lib/codeql/swift/generated/type/TypeRepr.qll 25a412f029bf2d4b283ea07f0f0ff5713b1b4f369f8cb06991328fdee030e14a 2a39717f2e023c96015b797b59812b0e0bef1ea2780ee83869b68da549abbf2f lib/codeql/swift/generated/type/UnarySyntaxSugarType.qll 6f3822691d04531cc1dd6a78fb184f3e18d42ee324123dc4338fdd368fbd0bd6 d489aac77955de0d71fd5c271fddccd40050db4ef8ce8d817320ca9554057c3a diff --git a/swift/ql/.gitattributes b/swift/ql/.gitattributes index c1bcfc90e69..71cc5c58ecf 100644 --- a/swift/ql/.gitattributes +++ b/swift/ql/.gitattributes @@ -379,7 +379,6 @@ /lib/codeql/swift/generated/Element.qll linguist-generated /lib/codeql/swift/generated/ErrorElement.qll linguist-generated /lib/codeql/swift/generated/File.qll linguist-generated -/lib/codeql/swift/generated/HideableElement.qll linguist-generated /lib/codeql/swift/generated/KeyPathComponent.qll linguist-generated /lib/codeql/swift/generated/Locatable.qll linguist-generated /lib/codeql/swift/generated/Location.qll linguist-generated diff --git a/swift/ql/lib/codeql/swift/controlflow/internal/Completion.qll b/swift/ql/lib/codeql/swift/controlflow/internal/Completion.qll index ad96fcb12de..9e7975890e6 100644 --- a/swift/ql/lib/codeql/swift/controlflow/internal/Completion.qll +++ b/swift/ql/lib/codeql/swift/controlflow/internal/Completion.qll @@ -98,7 +98,7 @@ private predicate isBooleanConstant(ControlFlowElement n, boolean value) { // Boolean constants hidden inside conversions are also // constants that resolve to the same value. exists(ControlFlowElement parent | - parent.asAstNode() = n.asAstNode().(HideableElement).getResolveStep() and + parent.asAstNode() = n.asAstNode().getResolveStep() and isBooleanConstant(parent, value) ) } @@ -122,9 +122,9 @@ private predicate inBooleanContext(ControlFlowElement n) { private predicate astInBooleanContext(AstNode n) { n = any(ConditionElement condElem).getBoolean().getFullyUnresolved() or - n = any(ConditionElement condElem).getAvailability() + n = any(ConditionElement condElem).getAvailability().getFullyUnresolved() or - n = any(StmtCondition stmtCond) + n = any(StmtCondition stmtCond).getFullyUnresolved() or exists(RepeatWhileStmt repeat | n = repeat.getCondition().getFullyConverted()) or diff --git a/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll b/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll index 3efa0dd8bc3..d3eb3aaa244 100644 --- a/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll +++ b/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll @@ -264,7 +264,7 @@ module Stmts { or child.asAstNode() = ast.getAnElement().getBoolean().getFullyConverted() or - child.asAstNode() = ast.getAnElement().getAvailability() + child.asAstNode() = ast.getAnElement().getAvailability().getFullyUnresolved() } predicate firstElement(int i, ControlFlowElement first) { @@ -278,7 +278,7 @@ module Stmts { astFirst(ast.getElement(i).getBoolean().getFullyConverted(), first) or // ... or an availability check. - astFirst(ast.getElement(i).getAvailability(), first) + astFirst(ast.getElement(i).getAvailability().getFullyUnresolved(), first) ) } @@ -296,7 +296,7 @@ module Stmts { astLast(ast.getElement(i).getBoolean().getFullyConverted(), pred, c) or // ... or the availability check ... - astLast(ast.getElement(i).getAvailability(), pred, c) + astLast(ast.getElement(i).getAvailability().getFullyUnresolved(), pred, c) ) and // We evaluate the next element c instanceof NormalCompletion and @@ -313,7 +313,7 @@ module Stmts { not c.(MatchingCompletion).isMatch() or // Stop if an availability check failed - astLast(ast.getAnElement().getAvailability(), last, c) and + astLast(ast.getAnElement().getAvailability().getFullyUnresolved(), last, c) and c instanceof FalseCompletion or // Stop if we successfully evaluated all the conditionals @@ -322,7 +322,7 @@ module Stmts { or astLast(ast.getLastElement().getPattern().getFullyUnresolved(), last, c) or - astLast(ast.getLastElement().getAvailability(), last, c) + astLast(ast.getLastElement().getAvailability().getFullyUnresolved(), last, c) ) and c instanceof NormalCompletion } @@ -342,14 +342,14 @@ module Stmts { override IfStmt ast; final override predicate propagatesAbnormal(ControlFlowElement child) { - child.asAstNode() = ast.getCondition() or + child.asAstNode() = ast.getCondition().getFullyUnresolved() or child.asAstNode() = ast.getThen() or child.asAstNode() = ast.getElse() } final override predicate last(ControlFlowElement last, Completion c) { // Condition exits with a false completion and there is no `else` branch - astLast(ast.getCondition(), last, c) and + astLast(ast.getCondition().getFullyUnresolved(), last, c) and c instanceof FalseOrNonMatchCompletion and not exists(ast.getElse()) or @@ -360,10 +360,10 @@ module Stmts { final override predicate succ(ControlFlowElement pred, ControlFlowElement succ, Completion c) { // Pre-order: flow from statement itself to first element of condition pred.asAstNode() = ast and - astFirst(ast.getCondition(), succ) and + astFirst(ast.getCondition().getFullyUnresolved(), succ) and c instanceof SimpleCompletion or - astLast(ast.getCondition(), pred, c) and + astLast(ast.getCondition().getFullyUnresolved(), pred, c) and ( // Flow from last element of condition to first element of then branch c instanceof TrueOrMatchCompletion and @@ -380,7 +380,7 @@ module Stmts { override GuardStmt ast; final override predicate propagatesAbnormal(ControlFlowElement child) { - child.asAstNode() = ast.getCondition() or + child.asAstNode() = ast.getCondition().getFullyUnresolved() or child.asAstNode() = ast.getBody() } @@ -390,18 +390,18 @@ module Stmts { c instanceof NormalCompletion or // Exit when a condition is true - astLast(ast.getCondition(), last, c) and + astLast(ast.getCondition().getFullyUnresolved(), last, c) and c instanceof TrueOrMatchCompletion } final override predicate succ(ControlFlowElement pred, ControlFlowElement succ, Completion c) { // Pre-order: flow from statement itself to first element of condition pred.asAstNode() = ast and - astFirst(ast.getCondition(), succ) and + astFirst(ast.getCondition().getFullyUnresolved(), succ) and c instanceof SimpleCompletion or // Flow to the body when the condition is false - astLast(ast.getCondition(), pred, c) and + astLast(ast.getCondition().getFullyUnresolved(), pred, c) and c instanceof FalseOrNonMatchCompletion and astFirst(ast.getBody(), succ) } @@ -458,7 +458,9 @@ module Stmts { private class WhileTree extends LoopTree { override WhileStmt ast; - final override ControlFlowElement getCondition() { result.asAstNode() = ast.getCondition() } + final override ControlFlowElement getCondition() { + result.asAstNode() = ast.getCondition().getFullyUnresolved() + } final override ControlFlowElement getBody() { result.asAstNode() = ast.getBody() } @@ -672,7 +674,7 @@ module Stmts { final override predicate last(ControlFlowElement last, Completion c) { // Case pattern exits with a non-match - astLast(ast.getLastLabel(), last, c) and + astLast(ast.getLastLabel().getFullyUnresolved(), last, c) and not c.(MatchingCompletion).isMatch() or // Case body exits with any completion @@ -682,18 +684,18 @@ module Stmts { override predicate succ(ControlFlowElement pred, ControlFlowElement succ, Completion c) { // Pre-order: Flow from the case statement itself to the first label pred.asAstNode() = ast and - astFirst(ast.getFirstLabel(), succ) and + astFirst(ast.getFirstLabel().getFullyUnresolved(), succ) and c instanceof SimpleCompletion or // Left-to-right evaluation of labels until we find a match exists(int i | - astLast(ast.getLabel(i), pred, c) and - astFirst(ast.getLabel(i + 1), succ) and + astLast(ast.getLabel(i).getFullyUnresolved(), pred, c) and + astFirst(ast.getLabel(i + 1).getFullyUnresolved(), succ) and c.(MatchingCompletion).isNonMatch() ) or // Flow from last element of pattern to first element of body - astLast(ast.getALabel(), pred, c) and + astLast(ast.getALabel().getFullyUnresolved(), pred, c) and astFirst(ast.getBody(), succ) and c.(MatchingCompletion).isMatch() } @@ -1162,7 +1164,7 @@ module Exprs { override CaptureListExpr ast; final override ControlFlowElement getChildElement(int i) { - result.asAstNode() = ast.getBindingDecl(i) + result.asAstNode() = ast.getBindingDecl(i).getFullyUnresolved() or i = ast.getNumberOfBindingDecls() and result.asAstNode() = ast.getClosureBody().getFullyConverted() @@ -1794,7 +1796,9 @@ module AvailabilityInfo { private class AvailabilityInfoTree extends AstStandardPostOrderTree { override AvailabilityInfo ast; - final override ControlFlowElement getChildElement(int i) { result.asAstNode() = ast.getSpec(i) } + final override ControlFlowElement getChildElement(int i) { + result.asAstNode() = ast.getSpec(i).getFullyUnresolved() + } } private class AvailabilitySpecTree extends AstLeafTree { diff --git a/swift/ql/lib/codeql/swift/elements.qll b/swift/ql/lib/codeql/swift/elements.qll index 486b2aa6cd0..7c75c11c976 100644 --- a/swift/ql/lib/codeql/swift/elements.qll +++ b/swift/ql/lib/codeql/swift/elements.qll @@ -10,7 +10,6 @@ import codeql.swift.elements.Diagnostics import codeql.swift.elements.Element import codeql.swift.elements.ErrorElement import codeql.swift.elements.File -import codeql.swift.elements.HideableElement import codeql.swift.elements.KeyPathComponent import codeql.swift.elements.Locatable import codeql.swift.elements.Location diff --git a/swift/ql/lib/codeql/swift/elements/Element.qll b/swift/ql/lib/codeql/swift/elements/Element.qll index b7bdd621eaf..394d1caab3b 100644 --- a/swift/ql/lib/codeql/swift/elements/Element.qll +++ b/swift/ql/lib/codeql/swift/elements/Element.qll @@ -1,7 +1,18 @@ private import codeql.swift.generated.Element class Element extends Generated::Element { + private predicate resolvesFrom(Element e) { e.getResolveStep() = this } + override string toString() { result = this.getPrimaryQlClasses() } + + Element getFullyUnresolved() { + not this.resolvesFrom(_) and result = this + or + exists(Element e | + this.resolvesFrom(e) and + result = e.getFullyUnresolved() + ) + } } class UnknownElement extends Element { diff --git a/swift/ql/lib/codeql/swift/elements/HideableElement.qll b/swift/ql/lib/codeql/swift/elements/HideableElement.qll deleted file mode 100644 index fdc392817dd..00000000000 --- a/swift/ql/lib/codeql/swift/elements/HideableElement.qll +++ /dev/null @@ -1,14 +0,0 @@ -private import codeql.swift.generated.HideableElement - -class HideableElement extends Generated::HideableElement { - private predicate resolvesFrom(HideableElement e) { e.getResolveStep() = this } - - HideableElement getFullyUnresolved() { - not this.resolvesFrom(_) and result = this - or - exists(HideableElement e | - this.resolvesFrom(e) and - result = e.getFullyUnresolved() - ) - } -} diff --git a/swift/ql/lib/codeql/swift/generated/Element.qll b/swift/ql/lib/codeql/swift/generated/Element.qll index 88e9b4cdd34..0fa588e0667 100644 --- a/swift/ql/lib/codeql/swift/generated/Element.qll +++ b/swift/ql/lib/codeql/swift/generated/Element.qll @@ -24,6 +24,23 @@ module Generated { */ final string getPrimaryQlClasses() { result = concat(this.getAPrimaryQlClass(), ",") } + /** + * Gets the most immediate element that should substitute this element in the explicit AST, if any. + * Classes can override this to indicate this node should be in the "hidden" AST, mostly reserved + * for conversions and syntactic sugar nodes like parentheses. + */ + Element getResolveStep() { none() } // overridden by subclasses + + /** + * Gets the element that should substitute this element in the explicit AST, applying `getResolveStep` + * transitively. + */ + final Element resolve() { + not exists(this.getResolveStep()) and result = this + or + result = this.getResolveStep().resolve() + } + /** * Holds if this element is unknown. */ diff --git a/swift/ql/lib/codeql/swift/generated/HideableElement.qll b/swift/ql/lib/codeql/swift/generated/HideableElement.qll deleted file mode 100644 index 9d8b323313c..00000000000 --- a/swift/ql/lib/codeql/swift/generated/HideableElement.qll +++ /dev/null @@ -1,25 +0,0 @@ -// generated by codegen/codegen.py -private import codeql.swift.generated.Synth -private import codeql.swift.generated.Raw -import codeql.swift.elements.Element - -module Generated { - class HideableElement extends Synth::THideableElement, Element { - /** - * Gets the most immediate element that should substitute this element in the explicit AST, if any. - * Classes can override this to indicate this node should be in the "hidden" AST, mostly reserved - * for conversions and syntactic sugar nodes like parentheses. - */ - HideableElement getResolveStep() { none() } // overridden by subclasses - - /** - * Gets the element that should substitute this element in the explicit AST, applying `getResolveStep` - * transitively. - */ - final HideableElement resolve() { - not exists(this.getResolveStep()) and result = this - or - result = this.getResolveStep().resolve() - } - } -} diff --git a/swift/ql/lib/codeql/swift/generated/ParentChild.qll b/swift/ql/lib/codeql/swift/generated/ParentChild.qll index 61b61ab0459..ab0ce2dba37 100644 --- a/swift/ql/lib/codeql/swift/generated/ParentChild.qll +++ b/swift/ql/lib/codeql/swift/generated/ParentChild.qll @@ -50,21 +50,6 @@ private module Impl { ) } - private Element getImmediateChildOfHideableElement( - HideableElement e, int index, string partialPredicateCall - ) { - exists(int b, int bElement, int n | - b = 0 and - bElement = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfElement(e, i, _)) | i) and - n = bElement and - ( - none() - or - result = getImmediateChildOfElement(e, index - b, partialPredicateCall) - ) - ) - } - private Element getImmediateChildOfLocatable(Locatable e, int index, string partialPredicateCall) { exists(int b, int bElement, int n | b = 0 and @@ -1043,19 +1028,14 @@ private module Impl { } private Element getImmediateChildOfExpr(Expr e, int index, string partialPredicateCall) { - exists(int b, int bAstNode, int bHideableElement, int n | + exists(int b, int bAstNode, int n | b = 0 and bAstNode = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfAstNode(e, i, _)) | i) and - bHideableElement = - bAstNode + 1 + - max(int i | i = -1 or exists(getImmediateChildOfHideableElement(e, i, _)) | i) and - n = bHideableElement and + n = bAstNode and ( none() or result = getImmediateChildOfAstNode(e, index - b, partialPredicateCall) - or - result = getImmediateChildOfHideableElement(e, index - bAstNode, partialPredicateCall) ) ) } @@ -3179,19 +3159,14 @@ private module Impl { } private Element getImmediateChildOfPattern(Pattern e, int index, string partialPredicateCall) { - exists(int b, int bAstNode, int bHideableElement, int n | + exists(int b, int bAstNode, int n | b = 0 and bAstNode = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfAstNode(e, i, _)) | i) and - bHideableElement = - bAstNode + 1 + - max(int i | i = -1 or exists(getImmediateChildOfHideableElement(e, i, _)) | i) and - n = bHideableElement and + n = bAstNode and ( none() or result = getImmediateChildOfAstNode(e, index - b, partialPredicateCall) - or - result = getImmediateChildOfHideableElement(e, index - bAstNode, partialPredicateCall) ) ) } @@ -3481,13 +3456,13 @@ private module Impl { b = 0 and bStmt = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfStmt(e, i, _)) | i) and n = bStmt and - nElement = n + 1 + max(int i | i = -1 or exists(e.getElement(i)) | i) and + nElement = n + 1 + max(int i | i = -1 or exists(e.getImmediateElement(i)) | i) and ( none() or result = getImmediateChildOfStmt(e, index - b, partialPredicateCall) or - result = e.getElement(index - n) and + result = e.getImmediateElement(index - n) and partialPredicateCall = "Element(" + (index - n).toString() + ")" ) ) @@ -3854,15 +3829,14 @@ private module Impl { } private Element getImmediateChildOfType(Type e, int index, string partialPredicateCall) { - exists(int b, int bHideableElement, int n | + exists(int b, int bElement, int n | b = 0 and - bHideableElement = - b + 1 + max(int i | i = -1 or exists(getImmediateChildOfHideableElement(e, i, _)) | i) and - n = bHideableElement and + bElement = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfElement(e, i, _)) | i) and + n = bElement and ( none() or - result = getImmediateChildOfHideableElement(e, index - b, partialPredicateCall) + result = getImmediateChildOfElement(e, index - b, partialPredicateCall) ) ) } @@ -5319,10 +5293,6 @@ private module Impl { or result = getImmediateChildOfVariadicSequenceType(e, index, partialAccessor) } - - Element resolve(Element e) { - if e instanceof HideableElement then result = e.(HideableElement).resolve() else result = e - } } /** @@ -5350,7 +5320,7 @@ Element getImmediateChildAndAccessor(Element e, int index, string accessor) { */ Element getChildAndAccessor(Element e, int index, string accessor) { exists(string partialAccessor | - result = Impl::resolve(Impl::getImmediateChild(e, index, partialAccessor)) and + result = Impl::getImmediateChild(e, index, partialAccessor).resolve() and accessor = "get" + partialAccessor ) } diff --git a/swift/ql/lib/codeql/swift/generated/Raw.qll b/swift/ql/lib/codeql/swift/generated/Raw.qll index f7c127818d7..dc5ddeed979 100644 --- a/swift/ql/lib/codeql/swift/generated/Raw.qll +++ b/swift/ql/lib/codeql/swift/generated/Raw.qll @@ -62,11 +62,6 @@ module Raw { predicate isSuccessfullyExtracted() { file_is_successfully_extracted(this) } } - /** - * INTERNAL: Do not use. - */ - class HideableElement extends @hideable_element, Element { } - /** * INTERNAL: Do not use. */ @@ -991,7 +986,7 @@ module Raw { * INTERNAL: Do not use. * The base class for all expressions in Swift. */ - class Expr extends @expr, AstNode, HideableElement { + class Expr extends @expr, AstNode { /** * Gets the type of this expression, if it exists. */ @@ -2358,7 +2353,7 @@ module Raw { /** * INTERNAL: Do not use. */ - class Pattern extends @pattern, AstNode, HideableElement { } + class Pattern extends @pattern, AstNode { } /** * INTERNAL: Do not use. @@ -2874,7 +2869,7 @@ module Raw { /** * INTERNAL: Do not use. */ - class Type extends @type, HideableElement { + class Type extends @type, Element { /** * Gets the name of this type. */ diff --git a/swift/ql/lib/codeql/swift/generated/Synth.qll b/swift/ql/lib/codeql/swift/generated/Synth.qll index f79d71f84a3..fdbadffcd33 100644 --- a/swift/ql/lib/codeql/swift/generated/Synth.qll +++ b/swift/ql/lib/codeql/swift/generated/Synth.qll @@ -1043,11 +1043,6 @@ module Synth { */ class TFile = TDbFile or TUnknownFile; - /** - * INTERNAL: Do not use. - */ - class THideableElement = TExpr or TPattern or TType; - /** * INTERNAL: Do not use. */ @@ -3228,11 +3223,11 @@ module Synth { or result = convertGenericContextFromRaw(e) or - result = convertHideableElementFromRaw(e) - or result = convertLocatableFromRaw(e) or result = convertLocationFromRaw(e) + or + result = convertTypeFromRaw(e) } /** @@ -3277,19 +3272,6 @@ module Synth { result = convertUnknownFileFromRaw(e) } - /** - * INTERNAL: Do not use. - * Converts a raw DB element to a synthesized `THideableElement`, if possible. - */ - cached - THideableElement convertHideableElementFromRaw(Raw::Element e) { - result = convertExprFromRaw(e) - or - result = convertPatternFromRaw(e) - or - result = convertTypeFromRaw(e) - } - /** * INTERNAL: Do not use. * Converts a raw DB element to a synthesized `TLocatable`, if possible. @@ -6046,11 +6028,11 @@ module Synth { or result = convertGenericContextToRaw(e) or - result = convertHideableElementToRaw(e) - or result = convertLocatableToRaw(e) or result = convertLocationToRaw(e) + or + result = convertTypeToRaw(e) } /** @@ -6095,19 +6077,6 @@ module Synth { result = convertUnknownFileToRaw(e) } - /** - * INTERNAL: Do not use. - * Converts a synthesized `THideableElement` to a raw DB element, if possible. - */ - cached - Raw::Element convertHideableElementToRaw(THideableElement e) { - result = convertExprToRaw(e) - or - result = convertPatternToRaw(e) - or - result = convertTypeToRaw(e) - } - /** * INTERNAL: Do not use. * Converts a synthesized `TLocatable` to a raw DB element, if possible. diff --git a/swift/ql/lib/codeql/swift/generated/UnspecifiedElement.qll b/swift/ql/lib/codeql/swift/generated/UnspecifiedElement.qll index af422cbd10d..7a5c1b5903f 100644 --- a/swift/ql/lib/codeql/swift/generated/UnspecifiedElement.qll +++ b/swift/ql/lib/codeql/swift/generated/UnspecifiedElement.qll @@ -10,14 +10,27 @@ module Generated { /** * Gets the parent of this unspecified element, if it exists. + * + * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the + * behavior of both the `Immediate` and non-`Immediate` versions. */ - Element getParent() { + Element getImmediateParent() { result = Synth::convertElementFromRaw(Synth::convertUnspecifiedElementToRaw(this) .(Raw::UnspecifiedElement) .getParent()) } + /** + * Gets the parent of this unspecified element, if it exists. + */ + final Element getParent() { + exists(Element immediate | + immediate = this.getImmediateParent() and + result = immediate.resolve() + ) + } + /** * Holds if `getParent()` exists. */ diff --git a/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll b/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll index 9a93bce7540..aec001a1122 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/IfConfigDecl.qll @@ -10,14 +10,27 @@ module Generated { /** * Gets the `index`th active element of this if config declaration (0-based). + * + * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the + * behavior of both the `Immediate` and non-`Immediate` versions. */ - AstNode getActiveElement(int index) { + AstNode getImmediateActiveElement(int index) { result = Synth::convertAstNodeFromRaw(Synth::convertIfConfigDeclToRaw(this) .(Raw::IfConfigDecl) .getActiveElement(index)) } + /** + * Gets the `index`th active element of this if config declaration (0-based). + */ + final AstNode getActiveElement(int index) { + exists(AstNode immediate | + immediate = this.getImmediateActiveElement(index) and + result = immediate.resolve() + ) + } + /** * Gets any of the active elements of this if config declaration. */ diff --git a/swift/ql/lib/codeql/swift/generated/expr/Expr.qll b/swift/ql/lib/codeql/swift/generated/expr/Expr.qll index 6f488acbe59..dad004bc2bd 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/Expr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/Expr.qll @@ -2,14 +2,13 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.AstNode -import codeql.swift.elements.HideableElement import codeql.swift.elements.type.Type module Generated { /** * The base class for all expressions in Swift. */ - class Expr extends Synth::TExpr, AstNode, HideableElement { + class Expr extends Synth::TExpr, AstNode { /** * Gets the type of this expression, if it exists. * diff --git a/swift/ql/lib/codeql/swift/generated/pattern/Pattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/Pattern.qll index 5ba24c9fcda..5c795e45107 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/Pattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/Pattern.qll @@ -2,8 +2,7 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.AstNode -import codeql.swift.elements.HideableElement module Generated { - class Pattern extends Synth::TPattern, AstNode, HideableElement { } + class Pattern extends Synth::TPattern, AstNode { } } diff --git a/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll b/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll index 360366dcaa3..d136e02df08 100644 --- a/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll +++ b/swift/ql/lib/codeql/swift/generated/stmt/BraceStmt.qll @@ -10,14 +10,27 @@ module Generated { /** * Gets the `index`th element of this brace statement (0-based). + * + * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the + * behavior of both the `Immediate` and non-`Immediate` versions. */ - AstNode getElement(int index) { + AstNode getImmediateElement(int index) { result = Synth::convertAstNodeFromRaw(Synth::convertBraceStmtToRaw(this) .(Raw::BraceStmt) .getElement(index)) } + /** + * Gets the `index`th element of this brace statement (0-based). + */ + final AstNode getElement(int index) { + exists(AstNode immediate | + immediate = this.getImmediateElement(index) and + result = immediate.resolve() + ) + } + /** * Gets any of the elements of this brace statement. */ diff --git a/swift/ql/lib/codeql/swift/generated/type/Type.qll b/swift/ql/lib/codeql/swift/generated/type/Type.qll index 7f09e7d7e94..a3074fdd4d3 100644 --- a/swift/ql/lib/codeql/swift/generated/type/Type.qll +++ b/swift/ql/lib/codeql/swift/generated/type/Type.qll @@ -1,10 +1,10 @@ // generated by codegen/codegen.py private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw -import codeql.swift.elements.HideableElement +import codeql.swift.elements.Element module Generated { - class Type extends Synth::TType, HideableElement { + class Type extends Synth::TType, Element { /** * Gets the name of this type. */ diff --git a/swift/ql/lib/codeql/swift/printast/PrintAstNode.qll b/swift/ql/lib/codeql/swift/printast/PrintAstNode.qll index dc6af553f43..57e68648636 100644 --- a/swift/ql/lib/codeql/swift/printast/PrintAstNode.qll +++ b/swift/ql/lib/codeql/swift/printast/PrintAstNode.qll @@ -66,7 +66,7 @@ private string prettyPrint(Locatable e) { result = "[" + concat(e.getPrimaryQlClasses(), ", ") + "] " + e } -private class Unresolved extends HideableElement, Locatable { +private class Unresolved extends Locatable { Unresolved() { this != this.resolve() } } @@ -89,7 +89,7 @@ class PrintLocatable extends PrintAstNode, TLocatable { // use even indexes for normal children, leaving odd slots for conversions if any child = TLocatable(c) and index = 2 * i and label = accessor or - child = TLocatable(c.(HideableElement).getFullyUnresolved().(Unresolved)) and + child = TLocatable(c.getFullyUnresolved().(Unresolved)) and index = 2 * i + 1 and ( if c instanceof Expr diff --git a/swift/ql/lib/swift.dbscheme b/swift/ql/lib/swift.dbscheme index 37e784cc154..ba4171b90d0 100644 --- a/swift/ql/lib/swift.dbscheme +++ b/swift/ql/lib/swift.dbscheme @@ -15,9 +15,9 @@ sourceLocationPrefix( @callable | @file | @generic_context -| @hideable_element | @locatable | @location +| @type ; #keyset[id] @@ -77,12 +77,6 @@ file_is_successfully_extracted( int id: @file ref ); -@hideable_element = - @expr -| @pattern -| @type -; - @locatable = @argument | @ast_node diff --git a/swift/schema.py b/swift/schema.py index 76ac53dcb5c..5f000b32a8c 100644 --- a/swift/schema.py +++ b/swift/schema.py @@ -72,12 +72,9 @@ class UnknownLocation(Location): class AstNode(Locatable): pass -@ql.hideable -class HideableElement(Element): - pass - @group("type") -class Type(HideableElement): +@ql.hideable +class Type(Element): name: string canonical_type: "Type" @@ -87,12 +84,14 @@ class Decl(AstNode): members: list["Decl"] | child @group("expr") -class Expr(AstNode, HideableElement): +@ql.hideable +class Expr(AstNode): """The base class for all expressions in Swift.""" type: optional[Type] @group("pattern") -class Pattern(AstNode, HideableElement): +@ql.hideable +class Pattern(AstNode): pass @group("stmt") From eaa84cb819efc3538f95f80f9c742e7eddcb8329 Mon Sep 17 00:00:00 2001 From: Tom Hvitved <hvitved@github.com> Date: Tue, 23 May 2023 13:56:29 +0200 Subject: [PATCH 589/870] Ruby: Include underlying SSA parameter definition in `localFlowSsaParamCaptureInput` --- .../codeql/ruby/dataflow/internal/DataFlowPrivate.qll | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll index cbdb38d5803..d6908827ba9 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll @@ -144,12 +144,13 @@ module LocalFlow { * This is intended to recover from flow not currently recognised by ordinary capture flow. */ predicate localFlowSsaParamCaptureInput(Node nodeFrom, Node nodeTo) { - exists(Ssa::CapturedEntryDefinition def | - nodeFrom.asParameter().(NamedParameter).getVariable() = def.getSourceVariable() - or - nodeFrom.(SelfParameterNode).getSelfVariable() = def.getSourceVariable() - | + exists(Ssa::CapturedEntryDefinition def, ParameterNodeImpl p | + (nodeFrom = p or LocalFlow::localFlowSsaParamInput(p, nodeFrom)) and nodeTo.(SsaDefinitionExtNode).getDefinitionExt() = def + | + p.getParameter().(NamedParameter).getVariable() = def.getSourceVariable() + or + p.(SelfParameterNode).getSelfVariable() = def.getSourceVariable() ) } From 99c211955b2b00a9c95914b835f8ab6a0e3bcb52 Mon Sep 17 00:00:00 2001 From: Chris Smowton <smowton@github.com> Date: Tue, 23 May 2023 14:31:25 +0100 Subject: [PATCH 590/870] Hotfix: Go: exclude method receivers from dead-store-of-field query --- go/ql/src/RedundantCode/DeadStoreOfField.ql | 3 +++ 1 file changed, 3 insertions(+) diff --git a/go/ql/src/RedundantCode/DeadStoreOfField.ql b/go/ql/src/RedundantCode/DeadStoreOfField.ql index 9dd2c4de65c..edc1d62cb00 100644 --- a/go/ql/src/RedundantCode/DeadStoreOfField.ql +++ b/go/ql/src/RedundantCode/DeadStoreOfField.ql @@ -38,6 +38,9 @@ predicate escapes(DataFlow::Node nd) { // if `nd` is passed to a function, then it escapes nd = any(DataFlow::CallNode c).getASyntacticArgument() or + // if `nd` is the receiver of a function, then it escapes + nd = any(DataFlow::MethodCallNode c).getReceiver() + or // if `nd` has its address taken, then it escapes exists(AddressExpr ae | nd.asExpr() = ae.getOperand()) or From aeb6293757b1eba2e9121815f4840ae44081bfbc Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Tue, 23 May 2023 16:26:47 +0200 Subject: [PATCH 591/870] C++: Rewrite flow test common to use inline expectation test module This also rewrites all uses of flow test common to use `DataFlow::ConfigSig`. Note that the removed deprecated aliases are 14 months old by now and, hence, can be safely removed. --- .../TestUtilities/dataflow/FlowTestCommon.qll | 33 +++++++------------ .../dataflow/dataflow-tests/test.expected | 2 ++ .../dataflow/dataflow-tests/test.ql | 26 ++++++++------- .../dataflow/fields/ASTConfiguration.qll | 13 +++----- .../dataflow/fields/IRConfiguration.qll | 12 +++---- .../dataflow/fields/flow.expected | 2 ++ .../library-tests/dataflow/fields/flow.ql | 6 ++-- .../dataflow/fields/ir-path-flow.ql | 6 ++-- .../dataflow/fields/path-flow.ql | 6 ++-- .../smart-pointers-taint/taint.expected | 2 ++ .../dataflow/smart-pointers-taint/taint.ql | 22 +++++++------ .../dataflow/taint-tests/taint.expected | 2 ++ .../dataflow/taint-tests/taint.ql | 30 +++++++++-------- 13 files changed, 83 insertions(+), 79 deletions(-) diff --git a/cpp/ql/test/TestUtilities/dataflow/FlowTestCommon.qll b/cpp/ql/test/TestUtilities/dataflow/FlowTestCommon.qll index d2172604384..8f393cccde5 100644 --- a/cpp/ql/test/TestUtilities/dataflow/FlowTestCommon.qll +++ b/cpp/ql/test/TestUtilities/dataflow/FlowTestCommon.qll @@ -16,18 +16,16 @@ private import semmle.code.cpp.ir.dataflow.DataFlow::DataFlow as IRDataFlow private import semmle.code.cpp.dataflow.DataFlow::DataFlow as AstDataFlow import TestUtilities.InlineExpectationsTest -class IRFlowTest extends InlineExpectationsTest { - IRFlowTest() { this = "IRFlowTest" } +module IRFlowTest<IRDataFlow::GlobalFlowSig Flow> implements TestSig { + string getARelevantTag() { result = "ir" } - override string getARelevantTag() { result = "ir" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { - exists(IRDataFlow::Node source, IRDataFlow::Node sink, IRDataFlow::Configuration conf, int n | + predicate hasActualResult(Location location, string element, string tag, string value) { + exists(IRDataFlow::Node source, IRDataFlow::Node sink, int n | tag = "ir" and - conf.hasFlow(source, sink) and + Flow::flow(source, sink) and n = strictcount(int line, int column | - conf.hasFlow(any(IRDataFlow::Node otherSource | + Flow::flow(any(IRDataFlow::Node otherSource | otherSource.hasLocationInfo(_, line, column, _, _) ), sink) ) and @@ -47,20 +45,16 @@ class IRFlowTest extends InlineExpectationsTest { } } -class AstFlowTest extends InlineExpectationsTest { - AstFlowTest() { this = "ASTFlowTest" } +module AstFlowTest<AstDataFlow::GlobalFlowSig Flow> implements TestSig { + string getARelevantTag() { result = "ast" } - override string getARelevantTag() { result = "ast" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { - exists( - AstDataFlow::Node source, AstDataFlow::Node sink, AstDataFlow::Configuration conf, int n - | + predicate hasActualResult(Location location, string element, string tag, string value) { + exists(AstDataFlow::Node source, AstDataFlow::Node sink, int n | tag = "ast" and - conf.hasFlow(source, sink) and + Flow::flow(source, sink) and n = strictcount(int line, int column | - conf.hasFlow(any(AstDataFlow::Node otherSource | + Flow::flow(any(AstDataFlow::Node otherSource | otherSource.hasLocationInfo(_, line, column, _, _) ), sink) ) and @@ -79,6 +73,3 @@ class AstFlowTest extends InlineExpectationsTest { ) } } - -/** DEPRECATED: Alias for AstFlowTest */ -deprecated class ASTFlowTest = AstFlowTest; diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.expected index e69de29bb2d..48de9172b36 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.ql b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.ql index 3847e27e2a0..ea27ec0d51d 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.ql +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test.ql @@ -16,10 +16,8 @@ module AstTest { } /** Common data flow configuration to be used by tests. */ - class AstTestAllocationConfig extends DataFlow::Configuration { - AstTestAllocationConfig() { this = "ASTTestAllocationConfig" } - - override predicate isSource(DataFlow::Node source) { + module AstTestAllocationConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().(FunctionCall).getTarget().getName() = "source" or source.asParameter().getName().matches("source%") @@ -32,18 +30,20 @@ module AstTest { exists(source.asUninitialized()) } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(FunctionCall call | call.getTarget().getName() = ["sink", "indirect_sink"] and sink.asExpr() = call.getAnArgument() ) } - override predicate isBarrier(DataFlow::Node barrier) { + predicate isBarrier(DataFlow::Node barrier) { barrier.asExpr().(VariableAccess).getTarget().hasName("barrier") or barrier = DataFlow::BarrierGuard<testBarrierGuard/3>::getABarrierNode() } } + + module AstFlow = DataFlow::Global<AstTestAllocationConfig>; } module IRTest { @@ -67,10 +67,8 @@ module IRTest { } /** Common data flow configuration to be used by tests. */ - class IRTestAllocationConfig extends DataFlow::Configuration { - IRTestAllocationConfig() { this = "IRTestAllocationConfig" } - - override predicate isSource(DataFlow::Node source) { + module IRTestAllocationConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().(FunctionCall).getTarget().getName() = "source" or source.asIndirectExpr(1).(FunctionCall).getTarget().getName() = "indirect_source" @@ -82,7 +80,7 @@ module IRTest { exists(source.asUninitialized()) } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(FunctionCall call, Expr e | e = call.getAnArgument() | call.getTarget().getName() = "sink" and sink.asExpr() = e @@ -92,7 +90,7 @@ module IRTest { ) } - override predicate isBarrier(DataFlow::Node barrier) { + predicate isBarrier(DataFlow::Node barrier) { exists(Expr barrierExpr | barrierExpr in [barrier.asExpr(), barrier.asIndirectExpr()] | barrierExpr.(VariableAccess).getTarget().hasName("barrier") ) @@ -102,4 +100,8 @@ module IRTest { barrier = DataFlow::BarrierGuard<testBarrierGuard/3>::getAnIndirectBarrierNode() } } + + module IRFlow = DataFlow::Global<IRTestAllocationConfig>; } + +import MakeTest<MergeTests<AstFlowTest<AstTest::AstFlow>, IRFlowTest<IRTest::IRFlow>>> diff --git a/cpp/ql/test/library-tests/dataflow/fields/ASTConfiguration.qll b/cpp/ql/test/library-tests/dataflow/fields/ASTConfiguration.qll index 39d6cff3492..b0d5b607de9 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/ASTConfiguration.qll +++ b/cpp/ql/test/library-tests/dataflow/fields/ASTConfiguration.qll @@ -1,10 +1,8 @@ private import semmle.code.cpp.dataflow.DataFlow private import DataFlow -class AstConf extends Configuration { - AstConf() { this = "ASTFieldFlowConf" } - - override predicate isSource(Node src) { +module AstConfig implements ConfigSig { + predicate isSource(Node src) { src.asExpr() instanceof NewExpr or src.asExpr().(Call).getTarget().hasName("user_input") @@ -15,14 +13,14 @@ class AstConf extends Configuration { ) } - override predicate isSink(Node sink) { + predicate isSink(Node sink) { exists(Call c | c.getTarget().hasName("sink") and c.getAnArgument() = sink.asExpr() ) } - override predicate isAdditionalFlowStep(Node a, Node b) { + predicate isAdditionalFlowStep(Node a, Node b) { b.asPartialDefinition() = any(Call c | c.getTarget().hasName("insert") and c.getAnArgument() = a.asExpr()) .getQualifier() @@ -31,5 +29,4 @@ class AstConf extends Configuration { } } -/** DEPRECATED: Alias for AstConf */ -deprecated class ASTConf = AstConf; +module AstFlow = Global<AstConfig>; diff --git a/cpp/ql/test/library-tests/dataflow/fields/IRConfiguration.qll b/cpp/ql/test/library-tests/dataflow/fields/IRConfiguration.qll index dac495f132b..494d15efb9c 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/IRConfiguration.qll +++ b/cpp/ql/test/library-tests/dataflow/fields/IRConfiguration.qll @@ -1,10 +1,8 @@ private import semmle.code.cpp.ir.dataflow.DataFlow private import DataFlow -class IRConf extends Configuration { - IRConf() { this = "IRFieldFlowConf" } - - override predicate isSource(Node src) { +module IRConfig implements ConfigSig { + predicate isSource(Node src) { src.asExpr() instanceof NewExpr or src.asExpr().(Call).getTarget().hasName("user_input") @@ -15,14 +13,14 @@ class IRConf extends Configuration { ) } - override predicate isSink(Node sink) { + predicate isSink(Node sink) { exists(Call c | c.getTarget().hasName("sink") and c.getAnArgument() = [sink.asExpr(), sink.asIndirectExpr(), sink.asConvertedExpr()] ) } - override predicate isAdditionalFlowStep(Node a, Node b) { + predicate isAdditionalFlowStep(Node a, Node b) { b.asPartialDefinition() = any(Call c | c.getTarget().hasName("insert") and c.getAnArgument() = a.asExpr()) .getQualifier() @@ -30,3 +28,5 @@ class IRConf extends Configuration { b.asExpr().(AddressOfExpr).getOperand() = a.asExpr() } } + +module IRFlow = Global<IRConfig>; diff --git a/cpp/ql/test/library-tests/dataflow/fields/flow.expected b/cpp/ql/test/library-tests/dataflow/fields/flow.expected index e69de29bb2d..48de9172b36 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/flow.expected +++ b/cpp/ql/test/library-tests/dataflow/fields/flow.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/cpp/ql/test/library-tests/dataflow/fields/flow.ql b/cpp/ql/test/library-tests/dataflow/fields/flow.ql index f902afd33db..433aa0ad68f 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/flow.ql +++ b/cpp/ql/test/library-tests/dataflow/fields/flow.ql @@ -1,9 +1,11 @@ import TestUtilities.dataflow.FlowTestCommon module AstTest { - private import ASTConfiguration + import ASTConfiguration } module IRTest { - private import IRConfiguration + import IRConfiguration } + +import MakeTest<MergeTests<AstFlowTest<AstTest::AstFlow>, IRFlowTest<IRTest::IRFlow>>> diff --git a/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.ql b/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.ql index b918417cd66..d20dec6a94f 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.ql +++ b/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.ql @@ -4,8 +4,8 @@ import semmle.code.cpp.ir.dataflow.DataFlow import IRConfiguration -import DataFlow::PathGraph +import IRFlow::PathGraph -from DataFlow::PathNode src, DataFlow::PathNode sink, IRConf conf -where conf.hasFlowPath(src, sink) +from IRFlow::PathNode src, IRFlow::PathNode sink +where IRFlow::flowPath(src, sink) select sink, src, sink, sink + " flows from $@", src, src.toString() diff --git a/cpp/ql/test/library-tests/dataflow/fields/path-flow.ql b/cpp/ql/test/library-tests/dataflow/fields/path-flow.ql index 7456e114712..6958ae19700 100644 --- a/cpp/ql/test/library-tests/dataflow/fields/path-flow.ql +++ b/cpp/ql/test/library-tests/dataflow/fields/path-flow.ql @@ -4,8 +4,8 @@ import semmle.code.cpp.dataflow.DataFlow import ASTConfiguration -import DataFlow::PathGraph +import AstFlow::PathGraph -from DataFlow::PathNode src, DataFlow::PathNode sink, AstConf conf -where conf.hasFlowPath(src, sink) +from AstFlow::PathNode src, AstFlow::PathNode sink +where AstFlow::flowPath(src, sink) select sink, src, sink, sink + " flows from $@", src, src.toString() diff --git a/cpp/ql/test/library-tests/dataflow/smart-pointers-taint/taint.expected b/cpp/ql/test/library-tests/dataflow/smart-pointers-taint/taint.expected index e69de29bb2d..48de9172b36 100644 --- a/cpp/ql/test/library-tests/dataflow/smart-pointers-taint/taint.expected +++ b/cpp/ql/test/library-tests/dataflow/smart-pointers-taint/taint.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/cpp/ql/test/library-tests/dataflow/smart-pointers-taint/taint.ql b/cpp/ql/test/library-tests/dataflow/smart-pointers-taint/taint.ql index d16552d983d..b887539d588 100644 --- a/cpp/ql/test/library-tests/dataflow/smart-pointers-taint/taint.ql +++ b/cpp/ql/test/library-tests/dataflow/smart-pointers-taint/taint.ql @@ -3,37 +3,39 @@ import TestUtilities.dataflow.FlowTestCommon module AstTest { private import semmle.code.cpp.dataflow.TaintTracking - class AstSmartPointerTaintConfig extends TaintTracking::Configuration { - AstSmartPointerTaintConfig() { this = "ASTSmartPointerTaintConfig" } - - override predicate isSource(DataFlow::Node source) { + module AstSmartPointerTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().(FunctionCall).getTarget().getName() = "source" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(FunctionCall call | call.getTarget().getName() = "sink" and sink.asExpr() = call.getAnArgument() ) } } + + module AstFlow = TaintTracking::Global<AstSmartPointerTaintConfig>; } module IRTest { private import semmle.code.cpp.ir.dataflow.TaintTracking - class IRSmartPointerTaintConfig extends TaintTracking::Configuration { - IRSmartPointerTaintConfig() { this = "IRSmartPointerTaintConfig" } - - override predicate isSource(DataFlow::Node source) { + module IRSmartPointerTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().(FunctionCall).getTarget().getName() = "source" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(FunctionCall call | call.getTarget().getName() = "sink" and sink.asExpr() = call.getAnArgument() ) } } + + module IRFlow = TaintTracking::Global<IRSmartPointerTaintConfig>; } + +import MakeTest<MergeTests<AstFlowTest<AstTest::AstFlow>, IRFlowTest<IRTest::IRFlow>>> diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.expected index e69de29bb2d..48de9172b36 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.ql b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.ql index fc0b0976348..ef79f065921 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.ql +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.ql @@ -43,10 +43,8 @@ module AstTest { private import semmle.code.cpp.models.interfaces.Taint /** Common data flow configuration to be used by tests. */ - class AstTestAllocationConfig extends TaintTracking::Configuration { - AstTestAllocationConfig() { this = "ASTTestAllocationConfig" } - - override predicate isSource(DataFlow::Node source) { + module AstTestAllocationConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().(FunctionCall).getTarget().getName() = "source" or source.asParameter().getName().matches("source%") @@ -60,17 +58,19 @@ module AstTest { ) } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(FunctionCall call | call.getTarget().getName() = "sink" and sink.asExpr() = call.getAnArgument() ) } - override predicate isSanitizer(DataFlow::Node barrier) { + predicate isBarrier(DataFlow::Node barrier) { barrier.asExpr().(VariableAccess).getTarget().hasName("sanitizer") } } + + module AstFlow = TaintTracking::Global<AstTestAllocationConfig>; } module IRTest { @@ -78,10 +78,8 @@ module IRTest { private import semmle.code.cpp.ir.dataflow.TaintTracking /** Common data flow configuration to be used by tests. */ - class TestAllocationConfig extends TaintTracking::Configuration { - TestAllocationConfig() { this = "TestAllocationConfig" } - - override predicate isSource(DataFlow::Node source) { + module TestAllocationConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().(FunctionCall).getTarget().getName() = "source" or source.asIndirectExpr().(FunctionCall).getTarget().getName() = "source" @@ -94,21 +92,25 @@ module IRTest { ) } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(FunctionCall call | call.getTarget().getName() = "sink" and [sink.asExpr(), sink.asIndirectExpr()] = call.getAnArgument() ) } - override predicate isSanitizer(DataFlow::Node barrier) { + predicate isBarrier(DataFlow::Node barrier) { barrier.asExpr().(VariableAccess).getTarget().hasName("sanitizer") } - override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) { // allow arbitrary reads at sinks - this.isSink(node) and + isSink(node) and c.(DataFlow::FieldContent).getField().getDeclaringType() = node.getType().getUnspecifiedType() } } + + module IRFlow = TaintTracking::Global<TestAllocationConfig>; } + +import MakeTest<MergeTests<AstFlowTest<AstTest::AstFlow>, IRFlowTest<IRTest::IRFlow>>> From 50a7b219284e55bdca292a9f6ee54370dbf1702c Mon Sep 17 00:00:00 2001 From: Asger F <asgerf@github.com> Date: Tue, 23 May 2023 13:22:38 +0200 Subject: [PATCH 592/870] Ruby: fix a name clash for summaries called "delete" --- ruby/ql/lib/codeql/ruby/frameworks/core/Array.qll | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/Array.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/Array.qll index 073d73288fb..a1007f9806a 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/core/Array.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/core/Array.qll @@ -583,7 +583,8 @@ module Array { private class DeleteUnknownSummary extends DeleteSummary { DeleteUnknownSummary() { - this = "delete" and + // Note: take care to avoid a name clash with the "delete" summary from String.qll + this = "delete-unknown-key" and not exists(DataFlow::Content::getKnownElementIndex(mc.getArgument(0))) } From 89d246ba344df1bbb312db927e2b9088b0fce1a9 Mon Sep 17 00:00:00 2001 From: Philip Ginsbach <ginsbach@github.com> Date: Tue, 23 May 2023 16:06:57 +0100 Subject: [PATCH 593/870] add documentation for additional annotation --- .../ql-language-reference/ql-language-specification.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/codeql/ql-language-reference/ql-language-specification.rst b/docs/codeql/ql-language-reference/ql-language-specification.rst index c1575b3d6e5..9f53a633356 100644 --- a/docs/codeql/ql-language-reference/ql-language-specification.rst +++ b/docs/codeql/ql-language-reference/ql-language-specification.rst @@ -710,6 +710,7 @@ Various kinds of syntax can have *annotations* applied to them. Annotations are | "private" | "deprecated" | "override" + | "additional" | "query" argsAnnotation ::= "pragma" "[" ("inline" | "inline_late" | "noinline" | "nomagic" | "noopt" | "assume_small_delta") "]" @@ -746,6 +747,8 @@ The following table summarizes the syntactic constructs which can be marked with +----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ | ``override`` | | | yes | | | yes | | | +----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ +| ``additional`` | yes | | | yes | | | yes | yes | ++----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ | ``query`` | | | | yes | | | | yes | +----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ @@ -2165,6 +2168,7 @@ The complete grammar for QL is as follows: | "private" | "deprecated" | "override" + | "additional" | "query" argsAnnotation ::= "pragma" "[" ("inline" | "inline_late" | "noinline" | "nomagic" | "noopt" | "assume_small_delta") "]" From 6f4b02ef14f387972c8d6508bd532a593c0cd759 Mon Sep 17 00:00:00 2001 From: Philip Ginsbach <ginsbach@github.com> Date: Tue, 23 May 2023 16:08:38 +0100 Subject: [PATCH 594/870] add documentation for extensible annotation --- .../ql-language-reference/ql-language-specification.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/codeql/ql-language-reference/ql-language-specification.rst b/docs/codeql/ql-language-reference/ql-language-specification.rst index 9f53a633356..c687b6c0321 100644 --- a/docs/codeql/ql-language-reference/ql-language-specification.rst +++ b/docs/codeql/ql-language-reference/ql-language-specification.rst @@ -704,6 +704,7 @@ Various kinds of syntax can have *annotations* applied to them. Annotations are simpleAnnotation ::= "abstract" | "cached" | "external" + | "extensible" | "final" | "transient" | "library" @@ -735,6 +736,8 @@ The following table summarizes the syntactic constructs which can be marked with +----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ | ``external`` | | | | yes | | | | | +----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ +| ``extensible`` | | | | yes | | | | | ++----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ | ``final`` | yes | | yes | | | yes | | yes | +----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ | ``transient`` | | | | yes | | | | | @@ -2162,6 +2165,7 @@ The complete grammar for QL is as follows: simpleAnnotation ::= "abstract" | "cached" | "external" + | "extensible" | "final" | "transient" | "library" From 846dffb5ffe20b4bcdbfd6ac946c77fda96431ba Mon Sep 17 00:00:00 2001 From: Philip Ginsbach <ginsbach@github.com> Date: Tue, 23 May 2023 16:13:10 +0100 Subject: [PATCH 595/870] Signatures column for simple annotations table --- .../ql-language-specification.rst | 54 +++++++++---------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/docs/codeql/ql-language-reference/ql-language-specification.rst b/docs/codeql/ql-language-reference/ql-language-specification.rst index c687b6c0321..91228be22c3 100644 --- a/docs/codeql/ql-language-reference/ql-language-specification.rst +++ b/docs/codeql/ql-language-reference/ql-language-specification.rst @@ -727,33 +727,33 @@ Simple annotations The following table summarizes the syntactic constructs which can be marked with each annotation in a valid program; for example, an ``abstract`` annotation preceding a character is invalid. -+----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ -| Annotation | Classes | Characters | Member predicates | Non-member predicates | Imports | Fields | Modules | Aliases | -+================+=========+============+===================+=======================+=========+========+=========+=========+ -| ``abstract`` | yes | | yes | | | | | | -+----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ -| ``cached`` | yes | yes | yes | yes | | | yes | | -+----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ -| ``external`` | | | | yes | | | | | -+----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ -| ``extensible`` | | | | yes | | | | | -+----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ -| ``final`` | yes | | yes | | | yes | | yes | -+----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ -| ``transient`` | | | | yes | | | | | -+----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ -| ``library`` | yes | | | | | | | | -+----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ -| ``private`` | yes | | yes | yes | yes | yes | yes | yes | -+----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ -| ``deprecated`` | yes | | yes | yes | | yes | yes | yes | -+----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ -| ``override`` | | | yes | | | yes | | | -+----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ -| ``additional`` | yes | | | yes | | | yes | yes | -+----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ -| ``query`` | | | | yes | | | | yes | -+----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ ++----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ +| Annotation | Classes | Characters | Member predicates | Non-member predicates | Imports | Fields | Modules | Aliases | Signatures | ++================+=========+============+===================+=======================+=========+========+=========+=========+============+ +| ``abstract`` | yes | | yes | | | | | | | ++----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ +| ``cached`` | yes | yes | yes | yes | | | yes | | | ++----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ +| ``external`` | | | | yes | | | | | | ++----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ +| ``extensible`` | | | | yes | | | | | | ++----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ +| ``final`` | yes | | yes | | | yes | | yes | | ++----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ +| ``transient`` | | | | yes | | | | | | ++----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ +| ``library`` | yes | | | | | | | | | ++----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ +| ``private`` | yes | | yes | yes | yes | yes | yes | yes | yes | ++----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ +| ``deprecated`` | yes | | yes | yes | | yes | yes | yes | yes | ++----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ +| ``override`` | | | yes | | | yes | | | | ++----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ +| ``additional`` | yes | | | yes | | | yes | yes | yes | ++----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ +| ``query`` | | | | yes | | | | yes | | ++----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ The ``library`` annotation is only usable within a QLL file, not a QL file. From 10a02d638723bd1bdd2e8a829fea93a9e059dc4d Mon Sep 17 00:00:00 2001 From: Philip Ginsbach <ginsbach@github.com> Date: Tue, 23 May 2023 16:17:54 +0100 Subject: [PATCH 596/870] Signatures column for pragmas table --- .../ql-language-specification.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/codeql/ql-language-reference/ql-language-specification.rst b/docs/codeql/ql-language-reference/ql-language-specification.rst index 91228be22c3..bf6e24c289a 100644 --- a/docs/codeql/ql-language-reference/ql-language-specification.rst +++ b/docs/codeql/ql-language-reference/ql-language-specification.rst @@ -805,11 +805,11 @@ Binding sets are checked by the QL compiler in the following way: A predicate may have several different binding sets, which can be stated by using multiple ``bindingset`` annotations on the same predicate. -+----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ -| Pragma | Classes | Characters | Member predicates | Non-member predicates | Imports | Fields | Modules | Aliases | -+================+=========+============+===================+=======================+=========+========+=========+=========+ -| ``bindingset`` | | yes | yes | yes | | | | | -+----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ ++----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ +| Pragma | Classes | Characters | Member predicates | Non-member predicates | Imports | Fields | Modules | Aliases | Signatures | ++================+=========+============+===================+=======================+=========+========+=========+=========+============+ +| ``bindingset`` | | yes | yes | yes | | | | | yes | ++----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ QLDoc ----- From f884473447187c8129a0f2b9de2ad0f37b3bbb11 Mon Sep 17 00:00:00 2001 From: Philip Ginsbach <ginsbach@github.com> Date: Tue, 23 May 2023 16:15:05 +0100 Subject: [PATCH 597/870] be more explicit about annotation caveats --- .../ql-language-reference/ql-language-specification.rst | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/docs/codeql/ql-language-reference/ql-language-specification.rst b/docs/codeql/ql-language-reference/ql-language-specification.rst index bf6e24c289a..af86332088f 100644 --- a/docs/codeql/ql-language-reference/ql-language-specification.rst +++ b/docs/codeql/ql-language-reference/ql-language-specification.rst @@ -738,11 +738,11 @@ The following table summarizes the syntactic constructs which can be marked with +----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ | ``extensible`` | | | | yes | | | | | | +----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ -| ``final`` | yes | | yes | | | yes | | yes | | +| ``final`` | yes | | yes | | | yes | | (yes) | | +----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ | ``transient`` | | | | yes | | | | | | +----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ -| ``library`` | yes | | | | | | | | | +| ``library`` | (yes) | | | | | | | | | +----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ | ``private`` | yes | | yes | yes | yes | yes | yes | yes | yes | +----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ @@ -756,6 +756,7 @@ The following table summarizes the syntactic constructs which can be marked with +----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ The ``library`` annotation is only usable within a QLL file, not a QL file. +The ``final`` annotation is usable on type aliases, but not on module aliases and predicate aliases. Annotations on aliases apply to the name introduced by the alias. An alias may, for example, have different privacy to the name it aliases. @@ -808,9 +809,11 @@ A predicate may have several different binding sets, which can be stated by usin +----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ | Pragma | Classes | Characters | Member predicates | Non-member predicates | Imports | Fields | Modules | Aliases | Signatures | +================+=========+============+===================+=======================+=========+========+=========+=========+============+ -| ``bindingset`` | | yes | yes | yes | | | | | yes | +| ``bindingset`` | | yes | yes | yes | | | | | (yes) | +----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ +The ``bindingset`` pragma is usable with type signatures and predicate signatures, but not with module signatures. + QLDoc ----- From 3e7389e1f807f5f0cf645f7b976a6477e86c6ec2 Mon Sep 17 00:00:00 2001 From: Philip Ginsbach <ginsbach@github.com> Date: Tue, 23 May 2023 16:29:35 +0100 Subject: [PATCH 598/870] move section on signatures in the QL specification --- .../ql-language-specification.rst | 67 +++++++++---------- 1 file changed, 32 insertions(+), 35 deletions(-) diff --git a/docs/codeql/ql-language-reference/ql-language-specification.rst b/docs/codeql/ql-language-reference/ql-language-specification.rst index c1575b3d6e5..d55aed06625 100644 --- a/docs/codeql/ql-language-reference/ql-language-specification.rst +++ b/docs/codeql/ql-language-reference/ql-language-specification.rst @@ -334,40 +334,6 @@ Active types In a QL program, the *active* types are those defined in active modules. In the remainder of this specification, any reference to the types in the program refers only to the active types. - -Signatures ----------- - -Signature definitions -~~~~~~~~~~~~~~~~~~~~~ - -A QL signature definition has the following syntax: - -:: - - signature ::= predicateSignature | typeSignature | moduleSignature - - predicateSignature ::= qldoc? annotations "signature" head ";" - - typeSignature ::= qldoc? annotations "signature" "class" classname ("extends" type ("," type)*)? (";" | "{" signaturePredicate* "}") - - moduleSignature ::= qldoc? annotation* "signature" "module" moduleSignatureName parameters? "{" moduleSignatureBody "}" - - moduleSignatureBody ::= (signaturePredicate | defaultPredicate | signatureType)* - - signaturePredicate ::= qldoc? annotations head ";" - - defaultPredicate ::= qldoc? annotations "default" head "{" formula "}" - - signatureType ::= qldoc? annotations "class" classname ("extends" type ("," type)*)? "{" signaturePredicate* "}" - - -A predicate signature definition extends the current module's declared predicate signature environment with a mapping from the predicate signature name and arity to the predicate signature definition. - -A type signature definition extends the current module's declared type signature environment with a mapping from the type signature name to the type signature definition. - -A module signature definition extends the current module's declared module signature environment with a mapping from the module signature name to the module signature definition. - Values ------ @@ -850,7 +816,7 @@ If the query file starts with whitespace followed by a QLDoc comment, then the t Top-level entities ------------------ -Modules include five kinds of top-level entity: predicates, classes, modules, aliases, and select clauses. +Modules include five kinds of top-level entity: predicates, classes, modules, aliases, signatures, and select clauses. Non-member predicates ~~~~~~~~~~~~~~~~~~~~~ @@ -1004,6 +970,37 @@ A valid field must override another field if it is annotated ``override``. When field ``f`` overrides field ``g`` the type of ``f`` must be a subtype of the type of ``g``. ``f`` may not be a final field. + +Signatures +~~~~~~~~~~ + +A signature definition has the following syntax: + +:: + + signature ::= predicateSignature | typeSignature | moduleSignature + + predicateSignature ::= qldoc? annotations "signature" head ";" + + typeSignature ::= qldoc? annotations "signature" "class" classname ("extends" type ("," type)*)? (";" | "{" signaturePredicate* "}") + + moduleSignature ::= qldoc? annotation* "signature" "module" moduleSignatureName parameters? "{" moduleSignatureBody "}" + + moduleSignatureBody ::= (signaturePredicate | defaultPredicate | signatureType)* + + signaturePredicate ::= qldoc? annotations head ";" + + defaultPredicate ::= qldoc? annotations "default" head "{" formula "}" + + signatureType ::= qldoc? annotations "class" classname ("extends" type ("," type)*)? "{" signaturePredicate* "}" + + +A predicate signature definition extends the current module's declared predicate signature environment with a mapping from the predicate signature name and arity to the predicate signature definition. + +A type signature definition extends the current module's declared type signature environment with a mapping from the type signature name to the type signature definition. + +A module signature definition extends the current module's declared module signature environment with a mapping from the module signature name to the module signature definition. + Select clauses ~~~~~~~~~~~~~~ From 0592c8ba99a40ab3b3aa5982c38821792cd1a452 Mon Sep 17 00:00:00 2001 From: Asger F <asgerf@github.com> Date: Tue, 23 May 2023 17:34:19 +0200 Subject: [PATCH 599/870] Ruby: avoid name clash for "assoc" summary --- ruby/ql/lib/codeql/ruby/frameworks/core/Hash.qll | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/Hash.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/Hash.qll index abb3f1f14de..617702873e0 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/core/Hash.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/core/Hash.qll @@ -199,11 +199,13 @@ module Hash { } } - private class AssocUnknownSummary extends AssocSummary { - AssocUnknownSummary() { - this = "assoc" and - mc.getNumberOfArguments() = 1 and - not exists(DataFlow::Content::getKnownElementIndex(mc.getArgument(0))) + private class AssocUnknownSummary extends SummarizedCallable { + AssocUnknownSummary() { this = "assoc-unknown-arg" } + + override MethodCall getACallSimple() { + result.getMethodName() = "assoc" and + result.getNumberOfArguments() = 1 and + not exists(DataFlow::Content::getKnownElementIndex(result.getArgument(0))) } override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { From 1be946329797b3da02ed83ebc1ed072338923f94 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Tue, 23 May 2023 16:48:15 +0200 Subject: [PATCH 600/870] Add forgotten classes related to the legacy `InlineExpectationsTest` class --- .../util/test/InlineExpectationsTest.qll | 58 +++++++++++-------- 1 file changed, 35 insertions(+), 23 deletions(-) diff --git a/shared/util/codeql/util/test/InlineExpectationsTest.qll b/shared/util/codeql/util/test/InlineExpectationsTest.qll index 15e3e12caa2..7d3806cb4b5 100644 --- a/shared/util/codeql/util/test/InlineExpectationsTest.qll +++ b/shared/util/codeql/util/test/InlineExpectationsTest.qll @@ -171,22 +171,24 @@ module Make<InlineExpectationsTestSig Impl> { */ module MakeTest<TestSig TestImpl> { private predicate hasFailureMessage(FailureLocatable element, string message) { - exists(ActualResult actualResult | + exists(ActualTestResult actualResult | actualResult.getTag() = TestImpl::getARelevantTag() and element = actualResult and ( - exists(FalseNegativeExpectation falseNegative | + exists(FalseNegativeTestExpectation falseNegative | falseNegative.matchesActualResult(actualResult) and message = "Fixed missing result:" + falseNegative.getExpectationText() ) or - not exists(ValidExpectation expectation | expectation.matchesActualResult(actualResult)) and + not exists(ValidTestExpectation expectation | + expectation.matchesActualResult(actualResult) + ) and message = "Unexpected result: " + actualResult.getExpectationText() and not actualResult.isOptional() ) ) or - exists(ActualResult actualResult | + exists(ActualTestResult actualResult | not actualResult.getTag() = TestImpl::getARelevantTag() and element = actualResult and message = @@ -194,20 +196,20 @@ module Make<InlineExpectationsTestSig Impl> { "' that is not part of getARelevantTag()" ) or - exists(ValidExpectation expectation | - not exists(ActualResult actualResult | expectation.matchesActualResult(actualResult)) and + exists(ValidTestExpectation expectation | + not exists(ActualTestResult actualResult | expectation.matchesActualResult(actualResult)) and expectation.getTag() = TestImpl::getARelevantTag() and element = expectation and ( - expectation instanceof GoodExpectation and + expectation instanceof GoodTestExpectation and message = "Missing result:" + expectation.getExpectationText() or - expectation instanceof FalsePositiveExpectation and + expectation instanceof FalsePositiveTestExpectation and message = "Fixed spurious result:" + expectation.getExpectationText() ) ) or - exists(InvalidExpectation expectation | + exists(InvalidTestExpectation expectation | element = expectation and message = "Invalid expectation syntax: " + expectation.getExpectation() ) @@ -247,14 +249,14 @@ module Make<InlineExpectationsTestSig Impl> { string getValue() { none() } } - class ActualResult extends FailureLocatable, TActualResult { + class ActualTestResult extends FailureLocatable, TActualResult { Impl::Location location; string element; string tag; string value; boolean optional; - ActualResult() { this = TActualResult(location, element, tag, value, optional) } + ActualTestResult() { this = TActualResult(location, element, tag, value, optional) } override string toString() { result = element } @@ -275,7 +277,7 @@ module Make<InlineExpectationsTestSig Impl> { override Impl::Location getLocation() { result = comment.getLocation() } } - private predicate onSameLine(ValidExpectation a, ActualResult b) { + private predicate onSameLine(ValidTestExpectation a, ActualTestResult b) { exists(string fname, int line, Impl::Location la, Impl::Location lb | // Join order intent: // Take the locations of ActualResults, @@ -288,12 +290,12 @@ module Make<InlineExpectationsTestSig Impl> { ) } - private class ValidExpectation extends Expectation, TValidExpectation { + private class ValidTestExpectation extends Expectation, TValidExpectation { string tag; string value; string knownFailure; - ValidExpectation() { this = TValidExpectation(comment, tag, value, knownFailure) } + ValidTestExpectation() { this = TValidExpectation(comment, tag, value, knownFailure) } override string getTag() { result = tag } @@ -301,7 +303,7 @@ module Make<InlineExpectationsTestSig Impl> { string getKnownFailure() { result = knownFailure } - predicate matchesActualResult(ActualResult actualResult) { + predicate matchesActualResult(ActualTestResult actualResult) { onSameLine(pragma[only_bind_into](this), actualResult) and this.getTag() = actualResult.getTag() and this.getValue() = actualResult.getValue() @@ -309,22 +311,22 @@ module Make<InlineExpectationsTestSig Impl> { } // Note: These next three classes correspond to all the possible values of type `TColumn`. - class GoodExpectation extends ValidExpectation { - GoodExpectation() { this.getKnownFailure() = "" } + class GoodTestExpectation extends ValidTestExpectation { + GoodTestExpectation() { this.getKnownFailure() = "" } } - class FalsePositiveExpectation extends ValidExpectation { - FalsePositiveExpectation() { this.getKnownFailure() = "SPURIOUS" } + class FalsePositiveTestExpectation extends ValidTestExpectation { + FalsePositiveTestExpectation() { this.getKnownFailure() = "SPURIOUS" } } - class FalseNegativeExpectation extends ValidExpectation { - FalseNegativeExpectation() { this.getKnownFailure() = "MISSING" } + class FalseNegativeTestExpectation extends ValidTestExpectation { + FalseNegativeTestExpectation() { this.getKnownFailure() = "MISSING" } } - class InvalidExpectation extends Expectation, TInvalidExpectation { + class InvalidTestExpectation extends Expectation, TInvalidExpectation { string expectation; - InvalidExpectation() { this = TInvalidExpectation(comment, expectation) } + InvalidTestExpectation() { this = TInvalidExpectation(comment, expectation) } string getExpectation() { result = expectation } } @@ -432,6 +434,16 @@ module Make<InlineExpectationsTestSig Impl> { import MakeTest<LegacyImpl> as LegacyTest query predicate failures = LegacyTest::testFailures/2; + + class ActualResult = LegacyTest::ActualTestResult; + + class GoodExpectation = LegacyTest::GoodTestExpectation; + + class FalsePositiveExpectation = LegacyTest::FalsePositiveTestExpectation; + + class FalseNegativeExpectation = LegacyTest::FalseNegativeTestExpectation; + + class InvalidExpectation = LegacyTest::InvalidTestExpectation; } /** From e4e52e77f7bc8b5206c430255738f51eb7bf2898 Mon Sep 17 00:00:00 2001 From: Asger F <asgerf@github.com> Date: Tue, 23 May 2023 17:51:32 +0200 Subject: [PATCH 601/870] QL4QL: Add query to warn about name clashes between summarized callables --- .../bugs/NameClashInSummarizedCallable.ql | 115 ++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 ql/ql/src/queries/bugs/NameClashInSummarizedCallable.ql diff --git a/ql/ql/src/queries/bugs/NameClashInSummarizedCallable.ql b/ql/ql/src/queries/bugs/NameClashInSummarizedCallable.ql new file mode 100644 index 00000000000..b1144f95771 --- /dev/null +++ b/ql/ql/src/queries/bugs/NameClashInSummarizedCallable.ql @@ -0,0 +1,115 @@ +/** + * @name Name clash in summarized callable + * @description Two summarized callables with the same name may apply to each others' call sites + * @kind problem + * @problem.severity warning + * @id ql/name-clash-in-summarized-callable + * @tags correctness + * maintainability + * @precision high + */ + +import ql + +/** A non-abstract subclass of `SummarizedCallable`. */ +class SummarizedCallableImpl extends Class { + SummarizedCallableImpl() { + this.getType().getASuperType+().getName() = "SummarizedCallable" and + not this.isAbstract() + } + + /** Gets an expression bound to `this` in the charpred. */ + Expr getAThisBoundExpr() { + exists(ThisAccess thisExpr | + thisExpr.getEnclosingPredicate() = this.getCharPred() and + any(ComparisonFormula eq | eq.getOperator() = "=").hasOperands(thisExpr, result) + ) + } + + /** Gets a string value bound to `this` in the charpred. */ + string getAThisBoundString() { result = getStringValue(this.getAThisBoundExpr()) } + + /** Holds if this class appears to apply call site filtering. */ + predicate hasConditions() { + exists(Conjunction expr | expr.getEnclosingPredicate() = this.getCharPred()) + or + exists(this.getClassPredicate(["getACall", "getACallSimple"])) + } +} + +/** Holds if we should compute the string values of `e`. */ +predicate needsStringValue(Expr e) { + e = any(SummarizedCallableImpl impl).getAThisBoundExpr() + or + exists(Expr parent | needsStringValue(parent) | + e = parent.(BinOpExpr).getAnOperand() + or + e = parent.(Set).getAnElement() + ) +} + +/** Gets the string values of `e`. */ +string getStringValue(Expr e) { + needsStringValue(e) and + ( + result = e.(String).getValue() + or + exists(BinOpExpr op | + e = op and + op.getOperator() = "+" and + result = getStringValue(op.getLeftOperand()) + getStringValue(op.getRightOperand()) + ) + or + result = getStringValue(e.(Set).getAnElement()) + ) +} + +/** Gets the enclosing `qlpack.yml` file in `folder` */ +File getQLPackFromFolder(Folder folder) { + result = folder.getFile("qlpack.yml") + or + not exists(folder.getFile("qlpack.yml")) and + result = getQLPackFromFolder(folder.getParentContainer()) +} + +/** Gets a summarised callables in the given qlpack with the given this-value */ +SummarizedCallableImpl getASummarizedCallableByNameAndPack(string name, File qlpack) { + name = result.getAThisBoundString() and + qlpack = getQLPackFromFolder(result.getFile().getParentContainer()) +} + +/** Holds if the given classes have a name clash. */ +predicate hasClash(SummarizedCallableImpl class1, SummarizedCallableImpl class2, string name) { + exists(File qlpack | + class1 = getASummarizedCallableByNameAndPack(name, qlpack) and + class2 = getASummarizedCallableByNameAndPack(name, qlpack) and + class1 != class2 and + class1.hasConditions() + | + // One of the classes is unconditional, implying that it disables the condition in the other + not class2.hasConditions() + or + // Always report classes from different files, as it is considered too subtle of an interaction. + class1.getFile() != class2.getFile() + ) +} + +/** Like `hasClash` but tries to avoid duplicates. */ +predicate hasClashBreakSymmetry( + SummarizedCallableImpl class1, SummarizedCallableImpl class2, string name +) { + hasClash(class1, class2, name) and + hasClash(class2, class1, name) and + // try to break symmetry arbitrarily + class1.getName() <= class2.getName() + or + hasClash(class1, class2, name) and + not hasClash(class2, class1, name) +} + +from SummarizedCallableImpl class1, SummarizedCallableImpl class2, string name +where hasClashBreakSymmetry(class1, class2, name) +select class1, + "$@ and $@ both bind 'this' to the string \"" + name + + "\". They may accidentally apply to each others' call sites.", class1, class1.getName(), class2, + class2.getName() From 90c174de4e62deffe534a2e904cb390d10050150 Mon Sep 17 00:00:00 2001 From: Sim4n6 <sim4n6@gmail.com> Date: Tue, 23 May 2023 17:36:50 +0100 Subject: [PATCH 602/870] Updated the .expected file accordingly --- .../cwe-176/UnicodeBypassValidation.expected | 123 ++++++++++-------- 1 file changed, 71 insertions(+), 52 deletions(-) diff --git a/ruby/ql/test/query-tests/experimental/cwe-176/UnicodeBypassValidation.expected b/ruby/ql/test/query-tests/experimental/cwe-176/UnicodeBypassValidation.expected index 0392033c948..b79057a8479 100644 --- a/ruby/ql/test/query-tests/experimental/cwe-176/UnicodeBypassValidation.expected +++ b/ruby/ql/test/query-tests/experimental/cwe-176/UnicodeBypassValidation.expected @@ -1,56 +1,75 @@ edges -| unicode_normalization.rb:3:5:3:17 | unicode_input | unicode_normalization.rb:4:23:4:35 | unicode_input | -| unicode_normalization.rb:3:5:3:17 | unicode_input | unicode_normalization.rb:5:22:5:34 | unicode_input | -| unicode_normalization.rb:3:21:3:26 | call to params | unicode_normalization.rb:3:21:3:42 | ...[...] | -| unicode_normalization.rb:3:21:3:42 | ...[...] | unicode_normalization.rb:3:5:3:17 | unicode_input | -| unicode_normalization.rb:11:5:11:17 | unicode_input | unicode_normalization.rb:12:27:12:39 | unicode_input | -| unicode_normalization.rb:11:5:11:17 | unicode_input | unicode_normalization.rb:12:27:12:39 | unicode_input | -| unicode_normalization.rb:11:21:11:26 | call to params | unicode_normalization.rb:11:21:11:42 | ...[...] | -| unicode_normalization.rb:11:21:11:26 | call to params | unicode_normalization.rb:11:21:11:42 | ...[...] | -| unicode_normalization.rb:11:21:11:42 | ...[...] | unicode_normalization.rb:11:5:11:17 | unicode_input | -| unicode_normalization.rb:11:21:11:42 | ...[...] | unicode_normalization.rb:11:5:11:17 | unicode_input | -| unicode_normalization.rb:12:5:12:23 | unicode_input_manip | unicode_normalization.rb:13:23:13:41 | unicode_input_manip | -| unicode_normalization.rb:12:5:12:23 | unicode_input_manip | unicode_normalization.rb:14:22:14:40 | unicode_input_manip | -| unicode_normalization.rb:12:27:12:39 | unicode_input | unicode_normalization.rb:12:27:12:59 | call to sub | -| unicode_normalization.rb:12:27:12:39 | unicode_input | unicode_normalization.rb:12:27:12:59 | call to sub | -| unicode_normalization.rb:12:27:12:59 | call to sub | unicode_normalization.rb:12:5:12:23 | unicode_input_manip | -| unicode_normalization.rb:20:5:20:17 | unicode_input | unicode_normalization.rb:21:25:21:37 | unicode_input | -| unicode_normalization.rb:20:21:20:26 | call to params | unicode_normalization.rb:20:21:20:42 | ...[...] | -| unicode_normalization.rb:20:21:20:42 | ...[...] | unicode_normalization.rb:20:5:20:17 | unicode_input | -| unicode_normalization.rb:21:5:21:21 | unicode_html_safe | unicode_normalization.rb:22:23:22:39 | unicode_html_safe | -| unicode_normalization.rb:21:5:21:21 | unicode_html_safe | unicode_normalization.rb:23:22:23:38 | unicode_html_safe | -| unicode_normalization.rb:21:25:21:37 | unicode_input | unicode_normalization.rb:21:25:21:47 | call to html_safe | -| unicode_normalization.rb:21:25:21:47 | call to html_safe | unicode_normalization.rb:21:5:21:21 | unicode_html_safe | +| unicode_normalization.rb:7:5:7:17 | unicode_input | unicode_normalization.rb:8:23:8:35 | unicode_input | +| unicode_normalization.rb:7:5:7:17 | unicode_input | unicode_normalization.rb:9:22:9:34 | unicode_input | +| unicode_normalization.rb:7:21:7:26 | call to params | unicode_normalization.rb:7:21:7:42 | ...[...] | +| unicode_normalization.rb:7:21:7:42 | ...[...] | unicode_normalization.rb:7:5:7:17 | unicode_input | +| unicode_normalization.rb:15:5:15:17 | unicode_input | unicode_normalization.rb:16:27:16:39 | unicode_input | +| unicode_normalization.rb:15:5:15:17 | unicode_input | unicode_normalization.rb:16:27:16:39 | unicode_input | +| unicode_normalization.rb:15:21:15:26 | call to params | unicode_normalization.rb:15:21:15:42 | ...[...] | +| unicode_normalization.rb:15:21:15:26 | call to params | unicode_normalization.rb:15:21:15:42 | ...[...] | +| unicode_normalization.rb:15:21:15:42 | ...[...] | unicode_normalization.rb:15:5:15:17 | unicode_input | +| unicode_normalization.rb:15:21:15:42 | ...[...] | unicode_normalization.rb:15:5:15:17 | unicode_input | +| unicode_normalization.rb:16:5:16:23 | unicode_input_manip | unicode_normalization.rb:17:23:17:41 | unicode_input_manip | +| unicode_normalization.rb:16:5:16:23 | unicode_input_manip | unicode_normalization.rb:18:22:18:40 | unicode_input_manip | +| unicode_normalization.rb:16:27:16:39 | unicode_input | unicode_normalization.rb:16:27:16:59 | call to sub | +| unicode_normalization.rb:16:27:16:39 | unicode_input | unicode_normalization.rb:16:27:16:59 | call to sub | +| unicode_normalization.rb:16:27:16:59 | call to sub | unicode_normalization.rb:16:5:16:23 | unicode_input_manip | +| unicode_normalization.rb:24:5:24:17 | unicode_input | unicode_normalization.rb:25:37:25:49 | unicode_input | +| unicode_normalization.rb:24:21:24:26 | call to params | unicode_normalization.rb:24:21:24:42 | ...[...] | +| unicode_normalization.rb:24:21:24:42 | ...[...] | unicode_normalization.rb:24:5:24:17 | unicode_input | +| unicode_normalization.rb:25:5:25:21 | unicode_html_safe | unicode_normalization.rb:26:23:26:39 | unicode_html_safe | +| unicode_normalization.rb:25:5:25:21 | unicode_html_safe | unicode_normalization.rb:27:22:27:38 | unicode_html_safe | +| unicode_normalization.rb:25:25:25:50 | call to html_escape | unicode_normalization.rb:25:5:25:21 | unicode_html_safe | +| unicode_normalization.rb:25:37:25:49 | unicode_input | unicode_normalization.rb:25:25:25:50 | call to html_escape | +| unicode_normalization.rb:33:5:33:17 | unicode_input | unicode_normalization.rb:34:40:34:52 | unicode_input | +| unicode_normalization.rb:33:21:33:26 | call to params | unicode_normalization.rb:33:21:33:42 | ...[...] | +| unicode_normalization.rb:33:21:33:42 | ...[...] | unicode_normalization.rb:33:5:33:17 | unicode_input | +| unicode_normalization.rb:34:5:34:21 | unicode_html_safe | unicode_normalization.rb:35:23:35:39 | unicode_html_safe | +| unicode_normalization.rb:34:5:34:21 | unicode_html_safe | unicode_normalization.rb:36:22:36:38 | unicode_html_safe | +| unicode_normalization.rb:34:25:34:53 | call to escapeHTML | unicode_normalization.rb:34:25:34:63 | call to html_safe | +| unicode_normalization.rb:34:25:34:63 | call to html_safe | unicode_normalization.rb:34:5:34:21 | unicode_html_safe | +| unicode_normalization.rb:34:40:34:52 | unicode_input | unicode_normalization.rb:34:25:34:53 | call to escapeHTML | nodes -| unicode_normalization.rb:3:5:3:17 | unicode_input | semmle.label | unicode_input | -| unicode_normalization.rb:3:21:3:26 | call to params | semmle.label | call to params | -| unicode_normalization.rb:3:21:3:42 | ...[...] | semmle.label | ...[...] | -| unicode_normalization.rb:4:23:4:35 | unicode_input | semmle.label | unicode_input | -| unicode_normalization.rb:5:22:5:34 | unicode_input | semmle.label | unicode_input | -| unicode_normalization.rb:11:5:11:17 | unicode_input | semmle.label | unicode_input | -| unicode_normalization.rb:11:5:11:17 | unicode_input | semmle.label | unicode_input | -| unicode_normalization.rb:11:21:11:26 | call to params | semmle.label | call to params | -| unicode_normalization.rb:11:21:11:42 | ...[...] | semmle.label | ...[...] | -| unicode_normalization.rb:11:21:11:42 | ...[...] | semmle.label | ...[...] | -| unicode_normalization.rb:12:5:12:23 | unicode_input_manip | semmle.label | unicode_input_manip | -| unicode_normalization.rb:12:27:12:39 | unicode_input | semmle.label | unicode_input | -| unicode_normalization.rb:12:27:12:39 | unicode_input | semmle.label | unicode_input | -| unicode_normalization.rb:12:27:12:59 | call to sub | semmle.label | call to sub | -| unicode_normalization.rb:13:23:13:41 | unicode_input_manip | semmle.label | unicode_input_manip | -| unicode_normalization.rb:14:22:14:40 | unicode_input_manip | semmle.label | unicode_input_manip | -| unicode_normalization.rb:20:5:20:17 | unicode_input | semmle.label | unicode_input | -| unicode_normalization.rb:20:21:20:26 | call to params | semmle.label | call to params | -| unicode_normalization.rb:20:21:20:42 | ...[...] | semmle.label | ...[...] | -| unicode_normalization.rb:21:5:21:21 | unicode_html_safe | semmle.label | unicode_html_safe | -| unicode_normalization.rb:21:25:21:37 | unicode_input | semmle.label | unicode_input | -| unicode_normalization.rb:21:25:21:47 | call to html_safe | semmle.label | call to html_safe | -| unicode_normalization.rb:22:23:22:39 | unicode_html_safe | semmle.label | unicode_html_safe | -| unicode_normalization.rb:23:22:23:38 | unicode_html_safe | semmle.label | unicode_html_safe | +| unicode_normalization.rb:7:5:7:17 | unicode_input | semmle.label | unicode_input | +| unicode_normalization.rb:7:21:7:26 | call to params | semmle.label | call to params | +| unicode_normalization.rb:7:21:7:42 | ...[...] | semmle.label | ...[...] | +| unicode_normalization.rb:8:23:8:35 | unicode_input | semmle.label | unicode_input | +| unicode_normalization.rb:9:22:9:34 | unicode_input | semmle.label | unicode_input | +| unicode_normalization.rb:15:5:15:17 | unicode_input | semmle.label | unicode_input | +| unicode_normalization.rb:15:5:15:17 | unicode_input | semmle.label | unicode_input | +| unicode_normalization.rb:15:21:15:26 | call to params | semmle.label | call to params | +| unicode_normalization.rb:15:21:15:42 | ...[...] | semmle.label | ...[...] | +| unicode_normalization.rb:15:21:15:42 | ...[...] | semmle.label | ...[...] | +| unicode_normalization.rb:16:5:16:23 | unicode_input_manip | semmle.label | unicode_input_manip | +| unicode_normalization.rb:16:27:16:39 | unicode_input | semmle.label | unicode_input | +| unicode_normalization.rb:16:27:16:39 | unicode_input | semmle.label | unicode_input | +| unicode_normalization.rb:16:27:16:59 | call to sub | semmle.label | call to sub | +| unicode_normalization.rb:17:23:17:41 | unicode_input_manip | semmle.label | unicode_input_manip | +| unicode_normalization.rb:18:22:18:40 | unicode_input_manip | semmle.label | unicode_input_manip | +| unicode_normalization.rb:24:5:24:17 | unicode_input | semmle.label | unicode_input | +| unicode_normalization.rb:24:21:24:26 | call to params | semmle.label | call to params | +| unicode_normalization.rb:24:21:24:42 | ...[...] | semmle.label | ...[...] | +| unicode_normalization.rb:25:5:25:21 | unicode_html_safe | semmle.label | unicode_html_safe | +| unicode_normalization.rb:25:25:25:50 | call to html_escape | semmle.label | call to html_escape | +| unicode_normalization.rb:25:37:25:49 | unicode_input | semmle.label | unicode_input | +| unicode_normalization.rb:26:23:26:39 | unicode_html_safe | semmle.label | unicode_html_safe | +| unicode_normalization.rb:27:22:27:38 | unicode_html_safe | semmle.label | unicode_html_safe | +| unicode_normalization.rb:33:5:33:17 | unicode_input | semmle.label | unicode_input | +| unicode_normalization.rb:33:21:33:26 | call to params | semmle.label | call to params | +| unicode_normalization.rb:33:21:33:42 | ...[...] | semmle.label | ...[...] | +| unicode_normalization.rb:34:5:34:21 | unicode_html_safe | semmle.label | unicode_html_safe | +| unicode_normalization.rb:34:25:34:53 | call to escapeHTML | semmle.label | call to escapeHTML | +| unicode_normalization.rb:34:25:34:63 | call to html_safe | semmle.label | call to html_safe | +| unicode_normalization.rb:34:40:34:52 | unicode_input | semmle.label | unicode_input | +| unicode_normalization.rb:35:23:35:39 | unicode_html_safe | semmle.label | unicode_html_safe | +| unicode_normalization.rb:36:22:36:38 | unicode_html_safe | semmle.label | unicode_html_safe | subpaths #select -| unicode_normalization.rb:4:23:4:35 | unicode_input | unicode_normalization.rb:3:21:3:26 | call to params | unicode_normalization.rb:4:23:4:35 | unicode_input | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:4:23:4:35 | unicode_input | Unicode transformation (Unicode normalization) | unicode_normalization.rb:3:21:3:26 | call to params | remote user-controlled data | -| unicode_normalization.rb:5:22:5:34 | unicode_input | unicode_normalization.rb:3:21:3:26 | call to params | unicode_normalization.rb:5:22:5:34 | unicode_input | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:5:22:5:34 | unicode_input | Unicode transformation (Unicode normalization) | unicode_normalization.rb:3:21:3:26 | call to params | remote user-controlled data | -| unicode_normalization.rb:13:23:13:41 | unicode_input_manip | unicode_normalization.rb:11:21:11:26 | call to params | unicode_normalization.rb:13:23:13:41 | unicode_input_manip | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:13:23:13:41 | unicode_input_manip | Unicode transformation (Unicode normalization) | unicode_normalization.rb:11:21:11:26 | call to params | remote user-controlled data | -| unicode_normalization.rb:14:22:14:40 | unicode_input_manip | unicode_normalization.rb:11:21:11:26 | call to params | unicode_normalization.rb:14:22:14:40 | unicode_input_manip | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:14:22:14:40 | unicode_input_manip | Unicode transformation (Unicode normalization) | unicode_normalization.rb:11:21:11:26 | call to params | remote user-controlled data | -| unicode_normalization.rb:22:23:22:39 | unicode_html_safe | unicode_normalization.rb:20:21:20:26 | call to params | unicode_normalization.rb:22:23:22:39 | unicode_html_safe | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:22:23:22:39 | unicode_html_safe | Unicode transformation (Unicode normalization) | unicode_normalization.rb:20:21:20:26 | call to params | remote user-controlled data | -| unicode_normalization.rb:23:22:23:38 | unicode_html_safe | unicode_normalization.rb:20:21:20:26 | call to params | unicode_normalization.rb:23:22:23:38 | unicode_html_safe | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:23:22:23:38 | unicode_html_safe | Unicode transformation (Unicode normalization) | unicode_normalization.rb:20:21:20:26 | call to params | remote user-controlled data | +| unicode_normalization.rb:8:23:8:35 | unicode_input | unicode_normalization.rb:7:21:7:26 | call to params | unicode_normalization.rb:8:23:8:35 | unicode_input | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:8:23:8:35 | unicode_input | Unicode transformation (Unicode normalization) | unicode_normalization.rb:7:21:7:26 | call to params | remote user-controlled data | +| unicode_normalization.rb:9:22:9:34 | unicode_input | unicode_normalization.rb:7:21:7:26 | call to params | unicode_normalization.rb:9:22:9:34 | unicode_input | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:9:22:9:34 | unicode_input | Unicode transformation (Unicode normalization) | unicode_normalization.rb:7:21:7:26 | call to params | remote user-controlled data | +| unicode_normalization.rb:17:23:17:41 | unicode_input_manip | unicode_normalization.rb:15:21:15:26 | call to params | unicode_normalization.rb:17:23:17:41 | unicode_input_manip | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:17:23:17:41 | unicode_input_manip | Unicode transformation (Unicode normalization) | unicode_normalization.rb:15:21:15:26 | call to params | remote user-controlled data | +| unicode_normalization.rb:18:22:18:40 | unicode_input_manip | unicode_normalization.rb:15:21:15:26 | call to params | unicode_normalization.rb:18:22:18:40 | unicode_input_manip | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:18:22:18:40 | unicode_input_manip | Unicode transformation (Unicode normalization) | unicode_normalization.rb:15:21:15:26 | call to params | remote user-controlled data | +| unicode_normalization.rb:26:23:26:39 | unicode_html_safe | unicode_normalization.rb:24:21:24:26 | call to params | unicode_normalization.rb:26:23:26:39 | unicode_html_safe | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:26:23:26:39 | unicode_html_safe | Unicode transformation (Unicode normalization) | unicode_normalization.rb:24:21:24:26 | call to params | remote user-controlled data | +| unicode_normalization.rb:27:22:27:38 | unicode_html_safe | unicode_normalization.rb:24:21:24:26 | call to params | unicode_normalization.rb:27:22:27:38 | unicode_html_safe | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:27:22:27:38 | unicode_html_safe | Unicode transformation (Unicode normalization) | unicode_normalization.rb:24:21:24:26 | call to params | remote user-controlled data | +| unicode_normalization.rb:35:23:35:39 | unicode_html_safe | unicode_normalization.rb:33:21:33:26 | call to params | unicode_normalization.rb:35:23:35:39 | unicode_html_safe | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:35:23:35:39 | unicode_html_safe | Unicode transformation (Unicode normalization) | unicode_normalization.rb:33:21:33:26 | call to params | remote user-controlled data | +| unicode_normalization.rb:36:22:36:38 | unicode_html_safe | unicode_normalization.rb:33:21:33:26 | call to params | unicode_normalization.rb:36:22:36:38 | unicode_html_safe | This $@ processes unsafely $@ and any logical validation in-between could be bypassed using special Unicode characters. | unicode_normalization.rb:36:22:36:38 | unicode_html_safe | Unicode transformation (Unicode normalization) | unicode_normalization.rb:33:21:33:26 | call to params | remote user-controlled data | From 81dbfecbfc97bc784d0dc69f408e97746f6892cf Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen <mathiasvp@github.com> Date: Mon, 22 May 2023 14:41:09 -0700 Subject: [PATCH 603/870] C++: Promote the product-dataflow library out of experimental. --- .../cpp/ir/dataflow/internal}/ProductFlow.qll | 35 ++++++++++++++++--- .../Likely Bugs/ArrayAccessProductFlow.ql | 2 +- .../Likely Bugs/OverrunWriteProductFlow.ql | 2 +- .../CWE/CWE-193/InvalidPointerDeref.ql | 2 +- 4 files changed, 34 insertions(+), 7 deletions(-) rename cpp/ql/lib/{experimental/semmle/code/cpp/dataflow => semmle/code/cpp/ir/dataflow/internal}/ProductFlow.qll (93%) diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/ProductFlow.qll similarity index 93% rename from cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll rename to cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/ProductFlow.qll index 8fd43a6ee0c..cb06245c568 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/ProductFlow.qll @@ -1,10 +1,29 @@ -import semmle.code.cpp.ir.dataflow.DataFlow -private import semmle.code.cpp.ir.dataflow.internal.DataFlowPrivate -private import semmle.code.cpp.ir.dataflow.internal.DataFlowUtil -private import semmle.code.cpp.ir.dataflow.internal.DataFlowImplCommon +/** + * Provides a library for global (inter-procedural) data flow analysis of two + * values "simultaneously". This can be used, for example, if you want to track + * a memory allocation as well as the size of the allocation. + * + * Intuitively, you can think of this as regular dataflow, but where each node + * in the dataflow graph has been replaced by a pair of nodes `(node1, node2)`, + * and two node pairs `(n11, n12)`, `(n21, n22)` is then connected by a dataflow + * edge if there's a regular dataflow edge between `n11` and `n21`, and `n12` + * and `n22`. + * + * Note that the above intuition does not reflect the actual implementation. + */ + +import semmle.code.cpp.dataflow.new.DataFlow +private import DataFlowPrivate +private import DataFlowUtil +private import DataFlowImplCommon private import codeql.util.Unit +/** + * Provides classes for performing global (inter-procedural) data flow analyses + * on a product dataflow graph. + */ module ProductFlow { + /** An input configuration for product data-flow. */ signature module ConfigSig { /** * Holds if `(source1, source2)` is a relevant data flow source. @@ -70,6 +89,9 @@ module ProductFlow { default predicate isBarrierIn2(DataFlow::Node node) { none() } } + /** + * The output of a global data flow computation. + */ module Global<ConfigSig Config> { private module StateConfig implements StateConfigSig { class FlowState1 = Unit; @@ -138,6 +160,7 @@ module ProductFlow { import GlobalWithState<StateConfig> } + /** An input configuration for data flow using flow state. */ signature module StateConfigSig { bindingset[this] class FlowState1; @@ -247,6 +270,9 @@ module ProductFlow { default predicate isBarrierIn2(DataFlow::Node node) { none() } } + /** + * The output of a global data flow computation. + */ module GlobalWithState<StateConfigSig Config> { class PathNode1 = Flow1::PathNode; @@ -260,6 +286,7 @@ module ProductFlow { class FlowState2 = Config::FlowState2; + /** Holds if data can flow from `(source1, source2)` to `(sink1, sink2)`. */ predicate flowPath( Flow1::PathNode source1, Flow2::PathNode source2, Flow1::PathNode sink1, Flow2::PathNode sink2 ) { diff --git a/cpp/ql/src/experimental/Likely Bugs/ArrayAccessProductFlow.ql b/cpp/ql/src/experimental/Likely Bugs/ArrayAccessProductFlow.ql index a5df698aeea..ffb9362417e 100644 --- a/cpp/ql/src/experimental/Likely Bugs/ArrayAccessProductFlow.ql +++ b/cpp/ql/src/experimental/Likely Bugs/ArrayAccessProductFlow.ql @@ -10,7 +10,7 @@ */ import cpp -import experimental.semmle.code.cpp.dataflow.ProductFlow +import semmle.code.cpp.ir.dataflow.internal.ProductFlow import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.RangeAnalysis import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticExprSpecific import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.Bound diff --git a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql b/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql index 81d7f68a46f..e787b596158 100644 --- a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql +++ b/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql @@ -13,7 +13,7 @@ */ import cpp -import experimental.semmle.code.cpp.dataflow.ProductFlow +import semmle.code.cpp.ir.dataflow.internal.ProductFlow import semmle.code.cpp.ir.IR import semmle.code.cpp.models.interfaces.Allocation import semmle.code.cpp.models.interfaces.ArrayFunction diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql index f5403ad4c03..07189cea9d9 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql @@ -16,7 +16,7 @@ */ import cpp -import experimental.semmle.code.cpp.dataflow.ProductFlow +import semmle.code.cpp.ir.dataflow.internal.ProductFlow import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.RangeAnalysis import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticExprSpecific import semmle.code.cpp.ir.IR From ccc9e09dbd7d90315409a844fb942e96858b2567 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen <mathiasvp@github.com> Date: Tue, 23 May 2023 10:00:09 -0700 Subject: [PATCH 604/870] C++: Add mechanism to hide specific instructions and operands from PrintIR. --- .../code/cpp/ir/implementation/aliased_ssa/IR.qll | 12 ++++++++++++ .../cpp/ir/implementation/aliased_ssa/PrintIR.qll | 15 +++++++++++++-- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IR.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IR.qll index c96783fe6e8..79873d8366e 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IR.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IR.qll @@ -77,4 +77,16 @@ class IRPropertyProvider extends TIRPropertyProvider { * Gets the value of the property named `key` for the specified operand. */ string getOperandProperty(Operand operand, string key) { none() } + + /** + * Holds if the instruction `instr` should be included when printing + * the IR instructions. + */ + predicate shouldPrintInstruction(Instruction instr) { any() } + + /** + * Holds if the operand `operand` should be included when printing the an + * instruction's operand list. + */ + predicate shouldPrintOperand(Operand operand) { any() } } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll index 2ababa6199a..b9106a7bfc7 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll @@ -42,6 +42,14 @@ private predicate shouldPrintFunction(Language::Declaration decl) { exists(PrintIRConfiguration config | config.shouldPrintFunction(decl)) } +private predicate shouldPrintInstruction(Instruction i) { + exists(IRPropertyProvider provider | provider.shouldPrintInstruction(i)) +} + +private predicate shouldPrintOperand(Operand operand) { + exists(IRPropertyProvider provider | provider.shouldPrintOperand(operand)) +} + private string getAdditionalInstructionProperty(Instruction instr, string key) { exists(IRPropertyProvider provider | result = provider.getInstructionProperty(instr, key)) } @@ -84,7 +92,9 @@ private string getOperandPropertyString(Operand operand) { private newtype TPrintableIRNode = TPrintableIRFunction(IRFunction irFunc) { shouldPrintFunction(irFunc.getFunction()) } or TPrintableIRBlock(IRBlock block) { shouldPrintFunction(block.getEnclosingFunction()) } or - TPrintableInstruction(Instruction instr) { shouldPrintFunction(instr.getEnclosingFunction()) } + TPrintableInstruction(Instruction instr) { + shouldPrintInstruction(instr) and shouldPrintFunction(instr.getEnclosingFunction()) + } /** * A node to be emitted in the IR graph. @@ -252,7 +262,8 @@ private class PrintableInstruction extends PrintableIRNode, TPrintableInstructio private string getOperandsString() { result = concat(Operand operand | - operand = instr.getAnOperand() + operand = instr.getAnOperand() and + shouldPrintOperand(operand) | operand.getDumpString() + getOperandPropertyString(operand), ", " order by From 0519ceeeaaa0b084412b56716df2067d5e614e73 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen <mathiasvp@github.com> Date: Tue, 23 May 2023 10:00:26 -0700 Subject: [PATCH 605/870] C++/C#: Sync identical files. --- .../semmle/code/cpp/ir/implementation/raw/IR.qll | 12 ++++++++++++ .../code/cpp/ir/implementation/raw/PrintIR.qll | 15 +++++++++++++-- .../cpp/ir/implementation/unaliased_ssa/IR.qll | 12 ++++++++++++ .../ir/implementation/unaliased_ssa/PrintIR.qll | 15 +++++++++++++-- .../src/experimental/ir/implementation/raw/IR.qll | 12 ++++++++++++ .../ir/implementation/raw/PrintIR.qll | 15 +++++++++++++-- .../ir/implementation/unaliased_ssa/IR.qll | 12 ++++++++++++ .../ir/implementation/unaliased_ssa/PrintIR.qll | 15 +++++++++++++-- 8 files changed, 100 insertions(+), 8 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IR.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IR.qll index c96783fe6e8..79873d8366e 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IR.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IR.qll @@ -77,4 +77,16 @@ class IRPropertyProvider extends TIRPropertyProvider { * Gets the value of the property named `key` for the specified operand. */ string getOperandProperty(Operand operand, string key) { none() } + + /** + * Holds if the instruction `instr` should be included when printing + * the IR instructions. + */ + predicate shouldPrintInstruction(Instruction instr) { any() } + + /** + * Holds if the operand `operand` should be included when printing the an + * instruction's operand list. + */ + predicate shouldPrintOperand(Operand operand) { any() } } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/PrintIR.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/PrintIR.qll index 2ababa6199a..b9106a7bfc7 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/PrintIR.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/PrintIR.qll @@ -42,6 +42,14 @@ private predicate shouldPrintFunction(Language::Declaration decl) { exists(PrintIRConfiguration config | config.shouldPrintFunction(decl)) } +private predicate shouldPrintInstruction(Instruction i) { + exists(IRPropertyProvider provider | provider.shouldPrintInstruction(i)) +} + +private predicate shouldPrintOperand(Operand operand) { + exists(IRPropertyProvider provider | provider.shouldPrintOperand(operand)) +} + private string getAdditionalInstructionProperty(Instruction instr, string key) { exists(IRPropertyProvider provider | result = provider.getInstructionProperty(instr, key)) } @@ -84,7 +92,9 @@ private string getOperandPropertyString(Operand operand) { private newtype TPrintableIRNode = TPrintableIRFunction(IRFunction irFunc) { shouldPrintFunction(irFunc.getFunction()) } or TPrintableIRBlock(IRBlock block) { shouldPrintFunction(block.getEnclosingFunction()) } or - TPrintableInstruction(Instruction instr) { shouldPrintFunction(instr.getEnclosingFunction()) } + TPrintableInstruction(Instruction instr) { + shouldPrintInstruction(instr) and shouldPrintFunction(instr.getEnclosingFunction()) + } /** * A node to be emitted in the IR graph. @@ -252,7 +262,8 @@ private class PrintableInstruction extends PrintableIRNode, TPrintableInstructio private string getOperandsString() { result = concat(Operand operand | - operand = instr.getAnOperand() + operand = instr.getAnOperand() and + shouldPrintOperand(operand) | operand.getDumpString() + getOperandPropertyString(operand), ", " order by diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IR.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IR.qll index c96783fe6e8..79873d8366e 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IR.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IR.qll @@ -77,4 +77,16 @@ class IRPropertyProvider extends TIRPropertyProvider { * Gets the value of the property named `key` for the specified operand. */ string getOperandProperty(Operand operand, string key) { none() } + + /** + * Holds if the instruction `instr` should be included when printing + * the IR instructions. + */ + predicate shouldPrintInstruction(Instruction instr) { any() } + + /** + * Holds if the operand `operand` should be included when printing the an + * instruction's operand list. + */ + predicate shouldPrintOperand(Operand operand) { any() } } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/PrintIR.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/PrintIR.qll index 2ababa6199a..b9106a7bfc7 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/PrintIR.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/PrintIR.qll @@ -42,6 +42,14 @@ private predicate shouldPrintFunction(Language::Declaration decl) { exists(PrintIRConfiguration config | config.shouldPrintFunction(decl)) } +private predicate shouldPrintInstruction(Instruction i) { + exists(IRPropertyProvider provider | provider.shouldPrintInstruction(i)) +} + +private predicate shouldPrintOperand(Operand operand) { + exists(IRPropertyProvider provider | provider.shouldPrintOperand(operand)) +} + private string getAdditionalInstructionProperty(Instruction instr, string key) { exists(IRPropertyProvider provider | result = provider.getInstructionProperty(instr, key)) } @@ -84,7 +92,9 @@ private string getOperandPropertyString(Operand operand) { private newtype TPrintableIRNode = TPrintableIRFunction(IRFunction irFunc) { shouldPrintFunction(irFunc.getFunction()) } or TPrintableIRBlock(IRBlock block) { shouldPrintFunction(block.getEnclosingFunction()) } or - TPrintableInstruction(Instruction instr) { shouldPrintFunction(instr.getEnclosingFunction()) } + TPrintableInstruction(Instruction instr) { + shouldPrintInstruction(instr) and shouldPrintFunction(instr.getEnclosingFunction()) + } /** * A node to be emitted in the IR graph. @@ -252,7 +262,8 @@ private class PrintableInstruction extends PrintableIRNode, TPrintableInstructio private string getOperandsString() { result = concat(Operand operand | - operand = instr.getAnOperand() + operand = instr.getAnOperand() and + shouldPrintOperand(operand) | operand.getDumpString() + getOperandPropertyString(operand), ", " order by diff --git a/csharp/ql/src/experimental/ir/implementation/raw/IR.qll b/csharp/ql/src/experimental/ir/implementation/raw/IR.qll index c96783fe6e8..79873d8366e 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/IR.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/IR.qll @@ -77,4 +77,16 @@ class IRPropertyProvider extends TIRPropertyProvider { * Gets the value of the property named `key` for the specified operand. */ string getOperandProperty(Operand operand, string key) { none() } + + /** + * Holds if the instruction `instr` should be included when printing + * the IR instructions. + */ + predicate shouldPrintInstruction(Instruction instr) { any() } + + /** + * Holds if the operand `operand` should be included when printing the an + * instruction's operand list. + */ + predicate shouldPrintOperand(Operand operand) { any() } } diff --git a/csharp/ql/src/experimental/ir/implementation/raw/PrintIR.qll b/csharp/ql/src/experimental/ir/implementation/raw/PrintIR.qll index 2ababa6199a..b9106a7bfc7 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/PrintIR.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/PrintIR.qll @@ -42,6 +42,14 @@ private predicate shouldPrintFunction(Language::Declaration decl) { exists(PrintIRConfiguration config | config.shouldPrintFunction(decl)) } +private predicate shouldPrintInstruction(Instruction i) { + exists(IRPropertyProvider provider | provider.shouldPrintInstruction(i)) +} + +private predicate shouldPrintOperand(Operand operand) { + exists(IRPropertyProvider provider | provider.shouldPrintOperand(operand)) +} + private string getAdditionalInstructionProperty(Instruction instr, string key) { exists(IRPropertyProvider provider | result = provider.getInstructionProperty(instr, key)) } @@ -84,7 +92,9 @@ private string getOperandPropertyString(Operand operand) { private newtype TPrintableIRNode = TPrintableIRFunction(IRFunction irFunc) { shouldPrintFunction(irFunc.getFunction()) } or TPrintableIRBlock(IRBlock block) { shouldPrintFunction(block.getEnclosingFunction()) } or - TPrintableInstruction(Instruction instr) { shouldPrintFunction(instr.getEnclosingFunction()) } + TPrintableInstruction(Instruction instr) { + shouldPrintInstruction(instr) and shouldPrintFunction(instr.getEnclosingFunction()) + } /** * A node to be emitted in the IR graph. @@ -252,7 +262,8 @@ private class PrintableInstruction extends PrintableIRNode, TPrintableInstructio private string getOperandsString() { result = concat(Operand operand | - operand = instr.getAnOperand() + operand = instr.getAnOperand() and + shouldPrintOperand(operand) | operand.getDumpString() + getOperandPropertyString(operand), ", " order by diff --git a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IR.qll b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IR.qll index c96783fe6e8..79873d8366e 100644 --- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IR.qll +++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IR.qll @@ -77,4 +77,16 @@ class IRPropertyProvider extends TIRPropertyProvider { * Gets the value of the property named `key` for the specified operand. */ string getOperandProperty(Operand operand, string key) { none() } + + /** + * Holds if the instruction `instr` should be included when printing + * the IR instructions. + */ + predicate shouldPrintInstruction(Instruction instr) { any() } + + /** + * Holds if the operand `operand` should be included when printing the an + * instruction's operand list. + */ + predicate shouldPrintOperand(Operand operand) { any() } } diff --git a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/PrintIR.qll b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/PrintIR.qll index 2ababa6199a..b9106a7bfc7 100644 --- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/PrintIR.qll +++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/PrintIR.qll @@ -42,6 +42,14 @@ private predicate shouldPrintFunction(Language::Declaration decl) { exists(PrintIRConfiguration config | config.shouldPrintFunction(decl)) } +private predicate shouldPrintInstruction(Instruction i) { + exists(IRPropertyProvider provider | provider.shouldPrintInstruction(i)) +} + +private predicate shouldPrintOperand(Operand operand) { + exists(IRPropertyProvider provider | provider.shouldPrintOperand(operand)) +} + private string getAdditionalInstructionProperty(Instruction instr, string key) { exists(IRPropertyProvider provider | result = provider.getInstructionProperty(instr, key)) } @@ -84,7 +92,9 @@ private string getOperandPropertyString(Operand operand) { private newtype TPrintableIRNode = TPrintableIRFunction(IRFunction irFunc) { shouldPrintFunction(irFunc.getFunction()) } or TPrintableIRBlock(IRBlock block) { shouldPrintFunction(block.getEnclosingFunction()) } or - TPrintableInstruction(Instruction instr) { shouldPrintFunction(instr.getEnclosingFunction()) } + TPrintableInstruction(Instruction instr) { + shouldPrintInstruction(instr) and shouldPrintFunction(instr.getEnclosingFunction()) + } /** * A node to be emitted in the IR graph. @@ -252,7 +262,8 @@ private class PrintableInstruction extends PrintableIRNode, TPrintableInstructio private string getOperandsString() { result = concat(Operand operand | - operand = instr.getAnOperand() + operand = instr.getAnOperand() and + shouldPrintOperand(operand) | operand.getDumpString() + getOperandPropertyString(operand), ", " order by From 8ee7694e7dcb30d792a6476fff75a76d705cdfcf Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen <mathiasvp@github.com> Date: Tue, 23 May 2023 10:02:30 -0700 Subject: [PATCH 606/870] C++: Modernize the PrintIRLocalFlow after the use-use flow changes. --- .../ir/dataflow/internal/PrintIRLocalFlow.qll | 112 ++++-------------- .../ir/dataflow/internal/PrintIRUtilities.qll | 54 ++++++--- 2 files changed, 59 insertions(+), 107 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll index bbe236311fb..e92a4a8933e 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRLocalFlow.qll @@ -1,119 +1,44 @@ private import cpp -// The `ValueNumbering` library has to be imported right after `cpp` to ensure -// that the cached IR gets the same checksum here as it does in queries that use -// `ValueNumbering` without `DataFlow`. -private import semmle.code.cpp.ir.ValueNumbering private import semmle.code.cpp.ir.IR -private import semmle.code.cpp.ir.dataflow.DataFlow private import semmle.code.cpp.ir.dataflow.internal.DataFlowUtil +private import SsaInternals as Ssa private import PrintIRUtilities /** * Gets the local dataflow from other nodes in the same function to this node. */ -private string getFromFlow(DataFlow::Node useNode, int order1, int order2) { - exists(DataFlow::Node defNode, string prefix | - ( - simpleLocalFlowStep(defNode, useNode) and prefix = "" - or - any(DataFlow::Configuration cfg).isAdditionalFlowStep(defNode, useNode) and - defNode.getEnclosingCallable() = useNode.getEnclosingCallable() and - prefix = "+" - ) and - if defNode.asInstruction() = useNode.asOperand().getAnyDef() - then - // Shorthand for flow from the def of this operand. - result = prefix + "def" and - order1 = -1 and - order2 = 0 - else - if defNode.asOperand().getUse() = useNode.asInstruction() - then - // Shorthand for flow from an operand of this instruction - result = prefix + defNode.asOperand().getDumpId() and - order1 = -1 and - order2 = defNode.asOperand().getDumpSortOrder() - else result = prefix + nodeId(defNode, order1, order2) +private string getFromFlow(Node node2, int order1, int order2) { + exists(Node node1 | + simpleLocalFlowStep(node1, node2) and + result = nodeId(node1, order1, order2) ) } /** * Gets the local dataflow from this node to other nodes in the same function. */ -private string getToFlow(DataFlow::Node defNode, int order1, int order2) { - exists(DataFlow::Node useNode, string prefix | - ( - simpleLocalFlowStep(defNode, useNode) and prefix = "" - or - any(DataFlow::Configuration cfg).isAdditionalFlowStep(defNode, useNode) and - defNode.getEnclosingCallable() = useNode.getEnclosingCallable() and - prefix = "+" - ) and - if useNode.asInstruction() = defNode.asOperand().getUse() - then - // Shorthand for flow to this operand's instruction. - result = prefix + "result" and - order1 = -1 and - order2 = 0 - else result = prefix + nodeId(useNode, order1, order2) +private string getToFlow(Node node1, int order1, int order2) { + exists(Node node2 | + simpleLocalFlowStep(node1, node2) and + result = nodeId(node2, order1, order2) ) } /** * Gets the properties of the dataflow node `node`. */ -private string getNodeProperty(DataFlow::Node node, string key) { +private string getNodeProperty(Node node, string key) { // List dataflow into and out of this node. Flow into this node is printed as `src->@`, and flow // out of this node is printed as `@->dest`. key = "flow" and result = strictconcat(string flow, boolean to, int order1, int order2 | - flow = getFromFlow(node, order1, order2) + "->@" and to = false + flow = getFromFlow(node, order1, order2) + "->" + starsForNode(node) + "@" and to = false or - flow = "@->" + getToFlow(node, order1, order2) and to = true + flow = starsForNode(node) + "@->" + getToFlow(node, order1, order2) and to = true | flow, ", " order by to, order1, order2, flow ) - or - // Is this node a dataflow sink? - key = "sink" and - any(DataFlow::Configuration cfg).isSink(node) and - result = "true" - or - // Is this node a dataflow source? - key = "source" and - any(DataFlow::Configuration cfg).isSource(node) and - result = "true" - or - // Is this node a dataflow barrier, and if so, what kind? - key = "barrier" and - result = - strictconcat(string kind | - any(DataFlow::Configuration cfg).isBarrier(node) and kind = "full" - or - any(DataFlow::Configuration cfg).isBarrierIn(node) and kind = "in" - or - any(DataFlow::Configuration cfg).isBarrierOut(node) and kind = "out" - | - kind, ", " - ) - // or - // // Is there partial flow from a source to this node? - // // This property will only be emitted if partial flow is enabled by overriding - // // `DataFlow::Configuration::explorationLimit()`. - // key = "pflow" and - // result = - // strictconcat(DataFlow::PartialPathNode sourceNode, DataFlow::PartialPathNode destNode, int dist, - // int order1, int order2 | - // any(DataFlow::Configuration cfg).hasPartialFlow(sourceNode, destNode, dist) and - // destNode.getNode() = node and - // // Only print flow from a source in the same function. - // sourceNode.getNode().getEnclosingCallable() = node.getEnclosingCallable() - // | - // nodeId(sourceNode.getNode(), order1, order2) + "+" + dist.toString(), ", " - // order by - // order1, order2, dist desc - // ) } /** @@ -121,16 +46,21 @@ private string getNodeProperty(DataFlow::Node node, string key) { */ class LocalFlowPropertyProvider extends IRPropertyProvider { override string getOperandProperty(Operand operand, string key) { - exists(DataFlow::Node node | - operand = node.asOperand() and + exists(Node node | + operand = [node.asOperand(), node.(RawIndirectOperand).getOperand()] and result = getNodeProperty(node, key) ) } override string getInstructionProperty(Instruction instruction, string key) { - exists(DataFlow::Node node | - instruction = node.asInstruction() and + exists(Node node | + instruction = [node.asInstruction(), node.(RawIndirectInstruction).getInstruction()] + | result = getNodeProperty(node, key) ) } + + override predicate shouldPrintOperand(Operand operand) { not Ssa::ignoreOperand(operand) } + + override predicate shouldPrintInstruction(Instruction instr) { not Ssa::ignoreInstruction(instr) } } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRUtilities.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRUtilities.qll index 5fc15cf986c..5c6cdebf800 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRUtilities.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRUtilities.qll @@ -3,37 +3,59 @@ */ private import cpp -// The `ValueNumbering` library has to be imported right after `cpp` to ensure -// that the cached IR gets the same checksum here as it does in queries that use -// `ValueNumbering` without `DataFlow`. -private import semmle.code.cpp.ir.ValueNumbering private import semmle.code.cpp.ir.IR -private import semmle.code.cpp.ir.dataflow.DataFlow +private import semmle.code.cpp.ir.dataflow.internal.DataFlowUtil +private import semmle.code.cpp.ir.dataflow.internal.DataFlowPrivate + +private string stars(int k) { + k = + [0 .. max([ + any(RawIndirectInstruction n).getIndirectionIndex(), + any(RawIndirectOperand n).getIndirectionIndex() + ] + )] and + (if k = 0 then result = "" else result = "*" + stars(k - 1)) +} + +string starsForNode(Node node) { + result = stars(node.(IndirectInstruction).getIndirectionIndex()) + or + result = stars(node.(IndirectOperand).getIndirectionIndex()) + or + not node instanceof IndirectInstruction and + not node instanceof IndirectOperand and + result = "" +} + +private Instruction getInstruction(Node n, string stars) { + result = [n.asInstruction(), n.(RawIndirectInstruction).getInstruction()] and + stars = starsForNode(n) +} + +private Operand getOperand(Node n, string stars) { + result = [n.asOperand(), n.(RawIndirectOperand).getOperand()] and + stars = starsForNode(n) +} /** * Gets a short ID for an IR dataflow node. * - For `Instruction`s, this is just the result ID of the instruction (e.g. `m128`). * - For `Operand`s, this is the label of the operand, prefixed with the result ID of the * instruction and a dot (e.g. `m128.left`). - * - For `Variable`s, this is the qualified name of the variable. */ -string nodeId(DataFlow::Node node, int order1, int order2) { - exists(Instruction instruction | instruction = node.asInstruction() | - result = instruction.getResultId() and +string nodeId(Node node, int order1, int order2) { + exists(Instruction instruction, string stars | instruction = getInstruction(node, stars) | + result = stars + instruction.getResultId() and order1 = instruction.getBlock().getDisplayIndex() and order2 = instruction.getDisplayIndexInBlock() ) or - exists(Operand operand, Instruction instruction | - operand = node.asOperand() and + exists(Operand operand, Instruction instruction, string stars | + operand = getOperand(node, stars) and instruction = operand.getUse() | - result = instruction.getResultId() + "." + operand.getDumpId() and + result = stars + instruction.getResultId() + "." + operand.getDumpId() and order1 = instruction.getBlock().getDisplayIndex() and order2 = instruction.getDisplayIndexInBlock() ) - or - result = "var(" + node.asVariable().getQualifiedName() + ")" and - order1 = 1000000 and - order2 = 0 } From 43459c16fd8052124a34e6fa6f9a72b5f46473ce Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen <mathiasvp@github.com> Date: Tue, 23 May 2023 10:02:54 -0700 Subject: [PATCH 607/870] C++: Modernize the PrintIRStoreSteps (and rename it to PrintIRFieldFlowSteps) after the use-use flow changes. --- .../internal/PrintIRFieldFlowSteps.qll | 40 +++++++++++++++++++ .../dataflow/internal/PrintIRStoreSteps.qll | 33 --------------- 2 files changed, 40 insertions(+), 33 deletions(-) create mode 100644 cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRFieldFlowSteps.qll delete mode 100644 cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRStoreSteps.qll diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRFieldFlowSteps.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRFieldFlowSteps.qll new file mode 100644 index 00000000000..0c2be58a4b6 --- /dev/null +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRFieldFlowSteps.qll @@ -0,0 +1,40 @@ +/** + * Print the dataflow local store steps in IR dumps. + */ + +private import cpp +private import semmle.code.cpp.ir.IR +private import semmle.code.cpp.ir.dataflow.internal.DataFlowUtil +private import semmle.code.cpp.ir.dataflow.internal.DataFlowPrivate +private import PrintIRUtilities + +/** + * Property provider for local IR dataflow store steps. + */ +class FieldFlowPropertyProvider extends IRPropertyProvider { + override string getOperandProperty(Operand operand, string key) { + exists(PostFieldUpdateNode pfun, Content content | + key = "store " + content.toString() and + operand = pfun.getPreUpdateNode().(IndirectOperand).getOperand() and + result = + strictconcat(string element, Node node | + storeStep(node, content, pfun) and + element = nodeId(node, _, _) + | + element, ", " + ) + ) + or + exists(Node node2, Content content | + key = "read " + content.toString() and + operand = node2.(IndirectOperand).getOperand() and + result = + strictconcat(string element, Node node1 | + readStep(node1, content, node2) and + element = nodeId(node1, _, _) + | + element, ", " + ) + ) + } +} diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRStoreSteps.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRStoreSteps.qll deleted file mode 100644 index 8c318216217..00000000000 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRStoreSteps.qll +++ /dev/null @@ -1,33 +0,0 @@ -/** - * Print the dataflow local store steps in IR dumps. - */ - -private import cpp -// The `ValueNumbering` library has to be imported right after `cpp` to ensure -// that the cached IR gets the same checksum here as it does in queries that use -// `ValueNumbering` without `DataFlow`. -private import semmle.code.cpp.ir.ValueNumbering -private import semmle.code.cpp.ir.IR -private import semmle.code.cpp.ir.dataflow.DataFlow -private import semmle.code.cpp.ir.dataflow.internal.DataFlowUtil -private import semmle.code.cpp.ir.dataflow.internal.DataFlowPrivate -private import PrintIRUtilities - -/** - * Property provider for local IR dataflow store steps. - */ -class LocalFlowPropertyProvider extends IRPropertyProvider { - override string getInstructionProperty(Instruction instruction, string key) { - exists(DataFlow::Node objectNode, Content content | - key = "content[" + content.toString() + "]" and - instruction = objectNode.asInstruction() and - result = - strictconcat(string element, DataFlow::Node fieldNode | - storeStep(fieldNode, content, objectNode) and - element = nodeId(fieldNode, _, _) - | - element, ", " - ) - ) - } -} From 4b92a2a3d0f38f5ff606482d33456757399d580e Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen <mathiasvp@github.com> Date: Tue, 23 May 2023 10:13:19 -0700 Subject: [PATCH 608/870] C++: Fix Code Scanning error. --- .../code/cpp/ir/dataflow/internal/PrintIRFieldFlowSteps.qll | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRFieldFlowSteps.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRFieldFlowSteps.qll index 0c2be58a4b6..f0286c00cbc 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRFieldFlowSteps.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/PrintIRFieldFlowSteps.qll @@ -8,9 +8,7 @@ private import semmle.code.cpp.ir.dataflow.internal.DataFlowUtil private import semmle.code.cpp.ir.dataflow.internal.DataFlowPrivate private import PrintIRUtilities -/** - * Property provider for local IR dataflow store steps. - */ +/** A property provider for local IR dataflow store steps. */ class FieldFlowPropertyProvider extends IRPropertyProvider { override string getOperandProperty(Operand operand, string key) { exists(PostFieldUpdateNode pfun, Content content | From ad5355a04af119ad3de4acb907db42f507705698 Mon Sep 17 00:00:00 2001 From: Maiky <76447395+maikypedia@users.noreply.github.com> Date: Tue, 23 May 2023 19:49:03 +0200 Subject: [PATCH 609/870] Pg Library, change note and Frameworks.qll --- ruby/ql/lib/change-notes/2023-05-06-pg.md | 4 + ruby/ql/lib/codeql/ruby/Frameworks.qll | 1 + ruby/ql/lib/codeql/ruby/frameworks/Pg.qll | 77 +++++++++++++++++++ .../security/cwe-089/PgInjection.rb | 70 +++++++++++++++++ 4 files changed, 152 insertions(+) create mode 100644 ruby/ql/lib/change-notes/2023-05-06-pg.md create mode 100644 ruby/ql/lib/codeql/ruby/frameworks/Pg.qll create mode 100644 ruby/ql/test/query-tests/security/cwe-089/PgInjection.rb diff --git a/ruby/ql/lib/change-notes/2023-05-06-pg.md b/ruby/ql/lib/change-notes/2023-05-06-pg.md new file mode 100644 index 00000000000..1828497c04e --- /dev/null +++ b/ruby/ql/lib/change-notes/2023-05-06-pg.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Support for the `pg` gem has been added. Method calls that execute queries against an PostgreSQL database that may be vulnerable to injection attacks will now be recognized. \ No newline at end of file diff --git a/ruby/ql/lib/codeql/ruby/Frameworks.qll b/ruby/ql/lib/codeql/ruby/Frameworks.qll index e61ac723e7e..29eacf22e33 100644 --- a/ruby/ql/lib/codeql/ruby/Frameworks.qll +++ b/ruby/ql/lib/codeql/ruby/Frameworks.qll @@ -32,3 +32,4 @@ private import codeql.ruby.frameworks.Slim private import codeql.ruby.frameworks.Sinatra private import codeql.ruby.frameworks.Twirp private import codeql.ruby.frameworks.Sqlite3 +private import codeql.ruby.frameworks.Pg diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Pg.qll b/ruby/ql/lib/codeql/ruby/frameworks/Pg.qll new file mode 100644 index 00000000000..27f4844bd77 --- /dev/null +++ b/ruby/ql/lib/codeql/ruby/frameworks/Pg.qll @@ -0,0 +1,77 @@ +/** + * Provides modeling for Pg, a Ruby library (gem) for interacting with PostgreSQL databases. + */ + +private import codeql.ruby.ApiGraphs +private import codeql.ruby.dataflow.FlowSummary +private import codeql.ruby.Concepts + +/** + * Provides modeling for Pg, a Ruby library (gem) for interacting with PostgreSQL databases. + */ +module Pg { + /** + * Flow summary for `PG.new()`. This method initializes a database connection. + */ + private class SqlSummary extends SummarizedCallable { + SqlSummary() { this = "PG.new()" } + + override MethodCall getACall() { result = any(PgConnection c).asExpr().getExpr() } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "Argument[0]" and output = "ReturnValue" and preservesValue = false + } + } + + /** A call to PG::Connection.open() is used to establish a connection to a PostgreSQL database. */ + private class PgConnection extends DataFlow::CallNode { + PgConnection() { + this = + API::getTopLevelMember("PG") + .getMember("Connection") + .getAMethodCall(["open", "new", "connect_start"]) + or + this = API::getTopLevelMember("PG").getAnInstantiation() + } + } + + /** A call that prepares an SQL statment to be executed later. */ + private class PgPrepareCall extends SqlConstruction::Range, DataFlow::CallNode { + private DataFlow::Node query; + private PgConnection pgConnection; + private string queryName; + + PgPrepareCall() { + this = pgConnection.getAMethodCall("prepare") and + queryName = this.getArgument(0).getConstantValue().getStringlikeValue() and + query = this.getArgument(1) + } + + PgConnection getConnection() { result = pgConnection } + + string getQueryName() { result = queryName } + + override DataFlow::Node getSql() { result = query } + } + + /** A call that executes SQL statements against a PostgreSQL database. */ + private class PgExecution extends SqlExecution::Range, DataFlow::CallNode { + private DataFlow::Node query; + + PgExecution() { + exists(PgConnection pgConnection | + this = + pgConnection.getAMethodCall(["exec", "async_exec", "exec_params", "async_exec_params"]) and + query = this.getArgument(0) + or + exists(PgPrepareCall prepareCall | + pgConnection = prepareCall.getConnection() and + this.getArgument(0).getConstantValue().isStringlikeValue(prepareCall.getQueryName()) and + query = prepareCall.getSql() + ) + ) + } + + override DataFlow::Node getSql() { result = query } + } +} diff --git a/ruby/ql/test/query-tests/security/cwe-089/PgInjection.rb b/ruby/ql/test/query-tests/security/cwe-089/PgInjection.rb new file mode 100644 index 00000000000..549be489858 --- /dev/null +++ b/ruby/ql/test/query-tests/security/cwe-089/PgInjection.rb @@ -0,0 +1,70 @@ +class FooController < ActionController::Base + + def some_request_handler + # A string tainted by user input is inserted into a query + # (i.e a remote flow source) + name = params[:name] + + # Establish a connection to a PostgreSQL database + conn = PG::Connection.open(:dbname => 'postgresql', :user => 'user', :password => 'pass', :host => 'localhost', :port => '5432') + + # .exec() and .async_exec() + # BAD: SQL statement constructed from user input + qry1 = "SELECT * FROM users WHERE username = '#{name}';" + conn.exec(qry1) + conn.async_exec(qry1) + + # .exec_params() and .async_exec_params() + # BAD: SQL statement constructed from user input + qry2 = "SELECT * FROM users WHERE username = '#{name}';" + conn.exec_params(qry2) + conn.async_exec_params(qry2) + + # .exec_params() and .async_exec_params() + # GOOD: SQL statement constructed from sanitized user input + qry2 = "SELECT * FROM users WHERE username = $1;" + conn.exec_params(qry2, [name]) + conn.async_exec_params(qry2, [name]) + + # .prepare() and .exec_prepared() + # BAD: SQL statement constructed from user input + qry3 = "SELECT * FROM users WHERE username = '#{name}';" + conn.prepare("query_1", qry3) + conn.exec_prepared('query_1') + + # .prepare() and .exec_prepared() + # GOOD: SQL statement constructed from sanitized user input + qry3 = "SELECT * FROM users WHERE username = $1;" + conn.prepare("query_2", qry3) + conn.exec_prepared('query_2', [name]) + + # .prepare() and .exec_prepared() + # NOT EXECUTED: SQL statement constructed from user input but not executed + qry3 = "SELECT * FROM users WHERE username = '#{name}';" + conn.prepare("query_3", qry3) + end +end + +class BarController < ApplicationController + def safe_paths + name1 = params["name1"] + # GOOD: barrier guard prevents taint flow + if name == "admin" + qry_bar1 = "SELECT * FROM users WHERE username = '%s';" % name + else + qry_bar1 = "SELECT * FROM users WHERE username = 'none';" + end + conn.exec_params(qry_bar1) + + + name2 = params["name2"] + # GOOD: barrier guard prevents taint flow + name2 = if ["admin", "guest"].include? name2 + name2 + else + name2 = "none" + end + qry_bar2 = "SELECT * FROM users WHERE username = '%s';" % name + conn.exec_params(qry_bar2) + end +end From 8dca5852077112109a4e1c0009591c2716c5eac0 Mon Sep 17 00:00:00 2001 From: Maiky <76447395+maikypedia@users.noreply.github.com> Date: Tue, 23 May 2023 20:04:34 +0200 Subject: [PATCH 610/870] Expected --- .../security/cwe-089/SqlInjection.expected | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected b/ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected index 087063a6ac4..0cc0d213dcc 100644 --- a/ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected +++ b/ruby/ql/test/query-tests/security/cwe-089/SqlInjection.expected @@ -55,6 +55,18 @@ edges | ArelInjection.rb:4:5:4:8 | name | ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | | ArelInjection.rb:4:12:4:17 | call to params | ArelInjection.rb:4:12:4:29 | ...[...] | | ArelInjection.rb:4:12:4:29 | ...[...] | ArelInjection.rb:4:5:4:8 | name | +| PgInjection.rb:6:5:6:8 | name | PgInjection.rb:13:5:13:8 | qry1 | +| PgInjection.rb:6:5:6:8 | name | PgInjection.rb:19:5:19:8 | qry2 | +| PgInjection.rb:6:5:6:8 | name | PgInjection.rb:31:5:31:8 | qry3 | +| PgInjection.rb:6:5:6:8 | name | PgInjection.rb:43:5:43:8 | qry3 | +| PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:6:12:6:24 | ...[...] | +| PgInjection.rb:6:12:6:24 | ...[...] | PgInjection.rb:6:5:6:8 | name | +| PgInjection.rb:13:5:13:8 | qry1 | PgInjection.rb:14:15:14:18 | qry1 | +| PgInjection.rb:13:5:13:8 | qry1 | PgInjection.rb:15:21:15:24 | qry1 | +| PgInjection.rb:19:5:19:8 | qry2 | PgInjection.rb:20:22:20:25 | qry2 | +| PgInjection.rb:19:5:19:8 | qry2 | PgInjection.rb:21:28:21:31 | qry2 | +| PgInjection.rb:31:5:31:8 | qry3 | PgInjection.rb:32:29:32:32 | qry3 | +| PgInjection.rb:43:5:43:8 | qry3 | PgInjection.rb:44:29:44:32 | qry3 | nodes | ActiveRecordInjection.rb:8:25:8:28 | name | semmle.label | name | | ActiveRecordInjection.rb:8:31:8:34 | pass | semmle.label | pass | @@ -133,6 +145,19 @@ nodes | ArelInjection.rb:4:12:4:17 | call to params | semmle.label | call to params | | ArelInjection.rb:4:12:4:29 | ...[...] | semmle.label | ...[...] | | ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | semmle.label | "SELECT * FROM users WHERE nam..." | +| PgInjection.rb:6:5:6:8 | name | semmle.label | name | +| PgInjection.rb:6:12:6:17 | call to params | semmle.label | call to params | +| PgInjection.rb:6:12:6:24 | ...[...] | semmle.label | ...[...] | +| PgInjection.rb:13:5:13:8 | qry1 | semmle.label | qry1 | +| PgInjection.rb:14:15:14:18 | qry1 | semmle.label | qry1 | +| PgInjection.rb:15:21:15:24 | qry1 | semmle.label | qry1 | +| PgInjection.rb:19:5:19:8 | qry2 | semmle.label | qry2 | +| PgInjection.rb:20:22:20:25 | qry2 | semmle.label | qry2 | +| PgInjection.rb:21:28:21:31 | qry2 | semmle.label | qry2 | +| PgInjection.rb:31:5:31:8 | qry3 | semmle.label | qry3 | +| PgInjection.rb:32:29:32:32 | qry3 | semmle.label | qry3 | +| PgInjection.rb:43:5:43:8 | qry3 | semmle.label | qry3 | +| PgInjection.rb:44:29:44:32 | qry3 | semmle.label | qry3 | subpaths #select | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | ActiveRecordInjection.rb:70:23:70:28 | call to params | ActiveRecordInjection.rb:10:33:10:67 | "name='#{...}' and pass='#{...}'" | This SQL query depends on a $@. | ActiveRecordInjection.rb:70:23:70:28 | call to params | user-provided value | @@ -159,3 +184,9 @@ subpaths | ActiveRecordInjection.rb:177:43:177:104 | "SELECT * FROM users WHERE id ..." | ActiveRecordInjection.rb:173:5:173:10 | call to params | ActiveRecordInjection.rb:177:43:177:104 | "SELECT * FROM users WHERE id ..." | This SQL query depends on a $@. | ActiveRecordInjection.rb:173:5:173:10 | call to params | user-provided value | | ActiveRecordInjection.rb:178:35:178:96 | "SELECT * FROM users WHERE id ..." | ActiveRecordInjection.rb:173:5:173:10 | call to params | ActiveRecordInjection.rb:178:35:178:96 | "SELECT * FROM users WHERE id ..." | This SQL query depends on a $@. | ActiveRecordInjection.rb:173:5:173:10 | call to params | user-provided value | | ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | ArelInjection.rb:4:12:4:17 | call to params | ArelInjection.rb:6:20:6:61 | "SELECT * FROM users WHERE nam..." | This SQL query depends on a $@. | ArelInjection.rb:4:12:4:17 | call to params | user-provided value | +| PgInjection.rb:14:15:14:18 | qry1 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:14:15:14:18 | qry1 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value | +| PgInjection.rb:15:21:15:24 | qry1 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:15:21:15:24 | qry1 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value | +| PgInjection.rb:20:22:20:25 | qry2 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:20:22:20:25 | qry2 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value | +| PgInjection.rb:21:28:21:31 | qry2 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:21:28:21:31 | qry2 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value | +| PgInjection.rb:32:29:32:32 | qry3 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:32:29:32:32 | qry3 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value | +| PgInjection.rb:44:29:44:32 | qry3 | PgInjection.rb:6:12:6:17 | call to params | PgInjection.rb:44:29:44:32 | qry3 | This SQL query depends on a $@. | PgInjection.rb:6:12:6:17 | call to params | user-provided value | \ No newline at end of file From 86ab9608cd6fa62c6b9bc51756947fe7e6541793 Mon Sep 17 00:00:00 2001 From: Robert Marsh <rdmarsh@semmle.com> Date: Tue, 23 May 2023 16:15:43 -0400 Subject: [PATCH 611/870] C++: add test comments --- .../query-tests/Security/CWE/CWE-193/constant-size/test.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/test.cpp index 2a30caec94d..65ededa218c 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/test.cpp @@ -84,7 +84,7 @@ void testEqRefinement() { for(int i = 0; i <= MAX_SIZE; i++) { if(i != MAX_SIZE) { - arr[i] = 0; + arr[i] = 0; // GOOD } } } @@ -99,7 +99,7 @@ void testEqRefinement2() { if(i == MAX_SIZE) { break; } - n = arr[i]; + n = arr[i]; // GOOD continue; } @@ -107,7 +107,7 @@ void testEqRefinement2() { if (i == MAX_SIZE) { break; } - n = arr[i]; + n = arr[i]; // GOOD } } } From 0dfc9b996d2f90cbb65109e9d108ff1d714979a5 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen <mathiasvp@github.com> Date: Tue, 23 May 2023 14:47:51 -0700 Subject: [PATCH 612/870] C++: Promote 'cpp/overrun-write' out of experimental. --- .../CWE/CWE-119}/OverrunWriteProductFlow.cpp | 0 .../CWE/CWE-119}/OverrunWriteProductFlow.qhelp | 0 .../CWE/CWE-119}/OverrunWriteProductFlow.ql | 2 +- .../Security/CWE/CWE-119/OverrunWriteProductFlow.qlref | 1 - .../CWE/CWE-119/SAMATE}/OverrunWriteProductFlow.expected | 0 .../Security/CWE/CWE-119/SAMATE/OverrunWriteProductFlow.qlref | 1 + .../Security/CWE/CWE-119/SAMATE}/test.cpp | 0 7 files changed, 2 insertions(+), 2 deletions(-) rename cpp/ql/src/{experimental/Likely Bugs => Security/CWE/CWE-119}/OverrunWriteProductFlow.cpp (100%) rename cpp/ql/src/{experimental/Likely Bugs => Security/CWE/CWE-119}/OverrunWriteProductFlow.qhelp (100%) rename cpp/ql/src/{experimental/Likely Bugs => Security/CWE/CWE-119}/OverrunWriteProductFlow.ql (99%) delete mode 100644 cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.qlref rename cpp/ql/test/{experimental/query-tests/Security/CWE/CWE-119 => query-tests/Security/CWE/CWE-119/SAMATE}/OverrunWriteProductFlow.expected (100%) create mode 100644 cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/OverrunWriteProductFlow.qlref rename cpp/ql/test/{experimental/query-tests/Security/CWE/CWE-119 => query-tests/Security/CWE/CWE-119/SAMATE}/test.cpp (100%) diff --git a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.cpp b/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.cpp similarity index 100% rename from cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.cpp rename to cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.cpp diff --git a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.qhelp b/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.qhelp similarity index 100% rename from cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.qhelp rename to cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.qhelp diff --git a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql b/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.ql similarity index 99% rename from cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql rename to cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.ql index e787b596158..2768853c007 100644 --- a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql +++ b/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.ql @@ -4,10 +4,10 @@ * may result in a buffer overflow. * @kind path-problem * @problem.severity error + * @precision medium * @id cpp/overrun-write * @tags reliability * security - * experimental * external/cwe/cwe-119 * external/cwe/cwe-131 */ diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.qlref b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.qlref deleted file mode 100644 index 21ced45de5d..00000000000 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.qlref +++ /dev/null @@ -1 +0,0 @@ -experimental/Likely Bugs/OverrunWriteProductFlow.ql \ No newline at end of file diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/OverrunWriteProductFlow.expected similarity index 100% rename from cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected rename to cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/OverrunWriteProductFlow.expected diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/OverrunWriteProductFlow.qlref b/cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/OverrunWriteProductFlow.qlref new file mode 100644 index 00000000000..1a418e6abc6 --- /dev/null +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/OverrunWriteProductFlow.qlref @@ -0,0 +1 @@ +Security/CWE/CWE-119/OverrunWriteProductFlow.ql \ No newline at end of file diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/test.cpp similarity index 100% rename from cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp rename to cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/test.cpp From e1223d0b2132b0daa572dd51fefb12dd15c1b767 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen <mathiasvp@github.com> Date: Tue, 23 May 2023 15:01:33 -0700 Subject: [PATCH 613/870] C++: Add security severity. --- cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.ql | 1 + 1 file changed, 1 insertion(+) diff --git a/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.ql b/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.ql index 2768853c007..0d8648aac0a 100644 --- a/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.ql +++ b/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.ql @@ -4,6 +4,7 @@ * may result in a buffer overflow. * @kind path-problem * @problem.severity error + * @security-severity 9.3 * @precision medium * @id cpp/overrun-write * @tags reliability From 27c1e47ece8ad16cb851c300aa7b8589a5080b59 Mon Sep 17 00:00:00 2001 From: Maiky <76447395+maikypedia@users.noreply.github.com> Date: Wed, 24 May 2023 01:44:51 +0200 Subject: [PATCH 614/870] Update ruby/ql/lib/change-notes/2023-05-06-pg.md Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com> --- ruby/ql/lib/change-notes/2023-05-06-pg.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ruby/ql/lib/change-notes/2023-05-06-pg.md b/ruby/ql/lib/change-notes/2023-05-06-pg.md index 1828497c04e..0e671ff9106 100644 --- a/ruby/ql/lib/change-notes/2023-05-06-pg.md +++ b/ruby/ql/lib/change-notes/2023-05-06-pg.md @@ -1,4 +1,4 @@ --- category: minorAnalysis --- -* Support for the `pg` gem has been added. Method calls that execute queries against an PostgreSQL database that may be vulnerable to injection attacks will now be recognized. \ No newline at end of file +* Support for the `pg` gem has been added. Method calls that execute queries against a PostgreSQL database that may be vulnerable to injection attacks will now be recognized. \ No newline at end of file From 5b7f69cf0a5a98c6876b60725d7bcda9a14efb4e Mon Sep 17 00:00:00 2001 From: Asger F <asgerf@github.com> Date: Wed, 24 May 2023 09:55:09 +0200 Subject: [PATCH 615/870] QL4QL: Fix a warning about repeating alert location --- ql/ql/src/queries/bugs/NameClashInSummarizedCallable.ql | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ql/ql/src/queries/bugs/NameClashInSummarizedCallable.ql b/ql/ql/src/queries/bugs/NameClashInSummarizedCallable.ql index b1144f95771..1c86784e1ec 100644 --- a/ql/ql/src/queries/bugs/NameClashInSummarizedCallable.ql +++ b/ql/ql/src/queries/bugs/NameClashInSummarizedCallable.ql @@ -110,6 +110,5 @@ predicate hasClashBreakSymmetry( from SummarizedCallableImpl class1, SummarizedCallableImpl class2, string name where hasClashBreakSymmetry(class1, class2, name) select class1, - "$@ and $@ both bind 'this' to the string \"" + name + - "\". They may accidentally apply to each others' call sites.", class1, class1.getName(), class2, - class2.getName() + class1.getName() + " and $@ both bind 'this' to the string \"" + name + + "\". They may accidentally apply to each others' call sites.", class2, class2.getName() From 6d1a4451fb257af0a158208f3f8e3425ddfca974 Mon Sep 17 00:00:00 2001 From: Asger F <asgerf@github.com> Date: Wed, 24 May 2023 10:15:51 +0200 Subject: [PATCH 616/870] Ruby: update a test expectation --- ruby/ql/test/library-tests/dataflow/local/TaintStep.expected | 1 + 1 file changed, 1 insertion(+) diff --git a/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected b/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected index 890bef5720e..eb6c751598f 100644 --- a/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected +++ b/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected @@ -2827,6 +2827,7 @@ | file://:0:0:0:0 | parameter self of ActiveSupportStringTransform | file://:0:0:0:0 | [summary] to write: return (return) in ActiveSupportStringTransform | | file://:0:0:0:0 | parameter self of [] | file://:0:0:0:0 | [summary] to write: return (return) in [] | | file://:0:0:0:0 | parameter self of \| | file://:0:0:0:0 | [summary] read: argument self.any element in \| | +| file://:0:0:0:0 | parameter self of assoc-unknown-arg | file://:0:0:0:0 | [summary] read: argument self.any element in assoc-unknown-arg | | file://:0:0:0:0 | parameter self of each(0) | file://:0:0:0:0 | [summary] read: argument self.any element in each(0) | | local_dataflow.rb:1:1:7:3 | self (foo) | local_dataflow.rb:3:8:3:10 | self | | local_dataflow.rb:1:1:7:3 | self in foo | local_dataflow.rb:1:1:7:3 | self (foo) | From 8bd6f6c450ba4a77ffd8a56d2e5ed6c160bd7f2d Mon Sep 17 00:00:00 2001 From: Asger F <asgerf@github.com> Date: Wed, 24 May 2023 10:22:22 +0200 Subject: [PATCH 617/870] Ruby: change note --- ruby/ql/src/change-notes/2023-05-24-delete-name-clash.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ruby/ql/src/change-notes/2023-05-24-delete-name-clash.md diff --git a/ruby/ql/src/change-notes/2023-05-24-delete-name-clash.md b/ruby/ql/src/change-notes/2023-05-24-delete-name-clash.md new file mode 100644 index 00000000000..347a7b118db --- /dev/null +++ b/ruby/ql/src/change-notes/2023-05-24-delete-name-clash.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +--- +* Fixed an issue where calls to `delete` or `assoc` with a constant-valued argument would be analyzed imprecisely, + as if the argument value was not a known constant. From 2276890cec73c05b702494df640d778449f6156b Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Wed, 24 May 2023 11:06:48 +0200 Subject: [PATCH 618/870] C++: Rewrite inline expectation tests to use the parameterized module --- .../annotate_path_to_sink/tainted.expected | 2 ++ .../annotate_path_to_sink/tainted.ql | 18 ++++++++---------- .../annotate_sinks_only/tainted.expected | 2 ++ .../annotate_sinks_only/tainted.ql | 18 ++++++++---------- .../globals/global.expected | 2 ++ .../DefaultTaintTracking/globals/global.ql | 18 ++++++++---------- .../test-number-of-outnodes.expected | 2 ++ .../dataflow-tests/test-number-of-outnodes.ql | 18 ++++++++---------- .../source-sink-tests/remote-flow.expected | 2 ++ .../dataflow/source-sink-tests/remote-flow.ql | 18 ++++++++---------- .../modulus-analysis/ModulusAnalysis.expected | 2 ++ .../ir/modulus-analysis/ModulusAnalysis.ql | 10 +++++----- .../ir/points_to/points_to.expected | 2 ++ .../library-tests/ir/points_to/points_to.ql | 18 ++++++++---------- .../ir/range-analysis/Overflow.expected | 2 ++ .../ir/range-analysis/Overflow.ql | 10 +++++----- .../ir/range-analysis/RangeAnalysis.expected | 2 ++ .../ir/range-analysis/RangeAnalysis.ql | 10 +++++----- .../ir/sign-analysis/SignAnalysis.expected | 2 ++ .../ir/sign-analysis/SignAnalysis.ql | 10 +++++----- .../library-tests/ir/types/irtypes.expected | 2 ++ cpp/ql/test/library-tests/ir/types/irtypes.ql | 10 +++++----- 22 files changed, 95 insertions(+), 85 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.expected b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.expected index 6f00f28e455..15a586f6f32 100644 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.expected +++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.expected @@ -1,2 +1,4 @@ WARNING: Module TaintedWithPath has been deprecated and may be removed in future (tainted.ql:9,8-47) WARNING: Predicate tainted has been deprecated and may be removed in future (tainted.ql:20,49-74) +failures +testFailures diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.ql b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.ql index 177c7ac2387..92fb3994721 100644 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.ql +++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.ql @@ -38,12 +38,10 @@ predicate irTaint(Element source, TaintedWithPath::PathNode predNode, string tag ) } -class IRDefaultTaintTrackingTest extends InlineExpectationsTest { - IRDefaultTaintTrackingTest() { this = "IRDefaultTaintTrackingTest" } +module IRDefaultTaintTrackingTest implements TestSig { + string getARelevantTag() { result = ["ir-path", "ir-sink"] } - override string getARelevantTag() { result = ["ir-path", "ir-sink"] } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(Element elem, TaintedWithPath::PathNode node, int n | irTaint(_, node, tag) and elem = getElementFromPathNode(node) and @@ -67,12 +65,10 @@ class IRDefaultTaintTrackingTest extends InlineExpectationsTest { } } -class AstTaintTrackingTest extends InlineExpectationsTest { - AstTaintTrackingTest() { this = "ASTTaintTrackingTest" } +module AstTaintTrackingTest implements TestSig { + string getARelevantTag() { result = "ast" } - override string getARelevantTag() { result = "ast" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(Expr source, Element tainted, int n | tag = "ast" and astTaint(source, tainted) and @@ -100,3 +96,5 @@ class AstTaintTrackingTest extends InlineExpectationsTest { ) } } + +import MakeTest<MergeTests<IRDefaultTaintTrackingTest, AstTaintTrackingTest>> diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.expected b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.expected index 5c235d0802d..4cac8898022 100644 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.expected +++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.expected @@ -1,2 +1,4 @@ WARNING: Module TaintedWithPath has been deprecated and may be removed in future (tainted.ql:10,8-47) WARNING: Predicate tainted has been deprecated and may be removed in future (tainted.ql:21,3-28) +failures +testFailures diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.ql b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.ql index 5c9583b800a..6b51f265d1e 100644 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.ql +++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.ql @@ -29,12 +29,10 @@ predicate irTaint(Expr source, Element sink) { TaintedWithPath::taintedWithPath(source, sink, _, _) } -class IRDefaultTaintTrackingTest extends InlineExpectationsTest { - IRDefaultTaintTrackingTest() { this = "IRDefaultTaintTrackingTest" } +module IRDefaultTaintTrackingTest implements TestSig { + string getARelevantTag() { result = "ir" } - override string getARelevantTag() { result = "ir" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(Expr source, Element tainted, int n | tag = "ir" and irTaint(source, tainted) and @@ -55,12 +53,10 @@ class IRDefaultTaintTrackingTest extends InlineExpectationsTest { } } -class AstTaintTrackingTest extends InlineExpectationsTest { - AstTaintTrackingTest() { this = "ASTTaintTrackingTest" } +module AstTaintTrackingTest implements TestSig { + string getARelevantTag() { result = "ast" } - override string getARelevantTag() { result = "ast" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(Expr source, Element tainted, int n | tag = "ast" and astTaint(source, tainted) and @@ -80,3 +76,5 @@ class AstTaintTrackingTest extends InlineExpectationsTest { ) } } + +import MakeTest<MergeTests<IRDefaultTaintTrackingTest, AstTaintTrackingTest>> diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.expected b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.expected index b1d79c1079e..4ebf9d0d0e0 100644 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.expected +++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.expected @@ -1,2 +1,4 @@ WARNING: Predicate taintedIncludingGlobalVars has been deprecated and may be removed in future (global.ql:8,3-47) WARNING: Predicate taintedIncludingGlobalVars has been deprecated and may be removed in future (global.ql:12,3-53) +failures +testFailures diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.ql b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.ql index a7a8560908e..1179c76937d 100644 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.ql +++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.ql @@ -12,12 +12,10 @@ predicate irTaint(Expr source, Element sink, string globalVar) { IRDefaultTaintTracking::taintedIncludingGlobalVars(source, sink, globalVar) and globalVar != "" } -class IRGlobalDefaultTaintTrackingTest extends InlineExpectationsTest { - IRGlobalDefaultTaintTrackingTest() { this = "IRGlobalDefaultTaintTrackingTest" } +module IRGlobalDefaultTaintTrackingTest implements TestSig { + string getARelevantTag() { result = "ir" } - override string getARelevantTag() { result = "ir" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(Element tainted | tag = "ir" and irTaint(_, tainted, value) and @@ -27,12 +25,10 @@ class IRGlobalDefaultTaintTrackingTest extends InlineExpectationsTest { } } -class AstGlobalDefaultTaintTrackingTest extends InlineExpectationsTest { - AstGlobalDefaultTaintTrackingTest() { this = "ASTGlobalDefaultTaintTrackingTest" } +module AstGlobalDefaultTaintTrackingTest implements TestSig { + string getARelevantTag() { result = "ast" } - override string getARelevantTag() { result = "ast" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(Element tainted | tag = "ast" and astTaint(_, tainted, value) and @@ -41,3 +37,5 @@ class AstGlobalDefaultTaintTrackingTest extends InlineExpectationsTest { ) } } + +import MakeTest<MergeTests<IRGlobalDefaultTaintTrackingTest, AstGlobalDefaultTaintTrackingTest>> diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-number-of-outnodes.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-number-of-outnodes.expected index e69de29bb2d..48de9172b36 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-number-of-outnodes.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-number-of-outnodes.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-number-of-outnodes.ql b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-number-of-outnodes.ql index f5fcd216882..95423a1ec7d 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-number-of-outnodes.ql +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-number-of-outnodes.ql @@ -5,12 +5,10 @@ module AstTest { private import semmle.code.cpp.dataflow.DataFlow::DataFlow private import semmle.code.cpp.dataflow.internal.DataFlowPrivate - class AstMultipleOutNodesTest extends InlineExpectationsTest { - AstMultipleOutNodesTest() { this = "AstMultipleOutNodesTest" } + module AstMultipleOutNodesTest implements TestSig { + string getARelevantTag() { result = "ast-count(" + any(ReturnKind k).toString() + ")" } - override string getARelevantTag() { result = "ast-count(" + any(ReturnKind k).toString() + ")" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(DataFlowCall call, int n, ReturnKind kind | call.getLocation() = location and n = strictcount(getAnOutNode(call, kind)) and @@ -27,12 +25,10 @@ module IRTest { private import semmle.code.cpp.ir.dataflow.DataFlow private import semmle.code.cpp.ir.dataflow.internal.DataFlowPrivate - class IRMultipleOutNodesTest extends InlineExpectationsTest { - IRMultipleOutNodesTest() { this = "IRMultipleOutNodesTest" } + module IRMultipleOutNodesTest implements TestSig { + string getARelevantTag() { result = "ir-count(" + any(ReturnKind k).toString() + ")" } - override string getARelevantTag() { result = "ir-count(" + any(ReturnKind k).toString() + ")" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(DataFlowCall call, int n, ReturnKind kind | call.getLocation() = location and n = strictcount(getAnOutNode(call, kind)) and @@ -44,3 +40,5 @@ module IRTest { } } } + +import MakeTest<MergeTests<AstTest::AstMultipleOutNodesTest, IRTest::IRMultipleOutNodesTest>> diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/remote-flow.expected b/cpp/ql/test/library-tests/dataflow/source-sink-tests/remote-flow.expected index e69de29bb2d..48de9172b36 100644 --- a/cpp/ql/test/library-tests/dataflow/source-sink-tests/remote-flow.expected +++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/remote-flow.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/remote-flow.ql b/cpp/ql/test/library-tests/dataflow/source-sink-tests/remote-flow.ql index 703b62b9ffc..45427141fe0 100644 --- a/cpp/ql/test/library-tests/dataflow/source-sink-tests/remote-flow.ql +++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/remote-flow.ql @@ -4,12 +4,10 @@ import cpp import TestUtilities.InlineExpectationsTest import semmle.code.cpp.security.FlowSources -class RemoteFlowSourceTest extends InlineExpectationsTest { - RemoteFlowSourceTest() { this = "RemoteFlowSourceTest" } +module RemoteFlowSourceTest implements TestSig { + string getARelevantTag() { result = "remote_source" } - override string getARelevantTag() { result = "remote_source" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { tag = "remote_source" and exists(RemoteFlowSource node, int n | n = @@ -31,12 +29,10 @@ class RemoteFlowSourceTest extends InlineExpectationsTest { } } -class RemoteFlowSinkTest extends InlineExpectationsTest { - RemoteFlowSinkTest() { this = "RemoteFlowSinkTest" } +module RemoteFlowSinkTest implements TestSig { + string getARelevantTag() { result = "remote_sink" } - override string getARelevantTag() { result = "remote_sink" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { tag = "remote_sink" and exists(RemoteFlowSink node, int n | n = @@ -57,3 +53,5 @@ class RemoteFlowSinkTest extends InlineExpectationsTest { ) } } + +import MakeTest<MergeTests<RemoteFlowSourceTest, RemoteFlowSinkTest>> diff --git a/cpp/ql/test/library-tests/ir/modulus-analysis/ModulusAnalysis.expected b/cpp/ql/test/library-tests/ir/modulus-analysis/ModulusAnalysis.expected index e69de29bb2d..48de9172b36 100644 --- a/cpp/ql/test/library-tests/ir/modulus-analysis/ModulusAnalysis.expected +++ b/cpp/ql/test/library-tests/ir/modulus-analysis/ModulusAnalysis.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/cpp/ql/test/library-tests/ir/modulus-analysis/ModulusAnalysis.ql b/cpp/ql/test/library-tests/ir/modulus-analysis/ModulusAnalysis.ql index 6cfb22803bd..5ba30a1627d 100644 --- a/cpp/ql/test/library-tests/ir/modulus-analysis/ModulusAnalysis.ql +++ b/cpp/ql/test/library-tests/ir/modulus-analysis/ModulusAnalysis.ql @@ -12,12 +12,10 @@ import TestUtilities.InlineExpectationsTest module ModulusAnalysisInstantiated = ModulusAnalysis<FloatDelta, ConstantBounds, RangeUtil<FloatDelta, CppLangImplRelative>>; -class ModulusAnalysisTest extends InlineExpectationsTest { - ModulusAnalysisTest() { this = "ModulusAnalysisTest" } +module ModulusAnalysisTest implements TestSig { + string getARelevantTag() { result = "mod" } - override string getARelevantTag() { result = "mod" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(SemExpr e, IR::CallInstruction call | getSemanticExpr(call.getArgument(0)) = e and call.getStaticCallTarget().hasName("mod") and @@ -29,6 +27,8 @@ class ModulusAnalysisTest extends InlineExpectationsTest { } } +import MakeTest<ModulusAnalysisTest> + private string getAModString(SemExpr e) { exists(SemBound b, int delta, int mod | ModulusAnalysisInstantiated::semExprModulus(e, b, delta, mod) and diff --git a/cpp/ql/test/library-tests/ir/points_to/points_to.expected b/cpp/ql/test/library-tests/ir/points_to/points_to.expected index e69de29bb2d..48de9172b36 100644 --- a/cpp/ql/test/library-tests/ir/points_to/points_to.expected +++ b/cpp/ql/test/library-tests/ir/points_to/points_to.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/cpp/ql/test/library-tests/ir/points_to/points_to.ql b/cpp/ql/test/library-tests/ir/points_to/points_to.ql index 6cc7b7efb34..2eafcc55ef0 100644 --- a/cpp/ql/test/library-tests/ir/points_to/points_to.ql +++ b/cpp/ql/test/library-tests/ir/points_to/points_to.ql @@ -21,12 +21,10 @@ module Raw { result = getOperandMemoryLocation(instr.getAnOperand()) } - class RawPointsToTest extends InlineExpectationsTest { - RawPointsToTest() { this = "RawPointsToTest" } + module RawPointsToTest implements TestSig { + string getARelevantTag() { result = "raw" } - override string getARelevantTag() { result = "raw" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(Instruction instr, MemoryLocation memLocation | memLocation = getAMemoryAccess(instr) and tag = "raw" and @@ -49,12 +47,10 @@ module UnaliasedSsa { result = getOperandMemoryLocation(instr.getAnOperand()) } - class UnaliasedSsaPointsToTest extends InlineExpectationsTest { - UnaliasedSsaPointsToTest() { this = "UnaliasedSSAPointsToTest" } + module UnaliasedSsaPointsToTest implements TestSig { + string getARelevantTag() { result = "ussa" } - override string getARelevantTag() { result = "ussa" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(Instruction instr, MemoryLocation memLocation | memLocation = getAMemoryAccess(instr) and not memLocation.getVirtualVariable() instanceof AliasedVirtualVariable and @@ -69,3 +65,5 @@ module UnaliasedSsa { } } } + +import MakeTest<MergeTests<Raw::RawPointsToTest, UnaliasedSsa::UnaliasedSsaPointsToTest>> diff --git a/cpp/ql/test/library-tests/ir/range-analysis/Overflow.expected b/cpp/ql/test/library-tests/ir/range-analysis/Overflow.expected index e69de29bb2d..48de9172b36 100644 --- a/cpp/ql/test/library-tests/ir/range-analysis/Overflow.expected +++ b/cpp/ql/test/library-tests/ir/range-analysis/Overflow.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/cpp/ql/test/library-tests/ir/range-analysis/Overflow.ql b/cpp/ql/test/library-tests/ir/range-analysis/Overflow.ql index e0491e6e0ed..40d80f3d7b0 100644 --- a/cpp/ql/test/library-tests/ir/range-analysis/Overflow.ql +++ b/cpp/ql/test/library-tests/ir/range-analysis/Overflow.ql @@ -2,12 +2,10 @@ import cpp import semmle.code.cpp.rangeanalysis.new.SimpleRangeAnalysis import TestUtilities.InlineExpectationsTest -class RangeAnalysisTest extends InlineExpectationsTest { - RangeAnalysisTest() { this = "RangeAnalysisTest" } +module RangeAnalysisTest implements TestSig { + string getARelevantTag() { result = "overflow" } - override string getARelevantTag() { result = "overflow" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(Expr e | tag = "overflow" and element = e.toString() and @@ -21,3 +19,5 @@ class RangeAnalysisTest extends InlineExpectationsTest { ) } } + +import MakeTest<RangeAnalysisTest> diff --git a/cpp/ql/test/library-tests/ir/range-analysis/RangeAnalysis.expected b/cpp/ql/test/library-tests/ir/range-analysis/RangeAnalysis.expected index e69de29bb2d..48de9172b36 100644 --- a/cpp/ql/test/library-tests/ir/range-analysis/RangeAnalysis.expected +++ b/cpp/ql/test/library-tests/ir/range-analysis/RangeAnalysis.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/cpp/ql/test/library-tests/ir/range-analysis/RangeAnalysis.ql b/cpp/ql/test/library-tests/ir/range-analysis/RangeAnalysis.ql index 6c79e56cc5b..84437827d0d 100644 --- a/cpp/ql/test/library-tests/ir/range-analysis/RangeAnalysis.ql +++ b/cpp/ql/test/library-tests/ir/range-analysis/RangeAnalysis.ql @@ -5,12 +5,10 @@ import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticExprSpecific import semmle.code.cpp.ir.IR as IR import TestUtilities.InlineExpectationsTest -class RangeAnalysisTest extends InlineExpectationsTest { - RangeAnalysisTest() { this = "RangeAnalysisTest" } +module RangeAnalysisTest implements TestSig { + string getARelevantTag() { result = "range" } - override string getARelevantTag() { result = "range" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(SemExpr e, IR::CallInstruction call | getSemanticExpr(call.getArgument(0)) = e and call.getStaticCallTarget().hasName("range") and @@ -22,6 +20,8 @@ class RangeAnalysisTest extends InlineExpectationsTest { } } +import MakeTest<RangeAnalysisTest> + private string getDirectionString(boolean d) { result = "<=" and d = true or diff --git a/cpp/ql/test/library-tests/ir/sign-analysis/SignAnalysis.expected b/cpp/ql/test/library-tests/ir/sign-analysis/SignAnalysis.expected index e69de29bb2d..48de9172b36 100644 --- a/cpp/ql/test/library-tests/ir/sign-analysis/SignAnalysis.expected +++ b/cpp/ql/test/library-tests/ir/sign-analysis/SignAnalysis.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/cpp/ql/test/library-tests/ir/sign-analysis/SignAnalysis.ql b/cpp/ql/test/library-tests/ir/sign-analysis/SignAnalysis.ql index a3cfaa82ed4..fcc796577d1 100644 --- a/cpp/ql/test/library-tests/ir/sign-analysis/SignAnalysis.ql +++ b/cpp/ql/test/library-tests/ir/sign-analysis/SignAnalysis.ql @@ -11,12 +11,10 @@ import TestUtilities.InlineExpectationsTest module SignAnalysisInstantiated = SignAnalysis<FloatDelta, RangeUtil<FloatDelta, CppLangImplRelative>>; -class SignAnalysisTest extends InlineExpectationsTest { - SignAnalysisTest() { this = "SignAnalysisTest" } +module SignAnalysisTest implements TestSig { + string getARelevantTag() { result = "sign" } - override string getARelevantTag() { result = "sign" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(SemExpr e, IR::CallInstruction call | getSemanticExpr(call.getArgument(0)) = e and call.getStaticCallTarget().hasName("sign") and @@ -28,6 +26,8 @@ class SignAnalysisTest extends InlineExpectationsTest { } } +import MakeTest<SignAnalysisTest> + private string getASignString(SemExpr e) { result = strictconcat(SignAnalysisInstantiated::semExprSign(e).toString(), "") } diff --git a/cpp/ql/test/library-tests/ir/types/irtypes.expected b/cpp/ql/test/library-tests/ir/types/irtypes.expected index e69de29bb2d..48de9172b36 100644 --- a/cpp/ql/test/library-tests/ir/types/irtypes.expected +++ b/cpp/ql/test/library-tests/ir/types/irtypes.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/cpp/ql/test/library-tests/ir/types/irtypes.ql b/cpp/ql/test/library-tests/ir/types/irtypes.ql index 56a7666458b..eb69111465b 100644 --- a/cpp/ql/test/library-tests/ir/types/irtypes.ql +++ b/cpp/ql/test/library-tests/ir/types/irtypes.ql @@ -2,12 +2,10 @@ private import cpp private import semmle.code.cpp.ir.implementation.raw.IR import TestUtilities.InlineExpectationsTest -class IRTypesTest extends InlineExpectationsTest { - IRTypesTest() { this = "IRTypesTest" } +module IRTypesTest implements TestSig { + string getARelevantTag() { result = "irtype" } - override string getARelevantTag() { result = "irtype" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(IRUserVariable irVar | location = irVar.getLocation() and element = irVar.toString() and @@ -16,3 +14,5 @@ class IRTypesTest extends InlineExpectationsTest { ) } } + +import MakeTest<IRTypesTest> From deee3143700d507ef7c7f8f0c21b9cf1008844e2 Mon Sep 17 00:00:00 2001 From: Tom Hvitved <hvitved@github.com> Date: Thu, 4 May 2023 13:21:46 +0200 Subject: [PATCH 619/870] Python/Ruby: Optimize join-order in `TypeTracker::[small]step` --- .../dataflow/new/internal/TypeTracker.qll | 170 ++++++++++++++++-- .../codeql/ruby/typetracking/TypeTracker.qll | 170 ++++++++++++++++-- 2 files changed, 320 insertions(+), 20 deletions(-) diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll index d4d9e1f31f5..4be26f6cea9 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll @@ -224,6 +224,74 @@ private module Cached { private import Cached +pragma[nomagic] +private predicate stepNoCallProj(TypeTrackingNode nodeFrom, StepSummary summary) { + stepNoCall(nodeFrom, _, summary) +} + +bindingset[nodeFrom, t] +pragma[inline_late] +pragma[noopt] +private TypeTracker stepNoCallInlineLate( + TypeTracker t, TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo +) { + exists(StepSummary summary | + stepNoCallProj(nodeFrom, summary) and + result = t.append(summary) and + stepNoCall(nodeFrom, nodeTo, summary) + ) +} + +pragma[nomagic] +private predicate stepCallProj(TypeTrackingNode nodeFrom, StepSummary summary) { + stepCall(nodeFrom, _, summary) +} + +bindingset[nodeFrom, t] +pragma[inline_late] +pragma[noopt] +private TypeTracker stepCallInlineLate( + TypeTracker t, TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo +) { + exists(StepSummary summary | + stepCallProj(nodeFrom, summary) and + result = t.append(summary) and + stepCall(nodeFrom, nodeTo, summary) + ) +} + +pragma[nomagic] +private predicate smallstepNoCallProj(Node nodeFrom, StepSummary summary) { + smallstepNoCall(nodeFrom, _, summary) +} + +bindingset[nodeFrom, t] +pragma[inline_late] +pragma[noopt] +private TypeTracker smallstepNoCallInlineLate(TypeTracker t, Node nodeFrom, Node nodeTo) { + exists(StepSummary summary | + smallstepNoCallProj(nodeFrom, summary) and + result = t.append(summary) and + smallstepNoCall(nodeFrom, nodeTo, summary) + ) +} + +pragma[nomagic] +private predicate smallstepCallProj(Node nodeFrom, StepSummary summary) { + smallstepCall(nodeFrom, _, summary) +} + +bindingset[nodeFrom, t] +pragma[inline_late] +pragma[noopt] +private TypeTracker smallstepCallInlineLate(TypeTracker t, Node nodeFrom, Node nodeTo) { + exists(StepSummary summary | + smallstepCallProj(nodeFrom, summary) and + result = t.append(summary) and + smallstepCall(nodeFrom, nodeTo, summary) + ) +} + /** * Holds if `nodeFrom` is being written to the `content` of the object in `nodeTo`. * @@ -296,6 +364,24 @@ class StepSummary extends TStepSummary { /** Provides predicates for updating step summaries (`StepSummary`s). */ module StepSummary { + /** + * Gets the summary that corresponds to having taken a forwards + * inter-procedural step from `nodeFrom` to `nodeTo`. + * + * This predicate should normally not be used; consider using `step` + * instead. + */ + predicate stepCall = Cached::stepCall/3; + + /** + * Gets the summary that corresponds to having taken a forwards + * intra-procedural step from `nodeFrom` to `nodeTo`. + * + * This predicate should normally not be used; consider using `step` + * instead. + */ + predicate stepNoCall = Cached::stepNoCall/3; + /** * Gets the summary that corresponds to having taken a forwards * heap and/or inter-procedural step from `nodeFrom` to `nodeTo`. @@ -313,6 +399,24 @@ module StepSummary { stepCall(nodeFrom, nodeTo, summary) } + /** + * Gets the summary that corresponds to having taken a forwards + * inter-procedural step from `nodeFrom` to `nodeTo`. + * + * This predicate should normally not be used; consider using `step` + * instead. + */ + predicate smallstepNoCall = Cached::smallstepNoCall/3; + + /** + * Gets the summary that corresponds to having taken a forwards + * intra-procedural step from `nodeFrom` to `nodeTo`. + * + * This predicate should normally not be used; consider using `step` + * instead. + */ + predicate smallstepCall = Cached::smallstepCall/3; + /** * Gets the summary that corresponds to having taken a forwards * local, heap and/or inter-procedural step from `nodeFrom` to `nodeTo`. @@ -425,16 +529,66 @@ class TypeTracker extends TTypeTracker { */ TypeTracker continue() { content = noContent() and result = this } + /** + * Gets the summary that corresponds to having taken a forwards + * intra-procedural step from `nodeFrom` to `nodeTo`. + * + * This predicate should normally not be used; consider using `step` + * instead. + */ + pragma[inline] + TypeTracker stepNoCall(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo) { + result = stepNoCallInlineLate(this, nodeFrom, nodeTo) + } + + /** + * Gets the summary that corresponds to having taken a forwards + * inter-procedural step from `nodeFrom` to `nodeTo`. + * + * This predicate should normally not be used; consider using `step` + * instead. + */ + pragma[inline] + TypeTracker stepCall(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo) { + result = stepCallInlineLate(this, nodeFrom, nodeTo) + } + /** * Gets the summary that corresponds to having taken a forwards * heap and/or inter-procedural step from `nodeFrom` to `nodeTo`. */ pragma[inline] TypeTracker step(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo) { - exists(StepSummary summary | - StepSummary::step(nodeFrom, pragma[only_bind_out](nodeTo), pragma[only_bind_into](summary)) and - result = this.append(pragma[only_bind_into](summary)) - ) + result = this.stepNoCall(nodeFrom, nodeTo) + or + result = this.stepCall(nodeFrom, nodeTo) + } + + /** + * Gets the summary that corresponds to having taken a forwards + * intra-procedural step from `nodeFrom` to `nodeTo`. + * + * This predicate should normally not be used; consider using `step` + * instead. + */ + pragma[inline] + TypeTracker smallstepNoCall(Node nodeFrom, Node nodeTo) { + result = smallstepNoCallInlineLate(this, nodeFrom, nodeTo) + or + simpleLocalFlowStep(nodeFrom, nodeTo) and + result = this + } + + /** + * Gets the summary that corresponds to having taken a forwards + * inter-procedural step from `nodeFrom` to `nodeTo`. + * + * This predicate should normally not be used; consider using `step` + * instead. + */ + pragma[inline] + TypeTracker smallstepCall(Node nodeFrom, Node nodeTo) { + result = smallstepCallInlineLate(this, nodeFrom, nodeTo) } /** @@ -463,13 +617,9 @@ class TypeTracker extends TTypeTracker { */ pragma[inline] TypeTracker smallstep(Node nodeFrom, Node nodeTo) { - exists(StepSummary summary | - StepSummary::smallstep(nodeFrom, nodeTo, summary) and - result = this.append(summary) - ) + result = this.smallstepNoCall(nodeFrom, nodeTo) or - simpleLocalFlowStep(nodeFrom, nodeTo) and - result = this + result = this.smallstepCall(nodeFrom, nodeTo) } } diff --git a/ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll b/ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll index d4d9e1f31f5..4be26f6cea9 100644 --- a/ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll +++ b/ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll @@ -224,6 +224,74 @@ private module Cached { private import Cached +pragma[nomagic] +private predicate stepNoCallProj(TypeTrackingNode nodeFrom, StepSummary summary) { + stepNoCall(nodeFrom, _, summary) +} + +bindingset[nodeFrom, t] +pragma[inline_late] +pragma[noopt] +private TypeTracker stepNoCallInlineLate( + TypeTracker t, TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo +) { + exists(StepSummary summary | + stepNoCallProj(nodeFrom, summary) and + result = t.append(summary) and + stepNoCall(nodeFrom, nodeTo, summary) + ) +} + +pragma[nomagic] +private predicate stepCallProj(TypeTrackingNode nodeFrom, StepSummary summary) { + stepCall(nodeFrom, _, summary) +} + +bindingset[nodeFrom, t] +pragma[inline_late] +pragma[noopt] +private TypeTracker stepCallInlineLate( + TypeTracker t, TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo +) { + exists(StepSummary summary | + stepCallProj(nodeFrom, summary) and + result = t.append(summary) and + stepCall(nodeFrom, nodeTo, summary) + ) +} + +pragma[nomagic] +private predicate smallstepNoCallProj(Node nodeFrom, StepSummary summary) { + smallstepNoCall(nodeFrom, _, summary) +} + +bindingset[nodeFrom, t] +pragma[inline_late] +pragma[noopt] +private TypeTracker smallstepNoCallInlineLate(TypeTracker t, Node nodeFrom, Node nodeTo) { + exists(StepSummary summary | + smallstepNoCallProj(nodeFrom, summary) and + result = t.append(summary) and + smallstepNoCall(nodeFrom, nodeTo, summary) + ) +} + +pragma[nomagic] +private predicate smallstepCallProj(Node nodeFrom, StepSummary summary) { + smallstepCall(nodeFrom, _, summary) +} + +bindingset[nodeFrom, t] +pragma[inline_late] +pragma[noopt] +private TypeTracker smallstepCallInlineLate(TypeTracker t, Node nodeFrom, Node nodeTo) { + exists(StepSummary summary | + smallstepCallProj(nodeFrom, summary) and + result = t.append(summary) and + smallstepCall(nodeFrom, nodeTo, summary) + ) +} + /** * Holds if `nodeFrom` is being written to the `content` of the object in `nodeTo`. * @@ -296,6 +364,24 @@ class StepSummary extends TStepSummary { /** Provides predicates for updating step summaries (`StepSummary`s). */ module StepSummary { + /** + * Gets the summary that corresponds to having taken a forwards + * inter-procedural step from `nodeFrom` to `nodeTo`. + * + * This predicate should normally not be used; consider using `step` + * instead. + */ + predicate stepCall = Cached::stepCall/3; + + /** + * Gets the summary that corresponds to having taken a forwards + * intra-procedural step from `nodeFrom` to `nodeTo`. + * + * This predicate should normally not be used; consider using `step` + * instead. + */ + predicate stepNoCall = Cached::stepNoCall/3; + /** * Gets the summary that corresponds to having taken a forwards * heap and/or inter-procedural step from `nodeFrom` to `nodeTo`. @@ -313,6 +399,24 @@ module StepSummary { stepCall(nodeFrom, nodeTo, summary) } + /** + * Gets the summary that corresponds to having taken a forwards + * inter-procedural step from `nodeFrom` to `nodeTo`. + * + * This predicate should normally not be used; consider using `step` + * instead. + */ + predicate smallstepNoCall = Cached::smallstepNoCall/3; + + /** + * Gets the summary that corresponds to having taken a forwards + * intra-procedural step from `nodeFrom` to `nodeTo`. + * + * This predicate should normally not be used; consider using `step` + * instead. + */ + predicate smallstepCall = Cached::smallstepCall/3; + /** * Gets the summary that corresponds to having taken a forwards * local, heap and/or inter-procedural step from `nodeFrom` to `nodeTo`. @@ -425,16 +529,66 @@ class TypeTracker extends TTypeTracker { */ TypeTracker continue() { content = noContent() and result = this } + /** + * Gets the summary that corresponds to having taken a forwards + * intra-procedural step from `nodeFrom` to `nodeTo`. + * + * This predicate should normally not be used; consider using `step` + * instead. + */ + pragma[inline] + TypeTracker stepNoCall(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo) { + result = stepNoCallInlineLate(this, nodeFrom, nodeTo) + } + + /** + * Gets the summary that corresponds to having taken a forwards + * inter-procedural step from `nodeFrom` to `nodeTo`. + * + * This predicate should normally not be used; consider using `step` + * instead. + */ + pragma[inline] + TypeTracker stepCall(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo) { + result = stepCallInlineLate(this, nodeFrom, nodeTo) + } + /** * Gets the summary that corresponds to having taken a forwards * heap and/or inter-procedural step from `nodeFrom` to `nodeTo`. */ pragma[inline] TypeTracker step(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo) { - exists(StepSummary summary | - StepSummary::step(nodeFrom, pragma[only_bind_out](nodeTo), pragma[only_bind_into](summary)) and - result = this.append(pragma[only_bind_into](summary)) - ) + result = this.stepNoCall(nodeFrom, nodeTo) + or + result = this.stepCall(nodeFrom, nodeTo) + } + + /** + * Gets the summary that corresponds to having taken a forwards + * intra-procedural step from `nodeFrom` to `nodeTo`. + * + * This predicate should normally not be used; consider using `step` + * instead. + */ + pragma[inline] + TypeTracker smallstepNoCall(Node nodeFrom, Node nodeTo) { + result = smallstepNoCallInlineLate(this, nodeFrom, nodeTo) + or + simpleLocalFlowStep(nodeFrom, nodeTo) and + result = this + } + + /** + * Gets the summary that corresponds to having taken a forwards + * inter-procedural step from `nodeFrom` to `nodeTo`. + * + * This predicate should normally not be used; consider using `step` + * instead. + */ + pragma[inline] + TypeTracker smallstepCall(Node nodeFrom, Node nodeTo) { + result = smallstepCallInlineLate(this, nodeFrom, nodeTo) } /** @@ -463,13 +617,9 @@ class TypeTracker extends TTypeTracker { */ pragma[inline] TypeTracker smallstep(Node nodeFrom, Node nodeTo) { - exists(StepSummary summary | - StepSummary::smallstep(nodeFrom, nodeTo, summary) and - result = this.append(summary) - ) + result = this.smallstepNoCall(nodeFrom, nodeTo) or - simpleLocalFlowStep(nodeFrom, nodeTo) and - result = this + result = this.smallstepCall(nodeFrom, nodeTo) } } From 13ada1e6ad4643bf146b456c26fbd844d752dbdb Mon Sep 17 00:00:00 2001 From: Tom Hvitved <hvitved@github.com> Date: Thu, 4 May 2023 13:21:41 +0200 Subject: [PATCH 620/870] Ruby: Remove canonical return nodes --- ruby/ql/lib/codeql/ruby/ApiGraphs.qll | 4 +- .../dataflow/internal/DataFlowDispatch.qll | 227 ++++++++++++------ .../dataflow/internal/DataFlowPrivate.qll | 137 ++++------- .../ruby/dataflow/internal/DataFlowPublic.qll | 31 ++- .../codeql/ruby/frameworks/ActiveRecord.qll | 7 +- ruby/ql/lib/codeql/ruby/frameworks/Rack.qll | 2 +- .../frameworks/actioncontroller/Filters.qll | 4 +- .../ruby/typetracking/TypeTrackerSpecific.qll | 41 +--- .../library-tests/dataflow/local/Nodes.ql | 2 +- .../type-tracker/TypeTracker.expected | 203 ---------------- 10 files changed, 235 insertions(+), 423 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/ApiGraphs.qll b/ruby/ql/lib/codeql/ruby/ApiGraphs.qll index b1320d047cc..1cf4c445781 100644 --- a/ruby/ql/lib/codeql/ruby/ApiGraphs.qll +++ b/ruby/ql/lib/codeql/ruby/ApiGraphs.qll @@ -778,7 +778,7 @@ module API { or exists(TypeTracker t2 | result = trackUseNode(src, t2).track(t2, t) and - not result instanceof DataFlowPrivate::SelfParameterNode + not result instanceof DataFlow::SelfParameterNode ) } @@ -800,7 +800,7 @@ module API { or exists(TypeBackTracker t2, DataFlow::LocalSourceNode mid | mid = trackDefNode(rhs, t2) and - not mid instanceof DataFlowPrivate::SelfParameterNode and + not mid instanceof DataFlow::SelfParameterNode and result = mid.backtrack(t2, t) ) } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll index 2b4c030707b..410867c7ead 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll @@ -10,16 +10,17 @@ private import codeql.ruby.dataflow.FlowSummary private import codeql.ruby.dataflow.SSA /** - * A `LocalSourceNode` for a `self` variable. This is either an implicit `self` - * parameter or an implicit SSA entry definition. + * A `LocalSourceNode` for a `self` variable. This is the implicit `self` + * parameter, when it exists, otherwise the implicit SSA entry definition. */ private class SelfLocalSourceNode extends DataFlow::LocalSourceNode { private SelfVariable self; SelfLocalSourceNode() { - self = this.(SelfParameterNode).getSelfVariable() + self = this.(SelfParameterNodeImpl).getSelfVariable() or - self = this.(SsaSelfDefinitionNode).getVariable() + self = this.(SsaSelfDefinitionNode).getVariable() and + not LocalFlow::localFlowSsaParamInput(_, this) } /** Gets the `self` variable. */ @@ -469,23 +470,43 @@ private module Cached { import Cached +pragma[nomagic] +private predicate stepCallProj(DataFlow::LocalSourceNode nodeFrom, StepSummary summary) { + StepSummary::stepCall(nodeFrom, _, summary) +} + +pragma[nomagic] +private predicate isNotSelf(DataFlow::Node n) { not n instanceof SelfParameterNodeImpl } + pragma[nomagic] private DataFlow::LocalSourceNode trackModuleAccess(Module m, TypeTracker t) { t.start() and m = resolveConstantReadAccess(result.asExpr().getExpr()) or - exists(TypeTracker t2, StepSummary summary | - result = trackModuleAccessRec(m, t2, summary) and t = t2.append(summary) + // We exclude steps into `self` parameters, and instead rely on the type of the + // enclosing module + isNotSelf(result) and + ( + exists(TypeTracker t2 | t = t2.stepNoCall(trackModuleAccess(m, t2), result)) + or + exists(StepSummary summary | + // non-linear recursion + StepSummary::stepCall(trackModuleAccessCall(m, t, summary), result, summary) + ) ) } -/** - * We exclude steps into `self` parameters, and instead rely on the type of the - * enclosing module. - */ +bindingset[t, summary] +pragma[inline_late] +private TypeTracker append(TypeTracker t, StepSummary summary) { result = t.append(summary) } + pragma[nomagic] -private DataFlow::LocalSourceNode trackModuleAccessRec(Module m, TypeTracker t, StepSummary summary) { - StepSummary::step(trackModuleAccess(m, t), result, summary) and - not result instanceof SelfParameterNode +private DataFlow::LocalSourceNode trackModuleAccessCall(Module m, TypeTracker t, StepSummary summary) { + exists(TypeTracker t2 | + // non-linear recursion + result = trackModuleAccess(m, t2) and + stepCallProj(result, summary) and + t = append(t2, summary) + ) } pragma[nomagic] @@ -498,7 +519,7 @@ private predicate hasUserDefinedNew(Module m) { exists(DataFlow::MethodNode method | // not `getAnAncestor` because singleton methods cannot be included singletonMethodOnModule(method.asCallableAstNode(), "new", m.getSuperClass*()) and - not method.getSelfParameter().getAMethodCall("allocate").flowsTo(method.getAReturningNode()) + not method.getSelfParameter().getAMethodCall("allocate").flowsTo(method.getAReturnNode()) ) } @@ -610,6 +631,49 @@ private predicate isInstance(DataFlow::Node n, Module tp, boolean exact) { exact = false } +private predicate localFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo, StepSummary summary) { + localFlowStepTypeTracker(nodeFrom, nodeTo) and + summary.toString() = "level" +} + +pragma[nomagic] +private predicate hasAdjacentTypeCheckedReads(DataFlow::Node node) { + hasAdjacentTypeCheckedReads(_, _, node.asExpr(), _) +} + +pragma[nomagic] +private predicate smallStepNoCallForTrackInstance0( + DataFlow::Node nodeFrom, DataFlow::Node nodeTo, StepSummary summary +) { + // We exclude steps into `self` parameters. For those, we instead rely on the type of + // the enclosing module + StepSummary::smallstepNoCall(nodeFrom, nodeTo, summary) and + isNotSelf(nodeTo) + or + // We exclude steps into type checked variables. For those, we instead rely on the + // type being checked against + localFlowStep(nodeFrom, nodeTo, summary) and + not hasAdjacentTypeCheckedReads(nodeTo) +} + +pragma[nomagic] +private predicate smallStepNoCallForTrackInstance0Proj(DataFlow::Node nodeFrom, StepSummary summary) { + smallStepNoCallForTrackInstance0(nodeFrom, _, summary) +} + +bindingset[t, nodeFrom] +pragma[inline_late] +pragma[noopt] +private TypeTracker smallStepNoCallForTrackInstance( + TypeTracker t, DataFlow::Node nodeFrom, DataFlow::Node nodeTo +) { + exists(StepSummary summary | + smallStepNoCallForTrackInstance0Proj(nodeFrom, summary) and + result = t.append(summary) and + smallStepNoCallForTrackInstance0(nodeFrom, nodeTo, summary) + ) +} + pragma[nomagic] private DataFlow::Node trackInstance(Module tp, boolean exact, TypeTracker t) { t.start() and @@ -631,35 +695,33 @@ private DataFlow::Node trackInstance(Module tp, boolean exact, TypeTracker t) { ) ) or - exists(TypeTracker t2, StepSummary summary | - result = trackInstanceRec(tp, t2, exact, summary) and t = t2.append(summary) + exists(TypeTracker t2 | + t = smallStepNoCallForTrackInstance(t2, trackInstance(tp, exact, t2), result) + ) + or + // We exclude steps into `self` parameters. For those, we instead rely on the type of + // the enclosing module + exists(StepSummary summary | + // non-linear recursion + StepSummary::smallstepCall(trackInstanceCall(tp, t, exact, summary), result, summary) and + isNotSelf(result) ) } -private predicate localFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo, StepSummary summary) { - localFlowStepTypeTracker(nodeFrom, nodeTo) and - summary.toString() = "level" +pragma[nomagic] +private predicate smallStepCallProj(DataFlow::Node nodeFrom, StepSummary summary) { + StepSummary::smallstepCall(nodeFrom, _, summary) } pragma[nomagic] -private predicate hasAdjacentTypeCheckedReads(DataFlow::Node node) { - hasAdjacentTypeCheckedReads(_, _, node.asExpr(), _) -} - -/** - * We exclude steps into `self` parameters and type checked variables. For those, - * we instead rely on the type of the enclosing module resp. the type being checked - * against, and apply an open-world assumption when determining possible dispatch - * targets. - */ -pragma[nomagic] -private DataFlow::Node trackInstanceRec(Module tp, TypeTracker t, boolean exact, StepSummary summary) { - exists(DataFlow::Node mid | mid = trackInstance(tp, exact, t) | - StepSummary::smallstep(mid, result, summary) and - not result instanceof SelfParameterNode - or - localFlowStep(mid, result, summary) and - not hasAdjacentTypeCheckedReads(result) +private DataFlow::Node trackInstanceCall( + Module tp, TypeTracker t, boolean exact, StepSummary summary +) { + exists(TypeTracker t2 | + // non-linear recursion + result = trackInstance(tp, exact, t2) and + smallStepCallProj(result, summary) and + t = append(t2, summary) ) } @@ -710,20 +772,27 @@ pragma[nomagic] private DataFlow::LocalSourceNode trackBlock(Block block, TypeTracker t) { t.start() and result.asExpr().getExpr() = block or - exists(TypeTracker t2, StepSummary summary | - result = trackBlockRec(block, t2, summary) and - t = t2.append(summary) + // We exclude steps into `self` parameters, which may happen when the code + // base contains implementations of `call`. + isNotSelf(result) and + ( + exists(TypeTracker t2 | t = t2.stepNoCall(trackBlock(block, t2), result)) + or + exists(StepSummary summary | + // non-linear recursion + StepSummary::stepCall(trackBlockCall(block, t, summary), result, summary) + ) ) } -/** - * We exclude steps into `self` parameters, which may happen when the code - * base contains implementations of `call`. - */ pragma[nomagic] -private DataFlow::LocalSourceNode trackBlockRec(Block block, TypeTracker t, StepSummary summary) { - StepSummary::step(trackBlock(block, t), result, summary) and - not result instanceof SelfParameterNode +private DataFlow::LocalSourceNode trackBlockCall(Block block, TypeTracker t, StepSummary summary) { + exists(TypeTracker t2 | + // non-linear recursion + result = trackBlock(block, t2) and + stepCallProj(result, summary) and + t = append(t2, summary) + ) } pragma[nomagic] @@ -942,7 +1011,7 @@ private predicate paramReturnFlow( | nodeFromPreExpr = p.getParameter().(NamedParameter).getVariable().getAnAccess() or - nodeFromPreExpr = p.(SelfParameterNode).getSelfVariable().getAnAccess() + nodeFromPreExpr = p.(SelfParameterNodeImpl).getSelfVariable().getAnAccess() ) } @@ -951,31 +1020,53 @@ private DataFlow::Node trackSingletonMethodOnInstance(MethodBase method, string t.start() and singletonMethodOnInstance(method, name, result.asExpr().getExpr()) or - exists(TypeTracker t2, StepSummary summary | - result = trackSingletonMethodOnInstanceRec(method, name, t2, summary) and - t = t2.append(summary) and - // Stop flow at redefinitions. - // - // Example: - // ```rb - // def x.foo; end - // def x.foo; end - // x.foo # <- we want to resolve this call to the second definition only - // ``` - not singletonMethodOnInstance(_, name, result.asExpr().getExpr()) - ) + ( + exists(TypeTracker t2 | + t = t2.smallstepNoCall(trackSingletonMethodOnInstance(method, name, t2), result) + ) + or + exists(StepSummary summary | + // non-linear recursion + smallStepCallForTrackSingletonMethodOnInstance(trackSingletonMethodOnInstanceCall(method, + name, t, summary), result, summary) + ) + ) and + // Stop flow at redefinitions. + // + // Example: + // ```rb + // def x.foo; end + // def x.foo; end + // x.foo # <- we want to resolve this call to the second definition only + // ``` + not singletonMethodOnInstance(_, name, result.asExpr().getExpr()) } pragma[nomagic] -private DataFlow::Node trackSingletonMethodOnInstanceRec( +private predicate smallStepCallForTrackSingletonMethodOnInstance( + DataFlow::Node nodeFrom, DataFlow::Node nodeTo, StepSummary summary +) { + StepSummary::smallstepCall(nodeFrom, nodeTo, summary) + or + paramReturnFlow(nodeFrom, nodeTo, summary) +} + +pragma[nomagic] +private predicate smallStepCallForTrackSingletonMethodOnInstanceProj( + DataFlow::Node nodeFrom, StepSummary summary +) { + smallStepCallForTrackSingletonMethodOnInstance(nodeFrom, _, summary) +} + +pragma[nomagic] +private DataFlow::Node trackSingletonMethodOnInstanceCall( MethodBase method, string name, TypeTracker t, StepSummary summary ) { - exists(DataFlow::Node mid | mid = trackSingletonMethodOnInstance(method, name, t) | - StepSummary::smallstep(mid, result, summary) - or - paramReturnFlow(mid, result, summary) - or - localFlowStep(mid, result, summary) + exists(TypeTracker t2 | + // non-linear recursion + result = trackSingletonMethodOnInstance(method, name, t2) and + smallStepCallForTrackSingletonMethodOnInstanceProj(result, summary) and + t = append(t2, summary) ) } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll index d6908827ba9..6a7d87e9bd5 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll @@ -131,10 +131,10 @@ module LocalFlow { /** * Holds if `nodeFrom` is a parameter node, and `nodeTo` is a corresponding SSA node. */ - predicate localFlowSsaParamInput(Node nodeFrom, Node nodeTo) { + predicate localFlowSsaParamInput(Node nodeFrom, SsaDefinitionExtNode nodeTo) { nodeTo = getParameterDefNode(nodeFrom.(ParameterNodeImpl).getParameter()) or - nodeTo = getSelfParameterDefNode(nodeFrom.(SelfParameterNode).getMethod()) + nodeTo = getSelfParameterDefNode(nodeFrom.(SelfParameterNodeImpl).getMethod()) } /** @@ -143,14 +143,13 @@ module LocalFlow { * * This is intended to recover from flow not currently recognised by ordinary capture flow. */ - predicate localFlowSsaParamCaptureInput(Node nodeFrom, Node nodeTo) { - exists(Ssa::CapturedEntryDefinition def, ParameterNodeImpl p | - (nodeFrom = p or LocalFlow::localFlowSsaParamInput(p, nodeFrom)) and + predicate localFlowSsaParamCaptureInput(ParameterNodeImpl nodeFrom, Node nodeTo) { + exists(Ssa::CapturedEntryDefinition def | nodeTo.(SsaDefinitionExtNode).getDefinitionExt() = def | - p.getParameter().(NamedParameter).getVariable() = def.getSourceVariable() + nodeFrom.getParameter().(NamedParameter).getVariable() = def.getSourceVariable() or - p.(SelfParameterNode).getSelfVariable() = def.getSourceVariable() + nodeFrom.(SelfParameterNode).getSelfVariable() = def.getSourceVariable() ) } @@ -164,7 +163,7 @@ module LocalFlow { /** * Holds if there is a local flow step from `nodeFrom` to `nodeTo` involving - * SSA definition `def`. + * some SSA definition. */ private predicate localSsaFlowStep(Node nodeFrom, Node nodeTo) { exists(SsaImpl::DefinitionExt def | @@ -182,6 +181,8 @@ module LocalFlow { // Flow into phi (read) SSA definition node from def localFlowSsaInputFromDef(nodeFrom, def, nodeTo) ) + or + localFlowSsaParamInput(nodeFrom, nodeTo) // TODO // or // // Flow into uncertain SSA definition @@ -223,6 +224,13 @@ module LocalFlow { op.getExpr() instanceof BinaryLogicalOperation and nodeFrom.asExpr() = op.getAnOperand() ) + or + nodeTo.(ParameterNodeImpl).getParameter() = + any(NamedParameter p | + p.(OptionalParameter).getDefaultValue() = nodeFrom.asExpr().getExpr() + or + p.(KeywordParameter).getDefaultValue() = nodeFrom.asExpr().getExpr() + ) } } @@ -279,12 +287,6 @@ private module Cached { newtype TNode = TExprNode(CfgNodes::ExprCfgNode n) { TaintTrackingPrivate::forceCachingInSameStage() } or TReturningNode(CfgNodes::ReturningCfgNode n) or - TSynthReturnNode(CfgScope scope, ReturnKind kind) { - exists(ReturningNode ret | - ret.(NodeImpl).getCfgScope() = scope and - ret.getKind() = kind - ) - } or TSsaDefinitionExtNode(SsaImpl::DefinitionExt def) or TNormalParameterNode(Parameter p) { p instanceof SimpleParameter or @@ -326,12 +328,6 @@ private module Cached { TNormalParameterNode or TBlockParameterNode or TSelfParameterNode or TSynthHashSplatParameterNode or TSummaryParameterNode; - private predicate defaultValueFlow(NamedParameter p, ExprNode e) { - p.(OptionalParameter).getDefaultValue() = e.getExprNode().getExpr() - or - p.(KeywordParameter).getDefaultValue() = e.getExprNode().getExpr() - } - cached Location getLocation(NodeImpl n) { result = n.getLocationImpl() } @@ -346,12 +342,6 @@ private module Cached { predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) { LocalFlow::localFlowStepCommon(nodeFrom, nodeTo) or - defaultValueFlow(nodeTo.(ParameterNodeImpl).getParameter(), nodeFrom) - or - LocalFlow::localFlowSsaParamInput(nodeFrom, nodeTo) - or - nodeTo.(SynthReturnNode).getAnInput() = nodeFrom - or LocalFlow::localSsaFlowStepUseUse(_, nodeFrom, nodeTo) and not FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow(nodeFrom, _) or @@ -373,10 +363,6 @@ private module Cached { predicate localFlowStepImpl(Node nodeFrom, Node nodeTo) { LocalFlow::localFlowStepCommon(nodeFrom, nodeTo) or - defaultValueFlow(nodeTo.(ParameterNodeImpl).getParameter(), nodeFrom) - or - LocalFlow::localFlowSsaParamInput(nodeFrom, nodeTo) - or LocalFlow::localSsaFlowStepUseUse(_, nodeFrom, nodeTo) or // Simple flow through library code is included in the exposed local @@ -386,19 +372,11 @@ private module Cached { /** * This is the local flow predicate that is used in type tracking. - * - * This needs to exclude `localFlowSsaParamInput` due to a performance trick - * in type tracking, where such steps are treated as call steps. */ cached predicate localFlowStepTypeTracker(Node nodeFrom, Node nodeTo) { LocalFlow::localFlowStepCommon(nodeFrom, nodeTo) or - exists(NamedParameter p | - defaultValueFlow(p, nodeFrom) and - nodeTo = LocalFlow::getParameterDefNode(p) - ) - or LocalFlow::localSsaFlowStepUseUse(_, nodeFrom, nodeTo) or // Flow into phi node from read @@ -440,12 +418,10 @@ private module Cached { n instanceof ExprNode and not reachedFromExprOrEntrySsaDef(n) or - // Ensure all entry SSA definitions are local sources -- for parameters, this - // is needed by type tracking - entrySsaDefinition(n) - or - // Needed for flow out in type tracking - n instanceof SynthReturnNode + // Ensure all entry SSA definitions are local sources, except those that correspond + // to parameters (which are themselves local sources) + entrySsaDefinition(n) and + not LocalFlow::localFlowSsaParamInput(_, n) or // Needed for stores in type tracking TypeTrackerSpecific::storeStepIntoSourceNode(_, n, _) @@ -507,7 +483,7 @@ private module Cached { */ cached predicate exprNodeReturnedFromCached(ExprNode e, Callable c) { - exists(ReturningNode r | + exists(ReturnNode r | nodeGetEnclosingCallable(r).asCallable() = c and ( r.(ExplicitReturnNode).getReturningNode().getReturnedValueNode() = e.asExpr() or @@ -542,8 +518,6 @@ predicate nodeIsHidden(Node n) { or n instanceof SummaryParameterNode or - n instanceof SynthReturnNode - or n instanceof SynthHashSplatParameterNode or n instanceof SynthHashSplatArgumentNode @@ -658,10 +632,10 @@ private module ParameterNodes { * The value of the `self` parameter at function entry, viewed as a node in a data * flow graph. */ - class SelfParameterNode extends ParameterNodeImpl, TSelfParameterNode { + class SelfParameterNodeImpl extends ParameterNodeImpl, TSelfParameterNode { private MethodBase method; - SelfParameterNode() { this = TSelfParameterNode(method) } + SelfParameterNodeImpl() { this = TSelfParameterNode(method) } final MethodBase getMethod() { result = method } @@ -937,24 +911,26 @@ private class NewCall extends DataFlowCall { NewCall() { this.asCall().getExpr().(MethodCall).getMethodName() = "new" } } -/** A data-flow node that represents a value syntactically returned by a callable. */ -abstract class ReturningNode extends Node { - /** Gets the kind of this return node. */ - abstract ReturnKind getKind(); - - pragma[nomagic] - predicate hasKind(ReturnKind kind, CfgScope scope) { - kind = this.getKind() and - scope = this.(NodeImpl).getCfgScope() - } -} - /** A data-flow node that represents a value returned by a callable. */ abstract class ReturnNode extends Node { /** Gets the kind of this return node. */ abstract ReturnKind getKind(); } +/** A data-flow node that represents a value returned by a callable. */ +abstract class SourceReturnNode extends ReturnNode { + /** Gets the kind of this return node. */ + abstract ReturnKind getKindSource(); // only exists to avoid spurious negative recursion + + final override ReturnKind getKind() { result = this.getKindSource() } + + pragma[nomagic] + predicate hasKind(ReturnKind kind, CfgScope scope) { + kind = this.getKindSource() and + scope = this.(NodeImpl).getCfgScope() + } +} + private module ReturnNodes { private predicate isValid(CfgNodes::ReturningCfgNode node) { exists(ReturningStmt stmt, Callable scope | @@ -976,14 +952,14 @@ private module ReturnNodes { * A data-flow node that represents an expression explicitly returned by * a callable. */ - class ExplicitReturnNode extends ReturningNode, ReturningStatementNode { + class ExplicitReturnNode extends SourceReturnNode, ReturningStatementNode { ExplicitReturnNode() { isValid(n) and n.getASuccessor().(CfgNodes::AnnotatedExitNode).isNormal() and n.getScope() instanceof Callable } - override ReturnKind getKind() { + override ReturnKind getKindSource() { if n.getNode() instanceof BreakStmt then result instanceof BreakReturnKind else @@ -1012,10 +988,10 @@ private module ReturnNodes { * a callable. An implicit return happens when an expression can be the * last thing that is evaluated in the body of the callable. */ - class ExprReturnNode extends ReturningNode, ExprNode { + class ExprReturnNode extends SourceReturnNode, ExprNode { ExprReturnNode() { exists(Callable c | implicitReturn(c, this) = c.getAStmt()) } - override ReturnKind getKind() { + override ReturnKind getKindSource() { exists(CfgScope scope | scope = this.(NodeImpl).getCfgScope() | if isUserDefinedNew(scope) then result instanceof NewReturnKind @@ -1040,7 +1016,7 @@ private module ReturnNodes { * the implicit `self` reference in `@x` will return data stored in the field * `x` out to the call `C.new`. */ - class InitializeReturnNode extends ExprPostUpdateNode, ReturningNode { + class InitializeReturnNode extends ExprPostUpdateNode, ReturnNode { InitializeReturnNode() { exists(Method initialize | this.getCfgScope() = initialize and @@ -1053,32 +1029,6 @@ private module ReturnNodes { override ReturnKind getKind() { result instanceof NewReturnKind } } - /** - * A synthetic data-flow node for joining flow from different syntactic - * returns into a single node. - * - * This node only exists to avoid computing the product of a large fan-in - * with a large fan-out. - */ - class SynthReturnNode extends NodeImpl, ReturnNode, TSynthReturnNode { - private CfgScope scope; - private ReturnKind kind; - - SynthReturnNode() { this = TSynthReturnNode(scope, kind) } - - /** Gets a syntactic return node that flows into this synthetic node. */ - pragma[nomagic] - ReturningNode getAnInput() { result.hasKind(kind, scope) } - - override ReturnKind getKind() { result = kind } - - override CfgScope getCfgScope() { result = scope } - - override Location getLocationImpl() { result = scope.getLocation() } - - override string toStringImpl() { result = "return " + kind + " in " + scope } - } - private class SummaryReturnNode extends SummaryNode, ReturnNode { private ReturnKind rk; @@ -1339,9 +1289,6 @@ private import PostUpdateNodes /** A node that performs a type cast. */ class CastNode extends Node { CastNode() { - // ensure that actual return nodes are included in the path graph - this instanceof ReturningNode - or // ensure that all variable assignments are included in the path graph this.(SsaDefinitionExtNode).getDefinitionExt() instanceof Ssa::WriteDefinition } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll index 9d668e0b300..501cf70593e 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPublic.qll @@ -195,10 +195,22 @@ class ParameterNode extends LocalSourceNode, TParameterNode instanceof Parameter /** Gets the parameter corresponding to this node, if any. */ final Parameter getParameter() { result = super.getParameter() } + /** Gets the callable that this parameter belongs to. */ + final Callable getCallable() { result = super.getCfgScope() } + /** Gets the name of the parameter, if any. */ final string getName() { result = this.getParameter().(NamedParameter).getName() } } +/** + * The value of an implicit `self` parameter at function entry, viewed as a node in a data + * flow graph. + */ +class SelfParameterNode extends ParameterNode instanceof SelfParameterNodeImpl { + /** Gets the underlying `self` variable. */ + final SelfVariable getSelfVariable() { result = super.getSelfVariable() } +} + /** * A data-flow node that is a source of local flow. */ @@ -328,9 +340,6 @@ private module Cached { exists(Node mid | hasLocalSource(mid, source) | localFlowStepTypeTracker(mid, sink) or - // Explicitly include the SSA param input step as type-tracking omits this step. - LocalFlow::localFlowSsaParamInput(mid, sink) - or LocalFlow::localFlowSsaParamCaptureInput(mid, sink) ) } @@ -1176,19 +1185,15 @@ class CallableNode extends StmtSequenceNode { result = this.getBlockParameter().getAMethodCall("call") } - /** - * Gets the canonical return node from this callable. - * - * Each callable has exactly one such node, and its location may not correspond - * to any particular return site - consider using `getAReturningNode` to get nodes - * whose locations correspond to return sites. - */ - Node getReturn() { result.(SynthReturnNode).getCfgScope() = callable } - /** * Gets a data flow node whose value is about to be returned by this callable. */ - Node getAReturningNode() { result = this.getReturn().(SynthReturnNode).getAnInput() } + Node getAReturnNode() { result.(ReturnNode).(NodeImpl).getCfgScope() = callable } + + /** + * DEPRECATED. Use `getAReturnNode` instead. + */ + deprecated Node getAReturningNode() { result = this.getAReturnNode() } } /** diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll index 5869486ac91..fcca078f933 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll @@ -7,7 +7,6 @@ private import codeql.ruby.Concepts private import codeql.ruby.controlflow.CfgNodes private import codeql.ruby.DataFlow private import codeql.ruby.dataflow.internal.DataFlowDispatch -private import codeql.ruby.dataflow.internal.DataFlowPrivate private import codeql.ruby.ApiGraphs private import codeql.ruby.frameworks.Stdlib private import codeql.ruby.frameworks.Core @@ -319,19 +318,19 @@ private class ActiveRecordModelFinderCall extends ActiveRecordModelInstantiation // A `self` reference that may resolve to an active record model object private class ActiveRecordModelClassSelfReference extends ActiveRecordModelInstantiation, - SsaSelfDefinitionNode + DataFlow::SelfParameterNode { private ActiveRecordModelClass cls; ActiveRecordModelClassSelfReference() { exists(MethodBase m | - m = this.getCfgScope() and + m = this.getCallable() and m.getEnclosingModule() = cls and m = cls.getAMethod() ) and // In a singleton method, `self` refers to the class itself rather than an // instance of that class - not this.getSelfScope() instanceof SingletonMethod + not this.getSelfVariable().getDeclaringScope() instanceof SingletonMethod } final override ActiveRecordModelClass getClass() { result = cls } diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Rack.qll b/ruby/ql/lib/codeql/ruby/frameworks/Rack.qll index 693cd4c197c..49281c609bd 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/Rack.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/Rack.qll @@ -21,7 +21,7 @@ module Rack { AppCandidate() { call = this.getInstanceMethod("call") and call.getNumberOfParameters() = 1 and - call.getReturn() = trackRackResponse() + call.getAReturnNode() = trackRackResponse() } /** diff --git a/ruby/ql/lib/codeql/ruby/frameworks/actioncontroller/Filters.qll b/ruby/ql/lib/codeql/ruby/frameworks/actioncontroller/Filters.qll index 97ea8de1cd6..bc1766580e9 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/actioncontroller/Filters.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/actioncontroller/Filters.qll @@ -412,9 +412,7 @@ module Filters { /** * Holds if `n` is the self parameter of method `m`. */ - private predicate selfParameter(DataFlowPrivate::SelfParameterNode n, Method m) { - m = n.getMethod() - } + private predicate selfParameter(DataFlow::SelfParameterNode n, Method m) { m = n.getCallable() } /** * A class defining additional jump steps arising from filters. diff --git a/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll b/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll index 7283ffedf09..889d0abbed8 100644 --- a/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll +++ b/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll @@ -79,7 +79,7 @@ predicate jumpStep = DataFlowPrivate::jumpStep/2; /** Holds if there is direct flow from `param` to a return. */ pragma[nomagic] private predicate flowThrough(DataFlowPublic::ParameterNode param) { - exists(DataFlowPrivate::ReturningNode returnNode, DataFlowDispatch::ReturnKind rk | + exists(DataFlowPrivate::SourceReturnNode returnNode, DataFlowDispatch::ReturnKind rk | param.flowsTo(returnNode) and returnNode.hasKind(rk, param.(DataFlowPrivate::NodeImpl).getCfgScope()) | @@ -210,15 +210,7 @@ predicate callStep(ExprNodes::CallCfgNode call, Node arg, DataFlowPrivate::Param * recursion (or, at best, terrible performance), since identifying calls to library * methods is done using API graphs (which uses type tracking). */ -predicate callStep(Node nodeFrom, Node nodeTo) { - callStep(_, nodeFrom, nodeTo) - or - // In normal data-flow, this will be a local flow step. But for type tracking - // we model it as a call step, in order to avoid computing a potential - // self-cross product of all calls to a function that returns one of its parameters - // (only to later filter that flow out using `TypeTracker::append`). - DataFlowPrivate::LocalFlow::localFlowSsaParamInput(nodeFrom, nodeTo) -} +predicate callStep(Node nodeFrom, Node nodeTo) { callStep(_, nodeFrom, nodeTo) } /** * Holds if `nodeFrom` steps to `nodeTo` by being returned from a call. @@ -230,19 +222,13 @@ predicate callStep(Node nodeFrom, Node nodeTo) { predicate returnStep(Node nodeFrom, Node nodeTo) { exists(ExprNodes::CallCfgNode call | nodeFrom instanceof DataFlowPrivate::ReturnNode and + not nodeFrom instanceof DataFlowPrivate::InitializeReturnNode and nodeFrom.(DataFlowPrivate::NodeImpl).getCfgScope() = DataFlowDispatch::getTarget(call) and // deliberately do not include `getInitializeTarget`, since calls to `new` should not // get the return value from `initialize`. Any fields being set in the initializer // will reach all reads via `callStep` and `localFieldStep`. nodeTo.asExpr().getNode() = call.getNode() ) - or - // In normal data-flow, this will be a local flow step. But for type tracking - // we model it as a returning flow step, in order to avoid computing a potential - // self-cross product of all calls to a function that returns one of its parameters - // (only to later filter that flow out using `TypeTracker::append`). - nodeTo.(DataFlowPrivate::SynthReturnNode).getAnInput() = nodeFrom and - not nodeFrom instanceof DataFlowPrivate::InitializeReturnNode } /** @@ -598,26 +584,15 @@ private DataFlow::Node evaluateSummaryComponentStackLocal( pragma[only_bind_out](tail)) and stack = SCS::push(pragma[only_bind_out](head), pragma[only_bind_out](tail)) | - exists( - DataFlowDispatch::ArgumentPosition apos, DataFlowDispatch::ParameterPosition ppos, - DataFlowPrivate::ParameterNodeImpl p - | + exists(DataFlowDispatch::ArgumentPosition apos, DataFlowDispatch::ParameterPosition ppos | head = SummaryComponent::parameter(apos) and DataFlowDispatch::parameterMatch(ppos, apos) and - p.isSourceParameterOf(prev.asExpr().getExpr(), ppos) and - // We need to include both `p` and the SSA definition for `p`, since in type-tracking - // the step from `p` to the SSA definition is considered a call step. - result = - [p.(DataFlow::Node), DataFlowPrivate::LocalFlow::getParameterDefNode(p.getParameter())] + result.(DataFlowPrivate::ParameterNodeImpl).isSourceParameterOf(prev.asExpr().getExpr(), ppos) ) or - exists(DataFlowPrivate::SynthReturnNode ret | - head = SummaryComponent::return() and - ret.getCfgScope() = prev.asExpr().getExpr() and - // We need to include both `ret` and `ret.getAnInput()`, since in type-tracking - // the step from `ret.getAnInput()` to `ret` is considered a return step. - result = [ret.(DataFlow::Node), ret.getAnInput()] - ) + head = SummaryComponent::return() and + result.(DataFlowPrivate::ReturnNode).(DataFlowPrivate::NodeImpl).getCfgScope() = + prev.asExpr().getExpr() or exists(DataFlow::ContentSet content | head = SummaryComponent::withoutContent(content) and diff --git a/ruby/ql/test/library-tests/dataflow/local/Nodes.ql b/ruby/ql/test/library-tests/dataflow/local/Nodes.ql index 2f89f667625..88ee1c5b208 100644 --- a/ruby/ql/test/library-tests/dataflow/local/Nodes.ql +++ b/ruby/ql/test/library-tests/dataflow/local/Nodes.ql @@ -2,7 +2,7 @@ import codeql.ruby.AST import codeql.ruby.dataflow.internal.DataFlowPrivate import codeql.ruby.dataflow.internal.DataFlowDispatch -query predicate ret(ReturningNode node) { any() } +query predicate ret(SourceReturnNode node) { any() } query predicate arg(ArgumentNode n, DataFlowCall call, ArgumentPosition pos) { n.argumentOf(call, pos) and diff --git a/ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.expected b/ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.expected index bc7b35eb941..9a4277f4c0e 100644 --- a/ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.expected +++ b/ruby/ql/test/library-tests/dataflow/type-tracker/TypeTracker.expected @@ -1,129 +1,72 @@ track | type_tracker.rb:1:1:10:3 | self (Container) | type tracker without call steps | type_tracker.rb:1:1:10:3 | self (Container) | -| type_tracker.rb:1:1:53:4 | self (type_tracker.rb) | type tracker with call steps | type_tracker.rb:18:1:21:3 | self (positional) | | type_tracker.rb:1:1:53:4 | self (type_tracker.rb) | type tracker with call steps | type_tracker.rb:18:1:21:3 | self in positional | -| type_tracker.rb:1:1:53:4 | self (type_tracker.rb) | type tracker with call steps | type_tracker.rb:25:1:28:3 | self (keyword) | | type_tracker.rb:1:1:53:4 | self (type_tracker.rb) | type tracker with call steps | type_tracker.rb:25:1:28:3 | self in keyword | | type_tracker.rb:1:1:53:4 | self (type_tracker.rb) | type tracker without call steps | type_tracker.rb:1:1:53:4 | self (type_tracker.rb) | | type_tracker.rb:2:5:5:7 | &block | type tracker without call steps | type_tracker.rb:2:5:5:7 | &block | | type_tracker.rb:2:5:5:7 | field= | type tracker without call steps | type_tracker.rb:2:5:5:7 | field= | -| type_tracker.rb:2:5:5:7 | return return in field= | type tracker without call steps | type_tracker.rb:2:5:5:7 | return return in field= | -| type_tracker.rb:2:5:5:7 | return return in field= | type tracker without call steps | type_tracker.rb:14:5:14:13 | call to field= | -| type_tracker.rb:2:5:5:7 | self (field=) | type tracker with call steps | type_tracker.rb:7:5:9:7 | self (field) | -| type_tracker.rb:2:5:5:7 | self (field=) | type tracker with call steps | type_tracker.rb:7:5:9:7 | self in field | -| type_tracker.rb:2:5:5:7 | self (field=) | type tracker without call steps | type_tracker.rb:2:5:5:7 | self (field=) | -| type_tracker.rb:2:5:5:7 | self in field= | type tracker with call steps | type_tracker.rb:2:5:5:7 | self (field=) | -| type_tracker.rb:2:5:5:7 | self in field= | type tracker with call steps | type_tracker.rb:7:5:9:7 | self (field) | | type_tracker.rb:2:5:5:7 | self in field= | type tracker with call steps | type_tracker.rb:7:5:9:7 | self in field | | type_tracker.rb:2:5:5:7 | self in field= | type tracker without call steps | type_tracker.rb:2:5:5:7 | self in field= | -| type_tracker.rb:2:16:2:18 | val | type tracker with call steps | type_tracker.rb:2:16:2:18 | val | -| type_tracker.rb:2:16:2:18 | val | type tracker with call steps | type_tracker.rb:8:9:8:14 | @field | -| type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:2:5:5:7 | return return in field= | -| type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:2:5:5:7 | return return in field= | -| type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:2:16:2:18 | val | | type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:2:16:2:18 | val | | type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:2:16:2:18 | val | | type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:3:14:3:23 | call to field | -| type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:3:14:3:23 | call to field | -| type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:7:5:9:7 | return return in field | -| type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:7:5:9:7 | return return in field | -| type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:8:9:8:14 | @field | | type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:8:9:8:14 | @field | | type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:14:5:14:13 | call to field= | -| type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:14:5:14:13 | call to field= | -| type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:15:10:15:18 | call to field | | type_tracker.rb:2:16:2:18 | val | type tracker without call steps | type_tracker.rb:15:10:15:18 | call to field | | type_tracker.rb:3:9:3:23 | call to puts | type tracker without call steps | type_tracker.rb:3:9:3:23 | call to puts | | type_tracker.rb:3:14:3:23 | call to field | type tracker without call steps | type_tracker.rb:3:14:3:23 | call to field | | type_tracker.rb:4:9:4:14 | @field | type tracker without call steps | type_tracker.rb:4:9:4:14 | @field | | type_tracker.rb:7:5:9:7 | &block | type tracker without call steps | type_tracker.rb:7:5:9:7 | &block | | type_tracker.rb:7:5:9:7 | field | type tracker without call steps | type_tracker.rb:7:5:9:7 | field | -| type_tracker.rb:7:5:9:7 | return return in field | type tracker without call steps | type_tracker.rb:3:14:3:23 | call to field | -| type_tracker.rb:7:5:9:7 | return return in field | type tracker without call steps | type_tracker.rb:7:5:9:7 | return return in field | -| type_tracker.rb:7:5:9:7 | return return in field | type tracker without call steps | type_tracker.rb:15:10:15:18 | call to field | -| type_tracker.rb:7:5:9:7 | self (field) | type tracker without call steps | type_tracker.rb:7:5:9:7 | self (field) | -| type_tracker.rb:7:5:9:7 | self in field | type tracker with call steps | type_tracker.rb:7:5:9:7 | self (field) | | type_tracker.rb:7:5:9:7 | self in field | type tracker without call steps | type_tracker.rb:7:5:9:7 | self in field | | type_tracker.rb:8:9:8:14 | @field | type tracker without call steps | type_tracker.rb:3:14:3:23 | call to field | -| type_tracker.rb:8:9:8:14 | @field | type tracker without call steps | type_tracker.rb:7:5:9:7 | return return in field | | type_tracker.rb:8:9:8:14 | @field | type tracker without call steps | type_tracker.rb:8:9:8:14 | @field | | type_tracker.rb:8:9:8:14 | @field | type tracker without call steps | type_tracker.rb:15:10:15:18 | call to field | | type_tracker.rb:12:1:16:3 | &block | type tracker without call steps | type_tracker.rb:12:1:16:3 | &block | | type_tracker.rb:12:1:16:3 | m | type tracker without call steps | type_tracker.rb:12:1:16:3 | m | -| type_tracker.rb:12:1:16:3 | return return in m | type tracker without call steps | type_tracker.rb:12:1:16:3 | return return in m | -| type_tracker.rb:12:1:16:3 | self (m) | type tracker without call steps | type_tracker.rb:12:1:16:3 | self (m) | -| type_tracker.rb:12:1:16:3 | self in m | type tracker with call steps | type_tracker.rb:12:1:16:3 | self (m) | | type_tracker.rb:12:1:16:3 | self in m | type tracker without call steps | type_tracker.rb:12:1:16:3 | self in m | | type_tracker.rb:13:5:13:7 | var | type tracker without call steps | type_tracker.rb:13:5:13:7 | var | | type_tracker.rb:13:11:13:19 | Container | type tracker without call steps | type_tracker.rb:13:11:13:19 | Container | -| type_tracker.rb:13:11:13:23 | call to new | type tracker with call steps | type_tracker.rb:2:5:5:7 | self (field=) | | type_tracker.rb:13:11:13:23 | call to new | type tracker with call steps | type_tracker.rb:2:5:5:7 | self in field= | -| type_tracker.rb:13:11:13:23 | call to new | type tracker with call steps | type_tracker.rb:7:5:9:7 | self (field) | | type_tracker.rb:13:11:13:23 | call to new | type tracker with call steps | type_tracker.rb:7:5:9:7 | self in field | | type_tracker.rb:13:11:13:23 | call to new | type tracker without call steps | type_tracker.rb:13:11:13:23 | call to new | -| type_tracker.rb:14:5:14:7 | [post] var | type tracker with call steps | type_tracker.rb:7:5:9:7 | self (field) | | type_tracker.rb:14:5:14:7 | [post] var | type tracker with call steps | type_tracker.rb:7:5:9:7 | self in field | | type_tracker.rb:14:5:14:7 | [post] var | type tracker without call steps | type_tracker.rb:14:5:14:7 | [post] var | | type_tracker.rb:14:5:14:13 | call to field= | type tracker without call steps | type_tracker.rb:14:5:14:13 | call to field= | | type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps | type_tracker.rb:2:16:2:18 | val | -| type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps | type_tracker.rb:2:16:2:18 | val | | type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps | type_tracker.rb:8:9:8:14 | @field | -| type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps with content attribute field | type_tracker.rb:7:5:9:7 | self (field) | | type_tracker.rb:14:17:14:23 | "hello" | type tracker with call steps with content attribute field | type_tracker.rb:7:5:9:7 | self in field | | type_tracker.rb:14:17:14:23 | "hello" | type tracker without call steps | type_tracker.rb:14:5:14:13 | call to field= | | type_tracker.rb:14:17:14:23 | "hello" | type tracker without call steps | type_tracker.rb:14:17:14:23 | "hello" | | type_tracker.rb:14:17:14:23 | "hello" | type tracker without call steps | type_tracker.rb:15:10:15:18 | call to field | | type_tracker.rb:14:17:14:23 | "hello" | type tracker without call steps with content attribute field | type_tracker.rb:14:5:14:7 | [post] var | | type_tracker.rb:14:17:14:23 | __synth__0 | type tracker without call steps | type_tracker.rb:14:17:14:23 | __synth__0 | -| type_tracker.rb:15:5:15:18 | call to puts | type tracker without call steps | type_tracker.rb:12:1:16:3 | return return in m | | type_tracker.rb:15:5:15:18 | call to puts | type tracker without call steps | type_tracker.rb:15:5:15:18 | call to puts | | type_tracker.rb:15:10:15:18 | call to field | type tracker without call steps | type_tracker.rb:15:10:15:18 | call to field | | type_tracker.rb:18:1:21:3 | &block | type tracker without call steps | type_tracker.rb:18:1:21:3 | &block | | type_tracker.rb:18:1:21:3 | positional | type tracker without call steps | type_tracker.rb:18:1:21:3 | positional | -| type_tracker.rb:18:1:21:3 | return return in positional | type tracker without call steps | type_tracker.rb:18:1:21:3 | return return in positional | -| type_tracker.rb:18:1:21:3 | return return in positional | type tracker without call steps | type_tracker.rb:23:1:23:16 | call to positional | -| type_tracker.rb:18:1:21:3 | self (positional) | type tracker without call steps | type_tracker.rb:18:1:21:3 | self (positional) | -| type_tracker.rb:18:1:21:3 | self in positional | type tracker with call steps | type_tracker.rb:18:1:21:3 | self (positional) | | type_tracker.rb:18:1:21:3 | self in positional | type tracker without call steps | type_tracker.rb:18:1:21:3 | self in positional | -| type_tracker.rb:18:16:18:17 | p1 | type tracker with call steps | type_tracker.rb:18:16:18:17 | p1 | | type_tracker.rb:18:16:18:17 | p1 | type tracker without call steps | type_tracker.rb:18:16:18:17 | p1 | | type_tracker.rb:18:16:18:17 | p1 | type tracker without call steps | type_tracker.rb:18:16:18:17 | p1 | -| type_tracker.rb:18:16:18:17 | p1 | type tracker without call steps | type_tracker.rb:18:16:18:17 | p1 | -| type_tracker.rb:18:20:18:21 | p2 | type tracker with call steps | type_tracker.rb:18:20:18:21 | p2 | -| type_tracker.rb:18:20:18:21 | p2 | type tracker without call steps | type_tracker.rb:18:20:18:21 | p2 | | type_tracker.rb:18:20:18:21 | p2 | type tracker without call steps | type_tracker.rb:18:20:18:21 | p2 | | type_tracker.rb:18:20:18:21 | p2 | type tracker without call steps | type_tracker.rb:18:20:18:21 | p2 | | type_tracker.rb:19:5:19:11 | call to puts | type tracker without call steps | type_tracker.rb:19:5:19:11 | call to puts | -| type_tracker.rb:20:5:20:11 | call to puts | type tracker without call steps | type_tracker.rb:18:1:21:3 | return return in positional | | type_tracker.rb:20:5:20:11 | call to puts | type tracker without call steps | type_tracker.rb:20:5:20:11 | call to puts | | type_tracker.rb:20:5:20:11 | call to puts | type tracker without call steps | type_tracker.rb:23:1:23:16 | call to positional | | type_tracker.rb:23:1:23:16 | call to positional | type tracker without call steps | type_tracker.rb:23:1:23:16 | call to positional | | type_tracker.rb:23:12:23:12 | 1 | type tracker with call steps | type_tracker.rb:18:16:18:17 | p1 | -| type_tracker.rb:23:12:23:12 | 1 | type tracker with call steps | type_tracker.rb:18:16:18:17 | p1 | | type_tracker.rb:23:12:23:12 | 1 | type tracker without call steps | type_tracker.rb:23:12:23:12 | 1 | | type_tracker.rb:23:15:23:15 | 2 | type tracker with call steps | type_tracker.rb:18:20:18:21 | p2 | -| type_tracker.rb:23:15:23:15 | 2 | type tracker with call steps | type_tracker.rb:18:20:18:21 | p2 | | type_tracker.rb:23:15:23:15 | 2 | type tracker without call steps | type_tracker.rb:23:15:23:15 | 2 | | type_tracker.rb:25:1:28:3 | &block | type tracker without call steps | type_tracker.rb:25:1:28:3 | &block | | type_tracker.rb:25:1:28:3 | **kwargs | type tracker without call steps | type_tracker.rb:25:1:28:3 | **kwargs | | type_tracker.rb:25:1:28:3 | keyword | type tracker without call steps | type_tracker.rb:25:1:28:3 | keyword | -| type_tracker.rb:25:1:28:3 | return return in keyword | type tracker without call steps | type_tracker.rb:25:1:28:3 | return return in keyword | -| type_tracker.rb:25:1:28:3 | return return in keyword | type tracker without call steps | type_tracker.rb:30:1:30:21 | call to keyword | -| type_tracker.rb:25:1:28:3 | return return in keyword | type tracker without call steps | type_tracker.rb:31:1:31:21 | call to keyword | -| type_tracker.rb:25:1:28:3 | return return in keyword | type tracker without call steps | type_tracker.rb:32:1:32:27 | call to keyword | -| type_tracker.rb:25:1:28:3 | self (keyword) | type tracker without call steps | type_tracker.rb:25:1:28:3 | self (keyword) | -| type_tracker.rb:25:1:28:3 | self in keyword | type tracker with call steps | type_tracker.rb:25:1:28:3 | self (keyword) | | type_tracker.rb:25:1:28:3 | self in keyword | type tracker without call steps | type_tracker.rb:25:1:28:3 | self in keyword | -| type_tracker.rb:25:13:25:14 | p1 | type tracker with call steps | type_tracker.rb:25:13:25:14 | p1 | | type_tracker.rb:25:13:25:14 | p1 | type tracker without call steps | type_tracker.rb:25:13:25:14 | p1 | | type_tracker.rb:25:13:25:14 | p1 | type tracker without call steps | type_tracker.rb:25:13:25:14 | p1 | -| type_tracker.rb:25:13:25:14 | p1 | type tracker without call steps | type_tracker.rb:25:13:25:14 | p1 | -| type_tracker.rb:25:18:25:19 | p2 | type tracker with call steps | type_tracker.rb:25:18:25:19 | p2 | -| type_tracker.rb:25:18:25:19 | p2 | type tracker without call steps | type_tracker.rb:25:18:25:19 | p2 | | type_tracker.rb:25:18:25:19 | p2 | type tracker without call steps | type_tracker.rb:25:18:25:19 | p2 | | type_tracker.rb:25:18:25:19 | p2 | type tracker without call steps | type_tracker.rb:25:18:25:19 | p2 | | type_tracker.rb:26:5:26:11 | call to puts | type tracker without call steps | type_tracker.rb:26:5:26:11 | call to puts | -| type_tracker.rb:27:5:27:11 | call to puts | type tracker without call steps | type_tracker.rb:25:1:28:3 | return return in keyword | | type_tracker.rb:27:5:27:11 | call to puts | type tracker without call steps | type_tracker.rb:27:5:27:11 | call to puts | | type_tracker.rb:27:5:27:11 | call to puts | type tracker without call steps | type_tracker.rb:30:1:30:21 | call to keyword | | type_tracker.rb:27:5:27:11 | call to puts | type tracker without call steps | type_tracker.rb:31:1:31:21 | call to keyword | @@ -134,14 +77,12 @@ track | type_tracker.rb:30:9:30:10 | :p1 | type tracker without call steps | type_tracker.rb:30:9:30:10 | :p1 | | type_tracker.rb:30:9:30:13 | Pair | type tracker without call steps | type_tracker.rb:30:9:30:13 | Pair | | type_tracker.rb:30:13:30:13 | 3 | type tracker with call steps | type_tracker.rb:25:13:25:14 | p1 | -| type_tracker.rb:30:13:30:13 | 3 | type tracker with call steps | type_tracker.rb:25:13:25:14 | p1 | | type_tracker.rb:30:13:30:13 | 3 | type tracker with call steps with content element :p1 | type_tracker.rb:25:1:28:3 | **kwargs | | type_tracker.rb:30:13:30:13 | 3 | type tracker without call steps | type_tracker.rb:30:13:30:13 | 3 | | type_tracker.rb:30:13:30:13 | 3 | type tracker without call steps with content element :p1 | type_tracker.rb:30:1:30:21 | ** | | type_tracker.rb:30:16:30:17 | :p2 | type tracker without call steps | type_tracker.rb:30:16:30:17 | :p2 | | type_tracker.rb:30:16:30:20 | Pair | type tracker without call steps | type_tracker.rb:30:16:30:20 | Pair | | type_tracker.rb:30:20:30:20 | 4 | type tracker with call steps | type_tracker.rb:25:18:25:19 | p2 | -| type_tracker.rb:30:20:30:20 | 4 | type tracker with call steps | type_tracker.rb:25:18:25:19 | p2 | | type_tracker.rb:30:20:30:20 | 4 | type tracker with call steps with content element :p2 | type_tracker.rb:25:1:28:3 | **kwargs | | type_tracker.rb:30:20:30:20 | 4 | type tracker without call steps | type_tracker.rb:30:20:30:20 | 4 | | type_tracker.rb:30:20:30:20 | 4 | type tracker without call steps with content element :p2 | type_tracker.rb:30:1:30:21 | ** | @@ -151,14 +92,12 @@ track | type_tracker.rb:31:9:31:10 | :p2 | type tracker without call steps | type_tracker.rb:31:9:31:10 | :p2 | | type_tracker.rb:31:9:31:13 | Pair | type tracker without call steps | type_tracker.rb:31:9:31:13 | Pair | | type_tracker.rb:31:13:31:13 | 5 | type tracker with call steps | type_tracker.rb:25:18:25:19 | p2 | -| type_tracker.rb:31:13:31:13 | 5 | type tracker with call steps | type_tracker.rb:25:18:25:19 | p2 | | type_tracker.rb:31:13:31:13 | 5 | type tracker with call steps with content element :p2 | type_tracker.rb:25:1:28:3 | **kwargs | | type_tracker.rb:31:13:31:13 | 5 | type tracker without call steps | type_tracker.rb:31:13:31:13 | 5 | | type_tracker.rb:31:13:31:13 | 5 | type tracker without call steps with content element :p2 | type_tracker.rb:31:1:31:21 | ** | | type_tracker.rb:31:16:31:17 | :p1 | type tracker without call steps | type_tracker.rb:31:16:31:17 | :p1 | | type_tracker.rb:31:16:31:20 | Pair | type tracker without call steps | type_tracker.rb:31:16:31:20 | Pair | | type_tracker.rb:31:20:31:20 | 6 | type tracker with call steps | type_tracker.rb:25:13:25:14 | p1 | -| type_tracker.rb:31:20:31:20 | 6 | type tracker with call steps | type_tracker.rb:25:13:25:14 | p1 | | type_tracker.rb:31:20:31:20 | 6 | type tracker with call steps with content element :p1 | type_tracker.rb:25:1:28:3 | **kwargs | | type_tracker.rb:31:20:31:20 | 6 | type tracker without call steps | type_tracker.rb:31:20:31:20 | 6 | | type_tracker.rb:31:20:31:20 | 6 | type tracker without call steps with content element :p1 | type_tracker.rb:31:1:31:21 | ** | @@ -168,68 +107,33 @@ track | type_tracker.rb:32:9:32:11 | :p2 | type tracker without call steps | type_tracker.rb:32:9:32:11 | :p2 | | type_tracker.rb:32:9:32:16 | Pair | type tracker without call steps | type_tracker.rb:32:9:32:16 | Pair | | type_tracker.rb:32:16:32:16 | 7 | type tracker with call steps | type_tracker.rb:25:18:25:19 | p2 | -| type_tracker.rb:32:16:32:16 | 7 | type tracker with call steps | type_tracker.rb:25:18:25:19 | p2 | | type_tracker.rb:32:16:32:16 | 7 | type tracker with call steps with content element :p2 | type_tracker.rb:25:1:28:3 | **kwargs | | type_tracker.rb:32:16:32:16 | 7 | type tracker without call steps | type_tracker.rb:32:16:32:16 | 7 | | type_tracker.rb:32:16:32:16 | 7 | type tracker without call steps with content element :p2 | type_tracker.rb:32:1:32:27 | ** | | type_tracker.rb:32:19:32:21 | :p1 | type tracker without call steps | type_tracker.rb:32:19:32:21 | :p1 | | type_tracker.rb:32:19:32:26 | Pair | type tracker without call steps | type_tracker.rb:32:19:32:26 | Pair | | type_tracker.rb:32:26:32:26 | 8 | type tracker with call steps | type_tracker.rb:25:13:25:14 | p1 | -| type_tracker.rb:32:26:32:26 | 8 | type tracker with call steps | type_tracker.rb:25:13:25:14 | p1 | | type_tracker.rb:32:26:32:26 | 8 | type tracker with call steps with content element :p1 | type_tracker.rb:25:1:28:3 | **kwargs | | type_tracker.rb:32:26:32:26 | 8 | type tracker without call steps | type_tracker.rb:32:26:32:26 | 8 | | type_tracker.rb:32:26:32:26 | 8 | type tracker without call steps with content element :p1 | type_tracker.rb:32:1:32:27 | ** | | type_tracker.rb:34:1:53:3 | &block | type tracker without call steps | type_tracker.rb:34:1:53:3 | &block | -| type_tracker.rb:34:1:53:3 | return return in throughArray | type tracker without call steps | type_tracker.rb:34:1:53:3 | return return in throughArray | | type_tracker.rb:34:1:53:3 | self in throughArray | type tracker without call steps | type_tracker.rb:34:1:53:3 | self in throughArray | | type_tracker.rb:34:1:53:3 | throughArray | type tracker without call steps | type_tracker.rb:34:1:53:3 | throughArray | -| type_tracker.rb:34:18:34:20 | obj | type tracker with call steps | type_tracker.rb:34:18:34:20 | obj | -| type_tracker.rb:34:18:34:20 | obj | type tracker with call steps | type_tracker.rb:36:5:36:10 | ...[...] | -| type_tracker.rb:34:18:34:20 | obj | type tracker with call steps | type_tracker.rb:40:5:40:12 | ...[...] | -| type_tracker.rb:34:18:34:20 | obj | type tracker with call steps | type_tracker.rb:44:5:44:13 | ...[...] | -| type_tracker.rb:34:18:34:20 | obj | type tracker with call steps | type_tracker.rb:52:5:52:13 | ...[...] | -| type_tracker.rb:34:18:34:20 | obj | type tracker with call steps with content element | type_tracker.rb:38:13:38:25 | call to [] | -| type_tracker.rb:34:18:34:20 | obj | type tracker with call steps with content element | type_tracker.rb:44:5:44:13 | ...[...] | -| type_tracker.rb:34:18:34:20 | obj | type tracker with call steps with content element | type_tracker.rb:50:14:50:26 | call to [] | -| type_tracker.rb:34:18:34:20 | obj | type tracker with call steps with content element | type_tracker.rb:52:5:52:13 | ...[...] | -| type_tracker.rb:34:18:34:20 | obj | type tracker with call steps with content element 0 or unknown | type_tracker.rb:35:11:35:15 | call to [] | -| type_tracker.rb:34:18:34:20 | obj | type tracker with call steps with content element 0 or unknown | type_tracker.rb:42:14:42:26 | call to [] | -| type_tracker.rb:34:18:34:20 | obj | type tracker with call steps with content element 0 or unknown | type_tracker.rb:46:14:46:26 | call to [] | -| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps | type_tracker.rb:34:1:53:3 | return return in throughArray | -| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps | type_tracker.rb:34:1:53:3 | return return in throughArray | -| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps | type_tracker.rb:34:18:34:20 | obj | | type_tracker.rb:34:18:34:20 | obj | type tracker without call steps | type_tracker.rb:34:18:34:20 | obj | | type_tracker.rb:34:18:34:20 | obj | type tracker without call steps | type_tracker.rb:34:18:34:20 | obj | | type_tracker.rb:34:18:34:20 | obj | type tracker without call steps | type_tracker.rb:36:5:36:10 | ...[...] | -| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps | type_tracker.rb:36:5:36:10 | ...[...] | -| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps | type_tracker.rb:40:5:40:12 | ...[...] | | type_tracker.rb:34:18:34:20 | obj | type tracker without call steps | type_tracker.rb:40:5:40:12 | ...[...] | | type_tracker.rb:34:18:34:20 | obj | type tracker without call steps | type_tracker.rb:44:5:44:13 | ...[...] | -| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps | type_tracker.rb:44:5:44:13 | ...[...] | | type_tracker.rb:34:18:34:20 | obj | type tracker without call steps | type_tracker.rb:52:5:52:13 | ...[...] | -| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps | type_tracker.rb:52:5:52:13 | ...[...] | -| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content element | type_tracker.rb:34:1:53:3 | return return in throughArray | -| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content element | type_tracker.rb:34:1:53:3 | return return in throughArray | -| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content element | type_tracker.rb:38:13:38:25 | call to [] | | type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content element | type_tracker.rb:38:13:38:25 | call to [] | | type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content element | type_tracker.rb:44:5:44:13 | ...[...] | -| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content element | type_tracker.rb:44:5:44:13 | ...[...] | -| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content element | type_tracker.rb:50:14:50:26 | call to [] | | type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content element | type_tracker.rb:50:14:50:26 | call to [] | | type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content element | type_tracker.rb:52:5:52:13 | ...[...] | -| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content element | type_tracker.rb:52:5:52:13 | ...[...] | -| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content element 0 or unknown | type_tracker.rb:35:11:35:15 | call to [] | | type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content element 0 or unknown | type_tracker.rb:35:11:35:15 | call to [] | | type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content element 0 or unknown | type_tracker.rb:42:14:42:26 | call to [] | -| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content element 0 or unknown | type_tracker.rb:42:14:42:26 | call to [] | | type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content element 0 or unknown | type_tracker.rb:46:14:46:26 | call to [] | -| type_tracker.rb:34:18:34:20 | obj | type tracker without call steps with content element 0 or unknown | type_tracker.rb:46:14:46:26 | call to [] | -| type_tracker.rb:34:23:34:23 | y | type tracker with call steps | type_tracker.rb:34:23:34:23 | y | | type_tracker.rb:34:23:34:23 | y | type tracker without call steps | type_tracker.rb:34:23:34:23 | y | | type_tracker.rb:34:23:34:23 | y | type tracker without call steps | type_tracker.rb:34:23:34:23 | y | -| type_tracker.rb:34:23:34:23 | y | type tracker without call steps | type_tracker.rb:34:23:34:23 | y | -| type_tracker.rb:34:26:34:26 | z | type tracker with call steps | type_tracker.rb:34:26:34:26 | z | -| type_tracker.rb:34:26:34:26 | z | type tracker without call steps | type_tracker.rb:34:26:34:26 | z | | type_tracker.rb:34:26:34:26 | z | type tracker without call steps | type_tracker.rb:34:26:34:26 | z | | type_tracker.rb:34:26:34:26 | z | type tracker without call steps | type_tracker.rb:34:26:34:26 | z | | type_tracker.rb:35:5:35:7 | tmp | type tracker without call steps | type_tracker.rb:35:5:35:7 | tmp | @@ -315,46 +219,33 @@ track | type_tracker.rb:50:5:50:10 | array4 | type tracker without call steps | type_tracker.rb:50:5:50:10 | array4 | | type_tracker.rb:50:14:50:26 | Array | type tracker without call steps | type_tracker.rb:50:14:50:26 | Array | | type_tracker.rb:50:14:50:26 | call to [] | type tracker without call steps | type_tracker.rb:50:14:50:26 | call to [] | -| type_tracker.rb:50:15:50:15 | 1 | type tracker without call steps | type_tracker.rb:34:1:53:3 | return return in throughArray | | type_tracker.rb:50:15:50:15 | 1 | type tracker without call steps | type_tracker.rb:50:15:50:15 | 1 | | type_tracker.rb:50:15:50:15 | 1 | type tracker without call steps | type_tracker.rb:52:5:52:13 | ...[...] | -| type_tracker.rb:50:15:50:15 | 1 | type tracker without call steps with content element | type_tracker.rb:34:1:53:3 | return return in throughArray | | type_tracker.rb:50:15:50:15 | 1 | type tracker without call steps with content element | type_tracker.rb:52:5:52:13 | ...[...] | | type_tracker.rb:50:15:50:15 | 1 | type tracker without call steps with content element 0 or unknown | type_tracker.rb:50:14:50:26 | call to [] | -| type_tracker.rb:50:17:50:17 | 2 | type tracker without call steps | type_tracker.rb:34:1:53:3 | return return in throughArray | | type_tracker.rb:50:17:50:17 | 2 | type tracker without call steps | type_tracker.rb:50:17:50:17 | 2 | | type_tracker.rb:50:17:50:17 | 2 | type tracker without call steps | type_tracker.rb:52:5:52:13 | ...[...] | -| type_tracker.rb:50:17:50:17 | 2 | type tracker without call steps with content element | type_tracker.rb:34:1:53:3 | return return in throughArray | | type_tracker.rb:50:17:50:17 | 2 | type tracker without call steps with content element | type_tracker.rb:52:5:52:13 | ...[...] | | type_tracker.rb:50:17:50:17 | 2 | type tracker without call steps with content element 1 or unknown | type_tracker.rb:50:14:50:26 | call to [] | -| type_tracker.rb:50:19:50:19 | 3 | type tracker without call steps | type_tracker.rb:34:1:53:3 | return return in throughArray | | type_tracker.rb:50:19:50:19 | 3 | type tracker without call steps | type_tracker.rb:50:19:50:19 | 3 | | type_tracker.rb:50:19:50:19 | 3 | type tracker without call steps | type_tracker.rb:52:5:52:13 | ...[...] | -| type_tracker.rb:50:19:50:19 | 3 | type tracker without call steps with content element | type_tracker.rb:34:1:53:3 | return return in throughArray | | type_tracker.rb:50:19:50:19 | 3 | type tracker without call steps with content element | type_tracker.rb:52:5:52:13 | ...[...] | | type_tracker.rb:50:19:50:19 | 3 | type tracker without call steps with content element 2 or unknown | type_tracker.rb:50:14:50:26 | call to [] | -| type_tracker.rb:50:21:50:21 | 4 | type tracker without call steps | type_tracker.rb:34:1:53:3 | return return in throughArray | | type_tracker.rb:50:21:50:21 | 4 | type tracker without call steps | type_tracker.rb:50:21:50:21 | 4 | | type_tracker.rb:50:21:50:21 | 4 | type tracker without call steps | type_tracker.rb:52:5:52:13 | ...[...] | -| type_tracker.rb:50:21:50:21 | 4 | type tracker without call steps with content element | type_tracker.rb:34:1:53:3 | return return in throughArray | | type_tracker.rb:50:21:50:21 | 4 | type tracker without call steps with content element | type_tracker.rb:52:5:52:13 | ...[...] | | type_tracker.rb:50:21:50:21 | 4 | type tracker without call steps with content element 3 or unknown | type_tracker.rb:50:14:50:26 | call to [] | -| type_tracker.rb:50:23:50:23 | 5 | type tracker without call steps | type_tracker.rb:34:1:53:3 | return return in throughArray | | type_tracker.rb:50:23:50:23 | 5 | type tracker without call steps | type_tracker.rb:50:23:50:23 | 5 | | type_tracker.rb:50:23:50:23 | 5 | type tracker without call steps | type_tracker.rb:52:5:52:13 | ...[...] | -| type_tracker.rb:50:23:50:23 | 5 | type tracker without call steps with content element | type_tracker.rb:34:1:53:3 | return return in throughArray | | type_tracker.rb:50:23:50:23 | 5 | type tracker without call steps with content element | type_tracker.rb:52:5:52:13 | ...[...] | | type_tracker.rb:50:23:50:23 | 5 | type tracker without call steps with content element 4 or unknown | type_tracker.rb:50:14:50:26 | call to [] | -| type_tracker.rb:50:25:50:25 | 6 | type tracker without call steps | type_tracker.rb:34:1:53:3 | return return in throughArray | | type_tracker.rb:50:25:50:25 | 6 | type tracker without call steps | type_tracker.rb:50:25:50:25 | 6 | | type_tracker.rb:50:25:50:25 | 6 | type tracker without call steps | type_tracker.rb:52:5:52:13 | ...[...] | -| type_tracker.rb:50:25:50:25 | 6 | type tracker without call steps with content element | type_tracker.rb:34:1:53:3 | return return in throughArray | | type_tracker.rb:50:25:50:25 | 6 | type tracker without call steps with content element | type_tracker.rb:52:5:52:13 | ...[...] | | type_tracker.rb:50:25:50:25 | 6 | type tracker without call steps with content element 5 or unknown | type_tracker.rb:50:14:50:26 | call to [] | | type_tracker.rb:51:5:51:10 | [post] array4 | type tracker without call steps | type_tracker.rb:51:5:51:10 | [post] array4 | | type_tracker.rb:51:5:51:13 | call to []= | type tracker without call steps | type_tracker.rb:51:5:51:13 | call to []= | | type_tracker.rb:51:17:51:19 | __synth__0 | type tracker without call steps | type_tracker.rb:51:17:51:19 | __synth__0 | -| type_tracker.rb:52:5:52:13 | ...[...] | type tracker without call steps | type_tracker.rb:34:1:53:3 | return return in throughArray | | type_tracker.rb:52:5:52:13 | ...[...] | type tracker without call steps | type_tracker.rb:52:5:52:13 | ...[...] | trackEnd | type_tracker.rb:1:1:10:3 | self (Container) | type_tracker.rb:1:1:10:3 | self (Container) | @@ -373,15 +264,6 @@ trackEnd | type_tracker.rb:1:1:53:4 | self (type_tracker.rb) | type_tracker.rb:32:1:32:27 | self | | type_tracker.rb:2:5:5:7 | &block | type_tracker.rb:2:5:5:7 | &block | | type_tracker.rb:2:5:5:7 | field= | type_tracker.rb:2:5:5:7 | field= | -| type_tracker.rb:2:5:5:7 | return return in field= | type_tracker.rb:2:5:5:7 | return return in field= | -| type_tracker.rb:2:5:5:7 | return return in field= | type_tracker.rb:14:5:14:13 | call to field= | -| type_tracker.rb:2:5:5:7 | self (field=) | type_tracker.rb:2:5:5:7 | self (field=) | -| type_tracker.rb:2:5:5:7 | self (field=) | type_tracker.rb:3:9:3:23 | self | -| type_tracker.rb:2:5:5:7 | self (field=) | type_tracker.rb:3:14:3:17 | self | -| type_tracker.rb:2:5:5:7 | self (field=) | type_tracker.rb:4:9:4:14 | self | -| type_tracker.rb:2:5:5:7 | self (field=) | type_tracker.rb:7:5:9:7 | self (field) | -| type_tracker.rb:2:5:5:7 | self (field=) | type_tracker.rb:7:5:9:7 | self in field | -| type_tracker.rb:2:5:5:7 | self (field=) | type_tracker.rb:8:9:8:14 | self | | type_tracker.rb:2:5:5:7 | self in field= | type_tracker.rb:2:5:5:7 | self (field=) | | type_tracker.rb:2:5:5:7 | self in field= | type_tracker.rb:2:5:5:7 | self in field= | | type_tracker.rb:2:5:5:7 | self in field= | type_tracker.rb:3:9:3:23 | self | @@ -390,25 +272,14 @@ trackEnd | type_tracker.rb:2:5:5:7 | self in field= | type_tracker.rb:7:5:9:7 | self (field) | | type_tracker.rb:2:5:5:7 | self in field= | type_tracker.rb:7:5:9:7 | self in field | | type_tracker.rb:2:5:5:7 | self in field= | type_tracker.rb:8:9:8:14 | self | -| type_tracker.rb:2:16:2:18 | val | type_tracker.rb:2:5:5:7 | return return in field= | -| type_tracker.rb:2:16:2:18 | val | type_tracker.rb:2:5:5:7 | return return in field= | -| type_tracker.rb:2:16:2:18 | val | type_tracker.rb:2:16:2:18 | val | | type_tracker.rb:2:16:2:18 | val | type_tracker.rb:2:16:2:18 | val | | type_tracker.rb:2:16:2:18 | val | type_tracker.rb:2:16:2:18 | val | | type_tracker.rb:2:16:2:18 | val | type_tracker.rb:2:16:2:18 | val | | type_tracker.rb:2:16:2:18 | val | type_tracker.rb:3:14:3:23 | call to field | -| type_tracker.rb:2:16:2:18 | val | type_tracker.rb:3:14:3:23 | call to field | -| type_tracker.rb:2:16:2:18 | val | type_tracker.rb:4:9:4:20 | ... = ... | | type_tracker.rb:2:16:2:18 | val | type_tracker.rb:4:9:4:20 | ... = ... | | type_tracker.rb:2:16:2:18 | val | type_tracker.rb:4:18:4:20 | val | -| type_tracker.rb:2:16:2:18 | val | type_tracker.rb:4:18:4:20 | val | -| type_tracker.rb:2:16:2:18 | val | type_tracker.rb:7:5:9:7 | return return in field | -| type_tracker.rb:2:16:2:18 | val | type_tracker.rb:7:5:9:7 | return return in field | -| type_tracker.rb:2:16:2:18 | val | type_tracker.rb:8:9:8:14 | @field | | type_tracker.rb:2:16:2:18 | val | type_tracker.rb:8:9:8:14 | @field | | type_tracker.rb:2:16:2:18 | val | type_tracker.rb:14:5:14:13 | call to field= | -| type_tracker.rb:2:16:2:18 | val | type_tracker.rb:14:5:14:13 | call to field= | -| type_tracker.rb:2:16:2:18 | val | type_tracker.rb:15:10:15:18 | call to field | | type_tracker.rb:2:16:2:18 | val | type_tracker.rb:15:10:15:18 | call to field | | type_tracker.rb:3:9:3:23 | call to puts | type_tracker.rb:3:9:3:23 | call to puts | | type_tracker.rb:3:14:3:23 | call to field | type_tracker.rb:3:14:3:23 | call to field | @@ -416,23 +287,14 @@ trackEnd | type_tracker.rb:7:5:9:7 | &block | type_tracker.rb:7:5:9:7 | &block | | type_tracker.rb:7:5:9:7 | field | type_tracker.rb:1:1:10:3 | Container | | type_tracker.rb:7:5:9:7 | field | type_tracker.rb:7:5:9:7 | field | -| type_tracker.rb:7:5:9:7 | return return in field | type_tracker.rb:3:14:3:23 | call to field | -| type_tracker.rb:7:5:9:7 | return return in field | type_tracker.rb:7:5:9:7 | return return in field | -| type_tracker.rb:7:5:9:7 | return return in field | type_tracker.rb:15:10:15:18 | call to field | -| type_tracker.rb:7:5:9:7 | self (field) | type_tracker.rb:7:5:9:7 | self (field) | -| type_tracker.rb:7:5:9:7 | self (field) | type_tracker.rb:8:9:8:14 | self | | type_tracker.rb:7:5:9:7 | self in field | type_tracker.rb:7:5:9:7 | self (field) | | type_tracker.rb:7:5:9:7 | self in field | type_tracker.rb:7:5:9:7 | self in field | | type_tracker.rb:7:5:9:7 | self in field | type_tracker.rb:8:9:8:14 | self | | type_tracker.rb:8:9:8:14 | @field | type_tracker.rb:3:14:3:23 | call to field | -| type_tracker.rb:8:9:8:14 | @field | type_tracker.rb:7:5:9:7 | return return in field | | type_tracker.rb:8:9:8:14 | @field | type_tracker.rb:8:9:8:14 | @field | | type_tracker.rb:8:9:8:14 | @field | type_tracker.rb:15:10:15:18 | call to field | | type_tracker.rb:12:1:16:3 | &block | type_tracker.rb:12:1:16:3 | &block | | type_tracker.rb:12:1:16:3 | m | type_tracker.rb:12:1:16:3 | m | -| type_tracker.rb:12:1:16:3 | return return in m | type_tracker.rb:12:1:16:3 | return return in m | -| type_tracker.rb:12:1:16:3 | self (m) | type_tracker.rb:12:1:16:3 | self (m) | -| type_tracker.rb:12:1:16:3 | self (m) | type_tracker.rb:15:5:15:18 | self | | type_tracker.rb:12:1:16:3 | self in m | type_tracker.rb:12:1:16:3 | self (m) | | type_tracker.rb:12:1:16:3 | self in m | type_tracker.rb:12:1:16:3 | self in m | | type_tracker.rb:12:1:16:3 | self in m | type_tracker.rb:15:5:15:18 | self | @@ -470,16 +332,10 @@ trackEnd | type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:14:17:14:23 | __synth__0 | | type_tracker.rb:14:17:14:23 | "hello" | type_tracker.rb:15:10:15:18 | call to field | | type_tracker.rb:14:17:14:23 | __synth__0 | type_tracker.rb:14:17:14:23 | __synth__0 | -| type_tracker.rb:15:5:15:18 | call to puts | type_tracker.rb:12:1:16:3 | return return in m | | type_tracker.rb:15:5:15:18 | call to puts | type_tracker.rb:15:5:15:18 | call to puts | | type_tracker.rb:15:10:15:18 | call to field | type_tracker.rb:15:10:15:18 | call to field | | type_tracker.rb:18:1:21:3 | &block | type_tracker.rb:18:1:21:3 | &block | | type_tracker.rb:18:1:21:3 | positional | type_tracker.rb:18:1:21:3 | positional | -| type_tracker.rb:18:1:21:3 | return return in positional | type_tracker.rb:18:1:21:3 | return return in positional | -| type_tracker.rb:18:1:21:3 | return return in positional | type_tracker.rb:23:1:23:16 | call to positional | -| type_tracker.rb:18:1:21:3 | self (positional) | type_tracker.rb:18:1:21:3 | self (positional) | -| type_tracker.rb:18:1:21:3 | self (positional) | type_tracker.rb:19:5:19:11 | self | -| type_tracker.rb:18:1:21:3 | self (positional) | type_tracker.rb:20:5:20:11 | self | | type_tracker.rb:18:1:21:3 | self in positional | type_tracker.rb:18:1:21:3 | self (positional) | | type_tracker.rb:18:1:21:3 | self in positional | type_tracker.rb:18:1:21:3 | self in positional | | type_tracker.rb:18:1:21:3 | self in positional | type_tracker.rb:19:5:19:11 | self | @@ -487,17 +343,12 @@ trackEnd | type_tracker.rb:18:16:18:17 | p1 | type_tracker.rb:18:16:18:17 | p1 | | type_tracker.rb:18:16:18:17 | p1 | type_tracker.rb:18:16:18:17 | p1 | | type_tracker.rb:18:16:18:17 | p1 | type_tracker.rb:18:16:18:17 | p1 | -| type_tracker.rb:18:16:18:17 | p1 | type_tracker.rb:18:16:18:17 | p1 | -| type_tracker.rb:18:16:18:17 | p1 | type_tracker.rb:19:10:19:11 | p1 | | type_tracker.rb:18:16:18:17 | p1 | type_tracker.rb:19:10:19:11 | p1 | | type_tracker.rb:18:20:18:21 | p2 | type_tracker.rb:18:20:18:21 | p2 | | type_tracker.rb:18:20:18:21 | p2 | type_tracker.rb:18:20:18:21 | p2 | | type_tracker.rb:18:20:18:21 | p2 | type_tracker.rb:18:20:18:21 | p2 | -| type_tracker.rb:18:20:18:21 | p2 | type_tracker.rb:18:20:18:21 | p2 | -| type_tracker.rb:18:20:18:21 | p2 | type_tracker.rb:20:10:20:11 | p2 | | type_tracker.rb:18:20:18:21 | p2 | type_tracker.rb:20:10:20:11 | p2 | | type_tracker.rb:19:5:19:11 | call to puts | type_tracker.rb:19:5:19:11 | call to puts | -| type_tracker.rb:20:5:20:11 | call to puts | type_tracker.rb:18:1:21:3 | return return in positional | | type_tracker.rb:20:5:20:11 | call to puts | type_tracker.rb:20:5:20:11 | call to puts | | type_tracker.rb:20:5:20:11 | call to puts | type_tracker.rb:23:1:23:16 | call to positional | | type_tracker.rb:23:1:23:16 | call to positional | type_tracker.rb:23:1:23:16 | call to positional | @@ -512,13 +363,6 @@ trackEnd | type_tracker.rb:25:1:28:3 | &block | type_tracker.rb:25:1:28:3 | &block | | type_tracker.rb:25:1:28:3 | **kwargs | type_tracker.rb:25:1:28:3 | **kwargs | | type_tracker.rb:25:1:28:3 | keyword | type_tracker.rb:25:1:28:3 | keyword | -| type_tracker.rb:25:1:28:3 | return return in keyword | type_tracker.rb:25:1:28:3 | return return in keyword | -| type_tracker.rb:25:1:28:3 | return return in keyword | type_tracker.rb:30:1:30:21 | call to keyword | -| type_tracker.rb:25:1:28:3 | return return in keyword | type_tracker.rb:31:1:31:21 | call to keyword | -| type_tracker.rb:25:1:28:3 | return return in keyword | type_tracker.rb:32:1:32:27 | call to keyword | -| type_tracker.rb:25:1:28:3 | self (keyword) | type_tracker.rb:25:1:28:3 | self (keyword) | -| type_tracker.rb:25:1:28:3 | self (keyword) | type_tracker.rb:26:5:26:11 | self | -| type_tracker.rb:25:1:28:3 | self (keyword) | type_tracker.rb:27:5:27:11 | self | | type_tracker.rb:25:1:28:3 | self in keyword | type_tracker.rb:25:1:28:3 | self (keyword) | | type_tracker.rb:25:1:28:3 | self in keyword | type_tracker.rb:25:1:28:3 | self in keyword | | type_tracker.rb:25:1:28:3 | self in keyword | type_tracker.rb:26:5:26:11 | self | @@ -526,17 +370,12 @@ trackEnd | type_tracker.rb:25:13:25:14 | p1 | type_tracker.rb:25:13:25:14 | p1 | | type_tracker.rb:25:13:25:14 | p1 | type_tracker.rb:25:13:25:14 | p1 | | type_tracker.rb:25:13:25:14 | p1 | type_tracker.rb:25:13:25:14 | p1 | -| type_tracker.rb:25:13:25:14 | p1 | type_tracker.rb:25:13:25:14 | p1 | -| type_tracker.rb:25:13:25:14 | p1 | type_tracker.rb:26:10:26:11 | p1 | | type_tracker.rb:25:13:25:14 | p1 | type_tracker.rb:26:10:26:11 | p1 | | type_tracker.rb:25:18:25:19 | p2 | type_tracker.rb:25:18:25:19 | p2 | | type_tracker.rb:25:18:25:19 | p2 | type_tracker.rb:25:18:25:19 | p2 | | type_tracker.rb:25:18:25:19 | p2 | type_tracker.rb:25:18:25:19 | p2 | -| type_tracker.rb:25:18:25:19 | p2 | type_tracker.rb:25:18:25:19 | p2 | -| type_tracker.rb:25:18:25:19 | p2 | type_tracker.rb:27:10:27:11 | p2 | | type_tracker.rb:25:18:25:19 | p2 | type_tracker.rb:27:10:27:11 | p2 | | type_tracker.rb:26:5:26:11 | call to puts | type_tracker.rb:26:5:26:11 | call to puts | -| type_tracker.rb:27:5:27:11 | call to puts | type_tracker.rb:25:1:28:3 | return return in keyword | | type_tracker.rb:27:5:27:11 | call to puts | type_tracker.rb:27:5:27:11 | call to puts | | type_tracker.rb:27:5:27:11 | call to puts | type_tracker.rb:30:1:30:21 | call to keyword | | type_tracker.rb:27:5:27:11 | call to puts | type_tracker.rb:31:1:31:21 | call to keyword | @@ -587,80 +426,45 @@ trackEnd | type_tracker.rb:32:26:32:26 | 8 | type_tracker.rb:26:10:26:11 | p1 | | type_tracker.rb:32:26:32:26 | 8 | type_tracker.rb:32:26:32:26 | 8 | | type_tracker.rb:34:1:53:3 | &block | type_tracker.rb:34:1:53:3 | &block | -| type_tracker.rb:34:1:53:3 | return return in throughArray | type_tracker.rb:34:1:53:3 | return return in throughArray | | type_tracker.rb:34:1:53:3 | self in throughArray | type_tracker.rb:34:1:53:3 | self in throughArray | | type_tracker.rb:34:1:53:3 | throughArray | type_tracker.rb:34:1:53:3 | throughArray | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:34:1:53:3 | return return in throughArray | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:34:1:53:3 | return return in throughArray | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:34:18:34:20 | obj | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:34:18:34:20 | obj | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:34:18:34:20 | obj | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:34:18:34:20 | obj | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:35:12:35:14 | obj | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:35:12:35:14 | obj | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:36:5:36:10 | ...[...] | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:36:5:36:10 | ...[...] | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:39:5:39:12 | __synth__0 | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:39:5:39:12 | __synth__0 | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:39:5:39:18 | ... | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:39:5:39:18 | ... | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:39:16:39:18 | ... = ... | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:39:16:39:18 | ... = ... | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:39:16:39:18 | __synth__0 | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:39:16:39:18 | __synth__0 | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:39:16:39:18 | obj | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:39:16:39:18 | obj | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:40:5:40:12 | ...[...] | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:40:5:40:12 | ...[...] | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:43:5:43:13 | __synth__0 | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:43:5:43:13 | __synth__0 | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:43:5:43:19 | ... | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:43:5:43:19 | ... | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:43:17:43:19 | ... = ... | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:43:17:43:19 | ... = ... | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:43:17:43:19 | __synth__0 | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:43:17:43:19 | __synth__0 | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:43:17:43:19 | obj | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:43:17:43:19 | obj | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:44:5:44:13 | ...[...] | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:44:5:44:13 | ...[...] | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:47:5:47:13 | __synth__0 | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:47:5:47:13 | __synth__0 | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:47:5:47:19 | ... | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:47:5:47:19 | ... | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:47:17:47:19 | ... = ... | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:47:17:47:19 | ... = ... | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:47:17:47:19 | __synth__0 | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:47:17:47:19 | __synth__0 | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:47:17:47:19 | obj | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:47:17:47:19 | obj | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:51:5:51:13 | __synth__0 | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:51:5:51:13 | __synth__0 | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:51:5:51:19 | ... | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:51:5:51:19 | ... | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:51:17:51:19 | ... = ... | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:51:17:51:19 | ... = ... | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:51:17:51:19 | __synth__0 | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:51:17:51:19 | __synth__0 | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:51:17:51:19 | obj | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:51:17:51:19 | obj | | type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:52:5:52:13 | ...[...] | -| type_tracker.rb:34:18:34:20 | obj | type_tracker.rb:52:5:52:13 | ...[...] | -| type_tracker.rb:34:23:34:23 | y | type_tracker.rb:34:23:34:23 | y | | type_tracker.rb:34:23:34:23 | y | type_tracker.rb:34:23:34:23 | y | | type_tracker.rb:34:23:34:23 | y | type_tracker.rb:34:23:34:23 | y | | type_tracker.rb:34:23:34:23 | y | type_tracker.rb:34:23:34:23 | y | | type_tracker.rb:34:23:34:23 | y | type_tracker.rb:39:11:39:11 | y | -| type_tracker.rb:34:23:34:23 | y | type_tracker.rb:39:11:39:11 | y | -| type_tracker.rb:34:23:34:23 | y | type_tracker.rb:44:12:44:12 | y | | type_tracker.rb:34:23:34:23 | y | type_tracker.rb:44:12:44:12 | y | | type_tracker.rb:34:23:34:23 | y | type_tracker.rb:51:12:51:12 | y | -| type_tracker.rb:34:23:34:23 | y | type_tracker.rb:51:12:51:12 | y | | type_tracker.rb:34:26:34:26 | z | type_tracker.rb:34:26:34:26 | z | | type_tracker.rb:34:26:34:26 | z | type_tracker.rb:34:26:34:26 | z | | type_tracker.rb:34:26:34:26 | z | type_tracker.rb:34:26:34:26 | z | -| type_tracker.rb:34:26:34:26 | z | type_tracker.rb:34:26:34:26 | z | -| type_tracker.rb:34:26:34:26 | z | type_tracker.rb:52:12:52:12 | z | | type_tracker.rb:34:26:34:26 | z | type_tracker.rb:52:12:52:12 | z | | type_tracker.rb:35:5:35:7 | tmp | type_tracker.rb:35:5:35:7 | tmp | | type_tracker.rb:35:11:35:15 | Array | type_tracker.rb:35:11:35:15 | Array | @@ -743,29 +547,22 @@ trackEnd | type_tracker.rb:50:14:50:26 | call to [] | type_tracker.rb:50:14:50:26 | call to [] | | type_tracker.rb:50:14:50:26 | call to [] | type_tracker.rb:51:5:51:10 | array4 | | type_tracker.rb:50:14:50:26 | call to [] | type_tracker.rb:52:5:52:10 | array4 | -| type_tracker.rb:50:15:50:15 | 1 | type_tracker.rb:34:1:53:3 | return return in throughArray | | type_tracker.rb:50:15:50:15 | 1 | type_tracker.rb:50:15:50:15 | 1 | | type_tracker.rb:50:15:50:15 | 1 | type_tracker.rb:52:5:52:13 | ...[...] | -| type_tracker.rb:50:17:50:17 | 2 | type_tracker.rb:34:1:53:3 | return return in throughArray | | type_tracker.rb:50:17:50:17 | 2 | type_tracker.rb:50:17:50:17 | 2 | | type_tracker.rb:50:17:50:17 | 2 | type_tracker.rb:52:5:52:13 | ...[...] | -| type_tracker.rb:50:19:50:19 | 3 | type_tracker.rb:34:1:53:3 | return return in throughArray | | type_tracker.rb:50:19:50:19 | 3 | type_tracker.rb:50:19:50:19 | 3 | | type_tracker.rb:50:19:50:19 | 3 | type_tracker.rb:52:5:52:13 | ...[...] | -| type_tracker.rb:50:21:50:21 | 4 | type_tracker.rb:34:1:53:3 | return return in throughArray | | type_tracker.rb:50:21:50:21 | 4 | type_tracker.rb:50:21:50:21 | 4 | | type_tracker.rb:50:21:50:21 | 4 | type_tracker.rb:52:5:52:13 | ...[...] | -| type_tracker.rb:50:23:50:23 | 5 | type_tracker.rb:34:1:53:3 | return return in throughArray | | type_tracker.rb:50:23:50:23 | 5 | type_tracker.rb:50:23:50:23 | 5 | | type_tracker.rb:50:23:50:23 | 5 | type_tracker.rb:52:5:52:13 | ...[...] | -| type_tracker.rb:50:25:50:25 | 6 | type_tracker.rb:34:1:53:3 | return return in throughArray | | type_tracker.rb:50:25:50:25 | 6 | type_tracker.rb:50:25:50:25 | 6 | | type_tracker.rb:50:25:50:25 | 6 | type_tracker.rb:52:5:52:13 | ...[...] | | type_tracker.rb:51:5:51:10 | [post] array4 | type_tracker.rb:51:5:51:10 | [post] array4 | | type_tracker.rb:51:5:51:10 | [post] array4 | type_tracker.rb:52:5:52:10 | array4 | | type_tracker.rb:51:5:51:13 | call to []= | type_tracker.rb:51:5:51:13 | call to []= | | type_tracker.rb:51:17:51:19 | __synth__0 | type_tracker.rb:51:17:51:19 | __synth__0 | -| type_tracker.rb:52:5:52:13 | ...[...] | type_tracker.rb:34:1:53:3 | return return in throughArray | | type_tracker.rb:52:5:52:13 | ...[...] | type_tracker.rb:52:5:52:13 | ...[...] | forwardButNoBackwardFlow backwardButNoForwardFlow From 1788c54bd8eed26609e78e0244cbc343772632e1 Mon Sep 17 00:00:00 2001 From: Tom Hvitved <hvitved@github.com> Date: Mon, 1 May 2023 13:13:26 +0200 Subject: [PATCH 621/870] Python: Avoid calling `TypeTracker::step` in call graph construction --- .../new/internal/DataFlowDispatch.qll | 331 +++++++++++++----- 1 file changed, 246 insertions(+), 85 deletions(-) diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll index cdca96cc4ac..958bca246cb 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll @@ -464,22 +464,55 @@ private predicate ignoreForCallGraph(File f) { f.getAbsolutePath().matches("%/site-packages/sympy/%") } +bindingset[n] +pragma[inline_late] +private predicate includeInCallGraph(TypeTrackingNode n) { + not ignoreForCallGraph(n.getLocation().getFile()) +} + +pragma[nomagic] +private predicate stepCallProj(TypeTrackingNode nodeFrom, StepSummary summary) { + StepSummary::stepCall(nodeFrom, _, summary) +} + +bindingset[t, summary] +pragma[inline_late] +private TypeTracker append(TypeTracker t, StepSummary summary) { result = t.append(summary) } + /** * Gets a reference to the function `func`. */ private TypeTrackingNode functionTracker(TypeTracker t, Function func) { - not ignoreForCallGraph(result.getLocation().getFile()) and - t.start() and + includeInCallGraph(result) and ( - result.asExpr() = func.getDefinition() + t.start() and + ( + result.asExpr() = func.getDefinition() + or + // when a function is decorated, it's the result of the (last) decorator call that + // is used + result.asExpr() = func.getDefinition().(FunctionExpr).getADecoratorCall() + ) or - // when a function is decorated, it's the result of the (last) decorator call that - // is used - result.asExpr() = func.getDefinition().(FunctionExpr).getADecoratorCall() + ( + exists(TypeTracker t2 | t = t2.stepNoCall(functionTracker(t2, func), result)) + or + exists(StepSummary summary | + // non-linear recursion + StepSummary::stepCall(functionTrackerCall(t, func, summary), result, summary) + ) + ) + ) +} + +pragma[nomagic] +private TypeTrackingNode functionTrackerCall(TypeTracker t, Function func, StepSummary summary) { + exists(TypeTracker t2 | + // non-linear recursion + result = functionTracker(t2, func) and + stepCallProj(result, summary) and + t = append(t2, summary) ) - or - not ignoreForCallGraph(result.getLocation().getFile()) and - exists(TypeTracker t2 | result = functionTracker(t2, func).track(t2, t)) } /** @@ -491,23 +524,41 @@ Node functionTracker(Function func) { functionTracker(TypeTracker::end(), func). * Gets a reference to the class `cls`. */ private TypeTrackingNode classTracker(TypeTracker t, Class cls) { - not ignoreForCallGraph(result.getLocation().getFile()) and - t.start() and + includeInCallGraph(result) and ( - result.asExpr() = cls.getParent() + t.start() and + ( + result.asExpr() = cls.getParent() + or + // when a class is decorated, it's the result of the (last) decorator call that + // is used + result.asExpr() = cls.getParent().getADecoratorCall() + or + // `type(obj)`, where obj is an instance of this class + result = getTypeCall() and + result.(CallCfgNode).getArg(0) = classInstanceTracker(cls) + ) or - // when a class is decorated, it's the result of the (last) decorator call that - // is used - result.asExpr() = cls.getParent().getADecoratorCall() - or - // `type(obj)`, where obj is an instance of this class - result = getTypeCall() and - result.(CallCfgNode).getArg(0) = classInstanceTracker(cls) + not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) and + ( + exists(TypeTracker t2 | t = t2.stepNoCall(classTracker(t2, cls), result)) + or + exists(StepSummary summary | + // non-linear recursion + StepSummary::stepCall(classTrackerCall(t, cls, summary), result, summary) + ) + ) + ) +} + +pragma[nomagic] +private TypeTrackingNode classTrackerCall(TypeTracker t, Class cls, StepSummary summary) { + exists(TypeTracker t2 | + // non-linear recursion + result = classTracker(t2, cls) and + stepCallProj(result, summary) and + t = append(t2, summary) ) - or - not ignoreForCallGraph(result.getLocation().getFile()) and - exists(TypeTracker t2 | result = classTracker(t2, cls).track(t2, t)) and - not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) } /** @@ -519,21 +570,38 @@ Node classTracker(Class cls) { classTracker(TypeTracker::end(), cls).flowsTo(res * Gets a reference to an instance of the class `cls`. */ private TypeTrackingNode classInstanceTracker(TypeTracker t, Class cls) { - not ignoreForCallGraph(result.getLocation().getFile()) and - t.start() and - resolveClassCall(result.(CallCfgNode).asCfgNode(), cls) - or - // result of `super().__new__` as used in a `__new__` method implementation - not ignoreForCallGraph(result.getLocation().getFile()) and - t.start() and - exists(Class classUsedInSuper | - fromSuperNewCall(result.(CallCfgNode).asCfgNode(), classUsedInSuper, _, _) and - classUsedInSuper = getADirectSuperclass*(cls) + includeInCallGraph(result) and + ( + t.start() and + resolveClassCall(result.(CallCfgNode).asCfgNode(), cls) + or + // result of `super().__new__` as used in a `__new__` method implementation + t.start() and + exists(Class classUsedInSuper | + fromSuperNewCall(result.(CallCfgNode).asCfgNode(), classUsedInSuper, _, _) and + classUsedInSuper = getADirectSuperclass*(cls) + ) + or + not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) and + ( + exists(TypeTracker t2 | t = t2.stepNoCall(classInstanceTracker(t2, cls), result)) + or + exists(StepSummary summary | + // non-linear recursion + StepSummary::stepCall(classInstanceTrackerCall(t, cls, summary), result, summary) + ) + ) + ) +} + +pragma[nomagic] +private TypeTrackingNode classInstanceTrackerCall(TypeTracker t, Class cls, StepSummary summary) { + exists(TypeTracker t2 | + // non-linear recursion + result = classInstanceTracker(t2, cls) and + stepCallProj(result, summary) and + t = append(t2, summary) ) - or - not ignoreForCallGraph(result.getLocation().getFile()) and - exists(TypeTracker t2 | result = classInstanceTracker(t2, cls).track(t2, t)) and - not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) } /** @@ -548,19 +616,37 @@ Node classInstanceTracker(Class cls) { * The method cannot be a `staticmethod` or `classmethod`. */ private TypeTrackingNode selfTracker(TypeTracker t, Class classWithMethod) { - not ignoreForCallGraph(result.getLocation().getFile()) and - t.start() and - exists(Function func | - func = classWithMethod.getAMethod() and - not isStaticmethod(func) and - not isClassmethod(func) - | - result.asExpr() = func.getArg(0) + includeInCallGraph(result) and + ( + t.start() and + exists(Function func | + func = classWithMethod.getAMethod() and + not isStaticmethod(func) and + not isClassmethod(func) + | + result.asExpr() = func.getArg(0) + ) + or + not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) and + ( + exists(TypeTracker t2 | t = t2.stepNoCall(selfTracker(t2, classWithMethod), result)) + or + exists(StepSummary summary | + // non-linear recursion + StepSummary::stepCall(selfTrackerCall(t, classWithMethod, summary), result, summary) + ) + ) + ) +} + +pragma[nomagic] +private TypeTrackingNode selfTrackerCall(TypeTracker t, Class classWithMethod, StepSummary summary) { + exists(TypeTracker t2 | + // non-linear recursion + result = selfTracker(t2, classWithMethod) and + stepCallProj(result, summary) and + t = append(t2, summary) ) - or - not ignoreForCallGraph(result.getLocation().getFile()) and - exists(TypeTracker t2 | result = selfTracker(t2, classWithMethod).track(t2, t)) and - not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) } /** @@ -577,24 +663,44 @@ Node selfTracker(Class classWithMethod) { * from a normal method. */ private TypeTrackingNode clsArgumentTracker(TypeTracker t, Class classWithMethod) { - not ignoreForCallGraph(result.getLocation().getFile()) and - t.start() and + includeInCallGraph(result) and ( - exists(Function func | - func = classWithMethod.getAMethod() and - isClassmethod(func) - | - result.asExpr() = func.getArg(0) + t.start() and + ( + exists(Function func | + func = classWithMethod.getAMethod() and + isClassmethod(func) + | + result.asExpr() = func.getArg(0) + ) + or + // type(self) + result = getTypeCall() and + result.(CallCfgNode).getArg(0) = selfTracker(classWithMethod) ) or - // type(self) - result = getTypeCall() and - result.(CallCfgNode).getArg(0) = selfTracker(classWithMethod) + not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) and + ( + exists(TypeTracker t2 | t = t2.stepNoCall(clsArgumentTracker(t2, classWithMethod), result)) + or + exists(StepSummary summary | + // non-linear recursion + StepSummary::stepCall(clsArgumentTrackerCall(t, classWithMethod, summary), result, summary) + ) + ) + ) +} + +pragma[nomagic] +private TypeTrackingNode clsArgumentTrackerCall( + TypeTracker t, Class classWithMethod, StepSummary summary +) { + exists(TypeTracker t2 | + // non-linear recursion + result = clsArgumentTracker(t2, classWithMethod) and + stepCallProj(result, summary) and + t = append(t2, summary) ) - or - not ignoreForCallGraph(result.getLocation().getFile()) and - exists(TypeTracker t2 | result = clsArgumentTracker(t2, classWithMethod).track(t2, t)) and - not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) } /** @@ -611,18 +717,38 @@ Node clsArgumentTracker(Class classWithMethod) { * call happened in the method `func` (either a method or a classmethod). */ private TypeTrackingNode superCallNoArgumentTracker(TypeTracker t, Function func) { - not ignoreForCallGraph(result.getLocation().getFile()) and - t.start() and - not isStaticmethod(func) and - exists(CallCfgNode call | result = call | - call = getSuperCall() and - not exists(call.getArg(_)) and - call.getScope() = func + includeInCallGraph(result) and + ( + t.start() and + not isStaticmethod(func) and + exists(CallCfgNode call | result = call | + call = getSuperCall() and + not exists(call.getArg(_)) and + call.getScope() = func + ) + or + not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) and + ( + exists(TypeTracker t2 | t = t2.stepNoCall(superCallNoArgumentTracker(t2, func), result)) + or + exists(StepSummary summary | + // non-linear recursion + StepSummary::stepCall(superCallNoArgumentTrackerCall(t, func, summary), result, summary) + ) + ) + ) +} + +pragma[nomagic] +private TypeTrackingNode superCallNoArgumentTrackerCall( + TypeTracker t, Function func, StepSummary summary +) { + exists(TypeTracker t2 | + // non-linear recursion + result = functionTracker(t2, func) and + stepCallProj(result, summary) and + t = append(t2, summary) ) - or - not ignoreForCallGraph(result.getLocation().getFile()) and - exists(TypeTracker t2 | result = superCallNoArgumentTracker(t2, func).track(t2, t)) and - not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) } /** @@ -638,17 +764,37 @@ Node superCallNoArgumentTracker(Function func) { * first is a reference to the class `cls`, and the second argument is `obj`. */ private TypeTrackingNode superCallTwoArgumentTracker(TypeTracker t, Class cls, Node obj) { - not ignoreForCallGraph(result.getLocation().getFile()) and - t.start() and - exists(CallCfgNode call | result = call | - call = getSuperCall() and - call.getArg(0) = classTracker(cls) and - call.getArg(1) = obj + includeInCallGraph(result) and + ( + t.start() and + exists(CallCfgNode call | result = call | + call = getSuperCall() and + call.getArg(0) = classTracker(cls) and + call.getArg(1) = obj + ) + or + not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) and + ( + exists(TypeTracker t2 | t = t2.stepNoCall(superCallTwoArgumentTracker(t2, cls, obj), result)) + or + exists(StepSummary summary | + // non-linear recursion + StepSummary::stepCall(superCallTwoArgumentTrackerCall(t, cls, obj, summary), result, summary) + ) + ) + ) +} + +pragma[nomagic] +private TypeTrackingNode superCallTwoArgumentTrackerCall( + TypeTracker t, Class cls, Node obj, StepSummary summary +) { + exists(TypeTracker t2 | + // non-linear recursion + result = superCallTwoArgumentTracker(t2, cls, obj) and + stepCallProj(result, summary) and + t = append(t2, summary) ) - or - not ignoreForCallGraph(result.getLocation().getFile()) and - exists(TypeTracker t2 | result = superCallTwoArgumentTracker(t2, cls, obj).track(t2, t)) and - not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) } /** @@ -809,7 +955,22 @@ private TypeTrackingNode attrReadTracker(TypeTracker t, AttrRead attr) { superCallNoArgumentTracker(_), superCallTwoArgumentTracker(_, _) ] or - exists(TypeTracker t2 | result = attrReadTracker(t2, attr).track(t2, t)) + exists(TypeTracker t2 | t = t2.stepNoCall(attrReadTracker(t2, attr), result)) + or + exists(StepSummary summary | + // non-linear recursion + StepSummary::stepCall(attrReadTrackerCall(t, attr, summary), result, summary) + ) +} + +pragma[nomagic] +private TypeTrackingNode attrReadTrackerCall(TypeTracker t, AttrRead attr, StepSummary summary) { + exists(TypeTracker t2 | + // non-linear recursion + result = attrReadTracker(t2, attr) and + stepCallProj(result, summary) and + t = append(t2, summary) + ) } /** Gets a reference to the attribute read `attr` */ From 3a3d9bc50578fede3df3698a6dc16d11ca67a2b1 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Wed, 24 May 2023 11:17:56 +0200 Subject: [PATCH 622/870] Swift: Rewrite inline expectation tests to use the parameterized module --- .../dataflow/dataflow/DataFlowInline.expected | 2 ++ .../library-tests/dataflow/dataflow/DataFlowInline.ql | 10 +++++----- .../dataflow/flowsources/FlowSourcesInline.expected | 2 ++ .../dataflow/flowsources/FlowSourcesInline.ql | 10 +++++----- .../dataflow/taint/core/TaintInline.expected | 2 ++ .../library-tests/dataflow/taint/core/TaintInline.ql | 10 +++++----- .../dataflow/taint/libraries/TaintInline.expected | 2 ++ .../dataflow/taint/libraries/TaintInline.ql | 10 +++++----- .../Security/CWE-022/PathInjectionTest.expected | 2 ++ .../query-tests/Security/CWE-022/PathInjectionTest.ql | 10 +++++----- .../Security/CWE-312/CleartextLoggingTest.expected | 2 ++ .../Security/CWE-312/CleartextLoggingTest.ql | 10 +++++----- .../test/query-tests/Security/CWE-611/XXETest.expected | 2 ++ swift/ql/test/query-tests/Security/CWE-611/XXETest.ql | 10 +++++----- .../Security/CWE-946/PredicateInjectionTest.expected | 2 ++ .../Security/CWE-946/PredicateInjectionTest.ql | 10 +++++----- 16 files changed, 56 insertions(+), 40 deletions(-) diff --git a/swift/ql/test/library-tests/dataflow/dataflow/DataFlowInline.expected b/swift/ql/test/library-tests/dataflow/dataflow/DataFlowInline.expected index e69de29bb2d..48de9172b36 100644 --- a/swift/ql/test/library-tests/dataflow/dataflow/DataFlowInline.expected +++ b/swift/ql/test/library-tests/dataflow/dataflow/DataFlowInline.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/swift/ql/test/library-tests/dataflow/dataflow/DataFlowInline.ql b/swift/ql/test/library-tests/dataflow/dataflow/DataFlowInline.ql index 3b75d5e2a37..709e1fef165 100644 --- a/swift/ql/test/library-tests/dataflow/dataflow/DataFlowInline.ql +++ b/swift/ql/test/library-tests/dataflow/dataflow/DataFlowInline.ql @@ -2,12 +2,10 @@ import swift import FlowConfig import TestUtilities.InlineExpectationsTest -class TaintTest extends InlineExpectationsTest { - TaintTest() { this = "DataFlowTest" } +module TaintTest implements TestSig { + string getARelevantTag() { result = "flow" } - override string getARelevantTag() { result = "flow" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(DataFlow::Node source, DataFlow::Node sink, Expr sinkExpr | TestFlow::flow(source, sink) and sinkExpr = sink.asExpr() and @@ -18,3 +16,5 @@ class TaintTest extends InlineExpectationsTest { ) } } + +import MakeTest<TaintTest> diff --git a/swift/ql/test/library-tests/dataflow/flowsources/FlowSourcesInline.expected b/swift/ql/test/library-tests/dataflow/flowsources/FlowSourcesInline.expected index e69de29bb2d..48de9172b36 100644 --- a/swift/ql/test/library-tests/dataflow/flowsources/FlowSourcesInline.expected +++ b/swift/ql/test/library-tests/dataflow/flowsources/FlowSourcesInline.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/swift/ql/test/library-tests/dataflow/flowsources/FlowSourcesInline.ql b/swift/ql/test/library-tests/dataflow/flowsources/FlowSourcesInline.ql index a15bf2eed89..71e6055b7d4 100644 --- a/swift/ql/test/library-tests/dataflow/flowsources/FlowSourcesInline.ql +++ b/swift/ql/test/library-tests/dataflow/flowsources/FlowSourcesInline.ql @@ -8,12 +8,10 @@ string describe(FlowSource source) { source instanceof LocalFlowSource and result = "local" } -class FlowSourcesTest extends InlineExpectationsTest { - FlowSourcesTest() { this = "FlowSourcesTest" } +module FlowSourcesTest implements TestSig { + string getARelevantTag() { result = "source" } - override string getARelevantTag() { result = "source" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(FlowSource source | location = source.getLocation() and location.getFile().getBaseName() != "" and @@ -23,3 +21,5 @@ class FlowSourcesTest extends InlineExpectationsTest { ) } } + +import MakeTest<FlowSourcesTest> diff --git a/swift/ql/test/library-tests/dataflow/taint/core/TaintInline.expected b/swift/ql/test/library-tests/dataflow/taint/core/TaintInline.expected index e69de29bb2d..48de9172b36 100644 --- a/swift/ql/test/library-tests/dataflow/taint/core/TaintInline.expected +++ b/swift/ql/test/library-tests/dataflow/taint/core/TaintInline.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/swift/ql/test/library-tests/dataflow/taint/core/TaintInline.ql b/swift/ql/test/library-tests/dataflow/taint/core/TaintInline.ql index 06d79ed9890..84913579ea0 100644 --- a/swift/ql/test/library-tests/dataflow/taint/core/TaintInline.ql +++ b/swift/ql/test/library-tests/dataflow/taint/core/TaintInline.ql @@ -2,12 +2,10 @@ import swift import Taint import TestUtilities.InlineExpectationsTest -class TaintTest extends InlineExpectationsTest { - TaintTest() { this = "TaintTest" } +module TaintTest implements TestSig { + string getARelevantTag() { result = "tainted" } - override string getARelevantTag() { result = "tainted" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(DataFlow::Node source, DataFlow::Node sink, Expr sinkExpr | TestFlow::flow(source, sink) and sinkExpr = sink.asExpr() and @@ -18,3 +16,5 @@ class TaintTest extends InlineExpectationsTest { ) } } + +import MakeTest<TaintTest> diff --git a/swift/ql/test/library-tests/dataflow/taint/libraries/TaintInline.expected b/swift/ql/test/library-tests/dataflow/taint/libraries/TaintInline.expected index e69de29bb2d..48de9172b36 100644 --- a/swift/ql/test/library-tests/dataflow/taint/libraries/TaintInline.expected +++ b/swift/ql/test/library-tests/dataflow/taint/libraries/TaintInline.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/swift/ql/test/library-tests/dataflow/taint/libraries/TaintInline.ql b/swift/ql/test/library-tests/dataflow/taint/libraries/TaintInline.ql index 06d79ed9890..84913579ea0 100644 --- a/swift/ql/test/library-tests/dataflow/taint/libraries/TaintInline.ql +++ b/swift/ql/test/library-tests/dataflow/taint/libraries/TaintInline.ql @@ -2,12 +2,10 @@ import swift import Taint import TestUtilities.InlineExpectationsTest -class TaintTest extends InlineExpectationsTest { - TaintTest() { this = "TaintTest" } +module TaintTest implements TestSig { + string getARelevantTag() { result = "tainted" } - override string getARelevantTag() { result = "tainted" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(DataFlow::Node source, DataFlow::Node sink, Expr sinkExpr | TestFlow::flow(source, sink) and sinkExpr = sink.asExpr() and @@ -18,3 +16,5 @@ class TaintTest extends InlineExpectationsTest { ) } } + +import MakeTest<TaintTest> diff --git a/swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.expected b/swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.expected index e69de29bb2d..48de9172b36 100644 --- a/swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.expected +++ b/swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.ql b/swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.ql index 72caf5b1e8d..0e21c40886e 100644 --- a/swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.ql +++ b/swift/ql/test/query-tests/Security/CWE-022/PathInjectionTest.ql @@ -4,12 +4,10 @@ import codeql.swift.dataflow.FlowSources import codeql.swift.security.PathInjectionQuery import TestUtilities.InlineExpectationsTest -class PathInjectionTest extends InlineExpectationsTest { - PathInjectionTest() { this = "PathInjectionTest" } +module PathInjectionTest implements TestSig { + string getARelevantTag() { result = "hasPathInjection" } - override string getARelevantTag() { result = "hasPathInjection" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(DataFlow::Node source, DataFlow::Node sink | PathInjectionFlow::flow(source, sink) and location = sink.getLocation() and @@ -20,3 +18,5 @@ class PathInjectionTest extends InlineExpectationsTest { ) } } + +import MakeTest<PathInjectionTest> diff --git a/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.expected b/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.expected index e69de29bb2d..48de9172b36 100644 --- a/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.expected +++ b/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.ql b/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.ql index 5bde9854d90..1c3d327490d 100644 --- a/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.ql +++ b/swift/ql/test/query-tests/Security/CWE-312/CleartextLoggingTest.ql @@ -3,12 +3,10 @@ import codeql.swift.dataflow.DataFlow import codeql.swift.security.CleartextLoggingQuery import TestUtilities.InlineExpectationsTest -class CleartextLogging extends InlineExpectationsTest { - CleartextLogging() { this = "CleartextLogging" } +module CleartextLogging implements TestSig { + string getARelevantTag() { result = "hasCleartextLogging" } - override string getARelevantTag() { result = "hasCleartextLogging" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(DataFlow::Node source, DataFlow::Node sink, Expr sinkExpr | CleartextLoggingFlow::flow(source, sink) and sinkExpr = sink.asExpr() and @@ -19,3 +17,5 @@ class CleartextLogging extends InlineExpectationsTest { ) } } + +import MakeTest<CleartextLogging> diff --git a/swift/ql/test/query-tests/Security/CWE-611/XXETest.expected b/swift/ql/test/query-tests/Security/CWE-611/XXETest.expected index e69de29bb2d..48de9172b36 100644 --- a/swift/ql/test/query-tests/Security/CWE-611/XXETest.expected +++ b/swift/ql/test/query-tests/Security/CWE-611/XXETest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/swift/ql/test/query-tests/Security/CWE-611/XXETest.ql b/swift/ql/test/query-tests/Security/CWE-611/XXETest.ql index daa46b98c8d..684cef766d6 100644 --- a/swift/ql/test/query-tests/Security/CWE-611/XXETest.ql +++ b/swift/ql/test/query-tests/Security/CWE-611/XXETest.ql @@ -9,12 +9,10 @@ class TestRemoteSource extends RemoteFlowSource { override string getSourceType() { result = "Test source" } } -class XxeTest extends InlineExpectationsTest { - XxeTest() { this = "XxeTest" } +module XxeTest implements TestSig { + string getARelevantTag() { result = "hasXXE" } - override string getARelevantTag() { result = "hasXXE" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(DataFlow::Node source, DataFlow::Node sink, Expr sinkExpr | XxeFlow::flow(source, sink) and sinkExpr = sink.asExpr() and @@ -25,3 +23,5 @@ class XxeTest extends InlineExpectationsTest { ) } } + +import MakeTest<XxeTest> diff --git a/swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.expected b/swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.expected index e69de29bb2d..48de9172b36 100644 --- a/swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.expected +++ b/swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.ql b/swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.ql index 8e5dd4046e6..2c1eafa0b71 100644 --- a/swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.ql +++ b/swift/ql/test/query-tests/Security/CWE-946/PredicateInjectionTest.ql @@ -3,12 +3,10 @@ import codeql.swift.dataflow.DataFlow import codeql.swift.security.PredicateInjectionQuery import TestUtilities.InlineExpectationsTest -class PredicateInjectionTest extends InlineExpectationsTest { - PredicateInjectionTest() { this = "PredicateInjectionTest" } +module PredicateInjectionTest implements TestSig { + string getARelevantTag() { result = "hasPredicateInjection" } - override string getARelevantTag() { result = "hasPredicateInjection" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(DataFlow::Node source, DataFlow::Node sink, Expr sinkExpr | PredicateInjectionFlow::flow(source, sink) and sinkExpr = sink.asExpr() and @@ -19,3 +17,5 @@ class PredicateInjectionTest extends InlineExpectationsTest { ) } } + +import MakeTest<PredicateInjectionTest> From af378df712450ca614286f65cc6e051f714c163e Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Wed, 24 May 2023 12:13:17 +0200 Subject: [PATCH 623/870] C++: Add `cpp/invalid-pointer-deref` FP test case --- .../InvalidPointerDeref.expected | 15 ++++++- .../CWE/CWE-193/pointer-deref/test.cpp | 42 ++++++++++++++----- 2 files changed, 45 insertions(+), 12 deletions(-) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected index 6da1913cfa2..ad1b16d4f23 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected @@ -653,7 +653,18 @@ edges | test.cpp:304:15:304:26 | new[] | test.cpp:308:5:308:6 | xs | | test.cpp:308:5:308:6 | xs | test.cpp:308:5:308:11 | access to array | | test.cpp:308:5:308:11 | access to array | test.cpp:308:5:308:29 | Store: ... = ... | -| test.cpp:313:16:313:29 | new[] | test.cpp:314:17:314:18 | xs | +| test.cpp:313:14:313:27 | new[] | test.cpp:314:15:314:16 | xs | +| test.cpp:325:14:325:27 | new[] | test.cpp:326:15:326:16 | xs | +| test.cpp:326:15:326:16 | xs | test.cpp:326:15:326:23 | ... + ... | +| test.cpp:326:15:326:16 | xs | test.cpp:326:15:326:23 | ... + ... | +| test.cpp:326:15:326:16 | xs | test.cpp:338:8:338:15 | * ... | +| test.cpp:326:15:326:16 | xs | test.cpp:341:8:341:17 | * ... | +| test.cpp:326:15:326:23 | ... + ... | test.cpp:342:8:342:17 | * ... | +| test.cpp:326:15:326:23 | ... + ... | test.cpp:342:8:342:17 | * ... | +| test.cpp:338:8:338:15 | * ... | test.cpp:342:8:342:17 | * ... | +| test.cpp:341:8:341:17 | * ... | test.cpp:342:8:342:17 | * ... | +| test.cpp:342:8:342:17 | * ... | test.cpp:333:5:333:21 | Store: ... = ... | +| test.cpp:342:8:342:17 | * ... | test.cpp:341:5:341:21 | Store: ... = ... | subpaths #select | test.cpp:6:14:6:15 | Load: * ... | test.cpp:4:15:4:20 | call to malloc | test.cpp:6:14:6:15 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:4:15:4:20 | call to malloc | call to malloc | test.cpp:5:19:5:22 | size | size | @@ -679,3 +690,5 @@ subpaths | test.cpp:264:13:264:14 | Load: * ... | test.cpp:260:13:260:24 | new[] | test.cpp:264:13:264:14 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:260:13:260:24 | new[] | new[] | test.cpp:261:19:261:21 | len | len | | test.cpp:274:5:274:10 | Store: ... = ... | test.cpp:270:13:270:24 | new[] | test.cpp:274:5:274:10 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:270:13:270:24 | new[] | new[] | test.cpp:271:19:271:21 | len | len | | test.cpp:308:5:308:29 | Store: ... = ... | test.cpp:304:15:304:26 | new[] | test.cpp:308:5:308:29 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:304:15:304:26 | new[] | new[] | test.cpp:308:8:308:10 | ... + ... | ... + ... | +| test.cpp:333:5:333:21 | Store: ... = ... | test.cpp:325:14:325:27 | new[] | test.cpp:333:5:333:21 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:325:14:325:27 | new[] | new[] | test.cpp:326:20:326:23 | size | size | +| test.cpp:341:5:341:21 | Store: ... = ... | test.cpp:325:14:325:27 | new[] | test.cpp:341:5:341:21 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:325:14:325:27 | new[] | new[] | test.cpp:326:20:326:23 | size | size | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp index 54fa131f232..cf673d43972 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp @@ -310,15 +310,35 @@ void test21() { } void test22(unsigned size, int val) { - char *xs = new char[size]; - char *end = xs + size; // GOOD - char **current = &end; - do - { - if( *current - xs < 1 ) // GOOD - return; - *--(*current) = 0; // GOOD - val >>= 8; - } - while( val > 0 ); + char *xs = new char[size]; + char *end = xs + size; // GOOD + char **current = &end; + do { + if (*current - xs < 1) // GOOD + return; + *--(*current) = 0; // GOOD + val >>= 8; + } while (val > 0); +} + +void test23(unsigned size, int val) { + char *xs = new char[size]; + char *end = xs + size; + char **current = &end; + + if (val < 1) { + if(*current - xs < 1) + return; + + *--(*current) = 0; // GOOD [FALSE POSITIVE] + return; + } + + if (val < 2) { + if(*current - xs < 2) + return; + + *--(*current) = 0; // GOOD [FALSE POSITIVE] + *--(*current) = 0; // GOOD + } } From d2e192020b816f5092c3ac2f588432dc7b1153b4 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <github-actions@github.com> Date: Wed, 24 May 2023 11:26:12 +0000 Subject: [PATCH 624/870] Post-release preparation for codeql-cli-2.13.3 --- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/yaml/qlpack.yml | 2 +- 24 files changed, 24 insertions(+), 24 deletions(-) diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 2008adee602..1982886c434 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.7.2 +version: 0.7.3-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 8b2bb0ed100..46dffc3e763 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.6.2 +version: 0.6.3-dev groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 9c09d378a20..4f2900e0b73 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.5.2 +version: 1.5.3-dev groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 241bb764b7c..2318576e19e 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.5.2 +version: 1.5.3-dev groups: - csharp - solorigate diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 1e56c93103b..17e00fa022c 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.6.2 +version: 0.6.3-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 663ad9efee2..95506e0f254 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.6.2 +version: 0.6.3-dev groups: - csharp - queries diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 4da3e4ac60c..287c27187e3 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.5.2 +version: 0.5.3-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 81410e8a0bc..75963a0708e 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.5.2 +version: 0.5.3-dev groups: - go - queries diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 94ec029ed07..ada2ac9e999 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.6.2 +version: 0.6.3-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 8936d5a4373..2da31e822ff 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.6.2 +version: 0.6.3-dev groups: - java - queries diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index c45ff2f4732..52962f549b0 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.6.2 +version: 0.6.3-dev groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index f64917ed51f..10e071e417c 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.6.2 +version: 0.6.3-dev groups: - javascript - queries diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index a66a845730d..b6fbcda7201 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,3 +1,3 @@ name: codeql/suite-helpers -version: 0.5.2 +version: 0.5.3-dev groups: shared diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index be1ec0efa99..9d4522d5f58 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.9.2 +version: 0.9.3-dev groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index d399ced2ccd..eb327c2e42e 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.7.2 +version: 0.7.3-dev groups: - python - queries diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 7d01fb676db..bb01a5ff87d 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.6.2 +version: 0.6.3-dev groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 2ba1f5ae58f..3bc462dc7ee 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.6.2 +version: 0.6.3-dev groups: - ruby - queries diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index deb3ab1029b..86b105c881a 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.0.13 +version: 0.0.14-dev groups: shared library: true dependencies: diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 2200a923da4..55ebe316292 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.0.17 +version: 0.0.18-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index dafd176c023..af7544c0ae9 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,6 +1,6 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.0.10 +version: 0.0.11-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 697964c9078..10e32e39f99 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.0.10 +version: 0.0.11-dev groups: shared library: true dependencies: diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 41595203b56..fa4fe52aace 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.0.17 +version: 0.0.18-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index b6a5d413250..c044709ceee 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 0.0.10 +version: 0.0.11-dev groups: shared library: true dependencies: diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 5f61beb0f39..6b9f33c9125 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.0.2 +version: 0.0.3-dev groups: shared library: true warnOnImplicitThis: true From 9a467f9d4e863f4736beb85c22743b71e2f20262 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Wed, 24 May 2023 13:52:19 +0200 Subject: [PATCH 625/870] C++: Add `cpp/invalid-pointer-deref` FP test case --- .../CWE-193/pointer-deref/InvalidPointerDeref.expected | 7 +++++++ .../Security/CWE/CWE-193/pointer-deref/test.cpp | 8 ++++++++ 2 files changed, 15 insertions(+) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected index ad1b16d4f23..1487088ca9f 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected @@ -665,6 +665,12 @@ edges | test.cpp:341:8:341:17 | * ... | test.cpp:342:8:342:17 | * ... | | test.cpp:342:8:342:17 | * ... | test.cpp:333:5:333:21 | Store: ... = ... | | test.cpp:342:8:342:17 | * ... | test.cpp:341:5:341:21 | Store: ... = ... | +| test.cpp:347:14:347:27 | new[] | test.cpp:348:15:348:16 | xs | +| test.cpp:348:15:348:16 | xs | test.cpp:350:16:350:19 | ... ++ | +| test.cpp:348:15:348:16 | xs | test.cpp:350:16:350:19 | ... ++ | +| test.cpp:350:16:350:19 | ... ++ | test.cpp:350:15:350:19 | Load: * ... | +| test.cpp:350:16:350:19 | ... ++ | test.cpp:350:16:350:19 | ... ++ | +| test.cpp:350:16:350:19 | ... ++ | test.cpp:350:16:350:19 | ... ++ | subpaths #select | test.cpp:6:14:6:15 | Load: * ... | test.cpp:4:15:4:20 | call to malloc | test.cpp:6:14:6:15 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:4:15:4:20 | call to malloc | call to malloc | test.cpp:5:19:5:22 | size | size | @@ -692,3 +698,4 @@ subpaths | test.cpp:308:5:308:29 | Store: ... = ... | test.cpp:304:15:304:26 | new[] | test.cpp:308:5:308:29 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:304:15:304:26 | new[] | new[] | test.cpp:308:8:308:10 | ... + ... | ... + ... | | test.cpp:333:5:333:21 | Store: ... = ... | test.cpp:325:14:325:27 | new[] | test.cpp:333:5:333:21 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:325:14:325:27 | new[] | new[] | test.cpp:326:20:326:23 | size | size | | test.cpp:341:5:341:21 | Store: ... = ... | test.cpp:325:14:325:27 | new[] | test.cpp:341:5:341:21 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:325:14:325:27 | new[] | new[] | test.cpp:326:20:326:23 | size | size | +| test.cpp:350:15:350:19 | Load: * ... | test.cpp:347:14:347:27 | new[] | test.cpp:350:15:350:19 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:347:14:347:27 | new[] | new[] | test.cpp:348:20:348:23 | size | size | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp index cf673d43972..b6741535e42 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp @@ -342,3 +342,11 @@ void test23(unsigned size, int val) { *--(*current) = 0; // GOOD } } + +void test24(unsigned size) { + char *xs = new char[size]; + char *end = xs + size; + if (xs < end) { + int val = *xs++; // GOOD [FALSE POSITIVE] + } +} From 770e76a04dbe519d24f2c8788957ccdb5d7c0869 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen <kaspersv@github.com> Date: Wed, 24 May 2023 14:02:58 +0200 Subject: [PATCH 626/870] Docs: Late inlining now supported for member predicates --- docs/codeql/ql-language-reference/annotations.rst | 2 +- docs/codeql/ql-language-reference/ql-language-specification.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/codeql/ql-language-reference/annotations.rst b/docs/codeql/ql-language-reference/annotations.rst index 7b860e39719..70e4321667f 100644 --- a/docs/codeql/ql-language-reference/annotations.rst +++ b/docs/codeql/ql-language-reference/annotations.rst @@ -292,7 +292,7 @@ at the places where it is called. ``pragma[inline_late]`` ----------------------- -**Available for**: |non-member predicates| +**Available for**: |characteristic predicates|, |member predicates|, |non-member predicates| The ``pragma[inline_late]`` annotation must be used in conjunction with a ``bindingset[...]`` pragma. Together, they tell the QL optimiser to use the diff --git a/docs/codeql/ql-language-reference/ql-language-specification.rst b/docs/codeql/ql-language-reference/ql-language-specification.rst index 32e71c32e75..af5be717ef6 100644 --- a/docs/codeql/ql-language-reference/ql-language-specification.rst +++ b/docs/codeql/ql-language-reference/ql-language-specification.rst @@ -738,7 +738,7 @@ The parameterized annotation ``pragma`` supplies compiler pragmas, and may be ap +===========================+=========+============+===================+=======================+=========+========+=========+=========+ | ``inline`` | | yes | yes | yes | | | | | +---------------------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ -| ``inline_late`` | | | | yes | | | | | +| ``inline_late`` | | yes | yes | yes | | | | | +---------------------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ | ``noinline`` | | yes | yes | yes | | | | | +---------------------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+ From 40450a27927d9682f2ae611d6efcb1f5f036d6a7 Mon Sep 17 00:00:00 2001 From: Maiky <76447395+maikypedia@users.noreply.github.com> Date: Wed, 24 May 2023 17:02:48 +0200 Subject: [PATCH 627/870] typo --- ruby/ql/lib/codeql/ruby/frameworks/Pg.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Pg.qll b/ruby/ql/lib/codeql/ruby/frameworks/Pg.qll index 27f4844bd77..e0f60730721 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/Pg.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/Pg.qll @@ -35,7 +35,7 @@ module Pg { } } - /** A call that prepares an SQL statment to be executed later. */ + /** A call that prepares an SQL statement to be executed later. */ private class PgPrepareCall extends SqlConstruction::Range, DataFlow::CallNode { private DataFlow::Node query; private PgConnection pgConnection; From e513af1bcfe8a1e45f89860d634b636c4fe1c8c0 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Wed, 24 May 2023 12:11:05 +0200 Subject: [PATCH 628/870] Swift: add CFG and PrintAst consistency queries, enabling them in CI --- swift/actions/run-ql-tests/action.yml | 1 + .../lib/codeql/swift/printast/Consistency.qll | 29 +++++++++++++++++++ .../consistency/CfgConsistency.ql} | 0 .../ql/src/consistency/PrintAstConsistency.ql | 1 + .../ast/no_double_children.expected | 0 .../library-tests/ast/no_double_children.ql | 8 ----- .../ast/no_double_indexes.expected | 0 .../library-tests/ast/no_double_indexes.ql | 8 ----- .../ast/no_double_parents.expected | 0 .../library-tests/ast/no_double_parents.ql | 8 ----- .../ast/no_parent_child_loops.expected | 0 .../ast/no_parent_child_loops.ql | 7 ----- .../controlflow/graph/consistency.expected | 24 --------------- 13 files changed, 31 insertions(+), 55 deletions(-) create mode 100644 swift/ql/lib/codeql/swift/printast/Consistency.qll rename swift/ql/{test/library-tests/controlflow/graph/consistency.ql => src/consistency/CfgConsistency.ql} (100%) create mode 100644 swift/ql/src/consistency/PrintAstConsistency.ql delete mode 100644 swift/ql/test/library-tests/ast/no_double_children.expected delete mode 100644 swift/ql/test/library-tests/ast/no_double_children.ql delete mode 100644 swift/ql/test/library-tests/ast/no_double_indexes.expected delete mode 100644 swift/ql/test/library-tests/ast/no_double_indexes.ql delete mode 100644 swift/ql/test/library-tests/ast/no_double_parents.expected delete mode 100644 swift/ql/test/library-tests/ast/no_double_parents.ql delete mode 100644 swift/ql/test/library-tests/ast/no_parent_child_loops.expected delete mode 100644 swift/ql/test/library-tests/ast/no_parent_child_loops.ql delete mode 100644 swift/ql/test/library-tests/controlflow/graph/consistency.expected diff --git a/swift/actions/run-ql-tests/action.yml b/swift/actions/run-ql-tests/action.yml index 436f913e630..ea2a7313584 100644 --- a/swift/actions/run-ql-tests/action.yml +++ b/swift/actions/run-ql-tests/action.yml @@ -26,6 +26,7 @@ runs: --check-repeated-labels \ --check-redefined-labels \ --check-use-before-definition \ + --consistency-queries "${{ github.workspace }}/swift/ql/src/consistency" \ --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" \ ${{ inputs.flags }} \ swift/ql/test diff --git a/swift/ql/lib/codeql/swift/printast/Consistency.qll b/swift/ql/lib/codeql/swift/printast/Consistency.qll new file mode 100644 index 00000000000..7fa731d4fe9 --- /dev/null +++ b/swift/ql/lib/codeql/swift/printast/Consistency.qll @@ -0,0 +1,29 @@ +private import codeql.swift.printast.PrintAstNode + +query predicate doubleChildren( + PrintAstNode parent, int index, PrintAstNode child1, PrintAstNode child2 +) { + child1 != child2 and + parent.hasChild(child1, index, _) and + parent.hasChild(child2, index, _) +} + +query predicate doubleIndexes(PrintAstNode parent, int index1, int index2, PrintAstNode child) { + index1 != index2 and + parent.hasChild(child, index1, _) and + parent.hasChild(child, index2, _) +} + +query predicate doubleParents(PrintAstNode parent1, PrintAstNode parent2, PrintAstNode child) { + parent1 != parent2 and + parent1.hasChild(child, _, _) and + parent2.hasChild(child, _, _) +} + +private predicate isChildOf(PrintAstNode parent, PrintAstNode child) { + parent.hasChild(child, _, _) +} + +query predicate parentChildLoops(PrintAstNode parent, PrintAstNode child) { + isChildOf(parent, child) and isChildOf*(child, parent) +} diff --git a/swift/ql/test/library-tests/controlflow/graph/consistency.ql b/swift/ql/src/consistency/CfgConsistency.ql similarity index 100% rename from swift/ql/test/library-tests/controlflow/graph/consistency.ql rename to swift/ql/src/consistency/CfgConsistency.ql diff --git a/swift/ql/src/consistency/PrintAstConsistency.ql b/swift/ql/src/consistency/PrintAstConsistency.ql new file mode 100644 index 00000000000..12c7dfe5991 --- /dev/null +++ b/swift/ql/src/consistency/PrintAstConsistency.ql @@ -0,0 +1 @@ +import codeql.swift.printast.Consistency diff --git a/swift/ql/test/library-tests/ast/no_double_children.expected b/swift/ql/test/library-tests/ast/no_double_children.expected deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/swift/ql/test/library-tests/ast/no_double_children.ql b/swift/ql/test/library-tests/ast/no_double_children.ql deleted file mode 100644 index ffd27bedb03..00000000000 --- a/swift/ql/test/library-tests/ast/no_double_children.ql +++ /dev/null @@ -1,8 +0,0 @@ -private import codeql.swift.printast.PrintAstNode - -from PrintAstNode parent, int index, PrintAstNode child1, PrintAstNode child2 -where - child1 != child2 and - parent.hasChild(child1, index, _) and - parent.hasChild(child2, index, _) -select parent, index, child1, child2 diff --git a/swift/ql/test/library-tests/ast/no_double_indexes.expected b/swift/ql/test/library-tests/ast/no_double_indexes.expected deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/swift/ql/test/library-tests/ast/no_double_indexes.ql b/swift/ql/test/library-tests/ast/no_double_indexes.ql deleted file mode 100644 index c6308a99100..00000000000 --- a/swift/ql/test/library-tests/ast/no_double_indexes.ql +++ /dev/null @@ -1,8 +0,0 @@ -private import codeql.swift.printast.PrintAstNode - -from PrintAstNode parent, int index1, int index2, PrintAstNode child -where - index1 != index2 and - parent.hasChild(child, index1, _) and - parent.hasChild(child, index2, _) -select parent, child, index1, index2 diff --git a/swift/ql/test/library-tests/ast/no_double_parents.expected b/swift/ql/test/library-tests/ast/no_double_parents.expected deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/swift/ql/test/library-tests/ast/no_double_parents.ql b/swift/ql/test/library-tests/ast/no_double_parents.ql deleted file mode 100644 index 5a62076a9ea..00000000000 --- a/swift/ql/test/library-tests/ast/no_double_parents.ql +++ /dev/null @@ -1,8 +0,0 @@ -private import codeql.swift.printast.PrintAstNode - -from PrintAstNode parent1, PrintAstNode parent2, PrintAstNode child -where - parent1 != parent2 and - parent1.hasChild(child, _, _) and - parent2.hasChild(child, _, _) -select parent1, parent2, child diff --git a/swift/ql/test/library-tests/ast/no_parent_child_loops.expected b/swift/ql/test/library-tests/ast/no_parent_child_loops.expected deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/swift/ql/test/library-tests/ast/no_parent_child_loops.ql b/swift/ql/test/library-tests/ast/no_parent_child_loops.ql deleted file mode 100644 index e7ffea56cc7..00000000000 --- a/swift/ql/test/library-tests/ast/no_parent_child_loops.ql +++ /dev/null @@ -1,7 +0,0 @@ -private import codeql.swift.printast.PrintAstNode - -predicate isChildOf(PrintAstNode parent, PrintAstNode child) { parent.hasChild(child, _, _) } - -from PrintAstNode parent, PrintAstNode child -where isChildOf(parent, child) and isChildOf*(child, parent) -select parent, child diff --git a/swift/ql/test/library-tests/controlflow/graph/consistency.expected b/swift/ql/test/library-tests/controlflow/graph/consistency.expected deleted file mode 100644 index 0440ab97c1a..00000000000 --- a/swift/ql/test/library-tests/controlflow/graph/consistency.expected +++ /dev/null @@ -1,24 +0,0 @@ -nonUniqueSetRepresentation -breakInvariant2 -breakInvariant3 -breakInvariant4 -breakInvariant5 -multipleSuccessors -| cfg.swift:33:28:33:28 | ... is ... | no-match | cfg.swift:33:49:33:60 | call to isZero(x:) | -| cfg.swift:33:28:33:28 | ... is ... | no-match | cfg.swift:35:5:37:3 | case ... | -| cfg.swift:144:10:144:10 | =~ ... | no-match | cfg.swift:144:18:144:34 | ... .&&(_:_:) ... | -| cfg.swift:144:10:144:10 | =~ ... | no-match | cfg.swift:146:5:147:14 | case ... | -| cfg.swift:515:6:515:28 | #available | false | cfg.swift:515:42:515:46 | iOS 12 | -| cfg.swift:515:6:515:28 | #available | false | cfg.swift:519:10:519:10 | x | -| file://:0:0:0:0 | $interpolation | successor | cfg.swift:40:11:40:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cfg.swift:40:12:40:12 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cfg.swift:263:10:263:10 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cfg.swift:263:11:263:11 | .appendLiteral(_:) | -simpleAndNormalSuccessors -deadEnd -| cfg.swift:33:49:33:60 | call to isZero(x:) | -| cfg.swift:144:18:144:34 | ... .&&(_:_:) ... | -| file://:0:0:0:0 | ... = ... | -| file://:0:0:0:0 | ... = ... | -nonUniqueSplitKind -nonUniqueListOrder From 85fdcd9912b28bdc685aa550916677269d58d423 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Wed, 24 May 2023 13:11:22 +0200 Subject: [PATCH 629/870] Swift: move consistency queries --- swift/actions/run-ql-tests/action.yml | 2 +- .../{src/consistency => consistency-queries}/CfgConsistency.ql | 0 .../consistency => consistency-queries}/PrintAstConsistency.ql | 0 3 files changed, 1 insertion(+), 1 deletion(-) rename swift/ql/{src/consistency => consistency-queries}/CfgConsistency.ql (100%) rename swift/ql/{src/consistency => consistency-queries}/PrintAstConsistency.ql (100%) diff --git a/swift/actions/run-ql-tests/action.yml b/swift/actions/run-ql-tests/action.yml index ea2a7313584..da10997df44 100644 --- a/swift/actions/run-ql-tests/action.yml +++ b/swift/actions/run-ql-tests/action.yml @@ -26,7 +26,7 @@ runs: --check-repeated-labels \ --check-redefined-labels \ --check-use-before-definition \ - --consistency-queries "${{ github.workspace }}/swift/ql/src/consistency" \ + --consistency-queries "${{ github.workspace }}/swift/ql/consistency-queries" \ --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" \ ${{ inputs.flags }} \ swift/ql/test diff --git a/swift/ql/src/consistency/CfgConsistency.ql b/swift/ql/consistency-queries/CfgConsistency.ql similarity index 100% rename from swift/ql/src/consistency/CfgConsistency.ql rename to swift/ql/consistency-queries/CfgConsistency.ql diff --git a/swift/ql/src/consistency/PrintAstConsistency.ql b/swift/ql/consistency-queries/PrintAstConsistency.ql similarity index 100% rename from swift/ql/src/consistency/PrintAstConsistency.ql rename to swift/ql/consistency-queries/PrintAstConsistency.ql From b9fe056d81f70e86763e47a421163f8f1117540b Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Wed, 24 May 2023 13:23:05 +0200 Subject: [PATCH 630/870] Swift: add `qlpack.yml` to `consistency-queries` --- swift/ql/consistency-queries/qlpack.yml | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 swift/ql/consistency-queries/qlpack.yml diff --git a/swift/ql/consistency-queries/qlpack.yml b/swift/ql/consistency-queries/qlpack.yml new file mode 100644 index 00000000000..57ef2babccf --- /dev/null +++ b/swift/ql/consistency-queries/qlpack.yml @@ -0,0 +1,4 @@ +name: codeql/swift-consistency-queries +groups: [swift, test, consistency-queries] +dependencies: + codeql/swift-all: ${workspace} From 67a9141e8c6d9238b812b5fcbc4e73ec54603d44 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Wed, 24 May 2023 13:26:01 +0200 Subject: [PATCH 631/870] Swift: make AST printer consistency query more helpful --- .../lib/codeql/swift/printast/Consistency.qll | 23 +++++++++++-------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/swift/ql/lib/codeql/swift/printast/Consistency.qll b/swift/ql/lib/codeql/swift/printast/Consistency.qll index 7fa731d4fe9..c2ba698f5ae 100644 --- a/swift/ql/lib/codeql/swift/printast/Consistency.qll +++ b/swift/ql/lib/codeql/swift/printast/Consistency.qll @@ -1,23 +1,28 @@ private import codeql.swift.printast.PrintAstNode query predicate doubleChildren( - PrintAstNode parent, int index, PrintAstNode child1, PrintAstNode child2 + PrintAstNode parent, int index, string label1, PrintAstNode child1, string label2, + PrintAstNode child2 ) { child1 != child2 and - parent.hasChild(child1, index, _) and - parent.hasChild(child2, index, _) + parent.hasChild(child1, index, label1) and + parent.hasChild(child2, index, label2) } -query predicate doubleIndexes(PrintAstNode parent, int index1, int index2, PrintAstNode child) { +query predicate doubleIndexes( + PrintAstNode parent, int index1, string label1, int index2, string label2, PrintAstNode child +) { index1 != index2 and - parent.hasChild(child, index1, _) and - parent.hasChild(child, index2, _) + parent.hasChild(child, index1, label1) and + parent.hasChild(child, index2, label2) } -query predicate doubleParents(PrintAstNode parent1, PrintAstNode parent2, PrintAstNode child) { +query predicate doubleParents( + PrintAstNode parent1, string label1, PrintAstNode parent2, string label2, PrintAstNode child +) { parent1 != parent2 and - parent1.hasChild(child, _, _) and - parent2.hasChild(child, _, _) + parent1.hasChild(child, _, label1) and + parent2.hasChild(child, _, label2) } private predicate isChildOf(PrintAstNode parent, PrintAstNode child) { From 63fb0581c2cfdb1fb51610b6f3c58316f6a7c5e9 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Wed, 24 May 2023 20:09:46 +0200 Subject: [PATCH 632/870] Swift: accept inconsistencies for now --- .../CONSISTENCY/CfgConsistency.expected | 6 ++ .../CONSISTENCY/CfgConsistency.expected | 5 ++ .../CONSISTENCY/CfgConsistency.expected | 2 + .../CONSISTENCY/CfgConsistency.expected | 14 ++++ .../CONSISTENCY/PrintAstConsistency.expected | 13 ++++ .../CONSISTENCY/CfgConsistency.expected | 6 ++ .../CONSISTENCY/PrintAstConsistency.expected | 21 ++++++ .../CONSISTENCY/PrintAstConsistency.expected | 13 ++++ .../CONSISTENCY/PrintAstConsistency.expected | 5 ++ .../CONSISTENCY/CfgConsistency.expected | 14 ++++ .../CONSISTENCY/PrintAstConsistency.expected | 3 + .../CONSISTENCY/PrintAstConsistency.expected | 7 ++ .../CONSISTENCY/PrintAstConsistency.expected | 3 + .../CONSISTENCY/CfgConsistency.expected | 2 + .../CONSISTENCY/CfgConsistency.expected | 2 + .../ast/CONSISTENCY/CfgConsistency.expected | 24 +++++++ .../graph/CONSISTENCY/CfgConsistency.expected | 16 +++++ .../CONSISTENCY/CfgConsistency.expected | 7 ++ .../CONSISTENCY/PrintAstConsistency.expected | 3 + .../CONSISTENCY/PrintAstConsistency.expected | 13 ++++ .../core/CONSISTENCY/CfgConsistency.expected | 15 +++++ .../CONSISTENCY/CfgConsistency.expected | 20 ++++++ .../CONSISTENCY/CfgConsistency.expected | 3 + .../CONSISTENCY/CfgConsistency.expected | 17 +++++ .../CONSISTENCY/CfgConsistency.expected | 9 +++ .../CONSISTENCY/CfgConsistency.expected | 15 +++++ .../CONSISTENCY/CfgConsistency.expected | 11 ++++ .../CONSISTENCY/CfgConsistency.expected | 3 + .../CONSISTENCY/CfgConsistency.expected | 41 ++++++++++++ .../CONSISTENCY/CfgConsistency.expected | 5 ++ .../CONSISTENCY/CfgConsistency.expected | 2 + .../CONSISTENCY/PrintAstConsistency.expected | 3 + .../CONSISTENCY/CfgConsistency.expected | 65 +++++++++++++++++++ .../CONSISTENCY/CfgConsistency.expected | 13 ++++ .../CONSISTENCY/CfgConsistency.expected | 9 +++ .../CONSISTENCY/CfgConsistency.expected | 2 + .../CONSISTENCY/CfgConsistency.expected | 5 ++ .../CONSISTENCY/CfgConsistency.expected | 5 ++ .../CONSISTENCY/CfgConsistency.expected | 5 ++ .../CONSISTENCY/CfgConsistency.expected | 5 ++ 40 files changed, 432 insertions(+) create mode 100644 swift/ql/test/extractor-tests/declarations/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/extractor-tests/errors/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/extractor-tests/expressions/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/CONSISTENCY/PrintAstConsistency.expected create mode 100644 swift/ql/test/extractor-tests/generated/decl/EnumDecl/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/extractor-tests/generated/decl/ParamDecl/CONSISTENCY/PrintAstConsistency.expected create mode 100644 swift/ql/test/extractor-tests/generated/expr/AppliedPropertyWrapperExpr/CONSISTENCY/PrintAstConsistency.expected create mode 100644 swift/ql/test/extractor-tests/generated/expr/DynamicLookupExpr/CONSISTENCY/PrintAstConsistency.expected create mode 100644 swift/ql/test/extractor-tests/generated/expr/MethodLookupExpr/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/extractor-tests/generated/expr/MethodLookupExpr/CONSISTENCY/PrintAstConsistency.expected create mode 100644 swift/ql/test/extractor-tests/generated/expr/PropertyWrapperValuePlaceholderExpr/CONSISTENCY/PrintAstConsistency.expected create mode 100644 swift/ql/test/extractor-tests/generated/type/OpenedArchetypeType/CONSISTENCY/PrintAstConsistency.expected create mode 100644 swift/ql/test/extractor-tests/patterns/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/extractor-tests/statements/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/library-tests/ast/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/library-tests/controlflow/graph/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/library-tests/dataflow/dataflow/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/library-tests/dataflow/dataflow/CONSISTENCY/PrintAstConsistency.expected create mode 100644 swift/ql/test/library-tests/dataflow/flowsources/CONSISTENCY/PrintAstConsistency.expected create mode 100644 swift/ql/test/library-tests/dataflow/taint/core/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/library-tests/dataflow/taint/libraries/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/library-tests/elements/decl/function/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/library-tests/elements/expr/methodlookup/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/query-tests/Security/CWE-079/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/query-tests/Security/CWE-089/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/query-tests/Security/CWE-1204/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/query-tests/Security/CWE-134/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/query-tests/Security/CWE-135/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/query-tests/Security/CWE-259/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/query-tests/Security/CWE-311/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/query-tests/Security/CWE-311/CONSISTENCY/PrintAstConsistency.expected create mode 100644 swift/ql/test/query-tests/Security/CWE-312/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/query-tests/Security/CWE-321/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/query-tests/Security/CWE-327/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/query-tests/Security/CWE-328/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/query-tests/Security/CWE-611/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/query-tests/Security/CWE-757/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/query-tests/Security/CWE-760/CONSISTENCY/CfgConsistency.expected create mode 100644 swift/ql/test/query-tests/Security/CWE-916/CONSISTENCY/CfgConsistency.expected diff --git a/swift/ql/test/extractor-tests/declarations/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/extractor-tests/declarations/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..9d02611e7a7 --- /dev/null +++ b/swift/ql/test/extractor-tests/declarations/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,6 @@ +deadEnd +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | diff --git a/swift/ql/test/extractor-tests/errors/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/extractor-tests/errors/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..770537cf684 --- /dev/null +++ b/swift/ql/test/extractor-tests/errors/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,5 @@ +deadEnd +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| unspecified.swift:12:20:12:21 | (...) | +| unspecified.swift:25:9:28:9 | switch ErrorExpr { ... } | diff --git a/swift/ql/test/extractor-tests/expressions/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/extractor-tests/expressions/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..069a6ecbc6a --- /dev/null +++ b/swift/ql/test/extractor-tests/expressions/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,2 @@ +deadEnd +| file://:0:0:0:0 | ... = ... | diff --git a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..5d70f700af3 --- /dev/null +++ b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,14 @@ +multipleSuccessors +| var_decls.swift:54:4:54:15 | call to X<T>.init(wrappedValue:) | successor | file://:0:0:0:0 | var ... = ... | +| var_decls.swift:54:4:54:15 | call to X<T>.init(wrappedValue:) | successor | var_decls.swift:54:6:54:15 | var ... = ... | +| var_decls.swift:55:4:55:29 | call to WrapperWithInit.init(wrappedValue:) | successor | file://:0:0:0:0 | var ... = ... | +| var_decls.swift:55:4:55:29 | call to WrapperWithInit.init(wrappedValue:) | successor | var_decls.swift:55:20:55:29 | var ... = ... | +| var_decls.swift:56:4:56:34 | call to WrapperWithProjected.init(wrappedValue:projectedValue:) | successor | file://:0:0:0:0 | var ... = ... | +| var_decls.swift:56:4:56:34 | call to WrapperWithProjected.init(wrappedValue:projectedValue:) | successor | var_decls.swift:56:25:56:34 | var ... = ... | +| var_decls.swift:57:4:57:41 | call to WrapperWithProjectedAndInit.init(wrappedValue:) | successor | file://:0:0:0:0 | var ... = ... | +| var_decls.swift:57:4:57:41 | call to WrapperWithProjectedAndInit.init(wrappedValue:) | successor | var_decls.swift:57:32:57:41 | var ... = ... | +deadEnd +| file://:0:0:0:0 | var ... = ... | +| file://:0:0:0:0 | var ... = ... | +| file://:0:0:0:0 | var ... = ... | +| file://:0:0:0:0 | var ... = ... | diff --git a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/CONSISTENCY/PrintAstConsistency.expected b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/CONSISTENCY/PrintAstConsistency.expected new file mode 100644 index 00000000000..bd58f4414d2 --- /dev/null +++ b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/CONSISTENCY/PrintAstConsistency.expected @@ -0,0 +1,13 @@ +doubleParents +| file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:54:6:54:15 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:54:4:54:15 | [CallExpr] call to X<T>.init(wrappedValue:) | +| file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:55:20:55:29 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:55:4:55:29 | [CallExpr] call to WrapperWithInit.init(wrappedValue:) | +| file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:56:25:56:34 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:56:4:56:34 | [CallExpr] call to WrapperWithProjected.init(wrappedValue:projectedValue:) | +| file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:57:32:57:41 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:57:4:57:41 | [CallExpr] call to WrapperWithProjectedAndInit.init(wrappedValue:) | +| var_decls.swift:23:1:25:1 | [StructDecl] Wrapped | getMember(2) | var_decls.swift:24:15:24:15 | [ConcreteVarDecl] wrapped | getPropertyWrapperBackingVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | +| var_decls.swift:23:1:25:1 | [StructDecl] Wrapped | getMember(3) | var_decls.swift:24:15:24:15 | [ConcreteVarDecl] wrapped | getPropertyWrapperBackingVar() | var_decls.swift:24:15:24:15 | [ConcreteVarDecl] _wrapped | +| var_decls.swift:24:15:24:15 | [ConcreteVarDecl] wrapped | getPropertyWrapperBackingVar() | var_decls.swift:23:1:25:1 | [StructDecl] Wrapped | getMember(3) | var_decls.swift:24:15:24:15 | [ConcreteVarDecl] _wrapped | +| var_decls.swift:24:15:24:15 | [ConcreteVarDecl] wrapped | getPropertyWrapperBackingVarBinding() | var_decls.swift:23:1:25:1 | [StructDecl] Wrapped | getMember(2) | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | +| var_decls.swift:54:6:54:15 | [PatternBindingDecl] var ... = ... | getInit(0) | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:54:4:54:15 | [CallExpr] call to X<T>.init(wrappedValue:) | +| var_decls.swift:55:20:55:29 | [PatternBindingDecl] var ... = ... | getInit(0) | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:55:4:55:29 | [CallExpr] call to WrapperWithInit.init(wrappedValue:) | +| var_decls.swift:56:25:56:34 | [PatternBindingDecl] var ... = ... | getInit(0) | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:56:4:56:34 | [CallExpr] call to WrapperWithProjected.init(wrappedValue:projectedValue:) | +| var_decls.swift:57:32:57:41 | [PatternBindingDecl] var ... = ... | getInit(0) | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:57:4:57:41 | [CallExpr] call to WrapperWithProjectedAndInit.init(wrappedValue:) | diff --git a/swift/ql/test/extractor-tests/generated/decl/EnumDecl/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/extractor-tests/generated/decl/EnumDecl/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..9d02611e7a7 --- /dev/null +++ b/swift/ql/test/extractor-tests/generated/decl/EnumDecl/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,6 @@ +deadEnd +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | diff --git a/swift/ql/test/extractor-tests/generated/decl/ParamDecl/CONSISTENCY/PrintAstConsistency.expected b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/CONSISTENCY/PrintAstConsistency.expected new file mode 100644 index 00000000000..3d3703c8ca4 --- /dev/null +++ b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/CONSISTENCY/PrintAstConsistency.expected @@ -0,0 +1,21 @@ +doubleParents +| param_decls.swift:48:18:48:18 | [ConcreteVarDecl] p1 | getPropertyWrapperBackingVar() | param_decls.swift:48:18:48:22 | [ParamDecl] p1 | getPropertyWrapperBackingVar() | param_decls.swift:48:18:48:18 | [ConcreteVarDecl] _p1 | +| param_decls.swift:48:18:48:18 | [ConcreteVarDecl] p1 | getPropertyWrapperBackingVarBinding() | param_decls.swift:48:18:48:22 | [ParamDecl] p1 | getPropertyWrapperBackingVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | +| param_decls.swift:48:18:48:22 | [ParamDecl] p1 | getPropertyWrapperBackingVar() | param_decls.swift:48:18:48:18 | [ConcreteVarDecl] p1 | getPropertyWrapperBackingVar() | param_decls.swift:48:18:48:18 | [ConcreteVarDecl] _p1 | +| param_decls.swift:48:18:48:22 | [ParamDecl] p1 | getPropertyWrapperBackingVarBinding() | param_decls.swift:48:18:48:18 | [ConcreteVarDecl] p1 | getPropertyWrapperBackingVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | +| param_decls.swift:49:26:49:26 | [ConcreteVarDecl] p2 | getPropertyWrapperBackingVar() | param_decls.swift:49:26:49:30 | [ParamDecl] p2 | getPropertyWrapperBackingVar() | param_decls.swift:49:26:49:26 | [ConcreteVarDecl] _p2 | +| param_decls.swift:49:26:49:26 | [ConcreteVarDecl] p2 | getPropertyWrapperBackingVarBinding() | param_decls.swift:49:26:49:30 | [ParamDecl] p2 | getPropertyWrapperBackingVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | +| param_decls.swift:49:26:49:30 | [ParamDecl] p2 | getPropertyWrapperBackingVar() | param_decls.swift:49:26:49:26 | [ConcreteVarDecl] p2 | getPropertyWrapperBackingVar() | param_decls.swift:49:26:49:26 | [ConcreteVarDecl] _p2 | +| param_decls.swift:49:26:49:30 | [ParamDecl] p2 | getPropertyWrapperBackingVarBinding() | param_decls.swift:49:26:49:26 | [ConcreteVarDecl] p2 | getPropertyWrapperBackingVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | +| param_decls.swift:50:31:50:31 | [ConcreteVarDecl] p3 | getPropertyWrapperBackingVar() | param_decls.swift:50:31:50:35 | [ParamDecl] p3 | getPropertyWrapperBackingVar() | file://:0:0:0:0 | [ParamDecl] _p3 | +| param_decls.swift:50:31:50:31 | [ConcreteVarDecl] p3 | getPropertyWrapperProjectionVar() | param_decls.swift:50:31:50:35 | [ParamDecl] p3 | getPropertyWrapperProjectionVar() | param_decls.swift:50:31:50:31 | [ConcreteVarDecl] $p3 | +| param_decls.swift:50:31:50:31 | [ConcreteVarDecl] p3 | getPropertyWrapperProjectionVarBinding() | param_decls.swift:50:31:50:35 | [ParamDecl] p3 | getPropertyWrapperProjectionVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | +| param_decls.swift:50:31:50:35 | [ParamDecl] p3 | getPropertyWrapperBackingVar() | param_decls.swift:50:31:50:31 | [ConcreteVarDecl] p3 | getPropertyWrapperBackingVar() | file://:0:0:0:0 | [ParamDecl] _p3 | +| param_decls.swift:50:31:50:35 | [ParamDecl] p3 | getPropertyWrapperProjectionVar() | param_decls.swift:50:31:50:31 | [ConcreteVarDecl] p3 | getPropertyWrapperProjectionVar() | param_decls.swift:50:31:50:31 | [ConcreteVarDecl] $p3 | +| param_decls.swift:50:31:50:35 | [ParamDecl] p3 | getPropertyWrapperProjectionVarBinding() | param_decls.swift:50:31:50:31 | [ConcreteVarDecl] p3 | getPropertyWrapperProjectionVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | +| param_decls.swift:51:38:51:38 | [ConcreteVarDecl] p4 | getPropertyWrapperBackingVar() | param_decls.swift:51:38:51:42 | [ParamDecl] p4 | getPropertyWrapperBackingVar() | file://:0:0:0:0 | [ParamDecl] _p4 | +| param_decls.swift:51:38:51:38 | [ConcreteVarDecl] p4 | getPropertyWrapperProjectionVar() | param_decls.swift:51:38:51:42 | [ParamDecl] p4 | getPropertyWrapperProjectionVar() | param_decls.swift:51:38:51:38 | [ConcreteVarDecl] $p4 | +| param_decls.swift:51:38:51:38 | [ConcreteVarDecl] p4 | getPropertyWrapperProjectionVarBinding() | param_decls.swift:51:38:51:42 | [ParamDecl] p4 | getPropertyWrapperProjectionVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | +| param_decls.swift:51:38:51:42 | [ParamDecl] p4 | getPropertyWrapperBackingVar() | param_decls.swift:51:38:51:38 | [ConcreteVarDecl] p4 | getPropertyWrapperBackingVar() | file://:0:0:0:0 | [ParamDecl] _p4 | +| param_decls.swift:51:38:51:42 | [ParamDecl] p4 | getPropertyWrapperProjectionVar() | param_decls.swift:51:38:51:38 | [ConcreteVarDecl] p4 | getPropertyWrapperProjectionVar() | param_decls.swift:51:38:51:38 | [ConcreteVarDecl] $p4 | +| param_decls.swift:51:38:51:42 | [ParamDecl] p4 | getPropertyWrapperProjectionVarBinding() | param_decls.swift:51:38:51:38 | [ConcreteVarDecl] p4 | getPropertyWrapperProjectionVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | diff --git a/swift/ql/test/extractor-tests/generated/expr/AppliedPropertyWrapperExpr/CONSISTENCY/PrintAstConsistency.expected b/swift/ql/test/extractor-tests/generated/expr/AppliedPropertyWrapperExpr/CONSISTENCY/PrintAstConsistency.expected new file mode 100644 index 00000000000..6c2028995fe --- /dev/null +++ b/swift/ql/test/extractor-tests/generated/expr/AppliedPropertyWrapperExpr/CONSISTENCY/PrintAstConsistency.expected @@ -0,0 +1,13 @@ +doubleParents +| applied_property_wrapper.swift:12:19:12:19 | [ConcreteVarDecl] x | getPropertyWrapperBackingVar() | applied_property_wrapper.swift:12:19:12:22 | [ParamDecl] x | getPropertyWrapperBackingVar() | file://:0:0:0:0 | [ParamDecl] _x | +| applied_property_wrapper.swift:12:19:12:19 | [ConcreteVarDecl] x | getPropertyWrapperProjectionVar() | applied_property_wrapper.swift:12:19:12:22 | [ParamDecl] x | getPropertyWrapperProjectionVar() | applied_property_wrapper.swift:12:19:12:19 | [ConcreteVarDecl] $x | +| applied_property_wrapper.swift:12:19:12:19 | [ConcreteVarDecl] x | getPropertyWrapperProjectionVarBinding() | applied_property_wrapper.swift:12:19:12:22 | [ParamDecl] x | getPropertyWrapperProjectionVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | +| applied_property_wrapper.swift:12:19:12:22 | [ParamDecl] x | getPropertyWrapperBackingVar() | applied_property_wrapper.swift:12:19:12:19 | [ConcreteVarDecl] x | getPropertyWrapperBackingVar() | file://:0:0:0:0 | [ParamDecl] _x | +| applied_property_wrapper.swift:12:19:12:22 | [ParamDecl] x | getPropertyWrapperProjectionVar() | applied_property_wrapper.swift:12:19:12:19 | [ConcreteVarDecl] x | getPropertyWrapperProjectionVar() | applied_property_wrapper.swift:12:19:12:19 | [ConcreteVarDecl] $x | +| applied_property_wrapper.swift:12:19:12:22 | [ParamDecl] x | getPropertyWrapperProjectionVarBinding() | applied_property_wrapper.swift:12:19:12:19 | [ConcreteVarDecl] x | getPropertyWrapperProjectionVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | +| applied_property_wrapper.swift:17:26:17:26 | [ConcreteVarDecl] y | getPropertyWrapperBackingVar() | applied_property_wrapper.swift:17:26:17:29 | [ParamDecl] y | getPropertyWrapperBackingVar() | file://:0:0:0:0 | [ParamDecl] _y | +| applied_property_wrapper.swift:17:26:17:26 | [ConcreteVarDecl] y | getPropertyWrapperProjectionVar() | applied_property_wrapper.swift:17:26:17:29 | [ParamDecl] y | getPropertyWrapperProjectionVar() | applied_property_wrapper.swift:17:26:17:26 | [ConcreteVarDecl] $y | +| applied_property_wrapper.swift:17:26:17:26 | [ConcreteVarDecl] y | getPropertyWrapperProjectionVarBinding() | applied_property_wrapper.swift:17:26:17:29 | [ParamDecl] y | getPropertyWrapperProjectionVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | +| applied_property_wrapper.swift:17:26:17:29 | [ParamDecl] y | getPropertyWrapperBackingVar() | applied_property_wrapper.swift:17:26:17:26 | [ConcreteVarDecl] y | getPropertyWrapperBackingVar() | file://:0:0:0:0 | [ParamDecl] _y | +| applied_property_wrapper.swift:17:26:17:29 | [ParamDecl] y | getPropertyWrapperProjectionVar() | applied_property_wrapper.swift:17:26:17:26 | [ConcreteVarDecl] y | getPropertyWrapperProjectionVar() | applied_property_wrapper.swift:17:26:17:26 | [ConcreteVarDecl] $y | +| applied_property_wrapper.swift:17:26:17:29 | [ParamDecl] y | getPropertyWrapperProjectionVarBinding() | applied_property_wrapper.swift:17:26:17:26 | [ConcreteVarDecl] y | getPropertyWrapperProjectionVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | diff --git a/swift/ql/test/extractor-tests/generated/expr/DynamicLookupExpr/CONSISTENCY/PrintAstConsistency.expected b/swift/ql/test/extractor-tests/generated/expr/DynamicLookupExpr/CONSISTENCY/PrintAstConsistency.expected new file mode 100644 index 00000000000..768d459dd00 --- /dev/null +++ b/swift/ql/test/extractor-tests/generated/expr/DynamicLookupExpr/CONSISTENCY/PrintAstConsistency.expected @@ -0,0 +1,5 @@ +doubleParents +| dynamic_lookup.swift:15:1:15:3 | [DynamicMemberRefExpr] .foo(_:) | getBase() | dynamic_lookup.swift:15:1:15:3 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | dynamic_lookup.swift:15:1:15:1 | [OpaqueValueExpr] OpaqueValueExpr | +| dynamic_lookup.swift:15:1:15:3 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | dynamic_lookup.swift:15:1:15:3 | [DynamicMemberRefExpr] .foo(_:) | getBase() | dynamic_lookup.swift:15:1:15:1 | [OpaqueValueExpr] OpaqueValueExpr | +| dynamic_lookup.swift:16:5:16:9 | [DynamicSubscriptExpr] subscript ...[...] | getBase() | dynamic_lookup.swift:16:5:16:9 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | dynamic_lookup.swift:16:5:16:5 | [OpaqueValueExpr] OpaqueValueExpr | +| dynamic_lookup.swift:16:5:16:9 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | dynamic_lookup.swift:16:5:16:9 | [DynamicSubscriptExpr] subscript ...[...] | getBase() | dynamic_lookup.swift:16:5:16:5 | [OpaqueValueExpr] OpaqueValueExpr | diff --git a/swift/ql/test/extractor-tests/generated/expr/MethodLookupExpr/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/extractor-tests/generated/expr/MethodLookupExpr/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..08c7e13fdcc --- /dev/null +++ b/swift/ql/test/extractor-tests/generated/expr/MethodLookupExpr/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,14 @@ +multipleSuccessors +| method_lookups.swift:42:9:42:19 | call to baz(_:) | successor | method_lookups.swift:42:3:42:19 | await ... | +| method_lookups.swift:42:9:42:19 | call to baz(_:) | successor | method_lookups.swift:44:7:44:7 | f | +| method_lookups.swift:48:9:48:19 | call to foo(_:_:) | successor | method_lookups.swift:48:3:48:19 | await ... | +| method_lookups.swift:48:9:48:19 | call to foo(_:_:) | successor | method_lookups.swift:49:9:49:11 | .bar() | +| method_lookups.swift:49:9:49:15 | call to bar() | successor | method_lookups.swift:49:3:49:15 | await ... | +| method_lookups.swift:49:9:49:15 | call to bar() | successor | method_lookups.swift:50:9:50:13 | .baz(_:) | +| method_lookups.swift:50:9:50:19 | call to baz(_:) | successor | method_lookups.swift:50:3:50:19 | await ... | +| method_lookups.swift:50:9:50:19 | call to baz(_:) | successor | method_lookups.swift:52:7:52:7 | f | +deadEnd +| method_lookups.swift:42:3:42:19 | await ... | +| method_lookups.swift:48:3:48:19 | await ... | +| method_lookups.swift:49:3:49:15 | await ... | +| method_lookups.swift:50:3:50:19 | await ... | diff --git a/swift/ql/test/extractor-tests/generated/expr/MethodLookupExpr/CONSISTENCY/PrintAstConsistency.expected b/swift/ql/test/extractor-tests/generated/expr/MethodLookupExpr/CONSISTENCY/PrintAstConsistency.expected new file mode 100644 index 00000000000..73431518cde --- /dev/null +++ b/swift/ql/test/extractor-tests/generated/expr/MethodLookupExpr/CONSISTENCY/PrintAstConsistency.expected @@ -0,0 +1,3 @@ +doubleIndexes +| method_lookups.swift:44:13:44:13 | [AutoClosureExpr] { ... } | 2 | getParam(0) | 4 | getParam(1) | file://:0:0:0:0 | [ParamDecl] argument | +| method_lookups.swift:44:13:44:13 | [AutoClosureExpr] { ... } | 4 | getParam(1) | 2 | getParam(0) | file://:0:0:0:0 | [ParamDecl] argument | diff --git a/swift/ql/test/extractor-tests/generated/expr/PropertyWrapperValuePlaceholderExpr/CONSISTENCY/PrintAstConsistency.expected b/swift/ql/test/extractor-tests/generated/expr/PropertyWrapperValuePlaceholderExpr/CONSISTENCY/PrintAstConsistency.expected new file mode 100644 index 00000000000..a57070efd5a --- /dev/null +++ b/swift/ql/test/extractor-tests/generated/expr/PropertyWrapperValuePlaceholderExpr/CONSISTENCY/PrintAstConsistency.expected @@ -0,0 +1,7 @@ +doubleParents +| file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | property_wrapper_value_placeholder.swift:12:12:12:26 | [PatternBindingDecl] var ... = ... | getInit(0) | property_wrapper_value_placeholder.swift:12:4:12:26 | [CallExpr] call to Wrapper.init(wrappedValue:) | +| property_wrapper_value_placeholder.swift:11:1:13:1 | [StructDecl] S | getMember(2) | property_wrapper_value_placeholder.swift:12:16:12:16 | [ConcreteVarDecl] x | getPropertyWrapperBackingVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | +| property_wrapper_value_placeholder.swift:11:1:13:1 | [StructDecl] S | getMember(3) | property_wrapper_value_placeholder.swift:12:16:12:16 | [ConcreteVarDecl] x | getPropertyWrapperBackingVar() | property_wrapper_value_placeholder.swift:12:16:12:16 | [ConcreteVarDecl] _x | +| property_wrapper_value_placeholder.swift:12:12:12:26 | [PatternBindingDecl] var ... = ... | getInit(0) | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | property_wrapper_value_placeholder.swift:12:4:12:26 | [CallExpr] call to Wrapper.init(wrappedValue:) | +| property_wrapper_value_placeholder.swift:12:16:12:16 | [ConcreteVarDecl] x | getPropertyWrapperBackingVar() | property_wrapper_value_placeholder.swift:11:1:13:1 | [StructDecl] S | getMember(3) | property_wrapper_value_placeholder.swift:12:16:12:16 | [ConcreteVarDecl] _x | +| property_wrapper_value_placeholder.swift:12:16:12:16 | [ConcreteVarDecl] x | getPropertyWrapperBackingVarBinding() | property_wrapper_value_placeholder.swift:11:1:13:1 | [StructDecl] S | getMember(2) | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | diff --git a/swift/ql/test/extractor-tests/generated/type/OpenedArchetypeType/CONSISTENCY/PrintAstConsistency.expected b/swift/ql/test/extractor-tests/generated/type/OpenedArchetypeType/CONSISTENCY/PrintAstConsistency.expected new file mode 100644 index 00000000000..3eda02b23e1 --- /dev/null +++ b/swift/ql/test/extractor-tests/generated/type/OpenedArchetypeType/CONSISTENCY/PrintAstConsistency.expected @@ -0,0 +1,3 @@ +doubleParents +| opened_archetypes.swift:24:10:24:16 | [MemberRefExpr] .isFooMember | getBase() | opened_archetypes.swift:24:10:24:16 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | opened_archetypes.swift:24:10:24:10 | [OpaqueValueExpr] OpaqueValueExpr | +| opened_archetypes.swift:24:10:24:16 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | opened_archetypes.swift:24:10:24:16 | [MemberRefExpr] .isFooMember | getBase() | opened_archetypes.swift:24:10:24:10 | [OpaqueValueExpr] OpaqueValueExpr | diff --git a/swift/ql/test/extractor-tests/patterns/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/extractor-tests/patterns/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..1ad4ad0b970 --- /dev/null +++ b/swift/ql/test/extractor-tests/patterns/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,2 @@ +deadEnd +| patterns.swift:16:10:16:14 | =~ ... | diff --git a/swift/ql/test/extractor-tests/statements/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/extractor-tests/statements/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..069a6ecbc6a --- /dev/null +++ b/swift/ql/test/extractor-tests/statements/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,2 @@ +deadEnd +| file://:0:0:0:0 | ... = ... | diff --git a/swift/ql/test/library-tests/ast/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/library-tests/ast/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..4c13966e124 --- /dev/null +++ b/swift/ql/test/library-tests/ast/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,24 @@ +multipleSuccessors +| cfg.swift:33:28:33:28 | ... is ... | no-match | cfg.swift:33:49:33:60 | call to isZero(x:) | +| cfg.swift:33:28:33:28 | ... is ... | no-match | cfg.swift:35:5:37:3 | case ... | +| cfg.swift:144:10:144:10 | =~ ... | no-match | cfg.swift:144:18:144:34 | ... .&&(_:_:) ... | +| cfg.swift:144:10:144:10 | =~ ... | no-match | cfg.swift:146:5:147:14 | case ... | +| cfg.swift:515:6:515:28 | #available | false | cfg.swift:515:42:515:46 | iOS 12 | +| cfg.swift:515:6:515:28 | #available | false | cfg.swift:519:10:519:10 | x | +| file://:0:0:0:0 | $interpolation | successor | cfg.swift:40:11:40:11 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cfg.swift:40:12:40:12 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cfg.swift:263:10:263:10 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cfg.swift:263:11:263:11 | .appendLiteral(_:) | +deadEnd +| cfg.swift:33:49:33:60 | call to isZero(x:) | +| cfg.swift:144:18:144:34 | ... .&&(_:_:) ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| patterns.swift:16:10:16:14 | =~ ... | diff --git a/swift/ql/test/library-tests/controlflow/graph/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/library-tests/controlflow/graph/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..b9b2913e4d2 --- /dev/null +++ b/swift/ql/test/library-tests/controlflow/graph/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,16 @@ +multipleSuccessors +| cfg.swift:33:28:33:28 | ... is ... | no-match | cfg.swift:33:49:33:60 | call to isZero(x:) | +| cfg.swift:33:28:33:28 | ... is ... | no-match | cfg.swift:35:5:37:3 | case ... | +| cfg.swift:144:10:144:10 | =~ ... | no-match | cfg.swift:144:18:144:34 | ... .&&(_:_:) ... | +| cfg.swift:144:10:144:10 | =~ ... | no-match | cfg.swift:146:5:147:14 | case ... | +| cfg.swift:515:6:515:28 | #available | false | cfg.swift:515:42:515:46 | iOS 12 | +| cfg.swift:515:6:515:28 | #available | false | cfg.swift:519:10:519:10 | x | +| file://:0:0:0:0 | $interpolation | successor | cfg.swift:40:11:40:11 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cfg.swift:40:12:40:12 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cfg.swift:263:10:263:10 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cfg.swift:263:11:263:11 | .appendLiteral(_:) | +deadEnd +| cfg.swift:33:49:33:60 | call to isZero(x:) | +| cfg.swift:144:18:144:34 | ... .&&(_:_:) ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | diff --git a/swift/ql/test/library-tests/dataflow/dataflow/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/library-tests/dataflow/dataflow/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..5208a9053d5 --- /dev/null +++ b/swift/ql/test/library-tests/dataflow/dataflow/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,7 @@ +multipleSuccessors +| test.swift:252:6:252:27 | call to DidSetSource.init(wrappedValue:) | successor | file://:0:0:0:0 | var ... = ... | +| test.swift:252:6:252:27 | call to DidSetSource.init(wrappedValue:) | successor | test.swift:252:19:252:27 | var ... = ... | +| test.swift:488:8:488:12 | let ...? | no-match | test.swift:488:27:488:27 | y | +| test.swift:488:8:488:12 | let ...? | no-match | test.swift:493:9:493:9 | tuple1 | +deadEnd +| file://:0:0:0:0 | var ... = ... | diff --git a/swift/ql/test/library-tests/dataflow/dataflow/CONSISTENCY/PrintAstConsistency.expected b/swift/ql/test/library-tests/dataflow/dataflow/CONSISTENCY/PrintAstConsistency.expected new file mode 100644 index 00000000000..cc3ea4d16c3 --- /dev/null +++ b/swift/ql/test/library-tests/dataflow/dataflow/CONSISTENCY/PrintAstConsistency.expected @@ -0,0 +1,3 @@ +doubleParents +| file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | test.swift:252:19:252:27 | [PatternBindingDecl] var ... = ... | getInit(0) | test.swift:252:6:252:27 | [CallExpr] call to DidSetSource.init(wrappedValue:) | +| test.swift:252:19:252:27 | [PatternBindingDecl] var ... = ... | getInit(0) | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | test.swift:252:6:252:27 | [CallExpr] call to DidSetSource.init(wrappedValue:) | diff --git a/swift/ql/test/library-tests/dataflow/flowsources/CONSISTENCY/PrintAstConsistency.expected b/swift/ql/test/library-tests/dataflow/flowsources/CONSISTENCY/PrintAstConsistency.expected new file mode 100644 index 00000000000..6f3e5d56f99 --- /dev/null +++ b/swift/ql/test/library-tests/dataflow/flowsources/CONSISTENCY/PrintAstConsistency.expected @@ -0,0 +1,13 @@ +doubleParents +| generics.swift:93:9:93:15 | [MemberRefExpr] .source0 | getBase() | generics.swift:93:9:93:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:93:9:93:9 | [OpaqueValueExpr] OpaqueValueExpr | +| generics.swift:93:9:93:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:93:9:93:15 | [MemberRefExpr] .source0 | getBase() | generics.swift:93:9:93:9 | [OpaqueValueExpr] OpaqueValueExpr | +| generics.swift:94:9:94:15 | [MemberRefExpr] .source1 | getBase() | generics.swift:94:9:94:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:94:9:94:9 | [OpaqueValueExpr] OpaqueValueExpr | +| generics.swift:94:9:94:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:94:9:94:15 | [MemberRefExpr] .source1 | getBase() | generics.swift:94:9:94:9 | [OpaqueValueExpr] OpaqueValueExpr | +| generics.swift:95:9:95:15 | [MemberRefExpr] .source2 | getBase() | generics.swift:95:9:95:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:95:9:95:9 | [OpaqueValueExpr] OpaqueValueExpr | +| generics.swift:95:9:95:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:95:9:95:15 | [MemberRefExpr] .source2 | getBase() | generics.swift:95:9:95:9 | [OpaqueValueExpr] OpaqueValueExpr | +| generics.swift:125:9:125:15 | [MemberRefExpr] .source0 | getBase() | generics.swift:125:9:125:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:125:9:125:9 | [OpaqueValueExpr] OpaqueValueExpr | +| generics.swift:125:9:125:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:125:9:125:15 | [MemberRefExpr] .source0 | getBase() | generics.swift:125:9:125:9 | [OpaqueValueExpr] OpaqueValueExpr | +| generics.swift:126:9:126:15 | [MemberRefExpr] .source1 | getBase() | generics.swift:126:9:126:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:126:9:126:9 | [OpaqueValueExpr] OpaqueValueExpr | +| generics.swift:126:9:126:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:126:9:126:15 | [MemberRefExpr] .source1 | getBase() | generics.swift:126:9:126:9 | [OpaqueValueExpr] OpaqueValueExpr | +| generics.swift:127:9:127:15 | [MemberRefExpr] .source2 | getBase() | generics.swift:127:9:127:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:127:9:127:9 | [OpaqueValueExpr] OpaqueValueExpr | +| generics.swift:127:9:127:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:127:9:127:15 | [MemberRefExpr] .source2 | getBase() | generics.swift:127:9:127:9 | [OpaqueValueExpr] OpaqueValueExpr | diff --git a/swift/ql/test/library-tests/dataflow/taint/core/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/library-tests/dataflow/taint/core/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..92afde47424 --- /dev/null +++ b/swift/ql/test/library-tests/dataflow/taint/core/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,15 @@ +multipleSuccessors +| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:13:23:13:23 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:13:24:13:24 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:22:12:22:12 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:22:13:22:13 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:23:12:23:12 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:23:13:23:13 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:24:12:24:12 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:24:13:24:13 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:30:12:30:12 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:30:13:30:13 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:31:12:31:12 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:31:13:31:13 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:32:12:32:12 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:32:13:32:13 | .appendLiteral(_:) | diff --git a/swift/ql/test/library-tests/dataflow/taint/libraries/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/library-tests/dataflow/taint/libraries/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..4fc723b3001 --- /dev/null +++ b/swift/ql/test/library-tests/dataflow/taint/libraries/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,20 @@ +multipleSuccessors +| file://:0:0:0:0 | $interpolation | successor | string.swift:139:13:139:13 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | string.swift:139:14:139:14 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | string.swift:141:13:141:13 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | string.swift:141:14:141:14 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | string.swift:143:13:143:13 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | string.swift:143:14:143:14 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | string.swift:147:13:147:13 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | string.swift:147:14:147:14 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | string.swift:149:13:149:13 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | string.swift:149:14:149:14 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | string.swift:151:13:151:13 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | string.swift:151:14:151:14 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | string.swift:154:13:154:13 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | string.swift:154:14:154:14 | .appendLiteral(_:) | +deadEnd +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | diff --git a/swift/ql/test/library-tests/elements/decl/function/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/library-tests/elements/decl/function/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..280e2eeab41 --- /dev/null +++ b/swift/ql/test/library-tests/elements/decl/function/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,3 @@ +deadEnd +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | diff --git a/swift/ql/test/library-tests/elements/expr/methodlookup/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/library-tests/elements/expr/methodlookup/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..25ce837828c --- /dev/null +++ b/swift/ql/test/library-tests/elements/expr/methodlookup/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,17 @@ +multipleSuccessors +| methodlookup.swift:37:11:37:30 | call to instanceMethod() | successor | methodlookup.swift:37:5:37:30 | await ... | +| methodlookup.swift:37:11:37:30 | call to instanceMethod() | successor | methodlookup.swift:40:5:40:9 | .staticMethod() | +| methodlookup.swift:47:11:47:30 | call to instanceMethod() | successor | methodlookup.swift:47:5:47:30 | await ... | +| methodlookup.swift:47:11:47:30 | call to instanceMethod() | successor | methodlookup.swift:48:11:48:11 | Baz.Type | +| methodlookup.swift:48:11:48:35 | call to { ... } | successor | methodlookup.swift:48:5:48:35 | await ... | +| methodlookup.swift:48:11:48:35 | call to { ... } | successor | methodlookup.swift:50:11:50:15 | .classMethod() | +| methodlookup.swift:50:11:50:27 | call to classMethod() | successor | methodlookup.swift:50:5:50:27 | await ... | +| methodlookup.swift:50:11:50:27 | call to classMethod() | successor | methodlookup.swift:51:11:51:15 | .staticMethod() | +| methodlookup.swift:51:11:51:28 | call to staticMethod() | successor | methodlookup.swift:43:6:52:1 | exit { ... } (normal) | +| methodlookup.swift:51:11:51:28 | call to staticMethod() | successor | methodlookup.swift:51:5:51:28 | await ... | +deadEnd +| methodlookup.swift:37:5:37:30 | await ... | +| methodlookup.swift:47:5:47:30 | await ... | +| methodlookup.swift:48:5:48:35 | await ... | +| methodlookup.swift:50:5:50:27 | await ... | +| methodlookup.swift:51:5:51:28 | await ... | diff --git a/swift/ql/test/query-tests/Security/CWE-079/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/query-tests/Security/CWE-079/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..7d441114cb6 --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-079/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,9 @@ +multipleSuccessors +| file://:0:0:0:0 | $interpolation | successor | UnsafeWebViewFetch.swift:126:25:126:25 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | UnsafeWebViewFetch.swift:126:26:126:26 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | UnsafeWebViewFetch.swift:127:25:127:25 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | UnsafeWebViewFetch.swift:127:26:127:26 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | UnsafeWebViewFetch.swift:173:25:173:25 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | UnsafeWebViewFetch.swift:173:26:173:26 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | UnsafeWebViewFetch.swift:174:25:174:25 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | UnsafeWebViewFetch.swift:174:26:174:26 | .appendLiteral(_:) | diff --git a/swift/ql/test/query-tests/Security/CWE-089/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/query-tests/Security/CWE-089/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..5d83b4a49ef --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-089/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,15 @@ +multipleSuccessors +| file://:0:0:0:0 | $interpolation | successor | SQLite.swift:67:21:67:21 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | SQLite.swift:67:22:67:22 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | SQLite.swift:68:19:68:19 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | SQLite.swift:68:20:68:20 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | SQLite.swift:69:19:69:19 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | SQLite.swift:69:20:69:20 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | sqlite3_c_api.swift:127:21:127:21 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | sqlite3_c_api.swift:127:22:127:22 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | sqlite3_c_api.swift:128:19:128:19 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | sqlite3_c_api.swift:128:20:128:20 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | sqlite3_c_api.swift:129:19:129:19 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | sqlite3_c_api.swift:129:20:129:20 | .appendLiteral(_:) | +deadEnd +| file://:0:0:0:0 | ... = ... | diff --git a/swift/ql/test/query-tests/Security/CWE-1204/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/query-tests/Security/CWE-1204/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..90f66c1830d --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-1204/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,11 @@ +deadEnd +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | diff --git a/swift/ql/test/query-tests/Security/CWE-134/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/query-tests/Security/CWE-134/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..dfc53ae7a9a --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-134/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,3 @@ +multipleSuccessors +| file://:0:0:0:0 | $interpolation | successor | UncontrolledFormatString.swift:94:22:94:22 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | UncontrolledFormatString.swift:94:23:94:23 | .appendLiteral(_:) | diff --git a/swift/ql/test/query-tests/Security/CWE-135/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/query-tests/Security/CWE-135/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..8898c8876df --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-135/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,41 @@ +multipleSuccessors +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation2.swift:38:11:38:11 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation2.swift:38:12:38:12 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:46:11:46:11 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:46:12:46:12 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:47:11:47:11 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:47:12:47:12 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:48:11:48:11 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:48:12:48:12 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:57:11:57:11 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:57:12:57:12 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:61:11:61:11 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:61:12:61:12 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:67:11:67:11 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:67:12:67:12 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:75:11:75:11 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:75:12:75:12 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:82:11:82:11 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:82:12:82:12 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:91:11:91:11 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:91:12:91:12 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:97:11:97:11 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:97:12:97:12 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:101:11:101:11 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:101:12:101:12 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:105:11:105:11 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:105:12:105:12 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:109:11:109:11 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:109:12:109:12 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:115:11:115:11 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:115:12:115:12 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:121:11:121:11 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:121:12:121:12 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:127:11:127:11 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:127:12:127:12 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:133:11:133:11 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:133:12:133:12 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:139:11:139:11 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:139:12:139:12 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:145:11:145:11 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:145:12:145:12 | .appendLiteral(_:) | diff --git a/swift/ql/test/query-tests/Security/CWE-259/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/query-tests/Security/CWE-259/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..853828d4f77 --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-259/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,5 @@ +deadEnd +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | diff --git a/swift/ql/test/query-tests/Security/CWE-311/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/query-tests/Security/CWE-311/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..069a6ecbc6a --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-311/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,2 @@ +deadEnd +| file://:0:0:0:0 | ... = ... | diff --git a/swift/ql/test/query-tests/Security/CWE-311/CONSISTENCY/PrintAstConsistency.expected b/swift/ql/test/query-tests/Security/CWE-311/CONSISTENCY/PrintAstConsistency.expected new file mode 100644 index 00000000000..e1a86b483ac --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-311/CONSISTENCY/PrintAstConsistency.expected @@ -0,0 +1,3 @@ +doubleParents +| file://:0:0:0:0 | [MethodLookupExpr] .container(keyedBy:) | getBase() | file://:0:0:0:0 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | file://:0:0:0:0 | [OpaqueValueExpr] OpaqueValueExpr | +| file://:0:0:0:0 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | file://:0:0:0:0 | [MethodLookupExpr] .container(keyedBy:) | getBase() | file://:0:0:0:0 | [OpaqueValueExpr] OpaqueValueExpr | diff --git a/swift/ql/test/query-tests/Security/CWE-312/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/query-tests/Security/CWE-312/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..67a549aa5bb --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-312/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,65 @@ +multipleSuccessors +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:98:11:98:11 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:98:12:98:12 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:107:13:107:13 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:107:14:107:14 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:108:13:108:13 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:108:14:108:14 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:109:13:109:13 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:109:14:109:14 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:110:13:110:13 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:110:14:110:14 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:111:13:111:13 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:111:14:111:14 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:112:13:112:13 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:112:14:112:14 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:113:13:113:13 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:113:14:113:14 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:114:13:114:13 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:114:14:114:14 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:115:13:115:13 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:115:14:115:14 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:116:13:116:13 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:116:14:116:14 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:117:13:117:13 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:117:14:117:14 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:118:30:118:30 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:118:31:118:31 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:119:15:119:15 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:119:16:119:16 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:120:15:120:15 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:120:16:120:16 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:121:15:121:15 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:121:16:121:16 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:122:15:122:15 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:122:16:122:16 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:123:14:123:14 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:123:15:123:15 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:124:14:124:14 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:124:15:124:15 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:125:16:125:16 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:125:17:125:17 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:126:16:126:16 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:126:17:126:17 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:127:17:127:17 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:127:18:127:18 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:128:17:128:17 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:128:18:128:18 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:129:15:129:15 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:129:16:129:16 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:130:15:130:15 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:130:16:130:16 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:131:18:131:18 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:131:19:131:19 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:132:18:132:18 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:132:19:132:19 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:133:15:133:15 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:133:16:133:16 | .appendLiteral(_:) | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:134:15:134:15 | OpaqueValueExpr | +| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:134:16:134:16 | .appendLiteral(_:) | +deadEnd +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | diff --git a/swift/ql/test/query-tests/Security/CWE-321/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/query-tests/Security/CWE-321/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..65cf24d02a7 --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-321/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,13 @@ +deadEnd +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | diff --git a/swift/ql/test/query-tests/Security/CWE-327/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/query-tests/Security/CWE-327/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..fc0518030f4 --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-327/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,9 @@ +deadEnd +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | diff --git a/swift/ql/test/query-tests/Security/CWE-328/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/query-tests/Security/CWE-328/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..069a6ecbc6a --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-328/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,2 @@ +deadEnd +| file://:0:0:0:0 | ... = ... | diff --git a/swift/ql/test/query-tests/Security/CWE-611/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/query-tests/Security/CWE-611/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..107533d785d --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-611/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,5 @@ +deadEnd +| file://:0:0:0:0 | StmtCondition | +| file://:0:0:0:0 | StmtCondition | +| file://:0:0:0:0 | hasher | +| file://:0:0:0:0 | hasher | diff --git a/swift/ql/test/query-tests/Security/CWE-757/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/query-tests/Security/CWE-757/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..853828d4f77 --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-757/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,5 @@ +deadEnd +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | diff --git a/swift/ql/test/query-tests/Security/CWE-760/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/query-tests/Security/CWE-760/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..853828d4f77 --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-760/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,5 @@ +deadEnd +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | diff --git a/swift/ql/test/query-tests/Security/CWE-916/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/query-tests/Security/CWE-916/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..853828d4f77 --- /dev/null +++ b/swift/ql/test/query-tests/Security/CWE-916/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,5 @@ +deadEnd +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | From 90824d01b4eca23b157c6e2ab6790dcf82c5081c Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen <mathiasvp@github.com> Date: Wed, 24 May 2023 14:39:05 -0700 Subject: [PATCH 633/870] C++: Add change note. --- cpp/ql/src/change-notes/2023-05-24-overrun-write-query.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 cpp/ql/src/change-notes/2023-05-24-overrun-write-query.md diff --git a/cpp/ql/src/change-notes/2023-05-24-overrun-write-query.md b/cpp/ql/src/change-notes/2023-05-24-overrun-write-query.md new file mode 100644 index 00000000000..32195223fcd --- /dev/null +++ b/cpp/ql/src/change-notes/2023-05-24-overrun-write-query.md @@ -0,0 +1,4 @@ +--- +category: newQuery +--- +* Added a new query, `cpp/overrun-write`, to detect buffer overflows in C-style functions that manipulate buffers. From 64d7b4923da98d086318c0e77ce048803d1d202f Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen <mathiasvp@github.com> Date: Wed, 24 May 2023 15:16:34 -0700 Subject: [PATCH 634/870] C++: Prune flow states based on 'PointerArithmeticToDerefConfig'. --- .../Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql index fb664a0c364..684b93c231b 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql @@ -78,7 +78,7 @@ predicate isInvalidPointerDerefSink2(DataFlow::Node sink, Instruction i, string ) } -predicate pointerArithOverflow( +predicate pointerArithOverflow0( PointerArithmeticInstruction pai, Field f, int size, int bound, int delta ) { pai.getElementSize() = f.getUnspecifiedType().(ArrayType).getBaseType().getSize() and @@ -89,7 +89,7 @@ predicate pointerArithOverflow( module PointerArithmeticToDerefConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - pointerArithOverflow(source.asInstruction(), _, _, _, _) + pointerArithOverflow0(source.asInstruction(), _, _, _, _) } predicate isSink(DataFlow::Node sink) { isInvalidPointerDerefSink1(sink, _, _) } @@ -97,6 +97,13 @@ module PointerArithmeticToDerefConfig implements DataFlow::ConfigSig { module PointerArithmeticToDerefFlow = DataFlow::Global<PointerArithmeticToDerefConfig>; +predicate pointerArithOverflow( + PointerArithmeticInstruction pai, Field f, int size, int bound, int delta +) { + pointerArithOverflow0(pai, f, size, bound, delta) and + PointerArithmeticToDerefFlow::flow(DataFlow::instructionNode(pai), _) +} + module FieldAddressToDerefConfig implements DataFlow::StateConfigSig { newtype FlowState = additional TArray(Field f) { pointerArithOverflow(_, f, _, _, _) } or From 298013a57e806ba42fa16ed8f52865f49f9a3009 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen <mathiasvp@github.com> Date: Wed, 24 May 2023 15:50:00 -0700 Subject: [PATCH 635/870] C++: Add in-barrier on sources to reduce duplication. --- .../CWE/CWE-193/ConstantSizeArrayOffByOne.ql | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql index 684b93c231b..82bdb8c5d42 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql @@ -84,7 +84,10 @@ predicate pointerArithOverflow0( pai.getElementSize() = f.getUnspecifiedType().(ArrayType).getBaseType().getSize() and f.getUnspecifiedType().(ArrayType).getArraySize() = size and semBounded(getSemanticExpr(pai.getRight()), any(SemZeroBound b), bound, true, _) and - delta = bound - size + delta = bound - size and + delta >= 0 and + size != 0 and + size != 1 } module PointerArithmeticToDerefConfig implements DataFlow::ConfigSig { @@ -92,6 +95,8 @@ module PointerArithmeticToDerefConfig implements DataFlow::ConfigSig { pointerArithOverflow0(source.asInstruction(), _, _, _, _) } + predicate isBarrierIn(DataFlow::Node node) { isSource(node) } + predicate isSink(DataFlow::Node sink) { isInvalidPointerDerefSink1(sink, _, _) } } @@ -127,18 +132,17 @@ module FieldAddressToDerefConfig implements DataFlow::StateConfigSig { predicate isBarrier(DataFlow::Node node, FlowState state) { none() } + predicate isBarrierIn(DataFlow::Node node) { isSource(node, _) } + predicate isAdditionalFlowStep( DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 ) { - exists(PointerArithmeticInstruction pai, Field f, int size, int delta | + exists(PointerArithmeticInstruction pai, Field f | state1 = TArray(f) and state2 = TOverflowArithmetic(pai) and pai.getLeft() = node1.asInstruction() and node2.asInstruction() = pai and - pointerArithOverflow(pai, f, size, _, delta) and - delta >= 0 and - size != 0 and - size != 1 + pointerArithOverflow(pai, f, _, _, _) ) } } From ec192d621c12577ae1b224f1a235e78b891d75a7 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen <mathiasvp@github.com> Date: Wed, 24 May 2023 16:13:42 -0700 Subject: [PATCH 636/870] C++: Whitespace commit to make qhelp show up in diff. --- .../CWE/CWE-119/OverrunWriteProductFlow.qhelp | 44 +++++++++---------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.qhelp b/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.qhelp index 302340a3c2c..4da7e2a3c94 100644 --- a/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.qhelp +++ b/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.qhelp @@ -1,29 +1,29 @@ -<!DOCTYPE qhelp PUBLIC - "-//Semmle//qhelp//EN" - "qhelp.dtd"> -<qhelp> -<overview> -<p>You must ensure that you do not exceed the size of an allocation during write and read operations. -If an operation attempts to write to or access an element that is outside the range of the allocation then this results in a buffer overflow. -Buffer overflows can lead to anything from a segmentation fault to a security vulnerability. -</p> + <!DOCTYPE qhelp PUBLIC + "-//Semmle//qhelp//EN" + "qhelp.dtd"> + <qhelp> + <overview> + <p>You must ensure that you do not exceed the size of an allocation during write and read operations. + If an operation attempts to write to or access an element that is outside the range of the allocation then this results in a buffer overflow. + Buffer overflows can lead to anything from a segmentation fault to a security vulnerability. + </p> -</overview> -<recommendation> -<p> -Check the offsets and sizes used in the highlighted operations to ensure that a buffer overflow will not occur. -</p> + </overview> + <recommendation> + <p> + Check the offsets and sizes used in the highlighted operations to ensure that a buffer overflow will not occur. + </p> -</recommendation> -<example><sample src="OverrunWriteProductFlow.cpp" /> + </recommendation> + <example><sample src="OverrunWriteProductFlow.cpp" /> -</example> -<references> + </example> + <references> -<li>I. Gerg. <em>An Overview and Example of the Buffer-Overflow Exploit</em>. IANewsletter vol 7 no 4. 2005.</li> -<li>M. Donaldson. <em>Inside the Buffer Overflow Attack: Mechanism, Method & Prevention</em>. SANS Institute InfoSec Reading Room. 2002.</li> + <li>I. Gerg. <em>An Overview and Example of the Buffer-Overflow Exploit</em>. IANewsletter vol 7 no 4. 2005.</li> + <li>M. Donaldson. <em>Inside the Buffer Overflow Attack: Mechanism, Method & Prevention</em>. SANS Institute InfoSec Reading Room. 2002.</li> -</references> -</qhelp> + </references> + </qhelp> From 5be4f6e58bb1b37842305376d849aff54c529511 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 00:16:11 +0000 Subject: [PATCH 637/870] Add changed framework coverage reports --- csharp/documentation/library-coverage/coverage.csv | 4 ++-- csharp/documentation/library-coverage/coverage.rst | 6 +++--- java/documentation/library-coverage/coverage.csv | 2 +- java/documentation/library-coverage/coverage.rst | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/csharp/documentation/library-coverage/coverage.csv b/csharp/documentation/library-coverage/coverage.csv index cb01c5e13ad..9c900cf79cd 100644 --- a/csharp/documentation/library-coverage/coverage.csv +++ b/csharp/documentation/library-coverage/coverage.csv @@ -3,7 +3,7 @@ Dapper,55,,,,,,,,,,55,,,,,,, JsonToItemsTaskFactory,,,7,,,,,,,,,,,,,,7, Microsoft.ApplicationBlocks.Data,28,,,,,,,,,,28,,,,,,, Microsoft.CSharp,,,24,,,,,,,,,,,,,,24, -Microsoft.EntityFrameworkCore,6,,,,,,,,,,6,,,,,,, +Microsoft.EntityFrameworkCore,6,,12,,,,,,,,6,,,,,,,12 Microsoft.Extensions.Caching.Distributed,,,15,,,,,,,,,,,,,,15, Microsoft.Extensions.Caching.Memory,,,46,,,,,,,,,,,,,,45,1 Microsoft.Extensions.Configuration,,,83,,,,,,,,,,,,,,80,3 @@ -24,5 +24,5 @@ Microsoft.Win32,,,8,,,,,,,,,,,,,,8, MySql.Data.MySqlClient,48,,,,,,,,,,48,,,,,,, Newtonsoft.Json,,,91,,,,,,,,,,,,,,73,18 ServiceStack,194,,7,27,,,,,,75,92,,,,,,7, -System,65,25,12154,,8,8,9,,4,,33,3,1,17,3,4,10163,1991 +System,65,25,12157,,8,8,9,,4,,33,3,1,17,3,4,10163,1994 Windows.Security.Cryptography.Core,1,,,,,,,1,,,,,,,,,, diff --git a/csharp/documentation/library-coverage/coverage.rst b/csharp/documentation/library-coverage/coverage.rst index 3837422c867..163638d895f 100644 --- a/csharp/documentation/library-coverage/coverage.rst +++ b/csharp/documentation/library-coverage/coverage.rst @@ -8,7 +8,7 @@ C# framework & library support Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE-079` :sub:`Cross-site scripting` `ServiceStack <https://servicestack.net/>`_,"``ServiceStack.*``, ``ServiceStack``",,7,194, - System,"``System.*``, ``System``",25,12154,65,7 - Others,"``Dapper``, ``JsonToItemsTaskFactory``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.CSharp``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.NETCore.Platforms.BuildTasks``, ``Microsoft.VisualBasic``, ``Microsoft.Win32``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``Windows.Security.Cryptography.Core``",,556,138, - Totals,,25,12717,397,7 + System,"``System.*``, ``System``",25,12157,65,7 + Others,"``Dapper``, ``JsonToItemsTaskFactory``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.CSharp``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.NETCore.Platforms.BuildTasks``, ``Microsoft.VisualBasic``, ``Microsoft.Win32``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``Windows.Security.Cryptography.Core``",,568,138, + Totals,,25,12732,397,7 diff --git a/java/documentation/library-coverage/coverage.csv b/java/documentation/library-coverage/coverage.csv index 4ccb2163679..48f5dd8ae41 100644 --- a/java/documentation/library-coverage/coverage.csv +++ b/java/documentation/library-coverage/coverage.csv @@ -54,7 +54,7 @@ java.beans,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, java.io,44,,45,,18,,,,,,,,,,,,,,,4,,,,,,,,,,,,22,,,,,,,,43,2 java.lang,18,,92,,,,,,,,,,,,8,,,,,5,,4,,,1,,,,,,,,,,,,,,,56,36 java.net,13,3,20,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,,,3,20, -java.nio,36,,31,,21,,,,,,,,,,,,,,,12,,,,,,,,,,,,3,,,,,,,,31, +java.nio,38,,31,,22,,,,,,,,,,,,,,,13,,,,,,,,,,,,3,,,,,,,,31, java.sql,13,,3,,,,,,,,4,,,,,,,,,,,,,,,,,,9,,,,,,,,,,,2,1 java.util,44,,484,,,,,,,,,,,,34,,,,,,,,5,2,,1,2,,,,,,,,,,,,,44,440 javafx.scene.web,1,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,, diff --git a/java/documentation/library-coverage/coverage.rst b/java/documentation/library-coverage/coverage.rst index 498476cbb97..d89fce45524 100644 --- a/java/documentation/library-coverage/coverage.rst +++ b/java/documentation/library-coverage/coverage.rst @@ -18,10 +18,10 @@ Java framework & library support `Google Guava <https://guava.dev/>`_,``com.google.common.*``,,730,41,2,,,,, JBoss Logging,``org.jboss.logging``,,,324,,,,,, `JSON-java <https://github.com/stleary/JSON-java>`_,``org.json``,,236,,,,,,, - Java Standard Library,``java.*``,3,679,168,39,,9,,,13 + Java Standard Library,``java.*``,3,679,170,40,,9,,,13 Java extensions,"``javax.*``, ``jakarta.*``",63,611,34,1,4,,1,1,2 Kotlin Standard Library,``kotlin*``,,1843,16,11,,,,,2 `Spring <https://spring.io/>`_,``org.springframework.*``,29,483,113,2,,28,14,,29 Others,"``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.hubspot.jinjava``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.thoughtworks.xstream``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jodd.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.geogebra.web.full.main``, ``org.hibernate``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",89,827,516,26,,18,18,,181 - Totals,,246,9119,1967,174,10,122,33,1,361 + Totals,,246,9119,1969,175,10,122,33,1,361 From d772bb213acf7e7575f73f2a386e5e637d6ac1bd Mon Sep 17 00:00:00 2001 From: Sim4n6 <sim4n6@gmail.com> Date: Thu, 25 May 2023 03:10:00 +0100 Subject: [PATCH 638/870] Added three more Unicode Normalization sinks --- .../UnicodeBypassValidationQuery.qll | 28 ++++++++++++++++--- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll b/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll index a642438c1b2..d2e3a3738e0 100644 --- a/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll +++ b/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll @@ -81,10 +81,30 @@ class Configuration extends TaintTracking::Configuration { /* A Unicode Tranformation (Unicode tranformation) is considered a sink when the algorithm used is either NFC or NFKC. */ override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) { - exists(DataFlow::CallNode cn | - cn.getMethodName() = "unicode_normalize" and - cn.getArgument(0).getConstantValue().getSymbol() = ["nfkc", "nfc", "nfkd", "nfd"] and - sink = cn.getReceiver() + ( + exists(DataFlow::CallNode cn | + cn.getMethodName() = "unicode_normalize" and + cn.getArgument(0).getConstantValue().getSymbol() = ["nfkc", "nfc", "nfkd", "nfd"] and + sink = cn.getReceiver() + ) + or + // unicode_utils + exists(API::MethodAccessNode mac | + mac = API::getTopLevelMember("UnicodeUtils").getMethod(["nfkd", "nfc", "nfd", "nfkc"]) and + sink = mac.getParameter(0).asSink() + ) + or + // eprun + exists(API::MethodAccessNode mac | + mac = API::getTopLevelMember("Eprun").getMethod("normalize") and + sink = mac.getParameter(0).asSink() + ) + or + // unf + exists(API::MethodAccessNode mac | + mac = API::getTopLevelMember("UNF").getMember("Normalizer").getMethod("normalize") and + sink = mac.getParameter(0).asSink() + ) ) and state instanceof PostValidation } From 8d656a996bba8959ebce23ce4e8a12951350a422 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Thu, 25 May 2023 09:56:39 +0200 Subject: [PATCH 639/870] Swift: add QLdoc to AST consistency checks --- .../lib/codeql/swift/printast/Consistency.qll | 22 ++++++++++++------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/swift/ql/lib/codeql/swift/printast/Consistency.qll b/swift/ql/lib/codeql/swift/printast/Consistency.qll index c2ba698f5ae..8aaf160ad24 100644 --- a/swift/ql/lib/codeql/swift/printast/Consistency.qll +++ b/swift/ql/lib/codeql/swift/printast/Consistency.qll @@ -1,5 +1,17 @@ +/** Provides a set of checks that the AST is actually a tree. */ + private import codeql.swift.printast.PrintAstNode +/** Checks that no child has more than one parent. */ +query predicate doubleParents( + PrintAstNode parent1, string label1, PrintAstNode parent2, string label2, PrintAstNode child +) { + parent1 != parent2 and + parent1.hasChild(child, _, label1) and + parent2.hasChild(child, _, label2) +} + +/** Checks that no two children share the same index. */ query predicate doubleChildren( PrintAstNode parent, int index, string label1, PrintAstNode child1, string label2, PrintAstNode child2 @@ -9,6 +21,7 @@ query predicate doubleChildren( parent.hasChild(child2, index, label2) } +/** Checks that no child is under different indexes. */ query predicate doubleIndexes( PrintAstNode parent, int index1, string label1, int index2, string label2, PrintAstNode child ) { @@ -17,18 +30,11 @@ query predicate doubleIndexes( parent.hasChild(child, index2, label2) } -query predicate doubleParents( - PrintAstNode parent1, string label1, PrintAstNode parent2, string label2, PrintAstNode child -) { - parent1 != parent2 and - parent1.hasChild(child, _, label1) and - parent2.hasChild(child, _, label2) -} - private predicate isChildOf(PrintAstNode parent, PrintAstNode child) { parent.hasChild(child, _, _) } +/** Checks that there is no back edge. */ query predicate parentChildLoops(PrintAstNode parent, PrintAstNode child) { isChildOf(parent, child) and isChildOf*(child, parent) } From 7d68f6afc93f6326f444409b9bd4d8774a51df72 Mon Sep 17 00:00:00 2001 From: Sim4n6 <sim4n6@gmail.com> Date: Thu, 25 May 2023 09:21:55 +0100 Subject: [PATCH 640/870] added ActiveSupport::Multibyte::Chars normalize() sink --- .../experimental/UnicodeBypassValidationQuery.qll | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll b/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll index d2e3a3738e0..a28fb2ac5d6 100644 --- a/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll +++ b/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll @@ -105,6 +105,18 @@ class Configuration extends TaintTracking::Configuration { mac = API::getTopLevelMember("UNF").getMember("Normalizer").getMethod("normalize") and sink = mac.getParameter(0).asSink() ) + or + // ActiveSupport::Multibyte::Chars + exists(DataFlow::CallNode cn, DataFlow::CallNode n | + cn = + API::getTopLevelMember("ActiveSupport") + .getMember("Multibyte") + .getMember("Chars") + .getMethod("new") + .getCallNode() and + n = cn.(DataFlow::CallNode).getAMethodCall("normalize") and + sink = cn.getArgument(0) + ) ) and state instanceof PostValidation } From 09c97ce0dab695e017a3b8f63fe6cdf8f4e2c25f Mon Sep 17 00:00:00 2001 From: Sim4n6 <sim4n6@gmail.com> Date: Thu, 25 May 2023 09:41:22 +0100 Subject: [PATCH 641/870] Added one more example to the qhelp --- .../cwe-176/UnicodeBypassValidation.qhelp | 12 ++++++++++++ .../cwe-176/examples/unicode_normalization2.rb | 2 ++ 2 files changed, 14 insertions(+) create mode 100644 ruby/ql/src/experimental/cwe-176/examples/unicode_normalization2.rb diff --git a/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp b/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp index 90751fd81c6..6757cd68b4a 100644 --- a/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp +++ b/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp @@ -23,6 +23,18 @@ <sample src="./examples/unicode_normalization.rb" /> + </example> + <example> + + <p> The next example shows how an early deletion of a character may be bypassed due to a + potential Unicode character collision.</p> + <p>The character <code><</code> was expected to be omitted from the string <code>s</code>. + However, a malicious user may consider using its colliding Unicode character U+FE64 <code> + ﹤</code> as an alternative. Due to the Late-Unicode normalization with the form NFKC, + the resulting string would contain the unintended character <code><</code> . </p> + + <sample src="./examples/unicode_normalization2.rb" /> + </example> <references> <li> Research study: <a diff --git a/ruby/ql/src/experimental/cwe-176/examples/unicode_normalization2.rb b/ruby/ql/src/experimental/cwe-176/examples/unicode_normalization2.rb new file mode 100644 index 00000000000..0985a698365 --- /dev/null +++ b/ruby/ql/src/experimental/cwe-176/examples/unicode_normalization2.rb @@ -0,0 +1,2 @@ +s = "﹤xss>" +puts s.delete("<").unicode_normalize(:nfkc).include?("<") From ac31209233b39358657ee517ce2b03c47fb10fd8 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Thu, 25 May 2023 10:56:25 +0200 Subject: [PATCH 642/870] Swift: add change notes to consistency queries --- .../change-notes/2023-05-25-consistency-queries-pack.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 swift/ql/consistency-queries/change-notes/2023-05-25-consistency-queries-pack.md diff --git a/swift/ql/consistency-queries/change-notes/2023-05-25-consistency-queries-pack.md b/swift/ql/consistency-queries/change-notes/2023-05-25-consistency-queries-pack.md new file mode 100644 index 00000000000..a3f2e4bbe81 --- /dev/null +++ b/swift/ql/consistency-queries/change-notes/2023-05-25-consistency-queries-pack.md @@ -0,0 +1,4 @@ +--- +category: newQuery +--- +* Added two consistency queries for checking control flow and AST printing internals. From d1be942f04e0734d898f25b66abad6efbea7e162 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Thu, 25 May 2023 11:04:21 +0200 Subject: [PATCH 643/870] Swift: turn change note check on --- .github/workflows/check-change-note.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/check-change-note.yml b/.github/workflows/check-change-note.yml index 51dd61a3f73..3967c0ec921 100644 --- a/.github/workflows/check-change-note.yml +++ b/.github/workflows/check-change-note.yml @@ -11,7 +11,6 @@ on: - "*/ql/lib/**/*.yml" - "!**/experimental/**" - "!ql/**" - - "!swift/**" - ".github/workflows/check-change-note.yml" jobs: @@ -32,4 +31,4 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | gh api 'repos/${{github.repository}}/pulls/${{github.event.number}}/files' --paginate --jq '[.[].filename | select(test("/change-notes/.*[.]md$"))] | all(test("/change-notes/[0-9]{4}-[0-9]{2}-[0-9]{2}.*[.]md$") or test("/change-notes/released/[0-9]*[.][0-9]*[.][0-9]*[.]md$"))' | - grep true -c + grep true -c From 7878bc3cc19e9efc1f07859ca4681651241c3950 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Thu, 25 May 2023 11:27:38 +0200 Subject: [PATCH 644/870] Swift: remove property wrapper AST inconsistencies --- .../codeql/swift/printast/PrintAstNode.qll | 62 ++++++++++++++++--- .../CONSISTENCY/PrintAstConsistency.expected | 13 ---- .../CONSISTENCY/PrintAstConsistency.expected | 21 ------- .../CONSISTENCY/PrintAstConsistency.expected | 13 ---- .../CONSISTENCY/PrintAstConsistency.expected | 7 --- .../CONSISTENCY/PrintAstConsistency.expected | 3 - 6 files changed, 55 insertions(+), 64 deletions(-) delete mode 100644 swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/CONSISTENCY/PrintAstConsistency.expected delete mode 100644 swift/ql/test/extractor-tests/generated/decl/ParamDecl/CONSISTENCY/PrintAstConsistency.expected delete mode 100644 swift/ql/test/extractor-tests/generated/expr/AppliedPropertyWrapperExpr/CONSISTENCY/PrintAstConsistency.expected delete mode 100644 swift/ql/test/extractor-tests/generated/expr/PropertyWrapperValuePlaceholderExpr/CONSISTENCY/PrintAstConsistency.expected delete mode 100644 swift/ql/test/library-tests/dataflow/dataflow/CONSISTENCY/PrintAstConsistency.expected diff --git a/swift/ql/lib/codeql/swift/printast/PrintAstNode.qll b/swift/ql/lib/codeql/swift/printast/PrintAstNode.qll index 57e68648636..5b2a1d22d4d 100644 --- a/swift/ql/lib/codeql/swift/printast/PrintAstNode.qll +++ b/swift/ql/lib/codeql/swift/printast/PrintAstNode.qll @@ -28,7 +28,7 @@ private predicate shouldPrint(Locatable e) { any(PrintAstConfiguration config).s /** * An AST node that should be printed. */ -private newtype TPrintAstNode = TLocatable(Locatable ast) +private newtype TPrintAstNode = TPrintLocatable(Locatable ast) /** * A node in the output tree. @@ -60,6 +60,11 @@ class PrintAstNode extends TPrintAstNode { * the property is `key`. */ string getProperty(string key) { none() } + + /** + * Gets the underlying AST node, if any. + */ + abstract Locatable getAstNode(); } private string prettyPrint(Locatable e) { @@ -73,10 +78,10 @@ private class Unresolved extends Locatable { /** * A graph node representing a real Locatable node. */ -class PrintLocatable extends PrintAstNode, TLocatable { +class PrintLocatable extends PrintAstNode, TPrintLocatable { Locatable ast; - PrintLocatable() { this = TLocatable(ast) } + PrintLocatable() { this = TPrintLocatable(ast) } override string toString() { result = prettyPrint(ast) } @@ -87,9 +92,9 @@ class PrintLocatable extends PrintAstNode, TLocatable { c = getChildAndAccessor(ast, i, accessor) and ( // use even indexes for normal children, leaving odd slots for conversions if any - child = TLocatable(c) and index = 2 * i and label = accessor + child = TPrintLocatable(c) and index = 2 * i and label = accessor or - child = TLocatable(c.getFullyUnresolved().(Unresolved)) and + child = TPrintLocatable(c.getFullyUnresolved().(Unresolved)) and index = 2 * i + 1 and ( if c instanceof Expr @@ -100,6 +105,8 @@ class PrintLocatable extends PrintAstNode, TLocatable { ) } + final override Locatable getAstNode() { result = ast } + final override Location getLocation() { result = ast.getLocation() } } @@ -112,17 +119,38 @@ class PrintUnresolved extends PrintLocatable { override predicate hasChild(PrintAstNode child, int index, string label) { // only print immediate unresolved children from the "parallel" AST - child = TLocatable(getImmediateChildAndAccessor(ast, index, label).(Unresolved)) + child = TPrintLocatable(getImmediateChildAndAccessor(ast, index, label).(Unresolved)) } } +private predicate hasPropertyWrapperElement(VarDecl d, Locatable a) { + a = [d.getPropertyWrapperBackingVar(), d.getPropertyWrapperProjectionVar()] or + a = [d.getPropertyWrapperBackingVarBinding(), d.getPropertyWrapperProjectionVarBinding()] +} + /** - * A specialization of graph node for `VarDecl`, to add typing information. + * A specialization of graph node for `VarDecl`, to add typing information and deal with ambiguity + * over property wrapper children. */ class PrintVarDecl extends PrintLocatable { override VarDecl ast; override string getProperty(string key) { key = "Type" and result = ast.getType().toString() } + + override predicate hasChild(PrintAstNode child, int index, string label) { + PrintLocatable.super.hasChild(child, index, label) and + // exclude property wrapper related children when they are already listed in the enclosing + // nominal type declaration or for a wrapped parameter for which this is a virtual local variable copy + not exists(Locatable childAst | + childAst = child.getAstNode() and + hasPropertyWrapperElement(ast, childAst) and + ( + childAst = ast.getDeclaringDecl().getAMember() + or + ast instanceof ConcreteVarDecl and hasPropertyWrapperElement(any(ParamDecl p), childAst) + ) + ) + } } /** @@ -135,3 +163,23 @@ class PrintFunction extends PrintLocatable { key = "InterfaceType" and result = ast.getInterfaceType().toString() } } + +/** + * A specialization of graph node for `PatternBindingDecl`, to solve ambiguity on `getInit`. + * When a property wrapper is involved, `getInit` may become shared between the explicit binding and + * the implicit compiler synthesized one. + */ +class PrintPatternBindingDecl extends PrintLocatable { + override PatternBindingDecl ast; + + override predicate hasChild(PrintAstNode child, int index, string label) { + PrintLocatable.super.hasChild(child, index, label) and + // exclude `getInit` that are already the initializer of a variable that has this as a property wrapper backer + not exists(Expr init, VarDecl var | + init = child.getAstNode() and + init = ast.getAnInit() and + var.getPropertyWrapperBackingVarBinding() = ast and + var.getParentInitializer() = init + ) + } +} diff --git a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/CONSISTENCY/PrintAstConsistency.expected b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/CONSISTENCY/PrintAstConsistency.expected deleted file mode 100644 index bd58f4414d2..00000000000 --- a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/CONSISTENCY/PrintAstConsistency.expected +++ /dev/null @@ -1,13 +0,0 @@ -doubleParents -| file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:54:6:54:15 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:54:4:54:15 | [CallExpr] call to X<T>.init(wrappedValue:) | -| file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:55:20:55:29 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:55:4:55:29 | [CallExpr] call to WrapperWithInit.init(wrappedValue:) | -| file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:56:25:56:34 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:56:4:56:34 | [CallExpr] call to WrapperWithProjected.init(wrappedValue:projectedValue:) | -| file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:57:32:57:41 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:57:4:57:41 | [CallExpr] call to WrapperWithProjectedAndInit.init(wrappedValue:) | -| var_decls.swift:23:1:25:1 | [StructDecl] Wrapped | getMember(2) | var_decls.swift:24:15:24:15 | [ConcreteVarDecl] wrapped | getPropertyWrapperBackingVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | -| var_decls.swift:23:1:25:1 | [StructDecl] Wrapped | getMember(3) | var_decls.swift:24:15:24:15 | [ConcreteVarDecl] wrapped | getPropertyWrapperBackingVar() | var_decls.swift:24:15:24:15 | [ConcreteVarDecl] _wrapped | -| var_decls.swift:24:15:24:15 | [ConcreteVarDecl] wrapped | getPropertyWrapperBackingVar() | var_decls.swift:23:1:25:1 | [StructDecl] Wrapped | getMember(3) | var_decls.swift:24:15:24:15 | [ConcreteVarDecl] _wrapped | -| var_decls.swift:24:15:24:15 | [ConcreteVarDecl] wrapped | getPropertyWrapperBackingVarBinding() | var_decls.swift:23:1:25:1 | [StructDecl] Wrapped | getMember(2) | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | -| var_decls.swift:54:6:54:15 | [PatternBindingDecl] var ... = ... | getInit(0) | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:54:4:54:15 | [CallExpr] call to X<T>.init(wrappedValue:) | -| var_decls.swift:55:20:55:29 | [PatternBindingDecl] var ... = ... | getInit(0) | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:55:4:55:29 | [CallExpr] call to WrapperWithInit.init(wrappedValue:) | -| var_decls.swift:56:25:56:34 | [PatternBindingDecl] var ... = ... | getInit(0) | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:56:4:56:34 | [CallExpr] call to WrapperWithProjected.init(wrappedValue:projectedValue:) | -| var_decls.swift:57:32:57:41 | [PatternBindingDecl] var ... = ... | getInit(0) | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | var_decls.swift:57:4:57:41 | [CallExpr] call to WrapperWithProjectedAndInit.init(wrappedValue:) | diff --git a/swift/ql/test/extractor-tests/generated/decl/ParamDecl/CONSISTENCY/PrintAstConsistency.expected b/swift/ql/test/extractor-tests/generated/decl/ParamDecl/CONSISTENCY/PrintAstConsistency.expected deleted file mode 100644 index 3d3703c8ca4..00000000000 --- a/swift/ql/test/extractor-tests/generated/decl/ParamDecl/CONSISTENCY/PrintAstConsistency.expected +++ /dev/null @@ -1,21 +0,0 @@ -doubleParents -| param_decls.swift:48:18:48:18 | [ConcreteVarDecl] p1 | getPropertyWrapperBackingVar() | param_decls.swift:48:18:48:22 | [ParamDecl] p1 | getPropertyWrapperBackingVar() | param_decls.swift:48:18:48:18 | [ConcreteVarDecl] _p1 | -| param_decls.swift:48:18:48:18 | [ConcreteVarDecl] p1 | getPropertyWrapperBackingVarBinding() | param_decls.swift:48:18:48:22 | [ParamDecl] p1 | getPropertyWrapperBackingVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | -| param_decls.swift:48:18:48:22 | [ParamDecl] p1 | getPropertyWrapperBackingVar() | param_decls.swift:48:18:48:18 | [ConcreteVarDecl] p1 | getPropertyWrapperBackingVar() | param_decls.swift:48:18:48:18 | [ConcreteVarDecl] _p1 | -| param_decls.swift:48:18:48:22 | [ParamDecl] p1 | getPropertyWrapperBackingVarBinding() | param_decls.swift:48:18:48:18 | [ConcreteVarDecl] p1 | getPropertyWrapperBackingVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | -| param_decls.swift:49:26:49:26 | [ConcreteVarDecl] p2 | getPropertyWrapperBackingVar() | param_decls.swift:49:26:49:30 | [ParamDecl] p2 | getPropertyWrapperBackingVar() | param_decls.swift:49:26:49:26 | [ConcreteVarDecl] _p2 | -| param_decls.swift:49:26:49:26 | [ConcreteVarDecl] p2 | getPropertyWrapperBackingVarBinding() | param_decls.swift:49:26:49:30 | [ParamDecl] p2 | getPropertyWrapperBackingVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | -| param_decls.swift:49:26:49:30 | [ParamDecl] p2 | getPropertyWrapperBackingVar() | param_decls.swift:49:26:49:26 | [ConcreteVarDecl] p2 | getPropertyWrapperBackingVar() | param_decls.swift:49:26:49:26 | [ConcreteVarDecl] _p2 | -| param_decls.swift:49:26:49:30 | [ParamDecl] p2 | getPropertyWrapperBackingVarBinding() | param_decls.swift:49:26:49:26 | [ConcreteVarDecl] p2 | getPropertyWrapperBackingVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | -| param_decls.swift:50:31:50:31 | [ConcreteVarDecl] p3 | getPropertyWrapperBackingVar() | param_decls.swift:50:31:50:35 | [ParamDecl] p3 | getPropertyWrapperBackingVar() | file://:0:0:0:0 | [ParamDecl] _p3 | -| param_decls.swift:50:31:50:31 | [ConcreteVarDecl] p3 | getPropertyWrapperProjectionVar() | param_decls.swift:50:31:50:35 | [ParamDecl] p3 | getPropertyWrapperProjectionVar() | param_decls.swift:50:31:50:31 | [ConcreteVarDecl] $p3 | -| param_decls.swift:50:31:50:31 | [ConcreteVarDecl] p3 | getPropertyWrapperProjectionVarBinding() | param_decls.swift:50:31:50:35 | [ParamDecl] p3 | getPropertyWrapperProjectionVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | -| param_decls.swift:50:31:50:35 | [ParamDecl] p3 | getPropertyWrapperBackingVar() | param_decls.swift:50:31:50:31 | [ConcreteVarDecl] p3 | getPropertyWrapperBackingVar() | file://:0:0:0:0 | [ParamDecl] _p3 | -| param_decls.swift:50:31:50:35 | [ParamDecl] p3 | getPropertyWrapperProjectionVar() | param_decls.swift:50:31:50:31 | [ConcreteVarDecl] p3 | getPropertyWrapperProjectionVar() | param_decls.swift:50:31:50:31 | [ConcreteVarDecl] $p3 | -| param_decls.swift:50:31:50:35 | [ParamDecl] p3 | getPropertyWrapperProjectionVarBinding() | param_decls.swift:50:31:50:31 | [ConcreteVarDecl] p3 | getPropertyWrapperProjectionVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | -| param_decls.swift:51:38:51:38 | [ConcreteVarDecl] p4 | getPropertyWrapperBackingVar() | param_decls.swift:51:38:51:42 | [ParamDecl] p4 | getPropertyWrapperBackingVar() | file://:0:0:0:0 | [ParamDecl] _p4 | -| param_decls.swift:51:38:51:38 | [ConcreteVarDecl] p4 | getPropertyWrapperProjectionVar() | param_decls.swift:51:38:51:42 | [ParamDecl] p4 | getPropertyWrapperProjectionVar() | param_decls.swift:51:38:51:38 | [ConcreteVarDecl] $p4 | -| param_decls.swift:51:38:51:38 | [ConcreteVarDecl] p4 | getPropertyWrapperProjectionVarBinding() | param_decls.swift:51:38:51:42 | [ParamDecl] p4 | getPropertyWrapperProjectionVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | -| param_decls.swift:51:38:51:42 | [ParamDecl] p4 | getPropertyWrapperBackingVar() | param_decls.swift:51:38:51:38 | [ConcreteVarDecl] p4 | getPropertyWrapperBackingVar() | file://:0:0:0:0 | [ParamDecl] _p4 | -| param_decls.swift:51:38:51:42 | [ParamDecl] p4 | getPropertyWrapperProjectionVar() | param_decls.swift:51:38:51:38 | [ConcreteVarDecl] p4 | getPropertyWrapperProjectionVar() | param_decls.swift:51:38:51:38 | [ConcreteVarDecl] $p4 | -| param_decls.swift:51:38:51:42 | [ParamDecl] p4 | getPropertyWrapperProjectionVarBinding() | param_decls.swift:51:38:51:38 | [ConcreteVarDecl] p4 | getPropertyWrapperProjectionVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | diff --git a/swift/ql/test/extractor-tests/generated/expr/AppliedPropertyWrapperExpr/CONSISTENCY/PrintAstConsistency.expected b/swift/ql/test/extractor-tests/generated/expr/AppliedPropertyWrapperExpr/CONSISTENCY/PrintAstConsistency.expected deleted file mode 100644 index 6c2028995fe..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/AppliedPropertyWrapperExpr/CONSISTENCY/PrintAstConsistency.expected +++ /dev/null @@ -1,13 +0,0 @@ -doubleParents -| applied_property_wrapper.swift:12:19:12:19 | [ConcreteVarDecl] x | getPropertyWrapperBackingVar() | applied_property_wrapper.swift:12:19:12:22 | [ParamDecl] x | getPropertyWrapperBackingVar() | file://:0:0:0:0 | [ParamDecl] _x | -| applied_property_wrapper.swift:12:19:12:19 | [ConcreteVarDecl] x | getPropertyWrapperProjectionVar() | applied_property_wrapper.swift:12:19:12:22 | [ParamDecl] x | getPropertyWrapperProjectionVar() | applied_property_wrapper.swift:12:19:12:19 | [ConcreteVarDecl] $x | -| applied_property_wrapper.swift:12:19:12:19 | [ConcreteVarDecl] x | getPropertyWrapperProjectionVarBinding() | applied_property_wrapper.swift:12:19:12:22 | [ParamDecl] x | getPropertyWrapperProjectionVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | -| applied_property_wrapper.swift:12:19:12:22 | [ParamDecl] x | getPropertyWrapperBackingVar() | applied_property_wrapper.swift:12:19:12:19 | [ConcreteVarDecl] x | getPropertyWrapperBackingVar() | file://:0:0:0:0 | [ParamDecl] _x | -| applied_property_wrapper.swift:12:19:12:22 | [ParamDecl] x | getPropertyWrapperProjectionVar() | applied_property_wrapper.swift:12:19:12:19 | [ConcreteVarDecl] x | getPropertyWrapperProjectionVar() | applied_property_wrapper.swift:12:19:12:19 | [ConcreteVarDecl] $x | -| applied_property_wrapper.swift:12:19:12:22 | [ParamDecl] x | getPropertyWrapperProjectionVarBinding() | applied_property_wrapper.swift:12:19:12:19 | [ConcreteVarDecl] x | getPropertyWrapperProjectionVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | -| applied_property_wrapper.swift:17:26:17:26 | [ConcreteVarDecl] y | getPropertyWrapperBackingVar() | applied_property_wrapper.swift:17:26:17:29 | [ParamDecl] y | getPropertyWrapperBackingVar() | file://:0:0:0:0 | [ParamDecl] _y | -| applied_property_wrapper.swift:17:26:17:26 | [ConcreteVarDecl] y | getPropertyWrapperProjectionVar() | applied_property_wrapper.swift:17:26:17:29 | [ParamDecl] y | getPropertyWrapperProjectionVar() | applied_property_wrapper.swift:17:26:17:26 | [ConcreteVarDecl] $y | -| applied_property_wrapper.swift:17:26:17:26 | [ConcreteVarDecl] y | getPropertyWrapperProjectionVarBinding() | applied_property_wrapper.swift:17:26:17:29 | [ParamDecl] y | getPropertyWrapperProjectionVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | -| applied_property_wrapper.swift:17:26:17:29 | [ParamDecl] y | getPropertyWrapperBackingVar() | applied_property_wrapper.swift:17:26:17:26 | [ConcreteVarDecl] y | getPropertyWrapperBackingVar() | file://:0:0:0:0 | [ParamDecl] _y | -| applied_property_wrapper.swift:17:26:17:29 | [ParamDecl] y | getPropertyWrapperProjectionVar() | applied_property_wrapper.swift:17:26:17:26 | [ConcreteVarDecl] y | getPropertyWrapperProjectionVar() | applied_property_wrapper.swift:17:26:17:26 | [ConcreteVarDecl] $y | -| applied_property_wrapper.swift:17:26:17:29 | [ParamDecl] y | getPropertyWrapperProjectionVarBinding() | applied_property_wrapper.swift:17:26:17:26 | [ConcreteVarDecl] y | getPropertyWrapperProjectionVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | diff --git a/swift/ql/test/extractor-tests/generated/expr/PropertyWrapperValuePlaceholderExpr/CONSISTENCY/PrintAstConsistency.expected b/swift/ql/test/extractor-tests/generated/expr/PropertyWrapperValuePlaceholderExpr/CONSISTENCY/PrintAstConsistency.expected deleted file mode 100644 index a57070efd5a..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/PropertyWrapperValuePlaceholderExpr/CONSISTENCY/PrintAstConsistency.expected +++ /dev/null @@ -1,7 +0,0 @@ -doubleParents -| file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | property_wrapper_value_placeholder.swift:12:12:12:26 | [PatternBindingDecl] var ... = ... | getInit(0) | property_wrapper_value_placeholder.swift:12:4:12:26 | [CallExpr] call to Wrapper.init(wrappedValue:) | -| property_wrapper_value_placeholder.swift:11:1:13:1 | [StructDecl] S | getMember(2) | property_wrapper_value_placeholder.swift:12:16:12:16 | [ConcreteVarDecl] x | getPropertyWrapperBackingVarBinding() | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | -| property_wrapper_value_placeholder.swift:11:1:13:1 | [StructDecl] S | getMember(3) | property_wrapper_value_placeholder.swift:12:16:12:16 | [ConcreteVarDecl] x | getPropertyWrapperBackingVar() | property_wrapper_value_placeholder.swift:12:16:12:16 | [ConcreteVarDecl] _x | -| property_wrapper_value_placeholder.swift:12:12:12:26 | [PatternBindingDecl] var ... = ... | getInit(0) | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | property_wrapper_value_placeholder.swift:12:4:12:26 | [CallExpr] call to Wrapper.init(wrappedValue:) | -| property_wrapper_value_placeholder.swift:12:16:12:16 | [ConcreteVarDecl] x | getPropertyWrapperBackingVar() | property_wrapper_value_placeholder.swift:11:1:13:1 | [StructDecl] S | getMember(3) | property_wrapper_value_placeholder.swift:12:16:12:16 | [ConcreteVarDecl] _x | -| property_wrapper_value_placeholder.swift:12:16:12:16 | [ConcreteVarDecl] x | getPropertyWrapperBackingVarBinding() | property_wrapper_value_placeholder.swift:11:1:13:1 | [StructDecl] S | getMember(2) | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | diff --git a/swift/ql/test/library-tests/dataflow/dataflow/CONSISTENCY/PrintAstConsistency.expected b/swift/ql/test/library-tests/dataflow/dataflow/CONSISTENCY/PrintAstConsistency.expected deleted file mode 100644 index cc3ea4d16c3..00000000000 --- a/swift/ql/test/library-tests/dataflow/dataflow/CONSISTENCY/PrintAstConsistency.expected +++ /dev/null @@ -1,3 +0,0 @@ -doubleParents -| file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | test.swift:252:19:252:27 | [PatternBindingDecl] var ... = ... | getInit(0) | test.swift:252:6:252:27 | [CallExpr] call to DidSetSource.init(wrappedValue:) | -| test.swift:252:19:252:27 | [PatternBindingDecl] var ... = ... | getInit(0) | file://:0:0:0:0 | [PatternBindingDecl] var ... = ... | getInit(0) | test.swift:252:6:252:27 | [CallExpr] call to DidSetSource.init(wrappedValue:) | From 52dd247a8115519ee355096ecffc21542c3349fa Mon Sep 17 00:00:00 2001 From: Sim4n6 <sim4n6@gmail.com> Date: Thu, 25 May 2023 11:55:13 +0100 Subject: [PATCH 645/870] Removed redundant cast --- .../codeql/ruby/experimental/UnicodeBypassValidationQuery.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll b/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll index a28fb2ac5d6..5c24978c4c3 100644 --- a/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll +++ b/ruby/ql/lib/codeql/ruby/experimental/UnicodeBypassValidationQuery.qll @@ -114,7 +114,7 @@ class Configuration extends TaintTracking::Configuration { .getMember("Chars") .getMethod("new") .getCallNode() and - n = cn.(DataFlow::CallNode).getAMethodCall("normalize") and + n = cn.getAMethodCall("normalize") and sink = cn.getArgument(0) ) ) and From b26b0a6e4310cb9266d12a57211e48c65acc5721 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Thu, 25 May 2023 11:44:40 +0200 Subject: [PATCH 646/870] Swift: remove property wrapper CFG inconsistencies --- .../controlflow/internal/ControlFlowGraphImpl.qll | 9 +++++++++ .../CONSISTENCY/CfgConsistency.expected | 14 -------------- .../dataflow/CONSISTENCY/CfgConsistency.expected | 4 ---- 3 files changed, 9 insertions(+), 18 deletions(-) delete mode 100644 swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/CONSISTENCY/CfgConsistency.expected diff --git a/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll b/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll index d3eb3aaa244..6b77ba288c9 100644 --- a/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll +++ b/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll @@ -969,6 +969,15 @@ module Decls { result.asAstNode() = ast.getPattern(j).getFullyUnresolved() ) or + // synthesized pattern bindings for property wrappers may be sharing the init with the backed + // variable declaration, so we need to skip those + not exists(VarDecl decl | + ast = + [ + decl.getPropertyWrapperBackingVarBinding(), + decl.getPropertyWrapperProjectionVarBinding() + ] + ) and exists(int j | i = 2 * j + 1 and result.asAstNode() = ast.getInit(j).getFullyConverted() diff --git a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/CONSISTENCY/CfgConsistency.expected deleted file mode 100644 index 5d70f700af3..00000000000 --- a/swift/ql/test/extractor-tests/generated/decl/ConcreteVarDecl/CONSISTENCY/CfgConsistency.expected +++ /dev/null @@ -1,14 +0,0 @@ -multipleSuccessors -| var_decls.swift:54:4:54:15 | call to X<T>.init(wrappedValue:) | successor | file://:0:0:0:0 | var ... = ... | -| var_decls.swift:54:4:54:15 | call to X<T>.init(wrappedValue:) | successor | var_decls.swift:54:6:54:15 | var ... = ... | -| var_decls.swift:55:4:55:29 | call to WrapperWithInit.init(wrappedValue:) | successor | file://:0:0:0:0 | var ... = ... | -| var_decls.swift:55:4:55:29 | call to WrapperWithInit.init(wrappedValue:) | successor | var_decls.swift:55:20:55:29 | var ... = ... | -| var_decls.swift:56:4:56:34 | call to WrapperWithProjected.init(wrappedValue:projectedValue:) | successor | file://:0:0:0:0 | var ... = ... | -| var_decls.swift:56:4:56:34 | call to WrapperWithProjected.init(wrappedValue:projectedValue:) | successor | var_decls.swift:56:25:56:34 | var ... = ... | -| var_decls.swift:57:4:57:41 | call to WrapperWithProjectedAndInit.init(wrappedValue:) | successor | file://:0:0:0:0 | var ... = ... | -| var_decls.swift:57:4:57:41 | call to WrapperWithProjectedAndInit.init(wrappedValue:) | successor | var_decls.swift:57:32:57:41 | var ... = ... | -deadEnd -| file://:0:0:0:0 | var ... = ... | -| file://:0:0:0:0 | var ... = ... | -| file://:0:0:0:0 | var ... = ... | -| file://:0:0:0:0 | var ... = ... | diff --git a/swift/ql/test/library-tests/dataflow/dataflow/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/library-tests/dataflow/dataflow/CONSISTENCY/CfgConsistency.expected index 5208a9053d5..500c114c6c9 100644 --- a/swift/ql/test/library-tests/dataflow/dataflow/CONSISTENCY/CfgConsistency.expected +++ b/swift/ql/test/library-tests/dataflow/dataflow/CONSISTENCY/CfgConsistency.expected @@ -1,7 +1,3 @@ multipleSuccessors -| test.swift:252:6:252:27 | call to DidSetSource.init(wrappedValue:) | successor | file://:0:0:0:0 | var ... = ... | -| test.swift:252:6:252:27 | call to DidSetSource.init(wrappedValue:) | successor | test.swift:252:19:252:27 | var ... = ... | | test.swift:488:8:488:12 | let ...? | no-match | test.swift:488:27:488:27 | y | | test.swift:488:8:488:12 | let ...? | no-match | test.swift:493:9:493:9 | tuple1 | -deadEnd -| file://:0:0:0:0 | var ... = ... | From 7b76aa34bd64d32969618c79d5741cec3f111d98 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Thu, 25 May 2023 12:00:20 +0200 Subject: [PATCH 647/870] Swift: fix CFG inconsistency on `TapExpr` --- .../internal/ControlFlowGraphImpl.qll | 30 ++-------- .../ast/CONSISTENCY/CfgConsistency.expected | 4 -- .../graph/CONSISTENCY/CfgConsistency.expected | 4 -- .../controlflow/graph/Cfg.expected | 4 +- .../core/CONSISTENCY/CfgConsistency.expected | 15 ----- .../dataflow/taint/core/LocalTaint.expected | 21 +++---- .../CONSISTENCY/CfgConsistency.expected | 15 ----- .../CONSISTENCY/CfgConsistency.expected | 9 --- .../CONSISTENCY/CfgConsistency.expected | 13 ---- .../CONSISTENCY/CfgConsistency.expected | 3 - .../CONSISTENCY/CfgConsistency.expected | 41 ------------- .../CONSISTENCY/CfgConsistency.expected | 59 ------------------- 12 files changed, 15 insertions(+), 203 deletions(-) delete mode 100644 swift/ql/test/library-tests/dataflow/taint/core/CONSISTENCY/CfgConsistency.expected delete mode 100644 swift/ql/test/query-tests/Security/CWE-079/CONSISTENCY/CfgConsistency.expected delete mode 100644 swift/ql/test/query-tests/Security/CWE-134/CONSISTENCY/CfgConsistency.expected delete mode 100644 swift/ql/test/query-tests/Security/CWE-135/CONSISTENCY/CfgConsistency.expected diff --git a/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll b/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll index 6b77ba288c9..4ec5d691256 100644 --- a/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll +++ b/swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll @@ -111,31 +111,21 @@ module Stmts { override predicate propagatesAbnormal(ControlFlowElement node) { none() } - private predicate isBodyOfTapExpr() { any(TapExpr tap).getBody() = ast } - - // Note: If the brace statement is the body of a `TapExpr`, the first element is the variable - // declaration (see https://github.com/apple/swift/blob/main/include/swift/AST/Expr.h#L848) - // that's initialized by the `TapExpr`. In `TapExprTree` we've already visited this declaration, - // along with its initializer. So we skip the first element here. - private AstNode getFirstElement() { - if this.isBodyOfTapExpr() then result = ast.getElement(1) else result = ast.getFirstElement() - } - override predicate first(ControlFlowElement first) { this.firstInner(first) or - not exists(this.getFirstElement()) and first.asAstNode() = ast + not exists(ast.getFirstElement()) and first.asAstNode() = ast } override predicate last(ControlFlowElement last, Completion c) { this.lastInner(last, c) or - not exists(this.getFirstElement()) and + not exists(ast.getFirstElement()) and last.asAstNode() = ast and c instanceof SimpleCompletion } - predicate firstInner(ControlFlowElement first) { astFirst(this.getFirstElement(), first) } + predicate firstInner(ControlFlowElement first) { astFirst(ast.getFirstElement(), first) } /** Gets the body of the i'th `defer` statement. */ private BraceStmt getDeferStmtBody(int i) { @@ -1406,20 +1396,12 @@ module Exprs { override TapExpr ast; final override ControlFlowElement getChildElement(int i) { - // We first visit the local variable declaration. + // We first visit the expression that gives the local variable its initial value. i = 0 and - result.asAstNode() = ast.getVar() - or - // Then we visit the expression that gives the local variable its initial value. - i = 1 and result.asAstNode() = ast.getSubExpr().getFullyConverted() or - // And finally, we visit the body that potentially mutates the local variable. - // Note that the CFG for the body will skip the first element in the - // body because it's guaranteed to be the variable declaration - // that we've already visited at i = 0. See the explanation - // in `BraceStmtTree` for why this is necessary. - i = 2 and + // And then we visit the body that potentially mutates the local variable. + i = 1 and result.asAstNode() = ast.getBody() } } diff --git a/swift/ql/test/library-tests/ast/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/library-tests/ast/CONSISTENCY/CfgConsistency.expected index 4c13966e124..fdfaa9f18cd 100644 --- a/swift/ql/test/library-tests/ast/CONSISTENCY/CfgConsistency.expected +++ b/swift/ql/test/library-tests/ast/CONSISTENCY/CfgConsistency.expected @@ -5,10 +5,6 @@ multipleSuccessors | cfg.swift:144:10:144:10 | =~ ... | no-match | cfg.swift:146:5:147:14 | case ... | | cfg.swift:515:6:515:28 | #available | false | cfg.swift:515:42:515:46 | iOS 12 | | cfg.swift:515:6:515:28 | #available | false | cfg.swift:519:10:519:10 | x | -| file://:0:0:0:0 | $interpolation | successor | cfg.swift:40:11:40:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cfg.swift:40:12:40:12 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cfg.swift:263:10:263:10 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cfg.swift:263:11:263:11 | .appendLiteral(_:) | deadEnd | cfg.swift:33:49:33:60 | call to isZero(x:) | | cfg.swift:144:18:144:34 | ... .&&(_:_:) ... | diff --git a/swift/ql/test/library-tests/controlflow/graph/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/library-tests/controlflow/graph/CONSISTENCY/CfgConsistency.expected index b9b2913e4d2..0c4047134f3 100644 --- a/swift/ql/test/library-tests/controlflow/graph/CONSISTENCY/CfgConsistency.expected +++ b/swift/ql/test/library-tests/controlflow/graph/CONSISTENCY/CfgConsistency.expected @@ -5,10 +5,6 @@ multipleSuccessors | cfg.swift:144:10:144:10 | =~ ... | no-match | cfg.swift:146:5:147:14 | case ... | | cfg.swift:515:6:515:28 | #available | false | cfg.swift:515:42:515:46 | iOS 12 | | cfg.swift:515:6:515:28 | #available | false | cfg.swift:519:10:519:10 | x | -| file://:0:0:0:0 | $interpolation | successor | cfg.swift:40:11:40:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cfg.swift:40:12:40:12 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cfg.swift:263:10:263:10 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cfg.swift:263:11:263:11 | .appendLiteral(_:) | deadEnd | cfg.swift:33:49:33:60 | call to isZero(x:) | | cfg.swift:144:18:144:34 | ... .&&(_:_:) ... | diff --git a/swift/ql/test/library-tests/controlflow/graph/Cfg.expected b/swift/ql/test/library-tests/controlflow/graph/Cfg.expected index b62245dbe2a..de69eda9614 100644 --- a/swift/ql/test/library-tests/controlflow/graph/Cfg.expected +++ b/swift/ql/test/library-tests/controlflow/graph/Cfg.expected @@ -349,6 +349,7 @@ cfg.swift: #-----| match -> print(_:separator:terminator:) # 40| print(_:separator:terminator:) +#-----| -> OpaqueValueExpr # 40| call to print(_:separator:terminator:) #-----| -> 0 @@ -366,7 +367,6 @@ cfg.swift: #-----| -> [...] # 40| OpaqueValueExpr -#-----| -> .appendLiteral(_:) # 40| TapExpr #-----| -> "..." @@ -2777,6 +2777,7 @@ cfg.swift: #-----| -> y # 262| y +#-----| -> OpaqueValueExpr # 263| return ... #-----| return -> exit interpolatedString(x:y:) (normal) @@ -2788,7 +2789,6 @@ cfg.swift: #-----| -> return ... # 263| OpaqueValueExpr -#-----| -> .appendLiteral(_:) # 263| TapExpr #-----| -> "..." diff --git a/swift/ql/test/library-tests/dataflow/taint/core/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/library-tests/dataflow/taint/core/CONSISTENCY/CfgConsistency.expected deleted file mode 100644 index 92afde47424..00000000000 --- a/swift/ql/test/library-tests/dataflow/taint/core/CONSISTENCY/CfgConsistency.expected +++ /dev/null @@ -1,15 +0,0 @@ -multipleSuccessors -| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:13:23:13:23 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:13:24:13:24 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:22:12:22:12 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:22:13:22:13 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:23:12:23:12 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:23:13:23:13 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:24:12:24:12 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:24:13:24:13 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:30:12:30:12 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:30:13:30:13 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:31:12:31:12 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:31:13:31:13 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:32:12:32:12 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | stringinterpolation.swift:32:13:32:13 | .appendLiteral(_:) | diff --git a/swift/ql/test/library-tests/dataflow/taint/core/LocalTaint.expected b/swift/ql/test/library-tests/dataflow/taint/core/LocalTaint.expected index 3d58e8a40ad..9986d248b84 100644 --- a/swift/ql/test/library-tests/dataflow/taint/core/LocalTaint.expected +++ b/swift/ql/test/library-tests/dataflow/taint/core/LocalTaint.expected @@ -150,7 +150,7 @@ | stringinterpolation.swift:13:3:13:3 | self | stringinterpolation.swift:13:3:13:3 | &... | | stringinterpolation.swift:13:23:13:23 | "..." | stringinterpolation.swift:13:3:13:3 | [post] &... | | stringinterpolation.swift:13:23:13:23 | "..." | stringinterpolation.swift:13:23:13:23 | [post] "..." | -| stringinterpolation.swift:13:23:13:23 | SSA def($interpolation) | stringinterpolation.swift:13:24:13:24 | SSA phi($interpolation) | +| stringinterpolation.swift:13:23:13:23 | SSA def($interpolation) | stringinterpolation.swift:13:24:13:24 | $interpolation | | stringinterpolation.swift:13:23:13:23 | TapExpr | stringinterpolation.swift:13:23:13:23 | "..." | | stringinterpolation.swift:13:23:13:23 | first is: | stringinterpolation.swift:13:23:13:23 | [post] first is: | | stringinterpolation.swift:13:23:13:23 | first is: | stringinterpolation.swift:13:24:13:24 | [post] &... | @@ -158,7 +158,6 @@ | stringinterpolation.swift:13:24:13:24 | &... | stringinterpolation.swift:13:23:13:23 | [post] first is: | | stringinterpolation.swift:13:24:13:24 | &... | stringinterpolation.swift:13:24:13:24 | [post] &... | | stringinterpolation.swift:13:24:13:24 | &... | stringinterpolation.swift:13:35:13:35 | $interpolation | -| stringinterpolation.swift:13:24:13:24 | SSA phi($interpolation) | stringinterpolation.swift:13:24:13:24 | $interpolation | | stringinterpolation.swift:13:24:13:24 | [post] &... | stringinterpolation.swift:13:35:13:35 | $interpolation | | stringinterpolation.swift:13:35:13:35 | $interpolation | stringinterpolation.swift:13:35:13:35 | &... | | stringinterpolation.swift:13:35:13:35 | &... | stringinterpolation.swift:13:35:13:35 | [post] &... | @@ -179,7 +178,7 @@ | stringinterpolation.swift:19:2:19:2 | p1 | stringinterpolation.swift:20:2:20:2 | p1 | | stringinterpolation.swift:20:2:20:2 | [post] p1 | stringinterpolation.swift:22:21:22:21 | p1 | | stringinterpolation.swift:20:2:20:2 | p1 | stringinterpolation.swift:22:21:22:21 | p1 | -| stringinterpolation.swift:22:12:22:12 | SSA def($interpolation) | stringinterpolation.swift:22:13:22:13 | SSA phi($interpolation) | +| stringinterpolation.swift:22:12:22:12 | SSA def($interpolation) | stringinterpolation.swift:22:13:22:13 | $interpolation | | stringinterpolation.swift:22:12:22:12 | TapExpr | stringinterpolation.swift:22:12:22:12 | "..." | | stringinterpolation.swift:22:12:22:12 | pair: | stringinterpolation.swift:22:12:22:12 | [post] pair: | | stringinterpolation.swift:22:12:22:12 | pair: | stringinterpolation.swift:22:13:22:13 | [post] &... | @@ -187,7 +186,6 @@ | stringinterpolation.swift:22:13:22:13 | &... | stringinterpolation.swift:22:12:22:12 | [post] pair: | | stringinterpolation.swift:22:13:22:13 | &... | stringinterpolation.swift:22:13:22:13 | [post] &... | | stringinterpolation.swift:22:13:22:13 | &... | stringinterpolation.swift:22:20:22:20 | $interpolation | -| stringinterpolation.swift:22:13:22:13 | SSA phi($interpolation) | stringinterpolation.swift:22:13:22:13 | $interpolation | | stringinterpolation.swift:22:13:22:13 | [post] &... | stringinterpolation.swift:22:20:22:20 | $interpolation | | stringinterpolation.swift:22:20:22:20 | $interpolation | stringinterpolation.swift:22:20:22:20 | &... | | stringinterpolation.swift:22:20:22:20 | &... | stringinterpolation.swift:22:20:22:20 | [post] &... | @@ -203,7 +201,7 @@ | stringinterpolation.swift:22:30:22:30 | &... | stringinterpolation.swift:22:30:22:30 | [post] | | stringinterpolation.swift:22:30:22:30 | &... | stringinterpolation.swift:22:30:22:30 | [post] &... | | stringinterpolation.swift:22:30:22:30 | [post] &... | stringinterpolation.swift:22:12:22:12 | TapExpr | -| stringinterpolation.swift:23:12:23:12 | SSA def($interpolation) | stringinterpolation.swift:23:13:23:13 | SSA phi($interpolation) | +| stringinterpolation.swift:23:12:23:12 | SSA def($interpolation) | stringinterpolation.swift:23:13:23:13 | $interpolation | | stringinterpolation.swift:23:12:23:12 | TapExpr | stringinterpolation.swift:23:12:23:12 | "..." | | stringinterpolation.swift:23:12:23:12 | pair: | stringinterpolation.swift:23:12:23:12 | [post] pair: | | stringinterpolation.swift:23:12:23:12 | pair: | stringinterpolation.swift:23:13:23:13 | [post] &... | @@ -211,7 +209,6 @@ | stringinterpolation.swift:23:13:23:13 | &... | stringinterpolation.swift:23:12:23:12 | [post] pair: | | stringinterpolation.swift:23:13:23:13 | &... | stringinterpolation.swift:23:13:23:13 | [post] &... | | stringinterpolation.swift:23:13:23:13 | &... | stringinterpolation.swift:23:20:23:20 | $interpolation | -| stringinterpolation.swift:23:13:23:13 | SSA phi($interpolation) | stringinterpolation.swift:23:13:23:13 | $interpolation | | stringinterpolation.swift:23:13:23:13 | [post] &... | stringinterpolation.swift:23:20:23:20 | $interpolation | | stringinterpolation.swift:23:20:23:20 | $interpolation | stringinterpolation.swift:23:20:23:20 | &... | | stringinterpolation.swift:23:20:23:20 | &... | stringinterpolation.swift:23:20:23:20 | [post] &... | @@ -227,7 +224,7 @@ | stringinterpolation.swift:23:31:23:31 | &... | stringinterpolation.swift:23:31:23:31 | [post] | | stringinterpolation.swift:23:31:23:31 | &... | stringinterpolation.swift:23:31:23:31 | [post] &... | | stringinterpolation.swift:23:31:23:31 | [post] &... | stringinterpolation.swift:23:12:23:12 | TapExpr | -| stringinterpolation.swift:24:12:24:12 | SSA def($interpolation) | stringinterpolation.swift:24:13:24:13 | SSA phi($interpolation) | +| stringinterpolation.swift:24:12:24:12 | SSA def($interpolation) | stringinterpolation.swift:24:13:24:13 | $interpolation | | stringinterpolation.swift:24:12:24:12 | TapExpr | stringinterpolation.swift:24:12:24:12 | "..." | | stringinterpolation.swift:24:12:24:12 | pair: | stringinterpolation.swift:24:12:24:12 | [post] pair: | | stringinterpolation.swift:24:12:24:12 | pair: | stringinterpolation.swift:24:13:24:13 | [post] &... | @@ -235,7 +232,6 @@ | stringinterpolation.swift:24:13:24:13 | &... | stringinterpolation.swift:24:12:24:12 | [post] pair: | | stringinterpolation.swift:24:13:24:13 | &... | stringinterpolation.swift:24:13:24:13 | [post] &... | | stringinterpolation.swift:24:13:24:13 | &... | stringinterpolation.swift:24:20:24:20 | $interpolation | -| stringinterpolation.swift:24:13:24:13 | SSA phi($interpolation) | stringinterpolation.swift:24:13:24:13 | $interpolation | | stringinterpolation.swift:24:13:24:13 | [post] &... | stringinterpolation.swift:24:20:24:20 | $interpolation | | stringinterpolation.swift:24:20:24:20 | $interpolation | stringinterpolation.swift:24:20:24:20 | &... | | stringinterpolation.swift:24:20:24:20 | &... | stringinterpolation.swift:24:20:24:20 | [post] &... | @@ -258,7 +254,7 @@ | stringinterpolation.swift:27:2:27:2 | p2 | stringinterpolation.swift:28:2:28:2 | p2 | | stringinterpolation.swift:28:2:28:2 | [post] p2 | stringinterpolation.swift:30:21:30:21 | p2 | | stringinterpolation.swift:28:2:28:2 | p2 | stringinterpolation.swift:30:21:30:21 | p2 | -| stringinterpolation.swift:30:12:30:12 | SSA def($interpolation) | stringinterpolation.swift:30:13:30:13 | SSA phi($interpolation) | +| stringinterpolation.swift:30:12:30:12 | SSA def($interpolation) | stringinterpolation.swift:30:13:30:13 | $interpolation | | stringinterpolation.swift:30:12:30:12 | TapExpr | stringinterpolation.swift:30:12:30:12 | "..." | | stringinterpolation.swift:30:12:30:12 | pair: | stringinterpolation.swift:30:12:30:12 | [post] pair: | | stringinterpolation.swift:30:12:30:12 | pair: | stringinterpolation.swift:30:13:30:13 | [post] &... | @@ -266,7 +262,6 @@ | stringinterpolation.swift:30:13:30:13 | &... | stringinterpolation.swift:30:12:30:12 | [post] pair: | | stringinterpolation.swift:30:13:30:13 | &... | stringinterpolation.swift:30:13:30:13 | [post] &... | | stringinterpolation.swift:30:13:30:13 | &... | stringinterpolation.swift:30:20:30:20 | $interpolation | -| stringinterpolation.swift:30:13:30:13 | SSA phi($interpolation) | stringinterpolation.swift:30:13:30:13 | $interpolation | | stringinterpolation.swift:30:13:30:13 | [post] &... | stringinterpolation.swift:30:20:30:20 | $interpolation | | stringinterpolation.swift:30:20:30:20 | $interpolation | stringinterpolation.swift:30:20:30:20 | &... | | stringinterpolation.swift:30:20:30:20 | &... | stringinterpolation.swift:30:20:30:20 | [post] &... | @@ -282,7 +277,7 @@ | stringinterpolation.swift:30:30:30:30 | &... | stringinterpolation.swift:30:30:30:30 | [post] | | stringinterpolation.swift:30:30:30:30 | &... | stringinterpolation.swift:30:30:30:30 | [post] &... | | stringinterpolation.swift:30:30:30:30 | [post] &... | stringinterpolation.swift:30:12:30:12 | TapExpr | -| stringinterpolation.swift:31:12:31:12 | SSA def($interpolation) | stringinterpolation.swift:31:13:31:13 | SSA phi($interpolation) | +| stringinterpolation.swift:31:12:31:12 | SSA def($interpolation) | stringinterpolation.swift:31:13:31:13 | $interpolation | | stringinterpolation.swift:31:12:31:12 | TapExpr | stringinterpolation.swift:31:12:31:12 | "..." | | stringinterpolation.swift:31:12:31:12 | pair: | stringinterpolation.swift:31:12:31:12 | [post] pair: | | stringinterpolation.swift:31:12:31:12 | pair: | stringinterpolation.swift:31:13:31:13 | [post] &... | @@ -290,7 +285,6 @@ | stringinterpolation.swift:31:13:31:13 | &... | stringinterpolation.swift:31:12:31:12 | [post] pair: | | stringinterpolation.swift:31:13:31:13 | &... | stringinterpolation.swift:31:13:31:13 | [post] &... | | stringinterpolation.swift:31:13:31:13 | &... | stringinterpolation.swift:31:20:31:20 | $interpolation | -| stringinterpolation.swift:31:13:31:13 | SSA phi($interpolation) | stringinterpolation.swift:31:13:31:13 | $interpolation | | stringinterpolation.swift:31:13:31:13 | [post] &... | stringinterpolation.swift:31:20:31:20 | $interpolation | | stringinterpolation.swift:31:20:31:20 | $interpolation | stringinterpolation.swift:31:20:31:20 | &... | | stringinterpolation.swift:31:20:31:20 | &... | stringinterpolation.swift:31:20:31:20 | [post] &... | @@ -306,7 +300,7 @@ | stringinterpolation.swift:31:31:31:31 | &... | stringinterpolation.swift:31:31:31:31 | [post] | | stringinterpolation.swift:31:31:31:31 | &... | stringinterpolation.swift:31:31:31:31 | [post] &... | | stringinterpolation.swift:31:31:31:31 | [post] &... | stringinterpolation.swift:31:12:31:12 | TapExpr | -| stringinterpolation.swift:32:12:32:12 | SSA def($interpolation) | stringinterpolation.swift:32:13:32:13 | SSA phi($interpolation) | +| stringinterpolation.swift:32:12:32:12 | SSA def($interpolation) | stringinterpolation.swift:32:13:32:13 | $interpolation | | stringinterpolation.swift:32:12:32:12 | TapExpr | stringinterpolation.swift:32:12:32:12 | "..." | | stringinterpolation.swift:32:12:32:12 | pair: | stringinterpolation.swift:32:12:32:12 | [post] pair: | | stringinterpolation.swift:32:12:32:12 | pair: | stringinterpolation.swift:32:13:32:13 | [post] &... | @@ -314,7 +308,6 @@ | stringinterpolation.swift:32:13:32:13 | &... | stringinterpolation.swift:32:12:32:12 | [post] pair: | | stringinterpolation.swift:32:13:32:13 | &... | stringinterpolation.swift:32:13:32:13 | [post] &... | | stringinterpolation.swift:32:13:32:13 | &... | stringinterpolation.swift:32:20:32:20 | $interpolation | -| stringinterpolation.swift:32:13:32:13 | SSA phi($interpolation) | stringinterpolation.swift:32:13:32:13 | $interpolation | | stringinterpolation.swift:32:13:32:13 | [post] &... | stringinterpolation.swift:32:20:32:20 | $interpolation | | stringinterpolation.swift:32:20:32:20 | $interpolation | stringinterpolation.swift:32:20:32:20 | &... | | stringinterpolation.swift:32:20:32:20 | &... | stringinterpolation.swift:32:20:32:20 | [post] &... | diff --git a/swift/ql/test/library-tests/dataflow/taint/libraries/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/library-tests/dataflow/taint/libraries/CONSISTENCY/CfgConsistency.expected index 4fc723b3001..853828d4f77 100644 --- a/swift/ql/test/library-tests/dataflow/taint/libraries/CONSISTENCY/CfgConsistency.expected +++ b/swift/ql/test/library-tests/dataflow/taint/libraries/CONSISTENCY/CfgConsistency.expected @@ -1,18 +1,3 @@ -multipleSuccessors -| file://:0:0:0:0 | $interpolation | successor | string.swift:139:13:139:13 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | string.swift:139:14:139:14 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | string.swift:141:13:141:13 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | string.swift:141:14:141:14 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | string.swift:143:13:143:13 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | string.swift:143:14:143:14 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | string.swift:147:13:147:13 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | string.swift:147:14:147:14 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | string.swift:149:13:149:13 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | string.swift:149:14:149:14 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | string.swift:151:13:151:13 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | string.swift:151:14:151:14 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | string.swift:154:13:154:13 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | string.swift:154:14:154:14 | .appendLiteral(_:) | deadEnd | file://:0:0:0:0 | ... = ... | | file://:0:0:0:0 | ... = ... | diff --git a/swift/ql/test/query-tests/Security/CWE-079/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/query-tests/Security/CWE-079/CONSISTENCY/CfgConsistency.expected deleted file mode 100644 index 7d441114cb6..00000000000 --- a/swift/ql/test/query-tests/Security/CWE-079/CONSISTENCY/CfgConsistency.expected +++ /dev/null @@ -1,9 +0,0 @@ -multipleSuccessors -| file://:0:0:0:0 | $interpolation | successor | UnsafeWebViewFetch.swift:126:25:126:25 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | UnsafeWebViewFetch.swift:126:26:126:26 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | UnsafeWebViewFetch.swift:127:25:127:25 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | UnsafeWebViewFetch.swift:127:26:127:26 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | UnsafeWebViewFetch.swift:173:25:173:25 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | UnsafeWebViewFetch.swift:173:26:173:26 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | UnsafeWebViewFetch.swift:174:25:174:25 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | UnsafeWebViewFetch.swift:174:26:174:26 | .appendLiteral(_:) | diff --git a/swift/ql/test/query-tests/Security/CWE-089/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/query-tests/Security/CWE-089/CONSISTENCY/CfgConsistency.expected index 5d83b4a49ef..069a6ecbc6a 100644 --- a/swift/ql/test/query-tests/Security/CWE-089/CONSISTENCY/CfgConsistency.expected +++ b/swift/ql/test/query-tests/Security/CWE-089/CONSISTENCY/CfgConsistency.expected @@ -1,15 +1,2 @@ -multipleSuccessors -| file://:0:0:0:0 | $interpolation | successor | SQLite.swift:67:21:67:21 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | SQLite.swift:67:22:67:22 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | SQLite.swift:68:19:68:19 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | SQLite.swift:68:20:68:20 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | SQLite.swift:69:19:69:19 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | SQLite.swift:69:20:69:20 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | sqlite3_c_api.swift:127:21:127:21 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | sqlite3_c_api.swift:127:22:127:22 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | sqlite3_c_api.swift:128:19:128:19 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | sqlite3_c_api.swift:128:20:128:20 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | sqlite3_c_api.swift:129:19:129:19 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | sqlite3_c_api.swift:129:20:129:20 | .appendLiteral(_:) | deadEnd | file://:0:0:0:0 | ... = ... | diff --git a/swift/ql/test/query-tests/Security/CWE-134/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/query-tests/Security/CWE-134/CONSISTENCY/CfgConsistency.expected deleted file mode 100644 index dfc53ae7a9a..00000000000 --- a/swift/ql/test/query-tests/Security/CWE-134/CONSISTENCY/CfgConsistency.expected +++ /dev/null @@ -1,3 +0,0 @@ -multipleSuccessors -| file://:0:0:0:0 | $interpolation | successor | UncontrolledFormatString.swift:94:22:94:22 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | UncontrolledFormatString.swift:94:23:94:23 | .appendLiteral(_:) | diff --git a/swift/ql/test/query-tests/Security/CWE-135/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/query-tests/Security/CWE-135/CONSISTENCY/CfgConsistency.expected deleted file mode 100644 index 8898c8876df..00000000000 --- a/swift/ql/test/query-tests/Security/CWE-135/CONSISTENCY/CfgConsistency.expected +++ /dev/null @@ -1,41 +0,0 @@ -multipleSuccessors -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation2.swift:38:11:38:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation2.swift:38:12:38:12 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:46:11:46:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:46:12:46:12 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:47:11:47:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:47:12:47:12 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:48:11:48:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:48:12:48:12 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:57:11:57:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:57:12:57:12 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:61:11:61:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:61:12:61:12 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:67:11:67:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:67:12:67:12 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:75:11:75:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:75:12:75:12 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:82:11:82:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:82:12:82:12 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:91:11:91:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:91:12:91:12 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:97:11:97:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:97:12:97:12 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:101:11:101:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:101:12:101:12 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:105:11:105:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:105:12:105:12 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:109:11:109:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:109:12:109:12 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:115:11:115:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:115:12:115:12 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:121:11:121:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:121:12:121:12 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:127:11:127:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:127:12:127:12 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:133:11:133:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:133:12:133:12 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:139:11:139:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:139:12:139:12 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:145:11:145:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | StringLengthConflation.swift:145:12:145:12 | .appendLiteral(_:) | diff --git a/swift/ql/test/query-tests/Security/CWE-312/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/query-tests/Security/CWE-312/CONSISTENCY/CfgConsistency.expected index 67a549aa5bb..9d02611e7a7 100644 --- a/swift/ql/test/query-tests/Security/CWE-312/CONSISTENCY/CfgConsistency.expected +++ b/swift/ql/test/query-tests/Security/CWE-312/CONSISTENCY/CfgConsistency.expected @@ -1,62 +1,3 @@ -multipleSuccessors -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:98:11:98:11 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:98:12:98:12 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:107:13:107:13 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:107:14:107:14 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:108:13:108:13 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:108:14:108:14 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:109:13:109:13 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:109:14:109:14 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:110:13:110:13 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:110:14:110:14 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:111:13:111:13 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:111:14:111:14 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:112:13:112:13 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:112:14:112:14 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:113:13:113:13 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:113:14:113:14 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:114:13:114:13 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:114:14:114:14 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:115:13:115:13 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:115:14:115:14 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:116:13:116:13 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:116:14:116:14 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:117:13:117:13 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:117:14:117:14 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:118:30:118:30 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:118:31:118:31 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:119:15:119:15 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:119:16:119:16 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:120:15:120:15 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:120:16:120:16 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:121:15:121:15 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:121:16:121:16 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:122:15:122:15 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:122:16:122:16 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:123:14:123:14 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:123:15:123:15 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:124:14:124:14 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:124:15:124:15 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:125:16:125:16 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:125:17:125:17 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:126:16:126:16 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:126:17:126:17 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:127:17:127:17 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:127:18:127:18 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:128:17:128:17 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:128:18:128:18 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:129:15:129:15 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:129:16:129:16 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:130:15:130:15 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:130:16:130:16 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:131:18:131:18 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:131:19:131:19 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:132:18:132:18 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:132:19:132:19 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:133:15:133:15 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:133:16:133:16 | .appendLiteral(_:) | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:134:15:134:15 | OpaqueValueExpr | -| file://:0:0:0:0 | $interpolation | successor | cleartextLoggingTest.swift:134:16:134:16 | .appendLiteral(_:) | deadEnd | file://:0:0:0:0 | ... = ... | | file://:0:0:0:0 | ... = ... | From 51f1a5dcc81b7b5d5b855f1780326686b2506446 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Thu, 25 May 2023 12:22:44 +0200 Subject: [PATCH 648/870] Swift: remove `getOpaqueExpr` from `OpenExistentialExpr`'s children --- swift/ql/.generated.list | 9 ++++---- swift/ql/.gitattributes | 3 ++- .../codeql/swift/generated/ParentChild.qll | 7 +----- swift/ql/lib/codeql/swift/generated/Raw.qll | 17 ++++++++++++-- .../generated/expr/OpenExistentialExpr.qll | 23 +++++++++++++++---- .../CONSISTENCY/PrintAstConsistency.expected | 5 ---- .../OpenExistentialExpr/MISSING_SOURCE.txt | 4 ---- .../OpenExistentialExpr.expected | 1 + .../OpenExistentialExpr.ql | 16 +++++++++++++ .../OpenExistentialExpr_getType.expected | 1 + .../OpenExistentialExpr_getType.ql | 7 ++++++ .../open_existentials.swift | 15 ++++++++++++ .../CONSISTENCY/PrintAstConsistency.expected | 3 --- .../CONSISTENCY/PrintAstConsistency.expected | 13 ----------- .../CONSISTENCY/PrintAstConsistency.expected | 3 --- swift/schema.py | 19 ++++++++++++--- 16 files changed, 98 insertions(+), 48 deletions(-) delete mode 100644 swift/ql/test/extractor-tests/generated/expr/DynamicLookupExpr/CONSISTENCY/PrintAstConsistency.expected delete mode 100644 swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/MISSING_SOURCE.txt create mode 100644 swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/OpenExistentialExpr.expected create mode 100644 swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/OpenExistentialExpr.ql create mode 100644 swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/OpenExistentialExpr_getType.expected create mode 100644 swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/OpenExistentialExpr_getType.ql create mode 100644 swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/open_existentials.swift delete mode 100644 swift/ql/test/extractor-tests/generated/type/OpenedArchetypeType/CONSISTENCY/PrintAstConsistency.expected delete mode 100644 swift/ql/test/library-tests/dataflow/flowsources/CONSISTENCY/PrintAstConsistency.expected delete mode 100644 swift/ql/test/query-tests/Security/CWE-311/CONSISTENCY/PrintAstConsistency.expected diff --git a/swift/ql/.generated.list b/swift/ql/.generated.list index a28e6ba533b..53847acba54 100644 --- a/swift/ql/.generated.list +++ b/swift/ql/.generated.list @@ -381,10 +381,10 @@ lib/codeql/swift/generated/KeyPathComponent.qll 00b1e586b8532f0193b3f61111e70d4e lib/codeql/swift/generated/Locatable.qll bfdf2dafae2829cac8d1e863a93676228d131b5a7f3df87c40d2f3b1839962b8 af243098af0955a40862387edf7526826fde62a64e5e6ca28de9e9603a8622bf lib/codeql/swift/generated/Location.qll 921922352d39449067d9f2788309b5f3490091097ffe35e6aa98f9368626ce2c 0795c63565c4308e745400bc70ea73675160201590a95bb418de4e2ebca32764 lib/codeql/swift/generated/OtherAvailabilitySpec.qll 0e26a203b26ff0581b7396b0c6d1606feec5cc32477f676585cdec4911af91c5 0e26a203b26ff0581b7396b0c6d1606feec5cc32477f676585cdec4911af91c5 -lib/codeql/swift/generated/ParentChild.qll f490202e849b9cbd550ee9d758644b85d43e60d81413e6c28df2850fb1e9a2d6 6b95aeab6b53a880b230ad0c96b6deb519a7368898c844632ae96090de59df99 +lib/codeql/swift/generated/ParentChild.qll 01b27b48a12955a45ea26d0f7888a160faac9fd5fb57a19e87365318e9b21a30 88090ef26a7ce63f4ba88fa735e2c8207fd1de00076532083d93a7a02553797e lib/codeql/swift/generated/PlatformVersionAvailabilitySpec.qll f82d9ca416fe8bd59b5531b65b1c74c9f317b3297a6101544a11339a1cffce38 7f5c6d3309e66c134107afe55bae76dfc9a72cb7cdd6d4c3706b6b34cee09fa0 lib/codeql/swift/generated/PureSynthConstructors.qll 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 -lib/codeql/swift/generated/Raw.qll 8d4880e5ee1fdd120adeb7bf0dfa1399e7b1a53b2cc7598aed8e15cbf996d1c0 da0d446347d29f5cd05281c17c24e87610f31c32adb7e05ab8f3a26bed55bd90 +lib/codeql/swift/generated/Raw.qll 13cf09f9b2f628831b6b715448779366959a4c44b1b5ffc97397654fc8620486 03d60bdb6543d87a83ca50a3977c98c08d936d435981ae0b373f98ecde7a142b lib/codeql/swift/generated/Synth.qll 551fdf7e4b53f9ee1314d1bb42c2638cf82f45bfa1f40a635dfa7b6072e4418c 9ab178464700a19951fc5285acacda4913addee81515d8e072b3d7055935a814 lib/codeql/swift/generated/SynthConstructors.qll 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 lib/codeql/swift/generated/UnknownFile.qll 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 @@ -521,7 +521,7 @@ lib/codeql/swift/generated/expr/ObjCSelectorExpr.qll efc72580627467dce30ab784bfb lib/codeql/swift/generated/expr/ObjectLiteralExpr.qll 199b3a5196bff35681ba2e4bdb546cfbe0a2e265f535d05cfdb89af9c382c1a6 7c6b962565841a634c850d088fd404a3e6f3045e05ff555e1cde0ec02ba8dc8d lib/codeql/swift/generated/expr/OneWayExpr.qll 8464649694b671a8462476fcd3827b07f8448069c7caa9e9efce44d7ce87aee0 c3e143ecd28238342a1d911a468087cc58a751106385f01cbe5a44e19c862d0e lib/codeql/swift/generated/expr/OpaqueValueExpr.qll 354f23d00d5ea2e734fd192130620d26c76c14d5bb7b0a1aa69f17ffb5289793 354f23d00d5ea2e734fd192130620d26c76c14d5bb7b0a1aa69f17ffb5289793 -lib/codeql/swift/generated/expr/OpenExistentialExpr.qll 55ff1b4fdf23b787538f8b8cdc5f382d874221cec230f8fa35189ebf6de09b58 8235fe3387753a0ac389e297bf67b416991117587a98a566620ac9b328887dd6 +lib/codeql/swift/generated/expr/OpenExistentialExpr.qll dfa76a8ce3613f6beb15a1e1ef37588b3862b02044aedad39a70a72d53b0dd4b 0bb2c70df80bccac424e281c772d9cdeac184dabfdbacf609a5a8519e80e923e lib/codeql/swift/generated/expr/OptionalEvaluationExpr.qll 76a3a789b3a4f17dd494f973f099766aa1db97c38cbbd93542e664a7cd7e1680 f56ce693b59cee6713a7cfdb2937a8a4e791d6e80c241ecd333ab197482a2d1b lib/codeql/swift/generated/expr/OptionalTryExpr.qll f0c8dff90faee4fbf07772efda53afe1acc1fd148c16ee4d85a1502a36178e71 f0c8dff90faee4fbf07772efda53afe1acc1fd148c16ee4d85a1502a36178e71 lib/codeql/swift/generated/expr/OtherInitializerRefExpr.qll 9e695cca00e162beadad513d6833f117cee0f364da6f16c7ed3809573c1fbfe2 ff29f1f265e22eefc9166f77fa8adca7f89d3f769591149e21c58c0789577a88 @@ -819,7 +819,8 @@ test/extractor-tests/generated/expr/ObjectLiteralExpr/ObjectLiteralExpr_getArgum test/extractor-tests/generated/expr/ObjectLiteralExpr/ObjectLiteralExpr_getType.ql 07d59d9962f3705f8f32302c0d730c179ca980172dd000b724a72e768fbf39db cd146e19249590316bb83efec19dd41234723513025cf9df45313f78f2b364dd test/extractor-tests/generated/expr/OneWayExpr/MISSING_SOURCE.txt 66846d526b0bc4328735c3c4dd9c390a9325da5b5dfd42ec07622f9c7108a7d7 66846d526b0bc4328735c3c4dd9c390a9325da5b5dfd42ec07622f9c7108a7d7 test/extractor-tests/generated/expr/OpaqueValueExpr/MISSING_SOURCE.txt 66846d526b0bc4328735c3c4dd9c390a9325da5b5dfd42ec07622f9c7108a7d7 66846d526b0bc4328735c3c4dd9c390a9325da5b5dfd42ec07622f9c7108a7d7 -test/extractor-tests/generated/expr/OpenExistentialExpr/MISSING_SOURCE.txt 66846d526b0bc4328735c3c4dd9c390a9325da5b5dfd42ec07622f9c7108a7d7 66846d526b0bc4328735c3c4dd9c390a9325da5b5dfd42ec07622f9c7108a7d7 +test/extractor-tests/generated/expr/OpenExistentialExpr/OpenExistentialExpr.ql 48da42e3a2d44f4ca6b159bc8ba273352984b34fd14a3d6ca15ec9d6c38a2608 ba6a769c8c3c8cea40d64e0339515f59aded493d2c8f9c2447b10bcc43bed5f7 +test/extractor-tests/generated/expr/OpenExistentialExpr/OpenExistentialExpr_getType.ql f8d4ddc40e4bef7760446bfb90f3d2b7438fd5a0a2aa092efd59493fa8a98b23 e54f77a98a38c2c68414a5e6de8de18189ce7f0e68f9c945ab387e52d7e04a12 test/extractor-tests/generated/expr/OptionalEvaluationExpr/MISSING_SOURCE.txt 66846d526b0bc4328735c3c4dd9c390a9325da5b5dfd42ec07622f9c7108a7d7 66846d526b0bc4328735c3c4dd9c390a9325da5b5dfd42ec07622f9c7108a7d7 test/extractor-tests/generated/expr/OptionalTryExpr/MISSING_SOURCE.txt 66846d526b0bc4328735c3c4dd9c390a9325da5b5dfd42ec07622f9c7108a7d7 66846d526b0bc4328735c3c4dd9c390a9325da5b5dfd42ec07622f9c7108a7d7 test/extractor-tests/generated/expr/OtherInitializerRefExpr/MISSING_SOURCE.txt 66846d526b0bc4328735c3c4dd9c390a9325da5b5dfd42ec07622f9c7108a7d7 66846d526b0bc4328735c3c4dd9c390a9325da5b5dfd42ec07622f9c7108a7d7 diff --git a/swift/ql/.gitattributes b/swift/ql/.gitattributes index 71cc5c58ecf..b3bcb997024 100644 --- a/swift/ql/.gitattributes +++ b/swift/ql/.gitattributes @@ -821,7 +821,8 @@ /test/extractor-tests/generated/expr/ObjectLiteralExpr/ObjectLiteralExpr_getType.ql linguist-generated /test/extractor-tests/generated/expr/OneWayExpr/MISSING_SOURCE.txt linguist-generated /test/extractor-tests/generated/expr/OpaqueValueExpr/MISSING_SOURCE.txt linguist-generated -/test/extractor-tests/generated/expr/OpenExistentialExpr/MISSING_SOURCE.txt linguist-generated +/test/extractor-tests/generated/expr/OpenExistentialExpr/OpenExistentialExpr.ql linguist-generated +/test/extractor-tests/generated/expr/OpenExistentialExpr/OpenExistentialExpr_getType.ql linguist-generated /test/extractor-tests/generated/expr/OptionalEvaluationExpr/MISSING_SOURCE.txt linguist-generated /test/extractor-tests/generated/expr/OptionalTryExpr/MISSING_SOURCE.txt linguist-generated /test/extractor-tests/generated/expr/OtherInitializerRefExpr/MISSING_SOURCE.txt linguist-generated diff --git a/swift/ql/lib/codeql/swift/generated/ParentChild.qll b/swift/ql/lib/codeql/swift/generated/ParentChild.qll index 09c48606353..785c67d7d44 100644 --- a/swift/ql/lib/codeql/swift/generated/ParentChild.qll +++ b/swift/ql/lib/codeql/swift/generated/ParentChild.qll @@ -1615,13 +1615,12 @@ private module Impl { private Element getImmediateChildOfOpenExistentialExpr( OpenExistentialExpr e, int index, string partialPredicateCall ) { - exists(int b, int bExpr, int n, int nSubExpr, int nExistential, int nOpaqueExpr | + exists(int b, int bExpr, int n, int nSubExpr, int nExistential | b = 0 and bExpr = b + 1 + max(int i | i = -1 or exists(getImmediateChildOfExpr(e, i, _)) | i) and n = bExpr and nSubExpr = n + 1 and nExistential = nSubExpr + 1 and - nOpaqueExpr = nExistential + 1 and ( none() or @@ -1632,10 +1631,6 @@ private module Impl { index = nSubExpr and result = e.getImmediateExistential() and partialPredicateCall = "Existential()" - or - index = nExistential and - result = e.getImmediateOpaqueExpr() and - partialPredicateCall = "OpaqueExpr()" ) ) } diff --git a/swift/ql/lib/codeql/swift/generated/Raw.qll b/swift/ql/lib/codeql/swift/generated/Raw.qll index dc5ddeed979..8ebecc81a15 100644 --- a/swift/ql/lib/codeql/swift/generated/Raw.qll +++ b/swift/ql/lib/codeql/swift/generated/Raw.qll @@ -1434,22 +1434,35 @@ module Raw { /** * INTERNAL: Do not use. + * An implicit expression created by the compiler when a method is called on a protocol. For example in + * ``` + * protocol P { + * func foo() -> Int + * } + * func bar(x: P) -> Int { + * return x.foo() + * } + * `x.foo()` is actually wrapped in an `OpenExistentialExpr` that "opens" `x` replacing it in its subexpression with + * an `OpaqueValueExpr`. + * ``` */ class OpenExistentialExpr extends @open_existential_expr, Expr { override string toString() { result = "OpenExistentialExpr" } /** * Gets the sub expression of this open existential expression. + * + * This wrapped subexpression is where the opaque value and the dynamic type under the protocol type may be used. */ Expr getSubExpr() { open_existential_exprs(this, result, _, _) } /** - * Gets the existential of this open existential expression. + * Gets the protocol-typed expression opened by this expression. */ Expr getExistential() { open_existential_exprs(this, _, result, _) } /** - * Gets the opaque expression of this open existential expression. + * Gets the opaque value expression embedded within `getSubExpr()`. */ OpaqueValueExpr getOpaqueExpr() { open_existential_exprs(this, _, _, result) } } diff --git a/swift/ql/lib/codeql/swift/generated/expr/OpenExistentialExpr.qll b/swift/ql/lib/codeql/swift/generated/expr/OpenExistentialExpr.qll index 72d7f0c6361..21a602c15a1 100644 --- a/swift/ql/lib/codeql/swift/generated/expr/OpenExistentialExpr.qll +++ b/swift/ql/lib/codeql/swift/generated/expr/OpenExistentialExpr.qll @@ -5,6 +5,19 @@ import codeql.swift.elements.expr.Expr import codeql.swift.elements.expr.OpaqueValueExpr module Generated { + /** + * An implicit expression created by the compiler when a method is called on a protocol. For example in + * ``` + * protocol P { + * func foo() -> Int + * } + * func bar(x: P) -> Int { + * return x.foo() + * } + * `x.foo()` is actually wrapped in an `OpenExistentialExpr` that "opens" `x` replacing it in its subexpression with + * an `OpaqueValueExpr`. + * ``` + */ class OpenExistentialExpr extends Synth::TOpenExistentialExpr, Expr { override string getAPrimaryQlClass() { result = "OpenExistentialExpr" } @@ -23,6 +36,8 @@ module Generated { /** * Gets the sub expression of this open existential expression. + * + * This wrapped subexpression is where the opaque value and the dynamic type under the protocol type may be used. */ final Expr getSubExpr() { exists(Expr immediate | @@ -32,7 +47,7 @@ module Generated { } /** - * Gets the existential of this open existential expression. + * Gets the protocol-typed expression opened by this expression. * * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the * behavior of both the `Immediate` and non-`Immediate` versions. @@ -45,7 +60,7 @@ module Generated { } /** - * Gets the existential of this open existential expression. + * Gets the protocol-typed expression opened by this expression. */ final Expr getExistential() { exists(Expr immediate | @@ -55,7 +70,7 @@ module Generated { } /** - * Gets the opaque expression of this open existential expression. + * Gets the opaque value expression embedded within `getSubExpr()`. * * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the * behavior of both the `Immediate` and non-`Immediate` versions. @@ -68,7 +83,7 @@ module Generated { } /** - * Gets the opaque expression of this open existential expression. + * Gets the opaque value expression embedded within `getSubExpr()`. */ final OpaqueValueExpr getOpaqueExpr() { exists(OpaqueValueExpr immediate | diff --git a/swift/ql/test/extractor-tests/generated/expr/DynamicLookupExpr/CONSISTENCY/PrintAstConsistency.expected b/swift/ql/test/extractor-tests/generated/expr/DynamicLookupExpr/CONSISTENCY/PrintAstConsistency.expected deleted file mode 100644 index 768d459dd00..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/DynamicLookupExpr/CONSISTENCY/PrintAstConsistency.expected +++ /dev/null @@ -1,5 +0,0 @@ -doubleParents -| dynamic_lookup.swift:15:1:15:3 | [DynamicMemberRefExpr] .foo(_:) | getBase() | dynamic_lookup.swift:15:1:15:3 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | dynamic_lookup.swift:15:1:15:1 | [OpaqueValueExpr] OpaqueValueExpr | -| dynamic_lookup.swift:15:1:15:3 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | dynamic_lookup.swift:15:1:15:3 | [DynamicMemberRefExpr] .foo(_:) | getBase() | dynamic_lookup.swift:15:1:15:1 | [OpaqueValueExpr] OpaqueValueExpr | -| dynamic_lookup.swift:16:5:16:9 | [DynamicSubscriptExpr] subscript ...[...] | getBase() | dynamic_lookup.swift:16:5:16:9 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | dynamic_lookup.swift:16:5:16:5 | [OpaqueValueExpr] OpaqueValueExpr | -| dynamic_lookup.swift:16:5:16:9 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | dynamic_lookup.swift:16:5:16:9 | [DynamicSubscriptExpr] subscript ...[...] | getBase() | dynamic_lookup.swift:16:5:16:5 | [OpaqueValueExpr] OpaqueValueExpr | diff --git a/swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/MISSING_SOURCE.txt b/swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/MISSING_SOURCE.txt deleted file mode 100644 index 25daf3d23a2..00000000000 --- a/swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/MISSING_SOURCE.txt +++ /dev/null @@ -1,4 +0,0 @@ -// generated by codegen/codegen.py - -After a source file is added in this directory and codegen/codegen.py is run again, test queries -will appear and this file will be deleted diff --git a/swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/OpenExistentialExpr.expected b/swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/OpenExistentialExpr.expected new file mode 100644 index 00000000000..4d2e4f05c6e --- /dev/null +++ b/swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/OpenExistentialExpr.expected @@ -0,0 +1 @@ +| open_existentials.swift:14:5:14:19 | OpenExistentialExpr | hasType: | yes | getSubExpr: | open_existentials.swift:14:5:14:19 | call to foo() | getExistential: | open_existentials.swift:14:5:14:13 | call to createP() | getOpaqueExpr: | open_existentials.swift:14:5:14:13 | OpaqueValueExpr | diff --git a/swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/OpenExistentialExpr.ql b/swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/OpenExistentialExpr.ql new file mode 100644 index 00000000000..ddff95364d2 --- /dev/null +++ b/swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/OpenExistentialExpr.ql @@ -0,0 +1,16 @@ +// generated by codegen/codegen.py +import codeql.swift.elements +import TestUtils + +from + OpenExistentialExpr x, string hasType, Expr getSubExpr, Expr getExistential, + OpaqueValueExpr getOpaqueExpr +where + toBeTested(x) and + not x.isUnknown() and + (if x.hasType() then hasType = "yes" else hasType = "no") and + getSubExpr = x.getSubExpr() and + getExistential = x.getExistential() and + getOpaqueExpr = x.getOpaqueExpr() +select x, "hasType:", hasType, "getSubExpr:", getSubExpr, "getExistential:", getExistential, + "getOpaqueExpr:", getOpaqueExpr diff --git a/swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/OpenExistentialExpr_getType.expected b/swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/OpenExistentialExpr_getType.expected new file mode 100644 index 00000000000..2103b344895 --- /dev/null +++ b/swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/OpenExistentialExpr_getType.expected @@ -0,0 +1 @@ +| open_existentials.swift:14:5:14:19 | OpenExistentialExpr | () | diff --git a/swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/OpenExistentialExpr_getType.ql b/swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/OpenExistentialExpr_getType.ql new file mode 100644 index 00000000000..11f926e60ce --- /dev/null +++ b/swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/OpenExistentialExpr_getType.ql @@ -0,0 +1,7 @@ +// generated by codegen/codegen.py +import codeql.swift.elements +import TestUtils + +from OpenExistentialExpr x +where toBeTested(x) and not x.isUnknown() +select x, x.getType() diff --git a/swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/open_existentials.swift b/swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/open_existentials.swift new file mode 100644 index 00000000000..1cd9a688da6 --- /dev/null +++ b/swift/ql/test/extractor-tests/generated/expr/OpenExistentialExpr/open_existentials.swift @@ -0,0 +1,15 @@ +protocol P { + func foo() -> () +} + +class C : P { + func foo() {} +} + +func createP() -> P { + return C() +} + +func test() { + createP().foo() +} diff --git a/swift/ql/test/extractor-tests/generated/type/OpenedArchetypeType/CONSISTENCY/PrintAstConsistency.expected b/swift/ql/test/extractor-tests/generated/type/OpenedArchetypeType/CONSISTENCY/PrintAstConsistency.expected deleted file mode 100644 index 3eda02b23e1..00000000000 --- a/swift/ql/test/extractor-tests/generated/type/OpenedArchetypeType/CONSISTENCY/PrintAstConsistency.expected +++ /dev/null @@ -1,3 +0,0 @@ -doubleParents -| opened_archetypes.swift:24:10:24:16 | [MemberRefExpr] .isFooMember | getBase() | opened_archetypes.swift:24:10:24:16 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | opened_archetypes.swift:24:10:24:10 | [OpaqueValueExpr] OpaqueValueExpr | -| opened_archetypes.swift:24:10:24:16 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | opened_archetypes.swift:24:10:24:16 | [MemberRefExpr] .isFooMember | getBase() | opened_archetypes.swift:24:10:24:10 | [OpaqueValueExpr] OpaqueValueExpr | diff --git a/swift/ql/test/library-tests/dataflow/flowsources/CONSISTENCY/PrintAstConsistency.expected b/swift/ql/test/library-tests/dataflow/flowsources/CONSISTENCY/PrintAstConsistency.expected deleted file mode 100644 index 6f3e5d56f99..00000000000 --- a/swift/ql/test/library-tests/dataflow/flowsources/CONSISTENCY/PrintAstConsistency.expected +++ /dev/null @@ -1,13 +0,0 @@ -doubleParents -| generics.swift:93:9:93:15 | [MemberRefExpr] .source0 | getBase() | generics.swift:93:9:93:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:93:9:93:9 | [OpaqueValueExpr] OpaqueValueExpr | -| generics.swift:93:9:93:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:93:9:93:15 | [MemberRefExpr] .source0 | getBase() | generics.swift:93:9:93:9 | [OpaqueValueExpr] OpaqueValueExpr | -| generics.swift:94:9:94:15 | [MemberRefExpr] .source1 | getBase() | generics.swift:94:9:94:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:94:9:94:9 | [OpaqueValueExpr] OpaqueValueExpr | -| generics.swift:94:9:94:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:94:9:94:15 | [MemberRefExpr] .source1 | getBase() | generics.swift:94:9:94:9 | [OpaqueValueExpr] OpaqueValueExpr | -| generics.swift:95:9:95:15 | [MemberRefExpr] .source2 | getBase() | generics.swift:95:9:95:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:95:9:95:9 | [OpaqueValueExpr] OpaqueValueExpr | -| generics.swift:95:9:95:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:95:9:95:15 | [MemberRefExpr] .source2 | getBase() | generics.swift:95:9:95:9 | [OpaqueValueExpr] OpaqueValueExpr | -| generics.swift:125:9:125:15 | [MemberRefExpr] .source0 | getBase() | generics.swift:125:9:125:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:125:9:125:9 | [OpaqueValueExpr] OpaqueValueExpr | -| generics.swift:125:9:125:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:125:9:125:15 | [MemberRefExpr] .source0 | getBase() | generics.swift:125:9:125:9 | [OpaqueValueExpr] OpaqueValueExpr | -| generics.swift:126:9:126:15 | [MemberRefExpr] .source1 | getBase() | generics.swift:126:9:126:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:126:9:126:9 | [OpaqueValueExpr] OpaqueValueExpr | -| generics.swift:126:9:126:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:126:9:126:15 | [MemberRefExpr] .source1 | getBase() | generics.swift:126:9:126:9 | [OpaqueValueExpr] OpaqueValueExpr | -| generics.swift:127:9:127:15 | [MemberRefExpr] .source2 | getBase() | generics.swift:127:9:127:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:127:9:127:9 | [OpaqueValueExpr] OpaqueValueExpr | -| generics.swift:127:9:127:15 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | generics.swift:127:9:127:15 | [MemberRefExpr] .source2 | getBase() | generics.swift:127:9:127:9 | [OpaqueValueExpr] OpaqueValueExpr | diff --git a/swift/ql/test/query-tests/Security/CWE-311/CONSISTENCY/PrintAstConsistency.expected b/swift/ql/test/query-tests/Security/CWE-311/CONSISTENCY/PrintAstConsistency.expected deleted file mode 100644 index e1a86b483ac..00000000000 --- a/swift/ql/test/query-tests/Security/CWE-311/CONSISTENCY/PrintAstConsistency.expected +++ /dev/null @@ -1,3 +0,0 @@ -doubleParents -| file://:0:0:0:0 | [MethodLookupExpr] .container(keyedBy:) | getBase() | file://:0:0:0:0 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | file://:0:0:0:0 | [OpaqueValueExpr] OpaqueValueExpr | -| file://:0:0:0:0 | [OpenExistentialExpr] OpenExistentialExpr | getOpaqueExpr() | file://:0:0:0:0 | [MethodLookupExpr] .container(keyedBy:) | getBase() | file://:0:0:0:0 | [OpaqueValueExpr] OpaqueValueExpr | diff --git a/swift/schema.py b/swift/schema.py index 8fc0941e171..ef2c357899f 100644 --- a/swift/schema.py +++ b/swift/schema.py @@ -516,9 +516,22 @@ class OpaqueValueExpr(Expr): pass class OpenExistentialExpr(Expr): - sub_expr: Expr | child - existential: Expr | child - opaque_expr: OpaqueValueExpr | child + """ An implicit expression created by the compiler when a method is called on a protocol. For example in + ``` + protocol P { + func foo() -> Int + } + func bar(x: P) -> Int { + return x.foo() + } + `x.foo()` is actually wrapped in an `OpenExistentialExpr` that "opens" `x` replacing it in its subexpression with + an `OpaqueValueExpr`. + ``` + """ + sub_expr: Expr | child | desc(""" + This wrapped subexpression is where the opaque value and the dynamic type under the protocol type may be used.""") + existential: Expr | child | doc("protocol-typed expression opened by this expression") + opaque_expr: OpaqueValueExpr | doc("opaque value expression embedded within `getSubExpr()`") class OptionalEvaluationExpr(Expr): sub_expr: Expr | child From 765076bcba4b720a5eddf279f2479ce4e2bb8497 Mon Sep 17 00:00:00 2001 From: erik-krogh <erik-krogh@github.com> Date: Thu, 25 May 2023 13:28:39 +0200 Subject: [PATCH 649/870] fix whitespace in the samples in ReDoS.qhelp --- java/ql/src/Security/CWE/CWE-730/ReDoS.qhelp | 3 +-- javascript/ql/src/Performance/ReDoS.qhelp | 3 +-- python/ql/src/Security/CWE-730/ReDoS.qhelp | 3 +-- ruby/ql/src/queries/security/cwe-1333/ReDoS.qhelp | 3 +-- 4 files changed, 4 insertions(+), 8 deletions(-) diff --git a/java/ql/src/Security/CWE/CWE-730/ReDoS.qhelp b/java/ql/src/Security/CWE/CWE-730/ReDoS.qhelp index 08b67acb638..9f0d7a6fa07 100644 --- a/java/ql/src/Security/CWE/CWE-730/ReDoS.qhelp +++ b/java/ql/src/Security/CWE/CWE-730/ReDoS.qhelp @@ -25,8 +25,7 @@ the two branches of the alternative inside the repetition: </p> <sample language="java"> - ^_(__|[^_])+_$ - </sample> +^_(__|[^_])+_$</sample> </example> <include src="ReDoSReferences.inc.qhelp"/> diff --git a/javascript/ql/src/Performance/ReDoS.qhelp b/javascript/ql/src/Performance/ReDoS.qhelp index 21b937b17ef..a020a319207 100644 --- a/javascript/ql/src/Performance/ReDoS.qhelp +++ b/javascript/ql/src/Performance/ReDoS.qhelp @@ -25,8 +25,7 @@ the two branches of the alternative inside the repetition: </p> <sample language="javascript"> - /^_(__|[^_])+_$/ - </sample> +/^_(__|[^_])+_$/</sample> </example> <include src="ReDoSReferences.inc.qhelp"/> diff --git a/python/ql/src/Security/CWE-730/ReDoS.qhelp b/python/ql/src/Security/CWE-730/ReDoS.qhelp index 9cfbcc32354..74f3b8b87a1 100644 --- a/python/ql/src/Security/CWE-730/ReDoS.qhelp +++ b/python/ql/src/Security/CWE-730/ReDoS.qhelp @@ -25,8 +25,7 @@ the two branches of the alternative inside the repetition: </p> <sample language="python"> - ^_(__|[^_])+_$ - </sample> +^_(__|[^_])+_$</sample> </example> <include src="ReDoSReferences.inc.qhelp"/> diff --git a/ruby/ql/src/queries/security/cwe-1333/ReDoS.qhelp b/ruby/ql/src/queries/security/cwe-1333/ReDoS.qhelp index 4c85702a0d3..901315cba72 100644 --- a/ruby/ql/src/queries/security/cwe-1333/ReDoS.qhelp +++ b/ruby/ql/src/queries/security/cwe-1333/ReDoS.qhelp @@ -21,8 +21,7 @@ repetition: </p> <sample language="ruby"> - /^_(__|[^_])+_$/ - </sample> +/^_(__|[^_])+_$/</sample> </example> <include src="ReDoSReferences.inc.qhelp"/> </qhelp> From 9f5bf8fb2268d6975e9d791ad1b54da89428646c Mon Sep 17 00:00:00 2001 From: erik-krogh <erik-krogh@github.com> Date: Thu, 25 May 2023 13:56:29 +0200 Subject: [PATCH 650/870] also fix the first code-block --- java/ql/src/Security/CWE/CWE-730/ReDoS.qhelp | 3 +-- javascript/ql/src/Performance/ReDoS.qhelp | 3 +-- python/ql/src/Security/CWE-730/ReDoS.qhelp | 3 +-- ruby/ql/src/queries/security/cwe-1333/ReDoS.qhelp | 3 +-- 4 files changed, 4 insertions(+), 8 deletions(-) diff --git a/java/ql/src/Security/CWE/CWE-730/ReDoS.qhelp b/java/ql/src/Security/CWE/CWE-730/ReDoS.qhelp index 9f0d7a6fa07..7fcdb97535b 100644 --- a/java/ql/src/Security/CWE/CWE-730/ReDoS.qhelp +++ b/java/ql/src/Security/CWE/CWE-730/ReDoS.qhelp @@ -11,8 +11,7 @@ Consider this regular expression: </p> <sample language="java"> - ^_(__|.)+_$ - </sample> +^_(__|.)+_$</sample> <p> Its sub-expression <code>"(__|.)+?"</code> can match the string <code>"__"</code> either by the first alternative <code>"__"</code> to the left of the <code>"|"</code> operator, or by two diff --git a/javascript/ql/src/Performance/ReDoS.qhelp b/javascript/ql/src/Performance/ReDoS.qhelp index a020a319207..c152d646201 100644 --- a/javascript/ql/src/Performance/ReDoS.qhelp +++ b/javascript/ql/src/Performance/ReDoS.qhelp @@ -11,8 +11,7 @@ Consider this regular expression: </p> <sample language="javascript"> - /^_(__|.)+_$/ - </sample> +/^_(__|.)+_$/</sample> <p> Its sub-expression <code>"(__|.)+?"</code> can match the string <code>"__"</code> either by the first alternative <code>"__"</code> to the left of the <code>"|"</code> operator, or by two diff --git a/python/ql/src/Security/CWE-730/ReDoS.qhelp b/python/ql/src/Security/CWE-730/ReDoS.qhelp index 74f3b8b87a1..a881d94cd9f 100644 --- a/python/ql/src/Security/CWE-730/ReDoS.qhelp +++ b/python/ql/src/Security/CWE-730/ReDoS.qhelp @@ -11,8 +11,7 @@ Consider this regular expression: </p> <sample language="python"> - ^_(__|.)+_$ - </sample> +^_(__|.)+_$</sample> <p> Its sub-expression <code>"(__|.)+?"</code> can match the string <code>"__"</code> either by the first alternative <code>"__"</code> to the left of the <code>"|"</code> operator, or by two diff --git a/ruby/ql/src/queries/security/cwe-1333/ReDoS.qhelp b/ruby/ql/src/queries/security/cwe-1333/ReDoS.qhelp index 901315cba72..4c19e2bb6fe 100644 --- a/ruby/ql/src/queries/security/cwe-1333/ReDoS.qhelp +++ b/ruby/ql/src/queries/security/cwe-1333/ReDoS.qhelp @@ -4,8 +4,7 @@ <example> <p>Consider this regular expression:</p> <sample language="ruby"> - /^_(__|.)+_$/ - </sample> +/^_(__|.)+_$/</sample> <p> Its sub-expression <code>"(__|.)+?"</code> can match the string <code>"__"</code> either by the first alternative <code>"__"</code> to the From 5e66885a8e81ea9c0eac71df0cab0621e066f8f9 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Thu, 25 May 2023 14:00:04 +0200 Subject: [PATCH 651/870] Swift: add change note --- .../2023-05-25-fix-ast-and-cfg-inconsistencies.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 swift/ql/lib/change-notes/2023-05-25-fix-ast-and-cfg-inconsistencies.md diff --git a/swift/ql/lib/change-notes/2023-05-25-fix-ast-and-cfg-inconsistencies.md b/swift/ql/lib/change-notes/2023-05-25-fix-ast-and-cfg-inconsistencies.md new file mode 100644 index 00000000000..d7806a38360 --- /dev/null +++ b/swift/ql/lib/change-notes/2023-05-25-fix-ast-and-cfg-inconsistencies.md @@ -0,0 +1,14 @@ +--- +category: fix +--- + +* Fixed some AST printing inconsistencies leading to a non-tree AST. In particular: + * `getOpaqueExpr()` is not considered a child of `OpenExistentialExpr` anymore, as it is + actually a reference to an expression nested within `getSubExpr()`; + * fixed some corner cases involving synthesized `PatternBindingDecl`s for variables wrapped with + property wrappers. +* Fixed some control flow graph inconsistencies leading to multiple successors and dead ends. + In particular: + * fixed the corner cases mentioned above for AST printing, which were a problem also for the + control graph; + * fixed an inconsistency caused by an unneeded special treatment of `TapExpr`. From 791ba81403721610f45f8d601413f78d2245d5a5 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 25 May 2023 13:23:52 +0100 Subject: [PATCH 652/870] Swift: Add change note. --- .../change-notes/2023-05-25-string-length-conflation-fp.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 swift/ql/src/change-notes/2023-05-25-string-length-conflation-fp.md diff --git a/swift/ql/src/change-notes/2023-05-25-string-length-conflation-fp.md b/swift/ql/src/change-notes/2023-05-25-string-length-conflation-fp.md new file mode 100644 index 00000000000..937ebd4b41a --- /dev/null +++ b/swift/ql/src/change-notes/2023-05-25-string-length-conflation-fp.md @@ -0,0 +1,4 @@ +— +category: minorAnalysis +— +* Fixed some false positive results from the `swift/string-length-conflation` query, caused by imprecise sinks. From 93678e5d363d059b09092b228729dde84edb1a07 Mon Sep 17 00:00:00 2001 From: Asger F <asgerf@github.com> Date: Thu, 25 May 2023 12:51:26 +0200 Subject: [PATCH 653/870] Ruby: fix name of super calls in singleton methods --- ruby/ql/lib/codeql/ruby/ast/internal/Call.qll | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll b/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll index 74acef8e860..e3faf292023 100644 --- a/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll +++ b/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll @@ -121,13 +121,15 @@ private Ruby::AstNode getSuperParent(Ruby::Super sup) { result = sup or result = getSuperParent(sup).getParent() and - not result instanceof Ruby::Method + not result instanceof Ruby::Method and + not result instanceof Ruby::SingletonMethod } private string getSuperMethodName(Ruby::Super sup) { - exists(Ruby::Method meth | - meth = getSuperParent(sup).getParent() and + exists(Ruby::AstNode meth | meth = getSuperParent(sup).getParent() | result = any(Method c | toGenerated(c) = meth).getName() + or + result = any(SingletonMethod c | toGenerated(c) = meth).getName() ) } From 9e8cef5e1b994c9c112ee97ea74605de981f4956 Mon Sep 17 00:00:00 2001 From: Asger F <asgerf@github.com> Date: Thu, 25 May 2023 15:02:29 +0200 Subject: [PATCH 654/870] Ruby: fix type-tracking flow-through for new->initialize calls --- .../ruby/typetracking/TypeTrackerSpecific.qll | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll b/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll index 7283ffedf09..55ec26258d6 100644 --- a/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll +++ b/ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll @@ -89,12 +89,23 @@ private predicate flowThrough(DataFlowPublic::ParameterNode param) { ) } +/** Holds if there is flow from `arg` to `p` via the call `call`, not counting `new -> initialize` call steps. */ +pragma[nomagic] +predicate callStepNoInitialize( + ExprNodes::CallCfgNode call, Node arg, DataFlowPrivate::ParameterNodeImpl p +) { + exists(DataFlowDispatch::ParameterPosition pos | + argumentPositionMatch(call, arg, pos) and + p.isSourceParameterOf(DataFlowDispatch::getTarget(call), pos) + ) +} + /** Holds if there is a level step from `nodeFrom` to `nodeTo`, which may depend on the call graph. */ pragma[nomagic] predicate levelStepCall(Node nodeFrom, Node nodeTo) { exists(DataFlowPublic::ParameterNode param | flowThrough(param) and - callStep(nodeTo.asExpr(), nodeFrom, param) + callStepNoInitialize(nodeTo.asExpr(), nodeFrom, param) ) } From 242d263e8a11617492d7375193f7841521306431 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Tue, 23 May 2023 15:18:15 +0200 Subject: [PATCH 655/870] Codegen: move ipa info from `ql.Class` to `ql.Property` --- misc/codegen/generators/qlgen.py | 6 +++--- misc/codegen/lib/ql.py | 2 +- misc/codegen/templates/ql_class.mustache | 16 ++++++++-------- misc/codegen/test/test_qlgen.py | 16 ++++++++++++---- 4 files changed, 24 insertions(+), 16 deletions(-) diff --git a/misc/codegen/generators/qlgen.py b/misc/codegen/generators/qlgen.py index 7affea51828..49b1b537bc2 100755 --- a/misc/codegen/generators/qlgen.py +++ b/misc/codegen/generators/qlgen.py @@ -110,7 +110,8 @@ def get_ql_property(cls: schema.Class, prop: schema.Property, prev_child: str = is_optional=prop.is_optional, is_predicate=prop.is_predicate, is_unordered=prop.is_unordered, - description=prop.description + description=prop.description, + synth=bool(cls.ipa), ) if prop.is_single: args.update( @@ -162,7 +163,6 @@ def get_ql_class(cls: schema.Class) -> ql.Class: final=not cls.derived, properties=properties, dir=pathlib.Path(cls.group or ""), - ipa=bool(cls.ipa), doc=cls.doc, **pragmas, ) @@ -342,7 +342,7 @@ def generate(opts, renderer): with renderer.manage(generated=generated, stubs=stubs, registry=opts.generated_registry, force=opts.force) as renderer: - db_classes = [cls for cls in classes.values() if not cls.ipa] + db_classes = [cls for name, cls in classes.items() if not data.classes[name].ipa] renderer.render(ql.DbClasses(db_classes), out / "Raw.qll") classes_by_dir_and_name = sorted(classes.values(), key=lambda cls: (cls.dir, cls.name)) diff --git a/misc/codegen/lib/ql.py b/misc/codegen/lib/ql.py index 97165053fd0..e4bac3197cb 100644 --- a/misc/codegen/lib/ql.py +++ b/misc/codegen/lib/ql.py @@ -42,6 +42,7 @@ class Property: description: List[str] = field(default_factory=list) doc: Optional[str] = None doc_plural: Optional[str] = None + synth: bool = False def __post_init__(self): if self.tableparams: @@ -111,7 +112,6 @@ class Class: qltest_collapse_hierarchy: bool = False qltest_uncollapse_hierarchy: bool = False ql_internal: bool = False - ipa: bool = False doc: List[str] = field(default_factory=list) def __post_init__(self): diff --git a/misc/codegen/templates/ql_class.mustache b/misc/codegen/templates/ql_class.mustache index 9f72caef392..8ee465bf993 100644 --- a/misc/codegen/templates/ql_class.mustache +++ b/misc/codegen/templates/ql_class.mustache @@ -67,12 +67,12 @@ module Generated { * behavior of both the `Immediate` and non-`Immediate` versions. */ {{type}} get{{#is_unordered}}An{{/is_unordered}}Immediate{{singular}}({{#is_indexed}}int index{{/is_indexed}}) { - {{^ipa}} + {{^synth}} result = Synth::convert{{type}}FromRaw(Synth::convert{{name}}ToRaw(this){{^root}}.(Raw::{{name}}){{/root}}.{{getter}}({{#is_indexed}}index{{/is_indexed}})) - {{/ipa}} - {{#ipa}} + {{/synth}} + {{#synth}} none() - {{/ipa}} + {{/synth}} } /** @@ -99,12 +99,12 @@ module Generated { {{/has_description}} */ {{type}} {{getter}}({{#is_indexed}}int index{{/is_indexed}}) { - {{^ipa}} + {{^synth}} {{^is_predicate}}result = {{/is_predicate}}Synth::convert{{name}}ToRaw(this){{^root}}.(Raw::{{name}}){{/root}}.{{getter}}({{#is_indexed}}index{{/is_indexed}}) - {{/ipa}} - {{#ipa}} + {{/synth}} + {{#synth}} none() - {{/ipa}} + {{/synth}} } {{/type_is_class}} diff --git a/misc/codegen/test/test_qlgen.py b/misc/codegen/test/test_qlgen.py index 1cd85762315..6ed83edf4e0 100644 --- a/misc/codegen/test/test_qlgen.py +++ b/misc/codegen/test/test_qlgen.py @@ -861,25 +861,33 @@ def test_property_on_class_with_default_doc_name(generate_classes): def test_stub_on_class_with_ipa_from_class(generate_classes): assert generate_classes([ - schema.Class("MyObject", ipa=schema.IpaInfo(from_class="A")), + schema.Class("MyObject", ipa=schema.IpaInfo(from_class="A"), + properties=[schema.SingleProperty("foo", "bar")]), ]) == { "MyObject.qll": (a_ql_stub(name="MyObject", base_import=gen_import_prefix + "MyObject", ipa_accessors=[ ql.IpaUnderlyingAccessor(argument="Entity", type="Raw::A", constructorparams=["result"]), ]), - a_ql_class(name="MyObject", final=True, ipa=True)), + a_ql_class(name="MyObject", final=True, properties=[ + ql.Property(singular="Foo", type="bar", tablename="my_objects", synth=True, + tableparams=["this", "result"], doc="foo of this my object"), + ])), } def test_stub_on_class_with_ipa_on_arguments(generate_classes): assert generate_classes([ - schema.Class("MyObject", ipa=schema.IpaInfo(on_arguments={"base": "A", "index": "int", "label": "string"})), + schema.Class("MyObject", ipa=schema.IpaInfo(on_arguments={"base": "A", "index": "int", "label": "string"}), + properties=[schema.SingleProperty("foo", "bar")]), ]) == { "MyObject.qll": (a_ql_stub(name="MyObject", base_import=gen_import_prefix + "MyObject", ipa_accessors=[ ql.IpaUnderlyingAccessor(argument="Base", type="Raw::A", constructorparams=["result", "_", "_"]), ql.IpaUnderlyingAccessor(argument="Index", type="int", constructorparams=["_", "result", "_"]), ql.IpaUnderlyingAccessor(argument="Label", type="string", constructorparams=["_", "_", "result"]), ]), - a_ql_class(name="MyObject", final=True, ipa=True)), + a_ql_class(name="MyObject", final=True, properties=[ + ql.Property(singular="Foo", type="bar", tablename="my_objects", synth=True, + tableparams=["this", "result"], doc="foo of this my object"), + ])), } From 165ac3eeaa2104b5947cc0869e9c9479abfa8e3c Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Tue, 23 May 2023 15:28:53 +0200 Subject: [PATCH 656/870] Codegen: define and propagate `synth` property flag --- misc/codegen/generators/qlgen.py | 2 +- misc/codegen/lib/schema.py | 1 + misc/codegen/test/test_qlgen.py | 14 ++++++++++++++ 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/misc/codegen/generators/qlgen.py b/misc/codegen/generators/qlgen.py index 49b1b537bc2..a5b8379580f 100755 --- a/misc/codegen/generators/qlgen.py +++ b/misc/codegen/generators/qlgen.py @@ -111,7 +111,7 @@ def get_ql_property(cls: schema.Class, prop: schema.Property, prev_child: str = is_predicate=prop.is_predicate, is_unordered=prop.is_unordered, description=prop.description, - synth=bool(cls.ipa), + synth=bool(cls.ipa) or prop.synth, ) if prop.is_single: args.update( diff --git a/misc/codegen/lib/schema.py b/misc/codegen/lib/schema.py index 64a4720093b..2f3ce1cb9d3 100644 --- a/misc/codegen/lib/schema.py +++ b/misc/codegen/lib/schema.py @@ -34,6 +34,7 @@ class Property: pragmas: List[str] = field(default_factory=list) doc: Optional[str] = None description: List[str] = field(default_factory=list) + synth: bool = False @property def is_single(self) -> bool: diff --git a/misc/codegen/test/test_qlgen.py b/misc/codegen/test/test_qlgen.py index 6ed83edf4e0..4650974510f 100644 --- a/misc/codegen/test/test_qlgen.py +++ b/misc/codegen/test/test_qlgen.py @@ -891,5 +891,19 @@ def test_stub_on_class_with_ipa_on_arguments(generate_classes): } +def test_synth_property(generate_classes): + assert generate_classes([ + schema.Class("MyObject", properties=[ + schema.SingleProperty("foo", "bar", synth=True)]), + ]) == { + "MyObject.qll": (a_ql_stub(name="MyObject", base_import=gen_import_prefix + "MyObject"), + a_ql_class(name="MyObject", final=True, + properties=[ + ql.Property(singular="Foo", type="bar", tablename="my_objects", synth=True, + tableparams=["this", "result"], doc="foo of this my object"), + ])), + } + + if __name__ == '__main__': sys.exit(pytest.main([__file__] + sys.argv[1:])) From d2c9847a790197ce1fe36b957f7ac511f3d630fa Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Tue, 23 May 2023 15:36:32 +0200 Subject: [PATCH 657/870] Codegen: parse `synth` property modifier --- misc/codegen/lib/schemadefs.py | 7 ++++++- misc/codegen/test/test_schemaloader.py | 11 +++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/misc/codegen/lib/schemadefs.py b/misc/codegen/lib/schemadefs.py index f3bfd9840dc..3db8fe781ce 100644 --- a/misc/codegen/lib/schemadefs.py +++ b/misc/codegen/lib/schemadefs.py @@ -44,10 +44,15 @@ class _Namespace: self.__dict__.update(kwargs) +class _SynthModifier(_schema.PropertyModifier, _Namespace): + def modify(self, prop: _schema.Property): + prop.synth = True + + qltest = _Namespace() ql = _Namespace() cpp = _Namespace() -synth = _Namespace() +synth = _SynthModifier() @_dataclass diff --git a/misc/codegen/test/test_schemaloader.py b/misc/codegen/test/test_schemaloader.py index 9c9750818ea..949d2f385be 100644 --- a/misc/codegen/test/test_schemaloader.py +++ b/misc/codegen/test/test_schemaloader.py @@ -455,6 +455,17 @@ def test_ipa_class_hierarchy(): } +def test_synthesized_property(): + @load + class data: + class A: + x: defs.int | defs.synth + + assert data.classes["A"].properties == [ + schema.SingleProperty("x", "int", synth=True) + ] + + def test_class_docstring(): @load class data: From 00fb796f3bd79243830bbb11b97e675c70adac43 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Tue, 23 May 2023 15:43:43 +0200 Subject: [PATCH 658/870] Codegen: ignore `synth` properties in `dbschemegen` --- misc/codegen/generators/dbschemegen.py | 7 +++++-- misc/codegen/test/test_dbschemegen.py | 27 ++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/misc/codegen/generators/dbschemegen.py b/misc/codegen/generators/dbschemegen.py index 8441b6fd61d..bc45ae3022f 100755 --- a/misc/codegen/generators/dbschemegen.py +++ b/misc/codegen/generators/dbschemegen.py @@ -49,7 +49,7 @@ def cls_to_dbscheme(cls: schema.Class, lookup: typing.Dict[str, schema.Class], a # Leaf classes need a table to bind the `@` ids # 1-to-1 properties are added to a class specific table # in other cases, separate tables are used for the properties, and a class specific table is unneeded - if not cls.derived or any(f.is_single for f in cls.properties): + if not cls.derived or any(f.is_single and not f.synth for f in cls.properties): binding = not cls.derived keyset = KeySet(["id"]) if cls.derived else None yield Table( @@ -58,12 +58,15 @@ def cls_to_dbscheme(cls: schema.Class, lookup: typing.Dict[str, schema.Class], a columns=[ Column("id", type=dbtype(cls.name), binding=binding), ] + [ - Column(f.name, dbtype(f.type, add_or_none_except)) for f in cls.properties if f.is_single + Column(f.name, dbtype(f.type, add_or_none_except)) + for f in cls.properties if f.is_single and not f.synth ], dir=dir, ) # use property-specific tables for 1-to-many and 1-to-at-most-1 properties for f in cls.properties: + if f.synth: + continue if f.is_unordered: yield Table( name=inflection.tableize(f"{cls.name}_{f.name}"), diff --git a/misc/codegen/test/test_dbschemegen.py b/misc/codegen/test/test_dbschemegen.py index 86b9dd2fc84..45b5718a876 100644 --- a/misc/codegen/test/test_dbschemegen.py +++ b/misc/codegen/test/test_dbschemegen.py @@ -566,5 +566,32 @@ def test_ipa_derived_classes_ignored(generate): ) +def test_synth_properties_ignored(generate): + assert generate([ + schema.Class(name="A", properties=[ + schema.SingleProperty("x", "a"), + schema.SingleProperty("y", "b", synth=True), + schema.SingleProperty("z", "c"), + schema.OptionalProperty("foo", "bar", synth=True), + schema.RepeatedProperty("baz", "bazz", synth=True), + schema.RepeatedOptionalProperty("bazzz", "bazzzz", synth=True), + schema.RepeatedUnorderedProperty("bazzzzz", "bazzzzzz", synth=True), + ]), + ]) == dbscheme.Scheme( + src=schema_file.name, + includes=[], + declarations=[ + dbscheme.Table( + name="as", + columns=[ + dbscheme.Column("id", "@a", binding=True), + dbscheme.Column("x", "a"), + dbscheme.Column("z", "c"), + ], + ) + ], + ) + + if __name__ == '__main__': sys.exit(pytest.main([__file__] + sys.argv[1:])) From b09386a2c8ff10d6227a04236c688afe340a4f43 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Tue, 23 May 2023 15:55:57 +0200 Subject: [PATCH 659/870] Codegen: ignore `synth` properties in `Raw.qll` --- misc/codegen/templates/ql_db.mustache | 2 ++ 1 file changed, 2 insertions(+) diff --git a/misc/codegen/templates/ql_db.mustache b/misc/codegen/templates/ql_db.mustache index d16416f4a5b..188abebc120 100644 --- a/misc/codegen/templates/ql_db.mustache +++ b/misc/codegen/templates/ql_db.mustache @@ -15,6 +15,7 @@ module Raw { {{#final}}override string toString() { result = "{{name}}" }{{/final}} {{#properties}} + {{^synth}} /** * {{>ql_property_doc}} * {{#has_description}} @@ -26,6 +27,7 @@ module Raw { {{type}} {{getter}}({{#is_indexed}}int index{{/is_indexed}}) { {{tablename}}({{#tableparams}}{{^first}}, {{/first}}{{param}}{{/tableparams}}) } + {{/synth}} {{/properties}} } From cc271d682e387a0163fa21de7c50ce36fecf0d91 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Tue, 23 May 2023 16:46:43 +0200 Subject: [PATCH 660/870] Codegen: ignore `synth` properties in `cppgen` --- misc/codegen/generators/cppgen.py | 2 +- misc/codegen/test/test_cppgen.py | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/misc/codegen/generators/cppgen.py b/misc/codegen/generators/cppgen.py index 1cd6cc36450..8f522dc1435 100644 --- a/misc/codegen/generators/cppgen.py +++ b/misc/codegen/generators/cppgen.py @@ -76,7 +76,7 @@ class Processor: bases=[self._get_class(b) for b in cls.bases], fields=[ _get_field(cls, p, self._add_or_none_except) - for p in cls.properties if "cpp_skip" not in p.pragmas + for p in cls.properties if "cpp_skip" not in p.pragmas and not p.synth ], final=not cls.derived, trap_name=trap_name, diff --git a/misc/codegen/test/test_cppgen.py b/misc/codegen/test/test_cppgen.py index 1bc7d150b2e..ebb7b3887ef 100644 --- a/misc/codegen/test/test_cppgen.py +++ b/misc/codegen/test/test_cppgen.py @@ -203,5 +203,27 @@ def test_ipa_classes_ignored(generate): ] +def test_synth_properties_ignored(generate): + assert generate([ + schema.Class( + name="X", + properties=[ + schema.SingleProperty("x", "a"), + schema.SingleProperty("y", "b", synth=True), + schema.SingleProperty("z", "c"), + schema.OptionalProperty("foo", "bar", synth=True), + schema.RepeatedProperty("baz", "bazz", synth=True), + schema.RepeatedOptionalProperty("bazzz", "bazzzz", synth=True), + schema.RepeatedUnorderedProperty("bazzzzz", "bazzzzzz", synth=True), + ], + ), + ]) == [ + cpp.Class(name="X", final=True, trap_name="Xes", fields=[ + cpp.Field("x", "a"), + cpp.Field("z", "c"), + ]), + ] + + if __name__ == '__main__': sys.exit(pytest.main([__file__] + sys.argv[1:])) From 5dfb07ce370182d4defbed8283f25406cc1eea27 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 24 May 2023 17:47:13 +0100 Subject: [PATCH 661/870] Swift: Test DataProtocol. --- .../dataflow/taint/libraries/data.swift | 109 +++++++++++------- 1 file changed, 66 insertions(+), 43 deletions(-) diff --git a/swift/ql/test/library-tests/dataflow/taint/libraries/data.swift b/swift/ql/test/library-tests/dataflow/taint/libraries/data.swift index 60732f704d2..178f4864992 100644 --- a/swift/ql/test/library-tests/dataflow/taint/libraries/data.swift +++ b/swift/ql/test/library-tests/dataflow/taint/libraries/data.swift @@ -7,7 +7,19 @@ protocol SortComparator { associatedtype Compared } -struct Data : RangeReplaceableCollection +protocol DataProtocol { +} +extension DataProtocol { + func copyBytes(to: UnsafeMutableRawBufferPointer) {} + func copyBytes(to: UnsafeMutablePointer<UInt8>, count: Int) {} + func copyBytes(to: UnsafeMutablePointer<UInt8>, from: Range<Data.Index>) {} +} +extension UnsafeRawBufferPointer : DataProtocol { } +extension Array : DataProtocol where Element == UInt8 { } + +protocol MutableDataProtocol : DataProtocol, RangeReplaceableCollection { } + +struct Data : MutableDataProtocol { struct Base64EncodingOptions : OptionSet { let rawValue: Int } struct Base64DecodingOptions : OptionSet { let rawValue: Int } @@ -82,182 +94,193 @@ func taintThroughData() { let dataTainted2 = Data(dataTainted) sink(arg: dataClean) - sink(arg: dataTainted) // $ tainted=81 - sink(arg: dataTainted2) // $ tainted=81 + sink(arg: dataTainted) // $ tainted=93 + sink(arg: dataTainted2) // $ tainted=93 // ";Data;true;init(base64Encoded:options:);;;Argument[0];ReturnValue;taint", let dataTainted3 = Data(base64Encoded: source() as! Data, options: []) - sink(arg: dataTainted3) // $ tainted=89 + sink(arg: dataTainted3) // $ tainted=101 // ";Data;true;init(buffer:);;;Argument[0];ReturnValue;taint", let dataTainted4 = Data(buffer: source() as! UnsafeBufferPointer<UInt8>) - sink(arg: dataTainted4) // $ tainted=93 + sink(arg: dataTainted4) // $ tainted=105 let dataTainted5 = Data(buffer: source() as! UnsafeMutablePointer<UInt8>) - sink(arg: dataTainted5) // $ tainted=95 + sink(arg: dataTainted5) // $ tainted=107 // ";Data;true;init(bytes:count:);;;Argument[0];ReturnValue;taint", let dataTainted6 = Data(bytes: source() as! UnsafeRawPointer, count: 0) - sink(arg: dataTainted6) // $ tainted=99 + sink(arg: dataTainted6) // $ tainted=111 // ";Data;true;init(bytesNoCopy:count:deallocator:);;;Argument[0];ReturnValue;taint", let dataTainted7 = Data(bytesNoCopy: source() as! UnsafeRawPointer, count: 0, deallocator: Data.Deallocator.none) - sink(arg: dataTainted7) // $ tainted=103 + sink(arg: dataTainted7) // $ tainted=115 // ";Data;true;init(contentsOf:options:);;;Argument[0];ReturnValue;taint", let urlTainted8 = source() as! URL let dataTainted8 = Data(contentsOf: urlTainted8, options: []) - sink(arg: dataTainted8) // $ tainted=107 + sink(arg: dataTainted8) // $ tainted=119 // ";Data;true;init(referencing:);;;Argument[0];ReturnValue;taint", let dataTainted9 = Data(referencing: source() as! NSData) - sink(arg: dataTainted9) // $ tainted=112 + sink(arg: dataTainted9) // $ tainted=124 // ";Data;true;append(_:);;;Argument[0];Argument[-1];taint", let dataTainted10 = Data("") dataTainted10.append(source() as! Data) - sink(arg: dataTainted10) // $ tainted=117 + sink(arg: dataTainted10) // $ tainted=129 let dataTainted11 = Data("") dataTainted11.append(source() as! UInt8) - sink(arg: dataTainted11) // $ tainted=121 + sink(arg: dataTainted11) // $ tainted=133 let dataTainted12 = Data("") dataTainted12.append(source() as! UnsafeBufferPointer<UInt8>) - sink(arg: dataTainted12) // $ tainted=125 + sink(arg: dataTainted12) // $ tainted=137 // ";Data;true;append(_:count:);;;Argument[0];Argument[-1];taint", let dataTainted13 = Data("") dataTainted13.append(source() as! UnsafePointer<UInt8>, count: 0) - sink(arg: dataTainted13) // $ tainted=130 + sink(arg: dataTainted13) // $ tainted=142 // ";Data;true;append(contentsOf:);;;Argument[0];Argument[-1];taint", let dataTainted14 = Data("") dataTainted14.append(contentsOf: source() as! [UInt8]) - sink(arg: dataTainted14) // $ tainted=135 + sink(arg: dataTainted14) // $ tainted=147 // ";Data;true;base64EncodedData(options:);;;Argument[-1];ReturnValue;taint", let dataTainted15 = source() as! Data - sink(arg: dataTainted15.base64EncodedData(options: [])) // $ tainted=139 + sink(arg: dataTainted15.base64EncodedData(options: [])) // $ tainted=151 // ";Data;true;base64EncodedString(options:);;;Argument[-1];ReturnValue;taint", let dataTainted16 = source() as! Data - sink(arg: dataTainted16.base64EncodedString(options: [])) // $ tainted=143 + sink(arg: dataTainted16.base64EncodedString(options: [])) // $ tainted=155 // ";Data;true;compactMap(_:);;;Argument[-1];ReturnValue;taint", let dataTainted17 = source() as! Data let compactMapped: [Int] = dataTainted17.compactMap { str in Int(str) } - sink(arg: compactMapped) // $ tainted=147 + sink(arg: compactMapped) // $ tainted=159 // ";Data;true;copyBytes(to:);;;Argument[-1];Argument[0];taint", let dataTainted18 = source() as! Data let pointerTainted18 = UnsafeMutableRawBufferPointer.allocate(byteCount: 0, alignment: 0) dataTainted18.copyBytes(to: pointerTainted18) - sink(arg: pointerTainted18) // $ tainted=152 + sink(arg: pointerTainted18) // $ tainted=164 // ";Data;true;copyBytes(to:count:);;;Argument[-1];Argument[0];taint", let dataTainted19 = source() as! Data let pointerTainted19 = UnsafeMutablePointer<UInt8>.allocate(capacity: 0) dataTainted19.copyBytes(to: pointerTainted19, count: 0) - sink(arg: pointerTainted19) // $ tainted=158 + sink(arg: pointerTainted19) // $ tainted=170 // ";Data;true;copyBytes(to:from:);;;Argument[-1];Argument[0];taint", let dataTainted20 = source() as! Data let pointerTainted20 = UnsafeMutablePointer<UInt8>.allocate(capacity: 0) dataTainted20.copyBytes(to: pointerTainted20, from: 0..<1) - sink(arg: pointerTainted20) // $ tainted=164 + sink(arg: pointerTainted20) // $ tainted=176 // ";Data;true;flatMap(_:);;;Argument[-1];ReturnValue;taint", let dataTainted21 = source() as! Data let flatMapped = dataTainted21.flatMap { Array(repeating: $0, count: 0) } - sink(arg: flatMapped) // $ tainted=170 + sink(arg: flatMapped) // $ tainted=182 let dataTainted22 = source() as! Data let flatMapped2 = dataTainted22.flatMap { str in Int(str) } - sink(arg: flatMapped2) // $ tainted=174 + sink(arg: flatMapped2) // $ tainted=186 // ";Data;true;insert(_:at:);;;Argument[0];Argument[-1];taint", let dataTainted23 = Data("") dataTainted23.insert(source() as! UInt8, at: 0) - sink(arg: dataTainted23) // $ tainted=180 + sink(arg: dataTainted23) // $ tainted=192 // ";Data;true;insert(contentsOf:at:);;;Argument[0];Argument[-1];taint", let dataTainted24 = Data("") dataTainted24.insert(contentsOf: source() as! [UInt8], at: 0) - sink(arg: dataTainted24) // $ tainted=185 + sink(arg: dataTainted24) // $ tainted=197 // ";Data;true;map(_:);;;Argument[-1];ReturnValue;taint", let dataTainted25 = source() as! Data let mapped = dataTainted25.map { $0 } - sink(arg: mapped) // $ tainted=189 + sink(arg: mapped) // $ tainted=201 // ";Data;true;reduce(into:_:);;;Argument[-1];ReturnValue;taint", let dataTainted26 = source() as! Data let reduced = dataTainted26.reduce(into: [:]) { c, i in c[i, default: 0] += 1 } - sink(arg: reduced) // $ tainted=194 + sink(arg: reduced) // $ tainted=206 // ";Data;true;replace(_:with:maxReplacements:);;;Argument[1];Argument[-1];taint", let dataTainted27 = Data("") dataTainted27.replace([0], with: source() as! [UInt8], maxReplacements: .max) - sink(arg: dataTainted27) // $ tainted=200 + sink(arg: dataTainted27) // $ tainted=212 // ";Data;true;replaceSubrange(_:with:);;;Argument[1];Argument[-1];taint", let dataTainted28 = Data("") dataTainted28.replaceSubrange(1..<3, with: source() as! Data) - sink(arg: dataTainted28) // $ tainted=205 + sink(arg: dataTainted28) // $ tainted=217 let dataTainted29 = Data("") dataTainted29.replaceSubrange(1..<3, with: source() as! [UInt8]) - sink(arg: dataTainted29) // $ tainted=209 + sink(arg: dataTainted29) // $ tainted=221 let dataTainted30 = Data("") dataTainted30.replaceSubrange(1..<3, with: source() as! UnsafeBufferPointer<UInt8>) - sink(arg: dataTainted30) // $ tainted=213 + sink(arg: dataTainted30) // $ tainted=225 // ";Data;true;replaceSubrange(_:with:count:);;;Argument[1];Argument[-1];taint", let dataTainted31 = Data("") dataTainted31.replaceSubrange(1..<3, with: source() as! UnsafeRawPointer, count: 0) - sink(arg: dataTainted31) // $ tainted=218 + sink(arg: dataTainted31) // $ tainted=230 // ";Data;true;replacing(_:with:maxReplacements:);;;Argument[1];Argument[-1];taint", let dataTainted32 = Data("") let _ = dataTainted32.replacing([0], with: source() as! [UInt8], maxReplacements: 0) - sink(arg: dataTainted32) // $ tainted=223 + sink(arg: dataTainted32) // $ tainted=235 // ";Data;true;replacing(_:with:subrange:maxReplacements:);;;Argument[1];Argument[-1];taint", let dataTainted33 = Data("") let _ = dataTainted33.replacing([0], with: source() as! [UInt8], subrange: 1..<3, maxReplacements: 0) - sink(arg: dataTainted33) // $ tainted=228 + sink(arg: dataTainted33) // $ tainted=240 // ";Data;true;reversed();;;Argument[-1];ReturnValue;taint", let dataTainted34 = source() as! Data - sink(arg: dataTainted34.reversed()) // $ tainted=232 + sink(arg: dataTainted34.reversed()) // $ tainted=244 // ";Data;true;sorted();;;Argument[-1];ReturnValue;taint", let dataTainted35 = source() as! Data - sink(arg: dataTainted35.sorted()) // $ tainted=236 + sink(arg: dataTainted35.sorted()) // $ tainted=248 // ";Data;true;sorted(by:);;;Argument[-1];ReturnValue;taint", let dataTainted36 = source() as! Data - sink(arg: dataTainted36.sorted{ _,_ in return false }) // $ tainted=240 + sink(arg: dataTainted36.sorted{ _,_ in return false }) // $ tainted=252 // ";Data;true;sorted(using:);;;Argument[-1];ReturnValue;taint", let dataTainted37 = source() as! Data - sink(arg: dataTainted37.sorted(using: cmp()!)) // $ tainted=244 + sink(arg: dataTainted37.sorted(using: cmp()!)) // $ tainted=256 // ";Data;true;shuffled();;;Argument[-1];ReturnValue;taint", let dataTainted38 = source() as! Data - sink(arg: dataTainted38.shuffled()) // $ tainted=248 + sink(arg: dataTainted38.shuffled()) // $ tainted=260 // ";Data;true;shuffled(using:);;;Argument[-1];ReturnValue;taint", let dataTainted39 = source() as! Data - var rng = rng()! - sink(arg: dataTainted39.shuffled(using: &rng)) // $ tainted=252 + var myRng = rng()! + sink(arg: dataTainted39.shuffled(using: &myRng)) // $ tainted=264 // ";Data;true;trimmingPrefix(_:);;;Argument[-1];ReturnValue;taint", let dataTainted40 = source() as! Data - sink(arg: dataTainted40.trimmingPrefix([0])) // $ tainted=257 + sink(arg: dataTainted40.trimmingPrefix([0])) // $ tainted=269 // ";Data;true;trimmingPrefix(while:);;;Argument[-1];ReturnValue;taint" let dataTainted41 = source() as! Data - sink(arg: dataTainted41.trimmingPrefix { _ in false }) // $ tainted=261 + sink(arg: dataTainted41.trimmingPrefix { _ in false }) // $ tainted=273 + + // ";DataProtocol;true;copyBytes(to:);;;Argument[-1];Argument[0];taint", + let dataTainted43 = source() as! UnsafeRawBufferPointer + let pointerTainted43 = UnsafeMutableRawBufferPointer.allocate(byteCount: 0, alignment: 0) + dataTainted43.copyBytes(to: pointerTainted43) + sink(arg: pointerTainted43) // $ MISSING: tainted=277 + + let dataTainted44 = source() as! Array<UInt8> + let pointerTainted44 = UnsafeMutableRawBufferPointer.allocate(byteCount: 0, alignment: 0) + dataTainted44.copyBytes(to: pointerTainted44) + sink(arg: pointerTainted44) // $ MISSING: tainted=282 } From 51321a218b0ec9032a5b1613c686d9d1a2955acf Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 24 May 2023 17:09:06 +0100 Subject: [PATCH 662/870] Swift: Correct models in Data.qll. --- .../ql/lib/codeql/swift/frameworks/StandardLibrary/Data.qll | 6 +++--- .../test/library-tests/dataflow/taint/libraries/data.swift | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Data.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Data.qll index d1ede40a14d..c057293f00e 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Data.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Data.qll @@ -26,9 +26,9 @@ private class DataSummaries extends SummaryModelCsv { ";Data;true;base64EncodedData(options:);;;Argument[-1];ReturnValue;taint", ";Data;true;base64EncodedString(options:);;;Argument[-1];ReturnValue;taint", ";Data;true;compactMap(_:);;;Argument[-1];ReturnValue;taint", - ";Data;true;copyBytes(to:);;;Argument[-1];Argument[0];taint", - ";Data;true;copyBytes(to:count:);;;Argument[-1];Argument[0];taint", - ";Data;true;copyBytes(to:from:);;;Argument[-1];Argument[0];taint", + ";DataProtocol;true;copyBytes(to:);;;Argument[-1];Argument[0];taint", + ";DataProtocol;true;copyBytes(to:count:);;;Argument[-1];Argument[0];taint", + ";DataProtocol;true;copyBytes(to:from:);;;Argument[-1];Argument[0];taint", ";Data;true;flatMap(_:);;;Argument[-1];ReturnValue;taint", ";Data;true;insert(contentsOf:at:);;;Argument[0];Argument[-1];taint", ";Data;true;map(_:);;;Argument[-1];ReturnValue;taint", diff --git a/swift/ql/test/library-tests/dataflow/taint/libraries/data.swift b/swift/ql/test/library-tests/dataflow/taint/libraries/data.swift index 178f4864992..2437e91981f 100644 --- a/swift/ql/test/library-tests/dataflow/taint/libraries/data.swift +++ b/swift/ql/test/library-tests/dataflow/taint/libraries/data.swift @@ -277,10 +277,10 @@ func taintThroughData() { let dataTainted43 = source() as! UnsafeRawBufferPointer let pointerTainted43 = UnsafeMutableRawBufferPointer.allocate(byteCount: 0, alignment: 0) dataTainted43.copyBytes(to: pointerTainted43) - sink(arg: pointerTainted43) // $ MISSING: tainted=277 + sink(arg: pointerTainted43) // $ tainted=277 let dataTainted44 = source() as! Array<UInt8> let pointerTainted44 = UnsafeMutableRawBufferPointer.allocate(byteCount: 0, alignment: 0) dataTainted44.copyBytes(to: pointerTainted44) - sink(arg: pointerTainted44) // $ MISSING: tainted=282 + sink(arg: pointerTainted44) // $ tainted=282 } From 98e5f0fc4fe611bd3001356a20536c93bfb931d5 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 25 May 2023 16:04:18 +0100 Subject: [PATCH 663/870] Swift: Add change note. --- swift/ql/lib/change-notes/2023-05-25-dataprotocol-models.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 swift/ql/lib/change-notes/2023-05-25-dataprotocol-models.md diff --git a/swift/ql/lib/change-notes/2023-05-25-dataprotocol-models.md b/swift/ql/lib/change-notes/2023-05-25-dataprotocol-models.md new file mode 100644 index 00000000000..6e26484f5dc --- /dev/null +++ b/swift/ql/lib/change-notes/2023-05-25-dataprotocol-models.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Some models for the `Data` class have been generalized to `DataProtocol` so that they apply more widely. \ No newline at end of file From 85a1ab0264e62bef86b7564a7808b6d73220de66 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 25 May 2023 16:10:31 +0100 Subject: [PATCH 664/870] Swift: Undo autocorrect. --- .../change-notes/2023-05-25-string-length-conflation-fp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/swift/ql/src/change-notes/2023-05-25-string-length-conflation-fp.md b/swift/ql/src/change-notes/2023-05-25-string-length-conflation-fp.md index 937ebd4b41a..7166b5e9ed7 100644 --- a/swift/ql/src/change-notes/2023-05-25-string-length-conflation-fp.md +++ b/swift/ql/src/change-notes/2023-05-25-string-length-conflation-fp.md @@ -1,4 +1,4 @@ -— +--- category: minorAnalysis -— +--- * Fixed some false positive results from the `swift/string-length-conflation` query, caused by imprecise sinks. From 3f3a5d39e5b76622b700d7f77cbde897f746ef45 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 25 May 2023 17:13:51 +0100 Subject: [PATCH 665/870] Swift: Fix the SQL injection test. --- .../ql/test/query-tests/Security/CWE-089/sqlite3_c_api.swift | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/swift/ql/test/query-tests/Security/CWE-089/sqlite3_c_api.swift b/swift/ql/test/query-tests/Security/CWE-089/sqlite3_c_api.swift index d04dec0debc..8498d89d68d 100644 --- a/swift/ql/test/query-tests/Security/CWE-089/sqlite3_c_api.swift +++ b/swift/ql/test/query-tests/Security/CWE-089/sqlite3_c_api.swift @@ -6,8 +6,8 @@ struct URL init?(string: String) {} init?(string: String, relativeTo: URL?) {} } - -struct Data { +protocol DataProtocol { } +struct Data : DataProtocol { init<S>(_ elements: S) { count = 0 } var count: Int From 609319da20d11128fb6d838ca239bc48b57a366b Mon Sep 17 00:00:00 2001 From: Alex Ford <alexrford@github.com> Date: Thu, 25 May 2023 17:53:01 +0100 Subject: [PATCH 666/870] ruby: update TaintStep.ql test output --- ruby/ql/test/library-tests/dataflow/local/TaintStep.expected | 1 + 1 file changed, 1 insertion(+) diff --git a/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected b/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected index 890bef5720e..b04315cfc88 100644 --- a/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected +++ b/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected @@ -2814,6 +2814,7 @@ | file://:0:0:0:0 | parameter position 0 of File.realdirpath | file://:0:0:0:0 | [summary] to write: return (return) in File.realdirpath | | file://:0:0:0:0 | parameter position 0 of File.realpath | file://:0:0:0:0 | [summary] to write: return (return) in File.realpath | | file://:0:0:0:0 | parameter position 0 of Hash[] | file://:0:0:0:0 | [summary] read: argument position 0.any element in Hash[] | +| file://:0:0:0:0 | parameter position 0 of PG.new() | file://:0:0:0:0 | [summary] to write: return (return) in PG.new() | | file://:0:0:0:0 | parameter position 0 of String.try_convert | file://:0:0:0:0 | [summary] to write: return (return) in String.try_convert | | file://:0:0:0:0 | parameter position 0 of \| | file://:0:0:0:0 | [summary] read: argument position 0.any element in \| | | file://:0:0:0:0 | parameter position 1.. of File.join | file://:0:0:0:0 | [summary] to write: return (return) in File.join | From a7252e625effd27f9f739296d9cc7e9ce7d52f19 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen <mathiasvp@github.com> Date: Thu, 25 May 2023 11:12:01 -0700 Subject: [PATCH 667/870] C++: Fix result duplication on 'cpp/unbounded-write' on 'kirxkirx/vast'. --- .../code/cpp/ir/dataflow/internal/DataFlowUtil.qll | 14 +++++++++----- .../dataflow/internal/DefaultTaintTrackingImpl.qll | 4 ++-- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 7f32a27287b..12f91b6f2c0 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -1640,8 +1640,11 @@ predicate localInstructionFlow(Instruction e1, Instruction e2) { localFlow(instructionNode(e1), instructionNode(e2)) } +/** + * INTERNAL: Do not use. + */ cached -private module ExprFlowCached { +module ExprFlowCached { /** * Holds if `n` is an indirect operand of a `PointerArithmeticInstruction`, and * `e` is the result of loading from the `PointerArithmeticInstruction`. @@ -1692,7 +1695,8 @@ private module ExprFlowCached { * `x[i]` steps to the expression `x[i - 1]` without traversing the * entire chain. */ - private Expr asExpr(Node n) { + cached + Expr asExprInternal(Node n) { isIndirectBaseOfArrayAccess(n, result) or not isIndirectBaseOfArrayAccess(n, _) and @@ -1704,7 +1708,7 @@ private module ExprFlowCached { * dataflow step. */ private predicate localStepFromNonExpr(Node n1, Node n2) { - not exists(asExpr(n1)) and + not exists(asExprInternal(n1)) and localFlowStep(n1, n2) } @@ -1715,7 +1719,7 @@ private module ExprFlowCached { pragma[nomagic] private predicate localStepsToExpr(Node n1, Node n2, Expr e2) { localStepFromNonExpr*(n1, n2) and - e2 = asExpr(n2) + e2 = asExprInternal(n2) } /** @@ -1726,7 +1730,7 @@ private module ExprFlowCached { exists(Node mid | localFlowStep(n1, mid) and localStepsToExpr(mid, n2, e2) and - e1 = asExpr(n1) + e1 = asExprInternal(n1) ) } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DefaultTaintTrackingImpl.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DefaultTaintTrackingImpl.qll index e21a83fcb54..960b373b4fa 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DefaultTaintTrackingImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DefaultTaintTrackingImpl.qll @@ -60,7 +60,7 @@ private DataFlow::Node getNodeForSource(Expr source) { } private DataFlow::Node getNodeForExpr(Expr node) { - result = DataFlow::exprNode(node) + node = DataFlow::ExprFlowCached::asExprInternal(result) or // Some of the sources in `isUserInput` are intended to match the value of // an expression, while others (those modeled below) are intended to match @@ -221,7 +221,7 @@ private module Cached { predicate nodeIsBarrierIn(DataFlow::Node node) { // don't use dataflow into taint sources, as this leads to duplicate results. exists(Expr source | isUserInput(source, _) | - node = DataFlow::exprNode(source) + source = DataFlow::ExprFlowCached::asExprInternal(node) or // This case goes together with the similar (but not identical) rule in // `getNodeForSource`. From c3fdc83af67165a01ace101f576d692e2c689bfa Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen <mathiasvp@github.com> Date: Thu, 25 May 2023 12:23:50 -0700 Subject: [PATCH 668/870] C++: Also add an out barrier on all sinks. --- .../Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql | 4 ++++ .../constant-size/ConstantSizeArrayOffByOne.expected | 11 ----------- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql index 82bdb8c5d42..88db396f2cf 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql @@ -97,6 +97,8 @@ module PointerArithmeticToDerefConfig implements DataFlow::ConfigSig { predicate isBarrierIn(DataFlow::Node node) { isSource(node) } + predicate isBarrierOut(DataFlow::Node node) { isSink(node) } + predicate isSink(DataFlow::Node sink) { isInvalidPointerDerefSink1(sink, _, _) } } @@ -134,6 +136,8 @@ module FieldAddressToDerefConfig implements DataFlow::StateConfigSig { predicate isBarrierIn(DataFlow::Node node) { isSource(node, _) } + predicate isBarrierOut(DataFlow::Node node) { isSink(node, _) } + predicate isAdditionalFlowStep( DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 ) { diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected index 6ff343ea369..7d3df8cb7cb 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected @@ -6,12 +6,8 @@ edges | test.cpp:50:10:50:12 | buf | test.cpp:50:5:50:24 | access to array | | test.cpp:57:14:57:16 | buf | test.cpp:57:9:57:19 | access to array | | test.cpp:61:14:61:16 | buf | test.cpp:61:9:61:19 | access to array | -| test.cpp:66:32:66:32 | p | test.cpp:66:32:66:32 | p | -| test.cpp:66:32:66:32 | p | test.cpp:67:5:67:6 | * ... | -| test.cpp:66:32:66:32 | p | test.cpp:67:6:67:6 | p | | test.cpp:70:33:70:33 | p | test.cpp:72:5:72:15 | access to array | | test.cpp:77:26:77:44 | & ... | test.cpp:66:32:66:32 | p | -| test.cpp:77:26:77:44 | & ... | test.cpp:66:32:66:32 | p | | test.cpp:77:32:77:34 | buf | test.cpp:77:26:77:44 | & ... | | test.cpp:79:27:79:34 | buf | test.cpp:70:33:70:33 | p | | test.cpp:79:32:79:34 | buf | test.cpp:79:27:79:34 | buf | @@ -31,10 +27,6 @@ nodes | test.cpp:61:9:61:19 | access to array | semmle.label | access to array | | test.cpp:61:14:61:16 | buf | semmle.label | buf | | test.cpp:66:32:66:32 | p | semmle.label | p | -| test.cpp:66:32:66:32 | p | semmle.label | p | -| test.cpp:66:32:66:32 | p | semmle.label | p | -| test.cpp:67:5:67:6 | * ... | semmle.label | * ... | -| test.cpp:67:6:67:6 | p | semmle.label | p | | test.cpp:70:33:70:33 | p | semmle.label | p | | test.cpp:72:5:72:15 | access to array | semmle.label | access to array | | test.cpp:77:26:77:44 | & ... | semmle.label | & ... | @@ -52,6 +44,3 @@ subpaths | test.cpp:61:9:61:19 | PointerAdd: access to array | test.cpp:61:14:61:16 | buf | test.cpp:61:9:61:19 | access to array | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:61:9:61:23 | Store: ... = ... | write | | test.cpp:72:5:72:15 | PointerAdd: access to array | test.cpp:79:32:79:34 | buf | test.cpp:72:5:72:15 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:72:5:72:19 | Store: ... = ... | write | | test.cpp:77:27:77:44 | PointerAdd: access to array | test.cpp:77:32:77:34 | buf | test.cpp:66:32:66:32 | p | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | -| test.cpp:77:27:77:44 | PointerAdd: access to array | test.cpp:77:32:77:34 | buf | test.cpp:66:32:66:32 | p | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | -| test.cpp:77:27:77:44 | PointerAdd: access to array | test.cpp:77:32:77:34 | buf | test.cpp:67:5:67:6 | * ... | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | -| test.cpp:77:27:77:44 | PointerAdd: access to array | test.cpp:77:32:77:34 | buf | test.cpp:67:6:67:6 | p | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write | From 384ca0c31f9a8ae0c7d3d91afac8e242beffabdd Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen <mathiasvp@github.com> Date: Thu, 25 May 2023 13:50:35 -0700 Subject: [PATCH 669/870] C++: Respond to review comments. --- .../lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 12f91b6f2c0..eaac9437b77 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -1642,6 +1642,10 @@ predicate localInstructionFlow(Instruction e1, Instruction e2) { /** * INTERNAL: Do not use. + * + * Ideally this module would be private, but the `asExprInternal` predicate is + * needed in `DefaultTaintTrackingImpl`. Once `DefaultTaintTrackingImpl` is gone + * we can make this module private again. */ cached module ExprFlowCached { From 0e443da7106bd86078b98e2ab3aeb09bb17ba49a Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 25 May 2023 17:43:42 +0100 Subject: [PATCH 670/870] Swift: Remove id() categorization due to accuracy, and repair the old bank.?account case. --- .../codeql/swift/security/SensitiveExprs.qll | 8 +- .../CWE-311/CleartextTransmission.expected | 4 - .../Security/CWE-311/SensitiveExprs.expected | 85 +++++++++---------- .../Security/CWE-311/testURL.swift | 2 +- .../CWE-328/WeakSensitiveDataHashing.expected | 12 --- .../Security/CWE-328/testCryptoKit.swift | 12 +-- 6 files changed, 53 insertions(+), 70 deletions(-) diff --git a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll index c3432fa58e4..b6f5c231823 100644 --- a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll +++ b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll @@ -30,7 +30,11 @@ class SensitiveCredential extends SensitiveDataType, TCredential { override string toString() { result = "credential" } override string getRegexp() { - result = HeuristicNames::maybeSensitiveRegexp(_) or + exists(SensitiveDataClassification classification | + not classification = SensitiveDataClassification::id() and // not accurate enough + result = HeuristicNames::maybeSensitiveRegexp(classification) + ) + or result = "(?is).*(license.?key).*" } } @@ -54,7 +58,7 @@ class SensitivePrivateInfo extends SensitiveDataType, TPrivateInfo { // Geographic location - where the user is (or was) "latitude|longitude|" + // Financial data - such as credit card numbers, salary, bank accounts, and debts - "credit.?card|debit.?card|salary|" + + "credit.?card|debit.?card|salary|bank.?account|" + // Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc. "email|" + // Health - medical conditions, insurance status, prescription records diff --git a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected index c832cf51a15..94272faf6d0 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected @@ -13,7 +13,6 @@ edges | testSend.swift:54:17:54:17 | password | testSend.swift:41:10:41:18 | data | | testSend.swift:54:17:54:17 | password | testSend.swift:54:13:54:25 | call to pad(_:) | | testURL.swift:13:54:13:54 | passwd | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | -| testURL.swift:15:55:15:55 | account_no | testURL.swift:15:22:15:55 | ... .+(_:_:) ... | | testURL.swift:16:55:16:55 | credit_card_no | testURL.swift:16:22:16:55 | ... .+(_:_:) ... | nodes | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) | semmle.label | [summary] to write: return (return) in Data.init(_:) | @@ -41,8 +40,6 @@ nodes | testSend.swift:66:27:66:30 | .mobileNumber | semmle.label | .mobileNumber | | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | | testURL.swift:13:54:13:54 | passwd | semmle.label | passwd | -| testURL.swift:15:22:15:55 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | -| testURL.swift:15:55:15:55 | account_no | semmle.label | account_no | | testURL.swift:16:22:16:55 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | | testURL.swift:16:55:16:55 | credit_card_no | semmle.label | credit_card_no | | testURL.swift:20:22:20:22 | passwd | semmle.label | passwd | @@ -61,6 +58,5 @@ subpaths | testSend.swift:65:27:65:27 | license_key | testSend.swift:65:27:65:27 | license_key | testSend.swift:65:27:65:27 | license_key | This operation transmits 'license_key', which may contain unencrypted sensitive data from $@. | testSend.swift:65:27:65:27 | license_key | license_key | | testSend.swift:66:27:66:30 | .mobileNumber | testSend.swift:66:27:66:30 | .mobileNumber | testSend.swift:66:27:66:30 | .mobileNumber | This operation transmits '.mobileNumber', which may contain unencrypted sensitive data from $@. | testSend.swift:66:27:66:30 | .mobileNumber | .mobileNumber | | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | testURL.swift:13:54:13:54 | passwd | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:13:54:13:54 | passwd | passwd | -| testURL.swift:15:22:15:55 | ... .+(_:_:) ... | testURL.swift:15:55:15:55 | account_no | testURL.swift:15:22:15:55 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:15:55:15:55 | account_no | account_no | | testURL.swift:16:22:16:55 | ... .+(_:_:) ... | testURL.swift:16:55:16:55 | credit_card_no | testURL.swift:16:22:16:55 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:16:55:16:55 | credit_card_no | credit_card_no | | testURL.swift:20:22:20:22 | passwd | testURL.swift:20:22:20:22 | passwd | testURL.swift:20:22:20:22 | passwd | This operation transmits 'passwd', which may contain unencrypted sensitive data from $@. | testURL.swift:20:22:20:22 | passwd | passwd | diff --git a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected index 708d68a05e9..89b8d36ccdf 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected @@ -4,54 +4,50 @@ | testAlamofire.swift:159:26:159:26 | email | label:email, type:private information | | testAlamofire.swift:171:35:171:35 | email | label:email, type:private information | | testAlamofire.swift:177:35:177:35 | email | label:email, type:private information | -| testAlamofire.swift:187:48:187:48 | username | label:username, type:credential | | testAlamofire.swift:187:65:187:65 | password | label:password, type:credential | -| testAlamofire.swift:195:47:195:47 | username | label:username, type:credential | | testAlamofire.swift:195:64:195:64 | password | label:password, type:credential | -| testAlamofire.swift:205:45:205:45 | username | label:username, type:credential | | testAlamofire.swift:205:62:205:62 | password | label:password, type:credential | -| testAlamofire.swift:213:48:213:48 | username | label:username, type:credential | | testAlamofire.swift:213:65:213:65 | password | label:password, type:credential | -| testCoreData2.swift:37:16:37:16 | bankAccountNo | label:bankAccountNo, type:credential | -| testCoreData2.swift:38:2:38:6 | .myBankAccountNumber | label:myBankAccountNumber, type:credential | -| testCoreData2.swift:39:2:39:6 | .myBankAccountNumber | label:myBankAccountNumber, type:credential | -| testCoreData2.swift:39:28:39:28 | bankAccountNo | label:bankAccountNo, type:credential | -| testCoreData2.swift:40:2:40:6 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:credential | -| testCoreData2.swift:41:2:41:6 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:credential | -| testCoreData2.swift:41:29:41:29 | bankAccountNo | label:bankAccountNo, type:credential | -| testCoreData2.swift:42:2:42:6 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:credential | -| testCoreData2.swift:43:2:43:6 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:credential | -| testCoreData2.swift:43:35:43:35 | bankAccountNo | label:bankAccountNo, type:credential | -| testCoreData2.swift:46:22:46:22 | bankAccountNo | label:bankAccountNo, type:credential | -| testCoreData2.swift:47:2:47:12 | .myBankAccountNumber | label:myBankAccountNumber, type:credential | -| testCoreData2.swift:48:2:48:12 | .myBankAccountNumber | label:myBankAccountNumber, type:credential | -| testCoreData2.swift:48:34:48:34 | bankAccountNo | label:bankAccountNo, type:credential | -| testCoreData2.swift:49:2:49:12 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:credential | -| testCoreData2.swift:50:2:50:12 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:credential | -| testCoreData2.swift:50:35:50:35 | bankAccountNo | label:bankAccountNo, type:credential | -| testCoreData2.swift:51:2:51:12 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:credential | -| testCoreData2.swift:52:2:52:12 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:credential | -| testCoreData2.swift:52:41:52:41 | bankAccountNo | label:bankAccountNo, type:credential | -| testCoreData2.swift:57:3:57:7 | .myBankAccountNumber | label:myBankAccountNumber, type:credential | -| testCoreData2.swift:57:29:57:29 | bankAccountNo | label:bankAccountNo, type:credential | -| testCoreData2.swift:60:4:60:8 | .myBankAccountNumber | label:myBankAccountNumber, type:credential | -| testCoreData2.swift:60:30:60:30 | bankAccountNo | label:bankAccountNo, type:credential | -| testCoreData2.swift:62:4:62:8 | .myBankAccountNumber | label:myBankAccountNumber, type:credential | -| testCoreData2.swift:62:30:62:30 | bankAccountNo | label:bankAccountNo, type:credential | -| testCoreData2.swift:65:3:65:7 | .myBankAccountNumber | label:myBankAccountNumber, type:credential | -| testCoreData2.swift:65:29:65:29 | bankAccountNo | label:bankAccountNo, type:credential | -| testCoreData2.swift:79:18:79:28 | .bankAccountNo | label:bankAccountNo, type:credential | -| testCoreData2.swift:80:18:80:28 | .bankAccountNo2 | label:bankAccountNo2, type:credential | -| testCoreData2.swift:82:18:82:18 | bankAccountNo | label:bankAccountNo, type:credential | -| testCoreData2.swift:83:18:83:18 | bankAccountNo | label:bankAccountNo, type:credential | -| testCoreData2.swift:84:18:84:18 | bankAccountNo2 | label:bankAccountNo2, type:credential | -| testCoreData2.swift:85:18:85:18 | bankAccountNo2 | label:bankAccountNo2, type:credential | -| testCoreData2.swift:87:22:87:32 | .bankAccountNo | label:bankAccountNo, type:credential | -| testCoreData2.swift:88:22:88:22 | bankAccountNo | label:bankAccountNo, type:credential | -| testCoreData2.swift:89:22:89:22 | bankAccountNo2 | label:bankAccountNo2, type:credential | -| testCoreData2.swift:91:10:91:10 | bankAccountNo | label:bankAccountNo, type:credential | -| testCoreData2.swift:95:10:95:10 | bankAccountNo | label:bankAccountNo, type:credential | -| testCoreData2.swift:101:10:101:10 | bankAccountNo | label:bankAccountNo, type:credential | +| testCoreData2.swift:37:16:37:16 | bankAccountNo | label:bankAccountNo, type:private information | +| testCoreData2.swift:38:2:38:6 | .myBankAccountNumber | label:myBankAccountNumber, type:private information | +| testCoreData2.swift:39:2:39:6 | .myBankAccountNumber | label:myBankAccountNumber, type:private information | +| testCoreData2.swift:39:28:39:28 | bankAccountNo | label:bankAccountNo, type:private information | +| testCoreData2.swift:40:2:40:6 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:private information | +| testCoreData2.swift:41:2:41:6 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:private information | +| testCoreData2.swift:41:29:41:29 | bankAccountNo | label:bankAccountNo, type:private information | +| testCoreData2.swift:42:2:42:6 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:private information | +| testCoreData2.swift:43:2:43:6 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:private information | +| testCoreData2.swift:43:35:43:35 | bankAccountNo | label:bankAccountNo, type:private information | +| testCoreData2.swift:46:22:46:22 | bankAccountNo | label:bankAccountNo, type:private information | +| testCoreData2.swift:47:2:47:12 | .myBankAccountNumber | label:myBankAccountNumber, type:private information | +| testCoreData2.swift:48:2:48:12 | .myBankAccountNumber | label:myBankAccountNumber, type:private information | +| testCoreData2.swift:48:34:48:34 | bankAccountNo | label:bankAccountNo, type:private information | +| testCoreData2.swift:49:2:49:12 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:private information | +| testCoreData2.swift:50:2:50:12 | .myBankAccountNumber2 | label:myBankAccountNumber2, type:private information | +| testCoreData2.swift:50:35:50:35 | bankAccountNo | label:bankAccountNo, type:private information | +| testCoreData2.swift:51:2:51:12 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:private information | +| testCoreData2.swift:52:2:52:12 | .notStoredBankAccountNumber | label:notStoredBankAccountNumber, type:private information | +| testCoreData2.swift:52:41:52:41 | bankAccountNo | label:bankAccountNo, type:private information | +| testCoreData2.swift:57:3:57:7 | .myBankAccountNumber | label:myBankAccountNumber, type:private information | +| testCoreData2.swift:57:29:57:29 | bankAccountNo | label:bankAccountNo, type:private information | +| testCoreData2.swift:60:4:60:8 | .myBankAccountNumber | label:myBankAccountNumber, type:private information | +| testCoreData2.swift:60:30:60:30 | bankAccountNo | label:bankAccountNo, type:private information | +| testCoreData2.swift:62:4:62:8 | .myBankAccountNumber | label:myBankAccountNumber, type:private information | +| testCoreData2.swift:62:30:62:30 | bankAccountNo | label:bankAccountNo, type:private information | +| testCoreData2.swift:65:3:65:7 | .myBankAccountNumber | label:myBankAccountNumber, type:private information | +| testCoreData2.swift:65:29:65:29 | bankAccountNo | label:bankAccountNo, type:private information | +| testCoreData2.swift:79:18:79:28 | .bankAccountNo | label:bankAccountNo, type:private information | +| testCoreData2.swift:80:18:80:28 | .bankAccountNo2 | label:bankAccountNo2, type:private information | +| testCoreData2.swift:82:18:82:18 | bankAccountNo | label:bankAccountNo, type:private information | +| testCoreData2.swift:83:18:83:18 | bankAccountNo | label:bankAccountNo, type:private information | +| testCoreData2.swift:84:18:84:18 | bankAccountNo2 | label:bankAccountNo2, type:private information | +| testCoreData2.swift:85:18:85:18 | bankAccountNo2 | label:bankAccountNo2, type:private information | +| testCoreData2.swift:87:22:87:32 | .bankAccountNo | label:bankAccountNo, type:private information | +| testCoreData2.swift:88:22:88:22 | bankAccountNo | label:bankAccountNo, type:private information | +| testCoreData2.swift:89:22:89:22 | bankAccountNo2 | label:bankAccountNo2, type:private information | +| testCoreData2.swift:91:10:91:10 | bankAccountNo | label:bankAccountNo, type:private information | +| testCoreData2.swift:95:10:95:10 | bankAccountNo | label:bankAccountNo, type:private information | +| testCoreData2.swift:101:10:101:10 | bankAccountNo | label:bankAccountNo, type:private information | | testCoreData.swift:48:15:48:15 | password | label:password, type:credential | | testCoreData.swift:51:24:51:24 | password | label:password, type:credential | | testCoreData.swift:58:15:58:15 | password | label:password, type:credential | @@ -133,6 +129,5 @@ | testSend.swift:66:27:66:30 | .mobileNumber | label:mobileNumber, type:private information | | testSend.swift:69:27:69:30 | .passwordFeatureEnabled | label:passwordFeatureEnabled, type:credential | | testURL.swift:13:54:13:54 | passwd | label:passwd, type:credential | -| testURL.swift:15:55:15:55 | account_no | label:account_no, type:credential | | testURL.swift:16:55:16:55 | credit_card_no | label:credit_card_no, type:private information | | testURL.swift:20:22:20:22 | passwd | label:passwd, type:credential | diff --git a/swift/ql/test/query-tests/Security/CWE-311/testURL.swift b/swift/ql/test/query-tests/Security/CWE-311/testURL.swift index 7f9b64ff4f6..48ae815232f 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/testURL.swift +++ b/swift/ql/test/query-tests/Security/CWE-311/testURL.swift @@ -12,7 +12,7 @@ struct URL func test1(passwd : String, encrypted_passwd : String, account_no : String, credit_card_no : String) { let a = URL(string: "http://example.com/login?p=" + passwd); // BAD let b = URL(string: "http://example.com/login?p=" + encrypted_passwd); // GOOD (not sensitive) - let c = URL(string: "http://example.com/login?ac=" + account_no); // BAD + let c = URL(string: "http://example.com/login?ac=" + account_no); // BAD [NOT DETECTED] let d = URL(string: "http://example.com/login?cc=" + credit_card_no); // BAD let base = URL(string: "http://example.com/"); // GOOD (not sensitive) diff --git a/swift/ql/test/query-tests/Security/CWE-328/WeakSensitiveDataHashing.expected b/swift/ql/test/query-tests/Security/CWE-328/WeakSensitiveDataHashing.expected index 16fc67d4a6f..b6c7161b853 100644 --- a/swift/ql/test/query-tests/Security/CWE-328/WeakSensitiveDataHashing.expected +++ b/swift/ql/test/query-tests/Security/CWE-328/WeakSensitiveDataHashing.expected @@ -2,28 +2,22 @@ edges nodes | testCryptoKit.swift:56:47:56:47 | passwd | semmle.label | passwd | | testCryptoKit.swift:57:43:57:43 | cert | semmle.label | cert | -| testCryptoKit.swift:59:43:59:43 | account_no | semmle.label | account_no | | testCryptoKit.swift:60:43:60:43 | credit_card_no | semmle.label | credit_card_no | | testCryptoKit.swift:61:43:61:43 | credit_card_no | semmle.label | credit_card_no | | testCryptoKit.swift:63:44:63:44 | passwd | semmle.label | passwd | | testCryptoKit.swift:64:44:64:44 | cert | semmle.label | cert | -| testCryptoKit.swift:66:44:66:44 | account_no | semmle.label | account_no | | testCryptoKit.swift:67:44:67:44 | credit_card_no | semmle.label | credit_card_no | | testCryptoKit.swift:90:23:90:23 | passwd | semmle.label | passwd | | testCryptoKit.swift:91:23:91:23 | cert | semmle.label | cert | -| testCryptoKit.swift:93:23:93:23 | account_no | semmle.label | account_no | | testCryptoKit.swift:94:23:94:23 | credit_card_no | semmle.label | credit_card_no | | testCryptoKit.swift:99:23:99:23 | passwd | semmle.label | passwd | | testCryptoKit.swift:100:23:100:23 | cert | semmle.label | cert | -| testCryptoKit.swift:102:23:102:23 | account_no | semmle.label | account_no | | testCryptoKit.swift:103:23:103:23 | credit_card_no | semmle.label | credit_card_no | | testCryptoKit.swift:132:32:132:32 | passwd | semmle.label | passwd | | testCryptoKit.swift:133:32:133:32 | cert | semmle.label | cert | -| testCryptoKit.swift:135:32:135:32 | account_no | semmle.label | account_no | | testCryptoKit.swift:136:32:136:32 | credit_card_no | semmle.label | credit_card_no | | testCryptoKit.swift:141:32:141:32 | passwd | semmle.label | passwd | | testCryptoKit.swift:142:32:142:32 | cert | semmle.label | cert | -| testCryptoKit.swift:144:32:144:32 | account_no | semmle.label | account_no | | testCryptoKit.swift:145:32:145:32 | credit_card_no | semmle.label | credit_card_no | | testCryptoSwift.swift:113:30:113:30 | passwdArray | semmle.label | passwdArray | | testCryptoSwift.swift:115:31:115:31 | passwdArray | semmle.label | passwdArray | @@ -39,28 +33,22 @@ subpaths #select | testCryptoKit.swift:56:47:56:47 | passwd | testCryptoKit.swift:56:47:56:47 | passwd | testCryptoKit.swift:56:47:56:47 | passwd | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:56:47:56:47 | passwd | sensitive data (credential passwd) | | testCryptoKit.swift:57:43:57:43 | cert | testCryptoKit.swift:57:43:57:43 | cert | testCryptoKit.swift:57:43:57:43 | cert | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:57:43:57:43 | cert | sensitive data (credential cert) | -| testCryptoKit.swift:59:43:59:43 | account_no | testCryptoKit.swift:59:43:59:43 | account_no | testCryptoKit.swift:59:43:59:43 | account_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:59:43:59:43 | account_no | sensitive data (credential account_no) | | testCryptoKit.swift:60:43:60:43 | credit_card_no | testCryptoKit.swift:60:43:60:43 | credit_card_no | testCryptoKit.swift:60:43:60:43 | credit_card_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:60:43:60:43 | credit_card_no | sensitive data (private information credit_card_no) | | testCryptoKit.swift:61:43:61:43 | credit_card_no | testCryptoKit.swift:61:43:61:43 | credit_card_no | testCryptoKit.swift:61:43:61:43 | credit_card_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:61:43:61:43 | credit_card_no | sensitive data (private information credit_card_no) | | testCryptoKit.swift:63:44:63:44 | passwd | testCryptoKit.swift:63:44:63:44 | passwd | testCryptoKit.swift:63:44:63:44 | passwd | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:63:44:63:44 | passwd | sensitive data (credential passwd) | | testCryptoKit.swift:64:44:64:44 | cert | testCryptoKit.swift:64:44:64:44 | cert | testCryptoKit.swift:64:44:64:44 | cert | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:64:44:64:44 | cert | sensitive data (credential cert) | -| testCryptoKit.swift:66:44:66:44 | account_no | testCryptoKit.swift:66:44:66:44 | account_no | testCryptoKit.swift:66:44:66:44 | account_no | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:66:44:66:44 | account_no | sensitive data (credential account_no) | | testCryptoKit.swift:67:44:67:44 | credit_card_no | testCryptoKit.swift:67:44:67:44 | credit_card_no | testCryptoKit.swift:67:44:67:44 | credit_card_no | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:67:44:67:44 | credit_card_no | sensitive data (private information credit_card_no) | | testCryptoKit.swift:90:23:90:23 | passwd | testCryptoKit.swift:90:23:90:23 | passwd | testCryptoKit.swift:90:23:90:23 | passwd | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:90:23:90:23 | passwd | sensitive data (credential passwd) | | testCryptoKit.swift:91:23:91:23 | cert | testCryptoKit.swift:91:23:91:23 | cert | testCryptoKit.swift:91:23:91:23 | cert | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:91:23:91:23 | cert | sensitive data (credential cert) | -| testCryptoKit.swift:93:23:93:23 | account_no | testCryptoKit.swift:93:23:93:23 | account_no | testCryptoKit.swift:93:23:93:23 | account_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:93:23:93:23 | account_no | sensitive data (credential account_no) | | testCryptoKit.swift:94:23:94:23 | credit_card_no | testCryptoKit.swift:94:23:94:23 | credit_card_no | testCryptoKit.swift:94:23:94:23 | credit_card_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:94:23:94:23 | credit_card_no | sensitive data (private information credit_card_no) | | testCryptoKit.swift:99:23:99:23 | passwd | testCryptoKit.swift:99:23:99:23 | passwd | testCryptoKit.swift:99:23:99:23 | passwd | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:99:23:99:23 | passwd | sensitive data (credential passwd) | | testCryptoKit.swift:100:23:100:23 | cert | testCryptoKit.swift:100:23:100:23 | cert | testCryptoKit.swift:100:23:100:23 | cert | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:100:23:100:23 | cert | sensitive data (credential cert) | -| testCryptoKit.swift:102:23:102:23 | account_no | testCryptoKit.swift:102:23:102:23 | account_no | testCryptoKit.swift:102:23:102:23 | account_no | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:102:23:102:23 | account_no | sensitive data (credential account_no) | | testCryptoKit.swift:103:23:103:23 | credit_card_no | testCryptoKit.swift:103:23:103:23 | credit_card_no | testCryptoKit.swift:103:23:103:23 | credit_card_no | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:103:23:103:23 | credit_card_no | sensitive data (private information credit_card_no) | | testCryptoKit.swift:132:32:132:32 | passwd | testCryptoKit.swift:132:32:132:32 | passwd | testCryptoKit.swift:132:32:132:32 | passwd | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:132:32:132:32 | passwd | sensitive data (credential passwd) | | testCryptoKit.swift:133:32:133:32 | cert | testCryptoKit.swift:133:32:133:32 | cert | testCryptoKit.swift:133:32:133:32 | cert | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:133:32:133:32 | cert | sensitive data (credential cert) | -| testCryptoKit.swift:135:32:135:32 | account_no | testCryptoKit.swift:135:32:135:32 | account_no | testCryptoKit.swift:135:32:135:32 | account_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:135:32:135:32 | account_no | sensitive data (credential account_no) | | testCryptoKit.swift:136:32:136:32 | credit_card_no | testCryptoKit.swift:136:32:136:32 | credit_card_no | testCryptoKit.swift:136:32:136:32 | credit_card_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:136:32:136:32 | credit_card_no | sensitive data (private information credit_card_no) | | testCryptoKit.swift:141:32:141:32 | passwd | testCryptoKit.swift:141:32:141:32 | passwd | testCryptoKit.swift:141:32:141:32 | passwd | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:141:32:141:32 | passwd | sensitive data (credential passwd) | | testCryptoKit.swift:142:32:142:32 | cert | testCryptoKit.swift:142:32:142:32 | cert | testCryptoKit.swift:142:32:142:32 | cert | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:142:32:142:32 | cert | sensitive data (credential cert) | -| testCryptoKit.swift:144:32:144:32 | account_no | testCryptoKit.swift:144:32:144:32 | account_no | testCryptoKit.swift:144:32:144:32 | account_no | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:144:32:144:32 | account_no | sensitive data (credential account_no) | | testCryptoKit.swift:145:32:145:32 | credit_card_no | testCryptoKit.swift:145:32:145:32 | credit_card_no | testCryptoKit.swift:145:32:145:32 | credit_card_no | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:145:32:145:32 | credit_card_no | sensitive data (private information credit_card_no) | | testCryptoSwift.swift:113:30:113:30 | passwdArray | testCryptoSwift.swift:113:30:113:30 | passwdArray | testCryptoSwift.swift:113:30:113:30 | passwdArray | Insecure hashing algorithm (MD5) depends on $@. | testCryptoSwift.swift:113:30:113:30 | passwdArray | sensitive data (credential passwdArray) | | testCryptoSwift.swift:115:31:115:31 | passwdArray | testCryptoSwift.swift:115:31:115:31 | passwdArray | testCryptoSwift.swift:115:31:115:31 | passwdArray | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoSwift.swift:115:31:115:31 | passwdArray | sensitive data (credential passwdArray) | diff --git a/swift/ql/test/query-tests/Security/CWE-328/testCryptoKit.swift b/swift/ql/test/query-tests/Security/CWE-328/testCryptoKit.swift index 55fb9284fa6..4e6f301c84b 100644 --- a/swift/ql/test/query-tests/Security/CWE-328/testCryptoKit.swift +++ b/swift/ql/test/query-tests/Security/CWE-328/testCryptoKit.swift @@ -56,14 +56,14 @@ func testHashMethods(passwd : UnsafeRawBufferPointer, cert: String, encrypted_pa var hash = Crypto.Insecure.MD5.hash(data: passwd) // BAD hash = Crypto.Insecure.MD5.hash(data: cert) // BAD hash = Crypto.Insecure.MD5.hash(data: encrypted_passwd) // GOOD (not sensitive) - hash = Crypto.Insecure.MD5.hash(data: account_no) // BAD + hash = Crypto.Insecure.MD5.hash(data: account_no) // BAD [NOT DETECTED] hash = Crypto.Insecure.MD5.hash(data: credit_card_no) // BAD hash = Crypto.Insecure.MD5.hash(data: credit_card_no) // BAD hash = Crypto.Insecure.SHA1.hash(data: passwd) // BAD hash = Crypto.Insecure.SHA1.hash(data: cert) // BAD hash = Crypto.Insecure.SHA1.hash(data: encrypted_passwd) // GOOD (not sensitive) - hash = Crypto.Insecure.SHA1.hash(data: account_no) // BAD + hash = Crypto.Insecure.SHA1.hash(data: account_no) // BAD [NOT DETECTED] hash = Crypto.Insecure.SHA1.hash(data: credit_card_no) // BAD hash = Crypto.SHA256.hash(data: passwd) // BAD [NOT DETECTED] not a computationally expensive hash @@ -90,7 +90,7 @@ func testMD5UpdateWithData(passwd : String, cert: String, encrypted_passwd : Str hash.update(data: passwd) // BAD hash.update(data: cert) // BAD hash.update(data: encrypted_passwd) // GOOD (not sensitive) - hash.update(data: account_no) // BAD + hash.update(data: account_no) // BAD [NOT DETECTED] hash.update(data: credit_card_no) // BAD } @@ -99,7 +99,7 @@ func testSHA1UpdateWithData(passwd : String, cert: String, encrypted_passwd : St hash.update(data: passwd) // BAD hash.update(data: cert) // BAD hash.update(data: encrypted_passwd) // GOOD (not sensitive) - hash.update(data: account_no) // BAD + hash.update(data: account_no) // BAD [NOT DETECTED] hash.update(data: credit_card_no) // BAD } @@ -132,7 +132,7 @@ func testMD5UpdateWithUnsafeRawBufferPointer(passwd : UnsafeRawBufferPointer, ce hash.update(bufferPointer: passwd) // BAD hash.update(bufferPointer: cert) // BAD hash.update(bufferPointer: encrypted_passwd) // GOOD (not sensitive) - hash.update(bufferPointer: account_no) // BAD + hash.update(bufferPointer: account_no) // BAD [NOT DETECTED] hash.update(bufferPointer: credit_card_no) // BAD } @@ -141,7 +141,7 @@ func testSHA1UpdateWithUnsafeRawBufferPointer(passwd : UnsafeRawBufferPointer, c hash.update(bufferPointer: passwd) // BAD hash.update(bufferPointer: cert) // BAD hash.update(bufferPointer: encrypted_passwd) // GOOD (not sensitive) - hash.update(bufferPointer: account_no) // BAD + hash.update(bufferPointer: account_no) // BAD [NOT DETECTED] hash.update(bufferPointer: credit_card_no) // BAD } From e7f82a3571fc83017fe39d2c54600c8a7b6a6cd9 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen <mathiasvp@github.com> Date: Thu, 25 May 2023 13:56:01 -0700 Subject: [PATCH 671/870] Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com> --- .../lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index eaac9437b77..9a3fd679f23 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -1645,7 +1645,7 @@ predicate localInstructionFlow(Instruction e1, Instruction e2) { * * Ideally this module would be private, but the `asExprInternal` predicate is * needed in `DefaultTaintTrackingImpl`. Once `DefaultTaintTrackingImpl` is gone - * we can make this module private again. + * we can make this module private. */ cached module ExprFlowCached { From 960e6521a40f2efa143117fc0e650be7ff0d1835 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen <mathiasvp@github.com> Date: Thu, 25 May 2023 15:21:09 -0700 Subject: [PATCH 672/870] Revert "C++: Whitespace commit to make qhelp show up in diff." This reverts commit ec192d621c12577ae1b224f1a235e78b891d75a7. --- .../CWE/CWE-119/OverrunWriteProductFlow.qhelp | 44 +++++++++---------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.qhelp b/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.qhelp index 4da7e2a3c94..302340a3c2c 100644 --- a/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.qhelp +++ b/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.qhelp @@ -1,29 +1,29 @@ - <!DOCTYPE qhelp PUBLIC - "-//Semmle//qhelp//EN" - "qhelp.dtd"> - <qhelp> - <overview> - <p>You must ensure that you do not exceed the size of an allocation during write and read operations. - If an operation attempts to write to or access an element that is outside the range of the allocation then this results in a buffer overflow. - Buffer overflows can lead to anything from a segmentation fault to a security vulnerability. - </p> +<!DOCTYPE qhelp PUBLIC + "-//Semmle//qhelp//EN" + "qhelp.dtd"> +<qhelp> +<overview> +<p>You must ensure that you do not exceed the size of an allocation during write and read operations. +If an operation attempts to write to or access an element that is outside the range of the allocation then this results in a buffer overflow. +Buffer overflows can lead to anything from a segmentation fault to a security vulnerability. +</p> - </overview> - <recommendation> - <p> - Check the offsets and sizes used in the highlighted operations to ensure that a buffer overflow will not occur. - </p> +</overview> +<recommendation> +<p> +Check the offsets and sizes used in the highlighted operations to ensure that a buffer overflow will not occur. +</p> - </recommendation> - <example><sample src="OverrunWriteProductFlow.cpp" /> +</recommendation> +<example><sample src="OverrunWriteProductFlow.cpp" /> - </example> - <references> +</example> +<references> - <li>I. Gerg. <em>An Overview and Example of the Buffer-Overflow Exploit</em>. IANewsletter vol 7 no 4. 2005.</li> - <li>M. Donaldson. <em>Inside the Buffer Overflow Attack: Mechanism, Method & Prevention</em>. SANS Institute InfoSec Reading Room. 2002.</li> +<li>I. Gerg. <em>An Overview and Example of the Buffer-Overflow Exploit</em>. IANewsletter vol 7 no 4. 2005.</li> +<li>M. Donaldson. <em>Inside the Buffer Overflow Attack: Mechanism, Method & Prevention</em>. SANS Institute InfoSec Reading Room. 2002.</li> - </references> - </qhelp> +</references> +</qhelp> From 0d1d20c75b9c088fa5dea8d50565a2026485af2e Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen <mathiasvp@github.com> Date: Thu, 25 May 2023 15:50:29 -0700 Subject: [PATCH 673/870] C++: Change range-analysis test to not use 'getAst'. This was creating confusing test expectation annotations. --- .../ir/range-analysis/RangeAnalysis.ql | 9 +- .../SimpleRangeAnalysis_tests.cpp | 114 +++++++++--------- .../library-tests/ir/range-analysis/test.cpp | 12 +- 3 files changed, 64 insertions(+), 71 deletions(-) diff --git a/cpp/ql/test/library-tests/ir/range-analysis/RangeAnalysis.ql b/cpp/ql/test/library-tests/ir/range-analysis/RangeAnalysis.ql index 84437827d0d..eadf0b90ef5 100644 --- a/cpp/ql/test/library-tests/ir/range-analysis/RangeAnalysis.ql +++ b/cpp/ql/test/library-tests/ir/range-analysis/RangeAnalysis.ql @@ -40,14 +40,7 @@ bindingset[delta] private string getBoundString(SemBound b, float delta) { b instanceof SemZeroBound and result = delta.toString() or - result = - strictconcat(b.(SemSsaBound) - .getAVariable() - .(SemanticExprConfig::SsaVariable) - .asInstruction() - .getAst() - .toString(), ":" - ) + getOffsetString(delta) + result = strictconcat(b.(SemSsaBound).getAVariable().toString(), ":") + getOffsetString(delta) } private string getARangeString(SemExpr e) { diff --git a/cpp/ql/test/library-tests/ir/range-analysis/SimpleRangeAnalysis_tests.cpp b/cpp/ql/test/library-tests/ir/range-analysis/SimpleRangeAnalysis_tests.cpp index eed0a7d7e47..92e197115b7 100644 --- a/cpp/ql/test/library-tests/ir/range-analysis/SimpleRangeAnalysis_tests.cpp +++ b/cpp/ql/test/library-tests/ir/range-analysis/SimpleRangeAnalysis_tests.cpp @@ -8,7 +8,7 @@ int test1(struct List* p) { int count = 0; for (; p; p = p->next) { count = count+1; - range(count); // $ range===count:p+1 + range(count); // $ range="==Phi: p:Store: count+1" } range(count); return count; @@ -18,7 +18,7 @@ int test2(struct List* p) { int count = 0; for (; p; p = p->next) { count = (count+1) % 10; - range(count); // $ range=<=9 range=>=-9 range=<=count:p+1 + range(count); // $ range=<=9 range=>=-9 range="<=Phi: p:Store: count+1" } range(count); // $ range=>=-9 range=<=9 return count; @@ -29,7 +29,7 @@ int test3(struct List* p) { for (; p; p = p->next) { range(count++); // $ range=>=-9 range=<=9 count = count % 10; - range(count); // $ range=<=9 range=>=-9 range="<=... +++0" range=<=count:p+1 + range(count); // $ range=<=9 range=>=-9 range="<=Store: ... +++0" range="<=Phi: p:Store: count+1" } range(count); // $ range=>=-9 range=<=9 return count; @@ -42,11 +42,11 @@ int test4() { range(i); // $ range=<=1 range=>=0 range(total); total += i; - range(total); // $ range=<=i+1 range=<=i+1 MISSING: range=>=0 range=>=i+0 + range(total); // $ range="<=Phi: i+1" MISSING: range=>=0 range=>=i+0 } range(total); // $ MISSING: range=>=0 range(i); // $ range===2 - range(total + i); // $ range=<=i+2 MISSING: range===i+2 range=>=2 range=>=i+0 + range(total + i); // $ range="<=Phi: i+2" MISSING: range===i+2 range=>=2 range=>=i+0 return total + i; } @@ -57,11 +57,11 @@ int test5() { range(i); // $ range=<=1 range=>=0 range(total); // $ MISSING: range=>=0 total += i; - range(total); // $ range=<=i+1 MISSING: range=>=0 range=>=i+0 + range(total); // $ range="<=Phi: i+1" MISSING: range=>=0 range=>=i+0 } range(total); // $ MISSING: range=>=0 range(i); // $ range===2 - range(total + i); // $ range=<=i+2 MISSING: range===i+2 range=>=2 range=>=i+0 + range(total + i); // $ range="<=Phi: i+2" MISSING: range===i+2 range=>=2 range=>=i+0 return total + i; } @@ -72,7 +72,7 @@ int test6() { range(i); // $ range=<=1 range=>=0 range(total); // $ MISSING: range=>=0 total += i; - range(total); // $ range=<=i+1 MISSING: range=>=0 range=>=i+0 + range(total); // $ range="<=Phi: i+1" MISSING: range=>=0 range=>=i+0 } return total + i; } @@ -93,12 +93,12 @@ int test8(int x, int y) { if (-1000 < y && y < 10) { range(y); // $ range=<=9 range=>=-999 if (x < y-2) { - range(x); // $ range=<=6 range=<=y-3 - range(y); // $ range=<=9 range=>=-999 range=>=x+3 + range(x); // $ range=<=6 range="<=InitializeParameter: y:Store: y-3" + range(y); // $ range=<=9 range=>=-999 range=">=InitializeParameter: x:Store: x+3" return x; } - range(x); // $ range=>=-1001 range=>=y-2 - range(y); // $ range=<=9 range=<=x+2 range=>=-999 + range(x); // $ range=>=-1001 range=">=InitializeParameter: y:Store: y-2" + range(y); // $ range=<=9 range="<=InitializeParameter: x:Store: x+2" range=>=-999 } range(x); range(y); @@ -127,12 +127,12 @@ int test10(int x, int y) { if (y > 7) { range(y); // $ range=>=8 if (x < y) { - range(x); // $ range=<=y-1 - range(y); // $ range=>=8 range=>=x+1 + range(x); // $ range="<=InitializeParameter: y-1" + range(y); // $ range=>=8 range=">=InitializeParameter: x:Store: x+1" return 0; } - range(x); // $ range=>=8 range=>=y+0 - range(y); // $ range=<=x+0 range=>=8 + range(x); // $ range=>=8 range=">=InitializeParameter: y+0" + range(y); // $ range="<=InitializeParameter: x:Store: x+0" range=>=8 return x; } range(y); // $ range=<=7 @@ -145,7 +145,7 @@ int test11(char *p) { range(*p); if (c != '\0') { *p++ = '\0'; - range(p); // $ range===p+1 + range(p); // $ range="==InitializeParameter: p+1" range(*p); } if (c == ':') { @@ -155,7 +155,7 @@ int test11(char *p) { if (c != '\0') { range(c); *p++ = '\0'; - range(p); // $ range=<=p+2 range===c+1 range=>=p+1 + range(p); // $ range="<=InitializeParameter: p+2" range="==Phi: c+1" range=">=InitializeParameter: p+1" } if (c != ',') { return 1; @@ -193,7 +193,7 @@ int test13(char c, int i) { unsigned int y = x-1; // $ overflow=- range(y); // $ range===-1 overflow=- int z = i+1; // $ overflow=+ - range(z); // $ range===i+1 + range(z); // $ range="==InitializeParameter: i+1" range(c + i + uc + x + y + z); // $ overflow=+- overflow=+ overflow=- MISSING: range=>=1 range((double)(c + i + uc + x + y + z)); // $ overflow=+ overflow=+- overflow=- MISSING: range=>=1 return (double)(c + i + uc + x + y + z); // $ overflow=+- overflow=+ overflow=- @@ -245,7 +245,7 @@ int test_unary(int a) { range(c); // $ range=<=0 range=>=-11 range(b+c); // $ range=<=11 range=>=-11 MISSING:range=">=- ...+0" total += b+c; - range(total); // $ range=<=0+11 range=<=19 range=>=0-11 range=>=-19 + range(total); // $ range="<=Phi: 0+11" range=<=19 range=">=Phi: 0-11" range=>=-19 } if (-7 <= a && a <= 11) { range(a); // $ range=<=11 range=>=-7 @@ -255,7 +255,7 @@ int test_unary(int a) { range(c); // $ range=<=7 range=>=-11 range(b+c); // $ range=<=18 range=>=-18 total += b+c; - range(total); // $ range="<=- ...+18" range=">=- ...-18" range=<=0+29 range=<=37 range=>=0-29 range=>=-37 + range(total); // $ range="<=Phi: - ...+18" range=">=Phi: - ...-18" range="<=Phi: 0+29" range=<=37 range=">=Phi: 0-29" range=>=-37 } if (-7 <= a && a <= 1) { range(a); // $ range=<=1 range=>=-7 @@ -265,7 +265,7 @@ int test_unary(int a) { range(c); // $ range=<=7 range=>=-1 range(b+c); // $ range=<=8 range=>=-8 total += b+c; - range(total); // $ range="<=- ...+8" range="<=- ...+26" range=">=- ...-8" range=">=- ...-26" range=<=0+37 range=<=45 range=>=0-37 range=>=-45 + range(total); // $ range="<=Phi: - ...+8" range="<=Phi: - ...+26" range=">=Phi: - ...-8" range=">=Phi: - ...-26" range="<=Phi: 0+37" range=<=45 range=">=Phi: 0-37" range=>=-45 } if (-7 <= a && a <= 0) { range(a); // $ range=<=0 range=>=-7 @@ -275,7 +275,7 @@ int test_unary(int a) { range(c); // $ range=<=7 range=>=0 range(b+c); // $ range=>=-7 range=<=7 MISSING:range="<=- ...+0" total += b+c; - range(total); // $ range="<=- ...+7" range="<=- ...+15" range="<=- ...+33" range=">=- ...-7" range=">=- ...-15" range=">=- ...-33" range=<=0+44 range=<=52 range=>=0-44 range=>=-52 + range(total); // $ range="<=Phi: - ...+7" range="<=Phi: - ...+15" range="<=Phi: - ...+33" range=">=Phi: - ...-7" range=">=Phi: - ...-15" range=">=Phi: - ...-33" range="<=Phi: 0+44" range=<=52 Unexpected result: range=">=Phi: 0-44" range=>=-52 } if (-7 <= a && a <= -2) { range(a); // $ range=<=-2 range=>=-7 @@ -285,9 +285,9 @@ int test_unary(int a) { range(c); // $ range=<=7 range=>=2 range(b+c); // $ range=<=5 range=>=-5 total += b+c; - range(total); // $ range="<=- ...+5" range="<=- ...+12" range="<=- ...+20" range="<=- ...+38" range=">=- ...-5" range=">=- ...-12" range=">=- ...-20" range=">=- ...-38" range=<=0+49 range=<=57 range=>=0-49 range=>=-57 + range(total); // $ range="<=Phi: - ...+5" range="<=Phi: - ...+12" range="<=Phi: - ...+20" range="<=Phi: - ...+38" range=">=Phi: - ...-5" range=">=Phi: - ...-12" range=">=Phi: - ...-20" range=">=Phi: - ...-38" range="<=Phi: 0+49" range=<=57 range=">=Phi: 0-49" range=>=-57 } - range(total); // $ range="<=- ...+5" range="<=- ...+12" range="<=- ...+20" range="<=- ...+38" range=">=- ...-5" range=">=- ...-12" range=">=- ...-20" range=">=- ...-38" range=<=0+49 range=<=57 range=>=0-49 range=>=-57 + range(total); // $ range="<=Phi: - ...+5" range="<=Phi: - ...+12" range="<=Phi: - ...+20" range="<=Phi: - ...+38" range=">=Phi: - ...-5" range=">=Phi: - ...-12" range=">=Phi: - ...-20" range=">=Phi: - ...-38" range="<=Phi: 0+49" range=<=57 range=">=Phi: 0-49" range=>=-57 return total; } @@ -310,7 +310,7 @@ int test_mult01(int a, int b) { int r = a*b; // 0 .. 253 range(r); // $ range=<=253 range=>=0 total += r; - range(total); // $ range=<=3+253 range=<=506 range=>=0 range=>=3+0 + range(total); // $ range="<=Phi: 3+253" range=<=506 range=>=0 range=">=Phi: 3+0" } if (3 <= a && a <= 11 && -13 <= b && b <= 23) { range(a); // $ range=<=11 range=>=3 @@ -326,7 +326,7 @@ int test_mult01(int a, int b) { int r = a*b; // -143 .. 0 range(r); // $ range=<=0 range=>=-143 total += r; - range(total); // $ range=>=3-143 + range(total); // $ range=">=Phi: 3-143" } if (3 <= a && a <= 11 && -13 <= b && b <= -7) { range(a); // $ range=<=11 range=>=3 @@ -334,9 +334,9 @@ int test_mult01(int a, int b) { int r = a*b; // -143 .. -21 range(r); // $ range=<=-21 range=>=-143 total += r; - range(total); // $ range=>=3-143 range=>=3-286 + range(total); // $ range=">=Phi: 3-143" range=">=Phi: 3-286" } - range(total); // $ range=>=3-143 range=>=3-286 + range(total); // $ range=">=Phi: 3-143" range=">=Phi: 3-286" return total; } @@ -358,7 +358,7 @@ int test_mult02(int a, int b) { int r = a*b; // 0 .. 253 range(r); // $ range=<=253 range=>=0 total += r; - range(total); // $ range=>=0 range=>=0+0 range=<=0+253 range=<=506 + range(total); // $ range=>=0 range=">=Phi: 0+0" range="<=Phi: 0+253" range=<=506 } if (0 <= a && a <= 11 && -13 <= b && b <= 23) { range(a); // $ range=<=11 range=>=0 @@ -374,7 +374,7 @@ int test_mult02(int a, int b) { int r = a*b; // -143 .. 0 range(r); // $ range=<=0 range=>=-143 total += r; - range(total); // $ range=>=0-143 + range(total); // $ range=">=Phi: 0-143" } if (0 <= a && a <= 11 && -13 <= b && b <= -7) { range(a); // $ range=<=11 range=>=0 @@ -382,9 +382,9 @@ int test_mult02(int a, int b) { int r = a*b; // -143 .. 0 range(r); // $ range=<=0 range=>=-143 total += r; - range(total); // $ range=>=0-143 range=>=0-286 + range(total); // $ range=">=Phi: 0-143" range=">=Phi: 0-286" } - range(total); // $range=>=0-143 range=>=0-286 + range(total); // $range=">=Phi: 0-143" range=">=Phi: 0-286" return total; } @@ -453,7 +453,7 @@ int test_mult04(int a, int b) { int r = a*b; // -391 .. 0 range(r); // $ range=<=0 range=>=-391 total += r; - range(total); // $ range="<=- ...+0" range=<=0 range=">=- ...-391" range=>=-782 + range(total); // $ range="<=Phi: - ...+0" range=<=0 range=">=Phi: - ...-391" range=>=-782 } if (-17 <= a && a <= 0 && -13 <= b && b <= 23) { range(a); // $ range=<=0 range=>=-17 @@ -469,7 +469,7 @@ int test_mult04(int a, int b) { int r = a*b; // 0 .. 221 range(r); // $ range=<=221 range=>=0 total += r; - range(total); // $ range="<=- ...+221" + range(total); // $ range="<=Phi: - ...+221" } if (-17 <= a && a <= 0 && -13 <= b && b <= -7) { range(a); // $ range=<=0 range=>=-17 @@ -477,9 +477,9 @@ int test_mult04(int a, int b) { int r = a*b; // 0 .. 221 range(r); // $ range=<=221 range=>=0 total += r; - range(total); // $ range="<=- ...+221" range="<=- ...+442" + range(total); // $ range="<=Phi: - ...+221" range="<=Phi: - ...+442" } - range(total); // $ range="<=- ...+221" range="<=- ...+442" + range(total); // $ range="<=Phi: - ...+221" range="<=Phi: - ...+442" return total; } @@ -501,7 +501,7 @@ int test_mult05(int a, int b) { int r = a*b; // -391 .. 0 range(r); // $ range=<=0 range=>=-391 total += r; - range(total); // $ range="<=- ...+0" range=<=0 range=">=- ...-391" range=>=-782 + range(total); // $ range="<=Phi: - ...+0" range=<=0 range=">=Phi: - ...-391" range=>=-782 } if (-17 <= a && a <= -2 && -13 <= b && b <= 23) { range(a); // $ range=<=-2 range=>=-17 @@ -517,7 +517,7 @@ int test_mult05(int a, int b) { int r = a*b; // 0 .. 221 range(r); // $ range=<=221 range=>=0 total += r; - range(total); // $ range="<=- ...+221" + range(total); // $ range="<=Phi: - ...+221" } if (-17 <= a && a <= -2 && -13 <= b && b <= -7) { range(a); // $ range=<=-2 range=>=-17 @@ -525,9 +525,9 @@ int test_mult05(int a, int b) { int r = a*b; // 14 .. 221 range(r); // $ range=<=221 range=>=14 total += r; - range(total); // $ range="<=- ...+221" range="<=- ...+442" + range(total); // $ range="<=Phi: - ...+221" range="<=Phi: - ...+442" } - range(total); // $ range="<=- ...+221" range="<=- ...+442" + range(total); // $ range="<=Phi: - ...+221" range="<=Phi: - ...+442" return total; } @@ -541,7 +541,7 @@ int test16(int x) { while (i < 3) { range(i); // $ range=<=2 range=>=0 i++; - range(i); // $ range=<=3 range=>=1 range="==... = ...:i+1" SPURIOUS:range="==... = ...:i+1" + range(i); // $ range=<=3 range=>=1 range="==Phi: i:Store: ... = ...+1" } range(d); d = i; @@ -640,14 +640,14 @@ unsigned int test_comma01(unsigned int x) { unsigned int y1; unsigned int y2; y1 = (++y, y); - range(y1); // $ range=<=101 range="==... ? ... : ...+1" + range(y1); // $ range=<=101 range="==Phi: ... ? ... : ...:Store: ... ? ... : ...+1" y2 = (y++, - range(y), // $ range=<=102 range="==++ ...:... = ...+1" range="==... ? ... : ...+2" + range(y), // $ range=<=102 range="==Store: ++ ...:Store: ... = ...+1" range="==Phi: ... ? ... : ...:Store: ... ? ... : ...+2" y += 3, - range(y), // $ range=<=105 range="==++ ...:... = ...+4" range="==... +++3" range="==... ? ... : ...+5" + range(y), // $ range=<=105 range="==Store: ++ ...:Store: ... = ...+4" range="==Store: ... +++3" range="==Phi: ... ? ... : ...:Store: ... ? ... : ...+5" y); - range(y2); // $ range=<=105 range="==++ ...:... = ...+4" range="==... +++3" range="==... ? ... : ...+5" - range(y1 + y2); // $ range=<=206 range="<=... ? ... : ...+106" MISSING: range=">=++ ...:... = ...+5" range=">=... +++4" range=">=... += ...:... = ...+1" range=">=... ? ... : ...+6" + range(y2); // $ range=<=105 range="==Store: ++ ...:Store: ... = ...+4" range="==Store: ... +++3" Unexpected result: range="==Phi: ... ? ... : ...:Store: ... ? ... : ...+5" + range(y1 + y2); // $ range=<=206 range="<=Phi: ... ? ... : ...:Store: ... ? ... : ...+106" MISSING: range=">=++ ...:... = ...+5" range=">=... +++4" range=">=... += ...:... = ...+1" range=">=... ? ... : ...+6" return y1 + y2; } @@ -672,7 +672,7 @@ void test17() { range(i); // $ range===50 i = 20 + (j -= 10); - range(i); // $ range="==... += ...:... = ...+10" range===60 + range(i); // $ range="==Store: ... += ...:Store: ... = ...+10" range===60 } // Tests for unsigned multiplication. @@ -693,7 +693,7 @@ int test_unsigned_mult01(unsigned int a, unsigned b) { int r = a*b; // 0 .. 253 range(r);// $ range=>=0 range=<=253 total += r; - range(total); // $ range=">=(unsigned int)...+0" range=>=0 range=<=506 range="<=(unsigned int)...+253" + range(total); // $ range=">=Phi: (unsigned int)...+0" range=>=0 range=<=506 range="<=Phi: (unsigned int)...+253" } if (3 <= a && a <= 11 && 13 <= b && b <= 23) { range(a); // $ range=<=11 range=>=3 @@ -701,9 +701,9 @@ int test_unsigned_mult01(unsigned int a, unsigned b) { int r = a*b; // 39 .. 253 range(r); // $ range=>=39 range=<=253 total += r; - range(total); // $ range=>=39 range=<=759 range="<=(unsigned int)...+253" range="<=(unsigned int)...+506" range=">=(unsigned int)...+39" + range(total); // $ range=>=39 range=<=759 range="<=Phi: (unsigned int)...+253" range="<=Phi: (unsigned int)...+506" range=">=Phi: (unsigned int)...+39" } - range(total); // $ range=>=0 range=<=759 range=">=(unsigned int)...+0" range="<=(unsigned int)...+506" range="<=(unsigned int)...+253" + range(total); // $ range=>=0 range=<=759 range=">=Phi: (unsigned int)...+0" range="<=Phi: (unsigned int)...+506" range="<=Phi: (unsigned int)...+253" return total; } @@ -722,16 +722,16 @@ int test_unsigned_mult02(unsigned b) { int r = 11*b; // 0 .. 253 range(r); // $ range=>=0 range=<=253 total += r; - range(total); // $ range=">=(unsigned int)...+0" range=>=0 range="<=(unsigned int)...+253" range=<=506 + range(total); // $ range=">=Phi: (unsigned int)...+0" range=>=0 range="<=Phi: (unsigned int)...+253" range=<=506 } if (13 <= b && b <= 23) { range(b); // $ range=<=23 range=>=13 int r = 11*b; // 143 .. 253 range(r); // $ range=>=143 range=<=253 total += r; - range(total); // $ range="<=(unsigned int)...+253" range="<=(unsigned int)...+506" range=">=(unsigned int)...+143" range=>=143 range=<=759 + range(total); // $ range="<=Phi: (unsigned int)...+253" range="<=Phi: (unsigned int)...+506" range=">=Phi: (unsigned int)...+143" range=>=143 range=<=759 } - range(total); // $ range=>=0 range=<=759 range=">=(unsigned int)...+0" range="<=(unsigned int)...+506" range="<=(unsigned int)...+253" + range(total); // $ range=>=0 range=<=759 range=">=Phi: (unsigned int)...+0" range="<=Phi: (unsigned int)...+506" range="<=Phi: (unsigned int)...+253" return total; } @@ -851,7 +851,7 @@ int notequal_type_endpoint(unsigned n) { n--; // 1 .. } - range(n); // $ range=<=n+0 // 0 .. 0 + range(n); // $ range="<=InitializeParameter: n+0" // 0 .. 0 } void notequal_refinement(short n) { @@ -946,7 +946,7 @@ void widen_recursive_expr() { for (s = 0; s < 10; s++) { range(s); // $ range=<=9 range=>=0 int result = s + s; - range(result); // $ range=<=18 range=<=s+9 range=>=0 range=>=s+0 + range(result); // $ range=<=18 Unexpected result: range="<=Phi: s+9" range=>=0 Unexpected result: range=">=Phi: s+0" } } @@ -974,7 +974,7 @@ void test_mod_neg(int s) { void test_mod_ternary(int s, bool b) { int s2 = s % (b ? 5 : 500); - range(s2); // $ range=>=-499 range=<=499 range="<=... ? ... : ...-1" + range(s2); // $ range=>=-499 range=<=499 range="<=Phi: ... ? ... : ...-1" } void test_mod_ternary2(int s, bool b1, bool b2) { diff --git a/cpp/ql/test/library-tests/ir/range-analysis/test.cpp b/cpp/ql/test/library-tests/ir/range-analysis/test.cpp index 10b4c1a9a22..5d816f3cda4 100644 --- a/cpp/ql/test/library-tests/ir/range-analysis/test.cpp +++ b/cpp/ql/test/library-tests/ir/range-analysis/test.cpp @@ -16,8 +16,8 @@ int sum = x + y; // $ overflow=+- } else { if (y > 300) { - range(x); // $ range=>=302 range=<=400 range=<=y+1 MISSING: range===y+1 - range(y); // $ range=>=301 range=<=399 range===x-1 + range(x); // $ range=>=302 range=<=400 range="<=InitializeParameter: y+1" MISSING: range===y+1 + range(y); // $ range=>=301 range=<=399 range="==InitializeParameter: x:Store: x-1" int sum = x + y; } } @@ -39,9 +39,9 @@ } if (y == x - 1 && y > 300 && y + 2 == z && z == 350) { // $ overflow=+ overflow=- - range(x); // $ range===349 range===y+1 range===z-1 - range(y); // $ range===348 range=>=x-1 range===z-2 MISSING: range===x-1 - range(z); // $ range===350 range=<=y+2 MISSING: range===x+1 range===y+2 + range(x); // $ range===349 range="==InitializeParameter: y+1" range="==InitializeParameter: z-1" + range(y); // $ range===348 range=">=InitializeParameter: x:Store: x-1" range="==InitializeParameter: z-2" MISSING: range===x-1 + range(z); // $ range===350 range="<=InitializeParameter: y+2" MISSING: range===x+1 range===y+2 return x + y + z; } } @@ -56,7 +56,7 @@ while (f3_get(n)) n+=2; for (int i = 0; i < n; i += 2) { - range(i); // $ range=>=0 SPURIOUS: range="<=call to f3_get-1" range="<=call to f3_get-2" + range(i); // $ range=>=0 SPURIOUS: range="<=Phi: call to f3_get-1" range="<=Phi: call to f3_get-2" } } From 4ab389bf1af93131b7e6dd9e3210444de50f5ba3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 26 May 2023 04:02:31 +0000 Subject: [PATCH 674/870] Bump regex from 1.8.2 to 1.8.3 in /ql Bumps [regex](https://github.com/rust-lang/regex) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/rust-lang/regex/releases) - [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-lang/regex/compare/1.8.2...1.8.3) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> --- ql/Cargo.lock | Bin 31708 -> 31708 bytes ql/buramu/Cargo.toml | 2 +- ql/extractor/Cargo.toml | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ql/Cargo.lock b/ql/Cargo.lock index 92a590787a3f772ef6e5e357797587f0c4a73faf..60a0ad5919a43dba84fa52a6aa9930bd588cf198 100644 GIT binary patch delta 87 zcmV~$I~9O13;@8_0SoLnXwpy8iJ=0}kk9Lcn@Yd{g6e~nyY+?jg_n9r6SnJQFo}(& nF@kzQuZnp%D@66kFfw^+hDgLFLxhST7m|urQ=7-VKdbW(#zh*h delta 86 zcmV~$+YNvq3;@6ocW{nEDbPO?7I1}@$3E&J8rQ)&{M5Vgn(>-5=51e>YK2&-rpB?h mh8Q?#w^&Fei6%mC3xH$ix(X0LV01ybcupMsaZU66<S+gKvm5CE diff --git a/ql/buramu/Cargo.toml b/ql/buramu/Cargo.toml index 5c6d79d7305..c478297f5b8 100644 --- a/ql/buramu/Cargo.toml +++ b/ql/buramu/Cargo.toml @@ -9,4 +9,4 @@ edition = "2018" lazy_static = "1.4.0" chrono = "0.4.24" rayon = "1.7.0" -regex = "1.8.2" +regex = "1.8.3" diff --git a/ql/extractor/Cargo.toml b/ql/extractor/Cargo.toml index 91bf5ecec25..f026145c72f 100644 --- a/ql/extractor/Cargo.toml +++ b/ql/extractor/Cargo.toml @@ -16,5 +16,5 @@ clap = { version = "4.2", features = ["derive"] } tracing = "0.1" tracing-subscriber = { version = "0.3.17", features = ["env-filter"] } rayon = "1.7.0" -regex = "1.8.2" +regex = "1.8.3" codeql-extractor = { path = "../../shared/tree-sitter-extractor" } From 192c0d5e8338e043b46d1dce64905eb301c1df6c Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Fri, 26 May 2023 08:20:58 +0200 Subject: [PATCH 675/870] Swift: simplify change note Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com> --- .../2023-05-25-fix-ast-and-cfg-inconsistencies.md | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/swift/ql/lib/change-notes/2023-05-25-fix-ast-and-cfg-inconsistencies.md b/swift/ql/lib/change-notes/2023-05-25-fix-ast-and-cfg-inconsistencies.md index d7806a38360..208486b8f27 100644 --- a/swift/ql/lib/change-notes/2023-05-25-fix-ast-and-cfg-inconsistencies.md +++ b/swift/ql/lib/change-notes/2023-05-25-fix-ast-and-cfg-inconsistencies.md @@ -2,13 +2,4 @@ category: fix --- -* Fixed some AST printing inconsistencies leading to a non-tree AST. In particular: - * `getOpaqueExpr()` is not considered a child of `OpenExistentialExpr` anymore, as it is - actually a reference to an expression nested within `getSubExpr()`; - * fixed some corner cases involving synthesized `PatternBindingDecl`s for variables wrapped with - property wrappers. -* Fixed some control flow graph inconsistencies leading to multiple successors and dead ends. - In particular: - * fixed the corner cases mentioned above for AST printing, which were a problem also for the - control graph; - * fixed an inconsistency caused by an unneeded special treatment of `TapExpr`. +* Fixed a number of inconsistencies in the abstract syntax tree (AST) and in the control-flow graph (CFG). This may lead to more results in queries that use these libraries, or libraries that depend on them (such as dataflow). From 74a585222cb287157232a743bcd01f47f1933fe8 Mon Sep 17 00:00:00 2001 From: Tamas Vajk <tamasvajk@github.com> Date: Thu, 25 May 2023 15:52:56 +0200 Subject: [PATCH 676/870] C#: Extract source files generated by source generators --- .../Semmle.Extraction.CSharp/Extractor/Extractor.cs | 11 ++++++++++- csharp/tools/tracing-config.lua | 9 +++++---- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs index ec4f44c21c7..79855875d02 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs @@ -381,8 +381,17 @@ namespace Semmle.Extraction.CSharp references => ResolveReferences(compilerArguments, analyser, canonicalPathCache, references), (analyser, syntaxTrees) => { + var paths = compilerArguments.SourceFiles + .Select(src => src.Path) + .ToList(); + + if (compilerArguments.GeneratedFilesOutputDirectory is not null) + { + paths.AddRange(Directory.GetFiles(compilerArguments.GeneratedFilesOutputDirectory, "*.cs", SearchOption.AllDirectories)); + } + return ReadSyntaxTrees( - compilerArguments.SourceFiles.Select(src => canonicalPathCache.GetCanonicalPath(src.Path)), + paths.Select(canonicalPathCache.GetCanonicalPath), analyser, compilerArguments.ParseOptions, compilerArguments.Encoding, diff --git a/csharp/tools/tracing-config.lua b/csharp/tools/tracing-config.lua index 2db04d83524..79b2ea2ca1c 100644 --- a/csharp/tools/tracing-config.lua +++ b/csharp/tools/tracing-config.lua @@ -63,7 +63,7 @@ function RegisterExtractorPack(id) end end if match then - local injections = { '-p:UseSharedCompilation=false' } + local injections = { '-p:UseSharedCompilation=false', '-p:EmitCompilerGeneratedFiles=true' } if dotnetRunNeedsSeparator then table.insert(injections, '--') end @@ -118,7 +118,8 @@ function RegisterExtractorPack(id) compilerArguments, nil, { '/p:UseSharedCompilation=false', - '/p:MvcBuildViews=true' + '/p:MvcBuildViews=true', + '/p:EmitCompilerGeneratedFiles=true', }) } @@ -154,7 +155,7 @@ function RegisterExtractorPack(id) if seenCompilerCall then return { - order = ORDER_BEFORE, + order = ORDER_AFTER, invocation = { path = AbsolutifyExtractorPath(id, extractor), arguments = { @@ -194,7 +195,7 @@ function RegisterExtractorPack(id) if seenCompilerCall then return { - order = ORDER_BEFORE, + order = ORDER_AFTER, invocation = { path = AbsolutifyExtractorPath(id, extractor), arguments = { From 736f2871f9cc61c078e1839d12f255926861613e Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 25 May 2023 22:02:32 +0100 Subject: [PATCH 677/870] Swift: Tweak private info regexps to restore 'account_no' results. --- .../ql/lib/codeql/swift/security/SensitiveExprs.qll | 2 +- .../Security/CWE-311/CleartextTransmission.expected | 4 ++++ .../Security/CWE-311/SensitiveExprs.expected | 1 + .../test/query-tests/Security/CWE-311/testURL.swift | 2 +- .../CWE-328/WeakSensitiveDataHashing.expected | 12 ++++++++++++ .../query-tests/Security/CWE-328/testCryptoKit.swift | 12 ++++++------ 6 files changed, 25 insertions(+), 8 deletions(-) diff --git a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll index b6f5c231823..71a250229e7 100644 --- a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll +++ b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll @@ -58,7 +58,7 @@ class SensitivePrivateInfo extends SensitiveDataType, TPrivateInfo { // Geographic location - where the user is (or was) "latitude|longitude|" + // Financial data - such as credit card numbers, salary, bank accounts, and debts - "credit.?card|debit.?card|salary|bank.?account|" + + "credit.?card|debit.?card|salary|bank.?account|acc(ou)?nt.?(no|num)|" + // Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc. "email|" + // Health - medical conditions, insurance status, prescription records diff --git a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected index 94272faf6d0..c832cf51a15 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected @@ -13,6 +13,7 @@ edges | testSend.swift:54:17:54:17 | password | testSend.swift:41:10:41:18 | data | | testSend.swift:54:17:54:17 | password | testSend.swift:54:13:54:25 | call to pad(_:) | | testURL.swift:13:54:13:54 | passwd | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | +| testURL.swift:15:55:15:55 | account_no | testURL.swift:15:22:15:55 | ... .+(_:_:) ... | | testURL.swift:16:55:16:55 | credit_card_no | testURL.swift:16:22:16:55 | ... .+(_:_:) ... | nodes | file://:0:0:0:0 | [summary] to write: return (return) in Data.init(_:) | semmle.label | [summary] to write: return (return) in Data.init(_:) | @@ -40,6 +41,8 @@ nodes | testSend.swift:66:27:66:30 | .mobileNumber | semmle.label | .mobileNumber | | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | | testURL.swift:13:54:13:54 | passwd | semmle.label | passwd | +| testURL.swift:15:22:15:55 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | +| testURL.swift:15:55:15:55 | account_no | semmle.label | account_no | | testURL.swift:16:22:16:55 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | | testURL.swift:16:55:16:55 | credit_card_no | semmle.label | credit_card_no | | testURL.swift:20:22:20:22 | passwd | semmle.label | passwd | @@ -58,5 +61,6 @@ subpaths | testSend.swift:65:27:65:27 | license_key | testSend.swift:65:27:65:27 | license_key | testSend.swift:65:27:65:27 | license_key | This operation transmits 'license_key', which may contain unencrypted sensitive data from $@. | testSend.swift:65:27:65:27 | license_key | license_key | | testSend.swift:66:27:66:30 | .mobileNumber | testSend.swift:66:27:66:30 | .mobileNumber | testSend.swift:66:27:66:30 | .mobileNumber | This operation transmits '.mobileNumber', which may contain unencrypted sensitive data from $@. | testSend.swift:66:27:66:30 | .mobileNumber | .mobileNumber | | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | testURL.swift:13:54:13:54 | passwd | testURL.swift:13:22:13:54 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:13:54:13:54 | passwd | passwd | +| testURL.swift:15:22:15:55 | ... .+(_:_:) ... | testURL.swift:15:55:15:55 | account_no | testURL.swift:15:22:15:55 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:15:55:15:55 | account_no | account_no | | testURL.swift:16:22:16:55 | ... .+(_:_:) ... | testURL.swift:16:55:16:55 | credit_card_no | testURL.swift:16:22:16:55 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:16:55:16:55 | credit_card_no | credit_card_no | | testURL.swift:20:22:20:22 | passwd | testURL.swift:20:22:20:22 | passwd | testURL.swift:20:22:20:22 | passwd | This operation transmits 'passwd', which may contain unencrypted sensitive data from $@. | testURL.swift:20:22:20:22 | passwd | passwd | diff --git a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected index 89b8d36ccdf..69de9137213 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected @@ -129,5 +129,6 @@ | testSend.swift:66:27:66:30 | .mobileNumber | label:mobileNumber, type:private information | | testSend.swift:69:27:69:30 | .passwordFeatureEnabled | label:passwordFeatureEnabled, type:credential | | testURL.swift:13:54:13:54 | passwd | label:passwd, type:credential | +| testURL.swift:15:55:15:55 | account_no | label:account_no, type:private information | | testURL.swift:16:55:16:55 | credit_card_no | label:credit_card_no, type:private information | | testURL.swift:20:22:20:22 | passwd | label:passwd, type:credential | diff --git a/swift/ql/test/query-tests/Security/CWE-311/testURL.swift b/swift/ql/test/query-tests/Security/CWE-311/testURL.swift index 48ae815232f..7f9b64ff4f6 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/testURL.swift +++ b/swift/ql/test/query-tests/Security/CWE-311/testURL.swift @@ -12,7 +12,7 @@ struct URL func test1(passwd : String, encrypted_passwd : String, account_no : String, credit_card_no : String) { let a = URL(string: "http://example.com/login?p=" + passwd); // BAD let b = URL(string: "http://example.com/login?p=" + encrypted_passwd); // GOOD (not sensitive) - let c = URL(string: "http://example.com/login?ac=" + account_no); // BAD [NOT DETECTED] + let c = URL(string: "http://example.com/login?ac=" + account_no); // BAD let d = URL(string: "http://example.com/login?cc=" + credit_card_no); // BAD let base = URL(string: "http://example.com/"); // GOOD (not sensitive) diff --git a/swift/ql/test/query-tests/Security/CWE-328/WeakSensitiveDataHashing.expected b/swift/ql/test/query-tests/Security/CWE-328/WeakSensitiveDataHashing.expected index b6c7161b853..a23916e1a5c 100644 --- a/swift/ql/test/query-tests/Security/CWE-328/WeakSensitiveDataHashing.expected +++ b/swift/ql/test/query-tests/Security/CWE-328/WeakSensitiveDataHashing.expected @@ -2,22 +2,28 @@ edges nodes | testCryptoKit.swift:56:47:56:47 | passwd | semmle.label | passwd | | testCryptoKit.swift:57:43:57:43 | cert | semmle.label | cert | +| testCryptoKit.swift:59:43:59:43 | account_no | semmle.label | account_no | | testCryptoKit.swift:60:43:60:43 | credit_card_no | semmle.label | credit_card_no | | testCryptoKit.swift:61:43:61:43 | credit_card_no | semmle.label | credit_card_no | | testCryptoKit.swift:63:44:63:44 | passwd | semmle.label | passwd | | testCryptoKit.swift:64:44:64:44 | cert | semmle.label | cert | +| testCryptoKit.swift:66:44:66:44 | account_no | semmle.label | account_no | | testCryptoKit.swift:67:44:67:44 | credit_card_no | semmle.label | credit_card_no | | testCryptoKit.swift:90:23:90:23 | passwd | semmle.label | passwd | | testCryptoKit.swift:91:23:91:23 | cert | semmle.label | cert | +| testCryptoKit.swift:93:23:93:23 | account_no | semmle.label | account_no | | testCryptoKit.swift:94:23:94:23 | credit_card_no | semmle.label | credit_card_no | | testCryptoKit.swift:99:23:99:23 | passwd | semmle.label | passwd | | testCryptoKit.swift:100:23:100:23 | cert | semmle.label | cert | +| testCryptoKit.swift:102:23:102:23 | account_no | semmle.label | account_no | | testCryptoKit.swift:103:23:103:23 | credit_card_no | semmle.label | credit_card_no | | testCryptoKit.swift:132:32:132:32 | passwd | semmle.label | passwd | | testCryptoKit.swift:133:32:133:32 | cert | semmle.label | cert | +| testCryptoKit.swift:135:32:135:32 | account_no | semmle.label | account_no | | testCryptoKit.swift:136:32:136:32 | credit_card_no | semmle.label | credit_card_no | | testCryptoKit.swift:141:32:141:32 | passwd | semmle.label | passwd | | testCryptoKit.swift:142:32:142:32 | cert | semmle.label | cert | +| testCryptoKit.swift:144:32:144:32 | account_no | semmle.label | account_no | | testCryptoKit.swift:145:32:145:32 | credit_card_no | semmle.label | credit_card_no | | testCryptoSwift.swift:113:30:113:30 | passwdArray | semmle.label | passwdArray | | testCryptoSwift.swift:115:31:115:31 | passwdArray | semmle.label | passwdArray | @@ -33,22 +39,28 @@ subpaths #select | testCryptoKit.swift:56:47:56:47 | passwd | testCryptoKit.swift:56:47:56:47 | passwd | testCryptoKit.swift:56:47:56:47 | passwd | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:56:47:56:47 | passwd | sensitive data (credential passwd) | | testCryptoKit.swift:57:43:57:43 | cert | testCryptoKit.swift:57:43:57:43 | cert | testCryptoKit.swift:57:43:57:43 | cert | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:57:43:57:43 | cert | sensitive data (credential cert) | +| testCryptoKit.swift:59:43:59:43 | account_no | testCryptoKit.swift:59:43:59:43 | account_no | testCryptoKit.swift:59:43:59:43 | account_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:59:43:59:43 | account_no | sensitive data (private information account_no) | | testCryptoKit.swift:60:43:60:43 | credit_card_no | testCryptoKit.swift:60:43:60:43 | credit_card_no | testCryptoKit.swift:60:43:60:43 | credit_card_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:60:43:60:43 | credit_card_no | sensitive data (private information credit_card_no) | | testCryptoKit.swift:61:43:61:43 | credit_card_no | testCryptoKit.swift:61:43:61:43 | credit_card_no | testCryptoKit.swift:61:43:61:43 | credit_card_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:61:43:61:43 | credit_card_no | sensitive data (private information credit_card_no) | | testCryptoKit.swift:63:44:63:44 | passwd | testCryptoKit.swift:63:44:63:44 | passwd | testCryptoKit.swift:63:44:63:44 | passwd | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:63:44:63:44 | passwd | sensitive data (credential passwd) | | testCryptoKit.swift:64:44:64:44 | cert | testCryptoKit.swift:64:44:64:44 | cert | testCryptoKit.swift:64:44:64:44 | cert | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:64:44:64:44 | cert | sensitive data (credential cert) | +| testCryptoKit.swift:66:44:66:44 | account_no | testCryptoKit.swift:66:44:66:44 | account_no | testCryptoKit.swift:66:44:66:44 | account_no | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:66:44:66:44 | account_no | sensitive data (private information account_no) | | testCryptoKit.swift:67:44:67:44 | credit_card_no | testCryptoKit.swift:67:44:67:44 | credit_card_no | testCryptoKit.swift:67:44:67:44 | credit_card_no | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:67:44:67:44 | credit_card_no | sensitive data (private information credit_card_no) | | testCryptoKit.swift:90:23:90:23 | passwd | testCryptoKit.swift:90:23:90:23 | passwd | testCryptoKit.swift:90:23:90:23 | passwd | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:90:23:90:23 | passwd | sensitive data (credential passwd) | | testCryptoKit.swift:91:23:91:23 | cert | testCryptoKit.swift:91:23:91:23 | cert | testCryptoKit.swift:91:23:91:23 | cert | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:91:23:91:23 | cert | sensitive data (credential cert) | +| testCryptoKit.swift:93:23:93:23 | account_no | testCryptoKit.swift:93:23:93:23 | account_no | testCryptoKit.swift:93:23:93:23 | account_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:93:23:93:23 | account_no | sensitive data (private information account_no) | | testCryptoKit.swift:94:23:94:23 | credit_card_no | testCryptoKit.swift:94:23:94:23 | credit_card_no | testCryptoKit.swift:94:23:94:23 | credit_card_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:94:23:94:23 | credit_card_no | sensitive data (private information credit_card_no) | | testCryptoKit.swift:99:23:99:23 | passwd | testCryptoKit.swift:99:23:99:23 | passwd | testCryptoKit.swift:99:23:99:23 | passwd | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:99:23:99:23 | passwd | sensitive data (credential passwd) | | testCryptoKit.swift:100:23:100:23 | cert | testCryptoKit.swift:100:23:100:23 | cert | testCryptoKit.swift:100:23:100:23 | cert | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:100:23:100:23 | cert | sensitive data (credential cert) | +| testCryptoKit.swift:102:23:102:23 | account_no | testCryptoKit.swift:102:23:102:23 | account_no | testCryptoKit.swift:102:23:102:23 | account_no | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:102:23:102:23 | account_no | sensitive data (private information account_no) | | testCryptoKit.swift:103:23:103:23 | credit_card_no | testCryptoKit.swift:103:23:103:23 | credit_card_no | testCryptoKit.swift:103:23:103:23 | credit_card_no | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:103:23:103:23 | credit_card_no | sensitive data (private information credit_card_no) | | testCryptoKit.swift:132:32:132:32 | passwd | testCryptoKit.swift:132:32:132:32 | passwd | testCryptoKit.swift:132:32:132:32 | passwd | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:132:32:132:32 | passwd | sensitive data (credential passwd) | | testCryptoKit.swift:133:32:133:32 | cert | testCryptoKit.swift:133:32:133:32 | cert | testCryptoKit.swift:133:32:133:32 | cert | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:133:32:133:32 | cert | sensitive data (credential cert) | +| testCryptoKit.swift:135:32:135:32 | account_no | testCryptoKit.swift:135:32:135:32 | account_no | testCryptoKit.swift:135:32:135:32 | account_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:135:32:135:32 | account_no | sensitive data (private information account_no) | | testCryptoKit.swift:136:32:136:32 | credit_card_no | testCryptoKit.swift:136:32:136:32 | credit_card_no | testCryptoKit.swift:136:32:136:32 | credit_card_no | Insecure hashing algorithm (MD5) depends on $@. | testCryptoKit.swift:136:32:136:32 | credit_card_no | sensitive data (private information credit_card_no) | | testCryptoKit.swift:141:32:141:32 | passwd | testCryptoKit.swift:141:32:141:32 | passwd | testCryptoKit.swift:141:32:141:32 | passwd | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:141:32:141:32 | passwd | sensitive data (credential passwd) | | testCryptoKit.swift:142:32:142:32 | cert | testCryptoKit.swift:142:32:142:32 | cert | testCryptoKit.swift:142:32:142:32 | cert | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:142:32:142:32 | cert | sensitive data (credential cert) | +| testCryptoKit.swift:144:32:144:32 | account_no | testCryptoKit.swift:144:32:144:32 | account_no | testCryptoKit.swift:144:32:144:32 | account_no | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:144:32:144:32 | account_no | sensitive data (private information account_no) | | testCryptoKit.swift:145:32:145:32 | credit_card_no | testCryptoKit.swift:145:32:145:32 | credit_card_no | testCryptoKit.swift:145:32:145:32 | credit_card_no | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoKit.swift:145:32:145:32 | credit_card_no | sensitive data (private information credit_card_no) | | testCryptoSwift.swift:113:30:113:30 | passwdArray | testCryptoSwift.swift:113:30:113:30 | passwdArray | testCryptoSwift.swift:113:30:113:30 | passwdArray | Insecure hashing algorithm (MD5) depends on $@. | testCryptoSwift.swift:113:30:113:30 | passwdArray | sensitive data (credential passwdArray) | | testCryptoSwift.swift:115:31:115:31 | passwdArray | testCryptoSwift.swift:115:31:115:31 | passwdArray | testCryptoSwift.swift:115:31:115:31 | passwdArray | Insecure hashing algorithm (SHA1) depends on $@. | testCryptoSwift.swift:115:31:115:31 | passwdArray | sensitive data (credential passwdArray) | diff --git a/swift/ql/test/query-tests/Security/CWE-328/testCryptoKit.swift b/swift/ql/test/query-tests/Security/CWE-328/testCryptoKit.swift index 4e6f301c84b..55fb9284fa6 100644 --- a/swift/ql/test/query-tests/Security/CWE-328/testCryptoKit.swift +++ b/swift/ql/test/query-tests/Security/CWE-328/testCryptoKit.swift @@ -56,14 +56,14 @@ func testHashMethods(passwd : UnsafeRawBufferPointer, cert: String, encrypted_pa var hash = Crypto.Insecure.MD5.hash(data: passwd) // BAD hash = Crypto.Insecure.MD5.hash(data: cert) // BAD hash = Crypto.Insecure.MD5.hash(data: encrypted_passwd) // GOOD (not sensitive) - hash = Crypto.Insecure.MD5.hash(data: account_no) // BAD [NOT DETECTED] + hash = Crypto.Insecure.MD5.hash(data: account_no) // BAD hash = Crypto.Insecure.MD5.hash(data: credit_card_no) // BAD hash = Crypto.Insecure.MD5.hash(data: credit_card_no) // BAD hash = Crypto.Insecure.SHA1.hash(data: passwd) // BAD hash = Crypto.Insecure.SHA1.hash(data: cert) // BAD hash = Crypto.Insecure.SHA1.hash(data: encrypted_passwd) // GOOD (not sensitive) - hash = Crypto.Insecure.SHA1.hash(data: account_no) // BAD [NOT DETECTED] + hash = Crypto.Insecure.SHA1.hash(data: account_no) // BAD hash = Crypto.Insecure.SHA1.hash(data: credit_card_no) // BAD hash = Crypto.SHA256.hash(data: passwd) // BAD [NOT DETECTED] not a computationally expensive hash @@ -90,7 +90,7 @@ func testMD5UpdateWithData(passwd : String, cert: String, encrypted_passwd : Str hash.update(data: passwd) // BAD hash.update(data: cert) // BAD hash.update(data: encrypted_passwd) // GOOD (not sensitive) - hash.update(data: account_no) // BAD [NOT DETECTED] + hash.update(data: account_no) // BAD hash.update(data: credit_card_no) // BAD } @@ -99,7 +99,7 @@ func testSHA1UpdateWithData(passwd : String, cert: String, encrypted_passwd : St hash.update(data: passwd) // BAD hash.update(data: cert) // BAD hash.update(data: encrypted_passwd) // GOOD (not sensitive) - hash.update(data: account_no) // BAD [NOT DETECTED] + hash.update(data: account_no) // BAD hash.update(data: credit_card_no) // BAD } @@ -132,7 +132,7 @@ func testMD5UpdateWithUnsafeRawBufferPointer(passwd : UnsafeRawBufferPointer, ce hash.update(bufferPointer: passwd) // BAD hash.update(bufferPointer: cert) // BAD hash.update(bufferPointer: encrypted_passwd) // GOOD (not sensitive) - hash.update(bufferPointer: account_no) // BAD [NOT DETECTED] + hash.update(bufferPointer: account_no) // BAD hash.update(bufferPointer: credit_card_no) // BAD } @@ -141,7 +141,7 @@ func testSHA1UpdateWithUnsafeRawBufferPointer(passwd : UnsafeRawBufferPointer, c hash.update(bufferPointer: passwd) // BAD hash.update(bufferPointer: cert) // BAD hash.update(bufferPointer: encrypted_passwd) // GOOD (not sensitive) - hash.update(bufferPointer: account_no) // BAD [NOT DETECTED] + hash.update(bufferPointer: account_no) // BAD hash.update(bufferPointer: credit_card_no) // BAD } From 918cfd6f44ca7f2b7931fbf6e6ebaff2096c41ab Mon Sep 17 00:00:00 2001 From: Tamas Vajk <tamasvajk@github.com> Date: Fri, 26 May 2023 09:50:06 +0200 Subject: [PATCH 678/870] Add integration test --- .../all-platforms/cshtml/Files.expected | 6 ++++++ .../all-platforms/cshtml/Files.ql | 5 +++++ .../all-platforms/cshtml/Program.cs | 1 + .../all-platforms/cshtml/Views/Home/Index.cshtml | 8 ++++++++ .../all-platforms/cshtml/cshtml.csproj | 14 ++++++++++++++ .../integration-tests/all-platforms/cshtml/test.py | 3 +++ 6 files changed, 37 insertions(+) create mode 100644 csharp/ql/integration-tests/all-platforms/cshtml/Files.expected create mode 100644 csharp/ql/integration-tests/all-platforms/cshtml/Files.ql create mode 100644 csharp/ql/integration-tests/all-platforms/cshtml/Program.cs create mode 100644 csharp/ql/integration-tests/all-platforms/cshtml/Views/Home/Index.cshtml create mode 100644 csharp/ql/integration-tests/all-platforms/cshtml/cshtml.csproj create mode 100644 csharp/ql/integration-tests/all-platforms/cshtml/test.py diff --git a/csharp/ql/integration-tests/all-platforms/cshtml/Files.expected b/csharp/ql/integration-tests/all-platforms/cshtml/Files.expected new file mode 100644 index 00000000000..86a8cd34b88 --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/cshtml/Files.expected @@ -0,0 +1,6 @@ +| Program.cs:0:0:0:0 | Program.cs | +| obj/Debug/net7.0/.NETCoreApp,Version=v7.0.AssemblyAttributes.cs:0:0:0:0 | obj/Debug/net7.0/.NETCoreApp,Version=v7.0.AssemblyAttributes.cs | +| obj/Debug/net7.0/cshtml.AssemblyInfo.cs:0:0:0:0 | obj/Debug/net7.0/cshtml.AssemblyInfo.cs | +| obj/Debug/net7.0/cshtml.GlobalUsings.g.cs:0:0:0:0 | obj/Debug/net7.0/cshtml.GlobalUsings.g.cs | +| obj/Debug/net7.0/cshtml.RazorAssemblyInfo.cs:0:0:0:0 | obj/Debug/net7.0/cshtml.RazorAssemblyInfo.cs | +| obj/Debug/net7.0/generated/Microsoft.NET.Sdk.Razor.SourceGenerators/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Views_Home_Index_cshtml.g.cs:0:0:0:0 | obj/Debug/net7.0/generated/Microsoft.NET.Sdk.Razor.SourceGenerators/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Views_Home_Index_cshtml.g.cs | diff --git a/csharp/ql/integration-tests/all-platforms/cshtml/Files.ql b/csharp/ql/integration-tests/all-platforms/cshtml/Files.ql new file mode 100644 index 00000000000..bea5557a25f --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/cshtml/Files.ql @@ -0,0 +1,5 @@ +import csharp + +from File f +where f.fromSource() +select f diff --git a/csharp/ql/integration-tests/all-platforms/cshtml/Program.cs b/csharp/ql/integration-tests/all-platforms/cshtml/Program.cs new file mode 100644 index 00000000000..47eee48cc79 --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/cshtml/Program.cs @@ -0,0 +1 @@ +var dummy = "dummy"; \ No newline at end of file diff --git a/csharp/ql/integration-tests/all-platforms/cshtml/Views/Home/Index.cshtml b/csharp/ql/integration-tests/all-platforms/cshtml/Views/Home/Index.cshtml new file mode 100644 index 00000000000..52ffe012e42 --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/cshtml/Views/Home/Index.cshtml @@ -0,0 +1,8 @@ +@{ + ViewData["Title"] = "Home Page"; +} + +<div class="text-center"> + <h1 class="display-4">Welcome</h1> + <p>Learn about <a href="https://docs.microsoft.com/aspnet/core">building Web apps with ASP.NET Core</a>.</p> +</div> diff --git a/csharp/ql/integration-tests/all-platforms/cshtml/cshtml.csproj b/csharp/ql/integration-tests/all-platforms/cshtml/cshtml.csproj new file mode 100644 index 00000000000..01d15e87dc4 --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/cshtml/cshtml.csproj @@ -0,0 +1,14 @@ +<Project Sdk="Microsoft.NET.Sdk.Web"> + + <PropertyGroup> + <OutputType>Exe</OutputType> + <TargetFramework>net7.0</TargetFramework> + <ImplicitUsings>enable</ImplicitUsings> + <Nullable>enable</Nullable> + </PropertyGroup> + + <Target Name="DeleteBinObjFolders" BeforeTargets="Clean"> + <RemoveDir Directories=".\bin" /> + <RemoveDir Directories=".\obj" /> + </Target> +</Project> diff --git a/csharp/ql/integration-tests/all-platforms/cshtml/test.py b/csharp/ql/integration-tests/all-platforms/cshtml/test.py new file mode 100644 index 00000000000..24cc83b4f2d --- /dev/null +++ b/csharp/ql/integration-tests/all-platforms/cshtml/test.py @@ -0,0 +1,3 @@ +from create_database_utils import * + +run_codeql_database_create(['dotnet build'], lang="csharp", extra_args=["--extractor-option=cil=false"]) From 903fdb0cb80ea99c455cb55a4d13f49efeeb5362 Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Fri, 26 May 2023 10:23:43 +0200 Subject: [PATCH 679/870] Java: Add models for the Play Framework --- .../2023-05-26-play-framework-models.md | 4 ++ java/ql/lib/ext/play.libs.ws.model.yml | 7 +++ java/ql/lib/ext/play.mvc.model.yml | 45 +++++++++++++++++-- .../dataflow/taintsources/PlayMvc.java | 25 +++++++++++ .../security/CWE-918/mad/Test.java | 12 +++++ .../test/query-tests/security/CWE-918/options | 2 +- .../play/libs/ws/StandaloneWSClient.java | 9 ++++ .../play/libs/ws/StandaloneWSRequest.java | 5 +++ .../play/libs/ws/WSClient.java | 9 ++++ .../play/libs/ws/WSRequest.java | 5 +++ 10 files changed, 118 insertions(+), 5 deletions(-) create mode 100644 java/ql/lib/change-notes/2023-05-26-play-framework-models.md create mode 100644 java/ql/lib/ext/play.libs.ws.model.yml create mode 100644 java/ql/test/library-tests/dataflow/taintsources/PlayMvc.java create mode 100644 java/ql/test/stubs/playframework-2.6.x/play/libs/ws/StandaloneWSClient.java create mode 100644 java/ql/test/stubs/playframework-2.6.x/play/libs/ws/StandaloneWSRequest.java create mode 100644 java/ql/test/stubs/playframework-2.6.x/play/libs/ws/WSClient.java create mode 100644 java/ql/test/stubs/playframework-2.6.x/play/libs/ws/WSRequest.java diff --git a/java/ql/lib/change-notes/2023-05-26-play-framework-models.md b/java/ql/lib/change-notes/2023-05-26-play-framework-models.md new file mode 100644 index 00000000000..69db10413eb --- /dev/null +++ b/java/ql/lib/change-notes/2023-05-26-play-framework-models.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added more dataflow models for the Play Framework. diff --git a/java/ql/lib/ext/play.libs.ws.model.yml b/java/ql/lib/ext/play.libs.ws.model.yml new file mode 100644 index 00000000000..ab905bc463a --- /dev/null +++ b/java/ql/lib/ext/play.libs.ws.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["play.libs.ws", "WSClient", True, "url", "", "", "Argument[0]", "open-url", "manual"] + - ["play.libs.ws", "StandaloneWSClient", True, "url", "", "", "Argument[0]", "open-url", "manual"] diff --git a/java/ql/lib/ext/play.mvc.model.yml b/java/ql/lib/ext/play.mvc.model.yml index a1f8dc60fe0..ba9a11c3f78 100644 --- a/java/ql/lib/ext/play.mvc.model.yml +++ b/java/ql/lib/ext/play.mvc.model.yml @@ -3,7 +3,44 @@ extensions: pack: codeql/java-all extensible: sourceModel data: - - ["play.mvc", "Http$RequestHeader", False, "getHeader", "", "", "ReturnValue", "remote", "manual"] - - ["play.mvc", "Http$RequestHeader", False, "getQueryString", "", "", "ReturnValue", "remote", "manual"] - - ["play.mvc", "Http$RequestHeader", False, "header", "", "", "ReturnValue", "remote", "manual"] - - ["play.mvc", "Http$RequestHeader", False, "queryString", "", "", "ReturnValue", "remote", "manual"] + - ["play.mvc", "Http$Request", True, "body", "", "", "ReturnValue", "remote", "manual"] + - ["play.mvc", "Http$RequestHeader", True, "cookie", "", "", "ReturnValue", "remote", "manual"] + - ["play.mvc", "Http$RequestHeader", True, "cookies", "", "", "ReturnValue", "remote", "manual"] + - ["play.mvc", "Http$RequestHeader", True, "getHeader", "", "", "ReturnValue", "remote", "manual"] # v2.4.x + - ["play.mvc", "Http$RequestHeader", True, "getHeaders", "", "", "ReturnValue", "remote", "manual"] # v2.7.x + - ["play.mvc", "Http$RequestHeader", True, "getQueryString", "", "", "ReturnValue", "remote", "manual"] + - ["play.mvc", "Http$RequestHeader", True, "header", "", "", "ReturnValue", "remote", "manual"] # v2.7.x + - ["play.mvc", "Http$RequestHeader", True, "headers", "", "", "ReturnValue", "remote", "manual"] # v2.4.x + - ["play.mvc", "Http$RequestHeader", True, "host", "", "", "ReturnValue", "remote", "manual"] + - ["play.mvc", "Http$RequestHeader", True, "path", "", "", "ReturnValue", "remote", "manual"] + - ["play.mvc", "Http$RequestHeader", True, "queryString", "", "", "ReturnValue", "remote", "manual"] + - ["play.mvc", "Http$RequestHeader", True, "remoteAddress", "", "", "ReturnValue", "remote", "manual"] + - ["play.mvc", "Http$RequestHeader", True, "uri", "", "", "ReturnValue", "remote", "manual"] + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + - ["play.mvc", "Http$RequestBody", True, "as", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["play.mvc", "Http$RequestBody", True, "asBytes", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] # v2.7.x + - ["play.mvc", "Http$RequestBody", True, "asFormUrlEncoded", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["play.mvc", "Http$RequestBody", True, "asJson", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["play.mvc", "Http$RequestBody", True, "asMultipartFormData", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["play.mvc", "Http$RequestBody", True, "asRaw", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["play.mvc", "Http$RequestBody", True, "asText", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["play.mvc", "Http$RequestBody", True, "asXml", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["play.mvc", "Http$RequestBody", True, "parseJson", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] # v2.7.x + - ["play.mvc", "Http$MultipartFormData", True, "asFormUrlEncoded", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["play.mvc", "Http$MultipartFormData", True, "getFile", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["play.mvc", "Http$MultipartFormData", True, "getFiles", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["play.mvc", "Http$MultipartFormData$FilePart", True, "getContentType", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["play.mvc", "Http$MultipartFormData$FilePart", True, "getDispositionType", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] # v2.7.x + - ["play.mvc", "Http$MultipartFormData$FilePart", True, "getFile", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] # v2.4.x + - ["play.mvc", "Http$MultipartFormData$FilePart", True, "getFilename", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["play.mvc", "Http$MultipartFormData$FilePart", True, "getKey", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["play.mvc", "Http$MultipartFormData$FilePart", True, "getRef", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] # v2.7.x + - ["play.mvc", "Http$RawBuffer", True, "asBytes", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["play.mvc", "Http$RawBuffer", True, "asFile", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["play.mvc", "Http$Cookie", True, "name", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["play.mvc", "Http$Cookie", True, "value", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["play.mvc", "Http$Cookies", True, "get", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["play.mvc", "Http$Cookies", True, "getCookie", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] # v2.7.x diff --git a/java/ql/test/library-tests/dataflow/taintsources/PlayMvc.java b/java/ql/test/library-tests/dataflow/taintsources/PlayMvc.java new file mode 100644 index 00000000000..55087a6596b --- /dev/null +++ b/java/ql/test/library-tests/dataflow/taintsources/PlayMvc.java @@ -0,0 +1,25 @@ +import play.mvc.Http; + +public class PlayMvc { + + private Http.Request request; + private Http.RequestHeader header; + + private static void sink(Object o) {} + + public void test() throws Exception { + sink(request.body()); // $ hasRemoteValueFlow + sink(header.cookie(null)); // $ hasRemoteValueFlow + sink(header.cookies()); // $ hasRemoteValueFlow + sink(header.getHeader(null)); // $ hasRemoteValueFlow + sink(header.getHeaders()); // $ hasRemoteValueFlow + sink(header.getQueryString(null)); // $ hasRemoteValueFlow + sink(header.header(null)); // $ hasRemoteValueFlow + sink(header.headers()); // $ hasRemoteValueFlow + sink(header.host()); // $ hasRemoteValueFlow + sink(header.path()); // $ hasRemoteValueFlow + sink(header.queryString()); // $ hasRemoteValueFlow + sink(header.remoteAddress()); // $ hasRemoteValueFlow + sink(header.uri()); // $ hasRemoteValueFlow + } +} diff --git a/java/ql/test/query-tests/security/CWE-918/mad/Test.java b/java/ql/test/query-tests/security/CWE-918/mad/Test.java index 8666e821fd0..6c224b65d31 100644 --- a/java/ql/test/query-tests/security/CWE-918/mad/Test.java +++ b/java/ql/test/query-tests/security/CWE-918/mad/Test.java @@ -9,6 +9,8 @@ import javafx.scene.web.WebEngine; import org.apache.commons.jelly.JellyContext; import org.codehaus.cargo.container.installer.ZipURLInstaller; import org.kohsuke.stapler.HttpResponses; +import play.libs.ws.WSClient; +import play.libs.ws.StandaloneWSClient; public class Test { @@ -74,4 +76,14 @@ public class Test { r.staticResource((URL) source()); // $ SSRF } + public void test(WSClient c) { + // "play.libs.ws;WSClient;true;url;;;Argument[0];open-url;manual" + c.url((String) source()); // $ SSRF + } + + public void test(StandaloneWSClient c) { + // "play.libs.ws;StandaloneWSClient;true;url;;;Argument[0];open-url;manual" + c.url((String) source()); // $ SSRF + } + } diff --git a/java/ql/test/query-tests/security/CWE-918/options b/java/ql/test/query-tests/security/CWE-918/options index c8147ece2a9..82a3894bc18 100644 --- a/java/ql/test/query-tests/security/CWE-918/options +++ b/java/ql/test/query-tests/security/CWE-918/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/:${testdir}/../../../stubs/cargo:${testdir}/../../../stubs/javafx-web:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/apache-http-5 +//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/:${testdir}/../../../stubs/cargo:${testdir}/../../../stubs/javafx-web:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/apache-http-5:${testdir}/../../../stubs/playframework-2.6.x diff --git a/java/ql/test/stubs/playframework-2.6.x/play/libs/ws/StandaloneWSClient.java b/java/ql/test/stubs/playframework-2.6.x/play/libs/ws/StandaloneWSClient.java new file mode 100644 index 00000000000..5a75fc16132 --- /dev/null +++ b/java/ql/test/stubs/playframework-2.6.x/play/libs/ws/StandaloneWSClient.java @@ -0,0 +1,9 @@ +package play.libs.ws; + +public class StandaloneWSClient { + + public StandaloneWSRequest url(String url) { + return null; + } + +} diff --git a/java/ql/test/stubs/playframework-2.6.x/play/libs/ws/StandaloneWSRequest.java b/java/ql/test/stubs/playframework-2.6.x/play/libs/ws/StandaloneWSRequest.java new file mode 100644 index 00000000000..2266d2cc24a --- /dev/null +++ b/java/ql/test/stubs/playframework-2.6.x/play/libs/ws/StandaloneWSRequest.java @@ -0,0 +1,5 @@ +package play.libs.ws; + +public class StandaloneWSRequest { + +} diff --git a/java/ql/test/stubs/playframework-2.6.x/play/libs/ws/WSClient.java b/java/ql/test/stubs/playframework-2.6.x/play/libs/ws/WSClient.java new file mode 100644 index 00000000000..22b3546dddf --- /dev/null +++ b/java/ql/test/stubs/playframework-2.6.x/play/libs/ws/WSClient.java @@ -0,0 +1,9 @@ +package play.libs.ws; + +public class WSClient { + + public WSRequest url(String url) { + return null; + } + +} diff --git a/java/ql/test/stubs/playframework-2.6.x/play/libs/ws/WSRequest.java b/java/ql/test/stubs/playframework-2.6.x/play/libs/ws/WSRequest.java new file mode 100644 index 00000000000..8dbd4521b06 --- /dev/null +++ b/java/ql/test/stubs/playframework-2.6.x/play/libs/ws/WSRequest.java @@ -0,0 +1,5 @@ +package play.libs.ws; + +public class WSRequest { + +} From e48fc667823f3b92cb7fb171267178c5a0770312 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" <mbg@github.com> Date: Wed, 17 May 2023 16:44:55 +0100 Subject: [PATCH 680/870] Swift: Add `identify-environment` script --- swift/tools/BUILD.bazel | 6 ++++++ swift/tools/identify-environment.cmd | 6 ++++++ swift/tools/identify-environment.sh | 5 +++++ 3 files changed, 17 insertions(+) create mode 100644 swift/tools/identify-environment.cmd create mode 100755 swift/tools/identify-environment.sh diff --git a/swift/tools/BUILD.bazel b/swift/tools/BUILD.bazel index e7cff7bd024..8a3496a2700 100644 --- a/swift/tools/BUILD.bazel +++ b/swift/tools/BUILD.bazel @@ -11,9 +11,15 @@ sh_binary( srcs = ["autobuild.sh"], ) +sh_binary( + name = "identify-environment", + srcs = ["identify-environment.sh"], +) + pkg_files( name = "scripts", srcs = [ + ":identify-environment", ":autobuild", ":qltest", ], diff --git a/swift/tools/identify-environment.cmd b/swift/tools/identify-environment.cmd new file mode 100644 index 00000000000..7fd1786f31f --- /dev/null +++ b/swift/tools/identify-environment.cmd @@ -0,0 +1,6 @@ +@echo off +SETLOCAL EnableDelayedExpansion + +echo { "swift": { "os": { "name": "macOS" } } } + +ENDLOCAL diff --git a/swift/tools/identify-environment.sh b/swift/tools/identify-environment.sh new file mode 100755 index 00000000000..d686315c527 --- /dev/null +++ b/swift/tools/identify-environment.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +set -eu + +echo '{ "swift": { "os": { "name": "macOS" } } }' From af803c88867c7629470bfc0162bf9a0962023f06 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" <mbg@github.com> Date: Wed, 17 May 2023 17:58:09 +0100 Subject: [PATCH 681/870] Go: include new scripts in Makefile --- go/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go/Makefile b/go/Makefile index 7e119b36f03..8f28079f008 100644 --- a/go/Makefile +++ b/go/Makefile @@ -14,7 +14,7 @@ CODEQL_PLATFORM = osx64 endif endif -CODEQL_TOOLS = $(addprefix codeql-tools/,autobuild.cmd autobuild.sh pre-finalize.cmd pre-finalize.sh index.cmd index.sh tracing-config.lua) +CODEQL_TOOLS = $(addprefix codeql-tools/,autobuild.cmd autobuild.sh pre-finalize.cmd pre-finalize.sh index.cmd index.sh identify-environment.cmd identify-environment.sh tracing-config.lua) EXTRACTOR_PACK_OUT = build/codeql-extractor-go From 631ba6584d810c4fe59baf25e086fdca033a3d43 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" <mbg@github.com> Date: Thu, 18 May 2023 20:21:12 +0100 Subject: [PATCH 682/870] Go: Update `identify-environment` JSON format The spec changed after this was implemented and merged --- go/extractor/cli/go-autobuilder/go-autobuilder.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/go/extractor/cli/go-autobuilder/go-autobuilder.go b/go/extractor/cli/go-autobuilder/go-autobuilder.go index 9fcad68d42a..ed4a238743b 100644 --- a/go/extractor/cli/go-autobuilder/go-autobuilder.go +++ b/go/extractor/cli/go-autobuilder/go-autobuilder.go @@ -44,7 +44,7 @@ Build behavior: to 'false' disables the GOPATH set-up, CODEQL_EXTRACTOR_GO_BUILD_COMMAND (or alternatively LGTM_INDEX_BUILD_COMMAND), can be set to a newline-separated list of commands to run in order to install dependencies, and LGTM_INDEX_IMPORT_PATH can be used to override the package import path, - which is otherwise inferred from the SEMMLE_REPO_URL or GITHUB_REPOSITORY environment variables. + which is otherwise inferred from the SEMMLE_REPO_URL or GITHUB_REPOSITORY environment variables. In resource-constrained environments, the environment variable CODEQL_EXTRACTOR_GO_MAX_GOROUTINES (or its legacy alias SEMMLE_MAX_GOROUTINES) can be used to limit the number of parallel goroutines @@ -931,9 +931,9 @@ func getVersionToInstall(v versionInfo) (msg, version string) { func outputEnvironmentJson(version string) { var content string if version == "" { - content = `{ "include": [] }` + content = `{ "go": {} }` } else { - content = `{ "include": [ { "go": { "version": "` + version + `" } } ] }` + content = `{ "go": { "version": "` + version + `" } }` } _, err := fmt.Fprint(os.Stdout, content) From 1c7f6dc32ea43e2f7c66208e557280a698b04d85 Mon Sep 17 00:00:00 2001 From: Asger F <asgerf@github.com> Date: Fri, 26 May 2023 11:34:23 +0200 Subject: [PATCH 683/870] Ruby: add meta-query for calls to summarized callables --- .../queries/meta/SummarizedCallableCallSites.ql | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 ruby/ql/src/queries/meta/SummarizedCallableCallSites.ql diff --git a/ruby/ql/src/queries/meta/SummarizedCallableCallSites.ql b/ruby/ql/src/queries/meta/SummarizedCallableCallSites.ql new file mode 100644 index 00000000000..abfadea9107 --- /dev/null +++ b/ruby/ql/src/queries/meta/SummarizedCallableCallSites.ql @@ -0,0 +1,16 @@ +/** + * @name Summarized callable call sites + * @description A call site for which we have a summarized callable + * @kind problem + * @problem.severity recommendation + * @id rb/meta/summarized-callable-call-sites + * @tags meta + * @precision very-low + */ + +import codeql.ruby.AST +import codeql.ruby.dataflow.FlowSummary + +from Call invoke, SummarizedCallable f +where f.getACall() = invoke or f.getACallSimple() = invoke +select invoke, "Call to " + f From 75fd20b3b83bcbfa2c6e5c82be026f16b4fbfa19 Mon Sep 17 00:00:00 2001 From: Asger F <asgerf@github.com> Date: Fri, 26 May 2023 11:40:58 +0200 Subject: [PATCH 684/870] Python: add meta-query for calls to summarized callables --- .../SummarizedCallableCallSites.ql | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 python/ql/src/meta/analysis-quality/SummarizedCallableCallSites.ql diff --git a/python/ql/src/meta/analysis-quality/SummarizedCallableCallSites.ql b/python/ql/src/meta/analysis-quality/SummarizedCallableCallSites.ql new file mode 100644 index 00000000000..600d067da76 --- /dev/null +++ b/python/ql/src/meta/analysis-quality/SummarizedCallableCallSites.ql @@ -0,0 +1,24 @@ +/** + * @name Summarized callable call sites + * @description A call site for which we have a summarized callable + * @kind problem + * @problem.severity recommendation + * @id py/meta/summarized-callable-call-sites + * @tags meta + * @precision very-low + */ + +import python +import semmle.python.dataflow.new.DataFlow +import semmle.python.dataflow.new.FlowSummary +import meta.MetaMetrics + +from DataFlow::Node useSite, SummarizedCallable target, string kind +where + ( + useSite = target.getACall() and kind = "Call" + or + useSite = target.getACallback() and kind = "Callback" + ) and + not useSite.getLocation().getFile() instanceof IgnoredFile +select useSite, kind + " to " + target From 2629ec1b1d0d0605862367409b649118e36f5441 Mon Sep 17 00:00:00 2001 From: Asger F <asgerf@github.com> Date: Thu, 25 May 2023 10:57:34 +0200 Subject: [PATCH 685/870] JS: Be more conservative about flagging "search" call arguments as regex --- .../ql/lib/semmle/javascript/Regexp.qll | 27 ++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/Regexp.qll b/javascript/ql/lib/semmle/javascript/Regexp.qll index 9cef1455746..a20f5343428 100644 --- a/javascript/ql/lib/semmle/javascript/Regexp.qll +++ b/javascript/ql/lib/semmle/javascript/Regexp.qll @@ -958,6 +958,27 @@ private predicate isUsedAsNonMatchObject(DataFlow::MethodCallNode call) { ) } +/** + * Holds if `call` is a call to `search` whose result is used in a way that suggests it returns a number. + */ +pragma[inline] +private predicate isUsedAsNumber(DataFlow::LocalSourceNode value) { + any(Comparison compare) + .hasOperands(value.getALocalUse().asExpr(), any(Expr e | e.analyze().getAType() = TTNumber())) + or + value.flowsToExpr(any(ArithmeticExpr e).getAnOperand()) + or + value.flowsToExpr(any(UnaryExpr e | e.getOperator() = "-").getOperand()) + or + value.flowsToExpr(any(IndexExpr expr).getPropertyNameExpr()) + or + exists(DataFlow::CallNode call | + call.getCalleeName() = + ["substring", "substr", "slice", "splice", "charAt", "charCodeAt", "codePointAt"] and + value.flowsTo(call.getAnArgument()) + ) +} + /** * Holds if `source` may be interpreted as a regular expression. */ @@ -985,9 +1006,9 @@ predicate isInterpretedAsRegExp(DataFlow::Node source) { methodName = "search" and source = mce.getArgument(0) and mce.getNumArgument() = 1 and - // "search" is a common method name, and so we exclude chained accesses - // because `String.prototype.search` returns a number - not exists(PropAccess p | p.getBase() = mce.getEnclosingExpr()) + // "search" is a common method name, and the built-in "search" method is rarely used, + // so to reduce FPs we also require that the return value appears to be used as a number. + isUsedAsNumber(mce) ) or exists(DataFlow::SourceNode schema | schema = JsonSchema::getAPartOfJsonSchema() | From 066554cee6e0a7437a5cc9701a5c23a89635af54 Mon Sep 17 00:00:00 2001 From: Michael Nebel <michaelnebel@github.com> Date: Tue, 23 May 2023 16:22:57 +0200 Subject: [PATCH 686/870] C#: Re-factor getComponent. --- .../code/csharp/dataflow/internal/FlowSummaryImpl.qll | 9 ++------- .../csharp/dataflow/internal/FlowSummaryImplSpecific.qll | 4 ++-- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll index 034c6101de3..ce63ac5ef90 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll @@ -166,15 +166,10 @@ module Public { SummaryComponentStack return(ReturnKind rk) { result = singleton(SummaryComponent::return(rk)) } } - private predicate noComponentSpecific(SummaryComponent sc) { - not exists(getComponentSpecific(sc)) - } - /** Gets a textual representation of this component used for flow summaries. */ private string getComponent(SummaryComponent sc) { result = getComponentSpecific(sc) or - noComponentSpecific(sc) and ( exists(ArgumentPosition pos | sc = TParameterSummaryComponent(pos) and @@ -185,9 +180,9 @@ module Public { sc = TArgumentSummaryComponent(pos) and result = "Argument[" + getParameterPosition(pos) + "]" ) - or - sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue" ) + or + sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue" } /** Gets a textual representation of this stack used for flow summaries. */ diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll index b86601e6b54..97a27c65ef0 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll @@ -198,8 +198,8 @@ string getComponentSpecific(SummaryComponent sc) { or exists(ReturnKind rk | sc = TReturnSummaryComponent(rk) and - result = "ReturnValue[" + rk + "]" and - not rk instanceof NormalReturnKind + not rk = getReturnValueKind() and + result = "ReturnValue[" + rk + "]" ) } From b7a8660375ccb246d9de751b9878ecf02fdd1de7 Mon Sep 17 00:00:00 2001 From: Michael Nebel <michaelnebel@github.com> Date: Tue, 23 May 2023 16:26:43 +0200 Subject: [PATCH 687/870] Java: Re-factor getComponent. --- .../code/java/dataflow/internal/FlowSummaryImpl.qll | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll index 034c6101de3..ce63ac5ef90 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll @@ -166,15 +166,10 @@ module Public { SummaryComponentStack return(ReturnKind rk) { result = singleton(SummaryComponent::return(rk)) } } - private predicate noComponentSpecific(SummaryComponent sc) { - not exists(getComponentSpecific(sc)) - } - /** Gets a textual representation of this component used for flow summaries. */ private string getComponent(SummaryComponent sc) { result = getComponentSpecific(sc) or - noComponentSpecific(sc) and ( exists(ArgumentPosition pos | sc = TParameterSummaryComponent(pos) and @@ -185,9 +180,9 @@ module Public { sc = TArgumentSummaryComponent(pos) and result = "Argument[" + getParameterPosition(pos) + "]" ) - or - sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue" ) + or + sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue" } /** Gets a textual representation of this stack used for flow summaries. */ From b79462733580dbf96c3501e867a19133d9fd900b Mon Sep 17 00:00:00 2001 From: Michael Nebel <michaelnebel@github.com> Date: Tue, 23 May 2023 16:32:56 +0200 Subject: [PATCH 688/870] Go: Re-factor getComponent. --- .../lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll | 9 ++------- .../go/dataflow/internal/FlowSummaryImplSpecific.qll | 6 +++--- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll index 034c6101de3..ce63ac5ef90 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll @@ -166,15 +166,10 @@ module Public { SummaryComponentStack return(ReturnKind rk) { result = singleton(SummaryComponent::return(rk)) } } - private predicate noComponentSpecific(SummaryComponent sc) { - not exists(getComponentSpecific(sc)) - } - /** Gets a textual representation of this component used for flow summaries. */ private string getComponent(SummaryComponent sc) { result = getComponentSpecific(sc) or - noComponentSpecific(sc) and ( exists(ArgumentPosition pos | sc = TParameterSummaryComponent(pos) and @@ -185,9 +180,9 @@ module Public { sc = TArgumentSummaryComponent(pos) and result = "Argument[" + getParameterPosition(pos) + "]" ) - or - sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue" ) + or + sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue" } /** Gets a textual representation of this stack used for flow summaries. */ diff --git a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImplSpecific.qll b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImplSpecific.qll index acaa34f943e..7afdb314929 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImplSpecific.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImplSpecific.qll @@ -111,10 +111,10 @@ private string getContentSpecific(Content c) { string getComponentSpecific(SummaryComponent sc) { exists(Content c | sc = TContentSummaryComponent(c) and result = getContentSpecific(c)) or - exists(ReturnKind rk, int n | n = rk.getIndex() | + exists(ReturnKind rk | sc = TReturnSummaryComponent(rk) and - result = "ReturnValue[" + n + "]" and - n != 0 + not rk = getReturnValueKind() and + result = "ReturnValue[" + rk.getIndex() + "]" ) } From 811eee1f0d01ce91bec166e9f19fe02449e4a9ae Mon Sep 17 00:00:00 2001 From: Michael Nebel <michaelnebel@github.com> Date: Tue, 23 May 2023 16:35:46 +0200 Subject: [PATCH 689/870] Python: Re-factor getComponent. --- .../python/dataflow/new/internal/FlowSummaryImpl.qll | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll index 034c6101de3..ce63ac5ef90 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll @@ -166,15 +166,10 @@ module Public { SummaryComponentStack return(ReturnKind rk) { result = singleton(SummaryComponent::return(rk)) } } - private predicate noComponentSpecific(SummaryComponent sc) { - not exists(getComponentSpecific(sc)) - } - /** Gets a textual representation of this component used for flow summaries. */ private string getComponent(SummaryComponent sc) { result = getComponentSpecific(sc) or - noComponentSpecific(sc) and ( exists(ArgumentPosition pos | sc = TParameterSummaryComponent(pos) and @@ -185,9 +180,9 @@ module Public { sc = TArgumentSummaryComponent(pos) and result = "Argument[" + getParameterPosition(pos) + "]" ) - or - sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue" ) + or + sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue" } /** Gets a textual representation of this stack used for flow summaries. */ From 58fcbc136cca0f5bf6fcf55fec86ea0460e6540e Mon Sep 17 00:00:00 2001 From: Michael Nebel <michaelnebel@github.com> Date: Tue, 23 May 2023 16:40:18 +0200 Subject: [PATCH 690/870] Ruby: Re-factor getComponent. --- .../codeql/ruby/dataflow/internal/FlowSummaryImpl.qll | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll index 034c6101de3..ce63ac5ef90 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll @@ -166,15 +166,10 @@ module Public { SummaryComponentStack return(ReturnKind rk) { result = singleton(SummaryComponent::return(rk)) } } - private predicate noComponentSpecific(SummaryComponent sc) { - not exists(getComponentSpecific(sc)) - } - /** Gets a textual representation of this component used for flow summaries. */ private string getComponent(SummaryComponent sc) { result = getComponentSpecific(sc) or - noComponentSpecific(sc) and ( exists(ArgumentPosition pos | sc = TParameterSummaryComponent(pos) and @@ -185,9 +180,9 @@ module Public { sc = TArgumentSummaryComponent(pos) and result = "Argument[" + getParameterPosition(pos) + "]" ) - or - sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue" ) + or + sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue" } /** Gets a textual representation of this stack used for flow summaries. */ From 783d560e7dd3b76e54845608595b7e89a4dd1c32 Mon Sep 17 00:00:00 2001 From: Michael Nebel <michaelnebel@github.com> Date: Tue, 23 May 2023 16:49:34 +0200 Subject: [PATCH 691/870] Swift: Re-factor getComponent. --- .../codeql/swift/dataflow/internal/FlowSummaryImpl.qll | 9 ++------- .../swift/dataflow/internal/FlowSummaryImplSpecific.qll | 4 ++-- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll index 034c6101de3..ce63ac5ef90 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll @@ -166,15 +166,10 @@ module Public { SummaryComponentStack return(ReturnKind rk) { result = singleton(SummaryComponent::return(rk)) } } - private predicate noComponentSpecific(SummaryComponent sc) { - not exists(getComponentSpecific(sc)) - } - /** Gets a textual representation of this component used for flow summaries. */ private string getComponent(SummaryComponent sc) { result = getComponentSpecific(sc) or - noComponentSpecific(sc) and ( exists(ArgumentPosition pos | sc = TParameterSummaryComponent(pos) and @@ -185,9 +180,9 @@ module Public { sc = TArgumentSummaryComponent(pos) and result = "Argument[" + getParameterPosition(pos) + "]" ) - or - sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue" ) + or + sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue" } /** Gets a textual representation of this stack used for flow summaries. */ diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImplSpecific.qll b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImplSpecific.qll index e13636a911e..d5306461784 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImplSpecific.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImplSpecific.qll @@ -117,8 +117,8 @@ string getComponentSpecific(SummaryComponent sc) { or exists(ReturnKind rk | sc = TReturnSummaryComponent(rk) and - result = "ReturnValue[" + rk + "]" and - not rk instanceof NormalReturnKind + not rk = getReturnValueKind() and + result = "ReturnValue" + "[" + rk + "]" ) } From 915042a8819fdf8b87d52655d02b611958ec964c Mon Sep 17 00:00:00 2001 From: Michael Nebel <michaelnebel@github.com> Date: Wed, 24 May 2023 11:23:42 +0200 Subject: [PATCH 692/870] Minor cleanup and sync files. --- .../dataflow/internal/FlowSummaryImpl.qll | 18 ++++++++---------- .../go/dataflow/internal/FlowSummaryImpl.qll | 18 ++++++++---------- .../java/dataflow/internal/FlowSummaryImpl.qll | 18 ++++++++---------- .../dataflow/new/internal/FlowSummaryImpl.qll | 18 ++++++++---------- .../ruby/dataflow/internal/FlowSummaryImpl.qll | 18 ++++++++---------- .../dataflow/internal/FlowSummaryImpl.qll | 18 ++++++++---------- 6 files changed, 48 insertions(+), 60 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll index ce63ac5ef90..e6379f6a170 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll @@ -170,16 +170,14 @@ module Public { private string getComponent(SummaryComponent sc) { result = getComponentSpecific(sc) or - ( - exists(ArgumentPosition pos | - sc = TParameterSummaryComponent(pos) and - result = "Parameter[" + getArgumentPosition(pos) + "]" - ) - or - exists(ParameterPosition pos | - sc = TArgumentSummaryComponent(pos) and - result = "Argument[" + getParameterPosition(pos) + "]" - ) + exists(ArgumentPosition pos | + sc = TParameterSummaryComponent(pos) and + result = "Parameter[" + getArgumentPosition(pos) + "]" + ) + or + exists(ParameterPosition pos | + sc = TArgumentSummaryComponent(pos) and + result = "Argument[" + getParameterPosition(pos) + "]" ) or sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue" diff --git a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll index ce63ac5ef90..e6379f6a170 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll @@ -170,16 +170,14 @@ module Public { private string getComponent(SummaryComponent sc) { result = getComponentSpecific(sc) or - ( - exists(ArgumentPosition pos | - sc = TParameterSummaryComponent(pos) and - result = "Parameter[" + getArgumentPosition(pos) + "]" - ) - or - exists(ParameterPosition pos | - sc = TArgumentSummaryComponent(pos) and - result = "Argument[" + getParameterPosition(pos) + "]" - ) + exists(ArgumentPosition pos | + sc = TParameterSummaryComponent(pos) and + result = "Parameter[" + getArgumentPosition(pos) + "]" + ) + or + exists(ParameterPosition pos | + sc = TArgumentSummaryComponent(pos) and + result = "Argument[" + getParameterPosition(pos) + "]" ) or sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue" diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll index ce63ac5ef90..e6379f6a170 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll @@ -170,16 +170,14 @@ module Public { private string getComponent(SummaryComponent sc) { result = getComponentSpecific(sc) or - ( - exists(ArgumentPosition pos | - sc = TParameterSummaryComponent(pos) and - result = "Parameter[" + getArgumentPosition(pos) + "]" - ) - or - exists(ParameterPosition pos | - sc = TArgumentSummaryComponent(pos) and - result = "Argument[" + getParameterPosition(pos) + "]" - ) + exists(ArgumentPosition pos | + sc = TParameterSummaryComponent(pos) and + result = "Parameter[" + getArgumentPosition(pos) + "]" + ) + or + exists(ParameterPosition pos | + sc = TArgumentSummaryComponent(pos) and + result = "Argument[" + getParameterPosition(pos) + "]" ) or sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue" diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll index ce63ac5ef90..e6379f6a170 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll @@ -170,16 +170,14 @@ module Public { private string getComponent(SummaryComponent sc) { result = getComponentSpecific(sc) or - ( - exists(ArgumentPosition pos | - sc = TParameterSummaryComponent(pos) and - result = "Parameter[" + getArgumentPosition(pos) + "]" - ) - or - exists(ParameterPosition pos | - sc = TArgumentSummaryComponent(pos) and - result = "Argument[" + getParameterPosition(pos) + "]" - ) + exists(ArgumentPosition pos | + sc = TParameterSummaryComponent(pos) and + result = "Parameter[" + getArgumentPosition(pos) + "]" + ) + or + exists(ParameterPosition pos | + sc = TArgumentSummaryComponent(pos) and + result = "Argument[" + getParameterPosition(pos) + "]" ) or sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue" diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll index ce63ac5ef90..e6379f6a170 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll @@ -170,16 +170,14 @@ module Public { private string getComponent(SummaryComponent sc) { result = getComponentSpecific(sc) or - ( - exists(ArgumentPosition pos | - sc = TParameterSummaryComponent(pos) and - result = "Parameter[" + getArgumentPosition(pos) + "]" - ) - or - exists(ParameterPosition pos | - sc = TArgumentSummaryComponent(pos) and - result = "Argument[" + getParameterPosition(pos) + "]" - ) + exists(ArgumentPosition pos | + sc = TParameterSummaryComponent(pos) and + result = "Parameter[" + getArgumentPosition(pos) + "]" + ) + or + exists(ParameterPosition pos | + sc = TArgumentSummaryComponent(pos) and + result = "Argument[" + getParameterPosition(pos) + "]" ) or sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue" diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll index ce63ac5ef90..e6379f6a170 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll @@ -170,16 +170,14 @@ module Public { private string getComponent(SummaryComponent sc) { result = getComponentSpecific(sc) or - ( - exists(ArgumentPosition pos | - sc = TParameterSummaryComponent(pos) and - result = "Parameter[" + getArgumentPosition(pos) + "]" - ) - or - exists(ParameterPosition pos | - sc = TArgumentSummaryComponent(pos) and - result = "Argument[" + getParameterPosition(pos) + "]" - ) + exists(ArgumentPosition pos | + sc = TParameterSummaryComponent(pos) and + result = "Parameter[" + getArgumentPosition(pos) + "]" + ) + or + exists(ParameterPosition pos | + sc = TArgumentSummaryComponent(pos) and + result = "Argument[" + getParameterPosition(pos) + "]" ) or sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue" From 8e16a0d144e6baca0876c1731a076bcd7a7ae52d Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Fri, 26 May 2023 12:43:58 +0200 Subject: [PATCH 693/870] Add tests and stubs for the summaries --- .../frameworks/play/mad/Test.java | 194 ++++++++++++++++++ .../frameworks/play/test.expected | 0 .../library-tests/frameworks/play/test.ql | 2 + .../play/api/mvc/Cookie.java | 131 ++++++++++++ .../playframework-2.6.x/play/mvc/Http.java | 86 ++++---- 5 files changed, 365 insertions(+), 48 deletions(-) create mode 100644 java/ql/test/library-tests/frameworks/play/mad/Test.java create mode 100644 java/ql/test/library-tests/frameworks/play/test.expected create mode 100644 java/ql/test/library-tests/frameworks/play/test.ql create mode 100644 java/ql/test/stubs/playframework-2.6.x/play/api/mvc/Cookie.java diff --git a/java/ql/test/library-tests/frameworks/play/mad/Test.java b/java/ql/test/library-tests/frameworks/play/mad/Test.java new file mode 100644 index 00000000000..cb7fb123a62 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/play/mad/Test.java @@ -0,0 +1,194 @@ +package generatedtest; + +import akka.util.ByteString; +import com.fasterxml.jackson.databind.JsonNode; +import java.io.File; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import org.w3c.dom.Document; +import play.mvc.Http; + +// Test case generated by GenerateFlowTestCase.ql +public class Test { + + Object source() { + return null; + } + + void sink(Object o) {} + + public void test() throws Exception { + + { + // "play.mvc;Http$Cookie;true;name;;;Argument[this];ReturnValue;taint;manual" + String out = null; + Http.Cookie in = (Http.Cookie) source(); + out = in.name(); + sink(out); // $ hasTaintFlow + } + { + // "play.mvc;Http$Cookie;true;value;;;Argument[this];ReturnValue;taint;manual" + String out = null; + Http.Cookie in = (Http.Cookie) source(); + out = in.value(); + sink(out); // $ hasTaintFlow + } + { + // "play.mvc;Http$Cookies;true;get;;;Argument[this];ReturnValue;taint;manual" + Http.Cookie out = null; + Http.Cookies in = (Http.Cookies) source(); + out = in.get(null); + sink(out); // $ hasTaintFlow + } + { + // "play.mvc;Http$Cookies;true;getCookie;;;Argument[this];ReturnValue;taint;manual" + Optional out = null; + Http.Cookies in = (Http.Cookies) source(); + out = in.getCookie(null); + sink(out); // $ hasTaintFlow + } + { + // "play.mvc;Http$MultipartFormData$FilePart;true;getContentType;;;Argument[this];ReturnValue;taint;manual" + String out = null; + Http.MultipartFormData.FilePart in = (Http.MultipartFormData.FilePart) source(); + out = in.getContentType(); + sink(out); // $ hasTaintFlow + } + { + // "play.mvc;Http$MultipartFormData$FilePart;true;getDispositionType;;;Argument[this];ReturnValue;taint;manual" + String out = null; + Http.MultipartFormData.FilePart in = (Http.MultipartFormData.FilePart) source(); + out = in.getDispositionType(); + sink(out); // $ hasTaintFlow + } + { + // "play.mvc;Http$MultipartFormData$FilePart;true;getFilename;;;Argument[this];ReturnValue;taint;manual" + String out = null; + Http.MultipartFormData.FilePart in = (Http.MultipartFormData.FilePart) source(); + out = in.getFilename(); + sink(out); // $ hasTaintFlow + } + { + // "play.mvc;Http$MultipartFormData$FilePart;true;getKey;;;Argument[this];ReturnValue;taint;manual" + String out = null; + Http.MultipartFormData.FilePart in = (Http.MultipartFormData.FilePart) source(); + out = in.getKey(); + sink(out); // $ hasTaintFlow + } + { + // "play.mvc;Http$MultipartFormData$FilePart;true;getRef;;;Argument[this];ReturnValue;taint;manual" + Object out = null; + Http.MultipartFormData.FilePart in = (Http.MultipartFormData.FilePart) source(); + out = in.getRef(); + sink(out); // $ hasTaintFlow + } + { + // "play.mvc;Http$MultipartFormData;true;asFormUrlEncoded;;;Argument[this];ReturnValue;taint;manual" + Map out = null; + Http.MultipartFormData in = (Http.MultipartFormData) source(); + out = in.asFormUrlEncoded(); + sink(out); // $ hasTaintFlow + } + { + // "play.mvc;Http$MultipartFormData;true;getFile;;;Argument[this];ReturnValue;taint;manual" + Http.MultipartFormData.FilePart out = null; + Http.MultipartFormData in = (Http.MultipartFormData) source(); + out = in.getFile(null); + sink(out); // $ hasTaintFlow + } + { + // "play.mvc;Http$MultipartFormData;true;getFiles;;;Argument[this];ReturnValue;taint;manual" + List out = null; + Http.MultipartFormData in = (Http.MultipartFormData) source(); + out = in.getFiles(); + sink(out); // $ hasTaintFlow + } + { + // "play.mvc;Http$RawBuffer;true;asBytes;;;Argument[this];ReturnValue;taint;manual" + ByteString out = null; + Http.RawBuffer in = (Http.RawBuffer) source(); + out = in.asBytes(); + sink(out); // $ hasTaintFlow + } + { + // "play.mvc;Http$RawBuffer;true;asBytes;;;Argument[this];ReturnValue;taint;manual" + ByteString out = null; + Http.RawBuffer in = (Http.RawBuffer) source(); + out = in.asBytes(0); + sink(out); // $ hasTaintFlow + } + { + // "play.mvc;Http$RawBuffer;true;asFile;;;Argument[this];ReturnValue;taint;manual" + File out = null; + Http.RawBuffer in = (Http.RawBuffer) source(); + out = in.asFile(); + sink(out); // $ hasTaintFlow + } + { + // "play.mvc;Http$RequestBody;true;as;;;Argument[this];ReturnValue;taint;manual" + Object out = null; + Http.RequestBody in = (Http.RequestBody) source(); + out = in.as(null); + sink(out); // $ hasTaintFlow + } + { + // "play.mvc;Http$RequestBody;true;asBytes;;;Argument[this];ReturnValue;taint;manual" + ByteString out = null; + Http.RequestBody in = (Http.RequestBody) source(); + out = in.asBytes(); + sink(out); // $ hasTaintFlow + } + { + // "play.mvc;Http$RequestBody;true;asFormUrlEncoded;;;Argument[this];ReturnValue;taint;manual" + Map out = null; + Http.RequestBody in = (Http.RequestBody) source(); + out = in.asFormUrlEncoded(); + sink(out); // $ hasTaintFlow + } + { + // "play.mvc;Http$RequestBody;true;asJson;;;Argument[this];ReturnValue;taint;manual" + JsonNode out = null; + Http.RequestBody in = (Http.RequestBody) source(); + out = in.asJson(); + sink(out); // $ hasTaintFlow + } + { + // "play.mvc;Http$RequestBody;true;asMultipartFormData;;;Argument[this];ReturnValue;taint;manual" + Http.MultipartFormData out = null; + Http.RequestBody in = (Http.RequestBody) source(); + out = in.asMultipartFormData(); + sink(out); // $ hasTaintFlow + } + { + // "play.mvc;Http$RequestBody;true;asRaw;;;Argument[this];ReturnValue;taint;manual" + Http.RawBuffer out = null; + Http.RequestBody in = (Http.RequestBody) source(); + out = in.asRaw(); + sink(out); // $ hasTaintFlow + } + { + // "play.mvc;Http$RequestBody;true;asText;;;Argument[this];ReturnValue;taint;manual" + String out = null; + Http.RequestBody in = (Http.RequestBody) source(); + out = in.asText(); + sink(out); // $ hasTaintFlow + } + { + // "play.mvc;Http$RequestBody;true;asXml;;;Argument[this];ReturnValue;taint;manual" + Document out = null; + Http.RequestBody in = (Http.RequestBody) source(); + out = in.asXml(); + sink(out); // $ hasTaintFlow + } + { + // "play.mvc;Http$RequestBody;true;parseJson;;;Argument[this];ReturnValue;taint;manual" + Optional out = null; + Http.RequestBody in = (Http.RequestBody) source(); + out = in.parseJson(null); + sink(out); // $ hasTaintFlow + } + + } + +} diff --git a/java/ql/test/library-tests/frameworks/play/test.expected b/java/ql/test/library-tests/frameworks/play/test.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/library-tests/frameworks/play/test.ql b/java/ql/test/library-tests/frameworks/play/test.ql new file mode 100644 index 00000000000..5d91e4e8e26 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/play/test.ql @@ -0,0 +1,2 @@ +import java +import TestUtilities.InlineFlowTest diff --git a/java/ql/test/stubs/playframework-2.6.x/play/api/mvc/Cookie.java b/java/ql/test/stubs/playframework-2.6.x/play/api/mvc/Cookie.java new file mode 100644 index 00000000000..1b8377af641 --- /dev/null +++ b/java/ql/test/stubs/playframework-2.6.x/play/api/mvc/Cookie.java @@ -0,0 +1,131 @@ +// Generated automatically from play.api.mvc.Cookie for testing purposes + +package play.api.mvc; + +import play.mvc.Http; + +public class Cookie { + protected Cookie() {} + + abstract static public class SameSite { + protected SameSite() {} + + public Http.Cookie.SameSite asJava() { + return null; + } + + public SameSite(String p0) {} + + public String value() { + return null; + } + + public boolean play$api$mvc$Cookie$SameSite$$matches(String p0) { + return false; + } + } + + public Http.Cookie asJava() { + return null; + } + + public Object productElement(int p0) { + return null; + } + + public String copy$default$1() { + return null; + } + + public String copy$default$2() { + return null; + } + + public String copy$default$4() { + return null; + } + + public String name() { + return null; + } + + public String path() { + return null; + } + + public String productPrefix() { + return null; + } + + public String toString() { + return null; + } + + public String value() { + return null; + } + + public boolean canEqual(Object p0) { + return false; + } + + public boolean copy$default$6() { + return false; + } + + public boolean copy$default$7() { + return false; + } + + public boolean equals(Object p0) { + return false; + } + + public boolean httpOnly() { + return false; + } + + public boolean secure() { + return false; + } + + public int hashCode() { + return 0; + } + + public int productArity() { + return 0; + } + + public static String $lessinit$greater$default$4() { + return null; + } + + public static String apply$default$4() { + return null; + } + + public static boolean $lessinit$greater$default$6() { + return false; + } + + public static boolean $lessinit$greater$default$7() { + return false; + } + + public static boolean apply$default$6() { + return false; + } + + public static boolean apply$default$7() { + return false; + } + + public static int DiscardedMaxAge() { + return 0; + } + + public static play.api.mvc.Cookie validatePrefix(play.api.mvc.Cookie p0) { + return null; + } +} diff --git a/java/ql/test/stubs/playframework-2.6.x/play/mvc/Http.java b/java/ql/test/stubs/playframework-2.6.x/play/mvc/Http.java index 99e22cb5987..b4668362e6c 100644 --- a/java/ql/test/stubs/playframework-2.6.x/play/mvc/Http.java +++ b/java/ql/test/stubs/playframework-2.6.x/play/mvc/Http.java @@ -1,5 +1,6 @@ package play.mvc; +import akka.util.ByteString; import com.fasterxml.jackson.databind.JsonNode; import java.io.File; import java.net.URI; @@ -32,24 +33,12 @@ public class Http { public Context(Request request, JavaContextComponents components) {} - public Context( - Long id, - play.api.mvc.RequestHeader header, - Request request, - Map<String, String> sessionData, - Map<String, String> flashData, - Map<String, Object> args, + public Context(Long id, play.api.mvc.RequestHeader header, Request request, + Map<String, String> sessionData, Map<String, String> flashData, Map<String, Object> args, JavaContextComponents components) {} - public Context( - Long id, - play.api.mvc.RequestHeader header, - Request request, - Response response, - Session session, - Flash flash, - Map<String, Object> args, - JavaContextComponents components) {} + public Context(Long id, play.api.mvc.RequestHeader header, Request request, Response response, + Session session, Flash flash, Map<String, Object> args, JavaContextComponents components) {} public Long id() { return 0L; @@ -328,8 +317,8 @@ public class Http { return null; } - public RequestBuilder bodyMultipart( - List<String> data, Files.TemporaryFileCreator temporaryFileCreator, String mat) { + public RequestBuilder bodyMultipart(List<String> data, + Files.TemporaryFileCreator temporaryFileCreator, String mat) { return null; } @@ -536,6 +525,10 @@ public class Http { public abstract static class RawBuffer { + public abstract ByteString asBytes(); + + public abstract ByteString asBytes(int maxLength); + public abstract Long size(); public abstract File asFile(); @@ -559,7 +552,8 @@ public class Http { } } - public interface Part<A> {} + public interface Part<A> { + } public static class FilePart<A> implements Part<A> { @@ -577,9 +571,17 @@ public class Http { return ""; } + public String getDispositionType() { + return ""; + } + public A getFile() { return null; } + + public A getRef() { + return null; + } } public static class DataPart { @@ -608,6 +610,10 @@ public class Http { public RequestBody(Object body) {} + public ByteString asBytes() { + return null; + } + public <A> MultipartFormData<A> asMultipartFormData() { return null; } @@ -640,6 +646,10 @@ public class Http { return null; } + public <A> Optional<A> parseJson(Class<A> clazz) { + return null; + } + public String toString() { return ""; } @@ -657,15 +667,8 @@ public class Http { public void setContentType(String contentType) {} @Deprecated - public void setCookie( - String name, - String value, - Integer maxAge, - String path, - String domain, - boolean secure, - boolean httpOnly, - SameSite sameSite) {} + public void setCookie(String name, String value, Integer maxAge, String path, String domain, + boolean secure, boolean httpOnly, SameSite sameSite) {} public void setCookie(Cookie cookie) {} @@ -734,25 +737,12 @@ public class Http { public static class Cookie { - public Cookie( - String name, - String value, - Integer maxAge, - String path, - String domain, - boolean secure, - boolean httpOnly, - SameSite sameSite) {} + public Cookie(String name, String value, Integer maxAge, String path, String domain, + boolean secure, boolean httpOnly, SameSite sameSite) {} @Deprecated - public Cookie( - String name, - String value, - Integer maxAge, - String path, - String domain, - boolean secure, - boolean httpOnly) {} + public Cookie(String name, String value, Integer maxAge, String path, String domain, + boolean secure, boolean httpOnly) {} public static CookieBuilder builder(String name, String value) { return null; @@ -791,9 +781,7 @@ public class Http { } public enum SameSite { - STRICT("Strict"), - LAX("Lax"), - NONE("None"); + STRICT("Strict"), LAX("Lax"), NONE("None"); SameSite(String value) {} @@ -856,6 +844,8 @@ public class Http { public interface Cookies extends Iterable<Cookie> { Cookie get(String name); + + Optional<Cookie> getCookie(String name); } public interface HeaderNames { From 4dfc9b13cd2938219f913855158ae94faaadc75f Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Fri, 26 May 2023 12:44:53 +0200 Subject: [PATCH 694/870] Java: Fix performance issue in the stub generator --- java/ql/src/utils/stub-generator/Stubs.qll | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/java/ql/src/utils/stub-generator/Stubs.qll b/java/ql/src/utils/stub-generator/Stubs.qll index 785f621cba0..a42a806455e 100644 --- a/java/ql/src/utils/stub-generator/Stubs.qll +++ b/java/ql/src/utils/stub-generator/Stubs.qll @@ -285,14 +285,19 @@ private string stubQualifier(RefType t) { else result = "" } +pragma[nomagic] +private predicate needsPackageNameHelper(RefType t, GeneratedTopLevel top, string name) { + t.getSourceDeclaration() = [getAReferencedType(top), top].getSourceDeclaration() and + name = t.getName() +} + /** * Holds if `t` may clash with another type of the same name, so should be referred to using the fully qualified name */ private predicate needsPackageName(RefType t) { - exists(GeneratedTopLevel top, RefType other | - t.getSourceDeclaration() = [getAReferencedType(top), top].getSourceDeclaration() and - other.getSourceDeclaration() = [getAReferencedType(top), top].getSourceDeclaration() and - t.getName() = other.getName() and + exists(GeneratedTopLevel top, RefType other, string name | + needsPackageNameHelper(t, top, name) and + needsPackageNameHelper(other, top, name) and t != other ) } From 40daa9c906c972be22aff4e8961c5f07d4dc9c9d Mon Sep 17 00:00:00 2001 From: Asger F <asgerf@github.com> Date: Fri, 26 May 2023 14:05:36 +0200 Subject: [PATCH 695/870] JS: Update RegExpInjection test and expectations --- .../Security/CWE-730/RegExpInjection.expected | 35 ++++++++----------- .../Security/CWE-730/RegExpInjection.js | 12 +++---- 2 files changed, 21 insertions(+), 26 deletions(-) diff --git a/javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected b/javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected index 693ef9e5e95..391be36fbb9 100644 --- a/javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected @@ -31,14 +31,12 @@ nodes | RegExpInjection.js:41:26:41:30 | input | | RegExpInjection.js:42:25:42:29 | input | | RegExpInjection.js:42:25:42:29 | input | -| RegExpInjection.js:45:20:45:24 | input | -| RegExpInjection.js:45:20:45:24 | input | -| RegExpInjection.js:46:23:46:27 | input | -| RegExpInjection.js:46:23:46:27 | input | -| RegExpInjection.js:47:22:47:26 | input | -| RegExpInjection.js:47:22:47:26 | input | -| RegExpInjection.js:50:46:50:50 | input | -| RegExpInjection.js:50:46:50:50 | input | +| RegExpInjection.js:45:24:45:28 | input | +| RegExpInjection.js:45:24:45:28 | input | +| RegExpInjection.js:46:27:46:31 | input | +| RegExpInjection.js:46:27:46:31 | input | +| RegExpInjection.js:47:26:47:30 | input | +| RegExpInjection.js:47:26:47:30 | input | | RegExpInjection.js:54:14:54:16 | key | | RegExpInjection.js:54:14:54:27 | key.split(".") | | RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | @@ -89,14 +87,12 @@ edges | RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:41:26:41:30 | input | | RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:42:25:42:29 | input | | RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:42:25:42:29 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:45:20:45:24 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:45:20:45:24 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:46:23:46:27 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:46:23:46:27 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:47:22:47:26 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:47:22:47:26 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:50:46:50:50 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:50:46:50:50 | input | +| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:45:24:45:28 | input | +| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:45:24:45:28 | input | +| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:46:27:46:31 | input | +| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:46:27:46:31 | input | +| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:47:26:47:30 | input | +| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:47:26:47:30 | input | | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:5:31:5:56 | input | | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:5:31:5:56 | input | | RegExpInjection.js:8:31:8:33 | key | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | @@ -157,10 +153,9 @@ edges | RegExpInjection.js:40:23:40:27 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:40:23:40:27 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value | | RegExpInjection.js:41:26:41:30 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:41:26:41:30 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value | | RegExpInjection.js:42:25:42:29 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:42:25:42:29 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value | -| RegExpInjection.js:45:20:45:24 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:45:20:45:24 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value | -| RegExpInjection.js:46:23:46:27 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:46:23:46:27 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value | -| RegExpInjection.js:47:22:47:26 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:47:22:47:26 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value | -| RegExpInjection.js:50:46:50:50 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:50:46:50:50 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value | +| RegExpInjection.js:45:24:45:28 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:45:24:45:28 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value | +| RegExpInjection.js:46:27:46:31 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:46:27:46:31 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value | +| RegExpInjection.js:47:26:47:30 | input | RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:47:26:47:30 | input | This regular expression is constructed from a $@. | RegExpInjection.js:5:39:5:56 | req.param("input") | user-provided value | | RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value | | RegExpInjection.js:64:14:64:18 | input | RegExpInjection.js:60:39:60:56 | req.param("input") | RegExpInjection.js:64:14:64:18 | input | This regular expression is constructed from a $@. | RegExpInjection.js:60:39:60:56 | req.param("input") | user-provided value | | RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | RegExpInjection.js:82:15:82:32 | req.param("input") | RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | This regular expression is constructed from a $@. | RegExpInjection.js:82:15:82:32 | req.param("input") | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.js b/javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.js index 1f8113f7d75..6cf3938486e 100644 --- a/javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.js +++ b/javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.js @@ -42,12 +42,12 @@ app.get('/findKey', function(req, res) { if (maybeString.match(input)) {} // NOT OK if (notString.match(input)) {} // OK - defString.search(input); // NOT OK - likelyString.search(input); // NOT OK - maybeString.search(input); // NOT OK - notString.search(input); // OK + if (defString.search(input) > -1) {} // NOT OK + if (likelyString.search(input) > -1) {} // NOT OK + if (maybeString.search(input) > -1) {} // NOT OK + if (notString.search(input) > -1) {} // OK - URI(`${protocol}://${host}${path}`).search(input); // OK, but still flagged [INCONSISTENCY] + URI(`${protocol}://${host}${path}`).search(input); // OK URI(`${protocol}://${host}${path}`).search(input).href(); // OK unknown.search(input).unknown; // OK @@ -62,7 +62,7 @@ app.get('/findKey', function(req, res) { Search.search(input); // OK! new RegExp(input); // NOT OK - + var sanitized = input.replace(/[\-\[\]\/\{\}\(\)\*\+\?\.\\\^\$\|]/g, "\\$&"); new RegExp(sanitized); // OK }); From 9df9ca2916d90fdc4cc86a50581e35c98c2309ac Mon Sep 17 00:00:00 2001 From: Asger F <asgerf@github.com> Date: Fri, 26 May 2023 14:07:34 +0200 Subject: [PATCH 696/870] JS: Update test and expectations for MissingRegExpAnchor --- .../CWE-020/MissingRegExpAnchor/MissingRegExpAnchor.expected | 2 +- .../CWE-020/MissingRegExpAnchor/tst-UnanchoredUrlRegExp.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/javascript/ql/test/query-tests/Security/CWE-020/MissingRegExpAnchor/MissingRegExpAnchor.expected b/javascript/ql/test/query-tests/Security/CWE-020/MissingRegExpAnchor/MissingRegExpAnchor.expected index 0554d826383..a7933f2926e 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/MissingRegExpAnchor/MissingRegExpAnchor.expected +++ b/javascript/ql/test/query-tests/Security/CWE-020/MissingRegExpAnchor/MissingRegExpAnchor.expected @@ -49,7 +49,7 @@ | tst-UnanchoredUrlRegExp.js:8:47:8:90 | "(https ... e.com)" | This hostname pattern may match any domain name, as it is missing a '$' or '/' at the end. | | tst-UnanchoredUrlRegExp.js:10:2:10:22 | /https? ... od.com/ | When this is used as a regular expression on a URL, it may match anywhere, and arbitrary hosts may come before or after it. | | tst-UnanchoredUrlRegExp.js:11:13:11:31 | "https?://good.com" | When this is used as a regular expression on a URL, it may match anywhere, and arbitrary hosts may come before or after it. | -| tst-UnanchoredUrlRegExp.js:13:44:13:62 | "https?://good.com" | When this is used as a regular expression on a URL, it may match anywhere, and arbitrary hosts may come before or after it. | +| tst-UnanchoredUrlRegExp.js:13:48:13:66 | "https?://good.com" | When this is used as a regular expression on a URL, it may match anywhere, and arbitrary hosts may come before or after it. | | tst-UnanchoredUrlRegExp.js:15:13:15:31 | "https?://good.com" | When this is used as a regular expression on a URL, it may match anywhere, and arbitrary hosts may come before or after it. | | tst-UnanchoredUrlRegExp.js:19:47:19:65 | "https?://good.com" | When this is used as a regular expression on a URL, it may match anywhere, and arbitrary hosts may come before or after it. | | tst-UnanchoredUrlRegExp.js:20:47:20:70 | "https? ... m:8080" | When this is used as a regular expression on a URL, it may match anywhere, and arbitrary hosts may come before or after it. | diff --git a/javascript/ql/test/query-tests/Security/CWE-020/MissingRegExpAnchor/tst-UnanchoredUrlRegExp.js b/javascript/ql/test/query-tests/Security/CWE-020/MissingRegExpAnchor/tst-UnanchoredUrlRegExp.js index 5db3aa740fb..24815ebe59e 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/MissingRegExpAnchor/tst-UnanchoredUrlRegExp.js +++ b/javascript/ql/test/query-tests/Security/CWE-020/MissingRegExpAnchor/tst-UnanchoredUrlRegExp.js @@ -10,7 +10,7 @@ /https?:\/\/good.com/.exec("http://evil.com/?http://good.com"); // NOT OK new RegExp("https?://good.com").exec("http://evil.com/?http://good.com"); // NOT OK - "http://evil.com/?http://good.com".search("https?://good.com"); // NOT OK + if ("http://evil.com/?http://good.com".search("https?://good.com") > -1) {} // NOT OK new RegExp("https?://good.com").test("http://evil.com/?http://good.com"); // NOT OK From c637b6f59a623a32720865da7fae2d4bcc67b2a5 Mon Sep 17 00:00:00 2001 From: Asger F <asgerf@github.com> Date: Fri, 26 May 2023 14:10:26 +0200 Subject: [PATCH 697/870] JS: Update test for RegExpAlwaysMatches --- .../test/query-tests/RegExp/RegExpAlwaysMatches/tst.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/javascript/ql/test/query-tests/RegExp/RegExpAlwaysMatches/tst.js b/javascript/ql/test/query-tests/RegExp/RegExpAlwaysMatches/tst.js index a266e2d86f6..b4c54be9b8a 100644 --- a/javascript/ql/test/query-tests/RegExp/RegExpAlwaysMatches/tst.js +++ b/javascript/ql/test/query-tests/RegExp/RegExpAlwaysMatches/tst.js @@ -55,23 +55,23 @@ function emptyAlt3(x) { } function search(x) { - return x.search(/[a-z]*/); // NOT OK + return x.search(/[a-z]*/) > -1; // NOT OK } function search2(x) { - return x.search(/[a-z]/); // OK + return x.search(/[a-z]/) > -1; // OK } function lookahead(x) { - return x.search(/(?!x)/); // OK + return x.search(/(?!x)/) > -1; // OK } function searchPrefix(x) { - return x.search(/^(foo)?/); // NOT OK - `foo?` does not affect the returned index + return x.search(/^(foo)?/) > -1; // NOT OK - `foo?` does not affect the returned index } function searchSuffix(x) { - return x.search(/(foo)?$/); // OK - `foo?` affects the returned index + return x.search(/(foo)?$/) > -1; // OK - `foo?` affects the returned index } function wordBoundary(x) { From c5cee0d4199ceb8b02326805a7e5ee8be7bd4a85 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Fri, 26 May 2023 10:05:35 +0000 Subject: [PATCH 698/870] Swift: exclude targets ending in `Tests` or `Test` from autobuilding --- .../Foo.xcodeproj/project.pbxproj | 2062 +++++++++++++++++ .../contents.xcworkspacedata | 7 + .../commands.expected | 1 + swift/xcode-autobuilder/xcode-autobuilder.cpp | 20 +- 4 files changed, 2084 insertions(+), 6 deletions(-) create mode 100644 swift/xcode-autobuilder/tests/hello-targets-with-tests-suffix/Foo.xcodeproj/project.pbxproj create mode 100644 swift/xcode-autobuilder/tests/hello-targets-with-tests-suffix/Foo.xcodeproj/project.xcworkspace/contents.xcworkspacedata create mode 100644 swift/xcode-autobuilder/tests/hello-targets-with-tests-suffix/commands.expected diff --git a/swift/xcode-autobuilder/tests/hello-targets-with-tests-suffix/Foo.xcodeproj/project.pbxproj b/swift/xcode-autobuilder/tests/hello-targets-with-tests-suffix/Foo.xcodeproj/project.pbxproj new file mode 100644 index 00000000000..bb2ebc13d66 --- /dev/null +++ b/swift/xcode-autobuilder/tests/hello-targets-with-tests-suffix/Foo.xcodeproj/project.pbxproj @@ -0,0 +1,2062 @@ +// !$*UTF8*$! +{ + archiveVersion = 1; + classes = { + }; + objectVersion = 52; + objects = { + +/* Begin PBXAggregateTarget section */ + "Foo::FooPackageTests::ProductTarget" /* FooPackageTests */ = { + isa = PBXAggregateTarget; + buildConfigurationList = OBJ_529 /* Build configuration list for PBXAggregateTarget "FooPackageTests" */; + buildPhases = ( + ); + dependencies = ( + OBJ_532 /* PBXTargetDependency */, + ); + name = FooPackageTests; + productName = FooPackageTests; + }; +/* End PBXAggregateTarget section */ + +/* Begin PBXBuildFile section */ + 8405567023527E280064EC7D /* ActionSheetItemCells.swift in Sources */ = {isa = PBXBuildFile; fileRef = 8405566E23527E1E0064EC7D /* ActionSheetItemCells.swift */; }; + 8422CB60239DAF5600251D31 /* ActionSheetPopoverPresenter+PresentationDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 8422CB5F239DAF5600251D31 /* ActionSheetPopoverPresenter+PresentationDelegate.swift */; }; + 8422CB63239DAFBC00251D31 /* ActionSheetPopoverPresenter+PresentationDelegateTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 8422CB61239DAF9B00251D31 /* ActionSheetPopoverPresenter+PresentationDelegateTests.swift */; }; + 8422CB66239DB70C00251D31 /* ActionSheetPresenterBaseTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 8422CB64239DB6F600251D31 /* ActionSheetPresenterBaseTests.swift */; }; + 8422CB68239DC27500251D31 /* NonDismissableMenu.swift in Sources */ = {isa = PBXBuildFile; fileRef = 8422CB67239DC27500251D31 /* NonDismissableMenu.swift */; }; + 8422CB6A239DC2C400251D31 /* BackgroundDismissableMenu.swift in Sources */ = {isa = PBXBuildFile; fileRef = 8422CB69239DC2C400251D31 /* BackgroundDismissableMenu.swift */; }; + 8422CB71239DC82C00251D31 /* ContextMenu+ConfigurationTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 8422CB6F239DC81800251D31 /* ContextMenu+ConfigurationTests.swift */; }; + 8422CB72239DC85300251D31 /* ContextMenu.swift in Sources */ = {isa = PBXBuildFile; fileRef = 8422CB6D239DC6DA00251D31 /* ContextMenu.swift */; }; + 8422CB73239DC85900251D31 /* ContextMenu+Configuration.swift in Sources */ = {isa = PBXBuildFile; fileRef = 8422CB6B239DC6B100251D31 /* ContextMenu+Configuration.swift */; }; + 8422CB76239DCBFD00251D31 /* Menu+Deprecations.swift in Sources */ = {isa = PBXBuildFile; fileRef = 8422CB74239DCBEB00251D31 /* Menu+Deprecations.swift */; }; + 8422CB7A239E1FB600251D31 /* DestructiveItem.swift in Sources */ = {isa = PBXBuildFile; fileRef = 8422CB78239E1E6800251D31 /* DestructiveItem.swift */; }; + 8422CB7D239E20E100251D31 /* DestructiveItem+ActionSheet.swift in Sources */ = {isa = PBXBuildFile; fileRef = 8422CB7B239E209C00251D31 /* DestructiveItem+ActionSheet.swift */; }; + 8422CB82239E21FF00251D31 /* DestructiveItem+ActionSheetTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 8422CB80239E21FC00251D31 /* DestructiveItem+ActionSheetTests.swift */; }; + 843C3B0F25271DE30055BFE6 /* DemoMultilineItem.swift in Sources */ = {isa = PBXBuildFile; fileRef = 843C3B0E25271DE30055BFE6 /* DemoMultilineItem.swift */; }; + 843C3B1925271FEC0055BFE6 /* DemoMultilineItemMenu.swift in Sources */ = {isa = PBXBuildFile; fileRef = 843C3B1825271FEC0055BFE6 /* DemoMultilineItemMenu.swift */; }; + 846703A1234A3C4500355331 /* Main.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = 8467039F234A3C4500355331 /* Main.storyboard */; }; + 846703A6234A3C4600355331 /* LaunchScreen.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = 846703A4234A3C4600355331 /* LaunchScreen.storyboard */; }; + 846703E6234A3CF100355331 /* FoodOption+ActionSheetItems.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703AC234A3CF000355331 /* FoodOption+ActionSheetItems.swift */; }; + 846703E7234A3CF100355331 /* FoodOption.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703AD234A3CF000355331 /* FoodOption.swift */; }; + 846703E8234A3CF100355331 /* MenuOption.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703AE234A3CF000355331 /* MenuOption.swift */; }; + 846703E9234A3CF100355331 /* AppearanceOption.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703AF234A3CF000355331 /* AppearanceOption.swift */; }; + 846703EA234A3CF100355331 /* ActionSheetOption.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703B0234A3CF000355331 /* ActionSheetOption.swift */; }; + 846703EC234A3CF100355331 /* ViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703B3234A3CF000355331 /* ViewController.swift */; }; + 846703ED234A3CF100355331 /* ViewController+Appearance.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703B4234A3CF000355331 /* ViewController+Appearance.swift */; }; + 846703EE234A3CF100355331 /* ViewController+Menus.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703B5234A3CF000355331 /* ViewController+Menus.swift */; }; + 846703EF234A3CF100355331 /* ViewController+Alert.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703B6234A3CF000355331 /* ViewController+Alert.swift */; }; + 846703F0234A3CF100355331 /* ViewController+ActionSheets.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703B7234A3CF000355331 /* ViewController+ActionSheets.swift */; }; + 846703F1234A3CF100355331 /* ViewController+TableView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703B8234A3CF000355331 /* ViewController+TableView.swift */; }; + 846703F2234A3CF100355331 /* ContextMenuViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703B9234A3CF000355331 /* ContextMenuViewController.swift */; }; + 846703F3234A3CF100355331 /* AppearanceViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703BA234A3CF000355331 /* AppearanceViewController.swift */; }; + 846703F4234A3CF100355331 /* DemoCustomViewCell.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703BC234A3CF000355331 /* DemoCustomViewCell.swift */; }; + 846703F5234A3CF100355331 /* DemoCollectionViewCell.xib in Resources */ = {isa = PBXBuildFile; fileRef = 846703BD234A3CF000355331 /* DemoCollectionViewCell.xib */; }; + 846703F6234A3CF100355331 /* DemoCustomViewCell.xib in Resources */ = {isa = PBXBuildFile; fileRef = 846703BE234A3CF000355331 /* DemoCustomViewCell.xib */; }; + 846703F7234A3CF100355331 /* DemoCollectionViewCell.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703BF234A3CF000355331 /* DemoCollectionViewCell.swift */; }; + 846703F8234A3CF100355331 /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703C0234A3CF000355331 /* AppDelegate.swift */; }; + 846703F9234A3CF100355331 /* SceneDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703C1234A3CF000355331 /* SceneDelegate.swift */; }; + 846703FA234A3CF100355331 /* DemoAppearance.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703C3234A3CF000355331 /* DemoAppearance.swift */; }; + 846703FB234A3CF100355331 /* ColorAppearance.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703C4234A3CF000355331 /* ColorAppearance.swift */; }; + 846703FC234A3CF100355331 /* DemoFonts.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703C5234A3CF000355331 /* DemoFonts.swift */; }; + 846703FD234A3CF100355331 /* FoodActionSheet.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703C7234A3CF000355331 /* FoodActionSheet.swift */; }; + 846703FE234A3CF100355331 /* CollectionActionSheet.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703C8234A3CF000355331 /* CollectionActionSheet.swift */; }; + 846703FF234A3CF100355331 /* title-image.png in Resources */ = {isa = PBXBuildFile; fileRef = 846703CB234A3CF100355331 /* title-image.png */; }; + 84670400234A3CF100355331 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 846703CC234A3CF100355331 /* Assets.xcassets */; }; + 84670401234A3CF100355331 /* Roboto-Medium.ttf in Resources */ = {isa = PBXBuildFile; fileRef = 846703CF234A3CF100355331 /* Roboto-Medium.ttf */; }; + 84670402234A3CF100355331 /* Roboto-Light.ttf in Resources */ = {isa = PBXBuildFile; fileRef = 846703D0234A3CF100355331 /* Roboto-Light.ttf */; }; + 84670403234A3CF100355331 /* Roboto-Regular.ttf in Resources */ = {isa = PBXBuildFile; fileRef = 846703D1234A3CF100355331 /* Roboto-Regular.ttf */; }; + 84670404234A3CF100355331 /* Roboto-MediumItalic.ttf in Resources */ = {isa = PBXBuildFile; fileRef = 846703D2234A3CF100355331 /* Roboto-MediumItalic.ttf */; }; + 84670405234A3CF100355331 /* Roboto-ThinItalic.ttf in Resources */ = {isa = PBXBuildFile; fileRef = 846703D3234A3CF100355331 /* Roboto-ThinItalic.ttf */; }; + 84670406234A3CF100355331 /* Roboto-BoldItalic.ttf in Resources */ = {isa = PBXBuildFile; fileRef = 846703D4234A3CF100355331 /* Roboto-BoldItalic.ttf */; }; + 84670407234A3CF100355331 /* Roboto-LightItalic.ttf in Resources */ = {isa = PBXBuildFile; fileRef = 846703D5234A3CF100355331 /* Roboto-LightItalic.ttf */; }; + 84670408234A3CF100355331 /* Roboto-Italic.ttf in Resources */ = {isa = PBXBuildFile; fileRef = 846703D6234A3CF100355331 /* Roboto-Italic.ttf */; }; + 84670409234A3CF100355331 /* LICENSE.txt in Resources */ = {isa = PBXBuildFile; fileRef = 846703D7234A3CF100355331 /* LICENSE.txt */; }; + 8467040A234A3CF100355331 /* Roboto-BlackItalic.ttf in Resources */ = {isa = PBXBuildFile; fileRef = 846703D8234A3CF100355331 /* Roboto-BlackItalic.ttf */; }; + 8467040B234A3CF100355331 /* Roboto-Bold.ttf in Resources */ = {isa = PBXBuildFile; fileRef = 846703D9234A3CF100355331 /* Roboto-Bold.ttf */; }; + 8467040C234A3CF100355331 /* Roboto-Thin.ttf in Resources */ = {isa = PBXBuildFile; fileRef = 846703DA234A3CF100355331 /* Roboto-Thin.ttf */; }; + 8467040D234A3CF100355331 /* Roboto-Black.ttf in Resources */ = {isa = PBXBuildFile; fileRef = 846703DB234A3CF100355331 /* Roboto-Black.ttf */; }; + 8467040E234A3CF100355331 /* FoodMenu.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703DD234A3CF100355331 /* FoodMenu.swift */; }; + 8467040F234A3CF100355331 /* LinkMenu.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703DE234A3CF100355331 /* LinkMenu.swift */; }; + 84670410234A3CF100355331 /* SingleSelectMenu.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703DF234A3CF100355331 /* SingleSelectMenu.swift */; }; + 84670411234A3CF100355331 /* DestructiveMenu.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703E0234A3CF100355331 /* DestructiveMenu.swift */; }; + 84670412234A3CF100355331 /* MultiSelectMenu.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703E1234A3CF100355331 /* MultiSelectMenu.swift */; }; + 84670413234A3CF100355331 /* ItemMenu.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703E2234A3CF100355331 /* ItemMenu.swift */; }; + 84670414234A3CF100355331 /* CustomMenu.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703E3234A3CF100355331 /* CustomMenu.swift */; }; + 84670415234A3CF100355331 /* SectionMenu.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703E4234A3CF100355331 /* SectionMenu.swift */; }; + 84670416234A3CF100355331 /* CollectionMenu.swift in Sources */ = {isa = PBXBuildFile; fileRef = 846703E5234A3CF100355331 /* CollectionMenu.swift */; }; + 84670419234A3E9C00355331 /* Foo.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = "Foo::Foo::Product" /* Foo.framework */; }; + 8467041A234A3E9C00355331 /* Foo.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = "Foo::Foo::Product" /* Foo.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; }; + 847E09ED239DA5E70058179D /* ActionSheetPresenterBase.swift in Sources */ = {isa = PBXBuildFile; fileRef = 847E09EC239DA5E70058179D /* ActionSheetPresenterBase.swift */; }; + 84A24ECB236C64F200DB060C /* SecondaryActionItem.swift in Sources */ = {isa = PBXBuildFile; fileRef = 84A24ECA236C64F200DB060C /* SecondaryActionItem.swift */; }; + 84A24ECE236C670D00DB060C /* SecondaryActionItemTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 84A24ECC236C66CD00DB060C /* SecondaryActionItemTests.swift */; }; + 84A24ED0236C6C5B00DB060C /* SecondaryActionItem+ActionSheet.swift in Sources */ = {isa = PBXBuildFile; fileRef = 84A24ECF236C6C5B00DB060C /* SecondaryActionItem+ActionSheet.swift */; }; + 84A24ED2236C6CA200DB060C /* ActionSheetSecondaryActionItemCell.swift in Sources */ = {isa = PBXBuildFile; fileRef = 84A24ED1236C6CA200DB060C /* ActionSheetSecondaryActionItemCell.swift */; }; + 84A24ED5236C6DCD00DB060C /* ActionSheetSecondaryActionItemTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 84A24ED3236C6DB500DB060C /* ActionSheetSecondaryActionItemTests.swift */; }; + 84A24ED9236C724100DB060C /* SecondaryActionItem+ActionSheetTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 84A24ED7236C6FAF00DB060C /* SecondaryActionItem+ActionSheetTests.swift */; }; + 84A24EDB236C72C900DB060C /* SecondaryActionMenu.swift in Sources */ = {isa = PBXBuildFile; fileRef = 84A24EDA236C72C900DB060C /* SecondaryActionMenu.swift */; }; + 84A24EDD236C84D900DB060C /* MenuCreator.swift in Sources */ = {isa = PBXBuildFile; fileRef = 84A24EDC236C84D900DB060C /* MenuCreator.swift */; }; + 84D3AF2E2434B1420007BE9B /* Quick in Frameworks */ = {isa = PBXBuildFile; productRef = 84D3AF2D2434B1420007BE9B /* Quick */; }; + 84D3AF312434B1510007BE9B /* Nimble in Frameworks */ = {isa = PBXBuildFile; productRef = 84D3AF302434B1510007BE9B /* Nimble */; }; + 84F64BA1239D8FEF000290D1 /* ActionSheet+Header.swift in Sources */ = {isa = PBXBuildFile; fileRef = 84F64BA0239D8FEF000290D1 /* ActionSheet+Header.swift */; }; + 84F64BA3239D9630000290D1 /* ActionSheet+Configuration.swift in Sources */ = {isa = PBXBuildFile; fileRef = 84F64BA2239D9630000290D1 /* ActionSheet+Configuration.swift */; }; + 84F64BA5239D99D6000290D1 /* ActionSheet+ConfigurationTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 84F64BA4239D99D6000290D1 /* ActionSheet+ConfigurationTests.swift */; }; + 84F64BA8239D9CD7000290D1 /* ActionSheet+Deprecations.swift in Sources */ = {isa = PBXBuildFile; fileRef = 84F64BA6239D9CB5000290D1 /* ActionSheet+Deprecations.swift */; }; + A9FA9D3A26A17AC40047114E /* MockingKit in Frameworks */ = {isa = PBXBuildFile; productRef = A9FA9D3926A17AC40047114E /* MockingKit */; }; + OBJ_442 /* ActionSheet+Presenter.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_10 /* ActionSheet+Presenter.swift */; }; + OBJ_443 /* ActionSheet+Scroll.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_11 /* ActionSheet+Scroll.swift */; }; + OBJ_444 /* ActionSheet.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_12 /* ActionSheet.swift */; }; + OBJ_445 /* ActionSheetItemHandler.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_13 /* ActionSheetItemHandler.swift */; }; + OBJ_446 /* ActionSheetMargin.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_14 /* ActionSheetMargin.swift */; }; + OBJ_447 /* ActionSheet+Appearance.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_16 /* ActionSheet+Appearance.swift */; }; + OBJ_448 /* ActionSheetAppearance.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_17 /* ActionSheetAppearance.swift */; }; + OBJ_449 /* ActionSheetColor.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_18 /* ActionSheetColor.swift */; }; + OBJ_450 /* UIColor+ActionSheetColor.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_19 /* UIColor+ActionSheetColor.swift */; }; + OBJ_451 /* UIEdgeInsets+Hidden.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_21 /* UIEdgeInsets+Hidden.swift */; }; + OBJ_452 /* UIView+Subviews.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_22 /* UIView+Subviews.swift */; }; + OBJ_453 /* UIViewController+RootViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_23 /* UIViewController+RootViewController.swift */; }; + OBJ_454 /* CancelButton+ActionSheet.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_26 /* CancelButton+ActionSheet.swift */; }; + OBJ_455 /* DestructiveButton+ActionSheet.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_27 /* DestructiveButton+ActionSheet.swift */; }; + OBJ_456 /* MenuButton+ActionSheet.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_28 /* MenuButton+ActionSheet.swift */; }; + OBJ_457 /* OkButton+ActionSheet.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_29 /* OkButton+ActionSheet.swift */; }; + OBJ_458 /* CollectionItem+ActionSheet.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_31 /* CollectionItem+ActionSheet.swift */; }; + OBJ_459 /* CustomItem+ActionSheet.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_32 /* CustomItem+ActionSheet.swift */; }; + OBJ_460 /* LinkItem+ActionSheet.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_33 /* LinkItem+ActionSheet.swift */; }; + OBJ_461 /* MultiSelectItem+ActionSheet.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_34 /* MultiSelectItem+ActionSheet.swift */; }; + OBJ_462 /* MultiSelectToggleItem+ActionSheet.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_35 /* MultiSelectToggleItem+ActionSheet.swift */; }; + OBJ_463 /* SelectItem+ActionSheet.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_36 /* SelectItem+ActionSheet.swift */; }; + OBJ_464 /* SingleSelectItem+ActionSheet.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_37 /* SingleSelectItem+ActionSheet.swift */; }; + OBJ_465 /* Menu+ActionSheet.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_38 /* Menu+ActionSheet.swift */; }; + OBJ_466 /* MenuItem+ActionSheet.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_39 /* MenuItem+ActionSheet.swift */; }; + OBJ_467 /* MenuTitle+ActionSheet.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_41 /* MenuTitle+ActionSheet.swift */; }; + OBJ_468 /* SectionMargin+ActionSheet.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_42 /* SectionMargin+ActionSheet.swift */; }; + OBJ_469 /* SectionTitle+ActionSheet.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_43 /* SectionTitle+ActionSheet.swift */; }; + OBJ_470 /* ActionSheetPopoverPresenter.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_45 /* ActionSheetPopoverPresenter.swift */; }; + OBJ_471 /* ActionSheetPresenter.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_46 /* ActionSheetPresenter.swift */; }; + OBJ_472 /* ActionSheetStandardPresenter.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_47 /* ActionSheetStandardPresenter.swift */; }; + OBJ_473 /* ActionSheetBackgroundView.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_49 /* ActionSheetBackgroundView.swift */; }; + OBJ_474 /* ActionSheetButtonTableView.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_50 /* ActionSheetButtonTableView.swift */; }; + OBJ_475 /* ActionSheetHeaderContainerView.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_51 /* ActionSheetHeaderContainerView.swift */; }; + OBJ_476 /* ActionSheetItemTableView.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_52 /* ActionSheetItemTableView.swift */; }; + OBJ_477 /* ActionSheetStackView.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_53 /* ActionSheetStackView.swift */; }; + OBJ_478 /* ActionSheetTableView.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_54 /* ActionSheetTableView.swift */; }; + OBJ_480 /* ActionSheetItemCell.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_57 /* ActionSheetItemCell.swift */; }; + OBJ_484 /* ActionSheetCollectionItemCell.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_63 /* ActionSheetCollectionItemCell.swift */; }; + OBJ_485 /* ActionSheetCollectionItemCellHandler.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_64 /* ActionSheetCollectionItemCellHandler.swift */; }; + OBJ_486 /* ActionSheetLinkItemCell.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_65 /* ActionSheetLinkItemCell.swift */; }; + OBJ_488 /* ActionSheetMultiSelectToggleItemCell.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_67 /* ActionSheetMultiSelectToggleItemCell.swift */; }; + OBJ_489 /* ActionSheetSelectItemCell.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_68 /* ActionSheetSelectItemCell.swift */; }; + OBJ_494 /* AlertControllerConversionError.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_75 /* AlertControllerConversionError.swift */; }; + OBJ_495 /* Menu+AlertController.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_76 /* Menu+AlertController.swift */; }; + OBJ_496 /* MenuItem+AlertController.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_77 /* MenuItem+AlertController.swift */; }; + OBJ_497 /* UIViewController+AlertController.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_78 /* UIViewController+AlertController.swift */; }; + OBJ_498 /* ContextMenuConversionError.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_80 /* ContextMenuConversionError.swift */; }; + OBJ_499 /* ContextMenuDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_81 /* ContextMenuDelegate.swift */; }; + OBJ_500 /* ContextMenuDelegateRetainer.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_82 /* ContextMenuDelegateRetainer.swift */; }; + OBJ_501 /* MenuCreator+ContextMenu.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_83 /* MenuCreator+ContextMenu.swift */; }; + OBJ_502 /* MenuItem+ContextMenu.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_84 /* MenuItem+ContextMenu.swift */; }; + OBJ_503 /* NSObject+ClassName.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_86 /* NSObject+ClassName.swift */; }; + OBJ_504 /* CancelButton.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_89 /* CancelButton.swift */; }; + OBJ_505 /* DestructiveButton.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_90 /* DestructiveButton.swift */; }; + OBJ_506 /* MenuButton.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_91 /* MenuButton.swift */; }; + OBJ_507 /* OkButton.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_92 /* OkButton.swift */; }; + OBJ_508 /* CollectionItem.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_94 /* CollectionItem.swift */; }; + OBJ_509 /* CustomItem.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_95 /* CustomItem.swift */; }; + OBJ_510 /* LinkItem.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_96 /* LinkItem.swift */; }; + OBJ_511 /* MultiSelectItem.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_97 /* MultiSelectItem.swift */; }; + OBJ_512 /* MultiSelectToggleItem.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_98 /* MultiSelectToggleItem.swift */; }; + OBJ_513 /* SelectItem.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_99 /* SelectItem.swift */; }; + OBJ_514 /* SingleSelectItem.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_100 /* SingleSelectItem.swift */; }; + OBJ_515 /* Menu.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_101 /* Menu.swift */; }; + OBJ_517 /* MenuItem.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_103 /* MenuItem.swift */; }; + OBJ_518 /* MenuTitle.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_105 /* MenuTitle.swift */; }; + OBJ_519 /* SectionMagin.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_106 /* SectionMagin.swift */; }; + OBJ_520 /* SectionTitle.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_107 /* SectionTitle.swift */; }; + OBJ_527 /* Package.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_6 /* Package.swift */; }; + OBJ_538 /* ActionSheet+PresenterTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_111 /* ActionSheet+PresenterTests.swift */; }; + OBJ_539 /* ActionSheetItemHandlerTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_112 /* ActionSheetItemHandlerTests.swift */; }; + OBJ_540 /* ActionSheetMarginTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_113 /* ActionSheetMarginTests.swift */; }; + OBJ_541 /* ActionSheetTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_114 /* ActionSheetTests.swift */; }; + OBJ_542 /* ActionSheet+AppearanceTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_116 /* ActionSheet+AppearanceTests.swift */; }; + OBJ_543 /* ActionSheetAppearanceTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_117 /* ActionSheetAppearanceTests.swift */; }; + OBJ_544 /* ActionSheetColorTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_118 /* ActionSheetColorTests.swift */; }; + OBJ_545 /* UIColor+ActionSheetColorTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_119 /* UIColor+ActionSheetColorTests.swift */; }; + OBJ_546 /* UIEdgeInsets+HiddenTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_121 /* UIEdgeInsets+HiddenTests.swift */; }; + OBJ_547 /* UIView+SubviewsTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_122 /* UIView+SubviewsTests.swift */; }; + OBJ_548 /* UIViewController+RootViewControllerTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_123 /* UIViewController+RootViewControllerTests.swift */; }; + OBJ_549 /* CancelButton+ActionSheetTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_126 /* CancelButton+ActionSheetTests.swift */; }; + OBJ_550 /* DestructiveButton+ActionSheetTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_127 /* DestructiveButton+ActionSheetTests.swift */; }; + OBJ_551 /* MenuButtonTests+ActionSheetTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_128 /* MenuButtonTests+ActionSheetTests.swift */; }; + OBJ_552 /* OkButton+ActionSheetTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_129 /* OkButton+ActionSheetTests.swift */; }; + OBJ_553 /* CollectionItem+ActionSheetTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_131 /* CollectionItem+ActionSheetTests.swift */; }; + OBJ_554 /* CustomItem+ActionSheetTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_132 /* CustomItem+ActionSheetTests.swift */; }; + OBJ_555 /* LinkItem+ActionSheetTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_133 /* LinkItem+ActionSheetTests.swift */; }; + OBJ_556 /* MultiSelectItem+ActionSheetTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_134 /* MultiSelectItem+ActionSheetTests.swift */; }; + OBJ_557 /* MultiSelectToggleItem+ActionSheetTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_135 /* MultiSelectToggleItem+ActionSheetTests.swift */; }; + OBJ_558 /* SelectItem+ActionSheetTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_136 /* SelectItem+ActionSheetTests.swift */; }; + OBJ_559 /* SingleSelectItem+ActionSheetTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_137 /* SingleSelectItem+ActionSheetTests.swift */; }; + OBJ_560 /* MenuItem+ActionSheetTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_138 /* MenuItem+ActionSheetTests.swift */; }; + OBJ_561 /* MenuTitle+ActionSheetTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_140 /* MenuTitle+ActionSheetTests.swift */; }; + OBJ_562 /* SectionMargin+ActionSheetTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_141 /* SectionMargin+ActionSheetTests.swift */; }; + OBJ_563 /* SectionTitle+ActionSheetTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_142 /* SectionTitle+ActionSheetTests.swift */; }; + OBJ_564 /* MockActionSheet.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_144 /* MockActionSheet.swift */; }; + OBJ_565 /* MockActionSheetAppearance.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_145 /* MockActionSheetAppearance.swift */; }; + OBJ_566 /* MockActionSheetPresenter.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_146 /* MockActionSheetPresenter.swift */; }; + OBJ_567 /* MockNotificationCenter.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_147 /* MockNotificationCenter.swift */; }; + OBJ_568 /* MockTableView.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_148 /* MockTableView.swift */; }; + OBJ_569 /* MockViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_149 /* MockViewController.swift */; }; + OBJ_570 /* ActionSheetPopoverPresenterTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_151 /* ActionSheetPopoverPresenterTests.swift */; }; + OBJ_571 /* ActionSheetStandardPresenterTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_152 /* ActionSheetStandardPresenterTests.swift */; }; + OBJ_572 /* ActionSheetBackgroundViewTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_154 /* ActionSheetBackgroundViewTests.swift */; }; + OBJ_573 /* ActionSheetHeaderContainerViewTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_155 /* ActionSheetHeaderContainerViewTests.swift */; }; + OBJ_574 /* ActionSheetStackViewTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_156 /* ActionSheetStackViewTests.swift */; }; + OBJ_575 /* ActionSheetTableViewTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_157 /* ActionSheetTableViewTests.swift */; }; + OBJ_577 /* ActionSheetItemCellTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_160 /* ActionSheetItemCellTests.swift */; }; + OBJ_578 /* ActionSheetLinkItemCellTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_162 /* ActionSheetLinkItemCellTests.swift */; }; + OBJ_579 /* ActionSheetSelectItemCellTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_163 /* ActionSheetSelectItemCellTests.swift */; }; + OBJ_580 /* Menu+AlertControllerTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_165 /* Menu+AlertControllerTests.swift */; }; + OBJ_581 /* MenuItem+AlertControllerTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_166 /* MenuItem+AlertControllerTests.swift */; }; + OBJ_582 /* ContextMenuDelegateTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_168 /* ContextMenuDelegateTests.swift */; }; + OBJ_583 /* Menu+ContextMenuTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_169 /* Menu+ContextMenuTests.swift */; }; + OBJ_584 /* MenuItem+ContextMenuTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_170 /* MenuItem+ContextMenuTests.swift */; }; + OBJ_586 /* NSObject+ClassNameTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_173 /* NSObject+ClassNameTests.swift */; }; + OBJ_587 /* CancelButtonTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_176 /* CancelButtonTests.swift */; }; + OBJ_588 /* DestructiveButtonTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_177 /* DestructiveButtonTests.swift */; }; + OBJ_589 /* MenuButtonTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_178 /* MenuButtonTests.swift */; }; + OBJ_590 /* OkButtonTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_179 /* OkButtonTests.swift */; }; + OBJ_591 /* CollectionItemTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_181 /* CollectionItemTests.swift */; }; + OBJ_592 /* CustomItemTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_182 /* CustomItemTests.swift */; }; + OBJ_593 /* LinkItemTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_183 /* LinkItemTests.swift */; }; + OBJ_594 /* MultiSelectItemTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_184 /* MultiSelectItemTests.swift */; }; + OBJ_595 /* MultiSelectToggleItemTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_185 /* MultiSelectToggleItemTests.swift */; }; + OBJ_596 /* SelectItemTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_186 /* SelectItemTests.swift */; }; + OBJ_597 /* SingleSelectItemTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_187 /* SingleSelectItemTests.swift */; }; + OBJ_599 /* MenuItemTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_189 /* MenuItemTests.swift */; }; + OBJ_600 /* MenuTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_190 /* MenuTests.swift */; }; + OBJ_601 /* MockMenuItem.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_192 /* MockMenuItem.swift */; }; + OBJ_602 /* MenuTitleTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_194 /* MenuTitleTests.swift */; }; + OBJ_603 /* SectionMarginTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_195 /* SectionMarginTests.swift */; }; + OBJ_604 /* SectionTitleTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_196 /* SectionTitleTests.swift */; }; + OBJ_611 /* Foo.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = "Foo::Foo::Product" /* Foo.framework */; }; +/* End PBXBuildFile section */ + +/* Begin PBXContainerItemProxy section */ + 8467041B234A3E9C00355331 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = OBJ_1 /* Project object */; + proxyType = 1; + remoteGlobalIDString = "Foo::Foo"; + remoteInfo = Foo; + }; + 84BDF8AF2347D41300D35F93 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = OBJ_1 /* Project object */; + proxyType = 1; + remoteGlobalIDString = "Foo::Foo"; + remoteInfo = Foo; + }; + 84BDF8B02347D41500D35F93 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = OBJ_1 /* Project object */; + proxyType = 1; + remoteGlobalIDString = "Foo::FooTests"; + remoteInfo = FooTests; + }; +/* End PBXContainerItemProxy section */ + +/* Begin PBXCopyFilesBuildPhase section */ + 8467041D234A3E9C00355331 /* Embed Frameworks */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = ""; + dstSubfolderSpec = 10; + files = ( + 8467041A234A3E9C00355331 /* Foo.framework in Embed Frameworks */, + ); + name = "Embed Frameworks"; + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXCopyFilesBuildPhase section */ + +/* Begin PBXFileReference section */ + 8405566E23527E1E0064EC7D /* ActionSheetItemCells.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetItemCells.swift; sourceTree = "<group>"; }; + 8422CB5F239DAF5600251D31 /* ActionSheetPopoverPresenter+PresentationDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "ActionSheetPopoverPresenter+PresentationDelegate.swift"; sourceTree = "<group>"; }; + 8422CB61239DAF9B00251D31 /* ActionSheetPopoverPresenter+PresentationDelegateTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "ActionSheetPopoverPresenter+PresentationDelegateTests.swift"; sourceTree = "<group>"; }; + 8422CB64239DB6F600251D31 /* ActionSheetPresenterBaseTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetPresenterBaseTests.swift; sourceTree = "<group>"; }; + 8422CB67239DC27500251D31 /* NonDismissableMenu.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NonDismissableMenu.swift; sourceTree = "<group>"; }; + 8422CB69239DC2C400251D31 /* BackgroundDismissableMenu.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = BackgroundDismissableMenu.swift; sourceTree = "<group>"; }; + 8422CB6B239DC6B100251D31 /* ContextMenu+Configuration.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "ContextMenu+Configuration.swift"; sourceTree = "<group>"; }; + 8422CB6D239DC6DA00251D31 /* ContextMenu.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ContextMenu.swift; sourceTree = "<group>"; }; + 8422CB6F239DC81800251D31 /* ContextMenu+ConfigurationTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "ContextMenu+ConfigurationTests.swift"; sourceTree = "<group>"; }; + 8422CB74239DCBEB00251D31 /* Menu+Deprecations.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Menu+Deprecations.swift"; sourceTree = "<group>"; }; + 8422CB78239E1E6800251D31 /* DestructiveItem.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DestructiveItem.swift; sourceTree = "<group>"; }; + 8422CB7B239E209C00251D31 /* DestructiveItem+ActionSheet.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "DestructiveItem+ActionSheet.swift"; sourceTree = "<group>"; }; + 8422CB80239E21FC00251D31 /* DestructiveItem+ActionSheetTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "DestructiveItem+ActionSheetTests.swift"; sourceTree = "<group>"; }; + 843C3B0E25271DE30055BFE6 /* DemoMultilineItem.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DemoMultilineItem.swift; sourceTree = "<group>"; }; + 843C3B1825271FEC0055BFE6 /* DemoMultilineItemMenu.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DemoMultilineItemMenu.swift; sourceTree = "<group>"; }; + 84670397234A3C4500355331 /* FooDemo.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = FooDemo.app; sourceTree = BUILT_PRODUCTS_DIR; }; + 846703A0234A3C4500355331 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/Main.storyboard; sourceTree = "<group>"; }; + 846703A5234A3C4600355331 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/LaunchScreen.storyboard; sourceTree = "<group>"; }; + 846703AC234A3CF000355331 /* FoodOption+ActionSheetItems.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "FoodOption+ActionSheetItems.swift"; sourceTree = "<group>"; }; + 846703AD234A3CF000355331 /* FoodOption.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = FoodOption.swift; sourceTree = "<group>"; }; + 846703AE234A3CF000355331 /* MenuOption.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = MenuOption.swift; sourceTree = "<group>"; }; + 846703AF234A3CF000355331 /* AppearanceOption.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AppearanceOption.swift; sourceTree = "<group>"; }; + 846703B0234A3CF000355331 /* ActionSheetOption.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ActionSheetOption.swift; sourceTree = "<group>"; }; + 846703B1234A3CF000355331 /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; }; + 846703B3234A3CF000355331 /* ViewController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ViewController.swift; sourceTree = "<group>"; }; + 846703B4234A3CF000355331 /* ViewController+Appearance.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "ViewController+Appearance.swift"; sourceTree = "<group>"; }; + 846703B5234A3CF000355331 /* ViewController+Menus.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "ViewController+Menus.swift"; sourceTree = "<group>"; }; + 846703B6234A3CF000355331 /* ViewController+Alert.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "ViewController+Alert.swift"; sourceTree = "<group>"; }; + 846703B7234A3CF000355331 /* ViewController+ActionSheets.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "ViewController+ActionSheets.swift"; sourceTree = "<group>"; }; + 846703B8234A3CF000355331 /* ViewController+TableView.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "ViewController+TableView.swift"; sourceTree = "<group>"; }; + 846703B9234A3CF000355331 /* ContextMenuViewController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ContextMenuViewController.swift; sourceTree = "<group>"; }; + 846703BA234A3CF000355331 /* AppearanceViewController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AppearanceViewController.swift; sourceTree = "<group>"; }; + 846703BC234A3CF000355331 /* DemoCustomViewCell.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = DemoCustomViewCell.swift; sourceTree = "<group>"; }; + 846703BD234A3CF000355331 /* DemoCollectionViewCell.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = DemoCollectionViewCell.xib; sourceTree = "<group>"; }; + 846703BE234A3CF000355331 /* DemoCustomViewCell.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = DemoCustomViewCell.xib; sourceTree = "<group>"; }; + 846703BF234A3CF000355331 /* DemoCollectionViewCell.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = DemoCollectionViewCell.swift; sourceTree = "<group>"; }; + 846703C0234A3CF000355331 /* AppDelegate.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = "<group>"; }; + 846703C1234A3CF000355331 /* SceneDelegate.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SceneDelegate.swift; sourceTree = "<group>"; }; + 846703C3234A3CF000355331 /* DemoAppearance.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = DemoAppearance.swift; sourceTree = "<group>"; }; + 846703C4234A3CF000355331 /* ColorAppearance.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ColorAppearance.swift; sourceTree = "<group>"; }; + 846703C5234A3CF000355331 /* DemoFonts.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = DemoFonts.swift; sourceTree = "<group>"; }; + 846703C7234A3CF000355331 /* FoodActionSheet.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = FoodActionSheet.swift; sourceTree = "<group>"; }; + 846703C8234A3CF000355331 /* CollectionActionSheet.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = CollectionActionSheet.swift; sourceTree = "<group>"; }; + 846703CB234A3CF100355331 /* title-image.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "title-image.png"; sourceTree = "<group>"; }; + 846703CC234A3CF100355331 /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = "<group>"; }; + 846703CF234A3CF100355331 /* Roboto-Medium.ttf */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Roboto-Medium.ttf"; sourceTree = "<group>"; }; + 846703D0234A3CF100355331 /* Roboto-Light.ttf */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Roboto-Light.ttf"; sourceTree = "<group>"; }; + 846703D1234A3CF100355331 /* Roboto-Regular.ttf */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Roboto-Regular.ttf"; sourceTree = "<group>"; }; + 846703D2234A3CF100355331 /* Roboto-MediumItalic.ttf */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Roboto-MediumItalic.ttf"; sourceTree = "<group>"; }; + 846703D3234A3CF100355331 /* Roboto-ThinItalic.ttf */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Roboto-ThinItalic.ttf"; sourceTree = "<group>"; }; + 846703D4234A3CF100355331 /* Roboto-BoldItalic.ttf */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Roboto-BoldItalic.ttf"; sourceTree = "<group>"; }; + 846703D5234A3CF100355331 /* Roboto-LightItalic.ttf */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Roboto-LightItalic.ttf"; sourceTree = "<group>"; }; + 846703D6234A3CF100355331 /* Roboto-Italic.ttf */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Roboto-Italic.ttf"; sourceTree = "<group>"; }; + 846703D7234A3CF100355331 /* LICENSE.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = LICENSE.txt; sourceTree = "<group>"; }; + 846703D8234A3CF100355331 /* Roboto-BlackItalic.ttf */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Roboto-BlackItalic.ttf"; sourceTree = "<group>"; }; + 846703D9234A3CF100355331 /* Roboto-Bold.ttf */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Roboto-Bold.ttf"; sourceTree = "<group>"; }; + 846703DA234A3CF100355331 /* Roboto-Thin.ttf */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Roboto-Thin.ttf"; sourceTree = "<group>"; }; + 846703DB234A3CF100355331 /* Roboto-Black.ttf */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Roboto-Black.ttf"; sourceTree = "<group>"; }; + 846703DD234A3CF100355331 /* FoodMenu.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = FoodMenu.swift; sourceTree = "<group>"; }; + 846703DE234A3CF100355331 /* LinkMenu.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = LinkMenu.swift; sourceTree = "<group>"; }; + 846703DF234A3CF100355331 /* SingleSelectMenu.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SingleSelectMenu.swift; sourceTree = "<group>"; }; + 846703E0234A3CF100355331 /* DestructiveMenu.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = DestructiveMenu.swift; sourceTree = "<group>"; }; + 846703E1234A3CF100355331 /* MultiSelectMenu.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = MultiSelectMenu.swift; sourceTree = "<group>"; }; + 846703E2234A3CF100355331 /* ItemMenu.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ItemMenu.swift; sourceTree = "<group>"; }; + 846703E3234A3CF100355331 /* CustomMenu.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = CustomMenu.swift; sourceTree = "<group>"; }; + 846703E4234A3CF100355331 /* SectionMenu.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SectionMenu.swift; sourceTree = "<group>"; }; + 846703E5234A3CF100355331 /* CollectionMenu.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = CollectionMenu.swift; sourceTree = "<group>"; }; + 847E09EC239DA5E70058179D /* ActionSheetPresenterBase.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetPresenterBase.swift; sourceTree = "<group>"; }; + 84A24ECA236C64F200DB060C /* SecondaryActionItem.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecondaryActionItem.swift; sourceTree = "<group>"; }; + 84A24ECC236C66CD00DB060C /* SecondaryActionItemTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecondaryActionItemTests.swift; sourceTree = "<group>"; }; + 84A24ECF236C6C5B00DB060C /* SecondaryActionItem+ActionSheet.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "SecondaryActionItem+ActionSheet.swift"; sourceTree = "<group>"; }; + 84A24ED1236C6CA200DB060C /* ActionSheetSecondaryActionItemCell.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetSecondaryActionItemCell.swift; sourceTree = "<group>"; }; + 84A24ED3236C6DB500DB060C /* ActionSheetSecondaryActionItemTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetSecondaryActionItemTests.swift; sourceTree = "<group>"; }; + 84A24ED7236C6FAF00DB060C /* SecondaryActionItem+ActionSheetTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "SecondaryActionItem+ActionSheetTests.swift"; sourceTree = "<group>"; }; + 84A24EDA236C72C900DB060C /* SecondaryActionMenu.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecondaryActionMenu.swift; sourceTree = "<group>"; }; + 84A24EDC236C84D900DB060C /* MenuCreator.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MenuCreator.swift; sourceTree = "<group>"; }; + 84BDF8B22347D43F00D35F93 /* .swiftlint.yml */ = {isa = PBXFileReference; lastKnownFileType = text.yaml; path = .swiftlint.yml; sourceTree = "<group>"; }; + 84BDF8B32347D43F00D35F93 /* .gitignore */ = {isa = PBXFileReference; lastKnownFileType = text; path = .gitignore; sourceTree = "<group>"; }; + 84F64BA0239D8FEF000290D1 /* ActionSheet+Header.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "ActionSheet+Header.swift"; sourceTree = "<group>"; }; + 84F64BA2239D9630000290D1 /* ActionSheet+Configuration.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "ActionSheet+Configuration.swift"; sourceTree = "<group>"; }; + 84F64BA4239D99D6000290D1 /* ActionSheet+ConfigurationTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "ActionSheet+ConfigurationTests.swift"; sourceTree = "<group>"; }; + 84F64BA6239D9CB5000290D1 /* ActionSheet+Deprecations.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "ActionSheet+Deprecations.swift"; sourceTree = "<group>"; }; + A963E2AF24A9D22900665C6B /* Package.resolved */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Package.resolved; sourceTree = "<group>"; }; + OBJ_10 /* ActionSheet+Presenter.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "ActionSheet+Presenter.swift"; sourceTree = "<group>"; }; + OBJ_100 /* SingleSelectItem.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SingleSelectItem.swift; sourceTree = "<group>"; }; + OBJ_101 /* Menu.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Menu.swift; sourceTree = "<group>"; }; + OBJ_103 /* MenuItem.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MenuItem.swift; sourceTree = "<group>"; }; + OBJ_105 /* MenuTitle.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MenuTitle.swift; sourceTree = "<group>"; }; + OBJ_106 /* SectionMagin.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SectionMagin.swift; sourceTree = "<group>"; }; + OBJ_107 /* SectionTitle.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SectionTitle.swift; sourceTree = "<group>"; }; + OBJ_11 /* ActionSheet+Scroll.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "ActionSheet+Scroll.swift"; sourceTree = "<group>"; }; + OBJ_111 /* ActionSheet+PresenterTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "ActionSheet+PresenterTests.swift"; sourceTree = "<group>"; }; + OBJ_112 /* ActionSheetItemHandlerTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetItemHandlerTests.swift; sourceTree = "<group>"; }; + OBJ_113 /* ActionSheetMarginTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetMarginTests.swift; sourceTree = "<group>"; }; + OBJ_114 /* ActionSheetTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetTests.swift; sourceTree = "<group>"; }; + OBJ_116 /* ActionSheet+AppearanceTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "ActionSheet+AppearanceTests.swift"; sourceTree = "<group>"; }; + OBJ_117 /* ActionSheetAppearanceTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetAppearanceTests.swift; sourceTree = "<group>"; }; + OBJ_118 /* ActionSheetColorTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetColorTests.swift; sourceTree = "<group>"; }; + OBJ_119 /* UIColor+ActionSheetColorTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "UIColor+ActionSheetColorTests.swift"; sourceTree = "<group>"; }; + OBJ_12 /* ActionSheet.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheet.swift; sourceTree = "<group>"; }; + OBJ_121 /* UIEdgeInsets+HiddenTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "UIEdgeInsets+HiddenTests.swift"; sourceTree = "<group>"; }; + OBJ_122 /* UIView+SubviewsTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "UIView+SubviewsTests.swift"; sourceTree = "<group>"; }; + OBJ_123 /* UIViewController+RootViewControllerTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "UIViewController+RootViewControllerTests.swift"; sourceTree = "<group>"; }; + OBJ_126 /* CancelButton+ActionSheetTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "CancelButton+ActionSheetTests.swift"; sourceTree = "<group>"; }; + OBJ_127 /* DestructiveButton+ActionSheetTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "DestructiveButton+ActionSheetTests.swift"; sourceTree = "<group>"; }; + OBJ_128 /* MenuButtonTests+ActionSheetTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "MenuButtonTests+ActionSheetTests.swift"; sourceTree = "<group>"; }; + OBJ_129 /* OkButton+ActionSheetTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "OkButton+ActionSheetTests.swift"; sourceTree = "<group>"; }; + OBJ_13 /* ActionSheetItemHandler.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetItemHandler.swift; sourceTree = "<group>"; }; + OBJ_131 /* CollectionItem+ActionSheetTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "CollectionItem+ActionSheetTests.swift"; sourceTree = "<group>"; }; + OBJ_132 /* CustomItem+ActionSheetTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "CustomItem+ActionSheetTests.swift"; sourceTree = "<group>"; }; + OBJ_133 /* LinkItem+ActionSheetTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "LinkItem+ActionSheetTests.swift"; sourceTree = "<group>"; }; + OBJ_134 /* MultiSelectItem+ActionSheetTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "MultiSelectItem+ActionSheetTests.swift"; sourceTree = "<group>"; }; + OBJ_135 /* MultiSelectToggleItem+ActionSheetTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "MultiSelectToggleItem+ActionSheetTests.swift"; sourceTree = "<group>"; }; + OBJ_136 /* SelectItem+ActionSheetTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "SelectItem+ActionSheetTests.swift"; sourceTree = "<group>"; }; + OBJ_137 /* SingleSelectItem+ActionSheetTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "SingleSelectItem+ActionSheetTests.swift"; sourceTree = "<group>"; }; + OBJ_138 /* MenuItem+ActionSheetTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "MenuItem+ActionSheetTests.swift"; sourceTree = "<group>"; }; + OBJ_14 /* ActionSheetMargin.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetMargin.swift; sourceTree = "<group>"; }; + OBJ_140 /* MenuTitle+ActionSheetTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "MenuTitle+ActionSheetTests.swift"; sourceTree = "<group>"; }; + OBJ_141 /* SectionMargin+ActionSheetTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "SectionMargin+ActionSheetTests.swift"; sourceTree = "<group>"; }; + OBJ_142 /* SectionTitle+ActionSheetTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "SectionTitle+ActionSheetTests.swift"; sourceTree = "<group>"; }; + OBJ_144 /* MockActionSheet.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MockActionSheet.swift; sourceTree = "<group>"; }; + OBJ_145 /* MockActionSheetAppearance.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MockActionSheetAppearance.swift; sourceTree = "<group>"; }; + OBJ_146 /* MockActionSheetPresenter.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MockActionSheetPresenter.swift; sourceTree = "<group>"; }; + OBJ_147 /* MockNotificationCenter.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MockNotificationCenter.swift; sourceTree = "<group>"; }; + OBJ_148 /* MockTableView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MockTableView.swift; sourceTree = "<group>"; }; + OBJ_149 /* MockViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MockViewController.swift; sourceTree = "<group>"; }; + OBJ_151 /* ActionSheetPopoverPresenterTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetPopoverPresenterTests.swift; sourceTree = "<group>"; }; + OBJ_152 /* ActionSheetStandardPresenterTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetStandardPresenterTests.swift; sourceTree = "<group>"; }; + OBJ_154 /* ActionSheetBackgroundViewTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetBackgroundViewTests.swift; sourceTree = "<group>"; }; + OBJ_155 /* ActionSheetHeaderContainerViewTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetHeaderContainerViewTests.swift; sourceTree = "<group>"; }; + OBJ_156 /* ActionSheetStackViewTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetStackViewTests.swift; sourceTree = "<group>"; }; + OBJ_157 /* ActionSheetTableViewTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetTableViewTests.swift; sourceTree = "<group>"; }; + OBJ_16 /* ActionSheet+Appearance.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "ActionSheet+Appearance.swift"; sourceTree = "<group>"; }; + OBJ_160 /* ActionSheetItemCellTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetItemCellTests.swift; sourceTree = "<group>"; }; + OBJ_162 /* ActionSheetLinkItemCellTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetLinkItemCellTests.swift; sourceTree = "<group>"; }; + OBJ_163 /* ActionSheetSelectItemCellTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetSelectItemCellTests.swift; sourceTree = "<group>"; }; + OBJ_165 /* Menu+AlertControllerTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Menu+AlertControllerTests.swift"; sourceTree = "<group>"; }; + OBJ_166 /* MenuItem+AlertControllerTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "MenuItem+AlertControllerTests.swift"; sourceTree = "<group>"; }; + OBJ_168 /* ContextMenuDelegateTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ContextMenuDelegateTests.swift; sourceTree = "<group>"; }; + OBJ_169 /* Menu+ContextMenuTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Menu+ContextMenuTests.swift"; sourceTree = "<group>"; }; + OBJ_17 /* ActionSheetAppearance.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetAppearance.swift; sourceTree = "<group>"; }; + OBJ_170 /* MenuItem+ContextMenuTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "MenuItem+ContextMenuTests.swift"; sourceTree = "<group>"; }; + OBJ_173 /* NSObject+ClassNameTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "NSObject+ClassNameTests.swift"; sourceTree = "<group>"; }; + OBJ_176 /* CancelButtonTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CancelButtonTests.swift; sourceTree = "<group>"; }; + OBJ_177 /* DestructiveButtonTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DestructiveButtonTests.swift; sourceTree = "<group>"; }; + OBJ_178 /* MenuButtonTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MenuButtonTests.swift; sourceTree = "<group>"; }; + OBJ_179 /* OkButtonTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = OkButtonTests.swift; sourceTree = "<group>"; }; + OBJ_18 /* ActionSheetColor.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetColor.swift; sourceTree = "<group>"; }; + OBJ_181 /* CollectionItemTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CollectionItemTests.swift; sourceTree = "<group>"; }; + OBJ_182 /* CustomItemTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CustomItemTests.swift; sourceTree = "<group>"; }; + OBJ_183 /* LinkItemTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LinkItemTests.swift; sourceTree = "<group>"; }; + OBJ_184 /* MultiSelectItemTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MultiSelectItemTests.swift; sourceTree = "<group>"; }; + OBJ_185 /* MultiSelectToggleItemTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MultiSelectToggleItemTests.swift; sourceTree = "<group>"; }; + OBJ_186 /* SelectItemTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SelectItemTests.swift; sourceTree = "<group>"; }; + OBJ_187 /* SingleSelectItemTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SingleSelectItemTests.swift; sourceTree = "<group>"; }; + OBJ_189 /* MenuItemTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MenuItemTests.swift; sourceTree = "<group>"; }; + OBJ_19 /* UIColor+ActionSheetColor.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "UIColor+ActionSheetColor.swift"; sourceTree = "<group>"; }; + OBJ_190 /* MenuTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MenuTests.swift; sourceTree = "<group>"; }; + OBJ_192 /* MockMenuItem.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MockMenuItem.swift; sourceTree = "<group>"; }; + OBJ_194 /* MenuTitleTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MenuTitleTests.swift; sourceTree = "<group>"; }; + OBJ_195 /* SectionMarginTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SectionMarginTests.swift; sourceTree = "<group>"; }; + OBJ_196 /* SectionTitleTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SectionTitleTests.swift; sourceTree = "<group>"; }; + OBJ_21 /* UIEdgeInsets+Hidden.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "UIEdgeInsets+Hidden.swift"; sourceTree = "<group>"; }; + OBJ_22 /* UIView+Subviews.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "UIView+Subviews.swift"; sourceTree = "<group>"; }; + OBJ_23 /* UIViewController+RootViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "UIViewController+RootViewController.swift"; sourceTree = "<group>"; }; + OBJ_26 /* CancelButton+ActionSheet.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "CancelButton+ActionSheet.swift"; sourceTree = "<group>"; }; + OBJ_27 /* DestructiveButton+ActionSheet.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "DestructiveButton+ActionSheet.swift"; sourceTree = "<group>"; }; + OBJ_28 /* MenuButton+ActionSheet.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "MenuButton+ActionSheet.swift"; sourceTree = "<group>"; }; + OBJ_29 /* OkButton+ActionSheet.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "OkButton+ActionSheet.swift"; sourceTree = "<group>"; }; + OBJ_304 /* Resources */ = {isa = PBXFileReference; lastKnownFileType = folder; path = Resources; sourceTree = SOURCE_ROOT; }; + OBJ_306 /* Fastlane */ = {isa = PBXFileReference; lastKnownFileType = folder; path = Fastlane; sourceTree = SOURCE_ROOT; }; + OBJ_307 /* Readmes */ = {isa = PBXFileReference; lastKnownFileType = folder; path = Readmes; sourceTree = SOURCE_ROOT; }; + OBJ_308 /* LICENSE */ = {isa = PBXFileReference; lastKnownFileType = text; path = LICENSE; sourceTree = "<group>"; }; + OBJ_309 /* Foo.podspec */ = {isa = PBXFileReference; lastKnownFileType = text; path = Foo.podspec; sourceTree = "<group>"; }; + OBJ_31 /* CollectionItem+ActionSheet.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "CollectionItem+ActionSheet.swift"; sourceTree = "<group>"; }; + OBJ_310 /* README.md */ = {isa = PBXFileReference; lastKnownFileType = net.daringfireball.markdown; path = README.md; sourceTree = "<group>"; }; + OBJ_311 /* RELEASE_NOTES.md */ = {isa = PBXFileReference; lastKnownFileType = net.daringfireball.markdown; path = RELEASE_NOTES.md; sourceTree = "<group>"; }; + OBJ_32 /* CustomItem+ActionSheet.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "CustomItem+ActionSheet.swift"; sourceTree = "<group>"; }; + OBJ_33 /* LinkItem+ActionSheet.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "LinkItem+ActionSheet.swift"; sourceTree = "<group>"; }; + OBJ_34 /* MultiSelectItem+ActionSheet.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "MultiSelectItem+ActionSheet.swift"; sourceTree = "<group>"; }; + OBJ_35 /* MultiSelectToggleItem+ActionSheet.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "MultiSelectToggleItem+ActionSheet.swift"; sourceTree = "<group>"; }; + OBJ_36 /* SelectItem+ActionSheet.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "SelectItem+ActionSheet.swift"; sourceTree = "<group>"; }; + OBJ_37 /* SingleSelectItem+ActionSheet.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "SingleSelectItem+ActionSheet.swift"; sourceTree = "<group>"; }; + OBJ_38 /* Menu+ActionSheet.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Menu+ActionSheet.swift"; sourceTree = "<group>"; }; + OBJ_39 /* MenuItem+ActionSheet.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "MenuItem+ActionSheet.swift"; sourceTree = "<group>"; }; + OBJ_41 /* MenuTitle+ActionSheet.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "MenuTitle+ActionSheet.swift"; sourceTree = "<group>"; }; + OBJ_42 /* SectionMargin+ActionSheet.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "SectionMargin+ActionSheet.swift"; sourceTree = "<group>"; }; + OBJ_43 /* SectionTitle+ActionSheet.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "SectionTitle+ActionSheet.swift"; sourceTree = "<group>"; }; + OBJ_45 /* ActionSheetPopoverPresenter.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetPopoverPresenter.swift; sourceTree = "<group>"; }; + OBJ_46 /* ActionSheetPresenter.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetPresenter.swift; sourceTree = "<group>"; }; + OBJ_47 /* ActionSheetStandardPresenter.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetStandardPresenter.swift; sourceTree = "<group>"; }; + OBJ_49 /* ActionSheetBackgroundView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetBackgroundView.swift; sourceTree = "<group>"; }; + OBJ_50 /* ActionSheetButtonTableView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetButtonTableView.swift; sourceTree = "<group>"; }; + OBJ_51 /* ActionSheetHeaderContainerView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetHeaderContainerView.swift; sourceTree = "<group>"; }; + OBJ_52 /* ActionSheetItemTableView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetItemTableView.swift; sourceTree = "<group>"; }; + OBJ_53 /* ActionSheetStackView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetStackView.swift; sourceTree = "<group>"; }; + OBJ_54 /* ActionSheetTableView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetTableView.swift; sourceTree = "<group>"; }; + OBJ_57 /* ActionSheetItemCell.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetItemCell.swift; sourceTree = "<group>"; }; + OBJ_6 /* Package.swift */ = {isa = PBXFileReference; explicitFileType = sourcecode.swift; path = Package.swift; sourceTree = "<group>"; }; + OBJ_63 /* ActionSheetCollectionItemCell.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetCollectionItemCell.swift; sourceTree = "<group>"; }; + OBJ_64 /* ActionSheetCollectionItemCellHandler.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetCollectionItemCellHandler.swift; sourceTree = "<group>"; }; + OBJ_65 /* ActionSheetLinkItemCell.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetLinkItemCell.swift; sourceTree = "<group>"; }; + OBJ_67 /* ActionSheetMultiSelectToggleItemCell.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetMultiSelectToggleItemCell.swift; sourceTree = "<group>"; }; + OBJ_68 /* ActionSheetSelectItemCell.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ActionSheetSelectItemCell.swift; sourceTree = "<group>"; }; + OBJ_75 /* AlertControllerConversionError.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AlertControllerConversionError.swift; sourceTree = "<group>"; }; + OBJ_76 /* Menu+AlertController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Menu+AlertController.swift"; sourceTree = "<group>"; }; + OBJ_77 /* MenuItem+AlertController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "MenuItem+AlertController.swift"; sourceTree = "<group>"; }; + OBJ_78 /* UIViewController+AlertController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "UIViewController+AlertController.swift"; sourceTree = "<group>"; }; + OBJ_80 /* ContextMenuConversionError.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ContextMenuConversionError.swift; sourceTree = "<group>"; }; + OBJ_81 /* ContextMenuDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ContextMenuDelegate.swift; sourceTree = "<group>"; }; + OBJ_82 /* ContextMenuDelegateRetainer.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ContextMenuDelegateRetainer.swift; sourceTree = "<group>"; }; + OBJ_83 /* MenuCreator+ContextMenu.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "MenuCreator+ContextMenu.swift"; sourceTree = "<group>"; }; + OBJ_84 /* MenuItem+ContextMenu.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "MenuItem+ContextMenu.swift"; sourceTree = "<group>"; }; + OBJ_86 /* NSObject+ClassName.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "NSObject+ClassName.swift"; sourceTree = "<group>"; }; + OBJ_89 /* CancelButton.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CancelButton.swift; sourceTree = "<group>"; }; + OBJ_90 /* DestructiveButton.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DestructiveButton.swift; sourceTree = "<group>"; }; + OBJ_91 /* MenuButton.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MenuButton.swift; sourceTree = "<group>"; }; + OBJ_92 /* OkButton.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = OkButton.swift; sourceTree = "<group>"; }; + OBJ_94 /* CollectionItem.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CollectionItem.swift; sourceTree = "<group>"; }; + OBJ_95 /* CustomItem.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CustomItem.swift; sourceTree = "<group>"; }; + OBJ_96 /* LinkItem.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LinkItem.swift; sourceTree = "<group>"; }; + OBJ_97 /* MultiSelectItem.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MultiSelectItem.swift; sourceTree = "<group>"; }; + OBJ_98 /* MultiSelectToggleItem.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MultiSelectToggleItem.swift; sourceTree = "<group>"; }; + OBJ_99 /* SelectItem.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SelectItem.swift; sourceTree = "<group>"; }; + "Foo::Foo::Product" /* Foo.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; path = Foo.framework; sourceTree = BUILT_PRODUCTS_DIR; }; + "Foo::FooTests::Product" /* FooTests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; path = FooTests.xctest; sourceTree = BUILT_PRODUCTS_DIR; }; +/* End PBXFileReference section */ + +/* Begin PBXFrameworksBuildPhase section */ + 84670394234A3C4500355331 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + 84670419234A3E9C00355331 /* Foo.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + OBJ_521 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 0; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + OBJ_606 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 0; + files = ( + 84D3AF312434B1510007BE9B /* Nimble in Frameworks */, + A9FA9D3A26A17AC40047114E /* MockingKit in Frameworks */, + 84D3AF2E2434B1420007BE9B /* Quick in Frameworks */, + OBJ_611 /* Foo.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXFrameworksBuildPhase section */ + +/* Begin PBXGroup section */ + 8422CB77239DCC6900251D31 /* Deprecations */ = { + isa = PBXGroup; + children = ( + 84F64BA6239D9CB5000290D1 /* ActionSheet+Deprecations.swift */, + 8422CB74239DCBEB00251D31 /* Menu+Deprecations.swift */, + ); + path = Deprecations; + sourceTree = "<group>"; + }; + 84670398234A3C4500355331 /* FooDemo */ = { + isa = PBXGroup; + children = ( + 846703C6234A3CF000355331 /* ActionSheets */, + 84670417234A3D0800355331 /* App */, + 846703C2234A3CF000355331 /* Appearance */, + 846703C9234A3CF100355331 /* Assets */, + 846703BB234A3CF000355331 /* Items */, + 846703DC234A3CF100355331 /* Menus */, + 846703AB234A3CF000355331 /* Options */, + 846703B2234A3CF000355331 /* ViewControllers */, + ); + path = FooDemo; + sourceTree = "<group>"; + }; + 846703AB234A3CF000355331 /* Options */ = { + isa = PBXGroup; + children = ( + 846703B0234A3CF000355331 /* ActionSheetOption.swift */, + 846703AF234A3CF000355331 /* AppearanceOption.swift */, + 846703AD234A3CF000355331 /* FoodOption.swift */, + 846703AC234A3CF000355331 /* FoodOption+ActionSheetItems.swift */, + 846703AE234A3CF000355331 /* MenuOption.swift */, + ); + path = Options; + sourceTree = "<group>"; + }; + 846703B2234A3CF000355331 /* ViewControllers */ = { + isa = PBXGroup; + children = ( + 846703BA234A3CF000355331 /* AppearanceViewController.swift */, + 846703B9234A3CF000355331 /* ContextMenuViewController.swift */, + 846703B3234A3CF000355331 /* ViewController.swift */, + 846703B7234A3CF000355331 /* ViewController+ActionSheets.swift */, + 846703B6234A3CF000355331 /* ViewController+Alert.swift */, + 846703B4234A3CF000355331 /* ViewController+Appearance.swift */, + 846703B5234A3CF000355331 /* ViewController+Menus.swift */, + 846703B8234A3CF000355331 /* ViewController+TableView.swift */, + ); + path = ViewControllers; + sourceTree = "<group>"; + }; + 846703BB234A3CF000355331 /* Items */ = { + isa = PBXGroup; + children = ( + 846703BC234A3CF000355331 /* DemoCustomViewCell.swift */, + 846703BD234A3CF000355331 /* DemoCollectionViewCell.xib */, + 846703BE234A3CF000355331 /* DemoCustomViewCell.xib */, + 846703BF234A3CF000355331 /* DemoCollectionViewCell.swift */, + 843C3B0E25271DE30055BFE6 /* DemoMultilineItem.swift */, + ); + path = Items; + sourceTree = "<group>"; + }; + 846703C2234A3CF000355331 /* Appearance */ = { + isa = PBXGroup; + children = ( + 846703C4234A3CF000355331 /* ColorAppearance.swift */, + 846703C3234A3CF000355331 /* DemoAppearance.swift */, + 846703C5234A3CF000355331 /* DemoFonts.swift */, + ); + path = Appearance; + sourceTree = "<group>"; + }; + 846703C6234A3CF000355331 /* ActionSheets */ = { + isa = PBXGroup; + children = ( + 846703C7234A3CF000355331 /* FoodActionSheet.swift */, + 846703C8234A3CF000355331 /* CollectionActionSheet.swift */, + ); + path = ActionSheets; + sourceTree = "<group>"; + }; + 846703C9234A3CF100355331 /* Assets */ = { + isa = PBXGroup; + children = ( + 846703CA234A3CF100355331 /* Images */, + 846703CC234A3CF100355331 /* Assets.xcassets */, + 846703CD234A3CF100355331 /* Fonts */, + ); + path = Assets; + sourceTree = "<group>"; + }; + 846703CA234A3CF100355331 /* Images */ = { + isa = PBXGroup; + children = ( + 846703CB234A3CF100355331 /* title-image.png */, + ); + path = Images; + sourceTree = "<group>"; + }; + 846703CD234A3CF100355331 /* Fonts */ = { + isa = PBXGroup; + children = ( + 846703CE234A3CF100355331 /* Roboto */, + ); + path = Fonts; + sourceTree = "<group>"; + }; + 846703CE234A3CF100355331 /* Roboto */ = { + isa = PBXGroup; + children = ( + 846703CF234A3CF100355331 /* Roboto-Medium.ttf */, + 846703D0234A3CF100355331 /* Roboto-Light.ttf */, + 846703D1234A3CF100355331 /* Roboto-Regular.ttf */, + 846703D2234A3CF100355331 /* Roboto-MediumItalic.ttf */, + 846703D3234A3CF100355331 /* Roboto-ThinItalic.ttf */, + 846703D4234A3CF100355331 /* Roboto-BoldItalic.ttf */, + 846703D5234A3CF100355331 /* Roboto-LightItalic.ttf */, + 846703D6234A3CF100355331 /* Roboto-Italic.ttf */, + 846703D7234A3CF100355331 /* LICENSE.txt */, + 846703D8234A3CF100355331 /* Roboto-BlackItalic.ttf */, + 846703D9234A3CF100355331 /* Roboto-Bold.ttf */, + 846703DA234A3CF100355331 /* Roboto-Thin.ttf */, + 846703DB234A3CF100355331 /* Roboto-Black.ttf */, + ); + path = Roboto; + sourceTree = "<group>"; + }; + 846703DC234A3CF100355331 /* Menus */ = { + isa = PBXGroup; + children = ( + 846703DD234A3CF100355331 /* FoodMenu.swift */, + 846703E2234A3CF100355331 /* ItemMenu.swift */, + 846703E5234A3CF100355331 /* CollectionMenu.swift */, + 846703E3234A3CF100355331 /* CustomMenu.swift */, + 843C3B1825271FEC0055BFE6 /* DemoMultilineItemMenu.swift */, + 846703E0234A3CF100355331 /* DestructiveMenu.swift */, + 846703DE234A3CF100355331 /* LinkMenu.swift */, + 846703E1234A3CF100355331 /* MultiSelectMenu.swift */, + 84A24EDA236C72C900DB060C /* SecondaryActionMenu.swift */, + 846703E4234A3CF100355331 /* SectionMenu.swift */, + 846703DF234A3CF100355331 /* SingleSelectMenu.swift */, + 8422CB67239DC27500251D31 /* NonDismissableMenu.swift */, + 8422CB69239DC2C400251D31 /* BackgroundDismissableMenu.swift */, + ); + path = Menus; + sourceTree = "<group>"; + }; + 84670417234A3D0800355331 /* App */ = { + isa = PBXGroup; + children = ( + 846703C0234A3CF000355331 /* AppDelegate.swift */, + 846703B1234A3CF000355331 /* Info.plist */, + 846703C1234A3CF000355331 /* SceneDelegate.swift */, + 8467039F234A3C4500355331 /* Main.storyboard */, + 846703A4234A3C4600355331 /* LaunchScreen.storyboard */, + ); + name = App; + sourceTree = "<group>"; + }; + 84670418234A3E9C00355331 /* Frameworks */ = { + isa = PBXGroup; + children = ( + ); + name = Frameworks; + sourceTree = "<group>"; + }; + 84BDF8B12347D42700D35F93 /* Project Files */ = { + isa = PBXGroup; + children = ( + A963E2AF24A9D22900665C6B /* Package.resolved */, + 84BDF8B32347D43F00D35F93 /* .gitignore */, + 84BDF8B22347D43F00D35F93 /* .swiftlint.yml */, + OBJ_308 /* LICENSE */, + OBJ_309 /* Foo.podspec */, + OBJ_310 /* README.md */, + OBJ_311 /* RELEASE_NOTES.md */, + ); + name = "Project Files"; + sourceTree = "<group>"; + }; + OBJ_104 /* Titles */ = { + isa = PBXGroup; + children = ( + OBJ_105 /* MenuTitle.swift */, + OBJ_106 /* SectionMagin.swift */, + OBJ_107 /* SectionTitle.swift */, + ); + path = Titles; + sourceTree = "<group>"; + }; + OBJ_108 /* Tests */ = { + isa = PBXGroup; + children = ( + OBJ_109 /* FooTests */, + ); + name = Tests; + sourceTree = SOURCE_ROOT; + }; + OBJ_109 /* FooTests */ = { + isa = PBXGroup; + children = ( + OBJ_110 /* ActionSheet */, + OBJ_164 /* AlertController */, + OBJ_167 /* ContextMenu */, + OBJ_172 /* Extensions */, + OBJ_174 /* Menu */, + ); + name = FooTests; + path = Tests/FooTests; + sourceTree = SOURCE_ROOT; + }; + OBJ_110 /* ActionSheet */ = { + isa = PBXGroup; + children = ( + OBJ_115 /* Appearance */, + OBJ_158 /* Cells */, + OBJ_120 /* Extensions */, + OBJ_124 /* Menu */, + OBJ_143 /* Mocks */, + OBJ_150 /* Presenters */, + OBJ_153 /* Views */, + 84F64BA4239D99D6000290D1 /* ActionSheet+ConfigurationTests.swift */, + OBJ_111 /* ActionSheet+PresenterTests.swift */, + OBJ_112 /* ActionSheetItemHandlerTests.swift */, + OBJ_113 /* ActionSheetMarginTests.swift */, + OBJ_114 /* ActionSheetTests.swift */, + ); + path = ActionSheet; + sourceTree = "<group>"; + }; + OBJ_115 /* Appearance */ = { + isa = PBXGroup; + children = ( + OBJ_116 /* ActionSheet+AppearanceTests.swift */, + OBJ_117 /* ActionSheetAppearanceTests.swift */, + OBJ_118 /* ActionSheetColorTests.swift */, + OBJ_119 /* UIColor+ActionSheetColorTests.swift */, + ); + path = Appearance; + sourceTree = "<group>"; + }; + OBJ_120 /* Extensions */ = { + isa = PBXGroup; + children = ( + OBJ_121 /* UIEdgeInsets+HiddenTests.swift */, + OBJ_122 /* UIView+SubviewsTests.swift */, + OBJ_123 /* UIViewController+RootViewControllerTests.swift */, + ); + path = Extensions; + sourceTree = "<group>"; + }; + OBJ_124 /* Menu */ = { + isa = PBXGroup; + children = ( + OBJ_138 /* MenuItem+ActionSheetTests.swift */, + OBJ_125 /* Buttons */, + OBJ_130 /* Items */, + OBJ_139 /* Titles */, + ); + path = Menu; + sourceTree = "<group>"; + }; + OBJ_125 /* Buttons */ = { + isa = PBXGroup; + children = ( + OBJ_126 /* CancelButton+ActionSheetTests.swift */, + OBJ_127 /* DestructiveButton+ActionSheetTests.swift */, + OBJ_128 /* MenuButtonTests+ActionSheetTests.swift */, + OBJ_129 /* OkButton+ActionSheetTests.swift */, + ); + path = Buttons; + sourceTree = "<group>"; + }; + OBJ_130 /* Items */ = { + isa = PBXGroup; + children = ( + OBJ_131 /* CollectionItem+ActionSheetTests.swift */, + OBJ_132 /* CustomItem+ActionSheetTests.swift */, + 8422CB80239E21FC00251D31 /* DestructiveItem+ActionSheetTests.swift */, + OBJ_133 /* LinkItem+ActionSheetTests.swift */, + OBJ_134 /* MultiSelectItem+ActionSheetTests.swift */, + OBJ_135 /* MultiSelectToggleItem+ActionSheetTests.swift */, + 84A24ED7236C6FAF00DB060C /* SecondaryActionItem+ActionSheetTests.swift */, + OBJ_136 /* SelectItem+ActionSheetTests.swift */, + OBJ_137 /* SingleSelectItem+ActionSheetTests.swift */, + ); + path = Items; + sourceTree = "<group>"; + }; + OBJ_139 /* Titles */ = { + isa = PBXGroup; + children = ( + OBJ_140 /* MenuTitle+ActionSheetTests.swift */, + OBJ_141 /* SectionMargin+ActionSheetTests.swift */, + OBJ_142 /* SectionTitle+ActionSheetTests.swift */, + ); + path = Titles; + sourceTree = "<group>"; + }; + OBJ_143 /* Mocks */ = { + isa = PBXGroup; + children = ( + OBJ_144 /* MockActionSheet.swift */, + OBJ_145 /* MockActionSheetAppearance.swift */, + OBJ_146 /* MockActionSheetPresenter.swift */, + OBJ_147 /* MockNotificationCenter.swift */, + OBJ_148 /* MockTableView.swift */, + OBJ_149 /* MockViewController.swift */, + ); + path = Mocks; + sourceTree = "<group>"; + }; + OBJ_15 /* Appearance */ = { + isa = PBXGroup; + children = ( + OBJ_16 /* ActionSheet+Appearance.swift */, + OBJ_17 /* ActionSheetAppearance.swift */, + OBJ_18 /* ActionSheetColor.swift */, + OBJ_19 /* UIColor+ActionSheetColor.swift */, + ); + path = Appearance; + sourceTree = "<group>"; + }; + OBJ_150 /* Presenters */ = { + isa = PBXGroup; + children = ( + OBJ_151 /* ActionSheetPopoverPresenterTests.swift */, + 8422CB61239DAF9B00251D31 /* ActionSheetPopoverPresenter+PresentationDelegateTests.swift */, + OBJ_152 /* ActionSheetStandardPresenterTests.swift */, + 8422CB64239DB6F600251D31 /* ActionSheetPresenterBaseTests.swift */, + ); + path = Presenters; + sourceTree = "<group>"; + }; + OBJ_153 /* Views */ = { + isa = PBXGroup; + children = ( + OBJ_154 /* ActionSheetBackgroundViewTests.swift */, + OBJ_155 /* ActionSheetHeaderContainerViewTests.swift */, + OBJ_156 /* ActionSheetStackViewTests.swift */, + OBJ_157 /* ActionSheetTableViewTests.swift */, + ); + path = Views; + sourceTree = "<group>"; + }; + OBJ_158 /* Cells */ = { + isa = PBXGroup; + children = ( + OBJ_160 /* ActionSheetItemCellTests.swift */, + OBJ_162 /* ActionSheetLinkItemCellTests.swift */, + OBJ_163 /* ActionSheetSelectItemCellTests.swift */, + 84A24ED3236C6DB500DB060C /* ActionSheetSecondaryActionItemTests.swift */, + ); + path = Cells; + sourceTree = "<group>"; + }; + OBJ_164 /* AlertController */ = { + isa = PBXGroup; + children = ( + OBJ_165 /* Menu+AlertControllerTests.swift */, + OBJ_166 /* MenuItem+AlertControllerTests.swift */, + ); + path = AlertController; + sourceTree = "<group>"; + }; + OBJ_167 /* ContextMenu */ = { + isa = PBXGroup; + children = ( + 8422CB6F239DC81800251D31 /* ContextMenu+ConfigurationTests.swift */, + OBJ_168 /* ContextMenuDelegateTests.swift */, + OBJ_169 /* Menu+ContextMenuTests.swift */, + OBJ_170 /* MenuItem+ContextMenuTests.swift */, + ); + path = ContextMenu; + sourceTree = "<group>"; + }; + OBJ_172 /* Extensions */ = { + isa = PBXGroup; + children = ( + OBJ_173 /* NSObject+ClassNameTests.swift */, + ); + path = Extensions; + sourceTree = "<group>"; + }; + OBJ_174 /* Menu */ = { + isa = PBXGroup; + children = ( + OBJ_175 /* Buttons */, + OBJ_180 /* Items */, + OBJ_191 /* Mocks */, + OBJ_193 /* Titles */, + OBJ_189 /* MenuItemTests.swift */, + OBJ_190 /* MenuTests.swift */, + ); + path = Menu; + sourceTree = "<group>"; + }; + OBJ_175 /* Buttons */ = { + isa = PBXGroup; + children = ( + OBJ_176 /* CancelButtonTests.swift */, + OBJ_177 /* DestructiveButtonTests.swift */, + OBJ_178 /* MenuButtonTests.swift */, + OBJ_179 /* OkButtonTests.swift */, + ); + path = Buttons; + sourceTree = "<group>"; + }; + OBJ_180 /* Items */ = { + isa = PBXGroup; + children = ( + OBJ_181 /* CollectionItemTests.swift */, + OBJ_182 /* CustomItemTests.swift */, + OBJ_183 /* LinkItemTests.swift */, + OBJ_184 /* MultiSelectItemTests.swift */, + OBJ_185 /* MultiSelectToggleItemTests.swift */, + OBJ_186 /* SelectItemTests.swift */, + OBJ_187 /* SingleSelectItemTests.swift */, + 84A24ECC236C66CD00DB060C /* SecondaryActionItemTests.swift */, + ); + path = Items; + sourceTree = "<group>"; + }; + OBJ_191 /* Mocks */ = { + isa = PBXGroup; + children = ( + OBJ_192 /* MockMenuItem.swift */, + ); + path = Mocks; + sourceTree = "<group>"; + }; + OBJ_193 /* Titles */ = { + isa = PBXGroup; + children = ( + OBJ_194 /* MenuTitleTests.swift */, + OBJ_195 /* SectionMarginTests.swift */, + OBJ_196 /* SectionTitleTests.swift */, + ); + path = Titles; + sourceTree = "<group>"; + }; + OBJ_20 /* Extensions */ = { + isa = PBXGroup; + children = ( + OBJ_21 /* UIEdgeInsets+Hidden.swift */, + OBJ_22 /* UIView+Subviews.swift */, + OBJ_23 /* UIViewController+RootViewController.swift */, + ); + path = Extensions; + sourceTree = "<group>"; + }; + OBJ_24 /* Menu */ = { + isa = PBXGroup; + children = ( + OBJ_25 /* Buttons */, + OBJ_30 /* Items */, + OBJ_40 /* Titles */, + OBJ_38 /* Menu+ActionSheet.swift */, + OBJ_39 /* MenuItem+ActionSheet.swift */, + ); + path = Menu; + sourceTree = "<group>"; + }; + OBJ_25 /* Buttons */ = { + isa = PBXGroup; + children = ( + OBJ_26 /* CancelButton+ActionSheet.swift */, + OBJ_27 /* DestructiveButton+ActionSheet.swift */, + OBJ_28 /* MenuButton+ActionSheet.swift */, + OBJ_29 /* OkButton+ActionSheet.swift */, + ); + path = Buttons; + sourceTree = "<group>"; + }; + OBJ_297 /* Products */ = { + isa = PBXGroup; + children = ( + "Foo::Foo::Product" /* Foo.framework */, + "Foo::FooTests::Product" /* FooTests.xctest */, + 84670397234A3C4500355331 /* FooDemo.app */, + ); + name = Products; + sourceTree = BUILT_PRODUCTS_DIR; + }; + OBJ_30 /* Items */ = { + isa = PBXGroup; + children = ( + OBJ_31 /* CollectionItem+ActionSheet.swift */, + OBJ_32 /* CustomItem+ActionSheet.swift */, + 8422CB7B239E209C00251D31 /* DestructiveItem+ActionSheet.swift */, + OBJ_33 /* LinkItem+ActionSheet.swift */, + OBJ_34 /* MultiSelectItem+ActionSheet.swift */, + OBJ_35 /* MultiSelectToggleItem+ActionSheet.swift */, + 84A24ECF236C6C5B00DB060C /* SecondaryActionItem+ActionSheet.swift */, + OBJ_36 /* SelectItem+ActionSheet.swift */, + OBJ_37 /* SingleSelectItem+ActionSheet.swift */, + ); + path = Items; + sourceTree = "<group>"; + }; + OBJ_40 /* Titles */ = { + isa = PBXGroup; + children = ( + OBJ_41 /* MenuTitle+ActionSheet.swift */, + OBJ_42 /* SectionMargin+ActionSheet.swift */, + OBJ_43 /* SectionTitle+ActionSheet.swift */, + ); + path = Titles; + sourceTree = "<group>"; + }; + OBJ_44 /* Presenters */ = { + isa = PBXGroup; + children = ( + OBJ_45 /* ActionSheetPopoverPresenter.swift */, + 8422CB5F239DAF5600251D31 /* ActionSheetPopoverPresenter+PresentationDelegate.swift */, + OBJ_46 /* ActionSheetPresenter.swift */, + 847E09EC239DA5E70058179D /* ActionSheetPresenterBase.swift */, + OBJ_47 /* ActionSheetStandardPresenter.swift */, + ); + path = Presenters; + sourceTree = "<group>"; + }; + OBJ_48 /* Views */ = { + isa = PBXGroup; + children = ( + OBJ_49 /* ActionSheetBackgroundView.swift */, + OBJ_50 /* ActionSheetButtonTableView.swift */, + OBJ_51 /* ActionSheetHeaderContainerView.swift */, + OBJ_52 /* ActionSheetItemTableView.swift */, + OBJ_53 /* ActionSheetStackView.swift */, + OBJ_54 /* ActionSheetTableView.swift */, + ); + path = Views; + sourceTree = "<group>"; + }; + OBJ_5 = { + isa = PBXGroup; + children = ( + OBJ_6 /* Package.swift */, + OBJ_7 /* Sources */, + OBJ_108 /* Tests */, + 84670398234A3C4500355331 /* FooDemo */, + OBJ_297 /* Products */, + OBJ_304 /* Resources */, + OBJ_306 /* Fastlane */, + OBJ_307 /* Readmes */, + 84BDF8B12347D42700D35F93 /* Project Files */, + 84670418234A3E9C00355331 /* Frameworks */, + ); + sourceTree = "<group>"; + }; + OBJ_55 /* Cells */ = { + isa = PBXGroup; + children = ( + OBJ_63 /* ActionSheetCollectionItemCell.swift */, + OBJ_64 /* ActionSheetCollectionItemCellHandler.swift */, + OBJ_57 /* ActionSheetItemCell.swift */, + 8405566E23527E1E0064EC7D /* ActionSheetItemCells.swift */, + OBJ_65 /* ActionSheetLinkItemCell.swift */, + OBJ_67 /* ActionSheetMultiSelectToggleItemCell.swift */, + 84A24ED1236C6CA200DB060C /* ActionSheetSecondaryActionItemCell.swift */, + OBJ_68 /* ActionSheetSelectItemCell.swift */, + ); + path = Cells; + sourceTree = "<group>"; + }; + OBJ_7 /* Sources */ = { + isa = PBXGroup; + children = ( + OBJ_8 /* Foo */, + ); + name = Sources; + sourceTree = SOURCE_ROOT; + }; + OBJ_74 /* AlertController */ = { + isa = PBXGroup; + children = ( + OBJ_75 /* AlertControllerConversionError.swift */, + OBJ_76 /* Menu+AlertController.swift */, + OBJ_77 /* MenuItem+AlertController.swift */, + OBJ_78 /* UIViewController+AlertController.swift */, + ); + path = AlertController; + sourceTree = "<group>"; + }; + OBJ_79 /* ContextMenu */ = { + isa = PBXGroup; + children = ( + 8422CB6D239DC6DA00251D31 /* ContextMenu.swift */, + 8422CB6B239DC6B100251D31 /* ContextMenu+Configuration.swift */, + OBJ_80 /* ContextMenuConversionError.swift */, + OBJ_81 /* ContextMenuDelegate.swift */, + OBJ_82 /* ContextMenuDelegateRetainer.swift */, + OBJ_83 /* MenuCreator+ContextMenu.swift */, + OBJ_84 /* MenuItem+ContextMenu.swift */, + ); + path = ContextMenu; + sourceTree = "<group>"; + }; + OBJ_8 /* Foo */ = { + isa = PBXGroup; + children = ( + OBJ_9 /* ActionSheet */, + OBJ_74 /* AlertController */, + OBJ_79 /* ContextMenu */, + 8422CB77239DCC6900251D31 /* Deprecations */, + OBJ_85 /* Extensions */, + OBJ_87 /* Menu */, + ); + name = Foo; + path = Sources/Foo; + sourceTree = SOURCE_ROOT; + }; + OBJ_85 /* Extensions */ = { + isa = PBXGroup; + children = ( + OBJ_86 /* NSObject+ClassName.swift */, + ); + path = Extensions; + sourceTree = "<group>"; + }; + OBJ_87 /* Menu */ = { + isa = PBXGroup; + children = ( + OBJ_88 /* Buttons */, + OBJ_93 /* Items */, + OBJ_104 /* Titles */, + OBJ_101 /* Menu.swift */, + 84A24EDC236C84D900DB060C /* MenuCreator.swift */, + OBJ_103 /* MenuItem.swift */, + ); + path = Menu; + sourceTree = "<group>"; + }; + OBJ_88 /* Buttons */ = { + isa = PBXGroup; + children = ( + OBJ_89 /* CancelButton.swift */, + OBJ_90 /* DestructiveButton.swift */, + OBJ_91 /* MenuButton.swift */, + OBJ_92 /* OkButton.swift */, + ); + path = Buttons; + sourceTree = "<group>"; + }; + OBJ_9 /* ActionSheet */ = { + isa = PBXGroup; + children = ( + OBJ_15 /* Appearance */, + OBJ_55 /* Cells */, + OBJ_20 /* Extensions */, + OBJ_24 /* Menu */, + OBJ_44 /* Presenters */, + OBJ_48 /* Views */, + OBJ_12 /* ActionSheet.swift */, + 84F64BA2239D9630000290D1 /* ActionSheet+Configuration.swift */, + OBJ_10 /* ActionSheet+Presenter.swift */, + OBJ_11 /* ActionSheet+Scroll.swift */, + 84F64BA0239D8FEF000290D1 /* ActionSheet+Header.swift */, + OBJ_13 /* ActionSheetItemHandler.swift */, + OBJ_14 /* ActionSheetMargin.swift */, + ); + path = ActionSheet; + sourceTree = "<group>"; + }; + OBJ_93 /* Items */ = { + isa = PBXGroup; + children = ( + OBJ_94 /* CollectionItem.swift */, + OBJ_95 /* CustomItem.swift */, + 8422CB78239E1E6800251D31 /* DestructiveItem.swift */, + OBJ_96 /* LinkItem.swift */, + OBJ_97 /* MultiSelectItem.swift */, + OBJ_98 /* MultiSelectToggleItem.swift */, + 84A24ECA236C64F200DB060C /* SecondaryActionItem.swift */, + OBJ_99 /* SelectItem.swift */, + OBJ_100 /* SingleSelectItem.swift */, + ); + path = Items; + sourceTree = "<group>"; + }; +/* End PBXGroup section */ + +/* Begin PBXNativeTarget section */ + 84670396234A3C4500355331 /* FooDemo */ = { + isa = PBXNativeTarget; + buildConfigurationList = 846703AA234A3C4600355331 /* Build configuration list for PBXNativeTarget "FooDemo" */; + buildPhases = ( + 84670393234A3C4500355331 /* Sources */, + 84670394234A3C4500355331 /* Frameworks */, + 84670395234A3C4500355331 /* Resources */, + 8467041D234A3E9C00355331 /* Embed Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + 8467041C234A3E9C00355331 /* PBXTargetDependency */, + ); + name = FooDemo; + productName = FooDemo; + productReference = 84670397234A3C4500355331 /* FooDemo.app */; + productType = "com.apple.product-type.application"; + }; + "Foo::Foo" /* Foo */ = { + isa = PBXNativeTarget; + buildConfigurationList = OBJ_438 /* Build configuration list for PBXNativeTarget "Foo" */; + buildPhases = ( + OBJ_441 /* Sources */, + OBJ_521 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = Foo; + productName = Foo; + productReference = "Foo::Foo::Product" /* Foo.framework */; + productType = "com.apple.product-type.framework"; + }; + "Foo::FooTests" /* FooTests */ = { + isa = PBXNativeTarget; + buildConfigurationList = OBJ_534 /* Build configuration list for PBXNativeTarget "FooTests" */; + buildPhases = ( + OBJ_537 /* Sources */, + OBJ_606 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + OBJ_616 /* PBXTargetDependency */, + ); + name = FooTests; + packageProductDependencies = ( + 84D3AF2D2434B1420007BE9B /* Quick */, + 84D3AF302434B1510007BE9B /* Nimble */, + A9FA9D3926A17AC40047114E /* MockingKit */, + ); + productName = FooTests; + productReference = "Foo::FooTests::Product" /* FooTests.xctest */; + productType = "com.apple.product-type.bundle.unit-test"; + }; + "Foo::SwiftPMPackageDescription" /* FooPackageDescription */ = { + isa = PBXNativeTarget; + buildConfigurationList = OBJ_523 /* Build configuration list for PBXNativeTarget "FooPackageDescription" */; + buildPhases = ( + OBJ_526 /* Sources */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = FooPackageDescription; + productName = FooPackageDescription; + productType = "com.apple.product-type.framework"; + }; +/* End PBXNativeTarget section */ + +/* Begin PBXProject section */ + OBJ_1 /* Project object */ = { + isa = PBXProject; + attributes = { + LastSwiftMigration = 9999; + LastSwiftUpdateCheck = 1100; + LastUpgradeCheck = 9999; + ORGANIZATIONNAME = "Daniel Saidi"; + TargetAttributes = { + 84670396234A3C4500355331 = { + CreatedOnToolsVersion = 11.0; + DevelopmentTeam = PMEDFW438U; + LastSwiftMigration = 1100; + ProvisioningStyle = Automatic; + }; + }; + }; + buildConfigurationList = OBJ_2 /* Build configuration list for PBXProject "Foo" */; + compatibilityVersion = "Xcode 3.2"; + developmentRegion = en; + hasScannedForEncodings = 0; + knownRegions = ( + en, + Base, + ); + mainGroup = OBJ_5; + packageReferences = ( + 84D3AF2C2434B1420007BE9B /* XCRemoteSwiftPackageReference "Quick" */, + 84D3AF2F2434B1510007BE9B /* XCRemoteSwiftPackageReference "Nimble" */, + A9FA9D3826A17AC30047114E /* XCRemoteSwiftPackageReference "MockingKit" */, + ); + productRefGroup = OBJ_297 /* Products */; + projectDirPath = ""; + projectRoot = ""; + targets = ( + "Foo::Foo" /* Foo */, + "Foo::SwiftPMPackageDescription" /* FooPackageDescription */, + "Foo::FooPackageTests::ProductTarget" /* FooPackageTests */, + "Foo::FooTests" /* FooTests */, + 84670396234A3C4500355331 /* FooDemo */, + ); + }; +/* End PBXProject section */ + +/* Begin PBXResourcesBuildPhase section */ + 84670395234A3C4500355331 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 84670405234A3CF100355331 /* Roboto-ThinItalic.ttf in Resources */, + 84670401234A3CF100355331 /* Roboto-Medium.ttf in Resources */, + 8467040A234A3CF100355331 /* Roboto-BlackItalic.ttf in Resources */, + 84670407234A3CF100355331 /* Roboto-LightItalic.ttf in Resources */, + 846703FF234A3CF100355331 /* title-image.png in Resources */, + 84670403234A3CF100355331 /* Roboto-Regular.ttf in Resources */, + 84670406234A3CF100355331 /* Roboto-BoldItalic.ttf in Resources */, + 8467040D234A3CF100355331 /* Roboto-Black.ttf in Resources */, + 846703A6234A3C4600355331 /* LaunchScreen.storyboard in Resources */, + 84670408234A3CF100355331 /* Roboto-Italic.ttf in Resources */, + 846703A1234A3C4500355331 /* Main.storyboard in Resources */, + 84670400234A3CF100355331 /* Assets.xcassets in Resources */, + 846703F6234A3CF100355331 /* DemoCustomViewCell.xib in Resources */, + 84670409234A3CF100355331 /* LICENSE.txt in Resources */, + 8467040C234A3CF100355331 /* Roboto-Thin.ttf in Resources */, + 8467040B234A3CF100355331 /* Roboto-Bold.ttf in Resources */, + 846703F5234A3CF100355331 /* DemoCollectionViewCell.xib in Resources */, + 84670404234A3CF100355331 /* Roboto-MediumItalic.ttf in Resources */, + 84670402234A3CF100355331 /* Roboto-Light.ttf in Resources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXResourcesBuildPhase section */ + +/* Begin PBXSourcesBuildPhase section */ + 84670393234A3C4500355331 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 846703EF234A3CF100355331 /* ViewController+Alert.swift in Sources */, + 846703F7234A3CF100355331 /* DemoCollectionViewCell.swift in Sources */, + 846703ED234A3CF100355331 /* ViewController+Appearance.swift in Sources */, + 846703EC234A3CF100355331 /* ViewController.swift in Sources */, + 8467040F234A3CF100355331 /* LinkMenu.swift in Sources */, + 84670412234A3CF100355331 /* MultiSelectMenu.swift in Sources */, + 843C3B1925271FEC0055BFE6 /* DemoMultilineItemMenu.swift in Sources */, + 846703F2234A3CF100355331 /* ContextMenuViewController.swift in Sources */, + 846703EA234A3CF100355331 /* ActionSheetOption.swift in Sources */, + 84670410234A3CF100355331 /* SingleSelectMenu.swift in Sources */, + 846703E7234A3CF100355331 /* FoodOption.swift in Sources */, + 846703F9234A3CF100355331 /* SceneDelegate.swift in Sources */, + 846703FB234A3CF100355331 /* ColorAppearance.swift in Sources */, + 84670416234A3CF100355331 /* CollectionMenu.swift in Sources */, + 8422CB6A239DC2C400251D31 /* BackgroundDismissableMenu.swift in Sources */, + 84670415234A3CF100355331 /* SectionMenu.swift in Sources */, + 84670411234A3CF100355331 /* DestructiveMenu.swift in Sources */, + 84A24EDB236C72C900DB060C /* SecondaryActionMenu.swift in Sources */, + 846703E8234A3CF100355331 /* MenuOption.swift in Sources */, + 846703F8234A3CF100355331 /* AppDelegate.swift in Sources */, + 843C3B0F25271DE30055BFE6 /* DemoMultilineItem.swift in Sources */, + 8422CB68239DC27500251D31 /* NonDismissableMenu.swift in Sources */, + 846703FE234A3CF100355331 /* CollectionActionSheet.swift in Sources */, + 846703F3234A3CF100355331 /* AppearanceViewController.swift in Sources */, + 84670413234A3CF100355331 /* ItemMenu.swift in Sources */, + 846703F4234A3CF100355331 /* DemoCustomViewCell.swift in Sources */, + 846703FA234A3CF100355331 /* DemoAppearance.swift in Sources */, + 846703E6234A3CF100355331 /* FoodOption+ActionSheetItems.swift in Sources */, + 8467040E234A3CF100355331 /* FoodMenu.swift in Sources */, + 846703E9234A3CF100355331 /* AppearanceOption.swift in Sources */, + 84670414234A3CF100355331 /* CustomMenu.swift in Sources */, + 846703F0234A3CF100355331 /* ViewController+ActionSheets.swift in Sources */, + 846703FD234A3CF100355331 /* FoodActionSheet.swift in Sources */, + 846703FC234A3CF100355331 /* DemoFonts.swift in Sources */, + 846703F1234A3CF100355331 /* ViewController+TableView.swift in Sources */, + 846703EE234A3CF100355331 /* ViewController+Menus.swift in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + OBJ_441 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 0; + files = ( + OBJ_442 /* ActionSheet+Presenter.swift in Sources */, + OBJ_443 /* ActionSheet+Scroll.swift in Sources */, + OBJ_444 /* ActionSheet.swift in Sources */, + OBJ_445 /* ActionSheetItemHandler.swift in Sources */, + OBJ_446 /* ActionSheetMargin.swift in Sources */, + OBJ_447 /* ActionSheet+Appearance.swift in Sources */, + OBJ_448 /* ActionSheetAppearance.swift in Sources */, + OBJ_449 /* ActionSheetColor.swift in Sources */, + OBJ_450 /* UIColor+ActionSheetColor.swift in Sources */, + OBJ_451 /* UIEdgeInsets+Hidden.swift in Sources */, + OBJ_452 /* UIView+Subviews.swift in Sources */, + OBJ_453 /* UIViewController+RootViewController.swift in Sources */, + OBJ_454 /* CancelButton+ActionSheet.swift in Sources */, + OBJ_455 /* DestructiveButton+ActionSheet.swift in Sources */, + OBJ_456 /* MenuButton+ActionSheet.swift in Sources */, + OBJ_457 /* OkButton+ActionSheet.swift in Sources */, + 84F64BA3239D9630000290D1 /* ActionSheet+Configuration.swift in Sources */, + OBJ_458 /* CollectionItem+ActionSheet.swift in Sources */, + OBJ_459 /* CustomItem+ActionSheet.swift in Sources */, + OBJ_460 /* LinkItem+ActionSheet.swift in Sources */, + OBJ_461 /* MultiSelectItem+ActionSheet.swift in Sources */, + OBJ_462 /* MultiSelectToggleItem+ActionSheet.swift in Sources */, + OBJ_463 /* SelectItem+ActionSheet.swift in Sources */, + OBJ_464 /* SingleSelectItem+ActionSheet.swift in Sources */, + OBJ_465 /* Menu+ActionSheet.swift in Sources */, + OBJ_466 /* MenuItem+ActionSheet.swift in Sources */, + OBJ_467 /* MenuTitle+ActionSheet.swift in Sources */, + 8422CB72239DC85300251D31 /* ContextMenu.swift in Sources */, + OBJ_468 /* SectionMargin+ActionSheet.swift in Sources */, + 84A24EDD236C84D900DB060C /* MenuCreator.swift in Sources */, + OBJ_469 /* SectionTitle+ActionSheet.swift in Sources */, + OBJ_470 /* ActionSheetPopoverPresenter.swift in Sources */, + OBJ_471 /* ActionSheetPresenter.swift in Sources */, + 8405567023527E280064EC7D /* ActionSheetItemCells.swift in Sources */, + OBJ_472 /* ActionSheetStandardPresenter.swift in Sources */, + 84A24ECB236C64F200DB060C /* SecondaryActionItem.swift in Sources */, + 8422CB7A239E1FB600251D31 /* DestructiveItem.swift in Sources */, + 84A24ED0236C6C5B00DB060C /* SecondaryActionItem+ActionSheet.swift in Sources */, + OBJ_473 /* ActionSheetBackgroundView.swift in Sources */, + OBJ_474 /* ActionSheetButtonTableView.swift in Sources */, + OBJ_475 /* ActionSheetHeaderContainerView.swift in Sources */, + 84F64BA1239D8FEF000290D1 /* ActionSheet+Header.swift in Sources */, + OBJ_476 /* ActionSheetItemTableView.swift in Sources */, + 8422CB7D239E20E100251D31 /* DestructiveItem+ActionSheet.swift in Sources */, + OBJ_477 /* ActionSheetStackView.swift in Sources */, + OBJ_478 /* ActionSheetTableView.swift in Sources */, + OBJ_480 /* ActionSheetItemCell.swift in Sources */, + OBJ_484 /* ActionSheetCollectionItemCell.swift in Sources */, + OBJ_485 /* ActionSheetCollectionItemCellHandler.swift in Sources */, + 8422CB73239DC85900251D31 /* ContextMenu+Configuration.swift in Sources */, + OBJ_486 /* ActionSheetLinkItemCell.swift in Sources */, + OBJ_488 /* ActionSheetMultiSelectToggleItemCell.swift in Sources */, + OBJ_489 /* ActionSheetSelectItemCell.swift in Sources */, + OBJ_494 /* AlertControllerConversionError.swift in Sources */, + OBJ_495 /* Menu+AlertController.swift in Sources */, + 8422CB60239DAF5600251D31 /* ActionSheetPopoverPresenter+PresentationDelegate.swift in Sources */, + OBJ_496 /* MenuItem+AlertController.swift in Sources */, + OBJ_497 /* UIViewController+AlertController.swift in Sources */, + OBJ_498 /* ContextMenuConversionError.swift in Sources */, + OBJ_499 /* ContextMenuDelegate.swift in Sources */, + OBJ_500 /* ContextMenuDelegateRetainer.swift in Sources */, + OBJ_501 /* MenuCreator+ContextMenu.swift in Sources */, + OBJ_502 /* MenuItem+ContextMenu.swift in Sources */, + OBJ_503 /* NSObject+ClassName.swift in Sources */, + OBJ_504 /* CancelButton.swift in Sources */, + OBJ_505 /* DestructiveButton.swift in Sources */, + OBJ_506 /* MenuButton.swift in Sources */, + OBJ_507 /* OkButton.swift in Sources */, + OBJ_508 /* CollectionItem.swift in Sources */, + 8422CB76239DCBFD00251D31 /* Menu+Deprecations.swift in Sources */, + OBJ_509 /* CustomItem.swift in Sources */, + OBJ_510 /* LinkItem.swift in Sources */, + OBJ_511 /* MultiSelectItem.swift in Sources */, + OBJ_512 /* MultiSelectToggleItem.swift in Sources */, + 847E09ED239DA5E70058179D /* ActionSheetPresenterBase.swift in Sources */, + OBJ_513 /* SelectItem.swift in Sources */, + OBJ_514 /* SingleSelectItem.swift in Sources */, + OBJ_515 /* Menu.swift in Sources */, + 84F64BA8239D9CD7000290D1 /* ActionSheet+Deprecations.swift in Sources */, + OBJ_517 /* MenuItem.swift in Sources */, + OBJ_518 /* MenuTitle.swift in Sources */, + 84A24ED2236C6CA200DB060C /* ActionSheetSecondaryActionItemCell.swift in Sources */, + OBJ_519 /* SectionMagin.swift in Sources */, + OBJ_520 /* SectionTitle.swift in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + OBJ_526 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 0; + files = ( + OBJ_527 /* Package.swift in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + OBJ_537 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 0; + files = ( + OBJ_538 /* ActionSheet+PresenterTests.swift in Sources */, + OBJ_539 /* ActionSheetItemHandlerTests.swift in Sources */, + OBJ_540 /* ActionSheetMarginTests.swift in Sources */, + OBJ_541 /* ActionSheetTests.swift in Sources */, + OBJ_542 /* ActionSheet+AppearanceTests.swift in Sources */, + OBJ_543 /* ActionSheetAppearanceTests.swift in Sources */, + OBJ_544 /* ActionSheetColorTests.swift in Sources */, + OBJ_545 /* UIColor+ActionSheetColorTests.swift in Sources */, + OBJ_546 /* UIEdgeInsets+HiddenTests.swift in Sources */, + OBJ_547 /* UIView+SubviewsTests.swift in Sources */, + 84F64BA5239D99D6000290D1 /* ActionSheet+ConfigurationTests.swift in Sources */, + OBJ_548 /* UIViewController+RootViewControllerTests.swift in Sources */, + OBJ_549 /* CancelButton+ActionSheetTests.swift in Sources */, + OBJ_550 /* DestructiveButton+ActionSheetTests.swift in Sources */, + OBJ_551 /* MenuButtonTests+ActionSheetTests.swift in Sources */, + OBJ_552 /* OkButton+ActionSheetTests.swift in Sources */, + OBJ_553 /* CollectionItem+ActionSheetTests.swift in Sources */, + OBJ_554 /* CustomItem+ActionSheetTests.swift in Sources */, + OBJ_555 /* LinkItem+ActionSheetTests.swift in Sources */, + OBJ_556 /* MultiSelectItem+ActionSheetTests.swift in Sources */, + 84A24ED9236C724100DB060C /* SecondaryActionItem+ActionSheetTests.swift in Sources */, + OBJ_557 /* MultiSelectToggleItem+ActionSheetTests.swift in Sources */, + OBJ_558 /* SelectItem+ActionSheetTests.swift in Sources */, + OBJ_559 /* SingleSelectItem+ActionSheetTests.swift in Sources */, + OBJ_560 /* MenuItem+ActionSheetTests.swift in Sources */, + OBJ_561 /* MenuTitle+ActionSheetTests.swift in Sources */, + OBJ_562 /* SectionMargin+ActionSheetTests.swift in Sources */, + 8422CB66239DB70C00251D31 /* ActionSheetPresenterBaseTests.swift in Sources */, + OBJ_563 /* SectionTitle+ActionSheetTests.swift in Sources */, + 8422CB63239DAFBC00251D31 /* ActionSheetPopoverPresenter+PresentationDelegateTests.swift in Sources */, + OBJ_564 /* MockActionSheet.swift in Sources */, + OBJ_565 /* MockActionSheetAppearance.swift in Sources */, + OBJ_566 /* MockActionSheetPresenter.swift in Sources */, + OBJ_567 /* MockNotificationCenter.swift in Sources */, + OBJ_568 /* MockTableView.swift in Sources */, + OBJ_569 /* MockViewController.swift in Sources */, + OBJ_570 /* ActionSheetPopoverPresenterTests.swift in Sources */, + OBJ_571 /* ActionSheetStandardPresenterTests.swift in Sources */, + OBJ_572 /* ActionSheetBackgroundViewTests.swift in Sources */, + OBJ_573 /* ActionSheetHeaderContainerViewTests.swift in Sources */, + 8422CB82239E21FF00251D31 /* DestructiveItem+ActionSheetTests.swift in Sources */, + OBJ_574 /* ActionSheetStackViewTests.swift in Sources */, + OBJ_575 /* ActionSheetTableViewTests.swift in Sources */, + OBJ_577 /* ActionSheetItemCellTests.swift in Sources */, + OBJ_578 /* ActionSheetLinkItemCellTests.swift in Sources */, + 8422CB71239DC82C00251D31 /* ContextMenu+ConfigurationTests.swift in Sources */, + OBJ_579 /* ActionSheetSelectItemCellTests.swift in Sources */, + OBJ_580 /* Menu+AlertControllerTests.swift in Sources */, + OBJ_581 /* MenuItem+AlertControllerTests.swift in Sources */, + OBJ_582 /* ContextMenuDelegateTests.swift in Sources */, + OBJ_583 /* Menu+ContextMenuTests.swift in Sources */, + OBJ_584 /* MenuItem+ContextMenuTests.swift in Sources */, + OBJ_586 /* NSObject+ClassNameTests.swift in Sources */, + 84A24ED5236C6DCD00DB060C /* ActionSheetSecondaryActionItemTests.swift in Sources */, + OBJ_587 /* CancelButtonTests.swift in Sources */, + OBJ_588 /* DestructiveButtonTests.swift in Sources */, + OBJ_589 /* MenuButtonTests.swift in Sources */, + 84A24ECE236C670D00DB060C /* SecondaryActionItemTests.swift in Sources */, + OBJ_590 /* OkButtonTests.swift in Sources */, + OBJ_591 /* CollectionItemTests.swift in Sources */, + OBJ_592 /* CustomItemTests.swift in Sources */, + OBJ_593 /* LinkItemTests.swift in Sources */, + OBJ_594 /* MultiSelectItemTests.swift in Sources */, + OBJ_595 /* MultiSelectToggleItemTests.swift in Sources */, + OBJ_596 /* SelectItemTests.swift in Sources */, + OBJ_597 /* SingleSelectItemTests.swift in Sources */, + OBJ_599 /* MenuItemTests.swift in Sources */, + OBJ_600 /* MenuTests.swift in Sources */, + OBJ_601 /* MockMenuItem.swift in Sources */, + OBJ_602 /* MenuTitleTests.swift in Sources */, + OBJ_603 /* SectionMarginTests.swift in Sources */, + OBJ_604 /* SectionTitleTests.swift in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXSourcesBuildPhase section */ + +/* Begin PBXTargetDependency section */ + 8467041C234A3E9C00355331 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = "Foo::Foo" /* Foo */; + targetProxy = 8467041B234A3E9C00355331 /* PBXContainerItemProxy */; + }; + OBJ_532 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = "Foo::FooTests" /* FooTests */; + targetProxy = 84BDF8B02347D41500D35F93 /* PBXContainerItemProxy */; + }; + OBJ_616 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = "Foo::Foo" /* Foo */; + targetProxy = 84BDF8AF2347D41300D35F93 /* PBXContainerItemProxy */; + }; +/* End PBXTargetDependency section */ + +/* Begin PBXVariantGroup section */ + 8467039F234A3C4500355331 /* Main.storyboard */ = { + isa = PBXVariantGroup; + children = ( + 846703A0234A3C4500355331 /* Base */, + ); + name = Main.storyboard; + sourceTree = "<group>"; + }; + 846703A4234A3C4600355331 /* LaunchScreen.storyboard */ = { + isa = PBXVariantGroup; + children = ( + 846703A5234A3C4600355331 /* Base */, + ); + name = LaunchScreen.storyboard; + sourceTree = "<group>"; + }; +/* End PBXVariantGroup section */ + +/* Begin XCBuildConfiguration section */ + 846703A8234A3C4600355331 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++14"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_WEAK = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_STYLE = Automatic; + DEVELOPMENT_TEAM = PMEDFW438U; + ENABLE_STRICT_OBJC_MSGSEND = YES; + ENABLE_TESTABILITY = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + INFOPLIST_FILE = FooDemo/Info.plist; + LD_RUNPATH_SEARCH_PATHS = ( + "$(inherited)", + "@executable_path/Frameworks", + ); + MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; + MTL_FAST_MATH = YES; + PRODUCT_BUNDLE_IDENTIFIER = com.danielsaidi.FooDemo; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_ACTIVE_COMPILATION_CONDITIONS = DEBUG; + SWIFT_OPTIMIZATION_LEVEL = "-Onone"; + SWIFT_VERSION = 5.0; + TARGETED_DEVICE_FAMILY = "1,2"; + }; + name = Debug; + }; + 846703A9234A3C4600355331 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++14"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_WEAK = YES; + CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_COMMA = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; + CLANG_WARN_STRICT_PROTOTYPES = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_STYLE = Automatic; + COPY_PHASE_STRIP = NO; + DEVELOPMENT_TEAM = PMEDFW438U; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + INFOPLIST_FILE = FooDemo/Info.plist; + LD_RUNPATH_SEARCH_PATHS = ( + "$(inherited)", + "@executable_path/Frameworks", + ); + MTL_ENABLE_DEBUG_INFO = NO; + MTL_FAST_MATH = YES; + PRODUCT_BUNDLE_IDENTIFIER = com.danielsaidi.FooDemo; + PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_VERSION = 5.0; + TARGETED_DEVICE_FAMILY = "1,2"; + VALIDATE_PRODUCT = YES; + }; + name = Release; + }; + OBJ_3 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ENABLE_OBJC_ARC = YES; + COMBINE_HIDPI_IMAGES = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = dwarf; + DYLIB_INSTALL_NAME_BASE = "@rpath"; + ENABLE_NS_ASSERTIONS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "$(inherited)", + "SWIFT_PACKAGE=1", + "DEBUG=1", + ); + IPHONEOS_DEPLOYMENT_TARGET = 9.0; + ONLY_ACTIVE_ARCH = YES; + OTHER_SWIFT_FLAGS = "$(inherited) -DXcode"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SDKROOT = iphoneos; + SUPPORTED_PLATFORMS = "iphoneos iphonesimulator"; + SWIFT_ACTIVE_COMPILATION_CONDITIONS = "$(inherited) SWIFT_PACKAGE DEBUG"; + SWIFT_OPTIMIZATION_LEVEL = "-Onone"; + USE_HEADERMAP = NO; + }; + name = Debug; + }; + OBJ_4 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ENABLE_OBJC_ARC = YES; + COMBINE_HIDPI_IMAGES = YES; + COPY_PHASE_STRIP = YES; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + DYLIB_INSTALL_NAME_BASE = "@rpath"; + GCC_OPTIMIZATION_LEVEL = s; + GCC_PREPROCESSOR_DEFINITIONS = ( + "$(inherited)", + "SWIFT_PACKAGE=1", + ); + IPHONEOS_DEPLOYMENT_TARGET = 9.0; + OTHER_SWIFT_FLAGS = "$(inherited) -DXcode"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SDKROOT = iphoneos; + SUPPORTED_PLATFORMS = "iphoneos iphonesimulator"; + SWIFT_ACTIVE_COMPILATION_CONDITIONS = "$(inherited) SWIFT_PACKAGE"; + SWIFT_COMPILATION_MODE = wholemodule; + SWIFT_OPTIMIZATION_LEVEL = "-O"; + USE_HEADERMAP = NO; + }; + name = Release; + }; + OBJ_439 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CURRENT_PROJECT_VERSION = 1; + ENABLE_TESTABILITY = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(PLATFORM_DIR)/Developer/Library/Frameworks", + ); + HEADER_SEARCH_PATHS = "$(inherited)"; + INFOPLIST_FILE = Foo.xcodeproj/Foo_Info.plist; + LD_RUNPATH_SEARCH_PATHS = ( + "$(inherited)", + "$(TOOLCHAIN_DIR)/usr/lib/swift/macosx", + ); + OTHER_CFLAGS = "$(inherited)"; + OTHER_LDFLAGS = "$(inherited)"; + OTHER_SWIFT_FLAGS = "$(inherited)"; + PRODUCT_BUNDLE_IDENTIFIER = Foo; + PRODUCT_MODULE_NAME = "$(TARGET_NAME:c99extidentifier)"; + PRODUCT_NAME = "$(TARGET_NAME:c99extidentifier)"; + SKIP_INSTALL = YES; + SWIFT_ACTIVE_COMPILATION_CONDITIONS = "$(inherited)"; + SWIFT_VERSION = 5.0; + TARGET_NAME = Foo; + }; + name = Debug; + }; + OBJ_440 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CURRENT_PROJECT_VERSION = 1; + ENABLE_TESTABILITY = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(PLATFORM_DIR)/Developer/Library/Frameworks", + ); + HEADER_SEARCH_PATHS = "$(inherited)"; + INFOPLIST_FILE = Foo.xcodeproj/Foo_Info.plist; + LD_RUNPATH_SEARCH_PATHS = ( + "$(inherited)", + "$(TOOLCHAIN_DIR)/usr/lib/swift/macosx", + ); + OTHER_CFLAGS = "$(inherited)"; + OTHER_LDFLAGS = "$(inherited)"; + OTHER_SWIFT_FLAGS = "$(inherited)"; + PRODUCT_BUNDLE_IDENTIFIER = Foo; + PRODUCT_MODULE_NAME = "$(TARGET_NAME:c99extidentifier)"; + PRODUCT_NAME = "$(TARGET_NAME:c99extidentifier)"; + SKIP_INSTALL = YES; + SWIFT_ACTIVE_COMPILATION_CONDITIONS = "$(inherited)"; + SWIFT_VERSION = 5.0; + TARGET_NAME = Foo; + }; + name = Release; + }; + OBJ_524 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + LD = /usr/bin/true; + OTHER_SWIFT_FLAGS = "-swift-version 5 -I $(TOOLCHAIN_DIR)/usr/lib/swift/pm/4_2 -target x86_64-apple-macosx10.10 -sdk /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk -package-description-version 5.1"; + SWIFT_VERSION = 5.0; + }; + name = Debug; + }; + OBJ_525 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + LD = /usr/bin/true; + OTHER_SWIFT_FLAGS = "-swift-version 5 -I $(TOOLCHAIN_DIR)/usr/lib/swift/pm/4_2 -target x86_64-apple-macosx10.10 -sdk /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk -package-description-version 5.1"; + SWIFT_VERSION = 5.0; + }; + name = Release; + }; + OBJ_530 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + }; + name = Debug; + }; + OBJ_531 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + }; + name = Release; + }; + OBJ_535 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ENABLE_MODULES = YES; + DEVELOPMENT_TEAM = PMEDFW438U; + EMBEDDED_CONTENT_CONTAINS_SWIFT = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(PLATFORM_DIR)/Developer/Library/Frameworks", + ); + HEADER_SEARCH_PATHS = ( + "$(inherited)", + "$(SRCROOT)/.build/checkouts/Quick/Sources/QuickSpecBase/include", + ); + INFOPLIST_FILE = Foo.xcodeproj/FooTests_Info.plist; + IPHONEOS_DEPLOYMENT_TARGET = 11.0; + LD_RUNPATH_SEARCH_PATHS = ( + "$(inherited)", + "@loader_path/../Frameworks", + "@loader_path/Frameworks", + ); + OTHER_CFLAGS = "$(inherited)"; + OTHER_LDFLAGS = "$(inherited)"; + OTHER_SWIFT_FLAGS = "$(inherited)"; + SWIFT_ACTIVE_COMPILATION_CONDITIONS = "$(inherited)"; + SWIFT_VERSION = 5.0; + TARGET_NAME = FooTests; + }; + name = Debug; + }; + OBJ_536 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ENABLE_MODULES = YES; + DEVELOPMENT_TEAM = PMEDFW438U; + EMBEDDED_CONTENT_CONTAINS_SWIFT = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(PLATFORM_DIR)/Developer/Library/Frameworks", + ); + HEADER_SEARCH_PATHS = ( + "$(inherited)", + "$(SRCROOT)/.build/checkouts/Quick/Sources/QuickSpecBase/include", + ); + INFOPLIST_FILE = Foo.xcodeproj/FooTests_Info.plist; + IPHONEOS_DEPLOYMENT_TARGET = 11.0; + LD_RUNPATH_SEARCH_PATHS = ( + "$(inherited)", + "@loader_path/../Frameworks", + "@loader_path/Frameworks", + ); + OTHER_CFLAGS = "$(inherited)"; + OTHER_LDFLAGS = "$(inherited)"; + OTHER_SWIFT_FLAGS = "$(inherited)"; + SWIFT_ACTIVE_COMPILATION_CONDITIONS = "$(inherited)"; + SWIFT_VERSION = 5.0; + TARGET_NAME = FooTests; + }; + name = Release; + }; +/* End XCBuildConfiguration section */ + +/* Begin XCConfigurationList section */ + 846703AA234A3C4600355331 /* Build configuration list for PBXNativeTarget "FooDemo" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 846703A8234A3C4600355331 /* Debug */, + 846703A9234A3C4600355331 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + OBJ_2 /* Build configuration list for PBXProject "Foo" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + OBJ_3 /* Debug */, + OBJ_4 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + OBJ_438 /* Build configuration list for PBXNativeTarget "Foo" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + OBJ_439 /* Debug */, + OBJ_440 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + OBJ_523 /* Build configuration list for PBXNativeTarget "FooPackageDescription" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + OBJ_524 /* Debug */, + OBJ_525 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + OBJ_529 /* Build configuration list for PBXAggregateTarget "FooPackageTests" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + OBJ_530 /* Debug */, + OBJ_531 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + OBJ_534 /* Build configuration list for PBXNativeTarget "FooTests" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + OBJ_535 /* Debug */, + OBJ_536 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; +/* End XCConfigurationList section */ + +/* Begin XCRemoteSwiftPackageReference section */ + 84D3AF2C2434B1420007BE9B /* XCRemoteSwiftPackageReference "Quick" */ = { + isa = XCRemoteSwiftPackageReference; + repositoryURL = "https://github.com/Quick/Quick.git"; + requirement = { + kind = upToNextMajorVersion; + minimumVersion = 3.0.0; + }; + }; + 84D3AF2F2434B1510007BE9B /* XCRemoteSwiftPackageReference "Nimble" */ = { + isa = XCRemoteSwiftPackageReference; + repositoryURL = "https://github.com/Quick/Nimble.git"; + requirement = { + kind = upToNextMajorVersion; + minimumVersion = 8.1.1; + }; + }; + A9FA9D3826A17AC30047114E /* XCRemoteSwiftPackageReference "MockingKit" */ = { + isa = XCRemoteSwiftPackageReference; + repositoryURL = "https://github.com/danielsaidi/MockingKit.git"; + requirement = { + kind = upToNextMajorVersion; + minimumVersion = 0.9.4; + }; + }; +/* End XCRemoteSwiftPackageReference section */ + +/* Begin XCSwiftPackageProductDependency section */ + 84D3AF2D2434B1420007BE9B /* Quick */ = { + isa = XCSwiftPackageProductDependency; + package = 84D3AF2C2434B1420007BE9B /* XCRemoteSwiftPackageReference "Quick" */; + productName = Quick; + }; + 84D3AF302434B1510007BE9B /* Nimble */ = { + isa = XCSwiftPackageProductDependency; + package = 84D3AF2F2434B1510007BE9B /* XCRemoteSwiftPackageReference "Nimble" */; + productName = Nimble; + }; + A9FA9D3926A17AC40047114E /* MockingKit */ = { + isa = XCSwiftPackageProductDependency; + package = A9FA9D3826A17AC30047114E /* XCRemoteSwiftPackageReference "MockingKit" */; + productName = MockingKit; + }; +/* End XCSwiftPackageProductDependency section */ + }; + rootObject = OBJ_1 /* Project object */; +} diff --git a/swift/xcode-autobuilder/tests/hello-targets-with-tests-suffix/Foo.xcodeproj/project.xcworkspace/contents.xcworkspacedata b/swift/xcode-autobuilder/tests/hello-targets-with-tests-suffix/Foo.xcodeproj/project.xcworkspace/contents.xcworkspacedata new file mode 100644 index 00000000000..919434a6254 --- /dev/null +++ b/swift/xcode-autobuilder/tests/hello-targets-with-tests-suffix/Foo.xcodeproj/project.xcworkspace/contents.xcworkspacedata @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Workspace + version = "1.0"> + <FileRef + location = "self:"> + </FileRef> +</Workspace> diff --git a/swift/xcode-autobuilder/tests/hello-targets-with-tests-suffix/commands.expected b/swift/xcode-autobuilder/tests/hello-targets-with-tests-suffix/commands.expected new file mode 100644 index 00000000000..4506ff8aa56 --- /dev/null +++ b/swift/xcode-autobuilder/tests/hello-targets-with-tests-suffix/commands.expected @@ -0,0 +1 @@ +/usr/bin/xcodebuild build -project ./Foo.xcodeproj -target FooDemo CODE_SIGNING_REQUIRED=NO CODE_SIGNING_ALLOWED=NO diff --git a/swift/xcode-autobuilder/xcode-autobuilder.cpp b/swift/xcode-autobuilder/xcode-autobuilder.cpp index 9dfdb074e75..4cc234de66b 100644 --- a/swift/xcode-autobuilder/xcode-autobuilder.cpp +++ b/swift/xcode-autobuilder/xcode-autobuilder.cpp @@ -7,8 +7,9 @@ #include "swift/logging/SwiftLogging.h" #include "swift/xcode-autobuilder/CustomizingBuildLink.h" -static const char* uiTest = "com.apple.product-type.bundle.ui-testing"; -static const char* unitTest = "com.apple.product-type.bundle.unit-test"; +static constexpr std::string_view uiTest = "com.apple.product-type.bundle.ui-testing"; +static constexpr std::string_view unitTest = "com.apple.product-type.bundle.unit-test"; +static constexpr std::string_view unknownType = "<unknown_target_type>"; const std::string_view codeql::programName = "autobuilder"; @@ -38,6 +39,16 @@ struct CLIArgs { bool dryRun; }; +static bool endsWith(std::string_view s, std::string_view suffix) { + return s.size() >= suffix.size() && s.substr(s.size() - suffix.size()) == suffix; +} + +static bool isNonSwiftOrTestTarget(const Target& t) { + return t.fileCount == 0 || t.type == uiTest || t.type == unitTest || + // unknown target types can be legitimate, let's do a name-based heuristic then + (t.type == unknownType && (endsWith(t.name, "Tests") || endsWith(t.name, "Test"))); +} + static void autobuild(const CLIArgs& args) { auto collected = collectTargets(args.workingDir); auto& targets = collected.targets; @@ -45,10 +56,7 @@ static void autobuild(const CLIArgs& args) { LOG_INFO("{}", t); } // Filter out targets that are tests or have no swift source files - targets.erase(std::remove_if(std::begin(targets), std::end(targets), - [&](Target& t) -> bool { - return t.fileCount == 0 || t.type == uiTest || t.type == unitTest; - }), + targets.erase(std::remove_if(std::begin(targets), std::end(targets), isNonSwiftOrTestTarget), std::end(targets)); // Sort targets by the amount of files in each From cfaa27ab5d0eef5d7717ee6d96b4e25d9e490e01 Mon Sep 17 00:00:00 2001 From: Asger F <asgerf@github.com> Date: Fri, 26 May 2023 14:43:06 +0200 Subject: [PATCH 699/870] Ruby: change note --- .../src/change-notes/2023-05-26-super-and-flow-through.md | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ruby/ql/src/change-notes/2023-05-26-super-and-flow-through.md diff --git a/ruby/ql/src/change-notes/2023-05-26-super-and-flow-through.md b/ruby/ql/src/change-notes/2023-05-26-super-and-flow-through.md new file mode 100644 index 00000000000..7059c51f24e --- /dev/null +++ b/ruby/ql/src/change-notes/2023-05-26-super-and-flow-through.md @@ -0,0 +1,6 @@ +--- +category: minorAnalysis +--- +* Fixed a bug that would occur when an `initialize` method returns `self` or one of its parameters. + In such cases, the corresponding calls to `new` would be associated with an incorrect return type. + This could result in inaccurate call target resolution and cause false positive alerts. From ba51ded5168415fa1f22dee73fd6c69eda1a04ba Mon Sep 17 00:00:00 2001 From: Philip Ginsbach <ginsbach@github.com> Date: Thu, 25 May 2023 10:39:44 +0100 Subject: [PATCH 700/870] bindingset is not really a pragma --- docs/codeql/ql-language-reference/ql-language-specification.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/ql-language-reference/ql-language-specification.rst b/docs/codeql/ql-language-reference/ql-language-specification.rst index af5be717ef6..25b25dc82f1 100644 --- a/docs/codeql/ql-language-reference/ql-language-specification.rst +++ b/docs/codeql/ql-language-reference/ql-language-specification.rst @@ -773,7 +773,7 @@ Binding sets are checked by the QL compiler in the following way: A predicate may have several different binding sets, which can be stated by using multiple ``bindingset`` annotations on the same predicate. +----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ -| Pragma | Classes | Characters | Member predicates | Non-member predicates | Imports | Fields | Modules | Aliases | Signatures | +| Annotation | Classes | Characters | Member predicates | Non-member predicates | Imports | Fields | Modules | Aliases | Signatures | +================+=========+============+===================+=======================+=========+========+=========+=========+============+ | ``bindingset`` | | yes | yes | yes | | | | | (yes) | +----------------+---------+------------+-------------------+-----------------------+---------+--------+---------+---------+------------+ From 47a0d4b77427f481b76a0ea07349949a90c5c2d5 Mon Sep 17 00:00:00 2001 From: Philip Ginsbach <ginsbach@github.com> Date: Thu, 25 May 2023 10:44:31 +0100 Subject: [PATCH 701/870] more explicit mentioning of QLL files --- .../ql-language-reference/ql-language-specification.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/codeql/ql-language-reference/ql-language-specification.rst b/docs/codeql/ql-language-reference/ql-language-specification.rst index 25b25dc82f1..71dcbdce571 100644 --- a/docs/codeql/ql-language-reference/ql-language-specification.rst +++ b/docs/codeql/ql-language-reference/ql-language-specification.rst @@ -186,21 +186,21 @@ A QL module definition has the following syntax: A module definition extends the current module's declared module environment with a mapping from the module name to the module definition. -QL files consist of simply a module body without a name and surrounding braces: +QL files and QLL files consist of simply a module body without a name and surrounding braces: :: ql ::= moduleBody -QL files define a module corresponding to the file, whose name is the same as the filename. +QL files and QLL files define a module corresponding to the file, whose name is the same as the filename. Kinds of modules ~~~~~~~~~~~~~~~~ A module may be: -- A *file module*, if it is defined implicitly by a QL file. -- A *query module*, if it is defined by a QL file. +- A *file module*, if it is defined implicitly by a QL file or a QLL file. +- A *query module*, if it is defined implicitly by a QL file. - A *library module*, if it is not a query module. A query module must contain one or more queries. From 0f08642653bffb3206a2660cdb42feebb0384875 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen <mathiasvp@github.com> Date: Fri, 26 May 2023 11:16:44 -0700 Subject: [PATCH 702/870] C++: Fix join in 'pointerArithOverflow0'. --- .../Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql index 88db396f2cf..735375870ea 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql @@ -78,11 +78,16 @@ predicate isInvalidPointerDerefSink2(DataFlow::Node sink, Instruction i, string ) } +pragma[nomagic] +predicate arrayTypeHasSizes(ArrayType arr, int baseTypeSize, int arraySize) { + arr.getBaseType().getSize() = baseTypeSize and + arr.getArraySize() = arraySize +} + predicate pointerArithOverflow0( PointerArithmeticInstruction pai, Field f, int size, int bound, int delta ) { - pai.getElementSize() = f.getUnspecifiedType().(ArrayType).getBaseType().getSize() and - f.getUnspecifiedType().(ArrayType).getArraySize() = size and + arrayTypeHasSizes(f.getUnspecifiedType(), pai.getElementSize(), size) and semBounded(getSemanticExpr(pai.getRight()), any(SemZeroBound b), bound, true, _) and delta = bound - size and delta >= 0 and From 9828af45a1754cd9f6902c1ed5af1cce9e526870 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen <mathiasvp@github.com> Date: Fri, 26 May 2023 15:23:48 -0700 Subject: [PATCH 703/870] C++: Change separator from ':' to '|'. --- .../ir/range-analysis/RangeAnalysis.ql | 2 +- .../SimpleRangeAnalysis_tests.cpp | 32 +++++++++---------- .../library-tests/ir/range-analysis/test.cpp | 4 +-- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/cpp/ql/test/library-tests/ir/range-analysis/RangeAnalysis.ql b/cpp/ql/test/library-tests/ir/range-analysis/RangeAnalysis.ql index eadf0b90ef5..b5a86c23d97 100644 --- a/cpp/ql/test/library-tests/ir/range-analysis/RangeAnalysis.ql +++ b/cpp/ql/test/library-tests/ir/range-analysis/RangeAnalysis.ql @@ -40,7 +40,7 @@ bindingset[delta] private string getBoundString(SemBound b, float delta) { b instanceof SemZeroBound and result = delta.toString() or - result = strictconcat(b.(SemSsaBound).getAVariable().toString(), ":") + getOffsetString(delta) + result = strictconcat(b.(SemSsaBound).getAVariable().toString(), " | ") + getOffsetString(delta) } private string getARangeString(SemExpr e) { diff --git a/cpp/ql/test/library-tests/ir/range-analysis/SimpleRangeAnalysis_tests.cpp b/cpp/ql/test/library-tests/ir/range-analysis/SimpleRangeAnalysis_tests.cpp index 92e197115b7..df29578409b 100644 --- a/cpp/ql/test/library-tests/ir/range-analysis/SimpleRangeAnalysis_tests.cpp +++ b/cpp/ql/test/library-tests/ir/range-analysis/SimpleRangeAnalysis_tests.cpp @@ -8,7 +8,7 @@ int test1(struct List* p) { int count = 0; for (; p; p = p->next) { count = count+1; - range(count); // $ range="==Phi: p:Store: count+1" + range(count); // $ range="==Phi: p | Store: count+1" } range(count); return count; @@ -18,7 +18,7 @@ int test2(struct List* p) { int count = 0; for (; p; p = p->next) { count = (count+1) % 10; - range(count); // $ range=<=9 range=>=-9 range="<=Phi: p:Store: count+1" + range(count); // $ range=<=9 range=>=-9 range="<=Phi: p | Store: count+1" } range(count); // $ range=>=-9 range=<=9 return count; @@ -29,7 +29,7 @@ int test3(struct List* p) { for (; p; p = p->next) { range(count++); // $ range=>=-9 range=<=9 count = count % 10; - range(count); // $ range=<=9 range=>=-9 range="<=Store: ... +++0" range="<=Phi: p:Store: count+1" + range(count); // $ range=<=9 range=>=-9 range="<=Store: ... +++0" range="<=Phi: p | Store: count+1" } range(count); // $ range=>=-9 range=<=9 return count; @@ -93,12 +93,12 @@ int test8(int x, int y) { if (-1000 < y && y < 10) { range(y); // $ range=<=9 range=>=-999 if (x < y-2) { - range(x); // $ range=<=6 range="<=InitializeParameter: y:Store: y-3" - range(y); // $ range=<=9 range=>=-999 range=">=InitializeParameter: x:Store: x+3" + range(x); // $ range=<=6 range="<=InitializeParameter: y | Store: y-3" + range(y); // $ range=<=9 range=>=-999 range=">=InitializeParameter: x | Store: x+3" return x; } - range(x); // $ range=>=-1001 range=">=InitializeParameter: y:Store: y-2" - range(y); // $ range=<=9 range="<=InitializeParameter: x:Store: x+2" range=>=-999 + range(x); // $ range=>=-1001 range=">=InitializeParameter: y | Store: y-2" + range(y); // $ range=<=9 range="<=InitializeParameter: x | Store: x+2" range=>=-999 } range(x); range(y); @@ -128,11 +128,11 @@ int test10(int x, int y) { range(y); // $ range=>=8 if (x < y) { range(x); // $ range="<=InitializeParameter: y-1" - range(y); // $ range=>=8 range=">=InitializeParameter: x:Store: x+1" + range(y); // $ range=>=8 range=">=InitializeParameter: x | Store: x+1" return 0; } range(x); // $ range=>=8 range=">=InitializeParameter: y+0" - range(y); // $ range="<=InitializeParameter: x:Store: x+0" range=>=8 + range(y); // $ range="<=InitializeParameter: x | Store: x+0" range=>=8 return x; } range(y); // $ range=<=7 @@ -541,7 +541,7 @@ int test16(int x) { while (i < 3) { range(i); // $ range=<=2 range=>=0 i++; - range(i); // $ range=<=3 range=>=1 range="==Phi: i:Store: ... = ...+1" + range(i); // $ range=<=3 range=>=1 range="==Phi: i | Store: ... = ...+1" } range(d); d = i; @@ -640,14 +640,14 @@ unsigned int test_comma01(unsigned int x) { unsigned int y1; unsigned int y2; y1 = (++y, y); - range(y1); // $ range=<=101 range="==Phi: ... ? ... : ...:Store: ... ? ... : ...+1" + range(y1); // $ range=<=101 range="==Phi: ... ? ... : ... | Store: ... ? ... : ...+1" y2 = (y++, - range(y), // $ range=<=102 range="==Store: ++ ...:Store: ... = ...+1" range="==Phi: ... ? ... : ...:Store: ... ? ... : ...+2" + range(y), // $ range=<=102 range="==Store: ++ ... | Store: ... = ...+1" range="==Phi: ... ? ... : ... | Store: ... ? ... : ...+2" y += 3, - range(y), // $ range=<=105 range="==Store: ++ ...:Store: ... = ...+4" range="==Store: ... +++3" range="==Phi: ... ? ... : ...:Store: ... ? ... : ...+5" + range(y), // $ range=<=105 range="==Store: ++ ... | Store: ... = ...+4" range="==Store: ... +++3" range="==Phi: ... ? ... : ... | Store: ... ? ... : ...+5" y); - range(y2); // $ range=<=105 range="==Store: ++ ...:Store: ... = ...+4" range="==Store: ... +++3" Unexpected result: range="==Phi: ... ? ... : ...:Store: ... ? ... : ...+5" - range(y1 + y2); // $ range=<=206 range="<=Phi: ... ? ... : ...:Store: ... ? ... : ...+106" MISSING: range=">=++ ...:... = ...+5" range=">=... +++4" range=">=... += ...:... = ...+1" range=">=... ? ... : ...+6" + range(y2); // $ range=<=105 range="==Store: ++ ... | Store: ... = ...+4" range="==Store: ... +++3" Unexpected result: range="==Phi: ... ? ... : ... | Store: ... ? ... : ...+5" + range(y1 + y2); // $ range=<=206 range="<=Phi: ... ? ... : ... | Store: ... ? ... : ...+106" MISSING: range=">=++ ...:... = ...+5" range=">=... +++4" range=">=... += ...:... = ...+1" range=">=... ? ... : ...+6" return y1 + y2; } @@ -672,7 +672,7 @@ void test17() { range(i); // $ range===50 i = 20 + (j -= 10); - range(i); // $ range="==Store: ... += ...:Store: ... = ...+10" range===60 + range(i); // $ range="==Store: ... += ... | Store: ... = ...+10" range===60 } // Tests for unsigned multiplication. diff --git a/cpp/ql/test/library-tests/ir/range-analysis/test.cpp b/cpp/ql/test/library-tests/ir/range-analysis/test.cpp index 5d816f3cda4..95e6474124a 100644 --- a/cpp/ql/test/library-tests/ir/range-analysis/test.cpp +++ b/cpp/ql/test/library-tests/ir/range-analysis/test.cpp @@ -17,7 +17,7 @@ } else { if (y > 300) { range(x); // $ range=>=302 range=<=400 range="<=InitializeParameter: y+1" MISSING: range===y+1 - range(y); // $ range=>=301 range=<=399 range="==InitializeParameter: x:Store: x-1" + range(y); // $ range=>=301 range=<=399 range="==InitializeParameter: x | Store: x-1" int sum = x + y; } } @@ -40,7 +40,7 @@ if (y == x - 1 && y > 300 && y + 2 == z && z == 350) { // $ overflow=+ overflow=- range(x); // $ range===349 range="==InitializeParameter: y+1" range="==InitializeParameter: z-1" - range(y); // $ range===348 range=">=InitializeParameter: x:Store: x-1" range="==InitializeParameter: z-2" MISSING: range===x-1 + range(y); // $ range===348 range=">=InitializeParameter: x | Store: x-1" range="==InitializeParameter: z-2" MISSING: range===x-1 range(z); // $ range===350 range="<=InitializeParameter: y+2" MISSING: range===x+1 range===y+2 return x + y + z; } From 65dd7eb8e77178d91d9b5a05d0a43311ead5f18b Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Thu, 11 May 2023 15:48:36 -0400 Subject: [PATCH 704/870] Java: add neutral models discovered with path-inj and ssrf heuristics --- java/ql/lib/ext/java.io.model.yml | 5 +++++ java/ql/lib/ext/java.nio.file.model.yml | 18 ++++++++++++++++++ java/ql/lib/ext/java.nio.file.spi.model.yml | 7 +++++++ java/ql/lib/ext/java.text.model.yml | 4 ++++ java/ql/lib/ext/java.util.prefs.model.yml | 7 +++++++ ...g.apache.hc.client5.http.protocol.model.yml | 6 ++++++ 6 files changed, 47 insertions(+) create mode 100644 java/ql/lib/ext/java.nio.file.spi.model.yml create mode 100644 java/ql/lib/ext/java.util.prefs.model.yml create mode 100644 java/ql/lib/ext/org.apache.hc.client5.http.protocol.model.yml diff --git a/java/ql/lib/ext/java.io.model.yml b/java/ql/lib/ext/java.io.model.yml index 2db99b7027e..e3a48d4138d 100644 --- a/java/ql/lib/ext/java.io.model.yml +++ b/java/ql/lib/ext/java.io.model.yml @@ -100,6 +100,7 @@ extensions: pack: codeql/java-all extensible: neutralModel data: + # summary neutrals - ["java.io", "Closeable", "close", "()", "summary", "manual"] - ["java.io", "DataOutput", "writeBoolean", "(boolean)", "summary", "manual"] - ["java.io", "File", "delete", "()", "summary", "manual"] @@ -117,3 +118,7 @@ extensions: - ["java.io", "DataInput", "readLong", "()", "summary", "manual"] # taint-numeric - ["java.io", "DataOutput", "writeInt", "(int)", "summary", "manual"] # taint-numeric - ["java.io", "DataOutput", "writeLong", "(long)", "summary", "manual"] # taint-numeric + + # sink neutrals + - ["java.io", "File", "compareTo", "", "sink", "manual"] + - ["java.io", "File", "exists", "()", "sink", "manual"] diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml index 42ae8b9052b..c178f628980 100644 --- a/java/ql/lib/ext/java.nio.file.model.yml +++ b/java/ql/lib/ext/java.nio.file.model.yml @@ -81,4 +81,22 @@ extensions: pack: codeql/java-all extensible: neutralModel data: + # summary neutrals - ["java.nio.file", "Files", "exists", "(Path,LinkOption[])", "summary", "manual"] + + # sink neutrals + - ["java.nio.file", "Files" "exists", "", "sink", "manual"] + - ["java.nio.file", "Files" "getLastModifiedTime", "", "sink", "manual"] + - ["java.nio.file", "Files" "getOwner", "", "sink", "manual"] + - ["java.nio.file", "Files" "getPosixFilePermissions", "", "sink", "manual"] + - ["java.nio.file", "Files" "isDirectory", "", "sink", "manual"] + - ["java.nio.file", "Files" "isExecutable", "", "sink", "manual"] + - ["java.nio.file", "Files" "isHidden", "", "sink", "manual"] + - ["java.nio.file", "Files" "isReadable", "", "sink", "manual"] + - ["java.nio.file", "Files" "isRegularFile", "", "sink", "manual"] + - ["java.nio.file", "Files" "isSameFile", "", "sink", "manual"] + - ["java.nio.file", "Files" "isSymbolicLink", "", "sink", "manual"] + - ["java.nio.file", "Files" "isWritable", "", "sink", "manual"] + - ["java.nio.file", "Files" "notExists", "", "sink", "manual"] + - ["java.nio.file", "Files" "setLastModifiedTime", "", "sink", "manual"] + - ["java.nio.file", "Files" "size", "", "sink", "manual"] diff --git a/java/ql/lib/ext/java.nio.file.spi.model.yml b/java/ql/lib/ext/java.nio.file.spi.model.yml new file mode 100644 index 00000000000..a833c453eb3 --- /dev/null +++ b/java/ql/lib/ext/java.nio.file.spi.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: neutralModel + data: + - ["java.nio.file.spi", "FileSystemProvider" "isHidden", "", "manual"] + - ["java.nio.file.spi", "FileSystemProvider" "isSameFile", "", "manual"] diff --git a/java/ql/lib/ext/java.text.model.yml b/java/ql/lib/ext/java.text.model.yml index 728ed4fa6b4..13b286b0438 100644 --- a/java/ql/lib/ext/java.text.model.yml +++ b/java/ql/lib/ext/java.text.model.yml @@ -3,6 +3,10 @@ extensions: pack: codeql/java-all extensible: neutralModel data: + - ["java.text", "Collator" "compare", "", "manual"] + - ["java.text", "Collator" "equals", "", "manual"] + - ["java.text", "RuleBasedCollator", "compare", "", "manual"] + # The below APIs have numeric flow and are currently being stored as neutral models. # These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future. - ["java.text", "DateFormat", "format", "(Date)", "summary", "manual"] # taint-numeric diff --git a/java/ql/lib/ext/java.util.prefs.model.yml b/java/ql/lib/ext/java.util.prefs.model.yml new file mode 100644 index 00000000000..c27ba79029b --- /dev/null +++ b/java/ql/lib/ext/java.util.prefs.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: neutralModel + data: + - ["java.util.prefs", "AbstractPreferences", "nodeExists", "", "manual"] + - ["java.util.prefs", "Preferences", "nodeExists", "", "manual"] diff --git a/java/ql/lib/ext/org.apache.hc.client5.http.protocol.model.yml b/java/ql/lib/ext/org.apache.hc.client5.http.protocol.model.yml new file mode 100644 index 00000000000..eb92d7b4334 --- /dev/null +++ b/java/ql/lib/ext/org.apache.hc.client5.http.protocol.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: neutralModel + data: + - ["org.apache.hc.client5.http.protocol", "RedirectLocations", "contains", "", "manual"] From 60b07083c3b54f5da0c8845d3bea39d6174d7eb1 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Thu, 11 May 2023 17:47:31 -0400 Subject: [PATCH 705/870] Java: add 'sink' kind --- java/ql/lib/ext/java.nio.file.spi.model.yml | 5 +++-- java/ql/lib/ext/java.text.model.yml | 10 ++++++---- java/ql/lib/ext/java.util.prefs.model.yml | 5 +++-- .../ext/org.apache.hc.client5.http.protocol.model.yml | 3 ++- 4 files changed, 14 insertions(+), 9 deletions(-) diff --git a/java/ql/lib/ext/java.nio.file.spi.model.yml b/java/ql/lib/ext/java.nio.file.spi.model.yml index a833c453eb3..0a7396a482c 100644 --- a/java/ql/lib/ext/java.nio.file.spi.model.yml +++ b/java/ql/lib/ext/java.nio.file.spi.model.yml @@ -3,5 +3,6 @@ extensions: pack: codeql/java-all extensible: neutralModel data: - - ["java.nio.file.spi", "FileSystemProvider" "isHidden", "", "manual"] - - ["java.nio.file.spi", "FileSystemProvider" "isSameFile", "", "manual"] + # sink neutrals + - ["java.nio.file.spi", "FileSystemProvider" "isHidden", "", "sink", "manual"] + - ["java.nio.file.spi", "FileSystemProvider" "isSameFile", "", "sink", "manual"] diff --git a/java/ql/lib/ext/java.text.model.yml b/java/ql/lib/ext/java.text.model.yml index 13b286b0438..d4704c2ab97 100644 --- a/java/ql/lib/ext/java.text.model.yml +++ b/java/ql/lib/ext/java.text.model.yml @@ -3,12 +3,14 @@ extensions: pack: codeql/java-all extensible: neutralModel data: - - ["java.text", "Collator" "compare", "", "manual"] - - ["java.text", "Collator" "equals", "", "manual"] - - ["java.text", "RuleBasedCollator", "compare", "", "manual"] - + # summary neutrals # The below APIs have numeric flow and are currently being stored as neutral models. # These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future. - ["java.text", "DateFormat", "format", "(Date)", "summary", "manual"] # taint-numeric - ["java.text", "DateFormat", "parse", "(String)", "summary", "manual"] # taint-numeric - ["java.text", "SimpleDateFormat", "SimpleDateFormat", "(String)", "summary", "manual"] # taint-numeric + + # sink neutrals + - ["java.text", "Collator" "compare", "", "sink", "manual"] + - ["java.text", "Collator" "equals", "", "sink", "manual"] + - ["java.text", "RuleBasedCollator", "compare", "", "sink", "manual"] diff --git a/java/ql/lib/ext/java.util.prefs.model.yml b/java/ql/lib/ext/java.util.prefs.model.yml index c27ba79029b..412730c3807 100644 --- a/java/ql/lib/ext/java.util.prefs.model.yml +++ b/java/ql/lib/ext/java.util.prefs.model.yml @@ -3,5 +3,6 @@ extensions: pack: codeql/java-all extensible: neutralModel data: - - ["java.util.prefs", "AbstractPreferences", "nodeExists", "", "manual"] - - ["java.util.prefs", "Preferences", "nodeExists", "", "manual"] + # sink neutrals + - ["java.util.prefs", "AbstractPreferences", "nodeExists", "", "sink", "manual"] + - ["java.util.prefs", "Preferences", "nodeExists", "", "sink", "manual"] diff --git a/java/ql/lib/ext/org.apache.hc.client5.http.protocol.model.yml b/java/ql/lib/ext/org.apache.hc.client5.http.protocol.model.yml index eb92d7b4334..eb30b29a50a 100644 --- a/java/ql/lib/ext/org.apache.hc.client5.http.protocol.model.yml +++ b/java/ql/lib/ext/org.apache.hc.client5.http.protocol.model.yml @@ -3,4 +3,5 @@ extensions: pack: codeql/java-all extensible: neutralModel data: - - ["org.apache.hc.client5.http.protocol", "RedirectLocations", "contains", "", "manual"] + # sink neutrals + - ["org.apache.hc.client5.http.protocol", "RedirectLocations", "contains", "", "sink", "manual"] From 7e6913af620e9d6d7127e8cee67d6e9a31dc6dec Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Thu, 11 May 2023 17:51:53 -0400 Subject: [PATCH 706/870] Java: update provenance to 'hq-manual' --- java/ql/lib/ext/java.io.model.yml | 4 +-- java/ql/lib/ext/java.nio.file.model.yml | 30 +++++++++---------- java/ql/lib/ext/java.nio.file.spi.model.yml | 4 +-- java/ql/lib/ext/java.text.model.yml | 6 ++-- java/ql/lib/ext/java.util.prefs.model.yml | 4 +-- ....apache.hc.client5.http.protocol.model.yml | 2 +- 6 files changed, 25 insertions(+), 25 deletions(-) diff --git a/java/ql/lib/ext/java.io.model.yml b/java/ql/lib/ext/java.io.model.yml index e3a48d4138d..44d079c1474 100644 --- a/java/ql/lib/ext/java.io.model.yml +++ b/java/ql/lib/ext/java.io.model.yml @@ -120,5 +120,5 @@ extensions: - ["java.io", "DataOutput", "writeLong", "(long)", "summary", "manual"] # taint-numeric # sink neutrals - - ["java.io", "File", "compareTo", "", "sink", "manual"] - - ["java.io", "File", "exists", "()", "sink", "manual"] + - ["java.io", "File", "compareTo", "", "sink", "hq-manual"] + - ["java.io", "File", "exists", "()", "sink", "hq-manual"] diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml index c178f628980..243f6a528a1 100644 --- a/java/ql/lib/ext/java.nio.file.model.yml +++ b/java/ql/lib/ext/java.nio.file.model.yml @@ -85,18 +85,18 @@ extensions: - ["java.nio.file", "Files", "exists", "(Path,LinkOption[])", "summary", "manual"] # sink neutrals - - ["java.nio.file", "Files" "exists", "", "sink", "manual"] - - ["java.nio.file", "Files" "getLastModifiedTime", "", "sink", "manual"] - - ["java.nio.file", "Files" "getOwner", "", "sink", "manual"] - - ["java.nio.file", "Files" "getPosixFilePermissions", "", "sink", "manual"] - - ["java.nio.file", "Files" "isDirectory", "", "sink", "manual"] - - ["java.nio.file", "Files" "isExecutable", "", "sink", "manual"] - - ["java.nio.file", "Files" "isHidden", "", "sink", "manual"] - - ["java.nio.file", "Files" "isReadable", "", "sink", "manual"] - - ["java.nio.file", "Files" "isRegularFile", "", "sink", "manual"] - - ["java.nio.file", "Files" "isSameFile", "", "sink", "manual"] - - ["java.nio.file", "Files" "isSymbolicLink", "", "sink", "manual"] - - ["java.nio.file", "Files" "isWritable", "", "sink", "manual"] - - ["java.nio.file", "Files" "notExists", "", "sink", "manual"] - - ["java.nio.file", "Files" "setLastModifiedTime", "", "sink", "manual"] - - ["java.nio.file", "Files" "size", "", "sink", "manual"] + - ["java.nio.file", "Files" "exists", "", "sink", "hq-manual"] + - ["java.nio.file", "Files" "getLastModifiedTime", "", "sink", "hq-manual"] + - ["java.nio.file", "Files" "getOwner", "", "sink", "hq-manual"] + - ["java.nio.file", "Files" "getPosixFilePermissions", "", "sink", "hq-manual"] + - ["java.nio.file", "Files" "isDirectory", "", "sink", "hq-manual"] + - ["java.nio.file", "Files" "isExecutable", "", "sink", "hq-manual"] + - ["java.nio.file", "Files" "isHidden", "", "sink", "hq-manual"] + - ["java.nio.file", "Files" "isReadable", "", "sink", "hq-manual"] + - ["java.nio.file", "Files" "isRegularFile", "", "sink", "hq-manual"] + - ["java.nio.file", "Files" "isSameFile", "", "sink", "hq-manual"] + - ["java.nio.file", "Files" "isSymbolicLink", "", "sink", "hq-manual"] + - ["java.nio.file", "Files" "isWritable", "", "sink", "hq-manual"] + - ["java.nio.file", "Files" "notExists", "", "sink", "hq-manual"] + - ["java.nio.file", "Files" "setLastModifiedTime", "", "sink", "hq-manual"] + - ["java.nio.file", "Files" "size", "", "sink", "hq-manual"] diff --git a/java/ql/lib/ext/java.nio.file.spi.model.yml b/java/ql/lib/ext/java.nio.file.spi.model.yml index 0a7396a482c..0b6d1d89988 100644 --- a/java/ql/lib/ext/java.nio.file.spi.model.yml +++ b/java/ql/lib/ext/java.nio.file.spi.model.yml @@ -4,5 +4,5 @@ extensions: extensible: neutralModel data: # sink neutrals - - ["java.nio.file.spi", "FileSystemProvider" "isHidden", "", "sink", "manual"] - - ["java.nio.file.spi", "FileSystemProvider" "isSameFile", "", "sink", "manual"] + - ["java.nio.file.spi", "FileSystemProvider" "isHidden", "", "sink", "hq-manual"] + - ["java.nio.file.spi", "FileSystemProvider" "isSameFile", "", "sink", "hq-manual"] diff --git a/java/ql/lib/ext/java.text.model.yml b/java/ql/lib/ext/java.text.model.yml index d4704c2ab97..02e0eac7407 100644 --- a/java/ql/lib/ext/java.text.model.yml +++ b/java/ql/lib/ext/java.text.model.yml @@ -11,6 +11,6 @@ extensions: - ["java.text", "SimpleDateFormat", "SimpleDateFormat", "(String)", "summary", "manual"] # taint-numeric # sink neutrals - - ["java.text", "Collator" "compare", "", "sink", "manual"] - - ["java.text", "Collator" "equals", "", "sink", "manual"] - - ["java.text", "RuleBasedCollator", "compare", "", "sink", "manual"] + - ["java.text", "Collator" "compare", "", "sink", "hq-manual"] + - ["java.text", "Collator" "equals", "", "sink", "hq-manual"] + - ["java.text", "RuleBasedCollator", "compare", "", "sink", "hq-manual"] diff --git a/java/ql/lib/ext/java.util.prefs.model.yml b/java/ql/lib/ext/java.util.prefs.model.yml index 412730c3807..a2a7c16bc5d 100644 --- a/java/ql/lib/ext/java.util.prefs.model.yml +++ b/java/ql/lib/ext/java.util.prefs.model.yml @@ -4,5 +4,5 @@ extensions: extensible: neutralModel data: # sink neutrals - - ["java.util.prefs", "AbstractPreferences", "nodeExists", "", "sink", "manual"] - - ["java.util.prefs", "Preferences", "nodeExists", "", "sink", "manual"] + - ["java.util.prefs", "AbstractPreferences", "nodeExists", "", "sink", "hq-manual"] + - ["java.util.prefs", "Preferences", "nodeExists", "", "sink", "hq-manual"] diff --git a/java/ql/lib/ext/org.apache.hc.client5.http.protocol.model.yml b/java/ql/lib/ext/org.apache.hc.client5.http.protocol.model.yml index eb30b29a50a..b5f46643f2f 100644 --- a/java/ql/lib/ext/org.apache.hc.client5.http.protocol.model.yml +++ b/java/ql/lib/ext/org.apache.hc.client5.http.protocol.model.yml @@ -4,4 +4,4 @@ extensions: extensible: neutralModel data: # sink neutrals - - ["org.apache.hc.client5.http.protocol", "RedirectLocations", "contains", "", "sink", "manual"] + - ["org.apache.hc.client5.http.protocol", "RedirectLocations", "contains", "", "sink", "hq-manual"] From f255b6acb805a5122bb7bdad47f023a6f557dcfd Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Mon, 22 May 2023 08:55:54 -0400 Subject: [PATCH 707/870] Java: fix typos --- java/ql/lib/ext/java.nio.file.model.yml | 30 ++++++++++----------- java/ql/lib/ext/java.nio.file.spi.model.yml | 4 +-- java/ql/lib/ext/java.text.model.yml | 4 +-- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml index 243f6a528a1..6b08117d74f 100644 --- a/java/ql/lib/ext/java.nio.file.model.yml +++ b/java/ql/lib/ext/java.nio.file.model.yml @@ -85,18 +85,18 @@ extensions: - ["java.nio.file", "Files", "exists", "(Path,LinkOption[])", "summary", "manual"] # sink neutrals - - ["java.nio.file", "Files" "exists", "", "sink", "hq-manual"] - - ["java.nio.file", "Files" "getLastModifiedTime", "", "sink", "hq-manual"] - - ["java.nio.file", "Files" "getOwner", "", "sink", "hq-manual"] - - ["java.nio.file", "Files" "getPosixFilePermissions", "", "sink", "hq-manual"] - - ["java.nio.file", "Files" "isDirectory", "", "sink", "hq-manual"] - - ["java.nio.file", "Files" "isExecutable", "", "sink", "hq-manual"] - - ["java.nio.file", "Files" "isHidden", "", "sink", "hq-manual"] - - ["java.nio.file", "Files" "isReadable", "", "sink", "hq-manual"] - - ["java.nio.file", "Files" "isRegularFile", "", "sink", "hq-manual"] - - ["java.nio.file", "Files" "isSameFile", "", "sink", "hq-manual"] - - ["java.nio.file", "Files" "isSymbolicLink", "", "sink", "hq-manual"] - - ["java.nio.file", "Files" "isWritable", "", "sink", "hq-manual"] - - ["java.nio.file", "Files" "notExists", "", "sink", "hq-manual"] - - ["java.nio.file", "Files" "setLastModifiedTime", "", "sink", "hq-manual"] - - ["java.nio.file", "Files" "size", "", "sink", "hq-manual"] + - ["java.nio.file", "Files", "exists", "", "sink", "hq-manual"] + - ["java.nio.file", "Files", "getLastModifiedTime", "", "sink", "hq-manual"] + - ["java.nio.file", "Files", "getOwner", "", "sink", "hq-manual"] + - ["java.nio.file", "Files", "getPosixFilePermissions", "", "sink", "hq-manual"] + - ["java.nio.file", "Files", "isDirectory", "", "sink", "hq-manual"] + - ["java.nio.file", "Files", "isExecutable", "", "sink", "hq-manual"] + - ["java.nio.file", "Files", "isHidden", "", "sink", "hq-manual"] + - ["java.nio.file", "Files", "isReadable", "", "sink", "hq-manual"] + - ["java.nio.file", "Files", "isRegularFile", "", "sink", "hq-manual"] + - ["java.nio.file", "Files", "isSameFile", "", "sink", "hq-manual"] + - ["java.nio.file", "Files", "isSymbolicLink", "", "sink", "hq-manual"] + - ["java.nio.file", "Files", "isWritable", "", "sink", "hq-manual"] + - ["java.nio.file", "Files", "notExists", "", "sink", "hq-manual"] + - ["java.nio.file", "Files", "setLastModifiedTime", "", "sink", "hq-manual"] + - ["java.nio.file", "Files", "size", "", "sink", "hq-manual"] diff --git a/java/ql/lib/ext/java.nio.file.spi.model.yml b/java/ql/lib/ext/java.nio.file.spi.model.yml index 0b6d1d89988..91e465af105 100644 --- a/java/ql/lib/ext/java.nio.file.spi.model.yml +++ b/java/ql/lib/ext/java.nio.file.spi.model.yml @@ -4,5 +4,5 @@ extensions: extensible: neutralModel data: # sink neutrals - - ["java.nio.file.spi", "FileSystemProvider" "isHidden", "", "sink", "hq-manual"] - - ["java.nio.file.spi", "FileSystemProvider" "isSameFile", "", "sink", "hq-manual"] + - ["java.nio.file.spi", "FileSystemProvider", "isHidden", "", "sink", "hq-manual"] + - ["java.nio.file.spi", "FileSystemProvider", "isSameFile", "", "sink", "hq-manual"] diff --git a/java/ql/lib/ext/java.text.model.yml b/java/ql/lib/ext/java.text.model.yml index 02e0eac7407..5b315e9986d 100644 --- a/java/ql/lib/ext/java.text.model.yml +++ b/java/ql/lib/ext/java.text.model.yml @@ -11,6 +11,6 @@ extensions: - ["java.text", "SimpleDateFormat", "SimpleDateFormat", "(String)", "summary", "manual"] # taint-numeric # sink neutrals - - ["java.text", "Collator" "compare", "", "sink", "hq-manual"] - - ["java.text", "Collator" "equals", "", "sink", "hq-manual"] + - ["java.text", "Collator", "compare", "", "sink", "hq-manual"] + - ["java.text", "Collator", "equals", "", "sink", "hq-manual"] - ["java.text", "RuleBasedCollator", "compare", "", "sink", "hq-manual"] From 24fc4ba2d4e056f9d0838efad8ee76bd0912240f Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Fri, 26 May 2023 18:53:55 -0400 Subject: [PATCH 708/870] Java: add tests --- .../neutralsinks/NeutralSinksTest.expected | 0 .../neutrals/neutralsinks/NeutralSinksTest.ql | 20 ++++ .../neutrals/neutralsinks/Test.java | 61 ++++++++++ .../neutrals/neutralsinks/options | 1 + .../http/protocol/RedirectLocations.java | 111 ++++++++++++++++++ 5 files changed, 193 insertions(+) create mode 100644 java/ql/test/library-tests/neutrals/neutralsinks/NeutralSinksTest.expected create mode 100644 java/ql/test/library-tests/neutrals/neutralsinks/NeutralSinksTest.ql create mode 100644 java/ql/test/library-tests/neutrals/neutralsinks/Test.java create mode 100644 java/ql/test/library-tests/neutrals/neutralsinks/options create mode 100644 java/ql/test/stubs/apache-http-5/org/apache/hc/client5/http/protocol/RedirectLocations.java diff --git a/java/ql/test/library-tests/neutrals/neutralsinks/NeutralSinksTest.expected b/java/ql/test/library-tests/neutrals/neutralsinks/NeutralSinksTest.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/library-tests/neutrals/neutralsinks/NeutralSinksTest.ql b/java/ql/test/library-tests/neutrals/neutralsinks/NeutralSinksTest.ql new file mode 100644 index 00000000000..422508f5711 --- /dev/null +++ b/java/ql/test/library-tests/neutrals/neutralsinks/NeutralSinksTest.ql @@ -0,0 +1,20 @@ +import java +import TestUtilities.InlineExpectationsTest +import semmle.code.java.dataflow.DataFlow +import semmle.code.java.dataflow.ExternalFlow + +class NeutralSinksTest extends InlineExpectationsTest { + NeutralSinksTest() { this = "NeutralSinksTest" } + + override string getARelevantTag() { result = "isSink" } + + override predicate hasActualResult(Location location, string element, string tag, string value) { + tag = "isSink" and + exists(DataFlow::Node sink | + sinkNode(sink, _) and + sink.getLocation() = location and + element = sink.toString() and + value = "" + ) + } +} diff --git a/java/ql/test/library-tests/neutrals/neutralsinks/Test.java b/java/ql/test/library-tests/neutrals/neutralsinks/Test.java new file mode 100644 index 00000000000..fee2cbbb7dd --- /dev/null +++ b/java/ql/test/library-tests/neutrals/neutralsinks/Test.java @@ -0,0 +1,61 @@ +import java.io.File; +import java.nio.file.Files; +import java.nio.file.spi.FileSystemProvider; +import java.nio.file.LinkOption; +import java.text.Collator; +import java.text.RuleBasedCollator; +import java.util.prefs.AbstractPreferences; +import java.util.prefs.Preferences; +import org.apache.hc.client5.http.protocol.RedirectLocations; + +public class Test { + + public void test() throws Exception { + + // java.io + File file = null; + file.exists(); // Neutral Sink + file.compareTo(null); // Neutral Sink + + // java.nio.file + Files.exists(null, (LinkOption[])null); // Neutral Sink + Files.getLastModifiedTime(null, (LinkOption[])null); // Neutral Sink + Files.getOwner(null, (LinkOption[])null); // Neutral Sink + Files.getPosixFilePermissions(null, (LinkOption[])null); // Neutral Sink + Files.isDirectory(null, (LinkOption[])null); // Neutral Sink + Files.isExecutable(null); // Neutral Sink + Files.isHidden(null); // Neutral Sink + Files.isReadable(null); // Neutral Sink + Files.isRegularFile(null, (LinkOption[])null); // Neutral Sink + Files.isSameFile(null, null); // Neutral Sink + Files.isSymbolicLink(null); // Neutral Sink + Files.isWritable(null); // Neutral Sink + Files.notExists(null, (LinkOption[])null); // Neutral Sink + Files.setLastModifiedTime(null, null); // Neutral Sink + Files.size(null); // Neutral Sink + + // java.nio.file.spi + FileSystemProvider fsp = null; + fsp.isHidden(null); // Neutral Sink + fsp.isSameFile(null, null); // Neutral Sink + + // java.text + Collator c = null; + c.compare(null, null); // Neutral Sink + c.equals(null); // Neutral Sink + c.equals(null, null); // Neutral Sink + RuleBasedCollator rbc = null; + rbc.compare(null, null); // Neutral Sink + + // java.util.prefs + AbstractPreferences ap = null; + ap.nodeExists(null); // Neutral Sink + Preferences p = null; + p.nodeExists(null); // Neutral Sink + + // org.apache.hc.client5.http.protocol + RedirectLocations rl = null; + rl.contains(null); // Neutral Sink + } + +} diff --git a/java/ql/test/library-tests/neutrals/neutralsinks/options b/java/ql/test/library-tests/neutrals/neutralsinks/options new file mode 100644 index 00000000000..6de6bb95285 --- /dev/null +++ b/java/ql/test/library-tests/neutrals/neutralsinks/options @@ -0,0 +1 @@ +//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/apache-http-5 diff --git a/java/ql/test/stubs/apache-http-5/org/apache/hc/client5/http/protocol/RedirectLocations.java b/java/ql/test/stubs/apache-http-5/org/apache/hc/client5/http/protocol/RedirectLocations.java new file mode 100644 index 00000000000..ca717c54ebd --- /dev/null +++ b/java/ql/test/stubs/apache-http-5/org/apache/hc/client5/http/protocol/RedirectLocations.java @@ -0,0 +1,111 @@ +/* + * ==================================================================== + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * ==================================================================== + * + * This software consists of voluntary contributions made by many + * individuals on behalf of the Apache Software Foundation. For more + * information on the Apache Software Foundation, please see + * <http://www.apache.org/>. + * + */ + + package org.apache.hc.client5.http.protocol; + + import java.net.URI; + import java.util.ArrayList; + import java.util.HashSet; + import java.util.List; + import java.util.Set; + + /** + * This class represents a collection of {@link java.net.URI}s used + * as redirect locations. + * + * @since 4.0 + */ + public final class RedirectLocations { + + private final Set<URI> unique; + private final List<URI> all; + + public RedirectLocations() { + super(); + this.unique = new HashSet<>(); + this.all = new ArrayList<>(); + } + + /** + * Test if the URI is present in the collection. + */ + public boolean contains(final URI uri) { + return this.unique.contains(uri); + } + + /** + * Adds a new URI to the collection. + */ + public void add(final URI uri) { + this.unique.add(uri); + this.all.add(uri); + } + + /** + * Returns all redirect {@link URI}s in the order they were added to the collection. + * + * @return list of all URIs + * + * @since 4.1 + */ + public List<URI> getAll() { + return new ArrayList<>(this.all); + } + + /** + * Returns the URI at the specified position in this list. + * + * @param index + * index of the location to return + * @return the URI at the specified position in this list + * @throws IndexOutOfBoundsException + * if the index is out of range ( + * {@code index < 0 || index >= size()}) + * @since 4.3 + */ + public URI get(final int index) { + return this.all.get(index); + } + + /** + * Returns the number of elements in this list. If this list contains more + * than {@code Integer.MAX_VALUE} elements, returns + * {@code Integer.MAX_VALUE}. + * + * @return the number of elements in this list + * @since 4.3 + */ + public int size() { + return this.all.size(); + } + + public void clear() { + unique.clear(); + all.clear(); + } + + } From 6386ef3b962cb6a16c9c09f4842a1383982a18da Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Mon, 29 May 2023 09:58:52 +0200 Subject: [PATCH 709/870] Further perf improvements --- java/ql/src/utils/stub-generator/Stubs.qll | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/java/ql/src/utils/stub-generator/Stubs.qll b/java/ql/src/utils/stub-generator/Stubs.qll index a42a806455e..889bc6b466c 100644 --- a/java/ql/src/utils/stub-generator/Stubs.qll +++ b/java/ql/src/utils/stub-generator/Stubs.qll @@ -287,18 +287,23 @@ private string stubQualifier(RefType t) { pragma[nomagic] private predicate needsPackageNameHelper(RefType t, GeneratedTopLevel top, string name) { - t.getSourceDeclaration() = [getAReferencedType(top), top].getSourceDeclaration() and + t.getSourceDeclaration() = + pragma[only_bind_out]([getAReferencedType(top), top].getSourceDeclaration()) and name = t.getName() } +pragma[nomagic] +private predicate describesMultipleTypes(GeneratedTopLevel top, string name) { + 2 <= strictcount(RefType t | needsPackageNameHelper(t, top, name)) +} + /** * Holds if `t` may clash with another type of the same name, so should be referred to using the fully qualified name */ private predicate needsPackageName(RefType t) { - exists(GeneratedTopLevel top, RefType other, string name | + exists(GeneratedTopLevel top, string name | needsPackageNameHelper(t, top, name) and - needsPackageNameHelper(other, top, name) and - t != other + describesMultipleTypes(top, name) ) } From 2d81e30d8191fcb749de6d3e95ffd3536eba674d Mon Sep 17 00:00:00 2001 From: Andrew Eisenberg <aeisenberg@github.com> Date: Mon, 29 May 2023 13:45:41 -0700 Subject: [PATCH 710/870] Fix `addsTo.pack` references This change is a prerequisite for a CLI change where there will be strict testing of the `addsTo.pack` values. It must resolve to a pack reference that is a transitive dependency of the current query's pack. --- .../lib/ext/org.apache.hc.core5.http.impl.bootstrap.model.yml | 2 +- .../src/utils/flowtestcasegenerator/GenerateFlowTestCase.py | 4 ++-- java/ql/test/ext/TestModels/test.ext.yml | 2 +- .../kotlin/library-tests/dataflow/notnullexpr/test.ext.yml | 2 +- .../test/kotlin/library-tests/dataflow/whenexpr/test.ext.yml | 2 +- .../library-tests/dataflow/callback-dispatch/test.ext.yml | 3 +-- .../library-tests/dataflow/collections/containerflow.ext.yml | 2 +- .../test/library-tests/dataflow/external-models/sinks.ext.yml | 2 +- .../test/library-tests/dataflow/external-models/srcs.ext.yml | 2 +- .../test/library-tests/dataflow/external-models/steps.ext.yml | 2 +- java/ql/test/library-tests/dataflow/synth-global/test.ext.yml | 2 +- .../android/content-provider-summaries/test.ext.yml | 2 +- .../test/library-tests/frameworks/android/intent/test.ext.yml | 2 +- .../frameworks/android/notification/test.ext.yml | 2 +- .../library-tests/frameworks/apache-collections/test.ext.yml | 2 +- .../ql/test/library-tests/frameworks/apache-http/flow.ext.yml | 2 +- .../frameworks/guava/generated/collect/test.ext.yml | 2 +- .../ql/test/library-tests/frameworks/jdk/java.io/test.ext.yml | 2 +- .../library-tests/frameworks/netty/generated/test.ext.yml | 2 +- java/ql/test/library-tests/frameworks/stream/test.ext.yml | 2 +- java/ql/test/library-tests/optional/test.ext.yml | 2 +- 21 files changed, 22 insertions(+), 23 deletions(-) diff --git a/java/ql/lib/ext/org.apache.hc.core5.http.impl.bootstrap.model.yml b/java/ql/lib/ext/org.apache.hc.core5.http.impl.bootstrap.model.yml index a2789520908..c9515372645 100644 --- a/java/ql/lib/ext/org.apache.hc.core5.http.impl.bootstrap.model.yml +++ b/java/ql/lib/ext/org.apache.hc.core5.http.impl.bootstrap.model.yml @@ -1,6 +1,6 @@ extensions: - addsTo: - pack: codeql/java-tests + pack: codeql/java-all extensible: sinkModel data: - ["org.apache.hc.core5.http.impl.bootstrap", "HttpAsyncRequester", True, "connect", "(HttpHost,Timeout)", "", "Argument[0]", "open-url", "hq-manual"] diff --git a/java/ql/src/utils/flowtestcasegenerator/GenerateFlowTestCase.py b/java/ql/src/utils/flowtestcasegenerator/GenerateFlowTestCase.py index 5e35ca52dd1..1cc943a78ec 100755 --- a/java/ql/src/utils/flowtestcasegenerator/GenerateFlowTestCase.py +++ b/java/ql/src/utils/flowtestcasegenerator/GenerateFlowTestCase.py @@ -18,7 +18,7 @@ GenerateFlowTestCase.py specsToTest projectPom.xml outdir [--force] This generates test cases exercising function model specifications found in specsToTest producing files Test.java, test.ql, test.ext.yml and test.expected in outdir. -specsToTest should either be a .csv file, a .yml file, or a directory of .yml files, containing the +specsToTest should either be a .csv file, a .yml file, or a directory of .yml files, containing the model specifications to test. projectPom.xml should be a Maven pom sufficient to resolve the classes named in specsToTest.csv. @@ -276,7 +276,7 @@ if len(supportModelRows) != 0: modelSpecRow[0].strip() for modelSpecRow in supportModelRows) dataextensions = f"""extensions: - addsTo: - pack: codeql/java-tests + pack: codeql/java-all extensible: summaryModel data: {models} diff --git a/java/ql/test/ext/TestModels/test.ext.yml b/java/ql/test/ext/TestModels/test.ext.yml index 4fff7d575a3..c5873214f71 100644 --- a/java/ql/test/ext/TestModels/test.ext.yml +++ b/java/ql/test/ext/TestModels/test.ext.yml @@ -1,6 +1,6 @@ extensions: - addsTo: - pack: codeql/java-tests + pack: codeql/java-all extensible: summaryModel data: - ["generatedtest", "Test", False, "newWithMapValueDefault", "(Object)", "", "Argument[0]", "ReturnValue.MapValue", "value", "manual"] diff --git a/java/ql/test/kotlin/library-tests/dataflow/notnullexpr/test.ext.yml b/java/ql/test/kotlin/library-tests/dataflow/notnullexpr/test.ext.yml index 589c787bf9a..700f3f51e6f 100644 --- a/java/ql/test/kotlin/library-tests/dataflow/notnullexpr/test.ext.yml +++ b/java/ql/test/kotlin/library-tests/dataflow/notnullexpr/test.ext.yml @@ -1,6 +1,6 @@ extensions: - addsTo: - pack: codeql/java-tests + pack: codeql/java-all extensible: summaryModel data: - ["", "Uri", False, "getQueryParameter", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] diff --git a/java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.ext.yml b/java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.ext.yml index 589c787bf9a..700f3f51e6f 100644 --- a/java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.ext.yml +++ b/java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.ext.yml @@ -1,6 +1,6 @@ extensions: - addsTo: - pack: codeql/java-tests + pack: codeql/java-all extensible: summaryModel data: - ["", "Uri", False, "getQueryParameter", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] diff --git a/java/ql/test/library-tests/dataflow/callback-dispatch/test.ext.yml b/java/ql/test/library-tests/dataflow/callback-dispatch/test.ext.yml index 5f35c923ad0..a153e39a0e0 100644 --- a/java/ql/test/library-tests/dataflow/callback-dispatch/test.ext.yml +++ b/java/ql/test/library-tests/dataflow/callback-dispatch/test.ext.yml @@ -1,6 +1,6 @@ extensions: - addsTo: - pack: codeql/java-tests + pack: codeql/java-all extensible: summaryModel data: - ["my.callback.qltest", "A", False, "applyConsumer1", "(Object,Consumer1)", "", "Argument[0]", "Argument[1].Parameter[0]", "value", "manual"] @@ -15,4 +15,3 @@ extensions: - ["my.callback.qltest", "A", False, "produceConsume", "(Producer1,Consumer3)", "", "Argument[1].Parameter[0]", "ReturnValue", "value", "manual"] - ["my.callback.qltest", "A", False, "applyConverter1", "(Object,Converter1)", "", "Argument[0]", "Argument[1].Parameter[0]", "value", "manual"] - ["my.callback.qltest", "A", False, "applyConverter1", "(Object,Converter1)", "", "Argument[1].ReturnValue", "ReturnValue", "value", "manual"] - diff --git a/java/ql/test/library-tests/dataflow/collections/containerflow.ext.yml b/java/ql/test/library-tests/dataflow/collections/containerflow.ext.yml index ebe7e3b6ea5..c12a0156d0c 100644 --- a/java/ql/test/library-tests/dataflow/collections/containerflow.ext.yml +++ b/java/ql/test/library-tests/dataflow/collections/containerflow.ext.yml @@ -1,6 +1,6 @@ extensions: - addsTo: - pack: codeql/java-tests + pack: codeql/java-all extensible: summaryModel data: - ["", "B", False, "readElement", "(Spliterator)", "", "Argument[0].Element", "ReturnValue", "value", "manual"] diff --git a/java/ql/test/library-tests/dataflow/external-models/sinks.ext.yml b/java/ql/test/library-tests/dataflow/external-models/sinks.ext.yml index 55a76b79b21..d469a2de0dc 100644 --- a/java/ql/test/library-tests/dataflow/external-models/sinks.ext.yml +++ b/java/ql/test/library-tests/dataflow/external-models/sinks.ext.yml @@ -1,6 +1,6 @@ extensions: - addsTo: - pack: codeql/java-tests + pack: codeql/java-all extensible: sinkModel data: - ["my.qltest", "B", False, "sink1", "(Object)", "", "Argument[0]", "qltest", "manual"] diff --git a/java/ql/test/library-tests/dataflow/external-models/srcs.ext.yml b/java/ql/test/library-tests/dataflow/external-models/srcs.ext.yml index 7730d41e549..9693152f1c0 100644 --- a/java/ql/test/library-tests/dataflow/external-models/srcs.ext.yml +++ b/java/ql/test/library-tests/dataflow/external-models/srcs.ext.yml @@ -1,6 +1,6 @@ extensions: - addsTo: - pack: codeql/java-tests + pack: codeql/java-all extensible: sourceModel data: - ["my.qltest", "A", False, "src1", "()", "", "ReturnValue", "qltest", "manual"] diff --git a/java/ql/test/library-tests/dataflow/external-models/steps.ext.yml b/java/ql/test/library-tests/dataflow/external-models/steps.ext.yml index 41d26cf815a..c6a1fb69d6d 100644 --- a/java/ql/test/library-tests/dataflow/external-models/steps.ext.yml +++ b/java/ql/test/library-tests/dataflow/external-models/steps.ext.yml @@ -1,6 +1,6 @@ extensions: - addsTo: - pack: codeql/java-tests + pack: codeql/java-all extensible: summaryModel data: - ["my.qltest", "C", False, "stepArgRes", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"] diff --git a/java/ql/test/library-tests/dataflow/synth-global/test.ext.yml b/java/ql/test/library-tests/dataflow/synth-global/test.ext.yml index 3d3bbe9fd47..58b4d2ecc24 100644 --- a/java/ql/test/library-tests/dataflow/synth-global/test.ext.yml +++ b/java/ql/test/library-tests/dataflow/synth-global/test.ext.yml @@ -1,6 +1,6 @@ extensions: - addsTo: - pack: codeql/java-tests + pack: codeql/java-all extensible: summaryModel data: - ["my.qltest.synth", "A", False, "storeInArray", "(String)", "", "Argument[0]", "SyntheticGlobal[db1].ArrayElement", "value", "manual"] diff --git a/java/ql/test/library-tests/frameworks/android/content-provider-summaries/test.ext.yml b/java/ql/test/library-tests/frameworks/android/content-provider-summaries/test.ext.yml index cf5c80bc456..06781456552 100644 --- a/java/ql/test/library-tests/frameworks/android/content-provider-summaries/test.ext.yml +++ b/java/ql/test/library-tests/frameworks/android/content-provider-summaries/test.ext.yml @@ -1,6 +1,6 @@ extensions: - addsTo: - pack: codeql/java-tests + pack: codeql/java-all extensible: summaryModel data: - ["generatedtest", "Test", False, "newWithMapValueDefault", "(Object)", "", "Argument[0]", "ReturnValue.MapValue", "value", "manual"] diff --git a/java/ql/test/library-tests/frameworks/android/intent/test.ext.yml b/java/ql/test/library-tests/frameworks/android/intent/test.ext.yml index 31321102a46..0a3ce554bc7 100644 --- a/java/ql/test/library-tests/frameworks/android/intent/test.ext.yml +++ b/java/ql/test/library-tests/frameworks/android/intent/test.ext.yml @@ -1,6 +1,6 @@ extensions: - addsTo: - pack: codeql/java-tests + pack: codeql/java-all extensible: summaryModel data: - ["generatedtest", "Test", False, "newBundleWithMapValue", "(Object)", "", "Argument[0]", "ReturnValue.MapValue", "value", "manual"] diff --git a/java/ql/test/library-tests/frameworks/android/notification/test.ext.yml b/java/ql/test/library-tests/frameworks/android/notification/test.ext.yml index bd5c804fddc..69b416a5b72 100644 --- a/java/ql/test/library-tests/frameworks/android/notification/test.ext.yml +++ b/java/ql/test/library-tests/frameworks/android/notification/test.ext.yml @@ -1,6 +1,6 @@ extensions: - addsTo: - pack: codeql/java-tests + pack: codeql/java-all extensible: summaryModel data: - ["generatedtest", "Test", False, "getMapKeyDefault", "(Bundle)", "", "Argument[0].MapKey", "ReturnValue", "value", "manual"] diff --git a/java/ql/test/library-tests/frameworks/apache-collections/test.ext.yml b/java/ql/test/library-tests/frameworks/apache-collections/test.ext.yml index a5d1cc8e1ab..60531154074 100644 --- a/java/ql/test/library-tests/frameworks/apache-collections/test.ext.yml +++ b/java/ql/test/library-tests/frameworks/apache-collections/test.ext.yml @@ -1,6 +1,6 @@ extensions: - addsTo: - pack: codeql/java-tests + pack: codeql/java-all extensible: summaryModel data: - ["generatedtest", "Test", False, "newRBWithMapValue", "", "", "Argument[0]", "ReturnValue.MapValue", "value", "manual"] diff --git a/java/ql/test/library-tests/frameworks/apache-http/flow.ext.yml b/java/ql/test/library-tests/frameworks/apache-http/flow.ext.yml index ff32ab78646..6e41b8a4e24 100644 --- a/java/ql/test/library-tests/frameworks/apache-http/flow.ext.yml +++ b/java/ql/test/library-tests/frameworks/apache-http/flow.ext.yml @@ -1,6 +1,6 @@ extensions: - addsTo: - pack: codeql/java-tests + pack: codeql/java-all extensible: summaryModel data: - ["generatedtest", "Client", False, "getURIBuilder_pathDefault", "(Object)", "", "Argument[0].SyntheticField[org.apache.http.client.utils.URIBuilder.path]", "ReturnValue", "taint", "manual"] diff --git a/java/ql/test/library-tests/frameworks/guava/generated/collect/test.ext.yml b/java/ql/test/library-tests/frameworks/guava/generated/collect/test.ext.yml index 153b649a3e6..e711fa15ecc 100644 --- a/java/ql/test/library-tests/frameworks/guava/generated/collect/test.ext.yml +++ b/java/ql/test/library-tests/frameworks/guava/generated/collect/test.ext.yml @@ -1,6 +1,6 @@ extensions: - addsTo: - pack: codeql/java-tests + pack: codeql/java-all extensible: summaryModel data: - ["generatedtest", "Test", False, "newWithElementDefault", "(Object)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"] diff --git a/java/ql/test/library-tests/frameworks/jdk/java.io/test.ext.yml b/java/ql/test/library-tests/frameworks/jdk/java.io/test.ext.yml index 35050f48ec0..230733b3ebc 100644 --- a/java/ql/test/library-tests/frameworks/jdk/java.io/test.ext.yml +++ b/java/ql/test/library-tests/frameworks/jdk/java.io/test.ext.yml @@ -1,6 +1,6 @@ extensions: - addsTo: - pack: codeql/java-tests + pack: codeql/java-all extensible: summaryModel data: - ["generatedtest", "Test", False, "getThrowable_messageDefault", "(Object)", "", "Argument[0].SyntheticField[java.lang.Throwable.message]", "ReturnValue", "value", "manual"] diff --git a/java/ql/test/library-tests/frameworks/netty/generated/test.ext.yml b/java/ql/test/library-tests/frameworks/netty/generated/test.ext.yml index f6b69f08632..47a199c75f1 100644 --- a/java/ql/test/library-tests/frameworks/netty/generated/test.ext.yml +++ b/java/ql/test/library-tests/frameworks/netty/generated/test.ext.yml @@ -1,6 +1,6 @@ extensions: - addsTo: - pack: codeql/java-tests + pack: codeql/java-all extensible: summaryModel data: - ["generatedtest", "Test", False, "newWithMapValueDefault", "(Object)", "", "Argument[0]", "ReturnValue.MapValue", "value", "manual"] diff --git a/java/ql/test/library-tests/frameworks/stream/test.ext.yml b/java/ql/test/library-tests/frameworks/stream/test.ext.yml index 4f1cc3e38ac..a304f9542a4 100644 --- a/java/ql/test/library-tests/frameworks/stream/test.ext.yml +++ b/java/ql/test/library-tests/frameworks/stream/test.ext.yml @@ -1,6 +1,6 @@ extensions: - addsTo: - pack: codeql/java-tests + pack: codeql/java-all extensible: summaryModel data: - ["generatedtest", "Test", False, "getElementSpliterator", "(Spliterator)", "", "Argument[0].Element", "ReturnValue", "value", "manual"] diff --git a/java/ql/test/library-tests/optional/test.ext.yml b/java/ql/test/library-tests/optional/test.ext.yml index 2aebf3bdb97..24842526782 100644 --- a/java/ql/test/library-tests/optional/test.ext.yml +++ b/java/ql/test/library-tests/optional/test.ext.yml @@ -1,6 +1,6 @@ extensions: - addsTo: - pack: codeql/java-tests + pack: codeql/java-all extensible: summaryModel data: - ["generatedtest", "Test", False, "getStreamElement", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"] From 53aecb1949dce5c6254bb94c4be6cbac16353d1e Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 30 May 2023 00:17:04 +0000 Subject: [PATCH 711/870] Add changed framework coverage reports --- csharp/documentation/library-coverage/coverage.csv | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/csharp/documentation/library-coverage/coverage.csv b/csharp/documentation/library-coverage/coverage.csv index 9c900cf79cd..a4a6a534105 100644 --- a/csharp/documentation/library-coverage/coverage.csv +++ b/csharp/documentation/library-coverage/coverage.csv @@ -1,9 +1,9 @@ -package,sink,source,summary,sink:code,sink:encryption-decryptor,sink:encryption-encryptor,sink:encryption-keyprop,sink:encryption-symmetrickey,sink:html,sink:remote,sink:sql,sink:xss,source:file,source:file-write,source:local,source:remote,summary:taint,summary:value -Dapper,55,,,,,,,,,,55,,,,,,, +package,sink,source,summary,sink:code-injection,sink:encryption-decryptor,sink:encryption-encryptor,sink:encryption-keyprop,sink:encryption-symmetrickey,sink:file-content-store,sink:html-injection,sink:js-injection,sink:sql-injection,source:file,source:file-write,source:local,source:remote,summary:taint,summary:value +Dapper,55,,,,,,,,,,,55,,,,,, JsonToItemsTaskFactory,,,7,,,,,,,,,,,,,,7, -Microsoft.ApplicationBlocks.Data,28,,,,,,,,,,28,,,,,,, +Microsoft.ApplicationBlocks.Data,28,,,,,,,,,,,28,,,,,, Microsoft.CSharp,,,24,,,,,,,,,,,,,,24, -Microsoft.EntityFrameworkCore,6,,12,,,,,,,,6,,,,,,,12 +Microsoft.EntityFrameworkCore,6,,12,,,,,,,,,6,,,,,,12 Microsoft.Extensions.Caching.Distributed,,,15,,,,,,,,,,,,,,15, Microsoft.Extensions.Caching.Memory,,,46,,,,,,,,,,,,,,45,1 Microsoft.Extensions.Configuration,,,83,,,,,,,,,,,,,,80,3 @@ -21,8 +21,8 @@ Microsoft.NET.Build.Tasks,,,1,,,,,,,,,,,,,,1, Microsoft.NETCore.Platforms.BuildTasks,,,4,,,,,,,,,,,,,,4, Microsoft.VisualBasic,,,10,,,,,,,,,,,,,,5,5 Microsoft.Win32,,,8,,,,,,,,,,,,,,8, -MySql.Data.MySqlClient,48,,,,,,,,,,48,,,,,,, +MySql.Data.MySqlClient,48,,,,,,,,,,,48,,,,,, Newtonsoft.Json,,,91,,,,,,,,,,,,,,73,18 -ServiceStack,194,,7,27,,,,,,75,92,,,,,,7, -System,65,25,12157,,8,8,9,,4,,33,3,1,17,3,4,10163,1994 +ServiceStack,194,,7,27,,,,,75,,,92,,,,,7, +System,65,25,12157,,8,8,9,,,4,3,33,1,17,3,4,10163,1994 Windows.Security.Cryptography.Core,1,,,,,,,1,,,,,,,,,, From 39a07d42a1bca7edaffc56b4ec5beb6c621da668 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 May 2023 04:03:50 +0000 Subject: [PATCH 712/870] Bump chrono from 0.4.24 to 0.4.25 in /ql Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.24 to 0.4.25. - [Release notes](https://github.com/chronotope/chrono/releases) - [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md) - [Commits](https://github.com/chronotope/chrono/compare/v0.4.24...v0.4.25) --- updated-dependencies: - dependency-name: chrono dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> --- ql/Cargo.lock | Bin 31708 -> 31667 bytes ql/buramu/Cargo.toml | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/ql/Cargo.lock b/ql/Cargo.lock index 60a0ad5919a43dba84fa52a6aa9930bd588cf198..76437a85e057d43e2bf6bd6efa08833e2d6e19f3 100644 GIT binary patch delta 197 zcmWlTJ8l9o6aWQ*0)-YKktRV(gZS8f#&4}OThPN5{C+2(;u<~xJr!sVlO~r)MVrlN z`k9~SpnDGP%i(BqzDV62X7#u^wwimQrvTBwgD2;RJ#Yx(k~X|I!;r*N0^bxyrGP1C zB%)|)u70fM-P>?6slV^1)`S>PdP~+lu{IvTp!5OslF5J*Mo}dytcArXNg+{8YUH3k cUgq_>9#8%s%egGq_51a+n@;1l3tzYP4_iJx6951J delta 203 zcmXxcF-k*05CBjTkf5YXktU%0UimxoXLg66#2ZL%u)DJpQW!AA-YbN?M^N?}9>D_$ z9w4nYmalp3Jo-A1-n()89?vf8+v4eAD40o{^vqEWK+U6PDAZ@OtOcW|U=YI)l5?0S zusRFuAtd(o_&Bd^+D*2*L)nyl`<&k2{iFV@(+YqTF^DCkULp)x&?tkH#7PVMeMy3f m^^O@?%_ykPY@S%MO8r<~U)^-O*XP^AK5pwvw`dp3)9M$zN<X0h diff --git a/ql/buramu/Cargo.toml b/ql/buramu/Cargo.toml index c478297f5b8..a84be37dbd7 100644 --- a/ql/buramu/Cargo.toml +++ b/ql/buramu/Cargo.toml @@ -7,6 +7,6 @@ edition = "2018" [dependencies] lazy_static = "1.4.0" -chrono = "0.4.24" +chrono = "0.4.25" rayon = "1.7.0" regex = "1.8.3" From d50617202746b8cbb8558f8486975a804e9a71fd Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 30 May 2023 09:11:00 +0100 Subject: [PATCH 713/870] Swift: Change note. --- swift/ql/lib/change-notes/2023-05-30-shared-sensitive.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 swift/ql/lib/change-notes/2023-05-30-shared-sensitive.md diff --git a/swift/ql/lib/change-notes/2023-05-30-shared-sensitive.md b/swift/ql/lib/change-notes/2023-05-30-shared-sensitive.md new file mode 100644 index 00000000000..03de16f4269 --- /dev/null +++ b/swift/ql/lib/change-notes/2023-05-30-shared-sensitive.md @@ -0,0 +1,4 @@ +--- +category: majorAnalysis +--- +* Incorporated the cross-language `SensitiveDataHeuristics.qll` heuristics library into the Swift `SensitiveExprs.qll` library. This adds a number of new heuristics enhancing detection from the library. \ No newline at end of file From 138bfad3d06c7ba84690f0e291721b91c9bfc174 Mon Sep 17 00:00:00 2001 From: Tamas Vajk <tamasvajk@github.com> Date: Tue, 30 May 2023 12:00:31 +0200 Subject: [PATCH 714/870] Add change note --- csharp/ql/lib/change-notes/2023-05-30-source-generators.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 csharp/ql/lib/change-notes/2023-05-30-source-generators.md diff --git a/csharp/ql/lib/change-notes/2023-05-30-source-generators.md b/csharp/ql/lib/change-notes/2023-05-30-source-generators.md new file mode 100644 index 00000000000..5483ce6af35 --- /dev/null +++ b/csharp/ql/lib/change-notes/2023-05-30-source-generators.md @@ -0,0 +1,4 @@ +--- +category: majorAnalysis +--- +* The extractor has been changed to run after the traced compiler call. This allows inspecting compiler generated files, such as the output of source generators. With this change, `.cshtml` files and their generated `.cshtml.g.cs` counterparts are extracted on dotnet 6 and above. From 560aa43953a14843f0661420c40f13c1c66b0dae Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 30 May 2023 14:20:17 +0100 Subject: [PATCH 715/870] Swift: Repair for AccountID / AccountKey. --- swift/ql/lib/codeql/swift/security/SensitiveExprs.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll index 71a250229e7..d750e673121 100644 --- a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll +++ b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll @@ -35,7 +35,7 @@ class SensitiveCredential extends SensitiveDataType, TCredential { result = HeuristicNames::maybeSensitiveRegexp(classification) ) or - result = "(?is).*(license.?key).*" + result = "(?is).*(account|accnt|license).?(id|key).*" } } From 00e4c455b5bd8750776283edd0aa97585ec28842 Mon Sep 17 00:00:00 2001 From: Taus <tausbn@github.com> Date: Tue, 30 May 2023 16:11:30 +0200 Subject: [PATCH 716/870] Update MaD Declarations after Triage --- java/ql/lib/change-notes/2023-05-30-new-models.md | 6 ++++++ java/ql/lib/ext/okhttp3.model.yml | 2 ++ 2 files changed, 8 insertions(+) create mode 100644 java/ql/lib/change-notes/2023-05-30-new-models.md diff --git a/java/ql/lib/change-notes/2023-05-30-new-models.md b/java/ql/lib/change-notes/2023-05-30-new-models.md new file mode 100644 index 00000000000..24e7563d727 --- /dev/null +++ b/java/ql/lib/change-notes/2023-05-30-new-models.md @@ -0,0 +1,6 @@ +--- +category: minorAnalysis +--- +* Added models for the following packages: + + * okhttp3 diff --git a/java/ql/lib/ext/okhttp3.model.yml b/java/ql/lib/ext/okhttp3.model.yml index 21563331656..d5f38bcee57 100644 --- a/java/ql/lib/ext/okhttp3.model.yml +++ b/java/ql/lib/ext/okhttp3.model.yml @@ -3,6 +3,8 @@ extensions: pack: codeql/java-all extensible: sinkModel data: + - ["okhttp3", "OkHttpClient", True, "newCall", "(Request)", "", "Argument[0]", "open-url", "ai-manual"] + - ["okhttp3", "OkHttpClient", True, "newWebSocket", "(Request,WebSocketListener)", "", "Argument[0]", "open-url", "ai-manual"] - ["okhttp3", "Request", True, "Request", "", "", "Argument[0]", "open-url", "manual"] - ["okhttp3", "Request$Builder", True, "url", "", "", "Argument[0]", "open-url", "manual"] - addsTo: From f00b29d3d29c0de4c0a79117f667ec987715a9ce Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen <mathiasvp@github.com> Date: Fri, 26 May 2023 12:23:56 -0700 Subject: [PATCH 717/870] C++: The small-string optimization commonly used inside 'std::string' is causing a lot of FPs. Let's exclude this for now to reduce the number of results for this query. --- .../Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql | 1 + 1 file changed, 1 insertion(+) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql index 735375870ea..aa0358a99ad 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql @@ -87,6 +87,7 @@ predicate arrayTypeHasSizes(ArrayType arr, int baseTypeSize, int arraySize) { predicate pointerArithOverflow0( PointerArithmeticInstruction pai, Field f, int size, int bound, int delta ) { + not f.getNamespace() instanceof StdNamespace and arrayTypeHasSizes(f.getUnspecifiedType(), pai.getElementSize(), size) and semBounded(getSemanticExpr(pai.getRight()), any(SemZeroBound b), bound, true, _) and delta = bound - size and From d91fa2d03810bf9234f16fb2b17f8c5069c8f8ae Mon Sep 17 00:00:00 2001 From: Arthur Baars <aibaars@github.com> Date: Tue, 30 May 2023 17:30:04 +0200 Subject: [PATCH 718/870] Ruby: add print-cfg query --- .../ql/lib/ide-contextual-queries/printCfg.ql | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 ruby/ql/lib/ide-contextual-queries/printCfg.ql diff --git a/ruby/ql/lib/ide-contextual-queries/printCfg.ql b/ruby/ql/lib/ide-contextual-queries/printCfg.ql new file mode 100644 index 00000000000..9c42fe91361 --- /dev/null +++ b/ruby/ql/lib/ide-contextual-queries/printCfg.ql @@ -0,0 +1,22 @@ +/** + * @name Print CFG + * @description Produces a representation of a file's Control Flow Graph. + * This query is used by the VS Code extension. + * @id rb/print-cfg + * @kind graph + * @tags ide-contextual-queries/print-cfg + */ + +private import codeql.ruby.controlflow.internal.ControlFlowGraphImplShared::TestOutput +private import codeql.IDEContextual + +/** + * Gets the source file to generate a CFG from. + */ +external string selectedSourceFile(); + +class MyRelevantNode extends RelevantNode { + MyRelevantNode() { + this.getScope().getLocation().getFile() = getFileBySourceArchiveName(selectedSourceFile()) + } +} From 54e011188d8b98634b44e28e923a563ebda2e9ed Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Tue, 30 May 2023 17:50:50 +0200 Subject: [PATCH 719/870] Formatting --- .../code/java/frameworks/google/GsonSerializability.qll | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll b/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll index 34a333c8b11..470847f292e 100644 --- a/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll +++ b/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll @@ -13,9 +13,7 @@ import semmle.code.java.dataflow.FlowSteps * deserialized. */ private class GsonReadValueMethod extends Method { - GsonReadValueMethod() { - this.hasQualifiedName("com.google.gson", "Gson", "fromJson") - } + GsonReadValueMethod() { this.hasQualifiedName("com.google.gson", "Gson", "fromJson") } } /** A type whose values may be deserialized by the Gson JSON framework. */ From 977263a126e190acb52fbfce90ea9ce6e3ea0b76 Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Tue, 30 May 2023 17:51:41 +0200 Subject: [PATCH 720/870] Use container flow for more precision --- java/ql/lib/ext/com.google.gson.model.yml | 24 +++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/java/ql/lib/ext/com.google.gson.model.yml b/java/ql/lib/ext/com.google.gson.model.yml index b867997c8df..96f5355b2dc 100644 --- a/java/ql/lib/ext/com.google.gson.model.yml +++ b/java/ql/lib/ext/com.google.gson.model.yml @@ -26,15 +26,19 @@ extensions: - ["com.google.gson", "JsonElement", True, "getAsJsonPrimitive", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["com.google.gson", "JsonElement", True, "getAsString", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["com.google.gson", "JsonElement", True, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] - - ["com.google.gson", "JsonArray", True, "add", "", "", "Argument[0]", "Argument[this]", "taint", "manual"] - - ["com.google.gson", "JsonArray", True, "asList", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - - ["com.google.gson", "JsonArray", True, "get", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - - ["com.google.gson", "JsonArray", True, "set", "", "", "Argument[1]", "Argument[this]", "taint", "manual"] - - ["com.google.gson", "JsonObject", True, "add", "", "", "Argument[1]", "Argument[this]", "taint", "manual"] - - ["com.google.gson", "JsonObject", True, "addProperty", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "manual"] - - ["com.google.gson", "JsonObject", True, "asMap", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - - ["com.google.gson", "JsonObject", True, "entrySet", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - - ["com.google.gson", "JsonObject", True, "get", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - - ["com.google.gson", "JsonObject", True, "keySet", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "JsonArray", True, "add", "", "", "Argument[0]", "Argument[this].Element", "value", "manual"] + - ["com.google.gson", "JsonArray", True, "asList", "", "", "Argument[this].Element", "ReturnValue.Element", "value", "manual"] + - ["com.google.gson", "JsonArray", True, "get", "", "", "Argument[this].Element", "ReturnValue", "value", "manual"] + - ["com.google.gson", "JsonArray", True, "set", "", "", "Argument[1]", "Argument[this].Element", "value", "manual"] + - ["com.google.gson", "JsonObject", True, "add", "", "", "Argument[0]", "Argument[this].MapKey", "value", "manual"] + - ["com.google.gson", "JsonObject", True, "add", "", "", "Argument[1]", "Argument[this].MapValue", "value", "manual"] + - ["com.google.gson", "JsonObject", True, "addProperty", "(String,String)", "", "Argument[0]", "Argument[this].MapKey", "value", "manual"] + - ["com.google.gson", "JsonObject", True, "addProperty", "(String,String)", "", "Argument[1]", "Argument[this].MapValue", "value", "manual"] + - ["com.google.gson", "JsonObject", True, "asMap", "", "", "Argument[this].MapKey", "ReturnValue.MapKey", "value", "manual"] + - ["com.google.gson", "JsonObject", True, "asMap", "", "", "Argument[this].MapValue", "ReturnValue.MapValue", "value", "manual"] + - ["com.google.gson", "JsonObject", True, "entrySet", "", "", "Argument[this].MapKey", "ReturnValue.Element.MapKey", "value", "manual"] + - ["com.google.gson", "JsonObject", True, "entrySet", "", "", "Argument[this].MapKey", "ReturnValue.Element.MapValue", "value", "manual"] + - ["com.google.gson", "JsonObject", True, "get", "", "", "Argument[this].MapValue", "ReturnValue", "value", "manual"] + - ["com.google.gson", "JsonObject", True, "keySet", "", "", "Argument[this].MapKey", "ReturnValue.Element", "value", "manual"] - ["com.google.gson", "JsonPrimitive", True, "JsonPrimitive", "(Character)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["com.google.gson", "JsonPrimitive", True, "JsonPrimitive", "(String)", "", "Argument[0]", "Argument[this]", "taint", "manual"] From d3d67f0fb07406242913e9443398a9fa2238c8bf Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Tue, 30 May 2023 17:52:00 +0200 Subject: [PATCH 721/870] Add tests & stubs --- .../dataflow/taint-gson/Test.java | 38 ++ .../dataflow/taint-gson/dataFlow.expected | 0 .../dataflow/taint-gson/dataFlow.ql | 2 + .../library-tests/dataflow/taint-gson/options | 1 + .../library-tests/frameworks/gson/Test.java | 468 ++++++++++++++++++ .../library-tests/frameworks/gson/options | 1 + .../frameworks/gson/test.expected | 0 .../library-tests/frameworks/gson/test.ql | 2 + .../com/google/gson/ExclusionStrategy.java | 11 + .../com/google/gson/FieldAttributes.java | 22 + .../com/google/gson/FieldNamingPolicy.java | 10 + .../com/google/gson/FieldNamingStrategy.java | 10 + .../gson-2.8.6/com/google/gson/Gson.java | 81 +-- .../com/google/gson/GsonBuilder.java | 135 ++--- .../gson-2.8.6/com/google/gson/JsonArray.java | 45 ++ .../com/google/gson/JsonElement.java | 37 ++ .../gson-2.8.6/com/google/gson/JsonNull.java | 14 + .../com/google/gson/JsonObject.java | 33 ++ .../com/google/gson/JsonPrimitive.java | 34 ++ .../google/gson/LongSerializationPolicy.java | 24 + .../google/gson/ReflectionAccessFilter.java | 18 + .../com/google/gson/ToNumberStrategy.java | 10 + .../com/google/gson/TypeAdapter.java | 137 +---- .../com/google/gson/TypeAdapterFactory.java | 30 +- .../com/google/gson/internal/Excluder.java | 25 + .../com/google/gson/reflect/TypeToken.java | 64 +-- .../com/google/gson/stream/JsonReader.java | 89 ++-- .../com/google/gson/stream/JsonToken.java | 10 + .../com/google/gson/stream/JsonWriter.java | 36 ++ 29 files changed, 1008 insertions(+), 379 deletions(-) create mode 100644 java/ql/test/library-tests/dataflow/taint-gson/Test.java create mode 100644 java/ql/test/library-tests/dataflow/taint-gson/dataFlow.expected create mode 100644 java/ql/test/library-tests/dataflow/taint-gson/dataFlow.ql create mode 100644 java/ql/test/library-tests/dataflow/taint-gson/options create mode 100644 java/ql/test/library-tests/frameworks/gson/Test.java create mode 100644 java/ql/test/library-tests/frameworks/gson/options create mode 100644 java/ql/test/library-tests/frameworks/gson/test.expected create mode 100644 java/ql/test/library-tests/frameworks/gson/test.ql create mode 100644 java/ql/test/stubs/gson-2.8.6/com/google/gson/ExclusionStrategy.java create mode 100644 java/ql/test/stubs/gson-2.8.6/com/google/gson/FieldAttributes.java create mode 100644 java/ql/test/stubs/gson-2.8.6/com/google/gson/FieldNamingPolicy.java create mode 100644 java/ql/test/stubs/gson-2.8.6/com/google/gson/FieldNamingStrategy.java create mode 100644 java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonArray.java create mode 100644 java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonElement.java create mode 100644 java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonNull.java create mode 100644 java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonObject.java create mode 100644 java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonPrimitive.java create mode 100644 java/ql/test/stubs/gson-2.8.6/com/google/gson/LongSerializationPolicy.java create mode 100644 java/ql/test/stubs/gson-2.8.6/com/google/gson/ReflectionAccessFilter.java create mode 100644 java/ql/test/stubs/gson-2.8.6/com/google/gson/ToNumberStrategy.java create mode 100644 java/ql/test/stubs/gson-2.8.6/com/google/gson/internal/Excluder.java create mode 100644 java/ql/test/stubs/gson-2.8.6/com/google/gson/stream/JsonToken.java create mode 100644 java/ql/test/stubs/gson-2.8.6/com/google/gson/stream/JsonWriter.java diff --git a/java/ql/test/library-tests/dataflow/taint-gson/Test.java b/java/ql/test/library-tests/dataflow/taint-gson/Test.java new file mode 100644 index 00000000000..82ca2388bbe --- /dev/null +++ b/java/ql/test/library-tests/dataflow/taint-gson/Test.java @@ -0,0 +1,38 @@ +import com.google.gson.Gson; + +public class Test { + public static class Potato { + private String name; + private Potato inner; + private Object object; + + private String getName() { + return name; + } + + private Potato getInner() { + return inner; + } + + private Object getObject() { + return object; + } + + } + + public static String source() { + return ""; + } + + public static void sink(Object any) {} + + public static void gsonfromJson() throws Exception { + String s = source(); + Potato tainted = new Gson().fromJson(s, Potato.class); + sink(tainted); // $ hasTaintFlow + sink(tainted.getName()); // $ hasTaintFlow + sink(tainted.getInner()); // $ hasTaintFlow + sink(tainted.getInner().getName()); // $ hasTaintFlow + sink(tainted.getObject()); // $ hasTaintFlow + } +} diff --git a/java/ql/test/library-tests/dataflow/taint-gson/dataFlow.expected b/java/ql/test/library-tests/dataflow/taint-gson/dataFlow.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/library-tests/dataflow/taint-gson/dataFlow.ql b/java/ql/test/library-tests/dataflow/taint-gson/dataFlow.ql new file mode 100644 index 00000000000..5d91e4e8e26 --- /dev/null +++ b/java/ql/test/library-tests/dataflow/taint-gson/dataFlow.ql @@ -0,0 +1,2 @@ +import java +import TestUtilities.InlineFlowTest diff --git a/java/ql/test/library-tests/dataflow/taint-gson/options b/java/ql/test/library-tests/dataflow/taint-gson/options new file mode 100644 index 00000000000..a9cce94fd94 --- /dev/null +++ b/java/ql/test/library-tests/dataflow/taint-gson/options @@ -0,0 +1 @@ +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/gson-2.8.6 diff --git a/java/ql/test/library-tests/frameworks/gson/Test.java b/java/ql/test/library-tests/frameworks/gson/Test.java new file mode 100644 index 00000000000..eb3e1e526f0 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/gson/Test.java @@ -0,0 +1,468 @@ +package generatedtest; + +import com.google.gson.Gson; +import com.google.gson.JsonArray; +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonPrimitive; +import com.google.gson.reflect.TypeToken; +import com.google.gson.stream.JsonReader; +import com.google.gson.stream.JsonWriter; +import java.io.Reader; +import java.io.Writer; +import java.lang.reflect.Type; +import java.util.List; +import java.util.Map; +import java.util.Set; + +// Test case generated by GenerateFlowTestCase.ql +public class Test { + + <K> K getMapKey(Map<K,?> map) { return map.keySet().iterator().next(); } + <T> T getElement(Iterable<T> it) { return it.iterator().next(); } + <V> V getMapValue(Map<?,V> map) { return map.get(null); } + String getMapKeyDefault(JsonObject container) { return container.keySet().iterator().next(); } + <K> K getMapKeyDefault(Map.Entry<K,?> container) { return container.getKey(); } + JsonElement getMapValueDefault(JsonObject container) { return container.get(null); } + <V> V getMapValueDefault(Map.Entry<?,V> container) { return container.getValue(); } + JsonArray newWithElementDefault(String element) { JsonArray a = new JsonArray(); a.add(element); return a; } + JsonObject newWithMapKeyDefault(String key) { JsonObject o = new JsonObject(); o.add(key, (JsonElement) null); return o; } + JsonObject newWithMapValueDefault(JsonElement element) { JsonObject o = new JsonObject(); o.add(null, element); return o; } + Object source() { return null; } + void sink(Object o) { } + + public void test() throws Exception { + + { + // "com.google.gson.stream;JsonReader;false;nextName;;;Argument[this];ReturnValue;taint;manual" + String out = null; + JsonReader in = (JsonReader)source(); + out = in.nextName(); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson.stream;JsonReader;false;nextString;;;Argument[this];ReturnValue;taint;manual" + String out = null; + JsonReader in = (JsonReader)source(); + out = in.nextString(); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;Gson;false;fromJson;;;Argument[0];ReturnValue;taint;manual" + Object out = null; + JsonElement in = (JsonElement)source(); + Gson instance = null; + out = instance.fromJson(in, (Class)null); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;Gson;false;fromJson;;;Argument[0];ReturnValue;taint;manual" + Object out = null; + JsonElement in = (JsonElement)source(); + Gson instance = null; + out = instance.fromJson(in, (Type)null); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;Gson;false;fromJson;;;Argument[0];ReturnValue;taint;manual" + Object out = null; + JsonElement in = (JsonElement)source(); + Gson instance = null; + out = instance.fromJson(in, (TypeToken)null); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;Gson;false;fromJson;;;Argument[0];ReturnValue;taint;manual" + Object out = null; + JsonReader in = (JsonReader)source(); + Gson instance = null; + out = instance.fromJson(in, (Type)null); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;Gson;false;fromJson;;;Argument[0];ReturnValue;taint;manual" + Object out = null; + JsonReader in = (JsonReader)source(); + Gson instance = null; + out = instance.fromJson(in, (TypeToken)null); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;Gson;false;fromJson;;;Argument[0];ReturnValue;taint;manual" + Object out = null; + Reader in = (Reader)source(); + Gson instance = null; + out = instance.fromJson(in, (Class)null); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;Gson;false;fromJson;;;Argument[0];ReturnValue;taint;manual" + Object out = null; + Reader in = (Reader)source(); + Gson instance = null; + out = instance.fromJson(in, (Type)null); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;Gson;false;fromJson;;;Argument[0];ReturnValue;taint;manual" + Object out = null; + Reader in = (Reader)source(); + Gson instance = null; + out = instance.fromJson(in, (TypeToken)null); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;Gson;false;fromJson;;;Argument[0];ReturnValue;taint;manual" + Object out = null; + String in = (String)source(); + Gson instance = null; + out = instance.fromJson(in, (Class)null); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;Gson;false;fromJson;;;Argument[0];ReturnValue;taint;manual" + Object out = null; + String in = (String)source(); + Gson instance = null; + out = instance.fromJson(in, (Type)null); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;Gson;false;fromJson;;;Argument[0];ReturnValue;taint;manual" + Object out = null; + String in = (String)source(); + Gson instance = null; + out = instance.fromJson(in, (TypeToken)null); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;Gson;false;newJsonReader;;;Argument[0];ReturnValue;taint;manual" + JsonReader out = null; + Reader in = (Reader)source(); + Gson instance = null; + out = instance.newJsonReader(in); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;Gson;false;newJsonWriter;;;Argument[0];ReturnValue;taint;manual" + JsonWriter out = null; + Writer in = (Writer)source(); + Gson instance = null; + out = instance.newJsonWriter(in); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;Gson;false;toJson;(JsonElement);;Argument[0];ReturnValue;taint;manual" + String out = null; + JsonElement in = (JsonElement)source(); + Gson instance = null; + out = instance.toJson(in); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;Gson;false;toJson;(JsonElement,Appendable);;Argument[0];Argument[1];taint;manual" + Appendable out = null; + JsonElement in = (JsonElement)source(); + Gson instance = null; + instance.toJson(in, out); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;Gson;false;toJson;(JsonElement,JsonWriter);;Argument[0];Argument[1];taint;manual" + JsonWriter out = null; + JsonElement in = (JsonElement)source(); + Gson instance = null; + instance.toJson(in, out); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;Gson;false;toJson;(Object);;Argument[0];ReturnValue;taint;manual" + String out = null; + Object in = (Object)source(); + Gson instance = null; + out = instance.toJson(in); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;Gson;false;toJson;(Object,Appendable);;Argument[0];Argument[1];taint;manual" + Appendable out = null; + Object in = (Object)source(); + Gson instance = null; + instance.toJson(in, out); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;Gson;false;toJson;(Object,Type);;Argument[0];ReturnValue;taint;manual" + String out = null; + Object in = (Object)source(); + Gson instance = null; + out = instance.toJson(in, (Type)null); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;Gson;false;toJson;(Object,Type,Appendable);;Argument[0];Argument[2];taint;manual" + Appendable out = null; + Object in = (Object)source(); + Gson instance = null; + instance.toJson(in, (Type)null, out); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;Gson;false;toJson;(Object,Type,JsonWriter);;Argument[0];Argument[2];taint;manual" + JsonWriter out = null; + Object in = (Object)source(); + Gson instance = null; + instance.toJson(in, (Type)null, out); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;Gson;false;toJsonTree;(Object);;Argument[0];ReturnValue;taint;manual" + JsonElement out = null; + Object in = (Object)source(); + Gson instance = null; + out = instance.toJsonTree(in); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;Gson;false;toJsonTree;(Object,Type);;Argument[0];ReturnValue;taint;manual" + JsonElement out = null; + Object in = (Object)source(); + Gson instance = null; + out = instance.toJsonTree(in, null); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;JsonArray;true;add;;;Argument[0];Argument[this].Element;value;manual" + JsonArray out = null; + Boolean in = (Boolean)source(); + out.add(in); + sink(getElement(out)); // $ hasValueFlow + } + { + // "com.google.gson;JsonArray;true;add;;;Argument[0];Argument[this].Element;value;manual" + JsonArray out = null; + Character in = (Character)source(); + out.add(in); + sink(getElement(out)); // $ hasValueFlow + } + { + // "com.google.gson;JsonArray;true;add;;;Argument[0];Argument[this].Element;value;manual" + JsonArray out = null; + JsonElement in = (JsonElement)source(); + out.add(in); + sink(getElement(out)); // $ hasValueFlow + } + { + // "com.google.gson;JsonArray;true;add;;;Argument[0];Argument[this].Element;value;manual" + JsonArray out = null; + Number in = (Number)source(); + out.add(in); + sink(getElement(out)); // $ hasValueFlow + } + { + // "com.google.gson;JsonArray;true;add;;;Argument[0];Argument[this].Element;value;manual" + JsonArray out = null; + String in = (String)source(); + out.add(in); + sink(getElement(out)); // $ hasValueFlow + } + { + // "com.google.gson;JsonArray;true;asList;;;Argument[this].Element;ReturnValue.Element;value;manual" + List out = null; + JsonArray in = (JsonArray)newWithElementDefault((String) source()); + out = in.asList(); + sink(getElement(out)); // $ hasValueFlow + } + { + // "com.google.gson;JsonArray;true;get;;;Argument[this].Element;ReturnValue;value;manual" + JsonElement out = null; + JsonArray in = (JsonArray)newWithElementDefault((String) source()); + out = in.get(0); + sink(out); // $ hasValueFlow + } + { + // "com.google.gson;JsonArray;true;set;;;Argument[1];Argument[this].Element;value;manual" + JsonArray out = null; + JsonElement in = (JsonElement)source(); + out.set(0, in); + sink(getElement(out)); // $ hasValueFlow + } + { + // "com.google.gson;JsonElement;true;getAsByte;();;Argument[this];ReturnValue;taint;manual" + byte out = 0; + JsonArray in = (JsonArray)source(); + out = in.getAsByte(); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;JsonElement;true;getAsByte;();;Argument[this];ReturnValue;taint;manual" + byte out = 0; + JsonElement in = (JsonElement)source(); + out = in.getAsByte(); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;JsonElement;true;getAsByte;();;Argument[this];ReturnValue;taint;manual" + byte out = 0; + JsonPrimitive in = (JsonPrimitive)source(); + out = in.getAsByte(); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;JsonElement;true;getAsCharacter;();;Argument[this];ReturnValue;taint;manual" + char out = 'a'; + JsonArray in = (JsonArray)source(); + out = in.getAsCharacter(); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;JsonElement;true;getAsCharacter;();;Argument[this];ReturnValue;taint;manual" + char out = 'a'; + JsonElement in = (JsonElement)source(); + out = in.getAsCharacter(); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;JsonElement;true;getAsCharacter;();;Argument[this];ReturnValue;taint;manual" + char out = 'a'; + JsonPrimitive in = (JsonPrimitive)source(); + out = in.getAsCharacter(); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;JsonElement;true;getAsJsonArray;();;Argument[this];ReturnValue;taint;manual" + JsonArray out = null; + JsonElement in = (JsonElement)source(); + out = in.getAsJsonArray(); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;JsonElement;true;getAsJsonObject;();;Argument[this];ReturnValue;taint;manual" + JsonObject out = null; + JsonElement in = (JsonElement)source(); + out = in.getAsJsonObject(); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;JsonElement;true;getAsJsonPrimitive;();;Argument[this];ReturnValue;taint;manual" + JsonPrimitive out = null; + JsonElement in = (JsonElement)source(); + out = in.getAsJsonPrimitive(); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;JsonElement;true;getAsString;();;Argument[this];ReturnValue;taint;manual" + String out = null; + JsonArray in = (JsonArray)source(); + out = in.getAsString(); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;JsonElement;true;getAsString;();;Argument[this];ReturnValue;taint;manual" + String out = null; + JsonElement in = (JsonElement)source(); + out = in.getAsString(); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;JsonElement;true;getAsString;();;Argument[this];ReturnValue;taint;manual" + String out = null; + JsonPrimitive in = (JsonPrimitive)source(); + out = in.getAsString(); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;JsonElement;true;toString;();;Argument[this];ReturnValue;taint;manual" + String out = null; + JsonElement in = (JsonElement)source(); + out = in.toString(); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;JsonObject;true;add;;;Argument[0];Argument[this].MapKey;value;manual" + JsonObject out = null; + String in = (String)source(); + out.add(in, null); + sink(getMapKeyDefault(out)); // $ hasValueFlow + } + { + // "com.google.gson;JsonObject;true;add;;;Argument[1];Argument[this].MapValue;value;manual" + JsonObject out = null; + JsonElement in = (JsonElement)source(); + out.add(null, in); + sink(getMapValueDefault(out)); // $ hasValueFlow + } + { + // "com.google.gson;JsonObject;true;addProperty;(String,String);;Argument[0];Argument[this].MapKey;value;manual" + JsonObject out = null; + String in = (String)source(); + out.addProperty(in, (String)null); + sink(getMapKeyDefault(out)); // $ hasValueFlow + } + { + // "com.google.gson;JsonObject;true;addProperty;(String,String);;Argument[1];Argument[this].MapValue;value;manual" + JsonObject out = null; + String in = (String)source(); + out.addProperty((String)null, in); + sink(getMapValueDefault(out)); // $ hasValueFlow + } + { + // "com.google.gson;JsonObject;true;asMap;;;Argument[this].MapKey;ReturnValue.MapKey;value;manual" + Map out = null; + JsonObject in = (JsonObject)newWithMapKeyDefault((String) source()); + out = in.asMap(); + sink(getMapKey(out)); // $ hasValueFlow + } + { + // "com.google.gson;JsonObject;true;asMap;;;Argument[this].MapValue;ReturnValue.MapValue;value;manual" + Map out = null; + JsonObject in = (JsonObject)newWithMapValueDefault((JsonElement) source()); + out = in.asMap(); + sink(getMapValue(out)); // $ hasValueFlow + } + { + // "com.google.gson;JsonObject;true;entrySet;;;Argument[this].MapKey;ReturnValue.Element.MapKey;value;manual" + Set<Map.Entry<String,JsonElement>> out = null; + JsonObject in = (JsonObject)newWithMapKeyDefault((String) source()); + out = in.entrySet(); + sink(getMapKeyDefault(getElement(out))); // $ hasValueFlow + } + { + // "com.google.gson;JsonObject;true;entrySet;;;Argument[this].MapKey;ReturnValue.Element.MapValue;value;manual" + Set<Map.Entry<String,JsonElement>> out = null; + JsonObject in = (JsonObject) newWithMapKeyDefault((String) source()); + out = in.entrySet(); + sink(getMapValueDefault(getElement(out))); // $ hasValueFlow + } + { + // "com.google.gson;JsonObject;true;get;;;Argument[this].MapValue;ReturnValue;value;manual" + JsonElement out = null; + JsonObject in = (JsonObject)newWithMapValueDefault((JsonElement) source()); + out = in.get(null); + sink(out); // $ hasValueFlow + } + { + // "com.google.gson;JsonObject;true;keySet;;;Argument[this].MapKey;ReturnValue.Element;value;manual" + Set out = null; + JsonObject in = (JsonObject)newWithMapKeyDefault((String) source()); + out = in.keySet(); + sink(getElement(out)); // $ hasValueFlow + } + { + // "com.google.gson;JsonPrimitive;true;JsonPrimitive;(Character);;Argument[0];Argument[this];taint;manual" + JsonPrimitive out = null; + Character in = (Character)source(); + out = new JsonPrimitive(in); + sink(out); // $ hasTaintFlow + } + { + // "com.google.gson;JsonPrimitive;true;JsonPrimitive;(String);;Argument[0];Argument[this];taint;manual" + JsonPrimitive out = null; + String in = (String)source(); + out = new JsonPrimitive(in); + sink(out); // $ hasTaintFlow + } + + } + +} \ No newline at end of file diff --git a/java/ql/test/library-tests/frameworks/gson/options b/java/ql/test/library-tests/frameworks/gson/options new file mode 100644 index 00000000000..a9cce94fd94 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/gson/options @@ -0,0 +1 @@ +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/gson-2.8.6 diff --git a/java/ql/test/library-tests/frameworks/gson/test.expected b/java/ql/test/library-tests/frameworks/gson/test.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/library-tests/frameworks/gson/test.ql b/java/ql/test/library-tests/frameworks/gson/test.ql new file mode 100644 index 00000000000..5d91e4e8e26 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/gson/test.ql @@ -0,0 +1,2 @@ +import java +import TestUtilities.InlineFlowTest diff --git a/java/ql/test/stubs/gson-2.8.6/com/google/gson/ExclusionStrategy.java b/java/ql/test/stubs/gson-2.8.6/com/google/gson/ExclusionStrategy.java new file mode 100644 index 00000000000..a1cac336243 --- /dev/null +++ b/java/ql/test/stubs/gson-2.8.6/com/google/gson/ExclusionStrategy.java @@ -0,0 +1,11 @@ +// Generated automatically from com.google.gson.ExclusionStrategy for testing purposes + +package com.google.gson; + +import com.google.gson.FieldAttributes; + +public interface ExclusionStrategy +{ + boolean shouldSkipClass(Class<? extends Object> p0); + boolean shouldSkipField(FieldAttributes p0); +} diff --git a/java/ql/test/stubs/gson-2.8.6/com/google/gson/FieldAttributes.java b/java/ql/test/stubs/gson-2.8.6/com/google/gson/FieldAttributes.java new file mode 100644 index 00000000000..1db8d794976 --- /dev/null +++ b/java/ql/test/stubs/gson-2.8.6/com/google/gson/FieldAttributes.java @@ -0,0 +1,22 @@ +// Generated automatically from com.google.gson.FieldAttributes for testing purposes + +package com.google.gson; + +import java.lang.annotation.Annotation; +import java.lang.reflect.Field; +import java.lang.reflect.Type; +import java.util.Collection; + +public class FieldAttributes +{ + protected FieldAttributes() {} + public <T extends Annotation> T getAnnotation(java.lang.Class<T> p0){ return null; } + public Class<? extends Object> getDeclaredClass(){ return null; } + public Class<? extends Object> getDeclaringClass(){ return null; } + public Collection<Annotation> getAnnotations(){ return null; } + public FieldAttributes(Field p0){} + public String getName(){ return null; } + public String toString(){ return null; } + public Type getDeclaredType(){ return null; } + public boolean hasModifier(int p0){ return false; } +} diff --git a/java/ql/test/stubs/gson-2.8.6/com/google/gson/FieldNamingPolicy.java b/java/ql/test/stubs/gson-2.8.6/com/google/gson/FieldNamingPolicy.java new file mode 100644 index 00000000000..465703ae28a --- /dev/null +++ b/java/ql/test/stubs/gson-2.8.6/com/google/gson/FieldNamingPolicy.java @@ -0,0 +1,10 @@ +// Generated automatically from com.google.gson.FieldNamingPolicy for testing purposes + +package com.google.gson; + + +public enum FieldNamingPolicy { + IDENTITY, LOWER_CASE_WITH_DASHES, LOWER_CASE_WITH_DOTS, LOWER_CASE_WITH_UNDERSCORES, UPPER_CAMEL_CASE, UPPER_CAMEL_CASE_WITH_SPACES, UPPER_CASE_WITH_UNDERSCORES; + + private FieldNamingPolicy() {} +} diff --git a/java/ql/test/stubs/gson-2.8.6/com/google/gson/FieldNamingStrategy.java b/java/ql/test/stubs/gson-2.8.6/com/google/gson/FieldNamingStrategy.java new file mode 100644 index 00000000000..bb3ad76d598 --- /dev/null +++ b/java/ql/test/stubs/gson-2.8.6/com/google/gson/FieldNamingStrategy.java @@ -0,0 +1,10 @@ +// Generated automatically from com.google.gson.FieldNamingStrategy for testing purposes + +package com.google.gson; + +import java.lang.reflect.Field; + +public interface FieldNamingStrategy +{ + String translateName(Field p0); +} diff --git a/java/ql/test/stubs/gson-2.8.6/com/google/gson/Gson.java b/java/ql/test/stubs/gson-2.8.6/com/google/gson/Gson.java index a269763665b..61c29245d15 100644 --- a/java/ql/test/stubs/gson-2.8.6/com/google/gson/Gson.java +++ b/java/ql/test/stubs/gson-2.8.6/com/google/gson/Gson.java @@ -1,38 +1,53 @@ +// Generated automatically from com.google.gson.Gson for testing purposes + package com.google.gson; -import java.lang.reflect.Type; -import java.io.Reader; +import com.google.gson.FieldNamingStrategy; +import com.google.gson.GsonBuilder; +import com.google.gson.JsonElement; +import com.google.gson.TypeAdapter; +import com.google.gson.TypeAdapterFactory; +import com.google.gson.internal.Excluder; +import com.google.gson.reflect.TypeToken; import com.google.gson.stream.JsonReader; +import com.google.gson.stream.JsonWriter; +import java.io.Reader; +import java.io.Writer; +import java.lang.reflect.Type; -public final class Gson { - public Gson() { - } - - public String toJson(Object src) { - return null; - } - - public String toJson(Object src, Type typeOfSrc) { - return null; - } - - public <T> T fromJson(String json, Class<T> classOfT) throws JsonSyntaxException { - return null; - } - - public <T> T fromJson(String json, Type typeOfT) throws JsonSyntaxException { - return null; - } - - public <T> T fromJson(Reader json, Class<T> classOfT) throws JsonSyntaxException, JsonIOException { - return null; - } - - public <T> T fromJson(Reader json, Type typeOfT) throws JsonIOException, JsonSyntaxException { - return null; - } - - public <T> T fromJson(JsonReader reader, Type typeOfT) throws JsonIOException, JsonSyntaxException { - return null; - } +public class Gson +{ + public <T> T fromJson(JsonElement p0, Type p1){ return null; } + public <T> T fromJson(JsonElement p0, com.google.gson.reflect.TypeToken<T> p1){ return null; } + public <T> T fromJson(JsonElement p0, java.lang.Class<T> p1){ return null; } + public <T> T fromJson(JsonReader p0, Type p1){ return null; } + public <T> T fromJson(JsonReader p0, com.google.gson.reflect.TypeToken<T> p1){ return null; } + public <T> T fromJson(Reader p0, Type p1){ return null; } + public <T> T fromJson(Reader p0, com.google.gson.reflect.TypeToken<T> p1){ return null; } + public <T> T fromJson(Reader p0, java.lang.Class<T> p1){ return null; } + public <T> T fromJson(String p0, Type p1){ return null; } + public <T> T fromJson(String p0, com.google.gson.reflect.TypeToken<T> p1){ return null; } + public <T> T fromJson(String p0, java.lang.Class<T> p1){ return null; } + public <T> com.google.gson.TypeAdapter<T> getAdapter(com.google.gson.reflect.TypeToken<T> p0){ return null; } + public <T> com.google.gson.TypeAdapter<T> getAdapter(java.lang.Class<T> p0){ return null; } + public <T> com.google.gson.TypeAdapter<T> getDelegateAdapter(TypeAdapterFactory p0, com.google.gson.reflect.TypeToken<T> p1){ return null; } + public Excluder excluder(){ return null; } + public FieldNamingStrategy fieldNamingStrategy(){ return null; } + public Gson(){} + public GsonBuilder newBuilder(){ return null; } + public JsonElement toJsonTree(Object p0){ return null; } + public JsonElement toJsonTree(Object p0, Type p1){ return null; } + public JsonReader newJsonReader(Reader p0){ return null; } + public JsonWriter newJsonWriter(Writer p0){ return null; } + public String toJson(JsonElement p0){ return null; } + public String toJson(Object p0){ return null; } + public String toJson(Object p0, Type p1){ return null; } + public String toString(){ return null; } + public boolean htmlSafe(){ return false; } + public boolean serializeNulls(){ return false; } + public void toJson(JsonElement p0, Appendable p1){} + public void toJson(JsonElement p0, JsonWriter p1){} + public void toJson(Object p0, Appendable p1){} + public void toJson(Object p0, Type p1, Appendable p2){} + public void toJson(Object p0, Type p1, JsonWriter p2){} } diff --git a/java/ql/test/stubs/gson-2.8.6/com/google/gson/GsonBuilder.java b/java/ql/test/stubs/gson-2.8.6/com/google/gson/GsonBuilder.java index 3853cb40356..33d656b7bd7 100644 --- a/java/ql/test/stubs/gson-2.8.6/com/google/gson/GsonBuilder.java +++ b/java/ql/test/stubs/gson-2.8.6/com/google/gson/GsonBuilder.java @@ -1,99 +1,46 @@ -/* - * Copyright (C) 2008 Google Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +// Generated automatically from com.google.gson.GsonBuilder for testing purposes package com.google.gson; +import com.google.gson.ExclusionStrategy; +import com.google.gson.FieldNamingPolicy; +import com.google.gson.FieldNamingStrategy; +import com.google.gson.Gson; +import com.google.gson.LongSerializationPolicy; +import com.google.gson.ReflectionAccessFilter; +import com.google.gson.ToNumberStrategy; +import com.google.gson.TypeAdapterFactory; import java.lang.reflect.Type; -public final class GsonBuilder { - /** - * Creates a GsonBuilder instance that can be used to build Gson with various configuration - * settings. GsonBuilder follows the builder pattern, and it is typically used by first - * invoking various configuration methods to set desired options, and finally calling - * {@link #create()}. - */ - public GsonBuilder() { - } - - /** - * Constructs a GsonBuilder instance from a Gson instance. The newly constructed GsonBuilder - * has the same configuration as the previously built Gson instance. - * - * @param gson the gson instance whose configuration should by applied to a new GsonBuilder. - */ - GsonBuilder(Gson gson) { - } - - /** - * Configures Gson for custom serialization or deserialization. This method combines the - * registration of an {@link TypeAdapter}, {@link InstanceCreator}, {@link JsonSerializer}, and a - * {@link JsonDeserializer}. It is best used when a single object {@code typeAdapter} implements - * all the required interfaces for custom serialization with Gson. If a type adapter was - * previously registered for the specified {@code type}, it is overwritten. - * - * <p>This registers the type specified and no other types: you must manually register related - * types! For example, applications registering {@code boolean.class} should also register {@code - * Boolean.class}. - * - * @param type the type definition for the type adapter being registered - * @param typeAdapter This object must implement at least one of the {@link TypeAdapter}, - * {@link InstanceCreator}, {@link JsonSerializer}, and a {@link JsonDeserializer} interfaces. - * @return a reference to this {@code GsonBuilder} object to fulfill the "Builder" pattern - */ - public GsonBuilder registerTypeAdapter(Type type, Object typeAdapter) { - return null; - } - - /** - * Register a factory for type adapters. Registering a factory is useful when the type - * adapter needs to be configured based on the type of the field being processed. Gson - * is designed to handle a large number of factories, so you should consider registering - * them to be at par with registering an individual type adapter. - * - * @since 2.1 - */ - public GsonBuilder registerTypeAdapterFactory(TypeAdapterFactory factory) { - return null; - } - - /** - * Configures Gson for custom serialization or deserialization for an inheritance type hierarchy. - * This method combines the registration of a {@link TypeAdapter}, {@link JsonSerializer} and - * a {@link JsonDeserializer}. If a type adapter was previously registered for the specified - * type hierarchy, it is overridden. If a type adapter is registered for a specific type in - * the type hierarchy, it will be invoked instead of the one registered for the type hierarchy. - * - * @param baseType the class definition for the type adapter being registered for the base class - * or interface - * @param typeAdapter This object must implement at least one of {@link TypeAdapter}, - * {@link JsonSerializer} or {@link JsonDeserializer} interfaces. - * @return a reference to this {@code GsonBuilder} object to fulfill the "Builder" pattern - * @since 1.7 - */ - public GsonBuilder registerTypeHierarchyAdapter(Class<?> baseType, Object typeAdapter) { - return null; - } - - /** - * Creates a {@link Gson} instance based on the current configuration. This method is free of - * side-effects to this {@code GsonBuilder} instance and hence can be called multiple times. - * - * @return an instance of Gson configured with the options currently set in this builder - */ - public Gson create() { - return null; - } -} \ No newline at end of file +public class GsonBuilder +{ + public Gson create(){ return null; } + public GsonBuilder addDeserializationExclusionStrategy(ExclusionStrategy p0){ return null; } + public GsonBuilder addReflectionAccessFilter(ReflectionAccessFilter p0){ return null; } + public GsonBuilder addSerializationExclusionStrategy(ExclusionStrategy p0){ return null; } + public GsonBuilder disableHtmlEscaping(){ return null; } + public GsonBuilder disableInnerClassSerialization(){ return null; } + public GsonBuilder disableJdkUnsafe(){ return null; } + public GsonBuilder enableComplexMapKeySerialization(){ return null; } + public GsonBuilder excludeFieldsWithModifiers(int... p0){ return null; } + public GsonBuilder excludeFieldsWithoutExposeAnnotation(){ return null; } + public GsonBuilder generateNonExecutableJson(){ return null; } + public GsonBuilder registerTypeAdapter(Type p0, Object p1){ return null; } + public GsonBuilder registerTypeAdapterFactory(TypeAdapterFactory p0){ return null; } + public GsonBuilder registerTypeHierarchyAdapter(Class<? extends Object> p0, Object p1){ return null; } + public GsonBuilder serializeNulls(){ return null; } + public GsonBuilder serializeSpecialFloatingPointValues(){ return null; } + public GsonBuilder setDateFormat(String p0){ return null; } + public GsonBuilder setDateFormat(int p0){ return null; } + public GsonBuilder setDateFormat(int p0, int p1){ return null; } + public GsonBuilder setExclusionStrategies(ExclusionStrategy... p0){ return null; } + public GsonBuilder setFieldNamingPolicy(FieldNamingPolicy p0){ return null; } + public GsonBuilder setFieldNamingStrategy(FieldNamingStrategy p0){ return null; } + public GsonBuilder setLenient(){ return null; } + public GsonBuilder setLongSerializationPolicy(LongSerializationPolicy p0){ return null; } + public GsonBuilder setNumberToNumberStrategy(ToNumberStrategy p0){ return null; } + public GsonBuilder setObjectToNumberStrategy(ToNumberStrategy p0){ return null; } + public GsonBuilder setPrettyPrinting(){ return null; } + public GsonBuilder setVersion(double p0){ return null; } + public GsonBuilder(){} +} diff --git a/java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonArray.java b/java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonArray.java new file mode 100644 index 00000000000..c4fbae6bc1f --- /dev/null +++ b/java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonArray.java @@ -0,0 +1,45 @@ +// Generated automatically from com.google.gson.JsonArray for testing purposes + +package com.google.gson; + +import com.google.gson.JsonElement; +import java.math.BigDecimal; +import java.math.BigInteger; +import java.util.Iterator; +import java.util.List; + +public class JsonArray extends JsonElement implements Iterable<JsonElement> +{ + public BigDecimal getAsBigDecimal(){ return null; } + public BigInteger getAsBigInteger(){ return null; } + public Iterator<JsonElement> iterator(){ return null; } + public JsonArray deepCopy(){ return null; } + public JsonArray(){} + public JsonArray(int p0){} + public JsonElement get(int p0){ return null; } + public JsonElement remove(int p0){ return null; } + public JsonElement set(int p0, JsonElement p1){ return null; } + public List<JsonElement> asList(){ return null; } + public Number getAsNumber(){ return null; } + public String getAsString(){ return null; } + public boolean contains(JsonElement p0){ return false; } + public boolean equals(Object p0){ return false; } + public boolean getAsBoolean(){ return false; } + public boolean isEmpty(){ return false; } + public boolean remove(JsonElement p0){ return false; } + public byte getAsByte(){ return 0; } + public char getAsCharacter(){ return '0'; } + public double getAsDouble(){ return 0; } + public float getAsFloat(){ return 0; } + public int getAsInt(){ return 0; } + public int hashCode(){ return 0; } + public int size(){ return 0; } + public long getAsLong(){ return 0; } + public short getAsShort(){ return 0; } + public void add(Boolean p0){} + public void add(Character p0){} + public void add(JsonElement p0){} + public void add(Number p0){} + public void add(String p0){} + public void addAll(JsonArray p0){} +} diff --git a/java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonElement.java b/java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonElement.java new file mode 100644 index 00000000000..592fce2b672 --- /dev/null +++ b/java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonElement.java @@ -0,0 +1,37 @@ +// Generated automatically from com.google.gson.JsonElement for testing purposes + +package com.google.gson; + +import com.google.gson.JsonArray; +import com.google.gson.JsonNull; +import com.google.gson.JsonObject; +import com.google.gson.JsonPrimitive; +import java.math.BigDecimal; +import java.math.BigInteger; + +abstract public class JsonElement +{ + public BigDecimal getAsBigDecimal(){ return null; } + public BigInteger getAsBigInteger(){ return null; } + public JsonArray getAsJsonArray(){ return null; } + public JsonElement(){} + public JsonNull getAsJsonNull(){ return null; } + public JsonObject getAsJsonObject(){ return null; } + public JsonPrimitive getAsJsonPrimitive(){ return null; } + public Number getAsNumber(){ return null; } + public String getAsString(){ return null; } + public String toString(){ return null; } + public abstract JsonElement deepCopy(); + public boolean getAsBoolean(){ return false; } + public boolean isJsonArray(){ return false; } + public boolean isJsonNull(){ return false; } + public boolean isJsonObject(){ return false; } + public boolean isJsonPrimitive(){ return false; } + public byte getAsByte(){ return 0; } + public char getAsCharacter(){ return '0'; } + public double getAsDouble(){ return 0; } + public float getAsFloat(){ return 0; } + public int getAsInt(){ return 0; } + public long getAsLong(){ return 0; } + public short getAsShort(){ return 0; } +} diff --git a/java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonNull.java b/java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonNull.java new file mode 100644 index 00000000000..e38275991eb --- /dev/null +++ b/java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonNull.java @@ -0,0 +1,14 @@ +// Generated automatically from com.google.gson.JsonNull for testing purposes + +package com.google.gson; + +import com.google.gson.JsonElement; + +public class JsonNull extends JsonElement +{ + public JsonNull deepCopy(){ return null; } + public JsonNull(){} + public boolean equals(Object p0){ return false; } + public int hashCode(){ return 0; } + public static JsonNull INSTANCE = null; +} diff --git a/java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonObject.java b/java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonObject.java new file mode 100644 index 00000000000..a37b5455b51 --- /dev/null +++ b/java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonObject.java @@ -0,0 +1,33 @@ +// Generated automatically from com.google.gson.JsonObject for testing purposes + +package com.google.gson; + +import com.google.gson.JsonArray; +import com.google.gson.JsonElement; +import com.google.gson.JsonPrimitive; +import java.util.Map; +import java.util.Set; + +public class JsonObject extends JsonElement +{ + public JsonArray getAsJsonArray(String p0){ return null; } + public JsonElement get(String p0){ return null; } + public JsonElement remove(String p0){ return null; } + public JsonObject deepCopy(){ return null; } + public JsonObject getAsJsonObject(String p0){ return null; } + public JsonObject(){} + public JsonPrimitive getAsJsonPrimitive(String p0){ return null; } + public Map<String, JsonElement> asMap(){ return null; } + public Set<Map.Entry<String, JsonElement>> entrySet(){ return null; } + public Set<String> keySet(){ return null; } + public boolean equals(Object p0){ return false; } + public boolean has(String p0){ return false; } + public boolean isEmpty(){ return false; } + public int hashCode(){ return 0; } + public int size(){ return 0; } + public void add(String p0, JsonElement p1){} + public void addProperty(String p0, Boolean p1){} + public void addProperty(String p0, Character p1){} + public void addProperty(String p0, Number p1){} + public void addProperty(String p0, String p1){} +} diff --git a/java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonPrimitive.java b/java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonPrimitive.java new file mode 100644 index 00000000000..21ec07c4246 --- /dev/null +++ b/java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonPrimitive.java @@ -0,0 +1,34 @@ +// Generated automatically from com.google.gson.JsonPrimitive for testing purposes + +package com.google.gson; + +import com.google.gson.JsonElement; +import java.math.BigDecimal; +import java.math.BigInteger; + +public class JsonPrimitive extends JsonElement +{ + protected JsonPrimitive() {} + public BigDecimal getAsBigDecimal(){ return null; } + public BigInteger getAsBigInteger(){ return null; } + public JsonPrimitive deepCopy(){ return null; } + public JsonPrimitive(Boolean p0){} + public JsonPrimitive(Character p0){} + public JsonPrimitive(Number p0){} + public JsonPrimitive(String p0){} + public Number getAsNumber(){ return null; } + public String getAsString(){ return null; } + public boolean equals(Object p0){ return false; } + public boolean getAsBoolean(){ return false; } + public boolean isBoolean(){ return false; } + public boolean isNumber(){ return false; } + public boolean isString(){ return false; } + public byte getAsByte(){ return 0; } + public char getAsCharacter(){ return '0'; } + public double getAsDouble(){ return 0; } + public float getAsFloat(){ return 0; } + public int getAsInt(){ return 0; } + public int hashCode(){ return 0; } + public long getAsLong(){ return 0; } + public short getAsShort(){ return 0; } +} diff --git a/java/ql/test/stubs/gson-2.8.6/com/google/gson/LongSerializationPolicy.java b/java/ql/test/stubs/gson-2.8.6/com/google/gson/LongSerializationPolicy.java new file mode 100644 index 00000000000..0452deec4b9 --- /dev/null +++ b/java/ql/test/stubs/gson-2.8.6/com/google/gson/LongSerializationPolicy.java @@ -0,0 +1,24 @@ +// Generated automatically from com.google.gson.LongSerializationPolicy for testing purposes + +package com.google.gson; + +import com.google.gson.JsonElement; + +public enum LongSerializationPolicy { + DEFAULT { + @Override + public JsonElement serialize(Long p0) { + return null; + } + }, + STRING { + @Override + public JsonElement serialize(Long p0) { + return null; + } + }; + + private LongSerializationPolicy() {} + + public abstract JsonElement serialize(Long p0); +} diff --git a/java/ql/test/stubs/gson-2.8.6/com/google/gson/ReflectionAccessFilter.java b/java/ql/test/stubs/gson-2.8.6/com/google/gson/ReflectionAccessFilter.java new file mode 100644 index 00000000000..ff91f103f62 --- /dev/null +++ b/java/ql/test/stubs/gson-2.8.6/com/google/gson/ReflectionAccessFilter.java @@ -0,0 +1,18 @@ +// Generated automatically from com.google.gson.ReflectionAccessFilter for testing purposes + +package com.google.gson; + + +public interface ReflectionAccessFilter +{ + ReflectionAccessFilter.FilterResult check(Class<? extends Object> p0); + static ReflectionAccessFilter BLOCK_ALL_ANDROID = null; + static ReflectionAccessFilter BLOCK_ALL_JAVA = null; + static ReflectionAccessFilter BLOCK_ALL_PLATFORM = null; + static ReflectionAccessFilter BLOCK_INACCESSIBLE_JAVA = null; + static public enum FilterResult + { + ALLOW, BLOCK_ALL, BLOCK_INACCESSIBLE, INDECISIVE; + private FilterResult() {} + } +} diff --git a/java/ql/test/stubs/gson-2.8.6/com/google/gson/ToNumberStrategy.java b/java/ql/test/stubs/gson-2.8.6/com/google/gson/ToNumberStrategy.java new file mode 100644 index 00000000000..1c6ccb23111 --- /dev/null +++ b/java/ql/test/stubs/gson-2.8.6/com/google/gson/ToNumberStrategy.java @@ -0,0 +1,10 @@ +// Generated automatically from com.google.gson.ToNumberStrategy for testing purposes + +package com.google.gson; + +import com.google.gson.stream.JsonReader; + +public interface ToNumberStrategy +{ + Number readNumber(JsonReader p0); +} diff --git a/java/ql/test/stubs/gson-2.8.6/com/google/gson/TypeAdapter.java b/java/ql/test/stubs/gson-2.8.6/com/google/gson/TypeAdapter.java index 73e6ef993b7..cdd0d1185b1 100644 --- a/java/ql/test/stubs/gson-2.8.6/com/google/gson/TypeAdapter.java +++ b/java/ql/test/stubs/gson-2.8.6/com/google/gson/TypeAdapter.java @@ -1,130 +1,23 @@ -/* - * Copyright (C) 2011 Google Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +// Generated automatically from com.google.gson.TypeAdapter for testing purposes package com.google.gson; +import com.google.gson.JsonElement; import com.google.gson.stream.JsonReader; -import java.io.IOException; +import com.google.gson.stream.JsonWriter; import java.io.Reader; import java.io.Writer; -public abstract class TypeAdapter<T> { - /** - * Converts {@code value} to a JSON document and writes it to {@code out}. - * Unlike Gson's similar {@link Gson#toJson(JsonElement, Appendable) toJson} - * method, this write is strict. Create a {@link - * JsonWriter#setLenient(boolean) lenient} {@code JsonWriter} and call - * {@link #write(com.google.gson.stream.JsonWriter, Object)} for lenient - * writing. - * - * @param value the Java object to convert. May be null. - * @since 2.2 - */ - public final void toJson(Writer out, T value) throws IOException { - } - - /** - * This wrapper method is used to make a type adapter null tolerant. In general, a - * type adapter is required to handle nulls in write and read methods. Here is how this - * is typically done:<br> - * <pre> {@code - * - * Gson gson = new GsonBuilder().registerTypeAdapter(Foo.class, - * new TypeAdapter<Foo>() { - * public Foo read(JsonReader in) throws IOException { - * if (in.peek() == JsonToken.NULL) { - * in.nextNull(); - * return null; - * } - * // read a Foo from in and return it - * } - * public void write(JsonWriter out, Foo src) throws IOException { - * if (src == null) { - * out.nullValue(); - * return; - * } - * // write src as JSON to out - * } - * }).create(); - * }</pre> - * You can avoid this boilerplate handling of nulls by wrapping your type adapter with - * this method. Here is how we will rewrite the above example: - * <pre> {@code - * - * Gson gson = new GsonBuilder().registerTypeAdapter(Foo.class, - * new TypeAdapter<Foo>() { - * public Foo read(JsonReader in) throws IOException { - * // read a Foo from in and return it - * } - * public void write(JsonWriter out, Foo src) throws IOException { - * // write src as JSON to out - * } - * }.nullSafe()).create(); - * }</pre> - * Note that we didn't need to check for nulls in our type adapter after we used nullSafe. - */ - public final TypeAdapter<T> nullSafe() { - return null; - } - - /** - * Converts {@code value} to a JSON document. Unlike Gson's similar {@link - * Gson#toJson(Object) toJson} method, this write is strict. Create a {@link - * JsonWriter#setLenient(boolean) lenient} {@code JsonWriter} and call - * {@link #write(com.google.gson.stream.JsonWriter, Object)} for lenient - * writing. - * - * @param value the Java object to convert. May be null. - * @since 2.2 - */ - public final String toJson(T value) { - return null; - } - - /** - * Reads one JSON value (an array, object, string, number, boolean or null) - * and converts it to a Java object. Returns the converted object. - * - * @return the converted Java object. May be null. - */ - public abstract T read(JsonReader in) throws IOException; - - /** - * Converts the JSON document in {@code in} to a Java object. Unlike Gson's - * similar {@link Gson#fromJson(java.io.Reader, Class) fromJson} method, this - * read is strict. Create a {@link JsonReader#setLenient(boolean) lenient} - * {@code JsonReader} and call {@link #read(JsonReader)} for lenient reading. - * - * @return the converted Java object. May be null. - * @since 2.2 - */ - public final T fromJson(Reader in) throws IOException { - return null; - } - - /** - * Converts the JSON document in {@code json} to a Java object. Unlike Gson's - * similar {@link Gson#fromJson(String, Class) fromJson} method, this read is - * strict. Create a {@link JsonReader#setLenient(boolean) lenient} {@code - * JsonReader} and call {@link #read(JsonReader)} for lenient reading. - * - * @return the converted Java object. May be null. - * @since 2.2 - */ - public final T fromJson(String json) throws IOException { - return null; - } +abstract public class TypeAdapter<T> +{ + public TypeAdapter(){} + public abstract T read(JsonReader p0); + public abstract void write(JsonWriter p0, T p1); + public final JsonElement toJsonTree(T p0){ return null; } + public final String toJson(T p0){ return null; } + public final T fromJson(Reader p0){ return null; } + public final T fromJson(String p0){ return null; } + public final T fromJsonTree(JsonElement p0){ return null; } + public final TypeAdapter<T> nullSafe(){ return null; } + public final void toJson(Writer p0, T p1){} } diff --git a/java/ql/test/stubs/gson-2.8.6/com/google/gson/TypeAdapterFactory.java b/java/ql/test/stubs/gson-2.8.6/com/google/gson/TypeAdapterFactory.java index d6cc8133712..6b3728f38b0 100644 --- a/java/ql/test/stubs/gson-2.8.6/com/google/gson/TypeAdapterFactory.java +++ b/java/ql/test/stubs/gson-2.8.6/com/google/gson/TypeAdapterFactory.java @@ -1,28 +1,12 @@ -/* - * Copyright (C) 2011 Google Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +// Generated automatically from com.google.gson.TypeAdapterFactory for testing purposes package com.google.gson; +import com.google.gson.Gson; +import com.google.gson.TypeAdapter; import com.google.gson.reflect.TypeToken; -public interface TypeAdapterFactory { - - /** - * Returns a type adapter for {@code type}, or null if this factory doesn't - * support {@code type}. - */ - <T> TypeAdapter<T> create(Gson gson, TypeToken<T> type); -} \ No newline at end of file +public interface TypeAdapterFactory +{ + <T> com.google.gson.TypeAdapter<T> create(Gson p0, com.google.gson.reflect.TypeToken<T> p1); +} diff --git a/java/ql/test/stubs/gson-2.8.6/com/google/gson/internal/Excluder.java b/java/ql/test/stubs/gson-2.8.6/com/google/gson/internal/Excluder.java new file mode 100644 index 00000000000..dc05b0477c5 --- /dev/null +++ b/java/ql/test/stubs/gson-2.8.6/com/google/gson/internal/Excluder.java @@ -0,0 +1,25 @@ +// Generated automatically from com.google.gson.internal.Excluder for testing purposes + +package com.google.gson.internal; + +import com.google.gson.ExclusionStrategy; +import com.google.gson.Gson; +import com.google.gson.TypeAdapter; +import com.google.gson.TypeAdapterFactory; +import com.google.gson.reflect.TypeToken; +import java.lang.reflect.Field; + +public class Excluder implements Cloneable, TypeAdapterFactory +{ + protected Excluder clone(){ return null; } + public <T> com.google.gson.TypeAdapter<T> create(Gson p0, com.google.gson.reflect.TypeToken<T> p1){ return null; } + public Excluder disableInnerClassSerialization(){ return null; } + public Excluder excludeFieldsWithoutExposeAnnotation(){ return null; } + public Excluder withExclusionStrategy(ExclusionStrategy p0, boolean p1, boolean p2){ return null; } + public Excluder withModifiers(int... p0){ return null; } + public Excluder withVersion(double p0){ return null; } + public Excluder(){} + public boolean excludeClass(Class<? extends Object> p0, boolean p1){ return false; } + public boolean excludeField(Field p0, boolean p1){ return false; } + public static Excluder DEFAULT = null; +} diff --git a/java/ql/test/stubs/gson-2.8.6/com/google/gson/reflect/TypeToken.java b/java/ql/test/stubs/gson-2.8.6/com/google/gson/reflect/TypeToken.java index a35b2a45b85..ac3b84cb258 100644 --- a/java/ql/test/stubs/gson-2.8.6/com/google/gson/reflect/TypeToken.java +++ b/java/ql/test/stubs/gson-2.8.6/com/google/gson/reflect/TypeToken.java @@ -1,50 +1,22 @@ -/* - * Copyright (C) 2008 Google Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +// Generated automatically from com.google.gson.reflect.TypeToken for testing purposes package com.google.gson.reflect; -/** - * Represents a generic type {@code T}. Java doesn't yet provide a way to - * represent generic types, so this class does. Forces clients to create a - * subclass of this class which enables retrieval the type information even at - * runtime. - * - * <p>For example, to create a type literal for {@code List<String>}, you can - * create an empty anonymous inner class: - * - * <p> - * {@code TypeToken<List<String>> list = new TypeToken<List<String>>() {};} - * - * <p>This syntax cannot be used to create type literals that have wildcard - * parameters, such as {@code Class<?>} or {@code List<? extends CharSequence>}. - * - * @author Bob Lee - * @author Sven Mawson - * @author Jesse Wilson - */ -public class TypeToken<T> { +import java.lang.reflect.Type; - /** - * Constructs a new type literal. Derives represented class from type - * parameter. - * - * <p>Clients create an empty anonymous subclass. Doing so embeds the type - * parameter in the anonymous class's type hierarchy so we can reconstitute it - * at runtime despite erasure. - */ - protected TypeToken() { - } -} \ No newline at end of file +public class TypeToken<T> +{ + protected TypeToken(){} + public boolean isAssignableFrom(Class<? extends Object> p0){ return false; } + public boolean isAssignableFrom(Type p0){ return false; } + public boolean isAssignableFrom(TypeToken<? extends Object> p0){ return false; } + public final String toString(){ return null; } + public final Type getType(){ return null; } + public final boolean equals(Object p0){ return false; } + public final int hashCode(){ return 0; } + public final java.lang.Class<? super T> getRawType(){ return null; } + public static <T> com.google.gson.reflect.TypeToken<T> get(java.lang.Class<T> p0){ return null; } + public static TypeToken<? extends Object> get(Type p0){ return null; } + public static TypeToken<? extends Object> getArray(Type p0){ return null; } + public static TypeToken<? extends Object> getParameterized(Type p0, Type... p1){ return null; } +} diff --git a/java/ql/test/stubs/gson-2.8.6/com/google/gson/stream/JsonReader.java b/java/ql/test/stubs/gson-2.8.6/com/google/gson/stream/JsonReader.java index 5d0d2ad112f..677d58d8cd8 100644 --- a/java/ql/test/stubs/gson-2.8.6/com/google/gson/stream/JsonReader.java +++ b/java/ql/test/stubs/gson-2.8.6/com/google/gson/stream/JsonReader.java @@ -1,66 +1,33 @@ +// Generated automatically from com.google.gson.stream.JsonReader for testing purposes + package com.google.gson.stream; +import com.google.gson.stream.JsonToken; import java.io.Closeable; -import java.io.IOException; import java.io.Reader; -public class JsonReader implements Closeable { - public JsonReader(Reader in) { - } - - public final void setLenient(boolean lenient) { - } - - public final boolean isLenient() { - return false; - } - - public void beginArray() throws IOException { - } - - public void endArray() throws IOException { - } - - public void beginObject() throws IOException { - } - - public void endObject() throws IOException { - } - - public boolean hasNext() throws IOException { - return false; - } - - public String nextName() throws IOException { - return null; - } - - public String nextString() throws IOException { - return null; - } - - public boolean nextBoolean() throws IOException { - return false; - } - - public void nextNull() throws IOException { - } - - public double nextDouble() throws IOException { - return -1; - } - - public long nextLong() throws IOException { - return -1; - } - - public int nextInt() throws IOException { - return -1; - } - - public void close() throws IOException { - } - - public void skipValue() throws IOException { - } -} \ No newline at end of file +public class JsonReader implements Closeable +{ + protected JsonReader() {} + public JsonReader(Reader p0){} + public JsonToken peek(){ return null; } + public String getPath(){ return null; } + public String getPreviousPath(){ return null; } + public String nextName(){ return null; } + public String nextString(){ return null; } + public String toString(){ return null; } + public boolean hasNext(){ return false; } + public boolean nextBoolean(){ return false; } + public double nextDouble(){ return 0; } + public final boolean isLenient(){ return false; } + public final void setLenient(boolean p0){} + public int nextInt(){ return 0; } + public long nextLong(){ return 0; } + public void beginArray(){} + public void beginObject(){} + public void close(){} + public void endArray(){} + public void endObject(){} + public void nextNull(){} + public void skipValue(){} +} diff --git a/java/ql/test/stubs/gson-2.8.6/com/google/gson/stream/JsonToken.java b/java/ql/test/stubs/gson-2.8.6/com/google/gson/stream/JsonToken.java new file mode 100644 index 00000000000..fbb2e7ac463 --- /dev/null +++ b/java/ql/test/stubs/gson-2.8.6/com/google/gson/stream/JsonToken.java @@ -0,0 +1,10 @@ +// Generated automatically from com.google.gson.stream.JsonToken for testing purposes + +package com.google.gson.stream; + + +public enum JsonToken +{ + BEGIN_ARRAY, BEGIN_OBJECT, BOOLEAN, END_ARRAY, END_DOCUMENT, END_OBJECT, NAME, NULL, NUMBER, STRING; + private JsonToken() {} +} diff --git a/java/ql/test/stubs/gson-2.8.6/com/google/gson/stream/JsonWriter.java b/java/ql/test/stubs/gson-2.8.6/com/google/gson/stream/JsonWriter.java new file mode 100644 index 00000000000..282343f0bed --- /dev/null +++ b/java/ql/test/stubs/gson-2.8.6/com/google/gson/stream/JsonWriter.java @@ -0,0 +1,36 @@ +// Generated automatically from com.google.gson.stream.JsonWriter for testing purposes + +package com.google.gson.stream; + +import java.io.Closeable; +import java.io.Flushable; +import java.io.Writer; + +public class JsonWriter implements Closeable, Flushable +{ + protected JsonWriter() {} + public JsonWriter beginArray(){ return null; } + public JsonWriter beginObject(){ return null; } + public JsonWriter endArray(){ return null; } + public JsonWriter endObject(){ return null; } + public JsonWriter jsonValue(String p0){ return null; } + public JsonWriter name(String p0){ return null; } + public JsonWriter nullValue(){ return null; } + public JsonWriter value(Boolean p0){ return null; } + public JsonWriter value(Number p0){ return null; } + public JsonWriter value(String p0){ return null; } + public JsonWriter value(boolean p0){ return null; } + public JsonWriter value(double p0){ return null; } + public JsonWriter value(float p0){ return null; } + public JsonWriter value(long p0){ return null; } + public JsonWriter(Writer p0){} + public boolean isLenient(){ return false; } + public final boolean getSerializeNulls(){ return false; } + public final boolean isHtmlSafe(){ return false; } + public final void setHtmlSafe(boolean p0){} + public final void setIndent(String p0){} + public final void setLenient(boolean p0){} + public final void setSerializeNulls(boolean p0){} + public void close(){} + public void flush(){} +} From 0151a728f8467d4af670803bb63b34b38fe65069 Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Tue, 30 May 2023 17:53:03 +0200 Subject: [PATCH 722/870] Add change note --- java/ql/lib/change-notes/2023-05-30-gson-models.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 java/ql/lib/change-notes/2023-05-30-gson-models.md diff --git a/java/ql/lib/change-notes/2023-05-30-gson-models.md b/java/ql/lib/change-notes/2023-05-30-gson-models.md new file mode 100644 index 00000000000..306d797ff1a --- /dev/null +++ b/java/ql/lib/change-notes/2023-05-30-gson-models.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added dataflow models for the Gson deserialization library. From 70138448c3077624c36b4d52e9a04f27200471b6 Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Tue, 30 May 2023 17:54:59 +0200 Subject: [PATCH 723/870] Visibility --- .../code/java/frameworks/google/GsonSerializability.qll | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll b/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll index 470847f292e..dba25be7b22 100644 --- a/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll +++ b/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll @@ -4,9 +4,9 @@ */ import java -import semmle.code.java.Serializability -import semmle.code.java.dataflow.DataFlow -import semmle.code.java.dataflow.FlowSteps +private import semmle.code.java.Serializability +private import semmle.code.java.dataflow.DataFlow +private import semmle.code.java.dataflow.FlowSteps /** * A method used for deserializing objects using Gson. The first parameter is the object to be @@ -44,7 +44,7 @@ private class FieldReferencedGsonDeserializableType extends GsonDeserializableTy } /** A field that may be deserialized using the Gson JSON framework. */ -class GsonDeserializableField extends DeserializableField { +private class GsonDeserializableField extends DeserializableField { pragma[assume_small_delta] GsonDeserializableField() { exists(GsonDeserializableType superType | From a8c76388c0005f7ae1a5ab7637ba1b1b74a10667 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Tue, 30 May 2023 18:13:22 +0200 Subject: [PATCH 724/870] C++: Fix configuration names in comments in `cpp/invalid-pointer-deref` --- .../CWE/CWE-193/InvalidPointerDeref.ql | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql index 07189cea9d9..edfd7a76a5f 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql @@ -81,8 +81,8 @@ predicate hasSize(HeuristicAllocationExpr alloc, DataFlow::Node n, int state) { * ``` * * We do this by splitting the task up into two configurations: - * 1. `AllocToInvalidPointerConf` find flow from `malloc(size)` to `begin + size`, and - * 2. `InvalidPointerToDerefConf` finds flow from `begin + size` to an `end` (on line 3). + * 1. `AllocToInvalidPointerConfig` find flow from `malloc(size)` to `begin + size`, and + * 2. `InvalidPointerToDerefConfig` finds flow from `begin + size` to an `end` (on line 3). * * Finally, the range-analysis library will find a load from (or store to) an address that * is non-strictly upper-bounded by `end` (which in this case is `*p`). @@ -180,7 +180,7 @@ predicate isSinkImpl( } /** - * Holds if `sink` is a sink for `InvalidPointerToDerefConf` and `i` is a `StoreInstruction` that + * Holds if `sink` is a sink for `InvalidPointerToDerefConfig` and `i` is a `StoreInstruction` that * writes to an address that non-strictly upper-bounds `sink`, or `i` is a `LoadInstruction` that * reads from an address that non-strictly upper-bounds `sink`. */ @@ -201,7 +201,7 @@ predicate isInvalidPointerDerefSink(DataFlow::Node sink, Instruction i, string o /** * A configuration to track flow from a pointer-arithmetic operation found - * by `AllocToInvalidPointerConf` to a dereference of the pointer. + * by `AllocToInvalidPointerConfig` to a dereference of the pointer. */ module InvalidPointerToDerefConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { invalidPointerToDerefSource(_, source, _) } @@ -237,12 +237,12 @@ predicate invalidPointerToDerefSource( } newtype TMergedPathNode = - // The path nodes computed by the first projection of `AllocToInvalidPointerConf` + // The path nodes computed by the first projection of `AllocToInvalidPointerConfig` TPathNode1(AllocToInvalidPointerFlow::PathNode1 p) or - // The path nodes computed by `InvalidPointerToDerefConf` + // The path nodes computed by `InvalidPointerToDerefConfig` TPathNode3(InvalidPointerToDerefFlow::PathNode p) or - // The read/write that uses the invalid pointer identified by `InvalidPointerToDerefConf`. - // This one is needed because the sink identified by `InvalidPointerToDerefConf` is the + // The read/write that uses the invalid pointer identified by `InvalidPointerToDerefConfig`. + // This one is needed because the sink identified by `InvalidPointerToDerefConfig` is the // pointer, but we want to raise an alert at the dereference. TPathNodeSink(Instruction i) { exists(DataFlow::Node n | @@ -335,8 +335,8 @@ query predicate subpaths( } /** - * Holds if `p1` is a sink of `AllocToInvalidPointerConf` and `p2` is a source - * of `InvalidPointerToDerefConf`, and they are connected through `pai`. + * Holds if `p1` is a sink of `AllocToInvalidPointerConfig` and `p2` is a source + * of `InvalidPointerToDerefConfig`, and they are connected through `pai`. */ predicate joinOn1( PointerArithmeticInstruction pai, AllocToInvalidPointerFlow::PathNode1 p1, @@ -347,7 +347,7 @@ predicate joinOn1( } /** - * Holds if `p1` is a sink of `InvalidPointerToDerefConf` and `i` is the instruction + * Holds if `p1` is a sink of `InvalidPointerToDerefConfig` and `i` is the instruction * that dereferences `p1`. The string `operation` describes whether the `i` is * a `StoreInstruction` or `LoadInstruction`. */ From de974cc18a4792e7329de3f4323f42e4485048b0 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Tue, 30 May 2023 18:15:59 +0200 Subject: [PATCH 725/870] C++: Add `cpp/invalid-pointer-deref` test case that shows some duplicate results --- .../InvalidPointerDeref.expected | 57 +++++++++++++++++++ .../CWE/CWE-193/pointer-deref/test.cpp | 8 +++ 2 files changed, 65 insertions(+) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected index 1487088ca9f..4c6693a9d20 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected @@ -671,6 +671,58 @@ edges | test.cpp:350:16:350:19 | ... ++ | test.cpp:350:15:350:19 | Load: * ... | | test.cpp:350:16:350:19 | ... ++ | test.cpp:350:16:350:19 | ... ++ | | test.cpp:350:16:350:19 | ... ++ | test.cpp:350:16:350:19 | ... ++ | +| test.cpp:355:14:355:27 | new[] | test.cpp:356:15:356:16 | xs | +| test.cpp:356:15:356:16 | xs | test.cpp:356:15:356:23 | ... + ... | +| test.cpp:356:15:356:16 | xs | test.cpp:356:15:356:23 | ... + ... | +| test.cpp:356:15:356:16 | xs | test.cpp:356:15:356:23 | ... + ... | +| test.cpp:356:15:356:16 | xs | test.cpp:356:15:356:23 | ... + ... | +| test.cpp:356:15:356:16 | xs | test.cpp:357:24:357:26 | end | +| test.cpp:356:15:356:16 | xs | test.cpp:357:24:357:30 | ... + ... | +| test.cpp:356:15:356:16 | xs | test.cpp:357:24:357:30 | ... + ... | +| test.cpp:356:15:356:16 | xs | test.cpp:357:24:357:30 | ... + ... | +| test.cpp:356:15:356:16 | xs | test.cpp:357:24:357:30 | ... + ... | +| test.cpp:356:15:356:16 | xs | test.cpp:358:15:358:26 | end_plus_one | +| test.cpp:356:15:356:16 | xs | test.cpp:358:15:358:26 | end_plus_one | +| test.cpp:356:15:356:16 | xs | test.cpp:359:16:359:27 | end_plus_one | +| test.cpp:356:15:356:16 | xs | test.cpp:359:16:359:31 | ... + ... | +| test.cpp:356:15:356:23 | ... + ... | test.cpp:356:15:356:23 | ... + ... | +| test.cpp:356:15:356:23 | ... + ... | test.cpp:356:15:356:23 | ... + ... | +| test.cpp:356:15:356:23 | ... + ... | test.cpp:357:24:357:26 | end | +| test.cpp:356:15:356:23 | ... + ... | test.cpp:357:24:357:26 | end | +| test.cpp:356:15:356:23 | ... + ... | test.cpp:358:14:358:26 | Load: * ... | +| test.cpp:356:15:356:23 | ... + ... | test.cpp:358:14:358:26 | Load: * ... | +| test.cpp:356:15:356:23 | ... + ... | test.cpp:358:14:358:26 | Load: * ... | +| test.cpp:356:15:356:23 | ... + ... | test.cpp:358:14:358:26 | Load: * ... | +| test.cpp:356:15:356:23 | ... + ... | test.cpp:359:14:359:32 | Load: * ... | +| test.cpp:356:15:356:23 | ... + ... | test.cpp:359:14:359:32 | Load: * ... | +| test.cpp:356:15:356:23 | ... + ... | test.cpp:359:14:359:32 | Load: * ... | +| test.cpp:356:15:356:23 | ... + ... | test.cpp:359:14:359:32 | Load: * ... | +| test.cpp:357:24:357:26 | end | test.cpp:358:14:358:26 | Load: * ... | +| test.cpp:357:24:357:26 | end | test.cpp:359:14:359:32 | Load: * ... | +| test.cpp:357:24:357:30 | ... + ... | test.cpp:357:24:357:30 | ... + ... | +| test.cpp:357:24:357:30 | ... + ... | test.cpp:357:24:357:30 | ... + ... | +| test.cpp:357:24:357:30 | ... + ... | test.cpp:358:14:358:26 | Load: * ... | +| test.cpp:357:24:357:30 | ... + ... | test.cpp:358:14:358:26 | Load: * ... | +| test.cpp:357:24:357:30 | ... + ... | test.cpp:358:14:358:26 | Load: * ... | +| test.cpp:357:24:357:30 | ... + ... | test.cpp:358:14:358:26 | Load: * ... | +| test.cpp:357:24:357:30 | ... + ... | test.cpp:358:15:358:26 | end_plus_one | +| test.cpp:357:24:357:30 | ... + ... | test.cpp:358:15:358:26 | end_plus_one | +| test.cpp:357:24:357:30 | ... + ... | test.cpp:358:15:358:26 | end_plus_one | +| test.cpp:357:24:357:30 | ... + ... | test.cpp:358:15:358:26 | end_plus_one | +| test.cpp:357:24:357:30 | ... + ... | test.cpp:359:14:359:32 | Load: * ... | +| test.cpp:357:24:357:30 | ... + ... | test.cpp:359:14:359:32 | Load: * ... | +| test.cpp:357:24:357:30 | ... + ... | test.cpp:359:14:359:32 | Load: * ... | +| test.cpp:357:24:357:30 | ... + ... | test.cpp:359:14:359:32 | Load: * ... | +| test.cpp:357:24:357:30 | ... + ... | test.cpp:359:16:359:27 | end_plus_one | +| test.cpp:357:24:357:30 | ... + ... | test.cpp:359:16:359:27 | end_plus_one | +| test.cpp:358:15:358:26 | end_plus_one | test.cpp:358:14:358:26 | Load: * ... | +| test.cpp:358:15:358:26 | end_plus_one | test.cpp:358:14:358:26 | Load: * ... | +| test.cpp:358:15:358:26 | end_plus_one | test.cpp:359:14:359:32 | Load: * ... | +| test.cpp:358:15:358:26 | end_plus_one | test.cpp:359:14:359:32 | Load: * ... | +| test.cpp:358:15:358:26 | end_plus_one | test.cpp:359:16:359:27 | end_plus_one | +| test.cpp:359:16:359:27 | end_plus_one | test.cpp:358:14:358:26 | Load: * ... | +| test.cpp:359:16:359:27 | end_plus_one | test.cpp:359:14:359:32 | Load: * ... | +| test.cpp:359:16:359:31 | ... + ... | test.cpp:359:14:359:32 | Load: * ... | subpaths #select | test.cpp:6:14:6:15 | Load: * ... | test.cpp:4:15:4:20 | call to malloc | test.cpp:6:14:6:15 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:4:15:4:20 | call to malloc | call to malloc | test.cpp:5:19:5:22 | size | size | @@ -699,3 +751,8 @@ subpaths | test.cpp:333:5:333:21 | Store: ... = ... | test.cpp:325:14:325:27 | new[] | test.cpp:333:5:333:21 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:325:14:325:27 | new[] | new[] | test.cpp:326:20:326:23 | size | size | | test.cpp:341:5:341:21 | Store: ... = ... | test.cpp:325:14:325:27 | new[] | test.cpp:341:5:341:21 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:325:14:325:27 | new[] | new[] | test.cpp:326:20:326:23 | size | size | | test.cpp:350:15:350:19 | Load: * ... | test.cpp:347:14:347:27 | new[] | test.cpp:350:15:350:19 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:347:14:347:27 | new[] | new[] | test.cpp:348:20:348:23 | size | size | +| test.cpp:358:14:358:26 | Load: * ... | test.cpp:355:14:355:27 | new[] | test.cpp:358:14:358:26 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:355:14:355:27 | new[] | new[] | test.cpp:356:20:356:23 | size | size | +| test.cpp:358:14:358:26 | Load: * ... | test.cpp:355:14:355:27 | new[] | test.cpp:358:14:358:26 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:355:14:355:27 | new[] | new[] | test.cpp:356:20:356:23 | size | size | +| test.cpp:359:14:359:32 | Load: * ... | test.cpp:355:14:355:27 | new[] | test.cpp:359:14:359:32 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:355:14:355:27 | new[] | new[] | test.cpp:356:20:356:23 | size | size | +| test.cpp:359:14:359:32 | Load: * ... | test.cpp:355:14:355:27 | new[] | test.cpp:359:14:359:32 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 2. | test.cpp:355:14:355:27 | new[] | new[] | test.cpp:356:20:356:23 | size | size | +| test.cpp:359:14:359:32 | Load: * ... | test.cpp:355:14:355:27 | new[] | test.cpp:359:14:359:32 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:355:14:355:27 | new[] | new[] | test.cpp:356:20:356:23 | size | size | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp index b6741535e42..3dfd8b89097 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp @@ -350,3 +350,11 @@ void test24(unsigned size) { int val = *xs++; // GOOD [FALSE POSITIVE] } } + +void test25(unsigned size) { + char *xs = new char[size]; + char *end = xs + size; + char *end_plus_one = end + 1; + int val1 = *end_plus_one; // BAD + int val2 = *(end_plus_one + 1); // BAD +} From f5ed02a43376a503b3efd2ce4aadf97520c628aa Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Tue, 30 May 2023 18:23:22 +0200 Subject: [PATCH 726/870] C++: Take into account the delta at the final sink in `cpp/invalid-pointer-deref` --- .../CWE/CWE-193/InvalidPointerDeref.ql | 26 +++++++++---------- .../InvalidPointerDeref.expected | 6 ----- 2 files changed, 13 insertions(+), 19 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql index edfd7a76a5f..646843d077c 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql @@ -185,8 +185,8 @@ predicate isSinkImpl( * reads from an address that non-strictly upper-bounds `sink`. */ pragma[inline] -predicate isInvalidPointerDerefSink(DataFlow::Node sink, Instruction i, string operation) { - exists(AddressOperand addr, int delta | +predicate isInvalidPointerDerefSink(DataFlow::Node sink, Instruction i, string operation, int delta) { + exists(AddressOperand addr | bounded1(addr.getDef(), sink.asInstruction(), delta) and delta >= 0 and i.getAnOperand() = addr @@ -207,7 +207,7 @@ module InvalidPointerToDerefConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { invalidPointerToDerefSource(_, source, _) } pragma[inline] - predicate isSink(DataFlow::Node sink) { isInvalidPointerDerefSink(sink, _, _) } + predicate isSink(DataFlow::Node sink) { isInvalidPointerDerefSink(sink, _, _, _) } predicate isBarrier(DataFlow::Node node) { node = any(DataFlow::SsaPhiNode phi | not phi.isPhiRead()).getAnInput(true) @@ -247,7 +247,7 @@ newtype TMergedPathNode = TPathNodeSink(Instruction i) { exists(DataFlow::Node n | InvalidPointerToDerefFlow::flowTo(n) and - isInvalidPointerDerefSink(n, i, _) + isInvalidPointerDerefSink(n, i, _, _) ) } @@ -321,7 +321,7 @@ query predicate edges(MergedPathNode node1, MergedPathNode node2) { or node1.asPathNode3().getASuccessor() = node2.asPathNode3() or - joinOn2(node1.asPathNode3(), node2.asSinkNode(), _) + joinOn2(node1.asPathNode3(), node2.asSinkNode(), _, _) } query predicate subpaths( @@ -352,32 +352,32 @@ predicate joinOn1( * a `StoreInstruction` or `LoadInstruction`. */ pragma[inline] -predicate joinOn2(InvalidPointerToDerefFlow::PathNode p1, Instruction i, string operation) { - isInvalidPointerDerefSink(p1.getNode(), i, operation) +predicate joinOn2(InvalidPointerToDerefFlow::PathNode p1, Instruction i, string operation, int delta) { + isInvalidPointerDerefSink(p1.getNode(), i, operation, delta) } predicate hasFlowPath( MergedPathNode source1, MergedPathNode sink, InvalidPointerToDerefFlow::PathNode source3, - PointerArithmeticInstruction pai, string operation + PointerArithmeticInstruction pai, string operation, int delta ) { exists(InvalidPointerToDerefFlow::PathNode sink3, AllocToInvalidPointerFlow::PathNode1 sink1 | AllocToInvalidPointerFlow::flowPath(source1.asPathNode1(), _, sink1, _) and joinOn1(pai, sink1, source3) and InvalidPointerToDerefFlow::flowPath(source3, sink3) and - joinOn2(sink3, sink.asSinkNode(), operation) + joinOn2(sink3, sink.asSinkNode(), operation, delta) ) } from - MergedPathNode source, MergedPathNode sink, int k, string kstr, + MergedPathNode source, MergedPathNode sink, int k2, int k3, string kstr, InvalidPointerToDerefFlow::PathNode source3, PointerArithmeticInstruction pai, string operation, Expr offset, DataFlow::Node n where - hasFlowPath(source, sink, source3, pai, operation) and - invalidPointerToDerefSource(pai, source3.getNode(), k) and + hasFlowPath(source, sink, source3, pai, operation, k3) and + invalidPointerToDerefSource(pai, source3.getNode(), k2) and offset = pai.getRight().getUnconvertedResultExpression() and n = source.asPathNode1().getNode() and - if k = 0 then kstr = "" else kstr = " + " + k + if (k2 + k3) = 0 then kstr = "" else kstr = " + " + (k2 + k3) select sink, source, sink, "This " + operation + " might be out of bounds, as the pointer might be equal to $@ + $@" + kstr + ".", n, n.toString(), offset, offset.toString() diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected index 4c6693a9d20..ba5363dc4fa 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected @@ -727,14 +727,11 @@ subpaths #select | test.cpp:6:14:6:15 | Load: * ... | test.cpp:4:15:4:20 | call to malloc | test.cpp:6:14:6:15 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:4:15:4:20 | call to malloc | call to malloc | test.cpp:5:19:5:22 | size | size | | test.cpp:8:14:8:21 | Load: * ... | test.cpp:4:15:4:20 | call to malloc | test.cpp:8:14:8:21 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:4:15:4:20 | call to malloc | call to malloc | test.cpp:5:19:5:22 | size | size | -| test.cpp:8:14:8:21 | Load: * ... | test.cpp:4:15:4:20 | call to malloc | test.cpp:8:14:8:21 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:4:15:4:20 | call to malloc | call to malloc | test.cpp:5:19:5:22 | size | size | | test.cpp:20:14:20:21 | Load: * ... | test.cpp:16:15:16:20 | call to malloc | test.cpp:20:14:20:21 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:16:15:16:20 | call to malloc | call to malloc | test.cpp:17:19:17:22 | size | size | | test.cpp:30:14:30:15 | Load: * ... | test.cpp:28:15:28:20 | call to malloc | test.cpp:30:14:30:15 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:28:15:28:20 | call to malloc | call to malloc | test.cpp:29:20:29:27 | ... + ... | ... + ... | | test.cpp:32:14:32:21 | Load: * ... | test.cpp:28:15:28:20 | call to malloc | test.cpp:32:14:32:21 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:28:15:28:20 | call to malloc | call to malloc | test.cpp:29:20:29:27 | ... + ... | ... + ... | -| test.cpp:32:14:32:21 | Load: * ... | test.cpp:28:15:28:20 | call to malloc | test.cpp:32:14:32:21 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:28:15:28:20 | call to malloc | call to malloc | test.cpp:29:20:29:27 | ... + ... | ... + ... | | test.cpp:42:14:42:15 | Load: * ... | test.cpp:40:15:40:20 | call to malloc | test.cpp:42:14:42:15 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:40:15:40:20 | call to malloc | call to malloc | test.cpp:41:20:41:27 | ... - ... | ... - ... | | test.cpp:44:14:44:21 | Load: * ... | test.cpp:40:15:40:20 | call to malloc | test.cpp:44:14:44:21 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:40:15:40:20 | call to malloc | call to malloc | test.cpp:41:20:41:27 | ... - ... | ... - ... | -| test.cpp:44:14:44:21 | Load: * ... | test.cpp:40:15:40:20 | call to malloc | test.cpp:44:14:44:21 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:40:15:40:20 | call to malloc | call to malloc | test.cpp:41:20:41:27 | ... - ... | ... - ... | | test.cpp:67:9:67:14 | Store: ... = ... | test.cpp:52:19:52:24 | call to malloc | test.cpp:67:9:67:14 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:52:19:52:24 | call to malloc | call to malloc | test.cpp:53:20:53:23 | size | size | | test.cpp:96:9:96:14 | Store: ... = ... | test.cpp:82:17:82:22 | call to malloc | test.cpp:96:9:96:14 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:82:17:82:22 | call to malloc | call to malloc | test.cpp:83:27:83:30 | size | size | | test.cpp:110:9:110:14 | Store: ... = ... | test.cpp:82:17:82:22 | call to malloc | test.cpp:110:9:110:14 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:82:17:82:22 | call to malloc | call to malloc | test.cpp:83:27:83:30 | size | size | @@ -752,7 +749,4 @@ subpaths | test.cpp:341:5:341:21 | Store: ... = ... | test.cpp:325:14:325:27 | new[] | test.cpp:341:5:341:21 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:325:14:325:27 | new[] | new[] | test.cpp:326:20:326:23 | size | size | | test.cpp:350:15:350:19 | Load: * ... | test.cpp:347:14:347:27 | new[] | test.cpp:350:15:350:19 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:347:14:347:27 | new[] | new[] | test.cpp:348:20:348:23 | size | size | | test.cpp:358:14:358:26 | Load: * ... | test.cpp:355:14:355:27 | new[] | test.cpp:358:14:358:26 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:355:14:355:27 | new[] | new[] | test.cpp:356:20:356:23 | size | size | -| test.cpp:358:14:358:26 | Load: * ... | test.cpp:355:14:355:27 | new[] | test.cpp:358:14:358:26 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:355:14:355:27 | new[] | new[] | test.cpp:356:20:356:23 | size | size | -| test.cpp:359:14:359:32 | Load: * ... | test.cpp:355:14:355:27 | new[] | test.cpp:359:14:359:32 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:355:14:355:27 | new[] | new[] | test.cpp:356:20:356:23 | size | size | | test.cpp:359:14:359:32 | Load: * ... | test.cpp:355:14:355:27 | new[] | test.cpp:359:14:359:32 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 2. | test.cpp:355:14:355:27 | new[] | new[] | test.cpp:356:20:356:23 | size | size | -| test.cpp:359:14:359:32 | Load: * ... | test.cpp:355:14:355:27 | new[] | test.cpp:359:14:359:32 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:355:14:355:27 | new[] | new[] | test.cpp:356:20:356:23 | size | size | From dd30acf1e335445613f674ba855557fac25287fb Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Tue, 30 May 2023 18:43:01 +0200 Subject: [PATCH 727/870] C++: Add nodes query predicate to `cpp/invalid-pointer-deref` --- .../CWE/CWE-193/InvalidPointerDeref.ql | 8 + .../InvalidPointerDeref.expected | 327 ++++++++++++++++++ 2 files changed, 335 insertions(+) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql index 646843d077c..610eb572d8c 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql @@ -324,6 +324,14 @@ query predicate edges(MergedPathNode node1, MergedPathNode node2) { joinOn2(node1.asPathNode3(), node2.asSinkNode(), _, _) } +query predicate nodes(MergedPathNode n, string key, string val) { + AllocToInvalidPointerFlow::PathGraph1::nodes(n.asPathNode1(), key, val) + or + InvalidPointerToDerefFlow::PathGraph::nodes(n.asPathNode3(), key, val) + or + key = "semmle.label" and val = n.asSinkNode().toString() +} + query predicate subpaths( MergedPathNode arg, MergedPathNode par, MergedPathNode ret, MergedPathNode out ) { diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected index ba5363dc4fa..6b4d039ee6b 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected @@ -723,6 +723,333 @@ edges | test.cpp:359:16:359:27 | end_plus_one | test.cpp:358:14:358:26 | Load: * ... | | test.cpp:359:16:359:27 | end_plus_one | test.cpp:359:14:359:32 | Load: * ... | | test.cpp:359:16:359:31 | ... + ... | test.cpp:359:14:359:32 | Load: * ... | +nodes +| test.cpp:4:15:4:20 | call to malloc | semmle.label | call to malloc | +| test.cpp:5:15:5:15 | p | semmle.label | p | +| test.cpp:5:15:5:22 | ... + ... | semmle.label | ... + ... | +| test.cpp:5:15:5:22 | ... + ... | semmle.label | ... + ... | +| test.cpp:5:15:5:22 | ... + ... | semmle.label | ... + ... | +| test.cpp:5:15:5:22 | ... + ... | semmle.label | ... + ... | +| test.cpp:6:14:6:15 | Load: * ... | semmle.label | Load: * ... | +| test.cpp:6:15:6:15 | q | semmle.label | q | +| test.cpp:6:15:6:15 | q | semmle.label | q | +| test.cpp:7:16:7:16 | q | semmle.label | q | +| test.cpp:7:16:7:16 | q | semmle.label | q | +| test.cpp:8:14:8:21 | Load: * ... | semmle.label | Load: * ... | +| test.cpp:8:16:8:16 | q | semmle.label | q | +| test.cpp:8:16:8:16 | q | semmle.label | q | +| test.cpp:8:16:8:20 | ... + ... | semmle.label | ... + ... | +| test.cpp:9:16:9:16 | q | semmle.label | q | +| test.cpp:9:16:9:16 | q | semmle.label | q | +| test.cpp:10:16:10:16 | q | semmle.label | q | +| test.cpp:10:16:10:16 | q | semmle.label | q | +| test.cpp:11:16:11:16 | q | semmle.label | q | +| test.cpp:11:16:11:16 | q | semmle.label | q | +| test.cpp:12:16:12:16 | q | semmle.label | q | +| test.cpp:16:15:16:20 | call to malloc | semmle.label | call to malloc | +| test.cpp:17:15:17:15 | p | semmle.label | p | +| test.cpp:17:15:17:22 | ... + ... | semmle.label | ... + ... | +| test.cpp:20:14:20:21 | Load: * ... | semmle.label | Load: * ... | +| test.cpp:20:16:20:20 | ... + ... | semmle.label | ... + ... | +| test.cpp:28:15:28:20 | call to malloc | semmle.label | call to malloc | +| test.cpp:29:15:29:15 | p | semmle.label | p | +| test.cpp:29:15:29:28 | ... + ... | semmle.label | ... + ... | +| test.cpp:29:15:29:28 | ... + ... | semmle.label | ... + ... | +| test.cpp:29:15:29:28 | ... + ... | semmle.label | ... + ... | +| test.cpp:29:15:29:28 | ... + ... | semmle.label | ... + ... | +| test.cpp:30:14:30:15 | Load: * ... | semmle.label | Load: * ... | +| test.cpp:30:15:30:15 | q | semmle.label | q | +| test.cpp:30:15:30:15 | q | semmle.label | q | +| test.cpp:31:16:31:16 | q | semmle.label | q | +| test.cpp:31:16:31:16 | q | semmle.label | q | +| test.cpp:32:14:32:21 | Load: * ... | semmle.label | Load: * ... | +| test.cpp:32:16:32:16 | q | semmle.label | q | +| test.cpp:32:16:32:16 | q | semmle.label | q | +| test.cpp:32:16:32:20 | ... + ... | semmle.label | ... + ... | +| test.cpp:33:16:33:16 | q | semmle.label | q | +| test.cpp:33:16:33:16 | q | semmle.label | q | +| test.cpp:34:16:34:16 | q | semmle.label | q | +| test.cpp:34:16:34:16 | q | semmle.label | q | +| test.cpp:35:16:35:16 | q | semmle.label | q | +| test.cpp:35:16:35:16 | q | semmle.label | q | +| test.cpp:36:16:36:16 | q | semmle.label | q | +| test.cpp:40:15:40:20 | call to malloc | semmle.label | call to malloc | +| test.cpp:41:15:41:15 | p | semmle.label | p | +| test.cpp:41:15:41:28 | ... + ... | semmle.label | ... + ... | +| test.cpp:41:15:41:28 | ... + ... | semmle.label | ... + ... | +| test.cpp:41:15:41:28 | ... + ... | semmle.label | ... + ... | +| test.cpp:41:15:41:28 | ... + ... | semmle.label | ... + ... | +| test.cpp:42:14:42:15 | Load: * ... | semmle.label | Load: * ... | +| test.cpp:42:15:42:15 | q | semmle.label | q | +| test.cpp:42:15:42:15 | q | semmle.label | q | +| test.cpp:43:16:43:16 | q | semmle.label | q | +| test.cpp:43:16:43:16 | q | semmle.label | q | +| test.cpp:44:14:44:21 | Load: * ... | semmle.label | Load: * ... | +| test.cpp:44:16:44:16 | q | semmle.label | q | +| test.cpp:44:16:44:16 | q | semmle.label | q | +| test.cpp:44:16:44:20 | ... + ... | semmle.label | ... + ... | +| test.cpp:45:16:45:16 | q | semmle.label | q | +| test.cpp:45:16:45:16 | q | semmle.label | q | +| test.cpp:46:16:46:16 | q | semmle.label | q | +| test.cpp:46:16:46:16 | q | semmle.label | q | +| test.cpp:47:16:47:16 | q | semmle.label | q | +| test.cpp:47:16:47:16 | q | semmle.label | q | +| test.cpp:48:16:48:16 | q | semmle.label | q | +| test.cpp:51:7:51:14 | mk_array indirection | semmle.label | mk_array indirection | +| test.cpp:51:33:51:35 | end | semmle.label | end | +| test.cpp:52:19:52:24 | call to malloc | semmle.label | call to malloc | +| test.cpp:53:5:53:23 | ... = ... | semmle.label | ... = ... | +| test.cpp:53:12:53:16 | begin | semmle.label | begin | +| test.cpp:53:12:53:23 | ... + ... | semmle.label | ... + ... | +| test.cpp:60:19:60:26 | call to mk_array | semmle.label | call to mk_array | +| test.cpp:60:34:60:37 | mk_array output argument | semmle.label | mk_array output argument | +| test.cpp:62:32:62:34 | end | semmle.label | end | +| test.cpp:62:39:62:39 | p | semmle.label | p | +| test.cpp:66:32:66:34 | end | semmle.label | end | +| test.cpp:66:39:66:39 | p | semmle.label | p | +| test.cpp:67:9:67:14 | Store: ... = ... | semmle.label | Store: ... = ... | +| test.cpp:70:31:70:33 | end | semmle.label | end | +| test.cpp:70:38:70:38 | p | semmle.label | p | +| test.cpp:80:9:80:16 | mk_array indirection [begin] | semmle.label | mk_array indirection [begin] | +| test.cpp:80:9:80:16 | mk_array indirection [end] | semmle.label | mk_array indirection [end] | +| test.cpp:82:5:82:28 | ... = ... | semmle.label | ... = ... | +| test.cpp:82:9:82:13 | arr indirection [post update] [begin] | semmle.label | arr indirection [post update] [begin] | +| test.cpp:82:17:82:22 | call to malloc | semmle.label | call to malloc | +| test.cpp:83:5:83:30 | ... = ... | semmle.label | ... = ... | +| test.cpp:83:9:83:11 | arr indirection [post update] [end] | semmle.label | arr indirection [post update] [end] | +| test.cpp:83:15:83:17 | arr indirection [begin] | semmle.label | arr indirection [begin] | +| test.cpp:83:15:83:30 | ... + ... | semmle.label | ... + ... | +| test.cpp:83:19:83:23 | begin | semmle.label | begin | +| test.cpp:83:19:83:23 | begin indirection | semmle.label | begin indirection | +| test.cpp:89:19:89:26 | call to mk_array [begin] | semmle.label | call to mk_array [begin] | +| test.cpp:89:19:89:26 | call to mk_array [end] | semmle.label | call to mk_array [end] | +| test.cpp:91:20:91:22 | arr indirection [begin] | semmle.label | arr indirection [begin] | +| test.cpp:91:24:91:28 | begin | semmle.label | begin | +| test.cpp:91:24:91:28 | begin indirection | semmle.label | begin indirection | +| test.cpp:91:36:91:38 | arr indirection [end] | semmle.label | arr indirection [end] | +| test.cpp:91:40:91:42 | end | semmle.label | end | +| test.cpp:91:40:91:42 | end indirection | semmle.label | end indirection | +| test.cpp:91:47:91:47 | p | semmle.label | p | +| test.cpp:95:20:95:22 | arr indirection [begin] | semmle.label | arr indirection [begin] | +| test.cpp:95:24:95:28 | begin | semmle.label | begin | +| test.cpp:95:24:95:28 | begin indirection | semmle.label | begin indirection | +| test.cpp:95:36:95:38 | arr indirection [end] | semmle.label | arr indirection [end] | +| test.cpp:95:40:95:42 | end | semmle.label | end | +| test.cpp:95:40:95:42 | end indirection | semmle.label | end indirection | +| test.cpp:95:47:95:47 | p | semmle.label | p | +| test.cpp:96:9:96:14 | Store: ... = ... | semmle.label | Store: ... = ... | +| test.cpp:99:20:99:22 | arr indirection [begin] | semmle.label | arr indirection [begin] | +| test.cpp:99:24:99:28 | begin | semmle.label | begin | +| test.cpp:99:24:99:28 | begin indirection | semmle.label | begin indirection | +| test.cpp:99:35:99:37 | arr indirection [end] | semmle.label | arr indirection [end] | +| test.cpp:99:39:99:41 | end | semmle.label | end | +| test.cpp:99:39:99:41 | end indirection | semmle.label | end indirection | +| test.cpp:99:46:99:46 | p | semmle.label | p | +| test.cpp:104:27:104:29 | arr [begin] | semmle.label | arr [begin] | +| test.cpp:104:27:104:29 | arr [end] | semmle.label | arr [end] | +| test.cpp:105:20:105:22 | arr indirection [begin] | semmle.label | arr indirection [begin] | +| test.cpp:105:24:105:28 | begin | semmle.label | begin | +| test.cpp:105:24:105:28 | begin indirection | semmle.label | begin indirection | +| test.cpp:105:36:105:38 | arr indirection [end] | semmle.label | arr indirection [end] | +| test.cpp:105:40:105:42 | end | semmle.label | end | +| test.cpp:105:40:105:42 | end indirection | semmle.label | end indirection | +| test.cpp:105:47:105:47 | p | semmle.label | p | +| test.cpp:109:20:109:22 | arr indirection [begin] | semmle.label | arr indirection [begin] | +| test.cpp:109:24:109:28 | begin | semmle.label | begin | +| test.cpp:109:24:109:28 | begin indirection | semmle.label | begin indirection | +| test.cpp:109:36:109:38 | arr indirection [end] | semmle.label | arr indirection [end] | +| test.cpp:109:40:109:42 | end | semmle.label | end | +| test.cpp:109:40:109:42 | end indirection | semmle.label | end indirection | +| test.cpp:109:47:109:47 | p | semmle.label | p | +| test.cpp:110:9:110:14 | Store: ... = ... | semmle.label | Store: ... = ... | +| test.cpp:113:20:113:22 | arr indirection [begin] | semmle.label | arr indirection [begin] | +| test.cpp:113:24:113:28 | begin | semmle.label | begin | +| test.cpp:113:24:113:28 | begin indirection | semmle.label | begin indirection | +| test.cpp:113:35:113:37 | arr indirection [end] | semmle.label | arr indirection [end] | +| test.cpp:113:39:113:41 | end | semmle.label | end | +| test.cpp:113:39:113:41 | end indirection | semmle.label | end indirection | +| test.cpp:113:46:113:46 | p | semmle.label | p | +| test.cpp:119:18:119:25 | call to mk_array [begin] | semmle.label | call to mk_array [begin] | +| test.cpp:119:18:119:25 | call to mk_array [end] | semmle.label | call to mk_array [end] | +| test.cpp:124:15:124:20 | call to malloc | semmle.label | call to malloc | +| test.cpp:125:5:125:17 | ... = ... | semmle.label | ... = ... | +| test.cpp:125:9:125:13 | arr indirection [post update] [begin] | semmle.label | arr indirection [post update] [begin] | +| test.cpp:126:15:126:15 | p | semmle.label | p | +| test.cpp:129:11:129:13 | arr indirection [begin] | semmle.label | arr indirection [begin] | +| test.cpp:129:15:129:19 | begin | semmle.label | begin | +| test.cpp:129:15:129:19 | begin indirection | semmle.label | begin indirection | +| test.cpp:133:11:133:13 | arr indirection [begin] | semmle.label | arr indirection [begin] | +| test.cpp:133:15:133:19 | begin | semmle.label | begin | +| test.cpp:133:15:133:19 | begin indirection | semmle.label | begin indirection | +| test.cpp:137:11:137:13 | arr indirection [begin] | semmle.label | arr indirection [begin] | +| test.cpp:137:15:137:19 | begin | semmle.label | begin | +| test.cpp:137:15:137:19 | begin indirection | semmle.label | begin indirection | +| test.cpp:141:10:141:19 | mk_array_p indirection [begin] | semmle.label | mk_array_p indirection [begin] | +| test.cpp:141:10:141:19 | mk_array_p indirection [end] | semmle.label | mk_array_p indirection [end] | +| test.cpp:143:5:143:29 | ... = ... | semmle.label | ... = ... | +| test.cpp:143:10:143:14 | arr indirection [post update] [begin] | semmle.label | arr indirection [post update] [begin] | +| test.cpp:143:18:143:23 | call to malloc | semmle.label | call to malloc | +| test.cpp:144:5:144:32 | ... = ... | semmle.label | ... = ... | +| test.cpp:144:10:144:12 | arr indirection [post update] [end] | semmle.label | arr indirection [post update] [end] | +| test.cpp:144:16:144:18 | arr indirection [begin] | semmle.label | arr indirection [begin] | +| test.cpp:144:16:144:32 | ... + ... | semmle.label | ... + ... | +| test.cpp:144:21:144:25 | begin | semmle.label | begin | +| test.cpp:144:21:144:25 | begin indirection | semmle.label | begin indirection | +| test.cpp:150:20:150:29 | call to mk_array_p indirection [begin] | semmle.label | call to mk_array_p indirection [begin] | +| test.cpp:150:20:150:29 | call to mk_array_p indirection [end] | semmle.label | call to mk_array_p indirection [end] | +| test.cpp:152:20:152:22 | arr indirection [begin] | semmle.label | arr indirection [begin] | +| test.cpp:152:25:152:29 | begin | semmle.label | begin | +| test.cpp:152:25:152:29 | begin indirection | semmle.label | begin indirection | +| test.cpp:152:49:152:49 | p | semmle.label | p | +| test.cpp:156:20:156:22 | arr indirection [begin] | semmle.label | arr indirection [begin] | +| test.cpp:156:25:156:29 | begin | semmle.label | begin | +| test.cpp:156:25:156:29 | begin indirection | semmle.label | begin indirection | +| test.cpp:156:37:156:39 | arr indirection [end] | semmle.label | arr indirection [end] | +| test.cpp:156:42:156:44 | end | semmle.label | end | +| test.cpp:156:42:156:44 | end indirection | semmle.label | end indirection | +| test.cpp:156:49:156:49 | p | semmle.label | p | +| test.cpp:157:9:157:14 | Store: ... = ... | semmle.label | Store: ... = ... | +| test.cpp:160:20:160:22 | arr indirection [begin] | semmle.label | arr indirection [begin] | +| test.cpp:160:25:160:29 | begin | semmle.label | begin | +| test.cpp:160:25:160:29 | begin indirection | semmle.label | begin indirection | +| test.cpp:160:48:160:48 | p | semmle.label | p | +| test.cpp:165:29:165:31 | arr indirection [begin] | semmle.label | arr indirection [begin] | +| test.cpp:165:29:165:31 | arr indirection [end] | semmle.label | arr indirection [end] | +| test.cpp:166:20:166:22 | arr indirection [begin] | semmle.label | arr indirection [begin] | +| test.cpp:166:25:166:29 | begin | semmle.label | begin | +| test.cpp:166:25:166:29 | begin indirection | semmle.label | begin indirection | +| test.cpp:166:37:166:39 | arr indirection [end] | semmle.label | arr indirection [end] | +| test.cpp:166:42:166:44 | end | semmle.label | end | +| test.cpp:166:42:166:44 | end indirection | semmle.label | end indirection | +| test.cpp:166:49:166:49 | p | semmle.label | p | +| test.cpp:170:20:170:22 | arr indirection [begin] | semmle.label | arr indirection [begin] | +| test.cpp:170:25:170:29 | begin | semmle.label | begin | +| test.cpp:170:25:170:29 | begin indirection | semmle.label | begin indirection | +| test.cpp:170:37:170:39 | arr indirection [end] | semmle.label | arr indirection [end] | +| test.cpp:170:42:170:44 | end | semmle.label | end | +| test.cpp:170:42:170:44 | end indirection | semmle.label | end indirection | +| test.cpp:170:49:170:49 | p | semmle.label | p | +| test.cpp:171:9:171:14 | Store: ... = ... | semmle.label | Store: ... = ... | +| test.cpp:174:20:174:22 | arr indirection [begin] | semmle.label | arr indirection [begin] | +| test.cpp:174:25:174:29 | begin | semmle.label | begin | +| test.cpp:174:25:174:29 | begin indirection | semmle.label | begin indirection | +| test.cpp:174:36:174:38 | arr indirection [end] | semmle.label | arr indirection [end] | +| test.cpp:174:41:174:43 | end | semmle.label | end | +| test.cpp:174:41:174:43 | end indirection | semmle.label | end indirection | +| test.cpp:174:48:174:48 | p | semmle.label | p | +| test.cpp:180:19:180:28 | call to mk_array_p indirection [begin] | semmle.label | call to mk_array_p indirection [begin] | +| test.cpp:180:19:180:28 | call to mk_array_p indirection [end] | semmle.label | call to mk_array_p indirection [end] | +| test.cpp:188:15:188:20 | call to malloc | semmle.label | call to malloc | +| test.cpp:189:15:189:15 | p | semmle.label | p | +| test.cpp:194:23:194:28 | call to malloc | semmle.label | call to malloc | +| test.cpp:195:17:195:17 | p | semmle.label | p | +| test.cpp:195:17:195:23 | ... + ... | semmle.label | ... + ... | +| test.cpp:195:17:195:23 | ... + ... | semmle.label | ... + ... | +| test.cpp:195:17:195:23 | ... + ... | semmle.label | ... + ... | +| test.cpp:195:17:195:23 | ... + ... | semmle.label | ... + ... | +| test.cpp:197:8:197:8 | p | semmle.label | p | +| test.cpp:197:20:197:22 | end | semmle.label | end | +| test.cpp:201:5:201:5 | p | semmle.label | p | +| test.cpp:201:5:201:12 | access to array | semmle.label | access to array | +| test.cpp:201:5:201:19 | Store: ... = ... | semmle.label | Store: ... = ... | +| test.cpp:205:23:205:28 | call to malloc | semmle.label | call to malloc | +| test.cpp:206:17:206:17 | p | semmle.label | p | +| test.cpp:206:17:206:23 | ... + ... | semmle.label | ... + ... | +| test.cpp:206:17:206:23 | ... + ... | semmle.label | ... + ... | +| test.cpp:206:17:206:23 | ... + ... | semmle.label | ... + ... | +| test.cpp:206:17:206:23 | ... + ... | semmle.label | ... + ... | +| test.cpp:208:15:208:15 | p | semmle.label | p | +| test.cpp:209:12:209:14 | end | semmle.label | end | +| test.cpp:213:5:213:6 | * ... | semmle.label | * ... | +| test.cpp:213:5:213:13 | Store: ... = ... | semmle.label | Store: ... = ... | +| test.cpp:213:6:213:6 | q | semmle.label | q | +| test.cpp:213:6:213:6 | q | semmle.label | q | +| test.cpp:221:17:221:22 | call to malloc | semmle.label | call to malloc | +| test.cpp:222:5:222:5 | p | semmle.label | p | +| test.cpp:231:18:231:30 | new[] | semmle.label | new[] | +| test.cpp:232:3:232:9 | newname | semmle.label | newname | +| test.cpp:232:3:232:16 | access to array | semmle.label | access to array | +| test.cpp:232:3:232:20 | Store: ... = ... | semmle.label | Store: ... = ... | +| test.cpp:238:20:238:32 | new[] | semmle.label | new[] | +| test.cpp:239:5:239:11 | newname | semmle.label | newname | +| test.cpp:239:5:239:18 | access to array | semmle.label | access to array | +| test.cpp:239:5:239:22 | Store: ... = ... | semmle.label | Store: ... = ... | +| test.cpp:248:24:248:30 | call to realloc | semmle.label | call to realloc | +| test.cpp:249:9:249:9 | p | semmle.label | p | +| test.cpp:250:22:250:22 | p | semmle.label | p | +| test.cpp:254:9:254:9 | p | semmle.label | p | +| test.cpp:254:9:254:12 | access to array | semmle.label | access to array | +| test.cpp:254:9:254:16 | Store: ... = ... | semmle.label | Store: ... = ... | +| test.cpp:260:13:260:24 | new[] | semmle.label | new[] | +| test.cpp:261:14:261:15 | xs | semmle.label | xs | +| test.cpp:261:14:261:21 | ... + ... | semmle.label | ... + ... | +| test.cpp:261:14:261:21 | ... + ... | semmle.label | ... + ... | +| test.cpp:261:14:261:21 | ... + ... | semmle.label | ... + ... | +| test.cpp:261:14:261:21 | ... + ... | semmle.label | ... + ... | +| test.cpp:262:26:262:28 | end | semmle.label | end | +| test.cpp:262:26:262:28 | end | semmle.label | end | +| test.cpp:262:31:262:31 | x | semmle.label | x | +| test.cpp:264:13:264:14 | Load: * ... | semmle.label | Load: * ... | +| test.cpp:264:14:264:14 | x | semmle.label | x | +| test.cpp:264:14:264:14 | x | semmle.label | x | +| test.cpp:270:13:270:24 | new[] | semmle.label | new[] | +| test.cpp:271:14:271:15 | xs | semmle.label | xs | +| test.cpp:271:14:271:21 | ... + ... | semmle.label | ... + ... | +| test.cpp:271:14:271:21 | ... + ... | semmle.label | ... + ... | +| test.cpp:271:14:271:21 | ... + ... | semmle.label | ... + ... | +| test.cpp:271:14:271:21 | ... + ... | semmle.label | ... + ... | +| test.cpp:272:26:272:28 | end | semmle.label | end | +| test.cpp:272:26:272:28 | end | semmle.label | end | +| test.cpp:272:31:272:31 | x | semmle.label | x | +| test.cpp:272:31:272:31 | x | semmle.label | x | +| test.cpp:274:5:274:6 | * ... | semmle.label | * ... | +| test.cpp:274:5:274:10 | Store: ... = ... | semmle.label | Store: ... = ... | +| test.cpp:274:6:274:6 | x | semmle.label | x | +| test.cpp:274:6:274:6 | x | semmle.label | x | +| test.cpp:280:13:280:24 | new[] | semmle.label | new[] | +| test.cpp:281:14:281:15 | xs | semmle.label | xs | +| test.cpp:290:13:290:24 | new[] | semmle.label | new[] | +| test.cpp:291:14:291:15 | xs | semmle.label | xs | +| test.cpp:292:30:292:30 | x | semmle.label | x | +| test.cpp:304:15:304:26 | new[] | semmle.label | new[] | +| test.cpp:307:5:307:6 | xs | semmle.label | xs | +| test.cpp:308:5:308:6 | xs | semmle.label | xs | +| test.cpp:308:5:308:11 | access to array | semmle.label | access to array | +| test.cpp:308:5:308:29 | Store: ... = ... | semmle.label | Store: ... = ... | +| test.cpp:313:14:313:27 | new[] | semmle.label | new[] | +| test.cpp:314:15:314:16 | xs | semmle.label | xs | +| test.cpp:325:14:325:27 | new[] | semmle.label | new[] | +| test.cpp:326:15:326:16 | xs | semmle.label | xs | +| test.cpp:326:15:326:23 | ... + ... | semmle.label | ... + ... | +| test.cpp:326:15:326:23 | ... + ... | semmle.label | ... + ... | +| test.cpp:333:5:333:21 | Store: ... = ... | semmle.label | Store: ... = ... | +| test.cpp:338:8:338:15 | * ... | semmle.label | * ... | +| test.cpp:341:5:341:21 | Store: ... = ... | semmle.label | Store: ... = ... | +| test.cpp:341:8:341:17 | * ... | semmle.label | * ... | +| test.cpp:342:8:342:17 | * ... | semmle.label | * ... | +| test.cpp:347:14:347:27 | new[] | semmle.label | new[] | +| test.cpp:348:15:348:16 | xs | semmle.label | xs | +| test.cpp:350:15:350:19 | Load: * ... | semmle.label | Load: * ... | +| test.cpp:350:16:350:19 | ... ++ | semmle.label | ... ++ | +| test.cpp:350:16:350:19 | ... ++ | semmle.label | ... ++ | +| test.cpp:350:16:350:19 | ... ++ | semmle.label | ... ++ | +| test.cpp:355:14:355:27 | new[] | semmle.label | new[] | +| test.cpp:356:15:356:16 | xs | semmle.label | xs | +| test.cpp:356:15:356:23 | ... + ... | semmle.label | ... + ... | +| test.cpp:356:15:356:23 | ... + ... | semmle.label | ... + ... | +| test.cpp:356:15:356:23 | ... + ... | semmle.label | ... + ... | +| test.cpp:356:15:356:23 | ... + ... | semmle.label | ... + ... | +| test.cpp:357:24:357:26 | end | semmle.label | end | +| test.cpp:357:24:357:30 | ... + ... | semmle.label | ... + ... | +| test.cpp:357:24:357:30 | ... + ... | semmle.label | ... + ... | +| test.cpp:357:24:357:30 | ... + ... | semmle.label | ... + ... | +| test.cpp:357:24:357:30 | ... + ... | semmle.label | ... + ... | +| test.cpp:358:14:358:26 | Load: * ... | semmle.label | Load: * ... | +| test.cpp:358:15:358:26 | end_plus_one | semmle.label | end_plus_one | +| test.cpp:358:15:358:26 | end_plus_one | semmle.label | end_plus_one | +| test.cpp:359:14:359:32 | Load: * ... | semmle.label | Load: * ... | +| test.cpp:359:16:359:27 | end_plus_one | semmle.label | end_plus_one | +| test.cpp:359:16:359:31 | ... + ... | semmle.label | ... + ... | subpaths #select | test.cpp:6:14:6:15 | Load: * ... | test.cpp:4:15:4:20 | call to malloc | test.cpp:6:14:6:15 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:4:15:4:20 | call to malloc | call to malloc | test.cpp:5:19:5:22 | size | size | From 75f6355bd6950cff005897612d6b9ff518d0ba6b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 May 2023 04:06:22 +0000 Subject: [PATCH 728/870] Bump chrono from 0.4.25 to 0.4.26 in /ql Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.25 to 0.4.26. - [Release notes](https://github.com/chronotope/chrono/releases) - [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md) - [Commits](https://github.com/chronotope/chrono/compare/v0.4.25...v0.4.26) --- updated-dependencies: - dependency-name: chrono dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> --- ql/Cargo.lock | Bin 31667 -> 31667 bytes ql/buramu/Cargo.toml | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/ql/Cargo.lock b/ql/Cargo.lock index 76437a85e057d43e2bf6bd6efa08833e2d6e19f3..de833d37b96bcb4b4ef42188f3f137daa116c0b8 100644 GIT binary patch delta 84 zcmdn|opJMb#tpx@Co4My*rq017@H@W8ycIMCK*|znVFiJr6i@8npq|pn<p8k8Jig! oSQ;i9B&C=n8Ks&Vo0^%Mm>L--nIxO0rC3fDl$Y4NfJZnV0Gh5DegFUf delta 87 zcmWN<u?>JQ3<N+?P>~T>0g1>VhK><n1i$UH48st#NEwcT22NL>rasO6c4ut2wHTDx o{<8Q4^*J&Xk`%$w78KIV$=m@^7q!u00&~t@Fw(gXeZ4|BK3NPMyZ`_I diff --git a/ql/buramu/Cargo.toml b/ql/buramu/Cargo.toml index a84be37dbd7..13aaddaf989 100644 --- a/ql/buramu/Cargo.toml +++ b/ql/buramu/Cargo.toml @@ -7,6 +7,6 @@ edition = "2018" [dependencies] lazy_static = "1.4.0" -chrono = "0.4.25" +chrono = "0.4.26" rayon = "1.7.0" regex = "1.8.3" From b343dcaadd01e19b610269b2bbbb1e709e509f57 Mon Sep 17 00:00:00 2001 From: erik-krogh <erik-krogh@github.com> Date: Wed, 31 May 2023 08:06:04 +0200 Subject: [PATCH 729/870] put string/object in the alert-message for sql-injection --- .../ql/src/Security/CWE-089/SqlInjection.ql | 9 +- .../ql/src/Security/CWE-089/SqlInjection.ql | 12 +- .../CWE-089/typed/SqlInjection.expected | 6 +- .../CWE-089/untyped/SqlInjection.expected | 250 +++++++++--------- 4 files changed, 139 insertions(+), 138 deletions(-) diff --git a/javascript/ql/src/Security/CWE-089/SqlInjection.ql b/javascript/ql/src/Security/CWE-089/SqlInjection.ql index 6b0502f611f..f7a40bb91f9 100644 --- a/javascript/ql/src/Security/CWE-089/SqlInjection.ql +++ b/javascript/ql/src/Security/CWE-089/SqlInjection.ql @@ -18,12 +18,13 @@ import semmle.javascript.security.dataflow.SqlInjectionQuery as SqlInjection import semmle.javascript.security.dataflow.NosqlInjectionQuery as NosqlInjection import DataFlow::PathGraph -from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, string type where ( - cfg instanceof SqlInjection::Configuration or - cfg instanceof NosqlInjection::Configuration + cfg instanceof SqlInjection::Configuration and type = "string" + or + cfg instanceof NosqlInjection::Configuration and type = "object" ) and cfg.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "This query depends on a $@.", source.getNode(), +select sink.getNode(), source, sink, "This query " + type + " depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql index a2c4a4158bc..e82b9d40d5b 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql @@ -20,13 +20,13 @@ import semmle.javascript.security.dataflow.NosqlInjectionQuery as NosqlInjection import DataFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, string type where ( - cfg instanceof SqlInjection::Configuration or - cfg instanceof NosqlInjection::Configuration + cfg instanceof SqlInjection::Configuration and type = "string" + or + cfg instanceof NosqlInjection::Configuration and type = "object" ) and - cfg.hasFlowPath(source, sink) and - source.getNode() instanceof HeuristicSource -select sink.getNode(), source, sink, "This query depends on a $@.", source.getNode(), + cfg.hasFlowPath(source, sink) +select sink.getNode(), source, sink, "This query " + type + " depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected b/javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected index f6a8d8862f6..acf7e712ee2 100644 --- a/javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected @@ -37,6 +37,6 @@ edges | typedClient.ts:23:33:23:33 | v | typedClient.ts:23:27:23:35 | { id: v } | | typedClient.ts:23:33:23:33 | v | typedClient.ts:23:27:23:35 | { id: v } | #select -| typedClient.ts:14:24:14:32 | { id: v } | typedClient.ts:13:22:13:29 | req.body | typedClient.ts:14:24:14:32 | { id: v } | This query depends on a $@. | typedClient.ts:13:22:13:29 | req.body | user-provided value | -| typedClient.ts:22:27:22:35 | { id: v } | typedClient.ts:21:22:21:29 | req.body | typedClient.ts:22:27:22:35 | { id: v } | This query depends on a $@. | typedClient.ts:21:22:21:29 | req.body | user-provided value | -| typedClient.ts:23:27:23:35 | { id: v } | typedClient.ts:21:22:21:29 | req.body | typedClient.ts:23:27:23:35 | { id: v } | This query depends on a $@. | typedClient.ts:21:22:21:29 | req.body | user-provided value | +| typedClient.ts:14:24:14:32 | { id: v } | typedClient.ts:13:22:13:29 | req.body | typedClient.ts:14:24:14:32 | { id: v } | This query object depends on a $@. | typedClient.ts:13:22:13:29 | req.body | user-provided value | +| typedClient.ts:22:27:22:35 | { id: v } | typedClient.ts:21:22:21:29 | req.body | typedClient.ts:22:27:22:35 | { id: v } | This query object depends on a $@. | typedClient.ts:21:22:21:29 | req.body | user-provided value | +| typedClient.ts:23:27:23:35 | { id: v } | typedClient.ts:21:22:21:29 | req.body | typedClient.ts:23:27:23:35 | { id: v } | This query object depends on a $@. | typedClient.ts:21:22:21:29 | req.body | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected b/javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected index be40ab490ad..6eba7711032 100644 --- a/javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected @@ -928,128 +928,128 @@ edges | tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | | tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | #select -| graphql.js:10:34:20:5 | `\\n ... }\\n ` | graphql.js:8:16:8:28 | req.params.id | graphql.js:10:34:20:5 | `\\n ... }\\n ` | This query depends on a $@. | graphql.js:8:16:8:28 | req.params.id | user-provided value | -| graphql.js:27:30:27:40 | `foo ${id}` | graphql.js:26:16:26:28 | req.params.id | graphql.js:27:30:27:40 | `foo ${id}` | This query depends on a $@. | graphql.js:26:16:26:28 | req.params.id | user-provided value | -| graphql.js:30:32:30:42 | `foo ${id}` | graphql.js:26:16:26:28 | req.params.id | graphql.js:30:32:30:42 | `foo ${id}` | This query depends on a $@. | graphql.js:26:16:26:28 | req.params.id | user-provided value | -| graphql.js:33:18:33:28 | `foo ${id}` | graphql.js:26:16:26:28 | req.params.id | graphql.js:33:18:33:28 | `foo ${id}` | This query depends on a $@. | graphql.js:26:16:26:28 | req.params.id | user-provided value | -| graphql.js:44:14:44:24 | `foo ${id}` | graphql.js:39:16:39:28 | req.params.id | graphql.js:44:14:44:24 | `foo ${id}` | This query depends on a $@. | graphql.js:39:16:39:28 | req.params.id | user-provided value | -| graphql.js:48:44:48:54 | `foo ${id}` | graphql.js:39:16:39:28 | req.params.id | graphql.js:48:44:48:54 | `foo ${id}` | This query depends on a $@. | graphql.js:39:16:39:28 | req.params.id | user-provided value | -| graphql.js:56:39:56:49 | `foo ${id}` | graphql.js:55:16:55:28 | req.params.id | graphql.js:56:39:56:49 | `foo ${id}` | This query depends on a $@. | graphql.js:55:16:55:28 | req.params.id | user-provided value | -| graphql.js:58:66:58:76 | `foo ${id}` | graphql.js:55:16:55:28 | req.params.id | graphql.js:58:66:58:76 | `foo ${id}` | This query depends on a $@. | graphql.js:55:16:55:28 | req.params.id | user-provided value | -| graphql.js:75:46:75:64 | "{ foo" + id + " }" | graphql.js:74:14:74:25 | req.query.id | graphql.js:75:46:75:64 | "{ foo" + id + " }" | This query depends on a $@. | graphql.js:74:14:74:25 | req.query.id | user-provided value | -| graphql.js:84:14:90:8 | `{\\n ... }` | graphql.js:74:14:74:25 | req.query.id | graphql.js:84:14:90:8 | `{\\n ... }` | This query depends on a $@. | graphql.js:74:14:74:25 | req.query.id | user-provided value | -| graphql.js:120:38:120:48 | `foo ${id}` | graphql.js:119:16:119:28 | req.params.id | graphql.js:120:38:120:48 | `foo ${id}` | This query depends on a $@. | graphql.js:119:16:119:28 | req.params.id | user-provided value | -| html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | html-sanitizer.js:13:39:13:44 | param1 | html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | This query depends on a $@. | html-sanitizer.js:13:39:13:44 | param1 | user-provided value | -| json-schema-validator.js:33:22:33:26 | query | json-schema-validator.js:25:34:25:47 | req.query.data | json-schema-validator.js:33:22:33:26 | query | This query depends on a $@. | json-schema-validator.js:25:34:25:47 | req.query.data | user-provided value | -| json-schema-validator.js:35:18:35:22 | query | json-schema-validator.js:25:34:25:47 | req.query.data | json-schema-validator.js:35:18:35:22 | query | This query depends on a $@. | json-schema-validator.js:25:34:25:47 | req.query.data | user-provided value | -| json-schema-validator.js:55:22:55:26 | query | json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:55:22:55:26 | query | This query depends on a $@. | json-schema-validator.js:50:34:50:47 | req.query.data | user-provided value | -| json-schema-validator.js:59:22:59:26 | query | json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:59:22:59:26 | query | This query depends on a $@. | json-schema-validator.js:50:34:50:47 | req.query.data | user-provided value | -| json-schema-validator.js:61:22:61:26 | query | json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:61:22:61:26 | query | This query depends on a $@. | json-schema-validator.js:50:34:50:47 | req.query.data | user-provided value | -| ldap.js:28:30:28:34 | opts1 | ldap.js:20:21:20:27 | req.url | ldap.js:28:30:28:34 | opts1 | This query depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value | -| ldap.js:32:5:32:61 | { filte ... e}))` } | ldap.js:20:21:20:27 | req.url | ldap.js:32:5:32:61 | { filte ... e}))` } | This query depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value | -| ldap.js:66:30:66:53 | { filte ... ilter } | ldap.js:20:21:20:27 | req.url | ldap.js:66:30:66:53 | { filte ... ilter } | This query depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value | -| ldap.js:68:27:68:42 | `cn=${username}` | ldap.js:20:21:20:27 | req.url | ldap.js:68:27:68:42 | `cn=${username}` | This query depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value | -| marsdb-flow-to.js:14:17:14:21 | query | marsdb-flow-to.js:11:17:11:24 | req.body | marsdb-flow-to.js:14:17:14:21 | query | This query depends on a $@. | marsdb-flow-to.js:11:17:11:24 | req.body | user-provided value | -| marsdb.js:16:12:16:16 | query | marsdb.js:13:17:13:24 | req.body | marsdb.js:16:12:16:16 | query | This query depends on a $@. | marsdb.js:13:17:13:24 | req.body | user-provided value | -| minimongo.js:18:12:18:16 | query | minimongo.js:15:17:15:24 | req.body | minimongo.js:18:12:18:16 | query | This query depends on a $@. | minimongo.js:15:17:15:24 | req.body | user-provided value | -| mongodb.js:18:16:18:20 | query | mongodb.js:13:19:13:26 | req.body | mongodb.js:18:16:18:20 | query | This query depends on a $@. | mongodb.js:13:19:13:26 | req.body | user-provided value | -| mongodb.js:32:18:32:45 | { title ... itle) } | mongodb.js:26:19:26:26 | req.body | mongodb.js:32:18:32:45 | { title ... itle) } | This query depends on a $@. | mongodb.js:26:19:26:26 | req.body | user-provided value | -| mongodb.js:54:16:54:20 | query | mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | This query depends on a $@. | mongodb.js:49:19:49:33 | req.query.title | user-provided value | -| mongodb.js:65:12:65:16 | query | mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | This query depends on a $@. | mongodb.js:60:16:60:30 | req.query.title | user-provided value | -| mongodb.js:77:14:77:26 | { tags: tag } | mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:77:14:77:26 | { tags: tag } | This query depends on a $@. | mongodb.js:70:13:70:25 | req.query.tag | user-provided value | -| mongodb.js:85:12:85:24 | { tags: tag } | mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:85:12:85:24 | { tags: tag } | This query depends on a $@. | mongodb.js:70:13:70:25 | req.query.tag | user-provided value | -| mongodb.js:112:14:112:18 | query | mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | This query depends on a $@. | mongodb.js:107:17:107:29 | queries.title | user-provided value | -| mongodb_bodySafe.js:29:16:29:20 | query | mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | This query depends on a $@. | mongodb_bodySafe.js:24:19:24:33 | req.query.title | user-provided value | -| mongoose.js:24:24:24:30 | [query] | mongoose.js:21:19:21:26 | req.body | mongoose.js:24:24:24:30 | [query] | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:27:20:27:24 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:27:20:27:24 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:30:25:30:29 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:30:25:30:29 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:33:24:33:28 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:33:24:33:28 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:36:31:36:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:36:31:36:35 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:39:19:39:23 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:39:19:39:23 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:42:22:42:26 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:42:22:42:26 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:45:31:45:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:45:31:45:35 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:48:31:48:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:48:31:48:35 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:51:31:51:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:51:31:51:35 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:54:25:54:29 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:54:25:54:29 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:57:21:57:25 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:57:21:57:25 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:60:25:60:29 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:60:25:60:29 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:63:21:63:25 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:63:21:63:25 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:65:32:65:36 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:65:32:65:36 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:67:27:67:31 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:67:27:67:31 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:68:8:68:12 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:68:8:68:12 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:71:20:71:24 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:71:20:71:24 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:72:16:72:20 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:72:16:72:20 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:73:8:73:12 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:73:8:73:12 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:74:7:74:11 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:74:7:74:11 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:75:16:75:20 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:75:16:75:20 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:77:10:77:14 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:77:10:77:14 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:82:46:82:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:82:46:82:50 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:83:47:83:51 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:83:47:83:51 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:85:46:85:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:85:46:85:50 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:87:51:87:55 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:87:51:87:55 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:89:46:89:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:89:46:89:50 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:92:46:92:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:92:46:92:50 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:94:51:94:55 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:94:51:94:55 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:96:46:96:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:96:46:96:50 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:111:14:111:18 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:111:14:111:18 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:113:31:113:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:113:31:113:35 | query | This query depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | -| mongoose.js:116:22:116:25 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:116:22:116:25 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | -| mongoose.js:117:21:117:24 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:117:21:117:24 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | -| mongoose.js:118:21:118:24 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:118:21:118:24 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | -| mongoose.js:119:18:119:21 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:119:18:119:21 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | -| mongoose.js:120:22:120:25 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:120:22:120:25 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | -| mongoose.js:121:16:121:19 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:121:16:121:19 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | -| mongoose.js:122:19:122:22 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:122:19:122:22 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | -| mongoose.js:123:20:123:21 | id | mongoose.js:115:11:115:22 | req.query.id | mongoose.js:123:20:123:21 | id | This query depends on a $@. | mongoose.js:115:11:115:22 | req.query.id | user-provided value | -| mongoose.js:124:28:124:31 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:124:28:124:31 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | -| mongoose.js:125:28:125:31 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:125:28:125:31 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | -| mongoose.js:126:28:126:31 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:126:28:126:31 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | -| mongoose.js:127:18:127:21 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:127:18:127:21 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | -| mongoose.js:128:22:128:25 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:128:22:128:25 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | -| mongoose.js:129:21:129:24 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:129:21:129:24 | cond | This query depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | -| mongoose.js:130:16:130:26 | { _id: id } | mongoose.js:115:11:115:22 | req.query.id | mongoose.js:130:16:130:26 | { _id: id } | This query depends on a $@. | mongoose.js:115:11:115:22 | req.query.id | user-provided value | -| mongooseJsonParse.js:23:19:23:23 | query | mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:23:19:23:23 | query | This query depends on a $@. | mongooseJsonParse.js:20:30:20:43 | req.query.data | user-provided value | -| mongooseModelClient.js:11:16:11:24 | { id: v } | mongooseModelClient.js:10:22:10:29 | req.body | mongooseModelClient.js:11:16:11:24 | { id: v } | This query depends on a $@. | mongooseModelClient.js:10:22:10:29 | req.body | user-provided value | -| mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | mongooseModelClient.js:12:22:12:29 | req.body | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | This query depends on a $@. | mongooseModelClient.js:12:22:12:29 | req.body | user-provided value | -| mysql.js:15:18:15:65 | 'SELECT ... + temp | mysql.js:6:16:6:31 | req.params.value | mysql.js:15:18:15:65 | 'SELECT ... + temp | This query depends on a $@. | mysql.js:6:16:6:31 | req.params.value | user-provided value | -| mysql.js:19:26:19:73 | 'SELECT ... + temp | mysql.js:6:16:6:31 | req.params.value | mysql.js:19:26:19:73 | 'SELECT ... + temp | This query depends on a $@. | mysql.js:6:16:6:31 | req.params.value | user-provided value | -| pg-promise-types.ts:8:17:8:21 | taint | pg-promise-types.ts:7:17:7:28 | req.params.x | pg-promise-types.ts:8:17:8:21 | taint | This query depends on a $@. | pg-promise-types.ts:7:17:7:28 | req.params.x | user-provided value | -| pg-promise.js:9:10:9:14 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:9:10:9:14 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | -| pg-promise.js:10:11:10:15 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:10:11:10:15 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | -| pg-promise.js:11:17:11:21 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:11:17:11:21 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | -| pg-promise.js:12:10:12:14 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:12:10:12:14 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | -| pg-promise.js:13:12:13:16 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:13:12:13:16 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | -| pg-promise.js:14:18:14:22 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:14:18:14:22 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | -| pg-promise.js:15:11:15:15 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:15:11:15:15 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | -| pg-promise.js:16:10:16:14 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:16:10:16:14 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | -| pg-promise.js:17:16:17:20 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:17:16:17:20 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | -| pg-promise.js:18:12:18:16 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:18:12:18:16 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | -| pg-promise.js:19:13:19:17 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:19:13:19:17 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | -| pg-promise.js:22:11:22:15 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:22:11:22:15 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | -| pg-promise.js:30:13:30:25 | req.params.id | pg-promise.js:30:13:30:25 | req.params.id | pg-promise.js:30:13:30:25 | req.params.id | This query depends on a $@. | pg-promise.js:30:13:30:25 | req.params.id | user-provided value | -| pg-promise.js:34:13:34:25 | req.params.id | pg-promise.js:34:13:34:25 | req.params.id | pg-promise.js:34:13:34:25 | req.params.id | This query depends on a $@. | pg-promise.js:34:13:34:25 | req.params.id | user-provided value | -| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | This query depends on a $@. | pg-promise.js:39:7:39:19 | req.params.id | user-provided value | -| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | This query depends on a $@. | pg-promise.js:40:7:40:21 | req.params.name | user-provided value | -| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | This query depends on a $@. | pg-promise.js:41:7:41:20 | req.params.foo | user-provided value | -| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:39:7:39:19 | req.params.id | This query depends on a $@. | pg-promise.js:39:7:39:19 | req.params.id | user-provided value | -| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:40:7:40:21 | req.params.name | This query depends on a $@. | pg-promise.js:40:7:40:21 | req.params.name | user-provided value | -| pg-promise.js:47:11:47:23 | req.params.id | pg-promise.js:47:11:47:23 | req.params.id | pg-promise.js:47:11:47:23 | req.params.id | This query depends on a $@. | pg-promise.js:47:11:47:23 | req.params.id | user-provided value | -| pg-promise.js:54:11:54:23 | req.params.id | pg-promise.js:54:11:54:23 | req.params.id | pg-promise.js:54:11:54:23 | req.params.id | This query depends on a $@. | pg-promise.js:54:11:54:23 | req.params.id | user-provided value | -| pg-promise.js:56:14:56:29 | req.params.title | pg-promise.js:56:14:56:29 | req.params.title | pg-promise.js:56:14:56:29 | req.params.title | This query depends on a $@. | pg-promise.js:56:14:56:29 | req.params.title | user-provided value | -| pg-promise.js:60:20:60:24 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:60:20:60:24 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | -| pg-promise.js:63:23:63:27 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:63:23:63:27 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | -| pg-promise.js:64:16:64:20 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:64:16:64:20 | query | This query depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | -| redis.js:10:16:10:27 | req.body.key | redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key | This query depends on a $@. | redis.js:10:16:10:23 | req.body | user-provided value | -| redis.js:18:16:18:18 | key | redis.js:12:15:12:22 | req.body | redis.js:18:16:18:18 | key | This query depends on a $@. | redis.js:12:15:12:22 | req.body | user-provided value | -| redis.js:19:43:19:45 | key | redis.js:12:15:12:22 | req.body | redis.js:19:43:19:45 | key | This query depends on a $@. | redis.js:12:15:12:22 | req.body | user-provided value | -| redis.js:25:14:25:16 | key | redis.js:12:15:12:22 | req.body | redis.js:25:14:25:16 | key | This query depends on a $@. | redis.js:12:15:12:22 | req.body | user-provided value | -| redis.js:30:23:30:25 | key | redis.js:12:15:12:22 | req.body | redis.js:30:23:30:25 | key | This query depends on a $@. | redis.js:12:15:12:22 | req.body | user-provided value | -| redis.js:32:28:32:30 | key | redis.js:12:15:12:22 | req.body | redis.js:32:28:32:30 | key | This query depends on a $@. | redis.js:12:15:12:22 | req.body | user-provided value | -| redis.js:39:16:39:18 | key | redis.js:38:17:38:24 | req.body | redis.js:39:16:39:18 | key | This query depends on a $@. | redis.js:38:17:38:24 | req.body | user-provided value | -| redis.js:43:27:43:29 | key | redis.js:38:17:38:24 | req.body | redis.js:43:27:43:29 | key | This query depends on a $@. | redis.js:38:17:38:24 | req.body | user-provided value | -| redis.js:46:34:46:36 | key | redis.js:38:17:38:24 | req.body | redis.js:46:34:46:36 | key | This query depends on a $@. | redis.js:38:17:38:24 | req.body | user-provided value | -| socketio.js:11:12:11:53 | `INSERT ... andle}` | socketio.js:10:25:10:30 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` | This query depends on a $@. | socketio.js:10:25:10:30 | handle | user-provided value | -| tst2.js:9:27:9:84 | "select ... d + "'" | tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | This query depends on a $@. | tst2.js:9:66:9:78 | req.params.id | user-provided value | -| tst3.js:9:14:9:19 | query1 | tst3.js:8:16:8:34 | req.params.category | tst3.js:9:14:9:19 | query1 | This query depends on a $@. | tst3.js:8:16:8:34 | req.params.category | user-provided value | -| tst4.js:8:10:8:66 | 'SELECT ... d + '"' | tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | This query depends on a $@. | tst4.js:8:46:8:60 | $routeParams.id | user-provided value | -| tst.js:10:10:10:64 | 'SELECT ... d + '"' | tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | This query depends on a $@. | tst.js:10:46:10:58 | req.params.id | user-provided value | +| graphql.js:10:34:20:5 | `\\n ... }\\n ` | graphql.js:8:16:8:28 | req.params.id | graphql.js:10:34:20:5 | `\\n ... }\\n ` | This query string depends on a $@. | graphql.js:8:16:8:28 | req.params.id | user-provided value | +| graphql.js:27:30:27:40 | `foo ${id}` | graphql.js:26:16:26:28 | req.params.id | graphql.js:27:30:27:40 | `foo ${id}` | This query string depends on a $@. | graphql.js:26:16:26:28 | req.params.id | user-provided value | +| graphql.js:30:32:30:42 | `foo ${id}` | graphql.js:26:16:26:28 | req.params.id | graphql.js:30:32:30:42 | `foo ${id}` | This query string depends on a $@. | graphql.js:26:16:26:28 | req.params.id | user-provided value | +| graphql.js:33:18:33:28 | `foo ${id}` | graphql.js:26:16:26:28 | req.params.id | graphql.js:33:18:33:28 | `foo ${id}` | This query string depends on a $@. | graphql.js:26:16:26:28 | req.params.id | user-provided value | +| graphql.js:44:14:44:24 | `foo ${id}` | graphql.js:39:16:39:28 | req.params.id | graphql.js:44:14:44:24 | `foo ${id}` | This query string depends on a $@. | graphql.js:39:16:39:28 | req.params.id | user-provided value | +| graphql.js:48:44:48:54 | `foo ${id}` | graphql.js:39:16:39:28 | req.params.id | graphql.js:48:44:48:54 | `foo ${id}` | This query string depends on a $@. | graphql.js:39:16:39:28 | req.params.id | user-provided value | +| graphql.js:56:39:56:49 | `foo ${id}` | graphql.js:55:16:55:28 | req.params.id | graphql.js:56:39:56:49 | `foo ${id}` | This query string depends on a $@. | graphql.js:55:16:55:28 | req.params.id | user-provided value | +| graphql.js:58:66:58:76 | `foo ${id}` | graphql.js:55:16:55:28 | req.params.id | graphql.js:58:66:58:76 | `foo ${id}` | This query string depends on a $@. | graphql.js:55:16:55:28 | req.params.id | user-provided value | +| graphql.js:75:46:75:64 | "{ foo" + id + " }" | graphql.js:74:14:74:25 | req.query.id | graphql.js:75:46:75:64 | "{ foo" + id + " }" | This query string depends on a $@. | graphql.js:74:14:74:25 | req.query.id | user-provided value | +| graphql.js:84:14:90:8 | `{\\n ... }` | graphql.js:74:14:74:25 | req.query.id | graphql.js:84:14:90:8 | `{\\n ... }` | This query string depends on a $@. | graphql.js:74:14:74:25 | req.query.id | user-provided value | +| graphql.js:120:38:120:48 | `foo ${id}` | graphql.js:119:16:119:28 | req.params.id | graphql.js:120:38:120:48 | `foo ${id}` | This query string depends on a $@. | graphql.js:119:16:119:28 | req.params.id | user-provided value | +| html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | html-sanitizer.js:13:39:13:44 | param1 | html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | This query string depends on a $@. | html-sanitizer.js:13:39:13:44 | param1 | user-provided value | +| json-schema-validator.js:33:22:33:26 | query | json-schema-validator.js:25:34:25:47 | req.query.data | json-schema-validator.js:33:22:33:26 | query | This query object depends on a $@. | json-schema-validator.js:25:34:25:47 | req.query.data | user-provided value | +| json-schema-validator.js:35:18:35:22 | query | json-schema-validator.js:25:34:25:47 | req.query.data | json-schema-validator.js:35:18:35:22 | query | This query object depends on a $@. | json-schema-validator.js:25:34:25:47 | req.query.data | user-provided value | +| json-schema-validator.js:55:22:55:26 | query | json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:55:22:55:26 | query | This query object depends on a $@. | json-schema-validator.js:50:34:50:47 | req.query.data | user-provided value | +| json-schema-validator.js:59:22:59:26 | query | json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:59:22:59:26 | query | This query object depends on a $@. | json-schema-validator.js:50:34:50:47 | req.query.data | user-provided value | +| json-schema-validator.js:61:22:61:26 | query | json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:61:22:61:26 | query | This query object depends on a $@. | json-schema-validator.js:50:34:50:47 | req.query.data | user-provided value | +| ldap.js:28:30:28:34 | opts1 | ldap.js:20:21:20:27 | req.url | ldap.js:28:30:28:34 | opts1 | This query string depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value | +| ldap.js:32:5:32:61 | { filte ... e}))` } | ldap.js:20:21:20:27 | req.url | ldap.js:32:5:32:61 | { filte ... e}))` } | This query string depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value | +| ldap.js:66:30:66:53 | { filte ... ilter } | ldap.js:20:21:20:27 | req.url | ldap.js:66:30:66:53 | { filte ... ilter } | This query string depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value | +| ldap.js:68:27:68:42 | `cn=${username}` | ldap.js:20:21:20:27 | req.url | ldap.js:68:27:68:42 | `cn=${username}` | This query string depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value | +| marsdb-flow-to.js:14:17:14:21 | query | marsdb-flow-to.js:11:17:11:24 | req.body | marsdb-flow-to.js:14:17:14:21 | query | This query object depends on a $@. | marsdb-flow-to.js:11:17:11:24 | req.body | user-provided value | +| marsdb.js:16:12:16:16 | query | marsdb.js:13:17:13:24 | req.body | marsdb.js:16:12:16:16 | query | This query object depends on a $@. | marsdb.js:13:17:13:24 | req.body | user-provided value | +| minimongo.js:18:12:18:16 | query | minimongo.js:15:17:15:24 | req.body | minimongo.js:18:12:18:16 | query | This query object depends on a $@. | minimongo.js:15:17:15:24 | req.body | user-provided value | +| mongodb.js:18:16:18:20 | query | mongodb.js:13:19:13:26 | req.body | mongodb.js:18:16:18:20 | query | This query object depends on a $@. | mongodb.js:13:19:13:26 | req.body | user-provided value | +| mongodb.js:32:18:32:45 | { title ... itle) } | mongodb.js:26:19:26:26 | req.body | mongodb.js:32:18:32:45 | { title ... itle) } | This query object depends on a $@. | mongodb.js:26:19:26:26 | req.body | user-provided value | +| mongodb.js:54:16:54:20 | query | mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | This query object depends on a $@. | mongodb.js:49:19:49:33 | req.query.title | user-provided value | +| mongodb.js:65:12:65:16 | query | mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | This query object depends on a $@. | mongodb.js:60:16:60:30 | req.query.title | user-provided value | +| mongodb.js:77:14:77:26 | { tags: tag } | mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:77:14:77:26 | { tags: tag } | This query object depends on a $@. | mongodb.js:70:13:70:25 | req.query.tag | user-provided value | +| mongodb.js:85:12:85:24 | { tags: tag } | mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:85:12:85:24 | { tags: tag } | This query object depends on a $@. | mongodb.js:70:13:70:25 | req.query.tag | user-provided value | +| mongodb.js:112:14:112:18 | query | mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | This query object depends on a $@. | mongodb.js:107:17:107:29 | queries.title | user-provided value | +| mongodb_bodySafe.js:29:16:29:20 | query | mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | This query object depends on a $@. | mongodb_bodySafe.js:24:19:24:33 | req.query.title | user-provided value | +| mongoose.js:24:24:24:30 | [query] | mongoose.js:21:19:21:26 | req.body | mongoose.js:24:24:24:30 | [query] | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:27:20:27:24 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:27:20:27:24 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:30:25:30:29 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:30:25:30:29 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:33:24:33:28 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:33:24:33:28 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:36:31:36:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:36:31:36:35 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:39:19:39:23 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:39:19:39:23 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:42:22:42:26 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:42:22:42:26 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:45:31:45:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:45:31:45:35 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:48:31:48:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:48:31:48:35 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:51:31:51:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:51:31:51:35 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:54:25:54:29 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:54:25:54:29 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:57:21:57:25 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:57:21:57:25 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:60:25:60:29 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:60:25:60:29 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:63:21:63:25 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:63:21:63:25 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:65:32:65:36 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:65:32:65:36 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:67:27:67:31 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:67:27:67:31 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:68:8:68:12 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:68:8:68:12 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:71:20:71:24 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:71:20:71:24 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:72:16:72:20 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:72:16:72:20 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:73:8:73:12 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:73:8:73:12 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:74:7:74:11 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:74:7:74:11 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:75:16:75:20 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:75:16:75:20 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:77:10:77:14 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:77:10:77:14 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:82:46:82:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:82:46:82:50 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:83:47:83:51 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:83:47:83:51 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:85:46:85:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:85:46:85:50 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:87:51:87:55 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:87:51:87:55 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:89:46:89:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:89:46:89:50 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:92:46:92:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:92:46:92:50 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:94:51:94:55 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:94:51:94:55 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:96:46:96:50 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:96:46:96:50 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:111:14:111:18 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:111:14:111:18 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:113:31:113:35 | query | mongoose.js:21:19:21:26 | req.body | mongoose.js:113:31:113:35 | query | This query object depends on a $@. | mongoose.js:21:19:21:26 | req.body | user-provided value | +| mongoose.js:116:22:116:25 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:116:22:116:25 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | +| mongoose.js:117:21:117:24 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:117:21:117:24 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | +| mongoose.js:118:21:118:24 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:118:21:118:24 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | +| mongoose.js:119:18:119:21 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:119:18:119:21 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | +| mongoose.js:120:22:120:25 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:120:22:120:25 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | +| mongoose.js:121:16:121:19 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:121:16:121:19 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | +| mongoose.js:122:19:122:22 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:122:19:122:22 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | +| mongoose.js:123:20:123:21 | id | mongoose.js:115:11:115:22 | req.query.id | mongoose.js:123:20:123:21 | id | This query object depends on a $@. | mongoose.js:115:11:115:22 | req.query.id | user-provided value | +| mongoose.js:124:28:124:31 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:124:28:124:31 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | +| mongoose.js:125:28:125:31 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:125:28:125:31 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | +| mongoose.js:126:28:126:31 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:126:28:126:31 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | +| mongoose.js:127:18:127:21 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:127:18:127:21 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | +| mongoose.js:128:22:128:25 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:128:22:128:25 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | +| mongoose.js:129:21:129:24 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:129:21:129:24 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | +| mongoose.js:130:16:130:26 | { _id: id } | mongoose.js:115:11:115:22 | req.query.id | mongoose.js:130:16:130:26 | { _id: id } | This query object depends on a $@. | mongoose.js:115:11:115:22 | req.query.id | user-provided value | +| mongooseJsonParse.js:23:19:23:23 | query | mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:23:19:23:23 | query | This query object depends on a $@. | mongooseJsonParse.js:20:30:20:43 | req.query.data | user-provided value | +| mongooseModelClient.js:11:16:11:24 | { id: v } | mongooseModelClient.js:10:22:10:29 | req.body | mongooseModelClient.js:11:16:11:24 | { id: v } | This query object depends on a $@. | mongooseModelClient.js:10:22:10:29 | req.body | user-provided value | +| mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | mongooseModelClient.js:12:22:12:29 | req.body | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | This query object depends on a $@. | mongooseModelClient.js:12:22:12:29 | req.body | user-provided value | +| mysql.js:15:18:15:65 | 'SELECT ... + temp | mysql.js:6:16:6:31 | req.params.value | mysql.js:15:18:15:65 | 'SELECT ... + temp | This query string depends on a $@. | mysql.js:6:16:6:31 | req.params.value | user-provided value | +| mysql.js:19:26:19:73 | 'SELECT ... + temp | mysql.js:6:16:6:31 | req.params.value | mysql.js:19:26:19:73 | 'SELECT ... + temp | This query string depends on a $@. | mysql.js:6:16:6:31 | req.params.value | user-provided value | +| pg-promise-types.ts:8:17:8:21 | taint | pg-promise-types.ts:7:17:7:28 | req.params.x | pg-promise-types.ts:8:17:8:21 | taint | This query string depends on a $@. | pg-promise-types.ts:7:17:7:28 | req.params.x | user-provided value | +| pg-promise.js:9:10:9:14 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:9:10:9:14 | query | This query string depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | +| pg-promise.js:10:11:10:15 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:10:11:10:15 | query | This query string depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | +| pg-promise.js:11:17:11:21 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:11:17:11:21 | query | This query string depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | +| pg-promise.js:12:10:12:14 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:12:10:12:14 | query | This query string depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | +| pg-promise.js:13:12:13:16 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:13:12:13:16 | query | This query string depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | +| pg-promise.js:14:18:14:22 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:14:18:14:22 | query | This query string depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | +| pg-promise.js:15:11:15:15 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:15:11:15:15 | query | This query string depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | +| pg-promise.js:16:10:16:14 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:16:10:16:14 | query | This query string depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | +| pg-promise.js:17:16:17:20 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:17:16:17:20 | query | This query string depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | +| pg-promise.js:18:12:18:16 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:18:12:18:16 | query | This query string depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | +| pg-promise.js:19:13:19:17 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:19:13:19:17 | query | This query string depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | +| pg-promise.js:22:11:22:15 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:22:11:22:15 | query | This query string depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | +| pg-promise.js:30:13:30:25 | req.params.id | pg-promise.js:30:13:30:25 | req.params.id | pg-promise.js:30:13:30:25 | req.params.id | This query string depends on a $@. | pg-promise.js:30:13:30:25 | req.params.id | user-provided value | +| pg-promise.js:34:13:34:25 | req.params.id | pg-promise.js:34:13:34:25 | req.params.id | pg-promise.js:34:13:34:25 | req.params.id | This query string depends on a $@. | pg-promise.js:34:13:34:25 | req.params.id | user-provided value | +| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | This query string depends on a $@. | pg-promise.js:39:7:39:19 | req.params.id | user-provided value | +| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | This query string depends on a $@. | pg-promise.js:40:7:40:21 | req.params.name | user-provided value | +| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | This query string depends on a $@. | pg-promise.js:41:7:41:20 | req.params.foo | user-provided value | +| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:39:7:39:19 | req.params.id | This query string depends on a $@. | pg-promise.js:39:7:39:19 | req.params.id | user-provided value | +| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:40:7:40:21 | req.params.name | This query string depends on a $@. | pg-promise.js:40:7:40:21 | req.params.name | user-provided value | +| pg-promise.js:47:11:47:23 | req.params.id | pg-promise.js:47:11:47:23 | req.params.id | pg-promise.js:47:11:47:23 | req.params.id | This query string depends on a $@. | pg-promise.js:47:11:47:23 | req.params.id | user-provided value | +| pg-promise.js:54:11:54:23 | req.params.id | pg-promise.js:54:11:54:23 | req.params.id | pg-promise.js:54:11:54:23 | req.params.id | This query string depends on a $@. | pg-promise.js:54:11:54:23 | req.params.id | user-provided value | +| pg-promise.js:56:14:56:29 | req.params.title | pg-promise.js:56:14:56:29 | req.params.title | pg-promise.js:56:14:56:29 | req.params.title | This query string depends on a $@. | pg-promise.js:56:14:56:29 | req.params.title | user-provided value | +| pg-promise.js:60:20:60:24 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:60:20:60:24 | query | This query string depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | +| pg-promise.js:63:23:63:27 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:63:23:63:27 | query | This query string depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | +| pg-promise.js:64:16:64:20 | query | pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:64:16:64:20 | query | This query string depends on a $@. | pg-promise.js:7:16:7:34 | req.params.category | user-provided value | +| redis.js:10:16:10:27 | req.body.key | redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key | This query object depends on a $@. | redis.js:10:16:10:23 | req.body | user-provided value | +| redis.js:18:16:18:18 | key | redis.js:12:15:12:22 | req.body | redis.js:18:16:18:18 | key | This query object depends on a $@. | redis.js:12:15:12:22 | req.body | user-provided value | +| redis.js:19:43:19:45 | key | redis.js:12:15:12:22 | req.body | redis.js:19:43:19:45 | key | This query object depends on a $@. | redis.js:12:15:12:22 | req.body | user-provided value | +| redis.js:25:14:25:16 | key | redis.js:12:15:12:22 | req.body | redis.js:25:14:25:16 | key | This query object depends on a $@. | redis.js:12:15:12:22 | req.body | user-provided value | +| redis.js:30:23:30:25 | key | redis.js:12:15:12:22 | req.body | redis.js:30:23:30:25 | key | This query object depends on a $@. | redis.js:12:15:12:22 | req.body | user-provided value | +| redis.js:32:28:32:30 | key | redis.js:12:15:12:22 | req.body | redis.js:32:28:32:30 | key | This query object depends on a $@. | redis.js:12:15:12:22 | req.body | user-provided value | +| redis.js:39:16:39:18 | key | redis.js:38:17:38:24 | req.body | redis.js:39:16:39:18 | key | This query object depends on a $@. | redis.js:38:17:38:24 | req.body | user-provided value | +| redis.js:43:27:43:29 | key | redis.js:38:17:38:24 | req.body | redis.js:43:27:43:29 | key | This query object depends on a $@. | redis.js:38:17:38:24 | req.body | user-provided value | +| redis.js:46:34:46:36 | key | redis.js:38:17:38:24 | req.body | redis.js:46:34:46:36 | key | This query object depends on a $@. | redis.js:38:17:38:24 | req.body | user-provided value | +| socketio.js:11:12:11:53 | `INSERT ... andle}` | socketio.js:10:25:10:30 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` | This query string depends on a $@. | socketio.js:10:25:10:30 | handle | user-provided value | +| tst2.js:9:27:9:84 | "select ... d + "'" | tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | This query string depends on a $@. | tst2.js:9:66:9:78 | req.params.id | user-provided value | +| tst3.js:9:14:9:19 | query1 | tst3.js:8:16:8:34 | req.params.category | tst3.js:9:14:9:19 | query1 | This query string depends on a $@. | tst3.js:8:16:8:34 | req.params.category | user-provided value | +| tst4.js:8:10:8:66 | 'SELECT ... d + '"' | tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | This query string depends on a $@. | tst4.js:8:46:8:60 | $routeParams.id | user-provided value | +| tst.js:10:10:10:64 | 'SELECT ... d + '"' | tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | This query string depends on a $@. | tst.js:10:46:10:58 | req.params.id | user-provided value | From fe26aca238ad02cd26198bca998a68066e581d94 Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Wed, 31 May 2023 08:54:24 +0200 Subject: [PATCH 730/870] Remove non-ASCII character --- .../code/java/frameworks/google/GsonSerializability.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll b/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll index dba25be7b22..1e41ad0c458 100644 --- a/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll +++ b/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll @@ -27,8 +27,8 @@ private class ExplicitlyReadGsonDeserializableType extends GsonDeserializableTyp ma.getMethod() instanceof GsonReadValueMethod and // ...where `this` is used in the final argument, indicating that this type will be deserialized. // TODO: find a way to get the type represented by java.lang.reflect.Type and com.google.gson.reflect.TypeToken - // fromJson​(String json, TypeToken<T> typeOfT) - // fromJson​(String json, Type typeOfT) + // fromJson(String json, TypeToken<T> typeOfT) + // fromJson(String json, Type typeOfT) usesType(ma.getArgument(1).getType(), this) and not this instanceof TypeClass and not this instanceof TypeObject From e24b45b4233724e6756057f87c04593bed583c5f Mon Sep 17 00:00:00 2001 From: erik-krogh <erik-krogh@github.com> Date: Wed, 31 May 2023 09:57:38 +0200 Subject: [PATCH 731/870] elaborate on both SQL and NoSQL injection in the js/sql-injection qhelp --- .../Security/CWE-089/SqlInjection.inc.qhelp | 48 ++++++++++++++----- .../CWE-089/examples/NoSqlInjection.js | 18 +++++++ .../CWE-089/examples/NoSqlInjectionFix.js | 21 ++++++++ .../Security/CWE-089/examples/SqlInjection.js | 7 --- .../CWE-089/examples/SqlInjectionFix.js | 12 +++++ 5 files changed, 86 insertions(+), 20 deletions(-) create mode 100644 javascript/ql/src/Security/CWE-089/examples/NoSqlInjection.js create mode 100644 javascript/ql/src/Security/CWE-089/examples/NoSqlInjectionFix.js create mode 100644 javascript/ql/src/Security/CWE-089/examples/SqlInjectionFix.js diff --git a/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp b/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp index 8cdc2419d47..1d99428b718 100644 --- a/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp +++ b/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp @@ -20,7 +20,13 @@ or prepared statements. <p> For NoSQL queries, make use of an operator like MongoDB's <code>$eq</code> to ensure that untrusted data is interpreted as a literal value and not as -a query object. +a query object. Alternatively, check that the untrusted data is a literal +value and not a query object before using it in a query. +</p> +<p> +For SQL queries, use query parameters or prepared statements to +embed untrusted data into the query string, or use a library like +<code>sqlstring</code> to escape untrusted data. </p> </recommendation> @@ -32,31 +38,47 @@ an HTTP request handler in a web application, whose parameter </p> <p> -The handler constructs two copies of the same SQL query involving -user input taken from the request object, once unsafely using -string concatenation, and once safely using query parameters. +The handler constructs constructs an SQL query string from user input +and executes it as a database query using the <code>pg</code> library. +THe user input may contain quote characters, so this code is vulnerable +to a SQL injection attack. </p> -<p> -In the first case, the query string <code>query1</code> is built by -directly concatenating a user-supplied request parameter with some -string literals. The parameter may include quote characters, so this -code is vulnerable to a SQL injection attack. -</p> +<sample src="examples/SqlInjection.js" /> <p> -In the second case, the parameter is embedded into the query string -<code>query2</code> using query parameters. In this example, we use +To fix this vulnerability, we can use query parameters to embed the +user input into the query string. In this example, we use the API offered by the <code>pg</code> Postgres database connector library, but other libraries offer similar features. This version is immune to injection attacks. </p> -<sample src="examples/SqlInjection.js" /> +<sample src="examples/SqlInjectionFix.js" /> +</example> + +<example> +<p> +In the following example an express handler attempts to delete +a single document from a MongoDB collection. The document to be +deleted is identified by its <code>_id</code> field, which is +constructed from user input. The user input may contain a query +object, so this code is vulnerable to a NoSQL injection attack. +</p> + +<sample src="examples/NoSqlInjection.js" /> + +<p> +To fix this vulnerability, we can check that the user input is a +literal value and not a query object before using it in a query. +</p> + +<sample src="examples/NoSqlInjectionFix.js" /> </example> <references> <li>Wikipedia: <a href="https://en.wikipedia.org/wiki/SQL_injection">SQL injection</a>.</li> <li>MongoDB: <a href="https://docs.mongodb.com/manual/reference/operator/query/eq">$eq operator</a>.</li> +<li>OWASP: <a href="https://owasp.org/www-pdf-archive/GOD16-NOSQL.pdf">NoSQL injection</a>.</li> </references> </qhelp> diff --git a/javascript/ql/src/Security/CWE-089/examples/NoSqlInjection.js b/javascript/ql/src/Security/CWE-089/examples/NoSqlInjection.js new file mode 100644 index 00000000000..8af7550aee4 --- /dev/null +++ b/javascript/ql/src/Security/CWE-089/examples/NoSqlInjection.js @@ -0,0 +1,18 @@ +const express = require("express"); +const mongoose = require("mongoose"); +const Todo = mongoose.model( + "Todo", + new mongoose.Schema({ text: { type: String } }, { timestamps: true }) +); + +const app = express(); +app.use(express.json()); +app.use(express.urlencoded({ extended: false })); + +app.delete("/api/delete", async (req, res) => { + let id = req.body.id; + + await Todo.deleteOne({ _id: id }); // BAD: id might be an object with special properties + + res.json({ status: "ok" }); +}); diff --git a/javascript/ql/src/Security/CWE-089/examples/NoSqlInjectionFix.js b/javascript/ql/src/Security/CWE-089/examples/NoSqlInjectionFix.js new file mode 100644 index 00000000000..fe982168be1 --- /dev/null +++ b/javascript/ql/src/Security/CWE-089/examples/NoSqlInjectionFix.js @@ -0,0 +1,21 @@ +const express = require("express"); +const mongoose = require("mongoose"); +const Todo = mongoose.model( + "Todo", + new mongoose.Schema({ text: { type: String } }, { timestamps: true }) +); + +const app = express(); +app.use(express.json()); +app.use(express.urlencoded({ extended: false })); + +app.delete("/api/delete", async (req, res) => { + let id = req.body.id; + if (typeof id !== "string") { + res.status(400).json({ status: "error" }); + return; + } + await Todo.deleteOne({ _id: id }); // GOOD: id is guaranteed to be a string + + res.json({ status: "ok" }); +}); diff --git a/javascript/ql/src/Security/CWE-089/examples/SqlInjection.js b/javascript/ql/src/Security/CWE-089/examples/SqlInjection.js index 113a034219c..9c9197e6f58 100644 --- a/javascript/ql/src/Security/CWE-089/examples/SqlInjection.js +++ b/javascript/ql/src/Security/CWE-089/examples/SqlInjection.js @@ -11,11 +11,4 @@ app.get("search", function handler(req, res) { pool.query(query1, [], function(err, results) { // process results }); - - // GOOD: use parameters - var query2 = - "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1" + " ORDER BY PRICE"; - pool.query(query2, [req.params.category], function(err, results) { - // process results - }); }); diff --git a/javascript/ql/src/Security/CWE-089/examples/SqlInjectionFix.js b/javascript/ql/src/Security/CWE-089/examples/SqlInjectionFix.js new file mode 100644 index 00000000000..4391b83e391 --- /dev/null +++ b/javascript/ql/src/Security/CWE-089/examples/SqlInjectionFix.js @@ -0,0 +1,12 @@ +const app = require("express")(), + pg = require("pg"), + pool = new pg.Pool(config); + +app.get("search", function handler(req, res) { + // GOOD: use parameters + var query2 = + "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1" + " ORDER BY PRICE"; + pool.query(query2, [req.params.category], function(err, results) { + // process results + }); +}); From a9811fe2c3c2fec4968f69e4a21ffa93ff213b6b Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 31 May 2023 10:51:42 +0100 Subject: [PATCH 732/870] Swift: Make Macro.getName() more efficient. --- cpp/ql/lib/semmle/code/cpp/Macro.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/lib/semmle/code/cpp/Macro.qll b/cpp/ql/lib/semmle/code/cpp/Macro.qll index 4378cec4857..bd916d4bc4e 100644 --- a/cpp/ql/lib/semmle/code/cpp/Macro.qll +++ b/cpp/ql/lib/semmle/code/cpp/Macro.qll @@ -34,7 +34,7 @@ class Macro extends PreprocessorDirective, @ppd_define { * Gets the name of the macro. For example, `MAX` in * `#define MAX(x,y) (((x)>(y))?(x):(y))`. */ - string getName() { result = this.getHead().splitAt("(", 0) } + string getName() { result = this.getHead().regexpCapture("([^(]*+).*", 1) } /** Holds if the macro has name `name`. */ predicate hasName(string name) { this.getName() = name } From ace7b6b7116bf5dea1cfcd3bc6cef3ca65feb83b Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Wed, 31 May 2023 11:49:00 +0200 Subject: [PATCH 733/870] C++: Add `cpp/invalid-pointer-deref` FP test case --- .../pointer-deref/InvalidPointerDeref.expected | 17 +++++++++++++++++ .../Security/CWE/CWE-193/pointer-deref/test.cpp | 14 ++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected index 6b4d039ee6b..09c75e7369c 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected @@ -723,6 +723,15 @@ edges | test.cpp:359:16:359:27 | end_plus_one | test.cpp:358:14:358:26 | Load: * ... | | test.cpp:359:16:359:27 | end_plus_one | test.cpp:359:14:359:32 | Load: * ... | | test.cpp:359:16:359:31 | ... + ... | test.cpp:359:14:359:32 | Load: * ... | +| test.cpp:363:14:363:27 | new[] | test.cpp:365:15:365:15 | p | +| test.cpp:365:15:365:15 | p | test.cpp:368:5:368:10 | ... += ... | +| test.cpp:365:15:365:15 | p | test.cpp:368:5:368:10 | ... += ... | +| test.cpp:368:5:368:10 | ... += ... | test.cpp:371:7:371:7 | p | +| test.cpp:368:5:368:10 | ... += ... | test.cpp:371:7:371:7 | p | +| test.cpp:368:5:368:10 | ... += ... | test.cpp:372:16:372:16 | p | +| test.cpp:368:5:368:10 | ... += ... | test.cpp:372:16:372:16 | p | +| test.cpp:371:7:371:7 | p | test.cpp:372:15:372:16 | Load: * ... | +| test.cpp:372:16:372:16 | p | test.cpp:372:15:372:16 | Load: * ... | nodes | test.cpp:4:15:4:20 | call to malloc | semmle.label | call to malloc | | test.cpp:5:15:5:15 | p | semmle.label | p | @@ -1050,6 +1059,13 @@ nodes | test.cpp:359:14:359:32 | Load: * ... | semmle.label | Load: * ... | | test.cpp:359:16:359:27 | end_plus_one | semmle.label | end_plus_one | | test.cpp:359:16:359:31 | ... + ... | semmle.label | ... + ... | +| test.cpp:363:14:363:27 | new[] | semmle.label | new[] | +| test.cpp:365:15:365:15 | p | semmle.label | p | +| test.cpp:368:5:368:10 | ... += ... | semmle.label | ... += ... | +| test.cpp:368:5:368:10 | ... += ... | semmle.label | ... += ... | +| test.cpp:371:7:371:7 | p | semmle.label | p | +| test.cpp:372:15:372:16 | Load: * ... | semmle.label | Load: * ... | +| test.cpp:372:16:372:16 | p | semmle.label | p | subpaths #select | test.cpp:6:14:6:15 | Load: * ... | test.cpp:4:15:4:20 | call to malloc | test.cpp:6:14:6:15 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:4:15:4:20 | call to malloc | call to malloc | test.cpp:5:19:5:22 | size | size | @@ -1077,3 +1093,4 @@ subpaths | test.cpp:350:15:350:19 | Load: * ... | test.cpp:347:14:347:27 | new[] | test.cpp:350:15:350:19 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:347:14:347:27 | new[] | new[] | test.cpp:348:20:348:23 | size | size | | test.cpp:358:14:358:26 | Load: * ... | test.cpp:355:14:355:27 | new[] | test.cpp:358:14:358:26 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:355:14:355:27 | new[] | new[] | test.cpp:356:20:356:23 | size | size | | test.cpp:359:14:359:32 | Load: * ... | test.cpp:355:14:355:27 | new[] | test.cpp:359:14:359:32 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 2. | test.cpp:355:14:355:27 | new[] | new[] | test.cpp:356:20:356:23 | size | size | +| test.cpp:372:15:372:16 | Load: * ... | test.cpp:363:14:363:27 | new[] | test.cpp:372:15:372:16 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:363:14:363:27 | new[] | new[] | test.cpp:365:19:365:22 | size | size | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp index 3dfd8b89097..3711f272e76 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp @@ -358,3 +358,17 @@ void test25(unsigned size) { int val1 = *end_plus_one; // BAD int val2 = *(end_plus_one + 1); // BAD } + +void test26(unsigned size) { + char *xs = new char[size]; + char *p = xs; + char *end = p + size; + + if (p + 4 <= end) { + p += 4; + } + + if (p < end) { + int val = *p; // GOOD [FALSE POSITIVE] + } +} From 5981ce4cb1499480ba59a203dda82094c51aac49 Mon Sep 17 00:00:00 2001 From: Arthur Baars <aibaars@github.com> Date: Wed, 31 May 2023 12:15:21 +0200 Subject: [PATCH 734/870] Swift: accept test output from failed CFG consistency queries --- .../decl/enumdecl/CONSISTENCY/CfgConsistency.expected | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 swift/ql/test/library-tests/elements/decl/enumdecl/CONSISTENCY/CfgConsistency.expected diff --git a/swift/ql/test/library-tests/elements/decl/enumdecl/CONSISTENCY/CfgConsistency.expected b/swift/ql/test/library-tests/elements/decl/enumdecl/CONSISTENCY/CfgConsistency.expected new file mode 100644 index 00000000000..4de95c00602 --- /dev/null +++ b/swift/ql/test/library-tests/elements/decl/enumdecl/CONSISTENCY/CfgConsistency.expected @@ -0,0 +1,10 @@ +deadEnd +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | +| file://:0:0:0:0 | ... = ... | From 282ee08ba9cf62db0b9fd911699bbedf4096ccb4 Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Wed, 31 May 2023 13:26:35 +0200 Subject: [PATCH 735/870] Java: Fix GsonDeserializableField --- .../semmle/code/java/frameworks/google/GsonSerializability.qll | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll b/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll index 1e41ad0c458..f7de80daaf4 100644 --- a/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll +++ b/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll @@ -50,8 +50,7 @@ private class GsonDeserializableField extends DeserializableField { exists(GsonDeserializableType superType | superType = this.getDeclaringType().getAnAncestor() and not superType instanceof TypeObject and - //superType.fromSource() - not superType.(RefType).getPackage().getName().matches("java%") + superType.fromSource() ) } } From daad2e1bd38756b3f6510f0939b6b0f4676d7707 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 31 May 2023 10:46:25 +0100 Subject: [PATCH 736/870] Swift: Use regexp for function name. --- swift/ql/lib/codeql/swift/elements/decl/Function.qll | 10 ++++++++++ swift/ql/lib/codeql/swift/security/SensitiveExprs.qll | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/swift/ql/lib/codeql/swift/elements/decl/Function.qll b/swift/ql/lib/codeql/swift/elements/decl/Function.qll index ad1fa957d94..7fc5b5b2155 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/Function.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/Function.qll @@ -6,6 +6,16 @@ private import codeql.swift.elements.decl.Method */ class Function extends Generated::Function, Callable { override string toString() { result = this.getName() } + + /** + * Gets the name of this function, without the argument list. For example + * a function with name `myFunction(arg:)` has short name `myFunction`. + */ + string getShortName() { + // match as many characters as possible that are not `(`. + // (`*+` is possessive matching) + result = this.getName().regexpCapture("([^(]*+).*", 1) + } } /** diff --git a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll index d750e673121..a991f8e2c37 100644 --- a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll +++ b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll @@ -102,7 +102,7 @@ private class SensitiveFunction extends Function { string name; // name of the function, not including the argument list. SensitiveFunction() { - name = this.getName().splitAt("(", 0) and + name = this.getShortName() and name.regexpMatch(sensitiveType.getRegexp()) } From caf250cc1b18bc4000b3a2dd8353664c61b33450 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 31 May 2023 12:54:42 +0100 Subject: [PATCH 737/870] Swift: Update the QLdoc on Callable. --- swift/ql/.generated.list | 4 ++-- swift/ql/lib/codeql/swift/generated/Callable.qll | 2 ++ swift/ql/lib/codeql/swift/generated/Raw.qll | 2 ++ swift/schema.py | 3 ++- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/swift/ql/.generated.list b/swift/ql/.generated.list index 53847acba54..523796c28ad 100644 --- a/swift/ql/.generated.list +++ b/swift/ql/.generated.list @@ -369,7 +369,7 @@ lib/codeql/swift/elements.qll 3df0060edd2b2030f4e4d7d5518afe0073d798474d9b1d6185 lib/codeql/swift/generated/AstNode.qll 02ca56d82801f942ae6265c6079d92ccafdf6b532f6bcebd98a04029ddf696e4 6216fda240e45bd4302fa0cf0f08f5f945418b144659264cdda84622b0420aa2 lib/codeql/swift/generated/AvailabilityInfo.qll c648a66cf45414c85cf9cc69aa05b765a49d0c18cd9c101c34f99a9adc38a1ee 54ba7b07b4177d35e85d19363aa7adcda29cda185a5818e5fcb7c678c093e0ba lib/codeql/swift/generated/AvailabilitySpec.qll fb1255f91bb5e41ad4e9c675a2efbc50d0fb366ea2de68ab7eebd177b0795309 144e0c2e7d6c62ecee43325f7f26dcf437881edf0b75cc1bc898c6c4b61fdeaf -lib/codeql/swift/generated/Callable.qll 9dcf09a2f227dd6f569f007a07fb368d6b928ffd002535bb97118361430d948c 5c203f5f6b4f8b6748e61e09bb46c55442a2fb36f2d1fa950e6f81bdda562709 +lib/codeql/swift/generated/Callable.qll aaa3a8fbf04cb1be4c99de917353dd3a56ce1bce97af745e4c922957b7480e44 1896c0fb1690aef99accdaba0fd906549f5a971d9f663945e4ca6d6e2a21e2e4 lib/codeql/swift/generated/Comment.qll f58b49f6e68c21f87c51e2ff84c8a64b09286d733e86f70d67d3a98fe6260bd6 975bbb599a2a7adc35179f6ae06d9cbc56ea8a03b972ef2ee87604834bc6deb1 lib/codeql/swift/generated/DbFile.qll a49b2a2cb2788cb49c861ebcd458b8daead7b15adb19c3a9f4db3bf39a0051fc a49b2a2cb2788cb49c861ebcd458b8daead7b15adb19c3a9f4db3bf39a0051fc lib/codeql/swift/generated/DbLocation.qll b9baea963d9fa82068986512c0649d1050897654eee3df51dba17cf6b1170873 b9baea963d9fa82068986512c0649d1050897654eee3df51dba17cf6b1170873 @@ -384,7 +384,7 @@ lib/codeql/swift/generated/OtherAvailabilitySpec.qll 0e26a203b26ff0581b7396b0c6d lib/codeql/swift/generated/ParentChild.qll 01b27b48a12955a45ea26d0f7888a160faac9fd5fb57a19e87365318e9b21a30 88090ef26a7ce63f4ba88fa735e2c8207fd1de00076532083d93a7a02553797e lib/codeql/swift/generated/PlatformVersionAvailabilitySpec.qll f82d9ca416fe8bd59b5531b65b1c74c9f317b3297a6101544a11339a1cffce38 7f5c6d3309e66c134107afe55bae76dfc9a72cb7cdd6d4c3706b6b34cee09fa0 lib/codeql/swift/generated/PureSynthConstructors.qll 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 -lib/codeql/swift/generated/Raw.qll 13cf09f9b2f628831b6b715448779366959a4c44b1b5ffc97397654fc8620486 03d60bdb6543d87a83ca50a3977c98c08d936d435981ae0b373f98ecde7a142b +lib/codeql/swift/generated/Raw.qll 5715979160eac96fe4b54b73cdb88958617b9e3d66928c61029a12fab1c25902 5dbaaf2e03512107fc6e533d1388b7e6c8104ec5bcc43781256d67750d841ce8 lib/codeql/swift/generated/Synth.qll 551fdf7e4b53f9ee1314d1bb42c2638cf82f45bfa1f40a635dfa7b6072e4418c 9ab178464700a19951fc5285acacda4913addee81515d8e072b3d7055935a814 lib/codeql/swift/generated/SynthConstructors.qll 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 lib/codeql/swift/generated/UnknownFile.qll 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 diff --git a/swift/ql/lib/codeql/swift/generated/Callable.qll b/swift/ql/lib/codeql/swift/generated/Callable.qll index db03af1dbd0..2cfcdeb5c11 100644 --- a/swift/ql/lib/codeql/swift/generated/Callable.qll +++ b/swift/ql/lib/codeql/swift/generated/Callable.qll @@ -10,6 +10,8 @@ module Generated { class Callable extends Synth::TCallable, Element { /** * Gets the name of this callable, if it exists. + * + * The name includes any arguments of the callable, for example `myFunction(arg:)`. */ string getName() { result = Synth::convertCallableToRaw(this).(Raw::Callable).getName() } diff --git a/swift/ql/lib/codeql/swift/generated/Raw.qll b/swift/ql/lib/codeql/swift/generated/Raw.qll index 8ebecc81a15..05e46d484b3 100644 --- a/swift/ql/lib/codeql/swift/generated/Raw.qll +++ b/swift/ql/lib/codeql/swift/generated/Raw.qll @@ -21,6 +21,8 @@ module Raw { class Callable extends @callable, Element { /** * Gets the name of this callable, if it exists. + * + * The name includes any arguments of the callable, for example `myFunction(arg:)`. */ string getName() { callable_names(this, result) } diff --git a/swift/schema.py b/swift/schema.py index ef2c357899f..0ca1e25a6a3 100644 --- a/swift/schema.py +++ b/swift/schema.py @@ -228,7 +228,8 @@ class ParamDecl(VarDecl): """) class Callable(Element): - name: optional[string] | doc("name of this callable") + name: optional[string] | doc("name of this callable") | desc("The name includes any arguments " + "of the callable, for example `myFunction(arg:)`.") self_param: optional[ParamDecl] | child params: list[ParamDecl] | child body: optional["BraceStmt"] | child | desc("The body is absent within protocol declarations.") From 43d6bf04b5c07a0fe8214bfa02b0383b09a6f703 Mon Sep 17 00:00:00 2001 From: Michael Nebel <michaelnebel@github.com> Date: Fri, 26 May 2023 11:32:12 +0200 Subject: [PATCH 738/870] C#: Make synthetic implicit casts when values are provided using the DefaultParameterValue attribute. --- .../Entities/Expression.cs | 5 ++ .../Entities/Expressions/ImplicitCast.cs | 74 +++++++++++++++---- .../SymbolExtensions.cs | 2 +- 3 files changed, 64 insertions(+), 17 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs index 698be2e2c35..a77c0b30095 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs @@ -211,6 +211,11 @@ namespace Semmle.Extraction.CSharp.Entities return Default.CreateGenerated(cx, parent, childIndex, location, ValueAsString(null)); } + if (type.SpecialType is SpecialType.None) + { + return ImplicitCast.CreateGenerated(cx, parent, childIndex, type, defaultValue, location); + } + if (type.SpecialType is SpecialType.System_DateTime) { return DateTimeObjectCreation.CreateGenerated(cx, parent, childIndex, type, defaultValue, location); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ImplicitCast.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ImplicitCast.cs index 2d617cdb1b9..20daedc0ae8 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ImplicitCast.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ImplicitCast.cs @@ -1,3 +1,4 @@ +using System.Linq; using Microsoft.CodeAnalysis; using Semmle.Extraction.Kinds; @@ -11,33 +12,74 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions private set; } - public ImplicitCast(ExpressionNodeInfo info) + private ImplicitCast(ExpressionNodeInfo info) : base(new ExpressionInfo(info.Context, info.ConvertedType, info.Location, ExprKind.CAST, info.Parent, info.Child, true, info.ExprValue)) { Expr = Factory.Create(new ExpressionNodeInfo(Context, info.Node, this, 0)); } - public ImplicitCast(ExpressionNodeInfo info, IMethodSymbol method) + private ImplicitCast(ExpressionNodeInfo info, IMethodSymbol method) : base(new ExpressionInfo(info.Context, info.ConvertedType, info.Location, ExprKind.OPERATOR_INVOCATION, info.Parent, info.Child, true, info.ExprValue)) { Expr = Factory.Create(info.SetParent(this, 0)); - var target = Method.Create(Context, method); - if (target is not null) - Context.TrapWriter.Writer.expr_call(this, target); - else - Context.ModelError(info.Node, "Failed to resolve target for operator invocation"); + AddOperatorCall(method); } - /// <summary> - /// Creates a new expression, adding casts as required. - /// </summary> - /// <param name="cx">The extraction context.</param> - /// <param name="node">The expression node.</param> - /// <param name="parent">The parent of the expression.</param> - /// <param name="child">The child number.</param> - /// <param name="type">A type hint.</param> - /// <returns>A new expression.</returns> + private ImplicitCast(ExpressionInfo info, IMethodSymbol method, object value) : base(info) + { + Expr = Literal.CreateGenerated(Context, this, 0, method.Parameters[0].Type, value, info.Location); + + AddOperatorCall(method); + } + + private void AddOperatorCall(IMethodSymbol method) + { + var target = Method.Create(Context, method); + Context.TrapWriter.Writer.expr_call(this, target); + } + + private static IMethodSymbol? GetImplicitConversionMethod(ITypeSymbol type, object value) => + type + .GetMembers() + .Where(m => + m is IMethodSymbol method && + method.GetName() == "op_Implicit" && + method.Parameters.Length == 1 && + method.Parameters[0].Type.Name == value.GetType().Name + ) + .Cast<IMethodSymbol>() + .FirstOrDefault(); + + // Creates a new generated expression with an implicit cast added, if needed. + public static Expression CreateGenerated(Context cx, IExpressionParentEntity parent, int childIndex, ITypeSymbol type, object value, + Extraction.Entities.Location location) + { + ExpressionInfo create(ExprKind kind, string? v) => + new ExpressionInfo( + cx, + AnnotatedTypeSymbol.CreateNotAnnotated(type), + location, + kind, + parent, + childIndex, + true, + v); + + var method = GetImplicitConversionMethod(type, value); + if (method is not null) + { + var info = create(ExprKind.OPERATOR_INVOCATION, null); + return new ImplicitCast(info, method, value); + } + else + { + cx.ModelError(location, "Failed to resolve target for implicit operator invocation for a parameter default."); + return new Expression(create(ExprKind.UNKNOWN, ValueAsString(value))); + } + } + + // Creates a new expression, adding casts as required. public static Expression Create(ExpressionNodeInfo info) { var resolvedType = info.ResolvedType; diff --git a/csharp/extractor/Semmle.Extraction.CSharp/SymbolExtensions.cs b/csharp/extractor/Semmle.Extraction.CSharp/SymbolExtensions.cs index cd182fe4640..aaef1702532 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/SymbolExtensions.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/SymbolExtensions.cs @@ -25,7 +25,7 @@ namespace Semmle.Extraction.CSharp Nullability = nullability; } - public static AnnotatedTypeSymbol? CreateNotAnnotated(ITypeSymbol symbol) => + public static AnnotatedTypeSymbol? CreateNotAnnotated(ITypeSymbol? symbol) => symbol is null ? (AnnotatedTypeSymbol?)null : new AnnotatedTypeSymbol(symbol, NullableAnnotation.None); } From 83a8e3bdbc1883f42ecc2a050d15315565c74824 Mon Sep 17 00:00:00 2001 From: Michael Nebel <michaelnebel@github.com> Date: Fri, 26 May 2023 11:32:34 +0200 Subject: [PATCH 739/870] C#: Add some more testcases. --- .../library-tests/parameters/Parameters.cs | 9 ++++++- .../library-tests/parameters/Parameters.cs_ | 9 ++++++- .../library-tests/parameters/Parameters.dll | Bin 6144 -> 6144 bytes .../parameters/Parameters.expected | 13 +++++++++++ .../library-tests/parameters/Parameters.ql | 22 +++++++++++++----- 5 files changed, 45 insertions(+), 8 deletions(-) diff --git a/csharp/ql/test/library-tests/parameters/Parameters.cs b/csharp/ql/test/library-tests/parameters/Parameters.cs index ebe17322bad..ee62454b404 100644 --- a/csharp/ql/test/library-tests/parameters/Parameters.cs +++ b/csharp/ql/test/library-tests/parameters/Parameters.cs @@ -25,7 +25,14 @@ public class Parameters public void M17([Optional, DefaultParameterValue(null)] object arg7) => throw null; public void M18([Optional, DefaultParameterValue(3)] int? arg8) => throw null; public void M19([Optional, DecimalConstant(1, 0, 0, 0, 103)] decimal arg9) => throw null; + public void M20([Optional, DefaultParameterValue(7)] MyStruct arg10) => throw null; + public void M21([Optional, DefaultParameterValue("mystring")] MyStruct arg10) => throw null; - public struct MyStruct { } + public struct MyStruct + { + public static implicit operator MyStruct(int i) => new MyStruct(); + public static implicit operator MyStruct(string s) => new MyStruct(); + + } public enum MyEnum { A = 1, B = 2 } } \ No newline at end of file diff --git a/csharp/ql/test/library-tests/parameters/Parameters.cs_ b/csharp/ql/test/library-tests/parameters/Parameters.cs_ index 8fce6f198c3..136e7262b98 100644 --- a/csharp/ql/test/library-tests/parameters/Parameters.cs_ +++ b/csharp/ql/test/library-tests/parameters/Parameters.cs_ @@ -25,7 +25,14 @@ public class ParametersDll public void M17([Optional, DefaultParameterValue(null)] object arg7) => throw null; public void M18([Optional, DefaultParameterValue(3)] int? arg8) => throw null; public void M19([Optional, DecimalConstant(1, 0, 0, 0, 103)] decimal arg9) => throw null; + public void M20([Optional, DefaultParameterValue(7)] MyStruct arg10) => throw null; + public void M21([Optional, DefaultParameterValue("mystring")] MyStruct arg10) => throw null; - public struct MyStruct { } + public struct MyStruct + { + public static implicit operator MyStruct(int i) => new MyStruct(); + public static implicit operator MyStruct(string s) => new MyStruct(); + + } public enum MyEnum { A = 1, B = 2 } } \ No newline at end of file diff --git a/csharp/ql/test/library-tests/parameters/Parameters.dll b/csharp/ql/test/library-tests/parameters/Parameters.dll index b40c91369cbf75bb1c1296e3a7652ad3a7abc331..3358306fc8976442d42361e9615275591f8a928d 100644 GIT binary patch delta 2032 zcmZ{ld2Ccg9LK*iZ})Y3uzg!>>9$*J*+MNy+XYDxIV?wE15H{BXoFzdl{AHxqa~0c z^2(tB6heJU#6S=#S|M_XTIC2B&{Q!o0Tl#8AgF(MVS-mQA%16=R5Wpt`ONS8o#XxH z&FtHbvW~K?8+<E!qGvjvjmU|mo%?2s8=eqF{-1{fGra<NuU99E<g|2etymq7mO__l zq=X-l0^qYWKzQ{|xmPWp@lHwGyDXDO0R77ZQaDZkp$y#0OyU%K=>PlP*RrrSVgu3D zzy`Lx7USAwtxby>+tgF5xtfn{bXF~9GImrvbyj>b+sCPwNa~5riyNp_p%f4Al-?XG zFEfvNFsqsqVa;b1-bO3W{Yf%G78}2bv6hYJrQ#4#Y^CE-W?&;Bj!PR)$PoRLLUEPm zcFip9&(QHrsJY$pFOJ`8DF%h&ZXI8Micf0hXqL*cE+@qGBQNS{K0WkJ#ww{j3Vef1 zQ8>7Uc576h8pCvzQrmRUz%@oO<_n^_qWdhKkl>cDa!3VxY^1QSo12<K6@l8hD=Ftv z4#W^Fv|b>4<aRRI+5y`>j2)QWu^+q0H^}OImC)1KQKl_W*QdIuTKiNt)!II#`kw1k zYBPIoD-6H^mvXO>_u&8&={Bm8Dhd0IdIWFtHXSgkktz*`jarUl2;wcH*5U(%&|}mV zoJSUp8ub#@0Gu#NP`TMSWn?;23FEX;Ww?YKd}!1}TtzNEGHNFKBKX9p1pD&vsZp&Q zHxTEHT8-~;H$FFN6K)_M7meD6KTzP}vXQB{g+aJtRDY@{uH9Dpbr<3Xt+oXYTRu?; zUjbN@N)hU63%o~4z6-#@3FA19avVoFj-$r>+i~x-{)yFc!}ZV!dUB0kZm@RBwG$_O zm_z!pfD|}p{g?M>e~jh~UPOU;nl0LCS9I}|7M;3dr;h!GDv2-D^~NqM8Bt5{T-C)3 zlPM@B9mF*6*R0TtYu0GiY1WfA+R04pCUfyRnU5yYwXuecjR5XKIWmyRpGpAP7|Saa zMkV7s?HAAw@*9$%Q_MJn??;V{>3EdpIL!*}$2F@oYq&xHv(U_0b$ZNP&3aV0?3j<G z>}b+f3z@=Pm(zKYae(P9B{#z5<2PeHiZB%OWC>E?h!XTin9Rj!GKvav7+i8BHj@wF zMRF4MlGC+cOOE8)jdBtXuN>|qKCYa*QX*mE1dfY!+F7Tab?mt=y0p`!oh~(2p5}#p zN1Wzzhs1TphlC{*Pid~V79u8Jw$zwc7>}2QzBWwP2MYeQi{a})15fwPa)O_uq&tif z^lFvFuUCLom0TPovw1M8_3;OGkoSIy>Z*#Bp}w_|tQx@@i?KbDn*6>LP2SnmOT!i~ zc`V+tq`4{4v<&raZSz|in%mVpmJ9Dz_M8=~sy3W&TPb!Vukp^L75jZjA{6m{OsmQC zsjQq99!(pTp_RwA2#wyjehV`E`GSM^sSQN}nnCZiey{rc{L*>TgDbq=;Dce#9r0D- z97I($_s>%VCYP`}-oW%MyO&|F<Bdrl<edL_{P*A949B-Gx-xb2mi<S)=JXXM#@zU& zF}c)3zb`J@HzntrW4~0Ub`LOr%Ul()QZMA>$Y`lI-1+rLFyl{4PM&ZilyyUNmL>fS D+qg<0 delta 1875 zcmZ{leN2^A9LK-sdG5Vjke3IpAaCjg3_{_Kmxu~;A`y|Yfe6CT3egb*ti&Q6aW7tH zI4Py4Kbp=NVJ%-G8Eh4;rDIucHd!w#r?wWkx#ia8YAf4X-}B>vwzi(_e9rIt{hf2} zdCob{xuJqk!I42%?^yen!$avtV_^7nqcUx!a@?+bV3VC;<k`(C$Ji2U?^FFLr2)wE z7-_(bpZ$P88c=p!e5qY)9E!{|?zMm@thCe36~Re2kk!vN9^kCWxPJGpj-Bm2dXUSJ zfQxljLp^2~vm3Ii8mb>*{Uh~SgL+-pGux>3L#Z|&2O^Uw?y6$2Rt%F_ye#|)q_AYL z=&@3PAeJ-Gjphpn0p}qa_`%S=?s`k*nI0T4G?P_|8HWvQ=0SrRGd$=v6#a3fxl?#Z z=oNpB#5bY)9yNYp`;eGY(Rh)dA%xG-ACrDcaQ;TO{FH{nTAPwI6IPLxwr7QRM@ zS+bz=I9;vunpoJxF-jP7HK}GKXL5H`kP9)xHswrt5XIyhe5*>TROnZ~!`xO;*=RBM zA{(cSe)3Oa03OdM2GAHfj{W2bvevIBbRgNsX)81@s6nb-3+ffBeU1wHOr3mfA*tWy ztvQ8A*i>&jDx1oMcOCTrRRqpB>Tw+9i5hcMGgUOk9rZNcL@Xv9wHv1qj}IIb3gSba zk|{?HQ7yqIj#5;~IPWMf77x#~qcZU+SLmXn?!#wD!zD*O%3L}wJF0=XrMTj#?QFLU zUpeYo1h4P_e(T6Sd;>qechn$m@T6XwQ?jI)(7SzxH1Hm2;(f=lEbUm9b}UP``G4o% zEJxGlUpFn3&J{A;5^-|HDI;B|A>G(QDx5I?%T)36gll-76l#S}iqk3V6^6w>%#HP# zire5bgB~ub&x}GYX>l5w4+_hL)xtVqv#^!)U=Nvy5i$*@NIyEn9}s%67)3}xB3ARu zPev(EKnf4Jms_Fz4EnLS2TufP<x(UdUz!$5Tq1l}ST26Gutr$NA-rfnJ9{-to2|lD z$?iZG{SI-u$tX_sIXW*%c7WL&tVE#^z#_~d7=RDA5#X^{qyosoVsaHWlErw6EJG(* zffvd3;@6YK9PlBd0xg_M1%ILlZ4$RRaT^Y*usC6H!pxsjqvDK;GfL+>H627I{#Mf* zF05u5hn1-`&kOgPop2c^$#`Rhs|U+?8}L%#hvy2-MHJ36!h0iPUa-!^l&A>aD_$1; zq;bRab-Yw+7tdbY2+wk*&eaqauuOaudBL#zqOUG*?djRky{&7H&heSt*gX`!c(7_} z`wO>H{>b~>4#ni!V=;AhVr++fB=#M9b=>oAx4u2>b8+QGKV`M@nyIPfgn2IkP5iHF ziqiwlJ^C$tEIBOKnY$imXIq(8e(27H!+n2MANzP}Z`F;fFWXI4Z_&JY%`rK4%=(FA zuim_W?dA<<XIoY|e|dW3N*()$Gm?zbfSnTmyX{Z9JrSF5*EE{eOvESss)h?9{s9Te B9@YQ= diff --git a/csharp/ql/test/library-tests/parameters/Parameters.expected b/csharp/ql/test/library-tests/parameters/Parameters.expected index 4ac08438d3a..820ec37b9ab 100644 --- a/csharp/ql/test/library-tests/parameters/Parameters.expected +++ b/csharp/ql/test/library-tests/parameters/Parameters.expected @@ -5,12 +5,16 @@ noDefaultValue | Parameters.cs:8:17:8:18 | M2 | Parameters.cs:8:24:8:24 | a | 0 | | Parameters.cs:12:17:12:18 | M6 | Parameters.cs:12:29:12:30 | s1 | 0 | | Parameters.cs:13:17:13:18 | M7 | Parameters.cs:13:27:13:28 | e1 | 0 | +| Parameters.cs:33:32:33:39 | implicit conversion | Parameters.cs:33:54:33:54 | i | 0 | +| Parameters.cs:34:32:34:39 | implicit conversion | Parameters.cs:34:57:34:57 | s | 0 | | Parameters.dll:0:0:0:0 | M1 | Parameters.dll:0:0:0:0 | a | 0 | | Parameters.dll:0:0:0:0 | M1 | Parameters.dll:0:0:0:0 | b | 1 | | Parameters.dll:0:0:0:0 | M1 | Parameters.dll:0:0:0:0 | c | 2 | | Parameters.dll:0:0:0:0 | M2 | Parameters.dll:0:0:0:0 | a | 0 | | Parameters.dll:0:0:0:0 | M6 | Parameters.dll:0:0:0:0 | s1 | 0 | | Parameters.dll:0:0:0:0 | M7 | Parameters.dll:0:0:0:0 | e1 | 0 | +| Parameters.dll:0:0:0:0 | implicit conversion | Parameters.dll:0:0:0:0 | i | 0 | +| Parameters.dll:0:0:0:0 | implicit conversion | Parameters.dll:0:0:0:0 | s | 0 | withDefaultValue | Parameters.cs:8:17:8:18 | M2 | Parameters.cs:8:34:8:34 | b | 1 | Parameters.cs:8:38:8:41 | null | null | | Parameters.cs:8:17:8:18 | M2 | Parameters.cs:8:51:8:51 | c | 2 | Parameters.cs:8:55:8:70 | "default string" | default string | @@ -39,6 +43,8 @@ withDefaultValue | Parameters.cs:25:17:25:19 | M17 | Parameters.cs:25:68:25:71 | arg7 | 0 | Parameters.cs:25:21:25:71 | default | null | | Parameters.cs:26:17:26:19 | M18 | Parameters.cs:26:63:26:66 | arg8 | 0 | Parameters.cs:26:21:26:66 | 3 | 3 | | Parameters.cs:27:17:27:19 | M19 | Parameters.cs:27:74:27:77 | arg9 | 0 | Parameters.cs:27:21:27:77 | 10.3 | 10.3 | +| Parameters.cs:28:17:28:19 | M20 | Parameters.cs:28:67:28:71 | arg10 | 0 | Parameters.cs:28:21:28:71 | call to operator implicit conversion | - | +| Parameters.cs:29:17:29:19 | M21 | Parameters.cs:29:76:29:80 | arg10 | 0 | Parameters.cs:29:21:29:80 | call to operator implicit conversion | - | | Parameters.dll:0:0:0:0 | M2 | Parameters.dll:0:0:0:0 | b | 1 | Parameters.dll:0:0:0:0 | default | null | | Parameters.dll:0:0:0:0 | M2 | Parameters.dll:0:0:0:0 | c | 2 | Parameters.dll:0:0:0:0 | "default string" | default string | | Parameters.dll:0:0:0:0 | M3 | Parameters.dll:0:0:0:0 | a | 0 | Parameters.dll:0:0:0:0 | 1 | 1 | @@ -66,8 +72,15 @@ withDefaultValue | Parameters.dll:0:0:0:0 | M17 | Parameters.dll:0:0:0:0 | arg7 | 0 | Parameters.dll:0:0:0:0 | default | null | | Parameters.dll:0:0:0:0 | M18 | Parameters.dll:0:0:0:0 | arg8 | 0 | Parameters.dll:0:0:0:0 | 3 | 3 | | Parameters.dll:0:0:0:0 | M19 | Parameters.dll:0:0:0:0 | arg9 | 0 | Parameters.dll:0:0:0:0 | 10.3 | 10.3 | +| Parameters.dll:0:0:0:0 | M20 | Parameters.dll:0:0:0:0 | arg10 | 0 | Parameters.dll:0:0:0:0 | call to operator implicit conversion | - | +| Parameters.dll:0:0:0:0 | M21 | Parameters.dll:0:0:0:0 | arg10 | 0 | Parameters.dll:0:0:0:0 | call to operator implicit conversion | - | dateTimeDefaults | Parameters.cs:22:17:22:19 | M14 | Parameters.cs:22:64:22:67 | arg4 | Parameters.cs:22:21:22:67 | object creation of type DateTime | DateTime(long) | 14 | | Parameters.cs:23:17:23:19 | M15 | Parameters.cs:23:68:23:71 | arg5 | Parameters.cs:23:21:23:71 | object creation of type DateTime | DateTime(long) | 10001 | | Parameters.dll:0:0:0:0 | M14 | Parameters.dll:0:0:0:0 | arg4 | Parameters.dll:0:0:0:0 | object creation of type DateTime | DateTime(long) | 14 | | Parameters.dll:0:0:0:0 | M15 | Parameters.dll:0:0:0:0 | arg5 | Parameters.dll:0:0:0:0 | object creation of type DateTime | DateTime(long) | 10001 | +implicitConversionDefaults +| Parameters.cs:28:17:28:19 | M20 | Parameters.cs:28:67:28:71 | arg10 | Parameters.cs:28:21:28:71 | call to operator implicit conversion | Parameters.cs:28:21:28:71 | 7 | Int32 | 7 | +| Parameters.cs:29:17:29:19 | M21 | Parameters.cs:29:76:29:80 | arg10 | Parameters.cs:29:21:29:80 | call to operator implicit conversion | Parameters.cs:29:21:29:80 | "mystring" | String | mystring | +| Parameters.dll:0:0:0:0 | M20 | Parameters.dll:0:0:0:0 | arg10 | Parameters.dll:0:0:0:0 | call to operator implicit conversion | Parameters.dll:0:0:0:0 | 7 | Int32 | 7 | +| Parameters.dll:0:0:0:0 | M21 | Parameters.dll:0:0:0:0 | arg10 | Parameters.dll:0:0:0:0 | call to operator implicit conversion | Parameters.dll:0:0:0:0 | "mystring" | String | mystring | diff --git a/csharp/ql/test/library-tests/parameters/Parameters.ql b/csharp/ql/test/library-tests/parameters/Parameters.ql index 09eadc693f0..209cdc12577 100644 --- a/csharp/ql/test/library-tests/parameters/Parameters.ql +++ b/csharp/ql/test/library-tests/parameters/Parameters.ql @@ -16,11 +16,15 @@ query predicate noDefaultValue(Parameterizable container, Parameter p, int i) { not compilerGeneratedAttribute(container) } -query predicate withDefaultValue(Parameterizable container, Parameter p, int i, Expr e, string value) { +private predicate defaultValue(Parameterizable container, Parameter p, int i, Expr e) { fromTestLocation(container) and p.hasDefaultValue() and container.getParameter(i) = p and - p.getDefaultValue() = e and + p.getDefaultValue() = e +} + +query predicate withDefaultValue(Parameterizable container, Parameter p, int i, Expr e, string value) { + defaultValue(container, p, i, e) and (if exists(e.getValue()) then value = e.getValue() else value = "-") and not compilerGeneratedAttribute(container) } @@ -28,11 +32,17 @@ query predicate withDefaultValue(Parameterizable container, Parameter p, int i, query predicate dateTimeDefaults( Parameterizable container, Parameter p, ObjectCreation o, string constructor, string value ) { - fromTestLocation(container) and - p.hasDefaultValue() and - container.getAParameter() = p and - p.getDefaultValue() = o and + defaultValue(container, p, _, o) and o.getTarget().toStringWithTypes() = constructor and o.getAnArgument().getValue() = value and not compilerGeneratedAttribute(container) } + +query predicate implicitConversionDefaults( + Parameterizable container, Parameter p, OperatorCall o, Expr e, string type, string value +) { + defaultValue(container, p, _, o) and + o.getAnArgument() = e and + type = e.getType().toString() and + value = e.getValue() +} From 7d801e05eefb3f5dab363934d4f1d1211d17d620 Mon Sep 17 00:00:00 2001 From: erik-krogh <erik-krogh@github.com> Date: Wed, 31 May 2023 13:08:20 +0200 Subject: [PATCH 740/870] add an example of using dollar eq --- .../Security/CWE-089/SqlInjection.inc.qhelp | 12 +++++++++-- .../CWE-089/examples/NoSqlInjectionFix.js | 8 ++----- .../CWE-089/examples/NoSqlInjectionFix2.js | 21 +++++++++++++++++++ 3 files changed, 33 insertions(+), 8 deletions(-) create mode 100644 javascript/ql/src/Security/CWE-089/examples/NoSqlInjectionFix2.js diff --git a/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp b/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp index 1d99428b718..a30569aaf2c 100644 --- a/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp +++ b/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp @@ -69,8 +69,16 @@ object, so this code is vulnerable to a NoSQL injection attack. <sample src="examples/NoSqlInjection.js" /> <p> -To fix this vulnerability, we can check that the user input is a -literal value and not a query object before using it in a query. +To fix this vulnerability we can use the <code>$eq</code> operator +to ensure that the user input is interpreted as a literal value +and not as a query object: +</p> + +<sample src="examples/NoSqlInjectionFix2.js" /> + +<p> +Alternatively check that the user input is a +literal value and not a query object before using it: </p> <sample src="examples/NoSqlInjectionFix.js" /> diff --git a/javascript/ql/src/Security/CWE-089/examples/NoSqlInjectionFix.js b/javascript/ql/src/Security/CWE-089/examples/NoSqlInjectionFix.js index fe982168be1..83f7c255618 100644 --- a/javascript/ql/src/Security/CWE-089/examples/NoSqlInjectionFix.js +++ b/javascript/ql/src/Security/CWE-089/examples/NoSqlInjectionFix.js @@ -11,11 +11,7 @@ app.use(express.urlencoded({ extended: false })); app.delete("/api/delete", async (req, res) => { let id = req.body.id; - if (typeof id !== "string") { - res.status(400).json({ status: "error" }); - return; - } - await Todo.deleteOne({ _id: id }); // GOOD: id is guaranteed to be a string + await Todo.deleteOne({ _id: { $eq: id } }); // GOOD: using $eq operator for the comparison res.json({ status: "ok" }); -}); +}); \ No newline at end of file diff --git a/javascript/ql/src/Security/CWE-089/examples/NoSqlInjectionFix2.js b/javascript/ql/src/Security/CWE-089/examples/NoSqlInjectionFix2.js new file mode 100644 index 00000000000..fe982168be1 --- /dev/null +++ b/javascript/ql/src/Security/CWE-089/examples/NoSqlInjectionFix2.js @@ -0,0 +1,21 @@ +const express = require("express"); +const mongoose = require("mongoose"); +const Todo = mongoose.model( + "Todo", + new mongoose.Schema({ text: { type: String } }, { timestamps: true }) +); + +const app = express(); +app.use(express.json()); +app.use(express.urlencoded({ extended: false })); + +app.delete("/api/delete", async (req, res) => { + let id = req.body.id; + if (typeof id !== "string") { + res.status(400).json({ status: "error" }); + return; + } + await Todo.deleteOne({ _id: id }); // GOOD: id is guaranteed to be a string + + res.json({ status: "ok" }); +}); From 98820780af90934baf54335aa428478c694c7496 Mon Sep 17 00:00:00 2001 From: erik-krogh <erik-krogh@github.com> Date: Wed, 31 May 2023 13:51:22 +0200 Subject: [PATCH 741/870] show how to use mysql.escape in the sql-injection qhelp --- .../src/Security/CWE-089/SqlInjection.inc.qhelp | 6 ++++++ .../Security/CWE-089/examples/SqlInjectionFix2.js | 15 +++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 javascript/ql/src/Security/CWE-089/examples/SqlInjectionFix2.js diff --git a/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp b/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp index a30569aaf2c..cdf090e6914 100644 --- a/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp +++ b/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp @@ -55,6 +55,12 @@ immune to injection attacks. </p> <sample src="examples/SqlInjectionFix.js" /> + +<p> +Alternatively, we can use a library like <code>sqlstring</code> to +escape the user input before embedding it into the query string: +</p> +<sample src="examples/SqlInjectionFix2.js" /> </example> <example> diff --git a/javascript/ql/src/Security/CWE-089/examples/SqlInjectionFix2.js b/javascript/ql/src/Security/CWE-089/examples/SqlInjectionFix2.js new file mode 100644 index 00000000000..843426cf732 --- /dev/null +++ b/javascript/ql/src/Security/CWE-089/examples/SqlInjectionFix2.js @@ -0,0 +1,15 @@ +const app = require("express")(), + pg = require("pg"), + SqlString = require('sqlstring'), + pool = new pg.Pool(config); + +app.get("search", function handler(req, res) { + // GOOD: the category is escaped using mysql.escape + var query1 = + "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='" + + SqlString.escape(req.params.category) + + "' ORDER BY PRICE"; + pool.query(query1, [], function(err, results) { + // process results + }); +}); From 1e081058637d99a48f6714be43d891742995ee5c Mon Sep 17 00:00:00 2001 From: erik-krogh <erik-krogh@github.com> Date: Wed, 31 May 2023 13:51:38 +0200 Subject: [PATCH 742/870] less duplicated headers in the sql-injection samples --- .../ql/src/Security/CWE-089/SqlInjection.inc.qhelp | 4 ++-- .../Security/CWE-089/examples/NoSqlInjectionFix.js | 11 ----------- .../Security/CWE-089/examples/NoSqlInjectionFix2.js | 11 ----------- 3 files changed, 2 insertions(+), 24 deletions(-) diff --git a/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp b/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp index cdf090e6914..cdda5100ba3 100644 --- a/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp +++ b/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp @@ -80,14 +80,14 @@ to ensure that the user input is interpreted as a literal value and not as a query object: </p> -<sample src="examples/NoSqlInjectionFix2.js" /> +<sample src="examples/NoSqlInjectionFix.js" /> <p> Alternatively check that the user input is a literal value and not a query object before using it: </p> -<sample src="examples/NoSqlInjectionFix.js" /> +<sample src="examples/NoSqlInjectionFix2.js" /> </example> <references> diff --git a/javascript/ql/src/Security/CWE-089/examples/NoSqlInjectionFix.js b/javascript/ql/src/Security/CWE-089/examples/NoSqlInjectionFix.js index 83f7c255618..b1a81344f46 100644 --- a/javascript/ql/src/Security/CWE-089/examples/NoSqlInjectionFix.js +++ b/javascript/ql/src/Security/CWE-089/examples/NoSqlInjectionFix.js @@ -1,14 +1,3 @@ -const express = require("express"); -const mongoose = require("mongoose"); -const Todo = mongoose.model( - "Todo", - new mongoose.Schema({ text: { type: String } }, { timestamps: true }) -); - -const app = express(); -app.use(express.json()); -app.use(express.urlencoded({ extended: false })); - app.delete("/api/delete", async (req, res) => { let id = req.body.id; await Todo.deleteOne({ _id: { $eq: id } }); // GOOD: using $eq operator for the comparison diff --git a/javascript/ql/src/Security/CWE-089/examples/NoSqlInjectionFix2.js b/javascript/ql/src/Security/CWE-089/examples/NoSqlInjectionFix2.js index fe982168be1..0063e73cdfd 100644 --- a/javascript/ql/src/Security/CWE-089/examples/NoSqlInjectionFix2.js +++ b/javascript/ql/src/Security/CWE-089/examples/NoSqlInjectionFix2.js @@ -1,14 +1,3 @@ -const express = require("express"); -const mongoose = require("mongoose"); -const Todo = mongoose.model( - "Todo", - new mongoose.Schema({ text: { type: String } }, { timestamps: true }) -); - -const app = express(); -app.use(express.json()); -app.use(express.urlencoded({ extended: false })); - app.delete("/api/delete", async (req, res) => { let id = req.body.id; if (typeof id !== "string") { From 52eb7aee5e8168e4fb95eda7f15f711dccf7d7d5 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen <mathiasvp@github.com> Date: Wed, 31 May 2023 11:26:09 -0700 Subject: [PATCH 743/870] Revert "Merge pull request #13207 from MathiasVP/use-equiv-class-in-getInstruction" This reverts commit 5bc844c4c643370d030edd1222e447c1d3954500, reversing changes made to b2fb2aa0d1f2d88acef53c6324caaa025c46f29e. --- .../ir/implementation/aliased_ssa/IRBlock.qll | 22 ++++--------------- .../cpp/ir/implementation/raw/IRBlock.qll | 22 ++++--------------- .../implementation/unaliased_ssa/IRBlock.qll | 22 ++++--------------- .../ir/implementation/raw/IRBlock.qll | 22 ++++--------------- .../implementation/unaliased_ssa/IRBlock.qll | 22 ++++--------------- 5 files changed, 20 insertions(+), 90 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll index 4de4279b54c..78008a6c69b 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll @@ -255,28 +255,14 @@ private module Cached { cached newtype TIRBlock = MkIRBlock(Instruction firstInstr) { startsBasicBlock(firstInstr) } - /** Gets the index of `i` in its `IRBlock`. */ - private int getMemberIndex(Instruction i) { - startsBasicBlock(i) and - result = 0 - or - exists(Instruction iPrev | - adjacentInBlock(iPrev, i) and - result = getMemberIndex(iPrev) + 1 - ) - } - - private module BlockAdjacency = QlBuiltins::EquivalenceRelation<Instruction, adjacentInBlock/2>; + /** Holds if `i` is the `index`th instruction the block starting with `first`. */ + private Instruction getInstructionFromFirst(Instruction first, int index) = + shortestDistances(startsBasicBlock/1, adjacentInBlock/2)(first, result, index) /** Holds if `i` is the `index`th instruction in `block`. */ cached Instruction getInstruction(TIRBlock block, int index) { - exists(Instruction first | block = MkIRBlock(first) | - first = result and index = 0 - or - index = getMemberIndex(result) and - BlockAdjacency::getEquivalenceClass(first) = BlockAdjacency::getEquivalenceClass(result) - ) + result = getInstructionFromFirst(getFirstInstruction(block), index) } cached diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll index 4de4279b54c..78008a6c69b 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll @@ -255,28 +255,14 @@ private module Cached { cached newtype TIRBlock = MkIRBlock(Instruction firstInstr) { startsBasicBlock(firstInstr) } - /** Gets the index of `i` in its `IRBlock`. */ - private int getMemberIndex(Instruction i) { - startsBasicBlock(i) and - result = 0 - or - exists(Instruction iPrev | - adjacentInBlock(iPrev, i) and - result = getMemberIndex(iPrev) + 1 - ) - } - - private module BlockAdjacency = QlBuiltins::EquivalenceRelation<Instruction, adjacentInBlock/2>; + /** Holds if `i` is the `index`th instruction the block starting with `first`. */ + private Instruction getInstructionFromFirst(Instruction first, int index) = + shortestDistances(startsBasicBlock/1, adjacentInBlock/2)(first, result, index) /** Holds if `i` is the `index`th instruction in `block`. */ cached Instruction getInstruction(TIRBlock block, int index) { - exists(Instruction first | block = MkIRBlock(first) | - first = result and index = 0 - or - index = getMemberIndex(result) and - BlockAdjacency::getEquivalenceClass(first) = BlockAdjacency::getEquivalenceClass(result) - ) + result = getInstructionFromFirst(getFirstInstruction(block), index) } cached diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll index 4de4279b54c..78008a6c69b 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll @@ -255,28 +255,14 @@ private module Cached { cached newtype TIRBlock = MkIRBlock(Instruction firstInstr) { startsBasicBlock(firstInstr) } - /** Gets the index of `i` in its `IRBlock`. */ - private int getMemberIndex(Instruction i) { - startsBasicBlock(i) and - result = 0 - or - exists(Instruction iPrev | - adjacentInBlock(iPrev, i) and - result = getMemberIndex(iPrev) + 1 - ) - } - - private module BlockAdjacency = QlBuiltins::EquivalenceRelation<Instruction, adjacentInBlock/2>; + /** Holds if `i` is the `index`th instruction the block starting with `first`. */ + private Instruction getInstructionFromFirst(Instruction first, int index) = + shortestDistances(startsBasicBlock/1, adjacentInBlock/2)(first, result, index) /** Holds if `i` is the `index`th instruction in `block`. */ cached Instruction getInstruction(TIRBlock block, int index) { - exists(Instruction first | block = MkIRBlock(first) | - first = result and index = 0 - or - index = getMemberIndex(result) and - BlockAdjacency::getEquivalenceClass(first) = BlockAdjacency::getEquivalenceClass(result) - ) + result = getInstructionFromFirst(getFirstInstruction(block), index) } cached diff --git a/csharp/ql/src/experimental/ir/implementation/raw/IRBlock.qll b/csharp/ql/src/experimental/ir/implementation/raw/IRBlock.qll index 4de4279b54c..78008a6c69b 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/IRBlock.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/IRBlock.qll @@ -255,28 +255,14 @@ private module Cached { cached newtype TIRBlock = MkIRBlock(Instruction firstInstr) { startsBasicBlock(firstInstr) } - /** Gets the index of `i` in its `IRBlock`. */ - private int getMemberIndex(Instruction i) { - startsBasicBlock(i) and - result = 0 - or - exists(Instruction iPrev | - adjacentInBlock(iPrev, i) and - result = getMemberIndex(iPrev) + 1 - ) - } - - private module BlockAdjacency = QlBuiltins::EquivalenceRelation<Instruction, adjacentInBlock/2>; + /** Holds if `i` is the `index`th instruction the block starting with `first`. */ + private Instruction getInstructionFromFirst(Instruction first, int index) = + shortestDistances(startsBasicBlock/1, adjacentInBlock/2)(first, result, index) /** Holds if `i` is the `index`th instruction in `block`. */ cached Instruction getInstruction(TIRBlock block, int index) { - exists(Instruction first | block = MkIRBlock(first) | - first = result and index = 0 - or - index = getMemberIndex(result) and - BlockAdjacency::getEquivalenceClass(first) = BlockAdjacency::getEquivalenceClass(result) - ) + result = getInstructionFromFirst(getFirstInstruction(block), index) } cached diff --git a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRBlock.qll b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRBlock.qll index 4de4279b54c..78008a6c69b 100644 --- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRBlock.qll +++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRBlock.qll @@ -255,28 +255,14 @@ private module Cached { cached newtype TIRBlock = MkIRBlock(Instruction firstInstr) { startsBasicBlock(firstInstr) } - /** Gets the index of `i` in its `IRBlock`. */ - private int getMemberIndex(Instruction i) { - startsBasicBlock(i) and - result = 0 - or - exists(Instruction iPrev | - adjacentInBlock(iPrev, i) and - result = getMemberIndex(iPrev) + 1 - ) - } - - private module BlockAdjacency = QlBuiltins::EquivalenceRelation<Instruction, adjacentInBlock/2>; + /** Holds if `i` is the `index`th instruction the block starting with `first`. */ + private Instruction getInstructionFromFirst(Instruction first, int index) = + shortestDistances(startsBasicBlock/1, adjacentInBlock/2)(first, result, index) /** Holds if `i` is the `index`th instruction in `block`. */ cached Instruction getInstruction(TIRBlock block, int index) { - exists(Instruction first | block = MkIRBlock(first) | - first = result and index = 0 - or - index = getMemberIndex(result) and - BlockAdjacency::getEquivalenceClass(first) = BlockAdjacency::getEquivalenceClass(result) - ) + result = getInstructionFromFirst(getFirstInstruction(block), index) } cached From 0090429d5355797070c0839f854cda33dcce1fe1 Mon Sep 17 00:00:00 2001 From: Ian Lynagh <igfoo@github.com> Date: Wed, 24 May 2023 13:32:52 +0100 Subject: [PATCH 744/870] Kotlin: Support 1.9.0 --- docs/codeql/reusables/supported-versions-compilers.rst | 2 +- java/kotlin-extractor/kotlin_plugin_versions.py | 2 +- .../src/main/kotlin/KotlinFileExtractor.kt | 7 +++++-- java/ql/lib/change-notes/2023-05-24-kotlin-1.9.0.md | 4 ++++ 4 files changed, 11 insertions(+), 4 deletions(-) create mode 100644 java/ql/lib/change-notes/2023-05-24-kotlin-1.9.0.md diff --git a/docs/codeql/reusables/supported-versions-compilers.rst b/docs/codeql/reusables/supported-versions-compilers.rst index 93b826a94dd..da873041fb9 100644 --- a/docs/codeql/reusables/supported-versions-compilers.rst +++ b/docs/codeql/reusables/supported-versions-compilers.rst @@ -20,7 +20,7 @@ Java,"Java 7 to 20 [4]_","javac (OpenJDK and Oracle JDK), Eclipse compiler for Java (ECJ) [5]_",``.java`` - Kotlin [6]_,"Kotlin 1.5.0 to 1.8.20","kotlinc",``.kt`` + Kotlin [6]_,"Kotlin 1.5.0 to 1.9.0","kotlinc",``.kt`` JavaScript,ECMAScript 2022 or lower,Not applicable,"``.js``, ``.jsx``, ``.mjs``, ``.es``, ``.es6``, ``.htm``, ``.html``, ``.xhtm``, ``.xhtml``, ``.vue``, ``.hbs``, ``.ejs``, ``.njk``, ``.json``, ``.yaml``, ``.yml``, ``.raml``, ``.xml`` [7]_" Python [8]_,"2.7, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, 3.11",Not applicable,``.py`` Ruby [9]_,"up to 3.2",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``" diff --git a/java/kotlin-extractor/kotlin_plugin_versions.py b/java/kotlin-extractor/kotlin_plugin_versions.py index 4583551e12d..c5d9e433613 100755 --- a/java/kotlin-extractor/kotlin_plugin_versions.py +++ b/java/kotlin-extractor/kotlin_plugin_versions.py @@ -25,7 +25,7 @@ def version_string_to_tuple(version): ci_version = '1.8.10' # Version numbers in the list need to be in semantically increasing order -many_versions = [ '1.4.32', '1.5.0', '1.5.10', '1.5.20', '1.5.30', '1.6.0', '1.6.20', '1.7.0', '1.7.20', '1.8.0' ] +many_versions = [ '1.4.32', '1.5.0', '1.5.10', '1.5.20', '1.5.30', '1.6.0', '1.6.20', '1.7.0', '1.7.20', '1.8.0', '1.9.0-Beta' ] many_versions_tuples = [version_string_to_tuple(v) for v in many_versions] diff --git a/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt b/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt index b93bfa369f5..a3bc20d9eda 100644 --- a/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt +++ b/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt @@ -366,7 +366,10 @@ open class KotlinFileExtractor( val typeArgs = removeOuterClassTypeArgs(c, argsIncludingOuterClasses) if (typeArgs != null) { - for ((idx, arg) in typeArgs.withIndex()) { + // From 1.9, the list might change when we call erase, + // so we make a copy that it is safe to iterate over. + val typeArgsCopy = typeArgs.toList() + for ((idx, arg) in typeArgsCopy.withIndex()) { val argId = getTypeArgumentLabel(arg).id tw.writeTypeArgs(argId, idx, id) } @@ -5531,7 +5534,7 @@ open class KotlinFileExtractor( return } - val typeOwner = e.typeOperandClassifier.owner + val typeOwner = e.typeOperand.classifierOrFail.owner if (typeOwner !is IrClass) { logger.errorElement("Expected to find SAM conversion to IrClass. Found '${typeOwner.javaClass}' instead. Can't implement SAM interface.", e) return diff --git a/java/ql/lib/change-notes/2023-05-24-kotlin-1.9.0.md b/java/ql/lib/change-notes/2023-05-24-kotlin-1.9.0.md new file mode 100644 index 00000000000..f3647cc5488 --- /dev/null +++ b/java/ql/lib/change-notes/2023-05-24-kotlin-1.9.0.md @@ -0,0 +1,4 @@ +--- +category: feature +--- +* Kotlin versions up to 1.9.0 are now supported. From a13678c35ca56ac1ab7daecd26d55ddf0a0deb6e Mon Sep 17 00:00:00 2001 From: Ian Lynagh <igfoo@github.com> Date: Thu, 25 May 2023 14:06:58 +0100 Subject: [PATCH 745/870] Kotlin: Update expected test output --- .../diagnostics/kotlin-version-too-new/diagnostics.expected | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/integration-tests/all-platforms/kotlin/diagnostics/kotlin-version-too-new/diagnostics.expected b/java/ql/integration-tests/all-platforms/kotlin/diagnostics/kotlin-version-too-new/diagnostics.expected index 3397ea1bdef..36f7d9d0718 100644 --- a/java/ql/integration-tests/all-platforms/kotlin/diagnostics/kotlin-version-too-new/diagnostics.expected +++ b/java/ql/integration-tests/all-platforms/kotlin/diagnostics/kotlin-version-too-new/diagnostics.expected @@ -1,5 +1,5 @@ { - "markdownMessage": "The Kotlin version installed (`999.999.999`) is too recent for this version of CodeQL. Install a version lower than 1.8.30.", + "markdownMessage": "The Kotlin version installed (`999.999.999`) is too recent for this version of CodeQL. Install a version lower than 1.9.10.", "severity": "error", "source": { "extractorName": "java", From 82578af3498e385d5f549997b796448e3359e63e Mon Sep 17 00:00:00 2001 From: Ian Lynagh <igfoo@github.com> Date: Wed, 31 May 2023 12:56:29 +0100 Subject: [PATCH 746/870] Kotlin: Use @files for compiler arguments Avoids problems with large line lengths. --- java/kotlin-extractor/build.py | 40 ++++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 14 deletions(-) diff --git a/java/kotlin-extractor/build.py b/java/kotlin-extractor/build.py index b52ff05b00e..2735f6af1c1 100755 --- a/java/kotlin-extractor/build.py +++ b/java/kotlin-extractor/build.py @@ -80,25 +80,37 @@ def run_process(cmd, capture_output=False): errors='replace'), file=sys.stderr) raise e +def write_arg_file(arg_file, args): + with open(arg_file, 'w') as f: + for arg in args: + if "'" in arg: + raise Exception('Single quote in argument: ' + arg) + f.write("'" + arg.replace('\\', '/') + "'\n") -def compile_to_dir(srcs, classpath, java_classpath, output): +def compile_to_dir(build_dir, srcs, classpath, java_classpath, output): # Use kotlinc to compile .kt files: + kotlin_arg_file = build_dir + '/kotlin.args' + kotlin_args = ['-Werror', + '-opt-in=kotlin.RequiresOptIn', + '-d', output, + '-module-name', 'codeql-kotlin-extractor', + '-no-reflect', '-no-stdlib', + '-jvm-target', '1.8', + '-classpath', classpath] + srcs + write_arg_file(kotlin_arg_file, kotlin_args) run_process([kotlinc, - # kotlinc can default to 256M, which isn't enough when we are extracting the build - '-J-Xmx2G', - '-Werror', - '-opt-in=kotlin.RequiresOptIn', - '-d', output, - '-module-name', 'codeql-kotlin-extractor', - '-no-reflect', '-no-stdlib', - '-jvm-target', '1.8', - '-classpath', classpath] + srcs) + # kotlinc can default to 256M, which isn't enough when we are extracting the build + '-J-Xmx2G', + '@' + kotlin_arg_file]) # Use javac to compile .java files, referencing the Kotlin class files: - run_process([javac, - '-d', output, + java_arg_file = build_dir + '/java.args' + java_args = ['-d', output, '-source', '8', '-target', '8', - '-classpath', os.path.pathsep.join([output, classpath, java_classpath])] + [s for s in srcs if s.endswith(".java")]) + '-classpath', os.path.pathsep.join([output, classpath, java_classpath])] \ + + [s for s in srcs if s.endswith(".java")] + write_arg_file(java_arg_file, java_args) + run_process([javac, '@' + java_arg_file]) def compile_to_jar(build_dir, tmp_src_dir, srcs, classpath, java_classpath, output): @@ -108,7 +120,7 @@ def compile_to_jar(build_dir, tmp_src_dir, srcs, classpath, java_classpath, outp shutil.rmtree(class_dir) os.makedirs(class_dir) - compile_to_dir(srcs, classpath, java_classpath, class_dir) + compile_to_dir(build_dir, srcs, classpath, java_classpath, class_dir) run_process(['jar', 'cf', output, '-C', class_dir, '.', From d24d8b16266a1758d8e5ff86e7566865b5b02826 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Tue, 9 May 2023 11:56:45 -0400 Subject: [PATCH 747/870] Java: update sql sink kind to sql-injection --- java/ql/lib/ext/android.content.model.yml | 16 +-- java/ql/lib/ext/android.database.model.yml | 14 +-- .../lib/ext/android.database.sqlite.model.yml | 104 +++++++++--------- java/ql/lib/ext/java.sql.model.yml | 18 +-- ...apache.hadoop.hive.metastore.api.model.yml | 3 +- ...org.apache.hadoop.hive.metastore.model.yml | 5 +- ...g.apache.hive.hcatalog.templeton.model.yml | 3 +- .../lib/ext/org.apache.ibatis.jdbc.model.yml | 12 +- java/ql/lib/ext/org.hibernate.model.yml | 8 +- java/ql/lib/ext/org.hibernate.query.model.yml | 6 +- java/ql/lib/ext/org.jooq.model.yml | 2 +- .../org.springframework.jdbc.core.model.yml | 20 ++-- .../org.springframework.jdbc.object.model.yml | 18 +-- .../code/java/dataflow/ExternalFlow.qll | 10 +- .../code/java/security/QueryInjection.qll | 2 +- 15 files changed, 119 insertions(+), 122 deletions(-) diff --git a/java/ql/lib/ext/android.content.model.yml b/java/ql/lib/ext/android.content.model.yml index 89368acc04e..bee6bae8d44 100644 --- a/java/ql/lib/ext/android.content.model.yml +++ b/java/ql/lib/ext/android.content.model.yml @@ -39,14 +39,14 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["android.content", "ContentProvider", True, "delete", "(Uri,String,String[])", "", "Argument[1]", "sql", "manual"] - - ["android.content", "ContentProvider", True, "query", "(Uri,String[],String,String[],String)", "", "Argument[2]", "sql", "manual"] - - ["android.content", "ContentProvider", True, "query", "(Uri,String[],String,String[],String,CancellationSignal)", "", "Argument[2]", "sql", "manual"] - - ["android.content", "ContentProvider", True, "update", "(Uri,ContentValues,String,String[])", "", "Argument[2]", "sql", "manual"] - - ["android.content", "ContentResolver", True, "delete", "(Uri,String,String[])", "", "Argument[1]", "sql", "manual"] - - ["android.content", "ContentResolver", True, "query", "(Uri,String[],String,String[],String)", "", "Argument[2]", "sql", "manual"] - - ["android.content", "ContentResolver", True, "query", "(Uri,String[],String,String[],String,CancellationSignal)", "", "Argument[2]", "sql", "manual"] - - ["android.content", "ContentResolver", True, "update", "(Uri,ContentValues,String,String[])", "", "Argument[2]", "sql", "manual"] + - ["android.content", "ContentProvider", True, "delete", "(Uri,String,String[])", "", "Argument[1]", "sql-injection", "manual"] + - ["android.content", "ContentProvider", True, "query", "(Uri,String[],String,String[],String)", "", "Argument[2]", "sql-injection", "manual"] + - ["android.content", "ContentProvider", True, "query", "(Uri,String[],String,String[],String,CancellationSignal)", "", "Argument[2]", "sql-injection", "manual"] + - ["android.content", "ContentProvider", True, "update", "(Uri,ContentValues,String,String[])", "", "Argument[2]", "sql-injection", "manual"] + - ["android.content", "ContentResolver", True, "delete", "(Uri,String,String[])", "", "Argument[1]", "sql-injection", "manual"] + - ["android.content", "ContentResolver", True, "query", "(Uri,String[],String,String[],String)", "", "Argument[2]", "sql-injection", "manual"] + - ["android.content", "ContentResolver", True, "query", "(Uri,String[],String,String[],String,CancellationSignal)", "", "Argument[2]", "sql-injection", "manual"] + - ["android.content", "ContentResolver", True, "update", "(Uri,ContentValues,String,String[])", "", "Argument[2]", "sql-injection", "manual"] - ["android.content", "Context", True, "sendBroadcast", "", "", "Argument[0]", "intent-start", "manual"] - ["android.content", "Context", True, "sendBroadcastAsUser", "", "", "Argument[0]", "intent-start", "manual"] - ["android.content", "Context", True, "sendBroadcastWithMultiplePermissions", "", "", "Argument[0]", "intent-start", "manual"] diff --git a/java/ql/lib/ext/android.database.model.yml b/java/ql/lib/ext/android.database.model.yml index 22157da6755..c0ff4dd5f39 100644 --- a/java/ql/lib/ext/android.database.model.yml +++ b/java/ql/lib/ext/android.database.model.yml @@ -3,13 +3,13 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["android.database", "DatabaseUtils", False, "blobFileDescriptorForQuery", "(SQLiteDatabase,String,String[])", "", "Argument[1]", "sql", "manual"] - - ["android.database", "DatabaseUtils", False, "createDbFromSqlStatements", "(Context,String,int,String)", "", "Argument[3]", "sql", "manual"] - - ["android.database", "DatabaseUtils", False, "longForQuery", "(SQLiteDatabase,String,String[])", "", "Argument[1]", "sql", "manual"] - - ["android.database", "DatabaseUtils", False, "queryNumEntries", "(SQLiteDatabase,String)", "", "Argument[1]", "sql", "manual"] - - ["android.database", "DatabaseUtils", False, "queryNumEntries", "(SQLiteDatabase,String,String)", "", "Argument[1..2]", "sql", "manual"] - - ["android.database", "DatabaseUtils", False, "queryNumEntries", "(SQLiteDatabase,String,String,String[])", "", "Argument[1..2]", "sql", "manual"] - - ["android.database", "DatabaseUtils", False, "stringForQuery", "(SQLiteDatabase,String,String[])", "", "Argument[1]", "sql", "manual"] + - ["android.database", "DatabaseUtils", False, "blobFileDescriptorForQuery", "(SQLiteDatabase,String,String[])", "", "Argument[1]", "sql-injection", "manual"] + - ["android.database", "DatabaseUtils", False, "createDbFromSqlStatements", "(Context,String,int,String)", "", "Argument[3]", "sql-injection", "manual"] + - ["android.database", "DatabaseUtils", False, "longForQuery", "(SQLiteDatabase,String,String[])", "", "Argument[1]", "sql-injection", "manual"] + - ["android.database", "DatabaseUtils", False, "queryNumEntries", "(SQLiteDatabase,String)", "", "Argument[1]", "sql-injection", "manual"] + - ["android.database", "DatabaseUtils", False, "queryNumEntries", "(SQLiteDatabase,String,String)", "", "Argument[1..2]", "sql-injection", "manual"] + - ["android.database", "DatabaseUtils", False, "queryNumEntries", "(SQLiteDatabase,String,String,String[])", "", "Argument[1..2]", "sql-injection", "manual"] + - ["android.database", "DatabaseUtils", False, "stringForQuery", "(SQLiteDatabase,String,String[])", "", "Argument[1]", "sql-injection", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/android.database.sqlite.model.yml b/java/ql/lib/ext/android.database.sqlite.model.yml index 169c7870da4..d40ae8c1ee3 100644 --- a/java/ql/lib/ext/android.database.sqlite.model.yml +++ b/java/ql/lib/ext/android.database.sqlite.model.yml @@ -3,58 +3,58 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["android.database.sqlite", "SQLiteDatabase", False, "compileStatement", "(String)", "", "Argument[0]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "delete", "(String,String,String[])", "", "Argument[0..1]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "execPerConnectionSQL", "(String,Object[])", "", "Argument[0]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "execSQL", "(String)", "", "Argument[0]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "execSQL", "(String,Object[])", "", "Argument[0]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(String,String[],String,String[],String,String,String)", "", "Argument[0..2]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(String,String[],String,String[],String,String,String)", "", "Argument[4..6]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(String,String[],String,String[],String,String,String,String)", "", "Argument[0]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(String,String[],String,String[],String,String,String,String)", "", "Argument[1]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(String,String[],String,String[],String,String,String,String)", "", "Argument[2]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(String,String[],String,String[],String,String,String,String)", "", "Argument[4..7]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[1]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[2]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[3]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[5..8]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[1]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[2]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[3]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[5..8]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[2]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[3]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[4]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[6..9]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[2]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[3]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[4]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[6..9]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "rawQuery", "(String,String[])", "", "Argument[0]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "rawQuery", "(String,String[],CancellationSignal)", "", "Argument[0]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "rawQueryWithFactory", "(CursorFactory,String,String[],String)", "", "Argument[1]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "rawQueryWithFactory", "(CursorFactory,String,String[],String,CancellationSignal)", "", "Argument[1]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "update", "(String,ContentValues,String,String[])", "", "Argument[0]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "update", "(String,ContentValues,String,String[])", "", "Argument[2]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "updateWithOnConflict", "(String,ContentValues,String,String[],int)", "", "Argument[0]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteDatabase", False, "updateWithOnConflict", "(String,ContentValues,String,String[],int)", "", "Argument[2]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteQueryBuilder", True, "delete", "(SQLiteDatabase,String,String[])", "", "Argument[this]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteQueryBuilder", True, "delete", "(SQLiteDatabase,String,String[])", "", "Argument[1]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteQueryBuilder", True, "insert", "(SQLiteDatabase,ContentValues)", "", "Argument[this]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String)", "", "Argument[this]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String)", "", "Argument[1]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String)", "", "Argument[2]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String)", "", "Argument[4..6]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String)", "", "Argument[this]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String)", "", "Argument[1]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String)", "", "Argument[2]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String)", "", "Argument[4..7]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[this]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[1]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[2]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[4..7]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteQueryBuilder", True, "update", "(SQLiteDatabase,ContentValues,String,String[])", "", "Argument[this]", "sql", "manual"] - - ["android.database.sqlite", "SQLiteQueryBuilder", True, "update", "(SQLiteDatabase,ContentValues,String,String[])", "", "Argument[2]", "sql", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "compileStatement", "(String)", "", "Argument[0]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "delete", "(String,String,String[])", "", "Argument[0..1]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "execPerConnectionSQL", "(String,Object[])", "", "Argument[0]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "execSQL", "(String)", "", "Argument[0]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "execSQL", "(String,Object[])", "", "Argument[0]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(String,String[],String,String[],String,String,String)", "", "Argument[0..2]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(String,String[],String,String[],String,String,String)", "", "Argument[4..6]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(String,String[],String,String[],String,String,String,String)", "", "Argument[0]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(String,String[],String,String[],String,String,String,String)", "", "Argument[1]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(String,String[],String,String[],String,String,String,String)", "", "Argument[2]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(String,String[],String,String[],String,String,String,String)", "", "Argument[4..7]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[1]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[2]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[3]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[5..8]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[1]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[2]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[3]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "query", "(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[5..8]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[2]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[3]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[4]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String)", "", "Argument[6..9]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[2]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[3]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[4]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "queryWithFactory", "(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[6..9]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "rawQuery", "(String,String[])", "", "Argument[0]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "rawQuery", "(String,String[],CancellationSignal)", "", "Argument[0]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "rawQueryWithFactory", "(CursorFactory,String,String[],String)", "", "Argument[1]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "rawQueryWithFactory", "(CursorFactory,String,String[],String,CancellationSignal)", "", "Argument[1]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "update", "(String,ContentValues,String,String[])", "", "Argument[0]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "update", "(String,ContentValues,String,String[])", "", "Argument[2]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "updateWithOnConflict", "(String,ContentValues,String,String[],int)", "", "Argument[0]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteDatabase", False, "updateWithOnConflict", "(String,ContentValues,String,String[],int)", "", "Argument[2]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteQueryBuilder", True, "delete", "(SQLiteDatabase,String,String[])", "", "Argument[this]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteQueryBuilder", True, "delete", "(SQLiteDatabase,String,String[])", "", "Argument[1]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteQueryBuilder", True, "insert", "(SQLiteDatabase,ContentValues)", "", "Argument[this]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String)", "", "Argument[this]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String)", "", "Argument[1]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String)", "", "Argument[2]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String)", "", "Argument[4..6]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String)", "", "Argument[this]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String)", "", "Argument[1]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String)", "", "Argument[2]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String)", "", "Argument[4..7]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[this]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[1]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[2]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteQueryBuilder", True, "query", "(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal)", "", "Argument[4..7]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteQueryBuilder", True, "update", "(SQLiteDatabase,ContentValues,String,String[])", "", "Argument[this]", "sql-injection", "manual"] + - ["android.database.sqlite", "SQLiteQueryBuilder", True, "update", "(SQLiteDatabase,ContentValues,String,String[])", "", "Argument[2]", "sql-injection", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/java.sql.model.yml b/java/ql/lib/ext/java.sql.model.yml index 87e0fca7f9b..ec0aa84fd21 100644 --- a/java/ql/lib/ext/java.sql.model.yml +++ b/java/ql/lib/ext/java.sql.model.yml @@ -3,19 +3,19 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["java.sql", "Connection", True, "prepareCall", "", "", "Argument[0]", "sql", "manual"] - - ["java.sql", "Connection", True, "prepareStatement", "", "", "Argument[0]", "sql", "manual"] - - ["java.sql", "DatabaseMetaData", True, "getColumns", "(String,String,String,String)", "", "Argument[2]", "sql", "ai-manual"] - - ["java.sql", "DatabaseMetaData", True, "getPrimaryKeys", "(String,String,String)", "", "Argument[2]", "sql", "ai-manual"] + - ["java.sql", "Connection", True, "prepareCall", "", "", "Argument[0]", "sql-injection", "manual"] + - ["java.sql", "Connection", True, "prepareStatement", "", "", "Argument[0]", "sql-injection", "manual"] + - ["java.sql", "DatabaseMetaData", True, "getColumns", "(String,String,String,String)", "", "Argument[2]", "sql-injection", "ai-manual"] + - ["java.sql", "DatabaseMetaData", True, "getPrimaryKeys", "(String,String,String)", "", "Argument[2]", "sql-injection", "ai-manual"] - ["java.sql", "Driver", False, "connect", "(String,Properties)", "", "Argument[0]", "jdbc-url", "manual"] - ["java.sql", "DriverManager", False, "getConnection", "(String)", "", "Argument[0]", "jdbc-url", "manual"] - ["java.sql", "DriverManager", False, "getConnection", "(String,Properties)", "", "Argument[0]", "jdbc-url", "manual"] - ["java.sql", "DriverManager", False, "getConnection", "(String,String,String)", "", "Argument[0]", "jdbc-url", "manual"] - - ["java.sql", "Statement", True, "addBatch", "", "", "Argument[0]", "sql", "manual"] - - ["java.sql", "Statement", True, "execute", "", "", "Argument[0]", "sql", "manual"] - - ["java.sql", "Statement", True, "executeLargeUpdate", "", "", "Argument[0]", "sql", "manual"] - - ["java.sql", "Statement", True, "executeQuery", "", "", "Argument[0]", "sql", "manual"] - - ["java.sql", "Statement", True, "executeUpdate", "", "", "Argument[0]", "sql", "manual"] + - ["java.sql", "Statement", True, "addBatch", "", "", "Argument[0]", "sql-injection", "manual"] + - ["java.sql", "Statement", True, "execute", "", "", "Argument[0]", "sql-injection", "manual"] + - ["java.sql", "Statement", True, "executeLargeUpdate", "", "", "Argument[0]", "sql-injection", "manual"] + - ["java.sql", "Statement", True, "executeQuery", "", "", "Argument[0]", "sql-injection", "manual"] + - ["java.sql", "Statement", True, "executeUpdate", "", "", "Argument[0]", "sql-injection", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/org.apache.hadoop.hive.metastore.api.model.yml b/java/ql/lib/ext/org.apache.hadoop.hive.metastore.api.model.yml index 9189c6ab1fd..60d2d0c0153 100644 --- a/java/ql/lib/ext/org.apache.hadoop.hive.metastore.api.model.yml +++ b/java/ql/lib/ext/org.apache.hadoop.hive.metastore.api.model.yml @@ -3,5 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.hadoop.hive.metastore.api", "DefaultConstraintsRequest", True, "DefaultConstraintsRequest", "(String,String,String)", "", "Argument[1]", "sql", "ai-manual"] - + - ["org.apache.hadoop.hive.metastore.api", "DefaultConstraintsRequest", True, "DefaultConstraintsRequest", "(String,String,String)", "", "Argument[1]", "sql-injection", "ai-manual"] diff --git a/java/ql/lib/ext/org.apache.hadoop.hive.metastore.model.yml b/java/ql/lib/ext/org.apache.hadoop.hive.metastore.model.yml index da335795194..bc902f548fd 100644 --- a/java/ql/lib/ext/org.apache.hadoop.hive.metastore.model.yml +++ b/java/ql/lib/ext/org.apache.hadoop.hive.metastore.model.yml @@ -3,6 +3,5 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.hadoop.hive.metastore", "ObjectStore", True, "updatePartitionColumnStatistics", "(ColumnStatistics,List,String,long)", "", "Argument[0]", "sql", "ai-manual"] - - ["org.apache.hadoop.hive.metastore", "ObjectStore", True, "updatePartitionColumnStatistics", "(ColumnStatistics,List)", "", "Argument[0]", "sql", "ai-manual"] - + - ["org.apache.hadoop.hive.metastore", "ObjectStore", True, "updatePartitionColumnStatistics", "(ColumnStatistics,List,String,long)", "", "Argument[0]", "sql-injection", "ai-manual"] + - ["org.apache.hadoop.hive.metastore", "ObjectStore", True, "updatePartitionColumnStatistics", "(ColumnStatistics,List)", "", "Argument[0]", "sql-injection", "ai-manual"] diff --git a/java/ql/lib/ext/org.apache.hive.hcatalog.templeton.model.yml b/java/ql/lib/ext/org.apache.hive.hcatalog.templeton.model.yml index 3f980bdbb3f..35c0e9f27a3 100644 --- a/java/ql/lib/ext/org.apache.hive.hcatalog.templeton.model.yml +++ b/java/ql/lib/ext/org.apache.hive.hcatalog.templeton.model.yml @@ -3,5 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.hive.hcatalog.templeton", "HcatDelegator", True, "addOneColumn", "(String,String,String,ColumnDesc)", "", "Argument[3]", "sql", "ai-manual"] - + - ["org.apache.hive.hcatalog.templeton", "HcatDelegator", True, "addOneColumn", "(String,String,String,ColumnDesc)", "", "Argument[3]", "sql-injection", "ai-manual"] diff --git a/java/ql/lib/ext/org.apache.ibatis.jdbc.model.yml b/java/ql/lib/ext/org.apache.ibatis.jdbc.model.yml index e966d7bd735..e1b37b8f851 100644 --- a/java/ql/lib/ext/org.apache.ibatis.jdbc.model.yml +++ b/java/ql/lib/ext/org.apache.ibatis.jdbc.model.yml @@ -3,12 +3,12 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.ibatis.jdbc", "SqlRunner", False, "delete", "(String,Object[])", "", "Argument[0]", "sql", "manual"] - - ["org.apache.ibatis.jdbc", "SqlRunner", False, "insert", "(String,Object[])", "", "Argument[0]", "sql", "manual"] - - ["org.apache.ibatis.jdbc", "SqlRunner", False, "run", "(String)", "", "Argument[0]", "sql", "manual"] - - ["org.apache.ibatis.jdbc", "SqlRunner", False, "selectAll", "(String,Object[])", "", "Argument[0]", "sql", "manual"] - - ["org.apache.ibatis.jdbc", "SqlRunner", False, "selectOne", "(String,Object[])", "", "Argument[0]", "sql", "manual"] - - ["org.apache.ibatis.jdbc", "SqlRunner", False, "update", "(String,Object[])", "", "Argument[0]", "sql", "manual"] + - ["org.apache.ibatis.jdbc", "SqlRunner", False, "delete", "(String,Object[])", "", "Argument[0]", "sql-injection", "manual"] + - ["org.apache.ibatis.jdbc", "SqlRunner", False, "insert", "(String,Object[])", "", "Argument[0]", "sql-injection", "manual"] + - ["org.apache.ibatis.jdbc", "SqlRunner", False, "run", "(String)", "", "Argument[0]", "sql-injection", "manual"] + - ["org.apache.ibatis.jdbc", "SqlRunner", False, "selectAll", "(String,Object[])", "", "Argument[0]", "sql-injection", "manual"] + - ["org.apache.ibatis.jdbc", "SqlRunner", False, "selectOne", "(String,Object[])", "", "Argument[0]", "sql-injection", "manual"] + - ["org.apache.ibatis.jdbc", "SqlRunner", False, "update", "(String,Object[])", "", "Argument[0]", "sql-injection", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/org.hibernate.model.yml b/java/ql/lib/ext/org.hibernate.model.yml index ffa483ec742..c6a18bb1350 100644 --- a/java/ql/lib/ext/org.hibernate.model.yml +++ b/java/ql/lib/ext/org.hibernate.model.yml @@ -3,7 +3,7 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.hibernate", "Session", True, "createQuery", "", "", "Argument[0]", "sql", "manual"] - - ["org.hibernate", "Session", True, "createSQLQuery", "", "", "Argument[0]", "sql", "manual"] - - ["org.hibernate", "SharedSessionContract", True, "createQuery", "", "", "Argument[0]", "sql", "manual"] - - ["org.hibernate", "SharedSessionContract", True, "createSQLQuery", "", "", "Argument[0]", "sql", "manual"] + - ["org.hibernate", "Session", True, "createQuery", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.hibernate", "Session", True, "createSQLQuery", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.hibernate", "SharedSessionContract", True, "createQuery", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.hibernate", "SharedSessionContract", True, "createSQLQuery", "", "", "Argument[0]", "sql-injection", "manual"] diff --git a/java/ql/lib/ext/org.hibernate.query.model.yml b/java/ql/lib/ext/org.hibernate.query.model.yml index 6281a33caa5..bb6232c1fcd 100644 --- a/java/ql/lib/ext/org.hibernate.query.model.yml +++ b/java/ql/lib/ext/org.hibernate.query.model.yml @@ -3,6 +3,6 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.hibernate.query", "QueryProducer", True, "createNativeQuery", "", "", "Argument[0]", "sql", "manual"] - - ["org.hibernate.query", "QueryProducer", True, "createQuery", "", "", "Argument[0]", "sql", "manual"] - - ["org.hibernate.query", "QueryProducer", True, "createSQLQuery", "", "", "Argument[0]", "sql", "manual"] + - ["org.hibernate.query", "QueryProducer", True, "createNativeQuery", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.hibernate.query", "QueryProducer", True, "createQuery", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.hibernate.query", "QueryProducer", True, "createSQLQuery", "", "", "Argument[0]", "sql-injection", "manual"] diff --git a/java/ql/lib/ext/org.jooq.model.yml b/java/ql/lib/ext/org.jooq.model.yml index cf7fc22a923..b7538263a31 100644 --- a/java/ql/lib/ext/org.jooq.model.yml +++ b/java/ql/lib/ext/org.jooq.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.jooq", "PlainSQL", False, "", "", "Annotated", "Argument[0]", "sql", "manual"] + - ["org.jooq", "PlainSQL", False, "", "", "Annotated", "Argument[0]", "sql-injection", "manual"] diff --git a/java/ql/lib/ext/org.springframework.jdbc.core.model.yml b/java/ql/lib/ext/org.springframework.jdbc.core.model.yml index 9374293d0bb..38d91bb3090 100644 --- a/java/ql/lib/ext/org.springframework.jdbc.core.model.yml +++ b/java/ql/lib/ext/org.springframework.jdbc.core.model.yml @@ -3,13 +3,13 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.springframework.jdbc.core", "JdbcTemplate", False, "batchUpdate", "", "", "Argument[0]", "sql", "manual"] - - ["org.springframework.jdbc.core", "JdbcTemplate", False, "batchUpdate", "(String[])", "", "Argument[0]", "sql", "manual"] - - ["org.springframework.jdbc.core", "JdbcTemplate", False, "execute", "", "", "Argument[0]", "sql", "manual"] - - ["org.springframework.jdbc.core", "JdbcTemplate", False, "query", "", "", "Argument[0]", "sql", "manual"] - - ["org.springframework.jdbc.core", "JdbcTemplate", False, "queryForList", "", "", "Argument[0]", "sql", "manual"] - - ["org.springframework.jdbc.core", "JdbcTemplate", False, "queryForMap", "", "", "Argument[0]", "sql", "manual"] - - ["org.springframework.jdbc.core", "JdbcTemplate", False, "queryForObject", "", "", "Argument[0]", "sql", "manual"] - - ["org.springframework.jdbc.core", "JdbcTemplate", False, "queryForRowSet", "", "", "Argument[0]", "sql", "manual"] - - ["org.springframework.jdbc.core", "JdbcTemplate", False, "queryForStream", "", "", "Argument[0]", "sql", "manual"] - - ["org.springframework.jdbc.core", "JdbcTemplate", False, "update", "", "", "Argument[0]", "sql", "manual"] + - ["org.springframework.jdbc.core", "JdbcTemplate", False, "batchUpdate", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.springframework.jdbc.core", "JdbcTemplate", False, "batchUpdate", "(String[])", "", "Argument[0]", "sql-injection", "manual"] + - ["org.springframework.jdbc.core", "JdbcTemplate", False, "execute", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.springframework.jdbc.core", "JdbcTemplate", False, "query", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.springframework.jdbc.core", "JdbcTemplate", False, "queryForList", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.springframework.jdbc.core", "JdbcTemplate", False, "queryForMap", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.springframework.jdbc.core", "JdbcTemplate", False, "queryForObject", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.springframework.jdbc.core", "JdbcTemplate", False, "queryForRowSet", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.springframework.jdbc.core", "JdbcTemplate", False, "queryForStream", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.springframework.jdbc.core", "JdbcTemplate", False, "update", "", "", "Argument[0]", "sql-injection", "manual"] diff --git a/java/ql/lib/ext/org.springframework.jdbc.object.model.yml b/java/ql/lib/ext/org.springframework.jdbc.object.model.yml index 413e29e2631..192e9263f0a 100644 --- a/java/ql/lib/ext/org.springframework.jdbc.object.model.yml +++ b/java/ql/lib/ext/org.springframework.jdbc.object.model.yml @@ -3,12 +3,12 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.springframework.jdbc.object", "BatchSqlUpdate", False, "BatchSqlUpdate", "", "", "Argument[1]", "sql", "manual"] - - ["org.springframework.jdbc.object", "MappingSqlQuery", False, "MappingSqlQuery", "", "", "Argument[1]", "sql", "manual"] - - ["org.springframework.jdbc.object", "MappingSqlQueryWithParameters", False, "MappingSqlQueryWithParameters", "", "", "Argument[1]", "sql", "manual"] - - ["org.springframework.jdbc.object", "RdbmsOperation", True, "setSql", "", "", "Argument[0]", "sql", "manual"] - - ["org.springframework.jdbc.object", "SqlCall", False, "SqlCall", "", "", "Argument[1]", "sql", "manual"] - - ["org.springframework.jdbc.object", "SqlFunction", False, "SqlFunction", "", "", "Argument[1]", "sql", "manual"] - - ["org.springframework.jdbc.object", "SqlQuery", False, "SqlQuery", "", "", "Argument[1]", "sql", "manual"] - - ["org.springframework.jdbc.object", "SqlUpdate", False, "SqlUpdate", "", "", "Argument[1]", "sql", "manual"] - - ["org.springframework.jdbc.object", "UpdatableSqlQuery", False, "UpdatableSqlQuery", "", "", "Argument[1]", "sql", "manual"] + - ["org.springframework.jdbc.object", "BatchSqlUpdate", False, "BatchSqlUpdate", "", "", "Argument[1]", "sql-injection", "manual"] + - ["org.springframework.jdbc.object", "MappingSqlQuery", False, "MappingSqlQuery", "", "", "Argument[1]", "sql-injection", "manual"] + - ["org.springframework.jdbc.object", "MappingSqlQueryWithParameters", False, "MappingSqlQueryWithParameters", "", "", "Argument[1]", "sql-injection", "manual"] + - ["org.springframework.jdbc.object", "RdbmsOperation", True, "setSql", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.springframework.jdbc.object", "SqlCall", False, "SqlCall", "", "", "Argument[1]", "sql-injection", "manual"] + - ["org.springframework.jdbc.object", "SqlFunction", False, "SqlFunction", "", "", "Argument[1]", "sql-injection", "manual"] + - ["org.springframework.jdbc.object", "SqlQuery", False, "SqlQuery", "", "", "Argument[1]", "sql-injection", "manual"] + - ["org.springframework.jdbc.object", "SqlUpdate", False, "SqlUpdate", "", "", "Argument[1]", "sql-injection", "manual"] + - ["org.springframework.jdbc.object", "UpdatableSqlQuery", False, "UpdatableSqlQuery", "", "", "Argument[1]", "sql-injection", "manual"] diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index 4cb21496f5f..d511d4da293 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -274,11 +274,11 @@ module ModelValidation { exists(string kind | sinkModel(_, _, _, _, _, _, _, kind, _) | not kind = [ - "open-url", "jndi-injection", "ldap", "sql", "jdbc-url", "logging", "mvel", "xpath", - "groovy", "xss", "ognl-injection", "intent-start", "pending-intent-sent", "url-redirect", - "create-file", "read-file", "write-file", "set-hostname-verifier", "header-splitting", - "information-leak", "xslt", "jexl", "bean-validation", "ssti", "fragment-injection", - "command-injection" + "open-url", "jndi-injection", "ldap", "sql-injection", "jdbc-url", "logging", "mvel", + "xpath", "groovy", "xss", "ognl-injection", "intent-start", "pending-intent-sent", + "url-redirect", "create-file", "read-file", "write-file", "set-hostname-verifier", + "header-splitting", "information-leak", "xslt", "jexl", "bean-validation", "ssti", + "fragment-injection", "command-injection" ] and not kind.matches("regex-use%") and not kind.matches("qltest%") and diff --git a/java/ql/lib/semmle/code/java/security/QueryInjection.qll b/java/ql/lib/semmle/code/java/security/QueryInjection.qll index fda91647bcd..217d80bf170 100644 --- a/java/ql/lib/semmle/code/java/security/QueryInjection.qll +++ b/java/ql/lib/semmle/code/java/security/QueryInjection.qll @@ -25,7 +25,7 @@ class AdditionalQueryInjectionTaintStep extends Unit { /** A sink for SQL injection vulnerabilities. */ private class SqlInjectionSink extends QueryInjectionSink { - SqlInjectionSink() { sinkNode(this, "sql") } + SqlInjectionSink() { sinkNode(this, "sql-injection") } } /** A sink for Java Persistence Query Language injection vulnerabilities. */ From 55be2e5b6766b8e21d5d05753ddeccd47075289a Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Tue, 9 May 2023 11:58:07 -0400 Subject: [PATCH 748/870] Java: update url-redirect sink kind to url-redirection --- java/ql/lib/ext/jakarta.ws.rs.core.model.yml | 4 ++-- java/ql/lib/ext/javax.ws.rs.core.model.yml | 4 ++-- java/ql/lib/ext/org.geogebra.web.full.main.model.yml | 2 +- java/ql/lib/ext/org.kohsuke.stapler.model.yml | 2 +- java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll | 2 +- java/ql/lib/semmle/code/java/security/UrlRedirect.qll | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/java/ql/lib/ext/jakarta.ws.rs.core.model.yml b/java/ql/lib/ext/jakarta.ws.rs.core.model.yml index a13bb2189d1..739f61df8b8 100644 --- a/java/ql/lib/ext/jakarta.ws.rs.core.model.yml +++ b/java/ql/lib/ext/jakarta.ws.rs.core.model.yml @@ -3,8 +3,8 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["jakarta.ws.rs.core", "Response", True, "seeOther", "", "", "Argument[0]", "url-redirect", "manual"] - - ["jakarta.ws.rs.core", "Response", True, "temporaryRedirect", "", "", "Argument[0]", "url-redirect", "manual"] + - ["jakarta.ws.rs.core", "Response", True, "seeOther", "", "", "Argument[0]", "url-redirection", "manual"] + - ["jakarta.ws.rs.core", "Response", True, "temporaryRedirect", "", "", "Argument[0]", "url-redirection", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/javax.ws.rs.core.model.yml b/java/ql/lib/ext/javax.ws.rs.core.model.yml index b73078a5ae5..cf94b255176 100644 --- a/java/ql/lib/ext/javax.ws.rs.core.model.yml +++ b/java/ql/lib/ext/javax.ws.rs.core.model.yml @@ -3,8 +3,8 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["javax.ws.rs.core", "Response", True, "seeOther", "", "", "Argument[0]", "url-redirect", "manual"] - - ["javax.ws.rs.core", "Response", True, "temporaryRedirect", "", "", "Argument[0]", "url-redirect", "manual"] + - ["javax.ws.rs.core", "Response", True, "seeOther", "", "", "Argument[0]", "url-redirection", "manual"] + - ["javax.ws.rs.core", "Response", True, "temporaryRedirect", "", "", "Argument[0]", "url-redirection", "manual"] - ["javax.ws.rs.core", "ResponseBuilder", False, "header", "", "", "Argument[1]", "header-splitting", "manual"] - addsTo: pack: codeql/java-all diff --git a/java/ql/lib/ext/org.geogebra.web.full.main.model.yml b/java/ql/lib/ext/org.geogebra.web.full.main.model.yml index c6719b6a97e..914a60fe38a 100644 --- a/java/ql/lib/ext/org.geogebra.web.full.main.model.yml +++ b/java/ql/lib/ext/org.geogebra.web.full.main.model.yml @@ -4,4 +4,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.geogebra.web.full.main", "FileManager", True, "open", "(String,String)", "", "Argument[0]", "url-redirect", "ai-manual"] + - ["org.geogebra.web.full.main", "FileManager", True, "open", "(String,String)", "", "Argument[0]", "url-redirection", "ai-manual"] diff --git a/java/ql/lib/ext/org.kohsuke.stapler.model.yml b/java/ql/lib/ext/org.kohsuke.stapler.model.yml index a3ae44a683b..7b6dea2e669 100644 --- a/java/ql/lib/ext/org.kohsuke.stapler.model.yml +++ b/java/ql/lib/ext/org.kohsuke.stapler.model.yml @@ -3,5 +3,5 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.kohsuke.stapler", "HttpResponses", True, "redirectTo", "(String)", "", "Argument[0]", "url-redirect", "ai-manual"] + - ["org.kohsuke.stapler", "HttpResponses", True, "redirectTo", "(String)", "", "Argument[0]", "url-redirection", "ai-manual"] - ["org.kohsuke.stapler", "HttpResponses", True, "staticResource", "(URL)", "", "Argument[0]", "open-url", "ai-manual"] diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index d511d4da293..48725115430 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -276,7 +276,7 @@ module ModelValidation { [ "open-url", "jndi-injection", "ldap", "sql-injection", "jdbc-url", "logging", "mvel", "xpath", "groovy", "xss", "ognl-injection", "intent-start", "pending-intent-sent", - "url-redirect", "create-file", "read-file", "write-file", "set-hostname-verifier", + "url-redirection", "create-file", "read-file", "write-file", "set-hostname-verifier", "header-splitting", "information-leak", "xslt", "jexl", "bean-validation", "ssti", "fragment-injection", "command-injection" ] and diff --git a/java/ql/lib/semmle/code/java/security/UrlRedirect.qll b/java/ql/lib/semmle/code/java/security/UrlRedirect.qll index f4fc862ab53..fdd09fe8957 100644 --- a/java/ql/lib/semmle/code/java/security/UrlRedirect.qll +++ b/java/ql/lib/semmle/code/java/security/UrlRedirect.qll @@ -12,7 +12,7 @@ abstract class UrlRedirectSink extends DataFlow::Node { } /** A default sink represeting methods susceptible to URL redirection attacks. */ private class DefaultUrlRedirectSink extends UrlRedirectSink { - DefaultUrlRedirectSink() { sinkNode(this, "url-redirect") } + DefaultUrlRedirectSink() { sinkNode(this, "url-redirection") } } /** A Servlet URL redirection sink. */ From fc58d10a4e843564121391a340c4f104e7d5c3d1 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Tue, 9 May 2023 12:00:28 -0400 Subject: [PATCH 749/870] Java: update xpath sink kind to xpath-injection --- java/ql/lib/ext/javax.xml.xpath.model.yml | 6 ++-- java/ql/lib/ext/org.dom4j.model.yml | 30 +++++++++---------- java/ql/lib/ext/org.dom4j.tree.model.yml | 4 +-- java/ql/lib/ext/org.dom4j.util.model.yml | 6 ++-- .../code/java/dataflow/ExternalFlow.qll | 8 ++--- .../lib/semmle/code/java/security/XPath.qll | 2 +- 6 files changed, 28 insertions(+), 28 deletions(-) diff --git a/java/ql/lib/ext/javax.xml.xpath.model.yml b/java/ql/lib/ext/javax.xml.xpath.model.yml index 68f51a34a2e..6cad83433b6 100644 --- a/java/ql/lib/ext/javax.xml.xpath.model.yml +++ b/java/ql/lib/ext/javax.xml.xpath.model.yml @@ -3,6 +3,6 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["javax.xml.xpath", "XPath", True, "compile", "", "", "Argument[0]", "xpath", "manual"] - - ["javax.xml.xpath", "XPath", True, "evaluate", "", "", "Argument[0]", "xpath", "manual"] - - ["javax.xml.xpath", "XPath", True, "evaluateExpression", "", "", "Argument[0]", "xpath", "manual"] + - ["javax.xml.xpath", "XPath", True, "compile", "", "", "Argument[0]", "xpath-injection", "manual"] + - ["javax.xml.xpath", "XPath", True, "evaluate", "", "", "Argument[0]", "xpath-injection", "manual"] + - ["javax.xml.xpath", "XPath", True, "evaluateExpression", "", "", "Argument[0]", "xpath-injection", "manual"] diff --git a/java/ql/lib/ext/org.dom4j.model.yml b/java/ql/lib/ext/org.dom4j.model.yml index b2e5c2ed379..f54c817d966 100644 --- a/java/ql/lib/ext/org.dom4j.model.yml +++ b/java/ql/lib/ext/org.dom4j.model.yml @@ -3,18 +3,18 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.dom4j", "DocumentFactory", True, "createPattern", "", "", "Argument[0]", "xpath", "manual"] - - ["org.dom4j", "DocumentFactory", True, "createXPath", "", "", "Argument[0]", "xpath", "manual"] - - ["org.dom4j", "DocumentFactory", True, "createXPathFilter", "", "", "Argument[0]", "xpath", "manual"] - - ["org.dom4j", "DocumentHelper", False, "createPattern", "", "", "Argument[0]", "xpath", "manual"] - - ["org.dom4j", "DocumentHelper", False, "createXPath", "", "", "Argument[0]", "xpath", "manual"] - - ["org.dom4j", "DocumentHelper", False, "createXPathFilter", "", "", "Argument[0]", "xpath", "manual"] - - ["org.dom4j", "DocumentHelper", False, "selectNodes", "", "", "Argument[0]", "xpath", "manual"] - - ["org.dom4j", "DocumentHelper", False, "sort", "", "", "Argument[1]", "xpath", "manual"] - - ["org.dom4j", "Node", True, "createXPath", "", "", "Argument[0]", "xpath", "manual"] - - ["org.dom4j", "Node", True, "matches", "", "", "Argument[0]", "xpath", "manual"] - - ["org.dom4j", "Node", True, "numberValueOf", "", "", "Argument[0]", "xpath", "manual"] - - ["org.dom4j", "Node", True, "selectNodes", "", "", "Argument[0..1]", "xpath", "manual"] - - ["org.dom4j", "Node", True, "selectObject", "", "", "Argument[0]", "xpath", "manual"] - - ["org.dom4j", "Node", True, "selectSingleNode", "", "", "Argument[0]", "xpath", "manual"] - - ["org.dom4j", "Node", True, "valueOf", "", "", "Argument[0]", "xpath", "manual"] + - ["org.dom4j", "DocumentFactory", True, "createPattern", "", "", "Argument[0]", "xpath-injection", "manual"] + - ["org.dom4j", "DocumentFactory", True, "createXPath", "", "", "Argument[0]", "xpath-injection", "manual"] + - ["org.dom4j", "DocumentFactory", True, "createXPathFilter", "", "", "Argument[0]", "xpath-injection", "manual"] + - ["org.dom4j", "DocumentHelper", False, "createPattern", "", "", "Argument[0]", "xpath-injection", "manual"] + - ["org.dom4j", "DocumentHelper", False, "createXPath", "", "", "Argument[0]", "xpath-injection", "manual"] + - ["org.dom4j", "DocumentHelper", False, "createXPathFilter", "", "", "Argument[0]", "xpath-injection", "manual"] + - ["org.dom4j", "DocumentHelper", False, "selectNodes", "", "", "Argument[0]", "xpath-injection", "manual"] + - ["org.dom4j", "DocumentHelper", False, "sort", "", "", "Argument[1]", "xpath-injection", "manual"] + - ["org.dom4j", "Node", True, "createXPath", "", "", "Argument[0]", "xpath-injection", "manual"] + - ["org.dom4j", "Node", True, "matches", "", "", "Argument[0]", "xpath-injection", "manual"] + - ["org.dom4j", "Node", True, "numberValueOf", "", "", "Argument[0]", "xpath-injection", "manual"] + - ["org.dom4j", "Node", True, "selectNodes", "", "", "Argument[0..1]", "xpath-injection", "manual"] + - ["org.dom4j", "Node", True, "selectObject", "", "", "Argument[0]", "xpath-injection", "manual"] + - ["org.dom4j", "Node", True, "selectSingleNode", "", "", "Argument[0]", "xpath-injection", "manual"] + - ["org.dom4j", "Node", True, "valueOf", "", "", "Argument[0]", "xpath-injection", "manual"] diff --git a/java/ql/lib/ext/org.dom4j.tree.model.yml b/java/ql/lib/ext/org.dom4j.tree.model.yml index 0896937bb16..3117806aa6e 100644 --- a/java/ql/lib/ext/org.dom4j.tree.model.yml +++ b/java/ql/lib/ext/org.dom4j.tree.model.yml @@ -3,5 +3,5 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.dom4j.tree", "AbstractNode", True, "createPattern", "", "", "Argument[0]", "xpath", "manual"] - - ["org.dom4j.tree", "AbstractNode", True, "createXPathFilter", "", "", "Argument[0]", "xpath", "manual"] + - ["org.dom4j.tree", "AbstractNode", True, "createPattern", "", "", "Argument[0]", "xpath-injection", "manual"] + - ["org.dom4j.tree", "AbstractNode", True, "createXPathFilter", "", "", "Argument[0]", "xpath-injection", "manual"] diff --git a/java/ql/lib/ext/org.dom4j.util.model.yml b/java/ql/lib/ext/org.dom4j.util.model.yml index d7dc55cd145..530652f2ede 100644 --- a/java/ql/lib/ext/org.dom4j.util.model.yml +++ b/java/ql/lib/ext/org.dom4j.util.model.yml @@ -3,6 +3,6 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.dom4j.util", "ProxyDocumentFactory", True, "createPattern", "", "", "Argument[0]", "xpath", "manual"] - - ["org.dom4j.util", "ProxyDocumentFactory", True, "createXPath", "", "", "Argument[0]", "xpath", "manual"] - - ["org.dom4j.util", "ProxyDocumentFactory", True, "createXPathFilter", "", "", "Argument[0]", "xpath", "manual"] + - ["org.dom4j.util", "ProxyDocumentFactory", True, "createPattern", "", "", "Argument[0]", "xpath-injection", "manual"] + - ["org.dom4j.util", "ProxyDocumentFactory", True, "createXPath", "", "", "Argument[0]", "xpath-injection", "manual"] + - ["org.dom4j.util", "ProxyDocumentFactory", True, "createXPathFilter", "", "", "Argument[0]", "xpath-injection", "manual"] diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index 48725115430..b61aa86f3d5 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -275,10 +275,10 @@ module ModelValidation { not kind = [ "open-url", "jndi-injection", "ldap", "sql-injection", "jdbc-url", "logging", "mvel", - "xpath", "groovy", "xss", "ognl-injection", "intent-start", "pending-intent-sent", - "url-redirection", "create-file", "read-file", "write-file", "set-hostname-verifier", - "header-splitting", "information-leak", "xslt", "jexl", "bean-validation", "ssti", - "fragment-injection", "command-injection" + "xpath-injection", "groovy", "xss", "ognl-injection", "intent-start", + "pending-intent-sent", "url-redirection", "create-file", "read-file", "write-file", + "set-hostname-verifier", "header-splitting", "information-leak", "xslt", "jexl", + "bean-validation", "ssti", "fragment-injection", "command-injection" ] and not kind.matches("regex-use%") and not kind.matches("qltest%") and diff --git a/java/ql/lib/semmle/code/java/security/XPath.qll b/java/ql/lib/semmle/code/java/security/XPath.qll index c8b1077990d..573d6530b33 100644 --- a/java/ql/lib/semmle/code/java/security/XPath.qll +++ b/java/ql/lib/semmle/code/java/security/XPath.qll @@ -13,7 +13,7 @@ abstract class XPathInjectionSink extends DataFlow::Node { } /** A default sink representing methods susceptible to XPath Injection attacks. */ private class DefaultXPathInjectionSink extends XPathInjectionSink { DefaultXPathInjectionSink() { - sinkNode(this, "xpath") + sinkNode(this, "xpath-injection") or exists(ClassInstanceExpr constructor | constructor.getConstructedType().getASourceSupertype*().hasQualifiedName("org.dom4j", "XPath") From 8c4b394e1ab231f070ea05067593dd9fee864c02 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Tue, 9 May 2023 12:01:24 -0400 Subject: [PATCH 750/870] Java: update ssti sink kind to template-injection --- java/ql/lib/ext/com.hubspot.jinjava.model.yml | 4 ++-- .../lib/ext/com.mitchellbosecke.pebble.model.yml | 4 ++-- java/ql/lib/ext/freemarker.cache.model.yml | 2 +- java/ql/lib/ext/freemarker.template.model.yml | 14 +++++++------- java/ql/lib/ext/org.apache.velocity.app.model.yml | 8 ++++---- .../lib/ext/org.apache.velocity.runtime.model.yml | 6 +++--- ...apache.velocity.runtime.resource.util.model.yml | 2 +- java/ql/lib/ext/org.thymeleaf.model.yml | 4 ++-- .../lib/semmle/code/java/dataflow/ExternalFlow.qll | 2 +- .../code/java/security/TemplateInjection.qll | 2 +- 10 files changed, 24 insertions(+), 24 deletions(-) diff --git a/java/ql/lib/ext/com.hubspot.jinjava.model.yml b/java/ql/lib/ext/com.hubspot.jinjava.model.yml index 2172da483f8..9c8866c9c14 100644 --- a/java/ql/lib/ext/com.hubspot.jinjava.model.yml +++ b/java/ql/lib/ext/com.hubspot.jinjava.model.yml @@ -3,5 +3,5 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["com.hubspot.jinjava", "Jinjava", True, "render", "", "", "Argument[0]", "ssti", "manual"] - - ["com.hubspot.jinjava", "Jinjava", True, "renderForResult", "", "", "Argument[0]", "ssti", "manual"] + - ["com.hubspot.jinjava", "Jinjava", True, "render", "", "", "Argument[0]", "template-injection", "manual"] + - ["com.hubspot.jinjava", "Jinjava", True, "renderForResult", "", "", "Argument[0]", "template-injection", "manual"] diff --git a/java/ql/lib/ext/com.mitchellbosecke.pebble.model.yml b/java/ql/lib/ext/com.mitchellbosecke.pebble.model.yml index 74b227da1dd..72c466af08c 100644 --- a/java/ql/lib/ext/com.mitchellbosecke.pebble.model.yml +++ b/java/ql/lib/ext/com.mitchellbosecke.pebble.model.yml @@ -3,5 +3,5 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["com.mitchellbosecke.pebble", "PebbleEngine", True, "getLiteralTemplate", "", "", "Argument[0]", "ssti", "manual"] - - ["com.mitchellbosecke.pebble", "PebbleEngine", True, "getTemplate", "", "", "Argument[0]", "ssti", "manual"] + - ["com.mitchellbosecke.pebble", "PebbleEngine", True, "getLiteralTemplate", "", "", "Argument[0]", "template-injection", "manual"] + - ["com.mitchellbosecke.pebble", "PebbleEngine", True, "getTemplate", "", "", "Argument[0]", "template-injection", "manual"] diff --git a/java/ql/lib/ext/freemarker.cache.model.yml b/java/ql/lib/ext/freemarker.cache.model.yml index b65e6386ad6..b09961f0686 100644 --- a/java/ql/lib/ext/freemarker.cache.model.yml +++ b/java/ql/lib/ext/freemarker.cache.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["freemarker.cache", "StringTemplateLoader", True, "putTemplate", "", "", "Argument[1]", "ssti", "manual"] + - ["freemarker.cache", "StringTemplateLoader", True, "putTemplate", "", "", "Argument[1]", "template-injection", "manual"] diff --git a/java/ql/lib/ext/freemarker.template.model.yml b/java/ql/lib/ext/freemarker.template.model.yml index 96087a2b9ba..afc9579719d 100644 --- a/java/ql/lib/ext/freemarker.template.model.yml +++ b/java/ql/lib/ext/freemarker.template.model.yml @@ -3,10 +3,10 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["freemarker.template", "Template", True, "Template", "(String,Reader)", "", "Argument[1]", "ssti", "manual"] - - ["freemarker.template", "Template", True, "Template", "(String,Reader,Configuration)", "", "Argument[1]", "ssti", "manual"] - - ["freemarker.template", "Template", True, "Template", "(String,Reader,Configuration,String)", "", "Argument[1]", "ssti", "manual"] - - ["freemarker.template", "Template", True, "Template", "(String,String,Configuration)", "", "Argument[1]", "ssti", "manual"] - - ["freemarker.template", "Template", True, "Template", "(String,String,Reader,Configuration)", "", "Argument[2]", "ssti", "manual"] - - ["freemarker.template", "Template", True, "Template", "(String,String,Reader,Configuration,ParserConfiguration,String)", "", "Argument[2]", "ssti", "manual"] - - ["freemarker.template", "Template", True, "Template", "(String,String,Reader,Configuration,String)", "", "Argument[2]", "ssti", "manual"] + - ["freemarker.template", "Template", True, "Template", "(String,Reader)", "", "Argument[1]", "template-injection", "manual"] + - ["freemarker.template", "Template", True, "Template", "(String,Reader,Configuration)", "", "Argument[1]", "template-injection", "manual"] + - ["freemarker.template", "Template", True, "Template", "(String,Reader,Configuration,String)", "", "Argument[1]", "template-injection", "manual"] + - ["freemarker.template", "Template", True, "Template", "(String,String,Configuration)", "", "Argument[1]", "template-injection", "manual"] + - ["freemarker.template", "Template", True, "Template", "(String,String,Reader,Configuration)", "", "Argument[2]", "template-injection", "manual"] + - ["freemarker.template", "Template", True, "Template", "(String,String,Reader,Configuration,ParserConfiguration,String)", "", "Argument[2]", "template-injection", "manual"] + - ["freemarker.template", "Template", True, "Template", "(String,String,Reader,Configuration,String)", "", "Argument[2]", "template-injection", "manual"] diff --git a/java/ql/lib/ext/org.apache.velocity.app.model.yml b/java/ql/lib/ext/org.apache.velocity.app.model.yml index 1afc328b882..307f534d3ea 100644 --- a/java/ql/lib/ext/org.apache.velocity.app.model.yml +++ b/java/ql/lib/ext/org.apache.velocity.app.model.yml @@ -3,7 +3,7 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.velocity.app", "Velocity", True, "evaluate", "", "", "Argument[3]", "ssti", "manual"] - - ["org.apache.velocity.app", "Velocity", True, "mergeTemplate", "", "", "Argument[2]", "ssti", "manual"] - - ["org.apache.velocity.app", "VelocityEngine", True, "evaluate", "", "", "Argument[3]", "ssti", "manual"] - - ["org.apache.velocity.app", "VelocityEngine", True, "mergeTemplate", "", "", "Argument[2]", "ssti", "manual"] + - ["org.apache.velocity.app", "Velocity", True, "evaluate", "", "", "Argument[3]", "template-injection", "manual"] + - ["org.apache.velocity.app", "Velocity", True, "mergeTemplate", "", "", "Argument[2]", "template-injection", "manual"] + - ["org.apache.velocity.app", "VelocityEngine", True, "evaluate", "", "", "Argument[3]", "template-injection", "manual"] + - ["org.apache.velocity.app", "VelocityEngine", True, "mergeTemplate", "", "", "Argument[2]", "template-injection", "manual"] diff --git a/java/ql/lib/ext/org.apache.velocity.runtime.model.yml b/java/ql/lib/ext/org.apache.velocity.runtime.model.yml index a8f740a2301..68f4e16fc5a 100644 --- a/java/ql/lib/ext/org.apache.velocity.runtime.model.yml +++ b/java/ql/lib/ext/org.apache.velocity.runtime.model.yml @@ -3,6 +3,6 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.velocity.runtime", "RuntimeServices", True, "evaluate", "", "", "Argument[3]", "ssti", "manual"] - - ["org.apache.velocity.runtime", "RuntimeServices", True, "parse", "", "", "Argument[0]", "ssti", "manual"] - - ["org.apache.velocity.runtime", "RuntimeSingleton", True, "parse", "", "", "Argument[0]", "ssti", "manual"] + - ["org.apache.velocity.runtime", "RuntimeServices", True, "evaluate", "", "", "Argument[3]", "template-injection", "manual"] + - ["org.apache.velocity.runtime", "RuntimeServices", True, "parse", "", "", "Argument[0]", "template-injection", "manual"] + - ["org.apache.velocity.runtime", "RuntimeSingleton", True, "parse", "", "", "Argument[0]", "template-injection", "manual"] diff --git a/java/ql/lib/ext/org.apache.velocity.runtime.resource.util.model.yml b/java/ql/lib/ext/org.apache.velocity.runtime.resource.util.model.yml index 4d3ce4c37ed..a204fb0711d 100644 --- a/java/ql/lib/ext/org.apache.velocity.runtime.resource.util.model.yml +++ b/java/ql/lib/ext/org.apache.velocity.runtime.resource.util.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.velocity.runtime.resource.util", "StringResourceRepository", True, "putStringResource", "", "", "Argument[1]", "ssti", "manual"] + - ["org.apache.velocity.runtime.resource.util", "StringResourceRepository", True, "putStringResource", "", "", "Argument[1]", "template-injection", "manual"] diff --git a/java/ql/lib/ext/org.thymeleaf.model.yml b/java/ql/lib/ext/org.thymeleaf.model.yml index 66361b05836..2556cad8314 100644 --- a/java/ql/lib/ext/org.thymeleaf.model.yml +++ b/java/ql/lib/ext/org.thymeleaf.model.yml @@ -3,8 +3,8 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.thymeleaf", "ITemplateEngine", True, "process", "", "", "Argument[0]", "ssti", "manual"] - - ["org.thymeleaf", "ITemplateEngine", True, "processThrottled", "", "", "Argument[0]", "ssti", "manual"] + - ["org.thymeleaf", "ITemplateEngine", True, "process", "", "", "Argument[0]", "template-injection", "manual"] + - ["org.thymeleaf", "ITemplateEngine", True, "processThrottled", "", "", "Argument[0]", "template-injection", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index b61aa86f3d5..a22dbd6b5e8 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -278,7 +278,7 @@ module ModelValidation { "xpath-injection", "groovy", "xss", "ognl-injection", "intent-start", "pending-intent-sent", "url-redirection", "create-file", "read-file", "write-file", "set-hostname-verifier", "header-splitting", "information-leak", "xslt", "jexl", - "bean-validation", "ssti", "fragment-injection", "command-injection" + "bean-validation", "template-injection", "fragment-injection", "command-injection" ] and not kind.matches("regex-use%") and not kind.matches("qltest%") and diff --git a/java/ql/lib/semmle/code/java/security/TemplateInjection.qll b/java/ql/lib/semmle/code/java/security/TemplateInjection.qll index b8625556c7a..bd568355886 100644 --- a/java/ql/lib/semmle/code/java/security/TemplateInjection.qll +++ b/java/ql/lib/semmle/code/java/security/TemplateInjection.qll @@ -66,7 +66,7 @@ private class DefaultTemplateInjectionSource extends TemplateInjectionSource ins { } private class DefaultTemplateInjectionSink extends TemplateInjectionSink { - DefaultTemplateInjectionSink() { sinkNode(this, "ssti") } + DefaultTemplateInjectionSink() { sinkNode(this, "template-injection") } } private class DefaultTemplateInjectionSanitizer extends TemplateInjectionSanitizer { From 430010daa377832238ef4fea3805448c6e831107 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Tue, 9 May 2023 12:02:09 -0400 Subject: [PATCH 751/870] Java: update logging sink kind to log-injection --- java/ql/lib/ext/android.util.model.yml | 12 +- .../ext/com.google.common.flogger.model.yml | 58 +- java/ql/lib/ext/java.lang.model.yml | 16 +- java/ql/lib/ext/java.util.logging.model.yml | 68 +- .../ext/org.apache.commons.logging.model.yml | 12 +- java/ql/lib/ext/org.apache.log4j.model.yml | 22 +- .../ext/org.apache.logging.log4j.model.yml | 718 +++++++++--------- java/ql/lib/ext/org.jboss.logging.model.yml | 648 ++++++++-------- java/ql/lib/ext/org.scijava.log.model.yml | 26 +- java/ql/lib/ext/org.slf4j.model.yml | 100 +-- java/ql/lib/ext/org.slf4j.spi.model.yml | 10 +- .../code/java/dataflow/ExternalFlow.qll | 4 +- .../code/java/security/LogInjection.qll | 2 +- .../java/security/SensitiveLoggingQuery.qll | 4 +- .../internal/CaptureModelsSpecific.qll | 2 +- 15 files changed, 851 insertions(+), 851 deletions(-) diff --git a/java/ql/lib/ext/android.util.model.yml b/java/ql/lib/ext/android.util.model.yml index b57ff4819a7..eaf9d142f54 100644 --- a/java/ql/lib/ext/android.util.model.yml +++ b/java/ql/lib/ext/android.util.model.yml @@ -23,9 +23,9 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["android.util", "Log", True, "d", "", "", "Argument[1]", "logging", "manual"] - - ["android.util", "Log", True, "e", "", "", "Argument[1]", "logging", "manual"] - - ["android.util", "Log", True, "i", "", "", "Argument[1]", "logging", "manual"] - - ["android.util", "Log", True, "v", "", "", "Argument[1]", "logging", "manual"] - - ["android.util", "Log", True, "w", "", "", "Argument[1]", "logging", "manual"] - - ["android.util", "Log", True, "wtf", "", "", "Argument[1]", "logging", "manual"] + - ["android.util", "Log", True, "d", "", "", "Argument[1]", "log-injection", "manual"] + - ["android.util", "Log", True, "e", "", "", "Argument[1]", "log-injection", "manual"] + - ["android.util", "Log", True, "i", "", "", "Argument[1]", "log-injection", "manual"] + - ["android.util", "Log", True, "v", "", "", "Argument[1]", "log-injection", "manual"] + - ["android.util", "Log", True, "w", "", "", "Argument[1]", "log-injection", "manual"] + - ["android.util", "Log", True, "wtf", "", "", "Argument[1]", "log-injection", "manual"] diff --git a/java/ql/lib/ext/com.google.common.flogger.model.yml b/java/ql/lib/ext/com.google.common.flogger.model.yml index b9a800b6210..23ae9236fd7 100644 --- a/java/ql/lib/ext/com.google.common.flogger.model.yml +++ b/java/ql/lib/ext/com.google.common.flogger.model.yml @@ -3,32 +3,32 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["com.google.common.flogger", "LoggingApi", True, "log", "", "", "Argument[0]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object)", "", "Argument[1]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object[])", "", "Argument[1..11]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,boolean)", "", "Argument[1]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,byte)", "", "Argument[1]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,char)", "", "Argument[1]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,double)", "", "Argument[1]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,float)", "", "Argument[1]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,int)", "", "Argument[1]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,long)", "", "Argument[1]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,short)", "", "Argument[1]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,boolean,Object)", "", "Argument[2]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,byte,Object)", "", "Argument[2]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,char,Object)", "", "Argument[2]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,double,Object)", "", "Argument[2]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,float,Object)", "", "Argument[2]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,int,Object)", "", "Argument[2]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,long,Object)", "", "Argument[2]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,short,Object)", "", "Argument[2]", "logging", "manual"] - - ["com.google.common.flogger", "LoggingApi", True, "logVarargs", "", "", "Argument[0..1]", "logging", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "", "", "Argument[0]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object)", "", "Argument[1]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object)", "", "Argument[1..4]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object,Object)", "", "Argument[1..5]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object[])", "", "Argument[1..11]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,boolean)", "", "Argument[1]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,byte)", "", "Argument[1]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,char)", "", "Argument[1]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,double)", "", "Argument[1]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,float)", "", "Argument[1]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,int)", "", "Argument[1]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,long)", "", "Argument[1]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,Object,short)", "", "Argument[1]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,boolean,Object)", "", "Argument[2]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,byte,Object)", "", "Argument[2]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,char,Object)", "", "Argument[2]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,double,Object)", "", "Argument[2]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,float,Object)", "", "Argument[2]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,int,Object)", "", "Argument[2]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,long,Object)", "", "Argument[2]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "log", "(String,short,Object)", "", "Argument[2]", "log-injection", "manual"] + - ["com.google.common.flogger", "LoggingApi", True, "logVarargs", "", "", "Argument[0..1]", "log-injection", "manual"] diff --git a/java/ql/lib/ext/java.lang.model.yml b/java/ql/lib/ext/java.lang.model.yml index bbb269b3d55..b5db4e60f58 100644 --- a/java/ql/lib/ext/java.lang.model.yml +++ b/java/ql/lib/ext/java.lang.model.yml @@ -29,14 +29,14 @@ extensions: # These are modeled in plain CodeQL. TODO: migrate them. # - ["java.lang", "System", False, "load", "(String)", "", "Argument[0]", "command-injection", "ai-manual"] # This is actually injecting a library. # - ["java.lang", "System", False, "loadLibrary", "(String)", "", "Argument[0]", "command-injection", "ai-manual"] # This is actually injecting a library. - - ["java.lang", "System$Logger", True, "log", "(Level,Object)", "", "Argument[1]", "logging", "manual"] - - ["java.lang", "System$Logger", True, "log", "(Level,ResourceBundle,String,Object[])", "", "Argument[2..3]", "logging", "manual"] - - ["java.lang", "System$Logger", True, "log", "(Level,ResourceBundle,String,Throwable)", "", "Argument[2]", "logging", "manual"] - - ["java.lang", "System$Logger", True, "log", "(Level,String)", "", "Argument[1]", "logging", "manual"] - - ["java.lang", "System$Logger", True, "log", "(Level,String,Object[])", "", "Argument[1..2]", "logging", "manual"] - - ["java.lang", "System$Logger", True, "log", "(Level,String,Supplier)", "", "Argument[1..2]", "logging", "manual"] - - ["java.lang", "System$Logger", True, "log", "(Level,String,Supplier,Throwable)", "", "Argument[1..2]", "logging", "manual"] - - ["java.lang", "System$Logger", True, "log", "(Level,String,Throwable)", "", "Argument[1]", "logging", "manual"] + - ["java.lang", "System$Logger", True, "log", "(Level,Object)", "", "Argument[1]", "log-injection", "manual"] + - ["java.lang", "System$Logger", True, "log", "(Level,ResourceBundle,String,Object[])", "", "Argument[2..3]", "log-injection", "manual"] + - ["java.lang", "System$Logger", True, "log", "(Level,ResourceBundle,String,Throwable)", "", "Argument[2]", "log-injection", "manual"] + - ["java.lang", "System$Logger", True, "log", "(Level,String)", "", "Argument[1]", "log-injection", "manual"] + - ["java.lang", "System$Logger", True, "log", "(Level,String,Object[])", "", "Argument[1..2]", "log-injection", "manual"] + - ["java.lang", "System$Logger", True, "log", "(Level,String,Supplier)", "", "Argument[1..2]", "log-injection", "manual"] + - ["java.lang", "System$Logger", True, "log", "(Level,String,Supplier,Throwable)", "", "Argument[1..2]", "log-injection", "manual"] + - ["java.lang", "System$Logger", True, "log", "(Level,String,Throwable)", "", "Argument[1]", "log-injection", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/java.util.logging.model.yml b/java/ql/lib/ext/java.util.logging.model.yml index 05d7aa62a70..330a2d469a8 100644 --- a/java/ql/lib/ext/java.util.logging.model.yml +++ b/java/ql/lib/ext/java.util.logging.model.yml @@ -3,40 +3,40 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["java.util.logging", "Logger", True, "config", "", "", "Argument[0]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "entering", "(String,String)", "", "Argument[0..1]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "entering", "(String,String,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "entering", "(String,String,Object[])", "", "Argument[0..2]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "exiting", "(String,String)", "", "Argument[0..1]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "exiting", "(String,String,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "fine", "", "", "Argument[0]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "finer", "", "", "Argument[0]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "finest", "", "", "Argument[0]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "info", "", "", "Argument[0]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "log", "(Level,String)", "", "Argument[1]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "log", "(Level,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "log", "(Level,String,Object[])", "", "Argument[1..2]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "log", "(Level,String,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "log", "(Level,Supplier)", "", "Argument[1]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "log", "(Level,Throwable,Supplier)", "", "Argument[2]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "log", "(LogRecord)", "", "Argument[0]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "logp", "(Level,String,String,String)", "", "Argument[1..3]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "logp", "(Level,String,String,String,Object)", "", "Argument[1..4]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "logp", "(Level,String,String,String,Object[])", "", "Argument[1..4]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "logp", "(Level,String,String,String,Throwable)", "", "Argument[1..3]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "logp", "(Level,String,String,Supplier)", "", "Argument[1..3]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "logp", "(Level,String,String,Throwable,Supplier)", "", "Argument[1..2]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "logp", "(Level,String,String,Throwable,Supplier)", "", "Argument[4]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,ResourceBundle,String,Object[])", "", "Argument[1..2]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,ResourceBundle,String,Object[])", "", "Argument[4..5]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,ResourceBundle,String,Throwable)", "", "Argument[1..2]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,ResourceBundle,String,Throwable)", "", "Argument[4]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,String,String)", "", "Argument[1..4]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,String,String,Object)", "", "Argument[1..5]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,String,String,Object[])", "", "Argument[1..5]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,String,String,Throwable)", "", "Argument[1..4]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "severe", "", "", "Argument[0]", "logging", "manual"] - - ["java.util.logging", "Logger", True, "warning", "", "", "Argument[0]", "logging", "manual"] + - ["java.util.logging", "Logger", True, "config", "", "", "Argument[0]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "entering", "(String,String)", "", "Argument[0..1]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "entering", "(String,String,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "entering", "(String,String,Object[])", "", "Argument[0..2]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "exiting", "(String,String)", "", "Argument[0..1]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "exiting", "(String,String,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "fine", "", "", "Argument[0]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "finer", "", "", "Argument[0]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "finest", "", "", "Argument[0]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "info", "", "", "Argument[0]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "log", "(Level,String)", "", "Argument[1]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "log", "(Level,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "log", "(Level,String,Object[])", "", "Argument[1..2]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "log", "(Level,String,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "log", "(Level,Supplier)", "", "Argument[1]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "log", "(Level,Throwable,Supplier)", "", "Argument[2]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "log", "(LogRecord)", "", "Argument[0]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "logp", "(Level,String,String,String)", "", "Argument[1..3]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "logp", "(Level,String,String,String,Object)", "", "Argument[1..4]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "logp", "(Level,String,String,String,Object[])", "", "Argument[1..4]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "logp", "(Level,String,String,String,Throwable)", "", "Argument[1..3]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "logp", "(Level,String,String,Supplier)", "", "Argument[1..3]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "logp", "(Level,String,String,Throwable,Supplier)", "", "Argument[1..2]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "logp", "(Level,String,String,Throwable,Supplier)", "", "Argument[4]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,ResourceBundle,String,Object[])", "", "Argument[1..2]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,ResourceBundle,String,Object[])", "", "Argument[4..5]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,ResourceBundle,String,Throwable)", "", "Argument[1..2]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,ResourceBundle,String,Throwable)", "", "Argument[4]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,String,String)", "", "Argument[1..4]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,String,String,Object)", "", "Argument[1..5]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,String,String,Object[])", "", "Argument[1..5]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "logrb", "(Level,String,String,String,String,Throwable)", "", "Argument[1..4]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "severe", "", "", "Argument[0]", "log-injection", "manual"] + - ["java.util.logging", "Logger", True, "warning", "", "", "Argument[0]", "log-injection", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/org.apache.commons.logging.model.yml b/java/ql/lib/ext/org.apache.commons.logging.model.yml index 8f40e26f2a1..7e2be01c522 100644 --- a/java/ql/lib/ext/org.apache.commons.logging.model.yml +++ b/java/ql/lib/ext/org.apache.commons.logging.model.yml @@ -3,9 +3,9 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.commons.logging", "Log", True, "debug", "", "", "Argument[0]", "logging", "manual"] - - ["org.apache.commons.logging", "Log", True, "error", "", "", "Argument[0]", "logging", "manual"] - - ["org.apache.commons.logging", "Log", True, "fatal", "", "", "Argument[0]", "logging", "manual"] - - ["org.apache.commons.logging", "Log", True, "info", "", "", "Argument[0]", "logging", "manual"] - - ["org.apache.commons.logging", "Log", True, "trace", "", "", "Argument[0]", "logging", "manual"] - - ["org.apache.commons.logging", "Log", True, "warn", "", "", "Argument[0]", "logging", "manual"] + - ["org.apache.commons.logging", "Log", True, "debug", "", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.commons.logging", "Log", True, "error", "", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.commons.logging", "Log", True, "fatal", "", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.commons.logging", "Log", True, "info", "", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.commons.logging", "Log", True, "trace", "", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.commons.logging", "Log", True, "warn", "", "", "Argument[0]", "log-injection", "manual"] diff --git a/java/ql/lib/ext/org.apache.log4j.model.yml b/java/ql/lib/ext/org.apache.log4j.model.yml index 309f238111b..e27bdef0fbf 100644 --- a/java/ql/lib/ext/org.apache.log4j.model.yml +++ b/java/ql/lib/ext/org.apache.log4j.model.yml @@ -3,14 +3,14 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.log4j", "Category", True, "assertLog", "", "", "Argument[1]", "logging", "manual"] - - ["org.apache.log4j", "Category", True, "debug", "", "", "Argument[0]", "logging", "manual"] - - ["org.apache.log4j", "Category", True, "error", "", "", "Argument[0]", "logging", "manual"] - - ["org.apache.log4j", "Category", True, "fatal", "", "", "Argument[0]", "logging", "manual"] - - ["org.apache.log4j", "Category", True, "forcedLog", "", "", "Argument[2]", "logging", "manual"] - - ["org.apache.log4j", "Category", True, "info", "", "", "Argument[0]", "logging", "manual"] - - ["org.apache.log4j", "Category", True, "l7dlog", "(Priority,String,Object[],Throwable)", "", "Argument[2]", "logging", "manual"] - - ["org.apache.log4j", "Category", True, "log", "(Priority,Object)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.log4j", "Category", True, "log", "(Priority,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.log4j", "Category", True, "log", "(String,Priority,Object,Throwable)", "", "Argument[2]", "logging", "manual"] - - ["org.apache.log4j", "Category", True, "warn", "", "", "Argument[0]", "logging", "manual"] + - ["org.apache.log4j", "Category", True, "assertLog", "", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.log4j", "Category", True, "debug", "", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.log4j", "Category", True, "error", "", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.log4j", "Category", True, "fatal", "", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.log4j", "Category", True, "forcedLog", "", "", "Argument[2]", "log-injection", "manual"] + - ["org.apache.log4j", "Category", True, "info", "", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.log4j", "Category", True, "l7dlog", "(Priority,String,Object[],Throwable)", "", "Argument[2]", "log-injection", "manual"] + - ["org.apache.log4j", "Category", True, "log", "(Priority,Object)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.log4j", "Category", True, "log", "(Priority,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.log4j", "Category", True, "log", "(String,Priority,Object,Throwable)", "", "Argument[2]", "log-injection", "manual"] + - ["org.apache.log4j", "Category", True, "warn", "", "", "Argument[0]", "log-injection", "manual"] diff --git a/java/ql/lib/ext/org.apache.logging.log4j.model.yml b/java/ql/lib/ext/org.apache.logging.log4j.model.yml index 5ffe10450a0..2c48df24365 100644 --- a/java/ql/lib/ext/org.apache.logging.log4j.model.yml +++ b/java/ql/lib/ext/org.apache.logging.log4j.model.yml @@ -3,365 +3,365 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(CharSequence)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(Message)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "logging", "manual"] - - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "logging", "manual"] - - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "logging", "manual"] - - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "logging", "manual"] - - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "logging", "manual"] - - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "logging", "manual"] - - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Supplier)", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(Supplier)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(CharSequence)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(CharSequence,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,CharSequence)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,Message)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,MessageSupplier)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,Object)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object[])", "", "Argument[1..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Supplier)", "", "Argument[1..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,Supplier)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,Supplier,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Message)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Message,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(MessageSupplier)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(MessageSupplier,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(String)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Supplier)", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Supplier)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "debug", "(Supplier,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "entry", "(Object[])", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(CharSequence)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(CharSequence,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,CharSequence)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,Message)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,MessageSupplier)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,Object)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object[])", "", "Argument[1..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Supplier)", "", "Argument[1..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,Supplier)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,Supplier,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Message)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Message,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(MessageSupplier)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(MessageSupplier,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(String)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Supplier)", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Supplier)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "error", "(Supplier,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(CharSequence)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(CharSequence,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,CharSequence)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,Message)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,MessageSupplier)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,Object)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object[])", "", "Argument[1..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Supplier)", "", "Argument[1..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,Supplier)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,Supplier,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Message)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Message,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(MessageSupplier)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(MessageSupplier,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Supplier)", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Supplier)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Supplier,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(CharSequence)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(CharSequence,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,CharSequence)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,Message)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,MessageSupplier)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,Object)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object[])", "", "Argument[1..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Supplier)", "", "Argument[1..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,Supplier)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,Supplier,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Message)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Message,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(MessageSupplier)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(MessageSupplier,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(String)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Supplier)", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Supplier)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "info", "(Supplier,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,CharSequence)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,CharSequence,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,CharSequence)", "", "Argument[2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,CharSequence,Throwable)", "", "Argument[2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,Message)", "", "Argument[2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,MessageSupplier)", "", "Argument[2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,MessageSupplier,Throwable)", "", "Argument[2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,Object)", "", "Argument[2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,Object,Throwable)", "", "Argument[2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String)", "", "Argument[2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object)", "", "Argument[2..3]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object)", "", "Argument[2..4]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object)", "", "Argument[2..5]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object)", "", "Argument[2..6]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object)", "", "Argument[2..7]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[2..8]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[2..9]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[2..10]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[2..11]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[2..12]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object[])", "", "Argument[2..3]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Supplier)", "", "Argument[2..3]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Throwable)", "", "Argument[2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,Supplier)", "", "Argument[2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,Supplier,Throwable)", "", "Argument[2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Message)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Message,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,MessageSupplier)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,MessageSupplier,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Object)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object[])", "", "Argument[1..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Supplier)", "", "Argument[1..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Supplier)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Supplier,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "logMessage", "(Level,Marker,String,StackTraceElement,Message,Throwable)", "", "Argument[4]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "printf", "(Level,Marker,String,Object[])", "", "Argument[2..3]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "printf", "(Level,String,Object[])", "", "Argument[1..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(CharSequence)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(CharSequence,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,CharSequence)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,Message)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,MessageSupplier)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,Object)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object[])", "", "Argument[1..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Supplier)", "", "Argument[1..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,Supplier)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,Supplier,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Message)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Message,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(MessageSupplier)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(MessageSupplier,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(String)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Supplier)", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Supplier)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "trace", "(Supplier,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "traceEntry", "(Message)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "traceEntry", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "traceEntry", "(String,Supplier[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "traceEntry", "(Supplier[])", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "traceExit", "(EntryMessage)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "traceExit", "(EntryMessage,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "traceExit", "(Message,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "traceExit", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "traceExit", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(CharSequence)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(CharSequence,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,CharSequence)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,Message)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,MessageSupplier)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,Object)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object[])", "", "Argument[1..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Supplier)", "", "Argument[1..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,Supplier)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,Supplier,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Message)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Message,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(MessageSupplier)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(MessageSupplier,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(String)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Supplier)", "", "Argument[0..1]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Supplier)", "", "Argument[0]", "logging", "manual"] - - ["org.apache.logging.log4j", "Logger", True, "warn", "(Supplier,Throwable)", "", "Argument[0]", "logging", "manual"] + - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(CharSequence)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(Message)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(String,Supplier)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "LogBuilder", True, "log", "(Supplier)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(CharSequence)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(CharSequence,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,CharSequence)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,Message)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,MessageSupplier)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,Object)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Object[])", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Supplier)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,String,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,Supplier)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Marker,Supplier,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Message)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Message,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(MessageSupplier)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(MessageSupplier,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Object,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(String)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Supplier)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(String,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Supplier)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "debug", "(Supplier,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "entry", "(Object[])", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(CharSequence)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(CharSequence,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,CharSequence)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,Message)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,MessageSupplier)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,Object)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Object[])", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Supplier)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,String,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,Supplier)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Marker,Supplier,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Message)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Message,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(MessageSupplier)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(MessageSupplier,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Object,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(String)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Supplier)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(String,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Supplier)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "error", "(Supplier,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(CharSequence)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(CharSequence,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,CharSequence)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,Message)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,MessageSupplier)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,Object)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Object[])", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Supplier)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,String,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,Supplier)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Marker,Supplier,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Message)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Message,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(MessageSupplier)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(MessageSupplier,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Object,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Supplier)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(String,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Supplier)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "fatal", "(Supplier,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(CharSequence)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(CharSequence,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,CharSequence)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,Message)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,MessageSupplier)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,Object)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Object[])", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Supplier)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,String,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,Supplier)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Marker,Supplier,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Message)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Message,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(MessageSupplier)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(MessageSupplier,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Object,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(String)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Supplier)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(String,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Supplier)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "info", "(Supplier,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,CharSequence)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,CharSequence,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,CharSequence)", "", "Argument[2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,CharSequence,Throwable)", "", "Argument[2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,Message)", "", "Argument[2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,MessageSupplier)", "", "Argument[2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,MessageSupplier,Throwable)", "", "Argument[2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,Object)", "", "Argument[2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,Object,Throwable)", "", "Argument[2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String)", "", "Argument[2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object)", "", "Argument[2..3]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object)", "", "Argument[2..4]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object)", "", "Argument[2..5]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object)", "", "Argument[2..6]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object)", "", "Argument[2..7]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[2..8]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[2..9]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[2..10]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[2..11]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[2..12]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Object[])", "", "Argument[2..3]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Supplier)", "", "Argument[2..3]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,String,Throwable)", "", "Argument[2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,Supplier)", "", "Argument[2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Marker,Supplier,Throwable)", "", "Argument[2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Message)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Message,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,MessageSupplier)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,MessageSupplier,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Object)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object)", "", "Argument[1..4]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object)", "", "Argument[1..5]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Object[])", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Supplier)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,String,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Supplier)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "log", "(Level,Supplier,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "logMessage", "(Level,Marker,String,StackTraceElement,Message,Throwable)", "", "Argument[4]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "printf", "(Level,Marker,String,Object[])", "", "Argument[2..3]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "printf", "(Level,String,Object[])", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(CharSequence)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(CharSequence,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,CharSequence)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,Message)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,MessageSupplier)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,Object)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Object[])", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Supplier)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,String,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,Supplier)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Marker,Supplier,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Message)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Message,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(MessageSupplier)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(MessageSupplier,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Object,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(String)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Supplier)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(String,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Supplier)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "trace", "(Supplier,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "traceEntry", "(Message)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "traceEntry", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "traceEntry", "(String,Supplier[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "traceEntry", "(Supplier[])", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "traceExit", "(EntryMessage)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "traceExit", "(EntryMessage,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "traceExit", "(Message,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "traceExit", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "traceExit", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(CharSequence)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(CharSequence,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,CharSequence)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,CharSequence,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,Message)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,MessageSupplier)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,MessageSupplier,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,Object)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object)", "", "Argument[1..5]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object)", "", "Argument[1..6]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object,Object)", "", "Argument[1..7]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..8]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..9]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..10]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[1..11]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Object[])", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Supplier)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,String,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,Supplier)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Marker,Supplier,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Message)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Message,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(MessageSupplier)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(MessageSupplier,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Object,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(String)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object)", "", "Argument[0..5]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object,Object)", "", "Argument[0..6]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..7]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..8]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..9]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object)", "", "Argument[0..10]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Supplier)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(String,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Supplier)", "", "Argument[0]", "log-injection", "manual"] + - ["org.apache.logging.log4j", "Logger", True, "warn", "(Supplier,Throwable)", "", "Argument[0]", "log-injection", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/org.jboss.logging.model.yml b/java/ql/lib/ext/org.jboss.logging.model.yml index 069ae852b77..31636f1a6a3 100644 --- a/java/ql/lib/ext/org.jboss.logging.model.yml +++ b/java/ql/lib/ext/org.jboss.logging.model.yml @@ -3,327 +3,327 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.jboss.logging", "BasicLogger", True, "debug", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "debug", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "debug", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "debug", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "debug", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "debug", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "debugf", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "debugf", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "debugf", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "debugf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "debugf", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "debugf", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "debugf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "debugf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "debugv", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "debugv", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "debugv", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "debugv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "debugv", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "debugv", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "debugv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "debugv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "error", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "error", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "error", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "error", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "error", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "error", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "errorf", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "errorf", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "errorf", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "errorf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "errorf", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "errorf", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "errorf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "errorf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "errorv", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "errorv", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "errorv", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "errorv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "errorv", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "errorv", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "errorv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "errorv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "fatal", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "fatal", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "fatal", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "fatal", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "fatal", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "fatal", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "info", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "info", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "info", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "info", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "info", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "info", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "infof", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "infof", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "infof", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "infof", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "infof", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "infof", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "infof", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "infof", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "infov", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "infov", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "infov", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "infov", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "infov", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "infov", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "infov", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "infov", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "log", "(Level,Object)", "", "Argument[1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "log", "(Level,Object,Object[])", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "log", "(Level,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "log", "(Level,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "log", "(Level,String,Object,Throwable)", "", "Argument[2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "log", "(String,Level,Object,Object[],Throwable)", "", "Argument[2..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,String,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,String,Object[])", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,Throwable,String,Object)", "", "Argument[2..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,Throwable,String,Object,Object)", "", "Argument[2..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,Throwable,String,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logf", "(String,Level,Throwable,String,Object)", "", "Argument[3..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logf", "(String,Level,Throwable,String,Object,Object)", "", "Argument[3..5]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logf", "(String,Level,Throwable,String,Object,Object,Object)", "", "Argument[3..6]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logf", "(String,Level,Throwable,String,Object[])", "", "Argument[3..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,String,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,String,Object[])", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,Throwable,String,Object)", "", "Argument[2..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,Throwable,String,Object,Object)", "", "Argument[2..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,Throwable,String,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logv", "(String,Level,Throwable,String,Object)", "", "Argument[3..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logv", "(String,Level,Throwable,String,Object,Object)", "", "Argument[3..5]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logv", "(String,Level,Throwable,String,Object,Object,Object)", "", "Argument[3..6]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "logv", "(String,Level,Throwable,String,Object[])", "", "Argument[3..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "trace", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "trace", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "trace", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "trace", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "trace", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "trace", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "tracef", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "tracef", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "tracef", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "tracef", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "tracef", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "tracef", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "tracef", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "tracef", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "tracev", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "tracev", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "tracev", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "tracev", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "tracev", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "tracev", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "tracev", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "tracev", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "warn", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "warn", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "warn", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "warn", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "warn", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "warn", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "warnf", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "warnf", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "warnf", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "warnf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "warnf", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "warnf", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "warnf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "warnf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "warnv", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "warnv", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "warnv", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "warnv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "warnv", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "warnv", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "warnv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "BasicLogger", True, "warnv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "debug", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "debug", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "debug", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "debug", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "debug", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "debug", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "debugf", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "debugf", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "debugf", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "debugf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "debugf", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "debugf", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "debugf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "debugf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "debugv", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "debugv", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "debugv", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "debugv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "debugv", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "debugv", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "debugv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "debugv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "error", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "error", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "error", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "error", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "error", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "error", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "errorf", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "errorf", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "errorf", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "errorf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "errorf", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "errorf", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "errorf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "errorf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "errorv", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "errorv", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "errorv", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "errorv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "errorv", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "errorv", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "errorv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "errorv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "fatal", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "fatal", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "fatal", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "fatal", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "fatal", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "fatal", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "fatalf", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "fatalf", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "fatalf", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "fatalf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "fatalf", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "fatalf", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "fatalf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "fatalf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "fatalv", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "fatalv", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "fatalv", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "fatalv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "fatalv", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "fatalv", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "fatalv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "fatalv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "info", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "info", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "info", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "info", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "info", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "info", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "infof", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "infof", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "infof", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "infof", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "infof", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "infof", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "infof", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "infof", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "infov", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "infov", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "infov", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "infov", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "infov", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "infov", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "infov", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "infov", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "log", "(Level,Object)", "", "Argument[1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "log", "(Level,Object,Object[])", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "log", "(Level,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "log", "(Level,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "log", "(Level,String,Object,Throwable)", "", "Argument[2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "log", "(String,Level,Object,Object[],Throwable)", "", "Argument[2..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logf", "(Level,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logf", "(Level,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logf", "(Level,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logf", "(Level,String,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logf", "(Level,String,Object[])", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logf", "(Level,Throwable,String,Object)", "", "Argument[2..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logf", "(Level,Throwable,String,Object,Object)", "", "Argument[2..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logf", "(Level,Throwable,String,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logf", "(String,Level,Throwable,String,Object)", "", "Argument[3..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logf", "(String,Level,Throwable,String,Object,Object)", "", "Argument[3..5]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logf", "(String,Level,Throwable,String,Object,Object,Object)", "", "Argument[3..6]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logf", "(String,Level,Throwable,String,Object[])", "", "Argument[3..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logv", "(Level,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logv", "(Level,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logv", "(Level,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logv", "(Level,String,Object,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logv", "(Level,String,Object[])", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logv", "(Level,Throwable,String,Object)", "", "Argument[2..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logv", "(Level,Throwable,String,Object,Object)", "", "Argument[2..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logv", "(Level,Throwable,String,Object,Object,Object)", "", "Argument[1..5]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logv", "(String,Level,Throwable,String,Object)", "", "Argument[3..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logv", "(String,Level,Throwable,String,Object,Object)", "", "Argument[3..5]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logv", "(String,Level,Throwable,String,Object,Object,Object)", "", "Argument[3..6]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "logv", "(String,Level,Throwable,String,Object[])", "", "Argument[3..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "trace", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "trace", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "trace", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "trace", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "trace", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "trace", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "tracef", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "tracef", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "tracef", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "tracef", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "tracef", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "tracef", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "tracef", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "tracef", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "tracev", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "tracev", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "tracev", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "tracev", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "tracev", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "tracev", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "tracev", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "tracev", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "warn", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "warn", "(Object,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "warn", "(Object,Object[],Throwable)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "warn", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "warn", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "warn", "(String,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "warnf", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "warnf", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "warnf", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "warnf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "warnf", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "warnf", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "warnf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "warnf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "warnv", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "warnv", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "warnv", "(String,Object,Object,Object)", "", "Argument[0..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "warnv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "warnv", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "warnv", "(Throwable,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "warnv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.jboss.logging", "Logger", True, "warnv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "logging", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "debug", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "debug", "(Object,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "debug", "(Object,Object[],Throwable)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "debug", "(Object,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "debug", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "debug", "(String,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "debugf", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "debugf", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "debugf", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "debugf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "debugf", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "debugf", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "debugf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "debugf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "debugv", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "debugv", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "debugv", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "debugv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "debugv", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "debugv", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "debugv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "debugv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "error", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "error", "(Object,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "error", "(Object,Object[],Throwable)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "error", "(Object,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "error", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "error", "(String,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "errorf", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "errorf", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "errorf", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "errorf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "errorf", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "errorf", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "errorf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "errorf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "errorv", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "errorv", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "errorv", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "errorv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "errorv", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "errorv", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "errorv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "errorv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "fatal", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "fatal", "(Object,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "fatal", "(Object,Object[],Throwable)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "fatal", "(Object,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "fatal", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "fatal", "(String,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "fatalf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "fatalv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "info", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "info", "(Object,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "info", "(Object,Object[],Throwable)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "info", "(Object,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "info", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "info", "(String,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "infof", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "infof", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "infof", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "infof", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "infof", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "infof", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "infof", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "infof", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "infov", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "infov", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "infov", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "infov", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "infov", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "infov", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "infov", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "infov", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "log", "(Level,Object)", "", "Argument[1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "log", "(Level,Object,Object[])", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "log", "(Level,Object,Object[],Throwable)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "log", "(Level,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "log", "(Level,String,Object,Throwable)", "", "Argument[2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "log", "(String,Level,Object,Object[],Throwable)", "", "Argument[2..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,String,Object,Object,Object)", "", "Argument[1..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,String,Object,Object,Object,Object)", "", "Argument[1..5]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,String,Object[])", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,Throwable,String,Object)", "", "Argument[2..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,Throwable,String,Object,Object)", "", "Argument[2..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logf", "(Level,Throwable,String,Object,Object,Object)", "", "Argument[1..5]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logf", "(String,Level,Throwable,String,Object)", "", "Argument[3..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logf", "(String,Level,Throwable,String,Object,Object)", "", "Argument[3..5]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logf", "(String,Level,Throwable,String,Object,Object,Object)", "", "Argument[3..6]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logf", "(String,Level,Throwable,String,Object[])", "", "Argument[3..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,String,Object,Object,Object)", "", "Argument[1..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,String,Object,Object,Object,Object)", "", "Argument[1..5]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,String,Object[])", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,Throwable,String,Object)", "", "Argument[2..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,Throwable,String,Object,Object)", "", "Argument[2..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logv", "(Level,Throwable,String,Object,Object,Object)", "", "Argument[1..5]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logv", "(String,Level,Throwable,String,Object)", "", "Argument[3..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logv", "(String,Level,Throwable,String,Object,Object)", "", "Argument[3..5]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logv", "(String,Level,Throwable,String,Object,Object,Object)", "", "Argument[3..6]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "logv", "(String,Level,Throwable,String,Object[])", "", "Argument[3..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "trace", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "trace", "(Object,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "trace", "(Object,Object[],Throwable)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "trace", "(Object,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "trace", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "trace", "(String,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "tracef", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "tracef", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "tracef", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "tracef", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "tracef", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "tracef", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "tracef", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "tracef", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "tracev", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "tracev", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "tracev", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "tracev", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "tracev", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "tracev", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "tracev", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "tracev", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "warn", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "warn", "(Object,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "warn", "(Object,Object[],Throwable)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "warn", "(Object,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "warn", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "warn", "(String,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "warnf", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "warnf", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "warnf", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "warnf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "warnf", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "warnf", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "warnf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "warnf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "warnv", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "warnv", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "warnv", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "warnv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "warnv", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "warnv", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "warnv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "BasicLogger", True, "warnv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "debug", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "debug", "(Object,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "debug", "(Object,Object[],Throwable)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "debug", "(Object,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "debug", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "debug", "(String,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "debugf", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "debugf", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "debugf", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "debugf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "debugf", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "debugf", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "debugf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "debugf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "debugv", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "debugv", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "debugv", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "debugv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "debugv", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "debugv", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "debugv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "debugv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "error", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "error", "(Object,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "error", "(Object,Object[],Throwable)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "error", "(Object,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "error", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "error", "(String,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "errorf", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "errorf", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "errorf", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "errorf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "errorf", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "errorf", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "errorf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "errorf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "errorv", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "errorv", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "errorv", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "errorv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "errorv", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "errorv", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "errorv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "errorv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "fatal", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "fatal", "(Object,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "fatal", "(Object,Object[],Throwable)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "fatal", "(Object,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "fatal", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "fatal", "(String,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "fatalf", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "fatalf", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "fatalf", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "fatalf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "fatalf", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "fatalf", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "fatalf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "fatalf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "fatalv", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "fatalv", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "fatalv", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "fatalv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "fatalv", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "fatalv", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "fatalv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "fatalv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "info", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "info", "(Object,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "info", "(Object,Object[],Throwable)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "info", "(Object,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "info", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "info", "(String,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "infof", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "infof", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "infof", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "infof", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "infof", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "infof", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "infof", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "infof", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "infov", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "infov", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "infov", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "infov", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "infov", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "infov", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "infov", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "infov", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "log", "(Level,Object)", "", "Argument[1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "log", "(Level,Object,Object[])", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "log", "(Level,Object,Object[],Throwable)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "log", "(Level,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "log", "(Level,String,Object,Throwable)", "", "Argument[2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "log", "(String,Level,Object,Object[],Throwable)", "", "Argument[2..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logf", "(Level,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logf", "(Level,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logf", "(Level,String,Object,Object,Object)", "", "Argument[1..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logf", "(Level,String,Object,Object,Object,Object)", "", "Argument[1..5]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logf", "(Level,String,Object[])", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logf", "(Level,Throwable,String,Object)", "", "Argument[2..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logf", "(Level,Throwable,String,Object,Object)", "", "Argument[2..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logf", "(Level,Throwable,String,Object,Object,Object)", "", "Argument[1..5]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logf", "(String,Level,Throwable,String,Object)", "", "Argument[3..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logf", "(String,Level,Throwable,String,Object,Object)", "", "Argument[3..5]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logf", "(String,Level,Throwable,String,Object,Object,Object)", "", "Argument[3..6]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logf", "(String,Level,Throwable,String,Object[])", "", "Argument[3..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logv", "(Level,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logv", "(Level,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logv", "(Level,String,Object,Object,Object)", "", "Argument[1..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logv", "(Level,String,Object,Object,Object,Object)", "", "Argument[1..5]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logv", "(Level,String,Object[])", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logv", "(Level,Throwable,String,Object)", "", "Argument[2..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logv", "(Level,Throwable,String,Object,Object)", "", "Argument[2..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logv", "(Level,Throwable,String,Object,Object,Object)", "", "Argument[1..5]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logv", "(String,Level,Throwable,String,Object)", "", "Argument[3..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logv", "(String,Level,Throwable,String,Object,Object)", "", "Argument[3..5]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logv", "(String,Level,Throwable,String,Object,Object,Object)", "", "Argument[3..6]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "logv", "(String,Level,Throwable,String,Object[])", "", "Argument[3..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "trace", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "trace", "(Object,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "trace", "(Object,Object[],Throwable)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "trace", "(Object,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "trace", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "trace", "(String,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "tracef", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "tracef", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "tracef", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "tracef", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "tracef", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "tracef", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "tracef", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "tracef", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "tracev", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "tracev", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "tracev", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "tracev", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "tracev", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "tracev", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "tracev", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "tracev", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "warn", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "warn", "(Object,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "warn", "(Object,Object[],Throwable)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "warn", "(Object,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "warn", "(String,Object,Object[],Throwable)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "warn", "(String,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "warnf", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "warnf", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "warnf", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "warnf", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "warnf", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "warnf", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "warnf", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "warnf", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "warnv", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "warnv", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "warnv", "(String,Object,Object,Object)", "", "Argument[0..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "warnv", "(String,Object,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "warnv", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "warnv", "(Throwable,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "warnv", "(Throwable,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.jboss.logging", "Logger", True, "warnv", "(Throwable,String,Object,Object,Object)", "", "Argument[0..4]", "log-injection", "manual"] diff --git a/java/ql/lib/ext/org.scijava.log.model.yml b/java/ql/lib/ext/org.scijava.log.model.yml index 303dbae27e2..ad53130cd07 100644 --- a/java/ql/lib/ext/org.scijava.log.model.yml +++ b/java/ql/lib/ext/org.scijava.log.model.yml @@ -3,16 +3,16 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.scijava.log", "Logger", True, "alwaysLog", "(int,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.scijava.log", "Logger", True, "debug", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.scijava.log", "Logger", True, "debug", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.scijava.log", "Logger", True, "error", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.scijava.log", "Logger", True, "error", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.scijava.log", "Logger", True, "info", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.scijava.log", "Logger", True, "info", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.scijava.log", "Logger", True, "log", "(int,Object)", "", "Argument[1]", "logging", "manual"] - - ["org.scijava.log", "Logger", True, "log", "(int,Object,Throwable)", "", "Argument[1]", "logging", "manual"] - - ["org.scijava.log", "Logger", True, "trace", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.scijava.log", "Logger", True, "trace", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.scijava.log", "Logger", True, "warn", "(Object)", "", "Argument[0]", "logging", "manual"] - - ["org.scijava.log", "Logger", True, "warn", "(Object,Throwable)", "", "Argument[0]", "logging", "manual"] + - ["org.scijava.log", "Logger", True, "alwaysLog", "(int,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.scijava.log", "Logger", True, "debug", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.scijava.log", "Logger", True, "debug", "(Object,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.scijava.log", "Logger", True, "error", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.scijava.log", "Logger", True, "error", "(Object,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.scijava.log", "Logger", True, "info", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.scijava.log", "Logger", True, "info", "(Object,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.scijava.log", "Logger", True, "log", "(int,Object)", "", "Argument[1]", "log-injection", "manual"] + - ["org.scijava.log", "Logger", True, "log", "(int,Object,Throwable)", "", "Argument[1]", "log-injection", "manual"] + - ["org.scijava.log", "Logger", True, "trace", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.scijava.log", "Logger", True, "trace", "(Object,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.scijava.log", "Logger", True, "warn", "(Object)", "", "Argument[0]", "log-injection", "manual"] + - ["org.scijava.log", "Logger", True, "warn", "(Object,Throwable)", "", "Argument[0]", "log-injection", "manual"] diff --git a/java/ql/lib/ext/org.slf4j.model.yml b/java/ql/lib/ext/org.slf4j.model.yml index 6ff2f31847d..e714155b3f2 100644 --- a/java/ql/lib/ext/org.slf4j.model.yml +++ b/java/ql/lib/ext/org.slf4j.model.yml @@ -3,53 +3,53 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.slf4j", "Logger", True, "debug", "(Marker,String)", "", "Argument[1]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "debug", "(Marker,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "debug", "(Marker,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "debug", "(Marker,String,Object[])", "", "Argument[1..2]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "debug", "(String)", "", "Argument[0]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "debug", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "debug", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "debug", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "debug", "(String,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "error", "(Marker,String)", "", "Argument[1]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "error", "(Marker,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "error", "(Marker,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "error", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "error", "(Marker,String,Object[])", "", "Argument[1..2]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "error", "(String)", "", "Argument[0]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "error", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "error", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "error", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "error", "(String,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "info", "(Marker,String)", "", "Argument[1]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "info", "(Marker,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "info", "(Marker,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "info", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "info", "(Marker,String,Object[])", "", "Argument[1..2]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "info", "(String)", "", "Argument[0]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "info", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "info", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "info", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "info", "(String,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "trace", "(Marker,String)", "", "Argument[1]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "trace", "(Marker,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "trace", "(Marker,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "trace", "(Marker,String,Object[])", "", "Argument[1..2]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "trace", "(String)", "", "Argument[0]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "trace", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "trace", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "trace", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "trace", "(String,Throwable)", "", "Argument[0]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "warn", "(Marker,String)", "", "Argument[1]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "warn", "(Marker,String,Object)", "", "Argument[1..2]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "warn", "(Marker,String,Object,Object)", "", "Argument[1..3]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "warn", "(Marker,String,Object[])", "", "Argument[1..2]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "warn", "(String)", "", "Argument[0]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "warn", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "warn", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "warn", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.slf4j", "Logger", True, "warn", "(String,Throwable)", "", "Argument[0]", "logging", "manual"] + - ["org.slf4j", "Logger", True, "debug", "(Marker,String)", "", "Argument[1]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "debug", "(Marker,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "debug", "(Marker,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "debug", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "debug", "(Marker,String,Object[])", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "debug", "(String)", "", "Argument[0]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "debug", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "debug", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "debug", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "debug", "(String,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "error", "(Marker,String)", "", "Argument[1]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "error", "(Marker,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "error", "(Marker,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "error", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "error", "(Marker,String,Object[])", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "error", "(String)", "", "Argument[0]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "error", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "error", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "error", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "error", "(String,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "info", "(Marker,String)", "", "Argument[1]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "info", "(Marker,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "info", "(Marker,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "info", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "info", "(Marker,String,Object[])", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "info", "(String)", "", "Argument[0]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "info", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "info", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "info", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "info", "(String,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "trace", "(Marker,String)", "", "Argument[1]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "trace", "(Marker,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "trace", "(Marker,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "trace", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "trace", "(Marker,String,Object[])", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "trace", "(String)", "", "Argument[0]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "trace", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "trace", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "trace", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "trace", "(String,Throwable)", "", "Argument[0]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "warn", "(Marker,String)", "", "Argument[1]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "warn", "(Marker,String,Object)", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "warn", "(Marker,String,Object,Object)", "", "Argument[1..3]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "warn", "(Marker,String,Object,Object,Object)", "", "Argument[1..4]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "warn", "(Marker,String,Object[])", "", "Argument[1..2]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "warn", "(String)", "", "Argument[0]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "warn", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "warn", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "warn", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.slf4j", "Logger", True, "warn", "(String,Throwable)", "", "Argument[0]", "log-injection", "manual"] diff --git a/java/ql/lib/ext/org.slf4j.spi.model.yml b/java/ql/lib/ext/org.slf4j.spi.model.yml index 197131b6e17..a1d5c498c33 100644 --- a/java/ql/lib/ext/org.slf4j.spi.model.yml +++ b/java/ql/lib/ext/org.slf4j.spi.model.yml @@ -3,11 +3,11 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.slf4j.spi", "LoggingEventBuilder", True, "log", "", "", "Argument[0]", "logging", "manual"] - - ["org.slf4j.spi", "LoggingEventBuilder", True, "log", "(String,Object)", "", "Argument[0..1]", "logging", "manual"] - - ["org.slf4j.spi", "LoggingEventBuilder", True, "log", "(String,Object,Object)", "", "Argument[0..2]", "logging", "manual"] - - ["org.slf4j.spi", "LoggingEventBuilder", True, "log", "(String,Object[])", "", "Argument[0..1]", "logging", "manual"] - - ["org.slf4j.spi", "LoggingEventBuilder", True, "log", "(Supplier)", "", "Argument[0]", "logging", "manual"] + - ["org.slf4j.spi", "LoggingEventBuilder", True, "log", "", "", "Argument[0]", "log-injection", "manual"] + - ["org.slf4j.spi", "LoggingEventBuilder", True, "log", "(String,Object)", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.slf4j.spi", "LoggingEventBuilder", True, "log", "(String,Object,Object)", "", "Argument[0..2]", "log-injection", "manual"] + - ["org.slf4j.spi", "LoggingEventBuilder", True, "log", "(String,Object[])", "", "Argument[0..1]", "log-injection", "manual"] + - ["org.slf4j.spi", "LoggingEventBuilder", True, "log", "(Supplier)", "", "Argument[0]", "log-injection", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index a22dbd6b5e8..17a364b7e2e 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -274,8 +274,8 @@ module ModelValidation { exists(string kind | sinkModel(_, _, _, _, _, _, _, kind, _) | not kind = [ - "open-url", "jndi-injection", "ldap", "sql-injection", "jdbc-url", "logging", "mvel", - "xpath-injection", "groovy", "xss", "ognl-injection", "intent-start", + "open-url", "jndi-injection", "ldap", "sql-injection", "jdbc-url", "log-injection", + "mvel", "xpath-injection", "groovy", "xss", "ognl-injection", "intent-start", "pending-intent-sent", "url-redirection", "create-file", "read-file", "write-file", "set-hostname-verifier", "header-splitting", "information-leak", "xslt", "jexl", "bean-validation", "template-injection", "fragment-injection", "command-injection" diff --git a/java/ql/lib/semmle/code/java/security/LogInjection.qll b/java/ql/lib/semmle/code/java/security/LogInjection.qll index e60e6ed9a7f..2314d807a60 100644 --- a/java/ql/lib/semmle/code/java/security/LogInjection.qll +++ b/java/ql/lib/semmle/code/java/security/LogInjection.qll @@ -27,7 +27,7 @@ class LogInjectionAdditionalTaintStep extends Unit { } private class DefaultLogInjectionSink extends LogInjectionSink { - DefaultLogInjectionSink() { sinkNode(this, "logging") } + DefaultLogInjectionSink() { sinkNode(this, "log-injection") } } private class DefaultLogInjectionSanitizer extends LogInjectionSanitizer { diff --git a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll index d9ed2b970b0..984c9f6fcaa 100644 --- a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll @@ -35,7 +35,7 @@ deprecated class SensitiveLoggerConfiguration extends TaintTracking::Configurati override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CredentialExpr } - override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "logging") } + override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "log-injection") } override predicate isSanitizer(DataFlow::Node sanitizer) { sanitizer.asExpr() instanceof LiveLiteral or @@ -52,7 +52,7 @@ deprecated class SensitiveLoggerConfiguration extends TaintTracking::Configurati module SensitiveLoggerConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CredentialExpr } - predicate isSink(DataFlow::Node sink) { sinkNode(sink, "logging") } + predicate isSink(DataFlow::Node sink) { sinkNode(sink, "log-injection") } predicate isBarrier(DataFlow::Node sanitizer) { sanitizer.asExpr() instanceof LiveLiteral or diff --git a/java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll b/java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll index fcc1ef97ecc..8583e793fc9 100644 --- a/java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll +++ b/java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll @@ -250,7 +250,7 @@ string asInputArgumentSpecific(DataFlow::Node source) { */ bindingset[kind] predicate isRelevantSinkKind(string kind) { - not kind = "logging" and + not kind = "log-injection" and not kind.matches("regex-use%") and not kind = "write-file" } From 6431d370c1031bc1f682855a3b65e16533db56cc Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Tue, 30 May 2023 12:58:56 -0400 Subject: [PATCH 752/870] Java: update groovy sink kind to groovy-injection --- java/ql/lib/ext/groovy.lang.model.yml | 54 +++++++++---------- java/ql/lib/ext/groovy.util.model.yml | 10 ++-- .../ext/org.codehaus.groovy.control.model.yml | 2 +- .../code/java/dataflow/ExternalFlow.qll | 2 +- .../code/java/security/GroovyInjection.qll | 2 +- 5 files changed, 35 insertions(+), 35 deletions(-) diff --git a/java/ql/lib/ext/groovy.lang.model.yml b/java/ql/lib/ext/groovy.lang.model.yml index 815beb99041..7c6ac81d1ab 100644 --- a/java/ql/lib/ext/groovy.lang.model.yml +++ b/java/ql/lib/ext/groovy.lang.model.yml @@ -3,30 +3,30 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["groovy.lang", "GroovyClassLoader", False, "parseClass", "(GroovyCodeSource)", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyClassLoader", False, "parseClass", "(GroovyCodeSource,boolean)", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyClassLoader", False, "parseClass", "(InputStream,String)", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyClassLoader", False, "parseClass", "(Reader,String)", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyClassLoader", False, "parseClass", "(String)", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyClassLoader", False, "parseClass", "(String,String)", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyShell", False, "evaluate", "(GroovyCodeSource)", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyShell", False, "evaluate", "(Reader)", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyShell", False, "evaluate", "(Reader,String)", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyShell", False, "evaluate", "(String)", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyShell", False, "evaluate", "(String,String)", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyShell", False, "evaluate", "(String,String,String)", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyShell", False, "evaluate", "(URI)", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyShell", False, "parse", "(Reader)", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyShell", False, "parse", "(Reader,String)", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyShell", False, "parse", "(String)", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyShell", False, "parse", "(String,String)", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyShell", False, "parse", "(URI)", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyShell", False, "run", "(GroovyCodeSource,List)", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyShell", False, "run", "(GroovyCodeSource,String[])", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyShell", False, "run", "(Reader,String,List)", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyShell", False, "run", "(Reader,String,String[])", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyShell", False, "run", "(String,String,List)", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyShell", False, "run", "(String,String,String[])", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyShell", False, "run", "(URI,List)", "", "Argument[0]", "groovy", "manual"] - - ["groovy.lang", "GroovyShell", False, "run", "(URI,String[])", "", "Argument[0]", "groovy", "manual"] - - ["groovy.text", "TemplateEngine", True, "createTemplate", "", "", "Argument[0]", "groovy", "manual"] + - ["groovy.lang", "GroovyClassLoader", False, "parseClass", "(GroovyCodeSource)", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyClassLoader", False, "parseClass", "(GroovyCodeSource,boolean)", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyClassLoader", False, "parseClass", "(InputStream,String)", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyClassLoader", False, "parseClass", "(Reader,String)", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyClassLoader", False, "parseClass", "(String)", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyClassLoader", False, "parseClass", "(String,String)", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyShell", False, "evaluate", "(GroovyCodeSource)", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyShell", False, "evaluate", "(Reader)", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyShell", False, "evaluate", "(Reader,String)", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyShell", False, "evaluate", "(String)", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyShell", False, "evaluate", "(String,String)", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyShell", False, "evaluate", "(String,String,String)", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyShell", False, "evaluate", "(URI)", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyShell", False, "parse", "(Reader)", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyShell", False, "parse", "(Reader,String)", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyShell", False, "parse", "(String)", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyShell", False, "parse", "(String,String)", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyShell", False, "parse", "(URI)", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyShell", False, "run", "(GroovyCodeSource,List)", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyShell", False, "run", "(GroovyCodeSource,String[])", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyShell", False, "run", "(Reader,String,List)", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyShell", False, "run", "(Reader,String,String[])", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyShell", False, "run", "(String,String,List)", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyShell", False, "run", "(String,String,String[])", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyShell", False, "run", "(URI,List)", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.lang", "GroovyShell", False, "run", "(URI,String[])", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.text", "TemplateEngine", True, "createTemplate", "", "", "Argument[0]", "groovy-injection", "manual"] diff --git a/java/ql/lib/ext/groovy.util.model.yml b/java/ql/lib/ext/groovy.util.model.yml index 61d1dbb6a05..f0a979e2ce8 100644 --- a/java/ql/lib/ext/groovy.util.model.yml +++ b/java/ql/lib/ext/groovy.util.model.yml @@ -3,8 +3,8 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["groovy.util", "Eval", False, "me", "(String)", "", "Argument[0]", "groovy", "manual"] - - ["groovy.util", "Eval", False, "me", "(String,Object,String)", "", "Argument[2]", "groovy", "manual"] - - ["groovy.util", "Eval", False, "x", "(Object,String)", "", "Argument[1]", "groovy", "manual"] - - ["groovy.util", "Eval", False, "xy", "(Object,Object,String)", "", "Argument[2]", "groovy", "manual"] - - ["groovy.util", "Eval", False, "xyz", "(Object,Object,Object,String)", "", "Argument[3]", "groovy", "manual"] + - ["groovy.util", "Eval", False, "me", "(String)", "", "Argument[0]", "groovy-injection", "manual"] + - ["groovy.util", "Eval", False, "me", "(String,Object,String)", "", "Argument[2]", "groovy-injection", "manual"] + - ["groovy.util", "Eval", False, "x", "(Object,String)", "", "Argument[1]", "groovy-injection", "manual"] + - ["groovy.util", "Eval", False, "xy", "(Object,Object,String)", "", "Argument[2]", "groovy-injection", "manual"] + - ["groovy.util", "Eval", False, "xyz", "(Object,Object,Object,String)", "", "Argument[3]", "groovy-injection", "manual"] diff --git a/java/ql/lib/ext/org.codehaus.groovy.control.model.yml b/java/ql/lib/ext/org.codehaus.groovy.control.model.yml index 61ec26f4482..fdccc85e6a9 100644 --- a/java/ql/lib/ext/org.codehaus.groovy.control.model.yml +++ b/java/ql/lib/ext/org.codehaus.groovy.control.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.codehaus.groovy.control", "CompilationUnit", False, "compile", "", "", "Argument[this]", "groovy", "manual"] + - ["org.codehaus.groovy.control", "CompilationUnit", False, "compile", "", "", "Argument[this]", "groovy-injection", "manual"] diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index 17a364b7e2e..cae2226cb68 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -275,7 +275,7 @@ module ModelValidation { not kind = [ "open-url", "jndi-injection", "ldap", "sql-injection", "jdbc-url", "log-injection", - "mvel", "xpath-injection", "groovy", "xss", "ognl-injection", "intent-start", + "mvel", "xpath-injection", "groovy-injection", "xss", "ognl-injection", "intent-start", "pending-intent-sent", "url-redirection", "create-file", "read-file", "write-file", "set-hostname-verifier", "header-splitting", "information-leak", "xslt", "jexl", "bean-validation", "template-injection", "fragment-injection", "command-injection" diff --git a/java/ql/lib/semmle/code/java/security/GroovyInjection.qll b/java/ql/lib/semmle/code/java/security/GroovyInjection.qll index 54ea8afce91..b4fe2fd5e84 100644 --- a/java/ql/lib/semmle/code/java/security/GroovyInjection.qll +++ b/java/ql/lib/semmle/code/java/security/GroovyInjection.qll @@ -21,7 +21,7 @@ class GroovyInjectionAdditionalTaintStep extends Unit { } private class DefaultGroovyInjectionSink extends GroovyInjectionSink { - DefaultGroovyInjectionSink() { sinkNode(this, "groovy") } + DefaultGroovyInjectionSink() { sinkNode(this, "groovy-injection") } } /** A set of additional taint steps to consider when taint tracking Groovy related data flows. */ From 6cee0c4c7553218ef3a6f15e3e7dc8fff0607bc1 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Tue, 9 May 2023 12:04:39 -0400 Subject: [PATCH 753/870] Java: update jexl sink kind to jexl-injection --- .../ext/org.apache.commons.jexl2.model.yml | 30 +++++++++---------- .../ext/org.apache.commons.jexl3.model.yml | 30 +++++++++---------- .../code/java/dataflow/ExternalFlow.qll | 2 +- .../code/java/security/JexlInjectionQuery.qll | 2 +- 4 files changed, 32 insertions(+), 32 deletions(-) diff --git a/java/ql/lib/ext/org.apache.commons.jexl2.model.yml b/java/ql/lib/ext/org.apache.commons.jexl2.model.yml index f7ad474114e..8e224f5f20f 100644 --- a/java/ql/lib/ext/org.apache.commons.jexl2.model.yml +++ b/java/ql/lib/ext/org.apache.commons.jexl2.model.yml @@ -3,18 +3,18 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.commons.jexl2", "Expression", False, "callable", "", "", "Argument[this]", "jexl", "manual"] - - ["org.apache.commons.jexl2", "Expression", False, "evaluate", "", "", "Argument[this]", "jexl", "manual"] - - ["org.apache.commons.jexl2", "JexlEngine", False, "getProperty", "(JexlContext,Object,String)", "", "Argument[2]", "jexl", "manual"] - - ["org.apache.commons.jexl2", "JexlEngine", False, "getProperty", "(Object,String)", "", "Argument[1]", "jexl", "manual"] - - ["org.apache.commons.jexl2", "JexlEngine", False, "setProperty", "(JexlContext,Object,String,Object)", "", "Argument[2]", "jexl", "manual"] - - ["org.apache.commons.jexl2", "JexlEngine", False, "setProperty", "(Object,String,Object)", "", "Argument[1]", "jexl", "manual"] - - ["org.apache.commons.jexl2", "JexlExpression", False, "callable", "", "", "Argument[this]", "jexl", "manual"] - - ["org.apache.commons.jexl2", "JexlExpression", False, "evaluate", "", "", "Argument[this]", "jexl", "manual"] - - ["org.apache.commons.jexl2", "JexlScript", False, "callable", "", "", "Argument[this]", "jexl", "manual"] - - ["org.apache.commons.jexl2", "JexlScript", False, "execute", "", "", "Argument[this]", "jexl", "manual"] - - ["org.apache.commons.jexl2", "Script", False, "callable", "", "", "Argument[this]", "jexl", "manual"] - - ["org.apache.commons.jexl2", "Script", False, "execute", "", "", "Argument[this]", "jexl", "manual"] - - ["org.apache.commons.jexl2", "UnifiedJEXL$Expression", False, "evaluate", "", "", "Argument[this]", "jexl", "manual"] - - ["org.apache.commons.jexl2", "UnifiedJEXL$Expression", False, "prepare", "", "", "Argument[this]", "jexl", "manual"] - - ["org.apache.commons.jexl2", "UnifiedJEXL$Template", False, "evaluate", "", "", "Argument[this]", "jexl", "manual"] + - ["org.apache.commons.jexl2", "Expression", False, "callable", "", "", "Argument[this]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl2", "Expression", False, "evaluate", "", "", "Argument[this]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl2", "JexlEngine", False, "getProperty", "(JexlContext,Object,String)", "", "Argument[2]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl2", "JexlEngine", False, "getProperty", "(Object,String)", "", "Argument[1]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl2", "JexlEngine", False, "setProperty", "(JexlContext,Object,String,Object)", "", "Argument[2]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl2", "JexlEngine", False, "setProperty", "(Object,String,Object)", "", "Argument[1]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl2", "JexlExpression", False, "callable", "", "", "Argument[this]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl2", "JexlExpression", False, "evaluate", "", "", "Argument[this]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl2", "JexlScript", False, "callable", "", "", "Argument[this]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl2", "JexlScript", False, "execute", "", "", "Argument[this]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl2", "Script", False, "callable", "", "", "Argument[this]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl2", "Script", False, "execute", "", "", "Argument[this]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl2", "UnifiedJEXL$Expression", False, "evaluate", "", "", "Argument[this]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl2", "UnifiedJEXL$Expression", False, "prepare", "", "", "Argument[this]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl2", "UnifiedJEXL$Template", False, "evaluate", "", "", "Argument[this]", "jexl-injection", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.jexl3.model.yml b/java/ql/lib/ext/org.apache.commons.jexl3.model.yml index cbe04fc3e60..e2fee2fcb3d 100644 --- a/java/ql/lib/ext/org.apache.commons.jexl3.model.yml +++ b/java/ql/lib/ext/org.apache.commons.jexl3.model.yml @@ -3,18 +3,18 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.commons.jexl3", "Expression", False, "callable", "", "", "Argument[this]", "jexl", "manual"] - - ["org.apache.commons.jexl3", "Expression", False, "evaluate", "", "", "Argument[this]", "jexl", "manual"] - - ["org.apache.commons.jexl3", "JexlEngine", False, "getProperty", "(JexlContext,Object,String)", "", "Argument[2]", "jexl", "manual"] - - ["org.apache.commons.jexl3", "JexlEngine", False, "getProperty", "(Object,String)", "", "Argument[1]", "jexl", "manual"] - - ["org.apache.commons.jexl3", "JexlEngine", False, "setProperty", "(JexlContext,Object,String)", "", "Argument[2]", "jexl", "manual"] - - ["org.apache.commons.jexl3", "JexlEngine", False, "setProperty", "(Object,String,Object)", "", "Argument[1]", "jexl", "manual"] - - ["org.apache.commons.jexl3", "JexlExpression", False, "callable", "", "", "Argument[this]", "jexl", "manual"] - - ["org.apache.commons.jexl3", "JexlExpression", False, "evaluate", "", "", "Argument[this]", "jexl", "manual"] - - ["org.apache.commons.jexl3", "JexlScript", False, "callable", "", "", "Argument[this]", "jexl", "manual"] - - ["org.apache.commons.jexl3", "JexlScript", False, "execute", "", "", "Argument[this]", "jexl", "manual"] - - ["org.apache.commons.jexl3", "JxltEngine$Expression", False, "evaluate", "", "", "Argument[this]", "jexl", "manual"] - - ["org.apache.commons.jexl3", "JxltEngine$Expression", False, "prepare", "", "", "Argument[this]", "jexl", "manual"] - - ["org.apache.commons.jexl3", "JxltEngine$Template", False, "evaluate", "", "", "Argument[this]", "jexl", "manual"] - - ["org.apache.commons.jexl3", "Script", False, "callable", "", "", "Argument[this]", "jexl", "manual"] - - ["org.apache.commons.jexl3", "Script", False, "execute", "", "", "Argument[this]", "jexl", "manual"] + - ["org.apache.commons.jexl3", "Expression", False, "callable", "", "", "Argument[this]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl3", "Expression", False, "evaluate", "", "", "Argument[this]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl3", "JexlEngine", False, "getProperty", "(JexlContext,Object,String)", "", "Argument[2]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl3", "JexlEngine", False, "getProperty", "(Object,String)", "", "Argument[1]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl3", "JexlEngine", False, "setProperty", "(JexlContext,Object,String)", "", "Argument[2]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl3", "JexlEngine", False, "setProperty", "(Object,String,Object)", "", "Argument[1]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl3", "JexlExpression", False, "callable", "", "", "Argument[this]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl3", "JexlExpression", False, "evaluate", "", "", "Argument[this]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl3", "JexlScript", False, "callable", "", "", "Argument[this]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl3", "JexlScript", False, "execute", "", "", "Argument[this]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl3", "JxltEngine$Expression", False, "evaluate", "", "", "Argument[this]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl3", "JxltEngine$Expression", False, "prepare", "", "", "Argument[this]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl3", "JxltEngine$Template", False, "evaluate", "", "", "Argument[this]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl3", "Script", False, "callable", "", "", "Argument[this]", "jexl-injection", "manual"] + - ["org.apache.commons.jexl3", "Script", False, "execute", "", "", "Argument[this]", "jexl-injection", "manual"] diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index cae2226cb68..78197f16ce3 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -277,7 +277,7 @@ module ModelValidation { "open-url", "jndi-injection", "ldap", "sql-injection", "jdbc-url", "log-injection", "mvel", "xpath-injection", "groovy-injection", "xss", "ognl-injection", "intent-start", "pending-intent-sent", "url-redirection", "create-file", "read-file", "write-file", - "set-hostname-verifier", "header-splitting", "information-leak", "xslt", "jexl", + "set-hostname-verifier", "header-splitting", "information-leak", "xslt", "jexl-injection", "bean-validation", "template-injection", "fragment-injection", "command-injection" ] and not kind.matches("regex-use%") and diff --git a/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll index 4138b851e85..dd877720495 100644 --- a/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll @@ -13,7 +13,7 @@ abstract class JexlEvaluationSink extends DataFlow::ExprNode { } /** Default sink for JXEL injection vulnerabilities. */ private class DefaultJexlEvaluationSink extends JexlEvaluationSink { - DefaultJexlEvaluationSink() { sinkNode(this, "jexl") } + DefaultJexlEvaluationSink() { sinkNode(this, "jexl-injection") } } /** From cea97b3f2a8f22bb9fd4b5bc3c16964676e58810 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Tue, 9 May 2023 12:05:39 -0400 Subject: [PATCH 754/870] Java: update mvel sink kind to mvel-injection --- java/ql/lib/ext/javax.script.model.yml | 2 +- java/ql/lib/ext/org.mvel2.compiler.model.yml | 8 ++++---- java/ql/lib/ext/org.mvel2.jsr223.model.yml | 6 +++--- java/ql/lib/ext/org.mvel2.model.yml | 14 +++++++------- java/ql/lib/ext/org.mvel2.templates.model.yml | 4 ++-- .../lib/semmle/code/java/dataflow/ExternalFlow.qll | 9 +++++---- .../semmle/code/java/security/MvelInjection.qll | 2 +- 7 files changed, 23 insertions(+), 22 deletions(-) diff --git a/java/ql/lib/ext/javax.script.model.yml b/java/ql/lib/ext/javax.script.model.yml index 0dcc6adb3d7..dcec679640f 100644 --- a/java/ql/lib/ext/javax.script.model.yml +++ b/java/ql/lib/ext/javax.script.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["javax.script", "CompiledScript", False, "eval", "", "", "Argument[this]", "mvel", "manual"] + - ["javax.script", "CompiledScript", False, "eval", "", "", "Argument[this]", "mvel-injection", "manual"] diff --git a/java/ql/lib/ext/org.mvel2.compiler.model.yml b/java/ql/lib/ext/org.mvel2.compiler.model.yml index 6ca33c8cdb0..0b3535a6fcf 100644 --- a/java/ql/lib/ext/org.mvel2.compiler.model.yml +++ b/java/ql/lib/ext/org.mvel2.compiler.model.yml @@ -3,7 +3,7 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.mvel2.compiler", "Accessor", False, "getValue", "", "", "Argument[this]", "mvel", "manual"] - - ["org.mvel2.compiler", "CompiledAccExpression", False, "getValue", "", "", "Argument[this]", "mvel", "manual"] - - ["org.mvel2.compiler", "CompiledExpression", False, "getDirectValue", "", "", "Argument[this]", "mvel", "manual"] - - ["org.mvel2.compiler", "ExecutableStatement", False, "getValue", "", "", "Argument[this]", "mvel", "manual"] + - ["org.mvel2.compiler", "Accessor", False, "getValue", "", "", "Argument[this]", "mvel-injection", "manual"] + - ["org.mvel2.compiler", "CompiledAccExpression", False, "getValue", "", "", "Argument[this]", "mvel-injection", "manual"] + - ["org.mvel2.compiler", "CompiledExpression", False, "getDirectValue", "", "", "Argument[this]", "mvel-injection", "manual"] + - ["org.mvel2.compiler", "ExecutableStatement", False, "getValue", "", "", "Argument[this]", "mvel-injection", "manual"] diff --git a/java/ql/lib/ext/org.mvel2.jsr223.model.yml b/java/ql/lib/ext/org.mvel2.jsr223.model.yml index 6a63bbcf57c..7dff4964cf0 100644 --- a/java/ql/lib/ext/org.mvel2.jsr223.model.yml +++ b/java/ql/lib/ext/org.mvel2.jsr223.model.yml @@ -3,6 +3,6 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.mvel2.jsr223", "MvelCompiledScript", False, "eval", "", "", "Argument[this]", "mvel", "manual"] - - ["org.mvel2.jsr223", "MvelScriptEngine", False, "eval", "", "", "Argument[0]", "mvel", "manual"] - - ["org.mvel2.jsr223", "MvelScriptEngine", False, "evaluate", "", "", "Argument[0]", "mvel", "manual"] + - ["org.mvel2.jsr223", "MvelCompiledScript", False, "eval", "", "", "Argument[this]", "mvel-injection", "manual"] + - ["org.mvel2.jsr223", "MvelScriptEngine", False, "eval", "", "", "Argument[0]", "mvel-injection", "manual"] + - ["org.mvel2.jsr223", "MvelScriptEngine", False, "evaluate", "", "", "Argument[0]", "mvel-injection", "manual"] diff --git a/java/ql/lib/ext/org.mvel2.model.yml b/java/ql/lib/ext/org.mvel2.model.yml index fd7778c89a6..28a7154df90 100644 --- a/java/ql/lib/ext/org.mvel2.model.yml +++ b/java/ql/lib/ext/org.mvel2.model.yml @@ -3,10 +3,10 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.mvel2", "MVEL", False, "eval", "", "", "Argument[0]", "mvel", "manual"] - - ["org.mvel2", "MVEL", False, "evalToBoolean", "", "", "Argument[0]", "mvel", "manual"] - - ["org.mvel2", "MVEL", False, "evalToString", "", "", "Argument[0]", "mvel", "manual"] - - ["org.mvel2", "MVEL", False, "executeAllExpression", "", "", "Argument[0]", "mvel", "manual"] - - ["org.mvel2", "MVEL", False, "executeExpression", "", "", "Argument[0]", "mvel", "manual"] - - ["org.mvel2", "MVEL", False, "executeSetExpression", "", "", "Argument[0]", "mvel", "manual"] - - ["org.mvel2", "MVELRuntime", False, "execute", "", "", "Argument[1]", "mvel", "manual"] + - ["org.mvel2", "MVEL", False, "eval", "", "", "Argument[0]", "mvel-injection", "manual"] + - ["org.mvel2", "MVEL", False, "evalToBoolean", "", "", "Argument[0]", "mvel-injection", "manual"] + - ["org.mvel2", "MVEL", False, "evalToString", "", "", "Argument[0]", "mvel-injection", "manual"] + - ["org.mvel2", "MVEL", False, "executeAllExpression", "", "", "Argument[0]", "mvel-injection", "manual"] + - ["org.mvel2", "MVEL", False, "executeExpression", "", "", "Argument[0]", "mvel-injection", "manual"] + - ["org.mvel2", "MVEL", False, "executeSetExpression", "", "", "Argument[0]", "mvel-injection", "manual"] + - ["org.mvel2", "MVELRuntime", False, "execute", "", "", "Argument[1]", "mvel-injection", "manual"] diff --git a/java/ql/lib/ext/org.mvel2.templates.model.yml b/java/ql/lib/ext/org.mvel2.templates.model.yml index 0e31cee38b0..93fdbde10ed 100644 --- a/java/ql/lib/ext/org.mvel2.templates.model.yml +++ b/java/ql/lib/ext/org.mvel2.templates.model.yml @@ -3,5 +3,5 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.mvel2.templates", "TemplateRuntime", False, "eval", "", "", "Argument[0]", "mvel", "manual"] - - ["org.mvel2.templates", "TemplateRuntime", False, "execute", "", "", "Argument[0]", "mvel", "manual"] + - ["org.mvel2.templates", "TemplateRuntime", False, "eval", "", "", "Argument[0]", "mvel-injection", "manual"] + - ["org.mvel2.templates", "TemplateRuntime", False, "execute", "", "", "Argument[0]", "mvel-injection", "manual"] diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index 78197f16ce3..06097ce7271 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -275,10 +275,11 @@ module ModelValidation { not kind = [ "open-url", "jndi-injection", "ldap", "sql-injection", "jdbc-url", "log-injection", - "mvel", "xpath-injection", "groovy-injection", "xss", "ognl-injection", "intent-start", - "pending-intent-sent", "url-redirection", "create-file", "read-file", "write-file", - "set-hostname-verifier", "header-splitting", "information-leak", "xslt", "jexl-injection", - "bean-validation", "template-injection", "fragment-injection", "command-injection" + "mvel-injection", "xpath-injection", "groovy-injection", "xss", "ognl-injection", + "intent-start", "pending-intent-sent", "url-redirection", "create-file", "read-file", + "write-file", "set-hostname-verifier", "header-splitting", "information-leak", "xslt", + "jexl-injection", "bean-validation", "template-injection", "fragment-injection", + "command-injection" ] and not kind.matches("regex-use%") and not kind.matches("qltest%") and diff --git a/java/ql/lib/semmle/code/java/security/MvelInjection.qll b/java/ql/lib/semmle/code/java/security/MvelInjection.qll index a0ada3d91a1..803c6ad0cf9 100644 --- a/java/ql/lib/semmle/code/java/security/MvelInjection.qll +++ b/java/ql/lib/semmle/code/java/security/MvelInjection.qll @@ -25,7 +25,7 @@ class MvelInjectionAdditionalTaintStep extends Unit { /** Default sink for MVEL injection vulnerabilities. */ private class DefaultMvelEvaluationSink extends MvelEvaluationSink { - DefaultMvelEvaluationSink() { sinkNode(this, "mvel") } + DefaultMvelEvaluationSink() { sinkNode(this, "mvel-injection") } } /** A default sanitizer that considers numeric and boolean typed data safe for building MVEL expressions */ From 6d2d25406caec1acedd83a06f800a9b983b7f084 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Tue, 9 May 2023 12:06:36 -0400 Subject: [PATCH 755/870] Java: update xslt sink kind to xslt-injection --- java/ql/lib/ext/javax.xml.transform.model.yml | 2 +- java/ql/lib/ext/net.sf.saxon.s9api.model.yml | 10 +++++----- java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll | 6 +++--- .../ql/lib/semmle/code/java/security/XsltInjection.qll | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/java/ql/lib/ext/javax.xml.transform.model.yml b/java/ql/lib/ext/javax.xml.transform.model.yml index ffc321b004f..62a66a3d7ae 100644 --- a/java/ql/lib/ext/javax.xml.transform.model.yml +++ b/java/ql/lib/ext/javax.xml.transform.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["javax.xml.transform", "Transformer", False, "transform", "", "", "Argument[this]", "xslt", "manual"] + - ["javax.xml.transform", "Transformer", False, "transform", "", "", "Argument[this]", "xslt-injection", "manual"] diff --git a/java/ql/lib/ext/net.sf.saxon.s9api.model.yml b/java/ql/lib/ext/net.sf.saxon.s9api.model.yml index 1559092f535..aa0e3eba5a9 100644 --- a/java/ql/lib/ext/net.sf.saxon.s9api.model.yml +++ b/java/ql/lib/ext/net.sf.saxon.s9api.model.yml @@ -3,8 +3,8 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["net.sf.saxon.s9api", "Xslt30Transformer", False, "applyTemplates", "", "", "Argument[this]", "xslt", "manual"] - - ["net.sf.saxon.s9api", "Xslt30Transformer", False, "callFunction", "", "", "Argument[this]", "xslt", "manual"] - - ["net.sf.saxon.s9api", "Xslt30Transformer", False, "callTemplate", "", "", "Argument[this]", "xslt", "manual"] - - ["net.sf.saxon.s9api", "Xslt30Transformer", False, "transform", "", "", "Argument[this]", "xslt", "manual"] - - ["net.sf.saxon.s9api", "XsltTransformer", False, "transform", "", "", "Argument[this]", "xslt", "manual"] + - ["net.sf.saxon.s9api", "Xslt30Transformer", False, "applyTemplates", "", "", "Argument[this]", "xslt-injection", "manual"] + - ["net.sf.saxon.s9api", "Xslt30Transformer", False, "callFunction", "", "", "Argument[this]", "xslt-injection", "manual"] + - ["net.sf.saxon.s9api", "Xslt30Transformer", False, "callTemplate", "", "", "Argument[this]", "xslt-injection", "manual"] + - ["net.sf.saxon.s9api", "Xslt30Transformer", False, "transform", "", "", "Argument[this]", "xslt-injection", "manual"] + - ["net.sf.saxon.s9api", "XsltTransformer", False, "transform", "", "", "Argument[this]", "xslt-injection", "manual"] diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index 06097ce7271..fbdd1ec4e2f 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -277,9 +277,9 @@ module ModelValidation { "open-url", "jndi-injection", "ldap", "sql-injection", "jdbc-url", "log-injection", "mvel-injection", "xpath-injection", "groovy-injection", "xss", "ognl-injection", "intent-start", "pending-intent-sent", "url-redirection", "create-file", "read-file", - "write-file", "set-hostname-verifier", "header-splitting", "information-leak", "xslt", - "jexl-injection", "bean-validation", "template-injection", "fragment-injection", - "command-injection" + "write-file", "set-hostname-verifier", "header-splitting", "information-leak", + "xslt-injection", "jexl-injection", "bean-validation", "template-injection", + "fragment-injection", "command-injection" ] and not kind.matches("regex-use%") and not kind.matches("qltest%") and diff --git a/java/ql/lib/semmle/code/java/security/XsltInjection.qll b/java/ql/lib/semmle/code/java/security/XsltInjection.qll index f6953a09539..3d0782b6ace 100644 --- a/java/ql/lib/semmle/code/java/security/XsltInjection.qll +++ b/java/ql/lib/semmle/code/java/security/XsltInjection.qll @@ -12,7 +12,7 @@ abstract class XsltInjectionSink extends DataFlow::Node { } /** A default sink representing methods susceptible to XSLT Injection attacks. */ private class DefaultXsltInjectionSink extends XsltInjectionSink { - DefaultXsltInjectionSink() { sinkNode(this, "xslt") } + DefaultXsltInjectionSink() { sinkNode(this, "xslt-injection") } } /** From 3ff4c7de8f031c3744ba465d6f6d4e3ed0ad18ca Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Tue, 9 May 2023 12:08:40 -0400 Subject: [PATCH 756/870] Java: update ldap sink kind to ldap-injection --- .../lib/ext/com.unboundid.ldap.sdk.model.yml | 34 +++++++++---------- .../lib/ext/javax.naming.directory.model.yml | 2 +- ...apache.directory.ldap.client.api.model.yml | 2 +- .../org.springframework.ldap.core.model.yml | 28 +++++++-------- .../code/java/dataflow/ExternalFlow.qll | 12 +++---- .../code/java/security/LdapInjection.qll | 2 +- 6 files changed, 40 insertions(+), 40 deletions(-) diff --git a/java/ql/lib/ext/com.unboundid.ldap.sdk.model.yml b/java/ql/lib/ext/com.unboundid.ldap.sdk.model.yml index 57753bc31d0..d483d6d97e4 100644 --- a/java/ql/lib/ext/com.unboundid.ldap.sdk.model.yml +++ b/java/ql/lib/ext/com.unboundid.ldap.sdk.model.yml @@ -3,20 +3,20 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "asyncSearch", "", "", "Argument[0]", "ldap", "manual"] - - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(ReadOnlySearchRequest)", "", "Argument[0]", "ldap", "manual"] - - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchRequest)", "", "Argument[0]", "ldap", "manual"] - - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchResultListener,String,SearchScope,DereferencePolicy,int,int,boolean,Filter,String[])", "", "Argument[0..7]", "ldap", "manual"] - - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchResultListener,String,SearchScope,DereferencePolicy,int,int,boolean,String,String[])", "", "Argument[0..7]", "ldap", "manual"] - - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchResultListener,String,SearchScope,Filter,String[])", "", "Argument[0..3]", "ldap", "manual"] - - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchResultListener,String,SearchScope,String,String[])", "", "Argument[0..3]", "ldap", "manual"] - - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(String,SearchScope,DereferencePolicy,int,int,boolean,Filter,String[])", "", "Argument[0..6]", "ldap", "manual"] - - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(String,SearchScope,DereferencePolicy,int,int,boolean,String,String[])", "", "Argument[0..6]", "ldap", "manual"] - - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(String,SearchScope,Filter,String[])", "", "Argument[0..2]", "ldap", "manual"] - - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(String,SearchScope,String,String[])", "", "Argument[0..2]", "ldap", "manual"] - - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(ReadOnlySearchRequest)", "", "Argument[0]", "ldap", "manual"] - - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(SearchRequest)", "", "Argument[0]", "ldap", "manual"] - - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(String,SearchScope,DereferencePolicy,int,boolean,Filter,String[])", "", "Argument[0..5]", "ldap", "manual"] - - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(String,SearchScope,DereferencePolicy,int,boolean,String,String[])", "", "Argument[0..5]", "ldap", "manual"] - - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(String,SearchScope,Filter,String[])", "", "Argument[0..2]", "ldap", "manual"] - - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(String,SearchScope,String,String[])", "", "Argument[0..2]", "ldap", "manual"] + - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "asyncSearch", "", "", "Argument[0]", "ldap-injection", "manual"] + - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(ReadOnlySearchRequest)", "", "Argument[0]", "ldap-injection", "manual"] + - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchRequest)", "", "Argument[0]", "ldap-injection", "manual"] + - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchResultListener,String,SearchScope,DereferencePolicy,int,int,boolean,Filter,String[])", "", "Argument[0..7]", "ldap-injection", "manual"] + - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchResultListener,String,SearchScope,DereferencePolicy,int,int,boolean,String,String[])", "", "Argument[0..7]", "ldap-injection", "manual"] + - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchResultListener,String,SearchScope,Filter,String[])", "", "Argument[0..3]", "ldap-injection", "manual"] + - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(SearchResultListener,String,SearchScope,String,String[])", "", "Argument[0..3]", "ldap-injection", "manual"] + - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(String,SearchScope,DereferencePolicy,int,int,boolean,Filter,String[])", "", "Argument[0..6]", "ldap-injection", "manual"] + - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(String,SearchScope,DereferencePolicy,int,int,boolean,String,String[])", "", "Argument[0..6]", "ldap-injection", "manual"] + - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(String,SearchScope,Filter,String[])", "", "Argument[0..2]", "ldap-injection", "manual"] + - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "search", "(String,SearchScope,String,String[])", "", "Argument[0..2]", "ldap-injection", "manual"] + - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(ReadOnlySearchRequest)", "", "Argument[0]", "ldap-injection", "manual"] + - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(SearchRequest)", "", "Argument[0]", "ldap-injection", "manual"] + - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(String,SearchScope,DereferencePolicy,int,boolean,Filter,String[])", "", "Argument[0..5]", "ldap-injection", "manual"] + - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(String,SearchScope,DereferencePolicy,int,boolean,String,String[])", "", "Argument[0..5]", "ldap-injection", "manual"] + - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(String,SearchScope,Filter,String[])", "", "Argument[0..2]", "ldap-injection", "manual"] + - ["com.unboundid.ldap.sdk", "LDAPConnection", False, "searchForEntry", "(String,SearchScope,String,String[])", "", "Argument[0..2]", "ldap-injection", "manual"] diff --git a/java/ql/lib/ext/javax.naming.directory.model.yml b/java/ql/lib/ext/javax.naming.directory.model.yml index bb350a084cb..6f60e7cf20d 100644 --- a/java/ql/lib/ext/javax.naming.directory.model.yml +++ b/java/ql/lib/ext/javax.naming.directory.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["javax.naming.directory", "DirContext", True, "search", "", "", "Argument[0..1]", "ldap", "manual"] + - ["javax.naming.directory", "DirContext", True, "search", "", "", "Argument[0..1]", "ldap-injection", "manual"] diff --git a/java/ql/lib/ext/org.apache.directory.ldap.client.api.model.yml b/java/ql/lib/ext/org.apache.directory.ldap.client.api.model.yml index 14b580383d3..57b1655d944 100644 --- a/java/ql/lib/ext/org.apache.directory.ldap.client.api.model.yml +++ b/java/ql/lib/ext/org.apache.directory.ldap.client.api.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.directory.ldap.client.api", "LdapConnection", True, "search", "", "", "Argument[0..2]", "ldap", "manual"] + - ["org.apache.directory.ldap.client.api", "LdapConnection", True, "search", "", "", "Argument[0..2]", "ldap-injection", "manual"] diff --git a/java/ql/lib/ext/org.springframework.ldap.core.model.yml b/java/ql/lib/ext/org.springframework.ldap.core.model.yml index 962dec40c59..ce4ef72e283 100644 --- a/java/ql/lib/ext/org.springframework.ldap.core.model.yml +++ b/java/ql/lib/ext/org.springframework.ldap.core.model.yml @@ -22,17 +22,17 @@ extensions: - ["org.springframework.ldap.core", "LdapOperations", True, "search", "(String,String,int,String[],ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"] - ["org.springframework.ldap.core", "LdapOperations", True, "searchForObject", "(Name,String,ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"] - ["org.springframework.ldap.core", "LdapOperations", True, "searchForObject", "(String,String,ContextMapper)", "", "Argument[0]", "jndi-injection", "manual"] - - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(LdapQuery,String)", "", "Argument[0]", "ldap", "manual"] - - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(Name,String,String)", "", "Argument[0..1]", "ldap", "manual"] - - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(Name,String,String,AuthenticatedLdapEntryContextCallback)", "", "Argument[0..1]", "ldap", "manual"] - - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(Name,String,String,AuthenticatedLdapEntryContextCallback,AuthenticationErrorCallback)", "", "Argument[0..1]", "ldap", "manual"] - - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(Name,String,String,AuthenticationErrorCallback)", "", "Argument[0..1]", "ldap", "manual"] - - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(String,String,String)", "", "Argument[0..1]", "ldap", "manual"] - - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(String,String,String,AuthenticatedLdapEntryContextCallback)", "", "Argument[0..1]", "ldap", "manual"] - - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(String,String,String,AuthenticatedLdapEntryContextCallback,AuthenticationErrorCallback)", "", "Argument[0..1]", "ldap", "manual"] - - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(String,String,String,AuthenticationErrorCallback)", "", "Argument[0..1]", "ldap", "manual"] - - ["org.springframework.ldap.core", "LdapTemplate", False, "find", "", "", "Argument[0..1]", "ldap", "manual"] - - ["org.springframework.ldap.core", "LdapTemplate", False, "findOne", "", "", "Argument[0..1]", "ldap", "manual"] - - ["org.springframework.ldap.core", "LdapTemplate", False, "search", "", "", "Argument[0..1]", "ldap", "manual"] - - ["org.springframework.ldap.core", "LdapTemplate", False, "searchForContext", "", "", "Argument[0..1]", "ldap", "manual"] - - ["org.springframework.ldap.core", "LdapTemplate", False, "searchForObject", "", "", "Argument[0..1]", "ldap", "manual"] + - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(LdapQuery,String)", "", "Argument[0]", "ldap-injection", "manual"] + - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(Name,String,String)", "", "Argument[0..1]", "ldap-injection", "manual"] + - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(Name,String,String,AuthenticatedLdapEntryContextCallback)", "", "Argument[0..1]", "ldap-injection", "manual"] + - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(Name,String,String,AuthenticatedLdapEntryContextCallback,AuthenticationErrorCallback)", "", "Argument[0..1]", "ldap-injection", "manual"] + - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(Name,String,String,AuthenticationErrorCallback)", "", "Argument[0..1]", "ldap-injection", "manual"] + - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(String,String,String)", "", "Argument[0..1]", "ldap-injection", "manual"] + - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(String,String,String,AuthenticatedLdapEntryContextCallback)", "", "Argument[0..1]", "ldap-injection", "manual"] + - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(String,String,String,AuthenticatedLdapEntryContextCallback,AuthenticationErrorCallback)", "", "Argument[0..1]", "ldap-injection", "manual"] + - ["org.springframework.ldap.core", "LdapTemplate", False, "authenticate", "(String,String,String,AuthenticationErrorCallback)", "", "Argument[0..1]", "ldap-injection", "manual"] + - ["org.springframework.ldap.core", "LdapTemplate", False, "find", "", "", "Argument[0..1]", "ldap-injection", "manual"] + - ["org.springframework.ldap.core", "LdapTemplate", False, "findOne", "", "", "Argument[0..1]", "ldap-injection", "manual"] + - ["org.springframework.ldap.core", "LdapTemplate", False, "search", "", "", "Argument[0..1]", "ldap-injection", "manual"] + - ["org.springframework.ldap.core", "LdapTemplate", False, "searchForContext", "", "", "Argument[0..1]", "ldap-injection", "manual"] + - ["org.springframework.ldap.core", "LdapTemplate", False, "searchForObject", "", "", "Argument[0..1]", "ldap-injection", "manual"] diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index fbdd1ec4e2f..af4f43004ad 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -274,12 +274,12 @@ module ModelValidation { exists(string kind | sinkModel(_, _, _, _, _, _, _, kind, _) | not kind = [ - "open-url", "jndi-injection", "ldap", "sql-injection", "jdbc-url", "log-injection", - "mvel-injection", "xpath-injection", "groovy-injection", "xss", "ognl-injection", - "intent-start", "pending-intent-sent", "url-redirection", "create-file", "read-file", - "write-file", "set-hostname-verifier", "header-splitting", "information-leak", - "xslt-injection", "jexl-injection", "bean-validation", "template-injection", - "fragment-injection", "command-injection" + "open-url", "jndi-injection", "ldap-injection", "sql-injection", "jdbc-url", + "log-injection", "mvel-injection", "xpath-injection", "groovy-injection", "xss", + "ognl-injection", "intent-start", "pending-intent-sent", "url-redirection", "create-file", + "read-file", "write-file", "set-hostname-verifier", "header-splitting", + "information-leak", "xslt-injection", "jexl-injection", "bean-validation", + "template-injection", "fragment-injection", "command-injection" ] and not kind.matches("regex-use%") and not kind.matches("qltest%") and diff --git a/java/ql/lib/semmle/code/java/security/LdapInjection.qll b/java/ql/lib/semmle/code/java/security/LdapInjection.qll index d78bd2f7ae1..0e2a35c764e 100644 --- a/java/ql/lib/semmle/code/java/security/LdapInjection.qll +++ b/java/ql/lib/semmle/code/java/security/LdapInjection.qll @@ -29,7 +29,7 @@ class LdapInjectionAdditionalTaintStep extends Unit { /** Default sink for LDAP injection vulnerabilities. */ private class DefaultLdapInjectionSink extends LdapInjectionSink { - DefaultLdapInjectionSink() { sinkNode(this, "ldap") } + DefaultLdapInjectionSink() { sinkNode(this, "ldap-injection") } } /** A sanitizer that clears the taint on (boxed) primitive types. */ From 5aa3e57ff32f4fa3459939004cdfd626b1a0b884 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Tue, 9 May 2023 12:09:37 -0400 Subject: [PATCH 757/870] Java: update pending-intent-sent sink kind to pending-intents --- java/ql/lib/ext/android.app.model.yml | 34 +++++++++---------- java/ql/lib/ext/androidx.core.app.model.yml | 12 +++---- java/ql/lib/ext/androidx.slice.model.yml | 4 +-- .../code/java/dataflow/ExternalFlow.qll | 2 +- .../java/security/ImplicitPendingIntents.qll | 2 +- 5 files changed, 27 insertions(+), 27 deletions(-) diff --git a/java/ql/lib/ext/android.app.model.yml b/java/ql/lib/ext/android.app.model.yml index 861867d344c..c295293ee5a 100644 --- a/java/ql/lib/ext/android.app.model.yml +++ b/java/ql/lib/ext/android.app.model.yml @@ -5,20 +5,20 @@ extensions: data: - ["android.app", "Activity", True, "bindService", "", "", "Argument[0]", "intent-start", "manual"] - ["android.app", "Activity", True, "bindServiceAsUser", "", "", "Argument[0]", "intent-start", "manual"] - - ["android.app", "Activity", True, "setResult", "(int,Intent)", "", "Argument[1]", "pending-intent-sent", "manual"] + - ["android.app", "Activity", True, "setResult", "(int,Intent)", "", "Argument[1]", "pending-intents", "manual"] - ["android.app", "Activity", True, "startActivityAsCaller", "", "", "Argument[0]", "intent-start", "manual"] - ["android.app", "Activity", True, "startActivityForResult", "(Intent,int)", "", "Argument[0]", "intent-start", "manual"] - ["android.app", "Activity", True, "startActivityForResult", "(Intent,int,Bundle)", "", "Argument[0]", "intent-start", "manual"] - ["android.app", "Activity", True, "startActivityForResult", "(String,Intent,int,Bundle)", "", "Argument[1]", "intent-start", "manual"] - ["android.app", "Activity", True, "startActivityForResultAsUser", "", "", "Argument[0]", "intent-start", "manual"] - - ["android.app", "AlarmManager", True, "set", "(int,long,PendingIntent)", "", "Argument[2]", "pending-intent-sent", "manual"] - - ["android.app", "AlarmManager", True, "setAlarmClock", "", "", "Argument[1]", "pending-intent-sent", "manual"] - - ["android.app", "AlarmManager", True, "setAndAllowWhileIdle", "", "", "Argument[2]", "pending-intent-sent", "manual"] - - ["android.app", "AlarmManager", True, "setExact", "(int,long,PendingIntent)", "", "Argument[2]", "pending-intent-sent", "manual"] - - ["android.app", "AlarmManager", True, "setExactAndAllowWhileIdle", "", "", "Argument[2]", "pending-intent-sent", "manual"] - - ["android.app", "AlarmManager", True, "setInexactRepeating", "", "", "Argument[3]", "pending-intent-sent", "manual"] - - ["android.app", "AlarmManager", True, "setRepeating", "", "", "Argument[3]", "pending-intent-sent", "manual"] - - ["android.app", "AlarmManager", True, "setWindow", "(int,long,long,PendingIntent)", "", "Argument[3]", "pending-intent-sent", "manual"] + - ["android.app", "AlarmManager", True, "set", "(int,long,PendingIntent)", "", "Argument[2]", "pending-intents", "manual"] + - ["android.app", "AlarmManager", True, "setAlarmClock", "", "", "Argument[1]", "pending-intents", "manual"] + - ["android.app", "AlarmManager", True, "setAndAllowWhileIdle", "", "", "Argument[2]", "pending-intents", "manual"] + - ["android.app", "AlarmManager", True, "setExact", "(int,long,PendingIntent)", "", "Argument[2]", "pending-intents", "manual"] + - ["android.app", "AlarmManager", True, "setExactAndAllowWhileIdle", "", "", "Argument[2]", "pending-intents", "manual"] + - ["android.app", "AlarmManager", True, "setInexactRepeating", "", "", "Argument[3]", "pending-intents", "manual"] + - ["android.app", "AlarmManager", True, "setRepeating", "", "", "Argument[3]", "pending-intents", "manual"] + - ["android.app", "AlarmManager", True, "setWindow", "(int,long,long,PendingIntent)", "", "Argument[3]", "pending-intents", "manual"] - ["android.app", "FragmentTransaction", True, "add", "(Class,Bundle,String)", "", "Argument[0]", "fragment-injection", "manual"] - ["android.app", "FragmentTransaction", True, "add", "(Fragment,String)", "", "Argument[0]", "fragment-injection", "manual"] - ["android.app", "FragmentTransaction", True, "add", "(int,Class,Bundle)", "", "Argument[1]", "fragment-injection", "manual"] @@ -30,14 +30,14 @@ extensions: - ["android.app", "FragmentTransaction", True, "replace", "(int,Class,Bundle,String)", "", "Argument[1]", "fragment-injection", "manual"] - ["android.app", "FragmentTransaction", True, "replace", "(int,Fragment)", "", "Argument[1]", "fragment-injection", "manual"] - ["android.app", "FragmentTransaction", True, "replace", "(int,Fragment,String)", "", "Argument[1]", "fragment-injection", "manual"] - - ["android.app", "NotificationManager", True, "notify", "(String,int,Notification)", "", "Argument[2]", "pending-intent-sent", "manual"] - - ["android.app", "NotificationManager", True, "notify", "(int,Notification)", "", "Argument[1]", "pending-intent-sent", "manual"] - - ["android.app", "NotificationManager", True, "notifyAsPackage", "(String,String,int,Notification)", "", "Argument[3]", "pending-intent-sent", "manual"] - - ["android.app", "NotificationManager", True, "notifyAsUser", "(String,int,Notification,UserHandle)", "", "Argument[2]", "pending-intent-sent", "manual"] - - ["android.app", "PendingIntent", False, "send", "(Context,int,Intent)", "", "Argument[2]", "pending-intent-sent", "manual"] - - ["android.app", "PendingIntent", False, "send", "(Context,int,Intent,OnFinished,Handler)", "", "Argument[2]", "pending-intent-sent", "manual"] - - ["android.app", "PendingIntent", False, "send", "(Context,int,Intent,OnFinished,Handler,String)", "", "Argument[2]", "pending-intent-sent", "manual"] - - ["android.app", "PendingIntent", False, "send", "(Context,int,Intent,OnFinished,Handler,String,Bundle)", "", "Argument[2]", "pending-intent-sent", "manual"] + - ["android.app", "NotificationManager", True, "notify", "(String,int,Notification)", "", "Argument[2]", "pending-intents", "manual"] + - ["android.app", "NotificationManager", True, "notify", "(int,Notification)", "", "Argument[1]", "pending-intents", "manual"] + - ["android.app", "NotificationManager", True, "notifyAsPackage", "(String,String,int,Notification)", "", "Argument[3]", "pending-intents", "manual"] + - ["android.app", "NotificationManager", True, "notifyAsUser", "(String,int,Notification,UserHandle)", "", "Argument[2]", "pending-intents", "manual"] + - ["android.app", "PendingIntent", False, "send", "(Context,int,Intent)", "", "Argument[2]", "pending-intents", "manual"] + - ["android.app", "PendingIntent", False, "send", "(Context,int,Intent,OnFinished,Handler)", "", "Argument[2]", "pending-intents", "manual"] + - ["android.app", "PendingIntent", False, "send", "(Context,int,Intent,OnFinished,Handler,String)", "", "Argument[2]", "pending-intents", "manual"] + - ["android.app", "PendingIntent", False, "send", "(Context,int,Intent,OnFinished,Handler,String,Bundle)", "", "Argument[2]", "pending-intents", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/androidx.core.app.model.yml b/java/ql/lib/ext/androidx.core.app.model.yml index 2bb58605436..f24a67dbbe6 100644 --- a/java/ql/lib/ext/androidx.core.app.model.yml +++ b/java/ql/lib/ext/androidx.core.app.model.yml @@ -3,12 +3,12 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["androidx.core.app", "AlarmManagerCompat", True, "setAlarmClock", "", "", "Argument[2..3]", "pending-intent-sent", "manual"] - - ["androidx.core.app", "AlarmManagerCompat", True, "setAndAllowWhileIdle", "", "", "Argument[3]", "pending-intent-sent", "manual"] - - ["androidx.core.app", "AlarmManagerCompat", True, "setExact", "", "", "Argument[3]", "pending-intent-sent", "manual"] - - ["androidx.core.app", "AlarmManagerCompat", True, "setExactAndAllowWhileIdle", "", "", "Argument[3]", "pending-intent-sent", "manual"] - - ["androidx.core.app", "NotificationManagerCompat", True, "notify", "(String,int,Notification)", "", "Argument[2]", "pending-intent-sent", "manual"] - - ["androidx.core.app", "NotificationManagerCompat", True, "notify", "(int,Notification)", "", "Argument[1]", "pending-intent-sent", "manual"] + - ["androidx.core.app", "AlarmManagerCompat", True, "setAlarmClock", "", "", "Argument[2..3]", "pending-intents", "manual"] + - ["androidx.core.app", "AlarmManagerCompat", True, "setAndAllowWhileIdle", "", "", "Argument[3]", "pending-intents", "manual"] + - ["androidx.core.app", "AlarmManagerCompat", True, "setExact", "", "", "Argument[3]", "pending-intents", "manual"] + - ["androidx.core.app", "AlarmManagerCompat", True, "setExactAndAllowWhileIdle", "", "", "Argument[3]", "pending-intents", "manual"] + - ["androidx.core.app", "NotificationManagerCompat", True, "notify", "(String,int,Notification)", "", "Argument[2]", "pending-intents", "manual"] + - ["androidx.core.app", "NotificationManagerCompat", True, "notify", "(int,Notification)", "", "Argument[1]", "pending-intents", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/androidx.slice.model.yml b/java/ql/lib/ext/androidx.slice.model.yml index 97481e886e5..1e4176e5d9a 100644 --- a/java/ql/lib/ext/androidx.slice.model.yml +++ b/java/ql/lib/ext/androidx.slice.model.yml @@ -12,5 +12,5 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["androidx.slice", "SliceProvider", True, "onBindSlice", "", "", "ReturnValue", "pending-intent-sent", "manual"] - - ["androidx.slice", "SliceProvider", True, "onCreatePermissionRequest", "", "", "ReturnValue", "pending-intent-sent", "manual"] + - ["androidx.slice", "SliceProvider", True, "onBindSlice", "", "", "ReturnValue", "pending-intents", "manual"] + - ["androidx.slice", "SliceProvider", True, "onCreatePermissionRequest", "", "", "ReturnValue", "pending-intents", "manual"] diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index af4f43004ad..3e6543297d1 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -276,7 +276,7 @@ module ModelValidation { [ "open-url", "jndi-injection", "ldap-injection", "sql-injection", "jdbc-url", "log-injection", "mvel-injection", "xpath-injection", "groovy-injection", "xss", - "ognl-injection", "intent-start", "pending-intent-sent", "url-redirection", "create-file", + "ognl-injection", "intent-start", "pending-intents", "url-redirection", "create-file", "read-file", "write-file", "set-hostname-verifier", "header-splitting", "information-leak", "xslt-injection", "jexl-injection", "bean-validation", "template-injection", "fragment-injection", "command-injection" diff --git a/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll b/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll index 308b8037554..6511bf28685 100644 --- a/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll +++ b/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll @@ -63,7 +63,7 @@ private class SendPendingIntent extends ImplicitPendingIntentSink { this.asExpr() = ma.getArgument(0) ) or - sinkNode(this, "pending-intent-sent") + sinkNode(this, "pending-intents") } override predicate hasState(DataFlow::FlowState state) { state = "MutablePendingIntent" } From b23f384a50bd66943a02bd4f130028541878a475 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Tue, 9 May 2023 12:10:57 -0400 Subject: [PATCH 758/870] Java: update intent-start sink kind to intent-redirection --- java/ql/lib/ext/android.app.model.yml | 14 ++++---- java/ql/lib/ext/android.content.model.yml | 32 +++++++++---------- .../code/java/dataflow/ExternalFlow.qll | 4 +-- .../security/AndroidIntentRedirection.qll | 2 +- .../java/security/ImplicitPendingIntents.qll | 3 +- 5 files changed, 28 insertions(+), 27 deletions(-) diff --git a/java/ql/lib/ext/android.app.model.yml b/java/ql/lib/ext/android.app.model.yml index c295293ee5a..72591773436 100644 --- a/java/ql/lib/ext/android.app.model.yml +++ b/java/ql/lib/ext/android.app.model.yml @@ -3,14 +3,14 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["android.app", "Activity", True, "bindService", "", "", "Argument[0]", "intent-start", "manual"] - - ["android.app", "Activity", True, "bindServiceAsUser", "", "", "Argument[0]", "intent-start", "manual"] + - ["android.app", "Activity", True, "bindService", "", "", "Argument[0]", "intent-redirection", "manual"] + - ["android.app", "Activity", True, "bindServiceAsUser", "", "", "Argument[0]", "intent-redirection", "manual"] - ["android.app", "Activity", True, "setResult", "(int,Intent)", "", "Argument[1]", "pending-intents", "manual"] - - ["android.app", "Activity", True, "startActivityAsCaller", "", "", "Argument[0]", "intent-start", "manual"] - - ["android.app", "Activity", True, "startActivityForResult", "(Intent,int)", "", "Argument[0]", "intent-start", "manual"] - - ["android.app", "Activity", True, "startActivityForResult", "(Intent,int,Bundle)", "", "Argument[0]", "intent-start", "manual"] - - ["android.app", "Activity", True, "startActivityForResult", "(String,Intent,int,Bundle)", "", "Argument[1]", "intent-start", "manual"] - - ["android.app", "Activity", True, "startActivityForResultAsUser", "", "", "Argument[0]", "intent-start", "manual"] + - ["android.app", "Activity", True, "startActivityAsCaller", "", "", "Argument[0]", "intent-redirection", "manual"] + - ["android.app", "Activity", True, "startActivityForResult", "(Intent,int)", "", "Argument[0]", "intent-redirection", "manual"] + - ["android.app", "Activity", True, "startActivityForResult", "(Intent,int,Bundle)", "", "Argument[0]", "intent-redirection", "manual"] + - ["android.app", "Activity", True, "startActivityForResult", "(String,Intent,int,Bundle)", "", "Argument[1]", "intent-redirection", "manual"] + - ["android.app", "Activity", True, "startActivityForResultAsUser", "", "", "Argument[0]", "intent-redirection", "manual"] - ["android.app", "AlarmManager", True, "set", "(int,long,PendingIntent)", "", "Argument[2]", "pending-intents", "manual"] - ["android.app", "AlarmManager", True, "setAlarmClock", "", "", "Argument[1]", "pending-intents", "manual"] - ["android.app", "AlarmManager", True, "setAndAllowWhileIdle", "", "", "Argument[2]", "pending-intents", "manual"] diff --git a/java/ql/lib/ext/android.content.model.yml b/java/ql/lib/ext/android.content.model.yml index bee6bae8d44..c42578c08cd 100644 --- a/java/ql/lib/ext/android.content.model.yml +++ b/java/ql/lib/ext/android.content.model.yml @@ -47,22 +47,22 @@ extensions: - ["android.content", "ContentResolver", True, "query", "(Uri,String[],String,String[],String)", "", "Argument[2]", "sql-injection", "manual"] - ["android.content", "ContentResolver", True, "query", "(Uri,String[],String,String[],String,CancellationSignal)", "", "Argument[2]", "sql-injection", "manual"] - ["android.content", "ContentResolver", True, "update", "(Uri,ContentValues,String,String[])", "", "Argument[2]", "sql-injection", "manual"] - - ["android.content", "Context", True, "sendBroadcast", "", "", "Argument[0]", "intent-start", "manual"] - - ["android.content", "Context", True, "sendBroadcastAsUser", "", "", "Argument[0]", "intent-start", "manual"] - - ["android.content", "Context", True, "sendBroadcastWithMultiplePermissions", "", "", "Argument[0]", "intent-start", "manual"] - - ["android.content", "Context", True, "sendStickyBroadcast", "", "", "Argument[0]", "intent-start", "manual"] - - ["android.content", "Context", True, "sendStickyBroadcastAsUser", "", "", "Argument[0]", "intent-start", "manual"] - - ["android.content", "Context", True, "sendStickyOrderedBroadcast", "", "", "Argument[0]", "intent-start", "manual"] - - ["android.content", "Context", True, "sendStickyOrderedBroadcastAsUser", "", "", "Argument[0]", "intent-start", "manual"] - - ["android.content", "Context", True, "startActivities", "", "", "Argument[0]", "intent-start", "manual"] - - ["android.content", "Context", True, "startActivity", "", "", "Argument[0]", "intent-start", "manual"] - - ["android.content", "Context", True, "startActivityAsUser", "", "", "Argument[0]", "intent-start", "manual"] - - ["android.content", "Context", True, "startActivityFromChild", "", "", "Argument[1]", "intent-start", "manual"] - - ["android.content", "Context", True, "startActivityFromFragment", "", "", "Argument[1]", "intent-start", "manual"] - - ["android.content", "Context", True, "startActivityIfNeeded", "", "", "Argument[0]", "intent-start", "manual"] - - ["android.content", "Context", True, "startForegroundService", "", "", "Argument[0]", "intent-start", "manual"] - - ["android.content", "Context", True, "startService", "", "", "Argument[0]", "intent-start", "manual"] - - ["android.content", "Context", True, "startServiceAsUser", "", "", "Argument[0]", "intent-start", "manual"] + - ["android.content", "Context", True, "sendBroadcast", "", "", "Argument[0]", "intent-redirection", "manual"] + - ["android.content", "Context", True, "sendBroadcastAsUser", "", "", "Argument[0]", "intent-redirection", "manual"] + - ["android.content", "Context", True, "sendBroadcastWithMultiplePermissions", "", "", "Argument[0]", "intent-redirection", "manual"] + - ["android.content", "Context", True, "sendStickyBroadcast", "", "", "Argument[0]", "intent-redirection", "manual"] + - ["android.content", "Context", True, "sendStickyBroadcastAsUser", "", "", "Argument[0]", "intent-redirection", "manual"] + - ["android.content", "Context", True, "sendStickyOrderedBroadcast", "", "", "Argument[0]", "intent-redirection", "manual"] + - ["android.content", "Context", True, "sendStickyOrderedBroadcastAsUser", "", "", "Argument[0]", "intent-redirection", "manual"] + - ["android.content", "Context", True, "startActivities", "", "", "Argument[0]", "intent-redirection", "manual"] + - ["android.content", "Context", True, "startActivity", "", "", "Argument[0]", "intent-redirection", "manual"] + - ["android.content", "Context", True, "startActivityAsUser", "", "", "Argument[0]", "intent-redirection", "manual"] + - ["android.content", "Context", True, "startActivityFromChild", "", "", "Argument[1]", "intent-redirection", "manual"] + - ["android.content", "Context", True, "startActivityFromFragment", "", "", "Argument[1]", "intent-redirection", "manual"] + - ["android.content", "Context", True, "startActivityIfNeeded", "", "", "Argument[0]", "intent-redirection", "manual"] + - ["android.content", "Context", True, "startForegroundService", "", "", "Argument[0]", "intent-redirection", "manual"] + - ["android.content", "Context", True, "startService", "", "", "Argument[0]", "intent-redirection", "manual"] + - ["android.content", "Context", True, "startServiceAsUser", "", "", "Argument[0]", "intent-redirection", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index 3e6543297d1..27bc65e8ee2 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -276,8 +276,8 @@ module ModelValidation { [ "open-url", "jndi-injection", "ldap-injection", "sql-injection", "jdbc-url", "log-injection", "mvel-injection", "xpath-injection", "groovy-injection", "xss", - "ognl-injection", "intent-start", "pending-intents", "url-redirection", "create-file", - "read-file", "write-file", "set-hostname-verifier", "header-splitting", + "ognl-injection", "intent-redirection", "pending-intents", "url-redirection", + "create-file", "read-file", "write-file", "set-hostname-verifier", "header-splitting", "information-leak", "xslt-injection", "jexl-injection", "bean-validation", "template-injection", "fragment-injection", "command-injection" ] and diff --git a/java/ql/lib/semmle/code/java/security/AndroidIntentRedirection.qll b/java/ql/lib/semmle/code/java/security/AndroidIntentRedirection.qll index 993c2941733..ef5f84001f0 100644 --- a/java/ql/lib/semmle/code/java/security/AndroidIntentRedirection.qll +++ b/java/ql/lib/semmle/code/java/security/AndroidIntentRedirection.qll @@ -30,7 +30,7 @@ class IntentRedirectionAdditionalTaintStep extends Unit { /** Default sink for Intent redirection vulnerabilities. */ private class DefaultIntentRedirectionSink extends IntentRedirectionSink { - DefaultIntentRedirectionSink() { sinkNode(this, "intent-start") } + DefaultIntentRedirectionSink() { sinkNode(this, "intent-redirection") } } /** diff --git a/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll b/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll index 6511bf28685..41985affc0e 100644 --- a/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll +++ b/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll @@ -54,7 +54,8 @@ private class IntentCreationSource extends ImplicitPendingIntentSource { private class SendPendingIntent extends ImplicitPendingIntentSink { SendPendingIntent() { - sinkNode(this, "intent-start") and + // intent redirection sinks are method calls that start Android components + sinkNode(this, "intent-redirection") and // implicit intents can't be started as services since API 21 not exists(MethodAccess ma, Method m | ma.getMethod() = m and From 51df84ed1cdc973efbe4a287fffcbdf3a0c6bfc4 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Tue, 9 May 2023 12:15:57 -0400 Subject: [PATCH 759/870] Java: update set-hostname-verifier sink kind to hostname-verification --- java/ql/lib/ext/javax.net.ssl.model.yml | 4 ++-- java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll | 2 +- .../code/java/security/UnsafeHostnameVerificationQuery.qll | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/java/ql/lib/ext/javax.net.ssl.model.yml b/java/ql/lib/ext/javax.net.ssl.model.yml index 7cbed92c184..59085b8d120 100644 --- a/java/ql/lib/ext/javax.net.ssl.model.yml +++ b/java/ql/lib/ext/javax.net.ssl.model.yml @@ -3,5 +3,5 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["javax.net.ssl", "HttpsURLConnection", True, "setDefaultHostnameVerifier", "", "", "Argument[0]", "set-hostname-verifier", "manual"] - - ["javax.net.ssl", "HttpsURLConnection", True, "setHostnameVerifier", "", "", "Argument[0]", "set-hostname-verifier", "manual"] + - ["javax.net.ssl", "HttpsURLConnection", True, "setDefaultHostnameVerifier", "", "", "Argument[0]", "hostname-verification", "manual"] + - ["javax.net.ssl", "HttpsURLConnection", True, "setHostnameVerifier", "", "", "Argument[0]", "hostname-verification", "manual"] diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index 27bc65e8ee2..78c98c07b04 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -277,7 +277,7 @@ module ModelValidation { "open-url", "jndi-injection", "ldap-injection", "sql-injection", "jdbc-url", "log-injection", "mvel-injection", "xpath-injection", "groovy-injection", "xss", "ognl-injection", "intent-redirection", "pending-intents", "url-redirection", - "create-file", "read-file", "write-file", "set-hostname-verifier", "header-splitting", + "create-file", "read-file", "write-file", "hostname-verification", "header-splitting", "information-leak", "xslt-injection", "jexl-injection", "bean-validation", "template-injection", "fragment-injection", "command-injection" ] and diff --git a/java/ql/lib/semmle/code/java/security/UnsafeHostnameVerificationQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeHostnameVerificationQuery.qll index 1fc60e3494e..1b44121591c 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeHostnameVerificationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeHostnameVerificationQuery.qll @@ -74,7 +74,7 @@ module TrustAllHostnameVerifierFlow = DataFlow::Global<TrustAllHostnameVerifierC * A sink that sets the `HostnameVerifier` on `HttpsURLConnection`. */ private class HostnameVerifierSink extends DataFlow::Node { - HostnameVerifierSink() { sinkNode(this, "set-hostname-verifier") } + HostnameVerifierSink() { sinkNode(this, "hostname-verification") } } /** From 041caa740558cc08b974b7df5a80bd3aa425d24a Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Tue, 9 May 2023 12:17:08 -0400 Subject: [PATCH 760/870] Java: update header-splitting sink kind to response-splitting --- java/ql/lib/ext/javax.servlet.http.model.yml | 6 +++--- java/ql/lib/ext/javax.ws.rs.core.model.yml | 2 +- java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll | 2 +- java/ql/lib/semmle/code/java/security/ResponseSplitting.qll | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/java/ql/lib/ext/javax.servlet.http.model.yml b/java/ql/lib/ext/javax.servlet.http.model.yml index e4c0a2b2332..6485ea22a2e 100644 --- a/java/ql/lib/ext/javax.servlet.http.model.yml +++ b/java/ql/lib/ext/javax.servlet.http.model.yml @@ -22,10 +22,10 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["javax.servlet.http", "HttpServletResponse", False, "addCookie", "", "", "Argument[0]", "header-splitting", "manual"] - - ["javax.servlet.http", "HttpServletResponse", False, "addHeader", "", "", "Argument[0..1]", "header-splitting", "manual"] + - ["javax.servlet.http", "HttpServletResponse", False, "addCookie", "", "", "Argument[0]", "response-splitting", "manual"] + - ["javax.servlet.http", "HttpServletResponse", False, "addHeader", "", "", "Argument[0..1]", "response-splitting", "manual"] - ["javax.servlet.http", "HttpServletResponse", False, "sendError", "(int,String)", "", "Argument[1]", "information-leak", "manual"] - - ["javax.servlet.http", "HttpServletResponse", False, "setHeader", "", "", "Argument[0..1]", "header-splitting", "manual"] + - ["javax.servlet.http", "HttpServletResponse", False, "setHeader", "", "", "Argument[0..1]", "response-splitting", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/javax.ws.rs.core.model.yml b/java/ql/lib/ext/javax.ws.rs.core.model.yml index cf94b255176..dfdf2ee6fd0 100644 --- a/java/ql/lib/ext/javax.ws.rs.core.model.yml +++ b/java/ql/lib/ext/javax.ws.rs.core.model.yml @@ -5,7 +5,7 @@ extensions: data: - ["javax.ws.rs.core", "Response", True, "seeOther", "", "", "Argument[0]", "url-redirection", "manual"] - ["javax.ws.rs.core", "Response", True, "temporaryRedirect", "", "", "Argument[0]", "url-redirection", "manual"] - - ["javax.ws.rs.core", "ResponseBuilder", False, "header", "", "", "Argument[1]", "header-splitting", "manual"] + - ["javax.ws.rs.core", "ResponseBuilder", False, "header", "", "", "Argument[1]", "response-splitting", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index 78c98c07b04..e264be4a83b 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -277,7 +277,7 @@ module ModelValidation { "open-url", "jndi-injection", "ldap-injection", "sql-injection", "jdbc-url", "log-injection", "mvel-injection", "xpath-injection", "groovy-injection", "xss", "ognl-injection", "intent-redirection", "pending-intents", "url-redirection", - "create-file", "read-file", "write-file", "hostname-verification", "header-splitting", + "create-file", "read-file", "write-file", "hostname-verification", "response-splitting", "information-leak", "xslt-injection", "jexl-injection", "bean-validation", "template-injection", "fragment-injection", "command-injection" ] and diff --git a/java/ql/lib/semmle/code/java/security/ResponseSplitting.qll b/java/ql/lib/semmle/code/java/security/ResponseSplitting.qll index 916b6df4372..2e2033443a5 100644 --- a/java/ql/lib/semmle/code/java/security/ResponseSplitting.qll +++ b/java/ql/lib/semmle/code/java/security/ResponseSplitting.qll @@ -11,7 +11,7 @@ private import semmle.code.java.dataflow.ExternalFlow abstract class HeaderSplittingSink extends DataFlow::Node { } private class DefaultHeaderSplittingSink extends HeaderSplittingSink { - DefaultHeaderSplittingSink() { sinkNode(this, "header-splitting") } + DefaultHeaderSplittingSink() { sinkNode(this, "response-splitting") } } /** A source that introduces data considered safe to use by a header splitting source. */ From ac8d985a6397fb4eda24688dfa8e892d4b52e03b Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Tue, 9 May 2023 12:18:11 -0400 Subject: [PATCH 761/870] Java: update xss sink kind to html-injection and js-injection --- java/ql/lib/ext/android.webkit.model.yml | 6 +++--- java/ql/lib/ext/jakarta.faces.context.model.yml | 4 ++-- java/ql/lib/ext/javax.faces.context.model.yml | 4 ++-- java/ql/lib/ext/org.apache.hc.core5.http.model.yml | 2 +- java/ql/lib/ext/org.apache.http.model.yml | 2 +- java/ql/lib/ext/org.apache.http.util.model.yml | 2 +- .../ql/lib/semmle/code/java/dataflow/ExternalFlow.qll | 11 ++++++----- java/ql/lib/semmle/code/java/security/XSS.qll | 2 +- 8 files changed, 17 insertions(+), 16 deletions(-) diff --git a/java/ql/lib/ext/android.webkit.model.yml b/java/ql/lib/ext/android.webkit.model.yml index 05058493fe1..d88199c04cb 100644 --- a/java/ql/lib/ext/android.webkit.model.yml +++ b/java/ql/lib/ext/android.webkit.model.yml @@ -10,6 +10,6 @@ extensions: extensible: sinkModel data: # Models representing methods susceptible to XSS attacks. - - ["android.webkit", "WebView", False, "evaluateJavascript", "", "", "Argument[0]", "xss", "manual"] - - ["android.webkit", "WebView", False, "loadData", "", "", "Argument[0]", "xss", "manual"] - - ["android.webkit", "WebView", False, "loadDataWithBaseURL", "", "", "Argument[1]", "xss", "manual"] + - ["android.webkit", "WebView", False, "evaluateJavascript", "", "", "Argument[0]", "js-injection", "manual"] + - ["android.webkit", "WebView", False, "loadData", "", "", "Argument[0]", "html-injection", "manual"] + - ["android.webkit", "WebView", False, "loadDataWithBaseURL", "", "", "Argument[1]", "html-injection", "manual"] diff --git a/java/ql/lib/ext/jakarta.faces.context.model.yml b/java/ql/lib/ext/jakarta.faces.context.model.yml index 84a0fd22710..468ef036c1a 100644 --- a/java/ql/lib/ext/jakarta.faces.context.model.yml +++ b/java/ql/lib/ext/jakarta.faces.context.model.yml @@ -14,5 +14,5 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["jakarta.faces.context", "ResponseStream", True, "write", "", "", "Argument[0]", "xss", "manual"] - - ["jakarta.faces.context", "ResponseWriter", True, "write", "", "", "Argument[0]", "xss", "manual"] + - ["jakarta.faces.context", "ResponseStream", True, "write", "", "", "Argument[0]", "html-injection", "manual"] + - ["jakarta.faces.context", "ResponseWriter", True, "write", "", "", "Argument[0]", "html-injection", "manual"] diff --git a/java/ql/lib/ext/javax.faces.context.model.yml b/java/ql/lib/ext/javax.faces.context.model.yml index ad33971c2c3..98f3e64ec6c 100644 --- a/java/ql/lib/ext/javax.faces.context.model.yml +++ b/java/ql/lib/ext/javax.faces.context.model.yml @@ -14,5 +14,5 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["javax.faces.context", "ResponseStream", True, "write", "", "", "Argument[0]", "xss", "manual"] - - ["javax.faces.context", "ResponseWriter", True, "write", "", "", "Argument[0]", "xss", "manual"] + - ["javax.faces.context", "ResponseStream", True, "write", "", "", "Argument[0]", "html-injection", "manual"] + - ["javax.faces.context", "ResponseWriter", True, "write", "", "", "Argument[0]", "html-injection", "manual"] diff --git a/java/ql/lib/ext/org.apache.hc.core5.http.model.yml b/java/ql/lib/ext/org.apache.hc.core5.http.model.yml index 6c1c6d63efe..8922ce55637 100644 --- a/java/ql/lib/ext/org.apache.hc.core5.http.model.yml +++ b/java/ql/lib/ext/org.apache.hc.core5.http.model.yml @@ -3,7 +3,7 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.hc.core5.http", "HttpEntityContainer", True, "setEntity", "(HttpEntity)", "", "Argument[0]", "xss", "manual"] + - ["org.apache.hc.core5.http", "HttpEntityContainer", True, "setEntity", "(HttpEntity)", "", "Argument[0]", "html-injection", "manual"] - ["org.apache.hc.core5.http", "HttpRequest", True, "setUri", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - ["org.apache.hc.core5.http", "HttpRequestFactory", True, "newHttpRequest", "(String,String)", "", "Argument[1]", "open-url", "hq-manual"] - ["org.apache.hc.core5.http", "HttpRequestFactory", True, "newHttpRequest", "(String,URI)", "", "Argument[1]", "open-url", "hq-manual"] diff --git a/java/ql/lib/ext/org.apache.http.model.yml b/java/ql/lib/ext/org.apache.http.model.yml index 466fe9d15a4..d03d2fa1a50 100644 --- a/java/ql/lib/ext/org.apache.http.model.yml +++ b/java/ql/lib/ext/org.apache.http.model.yml @@ -10,7 +10,7 @@ extensions: extensible: sinkModel data: - ["org.apache.http", "HttpRequestFactory", True, "newHttpRequest", "(String,String)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.http", "HttpResponse", True, "setEntity", "(HttpEntity)", "", "Argument[0]", "xss", "manual"] + - ["org.apache.http", "HttpResponse", True, "setEntity", "(HttpEntity)", "", "Argument[0]", "html-injection", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/org.apache.http.util.model.yml b/java/ql/lib/ext/org.apache.http.util.model.yml index d5469664ab6..7e4fd9dde25 100644 --- a/java/ql/lib/ext/org.apache.http.util.model.yml +++ b/java/ql/lib/ext/org.apache.http.util.model.yml @@ -3,7 +3,7 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.http.util", "EntityUtils", True, "updateEntity", "(HttpResponse,HttpEntity)", "", "Argument[1]", "xss", "manual"] + - ["org.apache.http.util", "EntityUtils", True, "updateEntity", "(HttpResponse,HttpEntity)", "", "Argument[1]", "html-injection", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index e264be4a83b..5d9290fce9f 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -275,11 +275,12 @@ module ModelValidation { not kind = [ "open-url", "jndi-injection", "ldap-injection", "sql-injection", "jdbc-url", - "log-injection", "mvel-injection", "xpath-injection", "groovy-injection", "xss", - "ognl-injection", "intent-redirection", "pending-intents", "url-redirection", - "create-file", "read-file", "write-file", "hostname-verification", "response-splitting", - "information-leak", "xslt-injection", "jexl-injection", "bean-validation", - "template-injection", "fragment-injection", "command-injection" + "log-injection", "mvel-injection", "xpath-injection", "groovy-injection", + "html-injection", "js-injection", "ognl-injection", "intent-redirection", + "pending-intents", "url-redirection", "create-file", "read-file", "write-file", + "hostname-verification", "response-splitting", "information-leak", "xslt-injection", + "jexl-injection", "bean-validation", "template-injection", "fragment-injection", + "command-injection" ] and not kind.matches("regex-use%") and not kind.matches("qltest%") and diff --git a/java/ql/lib/semmle/code/java/security/XSS.qll b/java/ql/lib/semmle/code/java/security/XSS.qll index 2680631318f..bd968bd5fc3 100644 --- a/java/ql/lib/semmle/code/java/security/XSS.qll +++ b/java/ql/lib/semmle/code/java/security/XSS.qll @@ -39,7 +39,7 @@ class XssAdditionalTaintStep extends Unit { /** A default sink representing methods susceptible to XSS attacks. */ private class DefaultXssSink extends XssSink { DefaultXssSink() { - sinkNode(this, "xss") + sinkNode(this, ["html-injection", "js-injection"]) or exists(MethodAccess ma | ma.getMethod() instanceof WritingMethod and From eb1a8e21890a4f8490cec8ca475972059d881c85 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Tue, 30 May 2023 13:03:51 -0400 Subject: [PATCH 762/870] Java: update write-file sink kind to file-system-store --- .../ql/lib/ext/com.google.common.io.model.yml | 2 +- java/ql/lib/ext/hudson.model.yml | 2 +- java/ql/lib/ext/hudson.util.model.yml | 3 +- java/ql/lib/ext/java.io.model.yml | 44 +++++++++---------- java/ql/lib/ext/java.nio.file.model.yml | 6 +-- .../lib/ext/org.apache.commons.io.model.yml | 4 +- .../code/java/dataflow/ExternalFlow.qll | 2 +- ...CleartextStorageAndroidFilesystemQuery.qll | 2 +- .../internal/CaptureModelsSpecific.qll | 2 +- 9 files changed, 33 insertions(+), 34 deletions(-) diff --git a/java/ql/lib/ext/com.google.common.io.model.yml b/java/ql/lib/ext/com.google.common.io.model.yml index 230b596ad29..1158bc21274 100644 --- a/java/ql/lib/ext/com.google.common.io.model.yml +++ b/java/ql/lib/ext/com.google.common.io.model.yml @@ -9,7 +9,7 @@ extensions: - ["com.google.common.io", "Files", False, "readLines", "(File,Charset)", "", "Argument[0]", "read-file", "ai-manual"] - ["com.google.common.io", "Files", False, "toByteArray", "(File)", "", "Argument[0]", "read-file", "ai-manual"] - ["com.google.common.io", "Files", False, "toString", "(File,Charset)", "", "Argument[0]", "read-file", "ai-manual"] - - ["com.google.common.io", "Files", False, "write", "(byte[],File)", "", "Argument[0]", "write-file", "ai-manual"] + - ["com.google.common.io", "Files", False, "write", "(byte[],File)", "", "Argument[0]", "file-content-store", "ai-manual"] - ["com.google.common.io", "Files", False, "write", "(byte[],File)", "", "Argument[1]", "create-file", "manual"] - addsTo: pack: codeql/java-all diff --git a/java/ql/lib/ext/hudson.model.yml b/java/ql/lib/ext/hudson.model.yml index 8fa6a8c0653..778094c1cad 100644 --- a/java/ql/lib/ext/hudson.model.yml +++ b/java/ql/lib/ext/hudson.model.yml @@ -7,7 +7,7 @@ extensions: - ["hudson", "FilePath", False, "copyFrom", "(URL)", "", "Argument[0]", "read-file", "manual"] - ["hudson", "FilePath", False, "copyFrom", "(FileItem)", "", "Argument[0]", "read-file", "ai-manual"] - ["hudson", "FilePath", False, "copyRecursiveTo", "(DirScanner,FilePath,String,TarCompression)", "", "Argument[1]", "create-file", "ai-manual"] - - ["hudson", "FilePath", False, "copyRecursiveTo", "(DirScanner,FilePath,String)", "", "Argument[1]", "write-file", "ai-manual"] + - ["hudson", "FilePath", False, "copyRecursiveTo", "(DirScanner,FilePath,String)", "", "Argument[1]", "file-content-store", "ai-manual"] - ["hudson", "FilePath", False, "copyRecursiveTo", "(String,FilePath)", "", "Argument[1]", "create-file", "ai-manual"] - ["hudson", "FilePath", False, "copyRecursiveTo", "(String,String,FilePath)", "", "Argument[0]", "read-file", "ai-manual"] - ["hudson", "FilePath", False, "copyRecursiveTo", "(String,String,FilePath)", "", "Argument[2]", "create-file", "ai-manual"] diff --git a/java/ql/lib/ext/hudson.util.model.yml b/java/ql/lib/ext/hudson.util.model.yml index 0e34233e735..963783006d2 100644 --- a/java/ql/lib/ext/hudson.util.model.yml +++ b/java/ql/lib/ext/hudson.util.model.yml @@ -15,11 +15,10 @@ extensions: - ["hudson.util", "TextFile", True, "lines", "()", "", "Argument[this]", "read-file", "manual"] - ["hudson.util", "TextFile", True, "read", "()", "", "Argument[this]", "read-file", "manual"] - ["hudson.util", "TextFile", True, "readTrim", "()", "", "Argument[this]", "read-file", "manual"] - - ["hudson.util", "TextFile", True, "write", "(String)", "", "Argument[0]", "write-file", "manual"] + - ["hudson.util", "TextFile", True, "write", "(String)", "", "Argument[0]", "file-content-store", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel data: - ["hudson.util", "QuotedStringTokenizer", True, "tokenize", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"] - ["hudson.util", "TextFile", True, "TextFile", "(File)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"] - diff --git a/java/ql/lib/ext/java.io.model.yml b/java/ql/lib/ext/java.io.model.yml index 2db99b7027e..73d0258f832 100644 --- a/java/ql/lib/ext/java.io.model.yml +++ b/java/ql/lib/ext/java.io.model.yml @@ -8,7 +8,7 @@ extensions: - ["java.io", "FileInputStream", True, "FileInputStream", "(File)", "", "Argument[0]", "read-file", "ai-manual"] - ["java.io", "FileInputStream", True, "FileInputStream", "(String)", "", "Argument[0]", "read-file", "ai-manual"] - ["java.io", "FileOutputStream", False, "FileOutputStream", "", "", "Argument[0]", "create-file", "manual"] - - ["java.io", "FileOutputStream", False, "write", "", "", "Argument[0]", "write-file", "manual"] + - ["java.io", "FileOutputStream", False, "write", "", "", "Argument[0]", "file-content-store", "manual"] - ["java.io", "FileReader", True, "FileReader", "(File)", "", "Argument[0]", "read-file", "ai-manual"] - ["java.io", "FileReader", True, "FileReader", "(String)", "", "Argument[0]", "read-file", "ai-manual"] - ["java.io", "FileSystem", True, "createDirectory", "(File)", "", "Argument[0]", "create-file", "ai-manual"] @@ -19,34 +19,34 @@ extensions: - ["java.io", "PrintStream", False, "PrintStream", "(String)", "", "Argument[0]", "create-file", "manual"] - ["java.io", "PrintStream", False, "PrintStream", "(String,Charset)", "", "Argument[0]", "create-file", "manual"] - ["java.io", "PrintStream", False, "PrintStream", "(String,String)", "", "Argument[0]", "create-file", "manual"] - - ["java.io", "PrintStream", True, "append", "", "", "Argument[0]", "write-file", "manual"] - - ["java.io", "PrintStream", True, "format", "(Locale,String,Object[])", "", "Argument[1..2]", "write-file", "manual"] - - ["java.io", "PrintStream", True, "format", "(String,Object[])", "", "Argument[0..1]", "write-file", "manual"] - - ["java.io", "PrintStream", True, "print", "", "", "Argument[0]", "write-file", "manual"] - - ["java.io", "PrintStream", True, "printf", "(Locale,String,Object[])", "", "Argument[1..2]", "write-file", "manual"] - - ["java.io", "PrintStream", True, "printf", "(String,Object[])", "", "Argument[0..1]", "write-file", "manual"] - - ["java.io", "PrintStream", True, "println", "", "", "Argument[0]", "write-file", "manual"] - - ["java.io", "PrintStream", True, "write", "", "", "Argument[0]", "write-file", "manual"] - - ["java.io", "PrintStream", True, "writeBytes", "", "", "Argument[0]", "write-file", "manual"] + - ["java.io", "PrintStream", True, "append", "", "", "Argument[0]", "file-content-store", "manual"] + - ["java.io", "PrintStream", True, "format", "(Locale,String,Object[])", "", "Argument[1..2]", "file-content-store", "manual"] + - ["java.io", "PrintStream", True, "format", "(String,Object[])", "", "Argument[0..1]", "file-content-store", "manual"] + - ["java.io", "PrintStream", True, "print", "", "", "Argument[0]", "file-content-store", "manual"] + - ["java.io", "PrintStream", True, "printf", "(Locale,String,Object[])", "", "Argument[1..2]", "file-content-store", "manual"] + - ["java.io", "PrintStream", True, "printf", "(String,Object[])", "", "Argument[0..1]", "file-content-store", "manual"] + - ["java.io", "PrintStream", True, "println", "", "", "Argument[0]", "file-content-store", "manual"] + - ["java.io", "PrintStream", True, "write", "", "", "Argument[0]", "file-content-store", "manual"] + - ["java.io", "PrintStream", True, "writeBytes", "", "", "Argument[0]", "file-content-store", "manual"] - ["java.io", "PrintWriter", False, "PrintWriter", "(File)", "", "Argument[0]", "create-file", "manual"] - ["java.io", "PrintWriter", False, "PrintWriter", "(File,Charset)", "", "Argument[0]", "create-file", "manual"] - ["java.io", "PrintWriter", False, "PrintWriter", "(File,String)", "", "Argument[0]", "create-file", "manual"] - ["java.io", "PrintWriter", False, "PrintWriter", "(String)", "", "Argument[0]", "create-file", "manual"] - ["java.io", "PrintWriter", False, "PrintWriter", "(String,Charset)", "", "Argument[0]", "create-file", "manual"] - ["java.io", "PrintWriter", False, "PrintWriter", "(String,String)", "", "Argument[0]", "create-file", "manual"] - - ["java.io", "PrintWriter", False, "format", "(Locale,String,Object[])", "", "Argument[1..2]", "write-file", "manual"] - - ["java.io", "PrintWriter", False, "format", "(String,Object[])", "", "Argument[0..1]", "write-file", "manual"] - - ["java.io", "PrintWriter", False, "print", "", "", "Argument[0]", "write-file", "manual"] - - ["java.io", "PrintWriter", False, "printf", "(Locale,String,Object[])", "", "Argument[1..2]", "write-file", "manual"] - - ["java.io", "PrintWriter", False, "printf", "(String,Object[])", "", "Argument[0..1]", "write-file", "manual"] - - ["java.io", "PrintWriter", False, "println", "", "", "Argument[0]", "write-file", "manual"] + - ["java.io", "PrintWriter", False, "format", "(Locale,String,Object[])", "", "Argument[1..2]", "file-content-store", "manual"] + - ["java.io", "PrintWriter", False, "format", "(String,Object[])", "", "Argument[0..1]", "file-content-store", "manual"] + - ["java.io", "PrintWriter", False, "print", "", "", "Argument[0]", "file-content-store", "manual"] + - ["java.io", "PrintWriter", False, "printf", "(Locale,String,Object[])", "", "Argument[1..2]", "file-content-store", "manual"] + - ["java.io", "PrintWriter", False, "printf", "(String,Object[])", "", "Argument[0..1]", "file-content-store", "manual"] + - ["java.io", "PrintWriter", False, "println", "", "", "Argument[0]", "file-content-store", "manual"] - ["java.io", "RandomAccessFile", False, "RandomAccessFile", "", "", "Argument[0]", "create-file", "manual"] - - ["java.io", "RandomAccessFile", False, "write", "", "", "Argument[0]", "write-file", "manual"] - - ["java.io", "RandomAccessFile", False, "writeBytes", "", "", "Argument[0]", "write-file", "manual"] - - ["java.io", "RandomAccessFile", False, "writeChars", "", "", "Argument[0]", "write-file", "manual"] - - ["java.io", "RandomAccessFile", False, "writeUTF", "", "", "Argument[0]", "write-file", "manual"] - - ["java.io", "Writer", True, "append", "", "", "Argument[0]", "write-file", "manual"] - - ["java.io", "Writer", True, "write", "", "", "Argument[0]", "write-file", "manual"] + - ["java.io", "RandomAccessFile", False, "write", "", "", "Argument[0]", "file-content-store", "manual"] + - ["java.io", "RandomAccessFile", False, "writeBytes", "", "", "Argument[0]", "file-content-store", "manual"] + - ["java.io", "RandomAccessFile", False, "writeChars", "", "", "Argument[0]", "file-content-store", "manual"] + - ["java.io", "RandomAccessFile", False, "writeUTF", "", "", "Argument[0]", "file-content-store", "manual"] + - ["java.io", "Writer", True, "append", "", "", "Argument[0]", "file-content-store", "manual"] + - ["java.io", "Writer", True, "write", "", "", "Argument[0]", "file-content-store", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml index 42ae8b9052b..f6728654afe 100644 --- a/java/ql/lib/ext/java.nio.file.model.yml +++ b/java/ql/lib/ext/java.nio.file.model.yml @@ -6,7 +6,7 @@ extensions: - ["java.nio.file", "Files", False, "copy", "(Path,OutputStream)", "", "Argument[0]", "read-file", "manual"] - ["java.nio.file", "Files", False, "copy", "(Path,Path,CopyOption[])", "", "Argument[0]", "read-file", "manual"] - ["java.nio.file", "Files", False, "copy", "(Path,Path,CopyOption[])", "", "Argument[1]", "create-file", "manual"] - - ["java.nio.file", "Files", False, "copy", "(InputStream,Path,CopyOption[])", "", "Argument[0]", "write-file", "manual"] + - ["java.nio.file", "Files", False, "copy", "(InputStream,Path,CopyOption[])", "", "Argument[0]", "file-content-store", "manual"] - ["java.nio.file", "Files", False, "copy", "(InputStream,Path,CopyOption[])", "", "Argument[1]", "create-file", "manual"] - ["java.nio.file", "Files", False, "createDirectories", "", "", "Argument[0]", "create-file", "manual"] - ["java.nio.file", "Files", False, "createDirectory", "", "", "Argument[0]", "create-file", "manual"] @@ -32,9 +32,9 @@ extensions: - ["java.nio.file", "Files", False, "readString", "(Path,Charset)", "", "Argument[0]", "read-file", "ai-manual"] - ["java.nio.file", "Files", False, "readString", "(Path)", "", "Argument[0]", "read-file", "ai-manual"] - ["java.nio.file", "Files", False, "write", "", "", "Argument[0]", "create-file", "manual"] - - ["java.nio.file", "Files", False, "write", "", "", "Argument[1]", "write-file", "manual"] + - ["java.nio.file", "Files", False, "write", "", "", "Argument[1]", "file-content-store", "manual"] - ["java.nio.file", "Files", False, "writeString", "", "", "Argument[0]", "create-file", "manual"] - - ["java.nio.file", "Files", False, "writeString", "", "", "Argument[1]", "write-file", "manual"] + - ["java.nio.file", "Files", False, "writeString", "", "", "Argument[1]", "file-content-store", "manual"] - ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[1]", "create-file", "ai-manual"] - ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[0]", "create-file", "ai-manual"] # should be delete-file - ["java.nio.file", "Files", True, "delete", "(Path)", "", "Argument[0]", "create-file", "ai-manual"] # should be delete-file diff --git a/java/ql/lib/ext/org.apache.commons.io.model.yml b/java/ql/lib/ext/org.apache.commons.io.model.yml index e23dd5fca44..c2892e9595e 100644 --- a/java/ql/lib/ext/org.apache.commons.io.model.yml +++ b/java/ql/lib/ext/org.apache.commons.io.model.yml @@ -16,8 +16,8 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.commons.io", "FileUtils", True, "copyInputStreamToFile", "(InputStream,File)", "", "Argument[0]", "write-file", "ai-manual"] + - ["org.apache.commons.io", "FileUtils", True, "copyInputStreamToFile", "(InputStream,File)", "", "Argument[0]", "file-content-store", "ai-manual"] - ["org.apache.commons.io", "FileUtils", True, "copyInputStreamToFile", "(InputStream,File)", "", "Argument[1]", "create-file", "manual"] - - ["org.apache.commons.io", "FileUtils", True, "copyToFile", "(InputStream,File)", "", "Argument[0]", "write-file", "ai-manual"] + - ["org.apache.commons.io", "FileUtils", True, "copyToFile", "(InputStream,File)", "", "Argument[0]", "file-content-store", "ai-manual"] - ["org.apache.commons.io", "FileUtils", True, "copyToFile", "(InputStream,File)", "", "Argument[1]", "create-file", "manual"] - ["org.apache.commons.io", "FileUtils", True, "openInputStream", "(File)", "", "Argument[0]", "read-file", "ai-manual"] diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index 5d9290fce9f..7633f47c3bd 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -277,7 +277,7 @@ module ModelValidation { "open-url", "jndi-injection", "ldap-injection", "sql-injection", "jdbc-url", "log-injection", "mvel-injection", "xpath-injection", "groovy-injection", "html-injection", "js-injection", "ognl-injection", "intent-redirection", - "pending-intents", "url-redirection", "create-file", "read-file", "write-file", + "pending-intents", "url-redirection", "create-file", "read-file", "file-content-store", "hostname-verification", "response-splitting", "information-leak", "xslt-injection", "jexl-injection", "bean-validation", "template-injection", "fragment-injection", "command-injection" diff --git a/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll b/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll index 2641a3ab0df..cf081085bab 100644 --- a/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll @@ -40,7 +40,7 @@ class LocalFileOpenCall extends Storable { /** Holds if `input` is written into `file`. */ private predicate filesystemInput(DataFlow::Node file, Argument input) { - exists(DataFlow::Node write | sinkNode(write, "write-file") | + exists(DataFlow::Node write | sinkNode(write, "file-content-store") | input = write.asExpr() or isVarargs(input, write) ) and diff --git a/java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll b/java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll index 8583e793fc9..7877594519a 100644 --- a/java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll +++ b/java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll @@ -252,7 +252,7 @@ bindingset[kind] predicate isRelevantSinkKind(string kind) { not kind = "log-injection" and not kind.matches("regex-use%") and - not kind = "write-file" + not kind = "file-content-store" } /** From cb10f4976b260df51a82973804774475a079793d Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Tue, 30 May 2023 13:06:37 -0400 Subject: [PATCH 763/870] Java: update create/read-file sink kinds to path-injection --- .../ql/lib/ext/com.google.common.io.model.yml | 14 +- .../ext/com.thoughtworks.xstream.model.yml | 2 +- .../lib/ext/generated/kotlinstdlib.model.yml | 20 +- .../generated/org.apache.commons.io.model.yml | 184 +++++++++--------- java/ql/lib/ext/hudson.lifecycle.model.yml | 2 +- java/ql/lib/ext/hudson.model.model.yml | 8 +- java/ql/lib/ext/hudson.model.yml | 18 +- java/ql/lib/ext/hudson.scm.model.yml | 10 +- java/ql/lib/ext/hudson.util.io.model.yml | 4 +- java/ql/lib/ext/hudson.util.jna.model.yml | 6 +- java/ql/lib/ext/hudson.util.model.yml | 24 +-- ...tty.handler.codec.http.multipart.model.yml | 2 +- .../ql/lib/ext/io.netty.handler.ssl.model.yml | 4 +- .../lib/ext/io.netty.handler.stream.model.yml | 2 +- .../lib/ext/io.netty.util.internal.model.yml | 2 +- java/ql/lib/ext/java.io.model.yml | 44 ++--- java/ql/lib/ext/java.lang.model.yml | 10 +- java/ql/lib/ext/java.nio.file.model.yml | 72 +++---- java/ql/lib/ext/javax.servlet.model.yml | 2 +- .../ext/javax.xml.transform.stream.model.yml | 2 +- java/ql/lib/ext/kotlin.io.model.yml | 8 +- .../lib/ext/org.apache.commons.io.model.yml | 6 +- .../ql/lib/ext/org.apache.tools.ant.model.yml | 10 +- .../org.apache.tools.ant.taskdefs.model.yml | 12 +- ...dehaus.cargo.container.installer.model.yml | 4 +- ...org.kohsuke.stapler.framework.io.model.yml | 2 +- .../org.openjdk.jmh.runner.options.model.yml | 2 +- .../code/java/dataflow/ExternalFlow.qll | 2 +- ...CleartextStorageAndroidFilesystemQuery.qll | 2 +- .../code/java/security/TaintedPathQuery.qll | 4 +- .../code/java/security/ZipSlipQuery.qll | 2 +- .../CWE/CWE-200/AndroidFileIntentSink.qll | 2 +- 32 files changed, 243 insertions(+), 245 deletions(-) diff --git a/java/ql/lib/ext/com.google.common.io.model.yml b/java/ql/lib/ext/com.google.common.io.model.yml index 1158bc21274..9f3f3307462 100644 --- a/java/ql/lib/ext/com.google.common.io.model.yml +++ b/java/ql/lib/ext/com.google.common.io.model.yml @@ -3,14 +3,14 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["com.google.common.io", "Files", False, "asCharSink", "(File,Charset,FileWriteMode[])", "", "Argument[0]", "create-file", "ai-manual"] - - ["com.google.common.io", "Files", False, "asCharSource", "(File,Charset)", "", "Argument[0]", "read-file", "ai-manual"] - - ["com.google.common.io", "Files", False, "copy", "(File,OutputStream)", "", "Argument[0]", "read-file", "ai-manual"] - - ["com.google.common.io", "Files", False, "readLines", "(File,Charset)", "", "Argument[0]", "read-file", "ai-manual"] - - ["com.google.common.io", "Files", False, "toByteArray", "(File)", "", "Argument[0]", "read-file", "ai-manual"] - - ["com.google.common.io", "Files", False, "toString", "(File,Charset)", "", "Argument[0]", "read-file", "ai-manual"] + - ["com.google.common.io", "Files", False, "asCharSink", "(File,Charset,FileWriteMode[])", "", "Argument[0]", "path-injection", "ai-manual"] + - ["com.google.common.io", "Files", False, "asCharSource", "(File,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["com.google.common.io", "Files", False, "copy", "(File,OutputStream)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["com.google.common.io", "Files", False, "readLines", "(File,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["com.google.common.io", "Files", False, "toByteArray", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["com.google.common.io", "Files", False, "toString", "(File,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] - ["com.google.common.io", "Files", False, "write", "(byte[],File)", "", "Argument[0]", "file-content-store", "ai-manual"] - - ["com.google.common.io", "Files", False, "write", "(byte[],File)", "", "Argument[1]", "create-file", "manual"] + - ["com.google.common.io", "Files", False, "write", "(byte[],File)", "", "Argument[1]", "path-injection", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/com.thoughtworks.xstream.model.yml b/java/ql/lib/ext/com.thoughtworks.xstream.model.yml index d73cc27e729..c34bb91d42c 100644 --- a/java/ql/lib/ext/com.thoughtworks.xstream.model.yml +++ b/java/ql/lib/ext/com.thoughtworks.xstream.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["com.thoughtworks.xstream", "XStream", True, "fromXML", "(File)", "", "Argument[0]", "read-file", "ai-manual"] + - ["com.thoughtworks.xstream", "XStream", True, "fromXML", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/generated/kotlinstdlib.model.yml b/java/ql/lib/ext/generated/kotlinstdlib.model.yml index bc296146214..16e0cc97420 100644 --- a/java/ql/lib/ext/generated/kotlinstdlib.model.yml +++ b/java/ql/lib/ext/generated/kotlinstdlib.model.yml @@ -6,16 +6,16 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["kotlin.io", "FilesKt", false, "appendBytes", "(File,byte[])", "", "Argument[0]", "create-file", "df-generated"] - - ["kotlin.io", "FilesKt", false, "appendText", "(File,String,Charset)", "", "Argument[0]", "create-file", "df-generated"] - - ["kotlin.io", "FilesKt", false, "bufferedWriter", "(File,Charset,int)", "", "Argument[0]", "create-file", "df-generated"] - - ["kotlin.io", "FilesKt", false, "copyRecursively", "(File,File,boolean,Function2)", "", "Argument[1]", "create-file", "df-generated"] - - ["kotlin.io", "FilesKt", false, "copyTo", "(File,File,boolean,int)", "", "Argument[1]", "create-file", "df-generated"] - - ["kotlin.io", "FilesKt", false, "outputStream", "(File)", "", "Argument[0]", "create-file", "df-generated"] - - ["kotlin.io", "FilesKt", false, "printWriter", "(File,Charset)", "", "Argument[0]", "create-file", "df-generated"] - - ["kotlin.io", "FilesKt", false, "writeBytes", "(File,byte[])", "", "Argument[0]", "create-file", "df-generated"] - - ["kotlin.io", "FilesKt", false, "writeText", "(File,String,Charset)", "", "Argument[0]", "create-file", "df-generated"] - - ["kotlin.io", "FilesKt", false, "writer", "(File,Charset)", "", "Argument[0]", "create-file", "df-generated"] + - ["kotlin.io", "FilesKt", false, "appendBytes", "(File,byte[])", "", "Argument[0]", "path-injection", "df-generated"] + - ["kotlin.io", "FilesKt", false, "appendText", "(File,String,Charset)", "", "Argument[0]", "path-injection", "df-generated"] + - ["kotlin.io", "FilesKt", false, "bufferedWriter", "(File,Charset,int)", "", "Argument[0]", "path-injection", "df-generated"] + - ["kotlin.io", "FilesKt", false, "copyRecursively", "(File,File,boolean,Function2)", "", "Argument[1]", "path-injection", "df-generated"] + - ["kotlin.io", "FilesKt", false, "copyTo", "(File,File,boolean,int)", "", "Argument[1]", "path-injection", "df-generated"] + - ["kotlin.io", "FilesKt", false, "outputStream", "(File)", "", "Argument[0]", "path-injection", "df-generated"] + - ["kotlin.io", "FilesKt", false, "printWriter", "(File,Charset)", "", "Argument[0]", "path-injection", "df-generated"] + - ["kotlin.io", "FilesKt", false, "writeBytes", "(File,byte[])", "", "Argument[0]", "path-injection", "df-generated"] + - ["kotlin.io", "FilesKt", false, "writeText", "(File,String,Charset)", "", "Argument[0]", "path-injection", "df-generated"] + - ["kotlin.io", "FilesKt", false, "writer", "(File,Charset)", "", "Argument[0]", "path-injection", "df-generated"] - ["kotlin.io", "TextStreamsKt", false, "readBytes", "(URL)", "", "Argument[0]", "open-url", "df-generated"] - ["kotlin.io", "TextStreamsKt", false, "readText", "(URL,Charset)", "", "Argument[0]", "open-url", "df-generated"] diff --git a/java/ql/lib/ext/generated/org.apache.commons.io.model.yml b/java/ql/lib/ext/generated/org.apache.commons.io.model.yml index 3a40daa82ec..e43b2720252 100644 --- a/java/ql/lib/ext/generated/org.apache.commons.io.model.yml +++ b/java/ql/lib/ext/generated/org.apache.commons.io.model.yml @@ -6,100 +6,100 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.commons.io.file", "PathFilter", true, "accept", "(Path,BasicFileAttributes)", "", "Argument[0]", "create-file", "df-generated"] + - ["org.apache.commons.io.file", "PathFilter", true, "accept", "(Path,BasicFileAttributes)", "", "Argument[0]", "path-injection", "df-generated"] - ["org.apache.commons.io.file", "PathUtils", false, "copyFile", "(URL,Path,CopyOption[])", "", "Argument[0]", "open-url", "df-generated"] - - ["org.apache.commons.io.file", "PathUtils", false, "copyFile", "(URL,Path,CopyOption[])", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io.file", "PathUtils", false, "copyFileToDirectory", "(Path,Path,CopyOption[])", "", "Argument[1]", "create-file", "df-generated"] + - ["org.apache.commons.io.file", "PathUtils", false, "copyFile", "(URL,Path,CopyOption[])", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io.file", "PathUtils", false, "copyFileToDirectory", "(Path,Path,CopyOption[])", "", "Argument[1]", "path-injection", "df-generated"] - ["org.apache.commons.io.file", "PathUtils", false, "copyFileToDirectory", "(URL,Path,CopyOption[])", "", "Argument[0]", "open-url", "df-generated"] - - ["org.apache.commons.io.file", "PathUtils", false, "copyFileToDirectory", "(URL,Path,CopyOption[])", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io.file", "PathUtils", false, "newOutputStream", "(Path,boolean)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.file", "PathUtils", false, "writeString", "(Path,CharSequence,Charset,OpenOption[])", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "filter", "(IOFileFilter,File[])", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "filterList", "(IOFileFilter,File[])", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "filterSet", "(IOFileFilter,File[])", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io.input", "Tailer$Tailable", true, "getRandomAccess", "(String)", "", "Argument[this]", "create-file", "df-generated"] + - ["org.apache.commons.io.file", "PathUtils", false, "copyFileToDirectory", "(URL,Path,CopyOption[])", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io.file", "PathUtils", false, "newOutputStream", "(Path,boolean)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.file", "PathUtils", false, "writeString", "(Path,CharSequence,Charset,OpenOption[])", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "filter", "(IOFileFilter,File[])", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "filterList", "(IOFileFilter,File[])", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "filterSet", "(IOFileFilter,File[])", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io.input", "Tailer$Tailable", true, "getRandomAccess", "(String)", "", "Argument[this]", "path-injection", "df-generated"] - ["org.apache.commons.io.input", "XmlStreamReader", true, "XmlStreamReader", "(URL)", "", "Argument[0]", "open-url", "df-generated"] - - ["org.apache.commons.io.output", "DeferredFileOutputStream", true, "writeTo", "(OutputStream)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(File,Charset)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(File,Charset,boolean)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(File,CharsetEncoder)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(File,CharsetEncoder,boolean)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(File,String)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(File,String,boolean)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(String,Charset)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(String,Charset,boolean)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(String,CharsetEncoder)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(String,CharsetEncoder,boolean)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(String,String)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(String,String,boolean)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File,Charset)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File,Charset,boolean,String)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File,String)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File,String,boolean,String)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File,boolean)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File,boolean,String)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(String)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(String,boolean)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(String,boolean,String)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "XmlStreamWriter", true, "XmlStreamWriter", "(File)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io.output", "XmlStreamWriter", true, "XmlStreamWriter", "(File,String)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "copyDirectory", "(File,File)", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "copyDirectory", "(File,File,FileFilter)", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "copyDirectory", "(File,File,FileFilter,boolean)", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "copyDirectory", "(File,File,FileFilter,boolean,CopyOption[])", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "copyDirectory", "(File,File,boolean)", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "copyDirectoryToDirectory", "(File,File)", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "copyFile", "(File,File)", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "copyFile", "(File,File,CopyOption[])", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "copyFile", "(File,File,boolean)", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "copyFile", "(File,File,boolean,CopyOption[])", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "copyFileToDirectory", "(File,File)", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "copyFileToDirectory", "(File,File,boolean)", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "copyInputStreamToFile", "(InputStream,File)", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "copyToDirectory", "(File,File)", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "copyToDirectory", "(Iterable,File)", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "copyToFile", "(InputStream,File)", "", "Argument[1]", "create-file", "df-generated"] + - ["org.apache.commons.io.output", "DeferredFileOutputStream", true, "writeTo", "(OutputStream)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(File,Charset)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(File,Charset,boolean)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(File,CharsetEncoder)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(File,CharsetEncoder,boolean)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(File,String)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(File,String,boolean)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(String,Charset)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(String,Charset,boolean)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(String,CharsetEncoder)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(String,CharsetEncoder,boolean)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(String,String)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(String,String,boolean)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File,Charset)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File,Charset,boolean,String)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File,String)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File,String,boolean,String)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File,boolean)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(File,boolean,String)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(String)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(String,boolean)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "LockableFileWriter", true, "LockableFileWriter", "(String,boolean,String)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "XmlStreamWriter", true, "XmlStreamWriter", "(File)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io.output", "XmlStreamWriter", true, "XmlStreamWriter", "(File,String)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "copyDirectory", "(File,File)", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "copyDirectory", "(File,File,FileFilter)", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "copyDirectory", "(File,File,FileFilter,boolean)", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "copyDirectory", "(File,File,FileFilter,boolean,CopyOption[])", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "copyDirectory", "(File,File,boolean)", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "copyDirectoryToDirectory", "(File,File)", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "copyFile", "(File,File)", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "copyFile", "(File,File,CopyOption[])", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "copyFile", "(File,File,boolean)", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "copyFile", "(File,File,boolean,CopyOption[])", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "copyFileToDirectory", "(File,File)", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "copyFileToDirectory", "(File,File,boolean)", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "copyInputStreamToFile", "(InputStream,File)", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "copyToDirectory", "(File,File)", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "copyToDirectory", "(Iterable,File)", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "copyToFile", "(InputStream,File)", "", "Argument[1]", "path-injection", "df-generated"] - ["org.apache.commons.io", "FileUtils", true, "copyURLToFile", "(URL,File)", "", "Argument[0]", "open-url", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "copyURLToFile", "(URL,File)", "", "Argument[1]", "create-file", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "copyURLToFile", "(URL,File)", "", "Argument[1]", "path-injection", "df-generated"] - ["org.apache.commons.io", "FileUtils", true, "copyURLToFile", "(URL,File,int,int)", "", "Argument[0]", "open-url", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "copyURLToFile", "(URL,File,int,int)", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "moveDirectory", "(File,File)", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "moveDirectoryToDirectory", "(File,File,boolean)", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "moveFile", "(File,File)", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "moveFile", "(File,File,CopyOption[])", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "moveFileToDirectory", "(File,File,boolean)", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "moveToDirectory", "(File,File,boolean)", "", "Argument[1]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "newOutputStream", "(File,boolean)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "openOutputStream", "(File)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "openOutputStream", "(File,boolean)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "touch", "(File)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "write", "(File,CharSequence)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "write", "(File,CharSequence,Charset)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "write", "(File,CharSequence,Charset,boolean)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "write", "(File,CharSequence,String)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "write", "(File,CharSequence,String,boolean)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "write", "(File,CharSequence,boolean)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "writeByteArrayToFile", "(File,byte[])", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "writeByteArrayToFile", "(File,byte[],boolean)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "writeByteArrayToFile", "(File,byte[],int,int)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "writeByteArrayToFile", "(File,byte[],int,int,boolean)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,Collection)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,Collection,String)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,Collection,String,boolean)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,Collection,boolean)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,String,Collection)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,String,Collection,String)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,String,Collection,String,boolean)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,String,Collection,boolean)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String,Charset)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String,Charset,boolean)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String,String)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String,String,boolean)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String,boolean)", "", "Argument[0]", "create-file", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "copyURLToFile", "(URL,File,int,int)", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "moveDirectory", "(File,File)", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "moveDirectoryToDirectory", "(File,File,boolean)", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "moveFile", "(File,File)", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "moveFile", "(File,File,CopyOption[])", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "moveFileToDirectory", "(File,File,boolean)", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "moveToDirectory", "(File,File,boolean)", "", "Argument[1]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "newOutputStream", "(File,boolean)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "openOutputStream", "(File)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "openOutputStream", "(File,boolean)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "touch", "(File)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "write", "(File,CharSequence)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "write", "(File,CharSequence,Charset)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "write", "(File,CharSequence,Charset,boolean)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "write", "(File,CharSequence,String)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "write", "(File,CharSequence,String,boolean)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "write", "(File,CharSequence,boolean)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "writeByteArrayToFile", "(File,byte[])", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "writeByteArrayToFile", "(File,byte[],boolean)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "writeByteArrayToFile", "(File,byte[],int,int)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "writeByteArrayToFile", "(File,byte[],int,int,boolean)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,Collection)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,Collection,String)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,Collection,String,boolean)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,Collection,boolean)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,String,Collection)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,String,Collection,String)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,String,Collection,String,boolean)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "writeLines", "(File,String,Collection,boolean)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String,Charset)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String,Charset,boolean)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String,String)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String,String,boolean)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String,boolean)", "", "Argument[0]", "path-injection", "df-generated"] - ["org.apache.commons.io", "IOUtils", true, "copy", "(URL,File)", "", "Argument[0]", "open-url", "df-generated"] - - ["org.apache.commons.io", "IOUtils", true, "copy", "(URL,File)", "", "Argument[1]", "create-file", "df-generated"] + - ["org.apache.commons.io", "IOUtils", true, "copy", "(URL,File)", "", "Argument[1]", "path-injection", "df-generated"] - ["org.apache.commons.io", "IOUtils", true, "copy", "(URL,OutputStream)", "", "Argument[0]", "open-url", "df-generated"] - ["org.apache.commons.io", "IOUtils", true, "toByteArray", "(URI)", "", "Argument[0]", "open-url", "df-generated"] - ["org.apache.commons.io", "IOUtils", true, "toByteArray", "(URL)", "", "Argument[0]", "open-url", "df-generated"] @@ -109,9 +109,9 @@ extensions: - ["org.apache.commons.io", "IOUtils", true, "toString", "(URL)", "", "Argument[0]", "open-url", "df-generated"] - ["org.apache.commons.io", "IOUtils", true, "toString", "(URL,Charset)", "", "Argument[0]", "open-url", "df-generated"] - ["org.apache.commons.io", "IOUtils", true, "toString", "(URL,String)", "", "Argument[0]", "open-url", "df-generated"] - - ["org.apache.commons.io", "RandomAccessFileMode", false, "create", "(File)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "RandomAccessFileMode", false, "create", "(Path)", "", "Argument[0]", "create-file", "df-generated"] - - ["org.apache.commons.io", "RandomAccessFileMode", false, "create", "(String)", "", "Argument[0]", "create-file", "df-generated"] + - ["org.apache.commons.io", "RandomAccessFileMode", false, "create", "(File)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "RandomAccessFileMode", false, "create", "(Path)", "", "Argument[0]", "path-injection", "df-generated"] + - ["org.apache.commons.io", "RandomAccessFileMode", false, "create", "(String)", "", "Argument[0]", "path-injection", "df-generated"] - addsTo: @@ -1428,5 +1428,3 @@ extensions: - ["org.apache.commons.io", "UncheckedIOExceptions", "UncheckedIOExceptions", "()", "summary", "df-generated"] - ["org.apache.commons.io", "UncheckedIOExceptions", "create", "(Object)", "summary", "df-generated"] - ["org.apache.commons.io", "UncheckedIOExceptions", "wrap", "(IOException,Object)", "summary", "df-generated"] - - \ No newline at end of file diff --git a/java/ql/lib/ext/hudson.lifecycle.model.yml b/java/ql/lib/ext/hudson.lifecycle.model.yml index be8c5fe843a..fde691fe175 100644 --- a/java/ql/lib/ext/hudson.lifecycle.model.yml +++ b/java/ql/lib/ext/hudson.lifecycle.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["hudson.lifecycle", "Lifecycle", True, "rewriteHudsonWar", "(File)", "", "Argument[0]", "create-file", "ai-manual"] + - ["hudson.lifecycle", "Lifecycle", True, "rewriteHudsonWar", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/hudson.model.model.yml b/java/ql/lib/ext/hudson.model.model.yml index 04701194c06..2b5423961e3 100644 --- a/java/ql/lib/ext/hudson.model.model.yml +++ b/java/ql/lib/ext/hudson.model.model.yml @@ -5,11 +5,11 @@ extensions: data: - ["hudson.model", "DownloadService", True, "loadJSON", "(URL)", "", "Argument[0]", "open-url", "ai-manual"] - ["hudson.model", "DownloadService", True, "loadJSONHTML", "(URL)", "", "Argument[0]", "open-url", "ai-manual"] - - ["hudson.model", "DirectoryBrowserSupport", False, "DirectoryBrowserSupport", "(ModelObject,FilePath,String,String,boolean)", "", "Argument[1]", "read-file", "ai-manual"] - - ["hudson.model", "Items", True, "load", "(ItemGroup,File)", "", "Argument[1]", "read-file", "ai-manual"] + - ["hudson.model", "DirectoryBrowserSupport", False, "DirectoryBrowserSupport", "(ModelObject,FilePath,String,String,boolean)", "", "Argument[1]", "path-injection", "ai-manual"] + - ["hudson.model", "Items", True, "load", "(ItemGroup,File)", "", "Argument[1]", "path-injection", "ai-manual"] - ["hudson.model", "UpdateCenter$UpdateCenterConfiguration", True, "download", "(DownloadJob,URL)", "", "Argument[1]", "open-url", "ai-manual"] - - ["hudson.model", "UpdateCenter$UpdateCenterConfiguration", True, "install", "(DownloadJob,File,File)", "", "Argument[1]", "create-file", "ai-manual"] # should be delete-file - - ["hudson.model", "UpdateCenter$UpdateCenterConfiguration", True, "install", "(DownloadJob,File,File)", "", "Argument[2]", "create-file", "ai-manual"] + - ["hudson.model", "UpdateCenter$UpdateCenterConfiguration", True, "install", "(DownloadJob,File,File)", "", "Argument[1]", "path-injection", "ai-manual"] + - ["hudson.model", "UpdateCenter$UpdateCenterConfiguration", True, "install", "(DownloadJob,File,File)", "", "Argument[2]", "path-injection", "ai-manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/hudson.model.yml b/java/ql/lib/ext/hudson.model.yml index 778094c1cad..43955cb22f0 100644 --- a/java/ql/lib/ext/hudson.model.yml +++ b/java/ql/lib/ext/hudson.model.yml @@ -3,17 +3,17 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["hudson", "FilePath", False, "copyFrom", "(FilePath)", "", "Argument[0]", "read-file", "manual"] - - ["hudson", "FilePath", False, "copyFrom", "(URL)", "", "Argument[0]", "read-file", "manual"] - - ["hudson", "FilePath", False, "copyFrom", "(FileItem)", "", "Argument[0]", "read-file", "ai-manual"] - - ["hudson", "FilePath", False, "copyRecursiveTo", "(DirScanner,FilePath,String,TarCompression)", "", "Argument[1]", "create-file", "ai-manual"] + - ["hudson", "FilePath", False, "copyFrom", "(FilePath)", "", "Argument[0]", "path-injection", "manual"] + - ["hudson", "FilePath", False, "copyFrom", "(URL)", "", "Argument[0]", "path-injection", "manual"] + - ["hudson", "FilePath", False, "copyFrom", "(FileItem)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["hudson", "FilePath", False, "copyRecursiveTo", "(DirScanner,FilePath,String,TarCompression)", "", "Argument[1]", "path-injection", "ai-manual"] - ["hudson", "FilePath", False, "copyRecursiveTo", "(DirScanner,FilePath,String)", "", "Argument[1]", "file-content-store", "ai-manual"] - - ["hudson", "FilePath", False, "copyRecursiveTo", "(String,FilePath)", "", "Argument[1]", "create-file", "ai-manual"] - - ["hudson", "FilePath", False, "copyRecursiveTo", "(String,String,FilePath)", "", "Argument[0]", "read-file", "ai-manual"] - - ["hudson", "FilePath", False, "copyRecursiveTo", "(String,String,FilePath)", "", "Argument[2]", "create-file", "ai-manual"] - - ["hudson", "FilePath", False, "copyTo", "(FilePath)", "", "Argument[0]", "create-file", "ai-manual"] + - ["hudson", "FilePath", False, "copyRecursiveTo", "(String,FilePath)", "", "Argument[1]", "path-injection", "ai-manual"] + - ["hudson", "FilePath", False, "copyRecursiveTo", "(String,String,FilePath)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["hudson", "FilePath", False, "copyRecursiveTo", "(String,String,FilePath)", "", "Argument[2]", "path-injection", "ai-manual"] + - ["hudson", "FilePath", False, "copyTo", "(FilePath)", "", "Argument[0]", "path-injection", "ai-manual"] - ["hudson", "FilePath", False, "installIfNecessaryFrom", "(URL,TaskListener,String)", "", "Argument[0]", "open-url", "ai-manual"] - - ["hudson", "FilePath", False, "newInputStreamDenyingSymlinkAsNeeded", "(File,String,boolean)", "", "Argument[0]", "read-file", "ai-manual"] + - ["hudson", "FilePath", False, "newInputStreamDenyingSymlinkAsNeeded", "(File,String,boolean)", "", "Argument[0]", "path-injection", "ai-manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/hudson.scm.model.yml b/java/ql/lib/ext/hudson.scm.model.yml index f37c3442532..dc6e0bfa5bb 100644 --- a/java/ql/lib/ext/hudson.scm.model.yml +++ b/java/ql/lib/ext/hudson.scm.model.yml @@ -3,11 +3,11 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["hudson.scm", "ChangeLogParser", True, "parse", "(AbstractBuild,File)", "", "Argument[1]", "read-file", "ai-manual"] - - ["hudson.scm", "ChangeLogParser", True, "parse", "(Run,RepositoryBrowser,File)", "", "Argument[2]", "read-file", "ai-manual"] - - ["hudson.scm", "SCM", True, "checkout", "(AbstractBuild,Launcher,FilePath,BuildListener,File)", "", "Argument[2]", "create-file", "ai-manual"] - - ["hudson.scm", "SCM", True, "checkout", "(Run,Launcher,FilePath,TaskListener,File,SCMRevisionState)", "", "Argument[2]", "create-file", "ai-manual"] - - ["hudson.scm", "SCM", True, "compareRemoteRevisionWith", "(Job,Launcher,FilePath,TaskListener,SCMRevisionState)", "", "Argument[2]", "read-file", "ai-manual"] + - ["hudson.scm", "ChangeLogParser", True, "parse", "(AbstractBuild,File)", "", "Argument[1]", "path-injection", "ai-manual"] + - ["hudson.scm", "ChangeLogParser", True, "parse", "(Run,RepositoryBrowser,File)", "", "Argument[2]", "path-injection", "ai-manual"] + - ["hudson.scm", "SCM", True, "checkout", "(AbstractBuild,Launcher,FilePath,BuildListener,File)", "", "Argument[2]", "path-injection", "ai-manual"] + - ["hudson.scm", "SCM", True, "checkout", "(Run,Launcher,FilePath,TaskListener,File,SCMRevisionState)", "", "Argument[2]", "path-injection", "ai-manual"] + - ["hudson.scm", "SCM", True, "compareRemoteRevisionWith", "(Job,Launcher,FilePath,TaskListener,SCMRevisionState)", "", "Argument[2]", "path-injection", "ai-manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/hudson.util.io.model.yml b/java/ql/lib/ext/hudson.util.io.model.yml index 65e0f3efb27..3d29b93e20c 100644 --- a/java/ql/lib/ext/hudson.util.io.model.yml +++ b/java/ql/lib/ext/hudson.util.io.model.yml @@ -3,5 +3,5 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["hudson.util.io", "ReopenableFileOutputStream", True, "ReopenableFileOutputStream", "(File)", "", "Argument[0]", "create-file", "ai-manual"] - - ["hudson.util.io", "RewindableFileOutputStream", True, "RewindableFileOutputStream", "(File)", "", "Argument[0]", "create-file", "ai-manual"] + - ["hudson.util.io", "ReopenableFileOutputStream", True, "ReopenableFileOutputStream", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["hudson.util.io", "RewindableFileOutputStream", True, "RewindableFileOutputStream", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/hudson.util.jna.model.yml b/java/ql/lib/ext/hudson.util.jna.model.yml index c67d645f950..c840d0f4725 100644 --- a/java/ql/lib/ext/hudson.util.jna.model.yml +++ b/java/ql/lib/ext/hudson.util.jna.model.yml @@ -3,6 +3,6 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["hudson.util.jna", "GNUCLibrary", True, "open", "(String,int)", "", "Argument[0]", "read-file", "ai-manual"] - - ["hudson.util.jna", "Kernel32", True, "MoveFileExA", "(String,String,int)", "", "Argument[0]", "create-file", "ai-manual"] # should be delete-file - - ["hudson.util.jna", "Kernel32", True, "MoveFileExA", "(String,String,int)", "", "Argument[1]", "create-file", "ai-manual"] + - ["hudson.util.jna", "GNUCLibrary", True, "open", "(String,int)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["hudson.util.jna", "Kernel32", True, "MoveFileExA", "(String,String,int)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["hudson.util.jna", "Kernel32", True, "MoveFileExA", "(String,String,int)", "", "Argument[1]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/hudson.util.model.yml b/java/ql/lib/ext/hudson.util.model.yml index 963783006d2..39c5b55f349 100644 --- a/java/ql/lib/ext/hudson.util.model.yml +++ b/java/ql/lib/ext/hudson.util.model.yml @@ -3,18 +3,18 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["hudson.util", "AtomicFileWriter", True, "AtomicFileWriter", "(File)", "", "Argument[0]", "create-file", "ai-manual"] - - ["hudson.util", "AtomicFileWriter", True, "AtomicFileWriter", "(Path,Charset,boolean,boolean)", "", "Argument[0]", "create-file", "ai-manual"] - - ["hudson.util", "AtomicFileWriter", True, "AtomicFileWriter", "(Path,Charset)", "", "Argument[0]", "create-file", "ai-manual"] - - ["hudson.util", "ClasspathBuilder", True, "add", "(FilePath)", "", "Argument[0]", "read-file", "ai-manual"] - - ["hudson.util", "IOUtils", True, "mkdirs", "(File)", "", "Argument[0]", "create-file", "ai-manual"] - - ["hudson.util", "StreamTaskListener", True, "StreamTaskListener", "(File,boolean,Charset)", "", "Argument[0]", "create-file", "ai-manual"] - - ["hudson.util", "TextFile", True, "delete", "()", "", "Argument[this]", "create-file", "manual"] - - ["hudson.util", "TextFile", True, "fastTail", "", "", "Argument[this]", "read-file", "manual"] - - ["hudson.util", "TextFile", True, "head", "", "", "Argument[this]", "read-file", "manual"] - - ["hudson.util", "TextFile", True, "lines", "()", "", "Argument[this]", "read-file", "manual"] - - ["hudson.util", "TextFile", True, "read", "()", "", "Argument[this]", "read-file", "manual"] - - ["hudson.util", "TextFile", True, "readTrim", "()", "", "Argument[this]", "read-file", "manual"] + - ["hudson.util", "AtomicFileWriter", True, "AtomicFileWriter", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["hudson.util", "AtomicFileWriter", True, "AtomicFileWriter", "(Path,Charset,boolean,boolean)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["hudson.util", "AtomicFileWriter", True, "AtomicFileWriter", "(Path,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["hudson.util", "ClasspathBuilder", True, "add", "(FilePath)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["hudson.util", "IOUtils", True, "mkdirs", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["hudson.util", "StreamTaskListener", True, "StreamTaskListener", "(File,boolean,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["hudson.util", "TextFile", True, "delete", "()", "", "Argument[this]", "path-injection", "manual"] + - ["hudson.util", "TextFile", True, "fastTail", "", "", "Argument[this]", "path-injection", "manual"] + - ["hudson.util", "TextFile", True, "head", "", "", "Argument[this]", "path-injection", "manual"] + - ["hudson.util", "TextFile", True, "lines", "()", "", "Argument[this]", "path-injection", "manual"] + - ["hudson.util", "TextFile", True, "read", "()", "", "Argument[this]", "path-injection", "manual"] + - ["hudson.util", "TextFile", True, "readTrim", "()", "", "Argument[this]", "path-injection", "manual"] - ["hudson.util", "TextFile", True, "write", "(String)", "", "Argument[0]", "file-content-store", "manual"] - addsTo: pack: codeql/java-all diff --git a/java/ql/lib/ext/io.netty.handler.codec.http.multipart.model.yml b/java/ql/lib/ext/io.netty.handler.codec.http.multipart.model.yml index 4090f6356bf..a44a2c6c400 100644 --- a/java/ql/lib/ext/io.netty.handler.codec.http.multipart.model.yml +++ b/java/ql/lib/ext/io.netty.handler.codec.http.multipart.model.yml @@ -3,7 +3,7 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["io.netty.handler.codec.http.multipart", "HttpPostRequestEncoder", True, "addBodyFileUpload", "(String,File,String,boolean)", "", "Argument[1]", "read-file", "ai-manual"] + - ["io.netty.handler.codec.http.multipart", "HttpPostRequestEncoder", True, "addBodyFileUpload", "(String,File,String,boolean)", "", "Argument[1]", "path-injection", "ai-manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/io.netty.handler.ssl.model.yml b/java/ql/lib/ext/io.netty.handler.ssl.model.yml index 63628323f49..42cf9892f81 100644 --- a/java/ql/lib/ext/io.netty.handler.ssl.model.yml +++ b/java/ql/lib/ext/io.netty.handler.ssl.model.yml @@ -3,5 +3,5 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["io.netty.handler.ssl", "OpenSslServerContext", False, "OpenSslServerContext", "(File,File)", "", "Argument[0]", "read-file", "ai-manual"] - - ["io.netty.handler.ssl", "SslContextBuilder", False, "forServer", "(File,File)", "", "Argument[0]", "read-file", "ai-manual"] + - ["io.netty.handler.ssl", "OpenSslServerContext", False, "OpenSslServerContext", "(File,File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["io.netty.handler.ssl", "SslContextBuilder", False, "forServer", "(File,File)", "", "Argument[0]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/io.netty.handler.stream.model.yml b/java/ql/lib/ext/io.netty.handler.stream.model.yml index 1d305863f6c..f4e635f4437 100644 --- a/java/ql/lib/ext/io.netty.handler.stream.model.yml +++ b/java/ql/lib/ext/io.netty.handler.stream.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["io.netty.handler.stream", "ChunkedFile", True, "ChunkedFile", "(RandomAccessFile,long,long,int)", "", "Argument[0]", "read-file", "ai-manual"] + - ["io.netty.handler.stream", "ChunkedFile", True, "ChunkedFile", "(RandomAccessFile,long,long,int)", "", "Argument[0]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/io.netty.util.internal.model.yml b/java/ql/lib/ext/io.netty.util.internal.model.yml index 477b8e88858..d705873cc55 100644 --- a/java/ql/lib/ext/io.netty.util.internal.model.yml +++ b/java/ql/lib/ext/io.netty.util.internal.model.yml @@ -3,7 +3,7 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["io.netty.util.internal", "PlatformDependent", False, "createTempFile", "(String,String,File)", "", "Argument[2]", "create-file", "ai-manual"] + - ["io.netty.util.internal", "PlatformDependent", False, "createTempFile", "(String,String,File)", "", "Argument[2]", "path-injection", "ai-manual"] - ["io.netty.util.internal", "SocketUtils", False, "connect", "(Socket,SocketAddress,int)", "", "Argument[1]", "open-url", "ai-manual"] - addsTo: pack: codeql/java-all diff --git a/java/ql/lib/ext/java.io.model.yml b/java/ql/lib/ext/java.io.model.yml index 73d0258f832..9d22122ae30 100644 --- a/java/ql/lib/ext/java.io.model.yml +++ b/java/ql/lib/ext/java.io.model.yml @@ -3,22 +3,22 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["java.io", "File", True, "createTempFile", "(String,String,File)", "", "Argument[2]", "create-file", "ai-manual"] - - ["java.io", "File", True, "renameTo", "(File)", "", "Argument[0]", "create-file", "ai-manual"] - - ["java.io", "FileInputStream", True, "FileInputStream", "(File)", "", "Argument[0]", "read-file", "ai-manual"] - - ["java.io", "FileInputStream", True, "FileInputStream", "(String)", "", "Argument[0]", "read-file", "ai-manual"] - - ["java.io", "FileOutputStream", False, "FileOutputStream", "", "", "Argument[0]", "create-file", "manual"] + - ["java.io", "File", True, "createTempFile", "(String,String,File)", "", "Argument[2]", "path-injection", "ai-manual"] + - ["java.io", "File", True, "renameTo", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.io", "FileInputStream", True, "FileInputStream", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.io", "FileInputStream", True, "FileInputStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.io", "FileOutputStream", False, "FileOutputStream", "", "", "Argument[0]", "path-injection", "manual"] - ["java.io", "FileOutputStream", False, "write", "", "", "Argument[0]", "file-content-store", "manual"] - - ["java.io", "FileReader", True, "FileReader", "(File)", "", "Argument[0]", "read-file", "ai-manual"] - - ["java.io", "FileReader", True, "FileReader", "(String)", "", "Argument[0]", "read-file", "ai-manual"] - - ["java.io", "FileSystem", True, "createDirectory", "(File)", "", "Argument[0]", "create-file", "ai-manual"] - - ["java.io", "FileWriter", False, "FileWriter", "", "", "Argument[0]", "create-file", "manual"] - - ["java.io", "PrintStream", False, "PrintStream", "(File)", "", "Argument[0]", "create-file", "manual"] - - ["java.io", "PrintStream", False, "PrintStream", "(File,Charset)", "", "Argument[0]", "create-file", "manual"] - - ["java.io", "PrintStream", False, "PrintStream", "(File,String)", "", "Argument[0]", "create-file", "manual"] - - ["java.io", "PrintStream", False, "PrintStream", "(String)", "", "Argument[0]", "create-file", "manual"] - - ["java.io", "PrintStream", False, "PrintStream", "(String,Charset)", "", "Argument[0]", "create-file", "manual"] - - ["java.io", "PrintStream", False, "PrintStream", "(String,String)", "", "Argument[0]", "create-file", "manual"] + - ["java.io", "FileReader", True, "FileReader", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.io", "FileReader", True, "FileReader", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.io", "FileSystem", True, "createDirectory", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.io", "FileWriter", False, "FileWriter", "", "", "Argument[0]", "path-injection", "manual"] + - ["java.io", "PrintStream", False, "PrintStream", "(File)", "", "Argument[0]", "path-injection", "manual"] + - ["java.io", "PrintStream", False, "PrintStream", "(File,Charset)", "", "Argument[0]", "path-injection", "manual"] + - ["java.io", "PrintStream", False, "PrintStream", "(File,String)", "", "Argument[0]", "path-injection", "manual"] + - ["java.io", "PrintStream", False, "PrintStream", "(String)", "", "Argument[0]", "path-injection", "manual"] + - ["java.io", "PrintStream", False, "PrintStream", "(String,Charset)", "", "Argument[0]", "path-injection", "manual"] + - ["java.io", "PrintStream", False, "PrintStream", "(String,String)", "", "Argument[0]", "path-injection", "manual"] - ["java.io", "PrintStream", True, "append", "", "", "Argument[0]", "file-content-store", "manual"] - ["java.io", "PrintStream", True, "format", "(Locale,String,Object[])", "", "Argument[1..2]", "file-content-store", "manual"] - ["java.io", "PrintStream", True, "format", "(String,Object[])", "", "Argument[0..1]", "file-content-store", "manual"] @@ -28,19 +28,19 @@ extensions: - ["java.io", "PrintStream", True, "println", "", "", "Argument[0]", "file-content-store", "manual"] - ["java.io", "PrintStream", True, "write", "", "", "Argument[0]", "file-content-store", "manual"] - ["java.io", "PrintStream", True, "writeBytes", "", "", "Argument[0]", "file-content-store", "manual"] - - ["java.io", "PrintWriter", False, "PrintWriter", "(File)", "", "Argument[0]", "create-file", "manual"] - - ["java.io", "PrintWriter", False, "PrintWriter", "(File,Charset)", "", "Argument[0]", "create-file", "manual"] - - ["java.io", "PrintWriter", False, "PrintWriter", "(File,String)", "", "Argument[0]", "create-file", "manual"] - - ["java.io", "PrintWriter", False, "PrintWriter", "(String)", "", "Argument[0]", "create-file", "manual"] - - ["java.io", "PrintWriter", False, "PrintWriter", "(String,Charset)", "", "Argument[0]", "create-file", "manual"] - - ["java.io", "PrintWriter", False, "PrintWriter", "(String,String)", "", "Argument[0]", "create-file", "manual"] + - ["java.io", "PrintWriter", False, "PrintWriter", "(File)", "", "Argument[0]", "path-injection", "manual"] + - ["java.io", "PrintWriter", False, "PrintWriter", "(File,Charset)", "", "Argument[0]", "path-injection", "manual"] + - ["java.io", "PrintWriter", False, "PrintWriter", "(File,String)", "", "Argument[0]", "path-injection", "manual"] + - ["java.io", "PrintWriter", False, "PrintWriter", "(String)", "", "Argument[0]", "path-injection", "manual"] + - ["java.io", "PrintWriter", False, "PrintWriter", "(String,Charset)", "", "Argument[0]", "path-injection", "manual"] + - ["java.io", "PrintWriter", False, "PrintWriter", "(String,String)", "", "Argument[0]", "path-injection", "manual"] - ["java.io", "PrintWriter", False, "format", "(Locale,String,Object[])", "", "Argument[1..2]", "file-content-store", "manual"] - ["java.io", "PrintWriter", False, "format", "(String,Object[])", "", "Argument[0..1]", "file-content-store", "manual"] - ["java.io", "PrintWriter", False, "print", "", "", "Argument[0]", "file-content-store", "manual"] - ["java.io", "PrintWriter", False, "printf", "(Locale,String,Object[])", "", "Argument[1..2]", "file-content-store", "manual"] - ["java.io", "PrintWriter", False, "printf", "(String,Object[])", "", "Argument[0..1]", "file-content-store", "manual"] - ["java.io", "PrintWriter", False, "println", "", "", "Argument[0]", "file-content-store", "manual"] - - ["java.io", "RandomAccessFile", False, "RandomAccessFile", "", "", "Argument[0]", "create-file", "manual"] + - ["java.io", "RandomAccessFile", False, "RandomAccessFile", "", "", "Argument[0]", "path-injection", "manual"] - ["java.io", "RandomAccessFile", False, "write", "", "", "Argument[0]", "file-content-store", "manual"] - ["java.io", "RandomAccessFile", False, "writeBytes", "", "", "Argument[0]", "file-content-store", "manual"] - ["java.io", "RandomAccessFile", False, "writeChars", "", "", "Argument[0]", "file-content-store", "manual"] diff --git a/java/ql/lib/ext/java.lang.model.yml b/java/ql/lib/ext/java.lang.model.yml index b5db4e60f58..ed14b2495a3 100644 --- a/java/ql/lib/ext/java.lang.model.yml +++ b/java/ql/lib/ext/java.lang.model.yml @@ -3,11 +3,11 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["java.lang", "Class", False, "getResource", "(String)", "", "Argument[0]", "read-file", "ai-manual"] - - ["java.lang", "Class", False, "getResourceAsStream", "(String)", "", "Argument[0]", "read-file", "ai-manual"] - - ["java.lang", "ClassLoader", True, "getSystemResource", "(String)", "", "Argument[0]", "read-file", "ai-manual"] - - ["java.lang", "ClassLoader", True, "getSystemResourceAsStream", "(String)", "", "Argument[0]", "read-file", "ai-manual"] - - ["java.lang", "Module", True, "getResourceAsStream", "(String)", "", "Argument[0]", "read-file", "ai-manual"] + - ["java.lang", "Class", False, "getResource", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.lang", "Class", False, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.lang", "ClassLoader", True, "getSystemResource", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.lang", "ClassLoader", True, "getSystemResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.lang", "Module", True, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] # These are modeled in plain CodeQL. TODO: migrate them. # - ["java.lang", "ProcessBuilder", False, "command", "(String[])", "", "Argument[0]", "command-injection", "ai-manual"] # - ["java.lang", "ProcessBuilder", False, "directory", "(File)", "", "Argument[0]", "command-injection", "ai-manual"] diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml index f6728654afe..b6d161c00f4 100644 --- a/java/ql/lib/ext/java.nio.file.model.yml +++ b/java/ql/lib/ext/java.nio.file.model.yml @@ -3,45 +3,45 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["java.nio.file", "Files", False, "copy", "(Path,OutputStream)", "", "Argument[0]", "read-file", "manual"] - - ["java.nio.file", "Files", False, "copy", "(Path,Path,CopyOption[])", "", "Argument[0]", "read-file", "manual"] - - ["java.nio.file", "Files", False, "copy", "(Path,Path,CopyOption[])", "", "Argument[1]", "create-file", "manual"] + - ["java.nio.file", "Files", False, "copy", "(Path,OutputStream)", "", "Argument[0]", "path-injection", "manual"] + - ["java.nio.file", "Files", False, "copy", "(Path,Path,CopyOption[])", "", "Argument[0]", "path-injection", "manual"] + - ["java.nio.file", "Files", False, "copy", "(Path,Path,CopyOption[])", "", "Argument[1]", "path-injection", "manual"] - ["java.nio.file", "Files", False, "copy", "(InputStream,Path,CopyOption[])", "", "Argument[0]", "file-content-store", "manual"] - - ["java.nio.file", "Files", False, "copy", "(InputStream,Path,CopyOption[])", "", "Argument[1]", "create-file", "manual"] - - ["java.nio.file", "Files", False, "createDirectories", "", "", "Argument[0]", "create-file", "manual"] - - ["java.nio.file", "Files", False, "createDirectory", "", "", "Argument[0]", "create-file", "manual"] - - ["java.nio.file", "Files", False, "createFile", "", "", "Argument[0]", "create-file", "manual"] - - ["java.nio.file", "Files", False, "createLink", "", "", "Argument[0]", "create-file", "manual"] - - ["java.nio.file", "Files", False, "createSymbolicLink", "", "", "Argument[0]", "create-file", "manual"] - - ["java.nio.file", "Files", False, "createTempDirectory", "(Path,String,FileAttribute[])", "", "Argument[0]", "create-file", "manual"] - - ["java.nio.file", "Files", False, "createTempFile", "(Path,String,String,FileAttribute[])", "", "Argument[0]", "create-file", "manual"] - - ["java.nio.file", "Files", False, "delete", "(Path)", "", "Argument[0]", "create-file", "ai-manual"] # should be delete-file - - ["java.nio.file", "Files", False, "deleteIfExists", "(Path)", "", "Argument[0]", "create-file", "ai-manual"] # should be delete-file - - ["java.nio.file", "Files", False, "deleteIfExists", "(Path)", "", "Argument[0]", "create-file", "ai-manual"] # should be delete-file - - ["java.nio.file", "Files", False, "lines", "(Path,Charset)", "", "Argument[0]", "read-file", "ai-manual"] - - ["java.nio.file", "Files", False, "lines", "(Path)", "", "Argument[0]", "read-file", "ai-manual"] - - ["java.nio.file", "Files", False, "move", "", "", "Argument[1]", "create-file", "manual"] - - ["java.nio.file", "Files", False, "newBufferedReader", "(Path,Charset)", "", "Argument[0]", "read-file", "ai-manual"] - - ["java.nio.file", "Files", False, "newBufferedReader", "(Path)", "", "Argument[0]", "read-file", "ai-manual"] - - ["java.nio.file", "Files", False, "newBufferedWriter", "", "", "Argument[0]", "create-file", "manual"] - - ["java.nio.file", "Files", False, "newInputStream", "(Path,OpenOption[])", "", "Argument[0]", "read-file", "ai-manual"] - - ["java.nio.file", "Files", False, "newOutputStream", "", "", "Argument[0]", "create-file", "manual"] - - ["java.nio.file", "Files", False, "readAllBytes", "(Path)", "", "Argument[0]", "read-file", "ai-manual"] - - ["java.nio.file", "Files", False, "readAllLines", "(Path,Charset)", "", "Argument[0]", "read-file", "ai-manual"] - - ["java.nio.file", "Files", False, "readAllLines", "(Path)", "", "Argument[0]", "read-file", "ai-manual"] - - ["java.nio.file", "Files", False, "readString", "(Path,Charset)", "", "Argument[0]", "read-file", "ai-manual"] - - ["java.nio.file", "Files", False, "readString", "(Path)", "", "Argument[0]", "read-file", "ai-manual"] - - ["java.nio.file", "Files", False, "write", "", "", "Argument[0]", "create-file", "manual"] + - ["java.nio.file", "Files", False, "copy", "(InputStream,Path,CopyOption[])", "", "Argument[1]", "path-injection", "manual"] + - ["java.nio.file", "Files", False, "createDirectories", "", "", "Argument[0]", "path-injection", "manual"] + - ["java.nio.file", "Files", False, "createDirectory", "", "", "Argument[0]", "path-injection", "manual"] + - ["java.nio.file", "Files", False, "createFile", "", "", "Argument[0]", "path-injection", "manual"] + - ["java.nio.file", "Files", False, "createLink", "", "", "Argument[0]", "path-injection", "manual"] + - ["java.nio.file", "Files", False, "createSymbolicLink", "", "", "Argument[0]", "path-injection", "manual"] + - ["java.nio.file", "Files", False, "createTempDirectory", "(Path,String,FileAttribute[])", "", "Argument[0]", "path-injection", "manual"] + - ["java.nio.file", "Files", False, "createTempFile", "(Path,String,String,FileAttribute[])", "", "Argument[0]", "path-injection", "manual"] + - ["java.nio.file", "Files", False, "delete", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "Files", False, "deleteIfExists", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "Files", False, "deleteIfExists", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "Files", False, "lines", "(Path,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "Files", False, "lines", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "Files", False, "move", "", "", "Argument[1]", "path-injection", "manual"] + - ["java.nio.file", "Files", False, "newBufferedReader", "(Path,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "Files", False, "newBufferedReader", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "Files", False, "newBufferedWriter", "", "", "Argument[0]", "path-injection", "manual"] + - ["java.nio.file", "Files", False, "newInputStream", "(Path,OpenOption[])", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "Files", False, "newOutputStream", "", "", "Argument[0]", "path-injection", "manual"] + - ["java.nio.file", "Files", False, "readAllBytes", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "Files", False, "readAllLines", "(Path,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "Files", False, "readAllLines", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "Files", False, "readString", "(Path,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "Files", False, "readString", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "Files", False, "write", "", "", "Argument[0]", "path-injection", "manual"] - ["java.nio.file", "Files", False, "write", "", "", "Argument[1]", "file-content-store", "manual"] - - ["java.nio.file", "Files", False, "writeString", "", "", "Argument[0]", "create-file", "manual"] + - ["java.nio.file", "Files", False, "writeString", "", "", "Argument[0]", "path-injection", "manual"] - ["java.nio.file", "Files", False, "writeString", "", "", "Argument[1]", "file-content-store", "manual"] - - ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[1]", "create-file", "ai-manual"] - - ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[0]", "create-file", "ai-manual"] # should be delete-file - - ["java.nio.file", "Files", True, "delete", "(Path)", "", "Argument[0]", "create-file", "ai-manual"] # should be delete-file - - ["java.nio.file", "Files", True, "newInputStream", "(Path,OpenOption[])", "", "Argument[0]", "read-file", "ai-manual"] - - ["java.nio.file", "Files", True, "newOutputStream", "(Path,OpenOption[])", "", "Argument[0]", "create-file", "ai-manual"] - - ["java.nio.file", "SecureDirectoryStream", True, "deleteDirectory", "(Path)", "", "Argument[0]", "create-file", "ai-manual"] # should be delete-file - - ["java.nio.file", "SecureDirectoryStream", True, "deleteFile", "(Path)", "", "Argument[0]", "create-file", "ai-manual"] # should be delete-file + - ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[1]", "path-injection", "ai-manual"] + - ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "Files", True, "delete", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "Files", True, "newInputStream", "(Path,OpenOption[])", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "Files", True, "newOutputStream", "(Path,OpenOption[])", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "SecureDirectoryStream", True, "deleteDirectory", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "SecureDirectoryStream", True, "deleteFile", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/javax.servlet.model.yml b/java/ql/lib/ext/javax.servlet.model.yml index fae0bd6f2b3..7d7f432d2bd 100644 --- a/java/ql/lib/ext/javax.servlet.model.yml +++ b/java/ql/lib/ext/javax.servlet.model.yml @@ -14,4 +14,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["javax.servlet", "ServletContext", True, "getResourceAsStream", "(String)", "", "Argument[0]", "read-file", "ai-manual"] + - ["javax.servlet", "ServletContext", True, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/javax.xml.transform.stream.model.yml b/java/ql/lib/ext/javax.xml.transform.stream.model.yml index c058a88f337..8cb96b4c775 100644 --- a/java/ql/lib/ext/javax.xml.transform.stream.model.yml +++ b/java/ql/lib/ext/javax.xml.transform.stream.model.yml @@ -9,4 +9,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["javax.xml.transform.stream", "StreamResult", True, "StreamResult", "(File)", "", "Argument[0]", "create-file", "ai-manual"] + - ["javax.xml.transform.stream", "StreamResult", True, "StreamResult", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/kotlin.io.model.yml b/java/ql/lib/ext/kotlin.io.model.yml index 335457a48a0..98de45df9d6 100644 --- a/java/ql/lib/ext/kotlin.io.model.yml +++ b/java/ql/lib/ext/kotlin.io.model.yml @@ -3,10 +3,10 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["kotlin.io", "FilesKt", False, "deleteRecursively", "(File)", "", "Argument[0]", "create-file", "ai-manual"] # should be delete-file - - ["kotlin.io", "FilesKt", False, "inputStream", "(File)", "", "Argument[0]", "read-file", "ai-manual"] - - ["kotlin.io", "FilesKt", False, "readBytes", "(File)", "", "Argument[0]", "read-file", "ai-manual"] - - ["kotlin.io", "FilesKt", False, "readText", "(File,Charset)", "", "Argument[0]", "read-file", "ai-manual"] + - ["kotlin.io", "FilesKt", False, "deleteRecursively", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["kotlin.io", "FilesKt", False, "inputStream", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["kotlin.io", "FilesKt", False, "readBytes", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["kotlin.io", "FilesKt", False, "readText", "(File,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/org.apache.commons.io.model.yml b/java/ql/lib/ext/org.apache.commons.io.model.yml index c2892e9595e..e80bc525883 100644 --- a/java/ql/lib/ext/org.apache.commons.io.model.yml +++ b/java/ql/lib/ext/org.apache.commons.io.model.yml @@ -17,7 +17,7 @@ extensions: extensible: sinkModel data: - ["org.apache.commons.io", "FileUtils", True, "copyInputStreamToFile", "(InputStream,File)", "", "Argument[0]", "file-content-store", "ai-manual"] - - ["org.apache.commons.io", "FileUtils", True, "copyInputStreamToFile", "(InputStream,File)", "", "Argument[1]", "create-file", "manual"] + - ["org.apache.commons.io", "FileUtils", True, "copyInputStreamToFile", "(InputStream,File)", "", "Argument[1]", "path-injection", "manual"] - ["org.apache.commons.io", "FileUtils", True, "copyToFile", "(InputStream,File)", "", "Argument[0]", "file-content-store", "ai-manual"] - - ["org.apache.commons.io", "FileUtils", True, "copyToFile", "(InputStream,File)", "", "Argument[1]", "create-file", "manual"] - - ["org.apache.commons.io", "FileUtils", True, "openInputStream", "(File)", "", "Argument[0]", "read-file", "ai-manual"] + - ["org.apache.commons.io", "FileUtils", True, "copyToFile", "(InputStream,File)", "", "Argument[1]", "path-injection", "manual"] + - ["org.apache.commons.io", "FileUtils", True, "openInputStream", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/org.apache.tools.ant.model.yml b/java/ql/lib/ext/org.apache.tools.ant.model.yml index bee9b475ef7..474429db030 100644 --- a/java/ql/lib/ext/org.apache.tools.ant.model.yml +++ b/java/ql/lib/ext/org.apache.tools.ant.model.yml @@ -3,8 +3,8 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.tools.ant", "AntClassLoader", True, "addPathComponent", "(File)", "", "Argument[0]", "read-file", "ai-manual"] - - ["org.apache.tools.ant", "AntClassLoader", True, "AntClassLoader", "(ClassLoader,Project,Path,boolean)", "", "Argument[2]", "read-file", "ai-manual"] - - ["org.apache.tools.ant", "AntClassLoader", True, "AntClassLoader", "(Project,Path,boolean)", "", "Argument[1]", "read-file", "ai-manual"] - - ["org.apache.tools.ant", "AntClassLoader", True, "AntClassLoader", "(Project,Path)", "", "Argument[1]", "read-file", "ai-manual"] - - ["org.apache.tools.ant", "DirectoryScanner", True, "setBasedir", "(File)", "", "Argument[0]", "read-file", "ai-manual"] + - ["org.apache.tools.ant", "AntClassLoader", True, "addPathComponent", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["org.apache.tools.ant", "AntClassLoader", True, "AntClassLoader", "(ClassLoader,Project,Path,boolean)", "", "Argument[2]", "path-injection", "ai-manual"] + - ["org.apache.tools.ant", "AntClassLoader", True, "AntClassLoader", "(Project,Path,boolean)", "", "Argument[1]", "path-injection", "ai-manual"] + - ["org.apache.tools.ant", "AntClassLoader", True, "AntClassLoader", "(Project,Path)", "", "Argument[1]", "path-injection", "ai-manual"] + - ["org.apache.tools.ant", "DirectoryScanner", True, "setBasedir", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/org.apache.tools.ant.taskdefs.model.yml b/java/ql/lib/ext/org.apache.tools.ant.taskdefs.model.yml index 29b4ee0d16e..aaacf02d58c 100644 --- a/java/ql/lib/ext/org.apache.tools.ant.taskdefs.model.yml +++ b/java/ql/lib/ext/org.apache.tools.ant.taskdefs.model.yml @@ -3,9 +3,9 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.tools.ant.taskdefs", "Copy", True, "addFileset", "(FileSet)", "", "Argument[0]", "read-file", "ai-manual"] - - ["org.apache.tools.ant.taskdefs", "Copy", True, "setFile", "(File)", "", "Argument[0]", "read-file", "ai-manual"] - - ["org.apache.tools.ant.taskdefs", "Copy", True, "setTodir", "(File)", "", "Argument[0]", "create-file", "ai-manual"] - - ["org.apache.tools.ant.taskdefs", "Copy", True, "setTofile", "(File)", "", "Argument[0]", "create-file", "ai-manual"] - - ["org.apache.tools.ant.taskdefs", "Expand", True, "setDest", "(File)", "", "Argument[0]", "create-file", "ai-manual"] - - ["org.apache.tools.ant.taskdefs", "Expand", True, "setSrc", "(File)", "", "Argument[0]", "read-file", "ai-manual"] + - ["org.apache.tools.ant.taskdefs", "Copy", True, "addFileset", "(FileSet)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["org.apache.tools.ant.taskdefs", "Copy", True, "setFile", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["org.apache.tools.ant.taskdefs", "Copy", True, "setTodir", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["org.apache.tools.ant.taskdefs", "Copy", True, "setTofile", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["org.apache.tools.ant.taskdefs", "Expand", True, "setDest", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["org.apache.tools.ant.taskdefs", "Expand", True, "setSrc", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/org.codehaus.cargo.container.installer.model.yml b/java/ql/lib/ext/org.codehaus.cargo.container.installer.model.yml index dbb6ace53da..ddd4d24577e 100644 --- a/java/ql/lib/ext/org.codehaus.cargo.container.installer.model.yml +++ b/java/ql/lib/ext/org.codehaus.cargo.container.installer.model.yml @@ -4,5 +4,5 @@ extensions: extensible: sinkModel data: - ["org.codehaus.cargo.container.installer", "ZipURLInstaller", True, "ZipURLInstaller", "(URL,String,String)", "", "Argument[0]", "open-url", "ai-manual"] - - ["org.codehaus.cargo.container.installer", "ZipURLInstaller", True, "ZipURLInstaller", "(URL,String,String)", "", "Argument[1]", "create-file", "ai-manual"] - - ["org.codehaus.cargo.container.installer", "ZipURLInstaller", True, "ZipURLInstaller", "(URL,String,String)", "", "Argument[2]", "create-file", "ai-manual"] + - ["org.codehaus.cargo.container.installer", "ZipURLInstaller", True, "ZipURLInstaller", "(URL,String,String)", "", "Argument[1]", "path-injection", "ai-manual"] + - ["org.codehaus.cargo.container.installer", "ZipURLInstaller", True, "ZipURLInstaller", "(URL,String,String)", "", "Argument[2]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/org.kohsuke.stapler.framework.io.model.yml b/java/ql/lib/ext/org.kohsuke.stapler.framework.io.model.yml index 514b23a9958..49cd049cdfa 100644 --- a/java/ql/lib/ext/org.kohsuke.stapler.framework.io.model.yml +++ b/java/ql/lib/ext/org.kohsuke.stapler.framework.io.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.kohsuke.stapler.framework.io", "LargeText", True, "LargeText", "(File,Charset,boolean,boolean)", "", "Argument[0]", "read-file", "ai-manual"] + - ["org.kohsuke.stapler.framework.io", "LargeText", True, "LargeText", "(File,Charset,boolean,boolean)", "", "Argument[0]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/org.openjdk.jmh.runner.options.model.yml b/java/ql/lib/ext/org.openjdk.jmh.runner.options.model.yml index a4eb31084cc..1d2aa29efee 100644 --- a/java/ql/lib/ext/org.openjdk.jmh.runner.options.model.yml +++ b/java/ql/lib/ext/org.openjdk.jmh.runner.options.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.openjdk.jmh.runner.options", "ChainedOptionsBuilder", True, "result", "(String)", "", "Argument[0]", "create-file", "ai-manual"] + - ["org.openjdk.jmh.runner.options", "ChainedOptionsBuilder", True, "result", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index 7633f47c3bd..b4d1e146312 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -277,7 +277,7 @@ module ModelValidation { "open-url", "jndi-injection", "ldap-injection", "sql-injection", "jdbc-url", "log-injection", "mvel-injection", "xpath-injection", "groovy-injection", "html-injection", "js-injection", "ognl-injection", "intent-redirection", - "pending-intents", "url-redirection", "create-file", "read-file", "file-content-store", + "pending-intents", "url-redirection", "path-injection", "file-content-store", "hostname-verification", "response-splitting", "information-leak", "xslt-injection", "jexl-injection", "bean-validation", "template-injection", "fragment-injection", "command-injection" diff --git a/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll b/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll index cf081085bab..d7097f1ecf2 100644 --- a/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll @@ -20,7 +20,7 @@ private class AndroidFilesystemCleartextStorageSink extends CleartextStorageSink /** A call to a method or constructor that may write to files to the local filesystem. */ class LocalFileOpenCall extends Storable { LocalFileOpenCall() { - this = any(DataFlow::Node sink | sinkNode(sink, "create-file")).asExpr().(Argument).getCall() + this = any(DataFlow::Node sink | sinkNode(sink, "path-injection")).asExpr().(Argument).getCall() } override Expr getAnInput() { diff --git a/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll b/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll index 27a54d0ecfa..4fa64846c91 100644 --- a/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll +++ b/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll @@ -58,7 +58,7 @@ module TaintedPathConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(PathCreation p).getAnInput() or - sinkNode(sink, ["create-file", "read-file"]) + sinkNode(sink, "path-injection") } predicate isBarrier(DataFlow::Node sanitizer) { @@ -85,7 +85,7 @@ module TaintedPathLocalConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(PathCreation p).getAnInput() or - sinkNode(sink, "create-file") + sinkNode(sink, "path-injection") } predicate isBarrier(DataFlow::Node sanitizer) { diff --git a/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll b/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll index 6eaa372075b..4fad191a3e4 100644 --- a/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll @@ -40,5 +40,5 @@ module ZipSlipFlow = TaintTracking::Global<ZipSlipConfig>; * A sink that represents a file creation, such as a file write, copy or move operation. */ private class FileCreationSink extends DataFlow::Node { - FileCreationSink() { sinkNode(this, "create-file") } + FileCreationSink() { sinkNode(this, "path-injection") } } diff --git a/java/ql/src/experimental/Security/CWE/CWE-200/AndroidFileIntentSink.qll b/java/ql/src/experimental/Security/CWE/CWE-200/AndroidFileIntentSink.qll index e8795a25431..ba6c895dc8f 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-200/AndroidFileIntentSink.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-200/AndroidFileIntentSink.qll @@ -8,7 +8,7 @@ import semmle.code.java.frameworks.android.Intent /** A sink representing methods creating a file in Android. */ class AndroidFileSink extends DataFlow::Node { - AndroidFileSink() { sinkNode(this, "create-file") } + AndroidFileSink() { sinkNode(this, "path-injection") } } /** From 5dbb6984815bef54ca3d073a475ca3490dda92bf Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Wed, 31 May 2023 15:50:31 -0400 Subject: [PATCH 764/870] Java: update open/jdbc-url sink kinds to request-forgery --- java/ql/lib/ext/com.zaxxer.hikari.model.yml | 4 +- .../lib/ext/generated/kotlinstdlib.model.yml | 4 +- .../generated/org.apache.commons.io.model.yml | 30 ++-- java/ql/lib/ext/hudson.cli.model.yml | 4 +- java/ql/lib/ext/hudson.model.model.yml | 6 +- java/ql/lib/ext/hudson.model.yml | 2 +- java/ql/lib/ext/io.netty.bootstrap.model.yml | 6 +- java/ql/lib/ext/io.netty.channel.model.yml | 18 +- .../ext/io.netty.handler.codec.http.model.yml | 6 +- .../lib/ext/io.netty.util.internal.model.yml | 2 +- .../ql/lib/ext/jakarta.ws.rs.client.model.yml | 2 +- java/ql/lib/ext/java.net.http.model.yml | 4 +- java/ql/lib/ext/java.net.model.yml | 32 ++-- java/ql/lib/ext/java.sql.model.yml | 8 +- java/ql/lib/ext/javafx.scene.web.model.yml | 2 +- java/ql/lib/ext/javax.ws.rs.client.model.yml | 2 +- java/ql/lib/ext/okhttp3.model.yml | 8 +- .../ext/org.apache.commons.jelly.model.yml | 12 +- ...he.hc.client5.http.async.methods.model.yml | 168 +++++++++--------- ....hc.client5.http.classic.methods.model.yml | 74 ++++---- ...rg.apache.hc.client5.http.fluent.model.yml | 38 ++-- .../org.apache.hc.core5.benchmark.model.yml | 2 +- ...che.hc.core5.http.impl.bootstrap.model.yml | 4 +- ....apache.hc.core5.http.io.support.model.yml | 32 ++-- ...org.apache.hc.core5.http.message.model.yml | 16 +- .../ext/org.apache.hc.core5.http.model.yml | 6 +- ...apache.hc.core5.http.nio.support.model.yml | 48 ++--- ...org.apache.hc.core5.http.support.model.yml | 38 ++-- .../org.apache.http.client.fluent.model.yml | 32 ++-- .../org.apache.http.client.methods.model.yml | 38 ++-- .../lib/ext/org.apache.http.client.model.yml | 6 +- .../ext/org.apache.http.impl.client.model.yml | 2 +- .../lib/ext/org.apache.http.message.model.yml | 12 +- java/ql/lib/ext/org.apache.http.model.yml | 2 +- ...dehaus.cargo.container.installer.model.yml | 2 +- .../ext/org.eclipse.jetty.client.model.yml | 2 +- java/ql/lib/ext/org.jdbi.v3.core.model.yml | 12 +- java/ql/lib/ext/org.kohsuke.stapler.model.yml | 2 +- .../org.springframework.boot.jdbc.model.yml | 2 +- .../ext/org.springframework.http.model.yml | 28 +-- ....springframework.jdbc.datasource.model.yml | 8 +- .../org.springframework.web.client.model.yml | 26 +-- ...ork.web.reactive.function.client.model.yml | 4 +- java/ql/lib/ext/retrofit2.model.yml | 2 +- .../code/java/dataflow/ExternalFlow.qll | 13 +- .../semmle/code/java/security/HttpsUrls.qll | 2 +- .../code/java/security/RequestForgery.qll | 8 +- .../Security/CWE/CWE-552/UnsafeUrlForward.qll | 2 +- .../library-tests/frameworks/okhttp/test.ql | 4 +- .../library-tests/frameworks/retrofit/test.ql | 4 +- 50 files changed, 395 insertions(+), 396 deletions(-) diff --git a/java/ql/lib/ext/com.zaxxer.hikari.model.yml b/java/ql/lib/ext/com.zaxxer.hikari.model.yml index 5fcab32cc7e..5c048e7c3c0 100644 --- a/java/ql/lib/ext/com.zaxxer.hikari.model.yml +++ b/java/ql/lib/ext/com.zaxxer.hikari.model.yml @@ -3,5 +3,5 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["com.zaxxer.hikari", "HikariConfig", False, "HikariConfig", "(Properties)", "", "Argument[0]", "jdbc-url", "manual"] - - ["com.zaxxer.hikari", "HikariConfig", False, "setJdbcUrl", "(String)", "", "Argument[0]", "jdbc-url", "manual"] + - ["com.zaxxer.hikari", "HikariConfig", False, "HikariConfig", "(Properties)", "", "Argument[0]", "request-forgery", "manual"] + - ["com.zaxxer.hikari", "HikariConfig", False, "setJdbcUrl", "(String)", "", "Argument[0]", "request-forgery", "manual"] diff --git a/java/ql/lib/ext/generated/kotlinstdlib.model.yml b/java/ql/lib/ext/generated/kotlinstdlib.model.yml index 16e0cc97420..a4f310b20b9 100644 --- a/java/ql/lib/ext/generated/kotlinstdlib.model.yml +++ b/java/ql/lib/ext/generated/kotlinstdlib.model.yml @@ -16,8 +16,8 @@ extensions: - ["kotlin.io", "FilesKt", false, "writeBytes", "(File,byte[])", "", "Argument[0]", "path-injection", "df-generated"] - ["kotlin.io", "FilesKt", false, "writeText", "(File,String,Charset)", "", "Argument[0]", "path-injection", "df-generated"] - ["kotlin.io", "FilesKt", false, "writer", "(File,Charset)", "", "Argument[0]", "path-injection", "df-generated"] - - ["kotlin.io", "TextStreamsKt", false, "readBytes", "(URL)", "", "Argument[0]", "open-url", "df-generated"] - - ["kotlin.io", "TextStreamsKt", false, "readText", "(URL,Charset)", "", "Argument[0]", "open-url", "df-generated"] + - ["kotlin.io", "TextStreamsKt", false, "readBytes", "(URL)", "", "Argument[0]", "request-forgery", "df-generated"] + - ["kotlin.io", "TextStreamsKt", false, "readText", "(URL,Charset)", "", "Argument[0]", "request-forgery", "df-generated"] - addsTo: diff --git a/java/ql/lib/ext/generated/org.apache.commons.io.model.yml b/java/ql/lib/ext/generated/org.apache.commons.io.model.yml index e43b2720252..c220b8c82eb 100644 --- a/java/ql/lib/ext/generated/org.apache.commons.io.model.yml +++ b/java/ql/lib/ext/generated/org.apache.commons.io.model.yml @@ -7,10 +7,10 @@ extensions: extensible: sinkModel data: - ["org.apache.commons.io.file", "PathFilter", true, "accept", "(Path,BasicFileAttributes)", "", "Argument[0]", "path-injection", "df-generated"] - - ["org.apache.commons.io.file", "PathUtils", false, "copyFile", "(URL,Path,CopyOption[])", "", "Argument[0]", "open-url", "df-generated"] + - ["org.apache.commons.io.file", "PathUtils", false, "copyFile", "(URL,Path,CopyOption[])", "", "Argument[0]", "request-forgery", "df-generated"] - ["org.apache.commons.io.file", "PathUtils", false, "copyFile", "(URL,Path,CopyOption[])", "", "Argument[1]", "path-injection", "df-generated"] - ["org.apache.commons.io.file", "PathUtils", false, "copyFileToDirectory", "(Path,Path,CopyOption[])", "", "Argument[1]", "path-injection", "df-generated"] - - ["org.apache.commons.io.file", "PathUtils", false, "copyFileToDirectory", "(URL,Path,CopyOption[])", "", "Argument[0]", "open-url", "df-generated"] + - ["org.apache.commons.io.file", "PathUtils", false, "copyFileToDirectory", "(URL,Path,CopyOption[])", "", "Argument[0]", "request-forgery", "df-generated"] - ["org.apache.commons.io.file", "PathUtils", false, "copyFileToDirectory", "(URL,Path,CopyOption[])", "", "Argument[1]", "path-injection", "df-generated"] - ["org.apache.commons.io.file", "PathUtils", false, "newOutputStream", "(Path,boolean)", "", "Argument[0]", "path-injection", "df-generated"] - ["org.apache.commons.io.file", "PathUtils", false, "writeString", "(Path,CharSequence,Charset,OpenOption[])", "", "Argument[0]", "path-injection", "df-generated"] @@ -18,7 +18,7 @@ extensions: - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "filterList", "(IOFileFilter,File[])", "", "Argument[1]", "path-injection", "df-generated"] - ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "filterSet", "(IOFileFilter,File[])", "", "Argument[1]", "path-injection", "df-generated"] - ["org.apache.commons.io.input", "Tailer$Tailable", true, "getRandomAccess", "(String)", "", "Argument[this]", "path-injection", "df-generated"] - - ["org.apache.commons.io.input", "XmlStreamReader", true, "XmlStreamReader", "(URL)", "", "Argument[0]", "open-url", "df-generated"] + - ["org.apache.commons.io.input", "XmlStreamReader", true, "XmlStreamReader", "(URL)", "", "Argument[0]", "request-forgery", "df-generated"] - ["org.apache.commons.io.output", "DeferredFileOutputStream", true, "writeTo", "(OutputStream)", "", "Argument[0]", "path-injection", "df-generated"] - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(File,Charset)", "", "Argument[0]", "path-injection", "df-generated"] - ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(File,Charset,boolean)", "", "Argument[0]", "path-injection", "df-generated"] @@ -60,9 +60,9 @@ extensions: - ["org.apache.commons.io", "FileUtils", true, "copyToDirectory", "(File,File)", "", "Argument[1]", "path-injection", "df-generated"] - ["org.apache.commons.io", "FileUtils", true, "copyToDirectory", "(Iterable,File)", "", "Argument[1]", "path-injection", "df-generated"] - ["org.apache.commons.io", "FileUtils", true, "copyToFile", "(InputStream,File)", "", "Argument[1]", "path-injection", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "copyURLToFile", "(URL,File)", "", "Argument[0]", "open-url", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "copyURLToFile", "(URL,File)", "", "Argument[0]", "request-forgery", "df-generated"] - ["org.apache.commons.io", "FileUtils", true, "copyURLToFile", "(URL,File)", "", "Argument[1]", "path-injection", "df-generated"] - - ["org.apache.commons.io", "FileUtils", true, "copyURLToFile", "(URL,File,int,int)", "", "Argument[0]", "open-url", "df-generated"] + - ["org.apache.commons.io", "FileUtils", true, "copyURLToFile", "(URL,File,int,int)", "", "Argument[0]", "request-forgery", "df-generated"] - ["org.apache.commons.io", "FileUtils", true, "copyURLToFile", "(URL,File,int,int)", "", "Argument[1]", "path-injection", "df-generated"] - ["org.apache.commons.io", "FileUtils", true, "moveDirectory", "(File,File)", "", "Argument[1]", "path-injection", "df-generated"] - ["org.apache.commons.io", "FileUtils", true, "moveDirectoryToDirectory", "(File,File,boolean)", "", "Argument[1]", "path-injection", "df-generated"] @@ -98,17 +98,17 @@ extensions: - ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String,String)", "", "Argument[0]", "path-injection", "df-generated"] - ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String,String,boolean)", "", "Argument[0]", "path-injection", "df-generated"] - ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String,boolean)", "", "Argument[0]", "path-injection", "df-generated"] - - ["org.apache.commons.io", "IOUtils", true, "copy", "(URL,File)", "", "Argument[0]", "open-url", "df-generated"] + - ["org.apache.commons.io", "IOUtils", true, "copy", "(URL,File)", "", "Argument[0]", "request-forgery", "df-generated"] - ["org.apache.commons.io", "IOUtils", true, "copy", "(URL,File)", "", "Argument[1]", "path-injection", "df-generated"] - - ["org.apache.commons.io", "IOUtils", true, "copy", "(URL,OutputStream)", "", "Argument[0]", "open-url", "df-generated"] - - ["org.apache.commons.io", "IOUtils", true, "toByteArray", "(URI)", "", "Argument[0]", "open-url", "df-generated"] - - ["org.apache.commons.io", "IOUtils", true, "toByteArray", "(URL)", "", "Argument[0]", "open-url", "df-generated"] - - ["org.apache.commons.io", "IOUtils", true, "toString", "(URI)", "", "Argument[0]", "open-url", "df-generated"] - - ["org.apache.commons.io", "IOUtils", true, "toString", "(URI,Charset)", "", "Argument[0]", "open-url", "df-generated"] - - ["org.apache.commons.io", "IOUtils", true, "toString", "(URI,String)", "", "Argument[0]", "open-url", "df-generated"] - - ["org.apache.commons.io", "IOUtils", true, "toString", "(URL)", "", "Argument[0]", "open-url", "df-generated"] - - ["org.apache.commons.io", "IOUtils", true, "toString", "(URL,Charset)", "", "Argument[0]", "open-url", "df-generated"] - - ["org.apache.commons.io", "IOUtils", true, "toString", "(URL,String)", "", "Argument[0]", "open-url", "df-generated"] + - ["org.apache.commons.io", "IOUtils", true, "copy", "(URL,OutputStream)", "", "Argument[0]", "request-forgery", "df-generated"] + - ["org.apache.commons.io", "IOUtils", true, "toByteArray", "(URI)", "", "Argument[0]", "request-forgery", "df-generated"] + - ["org.apache.commons.io", "IOUtils", true, "toByteArray", "(URL)", "", "Argument[0]", "request-forgery", "df-generated"] + - ["org.apache.commons.io", "IOUtils", true, "toString", "(URI)", "", "Argument[0]", "request-forgery", "df-generated"] + - ["org.apache.commons.io", "IOUtils", true, "toString", "(URI,Charset)", "", "Argument[0]", "request-forgery", "df-generated"] + - ["org.apache.commons.io", "IOUtils", true, "toString", "(URI,String)", "", "Argument[0]", "request-forgery", "df-generated"] + - ["org.apache.commons.io", "IOUtils", true, "toString", "(URL)", "", "Argument[0]", "request-forgery", "df-generated"] + - ["org.apache.commons.io", "IOUtils", true, "toString", "(URL,Charset)", "", "Argument[0]", "request-forgery", "df-generated"] + - ["org.apache.commons.io", "IOUtils", true, "toString", "(URL,String)", "", "Argument[0]", "request-forgery", "df-generated"] - ["org.apache.commons.io", "RandomAccessFileMode", false, "create", "(File)", "", "Argument[0]", "path-injection", "df-generated"] - ["org.apache.commons.io", "RandomAccessFileMode", false, "create", "(Path)", "", "Argument[0]", "path-injection", "df-generated"] - ["org.apache.commons.io", "RandomAccessFileMode", false, "create", "(String)", "", "Argument[0]", "path-injection", "df-generated"] diff --git a/java/ql/lib/ext/hudson.cli.model.yml b/java/ql/lib/ext/hudson.cli.model.yml index b0d3d3a19ff..6b962143625 100644 --- a/java/ql/lib/ext/hudson.cli.model.yml +++ b/java/ql/lib/ext/hudson.cli.model.yml @@ -3,5 +3,5 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["hudson.cli", "FullDuplexHttpStream", True, "FullDuplexHttpStream", "(URL,String,String)", "", "Argument[0]", "open-url", "ai-manual"] - - ["hudson.cli", "FullDuplexHttpStream", True, "FullDuplexHttpStream", "(URL,String,String)", "", "Argument[1]", "open-url", "manual"] + - ["hudson.cli", "FullDuplexHttpStream", True, "FullDuplexHttpStream", "(URL,String,String)", "", "Argument[0]", "request-forgery", "ai-manual"] + - ["hudson.cli", "FullDuplexHttpStream", True, "FullDuplexHttpStream", "(URL,String,String)", "", "Argument[1]", "request-forgery", "manual"] diff --git a/java/ql/lib/ext/hudson.model.model.yml b/java/ql/lib/ext/hudson.model.model.yml index 2b5423961e3..023265b2c3d 100644 --- a/java/ql/lib/ext/hudson.model.model.yml +++ b/java/ql/lib/ext/hudson.model.model.yml @@ -3,11 +3,11 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["hudson.model", "DownloadService", True, "loadJSON", "(URL)", "", "Argument[0]", "open-url", "ai-manual"] - - ["hudson.model", "DownloadService", True, "loadJSONHTML", "(URL)", "", "Argument[0]", "open-url", "ai-manual"] + - ["hudson.model", "DownloadService", True, "loadJSON", "(URL)", "", "Argument[0]", "request-forgery", "ai-manual"] + - ["hudson.model", "DownloadService", True, "loadJSONHTML", "(URL)", "", "Argument[0]", "request-forgery", "ai-manual"] - ["hudson.model", "DirectoryBrowserSupport", False, "DirectoryBrowserSupport", "(ModelObject,FilePath,String,String,boolean)", "", "Argument[1]", "path-injection", "ai-manual"] - ["hudson.model", "Items", True, "load", "(ItemGroup,File)", "", "Argument[1]", "path-injection", "ai-manual"] - - ["hudson.model", "UpdateCenter$UpdateCenterConfiguration", True, "download", "(DownloadJob,URL)", "", "Argument[1]", "open-url", "ai-manual"] + - ["hudson.model", "UpdateCenter$UpdateCenterConfiguration", True, "download", "(DownloadJob,URL)", "", "Argument[1]", "request-forgery", "ai-manual"] - ["hudson.model", "UpdateCenter$UpdateCenterConfiguration", True, "install", "(DownloadJob,File,File)", "", "Argument[1]", "path-injection", "ai-manual"] - ["hudson.model", "UpdateCenter$UpdateCenterConfiguration", True, "install", "(DownloadJob,File,File)", "", "Argument[2]", "path-injection", "ai-manual"] - addsTo: diff --git a/java/ql/lib/ext/hudson.model.yml b/java/ql/lib/ext/hudson.model.yml index 43955cb22f0..5ba20fce0c6 100644 --- a/java/ql/lib/ext/hudson.model.yml +++ b/java/ql/lib/ext/hudson.model.yml @@ -12,7 +12,7 @@ extensions: - ["hudson", "FilePath", False, "copyRecursiveTo", "(String,String,FilePath)", "", "Argument[0]", "path-injection", "ai-manual"] - ["hudson", "FilePath", False, "copyRecursiveTo", "(String,String,FilePath)", "", "Argument[2]", "path-injection", "ai-manual"] - ["hudson", "FilePath", False, "copyTo", "(FilePath)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["hudson", "FilePath", False, "installIfNecessaryFrom", "(URL,TaskListener,String)", "", "Argument[0]", "open-url", "ai-manual"] + - ["hudson", "FilePath", False, "installIfNecessaryFrom", "(URL,TaskListener,String)", "", "Argument[0]", "request-forgery", "ai-manual"] - ["hudson", "FilePath", False, "newInputStreamDenyingSymlinkAsNeeded", "(File,String,boolean)", "", "Argument[0]", "path-injection", "ai-manual"] - addsTo: pack: codeql/java-all diff --git a/java/ql/lib/ext/io.netty.bootstrap.model.yml b/java/ql/lib/ext/io.netty.bootstrap.model.yml index f38329a8bad..e07853583f7 100644 --- a/java/ql/lib/ext/io.netty.bootstrap.model.yml +++ b/java/ql/lib/ext/io.netty.bootstrap.model.yml @@ -3,6 +3,6 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["io.netty.bootstrap", "Bootstrap", True, "connect", "(InetAddress,int)", "", "Argument[0]", "open-url", "ai-manual"] - - ["io.netty.bootstrap", "Bootstrap", True, "connect", "(SocketAddress)", "", "Argument[0]", "open-url", "ai-manual"] - - ["io.netty.bootstrap", "Bootstrap", True, "connect", "(String,int)", "", "Argument[0]", "open-url", "ai-manual"] + - ["io.netty.bootstrap", "Bootstrap", True, "connect", "(InetAddress,int)", "", "Argument[0]", "request-forgery", "ai-manual"] + - ["io.netty.bootstrap", "Bootstrap", True, "connect", "(SocketAddress)", "", "Argument[0]", "request-forgery", "ai-manual"] + - ["io.netty.bootstrap", "Bootstrap", True, "connect", "(String,int)", "", "Argument[0]", "request-forgery", "ai-manual"] diff --git a/java/ql/lib/ext/io.netty.channel.model.yml b/java/ql/lib/ext/io.netty.channel.model.yml index e06a3e0a582..38bdb84786a 100644 --- a/java/ql/lib/ext/io.netty.channel.model.yml +++ b/java/ql/lib/ext/io.netty.channel.model.yml @@ -3,15 +3,15 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["io.netty.channel", "Channel$Unsafe", True, "connect", "(SocketAddress,SocketAddress,ChannelPromise)", "", "Argument[0]", "open-url", "ai-manual"] - - ["io.netty.channel", "ChannelDuplexHandler", True, "connect", "(ChannelHandlerContext,SocketAddress,SocketAddress,ChannelPromise)", "", "Argument[1]", "open-url", "ai-manual"] - - ["io.netty.channel", "ChannelOutboundHandlerAdapter", True, "connect", "(ChannelHandlerContext,SocketAddress,SocketAddress,ChannelPromise)", "", "Argument[1]", "open-url", "ai-manual"] - - ["io.netty.channel", "ChannelOutboundInvoker", True, "connect", "(SocketAddress,ChannelPromise)", "", "Argument[0]", "open-url", "ai-manual"] - - ["io.netty.channel", "ChannelOutboundInvoker", True, "connect", "(SocketAddress,SocketAddress,ChannelPromise)", "", "Argument[0]", "open-url", "ai-manual"] - - ["io.netty.channel", "ChannelOutboundInvoker", True, "connect", "(SocketAddress)", "", "Argument[0]", "open-url", "ai-manual"] - - ["io.netty.channel", "DefaultChannelPipeline", False, "connect", "(SocketAddress,ChannelPromise)", "", "Argument[0]", "open-url", "ai-manual"] - - ["io.netty.channel", "DefaultChannelPipeline", False, "connect", "(SocketAddress,SocketAddress,ChannelPromise)", "", "Argument[0]", "open-url", "ai-manual"] - - ["io.netty.channel", "DefaultChannelPipeline", False, "connect", "(SocketAddress,SocketAddress)", "", "Argument[0]", "open-url", "ai-manual"] + - ["io.netty.channel", "Channel$Unsafe", True, "connect", "(SocketAddress,SocketAddress,ChannelPromise)", "", "Argument[0]", "request-forgery", "ai-manual"] + - ["io.netty.channel", "ChannelDuplexHandler", True, "connect", "(ChannelHandlerContext,SocketAddress,SocketAddress,ChannelPromise)", "", "Argument[1]", "request-forgery", "ai-manual"] + - ["io.netty.channel", "ChannelOutboundHandlerAdapter", True, "connect", "(ChannelHandlerContext,SocketAddress,SocketAddress,ChannelPromise)", "", "Argument[1]", "request-forgery", "ai-manual"] + - ["io.netty.channel", "ChannelOutboundInvoker", True, "connect", "(SocketAddress,ChannelPromise)", "", "Argument[0]", "request-forgery", "ai-manual"] + - ["io.netty.channel", "ChannelOutboundInvoker", True, "connect", "(SocketAddress,SocketAddress,ChannelPromise)", "", "Argument[0]", "request-forgery", "ai-manual"] + - ["io.netty.channel", "ChannelOutboundInvoker", True, "connect", "(SocketAddress)", "", "Argument[0]", "request-forgery", "ai-manual"] + - ["io.netty.channel", "DefaultChannelPipeline", False, "connect", "(SocketAddress,ChannelPromise)", "", "Argument[0]", "request-forgery", "ai-manual"] + - ["io.netty.channel", "DefaultChannelPipeline", False, "connect", "(SocketAddress,SocketAddress,ChannelPromise)", "", "Argument[0]", "request-forgery", "ai-manual"] + - ["io.netty.channel", "DefaultChannelPipeline", False, "connect", "(SocketAddress,SocketAddress)", "", "Argument[0]", "request-forgery", "ai-manual"] - addsTo: pack: codeql/java-all extensible: sourceModel diff --git a/java/ql/lib/ext/io.netty.handler.codec.http.model.yml b/java/ql/lib/ext/io.netty.handler.codec.http.model.yml index 2912bdce85a..f9ec6702ff9 100644 --- a/java/ql/lib/ext/io.netty.handler.codec.http.model.yml +++ b/java/ql/lib/ext/io.netty.handler.codec.http.model.yml @@ -3,9 +3,9 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["io.netty.handler.codec.http", "DefaultFullHttpRequest", True, "DefaultFullHttpRequest", "(HttpVersion,HttpMethod,String,ByteBuf)", "", "Argument[2]", "open-url", "ai-manual"] - - ["io.netty.handler.codec.http", "DefaultHttpRequest", True, "DefaultHttpRequest", "(HttpVersion,HttpMethod,String)", "", "Argument[2]", "open-url", "ai-manual"] - - ["io.netty.handler.codec.http", "HttpRequest", True, "setUri", "", "", "Argument[0]", "open-url", "manual"] + - ["io.netty.handler.codec.http", "DefaultFullHttpRequest", True, "DefaultFullHttpRequest", "(HttpVersion,HttpMethod,String,ByteBuf)", "", "Argument[2]", "request-forgery", "ai-manual"] + - ["io.netty.handler.codec.http", "DefaultHttpRequest", True, "DefaultHttpRequest", "(HttpVersion,HttpMethod,String)", "", "Argument[2]", "request-forgery", "ai-manual"] + - ["io.netty.handler.codec.http", "HttpRequest", True, "setUri", "", "", "Argument[0]", "request-forgery", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/io.netty.util.internal.model.yml b/java/ql/lib/ext/io.netty.util.internal.model.yml index d705873cc55..7852b8b9e32 100644 --- a/java/ql/lib/ext/io.netty.util.internal.model.yml +++ b/java/ql/lib/ext/io.netty.util.internal.model.yml @@ -4,7 +4,7 @@ extensions: extensible: sinkModel data: - ["io.netty.util.internal", "PlatformDependent", False, "createTempFile", "(String,String,File)", "", "Argument[2]", "path-injection", "ai-manual"] - - ["io.netty.util.internal", "SocketUtils", False, "connect", "(Socket,SocketAddress,int)", "", "Argument[1]", "open-url", "ai-manual"] + - ["io.netty.util.internal", "SocketUtils", False, "connect", "(Socket,SocketAddress,int)", "", "Argument[1]", "request-forgery", "ai-manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/jakarta.ws.rs.client.model.yml b/java/ql/lib/ext/jakarta.ws.rs.client.model.yml index 821ea0ad640..0460c09dc3c 100644 --- a/java/ql/lib/ext/jakarta.ws.rs.client.model.yml +++ b/java/ql/lib/ext/jakarta.ws.rs.client.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["jakarta.ws.rs.client", "Client", True, "target", "", "", "Argument[0]", "open-url", "manual"] + - ["jakarta.ws.rs.client", "Client", True, "target", "", "", "Argument[0]", "request-forgery", "manual"] diff --git a/java/ql/lib/ext/java.net.http.model.yml b/java/ql/lib/ext/java.net.http.model.yml index d967f46494b..9fc18d2eaab 100644 --- a/java/ql/lib/ext/java.net.http.model.yml +++ b/java/ql/lib/ext/java.net.http.model.yml @@ -8,5 +8,5 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["java.net.http", "HttpRequest", False, "newBuilder", "", "", "Argument[0]", "open-url", "manual"] - - ["java.net.http", "HttpRequest$Builder", False, "uri", "", "", "Argument[0]", "open-url", "manual"] + - ["java.net.http", "HttpRequest", False, "newBuilder", "", "", "Argument[0]", "request-forgery", "manual"] + - ["java.net.http", "HttpRequest$Builder", False, "uri", "", "", "Argument[0]", "request-forgery", "manual"] diff --git a/java/ql/lib/ext/java.net.model.yml b/java/ql/lib/ext/java.net.model.yml index 9ab8c663506..39a4c484112 100644 --- a/java/ql/lib/ext/java.net.model.yml +++ b/java/ql/lib/ext/java.net.model.yml @@ -9,22 +9,22 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["java.net", "DatagramSocket", True, "connect", "(SocketAddress)", "", "Argument[0]", "open-url", "ai-manual"] - - ["java.net", "Socket", True, "Socket", "(String,int)", "", "Argument[0]", "open-url", "ai-manual"] - - ["java.net", "URL", False, "openConnection", "", "", "Argument[this]", "open-url", "manual"] - - ["java.net", "URL", False, "openConnection", "(Proxy)", "", "Argument[0]", "open-url", "ai-manual"] - - ["java.net", "URL", False, "openStream", "", "", "Argument[this]", "open-url", "manual"] - - ["java.net", "URLClassLoader", False, "URLClassLoader", "(String,URL[],ClassLoader)", "", "Argument[1]", "open-url", "manual"] - - ["java.net", "URLClassLoader", False, "URLClassLoader", "(String,URL[],ClassLoader,URLStreamHandlerFactory)", "", "Argument[1]", "open-url", "manual"] - - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[])", "", "Argument[0]", "open-url", "manual"] - - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[],ClassLoader)", "", "Argument[0]", "open-url", "manual"] - - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[],ClassLoader,URLStreamHandlerFactory)", "", "Argument[0]", "open-url", "manual"] - - ["java.net", "URLClassLoader", False, "newInstance", "", "", "Argument[0]", "open-url", "manual"] - - ["java.net", "URLClassLoader", False, "URLClassLoader", "(String,URL[],ClassLoader,URLStreamHandlerFactory)", "", "Argument[1]", "open-url", "manual"] - - ["java.net", "URLClassLoader", False, "URLClassLoader", "(String,URL[],ClassLoader)", "", "Argument[1]", "open-url", "manual"] - - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[],ClassLoader,URLStreamHandlerFactory)", "", "Argument[0]", "open-url", "manual"] - - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[],ClassLoader)", "", "Argument[0]", "open-url", "manual"] - - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[])", "", "Argument[0]", "open-url", "manual"] + - ["java.net", "DatagramSocket", True, "connect", "(SocketAddress)", "", "Argument[0]", "request-forgery", "ai-manual"] + - ["java.net", "Socket", True, "Socket", "(String,int)", "", "Argument[0]", "request-forgery", "ai-manual"] + - ["java.net", "URL", False, "openConnection", "", "", "Argument[this]", "request-forgery", "manual"] + - ["java.net", "URL", False, "openConnection", "(Proxy)", "", "Argument[0]", "request-forgery", "ai-manual"] + - ["java.net", "URL", False, "openStream", "", "", "Argument[this]", "request-forgery", "manual"] + - ["java.net", "URLClassLoader", False, "URLClassLoader", "(String,URL[],ClassLoader)", "", "Argument[1]", "request-forgery", "manual"] + - ["java.net", "URLClassLoader", False, "URLClassLoader", "(String,URL[],ClassLoader,URLStreamHandlerFactory)", "", "Argument[1]", "request-forgery", "manual"] + - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[])", "", "Argument[0]", "request-forgery", "manual"] + - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[],ClassLoader)", "", "Argument[0]", "request-forgery", "manual"] + - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[],ClassLoader,URLStreamHandlerFactory)", "", "Argument[0]", "request-forgery", "manual"] + - ["java.net", "URLClassLoader", False, "newInstance", "", "", "Argument[0]", "request-forgery", "manual"] + - ["java.net", "URLClassLoader", False, "URLClassLoader", "(String,URL[],ClassLoader,URLStreamHandlerFactory)", "", "Argument[1]", "request-forgery", "manual"] + - ["java.net", "URLClassLoader", False, "URLClassLoader", "(String,URL[],ClassLoader)", "", "Argument[1]", "request-forgery", "manual"] + - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[],ClassLoader,URLStreamHandlerFactory)", "", "Argument[0]", "request-forgery", "manual"] + - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[],ClassLoader)", "", "Argument[0]", "request-forgery", "manual"] + - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[])", "", "Argument[0]", "request-forgery", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/java.sql.model.yml b/java/ql/lib/ext/java.sql.model.yml index ec0aa84fd21..c93a89cfd2c 100644 --- a/java/ql/lib/ext/java.sql.model.yml +++ b/java/ql/lib/ext/java.sql.model.yml @@ -7,10 +7,10 @@ extensions: - ["java.sql", "Connection", True, "prepareStatement", "", "", "Argument[0]", "sql-injection", "manual"] - ["java.sql", "DatabaseMetaData", True, "getColumns", "(String,String,String,String)", "", "Argument[2]", "sql-injection", "ai-manual"] - ["java.sql", "DatabaseMetaData", True, "getPrimaryKeys", "(String,String,String)", "", "Argument[2]", "sql-injection", "ai-manual"] - - ["java.sql", "Driver", False, "connect", "(String,Properties)", "", "Argument[0]", "jdbc-url", "manual"] - - ["java.sql", "DriverManager", False, "getConnection", "(String)", "", "Argument[0]", "jdbc-url", "manual"] - - ["java.sql", "DriverManager", False, "getConnection", "(String,Properties)", "", "Argument[0]", "jdbc-url", "manual"] - - ["java.sql", "DriverManager", False, "getConnection", "(String,String,String)", "", "Argument[0]", "jdbc-url", "manual"] + - ["java.sql", "Driver", False, "connect", "(String,Properties)", "", "Argument[0]", "request-forgery", "manual"] + - ["java.sql", "DriverManager", False, "getConnection", "(String)", "", "Argument[0]", "request-forgery", "manual"] + - ["java.sql", "DriverManager", False, "getConnection", "(String,Properties)", "", "Argument[0]", "request-forgery", "manual"] + - ["java.sql", "DriverManager", False, "getConnection", "(String,String,String)", "", "Argument[0]", "request-forgery", "manual"] - ["java.sql", "Statement", True, "addBatch", "", "", "Argument[0]", "sql-injection", "manual"] - ["java.sql", "Statement", True, "execute", "", "", "Argument[0]", "sql-injection", "manual"] - ["java.sql", "Statement", True, "executeLargeUpdate", "", "", "Argument[0]", "sql-injection", "manual"] diff --git a/java/ql/lib/ext/javafx.scene.web.model.yml b/java/ql/lib/ext/javafx.scene.web.model.yml index 64f8eea916b..78d1a00dfde 100644 --- a/java/ql/lib/ext/javafx.scene.web.model.yml +++ b/java/ql/lib/ext/javafx.scene.web.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["javafx.scene.web", "WebEngine", False, "load", "(String)", "", "Argument[0]", "open-url", "ai-manual"] + - ["javafx.scene.web", "WebEngine", False, "load", "(String)", "", "Argument[0]", "request-forgery", "ai-manual"] diff --git a/java/ql/lib/ext/javax.ws.rs.client.model.yml b/java/ql/lib/ext/javax.ws.rs.client.model.yml index 0a5a01c3338..e9855623951 100644 --- a/java/ql/lib/ext/javax.ws.rs.client.model.yml +++ b/java/ql/lib/ext/javax.ws.rs.client.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["javax.ws.rs.client", "Client", True, "target", "", "", "Argument[0]", "open-url", "manual"] + - ["javax.ws.rs.client", "Client", True, "target", "", "", "Argument[0]", "request-forgery", "manual"] diff --git a/java/ql/lib/ext/okhttp3.model.yml b/java/ql/lib/ext/okhttp3.model.yml index d5f38bcee57..2368292dab7 100644 --- a/java/ql/lib/ext/okhttp3.model.yml +++ b/java/ql/lib/ext/okhttp3.model.yml @@ -3,10 +3,10 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["okhttp3", "OkHttpClient", True, "newCall", "(Request)", "", "Argument[0]", "open-url", "ai-manual"] - - ["okhttp3", "OkHttpClient", True, "newWebSocket", "(Request,WebSocketListener)", "", "Argument[0]", "open-url", "ai-manual"] - - ["okhttp3", "Request", True, "Request", "", "", "Argument[0]", "open-url", "manual"] - - ["okhttp3", "Request$Builder", True, "url", "", "", "Argument[0]", "open-url", "manual"] + - ["okhttp3", "OkHttpClient", True, "newCall", "(Request)", "", "Argument[0]", "request-forgery", "ai-manual"] + - ["okhttp3", "OkHttpClient", True, "newWebSocket", "(Request,WebSocketListener)", "", "Argument[0]", "request-forgery", "ai-manual"] + - ["okhttp3", "Request", True, "Request", "", "", "Argument[0]", "request-forgery", "manual"] + - ["okhttp3", "Request$Builder", True, "url", "", "", "Argument[0]", "request-forgery", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/org.apache.commons.jelly.model.yml b/java/ql/lib/ext/org.apache.commons.jelly.model.yml index 0669f6744b9..ef9e48d041a 100644 --- a/java/ql/lib/ext/org.apache.commons.jelly.model.yml +++ b/java/ql/lib/ext/org.apache.commons.jelly.model.yml @@ -3,9 +3,9 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.commons.jelly", "JellyContext", True, "JellyContext", "(JellyContext,URL,URL)", "", "Argument[1]", "open-url", "ai-manual"] - - ["org.apache.commons.jelly", "JellyContext", True, "JellyContext", "(JellyContext,URL,URL)", "", "Argument[2]", "open-url", "ai-manual"] - - ["org.apache.commons.jelly", "JellyContext", True, "JellyContext", "(JellyContext,URL)", "", "Argument[1]", "open-url", "ai-manual"] - - ["org.apache.commons.jelly", "JellyContext", True, "JellyContext", "(URL,URL)", "", "Argument[0]", "open-url", "ai-manual"] - - ["org.apache.commons.jelly", "JellyContext", True, "JellyContext", "(URL,URL)", "", "Argument[1]", "open-url", "ai-manual"] - - ["org.apache.commons.jelly", "JellyContext", True, "JellyContext", "(URL)", "", "Argument[0]", "open-url", "ai-manual"] + - ["org.apache.commons.jelly", "JellyContext", True, "JellyContext", "(JellyContext,URL,URL)", "", "Argument[1]", "request-forgery", "ai-manual"] + - ["org.apache.commons.jelly", "JellyContext", True, "JellyContext", "(JellyContext,URL,URL)", "", "Argument[2]", "request-forgery", "ai-manual"] + - ["org.apache.commons.jelly", "JellyContext", True, "JellyContext", "(JellyContext,URL)", "", "Argument[1]", "request-forgery", "ai-manual"] + - ["org.apache.commons.jelly", "JellyContext", True, "JellyContext", "(URL,URL)", "", "Argument[0]", "request-forgery", "ai-manual"] + - ["org.apache.commons.jelly", "JellyContext", True, "JellyContext", "(URL,URL)", "", "Argument[1]", "request-forgery", "ai-manual"] + - ["org.apache.commons.jelly", "JellyContext", True, "JellyContext", "(URL)", "", "Argument[0]", "request-forgery", "ai-manual"] diff --git a/java/ql/lib/ext/org.apache.hc.client5.http.async.methods.model.yml b/java/ql/lib/ext/org.apache.hc.client5.http.async.methods.model.yml index 0b0e040c054..17498977d8d 100644 --- a/java/ql/lib/ext/org.apache.hc.client5.http.async.methods.model.yml +++ b/java/ql/lib/ext/org.apache.hc.client5.http.async.methods.model.yml @@ -3,87 +3,87 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "create", "(Method,HttpHost,String)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "create", "(Method,String)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "create", "(Method,URI)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "create", "(String,String)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "create", "(String,URI)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "delete", "(HttpHost,String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "delete", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "delete", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "get", "(HttpHost,String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "get", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "get", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "head", "(HttpHost,String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "head", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "head", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "options", "(HttpHost,String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "options", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "options", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "patch", "(HttpHost,String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "patch", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "patch", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "post", "(HttpHost,String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "post", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "post", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "put", "(HttpHost,String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "put", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "put", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "trace", "(HttpHost,String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "trace", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "trace", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "ConfigurableHttpRequest", True, "ConfigurableHttpRequest", "(String,HttpHost,String)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "ConfigurableHttpRequest", True, "ConfigurableHttpRequest", "(String,URI)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "SimpleHttpRequest", "(Method,HttpHost,String)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "SimpleHttpRequest", "(Method,URI)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "SimpleHttpRequest", "(String,HttpHost,String)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "SimpleHttpRequest", "(String,URI)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "create", "(Method,HttpHost,String)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "create", "(Method,URI)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "create", "(String,String)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "create", "(String,URI)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "create", "(Method,HttpHost,String)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "create", "(Method,String)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "create", "(Method,URI)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "create", "(String,String)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "create", "(String,URI)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "delete", "(HttpHost,String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "delete", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "delete", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "get", "(HttpHost,String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "get", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "get", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "head", "(HttpHost,String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "head", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "head", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "options", "(HttpHost,String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "options", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "options", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "patch", "(HttpHost,String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "patch", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "patch", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "post", "(HttpHost,String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "post", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "post", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "put", "(HttpHost,String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "put", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "put", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "trace", "(HttpHost,String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "trace", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "trace", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "delete", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "delete", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "get", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "get", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "head", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "head", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "options", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "options", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "patch", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "patch", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "post", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "post", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "put", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "put", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "trace", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "trace", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "create", "(Method,HttpHost,String)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "create", "(Method,String)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "create", "(Method,URI)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "create", "(String,String)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "create", "(String,URI)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "delete", "(HttpHost,String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "delete", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "delete", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "get", "(HttpHost,String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "get", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "get", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "head", "(HttpHost,String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "head", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "head", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "options", "(HttpHost,String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "options", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "options", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "patch", "(HttpHost,String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "patch", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "patch", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "post", "(HttpHost,String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "post", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "post", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "put", "(HttpHost,String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "put", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "put", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "trace", "(HttpHost,String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "trace", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "trace", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "ConfigurableHttpRequest", True, "ConfigurableHttpRequest", "(String,HttpHost,String)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "ConfigurableHttpRequest", True, "ConfigurableHttpRequest", "(String,URI)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "SimpleHttpRequest", "(Method,HttpHost,String)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "SimpleHttpRequest", "(Method,URI)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "SimpleHttpRequest", "(String,HttpHost,String)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "SimpleHttpRequest", "(String,URI)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "create", "(Method,HttpHost,String)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "create", "(Method,URI)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "create", "(String,String)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "create", "(String,URI)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "create", "(Method,HttpHost,String)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "create", "(Method,String)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "create", "(Method,URI)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "create", "(String,String)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "create", "(String,URI)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "delete", "(HttpHost,String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "delete", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "delete", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "get", "(HttpHost,String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "get", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "get", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "head", "(HttpHost,String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "head", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "head", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "options", "(HttpHost,String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "options", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "options", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "patch", "(HttpHost,String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "patch", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "patch", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "post", "(HttpHost,String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "post", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "post", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "put", "(HttpHost,String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "put", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "put", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "trace", "(HttpHost,String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "trace", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "trace", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "delete", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "delete", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "get", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "get", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "head", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "head", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "options", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "options", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "patch", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "patch", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "post", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "post", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "put", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "put", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "trace", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "trace", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] diff --git a/java/ql/lib/ext/org.apache.hc.client5.http.classic.methods.model.yml b/java/ql/lib/ext/org.apache.hc.client5.http.classic.methods.model.yml index 513a4e7eb7a..8b360282cec 100644 --- a/java/ql/lib/ext/org.apache.hc.client5.http.classic.methods.model.yml +++ b/java/ql/lib/ext/org.apache.hc.client5.http.classic.methods.model.yml @@ -3,40 +3,40 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "create", "(Method,String)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "create", "(Method,URI)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "create", "(String,String)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "create", "(String,URI)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "delete", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "delete", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "get", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "get", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "head", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "head", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "options", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "options", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "patch", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "patch", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "post", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "post", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "put", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "put", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "trace", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "trace", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "HttpDelete", True, "HttpDelete", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "HttpDelete", True, "HttpDelete", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "HttpGet", True, "HttpGet", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "HttpGet", True, "HttpGet", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "HttpHead", True, "HttpHead", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "HttpHead", True, "HttpHead", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "HttpOptions", True, "HttpOptions", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "HttpOptions", True, "HttpOptions", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "HttpPatch", True, "HttpPatch", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "HttpPatch", True, "HttpPatch", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "HttpPost", True, "HttpPost", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "HttpPost", True, "HttpPost", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "HttpPut", True, "HttpPut", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "HttpPut", True, "HttpPut", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "HttpTrace", True, "HttpTrace", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "HttpTrace", True, "HttpTrace", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.classic.methods", "HttpUriRequestBase", True, "HttpUriRequestBase", "(String,URI)", "", "Argument[1]", "open-url", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "create", "(Method,String)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "create", "(Method,URI)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "create", "(String,String)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "create", "(String,URI)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "delete", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "delete", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "get", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "get", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "head", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "head", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "options", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "options", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "patch", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "patch", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "post", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "post", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "put", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "put", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "trace", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "ClassicHttpRequests", True, "trace", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "HttpDelete", True, "HttpDelete", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "HttpDelete", True, "HttpDelete", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "HttpGet", True, "HttpGet", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "HttpGet", True, "HttpGet", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "HttpHead", True, "HttpHead", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "HttpHead", True, "HttpHead", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "HttpOptions", True, "HttpOptions", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "HttpOptions", True, "HttpOptions", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "HttpPatch", True, "HttpPatch", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "HttpPatch", True, "HttpPatch", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "HttpPost", True, "HttpPost", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "HttpPost", True, "HttpPost", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "HttpPut", True, "HttpPut", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "HttpPut", True, "HttpPut", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "HttpTrace", True, "HttpTrace", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "HttpTrace", True, "HttpTrace", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.classic.methods", "HttpUriRequestBase", True, "HttpUriRequestBase", "(String,URI)", "", "Argument[1]", "request-forgery", "hq-manual"] diff --git a/java/ql/lib/ext/org.apache.hc.client5.http.fluent.model.yml b/java/ql/lib/ext/org.apache.hc.client5.http.fluent.model.yml index ce3b5567b7b..ff25f6c43a3 100644 --- a/java/ql/lib/ext/org.apache.hc.client5.http.fluent.model.yml +++ b/java/ql/lib/ext/org.apache.hc.client5.http.fluent.model.yml @@ -3,22 +3,22 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.hc.client5.http.fluent", "Request", True, "create", "(Method,URI)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.fluent", "Request", True, "create", "(String,String)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.fluent", "Request", True, "create", "(String,URI)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.fluent", "Request", True, "delete", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.fluent", "Request", True, "delete", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.fluent", "Request", True, "get", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.fluent", "Request", True, "get", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.fluent", "Request", True, "head", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.fluent", "Request", True, "head", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.fluent", "Request", True, "options", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.fluent", "Request", True, "options", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.fluent", "Request", True, "patch", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.fluent", "Request", True, "patch", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.fluent", "Request", True, "post", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.fluent", "Request", True, "post", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.fluent", "Request", True, "put", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.fluent", "Request", True, "put", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.fluent", "Request", True, "trace", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.client5.http.fluent", "Request", True, "trace", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] + - ["org.apache.hc.client5.http.fluent", "Request", True, "create", "(Method,URI)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.fluent", "Request", True, "create", "(String,String)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.fluent", "Request", True, "create", "(String,URI)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.fluent", "Request", True, "delete", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.fluent", "Request", True, "delete", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.fluent", "Request", True, "get", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.fluent", "Request", True, "get", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.fluent", "Request", True, "head", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.fluent", "Request", True, "head", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.fluent", "Request", True, "options", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.fluent", "Request", True, "options", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.fluent", "Request", True, "patch", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.fluent", "Request", True, "patch", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.fluent", "Request", True, "post", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.fluent", "Request", True, "post", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.fluent", "Request", True, "put", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.fluent", "Request", True, "put", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.fluent", "Request", True, "trace", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.client5.http.fluent", "Request", True, "trace", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] diff --git a/java/ql/lib/ext/org.apache.hc.core5.benchmark.model.yml b/java/ql/lib/ext/org.apache.hc.core5.benchmark.model.yml index 450a46cd1ec..0143a0a68ab 100644 --- a/java/ql/lib/ext/org.apache.hc.core5.benchmark.model.yml +++ b/java/ql/lib/ext/org.apache.hc.core5.benchmark.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.hc.core5.benchmark", "BenchmarkConfig$Builder", True, "setUri", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] + - ["org.apache.hc.core5.benchmark", "BenchmarkConfig$Builder", True, "setUri", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] diff --git a/java/ql/lib/ext/org.apache.hc.core5.http.impl.bootstrap.model.yml b/java/ql/lib/ext/org.apache.hc.core5.http.impl.bootstrap.model.yml index c9515372645..280cf49b175 100644 --- a/java/ql/lib/ext/org.apache.hc.core5.http.impl.bootstrap.model.yml +++ b/java/ql/lib/ext/org.apache.hc.core5.http.impl.bootstrap.model.yml @@ -3,5 +3,5 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.hc.core5.http.impl.bootstrap", "HttpAsyncRequester", True, "connect", "(HttpHost,Timeout)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.impl.bootstrap", "HttpAsyncRequester", True, "connect", "(HttpHost,Timeout,Object,FutureCallback)", "", "Argument[0]", "open-url", "hq-manual"] + - ["org.apache.hc.core5.http.impl.bootstrap", "HttpAsyncRequester", True, "connect", "(HttpHost,Timeout)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.impl.bootstrap", "HttpAsyncRequester", True, "connect", "(HttpHost,Timeout,Object,FutureCallback)", "", "Argument[0]", "request-forgery", "hq-manual"] diff --git a/java/ql/lib/ext/org.apache.hc.core5.http.io.support.model.yml b/java/ql/lib/ext/org.apache.hc.core5.http.io.support.model.yml index 86d55853d8f..1f602d987cc 100644 --- a/java/ql/lib/ext/org.apache.hc.core5.http.io.support.model.yml +++ b/java/ql/lib/ext/org.apache.hc.core5.http.io.support.model.yml @@ -3,19 +3,19 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "delete", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "delete", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "get", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "get", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "head", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "head", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "options", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "options", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "patch", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "patch", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "post", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "post", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "put", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "put", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "trace", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "trace", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] + - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "delete", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "delete", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "get", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "get", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "head", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "head", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "options", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "options", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "patch", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "patch", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "post", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "post", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "put", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "put", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "trace", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "trace", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] diff --git a/java/ql/lib/ext/org.apache.hc.core5.http.message.model.yml b/java/ql/lib/ext/org.apache.hc.core5.http.message.model.yml index e8cc56f35a5..44ed7ac03c1 100644 --- a/java/ql/lib/ext/org.apache.hc.core5.http.message.model.yml +++ b/java/ql/lib/ext/org.apache.hc.core5.http.message.model.yml @@ -3,14 +3,14 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.hc.core5.http.message", "BasicClassicHttpRequest", True, "BasicClassicHttpRequest", "(Method,HttpHost,String)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.message", "BasicClassicHttpRequest", True, "BasicClassicHttpRequest", "(Method,URI)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.message", "BasicClassicHttpRequest", True, "BasicClassicHttpRequest", "(String,HttpHost,String)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.message", "BasicClassicHttpRequest", True, "BasicClassicHttpRequest", "(String,URI)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.message", "BasicHttpRequest", True, "BasicHttpRequest", "(Method,HttpHost,String)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.message", "BasicHttpRequest", True, "BasicHttpRequest", "(Method,URI)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.message", "BasicHttpRequest", True, "BasicHttpRequest", "(String,HttpHost,String)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.message", "BasicHttpRequest", True, "BasicHttpRequest", "(String,URI)", "", "Argument[1]", "open-url", "hq-manual"] + - ["org.apache.hc.core5.http.message", "BasicClassicHttpRequest", True, "BasicClassicHttpRequest", "(Method,HttpHost,String)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.message", "BasicClassicHttpRequest", True, "BasicClassicHttpRequest", "(Method,URI)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.message", "BasicClassicHttpRequest", True, "BasicClassicHttpRequest", "(String,HttpHost,String)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.message", "BasicClassicHttpRequest", True, "BasicClassicHttpRequest", "(String,URI)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.message", "BasicHttpRequest", True, "BasicHttpRequest", "(Method,HttpHost,String)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.message", "BasicHttpRequest", True, "BasicHttpRequest", "(Method,URI)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.message", "BasicHttpRequest", True, "BasicHttpRequest", "(String,HttpHost,String)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.message", "BasicHttpRequest", True, "BasicHttpRequest", "(String,URI)", "", "Argument[1]", "request-forgery", "hq-manual"] - addsTo: pack: codeql/java-all diff --git a/java/ql/lib/ext/org.apache.hc.core5.http.model.yml b/java/ql/lib/ext/org.apache.hc.core5.http.model.yml index 8922ce55637..321b4235ea8 100644 --- a/java/ql/lib/ext/org.apache.hc.core5.http.model.yml +++ b/java/ql/lib/ext/org.apache.hc.core5.http.model.yml @@ -4,9 +4,9 @@ extensions: extensible: sinkModel data: - ["org.apache.hc.core5.http", "HttpEntityContainer", True, "setEntity", "(HttpEntity)", "", "Argument[0]", "html-injection", "manual"] - - ["org.apache.hc.core5.http", "HttpRequest", True, "setUri", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http", "HttpRequestFactory", True, "newHttpRequest", "(String,String)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http", "HttpRequestFactory", True, "newHttpRequest", "(String,URI)", "", "Argument[1]", "open-url", "hq-manual"] + - ["org.apache.hc.core5.http", "HttpRequest", True, "setUri", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http", "HttpRequestFactory", True, "newHttpRequest", "(String,String)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http", "HttpRequestFactory", True, "newHttpRequest", "(String,URI)", "", "Argument[1]", "request-forgery", "hq-manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/org.apache.hc.core5.http.nio.support.model.yml b/java/ql/lib/ext/org.apache.hc.core5.http.nio.support.model.yml index 263ca830720..9d896b593c9 100644 --- a/java/ql/lib/ext/org.apache.hc.core5.http.nio.support.model.yml +++ b/java/ql/lib/ext/org.apache.hc.core5.http.nio.support.model.yml @@ -3,27 +3,27 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "delete", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "delete", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "get", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "get", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "head", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "head", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "options", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "options", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "patch", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "patch", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "post", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "post", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "put", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "put", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "trace", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "trace", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(Method,HttpHost,String)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(Method,HttpHost,String,AsyncEntityProducer)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(Method,URI)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(Method,URI,AsyncEntityProducer)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(String,HttpHost,String)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(String,HttpHost,String,AsyncEntityProducer)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(String,URI)", "", "Argument[1]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(String,URI,AsyncEntityProducer)", "", "Argument[1]", "open-url", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "delete", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "delete", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "get", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "get", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "head", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "head", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "options", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "options", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "patch", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "patch", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "post", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "post", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "put", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "put", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "trace", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "trace", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(Method,HttpHost,String)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(Method,HttpHost,String,AsyncEntityProducer)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(Method,URI)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(Method,URI,AsyncEntityProducer)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(String,HttpHost,String)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(String,HttpHost,String,AsyncEntityProducer)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(String,URI)", "", "Argument[1]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(String,URI,AsyncEntityProducer)", "", "Argument[1]", "request-forgery", "hq-manual"] diff --git a/java/ql/lib/ext/org.apache.hc.core5.http.support.model.yml b/java/ql/lib/ext/org.apache.hc.core5.http.support.model.yml index eee42d496f3..cb8d17d283a 100644 --- a/java/ql/lib/ext/org.apache.hc.core5.http.support.model.yml +++ b/java/ql/lib/ext/org.apache.hc.core5.http.support.model.yml @@ -3,22 +3,22 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.hc.core5.http.support", "AbstractRequestBuilder", True, "setHttpHost", "(HttpHost)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.support", "AbstractRequestBuilder", True, "setUri", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.support", "AbstractRequestBuilder", True, "setUri", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "delete", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "delete", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "get", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "get", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "head", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "head", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "options", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "options", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "patch", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "patch", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "post", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "post", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "put", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "put", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "trace", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "trace", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] + - ["org.apache.hc.core5.http.support", "AbstractRequestBuilder", True, "setHttpHost", "(HttpHost)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.support", "AbstractRequestBuilder", True, "setUri", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.support", "AbstractRequestBuilder", True, "setUri", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "delete", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "delete", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "get", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "get", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "head", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "head", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "options", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "options", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "patch", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "patch", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "post", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "post", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "put", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "put", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "trace", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.hc.core5.http.support", "BasicRequestBuilder", True, "trace", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] diff --git a/java/ql/lib/ext/org.apache.http.client.fluent.model.yml b/java/ql/lib/ext/org.apache.http.client.fluent.model.yml index 924ab14fc5e..dad428e4d1a 100644 --- a/java/ql/lib/ext/org.apache.http.client.fluent.model.yml +++ b/java/ql/lib/ext/org.apache.http.client.fluent.model.yml @@ -3,19 +3,19 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.http.client.fluent", "Request", True, "Delete", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.http.client.fluent", "Request", True, "Delete", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.http.client.fluent", "Request", True, "Get", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.http.client.fluent", "Request", True, "Get", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.http.client.fluent", "Request", True, "Head", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.http.client.fluent", "Request", True, "Head", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.http.client.fluent", "Request", True, "Options", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.http.client.fluent", "Request", True, "Options", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.http.client.fluent", "Request", True, "Patch", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.http.client.fluent", "Request", True, "Patch", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.http.client.fluent", "Request", True, "Post", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.http.client.fluent", "Request", True, "Post", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.http.client.fluent", "Request", True, "Put", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.http.client.fluent", "Request", True, "Put", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.http.client.fluent", "Request", True, "Trace", "(String)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.http.client.fluent", "Request", True, "Trace", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] + - ["org.apache.http.client.fluent", "Request", True, "Delete", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.http.client.fluent", "Request", True, "Delete", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.http.client.fluent", "Request", True, "Get", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.http.client.fluent", "Request", True, "Get", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.http.client.fluent", "Request", True, "Head", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.http.client.fluent", "Request", True, "Head", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.http.client.fluent", "Request", True, "Options", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.http.client.fluent", "Request", True, "Options", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.http.client.fluent", "Request", True, "Patch", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.http.client.fluent", "Request", True, "Patch", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.http.client.fluent", "Request", True, "Post", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.http.client.fluent", "Request", True, "Post", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.http.client.fluent", "Request", True, "Put", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.http.client.fluent", "Request", True, "Put", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.http.client.fluent", "Request", True, "Trace", "(String)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.http.client.fluent", "Request", True, "Trace", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] diff --git a/java/ql/lib/ext/org.apache.http.client.methods.model.yml b/java/ql/lib/ext/org.apache.http.client.methods.model.yml index 5db791422c8..4eccb08eb8c 100644 --- a/java/ql/lib/ext/org.apache.http.client.methods.model.yml +++ b/java/ql/lib/ext/org.apache.http.client.methods.model.yml @@ -3,22 +3,22 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.http.client.methods", "HttpDelete", False, "HttpDelete", "", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.http.client.methods", "HttpGet", False, "HttpGet", "", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.http.client.methods", "HttpHead", False, "HttpHead", "", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.http.client.methods", "HttpOptions", False, "HttpOptions", "", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.http.client.methods", "HttpPatch", False, "HttpPatch", "", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.http.client.methods", "HttpPost", False, "HttpPost", "", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.http.client.methods", "HttpPut", False, "HttpPut", "", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.http.client.methods", "HttpRequestBase", True, "setURI", "", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.http.client.methods", "HttpRequestWrapper", True, "setURI", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] - - ["org.apache.http.client.methods", "HttpTrace", False, "HttpTrace", "", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.http.client.methods", "RequestBuilder", False, "delete", "", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.http.client.methods", "RequestBuilder", False, "get", "", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.http.client.methods", "RequestBuilder", False, "head", "", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.http.client.methods", "RequestBuilder", False, "options", "", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.http.client.methods", "RequestBuilder", False, "patch", "", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.http.client.methods", "RequestBuilder", False, "post", "", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.http.client.methods", "RequestBuilder", False, "put", "", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.http.client.methods", "RequestBuilder", False, "setUri", "", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.http.client.methods", "RequestBuilder", False, "trace", "", "", "Argument[0]", "open-url", "manual"] + - ["org.apache.http.client.methods", "HttpDelete", False, "HttpDelete", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.http.client.methods", "HttpGet", False, "HttpGet", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.http.client.methods", "HttpHead", False, "HttpHead", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.http.client.methods", "HttpOptions", False, "HttpOptions", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.http.client.methods", "HttpPatch", False, "HttpPatch", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.http.client.methods", "HttpPost", False, "HttpPost", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.http.client.methods", "HttpPut", False, "HttpPut", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.http.client.methods", "HttpRequestBase", True, "setURI", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.http.client.methods", "HttpRequestWrapper", True, "setURI", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] + - ["org.apache.http.client.methods", "HttpTrace", False, "HttpTrace", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.http.client.methods", "RequestBuilder", False, "delete", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.http.client.methods", "RequestBuilder", False, "get", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.http.client.methods", "RequestBuilder", False, "head", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.http.client.methods", "RequestBuilder", False, "options", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.http.client.methods", "RequestBuilder", False, "patch", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.http.client.methods", "RequestBuilder", False, "post", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.http.client.methods", "RequestBuilder", False, "put", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.http.client.methods", "RequestBuilder", False, "setUri", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.http.client.methods", "RequestBuilder", False, "trace", "", "", "Argument[0]", "request-forgery", "manual"] diff --git a/java/ql/lib/ext/org.apache.http.client.model.yml b/java/ql/lib/ext/org.apache.http.client.model.yml index abdfb6ed91d..681efdf32e7 100644 --- a/java/ql/lib/ext/org.apache.http.client.model.yml +++ b/java/ql/lib/ext/org.apache.http.client.model.yml @@ -3,6 +3,6 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.http.client", "HttpClient", True, "execute", "(HttpUriRequest,HttpContext)", "", "Argument[0]", "open-url", "ai-manual"] - - ["org.apache.http.client", "HttpClient", True, "execute", "(HttpUriRequest,ResponseHandler,HttpContext)", "", "Argument[0]", "open-url", "ai-manual"] - - ["org.apache.http.client", "HttpClient", True, "execute", "(HttpUriRequest)", "", "Argument[0]", "open-url", "ai-manual"] + - ["org.apache.http.client", "HttpClient", True, "execute", "(HttpUriRequest,HttpContext)", "", "Argument[0]", "request-forgery", "ai-manual"] + - ["org.apache.http.client", "HttpClient", True, "execute", "(HttpUriRequest,ResponseHandler,HttpContext)", "", "Argument[0]", "request-forgery", "ai-manual"] + - ["org.apache.http.client", "HttpClient", True, "execute", "(HttpUriRequest)", "", "Argument[0]", "request-forgery", "ai-manual"] diff --git a/java/ql/lib/ext/org.apache.http.impl.client.model.yml b/java/ql/lib/ext/org.apache.http.impl.client.model.yml index 5cc1aca7498..be517e5344f 100644 --- a/java/ql/lib/ext/org.apache.http.impl.client.model.yml +++ b/java/ql/lib/ext/org.apache.http.impl.client.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.http.impl.client", "RequestWrapper", True, "setURI", "(URI)", "", "Argument[0]", "open-url", "hq-manual"] + - ["org.apache.http.impl.client", "RequestWrapper", True, "setURI", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] diff --git a/java/ql/lib/ext/org.apache.http.message.model.yml b/java/ql/lib/ext/org.apache.http.message.model.yml index c727b57b210..4ee0d13d8c1 100644 --- a/java/ql/lib/ext/org.apache.http.message.model.yml +++ b/java/ql/lib/ext/org.apache.http.message.model.yml @@ -3,12 +3,12 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.http.message", "BasicHttpEntityEnclosingRequest", False, "BasicHttpEntityEnclosingRequest", "(RequestLine)", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.http.message", "BasicHttpEntityEnclosingRequest", False, "BasicHttpEntityEnclosingRequest", "(String,String)", "", "Argument[1]", "open-url", "manual"] - - ["org.apache.http.message", "BasicHttpEntityEnclosingRequest", False, "BasicHttpEntityEnclosingRequest", "(String,String,ProtocolVersion)", "", "Argument[1]", "open-url", "manual"] - - ["org.apache.http.message", "BasicHttpRequest", False, "BasicHttpRequest", "(RequestLine)", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.http.message", "BasicHttpRequest", False, "BasicHttpRequest", "(String,String)", "", "Argument[1]", "open-url", "manual"] - - ["org.apache.http.message", "BasicHttpRequest", False, "BasicHttpRequest", "(String,String,ProtocolVersion)", "", "Argument[1]", "open-url", "manual"] + - ["org.apache.http.message", "BasicHttpEntityEnclosingRequest", False, "BasicHttpEntityEnclosingRequest", "(RequestLine)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.http.message", "BasicHttpEntityEnclosingRequest", False, "BasicHttpEntityEnclosingRequest", "(String,String)", "", "Argument[1]", "request-forgery", "manual"] + - ["org.apache.http.message", "BasicHttpEntityEnclosingRequest", False, "BasicHttpEntityEnclosingRequest", "(String,String,ProtocolVersion)", "", "Argument[1]", "request-forgery", "manual"] + - ["org.apache.http.message", "BasicHttpRequest", False, "BasicHttpRequest", "(RequestLine)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.http.message", "BasicHttpRequest", False, "BasicHttpRequest", "(String,String)", "", "Argument[1]", "request-forgery", "manual"] + - ["org.apache.http.message", "BasicHttpRequest", False, "BasicHttpRequest", "(String,String,ProtocolVersion)", "", "Argument[1]", "request-forgery", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/org.apache.http.model.yml b/java/ql/lib/ext/org.apache.http.model.yml index d03d2fa1a50..ff0bd813d83 100644 --- a/java/ql/lib/ext/org.apache.http.model.yml +++ b/java/ql/lib/ext/org.apache.http.model.yml @@ -9,7 +9,7 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.http", "HttpRequestFactory", True, "newHttpRequest", "(String,String)", "", "Argument[1]", "open-url", "hq-manual"] + - ["org.apache.http", "HttpRequestFactory", True, "newHttpRequest", "(String,String)", "", "Argument[1]", "request-forgery", "hq-manual"] - ["org.apache.http", "HttpResponse", True, "setEntity", "(HttpEntity)", "", "Argument[0]", "html-injection", "manual"] - addsTo: pack: codeql/java-all diff --git a/java/ql/lib/ext/org.codehaus.cargo.container.installer.model.yml b/java/ql/lib/ext/org.codehaus.cargo.container.installer.model.yml index ddd4d24577e..602a6223fe8 100644 --- a/java/ql/lib/ext/org.codehaus.cargo.container.installer.model.yml +++ b/java/ql/lib/ext/org.codehaus.cargo.container.installer.model.yml @@ -3,6 +3,6 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.codehaus.cargo.container.installer", "ZipURLInstaller", True, "ZipURLInstaller", "(URL,String,String)", "", "Argument[0]", "open-url", "ai-manual"] + - ["org.codehaus.cargo.container.installer", "ZipURLInstaller", True, "ZipURLInstaller", "(URL,String,String)", "", "Argument[0]", "request-forgery", "ai-manual"] - ["org.codehaus.cargo.container.installer", "ZipURLInstaller", True, "ZipURLInstaller", "(URL,String,String)", "", "Argument[1]", "path-injection", "ai-manual"] - ["org.codehaus.cargo.container.installer", "ZipURLInstaller", True, "ZipURLInstaller", "(URL,String,String)", "", "Argument[2]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/org.eclipse.jetty.client.model.yml b/java/ql/lib/ext/org.eclipse.jetty.client.model.yml index 23f0e2a48a8..28c3430e818 100644 --- a/java/ql/lib/ext/org.eclipse.jetty.client.model.yml +++ b/java/ql/lib/ext/org.eclipse.jetty.client.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.eclipse.jetty.client", "HttpClient", True, "newRequest", "(String)", "", "Argument[0]", "open-url", "ai-manual"] + - ["org.eclipse.jetty.client", "HttpClient", True, "newRequest", "(String)", "", "Argument[0]", "request-forgery", "ai-manual"] diff --git a/java/ql/lib/ext/org.jdbi.v3.core.model.yml b/java/ql/lib/ext/org.jdbi.v3.core.model.yml index fd7f4e824ac..a80c0a3d90e 100644 --- a/java/ql/lib/ext/org.jdbi.v3.core.model.yml +++ b/java/ql/lib/ext/org.jdbi.v3.core.model.yml @@ -3,9 +3,9 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.jdbi.v3.core", "Jdbi", False, "create", "(String)", "", "Argument[0]", "jdbc-url", "manual"] - - ["org.jdbi.v3.core", "Jdbi", False, "create", "(String,Properties)", "", "Argument[0]", "jdbc-url", "manual"] - - ["org.jdbi.v3.core", "Jdbi", False, "create", "(String,String,String)", "", "Argument[0]", "jdbc-url", "manual"] - - ["org.jdbi.v3.core", "Jdbi", False, "open", "(String)", "", "Argument[0]", "jdbc-url", "manual"] - - ["org.jdbi.v3.core", "Jdbi", False, "open", "(String,Properties)", "", "Argument[0]", "jdbc-url", "manual"] - - ["org.jdbi.v3.core", "Jdbi", False, "open", "(String,String,String)", "", "Argument[0]", "jdbc-url", "manual"] + - ["org.jdbi.v3.core", "Jdbi", False, "create", "(String)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.jdbi.v3.core", "Jdbi", False, "create", "(String,Properties)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.jdbi.v3.core", "Jdbi", False, "create", "(String,String,String)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.jdbi.v3.core", "Jdbi", False, "open", "(String)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.jdbi.v3.core", "Jdbi", False, "open", "(String,Properties)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.jdbi.v3.core", "Jdbi", False, "open", "(String,String,String)", "", "Argument[0]", "request-forgery", "manual"] diff --git a/java/ql/lib/ext/org.kohsuke.stapler.model.yml b/java/ql/lib/ext/org.kohsuke.stapler.model.yml index 7b6dea2e669..7a242051485 100644 --- a/java/ql/lib/ext/org.kohsuke.stapler.model.yml +++ b/java/ql/lib/ext/org.kohsuke.stapler.model.yml @@ -4,4 +4,4 @@ extensions: extensible: sinkModel data: - ["org.kohsuke.stapler", "HttpResponses", True, "redirectTo", "(String)", "", "Argument[0]", "url-redirection", "ai-manual"] - - ["org.kohsuke.stapler", "HttpResponses", True, "staticResource", "(URL)", "", "Argument[0]", "open-url", "ai-manual"] + - ["org.kohsuke.stapler", "HttpResponses", True, "staticResource", "(URL)", "", "Argument[0]", "request-forgery", "ai-manual"] diff --git a/java/ql/lib/ext/org.springframework.boot.jdbc.model.yml b/java/ql/lib/ext/org.springframework.boot.jdbc.model.yml index bd7c5d8c5c1..7d61e1431c9 100644 --- a/java/ql/lib/ext/org.springframework.boot.jdbc.model.yml +++ b/java/ql/lib/ext/org.springframework.boot.jdbc.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.springframework.boot.jdbc", "DataSourceBuilder", False, "url", "(String)", "", "Argument[0]", "jdbc-url", "manual"] + - ["org.springframework.boot.jdbc", "DataSourceBuilder", False, "url", "(String)", "", "Argument[0]", "request-forgery", "manual"] diff --git a/java/ql/lib/ext/org.springframework.http.model.yml b/java/ql/lib/ext/org.springframework.http.model.yml index 8835a471c28..cb5f18a7732 100644 --- a/java/ql/lib/ext/org.springframework.http.model.yml +++ b/java/ql/lib/ext/org.springframework.http.model.yml @@ -3,20 +3,20 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.springframework.http", "RequestEntity", False, "RequestEntity", "(HttpMethod,URI)", "", "Argument[1]", "open-url", "manual"] - - ["org.springframework.http", "RequestEntity", False, "RequestEntity", "(MultiValueMap,HttpMethod,URI)", "", "Argument[2]", "open-url", "manual"] - - ["org.springframework.http", "RequestEntity", False, "RequestEntity", "(Object,HttpMethod,URI)", "", "Argument[2]", "open-url", "manual"] - - ["org.springframework.http", "RequestEntity", False, "RequestEntity", "(Object,HttpMethod,URI,Type)", "", "Argument[2]", "open-url", "manual"] - - ["org.springframework.http", "RequestEntity", False, "RequestEntity", "(Object,MultiValueMap,HttpMethod,URI)", "", "Argument[3]", "open-url", "manual"] - - ["org.springframework.http", "RequestEntity", False, "RequestEntity", "(Object,MultiValueMap,HttpMethod,URI,Type)", "", "Argument[3]", "open-url", "manual"] - - ["org.springframework.http", "RequestEntity", False, "delete", "", "", "Argument[0]", "open-url", "manual"] - - ["org.springframework.http", "RequestEntity", False, "get", "", "", "Argument[0]", "open-url", "manual"] - - ["org.springframework.http", "RequestEntity", False, "head", "", "", "Argument[0]", "open-url", "manual"] - - ["org.springframework.http", "RequestEntity", False, "method", "", "", "Argument[1]", "open-url", "manual"] - - ["org.springframework.http", "RequestEntity", False, "options", "", "", "Argument[0]", "open-url", "manual"] - - ["org.springframework.http", "RequestEntity", False, "patch", "", "", "Argument[0]", "open-url", "manual"] - - ["org.springframework.http", "RequestEntity", False, "post", "", "", "Argument[0]", "open-url", "manual"] - - ["org.springframework.http", "RequestEntity", False, "put", "", "", "Argument[0]", "open-url", "manual"] + - ["org.springframework.http", "RequestEntity", False, "RequestEntity", "(HttpMethod,URI)", "", "Argument[1]", "request-forgery", "manual"] + - ["org.springframework.http", "RequestEntity", False, "RequestEntity", "(MultiValueMap,HttpMethod,URI)", "", "Argument[2]", "request-forgery", "manual"] + - ["org.springframework.http", "RequestEntity", False, "RequestEntity", "(Object,HttpMethod,URI)", "", "Argument[2]", "request-forgery", "manual"] + - ["org.springframework.http", "RequestEntity", False, "RequestEntity", "(Object,HttpMethod,URI,Type)", "", "Argument[2]", "request-forgery", "manual"] + - ["org.springframework.http", "RequestEntity", False, "RequestEntity", "(Object,MultiValueMap,HttpMethod,URI)", "", "Argument[3]", "request-forgery", "manual"] + - ["org.springframework.http", "RequestEntity", False, "RequestEntity", "(Object,MultiValueMap,HttpMethod,URI,Type)", "", "Argument[3]", "request-forgery", "manual"] + - ["org.springframework.http", "RequestEntity", False, "delete", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.springframework.http", "RequestEntity", False, "get", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.springframework.http", "RequestEntity", False, "head", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.springframework.http", "RequestEntity", False, "method", "", "", "Argument[1]", "request-forgery", "manual"] + - ["org.springframework.http", "RequestEntity", False, "options", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.springframework.http", "RequestEntity", False, "patch", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.springframework.http", "RequestEntity", False, "post", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.springframework.http", "RequestEntity", False, "put", "", "", "Argument[0]", "request-forgery", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/org.springframework.jdbc.datasource.model.yml b/java/ql/lib/ext/org.springframework.jdbc.datasource.model.yml index 7bb84c37e2c..3c274d264f9 100644 --- a/java/ql/lib/ext/org.springframework.jdbc.datasource.model.yml +++ b/java/ql/lib/ext/org.springframework.jdbc.datasource.model.yml @@ -3,7 +3,7 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.springframework.jdbc.datasource", "AbstractDriverBasedDataSource", False, "setUrl", "(String)", "", "Argument[0]", "jdbc-url", "manual"] - - ["org.springframework.jdbc.datasource", "DriverManagerDataSource", False, "DriverManagerDataSource", "(String)", "", "Argument[0]", "jdbc-url", "manual"] - - ["org.springframework.jdbc.datasource", "DriverManagerDataSource", False, "DriverManagerDataSource", "(String,Properties)", "", "Argument[0]", "jdbc-url", "manual"] - - ["org.springframework.jdbc.datasource", "DriverManagerDataSource", False, "DriverManagerDataSource", "(String,String,String)", "", "Argument[0]", "jdbc-url", "manual"] + - ["org.springframework.jdbc.datasource", "AbstractDriverBasedDataSource", False, "setUrl", "(String)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.springframework.jdbc.datasource", "DriverManagerDataSource", False, "DriverManagerDataSource", "(String)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.springframework.jdbc.datasource", "DriverManagerDataSource", False, "DriverManagerDataSource", "(String,Properties)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.springframework.jdbc.datasource", "DriverManagerDataSource", False, "DriverManagerDataSource", "(String,String,String)", "", "Argument[0]", "request-forgery", "manual"] diff --git a/java/ql/lib/ext/org.springframework.web.client.model.yml b/java/ql/lib/ext/org.springframework.web.client.model.yml index 69f4cb64fc6..79a7f577c3d 100644 --- a/java/ql/lib/ext/org.springframework.web.client.model.yml +++ b/java/ql/lib/ext/org.springframework.web.client.model.yml @@ -10,16 +10,16 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.springframework.web.client", "RestTemplate", False, "delete", "", "", "Argument[0]", "open-url", "manual"] - - ["org.springframework.web.client", "RestTemplate", False, "doExecute", "", "", "Argument[0]", "open-url", "manual"] - - ["org.springframework.web.client", "RestTemplate", False, "exchange", "", "", "Argument[0]", "open-url", "manual"] - - ["org.springframework.web.client", "RestTemplate", False, "execute", "", "", "Argument[0]", "open-url", "manual"] - - ["org.springframework.web.client", "RestTemplate", False, "getForEntity", "", "", "Argument[0]", "open-url", "manual"] - - ["org.springframework.web.client", "RestTemplate", False, "getForObject", "", "", "Argument[0]", "open-url", "manual"] - - ["org.springframework.web.client", "RestTemplate", False, "headForHeaders", "", "", "Argument[0]", "open-url", "manual"] - - ["org.springframework.web.client", "RestTemplate", False, "optionsForAllow", "", "", "Argument[0]", "open-url", "manual"] - - ["org.springframework.web.client", "RestTemplate", False, "patchForObject", "", "", "Argument[0]", "open-url", "manual"] - - ["org.springframework.web.client", "RestTemplate", False, "postForEntity", "", "", "Argument[0]", "open-url", "manual"] - - ["org.springframework.web.client", "RestTemplate", False, "postForLocation", "", "", "Argument[0]", "open-url", "manual"] - - ["org.springframework.web.client", "RestTemplate", False, "postForObject", "", "", "Argument[0]", "open-url", "manual"] - - ["org.springframework.web.client", "RestTemplate", False, "put", "", "", "Argument[0]", "open-url", "manual"] + - ["org.springframework.web.client", "RestTemplate", False, "delete", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.springframework.web.client", "RestTemplate", False, "doExecute", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.springframework.web.client", "RestTemplate", False, "exchange", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.springframework.web.client", "RestTemplate", False, "execute", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.springframework.web.client", "RestTemplate", False, "getForEntity", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.springframework.web.client", "RestTemplate", False, "getForObject", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.springframework.web.client", "RestTemplate", False, "headForHeaders", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.springframework.web.client", "RestTemplate", False, "optionsForAllow", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.springframework.web.client", "RestTemplate", False, "patchForObject", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.springframework.web.client", "RestTemplate", False, "postForEntity", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.springframework.web.client", "RestTemplate", False, "postForLocation", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.springframework.web.client", "RestTemplate", False, "postForObject", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.springframework.web.client", "RestTemplate", False, "put", "", "", "Argument[0]", "request-forgery", "manual"] diff --git a/java/ql/lib/ext/org.springframework.web.reactive.function.client.model.yml b/java/ql/lib/ext/org.springframework.web.reactive.function.client.model.yml index cb2d1db4444..a76582b5e80 100644 --- a/java/ql/lib/ext/org.springframework.web.reactive.function.client.model.yml +++ b/java/ql/lib/ext/org.springframework.web.reactive.function.client.model.yml @@ -3,5 +3,5 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.springframework.web.reactive.function.client", "WebClient", False, "create", "", "", "Argument[0]", "open-url", "manual"] - - ["org.springframework.web.reactive.function.client", "WebClient$Builder", False, "baseUrl", "", "", "Argument[0]", "open-url", "manual"] + - ["org.springframework.web.reactive.function.client", "WebClient", False, "create", "", "", "Argument[0]", "request-forgery", "manual"] + - ["org.springframework.web.reactive.function.client", "WebClient$Builder", False, "baseUrl", "", "", "Argument[0]", "request-forgery", "manual"] diff --git a/java/ql/lib/ext/retrofit2.model.yml b/java/ql/lib/ext/retrofit2.model.yml index 51c4c0eed83..4ea997169a9 100644 --- a/java/ql/lib/ext/retrofit2.model.yml +++ b/java/ql/lib/ext/retrofit2.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["retrofit2", "Retrofit$Builder", True, "baseUrl", "", "", "Argument[0]", "open-url", "manual"] + - ["retrofit2", "Retrofit$Builder", True, "baseUrl", "", "", "Argument[0]", "request-forgery", "manual"] diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index b4d1e146312..5776d64f402 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -274,13 +274,12 @@ module ModelValidation { exists(string kind | sinkModel(_, _, _, _, _, _, _, kind, _) | not kind = [ - "open-url", "jndi-injection", "ldap-injection", "sql-injection", "jdbc-url", - "log-injection", "mvel-injection", "xpath-injection", "groovy-injection", - "html-injection", "js-injection", "ognl-injection", "intent-redirection", - "pending-intents", "url-redirection", "path-injection", "file-content-store", - "hostname-verification", "response-splitting", "information-leak", "xslt-injection", - "jexl-injection", "bean-validation", "template-injection", "fragment-injection", - "command-injection" + "request-forgery", "jndi-injection", "ldap-injection", "sql-injection", "log-injection", + "mvel-injection", "xpath-injection", "groovy-injection", "html-injection", "js-injection", + "ognl-injection", "intent-redirection", "pending-intents", "url-redirection", + "path-injection", "file-content-store", "hostname-verification", "response-splitting", + "information-leak", "xslt-injection", "jexl-injection", "bean-validation", + "template-injection", "fragment-injection", "command-injection" ] and not kind.matches("regex-use%") and not kind.matches("qltest%") and diff --git a/java/ql/lib/semmle/code/java/security/HttpsUrls.qll b/java/ql/lib/semmle/code/java/security/HttpsUrls.qll index a2b144a3833..23ccb306a16 100644 --- a/java/ql/lib/semmle/code/java/security/HttpsUrls.qll +++ b/java/ql/lib/semmle/code/java/security/HttpsUrls.qll @@ -30,7 +30,7 @@ class HttpStringLiteral extends StringLiteral { abstract class UrlOpenSink extends DataFlow::Node { } private class DefaultUrlOpenSink extends UrlOpenSink { - DefaultUrlOpenSink() { sinkNode(this, "open-url") } + DefaultUrlOpenSink() { sinkNode(this, "request-forgery") } } /** diff --git a/java/ql/lib/semmle/code/java/security/RequestForgery.qll b/java/ql/lib/semmle/code/java/security/RequestForgery.qll index f9b98490dfa..0eeea1c2afd 100644 --- a/java/ql/lib/semmle/code/java/security/RequestForgery.qll +++ b/java/ql/lib/semmle/code/java/security/RequestForgery.qll @@ -52,12 +52,8 @@ private class TypePropertiesRequestForgeryAdditionalTaintStep extends RequestFor /** A data flow sink for server-side request forgery (SSRF) vulnerabilities. */ abstract class RequestForgerySink extends DataFlow::Node { } -private class UrlOpenSinkAsRequestForgerySink extends RequestForgerySink { - UrlOpenSinkAsRequestForgerySink() { sinkNode(this, "open-url") } -} - -private class JdbcUrlSinkAsRequestForgerySink extends RequestForgerySink { - JdbcUrlSinkAsRequestForgerySink() { sinkNode(this, "jdbc-url") } +private class DefaultRequestForgerySink extends RequestForgerySink { + DefaultRequestForgerySink() { sinkNode(this, "request-forgery") } } /** A sanitizer for request forgery vulnerabilities. */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.qll b/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.qll index bff6a0a3893..3b5a8940239 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.qll @@ -89,7 +89,7 @@ class GetVirtualFileChildMethod extends Method { /** An argument to `getResource()` or `getResourceAsStream()`. */ private class GetResourceSink extends UnsafeUrlForwardSink { GetResourceSink() { - sinkNode(this, "open-url") + sinkNode(this, "request-forgery") or sinkNode(this, "get-resource") or diff --git a/java/ql/test/library-tests/frameworks/okhttp/test.ql b/java/ql/test/library-tests/frameworks/okhttp/test.ql index 2992a519e64..52e8a47132a 100644 --- a/java/ql/test/library-tests/frameworks/okhttp/test.ql +++ b/java/ql/test/library-tests/frameworks/okhttp/test.ql @@ -5,7 +5,9 @@ import TestUtilities.InlineFlowTest module OkHttpFlowConfig implements DataFlow::ConfigSig { predicate isSource = DefaultFlowConfig::isSource/1; - predicate isSink(DataFlow::Node n) { DefaultFlowConfig::isSink(n) or sinkNode(n, "open-url") } + predicate isSink(DataFlow::Node n) { + DefaultFlowConfig::isSink(n) or sinkNode(n, "request-forgery") + } } module OkHttpFlow = DataFlow::Global<OkHttpFlowConfig>; diff --git a/java/ql/test/library-tests/frameworks/retrofit/test.ql b/java/ql/test/library-tests/frameworks/retrofit/test.ql index 5db5201aad0..e09f1ed41d7 100644 --- a/java/ql/test/library-tests/frameworks/retrofit/test.ql +++ b/java/ql/test/library-tests/frameworks/retrofit/test.ql @@ -5,7 +5,9 @@ import TestUtilities.InlineFlowTest module FlowConfig implements DataFlow::ConfigSig { predicate isSource = DefaultFlowConfig::isSource/1; - predicate isSink(DataFlow::Node n) { DefaultFlowConfig::isSink(n) or sinkNode(n, "open-url") } + predicate isSink(DataFlow::Node n) { + DefaultFlowConfig::isSink(n) or sinkNode(n, "request-forgery") + } } module Flow = DataFlow::Global<FlowConfig>; From 0a8c0f58b2c3f12889cb64f55174c050abad21fd Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Tue, 9 May 2023 12:30:14 -0400 Subject: [PATCH 765/870] Java: add sink kinds documentation --- .../customizing-library-models-for-java.rst | 37 +++++++++++++------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst b/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst index baa93e8eb0a..d45ce942964 100644 --- a/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst +++ b/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst @@ -327,18 +327,31 @@ Taint sink. As opposed to source kinds, there are many different kinds of sinks The following sink kinds are supported: -- **sql**: A SQL injection vulnerability sink. -- **xss**: A cross-site scripting vulnerability sink. -- **logging**: A log output sink. - -Below is an enumeration of the remaining sinks, but they are out of scope for this documentation: - -- **open-url**, **jndi-injection**, **ldap**, **jdbc-url** -- **mvel**, **xpath**, **groovy**, **ognl-injection** -- **intent-start**, **pending-intent-sent**, **url-redirect** -- **create-file**, **read-file**, **write-file**, **set-hostname-verifier** -- **header-splitting**, **information-leak**, **xslt**, **jexl** -- **bean-validation**, **ssti**, **fragment-injection**, **regex-use[**\ `arg`\ **]** +- **bean-validation**: A sink that can be used for insecure bean validation, such as in calls to **ConstraintValidatorContext.buildConstraintViolationWithTemplate**. +- **command-injection**: A sink that can be used to inject shell commands, such as in calls to **Runtime.exec**. +- **file-content-store**: A sink that can be used to control the contents of a file, such as in a **Files.write** call. +- **fragment-injection**: A sink that can be used for Android fragment injection, such as in a **FragmentTransaction.replace** call. +- **groovy-injection**: A sink that can be used for Groovy injection, such as in a **GroovyShell.evaluate** call. +- **hostname-verification**: A sink that can be used for unsafe hostname verification, such as in calls to **HttpsURLConnection.setHostnameVerifier**. +- **html-injection**: A sink that can be used for XSS via HTML injection, such as in a **ResponseStream.write** call. +- **information-leak**: A sink that can be used to leak information to an HTTP response, such as in calls to **HttpServletResponse.sendError**. +- **intent-redirection**: A sink that can be used for Android intent redirection, such as in a **Context.startActivity** call. +- **jexl-injection**: A sink that can be used for JEXL expression injection, such as in a **JexlExpression.evaluate** call. +- **jndi-injection**: A sink that can be used for JNDI injection, such as in a **Context.lookup** call. +- **js-injection**: A sink that can be used for XSS via JavaScript injection, such as in a **Webview.evaluateJavaScript** call. +- **ldap-injection**: A sink that can be used for LDAP injection, such as in a **DirContext.search** call. +- **log-injection**: A sink that can be used for log injection, such as in a **Logger.warn** call. +- **mvel-injection**: A sink that can be used for MVEL expression injection, such as in a **MVEL.eval** call. +- **ognl-injection**: A sink that can be used for OGNL injection, such as in an **Ognl.getValue** call. +- **path-injection**: A sink that can be used for path injection in a file system access, such as in calls to **new FileReader**. +- **pending-intents**: A sink that can be used to send an implicit and mutable `PendingIntent` to a third party, such as in an **Activity.setResult** call. +- **request-forgery**: A sink that controls the URL of a request, such as in an **HttpRequest.newBuilder** call. +- **response-splitting**: A sink that can be used for HTTP response splitting, such as in calls to **HttpServletResponse.setHeader**. +- **sql-injection**: A sink that can be used for SQL injection, such as in a **Statement.executeQuery** call. +- **template-injection**: A sink that can be used for server side template injection, such as in a **Velocity.evaluate** call. +- **url-redirection**: A sink that can be used to redirect the user to a malicious URL, such as in a **Response.temporaryRedirect** call. +- **xpath-injection**: A sink that can be used for XPath injection, such as in a **XPath.evaluate** call. +- **xslt-injection**: A sink that can be used for XSLT injection, such as in a **Transformer.transform** call. summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From 36e467e74adba329b72c4e494bc0235b55363c9c Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Tue, 9 May 2023 14:49:07 -0400 Subject: [PATCH 766/870] Java: update cwe-sink.csv --- java/documentation/library-coverage/cwe-sink.csv | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/java/documentation/library-coverage/cwe-sink.csv b/java/documentation/library-coverage/cwe-sink.csv index a4e2f5b9af9..16fff1e653b 100644 --- a/java/documentation/library-coverage/cwe-sink.csv +++ b/java/documentation/library-coverage/cwe-sink.csv @@ -1,7 +1,7 @@ CWE,Sink identifier,Label -CWE‑089,sql,SQL injection -CWE‑022,create-file,Path injection +CWE‑089,sql-injection,SQL injection +CWE‑022,path-injection,Path injection CWE‑094,bean-validation,Code injection -CWE‑319,open-url,Cleartext transmission -CWE‑079,xss,Cross-site scripting -CWE‑090,ldap,LDAP injection +CWE‑918,request-forgery,Request Forgery +CWE‑079,html-injection js-injection,Cross-site scripting +CWE‑090,ldap-injection,LDAP injection From ad771984f12e8056f9958614b0c3c65a81b5aab0 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Tue, 9 May 2023 15:09:49 -0400 Subject: [PATCH 767/870] Java: update recently added path-injection sinks --- java/ql/lib/ext/org.springframework.util.model.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/java/ql/lib/ext/org.springframework.util.model.yml b/java/ql/lib/ext/org.springframework.util.model.yml index a0203a0ce9e..a868638c4df 100644 --- a/java/ql/lib/ext/org.springframework.util.model.yml +++ b/java/ql/lib/ext/org.springframework.util.model.yml @@ -3,9 +3,9 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.springframework.util", "FileCopyUtils", False, "copy", "(byte[],File)", "", "Argument[1]", "create-file", "manual"] - - ["org.springframework.util", "FileCopyUtils", False, "copy", "(File,File)", "", "Argument[0]", "read-file", "manual"] - - ["org.springframework.util", "FileCopyUtils", False, "copy", "(File,File)", "", "Argument[1]", "create-file", "manual"] + - ["org.springframework.util", "FileCopyUtils", False, "copy", "(byte[],File)", "", "Argument[1]", "path-injection", "manual"] + - ["org.springframework.util", "FileCopyUtils", False, "copy", "(File,File)", "", "Argument[0]", "path-injection", "manual"] + - ["org.springframework.util", "FileCopyUtils", False, "copy", "(File,File)", "", "Argument[1]", "path-injection", "manual"] - addsTo: pack: codeql/java-all From e28ce959a3168f01c5f879fbade26f88f9a149c1 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Tue, 9 May 2023 15:10:32 -0400 Subject: [PATCH 768/870] Java: update CaptureSinkModels test case --- .../modelgenerator/dataflow/CaptureSinkModels.expected | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/java/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.expected b/java/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.expected index b0c363c1b4a..799a1a37dd4 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.expected +++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.expected @@ -1,5 +1,5 @@ -| p;PrivateFlowViaPublicInterface$SPI;true;openStream;();;Argument[this];create-file;df-generated | -| p;Sinks;true;copyFileToDirectory;(Path,Path,CopyOption[]);;Argument[0];read-file;df-generated | -| p;Sinks;true;copyFileToDirectory;(Path,Path,CopyOption[]);;Argument[1];create-file;df-generated | -| p;Sinks;true;readUrl;(URL,Charset);;Argument[0];open-url;df-generated | -| p;Sources;true;readUrl;(URL);;Argument[0];open-url;df-generated | +| p;PrivateFlowViaPublicInterface$SPI;true;openStream;();;Argument[this];path-injection;df-generated | +| p;Sinks;true;copyFileToDirectory;(Path,Path,CopyOption[]);;Argument[0];path-injection;df-generated | +| p;Sinks;true;copyFileToDirectory;(Path,Path,CopyOption[]);;Argument[1];path-injection;df-generated | +| p;Sinks;true;readUrl;(URL,Charset);;Argument[0];request-forgery;df-generated | +| p;Sources;true;readUrl;(URL);;Argument[0];request-forgery;df-generated | From 6bb6802fb8c90f831634e306ef9f974a78a7db04 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Tue, 9 May 2023 15:26:05 -0400 Subject: [PATCH 769/870] Java: add change note draft --- .../2023-05-05-java-sink-kind-revamp.md | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 java/ql/lib/change-notes/2023-05-05-java-sink-kind-revamp.md diff --git a/java/ql/lib/change-notes/2023-05-05-java-sink-kind-revamp.md b/java/ql/lib/change-notes/2023-05-05-java-sink-kind-revamp.md new file mode 100644 index 00000000000..2ca5dedff2e --- /dev/null +++ b/java/ql/lib/change-notes/2023-05-05-java-sink-kind-revamp.md @@ -0,0 +1,22 @@ +--- +category: minorAnalysis +--- +* Updated the following Java sink kind names: + * `sql` to `sql-injection` + * `url-redirect` to `url-redirection` + * `xpath` to `xpath-injection` + * `ssti` to `template-injection` + * `logging` to `log-injection` + * `groovy` to `groovy-injection` + * `jexl` to `jexl-injection` + * `mvel` to `mvel-injection` + * `xslt` to `xslt-injection` + * `ldap` to `ldap-injection` + * `pending-intent-sent` to `pending-intents` + * `intent-start` to `intent-redirection` + * `set-hostname-verifier` to `hostname-verification` + * `header-splitting` to `response-splitting` + * `xss` to `html-injection` and `js-injection` + * `write-file` to `file-system-store` + * `create-file` and `read-file` to `path-injection` + * `open-url` and `jdbc-url` to `request-forgery` From 3e5dc28c0a64048b1c1a2d98d4632e20601589f5 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Wed, 10 May 2023 17:27:03 -0400 Subject: [PATCH 770/870] Java: update more recently added sinks: path-injection and request-forgery --- .../lib/ext/org.apache.commons.net.model.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/java/ql/lib/ext/org.apache.commons.net.model.yml b/java/ql/lib/ext/org.apache.commons.net.model.yml index 1ea8876a4e1..0a4c46e6a3c 100644 --- a/java/ql/lib/ext/org.apache.commons.net.model.yml +++ b/java/ql/lib/ext/org.apache.commons.net.model.yml @@ -3,15 +3,15 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.commons.net", "SocketClient", true, "connect", "(InetAddress)", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.commons.net", "SocketClient", true, "connect", "(InetAddress,int)", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.commons.net", "SocketClient", true, "connect", "(InetAddress,int,InetAddress,int)", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.commons.net", "SocketClient", true, "connect", "(String)", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.commons.net", "SocketClient", true, "connect", "(String,int)", "", "Argument[0]", "open-url", "df-manual"] - - ["org.apache.commons.net", "SocketClient", true, "connect", "(String,int,InetAddress,int)", "", "Argument[0]", "open-url", "manual"] - - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(File,String)", "", "Argument[0]", "read-file", "df-manual"] - - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(File,String,String)", "", "Argument[0]", "read-file", "df-manual"] - - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(String,File,String,String,String)", "", "Argument[1]", "read-file", "df-manual"] + - ["org.apache.commons.net", "SocketClient", true, "connect", "(InetAddress)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.commons.net", "SocketClient", true, "connect", "(InetAddress,int)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.commons.net", "SocketClient", true, "connect", "(InetAddress,int,InetAddress,int)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.commons.net", "SocketClient", true, "connect", "(String)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.commons.net", "SocketClient", true, "connect", "(String,int)", "", "Argument[0]", "request-forgery", "df-manual"] + - ["org.apache.commons.net", "SocketClient", true, "connect", "(String,int,InetAddress,int)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(File,String)", "", "Argument[0]", "path-injection", "df-manual"] + - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(File,String,String)", "", "Argument[0]", "path-injection", "df-manual"] + - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(String,File,String,String,String)", "", "Argument[1]", "path-injection", "df-manual"] - addsTo: pack: codeql/java-all extensible: sourceModel From 9853a66b327f871ce0ddd42cb97dd1e62153fa80 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Thu, 11 May 2023 12:20:23 -0400 Subject: [PATCH 771/870] Java: update change note --- java/ql/lib/change-notes/2023-05-05-java-sink-kind-revamp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/lib/change-notes/2023-05-05-java-sink-kind-revamp.md b/java/ql/lib/change-notes/2023-05-05-java-sink-kind-revamp.md index 2ca5dedff2e..ef54f491051 100644 --- a/java/ql/lib/change-notes/2023-05-05-java-sink-kind-revamp.md +++ b/java/ql/lib/change-notes/2023-05-05-java-sink-kind-revamp.md @@ -1,7 +1,7 @@ --- category: minorAnalysis --- -* Updated the following Java sink kind names: +* Updated the following Java sink kind names. Any custom data extensions will need to be updated accordingly in order to continue working. * `sql` to `sql-injection` * `url-redirect` to `url-redirection` * `xpath` to `xpath-injection` From ca8ac0c93fbd94aab092ee88e71c1d0f28472293 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Thu, 11 May 2023 12:40:29 -0400 Subject: [PATCH 772/870] Java: add comment about request-forgery sinks --- java/ql/lib/semmle/code/java/security/HttpsUrls.qll | 1 + 1 file changed, 1 insertion(+) diff --git a/java/ql/lib/semmle/code/java/security/HttpsUrls.qll b/java/ql/lib/semmle/code/java/security/HttpsUrls.qll index 23ccb306a16..07435889fd9 100644 --- a/java/ql/lib/semmle/code/java/security/HttpsUrls.qll +++ b/java/ql/lib/semmle/code/java/security/HttpsUrls.qll @@ -30,6 +30,7 @@ class HttpStringLiteral extends StringLiteral { abstract class UrlOpenSink extends DataFlow::Node { } private class DefaultUrlOpenSink extends UrlOpenSink { + // request-forgery sinks control the URL of a request DefaultUrlOpenSink() { sinkNode(this, "request-forgery") } } From 51f8f98118be37d62da93069c92ae3c235df9450 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Tue, 30 May 2023 14:39:20 -0400 Subject: [PATCH 773/870] Java: update recently added 'sql' sinks --- ...ingframework.jdbc.core.namedparam.model.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/java/ql/lib/ext/org.springframework.jdbc.core.namedparam.model.yml b/java/ql/lib/ext/org.springframework.jdbc.core.namedparam.model.yml index 9ecd0973558..a2ba27f6062 100644 --- a/java/ql/lib/ext/org.springframework.jdbc.core.namedparam.model.yml +++ b/java/ql/lib/ext/org.springframework.jdbc.core.namedparam.model.yml @@ -3,12 +3,12 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "batchUpdate", "", "", "Argument[0]", "sql", "manual"] - - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "execute", "", "", "Argument[0]", "sql", "manual"] - - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "query", "", "", "Argument[0]", "sql", "manual"] - - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "queryForList", "", "", "Argument[0]", "sql", "manual"] - - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "queryForMap", "", "", "Argument[0]", "sql", "manual"] - - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "queryForObject", "", "", "Argument[0]", "sql", "manual"] - - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "queryForRowSet", "", "", "Argument[0]", "sql", "manual"] - - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "queryForStream", "", "", "Argument[0]", "sql", "manual"] - - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "update", "", "", "Argument[0]", "sql", "manual"] + - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "batchUpdate", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "execute", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "query", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "queryForList", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "queryForMap", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "queryForObject", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "queryForRowSet", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "queryForStream", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.springframework.jdbc.core.namedparam", "NamedParameterJdbcOperations", True, "update", "", "", "Argument[0]", "sql-injection", "manual"] From 82f208ca7a113ebd04276a1011ec6336307b6882 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Wed, 31 May 2023 17:47:36 -0400 Subject: [PATCH 774/870] Java: add isNeutralSink test case --- .../neutrals/neutralsinks/NeutralSinksTest.ql | 24 ++++++++- .../neutrals/neutralsinks/Test.java | 52 +++++++++---------- 2 files changed, 48 insertions(+), 28 deletions(-) diff --git a/java/ql/test/library-tests/neutrals/neutralsinks/NeutralSinksTest.ql b/java/ql/test/library-tests/neutrals/neutralsinks/NeutralSinksTest.ql index 422508f5711..224b03ea51c 100644 --- a/java/ql/test/library-tests/neutrals/neutralsinks/NeutralSinksTest.ql +++ b/java/ql/test/library-tests/neutrals/neutralsinks/NeutralSinksTest.ql @@ -2,9 +2,10 @@ import java import TestUtilities.InlineExpectationsTest import semmle.code.java.dataflow.DataFlow import semmle.code.java.dataflow.ExternalFlow +import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl -class NeutralSinksTest extends InlineExpectationsTest { - NeutralSinksTest() { this = "NeutralSinksTest" } +class SinkTest extends InlineExpectationsTest { + SinkTest() { this = "SinkTest" } override string getARelevantTag() { result = "isSink" } @@ -18,3 +19,22 @@ class NeutralSinksTest extends InlineExpectationsTest { ) } } + +class NeutralSinkTest extends InlineExpectationsTest { + NeutralSinkTest() { this = "NeutralSinkTest" } + + override string getARelevantTag() { result = "isNeutralSink" } + + override predicate hasActualResult(Location location, string element, string tag, string value) { + tag = "isNeutralSink" and + exists(Call call, Callable callable | + call.getCallee() = callable and + neutralModel(callable.getDeclaringType().getCompilationUnit().getPackage().getName(), + callable.getDeclaringType().getSourceDeclaration().nestedName(), callable.getName(), + [paramsString(callable), ""], "sink", _) and + call.getLocation() = location and + element = call.toString() and + value = "" + ) + } +} diff --git a/java/ql/test/library-tests/neutrals/neutralsinks/Test.java b/java/ql/test/library-tests/neutrals/neutralsinks/Test.java index fee2cbbb7dd..a234132226f 100644 --- a/java/ql/test/library-tests/neutrals/neutralsinks/Test.java +++ b/java/ql/test/library-tests/neutrals/neutralsinks/Test.java @@ -14,48 +14,48 @@ public class Test { // java.io File file = null; - file.exists(); // Neutral Sink - file.compareTo(null); // Neutral Sink + file.exists(); // $ isNeutralSink + file.compareTo(null); // $ isNeutralSink // java.nio.file - Files.exists(null, (LinkOption[])null); // Neutral Sink - Files.getLastModifiedTime(null, (LinkOption[])null); // Neutral Sink - Files.getOwner(null, (LinkOption[])null); // Neutral Sink - Files.getPosixFilePermissions(null, (LinkOption[])null); // Neutral Sink - Files.isDirectory(null, (LinkOption[])null); // Neutral Sink - Files.isExecutable(null); // Neutral Sink - Files.isHidden(null); // Neutral Sink - Files.isReadable(null); // Neutral Sink - Files.isRegularFile(null, (LinkOption[])null); // Neutral Sink - Files.isSameFile(null, null); // Neutral Sink - Files.isSymbolicLink(null); // Neutral Sink - Files.isWritable(null); // Neutral Sink - Files.notExists(null, (LinkOption[])null); // Neutral Sink - Files.setLastModifiedTime(null, null); // Neutral Sink - Files.size(null); // Neutral Sink + Files.exists(null, (LinkOption[])null); // $ isNeutralSink + Files.getLastModifiedTime(null, (LinkOption[])null); // $ isNeutralSink + Files.getOwner(null, (LinkOption[])null); // $ isNeutralSink + Files.getPosixFilePermissions(null, (LinkOption[])null); // $ isNeutralSink + Files.isDirectory(null, (LinkOption[])null); // $ isNeutralSink + Files.isExecutable(null); // $ isNeutralSink + Files.isHidden(null); // $ isNeutralSink + Files.isReadable(null); // $ isNeutralSink + Files.isRegularFile(null, (LinkOption[])null); // $ isNeutralSink + Files.isSameFile(null, null); // $ isNeutralSink + Files.isSymbolicLink(null); // $ isNeutralSink + Files.isWritable(null); // $ isNeutralSink + Files.notExists(null, (LinkOption[])null); // $ isNeutralSink + Files.setLastModifiedTime(null, null); // $ isNeutralSink + Files.size(null); // $ isNeutralSink // java.nio.file.spi FileSystemProvider fsp = null; - fsp.isHidden(null); // Neutral Sink - fsp.isSameFile(null, null); // Neutral Sink + fsp.isHidden(null); // $ isNeutralSink + fsp.isSameFile(null, null); // $ isNeutralSink // java.text Collator c = null; - c.compare(null, null); // Neutral Sink - c.equals(null); // Neutral Sink - c.equals(null, null); // Neutral Sink + c.compare(null, null); // $ isNeutralSink + c.equals(null); // $ isNeutralSink + c.equals(null, null); // $ isNeutralSink RuleBasedCollator rbc = null; - rbc.compare(null, null); // Neutral Sink + rbc.compare(null, null); // $ isNeutralSink // java.util.prefs AbstractPreferences ap = null; - ap.nodeExists(null); // Neutral Sink + ap.nodeExists(null); // $ isNeutralSink Preferences p = null; - p.nodeExists(null); // Neutral Sink + p.nodeExists(null); // $ isNeutralSink // org.apache.hc.client5.http.protocol RedirectLocations rl = null; - rl.contains(null); // Neutral Sink + rl.contains(null); // $ isNeutralSink } } From 13ce6a6d8e9ef6a7285e9e47825100ae29187560 Mon Sep 17 00:00:00 2001 From: Maiky <76447395+maikypedia@users.noreply.github.com> Date: Thu, 1 Jun 2023 00:53:01 +0200 Subject: [PATCH 775/870] Update Frameworks.qll --- ruby/ql/lib/codeql/ruby/Frameworks.qll | 1 + 1 file changed, 1 insertion(+) diff --git a/ruby/ql/lib/codeql/ruby/Frameworks.qll b/ruby/ql/lib/codeql/ruby/Frameworks.qll index d7b76c090b2..ffa6e8219a4 100644 --- a/ruby/ql/lib/codeql/ruby/Frameworks.qll +++ b/ruby/ql/lib/codeql/ruby/Frameworks.qll @@ -32,4 +32,5 @@ private import codeql.ruby.frameworks.Slim private import codeql.ruby.frameworks.Sinatra private import codeql.ruby.frameworks.Twirp private import codeql.ruby.frameworks.Sqlite3 +private import codeql.ruby.frameworks.Pg private import codeql.ruby.frameworks.Sequel From 3ef08d5baf25d1cfdef5c3f159b31aa360f8fb36 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 1 Jun 2023 00:20:17 +0000 Subject: [PATCH 776/870] Add changed framework coverage reports --- java/documentation/library-coverage/coverage.csv | 6 ++++-- java/documentation/library-coverage/coverage.rst | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/java/documentation/library-coverage/coverage.csv b/java/documentation/library-coverage/coverage.csv index 48f5dd8ae41..0bd4f53a9a7 100644 --- a/java/documentation/library-coverage/coverage.csv +++ b/java/documentation/library-coverage/coverage.csv @@ -21,6 +21,7 @@ com.google.common.cache,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17 com.google.common.collect,,,553,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,551 com.google.common.flogger,29,,,,,,,,,,,,,,29,,,,,,,,,,,,,,,,,,,,,,,,,, com.google.common.io,8,,73,,2,,,,,,,,,,,,,,,5,,,,,,,,,,,,1,,,,,,,,72,1 +com.google.gson,,,39,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,25,14 com.hubspot.jinjava,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,, com.mitchellbosecke.pebble,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,, com.opensymphony.xwork2.ognl,3,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,, @@ -77,7 +78,7 @@ jodd.json,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10 kotlin,16,,1843,,11,,,,,,,,,,,,,2,,3,,,,,,,,,,,,,,,,,,,,1836,7 net.sf.saxon.s9api,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,,,, ognl,6,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,, -okhttp3,2,,47,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,22,25 +okhttp3,4,,47,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,22,25 org.apache.commons.codec,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6, org.apache.commons.collections,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783 org.apache.commons.collections4,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783 @@ -152,7 +153,8 @@ org.springframework.web.util,,,165,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,140,25 org.thymeleaf,2,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,2, org.xml.sax,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, org.xmlpull.v1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,, -play.mvc,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,, +play.libs.ws,2,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,, +play.mvc,,13,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,24, ratpack.core.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3, ratpack.core.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4, ratpack.core.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10, diff --git a/java/documentation/library-coverage/coverage.rst b/java/documentation/library-coverage/coverage.rst index d89fce45524..b87eeb390fe 100644 --- a/java/documentation/library-coverage/coverage.rst +++ b/java/documentation/library-coverage/coverage.rst @@ -22,6 +22,6 @@ Java framework & library support Java extensions,"``javax.*``, ``jakarta.*``",63,611,34,1,4,,1,1,2 Kotlin Standard Library,``kotlin*``,,1843,16,11,,,,,2 `Spring <https://spring.io/>`_,``org.springframework.*``,29,483,113,2,,28,14,,29 - Others,"``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.hubspot.jinjava``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.thoughtworks.xstream``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jodd.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.geogebra.web.full.main``, ``org.hibernate``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",89,827,516,26,,18,18,,181 - Totals,,246,9119,1969,175,10,122,33,1,361 + Others,"``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.google.gson``, ``com.hubspot.jinjava``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.thoughtworks.xstream``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jodd.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.geogebra.web.full.main``, ``org.hibernate``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",98,890,520,26,,18,18,,185 + Totals,,255,9182,1973,175,10,122,33,1,365 From 9aeb2384f35db392daa1fe22d4dde8ec1bd2bb4c Mon Sep 17 00:00:00 2001 From: Michael Nebel <michaelnebel@github.com> Date: Thu, 1 Jun 2023 10:20:54 +0200 Subject: [PATCH 777/870] C#: Improve LINQ expression based on review comments. --- .../Entities/Expressions/ImplicitCast.cs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ImplicitCast.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ImplicitCast.cs index 20daedc0ae8..ebd7379ee67 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ImplicitCast.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ImplicitCast.cs @@ -42,13 +42,12 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions private static IMethodSymbol? GetImplicitConversionMethod(ITypeSymbol type, object value) => type .GetMembers() - .Where(m => - m is IMethodSymbol method && + .OfType<IMethodSymbol>() + .Where(method => method.GetName() == "op_Implicit" && method.Parameters.Length == 1 && method.Parameters[0].Type.Name == value.GetType().Name ) - .Cast<IMethodSymbol>() .FirstOrDefault(); // Creates a new generated expression with an implicit cast added, if needed. From 7579f182ad310d97c68c49f3cdceaace5724637c Mon Sep 17 00:00:00 2001 From: Maiky <76447395+maikypedia@users.noreply.github.com> Date: Thu, 1 Jun 2023 11:00:35 +0200 Subject: [PATCH 778/870] Add requested changes --- ruby/ql/lib/codeql/ruby/frameworks/Mysql2.qll | 22 +++++++++++++++++ .../ql/lib/codeql/ruby/frameworks/Sqlite3.qll | 24 ++++++++++++++++++- .../security/SqlInjectionCustomizations.qll | 21 +++------------- 3 files changed, 48 insertions(+), 19 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Mysql2.qll b/ruby/ql/lib/codeql/ruby/frameworks/Mysql2.qll index c1c74813b75..1b7c1cde61e 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/Mysql2.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/Mysql2.qll @@ -48,4 +48,26 @@ module Mysql2 { override DataFlow::Node getSql() { result = query } } + + /** + * A call to `Mysql2::Client.escape`, considered as a sanitizer for SQL statements. + */ + private class Mysql2EscapeSanitization extends SqlSanitization::Range { + Mysql2EscapeSanitization() { + this = API::getTopLevelMember("Mysql2").getMember("Client").getAMethodCall("escape") + } + } + + /** + * Flow summary for `Mysql2::Client.escape()`. + */ + private class EscapeSummary extends SummarizedCallable { + EscapeSummary() { this = "Mysql2::Client.escape()" } + + override MethodCall getACall() { result = any(Mysql2EscapeSanitization c).asExpr().getExpr() } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "Argument[0]" and output = "ReturnValue" and preservesValue = false + } + } } diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Sqlite3.qll b/ruby/ql/lib/codeql/ruby/frameworks/Sqlite3.qll index e051a847993..8a07e211a21 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/Sqlite3.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/Sqlite3.qll @@ -77,4 +77,26 @@ module Sqlite3 { override DataFlow::Node getSql() { result = this.getArgument(0) } } -} + + /** + * A call to `SQLite3::Database.quote`, considered as a sanitizer for SQL statements. + */ + private class SQLite3QuoteSanitization extends SqlSanitization { + SQLite3QuoteSanitization() { + this = API::getTopLevelMember("SQLite3").getMember("Database").getAMethodCall("quote") + } + } + + /** + * Flow summary for `SQLite3::Database.quote()`. + */ + private class QuoteSummary extends SummarizedCallable { + QuoteSummary() { this = "SQLite3::Database.quote()" } + + override MethodCall getACall() { result = any(SQLite3QuoteSanitization c).asExpr().getExpr() } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + input = "Argument[0]" and output = "ReturnValue" and preservesValue = false + } + } +} \ No newline at end of file diff --git a/ruby/ql/lib/codeql/ruby/security/SqlInjectionCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/SqlInjectionCustomizations.qll index e1e1b630d9d..48358fe1d6b 100644 --- a/ruby/ql/lib/codeql/ruby/security/SqlInjectionCustomizations.qll +++ b/ruby/ql/lib/codeql/ruby/security/SqlInjectionCustomizations.qll @@ -52,23 +52,8 @@ module SqlInjection { * sanitizer-guard. */ class StringConstArrayInclusionCallAsSanitizer extends Sanitizer, - StringConstArrayInclusionCallBarrier { } + StringConstArrayInclusionCallBarrier + { } - /** - * A call to `Mysql2::Client.escape`, considered as a sanitizer. - */ - private class Mysql2EscapeSanitization extends Sanitizer { - Mysql2EscapeSanitization() { - this = API::getTopLevelMember("Mysql2").getMember("Client").getAMethodCall("escape") - } - } - - /** - * A call to `SQLite3::Database.quote`, considered as a sanitizer. - */ - private class SQLite3EscapeSanitization extends Sanitizer { - SQLite3EscapeSanitization() { - this = API::getTopLevelMember("SQLite3").getMember("Database").getAMethodCall("quote") - } - } + private class SqlSanitizationAsSanitizer extends Sanitizer, SqlSanitization { } } From edfdddb24af488d4e9199c6948aaad3e3ce0a79c Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 1 Jun 2023 11:47:05 +0100 Subject: [PATCH 779/870] Swift: Tweak and update the qldoc string. --- swift/ql/.generated.list | 4 ++-- swift/ql/lib/codeql/swift/generated/Callable.qll | 2 +- swift/ql/lib/codeql/swift/generated/Raw.qll | 2 +- swift/schema.py | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/swift/ql/.generated.list b/swift/ql/.generated.list index 6394bc951c9..3fac0083642 100644 --- a/swift/ql/.generated.list +++ b/swift/ql/.generated.list @@ -368,7 +368,7 @@ lib/codeql/swift/elements.qll 3df0060edd2b2030f4e4d7d5518afe0073d798474d9b1d6185 lib/codeql/swift/generated/AstNode.qll 02ca56d82801f942ae6265c6079d92ccafdf6b532f6bcebd98a04029ddf696e4 6216fda240e45bd4302fa0cf0f08f5f945418b144659264cdda84622b0420aa2 lib/codeql/swift/generated/AvailabilityInfo.qll 1e38e7f52ccbcecd4dd088eae15c482d87911682dabb426332cc0e207fc6bf2f 7c6640530cdbece90d4172e8d6cfd119656860da08bb61ed4ef3a6757723994f lib/codeql/swift/generated/AvailabilitySpec.qll fb1255f91bb5e41ad4e9c675a2efbc50d0fb366ea2de68ab7eebd177b0795309 144e0c2e7d6c62ecee43325f7f26dcf437881edf0b75cc1bc898c6c4b61fdeaf -lib/codeql/swift/generated/Callable.qll c1f214f5ea4da567d3cf2ac4915630ae1e19c939d2aa64cdd5ab06e76de059dc c43fd17a89d016a31584de10e4d4988f3ea10dc26d6b59b3151bb3196e9f0689 +lib/codeql/swift/generated/Callable.qll 5b6d79a4db8d98ea2255f0773d3512ad195e87fe47bab669d6e24668417ab96d 579506e89ad2385739384ab3fecfb1da699d862ee3a9e9a7225b095b0ec279ff lib/codeql/swift/generated/Comment.qll f58b49f6e68c21f87c51e2ff84c8a64b09286d733e86f70d67d3a98fe6260bd6 975bbb599a2a7adc35179f6ae06d9cbc56ea8a03b972ef2ee87604834bc6deb1 lib/codeql/swift/generated/DbFile.qll a49b2a2cb2788cb49c861ebcd458b8daead7b15adb19c3a9f4db3bf39a0051fc a49b2a2cb2788cb49c861ebcd458b8daead7b15adb19c3a9f4db3bf39a0051fc lib/codeql/swift/generated/DbLocation.qll b9baea963d9fa82068986512c0649d1050897654eee3df51dba17cf6b1170873 b9baea963d9fa82068986512c0649d1050897654eee3df51dba17cf6b1170873 @@ -383,7 +383,7 @@ lib/codeql/swift/generated/OtherAvailabilitySpec.qll 0e26a203b26ff0581b7396b0c6d lib/codeql/swift/generated/ParentChild.qll 5c5ff9812efbed0adf465d1c8b9108c893c77ff946f6feaaec7223ad38664079 94038dcd8a5e98b959ce9f09b7b54b745b0df49b91339b9396017a209abe8bb7 lib/codeql/swift/generated/PlatformVersionAvailabilitySpec.qll f82d9ca416fe8bd59b5531b65b1c74c9f317b3297a6101544a11339a1cffce38 7f5c6d3309e66c134107afe55bae76dfc9a72cb7cdd6d4c3706b6b34cee09fa0 lib/codeql/swift/generated/PureSynthConstructors.qll 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 -lib/codeql/swift/generated/Raw.qll 87402f6b1a0173503a545b57b06c0e320459410834c9adc7a25b2ae53874075e 49e27ddf824decdf21c0531b1ebb3fa007a869ec63bde9f60d08a68fae12acc6 +lib/codeql/swift/generated/Raw.qll 991f95f30bde82ba43237bd9c1a68d3f450038ef828edb89219fbf583dd1956a e3e6c41caac09d532453c28167622fae7057d846f35750873eacd48cd128b957 lib/codeql/swift/generated/Synth.qll 551fdf7e4b53f9ee1314d1bb42c2638cf82f45bfa1f40a635dfa7b6072e4418c 9ab178464700a19951fc5285acacda4913addee81515d8e072b3d7055935a814 lib/codeql/swift/generated/SynthConstructors.qll 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 lib/codeql/swift/generated/UnknownFile.qll 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 diff --git a/swift/ql/lib/codeql/swift/generated/Callable.qll b/swift/ql/lib/codeql/swift/generated/Callable.qll index 924614643f6..09105447736 100644 --- a/swift/ql/lib/codeql/swift/generated/Callable.qll +++ b/swift/ql/lib/codeql/swift/generated/Callable.qll @@ -11,7 +11,7 @@ module Generated { /** * Gets the name of this callable, if it exists. * - * The name includes any arguments of the callable, for example `myFunction(arg:)`. + * The name includes argument labels of the callable, for example `myFunction(arg:)`. */ string getName() { result = Synth::convertCallableToRaw(this).(Raw::Callable).getName() } diff --git a/swift/ql/lib/codeql/swift/generated/Raw.qll b/swift/ql/lib/codeql/swift/generated/Raw.qll index dc27ea87ef3..38e84cd3093 100644 --- a/swift/ql/lib/codeql/swift/generated/Raw.qll +++ b/swift/ql/lib/codeql/swift/generated/Raw.qll @@ -22,7 +22,7 @@ module Raw { /** * Gets the name of this callable, if it exists. * - * The name includes any arguments of the callable, for example `myFunction(arg:)`. + * The name includes argument labels of the callable, for example `myFunction(arg:)`. */ string getName() { callable_names(this, result) } diff --git a/swift/schema.py b/swift/schema.py index a752562f960..3af02367d8a 100644 --- a/swift/schema.py +++ b/swift/schema.py @@ -235,8 +235,8 @@ class ParamDecl(VarDecl): """) class Callable(Element): - name: optional[string] | doc("name of this callable") | desc("The name includes any arguments " - "of the callable, for example `myFunction(arg:)`.") + name: optional[string] | doc("name of this callable") | desc("The name includes argument " + "labels of the callable, for example `myFunction(arg:)`.") self_param: optional[ParamDecl] | child params: list[ParamDecl] | child body: optional["BraceStmt"] | child | desc("The body is absent within protocol declarations.") From baef99995d2b7990938fa367220416e1d62102ff Mon Sep 17 00:00:00 2001 From: Asger F <asgerf@github.com> Date: Thu, 1 Jun 2023 14:08:34 +0200 Subject: [PATCH 780/870] JS: Change note --- .../2023-06-01-restrict-regex-search-function.md | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 javascript/ql/src/change-notes/2023-06-01-restrict-regex-search-function.md diff --git a/javascript/ql/src/change-notes/2023-06-01-restrict-regex-search-function.md b/javascript/ql/src/change-notes/2023-06-01-restrict-regex-search-function.md new file mode 100644 index 00000000000..a43aebff717 --- /dev/null +++ b/javascript/ql/src/change-notes/2023-06-01-restrict-regex-search-function.md @@ -0,0 +1,6 @@ +--- +category: minorAnalysis +--- +* Fixed an issue where calls to a method named `search` would lead to false positive alerts related to regular expressions. + This happened when the call was incorrectly seen as a call to `String.prototype.search`, since this function converts its first argument + to a regular expression. The analysis is now more restrictive about when to treat `search` calls as regular expression sinks. From 58845eca7ca785026f4e4fffd01e213806920c8d Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Thu, 1 Jun 2023 08:10:44 -0400 Subject: [PATCH 781/870] Java: update recently added 'open-url' sinks to 'request-forgery' --- java/ql/lib/ext/play.libs.ws.model.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/java/ql/lib/ext/play.libs.ws.model.yml b/java/ql/lib/ext/play.libs.ws.model.yml index ab905bc463a..3547414a7ad 100644 --- a/java/ql/lib/ext/play.libs.ws.model.yml +++ b/java/ql/lib/ext/play.libs.ws.model.yml @@ -3,5 +3,5 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["play.libs.ws", "WSClient", True, "url", "", "", "Argument[0]", "open-url", "manual"] - - ["play.libs.ws", "StandaloneWSClient", True, "url", "", "", "Argument[0]", "open-url", "manual"] + - ["play.libs.ws", "WSClient", True, "url", "", "", "Argument[0]", "request-forgery", "manual"] + - ["play.libs.ws", "StandaloneWSClient", True, "url", "", "", "Argument[0]", "request-forgery", "manual"] From 7d943c7621e18abc88dcef65da64af6f5266c4c2 Mon Sep 17 00:00:00 2001 From: Alex Ford <alexrford@github.com> Date: Thu, 1 Jun 2023 13:50:32 +0100 Subject: [PATCH 782/870] Ruby: update test output --- .../dataflow/local/TaintStep.expected | 1 + .../frameworks/sequel/Sequel.expected | 42 +++++++++---------- 2 files changed, 22 insertions(+), 21 deletions(-) diff --git a/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected b/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected index 76aeb7fc310..2bfe1e9a9ab 100644 --- a/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected +++ b/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected @@ -2815,6 +2815,7 @@ | file://:0:0:0:0 | parameter position 0 of File.realpath | file://:0:0:0:0 | [summary] to write: return (return) in File.realpath | | file://:0:0:0:0 | parameter position 0 of Hash[] | file://:0:0:0:0 | [summary] read: argument position 0.any element in Hash[] | | file://:0:0:0:0 | parameter position 0 of PG.new() | file://:0:0:0:0 | [summary] to write: return (return) in PG.new() | +| file://:0:0:0:0 | parameter position 0 of Sequel.connect | file://:0:0:0:0 | [summary] to write: return (return) in Sequel.connect | | file://:0:0:0:0 | parameter position 0 of String.try_convert | file://:0:0:0:0 | [summary] to write: return (return) in String.try_convert | | file://:0:0:0:0 | parameter position 0 of \| | file://:0:0:0:0 | [summary] read: argument position 0.any element in \| | | file://:0:0:0:0 | parameter position 1.. of File.join | file://:0:0:0:0 | [summary] to write: return (return) in File.join | diff --git a/ruby/ql/test/library-tests/frameworks/sequel/Sequel.expected b/ruby/ql/test/library-tests/frameworks/sequel/Sequel.expected index b44d06e6c19..dca651d9412 100644 --- a/ruby/ql/test/library-tests/frameworks/sequel/Sequel.expected +++ b/ruby/ql/test/library-tests/frameworks/sequel/Sequel.expected @@ -1,23 +1,23 @@ sequelSqlConstruction -| sequel.rb:63:29:63:49 | call to cast | sequel.rb:63:45:63:48 | name | -| sequel.rb:66:29:66:49 | call to function | sequel.rb:66:45:66:48 | name | +| sequel.rb:62:29:62:49 | call to cast | sequel.rb:62:45:62:48 | name | +| sequel.rb:65:29:65:49 | call to function | sequel.rb:65:45:65:48 | name | sequelSqlExecution -| sequel.rb:10:9:10:60 | ...[...] | sequel.rb:10:14:10:59 | "SELECT * FROM users WHERE use..." | -| sequel.rb:13:9:13:64 | call to run | sequel.rb:13:18:13:63 | "SELECT * FROM users WHERE use..." | -| sequel.rb:16:9:18:11 | call to fetch | sequel.rb:16:20:16:65 | "SELECT * FROM users WHERE use..." | -| sequel.rb:21:9:21:65 | ...[...] | sequel.rb:21:14:21:64 | "SELECT * FROM users WHERE use..." | -| sequel.rb:24:9:24:65 | call to execute | sequel.rb:24:22:24:65 | "SELECT * FROM users WHERE use..." | -| sequel.rb:27:9:27:71 | call to execute_ddl | sequel.rb:27:26:27:71 | "SELECT * FROM users WHERE use..." | -| sequel.rb:30:9:30:71 | call to execute_dui | sequel.rb:30:26:30:71 | "SELECT * FROM users WHERE use..." | -| sequel.rb:33:9:33:74 | call to execute_insert | sequel.rb:33:29:33:74 | "SELECT * FROM users WHERE use..." | -| sequel.rb:36:9:36:62 | ... << ... | sequel.rb:36:17:36:62 | "SELECT * FROM users WHERE use..." | -| sequel.rb:39:9:39:79 | call to fetch_rows | sequel.rb:39:25:39:70 | "SELECT * FROM users WHERE use..." | -| sequel.rb:42:9:42:81 | call to with_sql_all | sequel.rb:42:35:42:80 | "SELECT * FROM users WHERE use..." | -| sequel.rb:45:9:45:84 | call to with_sql_delete | sequel.rb:45:38:45:83 | "SELECT * FROM users WHERE use..." | -| sequel.rb:48:9:48:90 | call to with_sql_each | sequel.rb:48:36:48:81 | "SELECT * FROM users WHERE use..." | -| sequel.rb:51:9:51:83 | call to with_sql_first | sequel.rb:51:37:51:82 | "SELECT * FROM users WHERE use..." | -| sequel.rb:54:9:54:84 | call to with_sql_insert | sequel.rb:54:38:54:83 | "SELECT * FROM users WHERE use..." | -| sequel.rb:57:9:57:90 | call to with_sql_single_value | sequel.rb:57:44:57:89 | "SELECT * FROM users WHERE use..." | -| sequel.rb:60:9:60:84 | call to with_sql_update | sequel.rb:60:38:60:83 | "SELECT * FROM users WHERE use..." | -| sequel.rb:63:9:63:20 | ...[...] | sequel.rb:63:14:63:19 | :table | -| sequel.rb:66:9:66:20 | ...[...] | sequel.rb:66:14:66:19 | :table | +| sequel.rb:9:9:9:60 | ...[...] | sequel.rb:9:14:9:59 | "SELECT * FROM users WHERE use..." | +| sequel.rb:12:9:12:64 | call to run | sequel.rb:12:18:12:63 | "SELECT * FROM users WHERE use..." | +| sequel.rb:15:9:17:11 | call to fetch | sequel.rb:15:20:15:65 | "SELECT * FROM users WHERE use..." | +| sequel.rb:20:9:20:65 | ...[...] | sequel.rb:20:14:20:64 | "SELECT * FROM users WHERE use..." | +| sequel.rb:23:9:23:65 | call to execute | sequel.rb:23:22:23:65 | "SELECT * FROM users WHERE use..." | +| sequel.rb:26:9:26:71 | call to execute_ddl | sequel.rb:26:26:26:71 | "SELECT * FROM users WHERE use..." | +| sequel.rb:29:9:29:71 | call to execute_dui | sequel.rb:29:26:29:71 | "SELECT * FROM users WHERE use..." | +| sequel.rb:32:9:32:74 | call to execute_insert | sequel.rb:32:29:32:74 | "SELECT * FROM users WHERE use..." | +| sequel.rb:35:9:35:62 | ... << ... | sequel.rb:35:17:35:62 | "SELECT * FROM users WHERE use..." | +| sequel.rb:38:9:38:79 | call to fetch_rows | sequel.rb:38:25:38:70 | "SELECT * FROM users WHERE use..." | +| sequel.rb:41:9:41:81 | call to with_sql_all | sequel.rb:41:35:41:80 | "SELECT * FROM users WHERE use..." | +| sequel.rb:44:9:44:84 | call to with_sql_delete | sequel.rb:44:38:44:83 | "SELECT * FROM users WHERE use..." | +| sequel.rb:47:9:47:90 | call to with_sql_each | sequel.rb:47:36:47:81 | "SELECT * FROM users WHERE use..." | +| sequel.rb:50:9:50:83 | call to with_sql_first | sequel.rb:50:37:50:82 | "SELECT * FROM users WHERE use..." | +| sequel.rb:53:9:53:84 | call to with_sql_insert | sequel.rb:53:38:53:83 | "SELECT * FROM users WHERE use..." | +| sequel.rb:56:9:56:90 | call to with_sql_single_value | sequel.rb:56:44:56:89 | "SELECT * FROM users WHERE use..." | +| sequel.rb:59:9:59:84 | call to with_sql_update | sequel.rb:59:38:59:83 | "SELECT * FROM users WHERE use..." | +| sequel.rb:62:9:62:20 | ...[...] | sequel.rb:62:14:62:19 | :table | +| sequel.rb:65:9:65:20 | ...[...] | sequel.rb:65:14:65:19 | :table | From 9aeba4f31edcaaa88263f4b8039452581d944ff4 Mon Sep 17 00:00:00 2001 From: erik-krogh <erik-krogh@github.com> Date: Thu, 1 Jun 2023 17:24:44 +0200 Subject: [PATCH 783/870] changes based on review --- javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp | 2 +- javascript/ql/src/Security/CWE-089/examples/SqlInjectionFix.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp b/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp index cdda5100ba3..9ee5158bf99 100644 --- a/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp +++ b/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp @@ -40,7 +40,7 @@ an HTTP request handler in a web application, whose parameter <p> The handler constructs constructs an SQL query string from user input and executes it as a database query using the <code>pg</code> library. -THe user input may contain quote characters, so this code is vulnerable +The user input may contain quote characters, so this code is vulnerable to a SQL injection attack. </p> diff --git a/javascript/ql/src/Security/CWE-089/examples/SqlInjectionFix.js b/javascript/ql/src/Security/CWE-089/examples/SqlInjectionFix.js index 4391b83e391..dbe5c4e369a 100644 --- a/javascript/ql/src/Security/CWE-089/examples/SqlInjectionFix.js +++ b/javascript/ql/src/Security/CWE-089/examples/SqlInjectionFix.js @@ -5,7 +5,7 @@ const app = require("express")(), app.get("search", function handler(req, res) { // GOOD: use parameters var query2 = - "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1" + " ORDER BY PRICE"; + "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=$1 ORDER BY PRICE"; pool.query(query2, [req.params.category], function(err, results) { // process results }); From 606d601923897f423b6fe7bd5c1590935c649d58 Mon Sep 17 00:00:00 2001 From: Alex Ford <alexrford@github.com> Date: Thu, 1 Jun 2023 16:26:05 +0100 Subject: [PATCH 784/870] qlformat --- ruby/ql/lib/codeql/ruby/Concepts.qll | 22 +++++++++---------- .../ql/lib/codeql/ruby/frameworks/Sqlite3.qll | 2 +- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/Concepts.qll b/ruby/ql/lib/codeql/ruby/Concepts.qll index 0a403734512..d74947482f8 100644 --- a/ruby/ql/lib/codeql/ruby/Concepts.qll +++ b/ruby/ql/lib/codeql/ruby/Concepts.qll @@ -78,18 +78,18 @@ module SqlExecution { } } - /** - * A data-flow node that performs SQL sanitization. - */ - class SqlSanitization extends DataFlow::Node instanceof SqlSanitization::Range { } +/** + * A data-flow node that performs SQL sanitization. + */ +class SqlSanitization extends DataFlow::Node instanceof SqlSanitization::Range { } - /** Provides a class for modeling new SQL sanitization APIs. */ - module SqlSanitization { - /** - * A data-flow node that performs SQL sanitization. - */ - abstract class Range extends DataFlow::Node { } - } +/** Provides a class for modeling new SQL sanitization APIs. */ +module SqlSanitization { + /** + * A data-flow node that performs SQL sanitization. + */ + abstract class Range extends DataFlow::Node { } +} /** * A data-flow node that executes a regular expression. diff --git a/ruby/ql/lib/codeql/ruby/frameworks/Sqlite3.qll b/ruby/ql/lib/codeql/ruby/frameworks/Sqlite3.qll index 8a07e211a21..70744d6fcc8 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/Sqlite3.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/Sqlite3.qll @@ -99,4 +99,4 @@ module Sqlite3 { input = "Argument[0]" and output = "ReturnValue" and preservesValue = false } } -} \ No newline at end of file +} From 6fa9e13a2e76a15fbed57180fe49c9cd8f3fe1c4 Mon Sep 17 00:00:00 2001 From: Alex Ford <alexrford@github.com> Date: Thu, 1 Jun 2023 16:27:20 +0100 Subject: [PATCH 785/870] Ruby: update TaintStep output --- ruby/ql/test/library-tests/dataflow/local/TaintStep.expected | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected b/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected index 2bfe1e9a9ab..e75c17e818e 100644 --- a/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected +++ b/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected @@ -2814,7 +2814,10 @@ | file://:0:0:0:0 | parameter position 0 of File.realdirpath | file://:0:0:0:0 | [summary] to write: return (return) in File.realdirpath | | file://:0:0:0:0 | parameter position 0 of File.realpath | file://:0:0:0:0 | [summary] to write: return (return) in File.realpath | | file://:0:0:0:0 | parameter position 0 of Hash[] | file://:0:0:0:0 | [summary] read: argument position 0.any element in Hash[] | +| file://:0:0:0:0 | parameter position 0 of Mysql2::Client.escape() | file://:0:0:0:0 | [summary] to write: return (return) in Mysql2::Client.escape() | +| file://:0:0:0:0 | parameter position 0 of Mysql2::Client.new() | file://:0:0:0:0 | [summary] to write: return (return) in Mysql2::Client.new() | | file://:0:0:0:0 | parameter position 0 of PG.new() | file://:0:0:0:0 | [summary] to write: return (return) in PG.new() | +| file://:0:0:0:0 | parameter position 0 of SQLite3::Database.quote() | file://:0:0:0:0 | [summary] to write: return (return) in SQLite3::Database.quote() | | file://:0:0:0:0 | parameter position 0 of Sequel.connect | file://:0:0:0:0 | [summary] to write: return (return) in Sequel.connect | | file://:0:0:0:0 | parameter position 0 of String.try_convert | file://:0:0:0:0 | [summary] to write: return (return) in String.try_convert | | file://:0:0:0:0 | parameter position 0 of \| | file://:0:0:0:0 | [summary] read: argument position 0.any element in \| | From 7290e2bfd9cb2e469ef152864588530801ff1192 Mon Sep 17 00:00:00 2001 From: Nick Rolfe <nickrolfe@github.com> Date: Thu, 1 Jun 2023 17:06:34 +0100 Subject: [PATCH 786/870] Java: avoid call to Location.toString() --- .../Implementation Hiding/ExposeRepresentation.ql | 2 +- .../ExposeRepresentation.expected | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql b/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql index 9f24744fa0c..2889de0b5cf 100644 --- a/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql +++ b/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql @@ -128,4 +128,4 @@ where not exists(Property p | p.getBackingField() = f) select c, c.getName() + " exposes the internal representation stored in field " + f.getName() + - ". The value may be modified $@.", why.getLocation(), whyText + ". The value may be modified $@.", why, whyText diff --git a/java/ql/test/query-tests/ExposeRepresentation/ExposeRepresentation.expected b/java/ql/test/query-tests/ExposeRepresentation/ExposeRepresentation.expected index 0056c25bb53..3162056ab42 100644 --- a/java/ql/test/query-tests/ExposeRepresentation/ExposeRepresentation.expected +++ b/java/ql/test/query-tests/ExposeRepresentation/ExposeRepresentation.expected @@ -1,7 +1,7 @@ -| ExposesRep.java:11:19:11:28 | getStrings | getStrings exposes the internal representation stored in field strings. The value may be modified $@. | User.java:5:5:5:19 | User.java:5:5:5:19 | after this call to getStrings | -| ExposesRep.java:11:19:11:28 | getStrings | getStrings exposes the internal representation stored in field strings. The value may be modified $@. | User.java:13:12:13:26 | User.java:13:12:13:26 | after this call to getStrings | -| ExposesRep.java:11:19:11:28 | getStrings | getStrings exposes the internal representation stored in field strings. The value may be modified $@. | User.java:38:12:38:26 | User.java:38:12:38:26 | after this call to getStrings | -| ExposesRep.java:13:30:13:41 | getStringMap | getStringMap exposes the internal representation stored in field stringMap. The value may be modified $@. | User.java:9:5:9:21 | User.java:9:5:9:21 | after this call to getStringMap | -| ExposesRep.java:17:15:17:24 | setStrings | setStrings exposes the internal representation stored in field strings. The value may be modified $@. | User.java:22:5:22:6 | User.java:22:5:22:6 | through the variable ss | -| ExposesRep.java:21:15:21:26 | setStringMap | setStringMap exposes the internal representation stored in field stringMap. The value may be modified $@. | User.java:27:5:27:5 | User.java:27:5:27:5 | through the variable m | -| ExposesRep.java:29:14:29:21 | getArray | getArray exposes the internal representation stored in field array. The value may be modified $@. | User.java:31:5:31:18 | User.java:31:5:31:18 | after this call to getArray | +| ExposesRep.java:11:19:11:28 | getStrings | getStrings exposes the internal representation stored in field strings. The value may be modified $@. | User.java:5:5:5:19 | getStrings(...) | after this call to getStrings | +| ExposesRep.java:11:19:11:28 | getStrings | getStrings exposes the internal representation stored in field strings. The value may be modified $@. | User.java:13:12:13:26 | getStrings(...) | after this call to getStrings | +| ExposesRep.java:11:19:11:28 | getStrings | getStrings exposes the internal representation stored in field strings. The value may be modified $@. | User.java:38:12:38:26 | getStrings(...) | after this call to getStrings | +| ExposesRep.java:13:30:13:41 | getStringMap | getStringMap exposes the internal representation stored in field stringMap. The value may be modified $@. | User.java:9:5:9:21 | getStringMap(...) | after this call to getStringMap | +| ExposesRep.java:17:15:17:24 | setStrings | setStrings exposes the internal representation stored in field strings. The value may be modified $@. | User.java:22:5:22:6 | ss | through the variable ss | +| ExposesRep.java:21:15:21:26 | setStringMap | setStringMap exposes the internal representation stored in field stringMap. The value may be modified $@. | User.java:27:5:27:5 | m | through the variable m | +| ExposesRep.java:29:14:29:21 | getArray | getArray exposes the internal representation stored in field array. The value may be modified $@. | User.java:31:5:31:18 | getArray(...) | after this call to getArray | From 6722892828f03977688a0f157854dfa6879d322c Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Fri, 12 May 2023 09:02:56 -0400 Subject: [PATCH 787/870] Java: switch 'android-widget' source kind to 'remote' --- java/ql/lib/ext/android.widget.model.yml | 2 +- java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll | 2 +- java/ql/lib/semmle/code/java/frameworks/android/Widget.qll | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/java/ql/lib/ext/android.widget.model.yml b/java/ql/lib/ext/android.widget.model.yml index ef4b015700a..aa6222c77d2 100644 --- a/java/ql/lib/ext/android.widget.model.yml +++ b/java/ql/lib/ext/android.widget.model.yml @@ -3,7 +3,7 @@ extensions: pack: codeql/java-all extensible: sourceModel data: - - ["android.widget", "EditText", True, "getText", "", "", "ReturnValue", "android-widget", "manual"] + - ["android.widget", "EditText", True, "getText", "", "", "ReturnValue", "remote", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index 4cb21496f5f..629b7140f19 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -286,7 +286,7 @@ module ModelValidation { ) or exists(string kind | sourceModel(_, _, _, _, _, _, _, kind, _) | - not kind = ["remote", "contentprovider", "android-widget", "android-external-storage-dir"] and + not kind = ["remote", "contentprovider", "android-external-storage-dir"] and not kind.matches("qltest%") and result = "Invalid kind \"" + kind + "\" in source model." ) diff --git a/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll b/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll index 81c34179c15..506f11a9112 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll @@ -5,7 +5,7 @@ private import semmle.code.java.dataflow.ExternalFlow private import semmle.code.java.dataflow.FlowSources private class DefaultAndroidWidgetSources extends RemoteFlowSource { - DefaultAndroidWidgetSources() { sourceNode(this, "android-widget") } + DefaultAndroidWidgetSources() { sourceNode(this, "remote") } override string getSourceType() { result = "Android widget source" } } From d035a29b4dcd99591463c1c5e54900069c05d302 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Fri, 12 May 2023 09:23:42 -0400 Subject: [PATCH 788/870] Java: update source kind documentation --- .../customizing-library-models-for-java.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst b/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst index baa93e8eb0a..262a608f391 100644 --- a/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst +++ b/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst @@ -315,7 +315,7 @@ The following source kinds are supported: Below is an enumeration of the remaining source kinds, but they are out of scope for this documentation: -- **contentprovider**, **android-widget**, **android-external-storage-dir**. +- **contentprovider**, **android-external-storage-dir**. sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From 119b446dbcf0114d570caa458f6d707d9654df4f Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Fri, 12 May 2023 09:29:37 -0400 Subject: [PATCH 789/870] Java: add change note --- .../2023-05-12-androidwidget-source-kind-to-remote.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 java/ql/lib/change-notes/2023-05-12-androidwidget-source-kind-to-remote.md diff --git a/java/ql/lib/change-notes/2023-05-12-androidwidget-source-kind-to-remote.md b/java/ql/lib/change-notes/2023-05-12-androidwidget-source-kind-to-remote.md new file mode 100644 index 00000000000..7a2714a6527 --- /dev/null +++ b/java/ql/lib/change-notes/2023-05-12-androidwidget-source-kind-to-remote.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Changed the `android-widget` Java source kind to `remote`. Any custom data extensions that use the `android-widget` source kind will need to be updated accordingly in order to continue working. From 5700a6eea4b9ffff98e929714e1f7ffafcf4cc5b Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Fri, 12 May 2023 09:48:50 -0400 Subject: [PATCH 790/870] Java: remove DefaultAndroidWidgetSources class --- java/ql/lib/semmle/code/java/frameworks/android/Widget.qll | 6 ------ 1 file changed, 6 deletions(-) diff --git a/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll b/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll index 506f11a9112..9cb39ed83a7 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll @@ -4,12 +4,6 @@ import java private import semmle.code.java.dataflow.ExternalFlow private import semmle.code.java.dataflow.FlowSources -private class DefaultAndroidWidgetSources extends RemoteFlowSource { - DefaultAndroidWidgetSources() { sourceNode(this, "remote") } - - override string getSourceType() { result = "Android widget source" } -} - private class EditableToStringStep extends AdditionalTaintStep { override predicate step(DataFlow::Node n1, DataFlow::Node n2) { exists(MethodAccess ma | From de15013715b39f2c4e9c05680601bc2d09c81f43 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Fri, 12 May 2023 09:49:58 -0400 Subject: [PATCH 791/870] Java: remove RemoteFlowSources module --- java/ql/lib/semmle/code/java/dataflow/FlowSources.qll | 7 ------- 1 file changed, 7 deletions(-) diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll index e10cd0db708..d26aa5d35f6 100644 --- a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll +++ b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll @@ -36,13 +36,6 @@ abstract class RemoteFlowSource extends DataFlow::Node { abstract string getSourceType(); } -/** - * A module for importing frameworks that define remote flow sources. - */ -private module RemoteFlowSources { - private import semmle.code.java.frameworks.android.Widget -} - private class ExternalRemoteFlowSource extends RemoteFlowSource { ExternalRemoteFlowSource() { sourceNode(this, "remote") } From 06c83ee14da3b7c764fa044e8b6dc7157247f9e3 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Fri, 19 May 2023 11:18:10 -0400 Subject: [PATCH 792/870] Java: add error message for deprecated sink kinds to 'getInvalidModelKind' --- .../code/java/dataflow/ExternalFlow.qll | 66 ++++++++++++++++++- 1 file changed, 64 insertions(+), 2 deletions(-) diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index 5776d64f402..f933a615c83 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -265,13 +265,72 @@ module ModelValidation { ) } + private class DeprecatedSinkKind extends string { + DeprecatedSinkKind() { + this = + [ + "sql", "url-redirect", "xpath", "ssti", "logging", "groovy", "jexl", "mvel", "xslt", + "ldap", "pending-intent-sent", "intent-start", "set-hostname-verifier", + "header-splitting", "xss", "write-file", "create-file", "read-file", "open-url", + "jdbc-url" + ] + } + + private string replacementKind() { + this = "sql" and result = "\"sql-injection\"" + or + this = "url-redirect" and result = "\"url-redirection\"" + or + this = "xpath" and result = "\"xpath-injection\"" + or + this = "ssti" and result = "\"template-injection\"" + or + this = "logging" and result = "\"log-injection\"" + or + this = "groovy" and result = "\"groovy-injection\"" + or + this = "jexl" and result = "\"jexl-injection\"" + or + this = "mvel" and result = "\"mvel-injection\"" + or + this = "xslt" and result = "\"xslt-injection\"" + or + this = "ldap" and result = "\"ldap-injection\"" + or + this = "pending-intent-sent" and result = "\"pending-intents\"" + or + this = "intent-start" and result = "\"intent-redirection\"" + or + this = "set-hostname-verifier" and result = "\"hostname-verification\"" + or + this = "header-splitting" and result = "\"response-splitting\"" + or + this = "xss" and result = "\"html-injection\" or \"js-injection\"" + or + this = "write-file" and result = "\"file-content-store\"" + or + this = "create-file" and result = "\"path-injection\"" + or + this = "read-file" and result = "\"path-injection\"" + or + this = "open-url" and result = "\"request-forgery\"" + or + this = "jdbc-url" and result = "\"request-forgery\"" + } + + string deprecationMessage() { + result = + "The kind \"" + this + "\" is deprecated. Use " + this.replacementKind() + " instead." + } + } + private string getInvalidModelKind() { exists(string kind | summaryModel(_, _, _, _, _, _, _, _, kind, _) | not kind = ["taint", "value"] and result = "Invalid kind \"" + kind + "\" in summary model." ) or - exists(string kind | sinkModel(_, _, _, _, _, _, _, kind, _) | + exists(string kind, string msg | sinkModel(_, _, _, _, _, _, _, kind, _) | not kind = [ "request-forgery", "jndi-injection", "ldap-injection", "sql-injection", "log-injection", @@ -283,7 +342,10 @@ module ModelValidation { ] and not kind.matches("regex-use%") and not kind.matches("qltest%") and - result = "Invalid kind \"" + kind + "\" in sink model." + msg = "Invalid kind \"" + kind + "\" in sink model." and + if kind instanceof DeprecatedSinkKind + then result = msg + " " + kind.(DeprecatedSinkKind).deprecationMessage() + else result = msg ) or exists(string kind | sourceModel(_, _, _, _, _, _, _, kind, _) | From b3d218a50322041d2c4eb275a66afe188e53c702 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Mon, 22 May 2023 10:15:34 -0400 Subject: [PATCH 793/870] Java: condense 'replacementKind' code --- .../code/java/dataflow/ExternalFlow.qll | 43 ++++++------------- 1 file changed, 14 insertions(+), 29 deletions(-) diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index f933a615c83..1b0ce54af38 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -277,50 +277,35 @@ module ModelValidation { } private string replacementKind() { - this = "sql" and result = "\"sql-injection\"" + this = ["sql", "xpath", "groovy", "jexl", "mvel", "xslt", "ldap"] and + result = this + "-injection" or - this = "url-redirect" and result = "\"url-redirection\"" + this = "url-redirect" and result = "url-redirection" or - this = "xpath" and result = "\"xpath-injection\"" + this = "ssti" and result = "template-injection" or - this = "ssti" and result = "\"template-injection\"" + this = "logging" and result = "log-injection" or - this = "logging" and result = "\"log-injection\"" + this = "pending-intent-sent" and result = "pending-intents" or - this = "groovy" and result = "\"groovy-injection\"" + this = "intent-start" and result = "intent-redirection" or - this = "jexl" and result = "\"jexl-injection\"" + this = "set-hostname-verifier" and result = "hostname-verification" or - this = "mvel" and result = "\"mvel-injection\"" + this = "header-splitting" and result = "response-splitting" or - this = "xslt" and result = "\"xslt-injection\"" + this = "xss" and result = "html-injection\" or \"js-injection" or - this = "ldap" and result = "\"ldap-injection\"" + this = "write-file" and result = "file-content-store" or - this = "pending-intent-sent" and result = "\"pending-intents\"" + this = ["create-file", "read-file"] and result = "path-injection" or - this = "intent-start" and result = "\"intent-redirection\"" - or - this = "set-hostname-verifier" and result = "\"hostname-verification\"" - or - this = "header-splitting" and result = "\"response-splitting\"" - or - this = "xss" and result = "\"html-injection\" or \"js-injection\"" - or - this = "write-file" and result = "\"file-content-store\"" - or - this = "create-file" and result = "\"path-injection\"" - or - this = "read-file" and result = "\"path-injection\"" - or - this = "open-url" and result = "\"request-forgery\"" - or - this = "jdbc-url" and result = "\"request-forgery\"" + this = ["open-url", "jdbc-url"] and result = "request-forgery" } string deprecationMessage() { result = - "The kind \"" + this + "\" is deprecated. Use " + this.replacementKind() + " instead." + "The kind \"" + this + "\" is deprecated. Use \"" + this.replacementKind() + "\" instead." } } From 0355b78f13845ab90ce109dae58f5f5ce4a9bd83 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Mon, 22 May 2023 10:34:56 -0400 Subject: [PATCH 794/870] Java: add deprecation deletion comment --- java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll | 3 +++ 1 file changed, 3 insertions(+) diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index 1b0ce54af38..0304e64398f 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -247,6 +247,8 @@ module ModelValidation { ) } + /** + */ private string getInvalidModelOutput() { exists(string pred, AccessPath output, AccessPathToken part | sourceModel(_, _, _, _, _, _, output, _, _) and pred = "source" @@ -328,6 +330,7 @@ module ModelValidation { not kind.matches("regex-use%") and not kind.matches("qltest%") and msg = "Invalid kind \"" + kind + "\" in sink model." and + // The deprecation part of this message can be deleted after June 1st, 2024. if kind instanceof DeprecatedSinkKind then result = msg + " " + kind.(DeprecatedSinkKind).deprecationMessage() else result = msg From d10857fbdb8991bd7630fb7eae85e67089a1f47a Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Mon, 22 May 2023 10:39:59 -0400 Subject: [PATCH 795/870] Java: fix typo blank qldoc --- java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll | 2 -- 1 file changed, 2 deletions(-) diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index 0304e64398f..cebf330c8e4 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -247,8 +247,6 @@ module ModelValidation { ) } - /** - */ private string getInvalidModelOutput() { exists(string pred, AccessPath output, AccessPathToken part | sourceModel(_, _, _, _, _, _, output, _, _) and pred = "source" From b8cedfa817b6b4bc8d56cad8d3cf6faf4da69b01 Mon Sep 17 00:00:00 2001 From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local> Date: Thu, 1 Jun 2023 13:30:27 -0400 Subject: [PATCH 796/870] Java: switch 'deprecated' to 'outdated' --- .../lib/semmle/code/java/dataflow/ExternalFlow.qll | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index cebf330c8e4..ca662ee5610 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -265,8 +265,8 @@ module ModelValidation { ) } - private class DeprecatedSinkKind extends string { - DeprecatedSinkKind() { + private class OutdatedSinkKind extends string { + OutdatedSinkKind() { this = [ "sql", "url-redirect", "xpath", "ssti", "logging", "groovy", "jexl", "mvel", "xslt", @@ -303,9 +303,9 @@ module ModelValidation { this = ["open-url", "jdbc-url"] and result = "request-forgery" } - string deprecationMessage() { + string outdatedMessage() { result = - "The kind \"" + this + "\" is deprecated. Use \"" + this.replacementKind() + "\" instead." + "The kind \"" + this + "\" is outdated. Use \"" + this.replacementKind() + "\" instead." } } @@ -328,9 +328,9 @@ module ModelValidation { not kind.matches("regex-use%") and not kind.matches("qltest%") and msg = "Invalid kind \"" + kind + "\" in sink model." and - // The deprecation part of this message can be deleted after June 1st, 2024. - if kind instanceof DeprecatedSinkKind - then result = msg + " " + kind.(DeprecatedSinkKind).deprecationMessage() + // The part of this message that refers to outdated sink kinds can be deleted after June 1st, 2024. + if kind instanceof OutdatedSinkKind + then result = msg + " " + kind.(OutdatedSinkKind).outdatedMessage() else result = msg ) or From f4b68fb8c3c7c821770d99c7966e6421a2754986 Mon Sep 17 00:00:00 2001 From: erik-krogh <erik-krogh@github.com> Date: Thu, 1 Jun 2023 21:51:43 +0200 Subject: [PATCH 797/870] bump TypeScript to stable version --- javascript/extractor/lib/typescript/package.json | 2 +- javascript/extractor/lib/typescript/yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/javascript/extractor/lib/typescript/package.json b/javascript/extractor/lib/typescript/package.json index cb053bb0e6f..3190b683d34 100644 --- a/javascript/extractor/lib/typescript/package.json +++ b/javascript/extractor/lib/typescript/package.json @@ -2,7 +2,7 @@ "name": "typescript-parser-wrapper", "private": true, "dependencies": { - "typescript": "5.1.1-rc" + "typescript": "5.1.3" }, "scripts": { "build": "tsc --project tsconfig.json", diff --git a/javascript/extractor/lib/typescript/yarn.lock b/javascript/extractor/lib/typescript/yarn.lock index 3b0a9476df6..355c257cf69 100644 --- a/javascript/extractor/lib/typescript/yarn.lock +++ b/javascript/extractor/lib/typescript/yarn.lock @@ -7,7 +7,7 @@ resolved "https://registry.yarnpkg.com/@types/node/-/node-18.15.3.tgz#f0b991c32cfc6a4e7f3399d6cb4b8cf9a0315014" integrity sha512-p6ua9zBxz5otCmbpb5D3U4B5Nanw6Pk3PPyX05xnxbB/fRv71N7CPmORg7uAD5P70T0xmx1pzAx/FUfa5X+3cw== -typescript@5.1.1-rc: - version "5.1.1-rc" - resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.1.1-rc.tgz#7be6e85bb4ad36e07e0125e501eb08ed3a6e3769" - integrity sha512-+yHTPe5QCxw5cgN+B81z+k65xTHcwNCRwJN7OGVUe3srPULTZHF7J9QCgrptL7F8mrO7gmsert7XrMksAjutRw== +typescript@5.1.3: + version "5.1.3" + resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.1.3.tgz#8d84219244a6b40b6fb2b33cc1c062f715b9e826" + integrity sha512-XH627E9vkeqhlZFQuL+UsyAXEnibT0kWR2FWONlr4sTjvxyJYnyefgrkyECLzM5NenmKzRAy2rR/OlYLA1HkZw== From 97afa5733b86ba10066cec4a5507b08c39d9a772 Mon Sep 17 00:00:00 2001 From: erik-krogh <erik-krogh@github.com> Date: Thu, 1 Jun 2023 21:52:14 +0200 Subject: [PATCH 798/870] add support for namespaced JSX attributes --- .../ts/extractor/TypeScriptASTConverter.java | 7 +- .../test/library-tests/JSX/printAst.expected | 104 ++++++++++++++++++ .../ql/test/library-tests/JSX/tests.expected | 9 ++ .../ql/test/library-tests/JSX/tstest.tsx | 12 ++ 4 files changed, 131 insertions(+), 1 deletion(-) diff --git a/javascript/extractor/src/com/semmle/ts/extractor/TypeScriptASTConverter.java b/javascript/extractor/src/com/semmle/ts/extractor/TypeScriptASTConverter.java index e34d552b777..7b68106bb3f 100644 --- a/javascript/extractor/src/com/semmle/ts/extractor/TypeScriptASTConverter.java +++ b/javascript/extractor/src/com/semmle/ts/extractor/TypeScriptASTConverter.java @@ -1552,8 +1552,13 @@ public class TypeScriptASTConverter { } private Node convertJsxAttribute(JsonObject node, SourceLocation loc) throws ParseError { + JsonObject nameNode = node.get("name").getAsJsonObject(); + if (nameNode.get("name") != null) { + // it's a namespaced attribute + nameNode = nameNode.get("name").getAsJsonObject(); + } return new JSXAttribute( - loc, convertJSXName(convertChild(node, "name")), convertChild(node, "initializer")); + loc, convertJSXName(((Expression)convertNode(nameNode, null))), convertChild(node, "initializer")); // 2 } private Node convertJsxClosingElement(JsonObject node, SourceLocation loc) throws ParseError { diff --git a/javascript/ql/test/library-tests/JSX/printAst.expected b/javascript/ql/test/library-tests/JSX/printAst.expected index 11bf254a890..a34e194cca8 100644 --- a/javascript/ql/test/library-tests/JSX/printAst.expected +++ b/javascript/ql/test/library-tests/JSX/printAst.expected @@ -3,10 +3,14 @@ nodes | file://:0:0:0:0 | (Attributes) | semmle.label | (Attributes) | | file://:0:0:0:0 | (Attributes) | semmle.label | (Attributes) | | file://:0:0:0:0 | (Attributes) | semmle.label | (Attributes) | +| file://:0:0:0:0 | (Attributes) | semmle.label | (Attributes) | +| file://:0:0:0:0 | (Attributes) | semmle.label | (Attributes) | | file://:0:0:0:0 | (Body) | semmle.label | (Body) | | file://:0:0:0:0 | (Body) | semmle.label | (Body) | | file://:0:0:0:0 | (Body) | semmle.label | (Body) | | file://:0:0:0:0 | (Body) | semmle.label | (Body) | +| file://:0:0:0:0 | (Body) | semmle.label | (Body) | +| file://:0:0:0:0 | (Parameters) | semmle.label | (Parameters) | | tst.js:1:1:1:32 | [DeclStmt] var href = ... | semmle.label | [DeclStmt] var href = ... | | tst.js:1:1:1:32 | [DeclStmt] var href = ... | semmle.order | 1 | | tst.js:1:5:1:8 | [VarDecl] href | semmle.label | [VarDecl] href | @@ -119,6 +123,42 @@ nodes | tstest.tsx:7:33:7:38 | [JsxElement] <Foo/> | semmle.label | [JsxElement] <Foo/> | | tstest.tsx:7:34:7:36 | [VarRef] Foo | semmle.label | [VarRef] Foo | | tstest.tsx:7:40:7:49 | [Literal] more text | semmle.label | [Literal] more text | +| tstest.tsx:10:1:10:30 | [DeclStmt] const x = ... | semmle.label | [DeclStmt] const x = ... | +| tstest.tsx:10:1:10:30 | [DeclStmt] const x = ... | semmle.order | 15 | +| tstest.tsx:10:7:10:7 | [VarDecl] x | semmle.label | [VarDecl] x | +| tstest.tsx:10:7:10:29 | [VariableDeclarator] x = <Ba ... llo" /> | semmle.label | [VariableDeclarator] x = <Ba ... llo" /> | +| tstest.tsx:10:11:10:29 | [JsxElement] <Bar a:b="hello" /> | semmle.label | [JsxElement] <Bar a:b="hello" /> | +| tstest.tsx:10:12:10:14 | [VarRef] Bar | semmle.label | [VarRef] Bar | +| tstest.tsx:10:16:10:26 | [JsxAttribute] a:b="hello" | semmle.label | [JsxAttribute] a:b="hello" | +| tstest.tsx:10:18:10:18 | [Label] b | semmle.label | [Label] b | +| tstest.tsx:10:20:10:26 | [Literal] "hello" | semmle.label | [Literal] "hello" | +| tstest.tsx:11:1:11:32 | [DeclStmt] const y = ... | semmle.label | [DeclStmt] const y = ... | +| tstest.tsx:11:1:11:32 | [DeclStmt] const y = ... | semmle.order | 16 | +| tstest.tsx:11:7:11:7 | [VarDecl] y | semmle.label | [VarDecl] y | +| tstest.tsx:11:7:11:31 | [VariableDeclarator] y = <Ba ... llo" /> | semmle.label | [VariableDeclarator] y = <Ba ... llo" /> | +| tstest.tsx:11:11:11:31 | [JsxElement] <Bar a ... llo" /> | semmle.label | [JsxElement] <Bar a ... llo" /> | +| tstest.tsx:11:12:11:14 | [VarRef] Bar | semmle.label | [VarRef] Bar | +| tstest.tsx:11:16:11:28 | [JsxAttribute] a : b="hello" | semmle.label | [JsxAttribute] a : b="hello" | +| tstest.tsx:11:20:11:20 | [Label] b | semmle.label | [Label] b | +| tstest.tsx:11:22:11:28 | [Literal] "hello" | semmle.label | [Literal] "hello" | +| tstest.tsx:13:1:15:1 | [InterfaceDeclaration,TypeDefinition] interfa ... ring; } | semmle.label | [InterfaceDeclaration,TypeDefinition] interfa ... ring; } | +| tstest.tsx:13:1:15:1 | [InterfaceDeclaration,TypeDefinition] interfa ... ring; } | semmle.order | 17 | +| tstest.tsx:13:11:13:18 | [Identifier] BarProps | semmle.label | [Identifier] BarProps | +| tstest.tsx:14:5:14:9 | [Literal] "a:b" | semmle.label | [Literal] "a:b" | +| tstest.tsx:14:5:14:18 | [FieldDeclaration] "a:b": string; | semmle.label | [FieldDeclaration] "a:b": string; | +| tstest.tsx:14:12:14:17 | [KeywordTypeExpr] string | semmle.label | [KeywordTypeExpr] string | +| tstest.tsx:17:1:19:1 | [FunctionDeclStmt] functio ... div>; } | semmle.label | [FunctionDeclStmt] functio ... div>; } | +| tstest.tsx:17:1:19:1 | [FunctionDeclStmt] functio ... div>; } | semmle.order | 18 | +| tstest.tsx:17:10:17:12 | [VarDecl] Bar | semmle.label | [VarDecl] Bar | +| tstest.tsx:17:14:17:18 | [SimpleParameter] props | semmle.label | [SimpleParameter] props | +| tstest.tsx:17:21:17:28 | [LocalTypeAccess] BarProps | semmle.label | [LocalTypeAccess] BarProps | +| tstest.tsx:17:31:19:1 | [BlockStmt] { r ... div>; } | semmle.label | [BlockStmt] { r ... div>; } | +| tstest.tsx:18:5:18:37 | [ReturnStmt] return ... </div>; | semmle.label | [ReturnStmt] return ... </div>; | +| tstest.tsx:18:12:18:36 | [JsxElement] <div>{p ... }</div> | semmle.label | [JsxElement] <div>{p ... }</div> | +| tstest.tsx:18:13:18:15 | [Label] div | semmle.label | [Label] div | +| tstest.tsx:18:18:18:22 | [VarRef] props | semmle.label | [VarRef] props | +| tstest.tsx:18:18:18:29 | [IndexExpr] props["a:b"] | semmle.label | [IndexExpr] props["a:b"] | +| tstest.tsx:18:24:18:28 | [Literal] "a:b" | semmle.label | [Literal] "a:b" | edges | file://:0:0:0:0 | (Attributes) | tst.js:3:4:3:14 | [JsxAttribute] href={href} | semmle.label | 0 | | file://:0:0:0:0 | (Attributes) | tst.js:3:4:3:14 | [JsxAttribute] href={href} | semmle.order | 0 | @@ -136,6 +176,10 @@ edges | file://:0:0:0:0 | (Attributes) | tstest.tsx:3:32:3:45 | [JsxAttribute] {...linkTypes} | semmle.order | 2 | | file://:0:0:0:0 | (Attributes) | tstest.tsx:4:25:4:33 | [JsxAttribute] foo="bar" | semmle.label | 0 | | file://:0:0:0:0 | (Attributes) | tstest.tsx:4:25:4:33 | [JsxAttribute] foo="bar" | semmle.order | 0 | +| file://:0:0:0:0 | (Attributes) | tstest.tsx:10:16:10:26 | [JsxAttribute] a:b="hello" | semmle.label | 0 | +| file://:0:0:0:0 | (Attributes) | tstest.tsx:10:16:10:26 | [JsxAttribute] a:b="hello" | semmle.order | 0 | +| file://:0:0:0:0 | (Attributes) | tstest.tsx:11:16:11:28 | [JsxAttribute] a : b="hello" | semmle.label | 0 | +| file://:0:0:0:0 | (Attributes) | tstest.tsx:11:16:11:28 | [JsxAttribute] a : b="hello" | semmle.order | 0 | | file://:0:0:0:0 | (Body) | tst.js:3:47:3:54 | [Literal] Link to | semmle.label | 0 | | file://:0:0:0:0 | (Body) | tst.js:3:47:3:54 | [Literal] Link to | semmle.order | 0 | | file://:0:0:0:0 | (Body) | tst.js:3:56:3:59 | [VarRef] href | semmle.label | 1 | @@ -164,6 +208,10 @@ edges | file://:0:0:0:0 | (Body) | tstest.tsx:7:33:7:38 | [JsxElement] <Foo/> | semmle.order | 1 | | file://:0:0:0:0 | (Body) | tstest.tsx:7:40:7:49 | [Literal] more text | semmle.label | 2 | | file://:0:0:0:0 | (Body) | tstest.tsx:7:40:7:49 | [Literal] more text | semmle.order | 2 | +| file://:0:0:0:0 | (Body) | tstest.tsx:18:18:18:29 | [IndexExpr] props["a:b"] | semmle.label | 0 | +| file://:0:0:0:0 | (Body) | tstest.tsx:18:18:18:29 | [IndexExpr] props["a:b"] | semmle.order | 0 | +| file://:0:0:0:0 | (Parameters) | tstest.tsx:17:14:17:18 | [SimpleParameter] props | semmle.label | 0 | +| file://:0:0:0:0 | (Parameters) | tstest.tsx:17:14:17:18 | [SimpleParameter] props | semmle.order | 0 | | tst.js:1:1:1:32 | [DeclStmt] var href = ... | tst.js:1:5:1:31 | [VariableDeclarator] href = ... le.com" | semmle.label | 1 | | tst.js:1:1:1:32 | [DeclStmt] var href = ... | tst.js:1:5:1:31 | [VariableDeclarator] href = ... le.com" | semmle.order | 1 | | tst.js:1:5:1:31 | [VariableDeclarator] href = ... le.com" | tst.js:1:5:1:8 | [VarDecl] href | semmle.label | 1 | @@ -304,5 +352,61 @@ edges | tstest.tsx:7:16:7:52 | [JsxFragment] <> frag ... ext </> | file://:0:0:0:0 | (Body) | semmle.order | 1 | | tstest.tsx:7:33:7:38 | [JsxElement] <Foo/> | tstest.tsx:7:34:7:36 | [VarRef] Foo | semmle.label | 0 | | tstest.tsx:7:33:7:38 | [JsxElement] <Foo/> | tstest.tsx:7:34:7:36 | [VarRef] Foo | semmle.order | 0 | +| tstest.tsx:10:1:10:30 | [DeclStmt] const x = ... | tstest.tsx:10:7:10:29 | [VariableDeclarator] x = <Ba ... llo" /> | semmle.label | 1 | +| tstest.tsx:10:1:10:30 | [DeclStmt] const x = ... | tstest.tsx:10:7:10:29 | [VariableDeclarator] x = <Ba ... llo" /> | semmle.order | 1 | +| tstest.tsx:10:7:10:29 | [VariableDeclarator] x = <Ba ... llo" /> | tstest.tsx:10:7:10:7 | [VarDecl] x | semmle.label | 1 | +| tstest.tsx:10:7:10:29 | [VariableDeclarator] x = <Ba ... llo" /> | tstest.tsx:10:7:10:7 | [VarDecl] x | semmle.order | 1 | +| tstest.tsx:10:7:10:29 | [VariableDeclarator] x = <Ba ... llo" /> | tstest.tsx:10:11:10:29 | [JsxElement] <Bar a:b="hello" /> | semmle.label | 2 | +| tstest.tsx:10:7:10:29 | [VariableDeclarator] x = <Ba ... llo" /> | tstest.tsx:10:11:10:29 | [JsxElement] <Bar a:b="hello" /> | semmle.order | 2 | +| tstest.tsx:10:11:10:29 | [JsxElement] <Bar a:b="hello" /> | file://:0:0:0:0 | (Attributes) | semmle.label | 2 | +| tstest.tsx:10:11:10:29 | [JsxElement] <Bar a:b="hello" /> | file://:0:0:0:0 | (Attributes) | semmle.order | 2 | +| tstest.tsx:10:11:10:29 | [JsxElement] <Bar a:b="hello" /> | tstest.tsx:10:12:10:14 | [VarRef] Bar | semmle.label | 0 | +| tstest.tsx:10:11:10:29 | [JsxElement] <Bar a:b="hello" /> | tstest.tsx:10:12:10:14 | [VarRef] Bar | semmle.order | 0 | +| tstest.tsx:10:16:10:26 | [JsxAttribute] a:b="hello" | tstest.tsx:10:18:10:18 | [Label] b | semmle.label | 1 | +| tstest.tsx:10:16:10:26 | [JsxAttribute] a:b="hello" | tstest.tsx:10:18:10:18 | [Label] b | semmle.order | 1 | +| tstest.tsx:10:16:10:26 | [JsxAttribute] a:b="hello" | tstest.tsx:10:20:10:26 | [Literal] "hello" | semmle.label | 2 | +| tstest.tsx:10:16:10:26 | [JsxAttribute] a:b="hello" | tstest.tsx:10:20:10:26 | [Literal] "hello" | semmle.order | 2 | +| tstest.tsx:11:1:11:32 | [DeclStmt] const y = ... | tstest.tsx:11:7:11:31 | [VariableDeclarator] y = <Ba ... llo" /> | semmle.label | 1 | +| tstest.tsx:11:1:11:32 | [DeclStmt] const y = ... | tstest.tsx:11:7:11:31 | [VariableDeclarator] y = <Ba ... llo" /> | semmle.order | 1 | +| tstest.tsx:11:7:11:31 | [VariableDeclarator] y = <Ba ... llo" /> | tstest.tsx:11:7:11:7 | [VarDecl] y | semmle.label | 1 | +| tstest.tsx:11:7:11:31 | [VariableDeclarator] y = <Ba ... llo" /> | tstest.tsx:11:7:11:7 | [VarDecl] y | semmle.order | 1 | +| tstest.tsx:11:7:11:31 | [VariableDeclarator] y = <Ba ... llo" /> | tstest.tsx:11:11:11:31 | [JsxElement] <Bar a ... llo" /> | semmle.label | 2 | +| tstest.tsx:11:7:11:31 | [VariableDeclarator] y = <Ba ... llo" /> | tstest.tsx:11:11:11:31 | [JsxElement] <Bar a ... llo" /> | semmle.order | 2 | +| tstest.tsx:11:11:11:31 | [JsxElement] <Bar a ... llo" /> | file://:0:0:0:0 | (Attributes) | semmle.label | 2 | +| tstest.tsx:11:11:11:31 | [JsxElement] <Bar a ... llo" /> | file://:0:0:0:0 | (Attributes) | semmle.order | 2 | +| tstest.tsx:11:11:11:31 | [JsxElement] <Bar a ... llo" /> | tstest.tsx:11:12:11:14 | [VarRef] Bar | semmle.label | 0 | +| tstest.tsx:11:11:11:31 | [JsxElement] <Bar a ... llo" /> | tstest.tsx:11:12:11:14 | [VarRef] Bar | semmle.order | 0 | +| tstest.tsx:11:16:11:28 | [JsxAttribute] a : b="hello" | tstest.tsx:11:20:11:20 | [Label] b | semmle.label | 1 | +| tstest.tsx:11:16:11:28 | [JsxAttribute] a : b="hello" | tstest.tsx:11:20:11:20 | [Label] b | semmle.order | 1 | +| tstest.tsx:11:16:11:28 | [JsxAttribute] a : b="hello" | tstest.tsx:11:22:11:28 | [Literal] "hello" | semmle.label | 2 | +| tstest.tsx:11:16:11:28 | [JsxAttribute] a : b="hello" | tstest.tsx:11:22:11:28 | [Literal] "hello" | semmle.order | 2 | +| tstest.tsx:13:1:15:1 | [InterfaceDeclaration,TypeDefinition] interfa ... ring; } | tstest.tsx:13:11:13:18 | [Identifier] BarProps | semmle.label | 1 | +| tstest.tsx:13:1:15:1 | [InterfaceDeclaration,TypeDefinition] interfa ... ring; } | tstest.tsx:13:11:13:18 | [Identifier] BarProps | semmle.order | 1 | +| tstest.tsx:13:1:15:1 | [InterfaceDeclaration,TypeDefinition] interfa ... ring; } | tstest.tsx:14:5:14:18 | [FieldDeclaration] "a:b": string; | semmle.label | 2 | +| tstest.tsx:13:1:15:1 | [InterfaceDeclaration,TypeDefinition] interfa ... ring; } | tstest.tsx:14:5:14:18 | [FieldDeclaration] "a:b": string; | semmle.order | 2 | +| tstest.tsx:14:5:14:18 | [FieldDeclaration] "a:b": string; | tstest.tsx:14:5:14:9 | [Literal] "a:b" | semmle.label | 1 | +| tstest.tsx:14:5:14:18 | [FieldDeclaration] "a:b": string; | tstest.tsx:14:5:14:9 | [Literal] "a:b" | semmle.order | 1 | +| tstest.tsx:14:5:14:18 | [FieldDeclaration] "a:b": string; | tstest.tsx:14:12:14:17 | [KeywordTypeExpr] string | semmle.label | 2 | +| tstest.tsx:14:5:14:18 | [FieldDeclaration] "a:b": string; | tstest.tsx:14:12:14:17 | [KeywordTypeExpr] string | semmle.order | 2 | +| tstest.tsx:17:1:19:1 | [FunctionDeclStmt] functio ... div>; } | file://:0:0:0:0 | (Parameters) | semmle.label | 1 | +| tstest.tsx:17:1:19:1 | [FunctionDeclStmt] functio ... div>; } | file://:0:0:0:0 | (Parameters) | semmle.order | 1 | +| tstest.tsx:17:1:19:1 | [FunctionDeclStmt] functio ... div>; } | tstest.tsx:17:10:17:12 | [VarDecl] Bar | semmle.label | 0 | +| tstest.tsx:17:1:19:1 | [FunctionDeclStmt] functio ... div>; } | tstest.tsx:17:10:17:12 | [VarDecl] Bar | semmle.order | 0 | +| tstest.tsx:17:1:19:1 | [FunctionDeclStmt] functio ... div>; } | tstest.tsx:17:31:19:1 | [BlockStmt] { r ... div>; } | semmle.label | 5 | +| tstest.tsx:17:1:19:1 | [FunctionDeclStmt] functio ... div>; } | tstest.tsx:17:31:19:1 | [BlockStmt] { r ... div>; } | semmle.order | 5 | +| tstest.tsx:17:14:17:18 | [SimpleParameter] props | tstest.tsx:17:21:17:28 | [LocalTypeAccess] BarProps | semmle.label | -2 | +| tstest.tsx:17:14:17:18 | [SimpleParameter] props | tstest.tsx:17:21:17:28 | [LocalTypeAccess] BarProps | semmle.order | -2 | +| tstest.tsx:17:31:19:1 | [BlockStmt] { r ... div>; } | tstest.tsx:18:5:18:37 | [ReturnStmt] return ... </div>; | semmle.label | 1 | +| tstest.tsx:17:31:19:1 | [BlockStmt] { r ... div>; } | tstest.tsx:18:5:18:37 | [ReturnStmt] return ... </div>; | semmle.order | 1 | +| tstest.tsx:18:5:18:37 | [ReturnStmt] return ... </div>; | tstest.tsx:18:12:18:36 | [JsxElement] <div>{p ... }</div> | semmle.label | 1 | +| tstest.tsx:18:5:18:37 | [ReturnStmt] return ... </div>; | tstest.tsx:18:12:18:36 | [JsxElement] <div>{p ... }</div> | semmle.order | 1 | +| tstest.tsx:18:12:18:36 | [JsxElement] <div>{p ... }</div> | file://:0:0:0:0 | (Body) | semmle.label | 1 | +| tstest.tsx:18:12:18:36 | [JsxElement] <div>{p ... }</div> | file://:0:0:0:0 | (Body) | semmle.order | 1 | +| tstest.tsx:18:12:18:36 | [JsxElement] <div>{p ... }</div> | tstest.tsx:18:13:18:15 | [Label] div | semmle.label | 0 | +| tstest.tsx:18:12:18:36 | [JsxElement] <div>{p ... }</div> | tstest.tsx:18:13:18:15 | [Label] div | semmle.order | 0 | +| tstest.tsx:18:18:18:29 | [IndexExpr] props["a:b"] | tstest.tsx:18:18:18:22 | [VarRef] props | semmle.label | 1 | +| tstest.tsx:18:18:18:29 | [IndexExpr] props["a:b"] | tstest.tsx:18:18:18:22 | [VarRef] props | semmle.order | 1 | +| tstest.tsx:18:18:18:29 | [IndexExpr] props["a:b"] | tstest.tsx:18:24:18:28 | [Literal] "a:b" | semmle.label | 2 | +| tstest.tsx:18:18:18:29 | [IndexExpr] props["a:b"] | tstest.tsx:18:24:18:28 | [Literal] "a:b" | semmle.order | 2 | graphProperties | semmle.graphKind | tree | diff --git a/javascript/ql/test/library-tests/JSX/tests.expected b/javascript/ql/test/library-tests/JSX/tests.expected index 974d5608802..50b00601fbe 100644 --- a/javascript/ql/test/library-tests/JSX/tests.expected +++ b/javascript/ql/test/library-tests/JSX/tests.expected @@ -3,6 +3,7 @@ htmlElements | tst.js:6:1:6:10 | <Foo-Bar/> | | tstest.tsx:3:1:3:106 | <a href ... */}</a> | | tstest.tsx:6:1:6:10 | <Foo-Bar/> | +| tstest.tsx:18:12:18:36 | <div>{p ... }</div> | jsxElementAttribute | tst.js:3:1:3:106 | <a href ... */}</a> | 0 | tst.js:3:4:3:14 | href={href} | | tst.js:3:1:3:106 | <a href ... */}</a> | 1 | tst.js:3:16:3:30 | target="_blank" | @@ -12,6 +13,8 @@ jsxElementAttribute | tstest.tsx:3:1:3:106 | <a href ... */}</a> | 1 | tstest.tsx:3:16:3:30 | target="_blank" | | tstest.tsx:3:1:3:106 | <a href ... */}</a> | 2 | tstest.tsx:3:32:3:45 | {...linkTypes} | | tstest.tsx:4:1:4:35 | <MyComp ... "bar"/> | 0 | tstest.tsx:4:25:4:33 | foo="bar" | +| tstest.tsx:10:11:10:29 | <Bar a:b="hello" /> | 0 | tstest.tsx:10:16:10:26 | a:b="hello" | +| tstest.tsx:11:11:11:31 | <Bar a ... llo" /> | 0 | tstest.tsx:11:16:11:28 | a : b="hello" | jsxElementAttributeName | tst.js:3:1:3:106 | <a href ... */}</a> | 0 | href | | tst.js:3:1:3:106 | <a href ... */}</a> | 1 | target | @@ -19,6 +22,8 @@ jsxElementAttributeName | tstest.tsx:3:1:3:106 | <a href ... */}</a> | 0 | href | | tstest.tsx:3:1:3:106 | <a href ... */}</a> | 1 | target | | tstest.tsx:4:1:4:35 | <MyComp ... "bar"/> | 0 | foo | +| tstest.tsx:10:11:10:29 | <Bar a:b="hello" /> | 0 | b | +| tstest.tsx:11:11:11:31 | <Bar a ... llo" /> | 0 | b | jsxElementBody | tst.js:3:1:3:106 | <a href ... */}</a> | 0 | tst.js:3:47:3:54 | Link to | | tst.js:3:1:3:106 | <a href ... */}</a> | 1 | tst.js:3:56:3:59 | href | @@ -28,6 +33,7 @@ jsxElementBody | tstest.tsx:3:1:3:106 | <a href ... */}</a> | 1 | tstest.tsx:3:56:3:59 | href | | tstest.tsx:3:1:3:106 | <a href ... */}</a> | 2 | tstest.tsx:3:61:3:62 | . | | tstest.tsx:3:1:3:106 | <a href ... */}</a> | 3 | tstest.tsx:3:63:3:102 | {/*TODO ... text*/} | +| tstest.tsx:18:12:18:36 | <div>{p ... }</div> | 0 | tstest.tsx:18:18:18:29 | props["a:b"] | jsxElementName | tst.js:3:1:3:106 | <a href ... */}</a> | tst.js:3:2:3:2 | a | a | | tst.js:4:1:4:35 | <MyComp ... "bar"/> | tst.js:4:2:4:23 | MyCompo ... ncyLink | MyComponents.FancyLink | @@ -39,6 +45,9 @@ jsxElementName | tstest.tsx:5:1:5:6 | <Foo/> | tstest.tsx:5:2:5:4 | Foo | Foo | | tstest.tsx:6:1:6:10 | <Foo-Bar/> | tstest.tsx:6:2:6:8 | Foo-Bar | Foo-Bar | | tstest.tsx:7:33:7:38 | <Foo/> | tstest.tsx:7:34:7:36 | Foo | Foo | +| tstest.tsx:10:11:10:29 | <Bar a:b="hello" /> | tstest.tsx:10:12:10:14 | Bar | Bar | +| tstest.tsx:11:11:11:31 | <Bar a ... llo" /> | tstest.tsx:11:12:11:14 | Bar | Bar | +| tstest.tsx:18:12:18:36 | <div>{p ... }</div> | tstest.tsx:18:13:18:15 | div | div | jsxFragments | tst.js:7:16:7:52 | <> frag ... ext </> | 0 | tst.js:7:18:7:32 | fragment text | | tst.js:7:16:7:52 | <> frag ... ext </> | 1 | tst.js:7:33:7:38 | <Foo/> | diff --git a/javascript/ql/test/library-tests/JSX/tstest.tsx b/javascript/ql/test/library-tests/JSX/tstest.tsx index c1011712e19..966d6ced2fd 100644 --- a/javascript/ql/test/library-tests/JSX/tstest.tsx +++ b/javascript/ql/test/library-tests/JSX/tstest.tsx @@ -5,3 +5,15 @@ var linkTypes = { rel: "noopener noreferrer" }; <Foo/>; // interpreted as a custom component because of capitalisation <Foo-Bar/>; // interpreted as an HTML element because of the dash var fragment = <> fragment text <Foo/> more text </> + +// Both of these are equivalent: +const x = <Bar a:b="hello" />; +const y = <Bar a : b="hello" />; + +interface BarProps { + "a:b": string; +} + +function Bar(props: BarProps) { + return <div>{props["a:b"]}</div>; +} \ No newline at end of file From 8eed1a95f638496442695bb584dd2a8e4aa42d6f Mon Sep 17 00:00:00 2001 From: erik-krogh <erik-krogh@github.com> Date: Thu, 1 Jun 2023 23:16:52 +0200 Subject: [PATCH 799/870] stop recursive fromRhs related to getLaterBaseAccess --- javascript/ql/lib/semmle/javascript/GlobalAccessPaths.qll | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/GlobalAccessPaths.qll b/javascript/ql/lib/semmle/javascript/GlobalAccessPaths.qll index e9828e5bf25..35ba8cfe601 100644 --- a/javascript/ql/lib/semmle/javascript/GlobalAccessPaths.qll +++ b/javascript/ql/lib/semmle/javascript/GlobalAccessPaths.qll @@ -234,7 +234,8 @@ module AccessPath { or baseName = fromRhs(write.getBase(), root) or - baseName = fromRhs(GetLaterAccess::getLaterBaseAccess(write), root) + baseName = fromRhs(GetLaterAccess::getLaterBaseAccess(write), root) and + not baseName.matches("%.%") ) or exists(GlobalVariable var | From 1b44b59842d0d5d4d2d297b1cea94771584a3491 Mon Sep 17 00:00:00 2001 From: erik-krogh <erik-krogh@github.com> Date: Thu, 1 Jun 2023 23:20:23 +0200 Subject: [PATCH 800/870] add stress test --- .../library-tests/GlobalAccessPaths/stress.js | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 javascript/ql/test/library-tests/GlobalAccessPaths/stress.js diff --git a/javascript/ql/test/library-tests/GlobalAccessPaths/stress.js b/javascript/ql/test/library-tests/GlobalAccessPaths/stress.js new file mode 100644 index 00000000000..198ccf6e8e2 --- /dev/null +++ b/javascript/ql/test/library-tests/GlobalAccessPaths/stress.js @@ -0,0 +1,33 @@ + +// stress test for global access path computation +var MyObject = {} +MyObject.Foo1 = { inner: MyObject }; +MyObject.Foo2 = { inner: MyObject }; +MyObject.Foo3 = { inner: MyObject }; +MyObject.Foo4 = { inner: MyObject }; +MyObject.Foo5 = { inner: MyObject }; +MyObject.Foo6 = { inner: MyObject }; +MyObject.Foo7 = { inner: MyObject }; +MyObject.Foo8 = { inner: MyObject }; +MyObject.Foo9 = { inner: MyObject }; +MyObject.Fooa = { inner: MyObject }; +MyObject.Foob = { inner: MyObject }; +MyObject.Fooc = { inner: MyObject }; +MyObject.Food = { inner: MyObject }; +MyObject.Fooe = { inner: MyObject }; +MyObject.Foof = { inner: MyObject }; +MyObject.Foog = { inner: MyObject }; +MyObject.Fooh = { inner: MyObject }; +MyObject.Fooi = { inner: MyObject }; +MyObject.Fooj = { inner: MyObject }; +MyObject.Fook = { inner: MyObject }; +MyObject.Fool = { inner: MyObject }; +MyObject.Foom = { inner: MyObject }; +MyObject.Foon = { inner: MyObject }; +MyObject.Fooo = { inner: MyObject }; +MyObject.Foop = { inner: MyObject }; +MyObject.Fooq = { inner: MyObject }; +MyObject.Foor = { inner: MyObject }; +MyObject.Foos = { inner: MyObject }; +MyObject.Foot = { inner: MyObject }; +exports.MyObject = MyObject; \ No newline at end of file From ef7e9a674c034721562b2d5a996b879fe67a1108 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 2 Jun 2023 00:16:55 +0000 Subject: [PATCH 801/870] Add changed framework coverage reports --- .../library-coverage/coverage.csv | 334 +++++++++--------- .../library-coverage/coverage.rst | 18 +- 2 files changed, 176 insertions(+), 176 deletions(-) diff --git a/java/documentation/library-coverage/coverage.csv b/java/documentation/library-coverage/coverage.csv index 0bd4f53a9a7..4e4b1ab7e1f 100644 --- a/java/documentation/library-coverage/coverage.csv +++ b/java/documentation/library-coverage/coverage.csv @@ -1,167 +1,167 @@ -package,sink,source,summary,sink:bean-validation,sink:create-file,sink:fragment-injection,sink:groovy,sink:header-splitting,sink:information-leak,sink:intent-start,sink:jdbc-url,sink:jexl,sink:jndi-injection,sink:ldap,sink:logging,sink:mvel,sink:ognl-injection,sink:open-url,sink:pending-intent-sent,sink:read-file,sink:regex-use,sink:regex-use[-1],sink:regex-use[0],sink:regex-use[],sink:regex-use[f-1],sink:regex-use[f1],sink:regex-use[f],sink:set-hostname-verifier,sink:sql,sink:ssti,sink:url-redirect,sink:write-file,sink:xpath,sink:xslt,sink:xss,source:android-external-storage-dir,source:android-widget,source:contentprovider,source:remote,summary:taint,summary:value -android.app,35,,103,,,11,,,,7,,,,,,,,,17,,,,,,,,,,,,,,,,,,,,,18,85 -android.content,24,31,154,,,,,,,16,,,,,,,,,,,,,,,,,,,8,,,,,,,4,,27,,63,91 -android.database,59,,41,,,,,,,,,,,,,,,,,,,,,,,,,,59,,,,,,,,,,,41, -android.net,,,60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,45,15 -android.os,,2,122,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,41,81 -android.support.v4.app,11,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -android.util,6,16,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,16,, -android.webkit,3,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,2,, -android.widget,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,1, -androidx.core.app,6,,95,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,12,83 -androidx.fragment.app,11,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -androidx.slice,2,5,88,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,5,,27,61 -cn.hutool.core.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -com.fasterxml.jackson.core,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -com.fasterxml.jackson.databind,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6, -com.google.common.base,4,,87,,,,,,,,,,,,,,,,,,,,3,1,,,,,,,,,,,,,,,,63,24 -com.google.common.cache,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17 -com.google.common.collect,,,553,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,551 -com.google.common.flogger,29,,,,,,,,,,,,,,29,,,,,,,,,,,,,,,,,,,,,,,,,, -com.google.common.io,8,,73,,2,,,,,,,,,,,,,,,5,,,,,,,,,,,,1,,,,,,,,72,1 -com.google.gson,,,39,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,25,14 -com.hubspot.jinjava,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,, -com.mitchellbosecke.pebble,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,, -com.opensymphony.xwork2.ognl,3,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,, -com.rabbitmq.client,,21,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,7, -com.thoughtworks.xstream,1,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,, -com.unboundid.ldap.sdk,17,,,,,,,,,,,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,, -com.zaxxer.hikari,2,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -flexjson,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1 -freemarker.cache,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,, -freemarker.template,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,,, -groovy.lang,26,,,,,,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -groovy.text,1,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -groovy.util,5,,,,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -hudson,44,,16,,19,,,,,,,,,,,,,6,,17,,,,,,,,,,,,2,,,,,,,,16, -io.jsonwebtoken,,2,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,4, -io.netty.bootstrap,3,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,,,,, -io.netty.buffer,,,207,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,130,77 -io.netty.channel,9,2,,,,,,,,,,,,,,,,9,,,,,,,,,,,,,,,,,,,,,2,, -io.netty.handler.codec,4,13,259,,,,,,,,,,,,,,,3,,1,,,,,,,,,,,,,,,,,,,13,143,116 -io.netty.handler.ssl,2,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,, -io.netty.handler.stream,1,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,, -io.netty.resolver,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -io.netty.util,2,,23,,1,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,21,2 -jakarta.faces.context,2,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,7,, -jakarta.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23 -jakarta.ws.rs.client,1,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,, -jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,, -jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,94,55 -java.awt,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3 -java.beans,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -java.io,44,,45,,18,,,,,,,,,,,,,,,4,,,,,,,,,,,,22,,,,,,,,43,2 -java.lang,18,,92,,,,,,,,,,,,8,,,,,5,,4,,,1,,,,,,,,,,,,,,,56,36 -java.net,13,3,20,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,,,3,20, -java.nio,38,,31,,22,,,,,,,,,,,,,,,13,,,,,,,,,,,,3,,,,,,,,31, -java.sql,13,,3,,,,,,,,4,,,,,,,,,,,,,,,,,,9,,,,,,,,,,,2,1 -java.util,44,,484,,,,,,,,,,,,34,,,,,,,,5,2,,1,2,,,,,,,,,,,,,44,440 -javafx.scene.web,1,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,, -javax.faces.context,2,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,7,, -javax.imageio.stream,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57, -javax.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23 -javax.management.remote,2,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,, -javax.naming,7,,1,,,,,,,,,,6,1,,,,,,,,,,,,,,,,,,,,,,,,,,1, -javax.net.ssl,2,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,, -javax.script,1,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,, -javax.servlet,5,21,2,,,,,3,1,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,21,2, -javax.validation,1,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,, -javax.ws.rs.client,1,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,, -javax.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,, -javax.ws.rs.core,3,,149,,,,,1,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,94,55 -javax.xml.transform,2,,6,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,6, -javax.xml.xpath,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,, -jodd.json,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10 -kotlin,16,,1843,,11,,,,,,,,,,,,,2,,3,,,,,,,,,,,,,,,,,,,,1836,7 -net.sf.saxon.s9api,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,,,, -ognl,6,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,, -okhttp3,4,,47,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,22,25 -org.apache.commons.codec,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6, -org.apache.commons.collections,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783 -org.apache.commons.collections4,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783 -org.apache.commons.compress.archivers.tar,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4, -org.apache.commons.httpclient.util,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -org.apache.commons.io,111,,560,,93,,,,,,,,,,,,,15,,1,,,,,,,,,,,,2,,,,,,,,546,14 -org.apache.commons.jelly,6,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,, -org.apache.commons.jexl2,15,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -org.apache.commons.jexl3,15,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -org.apache.commons.lang3,6,,424,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,293,131 -org.apache.commons.logging,6,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,, -org.apache.commons.net,9,12,,,,,,,,,,,,,,,,6,,3,,,,,,,,,,,,,,,,,,,12,, -org.apache.commons.ognl,6,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,, -org.apache.commons.text,,,272,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,220,52 -org.apache.directory.ldap.client.api,1,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,, -org.apache.hadoop.fs,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10, -org.apache.hadoop.hive.metastore,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,, -org.apache.hc.client5.http.async.methods,84,,,,,,,,,,,,,,,,,84,,,,,,,,,,,,,,,,,,,,,,, -org.apache.hc.client5.http.classic.methods,37,,,,,,,,,,,,,,,,,37,,,,,,,,,,,,,,,,,,,,,,, -org.apache.hc.client5.http.fluent,19,,,,,,,,,,,,,,,,,19,,,,,,,,,,,,,,,,,,,,,,, -org.apache.hc.core5.benchmark,1,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,, -org.apache.hc.core5.function,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -org.apache.hc.core5.http,73,2,45,,,,,,,,,,,,,,,72,,,,,,,,,,,,,,,,,1,,,,2,45, -org.apache.hc.core5.net,,,18,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18, -org.apache.hc.core5.util,,,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18,6 -org.apache.hive.hcatalog.templeton,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,, -org.apache.http,48,3,94,,,,,,,,,,,,,,,46,,,,,,,,,,,,,,,,,2,,,,3,86,8 -org.apache.ibatis.jdbc,6,,57,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,57, -org.apache.log4j,11,,,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,, -org.apache.logging.log4j,359,,8,,,,,,,,,,,,359,,,,,,,,,,,,,,,,,,,,,,,,,4,4 -org.apache.shiro.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -org.apache.shiro.jndi,1,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,, -org.apache.tools.ant,11,,,,3,,,,,,,,,,,,,,,8,,,,,,,,,,,,,,,,,,,,, -org.apache.tools.zip,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -org.apache.velocity.app,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,, -org.apache.velocity.runtime,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,, -org.codehaus.cargo.container.installer,3,,,,2,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,, -org.codehaus.groovy.control,1,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -org.dom4j,20,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,20,,,,,,,, -org.eclipse.jetty.client,1,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,, -org.geogebra.web.full.main,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,, -org.hibernate,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,,,, -org.jboss.logging,324,,,,,,,,,,,,,,324,,,,,,,,,,,,,,,,,,,,,,,,,, -org.jdbi.v3.core,6,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -org.jooq,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,, -org.json,,,236,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,198,38 -org.kohsuke.stapler,3,,1,,,,,,,,,,,,,,,1,,1,,,,,,,,,,,1,,,,,,,,,1, -org.mvel2,16,,,,,,,,,,,,,,,16,,,,,,,,,,,,,,,,,,,,,,,,, -org.openjdk.jmh.runner.options,1,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -org.scijava.log,13,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,,,,,,,, -org.slf4j,55,,6,,,,,,,,,,,,55,,,,,,,,,,,,,,,,,,,,,,,,,2,4 -org.springframework.beans,,,30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30 -org.springframework.boot.jdbc,1,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -org.springframework.cache,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13 -org.springframework.context,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3, -org.springframework.data.repository,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1 -org.springframework.http,14,,71,,,,,,,,,,,,,,,14,,,,,,,,,,,,,,,,,,,,,,61,10 -org.springframework.jdbc.core,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,,,,, -org.springframework.jdbc.datasource,4,,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, -org.springframework.jdbc.object,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,,,, -org.springframework.jndi,1,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,, -org.springframework.ldap,47,,,,,,,,,,,,33,14,,,,,,,,,,,,,,,,,,,,,,,,,,, -org.springframework.security.web.savedrequest,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,, -org.springframework.ui,,,32,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,32 -org.springframework.util,3,,142,,2,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,90,52 -org.springframework.validation,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13, -org.springframework.web.client,13,3,,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,,,3,, -org.springframework.web.context.request,,8,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,, -org.springframework.web.multipart,,12,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,12,13, -org.springframework.web.reactive.function.client,2,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,, -org.springframework.web.util,,,165,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,140,25 -org.thymeleaf,2,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,2, -org.xml.sax,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -org.xmlpull.v1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,, -play.libs.ws,2,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,, -play.mvc,,13,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,24, -ratpack.core.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3, -ratpack.core.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4, -ratpack.core.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10, -ratpack.exec,,,48,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,48 -ratpack.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3, -ratpack.func,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35 -ratpack.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4, -ratpack.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10, -ratpack.util,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35 -retrofit2,1,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,, +package,sink,source,summary,sink:bean-validation,sink:file-content-store,sink:fragment-injection,sink:groovy-injection,sink:hostname-verification,sink:html-injection,sink:information-leak,sink:intent-redirection,sink:jexl-injection,sink:jndi-injection,sink:js-injection,sink:ldap-injection,sink:log-injection,sink:mvel-injection,sink:ognl-injection,sink:path-injection,sink:pending-intents,sink:regex-use,sink:regex-use[-1],sink:regex-use[0],sink:regex-use[],sink:regex-use[f-1],sink:regex-use[f1],sink:regex-use[f],sink:request-forgery,sink:response-splitting,sink:sql-injection,sink:template-injection,sink:url-redirection,sink:xpath-injection,sink:xslt-injection,source:android-external-storage-dir,source:contentprovider,source:remote,summary:taint,summary:value +android.app,35,,103,,,11,,,,,7,,,,,,,,,17,,,,,,,,,,,,,,,,,,18,85 +android.content,24,31,154,,,,,,,,16,,,,,,,,,,,,,,,,,,,8,,,,,4,27,,63,91 +android.database,59,,41,,,,,,,,,,,,,,,,,,,,,,,,,,,59,,,,,,,,41, +android.net,,,60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,45,15 +android.os,,2,122,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,41,81 +android.support.v4.app,11,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +android.util,6,16,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,16,, +android.webkit,3,2,,,,,,,2,,,,,1,,,,,,,,,,,,,,,,,,,,,,,2,, +android.widget,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,1, +androidx.core.app,6,,95,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,12,83 +androidx.fragment.app,11,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +androidx.slice,2,5,88,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,5,,27,61 +cn.hutool.core.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +com.fasterxml.jackson.core,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +com.fasterxml.jackson.databind,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6, +com.google.common.base,4,,87,,,,,,,,,,,,,,,,,,,,3,1,,,,,,,,,,,,,,63,24 +com.google.common.cache,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17 +com.google.common.collect,,,553,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,551 +com.google.common.flogger,29,,,,,,,,,,,,,,,29,,,,,,,,,,,,,,,,,,,,,,, +com.google.common.io,8,,73,,1,,,,,,,,,,,,,,7,,,,,,,,,,,,,,,,,,,72,1 +com.google.gson,,,39,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,25,14 +com.hubspot.jinjava,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,, +com.mitchellbosecke.pebble,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,, +com.opensymphony.xwork2.ognl,3,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,,, +com.rabbitmq.client,,21,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,7, +com.thoughtworks.xstream,1,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,, +com.unboundid.ldap.sdk,17,,,,,,,,,,,,,,17,,,,,,,,,,,,,,,,,,,,,,,, +com.zaxxer.hikari,2,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,, +flexjson,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1 +freemarker.cache,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,, +freemarker.template,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,, +groovy.lang,26,,,,,,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +groovy.text,1,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +groovy.util,5,,,,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +hudson,44,,16,,2,,,,,,,,,,,,,,36,,,,,,,,,6,,,,,,,,,,16, +io.jsonwebtoken,,2,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,4, +io.netty.bootstrap,3,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,, +io.netty.buffer,,,207,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,130,77 +io.netty.channel,9,2,,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,2,, +io.netty.handler.codec,4,13,259,,,,,,,,,,,,,,,,1,,,,,,,,,3,,,,,,,,,13,143,116 +io.netty.handler.ssl,2,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,, +io.netty.handler.stream,1,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,, +io.netty.resolver,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +io.netty.util,2,,23,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,21,2 +jakarta.faces.context,2,7,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,, +jakarta.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23 +jakarta.ws.rs.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,, +jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,, +jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,94,55 +java.awt,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3 +java.beans,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +java.io,44,,45,,22,,,,,,,,,,,,,,22,,,,,,,,,,,,,,,,,,,43,2 +java.lang,18,,92,,,,,,,,,,,,,8,,,5,,,4,,,1,,,,,,,,,,,,,56,36 +java.net,13,3,20,,,,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,3,20, +java.nio,38,,31,,3,,,,,,,,,,,,,,35,,,,,,,,,,,,,,,,,,,31, +java.sql,13,,3,,,,,,,,,,,,,,,,,,,,,,,,,4,,9,,,,,,,,2,1 +java.util,44,,484,,,,,,,,,,,,,34,,,,,,,5,2,,1,2,,,,,,,,,,,44,440 +javafx.scene.web,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,, +javax.faces.context,2,7,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,, +javax.imageio.stream,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57, +javax.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23 +javax.management.remote,2,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,, +javax.naming,7,,1,,,,,,,,,,6,,1,,,,,,,,,,,,,,,,,,,,,,,1, +javax.net.ssl,2,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +javax.script,1,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,, +javax.servlet,5,21,2,,,,,,,1,,,,,,,,,1,,,,,,,,,,3,,,,,,,,21,2, +javax.validation,1,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,, +javax.ws.rs.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,, +javax.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,, +javax.ws.rs.core,3,,149,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,2,,,,,,94,55 +javax.xml.transform,2,,6,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,1,,,,6, +javax.xml.xpath,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,, +jodd.json,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10 +kotlin,16,,1843,,,,,,,,,,,,,,,,14,,,,,,,,,2,,,,,,,,,,1836,7 +net.sf.saxon.s9api,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,, +ognl,6,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,, +okhttp3,4,,47,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,22,25 +org.apache.commons.codec,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6, +org.apache.commons.collections,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783 +org.apache.commons.collections4,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783 +org.apache.commons.compress.archivers.tar,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4, +org.apache.commons.httpclient.util,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +org.apache.commons.io,111,,560,,2,,,,,,,,,,,,,,94,,,,,,,,,15,,,,,,,,,,546,14 +org.apache.commons.jelly,6,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,, +org.apache.commons.jexl2,15,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,, +org.apache.commons.jexl3,15,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,, +org.apache.commons.lang3,6,,424,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,293,131 +org.apache.commons.logging,6,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,, +org.apache.commons.net,9,12,,,,,,,,,,,,,,,,,3,,,,,,,,,6,,,,,,,,,12,, +org.apache.commons.ognl,6,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,, +org.apache.commons.text,,,272,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,220,52 +org.apache.directory.ldap.client.api,1,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,, +org.apache.hadoop.fs,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10, +org.apache.hadoop.hive.metastore,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,, +org.apache.hc.client5.http.async.methods,84,,,,,,,,,,,,,,,,,,,,,,,,,,,84,,,,,,,,,,, +org.apache.hc.client5.http.classic.methods,37,,,,,,,,,,,,,,,,,,,,,,,,,,,37,,,,,,,,,,, +org.apache.hc.client5.http.fluent,19,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,,,, +org.apache.hc.core5.benchmark,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,, +org.apache.hc.core5.function,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +org.apache.hc.core5.http,73,2,45,,,,,,1,,,,,,,,,,,,,,,,,,,72,,,,,,,,,2,45, +org.apache.hc.core5.net,,,18,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18, +org.apache.hc.core5.util,,,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18,6 +org.apache.hive.hcatalog.templeton,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,, +org.apache.http,48,3,94,,,,,,2,,,,,,,,,,,,,,,,,,,46,,,,,,,,,3,86,8 +org.apache.ibatis.jdbc,6,,57,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,57, +org.apache.log4j,11,,,,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,, +org.apache.logging.log4j,359,,8,,,,,,,,,,,,,359,,,,,,,,,,,,,,,,,,,,,,4,4 +org.apache.shiro.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +org.apache.shiro.jndi,1,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,, +org.apache.tools.ant,11,,,,,,,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,, +org.apache.tools.zip,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +org.apache.velocity.app,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,, +org.apache.velocity.runtime,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,, +org.codehaus.cargo.container.installer,3,,,,,,,,,,,,,,,,,,2,,,,,,,,,1,,,,,,,,,,, +org.codehaus.groovy.control,1,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +org.dom4j,20,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,20,,,,,, +org.eclipse.jetty.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,, +org.geogebra.web.full.main,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,, +org.hibernate,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,, +org.jboss.logging,324,,,,,,,,,,,,,,,324,,,,,,,,,,,,,,,,,,,,,,, +org.jdbi.v3.core,6,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,, +org.jooq,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,, +org.json,,,236,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,198,38 +org.kohsuke.stapler,3,,1,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,1,,,,,,1, +org.mvel2,16,,,,,,,,,,,,,,,,16,,,,,,,,,,,,,,,,,,,,,, +org.openjdk.jmh.runner.options,1,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,, +org.scijava.log,13,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,,,,, +org.slf4j,55,,6,,,,,,,,,,,,,55,,,,,,,,,,,,,,,,,,,,,,2,4 +org.springframework.beans,,,30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30 +org.springframework.boot.jdbc,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,, +org.springframework.cache,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13 +org.springframework.context,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3, +org.springframework.data.repository,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1 +org.springframework.http,14,,71,,,,,,,,,,,,,,,,,,,,,,,,,14,,,,,,,,,,61,10 +org.springframework.jdbc.core,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,, +org.springframework.jdbc.datasource,4,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,, +org.springframework.jdbc.object,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,, +org.springframework.jndi,1,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,, +org.springframework.ldap,47,,,,,,,,,,,,33,,14,,,,,,,,,,,,,,,,,,,,,,,, +org.springframework.security.web.savedrequest,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,, +org.springframework.ui,,,32,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,32 +org.springframework.util,3,,142,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,90,52 +org.springframework.validation,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13, +org.springframework.web.client,13,3,,,,,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,3,, +org.springframework.web.context.request,,8,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,, +org.springframework.web.multipart,,12,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,12,13, +org.springframework.web.reactive.function.client,2,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,, +org.springframework.web.util,,,165,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,140,25 +org.thymeleaf,2,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,2, +org.xml.sax,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +org.xmlpull.v1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,, +play.libs.ws,2,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,, +play.mvc,,13,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,24, +ratpack.core.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3, +ratpack.core.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4, +ratpack.core.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10, +ratpack.exec,,,48,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,48 +ratpack.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3, +ratpack.func,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35 +ratpack.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4, +ratpack.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10, +ratpack.util,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35 +retrofit2,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,, diff --git a/java/documentation/library-coverage/coverage.rst b/java/documentation/library-coverage/coverage.rst index b87eeb390fe..644b4aaef6a 100644 --- a/java/documentation/library-coverage/coverage.rst +++ b/java/documentation/library-coverage/coverage.rst @@ -6,22 +6,22 @@ Java framework & library support :class: fullWidthTable :widths: auto - Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE‑022` :sub:`Path injection`,`CWE‑079` :sub:`Cross-site scripting`,`CWE‑089` :sub:`SQL injection`,`CWE‑090` :sub:`LDAP injection`,`CWE‑094` :sub:`Code injection`,`CWE‑319` :sub:`Cleartext transmission` + Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE‑022` :sub:`Path injection`,`CWE‑079` :sub:`Cross-site scripting`,`CWE‑089` :sub:`SQL injection`,`CWE‑090` :sub:`LDAP injection`,`CWE‑094` :sub:`Code injection`,`CWE‑918` :sub:`Request Forgery` Android,``android.*``,52,481,138,,3,67,,, Android extensions,``androidx.*``,5,183,19,,,,,, `Apache Commons Collections <https://commons.apache.org/proper/commons-collections/>`_,"``org.apache.commons.collections``, ``org.apache.commons.collections4``",,1600,,,,,,, - `Apache Commons IO <https://commons.apache.org/proper/commons-io/>`_,``org.apache.commons.io``,,560,111,93,,,,,15 + `Apache Commons IO <https://commons.apache.org/proper/commons-io/>`_,``org.apache.commons.io``,,560,111,94,,,,,15 `Apache Commons Lang <https://commons.apache.org/proper/commons-lang/>`_,``org.apache.commons.lang3``,,424,6,,,,,, `Apache Commons Text <https://commons.apache.org/proper/commons-text/>`_,``org.apache.commons.text``,,272,,,,,,, `Apache HttpComponents <https://hc.apache.org/>`_,"``org.apache.hc.core5.*``, ``org.apache.http``",5,182,122,,3,,,,119 `Apache Log4j 2 <https://logging.apache.org/log4j/2.0/>`_,``org.apache.logging.log4j``,,8,359,,,,,, - `Google Guava <https://guava.dev/>`_,``com.google.common.*``,,730,41,2,,,,, + `Google Guava <https://guava.dev/>`_,``com.google.common.*``,,730,41,7,,,,, JBoss Logging,``org.jboss.logging``,,,324,,,,,, `JSON-java <https://github.com/stleary/JSON-java>`_,``org.json``,,236,,,,,,, - Java Standard Library,``java.*``,3,679,170,40,,9,,,13 - Java extensions,"``javax.*``, ``jakarta.*``",63,611,34,1,4,,1,1,2 - Kotlin Standard Library,``kotlin*``,,1843,16,11,,,,,2 - `Spring <https://spring.io/>`_,``org.springframework.*``,29,483,113,2,,28,14,,29 - Others,"``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.google.gson``, ``com.hubspot.jinjava``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.thoughtworks.xstream``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jodd.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.geogebra.web.full.main``, ``org.hibernate``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",98,890,520,26,,18,18,,185 - Totals,,255,9182,1973,175,10,122,33,1,365 + Java Standard Library,``java.*``,3,679,170,62,,9,,,17 + Java extensions,"``javax.*``, ``jakarta.*``",63,611,34,2,4,,1,1,2 + Kotlin Standard Library,``kotlin*``,,1843,16,14,,,,,2 + `Spring <https://spring.io/>`_,``org.springframework.*``,29,483,113,3,,28,14,,34 + Others,"``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.google.gson``, ``com.hubspot.jinjava``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.thoughtworks.xstream``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jodd.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.geogebra.web.full.main``, ``org.hibernate``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",98,890,520,60,,18,18,,193 + Totals,,255,9182,1973,242,10,122,33,1,382 From 527fe523a88be1283039ef3cd51091db57b16fb0 Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Fri, 19 May 2023 16:42:08 +0200 Subject: [PATCH 802/870] Add PathCreation.qll sinks to models-as-data The old PathCreation sinks can't be removed because doing so would cause alert wobble in the path injection queries. See their getReportingNode predicates. --- .../2023-05-19-path-injection-sinks-mad.md | 4 ++++ java/ql/lib/ext/java.io.model.yml | 5 +++++ java/ql/lib/ext/java.nio.file.model.yml | 13 +++++++++---- java/ql/lib/ext/java.nio.model.yml | 1 + .../semmle/code/java/security/TaintedPathQuery.qll | 13 ++----------- java/ql/src/Security/CWE/CWE-022/TaintedPath.ql | 1 + .../ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql | 1 + .../Security/CWE/CWE-073/FilePathInjection.ql | 3 +-- .../security/CWE-073/FilePathInjection.expected | 11 +++++++++++ .../SupportedExternalSinks.expected | 1 + 10 files changed, 36 insertions(+), 17 deletions(-) create mode 100644 java/ql/lib/change-notes/2023-05-19-path-injection-sinks-mad.md diff --git a/java/ql/lib/change-notes/2023-05-19-path-injection-sinks-mad.md b/java/ql/lib/change-notes/2023-05-19-path-injection-sinks-mad.md new file mode 100644 index 00000000000..5f666a0de4f --- /dev/null +++ b/java/ql/lib/change-notes/2023-05-19-path-injection-sinks-mad.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Path creation sinks modeled in `PathCreation.qll` have been added to the models-as-data sink kinds `create-file` and `read-file`. diff --git a/java/ql/lib/ext/java.io.model.yml b/java/ql/lib/ext/java.io.model.yml index e0920d7df16..83e57a68c74 100644 --- a/java/ql/lib/ext/java.io.model.yml +++ b/java/ql/lib/ext/java.io.model.yml @@ -3,6 +3,10 @@ extensions: pack: codeql/java-all extensible: sinkModel data: + - ["java.io", "File", False, "File", "(File,String)", "", "Argument[1]", "path-injection", "manual"] # old PathCreation + - ["java.io", "File", False, "File", "(String)", "", "Argument[0]", "path-injection", "manual"] # old PathCreation + - ["java.io", "File", False, "File", "(String,String)", "", "Argument[0..1]", "path-injection", "manual"] # old PathCreation + - ["java.io", "File", False, "File", "(URI)", "", "Argument[0]", "path-injection", "manual"] # old PathCreation - ["java.io", "File", True, "createTempFile", "(String,String,File)", "", "Argument[2]", "path-injection", "ai-manual"] - ["java.io", "File", True, "renameTo", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.io", "FileInputStream", True, "FileInputStream", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] @@ -11,6 +15,7 @@ extensions: - ["java.io", "FileOutputStream", False, "write", "", "", "Argument[0]", "file-content-store", "manual"] - ["java.io", "FileReader", True, "FileReader", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.io", "FileReader", True, "FileReader", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.io", "FileReader", True, "FileReader", "(String,Charset)", "", "Argument[0]", "path-injection", "manual"] - ["java.io", "FileSystem", True, "createDirectory", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.io", "FileWriter", False, "FileWriter", "", "", "Argument[0]", "path-injection", "manual"] - ["java.io", "PrintStream", False, "PrintStream", "(File)", "", "Argument[0]", "path-injection", "manual"] diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml index e4519fbc071..475ddc43eef 100644 --- a/java/ql/lib/ext/java.nio.file.model.yml +++ b/java/ql/lib/ext/java.nio.file.model.yml @@ -3,11 +3,9 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["java.nio.file", "Files", False, "copy", "(Path,OutputStream)", "", "Argument[0]", "path-injection", "manual"] - - ["java.nio.file", "Files", False, "copy", "(Path,Path,CopyOption[])", "", "Argument[0]", "path-injection", "manual"] - - ["java.nio.file", "Files", False, "copy", "(Path,Path,CopyOption[])", "", "Argument[1]", "path-injection", "manual"] + - ["java.nio.file", "Files", False, "copy", "", "", "Argument[0]", "path-injection", "manual"] - ["java.nio.file", "Files", False, "copy", "(InputStream,Path,CopyOption[])", "", "Argument[0]", "file-content-store", "manual"] - - ["java.nio.file", "Files", False, "copy", "(InputStream,Path,CopyOption[])", "", "Argument[1]", "path-injection", "manual"] + - ["java.nio.file", "Files", False, "copy", "", "", "Argument[1]", "path-injection", "manual"] - ["java.nio.file", "Files", False, "createDirectories", "", "", "Argument[0]", "path-injection", "manual"] - ["java.nio.file", "Files", False, "createDirectory", "", "", "Argument[0]", "path-injection", "manual"] - ["java.nio.file", "Files", False, "createFile", "", "", "Argument[0]", "path-injection", "manual"] @@ -40,6 +38,13 @@ extensions: - ["java.nio.file", "Files", True, "delete", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.nio.file", "Files", True, "newInputStream", "(Path,OpenOption[])", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.nio.file", "Files", True, "newOutputStream", "(Path,OpenOption[])", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "FileSystem", False, "getPath", "", "", "Argument[0..1]", "path-injection", "manual"] # old PathCreation + - ["java.nio.file", "Path", False, "of", "(String,String[])", "", "Argument[0..1]", "path-injection", "manual"] # old PathCreation + - ["java.nio.file", "Path", False, "of", "(URI)", "", "Argument[0]", "path-injection", "manual"] # old PathCreation + - ["java.nio.file", "Path", False, "resolve", "(String)", "", "Argument[0]", "path-injection", "manual"] # old PathCreation + - ["java.nio.file", "Path", False, "resolveSibling", "(String)", "", "Argument[0]", "path-injection", "manual"] # old PathCreation + - ["java.nio.file", "Paths", False, "get", "(String,String[])", "", "Argument[0..1]", "path-injection", "manual"] # old PathCreation + - ["java.nio.file", "Paths", False, "get", "(URI)", "", "Argument[0]", "path-injection", "manual"] # old PathCreation - ["java.nio.file", "SecureDirectoryStream", True, "deleteDirectory", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.nio.file", "SecureDirectoryStream", True, "deleteFile", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] - addsTo: diff --git a/java/ql/lib/ext/java.nio.model.yml b/java/ql/lib/ext/java.nio.model.yml index 1548dc2c649..9fbe1b253ec 100644 --- a/java/ql/lib/ext/java.nio.model.yml +++ b/java/ql/lib/ext/java.nio.model.yml @@ -6,6 +6,7 @@ extensions: - ["java.nio", "ByteBuffer", False, "array", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.nio", "ByteBuffer", False, "get", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.nio", "ByteBuffer", False, "wrap", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["java.nio", "Paths", False, "get", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # old PathCreation - addsTo: pack: codeql/java-all diff --git a/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll b/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll index 4fa64846c91..a90a23c2165 100644 --- a/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll +++ b/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll @@ -5,7 +5,6 @@ import semmle.code.java.frameworks.Networking import semmle.code.java.dataflow.DataFlow import semmle.code.java.dataflow.FlowSources private import semmle.code.java.dataflow.ExternalFlow -import semmle.code.java.security.PathCreation import semmle.code.java.security.PathSanitizer /** @@ -55,11 +54,7 @@ private class TaintPreservingUriCtorParam extends Parameter { module TaintedPathConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - predicate isSink(DataFlow::Node sink) { - sink.asExpr() = any(PathCreation p).getAnInput() - or - sinkNode(sink, "path-injection") - } + predicate isSink(DataFlow::Node sink) { sinkNode(sink, "path-injection") } predicate isBarrier(DataFlow::Node sanitizer) { sanitizer.getType() instanceof BoxedType or @@ -82,11 +77,7 @@ module TaintedPathFlow = TaintTracking::Global<TaintedPathConfig>; module TaintedPathLocalConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput } - predicate isSink(DataFlow::Node sink) { - sink.asExpr() = any(PathCreation p).getAnInput() - or - sinkNode(sink, "path-injection") - } + predicate isSink(DataFlow::Node sink) { sinkNode(sink, "path-injection") } predicate isBarrier(DataFlow::Node sanitizer) { sanitizer.getType() instanceof BoxedType or diff --git a/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql b/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql index 2d73514d97b..96e8e66c7cd 100644 --- a/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql +++ b/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql @@ -14,6 +14,7 @@ */ import java +import semmle.code.java.security.PathCreation import semmle.code.java.security.TaintedPathQuery import TaintedPathFlow::PathGraph diff --git a/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql b/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql index c017b8a3aa9..8e56121883f 100644 --- a/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql +++ b/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql @@ -14,6 +14,7 @@ */ import java +import semmle.code.java.security.PathCreation import semmle.code.java.security.TaintedPathQuery import TaintedPathLocalFlow::PathGraph diff --git a/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql index 8e113837bca..ba3411e4da2 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql @@ -16,7 +16,6 @@ import java import semmle.code.java.dataflow.TaintTracking import semmle.code.java.dataflow.ExternalFlow import semmle.code.java.dataflow.FlowSources -import semmle.code.java.security.PathCreation import JFinalController import semmle.code.java.security.PathSanitizer import InjectFilePathFlow::PathGraph @@ -52,7 +51,7 @@ module InjectFilePathConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } predicate isSink(DataFlow::Node sink) { - sink.asExpr() = any(PathCreation p).getAnInput() and + sinkNode(sink, "path-injection") and not sink instanceof NormalizedPathNode } diff --git a/java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.expected b/java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.expected index 5720de5c4b9..cd2b49f28c1 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.expected @@ -2,7 +2,12 @@ edges | FilePathInjection.java:21:21:21:34 | getPara(...) : String | FilePathInjection.java:26:47:26:59 | finalFilePath | | FilePathInjection.java:64:21:64:34 | getPara(...) : String | FilePathInjection.java:72:47:72:59 | finalFilePath | | FilePathInjection.java:87:21:87:34 | getPara(...) : String | FilePathInjection.java:95:47:95:59 | finalFilePath | +| FilePathInjection.java:177:50:177:58 | file : File | FilePathInjection.java:182:30:182:33 | file | | FilePathInjection.java:205:17:205:44 | getParameter(...) : String | FilePathInjection.java:209:24:209:31 | filePath | +| FilePathInjection.java:205:17:205:44 | getParameter(...) : String | FilePathInjection.java:209:24:209:31 | filePath : String | +| FilePathInjection.java:209:15:209:32 | new File(...) : File | FilePathInjection.java:217:19:217:22 | file : File | +| FilePathInjection.java:209:24:209:31 | filePath : String | FilePathInjection.java:209:15:209:32 | new File(...) : File | +| FilePathInjection.java:217:19:217:22 | file : File | FilePathInjection.java:177:50:177:58 | file : File | nodes | FilePathInjection.java:21:21:21:34 | getPara(...) : String | semmle.label | getPara(...) : String | | FilePathInjection.java:26:47:26:59 | finalFilePath | semmle.label | finalFilePath | @@ -10,11 +15,17 @@ nodes | FilePathInjection.java:72:47:72:59 | finalFilePath | semmle.label | finalFilePath | | FilePathInjection.java:87:21:87:34 | getPara(...) : String | semmle.label | getPara(...) : String | | FilePathInjection.java:95:47:95:59 | finalFilePath | semmle.label | finalFilePath | +| FilePathInjection.java:177:50:177:58 | file : File | semmle.label | file : File | +| FilePathInjection.java:182:30:182:33 | file | semmle.label | file | | FilePathInjection.java:205:17:205:44 | getParameter(...) : String | semmle.label | getParameter(...) : String | +| FilePathInjection.java:209:15:209:32 | new File(...) : File | semmle.label | new File(...) : File | | FilePathInjection.java:209:24:209:31 | filePath | semmle.label | filePath | +| FilePathInjection.java:209:24:209:31 | filePath : String | semmle.label | filePath : String | +| FilePathInjection.java:217:19:217:22 | file : File | semmle.label | file : File | subpaths #select | FilePathInjection.java:26:47:26:59 | finalFilePath | FilePathInjection.java:21:21:21:34 | getPara(...) : String | FilePathInjection.java:26:47:26:59 | finalFilePath | External control of file name or path due to $@. | FilePathInjection.java:21:21:21:34 | getPara(...) | user-provided value | | FilePathInjection.java:72:47:72:59 | finalFilePath | FilePathInjection.java:64:21:64:34 | getPara(...) : String | FilePathInjection.java:72:47:72:59 | finalFilePath | External control of file name or path due to $@. | FilePathInjection.java:64:21:64:34 | getPara(...) | user-provided value | | FilePathInjection.java:95:47:95:59 | finalFilePath | FilePathInjection.java:87:21:87:34 | getPara(...) : String | FilePathInjection.java:95:47:95:59 | finalFilePath | External control of file name or path due to $@. | FilePathInjection.java:87:21:87:34 | getPara(...) | user-provided value | +| FilePathInjection.java:182:30:182:33 | file | FilePathInjection.java:205:17:205:44 | getParameter(...) : String | FilePathInjection.java:182:30:182:33 | file | External control of file name or path due to $@. | FilePathInjection.java:205:17:205:44 | getParameter(...) | user-provided value | | FilePathInjection.java:209:24:209:31 | filePath | FilePathInjection.java:205:17:205:44 | getParameter(...) : String | FilePathInjection.java:209:24:209:31 | filePath | External control of file name or path due to $@. | FilePathInjection.java:205:17:205:44 | getParameter(...) | user-provided value | diff --git a/java/ql/test/query-tests/Telemetry/SupportedExternalSinks/SupportedExternalSinks.expected b/java/ql/test/query-tests/Telemetry/SupportedExternalSinks/SupportedExternalSinks.expected index 6cb849601d5..5f0ed7d05df 100644 --- a/java/ql/test/query-tests/Telemetry/SupportedExternalSinks/SupportedExternalSinks.expected +++ b/java/ql/test/query-tests/Telemetry/SupportedExternalSinks/SupportedExternalSinks.expected @@ -1,2 +1,3 @@ +| java.io.File#File(String) | 1 | | java.io.FileWriter#FileWriter(File) | 1 | | java.net.URL#openStream() | 1 | From 77d27992784255876a01f66b8dda07ad974d925d Mon Sep 17 00:00:00 2001 From: Asger F <asgerf@github.com> Date: Fri, 2 Jun 2023 10:33:44 +0200 Subject: [PATCH 803/870] Update javascript/ql/lib/semmle/javascript/Regexp.qll Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com> --- javascript/ql/lib/semmle/javascript/Regexp.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/Regexp.qll b/javascript/ql/lib/semmle/javascript/Regexp.qll index a20f5343428..de1a3f0d98f 100644 --- a/javascript/ql/lib/semmle/javascript/Regexp.qll +++ b/javascript/ql/lib/semmle/javascript/Regexp.qll @@ -959,7 +959,7 @@ private predicate isUsedAsNonMatchObject(DataFlow::MethodCallNode call) { } /** - * Holds if `call` is a call to `search` whose result is used in a way that suggests it returns a number. + * Holds if `value` is used in a way that suggests it returns a number. */ pragma[inline] private predicate isUsedAsNumber(DataFlow::LocalSourceNode value) { From 7b17b92aca4b703c09530d3beb776f28fa34aca9 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Fri, 2 Jun 2023 10:36:11 +0200 Subject: [PATCH 804/870] Fix typo in spelling of expectation --- csharp/ql/test/TestUtilities/InlineFlowTest.qll | 2 +- go/ql/test/TestUtilities/InlineFlowTest.qll | 2 +- java/ql/test/TestUtilities/InlineFlowTest.qll | 2 +- python/ql/test/experimental/meta/ConceptsTest.qll | 2 +- ruby/ql/test/TestUtilities/InlineFlowTest.qll | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/csharp/ql/test/TestUtilities/InlineFlowTest.qll b/csharp/ql/test/TestUtilities/InlineFlowTest.qll index f69b81caf64..a31d531e1b6 100644 --- a/csharp/ql/test/TestUtilities/InlineFlowTest.qll +++ b/csharp/ql/test/TestUtilities/InlineFlowTest.qll @@ -13,7 +13,7 @@ * * ``` * - * To declare expecations, you can use the $hasTaintFlow or $hasValueFlow comments within the test source files. + * To declare expectations, you can use the $hasTaintFlow or $hasValueFlow comments within the test source files. * Example of the corresponding test file, e.g. Test.cs * ```csharp * public class Test diff --git a/go/ql/test/TestUtilities/InlineFlowTest.qll b/go/ql/test/TestUtilities/InlineFlowTest.qll index f080de86e16..0726265699f 100644 --- a/go/ql/test/TestUtilities/InlineFlowTest.qll +++ b/go/ql/test/TestUtilities/InlineFlowTest.qll @@ -7,7 +7,7 @@ * import TestUtilities.InlineFlowTest * ``` * - * To declare expecations, you can use the $hasTaintFlow or $hasValueFlow comments within the test source files. + * To declare expectations, you can use the $hasTaintFlow or $hasValueFlow comments within the test source files. * Example of the corresponding test file, e.g. Test.java * ```go * public class Test { diff --git a/java/ql/test/TestUtilities/InlineFlowTest.qll b/java/ql/test/TestUtilities/InlineFlowTest.qll index 1731b73f24e..5e37770a279 100644 --- a/java/ql/test/TestUtilities/InlineFlowTest.qll +++ b/java/ql/test/TestUtilities/InlineFlowTest.qll @@ -7,7 +7,7 @@ * import TestUtilities.InlineFlowTest * ``` * - * To declare expecations, you can use the $hasTaintFlow or $hasValueFlow comments within the test source files. + * To declare expectations, you can use the $hasTaintFlow or $hasValueFlow comments within the test source files. * Example of the corresponding test file, e.g. Test.java * ```java * public class Test { diff --git a/python/ql/test/experimental/meta/ConceptsTest.qll b/python/ql/test/experimental/meta/ConceptsTest.qll index 3f76315e8b1..27c8cb99ab4 100644 --- a/python/ql/test/experimental/meta/ConceptsTest.qll +++ b/python/ql/test/experimental/meta/ConceptsTest.qll @@ -317,7 +317,7 @@ class HttpServerHttpResponseTest extends InlineExpectationsTest { location = response.getLocation() and element = response.toString() and // Ensure that an expectation value such as "mimetype=text/html; charset=utf-8" is parsed as a - // single expectation with tag mimetype, and not as two expecations with tags mimetype and + // single expectation with tag mimetype, and not as two expectations with tags mimetype and // charset. ( if exists(response.getMimetype().indexOf(" ")) diff --git a/ruby/ql/test/TestUtilities/InlineFlowTest.qll b/ruby/ql/test/TestUtilities/InlineFlowTest.qll index dbac70ede0a..d653a3e414e 100644 --- a/ruby/ql/test/TestUtilities/InlineFlowTest.qll +++ b/ruby/ql/test/TestUtilities/InlineFlowTest.qll @@ -11,7 +11,7 @@ * select sink, source, sink, "$@", source, source.toString() * ``` * - * To declare expecations, you can use the $hasTaintFlow or $hasValueFlow comments within the test source files. + * To declare expectations, you can use the $hasTaintFlow or $hasValueFlow comments within the test source files. * Example of the corresponding test file, e.g. test.rb * ```rb * s = source(1) From cc8aac5435b73b4b7ecf805c2ed12e6607b9cd6e Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen <mathiasvp@github.com> Date: Tue, 30 May 2023 15:14:03 -0700 Subject: [PATCH 805/870] C++: Use the 'shortestDistances' HOP to count indirections instead of manual recursion. This avoids cyclic problems when we have invalid types. --- .../dataflow/internal/SsaInternalsCommon.qll | 31 +++++++++++-------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternalsCommon.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternalsCommon.qll index 84cdefe7823..8f6b581edcf 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternalsCommon.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternalsCommon.qll @@ -139,6 +139,20 @@ class AllocationInstruction extends CallInstruction { AllocationInstruction() { this.getStaticCallTarget() instanceof Cpp::AllocationFunction } } +private predicate isIndirectionType(Type t) { t instanceof Indirection } + +private predicate hasUnspecifiedBaseType(Indirection t, Type base) { + base = t.getBaseType().getUnspecifiedType() +} + +/** + * Holds if `t2` is the same type as `t1`, but after stripping away `result` number + * of indirections. + * Furthermore, specifies in `t2` been deeply stripped and typedefs has been resolved. + */ +private int getNumberOfIndirectionsImpl(Type t1, Type t2) = + shortestDistances(isIndirectionType/1, hasUnspecifiedBaseType/2)(t1, t2, result) + /** * An abstract class for handling indirections. * @@ -157,7 +171,10 @@ abstract class Indirection extends Type { * For example, the number of indirections of a variable `p` of type * `int**` is `3` (i.e., `p`, `*p` and `**p`). */ - abstract int getNumberOfIndirections(); + final int getNumberOfIndirections() { + result = + getNumberOfIndirectionsImpl(this.getType(), any(Type end | not end instanceof Indirection)) + } /** * Holds if `deref` is an instruction that behaves as a `LoadInstruction` @@ -195,19 +212,11 @@ private class PointerOrArrayOrReferenceTypeIndirection extends Indirection insta PointerOrArrayOrReferenceTypeIndirection() { baseType = PointerOrArrayOrReferenceType.super.getBaseType() } - - override int getNumberOfIndirections() { - result = 1 + countIndirections(this.getBaseType().getUnspecifiedType()) - } } private class PointerWrapperTypeIndirection extends Indirection instanceof PointerWrapper { PointerWrapperTypeIndirection() { baseType = PointerWrapper.super.getBaseType() } - override int getNumberOfIndirections() { - result = 1 + countIndirections(this.getBaseType().getUnspecifiedType()) - } - override predicate isAdditionalDereference(Instruction deref, Operand address) { exists(CallInstruction call | operandForFullyConvertedCall(getAUse(deref), call) and @@ -228,10 +237,6 @@ private module IteratorIndirections { baseType = super.getValueType() } - override int getNumberOfIndirections() { - result = 1 + countIndirections(this.getBaseType().getUnspecifiedType()) - } - override predicate isAdditionalDereference(Instruction deref, Operand address) { exists(CallInstruction call | operandForFullyConvertedCall(getAUse(deref), call) and From 44b6366586d4ae2fb54f847c709a4ca46590a59c Mon Sep 17 00:00:00 2001 From: erik-krogh <erik-krogh@github.com> Date: Thu, 1 Jun 2023 09:44:30 +0200 Subject: [PATCH 806/870] delete old deprecations --- csharp/ql/lib/semmle/code/asp/WebConfig.qll | 21 ---- csharp/ql/lib/semmle/code/cil/Types.qll | 5 - csharp/ql/lib/semmle/code/csharp/Type.qll | 10 -- .../csharp/commons/StructuralComparison.qll | 42 -------- .../dataflow/internal/DataFlowPublic.qll | 10 -- .../security/dataflow/ExternalAPIsQuery.qll | 15 --- .../security/dataflow/LDAPInjectionQuery.qll | 3 - .../implementation/internal/TInstruction.qll | 6 -- .../ir/implementation/internal/TOperand.qll | 11 --- .../ir/implementation/raw/Instruction.qll | 6 -- .../raw/internal/IRConstruction.qll | 6 -- .../raw/internal/TranslatedCondition.qll | 3 - .../raw/internal/TranslatedDeclaration.qll | 3 - .../raw/internal/TranslatedElement.qll | 3 - .../raw/internal/TranslatedExpr.qll | 3 - .../raw/internal/TranslatedFunction.qll | 6 -- .../raw/internal/TranslatedInitialization.qll | 9 -- .../raw/internal/TranslatedStmt.qll | 3 - .../unaliased_ssa/Instruction.qll | 6 -- .../internal/SSAConstruction.qll | 12 --- .../unaliased_ssa/internal/SimpleSSA.qll | 6 -- java/ql/lib/semmle/code/java/Expr.qll | 3 - .../controlflow/internal/Preconditions.qll | 9 -- java/ql/lib/semmle/code/java/dataflow/SSA.qll | 3 - .../code/java/dataflow/internal/BaseSSA.qll | 3 - .../semmle/code/java/deadcode/EntryPoints.qll | 3 - .../code/java/frameworks/Networking.qll | 3 - .../semmle/code/java/frameworks/Servlets.qll | 6 -- .../semmle/code/java/frameworks/UnboundId.qll | 14 --- .../jackson/JacksonSerializability.qll | 3 - .../java/frameworks/javaee/PersistenceXML.qll | 3 - .../java/frameworks/javaee/ejb/EJBJarXML.qll | 3 - .../javaee/jsf/JSFFacesContextXML.qll | 6 -- .../java/frameworks/spring/SpringAutowire.qll | 3 - .../java/frameworks/spring/SpringCamel.qll | 24 ----- .../frameworks/spring/SpringComponentScan.qll | 3 - .../java/frameworks/spring/SpringFlex.qll | 5 - .../frameworks/spring/SpringXMLElement.qll | 3 - .../frameworks/struts/StrutsConventions.qll | 3 - .../code/java/frameworks/struts/StrutsXML.qll | 24 ----- .../semmle/code/java/security/Encryption.qll | 3 - .../code/java/security/ExternalAPIs.qll | 15 --- .../semmle/code/java/security/XmlParsers.qll | 87 ----------------- java/ql/lib/semmle/code/xml/WebXML.qll | 9 -- .../Security/CWE/CWE-089/MyBatisCommonLib.qll | 3 - .../semmle/code/xml/StrutsXML.qll | 6 -- .../src/semmle/code/xml/MyBatisMapperXML.qll | 6 -- .../adaptivethreatmodeling/ATMConfig.qll | 3 - .../FunctionBodyFeatures.qll | 6 -- .../ql/lib/Expressions/DOMProperties.qll | 6 -- javascript/ql/lib/semmle/javascript/AST.qll | 6 -- .../ql/lib/semmle/javascript/ApiGraphs.qll | 3 - .../ql/lib/semmle/javascript/DefUse.qll | 68 ------------- javascript/ql/lib/semmle/javascript/E4X.qll | 15 --- javascript/ql/lib/semmle/javascript/JSON.qll | 27 ------ javascript/ql/lib/semmle/javascript/JSX.qll | 27 ------ .../semmle/javascript/JsonStringifiers.qll | 3 - javascript/ql/lib/semmle/javascript/NPM.qll | 9 -- .../ql/lib/semmle/javascript/PrintAst.qll | 51 ---------- .../semmle/javascript/dataflow/DataFlow.qll | 2 - .../javascript/dataflow/TaintTracking.qll | 19 ---- .../javascript/dependencies/Dependencies.qll | 18 ---- .../dependencies/FrameworkLibraries.qll | 21 ---- .../javascript/frameworks/ClientRequests.qll | 6 -- .../semmle/javascript/frameworks/Files.qll | 6 -- .../semmle/javascript/frameworks/Markdown.qll | 3 - .../lib/semmle/javascript/frameworks/Next.qll | 3 - .../semmle/javascript/frameworks/NoSQL.qll | 3 - .../javascript/frameworks/UriLibraries.qll | 24 ----- .../javascript/frameworks/WebSocket.qll | 3 - .../javascript/internal/CachedStages.qll | 3 - .../dataflow/CodeInjectionCustomizations.qll | 6 -- .../javascript/security/dataflow/DOM.qll | 27 ------ .../security/dataflow/DomBasedXssQuery.qll | 6 -- .../ExternalAPIUsedWithUntrustedData.qll | 3 - ...APIUsedWithUntrustedDataCustomizations.qll | 9 -- .../ExternalAPIUsedWithUntrustedDataQuery.qll | 9 -- ...ImproperCodeSanitizationCustomizations.qll | 3 - .../InsecureDownloadCustomizations.qll | 9 -- .../UnsafeHtmlConstructionCustomizations.qll | 6 -- .../javascript/security/dataflow/Xss.qll | 3 - .../dataflow/XssThroughDomCustomizations.qll | 3 - .../ql/src/Declarations/Definitions.qll | 12 --- .../frameworks/ReactJS/ReactName.qll | 3 - .../Validating RAML-based APIs/Osprey.qll | 6 -- .../Validating RAML-based APIs/RAML.qll | 9 -- ruby/ql/lib/codeql/ruby/Concepts.qll | 8 -- ruby/ql/lib/codeql/ruby/ast/Expr.qll | 7 -- ruby/ql/lib/codeql/ruby/ast/Literal.qll | 12 --- ruby/ql/lib/codeql/ruby/ast/Pattern.qll | 16 --- .../lib/codeql/ruby/controlflow/CfgNodes.qll | 7 -- .../ruby/frameworks/StandardLibrary.qll | 97 ------------------- .../ruby/security/ReflectedXSSQuery.qll | 3 - .../codeql/ruby/security/StoredXSSQuery.qll | 3 - ruby/ql/lib/codeql/ruby/security/XSS.qll | 15 --- 95 files changed, 1059 deletions(-) delete mode 100644 ruby/ql/lib/codeql/ruby/frameworks/StandardLibrary.qll diff --git a/csharp/ql/lib/semmle/code/asp/WebConfig.qll b/csharp/ql/lib/semmle/code/asp/WebConfig.qll index 49e42fce5c1..fdc251b4242 100644 --- a/csharp/ql/lib/semmle/code/asp/WebConfig.qll +++ b/csharp/ql/lib/semmle/code/asp/WebConfig.qll @@ -18,9 +18,6 @@ class WebConfigReleaseTransformXml extends XmlFile { WebConfigReleaseTransformXml() { this.getName().matches("%Web.Release.config") } } -/** DEPRECATED: Alias for WebConfigXml */ -deprecated class WebConfigXML = WebConfigXml; - /** A `<configuration>` tag in an ASP.NET configuration file. */ class ConfigurationXmlElement extends XmlElement { ConfigurationXmlElement() { this.getName().toLowerCase() = "configuration" } @@ -31,9 +28,6 @@ class CompilationXmlElement extends XmlElement { CompilationXmlElement() { this.getName().toLowerCase() = "compilation" } } -/** DEPRECATED: Alias for ConfigurationXmlElement */ -deprecated class ConfigurationXMLElement = ConfigurationXmlElement; - /** A `<location>` tag in an ASP.NET configuration file. */ class LocationXmlElement extends XmlElement { LocationXmlElement() { @@ -42,9 +36,6 @@ class LocationXmlElement extends XmlElement { } } -/** DEPRECATED: Alias for LocationXmlElement */ -deprecated class LocationXMLElement = LocationXmlElement; - /** A `<system.web>` tag in an ASP.NET configuration file. */ class SystemWebXmlElement extends XmlElement { SystemWebXmlElement() { @@ -57,9 +48,6 @@ class SystemWebXmlElement extends XmlElement { } } -/** DEPRECATED: Alias for SystemWebXmlElement */ -deprecated class SystemWebXMLElement = SystemWebXmlElement; - /** A `<system.webServer>` tag in an ASP.NET configuration file. */ class SystemWebServerXmlElement extends XmlElement { SystemWebServerXmlElement() { @@ -72,9 +60,6 @@ class SystemWebServerXmlElement extends XmlElement { } } -/** DEPRECATED: Alias for SystemWebServerXmlElement */ -deprecated class SystemWebServerXMLElement = SystemWebServerXmlElement; - /** A `<customErrors>` tag in an ASP.NET configuration file. */ class CustomErrorsXmlElement extends XmlElement { CustomErrorsXmlElement() { @@ -83,9 +68,6 @@ class CustomErrorsXmlElement extends XmlElement { } } -/** DEPRECATED: Alias for CustomErrorsXmlElement */ -deprecated class CustomErrorsXMLElement = CustomErrorsXmlElement; - /** A `<httpRuntime>` tag in an ASP.NET configuration file. */ class HttpRuntimeXmlElement extends XmlElement { HttpRuntimeXmlElement() { @@ -94,9 +76,6 @@ class HttpRuntimeXmlElement extends XmlElement { } } -/** DEPRECATED: Alias for HttpRuntimeXmlElement */ -deprecated class HttpRuntimeXMLElement = HttpRuntimeXmlElement; - /** A `<forms>` tag under `<system.web><authentication>` in an ASP.NET configuration file. */ class FormsElement extends XmlElement { FormsElement() { diff --git a/csharp/ql/lib/semmle/code/cil/Types.qll b/csharp/ql/lib/semmle/code/cil/Types.qll index 0e41fe748f4..2cfc09daf99 100644 --- a/csharp/ql/lib/semmle/code/cil/Types.qll +++ b/csharp/ql/lib/semmle/code/cil/Types.qll @@ -60,11 +60,6 @@ class Class extends ValueOrRefType { Class() { this.isClass() } } -/** A `record`. */ -deprecated class Record extends Class { - Record() { this.isRecord() } -} - /** An `interface`. */ class Interface extends ValueOrRefType { Interface() { this.isInterface() } diff --git a/csharp/ql/lib/semmle/code/csharp/Type.qll b/csharp/ql/lib/semmle/code/csharp/Type.qll index 8bb92c8c86a..85fde20e07d 100644 --- a/csharp/ql/lib/semmle/code/csharp/Type.qll +++ b/csharp/ql/lib/semmle/code/csharp/Type.qll @@ -780,16 +780,6 @@ class Class extends RefType, @class_type { override string getAPrimaryQlClass() { result = "Class" } } -/** - * DEPRECATED: Use `RecordClass` instead. - */ -deprecated class Record extends Class { - Record() { this.isRecord() } - - /** Gets the clone method of this record. */ - RecordCloneMethod getCloneMethod() { result = this.getAMember() } -} - /** * A `record`, for example * diff --git a/csharp/ql/lib/semmle/code/csharp/commons/StructuralComparison.qll b/csharp/ql/lib/semmle/code/csharp/commons/StructuralComparison.qll index 21102edb755..ca009448c10 100644 --- a/csharp/ql/lib/semmle/code/csharp/commons/StructuralComparison.qll +++ b/csharp/ql/lib/semmle/code/csharp/commons/StructuralComparison.qll @@ -200,45 +200,3 @@ predicate sameGvn(ControlFlowElement x, ControlFlowElement y) { pragma[only_bind_into](toGvn(pragma[only_bind_out](x))) = pragma[only_bind_into](toGvn(pragma[only_bind_out](y))) } - -/** - * DEPRECATED: Use `sameGvn` instead. - * - * A configuration for performing structural comparisons of program elements - * (expressions and statements). - * - * The predicate `candidate()` must be overridden, in order to identify the - * elements for which to perform structural comparison. - * - * Each use of the library is identified by a unique string value. - */ -abstract deprecated class StructuralComparisonConfiguration extends string { - bindingset[this] - StructuralComparisonConfiguration() { any() } - - /** - * Holds if elements `x` and `y` are candidates for testing structural - * equality. - * - * Subclasses are expected to override this predicate to identify the - * top-level elements which they want to compare. Care should be - * taken to avoid identifying too many pairs of elements, as in general - * there are very many structurally equal subtrees in a program, and - * in order to keep the computation feasible we must focus attention. - * - * Note that this relation is not expected to be symmetric -- it's - * fine to include a pair `(x, y)` but not `(y, x)`. - * In fact, not including the symmetrically implied fact will save - * half the computation time on the structural comparison. - */ - abstract predicate candidate(ControlFlowElement x, ControlFlowElement y); - - /** - * Holds if elements `x` and `y` structurally equal. `x` and `y` must be - * flagged as candidates for structural equality, that is, - * `candidate(x, y)` must hold. - */ - predicate same(ControlFlowElement x, ControlFlowElement y) { - this.candidate(x, y) and sameGvn(x, y) - } -} diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll index b22712087f2..b3599e3404e 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll @@ -106,16 +106,6 @@ class ParameterNode extends Node instanceof ParameterNodeImpl { result = c.asCallable().getParameter(ppos.getPosition()) ) } - - /** - * DEPRECATED - * - * Holds if this node is the parameter of callable `c` at the specified - * (zero-based) position. - */ - deprecated predicate isParameterOf(DataFlowCallable c, int i) { - super.isParameterOf(c, any(ParameterPosition pos | i = pos.getPosition())) - } } /** A definition, viewed as a node in a data flow graph. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll index 235897f0742..975dae84fcb 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll @@ -14,9 +14,6 @@ private import semmle.code.csharp.dataflow.FlowSummary */ abstract class SafeExternalApiCallable extends Callable { } -/** DEPRECATED: Alias for SafeExternalApiCallable */ -deprecated class SafeExternalAPICallable = SafeExternalApiCallable; - private class SummarizedCallableSafe extends SafeExternalApiCallable instanceof SummarizedCallable { } @@ -87,9 +84,6 @@ class ExternalApiDataNode extends DataFlow::Node { } } -/** DEPRECATED: Alias for ExternalApiDataNode */ -deprecated class ExternalAPIDataNode = ExternalApiDataNode; - /** * DEPRECATED: Use `RemoteSourceToExternalApi` instead. * @@ -113,9 +107,6 @@ private module RemoteSourceToExternalApiConfig implements DataFlow::ConfigSig { /** A module for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s. */ module RemoteSourceToExternalApi = TaintTracking::Global<RemoteSourceToExternalApiConfig>; -/** DEPRECATED: Alias for UntrustedDataToExternalApiConfig */ -deprecated class UntrustedDataToExternalAPIConfig = UntrustedDataToExternalApiConfig; - /** A node representing untrusted data being passed to an external API. */ class UntrustedExternalApiDataNode extends ExternalApiDataNode { UntrustedExternalApiDataNode() { RemoteSourceToExternalApi::flow(_, this) } @@ -124,9 +115,6 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode { DataFlow::Node getAnUntrustedSource() { RemoteSourceToExternalApi::flow(result, this) } } -/** DEPRECATED: Alias for UntrustedExternalApiDataNode */ -deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode; - /** An external API which is used with untrusted data. */ private newtype TExternalApi = /** An untrusted API method `m` where untrusted data is passed at `index`. */ @@ -161,6 +149,3 @@ class ExternalApiUsedWithUntrustedData extends TExternalApi { ) } } - -/** DEPRECATED: Alias for ExternalApiUsedWithUntrustedData */ -deprecated class ExternalAPIUsedWithUntrustedData = ExternalApiUsedWithUntrustedData; diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll index 9171bae41b4..3f9c5947b68 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll @@ -149,9 +149,6 @@ class LdapEncodeSanitizer extends Sanitizer { } } -/** DEPRECATED: Alias for LdapEncodeSanitizer */ -deprecated class LDAPEncodeSanitizer = LdapEncodeSanitizer; - private class SimpleTypeSanitizer extends Sanitizer, SimpleTypeSanitizedExpr { } private class GuidSanitizer extends Sanitizer, GuidSanitizedExpr { } diff --git a/csharp/ql/src/experimental/ir/implementation/internal/TInstruction.qll b/csharp/ql/src/experimental/ir/implementation/internal/TInstruction.qll index 169de03c2dc..bb3eb683653 100644 --- a/csharp/ql/src/experimental/ir/implementation/internal/TInstruction.qll +++ b/csharp/ql/src/experimental/ir/implementation/internal/TInstruction.qll @@ -73,9 +73,6 @@ module UnaliasedSsaInstructions { } } -/** DEPRECATED: Alias for UnaliasedSsaInstructions */ -deprecated module UnaliasedSSAInstructions = UnaliasedSsaInstructions; - /** * Provides wrappers for the constructors of each branch of `TInstruction` that is used by the * aliased SSA stage. @@ -107,6 +104,3 @@ module AliasedSsaInstructions { result = TAliasedSsaUnreachedInstruction(irFunc) } } - -/** DEPRECATED: Alias for AliasedSsaInstructions */ -deprecated module AliasedSSAInstructions = AliasedSsaInstructions; diff --git a/csharp/ql/src/experimental/ir/implementation/internal/TOperand.qll b/csharp/ql/src/experimental/ir/implementation/internal/TOperand.qll index 6327c603901..cf8a6a9b7b1 100644 --- a/csharp/ql/src/experimental/ir/implementation/internal/TOperand.qll +++ b/csharp/ql/src/experimental/ir/implementation/internal/TOperand.qll @@ -59,20 +59,12 @@ private module Shared { class TNonSsaMemoryOperand = Internal::TNonSsaMemoryOperand; - /** DEPRECATED: Alias for TNonSsaMemoryOperand */ - deprecated class TNonSSAMemoryOperand = TNonSsaMemoryOperand; - /** * Returns the non-Phi memory operand with the specified parameters. */ TNonSsaMemoryOperand nonSsaMemoryOperand(TRawInstruction useInstr, MemoryOperandTag tag) { result = Internal::TNonSsaMemoryOperand(useInstr, tag) } - - /** DEPRECATED: Alias for nonSsaMemoryOperand */ - deprecated TNonSSAMemoryOperand nonSSAMemoryOperand(TRawInstruction useInstr, MemoryOperandTag tag) { - result = nonSsaMemoryOperand(useInstr, tag) - } } /** @@ -156,6 +148,3 @@ module UnaliasedSsaOperands { */ TChiOperand chiOperand(Unaliased::Instruction useInstr, ChiOperandTag tag) { none() } } - -/** DEPRECATED: Alias for UnaliasedSsaOperands */ -deprecated module UnaliasedSSAOperands = UnaliasedSsaOperands; diff --git a/csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll b/csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll index 0aa7c552638..1b5ea432946 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll @@ -210,9 +210,6 @@ class Instruction extends Construction::TStageInstruction { */ final Language::AST getAst() { result = Construction::getInstructionAst(this) } - /** DEPRECATED: Alias for getAst */ - deprecated Language::AST getAST() { result = this.getAst() } - /** * Gets the location of the source code for this instruction. */ @@ -463,9 +460,6 @@ class VariableInstruction extends Instruction { * Gets the AST variable that this instruction's IR variable refers to, if one exists. */ final Language::Variable getAstVariable() { result = var.(IRUserVariable).getVariable() } - - /** DEPRECATED: Alias for getAstVariable */ - deprecated Language::Variable getASTVariable() { result = this.getAstVariable() } } /** diff --git a/csharp/ql/src/experimental/ir/implementation/raw/internal/IRConstruction.qll b/csharp/ql/src/experimental/ir/implementation/raw/internal/IRConstruction.qll index c75c279226d..8297fedb28e 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/internal/IRConstruction.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/IRConstruction.qll @@ -378,12 +378,6 @@ private module Cached { result = getInstructionTranslatedElement(instruction).getAst() } - /** DEPRECATED: Alias for getInstructionAst */ - cached - deprecated Language::AST getInstructionAST(Instruction instruction) { - result = getInstructionAst(instruction) - } - cached CSharpType getInstructionResultType(Instruction instruction) { getInstructionTranslatedElement(instruction) diff --git a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedCondition.qll b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedCondition.qll index 43db3c90065..afe98fdb410 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedCondition.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedCondition.qll @@ -17,9 +17,6 @@ abstract class TranslatedCondition extends ConditionBase { final override Language::AST getAst() { result = expr } - /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = this.getAst() } - final Expr getExpr() { result = expr } final override Callable getFunction() { result = expr.getEnclosingCallable() } diff --git a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedDeclaration.qll b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedDeclaration.qll index 20d2b1e3459..23242c75c74 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedDeclaration.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedDeclaration.qll @@ -30,9 +30,6 @@ abstract class TranslatedLocalDeclaration extends TranslatedElement, TTranslated final override string toString() { result = expr.toString() } final override Language::AST getAst() { result = expr } - - /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = this.getAst() } } /** diff --git a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedElement.qll b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedElement.qll index 4c5ab431dd5..c314d79e3ea 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedElement.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedElement.qll @@ -366,9 +366,6 @@ abstract class TranslatedElement extends TTranslatedElement { */ abstract Language::AST getAst(); - /** DEPRECATED: Alias for getAst */ - deprecated Language::AST getAST() { result = this.getAst() } - /** * Get the first instruction to be executed in the evaluation of this element. */ diff --git a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedExpr.qll b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedExpr.qll index 67ebf19b766..68070261227 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedExpr.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedExpr.qll @@ -63,9 +63,6 @@ abstract class TranslatedExpr extends TranslatedExprBase { final override Language::AST getAst() { result = expr } - /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = this.getAst() } - final override Callable getFunction() { result = expr.getEnclosingCallable() } /** diff --git a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedFunction.qll b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedFunction.qll index 24f340a8718..f0970984d46 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedFunction.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedFunction.qll @@ -30,9 +30,6 @@ class TranslatedFunction extends TranslatedElement, TTranslatedFunction { final override Language::AST getAst() { result = callable } - /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = this.getAst() } - /** * Gets the function being translated. */ @@ -287,9 +284,6 @@ class TranslatedParameter extends TranslatedElement, TTranslatedParameter { final override Language::AST getAst() { result = param } - /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = this.getAst() } - final override Callable getFunction() { result = param.getCallable() } final override Instruction getFirstInstruction() { diff --git a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedInitialization.qll b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedInitialization.qll index bc127680ca4..c7cb9232d55 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedInitialization.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedInitialization.qll @@ -52,9 +52,6 @@ abstract class TranslatedInitialization extends TranslatedElement, TTranslatedIn final override Language::AST getAst() { result = expr } - /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = this.getAst() } - /** * Gets the expression that is doing the initialization. */ @@ -210,9 +207,6 @@ abstract class TranslatedElementInitialization extends TranslatedElement { final override Language::AST getAst() { result = initList } - /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = this.getAst() } - final override Callable getFunction() { result = initList.getEnclosingCallable() } final override Instruction getFirstInstruction() { @@ -319,9 +313,6 @@ abstract class TranslatedConstructorCallFromConstructor extends TranslatedElemen final override Language::AST getAst() { result = call } - /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = this.getAst() } - final override TranslatedElement getChild(int id) { id = 0 and result = this.getConstructorCall() } diff --git a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedStmt.qll b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedStmt.qll index 1afc48d0409..71d8c42e170 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedStmt.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedStmt.qll @@ -26,9 +26,6 @@ abstract class TranslatedStmt extends TranslatedElement, TTranslatedStmt { final override Language::AST getAst() { result = stmt } - /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = this.getAst() } - final override Callable getFunction() { result = stmt.getEnclosingCallable() } } diff --git a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll index 0aa7c552638..1b5ea432946 100644 --- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll +++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll @@ -210,9 +210,6 @@ class Instruction extends Construction::TStageInstruction { */ final Language::AST getAst() { result = Construction::getInstructionAst(this) } - /** DEPRECATED: Alias for getAst */ - deprecated Language::AST getAST() { result = this.getAst() } - /** * Gets the location of the source code for this instruction. */ @@ -463,9 +460,6 @@ class VariableInstruction extends Instruction { * Gets the AST variable that this instruction's IR variable refers to, if one exists. */ final Language::Variable getAstVariable() { result = var.(IRUserVariable).getVariable() } - - /** DEPRECATED: Alias for getAstVariable */ - deprecated Language::Variable getASTVariable() { result = this.getAstVariable() } } /** diff --git a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll index dc785f3e0b1..63dc4142a13 100644 --- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll +++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll @@ -422,12 +422,6 @@ private module Cached { ) } - /** DEPRECATED: Alias for getInstructionAst */ - cached - deprecated Language::AST getInstructionAST(Instruction instr) { - result = getInstructionAst(instr) - } - cached Language::LanguageType getInstructionResultType(Instruction instr) { result = instr.(RawIR::Instruction).getResultLanguageType() @@ -993,9 +987,6 @@ predicate canReuseSsaForMemoryResult(Instruction instruction) { // We don't support reusing SSA for any location that could create a `Chi` instruction. } -/** DEPRECATED: Alias for canReuseSsaForMemoryResult */ -deprecated predicate canReuseSSAForMemoryResult = canReuseSsaForMemoryResult/1; - /** * Expose some of the internal predicates to PrintSSA.qll. We do this by publicly importing those modules in the * `DebugSsa` module, which is then imported by PrintSSA. @@ -1005,9 +996,6 @@ module DebugSsa { import DefUse } -/** DEPRECATED: Alias for DebugSsa */ -deprecated module DebugSSA = DebugSsa; - import CachedForDebugging cached diff --git a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll index f5b0b3af930..5c33ecf5f99 100644 --- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll +++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll @@ -46,9 +46,6 @@ predicate canReuseSsaForVariable(IRAutomaticVariable var) { not allocationEscapes(var) } -/** DEPRECATED: Alias for canReuseSsaForVariable */ -deprecated predicate canReuseSSAForVariable = canReuseSsaForVariable/1; - private newtype TMemoryLocation = MkMemoryLocation(Allocation var) { isVariableModeled(var) } private MemoryLocation getMemoryLocation(Allocation var) { result.getAllocation() = var } @@ -80,9 +77,6 @@ class MemoryLocation extends TMemoryLocation { predicate canReuseSsaForOldResult(Instruction instr) { none() } -/** DEPRECATED: Alias for canReuseSsaForOldResult */ -deprecated predicate canReuseSSAForOldResult = canReuseSsaForOldResult/1; - /** * Represents a set of `MemoryLocation`s that cannot overlap with * `MemoryLocation`s outside of the set. The `VirtualVariable` will be diff --git a/java/ql/lib/semmle/code/java/Expr.qll b/java/ql/lib/semmle/code/java/Expr.qll index 0e0d0acea3f..92c81650bc3 100644 --- a/java/ql/lib/semmle/code/java/Expr.qll +++ b/java/ql/lib/semmle/code/java/Expr.qll @@ -1809,9 +1809,6 @@ class LValue extends VarAccess { * are source expressions of the assignment. */ Expr getRhs() { exists(Assignment e | e.getDest() = this and e.getSource() = result) } - - /** DEPRECATED: Alias for getRhs */ - deprecated Expr getRHS() { result = this.getRhs() } } /** diff --git a/java/ql/lib/semmle/code/java/controlflow/internal/Preconditions.qll b/java/ql/lib/semmle/code/java/controlflow/internal/Preconditions.qll index 6b7736cb70d..3563176f4b0 100644 --- a/java/ql/lib/semmle/code/java/controlflow/internal/Preconditions.qll +++ b/java/ql/lib/semmle/code/java/controlflow/internal/Preconditions.qll @@ -6,15 +6,6 @@ import java -/** - * DEPRECATED: Use `conditionCheckMethodArgument` instead. - * Holds if `m` is a non-overridable method that checks that its first argument - * is equal to `checkTrue` and throws otherwise. - */ -deprecated predicate conditionCheckMethod(Method m, boolean checkTrue) { - conditionCheckMethodArgument(m, 0, checkTrue) -} - /** * Holds if `m` is a non-overridable method that checks that its zero-indexed `argument` * is equal to `checkTrue` and throws otherwise. diff --git a/java/ql/lib/semmle/code/java/dataflow/SSA.qll b/java/ql/lib/semmle/code/java/dataflow/SSA.qll index d4ff7ed0ac7..dd478b2a869 100644 --- a/java/ql/lib/semmle/code/java/dataflow/SSA.qll +++ b/java/ql/lib/semmle/code/java/dataflow/SSA.qll @@ -931,9 +931,6 @@ class SsaVariable extends TSsaVariable { this = TSsaUntracked(_, result) } - /** DEPRECATED: Alias for getCfgNode */ - deprecated ControlFlowNode getCFGNode() { result = this.getCfgNode() } - /** Gets a textual representation of this SSA variable. */ string toString() { none() } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll b/java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll index 6f53dbd02c1..6e41c803553 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll @@ -483,9 +483,6 @@ class BaseSsaVariable extends TBaseSsaVariable { this = TSsaEntryDef(_, result) } - /** DEPRECATED: Alias for getCfgNode */ - deprecated ControlFlowNode getCFGNode() { result = this.getCfgNode() } - string toString() { none() } Location getLocation() { result = this.getCfgNode().getLocation() } diff --git a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll index 2213960222e..5c037258309 100644 --- a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll +++ b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll @@ -456,9 +456,6 @@ class ArbitraryXmlEntryPoint extends ReflectivelyConstructedClass { } } -/** DEPRECATED: Alias for ArbitraryXmlEntryPoint */ -deprecated class ArbitraryXMLEntryPoint = ArbitraryXmlEntryPoint; - /** A Selenium PageObject, created by a call to PageFactory.initElements(..). */ class SeleniumPageObjectEntryPoint extends ReflectivelyConstructedClass instanceof SeleniumPageObject { } diff --git a/java/ql/lib/semmle/code/java/frameworks/Networking.qll b/java/ql/lib/semmle/code/java/frameworks/Networking.qll index 8f86c8f75e7..c473cc9fc09 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Networking.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Networking.qll @@ -38,9 +38,6 @@ class UrlConnectionGetInputStreamMethod extends Method { } } -/** DEPRECATED: Alias for UrlConnectionGetInputStreamMethod */ -deprecated class URLConnectionGetInputStreamMethod = UrlConnectionGetInputStreamMethod; - /** The method `java.net.Socket::getInputStream`. */ class SocketGetInputStreamMethod extends Method { SocketGetInputStreamMethod() { diff --git a/java/ql/lib/semmle/code/java/frameworks/Servlets.qll b/java/ql/lib/semmle/code/java/frameworks/Servlets.qll index 82e837862be..f2de51b2aab 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Servlets.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Servlets.qll @@ -128,9 +128,6 @@ class HttpServletRequestGetRequestUrlMethod extends Method { } } -/** DEPRECATED: Alias for HttpServletRequestGetRequestUrlMethod */ -deprecated class HttpServletRequestGetRequestURLMethod = HttpServletRequestGetRequestUrlMethod; - /** * The method `getRequestURI()` declared in `javax.servlet.http.HttpServletRequest`. */ @@ -339,9 +336,6 @@ class ServletWebXmlListenerType extends RefType { } } -/** DEPRECATED: Alias for ServletWebXmlListenerType */ -deprecated class ServletWebXMLListenerType = ServletWebXmlListenerType; - /** Holds if `m` is a request handler method (for example `doGet` or `doPost`). */ predicate isServletRequestMethod(Method m) { m.getDeclaringType() instanceof ServletClass and diff --git a/java/ql/lib/semmle/code/java/frameworks/UnboundId.qll b/java/ql/lib/semmle/code/java/frameworks/UnboundId.qll index e19a6b43019..8bab6dfe581 100644 --- a/java/ql/lib/semmle/code/java/frameworks/UnboundId.qll +++ b/java/ql/lib/semmle/code/java/frameworks/UnboundId.qll @@ -29,9 +29,6 @@ class TypeUnboundIdLdapConnection extends Class { } } -/** DEPRECATED: Alias for TypeUnboundIdLdapConnection */ -deprecated class TypeUnboundIdLDAPConnection = TypeUnboundIdLdapConnection; - /*--- Methods ---*/ /** A method with the name `setBaseDN` declared in `com.unboundid.ldap.sdk.SearchRequest`. */ class MethodUnboundIdSearchRequestSetBaseDN extends Method { @@ -103,9 +100,6 @@ class MethodUnboundIdLdapConnectionSearch extends Method { } } -/** DEPRECATED: Alias for MethodUnboundIdLdapConnectionSearch */ -deprecated class MethodUnboundIdLDAPConnectionSearch = MethodUnboundIdLdapConnectionSearch; - /** A method with the name `asyncSearch` declared in `com.unboundid.ldap.sdk.LDAPConnection`. */ class MethodUnboundIdLdapConnectionAsyncSearch extends Method { MethodUnboundIdLdapConnectionAsyncSearch() { @@ -114,10 +108,6 @@ class MethodUnboundIdLdapConnectionAsyncSearch extends Method { } } -/** DEPRECATED: Alias for MethodUnboundIdLdapConnectionAsyncSearch */ -deprecated class MethodUnboundIdLDAPConnectionAsyncSearch = - MethodUnboundIdLdapConnectionAsyncSearch; - /** A method with the name `searchForEntry` declared in `com.unboundid.ldap.sdk.LDAPConnection`. */ class MethodUnboundIdLdapConnectionSearchForEntry extends Method { MethodUnboundIdLdapConnectionSearchForEntry() { @@ -125,7 +115,3 @@ class MethodUnboundIdLdapConnectionSearchForEntry extends Method { this.hasName("searchForEntry") } } - -/** DEPRECATED: Alias for MethodUnboundIdLdapConnectionSearchForEntry */ -deprecated class MethodUnboundIdLDAPConnectionSearchForEntry = - MethodUnboundIdLdapConnectionSearchForEntry; diff --git a/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll b/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll index 79fd19f4ef2..f1395431a3c 100644 --- a/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll +++ b/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll @@ -20,9 +20,6 @@ class JacksonJsonIgnoreAnnotation extends NonReflectiveAnnotation { } } -/** DEPRECATED: Alias for JacksonJsonIgnoreAnnotation */ -deprecated class JacksonJSONIgnoreAnnotation = JacksonJsonIgnoreAnnotation; - /** A type whose values may be serialized using the Jackson JSON framework. */ abstract class JacksonSerializableType extends Type { } diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/PersistenceXML.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/PersistenceXML.qll index faca537d171..7564dafa37e 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/PersistenceXML.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/PersistenceXML.qll @@ -26,9 +26,6 @@ class PersistenceXmlFile extends XmlFile { } } -/** DEPRECATED: Alias for PersistenceXmlFile */ -deprecated class PersistenceXMLFile = PersistenceXmlFile; - /** The root `persistence` XML element in a `persistence.xml` file. */ class PersistenceXmlRoot extends XmlElement { PersistenceXmlRoot() { diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBJarXML.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBJarXML.qll index 9323b3852b4..f44d77d89bd 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBJarXML.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBJarXML.qll @@ -35,9 +35,6 @@ class EjbJarXmlFile extends XmlFile { } } -/** DEPRECATED: Alias for EjbJarXmlFile */ -deprecated class EjbJarXMLFile = EjbJarXmlFile; - /** The root `ejb-jar` XML element in an `ejb-jar.xml` file. */ class EjbJarRootElement extends XmlElement { EjbJarRootElement() { diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFFacesContextXML.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFFacesContextXML.qll index f85f36c37a3..13ed765638d 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFFacesContextXML.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFFacesContextXML.qll @@ -16,9 +16,6 @@ class FacesConfigXmlFile extends XmlFile { } } -/** DEPRECATED: Alias for FacesConfigXmlFile */ -deprecated class FacesConfigXMLFile = FacesConfigXmlFile; - /** * An XML element in a `FacesConfigXMLFile`. */ @@ -31,9 +28,6 @@ class FacesConfigXmlElement extends XmlElement { string getValue() { result = this.allCharactersString().trim() } } -/** DEPRECATED: Alias for FacesConfigXmlElement */ -deprecated class FacesConfigXMLElement = FacesConfigXmlElement; - /** * An element in a JSF config file that declares a managed bean. */ diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringAutowire.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringAutowire.qll index 1dd6dfd292f..966db95afce 100644 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringAutowire.qll +++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringAutowire.qll @@ -100,9 +100,6 @@ class SpringBeanXmlAutowiredSetterMethod extends Method { } } -/** DEPRECATED: Alias for SpringBeanXmlAutowiredSetterMethod */ -deprecated class SpringBeanXMLAutowiredSetterMethod = SpringBeanXmlAutowiredSetterMethod; - /** * A callable that is annotated with `@Autowired`. * diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringCamel.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringCamel.qll index 9bbdaad9687..985565255b6 100644 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringCamel.qll +++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringCamel.qll @@ -13,9 +13,6 @@ class SpringCamelXmlElement extends SpringXmlElement { SpringCamelXmlElement() { this.getNamespace().getUri() = "http://camel.apache.org/schema/spring" } } -/** DEPRECATED: Alias for SpringCamelXmlElement */ -deprecated class SpringCamelXMLElement = SpringCamelXmlElement; - /** * An element in a Spring beans file that defines an Apache Camel context. * @@ -25,9 +22,6 @@ class SpringCamelXmlContext extends SpringCamelXmlElement { SpringCamelXmlContext() { this.getName() = "camelContext" } } -/** DEPRECATED: Alias for SpringCamelXmlContext */ -deprecated class SpringCamelXMLContext = SpringCamelXmlContext; - /** * An element in a Spring beans file that defines an Apache Camel route context. * @@ -38,9 +32,6 @@ class SpringCamelXmlRouteContext extends SpringCamelXmlElement { SpringCamelXmlRouteContext() { this.getName() = "routeContext" } } -/** DEPRECATED: Alias for SpringCamelXmlRouteContext */ -deprecated class SpringCamelXMLRouteContext = SpringCamelXmlRouteContext; - /** * An element in a Spring beans files that defines an Apache Camel route. * @@ -58,9 +49,6 @@ class SpringCamelXmlRoute extends SpringCamelXmlElement { } } -/** DEPRECATED: Alias for SpringCamelXmlRoute */ -deprecated class SpringCamelXMLRoute = SpringCamelXmlRoute; - /** * An element in a Spring bean file that is logically contained in an Apache Camel route. */ @@ -71,9 +59,6 @@ class SpringCamelXmlRouteElement extends SpringCamelXmlElement { } } -/** DEPRECATED: Alias for SpringCamelXmlRouteElement */ -deprecated class SpringCamelXMLRouteElement = SpringCamelXmlRouteElement; - /** * A reference to a Spring bean in an Apache Camel route defined in a Spring beans file. * @@ -98,9 +83,6 @@ class SpringCamelXmlBeanRef extends SpringCamelXmlRouteElement { RefType getBeanType() { result.getQualifiedName() = this.getAttribute("beanType").getValue() } } -/** DEPRECATED: Alias for SpringCamelXmlBeanRef */ -deprecated class SpringCamelXMLBeanRef = SpringCamelXmlBeanRef; - /** * A declaration of a target in an Apache Camel route defined in a Spring beans file. * @@ -120,9 +102,6 @@ class SpringCamelXmlToElement extends SpringCamelXmlRouteElement { deprecated string getURI() { result = this.getUri() } } -/** DEPRECATED: Alias for SpringCamelXmlToElement */ -deprecated class SpringCamelXMLToElement = SpringCamelXmlToElement; - /** * A declaration of a Apache Camel "method" expression defined in a Spring beans file. * @@ -147,6 +126,3 @@ class SpringCamelXmlMethodElement extends SpringCamelXmlElement { */ RefType getBeanType() { result.getQualifiedName() = this.getAttribute("beanType").getValue() } } - -/** DEPRECATED: Alias for SpringCamelXmlMethodElement */ -deprecated class SpringCamelXMLMethodElement = SpringCamelXmlMethodElement; diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringComponentScan.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringComponentScan.qll index f3380c45458..d285e9d0e6a 100644 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringComponentScan.qll +++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringComponentScan.qll @@ -23,9 +23,6 @@ class SpringXmlComponentScan extends SpringXmlElement { string getAProfileExpr() { result = this.getSpringBeanFile().getAProfileExpr() } } -/** DEPRECATED: Alias for SpringXmlComponentScan */ -deprecated class SpringXMLComponentScan = SpringXmlComponentScan; - /** * An annotation of a class that configures which packages are considered to be "base" packages * when performing the Spring component scan. diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringFlex.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringFlex.qll index 0d18749a63e..af0afa91f4c 100644 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringFlex.qll +++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringFlex.qll @@ -57,11 +57,6 @@ class SpringRemotingDestinationClass extends Class { */ SpringRemotingDestination getRemotingDestinationXml() { this = result.getSpringBean().getClass() } - /** DEPRECATED: Alias for getRemotingDestinationXml */ - deprecated SpringRemotingDestination getRemotingDestinationXML() { - result = this.getRemotingDestinationXml() - } - /** * Holds if the class is operating on an "include" or "exclude" basis. * diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringXMLElement.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringXMLElement.qll index efc7dfdaaf2..312cd659b39 100644 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringXMLElement.qll +++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringXMLElement.qll @@ -37,6 +37,3 @@ class SpringXmlElement extends XmlElement { string getContentString() { result = this.allCharactersString() } } - -/** DEPRECATED: Alias for SpringXmlElement */ -deprecated class SpringXMLElement = SpringXmlElement; diff --git a/java/ql/lib/semmle/code/java/frameworks/struts/StrutsConventions.qll b/java/ql/lib/semmle/code/java/frameworks/struts/StrutsConventions.qll index fd9f14d4c6f..b3adfa8d80e 100644 --- a/java/ql/lib/semmle/code/java/frameworks/struts/StrutsConventions.qll +++ b/java/ql/lib/semmle/code/java/frameworks/struts/StrutsConventions.qll @@ -77,9 +77,6 @@ StrutsXmlFile getRootXmlFile(RefType refType) { ) } -/** DEPRECATED: Alias for getRootXmlFile */ -deprecated StrutsXMLFile getRootXMLFile(RefType refType) { result = getRootXmlFile(refType) } - /** * Gets the suffix used for automatically identifying actions when using the convention plugin. * diff --git a/java/ql/lib/semmle/code/java/frameworks/struts/StrutsXML.qll b/java/ql/lib/semmle/code/java/frameworks/struts/StrutsXML.qll index 3009056cce3..273034978d1 100644 --- a/java/ql/lib/semmle/code/java/frameworks/struts/StrutsXML.qll +++ b/java/ql/lib/semmle/code/java/frameworks/struts/StrutsXML.qll @@ -5,9 +5,6 @@ import java */ predicate isStrutsXmlIncluded() { exists(StrutsXmlFile strutsXml) } -/** DEPRECATED: Alias for isStrutsXmlIncluded */ -deprecated predicate isStrutsXMLIncluded = isStrutsXmlIncluded/0; - /** * A struts 2 configuration file. */ @@ -51,9 +48,6 @@ abstract class StrutsXmlFile extends XmlFile { } } -/** DEPRECATED: Alias for StrutsXmlFile */ -deprecated class StrutsXMLFile = StrutsXmlFile; - /** * A Struts 2 "root" configuration XML file directly read by struts. * @@ -66,9 +60,6 @@ class StrutsRootXmlFile extends StrutsXmlFile { } } -/** DEPRECATED: Alias for StrutsRootXmlFile */ -deprecated class StrutsRootXMLFile = StrutsRootXmlFile; - /** * A Struts 2 configuration XML file included, directly or indirectly, by a root Struts configuration. */ @@ -76,9 +67,6 @@ class StrutsIncludedXmlFile extends StrutsXmlFile { StrutsIncludedXmlFile() { exists(StrutsXmlInclude include | this = include.getIncludedFile()) } } -/** DEPRECATED: Alias for StrutsIncludedXmlFile */ -deprecated class StrutsIncludedXMLFile = StrutsIncludedXmlFile; - /** * A Folder which has one or more Struts 2 root configurations. */ @@ -116,9 +104,6 @@ class StrutsXmlElement extends XmlElement { string getValue() { result = this.allCharactersString().trim() } } -/** DEPRECATED: Alias for StrutsXmlElement */ -deprecated class StrutsXMLElement = StrutsXmlElement; - /** * A `<include>` element within a `struts.xml` file. * @@ -141,9 +126,6 @@ class StrutsXmlInclude extends StrutsXmlElement { } } -/** DEPRECATED: Alias for StrutsXmlInclude */ -deprecated class StrutsXMLInclude = StrutsXmlInclude; - /** * Escape a string for use as the matcher in a string.match(..) call. */ @@ -192,9 +174,6 @@ class StrutsXmlAction extends StrutsXmlElement { } } -/** DEPRECATED: Alias for StrutsXmlAction */ -deprecated class StrutsXMLAction = StrutsXmlAction; - /** * A `<constant>` property, representing a configuration parameter to struts. */ @@ -205,6 +184,3 @@ class StrutsXmlConstant extends StrutsXmlElement { string getConstantValue() { result = this.getAttribute("value").getValue() } } - -/** DEPRECATED: Alias for StrutsXmlConstant */ -deprecated class StrutsXMLConstant = StrutsXmlConstant; diff --git a/java/ql/lib/semmle/code/java/security/Encryption.qll b/java/ql/lib/semmle/code/java/security/Encryption.qll index c0c35103331..88a1996ffd9 100644 --- a/java/ql/lib/semmle/code/java/security/Encryption.qll +++ b/java/ql/lib/semmle/code/java/security/Encryption.qll @@ -25,9 +25,6 @@ class HttpsUrlConnection extends RefType { HttpsUrlConnection() { this.hasQualifiedName("javax.net.ssl", "HttpsURLConnection") } } -/** DEPRECATED: Alias for HttpsUrlConnection */ -deprecated class HttpsURLConnection = HttpsUrlConnection; - class SslSocketFactory extends RefType { SslSocketFactory() { this.hasQualifiedName("javax.net.ssl", "SSLSocketFactory") } } diff --git a/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll b/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll index 89b24006475..beef024eb15 100644 --- a/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll +++ b/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll @@ -12,9 +12,6 @@ import semmle.code.java.dataflow.TaintTracking */ abstract class SafeExternalApiMethod extends Method { } -/** DEPRECATED: Alias for SafeExternalApiMethod */ -deprecated class SafeExternalAPIMethod = SafeExternalApiMethod; - /** The default set of "safe" external APIs. */ private class DefaultSafeExternalApiMethod extends SafeExternalApiMethod { DefaultSafeExternalApiMethod() { @@ -95,9 +92,6 @@ class ExternalApiDataNode extends DataFlow::Node { string getMethodDescription() { result = this.getMethod().getQualifiedName() } } -/** DEPRECATED: Alias for ExternalApiDataNode */ -deprecated class ExternalAPIDataNode = ExternalApiDataNode; - /** * DEPRECATED: Use `UntrustedDataToExternalApiFlow` instead. * @@ -125,9 +119,6 @@ module UntrustedDataToExternalApiConfig implements DataFlow::ConfigSig { */ module UntrustedDataToExternalApiFlow = TaintTracking::Global<UntrustedDataToExternalApiConfig>; -/** DEPRECATED: Alias for UntrustedDataToExternalApiConfig */ -deprecated class UntrustedDataToExternalAPIConfig = UntrustedDataToExternalApiConfig; - /** A node representing untrusted data being passed to an external API. */ class UntrustedExternalApiDataNode extends ExternalApiDataNode { UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flowTo(this) } @@ -136,9 +127,6 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode { DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) } } -/** DEPRECATED: Alias for UntrustedExternalApiDataNode */ -deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode; - /** An external API which is used with untrusted data. */ private newtype TExternalApi = /** An untrusted API method `m` where untrusted data is passed at `index`. */ @@ -172,6 +160,3 @@ class ExternalApiUsedWithUntrustedData extends TExternalApi { ) } } - -/** DEPRECATED: Alias for ExternalApiUsedWithUntrustedData */ -deprecated class ExternalAPIUsedWithUntrustedData = ExternalApiUsedWithUntrustedData; diff --git a/java/ql/lib/semmle/code/java/security/XmlParsers.qll b/java/ql/lib/semmle/code/java/security/XmlParsers.qll index a079267b131..ded513ec656 100644 --- a/java/ql/lib/semmle/code/java/security/XmlParsers.qll +++ b/java/ql/lib/semmle/code/java/security/XmlParsers.qll @@ -337,9 +337,6 @@ class SaxBuilder extends RefType { } } -/** DEPRECATED: Alias for SaxBuilder */ -deprecated class SAXBuilder = SaxBuilder; - /** * A call to `SAXBuilder.build.` */ @@ -359,9 +356,6 @@ class SaxBuilderParse extends XmlParserCall { } } -/** DEPRECATED: Alias for SaxBuilderParse */ -deprecated class SAXBuilderParse = SaxBuilderParse; - private module SafeSaxBuilderToSaxBuilderParseFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeSaxBuilder } @@ -386,9 +380,6 @@ class SaxBuilderConfig extends ParserConfig { } } -/** DEPRECATED: Alias for SaxBuilderConfig */ -deprecated class SAXBuilderConfig = SaxBuilderConfig; - /** A safely configured `SaxBuilder`. */ class SafeSaxBuilder extends VarAccess { SafeSaxBuilder() { @@ -404,9 +395,6 @@ class SafeSaxBuilder extends VarAccess { } } -/** DEPRECATED: Alias for SafeSaxBuilder */ -deprecated class SafeSAXBuilder = SafeSaxBuilder; - /* * The case in * https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxb-unmarshaller @@ -420,17 +408,11 @@ class SaxParser extends RefType { SaxParser() { this.hasQualifiedName("javax.xml.parsers", "SAXParser") } } -/** DEPRECATED: Alias for SaxParser */ -deprecated class SAXParser = SaxParser; - /** The class `javax.xml.parsers.SAXParserFactory`. */ class SaxParserFactory extends RefType { SaxParserFactory() { this.hasQualifiedName("javax.xml.parsers", "SAXParserFactory") } } -/** DEPRECATED: Alias for SaxParserFactory */ -deprecated class SAXParserFactory = SaxParserFactory; - /** A call to `SAXParser.parse`. */ class SaxParserParse extends XmlParserCall { SaxParserParse() { @@ -446,9 +428,6 @@ class SaxParserParse extends XmlParserCall { override predicate isSafe() { SafeSaxParserFlow::flowToExpr(this.getQualifier()) } } -/** DEPRECATED: Alias for SaxParserParse */ -deprecated class SAXParserParse = SaxParserParse; - /** A `ParserConfig` that is specific to `SaxParserFactory`. */ class SaxParserFactoryConfig extends ParserConfig { SaxParserFactoryConfig() { @@ -460,9 +439,6 @@ class SaxParserFactoryConfig extends ParserConfig { } } -/** DEPRECATED: Alias for SaxParserFactoryConfig */ -deprecated class SAXParserFactoryConfig = SaxParserFactoryConfig; - /** * A safely configured `SAXParserFactory`. */ @@ -496,9 +472,6 @@ class SafeSaxParserFactory extends VarAccess { } } -/** DEPRECATED: Alias for SafeSaxParserFactory */ -deprecated class SafeSAXParserFactory = SafeSaxParserFactory; - private module SafeSaxParserFactoryToNewSaxParserFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeSaxParserFactory } @@ -540,9 +513,6 @@ class SafeSaxParser extends MethodAccess { } } -/** DEPRECATED: Alias for SafeSaxParser */ -deprecated class SafeSAXParser = SafeSaxParser; - /* SAXReader: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#saxreader */ /** * The class `org.dom4j.io.SAXReader`. @@ -551,9 +521,6 @@ class SaxReader extends RefType { SaxReader() { this.hasQualifiedName("org.dom4j.io", "SAXReader") } } -/** DEPRECATED: Alias for SaxReader */ -deprecated class SAXReader = SaxReader; - /** A call to `SAXReader.read`. */ class SaxReaderRead extends XmlParserCall { SaxReaderRead() { @@ -569,9 +536,6 @@ class SaxReaderRead extends XmlParserCall { override predicate isSafe() { SafeSaxReaderFlow::flowToExpr(this.getQualifier()) } } -/** DEPRECATED: Alias for SaxReaderRead */ -deprecated class SAXReaderRead = SaxReaderRead; - /** A `ParserConfig` specific to `SaxReader`. */ class SaxReaderConfig extends ParserConfig { SaxReaderConfig() { @@ -583,9 +547,6 @@ class SaxReaderConfig extends ParserConfig { } } -/** DEPRECATED: Alias for SaxReaderConfig */ -deprecated class SAXReaderConfig = SaxReaderConfig; - private module SafeSaxReaderFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeSaxReader } @@ -626,9 +587,6 @@ class SafeSaxReader extends VarAccess { } } -/** DEPRECATED: Alias for SafeSaxReader */ -deprecated class SafeSAXReader = SafeSaxReader; - /* https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#xmlreader */ /** The class `org.xml.sax.XMLReader`. */ class XmlReader extends RefType { @@ -640,9 +598,6 @@ class InputSource extends Class { InputSource() { this.hasQualifiedName("org.xml.sax", "InputSource") } } -/** DEPRECATED: Alias for XmlReader */ -deprecated class XMLReader = XmlReader; - /** A call to `XMLReader.read`. */ class XmlReaderParse extends XmlParserCall { XmlReaderParse() { @@ -661,9 +616,6 @@ class XmlReaderParse extends XmlParserCall { } } -/** DEPRECATED: Alias for XmlReaderParse */ -deprecated class XMLReaderParse = XmlReaderParse; - /** A `ParserConfig` specific to the `XmlReader`. */ class XmlReaderConfig extends ParserConfig { XmlReaderConfig() { @@ -675,9 +627,6 @@ class XmlReaderConfig extends ParserConfig { } } -/** DEPRECATED: Alias for XmlReaderConfig */ -deprecated class XMLReaderConfig = XmlReaderConfig; - private module ExplicitlySafeXmlReaderFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ExplicitlySafeXmlReader } @@ -697,9 +646,6 @@ class SafeXmlReaderFlowSink extends Expr { } } -/** DEPRECATED: Alias for SafeXmlReaderFlowSink */ -deprecated class SafeXMLReaderFlowSink = SafeXmlReaderFlowSink; - /** An `XmlReader` that is explicitly configured to be safe. */ class ExplicitlySafeXmlReader extends VarAccess { ExplicitlySafeXmlReader() { @@ -739,9 +685,6 @@ class ExplicitlySafeXmlReader extends VarAccess { } } -/** DEPRECATED: Alias for ExplicitlySafeXmlReader */ -deprecated class ExplicitlySafeXMLReader = ExplicitlySafeXmlReader; - private module CreatedSafeXmlReaderFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node src) { src.asExpr() instanceof CreatedSafeXmlReader } @@ -778,9 +721,6 @@ class CreatedSafeXmlReader extends Call { } } -/** DEPRECATED: Alias for CreatedSafeXmlReader */ -deprecated class CreatedSafeXMLReader = CreatedSafeXmlReader; - /* * SAXSource in * https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxb-unmarshaller @@ -791,9 +731,6 @@ class SaxSource extends RefType { SaxSource() { this.hasQualifiedName("javax.xml.transform.sax", "SAXSource") } } -/** DEPRECATED: Alias for SaxSource */ -deprecated class SAXSource = SaxSource; - /** A call to the constructor of `SAXSource` with `XmlReader` and `InputSource`. */ class ConstructedSaxSource extends ClassInstanceExpr { ConstructedSaxSource() { @@ -814,9 +751,6 @@ class ConstructedSaxSource extends ClassInstanceExpr { } } -/** DEPRECATED: Alias for ConstructedSaxSource */ -deprecated class ConstructedSAXSource = ConstructedSaxSource; - /** A call to the `SAXSource.setXMLReader` method. */ class SaxSourceSetReader extends MethodAccess { SaxSourceSetReader() { @@ -828,9 +762,6 @@ class SaxSourceSetReader extends MethodAccess { } } -/** DEPRECATED: Alias for SaxSourceSetReader */ -deprecated class SAXSourceSetReader = SaxSourceSetReader; - /** A `SaxSource` that is safe to use. */ class SafeSaxSource extends Expr { SafeSaxSource() { @@ -847,9 +778,6 @@ class SafeSaxSource extends Expr { } } -/** DEPRECATED: Alias for SafeSaxSource */ -deprecated class SafeSAXSource = SafeSaxSource; - /* Transformer: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#transformerfactory */ /** An access to a method use for configuring a transformer or schema. */ abstract class TransformerConfig extends MethodAccess { @@ -1063,9 +991,6 @@ class SaxTransformerFactoryNewXmlFilter extends XmlParserCall { override predicate isSafe() { SafeTransformerFactoryFlow::flowToExpr(this.getQualifier()) } } -/** DEPRECATED: Alias for SaxTransformerFactoryNewXmlFilter */ -deprecated class SAXTransformerFactoryNewXMLFilter = SaxTransformerFactoryNewXmlFilter; - /* Schema: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#schemafactory */ /** The class `javax.xml.validation.SchemaFactory`. */ class SchemaFactory extends RefType { @@ -1197,9 +1122,6 @@ class SimpleXmlPersisterCall extends XmlParserCall { override predicate isSafe() { none() } } -/** DEPRECATED: Alias for SimpleXmlPersisterCall */ -deprecated class SimpleXMLPersisterCall = SimpleXmlPersisterCall; - /** A call to `provide` in `Provider`. */ class SimpleXmlProviderCall extends XmlParserCall { SimpleXmlProviderCall() { @@ -1218,9 +1140,6 @@ class SimpleXmlProviderCall extends XmlParserCall { override predicate isSafe() { none() } } -/** DEPRECATED: Alias for SimpleXmlProviderCall */ -deprecated class SimpleXMLProviderCall = SimpleXmlProviderCall; - /** A call to `read` in `NodeBuilder`. */ class SimpleXmlNodeBuilderCall extends XmlParserCall { SimpleXmlNodeBuilderCall() { @@ -1236,9 +1155,6 @@ class SimpleXmlNodeBuilderCall extends XmlParserCall { override predicate isSafe() { none() } } -/** DEPRECATED: Alias for SimpleXmlNodeBuilderCall */ -deprecated class SimpleXMLNodeBuilderCall = SimpleXmlNodeBuilderCall; - /** A call to the `format` method of the `Formatter`. */ class SimpleXmlFormatterCall extends XmlParserCall { SimpleXmlFormatterCall() { @@ -1254,9 +1170,6 @@ class SimpleXmlFormatterCall extends XmlParserCall { override predicate isSafe() { none() } } -/** DEPRECATED: Alias for SimpleXmlFormatterCall */ -deprecated class SimpleXMLFormatterCall = SimpleXmlFormatterCall; - /** A configuration for secure processing. */ Expr configSecureProcessing() { result.(ConstantStringExpr).getStringValue() = diff --git a/java/ql/lib/semmle/code/xml/WebXML.qll b/java/ql/lib/semmle/code/xml/WebXML.qll index c15793b58a4..c356081c95f 100644 --- a/java/ql/lib/semmle/code/xml/WebXML.qll +++ b/java/ql/lib/semmle/code/xml/WebXML.qll @@ -5,9 +5,6 @@ import java */ predicate isWebXmlIncluded() { exists(WebXmlFile webXml) } -/** DEPRECATED: Alias for isWebXmlIncluded */ -deprecated predicate isWebXMLIncluded = isWebXmlIncluded/0; - /** * A deployment descriptor file, typically called `web.xml`. */ @@ -31,9 +28,6 @@ class WebXmlFile extends XmlFile { } } -/** DEPRECATED: Alias for WebXmlFile */ -deprecated class WebXMLFile = WebXmlFile; - /** * An XML element in a `WebXMLFile`. */ @@ -46,9 +40,6 @@ class WebXmlElement extends XmlElement { string getValue() { result = this.allCharactersString().trim() } } -/** DEPRECATED: Alias for WebXmlElement */ -deprecated class WebXMLElement = WebXmlElement; - /** * A `<context-param>` element in a `web.xml` file. */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisCommonLib.qll b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisCommonLib.qll index 85d3f36dfdf..377c7f74bd4 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisCommonLib.qll +++ b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisCommonLib.qll @@ -56,9 +56,6 @@ predicate myBatisMapperXmlElementFromMethod(Method method, MyBatisMapperXmlEleme ) } -/** DEPRECATED: Alias for myBatisMapperXmlElementFromMethod */ -deprecated predicate myBatisMapperXMLElementFromMethod = myBatisMapperXmlElementFromMethod/2; - /** Holds if the specified `method` has Ibatis Sql operation annotation `isoa`. */ predicate myBatisSqlOperationAnnotationFromMethod(Method method, IbatisSqlOperationAnnotation isoa) { exists(MyBatisSqlOperationAnnotationMethod msoam | diff --git a/java/ql/src/experimental/semmle/code/xml/StrutsXML.qll b/java/ql/src/experimental/semmle/code/xml/StrutsXML.qll index 874d8448640..8d829612d95 100644 --- a/java/ql/src/experimental/semmle/code/xml/StrutsXML.qll +++ b/java/ql/src/experimental/semmle/code/xml/StrutsXML.qll @@ -10,9 +10,6 @@ class StrutsXmlFile extends XmlFile { } } -/** DEPRECATED: Alias for StrutsXmlFile */ -deprecated class StrutsXMLFile = StrutsXmlFile; - /** * An XML element in a `StrutsXMLFile`. */ @@ -25,9 +22,6 @@ class StrutsXmlElement extends XmlElement { string getValue() { result = this.allCharactersString().trim() } } -/** DEPRECATED: Alias for StrutsXmlElement */ -deprecated class StrutsXMLElement = StrutsXmlElement; - /** * A `<constant>` element in a `StrutsXMLFile`. */ diff --git a/java/ql/src/semmle/code/xml/MyBatisMapperXML.qll b/java/ql/src/semmle/code/xml/MyBatisMapperXML.qll index c7de1b8b945..529a627e96f 100644 --- a/java/ql/src/semmle/code/xml/MyBatisMapperXML.qll +++ b/java/ql/src/semmle/code/xml/MyBatisMapperXML.qll @@ -14,9 +14,6 @@ class MyBatisMapperXmlFile extends XmlFile { } } -/** DEPRECATED: Alias for MyBatisMapperXmlFile */ -deprecated class MyBatisMapperXMLFile = MyBatisMapperXmlFile; - /** * An XML element in a `MyBatisMapperXMLFile`. */ @@ -36,9 +33,6 @@ class MyBatisMapperXmlElement extends XmlElement { } } -/** DEPRECATED: Alias for MyBatisMapperXmlElement */ -deprecated class MyBatisMapperXMLElement = MyBatisMapperXmlElement; - /** * An MyBatis Mapper sql operation element. */ diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfig.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfig.qll index 5532c8d4726..6836e14e72c 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfig.qll +++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/ATMConfig.qll @@ -166,6 +166,3 @@ abstract class AtmConfig extends JS::TaintTracking::Configuration { ) } } - -/** DEPRECATED: Alias for AtmConfig */ -deprecated class ATMConfig = AtmConfig; diff --git a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FunctionBodyFeatures.qll b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FunctionBodyFeatures.qll index 62531a9d423..0fc660796c4 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FunctionBodyFeatures.qll +++ b/javascript/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/FunctionBodyFeatures.qll @@ -41,9 +41,6 @@ AstNode getAnAstNodeToFeaturize(Function f) { not result = f.getIdentifier() } -/** DEPRECATED: Alias for getAnAstNodeToFeaturize */ -deprecated ASTNode getAnASTNodeToFeaturize(Function f) { result = getAnAstNodeToFeaturize(f) } - /** * Gets a function that contains the endpoint. * @@ -130,9 +127,6 @@ AstNode getAnAstNodeWithAFeature(Function f) { result = getAnAstNodeToFeaturize(f) } -/** DEPRECATED: Alias for getAnAstNodeWithAFeature */ -deprecated ASTNode getAnASTNodeWithAFeature(Function f) { result = getAnAstNodeWithAFeature(f) } - /** Returns the number of source-code characters in a function. */ int getNumCharsInFunction(Function f) { result = diff --git a/javascript/ql/lib/Expressions/DOMProperties.qll b/javascript/ql/lib/Expressions/DOMProperties.qll index 17f53f8a366..fdb7e6024c2 100644 --- a/javascript/ql/lib/Expressions/DOMProperties.qll +++ b/javascript/ql/lib/Expressions/DOMProperties.qll @@ -4,9 +4,6 @@ import semmle.javascript.Externs -/** DEPRECATED: Alias for isDomRootType */ -deprecated predicate isDOMRootType = isDomRootType/1; - /** Holds if `p` is declared as a property of a DOM class or interface. */ pragma[nomagic] predicate isDomProperty(string p) { @@ -14,6 +11,3 @@ predicate isDomProperty(string p) { isDomRootType(emd.getDeclaringType().getASupertype*()) ) } - -/** DEPRECATED: Alias for isDomProperty */ -deprecated predicate isDOMProperty = isDomProperty/1; diff --git a/javascript/ql/lib/semmle/javascript/AST.qll b/javascript/ql/lib/semmle/javascript/AST.qll index 895922f952f..e4a1cf944c4 100644 --- a/javascript/ql/lib/semmle/javascript/AST.qll +++ b/javascript/ql/lib/semmle/javascript/AST.qll @@ -184,9 +184,6 @@ class AstNode extends @ast_node, NodeInStmtContainer { } } -/** DEPRECATED: Alias for AstNode */ -deprecated class ASTNode = AstNode; - /** * Holds if the given file is a `.d.ts` file. */ @@ -339,9 +336,6 @@ class EventHandlerCode extends @event_handler, CodeInAttribute { } */ class JavaScriptUrl extends @javascript_url, CodeInAttribute { } -/** DEPRECATED: Alias for JavaScriptUrl */ -deprecated class JavaScriptURL = JavaScriptUrl; - /** * A toplevel syntactic entity containing Closure-style externs definitions. * diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll index c543607e73f..080a1bc1209 100644 --- a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll +++ b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll @@ -636,9 +636,6 @@ module API { /** Gets an API-node for this entry point. */ API::Node getANode() { result = root().getASuccessor(Label::entryPoint(this)) } - - /** DEPRECATED. Use `getANode()` instead. */ - deprecated API::Node getNode() { result = this.getANode() } } /** diff --git a/javascript/ql/lib/semmle/javascript/DefUse.qll b/javascript/ql/lib/semmle/javascript/DefUse.qll index 8ad710fdc57..a9d021f939e 100644 --- a/javascript/ql/lib/semmle/javascript/DefUse.qll +++ b/javascript/ql/lib/semmle/javascript/DefUse.qll @@ -243,71 +243,3 @@ class VarUse extends ControlFlowNode, @varref instanceof RValue { */ SsaVariable getSsaVariable() { result.getAUse() = this } } - -/** - * Holds if the definition of `v` in `def` reaches `use` along some control flow path - * without crossing another definition of `v`. - * DEPRECATED: Use the `SSA.qll` library instead. - */ -deprecated predicate definitionReaches(Variable v, VarDef def, VarUse use) { - v = use.getVariable() and - exists(BasicBlock bb, int i, int next | next = nextDefAfter(bb, v, i, def) | - exists(int j | j in [i + 1 .. next - 1] | bb.useAt(j, v, use)) - or - exists(BasicBlock succ | succ = bb.getASuccessor() | - succ.isLiveAtEntry(v, use) and - next = bb.length() - ) - ) -} - -/** - * Holds if the definition of local variable `v` in `def` reaches `use` along some control flow path - * without crossing another definition of `v`. - * DEPRECATED: Use the `SSA.qll` library instead. - */ -deprecated predicate localDefinitionReaches(LocalVariable v, VarDef def, VarUse use) { - exists(SsaExplicitDefinition ssa | - ssa.defines(def, v) and - ssa = getAPseudoDefinitionInput*(use.getSsaVariable().getDefinition()) - ) -} - -/** - * Holds if `nd` is a pseudo-definition and the result is one of its inputs. - * DEPRECATED: Use the `SSA.qll` library instead. - */ -deprecated private SsaDefinition getAPseudoDefinitionInput(SsaDefinition nd) { - result = nd.(SsaPseudoDefinition).getAnInput() -} - -/** - * Holds if `d` is a definition of `v` at index `i` in `bb`, and the result is the next index - * in `bb` after `i` at which the same variable is defined, or `bb.length()` if there is none. - */ -deprecated private int nextDefAfter(BasicBlock bb, Variable v, int i, VarDef d) { - bb.defAt(i, v, d) and - result = - min(int jj | - (bb.defAt(jj, v, _) or jj = bb.length()) and - jj > i - ) -} - -/** - * Holds if the `later` definition of `v` could overwrite its `earlier` definition. - * - * This is the case if there is a path from `earlier` to `later` that does not cross - * another definition of `v`. - * DEPRECATED: Use the `SSA.qll` library instead. - */ -deprecated predicate localDefinitionOverwrites(LocalVariable v, VarDef earlier, VarDef later) { - exists(BasicBlock bb, int next | next = nextDefAfter(bb, v, _, earlier) | - bb.defAt(next, v, later) - or - exists(BasicBlock succ | succ = bb.getASuccessor() | - succ.localMayBeOverwritten(v, later) and - next = bb.length() - ) - ) -} diff --git a/javascript/ql/lib/semmle/javascript/E4X.qll b/javascript/ql/lib/semmle/javascript/E4X.qll index 47f1b8e4189..cd112d60664 100644 --- a/javascript/ql/lib/semmle/javascript/E4X.qll +++ b/javascript/ql/lib/semmle/javascript/E4X.qll @@ -16,9 +16,6 @@ module E4X { */ class XmlAnyName extends Expr, @e4x_xml_anyname { } - /** DEPRECATED: Alias for XmlAnyName */ - deprecated class XMLAnyName = XmlAnyName; - /** * An E4X qualified identifier. * @@ -57,9 +54,6 @@ module E4X { } } - /** DEPRECATED: Alias for XmlQualifiedIdentifier */ - deprecated class XMLQualifiedIdentifier = XmlQualifiedIdentifier; - /** * An E4X attribute selector. * @@ -89,9 +83,6 @@ module E4X { } } - /** DEPRECATED: Alias for XmlAttributeSelector */ - deprecated class XMLAttributeSelector = XmlAttributeSelector; - /** * An E4X filter expression. * @@ -117,9 +108,6 @@ module E4X { } } - /** DEPRECATED: Alias for XmlFilterExpression */ - deprecated class XMLFilterExpression = XmlFilterExpression; - /** * An E4X "dot-dot" expression. * @@ -144,7 +132,4 @@ module E4X { result = this.getBase().getFirstControlFlowNode() } } - - /** DEPRECATED: Alias for XmlDotDotExpression */ - deprecated class XMLDotDotExpression = XmlDotDotExpression; } diff --git a/javascript/ql/lib/semmle/javascript/JSON.qll b/javascript/ql/lib/semmle/javascript/JSON.qll index c0d78c078da..1e56fc00657 100644 --- a/javascript/ql/lib/semmle/javascript/JSON.qll +++ b/javascript/ql/lib/semmle/javascript/JSON.qll @@ -61,9 +61,6 @@ class JsonValue extends @json_value, Locatable { override string getAPrimaryQlClass() { result = "JsonValue" } } -/** DEPRECATED: Alias for JsonValue */ -deprecated class JSONValue = JsonValue; - /** * A JSON-encoded primitive value. * @@ -85,9 +82,6 @@ abstract class JsonPrimitiveValue extends JsonValue { string getRawValue() { json_literals(_, result, this) } } -/** DEPRECATED: Alias for JsonPrimitiveValue */ -deprecated class JSONPrimitiveValue = JsonPrimitiveValue; - /** * A JSON-encoded null value. * @@ -101,9 +95,6 @@ class JsonNull extends @json_null, JsonPrimitiveValue { override string getAPrimaryQlClass() { result = "JsonNull" } } -/** DEPRECATED: Alias for JsonNull */ -deprecated class JSONNull = JsonNull; - /** * A JSON-encoded Boolean value. * @@ -118,9 +109,6 @@ class JsonBoolean extends @json_boolean, JsonPrimitiveValue { override string getAPrimaryQlClass() { result = "JsonBoolean" } } -/** DEPRECATED: Alias for JsonBoolean */ -deprecated class JSONBoolean = JsonBoolean; - /** * A JSON-encoded number. * @@ -135,9 +123,6 @@ class JsonNumber extends @json_number, JsonPrimitiveValue { override string getAPrimaryQlClass() { result = "JsonNumber" } } -/** DEPRECATED: Alias for JsonNumber */ -deprecated class JSONNumber = JsonNumber; - /** * A JSON-encoded string value. * @@ -151,9 +136,6 @@ class JsonString extends @json_string, JsonPrimitiveValue { override string getAPrimaryQlClass() { result = "JsonString" } } -/** DEPRECATED: Alias for JsonString */ -deprecated class JSONString = JsonString; - /** * A JSON-encoded array. * @@ -170,9 +152,6 @@ class JsonArray extends @json_array, JsonValue { string getElementStringValue(int i) { result = this.getElementValue(i).getStringValue() } } -/** DEPRECATED: Alias for JsonArray */ -deprecated class JSONArray = JsonArray; - /** * A JSON-encoded object. * @@ -189,9 +168,6 @@ class JsonObject extends @json_object, JsonValue { string getPropStringValue(string name) { result = this.getPropValue(name).getStringValue() } } -/** DEPRECATED: Alias for JsonObject */ -deprecated class JSONObject = JsonObject; - /** * An error reported by the JSON parser. */ @@ -200,6 +176,3 @@ class JsonParseError extends @json_parse_error, Error { override string getMessage() { json_errors(this, result) } } - -/** DEPRECATED: Alias for JsonParseError */ -deprecated class JSONParseError = JsonParseError; diff --git a/javascript/ql/lib/semmle/javascript/JSX.qll b/javascript/ql/lib/semmle/javascript/JSX.qll index fa8f79fb2bb..6fd7c775d4e 100644 --- a/javascript/ql/lib/semmle/javascript/JSX.qll +++ b/javascript/ql/lib/semmle/javascript/JSX.qll @@ -30,9 +30,6 @@ class JsxNode extends Expr, @jsx_element { override string getAPrimaryQlClass() { result = "JsxNode" } } -/** DEPRECATED: Alias for JsxNode */ -deprecated class JSXNode = JsxNode; - /** * A JSX element. * @@ -81,9 +78,6 @@ class JsxElement extends JsxNode { deprecated predicate isHTMLElement() { this.isHtmlElement() } } -/** DEPRECATED: Alias for JsxElement */ -deprecated class JSXElement = JsxElement; - /** * A JSX fragment. * @@ -105,9 +99,6 @@ class JsxFragment extends JsxNode { override string getAPrimaryQlClass() { result = "JsxFragment" } } -/** DEPRECATED: Alias for JsxFragment */ -deprecated class JSXFragment = JsxFragment; - /** * An attribute of a JSX element, including spread attributes. * @@ -154,9 +145,6 @@ class JsxAttribute extends AstNode, @jsx_attribute { override string getAPrimaryQlClass() { result = "JsxAttribute" } } -/** DEPRECATED: Alias for JsxAttribute */ -deprecated class JSXAttribute = JsxAttribute; - /** * A spread attribute of a JSX element. * @@ -175,9 +163,6 @@ class JsxSpreadAttribute extends JsxAttribute { } } -/** DEPRECATED: Alias for JsxSpreadAttribute */ -deprecated class JSXSpreadAttribute = JsxSpreadAttribute; - /** * A namespace-qualified name such as `n:a`. * @@ -201,9 +186,6 @@ class JsxQualifiedName extends Expr, @jsx_qualified_name { override string getAPrimaryQlClass() { result = "JsxQualifiedName" } } -/** DEPRECATED: Alias for JsxQualifiedName */ -deprecated class JSXQualifiedName = JsxQualifiedName; - /** * A name of an JSX element or attribute (which is * always an identifier, a dot expression, or a qualified @@ -244,9 +226,6 @@ class JsxName extends Expr { } } -/** DEPRECATED: Alias for JsxName */ -deprecated class JSXName = JsxName; - /** * An interpolating expression that interpolates nothing. * @@ -260,9 +239,6 @@ class JsxEmptyExpr extends Expr, @jsx_empty_expr { override string getAPrimaryQlClass() { result = "JsxEmptyExpr" } } -/** DEPRECATED: Alias for JsxEmptyExpr */ -deprecated class JSXEmptyExpr = JsxEmptyExpr; - /** * A legacy `@jsx` pragma. * @@ -284,6 +260,3 @@ class JsxPragma extends JSDocTag { /** DEPRECATED: Alias for getDomName */ deprecated string getDOMName() { result = this.getDomName() } } - -/** DEPRECATED: Alias for JsxPragma */ -deprecated class JSXPragma = JsxPragma; diff --git a/javascript/ql/lib/semmle/javascript/JsonStringifiers.qll b/javascript/ql/lib/semmle/javascript/JsonStringifiers.qll index 0ca2ec2ac2e..d128dd9a653 100644 --- a/javascript/ql/lib/semmle/javascript/JsonStringifiers.qll +++ b/javascript/ql/lib/semmle/javascript/JsonStringifiers.qll @@ -77,6 +77,3 @@ class PrettyJsonTaintStep extends TaintTracking::SharedTaintStep { ) } } - -/** DEPRECATED: Alias for PrettyJsonTaintStep */ -deprecated class PrettyJSONTaintStep = PrettyJsonTaintStep; diff --git a/javascript/ql/lib/semmle/javascript/NPM.qll b/javascript/ql/lib/semmle/javascript/NPM.qll index e1059d94930..0bf92c5d29a 100644 --- a/javascript/ql/lib/semmle/javascript/NPM.qll +++ b/javascript/ql/lib/semmle/javascript/NPM.qll @@ -262,9 +262,6 @@ class PackageJson extends JsonObject { Module getTypingsModule() { result.getFile() = this.getTypingsFile() } } -/** DEPRECATED: Alias for PackageJson */ -deprecated class PackageJSON = PackageJson; - /** * A representation of bug tracker information for an NPM package. */ @@ -370,9 +367,6 @@ class NpmPackage extends @folder { /** Gets the `package.json` object of this package. */ PackageJson getPackageJson() { result = pkg } - /** DEPRECATED: Alias for getPackageJson */ - deprecated PackageJSON getPackageJSON() { result = this.getPackageJson() } - /** Gets the name of this package. */ string getPackageName() { result = this.getPackageJson().getPackageName() } @@ -411,9 +405,6 @@ class NpmPackage extends @folder { predicate declaresDependency(string p, string v) { pkg.declaresDependency(p, v) } } -/** DEPRECATED: Alias for NpmPackage */ -deprecated class NPMPackage = NpmPackage; - /** * Gets the parent folder of `c`, provided that they belong to the same NPM * package; that is, `c` must not be a `node_modules` folder. diff --git a/javascript/ql/lib/semmle/javascript/PrintAst.qll b/javascript/ql/lib/semmle/javascript/PrintAst.qll index 5c4960e041c..0defda1dc6b 100644 --- a/javascript/ql/lib/semmle/javascript/PrintAst.qll +++ b/javascript/ql/lib/semmle/javascript/PrintAst.qll @@ -391,9 +391,6 @@ private module PrintJavaScript { } } - /** DEPRECATED: Alias for JsxNodeNode */ - deprecated class JSXNodeNode = JsxNodeNode; - /** * An aggregate node representing all the attributes in a `JSXNode`. */ @@ -409,17 +406,11 @@ private module PrintJavaScript { */ JsxElement getJsxElement() { result = n } - /** DEPRECATED: Alias for getJsxElement */ - deprecated JSXElement getJSXElement() { result = this.getJsxElement() } - override PrintAstNode getChild(int childIndex) { result.(ElementNode).getElement() = n.getAttribute(childIndex) } } - /** DEPRECATED: Alias for JsxAttributesNode */ - deprecated class JSXAttributesNode = JsxAttributesNode; - /** * An aggregate node representing all the body elements in a `JSXNode`. */ @@ -435,17 +426,11 @@ private module PrintJavaScript { */ JsxNode getJsxNode() { result = n } - /** DEPRECATED: Alias for getJsxNode */ - deprecated JSXNode getJSXNode() { result = this.getJsxNode() } - override PrintAstNode getChild(int childIndex) { result.(ElementNode).getElement() = n.getBodyElement(childIndex) } } - /** DEPRECATED: Alias for JsxBodyElementsNode */ - deprecated class JSXBodyElementsNode = JsxBodyElementsNode; - /** * A node representing any `ASTNode` that has type-parameters. * @@ -582,9 +567,6 @@ private module PrintJson { } } - /** DEPRECATED: Alias for JsonNode */ - deprecated class JSONNode = JsonNode; - /** Provied predicates for pretty printing JSON. */ private module PrettyPrinting { /** @@ -655,9 +637,6 @@ module PrintYaml { } } - /** DEPRECATED: Alias for YamlNodeNode */ - deprecated class YAMLNodeNode = YamlNodeNode; - /** * A print node representing a `YAMLMapping`. * @@ -671,9 +650,6 @@ module PrintYaml { } } - /** DEPRECATED: Alias for YamlMappingNode */ - deprecated class YAMLMappingNode = YamlMappingNode; - /** * A print node representing the `i`th mapping in `mapping`. */ @@ -703,14 +679,8 @@ module PrintYaml { childIndex = 1 and result.(YamlNodeNode).getValue() = mapping.getValueNode(i) } } - - /** DEPRECATED: Alias for YamlMappingMapNode */ - deprecated class YAMLMappingMapNode = YamlMappingMapNode; } -/** DEPRECATED: Alias for PrintYaml */ -deprecated module PrintYAML = PrintYaml; - /** * Classes for printing HTML AST. */ @@ -741,9 +711,6 @@ module PrintHtml { } } - /** DEPRECATED: Alias for HtmlElementNode */ - deprecated class HTMLElementNode = HtmlElementNode; - /** * A print node representing an HTML node in a .html file. */ @@ -757,9 +724,6 @@ module PrintHtml { } } - /** DEPRECATED: Alias for HtmlScriptElementNode */ - deprecated class HTMLScriptElementNode = HtmlScriptElementNode; - /** * A print node representing the code inside a `<script>` element. */ @@ -785,9 +749,6 @@ module PrintHtml { } } - /** DEPRECATED: Alias for HtmlScript */ - deprecated class HTMLScript = HtmlScript; - /** * A print node representing the code inside an attribute. */ @@ -813,9 +774,6 @@ module PrintHtml { } } - /** DEPRECATED: Alias for HtmlCodeInAttr */ - deprecated class HTMLCodeInAttr = HtmlCodeInAttr; - /** * An aggregate node representing all the attributes of an HTMLElement. */ @@ -838,9 +796,6 @@ module PrintHtml { } } - /** DEPRECATED: Alias for HtmlAttributesNodes */ - deprecated class HTMLAttributesNodes = HtmlAttributesNodes; - /** * A print node representing an HTML attribute in a .html file. */ @@ -862,14 +817,8 @@ module PrintHtml { childIndex = 0 and result.(HtmlCodeInAttr).getCode() = attr.getCodeInAttribute() } } - - /** DEPRECATED: Alias for HtmlAttributeNode */ - deprecated class HTMLAttributeNode = HtmlAttributeNode; } -/** DEPRECATED: Alias for PrintHtml */ -deprecated module PrintHTML = PrintHtml; - /** Holds if `node` belongs to the output tree, and its property `key` has the given `value`. */ query predicate nodes(PrintAstNode node, string key, string value) { value = node.getProperty(key) } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll index c013dab3680..e8c2b563c92 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll @@ -1817,6 +1817,4 @@ module DataFlow { import Configuration import TypeTracking import internal.FunctionWrapperSteps - - deprecated predicate localTaintStep = TaintTracking::localTaintStep/2; } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll index 2e80990ac13..96d97a270c6 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll @@ -419,16 +419,6 @@ module TaintTracking { import Cached::Public - /** - * Holds if `pred -> succ` is a taint propagating data flow edge through a string operation. - * DEPRECATED: Use `stringConcatenationStep` and `stringManipulationStep` instead. - */ - pragma[inline] - deprecated predicate stringStep(DataFlow::Node pred, DataFlow::Node succ) { - stringConcatenationStep(pred, succ) or - stringManipulationStep(pred, succ) - } - /** * Holds if `pred -> succ` is an edge used by all taint-tracking configurations. */ @@ -1241,13 +1231,4 @@ module TaintTracking { override predicate appliesTo(Configuration cfg) { any() } } - - /** - * Holds if taint propagates from `pred` to `succ` in one local (intra-procedural) step. - * DEPRECATED: Use `TaintTracking::sharedTaintStep` and `DataFlow::Node::getALocalSource()` instead. - */ - deprecated predicate localTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - DataFlow::localFlowStep(pred, succ) or - sharedTaintStep(pred, succ) - } } diff --git a/javascript/ql/lib/semmle/javascript/dependencies/Dependencies.qll b/javascript/ql/lib/semmle/javascript/dependencies/Dependencies.qll index 76a285ccd8c..948b8c9aff2 100644 --- a/javascript/ql/lib/semmle/javascript/dependencies/Dependencies.qll +++ b/javascript/ql/lib/semmle/javascript/dependencies/Dependencies.qll @@ -39,9 +39,6 @@ abstract class NpmDependency extends Dependency { /** Gets the name of the NPM package this module belongs to. */ abstract string getNpmPackageName(); - /** DEPRECATED: Alias for getNpmPackageName */ - deprecated string getNPMPackageName() { result = this.getNpmPackageName() } - /** Gets the version of the NPM package this module belongs to. */ abstract string getVersion(); @@ -62,9 +59,6 @@ abstract class NpmDependency extends Dependency { } } -/** DEPRECATED: Alias for NpmDependency */ -deprecated class NPMDependency = NpmDependency; - /** * Gets a variable into which something is imported by `i`. */ @@ -105,9 +99,6 @@ class BundledNpmDependency extends NpmDependency { override string getNpmPackageName() { result = this.getPackageJson().getPackageName() } - /** DEPRECATED: Alias for getNpmPackageName */ - deprecated override string getNPMPackageName() { result = this.getNpmPackageName() } - override string getVersion() { result = this.getPackageJson().getVersion() } override Import getAnImport() { @@ -117,9 +108,6 @@ class BundledNpmDependency extends NpmDependency { } } -/** DEPRECATED: Alias for BundledNpmDependency */ -deprecated class BundledNPMDependency = BundledNpmDependency; - /** * An NPM package referenced in a `package.json` file. */ @@ -139,9 +127,6 @@ class ExternalNpmDependency extends NpmDependency { exists(PackageDependencies pkgdeps | this = pkgdeps.getPropValue(result)) } - /** DEPRECATED: Alias for getNpmPackageName */ - deprecated override string getNPMPackageName() { result = this.getNpmPackageName() } - private string getVersionNumber() { exists(string versionRange | versionRange = this.(JsonString).getValue() | // extract a concrete version from the version range; currently, @@ -166,9 +151,6 @@ class ExternalNpmDependency extends NpmDependency { } } -/** DEPRECATED: Alias for ExternalNpmDependency */ -deprecated class ExternalNPMDependency = ExternalNpmDependency; - /** * Holds if import `i` may refer to the declared dependency `dep` of package `pkg`, * where the result value is the nesting depth of the file containing `i` within `pkg`. diff --git a/javascript/ql/lib/semmle/javascript/dependencies/FrameworkLibraries.qll b/javascript/ql/lib/semmle/javascript/dependencies/FrameworkLibraries.qll index 32a2941c1ab..9ff96a58fdc 100644 --- a/javascript/ql/lib/semmle/javascript/dependencies/FrameworkLibraries.qll +++ b/javascript/ql/lib/semmle/javascript/dependencies/FrameworkLibraries.qll @@ -137,14 +137,8 @@ abstract class FrameworkLibraryWithUrlRegex extends FrameworkLibrary { * the version number. */ abstract string getAUrlRegex(); - - /** DEPRECATED: Alias for getAUrlRegex */ - deprecated string getAURLRegex() { result = this.getAUrlRegex() } } -/** DEPRECATED: Alias for FrameworkLibraryWithUrlRegex */ -deprecated class FrameworkLibraryWithURLRegex = FrameworkLibraryWithUrlRegex; - /** * A framework library that is referenced by URLs containing the name * of the framework (or an alias) and a version string. @@ -175,14 +169,8 @@ abstract class FrameworkLibraryWithGenericUrl extends FrameworkLibraryWithUrlReg "\\.js" ) } - - /** DEPRECATED: Alias for getAUrlRegex */ - deprecated override string getAURLRegex() { result = this.getAUrlRegex() } } -/** DEPRECATED: Alias for FrameworkLibraryWithGenericUrl */ -deprecated class FrameworkLibraryWithGenericURL = FrameworkLibraryWithGenericUrl; - /** * Gets a regular expression identifying suffixes that are commonly appended * to the name of a library to distinguish minor variants. @@ -282,9 +270,6 @@ class FrameworkLibraryReferenceWithUrl extends FrameworkLibraryReference { override predicate info(FrameworkLibrary fl, string v) { matchUrl(this, fl, v) } } -/** DEPRECATED: Alias for FrameworkLibraryReferenceWithUrl */ -deprecated class FrameworkLibraryReferenceWithURL = FrameworkLibraryReferenceWithUrl; - /** * Holds if the value of `src` attribute `attr` matches the URL pattern of library * `fl` at `version`. @@ -953,9 +938,6 @@ private class ApplicationInsights extends FrameworkLibraryWithUrlRegex { ApplicationInsights() { this = "ApplicationInsights" } override string getAUrlRegex() { result = ".*(?:^|/)ai\\.(" + semverRegex() + ")-build\\d+\\.js" } - - /** DEPRECATED: Alias for getAUrlRegex */ - deprecated override string getAURLRegex() { result = this.getAUrlRegex() } } /** @@ -974,9 +956,6 @@ private class TwitterTextClassic extends FrameworkLibraryWithUrlRegex { TwitterTextClassic() { this = "twitter-text" } override string getAUrlRegex() { result = ".*(?:^|/)twitter_text" + variantRegex() + "\\.js" } - - /** DEPRECATED: Alias for getAUrlRegex */ - deprecated override string getAURLRegex() { result = this.getAUrlRegex() } } /** diff --git a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll index 73e3308329a..13879fda3e7 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll @@ -631,9 +631,6 @@ module ClientRequest { } } - /** DEPRECATED: Alias for XmlHttpRequest */ - deprecated class XMLHttpRequest = XmlHttpRequest; - /** * A model of a URL request made using the `XhrIo` class from the closure library. */ @@ -814,9 +811,6 @@ module ClientRequest { override DataFlow::Node getADataNode() { none() } } - /** DEPRECATED: Alias for JSDomFromUrl */ - deprecated class JSDOMFromUrl = JSDomFromUrl; - /** * Classes and predicates modeling the `apollo-client` library. */ diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Files.qll b/javascript/ql/lib/semmle/javascript/frameworks/Files.qll index 244c9c502c2..853d122b301 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Files.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Files.qll @@ -250,9 +250,6 @@ private module JsonFile { } } - /** DEPRECATED: Alias for JsonFileReader */ - deprecated class JSONFileReader = JsonFileReader; - /** * A writer for JSON files. */ @@ -267,9 +264,6 @@ private module JsonFile { override DataFlow::Node getADataNode() { result = this.getArgument(1) } } - - /** DEPRECATED: Alias for JsonFileWriter */ - deprecated class JSONFileWriter = JsonFileWriter; } /** diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Markdown.qll b/javascript/ql/lib/semmle/javascript/frameworks/Markdown.qll index 5a60a8ac84d..fa8fd4da565 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Markdown.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Markdown.qll @@ -22,9 +22,6 @@ module Markdown { * Holds if the taint-step preserves HTML. */ predicate preservesHtml() { any() } - - /** DEPRECATED: Alias for preservesHtml */ - deprecated predicate preservesHTML() { this.preservesHtml() } } private class MarkdownStepAsTaintStep extends TaintTracking::SharedTaintStep { diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll index 5ed808456d3..913753ff9da 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll @@ -241,9 +241,6 @@ module NextJS { } } - /** DEPRECATED: Alias for NextApiRouteHandler */ - deprecated class NextAPIRouteHandler = NextApiRouteHandler; - /** * Gets a reference to a [Next.js router](https://nextjs.org/docs/api-reference/next/router). */ diff --git a/javascript/ql/lib/semmle/javascript/frameworks/NoSQL.qll b/javascript/ql/lib/semmle/javascript/frameworks/NoSQL.qll index 56e9c6f4406..2525f1d0c3d 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/NoSQL.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/NoSQL.qll @@ -17,9 +17,6 @@ module NoSql { } } -/** DEPRECATED: Alias for NoSql */ -deprecated module NoSQL = NoSql; - /** * Provides classes modeling the `mongodb` and `mongoose` libraries. */ diff --git a/javascript/ql/lib/semmle/javascript/frameworks/UriLibraries.qll b/javascript/ql/lib/semmle/javascript/frameworks/UriLibraries.qll index f10bb58b8fc..0a262d154b2 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/UriLibraries.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/UriLibraries.qll @@ -4,9 +4,6 @@ import javascript -/** DEPRECATED: Alias for `Urijs` */ -deprecated module urijs = Urijs; - /** * Provides classes for working with [urijs](http://medialize.github.io/URI.js/) code. */ @@ -73,9 +70,6 @@ module Urijs { } } -/** DEPRECATED: Alias for `Uridashjs` */ -deprecated module uridashjs = Uridashjs; - /** * Provides classes for working with [uri-js](https://github.com/garycourt/uri-js) code. */ @@ -101,9 +95,6 @@ module Uridashjs { } } -/** DEPRECATED: Alias for `Punycode` */ -deprecated module punycode = Punycode; - /** * Provides classes for working with [punycode](https://github.com/bestiejs/punycode.js) code. */ @@ -129,9 +120,6 @@ module Punycode { } } -/** DEPRECATED: Alias for `UrlParse` */ -deprecated module urlParse = UrlParse; - /** * Provides classes for working with [url-parse](https://github.com/unshiftio/url-parse) code. */ @@ -169,9 +157,6 @@ module UrlParse { } } -/** DEPRECATED: Alias for `Querystringify` */ -deprecated module querystringify = Querystringify; - /** * Provides classes for working with [querystringify](https://github.com/unshiftio/querystringify) code. */ @@ -202,9 +187,6 @@ module Querystringify { } } -/** DEPRECATED: Alias for `Querydashstring` */ -deprecated module querydashstring = Querydashstring; - /** * Provides classes for working with [query-string](https://github.com/sindresorhus/query-string) code. */ @@ -230,9 +212,6 @@ module Querydashstring { } } -/** DEPRECATED: Alias for `Url` */ -deprecated module url = Url; - /** * Provides classes for working with [url](https://nodejs.org/api/url.html) code. */ @@ -256,9 +235,6 @@ module Url { } } -/** DEPRECATED: Alias for `Querystring` */ -deprecated module querystring = Querystring; - /** * Provides classes for working with [querystring](https://nodejs.org/api/querystring.html) code. */ diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll index abdfe3bc445..d2fc69751d6 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll @@ -249,9 +249,6 @@ module ServerWebSocket { override Http::RouteHandler getRouteHandler() { result = handler } } - /** DEPRECATED: Alias for ServerHttpRequest */ - deprecated class ServerHTTPRequest = ServerHttpRequest; - /** * An access user-controlled HTTP request input in a request to a WebSocket server. */ diff --git a/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll b/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll index cc1404e34e7..59639f3d904 100644 --- a/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll +++ b/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll @@ -286,9 +286,6 @@ module Stages { } } - /** DEPRECATED: Alias for ApiStage */ - deprecated module APIStage = ApiStage; - /** * The `taint` stage. */ diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll index e68a0b604b0..5d658b23b59 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll @@ -255,9 +255,6 @@ module CodeInjection { NoSqlCodeInjectionSink() { any(NoSql::Query q).getACodeOperator() = this } } - /** DEPRECATED: Alias for NoSqlCodeInjectionSink */ - deprecated class NoSQLCodeInjectionSink = NoSqlCodeInjectionSink; - /** * The first argument to `Module.prototype._compile`, considered as a code-injection sink. */ @@ -427,9 +424,6 @@ module CodeInjection { */ class JsonStringifySanitizer extends Sanitizer, JsonStringifyCall { } - /** DEPRECATED: Alias for JsonStringifySanitizer */ - deprecated class JSONStringifySanitizer = JsonStringifySanitizer; - private class SinkFromModel extends Sink { SinkFromModel() { this = ModelOutput::getASinkNode("code-injection").asSink() } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll index 21fb6f785af..e007bdd8ede 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll @@ -18,9 +18,6 @@ class DomGlobalVariable extends GlobalVariable { } } -/** DEPRECATED: Alias for DomGlobalVariable */ -deprecated class DOMGlobalVariable = DomGlobalVariable; - /** * DEPRECATED: Use `isDomNode` instead. * Holds if `e` could hold a value that comes from the DOM. @@ -45,27 +42,6 @@ predicate isLocationNode(DataFlow::Node e) { e = DataFlow::globalVarRef("location") } -/** - * DEPRECATED: Use DOM::documentRef() instead. - * Gets a reference to the 'document' object. - */ -deprecated DataFlow::SourceNode document() { result = DOM::documentRef() } - -/** - * DEPRECATED: Use DOM::documentRef() instead. - * Holds if `e` could refer to the `document` object. - */ -deprecated predicate isDocument(Expr e) { DOM::documentRef().flowsToExpr(e) } - -/** - * DEPRECATED: Use DOM::locationSource() instead. - * Holds if `e` could refer to the document URL. - */ -deprecated predicate isDocumentUrl(Expr e) { e.flow() = DOM::locationSource() } - -/** DEPRECATED: Alias for isDocumentUrl */ -deprecated predicate isDocumentURL = isDocumentUrl/1; - /** * DEPRECATED. In most cases, a sanitizer based on this predicate can be removed, as * taint tracking no longer step through the properties of the location object by default. @@ -179,9 +155,6 @@ deprecated class DomPropWriteNode extends Assignment { */ predicate interpretsValueAsHtml() { node.interpretsValueAsHtml() } - /** DEPRECATED: Alias for interpretsValueAsHtml */ - deprecated predicate interpretsValueAsHTML() { this.interpretsValueAsHtml() } - /** * Holds if the assigned value is interpreted as JavaScript via javascript: protocol. */ diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll index e26b4eea8c8..fa64b7300b0 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll @@ -8,12 +8,6 @@ private import semmle.javascript.security.TaintedUrlSuffix import DomBasedXssCustomizations::DomBasedXss private import Xss::Shared as Shared -/** DEPRECATED. Use `Configuration`. */ -deprecated class HtmlInjectionConfiguration = Configuration; - -/** DEPRECATED. Use `Configuration`. */ -deprecated class JQueryHtmlOrSelectorInjectionConfiguration = Configuration; - /** * A sink that is not a URL write or a JQuery selector, * assumed to be a value that is interpreted as HTML. diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedData.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedData.qll index 31963b6843e..c070fdff662 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedData.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedData.qll @@ -5,6 +5,3 @@ private import ExternalAPIUsedWithUntrustedDataQuery as ExternalApiUsedWithUntru /** DEPRECATED. Import `ExternalApiUsedWithUntrustedDataQuery` instead. */ deprecated module ExternalApiUsedWithUntrustedData = ExternalApiUsedWithUntrustedDataQuery; - -/** DEPRECATED: Alias for ExternalApiUsedWithUntrustedData */ -deprecated module ExternalAPIUsedWithUntrustedData = ExternalApiUsedWithUntrustedData; diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataCustomizations.qll index f17eab628ff..fac7b95fe80 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataCustomizations.qll @@ -64,9 +64,6 @@ module ExternalApiUsedWithUntrustedData { SafeExternalApiPackage() { exists(API::moduleImport(this)) } } - /** DEPRECATED: Alias for SafeExternalApiPackage */ - deprecated class SafeExternalAPIPackage = SafeExternalApiPackage; - private class DefaultSafeExternalApiPackage extends SafeExternalApiPackage { DefaultSafeExternalApiPackage() { // Promise libraries are safe and generate too much noise if included @@ -83,9 +80,6 @@ module ExternalApiUsedWithUntrustedData { */ abstract class SafeExternalApiFunction extends API::Node { } - /** DEPRECATED: Alias for SafeExternalApiFunction */ - deprecated class SafeExternalAPIFunction = SafeExternalApiFunction; - /** Holds if data read from a use of `f` may originate from an imported package. */ private predicate mayComeFromLibrary(API::Node f) { // base case: import @@ -371,6 +365,3 @@ module ExternalApiUsedWithUntrustedData { } } } - -/** DEPRECATED: Alias for ExternalApiUsedWithUntrustedData */ -deprecated module ExternalAPIUsedWithUntrustedData = ExternalApiUsedWithUntrustedData; diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll index 9335098af37..857cf837de2 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll @@ -61,9 +61,6 @@ class Configuration extends TaintTracking::Configuration { /** A node representing data being passed to an external API. */ class ExternalApiDataNode extends DataFlow::Node instanceof Sink { } -/** DEPRECATED: Alias for ExternalApiDataNode */ -deprecated class ExternalAPIDataNode = ExternalApiDataNode; - /** A node representing untrusted data being passed to an external API. */ class UntrustedExternalApiDataNode extends ExternalApiDataNode { UntrustedExternalApiDataNode() { any(Configuration c).hasFlow(_, this) } @@ -72,9 +69,6 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode { DataFlow::Node getAnUntrustedSource() { any(Configuration c).hasFlow(result, this) } } -/** DEPRECATED: Alias for UntrustedExternalApiDataNode */ -deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode; - /** * Name of an external API sink, boxed in a newtype for consistency with other languages. */ @@ -102,6 +96,3 @@ class ExternalApiUsedWithUntrustedData extends TExternalApi { /** Gets a textual representation of this element. */ string toString() { this = MkExternalApiNode(result) } } - -/** DEPRECATED: Alias for ExternalApiUsedWithUntrustedData */ -deprecated class ExternalAPIUsedWithUntrustedData = ExternalApiUsedWithUntrustedData; diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationCustomizations.qll index 8968360d636..4bf212b90d2 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationCustomizations.qll @@ -35,9 +35,6 @@ module ImproperCodeSanitization { */ class JsonStringifyAsSource extends Source instanceof JsonStringifyCall { } - /** DEPRECATED: Alias for JsonStringifyAsSource */ - deprecated class JSONStringifyAsSource = JsonStringifyAsSource; - /** * A leaf in a string-concatenation, where the string-concatenation constructs code that looks like a function. */ diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadCustomizations.qll index 0a34642ffd8..dc383df448c 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadCustomizations.qll @@ -51,18 +51,12 @@ module InsecureDownload { SensitiveInsecureUrl() { this = "sensitiveInsecure" } } - /** DEPRECATED: Alias for SensitiveInsecureUrl */ - deprecated class SensitiveInsecureURL = SensitiveInsecureUrl; - /** * A flow-label for a URL that is downloaded over an insecure connection. */ class InsecureUrl extends DataFlow::FlowLabel { InsecureUrl() { this = "insecure" } } - - /** DEPRECATED: Alias for InsecureUrl */ - deprecated class InsecureURL = InsecureUrl; } /** @@ -127,9 +121,6 @@ module InsecureDownload { } } - /** DEPRECATED: Alias for ClientRequestUrl */ - deprecated class ClientRequestURL = ClientRequestUrl; - /** * Gets a node for the response from `request`, type-tracked using `t`. */ diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionCustomizations.qll index 5c309b07727..90579211a3f 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionCustomizations.qll @@ -145,9 +145,6 @@ module UnsafeHtmlConstruction { override string describe() { result = "HTML construction" } } - /** DEPRECATED: Alias for HtmlConcatenationSink */ - deprecated class HTMLConcatenationSink = HtmlConcatenationSink; - /** * A string parsed as XML, which is later used in an XSS sink. */ @@ -162,9 +159,6 @@ module UnsafeHtmlConstruction { override string describe() { result = "XML parsing" } } - /** DEPRECATED: Alias for XmlParsedSink */ - deprecated class XMLParsedSink = XmlParsedSink; - /** * A string rendered as markdown, where the rendering preserves HTML. */ diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll index 216243fb8a5..8c881e49226 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll @@ -97,9 +97,6 @@ module Shared { } } - /** DEPRECATED: Alias for ContainsHtmlGuard */ - deprecated class ContainsHTMLGuard = ContainsHtmlGuard; - /** * Holds if `str` is used in a switch-case that has cases matching HTML escaping. */ diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll index bd3aa65aa4d..a1074e49eb2 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll @@ -137,9 +137,6 @@ module XssThroughDom { override string getPropertyName() { result = prop } } - /** DEPRECATED: Alias for DomTextSource */ - deprecated class DOMTextSource = DomTextSource; - /** The `files` property of an `<input />` element */ class FilesSource extends Source { FilesSource() { this = DOM::domValueRef().getAPropertyRead("files") } diff --git a/javascript/ql/src/Declarations/Definitions.qll b/javascript/ql/src/Declarations/Definitions.qll index a7034ad5093..7046b14f09d 100644 --- a/javascript/ql/src/Declarations/Definitions.qll +++ b/javascript/ql/src/Declarations/Definitions.qll @@ -1,13 +1 @@ import javascript - -/** - * DEPRECATED: Use `SsaDefinition` from `SSA.qll` instead. - * An identifier appearing in a defining position. - */ -deprecated class DefiningIdentifier extends Identifier { - DefiningIdentifier() { - this instanceof VarDecl or - exists(Assignment assgn | this = assgn.getLhs()) or - exists(UpdateExpr upd | this = upd.getOperand()) - } -} diff --git a/javascript/ql/test/library-tests/frameworks/ReactJS/ReactName.qll b/javascript/ql/test/library-tests/frameworks/ReactJS/ReactName.qll index 940332693a7..885f1f38a57 100644 --- a/javascript/ql/test/library-tests/frameworks/ReactJS/ReactName.qll +++ b/javascript/ql/test/library-tests/frameworks/ReactJS/ReactName.qll @@ -15,6 +15,3 @@ query predicate test_JSXname(JsxElement element, JsxName jsxname, string name, s } query ThisExpr test_JsxName_this(JsxElement element) { result.getParentExpr+() = element } - -/** DEPRECATED: Alias for test_JsxName_this */ -deprecated ThisExpr test_JSXName_this(JSXElement element) { result = test_JsxName_this(element) } diff --git a/javascript/ql/test/tutorials/Validating RAML-based APIs/Osprey.qll b/javascript/ql/test/tutorials/Validating RAML-based APIs/Osprey.qll index 385e3b8e7dd..02375976126 100644 --- a/javascript/ql/test/tutorials/Validating RAML-based APIs/Osprey.qll +++ b/javascript/ql/test/tutorials/Validating RAML-based APIs/Osprey.qll @@ -30,9 +30,6 @@ class OspreyCreateApiCall extends MethodCallExpr { } } -/** DEPRECATED: Alias for OspreyCreateApiCall */ -deprecated class OspreyCreateAPICall = OspreyCreateApiCall; - /** A variable in which an Osprey API object is stored. */ class OspreyApi extends Variable { OspreyApi() { this.getAnAssignedExpr() instanceof OspreyCreateApiCall } @@ -40,9 +37,6 @@ class OspreyApi extends Variable { File getSpecFile() { result = this.getAnAssignedExpr().(OspreyCreateApiCall).getSpecFile() } } -/** DEPRECATED: Alias for OspreyApi */ -deprecated class OspreyAPI = OspreyApi; - /** An Osprey REST method definition. */ class OspreyMethodDefinition extends MethodCallExpr { OspreyMethodDefinition() { diff --git a/javascript/ql/test/tutorials/Validating RAML-based APIs/RAML.qll b/javascript/ql/test/tutorials/Validating RAML-based APIs/RAML.qll index 5c22bf65ab9..50bd4a6ed03 100644 --- a/javascript/ql/test/tutorials/Validating RAML-based APIs/RAML.qll +++ b/javascript/ql/test/tutorials/Validating RAML-based APIs/RAML.qll @@ -8,9 +8,6 @@ class RamlSpec extends YamlDocument, YamlMapping { RamlSpec() { getLocation().getFile().getExtension() = "raml" } } -/** DEPRECATED: Alias for RamlSpec */ -deprecated class RAMLSpec = RamlSpec; - /** A RAML resource specification. */ class RamlResource extends YamlMapping { RamlResource() { @@ -38,9 +35,6 @@ class RamlResource extends YamlMapping { } } -/** DEPRECATED: Alias for RamlResource */ -deprecated class RAMLResource = RamlResource; - /** A RAML method specification. */ class RamlMethod extends YamlValue { RamlMethod() { @@ -57,6 +51,3 @@ class RamlMethod extends YamlValue { ) } } - -/** DEPRECATED: Alias for RamlMethod */ -deprecated class RAMLMethod = RamlMethod; diff --git a/ruby/ql/lib/codeql/ruby/Concepts.qll b/ruby/ql/lib/codeql/ruby/Concepts.qll index ec27694581f..28d5990e76a 100644 --- a/ruby/ql/lib/codeql/ruby/Concepts.qll +++ b/ruby/ql/lib/codeql/ruby/Concepts.qll @@ -715,14 +715,6 @@ module Http { /** Gets a node which returns the body of the response */ abstract DataFlow::Node getResponseBody(); - /** - * DEPRECATED: overwrite `getAUrlPart` instead. - * - * Gets a node that contributes to the URL of the request. - * Depending on the framework, a request may have multiple nodes which contribute to the URL. - */ - deprecated DataFlow::Node getURL() { none() } - /** * DEPRECATED: override `disablesCertificateValidation/2` instead. * diff --git a/ruby/ql/lib/codeql/ruby/ast/Expr.qll b/ruby/ql/lib/codeql/ruby/ast/Expr.qll index 99d955b3400..3e17c573b50 100644 --- a/ruby/ql/lib/codeql/ruby/ast/Expr.qll +++ b/ruby/ql/lib/codeql/ruby/ast/Expr.qll @@ -11,13 +11,6 @@ private import internal.TreeSitter * This is the root QL class for all expressions. */ class Expr extends Stmt, TExpr { - /** - * DEPRECATED: Use `getConstantValue` instead. - * - * Gets the textual (constant) value of this expression, if any. - */ - deprecated string getValueText() { result = this.getConstantValue().toString() } - /** Gets the constant value of this expression, if any. */ ConstantValue getConstantValue() { result = getConstantValueExpr(this) } } diff --git a/ruby/ql/lib/codeql/ruby/ast/Literal.qll b/ruby/ql/lib/codeql/ruby/ast/Literal.qll index f860cbe5c2b..059db251fc4 100644 --- a/ruby/ql/lib/codeql/ruby/ast/Literal.qll +++ b/ruby/ql/lib/codeql/ruby/ast/Literal.qll @@ -165,14 +165,6 @@ class FileLiteral extends Literal instanceof FileLiteralImpl { * `StringEscapeSequenceComponent`, or `StringInterpolationComponent`. */ class StringComponent extends AstNode instanceof StringComponentImpl { - /** - * DEPRECATED: Use `getConstantValue` instead. - * - * Gets the source text for this string component. Has no result if this is - * a `StringInterpolationComponent`. - */ - deprecated string getValueText() { result = this.getConstantValue().toString() } - /** Gets the constant value of this string component, if any. */ ConstantValue::ConstantStringValue getConstantValue() { result = TString(super.getValue()) } } @@ -218,8 +210,6 @@ class StringInterpolationComponent extends StringComponent, StmtSequence instanc final override Stmt getStmt(int n) { toGenerated(result) = g.getChild(n) } - deprecated final override string getValueText() { none() } - final override ConstantValue::ConstantStringValue getConstantValue() { result = StmtSequence.super.getConstantValue() } @@ -267,8 +257,6 @@ class RegExpInterpolationComponent extends RegExpComponent, StmtSequence instanc final override Stmt getStmt(int n) { toGenerated(result) = g.getChild(n) } - deprecated final override string getValueText() { none() } - final override ConstantValue::ConstantStringValue getConstantValue() { result = StmtSequence.super.getConstantValue() } diff --git a/ruby/ql/lib/codeql/ruby/ast/Pattern.qll b/ruby/ql/lib/codeql/ruby/ast/Pattern.qll index 439881535da..ef778664031 100644 --- a/ruby/ql/lib/codeql/ruby/ast/Pattern.qll +++ b/ruby/ql/lib/codeql/ruby/ast/Pattern.qll @@ -363,19 +363,3 @@ class ReferencePattern extends CasePattern, TReferencePattern { pred = "getExpr" and result = this.getExpr() } } - -/** - * DEPRECATED: Use `ReferencePattern` instead. - * - * A variable reference in a pattern, i.e. `^x` in the following example: - * ```rb - * x = 10 - * case expr - * in ^x then puts "ok" - * end - * ``` - */ -deprecated class VariableReferencePattern extends ReferencePattern, TVariableReferencePattern { - /** Gets the variable access corresponding to this variable reference pattern. */ - final VariableReadAccess getVariableAccess() { result = this.getExpr() } -} diff --git a/ruby/ql/lib/codeql/ruby/controlflow/CfgNodes.qll b/ruby/ql/lib/codeql/ruby/controlflow/CfgNodes.qll index 96c015a6a4a..507b37b6a8f 100644 --- a/ruby/ql/lib/codeql/ruby/controlflow/CfgNodes.qll +++ b/ruby/ql/lib/codeql/ruby/controlflow/CfgNodes.qll @@ -113,13 +113,6 @@ class ExprCfgNode extends AstCfgNode { /** Gets the underlying expression. */ Expr getExpr() { result = e } - /** - * DEPRECATED: Use `getConstantValue` instead. - * - * Gets the textual (constant) value of this expression, if any. - */ - deprecated string getValueText() { result = this.getConstantValue().toString() } - /** Gets the constant value of this expression, if any. */ ConstantValue getConstantValue() { result = getConstantValue(this) } } diff --git a/ruby/ql/lib/codeql/ruby/frameworks/StandardLibrary.qll b/ruby/ql/lib/codeql/ruby/frameworks/StandardLibrary.qll deleted file mode 100644 index d97cdd89dd4..00000000000 --- a/ruby/ql/lib/codeql/ruby/frameworks/StandardLibrary.qll +++ /dev/null @@ -1,97 +0,0 @@ -/** - * This module is deprecated, and exists as a shim to support any existing code that relies on it. - * New code should use `codeql.ruby.frameworks.Core` and `codeql.ruby.frameworks.Stdlib` instead. - */ - -private import codeql.ruby.frameworks.Core as Core -private import codeql.ruby.frameworks.Stdlib as Stdlib - -/** - * DEPRECATED: Import `codeql.ruby.frameworks.Core` instead of `codeql.ruby.frameworks.StandardLibrary`. - */ -deprecated class SubshellLiteralExecution = Core::SubshellLiteralExecution; - -/** - * DEPRECATED: Import `codeql.ruby.frameworks.Core` instead of `codeql.ruby.frameworks.StandardLibrary`. - */ -deprecated class SubshellHeredocExecution = Core::SubshellHeredocExecution; - -/** - * DEPRECATED: Import `codeql.ruby.frameworks.Core` instead of `codeql.ruby.frameworks.StandardLibrary`. - */ -deprecated class BasicObjectInstanceMethodCall = Core::BasicObjectInstanceMethodCall; - -/** - * DEPRECATED: Import `codeql.ruby.frameworks.Core` instead of `codeql.ruby.frameworks.StandardLibrary`. - */ -deprecated predicate basicObjectInstanceMethodName = Core::basicObjectInstanceMethodName/0; - -/** - * DEPRECATED: Import `codeql.ruby.frameworks.Core` instead of `codeql.ruby.frameworks.StandardLibrary`. - */ -deprecated class InstanceEvalCallCodeExecution = Core::InstanceEvalCallCodeExecution; - -/** - * DEPRECATED: Import `codeql.ruby.frameworks.Core` instead of `codeql.ruby.frameworks.StandardLibrary`. - */ -deprecated class ObjectInstanceMethodCall = Core::ObjectInstanceMethodCall; - -/** - * DEPRECATED: Import `codeql.ruby.frameworks.Core` instead of `codeql.ruby.frameworks.StandardLibrary`. - */ -deprecated predicate objectInstanceMethodName = Core::objectInstanceMethodName/0; - -/** - * DEPRECATED: Import `codeql.ruby.frameworks.Core` instead of `codeql.ruby.frameworks.StandardLibrary`. - */ -deprecated class KernelMethodCall = Core::KernelMethodCall; - -/** - * DEPRECATED: Import `codeql.ruby.frameworks.Core` instead of `codeql.ruby.frameworks.StandardLibrary`. - */ -deprecated class KernelSystemCall = Core::KernelSystemCall; - -/** - * DEPRECATED: Import `codeql.ruby.frameworks.Core` instead of `codeql.ruby.frameworks.StandardLibrary`. - */ -deprecated class KernelExecCall = Core::KernelExecCall; - -/** - * DEPRECATED: Import `codeql.ruby.frameworks.Core` instead of `codeql.ruby.frameworks.StandardLibrary`. - */ -deprecated class KernelSpawnCall = Core::KernelSpawnCall; - -/** - * DEPRECATED: Import `codeql.ruby.frameworks.Core` instead of `codeql.ruby.frameworks.StandardLibrary`. - */ -deprecated class EvalCallCodeExecution = Core::EvalCallCodeExecution; - -/** - * DEPRECATED: Import `codeql.ruby.frameworks.Core` instead of `codeql.ruby.frameworks.StandardLibrary`. - */ -deprecated class SendCallCodeExecution = Core::SendCallCodeExecution; - -/** - * DEPRECATED: Import `codeql.ruby.frameworks.Core` instead of `codeql.ruby.frameworks.StandardLibrary`. - */ -deprecated module Module = Core::Module; - -/** - * DEPRECATED: Import `codeql.ruby.frameworks.Core` instead of `codeql.ruby.frameworks.StandardLibrary`. - */ -deprecated module Array = Core::Array; - -/** - * DEPRECATED: Import `codeql.ruby.frameworks.Stdlib` instead of `codeql.ruby.frameworks.StandardLibrary`. - */ -deprecated module Regexp = Core::Regexp; - -/** - * DEPRECATED: Import `codeql.ruby.frameworks.Stdlib` instead of `codeql.ruby.frameworks.StandardLibrary`. - */ -deprecated module Open3 = Stdlib::Open3; - -/** - * DEPRECATED: Import `codeql.ruby.frameworks.Stdlib` instead of `codeql.ruby.frameworks.StandardLibrary`. - */ -deprecated module Logger = Stdlib::Logger; diff --git a/ruby/ql/lib/codeql/ruby/security/ReflectedXSSQuery.qll b/ruby/ql/lib/codeql/ruby/security/ReflectedXSSQuery.qll index e94ddf45d3e..02b0c4b36f9 100644 --- a/ruby/ql/lib/codeql/ruby/security/ReflectedXSSQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/ReflectedXSSQuery.qll @@ -37,6 +37,3 @@ module ReflectedXss { } } } - -/** DEPRECATED: Alias for ReflectedXss */ -deprecated module ReflectedXSS = ReflectedXss; diff --git a/ruby/ql/lib/codeql/ruby/security/StoredXSSQuery.qll b/ruby/ql/lib/codeql/ruby/security/StoredXSSQuery.qll index f08529988c7..74b43195ce6 100644 --- a/ruby/ql/lib/codeql/ruby/security/StoredXSSQuery.qll +++ b/ruby/ql/lib/codeql/ruby/security/StoredXSSQuery.qll @@ -58,6 +58,3 @@ module StoredXss { import TaintTracking::Global<Config> } - -/** DEPRECATED: Alias for StoredXss */ -deprecated module StoredXSS = StoredXss; diff --git a/ruby/ql/lib/codeql/ruby/security/XSS.qll b/ruby/ql/lib/codeql/ruby/security/XSS.qll index d4b99766a58..8196f508b55 100644 --- a/ruby/ql/lib/codeql/ruby/security/XSS.qll +++ b/ruby/ql/lib/codeql/ruby/security/XSS.qll @@ -243,9 +243,6 @@ private module Shared { or isFlowFromHelperMethod(node1, node2) } - - /** DEPRECATED: Alias for isAdditionalXssFlowStep */ - deprecated predicate isAdditionalXSSFlowStep = isAdditionalXssFlowStep/2; } /** @@ -275,9 +272,6 @@ module ReflectedXss { */ predicate isAdditionalXssTaintStep = Shared::isAdditionalXssFlowStep/2; - /** DEPRECATED: Alias for isAdditionalXssTaintStep */ - deprecated predicate isAdditionalXSSTaintStep = isAdditionalXssTaintStep/2; - /** * A HTTP request input, considered as a flow source. */ @@ -286,9 +280,6 @@ module ReflectedXss { } } -/** DEPRECATED: Alias for ReflectedXss */ -deprecated module ReflectedXSS = ReflectedXss; - private module OrmTracking { /** * A data flow configuration to track flow from finder calls to field accesses. @@ -330,9 +321,6 @@ module StoredXss { */ predicate isAdditionalXssTaintStep = Shared::isAdditionalXssFlowStep/2; - /** DEPRECATED: Alias for isAdditionalXssTaintStep */ - deprecated predicate isAdditionalXSSTaintStep = isAdditionalXssTaintStep/2; - private class OrmFieldAsSource extends Source instanceof DataFlow::CallNode { OrmFieldAsSource() { exists(DataFlow::CallNode subSrc | @@ -346,6 +334,3 @@ module StoredXss { private class FileSystemReadAccessAsSource extends Source instanceof FileSystemReadAccess { } // TODO: Consider `FileNameSource` flowing to script tag `src` attributes and similar } - -/** DEPRECATED: Alias for StoredXss */ -deprecated module StoredXSS = StoredXss; From 9000243828a1018b7ee9f316c58c2334178a6048 Mon Sep 17 00:00:00 2001 From: erik-krogh <erik-krogh@github.com> Date: Thu, 1 Jun 2023 09:45:30 +0200 Subject: [PATCH 807/870] JS: fix compilation --- .../ql/lib/semmle/javascript/NodeModuleResolutionImpl.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/NodeModuleResolutionImpl.qll b/javascript/ql/lib/semmle/javascript/NodeModuleResolutionImpl.qll index 468d31c2c02..7231143ed55 100644 --- a/javascript/ql/lib/semmle/javascript/NodeModuleResolutionImpl.qll +++ b/javascript/ql/lib/semmle/javascript/NodeModuleResolutionImpl.qll @@ -198,7 +198,7 @@ class MainModulePath extends PathExpr, @json_string { } /** DEPRECATED: Alias for getPackageJson */ - deprecated PackageJSON getPackageJSON() { result = this.getPackageJson() } + deprecated PackageJson getPackageJSON() { result = this.getPackageJson() } override string getValue() { result = this.(JsonString).getValue() } @@ -259,7 +259,7 @@ private class FilesPath extends PathExpr, @json_string { PackageJson getPackageJson() { result = pkg } /** DEPRECATED: Alias for getPackageJson */ - deprecated PackageJSON getPackageJSON() { result = this.getPackageJson() } + deprecated PackageJson getPackageJSON() { result = this.getPackageJson() } override string getValue() { result = this.(JsonString).getValue() } From c3e57382f7fffaa200e7c6f4fd9a5f18ba3eb5cf Mon Sep 17 00:00:00 2001 From: erik-krogh <erik-krogh@github.com> Date: Thu, 1 Jun 2023 09:50:33 +0200 Subject: [PATCH 808/870] Ruby: fix compilation --- ruby/ql/lib/codeql/ruby/Concepts.qll | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/Concepts.qll b/ruby/ql/lib/codeql/ruby/Concepts.qll index 28d5990e76a..920c99c9034 100644 --- a/ruby/ql/lib/codeql/ruby/Concepts.qll +++ b/ruby/ql/lib/codeql/ruby/Concepts.qll @@ -687,9 +687,7 @@ module Http { * Gets a node that contributes to the URL of the request. * Depending on the framework, a request may have multiple nodes which contribute to the URL. */ - deprecated DataFlow::Node getURL() { - result = super.getURL() or result = Request::Range.super.getAUrlPart() - } + deprecated DataFlow::Node getURL() { result = Request::Range.super.getAUrlPart() } /** * Holds if this request is made using a mode that disables SSL/TLS From 3dfe2b30b161e22cf51cebdf30061bd7614fadcc Mon Sep 17 00:00:00 2001 From: erik-krogh <erik-krogh@github.com> Date: Thu, 1 Jun 2023 10:37:32 +0200 Subject: [PATCH 809/870] C#: delete override where the parent predicate no longer existed --- .../desugar/internal/TranslatedCompilerGeneratedElement.qll | 3 --- 1 file changed, 3 deletions(-) diff --git a/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/internal/TranslatedCompilerGeneratedElement.qll b/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/internal/TranslatedCompilerGeneratedElement.qll index 30440235443..2e5908b8194 100644 --- a/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/internal/TranslatedCompilerGeneratedElement.qll +++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/internal/TranslatedCompilerGeneratedElement.qll @@ -20,7 +20,4 @@ abstract class TranslatedCompilerGeneratedElement extends TranslatedElement, final override Callable getFunction() { result = generatedBy.getEnclosingCallable() } final override Language::AST getAst() { result = generatedBy } - - /** DEPRECATED: Alias for getAst */ - deprecated override Language::AST getAST() { result = this.getAst() } } From 3584e85fe8d707b9c679eaa49851854f459c7393 Mon Sep 17 00:00:00 2001 From: erik-krogh <erik-krogh@github.com> Date: Fri, 2 Jun 2023 07:47:15 +0200 Subject: [PATCH 810/870] JS: fix tutorial --- .../ql/test/tutorials/Validating RAML-based APIs/Osprey.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/test/tutorials/Validating RAML-based APIs/Osprey.qll b/javascript/ql/test/tutorials/Validating RAML-based APIs/Osprey.qll index 02375976126..140bf59c4e6 100644 --- a/javascript/ql/test/tutorials/Validating RAML-based APIs/Osprey.qll +++ b/javascript/ql/test/tutorials/Validating RAML-based APIs/Osprey.qll @@ -48,7 +48,7 @@ class OspreyMethodDefinition extends MethodCallExpr { OspreyApi getApi() { this.getReceiver() = result.getAnAccess() } /** DEPRECATED: Alias for getApi */ - deprecated OspreyAPI getAPI() { result = this.getApi() } + deprecated OspreyApi getAPI() { result = this.getApi() } /** Get the verb which this method implements. */ string getVerb() { result = this.getMethodName() } From 5cbe6db37dc00dce86ebd8badf342cbb04e51361 Mon Sep 17 00:00:00 2001 From: erik-krogh <erik-krogh@github.com> Date: Fri, 2 Jun 2023 07:51:14 +0200 Subject: [PATCH 811/870] C++: sync files from C# --- .../ir/implementation/aliased_ssa/Instruction.qll | 6 ------ .../aliased_ssa/internal/SSAConstruction.qll | 12 ------------ .../cpp/ir/implementation/internal/TInstruction.qll | 6 ------ .../code/cpp/ir/implementation/raw/Instruction.qll | 6 ------ .../ir/implementation/unaliased_ssa/Instruction.qll | 6 ------ .../unaliased_ssa/internal/SSAConstruction.qll | 12 ------------ .../unaliased_ssa/internal/SimpleSSA.qll | 6 ------ 7 files changed, 54 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll index 0aa7c552638..1b5ea432946 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll @@ -210,9 +210,6 @@ class Instruction extends Construction::TStageInstruction { */ final Language::AST getAst() { result = Construction::getInstructionAst(this) } - /** DEPRECATED: Alias for getAst */ - deprecated Language::AST getAST() { result = this.getAst() } - /** * Gets the location of the source code for this instruction. */ @@ -463,9 +460,6 @@ class VariableInstruction extends Instruction { * Gets the AST variable that this instruction's IR variable refers to, if one exists. */ final Language::Variable getAstVariable() { result = var.(IRUserVariable).getVariable() } - - /** DEPRECATED: Alias for getAstVariable */ - deprecated Language::Variable getASTVariable() { result = this.getAstVariable() } } /** diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll index dc785f3e0b1..63dc4142a13 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll @@ -422,12 +422,6 @@ private module Cached { ) } - /** DEPRECATED: Alias for getInstructionAst */ - cached - deprecated Language::AST getInstructionAST(Instruction instr) { - result = getInstructionAst(instr) - } - cached Language::LanguageType getInstructionResultType(Instruction instr) { result = instr.(RawIR::Instruction).getResultLanguageType() @@ -993,9 +987,6 @@ predicate canReuseSsaForMemoryResult(Instruction instruction) { // We don't support reusing SSA for any location that could create a `Chi` instruction. } -/** DEPRECATED: Alias for canReuseSsaForMemoryResult */ -deprecated predicate canReuseSSAForMemoryResult = canReuseSsaForMemoryResult/1; - /** * Expose some of the internal predicates to PrintSSA.qll. We do this by publicly importing those modules in the * `DebugSsa` module, which is then imported by PrintSSA. @@ -1005,9 +996,6 @@ module DebugSsa { import DefUse } -/** DEPRECATED: Alias for DebugSsa */ -deprecated module DebugSSA = DebugSsa; - import CachedForDebugging cached diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstruction.qll index 169de03c2dc..bb3eb683653 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstruction.qll @@ -73,9 +73,6 @@ module UnaliasedSsaInstructions { } } -/** DEPRECATED: Alias for UnaliasedSsaInstructions */ -deprecated module UnaliasedSSAInstructions = UnaliasedSsaInstructions; - /** * Provides wrappers for the constructors of each branch of `TInstruction` that is used by the * aliased SSA stage. @@ -107,6 +104,3 @@ module AliasedSsaInstructions { result = TAliasedSsaUnreachedInstruction(irFunc) } } - -/** DEPRECATED: Alias for AliasedSsaInstructions */ -deprecated module AliasedSSAInstructions = AliasedSsaInstructions; diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll index 0aa7c552638..1b5ea432946 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll @@ -210,9 +210,6 @@ class Instruction extends Construction::TStageInstruction { */ final Language::AST getAst() { result = Construction::getInstructionAst(this) } - /** DEPRECATED: Alias for getAst */ - deprecated Language::AST getAST() { result = this.getAst() } - /** * Gets the location of the source code for this instruction. */ @@ -463,9 +460,6 @@ class VariableInstruction extends Instruction { * Gets the AST variable that this instruction's IR variable refers to, if one exists. */ final Language::Variable getAstVariable() { result = var.(IRUserVariable).getVariable() } - - /** DEPRECATED: Alias for getAstVariable */ - deprecated Language::Variable getASTVariable() { result = this.getAstVariable() } } /** diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll index 0aa7c552638..1b5ea432946 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll @@ -210,9 +210,6 @@ class Instruction extends Construction::TStageInstruction { */ final Language::AST getAst() { result = Construction::getInstructionAst(this) } - /** DEPRECATED: Alias for getAst */ - deprecated Language::AST getAST() { result = this.getAst() } - /** * Gets the location of the source code for this instruction. */ @@ -463,9 +460,6 @@ class VariableInstruction extends Instruction { * Gets the AST variable that this instruction's IR variable refers to, if one exists. */ final Language::Variable getAstVariable() { result = var.(IRUserVariable).getVariable() } - - /** DEPRECATED: Alias for getAstVariable */ - deprecated Language::Variable getASTVariable() { result = this.getAstVariable() } } /** diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll index dc785f3e0b1..63dc4142a13 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll @@ -422,12 +422,6 @@ private module Cached { ) } - /** DEPRECATED: Alias for getInstructionAst */ - cached - deprecated Language::AST getInstructionAST(Instruction instr) { - result = getInstructionAst(instr) - } - cached Language::LanguageType getInstructionResultType(Instruction instr) { result = instr.(RawIR::Instruction).getResultLanguageType() @@ -993,9 +987,6 @@ predicate canReuseSsaForMemoryResult(Instruction instruction) { // We don't support reusing SSA for any location that could create a `Chi` instruction. } -/** DEPRECATED: Alias for canReuseSsaForMemoryResult */ -deprecated predicate canReuseSSAForMemoryResult = canReuseSsaForMemoryResult/1; - /** * Expose some of the internal predicates to PrintSSA.qll. We do this by publicly importing those modules in the * `DebugSsa` module, which is then imported by PrintSSA. @@ -1005,9 +996,6 @@ module DebugSsa { import DefUse } -/** DEPRECATED: Alias for DebugSsa */ -deprecated module DebugSSA = DebugSsa; - import CachedForDebugging cached diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll index f5b0b3af930..5c33ecf5f99 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll @@ -46,9 +46,6 @@ predicate canReuseSsaForVariable(IRAutomaticVariable var) { not allocationEscapes(var) } -/** DEPRECATED: Alias for canReuseSsaForVariable */ -deprecated predicate canReuseSSAForVariable = canReuseSsaForVariable/1; - private newtype TMemoryLocation = MkMemoryLocation(Allocation var) { isVariableModeled(var) } private MemoryLocation getMemoryLocation(Allocation var) { result.getAllocation() = var } @@ -80,9 +77,6 @@ class MemoryLocation extends TMemoryLocation { predicate canReuseSsaForOldResult(Instruction instr) { none() } -/** DEPRECATED: Alias for canReuseSsaForOldResult */ -deprecated predicate canReuseSSAForOldResult = canReuseSsaForOldResult/1; - /** * Represents a set of `MemoryLocation`s that cannot overlap with * `MemoryLocation`s outside of the set. The `VirtualVariable` will be From f61b781386bf5a8c761ba4fd81e51a41305c61a9 Mon Sep 17 00:00:00 2001 From: erik-krogh <erik-krogh@github.com> Date: Fri, 2 Jun 2023 11:49:26 +0200 Subject: [PATCH 812/870] JS: delete effectively empty file --- javascript/ql/src/Declarations/ArgumentsRedefined.ql | 1 - javascript/ql/src/Declarations/Definitions.qll | 1 - 2 files changed, 2 deletions(-) delete mode 100644 javascript/ql/src/Declarations/Definitions.qll diff --git a/javascript/ql/src/Declarations/ArgumentsRedefined.ql b/javascript/ql/src/Declarations/ArgumentsRedefined.ql index fdd70ac1479..dc1ca153062 100644 --- a/javascript/ql/src/Declarations/ArgumentsRedefined.ql +++ b/javascript/ql/src/Declarations/ArgumentsRedefined.ql @@ -12,7 +12,6 @@ */ import javascript -import Definitions from VarRef d where diff --git a/javascript/ql/src/Declarations/Definitions.qll b/javascript/ql/src/Declarations/Definitions.qll deleted file mode 100644 index 7046b14f09d..00000000000 --- a/javascript/ql/src/Declarations/Definitions.qll +++ /dev/null @@ -1 +0,0 @@ -import javascript From ac9ede4ec0d18d30f953216212aaf54d7a3eda26 Mon Sep 17 00:00:00 2001 From: erik-krogh <erik-krogh@github.com> Date: Fri, 2 Jun 2023 11:54:04 +0200 Subject: [PATCH 813/870] add change-notes --- csharp/ql/lib/change-notes/2023-06-02-delete-deps.md | 8 ++++++++ java/ql/lib/change-notes/2023-06-02-delete-deps.md | 6 ++++++ .../ql/lib/change-notes/2023-06-02-delete-deps.md | 10 ++++++++++ ruby/ql/lib/change-notes/2023-06-02-delete-deps.md | 7 +++++++ 4 files changed, 31 insertions(+) create mode 100644 csharp/ql/lib/change-notes/2023-06-02-delete-deps.md create mode 100644 java/ql/lib/change-notes/2023-06-02-delete-deps.md create mode 100644 javascript/ql/lib/change-notes/2023-06-02-delete-deps.md create mode 100644 ruby/ql/lib/change-notes/2023-06-02-delete-deps.md diff --git a/csharp/ql/lib/change-notes/2023-06-02-delete-deps.md b/csharp/ql/lib/change-notes/2023-06-02-delete-deps.md new file mode 100644 index 00000000000..13402f08147 --- /dev/null +++ b/csharp/ql/lib/change-notes/2023-06-02-delete-deps.md @@ -0,0 +1,8 @@ +--- +category: minorAnalysis +--- +* Deleted the deprecated `WebConfigXML`, `ConfigurationXMLElement`, `LocationXMLElement`, `SystemWebXMLElement`, `SystemWebServerXMLElement`, `CustomErrorsXMLElement`, and `HttpRuntimeXMLElement` classes from `WebConfig.qll`. The non-deprecated names with PascalCased Xml suffixes should be used instead. +* Deleted the deprecated `Record` class from both `Types.qll` and `Type.qll`. +* Deleted the deprecated `StructuralComparisonConfiguration` class from `StructuralComparison.qll`, use `sameGvn` instead. +* Deleted the deprecated `isParameterOf` predicate from the `ParameterNode` class. +* Deleted the deprecated `SafeExternalAPICallable`, `ExternalAPIDataNode`, `UntrustedDataToExternalAPIConfig`, `UntrustedExternalAPIDataNode`, and `ExternalAPIUsedWithUntrustedData` classes from `ExternalAPIsQuery.qll`. The non-deprecated names with PascalCased Api suffixes should be used instead. diff --git a/java/ql/lib/change-notes/2023-06-02-delete-deps.md b/java/ql/lib/change-notes/2023-06-02-delete-deps.md new file mode 100644 index 00000000000..01b2fd5a457 --- /dev/null +++ b/java/ql/lib/change-notes/2023-06-02-delete-deps.md @@ -0,0 +1,6 @@ +--- +category: minorAnalysis +--- +* Deleted the deprecated `getRHS` predicate from the `LValue` class, use `getRhs` instead. +* Deleted the deprecated `getCFGNode` predicate from the `SsaVariable` class, use `getCfgNode` instead. +* Deleted many deprecated predicates and classes with uppercase `XML`, `JSON`, `URL`, `API`, etc. in their names. Use the PascalCased versions instead. \ No newline at end of file diff --git a/javascript/ql/lib/change-notes/2023-06-02-delete-deps.md b/javascript/ql/lib/change-notes/2023-06-02-delete-deps.md new file mode 100644 index 00000000000..9edbce9771e --- /dev/null +++ b/javascript/ql/lib/change-notes/2023-06-02-delete-deps.md @@ -0,0 +1,10 @@ +--- +category: minorAnalysis +--- +* Deleted many deprecated predicates and classes with uppercase `XML`, `JSON`, `URL`, `API`, etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated `localTaintStep` predicate from `DataFlow.qll`. +* Deleted the deprecated `stringStep`, and `localTaintStep` predicates from `TaintTracking.qll`. +* Deleted many modules that started with a lowercase letter. Use the versions that start with an uppercase letter instead. +* Deleted the deprecated `HtmlInjectionConfiguration` and `JQueryHtmlOrSelectorInjectionConfiguration` classes from `DomBasedXssQuery.qll`, use `Configuration` instead. +* Deleted the deprecated `DefiningIdentifier` class and the `Definitions.qll` file it was in. Use `SsaDefinition` instead. +* Deleted the deprecated `definitionReaches`, `localDefinitionReaches`, `getAPseudoDefinitionInput`, `nextDefAfter`, and `localDefinitionOverwrites` predicates from `DefUse.qll`. \ No newline at end of file diff --git a/ruby/ql/lib/change-notes/2023-06-02-delete-deps.md b/ruby/ql/lib/change-notes/2023-06-02-delete-deps.md new file mode 100644 index 00000000000..f4df20530dc --- /dev/null +++ b/ruby/ql/lib/change-notes/2023-06-02-delete-deps.md @@ -0,0 +1,7 @@ +--- +category: minorAnalysis +--- +* Deleted many deprecated predicates and classes with uppercase `URL`, `XSS`, etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated `getValueText` predicate from the `Expr`, `StringComponent`, and `ExprCfgNode` classes. Use `getConstantValue` instead. +* Deleted the deprecated `VariableReferencePattern` class, use `ReferencePattern` instead. +* Deleted all deprecated aliases in `StandardLibrary.qll`, use `codeql.ruby.frameworks.Core` and `codeql.ruby.frameworks.Stdlib` instead. \ No newline at end of file From 5bf82aeddfa36d7cfbb520e2c71f454439c7a229 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 2 Jun 2023 11:13:57 +0100 Subject: [PATCH 814/870] Swift: Add FieldDecl.hasQualifiedName. --- .../codeql/swift/elements/decl/VarDecl.qll | 26 ++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/swift/ql/lib/codeql/swift/elements/decl/VarDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/VarDecl.qll index ca650d12407..f7fd03bf906 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/VarDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/VarDecl.qll @@ -9,8 +9,32 @@ class VarDecl extends Generated::VarDecl { } /** - * A field declaration. + * A field declaration. That is, a variable declaration that is a member of a + * class, struct, enum or protocol. */ class FieldDecl extends VarDecl { FieldDecl() { this = any(Decl ctx).getAMember() } + + /** + * Holds if this field is called `fieldName` and is a member of a + * class, struct, extension, enum or protocol called `typeName`. + */ + cached + predicate hasQualifiedName(string typeName, string fieldName) { + this.getName() = fieldName and + exists(Decl d | + d.asNominalTypeDecl().getFullName() = typeName and + d.getAMember() = this + ) + } + + /** + * Holds if this field is called `fieldName` and is a member of a + * class, struct, extension, enum or protocol called `typeName` in a module + * called `moduleName`. + */ + predicate hasQualifiedName(string moduleName, string typeName, string fieldName) { + this.hasQualifiedName(typeName, fieldName) and + this.getModule().getFullName() = moduleName + } } From ac4933a9cc714809d0877eb99d983d77881796e2 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Fri, 2 Jun 2023 12:32:38 +0200 Subject: [PATCH 815/870] C++: Ensure that the sink instruction occurs last in `cpp/invalid-pointer-deref` This avoids some counter-intuitive paths where we would seemingly jump back to an earlier instruction, which might actually have been in bounds. --- .../CWE/CWE-193/InvalidPointerDeref.ql | 19 +- .../InvalidPointerDeref.expected | 296 ------------------ .../CWE/CWE-193/pointer-deref/test.cpp | 4 +- 3 files changed, 20 insertions(+), 299 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql index 610eb572d8c..dbbe398ff7d 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql @@ -179,6 +179,22 @@ predicate isSinkImpl( pointerAddInstructionHasBounds(pai, sink1, sink2, delta) } +/** + * Yields any instruction that is control-flow reachable from `instr`. + */ +Instruction getASuccessor(Instruction instr) { + exists(IRBlock b, int instrIndex, int resultIndex | + result.getBlock() = b and + instr.getBlock() = b and + b.getInstruction(instrIndex) = instr and + b.getInstruction(resultIndex) = result + | + resultIndex >= instrIndex + ) + or + instr.getBlock().getASuccessor+() = result.getBlock() +} + /** * Holds if `sink` is a sink for `InvalidPointerToDerefConfig` and `i` is a `StoreInstruction` that * writes to an address that non-strictly upper-bounds `sink`, or `i` is a `LoadInstruction` that @@ -189,7 +205,8 @@ predicate isInvalidPointerDerefSink(DataFlow::Node sink, Instruction i, string o exists(AddressOperand addr | bounded1(addr.getDef(), sink.asInstruction(), delta) and delta >= 0 and - i.getAnOperand() = addr + i.getAnOperand() = addr and + i = getASuccessor(sink.asInstruction()) | i instanceof StoreInstruction and operation = "write" diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected index 09c75e7369c..418251cf6db 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected @@ -9,15 +9,7 @@ edges | test.cpp:5:15:5:15 | p | test.cpp:7:16:7:16 | q | | test.cpp:5:15:5:15 | p | test.cpp:7:16:7:16 | q | | test.cpp:5:15:5:15 | p | test.cpp:8:16:8:16 | q | -| test.cpp:5:15:5:15 | p | test.cpp:8:16:8:16 | q | | test.cpp:5:15:5:15 | p | test.cpp:8:16:8:20 | ... + ... | -| test.cpp:5:15:5:15 | p | test.cpp:9:16:9:16 | q | -| test.cpp:5:15:5:15 | p | test.cpp:9:16:9:16 | q | -| test.cpp:5:15:5:15 | p | test.cpp:10:16:10:16 | q | -| test.cpp:5:15:5:15 | p | test.cpp:10:16:10:16 | q | -| test.cpp:5:15:5:15 | p | test.cpp:11:16:11:16 | q | -| test.cpp:5:15:5:15 | p | test.cpp:11:16:11:16 | q | -| test.cpp:5:15:5:15 | p | test.cpp:12:16:12:16 | q | | test.cpp:5:15:5:22 | ... + ... | test.cpp:5:15:5:22 | ... + ... | | test.cpp:5:15:5:22 | ... + ... | test.cpp:5:15:5:22 | ... + ... | | test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | Load: * ... | @@ -38,22 +30,6 @@ edges | test.cpp:5:15:5:22 | ... + ... | test.cpp:8:14:8:21 | Load: * ... | | test.cpp:5:15:5:22 | ... + ... | test.cpp:8:16:8:16 | q | | test.cpp:5:15:5:22 | ... + ... | test.cpp:8:16:8:16 | q | -| test.cpp:5:15:5:22 | ... + ... | test.cpp:8:16:8:16 | q | -| test.cpp:5:15:5:22 | ... + ... | test.cpp:8:16:8:16 | q | -| test.cpp:5:15:5:22 | ... + ... | test.cpp:9:16:9:16 | q | -| test.cpp:5:15:5:22 | ... + ... | test.cpp:9:16:9:16 | q | -| test.cpp:5:15:5:22 | ... + ... | test.cpp:9:16:9:16 | q | -| test.cpp:5:15:5:22 | ... + ... | test.cpp:9:16:9:16 | q | -| test.cpp:5:15:5:22 | ... + ... | test.cpp:10:16:10:16 | q | -| test.cpp:5:15:5:22 | ... + ... | test.cpp:10:16:10:16 | q | -| test.cpp:5:15:5:22 | ... + ... | test.cpp:10:16:10:16 | q | -| test.cpp:5:15:5:22 | ... + ... | test.cpp:10:16:10:16 | q | -| test.cpp:5:15:5:22 | ... + ... | test.cpp:11:16:11:16 | q | -| test.cpp:5:15:5:22 | ... + ... | test.cpp:11:16:11:16 | q | -| test.cpp:5:15:5:22 | ... + ... | test.cpp:11:16:11:16 | q | -| test.cpp:5:15:5:22 | ... + ... | test.cpp:11:16:11:16 | q | -| test.cpp:5:15:5:22 | ... + ... | test.cpp:12:16:12:16 | q | -| test.cpp:5:15:5:22 | ... + ... | test.cpp:12:16:12:16 | q | | test.cpp:6:15:6:15 | q | test.cpp:6:14:6:15 | Load: * ... | | test.cpp:6:15:6:15 | q | test.cpp:6:14:6:15 | Load: * ... | | test.cpp:6:15:6:15 | q | test.cpp:7:16:7:16 | q | @@ -61,62 +37,11 @@ edges | test.cpp:6:15:6:15 | q | test.cpp:8:14:8:21 | Load: * ... | | test.cpp:6:15:6:15 | q | test.cpp:8:14:8:21 | Load: * ... | | test.cpp:6:15:6:15 | q | test.cpp:8:16:8:16 | q | -| test.cpp:6:15:6:15 | q | test.cpp:8:16:8:16 | q | -| test.cpp:6:15:6:15 | q | test.cpp:9:16:9:16 | q | -| test.cpp:6:15:6:15 | q | test.cpp:9:16:9:16 | q | -| test.cpp:6:15:6:15 | q | test.cpp:10:16:10:16 | q | -| test.cpp:6:15:6:15 | q | test.cpp:10:16:10:16 | q | -| test.cpp:6:15:6:15 | q | test.cpp:11:16:11:16 | q | -| test.cpp:6:15:6:15 | q | test.cpp:11:16:11:16 | q | -| test.cpp:6:15:6:15 | q | test.cpp:12:16:12:16 | q | -| test.cpp:7:16:7:16 | q | test.cpp:6:14:6:15 | Load: * ... | -| test.cpp:7:16:7:16 | q | test.cpp:6:14:6:15 | Load: * ... | | test.cpp:7:16:7:16 | q | test.cpp:8:14:8:21 | Load: * ... | | test.cpp:7:16:7:16 | q | test.cpp:8:14:8:21 | Load: * ... | | test.cpp:7:16:7:16 | q | test.cpp:8:16:8:16 | q | -| test.cpp:7:16:7:16 | q | test.cpp:8:16:8:16 | q | -| test.cpp:7:16:7:16 | q | test.cpp:9:16:9:16 | q | -| test.cpp:7:16:7:16 | q | test.cpp:9:16:9:16 | q | -| test.cpp:7:16:7:16 | q | test.cpp:10:16:10:16 | q | -| test.cpp:7:16:7:16 | q | test.cpp:10:16:10:16 | q | -| test.cpp:7:16:7:16 | q | test.cpp:11:16:11:16 | q | -| test.cpp:7:16:7:16 | q | test.cpp:11:16:11:16 | q | -| test.cpp:7:16:7:16 | q | test.cpp:12:16:12:16 | q | -| test.cpp:8:16:8:16 | q | test.cpp:6:14:6:15 | Load: * ... | -| test.cpp:8:16:8:16 | q | test.cpp:6:14:6:15 | Load: * ... | | test.cpp:8:16:8:16 | q | test.cpp:8:14:8:21 | Load: * ... | -| test.cpp:8:16:8:16 | q | test.cpp:8:14:8:21 | Load: * ... | -| test.cpp:8:16:8:16 | q | test.cpp:9:16:9:16 | q | -| test.cpp:8:16:8:16 | q | test.cpp:9:16:9:16 | q | -| test.cpp:8:16:8:16 | q | test.cpp:10:16:10:16 | q | -| test.cpp:8:16:8:16 | q | test.cpp:10:16:10:16 | q | -| test.cpp:8:16:8:16 | q | test.cpp:11:16:11:16 | q | -| test.cpp:8:16:8:16 | q | test.cpp:11:16:11:16 | q | -| test.cpp:8:16:8:16 | q | test.cpp:12:16:12:16 | q | | test.cpp:8:16:8:20 | ... + ... | test.cpp:8:14:8:21 | Load: * ... | -| test.cpp:9:16:9:16 | q | test.cpp:6:14:6:15 | Load: * ... | -| test.cpp:9:16:9:16 | q | test.cpp:6:14:6:15 | Load: * ... | -| test.cpp:9:16:9:16 | q | test.cpp:8:14:8:21 | Load: * ... | -| test.cpp:9:16:9:16 | q | test.cpp:8:14:8:21 | Load: * ... | -| test.cpp:9:16:9:16 | q | test.cpp:10:16:10:16 | q | -| test.cpp:9:16:9:16 | q | test.cpp:10:16:10:16 | q | -| test.cpp:9:16:9:16 | q | test.cpp:11:16:11:16 | q | -| test.cpp:9:16:9:16 | q | test.cpp:11:16:11:16 | q | -| test.cpp:9:16:9:16 | q | test.cpp:12:16:12:16 | q | -| test.cpp:10:16:10:16 | q | test.cpp:6:14:6:15 | Load: * ... | -| test.cpp:10:16:10:16 | q | test.cpp:6:14:6:15 | Load: * ... | -| test.cpp:10:16:10:16 | q | test.cpp:8:14:8:21 | Load: * ... | -| test.cpp:10:16:10:16 | q | test.cpp:8:14:8:21 | Load: * ... | -| test.cpp:10:16:10:16 | q | test.cpp:11:16:11:16 | q | -| test.cpp:10:16:10:16 | q | test.cpp:11:16:11:16 | q | -| test.cpp:10:16:10:16 | q | test.cpp:12:16:12:16 | q | -| test.cpp:11:16:11:16 | q | test.cpp:6:14:6:15 | Load: * ... | -| test.cpp:11:16:11:16 | q | test.cpp:6:14:6:15 | Load: * ... | -| test.cpp:11:16:11:16 | q | test.cpp:8:14:8:21 | Load: * ... | -| test.cpp:11:16:11:16 | q | test.cpp:8:14:8:21 | Load: * ... | -| test.cpp:11:16:11:16 | q | test.cpp:12:16:12:16 | q | -| test.cpp:12:16:12:16 | q | test.cpp:6:14:6:15 | Load: * ... | -| test.cpp:12:16:12:16 | q | test.cpp:8:14:8:21 | Load: * ... | | test.cpp:16:15:16:20 | call to malloc | test.cpp:17:15:17:15 | p | | test.cpp:17:15:17:15 | p | test.cpp:17:15:17:22 | ... + ... | | test.cpp:17:15:17:15 | p | test.cpp:20:16:20:20 | ... + ... | @@ -132,15 +57,7 @@ edges | test.cpp:29:15:29:15 | p | test.cpp:31:16:31:16 | q | | test.cpp:29:15:29:15 | p | test.cpp:31:16:31:16 | q | | test.cpp:29:15:29:15 | p | test.cpp:32:16:32:16 | q | -| test.cpp:29:15:29:15 | p | test.cpp:32:16:32:16 | q | | test.cpp:29:15:29:15 | p | test.cpp:32:16:32:20 | ... + ... | -| test.cpp:29:15:29:15 | p | test.cpp:33:16:33:16 | q | -| test.cpp:29:15:29:15 | p | test.cpp:33:16:33:16 | q | -| test.cpp:29:15:29:15 | p | test.cpp:34:16:34:16 | q | -| test.cpp:29:15:29:15 | p | test.cpp:34:16:34:16 | q | -| test.cpp:29:15:29:15 | p | test.cpp:35:16:35:16 | q | -| test.cpp:29:15:29:15 | p | test.cpp:35:16:35:16 | q | -| test.cpp:29:15:29:15 | p | test.cpp:36:16:36:16 | q | | test.cpp:29:15:29:28 | ... + ... | test.cpp:29:15:29:28 | ... + ... | | test.cpp:29:15:29:28 | ... + ... | test.cpp:29:15:29:28 | ... + ... | | test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | Load: * ... | @@ -161,22 +78,6 @@ edges | test.cpp:29:15:29:28 | ... + ... | test.cpp:32:14:32:21 | Load: * ... | | test.cpp:29:15:29:28 | ... + ... | test.cpp:32:16:32:16 | q | | test.cpp:29:15:29:28 | ... + ... | test.cpp:32:16:32:16 | q | -| test.cpp:29:15:29:28 | ... + ... | test.cpp:32:16:32:16 | q | -| test.cpp:29:15:29:28 | ... + ... | test.cpp:32:16:32:16 | q | -| test.cpp:29:15:29:28 | ... + ... | test.cpp:33:16:33:16 | q | -| test.cpp:29:15:29:28 | ... + ... | test.cpp:33:16:33:16 | q | -| test.cpp:29:15:29:28 | ... + ... | test.cpp:33:16:33:16 | q | -| test.cpp:29:15:29:28 | ... + ... | test.cpp:33:16:33:16 | q | -| test.cpp:29:15:29:28 | ... + ... | test.cpp:34:16:34:16 | q | -| test.cpp:29:15:29:28 | ... + ... | test.cpp:34:16:34:16 | q | -| test.cpp:29:15:29:28 | ... + ... | test.cpp:34:16:34:16 | q | -| test.cpp:29:15:29:28 | ... + ... | test.cpp:34:16:34:16 | q | -| test.cpp:29:15:29:28 | ... + ... | test.cpp:35:16:35:16 | q | -| test.cpp:29:15:29:28 | ... + ... | test.cpp:35:16:35:16 | q | -| test.cpp:29:15:29:28 | ... + ... | test.cpp:35:16:35:16 | q | -| test.cpp:29:15:29:28 | ... + ... | test.cpp:35:16:35:16 | q | -| test.cpp:29:15:29:28 | ... + ... | test.cpp:36:16:36:16 | q | -| test.cpp:29:15:29:28 | ... + ... | test.cpp:36:16:36:16 | q | | test.cpp:30:15:30:15 | q | test.cpp:30:14:30:15 | Load: * ... | | test.cpp:30:15:30:15 | q | test.cpp:30:14:30:15 | Load: * ... | | test.cpp:30:15:30:15 | q | test.cpp:31:16:31:16 | q | @@ -184,62 +85,11 @@ edges | test.cpp:30:15:30:15 | q | test.cpp:32:14:32:21 | Load: * ... | | test.cpp:30:15:30:15 | q | test.cpp:32:14:32:21 | Load: * ... | | test.cpp:30:15:30:15 | q | test.cpp:32:16:32:16 | q | -| test.cpp:30:15:30:15 | q | test.cpp:32:16:32:16 | q | -| test.cpp:30:15:30:15 | q | test.cpp:33:16:33:16 | q | -| test.cpp:30:15:30:15 | q | test.cpp:33:16:33:16 | q | -| test.cpp:30:15:30:15 | q | test.cpp:34:16:34:16 | q | -| test.cpp:30:15:30:15 | q | test.cpp:34:16:34:16 | q | -| test.cpp:30:15:30:15 | q | test.cpp:35:16:35:16 | q | -| test.cpp:30:15:30:15 | q | test.cpp:35:16:35:16 | q | -| test.cpp:30:15:30:15 | q | test.cpp:36:16:36:16 | q | -| test.cpp:31:16:31:16 | q | test.cpp:30:14:30:15 | Load: * ... | -| test.cpp:31:16:31:16 | q | test.cpp:30:14:30:15 | Load: * ... | | test.cpp:31:16:31:16 | q | test.cpp:32:14:32:21 | Load: * ... | | test.cpp:31:16:31:16 | q | test.cpp:32:14:32:21 | Load: * ... | | test.cpp:31:16:31:16 | q | test.cpp:32:16:32:16 | q | -| test.cpp:31:16:31:16 | q | test.cpp:32:16:32:16 | q | -| test.cpp:31:16:31:16 | q | test.cpp:33:16:33:16 | q | -| test.cpp:31:16:31:16 | q | test.cpp:33:16:33:16 | q | -| test.cpp:31:16:31:16 | q | test.cpp:34:16:34:16 | q | -| test.cpp:31:16:31:16 | q | test.cpp:34:16:34:16 | q | -| test.cpp:31:16:31:16 | q | test.cpp:35:16:35:16 | q | -| test.cpp:31:16:31:16 | q | test.cpp:35:16:35:16 | q | -| test.cpp:31:16:31:16 | q | test.cpp:36:16:36:16 | q | -| test.cpp:32:16:32:16 | q | test.cpp:30:14:30:15 | Load: * ... | -| test.cpp:32:16:32:16 | q | test.cpp:30:14:30:15 | Load: * ... | | test.cpp:32:16:32:16 | q | test.cpp:32:14:32:21 | Load: * ... | -| test.cpp:32:16:32:16 | q | test.cpp:32:14:32:21 | Load: * ... | -| test.cpp:32:16:32:16 | q | test.cpp:33:16:33:16 | q | -| test.cpp:32:16:32:16 | q | test.cpp:33:16:33:16 | q | -| test.cpp:32:16:32:16 | q | test.cpp:34:16:34:16 | q | -| test.cpp:32:16:32:16 | q | test.cpp:34:16:34:16 | q | -| test.cpp:32:16:32:16 | q | test.cpp:35:16:35:16 | q | -| test.cpp:32:16:32:16 | q | test.cpp:35:16:35:16 | q | -| test.cpp:32:16:32:16 | q | test.cpp:36:16:36:16 | q | | test.cpp:32:16:32:20 | ... + ... | test.cpp:32:14:32:21 | Load: * ... | -| test.cpp:33:16:33:16 | q | test.cpp:30:14:30:15 | Load: * ... | -| test.cpp:33:16:33:16 | q | test.cpp:30:14:30:15 | Load: * ... | -| test.cpp:33:16:33:16 | q | test.cpp:32:14:32:21 | Load: * ... | -| test.cpp:33:16:33:16 | q | test.cpp:32:14:32:21 | Load: * ... | -| test.cpp:33:16:33:16 | q | test.cpp:34:16:34:16 | q | -| test.cpp:33:16:33:16 | q | test.cpp:34:16:34:16 | q | -| test.cpp:33:16:33:16 | q | test.cpp:35:16:35:16 | q | -| test.cpp:33:16:33:16 | q | test.cpp:35:16:35:16 | q | -| test.cpp:33:16:33:16 | q | test.cpp:36:16:36:16 | q | -| test.cpp:34:16:34:16 | q | test.cpp:30:14:30:15 | Load: * ... | -| test.cpp:34:16:34:16 | q | test.cpp:30:14:30:15 | Load: * ... | -| test.cpp:34:16:34:16 | q | test.cpp:32:14:32:21 | Load: * ... | -| test.cpp:34:16:34:16 | q | test.cpp:32:14:32:21 | Load: * ... | -| test.cpp:34:16:34:16 | q | test.cpp:35:16:35:16 | q | -| test.cpp:34:16:34:16 | q | test.cpp:35:16:35:16 | q | -| test.cpp:34:16:34:16 | q | test.cpp:36:16:36:16 | q | -| test.cpp:35:16:35:16 | q | test.cpp:30:14:30:15 | Load: * ... | -| test.cpp:35:16:35:16 | q | test.cpp:30:14:30:15 | Load: * ... | -| test.cpp:35:16:35:16 | q | test.cpp:32:14:32:21 | Load: * ... | -| test.cpp:35:16:35:16 | q | test.cpp:32:14:32:21 | Load: * ... | -| test.cpp:35:16:35:16 | q | test.cpp:36:16:36:16 | q | -| test.cpp:36:16:36:16 | q | test.cpp:30:14:30:15 | Load: * ... | -| test.cpp:36:16:36:16 | q | test.cpp:32:14:32:21 | Load: * ... | | test.cpp:40:15:40:20 | call to malloc | test.cpp:41:15:41:15 | p | | test.cpp:41:15:41:15 | p | test.cpp:41:15:41:28 | ... + ... | | test.cpp:41:15:41:15 | p | test.cpp:41:15:41:28 | ... + ... | @@ -250,15 +100,7 @@ edges | test.cpp:41:15:41:15 | p | test.cpp:43:16:43:16 | q | | test.cpp:41:15:41:15 | p | test.cpp:43:16:43:16 | q | | test.cpp:41:15:41:15 | p | test.cpp:44:16:44:16 | q | -| test.cpp:41:15:41:15 | p | test.cpp:44:16:44:16 | q | | test.cpp:41:15:41:15 | p | test.cpp:44:16:44:20 | ... + ... | -| test.cpp:41:15:41:15 | p | test.cpp:45:16:45:16 | q | -| test.cpp:41:15:41:15 | p | test.cpp:45:16:45:16 | q | -| test.cpp:41:15:41:15 | p | test.cpp:46:16:46:16 | q | -| test.cpp:41:15:41:15 | p | test.cpp:46:16:46:16 | q | -| test.cpp:41:15:41:15 | p | test.cpp:47:16:47:16 | q | -| test.cpp:41:15:41:15 | p | test.cpp:47:16:47:16 | q | -| test.cpp:41:15:41:15 | p | test.cpp:48:16:48:16 | q | | test.cpp:41:15:41:28 | ... + ... | test.cpp:41:15:41:28 | ... + ... | | test.cpp:41:15:41:28 | ... + ... | test.cpp:41:15:41:28 | ... + ... | | test.cpp:41:15:41:28 | ... + ... | test.cpp:42:14:42:15 | Load: * ... | @@ -279,22 +121,6 @@ edges | test.cpp:41:15:41:28 | ... + ... | test.cpp:44:14:44:21 | Load: * ... | | test.cpp:41:15:41:28 | ... + ... | test.cpp:44:16:44:16 | q | | test.cpp:41:15:41:28 | ... + ... | test.cpp:44:16:44:16 | q | -| test.cpp:41:15:41:28 | ... + ... | test.cpp:44:16:44:16 | q | -| test.cpp:41:15:41:28 | ... + ... | test.cpp:44:16:44:16 | q | -| test.cpp:41:15:41:28 | ... + ... | test.cpp:45:16:45:16 | q | -| test.cpp:41:15:41:28 | ... + ... | test.cpp:45:16:45:16 | q | -| test.cpp:41:15:41:28 | ... + ... | test.cpp:45:16:45:16 | q | -| test.cpp:41:15:41:28 | ... + ... | test.cpp:45:16:45:16 | q | -| test.cpp:41:15:41:28 | ... + ... | test.cpp:46:16:46:16 | q | -| test.cpp:41:15:41:28 | ... + ... | test.cpp:46:16:46:16 | q | -| test.cpp:41:15:41:28 | ... + ... | test.cpp:46:16:46:16 | q | -| test.cpp:41:15:41:28 | ... + ... | test.cpp:46:16:46:16 | q | -| test.cpp:41:15:41:28 | ... + ... | test.cpp:47:16:47:16 | q | -| test.cpp:41:15:41:28 | ... + ... | test.cpp:47:16:47:16 | q | -| test.cpp:41:15:41:28 | ... + ... | test.cpp:47:16:47:16 | q | -| test.cpp:41:15:41:28 | ... + ... | test.cpp:47:16:47:16 | q | -| test.cpp:41:15:41:28 | ... + ... | test.cpp:48:16:48:16 | q | -| test.cpp:41:15:41:28 | ... + ... | test.cpp:48:16:48:16 | q | | test.cpp:42:15:42:15 | q | test.cpp:42:14:42:15 | Load: * ... | | test.cpp:42:15:42:15 | q | test.cpp:42:14:42:15 | Load: * ... | | test.cpp:42:15:42:15 | q | test.cpp:43:16:43:16 | q | @@ -302,62 +128,11 @@ edges | test.cpp:42:15:42:15 | q | test.cpp:44:14:44:21 | Load: * ... | | test.cpp:42:15:42:15 | q | test.cpp:44:14:44:21 | Load: * ... | | test.cpp:42:15:42:15 | q | test.cpp:44:16:44:16 | q | -| test.cpp:42:15:42:15 | q | test.cpp:44:16:44:16 | q | -| test.cpp:42:15:42:15 | q | test.cpp:45:16:45:16 | q | -| test.cpp:42:15:42:15 | q | test.cpp:45:16:45:16 | q | -| test.cpp:42:15:42:15 | q | test.cpp:46:16:46:16 | q | -| test.cpp:42:15:42:15 | q | test.cpp:46:16:46:16 | q | -| test.cpp:42:15:42:15 | q | test.cpp:47:16:47:16 | q | -| test.cpp:42:15:42:15 | q | test.cpp:47:16:47:16 | q | -| test.cpp:42:15:42:15 | q | test.cpp:48:16:48:16 | q | -| test.cpp:43:16:43:16 | q | test.cpp:42:14:42:15 | Load: * ... | -| test.cpp:43:16:43:16 | q | test.cpp:42:14:42:15 | Load: * ... | | test.cpp:43:16:43:16 | q | test.cpp:44:14:44:21 | Load: * ... | | test.cpp:43:16:43:16 | q | test.cpp:44:14:44:21 | Load: * ... | | test.cpp:43:16:43:16 | q | test.cpp:44:16:44:16 | q | -| test.cpp:43:16:43:16 | q | test.cpp:44:16:44:16 | q | -| test.cpp:43:16:43:16 | q | test.cpp:45:16:45:16 | q | -| test.cpp:43:16:43:16 | q | test.cpp:45:16:45:16 | q | -| test.cpp:43:16:43:16 | q | test.cpp:46:16:46:16 | q | -| test.cpp:43:16:43:16 | q | test.cpp:46:16:46:16 | q | -| test.cpp:43:16:43:16 | q | test.cpp:47:16:47:16 | q | -| test.cpp:43:16:43:16 | q | test.cpp:47:16:47:16 | q | -| test.cpp:43:16:43:16 | q | test.cpp:48:16:48:16 | q | -| test.cpp:44:16:44:16 | q | test.cpp:42:14:42:15 | Load: * ... | -| test.cpp:44:16:44:16 | q | test.cpp:42:14:42:15 | Load: * ... | | test.cpp:44:16:44:16 | q | test.cpp:44:14:44:21 | Load: * ... | -| test.cpp:44:16:44:16 | q | test.cpp:44:14:44:21 | Load: * ... | -| test.cpp:44:16:44:16 | q | test.cpp:45:16:45:16 | q | -| test.cpp:44:16:44:16 | q | test.cpp:45:16:45:16 | q | -| test.cpp:44:16:44:16 | q | test.cpp:46:16:46:16 | q | -| test.cpp:44:16:44:16 | q | test.cpp:46:16:46:16 | q | -| test.cpp:44:16:44:16 | q | test.cpp:47:16:47:16 | q | -| test.cpp:44:16:44:16 | q | test.cpp:47:16:47:16 | q | -| test.cpp:44:16:44:16 | q | test.cpp:48:16:48:16 | q | | test.cpp:44:16:44:20 | ... + ... | test.cpp:44:14:44:21 | Load: * ... | -| test.cpp:45:16:45:16 | q | test.cpp:42:14:42:15 | Load: * ... | -| test.cpp:45:16:45:16 | q | test.cpp:42:14:42:15 | Load: * ... | -| test.cpp:45:16:45:16 | q | test.cpp:44:14:44:21 | Load: * ... | -| test.cpp:45:16:45:16 | q | test.cpp:44:14:44:21 | Load: * ... | -| test.cpp:45:16:45:16 | q | test.cpp:46:16:46:16 | q | -| test.cpp:45:16:45:16 | q | test.cpp:46:16:46:16 | q | -| test.cpp:45:16:45:16 | q | test.cpp:47:16:47:16 | q | -| test.cpp:45:16:45:16 | q | test.cpp:47:16:47:16 | q | -| test.cpp:45:16:45:16 | q | test.cpp:48:16:48:16 | q | -| test.cpp:46:16:46:16 | q | test.cpp:42:14:42:15 | Load: * ... | -| test.cpp:46:16:46:16 | q | test.cpp:42:14:42:15 | Load: * ... | -| test.cpp:46:16:46:16 | q | test.cpp:44:14:44:21 | Load: * ... | -| test.cpp:46:16:46:16 | q | test.cpp:44:14:44:21 | Load: * ... | -| test.cpp:46:16:46:16 | q | test.cpp:47:16:47:16 | q | -| test.cpp:46:16:46:16 | q | test.cpp:47:16:47:16 | q | -| test.cpp:46:16:46:16 | q | test.cpp:48:16:48:16 | q | -| test.cpp:47:16:47:16 | q | test.cpp:42:14:42:15 | Load: * ... | -| test.cpp:47:16:47:16 | q | test.cpp:42:14:42:15 | Load: * ... | -| test.cpp:47:16:47:16 | q | test.cpp:44:14:44:21 | Load: * ... | -| test.cpp:47:16:47:16 | q | test.cpp:44:14:44:21 | Load: * ... | -| test.cpp:47:16:47:16 | q | test.cpp:48:16:48:16 | q | -| test.cpp:48:16:48:16 | q | test.cpp:42:14:42:15 | Load: * ... | -| test.cpp:48:16:48:16 | q | test.cpp:44:14:44:21 | Load: * ... | | test.cpp:51:7:51:14 | mk_array indirection | test.cpp:60:19:60:26 | call to mk_array | | test.cpp:51:33:51:35 | end | test.cpp:60:34:60:37 | mk_array output argument | | test.cpp:52:19:52:24 | call to malloc | test.cpp:51:7:51:14 | mk_array indirection | @@ -371,10 +146,8 @@ edges | test.cpp:60:19:60:26 | call to mk_array | test.cpp:70:38:70:38 | p | | test.cpp:60:34:60:37 | mk_array output argument | test.cpp:62:32:62:34 | end | | test.cpp:60:34:60:37 | mk_array output argument | test.cpp:66:32:66:34 | end | -| test.cpp:60:34:60:37 | mk_array output argument | test.cpp:70:31:70:33 | end | | test.cpp:62:32:62:34 | end | test.cpp:67:9:67:14 | Store: ... = ... | | test.cpp:66:32:66:34 | end | test.cpp:67:9:67:14 | Store: ... = ... | -| test.cpp:70:31:70:33 | end | test.cpp:67:9:67:14 | Store: ... = ... | | test.cpp:80:9:80:16 | mk_array indirection [begin] | test.cpp:89:19:89:26 | call to mk_array [begin] | | test.cpp:80:9:80:16 | mk_array indirection [begin] | test.cpp:119:18:119:25 | call to mk_array [begin] | | test.cpp:80:9:80:16 | mk_array indirection [end] | test.cpp:89:19:89:26 | call to mk_array [end] | @@ -395,7 +168,6 @@ edges | test.cpp:89:19:89:26 | call to mk_array [begin] | test.cpp:99:20:99:22 | arr indirection [begin] | | test.cpp:89:19:89:26 | call to mk_array [end] | test.cpp:91:36:91:38 | arr indirection [end] | | test.cpp:89:19:89:26 | call to mk_array [end] | test.cpp:95:36:95:38 | arr indirection [end] | -| test.cpp:89:19:89:26 | call to mk_array [end] | test.cpp:99:35:99:37 | arr indirection [end] | | test.cpp:91:20:91:22 | arr indirection [begin] | test.cpp:91:24:91:28 | begin | | test.cpp:91:20:91:22 | arr indirection [begin] | test.cpp:91:24:91:28 | begin indirection | | test.cpp:91:24:91:28 | begin | test.cpp:91:47:91:47 | p | @@ -416,16 +188,11 @@ edges | test.cpp:99:20:99:22 | arr indirection [begin] | test.cpp:99:24:99:28 | begin indirection | | test.cpp:99:24:99:28 | begin | test.cpp:99:46:99:46 | p | | test.cpp:99:24:99:28 | begin indirection | test.cpp:99:46:99:46 | p | -| test.cpp:99:35:99:37 | arr indirection [end] | test.cpp:99:39:99:41 | end | -| test.cpp:99:35:99:37 | arr indirection [end] | test.cpp:99:39:99:41 | end indirection | -| test.cpp:99:39:99:41 | end | test.cpp:96:9:96:14 | Store: ... = ... | -| test.cpp:99:39:99:41 | end indirection | test.cpp:99:39:99:41 | end | | test.cpp:104:27:104:29 | arr [begin] | test.cpp:105:20:105:22 | arr indirection [begin] | | test.cpp:104:27:104:29 | arr [begin] | test.cpp:109:20:109:22 | arr indirection [begin] | | test.cpp:104:27:104:29 | arr [begin] | test.cpp:113:20:113:22 | arr indirection [begin] | | test.cpp:104:27:104:29 | arr [end] | test.cpp:105:36:105:38 | arr indirection [end] | | test.cpp:104:27:104:29 | arr [end] | test.cpp:109:36:109:38 | arr indirection [end] | -| test.cpp:104:27:104:29 | arr [end] | test.cpp:113:35:113:37 | arr indirection [end] | | test.cpp:105:20:105:22 | arr indirection [begin] | test.cpp:105:24:105:28 | begin | | test.cpp:105:20:105:22 | arr indirection [begin] | test.cpp:105:24:105:28 | begin indirection | | test.cpp:105:24:105:28 | begin | test.cpp:105:47:105:47 | p | @@ -446,10 +213,6 @@ edges | test.cpp:113:20:113:22 | arr indirection [begin] | test.cpp:113:24:113:28 | begin indirection | | test.cpp:113:24:113:28 | begin | test.cpp:113:46:113:46 | p | | test.cpp:113:24:113:28 | begin indirection | test.cpp:113:46:113:46 | p | -| test.cpp:113:35:113:37 | arr indirection [end] | test.cpp:113:39:113:41 | end | -| test.cpp:113:35:113:37 | arr indirection [end] | test.cpp:113:39:113:41 | end indirection | -| test.cpp:113:39:113:41 | end | test.cpp:110:9:110:14 | Store: ... = ... | -| test.cpp:113:39:113:41 | end indirection | test.cpp:113:39:113:41 | end | | test.cpp:119:18:119:25 | call to mk_array [begin] | test.cpp:104:27:104:29 | arr [begin] | | test.cpp:119:18:119:25 | call to mk_array [end] | test.cpp:104:27:104:29 | arr [end] | | test.cpp:124:15:124:20 | call to malloc | test.cpp:125:5:125:17 | ... = ... | @@ -504,7 +267,6 @@ edges | test.cpp:165:29:165:31 | arr indirection [begin] | test.cpp:174:20:174:22 | arr indirection [begin] | | test.cpp:165:29:165:31 | arr indirection [end] | test.cpp:166:37:166:39 | arr indirection [end] | | test.cpp:165:29:165:31 | arr indirection [end] | test.cpp:170:37:170:39 | arr indirection [end] | -| test.cpp:165:29:165:31 | arr indirection [end] | test.cpp:174:36:174:38 | arr indirection [end] | | test.cpp:166:20:166:22 | arr indirection [begin] | test.cpp:166:25:166:29 | begin | | test.cpp:166:20:166:22 | arr indirection [begin] | test.cpp:166:25:166:29 | begin indirection | | test.cpp:166:25:166:29 | begin | test.cpp:166:49:166:49 | p | @@ -525,10 +287,6 @@ edges | test.cpp:174:20:174:22 | arr indirection [begin] | test.cpp:174:25:174:29 | begin indirection | | test.cpp:174:25:174:29 | begin | test.cpp:174:48:174:48 | p | | test.cpp:174:25:174:29 | begin indirection | test.cpp:174:48:174:48 | p | -| test.cpp:174:36:174:38 | arr indirection [end] | test.cpp:174:41:174:43 | end | -| test.cpp:174:36:174:38 | arr indirection [end] | test.cpp:174:41:174:43 | end indirection | -| test.cpp:174:41:174:43 | end | test.cpp:171:9:171:14 | Store: ... = ... | -| test.cpp:174:41:174:43 | end indirection | test.cpp:174:41:174:43 | end | | test.cpp:180:19:180:28 | call to mk_array_p indirection [begin] | test.cpp:165:29:165:31 | arr indirection [begin] | | test.cpp:180:19:180:28 | call to mk_array_p indirection [end] | test.cpp:165:29:165:31 | arr indirection [end] | | test.cpp:188:15:188:20 | call to malloc | test.cpp:189:15:189:15 | p | @@ -655,16 +413,6 @@ edges | test.cpp:308:5:308:11 | access to array | test.cpp:308:5:308:29 | Store: ... = ... | | test.cpp:313:14:313:27 | new[] | test.cpp:314:15:314:16 | xs | | test.cpp:325:14:325:27 | new[] | test.cpp:326:15:326:16 | xs | -| test.cpp:326:15:326:16 | xs | test.cpp:326:15:326:23 | ... + ... | -| test.cpp:326:15:326:16 | xs | test.cpp:326:15:326:23 | ... + ... | -| test.cpp:326:15:326:16 | xs | test.cpp:338:8:338:15 | * ... | -| test.cpp:326:15:326:16 | xs | test.cpp:341:8:341:17 | * ... | -| test.cpp:326:15:326:23 | ... + ... | test.cpp:342:8:342:17 | * ... | -| test.cpp:326:15:326:23 | ... + ... | test.cpp:342:8:342:17 | * ... | -| test.cpp:338:8:338:15 | * ... | test.cpp:342:8:342:17 | * ... | -| test.cpp:341:8:341:17 | * ... | test.cpp:342:8:342:17 | * ... | -| test.cpp:342:8:342:17 | * ... | test.cpp:333:5:333:21 | Store: ... = ... | -| test.cpp:342:8:342:17 | * ... | test.cpp:341:5:341:21 | Store: ... = ... | | test.cpp:347:14:347:27 | new[] | test.cpp:348:15:348:16 | xs | | test.cpp:348:15:348:16 | xs | test.cpp:350:16:350:19 | ... ++ | | test.cpp:348:15:348:16 | xs | test.cpp:350:16:350:19 | ... ++ | @@ -720,7 +468,6 @@ edges | test.cpp:358:15:358:26 | end_plus_one | test.cpp:359:14:359:32 | Load: * ... | | test.cpp:358:15:358:26 | end_plus_one | test.cpp:359:14:359:32 | Load: * ... | | test.cpp:358:15:358:26 | end_plus_one | test.cpp:359:16:359:27 | end_plus_one | -| test.cpp:359:16:359:27 | end_plus_one | test.cpp:358:14:358:26 | Load: * ... | | test.cpp:359:16:359:27 | end_plus_one | test.cpp:359:14:359:32 | Load: * ... | | test.cpp:359:16:359:31 | ... + ... | test.cpp:359:14:359:32 | Load: * ... | | test.cpp:363:14:363:27 | new[] | test.cpp:365:15:365:15 | p | @@ -746,15 +493,7 @@ nodes | test.cpp:7:16:7:16 | q | semmle.label | q | | test.cpp:8:14:8:21 | Load: * ... | semmle.label | Load: * ... | | test.cpp:8:16:8:16 | q | semmle.label | q | -| test.cpp:8:16:8:16 | q | semmle.label | q | | test.cpp:8:16:8:20 | ... + ... | semmle.label | ... + ... | -| test.cpp:9:16:9:16 | q | semmle.label | q | -| test.cpp:9:16:9:16 | q | semmle.label | q | -| test.cpp:10:16:10:16 | q | semmle.label | q | -| test.cpp:10:16:10:16 | q | semmle.label | q | -| test.cpp:11:16:11:16 | q | semmle.label | q | -| test.cpp:11:16:11:16 | q | semmle.label | q | -| test.cpp:12:16:12:16 | q | semmle.label | q | | test.cpp:16:15:16:20 | call to malloc | semmle.label | call to malloc | | test.cpp:17:15:17:15 | p | semmle.label | p | | test.cpp:17:15:17:22 | ... + ... | semmle.label | ... + ... | @@ -773,15 +512,7 @@ nodes | test.cpp:31:16:31:16 | q | semmle.label | q | | test.cpp:32:14:32:21 | Load: * ... | semmle.label | Load: * ... | | test.cpp:32:16:32:16 | q | semmle.label | q | -| test.cpp:32:16:32:16 | q | semmle.label | q | | test.cpp:32:16:32:20 | ... + ... | semmle.label | ... + ... | -| test.cpp:33:16:33:16 | q | semmle.label | q | -| test.cpp:33:16:33:16 | q | semmle.label | q | -| test.cpp:34:16:34:16 | q | semmle.label | q | -| test.cpp:34:16:34:16 | q | semmle.label | q | -| test.cpp:35:16:35:16 | q | semmle.label | q | -| test.cpp:35:16:35:16 | q | semmle.label | q | -| test.cpp:36:16:36:16 | q | semmle.label | q | | test.cpp:40:15:40:20 | call to malloc | semmle.label | call to malloc | | test.cpp:41:15:41:15 | p | semmle.label | p | | test.cpp:41:15:41:28 | ... + ... | semmle.label | ... + ... | @@ -795,15 +526,7 @@ nodes | test.cpp:43:16:43:16 | q | semmle.label | q | | test.cpp:44:14:44:21 | Load: * ... | semmle.label | Load: * ... | | test.cpp:44:16:44:16 | q | semmle.label | q | -| test.cpp:44:16:44:16 | q | semmle.label | q | | test.cpp:44:16:44:20 | ... + ... | semmle.label | ... + ... | -| test.cpp:45:16:45:16 | q | semmle.label | q | -| test.cpp:45:16:45:16 | q | semmle.label | q | -| test.cpp:46:16:46:16 | q | semmle.label | q | -| test.cpp:46:16:46:16 | q | semmle.label | q | -| test.cpp:47:16:47:16 | q | semmle.label | q | -| test.cpp:47:16:47:16 | q | semmle.label | q | -| test.cpp:48:16:48:16 | q | semmle.label | q | | test.cpp:51:7:51:14 | mk_array indirection | semmle.label | mk_array indirection | | test.cpp:51:33:51:35 | end | semmle.label | end | | test.cpp:52:19:52:24 | call to malloc | semmle.label | call to malloc | @@ -817,7 +540,6 @@ nodes | test.cpp:66:32:66:34 | end | semmle.label | end | | test.cpp:66:39:66:39 | p | semmle.label | p | | test.cpp:67:9:67:14 | Store: ... = ... | semmle.label | Store: ... = ... | -| test.cpp:70:31:70:33 | end | semmle.label | end | | test.cpp:70:38:70:38 | p | semmle.label | p | | test.cpp:80:9:80:16 | mk_array indirection [begin] | semmle.label | mk_array indirection [begin] | | test.cpp:80:9:80:16 | mk_array indirection [end] | semmle.label | mk_array indirection [end] | @@ -850,9 +572,6 @@ nodes | test.cpp:99:20:99:22 | arr indirection [begin] | semmle.label | arr indirection [begin] | | test.cpp:99:24:99:28 | begin | semmle.label | begin | | test.cpp:99:24:99:28 | begin indirection | semmle.label | begin indirection | -| test.cpp:99:35:99:37 | arr indirection [end] | semmle.label | arr indirection [end] | -| test.cpp:99:39:99:41 | end | semmle.label | end | -| test.cpp:99:39:99:41 | end indirection | semmle.label | end indirection | | test.cpp:99:46:99:46 | p | semmle.label | p | | test.cpp:104:27:104:29 | arr [begin] | semmle.label | arr [begin] | | test.cpp:104:27:104:29 | arr [end] | semmle.label | arr [end] | @@ -874,9 +593,6 @@ nodes | test.cpp:113:20:113:22 | arr indirection [begin] | semmle.label | arr indirection [begin] | | test.cpp:113:24:113:28 | begin | semmle.label | begin | | test.cpp:113:24:113:28 | begin indirection | semmle.label | begin indirection | -| test.cpp:113:35:113:37 | arr indirection [end] | semmle.label | arr indirection [end] | -| test.cpp:113:39:113:41 | end | semmle.label | end | -| test.cpp:113:39:113:41 | end indirection | semmle.label | end indirection | | test.cpp:113:46:113:46 | p | semmle.label | p | | test.cpp:119:18:119:25 | call to mk_array [begin] | semmle.label | call to mk_array [begin] | | test.cpp:119:18:119:25 | call to mk_array [end] | semmle.label | call to mk_array [end] | @@ -942,9 +658,6 @@ nodes | test.cpp:174:20:174:22 | arr indirection [begin] | semmle.label | arr indirection [begin] | | test.cpp:174:25:174:29 | begin | semmle.label | begin | | test.cpp:174:25:174:29 | begin indirection | semmle.label | begin indirection | -| test.cpp:174:36:174:38 | arr indirection [end] | semmle.label | arr indirection [end] | -| test.cpp:174:41:174:43 | end | semmle.label | end | -| test.cpp:174:41:174:43 | end indirection | semmle.label | end indirection | | test.cpp:174:48:174:48 | p | semmle.label | p | | test.cpp:180:19:180:28 | call to mk_array_p indirection [begin] | semmle.label | call to mk_array_p indirection [begin] | | test.cpp:180:19:180:28 | call to mk_array_p indirection [end] | semmle.label | call to mk_array_p indirection [end] | @@ -1029,13 +742,6 @@ nodes | test.cpp:314:15:314:16 | xs | semmle.label | xs | | test.cpp:325:14:325:27 | new[] | semmle.label | new[] | | test.cpp:326:15:326:16 | xs | semmle.label | xs | -| test.cpp:326:15:326:23 | ... + ... | semmle.label | ... + ... | -| test.cpp:326:15:326:23 | ... + ... | semmle.label | ... + ... | -| test.cpp:333:5:333:21 | Store: ... = ... | semmle.label | Store: ... = ... | -| test.cpp:338:8:338:15 | * ... | semmle.label | * ... | -| test.cpp:341:5:341:21 | Store: ... = ... | semmle.label | Store: ... = ... | -| test.cpp:341:8:341:17 | * ... | semmle.label | * ... | -| test.cpp:342:8:342:17 | * ... | semmle.label | * ... | | test.cpp:347:14:347:27 | new[] | semmle.label | new[] | | test.cpp:348:15:348:16 | xs | semmle.label | xs | | test.cpp:350:15:350:19 | Load: * ... | semmle.label | Load: * ... | @@ -1088,8 +794,6 @@ subpaths | test.cpp:264:13:264:14 | Load: * ... | test.cpp:260:13:260:24 | new[] | test.cpp:264:13:264:14 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:260:13:260:24 | new[] | new[] | test.cpp:261:19:261:21 | len | len | | test.cpp:274:5:274:10 | Store: ... = ... | test.cpp:270:13:270:24 | new[] | test.cpp:274:5:274:10 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:270:13:270:24 | new[] | new[] | test.cpp:271:19:271:21 | len | len | | test.cpp:308:5:308:29 | Store: ... = ... | test.cpp:304:15:304:26 | new[] | test.cpp:308:5:308:29 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:304:15:304:26 | new[] | new[] | test.cpp:308:8:308:10 | ... + ... | ... + ... | -| test.cpp:333:5:333:21 | Store: ... = ... | test.cpp:325:14:325:27 | new[] | test.cpp:333:5:333:21 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:325:14:325:27 | new[] | new[] | test.cpp:326:20:326:23 | size | size | -| test.cpp:341:5:341:21 | Store: ... = ... | test.cpp:325:14:325:27 | new[] | test.cpp:341:5:341:21 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:325:14:325:27 | new[] | new[] | test.cpp:326:20:326:23 | size | size | | test.cpp:350:15:350:19 | Load: * ... | test.cpp:347:14:347:27 | new[] | test.cpp:350:15:350:19 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:347:14:347:27 | new[] | new[] | test.cpp:348:20:348:23 | size | size | | test.cpp:358:14:358:26 | Load: * ... | test.cpp:355:14:355:27 | new[] | test.cpp:358:14:358:26 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:355:14:355:27 | new[] | new[] | test.cpp:356:20:356:23 | size | size | | test.cpp:359:14:359:32 | Load: * ... | test.cpp:355:14:355:27 | new[] | test.cpp:359:14:359:32 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 2. | test.cpp:355:14:355:27 | new[] | new[] | test.cpp:356:20:356:23 | size | size | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp index 3711f272e76..5e79aaa4bd9 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp @@ -330,7 +330,7 @@ void test23(unsigned size, int val) { if(*current - xs < 1) return; - *--(*current) = 0; // GOOD [FALSE POSITIVE] + *--(*current) = 0; // GOOD return; } @@ -338,7 +338,7 @@ void test23(unsigned size, int val) { if(*current - xs < 2) return; - *--(*current) = 0; // GOOD [FALSE POSITIVE] + *--(*current) = 0; // GOOD *--(*current) = 0; // GOOD } } From c7c8807f40b4c5e864a4a2d05e15e2d1f4744ad9 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 2 Jun 2023 11:44:47 +0100 Subject: [PATCH 816/870] Swift: Use FieldDecl.hasQualifiedName. --- .../frameworks/StandardLibrary/Collection.qll | 7 ++--- .../frameworks/StandardLibrary/NsString.qll | 29 +++++++++---------- .../frameworks/StandardLibrary/Sequence.qll | 7 +---- .../frameworks/StandardLibrary/String.qll | 22 +++++++------- .../frameworks/StandardLibrary/WebView.qll | 7 +---- .../security/CleartextLoggingExtensions.qll | 7 +---- 6 files changed, 31 insertions(+), 48 deletions(-) diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll index fcbd418f6b9..cf3ff748d48 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll @@ -47,9 +47,8 @@ private class CollectionFieldsInheritTaint extends TaintInheritingContent, DataFlow::Content::FieldContent { CollectionFieldsInheritTaint() { - exists(FieldDecl f | this.getField() = f | - f.getEnclosingDecl().asNominalTypeDecl().getName() = ["Collection", "BidirectionalCollection"] and - f.getName() = ["first", "last"] - ) + this.getField() + .(FieldDecl) + .hasQualifiedName(["Collection", "BidirectionalCollection"], ["first", "last"]) } } diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll index ce8b959fffe..d9743140c34 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll @@ -132,20 +132,19 @@ private class NsStringFieldsInheritTaint extends TaintInheritingContent, DataFlow::Content::FieldContent { NsStringFieldsInheritTaint() { - exists(FieldDecl f | this.getField() = f | - f.getEnclosingDecl().asNominalTypeDecl().getName() = "NSString" and - f.getName() = - [ - "utf8String", "lowercased", "localizedLowedCase", "uppercased", "localizedUppercase", - "capitalized", "localizedCapitalized", "decomposedStringWithCanonicalMapping", - "decomposedStringWithCompatibilityMapping", "precomposedStringWithCanonicalMapping", - "precomposedStringWithCompatibilityMapping", "doubleValue", "floatValue", "intValue", - "integerValue", "longLongValue", "boolValue", "description", "pathComponents", - "fileSystemRepresentation", "lastPathComponent", "pathExtension", - "abbreviatingWithTildeInPath", "deletingLastPathComponent", "deletingPathExtension", - "expandingTildeInPath", "resolvingSymlinksInPath", "standardizingPath", - "removingPercentEncoding" - ] - ) + this.getField() + .(FieldDecl) + .hasQualifiedName("NSString", + [ + "utf8String", "lowercased", "localizedLowedCase", "uppercased", "localizedUppercase", + "capitalized", "localizedCapitalized", "decomposedStringWithCanonicalMapping", + "decomposedStringWithCompatibilityMapping", "precomposedStringWithCanonicalMapping", + "precomposedStringWithCompatibilityMapping", "doubleValue", "floatValue", "intValue", + "integerValue", "longLongValue", "boolValue", "description", "pathComponents", + "fileSystemRepresentation", "lastPathComponent", "pathExtension", + "abbreviatingWithTildeInPath", "deletingLastPathComponent", "deletingPathExtension", + "expandingTildeInPath", "resolvingSymlinksInPath", "standardizingPath", + "removingPercentEncoding" + ]) } } diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll index 8d4eb9eb39d..b4e68513c1d 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll @@ -36,10 +36,5 @@ private class SequenceSummaries extends SummaryModelCsv { private class SequenceFieldsInheritTaint extends TaintInheritingContent, DataFlow::Content::FieldContent { - SequenceFieldsInheritTaint() { - exists(FieldDecl f | this.getField() = f | - f.getEnclosingDecl().asNominalTypeDecl().getName() = "Sequence" and - f.getName() = "lazy" - ) - } + SequenceFieldsInheritTaint() { this.getField().(FieldDecl).hasQualifiedName("Sequence", "lazy") } } diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll index 2df33a0f0f4..51424e2d042 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll @@ -124,16 +124,16 @@ private class StringFieldsInheritTaint extends TaintInheritingContent, DataFlow::Content::FieldContent { StringFieldsInheritTaint() { - exists(FieldDecl f | this.getField() = f | - f.getEnclosingDecl().asNominalTypeDecl().getName() = ["String", "StringProtocol"] and - f.getName() = - [ - "unicodeScalars", "utf8", "utf16", "lazy", "utf8CString", "description", - "debugDescription", "dataValue", "identifierValue", "capitalized", "localizedCapitalized", - "localizedLowercase", "localizedUppercase", "decomposedStringWithCanonicalMapping", - "decomposedStringWithCompatibilityMapping", "precomposedStringWithCanonicalMapping", - "precomposedStringWithCompatibilityMapping", "removingPercentEncoding" - ] - ) + this.getField() + .(FieldDecl) + .hasQualifiedName(["String", "StringProtocol"], + [ + "unicodeScalars", "utf8", "utf16", "lazy", "utf8CString", "description", + "debugDescription", "dataValue", "identifierValue", "capitalized", + "localizedCapitalized", "localizedLowercase", "localizedUppercase", + "decomposedStringWithCanonicalMapping", "decomposedStringWithCompatibilityMapping", + "precomposedStringWithCanonicalMapping", "precomposedStringWithCompatibilityMapping", + "removingPercentEncoding" + ]) } } diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/WebView.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/WebView.qll index 6dd8321388a..b845ee81104 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/WebView.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/WebView.qll @@ -208,10 +208,5 @@ private class WKUserScriptSummaries extends SummaryModelCsv { private class WKUserScriptInheritsTaint extends TaintInheritingContent, DataFlow::Content::FieldContent { - WKUserScriptInheritsTaint() { - exists(FieldDecl f | this.getField() = f | - f.getEnclosingDecl().asNominalTypeDecl().getName() = "WKUserScript" and - f.getName() = "source" - ) - } + WKUserScriptInheritsTaint() { this.getField().hasQualifiedName("WKUserScript", "source") } } diff --git a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll index 935da6a232e..21bf855d1fc 100644 --- a/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll +++ b/swift/ql/lib/codeql/swift/security/CleartextLoggingExtensions.qll @@ -74,12 +74,7 @@ private class OsLogNonRedactedType extends Type { private class OsLogPrivacyRef extends MemberRefExpr { string optionName; - OsLogPrivacyRef() { - exists(FieldDecl f | this.getMember() = f | - f.getEnclosingDecl().asNominalTypeDecl().getName() = "OSLogPrivacy" and - optionName = f.getName() - ) - } + OsLogPrivacyRef() { this.getMember().(FieldDecl).hasQualifiedName("OSLogPrivacy", optionName) } /** Holds if this is a safe privacy option (private or sensitive). */ predicate isSafe() { optionName = ["private", "sensitive"] } From 4c8225724b45a85178b9800402a008a69a9cc3e9 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 2 Jun 2023 12:21:17 +0100 Subject: [PATCH 817/870] Swift: Fix QL-for-QL warnings. --- .../codeql/swift/frameworks/StandardLibrary/Collection.qll | 4 +--- .../lib/codeql/swift/frameworks/StandardLibrary/NsString.qll | 1 - .../lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll | 2 +- .../ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll | 1 - 4 files changed, 2 insertions(+), 6 deletions(-) diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll index cf3ff748d48..6022d4b767a 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Collection.qll @@ -47,8 +47,6 @@ private class CollectionFieldsInheritTaint extends TaintInheritingContent, DataFlow::Content::FieldContent { CollectionFieldsInheritTaint() { - this.getField() - .(FieldDecl) - .hasQualifiedName(["Collection", "BidirectionalCollection"], ["first", "last"]) + this.getField().hasQualifiedName(["Collection", "BidirectionalCollection"], ["first", "last"]) } } diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll index d9743140c34..f866ba23a17 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/NsString.qll @@ -133,7 +133,6 @@ private class NsStringFieldsInheritTaint extends TaintInheritingContent, { NsStringFieldsInheritTaint() { this.getField() - .(FieldDecl) .hasQualifiedName("NSString", [ "utf8String", "lowercased", "localizedLowedCase", "uppercased", "localizedUppercase", diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll index b4e68513c1d..e830b6cc1a4 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Sequence.qll @@ -36,5 +36,5 @@ private class SequenceSummaries extends SummaryModelCsv { private class SequenceFieldsInheritTaint extends TaintInheritingContent, DataFlow::Content::FieldContent { - SequenceFieldsInheritTaint() { this.getField().(FieldDecl).hasQualifiedName("Sequence", "lazy") } + SequenceFieldsInheritTaint() { this.getField().hasQualifiedName("Sequence", "lazy") } } diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll index 51424e2d042..4768521322f 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/String.qll @@ -125,7 +125,6 @@ private class StringFieldsInheritTaint extends TaintInheritingContent, { StringFieldsInheritTaint() { this.getField() - .(FieldDecl) .hasQualifiedName(["String", "StringProtocol"], [ "unicodeScalars", "utf8", "utf16", "lazy", "utf8CString", "description", From 8ac1d56a7f880ad5348b93765db0e83a0a17a7be Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Fri, 2 Jun 2023 16:37:35 +0200 Subject: [PATCH 818/870] C++: Fix join order in `cpp/invalid-pointer-deref` --- .../Security/CWE/CWE-193/InvalidPointerDeref.ql | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql index dbbe398ff7d..88d483dbebc 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql @@ -182,6 +182,8 @@ predicate isSinkImpl( /** * Yields any instruction that is control-flow reachable from `instr`. */ +bindingset[instr, result] +pragma[inline_late] Instruction getASuccessor(Instruction instr) { exists(IRBlock b, int instrIndex, int resultIndex | result.getBlock() = b and @@ -202,11 +204,12 @@ Instruction getASuccessor(Instruction instr) { */ pragma[inline] predicate isInvalidPointerDerefSink(DataFlow::Node sink, Instruction i, string operation, int delta) { - exists(AddressOperand addr | - bounded1(addr.getDef(), sink.asInstruction(), delta) and + exists(AddressOperand addr, Instruction s | + s = sink.asInstruction() and + bounded1(addr.getDef(), s, delta) and delta >= 0 and i.getAnOperand() = addr and - i = getASuccessor(sink.asInstruction()) + i = getASuccessor(s) | i instanceof StoreInstruction and operation = "write" From 5608082f356c8a027f66b12e02983801898d122f Mon Sep 17 00:00:00 2001 From: jorgectf <jorgectf@github.com> Date: Fri, 2 Jun 2023 17:57:24 +0200 Subject: [PATCH 819/870] Update `py/unsafe-deserialization` name --- python/ql/src/Security/CWE-502/UnsafeDeserialization.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/ql/src/Security/CWE-502/UnsafeDeserialization.ql b/python/ql/src/Security/CWE-502/UnsafeDeserialization.ql index 0ef54275827..a15838cdabd 100644 --- a/python/ql/src/Security/CWE-502/UnsafeDeserialization.ql +++ b/python/ql/src/Security/CWE-502/UnsafeDeserialization.ql @@ -1,5 +1,5 @@ /** - * @name Deserializing untrusted input + * @name Deserialization of user-controlled data * @description Deserializing user-controlled data may allow attackers to execute arbitrary code. * @kind path-problem * @id py/unsafe-deserialization From 3e8c7f72b668188981f1f469788109b458d6d26b Mon Sep 17 00:00:00 2001 From: jorgectf <jorgectf@github.com> Date: Fri, 2 Jun 2023 18:20:55 +0200 Subject: [PATCH 820/870] Add changenote --- .../2023-06-02-unsafe-deserialization-name-update.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 python/ql/src/change-notes/2023-06-02-unsafe-deserialization-name-update.md diff --git a/python/ql/src/change-notes/2023-06-02-unsafe-deserialization-name-update.md b/python/ql/src/change-notes/2023-06-02-unsafe-deserialization-name-update.md new file mode 100644 index 00000000000..d786e9dc14d --- /dev/null +++ b/python/ql/src/change-notes/2023-06-02-unsafe-deserialization-name-update.md @@ -0,0 +1,4 @@ +--- +category: fix +--- +* The display name (`@name`) of the `py/unsafe-deserialization` query has been updated in favor of consistency with other languages. \ No newline at end of file From 79b3a8c955fc1a70b482af756ffee1d723be5b62 Mon Sep 17 00:00:00 2001 From: Nick Rolfe <nickrolfe@github.com> Date: Fri, 2 Jun 2023 19:39:24 +0100 Subject: [PATCH 821/870] C#: avoid call to Location::toString() --- csharp/ql/src/Complexity/ComplexCondition.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/csharp/ql/src/Complexity/ComplexCondition.ql b/csharp/ql/src/Complexity/ComplexCondition.ql index 2ebbaa8a362..2813db1cda5 100644 --- a/csharp/ql/src/Complexity/ComplexCondition.ql +++ b/csharp/ql/src/Complexity/ComplexCondition.ql @@ -26,4 +26,4 @@ where operators = count(BinaryLogicalOperation op | logicalParent*(op, e) and nontrivialLogicalOperator(op)) and operators > 3 -select e.getLocation(), "Complex condition: too many logical operations in this expression." +select e, "Complex condition: too many logical operations in this expression." From 5d89b0739b8cfc41120727eb4265e7fda3660ccf Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" <mbg@github.com> Date: Mon, 5 Jun 2023 09:12:21 +0100 Subject: [PATCH 822/870] Swift: Remove .cmd script --- swift/tools/identify-environment.cmd | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 swift/tools/identify-environment.cmd diff --git a/swift/tools/identify-environment.cmd b/swift/tools/identify-environment.cmd deleted file mode 100644 index 7fd1786f31f..00000000000 --- a/swift/tools/identify-environment.cmd +++ /dev/null @@ -1,6 +0,0 @@ -@echo off -SETLOCAL EnableDelayedExpansion - -echo { "swift": { "os": { "name": "macOS" } } } - -ENDLOCAL From 400176f677d90700bef9689db8907271ef92d549 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Mon, 5 Jun 2023 11:12:11 +0200 Subject: [PATCH 823/870] Swift: fix cmake generation The bazel -> cmake generator is currently not capable of handling separate included generated cmake files making use of common C/C++ dependencies. To work around this limitation, a single generated cmake is now in place. Long-term, we should either: * make the cmake generator handle common dependencies gracefully, or * make the cmake generation aspect travel up `pkg_` rules `srcs` attributes so to avoid having to list the targets to be generated in the top-level `BUILD` file. Other things fixed: * removed some warning spam about redefined `BAZEL_CURRENT_REPOSITORY` * fixed the final link step, that was failing because `libswiftCore.so` was not being linked. --- misc/bazel/cmake/cmake.bzl | 35 +++++++------------ swift/BUILD.bazel | 13 +++++++ swift/CMakeLists.txt | 5 +-- swift/extractor/BUILD.bazel | 7 +--- .../tests/assertion-diagnostics/BUILD.bazel | 13 +++---- .../tools/autobuilder-diagnostics/BUILD.bazel | 7 ---- swift/xcode-autobuilder/BUILD.bazel | 11 ++---- 7 files changed, 34 insertions(+), 57 deletions(-) diff --git a/misc/bazel/cmake/cmake.bzl b/misc/bazel/cmake/cmake.bzl index d3c6581677b..85760de476c 100644 --- a/misc/bazel/cmake/cmake.bzl +++ b/misc/bazel/cmake/cmake.bzl @@ -11,8 +11,7 @@ CmakeInfo = provider( "includes": "", "quote_includes": "", "stripped_includes": "", - "imported_static_libs": "", - "imported_dynamic_libs": "", + "imported_libs": "", "copts": "", "linkopts": "", "force_cxx_compilation": "", @@ -41,10 +40,8 @@ def _file_kind(file): return "src" if ext in ("h", "hh", "hpp", "def", "inc"): return "hdr" - if ext == "a": - return "static_lib" - if ext in ("so", "dylib"): - return "dynamic_lib" + if ext in ("a", "so", "dylib"): + return "lib" return None def _get_includes(includes): @@ -70,8 +67,7 @@ def _cmake_aspect_impl(target, ctx): by_kind.setdefault(_file_kind(f), []).append(_cmake_file(f)) hdrs = by_kind.get("hdr", []) srcs = by_kind.get("src", []) - static_libs = by_kind.get("static_lib", []) - dynamic_libs = by_kind.get("dynamic_lib", []) + libs = by_kind.get("lib", []) if not srcs and is_binary: empty = ctx.actions.declare_file(name + "_empty.cpp") ctx.actions.write(empty, "") @@ -134,12 +130,15 @@ def _cmake_aspect_impl(target, ctx): system_includes = system_includes, quote_includes = quote_includes, stripped_includes = stripped_includes, - imported_static_libs = static_libs, - imported_dynamic_libs = dynamic_libs, + imported_libs = libs, copts = copts, linkopts = linkopts, defines = compilation_ctx.defines.to_list(), - local_defines = compilation_ctx.local_defines.to_list(), + local_defines = [ + d + for d in compilation_ctx.local_defines.to_list() + if not d.startswith("BAZEL_CURRENT_REPOSITORY") + ], force_cxx_compilation = force_cxx_compilation, transitive_deps = depset(deps, transitive = [dep.transitive_deps for dep in deps]), ), @@ -156,20 +155,10 @@ def _map_cmake_info(info, is_windows): commands = [ "add_%s(%s)" % (info.kind, args), ] - if info.imported_static_libs and info.imported_dynamic_libs: - commands += [ - "if(BUILD_SHARED_LIBS)", - " target_link_libraries(%s %s %s)" % - (info.name, info.modifier or "PUBLIC", " ".join(info.imported_dynamic_libs)), - "else()", - " target_link_libraries(%s %s %s)" % - (info.name, info.modifier or "PUBLIC", " ".join(info.imported_static_libs)), - "endif()", - ] - elif info.imported_static_libs or info.imported_dynamic_libs: + if info.imported_libs: commands += [ "target_link_libraries(%s %s %s)" % - (info.name, info.modifier or "PUBLIC", " ".join(info.imported_dynamic_lib + info.imported_static_libs)), + (info.name, info.modifier or "PUBLIC", " ".join(info.imported_libs)), ] if info.deps: libs = {} diff --git a/swift/BUILD.bazel b/swift/BUILD.bazel index c4e41bb0817..59cafbba609 100644 --- a/swift/BUILD.bazel +++ b/swift/BUILD.bazel @@ -2,6 +2,7 @@ load("@rules_pkg//:mappings.bzl", "pkg_attributes", "pkg_filegroup", "pkg_files" load("@rules_pkg//:install.bzl", "pkg_install") load("//:defs.bzl", "codeql_platform") load("//misc/bazel:pkg_runfiles.bzl", "pkg_runfiles") +load("//misc/bazel/cmake:cmake.bzl", "generate_cmake") filegroup( name = "schema", @@ -106,3 +107,15 @@ py_binary( main = "create_extractor_pack.py", deps = [":_create_extractor_pack"], ) + +generate_cmake( + name = "cmake", + targets = [ + "//swift/extractor:extractor.real", + "//swift/logging/tests/assertion-diagnostics:assert-false", + ] + select({ + "@platforms//os:linux": ["//swift/tools/autobuilder-diagnostics:incompatible-os"], + "@platforms//os:macos": ["//swift/xcode-autobuilder"], + }), + visibility = ["//visibility:public"], +) diff --git a/swift/CMakeLists.txt b/swift/CMakeLists.txt index fbc55187567..ba4a30d5c4a 100644 --- a/swift/CMakeLists.txt +++ b/swift/CMakeLists.txt @@ -17,7 +17,4 @@ project(codeql) include(../misc/bazel/cmake/setup.cmake) -include_generated(//swift/extractor:cmake) -if (APPLE) - include_generated(//swift/xcode-autobuilder:cmake) -endif () +include_generated(//swift:cmake) diff --git a/swift/extractor/BUILD.bazel b/swift/extractor/BUILD.bazel index 26077dadbd8..984c205d97b 100644 --- a/swift/extractor/BUILD.bazel +++ b/swift/extractor/BUILD.bazel @@ -8,6 +8,7 @@ swift_cc_binary( "*.h", "*.cpp", ]), + visibility = ["//swift:__pkg__"], deps = [ "//swift/extractor/config", "//swift/extractor/infra", @@ -19,12 +20,6 @@ swift_cc_binary( ], ) -generate_cmake( - name = "cmake", - targets = [":extractor.real"], - visibility = ["//visibility:public"], -) - sh_binary( name = "extractor", srcs = ["extractor.sh"], diff --git a/swift/logging/tests/assertion-diagnostics/BUILD.bazel b/swift/logging/tests/assertion-diagnostics/BUILD.bazel index 52c3125a567..e51459e1e17 100644 --- a/swift/logging/tests/assertion-diagnostics/BUILD.bazel +++ b/swift/logging/tests/assertion-diagnostics/BUILD.bazel @@ -4,7 +4,7 @@ load("//misc/bazel/cmake:cmake.bzl", "generate_cmake") swift_cc_binary( name = "assert-false", srcs = ["AssertFalse.cpp"], - visibility = ["//visibility:private"], + visibility = ["//swift:__pkg__"], deps = [ "//swift/logging", ], @@ -14,12 +14,9 @@ py_test( name = "test", size = "small", srcs = ["test.py"], + data = [ + "diagnostics.expected", + ":assert-false", + ], deps = ["//swift/integration-tests:integration_tests"], - data = [":assert-false", "diagnostics.expected"], -) - -generate_cmake( - name = "cmake", - targets = [":assert-false"], - visibility = ["//visibility:public"], ) diff --git a/swift/tools/autobuilder-diagnostics/BUILD.bazel b/swift/tools/autobuilder-diagnostics/BUILD.bazel index 77d90121155..32d6ce703e9 100644 --- a/swift/tools/autobuilder-diagnostics/BUILD.bazel +++ b/swift/tools/autobuilder-diagnostics/BUILD.bazel @@ -1,5 +1,4 @@ load("//swift:rules.bzl", "swift_cc_binary") -load("//misc/bazel/cmake:cmake.bzl", "generate_cmake") swift_cc_binary( name = "incompatible-os", @@ -9,9 +8,3 @@ swift_cc_binary( "//swift/logging", ], ) - -generate_cmake( - name = "cmake", - targets = [":incompatible-os"], - visibility = ["//visibility:public"], -) diff --git a/swift/xcode-autobuilder/BUILD.bazel b/swift/xcode-autobuilder/BUILD.bazel index d497666f3e2..13d6e9818ff 100644 --- a/swift/xcode-autobuilder/BUILD.bazel +++ b/swift/xcode-autobuilder/BUILD.bazel @@ -1,5 +1,4 @@ load("//swift:rules.bzl", "swift_cc_binary") -load("//misc/bazel/cmake:cmake.bzl", "generate_cmake") swift_cc_binary( name = "xcode-autobuilder", @@ -7,20 +6,14 @@ swift_cc_binary( "*.cpp", "*.h", ]), - visibility = ["//swift:__subpackages__"], linkopts = [ "-lxml2", "-framework CoreFoundation", ], target_compatible_with = ["@platforms//os:macos"], + visibility = ["//swift:__subpackages__"], deps = [ - "@absl//absl/strings", "//swift/logging", + "@absl//absl/strings", ], ) - -generate_cmake( - name = "cmake", - targets = [":xcode-autobuilder"], - visibility = ["//visibility:public"], -) From dadb5b34e69fadd5d9bcef12656f382a4f5db38d Mon Sep 17 00:00:00 2001 From: Nick Rolfe <nickrolfe@github.com> Date: Mon, 5 Jun 2023 10:19:27 +0100 Subject: [PATCH 824/870] C#: avoid call to Location::toString() in cs/expose-implementation --- .../Implementation Hiding/ExposeRepresentation.ql | 2 +- .../ExposeRepresentation/ExposeRepresentation.expected | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/csharp/ql/src/Bad Practices/Implementation Hiding/ExposeRepresentation.ql b/csharp/ql/src/Bad Practices/Implementation Hiding/ExposeRepresentation.ql index e9f9b6cb8c6..3aec796daf7 100644 --- a/csharp/ql/src/Bad Practices/Implementation Hiding/ExposeRepresentation.ql +++ b/csharp/ql/src/Bad Practices/Implementation Hiding/ExposeRepresentation.ql @@ -78,4 +78,4 @@ where exposesByStore(c, f, why, whyText) select c, "'" + c.getName() + "' exposes the internal representation stored in field '" + f.getName() + - "'. The value may be modified $@.", why.getLocation(), whyText + "'. The value may be modified $@.", why, whyText diff --git a/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/ExposeRepresentation/ExposeRepresentation.expected b/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/ExposeRepresentation/ExposeRepresentation.expected index 92f7365adeb..f4b2fcbf837 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/ExposeRepresentation/ExposeRepresentation.expected +++ b/csharp/ql/test/query-tests/Bad Practices/Implementation Hiding/ExposeRepresentation/ExposeRepresentation.expected @@ -1,2 +1,2 @@ -| ExposeRepresentation.cs:8:21:8:23 | Set | 'Set' exposes the internal representation stored in field 'rarray'. The value may be modified $@. | ExposeRepresentation.cs:16:9:16:9 | ExposeRepresentation.cs:16:9:16:9 | through the variable a | -| ExposeRepresentationBad.cs:18:22:18:24 | Get | 'Get' exposes the internal representation stored in field 'rarray'. The value may be modified $@. | ExposeRepresentationBad.cs:24:23:24:29 | ExposeRepresentationBad.cs:24:23:24:29 | after this call to Get | +| ExposeRepresentation.cs:8:21:8:23 | Set | 'Set' exposes the internal representation stored in field 'rarray'. The value may be modified $@. | ExposeRepresentation.cs:16:9:16:9 | access to local variable a | through the variable a | +| ExposeRepresentationBad.cs:18:22:18:24 | Get | 'Get' exposes the internal representation stored in field 'rarray'. The value may be modified $@. | ExposeRepresentationBad.cs:24:23:24:29 | call to method Get | after this call to Get | From be9d32a6c1bbcbfb13d3fb604a1e81bbaff385b7 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Mon, 5 Jun 2023 11:43:48 +0200 Subject: [PATCH 825/870] Bazel/CMake: make include not use cmake include ...but rather just pass along targets. This is required to fix CMake generation in the internal repository. --- misc/bazel/cmake/cmake.bzl | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/misc/bazel/cmake/cmake.bzl b/misc/bazel/cmake/cmake.bzl index 85760de476c..653725e5641 100644 --- a/misc/bazel/cmake/cmake.bzl +++ b/misc/bazel/cmake/cmake.bzl @@ -212,7 +212,7 @@ def _map_cmake_info(info, is_windows): GeneratedCmakeFiles = provider( fields = { - "files": "", + "targets": "", }, ) @@ -221,7 +221,11 @@ def _generate_cmake_impl(ctx): inputs = [] infos = {} - for dep in ctx.attr.targets: + targets = list(ctx.attr.targets) + for include in ctx.attr.includes: + targets += include[GeneratedCmakeFiles].targets.to_list() + + for dep in targets: for info in [dep[CmakeInfo]] + dep[CmakeInfo].transitive_deps.to_list(): if info.name != None: inputs += info.inputs @@ -233,11 +237,6 @@ def _generate_cmake_impl(ctx): commands += _map_cmake_info(info, is_windows) commands.append("") - for include in ctx.attr.includes: - for file in include[GeneratedCmakeFiles].files.to_list(): - inputs.append(file) - commands.append("include(${BAZEL_EXEC_ROOT}/%s)" % file.path) - # we want to use a run or run_shell action to register a bunch of files like inputs, but we cannot write all # in a shell command as we would hit the command size limit. So we first write the file and then copy it with # the dummy inputs @@ -248,7 +247,7 @@ def _generate_cmake_impl(ctx): return [ DefaultInfo(files = depset([output])), - GeneratedCmakeFiles(files = depset([output])), + GeneratedCmakeFiles(targets = depset(ctx.attr.targets)), ] generate_cmake = rule( From c67a350e366671a46b737a30a594fb44515aad7a Mon Sep 17 00:00:00 2001 From: Nick Rolfe <nickrolfe@github.com> Date: Mon, 5 Jun 2023 10:44:22 +0100 Subject: [PATCH 826/870] Python: avoid selecting getLocation() in py/unnecessary-delete --- python/ql/src/Statements/UnnecessaryDelete.ql | 4 ++-- .../query-tests/Statements/general/UnnecessaryDelete.expected | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/python/ql/src/Statements/UnnecessaryDelete.ql b/python/ql/src/Statements/UnnecessaryDelete.ql index 429e245fea7..808a3f3a0d3 100644 --- a/python/ql/src/Statements/UnnecessaryDelete.ql +++ b/python/ql/src/Statements/UnnecessaryDelete.ql @@ -36,5 +36,5 @@ where ex = Value::named("sys.exc_info") and ex.getACall().getScope() = f ) -select del, "Unnecessary deletion of local variable $@ in function $@.", e.getLocation(), - e.toString(), f.getLocation(), f.getName() +select del, "Unnecessary deletion of local variable $@ in function $@.", e, e.toString(), f, + f.getName() diff --git a/python/ql/test/query-tests/Statements/general/UnnecessaryDelete.expected b/python/ql/test/query-tests/Statements/general/UnnecessaryDelete.expected index d7dda673775..137ee59e4f2 100644 --- a/python/ql/test/query-tests/Statements/general/UnnecessaryDelete.expected +++ b/python/ql/test/query-tests/Statements/general/UnnecessaryDelete.expected @@ -1 +1 @@ -| statements_test.py:187:5:187:9 | Delete | Unnecessary deletion of local variable $@ in function $@. | statements_test.py:187:9:187:9 | statements_test.py:187 | x | statements_test.py:185:1:185:31 | statements_test.py:185 | error_unnecessary_delete | +| statements_test.py:187:5:187:9 | Delete | Unnecessary deletion of local variable $@ in function $@. | statements_test.py:187:9:187:9 | x | x | statements_test.py:185:1:185:31 | Function error_unnecessary_delete | error_unnecessary_delete | From 11182e4ee4d0313efb99c84050c0ba82319c3f40 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Mon, 5 Jun 2023 12:36:25 +0200 Subject: [PATCH 827/870] C++: Move location where `getASuccessor` is used to avoid join order problems --- .../Security/CWE/CWE-193/InvalidPointerDeref.ql | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql index 88d483dbebc..4e5e06775bb 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql @@ -208,8 +208,7 @@ predicate isInvalidPointerDerefSink(DataFlow::Node sink, Instruction i, string o s = sink.asInstruction() and bounded1(addr.getDef(), s, delta) and delta >= 0 and - i.getAnOperand() = addr and - i = getASuccessor(s) + i.getAnOperand() = addr | i instanceof StoreInstruction and operation = "write" @@ -267,7 +266,8 @@ newtype TMergedPathNode = TPathNodeSink(Instruction i) { exists(DataFlow::Node n | InvalidPointerToDerefFlow::flowTo(n) and - isInvalidPointerDerefSink(n, i, _, _) + isInvalidPointerDerefSink(n, i, _, _) and + i = getASuccessor(n.asInstruction()) ) } From 02395867c8ce76f80905e71a38bdf2f0db45ccd0 Mon Sep 17 00:00:00 2001 From: Nick Rolfe <nickrolfe@github.com> Date: Mon, 5 Jun 2023 11:14:43 +0100 Subject: [PATCH 828/870] Python: avoid selecting getLocation() in py/truncated-division --- python/ql/src/Expressions/TruncatedDivision.ql | 2 +- .../test/2/query-tests/Expressions/TruncatedDivision.expected | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/python/ql/src/Expressions/TruncatedDivision.ql b/python/ql/src/Expressions/TruncatedDivision.ql index 0904081f5ff..54758b4b78e 100644 --- a/python/ql/src/Expressions/TruncatedDivision.ql +++ b/python/ql/src/Expressions/TruncatedDivision.ql @@ -34,4 +34,4 @@ where ) ) select div, "Result of division may be truncated as its $@ and $@ arguments may both be integers.", - left.getLocation(), "left", right.getLocation(), "right" + left, "left", right, "right" diff --git a/python/ql/test/2/query-tests/Expressions/TruncatedDivision.expected b/python/ql/test/2/query-tests/Expressions/TruncatedDivision.expected index b22b9b5a2f2..b6407cdca12 100644 --- a/python/ql/test/2/query-tests/Expressions/TruncatedDivision.expected +++ b/python/ql/test/2/query-tests/Expressions/TruncatedDivision.expected @@ -1,2 +1,2 @@ -| TruncatedDivision_test.py:65:7:65:11 | BinaryExpr | Result of division may be truncated as its $@ and $@ arguments may both be integers. | TruncatedDivision_test.py:65:7:65:7 | TruncatedDivision_test.py:65 | left | TruncatedDivision_test.py:65:11:65:11 | TruncatedDivision_test.py:65 | right | -| TruncatedDivision_test.py:72:7:72:35 | BinaryExpr | Result of division may be truncated as its $@ and $@ arguments may both be integers. | TruncatedDivision_test.py:25:12:25:12 | TruncatedDivision_test.py:25 | left | TruncatedDivision_test.py:28:12:28:12 | TruncatedDivision_test.py:28 | right | +| TruncatedDivision_test.py:65:7:65:11 | BinaryExpr | Result of division may be truncated as its $@ and $@ arguments may both be integers. | TruncatedDivision_test.py:65:7:65:7 | ControlFlowNode for IntegerLiteral | left | TruncatedDivision_test.py:65:11:65:11 | ControlFlowNode for IntegerLiteral | right | +| TruncatedDivision_test.py:72:7:72:35 | BinaryExpr | Result of division may be truncated as its $@ and $@ arguments may both be integers. | TruncatedDivision_test.py:25:12:25:12 | ControlFlowNode for IntegerLiteral | left | TruncatedDivision_test.py:28:12:28:12 | ControlFlowNode for IntegerLiteral | right | From a4a7ad8f99f23c3a5be4602030e6d6acea27eb75 Mon Sep 17 00:00:00 2001 From: Ian Lynagh <igfoo@github.com> Date: Mon, 5 Jun 2023 13:20:14 +0100 Subject: [PATCH 829/870] Java/Kotlin: Split lines of code by language We were giving the sum of all lines for both languages, but labelling it as "Total lines of Java code in the database", which was confusing. Now we give separate sums for Kotlin and Java lines. --- java/ql/src/Metrics/Summaries/LinesOfCode.ql | 6 +++--- .../src/Metrics/Summaries/LinesOfCodeKotlin.ql | 18 ++++++++++++++++++ 2 files changed, 21 insertions(+), 3 deletions(-) create mode 100644 java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql diff --git a/java/ql/src/Metrics/Summaries/LinesOfCode.ql b/java/ql/src/Metrics/Summaries/LinesOfCode.ql index c1b43c2a3d9..62c19d1b932 100644 --- a/java/ql/src/Metrics/Summaries/LinesOfCode.ql +++ b/java/ql/src/Metrics/Summaries/LinesOfCode.ql @@ -1,8 +1,8 @@ /** * @id java/summary/lines-of-code * @name Total lines of Java code in the database - * @description The total number of lines of code across all files. This is a useful metric of the size of a database. - * For all files that were seen during the build, this query counts the lines of code, excluding whitespace + * @description The total number of lines of code across all Java files. This is a useful metric of the size of a database. + * For all Java files that were seen during the build, this query counts the lines of code, excluding whitespace * or comments. * @kind metric * @tags summary @@ -11,4 +11,4 @@ import java -select sum(CompilationUnit f | f.fromSource() | f.getNumberOfLinesOfCode()) +select sum(CompilationUnit f | f.fromSource() and f.isJavaSourceFile() | f.getNumberOfLinesOfCode()) diff --git a/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql b/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql new file mode 100644 index 00000000000..0093bc0a98f --- /dev/null +++ b/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql @@ -0,0 +1,18 @@ +/** + * @id java/summary/lines-of-code-kotlin + * @name Total lines of Kotlin code in the database + * @description The total number of lines of code across all Kotlin files. This is a useful metric of the size of a database. + * For all Kotlin files that were seen during the build, this query counts the lines of code, excluding whitespace + * or comments. + * @kind metric + * @tags summary + * lines-of-code + */ + +import java + +select sum(CompilationUnit f | + f.fromSource() and f.isKotlinSourceFile() + | + f.getNumberOfLinesOfCode() + ) From 7f7b048f50d2a22dd22e3b3a163b5b97fc842805 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Mon, 5 Jun 2023 15:00:11 +0200 Subject: [PATCH 830/870] C++: Update expected test results --- .../InvalidPointerDeref.expected | 290 ++++++++++++++++++ 1 file changed, 290 insertions(+) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected index 418251cf6db..7cb0738c580 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected @@ -9,7 +9,15 @@ edges | test.cpp:5:15:5:15 | p | test.cpp:7:16:7:16 | q | | test.cpp:5:15:5:15 | p | test.cpp:7:16:7:16 | q | | test.cpp:5:15:5:15 | p | test.cpp:8:16:8:16 | q | +| test.cpp:5:15:5:15 | p | test.cpp:8:16:8:16 | q | | test.cpp:5:15:5:15 | p | test.cpp:8:16:8:20 | ... + ... | +| test.cpp:5:15:5:15 | p | test.cpp:9:16:9:16 | q | +| test.cpp:5:15:5:15 | p | test.cpp:9:16:9:16 | q | +| test.cpp:5:15:5:15 | p | test.cpp:10:16:10:16 | q | +| test.cpp:5:15:5:15 | p | test.cpp:10:16:10:16 | q | +| test.cpp:5:15:5:15 | p | test.cpp:11:16:11:16 | q | +| test.cpp:5:15:5:15 | p | test.cpp:11:16:11:16 | q | +| test.cpp:5:15:5:15 | p | test.cpp:12:16:12:16 | q | | test.cpp:5:15:5:22 | ... + ... | test.cpp:5:15:5:22 | ... + ... | | test.cpp:5:15:5:22 | ... + ... | test.cpp:5:15:5:22 | ... + ... | | test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | Load: * ... | @@ -30,6 +38,22 @@ edges | test.cpp:5:15:5:22 | ... + ... | test.cpp:8:14:8:21 | Load: * ... | | test.cpp:5:15:5:22 | ... + ... | test.cpp:8:16:8:16 | q | | test.cpp:5:15:5:22 | ... + ... | test.cpp:8:16:8:16 | q | +| test.cpp:5:15:5:22 | ... + ... | test.cpp:8:16:8:16 | q | +| test.cpp:5:15:5:22 | ... + ... | test.cpp:8:16:8:16 | q | +| test.cpp:5:15:5:22 | ... + ... | test.cpp:9:16:9:16 | q | +| test.cpp:5:15:5:22 | ... + ... | test.cpp:9:16:9:16 | q | +| test.cpp:5:15:5:22 | ... + ... | test.cpp:9:16:9:16 | q | +| test.cpp:5:15:5:22 | ... + ... | test.cpp:9:16:9:16 | q | +| test.cpp:5:15:5:22 | ... + ... | test.cpp:10:16:10:16 | q | +| test.cpp:5:15:5:22 | ... + ... | test.cpp:10:16:10:16 | q | +| test.cpp:5:15:5:22 | ... + ... | test.cpp:10:16:10:16 | q | +| test.cpp:5:15:5:22 | ... + ... | test.cpp:10:16:10:16 | q | +| test.cpp:5:15:5:22 | ... + ... | test.cpp:11:16:11:16 | q | +| test.cpp:5:15:5:22 | ... + ... | test.cpp:11:16:11:16 | q | +| test.cpp:5:15:5:22 | ... + ... | test.cpp:11:16:11:16 | q | +| test.cpp:5:15:5:22 | ... + ... | test.cpp:11:16:11:16 | q | +| test.cpp:5:15:5:22 | ... + ... | test.cpp:12:16:12:16 | q | +| test.cpp:5:15:5:22 | ... + ... | test.cpp:12:16:12:16 | q | | test.cpp:6:15:6:15 | q | test.cpp:6:14:6:15 | Load: * ... | | test.cpp:6:15:6:15 | q | test.cpp:6:14:6:15 | Load: * ... | | test.cpp:6:15:6:15 | q | test.cpp:7:16:7:16 | q | @@ -37,11 +61,62 @@ edges | test.cpp:6:15:6:15 | q | test.cpp:8:14:8:21 | Load: * ... | | test.cpp:6:15:6:15 | q | test.cpp:8:14:8:21 | Load: * ... | | test.cpp:6:15:6:15 | q | test.cpp:8:16:8:16 | q | +| test.cpp:6:15:6:15 | q | test.cpp:8:16:8:16 | q | +| test.cpp:6:15:6:15 | q | test.cpp:9:16:9:16 | q | +| test.cpp:6:15:6:15 | q | test.cpp:9:16:9:16 | q | +| test.cpp:6:15:6:15 | q | test.cpp:10:16:10:16 | q | +| test.cpp:6:15:6:15 | q | test.cpp:10:16:10:16 | q | +| test.cpp:6:15:6:15 | q | test.cpp:11:16:11:16 | q | +| test.cpp:6:15:6:15 | q | test.cpp:11:16:11:16 | q | +| test.cpp:6:15:6:15 | q | test.cpp:12:16:12:16 | q | +| test.cpp:7:16:7:16 | q | test.cpp:6:14:6:15 | Load: * ... | +| test.cpp:7:16:7:16 | q | test.cpp:6:14:6:15 | Load: * ... | | test.cpp:7:16:7:16 | q | test.cpp:8:14:8:21 | Load: * ... | | test.cpp:7:16:7:16 | q | test.cpp:8:14:8:21 | Load: * ... | | test.cpp:7:16:7:16 | q | test.cpp:8:16:8:16 | q | +| test.cpp:7:16:7:16 | q | test.cpp:8:16:8:16 | q | +| test.cpp:7:16:7:16 | q | test.cpp:9:16:9:16 | q | +| test.cpp:7:16:7:16 | q | test.cpp:9:16:9:16 | q | +| test.cpp:7:16:7:16 | q | test.cpp:10:16:10:16 | q | +| test.cpp:7:16:7:16 | q | test.cpp:10:16:10:16 | q | +| test.cpp:7:16:7:16 | q | test.cpp:11:16:11:16 | q | +| test.cpp:7:16:7:16 | q | test.cpp:11:16:11:16 | q | +| test.cpp:7:16:7:16 | q | test.cpp:12:16:12:16 | q | +| test.cpp:8:16:8:16 | q | test.cpp:6:14:6:15 | Load: * ... | +| test.cpp:8:16:8:16 | q | test.cpp:6:14:6:15 | Load: * ... | | test.cpp:8:16:8:16 | q | test.cpp:8:14:8:21 | Load: * ... | +| test.cpp:8:16:8:16 | q | test.cpp:8:14:8:21 | Load: * ... | +| test.cpp:8:16:8:16 | q | test.cpp:9:16:9:16 | q | +| test.cpp:8:16:8:16 | q | test.cpp:9:16:9:16 | q | +| test.cpp:8:16:8:16 | q | test.cpp:10:16:10:16 | q | +| test.cpp:8:16:8:16 | q | test.cpp:10:16:10:16 | q | +| test.cpp:8:16:8:16 | q | test.cpp:11:16:11:16 | q | +| test.cpp:8:16:8:16 | q | test.cpp:11:16:11:16 | q | +| test.cpp:8:16:8:16 | q | test.cpp:12:16:12:16 | q | | test.cpp:8:16:8:20 | ... + ... | test.cpp:8:14:8:21 | Load: * ... | +| test.cpp:9:16:9:16 | q | test.cpp:6:14:6:15 | Load: * ... | +| test.cpp:9:16:9:16 | q | test.cpp:6:14:6:15 | Load: * ... | +| test.cpp:9:16:9:16 | q | test.cpp:8:14:8:21 | Load: * ... | +| test.cpp:9:16:9:16 | q | test.cpp:8:14:8:21 | Load: * ... | +| test.cpp:9:16:9:16 | q | test.cpp:10:16:10:16 | q | +| test.cpp:9:16:9:16 | q | test.cpp:10:16:10:16 | q | +| test.cpp:9:16:9:16 | q | test.cpp:11:16:11:16 | q | +| test.cpp:9:16:9:16 | q | test.cpp:11:16:11:16 | q | +| test.cpp:9:16:9:16 | q | test.cpp:12:16:12:16 | q | +| test.cpp:10:16:10:16 | q | test.cpp:6:14:6:15 | Load: * ... | +| test.cpp:10:16:10:16 | q | test.cpp:6:14:6:15 | Load: * ... | +| test.cpp:10:16:10:16 | q | test.cpp:8:14:8:21 | Load: * ... | +| test.cpp:10:16:10:16 | q | test.cpp:8:14:8:21 | Load: * ... | +| test.cpp:10:16:10:16 | q | test.cpp:11:16:11:16 | q | +| test.cpp:10:16:10:16 | q | test.cpp:11:16:11:16 | q | +| test.cpp:10:16:10:16 | q | test.cpp:12:16:12:16 | q | +| test.cpp:11:16:11:16 | q | test.cpp:6:14:6:15 | Load: * ... | +| test.cpp:11:16:11:16 | q | test.cpp:6:14:6:15 | Load: * ... | +| test.cpp:11:16:11:16 | q | test.cpp:8:14:8:21 | Load: * ... | +| test.cpp:11:16:11:16 | q | test.cpp:8:14:8:21 | Load: * ... | +| test.cpp:11:16:11:16 | q | test.cpp:12:16:12:16 | q | +| test.cpp:12:16:12:16 | q | test.cpp:6:14:6:15 | Load: * ... | +| test.cpp:12:16:12:16 | q | test.cpp:8:14:8:21 | Load: * ... | | test.cpp:16:15:16:20 | call to malloc | test.cpp:17:15:17:15 | p | | test.cpp:17:15:17:15 | p | test.cpp:17:15:17:22 | ... + ... | | test.cpp:17:15:17:15 | p | test.cpp:20:16:20:20 | ... + ... | @@ -57,7 +132,15 @@ edges | test.cpp:29:15:29:15 | p | test.cpp:31:16:31:16 | q | | test.cpp:29:15:29:15 | p | test.cpp:31:16:31:16 | q | | test.cpp:29:15:29:15 | p | test.cpp:32:16:32:16 | q | +| test.cpp:29:15:29:15 | p | test.cpp:32:16:32:16 | q | | test.cpp:29:15:29:15 | p | test.cpp:32:16:32:20 | ... + ... | +| test.cpp:29:15:29:15 | p | test.cpp:33:16:33:16 | q | +| test.cpp:29:15:29:15 | p | test.cpp:33:16:33:16 | q | +| test.cpp:29:15:29:15 | p | test.cpp:34:16:34:16 | q | +| test.cpp:29:15:29:15 | p | test.cpp:34:16:34:16 | q | +| test.cpp:29:15:29:15 | p | test.cpp:35:16:35:16 | q | +| test.cpp:29:15:29:15 | p | test.cpp:35:16:35:16 | q | +| test.cpp:29:15:29:15 | p | test.cpp:36:16:36:16 | q | | test.cpp:29:15:29:28 | ... + ... | test.cpp:29:15:29:28 | ... + ... | | test.cpp:29:15:29:28 | ... + ... | test.cpp:29:15:29:28 | ... + ... | | test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | Load: * ... | @@ -78,6 +161,22 @@ edges | test.cpp:29:15:29:28 | ... + ... | test.cpp:32:14:32:21 | Load: * ... | | test.cpp:29:15:29:28 | ... + ... | test.cpp:32:16:32:16 | q | | test.cpp:29:15:29:28 | ... + ... | test.cpp:32:16:32:16 | q | +| test.cpp:29:15:29:28 | ... + ... | test.cpp:32:16:32:16 | q | +| test.cpp:29:15:29:28 | ... + ... | test.cpp:32:16:32:16 | q | +| test.cpp:29:15:29:28 | ... + ... | test.cpp:33:16:33:16 | q | +| test.cpp:29:15:29:28 | ... + ... | test.cpp:33:16:33:16 | q | +| test.cpp:29:15:29:28 | ... + ... | test.cpp:33:16:33:16 | q | +| test.cpp:29:15:29:28 | ... + ... | test.cpp:33:16:33:16 | q | +| test.cpp:29:15:29:28 | ... + ... | test.cpp:34:16:34:16 | q | +| test.cpp:29:15:29:28 | ... + ... | test.cpp:34:16:34:16 | q | +| test.cpp:29:15:29:28 | ... + ... | test.cpp:34:16:34:16 | q | +| test.cpp:29:15:29:28 | ... + ... | test.cpp:34:16:34:16 | q | +| test.cpp:29:15:29:28 | ... + ... | test.cpp:35:16:35:16 | q | +| test.cpp:29:15:29:28 | ... + ... | test.cpp:35:16:35:16 | q | +| test.cpp:29:15:29:28 | ... + ... | test.cpp:35:16:35:16 | q | +| test.cpp:29:15:29:28 | ... + ... | test.cpp:35:16:35:16 | q | +| test.cpp:29:15:29:28 | ... + ... | test.cpp:36:16:36:16 | q | +| test.cpp:29:15:29:28 | ... + ... | test.cpp:36:16:36:16 | q | | test.cpp:30:15:30:15 | q | test.cpp:30:14:30:15 | Load: * ... | | test.cpp:30:15:30:15 | q | test.cpp:30:14:30:15 | Load: * ... | | test.cpp:30:15:30:15 | q | test.cpp:31:16:31:16 | q | @@ -85,11 +184,62 @@ edges | test.cpp:30:15:30:15 | q | test.cpp:32:14:32:21 | Load: * ... | | test.cpp:30:15:30:15 | q | test.cpp:32:14:32:21 | Load: * ... | | test.cpp:30:15:30:15 | q | test.cpp:32:16:32:16 | q | +| test.cpp:30:15:30:15 | q | test.cpp:32:16:32:16 | q | +| test.cpp:30:15:30:15 | q | test.cpp:33:16:33:16 | q | +| test.cpp:30:15:30:15 | q | test.cpp:33:16:33:16 | q | +| test.cpp:30:15:30:15 | q | test.cpp:34:16:34:16 | q | +| test.cpp:30:15:30:15 | q | test.cpp:34:16:34:16 | q | +| test.cpp:30:15:30:15 | q | test.cpp:35:16:35:16 | q | +| test.cpp:30:15:30:15 | q | test.cpp:35:16:35:16 | q | +| test.cpp:30:15:30:15 | q | test.cpp:36:16:36:16 | q | +| test.cpp:31:16:31:16 | q | test.cpp:30:14:30:15 | Load: * ... | +| test.cpp:31:16:31:16 | q | test.cpp:30:14:30:15 | Load: * ... | | test.cpp:31:16:31:16 | q | test.cpp:32:14:32:21 | Load: * ... | | test.cpp:31:16:31:16 | q | test.cpp:32:14:32:21 | Load: * ... | | test.cpp:31:16:31:16 | q | test.cpp:32:16:32:16 | q | +| test.cpp:31:16:31:16 | q | test.cpp:32:16:32:16 | q | +| test.cpp:31:16:31:16 | q | test.cpp:33:16:33:16 | q | +| test.cpp:31:16:31:16 | q | test.cpp:33:16:33:16 | q | +| test.cpp:31:16:31:16 | q | test.cpp:34:16:34:16 | q | +| test.cpp:31:16:31:16 | q | test.cpp:34:16:34:16 | q | +| test.cpp:31:16:31:16 | q | test.cpp:35:16:35:16 | q | +| test.cpp:31:16:31:16 | q | test.cpp:35:16:35:16 | q | +| test.cpp:31:16:31:16 | q | test.cpp:36:16:36:16 | q | +| test.cpp:32:16:32:16 | q | test.cpp:30:14:30:15 | Load: * ... | +| test.cpp:32:16:32:16 | q | test.cpp:30:14:30:15 | Load: * ... | | test.cpp:32:16:32:16 | q | test.cpp:32:14:32:21 | Load: * ... | +| test.cpp:32:16:32:16 | q | test.cpp:32:14:32:21 | Load: * ... | +| test.cpp:32:16:32:16 | q | test.cpp:33:16:33:16 | q | +| test.cpp:32:16:32:16 | q | test.cpp:33:16:33:16 | q | +| test.cpp:32:16:32:16 | q | test.cpp:34:16:34:16 | q | +| test.cpp:32:16:32:16 | q | test.cpp:34:16:34:16 | q | +| test.cpp:32:16:32:16 | q | test.cpp:35:16:35:16 | q | +| test.cpp:32:16:32:16 | q | test.cpp:35:16:35:16 | q | +| test.cpp:32:16:32:16 | q | test.cpp:36:16:36:16 | q | | test.cpp:32:16:32:20 | ... + ... | test.cpp:32:14:32:21 | Load: * ... | +| test.cpp:33:16:33:16 | q | test.cpp:30:14:30:15 | Load: * ... | +| test.cpp:33:16:33:16 | q | test.cpp:30:14:30:15 | Load: * ... | +| test.cpp:33:16:33:16 | q | test.cpp:32:14:32:21 | Load: * ... | +| test.cpp:33:16:33:16 | q | test.cpp:32:14:32:21 | Load: * ... | +| test.cpp:33:16:33:16 | q | test.cpp:34:16:34:16 | q | +| test.cpp:33:16:33:16 | q | test.cpp:34:16:34:16 | q | +| test.cpp:33:16:33:16 | q | test.cpp:35:16:35:16 | q | +| test.cpp:33:16:33:16 | q | test.cpp:35:16:35:16 | q | +| test.cpp:33:16:33:16 | q | test.cpp:36:16:36:16 | q | +| test.cpp:34:16:34:16 | q | test.cpp:30:14:30:15 | Load: * ... | +| test.cpp:34:16:34:16 | q | test.cpp:30:14:30:15 | Load: * ... | +| test.cpp:34:16:34:16 | q | test.cpp:32:14:32:21 | Load: * ... | +| test.cpp:34:16:34:16 | q | test.cpp:32:14:32:21 | Load: * ... | +| test.cpp:34:16:34:16 | q | test.cpp:35:16:35:16 | q | +| test.cpp:34:16:34:16 | q | test.cpp:35:16:35:16 | q | +| test.cpp:34:16:34:16 | q | test.cpp:36:16:36:16 | q | +| test.cpp:35:16:35:16 | q | test.cpp:30:14:30:15 | Load: * ... | +| test.cpp:35:16:35:16 | q | test.cpp:30:14:30:15 | Load: * ... | +| test.cpp:35:16:35:16 | q | test.cpp:32:14:32:21 | Load: * ... | +| test.cpp:35:16:35:16 | q | test.cpp:32:14:32:21 | Load: * ... | +| test.cpp:35:16:35:16 | q | test.cpp:36:16:36:16 | q | +| test.cpp:36:16:36:16 | q | test.cpp:30:14:30:15 | Load: * ... | +| test.cpp:36:16:36:16 | q | test.cpp:32:14:32:21 | Load: * ... | | test.cpp:40:15:40:20 | call to malloc | test.cpp:41:15:41:15 | p | | test.cpp:41:15:41:15 | p | test.cpp:41:15:41:28 | ... + ... | | test.cpp:41:15:41:15 | p | test.cpp:41:15:41:28 | ... + ... | @@ -100,7 +250,15 @@ edges | test.cpp:41:15:41:15 | p | test.cpp:43:16:43:16 | q | | test.cpp:41:15:41:15 | p | test.cpp:43:16:43:16 | q | | test.cpp:41:15:41:15 | p | test.cpp:44:16:44:16 | q | +| test.cpp:41:15:41:15 | p | test.cpp:44:16:44:16 | q | | test.cpp:41:15:41:15 | p | test.cpp:44:16:44:20 | ... + ... | +| test.cpp:41:15:41:15 | p | test.cpp:45:16:45:16 | q | +| test.cpp:41:15:41:15 | p | test.cpp:45:16:45:16 | q | +| test.cpp:41:15:41:15 | p | test.cpp:46:16:46:16 | q | +| test.cpp:41:15:41:15 | p | test.cpp:46:16:46:16 | q | +| test.cpp:41:15:41:15 | p | test.cpp:47:16:47:16 | q | +| test.cpp:41:15:41:15 | p | test.cpp:47:16:47:16 | q | +| test.cpp:41:15:41:15 | p | test.cpp:48:16:48:16 | q | | test.cpp:41:15:41:28 | ... + ... | test.cpp:41:15:41:28 | ... + ... | | test.cpp:41:15:41:28 | ... + ... | test.cpp:41:15:41:28 | ... + ... | | test.cpp:41:15:41:28 | ... + ... | test.cpp:42:14:42:15 | Load: * ... | @@ -121,6 +279,22 @@ edges | test.cpp:41:15:41:28 | ... + ... | test.cpp:44:14:44:21 | Load: * ... | | test.cpp:41:15:41:28 | ... + ... | test.cpp:44:16:44:16 | q | | test.cpp:41:15:41:28 | ... + ... | test.cpp:44:16:44:16 | q | +| test.cpp:41:15:41:28 | ... + ... | test.cpp:44:16:44:16 | q | +| test.cpp:41:15:41:28 | ... + ... | test.cpp:44:16:44:16 | q | +| test.cpp:41:15:41:28 | ... + ... | test.cpp:45:16:45:16 | q | +| test.cpp:41:15:41:28 | ... + ... | test.cpp:45:16:45:16 | q | +| test.cpp:41:15:41:28 | ... + ... | test.cpp:45:16:45:16 | q | +| test.cpp:41:15:41:28 | ... + ... | test.cpp:45:16:45:16 | q | +| test.cpp:41:15:41:28 | ... + ... | test.cpp:46:16:46:16 | q | +| test.cpp:41:15:41:28 | ... + ... | test.cpp:46:16:46:16 | q | +| test.cpp:41:15:41:28 | ... + ... | test.cpp:46:16:46:16 | q | +| test.cpp:41:15:41:28 | ... + ... | test.cpp:46:16:46:16 | q | +| test.cpp:41:15:41:28 | ... + ... | test.cpp:47:16:47:16 | q | +| test.cpp:41:15:41:28 | ... + ... | test.cpp:47:16:47:16 | q | +| test.cpp:41:15:41:28 | ... + ... | test.cpp:47:16:47:16 | q | +| test.cpp:41:15:41:28 | ... + ... | test.cpp:47:16:47:16 | q | +| test.cpp:41:15:41:28 | ... + ... | test.cpp:48:16:48:16 | q | +| test.cpp:41:15:41:28 | ... + ... | test.cpp:48:16:48:16 | q | | test.cpp:42:15:42:15 | q | test.cpp:42:14:42:15 | Load: * ... | | test.cpp:42:15:42:15 | q | test.cpp:42:14:42:15 | Load: * ... | | test.cpp:42:15:42:15 | q | test.cpp:43:16:43:16 | q | @@ -128,11 +302,62 @@ edges | test.cpp:42:15:42:15 | q | test.cpp:44:14:44:21 | Load: * ... | | test.cpp:42:15:42:15 | q | test.cpp:44:14:44:21 | Load: * ... | | test.cpp:42:15:42:15 | q | test.cpp:44:16:44:16 | q | +| test.cpp:42:15:42:15 | q | test.cpp:44:16:44:16 | q | +| test.cpp:42:15:42:15 | q | test.cpp:45:16:45:16 | q | +| test.cpp:42:15:42:15 | q | test.cpp:45:16:45:16 | q | +| test.cpp:42:15:42:15 | q | test.cpp:46:16:46:16 | q | +| test.cpp:42:15:42:15 | q | test.cpp:46:16:46:16 | q | +| test.cpp:42:15:42:15 | q | test.cpp:47:16:47:16 | q | +| test.cpp:42:15:42:15 | q | test.cpp:47:16:47:16 | q | +| test.cpp:42:15:42:15 | q | test.cpp:48:16:48:16 | q | +| test.cpp:43:16:43:16 | q | test.cpp:42:14:42:15 | Load: * ... | +| test.cpp:43:16:43:16 | q | test.cpp:42:14:42:15 | Load: * ... | | test.cpp:43:16:43:16 | q | test.cpp:44:14:44:21 | Load: * ... | | test.cpp:43:16:43:16 | q | test.cpp:44:14:44:21 | Load: * ... | | test.cpp:43:16:43:16 | q | test.cpp:44:16:44:16 | q | +| test.cpp:43:16:43:16 | q | test.cpp:44:16:44:16 | q | +| test.cpp:43:16:43:16 | q | test.cpp:45:16:45:16 | q | +| test.cpp:43:16:43:16 | q | test.cpp:45:16:45:16 | q | +| test.cpp:43:16:43:16 | q | test.cpp:46:16:46:16 | q | +| test.cpp:43:16:43:16 | q | test.cpp:46:16:46:16 | q | +| test.cpp:43:16:43:16 | q | test.cpp:47:16:47:16 | q | +| test.cpp:43:16:43:16 | q | test.cpp:47:16:47:16 | q | +| test.cpp:43:16:43:16 | q | test.cpp:48:16:48:16 | q | +| test.cpp:44:16:44:16 | q | test.cpp:42:14:42:15 | Load: * ... | +| test.cpp:44:16:44:16 | q | test.cpp:42:14:42:15 | Load: * ... | | test.cpp:44:16:44:16 | q | test.cpp:44:14:44:21 | Load: * ... | +| test.cpp:44:16:44:16 | q | test.cpp:44:14:44:21 | Load: * ... | +| test.cpp:44:16:44:16 | q | test.cpp:45:16:45:16 | q | +| test.cpp:44:16:44:16 | q | test.cpp:45:16:45:16 | q | +| test.cpp:44:16:44:16 | q | test.cpp:46:16:46:16 | q | +| test.cpp:44:16:44:16 | q | test.cpp:46:16:46:16 | q | +| test.cpp:44:16:44:16 | q | test.cpp:47:16:47:16 | q | +| test.cpp:44:16:44:16 | q | test.cpp:47:16:47:16 | q | +| test.cpp:44:16:44:16 | q | test.cpp:48:16:48:16 | q | | test.cpp:44:16:44:20 | ... + ... | test.cpp:44:14:44:21 | Load: * ... | +| test.cpp:45:16:45:16 | q | test.cpp:42:14:42:15 | Load: * ... | +| test.cpp:45:16:45:16 | q | test.cpp:42:14:42:15 | Load: * ... | +| test.cpp:45:16:45:16 | q | test.cpp:44:14:44:21 | Load: * ... | +| test.cpp:45:16:45:16 | q | test.cpp:44:14:44:21 | Load: * ... | +| test.cpp:45:16:45:16 | q | test.cpp:46:16:46:16 | q | +| test.cpp:45:16:45:16 | q | test.cpp:46:16:46:16 | q | +| test.cpp:45:16:45:16 | q | test.cpp:47:16:47:16 | q | +| test.cpp:45:16:45:16 | q | test.cpp:47:16:47:16 | q | +| test.cpp:45:16:45:16 | q | test.cpp:48:16:48:16 | q | +| test.cpp:46:16:46:16 | q | test.cpp:42:14:42:15 | Load: * ... | +| test.cpp:46:16:46:16 | q | test.cpp:42:14:42:15 | Load: * ... | +| test.cpp:46:16:46:16 | q | test.cpp:44:14:44:21 | Load: * ... | +| test.cpp:46:16:46:16 | q | test.cpp:44:14:44:21 | Load: * ... | +| test.cpp:46:16:46:16 | q | test.cpp:47:16:47:16 | q | +| test.cpp:46:16:46:16 | q | test.cpp:47:16:47:16 | q | +| test.cpp:46:16:46:16 | q | test.cpp:48:16:48:16 | q | +| test.cpp:47:16:47:16 | q | test.cpp:42:14:42:15 | Load: * ... | +| test.cpp:47:16:47:16 | q | test.cpp:42:14:42:15 | Load: * ... | +| test.cpp:47:16:47:16 | q | test.cpp:44:14:44:21 | Load: * ... | +| test.cpp:47:16:47:16 | q | test.cpp:44:14:44:21 | Load: * ... | +| test.cpp:47:16:47:16 | q | test.cpp:48:16:48:16 | q | +| test.cpp:48:16:48:16 | q | test.cpp:42:14:42:15 | Load: * ... | +| test.cpp:48:16:48:16 | q | test.cpp:44:14:44:21 | Load: * ... | | test.cpp:51:7:51:14 | mk_array indirection | test.cpp:60:19:60:26 | call to mk_array | | test.cpp:51:33:51:35 | end | test.cpp:60:34:60:37 | mk_array output argument | | test.cpp:52:19:52:24 | call to malloc | test.cpp:51:7:51:14 | mk_array indirection | @@ -146,8 +371,10 @@ edges | test.cpp:60:19:60:26 | call to mk_array | test.cpp:70:38:70:38 | p | | test.cpp:60:34:60:37 | mk_array output argument | test.cpp:62:32:62:34 | end | | test.cpp:60:34:60:37 | mk_array output argument | test.cpp:66:32:66:34 | end | +| test.cpp:60:34:60:37 | mk_array output argument | test.cpp:70:31:70:33 | end | | test.cpp:62:32:62:34 | end | test.cpp:67:9:67:14 | Store: ... = ... | | test.cpp:66:32:66:34 | end | test.cpp:67:9:67:14 | Store: ... = ... | +| test.cpp:70:31:70:33 | end | test.cpp:67:9:67:14 | Store: ... = ... | | test.cpp:80:9:80:16 | mk_array indirection [begin] | test.cpp:89:19:89:26 | call to mk_array [begin] | | test.cpp:80:9:80:16 | mk_array indirection [begin] | test.cpp:119:18:119:25 | call to mk_array [begin] | | test.cpp:80:9:80:16 | mk_array indirection [end] | test.cpp:89:19:89:26 | call to mk_array [end] | @@ -168,6 +395,7 @@ edges | test.cpp:89:19:89:26 | call to mk_array [begin] | test.cpp:99:20:99:22 | arr indirection [begin] | | test.cpp:89:19:89:26 | call to mk_array [end] | test.cpp:91:36:91:38 | arr indirection [end] | | test.cpp:89:19:89:26 | call to mk_array [end] | test.cpp:95:36:95:38 | arr indirection [end] | +| test.cpp:89:19:89:26 | call to mk_array [end] | test.cpp:99:35:99:37 | arr indirection [end] | | test.cpp:91:20:91:22 | arr indirection [begin] | test.cpp:91:24:91:28 | begin | | test.cpp:91:20:91:22 | arr indirection [begin] | test.cpp:91:24:91:28 | begin indirection | | test.cpp:91:24:91:28 | begin | test.cpp:91:47:91:47 | p | @@ -188,11 +416,16 @@ edges | test.cpp:99:20:99:22 | arr indirection [begin] | test.cpp:99:24:99:28 | begin indirection | | test.cpp:99:24:99:28 | begin | test.cpp:99:46:99:46 | p | | test.cpp:99:24:99:28 | begin indirection | test.cpp:99:46:99:46 | p | +| test.cpp:99:35:99:37 | arr indirection [end] | test.cpp:99:39:99:41 | end | +| test.cpp:99:35:99:37 | arr indirection [end] | test.cpp:99:39:99:41 | end indirection | +| test.cpp:99:39:99:41 | end | test.cpp:96:9:96:14 | Store: ... = ... | +| test.cpp:99:39:99:41 | end indirection | test.cpp:99:39:99:41 | end | | test.cpp:104:27:104:29 | arr [begin] | test.cpp:105:20:105:22 | arr indirection [begin] | | test.cpp:104:27:104:29 | arr [begin] | test.cpp:109:20:109:22 | arr indirection [begin] | | test.cpp:104:27:104:29 | arr [begin] | test.cpp:113:20:113:22 | arr indirection [begin] | | test.cpp:104:27:104:29 | arr [end] | test.cpp:105:36:105:38 | arr indirection [end] | | test.cpp:104:27:104:29 | arr [end] | test.cpp:109:36:109:38 | arr indirection [end] | +| test.cpp:104:27:104:29 | arr [end] | test.cpp:113:35:113:37 | arr indirection [end] | | test.cpp:105:20:105:22 | arr indirection [begin] | test.cpp:105:24:105:28 | begin | | test.cpp:105:20:105:22 | arr indirection [begin] | test.cpp:105:24:105:28 | begin indirection | | test.cpp:105:24:105:28 | begin | test.cpp:105:47:105:47 | p | @@ -213,6 +446,10 @@ edges | test.cpp:113:20:113:22 | arr indirection [begin] | test.cpp:113:24:113:28 | begin indirection | | test.cpp:113:24:113:28 | begin | test.cpp:113:46:113:46 | p | | test.cpp:113:24:113:28 | begin indirection | test.cpp:113:46:113:46 | p | +| test.cpp:113:35:113:37 | arr indirection [end] | test.cpp:113:39:113:41 | end | +| test.cpp:113:35:113:37 | arr indirection [end] | test.cpp:113:39:113:41 | end indirection | +| test.cpp:113:39:113:41 | end | test.cpp:110:9:110:14 | Store: ... = ... | +| test.cpp:113:39:113:41 | end indirection | test.cpp:113:39:113:41 | end | | test.cpp:119:18:119:25 | call to mk_array [begin] | test.cpp:104:27:104:29 | arr [begin] | | test.cpp:119:18:119:25 | call to mk_array [end] | test.cpp:104:27:104:29 | arr [end] | | test.cpp:124:15:124:20 | call to malloc | test.cpp:125:5:125:17 | ... = ... | @@ -267,6 +504,7 @@ edges | test.cpp:165:29:165:31 | arr indirection [begin] | test.cpp:174:20:174:22 | arr indirection [begin] | | test.cpp:165:29:165:31 | arr indirection [end] | test.cpp:166:37:166:39 | arr indirection [end] | | test.cpp:165:29:165:31 | arr indirection [end] | test.cpp:170:37:170:39 | arr indirection [end] | +| test.cpp:165:29:165:31 | arr indirection [end] | test.cpp:174:36:174:38 | arr indirection [end] | | test.cpp:166:20:166:22 | arr indirection [begin] | test.cpp:166:25:166:29 | begin | | test.cpp:166:20:166:22 | arr indirection [begin] | test.cpp:166:25:166:29 | begin indirection | | test.cpp:166:25:166:29 | begin | test.cpp:166:49:166:49 | p | @@ -287,6 +525,10 @@ edges | test.cpp:174:20:174:22 | arr indirection [begin] | test.cpp:174:25:174:29 | begin indirection | | test.cpp:174:25:174:29 | begin | test.cpp:174:48:174:48 | p | | test.cpp:174:25:174:29 | begin indirection | test.cpp:174:48:174:48 | p | +| test.cpp:174:36:174:38 | arr indirection [end] | test.cpp:174:41:174:43 | end | +| test.cpp:174:36:174:38 | arr indirection [end] | test.cpp:174:41:174:43 | end indirection | +| test.cpp:174:41:174:43 | end | test.cpp:171:9:171:14 | Store: ... = ... | +| test.cpp:174:41:174:43 | end indirection | test.cpp:174:41:174:43 | end | | test.cpp:180:19:180:28 | call to mk_array_p indirection [begin] | test.cpp:165:29:165:31 | arr indirection [begin] | | test.cpp:180:19:180:28 | call to mk_array_p indirection [end] | test.cpp:165:29:165:31 | arr indirection [end] | | test.cpp:188:15:188:20 | call to malloc | test.cpp:189:15:189:15 | p | @@ -413,6 +655,14 @@ edges | test.cpp:308:5:308:11 | access to array | test.cpp:308:5:308:29 | Store: ... = ... | | test.cpp:313:14:313:27 | new[] | test.cpp:314:15:314:16 | xs | | test.cpp:325:14:325:27 | new[] | test.cpp:326:15:326:16 | xs | +| test.cpp:326:15:326:16 | xs | test.cpp:326:15:326:23 | ... + ... | +| test.cpp:326:15:326:16 | xs | test.cpp:326:15:326:23 | ... + ... | +| test.cpp:326:15:326:16 | xs | test.cpp:338:8:338:15 | * ... | +| test.cpp:326:15:326:16 | xs | test.cpp:341:8:341:17 | * ... | +| test.cpp:326:15:326:23 | ... + ... | test.cpp:342:8:342:17 | * ... | +| test.cpp:326:15:326:23 | ... + ... | test.cpp:342:8:342:17 | * ... | +| test.cpp:338:8:338:15 | * ... | test.cpp:342:8:342:17 | * ... | +| test.cpp:341:8:341:17 | * ... | test.cpp:342:8:342:17 | * ... | | test.cpp:347:14:347:27 | new[] | test.cpp:348:15:348:16 | xs | | test.cpp:348:15:348:16 | xs | test.cpp:350:16:350:19 | ... ++ | | test.cpp:348:15:348:16 | xs | test.cpp:350:16:350:19 | ... ++ | @@ -468,6 +718,7 @@ edges | test.cpp:358:15:358:26 | end_plus_one | test.cpp:359:14:359:32 | Load: * ... | | test.cpp:358:15:358:26 | end_plus_one | test.cpp:359:14:359:32 | Load: * ... | | test.cpp:358:15:358:26 | end_plus_one | test.cpp:359:16:359:27 | end_plus_one | +| test.cpp:359:16:359:27 | end_plus_one | test.cpp:358:14:358:26 | Load: * ... | | test.cpp:359:16:359:27 | end_plus_one | test.cpp:359:14:359:32 | Load: * ... | | test.cpp:359:16:359:31 | ... + ... | test.cpp:359:14:359:32 | Load: * ... | | test.cpp:363:14:363:27 | new[] | test.cpp:365:15:365:15 | p | @@ -493,7 +744,15 @@ nodes | test.cpp:7:16:7:16 | q | semmle.label | q | | test.cpp:8:14:8:21 | Load: * ... | semmle.label | Load: * ... | | test.cpp:8:16:8:16 | q | semmle.label | q | +| test.cpp:8:16:8:16 | q | semmle.label | q | | test.cpp:8:16:8:20 | ... + ... | semmle.label | ... + ... | +| test.cpp:9:16:9:16 | q | semmle.label | q | +| test.cpp:9:16:9:16 | q | semmle.label | q | +| test.cpp:10:16:10:16 | q | semmle.label | q | +| test.cpp:10:16:10:16 | q | semmle.label | q | +| test.cpp:11:16:11:16 | q | semmle.label | q | +| test.cpp:11:16:11:16 | q | semmle.label | q | +| test.cpp:12:16:12:16 | q | semmle.label | q | | test.cpp:16:15:16:20 | call to malloc | semmle.label | call to malloc | | test.cpp:17:15:17:15 | p | semmle.label | p | | test.cpp:17:15:17:22 | ... + ... | semmle.label | ... + ... | @@ -512,7 +771,15 @@ nodes | test.cpp:31:16:31:16 | q | semmle.label | q | | test.cpp:32:14:32:21 | Load: * ... | semmle.label | Load: * ... | | test.cpp:32:16:32:16 | q | semmle.label | q | +| test.cpp:32:16:32:16 | q | semmle.label | q | | test.cpp:32:16:32:20 | ... + ... | semmle.label | ... + ... | +| test.cpp:33:16:33:16 | q | semmle.label | q | +| test.cpp:33:16:33:16 | q | semmle.label | q | +| test.cpp:34:16:34:16 | q | semmle.label | q | +| test.cpp:34:16:34:16 | q | semmle.label | q | +| test.cpp:35:16:35:16 | q | semmle.label | q | +| test.cpp:35:16:35:16 | q | semmle.label | q | +| test.cpp:36:16:36:16 | q | semmle.label | q | | test.cpp:40:15:40:20 | call to malloc | semmle.label | call to malloc | | test.cpp:41:15:41:15 | p | semmle.label | p | | test.cpp:41:15:41:28 | ... + ... | semmle.label | ... + ... | @@ -526,7 +793,15 @@ nodes | test.cpp:43:16:43:16 | q | semmle.label | q | | test.cpp:44:14:44:21 | Load: * ... | semmle.label | Load: * ... | | test.cpp:44:16:44:16 | q | semmle.label | q | +| test.cpp:44:16:44:16 | q | semmle.label | q | | test.cpp:44:16:44:20 | ... + ... | semmle.label | ... + ... | +| test.cpp:45:16:45:16 | q | semmle.label | q | +| test.cpp:45:16:45:16 | q | semmle.label | q | +| test.cpp:46:16:46:16 | q | semmle.label | q | +| test.cpp:46:16:46:16 | q | semmle.label | q | +| test.cpp:47:16:47:16 | q | semmle.label | q | +| test.cpp:47:16:47:16 | q | semmle.label | q | +| test.cpp:48:16:48:16 | q | semmle.label | q | | test.cpp:51:7:51:14 | mk_array indirection | semmle.label | mk_array indirection | | test.cpp:51:33:51:35 | end | semmle.label | end | | test.cpp:52:19:52:24 | call to malloc | semmle.label | call to malloc | @@ -540,6 +815,7 @@ nodes | test.cpp:66:32:66:34 | end | semmle.label | end | | test.cpp:66:39:66:39 | p | semmle.label | p | | test.cpp:67:9:67:14 | Store: ... = ... | semmle.label | Store: ... = ... | +| test.cpp:70:31:70:33 | end | semmle.label | end | | test.cpp:70:38:70:38 | p | semmle.label | p | | test.cpp:80:9:80:16 | mk_array indirection [begin] | semmle.label | mk_array indirection [begin] | | test.cpp:80:9:80:16 | mk_array indirection [end] | semmle.label | mk_array indirection [end] | @@ -572,6 +848,9 @@ nodes | test.cpp:99:20:99:22 | arr indirection [begin] | semmle.label | arr indirection [begin] | | test.cpp:99:24:99:28 | begin | semmle.label | begin | | test.cpp:99:24:99:28 | begin indirection | semmle.label | begin indirection | +| test.cpp:99:35:99:37 | arr indirection [end] | semmle.label | arr indirection [end] | +| test.cpp:99:39:99:41 | end | semmle.label | end | +| test.cpp:99:39:99:41 | end indirection | semmle.label | end indirection | | test.cpp:99:46:99:46 | p | semmle.label | p | | test.cpp:104:27:104:29 | arr [begin] | semmle.label | arr [begin] | | test.cpp:104:27:104:29 | arr [end] | semmle.label | arr [end] | @@ -593,6 +872,9 @@ nodes | test.cpp:113:20:113:22 | arr indirection [begin] | semmle.label | arr indirection [begin] | | test.cpp:113:24:113:28 | begin | semmle.label | begin | | test.cpp:113:24:113:28 | begin indirection | semmle.label | begin indirection | +| test.cpp:113:35:113:37 | arr indirection [end] | semmle.label | arr indirection [end] | +| test.cpp:113:39:113:41 | end | semmle.label | end | +| test.cpp:113:39:113:41 | end indirection | semmle.label | end indirection | | test.cpp:113:46:113:46 | p | semmle.label | p | | test.cpp:119:18:119:25 | call to mk_array [begin] | semmle.label | call to mk_array [begin] | | test.cpp:119:18:119:25 | call to mk_array [end] | semmle.label | call to mk_array [end] | @@ -658,6 +940,9 @@ nodes | test.cpp:174:20:174:22 | arr indirection [begin] | semmle.label | arr indirection [begin] | | test.cpp:174:25:174:29 | begin | semmle.label | begin | | test.cpp:174:25:174:29 | begin indirection | semmle.label | begin indirection | +| test.cpp:174:36:174:38 | arr indirection [end] | semmle.label | arr indirection [end] | +| test.cpp:174:41:174:43 | end | semmle.label | end | +| test.cpp:174:41:174:43 | end indirection | semmle.label | end indirection | | test.cpp:174:48:174:48 | p | semmle.label | p | | test.cpp:180:19:180:28 | call to mk_array_p indirection [begin] | semmle.label | call to mk_array_p indirection [begin] | | test.cpp:180:19:180:28 | call to mk_array_p indirection [end] | semmle.label | call to mk_array_p indirection [end] | @@ -742,6 +1027,11 @@ nodes | test.cpp:314:15:314:16 | xs | semmle.label | xs | | test.cpp:325:14:325:27 | new[] | semmle.label | new[] | | test.cpp:326:15:326:16 | xs | semmle.label | xs | +| test.cpp:326:15:326:23 | ... + ... | semmle.label | ... + ... | +| test.cpp:326:15:326:23 | ... + ... | semmle.label | ... + ... | +| test.cpp:338:8:338:15 | * ... | semmle.label | * ... | +| test.cpp:341:8:341:17 | * ... | semmle.label | * ... | +| test.cpp:342:8:342:17 | * ... | semmle.label | * ... | | test.cpp:347:14:347:27 | new[] | semmle.label | new[] | | test.cpp:348:15:348:16 | xs | semmle.label | xs | | test.cpp:350:15:350:19 | Load: * ... | semmle.label | Load: * ... | From 90f0209095943c7d1c9b1887a682cab03a8b5d95 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Mon, 5 Jun 2023 14:53:01 +0200 Subject: [PATCH 831/870] C++: Add `cpp/invalid-pointer-deref` test case with almost duplicated results --- .../InvalidPointerDeref.expected | 36 +++++++++++++++++++ .../CWE/CWE-193/pointer-deref/test.cpp | 11 ++++++ 2 files changed, 47 insertions(+) diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected index 09c75e7369c..f13d7fbf86a 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected @@ -732,6 +732,29 @@ edges | test.cpp:368:5:368:10 | ... += ... | test.cpp:372:16:372:16 | p | | test.cpp:371:7:371:7 | p | test.cpp:372:15:372:16 | Load: * ... | | test.cpp:372:16:372:16 | p | test.cpp:372:15:372:16 | Load: * ... | +| test.cpp:377:14:377:27 | new[] | test.cpp:378:15:378:16 | xs | +| test.cpp:378:15:378:16 | xs | test.cpp:378:15:378:23 | ... + ... | +| test.cpp:378:15:378:16 | xs | test.cpp:378:15:378:23 | ... + ... | +| test.cpp:378:15:378:16 | xs | test.cpp:378:15:378:23 | ... + ... | +| test.cpp:378:15:378:16 | xs | test.cpp:378:15:378:23 | ... + ... | +| test.cpp:378:15:378:16 | xs | test.cpp:381:5:381:7 | end | +| test.cpp:378:15:378:16 | xs | test.cpp:381:5:381:9 | ... ++ | +| test.cpp:378:15:378:16 | xs | test.cpp:381:5:381:9 | ... ++ | +| test.cpp:378:15:378:16 | xs | test.cpp:384:14:384:16 | end | +| test.cpp:378:15:378:23 | ... + ... | test.cpp:378:15:378:23 | ... + ... | +| test.cpp:378:15:378:23 | ... + ... | test.cpp:378:15:378:23 | ... + ... | +| test.cpp:378:15:378:23 | ... + ... | test.cpp:381:5:381:7 | end | +| test.cpp:378:15:378:23 | ... + ... | test.cpp:381:5:381:7 | end | +| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | Load: * ... | +| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | Load: * ... | +| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | Load: * ... | +| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | Load: * ... | +| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:14:384:16 | end | +| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:14:384:16 | end | +| test.cpp:381:5:381:7 | end | test.cpp:384:13:384:16 | Load: * ... | +| test.cpp:381:5:381:9 | ... ++ | test.cpp:384:14:384:16 | end | +| test.cpp:381:5:381:9 | ... ++ | test.cpp:384:14:384:16 | end | +| test.cpp:384:14:384:16 | end | test.cpp:384:13:384:16 | Load: * ... | nodes | test.cpp:4:15:4:20 | call to malloc | semmle.label | call to malloc | | test.cpp:5:15:5:15 | p | semmle.label | p | @@ -1066,6 +1089,17 @@ nodes | test.cpp:371:7:371:7 | p | semmle.label | p | | test.cpp:372:15:372:16 | Load: * ... | semmle.label | Load: * ... | | test.cpp:372:16:372:16 | p | semmle.label | p | +| test.cpp:377:14:377:27 | new[] | semmle.label | new[] | +| test.cpp:378:15:378:16 | xs | semmle.label | xs | +| test.cpp:378:15:378:23 | ... + ... | semmle.label | ... + ... | +| test.cpp:378:15:378:23 | ... + ... | semmle.label | ... + ... | +| test.cpp:378:15:378:23 | ... + ... | semmle.label | ... + ... | +| test.cpp:378:15:378:23 | ... + ... | semmle.label | ... + ... | +| test.cpp:381:5:381:7 | end | semmle.label | end | +| test.cpp:381:5:381:9 | ... ++ | semmle.label | ... ++ | +| test.cpp:381:5:381:9 | ... ++ | semmle.label | ... ++ | +| test.cpp:384:13:384:16 | Load: * ... | semmle.label | Load: * ... | +| test.cpp:384:14:384:16 | end | semmle.label | end | subpaths #select | test.cpp:6:14:6:15 | Load: * ... | test.cpp:4:15:4:20 | call to malloc | test.cpp:6:14:6:15 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:4:15:4:20 | call to malloc | call to malloc | test.cpp:5:19:5:22 | size | size | @@ -1094,3 +1128,5 @@ subpaths | test.cpp:358:14:358:26 | Load: * ... | test.cpp:355:14:355:27 | new[] | test.cpp:358:14:358:26 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:355:14:355:27 | new[] | new[] | test.cpp:356:20:356:23 | size | size | | test.cpp:359:14:359:32 | Load: * ... | test.cpp:355:14:355:27 | new[] | test.cpp:359:14:359:32 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 2. | test.cpp:355:14:355:27 | new[] | new[] | test.cpp:356:20:356:23 | size | size | | test.cpp:372:15:372:16 | Load: * ... | test.cpp:363:14:363:27 | new[] | test.cpp:372:15:372:16 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:363:14:363:27 | new[] | new[] | test.cpp:365:19:365:22 | size | size | +| test.cpp:384:13:384:16 | Load: * ... | test.cpp:377:14:377:27 | new[] | test.cpp:384:13:384:16 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:377:14:377:27 | new[] | new[] | test.cpp:378:20:378:23 | size | size | +| test.cpp:384:13:384:16 | Load: * ... | test.cpp:377:14:377:27 | new[] | test.cpp:384:13:384:16 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:377:14:377:27 | new[] | new[] | test.cpp:378:20:378:23 | size | size | diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp index 3711f272e76..3465affbc6e 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp @@ -372,3 +372,14 @@ void test26(unsigned size) { int val = *p; // GOOD [FALSE POSITIVE] } } + +void test27(unsigned size, bool b) { + char *xs = new char[size]; + char *end = xs + size; + + if (b) { + end++; + } + + int val = *end; // BAD +} From 4a27028768a8639fe2f5f3d57b9cc5513b26faf9 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Mon, 5 Jun 2023 14:55:08 +0200 Subject: [PATCH 832/870] C++: Remove `cpp/invalid-pointer-deref` results duplicating ones with smaller `k` --- .../Security/CWE/CWE-193/InvalidPointerDeref.ql | 16 ++++++++++------ .../pointer-deref/InvalidPointerDeref.expected | 1 - 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql index 610eb572d8c..20f2e934fed 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql @@ -377,15 +377,19 @@ predicate hasFlowPath( } from - MergedPathNode source, MergedPathNode sink, int k2, int k3, string kstr, - InvalidPointerToDerefFlow::PathNode source3, PointerArithmeticInstruction pai, string operation, - Expr offset, DataFlow::Node n + MergedPathNode source, MergedPathNode sink, int k, string kstr, PointerArithmeticInstruction pai, + string operation, Expr offset, DataFlow::Node n where - hasFlowPath(source, sink, source3, pai, operation, k3) and - invalidPointerToDerefSource(pai, source3.getNode(), k2) and + k = + min(int k2, int k3, InvalidPointerToDerefFlow::PathNode source3 | + hasFlowPath(source, sink, source3, pai, operation, k3) and + invalidPointerToDerefSource(pai, source3.getNode(), k2) + | + k2 + k3 + ) and offset = pai.getRight().getUnconvertedResultExpression() and n = source.asPathNode1().getNode() and - if (k2 + k3) = 0 then kstr = "" else kstr = " + " + (k2 + k3) + if k = 0 then kstr = "" else kstr = " + " + k select sink, source, sink, "This " + operation + " might be out of bounds, as the pointer might be equal to $@ + $@" + kstr + ".", n, n.toString(), offset, offset.toString() diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected index f13d7fbf86a..056e088658b 100644 --- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected +++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected @@ -1128,5 +1128,4 @@ subpaths | test.cpp:358:14:358:26 | Load: * ... | test.cpp:355:14:355:27 | new[] | test.cpp:358:14:358:26 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:355:14:355:27 | new[] | new[] | test.cpp:356:20:356:23 | size | size | | test.cpp:359:14:359:32 | Load: * ... | test.cpp:355:14:355:27 | new[] | test.cpp:359:14:359:32 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 2. | test.cpp:355:14:355:27 | new[] | new[] | test.cpp:356:20:356:23 | size | size | | test.cpp:372:15:372:16 | Load: * ... | test.cpp:363:14:363:27 | new[] | test.cpp:372:15:372:16 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:363:14:363:27 | new[] | new[] | test.cpp:365:19:365:22 | size | size | -| test.cpp:384:13:384:16 | Load: * ... | test.cpp:377:14:377:27 | new[] | test.cpp:384:13:384:16 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:377:14:377:27 | new[] | new[] | test.cpp:378:20:378:23 | size | size | | test.cpp:384:13:384:16 | Load: * ... | test.cpp:377:14:377:27 | new[] | test.cpp:384:13:384:16 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:377:14:377:27 | new[] | new[] | test.cpp:378:20:378:23 | size | size | From 86df424fca6400a16a4c0a4d8979a9f828e76ac4 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema <jketema@github.com> Date: Mon, 5 Jun 2023 15:10:54 +0200 Subject: [PATCH 833/870] C++: Fix query formatting --- .../experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql index 20f2e934fed..18c9c0f2185 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql @@ -385,7 +385,7 @@ where hasFlowPath(source, sink, source3, pai, operation, k3) and invalidPointerToDerefSource(pai, source3.getNode(), k2) | - k2 + k3 + k2 + k3 ) and offset = pai.getRight().getUnconvertedResultExpression() and n = source.asPathNode1().getNode() and From e49b278d614dc6a2e20ce2eb07966ae455b18681 Mon Sep 17 00:00:00 2001 From: Ian Lynagh <igfoo@github.com> Date: Mon, 5 Jun 2023 16:33:12 +0100 Subject: [PATCH 834/870] Java/Kotlin: Add a changenote for the lines-of-code changes. --- java/ql/src/change-notes/2023-06-05-lines-of-code.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 java/ql/src/change-notes/2023-06-05-lines-of-code.md diff --git a/java/ql/src/change-notes/2023-06-05-lines-of-code.md b/java/ql/src/change-notes/2023-06-05-lines-of-code.md new file mode 100644 index 00000000000..a96c891e506 --- /dev/null +++ b/java/ql/src/change-notes/2023-06-05-lines-of-code.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The `java/summary/lines-of-code` query now only counts lines of Java code. The new `java/summary/lines-of-code-kotlin` counts lines of Kotlin code. From 7ad860fc98c1a19720a9cf4dd6f277da0c2de87a Mon Sep 17 00:00:00 2001 From: Taus <tausbn@github.com> Date: Mon, 5 Jun 2023 18:00:40 +0200 Subject: [PATCH 835/870] Java: Update MaD declarations after triage Co-authored-by: Stephan Brandauer <kaeluka@github.com> --- java/ql/lib/change-notes/2023-06-01-new-models.md | 7 +++++++ java/ql/lib/ext/java.lang.model.yml | 2 ++ java/ql/lib/ext/java.nio.file.model.yml | 6 ++++++ 3 files changed, 15 insertions(+) create mode 100644 java/ql/lib/change-notes/2023-06-01-new-models.md diff --git a/java/ql/lib/change-notes/2023-06-01-new-models.md b/java/ql/lib/change-notes/2023-06-01-new-models.md new file mode 100644 index 00000000000..d05b3d4d59d --- /dev/null +++ b/java/ql/lib/change-notes/2023-06-01-new-models.md @@ -0,0 +1,7 @@ +--- +category: minorAnalysis +--- +* Added models for the following packages: + + * java.lang + * java.nio.file diff --git a/java/ql/lib/ext/java.lang.model.yml b/java/ql/lib/ext/java.lang.model.yml index ed14b2495a3..a0dc4947fc6 100644 --- a/java/ql/lib/ext/java.lang.model.yml +++ b/java/ql/lib/ext/java.lang.model.yml @@ -8,6 +8,8 @@ extensions: - ["java.lang", "ClassLoader", True, "getSystemResource", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.lang", "ClassLoader", True, "getSystemResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.lang", "Module", True, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.lang", "Runtime", False, "load", "(String)", "", "Argument[0]", "command-injection", "ai-manual"] + - ["java.lang", "Runtime", False, "loadLibrary", "(String)", "", "Argument[0]", "command-injection", "ai-manual"] # These are modeled in plain CodeQL. TODO: migrate them. # - ["java.lang", "ProcessBuilder", False, "command", "(String[])", "", "Argument[0]", "command-injection", "ai-manual"] # - ["java.lang", "ProcessBuilder", False, "directory", "(File)", "", "Argument[0]", "command-injection", "ai-manual"] diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml index e4519fbc071..d14ae993388 100644 --- a/java/ql/lib/ext/java.nio.file.model.yml +++ b/java/ql/lib/ext/java.nio.file.model.yml @@ -18,6 +18,7 @@ extensions: - ["java.nio.file", "Files", False, "delete", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.nio.file", "Files", False, "deleteIfExists", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.nio.file", "Files", False, "deleteIfExists", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "Files", False, "getFileStore", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] # the FileStore class is unlikely to be used for later sanitization - ["java.nio.file", "Files", False, "lines", "(Path,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.nio.file", "Files", False, "lines", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.nio.file", "Files", False, "move", "", "", "Argument[1]", "path-injection", "manual"] @@ -26,6 +27,7 @@ extensions: - ["java.nio.file", "Files", False, "newBufferedWriter", "", "", "Argument[0]", "path-injection", "manual"] - ["java.nio.file", "Files", False, "newInputStream", "(Path,OpenOption[])", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.nio.file", "Files", False, "newOutputStream", "", "", "Argument[0]", "path-injection", "manual"] + - ["java.nio.file", "Files", False, "probeContentType", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] # accesses the file based on user input, but only reads its content type from it - ["java.nio.file", "Files", False, "readAllBytes", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.nio.file", "Files", False, "readAllLines", "(Path,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.nio.file", "Files", False, "readAllLines", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] @@ -46,6 +48,10 @@ extensions: pack: codeql/java-all extensible: summaryModel data: + - ["java.nio.file", "Files", False, "find", "(Path,int,BiPredicate,FileVisitOption[])", "", "Argument[0]", "ReturnValue.Element", "taint", "ai-manual"] + - ["java.nio.file", "Files", False, "find", "(Path,int,BiPredicate,FileVisitOption[])", "", "Argument[2]", "ReturnValue.Element", "taint", "ai-manual"] + - ["java.nio.file", "Files", False, "list", "(Path)", "", "Argument[0]", "ReturnValue.Element", "taint", "ai-manual"] + - ["java.nio.file", "Files", False, "readSymbolicLink", "(Path)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"] # this can be used to enumerate a file system - ["java.nio.file", "Files", True, "newBufferedReader", "(Path,Charset)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"] - ["java.nio.file", "Files", True, "newBufferedReader", "(Path)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"] - ["java.nio.file", "Files", True, "newByteChannel", "(Path,OpenOption[])", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"] From 3cb2ec4e8710bdf159ddc5045c518f0a93934587 Mon Sep 17 00:00:00 2001 From: erik-krogh <erik-krogh@github.com> Date: Mon, 5 Jun 2023 19:06:07 +0200 Subject: [PATCH 836/870] fix nits from doc review --- javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp b/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp index 9ee5158bf99..9fb1f9a39ed 100644 --- a/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp +++ b/javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp @@ -38,7 +38,7 @@ an HTTP request handler in a web application, whose parameter </p> <p> -The handler constructs constructs an SQL query string from user input +The handler constructs an SQL query string from user input and executes it as a database query using the <code>pg</code> library. The user input may contain quote characters, so this code is vulnerable to a SQL injection attack. @@ -65,7 +65,7 @@ escape the user input before embedding it into the query string: <example> <p> -In the following example an express handler attempts to delete +In the following example, an express handler attempts to delete a single document from a MongoDB collection. The document to be deleted is identified by its <code>_id</code> field, which is constructed from user input. The user input may contain a query @@ -75,7 +75,7 @@ object, so this code is vulnerable to a NoSQL injection attack. <sample src="examples/NoSqlInjection.js" /> <p> -To fix this vulnerability we can use the <code>$eq</code> operator +To fix this vulnerability, we can use the <code>$eq</code> operator to ensure that the user input is interpreted as a literal value and not as a query object: </p> From d38bca1e8ced5cc0ea684fde4da1ed5291290e85 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Jun 2023 04:02:46 +0000 Subject: [PATCH 837/870] Bump regex from 1.8.3 to 1.8.4 in /ql Bumps [regex](https://github.com/rust-lang/regex) from 1.8.3 to 1.8.4. - [Release notes](https://github.com/rust-lang/regex/releases) - [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-lang/regex/compare/1.8.3...1.8.4) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> --- ql/Cargo.lock | Bin 31667 -> 31667 bytes ql/buramu/Cargo.toml | 2 +- ql/extractor/Cargo.toml | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ql/Cargo.lock b/ql/Cargo.lock index de833d37b96bcb4b4ef42188f3f137daa116c0b8..7f62aa9e6773c4f8b6956a331bab55ccd562caf7 100644 GIT binary patch delta 87 zcmV~$!3}^Q3;@8mfKRtDDHIC+O!)fH5h$e#v4{yy;xat-u8*mY>7G-2k8>Buj3tvN p@0m??Ms1EI79p~goid=W6bfpHl8ulN)fzW}fB@RAb?Hy~!VfKL9Si^f delta 88 zcmV~$%ME}a3;@uufJg5RU_#5M<>Y|{bc8~~3J$^|Cb%0%eQ!)Nrg@fZT;J~VfGRez qBt|G2P-8*glndCRmZ5o4mntF=S7{;?1UZmItkEUguYDbF{^$qUdmCl| diff --git a/ql/buramu/Cargo.toml b/ql/buramu/Cargo.toml index 13aaddaf989..3c1c885037e 100644 --- a/ql/buramu/Cargo.toml +++ b/ql/buramu/Cargo.toml @@ -9,4 +9,4 @@ edition = "2018" lazy_static = "1.4.0" chrono = "0.4.26" rayon = "1.7.0" -regex = "1.8.3" +regex = "1.8.4" diff --git a/ql/extractor/Cargo.toml b/ql/extractor/Cargo.toml index f026145c72f..90289b0d688 100644 --- a/ql/extractor/Cargo.toml +++ b/ql/extractor/Cargo.toml @@ -16,5 +16,5 @@ clap = { version = "4.2", features = ["derive"] } tracing = "0.1" tracing-subscriber = { version = "0.3.17", features = ["env-filter"] } rayon = "1.7.0" -regex = "1.8.3" +regex = "1.8.4" codeql-extractor = { path = "../../shared/tree-sitter-extractor" } From 1ccec90c6f5d2379f51797d29e2235466894f669 Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Tue, 6 Jun 2023 09:10:18 +0200 Subject: [PATCH 838/870] Apply suggestions from code review Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com> --- java/ql/lib/change-notes/2023-05-19-path-injection-sinks-mad.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/lib/change-notes/2023-05-19-path-injection-sinks-mad.md b/java/ql/lib/change-notes/2023-05-19-path-injection-sinks-mad.md index 5f666a0de4f..ae5cd306c2b 100644 --- a/java/ql/lib/change-notes/2023-05-19-path-injection-sinks-mad.md +++ b/java/ql/lib/change-notes/2023-05-19-path-injection-sinks-mad.md @@ -1,4 +1,4 @@ --- category: minorAnalysis --- -* Path creation sinks modeled in `PathCreation.qll` have been added to the models-as-data sink kinds `create-file` and `read-file`. +* Path creation sinks modeled in `PathCreation.qll` have been added to the models-as-data sink kind `path-injection`. From 0065e6e1d6efeb95b7a94a79cad40ad4a2a761cf Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Tue, 6 Jun 2023 10:04:22 +0200 Subject: [PATCH 839/870] Apply suggestions from code review Fix incorrect models-as-data rows --- java/ql/lib/ext/java.nio.file.model.yml | 6 ++++-- java/ql/lib/ext/java.nio.model.yml | 1 - 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml index 475ddc43eef..f27f6a249a1 100644 --- a/java/ql/lib/ext/java.nio.file.model.yml +++ b/java/ql/lib/ext/java.nio.file.model.yml @@ -3,9 +3,11 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["java.nio.file", "Files", False, "copy", "", "", "Argument[0]", "path-injection", "manual"] + - ["java.nio.file", "Files", False, "copy", "(Path,OutputStream)", "", "Argument[0]", "path-injection", "manual"] + - ["java.nio.file", "Files", False, "copy", "(Path,Path,CopyOption[])", "", "Argument[0]", "path-injection", "manual"] + - ["java.nio.file", "Files", False, "copy", "(Path,Path,CopyOption[])", "", "Argument[1]", "path-injection", "manual"] - ["java.nio.file", "Files", False, "copy", "(InputStream,Path,CopyOption[])", "", "Argument[0]", "file-content-store", "manual"] - - ["java.nio.file", "Files", False, "copy", "", "", "Argument[1]", "path-injection", "manual"] + - ["java.nio.file", "Files", False, "copy", "(InputStream,Path,CopyOption[])", "", "Argument[1]", "path-injection", "manual"] - ["java.nio.file", "Files", False, "createDirectories", "", "", "Argument[0]", "path-injection", "manual"] - ["java.nio.file", "Files", False, "createDirectory", "", "", "Argument[0]", "path-injection", "manual"] - ["java.nio.file", "Files", False, "createFile", "", "", "Argument[0]", "path-injection", "manual"] diff --git a/java/ql/lib/ext/java.nio.model.yml b/java/ql/lib/ext/java.nio.model.yml index 9fbe1b253ec..1548dc2c649 100644 --- a/java/ql/lib/ext/java.nio.model.yml +++ b/java/ql/lib/ext/java.nio.model.yml @@ -6,7 +6,6 @@ extensions: - ["java.nio", "ByteBuffer", False, "array", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.nio", "ByteBuffer", False, "get", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.nio", "ByteBuffer", False, "wrap", "(byte[])", "", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["java.nio", "Paths", False, "get", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # old PathCreation - addsTo: pack: codeql/java-all From 1601846478e04f082886014baf0d7cadfc17a991 Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Tue, 6 Jun 2023 10:06:06 +0200 Subject: [PATCH 840/870] Add exclusion to the ZipSlip query to avoid FPs --- .../code/java/security/ZipSlipQuery.qll | 23 ++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll b/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll index 4fad191a3e4..68365db51c2 100644 --- a/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll @@ -4,6 +4,7 @@ import java import semmle.code.java.dataflow.TaintTracking import semmle.code.java.security.PathSanitizer private import semmle.code.java.dataflow.ExternalFlow +private import semmle.code.java.security.PathCreation /** * A method that returns the name of an archive entry. @@ -40,5 +41,25 @@ module ZipSlipFlow = TaintTracking::Global<ZipSlipConfig>; * A sink that represents a file creation, such as a file write, copy or move operation. */ private class FileCreationSink extends DataFlow::Node { - FileCreationSink() { sinkNode(this, "path-injection") } + FileCreationSink() { + sinkNode(this, "path-injection") and + not isPathCreation(this) + } +} + +/** + * Holds if `sink` is a path creation node that doesn't imply a read/write filesystem operation. + * This is to avoid creating new spurious alerts, since `PathCreation` sinks weren't + * previosuly part of this query. + */ +private predicate isPathCreation(DataFlow::Node sink) { + exists(PathCreation pc | + pc.getAnInput() = sink.asExpr() and + // exclude actual read/write operations included in `PathCreation` + not pc.(Call) + .getCallee() + .getDeclaringType() + .hasQualifiedName("java.io", + ["FileInputStream", "FileOutputStream", "FileReader", "FileWriter"]) + ) } From 72af63457518c54511882d59edaf75257a1dcdcd Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Tue, 6 Jun 2023 11:22:16 +0200 Subject: [PATCH 841/870] Kotlin: Add flow through use and with --- java/ql/lib/ext/kotlin.io.model.yml | 2 ++ java/ql/lib/ext/kotlin.model.yml | 7 +++++++ .../kotlin/library-tests/dataflow/summaries/use.kt | 11 +++++++++++ .../kotlin/library-tests/dataflow/summaries/with.kt | 9 +++++++++ 4 files changed, 29 insertions(+) create mode 100644 java/ql/lib/ext/kotlin.model.yml create mode 100644 java/ql/test/kotlin/library-tests/dataflow/summaries/use.kt create mode 100644 java/ql/test/kotlin/library-tests/dataflow/summaries/with.kt diff --git a/java/ql/lib/ext/kotlin.io.model.yml b/java/ql/lib/ext/kotlin.io.model.yml index 98de45df9d6..b748e04a292 100644 --- a/java/ql/lib/ext/kotlin.io.model.yml +++ b/java/ql/lib/ext/kotlin.io.model.yml @@ -11,6 +11,8 @@ extensions: pack: codeql/java-all extensible: summaryModel data: + - ["kotlin.io", "CloseableKt", False, "use", "", "", "Argument[0]", "Argument[1].Parameter[0]", "value", "manual"] + - ["kotlin.io", "CloseableKt", False, "use", "", "", "Argument[1].ReturnValue", "ReturnValue", "value", "manual"] - ["kotlin.io", "FilesKt", False, "normalize", "(File)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"] - ["kotlin.io", "FilesKt", False, "relativeTo", "(File,File)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"] - ["kotlin.io", "FilesKt", False, "relativeTo", "(File,File)", "", "Argument[1]", "ReturnValue", "taint", "ai-manual"] diff --git a/java/ql/lib/ext/kotlin.model.yml b/java/ql/lib/ext/kotlin.model.yml new file mode 100644 index 00000000000..ea275a78515 --- /dev/null +++ b/java/ql/lib/ext/kotlin.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + - ["kotlin", "StandardKt", False, "with", "", "", "Argument[0]", "Argument[1].Parameter[0]", "value", "manual"] + - ["kotlin", "StandardKt", False, "with", "", "", "Argument[1].ReturnValue", "ReturnValue", "value", "manual"] diff --git a/java/ql/test/kotlin/library-tests/dataflow/summaries/use.kt b/java/ql/test/kotlin/library-tests/dataflow/summaries/use.kt new file mode 100644 index 00000000000..07beffd2be2 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/dataflow/summaries/use.kt @@ -0,0 +1,11 @@ +import java.io.Closeable + +class UseFlowTest { + fun <T> taint(t: T) = t + fun sink(s: Closeable) { } + + fun test(input: Closeable) { + taint(input).use { it -> sink(it) } // $ hasValueFlow + sink(taint(input).use { it }) // $ hasValueFlow + } +} diff --git a/java/ql/test/kotlin/library-tests/dataflow/summaries/with.kt b/java/ql/test/kotlin/library-tests/dataflow/summaries/with.kt new file mode 100644 index 00000000000..d495f95c854 --- /dev/null +++ b/java/ql/test/kotlin/library-tests/dataflow/summaries/with.kt @@ -0,0 +1,9 @@ +class WithFlowTest { + fun <T> taint(t: T) = t + fun sink(s: String) { } + + fun test(input: String) { + with(taint(input)) { sink(this) } // $ hasValueFlow + sink(with(taint(input)) { this }) // $ hasValueFlow + } +} From 1d8ca88aca07662a39fc7c20b07548c4c8c26b9c Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Tue, 6 Jun 2023 11:25:07 +0200 Subject: [PATCH 842/870] Add change note --- java/ql/lib/change-notes/2023-06-06-kotlin-use-with-flow.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 java/ql/lib/change-notes/2023-06-06-kotlin-use-with-flow.md diff --git a/java/ql/lib/change-notes/2023-06-06-kotlin-use-with-flow.md b/java/ql/lib/change-notes/2023-06-06-kotlin-use-with-flow.md new file mode 100644 index 00000000000..b21f31aae5f --- /dev/null +++ b/java/ql/lib/change-notes/2023-06-06-kotlin-use-with-flow.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added flow through the block arguments of `kotlin.io.use` and `kotlin.with`. From f4fd908f7f38903368ef368996531108435ecbc6 Mon Sep 17 00:00:00 2001 From: Taus <tausbn@github.com> Date: Tue, 6 Jun 2023 13:01:59 +0200 Subject: [PATCH 843/870] Java: Comment out sinks for which no query exists --- java/ql/lib/ext/java.lang.model.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/java/ql/lib/ext/java.lang.model.yml b/java/ql/lib/ext/java.lang.model.yml index a0dc4947fc6..8625a68caa0 100644 --- a/java/ql/lib/ext/java.lang.model.yml +++ b/java/ql/lib/ext/java.lang.model.yml @@ -8,8 +8,9 @@ extensions: - ["java.lang", "ClassLoader", True, "getSystemResource", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.lang", "ClassLoader", True, "getSystemResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.lang", "Module", True, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["java.lang", "Runtime", False, "load", "(String)", "", "Argument[0]", "command-injection", "ai-manual"] - - ["java.lang", "Runtime", False, "loadLibrary", "(String)", "", "Argument[0]", "command-injection", "ai-manual"] + # These are potential vulnerabilities, but not for command-injection. No query for this kind of vulnerability currently exists. + # - ["java.lang", "Runtime", False, "load", "(String)", "", "Argument[0]", "command-injection", "ai-manual"] + # - ["java.lang", "Runtime", False, "loadLibrary", "(String)", "", "Argument[0]", "command-injection", "ai-manual"] # These are modeled in plain CodeQL. TODO: migrate them. # - ["java.lang", "ProcessBuilder", False, "command", "(String[])", "", "Argument[0]", "command-injection", "ai-manual"] # - ["java.lang", "ProcessBuilder", False, "directory", "(File)", "", "Argument[0]", "command-injection", "ai-manual"] From 75bc8756f2ec451512a000fb867766ac1de0b8c6 Mon Sep 17 00:00:00 2001 From: Tamas Vajk <tamasvajk@github.com> Date: Tue, 6 Jun 2023 14:22:56 +0200 Subject: [PATCH 844/870] C#: Change standalone extraction to allow unsafe code --- .../Semmle.Extraction.CSharp.Standalone/Extractor.cs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Extractor.cs b/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Extractor.cs index 97a25d200f7..a9f43af2bea 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Extractor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Extractor.cs @@ -33,7 +33,9 @@ namespace Semmle.Extraction.CSharp.Standalone CSharp.Extractor.Analyse(stopwatch, analyser, options, references => GetResolvedReferencesStandalone(referencePaths, references), (analyser, syntaxTrees) => CSharp.Extractor.ReadSyntaxTrees(sources, analyser, null, null, syntaxTrees), - (syntaxTrees, references) => CSharpCompilation.Create("csharp.dll", syntaxTrees, references), + (syntaxTrees, references) => CSharpCompilation.Create( + "csharp.dll", syntaxTrees, references, new CSharpCompilationOptions(OutputKind.ConsoleApplication, allowUnsafe: true) + ), (compilation, options) => analyser.Initialize(compilation, options), () => { }, _ => { }, From a4dec591c713e5e92e36e564910c1ea5b4e4c3bd Mon Sep 17 00:00:00 2001 From: Tamas Vajk <tamasvajk@github.com> Date: Tue, 6 Jun 2023 15:01:54 +0200 Subject: [PATCH 845/870] C#: Improve error message for missing explicit interface implementation --- .../extractor/Semmle.Extraction.CSharp/Entities/Method.cs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Method.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Method.cs index 22bf9f69670..8b64df0443e 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Method.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Method.cs @@ -243,7 +243,12 @@ namespace Semmle.Extraction.CSharp.Entities if (methodKind == MethodKind.ExplicitInterfaceImplementation) { // Retrieve the original method kind - methodKind = methodDecl.ExplicitInterfaceImplementations.Select(m => m.MethodKind).FirstOrDefault(); + if (methodDecl.ExplicitInterfaceImplementations.IsEmpty) + { + throw new InternalError(methodDecl, $"Couldn't get the original method kind for explicit interface implementation"); + } + + methodKind = methodDecl.ExplicitInterfaceImplementations.Select(m => m.MethodKind).First(); } switch (methodKind) From ca63122ce46a057fc68d016622bde177c668f271 Mon Sep 17 00:00:00 2001 From: Ian Lynagh <igfoo@github.com> Date: Tue, 6 Jun 2023 14:09:55 +0100 Subject: [PATCH 846/870] Kotlin: Relax version requirements If the latest version we know about is 1.9, and we are faced with 1.10, then we try 1.9 rather than failing with an exception. --- java/kotlin-extractor/kotlin_plugin_versions.py | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/java/kotlin-extractor/kotlin_plugin_versions.py b/java/kotlin-extractor/kotlin_plugin_versions.py index c5d9e433613..bf1c211073a 100755 --- a/java/kotlin-extractor/kotlin_plugin_versions.py +++ b/java/kotlin-extractor/kotlin_plugin_versions.py @@ -24,7 +24,6 @@ def version_string_to_tuple(version): # Version number used by CI. ci_version = '1.8.10' -# Version numbers in the list need to be in semantically increasing order many_versions = [ '1.4.32', '1.5.0', '1.5.10', '1.5.20', '1.5.30', '1.6.0', '1.6.20', '1.7.0', '1.7.20', '1.8.0', '1.9.0-Beta' ] many_versions_tuples = [version_string_to_tuple(v) for v in many_versions] @@ -42,18 +41,13 @@ def get_single_version(fakeVersionOutput = None): if m is None: raise Exception('Cannot detect version of kotlinc (got ' + str(versionOutput) + ')') current_version = version_string_to_tuple(m.group(1)) - matching_minor_versions = [ version for version in many_versions_tuples if version[0:2] == current_version[0:2] ] - if len(matching_minor_versions) == 0: - raise Exception(f'Cannot find a matching minor version for kotlinc version {current_version} (got {versionOutput}; know about {str(many_versions)})') - matching_minor_versions.sort(reverse = True) + many_versions_tuples.sort(reverse = True) - for version in matching_minor_versions: + for version in many_versions_tuples: if version[0:3] <= current_version[0:3]: return version_tuple_to_string(version) - return version_tuple_to_string(matching_minor_versions[-1]) - raise Exception(f'No suitable kotlinc version found for {current_version} (got {versionOutput}; know about {str(many_versions)})') def get_latest_url(): From 2529312d1d0533c1630e0d4f2650856a26f87db8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nora=20Dimitrijevi=C4=87?= <d10c@users.noreply.github.com> Date: Tue, 6 Jun 2023 15:58:19 +0200 Subject: [PATCH 847/870] Codegen: fix test.qlgen failure --- misc/codegen/test/test_qlgen.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misc/codegen/test/test_qlgen.py b/misc/codegen/test/test_qlgen.py index 1e68e43c7dc..12d5d28bca6 100644 --- a/misc/codegen/test/test_qlgen.py +++ b/misc/codegen/test/test_qlgen.py @@ -885,7 +885,7 @@ def test_synth_property(generate_classes): schema.Class("MyObject", properties=[ schema.SingleProperty("foo", "bar", synth=True)]), ]) == { - "MyObject.qll": (a_ql_stub(name="MyObject", base_import=gen_import_prefix + "MyObject"), + "MyObject.qll": (a_ql_stub(name="MyObject"), a_ql_class(name="MyObject", final=True, properties=[ ql.Property(singular="Foo", type="bar", tablename="my_objects", synth=True, From e8f56f29817bfa96bcbfeacb02845d1818f27d7c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tam=C3=A1s=20Vajk?= <tamasvajk@github.com> Date: Tue, 6 Jun 2023 16:20:48 +0200 Subject: [PATCH 848/870] Update csharp/extractor/Semmle.Extraction.CSharp/Entities/Method.cs Co-authored-by: Michael B. Gale <mbg@github.com> --- csharp/extractor/Semmle.Extraction.CSharp/Entities/Method.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Method.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Method.cs index 8b64df0443e..bae6a2b55ec 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Method.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Method.cs @@ -245,7 +245,7 @@ namespace Semmle.Extraction.CSharp.Entities // Retrieve the original method kind if (methodDecl.ExplicitInterfaceImplementations.IsEmpty) { - throw new InternalError(methodDecl, $"Couldn't get the original method kind for explicit interface implementation"); + throw new InternalError(methodDecl, $"Couldn't get the original method kind for an explicit interface implementation"); } methodKind = methodDecl.ExplicitInterfaceImplementations.Select(m => m.MethodKind).First(); From 75cbcdd72e8bad639f96447ff2b49cbc134bbf78 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer <kaeluka@github.com> Date: Tue, 6 Jun 2023 16:38:31 +0200 Subject: [PATCH 849/870] Update MaD Declarations after Triage --- java/ql/lib/change-notes/2023-06-06-new-models.md | 15 +++++++++++++++ java/ql/lib/ext/com.alibaba.druid.sql.model.yml | 6 ++++++ .../ext/com.fasterxml.jackson.databind.model.yml | 6 ++++++ java/ql/lib/ext/com.jcraft.jsch.model.yml | 11 +++++++++++ java/ql/lib/ext/io.netty.handler.ssl.model.yml | 2 ++ java/ql/lib/ext/okhttp3.model.yml | 1 + java/ql/lib/ext/org.antlr.runtime.model.yml | 6 ++++++ .../lib/ext/org.fusesource.leveldbjni.model.yml | 6 ++++++ java/ql/lib/ext/org.influxdb.model.yml | 6 ++++++ .../lib/ext/org.springframework.core.io.model.yml | 6 ++++++ java/ql/lib/ext/org.yaml.snakeyaml.model.yml | 6 ++++++ 11 files changed, 71 insertions(+) create mode 100644 java/ql/lib/change-notes/2023-06-06-new-models.md create mode 100644 java/ql/lib/ext/com.alibaba.druid.sql.model.yml create mode 100644 java/ql/lib/ext/com.jcraft.jsch.model.yml create mode 100644 java/ql/lib/ext/org.antlr.runtime.model.yml create mode 100644 java/ql/lib/ext/org.fusesource.leveldbjni.model.yml create mode 100644 java/ql/lib/ext/org.influxdb.model.yml create mode 100644 java/ql/lib/ext/org.springframework.core.io.model.yml create mode 100644 java/ql/lib/ext/org.yaml.snakeyaml.model.yml diff --git a/java/ql/lib/change-notes/2023-06-06-new-models.md b/java/ql/lib/change-notes/2023-06-06-new-models.md new file mode 100644 index 00000000000..cbb80968749 --- /dev/null +++ b/java/ql/lib/change-notes/2023-06-06-new-models.md @@ -0,0 +1,15 @@ +--- +category: minorAnalysis +--- +* Added models for the following packages: + + * com.alibaba.druid.sql + * com.fasterxml.jackson.databind + * com.jcraft.jsch + * io.netty.handler.ssl + * okhttp3 + * org.antlr.runtime + * org.fusesource.leveldbjni + * org.influxdb + * org.springframework.core.io + * org.yaml.snakeyaml diff --git a/java/ql/lib/ext/com.alibaba.druid.sql.model.yml b/java/ql/lib/ext/com.alibaba.druid.sql.model.yml new file mode 100644 index 00000000000..952cd6e8f1b --- /dev/null +++ b/java/ql/lib/ext/com.alibaba.druid.sql.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + - ["com.alibaba.druid.sql", "SQLUtils", False, "toMySqlString", "(SQLObject)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"] diff --git a/java/ql/lib/ext/com.fasterxml.jackson.databind.model.yml b/java/ql/lib/ext/com.fasterxml.jackson.databind.model.yml index 3768007ebe7..988820e84dd 100644 --- a/java/ql/lib/ext/com.fasterxml.jackson.databind.model.yml +++ b/java/ql/lib/ext/com.fasterxml.jackson.databind.model.yml @@ -9,3 +9,9 @@ extensions: - ["com.fasterxml.jackson.databind", "ObjectMapper", True, "valueToTree", "", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"] - ["com.fasterxml.jackson.databind", "ObjectMapper", True, "valueToTree", "", "", "Argument[0].MapValue.Element", "ReturnValue", "taint", "manual"] - ["com.fasterxml.jackson.databind", "ObjectReader", False, "createParser", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["com.fasterxml.jackson.databind", "ObjectMapper", True, "readValue", "(File,Class)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["com.fasterxml.jackson.databind", "ObjectMapper", True, "writeValue", "(File,Object)", "", "Argument[0]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/com.jcraft.jsch.model.yml b/java/ql/lib/ext/com.jcraft.jsch.model.yml new file mode 100644 index 00000000000..3d658630d56 --- /dev/null +++ b/java/ql/lib/ext/com.jcraft.jsch.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["com.jcraft.jsch", "JSch", True, "getSession", "(String,String,int)", "", "Argument[1]", "request-forgery", "ai-manual"] + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + - ["com.jcraft.jsch", "ChannelSftp", True, "realpath", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"] diff --git a/java/ql/lib/ext/io.netty.handler.ssl.model.yml b/java/ql/lib/ext/io.netty.handler.ssl.model.yml index 42cf9892f81..f63a7a3906f 100644 --- a/java/ql/lib/ext/io.netty.handler.ssl.model.yml +++ b/java/ql/lib/ext/io.netty.handler.ssl.model.yml @@ -5,3 +5,5 @@ extensions: data: - ["io.netty.handler.ssl", "OpenSslServerContext", False, "OpenSslServerContext", "(File,File)", "", "Argument[0]", "path-injection", "ai-manual"] - ["io.netty.handler.ssl", "SslContextBuilder", False, "forServer", "(File,File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["io.netty.handler.ssl", "SslContextBuilder", False, "trustManager", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["io.netty.handler.ssl", "SslContextBuilder", False, "trustManager", "(InputStream)", "", "Argument[0]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/okhttp3.model.yml b/java/ql/lib/ext/okhttp3.model.yml index 2368292dab7..b7bfe8a10f7 100644 --- a/java/ql/lib/ext/okhttp3.model.yml +++ b/java/ql/lib/ext/okhttp3.model.yml @@ -58,3 +58,4 @@ extensions: - ["okhttp3", "HttpUrl$Builder", False, "setQueryParameter", "", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["okhttp3", "HttpUrl$Builder", False, "setQueryParameter", "", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["okhttp3", "HttpUrl$Builder", False, "username", "", "", "Argument[this]", "ReturnValue", "value", "manual"] + - ["okhttp3", "Request$Builder", True, "build", "()", "", "Argument[undefined]", "ReturnValue", "taint", "ai-manual"] diff --git a/java/ql/lib/ext/org.antlr.runtime.model.yml b/java/ql/lib/ext/org.antlr.runtime.model.yml new file mode 100644 index 00000000000..db66062c682 --- /dev/null +++ b/java/ql/lib/ext/org.antlr.runtime.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.antlr.runtime", "ANTLRFileStream", True, "ANTLRFileStream", "(String,String)", "", "Argument[0]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/org.fusesource.leveldbjni.model.yml b/java/ql/lib/ext/org.fusesource.leveldbjni.model.yml new file mode 100644 index 00000000000..2c3f221abd7 --- /dev/null +++ b/java/ql/lib/ext/org.fusesource.leveldbjni.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.fusesource.leveldbjni", "JniDBFactory", True, "open", "(File,Options)", "", "Argument[0]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/org.influxdb.model.yml b/java/ql/lib/ext/org.influxdb.model.yml new file mode 100644 index 00000000000..00dc8277407 --- /dev/null +++ b/java/ql/lib/ext/org.influxdb.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.influxdb", "InfluxDBFactory", False, "connect", "(String,String,String,Builder)", "", "Argument[0]", "request-forgery", "ai-manual"] diff --git a/java/ql/lib/ext/org.springframework.core.io.model.yml b/java/ql/lib/ext/org.springframework.core.io.model.yml new file mode 100644 index 00000000000..7f3f3718471 --- /dev/null +++ b/java/ql/lib/ext/org.springframework.core.io.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.springframework.core.io", "ResourceLoader", True, "getResource", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] # todo: look into whether this may also be a request forgery sink diff --git a/java/ql/lib/ext/org.yaml.snakeyaml.model.yml b/java/ql/lib/ext/org.yaml.snakeyaml.model.yml new file mode 100644 index 00000000000..e52ef0679bc --- /dev/null +++ b/java/ql/lib/ext/org.yaml.snakeyaml.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + - ["org.yaml.snakeyaml", "Yaml", True, "load", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"] From 322b254cba0ae79516c17187f4b6fd0859de6490 Mon Sep 17 00:00:00 2001 From: Tom Hvitved <hvitved@github.com> Date: Tue, 6 Jun 2023 20:46:14 +0200 Subject: [PATCH 850/870] Type tracking: Use `noopt`+`inline_late` in `TypeBackTracker::[small]step` --- .../codeql/typetracking/TypeTracking.qll | 55 ++++++++++++++----- 1 file changed, 40 insertions(+), 15 deletions(-) diff --git a/shared/typetracking/codeql/typetracking/TypeTracking.qll b/shared/typetracking/codeql/typetracking/TypeTracking.qll index 6bfc31db5f3..5ab814e0ddd 100644 --- a/shared/typetracking/codeql/typetracking/TypeTracking.qll +++ b/shared/typetracking/codeql/typetracking/TypeTracking.qll @@ -630,6 +630,42 @@ module TypeTracking<TypeTrackingInput I> { TypeTracker end() { result.end() } } + pragma[nomagic] + private predicate backStepProj(LocalSourceNode nodeTo, StepSummary summary) { + step(_, nodeTo, summary) + } + + bindingset[t, nodeTo] + pragma[inline_late] + pragma[noopt] + private TypeBackTracker backStepInlineLate( + TypeBackTracker t, LocalSourceNode nodeFrom, LocalSourceNode nodeTo + ) { + exists(StepSummary summary | + backStepProj(nodeTo, summary) and + result = prepend(t, summary) and + step(nodeFrom, nodeTo, summary) + ) + } + + pragma[nomagic] + private predicate backSmallStepProj(LocalSourceNode nodeTo, StepSummary summary) { + smallStep(_, nodeTo, summary) + } + + bindingset[t, nodeTo] + pragma[inline_late] + pragma[noopt] + private TypeBackTracker backSmallStepInlineLate( + TypeBackTracker t, LocalSourceNode nodeFrom, LocalSourceNode nodeTo + ) { + exists(StepSummary summary | + backSmallStepProj(nodeTo, summary) and + result = prepend(t, summary) and + smallStep(nodeFrom, nodeTo, summary) + ) + } + /** * A summary of the steps needed to back-track a use of a value to a given dataflow node. * @@ -665,9 +701,6 @@ module TypeTracking<TypeTrackingInput I> { TypeBackTracker() { this = MkTypeBackTracker(hasReturn, content) } - /** Gets the summary resulting from prepending `step` to this type-tracking summary. */ - private TypeBackTracker prepend(StepSummary step) { result = prepend(this, step) } - /** Gets a textual representation of this summary. */ string toString() { exists(string withReturn, string withContent | @@ -704,13 +737,9 @@ module TypeTracking<TypeTrackingInput I> { * Gets the summary that corresponds to having taken a backwards * heap and/or inter-procedural step from `nodeTo` to `nodeFrom`. */ - bindingset[nodeTo, this] + pragma[inline] TypeBackTracker step(LocalSourceNode nodeFrom, LocalSourceNode nodeTo) { - exists(StepSummary summary | - step(_, pragma[only_bind_out](nodeTo), pragma[only_bind_into](summary)) and - result = pragma[only_bind_into](pragma[only_bind_out](this)).prepend(summary) and - step(nodeFrom, pragma[only_bind_into](pragma[only_bind_out](nodeTo)), summary) - ) + result = backStepInlineLate(this, nodeFrom, nodeTo) } /** @@ -737,13 +766,9 @@ module TypeTracking<TypeTrackingInput I> { * } * ``` */ - bindingset[nodeTo, this] + pragma[inline] TypeBackTracker smallstep(Node nodeFrom, Node nodeTo) { - exists(StepSummary summary | - smallStep(_, pragma[only_bind_out](nodeTo), pragma[only_bind_into](summary)) and - result = pragma[only_bind_into](pragma[only_bind_out](this)).prepend(summary) and - smallStep(nodeFrom, pragma[only_bind_into](pragma[only_bind_out](nodeTo)), summary) - ) + result = backSmallStepInlineLate(this, nodeFrom, nodeTo) or simpleLocalSmallStep(nodeFrom, nodeTo) and result = this From a14e7fa694b5f4e9746170cbc71b365e37ff5848 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 7 Jun 2023 00:16:58 +0000 Subject: [PATCH 851/870] Add changed framework coverage reports --- java/documentation/library-coverage/coverage.csv | 4 ++-- java/documentation/library-coverage/coverage.rst | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/java/documentation/library-coverage/coverage.csv b/java/documentation/library-coverage/coverage.csv index 4e4b1ab7e1f..0e429b40b52 100644 --- a/java/documentation/library-coverage/coverage.csv +++ b/java/documentation/library-coverage/coverage.csv @@ -55,7 +55,7 @@ java.beans,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, java.io,44,,45,,22,,,,,,,,,,,,,,22,,,,,,,,,,,,,,,,,,,43,2 java.lang,18,,92,,,,,,,,,,,,,8,,,5,,,4,,,1,,,,,,,,,,,,,56,36 java.net,13,3,20,,,,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,3,20, -java.nio,38,,31,,3,,,,,,,,,,,,,,35,,,,,,,,,,,,,,,,,,,31, +java.nio,40,,35,,3,,,,,,,,,,,,,,37,,,,,,,,,,,,,,,,,,,35, java.sql,13,,3,,,,,,,,,,,,,,,,,,,,,,,,,4,,9,,,,,,,,2,1 java.util,44,,484,,,,,,,,,,,,,34,,,,,,,5,2,,1,2,,,,,,,,,,,44,440 javafx.scene.web,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,, @@ -75,7 +75,7 @@ javax.ws.rs.core,3,,149,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,2,,,,,,94,55 javax.xml.transform,2,,6,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,1,,,,6, javax.xml.xpath,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,, jodd.json,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10 -kotlin,16,,1843,,,,,,,,,,,,,,,,14,,,,,,,,,2,,,,,,,,,,1836,7 +kotlin,16,,1847,,,,,,,,,,,,,,,,14,,,,,,,,,2,,,,,,,,,,1836,11 net.sf.saxon.s9api,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,, ognl,6,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,, okhttp3,4,,47,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,22,25 diff --git a/java/documentation/library-coverage/coverage.rst b/java/documentation/library-coverage/coverage.rst index 644b4aaef6a..55b9a0a071d 100644 --- a/java/documentation/library-coverage/coverage.rst +++ b/java/documentation/library-coverage/coverage.rst @@ -18,10 +18,10 @@ Java framework & library support `Google Guava <https://guava.dev/>`_,``com.google.common.*``,,730,41,7,,,,, JBoss Logging,``org.jboss.logging``,,,324,,,,,, `JSON-java <https://github.com/stleary/JSON-java>`_,``org.json``,,236,,,,,,, - Java Standard Library,``java.*``,3,679,170,62,,9,,,17 + Java Standard Library,``java.*``,3,683,172,64,,9,,,17 Java extensions,"``javax.*``, ``jakarta.*``",63,611,34,2,4,,1,1,2 - Kotlin Standard Library,``kotlin*``,,1843,16,14,,,,,2 + Kotlin Standard Library,``kotlin*``,,1847,16,14,,,,,2 `Spring <https://spring.io/>`_,``org.springframework.*``,29,483,113,3,,28,14,,34 Others,"``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.google.gson``, ``com.hubspot.jinjava``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.thoughtworks.xstream``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jodd.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.geogebra.web.full.main``, ``org.hibernate``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",98,890,520,60,,18,18,,193 - Totals,,255,9182,1973,242,10,122,33,1,382 + Totals,,255,9190,1975,244,10,122,33,1,382 From 2f12ae2e0d5e4d54d33cd4a723509096f3627770 Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Wed, 7 Jun 2023 08:57:12 +0200 Subject: [PATCH 852/870] Update java/ql/lib/ext/okhttp3.model.yml --- java/ql/lib/ext/okhttp3.model.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/lib/ext/okhttp3.model.yml b/java/ql/lib/ext/okhttp3.model.yml index b7bfe8a10f7..a0662408708 100644 --- a/java/ql/lib/ext/okhttp3.model.yml +++ b/java/ql/lib/ext/okhttp3.model.yml @@ -58,4 +58,4 @@ extensions: - ["okhttp3", "HttpUrl$Builder", False, "setQueryParameter", "", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["okhttp3", "HttpUrl$Builder", False, "setQueryParameter", "", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["okhttp3", "HttpUrl$Builder", False, "username", "", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["okhttp3", "Request$Builder", True, "build", "()", "", "Argument[undefined]", "ReturnValue", "taint", "ai-manual"] + - ["okhttp3", "Request$Builder", True, "build", "()", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"] From 4bf124bffe6b835519748107feb03e257f45afb2 Mon Sep 17 00:00:00 2001 From: Tom Hvitved <hvitved@github.com> Date: Tue, 6 Jun 2023 15:40:04 +0200 Subject: [PATCH 853/870] Ruby/Python: Add `CallGraphConstruction` module for recursive type-tracking based call graph construction --- .../dataflow/new/internal/TypeTracker.qll | 345 ++++++++++++------ .../codeql/ruby/typetracking/TypeTracker.qll | 345 ++++++++++++------ 2 files changed, 454 insertions(+), 236 deletions(-) diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll index 4be26f6cea9..25521f5f1a5 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll @@ -224,71 +224,47 @@ private module Cached { private import Cached +private predicate step(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo, StepSummary summary) { + stepNoCall(nodeFrom, nodeTo, summary) + or + stepCall(nodeFrom, nodeTo, summary) +} + pragma[nomagic] -private predicate stepNoCallProj(TypeTrackingNode nodeFrom, StepSummary summary) { - stepNoCall(nodeFrom, _, summary) +private predicate stepProj(TypeTrackingNode nodeFrom, StepSummary summary) { + step(nodeFrom, _, summary) } bindingset[nodeFrom, t] pragma[inline_late] pragma[noopt] -private TypeTracker stepNoCallInlineLate( - TypeTracker t, TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo -) { +private TypeTracker stepInlineLate(TypeTracker t, TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo) { exists(StepSummary summary | - stepNoCallProj(nodeFrom, summary) and + stepProj(nodeFrom, summary) and result = t.append(summary) and - stepNoCall(nodeFrom, nodeTo, summary) + step(nodeFrom, nodeTo, summary) ) } +private predicate smallstep(Node nodeFrom, TypeTrackingNode nodeTo, StepSummary summary) { + smallstepNoCall(nodeFrom, nodeTo, summary) + or + smallstepCall(nodeFrom, nodeTo, summary) +} + pragma[nomagic] -private predicate stepCallProj(TypeTrackingNode nodeFrom, StepSummary summary) { - stepCall(nodeFrom, _, summary) +private predicate smallstepProj(Node nodeFrom, StepSummary summary) { + smallstep(nodeFrom, _, summary) } bindingset[nodeFrom, t] pragma[inline_late] pragma[noopt] -private TypeTracker stepCallInlineLate( - TypeTracker t, TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo -) { +private TypeTracker smallstepInlineLate(TypeTracker t, Node nodeFrom, Node nodeTo) { exists(StepSummary summary | - stepCallProj(nodeFrom, summary) and + smallstepProj(nodeFrom, summary) and result = t.append(summary) and - stepCall(nodeFrom, nodeTo, summary) - ) -} - -pragma[nomagic] -private predicate smallstepNoCallProj(Node nodeFrom, StepSummary summary) { - smallstepNoCall(nodeFrom, _, summary) -} - -bindingset[nodeFrom, t] -pragma[inline_late] -pragma[noopt] -private TypeTracker smallstepNoCallInlineLate(TypeTracker t, Node nodeFrom, Node nodeTo) { - exists(StepSummary summary | - smallstepNoCallProj(nodeFrom, summary) and - result = t.append(summary) and - smallstepNoCall(nodeFrom, nodeTo, summary) - ) -} - -pragma[nomagic] -private predicate smallstepCallProj(Node nodeFrom, StepSummary summary) { - smallstepCall(nodeFrom, _, summary) -} - -bindingset[nodeFrom, t] -pragma[inline_late] -pragma[noopt] -private TypeTracker smallstepCallInlineLate(TypeTracker t, Node nodeFrom, Node nodeTo) { - exists(StepSummary summary | - smallstepCallProj(nodeFrom, summary) and - result = t.append(summary) and - smallstepCall(nodeFrom, nodeTo, summary) + smallstep(nodeFrom, nodeTo, summary) ) } @@ -385,14 +361,7 @@ module StepSummary { /** * Gets the summary that corresponds to having taken a forwards * heap and/or inter-procedural step from `nodeFrom` to `nodeTo`. - * - * This predicate is inlined, which enables better join-orders when - * the call graph construction and type tracking are mutually recursive. - * In such cases, non-linear recursion involving `step` will be limited - * to non-linear recursion for the parts of `step` that involve the - * call graph. */ - pragma[inline] predicate step(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo, StepSummary summary) { stepNoCall(nodeFrom, nodeTo, summary) or @@ -424,7 +393,6 @@ module StepSummary { * Unlike `StepSummary::step`, this predicate does not compress * type-preserving steps. */ - pragma[inline] predicate smallstep(Node nodeFrom, TypeTrackingNode nodeTo, StepSummary summary) { smallstepNoCall(nodeFrom, nodeTo, summary) or @@ -529,66 +497,13 @@ class TypeTracker extends TTypeTracker { */ TypeTracker continue() { content = noContent() and result = this } - /** - * Gets the summary that corresponds to having taken a forwards - * intra-procedural step from `nodeFrom` to `nodeTo`. - * - * This predicate should normally not be used; consider using `step` - * instead. - */ - pragma[inline] - TypeTracker stepNoCall(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo) { - result = stepNoCallInlineLate(this, nodeFrom, nodeTo) - } - - /** - * Gets the summary that corresponds to having taken a forwards - * inter-procedural step from `nodeFrom` to `nodeTo`. - * - * This predicate should normally not be used; consider using `step` - * instead. - */ - pragma[inline] - TypeTracker stepCall(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo) { - result = stepCallInlineLate(this, nodeFrom, nodeTo) - } - /** * Gets the summary that corresponds to having taken a forwards * heap and/or inter-procedural step from `nodeFrom` to `nodeTo`. */ pragma[inline] TypeTracker step(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo) { - result = this.stepNoCall(nodeFrom, nodeTo) - or - result = this.stepCall(nodeFrom, nodeTo) - } - - /** - * Gets the summary that corresponds to having taken a forwards - * intra-procedural step from `nodeFrom` to `nodeTo`. - * - * This predicate should normally not be used; consider using `step` - * instead. - */ - pragma[inline] - TypeTracker smallstepNoCall(Node nodeFrom, Node nodeTo) { - result = smallstepNoCallInlineLate(this, nodeFrom, nodeTo) - or - simpleLocalFlowStep(nodeFrom, nodeTo) and - result = this - } - - /** - * Gets the summary that corresponds to having taken a forwards - * inter-procedural step from `nodeFrom` to `nodeTo`. - * - * This predicate should normally not be used; consider using `step` - * instead. - */ - pragma[inline] - TypeTracker smallstepCall(Node nodeFrom, Node nodeTo) { - result = smallstepCallInlineLate(this, nodeFrom, nodeTo) + result = stepInlineLate(this, nodeFrom, nodeTo) } /** @@ -617,9 +532,10 @@ class TypeTracker extends TTypeTracker { */ pragma[inline] TypeTracker smallstep(Node nodeFrom, Node nodeTo) { - result = this.smallstepNoCall(nodeFrom, nodeTo) + result = smallstepInlineLate(this, nodeFrom, nodeTo) or - result = this.smallstepCall(nodeFrom, nodeTo) + simpleLocalFlowStep(nodeFrom, nodeTo) and + result = this } } @@ -631,6 +547,39 @@ module TypeTracker { TypeTracker end() { result.end() } } +pragma[nomagic] +private predicate backStepProj(TypeTrackingNode nodeTo, StepSummary summary) { + step(_, nodeTo, summary) +} + +bindingset[nodeTo, t] +pragma[inline_late] +pragma[noopt] +private TypeBackTracker backStepInlineLate( + TypeBackTracker t, TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo +) { + exists(StepSummary summary | + backStepProj(nodeTo, summary) and + result = t.prepend(summary) and + step(nodeFrom, nodeTo, summary) + ) +} + +private predicate backSmallstepProj(TypeTrackingNode nodeTo, StepSummary summary) { + smallstep(_, nodeTo, summary) +} + +bindingset[nodeTo, t] +pragma[inline_late] +pragma[noopt] +private TypeBackTracker backSmallstepInlineLate(TypeBackTracker t, Node nodeFrom, Node nodeTo) { + exists(StepSummary summary | + backSmallstepProj(nodeTo, summary) and + result = t.prepend(summary) and + smallstep(nodeFrom, nodeTo, summary) + ) +} + /** * A summary of the steps needed to back-track a use of a value to a given dataflow node. * @@ -714,10 +663,7 @@ class TypeBackTracker extends TTypeBackTracker { */ pragma[inline] TypeBackTracker step(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo) { - exists(StepSummary summary | - StepSummary::step(pragma[only_bind_out](nodeFrom), nodeTo, pragma[only_bind_into](summary)) and - this = result.prepend(pragma[only_bind_into](summary)) - ) + this = backStepInlineLate(result, nodeFrom, nodeTo) } /** @@ -746,10 +692,7 @@ class TypeBackTracker extends TTypeBackTracker { */ pragma[inline] TypeBackTracker smallstep(Node nodeFrom, Node nodeTo) { - exists(StepSummary summary | - StepSummary::smallstep(nodeFrom, nodeTo, summary) and - this = result.prepend(summary) - ) + this = backSmallstepInlineLate(result, nodeFrom, nodeTo) or simpleLocalFlowStep(nodeFrom, nodeTo) and this = result @@ -785,3 +728,169 @@ module TypeBackTracker { */ TypeBackTracker end() { result.end() } } + +/** + * INTERNAL: Do not use. + * + * Provides logic for constructing a call graph in mutual recursion with type tracking. + * + * When type tracking is used to construct a call graph, we cannot use the join-order + * from `stepInlineLate`, because `step` becomes a recursive call, which means that we + * will have a conjunct with 3 recursive calls: the call to `step`, the call to `stepProj`, + * and the recursive type tracking call itself. The solution is to split the three-way + * non-linear recursion into two non-linear predicates: one that first joins with the + * projected `stepCall` relation, followed by a predicate that joins with the full + * `stepCall` relation (`stepNoCall` not being recursive, can be join-ordered in the + * same way as in `stepInlineLate`). + */ +module CallGraphConstruction { + /** The input to call graph construction. */ + signature module InputSig { + /** A state to track during type tracking. */ + class State; + + /** Holds if type tracking should start at `start` in state `state`. */ + predicate start(Node start, State state); + + /** + * Holds if type tracking should use the step from `nodeFrom` to `nodeTo`, + * which _does not_ depend on the call graph. + * + * Implementing this predicate using `StepSummary::[small]stepNoCall` yields + * standard type tracking. + */ + predicate stepNoCall(Node nodeFrom, Node nodeTo, StepSummary summary); + + /** + * Holds if type tracking should use the step from `nodeFrom` to `nodeTo`, + * which _does_ depend on the call graph. + * + * Implementing this predicate using `StepSummary::[small]stepCall` yields + * standard type tracking. + */ + predicate stepCall(Node nodeFrom, Node nodeTo, StepSummary summary); + + /** A projection of an element from the state space. */ + class StateProj; + + /** Gets the projection of `state`. */ + StateProj stateProj(State state); + + /** Holds if type tracking should stop at `n` when we are tracking projected state `stateProj`. */ + predicate filter(Node n, StateProj stateProj); + } + + /** Provides the `track` predicate for use in call graph construction. */ + module Make<InputSig Input> { + pragma[nomagic] + private predicate stepNoCallProj(Node nodeFrom, StepSummary summary) { + Input::stepNoCall(nodeFrom, _, summary) + } + + pragma[nomagic] + private predicate stepCallProj(Node nodeFrom, StepSummary summary) { + Input::stepCall(nodeFrom, _, summary) + } + + bindingset[nodeFrom, t] + pragma[inline_late] + pragma[noopt] + private TypeTracker stepNoCallInlineLate( + TypeTracker t, TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo + ) { + exists(StepSummary summary | + stepNoCallProj(nodeFrom, summary) and + result = t.append(summary) and + Input::stepNoCall(nodeFrom, nodeTo, summary) + ) + } + + bindingset[state] + pragma[inline_late] + private Input::StateProj stateProjInlineLate(Input::State state) { + result = Input::stateProj(state) + } + + pragma[nomagic] + private Node track(Input::State state, TypeTracker t) { + t.start() and Input::start(result, state) + or + exists(Input::StateProj stateProj | + stateProj = stateProjInlineLate(state) and + not Input::filter(result, stateProj) + | + exists(TypeTracker t2 | t = stepNoCallInlineLate(t2, track(state, t2), result)) + or + exists(StepSummary summary | + // non-linear recursion + Input::stepCall(trackCall(state, t, summary), result, summary) + ) + ) + } + + bindingset[t, summary] + pragma[inline_late] + private TypeTracker appendInlineLate(TypeTracker t, StepSummary summary) { + result = t.append(summary) + } + + pragma[nomagic] + private Node trackCall(Input::State state, TypeTracker t, StepSummary summary) { + exists(TypeTracker t2 | + // non-linear recursion + result = track(state, t2) and + stepCallProj(result, summary) and + t = appendInlineLate(t2, summary) + ) + } + + /** Gets a node that can be reached from _some_ start node in state `state`. */ + pragma[nomagic] + Node track(Input::State state) { result = track(state, TypeTracker::end()) } + } + + /** A simple version of `CallGraphConstruction` that uses standard type tracking. */ + module Simple { + /** The input to call graph construction. */ + signature module InputSig { + /** A state to track during type tracking. */ + class State; + + /** Holds if type tracking should start at `start` in state `state`. */ + predicate start(Node start, State state); + + /** Holds if type tracking should stop at `n`. */ + predicate filter(Node n); + } + + /** Provides the `track` predicate for use in call graph construction. */ + module Make<InputSig Input> { + private module I implements CallGraphConstruction::InputSig { + private import codeql.util.Unit + + class State = Input::State; + + predicate start(Node start, State state) { Input::start(start, state) } + + predicate stepNoCall(Node nodeFrom, Node nodeTo, StepSummary summary) { + StepSummary::stepNoCall(nodeFrom, nodeTo, summary) + } + + predicate stepCall(Node nodeFrom, Node nodeTo, StepSummary summary) { + StepSummary::stepCall(nodeFrom, nodeTo, summary) + } + + class StateProj = Unit; + + Unit stateProj(State state) { exists(state) and exists(result) } + + predicate filter(Node n, Unit u) { + Input::filter(n) and + exists(u) + } + } + + import CallGraphConstruction::Make<I> + } + } +} diff --git a/ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll b/ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll index 4be26f6cea9..25521f5f1a5 100644 --- a/ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll +++ b/ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll @@ -224,71 +224,47 @@ private module Cached { private import Cached +private predicate step(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo, StepSummary summary) { + stepNoCall(nodeFrom, nodeTo, summary) + or + stepCall(nodeFrom, nodeTo, summary) +} + pragma[nomagic] -private predicate stepNoCallProj(TypeTrackingNode nodeFrom, StepSummary summary) { - stepNoCall(nodeFrom, _, summary) +private predicate stepProj(TypeTrackingNode nodeFrom, StepSummary summary) { + step(nodeFrom, _, summary) } bindingset[nodeFrom, t] pragma[inline_late] pragma[noopt] -private TypeTracker stepNoCallInlineLate( - TypeTracker t, TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo -) { +private TypeTracker stepInlineLate(TypeTracker t, TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo) { exists(StepSummary summary | - stepNoCallProj(nodeFrom, summary) and + stepProj(nodeFrom, summary) and result = t.append(summary) and - stepNoCall(nodeFrom, nodeTo, summary) + step(nodeFrom, nodeTo, summary) ) } +private predicate smallstep(Node nodeFrom, TypeTrackingNode nodeTo, StepSummary summary) { + smallstepNoCall(nodeFrom, nodeTo, summary) + or + smallstepCall(nodeFrom, nodeTo, summary) +} + pragma[nomagic] -private predicate stepCallProj(TypeTrackingNode nodeFrom, StepSummary summary) { - stepCall(nodeFrom, _, summary) +private predicate smallstepProj(Node nodeFrom, StepSummary summary) { + smallstep(nodeFrom, _, summary) } bindingset[nodeFrom, t] pragma[inline_late] pragma[noopt] -private TypeTracker stepCallInlineLate( - TypeTracker t, TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo -) { +private TypeTracker smallstepInlineLate(TypeTracker t, Node nodeFrom, Node nodeTo) { exists(StepSummary summary | - stepCallProj(nodeFrom, summary) and + smallstepProj(nodeFrom, summary) and result = t.append(summary) and - stepCall(nodeFrom, nodeTo, summary) - ) -} - -pragma[nomagic] -private predicate smallstepNoCallProj(Node nodeFrom, StepSummary summary) { - smallstepNoCall(nodeFrom, _, summary) -} - -bindingset[nodeFrom, t] -pragma[inline_late] -pragma[noopt] -private TypeTracker smallstepNoCallInlineLate(TypeTracker t, Node nodeFrom, Node nodeTo) { - exists(StepSummary summary | - smallstepNoCallProj(nodeFrom, summary) and - result = t.append(summary) and - smallstepNoCall(nodeFrom, nodeTo, summary) - ) -} - -pragma[nomagic] -private predicate smallstepCallProj(Node nodeFrom, StepSummary summary) { - smallstepCall(nodeFrom, _, summary) -} - -bindingset[nodeFrom, t] -pragma[inline_late] -pragma[noopt] -private TypeTracker smallstepCallInlineLate(TypeTracker t, Node nodeFrom, Node nodeTo) { - exists(StepSummary summary | - smallstepCallProj(nodeFrom, summary) and - result = t.append(summary) and - smallstepCall(nodeFrom, nodeTo, summary) + smallstep(nodeFrom, nodeTo, summary) ) } @@ -385,14 +361,7 @@ module StepSummary { /** * Gets the summary that corresponds to having taken a forwards * heap and/or inter-procedural step from `nodeFrom` to `nodeTo`. - * - * This predicate is inlined, which enables better join-orders when - * the call graph construction and type tracking are mutually recursive. - * In such cases, non-linear recursion involving `step` will be limited - * to non-linear recursion for the parts of `step` that involve the - * call graph. */ - pragma[inline] predicate step(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo, StepSummary summary) { stepNoCall(nodeFrom, nodeTo, summary) or @@ -424,7 +393,6 @@ module StepSummary { * Unlike `StepSummary::step`, this predicate does not compress * type-preserving steps. */ - pragma[inline] predicate smallstep(Node nodeFrom, TypeTrackingNode nodeTo, StepSummary summary) { smallstepNoCall(nodeFrom, nodeTo, summary) or @@ -529,66 +497,13 @@ class TypeTracker extends TTypeTracker { */ TypeTracker continue() { content = noContent() and result = this } - /** - * Gets the summary that corresponds to having taken a forwards - * intra-procedural step from `nodeFrom` to `nodeTo`. - * - * This predicate should normally not be used; consider using `step` - * instead. - */ - pragma[inline] - TypeTracker stepNoCall(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo) { - result = stepNoCallInlineLate(this, nodeFrom, nodeTo) - } - - /** - * Gets the summary that corresponds to having taken a forwards - * inter-procedural step from `nodeFrom` to `nodeTo`. - * - * This predicate should normally not be used; consider using `step` - * instead. - */ - pragma[inline] - TypeTracker stepCall(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo) { - result = stepCallInlineLate(this, nodeFrom, nodeTo) - } - /** * Gets the summary that corresponds to having taken a forwards * heap and/or inter-procedural step from `nodeFrom` to `nodeTo`. */ pragma[inline] TypeTracker step(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo) { - result = this.stepNoCall(nodeFrom, nodeTo) - or - result = this.stepCall(nodeFrom, nodeTo) - } - - /** - * Gets the summary that corresponds to having taken a forwards - * intra-procedural step from `nodeFrom` to `nodeTo`. - * - * This predicate should normally not be used; consider using `step` - * instead. - */ - pragma[inline] - TypeTracker smallstepNoCall(Node nodeFrom, Node nodeTo) { - result = smallstepNoCallInlineLate(this, nodeFrom, nodeTo) - or - simpleLocalFlowStep(nodeFrom, nodeTo) and - result = this - } - - /** - * Gets the summary that corresponds to having taken a forwards - * inter-procedural step from `nodeFrom` to `nodeTo`. - * - * This predicate should normally not be used; consider using `step` - * instead. - */ - pragma[inline] - TypeTracker smallstepCall(Node nodeFrom, Node nodeTo) { - result = smallstepCallInlineLate(this, nodeFrom, nodeTo) + result = stepInlineLate(this, nodeFrom, nodeTo) } /** @@ -617,9 +532,10 @@ class TypeTracker extends TTypeTracker { */ pragma[inline] TypeTracker smallstep(Node nodeFrom, Node nodeTo) { - result = this.smallstepNoCall(nodeFrom, nodeTo) + result = smallstepInlineLate(this, nodeFrom, nodeTo) or - result = this.smallstepCall(nodeFrom, nodeTo) + simpleLocalFlowStep(nodeFrom, nodeTo) and + result = this } } @@ -631,6 +547,39 @@ module TypeTracker { TypeTracker end() { result.end() } } +pragma[nomagic] +private predicate backStepProj(TypeTrackingNode nodeTo, StepSummary summary) { + step(_, nodeTo, summary) +} + +bindingset[nodeTo, t] +pragma[inline_late] +pragma[noopt] +private TypeBackTracker backStepInlineLate( + TypeBackTracker t, TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo +) { + exists(StepSummary summary | + backStepProj(nodeTo, summary) and + result = t.prepend(summary) and + step(nodeFrom, nodeTo, summary) + ) +} + +private predicate backSmallstepProj(TypeTrackingNode nodeTo, StepSummary summary) { + smallstep(_, nodeTo, summary) +} + +bindingset[nodeTo, t] +pragma[inline_late] +pragma[noopt] +private TypeBackTracker backSmallstepInlineLate(TypeBackTracker t, Node nodeFrom, Node nodeTo) { + exists(StepSummary summary | + backSmallstepProj(nodeTo, summary) and + result = t.prepend(summary) and + smallstep(nodeFrom, nodeTo, summary) + ) +} + /** * A summary of the steps needed to back-track a use of a value to a given dataflow node. * @@ -714,10 +663,7 @@ class TypeBackTracker extends TTypeBackTracker { */ pragma[inline] TypeBackTracker step(TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo) { - exists(StepSummary summary | - StepSummary::step(pragma[only_bind_out](nodeFrom), nodeTo, pragma[only_bind_into](summary)) and - this = result.prepend(pragma[only_bind_into](summary)) - ) + this = backStepInlineLate(result, nodeFrom, nodeTo) } /** @@ -746,10 +692,7 @@ class TypeBackTracker extends TTypeBackTracker { */ pragma[inline] TypeBackTracker smallstep(Node nodeFrom, Node nodeTo) { - exists(StepSummary summary | - StepSummary::smallstep(nodeFrom, nodeTo, summary) and - this = result.prepend(summary) - ) + this = backSmallstepInlineLate(result, nodeFrom, nodeTo) or simpleLocalFlowStep(nodeFrom, nodeTo) and this = result @@ -785,3 +728,169 @@ module TypeBackTracker { */ TypeBackTracker end() { result.end() } } + +/** + * INTERNAL: Do not use. + * + * Provides logic for constructing a call graph in mutual recursion with type tracking. + * + * When type tracking is used to construct a call graph, we cannot use the join-order + * from `stepInlineLate`, because `step` becomes a recursive call, which means that we + * will have a conjunct with 3 recursive calls: the call to `step`, the call to `stepProj`, + * and the recursive type tracking call itself. The solution is to split the three-way + * non-linear recursion into two non-linear predicates: one that first joins with the + * projected `stepCall` relation, followed by a predicate that joins with the full + * `stepCall` relation (`stepNoCall` not being recursive, can be join-ordered in the + * same way as in `stepInlineLate`). + */ +module CallGraphConstruction { + /** The input to call graph construction. */ + signature module InputSig { + /** A state to track during type tracking. */ + class State; + + /** Holds if type tracking should start at `start` in state `state`. */ + predicate start(Node start, State state); + + /** + * Holds if type tracking should use the step from `nodeFrom` to `nodeTo`, + * which _does not_ depend on the call graph. + * + * Implementing this predicate using `StepSummary::[small]stepNoCall` yields + * standard type tracking. + */ + predicate stepNoCall(Node nodeFrom, Node nodeTo, StepSummary summary); + + /** + * Holds if type tracking should use the step from `nodeFrom` to `nodeTo`, + * which _does_ depend on the call graph. + * + * Implementing this predicate using `StepSummary::[small]stepCall` yields + * standard type tracking. + */ + predicate stepCall(Node nodeFrom, Node nodeTo, StepSummary summary); + + /** A projection of an element from the state space. */ + class StateProj; + + /** Gets the projection of `state`. */ + StateProj stateProj(State state); + + /** Holds if type tracking should stop at `n` when we are tracking projected state `stateProj`. */ + predicate filter(Node n, StateProj stateProj); + } + + /** Provides the `track` predicate for use in call graph construction. */ + module Make<InputSig Input> { + pragma[nomagic] + private predicate stepNoCallProj(Node nodeFrom, StepSummary summary) { + Input::stepNoCall(nodeFrom, _, summary) + } + + pragma[nomagic] + private predicate stepCallProj(Node nodeFrom, StepSummary summary) { + Input::stepCall(nodeFrom, _, summary) + } + + bindingset[nodeFrom, t] + pragma[inline_late] + pragma[noopt] + private TypeTracker stepNoCallInlineLate( + TypeTracker t, TypeTrackingNode nodeFrom, TypeTrackingNode nodeTo + ) { + exists(StepSummary summary | + stepNoCallProj(nodeFrom, summary) and + result = t.append(summary) and + Input::stepNoCall(nodeFrom, nodeTo, summary) + ) + } + + bindingset[state] + pragma[inline_late] + private Input::StateProj stateProjInlineLate(Input::State state) { + result = Input::stateProj(state) + } + + pragma[nomagic] + private Node track(Input::State state, TypeTracker t) { + t.start() and Input::start(result, state) + or + exists(Input::StateProj stateProj | + stateProj = stateProjInlineLate(state) and + not Input::filter(result, stateProj) + | + exists(TypeTracker t2 | t = stepNoCallInlineLate(t2, track(state, t2), result)) + or + exists(StepSummary summary | + // non-linear recursion + Input::stepCall(trackCall(state, t, summary), result, summary) + ) + ) + } + + bindingset[t, summary] + pragma[inline_late] + private TypeTracker appendInlineLate(TypeTracker t, StepSummary summary) { + result = t.append(summary) + } + + pragma[nomagic] + private Node trackCall(Input::State state, TypeTracker t, StepSummary summary) { + exists(TypeTracker t2 | + // non-linear recursion + result = track(state, t2) and + stepCallProj(result, summary) and + t = appendInlineLate(t2, summary) + ) + } + + /** Gets a node that can be reached from _some_ start node in state `state`. */ + pragma[nomagic] + Node track(Input::State state) { result = track(state, TypeTracker::end()) } + } + + /** A simple version of `CallGraphConstruction` that uses standard type tracking. */ + module Simple { + /** The input to call graph construction. */ + signature module InputSig { + /** A state to track during type tracking. */ + class State; + + /** Holds if type tracking should start at `start` in state `state`. */ + predicate start(Node start, State state); + + /** Holds if type tracking should stop at `n`. */ + predicate filter(Node n); + } + + /** Provides the `track` predicate for use in call graph construction. */ + module Make<InputSig Input> { + private module I implements CallGraphConstruction::InputSig { + private import codeql.util.Unit + + class State = Input::State; + + predicate start(Node start, State state) { Input::start(start, state) } + + predicate stepNoCall(Node nodeFrom, Node nodeTo, StepSummary summary) { + StepSummary::stepNoCall(nodeFrom, nodeTo, summary) + } + + predicate stepCall(Node nodeFrom, Node nodeTo, StepSummary summary) { + StepSummary::stepCall(nodeFrom, nodeTo, summary) + } + + class StateProj = Unit; + + Unit stateProj(State state) { exists(state) and exists(result) } + + predicate filter(Node n, Unit u) { + Input::filter(n) and + exists(u) + } + } + + import CallGraphConstruction::Make<I> + } + } +} From 88c5700c2452aa1208ae321e4d25b8aa4e3be948 Mon Sep 17 00:00:00 2001 From: Tom Hvitved <hvitved@github.com> Date: Tue, 6 Jun 2023 15:41:11 +0200 Subject: [PATCH 854/870] Ruby: Use `CallGraphConstruction` in call graph construction --- .../dataflow/internal/DataFlowDispatch.qll | 557 ++++++++---------- 1 file changed, 238 insertions(+), 319 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll index 410867c7ead..625cc226b96 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll @@ -8,6 +8,8 @@ private import FlowSummaryImpl as FlowSummaryImpl private import FlowSummaryImplSpecific as FlowSummaryImplSpecific private import codeql.ruby.dataflow.FlowSummary private import codeql.ruby.dataflow.SSA +private import codeql.util.Boolean +private import codeql.util.Unit /** * A `LocalSourceNode` for a `self` variable. This is the implicit `self` @@ -470,49 +472,22 @@ private module Cached { import Cached -pragma[nomagic] -private predicate stepCallProj(DataFlow::LocalSourceNode nodeFrom, StepSummary summary) { - StepSummary::stepCall(nodeFrom, _, summary) -} - pragma[nomagic] private predicate isNotSelf(DataFlow::Node n) { not n instanceof SelfParameterNodeImpl } -pragma[nomagic] -private DataFlow::LocalSourceNode trackModuleAccess(Module m, TypeTracker t) { - t.start() and m = resolveConstantReadAccess(result.asExpr().getExpr()) - or +private module TrackModuleInput implements CallGraphConstruction::Simple::InputSig { + class State = Module; + + predicate start(DataFlow::Node start, Module m) { + m = resolveConstantReadAccess(start.asExpr().getExpr()) + } + // We exclude steps into `self` parameters, and instead rely on the type of the // enclosing module - isNotSelf(result) and - ( - exists(TypeTracker t2 | t = t2.stepNoCall(trackModuleAccess(m, t2), result)) - or - exists(StepSummary summary | - // non-linear recursion - StepSummary::stepCall(trackModuleAccessCall(m, t, summary), result, summary) - ) - ) + predicate filter(DataFlow::Node n) { n instanceof SelfParameterNodeImpl } } -bindingset[t, summary] -pragma[inline_late] -private TypeTracker append(TypeTracker t, StepSummary summary) { result = t.append(summary) } - -pragma[nomagic] -private DataFlow::LocalSourceNode trackModuleAccessCall(Module m, TypeTracker t, StepSummary summary) { - exists(TypeTracker t2 | - // non-linear recursion - result = trackModuleAccess(m, t2) and - stepCallProj(result, summary) and - t = append(t2, summary) - ) -} - -pragma[nomagic] -private DataFlow::LocalSourceNode trackModuleAccess(Module m) { - result = trackModuleAccess(m, TypeTracker::end()) -} +predicate trackModuleAccess = CallGraphConstruction::Simple::Make<TrackModuleInput>::track/1; pragma[nomagic] private predicate hasUserDefinedNew(Module m) { @@ -552,182 +527,162 @@ private predicate isStandardNewCall(RelevantCall new, Module m, boolean exact) { ) } -/** Holds if `n` is an instance of type `tp`. */ -private predicate isInstance(DataFlow::Node n, Module tp, boolean exact) { - n.asExpr().getExpr() instanceof NilLiteral and - tp = TResolved("NilClass") and - exact = true - or - n.asExpr().getExpr().(BooleanLiteral).isFalse() and - tp = TResolved("FalseClass") and - exact = true - or - n.asExpr().getExpr().(BooleanLiteral).isTrue() and - tp = TResolved("TrueClass") and - exact = true - or - n.asExpr().getExpr() instanceof IntegerLiteral and - tp = TResolved("Integer") and - exact = true - or - n.asExpr().getExpr() instanceof FloatLiteral and - tp = TResolved("Float") and - exact = true - or - n.asExpr().getExpr() instanceof RationalLiteral and - tp = TResolved("Rational") and - exact = true - or - n.asExpr().getExpr() instanceof ComplexLiteral and - tp = TResolved("Complex") and - exact = true - or - n.asExpr().getExpr() instanceof StringlikeLiteral and - tp = TResolved("String") and - exact = true - or - n.asExpr() instanceof CfgNodes::ExprNodes::ArrayLiteralCfgNode and - tp = TResolved("Array") and - exact = true - or - n.asExpr() instanceof CfgNodes::ExprNodes::HashLiteralCfgNode and - tp = TResolved("Hash") and - exact = true - or - n.asExpr().getExpr() instanceof MethodBase and - tp = TResolved("Symbol") and - exact = true - or - n.asParameter() instanceof BlockParameter and - tp = TResolved("Proc") and - exact = true - or - n.asExpr().getExpr() instanceof Lambda and - tp = TResolved("Proc") and - exact = true - or - isStandardNewCall(n.asExpr(), tp, exact) - or - // `self` reference in method or top-level (but not in module or singleton method, - // where instance methods cannot be called; only singleton methods) - n = - any(SelfLocalSourceNode self | - exists(MethodBase m | - selfInMethod(self.getVariable(), m, tp) and - not m instanceof SingletonMethod and - if m.getEnclosingModule() instanceof Toplevel then exact = true else exact = false - ) - or - selfInToplevel(self.getVariable(), tp) and - exact = true - ) - or - // `in C => c then c.foo` - asModulePattern(n, tp) and - exact = false - or - // `case object when C then object.foo` - hasAdjacentTypeCheckedReads(_, _, n.asExpr(), tp) and - exact = false -} - private predicate localFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo, StepSummary summary) { localFlowStepTypeTracker(nodeFrom, nodeTo) and summary.toString() = "level" } -pragma[nomagic] -private predicate hasAdjacentTypeCheckedReads(DataFlow::Node node) { - hasAdjacentTypeCheckedReads(_, _, node.asExpr(), _) -} - -pragma[nomagic] -private predicate smallStepNoCallForTrackInstance0( - DataFlow::Node nodeFrom, DataFlow::Node nodeTo, StepSummary summary -) { - // We exclude steps into `self` parameters. For those, we instead rely on the type of - // the enclosing module - StepSummary::smallstepNoCall(nodeFrom, nodeTo, summary) and - isNotSelf(nodeTo) - or - // We exclude steps into type checked variables. For those, we instead rely on the - // type being checked against - localFlowStep(nodeFrom, nodeTo, summary) and - not hasAdjacentTypeCheckedReads(nodeTo) -} - -pragma[nomagic] -private predicate smallStepNoCallForTrackInstance0Proj(DataFlow::Node nodeFrom, StepSummary summary) { - smallStepNoCallForTrackInstance0(nodeFrom, _, summary) -} - -bindingset[t, nodeFrom] -pragma[inline_late] -pragma[noopt] -private TypeTracker smallStepNoCallForTrackInstance( - TypeTracker t, DataFlow::Node nodeFrom, DataFlow::Node nodeTo -) { - exists(StepSummary summary | - smallStepNoCallForTrackInstance0Proj(nodeFrom, summary) and - result = t.append(summary) and - smallStepNoCallForTrackInstance0(nodeFrom, nodeTo, summary) - ) -} - -pragma[nomagic] -private DataFlow::Node trackInstance(Module tp, boolean exact, TypeTracker t) { - t.start() and - ( - isInstance(result, tp, exact) +private module TrackInstanceInput implements CallGraphConstruction::InputSig { + pragma[nomagic] + private predicate isInstanceNoCall(DataFlow::Node n, Module tp, boolean exact) { + n.asExpr().getExpr() instanceof NilLiteral and + tp = TResolved("NilClass") and + exact = true or - exists(Module m | - (if m.isClass() then tp = TResolved("Class") else tp = TResolved("Module")) and - exact = true - | - // needed for e.g. `C.new` - m = resolveConstantReadAccess(result.asExpr().getExpr()) + n.asExpr().getExpr().(BooleanLiteral).isFalse() and + tp = TResolved("FalseClass") and + exact = true + or + n.asExpr().getExpr().(BooleanLiteral).isTrue() and + tp = TResolved("TrueClass") and + exact = true + or + n.asExpr().getExpr() instanceof IntegerLiteral and + tp = TResolved("Integer") and + exact = true + or + n.asExpr().getExpr() instanceof FloatLiteral and + tp = TResolved("Float") and + exact = true + or + n.asExpr().getExpr() instanceof RationalLiteral and + tp = TResolved("Rational") and + exact = true + or + n.asExpr().getExpr() instanceof ComplexLiteral and + tp = TResolved("Complex") and + exact = true + or + n.asExpr().getExpr() instanceof StringlikeLiteral and + tp = TResolved("String") and + exact = true + or + n.asExpr() instanceof CfgNodes::ExprNodes::ArrayLiteralCfgNode and + tp = TResolved("Array") and + exact = true + or + n.asExpr() instanceof CfgNodes::ExprNodes::HashLiteralCfgNode and + tp = TResolved("Hash") and + exact = true + or + n.asExpr().getExpr() instanceof MethodBase and + tp = TResolved("Symbol") and + exact = true + or + n.asParameter() instanceof BlockParameter and + tp = TResolved("Proc") and + exact = true + or + n.asExpr().getExpr() instanceof Lambda and + tp = TResolved("Proc") and + exact = true + or + // `self` reference in method or top-level (but not in module or singleton method, + // where instance methods cannot be called; only singleton methods) + n = + any(SelfLocalSourceNode self | + exists(MethodBase m | + selfInMethod(self.getVariable(), m, tp) and + not m instanceof SingletonMethod and + if m.getEnclosingModule() instanceof Toplevel then exact = true else exact = false + ) + or + selfInToplevel(self.getVariable(), tp) and + exact = true + ) + or + // `in C => c then c.foo` + asModulePattern(n, tp) and + exact = false + or + // `case object when C then object.foo` + hasAdjacentTypeCheckedReads(_, _, n.asExpr(), tp) and + exact = false + } + + pragma[nomagic] + private predicate isInstanceCall(DataFlow::Node n, Module tp, boolean exact) { + isStandardNewCall(n.asExpr(), tp, exact) + } + + /** Holds if `n` is an instance of type `tp`. */ + pragma[inline] + private predicate isInstance(DataFlow::Node n, Module tp, boolean exact) { + isInstanceNoCall(n, tp, exact) + or + isInstanceCall(n, tp, exact) + } + + pragma[nomagic] + private predicate hasAdjacentTypeCheckedReads(DataFlow::Node node) { + hasAdjacentTypeCheckedReads(_, _, node.asExpr(), _) + } + + newtype State = additional MkState(Module m, Boolean exact) + + predicate start(DataFlow::Node start, State state) { + exists(Module tp, boolean exact | state = MkState(tp, exact) | + isInstance(start, tp, exact) or - // needed for e.g. `self.include` - selfInModule(result.(SelfLocalSourceNode).getVariable(), m) - or - // needed for e.g. `self.puts` - selfInMethod(result.(SelfLocalSourceNode).getVariable(), any(SingletonMethod sm), m) + exists(Module m | + (if m.isClass() then tp = TResolved("Class") else tp = TResolved("Module")) and + exact = true + | + // needed for e.g. `C.new` + m = resolveConstantReadAccess(start.asExpr().getExpr()) + or + // needed for e.g. `self.include` + selfInModule(start.(SelfLocalSourceNode).getVariable(), m) + or + // needed for e.g. `self.puts` + selfInMethod(start.(SelfLocalSourceNode).getVariable(), any(SingletonMethod sm), m) + ) ) - ) - or - exists(TypeTracker t2 | - t = smallStepNoCallForTrackInstance(t2, trackInstance(tp, exact, t2), result) - ) - or - // We exclude steps into `self` parameters. For those, we instead rely on the type of - // the enclosing module - exists(StepSummary summary | - // non-linear recursion - StepSummary::smallstepCall(trackInstanceCall(tp, t, exact, summary), result, summary) and - isNotSelf(result) - ) -} + } -pragma[nomagic] -private predicate smallStepCallProj(DataFlow::Node nodeFrom, StepSummary summary) { - StepSummary::smallstepCall(nodeFrom, _, summary) -} + pragma[nomagic] + predicate stepNoCall(DataFlow::Node nodeFrom, DataFlow::Node nodeTo, StepSummary summary) { + // We exclude steps into `self` parameters. For those, we instead rely on the type of + // the enclosing module + StepSummary::smallstepNoCall(nodeFrom, nodeTo, summary) and + isNotSelf(nodeTo) + or + // We exclude steps into type checked variables. For those, we instead rely on the + // type being checked against + localFlowStep(nodeFrom, nodeTo, summary) and + not hasAdjacentTypeCheckedReads(nodeTo) + } -pragma[nomagic] -private DataFlow::Node trackInstanceCall( - Module tp, TypeTracker t, boolean exact, StepSummary summary -) { - exists(TypeTracker t2 | - // non-linear recursion - result = trackInstance(tp, exact, t2) and - smallStepCallProj(result, summary) and - t = append(t2, summary) - ) + predicate stepCall(DataFlow::Node nodeFrom, DataFlow::Node nodeTo, StepSummary summary) { + StepSummary::smallstepCall(nodeFrom, nodeTo, summary) + } + + class StateProj = Unit; + + Unit stateProj(State state) { exists(state) and exists(result) } + + // We exclude steps into `self` parameters, and instead rely on the type of the + // enclosing module + predicate filter(DataFlow::Node n, Unit u) { + n instanceof SelfParameterNodeImpl and + exists(u) + } } pragma[nomagic] private DataFlow::Node trackInstance(Module tp, boolean exact) { - result = trackInstance(tp, exact, TypeTracker::end()) + result = + CallGraphConstruction::Make<TrackInstanceInput>::track(TrackInstanceInput::MkState(tp, exact)) } pragma[nomagic] @@ -768,37 +723,17 @@ private CfgScope getTargetInstance(RelevantCall call, string method) { ) } -pragma[nomagic] -private DataFlow::LocalSourceNode trackBlock(Block block, TypeTracker t) { - t.start() and result.asExpr().getExpr() = block - or - // We exclude steps into `self` parameters, which may happen when the code - // base contains implementations of `call`. - isNotSelf(result) and - ( - exists(TypeTracker t2 | t = t2.stepNoCall(trackBlock(block, t2), result)) - or - exists(StepSummary summary | - // non-linear recursion - StepSummary::stepCall(trackBlockCall(block, t, summary), result, summary) - ) - ) +private module TrackBlockInput implements CallGraphConstruction::Simple::InputSig { + class State = Block; + + predicate start(DataFlow::Node start, Block block) { start.asExpr().getExpr() = block } + + // We exclude steps into `self` parameters, and instead rely on the type of the + // enclosing module + predicate filter(DataFlow::Node n) { n instanceof SelfParameterNodeImpl } } -pragma[nomagic] -private DataFlow::LocalSourceNode trackBlockCall(Block block, TypeTracker t, StepSummary summary) { - exists(TypeTracker t2 | - // non-linear recursion - result = trackBlock(block, t2) and - stepCallProj(result, summary) and - t = append(t2, summary) - ) -} - -pragma[nomagic] -private DataFlow::LocalSourceNode trackBlock(Block block) { - result = trackBlock(block, TypeTracker::end()) -} +private predicate trackBlock = CallGraphConstruction::Simple::Make<TrackBlockInput>::track/1; /** Holds if `m` is a singleton method named `name`, defined on `object. */ private predicate singletonMethod(MethodBase m, string name, Expr object) { @@ -965,72 +900,81 @@ predicate singletonMethodOnInstance(MethodBase method, string name, Expr object) ) } -/** - * Holds if there is reverse flow from `nodeFrom` to `nodeTo` via a parameter. - * - * This is only used for tracking singleton methods, where we want to be able - * to handle cases like - * - * ```rb - * def add_singleton x - * def x.foo; end - * end - * - * y = add_singleton C.new - * y.foo - * ``` - * - * and - * - * ```rb - * class C - * def add_singleton_to_self - * def self.foo; end - * end - * end - * - * y = C.new - * y.add_singleton_to_self - * y.foo - * ``` - */ -pragma[nomagic] -private predicate paramReturnFlow( - DataFlow::Node nodeFrom, DataFlow::PostUpdateNode nodeTo, StepSummary summary -) { - exists(RelevantCall call, DataFlow::Node arg, DataFlow::ParameterNode p, Expr nodeFromPreExpr | - TypeTrackerSpecific::callStep(call, arg, p) and - nodeTo.getPreUpdateNode() = arg and - summary.toString() = "return" and - ( - nodeFromPreExpr = nodeFrom.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr().getExpr() +private module TrackSingletonMethodOnInstanceInput implements CallGraphConstruction::InputSig { + /** + * Holds if there is reverse flow from `nodeFrom` to `nodeTo` via a parameter. + * + * This is only used for tracking singleton methods, where we want to be able + * to handle cases like + * + * ```rb + * def add_singleton x + * def x.foo; end + * end + * + * y = add_singleton C.new + * y.foo + * ``` + * + * and + * + * ```rb + * class C + * def add_singleton_to_self + * def self.foo; end + * end + * end + * + * y = C.new + * y.add_singleton_to_self + * y.foo + * ``` + */ + pragma[nomagic] + private predicate paramReturnFlow( + DataFlow::Node nodeFrom, DataFlow::PostUpdateNode nodeTo, StepSummary summary + ) { + exists(RelevantCall call, DataFlow::Node arg, DataFlow::ParameterNode p, Expr nodeFromPreExpr | + TypeTrackerSpecific::callStep(call, arg, p) and + nodeTo.getPreUpdateNode() = arg and + summary.toString() = "return" and + ( + nodeFromPreExpr = nodeFrom.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr().getExpr() + or + nodeFromPreExpr = nodeFrom.asExpr().getExpr() and + singletonMethodOnInstance(_, _, nodeFromPreExpr) + ) + | + nodeFromPreExpr = p.getParameter().(NamedParameter).getVariable().getAnAccess() or - nodeFromPreExpr = nodeFrom.asExpr().getExpr() and - singletonMethodOnInstance(_, _, nodeFromPreExpr) + nodeFromPreExpr = p.(SelfParameterNodeImpl).getSelfVariable().getAnAccess() ) - | - nodeFromPreExpr = p.getParameter().(NamedParameter).getVariable().getAnAccess() - or - nodeFromPreExpr = p.(SelfParameterNodeImpl).getSelfVariable().getAnAccess() - ) -} + } -pragma[nomagic] -private DataFlow::Node trackSingletonMethodOnInstance(MethodBase method, string name, TypeTracker t) { - t.start() and - singletonMethodOnInstance(method, name, result.asExpr().getExpr()) - or - ( - exists(TypeTracker t2 | - t = t2.smallstepNoCall(trackSingletonMethodOnInstance(method, name, t2), result) - ) + class State = MethodBase; + + predicate start(DataFlow::Node start, MethodBase method) { + singletonMethodOnInstance(method, _, start.asExpr().getExpr()) + } + + predicate stepNoCall(DataFlow::Node nodeFrom, DataFlow::Node nodeTo, StepSummary summary) { + StepSummary::smallstepNoCall(nodeFrom, nodeTo, summary) or - exists(StepSummary summary | - // non-linear recursion - smallStepCallForTrackSingletonMethodOnInstance(trackSingletonMethodOnInstanceCall(method, - name, t, summary), result, summary) - ) - ) and + localFlowStep(nodeFrom, nodeTo, summary) + } + + predicate stepCall(DataFlow::Node nodeFrom, DataFlow::Node nodeTo, StepSummary summary) { + StepSummary::smallstepCall(nodeFrom, nodeTo, summary) + or + paramReturnFlow(nodeFrom, nodeTo, summary) + } + + class StateProj extends string { + StateProj() { singletonMethodOnInstance(_, this, _) } + } + + StateProj stateProj(MethodBase method) { singletonMethodOnInstance(method, result, _) } + // Stop flow at redefinitions. // // Example: @@ -1039,40 +983,15 @@ private DataFlow::Node trackSingletonMethodOnInstance(MethodBase method, string // def x.foo; end // x.foo # <- we want to resolve this call to the second definition only // ``` - not singletonMethodOnInstance(_, name, result.asExpr().getExpr()) -} - -pragma[nomagic] -private predicate smallStepCallForTrackSingletonMethodOnInstance( - DataFlow::Node nodeFrom, DataFlow::Node nodeTo, StepSummary summary -) { - StepSummary::smallstepCall(nodeFrom, nodeTo, summary) - or - paramReturnFlow(nodeFrom, nodeTo, summary) -} - -pragma[nomagic] -private predicate smallStepCallForTrackSingletonMethodOnInstanceProj( - DataFlow::Node nodeFrom, StepSummary summary -) { - smallStepCallForTrackSingletonMethodOnInstance(nodeFrom, _, summary) -} - -pragma[nomagic] -private DataFlow::Node trackSingletonMethodOnInstanceCall( - MethodBase method, string name, TypeTracker t, StepSummary summary -) { - exists(TypeTracker t2 | - // non-linear recursion - result = trackSingletonMethodOnInstance(method, name, t2) and - smallStepCallForTrackSingletonMethodOnInstanceProj(result, summary) and - t = append(t2, summary) - ) + predicate filter(DataFlow::Node n, StateProj name) { + singletonMethodOnInstance(_, name, n.asExpr().getExpr()) + } } pragma[nomagic] private DataFlow::Node trackSingletonMethodOnInstance(MethodBase method, string name) { - result = trackSingletonMethodOnInstance(method, name, TypeTracker::end()) + result = CallGraphConstruction::Make<TrackSingletonMethodOnInstanceInput>::track(method) and + singletonMethodOnInstance(method, name, _) } /** Holds if a `self` access may be the receiver of `call` directly inside module `m`. */ From 48ac3e58ee6bb7fdb26c079da1c413ab5c58fc2b Mon Sep 17 00:00:00 2001 From: Tom Hvitved <hvitved@github.com> Date: Tue, 6 Jun 2023 16:09:10 +0200 Subject: [PATCH 855/870] Python: Use `CallGraphConstruction` in call graph construction --- .../new/internal/DataFlowDispatch.qll | 425 ++++++------------ 1 file changed, 144 insertions(+), 281 deletions(-) diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll index 958bca246cb..895ef74b41e 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll @@ -38,6 +38,7 @@ private import DataFlowPrivate private import FlowSummaryImpl as FlowSummaryImpl private import FlowSummaryImplSpecific as FlowSummaryImplSpecific private import semmle.python.internal.CachedStages +private import semmle.python.dataflow.new.internal.TypeTracker::CallGraphConstruction as CallGraphConstruction newtype TParameterPosition = /** Used for `self` in methods, and `cls` in classmethods. */ @@ -464,189 +465,105 @@ private predicate ignoreForCallGraph(File f) { f.getAbsolutePath().matches("%/site-packages/sympy/%") } -bindingset[n] -pragma[inline_late] -private predicate includeInCallGraph(TypeTrackingNode n) { - not ignoreForCallGraph(n.getLocation().getFile()) -} +private module TrackFunctionInput implements CallGraphConstruction::Simple::InputSig { + class State = Function; -pragma[nomagic] -private predicate stepCallProj(TypeTrackingNode nodeFrom, StepSummary summary) { - StepSummary::stepCall(nodeFrom, _, summary) -} - -bindingset[t, summary] -pragma[inline_late] -private TypeTracker append(TypeTracker t, StepSummary summary) { result = t.append(summary) } - -/** - * Gets a reference to the function `func`. - */ -private TypeTrackingNode functionTracker(TypeTracker t, Function func) { - includeInCallGraph(result) and - ( - t.start() and - ( - result.asExpr() = func.getDefinition() - or - // when a function is decorated, it's the result of the (last) decorator call that - // is used - result.asExpr() = func.getDefinition().(FunctionExpr).getADecoratorCall() - ) + predicate start(Node start, Function func) { + start.asExpr() = func.getDefinition() or - ( - exists(TypeTracker t2 | t = t2.stepNoCall(functionTracker(t2, func), result)) - or - exists(StepSummary summary | - // non-linear recursion - StepSummary::stepCall(functionTrackerCall(t, func, summary), result, summary) - ) - ) - ) -} + // when a function is decorated, it's the result of the (last) decorator call that + // is used + start.asExpr() = func.getDefinition().(FunctionExpr).getADecoratorCall() + } -pragma[nomagic] -private TypeTrackingNode functionTrackerCall(TypeTracker t, Function func, StepSummary summary) { - exists(TypeTracker t2 | - // non-linear recursion - result = functionTracker(t2, func) and - stepCallProj(result, summary) and - t = append(t2, summary) - ) + predicate filter(Node n) { ignoreForCallGraph(n.getLocation().getFile()) } } /** * Gets a reference to the function `func`. */ -Node functionTracker(Function func) { functionTracker(TypeTracker::end(), func).flowsTo(result) } +Node functionTracker(Function func) { + CallGraphConstruction::Simple::Make<TrackFunctionInput>::track(func) + .(LocalSourceNode) + .flowsTo(result) +} -/** - * Gets a reference to the class `cls`. - */ -private TypeTrackingNode classTracker(TypeTracker t, Class cls) { - includeInCallGraph(result) and - ( - t.start() and - ( - result.asExpr() = cls.getParent() - or - // when a class is decorated, it's the result of the (last) decorator call that - // is used - result.asExpr() = cls.getParent().getADecoratorCall() - or - // `type(obj)`, where obj is an instance of this class - result = getTypeCall() and - result.(CallCfgNode).getArg(0) = classInstanceTracker(cls) - ) +private module TrackClassInput implements CallGraphConstruction::Simple::InputSig { + class State = Class; + + predicate start(Node start, Class cls) { + start.asExpr() = cls.getParent() or - not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) and - ( - exists(TypeTracker t2 | t = t2.stepNoCall(classTracker(t2, cls), result)) - or - exists(StepSummary summary | - // non-linear recursion - StepSummary::stepCall(classTrackerCall(t, cls, summary), result, summary) - ) - ) - ) -} + // when a class is decorated, it's the result of the (last) decorator call that + // is used + start.asExpr() = cls.getParent().getADecoratorCall() + or + // `type(obj)`, where obj is an instance of this class + start = getTypeCall() and + start.(CallCfgNode).getArg(0) = classInstanceTracker(cls) + } -pragma[nomagic] -private TypeTrackingNode classTrackerCall(TypeTracker t, Class cls, StepSummary summary) { - exists(TypeTracker t2 | - // non-linear recursion - result = classTracker(t2, cls) and - stepCallProj(result, summary) and - t = append(t2, summary) - ) + predicate filter(Node n) { + ignoreForCallGraph(n.getLocation().getFile()) + or + n.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) + } } /** * Gets a reference to the class `cls`. */ -Node classTracker(Class cls) { classTracker(TypeTracker::end(), cls).flowsTo(result) } +Node classTracker(Class cls) { + CallGraphConstruction::Simple::Make<TrackClassInput>::track(cls).(LocalSourceNode).flowsTo(result) +} -/** - * Gets a reference to an instance of the class `cls`. - */ -private TypeTrackingNode classInstanceTracker(TypeTracker t, Class cls) { - includeInCallGraph(result) and - ( - t.start() and - resolveClassCall(result.(CallCfgNode).asCfgNode(), cls) +private module TrackClassInstanceInput implements CallGraphConstruction::Simple::InputSig { + class State = Class; + + predicate start(Node start, Class cls) { + resolveClassCall(start.(CallCfgNode).asCfgNode(), cls) or // result of `super().__new__` as used in a `__new__` method implementation - t.start() and exists(Class classUsedInSuper | - fromSuperNewCall(result.(CallCfgNode).asCfgNode(), classUsedInSuper, _, _) and + fromSuperNewCall(start.(CallCfgNode).asCfgNode(), classUsedInSuper, _, _) and classUsedInSuper = getADirectSuperclass*(cls) ) - or - not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) and - ( - exists(TypeTracker t2 | t = t2.stepNoCall(classInstanceTracker(t2, cls), result)) - or - exists(StepSummary summary | - // non-linear recursion - StepSummary::stepCall(classInstanceTrackerCall(t, cls, summary), result, summary) - ) - ) - ) -} + } -pragma[nomagic] -private TypeTrackingNode classInstanceTrackerCall(TypeTracker t, Class cls, StepSummary summary) { - exists(TypeTracker t2 | - // non-linear recursion - result = classInstanceTracker(t2, cls) and - stepCallProj(result, summary) and - t = append(t2, summary) - ) + predicate filter(Node n) { + ignoreForCallGraph(n.getLocation().getFile()) + or + n.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) + } } /** * Gets a reference to an instance of the class `cls`. */ Node classInstanceTracker(Class cls) { - classInstanceTracker(TypeTracker::end(), cls).flowsTo(result) + CallGraphConstruction::Simple::Make<TrackClassInstanceInput>::track(cls) + .(LocalSourceNode) + .flowsTo(result) } -/** - * Gets a reference to the `self` argument of a method on class `classWithMethod`. - * The method cannot be a `staticmethod` or `classmethod`. - */ -private TypeTrackingNode selfTracker(TypeTracker t, Class classWithMethod) { - includeInCallGraph(result) and - ( - t.start() and +private module TrackSelfInput implements CallGraphConstruction::Simple::InputSig { + class State = Class; + + predicate start(Node start, Class classWithMethod) { exists(Function func | func = classWithMethod.getAMethod() and not isStaticmethod(func) and not isClassmethod(func) | - result.asExpr() = func.getArg(0) + start.asExpr() = func.getArg(0) ) - or - not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) and - ( - exists(TypeTracker t2 | t = t2.stepNoCall(selfTracker(t2, classWithMethod), result)) - or - exists(StepSummary summary | - // non-linear recursion - StepSummary::stepCall(selfTrackerCall(t, classWithMethod, summary), result, summary) - ) - ) - ) -} + } -pragma[nomagic] -private TypeTrackingNode selfTrackerCall(TypeTracker t, Class classWithMethod, StepSummary summary) { - exists(TypeTracker t2 | - // non-linear recursion - result = selfTracker(t2, classWithMethod) and - stepCallProj(result, summary) and - t = append(t2, summary) - ) + predicate filter(Node n) { + ignoreForCallGraph(n.getLocation().getFile()) + or + n.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) + } } /** @@ -654,53 +571,32 @@ private TypeTrackingNode selfTrackerCall(TypeTracker t, Class classWithMethod, S * The method cannot be a `staticmethod` or `classmethod`. */ Node selfTracker(Class classWithMethod) { - selfTracker(TypeTracker::end(), classWithMethod).flowsTo(result) + CallGraphConstruction::Simple::Make<TrackSelfInput>::track(classWithMethod) + .(LocalSourceNode) + .flowsTo(result) } -/** - * Gets a reference to the enclosing class `classWithMethod` from within one of its - * methods, either through the `cls` argument from a `classmethod` or from `type(self)` - * from a normal method. - */ -private TypeTrackingNode clsArgumentTracker(TypeTracker t, Class classWithMethod) { - includeInCallGraph(result) and - ( - t.start() and - ( - exists(Function func | - func = classWithMethod.getAMethod() and - isClassmethod(func) - | - result.asExpr() = func.getArg(0) - ) - or - // type(self) - result = getTypeCall() and - result.(CallCfgNode).getArg(0) = selfTracker(classWithMethod) +private module TrackClsArgumentInput implements CallGraphConstruction::Simple::InputSig { + class State = Class; + + predicate start(Node start, Class classWithMethod) { + exists(Function func | + func = classWithMethod.getAMethod() and + isClassmethod(func) + | + start.asExpr() = func.getArg(0) ) or - not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) and - ( - exists(TypeTracker t2 | t = t2.stepNoCall(clsArgumentTracker(t2, classWithMethod), result)) - or - exists(StepSummary summary | - // non-linear recursion - StepSummary::stepCall(clsArgumentTrackerCall(t, classWithMethod, summary), result, summary) - ) - ) - ) -} + // type(self) + start = getTypeCall() and + start.(CallCfgNode).getArg(0) = selfTracker(classWithMethod) + } -pragma[nomagic] -private TypeTrackingNode clsArgumentTrackerCall( - TypeTracker t, Class classWithMethod, StepSummary summary -) { - exists(TypeTracker t2 | - // non-linear recursion - result = clsArgumentTracker(t2, classWithMethod) and - stepCallProj(result, summary) and - t = append(t2, summary) - ) + predicate filter(Node n) { + ignoreForCallGraph(n.getLocation().getFile()) + or + n.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) + } } /** @@ -709,46 +605,28 @@ private TypeTrackingNode clsArgumentTrackerCall( * from a normal method. */ Node clsArgumentTracker(Class classWithMethod) { - clsArgumentTracker(TypeTracker::end(), classWithMethod).flowsTo(result) + CallGraphConstruction::Simple::Make<TrackClsArgumentInput>::track(classWithMethod) + .(LocalSourceNode) + .flowsTo(result) } -/** - * Gets a reference to the result of calling `super` without any argument, where the - * call happened in the method `func` (either a method or a classmethod). - */ -private TypeTrackingNode superCallNoArgumentTracker(TypeTracker t, Function func) { - includeInCallGraph(result) and - ( - t.start() and +private module TrackSuperCallNoArgumentInput implements CallGraphConstruction::Simple::InputSig { + class State = Function; + + predicate start(Node start, Function func) { not isStaticmethod(func) and - exists(CallCfgNode call | result = call | + exists(CallCfgNode call | start = call | call = getSuperCall() and not exists(call.getArg(_)) and call.getScope() = func ) - or - not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) and - ( - exists(TypeTracker t2 | t = t2.stepNoCall(superCallNoArgumentTracker(t2, func), result)) - or - exists(StepSummary summary | - // non-linear recursion - StepSummary::stepCall(superCallNoArgumentTrackerCall(t, func, summary), result, summary) - ) - ) - ) -} + } -pragma[nomagic] -private TypeTrackingNode superCallNoArgumentTrackerCall( - TypeTracker t, Function func, StepSummary summary -) { - exists(TypeTracker t2 | - // non-linear recursion - result = functionTracker(t2, func) and - stepCallProj(result, summary) and - t = append(t2, summary) - ) + predicate filter(Node n) { + ignoreForCallGraph(n.getLocation().getFile()) + or + n.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) + } } /** @@ -756,45 +634,30 @@ private TypeTrackingNode superCallNoArgumentTrackerCall( * call happened in the method `func` (either a method or a classmethod). */ Node superCallNoArgumentTracker(Function func) { - superCallNoArgumentTracker(TypeTracker::end(), func).flowsTo(result) + CallGraphConstruction::Simple::Make<TrackSuperCallNoArgumentInput>::track(func) + .(LocalSourceNode) + .flowsTo(result) } -/** - * Gets a reference to the result of calling `super` with 2 arguments, where the - * first is a reference to the class `cls`, and the second argument is `obj`. - */ -private TypeTrackingNode superCallTwoArgumentTracker(TypeTracker t, Class cls, Node obj) { - includeInCallGraph(result) and - ( - t.start() and - exists(CallCfgNode call | result = call | - call = getSuperCall() and - call.getArg(0) = classTracker(cls) and - call.getArg(1) = obj - ) +private module TrackSuperCallTwoArgumentInput implements CallGraphConstruction::Simple::InputSig { + additional predicate superCall(CallCfgNode call, Class cls, Node obj) { + call = getSuperCall() and + call.getArg(0) = classTracker(cls) and + call.getArg(1) = obj + } + + class State = CallCfgNode; + + predicate start(Node start, CallCfgNode call) { + superCall(call, _, _) and + start = call + } + + predicate filter(Node n) { + ignoreForCallGraph(n.getLocation().getFile()) or - not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) and - ( - exists(TypeTracker t2 | t = t2.stepNoCall(superCallTwoArgumentTracker(t2, cls, obj), result)) - or - exists(StepSummary summary | - // non-linear recursion - StepSummary::stepCall(superCallTwoArgumentTrackerCall(t, cls, obj, summary), result, summary) - ) - ) - ) -} - -pragma[nomagic] -private TypeTrackingNode superCallTwoArgumentTrackerCall( - TypeTracker t, Class cls, Node obj, StepSummary summary -) { - exists(TypeTracker t2 | - // non-linear recursion - result = superCallTwoArgumentTracker(t2, cls, obj) and - stepCallProj(result, summary) and - t = append(t2, summary) - ) + n.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) + } } /** @@ -802,7 +665,12 @@ private TypeTrackingNode superCallTwoArgumentTrackerCall( * first is a reference to the class `cls`, and the second argument is `obj`. */ Node superCallTwoArgumentTracker(Class cls, Node obj) { - superCallTwoArgumentTracker(TypeTracker::end(), cls, obj).flowsTo(result) + exists(CallCfgNode call | + TrackSuperCallTwoArgumentInput::superCall(call, cls, obj) and + CallGraphConstruction::Simple::Make<TrackSuperCallTwoArgumentInput>::track(call) + .(LocalSourceNode) + .flowsTo(result) + ) } // ============================================================================= @@ -946,35 +814,30 @@ Function findFunctionAccordingToMroKnownStartingClass(Class startingClass, strin // ============================================================================= // attribute trackers // ============================================================================= -/** Gets a reference to the attribute read `attr` */ -private TypeTrackingNode attrReadTracker(TypeTracker t, AttrRead attr) { - t.start() and - result = attr and - attr.getObject() in [ - classTracker(_), classInstanceTracker(_), selfTracker(_), clsArgumentTracker(_), - superCallNoArgumentTracker(_), superCallTwoArgumentTracker(_, _) - ] - or - exists(TypeTracker t2 | t = t2.stepNoCall(attrReadTracker(t2, attr), result)) - or - exists(StepSummary summary | - // non-linear recursion - StepSummary::stepCall(attrReadTrackerCall(t, attr, summary), result, summary) - ) -} +private module TrackAttrReadInput implements CallGraphConstruction::Simple::InputSig { + class State = AttrRead; -pragma[nomagic] -private TypeTrackingNode attrReadTrackerCall(TypeTracker t, AttrRead attr, StepSummary summary) { - exists(TypeTracker t2 | - // non-linear recursion - result = attrReadTracker(t2, attr) and - stepCallProj(result, summary) and - t = append(t2, summary) - ) + predicate start(Node start, AttrRead attr) { + start = attr and + attr.getObject() in [ + classTracker(_), classInstanceTracker(_), selfTracker(_), clsArgumentTracker(_), + superCallNoArgumentTracker(_), superCallTwoArgumentTracker(_, _) + ] + } + + predicate filter(Node n) { + ignoreForCallGraph(n.getLocation().getFile()) + or + n.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf())) + } } /** Gets a reference to the attribute read `attr` */ -Node attrReadTracker(AttrRead attr) { attrReadTracker(TypeTracker::end(), attr).flowsTo(result) } +Node attrReadTracker(AttrRead attr) { + CallGraphConstruction::Simple::Make<TrackAttrReadInput>::track(attr) + .(LocalSourceNode) + .flowsTo(result) +} // ============================================================================= // call and argument resolution From 60725e9580b2a19095de5d111ec445910de60bb6 Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Wed, 7 Jun 2023 09:07:22 +0200 Subject: [PATCH 856/870] Update java/ql/lib/ext/org.springframework.core.io.model.yml --- java/ql/lib/ext/org.springframework.core.io.model.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/java/ql/lib/ext/org.springframework.core.io.model.yml b/java/ql/lib/ext/org.springframework.core.io.model.yml index 7f3f3718471..b6dd35c8096 100644 --- a/java/ql/lib/ext/org.springframework.core.io.model.yml +++ b/java/ql/lib/ext/org.springframework.core.io.model.yml @@ -3,4 +3,5 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.springframework.core.io", "ResourceLoader", True, "getResource", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] # todo: look into whether this may also be a request forgery sink + - ["org.springframework.core.io", "ResourceLoader", True, "getResource", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["org.springframework.core.io", "ResourceLoader", True, "getResource", "(String)", "", "Argument[0]", "request-forgery", "manual"] From 8001ae9669ffe778732f2b5b4b2ff83d81f23b14 Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Wed, 7 Jun 2023 09:08:24 +0200 Subject: [PATCH 857/870] Update java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com> --- java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll b/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll index 68365db51c2..8261aef9fb3 100644 --- a/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll @@ -50,7 +50,7 @@ private class FileCreationSink extends DataFlow::Node { /** * Holds if `sink` is a path creation node that doesn't imply a read/write filesystem operation. * This is to avoid creating new spurious alerts, since `PathCreation` sinks weren't - * previosuly part of this query. + * previously part of this query. */ private predicate isPathCreation(DataFlow::Node sink) { exists(PathCreation pc | From 700e3d5e5317974facfad004e3fddcf8add57a06 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli <redsun82@github.com> Date: Wed, 7 Jun 2023 09:12:39 +0200 Subject: [PATCH 858/870] Codegen: rename `ipa` to `synth` --- misc/codegen/generators/cppgen.py | 2 +- misc/codegen/generators/dbschemegen.py | 4 +- misc/codegen/generators/qlgen.py | 74 +++++++++---------- misc/codegen/lib/ql.py | 38 +++++----- misc/codegen/lib/schema.py | 12 +-- misc/codegen/lib/schemadefs.py | 4 +- misc/codegen/loaders/schemaloader.py | 32 ++++---- misc/codegen/templates/ql_stub.mustache | 8 +- ...che => ql_synth_constructor_stub.mustache} | 8 +- ...types.mustache => ql_synth_types.mustache} | 16 ++-- misc/codegen/test/test_cppgen.py | 8 +- misc/codegen/test/test_dbschemegen.py | 12 +-- misc/codegen/test/test_ql.py | 4 +- misc/codegen/test/test_qlgen.py | 20 ++--- misc/codegen/test/test_schemaloader.py | 34 ++++----- 15 files changed, 138 insertions(+), 138 deletions(-) rename misc/codegen/templates/{ql_ipa_constructor_stub.mustache => ql_synth_constructor_stub.mustache} (61%) rename misc/codegen/templates/{ql_ipa_types.mustache => ql_synth_types.mustache} (91%) diff --git a/misc/codegen/generators/cppgen.py b/misc/codegen/generators/cppgen.py index 8f522dc1435..de53b771d35 100644 --- a/misc/codegen/generators/cppgen.py +++ b/misc/codegen/generators/cppgen.py @@ -85,7 +85,7 @@ class Processor: def get_classes(self): ret = {'': []} for k, cls in self._classmap.items(): - if not cls.ipa: + if not cls.synth: ret.setdefault(cls.group, []).append(self._get_class(cls.name)) return ret diff --git a/misc/codegen/generators/dbschemegen.py b/misc/codegen/generators/dbschemegen.py index bc45ae3022f..2c3cd5598d5 100755 --- a/misc/codegen/generators/dbschemegen.py +++ b/misc/codegen/generators/dbschemegen.py @@ -40,10 +40,10 @@ def dbtype(typename: str, add_or_none_except: typing.Optional[str] = None) -> st def cls_to_dbscheme(cls: schema.Class, lookup: typing.Dict[str, schema.Class], add_or_none_except: typing.Optional[str] = None): """ Yield all dbscheme entities needed to model class `cls` """ - if cls.ipa: + if cls.synth: return if cls.derived: - yield Union(dbtype(cls.name), (dbtype(c) for c in cls.derived if not lookup[c].ipa)) + yield Union(dbtype(cls.name), (dbtype(c) for c in cls.derived if not lookup[c].synth)) dir = pathlib.Path(cls.group) if cls.group else None # output a table specific to a class only if it is a leaf class or it has 1-to-1 properties # Leaf classes need a table to bind the `@` ids diff --git a/misc/codegen/generators/qlgen.py b/misc/codegen/generators/qlgen.py index 99aca88add4..0dad9d3322f 100755 --- a/misc/codegen/generators/qlgen.py +++ b/misc/codegen/generators/qlgen.py @@ -111,7 +111,7 @@ def get_ql_property(cls: schema.Class, prop: schema.Property, lookup: typing.Dic is_predicate=prop.is_predicate, is_unordered=prop.is_unordered, description=prop.description, - synth=bool(cls.ipa) or prop.synth, + synth=bool(cls.synth) or prop.synth, type_is_hideable=lookup[prop.type].hideable if prop.type in lookup else False, ) if prop.is_single: @@ -179,26 +179,26 @@ def _to_db_type(x: str) -> str: _final_db_class_lookup = {} -def get_ql_ipa_class_db(name: str) -> ql.Synth.FinalClassDb: +def get_ql_synth_class_db(name: str) -> ql.Synth.FinalClassDb: return _final_db_class_lookup.setdefault(name, ql.Synth.FinalClassDb(name=name, params=[ ql.Synth.Param("id", _to_db_type(name))])) -def get_ql_ipa_class(cls: schema.Class): +def get_ql_synth_class(cls: schema.Class): if cls.derived: return ql.Synth.NonFinalClass(name=cls.name, derived=sorted(cls.derived), root=not cls.bases) - if cls.ipa and cls.ipa.from_class is not None: - source = cls.ipa.from_class - get_ql_ipa_class_db(source).subtract_type(cls.name) - return ql.Synth.FinalClassDerivedIpa(name=cls.name, - params=[ql.Synth.Param("id", _to_db_type(source))]) - if cls.ipa and cls.ipa.on_arguments is not None: - return ql.Synth.FinalClassFreshIpa(name=cls.name, - params=[ql.Synth.Param(k, _to_db_type(v)) - for k, v in cls.ipa.on_arguments.items()]) - return get_ql_ipa_class_db(cls.name) + if cls.synth and cls.synth.from_class is not None: + source = cls.synth.from_class + get_ql_synth_class_db(source).subtract_type(cls.name) + return ql.Synth.FinalClassDerivedSynth(name=cls.name, + params=[ql.Synth.Param("id", _to_db_type(source))]) + if cls.synth and cls.synth.on_arguments is not None: + return ql.Synth.FinalClassFreshSynth(name=cls.name, + params=[ql.Synth.Param(k, _to_db_type(v)) + for k, v in cls.synth.on_arguments.items()]) + return get_ql_synth_class_db(cls.name) def get_import(file: pathlib.Path, root_dir: pathlib.Path): @@ -291,26 +291,26 @@ def _should_skip_qltest(cls: schema.Class, lookup: typing.Dict[str, schema.Class def _get_stub(cls: schema.Class, base_import: str, generated_import_prefix: str) -> ql.Stub: - if isinstance(cls.ipa, schema.IpaInfo): - if cls.ipa.from_class is not None: + if isinstance(cls.synth, schema.SynthInfo): + if cls.synth.from_class is not None: accessors = [ - ql.IpaUnderlyingAccessor( + ql.SynthUnderlyingAccessor( argument="Entity", - type=_to_db_type(cls.ipa.from_class), + type=_to_db_type(cls.synth.from_class), constructorparams=["result"] ) ] - elif cls.ipa.on_arguments is not None: + elif cls.synth.on_arguments is not None: accessors = [ - ql.IpaUnderlyingAccessor( + ql.SynthUnderlyingAccessor( argument=inflection.camelize(arg), type=_to_db_type(type), - constructorparams=["result" if a == arg else "_" for a in cls.ipa.on_arguments] - ) for arg, type in cls.ipa.on_arguments.items() + constructorparams=["result" if a == arg else "_" for a in cls.synth.on_arguments] + ) for arg, type in cls.synth.on_arguments.items() ] else: accessors = [] - return ql.Stub(name=cls.name, base_import=base_import, import_prefix=generated_import_prefix, ipa_accessors=accessors) + return ql.Stub(name=cls.name, base_import=base_import, import_prefix=generated_import_prefix, synth_accessors=accessors) def generate(opts, renderer): @@ -344,7 +344,7 @@ def generate(opts, renderer): with renderer.manage(generated=generated, stubs=stubs, registry=opts.generated_registry, force=opts.force) as renderer: - db_classes = [cls for name, cls in classes.items() if not data.classes[name].ipa] + db_classes = [cls for name, cls in classes.items() if not data.classes[name].synth] renderer.render(ql.DbClasses(db_classes), out / "Raw.qll") classes_by_dir_and_name = sorted(classes.values(), key=lambda cls: (cls.dir, cls.name)) @@ -401,32 +401,32 @@ def generate(opts, renderer): elements_module=elements_module, property=p), test_dir / f"{c.name}_{p.getter}.ql") - final_ipa_types = [] - non_final_ipa_types = [] + final_synth_types = [] + non_final_synth_types = [] constructor_imports = [] - ipa_constructor_imports = [] + synth_constructor_imports = [] stubs = {} for cls in sorted(data.classes.values(), key=lambda cls: (cls.group, cls.name)): - ipa_type = get_ql_ipa_class(cls) - if ipa_type.is_final: - final_ipa_types.append(ipa_type) - if ipa_type.has_params: + synth_type = get_ql_synth_class(cls) + if synth_type.is_final: + final_synth_types.append(synth_type) + if synth_type.has_params: stub_file = stub_out / cls.group / f"{cls.name}Constructor.qll" if not renderer.is_customized_stub(stub_file): - # stub rendering must be postponed as we might not have yet all subtracted ipa types in `ipa_type` - stubs[stub_file] = ql.Synth.ConstructorStub(ipa_type, import_prefix=generated_import_prefix) + # stub rendering must be postponed as we might not have yet all subtracted synth types in `synth_type` + stubs[stub_file] = ql.Synth.ConstructorStub(synth_type, import_prefix=generated_import_prefix) constructor_import = get_import(stub_file, opts.root_dir) constructor_imports.append(constructor_import) - if ipa_type.is_ipa: - ipa_constructor_imports.append(constructor_import) + if synth_type.is_synth: + synth_constructor_imports.append(constructor_import) else: - non_final_ipa_types.append(ipa_type) + non_final_synth_types.append(synth_type) for stub_file, data in stubs.items(): renderer.render(data, stub_file) renderer.render(ql.Synth.Types(root.name, generated_import_prefix, - final_ipa_types, non_final_ipa_types), out / "Synth.qll") + final_synth_types, non_final_synth_types), out / "Synth.qll") renderer.render(ql.ImportList(constructor_imports), out / "SynthConstructors.qll") - renderer.render(ql.ImportList(ipa_constructor_imports), out / "PureSynthConstructors.qll") + renderer.render(ql.ImportList(synth_constructor_imports), out / "PureSynthConstructors.qll") if opts.ql_format: format(opts.codeql_binary, renderer.written) diff --git a/misc/codegen/lib/ql.py b/misc/codegen/lib/ql.py index a5f82a3d64b..59a672ab3ce 100644 --- a/misc/codegen/lib/ql.py +++ b/misc/codegen/lib/ql.py @@ -147,7 +147,7 @@ class Class: @dataclass -class IpaUnderlyingAccessor: +class SynthUnderlyingAccessor: argument: str type: str constructorparams: List[Param] @@ -165,11 +165,11 @@ class Stub: name: str base_import: str import_prefix: str - ipa_accessors: List[IpaUnderlyingAccessor] = field(default_factory=list) + synth_accessors: List[SynthUnderlyingAccessor] = field(default_factory=list) @property - def has_ipa_accessors(self) -> bool: - return bool(self.ipa_accessors) + def has_synth_accessors(self) -> bool: + return bool(self.synth_accessors) @dataclass @@ -245,8 +245,8 @@ class Synth: @dataclass class FinalClass(Class): is_final: ClassVar = True - is_derived_ipa: ClassVar = False - is_fresh_ipa: ClassVar = False + is_derived_synth: ClassVar = False + is_fresh_synth: ClassVar = False is_db: ClassVar = False params: List["Synth.Param"] = field(default_factory=list) @@ -256,37 +256,37 @@ class Synth: self.params[0].first = True @property - def is_ipa(self): - return self.is_fresh_ipa or self.is_derived_ipa + def is_synth(self): + return self.is_fresh_synth or self.is_derived_synth @property def has_params(self) -> bool: return bool(self.params) @dataclass - class FinalClassIpa(FinalClass): + class FinalClassSynth(FinalClass): pass @dataclass - class FinalClassDerivedIpa(FinalClassIpa): - is_derived_ipa: ClassVar = True + class FinalClassDerivedSynth(FinalClassSynth): + is_derived_synth: ClassVar = True @dataclass - class FinalClassFreshIpa(FinalClassIpa): - is_fresh_ipa: ClassVar = True + class FinalClassFreshSynth(FinalClassSynth): + is_fresh_synth: ClassVar = True @dataclass class FinalClassDb(FinalClass): is_db: ClassVar = True - subtracted_ipa_types: List["Synth.Class"] = field(default_factory=list) + subtracted_synth_types: List["Synth.Class"] = field(default_factory=list) def subtract_type(self, type: str): - self.subtracted_ipa_types.append(Synth.Class(type, first=not self.subtracted_ipa_types)) + self.subtracted_synth_types.append(Synth.Class(type, first=not self.subtracted_synth_types)) @property - def has_subtracted_ipa_types(self) -> bool: - return bool(self.subtracted_ipa_types) + def has_subtracted_synth_types(self) -> bool: + return bool(self.subtracted_synth_types) @property def db_id(self) -> str: @@ -304,7 +304,7 @@ class Synth: @dataclass class Types: - template: ClassVar = "ql_ipa_types" + template: ClassVar = "ql_synth_types" root: str import_prefix: str @@ -317,7 +317,7 @@ class Synth: @dataclass class ConstructorStub: - template: ClassVar = "ql_ipa_constructor_stub" + template: ClassVar = "ql_synth_constructor_stub" cls: "Synth.FinalClass" import_prefix: str diff --git a/misc/codegen/lib/schema.py b/misc/codegen/lib/schema.py index 6c1869e92ce..bc1a90f9e25 100644 --- a/misc/codegen/lib/schema.py +++ b/misc/codegen/lib/schema.py @@ -75,7 +75,7 @@ RepeatedUnorderedProperty = functools.partial(Property, Property.Kind.REPEATED_U @dataclass -class IpaInfo: +class SynthInfo: from_class: Optional[str] = None on_arguments: Optional[Dict[str, str]] = None @@ -88,7 +88,7 @@ class Class: properties: List[Property] = field(default_factory=list) group: str = "" pragmas: List[str] = field(default_factory=list) - ipa: Optional[Union[IpaInfo, bool]] = None + synth: Optional[Union[SynthInfo, bool]] = None """^^^ filled with `True` for non-final classes with only synthesized final descendants """ doc: List[str] = field(default_factory=list) default_doc_name: Optional[str] = None @@ -105,10 +105,10 @@ class Class: _check_type(d, known) for p in self.properties: _check_type(p.type, known) - if self.ipa is not None: - _check_type(self.ipa.from_class, known) - if self.ipa.on_arguments is not None: - for t in self.ipa.on_arguments.values(): + if self.synth is not None: + _check_type(self.synth.from_class, known) + if self.synth.on_arguments is not None: + for t in self.synth.on_arguments.values(): _check_type(t, known) diff --git a/misc/codegen/lib/schemadefs.py b/misc/codegen/lib/schemadefs.py index b0d6e1c0f6b..61abbec75a5 100644 --- a/misc/codegen/lib/schemadefs.py +++ b/misc/codegen/lib/schemadefs.py @@ -160,7 +160,7 @@ def group(name: str = "") -> _ClassDecorator: return _annotate(group=name) -synth.from_class = lambda ref: _annotate(ipa=_schema.IpaInfo( +synth.from_class = lambda ref: _annotate(synth=_schema.SynthInfo( from_class=_schema.get_type_name(ref))) synth.on_arguments = lambda **kwargs: _annotate( - ipa=_schema.IpaInfo(on_arguments={k: _schema.get_type_name(t) for k, t in kwargs.items()})) + synth=_schema.SynthInfo(on_arguments={k: _schema.get_type_name(t) for k, t in kwargs.items()})) diff --git a/misc/codegen/loaders/schemaloader.py b/misc/codegen/loaders/schemaloader.py index 64f4d03cb57..c81c2061d91 100644 --- a/misc/codegen/loaders/schemaloader.py +++ b/misc/codegen/loaders/schemaloader.py @@ -40,7 +40,7 @@ def _get_class(cls: type) -> schema.Class: hideable=getattr(cls, "_hideable", False), # in the following we don't use `getattr` to avoid inheriting pragmas=cls.__dict__.get("_pragmas", []), - ipa=cls.__dict__.get("_ipa", None), + synth=cls.__dict__.get("_synth", None), properties=[ a | _PropertyNamer(n) for n, a in cls.__dict__.get("__annotations__", {}).items() @@ -65,34 +65,34 @@ def _toposort_classes_by_group(classes: typing.Dict[str, schema.Class]) -> typin return ret -def _fill_ipa_information(classes: typing.Dict[str, schema.Class]): - """ Take a dictionary where the `ipa` field is filled for all explicitly synthesized classes +def _fill_synth_information(classes: typing.Dict[str, schema.Class]): + """ Take a dictionary where the `synth` field is filled for all explicitly synthesized classes and update it so that all non-final classes that have only synthesized final descendants - get `True` as` value for the `ipa` field + get `True` as` value for the `synth` field """ if not classes: return - is_ipa: typing.Dict[str, bool] = {} + is_synth: typing.Dict[str, bool] = {} - def fill_is_ipa(name: str): - if name not in is_ipa: + def fill_is_synth(name: str): + if name not in is_synth: cls = classes[name] for d in cls.derived: - fill_is_ipa(d) - if cls.ipa is not None: - is_ipa[name] = True + fill_is_synth(d) + if cls.synth is not None: + is_synth[name] = True elif not cls.derived: - is_ipa[name] = False + is_synth[name] = False else: - is_ipa[name] = all(is_ipa[d] for d in cls.derived) + is_synth[name] = all(is_synth[d] for d in cls.derived) root = next(iter(classes)) - fill_is_ipa(root) + fill_is_synth(root) for name, cls in classes.items(): - if cls.ipa is None and is_ipa[name]: - cls.ipa = True + if cls.synth is None and is_synth[name]: + cls.synth = True def _fill_hideable_information(classes: typing.Dict[str, schema.Class]): @@ -134,7 +134,7 @@ def load(m: types.ModuleType) -> schema.Schema: null = name cls.is_null_class = True - _fill_ipa_information(classes) + _fill_synth_information(classes) _fill_hideable_information(classes) return schema.Schema(includes=includes, classes=_toposort_classes_by_group(classes), null=null) diff --git a/misc/codegen/templates/ql_stub.mustache b/misc/codegen/templates/ql_stub.mustache index 7e17efc6d46..b5b6a9d70cb 100644 --- a/misc/codegen/templates/ql_stub.mustache +++ b/misc/codegen/templates/ql_stub.mustache @@ -1,9 +1,9 @@ // generated by {{generator}}, remove this comment if you wish to edit this file private import {{base_import}} -{{#has_ipa_accessors}} +{{#has_synth_accessors}} private import {{import_prefix}}.Raw private import {{import_prefix}}.Synth -{{/has_ipa_accessors}} +{{/has_synth_accessors}} {{#ql_internal}} /** @@ -11,8 +11,8 @@ private import {{import_prefix}}.Synth */ {{/ql_internal}} class {{name}} extends Generated::{{name}} { - {{#ipa_accessors}} + {{#synth_accessors}} private cached {{type}} getUnderlying{{argument}}() { this = Synth::T{{name}}({{#constructorparams}}{{^first}},{{/first}}{{param}}{{/constructorparams}})} - {{/ipa_accessors}} + {{/synth_accessors}} } diff --git a/misc/codegen/templates/ql_ipa_constructor_stub.mustache b/misc/codegen/templates/ql_synth_constructor_stub.mustache similarity index 61% rename from misc/codegen/templates/ql_ipa_constructor_stub.mustache rename to misc/codegen/templates/ql_synth_constructor_stub.mustache index e5e525417d3..3425e8c618f 100644 --- a/misc/codegen/templates/ql_ipa_constructor_stub.mustache +++ b/misc/codegen/templates/ql_synth_constructor_stub.mustache @@ -2,15 +2,15 @@ private import {{import_prefix}}.Raw {{#cls}} {{#is_db}} -{{#has_subtracted_ipa_types}} +{{#has_subtracted_synth_types}} private import {{import_prefix}}.PureSynthConstructors -{{/has_subtracted_ipa_types}} +{{/has_subtracted_synth_types}} {{/is_db}} predicate construct{{name}}({{#params}}{{^first}}, {{/first}}{{type}} {{param}}{{/params}}) { {{#is_db}} - {{#subtracted_ipa_types}}{{^first}} and {{/first}}not construct{{name}}(id){{/subtracted_ipa_types}} - {{^subtracted_ipa_types}}any(){{/subtracted_ipa_types}} + {{#subtracted_synth_types}}{{^first}} and {{/first}}not construct{{name}}(id){{/subtracted_synth_types}} + {{^subtracted_synth_types}}any(){{/subtracted_synth_types}} {{/is_db}} {{^is_db}} none() diff --git a/misc/codegen/templates/ql_ipa_types.mustache b/misc/codegen/templates/ql_synth_types.mustache similarity index 91% rename from misc/codegen/templates/ql_ipa_types.mustache rename to misc/codegen/templates/ql_synth_types.mustache index d4244690930..a174d141a6b 100644 --- a/misc/codegen/templates/ql_ipa_types.mustache +++ b/misc/codegen/templates/ql_synth_types.mustache @@ -38,12 +38,12 @@ cached module Synth { * Converts a raw element to a synthesized `T{{name}}`, if possible. */ cached T{{name}} convert{{name}}FromRaw(Raw::Element e) { - {{^is_fresh_ipa}} + {{^is_fresh_synth}} result = T{{name}}(e) - {{/is_fresh_ipa}} - {{#is_fresh_ipa}} + {{/is_fresh_synth}} + {{#is_fresh_synth}} none() - {{/is_fresh_ipa}} + {{/is_fresh_synth}} } {{/final_classes}} @@ -68,12 +68,12 @@ cached module Synth { * Converts a synthesized `T{{name}}` to a raw DB element, if possible. */ cached Raw::Element convert{{name}}ToRaw(T{{name}} e) { - {{^is_fresh_ipa}} + {{^is_fresh_synth}} e = T{{name}}(result) - {{/is_fresh_ipa}} - {{#is_fresh_ipa}} + {{/is_fresh_synth}} + {{#is_fresh_synth}} none() - {{/is_fresh_ipa}} + {{/is_fresh_synth}} } {{/final_classes}} diff --git a/misc/codegen/test/test_cppgen.py b/misc/codegen/test/test_cppgen.py index ebb7b3887ef..fcd9b15e8d0 100644 --- a/misc/codegen/test/test_cppgen.py +++ b/misc/codegen/test/test_cppgen.py @@ -181,19 +181,19 @@ def test_cpp_skip_pragma(generate): ] -def test_ipa_classes_ignored(generate): +def test_synth_classes_ignored(generate): assert generate([ schema.Class( name="W", - ipa=schema.IpaInfo(), + synth=schema.SynthInfo(), ), schema.Class( name="X", - ipa=schema.IpaInfo(from_class="A"), + synth=schema.SynthInfo(from_class="A"), ), schema.Class( name="Y", - ipa=schema.IpaInfo(on_arguments={"a": "A", "b": "int"}), + synth=schema.SynthInfo(on_arguments={"a": "A", "b": "int"}), ), schema.Class( name="Z", diff --git a/misc/codegen/test/test_dbschemegen.py b/misc/codegen/test/test_dbschemegen.py index 45b5718a876..1fbbc046785 100644 --- a/misc/codegen/test/test_dbschemegen.py +++ b/misc/codegen/test/test_dbschemegen.py @@ -534,11 +534,11 @@ def test_null_class(generate): ) -def test_ipa_classes_ignored(generate): +def test_synth_classes_ignored(generate): assert generate([ - schema.Class(name="A", ipa=schema.IpaInfo()), - schema.Class(name="B", ipa=schema.IpaInfo(from_class="A")), - schema.Class(name="C", ipa=schema.IpaInfo(on_arguments={"x": "A"})), + schema.Class(name="A", synth=schema.SynthInfo()), + schema.Class(name="B", synth=schema.SynthInfo(from_class="A")), + schema.Class(name="C", synth=schema.SynthInfo(on_arguments={"x": "A"})), ]) == dbscheme.Scheme( src=schema_file.name, includes=[], @@ -546,10 +546,10 @@ def test_ipa_classes_ignored(generate): ) -def test_ipa_derived_classes_ignored(generate): +def test_synth_derived_classes_ignored(generate): assert generate([ schema.Class(name="A", derived={"B", "C"}), - schema.Class(name="B", bases=["A"], ipa=schema.IpaInfo()), + schema.Class(name="B", bases=["A"], synth=schema.SynthInfo()), schema.Class(name="C", bases=["A"]), ]) == dbscheme.Scheme( src=schema_file.name, diff --git a/misc/codegen/test/test_ql.py b/misc/codegen/test/test_ql.py index 6d1e2181194..35b3af77399 100644 --- a/misc/codegen/test/test_ql.py +++ b/misc/codegen/test/test_ql.py @@ -169,9 +169,9 @@ def test_class_without_description(): assert prop.has_description is False -def test_ipa_accessor_has_first_constructor_param_marked(): +def test_synth_accessor_has_first_constructor_param_marked(): params = ["a", "b", "c"] - x = ql.IpaUnderlyingAccessor("foo", "bar", params) + x = ql.SynthUnderlyingAccessor("foo", "bar", params) assert x.constructorparams[0].first assert [p.param for p in x.constructorparams] == params diff --git a/misc/codegen/test/test_qlgen.py b/misc/codegen/test/test_qlgen.py index 12d5d28bca6..2a0fab2bbf2 100644 --- a/misc/codegen/test/test_qlgen.py +++ b/misc/codegen/test/test_qlgen.py @@ -848,13 +848,13 @@ def test_property_on_class_with_default_doc_name(generate_classes): } -def test_stub_on_class_with_ipa_from_class(generate_classes): +def test_stub_on_class_with_synth_from_class(generate_classes): assert generate_classes([ - schema.Class("MyObject", ipa=schema.IpaInfo(from_class="A"), + schema.Class("MyObject", synth=schema.SynthInfo(from_class="A"), properties=[schema.SingleProperty("foo", "bar")]), ]) == { - "MyObject.qll": (a_ql_stub(name="MyObject", ipa_accessors=[ - ql.IpaUnderlyingAccessor(argument="Entity", type="Raw::A", constructorparams=["result"]), + "MyObject.qll": (a_ql_stub(name="MyObject", synth_accessors=[ + ql.SynthUnderlyingAccessor(argument="Entity", type="Raw::A", constructorparams=["result"]), ]), a_ql_class(name="MyObject", final=True, properties=[ ql.Property(singular="Foo", type="bar", tablename="my_objects", synth=True, @@ -863,15 +863,15 @@ def test_stub_on_class_with_ipa_from_class(generate_classes): } -def test_stub_on_class_with_ipa_on_arguments(generate_classes): +def test_stub_on_class_with_synth_on_arguments(generate_classes): assert generate_classes([ - schema.Class("MyObject", ipa=schema.IpaInfo(on_arguments={"base": "A", "index": "int", "label": "string"}), + schema.Class("MyObject", synth=schema.SynthInfo(on_arguments={"base": "A", "index": "int", "label": "string"}), properties=[schema.SingleProperty("foo", "bar")]), ]) == { - "MyObject.qll": (a_ql_stub(name="MyObject", ipa_accessors=[ - ql.IpaUnderlyingAccessor(argument="Base", type="Raw::A", constructorparams=["result", "_", "_"]), - ql.IpaUnderlyingAccessor(argument="Index", type="int", constructorparams=["_", "result", "_"]), - ql.IpaUnderlyingAccessor(argument="Label", type="string", constructorparams=["_", "_", "result"]), + "MyObject.qll": (a_ql_stub(name="MyObject", synth_accessors=[ + ql.SynthUnderlyingAccessor(argument="Base", type="Raw::A", constructorparams=["result", "_", "_"]), + ql.SynthUnderlyingAccessor(argument="Index", type="int", constructorparams=["_", "result", "_"]), + ql.SynthUnderlyingAccessor(argument="Label", type="string", constructorparams=["_", "_", "result"]), ]), a_ql_class(name="MyObject", final=True, properties=[ ql.Property(singular="Foo", type="bar", tablename="my_objects", synth=True, diff --git a/misc/codegen/test/test_schemaloader.py b/misc/codegen/test/test_schemaloader.py index ed35f4b0271..d5772bea447 100644 --- a/misc/codegen/test/test_schemaloader.py +++ b/misc/codegen/test/test_schemaloader.py @@ -337,7 +337,7 @@ def test_class_with_pragmas(): } -def test_ipa_from_class(): +def test_synth_from_class(): @load class data: class A: @@ -348,12 +348,12 @@ def test_ipa_from_class(): pass assert data.classes == { - 'A': schema.Class('A', derived={'B'}, ipa=True), - 'B': schema.Class('B', bases=['A'], ipa=schema.IpaInfo(from_class="A")), + 'A': schema.Class('A', derived={'B'}, synth=True), + 'B': schema.Class('B', bases=['A'], synth=schema.SynthInfo(from_class="A")), } -def test_ipa_from_class_ref(): +def test_synth_from_class_ref(): @load class data: @defs.synth.from_class("B") @@ -364,12 +364,12 @@ def test_ipa_from_class_ref(): pass assert data.classes == { - 'A': schema.Class('A', derived={'B'}, ipa=schema.IpaInfo(from_class="B")), + 'A': schema.Class('A', derived={'B'}, synth=schema.SynthInfo(from_class="B")), 'B': schema.Class('B', bases=['A']), } -def test_ipa_from_class_dangling(): +def test_synth_from_class_dangling(): with pytest.raises(schema.Error): @load class data: @@ -378,7 +378,7 @@ def test_ipa_from_class_dangling(): pass -def test_ipa_class_on(): +def test_synth_class_on(): @load class data: class A: @@ -389,12 +389,12 @@ def test_ipa_class_on(): pass assert data.classes == { - 'A': schema.Class('A', derived={'B'}, ipa=True), - 'B': schema.Class('B', bases=['A'], ipa=schema.IpaInfo(on_arguments={'a': 'A', 'i': 'int'})), + 'A': schema.Class('A', derived={'B'}, synth=True), + 'B': schema.Class('B', bases=['A'], synth=schema.SynthInfo(on_arguments={'a': 'A', 'i': 'int'})), } -def test_ipa_class_on_ref(): +def test_synth_class_on_ref(): class A: pass @@ -408,12 +408,12 @@ def test_ipa_class_on_ref(): pass assert data.classes == { - 'A': schema.Class('A', derived={'B'}, ipa=schema.IpaInfo(on_arguments={'b': 'B', 'i': 'int'})), + 'A': schema.Class('A', derived={'B'}, synth=schema.SynthInfo(on_arguments={'b': 'B', 'i': 'int'})), 'B': schema.Class('B', bases=['A']), } -def test_ipa_class_on_dangling(): +def test_synth_class_on_dangling(): with pytest.raises(schema.Error): @load class data: @@ -422,7 +422,7 @@ def test_ipa_class_on_dangling(): pass -def test_ipa_class_hierarchy(): +def test_synth_class_hierarchy(): @load class data: class Root: @@ -447,10 +447,10 @@ def test_ipa_class_hierarchy(): assert data.classes == { 'Root': schema.Class('Root', derived={'Base', 'C'}), - 'Base': schema.Class('Base', bases=['Root'], derived={'Intermediate', 'B'}, ipa=True), - 'Intermediate': schema.Class('Intermediate', bases=['Base'], derived={'A'}, ipa=True), - 'A': schema.Class('A', bases=['Intermediate'], ipa=schema.IpaInfo(on_arguments={'a': 'Base', 'i': 'int'})), - 'B': schema.Class('B', bases=['Base'], ipa=schema.IpaInfo(from_class='Base')), + 'Base': schema.Class('Base', bases=['Root'], derived={'Intermediate', 'B'}, synth=True), + 'Intermediate': schema.Class('Intermediate', bases=['Base'], derived={'A'}, synth=True), + 'A': schema.Class('A', bases=['Intermediate'], synth=schema.SynthInfo(on_arguments={'a': 'Base', 'i': 'int'})), + 'B': schema.Class('B', bases=['Base'], synth=schema.SynthInfo(from_class='Base')), 'C': schema.Class('C', bases=['Root']), } From 27763d6bbed3823c91058f1bd82834b1fc3c1da6 Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Wed, 7 Jun 2023 09:25:42 +0200 Subject: [PATCH 859/870] Improve ZipSlip exclusion to take varargs into account --- java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll b/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll index 8261aef9fb3..074153ffd8f 100644 --- a/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll @@ -54,7 +54,10 @@ private class FileCreationSink extends DataFlow::Node { */ private predicate isPathCreation(DataFlow::Node sink) { exists(PathCreation pc | - pc.getAnInput() = sink.asExpr() and + pc.getAnInput() = sink.asExpr() + or + pc.getAnInput().(Argument).isVararg() and sink.(DataFlow::ImplicitVarargsArray).getCall() = pc + | // exclude actual read/write operations included in `PathCreation` not pc.(Call) .getCallee() From 416d3d587dd547270cb7fda929d1df9562bbf29e Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Wed, 7 Jun 2023 10:33:17 +0200 Subject: [PATCH 860/870] Accept test changes An uncovered test case is now correctly covered --- .../query-tests/security/CWE-552/UnsafeUrlForward.expected | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/java/ql/test/experimental/query-tests/security/CWE-552/UnsafeUrlForward.expected b/java/ql/test/experimental/query-tests/security/CWE-552/UnsafeUrlForward.expected index 11a8bc6c248..a39906b4115 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-552/UnsafeUrlForward.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-552/UnsafeUrlForward.expected @@ -3,6 +3,7 @@ edges | UnsafeLoadSpringResource.java:31:27:31:57 | new ClassPathResource(...) : ClassPathResource | UnsafeLoadSpringResource.java:35:31:35:33 | clr | | UnsafeLoadSpringResource.java:31:49:31:56 | fileName : String | UnsafeLoadSpringResource.java:31:27:31:57 | new ClassPathResource(...) : ClassPathResource | | UnsafeLoadSpringResource.java:68:32:68:77 | fileName : String | UnsafeLoadSpringResource.java:76:38:76:45 | fileName | +| UnsafeLoadSpringResource.java:108:32:108:77 | fileName : String | UnsafeLoadSpringResource.java:116:51:116:58 | fileName | | UnsafeRequestPath.java:20:17:20:63 | getServletPath(...) : String | UnsafeRequestPath.java:23:33:23:36 | path | | UnsafeResourceGet2.java:16:32:16:79 | getRequestParameterMap(...) : Map | UnsafeResourceGet2.java:17:20:17:25 | params : Map | | UnsafeResourceGet2.java:17:20:17:25 | params : Map | UnsafeResourceGet2.java:17:20:17:40 | get(...) : Object | @@ -35,6 +36,8 @@ nodes | UnsafeLoadSpringResource.java:35:31:35:33 | clr | semmle.label | clr | | UnsafeLoadSpringResource.java:68:32:68:77 | fileName : String | semmle.label | fileName : String | | UnsafeLoadSpringResource.java:76:38:76:45 | fileName | semmle.label | fileName | +| UnsafeLoadSpringResource.java:108:32:108:77 | fileName : String | semmle.label | fileName : String | +| UnsafeLoadSpringResource.java:116:51:116:58 | fileName | semmle.label | fileName | | UnsafeRequestPath.java:20:17:20:63 | getServletPath(...) : String | semmle.label | getServletPath(...) : String | | UnsafeRequestPath.java:23:33:23:36 | path | semmle.label | path | | UnsafeResourceGet2.java:16:32:16:79 | getRequestParameterMap(...) : Map | semmle.label | getRequestParameterMap(...) : Map | @@ -83,6 +86,7 @@ subpaths #select | UnsafeLoadSpringResource.java:35:31:35:33 | clr | UnsafeLoadSpringResource.java:27:32:27:77 | fileName : String | UnsafeLoadSpringResource.java:35:31:35:33 | clr | Potentially untrusted URL forward due to $@. | UnsafeLoadSpringResource.java:27:32:27:77 | fileName | user-provided value | | UnsafeLoadSpringResource.java:76:38:76:45 | fileName | UnsafeLoadSpringResource.java:68:32:68:77 | fileName : String | UnsafeLoadSpringResource.java:76:38:76:45 | fileName | Potentially untrusted URL forward due to $@. | UnsafeLoadSpringResource.java:68:32:68:77 | fileName | user-provided value | +| UnsafeLoadSpringResource.java:116:51:116:58 | fileName | UnsafeLoadSpringResource.java:108:32:108:77 | fileName : String | UnsafeLoadSpringResource.java:116:51:116:58 | fileName | Potentially untrusted URL forward due to $@. | UnsafeLoadSpringResource.java:108:32:108:77 | fileName | user-provided value | | UnsafeRequestPath.java:23:33:23:36 | path | UnsafeRequestPath.java:20:17:20:63 | getServletPath(...) : String | UnsafeRequestPath.java:23:33:23:36 | path | Potentially untrusted URL forward due to $@. | UnsafeRequestPath.java:20:17:20:63 | getServletPath(...) | user-provided value | | UnsafeResourceGet2.java:19:93:19:99 | loadUrl | UnsafeResourceGet2.java:16:32:16:79 | getRequestParameterMap(...) : Map | UnsafeResourceGet2.java:19:93:19:99 | loadUrl | Potentially untrusted URL forward due to $@. | UnsafeResourceGet2.java:16:32:16:79 | getRequestParameterMap(...) | user-provided value | | UnsafeResourceGet2.java:37:20:37:22 | url | UnsafeResourceGet2.java:32:32:32:79 | getRequestParameterMap(...) : Map | UnsafeResourceGet2.java:37:20:37:22 | url | Potentially untrusted URL forward due to $@. | UnsafeResourceGet2.java:32:32:32:79 | getRequestParameterMap(...) | user-provided value | From 0f75449abb71c17a60a96774d59f3509bb7e8b8c Mon Sep 17 00:00:00 2001 From: Tamas Vajk <tamasvajk@github.com> Date: Wed, 7 Jun 2023 10:40:58 +0200 Subject: [PATCH 861/870] Improve code quality --- csharp/extractor/Semmle.Extraction.CSharp/Entities/Method.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Method.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Method.cs index bae6a2b55ec..3729a5d2528 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Method.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Method.cs @@ -245,7 +245,7 @@ namespace Semmle.Extraction.CSharp.Entities // Retrieve the original method kind if (methodDecl.ExplicitInterfaceImplementations.IsEmpty) { - throw new InternalError(methodDecl, $"Couldn't get the original method kind for an explicit interface implementation"); + throw new InternalError(methodDecl, "Couldn't get the original method kind for an explicit interface implementation"); } methodKind = methodDecl.ExplicitInterfaceImplementations.Select(m => m.MethodKind).First(); From 76e1c6f76f0c1e1b23d7f24e0112e1ce07752e3f Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen <yoff@github.com> Date: Wed, 7 Jun 2023 11:18:53 +0200 Subject: [PATCH 862/870] java: test type tracking through flow summaries --- .../dispatch/CallableViaSummary.java | 31 +++++++++++++++++++ .../dispatch/viaSummary.expected | 2 ++ .../test/library-tests/dispatch/viaSummary.ql | 9 ++++++ 3 files changed, 42 insertions(+) create mode 100644 java/ql/test/library-tests/dispatch/CallableViaSummary.java create mode 100644 java/ql/test/library-tests/dispatch/viaSummary.expected create mode 100644 java/ql/test/library-tests/dispatch/viaSummary.ql diff --git a/java/ql/test/library-tests/dispatch/CallableViaSummary.java b/java/ql/test/library-tests/dispatch/CallableViaSummary.java new file mode 100644 index 00000000000..da7c7d86efd --- /dev/null +++ b/java/ql/test/library-tests/dispatch/CallableViaSummary.java @@ -0,0 +1,31 @@ +import java.util.*; + +public class CallableViaSummary { + public interface Element { + public void handle(String message); + } + + public void main(String[] args) { + List<Element> elements = new ArrayList<>(); + + List<Element> elements2 = new ArrayList<>(); + + elements.add(new Element() { + @Override + public void handle(String message) { + System.out.println(message); + } + }); + + elements.add(message -> System.out.println(message)); + + // This dispatches to the two added elements because + // the summary of ArrayList causes flow via type tracking. + elements.get(0).handle("Hello, world!"); + + // This does not dispatch to anything, showing that the + // open-world assumption does not apply + // (and hence that type tracking is necessary above). + elements2.get(0).handle("Hello, world!"); + } +} \ No newline at end of file diff --git a/java/ql/test/library-tests/dispatch/viaSummary.expected b/java/ql/test/library-tests/dispatch/viaSummary.expected new file mode 100644 index 00000000000..7c311587d9a --- /dev/null +++ b/java/ql/test/library-tests/dispatch/viaSummary.expected @@ -0,0 +1,2 @@ +| CallableViaSummary.java:24:9:24:47 | handle(...) | CallableViaSummary.java:15:25:15:30 | handle | +| CallableViaSummary.java:24:9:24:47 | handle(...) | CallableViaSummary.java:20:22:20:59 | handle | diff --git a/java/ql/test/library-tests/dispatch/viaSummary.ql b/java/ql/test/library-tests/dispatch/viaSummary.ql new file mode 100644 index 00000000000..c421e1c9904 --- /dev/null +++ b/java/ql/test/library-tests/dispatch/viaSummary.ql @@ -0,0 +1,9 @@ +import java +import semmle.code.java.dispatch.VirtualDispatch + +from MethodAccess ma, Method m +where + m = viableImpl(ma) and + m.fromSource() and + ma.getFile().toString().matches("CallableViaSummary") +select ma, m From aec1e4a7131554595e7cbfc82647471ca8ef796a Mon Sep 17 00:00:00 2001 From: Rasmus Lerchedahl Petersen <yoff@github.com> Date: Wed, 7 Jun 2023 11:40:50 +0200 Subject: [PATCH 863/870] java: address ql alert --- java/ql/test/library-tests/dispatch/viaSummary.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/test/library-tests/dispatch/viaSummary.ql b/java/ql/test/library-tests/dispatch/viaSummary.ql index c421e1c9904..a7a88d0749d 100644 --- a/java/ql/test/library-tests/dispatch/viaSummary.ql +++ b/java/ql/test/library-tests/dispatch/viaSummary.ql @@ -5,5 +5,5 @@ from MethodAccess ma, Method m where m = viableImpl(ma) and m.fromSource() and - ma.getFile().toString().matches("CallableViaSummary") + ma.getFile().toString() = "CallableViaSummary" select ma, m From d6ac5cdc9446a48a0c53bbdc8c7c67b969b77b22 Mon Sep 17 00:00:00 2001 From: Ian Lynagh <igfoo@github.com> Date: Wed, 7 Jun 2023 12:39:00 +0100 Subject: [PATCH 864/870] Kotlin: Remove kotlin-explorer This was an exploration tool that I don't think has been used for some time. --- .github/labeler.yml | 3 +- CODEOWNERS | 1 - java/kotlin-explorer/.gitignore | 10 - java/kotlin-explorer/README | 9 - java/kotlin-explorer/build.gradle | 28 --- java/kotlin-explorer/gradle.properties | 7 - java/kotlin-explorer/settings.gradle | 8 - .../src/main/kotlin/Explorer.kt | 217 ------------------ 8 files changed, 1 insertion(+), 282 deletions(-) delete mode 100644 java/kotlin-explorer/.gitignore delete mode 100644 java/kotlin-explorer/README delete mode 100644 java/kotlin-explorer/build.gradle delete mode 100644 java/kotlin-explorer/gradle.properties delete mode 100644 java/kotlin-explorer/settings.gradle delete mode 100644 java/kotlin-explorer/src/main/kotlin/Explorer.kt diff --git a/.github/labeler.yml b/.github/labeler.yml index 503833fc4d7..5401e6afd71 100644 --- a/.github/labeler.yml +++ b/.github/labeler.yml @@ -11,7 +11,7 @@ Go: - change-notes/**/*go.* Java: - - any: [ 'java/**/*', '!java/kotlin-extractor/**/*', '!java/kotlin-explorer/**/*', '!java/ql/test/kotlin/**/*' ] + - any: [ 'java/**/*', '!java/kotlin-extractor/**/*', '!java/ql/test/kotlin/**/*' ] - change-notes/**/*java.* JS: @@ -20,7 +20,6 @@ JS: Kotlin: - java/kotlin-extractor/**/* - - java/kotlin-explorer/**/* - java/ql/test/kotlin/**/* Python: diff --git a/CODEOWNERS b/CODEOWNERS index 6e2dd9dc66b..b2eb53f0bb0 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -8,7 +8,6 @@ /swift/ @github/codeql-swift /misc/codegen/ @github/codeql-swift /java/kotlin-extractor/ @github/codeql-kotlin -/java/kotlin-explorer/ @github/codeql-kotlin # ML-powered queries /javascript/ql/experimental/adaptivethreatmodeling/ @github/codeql-ml-powered-queries-reviewers diff --git a/java/kotlin-explorer/.gitignore b/java/kotlin-explorer/.gitignore deleted file mode 100644 index 9c076360bbb..00000000000 --- a/java/kotlin-explorer/.gitignore +++ /dev/null @@ -1,10 +0,0 @@ -.classpath -.gradle -.idea -.project -.settings -bin/ -build/ -gradle/ -gradlew -gradlew.bat diff --git a/java/kotlin-explorer/README b/java/kotlin-explorer/README deleted file mode 100644 index 0f500d7c25b..00000000000 --- a/java/kotlin-explorer/README +++ /dev/null @@ -1,9 +0,0 @@ - -This shows what is encoded in the kotlin.Metadata section shown in the -output of `javap -v SomeKotlinClass`. - -It is not currently able to extract the information from .class files -itself; the values are hard coded in src/main/kotlin/Explorer.kt - -Run `gradle run` in this directory to run it. - diff --git a/java/kotlin-explorer/build.gradle b/java/kotlin-explorer/build.gradle deleted file mode 100644 index b122d811d4f..00000000000 --- a/java/kotlin-explorer/build.gradle +++ /dev/null @@ -1,28 +0,0 @@ -plugins { - id 'org.jetbrains.kotlin.jvm' version "${kotlinVersion}" - id 'org.jetbrains.dokka' version '1.4.32' - id "com.vanniktech.maven.publish" version '0.15.1' - id 'application' -} - -group 'com.github.codeql' -version '0.0.1' - -dependencies { - implementation "org.jetbrains.kotlin:kotlin-stdlib" - implementation "org.jetbrains.kotlinx:kotlinx-metadata-jvm:0.3.0" -} - -repositories { - mavenCentral() -} - -tasks.withType(org.jetbrains.kotlin.gradle.tasks.KotlinCompile).configureEach { - kotlinOptions { - jvmTarget = "1.8" - } -} - -application { - mainClass = 'com.github.codeql.ExplorerKt' -} diff --git a/java/kotlin-explorer/gradle.properties b/java/kotlin-explorer/gradle.properties deleted file mode 100644 index 0854241bcda..00000000000 --- a/java/kotlin-explorer/gradle.properties +++ /dev/null @@ -1,7 +0,0 @@ -kotlin.code.style=official -kotlinVersion=1.5.21 - -GROUP=com.github.codeql -VERSION_NAME=0.0.1 -POM_DESCRIPTION=CodeQL Kotlin explorer - diff --git a/java/kotlin-explorer/settings.gradle b/java/kotlin-explorer/settings.gradle deleted file mode 100644 index 18f679f7b75..00000000000 --- a/java/kotlin-explorer/settings.gradle +++ /dev/null @@ -1,8 +0,0 @@ -pluginManagement { - repositories { - mavenCentral() - gradlePluginPortal() - } -} - -rootProject.name = 'codeql-kotlin-explorer' diff --git a/java/kotlin-explorer/src/main/kotlin/Explorer.kt b/java/kotlin-explorer/src/main/kotlin/Explorer.kt deleted file mode 100644 index 31c3eb18dcb..00000000000 --- a/java/kotlin-explorer/src/main/kotlin/Explorer.kt +++ /dev/null @@ -1,217 +0,0 @@ -package com.github.codeql -import kotlinx.metadata.internal.metadata.jvm.deserialization.JvmMetadataVersion -import kotlinx.metadata.jvm.* -import kotlinx.metadata.* - -fun main(args : Array<String>) { - /* - Values from `javap -v` on TestKt.class from: - - class MyClass {} - - class MyParamClass<T> {} - - fun f(x: MyClass, y: MyClass?, - l1: MyParamClass<MyClass>, - l2: MyParamClass<MyClass?>, - l3: MyParamClass<MyClass>?, - l4: MyParamClass<MyClass?>?) { - } - */ - val kind = 2 - val metadataVersion = intArrayOf(1, 5, 1) - val data1 = arrayOf("\u0000\u0018\n\u0000\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\u001aX\u0010\u0000\u001a\u00020\u00012\u0006\u0010\u0002\u001a\u00020\u00032\b\u0010\u0004\u001a\u0004\u0018\u00010\u00032\u000c\u0010\u0005\u001a\b\u0012\u0004\u0012\u00020\u00030\u00062\u000e\u0010\u0007\u001a\n\u0012\u0006\u0012\u0004\u0018\u00010\u00030\u00062\u000e\u0010\b\u001a\n\u0012\u0004\u0012\u00020\u0003\u0018\u00010\u00062\u0010\u0010\t\u001a\u000c\u0012\u0006\u0012\u0004\u0018\u00010\u0003\u0018\u00010\u0006") - val data2 = arrayOf("f","","x","LMyClass;","y","l1","LMyParamClass;","l2","l3","l4") - val extraString = null - val packageName = null - val extraInt = 48 - val kch = KotlinClassHeader(kind, metadataVersion, data1, data2, extraString, packageName, extraInt) - - val md = KotlinClassMetadata.read(kch) - when (md) { - is KotlinClassMetadata.Class -> println("Metadata for Class not yet supported") - is KotlinClassMetadata.FileFacade -> { - println("Metadata for FileFacade:") - val kmp = md.toKmPackage() - kmp.accept(MyPackageVisitor(0)) - } - is KotlinClassMetadata.SyntheticClass -> println("Metadata for SyntheticClass not yet supported") - is KotlinClassMetadata.MultiFileClassFacade -> println("Metadata for MultiFileClassFacade not yet supported") - is KotlinClassMetadata.MultiFileClassPart -> println("Metadata for MultiFileClassPart not yet supported") - is KotlinClassMetadata.Unknown -> println("Unknown kind") - else -> println("Unexpected kind") - } -} - -fun pr(indent: Int, s: String) { - println(" ".repeat(indent) + s) -} - -class MyPackageVisitor(val indent: Int): KmPackageVisitor() { - override fun visitFunction(flags: Flags, name: String): KmFunctionVisitor? { - pr(indent, "=> Function; flags:$flags, name:$name") - return MyFunctionVisitor(indent + 1) - } - - override fun visitProperty(flags: Flags, name: String, getterFlags: Flags, setterFlags: Flags): KmPropertyVisitor? { - pr(indent, "=> Properties not yet handled") - return null - } - - override fun visitTypeAlias(flags: Flags, name: String): KmTypeAliasVisitor? { - pr(indent, "=> Type aliases not yet handled") - return null - } - - override fun visitExtensions(type: KmExtensionType): KmPackageExtensionVisitor? { - pr(indent, "=> Package extensions; type:$type") - when (type) { - JvmPackageExtensionVisitor.TYPE -> return MyJvmPackageExtensionVisitor(indent + 1) - else -> { - pr(indent, "- Not yet handled") - return null - } - } - } -} - -class MyFunctionVisitor(val indent: Int): KmFunctionVisitor() { - override fun visitTypeParameter(flags: Flags, name: String, id: Int, variance: KmVariance): KmTypeParameterVisitor? { - pr(indent, "=> Type parameter; flags:$flags, name:$name, id:$id, variance:$variance") - pr(indent, " -> Not yet handled") - return null - } - override fun visitReceiverParameterType(flags: Flags): KmTypeVisitor? { - pr(indent, "=> Receiver parameter type; flags:$flags") - pr(indent, " -> Not yet handled") - return null - } - - override fun visitValueParameter(flags: Flags, name: String): KmValueParameterVisitor? { - pr(indent, "=> Value parameter; flags:$flags, name:$name") - return MyValueParameterVisitor(indent + 1) - } - - override fun visitReturnType(flags: Flags): KmTypeVisitor? { - pr(indent, "=> Return type; flags:$flags") - return MyTypeVisitor(indent + 1) - } - - override fun visitVersionRequirement(): KmVersionRequirementVisitor? { - pr(indent, "=> VersionRequirement not yet handled") - return null - } - - override fun visitContract(): KmContractVisitor? { - pr(indent, "=> Contract not yet handled") - return null - } - - override fun visitExtensions(type: KmExtensionType): KmFunctionExtensionVisitor? { - pr(indent, "=> Function extensions; type:$type") - when (type) { - JvmFunctionExtensionVisitor.TYPE -> return MyJvmFunctionExtensionVisitor(indent + 1) - else -> { - pr(indent, "- Not yet handled") - return null - } - } - } -} - -class MyValueParameterVisitor(val indent: Int): KmValueParameterVisitor() { - override fun visitType(flags: Flags): KmTypeVisitor? { - pr(indent, "=> Type; flags:$flags") - return MyTypeVisitor(indent + 1) - } - - override fun visitVarargElementType(flags: Flags): KmTypeVisitor? { - pr(indent, "=> VarargElementType not yet handled") - return null - } - - override fun visitExtensions(type: KmExtensionType): KmValueParameterExtensionVisitor? { - pr(indent, "=> Value parameter extensions; type:$type; not yet handled") - return null - } -} - -class MyTypeVisitor(val indent: Int): KmTypeVisitor() { - override fun visitClass(name: ClassName) { - pr(indent, "=> Class; name:$name") - } - - override fun visitTypeAlias(name: ClassName) { - pr(indent, "=> Type alias; name:$name") - } - - override fun visitTypeParameter(id: Int) { - pr(indent, "=> Type parameter; id:$id") - } - - override fun visitArgument(flags: Flags, variance: KmVariance): KmTypeVisitor? { - pr(indent, "=> Argument; flags:$flags, variance:$variance") - return MyTypeVisitor(indent + 1) - } - - override fun visitStarProjection() { - pr(indent, "=> Star projection") - } - - override fun visitAbbreviatedType(flags: Flags): KmTypeVisitor? { - pr(indent, "=> AbbreviatedType not yet handled") - return null - } - - override fun visitOuterType(flags: Flags): KmTypeVisitor? { - pr(indent, "=> OuterType not yet handled") - return null - } - - override fun visitFlexibleTypeUpperBound(flags: Flags, typeFlexibilityId: String?): KmTypeVisitor? { - pr(indent, "=> FlexibleTypeUpperBound not yet handled") - return null - } - - override fun visitExtensions(type: KmExtensionType): KmTypeExtensionVisitor? { - pr(indent, "=> Type extensions; type:$type") - when (type) { - JvmTypeExtensionVisitor.TYPE -> return MyJvmTypeExtensionVisitor(indent + 1) - else -> { - pr(indent, "- Not yet handled") - return null - } - } - } -} - -class MyJvmTypeExtensionVisitor(val indent: Int): JvmTypeExtensionVisitor() { - override fun visit(isRaw: Boolean) { - pr(indent, "=> isRaw:$isRaw") - } - - override fun visitAnnotation(annotation: KmAnnotation) { - pr(indent, "=> Annotation; annotation:$annotation") - } -} - -class MyJvmPackageExtensionVisitor(val indent: Int): JvmPackageExtensionVisitor() { - override fun visitLocalDelegatedProperty(flags: Flags, name: String, getterFlags: Flags, setterFlags: Flags): KmPropertyVisitor? { - pr(indent, "=> Local delegate not yet handled") - return null - } - - override fun visitModuleName(name: String) { - pr(indent, "=> Module name; name:$name") - } -} - -class MyJvmFunctionExtensionVisitor(val indent: Int): JvmFunctionExtensionVisitor() { - override fun visit(signature: JvmMethodSignature?) { - pr(indent, "=> signature:$signature") - } - - override fun visitLambdaClassOriginName(internalName: String) { - pr(indent, "=> LambdaClassOriginName; internalName:$internalName") - } -} From 35b4c438ff09bd431858bc166121007bae933cca Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Wed, 7 Jun 2023 14:12:20 +0200 Subject: [PATCH 865/870] Fix Gson's JsonArray.add models When the type of the argument isn't JsonElement, the summary must be taint flow instead of value flow --- java/ql/lib/ext/com.google.gson.model.yml | 7 +++++- .../library-tests/frameworks/gson/Test.java | 24 +++++++++---------- 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/java/ql/lib/ext/com.google.gson.model.yml b/java/ql/lib/ext/com.google.gson.model.yml index 96f5355b2dc..73e14cf7cc8 100644 --- a/java/ql/lib/ext/com.google.gson.model.yml +++ b/java/ql/lib/ext/com.google.gson.model.yml @@ -26,7 +26,12 @@ extensions: - ["com.google.gson", "JsonElement", True, "getAsJsonPrimitive", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["com.google.gson", "JsonElement", True, "getAsString", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["com.google.gson", "JsonElement", True, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] - - ["com.google.gson", "JsonArray", True, "add", "", "", "Argument[0]", "Argument[this].Element", "value", "manual"] + - ["com.google.gson", "JsonArray", True, "add", "(Boolean)", "", "Argument[0]", "Argument[this].Element", "taint", "manual"] + - ["com.google.gson", "JsonArray", True, "add", "(Character)", "", "Argument[0]", "Argument[this].Element", "taint", "manual"] + - ["com.google.gson", "JsonArray", True, "add", "(JsonElement)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] + - ["com.google.gson", "JsonArray", True, "add", "(Number)", "", "Argument[0]", "Argument[this].Element", "taint", "manual"] + - ["com.google.gson", "JsonArray", True, "add", "(String)", "", "Argument[0]", "Argument[this].Element", "taint", "manual"] + - ["com.google.gson", "JsonArray", True, "add", "(JsonArray)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"] - ["com.google.gson", "JsonArray", True, "asList", "", "", "Argument[this].Element", "ReturnValue.Element", "value", "manual"] - ["com.google.gson", "JsonArray", True, "get", "", "", "Argument[this].Element", "ReturnValue", "value", "manual"] - ["com.google.gson", "JsonArray", True, "set", "", "", "Argument[1]", "Argument[this].Element", "value", "manual"] diff --git a/java/ql/test/library-tests/frameworks/gson/Test.java b/java/ql/test/library-tests/frameworks/gson/Test.java index eb3e1e526f0..00811587e8b 100644 --- a/java/ql/test/library-tests/frameworks/gson/Test.java +++ b/java/ql/test/library-tests/frameworks/gson/Test.java @@ -25,7 +25,7 @@ public class Test { <K> K getMapKeyDefault(Map.Entry<K,?> container) { return container.getKey(); } JsonElement getMapValueDefault(JsonObject container) { return container.get(null); } <V> V getMapValueDefault(Map.Entry<?,V> container) { return container.getValue(); } - JsonArray newWithElementDefault(String element) { JsonArray a = new JsonArray(); a.add(element); return a; } + JsonArray newWithElementDefault(JsonElement element) { JsonArray a = new JsonArray(); a.add(element); return a; } JsonObject newWithMapKeyDefault(String key) { JsonObject o = new JsonObject(); o.add(key, (JsonElement) null); return o; } JsonObject newWithMapValueDefault(JsonElement element) { JsonObject o = new JsonObject(); o.add(null, element); return o; } Object source() { return null; } @@ -232,51 +232,51 @@ public class Test { sink(out); // $ hasTaintFlow } { - // "com.google.gson;JsonArray;true;add;;;Argument[0];Argument[this].Element;value;manual" + // "com.google.gson;JsonArray;true;add;(Boolean);;Argument[0];Argument[this].Element;taint;manual" JsonArray out = null; Boolean in = (Boolean)source(); out.add(in); - sink(getElement(out)); // $ hasValueFlow + sink(getElement(out)); // $ hasTaintFlow } { - // "com.google.gson;JsonArray;true;add;;;Argument[0];Argument[this].Element;value;manual" + // "com.google.gson;JsonArray;true;add;(Character);;Argument[0];Argument[this].Element;taint;manual" JsonArray out = null; Character in = (Character)source(); out.add(in); - sink(getElement(out)); // $ hasValueFlow + sink(getElement(out)); // $ hasTaintFlow } { - // "com.google.gson;JsonArray;true;add;;;Argument[0];Argument[this].Element;value;manual" + // "com.google.gson;JsonArray;true;add;(JsonElement);;Argument[0];Argument[this].Element;value;manual" JsonArray out = null; JsonElement in = (JsonElement)source(); out.add(in); sink(getElement(out)); // $ hasValueFlow } { - // "com.google.gson;JsonArray;true;add;;;Argument[0];Argument[this].Element;value;manual" + // "com.google.gson;JsonArray;true;add;(Number);;Argument[0];Argument[this].Element;taint;manual" JsonArray out = null; Number in = (Number)source(); out.add(in); - sink(getElement(out)); // $ hasValueFlow + sink(getElement(out)); // $ hasTaintFlow } { - // "com.google.gson;JsonArray;true;add;;;Argument[0];Argument[this].Element;value;manual" + // "com.google.gson;JsonArray;true;add;(JsonArray);;Argument[0].Element;Argument[this].Element;value;manual" JsonArray out = null; - String in = (String)source(); + JsonElement in = (JsonElement)source(); out.add(in); sink(getElement(out)); // $ hasValueFlow } { // "com.google.gson;JsonArray;true;asList;;;Argument[this].Element;ReturnValue.Element;value;manual" List out = null; - JsonArray in = (JsonArray)newWithElementDefault((String) source()); + JsonArray in = (JsonArray)newWithElementDefault((JsonElement) source()); out = in.asList(); sink(getElement(out)); // $ hasValueFlow } { // "com.google.gson;JsonArray;true;get;;;Argument[this].Element;ReturnValue;value;manual" JsonElement out = null; - JsonArray in = (JsonArray)newWithElementDefault((String) source()); + JsonArray in = (JsonArray)newWithElementDefault((JsonElement) source()); out = in.get(0); sink(out); // $ hasValueFlow } From c0135673fac4bf62bef7da411eef2b10ad51d696 Mon Sep 17 00:00:00 2001 From: Tony Torralba <atorralba@users.noreply.github.com> Date: Wed, 7 Jun 2023 16:18:32 +0200 Subject: [PATCH 866/870] Fix JsonArray.addAll model Properly test JsonArray.add(String) and JsonArray.addAll(JsonArray) as well --- java/ql/lib/ext/com.google.gson.model.yml | 2 +- .../test/library-tests/frameworks/gson/Test.java | 15 +++++++++++---- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/java/ql/lib/ext/com.google.gson.model.yml b/java/ql/lib/ext/com.google.gson.model.yml index 73e14cf7cc8..7b41b57083a 100644 --- a/java/ql/lib/ext/com.google.gson.model.yml +++ b/java/ql/lib/ext/com.google.gson.model.yml @@ -31,7 +31,7 @@ extensions: - ["com.google.gson", "JsonArray", True, "add", "(JsonElement)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - ["com.google.gson", "JsonArray", True, "add", "(Number)", "", "Argument[0]", "Argument[this].Element", "taint", "manual"] - ["com.google.gson", "JsonArray", True, "add", "(String)", "", "Argument[0]", "Argument[this].Element", "taint", "manual"] - - ["com.google.gson", "JsonArray", True, "add", "(JsonArray)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"] + - ["com.google.gson", "JsonArray", True, "addAll", "(JsonArray)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"] - ["com.google.gson", "JsonArray", True, "asList", "", "", "Argument[this].Element", "ReturnValue.Element", "value", "manual"] - ["com.google.gson", "JsonArray", True, "get", "", "", "Argument[this].Element", "ReturnValue", "value", "manual"] - ["com.google.gson", "JsonArray", True, "set", "", "", "Argument[1]", "Argument[this].Element", "value", "manual"] diff --git a/java/ql/test/library-tests/frameworks/gson/Test.java b/java/ql/test/library-tests/frameworks/gson/Test.java index 00811587e8b..6fa1fd2a1e5 100644 --- a/java/ql/test/library-tests/frameworks/gson/Test.java +++ b/java/ql/test/library-tests/frameworks/gson/Test.java @@ -260,23 +260,30 @@ public class Test { sink(getElement(out)); // $ hasTaintFlow } { - // "com.google.gson;JsonArray;true;add;(JsonArray);;Argument[0].Element;Argument[this].Element;value;manual" + // "com.google.gson;JsonArray;true;add;(String);;Argument[0];Argument[this].Element;taint;manual" JsonArray out = null; - JsonElement in = (JsonElement)source(); + String in = (String)source(); out.add(in); + sink(getElement(out)); // $ hasTaintFlow + } + { + // "com.google.gson;JsonArray;true;addAll;(JsonArray);;Argument[0].Element;Argument[this].Element;value;manual" + JsonArray out = null; + JsonArray in = newWithElementDefault((JsonElement) source()); + out.addAll(in); sink(getElement(out)); // $ hasValueFlow } { // "com.google.gson;JsonArray;true;asList;;;Argument[this].Element;ReturnValue.Element;value;manual" List out = null; - JsonArray in = (JsonArray)newWithElementDefault((JsonElement) source()); + JsonArray in = newWithElementDefault((JsonElement) source()); out = in.asList(); sink(getElement(out)); // $ hasValueFlow } { // "com.google.gson;JsonArray;true;get;;;Argument[this].Element;ReturnValue;value;manual" JsonElement out = null; - JsonArray in = (JsonArray)newWithElementDefault((JsonElement) source()); + JsonArray in = newWithElementDefault((JsonElement) source()); out = in.get(0); sink(out); // $ hasValueFlow } From 69854638b6fb5f333ccafc2785f26ae87ef6edba Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan <owen-mc@github.com> Date: Wed, 7 Jun 2023 15:51:21 +0100 Subject: [PATCH 867/870] Add Go version table for --identify-environment --- go/extractor/cli/go-autobuilder/go-autobuilder.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/go/extractor/cli/go-autobuilder/go-autobuilder.go b/go/extractor/cli/go-autobuilder/go-autobuilder.go index 9fcad68d42a..f7fc575d0c1 100644 --- a/go/extractor/cli/go-autobuilder/go-autobuilder.go +++ b/go/extractor/cli/go-autobuilder/go-autobuilder.go @@ -910,6 +910,17 @@ func getVersionWhenGoModVersionSupported(v versionInfo) (msg, version string) { // Check the versions of Go found in the environment and in the `go.mod` file, and return a // version to install. If the version is the empty string then no installation is required. +// We never return a version of Go that is outside of the supported range. +// +// +-----------------------+-----------------------+-----------------------+-----------------------------------------------------+------------------------------------------------+ +// | Found in go.mod > | *None* | *Below min supported* | *In supported range* | *Above max supported | +// | Installed \/ | | | | | +// |-----------------------|-----------------------|-----------------------|-----------------------------------------------------|------------------------------------------------| +// | *None* | Install max supported | Install min supported | Install version from go.mod | Install max supported | +// | *Below min supported* | Install max supported | Install min supported | Install version from go.mod | Install max supported | +// | *In supported range* | No action | No action | Install version from go.mod if newer than installed | Install max supported if newer than installed | +// | *Above max supported* | Install max supported | Install min supported | Install version from go.mod | No action | +// +-----------------------+-----------------------+-----------------------+-----------------------------------------------------+------------------------------------------------+ func getVersionToInstall(v versionInfo) (msg, version string) { if !v.goModVersionFound { return getVersionWhenGoModVersionNotFound(v) From 19e1bab10245836ab79f80f639bb2ee131b6eeb4 Mon Sep 17 00:00:00 2001 From: Taus <tausbn@github.com> Date: Wed, 7 Jun 2023 15:26:52 +0000 Subject: [PATCH 868/870] Python: Update expected output for syntax error queries --- .../2/query-tests/Imports/syntax_error/SyntaxError.expected | 2 +- .../3/query-tests/Imports/syntax_error/SyntaxError.expected | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/python/ql/test/2/query-tests/Imports/syntax_error/SyntaxError.expected b/python/ql/test/2/query-tests/Imports/syntax_error/SyntaxError.expected index 7fc3fd5d706..b645e2ef286 100644 --- a/python/ql/test/2/query-tests/Imports/syntax_error/SyntaxError.expected +++ b/python/ql/test/2/query-tests/Imports/syntax_error/SyntaxError.expected @@ -1 +1 @@ -| nonsense.py:0:1:0:1 | Syntax Error | Syntax Error (in Python 2). | +| nonsense.py:1:1:1:1 | Syntax Error | Syntax Error (in Python 2). | diff --git a/python/ql/test/3/query-tests/Imports/syntax_error/SyntaxError.expected b/python/ql/test/3/query-tests/Imports/syntax_error/SyntaxError.expected index 2f8b8b32ce1..480891f7381 100644 --- a/python/ql/test/3/query-tests/Imports/syntax_error/SyntaxError.expected +++ b/python/ql/test/3/query-tests/Imports/syntax_error/SyntaxError.expected @@ -1 +1 @@ -| nonsense.py:0:1:0:1 | Syntax Error | Syntax Error (in Python 3). | +| nonsense.py:1:2:1:2 | Syntax Error | Syntax Error (in Python 3). | From 0efa212c4077564a9545d7c6a6dd5c16e795c619 Mon Sep 17 00:00:00 2001 From: Arthur Baars <aibaars@github.com> Date: Wed, 7 Jun 2023 19:27:46 +0200 Subject: [PATCH 869/870] Ruby: update tree-sitter-ruby --- ruby/extractor/Cargo.lock | Bin 31065 -> 31065 bytes ruby/extractor/Cargo.toml | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/ruby/extractor/Cargo.lock b/ruby/extractor/Cargo.lock index 85c546b9b96e189aae02de3062127274df104d7b..f048f2d7725d8d6e8b86e41a63b538afe657ba31 100644 GIT binary patch delta 99 zcmccliSgzq#tkc?0?bX)Qc_J*P1BN$l9Eg<%`FlWQ&Y_?EKLn9EK-vUEiKc`(-M=@ S43vpfIQgJ}_-6iSFF63U^dL9@ delta 100 zcmccliSgzq#tkc?0*wsJlFbdw%?-^=jLnUbO)bsR(h@CF6BARCEKQ6}lZ`AaO$?3A SOq7XLIQgQe*k=A{FF61&_#I6E diff --git a/ruby/extractor/Cargo.toml b/ruby/extractor/Cargo.toml index 133233f2f14..6857162af5e 100644 --- a/ruby/extractor/Cargo.toml +++ b/ruby/extractor/Cargo.toml @@ -10,7 +10,7 @@ edition = "2018" [dependencies] tree-sitter = "0.20" tree-sitter-embedded-template = { git = "https://github.com/tree-sitter/tree-sitter-embedded-template.git", rev = "203f7bd3c1bbfbd98fc19add4b8fcb213c059205" } -tree-sitter-ruby = { git = "https://github.com/tree-sitter/tree-sitter-ruby.git", rev = "206c7077164372c596ffa8eaadb9435c28941364" } +tree-sitter-ruby = { git = "https://github.com/tree-sitter/tree-sitter-ruby.git", rev = "74fde5e5fb2bb5978aaee7895188eb199f7facf0" } clap = { version = "4.2", features = ["derive"] } tracing = "0.1" tracing-subscriber = { version = "0.3.3", features = ["env-filter"] } From cbbd885e229823ad50aa77e554bb2078a955dce7 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 8 Jun 2023 00:17:14 +0000 Subject: [PATCH 870/870] Add changed framework coverage reports --- .../documentation/library-coverage/coverage.csv | 17 ++++++++++++----- .../documentation/library-coverage/coverage.rst | 8 ++++---- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/java/documentation/library-coverage/coverage.csv b/java/documentation/library-coverage/coverage.csv index 0e429b40b52..93c93f8ef46 100644 --- a/java/documentation/library-coverage/coverage.csv +++ b/java/documentation/library-coverage/coverage.csv @@ -12,10 +12,11 @@ androidx.core.app,6,,95,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,12,83 androidx.fragment.app,11,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, androidx.slice,2,5,88,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,5,,27,61 cn.hutool.core.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, +com.alibaba.druid.sql,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, com.fasterxml.jackson.core,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -com.fasterxml.jackson.databind,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6, +com.fasterxml.jackson.databind,2,,6,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,6, com.google.common.base,4,,87,,,,,,,,,,,,,,,,,,,,3,1,,,,,,,,,,,,,,63,24 com.google.common.cache,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17 com.google.common.collect,,,553,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,551 @@ -23,6 +24,7 @@ com.google.common.flogger,29,,,,,,,,,,,,,,,29,,,,,,,,,,,,,,,,,,,,,,, com.google.common.io,8,,73,,1,,,,,,,,,,,,,,7,,,,,,,,,,,,,,,,,,,72,1 com.google.gson,,,39,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,25,14 com.hubspot.jinjava,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,, +com.jcraft.jsch,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,1, com.mitchellbosecke.pebble,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,, com.opensymphony.xwork2.ognl,3,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,,, com.rabbitmq.client,,21,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,7, @@ -41,7 +43,7 @@ io.netty.bootstrap,3,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,, io.netty.buffer,,,207,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,130,77 io.netty.channel,9,2,,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,2,, io.netty.handler.codec,4,13,259,,,,,,,,,,,,,,,,1,,,,,,,,,3,,,,,,,,,13,143,116 -io.netty.handler.ssl,2,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,, +io.netty.handler.ssl,4,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,,,,, io.netty.handler.stream,1,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,, io.netty.resolver,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, io.netty.util,2,,23,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,21,2 @@ -52,10 +54,10 @@ jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,, jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,94,55 java.awt,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3 java.beans,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, -java.io,44,,45,,22,,,,,,,,,,,,,,22,,,,,,,,,,,,,,,,,,,43,2 +java.io,49,,45,,22,,,,,,,,,,,,,,27,,,,,,,,,,,,,,,,,,,43,2 java.lang,18,,92,,,,,,,,,,,,,8,,,5,,,4,,,1,,,,,,,,,,,,,56,36 java.net,13,3,20,,,,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,3,20, -java.nio,40,,35,,3,,,,,,,,,,,,,,37,,,,,,,,,,,,,,,,,,,35, +java.nio,47,,35,,3,,,,,,,,,,,,,,44,,,,,,,,,,,,,,,,,,,35, java.sql,13,,3,,,,,,,,,,,,,,,,,,,,,,,,,4,,9,,,,,,,,2,1 java.util,44,,484,,,,,,,,,,,,,34,,,,,,,5,2,,1,2,,,,,,,,,,,44,440 javafx.scene.web,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,, @@ -78,7 +80,8 @@ jodd.json,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10 kotlin,16,,1847,,,,,,,,,,,,,,,,14,,,,,,,,,2,,,,,,,,,,1836,11 net.sf.saxon.s9api,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,, ognl,6,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,, -okhttp3,4,,47,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,22,25 +okhttp3,4,,48,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,23,25 +org.antlr.runtime,1,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,, org.apache.commons.codec,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6, org.apache.commons.collections,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783 org.apache.commons.collections4,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783 @@ -119,8 +122,10 @@ org.codehaus.cargo.container.installer,3,,,,,,,,,,,,,,,,,,2,,,,,,,,,1,,,,,,,,,,, org.codehaus.groovy.control,1,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, org.dom4j,20,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,20,,,,,, org.eclipse.jetty.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,, +org.fusesource.leveldbjni,1,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,, org.geogebra.web.full.main,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,, org.hibernate,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,, +org.influxdb,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,, org.jboss.logging,324,,,,,,,,,,,,,,,324,,,,,,,,,,,,,,,,,,,,,,, org.jdbi.v3.core,6,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,, org.jooq,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,, @@ -134,6 +139,7 @@ org.springframework.beans,,,30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30 org.springframework.boot.jdbc,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,, org.springframework.cache,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13 org.springframework.context,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3, +org.springframework.core.io,2,,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,, org.springframework.data.repository,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1 org.springframework.http,14,,71,,,,,,,,,,,,,,,,,,,,,,,,,14,,,,,,,,,,61,10 org.springframework.jdbc.core,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,, @@ -153,6 +159,7 @@ org.springframework.web.util,,,165,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,140,25 org.thymeleaf,2,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,2, org.xml.sax,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, org.xmlpull.v1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,, +org.yaml.snakeyaml,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1, play.libs.ws,2,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,, play.mvc,,13,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,24, ratpack.core.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3, diff --git a/java/documentation/library-coverage/coverage.rst b/java/documentation/library-coverage/coverage.rst index 55b9a0a071d..ffd3ce0ed91 100644 --- a/java/documentation/library-coverage/coverage.rst +++ b/java/documentation/library-coverage/coverage.rst @@ -18,10 +18,10 @@ Java framework & library support `Google Guava <https://guava.dev/>`_,``com.google.common.*``,,730,41,7,,,,, JBoss Logging,``org.jboss.logging``,,,324,,,,,, `JSON-java <https://github.com/stleary/JSON-java>`_,``org.json``,,236,,,,,,, - Java Standard Library,``java.*``,3,683,172,64,,9,,,17 + Java Standard Library,``java.*``,3,683,184,76,,9,,,17 Java extensions,"``javax.*``, ``jakarta.*``",63,611,34,2,4,,1,1,2 Kotlin Standard Library,``kotlin*``,,1847,16,14,,,,,2 - `Spring <https://spring.io/>`_,``org.springframework.*``,29,483,113,3,,28,14,,34 - Others,"``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.google.gson``, ``com.hubspot.jinjava``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.thoughtworks.xstream``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jodd.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.geogebra.web.full.main``, ``org.hibernate``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",98,890,520,60,,18,18,,193 - Totals,,255,9190,1975,244,10,122,33,1,382 + `Spring <https://spring.io/>`_,``org.springframework.*``,29,483,115,4,,28,14,,35 + Others,"``cn.hutool.core.codec``, ``com.alibaba.druid.sql``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.google.gson``, ``com.hubspot.jinjava``, ``com.jcraft.jsch``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.thoughtworks.xstream``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jodd.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.antlr.runtime``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.fusesource.leveldbjni``, ``org.geogebra.web.full.main``, ``org.hibernate``, ``org.influxdb``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``org.yaml.snakeyaml``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",98,894,528,66,,18,18,,195 + Totals,,255,9194,1997,263,10,122,33,1,385